#include "ksi.h"
#include "policy.h"
Go to the source code of this file.
|
| int | KSI_VerificationRule_AggregationChainInputLevelVerification (KSI_VerificationContext *info, KSI_RuleVerificationResult *result) |
| |
| int | KSI_VerificationRule_AggregationChainInputHashVerification (KSI_VerificationContext *info, KSI_RuleVerificationResult *result) |
| |
| int | KSI_VerificationRule_AggregationChainMetaDataVerification (KSI_VerificationContext *info, KSI_RuleVerificationResult *result) |
| |
| int | KSI_VerificationRule_AggregationHashChainConsistency (KSI_VerificationContext *info, KSI_RuleVerificationResult *result) |
| |
| int | KSI_VerificationRule_AggregationHashChainTimeConsistency (KSI_VerificationContext *info, KSI_RuleVerificationResult *result) |
| |
| int | KSI_VerificationRule_AggregationHashChainIndexContinuation (KSI_VerificationContext *info, KSI_RuleVerificationResult *result) |
| |
| int | KSI_VerificationRule_AggregationHashChainIndexConsistency (KSI_VerificationContext *info, KSI_RuleVerificationResult *result) |
| |
| int | KSI_VerificationRule_CalendarHashChainInputHashVerification (KSI_VerificationContext *info, KSI_RuleVerificationResult *result) |
| |
| int | KSI_VerificationRule_CalendarHashChainAggregationTime (KSI_VerificationContext *info, KSI_RuleVerificationResult *result) |
| |
| int | KSI_VerificationRule_CalendarHashChainRegistrationTime (KSI_VerificationContext *info, KSI_RuleVerificationResult *result) |
| |
| int | KSI_VerificationRule_CalendarAuthenticationRecordAggregationHash (KSI_VerificationContext *info, KSI_RuleVerificationResult *result) |
| |
| int | KSI_VerificationRule_CalendarAuthenticationRecordAggregationTime (KSI_VerificationContext *info, KSI_RuleVerificationResult *result) |
| |
| int | KSI_VerificationRule_SignaturePublicationRecordPublicationHash (KSI_VerificationContext *info, KSI_RuleVerificationResult *result) |
| |
| int | KSI_VerificationRule_SignaturePublicationRecordPublicationTime (KSI_VerificationContext *info, KSI_RuleVerificationResult *result) |
| |
| int | KSI_VerificationRule_DocumentHashDoesNotExist (KSI_VerificationContext *info, KSI_RuleVerificationResult *result) |
| |
| int | KSI_VerificationRule_DocumentHashExistence (KSI_VerificationContext *info, KSI_RuleVerificationResult *result) |
| |
| int | KSI_VerificationRule_InputHashAlgorithmVerification (KSI_VerificationContext *info, KSI_RuleVerificationResult *result) |
| |
| int | KSI_VerificationRule_DocumentHashVerification (KSI_VerificationContext *info, KSI_RuleVerificationResult *result) |
| |
| int | KSI_VerificationRule_SignatureDoesNotContainPublication (KSI_VerificationContext *info, KSI_RuleVerificationResult *result) |
| |
| int | KSI_VerificationRule_ExtendedSignatureCalendarChainRightLinksMatch (KSI_VerificationContext *info, KSI_RuleVerificationResult *result) |
| |
| int | KSI_VerificationRule_SignaturePublicationRecordExistence (KSI_VerificationContext *info, KSI_RuleVerificationResult *result) |
| |
| int | KSI_VerificationRule_ExtendedSignatureCalendarChainRootHash (KSI_VerificationContext *info, KSI_RuleVerificationResult *result) |
| |
| int | KSI_VerificationRule_CalendarHashChainDoesNotExist (KSI_VerificationContext *info, KSI_RuleVerificationResult *result) |
| |
| int | KSI_VerificationRule_ExtendedSignatureCalendarChainInputHash (KSI_VerificationContext *info, KSI_RuleVerificationResult *result) |
| |
| int | KSI_VerificationRule_ExtendedSignatureCalendarChainAggregationTime (KSI_VerificationContext *info, KSI_RuleVerificationResult *result) |
