int KSI_Signature_verifyAggregatedHash(KSI_Signature *sig, KSI_CTX *ctx, KSI_DataHash *rootHash, KSI_uint64_t rootLevel) { int res = KSI_UNKNOWN_ERROR; KSI_CTX *useCtx = ctx; KSI_ERR_clearErrors(ctx); if (ctx == NULL || sig == NULL || rootHash == NULL) { KSI_pushError(ctx, res = KSI_INVALID_ARGUMENT, NULL); goto cleanup; } /* Pick a context to use. */ if (useCtx == NULL) { useCtx = sig->ctx; } KSI_VerificationResult_reset(&sig->verificationResult); /* Set the document hash. */ sig->verificationResult.documentHash = KSI_DataHash_ref(rootHash); sig->verificationResult.docAggrLevel = rootLevel; sig->verificationResult.verifyDocumentHash = true; res = KSI_Signature_verifyPolicy(sig, KSI_VP_DOCUMENT, useCtx); if (res != KSI_OK) { KSI_pushError(sig->ctx, res, NULL); goto cleanup; } res = KSI_OK; cleanup: return res; }
static void testLoadPublicationsFileWithNoCerts(CuTest *tc) { int res; KSI_PublicationsFile *pubFile = NULL; KSI_LIST(KSI_CertificateRecord) *certList = NULL; KSI_PKICertificate *cert = NULL; unsigned char dummy[] = {0xca, 0xfe, 0xba, 0xbe}; KSI_OctetString *certId = NULL; KSI_ERR_clearErrors(ctx); res = KSI_PublicationsFile_fromFile(ctx, getFullResourcePath("resource/publications/publications-nocerts.bin"), &pubFile); CuAssert(tc, "Unable to read publications file", res == KSI_OK && pubFile != NULL); res = KSI_PublicationsFile_getCertificates(pubFile, &certList); CuAssert(tc, "Unable to get certificate list", res == KSI_OK); CuAssert(tc, "Unexpected certificate list length.", KSI_CertificateRecordList_length(certList) == 0); res = KSI_OctetString_new(ctx, dummy, sizeof(dummy), &certId); CuAssert(tc, "Creating an octetstring failed", res == KSI_OK && certId != NULL); res = KSI_PublicationsFile_getPKICertificateById(pubFile, certId, &cert); CuAssert(tc, "Searching for a non existend certificate failed", res == KSI_OK && cert == NULL); KSI_OctetString_free(certId); KSI_PublicationsFile_free(pubFile); }
int KSI_PublicationRecord_toBase32(KSI_PublicationRecord *pubRec, char **pubStr) { int res; if (pubRec == NULL) { res = KSI_INVALID_ARGUMENT; goto cleanup; } KSI_ERR_clearErrors(pubRec->ctx); if (pubStr == NULL) { KSI_pushError(pubRec->ctx, res = KSI_INVALID_ARGUMENT, NULL); goto cleanup; } res = KSI_PublicationData_toBase32(pubRec->publishedData, pubStr); if (res != KSI_OK) { KSI_pushError(pubRec->ctx, res, NULL); goto cleanup; } res = KSI_OK; cleanup: return res; }
/*TODO: Not supported*/ int KSI_PKITruststore_addLookupFile(KSI_PKITruststore *trust, const char *path) { int res = KSI_UNKNOWN_ERROR; HCERTSTORE tmp_FileTrustStore = NULL; char buf[1024]; if (trust == NULL || path == NULL){ res = KSI_INVALID_ARGUMENT; goto cleanup; } KSI_ERR_clearErrors(trust->ctx); /*Open new store */ tmp_FileTrustStore = CertOpenStore(CERT_STORE_PROV_FILENAME_A, 0, 0, 0, path); if (tmp_FileTrustStore == NULL) { KSI_LOG_debug(trust->ctx, "%s", getMSError(GetLastError(), buf, sizeof(buf))); KSI_pushError(trust->ctx, res = KSI_INVALID_FORMAT, NULL); goto cleanup; } /*Update with priority 0 store*/ if (!CertAddStoreToCollection(trust->collectionStore, tmp_FileTrustStore, 0, 0)) { KSI_LOG_debug(trust->ctx, "%s", getMSError(GetLastError(), buf, sizeof(buf))); KSI_pushError(trust->ctx, res = KSI_INVALID_FORMAT, NULL); goto cleanup; } tmp_FileTrustStore = NULL; res = KSI_OK; cleanup: if (tmp_FileTrustStore) CertCloseStore(tmp_FileTrustStore, CERT_CLOSE_STORE_CHECK_FLAG); return res; }
