int EB_Msg_WriteSignature(EB_MSG *m, const unsigned char *hash, int hsize) { int rv; GWEN_BUFFER *hbuf; assert(m); assert(m->usage); if (hsize!=128) { DBG_ERROR(AQEBICS_LOGDOMAIN, "Bad signature size (expected 128, was %d)", hsize); return -1; } hbuf=GWEN_Buffer_new(0, 256, 0, 1); rv=GWEN_Base64_Encode(hash, (uint32_t) hsize, hbuf, 0); if (rv) { DBG_ERROR(AQEBICS_LOGDOMAIN, "Could not base64-encode signature (%d)", rv); GWEN_Buffer_free(hbuf); return -1; } EB_Xml_SetCharValue(xmlDocGetRootElement(m->doc), "AuthSignature/" "ds:SignatureValue", GWEN_Buffer_GetStart(hbuf)); GWEN_Buffer_free(hbuf); return 0; }
static int EBC_Provider_SignMessage_X001(AB_PROVIDER *pro, EB_MSG *msg, AB_USER *u, xmlNodePtr node) { EBC_PROVIDER *dp; int rv; GWEN_CRYPT_TOKEN *ct; const GWEN_CRYPT_TOKEN_CONTEXT *ctx; const GWEN_CRYPT_TOKEN_KEYINFO *ki; uint32_t keyId; GWEN_BUFFER *hbuf; GWEN_BUFFER *bbuf; xmlNodePtr nodeX = NULL; xmlNodePtr nodeXX = NULL; xmlNodePtr nodeXXX = NULL; xmlNodePtr nodeXXXX = NULL; xmlNsPtr ns; assert(pro); dp=GWEN_INHERIT_GETDATA(AB_PROVIDER, EBC_PROVIDER, pro); assert(dp); /* get crypt token and context */ rv=EBC_Provider_MountToken(pro, u, &ct, &ctx); if (rv<0) { DBG_INFO(AQEBICS_LOGDOMAIN, "here (%d)", rv); return rv; } /* get key id */ keyId=GWEN_Crypt_Token_Context_GetAuthSignKeyId(ctx); ki=GWEN_Crypt_Token_GetKeyInfo(ct, keyId, 0xffffffff, 0); if (ki==NULL) { DBG_INFO(AQEBICS_LOGDOMAIN, "Keyinfo %04x not found on crypt token [%s:%s]", keyId, GWEN_Crypt_Token_GetTypeName(ct), GWEN_Crypt_Token_GetTokenName(ct)); GWEN_Crypt_Token_Close(ct, 0, 0); return GWEN_ERROR_NOT_FOUND; } /* prepare signature nodes */ ns=xmlSearchNs(EB_Msg_GetDoc(msg), node, BAD_CAST "ds"); assert(ns); /* build hash */ bbuf=GWEN_Buffer_new(0, 256, 0, 1); rv=EB_Msg_BuildHashSha1(msg, bbuf); if (rv) { DBG_ERROR(AQEBICS_LOGDOMAIN, "Could not build hash"); GWEN_Buffer_free(bbuf); return rv; } /* base64 encode */ hbuf=GWEN_Buffer_new(0, 256, 0, 1); rv=GWEN_Base64_Encode((const uint8_t*)GWEN_Buffer_GetStart(bbuf), GWEN_Buffer_GetUsedBytes(bbuf), hbuf, 0); if (rv<0) { DBG_INFO(AQEBICS_LOGDOMAIN, "here (%d)", rv); GWEN_Buffer_free(hbuf); GWEN_Buffer_free(bbuf); return rv; } GWEN_Buffer_free(bbuf); /* create signature node */ nodeX=xmlNewChild(node, ns, BAD_CAST "SignedInfo", NULL); nodeXX=xmlNewChild(nodeX, ns, BAD_CAST "CanonicalizationMethod", NULL); xmlNewProp(nodeXX, BAD_CAST "Algorithm", BAD_CAST "http://www.w3.org/TR/2001/REC-xml-c14n-20010315"); nodeXX=xmlNewChild(nodeX, ns, BAD_CAST "SignatureMethod", NULL); xmlNewProp(nodeXX, BAD_CAST "Algorithm", BAD_CAST "http://www.w3.org/2000/09/xmldsig#rsa-sha1"); nodeXX=xmlNewChild(nodeX, ns, BAD_CAST "Reference", NULL); xmlNewProp(nodeXX, BAD_CAST "URI", BAD_CAST "#xpointer(//*[@authenticate='true'])"); nodeXXX=xmlNewChild(nodeXX, ns, BAD_CAST "Transforms", NULL); nodeXXXX=xmlNewChild(nodeXXX, ns, BAD_CAST "Transform", NULL); xmlNewProp(nodeXXXX, BAD_CAST "Algorithm", BAD_CAST "http://www.w3.org/TR/2001/REC-xml-c14n-20010315"); nodeXXX=xmlNewChild(nodeXX, ns, BAD_CAST "DigestMethod", NULL); xmlNewProp(nodeXXX, BAD_CAST "Algorithm", BAD_CAST "http://www.w3.org/2000/09/xmldsig#sha1"); /* store hash value */ xmlNewTextChild(nodeXX, ns, BAD_CAST "DigestValue", BAD_CAST GWEN_Buffer_GetStart(hbuf)); GWEN_Buffer_free(hbuf); /* build hash over SignedInfo */ bbuf=GWEN_Buffer_new(0, 256, 0, 1); rv=EB_Xml_BuildNodeHashSha1(nodeX, "#xpointer(//*)", bbuf); if (rv<0) { DBG_INFO(AQEBICS_LOGDOMAIN, "here (%d)", rv); GWEN_Buffer_free(bbuf); return rv; } /* sign hash */ if (1) { GWEN_CRYPT_PADDALGO *algo; int ksize; uint32_t l; const uint8_t prefix[]={ 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A, 0x05, 0x00, 0x04, 0x14}; /* add prefix to hash of SignedInfo */ hbuf=GWEN_Buffer_new(0, 256, 0, 1); ksize=GWEN_Crypt_Token_KeyInfo_GetKeySize(ki); GWEN_Buffer_AppendBytes(hbuf, (const char*)prefix, sizeof(prefix)); GWEN_Buffer_AppendBuffer(hbuf, bbuf); GWEN_Buffer_Reset(bbuf); /* select padd algo */ algo=GWEN_Crypt_PaddAlgo_new(GWEN_Crypt_PaddAlgoId_Pkcs1_1); GWEN_Crypt_PaddAlgo_SetPaddSize(algo, ksize); /* actually sign */ GWEN_Buffer_AllocRoom(bbuf, ksize+16); l=GWEN_Buffer_GetMaxUnsegmentedWrite(bbuf); rv=GWEN_Crypt_Token_Sign(ct, keyId, algo, (const uint8_t*)GWEN_Buffer_GetStart(hbuf), GWEN_Buffer_GetUsedBytes(hbuf), (uint8_t*)GWEN_Buffer_GetPosPointer(bbuf), &l, NULL, /* ignore seq counter */ 0); GWEN_Crypt_PaddAlgo_free(algo); if (rv<0) { DBG_INFO(AQEBICS_LOGDOMAIN, "here (%d)", rv); GWEN_Buffer_free(bbuf); GWEN_Buffer_free(hbuf); return rv; } GWEN_Buffer_IncrementPos(bbuf, l); GWEN_Buffer_AdjustUsedBytes(bbuf); /* base 64 encode signature */ GWEN_Buffer_Reset(hbuf); rv=GWEN_Base64_Encode((const uint8_t*)GWEN_Buffer_GetStart(bbuf), GWEN_Buffer_GetUsedBytes(bbuf), hbuf, 0); if (rv<0) { DBG_INFO(AQEBICS_LOGDOMAIN, "here (%d)", rv); GWEN_Buffer_free(hbuf); GWEN_Buffer_free(bbuf); return rv; } GWEN_Buffer_free(bbuf); /* store signature */ xmlNewTextChild(node, ns, BAD_CAST "SignatureValue", BAD_CAST GWEN_Buffer_GetStart(hbuf)); GWEN_Buffer_free(hbuf); } return 0; }
int EBC_Provider_MkEuZipDoc_A004(AB_PROVIDER *pro, AB_USER *u, const char *requestType, const uint8_t *pMsg, uint32_t lMsg, GWEN_BUFFER *sbuf) { int rv; xmlDocPtr doc; xmlNodePtr root_node; xmlNodePtr node; xmlNsPtr ns; GWEN_BUFFER *tbuf; GWEN_BUFFER *bbuf; tbuf=GWEN_Buffer_new(0, 256, 0, 1); rv=EBC_Provider_EuSign_A004(pro, u, requestType, pMsg, lMsg, tbuf); if (rv) { DBG_INFO(AQEBICS_LOGDOMAIN, "here (%d)", rv); GWEN_Buffer_free(tbuf); return