public void TestLinksEqualWithSiblingHash()
{
DataHash dataHash = new DataHash(Base16.Decode("0160D25FD6F2A962B41F20CFC2DD9CC62C9C802EADB08E8F15E60D0316E778ACDC"));
Assert.AreEqual(new AggregationHashChain.Link(LinkDirection.Left, dataHash),
new AggregationHashChain.Link(LinkDirection.Left, dataHash, null));
}
private static void Verify(Ksi ksi, IKsiSignature signature, DataHash documentHash)
{
VerificationContext verificationContext = new VerificationContext(signature)
{
DocumentHash = documentHash,
PublicationsFile = ksi.GetPublicationsFile()
};
AggregationHashChain.Link firstChainLink = signature.GetAggregationHashChains()[0].GetChainLinks()[0];
if (firstChainLink.Metadata != null && firstChainLink.Metadata.Padding == null)
{
throw new Exception("Metadata padding is missing.");
}
KeyBasedVerificationPolicy policy = new KeyBasedVerificationPolicy();
VerificationResult verificationResult = policy.Verify(verificationContext);
if (verificationResult.ResultCode != VerificationResultCode.Ok)
{
Console.WriteLine("Verification result code: " + verificationResult.ResultCode);
Console.WriteLine("Verification rule name: " + verificationResult.RuleName);
Console.WriteLine("Verification error: " + verificationResult.VerificationError);
}
Assert.AreEqual(VerificationResultCode.Ok, verificationResult.ResultCode, "Signature should verify with key based policy");
}
public void TcpSignHashWithReusedSocketTest()
{
KsiService service = GetTcpKsiService();
DataHash hash1 = new DataHash(HashAlgorithm.Sha2256, Base16.Decode("1f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08"));
DataHash hash2 = new DataHash(HashAlgorithm.Sha2256, Base16.Decode("1f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08"));
DataHash hash3 = new DataHash(HashAlgorithm.Sha2256, Base16.Decode("1f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08"));
DataHash hash4 = new DataHash(HashAlgorithm.Sha2256, Base16.Decode("1f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08"));
IAsyncResult ar1 = service.BeginSign(hash1, null, null);
IAsyncResult ar2 = service.BeginSign(hash2, null, null);
IKsiSignature sig1 = service.EndSign(ar1);
Assert.AreEqual(hash1, sig1.InputHash, "Unexpected signature input hash");
IKsiSignature sig2 = service.EndSign(ar2);
Assert.AreEqual(hash2, sig2.InputHash, "Unexpected signature input hash");
Socket socket1 = GetSigningSocket(service);
IAsyncResult ar3 = service.BeginSign(hash3, null, null);
IAsyncResult ar4 = service.BeginSign(hash4, null, null);
IKsiSignature sig3 = service.EndSign(ar3);
Assert.AreEqual(hash3, sig3.InputHash, "Unexpected signature input hash");
IKsiSignature sig4 = service.EndSign(ar4);
Assert.AreEqual(hash4, sig4.InputHash, "Unexpected signature input hash");
Socket socket2 = GetSigningSocket(service);
Assert.AreEqual(socket1, socket2, "Sockets should be equal");
}
public static string Hash(string toHash, DataHash hashType)
{
byte[] input = Encoding.ASCII.GetBytes(toHash);
byte[] hash = new byte[0];
StringBuilder sb = new StringBuilder();
if (hashType == DataHash.MD5)
{
MD5 md = MD5.Create();
hash = md.ComputeHash(input);
}
else if (hashType == DataHash.Sha256)
{
SHA256 sha = SHA256.Create();
hash = sha.ComputeHash(input);
}
else
{
SHA512 sha = SHA512.Create();
hash = sha.ComputeHash(input);
}
for (int i = 0; i < hash.Length; i++)
{
sb.Append(hash[i].ToString("X2"));
}
return(sb.ToString());
}
public void TestLinksEqualWithSiblingHashAndLevel()
{
DataHash dataHash = new DataHash(Base16.Decode("01404572B3A03FCBB57D265903A153B24237F277723D1B24A199F9F009A4EB23BE"));
Assert.AreEqual(new AggregationHashChain.Link(LinkDirection.Left, dataHash, 56),
new AggregationHashChain.Link(LinkDirection.Left, dataHash, null, 56));
}
public void AsyncSignWithInvalidPassTest(KsiService service)
{
byte[] data = Encoding.UTF8.GetBytes("This is my document");
IDataHasher dataHasher = KsiProvider.CreateDataHasher();
dataHasher.AddData(data);
DataHash dataHash = dataHasher.GetHash();
ManualResetEvent waitHandle = new ManualResetEvent(false);
Exception ex = null;
IKsiSignature signature = null;
service.BeginSign(dataHash, delegate(IAsyncResult ar)
{
try
{
signature = service.EndSign(ar);
}
catch (Exception e)
{
ex = e;
}
finally
{
waitHandle.Set();
}
}, null);
Assert.IsTrue(waitHandle.WaitOne(10000), "Wait handle timed out.");
Assert.IsNull(signature, "Signature should be null.");
Assert.IsNotNull(ex, "Exception should not be null.");
Assert.AreEqual("Server responded with error message. Status: 258; Message: The request could not be authenticated.", ex.Message);
}
public void VerifyExtendedSignatureUsingDefaultPolicy()
{
// Create simple wrapper.
