gwenhywfar  4.3.1
ctfile.c
Go to the documentation of this file.
00001 /***************************************************************************
00002     begin       : Wed Mar 16 2005
00003     copyright   : (C) 2005-2010 by Martin Preuss
00004     email       : martin@libchipcard.de
00005 
00006  ***************************************************************************
00007  *          Please see toplevel file COPYING for license details           *
00008  ***************************************************************************/
00009 
00010 #ifdef HAVE_CONFIG_H
00011 # include <config.h>
00012 #endif
00013 
00014 #define DISABLE_DEBUGLOG
00015 
00016 
00017 #include "ctfile_p.h"
00018 #include "i18n_l.h"
00019 #include <gwenhywfar/ctf_context_be.h>
00020 #include <gwenhywfar/misc.h>
00021 #include <gwenhywfar/debug.h>
00022 #include <gwenhywfar/padd.h>
00023 #include <gwenhywfar/cryptkeyrsa.h>
00024 #include <gwenhywfar/text.h>
00025 
00026 #include <sys/types.h>
00027 #include <sys/stat.h>
00028 #include <fcntl.h>
00029 #include <string.h>
00030 #include <errno.h>
00031 #include <stdlib.h>
00032 #include <unistd.h>
00033 
00034 
00035 
00036 GWEN_INHERIT(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE)
00037 
00038 
00039 
00040 
00041 
00042 int GWEN_Crypt_TokenFile__OpenFile(GWEN_CRYPT_TOKEN *ct, int wr, uint32_t gid){
00043   int fd;
00044   GWEN_CRYPT_TOKEN_FILE *lct;
00045   GWEN_FSLOCK_RESULT lres;
00046   const char *fname;
00047 
00048   assert(ct);
00049   lct=GWEN_INHERIT_GETDATA(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE, ct);
00050   assert(lct);
00051 
00052   fname = GWEN_Crypt_Token_GetTokenName(ct);
00053   if (!fname) {
00054     DBG_ERROR(GWEN_LOGDOMAIN, "No name of the crypt token set - maybe you need to set the key file as token name? Cannot lock token.");
00055     return GWEN_ERROR_IO;
00056   }
00057 
00058   lct->lock=GWEN_FSLock_new(fname,
00059                             GWEN_FSLock_TypeFile);
00060   lres=GWEN_FSLock_Lock(lct->lock, 10000, gid);
00061   if (lres!=GWEN_FSLock_ResultOk) {
00062     GWEN_FSLock_free(lct->lock);
00063     lct->lock=0;
00064     DBG_ERROR(GWEN_LOGDOMAIN, "Could not lock file");
00065     if (lres==GWEN_FSLock_ResultUserAbort)
00066       return GWEN_ERROR_USER_ABORTED;
00067     else
00068       return GWEN_ERROR_IO;
00069   }
00070   else {
00071     DBG_INFO(GWEN_LOGDOMAIN,
00072              "Keyfile [%s] locked.",
00073              GWEN_Crypt_Token_GetTokenName(ct));
00074   }
00075 
00076   if (wr) {
00077     /* write file */
00078     fd=open(GWEN_Crypt_Token_GetTokenName(ct),
00079             O_RDWR|O_CREAT
00080 #ifdef OS_WIN32
00081             | O_BINARY
00082 #endif
00083             ,
00084             S_IRUSR|S_IWUSR | lct->keyfile_mode);
00085   }
00086   else {
00087     /* Remember the access permissions when opening the file */
00088     struct stat statbuffer;
00089     if (!stat(GWEN_Crypt_Token_GetTokenName(ct), &statbuffer)) {
00090       /* Save the access mode, but masked by the bit masks for
00091          user/group/other permissions */
00092       lct->keyfile_mode = 
00093         statbuffer.st_mode & (S_IRWXU
00094 #ifndef OS_WIN32
00095                               | S_IRWXG | S_IRWXO
00096 #endif
00097                               );
00098     }
00099     else {
00100       DBG_ERROR(GWEN_LOGDOMAIN,
00101                 "stat(%s): %s",
00102                 GWEN_Crypt_Token_GetTokenName(ct),
00103                 strerror(errno));
00104 
00105       GWEN_FSLock_Unlock(lct->lock);
00106       GWEN_FSLock_free(lct->lock);
00107       lct->lock=0;
00108       DBG_INFO(GWEN_LOGDOMAIN,
00109                "Keyfile [%s] unlocked.",
00110                GWEN_Crypt_Token_GetTokenName(ct));
00111       return GWEN_ERROR_IO;
00112     }
00113 
00114     /* and open the file */
00115     fd=open(GWEN_Crypt_Token_GetTokenName(ct),
00116             O_RDONLY
00117 #ifdef OS_WIN32
00118             | O_BINARY
00119 #endif
00120            );
00121   }
00122 
00123   if (fd==-1) {
00124     DBG_ERROR(GWEN_LOGDOMAIN,
00125               "open(%s): %s",
00126               GWEN_Crypt_Token_GetTokenName(ct),
00127               strerror(errno));
00128     GWEN_FSLock_Unlock(lct->lock);
00129     GWEN_FSLock_free(lct->lock);
00130     lct->lock=0;
00131     DBG_INFO(GWEN_LOGDOMAIN,
00132              "Keyfile [%s] unlocked.",
00133              GWEN_Crypt_Token_GetTokenName(ct));
00134     return GWEN_ERROR_IO;
00135   }
00136 
00137   lct->fd=fd;
00138 
00139   return 0;
00140 }
00141 
00142 
00143 
00144 int GWEN_Crypt_TokenFile__CloseFile(GWEN_CRYPT_TOKEN *ct, uint32_t gid){
00145   GWEN_CRYPT_TOKEN_FILE *lct;
00146   GWEN_FSLOCK_RESULT lres;
00147   struct stat st;
00148 
00149   assert(ct);
00150   lct=GWEN_INHERIT_GETDATA(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE, ct);
00151   assert(lct);
00152 
00153   if (lct->fd==-1) {
00154     DBG_ERROR(GWEN_LOGDOMAIN, "Keyfile \"%s\"not open",
00155               GWEN_Crypt_Token_GetTokenName(ct));
00156     return GWEN_ERROR_INTERNAL;
00157   }
00158 
00159   if (close(lct->fd)) {
00160     DBG_ERROR(GWEN_LOGDOMAIN, "close(%s): %s",
00161               GWEN_Crypt_Token_GetTokenName(ct), strerror(errno));
00162     lct->fd=-1;
00163     GWEN_FSLock_Unlock(lct->lock);
00164     GWEN_FSLock_free(lct->lock);
00165     lct->lock=0;
00166     DBG_INFO(GWEN_LOGDOMAIN,
00167              "Keyfile [%s] unlocked.",
00168              GWEN_Crypt_Token_GetTokenName(ct));
00169     return GWEN_ERROR_IO;
00170   }
00171   lct->fd=-1;
00172 
00173   lres=GWEN_FSLock_Unlock(lct->lock);
00174   if (lres!=GWEN_FSLock_ResultOk) {
00175     DBG_WARN(GWEN_LOGDOMAIN, "Error removing lock from \"%s\": %d",
00176              GWEN_Crypt_Token_GetTokenName(ct), lres);
00177   }
00178   GWEN_FSLock_free(lct->lock);
00179   lct->lock=0;
00180   DBG_INFO(GWEN_LOGDOMAIN,
00181            "Keyfile [%s] unlocked.",
00182            GWEN_Crypt_Token_GetTokenName(ct));
00183 
00184   /* get times */
00185   if (stat(GWEN_Crypt_Token_GetTokenName(ct), &st)) {
00186     DBG_ERROR(GWEN_LOGDOMAIN,
00187               "stat(%s): %s",
00188               GWEN_Crypt_Token_GetTokenName(ct),
00189               strerror(errno));
00190     return GWEN_ERROR_IO;
00191   }
00192 
00193 #ifndef OS_WIN32
00194   if (st.st_mode & 0007) {
00195     DBG_WARN(GWEN_LOGDOMAIN,
00196              "WARNING: Your keyfile \"%s\" is world accessible!\n"
00197              "Nobody but you should have access to the file. You \n"
00198              "should probably change this with \"chmod 600 %s\"",
00199              GWEN_Crypt_Token_GetTokenName(ct),
00200              GWEN_Crypt_Token_GetTokenName(ct));
00201     GWEN_Gui_ProgressLog(gid, GWEN_LoggerLevel_Warning,
00202                          "WARNING: Your keyfile is world accessible!\n"
00203                          "Nobody but you should have access to the file.");
00204   }
00205 #endif
00206   lct->mtime=st.st_mtime;
00207   lct->ctime=st.st_ctime;
00208 
00209   return 0;
00210 }
00211 
00212 
00213 
00214 int GWEN_Crypt_TokenFile__Read(GWEN_CRYPT_TOKEN *ct, uint32_t gid){
00215   GWEN_CRYPT_TOKEN_FILE *lct;
00216 
00217   assert(ct);
00218   lct=GWEN_INHERIT_GETDATA(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE, ct);
00219   assert(lct);
00220 
00221   assert(lct->readFn);
00222   if (lseek(lct->fd, 0, SEEK_SET)==-1) {
00223     DBG_ERROR(GWEN_LOGDOMAIN, "lseek(%s): %s",
00224               GWEN_Crypt_Token_GetTokenName(ct),
00225               strerror(errno));
00226     return GWEN_ERROR_IO;
00227   }
00228   return lct->readFn(ct, lct->fd, gid);
00229 }
00230 
00231 
00232 
00233 int GWEN_Crypt_TokenFile__Write(GWEN_CRYPT_TOKEN *ct, int cr, uint32_t gid){
00234   GWEN_CRYPT_TOKEN_FILE *lct;
00235 
00236   assert(ct);
00237   lct=GWEN_INHERIT_GETDATA(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE, ct);
00238   assert(lct);
00239 
00240   if (lct->writeFn==0) {
00241     DBG_WARN(GWEN_LOGDOMAIN,
00242              "No write function in crypt token type \"%s\"",
00243              GWEN_Crypt_Token_GetTypeName(ct));
00244     return GWEN_ERROR_NOT_SUPPORTED;
00245   }
00246 
00247   if (lseek(lct->fd, 0, SEEK_SET)==-1) {
00248     DBG_ERROR(GWEN_LOGDOMAIN, "lseek(%s): %s",
00249               GWEN_Crypt_Token_GetTokenName(ct),
00250               strerror(errno));
00251     return GWEN_ERROR_IO;
00252   }
00253   return lct->writeFn(ct, lct->fd, cr, gid);
00254 }
00255 
00256 
00257 
00258 int GWEN_Crypt_TokenFile__ReadFile(GWEN_CRYPT_TOKEN *ct, uint32_t gid){
00259   GWEN_CRYPT_TOKEN_FILE *lct;
00260   int rv;
00261 
00262   assert(ct);
00263   lct=GWEN_INHERIT_GETDATA(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE, ct);
00264   assert(lct);
00265 
00266   /* clear context list, it will be reloaded */
00267   GWEN_Crypt_Token_Context_List_Clear(lct->contextList);
00268 
00269   /* open file */
00270   rv=GWEN_Crypt_TokenFile__OpenFile(ct, 0, gid);
00271   if (rv) {
00272     DBG_INFO(GWEN_LOGDOMAIN,
00273              "Could not open keyfile for reading (%d)", rv);
00274     return rv;
00275   }
00276 
00277   /* read file */
00278   rv=GWEN_Crypt_TokenFile__Read(ct, gid);
00279   if (rv) {
00280     DBG_INFO(GWEN_LOGDOMAIN, "Error reading keyfile");
00281     GWEN_Crypt_TokenFile__CloseFile(ct, gid);
00282     return rv;
00283   }
00284 
00285   /* close file */
00286   rv=GWEN_Crypt_TokenFile__CloseFile(ct, gid);
00287   if (rv) {
00288     DBG_INFO(GWEN_LOGDOMAIN, "Could not close keyfile");
00289     return rv;
00290   }
00291 
00292   return 0;
00293 }
00294 
00295 
00296 
00297 int GWEN_Crypt_TokenFile__WriteFile(GWEN_CRYPT_TOKEN *ct, int cr, uint32_t gid){
00298   GWEN_CRYPT_TOKEN_FILE *lct;
00299   int rv;
00300 
00301   assert(ct);
00302   lct=GWEN_INHERIT_GETDATA(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE, ct);
