Guardtime KSI c SDK
policy.h
Go to the documentation of this file.
1 /*
2  * Copyright 2013-2016 Guardtime, Inc.
3  *
4  * This file is part of the Guardtime client SDK.
5  *
6  * Licensed under the Apache License, Version 2.0 (the "License").
7  * You may not use this file except in compliance with the License.
8  * You may obtain a copy of the License at
9  * http://www.apache.org/licenses/LICENSE-2.0
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES, CONDITIONS, OR OTHER LICENSES OF ANY KIND, either
13  * express or implied. See the License for the specific language governing
14  * permissions and limitations under the License.
15  * "Guardtime" and "KSI" are trademarks or registered trademarks of
16  * Guardtime, Inc., and no license to trademarks is granted; Guardtime
17  * reserves and retains all trademark rights.
18  */
19 
20 #ifndef POLICY_H
21 #define POLICY_H
22 
23 #include "types.h"
24 #include "ksi.h"
25 #include "common.h"
26 
27 #ifdef __cplusplus
28 extern "C" {
29 #endif
30 
33 
36 
39 
42 
45 
48 
51 
52  void *tempData;
53  };
54 
66 
70  #define KSI_VERIFICATION_ERROR_CODE_LIST\
71  /*Type Code Offset StrCode Description*/\
72  _(GEN, 1, 0x100, "GEN-01", "Wrong document")\
73  _(GEN, 2, 0x100, "GEN-02", "Verification inconclusive") \
74  _(GEN, 3, 0x100, "GEN-03", "Input hash level too large") \
75  _(GEN, 4, 0x100, "GEN-04", "Wrong input hash algorithm") \
76  \
77  _(INT, 1, 0x200, "INT-01", "Inconsistent aggregation hash chains") \
78  _(INT, 2, 0x200, "INT-02", "Inconsistent aggregation hash chain aggregation times") \
79  _(INT, 3, 0x200, "INT-03", "Calendar hash chain input hash mismatch") \
80  _(INT, 4, 0x200, "INT-04", "Calendar hash chain aggregation time mismatch") \
81  _(INT, 5, 0x200, "INT-05", "Calendar hash chain shape inconsistent with aggregation time") \
82  _(INT, 6, 0x200, "INT-06", "Calendar hash chain time inconsistent with calendar authentication record time") \
83  _(INT, 7, 0x200, "INT-07", "Calendar hash chain time inconsistent with publication time") \
84  _(INT, 8, 0x200, "INT-08", "Calendar hash chain root hash is inconsistent with calendar authentication record input hash") \
85  _(INT, 9, 0x200, "INT-09", "Calendar hash chain root hash is inconsistent with published hash value") \
86  _(INT, 10, 0x200, "INT-10", "Aggregation hash chain chain index mismatch") \
87  _(INT, 11, 0x200, "INT-11", "The metadata record in the aggregation hash chain may not be trusted") \
88  _(INT, 12, 0x200, "INT-12", "Inconsistent chain indexes") \
89  _(INT, 13, 0x200, "INT-13", "Document hash algorithm deprecated at the time of signing") \
90  _(INT, 14, 0x200, "INT-14", "RFC3161 compatibility record composed of hash algorithms that where deprecated at the time of signing") \
91  _(INT, 15, 0x200, "INT-15", "Aggregation hash chain uses hash algorithm that was deprecated at the time of signing") \
92  _(INT, 16, 0x200, "INT-16", "Calendar hash chain hash algorithm was obsolete at publication time") \
93  _(INT, 17, 0x200, "INT-17", "The RFC3161 compatibility record output hash algorithm was deprecated at the time of signing") \
94  \
95  _(PUB, 1, 0x300, "PUB-01", "Extender response calendar root hash mismatch") \
96  _(PUB, 2, 0x300, "PUB-02", "Extender response inconsistent") \
97  _(PUB, 3, 0x300, "PUB-03", "Extender response input hash mismatch") \
98  _(PUB, 4, 0x300, "PUB-04", "Publication record hash and user provided publication hash mismatch") \
99  _(PUB, 5, 0x300, "PUB-05", "Publication record hash and publications file publication hash mismatch") \
100  \
101  _(KEY, 2, 0x400, "KEY-02", "PKI signature not verified with certificate") \