| |
| int | KSI_VerificationRule_CalendarHashChainExistence (KSI_VerificationContext *info, KSI_RuleVerificationResult *result) |
| |
| int | KSI_VerificationRule_CalendarAuthenticationRecordExistence (KSI_VerificationContext *info, KSI_RuleVerificationResult *result) |
| |
| int | KSI_VerificationRule_CalendarAuthenticationRecordDoesNotExist (KSI_VerificationContext *info, KSI_RuleVerificationResult *result) |
| |
| int | KSI_VerificationRule_CertificateExistence (KSI_VerificationContext *info, KSI_RuleVerificationResult *result) |
| |
| int | KSI_VerificationRule_CertificateValidity (KSI_VerificationContext *info, KSI_RuleVerificationResult *result) |
| |
| int | KSI_VerificationRule_CalendarAuthenticationRecordSignatureVerification (KSI_VerificationContext *info, KSI_RuleVerificationResult *result) |
| |
| int | KSI_VerificationRule_PublicationsFileContainsSignaturePublication (KSI_VerificationContext *info, KSI_RuleVerificationResult *result) |
| |
| int | KSI_VerificationRule_PublicationsFileContainsSuitablePublication (KSI_VerificationContext *info, KSI_RuleVerificationResult *result) |
| |
| int | KSI_VerificationRule_PublicationsFileExtendingPermittedVerification (KSI_VerificationContext *info, KSI_RuleVerificationResult *result) |
| |
| int | KSI_VerificationRule_UserProvidedPublicationExtendingPermittedVerification (KSI_VerificationContext *info, KSI_RuleVerificationResult *result) |
| |
| int | KSI_VerificationRule_PublicationsFilePublicationHashMatchesExtenderResponse (KSI_VerificationContext *info, KSI_RuleVerificationResult *result) |
| |
| int | KSI_VerificationRule_PublicationsFilePublicationTimeMatchesExtenderResponse (KSI_VerificationContext *info, KSI_RuleVerificationResult *result) |
| |
| int | KSI_VerificationRule_PublicationsFileExtendedSignatureInputHash (KSI_VerificationContext *info, KSI_RuleVerificationResult *result) |
| |
| int | KSI_VerificationRule_UserProvidedPublicationExistence (KSI_VerificationContext *info, KSI_RuleVerificationResult *result) |
| |
| int | KSI_VerificationRule_RequireNoUserProvidedPublication (KSI_VerificationContext *info, KSI_RuleVerificationResult *result) |
| |
| int | KSI_VerificationRule_UserProvidedPublicationTimeVerification (KSI_VerificationContext *info, KSI_RuleVerificationResult *result) |
| |
| int | KSI_VerificationRule_UserProvidedPublicationHashVerification (KSI_VerificationContext *info, KSI_RuleVerificationResult *result) |
| |
| int | KSI_VerificationRule_UserProvidedPublicationCreationTimeVerification (KSI_VerificationContext *info, KSI_RuleVerificationResult *result) |
| |
| int | KSI_VerificationRule_UserProvidedPublicationHashMatchesExtendedResponse (KSI_VerificationContext *info, KSI_RuleVerificationResult *result) |
| |
| int | KSI_VerificationRule_UserProvidedPublicationTimeMatchesExtendedResponse (KSI_VerificationContext *info, KSI_RuleVerificationResult *result) |
| |
| int | KSI_VerificationRule_UserProvidedPublicationExtendedSignatureInputHash (KSI_VerificationContext *info, KSI_RuleVerificationResult *result) |
| |
◆ KSI_VerificationRule_AggregationChainInputHashVerification()
This rule verifies that if RFC3161 record is present then the calculated output hash (from RFC3161 record) equals to aggregation chain input hash. If RFC3161 record is missing then the status KSI_VER_RES_OK is returned.
- Parameters
-
| [in] | info | Verification context to be used for given rule |
| [out] | result | Verification result. |
- Returns
- status code (KSI_OK, when operation succeeded, otherwise an error code).