00303   assert(lct);
00304 
00305   /* open file */
00306   rv=GWEN_Crypt_TokenFile__OpenFile(ct, 1, gid);
00307   if (rv) {
00308     DBG_INFO(GWEN_LOGDOMAIN,
00309              "Could not open keyfile for writing (%d)", rv);
00310     return rv;
00311   }
00312 
00313   /* write file */
00314   rv=GWEN_Crypt_TokenFile__Write(ct, cr, gid);
00315   if (rv) {
00316     DBG_INFO(GWEN_LOGDOMAIN, "Error writing keyfile");
00317     GWEN_Crypt_TokenFile__CloseFile(ct, gid);
00318     return rv;
00319   }
00320 
00321   /* close file */
00322   rv=GWEN_Crypt_TokenFile__CloseFile(ct, gid);
00323   if (rv) {
00324     DBG_INFO(GWEN_LOGDOMAIN, "Could not close keyfile");
00325     return rv;
00326   }
00327 
00328   return 0;
00329 }
00330 
00331 
00332 
00333 int GWEN_Crypt_TokenFile__ReloadIfNeeded(GWEN_CRYPT_TOKEN *ct, uint32_t gid){
00334   GWEN_CRYPT_TOKEN_FILE *lct;
00335   struct stat st;
00336 
00337   assert(ct);
00338   lct=GWEN_INHERIT_GETDATA(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE, ct);
00339   assert(lct);
00340 
00341   if (stat(GWEN_Crypt_Token_GetTokenName(ct), &st)) {
00342     DBG_ERROR(GWEN_LOGDOMAIN,
00343               "stat(%s): %s",
00344               GWEN_Crypt_Token_GetTokenName(ct),
00345               strerror(errno));
00346     return -1;
00347   }
00348   if (lct->mtime!=st.st_mtime ||
00349       lct->ctime!=st.st_ctime) {
00350     int rv;
00351 
00352     /* file has changed, reload it */
00353     DBG_NOTICE(GWEN_LOGDOMAIN,
00354                "Keyfile changed externally, reloading it");
00355     /* read file */
00356     rv=GWEN_Crypt_TokenFile__ReadFile(ct, gid);
00357     if (rv) {
00358       DBG_WARN(GWEN_LOGDOMAIN, "Error reloading keyfile");
00359       return rv;
00360     }
00361   }
00362   else {
00363     DBG_NOTICE(GWEN_LOGDOMAIN, "Keyfile unchanged, not reloading");
00364   }
00365   return 0;
00366 }
00367 
00368 
00369 
00370 void GWEN_Crypt_TokenFile_AddContext(GWEN_CRYPT_TOKEN *ct, GWEN_CRYPT_TOKEN_CONTEXT *ctx) {
00371   GWEN_CRYPT_TOKEN_FILE *lct;
00372 
00373   assert(ct);
00374   lct=GWEN_INHERIT_GETDATA(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE, ct);
00375   assert(lct);
00376 
00377   /* make sure the context is a file context */
00378   assert(GWEN_CTF_Context_IsOfThisType(ctx));
00379   GWEN_Crypt_Token_Context_List_Add(ctx, lct->contextList);
00380 }
00381 
00382 
00383 
00384 GWEN_CRYPT_TOKEN_CONTEXT *GWEN_Crypt_TokenFile_GetContext(GWEN_CRYPT_TOKEN *ct, int idx) {
00385   GWEN_CRYPT_TOKEN_FILE *lct;
00386   GWEN_CRYPT_TOKEN_CONTEXT *ctx;
00387 
00388   assert(ct);
00389   lct=GWEN_INHERIT_GETDATA(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE, ct);
00390   assert(lct);
00391 
00392   ctx=GWEN_Crypt_Token_Context_List_First(lct->contextList);
00393   while(ctx) {
00394     if (idx==0)
00395       return ctx;
00396     ctx=GWEN_Crypt_Token_Context_List_Next(ctx);
00397     idx--;
00398   }
00399 
00400   return NULL;
00401 }
00402 
00403 
00404 
00405 GWEN_CRYPT_TOKEN_FILE_READ_FN GWEN_Crypt_TokenFile_SetReadFn(GWEN_CRYPT_TOKEN *ct,
00406                                                              GWEN_CRYPT_TOKEN_FILE_READ_FN f) {
00407   GWEN_CRYPT_TOKEN_FILE *lct;
00408   GWEN_CRYPT_TOKEN_FILE_READ_FN of;
00409 
00410   assert(ct);
00411   lct=GWEN_INHERIT_GETDATA(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE, ct);
00412   assert(lct);
00413 
00414   of=lct->readFn;
00415   lct->readFn=f;
00416 
00417   return of;
00418 }
00419 
00420 
00421 
00422 GWEN_CRYPT_TOKEN_FILE_WRITE_FN GWEN_Crypt_TokenFile_SetWriteFn(GWEN_CRYPT_TOKEN *ct,
00423                                                                GWEN_CRYPT_TOKEN_FILE_WRITE_FN f) {
00424   GWEN_CRYPT_TOKEN_FILE *lct;
00425   GWEN_CRYPT_TOKEN_FILE_WRITE_FN of;
00426 
00427   assert(ct);
00428   lct=GWEN_INHERIT_GETDATA(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE, ct);
00429   assert(lct);
00430 
00431   of=lct->writeFn;
00432   lct->writeFn=f;
00433 
00434   return of;
00435 }
00436 
00437 
00438 
00439 int GWENHYWFAR_CB GWEN_Crypt_TokenFile_Create(GWEN_CRYPT_TOKEN *ct, uint32_t gid){
00440   GWEN_CRYPT_TOKEN_FILE *lct;
00441   struct stat st;
00442   int fd;
00443   int rv;
00444 
00445   assert(ct);
00446   lct=GWEN_INHERIT_GETDATA(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE, ct);
00447   assert(lct);
00448 
00449   if (!GWEN_Crypt_Token_GetTokenName(ct)) {
00450     DBG_ERROR(GWEN_LOGDOMAIN, "No medium name given");
00451     return GWEN_ERROR_INVALID;
00452   }
00453 
00454   if (stat(GWEN_Crypt_Token_GetTokenName(ct), &st)) {
00455     if (errno!=ENOENT) {
00456       DBG_ERROR(GWEN_LOGDOMAIN,
00457                 "stat(%s): %s",
00458                 GWEN_Crypt_Token_GetTokenName(ct),
00459                 strerror(errno));
00460       return GWEN_ERROR_IO;
00461     }
00462   }
00463   else {
00464     DBG_ERROR(GWEN_LOGDOMAIN,
00465               "Keyfile \"%s\" already exists, will not create it",
00466               GWEN_Crypt_Token_GetTokenName(ct));
00467     return GWEN_ERROR_INVALID;
00468   }
00469 
00470 
00471   /* create file */
00472   fd=open(GWEN_Crypt_Token_GetTokenName(ct),
00473           O_RDWR | O_CREAT | O_EXCL
00474 #ifdef OS_WIN32
00475           | O_BINARY
00476 #endif
00477           ,
00478           S_IRUSR|S_IWUSR);
00479 
00480 
00481   if (fd==-1) {
00482     DBG_ERROR(GWEN_LOGDOMAIN,
00483               "open(%s): %s",
00484               GWEN_Crypt_Token_GetTokenName(ct),
00485               strerror(errno));
00486     return GWEN_ERROR_IO;
00487   }
00488 
00489   close(fd);
00490 
00491   rv=GWEN_Crypt_TokenFile__WriteFile(ct, 1, gid);
00492   if (rv) {
00493     DBG_INFO(GWEN_LOGDOMAIN, "here");
00494     return rv;
00495   }
00496 
00497   return 0;
00498 }
00499 
00500 
00501 
00502 int GWENHYWFAR_CB GWEN_Crypt_TokenFile_Open(GWEN_CRYPT_TOKEN *ct, GWEN_UNUSED int admin, uint32_t gid){
00503   GWEN_CRYPT_TOKEN_FILE *lct;
00504   int rv;
00505 
00506   assert(ct);
00507   lct=GWEN_INHERIT_GETDATA(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE, ct);
00508   assert(lct);
00509 
00510   rv=GWEN_Crypt_TokenFile__ReadFile(ct, gid);
00511   if (rv) {
00512     DBG_INFO(GWEN_LOGDOMAIN, "here");
00513     return rv;
00514   }
00515 
00516   return 0;
00517 }
00518 
00519 
00520 
00521 int GWENHYWFAR_CB GWEN_Crypt_TokenFile_Close(GWEN_CRYPT_TOKEN *ct, int abandon, uint32_t gid){
00522   GWEN_CRYPT_TOKEN_FILE *lct;
00523   int rv;
00524 
00525   assert(ct);
00526   lct=GWEN_INHERIT_GETDATA(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE, ct);
00527   assert(lct);
00528 
00529   if (!abandon)
00530     rv=GWEN_Crypt_TokenFile__WriteFile(ct, 0, gid);
00531   else
00532     rv=0;
00533 
00534   /* free/reset all data */
00535   GWEN_Crypt_Token_Context_List_Clear(lct->contextList);
00536   lct->mtime=0;
00537   lct->ctime=0;
00538 
00539   return rv;
00540 }
00541 
00542 
00543 
00544 
00545 int GWENHYWFAR_CB GWEN_Crypt_TokenFile__GetKeyIdList(GWEN_CRYPT_TOKEN *ct,
00546                                                      uint32_t *pIdList,
00547                                                      uint32_t *pCount,
00548                                                      uint32_t gid) {
00549   GWEN_CRYPT_TOKEN_FILE *lct;
00550   GWEN_CRYPT_TOKEN_CONTEXT *ctx;
00551   int i;
00552   int rv;
00553 
00554   assert(ct);
00555   lct=GWEN_INHERIT_GETDATA(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE, ct);
00556   assert(lct);
00557 
00558   /* reload if needed */
00559   rv=GWEN_Crypt_TokenFile__ReloadIfNeeded(ct, gid);
00560   if (rv) {
00561     DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
00562     return rv;
00563   }
00564 
00565   /* count keys */
00566   i=0;
00567   ctx=GWEN_Crypt_Token_Context_List_First(lct->contextList);
00568   while(ctx) {
00569     i+=GWEN_CRYPT_TOKEN_CONTEXT_KEYS;
00570     ctx=GWEN_Crypt_Token_Context_List_Next(ctx);
00571   }
00572 
00573   /* if no buffer given just return number of keys */
00574   if (pIdList==NULL) {
00575     *pCount=i;
00576     return 0;
00577   }
00578 
00579   if (*pCount<i) {
00580     DBG_INFO(GWEN_LOGDOMAIN, "Buffer too small");
00581     return GWEN_ERROR_BUFFER_OVERFLOW;
00582   }
00583 
00584   *pCount=i;
00585   i=0;
00586   ctx=GWEN_Crypt_Token_Context_List_First(lct->contextList);
00587   while(ctx) {
00588     int j;
00589 
00590     for (j=1; j<=GWEN_CRYPT_TOKEN_CONTEXT_KEYS; j++)
00591       *(pIdList++)=(i<<16)+j;
00592 
00593     ctx=GWEN_Crypt_Token_Context_List_Next(ctx);
00594     i++;
00595   }
00596 
00597   return 0;
00598 }
00599 
00600 
00601 
00602 const GWEN_CRYPT_TOKEN_KEYINFO* GWENHYWFAR_CB 
00603 GWEN_Crypt_TokenFile__GetKeyInfo(GWEN_CRYPT_TOKEN *ct,
00604                                  uint32_t id,
00605                                  uint32_t flags,
00606                                  uint32_t gid) {
00607   GWEN_CRYPT_TOKEN_FILE *lct;
00608   GWEN_CRYPT_TOKEN_CONTEXT *ctx;
00609   GWEN_CRYPT_TOKEN_KEYINFO *ki;
00610   int i;
00611   int rv;
00612 
00613   assert(ct);
00614   lct=GWEN_INHERIT_GETDATA(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE, ct);
00615   assert(lct);
00616 
00617   /* reload if needed */
00618   rv=GWEN_Crypt_TokenFile__ReloadIfNeeded(ct, gid);
00619   if (rv) {
00620     DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
00621     return NULL;
00622   }
00623 
00624   i=id>>16;
00625   ctx=GWEN_Crypt_Token_Context_List_First(lct->contextList);
00626   while(ctx) {
00627     if (i==0)
00628       break;
00629     ctx=GWEN_Crypt_Token_Context_List_Next(ctx);
00630     i--;
00631   }
00632 
00633   if (ctx==NULL) {
00634     DBG_INFO(GWEN_LOGDOMAIN, "No key by id [%x] known (context out of range)", id);
00635     return NULL;
00636   }
00637 
00638   switch(id & 0xffff) {
00639   case 1: ki=GWEN_CTF_Context_GetLocalSignKeyInfo(ctx); break;
