static int EBC_Provider_SignMessage_X001(AB_PROVIDER *pro, EB_MSG *msg, AB_USER *u, xmlNodePtr node) { EBC_PROVIDER *dp; int rv; GWEN_CRYPT_TOKEN *ct; const GWEN_CRYPT_TOKEN_CONTEXT *ctx; const GWEN_CRYPT_TOKEN_KEYINFO *ki; uint32_t keyId; GWEN_BUFFER *hbuf; GWEN_BUFFER *bbuf; xmlNodePtr nodeX = NULL; xmlNodePtr nodeXX = NULL; xmlNodePtr nodeXXX = NULL; xmlNodePtr nodeXXXX = NULL; xmlNsPtr ns; assert(pro); dp=GWEN_INHERIT_GETDATA(AB_PROVIDER, EBC_PROVIDER, pro); assert(dp); /* get crypt token and context */ rv=EBC_Provider_MountToken(pro, u, &ct, &ctx); if (rv<0) { DBG_INFO(AQEBICS_LOGDOMAIN, "here (%d)", rv); return rv; } /* get key id */ keyId=GWEN_Crypt_Token_Context_GetAuthSignKeyId(ctx); ki=GWEN_Crypt_Token_GetKeyInfo(ct, keyId, 0xffffffff, 0); if (ki==NULL) { DBG_INFO(AQEBICS_LOGDOMAIN, "Keyinfo %04x not found on crypt token [%s:%s]", keyId, GWEN_Crypt_Token_GetTypeName(ct), GWEN_Crypt_Token_GetTokenName(ct)); GWEN_Crypt_Token_Close(ct, 0, 0); return GWEN_ERROR_NOT_FOUND; } /* prepare signature nodes */ ns=xmlSearchNs(EB_Msg_GetDoc(msg), node, BAD_CAST "ds"); assert(ns); /* build hash */ bbuf=GWEN_Buffer_new(0, 256, 0, 1); rv=EB_Msg_BuildHashSha1(msg, bbuf); if (rv) { DBG_ERROR(AQEBICS_LOGDOMAIN, "Could not build hash"); GWEN_Buffer_free(bbuf); return rv; } /* base64 encode */ hbuf=GWEN_Buffer_new(0, 256, 0, 1); rv=GWEN_Base64_Encode((const uint8_t*)GWEN_Buffer_GetStart(bbuf), GWEN_Buffer_GetUsedBytes(bbuf), hbuf, 0); if (rv<0) { DBG_INFO(AQEBICS_LOGDOMAIN, "here (%d)", rv); GWEN_Buffer_free(hbuf); GWEN_Buffer_free(bbuf); return rv; } GWEN_Buffer_free(bbuf); /* create signature node */ nodeX=xmlNewChild(node, ns, BAD_CAST "SignedInfo", NULL); nodeXX=xmlNewChild(nodeX, ns, BAD_CAST "CanonicalizationMethod", NULL); xmlNewProp(nodeXX, BAD_CAST "Algorithm", BAD_CAST "http://www.w3.org/TR/2001/REC-xml-c14n-20010315"); nodeXX=xmlNewChild(nodeX, ns, BAD_CAST "SignatureMethod", NULL); xmlNewProp(nodeXX, BAD_CAST "Algorithm", BAD_CAST "http://www.w3.org/2000/09/xmldsig#rsa-sha1"); nodeXX=xmlNewChild(nodeX, ns, BAD_CAST "Reference", NULL); xmlNewProp(nodeXX, BAD_CAST "URI", BAD_CAST "#xpointer(//*[@authenticate='true'])"); nodeXXX=xmlNewChild(nodeXX, ns, BAD_CAST "Transforms", NULL); nodeXXXX=xmlNewChild(nodeXXX, ns, BAD_CAST "Transform", NULL); xmlNewProp(nodeXXXX, BAD_CAST "Algorithm", BAD_CAST "http://www.w3.org/TR/2001/REC-xml-c14n-20010315"); nodeXXX=xmlNewChild(nodeXX, ns, BAD_CAST "DigestMethod", NULL); xmlNewProp(nodeXXX, BAD_CAST "Algorithm", BAD_CAST "http://www.w3.org/2000/09/xmldsig#sha1"); /* store hash value */ xmlNewTextChild(nodeXX, ns, BAD_CAST "DigestValue", BAD_CAST GWEN_Buffer_GetStart(hbuf)); GWEN_Buffer_free(hbuf); /* build hash over SignedInfo */ bbuf=GWEN_Buffer_new(0, 256, 0, 1); rv=EB_Xml_BuildNodeHashSha1(nodeX, "#xpointer(//*)", bbuf); if (rv<0) { DBG_INFO(AQEBICS_LOGDOMAIN, "here (%d)", rv); GWEN_Buffer_free(bbuf); return rv; } /* sign hash */ if (1) { GWEN_CRYPT_PADDALGO *algo; int ksize; uint32_t l; const uint8_t prefix[]={ 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A, 0x05, 0x00, 0x04, 0x14}; /* add prefix to hash of SignedInfo */ hbuf=GWEN_Buffer_new(0, 256, 0, 1); ksize=GWEN_Crypt_Token_KeyInfo_GetKeySize(ki); GWEN_Buffer_AppendBytes(hbuf, (const char*)prefix, sizeof(prefix)); GWEN_Buffer_AppendBuffer(hbuf, bbuf); GWEN_Buffer_Reset(bbuf); /* select padd algo */ algo=GWEN_Crypt_PaddAlgo_new(GWEN_Crypt_PaddAlgoId_Pkcs1_1); GWEN_Crypt_PaddAlgo_SetPaddSize(algo, ksize); /* actually sign */ GWEN_Buffer_AllocRoom(bbuf, ksize+16); l=GWEN_Buffer_GetMaxUnsegmentedWrite(bbuf); rv=GWEN_Crypt_Token_Sign(ct, keyId, algo, (const uint8_t*)GWEN_Buffer_GetStart(hbuf), GWEN_Buffer_GetUsedBytes(hbuf), (uint8_t*)GWEN_Buffer_GetPosPointer(bbuf), &l, NULL, /* ignore seq counter */ 0); GWEN_Crypt_PaddAlgo_free(algo); if (rv<0) { DBG_INFO(AQEBICS_LOGDOMAIN, "here (%d)", rv); GWEN_Buffer_free(bbuf); GWEN_Buffer_free(hbuf); return rv; } GWEN_Buffer_IncrementPos(bbuf, l); GWEN_Buffer_AdjustUsedBytes(bbuf); /* base 64 encode signature */ GWEN_Buffer_Reset(hbuf); rv=GWEN_Base64_Encode((const uint8_t*)GWEN_Buffer_GetStart(bbuf), GWEN_Buffer_GetUsedBytes(bbuf), hbuf, 0); if (rv<0) { DBG_INFO(AQEBICS_LOGDOMAIN, "here (%d)", rv); GWEN_Buffer_free(hbuf); GWEN_Buffer_free(bbuf); return rv; } GWEN_Buffer_free(bbuf); /* store signature */ xmlNewTextChild(node, ns, BAD_CAST "SignatureValue", BAD_CAST GWEN_Buffer_GetStart(hbuf)); GWEN_Buffer_free(hbuf); } return 0; }
int EBC_Provider_FillDataEncryptionInfoNode(AB_PROVIDER *pro, AB_USER *u, const GWEN_CRYPT_KEY *skey, xmlNodePtr node) { EBC_PROVIDER *dp; int rv; GWEN_CRYPT_TOKEN *ct; const GWEN_CRYPT_TOKEN_CONTEXT *ctx; const GWEN_CRYPT_TOKEN_KEYINFO *ki; uint32_t keyId; GWEN_BUFFER *hbuf; xmlNodePtr nodeX = NULL; const char *s; assert(pro); dp=GWEN_INHERIT_GETDATA(AB_PROVIDER, EBC_PROVIDER, pro); assert(dp); /* get crypt token and context */ rv=EBC_Provider_MountToken(pro, u, &ct, &ctx); if (rv<0) { DBG_INFO(AQEBICS_LOGDOMAIN, "here (%d)", rv); return rv; } /* get key id for server crypt key */ keyId=GWEN_Crypt_Token_Context_GetEncipherKeyId(ctx); ki=GWEN_Crypt_Token_GetKeyInfo(ct, keyId, 0xffffffff, 0); if (ki==NULL) { DBG_INFO(AQEBICS_LOGDOMAIN, "Keyinfo %04x not found on crypt token [%s:%s]", keyId, GWEN_Crypt_Token_GetTypeName(ct), GWEN_Crypt_Token_GetTokenName(ct)); GWEN_Crypt_Token_Close(ct, 0, 0); return GWEN_ERROR_NOT_FOUND; } hbuf=GWEN_Buffer_new(0, 256, 0, 1); s=EBC_User_GetCryptVersion(u); if (!(s && *s)) s="E001"; if (strcasecmp(s, "E001")==0) { rv=EB_Key_Info_BuildHashSha1(ki, hbuf, 1); if (rv<0) { DBG_INFO(AQEBICS_LOGDOMAIN, "here (%d)", rv); GWEN_Buffer_free(hbuf); GWEN_Crypt_Token_Close(ct, 0, 0); return rv; } nodeX=xmlNewTextChild(node, NULL, BAD_CAST "EncryptionPubKeyDigest", BAD_CAST GWEN_Buffer_GetStart(hbuf)); GWEN_Buffer_free(hbuf); assert(nodeX); xmlNewProp(nodeX, BAD_CAST "Version", BAD_CAST "E001"); xmlNewProp(nodeX, BAD_CAST "Algorithm", BAD_CAST "http://www.w3.org/2000/09/xmldsig#sha1"); } else if (strcasecmp(s, "E002")==0) { rv=EB_Key_Info_BuildHashSha256(ki, hbuf, 1); if (rv<0) { DBG_INFO(AQEBICS_LOGDOMAIN, "here (%d)", rv); GWEN_Buffer_free(hbuf); GWEN_Crypt_Token_Close(ct, 0, 0); return rv; } nodeX=xmlNewTextChild(node, NULL, BAD_CAST "EncryptionPubKeyDigest", BAD_CAST GWEN_Buffer_GetStart(hbuf)); GWEN_Buffer_free(hbuf); assert(nodeX); xmlNewProp(nodeX, BAD_CAST "Version", BAD_CAST "E002"); xmlNewProp(nodeX, BAD_CAST "Algorithm", BAD_CAST "http://www.w3.org/2001/04/xmlenc#sha256"); } /* add encrypted transactio key */ hbuf=GWEN_Buffer_new(0, 256, 0, 1); rv=EBC_Provider_EncryptKey(pro, u, skey, hbuf); if (rv<0) { DBG_INFO(AQEBICS_LOGDOMAIN, "here (%d)", rv); GWEN_Buffer_free(hbuf); GWEN_Crypt_Token_Close(ct, 0, 0); return rv; } nodeX=xmlNewTextChild(node, NULL, BAD_CAST "TransactionKey", BAD_CAST GWEN_Buffer_GetStart(hbuf)); GWEN_Buffer_free(hbuf); assert(nodeX); return 0; }
int addUser(AB_BANKING *ab, GWEN_DB_NODE *dbArgs, int argc, char **argv) { GWEN_DB_NODE *db; AB_PROVIDER *pro; int rv; GWEN_BUFFER *nameBuffer=NULL; const char *tokenName; const char *tokenType; const char *bankId; const char *userId; const char *customerId; const char *server; const char *userName; int hbciVersion; int rdhType; uint32_t cid; const GWEN_ARGS args[]={ { GWEN_ARGS_FLAGS_HAS_ARGUMENT, /* flags */ GWEN_ArgsType_Char, /* type */ "userName", /* name */ 1, /* minnum */ 1, /* maxnum */ "N", /* short option */ "username", /* long option */ "Specify the user name", /* short description */ "Specify the user name (not the userid!)" /* long description */ }, { GWEN_ARGS_FLAGS_HAS_ARGUMENT, /* flags */ GWEN_ArgsType_Char, /* type */ "bankId", /* name */ 0, /* minnum */ 1, /* maxnum */ "b", /* short option */ "bank", /* long option */ "Specify the bank code", /* short description */ "Specify the bank code" /* long description */ }, { GWEN_ARGS_FLAGS_HAS_ARGUMENT, /* flags */ GWEN_ArgsType_Char, /* type */ "userId", /* name */ 0, /* minnum */ 1, /* maxnum */ "u", /* short option */ "user", /* long option */ "Specify the user id (Benutzerkennung)", /* short description */ "Specify the user id (Benutzerkennung)" /* long description */ }, { GWEN_ARGS_FLAGS_HAS_ARGUMENT, /* flags */ GWEN_ArgsType_Char, /* type */ "customerId", /* name */ 0, /* minnum */ 1, /* maxnum */ "c", /* short option */ "customer", /* long option */ "Specify the customer id (Kundennummer)", /* short description */ "Specify the customer id (Kundennummer)" /* long description */ }, { GWEN_ARGS_FLAGS_HAS_ARGUMENT, /* flags */ GWEN_ArgsType_Char, /* type */ "tokenType", /* name */ 1, /* minnum */ 1, /* maxnum */ "t", /* short option */ "tokentype", /* long option */ "Specify the crypt token type", /* short description */ "Specify the crypt token type" /* long description */ }, { GWEN_ARGS_FLAGS_HAS_ARGUMENT, /* flags */ GWEN_ArgsType_Char, /* type */ "tokenName", /* name */ 0, /* minnum */ 1, /* maxnum */ "n", /* short option */ "tokenname", /* long option */ "Specify the crypt token name", /* short