◆ KSI_VerificationRule_AggregationChainInputLevelVerification()
This rule verifies that the document input level (default 0) is greater than the initial level correction (always 0 for RFC-3161 record) of the first hash chain.
- Parameters
-
| [in] | info | Verification context to be used for given rule |
| [out] | result | Verification result. |
- Returns
- status code (KSI_OK, when operation succeeded, otherwise an error code).
◆ KSI_VerificationRule_AggregationChainMetaDataVerification()
This rule verifies that the metadata structures contain a valid padding and ensure that metadata cannot be interpreted as an imprint.
- Parameters
-
| [in] | info | Verification context to be used for given rule |
| [out] | result | Verification result. |
- Returns
- status code (KSI_OK, when operation succeeded, otherwise an error code).
◆ KSI_VerificationRule_AggregationHashChainConsistency()
This rule verifies that all aggregation hash chains are consistent (e.g, previous aggregation output hash equals to current aggregation chain input hash)
- Parameters
-
| [in] | info | Verification context to be used for given rule |
| [out] | result | Verification result. |
- Returns
- status code (KSI_OK, when operation succeeded, otherwise an error code).
◆ KSI_VerificationRule_AggregationHashChainIndexConsistency()
This rule is used to check whether the shape of the aggregation hash chain does match with the chain index.
- Parameters
-
| [in] | info | Verification context to be used for given rule |
| [out] | result | Verification result. |
- Returns
- status code (KSI_OK, when operation succeeded, otherwise an error code).
◆ KSI_VerificationRule_AggregationHashChainIndexContinuation()
This rule is used to check whether the aggregation hash chain chain index continuation is consistent.
- Parameters
-
| [in] | info | Verification context to be used for given rule |
| [out] | result | Verification result. |
- Returns
- status code (KSI_OK, when operation succeeded, otherwise an error code).
◆ KSI_VerificationRule_AggregationHashChainTimeConsistency()
This rule is used to check that aggregation hash chain aggregation times are consistent (e.g previous aggregation hash chain aggregation time to current aggregation hash chain aggregation time).
- Parameters
-
| [in] | info | Verification context to be used for given rule |
| [out] | result | Verification result. |
- Returns
- status code (KSI_OK, when operation succeeded, otherwise an error code).
◆ KSI_VerificationRule_CalendarAuthenticationRecordAggregationHash()
This rule is used to verify that calendar authentication record publication hash equals to calendar hash chain publication hash. If calendar authentication record is missing then status code KSI_OK is returned.
- Parameters
-
| [in] | info | Verification context to be used for given rule |
| [out] | result | Verification result. |
- Returns
- status code (KSI_OK, when operation succeeded, otherwise an error code).
◆ KSI_VerificationRule_CalendarAuthenticationRecordAggregationTime()
This rule is used to verify that calendar authentication record publication time equals to calendar hash chain publication time. If calendar authentication record is missing then status code KSI_OK is returned.
- Parameters
-
| [in] | info | Verification context to be used for given rule |
| [out] | result | Verification result. |
- Returns
- status code (KSI_OK, when operation succeeded, otherwise an error code).
◆ KSI_VerificationRule_CalendarAuthenticationRecordDoesNotExist()
- Parameters
-
| [in] | info | Verification context to be used for given rule |
| [out] | result | Verification result. |
- Returns
- status code (KSI_OK, when operation succeeded, otherwise an error code).
◆ KSI_VerificationRule_CalendarAuthenticationRecordExistence()
- Parameters
-
| [in] | info | Verification context to be used for given rule |
| [out] | result | Verification result. |
- Returns
- status code (KSI_OK, when operation succeeded, otherwise an error code).
◆ KSI_VerificationRule_CalendarAuthenticationRecordSignatureVerification()
This rule is used to validate calendar authentication record signature. At first X.509 certificate is searched from publications file and when the certificate is found then the PKI signature is validated.
- Parameters
-
| [in] | info | Verification context to be used for given rule |
| [out] | result | Verification result. |
- Returns
- status code (KSI_OK, when operation succeeded, otherwise an error code).