KSI.Ksi ksi = GetKsi();
// Read the existing signature, assume it is extended
IKsiSignature signature = LoadExtendedSignature();
DataHash documentHash = KsiProvider.CreateDataHasher(signature.InputHash.Algorithm)
.AddData(File.ReadAllBytes("Resources/infile.txt"))
.GetHash();
// Do the verification and check the result.
// The signature is verified against given document hash and publications file (publications file is automatically downloaded by simple wrapper).
VerificationResult verificationResult = ksi.Verify(signature, documentHash);
if (verificationResult.ResultCode == VerificationResultCode.Ok)
{
Console.WriteLine("VerifyExtendedSignatureUsingDefaultPolicy > signature valid");
}
else
{
Console.WriteLine("VerifyExtendedSignatureUsingDefaultPolicy > verification failed with error > " + verificationResult.VerificationError);
}
}
public void HAAsyncSignTest()
{
HAKsiService haService = new HAKsiService(SigningServices, ExtendingServices, PublicationsFileService);
DataHash dataHash = new DataHash(Base16.Decode("019f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08"));
ManualResetEvent waitHandle = new ManualResetEvent(false);
IKsiSignature signature = null;
object testObject = new object();
bool isAsyncStateCorrect = false;
haService.BeginSign(dataHash, delegate(IAsyncResult ar)
{
try
{
isAsyncStateCorrect = ar.AsyncState == testObject;
signature = haService.EndSign(ar);
}
finally
{
waitHandle.Set();
}
}, testObject);
Assert.IsTrue(waitHandle.WaitOne(10000), "Wait handle timed out.");
Assert.IsNotNull(signature, "Signature should not be null.");
Assert.AreEqual(true, isAsyncStateCorrect, "Unexpected async state.");
}
public void VerifyCalendarBasedUnextended()
{
IKsiSignature signature = LoadUnextendedSignature();
DataHash documentHash = KsiProvider.CreateDataHasher(signature.InputHash.Algorithm)
.AddData(File.ReadAllBytes("Resources/infile.txt"))
.GetHash();
VerificationPolicy policy = new CalendarBasedVerificationPolicy();
VerificationContext context = new VerificationContext(signature)
{
DocumentHash = documentHash,
KsiService = GetKsiService(),
};
VerificationResult verificationResult = policy.Verify(context);
if (verificationResult.ResultCode == VerificationResultCode.Ok)
{
Console.WriteLine("VerifyCalendarBasedUnextended > signature valid");
}
else
{
Console.WriteLine("VerifyCalendarBasedUnextended > signature verification failed with error > " + verificationResult.VerificationError);
}
}
public void VerifyUnextendedSignatureUsingDefaultPolicy()
{
// Create simple wrapper.
KSI.Ksi ksi = GetKsi();
// Read signature, assume to be not extended
IKsiSignature signature = LoadUnextendedSignature();
// We need to compute the hash from the original data, to make sure it
// matches the one in the signature and has not been changed
// Use the same algorithm as the input hash in the signature
DataHash documentHash = KsiProvider.CreateDataHasher(signature.InputHash.Algorithm)
.AddData(File.ReadAllBytes("Resources/infile.txt"))
.GetHash();
// Do the verification and check the result.
// At first KSI signature is verified against given document hash.
// Then the signature is extended. If extending succeeds then the signature is verified
// against publications file (publications file is automatically downloaded by simple wrapper).
// If extending is not yet possible then key based verification is done.
