00001
00002
00003
00004
00005
00006
00007
00008
00009
00010 #ifdef HAVE_CONFIG_H
00011 # include <config.h>
00012 #endif
00013
00014 #define DISABLE_DEBUGLOG
00015
00016
00017 #include "ctfile_p.h"
00018 #include "i18n_l.h"
00019 #include <gwenhywfar/ctf_context_be.h>
00020 #include <gwenhywfar/misc.h>
00021 #include <gwenhywfar/debug.h>
00022 #include <gwenhywfar/padd.h>
00023 #include <gwenhywfar/cryptkeyrsa.h>
00024 #include <gwenhywfar/text.h>
00025
00026 #include <sys/types.h>
00027 #include <sys/stat.h>
00028 #include <fcntl.h>
00029 #include <string.h>
00030 #include <errno.h>
00031 #include <stdlib.h>
00032 #include <unistd.h>
00033
00034
00035
00036 GWEN_INHERIT(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE)
00037
00038
00039
00040
00041
00042 int GWEN_Crypt_TokenFile__OpenFile(GWEN_CRYPT_TOKEN *ct, int wr, uint32_t gid){
00043 int fd;
00044 GWEN_CRYPT_TOKEN_FILE *lct;
00045 GWEN_FSLOCK_RESULT lres;
00046 const char *fname;
00047
00048 assert(ct);
00049 lct=GWEN_INHERIT_GETDATA(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE, ct);
00050 assert(lct);
00051
00052 fname = GWEN_Crypt_Token_GetTokenName(ct);
00053 if (!fname) {
00054 DBG_ERROR(GWEN_LOGDOMAIN, "No name of the crypt token set - maybe you need to set the key file as token name? Cannot lock token.");
00055 return GWEN_ERROR_IO;
00056 }
00057
00058 lct->lock=GWEN_FSLock_new(fname,
00059 GWEN_FSLock_TypeFile);
00060 lres=GWEN_FSLock_Lock(lct->lock, 10000, gid);
00061 if (lres!=GWEN_FSLock_ResultOk) {
00062 GWEN_FSLock_free(lct->lock);
00063 lct->lock=0;
00064 DBG_ERROR(GWEN_LOGDOMAIN, "Could not lock file");
00065 if (lres==GWEN_FSLock_ResultUserAbort)
00066 return GWEN_ERROR_USER_ABORTED;
00067 else
00068 return GWEN_ERROR_IO;
00069 }
00070 else {
00071 DBG_INFO(GWEN_LOGDOMAIN,
00072 "Keyfile [%s] locked.",
00073 GWEN_Crypt_Token_GetTokenName(ct));
00074 }
00075
00076 if (wr) {
00077
00078 fd=open(GWEN_Crypt_Token_GetTokenName(ct),
00079 O_RDWR|O_CREAT
00080 #ifdef OS_WIN32
00081 | O_BINARY
00082 #endif
00083 ,
00084 S_IRUSR|S_IWUSR | lct->keyfile_mode);
00085 }
00086 else {
00087
00088 struct stat statbuffer;
00089 if (!stat(GWEN_Crypt_Token_GetTokenName(ct), &statbuffer)) {
00090
00091
00092 lct->keyfile_mode =
00093 statbuffer.st_mode & (S_IRWXU
00094 #ifndef OS_WIN32
00095 | S_IRWXG | S_IRWXO
00096 #endif
00097 );
00098 }
00099 else {
00100 DBG_ERROR(GWEN_LOGDOMAIN,
00101 "stat(%s): %s",
00102 GWEN_Crypt_Token_GetTokenName(ct),
00103 strerror(errno));
00104
00105 GWEN_FSLock_Unlock(lct->lock);
00106 GWEN_FSLock_free(lct->lock);
00107 lct->lock=0;
00108 DBG_INFO(GWEN_LOGDOMAIN,
00109 "Keyfile [%s] unlocked.",
00110 GWEN_Crypt_Token_GetTokenName(ct));
00111 return GWEN_ERROR_IO;
00112 }
00113
00114
00115 fd=open(GWEN_Crypt_Token_GetTokenName(ct),
00116 O_RDONLY
00117 #ifdef OS_WIN32
00118 | O_BINARY
00119 #endif
00120 );
00121 }
00122
00123 if (fd==-1) {
00124 DBG_ERROR(GWEN_LOGDOMAIN,
00125 "open(%s): %s",
00126 GWEN_Crypt_Token_GetTokenName(ct),
00127 strerror(errno));
00128 GWEN_FSLock_Unlock(lct->lock);
00129 GWEN_FSLock_free(lct->lock);
00130 lct->lock=0;
00131 DBG_INFO(GWEN_LOGDOMAIN,
00132 "Keyfile [%s] unlocked.",
00133 GWEN_Crypt_Token_GetTokenName(ct));
00134 return GWEN_ERROR_IO;
00135 }
00136
00137 lct->fd=fd;
00138
00139 return 0;
00140 }
00141
00142
00143
00144 int GWEN_Crypt_TokenFile__CloseFile(GWEN_CRYPT_TOKEN *ct, uint32_t gid){
00145 GWEN_CRYPT_TOKEN_FILE *lct;
00146 GWEN_FSLOCK_RESULT lres;
00147 struct stat st;
00148
00149 assert(ct);
00150 lct=GWEN_INHERIT_GETDATA(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE, ct);
00151 assert(lct);
00152
00153 if (lct->fd==-1) {
00154 DBG_ERROR(GWEN_LOGDOMAIN, "Keyfile \"%s\"not open",
00155 GWEN_Crypt_Token_GetTokenName(ct));
00156 return GWEN_ERROR_INTERNAL;
00157 }
00158
00159 if (close(lct->fd)) {
00160 DBG_ERROR(GWEN_LOGDOMAIN, "close(%s): %s",
00161 GWEN_Crypt_Token_GetTokenName(ct), strerror(errno));
00162 lct->fd=-1;
00163 GWEN_FSLock_Unlock(lct->lock);
00164 GWEN_FSLock_free(lct->lock);
00165 lct->lock=0;
00166 DBG_INFO(GWEN_LOGDOMAIN,
00167 "Keyfile [%s] unlocked.",
00168 GWEN_Crypt_Token_GetTokenName(ct));
00169 return GWEN_ERROR_IO;
00170 }
00171 lct->fd=-1;
00172
00173 lres=GWEN_FSLock_Unlock(lct->lock);
00174 if (lres!=GWEN_FSLock_ResultOk) {
00175 DBG_WARN(GWEN_LOGDOMAIN, "Error removing lock from \"%s\": %d",
00176 GWEN_Crypt_Token_GetTokenName(ct), lres);
00177 }
00178 GWEN_FSLock_free(lct->lock);
00179 lct->lock=0;
00180 DBG_INFO(GWEN_LOGDOMAIN,
00181 "Keyfile [%s] unlocked.",
00182 GWEN_Crypt_Token_GetTokenName(ct));
00183
00184
00185 if (stat(GWEN_Crypt_Token_GetTokenName(ct), &st)) {
00186 DBG_ERROR(GWEN_LOGDOMAIN,
00187 "stat(%s): %s",
00188 GWEN_Crypt_Token_GetTokenName(ct),
00189 strerror(errno));
00190 return GWEN_ERROR_IO;
00191 }
00192
00193 #ifndef OS_WIN32
00194 if (st.st_mode & 0007) {
00195 DBG_WARN(GWEN_LOGDOMAIN,
00196 "WARNING: Your keyfile \"%s\" is world accessible!\n"
00197 "Nobody but you should have access to the file. You \n"
00198 "should probably change this with \"chmod 600 %s\"",
00199 GWEN_Crypt_Token_GetTokenName(ct),
00200 GWEN_Crypt_Token_GetTokenName(ct));
00201 GWEN_Gui_ProgressLog(gid, GWEN_LoggerLevel_Warning,
00202 "WARNING: Your keyfile is world accessible!\n"
00203 "Nobody but you should have access to the file.");
00204 }
00205 #endif
00206 lct->mtime=st.st_mtime;
00207 lct->ctime=st.st_ctime;
00208
00209 return 0;
00210 }
00211
00212
00213
00214 int GWEN_Crypt_TokenFile__Read(GWEN_CRYPT_TOKEN *ct, uint32_t gid){
00215 GWEN_CRYPT_TOKEN_FILE *lct;
00216
00217 assert(ct);
00218 lct=GWEN_INHERIT_GETDATA(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE, ct);
00219 assert(lct);
00220
00221 assert(lct->readFn);
00222 if (lseek(lct->fd, 0, SEEK_SET)==-1) {
00223 DBG_ERROR(GWEN_LOGDOMAIN, "lseek(%s): %s",
00224 GWEN_Crypt_Token_GetTokenName(ct),
00225 strerror(errno));
00226 return GWEN_ERROR_IO;
00227 }
00228 return lct->readFn(ct, lct->fd, gid);
00229 }
00230
00231
00232
00233 int GWEN_Crypt_TokenFile__Write(GWEN_CRYPT_TOKEN *ct, int cr, uint32_t gid){
00234 GWEN_CRYPT_TOKEN_FILE *lct;
00235
00236 assert(ct);
00237 lct=GWEN_INHERIT_GETDATA(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE, ct);
00238 assert(lct);
00239
00240 if (lct->writeFn==0) {
00241 DBG_WARN(GWEN_LOGDOMAIN,
00242 "No write function in crypt token type \"%s\"",
00243 GWEN_Crypt_Token_GetTypeName(ct));
00244 return GWEN_ERROR_NOT_SUPPORTED;
00245 }
00246
00247 if (lseek(lct->fd, 0, SEEK_SET)==-1) {
00248 DBG_ERROR(GWEN_LOGDOMAIN, "lseek(%s): %s",
00249 GWEN_Crypt_Token_GetTokenName(ct),
00250 strerror(errno));
00251 return GWEN_ERROR_IO;
00252 }
00253 return lct->writeFn(ct, lct->fd, cr, gid);
00254 }
00255
00256
00257
00258 int GWEN_Crypt_TokenFile__ReadFile(GWEN_CRYPT_TOKEN *ct, uint32_t gid){
00259 GWEN_CRYPT_TOKEN_FILE *lct;
00260 int rv;
00261
00262 assert(ct);
00263 lct=GWEN_INHERIT_GETDATA(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE, ct);
00264 assert(lct);
00265
00266
00267 GWEN_Crypt_Token_Context_List_Clear(lct->contextList);
00268
00269
00270 rv=GWEN_Crypt_TokenFile__OpenFile(ct, 0, gid);
00271 if (rv) {
00272 DBG_INFO(GWEN_LOGDOMAIN,
00273 "Could not open keyfile for reading (%d)", rv);
00274 return rv;
00275 }
00276
00277
00278 rv=GWEN_Crypt_TokenFile__Read(ct, gid);
00279 if (rv) {
00280 DBG_INFO(GWEN_LOGDOMAIN, "Error reading keyfile");
00281 GWEN_Crypt_TokenFile__CloseFile(ct, gid);
00282 return rv;
00283 }
00284
00285
00286 rv=GWEN_Crypt_TokenFile__CloseFile(ct, gid);
00287 if (rv) {
00288 DBG_INFO(GWEN_LOGDOMAIN, "Could not close keyfile");
00289 return rv;
00290 }
00291
00292 return 0;
00293 }
00294
00295
00296
00297 int GWEN_Crypt_TokenFile__WriteFile(GWEN_CRYPT_TOKEN *ct, int cr, uint32_t gid){
00298 GWEN_CRYPT_TOKEN_FILE *lct;
00299 int rv;
00300
00301 assert(ct);
00302 lct=GWEN_INHERIT_GETDATA(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE, ct);
00303 assert(lct);
00304
00305
00306 rv=GWEN_Crypt_TokenFile__OpenFile(ct, 1, gid);
