/usr/include/libdigidoc/DigiDocVerify.h is in libdigidoc-dev 3.10.1.1208+ds1-2.1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 | #ifndef __DIGIDOC_VERIFY_H__
#define __DIGIDOC_VERIFY_H__
//==================================================
// FILE: DigiDocVerify.h
// PROJECT: Digi Doc
// DESCRIPTION: DigiDoc verification routines
// AUTHOR: Veiko Sinivee, S|E|B IT Partner Estonia
//==================================================
// Copyright (C) AS Sertifitseerimiskeskus
// This library is free software; you can redistribute it and/or
// modify it under the terms of the GNU Lesser General Public
// License as published by the Free Software Foundation; either
// version 2.1 of the License, or (at your option) any later version.
// This library is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
// Lesser General Public License for more details.
// GNU Lesser General Public Licence is available at
// http://www.gnu.org/copyleft/lesser.html
//==========< HISTORY >=============================
// 26.04.2006 Veiko Sinivee
// Creation
//==================================================
#include "DigiDocDefs.h"
#include "DigiDocObj.h"
#include "DigiDocMem.h"
#include <openssl/x509.h>
#include <openssl/ocsp.h>
//==========< XML generation routines >========================
#ifdef __cplusplus
extern "C" {
#endif
// Holds info of an xml element used in signature format
typedef struct XmlElemDef_st {
char* szTag; // element tag
char bMultiple; // 'Y' if multiple elements allowed, 'N' if not
void** pChildren; // list of children terminated by NULL
} XmlElemDef;
// Holds info of an xml element used in signature format
typedef struct XmlElemInfo_st {
char* szId; // element tag
char* szTag; // element tag
void* pParent; // parent emenent info if exists
void** pChildren; // list of children terminated by NULL
} XmlElemInfo;
int XmlElemInfo_new(XmlElemInfo **ppXi, const char* id, const char* tag);
void XmlElemInfo_free(XmlElemInfo* pXi);
int XmlElemInfo_countChildren(XmlElemInfo* pXi);
int XmlElemInfo_addChild(XmlElemInfo* pParent, XmlElemInfo* pChild);
XmlElemInfo* XmlElemInfo_getRootElem(XmlElemInfo* pElem);
// verifies files signature
EXP_OPTION int verifyFileSignature(const char* szFileName, int nDigestType,
byte* pSigBuf, int nSigLen,
const char *certfile);
// Compares two byte arrays and returns 0 for OK
EXP_OPTION int compareByteArrays(const byte* dig1, int len1, const byte* dig2, int len2);
// verifies one doc's check digests in this signature
EXP_OPTION int verifySigDocDigest(const SignedDoc* pSigDoc, const SignatureInfo* pSigInfo,
const DocInfo* pDocInfo, const char* szDataFile);
// verifies the mime digest of this doc in this signature
EXP_OPTION int verifySigDocMimeDigest(const SignedDoc* pSigDoc, const SignatureInfo* pSigInfo,
const DocInfo* pDocInfo, const char* szFileName);
// verifies this one signature
EXP_OPTION int verifySignatureInfo(const SignedDoc* pSigDoc, const SignatureInfo* pSigInfo,
const char* signerCA, const char* szDataFile, int bUseCA);
// verifies the whole document (returns on first err)
EXP_OPTION int verifySigDoc(const SignedDoc* pSigDoc, const char* signerCA,
const char** caFiles, const char* caPath, const char* notCert,
const char* szDataFile, int bUseCA);
// Verifies the certificates signed attributes
EXP_OPTION int verifySigCert(const SignatureInfo* pSigInfo);
// Verfies NotaryInfo signature
EXP_OPTION int verifyNotaryInfo(const SignedDoc* pSigDoc, const SignatureInfo* pSigInfo,
const NotaryInfo* pNotInfo,
const char ** caFiles, const char *CApath, const char* notCertFile);
// Verifies the certificates signed attributes
EXP_OPTION int verifyNotCert(const SignatureInfo* pSigInfo, const NotaryInfo* pNotInfo);
// Verfies NotaryInfo digest
EXP_OPTION int verifyNotaryDigest(const SignedDoc* pSigDoc, const NotaryInfo* pNotInfo);
// verifies signed doc
EXP_OPTION int verifySigDocCERT(const SignedDoc* pSigDoc, const void* signerCA,
const X509** caCerts,
const char* caPath, const X509* notCert,
const char* szDataFile, int bUseCA);
// Verifies this signature
EXP_OPTION int verifySignatureInfoCERT(const SignedDoc* pSigDoc,
const SignatureInfo* pSigInfo,
const void* signerCACert, const char* szDataFile, int bUseCA);
// Checks if the cert has been signed by this CA-cert
EXP_OPTION int isCertSignedByCERT(const X509* cert, const X509* caCert);
// Verfies NotaryInfo signature
EXP_OPTION int verifyNotaryInfoCERT(const SignedDoc* pSigDoc,
const SignatureInfo* pSigInfo,
const NotaryInfo* pNotInfo,
const X509** caCerts,
const char *CApath, const X509* notCert);
//--------------------------------------------------
// Verfies NotaryInfo signature
// pSigDoc - signed doc object
// pNotInfo - NotaryInfo object
// caCerts - CA certificate pointer array terminated with NULL
// CApath - path to (directory) all certs
// notCertFile - Notary (e.g. OCSP responder) cert file
// pSigCa - signers ca cert
//--------------------------------------------------
EXP_OPTION int verifyNotaryInfoCERT2(const SignedDoc* pSigDoc,
const SignatureInfo* pSigInfo,
const NotaryInfo* pNotInfo,
const X509** caCerts, const char *CApath,
const X509* notCert, const X509* pSigCa);
EXP_OPTION int verifySigDocSigPropDigest(const SignatureInfo* pSigInfo);
// Calculates the digest of NotaryInfo
EXP_OPTION int calculateNotaryInfoDigest(const SignedDoc* pSigDoc,
const NotaryInfo* pNotInfo, byte* digBuf, int* digLen);
int readTagContents(char** data, const char* fileName,
const char* tagName, int nAttrs,
const char** attNames, const char** attValues,
int withTags);
X509_ALGOR* setSignAlgorithm(const EVP_MD * type);
int setup_verifyCERT(X509_STORE **newX509_STORE,
const char *CApath,
const X509** certs);
EXP_OPTION int verifyEstIDSignature(const byte* digest, int digestLen, int nDigestType,
byte* pSigBuf, int nSigLen, X509* cert);
EXP_OPTION int verifyEstIDSignature2(const byte* digest, int digestLen, int nDigestType,
byte* pSigBuf, int nSigLen, X509* cert);
//===========================================================
// Checks and records the knowledge if one signature had
// missing xmlns problem
// pSigDoc - signed doc data
// returns 1 if at least one signature had this problem
//============================================================
EXP_OPTION int checkDdocWrongDigests(const SignedDoc* pSigDoc);
#ifdef __cplusplus
}
#endif
#endif // __DIGIDOC_VERIFY_H__
|