static int KSI_CTX_setTimeoutSeconds(KSI_CTX *ctx, int timeout, int (*setter)(KSI_NetworkClient*, int)){ int res = KSI_UNKNOWN_ERROR; KSI_NetworkClient *client = NULL; KSI_ERR_clearErrors(ctx); if (ctx == NULL || ctx->netProvider == NULL) { KSI_pushError(ctx, res = KSI_INVALID_ARGUMENT, NULL); goto cleanup; } if (ctx->isCustomNetProvider){ KSI_pushError(ctx, res = KSI_INVALID_ARGUMENT, "Unable to set timeout after initial network provider replacement."); goto cleanup; } client = ctx->netProvider; res = setter(client, timeout); if (res != KSI_OK) { KSI_pushError(ctx,res, NULL); goto cleanup; } res = KSI_OK; cleanup: return res; }
int KSI_HmacHasher_reset(KSI_HmacHasher *hasher) { int res = KSI_UNKNOWN_ERROR; if (hasher == NULL) { res = KSI_INVALID_ARGUMENT; goto cleanup; } KSI_ERR_clearErrors(hasher->ctx); res = KSI_DataHasher_reset(hasher->dataHasher); if (res != KSI_OK) { KSI_pushError(hasher->ctx, res, NULL); goto cleanup; } /* Hash inner data. */ KSI_LOG_logBlob(hasher->ctx, KSI_LOG_DEBUG, "Adding ipad", hasher->ipadXORkey, hasher->blockSize); res = KSI_DataHasher_add(hasher->dataHasher, hasher->ipadXORkey, hasher->blockSize); if (res != KSI_OK) { KSI_pushError(hasher->ctx, res, NULL); goto cleanup; } res = KSI_OK; cleanup: return res; }
int KSI_Signature_verifyAggregatedHash(KSI_Signature *sig, KSI_CTX *ctx, KSI_DataHash *rootHash, KSI_uint64_t rootLevel) { int res = KSI_UNKNOWN_ERROR; KSI_CTX *useCtx = ctx; KSI_ERR_clearErrors(ctx); if (ctx == NULL || sig == NULL || rootHash == NULL) { KSI_pushError(ctx, res = KSI_INVALID_ARGUMENT, NULL); goto cleanup; } /* Pick a context to use. */ if (useCtx == NULL) { useCtx = sig->ctx; } KSI_VerificationResult_reset(&sig->verificationResult); /* Set the document hash. */ sig->verificationResult.documentHash = KSI_DataHash_ref(rootHash); sig->verificationResult.docAggrLevel = rootLevel; sig->verificationResult.verifyDocumentHash = true; res = KSI_Signature_verifyPolicy(sig, KSI_VP_DOCUMENT, useCtx); if (res != KSI_OK) { KSI_pushError(sig->ctx, res, NULL); goto cleanup; } res = KSI_OK; cleanup: return res; }
int KSI_OctetString_toTlv(KSI_CTX *ctx, KSI_OctetString *o, unsigned tag, int isNonCritical, int isForward, KSI_TLV **tlv) { int res = KSI_UNKNOWN_ERROR; KSI_TLV *tmp = NULL; KSI_ERR_clearErrors(ctx); if (ctx == NULL || o == NULL || tlv == NULL) { KSI_pushError(ctx, res = KSI_INVALID_ARGUMENT, NULL); goto cleanup; } res = KSI_TLV_new(ctx, tag, isNonCritical, isForward, &tmp); if (res != KSI_OK) { KSI_pushError(ctx, res, NULL); goto cleanup; } res = KSI_TLV_setRawValue(tmp, o->data, o->data_len); if (res != KSI_OK) { KSI_pushError(ctx, res, NULL); goto cleanup; } *tlv = tmp; tmp = NULL; res = KSI_OK; cleanup: KSI_TLV_free(tmp); return res; }
int KSI_createSignature(KSI_CTX *ctx, KSI_DataHash *dataHash, KSI_Signature **sig) { int res = KSI_UNKNOWN_ERROR; KSI_Signature *tmp = NULL; KSI_ERR_clearErrors(ctx); if (ctx == NULL || dataHash == NULL || sig == NULL) { KSI_pushError(ctx, res = KSI_INVALID_ARGUMENT, NULL); goto cleanup; } res = KSI_Signature_sign(ctx, dataHash, &tmp); if (res != KSI_OK) { KSI_pushError(ctx,res, NULL); goto cleanup; } *sig = tmp; tmp = NULL; res = KSI_OK; cleanup: KSI_Signature_free(tmp); return res; }