00307 if (rv) {
00308 DBG_INFO(GWEN_LOGDOMAIN,
00309 "Could not open keyfile for writing (%d)", rv);
00310 return rv;
00311 }
00312
00313
00314 rv=GWEN_Crypt_TokenFile__Write(ct, cr, gid);
00315 if (rv) {
00316 DBG_INFO(GWEN_LOGDOMAIN, "Error writing keyfile");
00317 GWEN_Crypt_TokenFile__CloseFile(ct, gid);
00318 return rv;
00319 }
00320
00321
00322 rv=GWEN_Crypt_TokenFile__CloseFile(ct, gid);
00323 if (rv) {
00324 DBG_INFO(GWEN_LOGDOMAIN, "Could not close keyfile");
00325 return rv;
00326 }
00327
00328 return 0;
00329 }
00330
00331
00332
00333 int GWEN_Crypt_TokenFile__ReloadIfNeeded(GWEN_CRYPT_TOKEN *ct, uint32_t gid){
00334 GWEN_CRYPT_TOKEN_FILE *lct;
00335 struct stat st;
00336
00337 assert(ct);
00338 lct=GWEN_INHERIT_GETDATA(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE, ct);
00339 assert(lct);
00340
00341 if (stat(GWEN_Crypt_Token_GetTokenName(ct), &st)) {
00342 DBG_ERROR(GWEN_LOGDOMAIN,
00343 "stat(%s): %s",
00344 GWEN_Crypt_Token_GetTokenName(ct),
00345 strerror(errno));
00346 return -1;
00347 }
00348 if (lct->mtime!=st.st_mtime ||
00349 lct->ctime!=st.st_ctime) {
00350 int rv;
00351
00352
00353 DBG_NOTICE(GWEN_LOGDOMAIN,
00354 "Keyfile changed externally, reloading it");
00355
00356 rv=GWEN_Crypt_TokenFile__ReadFile(ct, gid);
00357 if (rv) {
00358 DBG_WARN(GWEN_LOGDOMAIN, "Error reloading keyfile");
00359 return rv;
00360 }
00361 }
00362 else {
00363 DBG_NOTICE(GWEN_LOGDOMAIN, "Keyfile unchanged, not reloading");
00364 }
00365 return 0;
00366 }
00367
00368
00369
00370 void GWEN_Crypt_TokenFile_AddContext(GWEN_CRYPT_TOKEN *ct, GWEN_CRYPT_TOKEN_CONTEXT *ctx) {
00371 GWEN_CRYPT_TOKEN_FILE *lct;
00372
00373 assert(ct);
00374 lct=GWEN_INHERIT_GETDATA(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE, ct);
00375 assert(lct);
00376
00377
00378 assert(GWEN_CTF_Context_IsOfThisType(ctx));
00379 GWEN_Crypt_Token_Context_List_Add(ctx, lct->contextList);
00380 }
00381
00382
00383
00384 GWEN_CRYPT_TOKEN_CONTEXT *GWEN_Crypt_TokenFile_GetContext(GWEN_CRYPT_TOKEN *ct, int idx) {
00385 GWEN_CRYPT_TOKEN_FILE *lct;
00386 GWEN_CRYPT_TOKEN_CONTEXT *ctx;
00387
00388 assert(ct);
00389 lct=GWEN_INHERIT_GETDATA(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE, ct);
00390 assert(lct);
00391
00392 ctx=GWEN_Crypt_Token_Context_List_First(lct->contextList);
00393 while(ctx) {
00394 if (idx==0)
00395 return ctx;
00396 ctx=GWEN_Crypt_Token_Context_List_Next(ctx);
00397 idx--;
00398 }
00399
00400 return NULL;
00401 }
00402
00403
00404
00405 GWEN_CRYPT_TOKEN_FILE_READ_FN GWEN_Crypt_TokenFile_SetReadFn(GWEN_CRYPT_TOKEN *ct,
00406 GWEN_CRYPT_TOKEN_FILE_READ_FN f) {
00407 GWEN_CRYPT_TOKEN_FILE *lct;
00408 GWEN_CRYPT_TOKEN_FILE_READ_FN of;
00409
00410 assert(ct);
00411 lct=GWEN_INHERIT_GETDATA(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE, ct);
00412 assert(lct);
00413
00414 of=lct->readFn;
00415 lct->readFn=f;
00416
00417 return of;
00418 }
00419
00420
00421
00422 GWEN_CRYPT_TOKEN_FILE_WRITE_FN GWEN_Crypt_TokenFile_SetWriteFn(GWEN_CRYPT_TOKEN *ct,
00423 GWEN_CRYPT_TOKEN_FILE_WRITE_FN f) {
00424 GWEN_CRYPT_TOKEN_FILE *lct;
00425 GWEN_CRYPT_TOKEN_FILE_WRITE_FN of;
00426
00427 assert(ct);
00428 lct=GWEN_INHERIT_GETDATA(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE, ct);
00429 assert(lct);
00430
00431 of=lct->writeFn;
00432 lct->writeFn=f;
00433
00434 return of;
00435 }
00436
00437
00438
00439 int GWENHYWFAR_CB GWEN_Crypt_TokenFile_Create(GWEN_CRYPT_TOKEN *ct, uint32_t gid){
00440 GWEN_CRYPT_TOKEN_FILE *lct;
00441 struct stat st;
00442 int fd;
00443 int rv;
00444
00445 assert(ct);
00446 lct=GWEN_INHERIT_GETDATA(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE, ct);
00447 assert(lct);
00448
00449 if (!GWEN_Crypt_Token_GetTokenName(ct)) {
00450 DBG_ERROR(GWEN_LOGDOMAIN, "No medium name given");
00451 return GWEN_ERROR_INVALID;
00452 }
00453
00454 if (stat(GWEN_Crypt_Token_GetTokenName(ct), &st)) {
00455 if (errno!=ENOENT) {
00456 DBG_ERROR(GWEN_LOGDOMAIN,
00457 "stat(%s): %s",
00458 GWEN_Crypt_Token_GetTokenName(ct),
00459 strerror(errno));
00460 return GWEN_ERROR_IO;
00461 }
00462 }
00463 else {
00464 DBG_ERROR(GWEN_LOGDOMAIN,
00465 "Keyfile \"%s\" already exists, will not create it",
00466 GWEN_Crypt_Token_GetTokenName(ct));
00467 return GWEN_ERROR_INVALID;
00468 }
00469
00470
00471
00472 fd=open(GWEN_Crypt_Token_GetTokenName(ct),
00473 O_RDWR | O_CREAT | O_EXCL
00474 #ifdef OS_WIN32
00475 | O_BINARY
00476 #endif
00477 ,
00478 S_IRUSR|S_IWUSR);
00479
00480
00481 if (fd==-1) {
00482 DBG_ERROR(GWEN_LOGDOMAIN,
00483 "open(%s): %s",
00484 GWEN_Crypt_Token_GetTokenName(ct),
00485 strerror(errno));
00486 return GWEN_ERROR_IO;
00487 }
00488
00489 close(fd);
00490
00491 rv=GWEN_Crypt_TokenFile__WriteFile(ct, 1, gid);
00492 if (rv) {
00493 DBG_INFO(GWEN_LOGDOMAIN, "here");
00494 return rv;
00495 }
00496
00497 return 0;
00498 }
00499
00500
00501
00502 int GWENHYWFAR_CB GWEN_Crypt_TokenFile_Open(GWEN_CRYPT_TOKEN *ct, GWEN_UNUSED int admin, uint32_t gid){
00503 GWEN_CRYPT_TOKEN_FILE *lct;
00504 int rv;
00505
00506 assert(ct);
00507 lct=GWEN_INHERIT_GETDATA(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE, ct);
00508 assert(lct);
00509
00510 rv=GWEN_Crypt_TokenFile__ReadFile(ct, gid);
00511 if (rv) {
00512 DBG_INFO(GWEN_LOGDOMAIN, "here");
00513 return rv;
00514 }
00515
00516 return 0;
00517 }
00518
00519
00520
00521 int GWENHYWFAR_CB GWEN_Crypt_TokenFile_Close(GWEN_CRYPT_TOKEN *ct, int abandon, uint32_t gid){
00522 GWEN_CRYPT_TOKEN_FILE *lct;
00523 int rv;
00524
00525 assert(ct);
00526 lct=GWEN_INHERIT_GETDATA(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE, ct);
00527 assert(lct);
00528
00529 if (!abandon)
00530 rv=GWEN_Crypt_TokenFile__WriteFile(ct, 0, gid);
00531 else
00532 rv=0;
00533
00534
00535 GWEN_Crypt_Token_Context_List_Clear(lct->contextList);
00536 lct->mtime=0;
00537 lct->ctime=0;
00538
00539 return rv;
00540 }
00541
00542
00543
00544
00545 int GWENHYWFAR_CB GWEN_Crypt_TokenFile__GetKeyIdList(GWEN_CRYPT_TOKEN *ct,
00546 uint32_t *pIdList,
00547 uint32_t *pCount,
00548 uint32_t gid) {
00549 GWEN_CRYPT_TOKEN_FILE *lct;
00550 GWEN_CRYPT_TOKEN_CONTEXT *ctx;
00551 int i;
00552 int rv;
00553
00554 assert(ct);
00555 lct=GWEN_INHERIT_GETDATA(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE, ct);
00556 assert(lct);
00557
00558
00559 rv=GWEN_Crypt_TokenFile__ReloadIfNeeded(ct, gid);
00560 if (rv) {
00561 DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
00562 return rv;
00563 }
00564
00565
00566 i=0;
00567 ctx=GWEN_Crypt_Token_Context_List_First(lct->contextList);
00568 while(ctx) {
00569 i+=GWEN_CRYPT_TOKEN_CONTEXT_KEYS;
00570 ctx=GWEN_Crypt_Token_Context_List_Next(ctx);
00571 }
00572
00573
00574 if (pIdList==NULL) {
00575 *pCount=i;
00576 return 0;
00577 }
00578
00579 if (*pCount<i) {
00580 DBG_INFO(GWEN_LOGDOMAIN, "Buffer too small");
00581 return GWEN_ERROR_BUFFER_OVERFLOW;
00582 }
00583
00584 *pCount=i;
00585 i=0;
00586 ctx=GWEN_Crypt_Token_Context_List_First(lct->contextList);
00587 while(ctx) {
00588 int j;
00589
00590 for (j=1; j<=GWEN_CRYPT_TOKEN_CONTEXT_KEYS; j++)
00591 *(pIdList++)=(i<<16)+j;
00592
00593 ctx=GWEN_Crypt_Token_Context_List_Next(ctx);
00594 i++;
00595 }
00596
00597 return 0;
00598 }
00599
00600
00601
00602 const GWEN_CRYPT_TOKEN_KEYINFO* GWENHYWFAR_CB
00603 GWEN_Crypt_TokenFile__GetKeyInfo(GWEN_CRYPT_TOKEN *ct,
00604 uint32_t id,
00605 uint32_t flags,
00606 uint32_t gid) {
00607 GWEN_CRYPT_TOKEN_FILE *lct;
00608 GWEN_CRYPT_TOKEN_CONTEXT *ctx;
00609 GWEN_CRYPT_TOKEN_KEYINFO *ki;
00610 int i;
00611 int rv;
00612
00613 assert(ct);
00614 lct=GWEN_INHERIT_GETDATA(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE, ct);
00615 assert(lct);
00616
00617
00618 rv=GWEN_Crypt_TokenFile__ReloadIfNeeded(ct, gid);
00619 if (rv) {
00620 DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
00621 return NULL;
00622 }
00623
00624 i=id>>16;
00625 ctx=GWEN_Crypt_Token_Context_List_First(lct->contextList);
00626 while(ctx) {
00627 if (i==0)
00628 break;
00629 ctx=GWEN_Crypt_Token_Context_List_Next(ctx);
