public void TestLinksEqualWithSiblingHash() { DataHash dataHash = new DataHash(Base16.Decode("0160D25FD6F2A962B41F20CFC2DD9CC62C9C802EADB08E8F15E60D0316E778ACDC")); Assert.AreEqual(new AggregationHashChain.Link(LinkDirection.Left, dataHash), new AggregationHashChain.Link(LinkDirection.Left, dataHash, null)); }
private static void Verify(Ksi ksi, IKsiSignature signature, DataHash documentHash) { VerificationContext verificationContext = new VerificationContext(signature) { DocumentHash = documentHash, PublicationsFile = ksi.GetPublicationsFile() }; AggregationHashChain.Link firstChainLink = signature.GetAggregationHashChains()[0].GetChainLinks()[0]; if (firstChainLink.Metadata != null && firstChainLink.Metadata.Padding == null) { throw new Exception("Metadata padding is missing."); } KeyBasedVerificationPolicy policy = new KeyBasedVerificationPolicy(); VerificationResult verificationResult = policy.Verify(verificationContext); if (verificationResult.ResultCode != VerificationResultCode.Ok) { Console.WriteLine("Verification result code: " + verificationResult.ResultCode); Console.WriteLine("Verification rule name: " + verificationResult.RuleName); Console.WriteLine("Verification error: " + verificationResult.VerificationError); } Assert.AreEqual(VerificationResultCode.Ok, verificationResult.ResultCode, "Signature should verify with key based policy"); }
public void TcpSignHashWithReusedSocketTest() { KsiService service = GetTcpKsiService(); DataHash hash1 = new DataHash(HashAlgorithm.Sha2256, Base16.Decode("1f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08")); DataHash hash2 = new DataHash(HashAlgorithm.Sha2256, Base16.Decode("1f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08")); DataHash hash3 = new DataHash(HashAlgorithm.Sha2256, Base16.Decode("1f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08")); DataHash hash4 = new DataHash(HashAlgorithm.Sha2256, Base16.Decode("1f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08")); IAsyncResult ar1 = service.BeginSign(hash1, null, null); IAsyncResult ar2 = service.BeginSign(hash2, null, null); IKsiSignature sig1 = service.EndSign(ar1); Assert.AreEqual(hash1, sig1.InputHash, "Unexpected signature input hash"); IKsiSignature sig2 = service.EndSign(ar2); Assert.AreEqual(hash2, sig2.InputHash, "Unexpected signature input hash"); Socket socket1 = GetSigningSocket(service); IAsyncResult ar3 = service.BeginSign(hash3, null, null); IAsyncResult ar4 = service.BeginSign(hash4, null, null); IKsiSignature sig3 = service.EndSign(ar3); Assert.AreEqual(hash3, sig3.InputHash, "Unexpected signature input hash"); IKsiSignature sig4 = service.EndSign(ar4); Assert.AreEqual(hash4, sig4.InputHash, "Unexpected signature input hash"); Socket socket2 = GetSigningSocket(service); Assert.AreEqual(socket1, socket2, "Sockets should be equal"); }
public static string Hash(string toHash, DataHash hashType) { byte[] input = Encoding.ASCII.GetBytes(toHash); byte[] hash = new byte[0]; StringBuilder sb = new StringBuilder(); if (hashType == DataHash.MD5) { MD5 md = MD5.Create(); hash = md.ComputeHash(input); } else if (hashType == DataHash.Sha256) { SHA256 sha = SHA256.Create(); hash = sha.ComputeHash(input); } else { SHA512 sha = SHA512.Create(); hash = sha.ComputeHash(input); } for (int i = 0; i < hash.Length; i++) { sb.Append(hash[i].ToString("X2")); } return(sb.ToString()); }
public void TestLinksEqualWithSiblingHashAndLevel() { DataHash dataHash = new DataHash(Base16.Decode("01404572B3A03FCBB57D265903A153B24237F277723D1B24A199F9F009A4EB23BE")); Assert.AreEqual(new AggregationHashChain.Link(LinkDirection.Left, dataHash, 56), new AggregationHashChain.Link(LinkDirection.Left, dataHash, null, 56)); }
public void AsyncSignWithInvalidPassTest(KsiService service) { byte[] data = Encoding.UTF8.GetBytes("This is my document"); IDataHasher dataHasher = KsiProvider.CreateDataHasher(); dataHasher.AddData(data); DataHash dataHash = dataHasher.GetHash(); ManualResetEvent waitHandle = new ManualResetEvent(false); Exception ex = null; IKsiSignature signature = null; service.BeginSign(dataHash, delegate(IAsyncResult ar) { try { signature = service.EndSign(ar); } catch (Exception e) { ex = e; } finally { waitHandle.Set(); } }, null); Assert.IsTrue(waitHandle.WaitOne(10000), "Wait handle timed out."); Assert.IsNull(signature, "Signature should be null."); Assert.IsNotNull(ex, "Exception should not be null."); Assert.AreEqual("Server responded with error message. Status: 258; Message: The request could not be authenticated.", ex.Message); }
