static int EBC_Provider_SignMessage_X001(AB_PROVIDER *pro,
EB_MSG *msg,
AB_USER *u,
xmlNodePtr node) {
EBC_PROVIDER *dp;
int rv;
GWEN_CRYPT_TOKEN *ct;
const GWEN_CRYPT_TOKEN_CONTEXT *ctx;
const GWEN_CRYPT_TOKEN_KEYINFO *ki;
uint32_t keyId;
GWEN_BUFFER *hbuf;
GWEN_BUFFER *bbuf;
xmlNodePtr nodeX = NULL;
xmlNodePtr nodeXX = NULL;
xmlNodePtr nodeXXX = NULL;
xmlNodePtr nodeXXXX = NULL;
xmlNsPtr ns;
assert(pro);
dp=GWEN_INHERIT_GETDATA(AB_PROVIDER, EBC_PROVIDER, pro);
assert(dp);
/* get crypt token and context */
rv=EBC_Provider_MountToken(pro, u, &ct, &ctx);
if (rv<0) {
DBG_INFO(AQEBICS_LOGDOMAIN, "here (%d)", rv);
return rv;
}
/* get key id */
keyId=GWEN_Crypt_Token_Context_GetAuthSignKeyId(ctx);
ki=GWEN_Crypt_Token_GetKeyInfo(ct,
keyId,
0xffffffff,
0);
if (ki==NULL) {
DBG_INFO(AQEBICS_LOGDOMAIN,
"Keyinfo %04x not found on crypt token [%s:%s]",
keyId,
GWEN_Crypt_Token_GetTypeName(ct),
GWEN_Crypt_Token_GetTokenName(ct));
GWEN_Crypt_Token_Close(ct, 0, 0);
return GWEN_ERROR_NOT_FOUND;
}
/* prepare signature nodes */
ns=xmlSearchNs(EB_Msg_GetDoc(msg), node, BAD_CAST "ds");
assert(ns);
/* build hash */
bbuf=GWEN_Buffer_new(0, 256, 0, 1);
rv=EB_Msg_BuildHashSha1(msg, bbuf);
if (rv) {
DBG_ERROR(AQEBICS_LOGDOMAIN, "Could not build hash");
GWEN_Buffer_free(bbuf);
return rv;
}
/* base64 encode */
hbuf=GWEN_Buffer_new(0, 256, 0, 1);
rv=GWEN_Base64_Encode((const uint8_t*)GWEN_Buffer_GetStart(bbuf),
GWEN_Buffer_GetUsedBytes(bbuf),
hbuf, 0);
if (rv<0) {
DBG_INFO(AQEBICS_LOGDOMAIN, "here (%d)", rv);
GWEN_Buffer_free(hbuf);
GWEN_Buffer_free(bbuf);
return rv;
}
GWEN_Buffer_free(bbuf);
/* create signature node */
nodeX=xmlNewChild(node, ns, BAD_CAST "SignedInfo", NULL);
nodeXX=xmlNewChild(nodeX, ns, BAD_CAST "CanonicalizationMethod", NULL);
xmlNewProp(nodeXX,
BAD_CAST "Algorithm",
BAD_CAST "http://www.w3.org/TR/2001/REC-xml-c14n-20010315");
nodeXX=xmlNewChild(nodeX, ns, BAD_CAST "SignatureMethod", NULL);
xmlNewProp(nodeXX,
BAD_CAST "Algorithm",
BAD_CAST "http://www.w3.org/2000/09/xmldsig#rsa-sha1");
nodeXX=xmlNewChild(nodeX, ns, BAD_CAST "Reference", NULL);
xmlNewProp(nodeXX,
BAD_CAST "URI",
BAD_CAST "#xpointer(//*[@authenticate='true'])");
nodeXXX=xmlNewChild(nodeXX, ns, BAD_CAST "Transforms", NULL);
nodeXXXX=xmlNewChild(nodeXXX, ns, BAD_CAST "Transform", NULL);
xmlNewProp(nodeXXXX,
BAD_CAST "Algorithm",
BAD_CAST "http://www.w3.org/TR/2001/REC-xml-c14n-20010315");
nodeXXX=xmlNewChild(nodeXX, ns, BAD_CAST "DigestMethod", NULL);
xmlNewProp(nodeXXX,
BAD_CAST "Algorithm",
BAD_CAST "http://www.w3.org/2000/09/xmldsig#sha1");
/* store hash value */
xmlNewTextChild(nodeXX, ns,
BAD_CAST "DigestValue",
BAD_CAST GWEN_Buffer_GetStart(hbuf));
GWEN_Buffer_free(hbuf);
/* build hash over SignedInfo */
bbuf=GWEN_Buffer_new(0, 256, 0, 1);
rv=EB_Xml_BuildNodeHashSha1(nodeX, "#xpointer(//*)", bbuf);
if (rv<0) {
DBG_INFO(AQEBICS_LOGDOMAIN, "here (%d)", rv);
GWEN_Buffer_free(bbuf);
return rv;
}
/* sign hash */
if (1) {
GWEN_CRYPT_PADDALGO *algo;
int ksize;
uint32_t l;
const uint8_t prefix[]={
0x30, 0x21, 0x30, 0x09,
0x06, 0x05, 0x2B, 0x0E,
0x03, 0x02, 0x1A, 0x05,
0x00, 0x04, 0x14};
/* add prefix to hash of SignedInfo */
hbuf=GWEN_Buffer_new(0, 256, 0, 1);
ksize=GWEN_Crypt_Token_KeyInfo_GetKeySize(ki);
GWEN_Buffer_AppendBytes(hbuf, (const char*)prefix, sizeof(prefix));
GWEN_Buffer_AppendBuffer(hbuf, bbuf);
GWEN_Buffer_Reset(bbuf);
/* select padd algo */
algo=GWEN_Crypt_PaddAlgo_new(GWEN_Crypt_PaddAlgoId_Pkcs1_1);
GWEN_Crypt_PaddAlgo_SetPaddSize(algo, ksize);
/* actually sign */
GWEN_Buffer_AllocRoom(bbuf, ksize+16);
l=GWEN_Buffer_GetMaxUnsegmentedWrite(bbuf);
rv=GWEN_Crypt_Token_Sign(ct, keyId,
algo,
(const uint8_t*)GWEN_Buffer_GetStart(hbuf),
GWEN_Buffer_GetUsedBytes(hbuf),
(uint8_t*)GWEN_Buffer_GetPosPointer(bbuf),
&l,
NULL, /* ignore seq counter */
0);
GWEN_Crypt_PaddAlgo_free(algo);
if (rv<0) {
DBG_INFO(AQEBICS_LOGDOMAIN, "here (%d)", rv);
GWEN_Buffer_free(bbuf);
GWEN_Buffer_free(hbuf);
return rv;
}
GWEN_Buffer_IncrementPos(bbuf, l);
GWEN_Buffer_AdjustUsedBytes(bbuf);
/* base 64 encode signature */
GWEN_Buffer_Reset(hbuf);
rv=GWEN_Base64_Encode((const uint8_t*)GWEN_Buffer_GetStart(bbuf),
GWEN_Buffer_GetUsedBytes(bbuf),
hbuf, 0);
if (rv<0) {
DBG_INFO(AQEBICS_LOGDOMAIN, "here (%d)", rv);
GWEN_Buffer_free(hbuf);
GWEN_Buffer_free(bbuf);
return rv;
}
GWEN_Buffer_free(bbuf);
/* store signature */
xmlNewTextChild(node, ns,
BAD_CAST "SignatureValue",
BAD_CAST GWEN_Buffer_GetStart(hbuf));
GWEN_Buffer_free(hbuf);
}
return 0;
}
int EBC_Provider_FillDataEncryptionInfoNode(AB_PROVIDER *pro, AB_USER *u,
const GWEN_CRYPT_KEY *skey,
xmlNodePtr node) {
EBC_PROVIDER *dp;
int rv;
GWEN_CRYPT_TOKEN *ct;
const GWEN_CRYPT_TOKEN_CONTEXT *ctx;
const GWEN_CRYPT_TOKEN_KEYINFO *ki;
uint32_t keyId;
GWEN_BUFFER *hbuf;
xmlNodePtr nodeX = NULL;
const char *s;
assert(pro);
dp=GWEN_INHERIT_GETDATA(AB_PROVIDER, EBC_PROVIDER, pro);
assert(dp);
/* get crypt token and context */
rv=EBC_Provider_MountToken(pro, u, &ct, &ctx);
if (rv<0) {
DBG_INFO(AQEBICS_LOGDOMAIN, "here (%d)", rv);
return rv;
}
/* get key id for server crypt key */
keyId=GWEN_Crypt_Token_Context_GetEncipherKeyId(ctx);
ki=GWEN_Crypt_Token_GetKeyInfo(ct,
keyId,
0xffffffff,
0);
if (ki==NULL) {
DBG_INFO(AQEBICS_LOGDOMAIN,
"Keyinfo %04x not found on crypt token [%s:%s]",
keyId,
GWEN_Crypt_Token_GetTypeName(ct),
GWEN_Crypt_Token_GetTokenName(ct));
GWEN_Crypt_Token_Close(ct, 0, 0);
return GWEN_ERROR_NOT_FOUND;
}
hbuf=GWEN_Buffer_new(0, 256, 0, 1);
s=EBC_User_GetCryptVersion(u);
if (!(s && *s))
s="E001";
if (strcasecmp(s, "E001")==0) {
rv=EB_Key_Info_BuildHashSha1(ki, hbuf, 1);
if (rv<0) {
DBG_INFO(AQEBICS_LOGDOMAIN, "here (%d)", rv);
GWEN_Buffer_free(hbuf);
GWEN_Crypt_Token_Close(ct, 0, 0);
return rv;
}
nodeX=xmlNewTextChild(node, NULL,
BAD_CAST "EncryptionPubKeyDigest",
BAD_CAST GWEN_Buffer_GetStart(hbuf));
GWEN_Buffer_free(hbuf);
assert(nodeX);
xmlNewProp(nodeX,
BAD_CAST "Version",
BAD_CAST "E001");
xmlNewProp(nodeX,
BAD_CAST "Algorithm",
BAD_CAST "http://www.w3.org/2000/09/xmldsig#sha1");
}
else if (strcasecmp(s, "E002")==0) {
rv=EB_Key_Info_BuildHashSha256(ki, hbuf, 1);
if (rv<0) {
DBG_INFO(AQEBICS_LOGDOMAIN, "here (%d)", rv);
GWEN_Buffer_free(hbuf);
GWEN_Crypt_Token_Close(ct, 0, 0);
return rv;
}
nodeX=xmlNewTextChild(node, NULL,
BAD_CAST "EncryptionPubKeyDigest",
BAD_CAST GWEN_Buffer_GetStart(hbuf));
GWEN_Buffer_free(hbuf);
assert(nodeX);
xmlNewProp(nodeX,
BAD_CAST "Version",
BAD_CAST "E002");
xmlNewProp(nodeX,
BAD_CAST "Algorithm",
BAD_CAST "http://www.w3.org/2001/04/xmlenc#sha256");
}
/* add encrypted transactio key */
hbuf=GWEN_Buffer_new(0, 256, 0, 1);
rv=EBC_Provider_EncryptKey(pro, u, skey, hbuf);
if (rv<0) {
DBG_INFO(AQEBICS_LOGDOMAIN, "here (%d)", rv);
GWEN_Buffer_free(hbuf);
GWEN_Crypt_Token_Close(ct, 0, 0);
return rv;
}
nodeX=xmlNewTextChild(node, NULL,
BAD_CAST "TransactionKey",
BAD_CAST GWEN_Buffer_GetStart(hbuf));
GWEN_Buffer_free(hbuf);
assert(nodeX);
return 0;
}
int addUser(AB_BANKING *ab,
GWEN_DB_NODE *dbArgs,
int argc,
char **argv) {
GWEN_DB_NODE *db;
AB_PROVIDER *pro;
int rv;
GWEN_BUFFER *nameBuffer=NULL;
const char *tokenName;
const char *tokenType;
const char *bankId;
const char *userId;
const char *customerId;
const char *server;
const char *userName;
int hbciVersion;
int rdhType;
uint32_t cid;
const GWEN_ARGS args[]={
{
GWEN_ARGS_FLAGS_HAS_ARGUMENT, /* flags */
GWEN_ArgsType_Char, /* type */
"userName", /* name */
1, /* minnum */
1, /* maxnum */
"N", /* short option */
"username", /* long option */