00630 i--;
00631 }
00632
00633 if (ctx==NULL) {
00634 DBG_INFO(GWEN_LOGDOMAIN, "No key by id [%x] known (context out of range)", id);
00635 return NULL;
00636 }
00637
00638 switch(id & 0xffff) {
00639 case 1: ki=GWEN_CTF_Context_GetLocalSignKeyInfo(ctx); break;
00640 case 2: ki=GWEN_CTF_Context_GetLocalCryptKeyInfo(ctx); break;
00641 case 3: ki=GWEN_CTF_Context_GetRemoteSignKeyInfo(ctx); break;
00642 case 4: ki=GWEN_CTF_Context_GetRemoteCryptKeyInfo(ctx); break;
00643 case 5: ki=GWEN_CTF_Context_GetLocalAuthKeyInfo(ctx); break;
00644 case 6: ki=GWEN_CTF_Context_GetRemoteAuthKeyInfo(ctx); break;
00645 case 7: ki=GWEN_CTF_Context_GetTempLocalSignKeyInfo(ctx); break;
00646 default:
00647 DBG_INFO(GWEN_LOGDOMAIN, "No key by id [%x] known (key id out of range)", id);
00648 return NULL;
00649 }
00650
00651 if (ki==NULL) {
00652 DBG_INFO(GWEN_LOGDOMAIN, "No key info stored for key %d", id);
00653 return NULL;
00654 }
00655
00656 return ki;
00657 }
00658
00659
00660
00661 #if 0
00662 int GWENHYWFAR_CB
00663 GWEN_Crypt_TokenFile__SetKeyInfo(GWEN_CRYPT_TOKEN *ct,
00664 uint32_t id,
00665 const GWEN_CRYPT_TOKEN_KEYINFO *ki,
00666 uint32_t gid) {
00667 GWEN_CRYPT_TOKEN_FILE *lct;
00668 GWEN_CRYPT_TOKEN_CONTEXT *ctx;
00669 int i;
00670 int rv;
00671 GWEN_CRYPT_TOKEN_KEYINFO *nki;
00672 GWEN_CRYPT_KEY *key;
00673 uint32_t flags;
00674
00675 assert(ct);
00676 lct=GWEN_INHERIT_GETDATA(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE, ct);
00677 assert(lct);
00678
00679 flags=GWEN_Crypt_Token_KeyInfo_GetFlags(ki);
00680
00681
00682 rv=GWEN_Crypt_TokenFile__ReloadIfNeeded(ct, gid);
00683 if (rv) {
00684 DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
00685 return rv;
00686 }
00687
00688 i=id>>16;
00689 ctx=GWEN_Crypt_Token_Context_List_First(lct->contextList);
00690 while(ctx) {
00691 if (i==0)
00692 break;
00693 ctx=GWEN_Crypt_Token_Context_List_Next(ctx);
00694 i--;
00695 }
00696
00697 if (ctx==NULL) {
00698 DBG_INFO(GWEN_LOGDOMAIN, "No key by id [%x] known (context out of range)", id);
00699 return GWEN_ERROR_NOT_FOUND;
00700 }
00701
00702 nki=GWEN_Crypt_Token_KeyInfo_dup(ki);
00703 assert(nki);
00704 switch(id & 0xffff) {
00705 case 1:
00706 GWEN_CTF_Context_SetLocalSignKeyInfo(ctx, nki);
00707 key=GWEN_CTF_Context_GetLocalSignKey(ctx);
00708 break;
00709 case 2:
00710 GWEN_CTF_Context_SetLocalCryptKeyInfo(ctx, nki);
00711 key=GWEN_CTF_Context_GetLocalCryptKey(ctx);
00712 break;
00713 case 3:
00714 GWEN_CTF_Context_SetRemoteSignKeyInfo(ctx, nki);
00715 key=GWEN_CTF_Context_GetRemoteSignKey(ctx);
00716 break;
00717 case 4:
00718 GWEN_CTF_Context_SetRemoteCryptKeyInfo(ctx, nki);
00719 key=GWEN_CTF_Context_GetRemoteCryptKey(ctx);
00720 break;
00721 case 5:
00722 GWEN_CTF_Context_SetLocalAuthKeyInfo(ctx, nki);
00723 key=GWEN_CTF_Context_GetLocalAuthKey(ctx);
00724 break;
00725 case 6:
00726 GWEN_CTF_Context_SetRemoteAuthKeyInfo(ctx, nki);
00727 key=GWEN_CTF_Context_GetRemoteAuthKey(ctx);
00728 break;
00729 default:
00730 DBG_INFO(GWEN_LOGDOMAIN, "No key by id [%x] known (key id out of range)", id);
00731 GWEN_Crypt_Token_KeyInfo_free(nki);
00732 return GWEN_ERROR_NOT_FOUND;
00733 }
00734
00735
00736 if ((flags & GWEN_CRYPT_TOKEN_KEYFLAGS_HASMODULUS) &&
00737 (flags & GWEN_CRYPT_TOKEN_KEYFLAGS_HASEXPONENT) &&
00738 id!=1 &&
00739 id!=2 &&
00740 id!=5) {
00741 GWEN_CRYPT_KEY *nkey;
00742
00743 nkey=GWEN_Crypt_KeyRsa_fromModExp(GWEN_Crypt_Token_KeyInfo_GetKeySize(ki),
00744 GWEN_Crypt_Token_KeyInfo_GetModulusData(ki),
00745 GWEN_Crypt_Token_KeyInfo_GetModulusLen(ki),
00746 GWEN_Crypt_Token_KeyInfo_GetExponentData(ki),
00747 GWEN_Crypt_Token_KeyInfo_GetExponentLen(ki));
00748 assert(nkey);
00749
00750 if (flags & GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYNUMBER)
00751 GWEN_Crypt_Key_SetKeyNumber(nkey, GWEN_Crypt_Token_KeyInfo_GetKeyNumber(ki));
00752 if (flags & GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYVERSION)
00753 GWEN_Crypt_Key_SetKeyVersion(nkey, GWEN_Crypt_Token_KeyInfo_GetKeyVersion(ki));
00754
00755
00756 switch(id & 0xffff) {
00757 case 3:
00758 GWEN_CTF_Context_SetRemoteSignKey(ctx, nkey);
00759 break;
00760 case 4:
00761 GWEN_CTF_Context_SetRemoteCryptKey(ctx, nkey);
00762 break;
00763 case 6:
00764 GWEN_CTF_Context_SetRemoteAuthKey(ctx, nkey);
00765 break;
00766 default:
00767 DBG_ERROR(GWEN_LOGDOMAIN,
00768 "Can't set modulus and exponent for private key");
00769 GWEN_Crypt_Key_free(nkey);
00770 return GWEN_ERROR_INVALID;
00771 }
00772 GWEN_Gui_ProgressLog(gid, GWEN_LoggerLevel_Notice,
00773 I18N("Public key replaced"));
00774 }
00775 else {
00776 if (key) {
00777 if (flags & GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYNUMBER)
00778 GWEN_Crypt_Key_SetKeyNumber(key, GWEN_Crypt_Token_KeyInfo_GetKeyNumber(ki));
00779 if (flags & GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYVERSION)
00780 GWEN_Crypt_Key_SetKeyVersion(key, GWEN_Crypt_Token_KeyInfo_GetKeyVersion(ki));
00781 }
00782 }
00783
00784 rv=GWEN_Crypt_TokenFile__WriteFile(ct, 0, gid);
00785 if (rv) {
00786 DBG_INFO(GWEN_LOGDOMAIN, "Unable to write file");
00787 GWEN_Gui_ProgressLog(gid, GWEN_LoggerLevel_Error,
00788 I18N("Unable to write key file"));
00789 return rv;
00790 }
00791
00792 GWEN_Gui_ProgressLog(gid, GWEN_LoggerLevel_Notice,
00793 I18N("Key file saved"));
00794
00795 return 0;
00796 }
00797 #endif
00798
00799
00800 int GWENHYWFAR_CB
00801 GWEN_Crypt_TokenFile__SetKeyInfo(GWEN_CRYPT_TOKEN *ct,
00802 uint32_t id,
00803 const GWEN_CRYPT_TOKEN_KEYINFO *ski,
00804 uint32_t gid) {
00805 GWEN_CRYPT_TOKEN_FILE *lct;
00806 GWEN_CRYPT_TOKEN_CONTEXT *ctx;
00807 int i;
00808 int rv;
00809 GWEN_CRYPT_TOKEN_KEYINFO *ki;
00810 GWEN_CRYPT_KEY *key;
00811 uint32_t flags;
00812 uint32_t nflags;
00813
00814 assert(ct);
00815 lct=GWEN_INHERIT_GETDATA(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE, ct);
00816 assert(lct);
00817
00818 flags=GWEN_Crypt_Token_KeyInfo_GetFlags(ski);
00819
00820
00821 rv=GWEN_Crypt_TokenFile__ReloadIfNeeded(ct, gid);
00822 if (rv) {
00823 DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
00824 return rv;
00825 }
00826
00827 i=id>>16;
00828 ctx=GWEN_Crypt_Token_Context_List_First(lct->contextList);
00829 while(ctx) {
00830 if (i==0)
00831 break;
00832 ctx=GWEN_Crypt_Token_Context_List_Next(ctx);
00833 i--;
00834 }
00835
00836 if (ctx==NULL) {
00837 DBG_INFO(GWEN_LOGDOMAIN, "No key by id [%x] known (context out of range)", id);
00838 return GWEN_ERROR_NOT_FOUND;
00839 }
00840
00841 switch(id & 0xffff) {
00842 case 1:
00843 ki=GWEN_CTF_Context_GetLocalSignKeyInfo(ctx);
00844 key=GWEN_CTF_Context_GetLocalSignKey(ctx);
00845 break;
00846 case 2:
00847 ki=GWEN_CTF_Context_GetLocalCryptKeyInfo(ctx);
00848 key=GWEN_CTF_Context_GetLocalCryptKey(ctx);
00849 break;
00850 case 3:
00851 ki=GWEN_CTF_Context_GetRemoteSignKeyInfo(ctx);
00852 key=GWEN_CTF_Context_GetRemoteSignKey(ctx);
00853 break;
00854 case 4:
00855 ki=GWEN_CTF_Context_GetRemoteCryptKeyInfo(ctx);
00856 key=GWEN_CTF_Context_GetRemoteCryptKey(ctx);
00857 break;
00858 case 5:
00859 ki=GWEN_CTF_Context_GetLocalAuthKeyInfo(ctx);
00860 key=GWEN_CTF_Context_GetLocalAuthKey(ctx);
00861 break;
00862 case 6:
00863 ki=GWEN_CTF_Context_GetRemoteAuthKeyInfo(ctx);
00864 key=GWEN_CTF_Context_GetRemoteAuthKey(ctx);
00865 break;
00866 case 7:
00867 ki=GWEN_CTF_Context_GetTempLocalSignKeyInfo(ctx);
00868 key=GWEN_CTF_Context_GetTempLocalSignKey(ctx);
00869 break;
00870 default:
00871 DBG_INFO(GWEN_LOGDOMAIN, "No key by id [%x] known (key id out of range)", id);
00872 return GWEN_ERROR_NOT_FOUND;
00873 }
00874 assert(ki);
00875
00876 nflags=GWEN_Crypt_Token_KeyInfo_GetFlags(ki);
00877
00878 if (flags & GWEN_CRYPT_TOKEN_KEYFLAGS_HASSTATUS) {
00879
00880 }
00881
00882 if (flags & GWEN_CRYPT_TOKEN_KEYFLAGS_HASACTIONFLAGS) {
00883 nflags&=~GWEN_CRYPT_TOKEN_KEYFLAGS_ACTIONMASK;
00884 nflags|=(flags & GWEN_CRYPT_TOKEN_KEYFLAGS_ACTIONMASK);
00885 }
00886
00887 if (flags & GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYVERSION) {
