Commit 8e2f734e authored by Tomáš Stefan's avatar Tomáš Stefan

print subfilter and hash function

parent 1a1acad7
......@@ -725,7 +725,7 @@ CITE_BIB_FILES =
# messages are off.
# The default value is: NO.
QUIET = NO
QUIET = YES
# The WARNINGS tag can be used to turn on/off the warning messages that are
# generated to standard error (stderr) by doxygen. If WARNINGS is set to YES
......@@ -741,7 +741,7 @@ WARNINGS = YES
# will automatically be disabled.
# The default value is: YES.
WARN_IF_UNDOCUMENTED = YES
WARN_IF_UNDOCUMENTED = NO
# If the WARN_IF_DOC_ERROR tag is set to YES, doxygen will generate warnings for
# potential errors in the documentation, such as not documenting some parameters
......
......@@ -38,6 +38,13 @@
#define SUBFILTER_UNKNOWN 0
#define SUBFILTER_adbe_x509_rsa_sha1 1
#define HASH_FN_UNKNOWN 0
#define HASH_FN_sha1 1
#define HASH_FN_sha256 2
#define HASH_FN_sha384 3
#define HASH_FN_sha512 4
#define HASH_FN_ripemd160 5
#define CERT_STATUS_UNKNOWN 0
#define CERT_STATUS_VERIFIED 1
#define CERT_STATUS_FAILED 2
......
......@@ -106,6 +106,22 @@ sigil_err_t sigil_get_cert_validation_result(sigil_t *sgl, int *result);
*/
sigil_err_t sigil_get_data_integrity_result(sigil_t *sgl, int *result);
/** @brief Get the subfilter value from the provided context
*
* @param sgl context
* @param subfilter output - the subfiter value
* @return ERR_NONE if success
*/
sigil_err_t sigil_get_subfilter(sigil_t *sgl, int *subfilter);
/** @brief Get the hash function used for the integrity check
*
* @param sgl context
* @param hash_fn output - used message digest function
* @return ERR_NONE if success
*/
sigil_err_t sigil_get_hash_fn(sigil_t *sgl, int *hash_fn);
/** @brief Get the original message digest (from the signature) from the
* provided context
*
......@@ -142,19 +158,23 @@ void sigil_print_original_digest(sigil_t *sgl);
*/
void sigil_print_computed_digest(sigil_t *sgl);
/** @brief Print information about the signing certificate to the standard output
/** @brief Print digital signature subfilter value to the standard output
*
* @param sgl context
*/
void sigil_print_cert_info(sigil_t *sgl);
void sigil_print_subfilter(sigil_t *sgl);
/** @brief Get the subfilter value from the provided context
/** @brief Print the hash function used to the standard output
*
* @param sgl context
* @param subfilter output - the subfiter value
* @return ERR_NONE if success
*/
sigil_err_t sigil_get_subfilter(sigil_t *sgl, int *subfilter);
void sigil_print_hash_fn(sigil_t *sgl);
/** @brief Print information about the signing certificate to the standard output
*
* @param sgl context
*/
void sigil_print_cert_info(sigil_t *sgl);
/** @brief Cleans-up the provided sigil context
*
......
......@@ -112,6 +112,7 @@ typedef struct {
size_t sig_flags;
int subfilter_type;
int xref_type;
int hash_fn;
// indirect reference to pdf parts
reference_t ref_acroform;
reference_t ref_catalog_dict;
......
......@@ -98,14 +98,25 @@ sigil_err_t compute_digest_pkcs1(sigil_t *sgl)
}
// only allowed algorithms
if (EVP_MD_type(evp_md) != NID_sha1 &&
EVP_MD_type(evp_md) != NID_sha256 &&
EVP_MD_type(evp_md) != NID_sha384 &&
EVP_MD_type(evp_md) != NID_sha512 &&
EVP_MD_type(evp_md) != NID_ripemd160)
{
err = ERR_DIGEST_TYPE;
goto end;
switch (EVP_MD_type(evp_md)) {
case NID_sha1:
sgl->hash_fn = HASH_FN_sha1;
break;
case NID_sha256:
sgl->hash_fn = HASH_FN_sha256;
break;
case NID_sha384:
sgl->hash_fn = HASH_FN_sha384;
break;
case NID_sha512:
sgl->hash_fn = HASH_FN_sha512;
break;
case NID_ripemd160:
sgl->hash_fn = HASH_FN_ripemd160;
break;
default:
err = ERR_DIGEST_TYPE;
goto end;
}
if (EVP_DigestInit_ex(ctx, evp_md, NULL) != 1) {
......