description */ "Specify the crypt token name" /* long description */ }, { GWEN_ARGS_FLAGS_HAS_ARGUMENT, /* flags */ GWEN_ArgsType_Char, /* type */ "serverAddr", /* name */ 0, /* minnum */ 1, /* maxnum */ "s", /* short option */ "server", /* long option */ "Specify the server URL", /* short description */ "Specify the server URL" /* long description */ }, { GWEN_ARGS_FLAGS_HAS_ARGUMENT, /* flags */ GWEN_ArgsType_Int, /* type */ "context", /* name */ 0, /* minnum */ 1, /* maxnum */ 0, /* short option */ "context", /* long option */ "Select a context on the medium", /* short description */ "Select a context on the medium" /* long description */ }, { GWEN_ARGS_FLAGS_HAS_ARGUMENT, GWEN_ArgsType_Int, "hbciversion", 0, 1, 0, "hbciversion", "Select the HBCI version", "Select the HBCI protocol version" }, { GWEN_ARGS_FLAGS_HAS_ARGUMENT, GWEN_ArgsType_Int, "rdhType", 0, 1, 0, "rdhtype", "Select the RDH profile type (1, 2, 3, 5, 10)", "Select the RDH profile type (1, 2, 3, 5, 10)" }, { GWEN_ARGS_FLAGS_HELP | GWEN_ARGS_FLAGS_LAST, /* flags */ GWEN_ArgsType_Int, /* type */ "help", /* name */ 0, /* minnum */ 0, /* maxnum */ "h", /* short option */ "help", /* long option */ "Show this help screen", /* short description */ "Show this help screen" /* long description */ } }; db=GWEN_DB_GetGroup(dbArgs, GWEN_DB_FLAGS_DEFAULT, "local"); rv=GWEN_Args_Check(argc, argv, 1, 0 /*GWEN_ARGS_MODE_ALLOW_FREEPARAM*/, args, db); if (rv==GWEN_ARGS_RESULT_ERROR) { fprintf(stderr, "ERROR: Could not parse arguments\n"); return 1; } else if (rv==GWEN_ARGS_RESULT_HELP) { GWEN_BUFFER *ubuf; ubuf=GWEN_Buffer_new(0, 1024, 0, 1); if (GWEN_Args_Usage(args, ubuf, GWEN_ArgsOutType_Txt)) { fprintf(stderr, "ERROR: Could not create help string\n"); return 1; } fprintf(stderr, "%s\n", GWEN_Buffer_GetStart(ubuf)); GWEN_Buffer_free(ubuf); return 0; } rv=AB_Banking_Init(ab); if (rv) { DBG_ERROR(0, "Error on init (%d)", rv); return 2; } rv=AB_Banking_OnlineInit(ab); if (rv) { DBG_ERROR(0, "Error on init (%d)", rv); return 2; } pro=AB_Banking_GetProvider(ab, "aqhbci"); assert(pro); tokenType=GWEN_DB_GetCharValue(db, "tokenType", 0, 0); tokenName=GWEN_DB_GetCharValue(db, "tokenName", 0, 0); bankId=GWEN_DB_GetCharValue(db, "bankId", 0, 0); userId=GWEN_DB_GetCharValue(db, "userId", 0, 0); customerId=GWEN_DB_GetCharValue(db, "customerId", 0, 0); server=GWEN_DB_GetCharValue(db, "serverAddr", 0, 0); cid=GWEN_DB_GetIntValue(db, "context", 0, 1); hbciVersion=GWEN_DB_GetIntValue(db, "hbciVersion", 0, 0); rdhType=GWEN_DB_GetIntValue(db, "rdhType", 0, 1); userName=GWEN_DB_GetCharValue(db, "userName", 0, 0); assert(userName); /* generic check for some arguments */ if (hbciVersion>0 && rdhType>1) { if (hbciVersion<300 && rdhType>1) { DBG_ERROR(0, "RDH Types 2 and above only work with HBCI version 300 or later"); return 1; } } if (hbciVersion>0) { switch(hbciVersion) { case 201: case 210: case 220: case 300: /* supported */ break; default: DBG_ERROR(0, "HBCI/FinTS version %d not supported", hbciVersion); return 1; } } if (rdhType>0) { switch(rdhType) { case 1: case 2: case 10: /* supported */ break; case 3: case 4: case 5: case 6: case 7: case 8: case 9: default: DBG_ERROR(0, "RDH type %d not supported", rdhType); return 1; } } if (1) { const char *lbankId; const char *luserId; const char *lcustomerId; const char *lserverAddr; AH_CRYPT_MODE cm; GWEN_URL *url; GWEN_CRYPT_TOKEN_CONTEXT *ctx=NULL; AB_USER *user; if (strcasecmp(tokenType, "pintan")==0) { lbankId=bankId; luserId=userId; lcustomerId=customerId?customerId:luserId; lserverAddr=server; cm=AH_CryptMode_Pintan; } else { GWEN_PLUGIN_MANAGER *pm; GWEN_PLUGIN *pl; GWEN_CRYPT_TOKEN *ct; const GWEN_CRYPT_TOKEN_CONTEXT *cctx; const GWEN_CRYPT_TOKEN_KEYINFO *ki; uint32_t keyId; GWEN_CRYPT_CRYPTALGOID algo; if (cid==0) { DBG_ERROR(0, "No context given."); return 1; } /* get crypt token */ pm=GWEN_PluginManager_FindPluginManager("ct"); if (pm==0) { DBG_ERROR(0, "Plugin manager not found"); return 3; } pl=GWEN_PluginManager_GetPlugin(pm, tokenType); if (pl==0) { DBG_ERROR(0, "Plugin not found"); return 3; } DBG_INFO(0, "Plugin found"); ct=GWEN_Crypt_Token_Plugin_CreateToken(pl, tokenName); if (ct==0) { DBG_ERROR(0, "Could not create crypt token"); return 3; } /* open crypt token */ rv=GWEN_Crypt_Token_Open(ct, 0, 0); if (rv) { DBG_ERROR(0, "Could not open token (%d)", rv); GWEN_Crypt_Token_free(ct); return 3; } /* get real token name */ nameBuffer=GWEN_Buffer_new(0, 64, 0, 1); GWEN_Buffer_AppendString(nameBuffer, GWEN_Crypt_Token_GetTokenName(ct)); tokenName=GWEN_Buffer_GetStart(nameBuffer); cctx=GWEN_Crypt_Token_GetContext(ct, cid, 0); if (cctx==NULL) { DBG_ERROR(0, "Context %02x not found", cid); GWEN_Buffer_free(nameBuffer); GWEN_Crypt_Token_Close(ct, 1, 0); GWEN_Crypt_Token_free(ct); return 3; } ctx=GWEN_Crypt_Token_Context_dup(cctx); lbankId=bankId?bankId:GWEN_Crypt_Token_Context_GetServiceId(ctx); luserId=userId?userId:GWEN_Crypt_Token_Context_GetUserId(ctx); lcustomerId=customerId?customerId:luserId; lserverAddr=server?server:GWEN_Crypt_Token_Context_GetAddress(ctx); /* determine crypt mode */ keyId=GWEN_Crypt_Token_Context_GetSignKeyId(ctx); if (keyId==0) keyId=GWEN_Crypt_Token_Context_GetVerifyKeyId(ctx); if (keyId==0) keyId=GWEN_Crypt_Token_Context_GetEncipherKeyId(ctx); if (keyId==0) keyId=GWEN_Crypt_Token_Context_GetDecipherKeyId(ctx); GWEN_Crypt_Token_Context_free(ctx); if (keyId==0) { DBG_ERROR(0, "No keys, unable to determine crypt mode"); GWEN_Buffer_free(nameBuffer); GWEN_Crypt_Token_Close(ct, 1, 0); GWEN_Crypt_Token_free(ct); return 3; } ki=GWEN_Crypt_Token_GetKeyInfo(ct, keyId, 0xffffffff, 0); if (ki==NULL) { DBG_ERROR(0, "Could not get keyinfo for key %d, " "unable to determine crypt mode", keyId); GWEN_Buffer_free(nameBuffer); GWEN_Crypt_Token_Close(ct, 1, 0); GWEN_Crypt_Token_free(ct); return 3; } algo=GWEN_Crypt_Token_KeyInfo_GetCryptAlgoId(ki); if (algo==GWEN_Crypt_CryptAlgoId_Des3K) cm=AH_CryptMode_Ddv; else if (algo==GWEN_Crypt_CryptAlgoId_Rsa) cm=AH_CryptMode_Rdh; else { DBG_ERROR(0, "Unexpected crypt algorithm \"%s\", " "unable to determine crypt mode", GWEN_Crypt_CryptAlgoId_toString(algo)); GWEN_Buffer_free(nameBuffer); GWEN_Crypt_Token_Close(ct, 1, 0); GWEN_Crypt_Token_free(ct); return 3; } rv=GWEN_Crypt_Token_Close(ct, 0, 0); GWEN_Crypt_Token_free(ct); if (rv) { DBG_ERROR(0, "Could not close token (%d)", rv); GWEN_Buffer_free(nameBuffer); return 3; } } if (!lbankId || !*lbankId) { DBG_ERROR(0, "No bank id stored and none given"); GWEN_Buffer_free(nameBuffer); return 3; } if (!luserId || !*luserId) { DBG_ERROR(0, "No user id (Benutzerkennung) stored and none given"); GWEN_Buffer_free(nameBuffer); return 3; } user=AB_Banking_FindUser(ab, AH_PROVIDER_NAME, "de", lbankId, luserId, lcustomerId); if (user) { DBG_ERROR(0, "User %s already exists", luserId); return 3; } user=AB_Banking_CreateUser(ab, AH_PROVIDER_NAME); assert(user); AB_User_SetUserName(user, userName); AB_User_SetCountry(user, "de"); AB_User_SetBankCode(user, lbankId); AB_User_SetUserId(user, luserId); AB_User_SetCustomerId(user, lcustomerId); AH_User_SetTokenType(user, tokenType); AH_User_SetTokenName(user, tokenName); AH_User_SetTokenContextId(user, cid); AH_User_SetCryptMode(user, cm); if (rdhType>0) AH_User_SetRdhType(user, rdhType); GWEN_Buffer_free(nameBuffer); if (hbciVersion==0) { if (cm==AH_CryptMode_Pintan) AH_User_SetHbciVersion(user, 220); else { if (rdhType>1) AH_User_SetHbciVersion(user, 300); else AH_User_SetHbciVersion(user, 210); } } else { AH_User_SetHbciVersion(user, hbciVersion); } /* try to get server address from database if still unknown */ if (!lserverAddr || *lserverAddr==0) { GWEN_BUFFER *tbuf; tbuf=GWEN_Buffer_new(0, 256, 0, 1); if (getBankUrl(ab, cm, lbankId, tbuf)) { DBG_INFO(0, "Could not find server address for \"%s\"", lbankId); } if (GWEN_Buffer_GetUsedBytes(tbuf)==0) { DBG_ERROR(0, "No address given and none available in internal db"); return 3; } url=GWEN_Url_fromString(GWEN_Buffer_GetStart(tbuf)); if (url==NULL) { DBG_ERROR(0, "Bad URL \"%s\" in internal db", GWEN_Buffer_GetStart(tbuf)); return 3; } GWEN_Buffer_free(tbuf); } else { /* set address */ url=GWEN_Url_fromString(lserverAddr); if (url==NULL) { DBG_ERROR(0, "Bad URL \"%s\"", lserverAddr); return 3; } } if (cm==AH_CryptMode_Pintan) { GWEN_Url_SetProtocol(url, "https"); if (GWEN_Url_GetPort(url)==0) GWEN_Url_SetPort(url, 443); } else { GWEN_Url_SetProtocol(url, "hbci"); if (GWEN_Url_GetPort(url)==0) GWEN_Url_SetPort(url, 3000); } AH_User_SetServerUrl(user, url); GWEN_Url_free(url); if (cm==AH_CryptMode_Ddv) AH_User_SetStatus(user, AH_UserStatusEnabled); AB_Banking_AddUser(ab, user); } rv=AB_Banking_OnlineFini(ab); if (rv) { fprintf(stderr, "ERROR: Error on deinit (%d)\n", rv); return 5; } rv=AB_Banking_Fini(ab); if (rv) { fprintf(stderr, "ERROR: Error on deinit (%d)\n", rv); return 5; } return 0; }