00640   case 2: ki=GWEN_CTF_Context_GetLocalCryptKeyInfo(ctx); break;
00641   case 3: ki=GWEN_CTF_Context_GetRemoteSignKeyInfo(ctx); break;
00642   case 4: ki=GWEN_CTF_Context_GetRemoteCryptKeyInfo(ctx); break;
00643   case 5: ki=GWEN_CTF_Context_GetLocalAuthKeyInfo(ctx); break;
00644   case 6: ki=GWEN_CTF_Context_GetRemoteAuthKeyInfo(ctx); break;
00645   case 7: ki=GWEN_CTF_Context_GetTempLocalSignKeyInfo(ctx); break;
00646   default:
00647     DBG_INFO(GWEN_LOGDOMAIN, "No key by id [%x] known (key id out of range)", id);
00648     return NULL;
00649   }
00650 
00651   if (ki==NULL) {
00652     DBG_INFO(GWEN_LOGDOMAIN, "No key info stored for key %d", id);
00653     return NULL;
00654   }
00655 
00656   return ki;
00657 }
00658 
00659 
00660 
00661 #if 0
00662 int GWENHYWFAR_CB 
00663 GWEN_Crypt_TokenFile__SetKeyInfo(GWEN_CRYPT_TOKEN *ct,
00664                                  uint32_t id,
00665                                  const GWEN_CRYPT_TOKEN_KEYINFO *ki,
00666                                  uint32_t gid) {
00667   GWEN_CRYPT_TOKEN_FILE *lct;
00668   GWEN_CRYPT_TOKEN_CONTEXT *ctx;
00669   int i;
00670   int rv;
00671   GWEN_CRYPT_TOKEN_KEYINFO *nki;
00672   GWEN_CRYPT_KEY *key;
00673   uint32_t flags;
00674 
00675   assert(ct);
00676   lct=GWEN_INHERIT_GETDATA(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE, ct);
00677   assert(lct);
00678 
00679   flags=GWEN_Crypt_Token_KeyInfo_GetFlags(ki);
00680 
00681   /* reload if needed */
00682   rv=GWEN_Crypt_TokenFile__ReloadIfNeeded(ct, gid);
00683   if (rv) {
00684     DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
00685     return rv;
00686   }
00687 
00688   i=id>>16;
00689   ctx=GWEN_Crypt_Token_Context_List_First(lct->contextList);
00690   while(ctx) {
00691     if (i==0)
00692       break;
00693     ctx=GWEN_Crypt_Token_Context_List_Next(ctx);
00694     i--;
00695   }
00696 
00697   if (ctx==NULL) {
00698     DBG_INFO(GWEN_LOGDOMAIN, "No key by id [%x] known (context out of range)", id);
00699     return GWEN_ERROR_NOT_FOUND;
00700   }
00701 
00702   nki=GWEN_Crypt_Token_KeyInfo_dup(ki);
00703   assert(nki);
00704   switch(id & 0xffff) {
00705   case 1:
00706     GWEN_CTF_Context_SetLocalSignKeyInfo(ctx, nki);
00707     key=GWEN_CTF_Context_GetLocalSignKey(ctx);
00708     break;
00709   case 2:
00710     GWEN_CTF_Context_SetLocalCryptKeyInfo(ctx, nki);
00711     key=GWEN_CTF_Context_GetLocalCryptKey(ctx);
00712     break;
00713   case 3:
00714     GWEN_CTF_Context_SetRemoteSignKeyInfo(ctx, nki);
00715     key=GWEN_CTF_Context_GetRemoteSignKey(ctx);
00716     break;
00717   case 4:
00718     GWEN_CTF_Context_SetRemoteCryptKeyInfo(ctx, nki);
00719     key=GWEN_CTF_Context_GetRemoteCryptKey(ctx);
00720     break;
00721   case 5:
00722     GWEN_CTF_Context_SetLocalAuthKeyInfo(ctx, nki);
00723     key=GWEN_CTF_Context_GetLocalAuthKey(ctx);
00724     break;
00725   case 6:
00726     GWEN_CTF_Context_SetRemoteAuthKeyInfo(ctx, nki);
00727     key=GWEN_CTF_Context_GetRemoteAuthKey(ctx);
00728     break;
00729   default:
00730     DBG_INFO(GWEN_LOGDOMAIN, "No key by id [%x] known (key id out of range)", id);
00731     GWEN_Crypt_Token_KeyInfo_free(nki);
00732     return GWEN_ERROR_NOT_FOUND;
00733   }
00734 
00735   /* replace key if modulus and exponent are given */
00736   if ((flags & GWEN_CRYPT_TOKEN_KEYFLAGS_HASMODULUS) &&
00737       (flags & GWEN_CRYPT_TOKEN_KEYFLAGS_HASEXPONENT) &&
00738       id!=1 && /* don't change local keys */
00739       id!=2 &&
00740       id!=5) {
00741     GWEN_CRYPT_KEY *nkey;
00742 
00743     nkey=GWEN_Crypt_KeyRsa_fromModExp(GWEN_Crypt_Token_KeyInfo_GetKeySize(ki),
00744                                       GWEN_Crypt_Token_KeyInfo_GetModulusData(ki),
00745                                       GWEN_Crypt_Token_KeyInfo_GetModulusLen(ki),
00746                                       GWEN_Crypt_Token_KeyInfo_GetExponentData(ki),
00747                                       GWEN_Crypt_Token_KeyInfo_GetExponentLen(ki));
00748     assert(nkey);
00749 
00750     if (flags & GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYNUMBER)
00751       GWEN_Crypt_Key_SetKeyNumber(nkey, GWEN_Crypt_Token_KeyInfo_GetKeyNumber(ki));
00752     if (flags & GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYVERSION)
00753       GWEN_Crypt_Key_SetKeyVersion(nkey, GWEN_Crypt_Token_KeyInfo_GetKeyVersion(ki));
00754 
00755     /* replace public key */
00756     switch(id & 0xffff) {
00757     case 3: /* remote sign key */
00758       GWEN_CTF_Context_SetRemoteSignKey(ctx, nkey);
00759       break;
00760     case 4: /* remote crypt key */
00761       GWEN_CTF_Context_SetRemoteCryptKey(ctx, nkey);
00762       break;
00763     case 6: /* remote auth key */
00764       GWEN_CTF_Context_SetRemoteAuthKey(ctx, nkey);
00765       break;
00766     default:
00767       DBG_ERROR(GWEN_LOGDOMAIN,
00768                 "Can't set modulus and exponent for private key");
00769       GWEN_Crypt_Key_free(nkey);
00770       return GWEN_ERROR_INVALID;
00771     }
00772     GWEN_Gui_ProgressLog(gid, GWEN_LoggerLevel_Notice,
00773                          I18N("Public key replaced"));
00774   }
00775   else {
00776     if (key) {
00777       if (flags & GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYNUMBER)
00778         GWEN_Crypt_Key_SetKeyNumber(key, GWEN_Crypt_Token_KeyInfo_GetKeyNumber(ki));
00779       if (flags & GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYVERSION)
00780         GWEN_Crypt_Key_SetKeyVersion(key, GWEN_Crypt_Token_KeyInfo_GetKeyVersion(ki));
00781     }
00782   }
00783 
00784   rv=GWEN_Crypt_TokenFile__WriteFile(ct, 0, gid);
00785   if (rv) {
00786     DBG_INFO(GWEN_LOGDOMAIN, "Unable to write file");
00787     GWEN_Gui_ProgressLog(gid, GWEN_LoggerLevel_Error,
00788                          I18N("Unable to write key file"));
00789     return rv;
00790   }
00791 
00792   GWEN_Gui_ProgressLog(gid, GWEN_LoggerLevel_Notice,
00793                        I18N("Key file saved"));
00794 
00795   return 0;
00796 }
00797 #endif
00798 
00799 
00800 int GWENHYWFAR_CB 
00801 GWEN_Crypt_TokenFile__SetKeyInfo(GWEN_CRYPT_TOKEN *ct,
00802                                  uint32_t id,
00803                                  const GWEN_CRYPT_TOKEN_KEYINFO *ski,
00804                                  uint32_t gid) {
00805   GWEN_CRYPT_TOKEN_FILE *lct;
00806   GWEN_CRYPT_TOKEN_CONTEXT *ctx;
00807   int i;
00808   int rv;
00809   GWEN_CRYPT_TOKEN_KEYINFO *ki;
00810   GWEN_CRYPT_KEY *key;
00811   uint32_t flags;
00812   uint32_t nflags;
00813 
00814   assert(ct);
00815   lct=GWEN_INHERIT_GETDATA(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE, ct);
00816   assert(lct);
00817 
00818   flags=GWEN_Crypt_Token_KeyInfo_GetFlags(ski);
00819 
00820   /* reload if needed */
00821   rv=GWEN_Crypt_TokenFile__ReloadIfNeeded(ct, gid);
00822   if (rv) {
00823     DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
00824     return rv;
00825   }
00826 
00827   i=id>>16;
00828   ctx=GWEN_Crypt_Token_Context_List_First(lct->contextList);
00829   while(ctx) {
00830     if (i==0)
00831       break;
00832     ctx=GWEN_Crypt_Token_Context_List_Next(ctx);
00833     i--;
00834   }
00835 
00836   if (ctx==NULL) {
00837     DBG_INFO(GWEN_LOGDOMAIN, "No key by id [%x] known (context out of range)", id);
00838     return GWEN_ERROR_NOT_FOUND;
00839   }
00840 
00841   switch(id & 0xffff) {
00842   case 1:
00843     ki=GWEN_CTF_Context_GetLocalSignKeyInfo(ctx);
00844     key=GWEN_CTF_Context_GetLocalSignKey(ctx);
00845     break;
00846   case 2:
00847     ki=GWEN_CTF_Context_GetLocalCryptKeyInfo(ctx);
00848     key=GWEN_CTF_Context_GetLocalCryptKey(ctx);
00849     break;
00850   case 3:
00851     ki=GWEN_CTF_Context_GetRemoteSignKeyInfo(ctx);
00852     key=GWEN_CTF_Context_GetRemoteSignKey(ctx);
00853     break;
00854   case 4:
00855     ki=GWEN_CTF_Context_GetRemoteCryptKeyInfo(ctx);
00856     key=GWEN_CTF_Context_GetRemoteCryptKey(ctx);
00857     break;
00858   case 5:
00859     ki=GWEN_CTF_Context_GetLocalAuthKeyInfo(ctx);
00860     key=GWEN_CTF_Context_GetLocalAuthKey(ctx);
00861     break;
00862   case 6:
00863     ki=GWEN_CTF_Context_GetRemoteAuthKeyInfo(ctx);
00864     key=GWEN_CTF_Context_GetRemoteAuthKey(ctx);
00865     break;
00866   case 7:
00867     ki=GWEN_CTF_Context_GetTempLocalSignKeyInfo(ctx);
00868     key=GWEN_CTF_Context_GetTempLocalSignKey(ctx);
00869     break;
00870   default:
00871     DBG_INFO(GWEN_LOGDOMAIN, "No key by id [%x] known (key id out of range)", id);
00872     return GWEN_ERROR_NOT_FOUND;
00873   }
00874   assert(ki);
00875 
00876   nflags=GWEN_Crypt_Token_KeyInfo_GetFlags(ki);
00877 
00878   if (flags & GWEN_CRYPT_TOKEN_KEYFLAGS_HASSTATUS) {
00879     /* ignore for now */
00880   }
00881 
00882   if (flags & GWEN_CRYPT_TOKEN_KEYFLAGS_HASACTIONFLAGS) {
00883     nflags&=~GWEN_CRYPT_TOKEN_KEYFLAGS_ACTIONMASK;
00884     nflags|=(flags & GWEN_CRYPT_TOKEN_KEYFLAGS_ACTIONMASK);
00885   }
00886 
00887   if (flags & GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYVERSION) {
00888     uint32_t i=GWEN_Crypt_Token_KeyInfo_GetKeyVersion(ski);
00889     GWEN_Crypt_Token_KeyInfo_SetKeyVersion(ki, i);
00890     nflags|=GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYVERSION;
00891     if (key)
00892       GWEN_Crypt_Key_SetKeyVersion(key, GWEN_Crypt_Token_KeyInfo_GetKeyVersion(ski));
00893     DBG_INFO(GWEN_LOGDOMAIN, "Setting key version");
00894   }
00895 
00896   if (flags & GWEN_CRYPT_TOKEN_KEYFLAGS_HASSIGNCOUNTER) {
00897     uint32_t i=GWEN_Crypt_Token_KeyInfo_GetSignCounter(ski);
00898     GWEN_Crypt_Token_KeyInfo_SetSignCounter(ki, i);
00899     nflags|=GWEN_CRYPT_TOKEN_KEYFLAGS_HASSIGNCOUNTER;
00900     DBG_INFO(GWEN_LOGDOMAIN, "Setting signature counter");
00901   }
00902 
00903   if (flags & GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYNUMBER) {