VerificationResult verificationResult = ksi.Verify(signature, documentHash);
if (verificationResult.ResultCode == VerificationResultCode.Ok)
{
Console.WriteLine("VerifyUnextendedSignatureUsingDefaultPolicy > signature valid");
}
else
{
Console.WriteLine("VerifyUnextendedSignatureUsingDefaultPolicy > verification failed with error > " + verificationResult.VerificationError);
}
}
public void VerifyKeyBased()
{
KSI.Ksi ksi = GetKsi();
// Read signature, assume to be not extended
IKsiSignature signature = LoadUnextendedSignature();
DataHash documentHash = KsiProvider.CreateDataHasher(signature.InputHash.Algorithm)
.AddData(File.ReadAllBytes("Resources/infile.txt"))
.GetHash();
VerificationPolicy policy = new KeyBasedVerificationPolicy(new X509Store(StoreName.Root), GetCertificateSubjectRdnSelector());
VerificationContext context = new VerificationContext(signature)
{
DocumentHash = documentHash,
PublicationsFile = ksi.GetPublicationsFile(),
};
VerificationResult verificationResult = policy.Verify(context);
if (verificationResult.ResultCode == VerificationResultCode.Ok)
{
Console.WriteLine("VerifyKeyBased > signature valid");
}
else
{
Console.WriteLine("VerifyKeyBased > signature verification failed with error > " + verificationResult.VerificationError);
}
}
public void VerifyExtendedSignatureUsingPublicationsCodeAutoExtend()
{
// Read signature, assume to be not extended
IKsiSignature signature = LoadUnextendedSignature();
DataHash documentHash = KsiProvider.CreateDataHasher(signature.InputHash.Algorithm)
.AddData(File.ReadAllBytes("Resources/infile.txt"))
.GetHash();
PublicationData publicationData = new PublicationData("AAAAAA-CWYEKQ-AAIYPA-UJ4GRT-HXMFBE-OTB4AB-XH3PT3-KNIKGV-PYCJXU-HL2TN4-RG6SCC-3ZGSBM");
// Do the verification and check the result
VerificationPolicy policy = new PublicationBasedVerificationPolicy();
VerificationContext context = new VerificationContext(signature)
{
DocumentHash = documentHash,
UserPublication = publicationData,
IsExtendingAllowed = true,
KsiService = GetKsiService(),
};
VerificationResult verificationResult = policy.Verify(context);
if (verificationResult.ResultCode == VerificationResultCode.Ok)
{
Console.WriteLine("VerifyExtendedSignatureUsingPublicationsCodeAutoExtend > signature valid");
}
else
{
Console.WriteLine("VerifyExtendedSignatureUsingPublicationsCodeAutoExtend > signature verification failed with error > " + verificationResult.VerificationError);
}
}
public void VerifyExtendedSignatureUsingPublicationsCode()
{
// Read the existing signature, assume it is extended
IKsiSignature signature = LoadExtendedSignature();
DataHash documentHash = KsiProvider.CreateDataHasher(signature.InputHash.Algorithm)
.AddData(File.ReadAllBytes("Resources/infile.txt"))
.GetHash();
// The trust anchor in this example is the publication code in Financial Times or on Twitter
PublicationData publicationData = new PublicationData("AAAAAA-CWYEKQ-AAIYPA-UJ4GRT-HXMFBE-OTB4AB-XH3PT3-KNIKGV-PYCJXU-HL2TN4-RG6SCC-3ZGSBM");
// Do the verification and check the result
VerificationPolicy policy = new PublicationBasedVerificationPolicy();
VerificationContext context = new VerificationContext(signature)
{
DocumentHash = documentHash,
UserPublication = publicationData
};
VerificationResult verificationResult = policy.Verify(context);
if (verificationResult.ResultCode == VerificationResultCode.Ok)
{
Console.WriteLine("VerifyExtendedSignatureUsingPublicationsCode > signature valid");
}
else
{
Console.WriteLine("VerifyExtendedSignatureUsingPublicationsCode > signature verification failed with error > " + verificationResult.VerificationError);
}
}
public void VerifyExtendedSignatureUsingPublicationsFile()
{
KSI.Ksi ksi = GetKsi();
// Read the existing signature, assume it is extended
IKsiSignature signature = LoadExtendedSignature();
DataHash documentHash = KsiProvider.CreateDataHasher(signature.InputHash.Algorithm)
.AddData(File.ReadAllBytes("Resources/infile.txt"))
.GetHash();
// Do the verification and check the result
VerificationPolicy policy = new PublicationBasedVerificationPolicy();
VerificationContext context = new VerificationContext(signature)
{
DocumentHash = documentHash,
PublicationsFile = ksi.GetPublicationsFile(),
};
VerificationResult verificationResult = policy.Verify(context);
if (verificationResult.ResultCode == VerificationResultCode.Ok)
{
Console.WriteLine("VerifyExtendedSignatureUsingPublicationsFile > signature valid");
}
else
{
Console.WriteLine("VerifyExtendedSignatureUsingPublicationsFile > verification failed with error > " + verificationResult.VerificationError);
}
}
/// <summary>
/// Resets hash calculation.