"Specify the user name", /* short description */
"Specify the user name (not the userid!)" /* long description */
},
{
GWEN_ARGS_FLAGS_HAS_ARGUMENT, /* flags */
GWEN_ArgsType_Char, /* type */
"bankId", /* name */
0, /* minnum */
1, /* maxnum */
"b", /* short option */
"bank", /* long option */
"Specify the bank code", /* short description */
"Specify the bank code" /* long description */
},
{
GWEN_ARGS_FLAGS_HAS_ARGUMENT, /* flags */
GWEN_ArgsType_Char, /* type */
"userId", /* name */
0, /* minnum */
1, /* maxnum */
"u", /* short option */
"user", /* long option */
"Specify the user id (Benutzerkennung)", /* short description */
"Specify the user id (Benutzerkennung)" /* long description */
},
{
GWEN_ARGS_FLAGS_HAS_ARGUMENT, /* flags */
GWEN_ArgsType_Char, /* type */
"customerId", /* name */
0, /* minnum */
1, /* maxnum */
"c", /* short option */
"customer", /* long option */
"Specify the customer id (Kundennummer)", /* short description */
"Specify the customer id (Kundennummer)" /* long description */
},
{
GWEN_ARGS_FLAGS_HAS_ARGUMENT, /* flags */
GWEN_ArgsType_Char, /* type */
"tokenType", /* name */
1, /* minnum */
1, /* maxnum */
"t", /* short option */
"tokentype", /* long option */
"Specify the crypt token type", /* short description */
"Specify the crypt token type" /* long description */
},
{
GWEN_ARGS_FLAGS_HAS_ARGUMENT, /* flags */
GWEN_ArgsType_Char, /* type */
"tokenName", /* name */
0, /* minnum */
1, /* maxnum */
"n", /* short option */
"tokenname", /* long option */
"Specify the crypt token name", /* short description */
"Specify the crypt token name" /* long description */
},
{
GWEN_ARGS_FLAGS_HAS_ARGUMENT, /* flags */
GWEN_ArgsType_Char, /* type */
"serverAddr", /* name */
0, /* minnum */
1, /* maxnum */
"s", /* short option */
"server", /* long option */
"Specify the server URL", /* short description */
"Specify the server URL" /* long description */
},
{
GWEN_ARGS_FLAGS_HAS_ARGUMENT, /* flags */
GWEN_ArgsType_Int, /* type */
"context", /* name */
0, /* minnum */
1, /* maxnum */
0, /* short option */
"context", /* long option */
"Select a context on the medium", /* short description */
"Select a context on the medium" /* long description */
},
{
GWEN_ARGS_FLAGS_HAS_ARGUMENT,
GWEN_ArgsType_Int,
"hbciversion",
0,
1,
0,
"hbciversion",
"Select the HBCI version",
"Select the HBCI protocol version"
},
{
GWEN_ARGS_FLAGS_HAS_ARGUMENT,
GWEN_ArgsType_Int,
"rdhType",
0,
1,
0,
"rdhtype",
"Select the RDH profile type (1, 2, 3, 5, 10)",
"Select the RDH profile type (1, 2, 3, 5, 10)"
},
{
GWEN_ARGS_FLAGS_HELP | GWEN_ARGS_FLAGS_LAST, /* flags */
GWEN_ArgsType_Int, /* type */
"help", /* name */
0, /* minnum */
0, /* maxnum */
"h", /* short option */
"help", /* long option */
"Show this help screen", /* short description */
"Show this help screen" /* long description */
}
};
db=GWEN_DB_GetGroup(dbArgs, GWEN_DB_FLAGS_DEFAULT, "local");
rv=GWEN_Args_Check(argc, argv, 1,
0 /*GWEN_ARGS_MODE_ALLOW_FREEPARAM*/,
args,
db);
if (rv==GWEN_ARGS_RESULT_ERROR) {
fprintf(stderr, "ERROR: Could not parse arguments\n");
return 1;
}
else if (rv==GWEN_ARGS_RESULT_HELP) {
GWEN_BUFFER *ubuf;
ubuf=GWEN_Buffer_new(0, 1024, 0, 1);
if (GWEN_Args_Usage(args, ubuf, GWEN_ArgsOutType_Txt)) {
fprintf(stderr, "ERROR: Could not create help string\n");
return 1;
}
fprintf(stderr, "%s\n", GWEN_Buffer_GetStart(ubuf));
GWEN_Buffer_free(ubuf);
return 0;
}
rv=AB_Banking_Init(ab);
if (rv) {
DBG_ERROR(0, "Error on init (%d)", rv);
return 2;
}
rv=AB_Banking_OnlineInit(ab);
if (rv) {
DBG_ERROR(0, "Error on init (%d)", rv);
return 2;
}
pro=AB_Banking_GetProvider(ab, "aqhbci");
assert(pro);
tokenType=GWEN_DB_GetCharValue(db, "tokenType", 0, 0);
tokenName=GWEN_DB_GetCharValue(db, "tokenName", 0, 0);
bankId=GWEN_DB_GetCharValue(db, "bankId", 0, 0);
userId=GWEN_DB_GetCharValue(db, "userId", 0, 0);
customerId=GWEN_DB_GetCharValue(db, "customerId", 0, 0);
server=GWEN_DB_GetCharValue(db, "serverAddr", 0, 0);
cid=GWEN_DB_GetIntValue(db, "context", 0, 1);
hbciVersion=GWEN_DB_GetIntValue(db, "hbciVersion", 0, 0);
rdhType=GWEN_DB_GetIntValue(db, "rdhType", 0, 1);
userName=GWEN_DB_GetCharValue(db, "userName", 0, 0);
assert(userName);
/* generic check for some arguments */
if (hbciVersion>0 && rdhType>1) {
if (hbciVersion<300 && rdhType>1) {
DBG_ERROR(0, "RDH Types 2 and above only work with HBCI version 300 or later");
return 1;
}
}
if (hbciVersion>0) {
switch(hbciVersion) {
case 201:
case 210:
case 220:
case 300:
/* supported */
break;
default:
DBG_ERROR(0, "HBCI/FinTS version %d not supported", hbciVersion);
return 1;
}
}
if (rdhType>0) {
switch(rdhType) {
case 1:
case 2:
case 10:
/* supported */
break;
case 3:
case 4:
case 5:
case 6:
case 7:
case 8:
case 9:
default:
DBG_ERROR(0, "RDH type %d not supported", rdhType);
return 1;
}
}
if (1) {
const char *lbankId;
const char *luserId;
const char *lcustomerId;
const char *lserverAddr;
AH_CRYPT_MODE cm;
GWEN_URL *url;
GWEN_CRYPT_TOKEN_CONTEXT *ctx=NULL;
AB_USER *user;
if (strcasecmp(tokenType, "pintan")==0) {
lbankId=bankId;
luserId=userId;
lcustomerId=customerId?customerId:luserId;
lserverAddr=server;
cm=AH_CryptMode_Pintan;
}
else {
GWEN_PLUGIN_MANAGER *pm;
GWEN_PLUGIN *pl;
GWEN_CRYPT_TOKEN *ct;
const GWEN_CRYPT_TOKEN_CONTEXT *cctx;
const GWEN_CRYPT_TOKEN_KEYINFO *ki;
uint32_t keyId;
GWEN_CRYPT_CRYPTALGOID algo;
if (cid==0) {
DBG_ERROR(0, "No context given.");
return 1;
}
/* get crypt token */
pm=GWEN_PluginManager_FindPluginManager("ct");
if (pm==0) {
DBG_ERROR(0, "Plugin manager not found");
return 3;
}
pl=GWEN_PluginManager_GetPlugin(pm, tokenType);
if (pl==0) {
DBG_ERROR(0, "Plugin not found");
return 3;
}
DBG_INFO(0, "Plugin found");
ct=GWEN_Crypt_Token_Plugin_CreateToken(pl, tokenName);
if (ct==0) {
DBG_ERROR(0, "Could not create crypt token");
return 3;
}
/* open crypt token */
rv=GWEN_Crypt_Token_Open(ct, 0, 0);
if (rv) {
DBG_ERROR(0, "Could not open token (%d)", rv);
GWEN_Crypt_Token_free(ct);
return 3;
}
/* get real token name */
nameBuffer=GWEN_Buffer_new(0, 64, 0, 1);
GWEN_Buffer_AppendString(nameBuffer,
GWEN_Crypt_Token_GetTokenName(ct));
tokenName=GWEN_Buffer_GetStart(nameBuffer);
cctx=GWEN_Crypt_Token_GetContext(ct, cid, 0);
if (cctx==NULL) {
DBG_ERROR(0, "Context %02x not found", cid);
GWEN_Buffer_free(nameBuffer);
GWEN_Crypt_Token_Close(ct, 1, 0);
GWEN_Crypt_Token_free(ct);
return 3;
}
ctx=GWEN_Crypt_Token_Context_dup(cctx);
lbankId=bankId?bankId:GWEN_Crypt_Token_Context_GetServiceId(ctx);
luserId=userId?userId:GWEN_Crypt_Token_Context_GetUserId(ctx);
lcustomerId=customerId?customerId:luserId;
lserverAddr=server?server:GWEN_Crypt_Token_Context_GetAddress(ctx);
/* determine crypt mode */
keyId=GWEN_Crypt_Token_Context_GetSignKeyId(ctx);
if (keyId==0)
keyId=GWEN_Crypt_Token_Context_GetVerifyKeyId(ctx);
if (keyId==0)
keyId=GWEN_Crypt_Token_Context_GetEncipherKeyId(ctx);
if (keyId==0)
keyId=GWEN_Crypt_Token_Context_GetDecipherKeyId(ctx);
GWEN_Crypt_Token_Context_free(ctx);
if (keyId==0) {
DBG_ERROR(0, "No keys, unable to determine crypt mode");
GWEN_Buffer_free(nameBuffer);
GWEN_Crypt_Token_Close(ct, 1, 0);
GWEN_Crypt_Token_free(ct);
return 3;
}
ki=GWEN_Crypt_Token_GetKeyInfo(ct, keyId, 0xffffffff, 0);
if (ki==NULL) {
DBG_ERROR(0,
"Could not get keyinfo for key %d, "
"unable to determine crypt mode", keyId);
GWEN_Buffer_free(nameBuffer);
GWEN_Crypt_Token_Close(ct, 1, 0);
GWEN_Crypt_Token_free(ct);
return 3;
}
algo=GWEN_Crypt_Token_KeyInfo_GetCryptAlgoId(ki);
if (algo==GWEN_Crypt_CryptAlgoId_Des3K)
cm=AH_CryptMode_Ddv;