static int KSI_CTX_setUri(KSI_CTX *ctx, const char *uri, const char *loginId, const char *key, int (*setter)(KSI_NetworkClient*, const char*, const char *, const char *)){ int res = KSI_UNKNOWN_ERROR; KSI_ERR_clearErrors(ctx); if (ctx == NULL || uri == NULL) { KSI_pushError(ctx, res = KSI_INVALID_ARGUMENT, NULL); goto cleanup; } if (ctx->isCustomNetProvider){ KSI_pushError(ctx, res = KSI_INVALID_ARGUMENT, "Unable to set url after initial network provider replacement."); goto cleanup; } res = setter(ctx->netProvider, uri, loginId, key); if (res != KSI_OK) { KSI_pushError(ctx,res, NULL); goto cleanup; } res = KSI_OK; cleanup: return res; }
static int checkSignatureInternals(KSI_CTX *ctx, KSI_Signature *sig) { int res = KSI_UNKNOWN_ERROR; if (ctx == NULL || sig == NULL) { res = KSI_INVALID_ARGUMENT; goto cleanup; } /* A valid signature must have at least one aggregation chain. */ if (sig->aggregationChainList == NULL || KSI_AggregationHashChainList_length(sig->aggregationChainList) == 0) { KSI_pushError(ctx, res = KSI_INVALID_FORMAT, "A valid signature must have at least one aggregation hash chain."); goto cleanup; } /* If there is no calendar chain, there can not be a calendar auth record nor a publication record. */ if (sig->calendarChain == NULL && (sig->calendarAuthRec != NULL || sig->publication != NULL)) { KSI_pushError(ctx, KSI_INVALID_FORMAT, "Calendar auth record or publication record may not be specified if the calendar chain is missing."); goto cleanup; } /* Make sure the signature does not have both calendar auth record and a publication in it. */ if (sig->calendarAuthRec != NULL && sig->publication != NULL) { KSI_pushError(ctx, res = KSI_INVALID_FORMAT, "Only calendar auth record or publication record may be present."); goto cleanup; } res = KSI_OK; cleanup: return res; }
int KSI_SignatureBuilder_setCalendarHashChain(KSI_SignatureBuilder *builder, KSI_CalendarHashChain *cal) { int res = KSI_UNKNOWN_ERROR; KSI_CalendarHashChain *tmp = NULL; if (builder == NULL || cal == NULL) { res = KSI_INVALID_ARGUMENT; goto cleanup; } /* Do not allow overriding of the value, as it is likely an error. */ if (builder->sig->calendarChain != NULL) { KSI_pushError(builder->ctx, res = KSI_INVALID_STATE, "The calendar hash chain has already been set."); goto cleanup; } res = KSI_Signature_setCalendarChain(builder->sig, tmp = KSI_CalendarHashChain_ref(cal)); if (res != KSI_OK) { KSI_pushError(builder->ctx, res, NULL); goto cleanup; } tmp = NULL; res = KSI_OK; cleanup: KSI_CalendarHashChain_free(tmp); return res; }
int KSI_CTX_setDefaultPubFileCertConstraints(KSI_CTX *ctx, const KSI_CertConstraint *arr) { int res = KSI_UNKNOWN_ERROR; KSI_CertConstraint *tmp = NULL; size_t count = 0; size_t i; KSI_ERR_clearErrors(ctx); if (ctx == NULL || arr == NULL) { KSI_pushError(ctx, res = KSI_INVALID_ARGUMENT, NULL); goto cleanup; } /* Count the input. */ while(arr[count++].oid != NULL); /* Allocate buffer with extra space for the trailing {NULL, NULL}. */ tmp = KSI_calloc(count, sizeof(KSI_CertConstraint)); if (tmp == NULL) { KSI_pushError(ctx, res = KSI_OUT_OF_MEMORY, NULL); goto cleanup; } /* Copy the values. */ for (i = 0; arr[i].oid != NULL; i++) { res = KSI_strdup(arr[i].oid, &tmp[i].oid); if (res != KSI_OK) { KSI_pushError(ctx, res, NULL); goto cleanup; } if (arr[i].val == NULL) { KSI_pushError(ctx, res = KSI_INVALID_ARGUMENT, "Expected OID value may not be NULL"); goto cleanup; } res = KSI_strdup(arr[i].val, &tmp[i].val); if (res != KSI_OK) { KSI_pushError(ctx, res, NULL); goto cleanup; } } /* Add terminator for the array. */ tmp[i].oid = NULL; tmp[i].val = NULL; /* Free the existing constraints. */ freeCertConstraintsArray(ctx->certConstraints); ctx->certConstraints = tmp; tmp = NULL; res = KSI_OK; cleanup: freeCertConstraintsArray(tmp); return res; }