public void VerifyExtendedSignatureUsingDefaultPolicy() { // Create simple wrapper. KSI.Ksi ksi = GetKsi(); // Read the existing signature, assume it is extended IKsiSignature signature = LoadExtendedSignature(); DataHash documentHash = KsiProvider.CreateDataHasher(signature.InputHash.Algorithm) .AddData(File.ReadAllBytes("Resources/infile.txt")) .GetHash(); // Do the verification and check the result. // The signature is verified against given document hash and publications file (publications file is automatically downloaded by simple wrapper). VerificationResult verificationResult = ksi.Verify(signature, documentHash); if (verificationResult.ResultCode == VerificationResultCode.Ok) { Console.WriteLine("VerifyExtendedSignatureUsingDefaultPolicy > signature valid"); } else { Console.WriteLine("VerifyExtendedSignatureUsingDefaultPolicy > verification failed with error > " + verificationResult.VerificationError); } }
public void HAAsyncSignTest() { HAKsiService haService = new HAKsiService(SigningServices, ExtendingServices, PublicationsFileService); DataHash dataHash = new DataHash(Base16.Decode("019f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08")); ManualResetEvent waitHandle = new ManualResetEvent(false); IKsiSignature signature = null; object testObject = new object(); bool isAsyncStateCorrect = false; haService.BeginSign(dataHash, delegate(IAsyncResult ar) { try { isAsyncStateCorrect = ar.AsyncState == testObject; signature = haService.EndSign(ar); } finally { waitHandle.Set(); } }, testObject); Assert.IsTrue(waitHandle.WaitOne(10000), "Wait handle timed out."); Assert.IsNotNull(signature, "Signature should not be null."); Assert.AreEqual(true, isAsyncStateCorrect, "Unexpected async state."); }
public void VerifyCalendarBasedUnextended() { IKsiSignature signature = LoadUnextendedSignature(); DataHash documentHash = KsiProvider.CreateDataHasher(signature.InputHash.Algorithm) .AddData(File.ReadAllBytes("Resources/infile.txt")) .GetHash(); VerificationPolicy policy = new CalendarBasedVerificationPolicy(); VerificationContext context = new VerificationContext(signature) { DocumentHash = documentHash, KsiService = GetKsiService(), }; VerificationResult verificationResult = policy.Verify(context); if (verificationResult.ResultCode == VerificationResultCode.Ok) { Console.WriteLine("VerifyCalendarBasedUnextended > signature valid"); } else { Console.WriteLine("VerifyCalendarBasedUnextended > signature verification failed with error > " + verificationResult.VerificationError); } }
public void VerifyUnextendedSignatureUsingDefaultPolicy() { // Create simple wrapper. KSI.Ksi ksi = GetKsi(); // Read signature, assume to be not extended IKsiSignature signature = LoadUnextendedSignature(); // We need to compute the hash from the original data, to make sure it // matches the one in the signature and has not been changed // Use the same algorithm as the input hash in the signature DataHash documentHash = KsiProvider.CreateDataHasher(signature.InputHash.Algorithm) .AddData(File.ReadAllBytes("Resources/infile.txt")) .GetHash(); // Do the verification and check the result. // At first KSI signature is verified against given document hash. // Then the signature is extended. If extending succeeds then the signature is verified // against publications file (publications file is automatically downloaded by simple wrapper). // If extending is not yet possible then key based verification is done. VerificationResult verificationResult = ksi.Verify(signature, documentHash); if (verificationResult.ResultCode == VerificationResultCode.Ok) { Console.WriteLine("VerifyUnextendedSignatureUsingDefaultPolicy > signature valid"); } else { Console.WriteLine("VerifyUnextendedSignatureUsingDefaultPolicy > verification failed with error > " + verificationResult.VerificationError); } }
public void VerifyKeyBased() { KSI.Ksi ksi = GetKsi(); // Read signature, assume to be not extended IKsiSignature signature = LoadUnextendedSignature(); DataHash documentHash = KsiProvider.CreateDataHasher(signature.InputHash.Algorithm) .AddData(File.ReadAllBytes("Resources/infile.txt")) .GetHash(); VerificationPolicy policy = new KeyBasedVerificationPolicy(new X509Store(StoreName.Root), GetCertificateSubjectRdnSelector()); VerificationContext context = new VerificationContext(signature) { DocumentHash = documentHash, PublicationsFile = ksi.GetPublicationsFile(), }; VerificationResult verificationResult = policy.Verify(context); if (verificationResult.ResultCode == VerificationResultCode.Ok) { Console.WriteLine("VerifyKeyBased > signature valid"); } else { Console.WriteLine("VerifyKeyBased > signature verification failed with error > " + verificationResult.VerificationError); } }
public void VerifyExtendedSignatureUsingPublicationsCodeAutoExtend() { // Read signature, assume to be not extended IKsiSignature signature = LoadUnextendedSignature(); DataHash documentHash = KsiProvider.CreateDataHasher(signature.InputHash.Algorithm) .AddData(File.ReadAllBytes("Resources/infile.txt")) .GetHash(); PublicationData publicationData = new PublicationData("AAAAAA-CWYEKQ-AAIYPA-UJ4GRT-HXMFBE-OTB4AB-XH3PT3-KNIKGV-PYCJXU-HL2TN4-RG6SCC-3ZGSBM"); // Do the verification and check the result VerificationPolicy policy = new PublicationBasedVerificationPolicy(); VerificationContext context = new VerificationContext(signature) { DocumentHash = documentHash, UserPublication = publicationData, IsExtendingAllowed = true, KsiService = GetKsiService(), }; VerificationResult verificationResult = policy.Verify(context); if (verificationResult.ResultCode == VerificationResultCode.Ok) { Console.WriteLine("VerifyExtendedSignatureUsingPublicationsCodeAutoExtend > signature valid"); } else { Console.WriteLine("VerifyExtendedSignatureUsingPublicationsCodeAutoExtend > signature verification failed with error > " + verificationResult.VerificationError); } }
public void VerifyExtendedSignatureUsingPublicationsCode() { // Read the existing signature, assume it is extended IKsiSignature signature = LoadExtendedSignature(); DataHash documentHash = KsiProvider.CreateDataHasher(signature.InputHash.Algorithm) .AddData(File.ReadAllBytes("Resources/infile.txt")) .GetHash(); // The trust anchor in this example is the publication code in Financial Times or on Twitter PublicationData publicationData = new PublicationData("AAAAAA-CWYEKQ-AAIYPA-UJ4GRT-HXMFBE-OTB4AB-XH3PT3-KNIKGV-PYCJXU-HL2TN4-RG6SCC-3ZGSBM"); // Do the verification and check the result VerificationPolicy policy = new PublicationBasedVerificationPolicy(); VerificationContext context = new VerificationContext(signature) { DocumentHash = documentHash, UserPublication = publicationData }; VerificationResult verificationResult = policy.Verify(context); if (verificationResult.ResultCode == VerificationResultCode.Ok) { Console.WriteLine("VerifyExtendedSignatureUsingPublicationsCode > signature valid"); } else { Console.WriteLine("VerifyExtendedSignatureUsingPublicationsCode > signature verification failed with error > " + verificationResult.VerificationError); } }
public void VerifyExtendedSignatureUsingPublicationsFile() { KSI.Ksi ksi = GetKsi(); // Read the existing signature, assume it is extended IKsiSignature signature = LoadExtendedSignature(); DataHash documentHash = KsiProvider.CreateDataHasher(signature.InputHash.Algorithm) .AddData(File.ReadAllBytes("Resources/infile.txt")) .GetHash(); // Do the verification and check the result VerificationPolicy policy = new PublicationBasedVerificationPolicy(); VerificationContext context = new VerificationContext(signature) { DocumentHash = documentHash, PublicationsFile = ksi.GetPublicationsFile(), }; VerificationResult verificationResult = policy.Verify(context); if (verificationResult.ResultCode == VerificationResultCode.Ok) { Console.WriteLine("VerifyExtendedSignatureUsingPublicationsFile > signature valid"); } else { Console.WriteLine("VerifyExtendedSignatureUsingPublicationsFile > verification failed with error > " + verificationResult.VerificationError); } }