static void testVerifyPublicationsFileWithNoConstraints(CuTest *tc) { int res; KSI_PublicationsFile *pubFile = NULL; KSI_CertConstraint arr[] = { {NULL, NULL}, {NULL, NULL} }; KSI_ERR_clearErrors(ctx); res = KSI_PublicationsFile_fromFile(ctx, getFullResourcePath(TEST_PUBLICATIONS_FILE), &pubFile); CuAssert(tc, "Unable to read publications file", res == KSI_OK && pubFile != NULL); res = KSI_CTX_setDefaultPubFileCertConstraints(ctx, arr); CuAssert(tc, "Unable to delete OID 1.2.840.113549.1.9.1", res == KSI_OK); /* Verification should not fail. */ res = KSI_PublicationsFile_verify(pubFile, ctx); CuAssert(tc, "Publications file may not verify with no constraints.", res == KSI_PUBFILE_VERIFICATION_NOT_CONFIGURED); arr[0].oid = KSI_CERT_EMAIL; arr[0].val = "*****@*****.**"; res = KSI_CTX_setDefaultPubFileCertConstraints(ctx, arr); CuAssert(tc, "Unable to set OID 1.2.840.113549.1.9.1 back to normal", res == KSI_OK); /* Verification should not fail. */ res = KSI_PublicationsFile_verify(pubFile, ctx); CuAssert(tc, "Publications file must verify with e-mail.", res == KSI_OK); KSI_PublicationsFile_free(pubFile); }
int KSI_createSignature(KSI_CTX *ctx, KSI_DataHash *dataHash, KSI_Signature **sig) { int res = KSI_UNKNOWN_ERROR; KSI_Signature *tmp = NULL; KSI_ERR_clearErrors(ctx); if (ctx == NULL || dataHash == NULL || sig == NULL) { KSI_pushError(ctx, res = KSI_INVALID_ARGUMENT, NULL); goto cleanup; } res = KSI_Signature_sign(ctx, dataHash, &tmp); if (res != KSI_OK) { KSI_pushError(ctx,res, NULL); goto cleanup; } *sig = tmp; tmp = NULL; res = KSI_OK; cleanup: KSI_Signature_free(tmp); return res; }
static int KSI_CTX_setTimeoutSeconds(KSI_CTX *ctx, int timeout, int (*setter)(KSI_NetworkClient*, int)){ int res = KSI_UNKNOWN_ERROR; KSI_NetworkClient *client = NULL; KSI_ERR_clearErrors(ctx); if (ctx == NULL || ctx->netProvider == NULL) { KSI_pushError(ctx, res = KSI_INVALID_ARGUMENT, NULL); goto cleanup; } if (ctx->isCustomNetProvider){ KSI_pushError(ctx, res = KSI_INVALID_ARGUMENT, "Unable to set timeout after initial network provider replacement."); goto cleanup; } client = ctx->netProvider; res = setter(client, timeout); if (res != KSI_OK) { KSI_pushError(ctx,res, NULL); goto cleanup; } res = KSI_OK; cleanup: return res; }
static void testVerifySignatureWithUserPublication(CuTest *tc) { int res; KSI_Signature *sig = NULL; const char pubStr[] = "AAAAAA-CTOQBY-AAMJYH-XZPM6T-UO6U6V-2WJMHQ-EJMVXR-JEAGID-2OY7P5-XFFKYI-QIF2LG-YOV7SO"; const char pubStr_bad[] = "AAAAAA-CT5VGY-AAPUCF-L3EKCC-NRSX56-AXIDFL-VZJQK4-WDCPOE-3KIWGB-XGPPM3-O5BIMW-REOVR4"; KSI_PublicationData *pubData = NULL; KSI_PublicationData *pubData_bad = NULL; KSI_ERR_clearErrors(ctx); res = KSI_PublicationData_fromBase32(ctx, pubStr, &pubData); CuAssert(tc, "Unable to parse publication string.", res == KSI_OK && pubData != NULL); res = KSI_PublicationData_fromBase32(ctx, pubStr_bad, &pubData_bad); CuAssert(tc, "Unable to parse publication string.", res == KSI_OK && pubData_bad != NULL); res = KSI_Signature_fromFile(ctx, getFullResourcePath("resource/tlv/ok-sig-2014-04-30.1-extended.ksig"), &sig); CuAssert(tc, "Unable to read signature from file.", res == KSI_OK && sig != NULL); res = KSI_Signature_verifyWithPublication(sig, ctx, pubData); CuAssert(tc, "Unable to verify signature with publication.", res == KSI_OK); res = KSI_Signature_verifyWithPublication(sig, ctx, pubData_bad); CuAssert(tc, "Unable to verify signature with publication.", res != KSI_OK); KSI_PublicationData_free(pubData); KSI_PublicationData_free(pubData_bad); KSI_Signature_free(sig); }
int KSI_OctetString_toTlv(KSI_CTX *ctx, KSI_OctetString *o, unsigned tag, int isNonCritical, int isForward, KSI_TLV **tlv) { int res = KSI_UNKNOWN_ERROR; KSI_TLV *tmp = NULL; KSI_ERR_clearErrors(ctx); if (ctx == NULL || o == NULL || tlv == NULL) { KSI_pushError(ctx, res = KSI_INVALID_ARGUMENT, NULL); goto cleanup; } res = KSI_TLV_new(ctx, tag, isNonCritical, isForward, &tmp); if (res != KSI_OK) { KSI_pushError(ctx, res, NULL); goto cleanup; } res = KSI_TLV_setRawValue(tmp, o->data, o->data_len); if (res != KSI_OK) { KSI_pushError(ctx, res, NULL); goto cleanup; } *tlv = tmp; tmp = NULL; res = KSI_OK; cleanup: KSI_TLV_free(tmp); return res; }
static void testVerifyDocument(CuTest *tc) { int res; unsigned char in[0x1ffff]; unsigned in_len = 0; char doc[] = "LAPTOP"; FILE *f = NULL; KSI_Signature *sig = NULL; KSI_ERR_clearErrors(ctx); f = fopen(getFullResourcePath(TEST_SIGNATURE_FILE), "rb"); CuAssert(tc, "Unable to open signature file.", f != NULL); in_len = (unsigned)fread(in, 1, sizeof(in), f); CuAssert(tc, "Nothing read from signature file.", in_len > 0); fclose(f); res = KSI_Signature_parse(ctx, in, in_len, &sig); CuAssert(tc, "Failed to parse signature", res == KSI_OK && sig != NULL); res = KSI_Signature_verifyDocument(sig, ctx, doc, strlen(doc)); CuAssert(tc, "Failed to verify valid document", res == KSI_OK); res = KSI_Signature_verifyDocument(sig, ctx, doc, sizeof(doc)); CuAssert(tc, "Verification did not fail with expected error.", res == KSI_VERIFICATION_FAILURE); KSI_Signature_free(sig); }
static void testVerifyCalendarChainAlgoChange(CuTest *tc) { int res; unsigned char in[0x1ffff]; unsigned in_len = 0; FILE *f = NULL; KSI_Signature *sig = NULL; KSI_ERR_clearErrors(ctx); f = fopen(getFullResourcePath("resource/tlv/cal_algo_switch.ksig"), "rb"); CuAssert(tc, "Unable to open signature file.", f != NULL); in_len = (unsigned)fread(in, 1, sizeof(in), f); CuAssert(tc, "Nothing read from signature file.", in_len > 0); fclose(f); res = KSI_Signature_parse(ctx, in, in_len, &sig); CuAssert(tc, "Failed to parse signature", res == KSI_OK && sig != NULL); KSITest_setFileMockResponse(tc, getFullResourcePath("resource/tlv/cal_algo_switch-extend_resposne.tlv")); ctx->requestCounter = 0; res = KSI_Signature_verifyOnline(sig, ctx); CuAssert(tc, "Failed to verify valid document", res == KSI_OK); KSI_Signature_free(sig); }
static void testSerializeSignature(CuTest *tc) { int res; unsigned char in[0x1ffff]; unsigned in_len = 0; unsigned char *out = NULL; unsigned out_len = 0; FILE *f = NULL; KSI_Signature *sig = NULL; KSI_ERR_clearErrors(ctx); f = fopen(getFullResourcePath(TEST_SIGNATURE_FILE), "rb"); CuAssert(tc, "Unable to open signature file.", f != NULL); in_len = (unsigned)fread(in, 1, sizeof(in), f); CuAssert(tc, "Nothing read from signature file.", in_len > 0); fclose(f); res = KSI_Signature_parse(ctx, in, in_len, &sig); CuAssert(tc, "Failed to parse signature", res == KSI_OK && sig != NULL); res = KSI_Signature_serialize(sig, &out, &out_len); CuAssert(tc, "Failed to serialize signature", res == KSI_OK); CuAssert(tc, "Serialized signature length mismatch", in_len == out_len); CuAssert(tc, "Serialized signature content mismatch", !memcmp(in, out, in_len)); KSI_free(out); KSI_Signature_free(sig); }
static void testErrorMessage(CuTest* tc, const char *expected, const char *tlv_file, int (*obj_new)(KSI_CTX *ctx, void **), void (*obj_free)(void*), const KSI_TlvTemplate *tmplete) { int res; void *obj = NULL; char buf[1024]; size_t len; FILE *f = NULL; KSI_FTLV ftlv; KSI_ERR_clearErrors(ctx); f = fopen(getFullResourcePath(tlv_file), "rb"); CuAssert(tc, "Failed to open file.", f != NULL); res = KSI_FTLV_fileRead(f, (unsigned char *)buf, sizeof(buf), &len, &ftlv); CuAssert(tc, "Failed read from file.", res == KSI_OK); res = obj_new(ctx, &obj); CuAssert(tc, "Unable create new obj.", res == KSI_OK); res = KSI_TlvTemplate_parse(ctx, (unsigned char *)buf, (unsigned)len, tmplete, obj); CuAssert(tc, "Parsing invalid obj must fail.", res != KSI_OK); res = KSI_ERR_getBaseErrorMessage(ctx, buf, sizeof(buf), NULL, NULL); CuAssert(tc, "Unable to get base error message.", res == KSI_OK); CuAssert(tc, "Wrong error message.", strcmp(buf, expected) == 0); if (f != NULL) fclose(f); obj_free(obj); }
int KSI_Signature_verifyWithPublication(KSI_Signature *sig, KSI_CTX *ctx, const KSI_PublicationData *publication) { int res; KSI_CTX *useCtx = ctx; if (sig == NULL || ctx == NULL || publication == NULL) { res = KSI_INVALID_ARGUMENT; goto cleanup; } KSI_ERR_clearErrors(sig->ctx); if (useCtx == NULL) { useCtx = sig->ctx; } KSI_VerificationResult_reset(&sig->verificationResult); /* Set the document hash. */ sig->verificationResult.userPublication = publication; sig->verificationResult.useUserPublication = true; res = KSI_Signature_verifyPolicy(sig, KSI_VP_OFFLINE, useCtx); if (res != KSI_OK) { KSI_pushError(sig->ctx, res, NULL); goto cleanup; } res = KSI_OK; cleanup: return res; }
int KSI_sendExtendRequest(KSI_CTX *ctx, KSI_ExtendReq *request, KSI_RequestHandle **handle) { int res = KSI_UNKNOWN_ERROR; KSI_RequestHandle *tmp = NULL; KSI_NetworkClient *netProvider = NULL; KSI_ERR_clearErrors(ctx); if (ctx == NULL || request == NULL || handle == NULL) { KSI_pushError(ctx, res = KSI_INVALID_ARGUMENT, NULL); goto cleanup; } netProvider = ctx->netProvider; res = KSI_NetworkClient_sendExtendRequest(netProvider, request, &tmp); if (res != KSI_OK) { KSI_pushError(ctx,res, NULL); goto cleanup; } *handle = tmp; tmp = NULL; res = KSI_OK; cleanup: KSI_RequestHandle_free(tmp); return res; }
int KSI_OctetString_LegacyId_getUtf8String(KSI_OctetString *id, KSI_Utf8String **str) { int res = KSI_UNKNOWN_ERROR; const unsigned char *raw = NULL; size_t raw_len; KSI_Utf8String *tmp = NULL; if (id == NULL || str == NULL) { res = KSI_INVALID_ARGUMENT; goto cleanup; } KSI_ERR_clearErrors(id->ctx); res = KSI_OctetString_extract(id, &raw, &raw_len); if (res != KSI_OK) { KSI_pushError(id->ctx, res, NULL); goto cleanup; } res = KSI_Utf8String_new(id->ctx, (char *)(raw + LEGACY_ID_STR_POS), raw[LEGACY_ID_STR_LEN_POS] + 1, &tmp); if (res != KSI_OK) { KSI_pushError(id->ctx, res, NULL); goto cleanup; } *str = tmp; tmp = NULL; res = KSI_OK; cleanup: KSI_Utf8String_free(tmp); return res; }
int KSI_sendPublicationRequest(KSI_CTX *ctx, const unsigned char *request, size_t request_length, KSI_RequestHandle **handle) { int res = KSI_UNKNOWN_ERROR; KSI_NetworkClient *netProvider = NULL; KSI_ERR_clearErrors(ctx); if (ctx == NULL || handle == NULL) { KSI_pushError(ctx, res = KSI_INVALID_ARGUMENT, NULL); goto cleanup; } netProvider = ctx->netProvider; res = KSI_NetworkClient_sendPublicationsFileRequest(netProvider, handle); if (res != KSI_OK) { KSI_pushError(ctx,res, NULL); goto cleanup; } res = KSI_OK; cleanup: return res; }
int KSI_Utf8StringNZ_fromTlv(KSI_TLV *tlv, KSI_Utf8String **o) { int res = KSI_UNKNOWN_ERROR; KSI_CTX *ctx = NULL; KSI_Utf8String *tmp = NULL; ctx = KSI_TLV_getCtx(tlv); KSI_ERR_clearErrors(ctx); if (tlv == NULL || o == NULL) { KSI_pushError(ctx, res = KSI_INVALID_ARGUMENT, NULL); goto cleanup; } res = KSI_Utf8String_fromTlv(tlv, &tmp); if (res != KSI_OK) { KSI_pushError(ctx, res, NULL); goto cleanup; } if (tmp->len == 0 || (tmp->len == 1 && tmp->value[0] == 0)) { KSI_pushError(ctx, res = KSI_INVALID_FORMAT, "Empty string value not allowed."); goto cleanup; } *o = tmp; tmp = NULL; res = KSI_OK; cleanup: KSI_nofree(ctx); KSI_Utf8String_free(tmp); return res; }
static int KSI_CTX_setUri(KSI_CTX *ctx, const char *uri, const char *loginId, const char *key, int (*setter)(KSI_NetworkClient*, const char*, const char *, const char *)){ int res = KSI_UNKNOWN_ERROR; KSI_ERR_clearErrors(ctx); if (ctx == NULL || uri == NULL) { KSI_pushError(ctx, res = KSI_INVALID_ARGUMENT, NULL); goto cleanup; } if (ctx->isCustomNetProvider){ KSI_pushError(ctx, res = KSI_INVALID_ARGUMENT, "Unable to set url after initial network provider replacement."); goto cleanup; } res = setter(ctx->netProvider, uri, loginId, key); if (res != KSI_OK) { KSI_pushError(ctx,res, NULL); goto cleanup; } res = KSI_OK; cleanup: return res; }