00904     uint32_t i=GWEN_Crypt_Token_KeyInfo_GetKeyNumber(ski);
00905     GWEN_Crypt_Token_KeyInfo_SetKeyNumber(ki, i);
00906     nflags|=GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYNUMBER;
00907     if (key)
00908       GWEN_Crypt_Key_SetKeyNumber(key, GWEN_Crypt_Token_KeyInfo_GetKeyNumber(ski));
00909     DBG_INFO(GWEN_LOGDOMAIN, "Setting key number");
00910   }
00911 
00912   /* replace key if modulus and exponent are given */
00913   if ((flags & GWEN_CRYPT_TOKEN_KEYFLAGS_HASMODULUS) &&
00914       (flags & GWEN_CRYPT_TOKEN_KEYFLAGS_HASEXPONENT) &&
00915       id!=1 && /* don't change local keys */
00916       id!=2 &&
00917       id!=5 &&
00918       id!=7) {
00919     GWEN_CRYPT_KEY *nkey;
00920 
00921     GWEN_Crypt_Token_KeyInfo_SetKeySize(ki, GWEN_Crypt_Token_KeyInfo_GetKeySize(ski));
00922     GWEN_Crypt_Token_KeyInfo_SetModulus(ki,
00923                                         GWEN_Crypt_Token_KeyInfo_GetModulusData(ski),
00924                                         GWEN_Crypt_Token_KeyInfo_GetModulusLen(ski));
00925     nflags|=GWEN_CRYPT_TOKEN_KEYFLAGS_HASMODULUS;
00926     GWEN_Crypt_Token_KeyInfo_SetExponent(ki,
00927                                          GWEN_Crypt_Token_KeyInfo_GetExponentData(ski),
00928                                          GWEN_Crypt_Token_KeyInfo_GetExponentLen(ski));
00929     nflags|=GWEN_CRYPT_TOKEN_KEYFLAGS_HASEXPONENT;
00930     nkey=GWEN_Crypt_KeyRsa_fromModExp(GWEN_Crypt_Token_KeyInfo_GetKeySize(ski),
00931                                       GWEN_Crypt_Token_KeyInfo_GetModulusData(ski),
00932                                       GWEN_Crypt_Token_KeyInfo_GetModulusLen(ski),
00933                                       GWEN_Crypt_Token_KeyInfo_GetExponentData(ski),
00934                                       GWEN_Crypt_Token_KeyInfo_GetExponentLen(ski));
00935     assert(nkey);
00936 
00937     if (nflags & GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYNUMBER)
00938       GWEN_Crypt_Key_SetKeyNumber(nkey, GWEN_Crypt_Token_KeyInfo_GetKeyNumber(ki));
00939     if (nflags & GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYVERSION)
00940       GWEN_Crypt_Key_SetKeyVersion(nkey, GWEN_Crypt_Token_KeyInfo_GetKeyVersion(ki));
00941 
00942     /* replace public key */
00943     switch(id & 0xffff) {
00944     case 3: /* remote sign key */
00945       GWEN_CTF_Context_SetRemoteSignKey(ctx, nkey);
00946       break;
00947     case 4: /* remote crypt key */
00948       GWEN_CTF_Context_SetRemoteCryptKey(ctx, nkey);
00949       break;
00950     case 6: /* remote auth key */
00951       GWEN_CTF_Context_SetRemoteAuthKey(ctx, nkey);
00952       break;
00953     default:
00954       DBG_ERROR(GWEN_LOGDOMAIN,
00955                 "Can't set modulus and exponent for private key");
00956       GWEN_Crypt_Key_free(nkey);
00957       return GWEN_ERROR_INVALID;
00958     }
00959     GWEN_Gui_ProgressLog(gid, GWEN_LoggerLevel_Notice,
00960                          I18N("Public key replaced"));
00961   }
00962   else {
00963     if (key) {
00964       if (flags & GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYNUMBER)
00965         GWEN_Crypt_Key_SetKeyNumber(key, GWEN_Crypt_Token_KeyInfo_GetKeyNumber(ki));
00966       if (flags & GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYVERSION)
00967         GWEN_Crypt_Key_SetKeyVersion(key, GWEN_Crypt_Token_KeyInfo_GetKeyVersion(ki));
00968     }
00969   }
00970 
00971   GWEN_Crypt_Token_KeyInfo_SetFlags(ki, nflags);
00972 
00973   rv=GWEN_Crypt_TokenFile__WriteFile(ct, 0, gid);
00974   if (rv) {
00975     DBG_INFO(GWEN_LOGDOMAIN, "Unable to write file");
00976     GWEN_Gui_ProgressLog(gid, GWEN_LoggerLevel_Error,
00977                          I18N("Unable to write key file"));
00978     return rv;
00979   }
00980 
00981   GWEN_Gui_ProgressLog(gid, GWEN_LoggerLevel_Notice,
00982                        I18N("Key file saved"));
00983 
00984   return 0;
00985 }
00986 
00987 
00988 
00989 int GWENHYWFAR_CB 
00990 GWEN_Crypt_TokenFile__ActivateKey(GWEN_CRYPT_TOKEN *ct, uint32_t id, uint32_t gid) {
00991   GWEN_CRYPT_TOKEN_FILE *lct;
00992   GWEN_CRYPT_TOKEN_CONTEXT *ctx;
00993   int rv;
00994   int i;
00995   uint32_t keyNum;
00996   uint8_t kbuf[GWEN_CRYPT_KEYRSA_MAX_KEYLENGTH];
00997   uint32_t klen;
00998   GWEN_CRYPT_TOKEN_KEYINFO *cki=NULL;
00999   GWEN_CRYPT_TOKEN_KEYINFO *ki;
01000   GWEN_CRYPT_KEY *key;
01001 
01002   assert(ct);
01003   lct=GWEN_INHERIT_GETDATA(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE, ct);
01004   assert(lct);
01005 
01006   /* reload if needed */
01007   rv=GWEN_Crypt_TokenFile__ReloadIfNeeded(ct, gid);
01008   if (rv) {
01009     DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
01010     return rv;
01011   }
01012 
01013   keyNum=id & 0xffff;
01014 
01015   i=id>>16;
01016   ctx=GWEN_Crypt_Token_Context_List_First(lct->contextList);
01017   while(ctx) {
01018     if (i==0)
01019       break;
01020     ctx=GWEN_Crypt_Token_Context_List_Next(ctx);
01021     i--;
01022   }
01023 
01024   if (ctx==NULL) {
01025     DBG_INFO(GWEN_LOGDOMAIN, "No key by id [%x] known (context out of range)", id);
01026     return GWEN_ERROR_NOT_FOUND;
01027   }
01028 
01029   key=GWEN_CTF_Context_GetTempLocalSignKey(ctx);
01030   if (key==NULL) {
01031     DBG_ERROR(GWEN_LOGDOMAIN, "No temporary local sign key.");
01032     return GWEN_ERROR_NOT_FOUND;
01033   }
01034   key=GWEN_Crypt_KeyRsa_dup(key);
01035 
01036   /* set key */
01037   if (keyNum==1)
01038     cki=GWEN_CTF_Context_GetLocalSignKeyInfo(ctx);
01039   else if (keyNum==6)
01040     cki=GWEN_CTF_Context_GetLocalAuthKeyInfo(ctx);
01041   else {
01042     GWEN_Gui_ProgressLog2(gid, GWEN_LoggerLevel_Error,
01043                           I18N("Invalid key id %02x"), id);
01044     GWEN_Crypt_Key_free(key);
01045     return GWEN_ERROR_NO_DATA;
01046   }
01047   if (cki==NULL) {
01048     GWEN_Gui_ProgressLog(gid, GWEN_LoggerLevel_Error,
01049                          I18N("No key info found"));
01050     GWEN_Crypt_Key_free(key);
01051     return GWEN_ERROR_NO_DATA;
01052   }
01053 
01054   /* update key info for the key */
01055   ki=GWEN_Crypt_Token_KeyInfo_dup(cki);
01056   assert(ki);
01057 
01058   /* get modulus */
01059   klen=sizeof(kbuf);
01060   rv=GWEN_Crypt_KeyRsa_GetModulus(key, kbuf, &klen);
01061   if (rv) {
01062     DBG_INFO(GWEN_LOGDOMAIN, "No modulus for key");
01063     GWEN_Crypt_Token_KeyInfo_free(ki);
01064     GWEN_Crypt_Key_free(key);
01065     return rv;
01066   }
01067   GWEN_Crypt_Token_KeyInfo_SetModulus(ki, kbuf, klen);
01068 
01069   /* get exponent */
01070   klen=sizeof(kbuf);
01071   rv=GWEN_Crypt_KeyRsa_GetExponent(key, kbuf, &klen);
01072   if (rv) {
01073     DBG_INFO(GWEN_LOGDOMAIN, "No exponent for key");
01074     GWEN_Crypt_Token_KeyInfo_free(ki);
01075     GWEN_Crypt_Key_free(key);
01076     return rv;
01077   }
01078   GWEN_Crypt_Token_KeyInfo_SetExponent(ki, kbuf, klen);
01079   GWEN_Crypt_Token_KeyInfo_SetKeyNumber(ki, GWEN_Crypt_Key_GetKeyNumber(key));
01080   GWEN_Crypt_Token_KeyInfo_SetKeyVersion(ki, GWEN_Crypt_Key_GetKeyVersion(key));
01081 
01082   if (keyNum==1) {
01083     if (GWEN_Crypt_Token_GetModes(ct) & GWEN_CRYPT_TOKEN_MODE_DIRECT_SIGN){
01084       DBG_DEBUG(GWEN_LOGDOMAIN, "Adding mode \"direct sign\" to key");
01085       GWEN_Crypt_KeyRsa_AddFlags(key, GWEN_CRYPT_KEYRSA_FLAGS_DIRECTSIGN);
01086     }
01087     GWEN_CTF_Context_SetLocalSignKey(ctx, key);
01088     GWEN_Crypt_Token_KeyInfo_AddFlags(ki,
01089                                       GWEN_CRYPT_TOKEN_KEYFLAGS_HASMODULUS |
01090                                       GWEN_CRYPT_TOKEN_KEYFLAGS_HASEXPONENT |
01091                                       GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYNUMBER |
01092                                       GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYVERSION |
01093                                       GWEN_CRYPT_TOKEN_KEYFLAGS_HASSIGNCOUNTER |
01094                                       GWEN_CRYPT_TOKEN_KEYFLAGS_HASACTIONFLAGS |
01095                                       GWEN_CRYPT_TOKEN_KEYFLAGS_CANVERIFY |
01096                                       GWEN_CRYPT_TOKEN_KEYFLAGS_CANSIGN);
01097     GWEN_Crypt_Token_KeyInfo_SetSignCounter(ki, 1);
01098     GWEN_CTF_Context_SetLocalSignKeyInfo(ctx, ki);
01099   }
01100   else if (keyNum==6) {
01101     if (GWEN_Crypt_Token_GetModes(ct) & GWEN_CRYPT_TOKEN_MODE_DIRECT_SIGN){
01102       DBG_DEBUG(GWEN_LOGDOMAIN, "Adding mode \"direct sign\" to key");
01103       GWEN_Crypt_KeyRsa_AddFlags(key, GWEN_CRYPT_KEYRSA_FLAGS_DIRECTSIGN);
01104     }
01105     GWEN_CTF_Context_SetLocalAuthKey(ctx, key);
01106     GWEN_Crypt_Token_KeyInfo_AddFlags(ki,
01107                                       GWEN_CRYPT_TOKEN_KEYFLAGS_HASMODULUS |
01108                                       GWEN_CRYPT_TOKEN_KEYFLAGS_HASEXPONENT |
01109                                       GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYNUMBER |
01110                                       GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYVERSION |
01111                                       GWEN_CRYPT_TOKEN_KEYFLAGS_HASSIGNCOUNTER |
01112                                       GWEN_CRYPT_TOKEN_KEYFLAGS_HASACTIONFLAGS |
01113                                       GWEN_CRYPT_TOKEN_KEYFLAGS_CANVERIFY |
01114                                       GWEN_CRYPT_TOKEN_KEYFLAGS_CANSIGN);
01115     GWEN_Crypt_Token_KeyInfo_SetSignCounter(ki, 1);
01116     GWEN_CTF_Context_SetLocalAuthKeyInfo(ctx, ki);
01117   }
01118 
01119   rv=GWEN_Crypt_TokenFile__WriteFile(ct, 0, gid);
01120   if (rv) {
01121     DBG_INFO(GWEN_LOGDOMAIN, "Unable to write file");
01122     GWEN_Gui_ProgressLog(gid, GWEN_LoggerLevel_Error,
01123                          I18N("Unable to write key file"));
01124     return rv;
01125   }
01126 
01127   GWEN_Gui_ProgressLog(gid, GWEN_LoggerLevel_Notice,