rv; } bbuf=GWEN_Buffer_new(0, (GWEN_Buffer_GetUsedBytes(tbuf)*3)/2, 0, 1); rv=GWEN_Base64_Encode((const uint8_t*)GWEN_Buffer_GetStart(tbuf), GWEN_Buffer_GetUsedBytes(tbuf), bbuf, 0); if (rv<0) { DBG_INFO(AQEBICS_LOGDOMAIN, "here (%d)", rv); GWEN_Buffer_free(bbuf); GWEN_Buffer_free(tbuf); return rv; } GWEN_Buffer_free(tbuf); doc=xmlNewDoc(BAD_CAST "1.0"); root_node=xmlNewNode(NULL, BAD_CAST "UserSignatureData"); xmlDocSetRootElement(doc, root_node); ns=xmlNewNs(root_node, BAD_CAST "http://www.ebics.org/H002", NULL); assert(ns); ns=xmlNewNs(root_node, BAD_CAST "http://www.w3.org/2001/XMLSchema-instance", BAD_CAST "xsi"); xmlNewNsProp(root_node, ns, BAD_CAST "schemaLocation", /* xsi:schemaLocation */ BAD_CAST "http://www.ebics.org/H002 " "http://www.ebics.org/H002/ebics_orders.xsd"); node=xmlNewTextChild(root_node, NULL, BAD_CAST "OrderSignature", BAD_CAST GWEN_Buffer_GetStart(bbuf)); GWEN_Buffer_free(bbuf); xmlNewProp(node, BAD_CAST "PartnerID", BAD_CAST AB_User_GetCustomerId(u)); rv=EB_Xml_CompressDoc(doc, sbuf); if (rv<0) { DBG_INFO(AQEBICS_LOGDOMAIN, "here (%d)", rv); xmlFreeDoc(doc); return rv; } xmlFreeDoc(doc); return 0; }
int EBC_Provider_MkEuCryptZipDoc_A004(AB_PROVIDER *pro, AB_USER *u, const char *requestType, const uint8_t *pMsg, uint32_t lMsg, GWEN_CRYPT_KEY *skey, GWEN_BUFFER *sbuf) { GWEN_BUFFER *tbuf; GWEN_BUFFER *ebuf; int rv; uint32_t l; DBG_INFO(AQEBICS_LOGDOMAIN, "Generating EU A005"); tbuf=GWEN_Buffer_new(0, 512, 0, 1); rv=EBC_Provider_MkEuZipDoc_A004(pro, u, requestType, pMsg, lMsg, tbuf); if (rv<0) { DBG_INFO(AQEBICS_LOGDOMAIN, "here (%d)", rv); GWEN_Buffer_free(tbuf); return rv; } /* padd EU */ rv=GWEN_Padd_PaddWithAnsiX9_23(tbuf); if (rv<0) { DBG_INFO(AQEBICS_LOGDOMAIN, "here (%d)", rv); GWEN_Buffer_free(tbuf); return rv; } /* encrypt EU with the DES session key */ ebuf=GWEN_Buffer_new(0, GWEN_Buffer_GetUsedBytes(tbuf)+16, 0, 1); l=GWEN_Buffer_GetMaxUnsegmentedWrite(ebuf); /* reset IV !! */ GWEN_Crypt_KeyDes3K_SetIV(skey, NULL, 0); rv=GWEN_Crypt_Key_Encipher(skey, (uint8_t*)GWEN_Buffer_GetStart(tbuf), GWEN_Buffer_GetUsedBytes(tbuf), (uint8_t*)GWEN_Buffer_GetPosPointer(ebuf), &l); if (rv<0) { DBG_INFO(AQEBICS_LOGDOMAIN, "here (%d)", rv); GWEN_Buffer_free(ebuf); GWEN_Buffer_free(tbuf); return rv; } GWEN_Buffer_free(tbuf); GWEN_Buffer_IncrementPos(ebuf, l); GWEN_Buffer_AdjustUsedBytes(ebuf); /* base64 encode encrypted EU into given buffer */ rv=GWEN_Base64_Encode((const uint8_t*)GWEN_Buffer_GetStart(ebuf), GWEN_Buffer_GetUsedBytes(ebuf), sbuf, 0); if (rv<0) { DBG_INFO(AQEBICS_LOGDOMAIN, "here (%d)", rv); GWEN_Buffer_free(ebuf); return rv; } GWEN_Buffer_free(ebuf); return 0; }