00888 uint32_t i=GWEN_Crypt_Token_KeyInfo_GetKeyVersion(ski);
00889 GWEN_Crypt_Token_KeyInfo_SetKeyVersion(ki, i);
00890 nflags|=GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYVERSION;
00891 if (key)
00892 GWEN_Crypt_Key_SetKeyVersion(key, GWEN_Crypt_Token_KeyInfo_GetKeyVersion(ski));
00893 DBG_INFO(GWEN_LOGDOMAIN, "Setting key version");
00894 }
00895
00896 if (flags & GWEN_CRYPT_TOKEN_KEYFLAGS_HASSIGNCOUNTER) {
00897 uint32_t i=GWEN_Crypt_Token_KeyInfo_GetSignCounter(ski);
00898 GWEN_Crypt_Token_KeyInfo_SetSignCounter(ki, i);
00899 nflags|=GWEN_CRYPT_TOKEN_KEYFLAGS_HASSIGNCOUNTER;
00900 DBG_INFO(GWEN_LOGDOMAIN, "Setting signature counter");
00901 }
00902
00903 if (flags & GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYNUMBER) {
00904 uint32_t i=GWEN_Crypt_Token_KeyInfo_GetKeyNumber(ski);
00905 GWEN_Crypt_Token_KeyInfo_SetKeyNumber(ki, i);
00906 nflags|=GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYNUMBER;
00907 if (key)
00908 GWEN_Crypt_Key_SetKeyNumber(key, GWEN_Crypt_Token_KeyInfo_GetKeyNumber(ski));
00909 DBG_INFO(GWEN_LOGDOMAIN, "Setting key number");
00910 }
00911
00912
00913 if ((flags & GWEN_CRYPT_TOKEN_KEYFLAGS_HASMODULUS) &&
00914 (flags & GWEN_CRYPT_TOKEN_KEYFLAGS_HASEXPONENT) &&
00915 id!=1 &&
00916 id!=2 &&
00917 id!=5 &&
00918 id!=7) {
00919 GWEN_CRYPT_KEY *nkey;
00920
00921 GWEN_Crypt_Token_KeyInfo_SetKeySize(ki, GWEN_Crypt_Token_KeyInfo_GetKeySize(ski));
00922 GWEN_Crypt_Token_KeyInfo_SetModulus(ki,
00923 GWEN_Crypt_Token_KeyInfo_GetModulusData(ski),
00924 GWEN_Crypt_Token_KeyInfo_GetModulusLen(ski));
00925 nflags|=GWEN_CRYPT_TOKEN_KEYFLAGS_HASMODULUS;
00926 GWEN_Crypt_Token_KeyInfo_SetExponent(ki,
00927 GWEN_Crypt_Token_KeyInfo_GetExponentData(ski),
00928 GWEN_Crypt_Token_KeyInfo_GetExponentLen(ski));
00929 nflags|=GWEN_CRYPT_TOKEN_KEYFLAGS_HASEXPONENT;
00930 nkey=GWEN_Crypt_KeyRsa_fromModExp(GWEN_Crypt_Token_KeyInfo_GetKeySize(ski),
00931 GWEN_Crypt_Token_KeyInfo_GetModulusData(ski),
00932 GWEN_Crypt_Token_KeyInfo_GetModulusLen(ski),
00933 GWEN_Crypt_Token_KeyInfo_GetExponentData(ski),
00934 GWEN_Crypt_Token_KeyInfo_GetExponentLen(ski));
00935 assert(nkey);
00936
00937 if (nflags & GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYNUMBER)
00938 GWEN_Crypt_Key_SetKeyNumber(nkey, GWEN_Crypt_Token_KeyInfo_GetKeyNumber(ki));
00939 if (nflags & GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYVERSION)
00940 GWEN_Crypt_Key_SetKeyVersion(nkey, GWEN_Crypt_Token_KeyInfo_GetKeyVersion(ki));
00941
00942
00943 switch(id & 0xffff) {
00944 case 3:
00945 GWEN_CTF_Context_SetRemoteSignKey(ctx, nkey);
00946 break;
00947 case 4:
00948 GWEN_CTF_Context_SetRemoteCryptKey(ctx, nkey);
00949 break;
00950 case 6:
00951 GWEN_CTF_Context_SetRemoteAuthKey(ctx, nkey);
00952 break;
00953 default:
00954 DBG_ERROR(GWEN_LOGDOMAIN,
00955 "Can't set modulus and exponent for private key");
00956 GWEN_Crypt_Key_free(nkey);
00957 return GWEN_ERROR_INVALID;
00958 }
00959 GWEN_Gui_ProgressLog(gid, GWEN_LoggerLevel_Notice,
00960 I18N("Public key replaced"));
00961 }
00962 else {
00963 if (key) {
00964 if (flags & GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYNUMBER)
00965 GWEN_Crypt_Key_SetKeyNumber(key, GWEN_Crypt_Token_KeyInfo_GetKeyNumber(ki));
00966 if (flags & GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYVERSION)
00967 GWEN_Crypt_Key_SetKeyVersion(key, GWEN_Crypt_Token_KeyInfo_GetKeyVersion(ki));
00968 }
00969 }
00970
00971 GWEN_Crypt_Token_KeyInfo_SetFlags(ki, nflags);
00972
00973 rv=GWEN_Crypt_TokenFile__WriteFile(ct, 0, gid);
00974 if (rv) {
00975 DBG_INFO(GWEN_LOGDOMAIN, "Unable to write file");
00976 GWEN_Gui_ProgressLog(gid, GWEN_LoggerLevel_Error,
00977 I18N("Unable to write key file"));
00978 return rv;
00979 }
00980
00981 GWEN_Gui_ProgressLog(gid, GWEN_LoggerLevel_Notice,
00982 I18N("Key file saved"));
00983
00984 return 0;
00985 }
00986
00987
00988
00989 int GWENHYWFAR_CB
00990 GWEN_Crypt_TokenFile__ActivateKey(GWEN_CRYPT_TOKEN *ct, uint32_t id, uint32_t gid) {
00991 GWEN_CRYPT_TOKEN_FILE *lct;
00992 GWEN_CRYPT_TOKEN_CONTEXT *ctx;
00993 int rv;
00994 int i;
00995 uint32_t keyNum;
00996 uint8_t kbuf[GWEN_CRYPT_KEYRSA_MAX_KEYLENGTH];
00997 uint32_t klen;
00998 GWEN_CRYPT_TOKEN_KEYINFO *cki=NULL;
00999 GWEN_CRYPT_TOKEN_KEYINFO *ki;
01000 GWEN_CRYPT_KEY *key;
01001
01002 assert(ct);
01003 lct=GWEN_INHERIT_GETDATA(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE, ct);
01004 assert(lct);
01005
01006
01007 rv=GWEN_Crypt_TokenFile__ReloadIfNeeded(ct, gid);
01008 if (rv) {
01009 DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
01010 return rv;
01011 }
01012
01013 keyNum=id & 0xffff;
01014
01015 i=id>>16;
01016 ctx=GWEN_Crypt_Token_Context_List_First(lct->contextList);
01017 while(ctx) {
01018 if (i==0)
01019 break;
01020 ctx=GWEN_Crypt_Token_Context_List_Next(ctx);
01021 i--;
01022 }
01023
01024 if (ctx==NULL) {
01025 DBG_INFO(GWEN_LOGDOMAIN, "No key by id [%x] known (context out of range)", id);
01026 return GWEN_ERROR_NOT_FOUND;
01027 }
01028
01029 key=GWEN_CTF_Context_GetTempLocalSignKey(ctx);
01030 if (key==NULL) {
01031 DBG_ERROR(GWEN_LOGDOMAIN, "No temporary local sign key.");
01032 return GWEN_ERROR_NOT_FOUND;
01033 }
01034 key=GWEN_Crypt_KeyRsa_dup(key);
01035
01036
01037 if (keyNum==1)
01038 cki=GWEN_CTF_Context_GetLocalSignKeyInfo(ctx);
01039 else if (keyNum==6)
01040 cki=GWEN_CTF_Context_GetLocalAuthKeyInfo(ctx);
01041 else {
01042 GWEN_Gui_ProgressLog2(gid, GWEN_LoggerLevel_Error,
01043 I18N("Invalid key id %02x"), id);
01044 GWEN_Crypt_Key_free(key);
01045 return GWEN_ERROR_NO_DATA;
01046 }
01047 if (cki==NULL) {
01048 GWEN_Gui_ProgressLog(gid, GWEN_LoggerLevel_Error,
01049 I18N("No key info found"));
01050 GWEN_Crypt_Key_free(key);
01051 return GWEN_ERROR_NO_DATA;
01052 }
01053
01054
01055 ki=GWEN_Crypt_Token_KeyInfo_dup(cki);
01056 assert(ki);
01057
01058
01059 klen=sizeof(kbuf);
01060 rv=GWEN_Crypt_KeyRsa_GetModulus(key, kbuf, &klen);
01061 if (rv) {
01062 DBG_INFO(GWEN_LOGDOMAIN, "No modulus for key");
01063 GWEN_Crypt_Token_KeyInfo_free(ki);
01064 GWEN_Crypt_Key_free(key);
01065 return rv;
01066 }
01067 GWEN_Crypt_Token_KeyInfo_SetModulus(ki, kbuf, klen);
01068
01069
01070 klen=sizeof(kbuf);
01071 rv=GWEN_Crypt_KeyRsa_GetExponent(key, kbuf, &klen);
01072 if (rv) {
01073 DBG_INFO(GWEN_LOGDOMAIN, "No exponent for key");
01074 GWEN_Crypt_Token_KeyInfo_free(ki);
01075 GWEN_Crypt_Key_free(key);
01076 return rv;
01077 }
01078 GWEN_Crypt_Token_KeyInfo_SetExponent(ki, kbuf, klen);
01079 GWEN_Crypt_Token_KeyInfo_SetKeyNumber(ki, GWEN_Crypt_Key_GetKeyNumber(key));
01080 GWEN_Crypt_Token_KeyInfo_SetKeyVersion(ki, GWEN_Crypt_Key_GetKeyVersion(key));
01081
01082 if (keyNum==1) {
01083 if (GWEN_Crypt_Token_GetModes(ct) & GWEN_CRYPT_TOKEN_MODE_DIRECT_SIGN){
01084 DBG_DEBUG(GWEN_LOGDOMAIN, "Adding mode \"direct sign\" to key");
01085 GWEN_Crypt_KeyRsa_AddFlags(key, GWEN_CRYPT_KEYRSA_FLAGS_DIRECTSIGN);
01086 }
01087 GWEN_CTF_Context_SetLocalSignKey(ctx, key);
01088 GWEN_Crypt_Token_KeyInfo_AddFlags(ki,
01089 GWEN_CRYPT_TOKEN_KEYFLAGS_HASMODULUS |
01090 GWEN_CRYPT_TOKEN_KEYFLAGS_HASEXPONENT |
01091 GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYNUMBER |
01092 GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYVERSION |
01093 GWEN_CRYPT_TOKEN_KEYFLAGS_HASSIGNCOUNTER |
01094 GWEN_CRYPT_TOKEN_KEYFLAGS_HASACTIONFLAGS |
01095 GWEN_CRYPT_TOKEN_KEYFLAGS_CANVERIFY |
01096 GWEN_CRYPT_TOKEN_KEYFLAGS_CANSIGN);
01097 GWEN_Crypt_Token_KeyInfo_SetSignCounter(ki, 1);
01098 GWEN_CTF_Context_SetLocalSignKeyInfo(ctx, ki);
01099 }
01100 else if (keyNum==6) {
01101 if (GWEN_Crypt_Token_GetModes(ct) & GWEN_CRYPT_TOKEN_MODE_DIRECT_SIGN){
01102 DBG_DEBUG(GWEN_LOGDOMAIN, "Adding mode \"direct sign\" to key");
01103 GWEN_Crypt_KeyRsa_AddFlags(key, GWEN_CRYPT_KEYRSA_FLAGS_DIRECTSIGN);
01104 }
01105 GWEN_CTF_Context_SetLocalAuthKey(ctx, key);
01106 GWEN_Crypt_Token_KeyInfo_AddFlags(ki,
01107 GWEN_CRYPT_TOKEN_KEYFLAGS_HASMODULUS |
01108 GWEN_CRYPT_TOKEN_KEYFLAGS_HASEXPONENT |
01109 GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYNUMBER |
01110 GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYVERSION |
01111 GWEN_CRYPT_TOKEN_KEYFLAGS_HASSIGNCOUNTER |
01112 GWEN_CRYPT_TOKEN_KEYFLAGS_HASACTIONFLAGS |
01113 GWEN_CRYPT_TOKEN_KEYFLAGS_CANVERIFY |
01114 GWEN_CRYPT_TOKEN_KEYFLAGS_CANSIGN);
01115 GWEN_Crypt_Token_KeyInfo_SetSignCounter(ki, 1);
01116 GWEN_CTF_Context_SetLocalAuthKeyInfo(ctx, ki);
01117 }
01118
01119 rv=GWEN_Crypt_TokenFile__WriteFile(ct, 0, gid);
01120 if (rv) {
01121 DBG_INFO(GWEN_LOGDOMAIN, "Unable to write file");
01122 GWEN_Gui_ProgressLog(gid, GWEN_LoggerLevel_Error,
01123 I18N("Unable to write key file"));
01124 return rv;
01125 }
01126
01127 GWEN_Gui_ProgressLog(gid, GWEN_LoggerLevel_Notice,
01128 I18N("Key file saved"));
01129
01130 return 0;
01131 }
01132
01133
01134
01135 int GWENHYWFAR_CB
01136 GWEN_Crypt_TokenFile__GetContextIdList(GWEN_CRYPT_TOKEN *ct,
01137 uint32_t *pIdList,
01138 uint32_t *pCount,
01139 uint32_t gid) {
01140 GWEN_CRYPT_TOKEN_FILE *lct;
01141 GWEN_CRYPT_TOKEN_CONTEXT *ctx;
01142 int i;
01143 int rv;
01144
01145 assert(ct);
01146 lct=GWEN_INHERIT_GETDATA(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE, ct);
01147 assert(lct);
01148
01149
01150 rv=GWEN_Crypt_TokenFile__ReloadIfNeeded(ct, gid);
01151 if (rv) {
01152 DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
01153 return rv;
01154 }
01155
01156
01157 i=0;
01158 ctx=GWEN_Crypt_Token_Context_List_First(lct->contextList);
01159 while(ctx) {
01160 i++;
01161 ctx=GWEN_Crypt_Token_Context_List_Next(ctx);
01162 }
01163
01164
01165 *pCount=i;
01166
01167
01168 if (pIdList==NULL)
01169 return 0;
01170
01171 if (*pCount<i) {
01172 DBG_INFO(GWEN_LOGDOMAIN, "Buffer too small");
01173 return GWEN_ERROR_BUFFER_OVERFLOW;
01174 }
01175
01176 i=1;
01177 ctx=GWEN_Crypt_Token_Context_List_First(lct->contextList);
01178 while(ctx) {
01179 *(pIdList++)=i;
01180 ctx=GWEN_Crypt_Token_Context_List_Next(ctx);
01181 i++;
01182 }
01183
01184 return 0;
01185 }
01186
01187
01188
01189 const GWEN_CRYPT_TOKEN_CONTEXT* GWENHYWFAR_CB
01190 GWEN_Crypt_TokenFile__GetContext(GWEN_CRYPT_TOKEN *ct,
01191 uint32_t id,
01192 uint32_t gid) {
01193 GWEN_CRYPT_TOKEN_FILE *lct;
01194 GWEN_CRYPT_TOKEN_CONTEXT *ctx;
01195 int rv;
01196
01197 assert(ct);
01198 lct=GWEN_INHERIT_GETDATA(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE, ct);
01199 assert(lct);
01200
01201
01202 rv=GWEN_Crypt_TokenFile__ReloadIfNeeded(ct, gid);
01203 if (rv) {
01204 DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
01205 return NULL;
01206 }
01207
01208 if (id==0) {
01209 DBG_INFO(GWEN_LOGDOMAIN, "Invalid context id 0");
01210 return NULL;
01211 }
01212
01213 ctx=GWEN_Crypt_Token_Context_List_First(lct->contextList);
01214 while(ctx) {
01215 if (GWEN_Crypt_Token_Context_GetId(ctx)==id)
01216 break;
01217 ctx=GWEN_Crypt_Token_Context_List_Next(ctx);
01218 }
01219
01220 if (ctx==NULL) {
01221 DBG_INFO(GWEN_LOGDOMAIN, "No context by id [%x] known", id);
01222 return NULL;
01223 }
01224
01225 return ctx;
01226 }
01227
01228
01229
01230 int GWENHYWFAR_CB
01231 GWEN_Crypt_TokenFile__SetContext(GWEN_CRYPT_TOKEN *ct,
01232 uint32_t id,
01233 const GWEN_CRYPT_TOKEN_CONTEXT *nctx,
01234 uint32_t gid) {
01235 GWEN_CRYPT_TOKEN_FILE *lct;
01236 GWEN_CRYPT_TOKEN_CONTEXT *ctx;
01237 int rv;
01238 const char *s;
01239
01240 assert(ct);
01241 lct=GWEN_INHERIT_GETDATA(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE, ct);
01242 assert(lct);
01243
01244 if (id==0) {
01245 DBG_INFO(GWEN_LOGDOMAIN, "Invalid context id 0");
01246 return GWEN_ERROR_INVALID;
01247 }
01248
01249
01250 rv=GWEN_Crypt_TokenFile__ReloadIfNeeded(ct, gid);
01251 if (rv) {
01252 DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
01253 return rv;
01254 }
01255
01256 ctx=GWEN_Crypt_Token_Context_List_First(lct->contextList);
01257 while(ctx) {
01258 if (GWEN_Crypt_Token_Context_GetId(ctx)==id)
01259 break;
01260 ctx=GWEN_Crypt_Token_Context_List_Next(ctx);
01261 }
01262
01263 if (ctx==NULL) {
01264 DBG_INFO(GWEN_LOGDOMAIN, "No context by id [%x] known", id);
01265 return GWEN_ERROR_NOT_FOUND;
01266 }
01267
01268
01269 s=GWEN_Crypt_Token_Context_GetServiceId(nctx);
01270 GWEN_Crypt_Token_Context_SetServiceId(ctx, s);
01271 s=GWEN_Crypt_Token_Context_GetUserId(nctx);
01272 GWEN_Crypt_Token_Context_SetUserId(ctx, s);
01273 s=GWEN_Crypt_Token_Context_GetUserName(nctx);
01274 GWEN_Crypt_Token_Context_SetUserName(ctx, s);
01275 s=GWEN_Crypt_Token_Context_GetPeerId(nctx);
01276 GWEN_Crypt_Token_Context_SetPeerId(ctx, s);
01277 s=GWEN_Crypt_Token_Context_GetAddress(nctx);
01278 GWEN_Crypt_Token_Context_SetAddress(ctx, s);
01279 GWEN_Crypt_Token_Context_SetPort(ctx, GWEN_Crypt_Token_Context_GetPort(nctx));
01280 s=GWEN_Crypt_Token_Context_GetSystemId(nctx);
01281 GWEN_Crypt_Token_Context_SetSystemId(ctx, s);
01282
01283 return 0;
01284 }
01285
01286
01287
01288 GWEN_CRYPT_KEY *GWEN_Crypt_TokenFile__GetKey(GWEN_CRYPT_TOKEN *ct, uint32_t id, uint32_t gid) {
01289 GWEN_CRYPT_TOKEN_FILE *lct;
01290 GWEN_CRYPT_TOKEN_CONTEXT *ctx;
01291 int i;
01292 int rv;
01293
01294 assert(ct);
01295 lct=GWEN_INHERIT_GETDATA(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE, ct);
01296 assert(lct);
01297
01298
01299 rv=GWEN_Crypt_TokenFile__ReloadIfNeeded(ct, gid);
01300 if (rv) {
01301 DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
01302 return NULL;
01303 }
01304
01305 i=id>>16;
01306 ctx=GWEN_Crypt_Token_Context_List_First(lct->contextList);
01307 while(ctx) {
01308 if (i==0)
01309 break;
01310 ctx=GWEN_Crypt_Token_Context_List_Next(ctx);
01311 i--;
01312 }
01313
01314 if (ctx==NULL) {
01315 DBG_INFO(GWEN_LOGDOMAIN, "No key by id [%x] known (context out of range)", id);
01316 return NULL;
01317 }
01318
01319 switch(id & 0xffff) {
01320 case 1: return GWEN_CTF_Context_GetLocalSignKey(ctx);
01321 case 2: return GWEN_CTF_Context_GetLocalCryptKey(ctx);
01322 case 3: return GWEN_CTF_Context_GetRemoteSignKey(ctx);
01323 case 4: return GWEN_CTF_Context_GetRemoteCryptKey(ctx);
01324 case 5: return GWEN_CTF_Context_GetLocalAuthKey(ctx);
01325 case 6: return GWEN_CTF_Context_GetRemoteAuthKey(ctx);
01326 default:
01327 DBG_INFO(GWEN_LOGDOMAIN, "No key by id [%x] known (key id out of range)", id);
01328 return NULL;
01329 }
01330 }
01331
01332
01333
01334 int GWENHYWFAR_CB
01335 GWEN_Crypt_TokenFile__Sign(GWEN_CRYPT_TOKEN *ct,
01336 uint32_t keyId,
01337 GWEN_CRYPT_PADDALGO *a,
01338 const uint8_t *pInData,
01339 uint32_t inLen,
01340 uint8_t *pSignatureData,
01341 uint32_t *pSignatureLen,
01342 uint32_t *pSeqCounter,
01343 uint32_t gid) {
01344 GWEN_CRYPT_TOKEN_FILE *lct;
01345 GWEN_CRYPT_TOKEN_CONTEXT *ctx;
01346 GWEN_CRYPT_KEY *k;
01347 int keyNum;
01348 GWEN_BUFFER *srcBuf;
01349 int i;
01350 int rv;
01351 GWEN_CRYPT_PADDALGOID aid;
01352
01353 assert(ct);
01354 lct=GWEN_INHERIT_GETDATA(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE, ct);
01355 assert(lct);
01356
01357 DBG_INFO(GWEN_LOGDOMAIN, "Signing with key %d", keyId);
01358 aid=GWEN_Crypt_PaddAlgo_GetId(a);
01359
01360
01361 rv=GWEN_Crypt_TokenFile__ReloadIfNeeded(ct, gid);
01362 if (rv) {
01363 DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
01364 return rv;
01365 }
01366
01367
01368 i=(keyId>>16);
01369 ctx=GWEN_Crypt_Token_Context_List_First(lct->contextList);
01370 if (ctx==NULL) {
01371 DBG_ERROR(GWEN_LOGDOMAIN, "Token has no context");
01372 return GWEN_ERROR_NOT_FOUND;
01373 }
01374 while(ctx) {
01375 if (i==0)
01376 break;
01377 DBG_ERROR(GWEN_LOGDOMAIN, "Checking token %d (i==%d)",
01378 GWEN_Crypt_Token_Context_GetId(ctx), i);
01379 ctx=GWEN_Crypt_Token_Context_List_Next(ctx);
01380 i--;
01381 }
01382
01383 if (ctx==NULL) {
01384 DBG_INFO(GWEN_LOGDOMAIN, "No context by id [%x] known", (keyId>>16) & 0xffff);
01385 return GWEN_ERROR_NOT_FOUND;
01386 }
01387
01388
01389 keyNum=keyId & 0xffff;
01390 if (keyNum!=1 && keyNum!=5) {
01391
01392 DBG_INFO(GWEN_LOGDOMAIN, "Bad key for signing (%x)", keyId);
01393 return GWEN_ERROR_INVALID;
01394 }
01395
