int KSI_sendExtendRequest(KSI_CTX *ctx, KSI_ExtendReq *request, KSI_RequestHandle **handle) {
int res = KSI_UNKNOWN_ERROR;
KSI_RequestHandle *tmp = NULL;
KSI_NetworkClient *netProvider = NULL;
KSI_ERR_clearErrors(ctx);
if (ctx == NULL || request == NULL || handle == NULL) {
KSI_pushError(ctx, res = KSI_INVALID_ARGUMENT, NULL);
goto cleanup;
}
netProvider = ctx->netProvider;
res = KSI_NetworkClient_sendExtendRequest(netProvider, request, &tmp);
if (res != KSI_OK) {
KSI_pushError(ctx,res, NULL);
goto cleanup;
}
*handle = tmp;
tmp = NULL;
res = KSI_OK;
cleanup:
KSI_RequestHandle_free(tmp);
return res;
}
int KSI_receivePublicationsFile(KSI_CTX *ctx, KSI_PublicationsFile **pubFile) {
int res = KSI_UNKNOWN_ERROR;
KSI_RequestHandle *handle = NULL;
const unsigned char *raw = NULL;
size_t raw_len = 0;
KSI_PublicationsFile *tmp = NULL;
KSI_ERR_clearErrors(ctx);
if (ctx == NULL || pubFile == NULL) {
KSI_pushError(ctx, res = KSI_INVALID_ARGUMENT, NULL);
goto cleanup;
}
/* TODO! Implement mechanism for reloading (e.g cache timeout) */
if (ctx->publicationsFile == NULL) {
KSI_LOG_debug(ctx, "Receiving publications file.");
res = KSI_sendPublicationRequest(ctx, NULL, 0, &handle);
if (res != KSI_OK) {
KSI_pushError(ctx,res, NULL);
goto cleanup;
}
res = KSI_RequestHandle_perform(handle);
if (res != KSI_OK) {
KSI_pushError(ctx,res, NULL);
goto cleanup;
}
res = KSI_RequestHandle_getResponse(handle, &raw, &raw_len);
if (res != KSI_OK) {
KSI_pushError(ctx,res, NULL);
goto cleanup;
}
res = KSI_PublicationsFile_parse(ctx, raw, raw_len, &tmp);
if (res != KSI_OK) {
KSI_pushError(ctx,res, NULL);
goto cleanup;
}
ctx->publicationsFile = tmp;
tmp = NULL;
KSI_LOG_debug(ctx, "Publications file received.");
}
*pubFile = KSI_PublicationsFile_ref(ctx->publicationsFile);
res = KSI_OK;
cleanup:
KSI_RequestHandle_free(handle);
KSI_PublicationsFile_free(tmp);
return res;
}
static int prepareRequest(
KSI_NetworkClient *client,
void *pdu,
int (*serialize)(void *, unsigned char **, unsigned *),
KSI_RequestHandle **handle,
char *url,
const char *desc) {
int res = KSI_UNKNOWN_ERROR;
KSI_HttpClient *http = (KSI_HttpClient *)client;
KSI_RequestHandle *tmp = NULL;
unsigned char *raw = NULL;
unsigned raw_len = 0;
if (client == NULL || pdu == NULL || handle == NULL) {
res = KSI_INVALID_ARGUMENT;
goto cleanup;
}
KSI_ERR_clearErrors(client->ctx);
res = serialize(pdu, &raw, &raw_len);
if (res != KSI_OK) {
KSI_pushError(client->ctx, res, NULL);
goto cleanup;
}
KSI_LOG_logBlob(client->ctx, KSI_LOG_DEBUG, desc, raw, raw_len);
/* Create a new request handle */
res = KSI_RequestHandle_new(client->ctx, raw, raw_len, &tmp);
if (res != KSI_OK) {
KSI_pushError(client->ctx, res, NULL);
goto cleanup;
}
if (http->sendRequest == NULL) {
KSI_pushError(client->ctx, res = KSI_UNKNOWN_ERROR, "Send request not initialized.");
goto cleanup;
}
res = http->sendRequest(client, tmp, url);
if (res != KSI_OK) {
KSI_pushError(client->ctx, res, NULL);
goto cleanup;
}
*handle = tmp;
tmp = NULL;
res = KSI_OK;
cleanup:
KSI_RequestHandle_free(tmp);
KSI_free(raw);
return res;
}
static void getExtResponse(CuTest* tc, KSI_uint64_t id, KSI_uint64_t aggrTime, KSI_uint64_t pubTime, KSI_ExtendResp **response) {
int res;
KSI_ExtendReq *request = NULL;
KSI_Integer *ID = NULL;
KSI_Integer *aggr_time = NULL;
KSI_Integer *pub_time = NULL;
KSI_RequestHandle *handle = NULL;
KSI_ExtendResp *tmp = NULL;
KSI_ERR_clearErrors(ctx);
/*Create objects*/
res = KSI_ExtendReq_new(ctx, &request);
CuAssert(tc, "Unable to create extend request.", res == KSI_OK && request != NULL);
res = KSI_Integer_new(ctx, id, &ID);
CuAssert(tc, "Unable to create request ID.", res == KSI_OK && ID != NULL);
res = KSI_Integer_new(ctx, aggrTime, &aggr_time);
CuAssert(tc, "Unable to aggr time.", res == KSI_OK && aggr_time != NULL);
res = KSI_Integer_new(ctx, pubTime, &pub_time);
CuAssert(tc, "Unable to pub time.", res == KSI_OK && pub_time != NULL);
/*Combine objects*/
res = KSI_ExtendReq_setRequestId(request, ID);