int KSI_DataHasher_addOctetString(KSI_DataHasher *hasher, KSI_OctetString *data) { int res = KSI_UNKNOWN_ERROR; const unsigned char *ptr = NULL; size_t len = 0; if (hasher == NULL || data == NULL) { res = KSI_INVALID_ARGUMENT; goto cleanup; } res = KSI_OctetString_extract(data, &ptr, &len); if (res != KSI_OK) { KSI_pushError(hasher->ctx, res, NULL); goto cleanup; } res = KSI_DataHasher_add(hasher, ptr, len); if (res != KSI_OK) { KSI_pushError(hasher->ctx, res, NULL); goto cleanup; } res = KSI_OK; cleanup: return res; }
int KSI_PublicationRecord_toBase32(KSI_PublicationRecord *pubRec, char **pubStr) { int res; if (pubRec == NULL) { res = KSI_INVALID_ARGUMENT; goto cleanup; } KSI_ERR_clearErrors(pubRec->ctx); if (pubStr == NULL) { KSI_pushError(pubRec->ctx, res = KSI_INVALID_ARGUMENT, NULL); goto cleanup; } res = KSI_PublicationData_toBase32(pubRec->publishedData, pubStr); if (res != KSI_OK) { KSI_pushError(pubRec->ctx, res, NULL); goto cleanup; } res = KSI_OK; cleanup: return res; }
int KSI_TlvTemplate_parse(KSI_CTX *ctx, const unsigned char *raw, unsigned raw_len, const KSI_TlvTemplate *tmpl, void *payload) { int res = KSI_UNKNOWN_ERROR; KSI_TLV *tlv = NULL; struct tlv_track_s tr[0xf]; KSI_ERR_clearErrors(ctx); if (ctx == NULL || raw == NULL || tmpl == NULL || payload == NULL) { KSI_pushError(ctx, res = KSI_INVALID_ARGUMENT, NULL); goto cleanup; } res = KSI_TLV_parseBlob2(ctx, (unsigned char *)raw, raw_len, 0, &tlv); if (res != KSI_OK) { KSI_pushError(ctx, res, NULL); goto cleanup; } res = extract(ctx, payload, tlv, tmpl, tr, 0, sizeof(tr)); if (res != KSI_OK) { KSI_pushError(ctx, res, NULL); goto cleanup; } KSI_LOG_logTlv(ctx, KSI_LOG_DEBUG, "Parsed TLV", tlv); res = KSI_OK; cleanup: KSI_TLV_free(tlv); return res; }
int KSI_Utf8StringNZ_toTlv(KSI_CTX *ctx, KSI_Utf8String *o, unsigned tag, int isNonCritical, int isForward, KSI_TLV **tlv) { int res = KSI_UNKNOWN_ERROR; KSI_TLV *tmp = NULL; KSI_ERR_clearErrors(ctx); if (ctx == NULL || o == NULL || tlv == NULL) { KSI_pushError(ctx, res = KSI_INVALID_ARGUMENT, NULL); goto cleanup; } if (o->len == 0 || (o->len == 1 && o->value[0] == 0)) { KSI_pushError(ctx, res = KSI_INVALID_FORMAT, "Empty string value not allowed."); goto cleanup; } res = KSI_Utf8String_toTlv(ctx, o, tag, isNonCritical, isForward, &tmp); if (res != KSI_OK) { KSI_pushError(ctx, res, NULL); goto cleanup; } *tlv = tmp; tmp = NULL; res = KSI_OK; cleanup: KSI_TLV_free(tmp); return res; }
int KSI_Utf8StringNZ_fromTlv(KSI_TLV *tlv, KSI_Utf8String **o) { int res = KSI_UNKNOWN_ERROR; KSI_CTX *ctx = NULL; KSI_Utf8String *tmp = NULL; ctx = KSI_TLV_getCtx(tlv); KSI_ERR_clearErrors(ctx); if (tlv == NULL || o == NULL) { KSI_pushError(ctx, res = KSI_INVALID_ARGUMENT, NULL); goto cleanup; } res = KSI_Utf8String_fromTlv(tlv, &tmp); if (res != KSI_OK) { KSI_pushError(ctx, res, NULL); goto cleanup; } if (tmp->len == 0 || (tmp->len == 1 && tmp->value[0] == 0)) { KSI_pushError(ctx, res = KSI_INVALID_FORMAT, "Empty string value not allowed."); goto cleanup; } *o = tmp; tmp = NULL; res = KSI_OK; cleanup: KSI_nofree(ctx); KSI_Utf8String_free(tmp); return res; }