◆ KSI_VerificationRule_CalendarHashChainAggregationTime()
This rule is used to verify that calendar hash chain aggregation time equals to last aggregation hash chain aggregation time. If calendar hash chain is missing then status code KSI_OK is returned.
- Parameters
-
| [in] | info | Verification context to be used for given rule |
| [out] | result | Verification result. |
- Returns
- status code (KSI_OK, when operation succeeded, otherwise an error code).
◆ KSI_VerificationRule_CalendarHashChainDoesNotExist()
Rule to check that keyless signature does not contain calendar hash chain.
- Parameters
-
| [in] | info | Verification context to be used for given rule |
| [out] | result | Verification result. |
- Returns
- status code (KSI_OK, when operation succeeded, otherwise an error code).
◆ KSI_VerificationRule_CalendarHashChainExistence()
Rule to check if keyless signature contains calendar hash chain. Used by key-based and publication-based verification policies.
- Parameters
-
| [in] | info | Verification context to be used for given rule |
| [out] | result | Verification result. |
- Returns
- status code (KSI_OK, when operation succeeded, otherwise an error code).
◆ KSI_VerificationRule_CalendarHashChainInputHashVerification()
This rule is used to verify that last aggregation hash chain output hash equals to calendar hash chain input hash. If calendar hash chain is missing then status code KSI_OK will be returned.
- Parameters
-
| [in] | info | Verification context to be used for given rule |
| [out] | result | Verification result. |
- Returns
- status code (KSI_OK, when operation succeeded, otherwise an error code).
◆ KSI_VerificationRule_CalendarHashChainRegistrationTime()
This rule is used to verify that calendar hash chain registration time (calculated from the shape of the calendar hash chain) equals to calendar hash chain aggregation time. If calendar hash chain is missing then status code KSI_OK will be returned.
- Parameters
-
| [in] | info | Verification context to be used for given rule |
| [out] | result | Verification result. |
- Returns
- status code (KSI_OK, when operation succeeded, otherwise an error code).
◆ KSI_VerificationRule_CertificateExistence()
This rule ise used to check if publications file contains certificate with certificate id present in calendar authentication record.
- Parameters
-
| [in] | info | Verification context to be used for given rule |
| [out] | result | Verification result. |
- Returns
- status code (KSI_OK, when operation succeeded, otherwise an error code).
◆ KSI_VerificationRule_CertificateValidity()
This rule is used to validate calendar authentication record signature lifespan during KSI signature acquisition.
- Parameters
-
| [in] | info | Verification context to be used for given rule |
| [out] | result | Verification result. |
- Returns
- status code (KSI_OK, when operation succeeded, otherwise an error code).
◆ KSI_VerificationRule_DocumentHashDoesNotExist()
Rule to check that document hash has not been provided for verification.
- Parameters
-
| [in] | info | Verification context to be used for given rule |
| [out] | result | Verification result. |
- Returns
- status code (KSI_OK, when operation succeeded, otherwise an error code).
◆ KSI_VerificationRule_DocumentHashExistence()
This rule is used to check if document hash has been provided for verification.
- Parameters
-
| [in] | info | Verification context to be used for given rule |
| [out] | result | Verification result. |
- Returns
- status code (KSI_OK, when operation succeeded, otherwise an error code).
◆ KSI_VerificationRule_DocumentHashVerification()
This rule is used to verify document hash. If RFC3161 record is present then the document hash must equal to RFC3161 input hash. If RFC3161 record isn't present then document hash must equal to first aggregation hash chain input hash.
- Parameters
-
| [in] | info | Verification context to be used for given rule |
| [out] | result | Verification result. |
- Returns
- status code (KSI_OK, when operation succeeded, otherwise an error code).
◆ KSI_VerificationRule_ExtendedSignatureCalendarChainAggregationTime()
This rule is used to check that extended signature contains correct aggregation time.
- Parameters
-
| [in] | info | Verification context to be used for given rule |
| [out] | result | Verification result. |
- Returns
- status code (KSI_OK, when operation succeeded, otherwise an error code).
