int KSI_DataHash_create(KSI_CTX *ctx, const void *data, size_t data_length, KSI_HashAlgorithm algo_id, KSI_DataHash **hash) {
int res = KSI_UNKNOWN_ERROR;
KSI_DataHash *hsh = NULL;
KSI_DataHasher *hsr = NULL;
KSI_ERR_clearErrors(ctx);
if (ctx == NULL || hash == NULL) {
KSI_pushError(ctx, res = KSI_INVALID_ARGUMENT, NULL);
goto cleanup;
}
res = KSI_DataHasher_open(ctx, algo_id, &hsr);
if (res != KSI_OK) {
KSI_pushError(ctx, res, NULL);
goto cleanup;
}
if (data != NULL && data_length > 0) {
res = KSI_DataHasher_add(hsr, data, data_length);
if (res != KSI_OK) {
KSI_pushError(ctx, res, NULL);
goto cleanup;
}
}
res = KSI_DataHasher_close(hsr, &hsh);
if (res != KSI_OK) {
KSI_pushError(ctx, res, NULL);
goto cleanup;
}
*hash = hsh;
hsh = NULL;
res = KSI_OK;
cleanup:
KSI_DataHash_free(hsh);
KSI_DataHasher_free(hsr);
return res;
}
int main(int argc, char **argv) {
KSI_CTX *ksi = NULL;
int res = KSI_UNKNOWN_ERROR;
FILE *in = NULL;
FILE *out = NULL;
KSI_DataHasher *hsr = NULL;
KSI_DataHash *hsh = NULL;
KSI_Signature *sign = NULL;
unsigned char *raw = NULL;
unsigned raw_len;
unsigned char buf[1024];
unsigned buf_len;
char *signerIdentity = NULL;
FILE *logFile = NULL;
/* Handle command line parameters */
/* Handle command line parameters */
if (argc != 7) {
fprintf(stderr, "Usage:\n"
" %s <in-data-file> <out-sign-file> <aggregator-uri> <user> <pass> <pub-file url | -> \n", argv[0]);
res = KSI_INVALID_ARGUMENT;
goto cleanup;
}
/* Input file */
in = fopen(argv[1], "rb");
if (in == NULL) {
fprintf(stderr, "Unable to open input file '%s'\n", argv[1]);
res = KSI_IO_ERROR;
goto cleanup;
}
/* Create new KSI context for this thread. */
res = KSI_CTX_new(&ksi);
if (res != KSI_OK) {
fprintf(stderr, "Unable to create context.\n");
goto cleanup;
}
logFile = fopen("ksi_sign.log", "w");
if (logFile == NULL) {
fprintf(stderr, "Unable to open log file.\n");
}
KSI_CTX_setLoggerCallback(ksi, KSI_LOG_StreamLogger, logFile);
KSI_CTX_setLogLevel(ksi, KSI_LOG_DEBUG);
KSI_LOG_info(ksi, "Using KSI version: '%s'", KSI_getVersion());
res = KSI_CTX_setAggregator(ksi, argv[3], argv[4], argv[5]);
if (res != KSI_OK) goto cleanup;
/* Check publications file url. */
if (strncmp("-", argv[6], 1)) {
res = KSI_CTX_setPublicationUrl(ksi, argv[6]);
if (res != KSI_OK) {
fprintf(stderr, "Unable to set publications file url.\n");
goto cleanup;
}
}
/* Create a data hasher using default algorithm. */
res = KSI_DataHasher_open(ksi, KSI_getHashAlgorithmByName("default"), &hsr);
if (res != KSI_OK) {
fprintf(stderr, "Unable to create hasher.\n");
goto cleanup;
}
/* Read the input file and calculate the hash of its contents. */
while (!feof(in)) {
buf_len = (unsigned)fread(buf, 1, sizeof(buf), in);
/* Add next block to the calculation. */
res = KSI_DataHasher_add(hsr, buf, buf_len);
if (res != KSI_OK) {
fprintf(stderr, "Unable to add data to hasher.\n");
goto cleanup;
}
}
/* Close the data hasher and retreive the data hash. */
res = KSI_DataHasher_close(hsr, &hsh);
if (res != KSI_OK) {
fprintf(stderr, "Unable to create hash.\n");