01396 k=GWEN_Crypt_TokenFile__GetKey(ct, keyId, gid);
01397 if (k==NULL) {
01398 DBG_INFO(GWEN_LOGDOMAIN, "Key not found");
01399 return GWEN_ERROR_NOT_FOUND;
01400 }
01401
01402
01403 srcBuf=GWEN_Buffer_new(0, inLen, 0, 0);
01404
01405 if (aid==GWEN_Crypt_PaddAlgoId_Pkcs1_Pss_Sha256) {
01406 const GWEN_CRYPT_TOKEN_KEYINFO *ki;
01407 int nbits;
01408 const uint8_t *modPtr;
01409 uint32_t modLen;
01410 GWEN_MDIGEST *md;
01411
01412 switch(keyId & 0xffff) {
01413 case 1: ki=GWEN_CTF_Context_GetLocalSignKeyInfo(ctx); break;
01414 case 5: ki=GWEN_CTF_Context_GetLocalAuthKeyInfo(ctx); break;
01415 default: ki=NULL;
01416 }
01417
01418 if (ki==NULL) {
01419 DBG_ERROR(GWEN_LOGDOMAIN, "No information for key %d", keyNum);
01420 GWEN_Buffer_free(srcBuf);
01421 return GWEN_ERROR_GENERIC;
01422 }
01423
01424
01425 modPtr=GWEN_Crypt_Token_KeyInfo_GetModulusData(ki);
01426 modLen=GWEN_Crypt_Token_KeyInfo_GetModulusLen(ki);
01427 nbits=modLen*8;
01428 while(modLen && *modPtr==0) {
01429 nbits-=8;
01430 modLen--;
01431 modPtr++;
01432 }
01433 if (modLen) {
01434 uint8_t b=*modPtr;
01435 int i;
01436 uint8_t mask=0x80;
01437
01438 for (i=0; i<8; i++) {
01439 if (b & mask)
01440 break;
01441 nbits--;
01442 mask>>=1;
01443 }
01444 }
01445
01446 if (nbits==0) {
01447 DBG_ERROR(GWEN_LOGDOMAIN, "Empty modulus");
01448 GWEN_Buffer_free(srcBuf);
01449 return GWEN_ERROR_GENERIC;
01450 }
01451
01452 md=GWEN_MDigest_Sha256_new();
01453 GWEN_Buffer_AllocRoom(srcBuf, modLen);
01454
01455 rv=GWEN_Padd_AddPkcs1Pss((uint8_t*) GWEN_Buffer_GetStart(srcBuf),
01456 GWEN_Buffer_GetMaxUnsegmentedWrite(srcBuf),
01457 nbits,
01458 pInData, inLen,
01459 inLen,
01460 md);
01461 GWEN_MDigest_free(md);
01462 if (rv<0) {
01463 DBG_ERROR(GWEN_LOGDOMAIN, "here (%d)", rv);
01464 GWEN_Buffer_free(srcBuf);
01465 return rv;
01466 }
01467
01468 GWEN_Buffer_IncrementPos(srcBuf, rv);
01469 GWEN_Buffer_AdjustUsedBytes(srcBuf);
01470 }
01471 else {
01472 GWEN_Buffer_AppendBytes(srcBuf, (const char*)pInData, inLen);
01473
01474
01475 rv=GWEN_Padd_ApplyPaddAlgo(a, srcBuf);
01476 if (rv) {
01477 DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
01478 GWEN_Buffer_free(srcBuf);
01479 return rv;
01480 }
01481 }
01482
01483
01484 rv=GWEN_Crypt_Key_Sign(k,
01485 (const uint8_t*)GWEN_Buffer_GetStart(srcBuf),
01486 GWEN_Buffer_GetUsedBytes(srcBuf),
01487 pSignatureData,
01488 pSignatureLen);
01489 GWEN_Buffer_free(srcBuf);
01490 if (rv) {
01491 DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
01492 return rv;
01493 }
01494
01495 if (pSeqCounter) {
01496 GWEN_CRYPT_TOKEN_KEYINFO *ki;
01497
01498
01499 switch(keyId & 0xffff) {
01500 case 1: ki=GWEN_CTF_Context_GetLocalSignKeyInfo(ctx); break;
01501 case 5: ki=GWEN_CTF_Context_GetLocalAuthKeyInfo(ctx); break;
01502 default: ki=NULL;
01503 }
01504 if (ki &&
01505 (GWEN_Crypt_Token_KeyInfo_GetFlags(ki) & GWEN_CRYPT_TOKEN_KEYFLAGS_HASSIGNCOUNTER)) {
01506 unsigned int seq;
01507
01508 seq=GWEN_Crypt_Token_KeyInfo_GetSignCounter(ki);
01509 *pSeqCounter=seq;
01510 GWEN_Crypt_Token_KeyInfo_SetSignCounter(ki, ++seq);
01511
01512 rv=GWEN_Crypt_TokenFile__WriteFile(ct, 0, gid);
01513 if (rv) {
01514 DBG_INFO(GWEN_LOGDOMAIN, "Unable to write file");
01515 return rv;
01516 }
01517 }
01518 else {
01519 DBG_WARN(GWEN_LOGDOMAIN, "No sign counter for key %04x", keyId);
01520 *pSeqCounter=0;
01521 }
01522 }
01523
01524 return 0;
01525 }
01526
01527
01528
01529 int GWENHYWFAR_CB
01530 GWEN_Crypt_TokenFile__Verify(GWEN_CRYPT_TOKEN *ct,
01531 uint32_t keyId,
01532 GWEN_CRYPT_PADDALGO *a,
01533 const uint8_t *pInData,
01534 uint32_t inLen,
01535 const uint8_t *pSignatureData,
01536 uint32_t signatureLen,
01537 uint32_t seqCounter,
01538 uint32_t gid) {
01539 GWEN_CRYPT_TOKEN_FILE *lct;
01540 GWEN_CRYPT_TOKEN_CONTEXT *ctx;
01541 GWEN_CRYPT_KEY *k;
01542 int keyNum;
01543 int i;
01544 int rv;
01545 GWEN_CRYPT_PADDALGOID aid;
01546
01547 assert(ct);
01548 lct=GWEN_INHERIT_GETDATA(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE, ct);
01549 assert(lct);
01550
01551 DBG_INFO(GWEN_LOGDOMAIN, "Verifying with key %d", keyId);
01552
01553 aid=GWEN_Crypt_PaddAlgo_GetId(a);
01554
01555
01556 rv=GWEN_Crypt_TokenFile__ReloadIfNeeded(ct, gid);
01557 if (rv) {
01558 DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
01559 return rv;
01560 }
01561
01562
01563 i=(keyId>>16);
01564 ctx=GWEN_Crypt_Token_Context_List_First(lct->contextList);
01565 while(ctx) {
01566 if (i==0)
01567 break;
01568 ctx=GWEN_Crypt_Token_Context_List_Next(ctx);
01569 i--;
01570 }
01571
01572 if (ctx==NULL) {
01573 DBG_INFO(GWEN_LOGDOMAIN, "No context by id [%x] known", (keyId>>16) & 0xffff);
01574 return GWEN_ERROR_NOT_FOUND;
01575 }
01576
01577
01578 keyNum=keyId & 0xffff;
01579 if (keyNum!=1 && keyNum!=3 && keyNum!=6) {
01580
01581 DBG_INFO(GWEN_LOGDOMAIN, "Bad key for verifying (%x)", keyId);
01582 return GWEN_ERROR_INVALID;
01583 }
01584
01585 k=GWEN_Crypt_TokenFile__GetKey(ct, keyId, gid);
01586 if (k==NULL) {
01587 DBG_INFO(GWEN_LOGDOMAIN, "Key not found");
01588 return GWEN_ERROR_NO_KEY;
01589 }
01590
01591 if (aid==GWEN_Crypt_PaddAlgoId_Iso9796_2 ||
01592 aid==GWEN_Crypt_PaddAlgoId_Pkcs1_2 ||
01593 aid==GWEN_Crypt_PaddAlgoId_Pkcs1_Pss_Sha256) {
01594 GWEN_BUFFER *tbuf;
01595 uint32_t l;
01596
01597
01598
01599 tbuf=GWEN_Buffer_new(0, signatureLen+16, 0, 0);
01600 l=GWEN_Buffer_GetMaxUnsegmentedWrite(tbuf);
01601 rv=GWEN_Crypt_Key_Encipher(k,
01602 pSignatureData, signatureLen,
01603 (uint8_t*)GWEN_Buffer_GetStart(tbuf),
01604 &l);
01605 if (rv<0) {
01606 DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
01607 GWEN_Buffer_free(tbuf);
01608 return rv;
01609 }
01610 GWEN_Buffer_IncrementPos(tbuf, l);
01611 GWEN_Buffer_AdjustUsedBytes(tbuf);
01612
01613 if (aid==GWEN_Crypt_PaddAlgoId_Pkcs1_Pss_Sha256) {
01614 const GWEN_CRYPT_TOKEN_KEYINFO *ki;
01615 int nbits;
01616 const uint8_t *modPtr;
01617 uint32_t modLen;
01618 GWEN_MDIGEST *md;
01619
01620 if (keyNum==3)
01621 ki=GWEN_CTF_Context_GetRemoteSignKeyInfo(ctx);
01622 else
01623 ki=GWEN_CTF_Context_GetRemoteAuthKeyInfo(ctx);
01624 if (ki==NULL) {
01625 DBG_ERROR(GWEN_LOGDOMAIN, "No information for key %d", keyNum);
01626 GWEN_Buffer_free(tbuf);
01627 return GWEN_ERROR_GENERIC;
01628 }
01629
01630
01631 modPtr=GWEN_Crypt_Token_KeyInfo_GetModulusData(ki);
01632 modLen=GWEN_Crypt_Token_KeyInfo_GetModulusLen(ki);
01633 nbits=modLen*8;
01634 while(modLen && *modPtr==0) {
01635 nbits-=8;
01636 modLen--;
01637 modPtr++;
01638 }
01639 if (modLen) {
01640 uint8_t b=*modPtr;
01641 int i;
01642 uint8_t mask=0x80;
01643
01644 for (i=0; i<8; i++) {
01645 if (b & mask)
01646 break;
01647 nbits--;
01648 mask>>=1;
01649 }
01650 }
01651
01652 if (nbits==0) {
01653 DBG_ERROR(GWEN_LOGDOMAIN, "Empty modulus");
01654 GWEN_Buffer_free(tbuf);
01655 return GWEN_ERROR_GENERIC;
01656 }
01657
01658 md=GWEN_MDigest_Sha256_new();
01659 rv=GWEN_Padd_VerifyPkcs1Pss((const uint8_t*) GWEN_Buffer_GetStart(tbuf),
01660 GWEN_Buffer_GetUsedBytes(tbuf),
01661 nbits,
01662 pInData, inLen,
01663 inLen,
01664 md);
01665 GWEN_MDigest_free(md);
01666 if (rv<0) {
01667 DBG_ERROR(GWEN_LOGDOMAIN, "here (%d)", rv);
01668 return rv;
01669 }
01670 }
01671 else {
01672 rv=GWEN_Padd_UnapplyPaddAlgo(a, tbuf);
01673 if (rv<0) {
01674 DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
01675 GWEN_Buffer_free(tbuf);
01676 return rv;
01677 }
01678 l=GWEN_Buffer_GetUsedBytes(tbuf);
01679
01680 if (l!=inLen) {
01681 DBG_ERROR(GWEN_LOGDOMAIN, "Signature length doesn't match");
01682 GWEN_Buffer_free(tbuf);
01683 return GWEN_ERROR_VERIFY;
01684 }
01685 if (memcmp(pInData, GWEN_Buffer_GetStart(tbuf), l)!=0) {
01686 DBG_ERROR(GWEN_LOGDOMAIN, "Signature doesn't match:");
01687 GWEN_Buffer_free(tbuf);
01688 return GWEN_ERROR_VERIFY;
01689 }
01690 }
01691 }
01692 else {
01693 GWEN_BUFFER *srcBuf;
01694
01695
01696 srcBuf=GWEN_Buffer_new(0, inLen, 0, 0);
01697 GWEN_Buffer_AppendBytes(srcBuf, (const char*)pInData, inLen);
01698
01699
01700 rv=GWEN_Padd_ApplyPaddAlgo(a, srcBuf);
01701 if (rv) {