◆ KSI_VerificationRule_ExtendedSignatureCalendarChainInputHash()
This rule is used to check that extended signature contains correct calendar hash chain input hash (e.g matches with aggregation chain root hash).
- Parameters
-
| [in] | info | Verification context to be used for given rule |
| [out] | result | Verification result. |
- Returns
- status code (KSI_OK, when operation succeeded, otherwise an error code).
◆ KSI_VerificationRule_ExtendedSignatureCalendarChainRightLinksMatch()
This rule checks that:
- the extended signature contains the same count of right calendar hash chain links
- the extended signature right calendar hash chain links are equal to the not extended signature right links
- Parameters
-
| [in] | info | Verification context to be used for given rule |
| [out] | result | Verification result. |
- Returns
- status code (KSI_OK, when operation succeeded, otherwise an error code).
◆ KSI_VerificationRule_ExtendedSignatureCalendarChainRootHash()
This rule is used to check that reproduced calendar hash chain (reproduced by sending extension request with the same aggregation and publication time as the attached calendar chain) matches with the already present calendar hash chain root hash. If signature (that is being validated), does not contain calendar hash chain then status code KSI_OK will be returned.
- Parameters
-
| [in] | info | Verification context to be used for given rule |
| [out] | result | Verification result. |
- Returns
- status code (KSI_OK, when operation succeeded, otherwise an error code).
◆ KSI_VerificationRule_InputHashAlgorithmVerification()
This rule is used to verify input hash algorithm. If document hash is provided, it's hash algorithm must match with the hash algorithm of the input hash of the first aggragation chain or RFC-3161 record if present.
- Parameters
-
| [in] | info | Verification context to be used for given rule |
| [out] | result | Verification result. |
- Returns
- status code (KSI_OK, when operation succeeded, otherwise an error code).
◆ KSI_VerificationRule_PublicationsFileContainsSignaturePublication()
This rule can be used to check if publications file contains signature publication.
- Parameters
-
| [in] | info | Verification context to be used for given rule |
| [out] | result | Verification result. |
- Returns
- status code (KSI_OK, when operation succeeded, otherwise an error code).
◆ KSI_VerificationRule_PublicationsFileContainsSuitablePublication()
This rule is used to check if publications file contains publication closest to signature registration time.
- Parameters
-
| [in] | info | Verification context to be used for given rule |
| [out] | result | Verification result. |
- Returns
- status code (KSI_OK, when operation succeeded, otherwise an error code).
◆ KSI_VerificationRule_PublicationsFileExtendedSignatureInputHash()
This rule can be used to check that extender response input hash equals with signature aggregation root hash.
- Parameters
-
| [in] | info | Verification context to be used for given rule |
| [out] | result | Verification result. |
- Returns
- status code (KSI_OK, when operation succeeded, otherwise an error code).
◆ KSI_VerificationRule_PublicationsFileExtendingPermittedVerification()
This rule can be used to check if signature extending is permitted or not.
- Parameters
-
| [in] | info | Verification context to be used for given rule |
| [out] | result | Verification result. |
- Returns
- status code (KSI_OK, when operation succeeded, otherwise an error code).
◆ KSI_VerificationRule_PublicationsFilePublicationHashMatchesExtenderResponse()
This rule is used to verify that publications file publication hash matches with extender response calendar root hash.
- Parameters
-
| [in] | info | Verification context to be used for given rule |
| [out] | result | Verification result. |
- Returns
- status code (KSI_OK, when operation succeeded, otherwise an error code).
◆ KSI_VerificationRule_PublicationsFilePublicationTimeMatchesExtenderResponse()
This rule is used to verify that publications file publication time matches with extender response calendar chain shape.
- Parameters
-
| [in] | info | Verification context to be used for given rule |
| [out] | result | Verification result. |
- Returns
- status code (KSI_OK, when operation succeeded, otherwise an error code).
◆ KSI_VerificationRule_RequireNoUserProvidedPublication()
This rule is used to verify that the user has NOT provided a publication.