/// </summary>
/// <returns>the same DataHasher object for chaining calls</returns>
public IDataHasher Reset()
{
_outputHash = null;
_hasher.Initialize();
return(this);
}
public override void ToStream(Stream output)
{
output.Write(TLUtils.SignatureToBytes(Signature));
Data.ToStream(output);
DataHash.ToStream(output);
Secret.ToStream(output);
}
/// <summary>
/// Create aggregation request payload from data hash.
/// </summary>
/// <param name="requestId">Request ID</param>
/// <param name="hash">data hash</param>
public AggregationRequestPayload(ulong requestId, DataHash hash) : base(Constants.AggregationRequestPayload.TagType, false, false, new ITlvTag[]
{
new IntegerTag(Constants.PduPayload.RequestIdTagType, false, false, requestId),
new ImprintTag(Constants.AggregationRequestPayload.RequestHashTagType, false, false, hash)
})
{
}
/// <summary>
/// Resets hash calculation.
/// </summary>
/// <returns>the same DataHasher object for chaining calls</returns>
public IDataHasher Reset()
{
_outputHash = null;
_digester.Reset();
return(this);
}
public void TcpSignHashesWithSocketReuseAndTimeoutTest()
{
KsiService service = GetTcpKsiService();
DataHash hash1 = new DataHash(HashAlgorithm.Sha2256, Base16.Decode("1f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08"));
DataHash hash2 = new DataHash(HashAlgorithm.Sha2256, Base16.Decode("1f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08"));
IAsyncResult ar1 = service.BeginSign(hash1, null, null);
IKsiSignature sig1 = service.EndSign(ar1);
Socket socket1 = GetSigningSocket(service);
Assert.AreEqual(hash1, sig1.InputHash, "Unexpected signature input hash");
Socket socket2 = GetSigningSocket(service);
Assert.AreEqual(socket1, socket2, "Sockets should be equal");
// after 20 sec server will close connection
Thread.Sleep(22000);
IAsyncResult ar2 = service.BeginSign(hash2, null, null);
IKsiSignature sig2 = service.EndSign(ar2);
Assert.AreEqual(hash2, sig2.InputHash, "Unexpected signature input hash");
socket2 = GetSigningSocket(service);
Assert.AreNotEqual(socket1, socket2, "Sockets should not be equal");
}
/// <summary>
/// Create signature and verify with given verification policy
/// </summary>
/// <param name="childTags">Child tags</param>
/// <param name="hash">Signed hash</param>
private KsiSignature CreateAndVerify(ITlvTag[] childTags, DataHash hash)
{
KsiSignature signature = new KsiSignature(false, false, childTags);
Verify(signature, hash);
return(signature);
}
/// <summary>
/// Validate PDU against given MAC.
/// </summary>
/// <param name="pduBytes">PDU encoded as byte array</param>
/// <param name="mac">MAC</param>
/// <param name="key">message key</param>
/// <returns>true if MAC is valid</returns>
public static bool ValidateMac(byte[] pduBytes, ImprintTag mac, byte[] key)
{
if (pduBytes == null)
{
throw new ArgumentNullException(nameof(pduBytes));
}
if (mac == null)
{
throw new ArgumentNullException(nameof(mac));
}
if (pduBytes.Length < mac.Value.Algorithm.Length)
{
Logger.Warn("PDU MAC validation failed. PDU bytes array is too short to contain given MAC.");
return(false);
}
DataHash calculatedMac = CalcMacValue(pduBytes, mac.Value.Algorithm, key);
if (!calculatedMac.Equals(mac.Value))
{
Logger.Warn("PDU MAC validation failed. Calculated MAC and given MAC do not match.");
return(false);
}
return(true);
}
/// <summary>
/// Create signature and verify with given verification policy
/// </summary>
/// <param name="signatureRaw">KSI signature</param>
/// <param name="hash">Signed hash</param>
private KsiSignature CreateAndVerify(RawTag signatureRaw, DataHash hash)
{
KsiSignature signature = new KsiSignature(signatureRaw);
Verify(signature, hash);
return(signature);
}
/// <summary>
/// Create KSI signature instance from legacy aggregation response payload.