int KSI_OctetString_LegacyId_getUtf8String(KSI_OctetString *id, KSI_Utf8String **str) { int res = KSI_UNKNOWN_ERROR; const unsigned char *raw = NULL; size_t raw_len; KSI_Utf8String *tmp = NULL; if (id == NULL || str == NULL) { res = KSI_INVALID_ARGUMENT; goto cleanup; } KSI_ERR_clearErrors(id->ctx); res = KSI_OctetString_extract(id, &raw, &raw_len); if (res != KSI_OK) { KSI_pushError(id->ctx, res, NULL); goto cleanup; } res = KSI_Utf8String_new(id->ctx, (char *)(raw + LEGACY_ID_STR_POS), raw[LEGACY_ID_STR_LEN_POS] + 1, &tmp); if (res != KSI_OK) { KSI_pushError(id->ctx, res, NULL); goto cleanup; } *str = tmp; tmp = NULL; res = KSI_OK; cleanup: KSI_Utf8String_free(tmp); return res; }
/*TODO: Not supported*/ int KSI_PKITruststore_addLookupFile(KSI_PKITruststore *trust, const char *path) { int res = KSI_UNKNOWN_ERROR; HCERTSTORE tmp_FileTrustStore = NULL; char buf[1024]; if (trust == NULL || path == NULL){ res = KSI_INVALID_ARGUMENT; goto cleanup; } KSI_ERR_clearErrors(trust->ctx); /*Open new store */ tmp_FileTrustStore = CertOpenStore(CERT_STORE_PROV_FILENAME_A, 0, 0, 0, path); if (tmp_FileTrustStore == NULL) { KSI_LOG_debug(trust->ctx, "%s", getMSError(GetLastError(), buf, sizeof(buf))); KSI_pushError(trust->ctx, res = KSI_INVALID_FORMAT, NULL); goto cleanup; } /*Update with priority 0 store*/ if (!CertAddStoreToCollection(trust->collectionStore, tmp_FileTrustStore, 0, 0)) { KSI_LOG_debug(trust->ctx, "%s", getMSError(GetLastError(), buf, sizeof(buf))); KSI_pushError(trust->ctx, res = KSI_INVALID_FORMAT, NULL); goto cleanup; } tmp_FileTrustStore = NULL; res = KSI_OK; cleanup: if (tmp_FileTrustStore) CertCloseStore(tmp_FileTrustStore, CERT_CLOSE_STORE_CHECK_FLAG); return res; }
int KSI_sendExtendRequest(KSI_CTX *ctx, KSI_ExtendReq *request, KSI_RequestHandle **handle) { int res = KSI_UNKNOWN_ERROR; KSI_RequestHandle *tmp = NULL; KSI_NetworkClient *netProvider = NULL; KSI_ERR_clearErrors(ctx); if (ctx == NULL || request == NULL || handle == NULL) { KSI_pushError(ctx, res = KSI_INVALID_ARGUMENT, NULL); goto cleanup; } netProvider = ctx->netProvider; res = KSI_NetworkClient_sendExtendRequest(netProvider, request, &tmp); if (res != KSI_OK) { KSI_pushError(ctx,res, NULL); goto cleanup; } *handle = tmp; tmp = NULL; res = KSI_OK; cleanup: KSI_RequestHandle_free(tmp); return res; }
int KSI_DataHasher_addImprint(KSI_DataHasher *hasher, const KSI_DataHash *hsh) { int res = KSI_UNKNOWN_ERROR; const unsigned char *imprint; size_t imprint_len; if (hasher == NULL || hsh == NULL) { res = KSI_INVALID_ARGUMENT; goto cleanup; } KSI_ERR_clearErrors(hasher->ctx); res = KSI_DataHash_getImprint(hsh, &imprint, &imprint_len); if (res != KSI_OK) { KSI_pushError(hasher->ctx, res, NULL); goto cleanup; } res = KSI_DataHasher_add(hasher, imprint, imprint_len); if (res != KSI_OK) { KSI_pushError(hasher->ctx, res, NULL); goto cleanup; } res = KSI_OK; cleanup: return res; }