int EBC_Provider_EuSign_A004(AB_PROVIDER *pro, AB_USER *u, const char *requestType, const uint8_t *pMsg, uint32_t lMsg, GWEN_BUFFER *sbuf) { EBC_PROVIDER *dp; GWEN_MDIGEST *md; GWEN_BUFFER *hbuf; GWEN_BUFFER *ebuf; GWEN_CRYPT_TOKEN *ct; const GWEN_CRYPT_TOKEN_CONTEXT *ctx; const GWEN_CRYPT_TOKEN_KEYINFO *ki; uint32_t keyId; int ksize; uint32_t l; GWEN_CRYPT_PADDALGO *algo; EB_EU *eu; GWEN_TIME *ti; int rv; const char *userId; assert(pro); dp=GWEN_INHERIT_GETDATA(AB_PROVIDER, EBC_PROVIDER, pro); assert(dp); userId=AB_User_GetUserId(u); md=GWEN_MDigest_Rmd160_new(); assert(md); rv=GWEN_MDigest_Begin(md); if (rv<0) { DBG_INFO(AQEBICS_LOGDOMAIN, "here (%d)", rv); GWEN_MDigest_free(md); return rv; } rv=GWEN_MDigest_Update(md, pMsg, lMsg); if (rv<0) { DBG_INFO(AQEBICS_LOGDOMAIN, "here (%d)", rv); GWEN_MDigest_free(md); return rv; } rv=GWEN_MDigest_End(md); if (rv<0) { DBG_INFO(AQEBICS_LOGDOMAIN, "here (%d)", rv); GWEN_MDigest_free(md); return rv; } hbuf=GWEN_Buffer_new(0, GWEN_MDigest_GetDigestSize(md), 0, 1); GWEN_Buffer_AppendBytes(hbuf, (const char*)GWEN_MDigest_GetDigestPtr(md), GWEN_MDigest_GetDigestSize(md)); GWEN_MDigest_free(md); /* get crypt token and context */ rv=EBC_Provider_MountToken(pro, u, &ct, &ctx); if (rv<0) { DBG_INFO(AQEBICS_LOGDOMAIN, "here (%d)", rv); return rv; } /* get key id */ keyId=GWEN_Crypt_Token_Context_GetSignKeyId(ctx); ki=GWEN_Crypt_Token_GetKeyInfo(ct, keyId, 0xffffffff, 0); if (ki==NULL) { DBG_INFO(AQEBICS_LOGDOMAIN, "Keyinfo %04x not found on crypt token [%s:%s]", keyId, GWEN_Crypt_Token_GetTypeName(ct), GWEN_Crypt_Token_GetTokenName(ct)); GWEN_Crypt_Token_Close(ct, 0, 0); GWEN_Buffer_free(hbuf); return GWEN_ERROR_NOT_FOUND; } ksize=GWEN_Crypt_Token_KeyInfo_GetKeySize(ki); /* select padd algo */ algo=GWEN_Crypt_PaddAlgo_new(GWEN_Crypt_PaddAlgoId_Iso9796_2); GWEN_Crypt_PaddAlgo_SetPaddSize(algo, ksize); /* actually sign */ ebuf=GWEN_Buffer_new(0, ksize+16, 0, 1); l=GWEN_Buffer_GetMaxUnsegmentedWrite(ebuf); rv=GWEN_Crypt_Token_Sign(ct, keyId, algo, (const uint8_t*)GWEN_Buffer_GetStart(hbuf), GWEN_Buffer_GetUsedBytes(hbuf), (uint8_t*)GWEN_Buffer_GetPosPointer(ebuf), &l, NULL, /* ignore seq counter */ 0); GWEN_Crypt_PaddAlgo_free(algo); if (rv<0) { DBG_INFO(AQEBICS_LOGDOMAIN, "here (%d)", rv); GWEN_Buffer_free(ebuf); GWEN_Buffer_free(hbuf); return rv; } GWEN_Buffer_IncrementPos(ebuf, l); GWEN_Buffer_AdjustUsedBytes(ebuf); GWEN_Buffer_free(hbuf); /* assemble EU */ eu=EB_Eu_new(); EB_Eu_SetVersion(eu, "A004"); EB_Eu_SetModLen(eu, ksize*8); EB_Eu_SetJobType(eu, requestType); EB_Eu_SetSignature(eu, (const uint8_t*) GWEN_Buffer_GetStart(ebuf), GWEN_Buffer_GetUsedBytes(ebuf)); GWEN_Buffer_free(ebuf); ti=GWEN_CurrentTime(); EB_Eu_SetCreationTime(eu, ti); EB_Eu_SetSignatureTime(eu, ti); GWEN_Time_free(ti); EB_Eu_SetUserId(eu, userId); /* store EU in given buffer */ EB_Eu_toBuffer(eu, sbuf); EB_Eu_free(eu); return 0; }
static int EBC_Provider_XchgHpbRequest_H003(AB_PROVIDER *pro, GWEN_HTTP_SESSION *sess, AB_USER *u) { EBC_PROVIDER *dp; int rv; GWEN_CRYPT_TOKEN *ct; const GWEN_CRYPT_TOKEN_CONTEXT *ctx; uint32_t keyId; xmlNsPtr ns; EB_MSG *msg; EB_MSG *mRsp; EB_RC rc; xmlDocPtr doc; xmlNodePtr root_node = NULL; xmlNodePtr node = NULL; xmlNodePtr sigNode = NULL; GWEN_BUFFER *tbuf; const char *s; assert(pro); dp=GWEN_INHERIT_GETDATA(AB_PROVIDER, EBC_PROVIDER, pro); assert(dp); /* get crypt token and context */ rv=EBC_Provider_MountToken(pro, u, &ct, &ctx); if (rv<0) { DBG_INFO(AQEBICS_LOGDOMAIN, "here (%d)", rv); return rv; } /* create request */ msg=EB_Msg_new(); doc=EB_Msg_GetDoc(msg); root_node=xmlNewNode(NULL, BAD_CAST "ebicsNoPubKeyDigestsRequest"); xmlDocSetRootElement(doc, root_node); ns=xmlNewNs(root_node, BAD_CAST "http://www.ebics.org/H003", NULL); assert(ns); ns=xmlNewNs(root_node, BAD_CAST "http://www.w3.org/2000/09/xmldsig#", BAD_CAST "ds"); assert(ns); ns=xmlNewNs(root_node, BAD_CAST "http://www.w3.org/2001/XMLSchema-instance", BAD_CAST "xsi"); xmlNewNsProp(root_node, ns, BAD_CAST "schemaLocation", /* xsi:schemaLocation */ BAD_CAST "http://www.ebics.org/H003 " "http://www.ebics.org/H003/ebics_keymgmt_request.xsd"); xmlNewProp(root_node, BAD_CAST "Version", BAD_CAST "H003"); xmlNewProp(root_node, BAD_CAST "Revision", BAD_CAST "1"); /* header */ node=xmlNewChild(root_node, NULL, BAD_CAST "header", NULL); xmlNewProp(node, BAD_CAST "authenticate", BAD_CAST "true"); xmlNewChild(node, NULL, BAD_CAST "static", NULL); xmlNewChild(node, NULL, BAD_CAST "mutable", NULL); sigNode=xmlNewChild(root_node, NULL, BAD_CAST "AuthSignature", NULL); /* body */ node=xmlNewChild(root_node, NULL, BAD_CAST "body", NULL); /* fill */ s=EBC_User_GetPeerId(u); if (s) EB_Msg_SetCharValue(msg, "header/static/HostID", s); /* generate Nonce */ tbuf=GWEN_Buffer_new(0, 128, 0, 1); rv=EBC_Provider_GenerateNonce(pro, tbuf); if (rv<0) { DBG_INFO(AQEBICS_LOGDOMAIN, "here (%d)", rv); GWEN_Buffer_free(tbuf); EB_Msg_free(msg); return rv; } EB_Msg_SetCharValue(msg, "header/static/Nonce", GWEN_Buffer_GetStart(tbuf)); GWEN_Buffer_Reset(tbuf); /* generate timestamp */ rv=EBC_Provider_GenerateTimeStamp(pro, u, tbuf); if (rv<0) { DBG_INFO(AQEBICS_LOGDOMAIN, "here (%d)", rv); GWEN_Buffer_free(tbuf); EB_Msg_free(msg); return rv; } EB_Msg_SetCharValue(msg, "header/static/Timestamp", GWEN_Buffer_GetStart(tbuf)); GWEN_Buffer_free(tbuf); s=AB_User_GetCustomerId(u); if (s) EB_Msg_SetCharValue(msg, "header/static/PartnerID", s); EB_Msg_SetCharValue(msg, "header/static/UserID", AB_User_GetUserId(u)); EB_Msg_SetCharValue(msg, "header/static/OrderDetails/OrderType", "HPB"); EB_Msg_SetCharValue(msg, "header/static/OrderDetails/OrderAttribute", "DZHNN"); EB_Msg_SetCharValue(msg, "header/static/SecurityMedium", "0000"); /* sign */ rv=EBC_Provider_SignMessage(pro, msg, u, sigNode); if (rv<0) { DBG_INFO(AQEBICS_LOGDOMAIN, "here (%d)", rv); EB_Msg_free(msg); return rv; } /* exchange requests */ rv=EBC_Dialog_ExchangeMessages(sess, msg, &mRsp); if (rv<0 || rv>=300) { DBG_ERROR(AQEBICS_LOGDOMAIN, "Error exchanging messages (%d)", rv); EB_Msg_free(msg); return rv; } EB_Msg_free(msg); /* check response */ assert(mRsp); /* log results */ EBC_Provider_LogRequestResults(pro, mRsp, NULL); rc=EB_Msg_GetResultCode(mRsp); if ((rc & 0xff0000)==0x090000 || (rc & 0xff0000)==0x060000) { DBG_ERROR(AQEBICS_LOGDOMAIN, "Error response: (%06x)", rc); EB_Msg_free(mRsp); return AB_ERROR_SECURITY; } rc=EB_Msg_GetBodyResultCode(mRsp); if (rc) { if ((rc & 0xff0000)==0x090000 || (rc & 0xff0000)==0x060000) { DBG_ERROR(AQEBICS_LOGDOMAIN, "Error response: (%06x)", rc); EB_Msg_free(mRsp); if ((rc & 0xfff00)==0x091300 || (rc & 0xfff00)==0x091200) return AB_ERROR_SECURITY; else return GWEN_ERROR_GENERIC; } } if (1) { xmlDocPtr orderDoc=NULL; xmlNodePtr root_node=NULL; xmlNodePtr node=NULL; GWEN_CRYPT_KEY *skey=NULL; GWEN_BUFFER *buf1; GWEN_BUFFER *buf2; const char *s; /* extract keys and store them */ node=EB_Xml_GetNode(EB_Msg_GetRootNode(mRsp), "body/DataTransfer/DataEncryptionInfo", GWEN_PATH_FLAGS_NAMEMUSTEXIST); if (node==NULL) { DBG_ERROR(AQEBICS_LOGDOMAIN, "Bad message from server: Missing session key"); EB_Msg_free(mRsp); return GWEN_ERROR_BAD_DATA; } rv=EBC_Provider_ExtractSessionKey(pro, u, node, &skey); if (rv<0) { DBG_INFO(AQEBICS_LOGDOMAIN, "here (%d)", rv); EB_Msg_free(mRsp); return rv; } s=EB_Msg_GetCharValue(mRsp, "body/DataTransfer/OrderData", NULL); if (!s) { DBG_ERROR(AQEBICS_LOGDOMAIN, "Bad message from server: Missing OrderData"); EB_Msg_free(mRsp); return GWEN_ERROR_BAD_DATA; } buf1=GWEN_Buffer_new(0, strlen(s), 0, 1); rv=GWEN_Base64_Decode((const uint8_t*)s, 0, buf1); if (rv<0) { DBG_INFO(AQEBICS_LOGDOMAIN, "Could not decode OrderData (%d)", rv); GWEN_Buffer_free(buf1); EB_Msg_free(mRsp); return rv; } /* decode data */ buf2=GWEN_Buffer_new(0, GWEN_Buffer_GetUsedBytes(buf1), 0, 1); rv=EBC_Provider_DecryptData(pro, u, skey, (const uint8_t*)GWEN_Buffer_GetStart(buf1), GWEN_Buffer_GetUsedBytes(buf1), buf2); if (rv<0) { DBG_INFO(AQEBICS_LOGDOMAIN, "Could not decrypt OrderData (%d)", rv); GWEN_Buffer_free(buf2); GWEN_Buffer_free(buf1); return rv; } /* parse XML document */ rv=EB_Xml_DocFromBuffer(GWEN_Buffer_GetStart(buf2), GWEN_Buffer_GetUsedBytes(buf2), &orderDoc); GWEN_Buffer_free(buf2); GWEN_Buffer_free(buf1); if (rv<0) { DBG_INFO(AQEBICS_LOGDOMAIN, "here (%d)", rv); EB_Msg_free(mRsp); return rv; } /* get keys */ root_node=xmlDocGetRootElement(orderDoc); /* get auth key */ node=EB_Xml_GetNode(root_node, "AuthenticationPubKeyInfo", GWEN_PATH_FLAGS_NAMEMUSTEXIST); if (node==NULL) { DBG_ERROR(AQEBICS_LOGDOMAIN, "No authentication key found"); xmlFreeDoc(orderDoc); EB_Msg_free(mRsp); return GWEN_ERROR_BAD_DATA; } else { const GWEN_CRYPT_TOKEN_KEYINFO *cki; GWEN_CRYPT_TOKEN_KEYINFO *ki; keyId=GWEN_Crypt_Token_Context_GetAuthVerifyKeyId(ctx); cki=GWEN_Crypt_Token_GetKeyInfo(ct, keyId, 0, 0); if (cki) ki=GWEN_Crypt_Token_KeyInfo_dup(cki); else ki=GWEN_Crypt_Token_KeyInfo_new(keyId, GWEN_Crypt_CryptAlgoId_Rsa, 128); GWEN_Crypt_Token_KeyInfo_SetFlags(ki, 0); rc=EB_Key_Info_ReadXml(ki, node); if (rc) { DBG_INFO(AQEBICS_LOGDOMAIN, "here (%06x)", rc); GWEN_Crypt_Token_KeyInfo_free(ki); xmlFreeDoc(orderDoc); EB_Msg_free(mRsp); return