/// </summary>
/// <param name="payload">aggregation response payload</param>
/// <param name="hash">Signed hash</param>
/// <param name="level">Signed hash node level value in the aggregation tree</param>
/// <returns>KSI signature</returns>
public IKsiSignature Create(LegacyAggregationResponsePayload payload, DataHash hash, uint?level = null)
{
if (payload == null)
{
throw new ArgumentNullException(nameof(payload));
}
return(CreateFromResponsePayload(payload, payload.RequestId, hash, level));
}
/// <summary>
/// Create new publication data TLV element from publication time and publication hash.
/// </summary>
/// <param name="publicationTime">publication time</param>
/// <param name="publicationHash">publication hash</param>
/// <param name="nonCritical">Is TLV element non critical</param>
/// <param name="forward">Is TLV element forwarded</param>
public PublicationData(ulong publicationTime, DataHash publicationHash, bool nonCritical, bool forward)
: base(Constants.PublicationData.TagType, nonCritical, forward, new ITlvTag[]
{
new IntegerTag(Constants.PublicationData.PublicationTimeTagType, false, false, publicationTime),
new ImprintTag(Constants.PublicationData.PublicationHashTagType, false, false, publicationHash)
})
{
}
public void SignStaticTest()
{
Ksi ksi = GetStaticKsi(Resources.KsiService_AggregationResponsePdu_RequestId_1584727637, 1584727637);
DataHash dataHash = new DataHash(Base16.Decode("019f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08"));
IKsiSignature signature = ksi.Sign(dataHash);
Verify(signature, dataHash);
}
public override byte[] ToBytes()
{
return(TLUtils.Combine(
TLUtils.SignatureToBytes(Signature),
Data.ToBytes(),
DataHash.ToBytes(),
Secret.ToBytes()));
}
/// <summary>
/// Create aggregation request payload from data hash.
/// </summary>
/// <param name="requestId">Request ID</param>
/// <param name="hash">data hash</param>
/// <param name="level">the level value of the aggregation tree node</param>
public LegacyAggregationRequestPayload(ulong requestId, DataHash hash, uint level) : base(Constants.AggregationRequestPayload.LegacyTagType, false, false, new ITlvTag[]
{
new IntegerTag(Constants.PduPayload.RequestIdTagType, false, false, requestId),
new ImprintTag(Constants.AggregationRequestPayload.RequestHashTagType, false, false, hash),
new IntegerTag(Constants.AggregationRequestPayload.RequestLevelTagType, false, false, level)
})
{
}
public TestingRow(string row, int index)
{
string[] args = row.Split(';');
FileName = args[0];
ActionName = args[1];
ErrorCode = args[2];
ErrorMessage = args[3];
InputHashLevel = !string.IsNullOrEmpty(args[4]) ? uint.Parse(args[4]) : 0;
string s = args[5];
if (!string.IsNullOrEmpty(s))
{
InputHash = new DataHash(Base16.Decode(s));
}
s = args[6];
if (!string.IsNullOrEmpty(s))
{
CalendarHashChainInput = new DataHash(Base16.Decode(s));
}
s = args[7];
if (!string.IsNullOrEmpty(s))
{
CalendarHashChainOutput = new DataHash(Base16.Decode(s));
}
s = args[8];
if (!string.IsNullOrEmpty(s))
{
AggregationTime = ulong.Parse(s);
}
s = args[9];
if (!string.IsNullOrEmpty(s))
{
PublicationTime = ulong.Parse(s);
}
s = args[10];
if (!string.IsNullOrEmpty(s))
{
PublicationData = new PublicationData(s);
}
s = args[11];
if (!string.IsNullOrEmpty(s) && s.ToUpper() == "TRUE")
{
IsExtendingAllowed = true;
}
ResourceFile = args[12];
PublicationsFilePath = args[13];
CertFilePath = args[14];
TestIndex = index;
}
/// <summary>
/// Create new imprint TLV element from TLV element.
/// </summary>
/// <param name="tag">TLV element</param>
public ImprintTag(ITlvTag tag) : base(tag)
{
byte[] data = tag.EncodeValue();
if (data == null)
{
throw new TlvException("Invalid TLV element encoded value: null.");
}
Value = new DataHash(data);
}
public void VerifyNewSignatureWithPublicationsFile(Ksi ksi)
{
DataHash documentHash = new DataHash(Base16.Decode("0111A700B0C8066C47ECBA05ED37BC14DCADB238552D86C659342D1D7E87B8772D"));
IKsiSignature signature = ksi.Sign(documentHash);
VerificationResult result = ksi.Verify(signature, null, ksi.GetPublicationsFile());
Assert.AreEqual(VerificationResultCode.Ok, result.ResultCode, "Unexpected verification result code.");
Assert.AreEqual(nameof(DefaultVerificationPolicy), result.RuleName, "Unexpected policy used.");
}