else if (algo==GWEN_Crypt_CryptAlgoId_Rsa)
cm=AH_CryptMode_Rdh;
else {
DBG_ERROR(0,
"Unexpected crypt algorithm \"%s\", "
"unable to determine crypt mode",
GWEN_Crypt_CryptAlgoId_toString(algo));
GWEN_Buffer_free(nameBuffer);
GWEN_Crypt_Token_Close(ct, 1, 0);
GWEN_Crypt_Token_free(ct);
return 3;
}
rv=GWEN_Crypt_Token_Close(ct, 0, 0);
GWEN_Crypt_Token_free(ct);
if (rv) {
DBG_ERROR(0, "Could not close token (%d)", rv);
GWEN_Buffer_free(nameBuffer);
return 3;
}
}
if (!lbankId || !*lbankId) {
DBG_ERROR(0, "No bank id stored and none given");
GWEN_Buffer_free(nameBuffer);
return 3;
}
if (!luserId || !*luserId) {
DBG_ERROR(0, "No user id (Benutzerkennung) stored and none given");
GWEN_Buffer_free(nameBuffer);
return 3;
}
user=AB_Banking_FindUser(ab, AH_PROVIDER_NAME,
"de",
lbankId, luserId, lcustomerId);
if (user) {
DBG_ERROR(0, "User %s already exists", luserId);
return 3;
}
user=AB_Banking_CreateUser(ab, AH_PROVIDER_NAME);
assert(user);
AB_User_SetUserName(user, userName);
AB_User_SetCountry(user, "de");
AB_User_SetBankCode(user, lbankId);
AB_User_SetUserId(user, luserId);
AB_User_SetCustomerId(user, lcustomerId);
AH_User_SetTokenType(user, tokenType);
AH_User_SetTokenName(user, tokenName);
AH_User_SetTokenContextId(user, cid);
AH_User_SetCryptMode(user, cm);
if (rdhType>0)
AH_User_SetRdhType(user, rdhType);
GWEN_Buffer_free(nameBuffer);
if (hbciVersion==0) {
if (cm==AH_CryptMode_Pintan)
AH_User_SetHbciVersion(user, 220);
else {
if (rdhType>1)
AH_User_SetHbciVersion(user, 300);
else
AH_User_SetHbciVersion(user, 210);
}
}
else {
AH_User_SetHbciVersion(user, hbciVersion);
}
/* try to get server address from database if still unknown */
if (!lserverAddr || *lserverAddr==0) {
GWEN_BUFFER *tbuf;
tbuf=GWEN_Buffer_new(0, 256, 0, 1);
if (getBankUrl(ab,
cm,
lbankId,
tbuf)) {
DBG_INFO(0, "Could not find server address for \"%s\"",
lbankId);
}
if (GWEN_Buffer_GetUsedBytes(tbuf)==0) {
DBG_ERROR(0, "No address given and none available in internal db");
return 3;
}
url=GWEN_Url_fromString(GWEN_Buffer_GetStart(tbuf));
if (url==NULL) {
DBG_ERROR(0, "Bad URL \"%s\" in internal db",
GWEN_Buffer_GetStart(tbuf));
return 3;
}
GWEN_Buffer_free(tbuf);
}
else {
/* set address */
url=GWEN_Url_fromString(lserverAddr);
if (url==NULL) {
DBG_ERROR(0, "Bad URL \"%s\"", lserverAddr);
return 3;
}
}
if (cm==AH_CryptMode_Pintan) {
GWEN_Url_SetProtocol(url, "https");
if (GWEN_Url_GetPort(url)==0)
GWEN_Url_SetPort(url, 443);
}
else {
GWEN_Url_SetProtocol(url, "hbci");
if (GWEN_Url_GetPort(url)==0)
GWEN_Url_SetPort(url, 3000);
}
AH_User_SetServerUrl(user, url);
GWEN_Url_free(url);
if (cm==AH_CryptMode_Ddv)
AH_User_SetStatus(user, AH_UserStatusEnabled);
AB_Banking_AddUser(ab, user);
}
rv=AB_Banking_OnlineFini(ab);
if (rv) {
fprintf(stderr, "ERROR: Error on deinit (%d)\n", rv);
return 5;
}
rv=AB_Banking_Fini(ab);
if (rv) {
fprintf(stderr, "ERROR: Error on deinit (%d)\n", rv);
return 5;
}
return 0;
}
int EBC_Provider_EuSign_A004(AB_PROVIDER *pro,
AB_USER *u,
const char *requestType,
const uint8_t *pMsg,
uint32_t lMsg,
GWEN_BUFFER *sbuf) {
EBC_PROVIDER *dp;
GWEN_MDIGEST *md;
GWEN_BUFFER *hbuf;
GWEN_BUFFER *ebuf;
GWEN_CRYPT_TOKEN *ct;
const GWEN_CRYPT_TOKEN_CONTEXT *ctx;
const GWEN_CRYPT_TOKEN_KEYINFO *ki;
uint32_t keyId;
int ksize;
uint32_t l;
GWEN_CRYPT_PADDALGO *algo;
EB_EU *eu;
GWEN_TIME *ti;
int rv;
const char *userId;
assert(pro);
dp=GWEN_INHERIT_GETDATA(AB_PROVIDER, EBC_PROVIDER, pro);
assert(dp);
userId=AB_User_GetUserId(u);
md=GWEN_MDigest_Rmd160_new();
assert(md);
rv=GWEN_MDigest_Begin(md);
if (rv<0) {
DBG_INFO(AQEBICS_LOGDOMAIN, "here (%d)", rv);
GWEN_MDigest_free(md);
return rv;
}
rv=GWEN_MDigest_Update(md, pMsg, lMsg);
if (rv<0) {
DBG_INFO(AQEBICS_LOGDOMAIN, "here (%d)", rv);
GWEN_MDigest_free(md);
return rv;
}
rv=GWEN_MDigest_End(md);
if (rv<0) {
DBG_INFO(AQEBICS_LOGDOMAIN, "here (%d)", rv);
GWEN_MDigest_free(md);
return rv;
}
hbuf=GWEN_Buffer_new(0, GWEN_MDigest_GetDigestSize(md), 0, 1);
GWEN_Buffer_AppendBytes(hbuf,
(const char*)GWEN_MDigest_GetDigestPtr(md),
GWEN_MDigest_GetDigestSize(md));
GWEN_MDigest_free(md);
/* get crypt token and context */
rv=EBC_Provider_MountToken(pro, u, &ct, &ctx);
if (rv<0) {
DBG_INFO(AQEBICS_LOGDOMAIN, "here (%d)", rv);
return rv;
}
/* get key id */
keyId=GWEN_Crypt_Token_Context_GetSignKeyId(ctx);
ki=GWEN_Crypt_Token_GetKeyInfo(ct,
keyId,
0xffffffff,
0);
if (ki==NULL) {
DBG_INFO(AQEBICS_LOGDOMAIN,
"Keyinfo %04x not found on crypt token [%s:%s]",
keyId,
GWEN_Crypt_Token_GetTypeName(ct),
GWEN_Crypt_Token_GetTokenName(ct));
GWEN_Crypt_Token_Close(ct, 0, 0);
GWEN_Buffer_free(hbuf);
return GWEN_ERROR_NOT_FOUND;
}
ksize=GWEN_Crypt_Token_KeyInfo_GetKeySize(ki);
/* select padd algo */
algo=GWEN_Crypt_PaddAlgo_new(GWEN_Crypt_PaddAlgoId_Iso9796_2);
GWEN_Crypt_PaddAlgo_SetPaddSize(algo, ksize);
/* actually sign */
ebuf=GWEN_Buffer_new(0, ksize+16, 0, 1);
l=GWEN_Buffer_GetMaxUnsegmentedWrite(ebuf);
rv=GWEN_Crypt_Token_Sign(ct, keyId,
algo,
(const uint8_t*)GWEN_Buffer_GetStart(hbuf),
GWEN_Buffer_GetUsedBytes(hbuf),
(uint8_t*)GWEN_Buffer_GetPosPointer(ebuf),
&l,
NULL, /* ignore seq counter */
0);
GWEN_Crypt_PaddAlgo_free(algo);
if (rv<0) {
DBG_INFO(AQEBICS_LOGDOMAIN, "here (%d)", rv);
GWEN_Buffer_free(ebuf);
GWEN_Buffer_free(hbuf);
return rv;
}
GWEN_Buffer_IncrementPos(ebuf, l);
GWEN_Buffer_AdjustUsedBytes(ebuf);
GWEN_Buffer_free(hbuf);
/* assemble EU */
eu=EB_Eu_new();
EB_Eu_SetVersion(eu, "A004");
EB_Eu_SetModLen(eu, ksize*8);
EB_Eu_SetJobType(eu, requestType);
EB_Eu_SetSignature(eu,
(const uint8_t*) GWEN_Buffer_GetStart(ebuf),
GWEN_Buffer_GetUsedBytes(ebuf));
GWEN_Buffer_free(ebuf);
ti=GWEN_CurrentTime();
EB_Eu_SetCreationTime(eu, ti);
EB_Eu_SetSignatureTime(eu, ti);
GWEN_Time_free(ti);
EB_Eu_SetUserId(eu, userId);
/* store EU in given buffer */
EB_Eu_toBuffer(eu, sbuf);
EB_Eu_free(eu);
return 0;
}
static int EBC_Provider_XchgHpbRequest_H003(AB_PROVIDER *pro,
GWEN_HTTP_SESSION *sess,
AB_USER *u) {
EBC_PROVIDER *dp;
int rv;
GWEN_CRYPT_TOKEN *ct;
const GWEN_CRYPT_TOKEN_CONTEXT *ctx;
uint32_t keyId;
xmlNsPtr ns;
EB_MSG *msg;
EB_MSG *mRsp;
EB_RC rc;
xmlDocPtr doc;
xmlNodePtr root_node = NULL;
xmlNodePtr node = NULL;
xmlNodePtr sigNode = NULL;
GWEN_BUFFER *tbuf;
const char *s;
assert(pro);
dp=GWEN_INHERIT_GETDATA(AB_PROVIDER, EBC_PROVIDER, pro);
assert(dp);
/* get crypt token and context */
rv=EBC_Provider_MountToken(pro, u, &ct, &ctx);
if (rv<0) {
DBG_INFO(AQEBICS_LOGDOMAIN, "here (%d)", rv);
return rv;
}
/* create request */
msg=EB_Msg_new();
doc=EB_Msg_GetDoc(msg);
root_node=xmlNewNode(NULL, BAD_CAST "ebicsNoPubKeyDigestsRequest");
xmlDocSetRootElement(doc, root_node);
ns=xmlNewNs(root_node,
BAD_CAST "http://www.ebics.org/H003",
NULL);
assert(ns);
ns=xmlNewNs(root_node,
BAD_CAST "http://www.w3.org/2000/09/xmldsig#",
BAD_CAST "ds");
assert(ns);
ns=xmlNewNs(root_node,
BAD_CAST "http://www.w3.org/2001/XMLSchema-instance",
BAD_CAST "xsi");
xmlNewNsProp(root_node,
ns,
BAD_CAST "schemaLocation", /* xsi:schemaLocation */
BAD_CAST "http://www.ebics.org/H003 "
"http://www.ebics.org/H003/ebics_keymgmt_request.xsd");
xmlNewProp(root_node, BAD_CAST "Version", BAD_CAST "H003");
xmlNewProp(root_node, BAD_CAST "Revision", BAD_CAST "1");
/* header */
node=xmlNewChild(root_node, NULL, BAD_CAST "header", NULL);
xmlNewProp(node, BAD_CAST "authenticate", BAD_CAST "true");
xmlNewChild(node, NULL, BAD_CAST "static", NULL);
xmlNewChild(node, NULL, BAD_CAST "mutable", NULL);
sigNode=xmlNewChild(root_node, NULL, BAD_CAST "AuthSignature", NULL);
/* body */