- Parameters
-
| [in] | info | Verification context to be used for given rule. |
| [out] | result | Verification result. |
- Returns
- status code (KSI_OK, when operation succeeded, otherwise an error code).
◆ KSI_VerificationRule_SignatureDoesNotContainPublication()
This rule checks that signature does not contain publication record.
- Parameters
-
| [in] | info | Verification context to be used for given rule |
| [out] | result | Verification result. |
- Returns
- status code (KSI_OK, when operation succeeded, otherwise an error code).
◆ KSI_VerificationRule_SignaturePublicationRecordExistence()
This rule is used to check if keyless signature contains publication record or not.
- Parameters
-
| [in] | info | Verification context to be used for given rule |
| [out] | result | Verification result. |
- Returns
- status code (KSI_OK, when operation succeeded, otherwise an error code).
◆ KSI_VerificationRule_SignaturePublicationRecordPublicationHash()
This rule is used to check if keyless signature contains publication record or not. If publication record is missing then status code KSI_OK will be returned.
- Parameters
-
| [in] | info | Verification context to be used for given rule |
| [out] | result | Verification result. |
- Returns
- status code (KSI_OK, when operation succeeded, otherwise an error code).
◆ KSI_VerificationRule_SignaturePublicationRecordPublicationTime()
This rule is used to check if keyless signature contains correct publication record publication time. If publication record is missing then status code KSI_OK will ne returned.
- Parameters
-
| [in] | info | Verification context to be used for given rule |
| [out] | result | Verification result. |
- Returns
- status code (KSI_OK, when operation succeeded, otherwise an error code).
◆ KSI_VerificationRule_UserProvidedPublicationCreationTimeVerification()
This rule checks that signature is created before user provided publication.
- Parameters
-
| [in] | info | Verification context to be used for given rule |
| [out] | result | Verification result. |
- Returns
- status code (KSI_OK, when operation succeeded, otherwise an error code).
◆ KSI_VerificationRule_UserProvidedPublicationExistence()
This rule is used to verify if user has provided the publication
- Parameters
-
| [in] | info | Verification context to be used for given rule. |
| [out] | result | Verification result. |
- Returns
- status code (KSI_OK, when operation succeeded, otherwise an error code).
◆ KSI_VerificationRule_UserProvidedPublicationExtendedSignatureInputHash()
This rule can be used to check that extender response input hash equals with signature aggregation root hash.
- Parameters
-
| [in] | info | Verification context to be used for given rule |
| [out] | result | Verification result. |
- Returns
- status code (KSI_OK, when operation succeeded, otherwise an error code).
◆ KSI_VerificationRule_UserProvidedPublicationExtendingPermittedVerification()
◆ KSI_VerificationRule_UserProvidedPublicationHashMatchesExtendedResponse()
This rule is used to verify that user provided publication hash matches with extender response calendar root hash
- Parameters
-
| [in] | info | Verification context to be used for given rule |
| [out] | result | Verification result. |
- Returns
- status code (KSI_OK, when operation succeeded, otherwise an error code).
◆ KSI_VerificationRule_UserProvidedPublicationHashVerification()
This rule is used verify that user provided publication hash equals to publication hash inside the signature.
- Parameters
-
| [in] | info | Verification context to be used for given rule |
| [out] | result | Verification result. |
- Returns
- status code (KSI_OK, when operation succeeded, otherwise an error code).
◆ KSI_VerificationRule_UserProvidedPublicationTimeMatchesExtendedResponse()
This rule is used to verify that user provided publication time matches with extender response calendar chain shape.
- Parameters
-
| [in] | info | Verification context to be used for given rule |
| [out] | result | Verification result. |
- Returns
- status code (KSI_OK, when operation succeeded, otherwise an error code).
◆ KSI_VerificationRule_UserProvidedPublicationTimeVerification()
This rule is used verify that user provided publication time equals to publication time inside the signature.
- Parameters
-
| [in] | info | Verification context to be used for given rule |
| [out] | result | Verification result. |
- Returns
- status code (KSI_OK, when operation succeeded, otherwise an error code).
