/* --------------------------------------------------------------- FUNCTION */ int AH_Job_SepaStandingOrdersGet_Process(AH_JOB *j, AB_IMEXPORTER_CONTEXT *ctx){ GWEN_DB_NODE *dbResponses; GWEN_DB_NODE *dbCurr; const char *responseName; int rv; DBG_INFO(AQHBCI_LOGDOMAIN, "Processing JobSepaStandingOrdersGet"); assert(j); responseName=AH_Job_GetResponseName(j); dbResponses=AH_Job_GetResponses(j); assert(dbResponses); /* search for "Transactions" */ dbCurr=GWEN_DB_GetFirstGroup(dbResponses); while(dbCurr) { rv=AH_Job_CheckEncryption(j, dbCurr); if (rv) { DBG_INFO(AQHBCI_LOGDOMAIN, "Compromised security (encryption)"); AH_Job_SetStatus(j, AH_JobStatusError); return rv; } rv=AH_Job_CheckSignature(j, dbCurr); if (rv) { DBG_INFO(AQHBCI_LOGDOMAIN, "Compromised security (signature)"); AH_Job_SetStatus(j, AH_JobStatusError); return rv; } if (responseName && *responseName) { GWEN_DB_NODE *dbXA; dbXA=GWEN_DB_GetGroup(dbCurr, GWEN_PATH_FLAGS_NAMEMUSTEXIST, "data"); if (dbXA) dbXA=GWEN_DB_GetGroup(dbXA, GWEN_PATH_FLAGS_NAMEMUSTEXIST, responseName); if (dbXA) { const void *p; unsigned int bs; const char *fiId; fiId=GWEN_DB_GetCharValue(dbXA, "fiId", 0, NULL); p=GWEN_DB_GetBinValue(dbXA, "transfer", 0, 0, 0, &bs); if (p && bs) { rv=AH_Job_SepaStandingOrdersGet__ReadSto(j, ctx, p, bs, fiId); if (rv<0) { DBG_INFO(AQHBCI_LOGDOMAIN, "here (%d)", rv); DBG_WARN(AQHBCI_LOGDOMAIN, "Error reading standing order from data, ignoring (%d)", rv); } } } } dbCurr=GWEN_DB_GetNextGroup(dbCurr); } return 0; }
LC_CLIENT_RESULT LC_DDVCard_CryptCharBlock(LC_CARD *card, const char *data, unsigned int dlen, GWEN_BUFFER *obuf){ LC_DDVCARD *ddv; GWEN_DB_NODE *dbReq; GWEN_DB_NODE *dbResp; LC_CLIENT_RESULT res; const void *p; unsigned int bs; assert(card); ddv=GWEN_INHERIT_GETDATA(LC_CARD, LC_DDVCARD, card); assert(ddv); if (dlen!=8) { DBG_ERROR(LC_LOGDOMAIN, "In-block must exactly be 8 bytes in length (is %d)", dlen); return LC_Client_ResultDataError; } dbReq=GWEN_DB_Group_new("CryptBlock"); dbResp=GWEN_DB_Group_new("response"); GWEN_DB_SetBinValue(dbReq, GWEN_DB_FLAGS_DEFAULT, "in", data, dlen); res=LC_Card_ExecCommand(card, "CryptBlock", dbReq, dbResp); if (res!=LC_Client_ResultOk) { GWEN_DB_Group_free(dbReq); GWEN_DB_Group_free(dbResp); return res; } p=GWEN_DB_GetBinValue(dbResp, "response/out", 0, 0, 0, &bs); if ( p && bs==8) GWEN_Buffer_AppendBytes(obuf, p, bs); else { DBG_ERROR(LC_LOGDOMAIN, "Expected 8 bytes response, got %d bytes", bs); GWEN_DB_Group_free(dbReq); GWEN_DB_Group_free(dbResp); return LC_Client_ResultDataError; } GWEN_DB_Group_free(dbReq); GWEN_DB_Group_free(dbResp); return LC_Client_ResultOk; }
LC_CLIENT_RESULT LC_DDVCard_GetChallenge(LC_CARD *card, GWEN_BUFFER *mbuf){ LC_DDVCARD *ddv; GWEN_DB_NODE *dbReq; GWEN_DB_NODE *dbResp; LC_CLIENT_RESULT res; const void *p; unsigned int bs; assert(card); ddv=GWEN_INHERIT_GETDATA(LC_CARD, LC_DDVCARD, card); assert(ddv); dbReq=GWEN_DB_Group_new("GetChallenge"); dbResp=GWEN_DB_Group_new("response"); res=LC_Card_ExecCommand(card, "GetChallenge", dbReq, dbResp); if (res!=LC_Client_ResultOk) { GWEN_DB_Group_free(dbReq); GWEN_DB_Group_free(dbResp); return res; } p=GWEN_DB_GetBinValue(dbResp, "response/challenge", 0, 0, 0, &bs); if (p && bs==8) { GWEN_Buffer_AppendBytes(mbuf, p, bs); } else { DBG_ERROR(LC_LOGDOMAIN, "Expected 8 bytes response, got %d bytes", bs); GWEN_DB_Group_free(dbReq); GWEN_DB_Group_free(dbResp); return LC_Client_ResultDataError; } GWEN_DB_Group_free(dbReq); GWEN_DB_Group_free(dbResp); return res; }