01702 DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
01703 GWEN_Buffer_free(srcBuf);
01704 return rv;
01705 }
01706
01707
01708 rv=GWEN_Crypt_Key_Verify(k,
01709 (const uint8_t*)GWEN_Buffer_GetStart(srcBuf),
01710 GWEN_Buffer_GetUsedBytes(srcBuf),
01711 pSignatureData,
01712 signatureLen);
01713 GWEN_Buffer_free(srcBuf);
01714 if (rv) {
01715 DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
01716 return rv;
01717 }
01718 }
01719
01720 if (seqCounter) {
01721 GWEN_CRYPT_TOKEN_KEYINFO *ki;
01722
01723
01724 if (keyNum==3)
01725 ki=GWEN_CTF_Context_GetRemoteSignKeyInfo(ctx);
01726 else
01727 ki=GWEN_CTF_Context_GetRemoteAuthKeyInfo(ctx);
01728 if (ki &&
01729 (GWEN_Crypt_Token_KeyInfo_GetFlags(ki) & GWEN_CRYPT_TOKEN_KEYFLAGS_HASSIGNCOUNTER)) {
01730 unsigned int seq;
01731
01732 seq=GWEN_Crypt_Token_KeyInfo_GetSignCounter(ki);
01733
01734 if (seq>=seqCounter) {
01735 DBG_WARN(GWEN_LOGDOMAIN, "Bad remote sequence counter (possibly replay attack!)");
01736 return GWEN_ERROR_VERIFY;
01737 }
01738 GWEN_Crypt_Token_KeyInfo_SetSignCounter(ki, seqCounter);
01739
01740
01741 rv=GWEN_Crypt_TokenFile__WriteFile(ct, 0, gid);
01742 if (rv) {
01743 DBG_INFO(GWEN_LOGDOMAIN, "Unable to write file");
01744 return rv;
01745 }
01746 }
01747 else {
01748 DBG_WARN(GWEN_LOGDOMAIN, "No sign counter for key %04x", keyId);
01749 }
01750
01751 }
01752
01753 return 0;
01754 }
01755
01756
01757
01758 int GWENHYWFAR_CB
01759 GWEN_Crypt_TokenFile__Encipher(GWEN_CRYPT_TOKEN *ct,
01760 uint32_t keyId,
01761 GWEN_CRYPT_PADDALGO *a,
01762 const uint8_t *pInData,
01763 uint32_t inLen,
01764 uint8_t *pOutData,
01765 uint32_t *pOutLen,
01766 uint32_t gid) {
01767 GWEN_CRYPT_TOKEN_FILE *lct;
01768 GWEN_CRYPT_TOKEN_CONTEXT *ctx;
01769 GWEN_CRYPT_KEY *k;
01770 int keyNum;
01771 GWEN_BUFFER *srcBuf;
01772 int i;
01773 int rv;
01774
01775 assert(ct);
01776 lct=GWEN_INHERIT_GETDATA(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE, ct);
01777 assert(lct);
01778
01779 DBG_INFO(GWEN_LOGDOMAIN, "Enciphering with key %d", keyId);
01780
01781
01782 rv=GWEN_Crypt_TokenFile__ReloadIfNeeded(ct, gid);
01783 if (rv) {
01784 DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
01785 return rv;
01786 }
01787
01788
01789 i=(keyId>>16);
01790 ctx=GWEN_Crypt_Token_Context_List_First(lct->contextList);
01791 while(ctx) {
01792 if (i==0)
01793 break;
01794 ctx=GWEN_Crypt_Token_Context_List_Next(ctx);
01795 i--;
01796 }
01797
01798 if (ctx==NULL) {
01799 DBG_INFO(GWEN_LOGDOMAIN, "No context by id [%x] known", (keyId>>16) & 0xffff);
01800 return GWEN_ERROR_NOT_FOUND;
01801 }
01802
01803
01804 keyNum=keyId & 0xffff;
01805 if (keyNum!=2 && keyNum!=4) {
01806
01807 DBG_INFO(GWEN_LOGDOMAIN, "Bad key for encrypting (%x)", keyId);
01808 return GWEN_ERROR_INVALID;
01809 }
01810
01811 k=GWEN_Crypt_TokenFile__GetKey(ct, keyId, gid);
01812 if (k==NULL) {
01813 DBG_INFO(GWEN_LOGDOMAIN, "Key %d not found", keyId);
01814 return GWEN_ERROR_NOT_FOUND;
01815 }
01816
01817
01818 srcBuf=GWEN_Buffer_new(0, inLen, 0, 0);
01819 GWEN_Buffer_AppendBytes(srcBuf, (const char*)pInData, inLen);
01820 GWEN_Buffer_Rewind(srcBuf);
01821
01822
01823 rv=GWEN_Padd_ApplyPaddAlgo(a, srcBuf);
01824 if (rv) {
01825 DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
01826 GWEN_Buffer_free(srcBuf);
01827 return rv;
01828 }
01829
01830
01831 rv=GWEN_Crypt_Key_Encipher(k,
01832 (const uint8_t*)GWEN_Buffer_GetStart(srcBuf),
01833 GWEN_Buffer_GetUsedBytes(srcBuf),
01834 pOutData,
01835 pOutLen);
01836 GWEN_Buffer_free(srcBuf);
01837 if (rv) {
01838 DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
01839 return rv;
01840 }
01841
01842 return 0;
01843 }
01844
01845
01846
01847 int GWENHYWFAR_CB
01848 GWEN_Crypt_TokenFile__Decipher(GWEN_CRYPT_TOKEN *ct,
01849 uint32_t keyId,
01850 GWEN_CRYPT_PADDALGO *a,
01851 const uint8_t *pInData,
01852 uint32_t inLen,
01853 uint8_t *pOutData,
01854 uint32_t *pOutLen,
01855 uint32_t gid) {
01856 GWEN_CRYPT_TOKEN_FILE *lct;
01857 GWEN_CRYPT_TOKEN_CONTEXT *ctx;
01858 GWEN_CRYPT_KEY *k;
01859 int keyNum;
01860 GWEN_BUFFER *tbuf;
01861 int i;
01862 int rv;
01863 uint32_t l;
01864
01865 assert(ct);
01866 lct=GWEN_INHERIT_GETDATA(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE, ct);
01867 assert(lct);
01868
01869 DBG_INFO(GWEN_LOGDOMAIN, "Deciphering with key %d", keyId);
01870
01871
01872 rv=GWEN_Crypt_TokenFile__ReloadIfNeeded(ct, gid);
01873 if (rv) {
01874 DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
01875 return rv;
01876 }
01877
01878
01879 i=(keyId>>16);
01880 ctx=GWEN_Crypt_Token_Context_List_First(lct->contextList);
01881 while(ctx) {
01882 if (i==0)
01883 break;
01884 ctx=GWEN_Crypt_Token_Context_List_Next(ctx);
01885 i--;
01886 }
01887
01888 if (ctx==NULL) {
01889 DBG_INFO(GWEN_LOGDOMAIN, "No context by id [%x] known", (keyId>>16) & 0xffff);
01890 return GWEN_ERROR_NOT_FOUND;
01891 }
01892
01893
01894 keyNum=keyId & 0xffff;
01895 if (keyNum!=2 && keyNum!=4) {
01896
01897 DBG_INFO(GWEN_LOGDOMAIN, "Bad key for decrypting (%x)", keyId);
01898 return GWEN_ERROR_INVALID;
01899 }
01900
01901 k=GWEN_Crypt_TokenFile__GetKey(ct, keyId, gid);
01902 if (k==NULL) {
01903 DBG_INFO(GWEN_LOGDOMAIN, "Key not found");
01904 return GWEN_ERROR_NOT_FOUND;
01905 }
01906
01907
01908 tbuf=GWEN_Buffer_new(0, inLen+16, 0, 1);
01909 l=GWEN_Buffer_GetMaxUnsegmentedWrite(tbuf);
01910 rv=GWEN_Crypt_Key_Decipher(k,
01911 pInData, inLen,
01912 (uint8_t*)GWEN_Buffer_GetStart(tbuf), &l);
01913 if (rv<0) {
01914 DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
01915 GWEN_Buffer_free(tbuf);
01916 return rv;
01917 }
01918 GWEN_Buffer_IncrementPos(tbuf, l);
01919 GWEN_Buffer_AdjustUsedBytes(tbuf);
01920
01921
01922 rv=GWEN_Padd_UnapplyPaddAlgo(a, tbuf);
01923 if (rv) {
01924 DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
01925 GWEN_Buffer_free(tbuf);
01926 return rv;
01927 }
01928
01929
01930 l=GWEN_Buffer_GetUsedBytes(tbuf);
01931 if (l>*pOutLen) {
01932 DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
01933 GWEN_Buffer_free(tbuf);
01934 return GWEN_ERROR_BUFFER_OVERFLOW;
01935 }
01936 memmove(pOutData, GWEN_Buffer_GetStart(tbuf), l);
01937 *pOutLen=l;
01938 GWEN_Buffer_free(tbuf);
01939
01940 return 0;
01941 }
01942
01943
01944
01945 int GWENHYWFAR_CB
01946 GWEN_Crypt_TokenFile__GenerateKey(GWEN_CRYPT_TOKEN *ct,
01947 uint32_t keyId,
01948 const GWEN_CRYPT_CRYPTALGO *a,
01949 uint32_t gid) {
01950 GWEN_CRYPT_TOKEN_FILE *lct;
01951 GWEN_CRYPT_KEY *pubKey;
01952 GWEN_CRYPT_KEY *secKey;
01953 int rv;
01954 uint32_t keyNum;
01955 GWEN_CRYPT_TOKEN_CONTEXT *ctx;
01956 int i;
01957 uint8_t kbuf[GWEN_CRYPT_KEYRSA_MAX_KEYLENGTH];
01958 uint32_t klen;
01959 GWEN_CRYPT_TOKEN_KEYINFO *cki;
01960 GWEN_CRYPT_TOKEN_KEYINFO *ki;
01961 int sizeInBits;
01962
01963 assert(ct);
01964 lct=GWEN_INHERIT_GETDATA(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE, ct);
01965 assert(lct);
01966
01967
01968 rv=GWEN_Crypt_TokenFile__ReloadIfNeeded(ct, gid);
01969 if (rv) {
01970 DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
01971 return rv;
01972 }
01973
01974 keyNum=keyId & 0xffff;
01975
01976
01977 if (keyNum!=1 && keyNum!=2 && keyNum!=5 && keyNum!=7) {
01978 DBG_INFO(GWEN_LOGDOMAIN, "Can only generate local keys.");
01979 GWEN_Gui_ProgressLog(gid, GWEN_LoggerLevel_Error,
01980 I18N("Can only generate local keys."));
01981 return GWEN_ERROR_NOT_SUPPORTED;
01982 }
01983
01984
01985 if (GWEN_Crypt_CryptAlgo_GetId(a)!=GWEN_Crypt_CryptAlgoId_Rsa) {
01986 DBG_INFO(GWEN_LOGDOMAIN, "Only RSA keys supported.");
01987 GWEN_Gui_ProgressLog(gid, GWEN_LoggerLevel_Error,
01988 I18N("Only RSA keys supported."));
01989 return GWEN_ERROR_NOT_SUPPORTED;
01990 }
01991
01992
01993 i=(keyId>>16);
01994 ctx=GWEN_Crypt_Token_Context_List_First(lct->contextList);
01995 while(ctx) {
01996 if (i==0)
01997 break;
01998 ctx=GWEN_Crypt_Token_Context_List_Next(ctx);
01999 i--;
02000 }
02001
02002 sizeInBits=GWEN_Crypt_CryptAlgo_GetKeySizeInBits(a);
02003 if (sizeInBits>0) {
02004
02005 DBG_DEBUG(GWEN_LOGDOMAIN, "Creating key pair using %d bits", sizeInBits);