......@@ -41,6 +41,7 @@ sigil_err_t sigil_init(sigil_t **sgl)
(*sgl)->sig_flags = 0;
(*sgl)->subfilter_type = SUBFILTER_UNKNOWN;
(*sgl)->xref_type = XREF_TYPE_UNSET;
(*sgl)->hash_fn = HASH_FN_UNKNOWN;
(*sgl)->ref_acroform.object_num = 0;
(*sgl)->ref_acroform.generation_num = 0;
(*sgl)->ref_catalog_dict.object_num = 0;
......@@ -393,6 +394,26 @@ sigil_err_t sigil_get_data_integrity_result(sigil_t *sgl, int *result)
return ERR_NONE;
}
sigil_err_t sigil_get_subfilter(sigil_t *sgl, int *subfilter)
{
if (sgl == NULL || subfilter == NULL)
return ERR_PARAMETER;
*subfilter = sgl->subfilter_type;
return ERR_NONE;
}
sigil_err_t sigil_get_hash_fn(sigil_t *sgl, int *hash_fn)
{
if (sgl == NULL || hash_fn == NULL)
return ERR_PARAMETER;
*hash_fn = sgl->hash_fn;
return ERR_NONE;
}
sigil_err_t sigil_get_original_digest(sigil_t *sgl, ASN1_OCTET_STRING **digest)
{
if (sgl == NULL || digest == NULL)
......@@ -458,26 +479,67 @@ void sigil_print_computed_digest(sigil_t *sgl)
sigil_print_digest(digest);
}
void sigil_print_cert_info(sigil_t *sgl)
void sigil_print_subfilter(sigil_t *sgl)
{
BIO *out = BIO_new_fp(stdout,BIO_NOCLOSE);
int subfilter;
if (sgl == NULL || sgl->certificates == NULL || sgl->certificates->x509 == NULL)
if (sgl == NULL)
return;
X509_print_ex(out, sgl->certificates->x509, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
if (sigil_get_subfilter(sgl, &subfilter) != ERR_NONE)
return;
BIO_free_all(out);
switch (subfilter) {
case SUBFILTER_adbe_x509_rsa_sha1:
printf("adbe.x509.rsa_sha1 (PKCS#1)");
break;
default:
printf("unknown");
}
}
sigil_err_t sigil_get_subfilter(sigil_t *sgl, int *subfilter)
void sigil_print_hash_fn(sigil_t *sgl)
{
if (sgl == NULL || subfilter == NULL)
return ERR_PARAMETER;
int hash_fn;
*subfilter = sgl->subfilter_type;
if (sgl == NULL)
return;
return ERR_NONE;
if (sigil_get_hash_fn(sgl, &hash_fn) != ERR_NONE)
return;
switch (hash_fn) {
case HASH_FN_sha1:
printf("SHA-1");
break;
case HASH_FN_sha256:
printf("SHA-256");
break;
case HASH_FN_sha384:
printf("SHA-384");
break;
case HASH_FN_sha512:
printf("SHA-512");
break;
case HASH_FN_ripemd160:
printf("RIPEMD160");
break;
default:
printf("unknown");
break;
}
}
void sigil_print_cert_info(sigil_t *sgl)
{
BIO *out = BIO_new_fp(stdout,BIO_NOCLOSE);
if (sgl == NULL || sgl->certificates == NULL || sgl->certificates->x509 == NULL)
return;
X509_print_ex(out, sgl->certificates->x509, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
BIO_free_all(out);
}
static void range_free(range_t *range)
......