int KSI_sendPublicationRequest(KSI_CTX *ctx, const unsigned char *request, size_t request_length, KSI_RequestHandle **handle) { int res = KSI_UNKNOWN_ERROR; KSI_NetworkClient *netProvider = NULL; KSI_ERR_clearErrors(ctx); if (ctx == NULL || handle == NULL) { KSI_pushError(ctx, res = KSI_INVALID_ARGUMENT, NULL); goto cleanup; } netProvider = ctx->netProvider; res = KSI_NetworkClient_sendPublicationsFileRequest(netProvider, handle); if (res != KSI_OK) { KSI_pushError(ctx,res, NULL); goto cleanup; } res = KSI_OK; cleanup: return res; }
int KSI_DataHash_createZero(KSI_CTX *ctx, KSI_HashAlgorithm algo_id, KSI_DataHash **hsh) { int res = KSI_UNKNOWN_ERROR; KSI_DataHash *tmp = NULL; unsigned char buf[KSI_MAX_IMPRINT_LEN]; if (ctx == NULL || hsh == NULL) { res = KSI_INVALID_ARGUMENT; goto cleanup; } memset(buf, 0, sizeof(buf)); buf[0] = algo_id; if (!KSI_isHashAlgorithmSupported(algo_id)) { KSI_pushError(ctx, res = KSI_UNAVAILABLE_HASH_ALGORITHM, "Hash algorithm not supported."); goto cleanup; } res = KSI_DataHash_fromImprint(ctx, buf, (KSI_hashAlgorithmInfo[algo_id].outputBitCount >> 3) + 1, &tmp); if (res != KSI_OK) { KSI_pushError(ctx, res, NULL); goto cleanup; } *hsh = tmp; tmp = NULL; res = KSI_OK; cleanup: KSI_DataHash_free(tmp); return res; }
int KSI_receivePublicationsFile(KSI_CTX *ctx, KSI_PublicationsFile **pubFile) { int res = KSI_UNKNOWN_ERROR; KSI_RequestHandle *handle = NULL; const unsigned char *raw = NULL; size_t raw_len = 0; KSI_PublicationsFile *tmp = NULL; KSI_ERR_clearErrors(ctx); if (ctx == NULL || pubFile == NULL) { KSI_pushError(ctx, res = KSI_INVALID_ARGUMENT, NULL); goto cleanup; } /* TODO! Implement mechanism for reloading (e.g cache timeout) */ if (ctx->publicationsFile == NULL) { KSI_LOG_debug(ctx, "Receiving publications file."); res = KSI_sendPublicationRequest(ctx, NULL, 0, &handle); if (res != KSI_OK) { KSI_pushError(ctx,res, NULL); goto cleanup; } res = KSI_RequestHandle_perform(handle); if (res != KSI_OK) { KSI_pushError(ctx,res, NULL); goto cleanup; } res = KSI_RequestHandle_getResponse(handle, &raw, &raw_len); if (res != KSI_OK) { KSI_pushError(ctx,res, NULL); goto cleanup; } res = KSI_PublicationsFile_parse(ctx, raw, raw_len, &tmp); if (res != KSI_OK) { KSI_pushError(ctx,res, NULL); goto cleanup; } ctx->publicationsFile = tmp; tmp = NULL; KSI_LOG_debug(ctx, "Publications file received."); } *pubFile = KSI_PublicationsFile_ref(ctx->publicationsFile); res = KSI_OK; cleanup: KSI_RequestHandle_free(handle); KSI_PublicationsFile_free(tmp); return res; }
int KSI_SignatureBuilder_close(KSI_SignatureBuilder *builder, KSI_uint64_t rootLevel, KSI_Signature **sig) { int res = KSI_UNKNOWN_ERROR; KSI_VerificationContext context; KSI_PolicyVerificationResult *result = NULL; if (builder == NULL || sig == NULL) { res = KSI_INVALID_ARGUMENT; goto cleanup; } res = KSI_VerificationContext_init(&context, builder->ctx); if (res != KSI_OK) { KSI_pushError(builder->ctx, res, NULL); goto cleanup; } /* Make sure the aggregation hash chains are in correct order. */ res = KSI_AggregationHashChainList_sort(builder->sig->aggregationChainList, aggregationHashChainCmp); if (res != KSI_OK) { KSI_pushError(builder->ctx, res, NULL); goto cleanup; } res = checkSignatureInternals(builder->ctx, builder->sig); if (res != KSI_OK) { KSI_pushError(builder->ctx, res, "Signature internal structures are invalid."); goto cleanup; } if (!builder->noVerify) { /* Verify the signature. */ context.signature = builder->sig; context.docAggrLevel = rootLevel; res = KSI_SignatureVerifier_verify(KSI_VERIFICATION_POLICY_INTERNAL, &context, &result); if (res != KSI_OK) { KSI_pushError(builder->ctx, res, NULL); goto cleanup; } if (result->finalResult.resultCode != KSI_VER_RES_OK) { KSI_pushError(builder->ctx, res = KSI_VERIFICATION_FAILURE, "Internal verification of signature failed."); goto cleanup; } } *sig = builder->sig; builder->sig = NULL; res = KSI_OK; cleanup: KSI_VerificationContext_clean(&context); KSI_PolicyVerificationResult_free(result); return res; }
