static void testDeleteSignatureAppendedFromFile(CuTest *tc, const char *fname) {
int res;
KSI_MultiSignature *ms = NULL;
KSI_Signature *sig = NULL;
KSI_HashAlgorithm *arr = NULL;
KSI_DataHash *hsh = NULL;
res = KSI_MultiSignature_new(ctx, &ms);
CuAssert(tc, "Unable to create multi signature container.", res == KSI_OK && ms != NULL);
res = KSI_Signature_fromFile(ctx, fname, &sig);
CuAssert(tc, "Unable to read signature from file.", res == KSI_OK && sig != NULL);
res = KSI_Signature_getDocumentHash(sig, &hsh);
CuAssert(tc, "Unable to retrieve signed document hash from the signature.", res == KSI_OK && hsh != NULL);
KSI_DataHash_ref(hsh);
res = KSI_MultiSignature_add(ms, sig);
CuAssert(tc, "Unable to add signature to multi signature container.", res == KSI_OK);
KSI_Signature_free(sig);
sig = NULL;
res = KSI_MultiSignature_remove(ms, hsh);
CuAssert(tc, "Unable to remove signature.", res == KSI_OK);
res = KSI_MultiSignature_get(ms, hsh, &sig);
CuAssert(tc, "There should not be a signature with this hash value anymore.", res == KSI_MULTISIG_NOT_FOUND && sig == NULL);
/* TimeMapper list functions are not exported so we need to cast to generic list. */
CuAssert(tc, "The internal structure should be empty", KSI_List_length((KSI_List *)ms->timeList) == 0);
KSI_MultiSignature_free(ms);
KSI_DataHash_free(hsh);
KSI_free(arr);
}
static void testOnlyStrongestProofReturned(CuTest* tc) {
int res;
KSI_Signature *sig1 = NULL;
KSI_Signature *sig2 = NULL;
KSI_Signature *sig3 = NULL;
KSI_MultiSignature *ms = NULL;
KSI_DataHash *hsh = NULL;
KSI_PublicationRecord *publication = NULL;
KSI_CalendarAuthRec *calAuth = NULL;
KSI_ERR_clearErrors(ctx);
res = KSI_MultiSignature_new(ctx, &ms);
CuAssert(tc, "Unable to create multi signature container.", res == KSI_OK && ms != NULL);
res = KSI_Signature_fromFile(ctx, getFullResourcePath(TEST_SIGNATURE_FILE), &sig1);
CuAssert(tc, "Unable to read signature from file.", res == KSI_OK && sig1 != NULL);
res = KSI_MultiSignature_add(ms, sig1);
CuAssert(tc, "Unable to add signature to multi signature container.", res == KSI_OK);
res = KSI_Signature_fromFile(ctx, getFullResourcePath(TEST_EX_SIGNATURE_FILE), &sig2);
CuAssert(tc, "Unable to read signature from file.", res == KSI_OK && sig2 != NULL);
res = KSI_MultiSignature_add(ms, sig2);
CuAssert(tc, "Unable to add signature to multi signature container.", res == KSI_OK);
res = KSI_Signature_getDocumentHash(sig1, &hsh);
CuAssert(tc, "Unable to get signed hash value.", res == KSI_OK && hsh != NULL);
res = KSI_MultiSignature_get(ms, hsh, &sig3);
CuAssert(tc, "Unable to extract signature from multi signature container.", res == KSI_OK && sig3 != NULL);
res = KSI_verifySignature(ctx, sig3);
CuAssert(tc, "Unable to verify extracted signature.", res == KSI_OK);
/* Verify the signature has a publication attached to it. */
res = KSI_Signature_getPublicationRecord(sig3, &publication);
CuAssert(tc, "Publication must be present", res == KSI_OK && publication != NULL);
/* Verify the signature does not contain a calendar authentication record. */
res = KSI_Signature_getCalendarAuthRec(sig3, &calAuth);
CuAssert(tc, "Signature may not have a calendar auth record and a publication.", res == KSI_OK && calAuth == NULL);
KSI_MultiSignature_free(ms);
KSI_Signature_free(sig1);
KSI_Signature_free(sig2);
KSI_Signature_free(sig3);
}