node=xmlNewChild(root_node, NULL, BAD_CAST "body", NULL);
/* fill */
s=EBC_User_GetPeerId(u);
if (s)
EB_Msg_SetCharValue(msg, "header/static/HostID", s);
/* generate Nonce */
tbuf=GWEN_Buffer_new(0, 128, 0, 1);
rv=EBC_Provider_GenerateNonce(pro, tbuf);
if (rv<0) {
DBG_INFO(AQEBICS_LOGDOMAIN, "here (%d)", rv);
GWEN_Buffer_free(tbuf);
EB_Msg_free(msg);
return rv;
}
EB_Msg_SetCharValue(msg, "header/static/Nonce", GWEN_Buffer_GetStart(tbuf));
GWEN_Buffer_Reset(tbuf);
/* generate timestamp */
rv=EBC_Provider_GenerateTimeStamp(pro, u, tbuf);
if (rv<0) {
DBG_INFO(AQEBICS_LOGDOMAIN, "here (%d)", rv);
GWEN_Buffer_free(tbuf);
EB_Msg_free(msg);
return rv;
}
EB_Msg_SetCharValue(msg, "header/static/Timestamp", GWEN_Buffer_GetStart(tbuf));
GWEN_Buffer_free(tbuf);
s=AB_User_GetCustomerId(u);
if (s)
EB_Msg_SetCharValue(msg, "header/static/PartnerID", s);
EB_Msg_SetCharValue(msg, "header/static/UserID",
AB_User_GetUserId(u));
EB_Msg_SetCharValue(msg, "header/static/OrderDetails/OrderType", "HPB");
EB_Msg_SetCharValue(msg,
"header/static/OrderDetails/OrderAttribute",
"DZHNN");
EB_Msg_SetCharValue(msg, "header/static/SecurityMedium", "0000");
/* sign */
rv=EBC_Provider_SignMessage(pro, msg, u, sigNode);
if (rv<0) {
DBG_INFO(AQEBICS_LOGDOMAIN, "here (%d)", rv);
EB_Msg_free(msg);
return rv;
}
/* exchange requests */
rv=EBC_Dialog_ExchangeMessages(sess, msg, &mRsp);
if (rv<0 || rv>=300) {
DBG_ERROR(AQEBICS_LOGDOMAIN, "Error exchanging messages (%d)", rv);
EB_Msg_free(msg);
return rv;
}
EB_Msg_free(msg);
/* check response */
assert(mRsp);
/* log results */
EBC_Provider_LogRequestResults(pro, mRsp, NULL);
rc=EB_Msg_GetResultCode(mRsp);
if ((rc & 0xff0000)==0x090000 ||
(rc & 0xff0000)==0x060000) {
DBG_ERROR(AQEBICS_LOGDOMAIN, "Error response: (%06x)", rc);
EB_Msg_free(mRsp);
return AB_ERROR_SECURITY;
}
rc=EB_Msg_GetBodyResultCode(mRsp);
if (rc) {
if ((rc & 0xff0000)==0x090000 ||
(rc & 0xff0000)==0x060000) {
DBG_ERROR(AQEBICS_LOGDOMAIN, "Error response: (%06x)", rc);
EB_Msg_free(mRsp);
if ((rc & 0xfff00)==0x091300 ||
(rc & 0xfff00)==0x091200)
return AB_ERROR_SECURITY;
else
return GWEN_ERROR_GENERIC;
}
}
if (1) {
xmlDocPtr orderDoc=NULL;
xmlNodePtr root_node=NULL;
xmlNodePtr node=NULL;
GWEN_CRYPT_KEY *skey=NULL;
GWEN_BUFFER *buf1;
GWEN_BUFFER *buf2;
const char *s;
/* extract keys and store them */
node=EB_Xml_GetNode(EB_Msg_GetRootNode(mRsp),
"body/DataTransfer/DataEncryptionInfo",
GWEN_PATH_FLAGS_NAMEMUSTEXIST);
if (node==NULL) {
DBG_ERROR(AQEBICS_LOGDOMAIN,
"Bad message from server: Missing session key");
EB_Msg_free(mRsp);
return GWEN_ERROR_BAD_DATA;
}
rv=EBC_Provider_ExtractSessionKey(pro, u, node, &skey);
if (rv<0) {
DBG_INFO(AQEBICS_LOGDOMAIN, "here (%d)", rv);
EB_Msg_free(mRsp);
return rv;
}
s=EB_Msg_GetCharValue(mRsp, "body/DataTransfer/OrderData", NULL);
if (!s) {
DBG_ERROR(AQEBICS_LOGDOMAIN,
"Bad message from server: Missing OrderData");
EB_Msg_free(mRsp);
return GWEN_ERROR_BAD_DATA;
}
buf1=GWEN_Buffer_new(0, strlen(s), 0, 1);
rv=GWEN_Base64_Decode((const uint8_t*)s, 0, buf1);
if (rv<0) {
DBG_INFO(AQEBICS_LOGDOMAIN, "Could not decode OrderData (%d)", rv);
GWEN_Buffer_free(buf1);
EB_Msg_free(mRsp);
return rv;
}
/* decode data */
buf2=GWEN_Buffer_new(0, GWEN_Buffer_GetUsedBytes(buf1), 0, 1);
rv=EBC_Provider_DecryptData(pro, u, skey,
(const uint8_t*)GWEN_Buffer_GetStart(buf1),
GWEN_Buffer_GetUsedBytes(buf1),
buf2);
if (rv<0) {
DBG_INFO(AQEBICS_LOGDOMAIN, "Could not decrypt OrderData (%d)", rv);
GWEN_Buffer_free(buf2);
GWEN_Buffer_free(buf1);
return rv;
}
/* parse XML document */
rv=EB_Xml_DocFromBuffer(GWEN_Buffer_GetStart(buf2),
GWEN_Buffer_GetUsedBytes(buf2),
&orderDoc);
GWEN_Buffer_free(buf2);
GWEN_Buffer_free(buf1);
if (rv<0) {
DBG_INFO(AQEBICS_LOGDOMAIN, "here (%d)", rv);
EB_Msg_free(mRsp);
return rv;
}
/* get keys */
root_node=xmlDocGetRootElement(orderDoc);
/* get auth key */
node=EB_Xml_GetNode(root_node, "AuthenticationPubKeyInfo",
GWEN_PATH_FLAGS_NAMEMUSTEXIST);
if (node==NULL) {
DBG_ERROR(AQEBICS_LOGDOMAIN,
"No authentication key found");
xmlFreeDoc(orderDoc);
EB_Msg_free(mRsp);
return GWEN_ERROR_BAD_DATA;
}
else {
const GWEN_CRYPT_TOKEN_KEYINFO *cki;
GWEN_CRYPT_TOKEN_KEYINFO *ki;
keyId=GWEN_Crypt_Token_Context_GetAuthVerifyKeyId(ctx);
cki=GWEN_Crypt_Token_GetKeyInfo(ct, keyId, 0, 0);
if (cki)
ki=GWEN_Crypt_Token_KeyInfo_dup(cki);
else
ki=GWEN_Crypt_Token_KeyInfo_new(keyId,
GWEN_Crypt_CryptAlgoId_Rsa,
128);
GWEN_Crypt_Token_KeyInfo_SetFlags(ki, 0);
rc=EB_Key_Info_ReadXml(ki, node);
if (rc) {
DBG_INFO(AQEBICS_LOGDOMAIN, "here (%06x)", rc);
GWEN_Crypt_Token_KeyInfo_free(ki);
xmlFreeDoc(orderDoc);
EB_Msg_free(mRsp);
return GWEN_ERROR_BAD_DATA;
}
rv=GWEN_Crypt_Token_SetKeyInfo(ct, keyId, ki, 0);
GWEN_Crypt_Token_KeyInfo_free(ki);
if (rv) {
DBG_INFO(AQEBICS_LOGDOMAIN, "here (%d)", rv);
xmlFreeDoc(orderDoc);
EB_Msg_free(mRsp);
return rv;
}
DBG_NOTICE(AQEBICS_LOGDOMAIN, "Auth key stored");
}
/* get crypt key */
node=EB_Xml_GetNode(root_node, "EncryptionPubKeyInfo",
GWEN_PATH_FLAGS_NAMEMUSTEXIST);
if (node==NULL) {
DBG_ERROR(AQEBICS_LOGDOMAIN,
"No encryption key found");
xmlFreeDoc(orderDoc);
EB_Msg_free(mRsp);
return GWEN_ERROR_BAD_DATA;
}
else {
const GWEN_CRYPT_TOKEN_KEYINFO *cki;
GWEN_CRYPT_TOKEN_KEYINFO *ki;
keyId=GWEN_Crypt_Token_Context_GetEncipherKeyId(ctx);
cki=GWEN_Crypt_Token_GetKeyInfo(ct, keyId, 0, 0);
if (cki)
ki=GWEN_Crypt_Token_KeyInfo_dup(cki);
else
ki=GWEN_Crypt_Token_KeyInfo_new(keyId,
GWEN_Crypt_CryptAlgoId_Rsa,
128);
GWEN_Crypt_Token_KeyInfo_SetFlags(ki, 0);
rc=EB_Key_Info_ReadXml(ki, node);
if (rc) {
DBG_INFO(AQEBICS_LOGDOMAIN, "here (%06x)", rc);
GWEN_Crypt_Token_KeyInfo_free(ki);
xmlFreeDoc(orderDoc);
EB_Msg_free(mRsp);
return GWEN_ERROR_BAD_DATA;
}
rv=GWEN_Crypt_Token_SetKeyInfo(ct, keyId, ki, 0);
GWEN_Crypt_Token_KeyInfo_free(ki);
if (rv) {
DBG_INFO(AQEBICS_LOGDOMAIN, "here (%d)", rv);
xmlFreeDoc(orderDoc);
EB_Msg_free(mRsp);
return rv;
}
DBG_NOTICE(AQEBICS_LOGDOMAIN, "Crypt key stored");
}
xmlFreeDoc(orderDoc);
}
EB_Msg_free(mRsp);
/* adjust user status and flags */
DBG_NOTICE(AQEBICS_LOGDOMAIN, "Adjusting user flags");
if ((EBC_User_GetFlags(u) &
(EBC_USER_FLAGS_INI | EBC_USER_FLAGS_HIA))
==
(EBC_USER_FLAGS_INI | EBC_USER_FLAGS_HIA))
EBC_User_SetStatus(u, EBC_UserStatus_Enabled);
return 0;
}
int EBC_Provider_EuSign_A005(AB_PROVIDER *pro,
AB_USER *u,
const char *requestType,
const uint8_t *pMsg,
uint32_t lMsg,
GWEN_BUFFER *sbuf)
{
EBC_PROVIDER *dp;
GWEN_BUFFER *xbuf;
GWEN_BUFFER *hbuf;
GWEN_CRYPT_TOKEN *ct;
const GWEN_CRYPT_TOKEN_CONTEXT *ctx;
const GWEN_CRYPT_TOKEN_KEYINFO *ki;
uint32_t keyId;
int ksize;
uint32_t l;
GWEN_CRYPT_PADDALGO *algo;
int rv;
int numPaddBytes=0;
const uint8_t digestInfo[]= {
0x30, 0x31, 0x30, 0x0d,
0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01,
0x05, 0x00,
0x04, 0x20
};
assert(pro);
dp=GWEN_INHERIT_GETDATA(AB_PROVIDER, EBC_PROVIDER, pro);
assert(dp);
/* get crypt token and context */
rv=EBC_Provider_MountToken(pro, u, &ct, &ctx);
if (rv<0) {
DBG_INFO(AQEBICS_LOGDOMAIN, "here (%d)", rv);
return rv;
}
/* get key id */
keyId=GWEN_Crypt_Token_Context_GetSignKeyId(ctx);
ki=GWEN_Crypt_Token_GetKeyInfo(ct,
keyId,
0xffffffff,
0);
if (ki==NULL) {
DBG_INFO(AQEBICS_LOGDOMAIN,
"Keyinfo %04x not found on crypt token [%s:%s]",
keyId,
GWEN_Crypt_Token_GetTypeName(ct),
GWEN_Crypt_Token_GetTokenName(ct));
GWEN_Crypt_Token_Close(ct, 0, 0);
return GWEN_ERROR_NOT_FOUND;
}
xbuf=GWEN_Buffer_new(0, 40, 0, 1);
EBC_Provider_Sha256(pMsg, lMsg, xbuf);
/* add digestInfo to hash of SignedInfo */
hbuf=GWEN_Buffer_new(0, 256, 0, 1);
