int KSI_ERR_getBaseErrorMessage(KSI_CTX *ctx, char *buf, size_t len, int *error, int *ext){ KSI_ERR *err = NULL; if (ctx == NULL || buf == NULL){ return KSI_INVALID_ARGUMENT; } err = ctx->errors; if (ctx->errors_count) { KSI_strncpy(buf, err->message, len); if (error != NULL) *error = err->statusCode; if (ext != NULL) *ext = err->extErrorCode; } else { KSI_strncpy(buf, KSI_getErrorString(KSI_OK), len); if (error != NULL) *error = KSI_OK; if (ext != NULL) *ext = 0; } return KSI_OK; }
char *KSI_PublicationData_toString(KSI_PublicationData *t, char *buffer, size_t buffer_len) { int res = KSI_UNKNOWN_ERROR; char *ret = NULL; size_t len = 0; char *pubStr = NULL; char tmp[256]; res = KSI_PublicationData_toBase32(t, &pubStr); if (res != KSI_OK) { KSI_LOG_debug(t->ctx, "Unable to convert publication data to base 32: %s (%d)", KSI_getErrorString(res), res); goto cleanup; } len += KSI_snprintf(buffer + len, buffer_len - len, "Publication string: %s\nPublication date: %s", pubStr, KSI_Integer_toDateString(t->time, tmp, sizeof(tmp))); KSI_snprintf(buffer + len, buffer_len - len, "\nPublished hash: %s", KSI_DataHash_toString(t->imprint, tmp, sizeof(tmp))); ret = buffer; cleanup: KSI_free(pubStr); return ret; }
static void testMaskingInput(CuTest *tc) { static const unsigned char diceRolls[] = {0xd5, 0x58, 0xaf, 0xfa, 0x80, 0x67, 0xf4, 0x2c, 0xd9, 0x48, 0x36, 0x21, 0xd1, 0xab, 0xae, 0x23, 0xed, 0xd6, 0xca, 0x04, 0x72, 0x7e, 0xcf, 0xc7, 0xdb, 0xc7, 0x6b, 0xde, 0x34, 0x77, 0x1e, 0x53}; int res; KSI_BlockSigner *bs = NULL; KSI_OctetString *iv = NULL; KSI_DataHash *zero = NULL; size_t i; struct { KSI_CTX *ctx; KSI_HashAlgorithm algo_id; KSI_DataHash *prevHash; KSI_OctetString *iv; KSI_BlockSigner **bs; int expectedRes; } tests[] = { {NULL, KSI_HASHALG_SHA3_512, NULL, NULL, NULL, KSI_INVALID_ARGUMENT}, {NULL, KSI_HASHALG_SHA3_512, NULL, NULL, &bs, KSI_INVALID_ARGUMENT}, {NULL, KSI_HASHALG_SHA3_512, NULL, iv, &bs, KSI_INVALID_ARGUMENT}, {NULL, KSI_HASHALG_SHA3_512, zero, NULL, &bs, KSI_INVALID_ARGUMENT}, {ctx, KSI_HASHALG_SHA3_512, NULL, NULL, &bs, KSI_UNAVAILABLE_HASH_ALGORITHM}, {NULL, KSI_HASHALG_SHA2_512, NULL, NULL, NULL, KSI_INVALID_ARGUMENT}, {NULL, KSI_HASHALG_SHA2_512, NULL, NULL, &bs, KSI_INVALID_ARGUMENT}, {NULL, KSI_HASHALG_SHA2_512, NULL, iv, &bs, KSI_INVALID_ARGUMENT}, {NULL, KSI_HASHALG_SHA2_512, zero, NULL, &bs, KSI_INVALID_ARGUMENT}, {ctx, KSI_HASHALG_SHA2_512, zero, NULL, &bs, KSI_OK}, {NULL, -1, NULL, NULL, NULL, -1} }; /* Create zero hash. */ res = KSI_DataHash_createZero(ctx, KSI_HASHALG_SHA2_512, &zero); CuAssert(tc, "Unable to create zero hash.", res == KSI_OK && zero != NULL); /* Create random initial vector. */ res = KSI_OctetString_new(ctx, diceRolls, sizeof(diceRolls), &iv); CuAssert(tc, "Unable to create initial vector.", res == KSI_OK && iv != NULL); res = KSI_BlockSigner_new(ctx, KSI_HASHALG_SHA1, zero, iv, &bs); CuAssert(tc, "Unable to create block signer instance with masking.", res == KSI_OK && bs != NULL); for (i = 0; tests[i].expectedRes != -1; i++) { res = KSI_BlockSigner_new(tests[i].ctx, tests[i].algo_id, tests[i].prevHash, tests[i].iv, tests[i].bs); KSI_BlockSigner_free(bs); bs = NULL; if (res != tests[i].expectedRes) { char buf[1000]; KSI_snprintf(buf, sizeof(buf), "Unexpected result @%i (expected = '%s', but was '%s').", i, KSI_getErrorString(tests[i].expectedRes), KSI_getErrorString(res)); CuFail(tc, buf); } } KSI_OctetString_free(iv); KSI_DataHash_free(zero); }