int EBC_Provider_XchgIniRequest_H002(AB_PROVIDER *pro, GWEN_HTTP_SESSION *sess, AB_USER *u) { int rv; GWEN_CRYPT_TOKEN *ct; const GWEN_CRYPT_TOKEN_CONTEXT *ctx; uint32_t kid; const GWEN_CRYPT_TOKEN_KEYINFO *signKeyInfo=NULL; xmlNsPtr ns; EB_MSG *msg; const char *userId; EB_MSG *mRsp; EB_RC rc; xmlDocPtr doc; xmlNodePtr root_node = NULL; xmlNodePtr node = NULL; GWEN_BUFFER *tbuf; const char *signVersion; const char *s; GWEN_BUFFER *bufKey; GWEN_BUFFER *bufZip; GWEN_BUFFER *bufB64; userId=AB_User_GetUserId(u); /* get crypt token and context */ rv=EBC_Provider_MountToken(pro, u, &ct, &ctx); if (rv<0) { DBG_INFO(AQEBICS_LOGDOMAIN, "here (%d)", rv); return rv; } /* get crypt key info */ kid=GWEN_Crypt_Token_Context_GetSignKeyId(ctx); if (kid) { signKeyInfo=GWEN_Crypt_Token_GetKeyInfo(ct, kid, GWEN_CRYPT_TOKEN_KEYFLAGS_HASMODULUS | GWEN_CRYPT_TOKEN_KEYFLAGS_HASEXPONENT | GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYVERSION | GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYNUMBER, 0); if (signKeyInfo==NULL) { DBG_ERROR(AQEBICS_LOGDOMAIN, "Sign key info not found on crypt token"); GWEN_Gui_ProgressLog(0, GWEN_LoggerLevel_Error, I18N("Sign key info not found on crypt token")); return GWEN_ERROR_NOT_FOUND; } } signVersion=EBC_User_GetSignVersion(u); if (!(signVersion && *signVersion)) signVersion="A004"; if (strcasecmp(signVersion, "A004")==0) { /* encode according to "DFUE-Abkommen" */ bufKey=GWEN_Buffer_new(0, 512, 0, 1); rc=EB_Key_Info_toBin(signKeyInfo, userId, "A004", 1024, bufKey); if (rc) { DBG_ERROR(AQEBICS_LOGDOMAIN, "Error writing key (rc=%06x)", rc); GWEN_Buffer_free(bufKey); return GWEN_ERROR_GENERIC; } /* zip order */ bufZip=GWEN_Buffer_new(0, 512, 0, 1); if (EB_Zip_Deflate(GWEN_Buffer_GetStart(bufKey), GWEN_Buffer_GetUsedBytes(bufKey), bufZip)) { DBG_ERROR(AQEBICS_LOGDOMAIN, "Unable to zip key data"); GWEN_Buffer_free(bufZip); GWEN_Buffer_free(bufKey); return GWEN_ERROR_GENERIC; } GWEN_Buffer_free(bufKey); /* base64 encode for order */ bufB64=GWEN_Buffer_new(0, 800, 0, 1); if (GWEN_Base64_Encode((const unsigned char *)GWEN_Buffer_GetStart(bufZip), GWEN_Buffer_GetUsedBytes(bufZip), bufB64, 0)) { DBG_ERROR(AQEBICS_LOGDOMAIN, "Error encoding key"); GWEN_Buffer_free(bufB64); GWEN_Buffer_free(bufZip); return GWEN_ERROR_GENERIC; } GWEN_Buffer_free(bufZip); } else { DBG_ERROR(AQEBICS_LOGDOMAIN, "Unsupported sign version [%s]", signVersion); return GWEN_ERROR_INTERNAL; } /* create request */ msg=EB_Msg_new(); doc=EB_Msg_GetDoc(msg); root_node=xmlNewNode(NULL, BAD_CAST "ebicsUnsecuredRequest"); xmlDocSetRootElement(doc, root_node); ns=xmlNewNs(root_node, BAD_CAST "http://www.ebics.org/H002", NULL); assert(ns); ns=xmlNewNs(root_node, BAD_CAST "http://www.w3.org/2000/09/xmldsig#", BAD_CAST "ds"); assert(ns); ns=xmlNewNs(root_node, BAD_CAST "http://www.w3.org/2001/XMLSchema-instance", BAD_CAST "xsi"); xmlNewNsProp(root_node, ns, BAD_CAST "schemaLocation", /* xsi:schemaLocation */ BAD_CAST "http://www.ebics.org/H002 " "http://www.ebics.org/H002/ebics_keymgmt_request.xsd"); xmlNewProp(root_node, BAD_CAST "Version", BAD_CAST "H002"); xmlNewProp(root_node, BAD_CAST "Revision", BAD_CAST "1"); /* header */ node=xmlNewChild(root_node, NULL, BAD_CAST "header", NULL); xmlNewProp(node, BAD_CAST "authenticate", BAD_CAST "true"); xmlNewChild(node, NULL, BAD_CAST "static", NULL); xmlNewChild(node, NULL, BAD_CAST "mutable", NULL); /* body */ node=xmlNewChild(root_node, NULL, BAD_CAST "body", NULL); /* fill */ s=EBC_User_GetPeerId(u); if (s) EB_Msg_SetCharValue(msg, "header/static/HostID", s); s=AB_User_GetCustomerId(u); if (s) EB_Msg_SetCharValue(msg, "header/static/PartnerID", s); EB_Msg_SetCharValue(msg, "header/static/UserID", AB_User_GetUserId(u)); EB_Msg_SetCharValue(msg, "header/static/OrderDetails/OrderType", "INI"); tbuf=GWEN_Buffer_new(0, 16, 0, 1); rv=EBC_Provider_Generate_OrderId(pro, tbuf); if (rv<0) { DBG_ERROR(AQEBICS_LOGDOMAIN, "Error creating order id (%d)", rv); GWEN_Buffer_free(tbuf); GWEN_Buffer_free(bufB64); EB_Msg_free(msg); return rv; } EB_Msg_SetCharValue(msg, "header/static/OrderDetails/OrderID", GWEN_Buffer_GetStart(tbuf)); GWEN_Buffer_free(tbuf); EB_Msg_SetCharValue(msg, "header/static/OrderDetails/OrderAttribute", "DZNNN"); EB_Msg_SetCharValue(msg, "header/static/SecurityMedium", "0000"); EB_Msg_SetCharValue(msg, "body/DataTransfer/OrderData", GWEN_Buffer_GetStart(bufB64)); GWEN_Buffer_free(bufB64); /* exchange requests */ rv=EBC_Dialog_ExchangeMessages(sess, msg, &mRsp); if (rv<0 || rv>=300) { DBG_ERROR(AQEBICS_LOGDOMAIN, "Error exchanging messages (%d)", rv); EB_Msg_free(msg); return rv; } EB_Msg_free(msg); /* check response */ assert(mRsp); /* log results */ EBC_Provider_LogRequestResults(pro, mRsp, NULL); rc=EB_Msg_GetResultCode(mRsp); if ((rc & 0xff0000)==0x090000 || (rc & 0xff0000)==0x060000) { DBG_ERROR(AQEBICS_LOGDOMAIN, "Error response: (%06x)", rc); EB_Msg_free(mRsp); return AB_ERROR_SECURITY; } rc=EB_Msg_GetBodyResultCode(mRsp); if (rc) { if ((rc & 0xff0000)==0x090000 || (rc & 0xff0000)==0x060000) { DBG_ERROR(AQEBICS_LOGDOMAIN, "Error response: (%06x)", rc); EB_Msg_free(mRsp); if ((rc & 0xfff00)==0x091300 || (rc & 0xfff00)==0x091200) return AB_ERROR_SECURITY; else return GWEN_ERROR_GENERIC; } } EB_Msg_free(mRsp); /* adjust user status and flags */ DBG_NOTICE(AQEBICS_LOGDOMAIN, "Adjusting user flags"); EBC_User_AddFlags(u, EBC_USER_FLAGS_INI); if ((EBC_User_GetFlags(u) & (EBC_USER_FLAGS_INI | EBC_USER_FLAGS_HIA)) == (EBC_USER_FLAGS_INI | EBC_USER_FLAGS_HIA)) EBC_User_SetStatus(u, EBC_UserStatus_Init2); else EBC_User_SetStatus(u, EBC_UserStatus_Init1); return 0; }