CURL EXPERTS?

[totorcalais]

Hello,

I have this curls commands to use with curlib.pbi :

Code: Select all

curl -H "Content-Type: application/timestamp-query" --data-binary '@file.tsq' https://freetsa.org/tsr > file.tsr

This code allow to find a certified timestamp from the freetsa.org site...

I'm trying to understand the curl logic but I'm a bit (a lot) lost ...

Can a curl specialist help me?

[NicTheQuick]

You can find all its parameters on its man page or online: https://linux.die.net/man/1/curl

[infratec]

Btw.:

https://freetsa.org

Is a free Time Stamp Authority.

This works:

Code: Select all

EnableExplicit

IncludeFile "libcurl.pbi"



Define.i curl, headerList, res, file
Define result$, *file

InitNetwork()

curl = curl_easy_init()
If curl
  curl_easy_setopt_str(curl, #CURLOPT_URL, "https://freetsa.org/tsr")
  
  file = ReadFile(#PB_Any, "file.tsq")
  If file
    *file = AllocateMemory(Lof(file), #PB_Memory_NoClear)
    If *file
      If ReadData(file, *file, MemorySize(*file)) = MemorySize(*file)
        Debug "file loaded"
        curl_easy_setopt(curl, #CURLOPT_POST, #True)
        curl_easy_setopt(curl, #CURLOPT_POSTFIELDSIZE, MemorySize(*file))
        curl_easy_setopt(curl, #CURLOPT_COPYPOSTFIELDS, *file)
      EndIf
      FreeMemory(*file)
    EndIf
    
    CloseFile(file)
  EndIf
  
  curl_easy_setopt(curl, #CURLOPT_SSL_VERIFYPEER, #False)
  curl_easy_setopt(curl, #CURLOPT_SSL_VERIFYHOST, #False)
  
  headerList = curl_slist_append(headerList, "Content-Type: application/timestamp-query")
  
  curl_easy_setopt(curl, #CURLOPT_HTTPHEADER, headerList)
  
  file = CreateFile(#PB_Any, "file.tsr")
  If file
    
    curl_easy_setopt(curl, #CURLOPT_WRITEDATA, file)
    
    curl_easy_setopt(curl, #CURLOPT_WRITEFUNCTION, @LibCurl_WriteFunction())
    
    res = curl_easy_perform(curl)
    If res = #CURLE_OK
      Debug "Ok"
    Else
      Debug "Error: " + curl_easy_strerror(res)
    EndIf
    CloseFile(file)
    
  EndIf
  
  curl_slist_free_all(headerList)
  
  curl_easy_cleanup(curl)
EndIf

But you still need openssl to create the tsq file.
So why you not simply also call curl with RunProgram()?

[infratec]

It should be possible to generate the tsq file directly in PB:

https://medium.com/kuranda-labs-enginee ... 6817e3a89d

[totorcalais]

In fact, i need to use this (information on freetsa.org) :

Create a tsq (TimeStampRequest) file, which contains a hash of the file you want to sign.

$ openssl ts -query -data file.png -no_nonce -sha512 -cert -out file.tsq

Send the TimeStampRequest to freeTSA.org and receive a tsr (TimeStampResponse) file.

$ curl -H "Content-Type: application/timestamp-query" --data-binary '@file.tsq' https://freetsa.org/tsr > file.tsr

With the public Certificates you can verify the TimeStampRequest.

$ openssl ts -verify -in file.tsr -queryfile file.tsq -CAfile cacert.pem -untrusted tsa.crt

I have openssl for windows and curl but the second line

$ curl -H "Content-Type: application/timestamp-query" --data-binary '@d:\file.tsq' https://freetsa.org/tsr > d:\file.tsr

Nota :@d:\file.tsq is the tsq file generated par first line command.

The file d:\file.tsr is created but contain an error bad request error...

[Marc56us]

For Windows change ' to " ( "@file.tsq" )

Code: Select all

un*x
curl -H "Content-Type: application/timestamp-query" --data-binary '@d:\file.tsq' https://freetsa.org/tsr > d:\file.tsr

Windows
curl -H "Content-Type: application/timestamp-query" --data-binary "@file.tsq" https://freetsa.org/tsr > file.tsr

Note: I haven't tested with an absolute path, but you may have to double the \ too

[totorcalais]

Yes, its true.
Thanks

Is now a good tsr file right.

With a runprogram, the hardest part is playing with the parameters that contain "" and "";)

Curl is in native windows10 but i have to install openssl windows for use my project.