ksize=GWEN_Crypt_Token_KeyInfo_GetKeySize(ki);
GWEN_Buffer_AppendByte(hbuf, 0x01); /* block type */
numPaddBytes=ksize-3-sizeof(digestInfo)-GWEN_Buffer_GetUsedBytes(xbuf);
if (numPaddBytes<1) {
DBG_ERROR(AQEBICS_LOGDOMAIN, "Invalid number of padd bytes, key too small (%d)", numPaddBytes);
GWEN_Buffer_free(xbuf);
GWEN_Buffer_free(hbuf);
return GWEN_ERROR_INTERNAL;
}
GWEN_Buffer_FillWithBytes(hbuf, 0xff, numPaddBytes);
GWEN_Buffer_AppendByte(hbuf, 0x01); /* separator */
GWEN_Buffer_AppendBytes(hbuf, (const char *)digestInfo, sizeof(digestInfo)); /* digest info */
GWEN_Buffer_AppendBytes(hbuf, GWEN_Buffer_GetStart(xbuf), GWEN_Buffer_GetUsedBytes(xbuf)); /* hash */
GWEN_Buffer_free(xbuf);
/* select padd algo */
algo=GWEN_Crypt_PaddAlgo_new(GWEN_Crypt_PaddAlgoId_None);
GWEN_Crypt_PaddAlgo_SetPaddSize(algo, ksize);
/* actually sign */
GWEN_Buffer_AllocRoom(sbuf, ksize+16);
l=GWEN_Buffer_GetMaxUnsegmentedWrite(sbuf);
rv=GWEN_Crypt_Token_Sign(ct, keyId,
algo,
(const uint8_t *)GWEN_Buffer_GetStart(hbuf),
GWEN_Buffer_GetUsedBytes(hbuf),
(uint8_t *)GWEN_Buffer_GetPosPointer(sbuf),
&l,
NULL, /* ignore seq counter */
0);
GWEN_Crypt_PaddAlgo_free(algo);
if (rv<0) {
DBG_INFO(AQEBICS_LOGDOMAIN, "here (%d)", rv);
GWEN_Buffer_free(hbuf);
return rv;
}
GWEN_Buffer_IncrementPos(sbuf, l);
GWEN_Buffer_AdjustUsedBytes(sbuf);
GWEN_Buffer_free(hbuf);
return 0;
}
int AH_Msg_DecryptRdh2(AH_MSG *hmsg, GWEN_DB_NODE *gr){
AH_HBCI *h;
GWEN_BUFFER *mbuf;
uint32_t l;
int rv;
const uint8_t *p;
GWEN_MSGENGINE *e;
AB_USER *u;
const char *peerId;
// uint32_t uFlags;
GWEN_CRYPT_TOKEN *ct;
const GWEN_CRYPT_TOKEN_CONTEXT *ctx;
const GWEN_CRYPT_TOKEN_KEYINFO *ki;
uint32_t keyId;
GWEN_CRYPT_KEY *sk=NULL;
uint8_t decKey[300];
GWEN_DB_NODE *nhead=NULL;
GWEN_DB_NODE *ndata=NULL;
const char *crypterId;
uint32_t gid;
assert(hmsg);
h=AH_Dialog_GetHbci(hmsg->dialog);
assert(h);
e=AH_Dialog_GetMsgEngine(hmsg->dialog);
assert(e);
GWEN_MsgEngine_SetMode(e, "rdh");
gid=0;
u=AH_Dialog_GetDialogOwner(hmsg->dialog);
// uFlags=AH_User_GetFlags(u);
peerId=AH_User_GetPeerId(u);
if (!peerId || *peerId==0)
peerId=AB_User_GetUserId(u);
/* get crypt token of signer */
rv=AB_Banking_GetCryptToken(AH_HBCI_GetBankingApi(h),
AH_User_GetTokenType(u),
AH_User_GetTokenName(u),
&ct);
if (rv) {
DBG_INFO(AQHBCI_LOGDOMAIN,
"Could not get crypt token for user \"%s\" (%d)",
AB_User_GetUserId(u), rv);
return rv;
}
/* open CryptToken if necessary */
if (!GWEN_Crypt_Token_IsOpen(ct)) {
GWEN_Crypt_Token_AddModes(ct, GWEN_CRYPT_TOKEN_MODE_DIRECT_SIGN);
rv=GWEN_Crypt_Token_Open(ct, 0, gid);
if (rv) {
DBG_INFO(AQHBCI_LOGDOMAIN,
"Could not open crypt token for user \"%s\" (%d)",
AB_User_GetUserId(u), rv);
return rv;
}
}
/* get context and key info */
ctx=GWEN_Crypt_Token_GetContext(ct,
AH_User_GetTokenContextId(u),
gid);
if (ctx==NULL) {
DBG_INFO(AQHBCI_LOGDOMAIN,
"Context %d not found on crypt token [%s:%s]",
AH_User_GetTokenContextId(u),
GWEN_Crypt_Token_GetTypeName(ct),
GWEN_Crypt_Token_GetTokenName(ct));
return GWEN_ERROR_NOT_FOUND;
}
keyId=GWEN_Crypt_Token_Context_GetDecipherKeyId(ctx);
ki=GWEN_Crypt_Token_GetKeyInfo(ct,
keyId,
0xffffffff,
gid);
if (ki==NULL) {
DBG_INFO(AQHBCI_LOGDOMAIN,
"Keyinfo %04x not found on crypt token [%s:%s]",
keyId,
GWEN_Crypt_Token_GetTypeName(ct),
GWEN_Crypt_Token_GetTokenName(ct));
return GWEN_ERROR_NOT_FOUND;
}
/* get encrypted session key */
nhead=GWEN_DB_GetGroup(gr,
GWEN_DB_FLAGS_DEFAULT |
GWEN_PATH_FLAGS_NAMEMUSTEXIST,
"CryptHead");
if (!nhead) {
DBG_ERROR(AQHBCI_LOGDOMAIN, "No crypt head");
return GWEN_ERROR_BAD_DATA;
}
ndata=GWEN_DB_GetGroup(gr,
GWEN_DB_FLAGS_DEFAULT |
GWEN_PATH_FLAGS_NAMEMUSTEXIST,
"CryptData");
if (!ndata) {
DBG_ERROR(AQHBCI_LOGDOMAIN, "No crypt data");
return GWEN_ERROR_BAD_DATA;
}
crypterId=GWEN_DB_GetCharValue(nhead, "key/userId", 0, I18N("unknown"));
p=GWEN_DB_GetBinValue(nhead,
"CryptAlgo/MsgKey",
0,
0,0,
&l);
if (p && l) {
uint32_t elen;
GWEN_CRYPT_PADDALGO *algo;
uint8_t encKey[300];
int ksize;
ksize=GWEN_Crypt_Token_KeyInfo_GetKeySize(ki);
if (ksize<l) {
DBG_WARN(AQHBCI_LOGDOMAIN, "Keyinfo keysize is smaller than size of transmitted key, adjusting");
ksize=l;
}
assert(ksize<=256);
/* fill encoded key with 0 */
memset(encKey, 0, sizeof(encKey));
memmove(encKey+(ksize-l), p, l);
algo=GWEN_Crypt_PaddAlgo_new(GWEN_Crypt_PaddAlgoId_None);
elen=sizeof(decKey);
rv=GWEN_Crypt_Token_Decipher(ct,
keyId,
algo,
encKey, ksize,
decKey,
&elen,
gid);
GWEN_Crypt_PaddAlgo_free(algo);
if (rv) {
DBG_INFO(AQHBCI_LOGDOMAIN, "here (%d)", rv);
return rv;
}
/* unpadd key (take right-handed 16 bytes) */
p=decKey+(elen-16);
sk=GWEN_Crypt_KeyDes3K_fromData(GWEN_Crypt_CryptMode_Cbc, 24,
p, 16);
if (sk==NULL) {
DBG_ERROR(AQHBCI_LOGDOMAIN, "Could not create DES key from data");
return GWEN_ERROR_BAD_DATA;
}
}
else {
DBG_ERROR(AQHBCI_LOGDOMAIN, "Missing message key");
return GWEN_ERROR_BAD_DATA;
}
/* get encrypted data */
p=GWEN_DB_GetBinValue(ndata,
"CryptData",
0,
0,0,
&l);
if (!p || !l) {
DBG_ERROR(AQHBCI_LOGDOMAIN, "No crypt data");
GWEN_Crypt_Key_free(sk);
return GWEN_ERROR_BAD_DATA;
}
/* decipher message with session key */
mbuf=GWEN_Buffer_new(0, l, 0, 1);
rv=GWEN_Crypt_Key_Decipher(sk,
(const uint8_t*)p, l,
(uint8_t*)GWEN_Buffer_GetPosPointer(mbuf),
&l);
GWEN_Crypt_Key_free(sk);
if (rv<0) {
DBG_INFO(AQHBCI_LOGDOMAIN,
"Could not decipher with DES session key (%d)",
rv);
GWEN_Buffer_free(mbuf);
return rv;
}
GWEN_Buffer_IncrementPos(mbuf, l);
GWEN_Buffer_AdjustUsedBytes(mbuf);
/* unpadd message */
rv=GWEN_Padd_UnpaddWithAnsiX9_23(mbuf);
if (rv) {
DBG_INFO(AQHBCI_LOGDOMAIN,
"Error unpadding message with ANSI X9.23 (%d)", rv);
GWEN_Buffer_free(mbuf);
return rv;
}
/* store crypter id */
AH_Msg_SetCrypterId(hmsg, crypterId);
/* store new buffer inside message */
GWEN_Buffer_free(hmsg->origbuffer);
hmsg->origbuffer=hmsg->buffer;
GWEN_Buffer_Rewind(mbuf);
hmsg->buffer=mbuf;
return 0;
}
int AH_Msg_VerifyRdh2(AH_MSG *hmsg, GWEN_DB_NODE *gr) {
AH_HBCI *h;
GWEN_LIST *sigheads;
GWEN_LIST *sigtails;
GWEN_DB_NODE *n;
int nonSigHeads;
int nSigheads;
unsigned int dataBegin;
char *dataStart;
unsigned int dataLength;
unsigned int i;
AB_USER *u;
GWEN_CRYPT_TOKEN *ct;
const GWEN_CRYPT_TOKEN_CONTEXT *ctx;
const GWEN_CRYPT_TOKEN_KEYINFO *ki;
uint32_t keyId;
int ksize;
int rv;
uint32_t gid;
assert(hmsg);
h=AH_Dialog_GetHbci(hmsg->dialog);
assert(h);
u=AH_Dialog_GetDialogOwner(hmsg->dialog);
assert(u);
gid=0;
/* get crypt token of signer */
rv=AB_Banking_GetCryptToken(AH_HBCI_GetBankingApi(h),
AH_User_GetTokenType(u),
AH_User_GetTokenName(u),
&ct);
if (rv) {
DBG_INFO(AQHBCI_LOGDOMAIN,
"Could not get crypt token for user \"%s\" (%d)",
AB_User_GetUserId(u), rv);
return rv;
}
/* open CryptToken if necessary */
if (!GWEN_Crypt_Token_IsOpen(ct)) {
GWEN_Crypt_Token_AddModes(ct, GWEN_CRYPT_TOKEN_MODE_DIRECT_SIGN);
rv=GWEN_Crypt_Token_Open(ct, 0, gid);
if (rv) {
DBG_INFO(AQHBCI_LOGDOMAIN,
"Could not open crypt token for user \"%s\" (%d)",
AB_User_GetUserId(u), rv);
return rv;
}
}
/* get context and key info */
ctx=GWEN_Crypt_Token_GetContext(ct,
AH_User_GetTokenContextId(u),
gid);
if (ctx==NULL) {
DBG_INFO(AQHBCI_LOGDOMAIN,
"Context %d not found on crypt token [%s:%s]",
AH_User_GetTokenContextId(u),
GWEN_Crypt_Token_GetTypeName(ct),
GWEN_Crypt_Token_GetTokenName(ct));
return GWEN_ERROR_NOT_FOUND;
}
/* let's go */
sigheads=GWEN_List_new();
/* enumerate signature heads */
nonSigHeads=0;
nSigheads=0;
n=GWEN_DB_GetFirstGroup(gr);
while(n) {
if (strcasecmp(GWEN_DB_GroupName(n), "SigHead")==0) {