CuAssert(tc, "Unable set request ID.", res == KSI_OK);
ID = NULL;
res = KSI_ExtendReq_setAggregationTime(request, aggr_time);
CuAssert(tc, "Unable set aggre time.", res == KSI_OK);
aggr_time = NULL;
res = KSI_ExtendReq_setPublicationTime(request, pub_time);
CuAssert(tc, "Unable set pub time.", res == KSI_OK);
pub_time = NULL;
/*Send request and get response*/
res = KSI_sendExtendRequest(ctx, request, &handle);
CuAssert(tc, "Unable to send (prepare) sign request.", res == KSI_OK);
res = KSI_RequestHandle_perform(handle);
CuAssert(tc, "Unable to send perform (send) sign request.", res == KSI_OK);
res = KSI_RequestHandle_getExtendResponse(handle, &tmp);
CuAssert(tc, "Unable to get (send and get) sign request.", res == KSI_OK && tmp != NULL);
*response = tmp;
tmp = NULL;
res = KSI_OK;
KSI_ExtendReq_free(request);
KSI_Integer_free(aggr_time);
KSI_Integer_free(pub_time);
KSI_Integer_free(ID);
KSI_ExtendResp_free(tmp);
KSI_RequestHandle_free(handle);
}
static int verifyOnline(KSI_CTX *ctx, KSI_Signature *sig) {
int res = KSI_UNKNOWN_ERROR;
KSI_ExtendReq *req = NULL;
KSI_Integer *start = NULL;
KSI_Integer *end = NULL;
KSI_RequestHandle *handle = NULL;
KSI_DataHash *extHash = NULL;
KSI_DataHash *calHash = NULL;
KSI_ExtendResp *resp = NULL;
KSI_Integer *status = NULL;
KSI_CalendarHashChain *calChain = NULL;
KSI_DataHash *rootHash = NULL;
KSI_DataHash *pubHash = NULL;
KSI_VerificationStep step = KSI_VERIFY_CALCHAIN_ONLINE;
KSI_VerificationResult *info = &sig->verificationResult;
KSI_LOG_info(sig->ctx, "Verifying signature online.");
/* Extract start time */
res = KSI_CalendarHashChain_getAggregationTime(sig->calendarChain, &start);
if (res != KSI_OK) goto cleanup;
/* Clone the start time object */
KSI_Integer_ref(start);
if (sig->verificationResult.useUserPublication) {
/* Extract end time. */
res = KSI_PublicationData_getTime(sig->verificationResult.userPublication, &end);
if (res != KSI_OK) goto cleanup;
}
res = KSI_createExtendRequest(sig->ctx, start, end, &req);
if (res != KSI_OK) goto cleanup;
res = KSI_sendExtendRequest(ctx, req, &handle);
if (res != KSI_OK) goto cleanup;
res = KSI_RequestHandle_perform(handle);
if (res != KSI_OK) {
KSI_pushError(ctx,res, NULL);
goto cleanup;
}
res = KSI_RequestHandle_getExtendResponse(handle, &resp);
if (res != KSI_OK) goto cleanup;
/* Verify the correctness of the response. */
res = KSI_ExtendResp_verifyWithRequest(resp, req);
if (res != KSI_OK) {
KSI_pushError(ctx, res, NULL);
goto cleanup;
}
res = KSI_ExtendResp_getStatus(resp, &status);
if (res != KSI_OK) goto cleanup;
/* Verify status. */
if (status != NULL && !KSI_Integer_equalsUInt(status, 0)) {
KSI_Utf8String *respErr = NULL;
char errm[1024];
res = KSI_ExtendResp_getErrorMsg(resp, &respErr);
if (res != KSI_OK) goto cleanup;
KSI_snprintf(errm, sizeof(errm), "Extend failure from server: '%s'", KSI_Utf8String_cstr(respErr));
res = KSI_VerificationResult_addFailure(info, step, errm);
goto cleanup;
}
res = KSI_ExtendResp_getCalendarHashChain(resp, &calChain);
if (res != KSI_OK) goto cleanup;
res = KSI_CalendarHashChain_getInputHash(calChain, &extHash);
if (res != KSI_OK) goto cleanup;
res = KSI_CalendarHashChain_getInputHash(sig->calendarChain, &calHash);
if (res != KSI_OK) goto cleanup;
if (!KSI_DataHash_equals(extHash, calHash)) {
res = KSI_VerificationResult_addFailure(info, step, "Extender returned different input hash for calendar hash chain.");
goto cleanup;
}
if (sig->verificationResult.useUserPublication) {
res = KSI_CalendarHashChain_aggregate(calChain, &rootHash);
if (res != KSI_OK) goto cleanup;
if (!KSI_DataHash_equals(rootHash, pubHash)) {
res = KSI_VerificationResult_addFailure(info, step, "External publication imprint mismatch.");
goto cleanup;
}
}
res = KSI_VerificationResult_addSuccess(info, step, "Verified online.");
cleanup:
KSI_Integer_free(start);
KSI_ExtendReq_free(req);
KSI_RequestHandle_free(handle);
KSI_ExtendResp_free(resp);
return res;
}