I would have liked to find a more embedded solution. But I know my needs to progress and it takes a long time.

In the meantime, the important thing is that it works.

Thanks for your help

[infratec]

All in one without openssl

Only a bit ASN.1
But since the length of all entries is fixed, it is no problem to 'build' it by hand.

Code: Select all

EnableExplicit

IncludeFile "libcurl.pbi"



Define.i curl, headerList, res, file, i
Define result$, *tsq, fileName$, SHA512$

InitNetwork()
UseSHA2Fingerprint()

fileName$ = OpenFileRequester("Choose a file for a TimeStamp", "", "All|*.*", 0)
If fileName$
  SHA512$ = FileFingerprint(fileName$, #PB_Cipher_SHA2, 512)
  If SHA512$ <> ""
    *tsq = AllocateMemory(91)
    If *tsq
      PokeA(*tsq +  0, $30)  ; Sequence
      PokeA(*tsq +  1, $59)  ; length of Sequence
      PokeA(*tsq +  2, $02)  ; Integer
      PokeA(*tsq +  3, $01)  ; length of Integer
      PokeA(*tsq +  4, $01)  ; 1 -> Version
      PokeA(*tsq +  5, $30)  ; Sequence
      PokeA(*tsq +  6, $51)  ; length of Sequence
      PokeA(*tsq +  7, $30)  ; Sequence
      PokeA(*tsq +  8, $0D)  ; length of Sequence
      PokeA(*tsq +  9, $06)  ; ObjectIDentifier
      PokeA(*tsq + 10, $09)  ; length of OID
      PokeA(*tsq + 11, $60)  ; OID: SHA512 = 2.16.840.1.101.3.4.2.3
      PokeA(*tsq + 12, $86)
      PokeA(*tsq + 13, $48)
      PokeA(*tsq + 14, $01)  ; .1
      PokeA(*tsq + 15, $65)  ; .101
      PokeA(*tsq + 16, $03)  ; .3
      PokeA(*tsq + 17, $04)  ; .4
      PokeA(*tsq + 18, $02)  ; .2
      PokeA(*tsq + 19, $03)  ; .3
      PokeA(*tsq + 20, $05)  ; Null
      PokeA(*tsq + 21, $00)  ; length of Null
      PokeA(*tsq + 22, $04)  ; Octet String
      PokeA(*tsq + 23, $40)  ; length of String: 64 bytes = 512 bits
      For i = 0 To 63
        PokeA(*tsq + 24 + i, Val("$" + Mid(SHA512$, i * 2, 2)))
      Next i
      PokeA(*tsq + 88, $01)  ; Boolean
      PokeA(*tsq + 89, $01)  ; length of Boolean
      PokeA(*tsq + 90, $FF)  ; certRequest: 00 = False, FF = True  depending on your needs
      
      file = CreateFile(#PB_Any, fileName$ + ".tsq")
      If file
        WriteData(file, *tsq, MemorySize(*tsq))
        CloseFile(file)
      EndIf
      
      curl = curl_easy_init()
      If curl
        curl_easy_setopt_str(curl, #CURLOPT_URL, "https://freetsa.org/tsr")
        
        curl_easy_setopt(curl, #CURLOPT_POST, #True)
        curl_easy_setopt(curl, #CURLOPT_POSTFIELDSIZE, MemorySize(*tsq))
        curl_easy_setopt(curl, #CURLOPT_COPYPOSTFIELDS, *tsq)
        
        curl_easy_setopt(curl, #CURLOPT_SSL_VERIFYPEER, #False)
        curl_easy_setopt(curl, #CURLOPT_SSL_VERIFYHOST, #False)
        
        headerList = curl_slist_append(headerList, "Content-Type: application/timestamp-query")
        
        curl_easy_setopt(curl, #CURLOPT_HTTPHEADER, headerList)
        
        file = CreateFile(#PB_Any, fileName$ + ".tsr")
        If file
          
          curl_easy_setopt(curl, #CURLOPT_WRITEDATA, file)
          
          curl_easy_setopt(curl, #CURLOPT_WRITEFUNCTION, @LibCurl_WriteFunction())
          
          res = curl_easy_perform(curl)
          If res = #CURLE_OK
            Debug "Ok"
          Else
            Debug "Error: " + curl_easy_strerror(res)
          EndIf
          CloseFile(file)
          
        EndIf
        
        curl_slist_free_all(headerList)
        
        curl_easy_cleanup(curl)
      EndIf
      
      FreeMemory(*tsq)
      
    EndIf
  EndIf
EndIf

[totorcalais]

VERY NICE!
I'm going to take the time to analyze your code to better understand what's going on.