102  _(KEY, 3, 0x400, "KEY-03", "Signing certificate not valid at aggregation time") \
103  \
104  _(CAL, 1, 0x500, "CAL-01", "Calendar root hash mismatch between signature and calendar database chain") \
105  _(CAL, 2, 0x500, "CAL-02", "Aggregation hash chain root hash and calendar database hash chain input hash mismatch") \
106  _(CAL, 3, 0x500, "CAL-03", "Aggregation time mismatch") \
107  _(CAL, 4, 0x500, "CAL-04", "Calendar hash chain right links are inconsistent")
108 
109  #define KSI_VERIFICATION_ERROR_CODE_DEPRECATED_LIST\
110  /*Type Code Offset StrCode Description*/\
111  _(KEY, 1, 0x400, "KEY-01", "Certificate not found") /* Deprecated in 3.19 */ \
112 
113 
119 #define _(type, code, offset, cor, desc) KSI_VER_ERR_##type##_##code = (offset + code),
121 #undef _
122 #define _(type, code, offset, cor, desc) KSI_ENUM_DEPRECATED(KSI_VER_ERR_##type##_##code, Removed from verfication process!),
124 #undef _
127 
134  const char *ruleName;
136  const char *policyName;
142  size_t stepsFailed;
144  int status;
149  };
150 
152 
154 #define KSI_RuleVerificationResultList_append(lst, o) KSI_APPLY_TO_NOT_NULL((lst), append, ((lst), (o)))
155 #define KSI_RuleVerificationResultList_remove(lst, pos, o) KSI_APPLY_TO_NOT_NULL((lst), removeElement, ((lst), (pos), (o)))
156 #define KSI_RuleVerificationResultList_indexOf(lst, o, i) KSI_APPLY_TO_NOT_NULL((lst), indexOf, ((lst), (o), (i)))
157 #define KSI_RuleVerificationResultList_insertAt(lst, pos, o) KSI_APPLY_TO_NOT_NULL((lst), insertAt, ((lst), (pos), (o)))
158 #define KSI_RuleVerificationResultList_replaceAt(lst, pos, o) KSI_APPLY_TO_NOT_NULL((lst), replaceAt, ((lst), (pos), (o)))
159 #define KSI_RuleVerificationResultList_elementAt(lst, pos, o) KSI_APPLY_TO_NOT_NULL((lst), elementAt, ((lst), (pos), (o)))
160 #define KSI_RuleVerificationResultList_length(lst) (((lst) != NULL && (lst)->length != NULL) ? (lst)->length((lst)) : 0)
161 #define KSI_RuleVerificationResultList_find(lst, o,f, i) KSI_APPLY_TO_NOT_NULL((lst), find, ((lst), (o), (f), (i)))
162 
163 #define KSI_TlvElementList_sort(lst, cmp) KSI_APPLY_TO_NOT_NULL((lst), sort, ((lst), (cmp)))
164 #define KSI_TlvElementList_foldl(lst, foldCtx, foldFn) (((lst) != NULL) ? (((lst)->foldl != NULL) ? ((lst)->foldl((lst), (foldCtx), (foldFn))) : KSI_INVALID_STATE) : KSI_OK)
165 #define KSI_TlvElementList_find(lst, o,f, i) KSI_APPLY_TO_NOT_NULL((lst), find, ((lst), (o), (f), (i)))
166 
173 
181 
187  size_t ref;
193  KSI_LIST(KSI_RuleVerificationResult) *ruleResults;
195  KSI_LIST(KSI_RuleVerificationResult) *policyResults;
196  };
197 
205 
206  typedef enum RuleType_en {
235  } KSI_RuleType;
236 
237  typedef struct KSI_Rule_st {
239  const void *rule;
240  } KSI_Rule;
241 
250  const char *KSI_VerificationErrorCode_toString(int errorCode);
251 
257  int KSI_VerificationErrorCode_fromString(const char *errCodeStr);
258 
268  const char *KSI_Policy_getErrorString(int errorCode);
269 
283  int KSI_Policy_create(KSI_CTX *ctx, const KSI_Rule *rules, const char *name, KSI_Policy **policy);
284 
295  int KSI_Policy_clone(KSI_CTX *ctx, const KSI_Policy *policy, KSI_Policy **clone);
296 
307  int KSI_Policy_setFallback(KSI_CTX *ctx, KSI_Policy *policy, const KSI_Policy *fallback);
308 
323 
331  void KSI_Policy_free(KSI_Policy *policy);
332 
340 
348 
356 
357 #ifdef __cplusplus
358 }
359 #endif
360 
361 #endif /* POLICY_H */
const KSI_DataHash * documentHash
Definition: policy.h:44
Definition: policy.h:237
#define KSI_uint64_t
Definition: types_base.h:105
KSI_VerificationResultCode resultCode
Definition: policy.h:189
#define KSI_VERIFICATION_ERROR_CODE_DEPRECATED_LIST