goto cleanup;
}
/* Sign the data hash. */
res = KSI_createSignature(ksi, hsh, &sign);
if (res != KSI_OK) {
fprintf(stderr, "Unable to sign %d.\n", res);
goto cleanup;
}
res = KSI_Signature_verify(sign, ksi);
if (res != KSI_OK) {
fprintf(stderr, "Failed to verify signature.\n");
goto cleanup;
}
/* Output the signer id */
res = KSI_Signature_getSignerIdentity(sign, &signerIdentity);
if (res == KSI_OK) {
printf("Signer id: %s\n", signerIdentity);
} else {
fprintf(stderr, "Unable to extract signer identity.\n");
}
/* Serialize the signature. */
res = KSI_Signature_serialize(sign, &raw, &raw_len);
if (res != KSI_OK) {
fprintf(stderr, "Unable to serialize signature.");
goto cleanup;
}
/* Output file */
out = fopen(argv[2], "wb");
if (out == NULL) {
fprintf(stderr, "Unable to open input file '%s'\n", argv[2]);
res = KSI_IO_ERROR;
goto cleanup;
}
/* Write the signature file. */
if (!fwrite(raw, 1, raw_len, out)) {
fprintf(stderr, "Unable to write output file.\n");
res = KSI_IO_ERROR;
goto cleanup;
}
/* Only print message when signature output is not stdout. */
if (out != NULL) {
printf("Signature saved.\n");
}
res = KSI_OK;
cleanup:
if (logFile != NULL) fclose(logFile);
if (res != KSI_OK && ksi != NULL) {
KSI_ERR_statusDump(ksi, stderr);
}
if (in != NULL) fclose(in);
if (out != NULL) fclose(out);
KSI_free(signerIdentity);
KSI_Signature_free(sign);
KSI_DataHash_free(hsh);
KSI_DataHasher_free(hsr);
KSI_free(raw);
KSI_CTX_free(ksi);
return res;
}
KSI_VERIFY_PUBFILE_SIGNATURE | KSI_VERIFY_AGGRCHAIN_INTERNALLY | KSI_VERIFY_AGGRCHAIN_WITH_CALENDAR_CHAIN | KSI_VERIFY_CALCHAIN_ONLINE
KSI_END_VERIFICATION_POLICY
static int rfc3161_preSufHasher(KSI_CTX *ctx, const KSI_OctetString *prefix, const KSI_DataHash *hsh, const KSI_OctetString *suffix, int hsh_id, KSI_DataHash **out) {
int res;
KSI_DataHasher *hsr = NULL;
KSI_DataHash *tmp = NULL;
const unsigned char *imprint = NULL;
size_t imprint_len = 0;
const unsigned char *data = NULL;
size_t data_len = 0;
KSI_ERR_clearErrors(ctx);
if (ctx == NULL || prefix == NULL || hsh == NULL || suffix == NULL || out == NULL) {
KSI_pushError(ctx, res = KSI_INVALID_ARGUMENT, NULL);
goto cleanup;
}
/*Generate TST Info structure and get its hash*/
res = KSI_DataHasher_open(ctx, hsh_id, &hsr);
if (res != KSI_OK) {
KSI_pushError(ctx, res, NULL);
goto cleanup;
}
res = KSI_OctetString_extract(prefix, &data, &data_len);
if (res != KSI_OK) {
KSI_pushError(ctx, res, NULL);
goto cleanup;
}
if (data != NULL) {
res = KSI_DataHasher_add(hsr, data, data_len);
if (res != KSI_OK) {
KSI_pushError(ctx, res, NULL);
goto cleanup;
}
}
res = KSI_DataHash_getImprint(hsh, &imprint, &imprint_len);
if (res != KSI_OK) {
KSI_pushError(ctx, res, NULL);
goto cleanup;
}
res = KSI_DataHasher_add(hsr, imprint + 1, imprint_len - 1);
if (res != KSI_OK) {
KSI_pushError(ctx, res, NULL);
goto cleanup;
}
res = KSI_OctetString_extract(suffix, &data, &data_len);
if (res != KSI_OK) {
KSI_pushError(ctx, res, NULL);
goto cleanup;
}
if (data != NULL) {
res = KSI_DataHasher_add(hsr, data, data_len);