02006 rv=GWEN_Crypt_KeyRsa_GeneratePair2(sizeInBits,
02007 (GWEN_Crypt_Token_GetModes(ct) &
02008 GWEN_CRYPT_TOKEN_MODE_EXP_65537)?1:0,
02009 &pubKey,
02010 &secKey);
02011 }
02012 else {
02013
02014 DBG_INFO(GWEN_LOGDOMAIN, "Creating key pair using %d bytes", GWEN_Crypt_CryptAlgo_GetChunkSize(a));
02015 rv=GWEN_Crypt_KeyRsa_GeneratePair(GWEN_Crypt_CryptAlgo_GetChunkSize(a),
02016 (GWEN_Crypt_Token_GetModes(ct) &
02017 GWEN_CRYPT_TOKEN_MODE_EXP_65537)?1:0,
02018 &pubKey,
02019 &secKey);
02020 }
02021 if (rv) {
02022 DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
02023 GWEN_Gui_ProgressLog(gid, GWEN_LoggerLevel_Error,
02024 I18N("Could not generate key"));
02025 return rv;
02026 }
02027
02028 GWEN_Gui_ProgressLog(gid, GWEN_LoggerLevel_Notice,
02029 I18N("Key generated"));
02030
02031
02032 if (keyNum==1)
02033 cki=GWEN_CTF_Context_GetLocalSignKeyInfo(ctx);
02034 else if (keyNum==2)
02035 cki=GWEN_CTF_Context_GetLocalCryptKeyInfo(ctx);
02036 else if (keyNum==5)
02037 cki=GWEN_CTF_Context_GetLocalAuthKeyInfo(ctx);
02038 else if (keyNum==7)
02039 cki=GWEN_CTF_Context_GetTempLocalSignKeyInfo(ctx);
02040 else
02041 cki=NULL;
02042
02043 if (cki==NULL) {
02044 GWEN_Gui_ProgressLog(gid, GWEN_LoggerLevel_Error,
02045 I18N("No key info found"));
02046 return GWEN_ERROR_NO_DATA;
02047 }
02048
02049
02050 ki=GWEN_Crypt_Token_KeyInfo_dup(cki);
02051 assert(ki);
02052
02053
02054 klen=sizeof(kbuf);
02055 rv=GWEN_Crypt_KeyRsa_GetModulus(pubKey, kbuf, &klen);
02056 if (rv) {
02057 DBG_INFO(GWEN_LOGDOMAIN, "No modulus for key");
02058 GWEN_Crypt_Token_KeyInfo_free(ki);
02059 GWEN_Crypt_Key_free(pubKey);
02060 return rv;
02061 }
02062 GWEN_Crypt_Token_KeyInfo_SetModulus(ki, kbuf, klen);
02063
02064
02065 klen=sizeof(kbuf);
02066 rv=GWEN_Crypt_KeyRsa_GetExponent(pubKey, kbuf, &klen);
02067 if (rv) {
02068 DBG_INFO(GWEN_LOGDOMAIN, "No exponent for key");
02069 GWEN_Crypt_Token_KeyInfo_free(ki);
02070 GWEN_Crypt_Key_free(pubKey);
02071 return rv;
02072 }
02073 GWEN_Crypt_Token_KeyInfo_SetExponent(ki, kbuf, klen);
02074 GWEN_Crypt_Token_KeyInfo_SetKeyNumber(ki, GWEN_Crypt_Key_GetKeyNumber(pubKey));
02075 GWEN_Crypt_Token_KeyInfo_SetKeyVersion(ki, GWEN_Crypt_Key_GetKeyVersion(pubKey));
02076
02077 if (keyNum==1) {
02078 if (GWEN_Crypt_Token_GetModes(ct) & GWEN_CRYPT_TOKEN_MODE_DIRECT_SIGN){
02079 DBG_DEBUG(GWEN_LOGDOMAIN, "Adding mode \"direct sign\" to key");
02080 GWEN_Crypt_KeyRsa_AddFlags(secKey, GWEN_CRYPT_KEYRSA_FLAGS_DIRECTSIGN);
02081 }
02082 GWEN_CTF_Context_SetLocalSignKey(ctx, secKey);
02083 GWEN_Crypt_Token_KeyInfo_AddFlags(ki,
02084 GWEN_CRYPT_TOKEN_KEYFLAGS_HASMODULUS |
02085 GWEN_CRYPT_TOKEN_KEYFLAGS_HASEXPONENT |
02086 GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYNUMBER |
02087 GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYVERSION |
02088 GWEN_CRYPT_TOKEN_KEYFLAGS_HASSIGNCOUNTER |
02089 GWEN_CRYPT_TOKEN_KEYFLAGS_HASACTIONFLAGS |
02090 GWEN_CRYPT_TOKEN_KEYFLAGS_CANVERIFY |
02091 GWEN_CRYPT_TOKEN_KEYFLAGS_CANSIGN);
02092 GWEN_Crypt_Token_KeyInfo_SetSignCounter(ki, 1);
02093 GWEN_CTF_Context_SetLocalSignKeyInfo(ctx, ki);
02094 }
02095 else if (keyNum==2) {
02096 GWEN_CTF_Context_SetLocalCryptKey(ctx, secKey);
02097 GWEN_Crypt_Token_KeyInfo_AddFlags(ki,
02098 GWEN_CRYPT_TOKEN_KEYFLAGS_HASMODULUS |
02099 GWEN_CRYPT_TOKEN_KEYFLAGS_HASEXPONENT |
02100 GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYNUMBER |
02101 GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYVERSION |
02102 GWEN_CRYPT_TOKEN_KEYFLAGS_HASSIGNCOUNTER |
02103 GWEN_CRYPT_TOKEN_KEYFLAGS_HASACTIONFLAGS |
02104 GWEN_CRYPT_TOKEN_KEYFLAGS_CANENCIPHER |
02105 GWEN_CRYPT_TOKEN_KEYFLAGS_CANDECIPHER);
02106 GWEN_CTF_Context_SetLocalCryptKeyInfo(ctx, ki);
02107 }
02108 else if (keyNum==5) {
02109 if (GWEN_Crypt_Token_GetModes(ct) & GWEN_CRYPT_TOKEN_MODE_DIRECT_SIGN){
02110 DBG_DEBUG(GWEN_LOGDOMAIN, "Adding mode \"direct sign\" to key");
02111 GWEN_Crypt_KeyRsa_AddFlags(secKey, GWEN_CRYPT_KEYRSA_FLAGS_DIRECTSIGN);
02112 }
02113 GWEN_CTF_Context_SetLocalAuthKey(ctx, secKey);
02114 GWEN_Crypt_Token_KeyInfo_AddFlags(ki,
02115 GWEN_CRYPT_TOKEN_KEYFLAGS_HASMODULUS |
02116 GWEN_CRYPT_TOKEN_KEYFLAGS_HASEXPONENT |
02117 GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYNUMBER |
02118 GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYVERSION |
02119 GWEN_CRYPT_TOKEN_KEYFLAGS_HASSIGNCOUNTER |
02120 GWEN_CRYPT_TOKEN_KEYFLAGS_HASACTIONFLAGS |
02121 GWEN_CRYPT_TOKEN_KEYFLAGS_CANVERIFY |
02122 GWEN_CRYPT_TOKEN_KEYFLAGS_CANSIGN);
02123 GWEN_Crypt_Token_KeyInfo_SetSignCounter(ki, 1);
02124 GWEN_CTF_Context_SetLocalAuthKeyInfo(ctx, ki);
02125 }
02126 else if (keyNum==7) {
02127 if (GWEN_Crypt_Token_GetModes(ct) & GWEN_CRYPT_TOKEN_MODE_DIRECT_SIGN){
02128 DBG_DEBUG(GWEN_LOGDOMAIN, "Adding mode \"direct sign\" to key");
02129 GWEN_Crypt_KeyRsa_AddFlags(secKey, GWEN_CRYPT_KEYRSA_FLAGS_DIRECTSIGN);
02130 }
02131 GWEN_CTF_Context_SetTempLocalSignKey(ctx, secKey);
02132 GWEN_Crypt_Token_KeyInfo_AddFlags(ki,
02133 GWEN_CRYPT_TOKEN_KEYFLAGS_HASMODULUS |
02134 GWEN_CRYPT_TOKEN_KEYFLAGS_HASEXPONENT |
02135 GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYNUMBER |
02136 GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYVERSION |
02137 GWEN_CRYPT_TOKEN_KEYFLAGS_HASSIGNCOUNTER |
02138 GWEN_CRYPT_TOKEN_KEYFLAGS_HASACTIONFLAGS |
02139 GWEN_CRYPT_TOKEN_KEYFLAGS_CANVERIFY |
02140 GWEN_CRYPT_TOKEN_KEYFLAGS_CANSIGN);
02141 GWEN_Crypt_Token_KeyInfo_SetSignCounter(ki, 1);
02142 GWEN_CTF_Context_SetTempLocalSignKeyInfo(ctx, ki);
02143 }
02144
02145
02146 GWEN_Crypt_Key_free(pubKey);
02147
02148 rv=GWEN_Crypt_TokenFile__WriteFile(ct, 0, gid);
02149 if (rv) {
02150 DBG_INFO(GWEN_LOGDOMAIN, "Unable to write file");
02151 GWEN_Gui_ProgressLog(gid, GWEN_LoggerLevel_Error,
02152 I18N("Unable to write key file"));
02153 return rv;
02154 }
02155
02156 GWEN_Gui_ProgressLog(gid, GWEN_LoggerLevel_Notice,
02157 I18N("Key generated and set"));
02158
02159 return 0;
02160 }
02161
02162
02163
02164
02165
02166
02167 GWENHYWFAR_CB
02168 void GWEN_Crypt_TokenFile_freeData(GWEN_UNUSED void *bp, void *p) {
02169 GWEN_CRYPT_TOKEN_FILE *lct;
02170
02171 lct=(GWEN_CRYPT_TOKEN_FILE*) p;
02172 GWEN_Crypt_Token_Context_List_free(lct->contextList);
02173
02174 GWEN_FREE_OBJECT(lct);
02175 }
02176
02177
02178
02179 GWEN_CRYPT_TOKEN *GWEN_Crypt_TokenFile_new(const char *typeName,
02180 const char *tokenName) {
02181 GWEN_CRYPT_TOKEN *ct;
02182 GWEN_CRYPT_TOKEN_FILE *lct;
02183
02184 ct=GWEN_Crypt_Token_new(GWEN_Crypt_Token_Device_File, typeName, tokenName);
02185 assert(ct);
02186
02187 GWEN_NEW_OBJECT(GWEN_CRYPT_TOKEN_FILE, lct);
02188 lct->contextList=GWEN_Crypt_Token_Context_List_new();
02189 GWEN_INHERIT_SETDATA(GWEN_CRYPT_TOKEN, GWEN_CRYPT_TOKEN_FILE, ct, lct,
02190 GWEN_Crypt_TokenFile_freeData);
02191 GWEN_Crypt_Token_SetOpenFn(ct, GWEN_Crypt_TokenFile_Open);
02192 GWEN_Crypt_Token_SetCreateFn(ct, GWEN_Crypt_TokenFile_Create);
02193 GWEN_Crypt_Token_SetCloseFn(ct, GWEN_Crypt_TokenFile_Close);
02194 GWEN_Crypt_Token_SetGetKeyIdListFn(ct, GWEN_Crypt_TokenFile__GetKeyIdList);
02195 GWEN_Crypt_Token_SetGetKeyInfoFn(ct, GWEN_Crypt_TokenFile__GetKeyInfo);
02196 GWEN_Crypt_Token_SetSetKeyInfoFn(ct, GWEN_Crypt_TokenFile__SetKeyInfo);
02197 GWEN_Crypt_Token_SetGetContextIdListFn(ct, GWEN_Crypt_TokenFile__GetContextIdList);
02198 GWEN_Crypt_Token_SetGetContextFn(ct, GWEN_Crypt_TokenFile__GetContext);
02199 GWEN_Crypt_Token_SetSetContextFn(ct, GWEN_Crypt_TokenFile__SetContext);
02200 GWEN_Crypt_Token_SetSignFn(ct, GWEN_Crypt_TokenFile__Sign);
02201 GWEN_Crypt_Token_SetVerifyFn(ct, GWEN_Crypt_TokenFile__Verify);
02202 GWEN_Crypt_Token_SetEncipherFn(ct, GWEN_Crypt_TokenFile__Encipher);
02203 GWEN_Crypt_Token_SetDecipherFn(ct, GWEN_Crypt_TokenFile__Decipher);
02204 GWEN_Crypt_Token_SetGenerateKeyFn(ct, GWEN_Crypt_TokenFile__GenerateKey);
02205 GWEN_Crypt_Token_SetActivateKeyFn(ct, GWEN_Crypt_TokenFile__ActivateKey);
02206
02207 return ct;
02208 }
02209
02210
02211
02212
02213