It's really nice to have taken your time to solve this problem on which I was blocking for several days.

[infratec]

I extended the code above, since I recognized that the tsq file is needed for verifications.

But the verification is still missing and more complicated.

[Marc56us]

I wonder if the curl part could not be replaced simply by the new internal PB command HTTPRequestMemory() ?
Since it is possible to send and receive a binary file including with custom http header.

So possibly also the creation / reading part of the hash signature made by the PB lib Cipher ?

(not tested)

[infratec]

In the original request was asked for libcurl, so I did it with libcurl

But libcurl.pbi does nothing else then the PB commands, it also does not require any additional library, since the original PB library is enough.
You have only a bit more control.
For example if you want a timeout, because you don't want to wait 10 seconds or endless.
(long outstanding feature request)

And the cipher stuff id done by PB in my example

[infratec]

Without libcurl:

Code: Select all

EnableExplicit


Define.i file, i, HTTPRequest
Define *tsq, fileName$, SHA512$, *Response
NewMap Headers$()

InitNetwork()
UseSHA2Fingerprint()

fileName$ = OpenFileRequester("Choose a file for a TimeStamp", "", "All|*.*", 0)
If fileName$
  SHA512$ = FileFingerprint(fileName$, #PB_Cipher_SHA2, 512)
  If SHA512$ <> ""
    *tsq = AllocateMemory(91)
    If *tsq
      PokeA(*tsq +  0, $30)  ; Sequence
      PokeA(*tsq +  1, $59)  ; length of Sequence
      PokeA(*tsq +  2, $02)  ; Integer
      PokeA(*tsq +  3, $01)  ; length of Integer
      PokeA(*tsq +  4, $01)  ; 1 -> Version
      PokeA(*tsq +  5, $30)  ; Sequence
      PokeA(*tsq +  6, $51)  ; length of Sequence
      PokeA(*tsq +  7, $30)  ; Sequence
      PokeA(*tsq +  8, $0D)  ; length of Sequence
      PokeA(*tsq +  9, $06)  ; ObjectIDentifier
      PokeA(*tsq + 10, $09)  ; length of OID
      PokeA(*tsq + 11, $60)  ; OID: SHA512 = 2.16.840.1.101.3.4.2.3
      PokeA(*tsq + 12, $86)
      PokeA(*tsq + 13, $48)
      PokeA(*tsq + 14, $01)  ; .1
      PokeA(*tsq + 15, $65)  ; .101
      PokeA(*tsq + 16, $03)  ; .3
      PokeA(*tsq + 17, $04)  ; .4
      PokeA(*tsq + 18, $02)  ; .2
      PokeA(*tsq + 19, $03)  ; .3
      PokeA(*tsq + 20, $05)  ; Null
      PokeA(*tsq + 21, $00)  ; length of Null
      PokeA(*tsq + 22, $04)  ; Octet String
      PokeA(*tsq + 23, $40)  ; length of String: 64 bytes = 512 bits
      For i = 0 To 63
        PokeA(*tsq + 24 + i, Val("$" + Mid(SHA512$, i * 2, 2)))
      Next i
      PokeA(*tsq + 88, $01)  ; Boolean
      PokeA(*tsq + 89, $01)  ; length of Boolean
      PokeA(*tsq + 90, $FF)  ; certRequest: 00 = False, FF = True  depending on your needs
      
      file = CreateFile(#PB_Any, fileName$ + ".tsq")
      If file
        WriteData(file, *tsq, MemorySize(*tsq))
        CloseFile(file)
      EndIf
      
      Headers$("Content-Type") = "application/timestamp-query"
      
      HTTPRequest = HTTPRequestMemory(#PB_HTTP_Post, "https://freetsa.org/tsr", *tsq, MemorySize(*tsq), 0, Headers$())
      If HTTPRequest
        
        If HTTPInfo(HTTPRequest, #PB_HTTP_StatusCode) = "200"
          
          *Response = HTTPMemory(HTTPRequest)
          If *Response
            
            file = CreateFile(#PB_Any, fileName$ + ".tsr")
            If file
              WriteData(file, *Response, MemorySize(*Response))
              CloseFile(file)
            EndIf
            FreeMemory(*Response)
          EndIf
        EndIf
        
        FinishHTTP(HTTPRequest)
        
      EndIf
      
      FreeMemory(*tsq)
      
    EndIf
  EndIf
EndIf

[totorcalais]

Great!

Very interesting.

Thank you for your help.