int KSI_PublicationsFile_getPublicationDataByTime(const KSI_PublicationsFile *trust, const KSI_Integer *pubTime, KSI_PublicationRecord **pubRec) { int res; size_t i; KSI_PublicationRecord *result = NULL; if (trust == NULL) { res = KSI_INVALID_ARGUMENT; goto cleanup; } KSI_ERR_clearErrors(trust->ctx); if (pubTime == NULL || pubRec == NULL) { KSI_pushError(trust->ctx, res = KSI_INVALID_ARGUMENT, NULL); goto cleanup; } for (i = 0; i < KSI_PublicationRecordList_length(trust->publications); i++) { KSI_PublicationRecord *pr = NULL; KSI_PublicationData *pd = NULL; KSI_Integer *tm = NULL; res = KSI_PublicationRecordList_elementAt(trust->publications, i, &pr); if (res != KSI_OK) { KSI_pushError(trust->ctx, res, NULL); goto cleanup; } res = KSI_PublicationRecord_getPublishedData(pr, &pd); if (res != KSI_OK) { KSI_pushError(trust->ctx, res, NULL); goto cleanup; } res = KSI_PublicationData_getTime(pd, &tm); if (res != KSI_OK) { KSI_pushError(trust->ctx, res, NULL); goto cleanup; } if (KSI_Integer_equals(pubTime, tm)) { result = pr; break; } KSI_nofree(tm); KSI_nofree(pd); } *pubRec = result; res = KSI_OK; cleanup: KSI_nofree(result); return res; }
static int prepareRequest( KSI_NetworkClient *client, void *pdu, int (*serialize)(void *, unsigned char **, unsigned *), KSI_RequestHandle **handle, char *url, const char *desc) { int res = KSI_UNKNOWN_ERROR; KSI_HttpClient *http = (KSI_HttpClient *)client; KSI_RequestHandle *tmp = NULL; unsigned char *raw = NULL; unsigned raw_len = 0; if (client == NULL || pdu == NULL || handle == NULL) { res = KSI_INVALID_ARGUMENT; goto cleanup; } KSI_ERR_clearErrors(client->ctx); res = serialize(pdu, &raw, &raw_len); if (res != KSI_OK) { KSI_pushError(client->ctx, res, NULL); goto cleanup; } KSI_LOG_logBlob(client->ctx, KSI_LOG_DEBUG, desc, raw, raw_len); /* Create a new request handle */ res = KSI_RequestHandle_new(client->ctx, raw, raw_len, &tmp); if (res != KSI_OK) { KSI_pushError(client->ctx, res, NULL); goto cleanup; } if (http->sendRequest == NULL) { KSI_pushError(client->ctx, res = KSI_UNKNOWN_ERROR, "Send request not initialized."); goto cleanup; } res = http->sendRequest(client, tmp, url); if (res != KSI_OK) { KSI_pushError(client->ctx, res, NULL); goto cleanup; } *handle = tmp; tmp = NULL; res = KSI_OK; cleanup: KSI_RequestHandle_free(tmp); KSI_free(raw); return res; }
