int KSI_ERR_getBaseErrorMessage(KSI_CTX *ctx, char *buf, size_t len, int *error, int *ext){
KSI_ERR *err = NULL;
if (ctx == NULL || buf == NULL){
return KSI_INVALID_ARGUMENT;
}
err = ctx->errors;
if (ctx->errors_count) {
KSI_strncpy(buf, err->message, len);
if (error != NULL) *error = err->statusCode;
if (ext != NULL) *ext = err->extErrorCode;
} else {
KSI_strncpy(buf, KSI_getErrorString(KSI_OK), len);
if (error != NULL) *error = KSI_OK;
if (ext != NULL) *ext = 0;
}
return KSI_OK;
}
char *KSI_PublicationData_toString(KSI_PublicationData *t, char *buffer, size_t buffer_len) {
int res = KSI_UNKNOWN_ERROR;
char *ret = NULL;
size_t len = 0;
char *pubStr = NULL;
char tmp[256];
res = KSI_PublicationData_toBase32(t, &pubStr);
if (res != KSI_OK) {
KSI_LOG_debug(t->ctx, "Unable to convert publication data to base 32: %s (%d)", KSI_getErrorString(res), res);
goto cleanup;
}
len += KSI_snprintf(buffer + len, buffer_len - len, "Publication string: %s\nPublication date: %s", pubStr, KSI_Integer_toDateString(t->time, tmp, sizeof(tmp)));
KSI_snprintf(buffer + len, buffer_len - len, "\nPublished hash: %s", KSI_DataHash_toString(t->imprint, tmp, sizeof(tmp)));
ret = buffer;
cleanup:
KSI_free(pubStr);
return ret;
}
static void testMaskingInput(CuTest *tc) {
static const unsigned char diceRolls[] = {0xd5, 0x58, 0xaf, 0xfa, 0x80, 0x67, 0xf4, 0x2c, 0xd9, 0x48, 0x36, 0x21, 0xd1, 0xab,
0xae, 0x23, 0xed, 0xd6, 0xca, 0x04, 0x72, 0x7e, 0xcf, 0xc7, 0xdb, 0xc7, 0x6b, 0xde, 0x34, 0x77, 0x1e, 0x53};
int res;
KSI_BlockSigner *bs = NULL;
KSI_OctetString *iv = NULL;
KSI_DataHash *zero = NULL;
size_t i;
struct {
KSI_CTX *ctx;
KSI_HashAlgorithm algo_id;
KSI_DataHash *prevHash;
KSI_OctetString *iv;
KSI_BlockSigner **bs;
int expectedRes;
} tests[] = {
{NULL, KSI_HASHALG_SHA3_512, NULL, NULL, NULL, KSI_INVALID_ARGUMENT},
{NULL, KSI_HASHALG_SHA3_512, NULL, NULL, &bs, KSI_INVALID_ARGUMENT},
{NULL, KSI_HASHALG_SHA3_512, NULL, iv, &bs, KSI_INVALID_ARGUMENT},
{NULL, KSI_HASHALG_SHA3_512, zero, NULL, &bs, KSI_INVALID_ARGUMENT},
{ctx, KSI_HASHALG_SHA3_512, NULL, NULL, &bs, KSI_UNAVAILABLE_HASH_ALGORITHM},
{NULL, KSI_HASHALG_SHA2_512, NULL, NULL, NULL, KSI_INVALID_ARGUMENT},
{NULL, KSI_HASHALG_SHA2_512, NULL, NULL, &bs, KSI_INVALID_ARGUMENT},
{NULL, KSI_HASHALG_SHA2_512, NULL, iv, &bs, KSI_INVALID_ARGUMENT},
{NULL, KSI_HASHALG_SHA2_512, zero, NULL, &bs, KSI_INVALID_ARGUMENT},
{ctx, KSI_HASHALG_SHA2_512, zero, NULL, &bs, KSI_OK},
{NULL, -1, NULL, NULL, NULL, -1}
};
/* Create zero hash. */
res = KSI_DataHash_createZero(ctx, KSI_HASHALG_SHA2_512, &zero);
CuAssert(tc, "Unable to create zero hash.", res == KSI_OK && zero != NULL);
/* Create random initial vector. */
res = KSI_OctetString_new(ctx, diceRolls, sizeof(diceRolls), &iv);
CuAssert(tc, "Unable to create initial vector.", res == KSI_OK && iv != NULL);
res = KSI_BlockSigner_new(ctx, KSI_HASHALG_SHA1, zero, iv, &bs);
CuAssert(tc, "Unable to create block signer instance with masking.", res == KSI_OK && bs != NULL);
for (i = 0; tests[i].expectedRes != -1; i++) {