Definition: policy.h:109
const KSI_Policy * KSI_VERIFICATION_POLICY_EMPTY
Definition: policy.h:60
Definition: policy.h:225
Definition: policy.h:62
KSI_Signature * signature
Definition: policy.h:35
int KSI_VerificationContext_init(KSI_VerificationContext *context, KSI_CTX *ctx)
struct KSI_PublicationsFile_st KSI_PublicationsFile
Definition: publicationsfile.h:45
const char * ruleName
Definition: policy.h:134
size_t stepsSuccessful
Definition: policy.h:140
struct KSI_PublicationData_st KSI_PublicationData
Definition: types.h:59
KSI_RuleType type
Definition: policy.h:238
int KSI_RuleVerificationResult_init(KSI_RuleVerificationResult *result)
KSI_VerificationErrorCode_en
Definition: policy.h:116
Definition: policy.h:64
size_t stepsFailed
Definition: policy.h:142
const char * KSI_VerificationErrorCode_toString(int errorCode)
const KSI_Policy * KSI_VERIFICATION_POLICY_GENERAL
int KSI_Policy_setFallback(KSI_CTX *ctx, KSI_Policy *policy, const KSI_Policy *fallback)
const void * rule
Definition: policy.h:239
#define KSI_VERIFICATION_ERROR_CODE_LIST
Definition: policy.h:70
KSI_CTX * ctx
Definition: policy.h:32
int KSI_SignatureVerifier_verify(const KSI_Policy *policy, KSI_VerificationContext *context, KSI_PolicyVerificationResult **result)
struct KSI_DataHash_st KSI_DataHash
Definition: hash.h:52
int KSI_Policy_create(KSI_CTX *ctx, const KSI_Rule *rules, const char *name, KSI_Policy **policy)
Definition: policy.h:234
size_t ref
Definition: policy.h:187
KSI_VerificationErrorCode errorCode
Definition: policy.h:132
KSI_VerificationResultCode_en
Definition: policy.h:58
void * tempData
Definition: policy.h:52
const KSI_PublicationData * userPublication
Definition: policy.h:47
#define KSI_DEFINE_EXTERN(e)
Definition: common.h:87
const KSI_Policy * KSI_VERIFICATION_POLICY_INTERNAL
void KSI_VerificationContext_clean(KSI_VerificationContext *context)
int KSI_VerificationErrorCode_fromString(const char *errCodeStr)
void KSI_PolicyVerificationResult_free(KSI_PolicyVerificationResult *result)
const KSI_Policy * KSI_VERIFICATION_POLICY_USER_PUBLICATION_BASED
size_t stepsPerformed
Definition: policy.h:138
KSI_uint64_t docAggrLevel
Definition: policy.h:41
int KSI_Policy_clone(KSI_CTX *ctx, const KSI_Policy *policy, KSI_Policy **clone)
struct KSI_Signature_st KSI_Signature
Definition: types.h:67
Definition: policy.h:125
Definition: policy.h:31
enum KSI_VerificationErrorCode_en KSI_VerificationErrorCode
KSI_LIST(KSI_RuleVerificationResult)*ruleResults
const char * policyName
Definition: policy.h:136
#define KSI_DEFINE_LIST(type)
Definition: list.h:159
const KSI_Policy * KSI_VERIFICATION_POLICY_PUBLICATIONS_FILE_BASED
struct KSI_Policy_st KSI_Policy
Definition: types.h:70
void KSI_Policy_free(KSI_Policy *policy)
Definition: policy.h:118
const KSI_Policy * KSI_VERIFICATION_POLICY_CALENDAR_BASED
struct KSI_CTX_st KSI_CTX
Definition: types_base.h:124
const KSI_Policy * KSI_VERIFICATION_POLICY_KEY_BASED
enum KSI_VerificationResultCode_en KSI_VerificationResultCode
char * statusMessage
Definition: policy.h:148
Definition: policy.h:128
int extendingAllowed
Definition: policy.h:38
void KSI_RuleVerificationResult_clean(KSI_RuleVerificationResult *result)
int status
Definition: policy.h:144
KSI_RuleVerificationResult finalResult
Definition: policy.h:191
const char * KSI_Policy_getErrorString(int errorCode)
KSI_VerificationResultCode resultCode
Definition: policy.h:130
struct KSI_Rule_st KSI_Rule
RuleType_en
Definition: policy.h:206
KSI_PublicationsFile * userPublicationsFile
Definition: policy.h:50
Definition: policy.h:216
Definition: policy.h:185
enum RuleType_en KSI_RuleType
int statusExt
Definition: policy.h:146