diff options
author | Andrew Shadura <andrewsh@debian.org> | 2015-11-01 19:41:28 +0100 |
---|---|---|
committer | Andrew Shadura <andrewsh@debian.org> | 2015-11-01 19:41:28 +0100 |
commit | 61c1a106bd81794f48e4cd85bae129f9270279e8 (patch) | |
tree | 29ecf644c4a13c2645bd8067e66ae8944dd2daf9 /libdigidoc/DigiDocVerify.h |
libdigidoc (3.10.1.1208-1) unstable; urgency=medium
* Initial upload (Closes: #658300).
# imported from the archive
Diffstat (limited to 'libdigidoc/DigiDocVerify.h')
-rw-r--r-- | libdigidoc/DigiDocVerify.h | 178 |
1 files changed, 178 insertions, 0 deletions
diff --git a/libdigidoc/DigiDocVerify.h b/libdigidoc/DigiDocVerify.h new file mode 100644 index 0000000..891e2b7 --- /dev/null +++ b/libdigidoc/DigiDocVerify.h @@ -0,0 +1,178 @@ +#ifndef __DIGIDOC_VERIFY_H__ +#define __DIGIDOC_VERIFY_H__ +//================================================== +// FILE: DigiDocVerify.h +// PROJECT: Digi Doc +// DESCRIPTION: DigiDoc verification routines +// AUTHOR: Veiko Sinivee, S|E|B IT Partner Estonia +//================================================== +// Copyright (C) AS Sertifitseerimiskeskus +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 2.1 of the License, or (at your option) any later version. +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// GNU Lesser General Public Licence is available at +// http://www.gnu.org/copyleft/lesser.html +//==========< HISTORY >============================= +// 26.04.2006 Veiko Sinivee +// Creation +//================================================== + +#include "DigiDocDefs.h" +#include "DigiDocObj.h" +#include "DigiDocMem.h" +#include <openssl/x509.h> +#include <openssl/ocsp.h> + +//==========< XML generation routines >======================== + +#ifdef __cplusplus +extern "C" { +#endif + +// Holds info of an xml element used in signature format +typedef struct XmlElemDef_st { + char* szTag; // element tag + char bMultiple; // 'Y' if multiple elements allowed, 'N' if not + void** pChildren; // list of children terminated by NULL +} XmlElemDef; + +// Holds info of an xml element used in signature format +typedef struct XmlElemInfo_st { + char* szId; // element tag + char* szTag; // element tag + void* pParent; // parent emenent info if exists + void** pChildren; // list of children terminated by NULL +} XmlElemInfo; + +int XmlElemInfo_new(XmlElemInfo **ppXi, const char* id, const char* tag); + +void XmlElemInfo_free(XmlElemInfo* pXi); + +int XmlElemInfo_countChildren(XmlElemInfo* pXi); + +int XmlElemInfo_addChild(XmlElemInfo* pParent, XmlElemInfo* pChild); + +XmlElemInfo* XmlElemInfo_getRootElem(XmlElemInfo* pElem); + +// verifies files signature +EXP_OPTION int verifyFileSignature(const char* szFileName, int nDigestType, + byte* pSigBuf, int nSigLen, + const char *certfile); + + +// Compares two byte arrays and returns 0 for OK +EXP_OPTION int compareByteArrays(const byte* dig1, int len1, const byte* dig2, int len2); + +// verifies one doc's check digests in this signature +EXP_OPTION int verifySigDocDigest(const SignedDoc* pSigDoc, const SignatureInfo* pSigInfo, + const DocInfo* pDocInfo, const char* szDataFile); +// verifies the mime digest of this doc in this signature +EXP_OPTION int verifySigDocMimeDigest(const SignedDoc* pSigDoc, const SignatureInfo* pSigInfo, + const DocInfo* pDocInfo, const char* szFileName); + +// verifies this one signature +EXP_OPTION int verifySignatureInfo(const SignedDoc* pSigDoc, const SignatureInfo* pSigInfo, + const char* signerCA, const char* szDataFile, int