GWEN_ERROR_BAD_DATA; } rv=GWEN_Crypt_Token_SetKeyInfo(ct, keyId, ki, 0); GWEN_Crypt_Token_KeyInfo_free(ki); if (rv) { DBG_INFO(AQEBICS_LOGDOMAIN, "here (%d)", rv); xmlFreeDoc(orderDoc); EB_Msg_free(mRsp); return rv; } DBG_NOTICE(AQEBICS_LOGDOMAIN, "Auth key stored"); } /* get crypt key */ node=EB_Xml_GetNode(root_node, "EncryptionPubKeyInfo", GWEN_PATH_FLAGS_NAMEMUSTEXIST); if (node==NULL) { DBG_ERROR(AQEBICS_LOGDOMAIN, "No encryption key found"); xmlFreeDoc(orderDoc); EB_Msg_free(mRsp); return GWEN_ERROR_BAD_DATA; } else { const GWEN_CRYPT_TOKEN_KEYINFO *cki; GWEN_CRYPT_TOKEN_KEYINFO *ki; keyId=GWEN_Crypt_Token_Context_GetEncipherKeyId(ctx); cki=GWEN_Crypt_Token_GetKeyInfo(ct, keyId, 0, 0); if (cki) ki=GWEN_Crypt_Token_KeyInfo_dup(cki); else ki=GWEN_Crypt_Token_KeyInfo_new(keyId, GWEN_Crypt_CryptAlgoId_Rsa, 128); GWEN_Crypt_Token_KeyInfo_SetFlags(ki, 0); rc=EB_Key_Info_ReadXml(ki, node); if (rc) { DBG_INFO(AQEBICS_LOGDOMAIN, "here (%06x)", rc); GWEN_Crypt_Token_KeyInfo_free(ki); xmlFreeDoc(orderDoc); EB_Msg_free(mRsp); return GWEN_ERROR_BAD_DATA; } rv=GWEN_Crypt_Token_SetKeyInfo(ct, keyId, ki, 0); GWEN_Crypt_Token_KeyInfo_free(ki); if (rv) { DBG_INFO(AQEBICS_LOGDOMAIN, "here (%d)", rv); xmlFreeDoc(orderDoc); EB_Msg_free(mRsp); return rv; } DBG_NOTICE(AQEBICS_LOGDOMAIN, "Crypt key stored"); } xmlFreeDoc(orderDoc); } EB_Msg_free(mRsp); /* adjust user status and flags */ DBG_NOTICE(AQEBICS_LOGDOMAIN, "Adjusting user flags"); if ((EBC_User_GetFlags(u) & (EBC_USER_FLAGS_INI | EBC_USER_FLAGS_HIA)) == (EBC_USER_FLAGS_INI | EBC_USER_FLAGS_HIA)) EBC_User_SetStatus(u, EBC_UserStatus_Enabled); return 0; }
int EBC_Provider_EuSign_A005(AB_PROVIDER *pro, AB_USER *u, const char *requestType, const uint8_t *pMsg, uint32_t lMsg, GWEN_BUFFER *sbuf) { EBC_PROVIDER *dp; GWEN_BUFFER *xbuf; GWEN_BUFFER *hbuf; GWEN_CRYPT_TOKEN *ct; const GWEN_CRYPT_TOKEN_CONTEXT *ctx; const GWEN_CRYPT_TOKEN_KEYINFO *ki; uint32_t keyId; int ksize; uint32_t l; GWEN_CRYPT_PADDALGO *algo; int rv; int numPaddBytes=0; const uint8_t digestInfo[]= { 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20 }; assert(pro); dp=GWEN_INHERIT_GETDATA(AB_PROVIDER, EBC_PROVIDER, pro); assert(dp); /* get crypt token and context */ rv=EBC_Provider_MountToken(pro, u, &ct, &ctx); if (rv<0) { DBG_INFO(AQEBICS_LOGDOMAIN, "here (%d)", rv); return rv; } /* get key id */ keyId=GWEN_Crypt_Token_Context_GetSignKeyId(ctx); ki=GWEN_Crypt_Token_GetKeyInfo(ct, keyId, 0xffffffff, 0); if (ki==NULL) { DBG_INFO(AQEBICS_LOGDOMAIN, "Keyinfo %04x not found on crypt token [%s:%s]", keyId, GWEN_Crypt_Token_GetTypeName(ct), GWEN_Crypt_Token_GetTokenName(ct)); GWEN_Crypt_Token_Close(ct, 0, 0); return GWEN_ERROR_NOT_FOUND; } xbuf=GWEN_Buffer_new(0, 40, 0, 1); EBC_Provider_Sha256(pMsg, lMsg, xbuf); /* add digestInfo to hash of SignedInfo */ hbuf=GWEN_Buffer_new(0, 256, 0, 1); ksize=GWEN_Crypt_Token_KeyInfo_GetKeySize(ki); GWEN_Buffer_AppendByte(hbuf, 0x01); /* block type */ numPaddBytes=ksize-3-sizeof(digestInfo)-GWEN_Buffer_GetUsedBytes(xbuf); if (numPaddBytes<1) { DBG_ERROR(AQEBICS_LOGDOMAIN, "Invalid number of padd bytes, key too small (%d)", numPaddBytes); GWEN_Buffer_free(xbuf); GWEN_Buffer_free(hbuf); return GWEN_ERROR_INTERNAL; } GWEN_Buffer_FillWithBytes(hbuf, 0xff, numPaddBytes); GWEN_Buffer_AppendByte(hbuf, 0x01); /* separator */ GWEN_Buffer_AppendBytes(hbuf, (const char *)digestInfo, sizeof(digestInfo)); /* digest info */ GWEN_Buffer_AppendBytes(hbuf, GWEN_Buffer_GetStart(xbuf), GWEN_Buffer_GetUsedBytes(xbuf)); /* hash */ GWEN_Buffer_free(xbuf); /* select padd algo */ algo=GWEN_Crypt_PaddAlgo_new(GWEN_Crypt_PaddAlgoId_None); GWEN_Crypt_PaddAlgo_SetPaddSize(algo, ksize); /* actually sign */ GWEN_Buffer_AllocRoom(sbuf, ksize+16); l=GWEN_Buffer_GetMaxUnsegmentedWrite(sbuf); rv=GWEN_Crypt_Token_Sign(ct, keyId, algo, (const uint8_t *)GWEN_Buffer_GetStart(hbuf), GWEN_Buffer_GetUsedBytes(hbuf), (uint8_t *)GWEN_Buffer_GetPosPointer(sbuf), &l, NULL, /* ignore seq counter */ 0); GWEN_Crypt_PaddAlgo_free(algo); if (rv<0) { DBG_INFO(AQEBICS_LOGDOMAIN, "here (%d)", rv); GWEN_Buffer_free(hbuf); return rv; } GWEN_Buffer_IncrementPos(sbuf, l); GWEN_Buffer_AdjustUsedBytes(sbuf); GWEN_Buffer_free(hbuf); return 0; }
int AH_Msg_DecryptRdh2(AH_MSG *hmsg, GWEN_DB_NODE *gr){ AH_HBCI *h; GWEN_BUFFER *mbuf; uint32_t l; int rv; const uint8_t *p; GWEN_MSGENGINE *e; AB_USER *u; const char *peerId; // uint32_t uFlags; GWEN_CRYPT_TOKEN *ct; const GWEN_CRYPT_TOKEN_CONTEXT *ctx; const GWEN_CRYPT_TOKEN_KEYINFO *ki; uint32_t keyId; GWEN_CRYPT_KEY *sk=NULL; uint8_t decKey[300]; GWEN_DB_NODE *nhead=NULL; GWEN_DB_NODE *ndata=NULL; const char *crypterId; uint32_t gid; assert(hmsg); h=AH_Dialog_GetHbci(hmsg->dialog); assert(h); e=AH_Dialog_GetMsgEngine(hmsg->dialog); assert(e); GWEN_MsgEngine_SetMode(e, "rdh"); gid=0; u=AH_Dialog_GetDialogOwner(hmsg->dialog); // uFlags=AH_User_GetFlags(u); peerId=AH_User_GetPeerId(u); if (!peerId || *peerId==0) peerId=AB_User_GetUserId(u); /* get crypt token of signer */ rv=AB_Banking_GetCryptToken(AH_HBCI_GetBankingApi(h), AH_User_GetTokenType(u), AH_User_GetTokenName(u), &ct); if (rv) { DBG_INFO(AQHBCI_LOGDOMAIN, "Could not get crypt token for user \"%s\" (%d)", AB_User_GetUserId(u), rv); return rv; } /* open CryptToken if necessary */ if (!GWEN_Crypt_Token_IsOpen(ct)) { GWEN_Crypt_Token_AddModes(ct, GWEN_CRYPT_TOKEN_MODE_DIRECT_SIGN); rv=GWEN_Crypt_Token_Open(ct, 0, gid); if (rv) { DBG_INFO(AQHBCI_LOGDOMAIN, "Could not open crypt token for user \"%s\" (%d)", AB_User_GetUserId(u), rv); return rv; } } /* get context and key info */ ctx=GWEN_Crypt_Token_GetContext(ct, AH_User_GetTokenContextId(u), gid); if (ctx==NULL) { DBG_INFO(AQHBCI_LOGDOMAIN, "Context %d not found on crypt token [%s:%s]", AH_User_GetTokenContextId(u), GWEN_Crypt_Token_GetTypeName(ct), GWEN_Crypt_Token_GetTokenName(ct)); return GWEN_ERROR_NOT_FOUND; } keyId=GWEN_Crypt_Token_Context_GetDecipherKeyId(ctx); ki=GWEN_Crypt_Token_GetKeyInfo(ct, keyId, 0xffffffff, gid); if (ki==NULL) { DBG_INFO(AQHBCI_LOGDOMAIN, "Keyinfo %04x not found on crypt token [%s:%s]", keyId, GWEN_Crypt_Token_GetTypeName(ct), GWEN_Crypt_Token_GetTokenName(ct)); return GWEN_ERROR_NOT_FOUND; } /* get encrypted session key */ nhead=GWEN_DB_GetGroup(gr, GWEN_DB_FLAGS_DEFAULT | GWEN_PATH_FLAGS_NAMEMUSTEXIST, "CryptHead"); if (!nhead) { DBG_ERROR(AQHBCI_LOGDOMAIN, "No crypt head"); return GWEN_ERROR_BAD_DATA; } ndata=GWEN_DB_GetGroup(gr, GWEN_DB_FLAGS_DEFAULT | GWEN_PATH_FLAGS_NAMEMUSTEXIST, "CryptData"); if (!ndata) { DBG_ERROR(AQHBCI_LOGDOMAIN, "No crypt data"); return GWEN_ERROR_BAD_DATA; } crypterId=GWEN_DB_GetCharValue(nhead, "key/userId", 0, I18N("unknown")); p=GWEN_DB_GetBinValue(nhead, "CryptAlgo/MsgKey", 0, 0,0, &l); if (p && l) { uint32_t elen; GWEN_CRYPT_PADDALGO *algo; uint8_t encKey[300]; int ksize; ksize=GWEN_Crypt_Token_KeyInfo_GetKeySize(ki); if (ksize<l) { DBG_WARN(AQHBCI_LOGDOMAIN, "Keyinfo keysize is smaller than size of transmitted key, adjusting"); ksize=l; } assert(ksize<=256); /* fill encoded key with 0 */ memset(encKey, 0, sizeof(encKey)); memmove(encKey+(ksize-l), p, l); algo=GWEN_Crypt_PaddAlgo_new(GWEN_Crypt_PaddAlgoId_None); elen=sizeof(decKey); rv=GWEN_Crypt_Token_Decipher(ct, keyId, algo, encKey, ksize, decKey, &elen, gid); GWEN_Crypt_PaddAlgo_free(algo); if (rv) { DBG_INFO(AQHBCI_LOGDOMAIN, "here (%d)", rv); return rv; } /* unpadd key (take right-handed 16 bytes) */ p=decKey+(elen-16); sk=GWEN_Crypt_KeyDes3K_fromData(GWEN_Crypt_CryptMode_Cbc, 24, p, 16); if (sk==NULL) { DBG_ERROR(AQHBCI_LOGDOMAIN, "Could not create DES key from data"); return GWEN_ERROR_BAD_DATA; } } else { DBG_ERROR(AQHBCI_LOGDOMAIN, "Missing message key"); return GWEN_ERROR_BAD_DATA; } /* get encrypted data */ p=GWEN_DB_GetBinValue(ndata, "CryptData", 0, 0,0, &l); if (!p || !l) { DBG_ERROR(AQHBCI_LOGDOMAIN, "No crypt data"); GWEN_Crypt_Key_free(sk); return GWEN_ERROR_BAD_DATA; } /* decipher message with session key */ mbuf=GWEN_Buffer_new(0, l, 0, 1); rv=GWEN_Crypt_Key_Decipher(sk, (const uint8_t*)p, l, (uint8_t*)GWEN_Buffer_GetPosPointer(mbuf), &l); GWEN_Crypt_Key_free(sk); if (rv<0) { DBG_INFO(AQHBCI_LOGDOMAIN, "Could not decipher with DES session key (%d)", rv); GWEN_Buffer_free(mbuf); return rv; } GWEN_Buffer_IncrementPos(mbuf, l); GWEN_Buffer_AdjustUsedBytes(mbuf); /* unpadd message */ rv=GWEN_Padd_UnpaddWithAnsiX9_23(mbuf); if (rv) { DBG_INFO(AQHBCI_LOGDOMAIN, "Error unpadding message with ANSI X9.23 (%d)", rv); GWEN_Buffer_free(mbuf); return rv; } /* store crypter id */ AH_Msg_SetCrypterId(hmsg, crypterId); /* store new buffer inside message */ GWEN_Buffer_free(hmsg->origbuffer); hmsg->origbuffer=hmsg->buffer; GWEN_Buffer_Rewind(mbuf); hmsg->buffer=mbuf; return 0; }