01128                        I18N("Key file saved"));
01129 
01130   return 0;
01131 }
01132 
01133 
01134 
01135 int GWENHYWFAR_CB
01136 GWEN_Crypt_TokenFile__GetContextIdList(GWEN_CRYPT_TOKEN *ct,
01137                                        uint32_t *pIdList,
01138                                        uint32_t *pCount,
01139                                        uint32_t gid) {
01140   GWEN_CRYPT_TOKEN_FILE *lct;
01141   GWEN_CRYPT_TOKEN_CONTEXT *ctx;
01142   int i;
01143   int rv;
01144 
01145   assert(ct);
01146   lct=GWEN_INHERIT_GETDATA(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE, ct);
01147   assert(lct);
01148 
01149   /* reload if needed */
01150   rv=GWEN_Crypt_TokenFile__ReloadIfNeeded(ct, gid);
01151   if (rv) {
01152     DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
01153     return rv;
01154   }
01155 
01156   /* count keys */
01157   i=0;
01158   ctx=GWEN_Crypt_Token_Context_List_First(lct->contextList);
01159   while(ctx) {
01160     i++;
01161     ctx=GWEN_Crypt_Token_Context_List_Next(ctx);
01162   }
01163 
01164   /* store number of entries */
01165   *pCount=i;
01166 
01167   /* if no buffer given just return number of keys */
01168   if (pIdList==NULL)
01169     return 0;
01170 
01171   if (*pCount<i) {
01172     DBG_INFO(GWEN_LOGDOMAIN, "Buffer too small");
01173     return GWEN_ERROR_BUFFER_OVERFLOW;
01174   }
01175 
01176   i=1;
01177   ctx=GWEN_Crypt_Token_Context_List_First(lct->contextList);
01178   while(ctx) {
01179     *(pIdList++)=i;
01180     ctx=GWEN_Crypt_Token_Context_List_Next(ctx);
01181     i++;
01182   }
01183 
01184   return 0;
01185 }
01186 
01187 
01188 
01189 const GWEN_CRYPT_TOKEN_CONTEXT* GWENHYWFAR_CB 
01190 GWEN_Crypt_TokenFile__GetContext(GWEN_CRYPT_TOKEN *ct,
01191                                  uint32_t id,
01192                                  uint32_t gid) {
01193   GWEN_CRYPT_TOKEN_FILE *lct;
01194   GWEN_CRYPT_TOKEN_CONTEXT *ctx;
01195   int rv;
01196 
01197   assert(ct);
01198   lct=GWEN_INHERIT_GETDATA(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE, ct);
01199   assert(lct);
01200 
01201   /* reload if needed */
01202   rv=GWEN_Crypt_TokenFile__ReloadIfNeeded(ct, gid);
01203   if (rv) {
01204     DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
01205     return NULL;
01206   }
01207 
01208   if (id==0) {
01209     DBG_INFO(GWEN_LOGDOMAIN, "Invalid context id 0");
01210     return NULL;
01211   }
01212 
01213   ctx=GWEN_Crypt_Token_Context_List_First(lct->contextList);
01214   while(ctx) {
01215     if (GWEN_Crypt_Token_Context_GetId(ctx)==id)
01216       break;
01217     ctx=GWEN_Crypt_Token_Context_List_Next(ctx);
01218   }
01219 
01220   if (ctx==NULL) {
01221     DBG_INFO(GWEN_LOGDOMAIN, "No context by id [%x] known", id);
01222     return NULL;
01223   }
01224 
01225   return ctx;
01226 }
01227 
01228 
01229 
01230 int GWENHYWFAR_CB 
01231 GWEN_Crypt_TokenFile__SetContext(GWEN_CRYPT_TOKEN *ct,
01232                                  uint32_t id,
01233                                  const GWEN_CRYPT_TOKEN_CONTEXT *nctx,
01234                                  uint32_t gid) {
01235   GWEN_CRYPT_TOKEN_FILE *lct;
01236   GWEN_CRYPT_TOKEN_CONTEXT *ctx;
01237   int rv;
01238   const char *s;
01239 
01240   assert(ct);
01241   lct=GWEN_INHERIT_GETDATA(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE, ct);
01242   assert(lct);
01243 
01244   if (id==0) {
01245     DBG_INFO(GWEN_LOGDOMAIN, "Invalid context id 0");
01246     return GWEN_ERROR_INVALID;
01247   }
01248 
01249   /* reload if needed */
01250   rv=GWEN_Crypt_TokenFile__ReloadIfNeeded(ct, gid);
01251   if (rv) {
01252     DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
01253     return rv;
01254   }
01255 
01256   ctx=GWEN_Crypt_Token_Context_List_First(lct->contextList);
01257   while(ctx) {
01258     if (GWEN_Crypt_Token_Context_GetId(ctx)==id)
01259       break;
01260     ctx=GWEN_Crypt_Token_Context_List_Next(ctx);
01261   }
01262 
01263   if (ctx==NULL) {
01264     DBG_INFO(GWEN_LOGDOMAIN, "No context by id [%x] known", id);
01265     return GWEN_ERROR_NOT_FOUND;
01266   }
01267 
01268   /* copy user data from context */
01269   s=GWEN_Crypt_Token_Context_GetServiceId(nctx);
01270   GWEN_Crypt_Token_Context_SetServiceId(ctx, s);
01271   s=GWEN_Crypt_Token_Context_GetUserId(nctx);
01272   GWEN_Crypt_Token_Context_SetUserId(ctx, s);
01273   s=GWEN_Crypt_Token_Context_GetUserName(nctx);
01274   GWEN_Crypt_Token_Context_SetUserName(ctx, s);
01275   s=GWEN_Crypt_Token_Context_GetPeerId(nctx);
01276   GWEN_Crypt_Token_Context_SetPeerId(ctx, s);
01277   s=GWEN_Crypt_Token_Context_GetAddress(nctx);
01278   GWEN_Crypt_Token_Context_SetAddress(ctx, s);
01279   GWEN_Crypt_Token_Context_SetPort(ctx, GWEN_Crypt_Token_Context_GetPort(nctx));
01280   s=GWEN_Crypt_Token_Context_GetSystemId(nctx);
01281   GWEN_Crypt_Token_Context_SetSystemId(ctx, s);
01282 
01283   return 0;
01284 }
01285 
01286 
01287 
01288 GWEN_CRYPT_KEY *GWEN_Crypt_TokenFile__GetKey(GWEN_CRYPT_TOKEN *ct, uint32_t id, uint32_t gid) {
01289   GWEN_CRYPT_TOKEN_FILE *lct;
01290   GWEN_CRYPT_TOKEN_CONTEXT *ctx;
01291   int i;
01292   int rv;
01293 
01294   assert(ct);
01295   lct=GWEN_INHERIT_GETDATA(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE, ct);
01296   assert(lct);
01297 
01298   /* reload if needed */
01299   rv=GWEN_Crypt_TokenFile__ReloadIfNeeded(ct, gid);
01300   if (rv) {
01301     DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
01302     return NULL;
01303   }
01304 
01305   i=id>>16;
01306   ctx=GWEN_Crypt_Token_Context_List_First(lct->contextList);
01307   while(ctx) {
01308     if (i==0)
01309       break;
01310     ctx=GWEN_Crypt_Token_Context_List_Next(ctx);
01311     i--;
01312   }
01313 
01314   if (ctx==NULL) {
01315     DBG_INFO(GWEN_LOGDOMAIN, "No key by id [%x] known (context out of range)", id);
01316     return NULL;
01317   }
01318 
01319   switch(id & 0xffff) {
01320   case 1: return GWEN_CTF_Context_GetLocalSignKey(ctx);
01321   case 2: return GWEN_CTF_Context_GetLocalCryptKey(ctx);
01322   case 3: return GWEN_CTF_Context_GetRemoteSignKey(ctx);
01323   case 4: return GWEN_CTF_Context_GetRemoteCryptKey(ctx);
01324   case 5: return GWEN_CTF_Context_GetLocalAuthKey(ctx);
01325   case 6: return GWEN_CTF_Context_GetRemoteAuthKey(ctx);
01326   default:
01327     DBG_INFO(GWEN_LOGDOMAIN, "No key by id [%x] known (key id out of range)", id);
01328     return NULL;
01329   }
01330 }
01331 
01332 
01333 
01334 int GWENHYWFAR_CB
01335 GWEN_Crypt_TokenFile__Sign(GWEN_CRYPT_TOKEN *ct,
01336                            uint32_t keyId,
01337                            GWEN_CRYPT_PADDALGO *a,
01338                            const uint8_t *pInData,
01339                            uint32_t inLen,
01340                            uint8_t *pSignatureData,
01341                            uint32_t *pSignatureLen,
01342                            uint32_t *pSeqCounter,
01343                            uint32_t gid) {
01344   GWEN_CRYPT_TOKEN_FILE *lct;
01345   GWEN_CRYPT_TOKEN_CONTEXT *ctx;
01346   GWEN_CRYPT_KEY *k;
01347   int keyNum;
01348   GWEN_BUFFER *srcBuf;
01349   int i;
01350   int rv;
01351   GWEN_CRYPT_PADDALGOID aid;
01352 
01353   assert(ct);
01354   lct=GWEN_INHERIT_GETDATA(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE, ct);
01355   assert(lct);
01356 
01357   DBG_INFO(GWEN_LOGDOMAIN, "Signing with key %d", keyId);
01358   aid=GWEN_Crypt_PaddAlgo_GetId(a);
01359 
01360   /* reload if needed */
01361   rv=GWEN_Crypt_TokenFile__ReloadIfNeeded(ct, gid);
01362   if (rv) {
01363     DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
01364     return rv;
01365   }
01366 
01367   /* get context */
01368   i=(keyId>>16);
01369   ctx=GWEN_Crypt_Token_Context_List_First(lct->contextList);
01370   if (ctx==NULL) {
01371     DBG_ERROR(GWEN_LOGDOMAIN, "Token has no context");
01372     return GWEN_ERROR_NOT_FOUND;
01373   }
01374   while(ctx) {
01375     if (i==0)
01376       break;
01377     DBG_ERROR(GWEN_LOGDOMAIN, "Checking token %d (i==%d)",
01378               GWEN_Crypt_Token_Context_GetId(ctx), i);
01379     ctx=GWEN_Crypt_Token_Context_List_Next(ctx);
01380     i--;
01381   }
01382 
01383   if (ctx==NULL) {
01384     DBG_INFO(GWEN_LOGDOMAIN, "No context by id [%x] known", (keyId>>16) & 0xffff);
01385     return GWEN_ERROR_NOT_FOUND;
01386   }
01387 
01388   /* get key */
01389   keyNum=keyId & 0xffff;
01390   if (keyNum!=1 && keyNum!=5) {
01391     /* neither localSignKey nor localAuthKey */
01392     DBG_INFO(GWEN_LOGDOMAIN, "Bad key for signing (%x)", keyId);
01393     return GWEN_ERROR_INVALID;
01394   }
01395 
01396   k=GWEN_Crypt_TokenFile__GetKey(ct, keyId, gid);
01397   if (k==NULL) {
01398     DBG_INFO(GWEN_LOGDOMAIN, "Key not found");
01399     return GWEN_ERROR_NOT_FOUND;
01400   }
01401 
01402   /* copy to a buffer for padding */
01403   srcBuf=GWEN_Buffer_new(0, inLen, 0, 0);
01404 
01405   if (aid==GWEN_Crypt_PaddAlgoId_Pkcs1_Pss_Sha256) {
01406     const GWEN_CRYPT_TOKEN_KEYINFO *ki;
01407     int nbits;
01408     const uint8_t *modPtr;
01409     uint32_t modLen;
01410     GWEN_MDIGEST *md;
01411 
01412     switch(keyId & 0xffff) {
01413     case 1:  ki=GWEN_CTF_Context_GetLocalSignKeyInfo(ctx); break;
01414     case 5:  ki=GWEN_CTF_Context_GetLocalAuthKeyInfo(ctx); break;
01415     default: ki=NULL;
01416     }
01417 
01418     if (ki==NULL) {
01419       DBG_ERROR(GWEN_LOGDOMAIN, "No information for key %d", keyNum);
01420       GWEN_Buffer_free(srcBuf);
01421       return GWEN_ERROR_GENERIC;
01422     }
01423 
01424     /* calculate real number of bits */
01425     modPtr=GWEN_Crypt_Token_KeyInfo_GetModulusData(ki);
01426     modLen=GWEN_Crypt_Token_KeyInfo_GetModulusLen(ki);
01427     nbits=modLen*8;
01428     while(modLen && *modPtr==0) {
01429       nbits-=8;
01430       modLen--;
01431       modPtr++;
01432     }