int KSI_Utf8StringNZ_toTlv(KSI_CTX *ctx, KSI_Utf8String *o, unsigned tag, int isNonCritical, int isForward, KSI_TLV **tlv) { int res = KSI_UNKNOWN_ERROR; KSI_TLV *tmp = NULL; KSI_ERR_clearErrors(ctx); if (ctx == NULL || o == NULL || tlv == NULL) { KSI_pushError(ctx, res = KSI_INVALID_ARGUMENT, NULL); goto cleanup; } if (o->len == 0 || (o->len == 1 && o->value[0] == 0)) { KSI_pushError(ctx, res = KSI_INVALID_FORMAT, "Empty string value not allowed."); goto cleanup; } res = KSI_Utf8String_toTlv(ctx, o, tag, isNonCritical, isForward, &tmp); if (res != KSI_OK) { KSI_pushError(ctx, res, NULL); goto cleanup; } *tlv = tmp; tmp = NULL; res = KSI_OK; cleanup: KSI_TLV_free(tmp); return res; }
int KSI_DataHasher_addImprint(KSI_DataHasher *hasher, const KSI_DataHash *hsh) { int res = KSI_UNKNOWN_ERROR; const unsigned char *imprint; size_t imprint_len; if (hasher == NULL || hsh == NULL) { res = KSI_INVALID_ARGUMENT; goto cleanup; } KSI_ERR_clearErrors(hasher->ctx); res = KSI_DataHash_getImprint(hsh, &imprint, &imprint_len); if (res != KSI_OK) { KSI_pushError(hasher->ctx, res, NULL); goto cleanup; } res = KSI_DataHasher_add(hasher, imprint, imprint_len); if (res != KSI_OK) { KSI_pushError(hasher->ctx, res, NULL); goto cleanup; } res = KSI_OK; cleanup: return res; }
int KSI_TlvTemplate_parse(KSI_CTX *ctx, const unsigned char *raw, unsigned raw_len, const KSI_TlvTemplate *tmpl, void *payload) { int res = KSI_UNKNOWN_ERROR; KSI_TLV *tlv = NULL; struct tlv_track_s tr[0xf]; KSI_ERR_clearErrors(ctx); if (ctx == NULL || raw == NULL || tmpl == NULL || payload == NULL) { KSI_pushError(ctx, res = KSI_INVALID_ARGUMENT, NULL); goto cleanup; } res = KSI_TLV_parseBlob2(ctx, (unsigned char *)raw, raw_len, 0, &tlv); if (res != KSI_OK) { KSI_pushError(ctx, res, NULL); goto cleanup; } res = extract(ctx, payload, tlv, tmpl, tr, 0, sizeof(tr)); if (res != KSI_OK) { KSI_pushError(ctx, res, NULL); goto cleanup; } KSI_LOG_logTlv(ctx, KSI_LOG_DEBUG, "Parsed TLV", tlv); res = KSI_OK; cleanup: KSI_TLV_free(tlv); return res; }
int KSI_PKISignature_serialize(KSI_PKISignature *sig, unsigned char **raw, unsigned *raw_len) { int res = KSI_UNKNOWN_ERROR; unsigned char *tmp = NULL; if (sig == NULL || raw == NULL || raw_len == NULL){ res = KSI_INVALID_ARGUMENT; goto cleanup; } KSI_ERR_clearErrors(sig->ctx); tmp = KSI_malloc(sig->pkcs7.cbData); if (tmp == NULL) { KSI_pushError(sig->ctx, res = KSI_OUT_OF_MEMORY, NULL); goto cleanup; } memcpy(tmp, sig->pkcs7.pbData, sig->pkcs7.cbData); *raw = tmp; *raw_len = (unsigned)sig->pkcs7.cbData; tmp = NULL; res = KSI_OK; cleanup: KSI_free(tmp); return res; }
static void testSerializePublicationsFile(CuTest *tc) { int res; KSI_PublicationsFile *pubFile = NULL; char *raw = NULL; unsigned raw_len = 0; FILE *f = NULL; int symbol = 0; unsigned i= 0; KSI_ERR_clearErrors(ctx); setFileMockResponse(tc, getFullResourcePath(TEST_PUBLICATIONS_FILE)); res = KSI_PublicationsFile_fromFile(ctx, getFullResourcePath(TEST_PUBLICATIONS_FILE), &pubFile); CuAssert(tc, "Unable to read publications file", res == KSI_OK && pubFile != NULL); res = KSI_PublicationsFile_serialize(ctx, pubFile, &raw, &raw_len); CuAssert(tc, "Unable