static int verifyDocument(KSI_Signature *sig) {
int res = KSI_UNKNOWN_ERROR;
KSI_DataHash *hsh = NULL;
KSI_VerificationStep step = KSI_VERIFY_DOCUMENT;
KSI_VerificationResult *info = &sig->verificationResult;
if (!sig->verificationResult.verifyDocumentHash) {
res = KSI_OK;
goto cleanup;
}
KSI_LOG_info(sig->ctx, "Verifying document hash.");
KSI_LOG_logDataHash(sig->ctx, KSI_LOG_DEBUG, "Verifying document hash", sig->verificationResult.documentHash);
if (sig->rfc3161 != NULL) {
KSI_LOG_info(sig->ctx, "Document hash is compared with RFC 3161 input hash.");
res = KSI_RFC3161_getInputHash(sig->rfc3161, &hsh);
if (res != KSI_OK) goto cleanup;
} else {
res = KSI_Signature_getDocumentHash(sig, &hsh);
if (res != KSI_OK) goto cleanup;
}
if (!KSI_DataHash_equals(hsh, sig->verificationResult.documentHash)) {
KSI_LOG_logDataHash(sig->ctx, KSI_LOG_DEBUG, "Document hash", sig->verificationResult.documentHash);
KSI_LOG_logDataHash(sig->ctx, KSI_LOG_DEBUG, "Signed hash", hsh);
res = KSI_VerificationResult_addFailure(info, step, "Wrong document.");
goto cleanup;
}
res = KSI_VerificationResult_addSuccess(info, step, "Document correct.");
cleanup:
KSI_nofree(hsh);
KSI_nofree(info);
return res;
}
static void testExtractingSingleLegacy(CuTest* tc) {
int res;
KSI_Signature *sig = NULL;
KSI_MultiSignature *ms = NULL;
KSI_DataHash *hsh = NULL;
KSI_ERR_clearErrors(ctx);
res = KSI_Signature_fromFile(ctx, getFullResourcePath("resource/tlv/ok-legacy-sig-2014-06.gtts.ksig"), &sig);
CuAssert(tc, "Unable to read signature from file.", res == KSI_OK && sig != NULL);
res = KSI_Signature_getDocumentHash(sig, &hsh);
CuAssert(tc, "Unable to get signed hash value.", res == KSI_OK && hsh != NULL);
KSI_DataHash_ref(hsh);
res = KSI_MultiSignature_new(ctx, &ms);
CuAssert(tc, "Unable to create multi signature container.", res == KSI_OK && ms != NULL);
res = KSI_MultiSignature_add(ms, sig);
CuAssert(tc, "Unable to add signature to multi signature container.", res == KSI_OK);
KSI_Signature_free(sig);
sig = NULL;
res = KSI_MultiSignature_get(ms, hsh, &sig);
CuAssert(tc, "Unable to extract signature from multi signature container.", res == KSI_OK && sig != NULL);
res = KSI_verifySignature(ctx, sig);
CuAssert(tc, "Unable to verify extracted signature.", res == KSI_OK);
KSI_DataHash_free(hsh);
KSI_MultiSignature_free(ms);
KSI_Signature_free(sig);
}
int main(int argc, char **argv) {
int res = KSI_UNKNOWN_ERROR;
/* Signature read from the file. */
KSI_Signature *sig = NULL;
/* Signature extended to the publication. */
KSI_Signature *ext = NULL;
/* Hash of the data file. */
KSI_DataHash *hsh = NULL;
/* Hash value extracted from the signature. */
KSI_DataHash *signHsh = NULL;
/* Data file hasher. */
KSI_DataHasher *hsr = NULL;
/* Input file descriptor. */
FILE *in = NULL;
/* Buffer for reading the input. */
unsigned char buf[1024];
/* Length of the buffer content. */
size_t buf_len;
/* Verification info object. */
const KSI_VerificationResult *info = NULL;
/* File descriptor for logging. */
FILE *logFile = NULL;
const KSI_CertConstraint pubFileCertConstr[] = {
{ KSI_CERT_EMAIL, "*****@*****.**"},
{ NULL, NULL }
};
/* Init context. */
res = KSI_CTX_new(&ksi);
if (res != KSI_OK) {
fprintf(stderr, "Unable to init KSI context.\n");
goto cleanup;
}
logFile = fopen("ksi_verify.log", "w");
if (logFile == NULL) {
