ksi.h

Go to the documentation of this file.

/*
 * Copyright 2013-2015 Guardtime, Inc.
 *
 * This file is part of the Guardtime client SDK.
 *
 * Licensed under the Apache License, Version 2.0 (the "License").
 * You may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *     http://www.apache.org/licenses/LICENSE-2.0
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES, CONDITIONS, OR OTHER LICENSES OF ANY KIND, either
 * express or implied. See the License for the specific language governing
 * permissions and limitations under the License.
 * "Guardtime" and "KSI" are trademarks or registered trademarks of
 * Guardtime, Inc., and no license to trademarks is granted; Guardtime
 * reserves and retains all trademark rights.
 */

#ifndef _KSI_BASE_H_
#define _KSI_BASE_H_

#include <stdio.h>
#include <stdint.h>

#include "version.h"
#include "types.h"
#include "hash.h"
#include "publicationsfile.h"
#include "log.h"
#include "signature.h"
#include "verification.h"
#include "policy.h"

#ifdef __cplusplus
extern "C" {
#endif

enum KSI_StatusCode {
/* RETURN CODES WHICH ARE NOT ERRORS */
        KSI_OK = 0,

        KSI_AGGREGATOR_NOT_CONFIGURED = 0x01,
        KSI_EXTENDER_NOT_CONFIGURED = 0x02,
        KSI_PUBLICATIONS_FILE_NOT_CONFIGURED = 0x03,
        KSI_PUBFILE_VERIFICATION_NOT_CONFIGURED = 0x04,
        KSI_INVALID_VERIFICATION_INPUT = 0x05,

/* SYNTAX ERRORS */
        KSI_INVALID_ARGUMENT = 0x100,
        KSI_INVALID_FORMAT = 0x101,
        KSI_UNTRUSTED_HASH_ALGORITHM = 0x102,
        KSI_UNAVAILABLE_HASH_ALGORITHM = 0x103,
        KSI_BUFFER_OVERFLOW = 0x104,
        KSI_TLV_PAYLOAD_TYPE_MISMATCH = 0x105,
        KSI_ASYNC_NOT_FINISHED = 0x106,
        KSI_INVALID_SIGNATURE = 0x107,
        KSI_INVALID_PKI_SIGNATURE = 0x108,
        KSI_PKI_CERTIFICATE_NOT_TRUSTED = 0x109,
        KSI_INVALID_STATE = 0x10a,
        KSI_UNKNOWN_HASH_ALGORITHM_ID = 0x10b,
        /*
         * The hash algorithm has been marked as deprecated at given time.
         */
        KSI_HASH_ALGORITHM_DEPRECATED = 0x10c,
        /*
         * The hash algorithm has been marked as obsolete at given time.
         */
        KSI_HASH_ALGORITHM_OBSOLETE = 0x10d,
/* SYSTEM ERRORS */
        KSI_OUT_OF_MEMORY = 0x200,
        KSI_IO_ERROR = 0x201,
        KSI_NETWORK_ERROR = 0x202,
        KSI_NETWORK_CONNECTION_TIMEOUT = 0x203,
        KSI_NETWORK_SEND_TIMEOUT = 0x204,
        KSI_NETWORK_RECIEVE_TIMEOUT = 0x205,
        KSI_HTTP_ERROR = 0x206,
        KSI_EXTEND_WRONG_CAL_CHAIN = 0x207,
        KSI_EXTEND_NO_SUITABLE_PUBLICATION = 0x208,
        KSI_VERIFICATION_FAILURE = 0x20a,
        KSI_INVALID_PUBLICATION = 0x20b,
        KSI_PUBLICATIONS_FILE_NOT_SIGNED_WITH_PKI = 0x20c,
        KSI_CRYPTO_FAILURE = 0x20d,

        KSI_HMAC_MISMATCH = 0x20e,

        KSI_REQUEST_PENDING = 0x20f,

        KSI_REQUEST_ID_MISMATCH = 0x210,

        KSI_HMAC_ALGORITHM_MISMATCH = 0x211,

        KSI_UNSUPPORTED_PDU_VERSION = 0x212,

        /* Generic service errors. */

        KSI_SERVICE_INVALID_REQUEST = 0x400,
        KSI_SERVICE_AUTHENTICATION_FAILURE = 0x401,
        KSI_SERVICE_INVALID_PAYLOAD = 0x402,
        KSI_SERVICE_INTERNAL_ERROR = 0x403,
        KSI_SERVICE_UPSTREAM_ERROR = 0x404,
        KSI_SERVICE_UPSTREAM_TIMEOUT = 0x405,
        KSI_SERVICE_UNKNOWN_ERROR = 0x406,