to serialize publications file", res == KSI_OK && raw != NULL && raw_len != 0); f = fopen(getFullResourcePath(TEST_PUBLICATIONS_FILE), "rb"); CuAssert(tc, "Unable to open publications file", res == KSI_OK && f != NULL); while ((symbol = getc(f)) != EOF && i<raw_len){ CuAssert(tc, "Serialized publications file mismatch", (char)symbol == raw[i]); i++; } CuAssert(tc, "Serialized publications file length mismatch", i == raw_len); KSI_PublicationsFile_free(pubFile); KSI_free(raw); if (f) fclose(f); }
static void testVerifyPublicationsFileWithAttributeNotPresent(CuTest *tc) { int res; KSI_PublicationsFile *pubFile = NULL; KSI_CertConstraint arr[] = { {NULL, NULL}, {NULL, NULL} }; KSI_ERR_clearErrors(ctx); res = KSI_PublicationsFile_fromFile(ctx, getFullResourcePath(TEST_PUBLICATIONS_FILE), &pubFile); CuAssert(tc, "Unable to read publications file", res == KSI_OK && pubFile != NULL); arr[0].oid = "2.5.4.9"; arr[0].val = "Local pub"; res = KSI_CTX_setDefaultPubFileCertConstraints(ctx, arr); CuAssert(tc, "Unable to delete OID 2.5.4.9", res == KSI_OK); /* Verification should fail. */ res = KSI_PublicationsFile_verify(pubFile, ctx); CuAssert(tc, "Publications file must verify with address.", res != KSI_OK); arr[0].oid = KSI_CERT_EMAIL; arr[0].val = "*****@*****.**"; res = KSI_CTX_setDefaultPubFileCertConstraints(ctx, arr); CuAssert(tc, "Unable to set OID 2.5.4.9 back to normal", res == KSI_OK); /* Verification should not fail. */ res = KSI_PublicationsFile_verify(pubFile, ctx); CuAssert(tc, "Publications file must verify.", res == KSI_OK); KSI_PublicationsFile_free(pubFile); }
int KSI_PKICertificate_serialize(KSI_PKICertificate *cert, unsigned char **raw, size_t *raw_len) { int res = KSI_UNKNOWN_ERROR; unsigned char *tmp_serialized = NULL; DWORD len = 0; if (cert == NULL || raw == NULL || raw_len == NULL){ res = KSI_INVALID_ARGUMENT; goto cleanup; } KSI_ERR_clearErrors(cert->ctx); len = cert->x509->cbCertEncoded; tmp_serialized = KSI_malloc(len); if (tmp_serialized == NULL) { KSI_pushError(cert->ctx, res = KSI_OUT_OF_MEMORY, NULL); goto cleanup; } memcpy(tmp_serialized, cert->x509->pbCertEncoded, len); *raw = tmp_serialized; *raw_len = (size_t)len; tmp_serialized = NULL; res = KSI_OK; cleanup: KSI_free(tmp_serialized); return res; }
static void testVerifyPublicationsFile(CuTest *tc) { int res; KSI_PublicationsFile *pubFile = NULL; KSI_PKITruststore *pki = NULL; KSI_ERR_clearErrors(ctx); res = KSI_PublicationsFile_fromFile(ctx, getFullResourcePath(TEST_PUBLICATIONS_FILE), &pubFile); CuAssert(tc, "Unable to read publications file", res == KSI_OK && pubFile != NULL); res = KSI_PKITruststore_new(ctx, 0, &pki); CuAssert(tc, "Unable to get PKI truststore from context.", res == KSI_OK && pki != NULL); res = KSI_CTX_setPKITruststore(ctx, pki); CuAssert(tc, "Unable to set new pki truststrore for ksi context.", res == KSI_OK); /* Verification should fail. */ res = KSI_PublicationsFile_verify(pubFile, ctx); CuAssert(tc, "Publications file shouldn't verify without mock certificate.", res != KSI_OK); /* Verification should succeed. */ res = KSI_PKITruststore_addLookupFile(pki, getFullResourcePath("resource/tlv/mock.crt")); CuAssert(tc, "Unable to read certificate", res == KSI_OK); res = KSI_PublicationsFile_verify(pubFile, ctx); CuAssert(tc, "Publications file should verify with mock certificate.", res == KSI_OK); KSI_PublicationsFile_free(pubFile); }