/// <summary> /// Resets hash calculation. /// </summary> /// <returns>the same DataHasher object for chaining calls</returns> public IDataHasher Reset() { _outputHash = null; _hasher.Initialize(); return(this); }
public override void ToStream(Stream output) { output.Write(TLUtils.SignatureToBytes(Signature)); Data.ToStream(output); DataHash.ToStream(output); Secret.ToStream(output); }
/// <summary> /// Create aggregation request payload from data hash. /// </summary> /// <param name="requestId">Request ID</param> /// <param name="hash">data hash</param> public AggregationRequestPayload(ulong requestId, DataHash hash) : base(Constants.AggregationRequestPayload.TagType, false, false, new ITlvTag[] { new IntegerTag(Constants.PduPayload.RequestIdTagType, false, false, requestId), new ImprintTag(Constants.AggregationRequestPayload.RequestHashTagType, false, false, hash) }) { }
/// <summary> /// Resets hash calculation. /// </summary> /// <returns>the same DataHasher object for chaining calls</returns> public IDataHasher Reset() { _outputHash = null; _digester.Reset(); return(this); }
public void TcpSignHashesWithSocketReuseAndTimeoutTest() { KsiService service = GetTcpKsiService(); DataHash hash1 = new DataHash(HashAlgorithm.Sha2256, Base16.Decode("1f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08")); DataHash hash2 = new DataHash(HashAlgorithm.Sha2256, Base16.Decode("1f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08")); IAsyncResult ar1 = service.BeginSign(hash1, null, null); IKsiSignature sig1 = service.EndSign(ar1); Socket socket1 = GetSigningSocket(service); Assert.AreEqual(hash1, sig1.InputHash, "Unexpected signature input hash"); Socket socket2 = GetSigningSocket(service); Assert.AreEqual(socket1, socket2, "Sockets should be equal"); // after 20 sec server will close connection Thread.Sleep(22000); IAsyncResult ar2 = service.BeginSign(hash2, null, null); IKsiSignature sig2 = service.EndSign(ar2); Assert.AreEqual(hash2, sig2.InputHash, "Unexpected signature input hash"); socket2 = GetSigningSocket(service); Assert.AreNotEqual(socket1, socket2, "Sockets should not be equal"); }
/// <summary> /// Create signature and verify with given verification policy /// </summary> /// <param name="childTags">Child tags</param> /// <param name="hash">Signed hash</param> private KsiSignature CreateAndVerify(ITlvTag[] childTags, DataHash hash) { KsiSignature signature = new KsiSignature(false, false, childTags); Verify(signature, hash); return(signature); }
/// <summary> /// Validate PDU against given MAC. /// </summary> /// <param name="pduBytes">PDU encoded as byte array</param> /// <param name="mac">MAC</param> /// <param name="key">message key</param> /// <returns>true if MAC is valid</returns> public static bool ValidateMac(byte[] pduBytes, ImprintTag mac, byte[] key) { if (pduBytes == null) { throw new ArgumentNullException(nameof(pduBytes)); } if (mac == null) { throw new ArgumentNullException(nameof(mac)); } if (pduBytes.Length < mac.Value.Algorithm.Length) { Logger.Warn("PDU MAC validation failed. PDU bytes array is too short to contain given MAC."); return(false); } DataHash calculatedMac = CalcMacValue(pduBytes, mac.Value.Algorithm, key); if (!calculatedMac.Equals(mac.Value)) { Logger.Warn("PDU MAC validation failed. Calculated MAC and given MAC do not match."); return(false); } return(true); }
/// <summary> /// Create signature and verify with given verification policy /// </summary> /// <param name="signatureRaw">KSI signature</param> /// <param name="hash">Signed hash</param> private KsiSignature CreateAndVerify(RawTag signatureRaw, DataHash hash) { KsiSignature signature = new KsiSignature(signatureRaw); Verify(signature, hash); return(signature); }