int AH_Msg_DecryptPinTan(AH_MSG *hmsg, GWEN_DB_NODE *gr){ AH_HBCI *h; GWEN_BUFFER *mbuf; uint32_t l; const uint8_t *p; GWEN_MSGENGINE *e; AB_USER *u; const char *peerId; // uint32_t uFlags; GWEN_DB_NODE *nhead=NULL; GWEN_DB_NODE *ndata=NULL; const char *crypterId; assert(hmsg); h=AH_Dialog_GetHbci(hmsg->dialog); assert(h); e=AH_Dialog_GetMsgEngine(hmsg->dialog); assert(e); GWEN_MsgEngine_SetMode(e, "pintan"); u=AH_Dialog_GetDialogOwner(hmsg->dialog); // uFlags=AH_User_GetFlags(u); peerId=AH_User_GetPeerId(u); if (!peerId || *peerId==0) peerId=AB_User_GetUserId(u); /* get encrypted session key */ nhead=GWEN_DB_GetGroup(gr, GWEN_DB_FLAGS_DEFAULT | GWEN_PATH_FLAGS_NAMEMUSTEXIST, "CryptHead"); if (!nhead) { DBG_ERROR(AQHBCI_LOGDOMAIN, "No crypt head"); return GWEN_ERROR_BAD_DATA; } ndata=GWEN_DB_GetGroup(gr, GWEN_DB_FLAGS_DEFAULT | GWEN_PATH_FLAGS_NAMEMUSTEXIST, "CryptData"); if (!ndata) { DBG_ERROR(AQHBCI_LOGDOMAIN, "No crypt data"); return GWEN_ERROR_BAD_DATA; } crypterId=GWEN_DB_GetCharValue(nhead, "key/userId", 0, I18N("unknown")); /* get encrypted data */ p=GWEN_DB_GetBinValue(ndata, "CryptData", 0, 0,0, &l); if (!p || !l) { DBG_ERROR(AQHBCI_LOGDOMAIN, "No crypt data"); return GWEN_ERROR_BAD_DATA; } /* decipher message with session key */ mbuf=GWEN_Buffer_new(0, l, 0, 1); GWEN_Buffer_AppendBytes(mbuf, (const char*)p, l); /* store crypter id */ AH_Msg_SetCrypterId(hmsg, crypterId); /* store new buffer inside message */ GWEN_Buffer_free(hmsg->origbuffer); hmsg->origbuffer=hmsg->buffer; GWEN_Buffer_Rewind(mbuf); hmsg->buffer=mbuf; return 0; }
int logFile(AB_BANKING *ab, GWEN_DB_NODE *dbArgs, int argc, char **argv) { int rv; GWEN_DB_NODE *db; GWEN_DB_NODE *dbMessages; const char *s; GWEN_MSGENGINE *e; GWEN_SYNCIO *sioOut=NULL; GWEN_SYNCIO *sioDb=NULL; const char *inFile; const char *outFile; const char *dbOutFile; int i; GWEN_DB_NODE *dbT; int trustLevel; const GWEN_ARGS args[]={ { GWEN_ARGS_FLAGS_HAS_ARGUMENT, /* flags */ GWEN_ArgsType_Char, /* type */ "xmlfile", /* name */ 0, /* minnum */ 99, /* maxnum */ "x", /* short option */ "xmlfile", /* long option */ "Specify XML files to load", /* short description */ "Specify XML files to load" /* long description */ }, { GWEN_ARGS_FLAGS_HAS_ARGUMENT, /* flags */ GWEN_ArgsType_Char, /* type */ "infile", /* name */ 1, /* minnum */ 1, /* maxnum */ "i", /* short option */ "infile", /* long option */ "Specify input file", /* short description */ "Specify input file" /* long description */ }, { GWEN_ARGS_FLAGS_HAS_ARGUMENT, /* flags */ GWEN_ArgsType_Char, /* type */ "outfile", /* name */ 0, /* minnum */ 1, /* maxnum */ "o", /* short option */ "outfile", /* long option */ "Specify output file", /* short description */ "Specify output file" /* long description */ }, { GWEN_ARGS_FLAGS_HAS_ARGUMENT, /* flags */ GWEN_ArgsType_Char, /* type */ "dboutfile", /* name */ 0, /* minnum */ 1, /* maxnum */ "d", /* short option */ "dbfile", /* long option */ "Specify DB output file", /* short description */ "Specify DB output file" /* long description */ }, { GWEN_ARGS_FLAGS_HAS_ARGUMENT, /* flags */ GWEN_ArgsType_Int, /* type */ "trustLevel", /* name */ 0, /* minnum */ 1, /* maxnum */ "L", /* short option */ "trustlevel", /* long option */ "Specify the trust level", /* short description */ "Specify the trust level" /* long description */ }, { GWEN_ARGS_FLAGS_HELP | GWEN_ARGS_FLAGS_LAST, /* flags */ GWEN_ArgsType_Int, /* type */ "help", /* name */ 0, /* minnum */ 0, /* maxnum */ "h", /* short option */ "help", /* long option */ "Show this help screen", /* short description */ "Show this help screen" /* long description */ } }; db=GWEN_DB_GetGroup(dbArgs, GWEN_DB_FLAGS_DEFAULT, "local"); rv=GWEN_Args_Check(argc, argv, 1, 0 /*GWEN_ARGS_MODE_ALLOW_FREEPARAM*/, args, db); if (rv==GWEN_ARGS_RESULT_ERROR) { fprintf(stderr, "ERROR: Could not parse arguments\n"); return 1; } else if (rv==GWEN_ARGS_RESULT_HELP) { GWEN_BUFFER *ubuf; ubuf=GWEN_Buffer_new(0, 1024, 0, 1); if (GWEN_Args_Usage(args, ubuf, GWEN_ArgsOutType_Txt)) { fprintf(stderr, "ERROR: Could not create help string\n"); return 1; } fprintf(stderr, "%s\n", GWEN_Buffer_GetStart(ubuf)); GWEN_Buffer_free(ubuf); return 0; } trustLevel=GWEN_DB_GetIntValue(db, "trustLevel", 0, 0); outFile=GWEN_DB_GetCharValue(db, "outFile", 0, NULL); dbOutFile=GWEN_DB_GetCharValue(db, "dbOutFile", 0, NULL); inFile=GWEN_DB_GetCharValue(db, "inFile", 0, NULL); assert(inFile); /* do it */ dbMessages=GWEN_DB_Group_new("Messages"); rv=_readLogFile(inFile, dbMessages); if (rv<0) { DBG_ERROR(0, "Error reading message (%d)", rv); return 2; } /* create message engine, read XML definitions */ e=AH_MsgEngine_new(); for (i=0; i<99; i++) { s=GWEN_DB_GetCharValue(dbArgs, "xmlfile", i, NULL); if (s && *s) { GWEN_XMLNODE *defs; defs=GWEN_XMLNode_new(GWEN_XMLNodeTypeTag, "defs"); if (GWEN_XML_ReadFile(defs, s, GWEN_XML_FLAGS_DEFAULT)){ fprintf(stderr, "Error parsing.