        /* Aggregator errors. */

        KSI_SERVICE_AGGR_REQUEST_TOO_LARGE = 0x407,
        KSI_SERVICE_AGGR_REQUEST_OVER_QUOTA = 0x408,
        KSI_SERVICE_AGGR_TOO_MANY_REQUESTS = 0x409,
        KSI_SERVICE_AGGR_INPUT_TOO_LONG = 0x40a,
        KSI_SERVICE_AGGR_PDU_V2_RESPONSE_TO_PDU_V1_REQUEST = 0x40b,

        KSI_SERVICE_AGGR_PDU_V1_RESPONSE_TO_PDU_V2_REQUEST = 0x40c,

        /* Extender status codes. */

        KSI_SERVICE_EXTENDER_INVALID_TIME_RANGE = 0x501,
        KSI_SERVICE_EXTENDER_DATABASE_MISSING = 0x502,
        KSI_SERVICE_EXTENDER_DATABASE_CORRUPT = 0x503,
        KSI_SERVICE_EXTENDER_REQUEST_TIME_TOO_OLD = 0x504,
        KSI_SERVICE_EXTENDER_REQUEST_TIME_TOO_NEW = 0x505,

        KSI_SERVICE_EXTENDER_REQUEST_TIME_IN_FUTURE = 0x506,

        KSI_SERVICE_EXTENDER_PDU_V2_RESPONSE_TO_PDU_V1_REQUEST = 0x507,

        KSI_SERVICE_EXTENDER_PDU_V1_RESPONSE_TO_PDU_V2_REQUEST = 0x508,

        /* Async status codes. */

        KSI_ASYNC_CONNECTION_CLOSED = 0x604,

        KSI_ASYNC_REQUEST_CACHE_FULL = 0x607,


        KSI_UNKNOWN_ERROR = 0xffff
};

#define KSI_PDU_VERSION_1               1
#define KSI_PDU_VERSION_2               2

#define KSI_CTX_PUBFILE_CACHE_DEFAULT_TTL (8 * 60 * 60)

typedef int (*KSI_Config_Callback)(KSI_CTX *ctx, KSI_Config *conf);

typedef enum KSI_Option_en {
        KSI_OPT_AGGR_PDU_VER,
        KSI_OPT_EXT_PDU_VER,

        KSI_OPT_AGGR_HMAC_ALGORITHM,
        KSI_OPT_EXT_HMAC_ALGORITHM,

        KSI_OPT_DATAHASH_CACHE_SIZE,

        KSI_OPT_AGGR_CONF_RECEIVED_CALLBACK,
        KSI_OPT_EXT_CONF_RECEIVED_CALLBACK,

        KSI_OPT_PUBFILE_CACHE_TTL_SECONDS,

        __KSI_NUMBER_OF_OPTIONS,
} KSI_Option;

const char *KSI_getVersion(void);

const char *KSI_getErrorString(int statusCode);

int KSI_CTX_new(KSI_CTX **ctx);

void KSI_CTX_free(KSI_CTX *ctx);

int KSI_CTX_registerGlobals(KSI_CTX *ctx, int (*initFn)(void), void (*cleanupFn)(void));

int KSI_ERR_statusDump(KSI_CTX *ctx, FILE *f);

char *KSI_ERR_toString(KSI_CTX *ctx, char *buf, size_t buf_len);

int KSI_ERR_getBaseErrorMessage(KSI_CTX *ctx, char *buf, size_t len, int *error, int *ext);

void *KSI_malloc(size_t size);

void *KSI_calloc(size_t num, size_t size);

void KSI_free(void *ptr);

int KSI_sendAggregatorRequest(KSI_CTX *ctx, KSI_AggregationReq *request, KSI_RequestHandle **handle);

#define KSI_sendSignRequest(ctx, request, handle) KSI_sendAggregatorRequest(ctx, request, handle)

int KSI_sendExtenderRequest(KSI_CTX *ctx, KSI_ExtendReq *request, KSI_RequestHandle **handle);