int AH_Msg_VerifyRdh2(AH_MSG *hmsg, GWEN_DB_NODE *gr) { AH_HBCI *h; GWEN_LIST *sigheads; GWEN_LIST *sigtails; GWEN_DB_NODE *n; int nonSigHeads; int nSigheads; unsigned int dataBegin; char *dataStart; unsigned int dataLength; unsigned int i; AB_USER *u; GWEN_CRYPT_TOKEN *ct; const GWEN_CRYPT_TOKEN_CONTEXT *ctx; const GWEN_CRYPT_TOKEN_KEYINFO *ki; uint32_t keyId; int ksize; int rv; uint32_t gid; assert(hmsg); h=AH_Dialog_GetHbci(hmsg->dialog); assert(h); u=AH_Dialog_GetDialogOwner(hmsg->dialog); assert(u); gid=0; /* get crypt token of signer */ rv=AB_Banking_GetCryptToken(AH_HBCI_GetBankingApi(h), AH_User_GetTokenType(u), AH_User_GetTokenName(u), &ct); if (rv) { DBG_INFO(AQHBCI_LOGDOMAIN, "Could not get crypt token for user \"%s\" (%d)", AB_User_GetUserId(u), rv); return rv; } /* open CryptToken if necessary */ if (!GWEN_Crypt_Token_IsOpen(ct)) { GWEN_Crypt_Token_AddModes(ct, GWEN_CRYPT_TOKEN_MODE_DIRECT_SIGN); rv=GWEN_Crypt_Token_Open(ct, 0, gid); if (rv) { DBG_INFO(AQHBCI_LOGDOMAIN, "Could not open crypt token for user \"%s\" (%d)", AB_User_GetUserId(u), rv); return rv; } } /* get context and key info */ ctx=GWEN_Crypt_Token_GetContext(ct, AH_User_GetTokenContextId(u), gid); if (ctx==NULL) { DBG_INFO(AQHBCI_LOGDOMAIN, "Context %d not found on crypt token [%s:%s]", AH_User_GetTokenContextId(u), GWEN_Crypt_Token_GetTypeName(ct), GWEN_Crypt_Token_GetTokenName(ct)); return GWEN_ERROR_NOT_FOUND; } /* let's go */ sigheads=GWEN_List_new(); /* enumerate signature heads */ nonSigHeads=0; nSigheads=0; n=GWEN_DB_GetFirstGroup(gr); while(n) { if (strcasecmp(GWEN_DB_GroupName(n), "SigHead")==0) { /* found a signature head */ if (nonSigHeads) { DBG_ERROR(AQHBCI_LOGDOMAIN, "Found some unsigned parts at the beginning"); GWEN_List_free(sigheads); return GWEN_ERROR_BAD_DATA; } GWEN_List_PushBack(sigheads, n); nSigheads++; } else if (strcasecmp(GWEN_DB_GroupName(n), "MsgHead")!=0) { if (nSigheads) break; nonSigHeads++; } n=GWEN_DB_GetNextGroup(n); } /* while */ if (!n) { if (nSigheads) { DBG_ERROR(AQHBCI_LOGDOMAIN, "Found Signature heads but no other segments"); GWEN_List_free(sigheads); return GWEN_ERROR_BAD_DATA; } DBG_DEBUG(AQHBCI_LOGDOMAIN, "No signatures"); GWEN_List_free(sigheads); return 0; } /* only now we need the verify key */ keyId=GWEN_Crypt_Token_Context_GetVerifyKeyId(ctx); if (keyId==0) { DBG_INFO(AQHBCI_LOGDOMAIN, "No verify key id on crypt token [%s:%s]", GWEN_Crypt_Token_GetTypeName(ct), GWEN_Crypt_Token_GetTokenName(ct)); return GWEN_ERROR_NOT_FOUND; } ki=GWEN_Crypt_Token_GetKeyInfo(ct, keyId, 0xffffffff, gid); if (ki==NULL) { DBG_INFO(AQHBCI_LOGDOMAIN, "Keyinfo %04x not found on crypt token [%s:%s]", keyId, GWEN_Crypt_Token_GetTypeName(ct), GWEN_Crypt_Token_GetTokenName(ct)); /* no longer return an error, it might be ok to not have a key info * even if we do not propagate the error here the check functions will * later find out that the signature is missing */ return 0; } ksize=GWEN_Crypt_Token_KeyInfo_GetKeySize(ki); assert(ksize<=256); /* store begin of signed data */ dataBegin=GWEN_DB_GetIntValue(n, "segment/pos", 0, 0); if (!dataBegin) { DBG_ERROR(AQHBCI_LOGDOMAIN, "No position specifications in segment"); GWEN_List_free(sigheads); return GWEN_ERROR_BAD_DATA; } /* now get first signature tail */ while(n) { if (strcasecmp(GWEN_DB_GroupName(n), "SigTail")==0) { unsigned int currpos; /* found a signature tail */ currpos=GWEN_DB_GetIntValue(n, "segment/pos", 0, 0); if (!currpos || dataBegin>currpos) { DBG_ERROR(AQHBCI_LOGDOMAIN, "Bad position specification in Signature tail"); GWEN_List_free(sigheads); return GWEN_ERROR_BAD_DATA; } dataLength=currpos-dataBegin; break; } n=GWEN_DB_GetNextGroup(n); } /* while */ if (!n) { DBG_ERROR(AQHBCI_LOGDOMAIN, "No signature tail found"); GWEN_List_free(sigheads); return GWEN_ERROR_BAD_DATA; } sigtails=GWEN_List_new(); while(n) { if (strcasecmp(GWEN_DB_GroupName(n), "SigTail")!=0) break; GWEN_List_PushBack(sigtails, n); n=GWEN_DB_GetNextGroup(n); } /* while */ if (!n) { DBG_ERROR(AQHBCI_LOGDOMAIN, "Message tail expected"); GWEN_List_free(sigheads); GWEN_List_free(sigtails); return GWEN_ERROR_BAD_DATA; } if (strcasecmp(GWEN_DB_GroupName(n), "MsgTail")!=0) { DBG_ERROR(AQHBCI_LOGDOMAIN, "Unexpected segment (msg tail expected)"); GWEN_List_free(sigheads); GWEN_List_free(sigtails); return GWEN_ERROR_BAD_DATA; } n=GWEN_DB_GetNextGroup(n); if (n) { DBG_ERROR(AQHBCI_LOGDOMAIN, "Unexpected segment (end expected)"); GWEN_List_free(sigheads); GWEN_List_free(sigtails); return GWEN_ERROR_BAD_DATA; } if (GWEN_List_GetSize(sigheads)!= GWEN_List_GetSize(sigtails)) { DBG_ERROR(AQHBCI_LOGDOMAIN, "Number of signature heads (%d) does not match " "number of signature tails (%d)", GWEN_List_GetSize(sigheads), GWEN_List_GetSize(sigtails)); GWEN_List_free(sigheads); GWEN_List_free(sigtails); return GWEN_ERROR_BAD_DATA; } /* ok, now verify all signatures */ dataStart=GWEN_Buffer_GetStart(hmsg->buffer)+dataBegin; for (i=0; i< GWEN_List_GetSize(sigtails); i++) { GWEN_DB_NODE *sighead; GWEN_DB_NODE *sigtail; const uint8_t *p; uint32_t l; int rv; uint8_t hash[20]; const char *signerId; /* get signature tail */ sigtail=(GWEN_DB_NODE*)GWEN_List_GetBack(sigtails); /* get corresponding signature head */ sighead=(GWEN_DB_NODE*)GWEN_List_GetFront(sigheads); if (!sighead || !sigtail) { DBG_ERROR(AQHBCI_LOGDOMAIN, "No signature head/tail left (internal error)"); GWEN_List_free(sigheads); GWEN_List_free(sigtails); return GWEN_ERROR_INTERNAL; } GWEN_List_PopBack(sigtails); GWEN_List_PopFront(sigheads); signerId=GWEN_DB_GetCharValue(sighead, "key/userid", 0, I18N("unknown")); /* some checks */ if (strcasecmp(GWEN_DB_GetCharValue(sighead, "ctrlref", 0, ""), GWEN_DB_GetCharValue(sigtail, "ctrlref", 0, ""))!=0) { DBG_ERROR(AQHBCI_LOGDOMAIN, "Non-matching signature tail"); GWEN_List_free(sigheads); GWEN_List_free(sigtails); return GWEN_ERROR_BAD_DATA; } /* hash signature head and data */ if (1) { GWEN_MDIGEST *md; /* hash sighead + data */ p=(const uint8_t*)GWEN_Buffer_GetStart(hmsg->buffer); p+=GWEN_DB_GetIntValue(sighead, "segment/pos", 0, 0); l=GWEN_DB_GetIntValue(sighead, "segment/length", 0, 0); md=GWEN_MDigest_Rmd160_new(); rv=GWEN_MDigest_Begin(md); if (rv==0) /* digest signature head */ rv=GWEN_MDigest_Update(md, p, l); if (rv==0) /* digest data */ rv=GWEN_MDigest_Update(md, (const uint8_t*)dataStart, dataLength); if (rv==0) rv=GWEN_MDigest_End(md); if (rv<0) { DBG_ERROR(AQHBCI_LOGDOMAIN, "Hash error (%d)", rv); GWEN_MDigest_free(md); GWEN_List_free(sigheads); GWEN_List_free(sigtails); return rv; } memmove(hash, GWEN_MDigest_GetDigestPtr(md), GWEN_MDigest_GetDigestSize(md)); GWEN_MDigest_free(md); } /* verify signature */ p=GWEN_DB_GetBinValue(sigtail, "signature", 0, 0, 0, &l); if (p && l) { GWEN_CRYPT_PADDALGO *algo; algo=GWEN_Crypt_PaddAlgo_new(GWEN_Crypt_PaddAlgoId_Iso9796_2); GWEN_Crypt_PaddAlgo_SetPaddSize(algo, ksize); rv=GWEN_Crypt_Token_Verify(ct, keyId, algo, hash, 20, p, l, 0, gid); GWEN_Crypt_PaddAlgo_free(algo); if (rv) { if (rv==GWEN_ERROR_NO_KEY) { DBG_ERROR(AQHBCI_LOGDOMAIN, "Unable to verify signature of user \"%s\" (no key)", signerId); GWEN_Gui_ProgressLog(gid, GWEN_LoggerLevel_Error, I18N("Unable to verify signature (no key)")); } else { GWEN_BUFFER *tbuf; tbuf=GWEN_Buffer_new(0, 32, 0, 1); if (rv==GWEN_ERROR_VERIFY) { DBG_ERROR(AQHBCI_LOGDOMAIN, "Invalid signature of user \"%s\"", signerId); GWEN_Gui_ProgressLog(gid, GWEN_LoggerLevel_Error, I18N("Invalid signature!!!")); GWEN_Buffer_AppendString(tbuf, "!"); } else { GWEN_Gui_ProgressLog(gid, GWEN_LoggerLevel_Error, I18N("Could not verify signature")); DBG_ERROR(AQHBCI_LOGDOMAIN, "Could not verify data with medium of user \"%s\" (%d)", AB_User_GetUserId(u), rv); GWEN_Buffer_AppendString(tbuf, "?"); } GWEN_Buffer_AppendString(tbuf, signerId); AH_Msg_AddSignerId(hmsg, GWEN_Buffer_GetStart(tbuf)); GWEN_Buffer_free(tbuf); } } else { DBG_INFO(AQHBCI_LOGDOMAIN, "Message signed by \"%s\"", signerId); AH_Msg_AddSignerId(hmsg, signerId); } } else { DBG_DEBUG(AQHBCI_LOGDOMAIN, "No signature"); GWEN_List_free(sigheads); GWEN_List_free(sigtails); return GWEN_ERROR_BAD_DATA; } DBG_DEBUG(AQHBCI_LOGDOMAIN, "Verification done"); } /* for */ GWEN_List_free(sigheads); GWEN_List_free(sigtails); return 0; }