\n"); GWEN_MsgEngine_free(e); return 2; } GWEN_MsgEngine_AddDefinitions(e, defs); GWEN_XMLNode_free(defs); } else { if (i==0) { GWEN_XMLNODE *defs; defs=GWEN_XMLNode_new(GWEN_XMLNodeTypeTag, "defs"); if (GWEN_XML_ReadFile(defs, XMLDATA_DIR "/hbci.xml", GWEN_XML_FLAGS_DEFAULT)){ fprintf(stderr, "Error parsing.\n"); GWEN_MsgEngine_free(e); return 2; } GWEN_MsgEngine_AddDefinitions(e, defs); GWEN_XMLNode_free(defs); } break; } } if (outFile) { sioOut=GWEN_SyncIo_File_new(outFile, GWEN_SyncIo_File_CreationMode_CreateAlways); GWEN_SyncIo_AddFlags(sioOut, GWEN_SYNCIO_FILE_FLAGS_READ | GWEN_SYNCIO_FILE_FLAGS_WRITE | GWEN_SYNCIO_FILE_FLAGS_UREAD | GWEN_SYNCIO_FILE_FLAGS_UWRITE | GWEN_SYNCIO_FILE_FLAGS_APPEND); rv=GWEN_SyncIo_Connect(sioOut); if (rv<0) { DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv); GWEN_SyncIo_free(sioOut); return 2; } } if (dbOutFile) { sioDb=GWEN_SyncIo_File_new(dbOutFile, GWEN_SyncIo_File_CreationMode_CreateAlways); GWEN_SyncIo_AddFlags(sioDb, GWEN_SYNCIO_FILE_FLAGS_READ | GWEN_SYNCIO_FILE_FLAGS_WRITE | GWEN_SYNCIO_FILE_FLAGS_UREAD | GWEN_SYNCIO_FILE_FLAGS_UWRITE | GWEN_SYNCIO_FILE_FLAGS_APPEND); rv=GWEN_SyncIo_Connect(sioDb); if (rv<0) { DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv); GWEN_SyncIo_free(sioDb); return 2; } } dbT=GWEN_DB_GetFirstGroup(dbMessages); while(dbT) { const uint8_t *p; uint32_t len; GWEN_DB_NODE *dbHeader; dbHeader=GWEN_DB_GetGroup(dbT, GWEN_PATH_FLAGS_NAMEMUSTEXIST, "header"); assert(dbHeader); s=GWEN_DB_GetCharValue(dbHeader, "mode", 0, "PINTAN"); GWEN_MsgEngine_SetMode(e, s); i=GWEN_DB_GetIntValue(dbHeader, "hbciVersion", 0, 220); GWEN_MsgEngine_SetProtocolVersion(e, i); p=GWEN_DB_GetBinValue(dbT, "body", 0, NULL, 0, &len); if (p && len) { GWEN_BUFFER *tbuf; GWEN_DB_NODE *gr; GWEN_MSGENGINE_TRUSTEDDATA *trustedData; GWEN_MSGENGINE_TRUSTEDDATA *ntd; GWEN_DB_NODE *repl; gr=GWEN_DB_Group_new("message"); tbuf=GWEN_Buffer_new((char*) p, len, len, 0); rv=GWEN_MsgEngine_ReadMessage(e, "SEG", tbuf, gr, GWEN_MSGENGINE_READ_FLAGS_TRUSTINFO); if (rv) { fprintf(stderr, "ERROR.\n"); GWEN_Buffer_Dump(tbuf, 2); return 2; } /* work on trust data */ trustedData=GWEN_MsgEngine_TakeTrustInfo(e); if (trustedData) { if (GWEN_MsgEngine_TrustedData_CreateReplacements(trustedData)) { fprintf(stderr, "Could not anonymize log (createReplacements)\n"); GWEN_MsgEngine_TrustedData_free(trustedData); GWEN_MsgEngine_free(e); return 2; } } /* anonymize file */ ntd=trustedData; repl=GWEN_DB_GetGroup(dbHeader, GWEN_DB_FLAGS_OVERWRITE_GROUPS, "replacements"); assert(repl); while(ntd) { if (GWEN_MsgEngine_TrustedData_GetTrustLevel(ntd)>trustLevel) { int pos; unsigned int size; char rbuffer[3]; const char *rpstr; rpstr=GWEN_MsgEngine_TrustedData_GetReplacement(ntd); assert(rpstr); assert(*rpstr); size=strlen(rpstr); if (size==1) { rbuffer[0]=rpstr[0]; rbuffer[1]=0; } else { rbuffer[0]=rpstr[0]; rbuffer[1]=rpstr[1]; rbuffer[2]=0; } GWEN_DB_SetCharValue(repl, GWEN_DB_FLAGS_DEFAULT | GWEN_PATH_FLAGS_CREATE_VAR, rbuffer, GWEN_MsgEngine_TrustedData_GetDescription(ntd)); size=GWEN_MsgEngine_TrustedData_GetSize(ntd); pos=GWEN_MsgEngine_TrustedData_GetFirstPos(ntd); while(pos>=0) { DBG_INFO(0, "Replacing %d bytes at %d", size, pos); GWEN_Buffer_SetPos(tbuf, pos); GWEN_Buffer_ReplaceBytes(tbuf, size, GWEN_MsgEngine_TrustedData_GetReplacement(ntd), size); pos=GWEN_MsgEngine_TrustedData_GetNextPos(ntd); } // while pos } ntd=GWEN_MsgEngine_TrustedData_GetNext(ntd); } // while ntd GWEN_DB_SetIntValue(dbHeader, GWEN_DB_FLAGS_OVERWRITE_VARS, "size", GWEN_Buffer_GetUsedBytes(tbuf)); if (outFile) { rv=dumpMsg(sioOut, dbHeader, (const uint8_t*)GWEN_Buffer_GetStart(tbuf), GWEN_Buffer_GetUsedBytes(tbuf)); if (rv<0) { fprintf(stderr, "Could not anonymize log (dumpMsg)\n"); GWEN_MsgEngine_TrustedData_free(trustedData); GWEN_MsgEngine_free(e); return 