#define KSI_sendExtendRequest(ctx, request, handle) KSI_sendExtenderRequest(ctx, request, handle)

int KSI_sendPublicationRequest(KSI_CTX *ctx, const unsigned char *request, size_t request_length, KSI_RequestHandle **handle);

int KSI_receivePublicationsFile(KSI_CTX *ctx, KSI_PublicationsFile **pubFile);

int KSI_verifyPublicationsFile(KSI_CTX *ctx, const KSI_PublicationsFile *pubFile);

int KSI_receiveAggregatorConfig(KSI_CTX *ctx, KSI_Config **config);

int KSI_receiveExtenderConfig(KSI_CTX *ctx, KSI_Config **config);

int KSI_verifySignature(KSI_CTX *ctx, KSI_Signature *sig);

int KSI_verifyDataHash(KSI_CTX *ctx, KSI_Signature *sig, const KSI_DataHash *hsh);
int KSI_createSignature(KSI_CTX *ctx, KSI_DataHash *dataHash, KSI_Signature **sig);

int KSI_extendSignatureWithPolicy(KSI_CTX *ctx, const KSI_Signature *sig, const KSI_Policy *policy, KSI_VerificationContext *context, KSI_Signature **extended);

#define KSI_extendSignature(ctx, sig, extended) KSI_extendSignatureWithPolicy(ctx, sig, KSI_VERIFICATION_POLICY_INTERNAL, NULL, extended)

int KSI_CTX_setLogLevel(KSI_CTX *ctx, int level);

int KSI_CTX_setLoggerCallback(KSI_CTX *ctx, KSI_LoggerCallback cb, void *logCtx);

int KSI_CTX_setRequestHeaderCallback(KSI_CTX *ctx, KSI_RequestHeaderCallback cb);

int KSI_CTX_setPublicationUrl(KSI_CTX *ctx, const char *uri);

int KSI_CTX_setExtender(KSI_CTX *ctx, const char *uri, const char *loginId, const char *key);

int KSI_CTX_setAggregator(KSI_CTX *ctx, const char *uri, const char *loginId, const char *key);

int KSI_CTX_setOption(KSI_CTX *ctx, KSI_Option opt, void *param);

#define KSI_CTX_setAggregatorHmacAlgorithm(ctx, alg_id) KSI_CTX_setOption(ctx, KSI_OPT_AGGR_HMAC_ALGORITHM, (void*)(alg_id))
#define KSI_CTX_setExtenderHmacAlgorithm(ctx, alg_id) KSI_CTX_setOption(ctx, KSI_OPT_EXT_HMAC_ALGORITHM, (void*)(alg_id))

#define KSI_CTX_FLAG_AGGR_PDU_VER KSI_OPT_AGGR_PDU_VER
#define KSI_CTX_FLAG_EXT_PDU_VER KSI_OPT_EXT_PDU_VER
#define KSI_CtxFlag KSI_Option_en
#define KSI_CTX_setFlag(ctx, flag, param) KSI_CTX_setOption((ctx), (flag), (param))

int KSI_CTX_setTransferTimeoutSeconds(KSI_CTX *ctx, int timeout);

int KSI_CTX_setConnectionTimeoutSeconds(KSI_CTX *ctx, int timeout);

int KSI_CTX_setPublicationsFile(KSI_CTX *ctx, KSI_PublicationsFile *var);

int KSI_CTX_setPKITruststore(KSI_CTX *ctx, KSI_PKITruststore *pki);

int KSI_CTX_setNetworkProvider(KSI_CTX *ctx, KSI_NetworkClient *net);

KSI_FN_DEPRECATED(int KSI_CTX_setPublicationCertEmail(KSI_CTX *ctx, const char *email), Use #KSI_CTX_setDefaultPubFileCertConstraints with #KSI_CERT_EMAIL instead.);

#define KSI_CERT_EMAIL "1.2.840.113549.1.9.1"
#define KSI_CERT_COMMON_NAME "2.5.4.3"
#define KSI_CERT_COUNTRY "2.5.4.6"
#define KSI_CERT_ORGANIZATION "2.5.4.10"

int KSI_CTX_setDefaultPubFileCertConstraints(KSI_CTX *ctx, const KSI_CertConstraint *arr);

int KSI_CTX_getPKITruststore(KSI_CTX *ctx, KSI_PKITruststore **pki);

int KSI_CTX_getPublicationsFile(KSI_CTX *ctx, KSI_PublicationsFile **var);

int KSI_CTX_getPublicationCertEmail(KSI_CTX *ctx, const char **address);

int KSI_CTX_getLastFailedSignature(KSI_CTX *ctx, KSI_Signature **lastFailedSignature);

#ifdef __cplusplus
}
#endif

#endif