fprintf(stderr, "Unable to open log file.\n");
}
res = KSI_CTX_setDefaultPubFileCertConstraints(ksi, pubFileCertConstr);
if (res != KSI_OK) {
fprintf(stderr, "Unable to configure publications file cert constraints.\n");
goto cleanup;
}
/* Configure the logger. */
KSI_CTX_setLoggerCallback(ksi, KSI_LOG_StreamLogger, logFile);
KSI_CTX_setLogLevel(ksi, KSI_LOG_DEBUG);
KSI_LOG_info(ksi, "Using KSI version: '%s'", KSI_getVersion());
/* Check parameters. */
if (argc != 6) {
fprintf(stderr, "Usage\n"
" %s <data file | -> <signature> <publication-str> <extender url> <pub-file url>\n", argv[0]);
goto cleanup;
}
/* Configure extender. */
res = KSI_CTX_setExtender(ksi, argv[4], "anon", "anon");
if (res != KSI_OK) {
fprintf(stderr, "Unable to set extender parameters.\n");
goto cleanup;
}
/* Set the publications file url. */
res = KSI_CTX_setPublicationUrl(ksi, argv[4]);
if (res != KSI_OK) {
fprintf(stderr, "Unable to set publications file url.\n");
goto cleanup;
}
printf("Reading signature... ");
/* Read the signature. */
res = KSI_Signature_fromFile(ksi, argv[2], &sig);
if (res != KSI_OK) {
printf("failed (%s)\n", KSI_getErrorString(res));
goto cleanup;
}
printf("ok\n");
printf("Verifying the signature with the publication... ");
res = extendToPublication(sig, argv[3], &ext);
switch (res) {
case KSI_OK:
printf("ok\n");
break;
case KSI_VERIFICATION_FAILURE:
printf("failed\n");
break;
default:
printf("failed (%s)\n", KSI_getErrorString(res));
goto cleanup;
}
/* Create hasher. */
res = KSI_Signature_createDataHasher(ext, &hsr);
if (res != KSI_OK) {
fprintf(stderr, "Unable to create data hasher.\n");
goto cleanup;
}
if (strcmp(argv[1], "-")) {
in = fopen(argv[1], "rb");
if (in == NULL) {
fprintf(stderr, "Unable to open data file '%s'.\n", argv[1]);
goto cleanup;
}
/* Calculate the hash of the document. */
while (!feof(in)) {
buf_len = fread(buf, 1, sizeof(buf), in);
res = KSI_DataHasher_add(hsr, buf, buf_len);
if (res != KSI_OK) {
fprintf(stderr, "Unable hash the document.\n");
goto cleanup;
}
}
/* Finalize the hash computation. */
res = KSI_DataHasher_close(hsr, &hsh);
if (res != KSI_OK) {
fprintf(stderr, "Failed to close the hashing process.\n");
goto cleanup;
}
res = KSI_Signature_getDocumentHash(sig, &signHsh);
if (res != KSI_OK) goto cleanup;
printf("Verifying document hash... ");
if (!KSI_DataHash_equals(hsh, signHsh)) {
printf("Wrong document!\n");
goto cleanup;
}
printf("ok\n");
}
res = KSI_Signature_getVerificationResult(ext, &info);
if (res != KSI_OK) goto cleanup;
if (info != NULL) {
size_t i;
printf("Verification info:\n");
for (i = 0; i < KSI_VerificationResult_getStepResultCount(info); i++) {
const KSI_VerificationStepResult *result = NULL;
const char *desc = NULL;
res = KSI_VerificationResult_getStepResult(info, i, &result);
if (res != KSI_OK) goto cleanup;
printf("\t0x%02x:\t%s", KSI_VerificationStepResult_getStep(result), KSI_VerificationStepResult_isSuccess(result) ? "OK" : "FAIL");
desc = KSI_VerificationStepResult_getDescription(result);
if (desc && *desc) {
printf(" (%s)", desc);
}
printf("\n");
}
}
res = KSI_OK;
cleanup:
if (logFile != NULL) fclose(logFile);
if (res != KSI_OK && ksi != NULL) {
KSI_ERR_statusDump(ksi, stderr);
}
if (in != NULL) fclose(in);
KSI_Signature_free(sig);
KSI_Signature_free(ext);
KSI_DataHasher_free(hsr);
KSI_DataHash_free(hsh);
KSI_CTX_free(ksi);
return res;
}