int AH_Msg_EncryptRdh2(AH_MSG *hmsg) { AH_HBCI *h; GWEN_XMLNODE *node; GWEN_DB_NODE *cfg; GWEN_BUFFER *mbuf; GWEN_BUFFER *hbuf; uint32_t l; int rv; const char *p; GWEN_MSGENGINE *e; AB_USER *u; const char *peerId; // uint32_t uFlags; GWEN_CRYPT_TOKEN *ct; const GWEN_CRYPT_TOKEN_CONTEXT *ctx; const GWEN_CRYPT_TOKEN_KEYINFO *ki; uint32_t keyId; GWEN_CRYPT_KEY *sk; uint8_t encKey[300]; int encKeyLen; uint32_t gid; assert(hmsg); h=AH_Dialog_GetHbci(hmsg->dialog); assert(h); e=AH_Dialog_GetMsgEngine(hmsg->dialog); assert(e); GWEN_MsgEngine_SetMode(e, "rdh"); gid=0; u=AH_Dialog_GetDialogOwner(hmsg->dialog); // uFlags=AH_User_GetFlags(u); peerId=AH_User_GetPeerId(u); if (!peerId || *peerId==0) peerId=AB_User_GetUserId(u); /* get crypt token of signer */ rv=AB_Banking_GetCryptToken(AH_HBCI_GetBankingApi(h), AH_User_GetTokenType(u), AH_User_GetTokenName(u), &ct); if (rv) { DBG_INFO(AQHBCI_LOGDOMAIN, "Could not get crypt token for user \"%s\" (%d)", AB_User_GetUserId(u), rv); return rv; } /* open CryptToken if necessary */ if (!GWEN_Crypt_Token_IsOpen(ct)) { GWEN_Crypt_Token_AddModes(ct, GWEN_CRYPT_TOKEN_MODE_DIRECT_SIGN); rv=GWEN_Crypt_Token_Open(ct, 0, gid); if (rv) { DBG_INFO(AQHBCI_LOGDOMAIN, "Could not open crypt token for user \"%s\" (%d)", AB_User_GetUserId(u), rv); return rv; } } /* get context and key info */ ctx=GWEN_Crypt_Token_GetContext(ct, AH_User_GetTokenContextId(u), gid); if (ctx==NULL) { DBG_INFO(AQHBCI_LOGDOMAIN, "Context %d not found on crypt token [%s:%s]", AH_User_GetTokenContextId(u), GWEN_Crypt_Token_GetTypeName(ct), GWEN_Crypt_Token_GetTokenName(ct)); return GWEN_ERROR_NOT_FOUND; } keyId=GWEN_Crypt_Token_Context_GetEncipherKeyId(ctx); ki=GWEN_Crypt_Token_GetKeyInfo(ct, keyId, 0xffffffff, gid); if (ki==NULL) { DBG_INFO(AQHBCI_LOGDOMAIN, "Keyinfo %04x not found on crypt token [%s:%s]", keyId, GWEN_Crypt_Token_GetTypeName(ct), GWEN_Crypt_Token_GetTokenName(ct)); return GWEN_ERROR_NOT_FOUND; } rv=GWEN_Padd_PaddWithAnsiX9_23(hmsg->buffer); if (rv) { DBG_INFO(AQHBCI_LOGDOMAIN, "Error padding message with ANSI X9.23 (%d)", rv); return rv; } /* create session key */ sk=GWEN_Crypt_KeyDes3K_Generate(GWEN_Crypt_CryptMode_Cbc, 24, 2); if (sk==NULL) { DBG_INFO(AQHBCI_LOGDOMAIN, "Could not generate DES key"); return GWEN_ERROR_INTERNAL; } /* encrypt message with that session key */ mbuf=GWEN_Buffer_new(0, GWEN_Buffer_GetUsedBytes(hmsg->buffer), 0, 1); l=GWEN_Buffer_GetUsedBytes(hmsg->buffer); rv=GWEN_Crypt_Key_Encipher(sk, (uint8_t*)GWEN_Buffer_GetStart(hmsg->buffer), GWEN_Buffer_GetUsedBytes(hmsg->buffer), (uint8_t*)GWEN_Buffer_GetPosPointer(mbuf), &l); if (rv<0) { DBG_INFO(AQHBCI_LOGDOMAIN, "Could not encipher with DES session key (%d)", rv); GWEN_Buffer_free(mbuf); GWEN_Crypt_Key_free(sk); return rv; } GWEN_Buffer_IncrementPos(mbuf, l); GWEN_Buffer_AdjustUsedBytes(mbuf); /* encrypt session key */ if (1) { uint32_t elen; GWEN_CRYPT_PADDALGO *algo; algo=GWEN_Crypt_PaddAlgo_new(GWEN_Crypt_PaddAlgoId_LeftZero); GWEN_Crypt_PaddAlgo_SetPaddSize(algo, GWEN_Crypt_Token_KeyInfo_GetKeySize(ki)); elen=sizeof(encKey); rv=GWEN_Crypt_Token_Encipher(ct, keyId, algo, GWEN_Crypt_KeyDes3K_GetKeyDataPtr(sk), 16, encKey, &elen, gid); GWEN_Crypt_PaddAlgo_free(algo); if (rv<0) { DBG_INFO(AQHBCI_LOGDOMAIN, "here (%d)", rv); GWEN_Buffer_free(mbuf); GWEN_Crypt_Key_free(sk); return rv; } encKeyLen=elen; } GWEN_Crypt_Key_free(sk); /* create crypt head */ node=GWEN_MsgEngine_FindNodeByPropertyStrictProto(e, "SEG", "id", 0, "CryptHead"); if (!node) { DBG_INFO(AQHBCI_LOGDOMAIN, "Segment \"CryptHead\" not found"); GWEN_Buffer_free(mbuf); GWEN_Crypt_Key_free(sk); return GWEN_ERROR_INTERNAL; } /* create CryptHead */ cfg=GWEN_DB_Group_new("crypthead"); GWEN_DB_SetIntValue(cfg, GWEN_DB_FLAGS_DEFAULT, "head/seq", 998); rv=AH_MsgRdh_PrepareCryptoSeg2(hmsg, u, ki, cfg, 1, 0); if (rv) { DBG_INFO(AQHBCI_LOGDOMAIN, "here (%d)", rv); GWEN_DB_Group_free(cfg); GWEN_Buffer_free(mbuf); return rv; } /* store system id */ if (hmsg->noSysId) { GWEN_DB_SetCharValue(cfg, GWEN_DB_FLAGS_DEFAULT, "SecDetails/SecId", "0"); } else { p=AH_User_GetSystemId(u); if (p==NULL) p=GWEN_Crypt_Token_Context_GetSystemId(ctx); if (p) GWEN_DB_SetCharValue(cfg, GWEN_DB_FLAGS_DEFAULT, "SecDetails/SecId", p); else { DBG_INFO(AQHBCI_LOGDOMAIN, "No System id on RDH medium, using default"); GWEN_DB_SetCharValue(cfg, GWEN_DB_FLAGS_DEFAULT, "SecDetails/SecId", "0"); } } /* store encrypted message key */ GWEN_DB_SetBinValue(cfg, GWEN_DB_FLAGS_DEFAULT, "CryptAlgo/MsgKey", encKey, encKeyLen); hbuf=GWEN_Buffer_new(0, 256+GWEN_Buffer_GetUsedBytes(mbuf), 0, 1); rv=GWEN_MsgEngine_CreateMessageFromNode(e, node, hbuf, cfg); if (rv) { DBG_INFO(AQHBCI_LOGDOMAIN, "Could not create CryptHead (%d)", rv); GWEN_Buffer_free(hbuf); GWEN_DB_Group_free(cfg); GWEN_Buffer_free(mbuf); return rv; } GWEN_DB_Group_free(cfg); /* create cryptdata */ cfg=GWEN_DB_Group_new("cryptdata"); GWEN_DB_SetIntValue(cfg, GWEN_DB_FLAGS_DEFAULT, "head/seq", 999); GWEN_DB_SetBinValue(cfg, GWEN_DB_FLAGS_DEFAULT, "cryptdata", GWEN_Buffer_GetStart(mbuf), GWEN_Buffer_GetUsedBytes(mbuf)); GWEN_Buffer_free(mbuf); node=GWEN_MsgEngine_FindNodeByPropertyStrictProto(e, "SEG", "id", 0, "CryptData"); if (!node) { DBG_INFO(AQHBCI_LOGDOMAIN, "Segment \"CryptData\"not found"); GWEN_Buffer_free(hbuf); GWEN_DB_Group_free(cfg); return -1; } rv=GWEN_MsgEngine_CreateMessageFromNode(e, node, hbuf, cfg); if (rv) { DBG_INFO(AQHBCI_LOGDOMAIN, "Could not create CryptData (%d)", rv); GWEN_Buffer_free(hbuf); GWEN_DB_Group_free(cfg); return rv; } /* replace existing buffer by encrypted one */ GWEN_Buffer_free(hmsg->buffer); hmsg->buffer=hbuf; GWEN_DB_Group_free(cfg); return 0; }
int AH_Msg_SignRdh2(AH_MSG *hmsg, AB_USER *su, GWEN_BUFFER *rawBuf, const char *signer) { AH_HBCI *h; GWEN_XMLNODE *node; GWEN_DB_NODE *cfg; GWEN_BUFFER *sigbuf; GWEN_BUFFER *hbuf; unsigned int l; int rv; char ctrlref[15]; const char *p; GWEN_MSGENGINE *e; uint32_t uFlags; GWEN_CRYPT_TOKEN *ct; const GWEN_CRYPT_TOKEN_CONTEXT *ctx; const GWEN_CRYPT_TOKEN_KEYINFO *ki; uint32_t keyId; uint32_t gid; assert(hmsg); h=AH_Dialog_GetHbci(hmsg->dialog); assert(h); e=AH_Dialog_GetMsgEngine(hmsg->dialog); assert(e); GWEN_MsgEngine_SetMode(e, "rdh"); gid=0; uFlags=AH_User_GetFlags(su); /* get crypt token of signer */ rv=AB_Banking_GetCryptToken(AH_HBCI_GetBankingApi(h), AH_User_GetTokenType(su), AH_User_GetTokenName(su), &ct); if (rv) { DBG_INFO(AQHBCI_LOGDOMAIN, "Could not get crypt token for user \"%s\" (%d)", AB_User_GetUserId(su), rv); return rv; } /* open CryptToken if necessary */ if (!GWEN_Crypt_Token_IsOpen(ct)) { GWEN_Crypt_Token_AddModes(ct, GWEN_CRYPT_TOKEN_MODE_DIRECT_SIGN); rv=GWEN_Crypt_Token_Open(ct, 0, gid); if (rv) { DBG_INFO(AQHBCI_LOGDOMAIN, "Could not open crypt token for user \"%s\" (%d)", AB_User_GetUserId(su), rv); return rv; } } /* get context and key info */ ctx=GWEN_Crypt_Token_GetContext(ct, AH_User_GetTokenContextId(su), gid); if (ctx==NULL) { DBG_INFO(AQHBCI_LOGDOMAIN, "Context %d not found on crypt token [%s:%s]", AH_User_GetTokenContextId(su), GWEN_Crypt_Token_GetTypeName(ct), GWEN_Crypt_Token_GetTokenName(ct)); return GWEN_ERROR_NOT_FOUND; } keyId=GWEN_Crypt_Token_Context_GetSignKeyId(ctx); ki=GWEN_Crypt_Token_GetKeyInfo(ct, keyId, 0xffffffff, gid); if (ki==NULL) { DBG_INFO(AQHBCI_LOGDOMAIN, "Keyinfo %04x not found on crypt token [%s:%s]", keyId, GWEN_Crypt_Token_GetTypeName(ct), GWEN_Crypt_Token_GetTokenName(ct)); return GWEN_ERROR_NOT_FOUND; } node=GWEN_MsgEngine_FindNodeByPropertyStrictProto(e, "SEG", "id", 0, "SigHead"); if (!node) { DBG_INFO(AQHBCI_LOGDOMAIN, "Segment \"SigHead\" not found"); return GWEN_ERROR_INTERNAL; } /* prepare config for segment */ cfg=GWEN_DB_Group_new("sighead"); rv=AH_MsgRdh_PrepareCryptoSeg2(hmsg, su, ki, cfg, 0, 1); if (rv) { DBG_INFO(AQHBCI_LOGDOMAIN, "here (%d)", rv); GWEN_DB_Group_free(cfg); return rv; } /* set expected signer */ if (!(uFlags & AH_USER_FLAGS_BANK_DOESNT_SIGN)) { const char *remoteId; remoteId=AH_User_GetPeerId(su); if (!remoteId || *remoteId==0) remoteId=AB_User_GetUserId(su); assert(remoteId); assert(*remoteId); DBG_DEBUG(AQHBCI_LOGDOMAIN, "Expecting \"%s\" to sign the response", remoteId); AH_Msg_SetExpectedSigner(hmsg, remoteId); } /* store system id */ if (hmsg->noSysId) { GWEN_DB_SetCharValue(cfg, GWEN_DB_FLAGS_DEFAULT, "SecDetails/SecId", "0"); } else { p=AH_User_GetSystemId(su); if (p==NULL) p=GWEN_Crypt_Token_Context_GetSystemId(ctx); if (p) GWEN_DB_SetCharValue(cfg, GWEN_DB_FLAGS_DEFAULT, "SecDetails/SecId", p); else { GWEN_DB_SetCharValue(cfg, GWEN_DB_FLAGS_DEFAULT, "SecDetails/SecId", "0"); } } /* retrieve control reference for sigtail (to be used later) */ p=GWEN_DB_GetCharValue(cfg, "ctrlref", 0, ""); if (strlen(p)>=sizeof(ctrlref)) { DBG_INFO(AQHBCI_LOGDOMAIN, "Control reference too long (14 bytes maximum)"); GWEN_DB_Group_free(cfg); return -1; } strcpy(ctrlref, p); /* create SigHead */ hbuf=GWEN_Buffer_new(0, 128+GWEN_Buffer_GetUsedBytes(rawBuf), 0, 1); GWEN_DB_SetIntValue(cfg, GWEN_DB_FLAGS_DEFAULT, "head/seq", hmsg->firstSegment-1); GWEN_DB_SetIntValue(cfg, GWEN_DB_FLAGS_DEFAULT, "signseq", GWEN_Crypt_Token_KeyInfo_GetSignCounter(ki)); /* create signature head segment */ rv=GWEN_MsgEngine_CreateMessageFromNode(e, node, hbuf, cfg); GWEN_DB_Group_free(cfg); cfg=0; if (rv) { DBG_INFO(AQHBCI_LOGDOMAIN, "Could not create SigHead"); GWEN_Buffer_free(hbuf); return rv; } /* remember size of sighead for now */ l=GWEN_Buffer_GetUsedBytes(hbuf); /* add raw data to to-sign data buffer */ GWEN_Buffer_AppendBuffer(hbuf, rawBuf); /* sign message */ sigbuf=GWEN_Buffer_new(0, 512, 0, 1); if (1) { uint32_t signLen; GWEN_CRYPT_PADDALGO *algo; GWEN_MDIGEST *md; uint32_t seq; /* hash sighead + data */ md=GWEN_MDigest_Rmd160_new(); rv=GWEN_MDigest_Begin(md); if (rv==0) rv=GWEN_MDigest_Update(md, (uint8_t*)GWEN_Buffer_GetStart(hbuf), GWEN_Buffer_GetUsedBytes(hbuf)); if (rv==0) rv=GWEN_MDigest_End(md); if (rv<0) { DBG_ERROR(AQHBCI_LOGDOMAIN, "Hash error (%d)", rv); GWEN_MDigest_free(md); GWEN_Buffer_free(sigbuf); GWEN_Buffer_free(hbuf); return