int KSI_Integer_fromTlv(KSI_TLV *tlv, KSI_Integer **o) { int res = KSI_UNKNOWN_ERROR; KSI_CTX *ctx = NULL; KSI_Integer *tmp = NULL; const unsigned char *raw = NULL; size_t len; size_t i; KSI_uint64_t val = 0; ctx = KSI_TLV_getCtx(tlv); KSI_ERR_clearErrors(ctx); if (tlv == NULL || o == NULL) { KSI_pushError(ctx, res = KSI_INVALID_ARGUMENT, NULL); goto cleanup; } res = KSI_TLV_getRawValue(tlv, &raw, &len); if (res != KSI_OK) { KSI_pushError(ctx, res, NULL); goto cleanup; } if (len > 8) { KSI_pushError(ctx, res = KSI_INVALID_FORMAT, "Integer larger than 64bit"); goto cleanup; } /* Encode the up-to 64bit unsigned integer. */ for (i = 0; i < len; i++) { val = val << 8 | raw[i]; } /* Make sure the integer was coded properly. */ if (len != KSI_UINT64_MINSIZE(val)) { KSI_pushError(ctx, res = KSI_INVALID_FORMAT, "Integer not properly formated."); goto cleanup; } res = KSI_Integer_new(ctx, val, &tmp); if (res != KSI_OK) { KSI_pushError(ctx, res, NULL); goto cleanup; } *o = tmp; tmp = NULL; res = KSI_OK; cleanup: KSI_nofree(ctx); KSI_Integer_free(tmp); return res; }
static int KSI_PKITruststore_verifySignatureCertificate(const KSI_PKITruststore *pki, const KSI_PKISignature *signature) { int res = KSI_UNKNOWN_ERROR; KSI_CTX *ctx = NULL; PCCERT_CONTEXT subjectCert = NULL; char tmp[256]; char *magicEmail = NULL; if (pki == NULL || signature == NULL){ res = KSI_INVALID_ARGUMENT; goto cleanup; } ctx = pki->ctx; KSI_ERR_clearErrors(ctx); res = extractSigningCertificate(signature, &subjectCert); if (res != KSI_OK){ KSI_pushError(ctx, res, NULL); goto cleanup; } //printCertInfo(subjectCert); res=KSI_CTX_getPublicationCertEmail(ctx, &magicEmail); if (res != KSI_OK){ KSI_pushError(ctx, res, NULL); goto cleanup; } if (magicEmail != NULL){ if (CertGetNameString(subjectCert, CERT_NAME_EMAIL_TYPE, 0, NULL, tmp, sizeof(tmp))==1){ KSI_pushError(ctx, res = KSI_CRYPTO_FAILURE, "Unable to get subjects name from PKI certificate."); goto cleanup; } KSI_LOG_debug(ctx, "CryptoAPI: Subjects E-mail: %s.", tmp); if (strcmp(tmp, magicEmail) != 0) { KSI_pushError(ctx, res = KSI_PKI_CERTIFICATE_NOT_TRUSTED, "Wrong subject name."); goto cleanup; } } res = KSI_PKITruststore_verifyCertificate(pki, subjectCert); if (res != KSI_OK){ KSI_pushError(ctx, res, NULL); goto cleanup; } res = KSI_OK; cleanup: if (subjectCert) CertFreeCertificateContext(subjectCert); return res; }
int KSI_PKICertificate_new(KSI_CTX *ctx, const void *der, size_t der_len, KSI_PKICertificate **cert) { int res = KSI_UNKNOWN_ERROR; PCCERT_CONTEXT x509 = NULL; KSI_PKICertificate *tmp = NULL; char buf[1024]; KSI_ERR_clearErrors(ctx); if (ctx == NULL || der == NULL || der_len == 0 || cert == NULL){ res = KSI_INVALID_ARGUMENT; goto cleanup; } if (der_len > UINT_MAX) { KSI_pushError(ctx, res = KSI_INVALID_ARGUMENT, "Length is more than MAX_INT."); goto cleanup; } x509 = CertCreateCertificateContext(X509_ASN_ENCODING, der, (unsigned)der_len); if (x509 == NULL) { DWORD error = GetLastError(); const char *errmsg = getMSError(GetLastError(), buf, sizeof(buf)); KSI_LOG_debug(ctx, "%s", errmsg); if (error == CRYPT_E_ASN1_EOD) KSI_pushError(ctx, res = KSI_INVALID_FORMAT, "Invalid PKI certificate. ASN.1 unexpected end of data."); else if (error == CRYPT_E_ASN1_MEMORY ) KSI_pushError(ctx, res = KSI_OUT_OF_MEMORY, NULL); else KSI_pushError(ctx, res = KSI_INVALID_FORMAT, errmsg); goto cleanup; } tmp = KSI_new(KSI_PKICertificate); if (tmp == NULL) { KSI_pushError(ctx, res = KSI_OUT_OF_MEMORY, NULL); goto cleanup; } tmp->ctx = ctx; tmp->x509 = x509; x509 = NULL; *cert = tmp; tmp = NULL; res = KSI_OK; cleanup: if (x509 != NULL) CertFreeCertificateContext(x509); KSI_PKICertificate_free(tmp); return res; }