int KSI_CTX_setDefaultPubFileCertConstraints(KSI_CTX *ctx, const KSI_CertConstraint *arr) { int res = KSI_UNKNOWN_ERROR; KSI_CertConstraint *tmp = NULL; size_t count = 0; size_t i; KSI_ERR_clearErrors(ctx); if (ctx == NULL || arr == NULL) { KSI_pushError(ctx, res = KSI_INVALID_ARGUMENT, NULL); goto cleanup; } /* Count the input. */ while(arr[count++].oid != NULL); /* Allocate buffer with extra space for the trailing {NULL, NULL}. */ tmp = KSI_calloc(count, sizeof(KSI_CertConstraint)); if (tmp == NULL) { KSI_pushError(ctx, res = KSI_OUT_OF_MEMORY, NULL); goto cleanup; } /* Copy the values. */ for (i = 0; arr[i].oid != NULL; i++) { res = KSI_strdup(arr[i].oid, &tmp[i].oid); if (res != KSI_OK) { KSI_pushError(ctx, res, NULL); goto cleanup; } if (arr[i].val == NULL) { KSI_pushError(ctx, res = KSI_INVALID_ARGUMENT, "Expected OID value may not be NULL"); goto cleanup; } res = KSI_strdup(arr[i].val, &tmp[i].val); if (res != KSI_OK) { KSI_pushError(ctx, res, NULL); goto cleanup; } } /* Add terminator for the array. */ tmp[i].oid = NULL; tmp[i].val = NULL; /* Free the existing constraints. */ freeCertConstraintsArray(ctx->certConstraints); ctx->certConstraints = tmp; tmp = NULL; res = KSI_OK; cleanup: freeCertConstraintsArray(tmp); return res; }
static void testExtractingNotExisting(CuTest* tc) { int res; KSI_Signature *sig = NULL; KSI_MultiSignature *ms = NULL; KSI_DataHash *hsh = NULL; KSI_ERR_clearErrors(ctx); res = KSI_Signature_fromFile(ctx, getFullResourcePath(TEST_SIGNATURE_FILE), &sig); CuAssert(tc, "Unable to read signature from file.", res == KSI_OK && sig != NULL); res = KSI_MultiSignature_new(ctx, &ms); CuAssert(tc, "Unable to create multi signature container.", res == KSI_OK && ms != NULL); res = KSI_MultiSignature_add(ms, sig); CuAssert(tc, "Unable to add signature to multi signature container.", res == KSI_OK); KSI_Signature_free(sig); sig = NULL; KSITest_DataHash_fromStr(ctx, "01db27c0db0aebb8d3963c3a720985cedb600f91854cdb1e45ad631611c39284dd", &hsh); res = KSI_MultiSignature_get(ms, hsh, &sig); CuAssert(tc, "Get should fail with KSI_MULTISIG_NOT_FOUND", res == KSI_MULTISIG_NOT_FOUND && sig == NULL); KSI_DataHash_free(hsh); KSI_MultiSignature_free(ms); KSI_Signature_free(sig); }
int KSI_Signature_verifyOnline(KSI_Signature *sig, KSI_CTX *ctx){ int res; KSI_CTX *useCtx = ctx; if (sig == NULL) { res = KSI_INVALID_ARGUMENT; goto cleanup; } KSI_ERR_clearErrors(sig->ctx); if (useCtx == NULL) { useCtx = sig->ctx; } res = KSI_Signature_verifyPolicy(sig, KSI_VP_ONLINE, useCtx); if (res != KSI_OK) { KSI_pushError(sig->ctx, res, NULL); goto cleanup; } res = KSI_OK; cleanup: return res; }