/* found a signature head */
if (nonSigHeads) {
DBG_ERROR(AQHBCI_LOGDOMAIN,
"Found some unsigned parts at the beginning");
GWEN_List_free(sigheads);
return GWEN_ERROR_BAD_DATA;
}
GWEN_List_PushBack(sigheads, n);
nSigheads++;
}
else if (strcasecmp(GWEN_DB_GroupName(n), "MsgHead")!=0) {
if (nSigheads)
break;
nonSigHeads++;
}
n=GWEN_DB_GetNextGroup(n);
} /* while */
if (!n) {
if (nSigheads) {
DBG_ERROR(AQHBCI_LOGDOMAIN,
"Found Signature heads but no other segments");
GWEN_List_free(sigheads);
return GWEN_ERROR_BAD_DATA;
}
DBG_DEBUG(AQHBCI_LOGDOMAIN, "No signatures");
GWEN_List_free(sigheads);
return 0;
}
/* only now we need the verify key */
keyId=GWEN_Crypt_Token_Context_GetVerifyKeyId(ctx);
if (keyId==0) {
DBG_INFO(AQHBCI_LOGDOMAIN,
"No verify key id on crypt token [%s:%s]",
GWEN_Crypt_Token_GetTypeName(ct),
GWEN_Crypt_Token_GetTokenName(ct));
return GWEN_ERROR_NOT_FOUND;
}
ki=GWEN_Crypt_Token_GetKeyInfo(ct,
keyId,
0xffffffff,
gid);
if (ki==NULL) {
DBG_INFO(AQHBCI_LOGDOMAIN,
"Keyinfo %04x not found on crypt token [%s:%s]",
keyId,
GWEN_Crypt_Token_GetTypeName(ct),
GWEN_Crypt_Token_GetTokenName(ct));
/* no longer return an error, it might be ok to not have a key info
* even if we do not propagate the error here the check functions will
* later find out that the signature is missing */
return 0;
}
ksize=GWEN_Crypt_Token_KeyInfo_GetKeySize(ki);
assert(ksize<=256);
/* store begin of signed data */
dataBegin=GWEN_DB_GetIntValue(n, "segment/pos", 0, 0);
if (!dataBegin) {
DBG_ERROR(AQHBCI_LOGDOMAIN, "No position specifications in segment");
GWEN_List_free(sigheads);
return GWEN_ERROR_BAD_DATA;
}
/* now get first signature tail */
while(n) {
if (strcasecmp(GWEN_DB_GroupName(n), "SigTail")==0) {
unsigned int currpos;
/* found a signature tail */
currpos=GWEN_DB_GetIntValue(n, "segment/pos", 0, 0);
if (!currpos || dataBegin>currpos) {
DBG_ERROR(AQHBCI_LOGDOMAIN, "Bad position specification in Signature tail");
GWEN_List_free(sigheads);
return GWEN_ERROR_BAD_DATA;
}
dataLength=currpos-dataBegin;
break;
}
n=GWEN_DB_GetNextGroup(n);
} /* while */
if (!n) {
DBG_ERROR(AQHBCI_LOGDOMAIN, "No signature tail found");
GWEN_List_free(sigheads);
return GWEN_ERROR_BAD_DATA;
}
sigtails=GWEN_List_new();
while(n) {
if (strcasecmp(GWEN_DB_GroupName(n), "SigTail")!=0)
break;
GWEN_List_PushBack(sigtails, n);
n=GWEN_DB_GetNextGroup(n);
} /* while */
if (!n) {
DBG_ERROR(AQHBCI_LOGDOMAIN, "Message tail expected");
GWEN_List_free(sigheads);
GWEN_List_free(sigtails);
return GWEN_ERROR_BAD_DATA;
}
if (strcasecmp(GWEN_DB_GroupName(n), "MsgTail")!=0) {
DBG_ERROR(AQHBCI_LOGDOMAIN, "Unexpected segment (msg tail expected)");
GWEN_List_free(sigheads);
GWEN_List_free(sigtails);
return GWEN_ERROR_BAD_DATA;
}
n=GWEN_DB_GetNextGroup(n);
if (n) {
DBG_ERROR(AQHBCI_LOGDOMAIN, "Unexpected segment (end expected)");
GWEN_List_free(sigheads);
GWEN_List_free(sigtails);
return GWEN_ERROR_BAD_DATA;
}
if (GWEN_List_GetSize(sigheads)!=
GWEN_List_GetSize(sigtails)) {
DBG_ERROR(AQHBCI_LOGDOMAIN,
"Number of signature heads (%d) does not match "
"number of signature tails (%d)",
GWEN_List_GetSize(sigheads),
GWEN_List_GetSize(sigtails));
GWEN_List_free(sigheads);
GWEN_List_free(sigtails);
return GWEN_ERROR_BAD_DATA;
}
/* ok, now verify all signatures */
dataStart=GWEN_Buffer_GetStart(hmsg->buffer)+dataBegin;
for (i=0; i< GWEN_List_GetSize(sigtails); i++) {
GWEN_DB_NODE *sighead;
GWEN_DB_NODE *sigtail;
const uint8_t *p;
uint32_t l;
int rv;
uint8_t hash[20];
const char *signerId;
/* get signature tail */
sigtail=(GWEN_DB_NODE*)GWEN_List_GetBack(sigtails);
/* get corresponding signature head */
sighead=(GWEN_DB_NODE*)GWEN_List_GetFront(sigheads);
if (!sighead || !sigtail) {
DBG_ERROR(AQHBCI_LOGDOMAIN,
"No signature head/tail left (internal error)");
GWEN_List_free(sigheads);
GWEN_List_free(sigtails);
return GWEN_ERROR_INTERNAL;
}
GWEN_List_PopBack(sigtails);
GWEN_List_PopFront(sigheads);
signerId=GWEN_DB_GetCharValue(sighead, "key/userid", 0,
I18N("unknown"));
/* some checks */
if (strcasecmp(GWEN_DB_GetCharValue(sighead, "ctrlref", 0, ""),
GWEN_DB_GetCharValue(sigtail, "ctrlref", 0, ""))!=0) {
DBG_ERROR(AQHBCI_LOGDOMAIN, "Non-matching signature tail");
GWEN_List_free(sigheads);
GWEN_List_free(sigtails);
return GWEN_ERROR_BAD_DATA;
}
/* hash signature head and data */
if (1) {
GWEN_MDIGEST *md;
/* hash sighead + data */
p=(const uint8_t*)GWEN_Buffer_GetStart(hmsg->buffer);
p+=GWEN_DB_GetIntValue(sighead,
"segment/pos",
0,
0);
l=GWEN_DB_GetIntValue(sighead,
"segment/length",
0,
0);
md=GWEN_MDigest_Rmd160_new();
rv=GWEN_MDigest_Begin(md);
if (rv==0)
/* digest signature head */
rv=GWEN_MDigest_Update(md, p, l);
if (rv==0)
/* digest data */
rv=GWEN_MDigest_Update(md, (const uint8_t*)dataStart, dataLength);
if (rv==0)
rv=GWEN_MDigest_End(md);
if (rv<0) {
DBG_ERROR(AQHBCI_LOGDOMAIN, "Hash error (%d)", rv);
GWEN_MDigest_free(md);
GWEN_List_free(sigheads);
GWEN_List_free(sigtails);
return rv;
}
memmove(hash,
GWEN_MDigest_GetDigestPtr(md),
GWEN_MDigest_GetDigestSize(md));
GWEN_MDigest_free(md);
}
/* verify signature */
p=GWEN_DB_GetBinValue(sigtail, "signature", 0, 0, 0, &l);
if (p && l) {
GWEN_CRYPT_PADDALGO *algo;
algo=GWEN_Crypt_PaddAlgo_new(GWEN_Crypt_PaddAlgoId_Iso9796_2);
GWEN_Crypt_PaddAlgo_SetPaddSize(algo, ksize);
rv=GWEN_Crypt_Token_Verify(ct, keyId,
algo,
hash, 20, p, l, 0, gid);
GWEN_Crypt_PaddAlgo_free(algo);
if (rv) {
if (rv==GWEN_ERROR_NO_KEY) {
DBG_ERROR(AQHBCI_LOGDOMAIN,
"Unable to verify signature of user \"%s\" (no key)",
signerId);
GWEN_Gui_ProgressLog(gid,
GWEN_LoggerLevel_Error,
I18N("Unable to verify signature (no key)"));
}
else {
GWEN_BUFFER *tbuf;
tbuf=GWEN_Buffer_new(0, 32, 0, 1);
if (rv==GWEN_ERROR_VERIFY) {
DBG_ERROR(AQHBCI_LOGDOMAIN,
"Invalid signature of user \"%s\"", signerId);
GWEN_Gui_ProgressLog(gid,
GWEN_LoggerLevel_Error,
I18N("Invalid signature!!!"));
GWEN_Buffer_AppendString(tbuf, "!");
}
else {
GWEN_Gui_ProgressLog(gid,
GWEN_LoggerLevel_Error,
I18N("Could not verify signature"));
DBG_ERROR(AQHBCI_LOGDOMAIN,
"Could not verify data with medium of user \"%s\" (%d)",
AB_User_GetUserId(u), rv);
GWEN_Buffer_AppendString(tbuf, "?");
}
GWEN_Buffer_AppendString(tbuf, signerId);
AH_Msg_AddSignerId(hmsg, GWEN_Buffer_GetStart(tbuf));
GWEN_Buffer_free(tbuf);
}
}
else {
DBG_INFO(AQHBCI_LOGDOMAIN, "Message signed by \"%s\"", signerId);
AH_Msg_AddSignerId(hmsg, signerId);
}
}
else {
DBG_DEBUG(AQHBCI_LOGDOMAIN, "No signature");
GWEN_List_free(sigheads);
GWEN_List_free(sigtails);
return GWEN_ERROR_BAD_DATA;
}
DBG_DEBUG(AQHBCI_LOGDOMAIN, "Verification done");
} /* for */
GWEN_List_free(sigheads);
GWEN_List_free(sigtails);
return 0;
}
int AH_Msg_EncryptRdh2(AH_MSG *hmsg) {
AH_HBCI *h;
GWEN_XMLNODE *node;
GWEN_DB_NODE *cfg;
GWEN_BUFFER *mbuf;
GWEN_BUFFER *hbuf;
uint32_t l;
int rv;
const char *p;
GWEN_MSGENGINE *e;
AB_USER *u;
const char *peerId;
// uint32_t uFlags;
GWEN_CRYPT_TOKEN *ct;
const GWEN_CRYPT_TOKEN_CONTEXT *ctx;
const GWEN_CRYPT_TOKEN_KEYINFO *ki;
uint32_t keyId;
GWEN_CRYPT_KEY *sk;
uint8_t encKey[300];
int encKeyLen;
uint32_t gid;
assert(hmsg);
h=AH_Dialog_GetHbci(hmsg->dialog);
assert(h);
e=AH_Dialog_GetMsgEngine(hmsg->dialog);
assert(e);
GWEN_MsgEngine_SetMode(e, "rdh");
gid=0;
u=AH_Dialog_GetDialogOwner(hmsg->dialog);
// uFlags=AH_User_GetFlags(u);
peerId=AH_User_GetPeerId(u);
if (!peerId || *peerId==0)
peerId=AB_User_GetUserId(u);
/* get crypt token of signer */
rv=AB_Banking_GetCryptToken(AH_HBCI_GetBankingApi(h),
AH_User_GetTokenType(u),
AH_User_GetTokenName(u),