2; } } if (dbOutFile) { GWEN_BUFFER *xbuf; GWEN_DB_NODE *dbOut; xbuf=GWEN_Buffer_new(0, 256, 0, 1); GWEN_Buffer_AppendString(xbuf, "# ========== Message ( "); s=GWEN_DB_GetCharValue(dbHeader, "sender", 0, "UNK"); if (s && *s) { GWEN_Buffer_AppendString(xbuf, "sender="); GWEN_Buffer_AppendString(xbuf, s); GWEN_Buffer_AppendString(xbuf, " "); } s=GWEN_DB_GetCharValue(dbHeader, "crypt", 0, "UNK"); if (s && *s) { GWEN_Buffer_AppendString(xbuf, "crypt="); GWEN_Buffer_AppendString(xbuf, s); GWEN_Buffer_AppendString(xbuf, " "); } GWEN_Buffer_AppendString(xbuf, ") ==========\n"); dbOut=GWEN_DB_Group_new("Message"); GWEN_Buffer_Rewind(tbuf); rv=GWEN_MsgEngine_ReadMessage(e, "SEG", tbuf, dbOut, 0); if (rv) { fprintf(stderr, "ERROR.\n"); GWEN_Buffer_Dump(tbuf, 2); return 2; } rv=GWEN_SyncIo_WriteForced(sioDb, (const uint8_t*) GWEN_Buffer_GetStart(xbuf), GWEN_Buffer_GetUsedBytes(xbuf)); GWEN_Buffer_free(xbuf); if (rv<0) { DBG_INFO(0, "here (%d)", rv); return rv; } rv=GWEN_DB_WriteToIo(dbOut, sioDb, GWEN_DB_FLAGS_DEFAULT); if (rv<0) { DBG_INFO(0, "here (%d)", rv); return 2; } /* append empty line to separate header from data */ rv=GWEN_SyncIo_WriteForced(sioDb, (const uint8_t*) "\n", 1); if (rv<0) { DBG_INFO(0, "here (%d)", rv); return rv; } } GWEN_Buffer_free(tbuf); } dbT=GWEN_DB_GetNextGroup(dbT); } /* close output layer */ if (outFile) { rv=GWEN_SyncIo_Disconnect(sioOut); if (rv<0) { DBG_INFO(AQHBCI_LOGDOMAIN, "here (%d)", rv); GWEN_SyncIo_free(sioOut); return 2; } GWEN_SyncIo_free(sioOut); } if (dbOutFile) { rv=GWEN_SyncIo_Disconnect(sioDb); if (rv<0) { DBG_INFO(AQHBCI_LOGDOMAIN, "here (%d)", rv); GWEN_SyncIo_free(sioDb); return 2; } GWEN_SyncIo_free(sioDb); } return 0; }
/* --------------------------------------------------------------- FUNCTION */ int AH_Job_GetTransactions_Process(AH_JOB *j, AB_IMEXPORTER_CONTEXT *ctx) { AH_JOB_GETTRANSACTIONS *aj; AB_ACCOUNT *a; AB_IMEXPORTER_ACCOUNTINFO *ai; GWEN_DB_NODE *dbResponses; GWEN_DB_NODE *dbCurr; GWEN_BUFFER *tbooked; GWEN_BUFFER *tnoted; int rv; DBG_INFO(AQHBCI_LOGDOMAIN, "Processing JobGetTransactions"); assert(j); aj=GWEN_INHERIT_GETDATA(AH_JOB, AH_JOB_GETTRANSACTIONS, j); assert(aj); tbooked=GWEN_Buffer_new(0, 1024, 0, 1); tnoted=GWEN_Buffer_new(0, 1024, 0, 1); dbResponses=AH_Job_GetResponses(j); assert(dbResponses); /* search for "Transactions" */ dbCurr=GWEN_DB_GetFirstGroup(dbResponses); while (dbCurr) { GWEN_DB_NODE *dbXA; rv=AH_Job_CheckEncryption(j, dbCurr); if (rv) { DBG_INFO(AQHBCI_LOGDOMAIN, "Compromised security (encryption)"); GWEN_Buffer_free(tbooked); GWEN_Buffer_free(tnoted); AH_Job_SetStatus(j, AH_JobStatusError); return rv; } rv=AH_Job_CheckSignature(j, dbCurr); if (rv) { DBG_INFO(AQHBCI_LOGDOMAIN, "Compromised security (signature)"); GWEN_Buffer_free(tbooked); GWEN_Buffer_free(tnoted); AH_Job_SetStatus(j, AH_JobStatusError); return rv; } dbXA=GWEN_DB_GetGroup(dbCurr, GWEN_PATH_FLAGS_NAMEMUSTEXIST, "data/transactions"); if (dbXA) { const void *p; unsigned int bs; if (GWEN_Logger_GetLevel(0)>=GWEN_LoggerLevel_Debug) GWEN_DB_Dump(dbXA, 2); p=GWEN_DB_GetBinValue(dbXA, "booked", 0, 0, 0, &bs); if (p && bs) GWEN_Buffer_AppendBytes(tbooked, p, bs); p=GWEN_DB_GetBinValue(dbXA, "noted", 0, 0, 0, &bs); if (p && bs) GWEN_Buffer_AppendBytes(tnoted, p, bs); } /* if "Transactions" */ dbCurr=GWEN_DB_GetNextGroup(dbCurr); } GWEN_Buffer_Rewind(tbooked); GWEN_Buffer_Rewind(tnoted); /* now the buffers contain data to be parsed by DBIOs */ a=AH_AccountJob_GetAccount(j); assert(a); ai=AB_ImExporterContext_GetOrAddAccountInfo(ctx, AB_Account_GetUniqueId(a), AB_Account_GetIban(a), AB_Account_GetBankCode(a), AB_Account_GetAccountNumber(a), AB_Account_GetAccountType(a)); assert(ai); /* read booked transactions */ if (GWEN_Buffer_GetUsedBytes(tbooked)) { if (getenv("AQHBCI_LOGBOOKED")) { FILE *f; f=fopen("/tmp/booked.mt", "w+"); if (f) { if (fwrite(GWEN_Buffer_GetStart(tbooked), GWEN_Buffer_GetUsedBytes(tbooked), 1, f)!