static int sendRequest(KSI_NetworkClient *client, KSI_RequestHandle *handle, char *host, unsigned port) { int res; TcpClientCtx *tc = NULL; if (handle == NULL) { res = KSI_INVALID_ARGUMENT; goto cleanup; } KSI_ERR_clearErrors(handle->ctx); if (client == NULL || host == NULL) { KSI_pushError(handle->ctx, res = KSI_INVALID_ARGUMENT, NULL); goto cleanup; } tc = KSI_new(TcpClientCtx); if (tc == NULL) { KSI_pushError(handle->ctx, res = KSI_OUT_OF_MEMORY, NULL); goto cleanup; } tc->host = NULL; tc->port = 0; KSI_LOG_debug(handle->ctx, "Tcp: Sending request to: %s:%u", host, port); res = KSI_strdup(host, &tc->host); if (res != KSI_OK) { KSI_pushError(handle->ctx, res, NULL); goto cleanup; } tc->port = port; handle->readResponse = readResponse; handle->client = client; res = KSI_RequestHandle_setImplContext(handle, tc, (void (*)(void *))TcpClientCtx_free); if (res != KSI_OK) { KSI_pushError(handle->ctx, res, NULL); goto cleanup; } tc = NULL; res = KSI_OK; cleanup: TcpClientCtx_free(tc); return res; }
int KSI_PublicationsFile_getPKICertificateById(const KSI_PublicationsFile *pubFile, const KSI_OctetString *id, KSI_PKICertificate **cert) { int res; size_t i; KSI_CertificateRecord *certRec = NULL; if (pubFile == NULL) { res = KSI_INVALID_ARGUMENT; goto cleanup; } KSI_ERR_clearErrors(pubFile->ctx); if (id == NULL || cert == NULL) { KSI_pushError(pubFile->ctx, res = KSI_INVALID_ARGUMENT, NULL); goto cleanup; } for (i = 0; i < KSI_CertificateRecordList_length(pubFile->certificates); i++) { KSI_OctetString *cId = NULL; res = KSI_CertificateRecordList_elementAt(pubFile->certificates, i, &certRec); if (res != KSI_OK) { KSI_pushError(pubFile->ctx, res, NULL); goto cleanup; } res = KSI_CertificateRecord_getCertId(certRec, &cId); if (res != KSI_OK) { KSI_pushError(pubFile->ctx, res, NULL); goto cleanup; } if (KSI_OctetString_equals(cId, id)) { res = KSI_CertificateRecord_getCert(certRec, cert); if (res != KSI_OK) { KSI_pushError(pubFile->ctx, res, NULL); goto cleanup; } break; } } res = KSI_OK; cleanup: KSI_nofree(certRec); return res; }
int KSI_DataHash_fromDigest(KSI_CTX *ctx, KSI_HashAlgorithm algo_id, const unsigned char *digest, size_t digest_length, KSI_DataHash **hash) { int res = KSI_UNKNOWN_ERROR; KSI_DataHash *tmp_hash = NULL; KSI_ERR_clearErrors(ctx); if (ctx == NULL || digest == NULL || digest_length == 0 || hash == NULL) { KSI_pushError(ctx, res = KSI_INVALID_ARGUMENT, NULL); goto cleanup; } /* Make sure the algorithm is supported. */ if (!KSI_isHashAlgorithmSupported(algo_id)) { KSI_pushError(ctx, res = KSI_UNAVAILABLE_HASH_ALGORITHM, "Hash algorithm not supported."); goto cleanup; } /* Verify the length of the digest with the algorithm. */ if (KSI_getHashLength(algo_id) != digest_length) { KSI_pushError(ctx, res = KSI_INVALID_FORMAT, "Digest length does not match with algorithm."); goto cleanup; } /* Make sure it fits. */ if (digest_length > KSI_MAX_IMPRINT_LEN) { KSI_pushError(ctx, res = KSI_CRYPTO_FAILURE, "Internal buffer too short to hold imprint"); goto cleanup; } tmp_hash = KSI_new(KSI_DataHash); if (tmp_hash == NULL) { KSI_pushError(ctx, res = KSI_OUT_OF_MEMORY, NULL); goto cleanup; } tmp_hash->ref = 1; tmp_hash->ctx = ctx; tmp_hash->imprint[0] = (unsigned char)algo_id; memcpy(tmp_hash->imprint + 1, digest, digest_length); tmp_hash->imprint_length = digest_length + 1; *hash = tmp_hash; tmp_hash = NULL; res = KSI_OK; cleanup: KSI_DataHash_free(tmp_hash); return res; }