/// <summary> /// Create KSI signature instance from legacy aggregation response payload. /// </summary> /// <param name="payload">aggregation response payload</param> /// <param name="hash">Signed hash</param> /// <param name="level">Signed hash node level value in the aggregation tree</param> /// <returns>KSI signature</returns> public IKsiSignature Create(LegacyAggregationResponsePayload payload, DataHash hash, uint?level = null) { if (payload == null) { throw new ArgumentNullException(nameof(payload)); } return(CreateFromResponsePayload(payload, payload.RequestId, hash, level)); }
/// <summary> /// Create new publication data TLV element from publication time and publication hash. /// </summary> /// <param name="publicationTime">publication time</param> /// <param name="publicationHash">publication hash</param> /// <param name="nonCritical">Is TLV element non critical</param> /// <param name="forward">Is TLV element forwarded</param> public PublicationData(ulong publicationTime, DataHash publicationHash, bool nonCritical, bool forward) : base(Constants.PublicationData.TagType, nonCritical, forward, new ITlvTag[] { new IntegerTag(Constants.PublicationData.PublicationTimeTagType, false, false, publicationTime), new ImprintTag(Constants.PublicationData.PublicationHashTagType, false, false, publicationHash) }) { }
public void SignStaticTest() { Ksi ksi = GetStaticKsi(Resources.KsiService_AggregationResponsePdu_RequestId_1584727637, 1584727637); DataHash dataHash = new DataHash(Base16.Decode("019f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08")); IKsiSignature signature = ksi.Sign(dataHash); Verify(signature, dataHash); }
public override byte[] ToBytes() { return(TLUtils.Combine( TLUtils.SignatureToBytes(Signature), Data.ToBytes(), DataHash.ToBytes(), Secret.ToBytes())); }
/// <summary> /// Create aggregation request payload from data hash. /// </summary> /// <param name="requestId">Request ID</param> /// <param name="hash">data hash</param> /// <param name="level">the level value of the aggregation tree node</param> public LegacyAggregationRequestPayload(ulong requestId, DataHash hash, uint level) : base(Constants.AggregationRequestPayload.LegacyTagType, false, false, new ITlvTag[] { new IntegerTag(Constants.PduPayload.RequestIdTagType, false, false, requestId), new ImprintTag(Constants.AggregationRequestPayload.RequestHashTagType, false, false, hash), new IntegerTag(Constants.AggregationRequestPayload.RequestLevelTagType, false, false, level) }) { }
public TestingRow(string row, int index) { string[] args = row.Split(';'); FileName = args[0]; ActionName = args[1]; ErrorCode = args[2]; ErrorMessage = args[3]; InputHashLevel = !string.IsNullOrEmpty(args[4]) ? uint.Parse(args[4]) : 0; string s = args[5]; if (!string.IsNullOrEmpty(s)) { InputHash = new DataHash(Base16.Decode(s)); } s = args[6]; if (!string.IsNullOrEmpty(s)) { CalendarHashChainInput = new DataHash(Base16.Decode(s)); } s = args[7]; if (!string.IsNullOrEmpty(s)) { CalendarHashChainOutput = new DataHash(Base16.Decode(s)); } s = args[8]; if (!string.IsNullOrEmpty(s)) { AggregationTime = ulong.Parse(s); } s = args[9]; if (!string.IsNullOrEmpty(s)) { PublicationTime = ulong.Parse(s); } s = args[10]; if (!string.IsNullOrEmpty(s)) { PublicationData = new PublicationData(s); } s = args[11]; if (!string.IsNullOrEmpty(s) && s.ToUpper() == "TRUE") { IsExtendingAllowed = true; } ResourceFile = args[12]; PublicationsFilePath = args[13]; CertFilePath = args[14]; TestIndex = index; }
/// <summary> /// Create new imprint TLV element from TLV element. /// </summary> /// <param name="tag">TLV element</param> public ImprintTag(ITlvTag tag) : base(tag) { byte[] data = tag.EncodeValue(); if (data == null) { throw new TlvException("Invalid TLV element encoded value: null."); } Value = new DataHash(data); }
public void VerifyNewSignatureWithPublicationsFile(Ksi ksi) { DataHash documentHash = new DataHash(Base16.Decode("0111A700B0C8066C47ECBA05ED37BC14DCADB238552D86C659342D1D7E87B8772D")); IKsiSignature signature = ksi.Sign(documentHash); VerificationResult result = ksi.Verify(signature, null, ksi.GetPublicationsFile()); Assert.AreEqual(VerificationResultCode.Ok, result.ResultCode, "Unexpected verification result code."); Assert.AreEqual(nameof(DefaultVerificationPolicy), result.RuleName, "Unexpected policy used."); }