=1) { DBG_ERROR(AQHBCI_LOGDOMAIN, "fwrite: %s", strerror(errno)); } if (fclose(f)) { DBG_ERROR(AQHBCI_LOGDOMAIN, "fclose: %s", strerror(errno)); } } } if (AH_Job_GetTransactions__ReadTransactions(j, ai, "SWIFT-MT940", AB_Transaction_TypeStatement, (const uint8_t *) GWEN_Buffer_GetStart(tbooked), GWEN_Buffer_GetUsedBytes(tbooked))) { GWEN_Buffer_free(tbooked); GWEN_Buffer_free(tnoted); DBG_INFO(AQHBCI_LOGDOMAIN, "Error parsing booked transactions"); AH_Job_SetStatus(j, AH_JobStatusError); return -1; } } /* read noted transactions */ if (GWEN_Buffer_GetUsedBytes(tnoted)) { if (getenv("AQHBCI_LOGNOTED")) { FILE *f; f=fopen("/tmp/noted.mt", "w+"); if (f) { if (fwrite(GWEN_Buffer_GetStart(tnoted), GWEN_Buffer_GetUsedBytes(tnoted), 1, f)!=1) { DBG_ERROR(AQHBCI_LOGDOMAIN, "fwrite: %s", strerror(errno)); } if (fclose(f)) { DBG_ERROR(AQHBCI_LOGDOMAIN, "fclose: %s", strerror(errno)); } } } if (AH_Job_GetTransactions__ReadTransactions(j, ai, "SWIFT-MT942", AB_Transaction_TypeNotedStatement, (const uint8_t *) GWEN_Buffer_GetStart(tnoted), GWEN_Buffer_GetUsedBytes(tnoted))) { GWEN_Buffer_free(tbooked); GWEN_Buffer_free(tnoted); DBG_INFO(AQHBCI_LOGDOMAIN, "Error parsing noted transactions"); AH_Job_SetStatus(j, AH_JobStatusError); return -1; } } if (GWEN_Logger_GetLevel(AQHBCI_LOGDOMAIN)>=GWEN_LoggerLevel_Debug) { GWEN_DB_NODE *gn; AB_TRANSACTION *ttmp; DBG_INFO(AQHBCI_LOGDOMAIN, "*** Dumping transactions *******************"); ttmp=AB_ImExporterAccountInfo_GetFirstTransaction(ai, 0, 0); while (ttmp) { DBG_INFO(AQHBCI_LOGDOMAIN, "*** --------------------------------------"); gn=GWEN_DB_Group_new("transaction"); AB_Transaction_toDb(ttmp, gn); GWEN_DB_Dump(gn, 2); GWEN_DB_Group_free(gn); ttmp=AB_Transaction_List_Next(ttmp); } DBG_INFO(AQHBCI_LOGDOMAIN, "*** End dumping transactions ***************"); } GWEN_Buffer_free(tbooked); GWEN_Buffer_free(tnoted); return 0; }
int AH_Msg_VerifyRdh2(AH_MSG *hmsg, GWEN_DB_NODE *gr) { AH_HBCI *h; GWEN_LIST *sigheads; GWEN_LIST *sigtails; GWEN_DB_NODE *n; int nonSigHeads; int nSigheads; unsigned int dataBegin; char *dataStart; unsigned int dataLength; unsigned int i; AB_USER *u; GWEN_CRYPT_TOKEN *ct; const GWEN_CRYPT_TOKEN_CONTEXT *ctx; const GWEN_CRYPT_TOKEN_KEYINFO *ki; uint32_t keyId; int ksize; int rv; uint32_t gid; assert(hmsg); h=AH_Dialog_GetHbci(hmsg->dialog); assert(h); u=AH_Dialog_GetDialogOwner(hmsg->dialog); assert(u); gid=0; /* get crypt token of signer */ rv=AB_Banking_GetCryptToken(AH_HBCI_GetBankingApi(h), AH_User_GetTokenType(u), AH_User_GetTokenName(u), &ct); if (rv) { DBG_INFO(AQHBCI_LOGDOMAIN, "Could not get crypt token for user \"%s\" (%d)", AB_User_GetUserId(u), rv); return rv; } /* open CryptToken if necessary */ if (!GWEN_Crypt_Token_IsOpen(ct)) { GWEN_Crypt_Token_AddModes(ct, GWEN_CRYPT_TOKEN_MODE_DIRECT_SIGN); rv=GWEN_Crypt_Token_Open(ct, 0, gid); if (rv) { DBG_INFO(AQHBCI_LOGDOMAIN, "Could not open crypt token for user \"%s\" (%d)", AB_User_GetUserId(u), rv); return rv; } } /* get context and key info */ ctx=GWEN_Crypt_Token_GetContext(ct, AH_User_GetTokenContextId(u), gid); if (ctx==NULL) { DBG_INFO(AQHBCI_LOGDOMAIN, "Context %d not found on crypt token [%s:%s]", AH_User_GetTokenContextId(u), GWEN_Crypt_Token_GetTypeName(ct), GWEN_Crypt_Token_GetTokenName(ct)); return GWEN_ERROR_NOT_FOUND; } /* let's go */ sigheads=GWEN_List_new(); /* enumerate signature heads */ nonSigHeads=0; nSigheads=0; n=GWEN_DB_GetFirstGroup(gr); while(n) { if (strcasecmp(GWEN_DB_GroupName(n), "SigHead")==0) { /* found a signature head */ if (nonSigHeads) { DBG_ERROR(AQHBCI_LOGDOMAIN, "Found some unsigned parts at the beginning"); GWEN_List_free(sigheads); return GWEN_ERROR_BAD_DATA; } GWEN_List_PushBack(sigheads, n); nSigheads++; } else if (strcasecmp(GWEN_DB_GroupName(n), "MsgHead")!