&ct);
if (rv) {
DBG_INFO(AQHBCI_LOGDOMAIN,
"Could not get crypt token for user \"%s\" (%d)",
AB_User_GetUserId(u), rv);
return rv;
}
/* open CryptToken if necessary */
if (!GWEN_Crypt_Token_IsOpen(ct)) {
GWEN_Crypt_Token_AddModes(ct, GWEN_CRYPT_TOKEN_MODE_DIRECT_SIGN);
rv=GWEN_Crypt_Token_Open(ct, 0, gid);
if (rv) {
DBG_INFO(AQHBCI_LOGDOMAIN,
"Could not open crypt token for user \"%s\" (%d)",
AB_User_GetUserId(u), rv);
return rv;
}
}
/* get context and key info */
ctx=GWEN_Crypt_Token_GetContext(ct,
AH_User_GetTokenContextId(u),
gid);
if (ctx==NULL) {
DBG_INFO(AQHBCI_LOGDOMAIN,
"Context %d not found on crypt token [%s:%s]",
AH_User_GetTokenContextId(u),
GWEN_Crypt_Token_GetTypeName(ct),
GWEN_Crypt_Token_GetTokenName(ct));
return GWEN_ERROR_NOT_FOUND;
}
keyId=GWEN_Crypt_Token_Context_GetEncipherKeyId(ctx);
ki=GWEN_Crypt_Token_GetKeyInfo(ct,
keyId,
0xffffffff,
gid);
if (ki==NULL) {
DBG_INFO(AQHBCI_LOGDOMAIN,
"Keyinfo %04x not found on crypt token [%s:%s]",
keyId,
GWEN_Crypt_Token_GetTypeName(ct),
GWEN_Crypt_Token_GetTokenName(ct));
return GWEN_ERROR_NOT_FOUND;
}
rv=GWEN_Padd_PaddWithAnsiX9_23(hmsg->buffer);
if (rv) {
DBG_INFO(AQHBCI_LOGDOMAIN,
"Error padding message with ANSI X9.23 (%d)", rv);
return rv;
}
/* create session key */
sk=GWEN_Crypt_KeyDes3K_Generate(GWEN_Crypt_CryptMode_Cbc, 24, 2);
if (sk==NULL) {
DBG_INFO(AQHBCI_LOGDOMAIN, "Could not generate DES key");
return GWEN_ERROR_INTERNAL;
}
/* encrypt message with that session key */
mbuf=GWEN_Buffer_new(0, GWEN_Buffer_GetUsedBytes(hmsg->buffer), 0, 1);
l=GWEN_Buffer_GetUsedBytes(hmsg->buffer);
rv=GWEN_Crypt_Key_Encipher(sk,
(uint8_t*)GWEN_Buffer_GetStart(hmsg->buffer),
GWEN_Buffer_GetUsedBytes(hmsg->buffer),
(uint8_t*)GWEN_Buffer_GetPosPointer(mbuf),
&l);
if (rv<0) {
DBG_INFO(AQHBCI_LOGDOMAIN,
"Could not encipher with DES session key (%d)",
rv);
GWEN_Buffer_free(mbuf);
GWEN_Crypt_Key_free(sk);
return rv;
}
GWEN_Buffer_IncrementPos(mbuf, l);
GWEN_Buffer_AdjustUsedBytes(mbuf);
/* encrypt session key */
if (1) {
uint32_t elen;
GWEN_CRYPT_PADDALGO *algo;
algo=GWEN_Crypt_PaddAlgo_new(GWEN_Crypt_PaddAlgoId_LeftZero);
GWEN_Crypt_PaddAlgo_SetPaddSize(algo, GWEN_Crypt_Token_KeyInfo_GetKeySize(ki));
elen=sizeof(encKey);
rv=GWEN_Crypt_Token_Encipher(ct,
keyId,
algo,
GWEN_Crypt_KeyDes3K_GetKeyDataPtr(sk),
16,
encKey,
&elen,
gid);
GWEN_Crypt_PaddAlgo_free(algo);
if (rv<0) {
DBG_INFO(AQHBCI_LOGDOMAIN, "here (%d)", rv);
GWEN_Buffer_free(mbuf);
GWEN_Crypt_Key_free(sk);
return rv;
}
encKeyLen=elen;
}
GWEN_Crypt_Key_free(sk);
/* create crypt head */
node=GWEN_MsgEngine_FindNodeByPropertyStrictProto(e,
"SEG",
"id",
0,
"CryptHead");
if (!node) {
DBG_INFO(AQHBCI_LOGDOMAIN, "Segment \"CryptHead\" not found");
GWEN_Buffer_free(mbuf);
GWEN_Crypt_Key_free(sk);
return GWEN_ERROR_INTERNAL;
}
/* create CryptHead */
cfg=GWEN_DB_Group_new("crypthead");
GWEN_DB_SetIntValue(cfg, GWEN_DB_FLAGS_DEFAULT,
"head/seq", 998);
rv=AH_MsgRdh_PrepareCryptoSeg2(hmsg, u, ki, cfg, 1, 0);
if (rv) {
DBG_INFO(AQHBCI_LOGDOMAIN, "here (%d)", rv);
GWEN_DB_Group_free(cfg);
GWEN_Buffer_free(mbuf);
return rv;
}
/* store system id */
if (hmsg->noSysId) {
GWEN_DB_SetCharValue(cfg, GWEN_DB_FLAGS_DEFAULT,
"SecDetails/SecId", "0");
}
else {
p=AH_User_GetSystemId(u);
if (p==NULL)
p=GWEN_Crypt_Token_Context_GetSystemId(ctx);
if (p)
GWEN_DB_SetCharValue(cfg, GWEN_DB_FLAGS_DEFAULT,
"SecDetails/SecId", p);
else {
DBG_INFO(AQHBCI_LOGDOMAIN,
"No System id on RDH medium, using default");
GWEN_DB_SetCharValue(cfg, GWEN_DB_FLAGS_DEFAULT,
"SecDetails/SecId", "0");
}
}
/* store encrypted message key */
GWEN_DB_SetBinValue(cfg, GWEN_DB_FLAGS_DEFAULT,
"CryptAlgo/MsgKey",
encKey,
encKeyLen);
hbuf=GWEN_Buffer_new(0, 256+GWEN_Buffer_GetUsedBytes(mbuf), 0, 1);
rv=GWEN_MsgEngine_CreateMessageFromNode(e,
node,
hbuf,
cfg);
if (rv) {
DBG_INFO(AQHBCI_LOGDOMAIN, "Could not create CryptHead (%d)", rv);
GWEN_Buffer_free(hbuf);
GWEN_DB_Group_free(cfg);
GWEN_Buffer_free(mbuf);
return rv;
}
GWEN_DB_Group_free(cfg);
/* create cryptdata */
cfg=GWEN_DB_Group_new("cryptdata");
GWEN_DB_SetIntValue(cfg, GWEN_DB_FLAGS_DEFAULT,
"head/seq", 999);
GWEN_DB_SetBinValue(cfg, GWEN_DB_FLAGS_DEFAULT,
"cryptdata",
GWEN_Buffer_GetStart(mbuf),
GWEN_Buffer_GetUsedBytes(mbuf));
GWEN_Buffer_free(mbuf);
node=GWEN_MsgEngine_FindNodeByPropertyStrictProto(e,
"SEG",
"id",
0,
"CryptData");
if (!node) {
DBG_INFO(AQHBCI_LOGDOMAIN, "Segment \"CryptData\"not found");
GWEN_Buffer_free(hbuf);
GWEN_DB_Group_free(cfg);
return -1;
}
rv=GWEN_MsgEngine_CreateMessageFromNode(e,
node,
hbuf,
cfg);
if (rv) {
DBG_INFO(AQHBCI_LOGDOMAIN, "Could not create CryptData (%d)", rv);
GWEN_Buffer_free(hbuf);
GWEN_DB_Group_free(cfg);
return rv;
}
/* replace existing buffer by encrypted one */
GWEN_Buffer_free(hmsg->buffer);
hmsg->buffer=hbuf;
GWEN_DB_Group_free(cfg);
return 0;
}
int AH_Msg_SignRdh2(AH_MSG *hmsg,
AB_USER *su,
GWEN_BUFFER *rawBuf,
const char *signer) {
AH_HBCI *h;
GWEN_XMLNODE *node;
GWEN_DB_NODE *cfg;
GWEN_BUFFER *sigbuf;
GWEN_BUFFER *hbuf;
unsigned int l;
int rv;
char ctrlref[15];
const char *p;
GWEN_MSGENGINE *e;
uint32_t uFlags;
GWEN_CRYPT_TOKEN *ct;
const GWEN_CRYPT_TOKEN_CONTEXT *ctx;
const GWEN_CRYPT_TOKEN_KEYINFO *ki;
uint32_t keyId;
uint32_t gid;
assert(hmsg);
h=AH_Dialog_GetHbci(hmsg->dialog);
assert(h);
e=AH_Dialog_GetMsgEngine(hmsg->dialog);
assert(e);
GWEN_MsgEngine_SetMode(e, "rdh");
gid=0;
uFlags=AH_User_GetFlags(su);
/* get crypt token of signer */
rv=AB_Banking_GetCryptToken(AH_HBCI_GetBankingApi(h),
AH_User_GetTokenType(su),
AH_User_GetTokenName(su),
&ct);
if (rv) {
DBG_INFO(AQHBCI_LOGDOMAIN,
"Could not get crypt token for user \"%s\" (%d)",
AB_User_GetUserId(su), rv);
return rv;
}
/* open CryptToken if necessary */
if (!GWEN_Crypt_Token_IsOpen(ct)) {
GWEN_Crypt_Token_AddModes(ct, GWEN_CRYPT_TOKEN_MODE_DIRECT_SIGN);
rv=GWEN_Crypt_Token_Open(ct, 0, gid);
if (rv) {
DBG_INFO(AQHBCI_LOGDOMAIN,
"Could not open crypt token for user \"%s\" (%d)",
AB_User_GetUserId(su), rv);
return rv;
}
}
/* get context and key info */
ctx=GWEN_Crypt_Token_GetContext(ct,
AH_User_GetTokenContextId(su),
gid);
if (ctx==NULL) {
DBG_INFO(AQHBCI_LOGDOMAIN,
"Context %d not found on crypt token [%s:%s]",
AH_User_GetTokenContextId(su),
GWEN_Crypt_Token_GetTypeName(ct),
GWEN_Crypt_Token_GetTokenName(ct));
return GWEN_ERROR_NOT_FOUND;
}
keyId=GWEN_Crypt_Token_Context_GetSignKeyId(ctx);
ki=GWEN_Crypt_Token_GetKeyInfo(ct,
keyId,
0xffffffff,
gid);
if (ki==NULL) {
DBG_INFO(AQHBCI_LOGDOMAIN,
"Keyinfo %04x not found on crypt token [%s:%s]",
keyId,
GWEN_Crypt_Token_GetTypeName(ct),
GWEN_Crypt_Token_GetTokenName(ct));
return GWEN_ERROR_NOT_FOUND;
}
node=GWEN_MsgEngine_FindNodeByPropertyStrictProto(e,
"SEG",
"id",
0,
"SigHead");
if (!node) {
DBG_INFO(AQHBCI_LOGDOMAIN, "Segment \"SigHead\" not found");
return GWEN_ERROR_INTERNAL;
}
/* prepare config for segment */
cfg=GWEN_DB_Group_new("sighead");
rv=AH_MsgRdh_PrepareCryptoSeg2(hmsg, su, ki, cfg, 0, 1);
if (rv) {
DBG_INFO(AQHBCI_LOGDOMAIN, "here (%d)", rv);
GWEN_DB_Group_free(cfg);
return rv;
}
/* set expected signer */
if (!(uFlags & AH_USER_FLAGS_BANK_DOESNT_SIGN)) {
const char *remoteId;
remoteId=AH_User_GetPeerId(su);
if (!remoteId || *remoteId==0)
remoteId=AB_User_GetUserId(su);
assert(remoteId);
assert(*remoteId);
DBG_DEBUG(AQHBCI_LOGDOMAIN,
"Expecting \"%s\" to sign the response",
remoteId);
AH_Msg_SetExpectedSigner(hmsg, remoteId);
}
/* store system id */
if (hmsg->noSysId) {
GWEN_DB_SetCharValue(cfg, GWEN_DB_FLAGS_DEFAULT,
"SecDetails/SecId", "0");