res = KSI_BlockSigner_new(tests[i].ctx, tests[i].algo_id, tests[i].prevHash, tests[i].iv, tests[i].bs);
KSI_BlockSigner_free(bs);
bs = NULL;
if (res != tests[i].expectedRes) {
char buf[1000];
KSI_snprintf(buf, sizeof(buf), "Unexpected result @%i (expected = '%s', but was '%s').", i, KSI_getErrorString(tests[i].expectedRes), KSI_getErrorString(res));
CuFail(tc, buf);
}
}
KSI_OctetString_free(iv);
KSI_DataHash_free(zero);
}
static int ksi_err_toPrinter(KSI_CTX *ctx, void *to, size_t buf_len, void* (*printer)(void *to, size_t to_len, size_t *count, const char *format, ...)) {
int res = KSI_UNKNOWN_ERROR;
KSI_ERR *err = NULL;
size_t i;
size_t count = 0;
void *nextWrite = to;
if (ctx == NULL || to == NULL || buf_len == 0 || printer == NULL) {
res = KSI_INVALID_ARGUMENT;
goto cleanup;
}
nextWrite = printer(nextWrite, buf_len - count, &count, "KSI error trace:\n");
if (ctx->errors_count == 0) {
nextWrite = printer(nextWrite, buf_len - count, &count, "No errors.\n");
res = KSI_OK;
goto cleanup;
}
/* List all errors, starting from the most general. */
for (i = 0; i < ctx->errors_count && i < ctx->errors_size; i++) {
err = ctx->errors + ((ctx->errors_count - i - 1) % ctx->errors_size);
nextWrite = printer(nextWrite, buf_len - count, &count, " %3lu) %s:%u - (%d/%ld) %s\n", ctx->errors_count - i, err->fileName, err->lineNr,err->statusCode, err->extErrorCode, *err->message != '\0' ? err->message : KSI_getErrorString(err->statusCode));
}
/* If there where more errors than buffers for the errors, indicate the fact */
if (ctx->errors_count > ctx->errors_size) {
printer(nextWrite, buf_len - count, &count, " ... (more errors)\n");
}
res = KSI_OK;
cleanup:
return res;
}
int main(int argc, char **argv) {
int res = KSI_UNKNOWN_ERROR;
/* Signature read from the file. */
KSI_Signature *sig = NULL;
/* Signature extended to the publication. */
KSI_Signature *ext = NULL;
/* Hash of the data file. */
KSI_DataHash *hsh = NULL;
/* Hash value extracted from the signature. */
KSI_DataHash *signHsh = NULL;
/* Data file hasher. */
KSI_DataHasher *hsr = NULL;
/* Input file descriptor. */
FILE *in = NULL;
/* Buffer for reading the input. */
unsigned char buf[1024];
/* Length of the buffer content. */
size_t buf_len;
/* Verification info object. */
const KSI_VerificationResult *info = NULL;
/* File descriptor for logging. */
FILE *logFile = NULL;
const KSI_CertConstraint pubFileCertConstr[] = {
{ KSI_CERT_EMAIL, "*****@*****.**"},
{ NULL, NULL }
};
/* Init context. */
res = KSI_CTX_new(&ksi);
if (res != KSI_OK) {
fprintf(stderr, "Unable to init KSI context.\n");
goto cleanup;
}
logFile = fopen("ksi_verify.log", "w");
if (logFile == NULL) {
fprintf(stderr, "Unable to open log file.\n");
}
res = KSI_CTX_setDefaultPubFileCertConstraints(ksi, pubFileCertConstr);
if (res != KSI_OK) {
fprintf(stderr, "Unable to configure publications file cert constraints.\n");
goto cleanup;
}
/* Configure the logger. */
KSI_CTX_setLoggerCallback(ksi, KSI_LOG_StreamLogger, logFile);