bUseCA); + +// verifies the whole document (returns on first err) +EXP_OPTION int verifySigDoc(const SignedDoc* pSigDoc, const char* signerCA, + const char** caFiles, const char* caPath, const char* notCert, + const char* szDataFile, int bUseCA); + + +// Verifies the certificates signed attributes +EXP_OPTION int verifySigCert(const SignatureInfo* pSigInfo); + + +// Verfies NotaryInfo signature +EXP_OPTION int verifyNotaryInfo(const SignedDoc* pSigDoc, const SignatureInfo* pSigInfo, + const NotaryInfo* pNotInfo, + const char ** caFiles, const char *CApath, const char* notCertFile); + +// Verifies the certificates signed attributes +EXP_OPTION int verifyNotCert(const SignatureInfo* pSigInfo, const NotaryInfo* pNotInfo); + +// Verfies NotaryInfo digest +EXP_OPTION int verifyNotaryDigest(const SignedDoc* pSigDoc, const NotaryInfo* pNotInfo); + +// verifies signed doc +EXP_OPTION int verifySigDocCERT(const SignedDoc* pSigDoc, const void* signerCA, + const X509** caCerts, + const char* caPath, const X509* notCert, + const char* szDataFile, int bUseCA); + + +// Verifies this signature + EXP_OPTION int verifySignatureInfoCERT(const SignedDoc* pSigDoc, + const SignatureInfo* pSigInfo, + const void* signerCACert, const char* szDataFile, int bUseCA); + +// Checks if the cert has been signed by this CA-cert +EXP_OPTION int isCertSignedByCERT(const X509* cert, const X509* caCert); + + +// Verfies NotaryInfo signature +EXP_OPTION int verifyNotaryInfoCERT(const SignedDoc* pSigDoc, + const SignatureInfo* pSigInfo, + const NotaryInfo* pNotInfo, + const X509** caCerts, + const char *CApath, const X509* notCert); + +//-------------------------------------------------- +// Verfies NotaryInfo signature +// pSigDoc - signed doc object +// pNotInfo - NotaryInfo object +// caCerts - CA certificate pointer array terminated with NULL +// CApath - path to (directory) all certs +// notCertFile - Notary (e.g. OCSP responder) cert file +// pSigCa - signers ca cert +//-------------------------------------------------- +EXP_OPTION int verifyNotaryInfoCERT2(const SignedDoc* pSigDoc, + const SignatureInfo* pSigInfo, + const NotaryInfo* pNotInfo, + const X509** caCerts, const char *CApath, + const X509* notCert, const X509* pSigCa); + +EXP_OPTION int verifySigDocSigPropDigest(const SignatureInfo* pSigInfo); + +// Calculates the digest of NotaryInfo +EXP_OPTION int calculateNotaryInfoDigest(const SignedDoc* pSigDoc, + const NotaryInfo* pNotInfo, byte* digBuf, int* digLen); + +int readTagContents(char** data, const char* fileName, + const char* tagName, int nAttrs, + const char** attNames, const char** attValues, + int withTags); + + X509_ALGOR* setSignAlgorithm(const EVP_MD * type); + +int setup_verifyCERT(X509_STORE **newX509_STORE, + const char *CApath, + const X509** certs); + +EXP_OPTION int verifyEstIDSignature(const byte* digest, int digestLen, int nDigestType, + byte* pSigBuf, int nSigLen, X509* cert); +EXP_OPTION int verifyEstIDSignature2(const byte* digest, int digestLen, int nDigestType, + byte* pSigBuf, int nSigLen, X509* cert); + +//=========================================================== +// Checks and records the knowledge if one signature had +// missing xmlns problem +// pSigDoc - signed doc data +// returns 1 if at least one signature had this problem +//============================================================ +EXP_OPTION int checkDdocWrongDigests(const SignedDoc* pSigDoc); + + +#ifdef __cplusplus +} +#endif + +#endif // __DIGIDOC_VERIFY_H__ + + |