static int ksi_err_toPrinter(KSI_CTX *ctx, void *to, size_t buf_len, void* (*printer)(void *to, size_t to_len, size_t *count, const char *format, ...)) { int res = KSI_UNKNOWN_ERROR; KSI_ERR *err = NULL; size_t i; size_t count = 0; void *nextWrite = to; if (ctx == NULL || to == NULL || buf_len == 0 || printer == NULL) { res = KSI_INVALID_ARGUMENT; goto cleanup; } nextWrite = printer(nextWrite, buf_len - count, &count, "KSI error trace:\n"); if (ctx->errors_count == 0) { nextWrite = printer(nextWrite, buf_len - count, &count, "No errors.\n"); res = KSI_OK; goto cleanup; } /* List all errors, starting from the most general. */ for (i = 0; i < ctx->errors_count && i < ctx->errors_size; i++) { err = ctx->errors + ((ctx->errors_count - i - 1) % ctx->errors_size); nextWrite = printer(nextWrite, buf_len - count, &count, " %3lu) %s:%u - (%d/%ld) %s\n", ctx->errors_count - i, err->fileName, err->lineNr,err->statusCode, err->extErrorCode, *err->message != '\0' ? err->message : KSI_getErrorString(err->statusCode)); } /* If there where more errors than buffers for the errors, indicate the fact */ if (ctx->errors_count > ctx->errors_size) { printer(nextWrite, buf_len - count, &count, " ... (more errors)\n"); } res = KSI_OK; cleanup: return res; }
int main(int argc, char **argv) { int res = KSI_UNKNOWN_ERROR; /* Signature read from the file. */ KSI_Signature *sig = NULL; /* Signature extended to the publication. */ KSI_Signature *ext = NULL; /* Hash of the data file. */ KSI_DataHash *hsh = NULL; /* Hash value extracted from the signature. */ KSI_DataHash *signHsh = NULL; /* Data file hasher. */ KSI_DataHasher *hsr = NULL; /* Input file descriptor. */ FILE *in = NULL; /* Buffer for reading the input. */ unsigned char buf[1024]; /* Length of the buffer content. */ size_t buf_len; /* Verification info object. */ const KSI_VerificationResult *info = NULL; /* File descriptor for logging. */ FILE *logFile = NULL; const KSI_CertConstraint pubFileCertConstr[] = { { KSI_CERT_EMAIL, "*****@*****.**"}, { NULL, NULL } }; /* Init context. */ res = KSI_CTX_new(&ksi); if (res != KSI_OK) { fprintf(stderr, "Unable to init KSI context.\n"); goto cleanup; } logFile = fopen("ksi_verify.log", "w"); if (logFile == NULL) { fprintf(stderr, "Unable to open log file.\n"); } res = KSI_CTX_setDefaultPubFileCertConstraints(ksi, pubFileCertConstr); if (res != KSI_OK) { fprintf(stderr, "Unable to configure publications file cert constraints.