01433     if (modLen) {
01434       uint8_t b=*modPtr;
01435       int i;
01436       uint8_t mask=0x80;
01437 
01438       for (i=0; i<8; i++) {
01439         if (b & mask)
01440           break;
01441         nbits--;
01442         mask>>=1;
01443       }
01444     }
01445 
01446     if (nbits==0) {
01447       DBG_ERROR(GWEN_LOGDOMAIN, "Empty modulus");
01448       GWEN_Buffer_free(srcBuf);
01449       return GWEN_ERROR_GENERIC;
01450     }
01451 
01452     md=GWEN_MDigest_Sha256_new();
01453     GWEN_Buffer_AllocRoom(srcBuf, modLen);
01454 
01455     rv=GWEN_Padd_AddPkcs1Pss((uint8_t*) GWEN_Buffer_GetStart(srcBuf),
01456                              GWEN_Buffer_GetMaxUnsegmentedWrite(srcBuf),
01457                              nbits,
01458                              pInData, inLen,
01459                              inLen,
01460                              md);
01461     GWEN_MDigest_free(md);
01462     if (rv<0) {
01463       DBG_ERROR(GWEN_LOGDOMAIN, "here (%d)", rv);
01464       GWEN_Buffer_free(srcBuf);
01465       return rv;
01466     }
01467 
01468     GWEN_Buffer_IncrementPos(srcBuf, rv);
01469     GWEN_Buffer_AdjustUsedBytes(srcBuf);
01470   }
01471   else {
01472     GWEN_Buffer_AppendBytes(srcBuf, (const char*)pInData, inLen);
01473 
01474     /* padd according to given algo */
01475     rv=GWEN_Padd_ApplyPaddAlgo(a, srcBuf);
01476     if (rv) {
01477       DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
01478       GWEN_Buffer_free(srcBuf);
01479       return rv;
01480     }
01481   }
01482 
01483   /* sign with key */
01484   rv=GWEN_Crypt_Key_Sign(k,
01485                          (const uint8_t*)GWEN_Buffer_GetStart(srcBuf),
01486                          GWEN_Buffer_GetUsedBytes(srcBuf),
01487                          pSignatureData,
01488                          pSignatureLen);
01489   GWEN_Buffer_free(srcBuf);
01490   if (rv) {
01491     DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
01492     return rv;
01493   }
01494 
01495   if (pSeqCounter) {
01496     GWEN_CRYPT_TOKEN_KEYINFO *ki;
01497 
01498     /* signature sequence counter is to be incremented */
01499     switch(keyId & 0xffff) {
01500     case 1:  ki=GWEN_CTF_Context_GetLocalSignKeyInfo(ctx); break;
01501     case 5:  ki=GWEN_CTF_Context_GetLocalAuthKeyInfo(ctx); break;
01502     default: ki=NULL;
01503     }
01504     if (ki &&
01505         (GWEN_Crypt_Token_KeyInfo_GetFlags(ki) & GWEN_CRYPT_TOKEN_KEYFLAGS_HASSIGNCOUNTER)) {
01506       unsigned int seq;
01507 
01508       seq=GWEN_Crypt_Token_KeyInfo_GetSignCounter(ki);
01509       *pSeqCounter=seq;
01510       GWEN_Crypt_Token_KeyInfo_SetSignCounter(ki, ++seq);
01511 
01512       rv=GWEN_Crypt_TokenFile__WriteFile(ct, 0, gid);
01513       if (rv) {
01514         DBG_INFO(GWEN_LOGDOMAIN, "Unable to write file");
01515         return rv;
01516       }
01517     }
01518     else {
01519       DBG_WARN(GWEN_LOGDOMAIN, "No sign counter for key %04x", keyId);
01520       *pSeqCounter=0;
01521     }
01522   }
01523 
01524   return 0;
01525 }
01526 
01527 
01528 
01529 int GWENHYWFAR_CB
01530 GWEN_Crypt_TokenFile__Verify(GWEN_CRYPT_TOKEN *ct,
01531                              uint32_t keyId,
01532                              GWEN_CRYPT_PADDALGO *a,
01533                              const uint8_t *pInData,
01534                              uint32_t inLen,
01535                              const uint8_t *pSignatureData,
01536                              uint32_t signatureLen,
01537                              uint32_t seqCounter,
01538                              uint32_t gid) {
01539   GWEN_CRYPT_TOKEN_FILE *lct;
01540   GWEN_CRYPT_TOKEN_CONTEXT *ctx;
01541   GWEN_CRYPT_KEY *k;
01542   int keyNum;
01543   int i;
01544   int rv;
01545   GWEN_CRYPT_PADDALGOID aid;
01546 
01547   assert(ct);
01548   lct=GWEN_INHERIT_GETDATA(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE, ct);
01549   assert(lct);
01550 
01551   DBG_INFO(GWEN_LOGDOMAIN, "Verifying with key %d", keyId);
01552 
01553   aid=GWEN_Crypt_PaddAlgo_GetId(a);
01554 
01555   /* reload if needed */
01556   rv=GWEN_Crypt_TokenFile__ReloadIfNeeded(ct, gid);
01557   if (rv) {
01558     DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
01559     return rv;
01560   }
01561 
01562   /* get context */
01563   i=(keyId>>16);
01564   ctx=GWEN_Crypt_Token_Context_List_First(lct->contextList);
01565   while(ctx) {
01566     if (i==0)
01567       break;
01568     ctx=GWEN_Crypt_Token_Context_List_Next(ctx);
01569     i--;
01570   }
01571 
01572   if (ctx==NULL) {
01573     DBG_INFO(GWEN_LOGDOMAIN, "No context by id [%x] known", (keyId>>16) & 0xffff);
01574     return GWEN_ERROR_NOT_FOUND;
01575   }
01576 
01577   /* get key */
01578   keyNum=keyId & 0xffff;
01579   if (keyNum!=1 && keyNum!=3 && keyNum!=6) {
01580     /* neither remoteSignKey nor remoteAuthKey */
01581     DBG_INFO(GWEN_LOGDOMAIN, "Bad key for verifying (%x)", keyId);
01582     return GWEN_ERROR_INVALID;
01583   }
01584 
01585   k=GWEN_Crypt_TokenFile__GetKey(ct, keyId, gid);
01586   if (k==NULL) {
01587     DBG_INFO(GWEN_LOGDOMAIN, "Key not found");
01588     return GWEN_ERROR_NO_KEY;
01589   }
01590 
01591   if (aid==GWEN_Crypt_PaddAlgoId_Iso9796_2 ||
01592            aid==GWEN_Crypt_PaddAlgoId_Pkcs1_2 ||
01593            aid==GWEN_Crypt_PaddAlgoId_Pkcs1_Pss_Sha256) {
01594     GWEN_BUFFER *tbuf;
01595     uint32_t l;
01596 
01597     /* these algos add random numbers, we must use encrypt fn here and
01598      * compare the decrypted and unpadded data with the source data */
01599     tbuf=GWEN_Buffer_new(0, signatureLen+16, 0, 0);
01600     l=GWEN_Buffer_GetMaxUnsegmentedWrite(tbuf);
01601     rv=GWEN_Crypt_Key_Encipher(k,
01602                                pSignatureData, signatureLen,
01603                                (uint8_t*)GWEN_Buffer_GetStart(tbuf),
01604                                &l);
01605     if (rv<0) {
01606       DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
01607       GWEN_Buffer_free(tbuf);
01608       return rv;
01609     }
01610     GWEN_Buffer_IncrementPos(tbuf, l);
01611     GWEN_Buffer_AdjustUsedBytes(tbuf);
01612 
01613     if (aid==GWEN_Crypt_PaddAlgoId_Pkcs1_Pss_Sha256) {
01614       const GWEN_CRYPT_TOKEN_KEYINFO *ki;
01615       int nbits;
01616       const uint8_t *modPtr;
01617       uint32_t modLen;
01618       GWEN_MDIGEST *md;
01619 
01620       if (keyNum==3)
01621         ki=GWEN_CTF_Context_GetRemoteSignKeyInfo(ctx);
01622       else
01623         ki=GWEN_CTF_Context_GetRemoteAuthKeyInfo(ctx);
01624       if (ki==NULL) {
01625         DBG_ERROR(GWEN_LOGDOMAIN, "No information for key %d", keyNum);
01626         GWEN_Buffer_free(tbuf);
01627         return GWEN_ERROR_GENERIC;
01628       }
01629 
01630       /* calculate real number of bits */
01631       modPtr=GWEN_Crypt_Token_KeyInfo_GetModulusData(ki);
01632       modLen=GWEN_Crypt_Token_KeyInfo_GetModulusLen(ki);
01633       nbits=modLen*8;
01634       while(modLen && *modPtr==0) {
01635         nbits-=8;
01636         modLen--;
01637         modPtr++;
01638       }
01639       if (modLen) {
01640         uint8_t b=*modPtr;
01641         int i;
01642         uint8_t mask=0x80;
01643 
01644         for (i=0; i<8; i++) {
01645           if (b & mask)
01646             break;
01647           nbits--;
01648           mask>>=1;
01649         }
01650       }
01651 
01652       if (nbits==0) {
01653         DBG_ERROR(GWEN_LOGDOMAIN, "Empty modulus");
01654         GWEN_Buffer_free(tbuf);
01655         return GWEN_ERROR_GENERIC;
01656       }
01657 
01658       md=GWEN_MDigest_Sha256_new();
01659       rv=GWEN_Padd_VerifyPkcs1Pss((const uint8_t*) GWEN_Buffer_GetStart(tbuf),
01660                                   GWEN_Buffer_GetUsedBytes(tbuf),
01661                                   nbits,
01662                                   pInData, inLen,
01663                                   inLen,
01664                                   md);
01665       GWEN_MDigest_free(md);
01666       if (rv<0) {
01667         DBG_ERROR(GWEN_LOGDOMAIN, "here (%d)", rv);
01668         return rv;
01669       }
01670     }
01671     else {
01672       rv=GWEN_Padd_UnapplyPaddAlgo(a, tbuf);
01673       if (rv<0) {
01674         DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
01675         GWEN_Buffer_free(tbuf);
01676         return rv;
01677       }
01678       l=GWEN_Buffer_GetUsedBytes(tbuf);
01679 
01680       if (l!=inLen) {
01681         DBG_ERROR(GWEN_LOGDOMAIN, "Signature length doesn't match");
01682         GWEN_Buffer_free(tbuf);
01683         return GWEN_ERROR_VERIFY;
01684       }
01685       if (memcmp(pInData, GWEN_Buffer_GetStart(tbuf), l)!=0) {
01686         DBG_ERROR(GWEN_LOGDOMAIN, "Signature doesn't match:");
01687         GWEN_Buffer_free(tbuf);
01688         return GWEN_ERROR_VERIFY;
01689       }
01690     }
01691   }
01692   else {
01693     GWEN_BUFFER *srcBuf;
01694 
01695     /* copy to a buffer for padding */
01696     srcBuf=GWEN_Buffer_new(0, inLen, 0, 0);
01697     GWEN_Buffer_AppendBytes(srcBuf, (const char*)pInData, inLen);
01698 
01699     /* padd according to given algo */
01700     rv=GWEN_Padd_ApplyPaddAlgo(a, srcBuf);
01701     if (rv) {
01702       DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
01703       GWEN_Buffer_free(srcBuf);
01704       return rv;
01705     }
01706 
01707     /* verify with key */
01708     rv=GWEN_Crypt_Key_Verify(k,
01709                              (const uint8_t*)GWEN_Buffer_GetStart(srcBuf),
01710                              GWEN_Buffer_GetUsedBytes(srcBuf),
01711                              pSignatureData,
01712                              signatureLen);
01713     GWEN_Buffer_free(srcBuf);
01714     if (rv) {
01715       DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
01716       return rv;
01717     }
01718   }
01719 
01720   if (seqCounter) {
01721     GWEN_CRYPT_TOKEN_KEYINFO *ki;
01722 
01723     /* signature sequence counter is to be checked */
01724     if (keyNum==3)
01725       ki=GWEN_CTF_Context_GetRemoteSignKeyInfo(ctx);
01726     else
01727       ki=GWEN_CTF_Context_GetRemoteAuthKeyInfo(ctx);
01728     if (ki &&
01729         (GWEN_Crypt_Token_KeyInfo_GetFlags(ki) & GWEN_CRYPT_TOKEN_KEYFLAGS_HASSIGNCOUNTER)) {
01730       unsigned int seq;
01731 
01732       seq=GWEN_Crypt_Token_KeyInfo_GetSignCounter(ki);
01733 
01734       if (seq>=seqCounter) {
01735         DBG_WARN(GWEN_LOGDOMAIN, "Bad remote sequence counter (possibly replay attack!)");
01736         return GWEN_ERROR_VERIFY;
01737       }
01738       GWEN_Crypt_Token_KeyInfo_SetSignCounter(ki, seqCounter);
01739 
01740       /* write file */
01741       rv=GWEN_Crypt_TokenFile__WriteFile(ct, 0, gid);
01742       if (rv) {
01743         DBG_INFO(GWEN_LOGDOMAIN, "Unable to write file");
01744         return rv;
01745       }
01746     }
01747     else {
01748       DBG_WARN(GWEN_LOGDOMAIN, "No sign counter for key %04x", keyId);
01749     }
01750 
01751   }
01752 
01753   return 0;
01754 }
01755 
01756 
01757 
01758 int GWENHYWFAR_CB
01759 GWEN_Crypt_TokenFile__Encipher(GWEN_CRYPT_TOKEN *ct,
01760                                uint32_t keyId,
01761                                GWEN_CRYPT_PADDALGO *a,
01762                                const uint8_t *pInData,
01763                                uint32_t inLen,
01764                                uint8_t *pOutData,
01765                                uint32_t *pOutLen,
01766                                uint32_t gid) {
01767   GWEN_CRYPT_TOKEN_FILE *lct;
01768   GWEN_CRYPT_TOKEN_CONTEXT *ctx;
01769   GWEN_CRYPT_KEY *k;
01770   int keyNum;
01771   GWEN_BUFFER *srcBuf;
01772   int i;
01773   int rv;
01774 
01775   assert(ct);
01776   lct=GWEN_INHERIT_GETDATA(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE, ct);
01777   assert(lct);
01778 
01779   DBG_INFO(GWEN_LOGDOMAIN, "Enciphering with key %d", keyId);
01780 
01781   /* reload if needed */
01782   rv=GWEN_Crypt_TokenFile__ReloadIfNeeded(ct, gid);
01783   if (rv) {
01784     DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
01785     return rv;
01786   }
01787 
01788   /* get context */
01789   i=(keyId>>16);
01790   ctx=GWEN_Crypt_Token_Context_List_First(lct->contextList);
01791   while(ctx) {
01792     if (i==0)
01793       break;
01794     ctx=GWEN_Crypt_Token_Context_List_Next(ctx);
01795     i--;
01796   }
01797 
01798   if (ctx==NULL) {
01799     DBG_INFO(GWEN_LOGDOMAIN, "No context by id [%x] known", (keyId>>16) & 0xffff);
01800     return GWEN_ERROR_NOT_FOUND;
01801   }
01802 
01803   /* get key */
01804   keyNum=keyId & 0xffff;
01805   if (keyNum!=2 && keyNum!=4) {
01806     /* not remoteCryptKey */
01807     DBG_INFO(GWEN_LOGDOMAIN, "Bad key for encrypting (%x)", keyId);
01808     return GWEN_ERROR_INVALID;
01809   }
01810 
01811   k=GWEN_Crypt_TokenFile__GetKey(ct, keyId, gid);
01812   if (k==NULL) {
01813     DBG_INFO(GWEN_LOGDOMAIN, "Key %d not found", keyId);
01814     return GWEN_ERROR_NOT_FOUND;
01815   }
01816 
01817   /* copy to a buffer for padding */
01818   srcBuf=GWEN_Buffer_new(0, inLen, 0, 0);
01819   GWEN_Buffer_AppendBytes(srcBuf, (const char*)pInData, inLen);
01820   GWEN_Buffer_Rewind(srcBuf);
01821 
01822   /* padd according to given algo */
01823   rv=GWEN_Padd_ApplyPaddAlgo(a, srcBuf);
01824   if (rv) {
01825     DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
01826     GWEN_Buffer_free(srcBuf);
01827     return rv;
01828   }
01829 
01830   /* encipher with key */
01831   rv=GWEN_Crypt_Key_Encipher(k,
01832                              (const uint8_t*)GWEN_Buffer_GetStart(srcBuf),
01833                              GWEN_Buffer_GetUsedBytes(srcBuf),
01834                              pOutData,
01835                              pOutLen);
01836   GWEN_Buffer_free(srcBuf);
01837   if (rv) {
01838     DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
01839     return rv;
01840   }
01841 
01842   return 0;
01843 }
01844 
01845 
01846 
01847 int GWENHYWFAR_CB
01848 GWEN_Crypt_TokenFile__Decipher(GWEN_CRYPT_TOKEN *ct,
01849                                uint32_t keyId,
01850                                GWEN_CRYPT_PADDALGO *a,
01851                                const uint8_t *pInData,
01852                                uint32_t inLen,
01853                                uint8_t *pOutData,
01854                                uint32_t *pOutLen,
01855                                uint32_t gid) {
01856   GWEN_CRYPT_TOKEN_FILE *lct;
01857   GWEN_CRYPT_TOKEN_CONTEXT *ctx;
01858   GWEN_CRYPT_KEY *k;
01859   int keyNum;
01860   GWEN_BUFFER *tbuf;
01861   int i;
01862   int rv;
01863   uint32_t l;
01864 
01865   assert(ct);
01866   lct=GWEN_INHERIT_GETDATA(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE, ct);
01867   assert(lct);
01868 
01869   DBG_INFO(GWEN_LOGDOMAIN, "Deciphering with key %d", keyId);
01870 
01871   /* reload if needed */
01872   rv=GWEN_Crypt_TokenFile__ReloadIfNeeded(ct, gid);
01873   if (rv) {
01874     DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
01875     return rv;
01876   }
01877 
01878   /* get context */
01879   i=(keyId>>16);
01880   ctx=GWEN_Crypt_Token_Context_List_First(lct->contextList);
01881   while(ctx) {
01882     if (i==0)
01883       break;
01884     ctx=GWEN_Crypt_Token_Context_List_Next(ctx);
01885     i--;
01886   }
01887 
01888   if (ctx==NULL) {
01889     DBG_INFO(GWEN_LOGDOMAIN, "No context by id [%x] known", (keyId>>16) & 0xffff);
01890     return GWEN_ERROR_NOT_FOUND;
01891   }
01892 
01893   /* get key */
01894   keyNum=keyId & 0xffff;
01895   if (keyNum!=2 && keyNum!=4) {
01896     /* not localCryptKey */
01897     DBG_INFO(GWEN_LOGDOMAIN, "Bad key for decrypting (%x)", keyId);
01898     return GWEN_ERROR_INVALID;
01899   }
01900 
01901   k=GWEN_Crypt_TokenFile__GetKey(ct, keyId, gid);
01902   if (k==NULL) {
01903     DBG_INFO(GWEN_LOGDOMAIN, "Key not found");
01904     return GWEN_ERROR_NOT_FOUND;
01905   }
01906 
01907   /* decipher with key */
01908   tbuf=GWEN_Buffer_new(0, inLen+16, 0, 1);
01909   l=GWEN_Buffer_GetMaxUnsegmentedWrite(tbuf);
01910   rv=GWEN_Crypt_Key_Decipher(k,
01911                              pInData, inLen,
01912                              (uint8_t*)GWEN_Buffer_GetStart(tbuf), &l);
01913   if (rv<0) {
01914     DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
01915     GWEN_Buffer_free(tbuf);
01916     return rv;
01917   }
01918   GWEN_Buffer_IncrementPos(tbuf, l);
01919   GWEN_Buffer_AdjustUsedBytes(tbuf);
01920 
01921   /* unpadd according to given algo */
01922   rv=GWEN_Padd_UnapplyPaddAlgo(a, tbuf);
01923   if (rv) {
01924     DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
01925     GWEN_Buffer_free(tbuf);
01926     return rv;
01927   }
01928 
01929   /* copy resulting data to given buffer */
01930   l=GWEN_Buffer_GetUsedBytes(tbuf);
01931   if (l>*pOutLen) {
01932     DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
01933     GWEN_Buffer_free(tbuf);
01934     return GWEN_ERROR_BUFFER_OVERFLOW;
01935   }
01936   memmove(pOutData, GWEN_Buffer_GetStart(tbuf), l);
01937   *pOutLen=l;
01938   GWEN_Buffer_free(tbuf);
01939 
01940   return 0;
01941 }
01942 
01943 
01944 
01945 int GWENHYWFAR_CB
01946 GWEN_Crypt_TokenFile__GenerateKey(GWEN_CRYPT_TOKEN *ct,
01947                                   uint32_t keyId,
01948                                   const GWEN_CRYPT_CRYPTALGO *a,
01949                                   uint32_t gid) {
01950   GWEN_CRYPT_TOKEN_FILE *lct;
01951   GWEN_CRYPT_KEY *pubKey;
01952   GWEN_CRYPT_KEY *secKey;
01953   int rv;
01954   uint32_t keyNum;
01955   GWEN_CRYPT_TOKEN_CONTEXT *ctx;
01956   int i;
01957   uint8_t kbuf[GWEN_CRYPT_KEYRSA_MAX_KEYLENGTH];
01958   uint32_t klen;
01959   GWEN_CRYPT_TOKEN_KEYINFO *cki;
01960   GWEN_CRYPT_TOKEN_KEYINFO *ki;
01961   int sizeInBits;
01962 
01963   assert(ct);
01964   lct=GWEN_INHERIT_GETDATA(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE, ct);
01965   assert(lct);
01966 
01967   /* reload if needed */
01968   rv=GWEN_Crypt_TokenFile__ReloadIfNeeded(ct, gid);
01969   if (rv) {
01970     DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
01971     return rv;
01972   }
01973 
01974   keyNum=keyId & 0xffff;
01975 
01976   /* check key id */
01977   if (keyNum!=1 && keyNum!=2 && keyNum!=5 && keyNum!=7) {
01978     DBG_INFO(GWEN_LOGDOMAIN, "Can only generate local keys.");
01979     GWEN_Gui_ProgressLog(gid, GWEN_LoggerLevel_Error,
01980                          I18N("Can only generate local keys."));
01981     return GWEN_ERROR_NOT_SUPPORTED;
01982   }
01983 
01984   /* check for algo */
01985   if (GWEN_Crypt_CryptAlgo_GetId(a)!=GWEN_Crypt_CryptAlgoId_Rsa) {
01986     DBG_INFO(GWEN_LOGDOMAIN, "Only RSA keys supported.");
01987     GWEN_Gui_ProgressLog(gid, GWEN_LoggerLevel_Error,
01988                          I18N("Only RSA keys supported."));
01989     return GWEN_ERROR_NOT_SUPPORTED;
01990   }
01991 
01992   /* get context */
01993   i=(keyId>>16);
01994   ctx=GWEN_Crypt_Token_Context_List_First(lct->contextList);
01995   while(ctx) {
01996     if (i==0)
01997       break;
01998     ctx=GWEN_Crypt_Token_Context_List_Next(ctx);
01999     i--;
02000   }
02001 
02002   sizeInBits=GWEN_Crypt_CryptAlgo_GetKeySizeInBits(a);
02003   if (sizeInBits>0) {
02004     /* generate key pair with precise number of bits */
02005     DBG_DEBUG(GWEN_LOGDOMAIN, "Creating key pair using %d bits", sizeInBits);
02006     rv=GWEN_Crypt_KeyRsa_GeneratePair2(sizeInBits,
02007                                        (GWEN_Crypt_Token_GetModes(ct) &
02008                                         GWEN_CRYPT_TOKEN_MODE_EXP_65537)?1:0,
02009                                        &pubKey,
02010                                        &secKey);
02011   }
02012   else {
02013     /* generate key pair the old way, just using the chunksize */
02014     DBG_INFO(GWEN_LOGDOMAIN, "Creating key pair using %d bytes", GWEN_Crypt_CryptAlgo_GetChunkSize(a));
02015     rv=GWEN_Crypt_KeyRsa_GeneratePair(GWEN_Crypt_CryptAlgo_GetChunkSize(a),
02016                                       (GWEN_Crypt_Token_GetModes(ct) &
02017                                        GWEN_CRYPT_TOKEN_MODE_EXP_65537)?1:0,
02018                                       &pubKey,
02019                                       &secKey);
02020   }
02021   if (rv) {
02022     DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
02023     GWEN_Gui_ProgressLog(gid, GWEN_LoggerLevel_Error,
02024                          I18N("Could not generate key"));
02025     return rv;
02026   }
02027 
02028   GWEN_Gui_ProgressLog(gid, GWEN_LoggerLevel_Notice,
02029                        I18N("Key generated"));
02030 
02031   /* set key */
02032   if (keyNum==1)
02033     cki=GWEN_CTF_Context_GetLocalSignKeyInfo(ctx);
02034   else if (keyNum==2)
02035     cki=GWEN_CTF_Context_GetLocalCryptKeyInfo(ctx);
02036   else if (keyNum==5)
02037     cki=GWEN_CTF_Context_GetLocalAuthKeyInfo(ctx);
02038   else if (keyNum==7)
02039     cki=GWEN_CTF_Context_GetTempLocalSignKeyInfo(ctx);
02040   else
02041     cki=NULL;
02042 
02043   if (cki==NULL) {
02044     GWEN_Gui_ProgressLog(gid, GWEN_LoggerLevel_Error,
02045                          I18N("No key info found"));
02046     return GWEN_ERROR_NO_DATA;
02047   }
02048 
02049   /* update key info for the key */
02050   ki=GWEN_Crypt_Token_KeyInfo_dup(cki);
02051   assert(ki);
02052 
02053   /* get modulus */
02054   klen=sizeof(kbuf);
02055   rv=GWEN_Crypt_KeyRsa_GetModulus(pubKey, kbuf, &klen);
02056   if (rv) {
02057     DBG_INFO(GWEN_LOGDOMAIN, "No modulus for key");
02058     GWEN_Crypt_Token_KeyInfo_free(ki);
02059     GWEN_Crypt_Key_free(pubKey);
02060     return rv;
02061   }
02062   GWEN_Crypt_Token_KeyInfo_SetModulus(ki, kbuf, klen);
02063 
02064   /* get exponent */
02065   klen=sizeof(kbuf);
02066   rv=GWEN_Crypt_KeyRsa_GetExponent(pubKey, kbuf, &klen);
02067   if (rv) {
02068     DBG_INFO(GWEN_LOGDOMAIN, "No exponent for key");
02069     GWEN_Crypt_Token_KeyInfo_free(ki);
02070     GWEN_Crypt_Key_free(pubKey);
02071     return rv;
02072   }
02073   GWEN_Crypt_Token_KeyInfo_SetExponent(ki, kbuf, klen);
02074   GWEN_Crypt_Token_KeyInfo_SetKeyNumber(ki, GWEN_Crypt_Key_GetKeyNumber(pubKey));
02075   GWEN_Crypt_Token_KeyInfo_SetKeyVersion(ki, GWEN_Crypt_Key_GetKeyVersion(pubKey));
02076 
02077   if (keyNum==1) {
02078     if (GWEN_Crypt_Token_GetModes(ct) & GWEN_CRYPT_TOKEN_MODE_DIRECT_SIGN){
02079       DBG_DEBUG(GWEN_LOGDOMAIN, "Adding mode \"direct sign\" to key");
02080       GWEN_Crypt_KeyRsa_AddFlags(secKey, GWEN_CRYPT_KEYRSA_FLAGS_DIRECTSIGN);
02081     }
02082     GWEN_CTF_Context_SetLocalSignKey(ctx, secKey);
02083     GWEN_Crypt_Token_KeyInfo_AddFlags(ki,
02084                                       GWEN_CRYPT_TOKEN_KEYFLAGS_HASMODULUS |
02085                                       GWEN_CRYPT_TOKEN_KEYFLAGS_HASEXPONENT |
02086                                       GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYNUMBER |
02087                                       GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYVERSION |
02088                                       GWEN_CRYPT_TOKEN_KEYFLAGS_HASSIGNCOUNTER |
02089                                       GWEN_CRYPT_TOKEN_KEYFLAGS_HASACTIONFLAGS |
02090                                       GWEN_CRYPT_TOKEN_KEYFLAGS_CANVERIFY |
02091                                       GWEN_CRYPT_TOKEN_KEYFLAGS_CANSIGN);
02092     GWEN_Crypt_Token_KeyInfo_SetSignCounter(ki, 1);
02093     GWEN_CTF_Context_SetLocalSignKeyInfo(ctx, ki);
02094   }
02095   else if (keyNum==2) {
02096     GWEN_CTF_Context_SetLocalCryptKey(ctx, secKey);
02097     GWEN_Crypt_Token_KeyInfo_AddFlags(ki,
02098                                       GWEN_CRYPT_TOKEN_KEYFLAGS_HASMODULUS |
02099                                       GWEN_CRYPT_TOKEN_KEYFLAGS_HASEXPONENT |
02100                                       GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYNUMBER |
02101                                       GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYVERSION |
02102                                       GWEN_CRYPT_TOKEN_KEYFLAGS_HASSIGNCOUNTER |
02103                                       GWEN_CRYPT_TOKEN_KEYFLAGS_HASACTIONFLAGS |
02104                                       GWEN_CRYPT_TOKEN_KEYFLAGS_CANENCIPHER |
02105                                       GWEN_CRYPT_TOKEN_KEYFLAGS_CANDECIPHER);
02106     GWEN_CTF_Context_SetLocalCryptKeyInfo(ctx, ki);
02107   }
02108   else if (keyNum==5) {
02109     if (GWEN_Crypt_Token_GetModes(ct) & GWEN_CRYPT_TOKEN_MODE_DIRECT_SIGN){
02110       DBG_DEBUG(GWEN_LOGDOMAIN, "Adding mode \"direct sign\" to key");
02111       GWEN_Crypt_KeyRsa_AddFlags(secKey, GWEN_CRYPT_KEYRSA_FLAGS_DIRECTSIGN);
02112     }
02113     GWEN_CTF_Context_SetLocalAuthKey(ctx, secKey);
02114     GWEN_Crypt_Token_KeyInfo_AddFlags(ki,
02115                                       GWEN_CRYPT_TOKEN_KEYFLAGS_HASMODULUS |
02116                                       GWEN_CRYPT_TOKEN_KEYFLAGS_HASEXPONENT |
02117                                       GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYNUMBER |
02118                                       GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYVERSION |
02119                                       GWEN_CRYPT_TOKEN_KEYFLAGS_HASSIGNCOUNTER |
02120                                       GWEN_CRYPT_TOKEN_KEYFLAGS_HASACTIONFLAGS |
02121                                       GWEN_CRYPT_TOKEN_KEYFLAGS_CANVERIFY |
02122                                       GWEN_CRYPT_TOKEN_KEYFLAGS_CANSIGN);
02123     GWEN_Crypt_Token_KeyInfo_SetSignCounter(ki, 1);
02124     GWEN_CTF_Context_SetLocalAuthKeyInfo(ctx, ki);
02125   }
02126   else if (keyNum==7) {
02127     if (GWEN_Crypt_Token_GetModes(ct) & GWEN_CRYPT_TOKEN_MODE_DIRECT_SIGN){
02128       DBG_DEBUG(GWEN_LOGDOMAIN, "Adding mode \"direct sign\" to key");
02129       GWEN_Crypt_KeyRsa_AddFlags(secKey, GWEN_CRYPT_KEYRSA_FLAGS_DIRECTSIGN);
02130     }
02131     GWEN_CTF_Context_SetTempLocalSignKey(ctx, secKey);
02132     GWEN_Crypt_Token_KeyInfo_AddFlags(ki,
02133                                       GWEN_CRYPT_TOKEN_KEYFLAGS_HASMODULUS |
02134                                       GWEN_CRYPT_TOKEN_KEYFLAGS_HASEXPONENT |
02135                                       GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYNUMBER |
02136                                       GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYVERSION |
02137                                       GWEN_CRYPT_TOKEN_KEYFLAGS_HASSIGNCOUNTER |
02138                                       GWEN_CRYPT_TOKEN_KEYFLAGS_HASACTIONFLAGS |
02139                                       GWEN_CRYPT_TOKEN_KEYFLAGS_CANVERIFY |
02140                                       GWEN_CRYPT_TOKEN_KEYFLAGS_CANSIGN);
02141     GWEN_Crypt_Token_KeyInfo_SetSignCounter(ki, 1);
02142     GWEN_CTF_Context_SetTempLocalSignKeyInfo(ctx, ki);
02143   }
02144 
02145   /* the public key is not used */
02146   GWEN_Crypt_Key_free(pubKey);
02147 
02148   rv=GWEN_Crypt_TokenFile__WriteFile(ct, 0, gid);
02149   if (rv) {
02150     DBG_INFO(GWEN_LOGDOMAIN, "Unable to write file");
02151     GWEN_Gui_ProgressLog(gid, GWEN_LoggerLevel_Error,
02152                          I18N("Unable to write key file"));
02153     return rv;
02154   }
02155 
02156   GWEN_Gui_ProgressLog(gid, GWEN_LoggerLevel_Notice,
02157                        I18N("Key generated and set"));
02158 
02159   return 0;
02160 }
02161 
02162 
02163 
02164 
02165 
02166 
02167 GWENHYWFAR_CB
02168 void GWEN_Crypt_TokenFile_freeData(GWEN_UNUSED void *bp, void *p) {
02169   GWEN_CRYPT_TOKEN_FILE *lct;
02170 
02171   lct=(GWEN_CRYPT_TOKEN_FILE*) p;
02172   GWEN_Crypt_Token_Context_List_free(lct->contextList);
02173 
02174   GWEN_FREE_OBJECT(lct);
02175 }
02176 
02177 
02178 
02179 GWEN_CRYPT_TOKEN *GWEN_Crypt_TokenFile_new(const char *typeName,
02180                                            const char *tokenName) {
02181   GWEN_CRYPT_TOKEN *ct;
02182   GWEN_CRYPT_TOKEN_FILE *lct;
02183 
02184   ct=GWEN_Crypt_Token_new(GWEN_Crypt_Token_Device_File, typeName, tokenName);
02185   assert(ct);
02186 
02187   GWEN_NEW_OBJECT(GWEN_CRYPT_TOKEN_FILE, lct);
02188   lct->contextList=GWEN_Crypt_Token_Context_List_new();
02189   GWEN_INHERIT_SETDATA(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE, ct, lct,
02190                        GWEN_Crypt_TokenFile_freeData);
02191   GWEN_Crypt_Token_SetOpenFn(ct, GWEN_Crypt_TokenFile_Open);
02192   GWEN_Crypt_Token_SetCreateFn(ct, GWEN_Crypt_TokenFile_Create);
02193   GWEN_Crypt_Token_SetCloseFn(ct, GWEN_Crypt_TokenFile_Close);
02194   GWEN_Crypt_Token_SetGetKeyIdListFn(ct, GWEN_Crypt_TokenFile__GetKeyIdList);
02195   GWEN_Crypt_Token_SetGetKeyInfoFn(ct, GWEN_Crypt_TokenFile__GetKeyInfo);
02196   GWEN_Crypt_Token_SetSetKeyInfoFn(ct, GWEN_Crypt_TokenFile__SetKeyInfo);
02197   GWEN_Crypt_Token_SetGetContextIdListFn(ct, GWEN_Crypt_TokenFile__GetContextIdList);
02198   GWEN_Crypt_Token_SetGetContextFn(ct, GWEN_Crypt_TokenFile__GetContext);
02199   GWEN_Crypt_Token_SetSetContextFn(ct, GWEN_Crypt_TokenFile__SetContext);
02200   GWEN_Crypt_Token_SetSignFn(ct, GWEN_Crypt_TokenFile__Sign);
02201   GWEN_Crypt_Token_SetVerifyFn(ct, GWEN_Crypt_TokenFile__Verify);
02202   GWEN_Crypt_Token_SetEncipherFn(ct, GWEN_Crypt_TokenFile__Encipher);
02203   GWEN_Crypt_Token_SetDecipherFn(ct, GWEN_Crypt_TokenFile__Decipher);
02204   GWEN_Crypt_Token_SetGenerateKeyFn(ct, GWEN_Crypt_TokenFile__GenerateKey);
02205   GWEN_Crypt_Token_SetActivateKeyFn(ct, GWEN_Crypt_TokenFile__ActivateKey);
02206 
02207   return ct;
02208 }
02209 
02210 
02211 
02212 
02213