rv; } /* sign hash */ algo=GWEN_Crypt_PaddAlgo_new(GWEN_Crypt_PaddAlgoId_Iso9796_2); GWEN_Crypt_PaddAlgo_SetPaddSize(algo, GWEN_Crypt_Token_KeyInfo_GetKeySize(ki)); signLen=GWEN_Buffer_GetMaxUnsegmentedWrite(sigbuf); rv=GWEN_Crypt_Token_Sign(ct, keyId, algo, GWEN_MDigest_GetDigestPtr(md), GWEN_MDigest_GetDigestSize(md), (uint8_t*)GWEN_Buffer_GetPosPointer(sigbuf), &signLen, &seq, gid); GWEN_Crypt_PaddAlgo_free(algo); GWEN_MDigest_free(md); if (rv) { DBG_ERROR(AQHBCI_LOGDOMAIN, "Could not sign data with medium of user \"%s\" (%d)", AB_User_GetUserId(su), rv); GWEN_Buffer_free(sigbuf); GWEN_Buffer_free(hbuf); return rv; } GWEN_Buffer_IncrementPos(sigbuf, signLen); GWEN_Buffer_AdjustUsedBytes(sigbuf); } DBG_DEBUG(AQHBCI_LOGDOMAIN, "Signing done"); /* insert new SigHead at beginning of message buffer */ DBG_DEBUG(AQHBCI_LOGDOMAIN, "Inserting signature head"); GWEN_Buffer_Rewind(hmsg->buffer); GWEN_Buffer_InsertBytes(hmsg->buffer, GWEN_Buffer_GetStart(hbuf), l); /* create sigtail */ DBG_DEBUG(AQHBCI_LOGDOMAIN, "Completing signature tail"); cfg=GWEN_DB_Group_new("sigtail"); GWEN_Buffer_Reset(hbuf); GWEN_DB_SetIntValue(cfg, GWEN_DB_FLAGS_DEFAULT, "head/seq", hmsg->lastSegment+1); /* store to DB */ GWEN_DB_SetBinValue(cfg, GWEN_DB_FLAGS_DEFAULT, "signature", GWEN_Buffer_GetStart(sigbuf), GWEN_Buffer_GetUsedBytes(sigbuf)); GWEN_Buffer_free(sigbuf); GWEN_DB_SetCharValue(cfg, GWEN_DB_FLAGS_DEFAULT, "ctrlref", ctrlref); /* get node */ node=GWEN_MsgEngine_FindNodeByPropertyStrictProto(e, "SEG", "id", 0, "SigTail"); if (!node) { DBG_INFO(AQHBCI_LOGDOMAIN, "Segment \"SigTail\"not found"); GWEN_Buffer_free(hbuf); GWEN_DB_Group_free(cfg); return -1; } rv=GWEN_MsgEngine_CreateMessageFromNode(e, node, hbuf, cfg); if (rv) { DBG_INFO(AQHBCI_LOGDOMAIN, "Could not create SigTail"); GWEN_Buffer_free(hbuf); GWEN_DB_Group_free(cfg); return -1; } /* append sigtail */ DBG_DEBUG(AQHBCI_LOGDOMAIN, "Appending signature tail"); if (GWEN_Buffer_AppendBuffer(hmsg->buffer, hbuf)) { DBG_INFO(AQHBCI_LOGDOMAIN, "here"); GWEN_Buffer_free(hbuf); GWEN_DB_Group_free(cfg); return -1; } DBG_DEBUG(AQHBCI_LOGDOMAIN, "Appending signature tail: done"); GWEN_Buffer_free(hbuf); GWEN_DB_Group_free(cfg); /* adjust segment numbers (for next signature and message tail */ hmsg->firstSegment--; hmsg->lastSegment++; return 0; }
int EBC_Provider_XchgIniRequest_H002(AB_PROVIDER *pro, GWEN_HTTP_SESSION *sess, AB_USER *u) { int rv; GWEN_CRYPT_TOKEN *ct; const GWEN_CRYPT_TOKEN_CONTEXT *ctx; uint32_t kid; const GWEN_CRYPT_TOKEN_KEYINFO *signKeyInfo=NULL; xmlNsPtr ns; EB_MSG *msg; const char *userId; EB_MSG *mRsp; EB_RC rc; xmlDocPtr doc; xmlNodePtr root_node = NULL; xmlNodePtr node = NULL; GWEN_BUFFER *tbuf; const char *signVersion; const char *s; GWEN_BUFFER *bufKey; GWEN_BUFFER *bufZip; GWEN_BUFFER *bufB64; userId=AB_User_GetUserId(u); /* get crypt token and context */ rv=EBC_Provider_MountToken(pro, u, &ct, &ctx); if (rv<0) { DBG_INFO(AQEBICS_LOGDOMAIN, "here (%d)", rv); return rv; } /* get crypt key info */ kid=GWEN_Crypt_Token_Context_GetSignKeyId(ctx); if (kid) { signKeyInfo=GWEN_Crypt_Token_GetKeyInfo(ct, kid, GWEN_CRYPT_TOKEN_KEYFLAGS_HASMODULUS | GWEN_CRYPT_TOKEN_KEYFLAGS_HASEXPONENT | GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYVERSION | GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYNUMBER, 0); if (signKeyInfo==NULL) { DBG_ERROR(AQEBICS_LOGDOMAIN, "Sign key info not found on crypt token"); GWEN_Gui_ProgressLog(0, GWEN_LoggerLevel_Error, I18N("Sign key info not found on crypt token")); return GWEN_ERROR_NOT_FOUND; } } signVersion=EBC_User_GetSignVersion(u); if (!(signVersion && *signVersion)) signVersion="A004"; if (strcasecmp(signVersion, "A004")==0) { /* encode according to "DFUE-Abkommen" */ bufKey=GWEN_Buffer_new(0, 512, 0, 1); rc=EB_Key_Info_toBin(signKeyInfo, userId, "A004", 1024, bufKey); if (rc) { DBG_ERROR(AQEBICS_LOGDOMAIN, "Error writing key (rc=%06x)", rc); GWEN_Buffer_free(bufKey); return GWEN_ERROR_GENERIC; } /* zip order */ bufZip=GWEN_Buffer_new(0, 512, 0, 1); if (EB_Zip_Deflate(GWEN_Buffer_GetStart(bufKey), GWEN_Buffer_GetUsedBytes(bufKey), bufZip)) { DBG_ERROR(AQEBICS_LOGDOMAIN, "Unable to zip key data"); GWEN_Buffer_free(bufZip); GWEN_Buffer_free(bufKey); return GWEN_ERROR_GENERIC; } GWEN_Buffer_free(bufKey); /* base64 encode for order */ bufB64=GWEN_Buffer_new(0, 800, 0, 1); if (GWEN_Base64_Encode((const unsigned char *)GWEN_Buffer_GetStart(bufZip), GWEN_Buffer_GetUsedBytes(bufZip), bufB64, 0)) { DBG_ERROR(AQEBICS_LOGDOMAIN, "Error encoding key"); GWEN_Buffer_free(bufB64); GWEN_Buffer_free(bufZip); return GWEN_ERROR_GENERIC; } GWEN_Buffer_free(bufZip); } else { DBG_ERROR(AQEBICS_LOGDOMAIN, "Unsupported sign version [%s]", signVersion); return GWEN_ERROR_INTERNAL; } /* create request */ msg=EB_Msg_new(); doc=EB_Msg_GetDoc(msg); root_node=xmlNewNode(NULL, BAD_CAST "ebicsUnsecuredRequest"); xmlDocSetRootElement(doc, root_node); ns=xmlNewNs(root_node, BAD_CAST "http://www.ebics.org/H002", NULL); assert(ns); ns=xmlNewNs(root_node, BAD_CAST "http://www.w3.org/2000/09/xmldsig#", BAD_CAST "ds"); assert(ns); ns=xmlNewNs(root_node, BAD_CAST "http://www.w3.org/2001/XMLSchema-instance", BAD_CAST "xsi"); xmlNewNsProp(root_node, ns, BAD_CAST "schemaLocation", /* xsi:schemaLocation */ BAD_CAST "http://www.ebics.org/H002 " "http://www.ebics.org/H002/ebics_keymgmt_request.xsd"); xmlNewProp(root_node, BAD_CAST "Version", BAD_CAST "H002"); xmlNewProp(root_node, BAD_CAST "Revision", BAD_CAST "1"); /* header */ node=xmlNewChild(root_node, NULL, BAD_CAST "header", NULL); xmlNewProp(node, BAD_CAST "authenticate", BAD_CAST "true"); xmlNewChild(node, NULL, BAD_CAST "static", NULL); xmlNewChild(node, NULL, BAD_CAST "mutable", NULL); /* body */ node=xmlNewChild(root_node, NULL, BAD_CAST "body", NULL); /* fill */ s=EBC_User_GetPeerId(u); if (s) EB_Msg_SetCharValue(msg, "header/static/HostID", s); s=AB_User_GetCustomerId(u); if (s) EB_Msg_SetCharValue(msg, "header/static/PartnerID", s); EB_Msg_SetCharValue(msg, "header/static/UserID", AB_User_GetUserId(u)); EB_Msg_SetCharValue(msg, "header/static/OrderDetails/OrderType", "INI"); tbuf=GWEN_Buffer_new(0, 16, 0, 1); rv=EBC_Provider_Generate_OrderId(pro, tbuf); if (rv<0) { DBG_ERROR(AQEBICS_LOGDOMAIN, "Error creating order id (%d)", rv); GWEN_Buffer_free(tbuf); GWEN_Buffer_free(bufB64); EB_Msg_free(msg); return rv; } EB_Msg_SetCharValue(msg, "header/static/OrderDetails/OrderID", GWEN_Buffer_GetStart(tbuf)); GWEN_Buffer_free(tbuf); EB_Msg_SetCharValue(msg, "header/static/OrderDetails/OrderAttribute", "DZNNN"); EB_Msg_SetCharValue(msg, "header/static/SecurityMedium", "0000"); EB_Msg_SetCharValue(msg, "body/DataTransfer/OrderData", GWEN_Buffer_GetStart(bufB64)); GWEN_Buffer_free(bufB64); /* exchange requests */ rv=EBC_Dialog_ExchangeMessages(sess, msg, &mRsp); if (rv<0 || rv>=300) { DBG_ERROR(AQEBICS_LOGDOMAIN, "Error exchanging messages (%d)", rv); EB_Msg_free(msg); return rv; } EB_Msg_free(msg); /* check response */ assert(mRsp); /* log results */ EBC_Provider_LogRequestResults(pro, mRsp, NULL); rc=EB_Msg_GetResultCode(mRsp); if ((rc & 0xff0000)==0x090000 || (rc & 0xff0000)==0x060000) { DBG_ERROR(AQEBICS_LOGDOMAIN, "Error response: (%06x)", rc); EB_Msg_free(mRsp); return AB_ERROR_SECURITY; } rc=EB_Msg_GetBodyResultCode(mRsp); if (rc) { if ((rc & 0xff0000)==0x090000 || (rc & 0xff0000)==0x060000) { DBG_ERROR(AQEBICS_LOGDOMAIN, "Error response: (%06x)", rc); EB_Msg_free(mRsp); if ((rc & 0xfff00)==0x091300 || (rc & 0xfff00)==0x091200) return AB_ERROR_SECURITY; else return GWEN_ERROR_GENERIC; } } EB_Msg_free(mRsp); /* adjust user status and flags */ DBG_NOTICE(AQEBICS_LOGDOMAIN, "Adjusting user flags"); EBC_User_AddFlags(u, EBC_USER_FLAGS_INI); if ((EBC_User_GetFlags(u) & (EBC_USER_FLAGS_INI | EBC_USER_FLAGS_HIA)) == (EBC_USER_FLAGS_INI | EBC_USER_FLAGS_HIA)) EBC_User_SetStatus(u, EBC_UserStatus_Init2); else EBC_User_SetStatus(u, EBC_UserStatus_Init1); return 0; }