......@@ -95,7 +95,8 @@ int main(int argc, char *argv[])
cert_info = 1;
} else {
if (!quiet) {
fprintf(stderr, COLOR_RED"ERROR unknown parameter: "COLOR_RESET"%s\n", argv[pos]);
fprintf(stderr, COLOR_RED
"ERROR unknown parameter: "COLOR_RESET"%s\n", argv[pos]);
print_banner();
}
goto end;
......@@ -119,35 +120,45 @@ int main(int argc, char *argv[])
// initialize sigil context
if (sigil_init(&sgl) != ERR_NONE) {
if (!quiet)
fprintf(stderr, " ERROR initialize sigil context\n");
if (!quiet) {
fprintf(stderr, COLOR_RED
" ERROR initialize sigil context\n"COLOR_RESET);
}
goto end;
}
// set PDF file for the verification
if (sigil_set_pdf_path(sgl, file) != ERR_NONE) {
if (!quiet)
fprintf(stderr, " ERROR with provided file\n");
if (!quiet) {
fprintf(stderr, COLOR_RED
" ERROR with provided file\n"COLOR_RESET);
}
goto end;
}
// set trusted CA certificates
if (trusted_system) {
if (sigil_set_trusted_system(sgl) != ERR_NONE) {
if (!quiet)
fprintf(stderr, " ERROR setting trusted certificates\n");
if (!quiet) {
fprintf(stderr, COLOR_RED
" ERROR setting trusted certificates\n"COLOR_RESET);
}
goto end;
}
} else if (trusted_file != NULL) {
if (sigil_set_trusted_file(sgl, trusted_file) != ERR_NONE) {
if (!quiet)
fprintf(stderr, " ERROR setting trusted certificates\n");
if (!quiet) {
fprintf(stderr, COLOR_RED
" ERROR setting trusted certificates\n"COLOR_RESET);
}
goto end;
}
} else if (trusted_dir != NULL) {
if (sigil_set_trusted_dir(sgl, trusted_dir) != ERR_NONE) {
if (!quiet)
fprintf(stderr, " ERROR setting trusted certificates\n");
if (!quiet) {
fprintf(stderr, COLOR_RED
" ERROR setting trusted certificates\n"COLOR_RESET);
}
goto end;
}
}
......@@ -157,9 +168,11 @@ int main(int argc, char *argv[])
if (err != ERR_NONE) {
if (!quiet) {
if (err == ERR_NOT_IMPLEMENTED) {
fprintf(stderr, " ERROR file uses feature that is not implemented\n");
fprintf(stderr, COLOR_RED
" ERROR file uses feature that is not implemented\n"COLOR_RESET);
} else {
fprintf(stderr, " ERROR obtaining verification result from the context\n");
fprintf(stderr, COLOR_RED
" ERROR obtaining verification result from the context\n"COLOR_RESET);
}
}
goto end;
......@@ -169,19 +182,25 @@ int main(int argc, char *argv[])
if (err != ERR_NONE) {
if (!quiet) {
if (err == ERR_NOT_IMPLEMENTED) {
fprintf(stderr, " ERROR file uses feature that is not implemented\n");
fprintf(stderr, COLOR_RED
" ERROR file uses feature that is not implemented\n"COLOR_RESET);
} else {
fprintf(stderr, " ERROR obtaining verification result from the context\n");
fprintf(stderr, COLOR_RED
" ERROR obtaining verification result from the context\n"COLOR_RESET);
}
}
goto end;
}
if (sigil_get_data_integrity_result(sgl, &result_integrity) != ERR_NONE && !quiet)
fprintf(stderr, " ERROR failed to obtain data integrity result\n");
if (sigil_get_data_integrity_result(sgl, &result_integrity) != ERR_NONE && !quiet) {
fprintf(stderr, COLOR_RED
" ERROR failed to obtain data integrity result\n"COLOR_RESET);
}
if (sigil_get_cert_validation_result(sgl, &result_certificate) != ERR_NONE && !quiet)
fprintf(stderr, " ERROR failed to obtain certificate validation result\n");
if (sigil_get_cert_validation_result(sgl, &result_certificate) != ERR_NONE && !quiet) {
fprintf(stderr, COLOR_RED
" ERROR failed to obtain certificate validation result\n"COLOR_RESET);
}
// print verification result
if (result == VERIFY_SUCCESS) {
......@@ -195,6 +214,12 @@ int main(int argc, char *argv[])
// print verification details
if (!quiet) {
printf(" %-20s", "subfilter:");
sigil_print_subfilter(sgl);
printf("\n");
printf(" %-20s", "hash function:");
sigil_print_hash_fn(sgl);
printf("\n\n");
printf(" DATA INTEGRITY\n");
printf(" --------------\n");
printf(" %-20s", "original digest:");
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment