ctfile.c

Go to the documentation of this file.
00001 /***************************************************************************
00002  $RCSfile$
00003                              -------------------
00004     cvs         : $Id: crypttoken.h 1113 2007-01-10 09:14:16Z martin $
00005     begin       : Wed Mar 16 2005
00006     copyright   : (C) 2005 by Martin Preuss
00007     email       : martin@libchipcard.de
00008 
00009  ***************************************************************************
00010  *          Please see toplevel file COPYING for license details           *
00011  ***************************************************************************/
00012 
00013 #ifdef HAVE_CONFIG_H
00014 # include <config.h>
00015 #endif
00016 
00017 
00018 #include "ctfile_p.h"
00019 #include "i18n_l.h"
00020 #include <gwenhywfar/ctf_context_be.h>
00021 #include <gwenhywfar/misc.h>
00022 #include <gwenhywfar/debug.h>
00023 #include <gwenhywfar/padd.h>
00024 #include <gwenhywfar/cryptkeyrsa.h>
00025 #include <gwenhywfar/text.h>
00026 
00027 #include <sys/types.h>
00028 #include <sys/stat.h>
00029 #include <fcntl.h>
00030 #include <string.h>
00031 #include <errno.h>
00032 #include <stdlib.h>
00033 #include <unistd.h>
00034 
00035 
00036 
00037 GWEN_INHERIT(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE)
00038 
00039 
00040 
00041 
00042 
00043 int GWEN_Crypt_TokenFile__OpenFile(GWEN_CRYPT_TOKEN *ct, int wr, uint32_t gid){
00044   int fd;
00045   GWEN_CRYPT_TOKEN_FILE *lct;
00046   GWEN_FSLOCK_RESULT lres;
00047 
00048   assert(ct);
00049   lct=GWEN_INHERIT_GETDATA(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE, ct);
00050   assert(lct);
00051 
00052   lct->lock=GWEN_FSLock_new(GWEN_Crypt_Token_GetTokenName(ct),
00053                             GWEN_FSLock_TypeFile);
00054   lres=GWEN_FSLock_Lock(lct->lock, 10000, gid);
00055   if (lres!=GWEN_FSLock_ResultOk) {
00056     GWEN_FSLock_free(lct->lock);
00057     lct->lock=0;
00058     DBG_ERROR(GWEN_LOGDOMAIN, "Could not lock file");
00059     if (lres==GWEN_FSLock_ResultUserAbort)
00060       return GWEN_ERROR_USER_ABORTED;
00061     else
00062       return GWEN_ERROR_IO;
00063   }
00064   else {
00065     DBG_INFO(GWEN_LOGDOMAIN,
00066              "Keyfile [%s] locked.",
00067              GWEN_Crypt_Token_GetTokenName(ct));
00068   }
00069 
00070   if (wr) {
00071     /* write file */
00072     fd=open(GWEN_Crypt_Token_GetTokenName(ct),
00073             O_RDWR|O_CREAT
00074 #ifdef OS_WIN32
00075             | O_BINARY
00076 #endif
00077             ,
00078             S_IRUSR|S_IWUSR | lct->keyfile_mode);
00079   }
00080   else {
00081     /* Remember the access permissions when opening the file */
00082     struct stat statbuffer;
00083     if (!stat(GWEN_Crypt_Token_GetTokenName(ct), &statbuffer)) {
00084       /* Save the access mode, but masked by the bit masks for
00085          user/group/other permissions */
00086       lct->keyfile_mode = 
00087         statbuffer.st_mode & (S_IRWXU
00088 #ifndef OS_WIN32
00089                               | S_IRWXG | S_IRWXO
00090 #endif
00091                               );
00092     }
00093     else {
00094       DBG_ERROR(GWEN_LOGDOMAIN,
00095                 "stat(%s): %s",
00096                 GWEN_Crypt_Token_GetTokenName(ct),
00097                 strerror(errno));
00098 
00099       GWEN_FSLock_Unlock(lct->lock);
00100       GWEN_FSLock_free(lct->lock);
00101       lct->lock=0;
00102       DBG_INFO(GWEN_LOGDOMAIN,
00103                "Keyfile [%s] unlocked.",
00104                GWEN_Crypt_Token_GetTokenName(ct));
00105       return GWEN_ERROR_IO;
00106     }
00107 
00108     /* and open the file */
00109     fd=open(GWEN_Crypt_Token_GetTokenName(ct),
00110             O_RDONLY
00111 #ifdef OS_WIN32
00112             | O_BINARY
00113 #endif
00114            );
00115   }
00116 
00117   if (fd==-1) {
00118     DBG_ERROR(GWEN_LOGDOMAIN,
00119               "open(%s): %s",
00120               GWEN_Crypt_Token_GetTokenName(ct),
00121               strerror(errno));
00122     GWEN_FSLock_Unlock(lct->lock);
00123     GWEN_FSLock_free(lct->lock);
00124     lct->lock=0;
00125     DBG_INFO(GWEN_LOGDOMAIN,
00126              "Keyfile [%s] unlocked.",
00127              GWEN_Crypt_Token_GetTokenName(ct));
00128     return GWEN_ERROR_IO;
00129   }
00130 
00131   lct->fd=fd;
00132 
00133   return 0;
00134 }
00135 
00136 
00137 
00138 int GWEN_Crypt_TokenFile__CloseFile(GWEN_CRYPT_TOKEN *ct, uint32_t gid){
00139   GWEN_CRYPT_TOKEN_FILE *lct;
00140   GWEN_FSLOCK_RESULT lres;
00141   struct stat st;
00142 
00143   assert(ct);
00144   lct=GWEN_INHERIT_GETDATA(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE, ct);
00145   assert(lct);
00146 
00147   if (lct->fd==-1) {
00148     DBG_ERROR(GWEN_LOGDOMAIN, "Keyfile \"%s\"not open",
00149               GWEN_Crypt_Token_GetTokenName(ct));
00150     return GWEN_ERROR_INTERNAL;
00151   }
00152 
00153   if (close(lct->fd)) {
00154     DBG_ERROR(GWEN_LOGDOMAIN, "close(%s): %s",
00155               GWEN_Crypt_Token_GetTokenName(ct), strerror(errno));
00156     lct->fd=-1;
00157     GWEN_FSLock_Unlock(lct->lock);
00158     GWEN_FSLock_free(lct->lock);
00159     lct->lock=0;
00160     DBG_INFO(GWEN_LOGDOMAIN,
00161              "Keyfile [%s] unlocked.",
00162              GWEN_Crypt_Token_GetTokenName(ct));
00163     return GWEN_ERROR_IO;
00164   }
00165   lct->fd=-1;
00166 
00167   lres=GWEN_FSLock_Unlock(lct->lock);
00168   if (lres!=GWEN_FSLock_ResultOk) {
00169     DBG_WARN(GWEN_LOGDOMAIN, "Error removing lock from \"%s\": %d",
00170              GWEN_Crypt_Token_GetTokenName(ct), lres);
00171   }
00172   GWEN_FSLock_free(lct->lock);
00173   lct->lock=0;
00174   DBG_INFO(GWEN_LOGDOMAIN,
00175            "Keyfile [%s] unlocked.",
00176            GWEN_Crypt_Token_GetTokenName(ct));
00177 
00178   /* get times */
00179   if (stat(GWEN_Crypt_Token_GetTokenName(ct), &st)) {
00180     DBG_ERROR(GWEN_LOGDOMAIN,
00181               "stat(%s): %s",
00182               GWEN_Crypt_Token_GetTokenName(ct),
00183               strerror(errno));
00184     return GWEN_ERROR_IO;
00185   }
00186 
00187 #ifndef OS_WIN32
00188   if (st.st_mode & 0007) {
00189     DBG_WARN(GWEN_LOGDOMAIN,
00190              "WARNING: Your keyfile \"%s\" is world accessible!\n"
00191              "Nobody but you should have access to the file. You \n"
00192              "should probably change this with \"chmod 600 %s\"",
00193              GWEN_Crypt_Token_GetTokenName(ct),
00194              GWEN_Crypt_Token_GetTokenName(ct));
00195     GWEN_Gui_ProgressLog(gid, GWEN_LoggerLevel_Warning,
00196                          "WARNING: Your keyfile is world accessible!\n"
00197                          "Nobody but you should have access to the file.");
00198   }
00199 #endif
00200   lct->mtime=st.st_mtime;
00201   lct->ctime=st.st_ctime;
00202 
00203   return 0;
00204 }
00205 
00206 
00207 
00208 int GWEN_Crypt_TokenFile__Read(GWEN_CRYPT_TOKEN *ct, uint32_t gid){
00209   GWEN_CRYPT_TOKEN_FILE *lct;
00210 
00211   assert(ct);
00212   lct=GWEN_INHERIT_GETDATA(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE, ct);
00213   assert(lct);
00214 
00215   assert(lct->readFn);
00216   if (lseek(lct->fd, 0, SEEK_SET)==-1) {
00217     DBG_ERROR(GWEN_LOGDOMAIN, "lseek(%s): %s",
00218               GWEN_Crypt_Token_GetTokenName(ct),
00219               strerror(errno));
00220     return GWEN_ERROR_IO;
00221   }
00222   return lct->readFn(ct, lct->fd, gid);
00223 }
00224 
00225 
00226 
00227 int GWEN_Crypt_TokenFile__Write(GWEN_CRYPT_TOKEN *ct, int cr, uint32_t gid){
00228   GWEN_CRYPT_TOKEN_FILE *lct;
00229 
00230   assert(ct);
00231   lct=GWEN_INHERIT_GETDATA(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE, ct);
00232   assert(lct);
00233 
00234   if (lct->writeFn==0) {
00235     DBG_WARN(GWEN_LOGDOMAIN,
00236              "No write function in crypt token type \"%s\"",
00237              GWEN_Crypt_Token_GetTypeName(ct));
00238     return GWEN_ERROR_NOT_SUPPORTED;
00239   }
00240 
00241   if (lseek(lct->fd, 0, SEEK_SET)==-1) {
00242     DBG_ERROR(GWEN_LOGDOMAIN, "lseek(%s): %s",
00243               GWEN_Crypt_Token_GetTokenName(ct),
00244               strerror(errno));
00245     return GWEN_ERROR_IO;
00246   }
00247   return lct->writeFn(ct, lct->fd, cr, gid);
00248 }
00249 
00250 
00251 
00252 int GWEN_Crypt_TokenFile__ReadFile(GWEN_CRYPT_TOKEN *ct, uint32_t gid){
00253   GWEN_CRYPT_TOKEN_FILE *lct;
00254   int rv;
00255 
00256   assert(ct);
00257   lct=GWEN_INHERIT_GETDATA(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE, ct);
00258   assert(lct);
00259 
00260   /* clear context list, it will be reloaded */
00261   GWEN_Crypt_Token_Context_List_Clear(lct->contextList);
00262 
00263   /* open file */
00264   rv=GWEN_Crypt_TokenFile__OpenFile(ct, 0, gid);
00265   if (rv) {
00266     DBG_INFO(GWEN_LOGDOMAIN,
00267              "Could not open keyfile for reading (%d)", rv);
00268     return rv;
00269   }
00270 
00271   /* read file */
00272   rv=GWEN_Crypt_TokenFile__Read(ct, gid);
00273   if (rv) {
00274     DBG_INFO(GWEN_LOGDOMAIN, "Error reading keyfile");
00275     GWEN_Crypt_TokenFile__CloseFile(ct, gid);
00276     return rv;
00277   }
00278 
00279   /* close file */
00280   rv=GWEN_Crypt_TokenFile__CloseFile(ct, gid);
00281   if (rv) {
00282     DBG_INFO(GWEN_LOGDOMAIN, "Could not close keyfile");
00283     return rv;
00284   }
00285 
00286   return 0;
00287 }
00288 
00289 
00290 
00291 int GWEN_Crypt_TokenFile__WriteFile(GWEN_CRYPT_TOKEN *ct, int cr, uint32_t gid){
00292   GWEN_CRYPT_TOKEN_FILE *lct;
00293   int rv;
00294 
00295   assert(ct);
00296   lct=GWEN_INHERIT_GETDATA(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE, ct);
00297   assert(lct);
00298 
00299   /* open file */
00300   rv=GWEN_Crypt_TokenFile__OpenFile(ct, 1, gid);
00301   if (rv) {
00302     DBG_INFO(GWEN_LOGDOMAIN,
00303              "Could not open keyfile for writing (%d)", rv);
00304     return rv;
00305   }
00306 
00307   /* write file */
00308   rv=GWEN_Crypt_TokenFile__Write(ct, cr, gid);
00309   if (rv) {
00310     DBG_INFO(GWEN_LOGDOMAIN, "Error writing keyfile");
00311     GWEN_Crypt_TokenFile__CloseFile(ct, gid);
00312     return rv;
00313   }
00314 
00315   /* close file */
00316   rv=GWEN_Crypt_TokenFile__CloseFile(ct, gid);
00317   if (rv) {
00318     DBG_INFO(GWEN_LOGDOMAIN, "Could not close keyfile");
00319     return rv;
00320   }
00321 
00322   return 0;
00323 }
00324 
00325 
00326 
00327 int GWEN_Crypt_TokenFile__ReloadIfNeeded(GWEN_CRYPT_TOKEN *ct, uint32_t gid){
00328   GWEN_CRYPT_TOKEN_FILE *lct;
00329   struct stat st;
00330 
00331   assert(ct);
00332   lct=GWEN_INHERIT_GETDATA(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE, ct);
00333   assert(lct);
00334 
00335   if (stat(GWEN_Crypt_Token_GetTokenName(ct), &st)) {
00336     DBG_ERROR(GWEN_LOGDOMAIN,
00337               "stat(%s): %s",
00338               GWEN_Crypt_Token_GetTokenName(ct),
00339               strerror(errno));
00340     return -1;
00341   }
00342   if (lct->mtime!=st.st_mtime ||
00343       lct->ctime!=st.st_ctime) {
00344     int rv;
00345 
00346     /* file has changed, reload it */
00347     DBG_NOTICE(GWEN_LOGDOMAIN,
00348                "Keyfile changed externally, reloading it");
00349     /* read file */
00350     rv=GWEN_Crypt_TokenFile__ReadFile(ct, gid);
00351     if (rv) {
00352       DBG_WARN(GWEN_LOGDOMAIN, "Error reloading keyfile");
00353       return rv;
00354     }
00355   }
00356   else {
00357     DBG_NOTICE(GWEN_LOGDOMAIN, "Keyfile unchanged, not reloading");
00358   }
00359   return 0;
00360 }
00361 
00362 
00363 
00364 void GWEN_Crypt_TokenFile_AddContext(GWEN_CRYPT_TOKEN *ct, GWEN_CRYPT_TOKEN_CONTEXT *ctx) {
00365   GWEN_CRYPT_TOKEN_FILE *lct;
00366 
00367   assert(ct);
00368   lct=GWEN_INHERIT_GETDATA(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE, ct);
00369   assert(lct);
00370 
00371   /* make sure the context is a file context */
00372   assert(GWEN_CTF_Context_IsOfThisType(ctx));
00373   GWEN_Crypt_Token_Context_List_Add(ctx, lct->contextList);
00374 }
00375 
00376 
00377 
00378 GWEN_CRYPT_TOKEN_CONTEXT *GWEN_Crypt_TokenFile_GetContext(GWEN_CRYPT_TOKEN *ct, int idx) {
00379   GWEN_CRYPT_TOKEN_FILE *lct;
00380   GWEN_CRYPT_TOKEN_CONTEXT *ctx;
00381 
00382   assert(ct);
00383   lct=GWEN_INHERIT_GETDATA(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE, ct);
00384   assert(lct);
00385 
00386   ctx=GWEN_Crypt_Token_Context_List_First(lct->contextList);
00387   while(ctx) {
00388     if (idx==0)
00389       return ctx;
00390     ctx=GWEN_Crypt_Token_Context_List_Next(ctx);
00391     idx--;
00392   }
00393 
00394   return NULL;
00395 }
00396 
00397 
00398 
00399 GWEN_CRYPT_TOKEN_FILE_READ_FN GWEN_Crypt_TokenFile_SetReadFn(GWEN_CRYPT_TOKEN *ct,
00400                                                              GWEN_CRYPT_TOKEN_FILE_READ_FN f) {
00401   GWEN_CRYPT_TOKEN_FILE *lct;
00402   GWEN_CRYPT_TOKEN_FILE_READ_FN of;
00403 
00404   assert(ct);
00405   lct=GWEN_INHERIT_GETDATA(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE, ct);
00406   assert(lct);
00407 
00408   of=lct->readFn;
00409   lct->readFn=f;
00410 
00411   return of;
00412 }
00413 
00414 
00415 
00416 GWEN_CRYPT_TOKEN_FILE_WRITE_FN GWEN_Crypt_TokenFile_SetWriteFn(GWEN_CRYPT_TOKEN *ct,
00417                                                                GWEN_CRYPT_TOKEN_FILE_WRITE_FN f) {
00418   GWEN_CRYPT_TOKEN_FILE *lct;
00419   GWEN_CRYPT_TOKEN_FILE_WRITE_FN of;
00420 
00421   assert(ct);
00422   lct=GWEN_INHERIT_GETDATA(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE, ct);
00423   assert(lct);
00424 
00425   of=lct->writeFn;
00426   lct->writeFn=f;
00427 
00428   return of;
00429 }
00430 
00431 
00432 
00433 int GWENHYWFAR_CB GWEN_Crypt_TokenFile_Create(GWEN_CRYPT_TOKEN *ct, uint32_t gid){
00434   GWEN_CRYPT_TOKEN_FILE *lct;
00435   struct stat st;
00436   int fd;
00437   int rv;
00438 
00439   assert(ct);
00440   lct=GWEN_INHERIT_GETDATA(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE, ct);
00441   assert(lct);
00442 
00443   if (!GWEN_Crypt_Token_GetTokenName(ct)) {
00444     DBG_ERROR(GWEN_LOGDOMAIN, "No medium name given");
00445     return GWEN_ERROR_INVALID;
00446   }
00447 
00448   if (stat(GWEN_Crypt_Token_GetTokenName(ct), &st)) {
00449     if (errno!=ENOENT) {
00450       DBG_ERROR(GWEN_LOGDOMAIN,
00451                 "stat(%s): %s",
00452                 GWEN_Crypt_Token_GetTokenName(ct),
00453                 strerror(errno));
00454       return GWEN_ERROR_IO;
00455     }
00456   }
00457   else {
00458     DBG_ERROR(GWEN_LOGDOMAIN,
00459               "Keyfile \"%s\" already exists, will not create it",
00460               GWEN_Crypt_Token_GetTokenName(ct));
00461     return GWEN_ERROR_INVALID;
00462   }
00463 
00464 
00465   /* create file */
00466   fd=open(GWEN_Crypt_Token_GetTokenName(ct),
00467           O_RDWR | O_CREAT | O_EXCL
00468 #ifdef OS_WIN32
00469           | O_BINARY
00470 #endif
00471           ,
00472           S_IRUSR|S_IWUSR);
00473 
00474 
00475   if (fd==-1) {
00476     DBG_ERROR(GWEN_LOGDOMAIN,
00477               "open(%s): %s",
00478               GWEN_Crypt_Token_GetTokenName(ct),
00479               strerror(errno));
00480     return GWEN_ERROR_IO;
00481   }
00482 
00483   close(fd);
00484 
00485   rv=GWEN_Crypt_TokenFile__WriteFile(ct, 1, gid);
00486   if (rv) {
00487     DBG_INFO(GWEN_LOGDOMAIN, "here");
00488     return rv;
00489   }
00490 
00491   return 0;
00492 }
00493 
00494 
00495 
00496 int GWENHYWFAR_CB GWEN_Crypt_TokenFile_Open(GWEN_CRYPT_TOKEN *ct, int admin, uint32_t gid){
00497   GWEN_CRYPT_TOKEN_FILE *lct;
00498   int rv;
00499 
00500   assert(ct);
00501   lct=GWEN_INHERIT_GETDATA(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE, ct);
00502   assert(lct);
00503 
00504   rv=GWEN_Crypt_TokenFile__ReadFile(ct, gid);
00505   if (rv) {
00506     DBG_INFO(GWEN_LOGDOMAIN, "here");
00507     return rv;
00508   }
00509 
00510   return 0;
00511 }
00512 
00513 
00514 
00515 int GWENHYWFAR_CB GWEN_Crypt_TokenFile_Close(GWEN_CRYPT_TOKEN *ct, int abandon, uint32_t gid){
00516   GWEN_CRYPT_TOKEN_FILE *lct;
00517   int rv;
00518 
00519   assert(ct);
00520   lct=GWEN_INHERIT_GETDATA(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE, ct);
00521   assert(lct);
00522 
00523   if (!abandon)
00524     rv=GWEN_Crypt_TokenFile__WriteFile(ct, 0, gid);
00525   else
00526     rv=0;
00527 
00528   /* free/reset all data */
00529   GWEN_Crypt_Token_Context_List_Clear(lct->contextList);
00530   lct->mtime=0;
00531   lct->ctime=0;
00532 
00533   return rv;
00534 }
00535 
00536 
00537 
00538 
00539 int GWENHYWFAR_CB GWEN_Crypt_TokenFile__GetKeyIdList(GWEN_CRYPT_TOKEN *ct,
00540                                                      uint32_t *pIdList,
00541                                                      uint32_t *pCount,
00542                                                      uint32_t gid) {
00543   GWEN_CRYPT_TOKEN_FILE *lct;
00544   GWEN_CRYPT_TOKEN_CONTEXT *ctx;
00545   int i;
00546   int rv;
00547 
00548   assert(ct);
00549   lct=GWEN_INHERIT_GETDATA(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE, ct);
00550   assert(lct);
00551 
00552   /* reload if needed */
00553   rv=GWEN_Crypt_TokenFile__ReloadIfNeeded(ct, gid);
00554   if (rv) {
00555     DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
00556     return rv;
00557   }
00558 
00559   /* count keys */
00560   i=0;
00561   ctx=GWEN_Crypt_Token_Context_List_First(lct->contextList);
00562   while(ctx) {
00563     i+=GWEN_CRYPT_TOKEN_CONTEXT_KEYS;
00564     ctx=GWEN_Crypt_Token_Context_List_Next(ctx);
00565   }
00566 
00567   /* if no buffer given just return number of keys */
00568   if (pIdList==NULL) {
00569     *pCount=i;
00570     return 0;
00571   }
00572 
00573   if (*pCount<i) {
00574     DBG_INFO(GWEN_LOGDOMAIN, "Buffer too small");
00575     return GWEN_ERROR_BUFFER_OVERFLOW;
00576   }
00577 
00578   *pCount=i;
00579   i=0;
00580   ctx=GWEN_Crypt_Token_Context_List_First(lct->contextList);
00581   while(ctx) {
00582     int j;
00583 
00584     for (j=1; j<=GWEN_CRYPT_TOKEN_CONTEXT_KEYS; j++)
00585       *(pIdList++)=(i<<16)+j;
00586 
00587     ctx=GWEN_Crypt_Token_Context_List_Next(ctx);
00588     i++;
00589   }
00590 
00591   return 0;
00592 }
00593 
00594 
00595 
00596 const GWEN_CRYPT_TOKEN_KEYINFO* GWENHYWFAR_CB 
00597 GWEN_Crypt_TokenFile__GetKeyInfo(GWEN_CRYPT_TOKEN *ct,
00598                                  uint32_t id,
00599                                  uint32_t flags,
00600                                  uint32_t gid) {
00601   GWEN_CRYPT_TOKEN_FILE *lct;
00602   GWEN_CRYPT_TOKEN_CONTEXT *ctx;
00603   GWEN_CRYPT_TOKEN_KEYINFO *ki;
00604   int i;
00605   int rv;
00606 
00607   assert(ct);
00608   lct=GWEN_INHERIT_GETDATA(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE, ct);
00609   assert(lct);
00610 
00611   /* reload if needed */
00612   rv=GWEN_Crypt_TokenFile__ReloadIfNeeded(ct, gid);
00613   if (rv) {
00614     DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
00615     return NULL;
00616   }
00617 
00618   i=id>>16;
00619   ctx=GWEN_Crypt_Token_Context_List_First(lct->contextList);
00620   while(ctx) {
00621     if (i==0)
00622       break;
00623     ctx=GWEN_Crypt_Token_Context_List_Next(ctx);
00624     i--;
00625   }
00626 
00627   if (ctx==NULL) {
00628     DBG_INFO(GWEN_LOGDOMAIN, "No key by id [%x] known (context out of range)", id);
00629     return NULL;
00630   }
00631 
00632   switch(id & 0xffff) {
00633   case 1: ki=GWEN_CTF_Context_GetLocalSignKeyInfo(ctx); break;
00634   case 2: ki=GWEN_CTF_Context_GetLocalCryptKeyInfo(ctx); break;
00635   case 3: ki=GWEN_CTF_Context_GetRemoteSignKeyInfo(ctx); break;
00636   case 4: ki=GWEN_CTF_Context_GetRemoteCryptKeyInfo(ctx); break;
00637   case 5: ki=GWEN_CTF_Context_GetLocalAuthKeyInfo(ctx); break;
00638   case 6: ki=GWEN_CTF_Context_GetRemoteAuthKeyInfo(ctx); break;
00639   default:
00640     DBG_INFO(GWEN_LOGDOMAIN, "No key by id [%x] known (key id out of range)", id);
00641     return NULL;
00642   }
00643 
00644   if (ki==NULL) {
00645     DBG_INFO(GWEN_LOGDOMAIN, "No key info stored for key %d", id);
00646     return NULL;
00647   }
00648 
00649   return ki;
00650 }
00651 
00652 
00653 
00654 #if 0
00655 int GWENHYWFAR_CB 
00656 GWEN_Crypt_TokenFile__SetKeyInfo(GWEN_CRYPT_TOKEN *ct,
00657                                  uint32_t id,
00658                                  const GWEN_CRYPT_TOKEN_KEYINFO *ki,
00659                                  uint32_t gid) {
00660   GWEN_CRYPT_TOKEN_FILE *lct;
00661   GWEN_CRYPT_TOKEN_CONTEXT *ctx;
00662   int i;
00663   int rv;
00664   GWEN_CRYPT_TOKEN_KEYINFO *nki;
00665   GWEN_CRYPT_KEY *key;
00666   uint32_t flags;
00667 
00668   assert(ct);
00669   lct=GWEN_INHERIT_GETDATA(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE, ct);
00670   assert(lct);
00671 
00672   flags=GWEN_Crypt_Token_KeyInfo_GetFlags(ki);
00673 
00674   /* reload if needed */
00675   rv=GWEN_Crypt_TokenFile__ReloadIfNeeded(ct, gid);
00676   if (rv) {
00677     DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
00678     return rv;
00679   }
00680 
00681   i=id>>16;
00682   ctx=GWEN_Crypt_Token_Context_List_First(lct->contextList);
00683   while(ctx) {
00684     if (i==0)
00685       break;
00686     ctx=GWEN_Crypt_Token_Context_List_Next(ctx);
00687     i--;
00688   }
00689 
00690   if (ctx==NULL) {
00691     DBG_INFO(GWEN_LOGDOMAIN, "No key by id [%x] known (context out of range)", id);
00692     return GWEN_ERROR_NOT_FOUND;
00693   }
00694 
00695   nki=GWEN_Crypt_Token_KeyInfo_dup(ki);
00696   assert(nki);
00697   switch(id & 0xffff) {
00698   case 1:
00699     GWEN_CTF_Context_SetLocalSignKeyInfo(ctx, nki);
00700     key=GWEN_CTF_Context_GetLocalSignKey(ctx);
00701     break;
00702   case 2:
00703     GWEN_CTF_Context_SetLocalCryptKeyInfo(ctx, nki);
00704     key=GWEN_CTF_Context_GetLocalCryptKey(ctx);
00705     break;
00706   case 3:
00707     GWEN_CTF_Context_SetRemoteSignKeyInfo(ctx, nki);
00708     key=GWEN_CTF_Context_GetRemoteSignKey(ctx);
00709     break;
00710   case 4:
00711     GWEN_CTF_Context_SetRemoteCryptKeyInfo(ctx, nki);
00712     key=GWEN_CTF_Context_GetRemoteCryptKey(ctx);
00713     break;
00714   case 5:
00715     GWEN_CTF_Context_SetLocalAuthKeyInfo(ctx, nki);
00716     key=GWEN_CTF_Context_GetLocalAuthKey(ctx);
00717     break;
00718   case 6:
00719     GWEN_CTF_Context_SetRemoteAuthKeyInfo(ctx, nki);
00720     key=GWEN_CTF_Context_GetRemoteAuthKey(ctx);
00721     break;
00722   default:
00723     DBG_INFO(GWEN_LOGDOMAIN, "No key by id [%x] known (key id out of range)", id);
00724     GWEN_Crypt_Token_KeyInfo_free(nki);
00725     return GWEN_ERROR_NOT_FOUND;
00726   }
00727 
00728   /* replace key if modulus and exponent are given */
00729   if ((flags & GWEN_CRYPT_TOKEN_KEYFLAGS_HASMODULUS) &&
00730       (flags & GWEN_CRYPT_TOKEN_KEYFLAGS_HASEXPONENT) &&
00731       id!=1 && /* don't change local keys */
00732       id!=2 &&
00733       id!=5) {
00734     GWEN_CRYPT_KEY *nkey;
00735 
00736     nkey=GWEN_Crypt_KeyRsa_fromModExp(GWEN_Crypt_Token_KeyInfo_GetKeySize(ki),
00737                                       GWEN_Crypt_Token_KeyInfo_GetModulusData(ki),
00738                                       GWEN_Crypt_Token_KeyInfo_GetModulusLen(ki),
00739                                       GWEN_Crypt_Token_KeyInfo_GetExponentData(ki),
00740                                       GWEN_Crypt_Token_KeyInfo_GetExponentLen(ki));
00741     assert(nkey);
00742 
00743     if (flags & GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYNUMBER)
00744       GWEN_Crypt_Key_SetKeyNumber(nkey, GWEN_Crypt_Token_KeyInfo_GetKeyNumber(ki));
00745     if (flags & GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYVERSION)
00746       GWEN_Crypt_Key_SetKeyVersion(nkey, GWEN_Crypt_Token_KeyInfo_GetKeyVersion(ki));
00747 
00748     /* replace public key */
00749     switch(id & 0xffff) {
00750     case 3: /* remote sign key */
00751       GWEN_CTF_Context_SetRemoteSignKey(ctx, nkey);
00752       break;
00753     case 4: /* remote crypt key */
00754       GWEN_CTF_Context_SetRemoteCryptKey(ctx, nkey);
00755       break;
00756     case 6: /* remote auth key */
00757       GWEN_CTF_Context_SetRemoteAuthKey(ctx, nkey);
00758       break;
00759     default:
00760       DBG_ERROR(GWEN_LOGDOMAIN,
00761                 "Can't set modulus and exponent for private key");
00762       GWEN_Crypt_Key_free(nkey);
00763       return GWEN_ERROR_INVALID;
00764     }
00765     GWEN_Gui_ProgressLog(gid, GWEN_LoggerLevel_Notice,
00766                          I18N("Public key replaced"));
00767   }
00768   else {
00769     if (key) {
00770       if (flags & GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYNUMBER)
00771         GWEN_Crypt_Key_SetKeyNumber(key, GWEN_Crypt_Token_KeyInfo_GetKeyNumber(ki));
00772       if (flags & GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYVERSION)
00773         GWEN_Crypt_Key_SetKeyVersion(key, GWEN_Crypt_Token_KeyInfo_GetKeyVersion(ki));
00774     }
00775   }
00776 
00777   rv=GWEN_Crypt_TokenFile__WriteFile(ct, 0, gid);
00778   if (rv) {
00779     DBG_INFO(GWEN_LOGDOMAIN, "Unable to write file");
00780     GWEN_Gui_ProgressLog(gid, GWEN_LoggerLevel_Error,
00781                          I18N("Unable to write key file"));
00782     return rv;
00783   }
00784 
00785   GWEN_Gui_ProgressLog(gid, GWEN_LoggerLevel_Notice,
00786                        I18N("Key file saved"));
00787 
00788   return 0;
00789 }
00790 #endif
00791 
00792 
00793 int GWENHYWFAR_CB 
00794 GWEN_Crypt_TokenFile__SetKeyInfo(GWEN_CRYPT_TOKEN *ct,
00795                                  uint32_t id,
00796                                  const GWEN_CRYPT_TOKEN_KEYINFO *ski,
00797                                  uint32_t gid) {
00798   GWEN_CRYPT_TOKEN_FILE *lct;
00799   GWEN_CRYPT_TOKEN_CONTEXT *ctx;
00800   int i;
00801   int rv;
00802   GWEN_CRYPT_TOKEN_KEYINFO *ki;
00803   GWEN_CRYPT_KEY *key;
00804   uint32_t flags;
00805   uint32_t nflags;
00806 
00807   assert(ct);
00808   lct=GWEN_INHERIT_GETDATA(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE, ct);
00809   assert(lct);
00810 
00811   flags=GWEN_Crypt_Token_KeyInfo_GetFlags(ski);
00812 
00813   /* reload if needed */
00814   rv=GWEN_Crypt_TokenFile__ReloadIfNeeded(ct, gid);
00815   if (rv) {
00816     DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
00817     return rv;
00818   }
00819 
00820   i=id>>16;
00821   ctx=GWEN_Crypt_Token_Context_List_First(lct->contextList);
00822   while(ctx) {
00823     if (i==0)
00824       break;
00825     ctx=GWEN_Crypt_Token_Context_List_Next(ctx);
00826     i--;
00827   }
00828 
00829   if (ctx==NULL) {
00830     DBG_INFO(GWEN_LOGDOMAIN, "No key by id [%x] known (context out of range)", id);
00831     return GWEN_ERROR_NOT_FOUND;
00832   }
00833 
00834   switch(id & 0xffff) {
00835   case 1:
00836     ki=GWEN_CTF_Context_GetLocalSignKeyInfo(ctx);
00837     key=GWEN_CTF_Context_GetLocalSignKey(ctx);
00838     break;
00839   case 2:
00840     ki=GWEN_CTF_Context_GetLocalCryptKeyInfo(ctx);
00841     key=GWEN_CTF_Context_GetLocalCryptKey(ctx);
00842     break;
00843   case 3:
00844     ki=GWEN_CTF_Context_GetRemoteSignKeyInfo(ctx);
00845     key=GWEN_CTF_Context_GetRemoteSignKey(ctx);
00846     break;
00847   case 4:
00848     ki=GWEN_CTF_Context_GetRemoteCryptKeyInfo(ctx);
00849     key=GWEN_CTF_Context_GetRemoteCryptKey(ctx);
00850     break;
00851   case 5:
00852     ki=GWEN_CTF_Context_GetLocalAuthKeyInfo(ctx);
00853     key=GWEN_CTF_Context_GetLocalAuthKey(ctx);
00854     break;
00855   case 6:
00856     ki=GWEN_CTF_Context_GetRemoteAuthKeyInfo(ctx);
00857     key=GWEN_CTF_Context_GetRemoteAuthKey(ctx);
00858     break;
00859   default:
00860     DBG_INFO(GWEN_LOGDOMAIN, "No key by id [%x] known (key id out of range)", id);
00861     return GWEN_ERROR_NOT_FOUND;
00862   }
00863   assert(ki);
00864 
00865   nflags=GWEN_Crypt_Token_KeyInfo_GetFlags(ki);
00866 
00867   if (flags & GWEN_CRYPT_TOKEN_KEYFLAGS_HASSTATUS) {
00868     /* ignore for now */
00869   }
00870 
00871   if (flags & GWEN_CRYPT_TOKEN_KEYFLAGS_HASACTIONFLAGS) {
00872     nflags&=~GWEN_CRYPT_TOKEN_KEYFLAGS_ACTIONMASK;
00873     nflags|=(flags & GWEN_CRYPT_TOKEN_KEYFLAGS_ACTIONMASK);
00874   }
00875 
00876   if (flags & GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYVERSION) {
00877     uint32_t i=GWEN_Crypt_Token_KeyInfo_GetKeyVersion(ski);
00878     GWEN_Crypt_Token_KeyInfo_SetKeyVersion(ki, i);
00879     nflags|=GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYVERSION;
00880   }
00881 
00882   if (flags & GWEN_CRYPT_TOKEN_KEYFLAGS_HASSIGNCOUNTER) {
00883     uint32_t i=GWEN_Crypt_Token_KeyInfo_GetSignCounter(ski);
00884     GWEN_Crypt_Token_KeyInfo_SetSignCounter(ki, i);
00885     nflags|=GWEN_CRYPT_TOKEN_KEYFLAGS_HASSIGNCOUNTER;
00886   }
00887 
00888   if (flags & GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYNUMBER) {
00889     uint32_t i=GWEN_Crypt_Token_KeyInfo_GetKeyNumber(ski);
00890     GWEN_Crypt_Token_KeyInfo_SetKeyNumber(ki, i);
00891     nflags|=GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYNUMBER;
00892   }
00893 
00894   /* replace key if modulus and exponent are given */
00895   if ((flags & GWEN_CRYPT_TOKEN_KEYFLAGS_HASMODULUS) &&
00896       (flags & GWEN_CRYPT_TOKEN_KEYFLAGS_HASEXPONENT) &&
00897       id!=1 && /* don't change local keys */
00898       id!=2 &&
00899       id!=5) {
00900     GWEN_CRYPT_KEY *nkey;
00901 
00902     GWEN_Crypt_Token_KeyInfo_SetKeySize(ki, GWEN_Crypt_Token_KeyInfo_GetKeySize(ski));
00903     GWEN_Crypt_Token_KeyInfo_SetModulus(ki,
00904                                         GWEN_Crypt_Token_KeyInfo_GetModulusData(ski),
00905                                         GWEN_Crypt_Token_KeyInfo_GetModulusLen(ski));
00906     nflags|=GWEN_CRYPT_TOKEN_KEYFLAGS_HASMODULUS;
00907     GWEN_Crypt_Token_KeyInfo_SetExponent(ki,
00908                                          GWEN_Crypt_Token_KeyInfo_GetExponentData(ski),
00909                                          GWEN_Crypt_Token_KeyInfo_GetExponentLen(ski));
00910     nflags|=GWEN_CRYPT_TOKEN_KEYFLAGS_HASEXPONENT;
00911     nkey=GWEN_Crypt_KeyRsa_fromModExp(GWEN_Crypt_Token_KeyInfo_GetKeySize(ski),
00912                                       GWEN_Crypt_Token_KeyInfo_GetModulusData(ski),
00913                                       GWEN_Crypt_Token_KeyInfo_GetModulusLen(ski),
00914                                       GWEN_Crypt_Token_KeyInfo_GetExponentData(ski),
00915                                       GWEN_Crypt_Token_KeyInfo_GetExponentLen(ski));
00916     assert(nkey);
00917 
00918     if (nflags & GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYNUMBER)
00919       GWEN_Crypt_Key_SetKeyNumber(nkey, GWEN_Crypt_Token_KeyInfo_GetKeyNumber(ki));
00920     if (nflags & GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYVERSION)
00921       GWEN_Crypt_Key_SetKeyVersion(nkey, GWEN_Crypt_Token_KeyInfo_GetKeyVersion(ki));
00922 
00923     /* replace public key */
00924     switch(id & 0xffff) {
00925     case 3: /* remote sign key */
00926       GWEN_CTF_Context_SetRemoteSignKey(ctx, nkey);
00927       break;
00928     case 4: /* remote crypt key */
00929       GWEN_CTF_Context_SetRemoteCryptKey(ctx, nkey);
00930       break;
00931     case 6: /* remote auth key */
00932       GWEN_CTF_Context_SetRemoteAuthKey(ctx, nkey);
00933       break;
00934     default:
00935       DBG_ERROR(GWEN_LOGDOMAIN,
00936                 "Can't set modulus and exponent for private key");
00937       GWEN_Crypt_Key_free(nkey);
00938       return GWEN_ERROR_INVALID;
00939     }
00940     GWEN_Gui_ProgressLog(gid, GWEN_LoggerLevel_Notice,
00941                          I18N("Public key replaced"));
00942   }
00943   else {
00944     if (key) {
00945       if (flags & GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYNUMBER)
00946         GWEN_Crypt_Key_SetKeyNumber(key, GWEN_Crypt_Token_KeyInfo_GetKeyNumber(ki));
00947       if (flags & GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYVERSION)
00948         GWEN_Crypt_Key_SetKeyVersion(key, GWEN_Crypt_Token_KeyInfo_GetKeyVersion(ki));
00949     }
00950   }
00951 
00952   GWEN_Crypt_Token_KeyInfo_SetFlags(ki, nflags);
00953 
00954   rv=GWEN_Crypt_TokenFile__WriteFile(ct, 0, gid);
00955   if (rv) {
00956     DBG_INFO(GWEN_LOGDOMAIN, "Unable to write file");
00957     GWEN_Gui_ProgressLog(gid, GWEN_LoggerLevel_Error,
00958                          I18N("Unable to write key file"));
00959     return rv;
00960   }
00961 
00962   GWEN_Gui_ProgressLog(gid, GWEN_LoggerLevel_Notice,
00963                        I18N("Key file saved"));
00964 
00965   return 0;
00966 }
00967 
00968 
00969 
00970 int GWENHYWFAR_CB
00971 GWEN_Crypt_TokenFile__GetContextIdList(GWEN_CRYPT_TOKEN *ct,
00972                                        uint32_t *pIdList,
00973                                        uint32_t *pCount,
00974                                        uint32_t gid) {
00975   GWEN_CRYPT_TOKEN_FILE *lct;
00976   GWEN_CRYPT_TOKEN_CONTEXT *ctx;
00977   int i;
00978   int rv;
00979 
00980   assert(ct);
00981   lct=GWEN_INHERIT_GETDATA(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE, ct);
00982   assert(lct);
00983 
00984   /* reload if needed */
00985   rv=GWEN_Crypt_TokenFile__ReloadIfNeeded(ct, gid);
00986   if (rv) {
00987     DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
00988     return rv;
00989   }
00990 
00991   /* count keys */
00992   i=0;
00993   ctx=GWEN_Crypt_Token_Context_List_First(lct->contextList);
00994   while(ctx) {
00995     i++;
00996     ctx=GWEN_Crypt_Token_Context_List_Next(ctx);
00997   }
00998 
00999   /* store number of entries */
01000   *pCount=i;
01001 
01002   /* if no buffer given just return number of keys */
01003   if (pIdList==NULL)
01004     return 0;
01005 
01006   if (*pCount<i) {
01007     DBG_INFO(GWEN_LOGDOMAIN, "Buffer too small");
01008     return GWEN_ERROR_BUFFER_OVERFLOW;
01009   }
01010 
01011   i=1;
01012   ctx=GWEN_Crypt_Token_Context_List_First(lct->contextList);
01013   while(ctx) {
01014     *(pIdList++)=i;
01015     ctx=GWEN_Crypt_Token_Context_List_Next(ctx);
01016     i++;
01017   }
01018 
01019   return 0;
01020 }
01021 
01022 
01023 
01024 const GWEN_CRYPT_TOKEN_CONTEXT* GWENHYWFAR_CB 
01025 GWEN_Crypt_TokenFile__GetContext(GWEN_CRYPT_TOKEN *ct,
01026                                  uint32_t id,
01027                                  uint32_t gid) {
01028   GWEN_CRYPT_TOKEN_FILE *lct;
01029   GWEN_CRYPT_TOKEN_CONTEXT *ctx;
01030   int rv;
01031 
01032   assert(ct);
01033   lct=GWEN_INHERIT_GETDATA(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE, ct);
01034   assert(lct);
01035 
01036   /* reload if needed */
01037   rv=GWEN_Crypt_TokenFile__ReloadIfNeeded(ct, gid);
01038   if (rv) {
01039     DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
01040     return NULL;
01041   }
01042 
01043   if (id==0) {
01044     DBG_INFO(GWEN_LOGDOMAIN, "Invalid context id 0");
01045     return NULL;
01046   }
01047 
01048   ctx=GWEN_Crypt_Token_Context_List_First(lct->contextList);
01049   while(ctx) {
01050     if (GWEN_Crypt_Token_Context_GetId(ctx)==id)
01051       break;
01052     ctx=GWEN_Crypt_Token_Context_List_Next(ctx);
01053   }
01054 
01055   if (ctx==NULL) {
01056     DBG_INFO(GWEN_LOGDOMAIN, "No context by id [%x] known", id);
01057     return NULL;
01058   }
01059 
01060   return ctx;
01061 }
01062 
01063 
01064 
01065 int GWENHYWFAR_CB 
01066 GWEN_Crypt_TokenFile__SetContext(GWEN_CRYPT_TOKEN *ct,
01067                                  uint32_t id,
01068                                  const GWEN_CRYPT_TOKEN_CONTEXT *nctx,
01069                                  uint32_t gid) {
01070   GWEN_CRYPT_TOKEN_FILE *lct;
01071   GWEN_CRYPT_TOKEN_CONTEXT *ctx;
01072   int rv;
01073   const char *s;
01074 
01075   assert(ct);
01076   lct=GWEN_INHERIT_GETDATA(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE, ct);
01077   assert(lct);
01078 
01079   if (id==0) {
01080     DBG_INFO(GWEN_LOGDOMAIN, "Invalid context id 0");
01081     return GWEN_ERROR_INVALID;
01082   }
01083 
01084   /* reload if needed */
01085   rv=GWEN_Crypt_TokenFile__ReloadIfNeeded(ct, gid);
01086   if (rv) {
01087     DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
01088     return rv;
01089   }
01090 
01091   ctx=GWEN_Crypt_Token_Context_List_First(lct->contextList);
01092   while(ctx) {
01093     if (GWEN_Crypt_Token_Context_GetId(ctx)==id)
01094       break;
01095     ctx=GWEN_Crypt_Token_Context_List_Next(ctx);
01096   }
01097 
01098   if (ctx==NULL) {
01099     DBG_INFO(GWEN_LOGDOMAIN, "No context by id [%x] known", id);
01100     return GWEN_ERROR_NOT_FOUND;
01101   }
01102 
01103   /* copy user data from context */
01104   s=GWEN_Crypt_Token_Context_GetServiceId(nctx);
01105   GWEN_Crypt_Token_Context_SetServiceId(ctx, s);
01106   s=GWEN_Crypt_Token_Context_GetUserId(nctx);
01107   GWEN_Crypt_Token_Context_SetUserId(ctx, s);
01108   s=GWEN_Crypt_Token_Context_GetUserName(nctx);
01109   GWEN_Crypt_Token_Context_SetUserName(ctx, s);
01110   s=GWEN_Crypt_Token_Context_GetPeerId(nctx);
01111   GWEN_Crypt_Token_Context_SetPeerId(ctx, s);
01112   s=GWEN_Crypt_Token_Context_GetAddress(nctx);
01113   GWEN_Crypt_Token_Context_SetAddress(ctx, s);
01114   GWEN_Crypt_Token_Context_SetPort(ctx, GWEN_Crypt_Token_Context_GetPort(nctx));
01115   s=GWEN_Crypt_Token_Context_GetSystemId(nctx);
01116   GWEN_Crypt_Token_Context_SetSystemId(ctx, s);
01117 
01118   return 0;
01119 }
01120 
01121 
01122 
01123 GWEN_CRYPT_KEY *GWEN_Crypt_TokenFile__GetKey(GWEN_CRYPT_TOKEN *ct, uint32_t id, uint32_t gid) {
01124   GWEN_CRYPT_TOKEN_FILE *lct;
01125   GWEN_CRYPT_TOKEN_CONTEXT *ctx;
01126   int i;
01127   int rv;
01128 
01129   assert(ct);
01130   lct=GWEN_INHERIT_GETDATA(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE, ct);
01131   assert(lct);
01132 
01133   /* reload if needed */
01134   rv=GWEN_Crypt_TokenFile__ReloadIfNeeded(ct, gid);
01135   if (rv) {
01136     DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
01137     return NULL;
01138   }
01139 
01140   i=id>>16;
01141   ctx=GWEN_Crypt_Token_Context_List_First(lct->contextList);
01142   while(ctx) {
01143     if (i==0)
01144       break;
01145     ctx=GWEN_Crypt_Token_Context_List_Next(ctx);
01146     i--;
01147   }
01148 
01149   if (ctx==NULL) {
01150     DBG_INFO(GWEN_LOGDOMAIN, "No key by id [%x] known (context out of range)", id);
01151     return NULL;
01152   }
01153 
01154   switch(id & 0xffff) {
01155   case 1: return GWEN_CTF_Context_GetLocalSignKey(ctx);
01156   case 2: return GWEN_CTF_Context_GetLocalCryptKey(ctx);
01157   case 3: return GWEN_CTF_Context_GetRemoteSignKey(ctx);
01158   case 4: return GWEN_CTF_Context_GetRemoteCryptKey(ctx);
01159   case 5: return GWEN_CTF_Context_GetLocalAuthKey(ctx);
01160   case 6: return GWEN_CTF_Context_GetRemoteAuthKey(ctx);
01161   default:
01162     DBG_INFO(GWEN_LOGDOMAIN, "No key by id [%x] known (key id out of range)", id);
01163     return NULL;
01164   }
01165 }
01166 
01167 
01168 
01169 int GWENHYWFAR_CB
01170 GWEN_Crypt_TokenFile__Sign(GWEN_CRYPT_TOKEN *ct,
01171                            uint32_t keyId,
01172                            GWEN_CRYPT_PADDALGO *a,
01173                            const uint8_t *pInData,
01174                            uint32_t inLen,
01175                            uint8_t *pSignatureData,
01176                            uint32_t *pSignatureLen,
01177                            uint32_t *pSeqCounter,
01178                            uint32_t gid) {
01179   GWEN_CRYPT_TOKEN_FILE *lct;
01180   GWEN_CRYPT_TOKEN_CONTEXT *ctx;
01181   GWEN_CRYPT_KEY *k;
01182   int keyNum;
01183   GWEN_BUFFER *srcBuf;
01184   int i;
01185   int rv;
01186 
01187   assert(ct);
01188   lct=GWEN_INHERIT_GETDATA(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE, ct);
01189   assert(lct);
01190 
01191   DBG_INFO(GWEN_LOGDOMAIN, "Signing with key %d", keyId);
01192 
01193   /* reload if needed */
01194   rv=GWEN_Crypt_TokenFile__ReloadIfNeeded(ct, gid);
01195   if (rv) {
01196     DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
01197     return rv;
01198   }
01199 
01200   /* get context */
01201   i=(keyId>>16);
01202   ctx=GWEN_Crypt_Token_Context_List_First(lct->contextList);
01203   if (ctx==NULL) {
01204     DBG_ERROR(GWEN_LOGDOMAIN, "Token has no context");
01205     return GWEN_ERROR_NOT_FOUND;
01206   }
01207   while(ctx) {
01208     if (i==0)
01209       break;
01210     DBG_ERROR(GWEN_LOGDOMAIN, "Checking token %d (i==%d)",
01211               GWEN_Crypt_Token_Context_GetId(ctx), i);
01212     ctx=GWEN_Crypt_Token_Context_List_Next(ctx);
01213     i--;
01214   }
01215 
01216   if (ctx==NULL) {
01217     DBG_INFO(GWEN_LOGDOMAIN, "No context by id [%x] known", (keyId>>16) & 0xffff);
01218     return GWEN_ERROR_NOT_FOUND;
01219   }
01220 
01221   /* get key */
01222   keyNum=keyId & 0xffff;
01223   if (keyNum!=1 && keyNum!=5) {
01224     /* neither localSignKey nor localAuthKey */
01225     DBG_INFO(GWEN_LOGDOMAIN, "Bad key for signing (%x)", keyId);
01226     return GWEN_ERROR_INVALID;
01227   }
01228 
01229   k=GWEN_Crypt_TokenFile__GetKey(ct, keyId, gid);
01230   if (k==NULL) {
01231     DBG_INFO(GWEN_LOGDOMAIN, "Key not found");
01232     return GWEN_ERROR_NOT_FOUND;
01233   }
01234 
01235   /* copy to a buffer for padding */
01236   srcBuf=GWEN_Buffer_new(0, inLen, 0, 0);
01237   GWEN_Buffer_AppendBytes(srcBuf, (const char*)pInData, inLen);
01238 
01239   /* padd according to given algo */
01240   rv=GWEN_Padd_ApplyPaddAlgo(a, srcBuf);
01241   if (rv) {
01242     DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
01243     GWEN_Buffer_free(srcBuf);
01244     return rv;
01245   }
01246 
01247   /* sign with key */
01248   rv=GWEN_Crypt_Key_Sign(k,
01249                          (const uint8_t*)GWEN_Buffer_GetStart(srcBuf),
01250                          GWEN_Buffer_GetUsedBytes(srcBuf),
01251                          pSignatureData,
01252                          pSignatureLen);
01253   GWEN_Buffer_free(srcBuf);
01254   if (rv) {
01255     DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
01256     return rv;
01257   }
01258 
01259   if (pSeqCounter) {
01260     GWEN_CRYPT_TOKEN_KEYINFO *ki;
01261 
01262     /* signature sequence counter is to be incremented */
01263     switch(keyId & 0xffff) {
01264     case 1:  ki=GWEN_CTF_Context_GetLocalSignKeyInfo(ctx); break;
01265     case 5:  ki=GWEN_CTF_Context_GetLocalAuthKeyInfo(ctx); break;
01266     default: ki=NULL;
01267     }
01268     if (ki &&
01269         (GWEN_Crypt_Token_KeyInfo_GetFlags(ki) & GWEN_CRYPT_TOKEN_KEYFLAGS_HASSIGNCOUNTER)) {
01270       unsigned int seq;
01271 
01272       seq=GWEN_Crypt_Token_KeyInfo_GetSignCounter(ki);
01273       *pSeqCounter=seq;
01274       GWEN_Crypt_Token_KeyInfo_SetSignCounter(ki, ++seq);
01275 
01276       rv=GWEN_Crypt_TokenFile__WriteFile(ct, 0, gid);
01277       if (rv) {
01278         DBG_INFO(GWEN_LOGDOMAIN, "Unable to write file");
01279         return rv;
01280       }
01281     }
01282     else {
01283       DBG_WARN(GWEN_LOGDOMAIN, "No sign counter for key %04x", keyId);
01284       *pSeqCounter=0;
01285     }
01286   }
01287 
01288   return 0;
01289 }
01290 
01291 
01292 
01293 int GWENHYWFAR_CB
01294 GWEN_Crypt_TokenFile__Verify(GWEN_CRYPT_TOKEN *ct,
01295                              uint32_t keyId,
01296                              GWEN_CRYPT_PADDALGO *a,
01297                              const uint8_t *pInData,
01298                              uint32_t inLen,
01299                              const uint8_t *pSignatureData,
01300                              uint32_t signatureLen,
01301                              uint32_t seqCounter,
01302                              uint32_t gid) {
01303   GWEN_CRYPT_TOKEN_FILE *lct;
01304   GWEN_CRYPT_TOKEN_CONTEXT *ctx;
01305   GWEN_CRYPT_KEY *k;
01306   int keyNum;
01307   int i;
01308   int rv;
01309   GWEN_CRYPT_PADDALGOID aid;
01310 
01311   assert(ct);
01312   lct=GWEN_INHERIT_GETDATA(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE, ct);
01313   assert(lct);
01314 
01315   DBG_INFO(GWEN_LOGDOMAIN, "Verifying with key %d", keyId);
01316 
01317   aid=GWEN_Crypt_PaddAlgo_GetId(a);
01318 
01319   /* reload if needed */
01320   rv=GWEN_Crypt_TokenFile__ReloadIfNeeded(ct, gid);
01321   if (rv) {
01322     DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
01323     return rv;
01324   }
01325 
01326   /* get context */
01327   i=(keyId>>16);
01328   ctx=GWEN_Crypt_Token_Context_List_First(lct->contextList);
01329   while(ctx) {
01330     if (i==0)
01331       break;
01332     ctx=GWEN_Crypt_Token_Context_List_Next(ctx);
01333     i--;
01334   }
01335 
01336   if (ctx==NULL) {
01337     DBG_INFO(GWEN_LOGDOMAIN, "No context by id [%x] known", (keyId>>16) & 0xffff);
01338     return GWEN_ERROR_NOT_FOUND;
01339   }
01340 
01341   /* get key */
01342   keyNum=keyId & 0xffff;
01343   if (keyNum!=1 && keyNum!=3 && keyNum!=6) {
01344     /* neither remoteSignKey nor remoteAuthKey */
01345     DBG_INFO(GWEN_LOGDOMAIN, "Bad key for verifying (%x)", keyId);
01346     return GWEN_ERROR_INVALID;
01347   }
01348 
01349   k=GWEN_Crypt_TokenFile__GetKey(ct, keyId, gid);
01350   if (k==NULL) {
01351     DBG_INFO(GWEN_LOGDOMAIN, "Key not found");
01352     return GWEN_ERROR_NO_KEY;
01353   }
01354 
01355   if (aid==GWEN_Crypt_PaddAlgoId_Iso9796_2 ||
01356       aid==GWEN_Crypt_PaddAlgoId_Pkcs1_2) {
01357     GWEN_BUFFER *tbuf;
01358     uint32_t l;
01359 
01360     /* these algos add random numbers, we must use encrypt fn here and
01361      * compare the decrypted and unpadded data with the source data */
01362     tbuf=GWEN_Buffer_new(0, inLen+16, 0, 0);
01363     l=GWEN_Buffer_GetMaxUnsegmentedWrite(tbuf);
01364     rv=GWEN_Crypt_Key_Encipher(k,
01365                                pSignatureData, signatureLen,
01366                                (uint8_t*)GWEN_Buffer_GetStart(tbuf),
01367                                &l);
01368     if (rv<0) {
01369       DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
01370       GWEN_Buffer_free(tbuf);
01371       return rv;
01372     }
01373     GWEN_Buffer_IncrementPos(tbuf, l);
01374     GWEN_Buffer_AdjustUsedBytes(tbuf);
01375 
01376     rv=GWEN_Padd_UnapplyPaddAlgo(a, tbuf);
01377     if (rv<0) {
01378       DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
01379       GWEN_Buffer_free(tbuf);
01380       return rv;
01381     }
01382     if (l!=inLen) {
01383       DBG_ERROR(GWEN_LOGDOMAIN, "Signature length doesn't match");
01384       GWEN_Buffer_free(tbuf);
01385       return GWEN_ERROR_VERIFY;
01386     }
01387     if (memcmp(pInData, GWEN_Buffer_GetStart(tbuf), l)!=0) {
01388       DBG_ERROR(GWEN_LOGDOMAIN, "Signature doesn't match:");
01389       GWEN_Buffer_free(tbuf);
01390       return GWEN_ERROR_VERIFY;
01391     }
01392   }
01393   else {
01394     GWEN_BUFFER *srcBuf;
01395 
01396     /* copy to a buffer for padding */
01397     srcBuf=GWEN_Buffer_new(0, inLen, 0, 0);
01398     GWEN_Buffer_AppendBytes(srcBuf, (const char*)pInData, inLen);
01399 
01400     /* padd according to given algo */
01401     rv=GWEN_Padd_ApplyPaddAlgo(a, srcBuf);
01402     if (rv) {
01403       DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
01404       GWEN_Buffer_free(srcBuf);
01405       return rv;
01406     }
01407 
01408     /* sign with key */
01409     rv=GWEN_Crypt_Key_Verify(k,
01410                              (const uint8_t*)GWEN_Buffer_GetStart(srcBuf),
01411                              GWEN_Buffer_GetUsedBytes(srcBuf),
01412                              pSignatureData,
01413                              signatureLen);
01414     GWEN_Buffer_free(srcBuf);
01415     if (rv) {
01416       DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
01417       return rv;
01418     }
01419   }
01420 
01421   if (seqCounter) {
01422     GWEN_CRYPT_TOKEN_KEYINFO *ki;
01423 
01424     /* signature sequence counter is to be checked */
01425     if (keyNum==3)
01426       ki=GWEN_CTF_Context_GetRemoteSignKeyInfo(ctx);
01427     else
01428       ki=GWEN_CTF_Context_GetRemoteAuthKeyInfo(ctx);
01429     if (ki &&
01430         (GWEN_Crypt_Token_KeyInfo_GetFlags(ki) & GWEN_CRYPT_TOKEN_KEYFLAGS_HASSIGNCOUNTER)) {
01431       unsigned int seq;
01432 
01433       seq=GWEN_Crypt_Token_KeyInfo_GetSignCounter(ki);
01434 
01435       if (seq>=seqCounter) {
01436         DBG_WARN(GWEN_LOGDOMAIN, "Bad remote sequence counter (possibly replay attack!)");
01437         return GWEN_ERROR_VERIFY;
01438       }
01439       GWEN_Crypt_Token_KeyInfo_SetSignCounter(ki, seqCounter);
01440 
01441       /* write file */
01442       rv=GWEN_Crypt_TokenFile__WriteFile(ct, 0, gid);
01443       if (rv) {
01444         DBG_INFO(GWEN_LOGDOMAIN, "Unable to write file");
01445         return rv;
01446       }
01447     }
01448     else {
01449       DBG_WARN(GWEN_LOGDOMAIN, "No sign counter for key %04x", keyId);
01450     }
01451 
01452   }
01453 
01454   return 0;
01455 }
01456 
01457 
01458 
01459 int GWENHYWFAR_CB
01460 GWEN_Crypt_TokenFile__Encipher(GWEN_CRYPT_TOKEN *ct,
01461                                uint32_t keyId,
01462                                GWEN_CRYPT_PADDALGO *a,
01463                                const uint8_t *pInData,
01464                                uint32_t inLen,
01465                                uint8_t *pOutData,
01466                                uint32_t *pOutLen,
01467                                uint32_t gid) {
01468   GWEN_CRYPT_TOKEN_FILE *lct;
01469   GWEN_CRYPT_TOKEN_CONTEXT *ctx;
01470   GWEN_CRYPT_KEY *k;
01471   int keyNum;
01472   GWEN_BUFFER *srcBuf;
01473   int i;
01474   int rv;
01475 
01476   assert(ct);
01477   lct=GWEN_INHERIT_GETDATA(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE, ct);
01478   assert(lct);
01479 
01480   DBG_INFO(GWEN_LOGDOMAIN, "Enciphering with key %d", keyId);
01481 
01482   /* reload if needed */
01483   rv=GWEN_Crypt_TokenFile__ReloadIfNeeded(ct, gid);
01484   if (rv) {
01485     DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
01486     return rv;
01487   }
01488 
01489   /* get context */
01490   i=(keyId>>16);
01491   ctx=GWEN_Crypt_Token_Context_List_First(lct->contextList);
01492   while(ctx) {
01493     if (i==0)
01494       break;
01495     ctx=GWEN_Crypt_Token_Context_List_Next(ctx);
01496     i--;
01497   }
01498 
01499   if (ctx==NULL) {
01500     DBG_INFO(GWEN_LOGDOMAIN, "No context by id [%x] known", (keyId>>16) & 0xffff);
01501     return GWEN_ERROR_NOT_FOUND;
01502   }
01503 
01504   /* get key */
01505   keyNum=keyId & 0xffff;
01506   if (keyNum!=2 && keyNum!=4) {
01507     /* not remoteCryptKey */
01508     DBG_INFO(GWEN_LOGDOMAIN, "Bad key for encrypting (%x)", keyId);
01509     return GWEN_ERROR_INVALID;
01510   }
01511 
01512   k=GWEN_Crypt_TokenFile__GetKey(ct, keyId, gid);
01513   if (k==NULL) {
01514     DBG_INFO(GWEN_LOGDOMAIN, "Key %d not found", keyId);
01515     return GWEN_ERROR_NOT_FOUND;
01516   }
01517 
01518   /* copy to a buffer for padding */
01519   srcBuf=GWEN_Buffer_new(0, inLen, 0, 0);
01520   GWEN_Buffer_AppendBytes(srcBuf, (const char*)pInData, inLen);
01521   GWEN_Buffer_Rewind(srcBuf);
01522 
01523   /* padd according to given algo */
01524   rv=GWEN_Padd_ApplyPaddAlgo(a, srcBuf);
01525   if (rv) {
01526     DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
01527     GWEN_Buffer_free(srcBuf);
01528     return rv;
01529   }
01530 
01531   /* encipher with key */
01532   rv=GWEN_Crypt_Key_Encipher(k,
01533                              (const uint8_t*)GWEN_Buffer_GetStart(srcBuf),
01534                              GWEN_Buffer_GetUsedBytes(srcBuf),
01535                              pOutData,
01536                              pOutLen);
01537   GWEN_Buffer_free(srcBuf);
01538   if (rv) {
01539     DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
01540     return rv;
01541   }
01542 
01543   return 0;
01544 }
01545 
01546 
01547 
01548 int GWENHYWFAR_CB
01549 GWEN_Crypt_TokenFile__Decipher(GWEN_CRYPT_TOKEN *ct,
01550                                uint32_t keyId,
01551                                GWEN_CRYPT_PADDALGO *a,
01552                                const uint8_t *pInData,
01553                                uint32_t inLen,
01554                                uint8_t *pOutData,
01555                                uint32_t *pOutLen,
01556                                uint32_t gid) {
01557   GWEN_CRYPT_TOKEN_FILE *lct;
01558   GWEN_CRYPT_TOKEN_CONTEXT *ctx;
01559   GWEN_CRYPT_KEY *k;
01560   int keyNum;
01561   GWEN_BUFFER *tbuf;
01562   int i;
01563   int rv;
01564   uint32_t l;
01565 
01566   assert(ct);
01567   lct=GWEN_INHERIT_GETDATA(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE, ct);
01568   assert(lct);
01569 
01570   DBG_INFO(GWEN_LOGDOMAIN, "Deciphering with key %d", keyId);
01571 
01572   /* reload if needed */
01573   rv=GWEN_Crypt_TokenFile__ReloadIfNeeded(ct, gid);
01574   if (rv) {
01575     DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
01576     return rv;
01577   }
01578 
01579   /* get context */
01580   i=(keyId>>16);
01581   ctx=GWEN_Crypt_Token_Context_List_First(lct->contextList);
01582   while(ctx) {
01583     if (i==0)
01584       break;
01585     ctx=GWEN_Crypt_Token_Context_List_Next(ctx);
01586     i--;
01587   }
01588 
01589   if (ctx==NULL) {
01590     DBG_INFO(GWEN_LOGDOMAIN, "No context by id [%x] known", (keyId>>16) & 0xffff);
01591     return GWEN_ERROR_NOT_FOUND;
01592   }
01593 
01594   /* get key */
01595   keyNum=keyId & 0xffff;
01596   if (keyNum!=2 && keyNum!=4) {
01597     /* not localCryptKey */
01598     DBG_INFO(GWEN_LOGDOMAIN, "Bad key for decrypting (%x)", keyId);
01599     return GWEN_ERROR_INVALID;
01600   }
01601 
01602   k=GWEN_Crypt_TokenFile__GetKey(ct, keyId, gid);
01603   if (k==NULL) {
01604     DBG_INFO(GWEN_LOGDOMAIN, "Key not found");
01605     return GWEN_ERROR_NOT_FOUND;
01606   }
01607 
01608   /* decipher with key */
01609   tbuf=GWEN_Buffer_new(0, inLen+16, 0, 1);
01610   l=GWEN_Buffer_GetMaxUnsegmentedWrite(tbuf);
01611   rv=GWEN_Crypt_Key_Decipher(k,
01612                              pInData, inLen,
01613                              (uint8_t*)GWEN_Buffer_GetStart(tbuf), &l);
01614   if (rv<0) {
01615     DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
01616     GWEN_Buffer_free(tbuf);
01617     return rv;
01618   }
01619   GWEN_Buffer_IncrementPos(tbuf, l);
01620   GWEN_Buffer_AdjustUsedBytes(tbuf);
01621 
01622   /* unpadd according to given algo */
01623   rv=GWEN_Padd_UnapplyPaddAlgo(a, tbuf);
01624   if (rv) {
01625     DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
01626     GWEN_Buffer_free(tbuf);
01627     return rv;
01628   }
01629 
01630   /* copy resulting data to given buffer */
01631   l=GWEN_Buffer_GetUsedBytes(tbuf);
01632   if (l>*pOutLen) {
01633     DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
01634     GWEN_Buffer_free(tbuf);
01635     return GWEN_ERROR_BUFFER_OVERFLOW;
01636   }
01637   memmove(pOutData, GWEN_Buffer_GetStart(tbuf), l);
01638   *pOutLen=l;
01639   GWEN_Buffer_free(tbuf);
01640 
01641   return 0;
01642 }
01643 
01644 
01645 
01646 int GWENHYWFAR_CB
01647 GWEN_Crypt_TokenFile__GenerateKey(GWEN_CRYPT_TOKEN *ct,
01648                                   uint32_t keyId,
01649                                   const GWEN_CRYPT_CRYPTALGO *a,
01650                                   uint32_t gid) {
01651   GWEN_CRYPT_TOKEN_FILE *lct;
01652   GWEN_CRYPT_KEY *pubKey;
01653   GWEN_CRYPT_KEY *secKey;
01654   int rv;
01655   uint32_t keyNum;
01656   GWEN_CRYPT_TOKEN_CONTEXT *ctx;
01657   int i;
01658   uint8_t kbuf[256];
01659   uint32_t klen;
01660   GWEN_CRYPT_TOKEN_KEYINFO *cki;
01661   GWEN_CRYPT_TOKEN_KEYINFO *ki;
01662 
01663   assert(ct);
01664   lct=GWEN_INHERIT_GETDATA(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE, ct);
01665   assert(lct);
01666 
01667   /* reload if needed */
01668   rv=GWEN_Crypt_TokenFile__ReloadIfNeeded(ct, gid);
01669   if (rv) {
01670     DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
01671     return rv;
01672   }
01673 
01674   keyNum=keyId & 0xffff;
01675 
01676   /* check key id */
01677   if (keyNum!=1 && keyNum!=2 && keyNum!=5) {
01678     DBG_INFO(GWEN_LOGDOMAIN, "Can only generate local keys.");
01679     GWEN_Gui_ProgressLog(gid, GWEN_LoggerLevel_Error,
01680                          I18N("Can only generate local keys."));
01681     return GWEN_ERROR_NOT_SUPPORTED;
01682   }
01683 
01684   /* check for algo */
01685   if (GWEN_Crypt_CryptAlgo_GetId(a)!=GWEN_Crypt_CryptAlgoId_Rsa) {
01686     DBG_INFO(GWEN_LOGDOMAIN, "Only RSA keys supported.");
01687     GWEN_Gui_ProgressLog(gid, GWEN_LoggerLevel_Error,
01688                          I18N("Only RSA keys supported."));
01689     return GWEN_ERROR_NOT_SUPPORTED;
01690   }
01691 
01692   /* get context */
01693   i=(keyId>>16);
01694   ctx=GWEN_Crypt_Token_Context_List_First(lct->contextList);
01695   while(ctx) {
01696     if (i==0)
01697       break;
01698     ctx=GWEN_Crypt_Token_Context_List_Next(ctx);
01699     i--;
01700   }
01701 
01702   /* generate key pair */
01703   rv=GWEN_Crypt_KeyRsa_GeneratePair(GWEN_Crypt_CryptAlgo_GetChunkSize(a),
01704                                     (GWEN_Crypt_Token_GetModes(ct) &
01705                                      GWEN_CRYPT_TOKEN_MODE_EXP_65537)?1:0,
01706                                     &pubKey,
01707                                     &secKey);
01708   if (rv) {
01709     DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
01710     GWEN_Gui_ProgressLog(gid, GWEN_LoggerLevel_Error,
01711                          I18N("Could not generate key"));
01712     return rv;
01713   }
01714 
01715   GWEN_Gui_ProgressLog(gid, GWEN_LoggerLevel_Notice,
01716                        I18N("Key generated"));
01717 
01718   /* set key */
01719   if (keyNum==1)
01720     cki=GWEN_CTF_Context_GetLocalSignKeyInfo(ctx);
01721   else if (keyNum==3)
01722     cki=GWEN_CTF_Context_GetLocalCryptKeyInfo(ctx);
01723   else
01724       cki=GWEN_CTF_Context_GetLocalAuthKeyInfo(ctx);
01725   if (cki==NULL) {
01726     GWEN_Gui_ProgressLog(gid, GWEN_LoggerLevel_Error,
01727                          I18N("No key info found"));
01728     return GWEN_ERROR_NO_DATA;
01729   }
01730 
01731   /* update key info for the key */
01732   ki=GWEN_Crypt_Token_KeyInfo_dup(cki);
01733   assert(ki);
01734 
01735   /* get modulus */
01736   klen=sizeof(kbuf);
01737   rv=GWEN_Crypt_KeyRsa_GetModulus(pubKey, kbuf, &klen);
01738   if (rv) {
01739     DBG_INFO(GWEN_LOGDOMAIN, "No modulus for key");
01740     GWEN_Crypt_Token_KeyInfo_free(ki);
01741     GWEN_Crypt_Key_free(pubKey);
01742     return rv;
01743   }
01744   GWEN_Crypt_Token_KeyInfo_SetModulus(ki, kbuf, klen);
01745 
01746   /* get exponent */
01747   klen=sizeof(kbuf);
01748   rv=GWEN_Crypt_KeyRsa_GetExponent(pubKey, kbuf, &klen);
01749   if (rv) {
01750     DBG_INFO(GWEN_LOGDOMAIN, "No exponent for key");
01751     GWEN_Crypt_Token_KeyInfo_free(ki);
01752     GWEN_Crypt_Key_free(pubKey);
01753     return rv;
01754   }
01755   GWEN_Crypt_Token_KeyInfo_SetExponent(ki, kbuf, klen);
01756   GWEN_Crypt_Token_KeyInfo_SetKeyNumber(ki, GWEN_Crypt_Key_GetKeyNumber(pubKey));
01757   GWEN_Crypt_Token_KeyInfo_SetKeyVersion(ki, GWEN_Crypt_Key_GetKeyVersion(pubKey));
01758 
01759   if (keyNum==1) {
01760     if (GWEN_Crypt_Token_GetModes(ct) & GWEN_CRYPT_TOKEN_MODE_DIRECT_SIGN){
01761       DBG_ERROR(0, "Adding mode \"direct sign\" to key");
01762       GWEN_Crypt_KeyRsa_AddFlags(secKey, GWEN_CRYPT_KEYRSA_FLAGS_DIRECTSIGN);
01763     }
01764     GWEN_CTF_Context_SetLocalSignKey(ctx, secKey);
01765     GWEN_CTF_Context_SetLocalSignKeyInfo(ctx, ki);
01766     GWEN_Crypt_Token_KeyInfo_AddFlags(ki,
01767                                       GWEN_CRYPT_TOKEN_KEYFLAGS_HASMODULUS |
01768                                       GWEN_CRYPT_TOKEN_KEYFLAGS_HASEXPONENT |
01769                                       GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYNUMBER |
01770                                       GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYVERSION |
01771                                       GWEN_CRYPT_TOKEN_KEYFLAGS_HASSIGNCOUNTER |
01772                                       GWEN_CRYPT_TOKEN_KEYFLAGS_HASACTIONFLAGS |
01773                                       GWEN_CRYPT_TOKEN_KEYFLAGS_CANVERIFY |
01774                                       GWEN_CRYPT_TOKEN_KEYFLAGS_CANSIGN);
01775   }
01776   else if (keyNum==2) {
01777     GWEN_CTF_Context_SetLocalCryptKey(ctx, secKey);
01778     GWEN_CTF_Context_SetLocalCryptKeyInfo(ctx, ki);
01779     GWEN_Crypt_Token_KeyInfo_AddFlags(ki,
01780                                       GWEN_CRYPT_TOKEN_KEYFLAGS_HASMODULUS |
01781                                       GWEN_CRYPT_TOKEN_KEYFLAGS_HASEXPONENT |
01782                                       GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYNUMBER |
01783                                       GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYVERSION |
01784                                       GWEN_CRYPT_TOKEN_KEYFLAGS_HASSIGNCOUNTER |
01785                                       GWEN_CRYPT_TOKEN_KEYFLAGS_HASACTIONFLAGS |
01786                                       GWEN_CRYPT_TOKEN_KEYFLAGS_CANENCIPHER |
01787                                       GWEN_CRYPT_TOKEN_KEYFLAGS_CANDECIPHER);
01788   }
01789   else {
01790     if (GWEN_Crypt_Token_GetModes(ct) & GWEN_CRYPT_TOKEN_MODE_DIRECT_SIGN){
01791       DBG_ERROR(0, "Adding mode \"direct sign\" to key");
01792       GWEN_Crypt_KeyRsa_AddFlags(secKey, GWEN_CRYPT_KEYRSA_FLAGS_DIRECTSIGN);
01793     }
01794     GWEN_CTF_Context_SetLocalAuthKey(ctx, secKey);
01795     GWEN_CTF_Context_SetLocalAuthKeyInfo(ctx, ki);
01796     GWEN_Crypt_Token_KeyInfo_AddFlags(ki,
01797                                       GWEN_CRYPT_TOKEN_KEYFLAGS_HASMODULUS |
01798                                       GWEN_CRYPT_TOKEN_KEYFLAGS_HASEXPONENT |
01799                                       GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYNUMBER |
01800                                       GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYVERSION |
01801                                       GWEN_CRYPT_TOKEN_KEYFLAGS_HASSIGNCOUNTER |
01802                                       GWEN_CRYPT_TOKEN_KEYFLAGS_HASACTIONFLAGS |
01803                                       GWEN_CRYPT_TOKEN_KEYFLAGS_CANVERIFY |
01804                                       GWEN_CRYPT_TOKEN_KEYFLAGS_CANSIGN);
01805   }
01806 
01807   /* the public key is not used */
01808   GWEN_Crypt_Key_free(pubKey);
01809 
01810   rv=GWEN_Crypt_TokenFile__WriteFile(ct, 0, gid);
01811   if (rv) {
01812     DBG_INFO(GWEN_LOGDOMAIN, "Unable to write file");
01813     GWEN_Gui_ProgressLog(gid, GWEN_LoggerLevel_Error,
01814                          I18N("Unable to write key file"));
01815     return rv;
01816   }
01817 
01818   GWEN_Gui_ProgressLog(gid, GWEN_LoggerLevel_Notice,
01819                        I18N("Key generated and set"));
01820 
01821   return 0;
01822 }
01823 
01824 
01825 
01826 
01827 
01828 
01829 GWENHYWFAR_CB
01830 void GWEN_Crypt_TokenFile_freeData(void *bp, void *p) {
01831   GWEN_CRYPT_TOKEN_FILE *lct;
01832 
01833   lct=(GWEN_CRYPT_TOKEN_FILE*) p;
01834   GWEN_Crypt_Token_Context_List_free(lct->contextList);
01835 
01836   GWEN_FREE_OBJECT(lct);
01837 }
01838 
01839 
01840 
01841 GWEN_CRYPT_TOKEN *GWEN_Crypt_TokenFile_new(const char *typeName,
01842                                            const char *tokenName) {
01843   GWEN_CRYPT_TOKEN *ct;
01844   GWEN_CRYPT_TOKEN_FILE *lct;
01845 
01846   ct=GWEN_Crypt_Token_new(GWEN_Crypt_Token_Device_File, typeName, tokenName);
01847   assert(ct);
01848 
01849   GWEN_NEW_OBJECT(GWEN_CRYPT_TOKEN_FILE, lct);
01850   lct->contextList=GWEN_Crypt_Token_Context_List_new();
01851   GWEN_INHERIT_SETDATA(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE, ct, lct,
01852                        GWEN_Crypt_TokenFile_freeData);
01853   GWEN_Crypt_Token_SetOpenFn(ct, GWEN_Crypt_TokenFile_Open);
01854   GWEN_Crypt_Token_SetCreateFn(ct, GWEN_Crypt_TokenFile_Create);
01855   GWEN_Crypt_Token_SetCloseFn(ct, GWEN_Crypt_TokenFile_Close);
01856   GWEN_Crypt_Token_SetGetKeyIdListFn(ct, GWEN_Crypt_TokenFile__GetKeyIdList);
01857   GWEN_Crypt_Token_SetGetKeyInfoFn(ct, GWEN_Crypt_TokenFile__GetKeyInfo);
01858   GWEN_Crypt_Token_SetSetKeyInfoFn(ct, GWEN_Crypt_TokenFile__SetKeyInfo);
01859   GWEN_Crypt_Token_SetGetContextIdListFn(ct, GWEN_Crypt_TokenFile__GetContextIdList);
01860   GWEN_Crypt_Token_SetGetContextFn(ct, GWEN_Crypt_TokenFile__GetContext);
01861   GWEN_Crypt_Token_SetSetContextFn(ct, GWEN_Crypt_TokenFile__SetContext);
01862   GWEN_Crypt_Token_SetSignFn(ct, GWEN_Crypt_TokenFile__Sign);
01863   GWEN_Crypt_Token_SetVerifyFn(ct, GWEN_Crypt_TokenFile__Verify);
01864   GWEN_Crypt_Token_SetEncipherFn(ct, GWEN_Crypt_TokenFile__Encipher);
01865   GWEN_Crypt_Token_SetDecipherFn(ct, GWEN_Crypt_TokenFile__Decipher);
01866   GWEN_Crypt_Token_SetGenerateKeyFn(ct, GWEN_Crypt_TokenFile__GenerateKey);
01867 
01868   return ct;
01869 }
01870 
01871 
01872 
01873 
01874 

Generated on Wed Jul 9 13:12:27 2008 for gwenhywfar by  doxygen 1.5.6