int EBC_Provider_XchgHiaRequest_H003(AB_PROVIDER *pro, GWEN_HTTP_SESSION *sess, AB_USER *u) { int rv; GWEN_CRYPT_TOKEN *ct; const GWEN_CRYPT_TOKEN_CONTEXT *ctx; uint32_t kid; const GWEN_CRYPT_TOKEN_KEYINFO *cryptKeyInfo=NULL; const GWEN_CRYPT_TOKEN_KEYINFO *authKeyInfo=NULL; xmlNsPtr ns; EB_MSG *msg; const char *userId; const char *partnerId; EB_MSG *mRsp; EB_RC rc; xmlDocPtr doc; xmlNodePtr root_node = NULL; xmlNodePtr node = NULL; /*xmlNodePtr nodeX = NULL;*/ GWEN_BUFFER *mbuf; GWEN_BUFFER *tbuf; const char *s; userId=AB_User_GetUserId(u); partnerId=AB_User_GetCustomerId(u); /* get crypt token and context */ rv=EBC_Provider_MountToken(pro, u, &ct, &ctx); if (rv<0) { DBG_INFO(AQEBICS_LOGDOMAIN, "here (%d)", rv); return rv; } /* get crypt key info */ kid=GWEN_Crypt_Token_Context_GetDecipherKeyId(ctx); if (kid) { cryptKeyInfo=GWEN_Crypt_Token_GetKeyInfo(ct, kid, GWEN_CRYPT_TOKEN_KEYFLAGS_HASMODULUS | GWEN_CRYPT_TOKEN_KEYFLAGS_HASEXPONENT | GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYVERSION | GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYNUMBER, 0); if (cryptKeyInfo==NULL) { DBG_ERROR(AQEBICS_LOGDOMAIN, "Crypt key info not found on crypt token"); GWEN_Gui_ProgressLog(0, GWEN_LoggerLevel_Error, I18N("Crypt key info not found on crypt token")); return GWEN_ERROR_NOT_FOUND; } } /* get auth sign key info */ kid=GWEN_Crypt_Token_Context_GetAuthSignKeyId(ctx); if (kid) { authKeyInfo=GWEN_Crypt_Token_GetKeyInfo(ct, kid, GWEN_CRYPT_TOKEN_KEYFLAGS_HASMODULUS | GWEN_CRYPT_TOKEN_KEYFLAGS_HASEXPONENT | GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYVERSION | GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYNUMBER, 0); if (authKeyInfo==NULL) { DBG_ERROR(AQEBICS_LOGDOMAIN, "Auth key info not found on crypt token"); GWEN_Gui_ProgressLog(0, GWEN_LoggerLevel_Error, I18N("Auth key info not found on crypt token")); return GWEN_ERROR_NOT_FOUND; } } /* create HIARequestOrderData */ doc=xmlNewDoc(BAD_CAST "1.0"); doc->encoding=xmlCharStrdup("UTF-8"); root_node=xmlNewNode(NULL, BAD_CAST "HIARequestOrderData"); xmlDocSetRootElement(doc, root_node); ns=xmlNewNs(root_node, BAD_CAST "http://www.ebics.org/H003", NULL); assert(ns); ns=xmlNewNs(root_node, BAD_CAST "http://www.w3.org/2000/09/xmldsig#", BAD_CAST "ds"); assert(ns); ns=xmlNewNs(root_node, BAD_CAST "http://www.w3.org/2001/XMLSchema-instance", BAD_CAST "xsi"); xmlNewNsProp(root_node, ns, BAD_CAST "schemaLocation", /* xsi:schemaLocation */ BAD_CAST "http://www.ebics.org/H003 " "http://www.ebics.org/H003/ebics_orders.xsd"); /* create auth key tree */ node=xmlNewChild(root_node, NULL, BAD_CAST "AuthenticationPubKeyInfo", NULL); rv=EB_Key_Info_toXml(authKeyInfo, node); if (rv<0) { DBG_ERROR(AQEBICS_LOGDOMAIN, "Error response: (%d)", rv); xmlFreeDoc(doc); return GWEN_ERROR_INVALID; } xmlNewChild(node, NULL, BAD_CAST "AuthenticationVersion", BAD_CAST "X002"); /* create crypt key tree */ node=xmlNewChild(root_node, NULL, BAD_CAST "EncryptionPubKeyInfo", NULL); rv=EB_Key_Info_toXml(cryptKeyInfo, node); if (rv<0) { DBG_ERROR(AQEBICS_LOGDOMAIN, "Error response: (%d)", rv); xmlFreeDoc(doc); return rv; } xmlNewChild(node, NULL, BAD_CAST "EncryptionVersion", BAD_CAST "E002"); /* store partner id and user id */ node=xmlNewChild(root_node, NULL, BAD_CAST "PartnerID", BAD_CAST partnerId); node=xmlNewChild(root_node, NULL, BAD_CAST "UserID", BAD_CAST userId); /* compress and base64 doc */ mbuf=GWEN_Buffer_new(0, 512, 0, 1); rv=EB_Xml_Compress64Doc(doc, mbuf); if (rv<0) { DBG_ERROR(AQEBICS_LOGDOMAIN, "Error compressing/encoding doc (%d)", rv); xmlFreeDoc(doc); return rv; } xmlFreeDoc(doc); /* create request */ msg=EB_Msg_new(); doc=EB_Msg_GetDoc(msg); root_node=xmlNewNode(NULL, BAD_CAST "ebicsUnsecuredRequest"); xmlDocSetRootElement(doc, root_node); ns=xmlNewNs(root_node, BAD_CAST "http://www.ebics.org/H003", NULL); assert(ns); ns=xmlNewNs(root_node, BAD_CAST "http://www.w3.org/2000/09/xmldsig#", BAD_CAST "ds"); assert(ns); ns=xmlNewNs(root_node, BAD_CAST "http://www.w3.org/2001/XMLSchema-instance", BAD_CAST "xsi"); xmlNewNsProp(root_node, ns, BAD_CAST "schemaLocation", /* xsi:schemaLocation */ BAD_CAST "http://www.ebics.org/H003 " "http://www.ebics.org/H003/ebics_keymgmt_request.xsd"); xmlNewProp(root_node, BAD_CAST "Version", BAD_CAST "H003"); xmlNewProp(root_node, BAD_CAST "Revision", BAD_CAST "1"); /* header */ node=xmlNewChild(root_node, NULL, BAD_CAST "header", NULL); xmlNewProp(node, BAD_CAST "authenticate", BAD_CAST "true"); xmlNewChild(node, NULL, BAD_CAST "static", NULL); xmlNewChild(node, NULL, BAD_CAST "mutable", NULL); /* body */ node=xmlNewChild(root_node, NULL, BAD_CAST "body", NULL); /* fill */ s=EBC_User_GetPeerId(u); if (s) EB_Msg_SetCharValue(msg, "header/static/HostID", s); s=AB_User_GetCustomerId(u); if (s) EB_Msg_SetCharValue(msg, "header/static/PartnerID", s); EB_Msg_SetCharValue(msg, "header/static/UserID", AB_User_GetUserId(u)); EB_Msg_SetCharValue(msg, "header/static/OrderDetails/OrderType", "HIA"); tbuf=GWEN_Buffer_new(0, 16, 0, 1); rv=EBC_Provider_Generate_OrderId(pro, tbuf); if (rv<0) { DBG_ERROR(AQEBICS_LOGDOMAIN, "Error exchanging messages (%d)", rv); GWEN_Buffer_free(tbuf); GWEN_Buffer_free(mbuf); EB_Msg_free(msg); return rv; } EB_Msg_SetCharValue(msg, "header/static/OrderDetails/OrderID", GWEN_Buffer_GetStart(tbuf)); GWEN_Buffer_free(tbuf); EB_Msg_SetCharValue(msg, "header/static/OrderDetails/OrderAttribute", "DZNNN"); EB_Msg_SetCharValue(msg, "header/static/SecurityMedium", "0200"); EB_Msg_SetCharValue(msg, "body/DataTransfer/OrderData", GWEN_Buffer_GetStart(mbuf)); GWEN_Buffer_free(mbuf); /* exchange requests */ rv=EBC_Dialog_ExchangeMessages(sess, msg, &mRsp); if (rv<0 || rv>=300) { DBG_ERROR(AQEBICS_LOGDOMAIN, "Error exchanging messages (%d)", rv); EB_Msg_free(msg); return rv; } EB_Msg_free(msg); /* check response */ assert(mRsp); /* log results */ EBC_Provider_LogRequestResults(pro, mRsp, NULL); rc=EB_Msg_GetResultCode(mRsp); if ((rc & 0xff0000)==0x090000 || (rc & 0xff0000)==0x060000) { DBG_ERROR(AQEBICS_LOGDOMAIN, "Error response: (%06x)", rc); EB_Msg_free(mRsp); return AB_ERROR_SECURITY; } rc=EB_Msg_GetBodyResultCode(mRsp); if (rc) { if ((rc & 0xff0000)==0x090000 || (rc & 0xff0000)==0x060000) { DBG_ERROR(AQEBICS_LOGDOMAIN, "Error response: (%06x)", rc); EB_Msg_free(mRsp); if ((rc & 0xfff00)==0x091300 || (rc & 0xfff00)==0x091200) return AB_ERROR_SECURITY; else return GWEN_ERROR_GENERIC; } } EB_Msg_free(mRsp); /* adjust user status and flags */ DBG_NOTICE(AQEBICS_LOGDOMAIN, "Adjusting user flags"); EBC_User_AddFlags(u, EBC_USER_FLAGS_HIA); if ((EBC_User_GetFlags(u) & (EBC_USER_FLAGS_INI | EBC_USER_FLAGS_HIA)) == (EBC_USER_FLAGS_INI | EBC_USER_FLAGS_HIA)) EBC_User_SetStatus(u, EBC_UserStatus_Init2); else EBC_User_SetStatus(u, EBC_UserStatus_Init1); return 0; }
int EBC_Provider_XchgPubRequest_H002(AB_PROVIDER *pro, GWEN_HTTP_SESSION *sess, AB_USER *u, const char *signVersion) { EBC_PROVIDER *dp; int rv; const char *userId; const char *partnerId; GWEN_BUFFER *bufKey; GWEN_CRYPT_TOKEN *ct; const GWEN_CRYPT_TOKEN_CONTEXT *ctx; uint32_t kid; const GWEN_CRYPT_TOKEN_KEYINFO *signKeyInfo=NULL; assert(pro); dp=GWEN_INHERIT_GETDATA(AB_PROVIDER, EBC_PROVIDER, pro); assert(dp); userId=AB_User_GetUserId(u); partnerId=AB_User_GetCustomerId(u); /* get crypt token and context */ rv=EBC_Provider_MountToken(pro, u, &ct, &ctx); if (rv<0) { DBG_INFO(AQEBICS_LOGDOMAIN, "here (%d)", rv); return rv; } /* get crypt key info */ kid=GWEN_Crypt_Token_Context_GetTempSignKeyId(ctx); if (kid) { signKeyInfo=GWEN_Crypt_Token_GetKeyInfo(ct, kid, GWEN_CRYPT_TOKEN_KEYFLAGS_HASMODULUS | GWEN_CRYPT_TOKEN_KEYFLAGS_HASEXPONENT | GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYVERSION | GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYNUMBER, 0); if (signKeyInfo==NULL) { DBG_ERROR(AQEBICS_LOGDOMAIN, "Sign key info not found on crypt token"); GWEN_Gui_ProgressLog(0, GWEN_LoggerLevel_Error, I18N("Sign key info not found on crypt token")); return GWEN_ERROR_NOT_FOUND; } } if (strcasecmp(signVersion, "A004")==0) { EB_RC rc; /* encode according to "DFUE-Abkommen" */ bufKey=GWEN_Buffer_new(0, 512, 0, 1); rc=EB_Key_Info_toBin(signKeyInfo, userId, "A004", 1024, bufKey); if (rc) { DBG_ERROR(AQEBICS_LOGDOMAIN, "Error writing key (rc=%06x)", rc); GWEN_Buffer_free(bufKey); return GWEN_ERROR_GENERIC; } } else { xmlDocPtr doc; xmlNodePtr root_node = NULL; xmlNodePtr node = NULL; xmlNsPtr ns; /* create INIRequestOrderData */ doc=xmlNewDoc(BAD_CAST "1.0"); doc->encoding=xmlCharStrdup("UTF-8"); root_node=xmlNewNode(NULL, BAD_CAST "PUBRequestOrderData"); xmlDocSetRootElement(doc, root_node); ns=xmlNewNs(root_node, BAD_CAST "http://www.ebics.org/H002", NULL); assert(ns); ns=xmlNewNs(root_node, BAD_CAST "http://www.w3.org/2000/09/xmldsig#", BAD_CAST "ds"); assert(ns); ns=xmlNewNs(root_node, BAD_CAST "http://www.w3.org/2001/XMLSchema-instance", BAD_CAST "xsi"); xmlNewNsProp(root_node, ns, BAD_CAST "schemaLocation", /* xsi:schemaLocation */ BAD_CAST "http://www.ebics.org/H002 " "http://www.ebics.org/H002/ebics_orders.xsd"); /* create sign key tree */ node=xmlNewChild(root_node, NULL, BAD_CAST "SignaturePubKeyInfo", NULL); rv=EB_Key_Info_toXml(signKeyInfo, node); if (rv<0) { DBG_ERROR(AQEBICS_LOGDOMAIN, "Error response: (%d)", rv); xmlFreeDoc(doc); return GWEN_ERROR_INVALID; } xmlNewChild(node, NULL, BAD_CAST "SignatureVersion", BAD_CAST signVersion); /* store partner id and user id */ node=xmlNewChild(root_node, NULL, BAD_CAST "PartnerID", BAD_CAST partnerId); node=xmlNewChild(root_node, NULL, BAD_CAST "UserID", BAD_CAST userId); /* compress and base64 doc */ bufKey=GWEN_Buffer_new(0, 4096, 0, 1); rv=EB_Xml_Compress64Doc(doc, bufKey); if (rv<0) { DBG_ERROR(AQEBICS_LOGDOMAIN, "Error compressing/encoding doc (%d)", rv); xmlFreeDoc(doc); return rv; } xmlFreeDoc(doc); } rv=EBC_Provider_XchgUploadRequest(pro, sess, u, "PUB", (const uint8_t*)GWEN_Buffer_GetStart(bufKey), GWEN_Buffer_GetUsedBytes(bufKey)); if (rv<0) { DBG_INFO(AQEBICS_LOGDOMAIN, "here (%d)", rv); GWEN_Buffer_free(bufKey); return rv; } GWEN_Buffer_free(bufKey); return 0; }