=0) { if (nSigheads) break; nonSigHeads++; } n=GWEN_DB_GetNextGroup(n); } /* while */ if (!n) { if (nSigheads) { DBG_ERROR(AQHBCI_LOGDOMAIN, "Found Signature heads but no other segments"); GWEN_List_free(sigheads); return GWEN_ERROR_BAD_DATA; } DBG_DEBUG(AQHBCI_LOGDOMAIN, "No signatures"); GWEN_List_free(sigheads); return 0; } /* only now we need the verify key */ keyId=GWEN_Crypt_Token_Context_GetVerifyKeyId(ctx); if (keyId==0) { DBG_INFO(AQHBCI_LOGDOMAIN, "No verify key id on crypt token [%s:%s]", GWEN_Crypt_Token_GetTypeName(ct), GWEN_Crypt_Token_GetTokenName(ct)); return GWEN_ERROR_NOT_FOUND; } ki=GWEN_Crypt_Token_GetKeyInfo(ct, keyId, 0xffffffff, gid); if (ki==NULL) { DBG_INFO(AQHBCI_LOGDOMAIN, "Keyinfo %04x not found on crypt token [%s:%s]", keyId, GWEN_Crypt_Token_GetTypeName(ct), GWEN_Crypt_Token_GetTokenName(ct)); /* no longer return an error, it might be ok to not have a key info * even if we do not propagate the error here the check functions will * later find out that the signature is missing */ return 0; } ksize=GWEN_Crypt_Token_KeyInfo_GetKeySize(ki); assert(ksize<=256); /* store begin of signed data */ dataBegin=GWEN_DB_GetIntValue(n, "segment/pos", 0, 0); if (!dataBegin) { DBG_ERROR(AQHBCI_LOGDOMAIN, "No position specifications in segment"); GWEN_List_free(sigheads); return GWEN_ERROR_BAD_DATA; } /* now get first signature tail */ while(n) { if (strcasecmp(GWEN_DB_GroupName(n), "SigTail")==0) { unsigned int currpos; /* found a signature tail */ currpos=GWEN_DB_GetIntValue(n, "segment/pos", 0, 0); if (!currpos || dataBegin>currpos) { DBG_ERROR(AQHBCI_LOGDOMAIN, "Bad position specification in Signature tail"); GWEN_List_free(sigheads); return GWEN_ERROR_BAD_DATA; } dataLength=currpos-dataBegin; break; } n=GWEN_DB_GetNextGroup(n); } /* while */ if (!n) { DBG_ERROR(AQHBCI_LOGDOMAIN, "No signature tail found"); GWEN_List_free(sigheads); return GWEN_ERROR_BAD_DATA; } sigtails=GWEN_List_new(); while(n) { if (strcasecmp(GWEN_DB_GroupName(n), "SigTail")!=0) break; GWEN_List_PushBack(sigtails, n); n=GWEN_DB_GetNextGroup(n); } /* while */ if (!n) { DBG_ERROR(AQHBCI_LOGDOMAIN, "Message tail expected"); GWEN_List_free(sigheads); GWEN_List_free(sigtails); return GWEN_ERROR_BAD_DATA; } if (strcasecmp(GWEN_DB_GroupName(n), "MsgTail")!=0) { DBG_ERROR(AQHBCI_LOGDOMAIN, "Unexpected segment (msg tail expected)"); GWEN_List_free(sigheads); GWEN_List_free(sigtails); return GWEN_ERROR_BAD_DATA; } n=GWEN_DB_GetNextGroup(n); if (n) { DBG_ERROR(AQHBCI_LOGDOMAIN, "Unexpected segment (end expected)"); GWEN_List_free(sigheads); GWEN_List_free(sigtails); return GWEN_ERROR_BAD_DATA; } if (GWEN_List_GetSize(sigheads)!= GWEN_List_GetSize(sigtails)) { DBG_ERROR(AQHBCI_LOGDOMAIN, "Number of signature heads (%d) does not match " "number of signature tails (%d)", GWEN_List_GetSize(sigheads), GWEN_List_GetSize(sigtails)); GWEN_List_free(sigheads); GWEN_List_free(sigtails); return GWEN_ERROR_BAD_DATA; } /* ok, now verify all signatures */ dataStart=GWEN_Buffer_GetStart(hmsg->buffer)+dataBegin; for (i=0; i< GWEN_List_GetSize(sigtails); i++) { GWEN_DB_NODE *sighead; GWEN_DB_NODE *sigtail; const uint8_t *p; uint32_t l; int rv; uint8_t hash[20]; const char *signerId; /* get signature tail */ sigtail=(GWEN_DB_NODE*)GWEN_List_GetBack(sigtails); /* get corresponding signature head */ sighead=(GWEN_DB_NODE*)GWEN_List_GetFront(sigheads); if (!sighead || !sigtail) { DBG_ERROR(AQHBCI_LOGDOMAIN, "No signature head/tail left (internal error)"); GWEN_List_free(sigheads); GWEN_List_free(sigtails); return GWEN_ERROR_INTERNAL; } GWEN_List_PopBack(sigtails); GWEN_List_PopFront(sigheads); signerId=GWEN_DB_GetCharValue(sighead, "key/userid", 0, I18N("unknown")); /* some checks */ if (strcasecmp(GWEN_DB_GetCharValue(sighead, "ctrlref", 0, ""), GWEN_DB_GetCharValue(sigtail, "ctrlref", 0, ""))!=0) { DBG_ERROR(AQHBCI_LOGDOMAIN, "Non-matching signature tail"); GWEN_List_free(sigheads); GWEN_List_free(sigtails); return GWEN_ERROR_BAD_DATA; } /* hash signature head and data */ if (1) { GWEN_MDIGEST *md; /* hash sighead + data */ p=(const uint8_t*)GWEN_Buffer_GetStart(hmsg->buffer); p+=GWEN_DB_GetIntValue(sighead, "segment/pos", 0, 0); l=GWEN_DB_GetIntValue(sighead, "segment/length", 0, 0); md=GWEN_MDigest_Rmd160_new(); rv=GWEN_MDigest_Begin(md); if (rv==0) /* digest signature head */ rv=GWEN_MDigest_Update(md, p, l); if (rv==0) /* digest data */ rv=GWEN_MDigest_Update(md, (const uint8_t*)dataStart, dataLength); if (rv==0) rv=GWEN_MDigest_End(md); if (rv<0) { DBG_ERROR(AQHBCI_LOGDOMAIN, "Hash error (%d)", rv); GWEN_MDigest_free(md); GWEN_List_free(sigheads); GWEN_List_free(sigtails); return rv; } memmove(hash, GWEN_MDigest_GetDigestPtr(md), GWEN_MDigest_GetDigestSize(md)); GWEN_MDigest_free(md); } /* verify signature */ p=GWEN_DB_GetBinValue(sigtail, "signature", 0, 0, 0, &l); if (p && l) { GWEN_CRYPT_PADDALGO *algo; algo=GWEN_Crypt_PaddAlgo_new(GWEN_Crypt_PaddAlgoId_Iso9796_2); GWEN_Crypt_PaddAlgo_SetPaddSize(algo, ksize); rv=GWEN_Crypt_Token_Verify(ct, keyId, algo, hash, 20, p, l, 0, gid); GWEN_Crypt_PaddAlgo_free(algo); if (rv) { if (rv==GWEN_ERROR_NO_KEY) { DBG_ERROR(AQHBCI_LOGDOMAIN, "Unable to verify signature of user \"%s\" (no key)", signerId); GWEN_Gui_ProgressLog(gid, GWEN_LoggerLevel_Error, I18N("Unable to verify signature (no key)")); } else { GWEN_BUFFER *tbuf; tbuf=GWEN_Buffer_new(0, 32, 0, 1); if (rv==GWEN_ERROR_VERIFY) { DBG_ERROR(AQHBCI_LOGDOMAIN, "Invalid signature of user \"%s\"", signerId); GWEN_Gui_ProgressLog(gid, GWEN_LoggerLevel_Error, I18N("Invalid signature!!!")); GWEN_Buffer_AppendString(tbuf, "!"); } else { GWEN_Gui_ProgressLog(gid, GWEN_LoggerLevel_Error, I18N("Could not verify signature")); DBG_ERROR(AQHBCI_LOGDOMAIN, "Could not verify data with medium of user \"%s\" (%d)", AB_User_GetUserId(u), rv); GWEN_Buffer_AppendString(tbuf, "?"); } GWEN_Buffer_AppendString(tbuf, signerId); AH_Msg_AddSignerId(hmsg, GWEN_Buffer_GetStart(tbuf)); GWEN_Buffer_free(tbuf); } } else { DBG_INFO(AQHBCI_LOGDOMAIN, "Message signed by \"%s\"", signerId); AH_Msg_AddSignerId(hmsg, signerId); } } else { DBG_DEBUG(AQHBCI_LOGDOMAIN, "No signature"); GWEN_List_free(sigheads); GWEN_List_free(sigtails); return GWEN_ERROR_BAD_DATA; } DBG_DEBUG(AQHBCI_LOGDOMAIN, "Verification done"); } /* for */ GWEN_List_free(sigheads); GWEN_List_free(sigtails); return 0; }
int AH_Msg_DecryptRdh2(AH_MSG *hmsg, GWEN_DB_NODE *gr){ AH_HBCI *h; GWEN_BUFFER *mbuf; uint32_t l; int rv; const uint8_t *p; GWEN_MSGENGINE *e; AB_USER *u; const char *peerId; // uint32_t uFlags; GWEN_CRYPT_TOKEN *ct; const GWEN_CRYPT_TOKEN_CONTEXT *ctx; const GWEN_CRYPT_TOKEN_KEYINFO *ki; uint32_t keyId; GWEN_CRYPT_KEY *sk=NULL; uint8_t decKey[300]; GWEN_DB_NODE *nhead=NULL; GWEN_DB_NODE *ndata=NULL; const char *crypterId; uint32_t gid; assert(hmsg); h=AH_Dialog_GetHbci(hmsg->dialog); assert(h); e=AH_Dialog_GetMsgEngine(hmsg->dialog); assert(e); GWEN_MsgEngine_SetMode(e, "rdh"); gid=0; u=AH_Dialog_GetDialogOwner(hmsg->dialog); // uFlags=AH_User_GetFlags(u); peerId=AH_User_GetPeerId(u); if (!peerId || *peerId==0) peerId=AB_User_GetUserId(u); /* get crypt token of signer */ rv=AB_Banking_GetCryptToken(AH_HBCI_GetBankingApi(h), AH_User_GetTokenType(u), AH_User_GetTokenName(u), &ct); if (rv) { DBG_INFO(AQHBCI_LOGDOMAIN, "Could not get crypt token for user \"%s\" (%d)", AB_User_GetUserId(u), rv); return rv; } /* open CryptToken if necessary */ if (!GWEN_Crypt_Token_IsOpen(ct)) { GWEN_Crypt_Token_AddModes(ct, GWEN_CRYPT_TOKEN_MODE_DIRECT_SIGN); rv=GWEN_Crypt_Token_Open(ct, 0, gid); if (rv) { DBG_INFO(AQHBCI_LOGDOMAIN, "Could not open crypt token for user \"%s\" (%d)", AB_User_GetUserId(u), rv); return rv; } } /* get context and key info */ ctx=GWEN_Crypt_Token_GetContext(ct, AH_User_GetTokenContextId(u), gid); if (ctx==NULL) { DBG_INFO(AQHBCI_LOGDOMAIN, "Context %d not found on crypt token [%s:%s]", AH_User_GetTokenContextId(u), GWEN_Crypt_Token_GetTypeName(ct), GWEN_Crypt_Token_GetTokenName(ct)); return GWEN_ERROR_NOT_FOUND; } keyId=GWEN_Crypt_Token_Context_GetDecipherKeyId(ctx); ki=GWEN_Crypt_Token_GetKeyInfo(ct, keyId, 0xffffffff, gid); if (ki==NULL) { DBG_INFO(AQHBCI_LOGDOMAIN, "Keyinfo %04x not found on crypt token [%s:%s]", keyId, GWEN_Crypt_Token_GetTypeName(ct), GWEN_Crypt_Token_GetTokenName(ct)); return GWEN_ERROR_NOT_FOUND; } /* get encrypted session key */ nhead=GWEN_DB_GetGroup(gr, GWEN_DB_FLAGS_DEFAULT | GWEN_PATH_FLAGS_NAMEMUSTEXIST, "CryptHead"); if (!nhead) { DBG_ERROR(AQHBCI_LOGDOMAIN, "No crypt head"); return