if (res != KSI_OK) {
KSI_pushError(ctx, res, NULL);
goto cleanup;
}
}
/*Get hash and its imprint*/
res = KSI_DataHasher_close(hsr, &tmp);
if (res != KSI_OK) {
KSI_pushError(ctx, res, NULL);
goto cleanup;
}
*out = tmp;
tmp = NULL;
res = KSI_OK;
cleanup:
KSI_DataHasher_free(hsr);
KSI_DataHash_free(tmp);
return res;
}
int KSI_HmacHasher_open(KSI_CTX *ctx, KSI_HashAlgorithm algo_id, const char *key, KSI_HmacHasher **hasher) {
int res = KSI_UNKNOWN_ERROR;
KSI_HmacHasher *tmp_hasher = NULL;
KSI_DataHash *hashedKey = NULL;
unsigned blockSize = 0;
size_t key_len;
const unsigned char *bufKey = NULL;
size_t buf_len;
const unsigned char *digest = NULL;
size_t digest_len = 0;
size_t i;
KSI_ERR_clearErrors(ctx);
if (ctx == NULL || key == NULL || hasher == NULL) {
KSI_pushError(ctx, res = KSI_INVALID_ARGUMENT, NULL);
goto cleanup;
}
key_len = strlen(key);
if (key_len == 0 || key_len > 0xffff) {
KSI_pushError(ctx, res = KSI_INVALID_ARGUMENT, "Invalid key length.");
goto cleanup;
}
blockSize = KSI_HashAlgorithm_getBlockSize(algo_id);
if (blockSize == 0) {
KSI_pushError(ctx, res = KSI_UNKNOWN_ERROR, "Unknown buffer length for hash algorithm.");
goto cleanup;
}
if (KSI_getHashLength(algo_id) > MAX_BUF_LEN || blockSize > MAX_BUF_LEN) {
KSI_pushError(ctx, res = KSI_BUFFER_OVERFLOW, "Internal buffer too short to calculate HMAC.");
goto cleanup;
}
tmp_hasher = KSI_new(KSI_HmacHasher);
if (tmp_hasher == NULL) {
KSI_pushError(ctx, res = KSI_OUT_OF_MEMORY, NULL);
goto cleanup;
}
/* Open the data hasher. */
res = KSI_DataHasher_open(ctx, algo_id, &tmp_hasher->dataHasher);
if (res != KSI_OK) {
KSI_pushError(ctx, res, NULL);
goto cleanup;
}
tmp_hasher->ctx = ctx;
tmp_hasher->blockSize = blockSize;
/* Prepare the key for hashing. */
/* If the key is longer than 64, hash it. If the key or its hash is shorter than 64 bit, append zeros. */
if (key_len > blockSize) {
res = KSI_DataHasher_add(tmp_hasher->dataHasher, key, key_len);
if (res != KSI_OK) {
KSI_pushError(ctx, res, NULL);
goto cleanup;
}
res = KSI_DataHasher_close(tmp_hasher->dataHasher, &hashedKey);
if (res != KSI_OK) {
KSI_pushError(ctx, res, NULL);
goto cleanup;
}
res = KSI_DataHash_extract(hashedKey, NULL, &digest, &digest_len);
if (res != KSI_OK) {
KSI_pushError(ctx, res, NULL);
goto cleanup;
}
if (digest == NULL || digest_len > blockSize) {
KSI_pushError(ctx, res = KSI_INVALID_ARGUMENT, "The hash of the key is invalid");
goto cleanup;
}
bufKey = digest;
buf_len = digest_len;
} else {
bufKey = (const unsigned char *) key;
buf_len = key_len;
}
for (i = 0; i < buf_len; i++) {
tmp_hasher->ipadXORkey[i] = 0x36 ^ bufKey[i];
tmp_hasher->opadXORkey[i] = 0x5c ^ bufKey[i];
}
for (; i < blockSize; i++) {
tmp_hasher->ipadXORkey[i] = 0x36;
tmp_hasher->opadXORkey[i] = 0x5c;
}
res = KSI_HmacHasher_reset(tmp_hasher);
if (res != KSI_OK) {
KSI_pushError(ctx, res, NULL);
goto cleanup;
}
*hasher = tmp_hasher;
tmp_hasher = NULL;
res = KSI_OK;
cleanup:
KSI_DataHash_free(hashedKey);
KSI_HmacHasher_free(tmp_hasher);
return res;
}