\n"); goto cleanup; } /* Configure the logger. */ KSI_CTX_setLoggerCallback(ksi, KSI_LOG_StreamLogger, logFile); KSI_CTX_setLogLevel(ksi, KSI_LOG_DEBUG); KSI_LOG_info(ksi, "Using KSI version: '%s'", KSI_getVersion()); /* Check parameters. */ if (argc != 6) { fprintf(stderr, "Usage\n" " %s <data file | -> <signature> <publication-str> <extender url> <pub-file url>\n", argv[0]); goto cleanup; } /* Configure extender. */ res = KSI_CTX_setExtender(ksi, argv[4], "anon", "anon"); if (res != KSI_OK) { fprintf(stderr, "Unable to set extender parameters.\n"); goto cleanup; } /* Set the publications file url. */ res = KSI_CTX_setPublicationUrl(ksi, argv[4]); if (res != KSI_OK) { fprintf(stderr, "Unable to set publications file url.\n"); goto cleanup; } printf("Reading signature... "); /* Read the signature. */ res = KSI_Signature_fromFile(ksi, argv[2], &sig); if (res != KSI_OK) { printf("failed (%s)\n", KSI_getErrorString(res)); goto cleanup; } printf("ok\n"); printf("Verifying the signature with the publication... "); res = extendToPublication(sig, argv[3], &ext); switch (res) { case KSI_OK: printf("ok\n"); break; case KSI_VERIFICATION_FAILURE: printf("failed\n"); break; default: printf("failed (%s)\n", KSI_getErrorString(res)); goto cleanup; } /* Create hasher. */ res = KSI_Signature_createDataHasher(ext, &hsr); if (res != KSI_OK) { fprintf(stderr, "Unable to create data hasher.\n"); goto cleanup; } if (strcmp(argv[1], "-")) { in = fopen(argv[1], "rb"); if (in == NULL) { fprintf(stderr, "Unable to open data file '%s'.\n", argv[1]); goto cleanup; } /* Calculate the hash of the document. */ while (!feof(in)) { buf_len = fread(buf, 1, sizeof(buf), in); res = KSI_DataHasher_add(hsr, buf, buf_len); if (res != KSI_OK) { fprintf(stderr, "Unable hash the document.\n"); goto cleanup; } } /* Finalize the hash computation. */ res = KSI_DataHasher_close(hsr, &hsh); if (res != KSI_OK) { fprintf(stderr, "Failed to close the hashing process.\n"); goto cleanup; } res = KSI_Signature_getDocumentHash(sig, &signHsh); if (res != KSI_OK) goto cleanup; printf("Verifying document hash... "); if (!KSI_DataHash_equals(hsh, signHsh)) { printf("Wrong document!\n"); goto cleanup; } printf("ok\n"); } res = KSI_Signature_getVerificationResult(ext, &info); if (res != KSI_OK) goto cleanup; if (info != NULL) { size_t i; printf("Verification info:\n"); for (i = 0; i < KSI_VerificationResult_getStepResultCount(info); i++) { const KSI_VerificationStepResult *result = NULL; const char *desc = NULL; res = KSI_VerificationResult_getStepResult(info, i, &result); if (res != KSI_OK) goto cleanup; printf("\t0x%02x:\t%s", KSI_VerificationStepResult_getStep(result), KSI_VerificationStepResult_isSuccess(result) ? "OK" : "FAIL"); desc = KSI_VerificationStepResult_getDescription(result); if (desc && *desc) { printf(" (%s)", desc); } printf("\n"); } } res = KSI_OK; cleanup: if (logFile != NULL) fclose(logFile); if (res != KSI_OK && ksi != NULL) { KSI_ERR_statusDump(ksi, stderr); } if (in != NULL) fclose(in); KSI_Signature_free(sig); KSI_Signature_free(ext); KSI_DataHasher_free(hsr); KSI_DataHash_free(hsh); KSI_CTX_free(ksi); return res; }