GWEN_ERROR_BAD_DATA; } ndata=GWEN_DB_GetGroup(gr, GWEN_DB_FLAGS_DEFAULT | GWEN_PATH_FLAGS_NAMEMUSTEXIST, "CryptData"); if (!ndata) { DBG_ERROR(AQHBCI_LOGDOMAIN, "No crypt data"); return GWEN_ERROR_BAD_DATA; } crypterId=GWEN_DB_GetCharValue(nhead, "key/userId", 0, I18N("unknown")); p=GWEN_DB_GetBinValue(nhead, "CryptAlgo/MsgKey", 0, 0,0, &l); if (p && l) { uint32_t elen; GWEN_CRYPT_PADDALGO *algo; uint8_t encKey[300]; int ksize; ksize=GWEN_Crypt_Token_KeyInfo_GetKeySize(ki); if (ksize<l) { DBG_WARN(AQHBCI_LOGDOMAIN, "Keyinfo keysize is smaller than size of transmitted key, adjusting"); ksize=l; } assert(ksize<=256); /* fill encoded key with 0 */ memset(encKey, 0, sizeof(encKey)); memmove(encKey+(ksize-l), p, l); algo=GWEN_Crypt_PaddAlgo_new(GWEN_Crypt_PaddAlgoId_None); elen=sizeof(decKey); rv=GWEN_Crypt_Token_Decipher(ct, keyId, algo, encKey, ksize, decKey, &elen, gid); GWEN_Crypt_PaddAlgo_free(algo); if (rv) { DBG_INFO(AQHBCI_LOGDOMAIN, "here (%d)", rv); return rv; } /* unpadd key (take right-handed 16 bytes) */ p=decKey+(elen-16); sk=GWEN_Crypt_KeyDes3K_fromData(GWEN_Crypt_CryptMode_Cbc, 24, p, 16); if (sk==NULL) { DBG_ERROR(AQHBCI_LOGDOMAIN, "Could not create DES key from data"); return GWEN_ERROR_BAD_DATA; } } else { DBG_ERROR(AQHBCI_LOGDOMAIN, "Missing message key"); return GWEN_ERROR_BAD_DATA; } /* get encrypted data */ p=GWEN_DB_GetBinValue(ndata, "CryptData", 0, 0,0, &l); if (!p || !l) { DBG_ERROR(AQHBCI_LOGDOMAIN, "No crypt data"); GWEN_Crypt_Key_free(sk); return GWEN_ERROR_BAD_DATA; } /* decipher message with session key */ mbuf=GWEN_Buffer_new(0, l, 0, 1); rv=GWEN_Crypt_Key_Decipher(sk, (const uint8_t*)p, l, (uint8_t*)GWEN_Buffer_GetPosPointer(mbuf), &l); GWEN_Crypt_Key_free(sk); if (rv<0) { DBG_INFO(AQHBCI_LOGDOMAIN, "Could not decipher with DES session key (%d)", rv); GWEN_Buffer_free(mbuf); return rv; } GWEN_Buffer_IncrementPos(mbuf, l); GWEN_Buffer_AdjustUsedBytes(mbuf); /* unpadd message */ rv=GWEN_Padd_UnpaddWithAnsiX9_23(mbuf); if (rv) { DBG_INFO(AQHBCI_LOGDOMAIN, "Error unpadding message with ANSI X9.23 (%d)", rv); GWEN_Buffer_free(mbuf); return rv; } /* store crypter id */ AH_Msg_SetCrypterId(hmsg, crypterId); /* store new buffer inside message */ GWEN_Buffer_free(hmsg->origbuffer); hmsg->origbuffer=hmsg->buffer; GWEN_Buffer_Rewind(mbuf); hmsg->buffer=mbuf; return 0; }
LC_CLIENT_RESULT LC_DDVCard_SignHash1(LC_CARD *card, GWEN_BUFFER *hbuf, GWEN_BUFFER *obuf){ LC_DDVCARD *ddv; GWEN_DB_NODE *dbReq; GWEN_DB_NODE *dbResp; LC_CLIENT_RESULT res; const void *p; unsigned int bs; assert(card); ddv=GWEN_INHERIT_GETDATA(LC_CARD, LC_DDVCARD, card); assert(ddv); if (GWEN_Buffer_GetUsedBytes(hbuf)!=20) { DBG_ERROR(LC_LOGDOMAIN, "Hash must exactly be 20 bytes in length (is %d)", GWEN_Buffer_GetUsedBytes(hbuf)); return LC_Client_ResultDataError; } /* write right part of the hash */ dbReq=GWEN_DB_Group_new("WriteHashR"); dbResp=GWEN_DB_Group_new("response"); GWEN_DB_SetBinValue(dbReq, GWEN_DB_FLAGS_DEFAULT, "hashR", GWEN_Buffer_GetStart(hbuf)+8, 12); res=LC_Card_ExecCommand(card, "WriteHashR", dbReq, dbResp); if (res!=LC_Client_ResultOk) { DBG_INFO(LC_LOGDOMAIN, "Error while executing WriteHashR"); GWEN_DB_Group_free(dbReq); GWEN_DB_Group_free(dbResp); return res; } GWEN_DB_Group_free(dbReq); GWEN_DB_Group_free(dbResp); /* write left part of hash and retrieve signed hash */ dbReq=GWEN_DB_Group_new("SignHash"); dbResp=GWEN_DB_Group_new("response"); GWEN_DB_SetBinValue(dbReq, GWEN_DB_FLAGS_DEFAULT, "hashL", GWEN_Buffer_GetStart(hbuf), 8); res=LC_Card_ExecCommand(card, "SignHash", dbReq, dbResp); if (res!=LC_Client_ResultOk) { DBG_INFO(LC_LOGDOMAIN, "Error while executing SignHash"); GWEN_DB_Group_free(dbReq); GWEN_DB_Group_free(dbResp); return res; } p=GWEN_DB_GetBinValue(dbResp, "response/signedHash", 0, 0, 0, &bs); if ( p && bs==8) GWEN_Buffer_AppendBytes(obuf, p, bs); else { DBG_ERROR(LC_LOGDOMAIN, "Expected 8 bytes response, got %d bytes", bs); GWEN_DB_Group_free(dbReq); GWEN_DB_Group_free(dbResp); return LC_Client_ResultDataError; } GWEN_DB_Group_free(dbReq); GWEN_DB_Group_free(dbResp); return LC_Client_ResultOk; }