KSI_CTX_setLogLevel(ksi, KSI_LOG_DEBUG);
KSI_LOG_info(ksi, "Using KSI version: '%s'", KSI_getVersion());
/* Check parameters. */
if (argc != 6) {
fprintf(stderr, "Usage\n"
" %s <data file | -> <signature> <publication-str> <extender url> <pub-file url>\n", argv[0]);
goto cleanup;
}
/* Configure extender. */
res = KSI_CTX_setExtender(ksi, argv[4], "anon", "anon");
if (res != KSI_OK) {
fprintf(stderr, "Unable to set extender parameters.\n");
goto cleanup;
}
/* Set the publications file url. */
res = KSI_CTX_setPublicationUrl(ksi, argv[4]);
if (res != KSI_OK) {
fprintf(stderr, "Unable to set publications file url.\n");
goto cleanup;
}
printf("Reading signature... ");
/* Read the signature. */
res = KSI_Signature_fromFile(ksi, argv[2], &sig);
if (res != KSI_OK) {
printf("failed (%s)\n", KSI_getErrorString(res));
goto cleanup;
}
printf("ok\n");
printf("Verifying the signature with the publication... ");
res = extendToPublication(sig, argv[3], &ext);
switch (res) {
case KSI_OK:
printf("ok\n");
break;
case KSI_VERIFICATION_FAILURE:
printf("failed\n");
break;
default:
printf("failed (%s)\n", KSI_getErrorString(res));
goto cleanup;
}
/* Create hasher. */
res = KSI_Signature_createDataHasher(ext, &hsr);
if (res != KSI_OK) {
fprintf(stderr, "Unable to create data hasher.\n");
goto cleanup;
}
if (strcmp(argv[1], "-")) {
in = fopen(argv[1], "rb");
if (in == NULL) {
fprintf(stderr, "Unable to open data file '%s'.\n", argv[1]);
goto cleanup;
}
/* Calculate the hash of the document. */
while (!feof(in)) {
buf_len = fread(buf, 1, sizeof(buf), in);
res = KSI_DataHasher_add(hsr, buf, buf_len);
if (res != KSI_OK) {
fprintf(stderr, "Unable hash the document.\n");
goto cleanup;
}
}
/* Finalize the hash computation. */
res = KSI_DataHasher_close(hsr, &hsh);
if (res != KSI_OK) {
fprintf(stderr, "Failed to close the hashing process.\n");
goto cleanup;
}
res = KSI_Signature_getDocumentHash(sig, &signHsh);
if (res != KSI_OK) goto cleanup;
printf("Verifying document hash... ");
if (!KSI_DataHash_equals(hsh, signHsh)) {
printf("Wrong document!\n");
goto cleanup;
}
printf("ok\n");
}
res = KSI_Signature_getVerificationResult(ext, &info);
if (res != KSI_OK) goto cleanup;
if (info != NULL) {
size_t i;
printf("Verification info:\n");
for (i = 0; i < KSI_VerificationResult_getStepResultCount(info); i++) {
const KSI_VerificationStepResult *result = NULL;
const char *desc = NULL;
res = KSI_VerificationResult_getStepResult(info, i, &result);
if (res != KSI_OK) goto cleanup;
printf("\t0x%02x:\t%s", KSI_VerificationStepResult_getStep(result), KSI_VerificationStepResult_isSuccess(result) ? "OK" : "FAIL");
desc = KSI_VerificationStepResult_getDescription(result);
if (desc && *desc) {
printf(" (%s)", desc);
}
printf("\n");
}
}
res = KSI_OK;
cleanup:
if (logFile != NULL) fclose(logFile);
if (res != KSI_OK && ksi != NULL) {
KSI_ERR_statusDump(ksi, stderr);
}
if (in != NULL) fclose(in);
KSI_Signature_free(sig);
KSI_Signature_free(ext);
KSI_DataHasher_free(hsr);
KSI_DataHash_free(hsh);
KSI_CTX_free(ksi);
return res;
}