}
else {
p=AH_User_GetSystemId(su);
if (p==NULL)
p=GWEN_Crypt_Token_Context_GetSystemId(ctx);
if (p)
GWEN_DB_SetCharValue(cfg, GWEN_DB_FLAGS_DEFAULT,
"SecDetails/SecId", p);
else {
GWEN_DB_SetCharValue(cfg, GWEN_DB_FLAGS_DEFAULT,
"SecDetails/SecId", "0");
}
}
/* retrieve control reference for sigtail (to be used later) */
p=GWEN_DB_GetCharValue(cfg, "ctrlref", 0, "");
if (strlen(p)>=sizeof(ctrlref)) {
DBG_INFO(AQHBCI_LOGDOMAIN, "Control reference too long (14 bytes maximum)");
GWEN_DB_Group_free(cfg);
return -1;
}
strcpy(ctrlref, p);
/* create SigHead */
hbuf=GWEN_Buffer_new(0, 128+GWEN_Buffer_GetUsedBytes(rawBuf), 0, 1);
GWEN_DB_SetIntValue(cfg, GWEN_DB_FLAGS_DEFAULT,
"head/seq", hmsg->firstSegment-1);
GWEN_DB_SetIntValue(cfg, GWEN_DB_FLAGS_DEFAULT,
"signseq",
GWEN_Crypt_Token_KeyInfo_GetSignCounter(ki));
/* create signature head segment */
rv=GWEN_MsgEngine_CreateMessageFromNode(e, node, hbuf, cfg);
GWEN_DB_Group_free(cfg);
cfg=0;
if (rv) {
DBG_INFO(AQHBCI_LOGDOMAIN, "Could not create SigHead");
GWEN_Buffer_free(hbuf);
return rv;
}
/* remember size of sighead for now */
l=GWEN_Buffer_GetUsedBytes(hbuf);
/* add raw data to to-sign data buffer */
GWEN_Buffer_AppendBuffer(hbuf, rawBuf);
/* sign message */
sigbuf=GWEN_Buffer_new(0, 512, 0, 1);
if (1) {
uint32_t signLen;
GWEN_CRYPT_PADDALGO *algo;
GWEN_MDIGEST *md;
uint32_t seq;
/* hash sighead + data */
md=GWEN_MDigest_Rmd160_new();
rv=GWEN_MDigest_Begin(md);
if (rv==0)
rv=GWEN_MDigest_Update(md,
(uint8_t*)GWEN_Buffer_GetStart(hbuf),
GWEN_Buffer_GetUsedBytes(hbuf));
if (rv==0)
rv=GWEN_MDigest_End(md);
if (rv<0) {
DBG_ERROR(AQHBCI_LOGDOMAIN, "Hash error (%d)", rv);
GWEN_MDigest_free(md);
GWEN_Buffer_free(sigbuf);
GWEN_Buffer_free(hbuf);
return rv;
}
/* sign hash */
algo=GWEN_Crypt_PaddAlgo_new(GWEN_Crypt_PaddAlgoId_Iso9796_2);
GWEN_Crypt_PaddAlgo_SetPaddSize(algo, GWEN_Crypt_Token_KeyInfo_GetKeySize(ki));
signLen=GWEN_Buffer_GetMaxUnsegmentedWrite(sigbuf);
rv=GWEN_Crypt_Token_Sign(ct, keyId,
algo,
GWEN_MDigest_GetDigestPtr(md),
GWEN_MDigest_GetDigestSize(md),
(uint8_t*)GWEN_Buffer_GetPosPointer(sigbuf),
&signLen,
&seq,
gid);
GWEN_Crypt_PaddAlgo_free(algo);
GWEN_MDigest_free(md);
if (rv) {
DBG_ERROR(AQHBCI_LOGDOMAIN,
"Could not sign data with medium of user \"%s\" (%d)",
AB_User_GetUserId(su), rv);
GWEN_Buffer_free(sigbuf);
GWEN_Buffer_free(hbuf);
return rv;
}
GWEN_Buffer_IncrementPos(sigbuf, signLen);
GWEN_Buffer_AdjustUsedBytes(sigbuf);
}
DBG_DEBUG(AQHBCI_LOGDOMAIN, "Signing done");
/* insert new SigHead at beginning of message buffer */
DBG_DEBUG(AQHBCI_LOGDOMAIN, "Inserting signature head");
GWEN_Buffer_Rewind(hmsg->buffer);
GWEN_Buffer_InsertBytes(hmsg->buffer, GWEN_Buffer_GetStart(hbuf), l);
/* create sigtail */
DBG_DEBUG(AQHBCI_LOGDOMAIN, "Completing signature tail");
cfg=GWEN_DB_Group_new("sigtail");
GWEN_Buffer_Reset(hbuf);
GWEN_DB_SetIntValue(cfg, GWEN_DB_FLAGS_DEFAULT,
"head/seq", hmsg->lastSegment+1);
/* store to DB */
GWEN_DB_SetBinValue(cfg, GWEN_DB_FLAGS_DEFAULT,
"signature",
GWEN_Buffer_GetStart(sigbuf),
GWEN_Buffer_GetUsedBytes(sigbuf));
GWEN_Buffer_free(sigbuf);
GWEN_DB_SetCharValue(cfg, GWEN_DB_FLAGS_DEFAULT,
"ctrlref", ctrlref);
/* get node */
node=GWEN_MsgEngine_FindNodeByPropertyStrictProto(e,
"SEG",
"id",
0,
"SigTail");
if (!node) {
DBG_INFO(AQHBCI_LOGDOMAIN, "Segment \"SigTail\"not found");
GWEN_Buffer_free(hbuf);
GWEN_DB_Group_free(cfg);
return -1;
}
rv=GWEN_MsgEngine_CreateMessageFromNode(e, node, hbuf, cfg);
if (rv) {
DBG_INFO(AQHBCI_LOGDOMAIN, "Could not create SigTail");
GWEN_Buffer_free(hbuf);
GWEN_DB_Group_free(cfg);
return -1;
}
/* append sigtail */
DBG_DEBUG(AQHBCI_LOGDOMAIN, "Appending signature tail");
if (GWEN_Buffer_AppendBuffer(hmsg->buffer, hbuf)) {
DBG_INFO(AQHBCI_LOGDOMAIN, "here");
GWEN_Buffer_free(hbuf);
GWEN_DB_Group_free(cfg);
return -1;
}
DBG_DEBUG(AQHBCI_LOGDOMAIN, "Appending signature tail: done");
GWEN_Buffer_free(hbuf);
GWEN_DB_Group_free(cfg);
/* adjust segment numbers (for next signature and message tail */
hmsg->firstSegment--;
hmsg->lastSegment++;
return 0;
}
int EBC_Provider_XchgIniRequest_H002(AB_PROVIDER *pro,
GWEN_HTTP_SESSION *sess,
AB_USER *u)
{
int rv;
GWEN_CRYPT_TOKEN *ct;
const GWEN_CRYPT_TOKEN_CONTEXT *ctx;
uint32_t kid;
const GWEN_CRYPT_TOKEN_KEYINFO *signKeyInfo=NULL;
xmlNsPtr ns;
EB_MSG *msg;
const char *userId;
EB_MSG *mRsp;
EB_RC rc;
xmlDocPtr doc;
xmlNodePtr root_node = NULL;
xmlNodePtr node = NULL;
GWEN_BUFFER *tbuf;
const char *signVersion;
const char *s;
GWEN_BUFFER *bufKey;
GWEN_BUFFER *bufZip;
GWEN_BUFFER *bufB64;
userId=AB_User_GetUserId(u);
/* get crypt token and context */
rv=EBC_Provider_MountToken(pro, u, &ct, &ctx);
if (rv<0) {
DBG_INFO(AQEBICS_LOGDOMAIN, "here (%d)", rv);
return rv;
}
/* get crypt key info */
kid=GWEN_Crypt_Token_Context_GetSignKeyId(ctx);
if (kid) {
signKeyInfo=GWEN_Crypt_Token_GetKeyInfo(ct, kid,
GWEN_CRYPT_TOKEN_KEYFLAGS_HASMODULUS |
GWEN_CRYPT_TOKEN_KEYFLAGS_HASEXPONENT |
GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYVERSION |
GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYNUMBER,
0);
if (signKeyInfo==NULL) {
DBG_ERROR(AQEBICS_LOGDOMAIN, "Sign key info not found on crypt token");
GWEN_Gui_ProgressLog(0,
GWEN_LoggerLevel_Error,
I18N("Sign key info not found on crypt token"));
return GWEN_ERROR_NOT_FOUND;
}
}
signVersion=EBC_User_GetSignVersion(u);
if (!(signVersion && *signVersion))
signVersion="A004";
if (strcasecmp(signVersion, "A004")==0) {
/* encode according to "DFUE-Abkommen" */
bufKey=GWEN_Buffer_new(0, 512, 0, 1);
rc=EB_Key_Info_toBin(signKeyInfo, userId, "A004", 1024, bufKey);
if (rc) {
DBG_ERROR(AQEBICS_LOGDOMAIN, "Error writing key (rc=%06x)", rc);
GWEN_Buffer_free(bufKey);
return GWEN_ERROR_GENERIC;
}
/* zip order */
bufZip=GWEN_Buffer_new(0, 512, 0, 1);
if (EB_Zip_Deflate(GWEN_Buffer_GetStart(bufKey),
GWEN_Buffer_GetUsedBytes(bufKey),
bufZip)) {
DBG_ERROR(AQEBICS_LOGDOMAIN, "Unable to zip key data");
GWEN_Buffer_free(bufZip);
GWEN_Buffer_free(bufKey);
return GWEN_ERROR_GENERIC;
}
GWEN_Buffer_free(bufKey);
/* base64 encode for order */
bufB64=GWEN_Buffer_new(0, 800, 0, 1);
if (GWEN_Base64_Encode((const unsigned char *)GWEN_Buffer_GetStart(bufZip),
GWEN_Buffer_GetUsedBytes(bufZip),
bufB64, 0)) {
DBG_ERROR(AQEBICS_LOGDOMAIN, "Error encoding key");
GWEN_Buffer_free(bufB64);
GWEN_Buffer_free(bufZip);
return GWEN_ERROR_GENERIC;
}
GWEN_Buffer_free(bufZip);
}
else {
DBG_ERROR(AQEBICS_LOGDOMAIN, "Unsupported sign version [%s]", signVersion);
return GWEN_ERROR_INTERNAL;
}
/* create request */
msg=EB_Msg_new();
doc=EB_Msg_GetDoc(msg);
root_node=xmlNewNode(NULL, BAD_CAST "ebicsUnsecuredRequest");
xmlDocSetRootElement(doc, root_node);
ns=xmlNewNs(root_node,
BAD_CAST "http://www.ebics.org/H002",
NULL);
assert(ns);
ns=xmlNewNs(root_node,
BAD_CAST "http://www.w3.org/2000/09/xmldsig#",
BAD_CAST "ds");
assert(ns);
ns=xmlNewNs(root_node,
BAD_CAST "http://www.w3.org/2001/XMLSchema-instance",
BAD_CAST "xsi");
xmlNewNsProp(root_node,
ns,
BAD_CAST "schemaLocation", /* xsi:schemaLocation */
BAD_CAST "http://www.ebics.org/H002 "
"http://www.ebics.org/H002/ebics_keymgmt_request.xsd");
xmlNewProp(root_node, BAD_CAST "Version", BAD_CAST "H002");
xmlNewProp(root_node, BAD_CAST "Revision", BAD_CAST "1");
/* header */
node=xmlNewChild(root_node, NULL, BAD_CAST "header", NULL);
xmlNewProp(node, BAD_CAST "authenticate", BAD_CAST "true");
xmlNewChild(node, NULL, BAD_CAST "static", NULL);
xmlNewChild(node, NULL, BAD_CAST "mutable", NULL);
/* body */
node=xmlNewChild(root_node, NULL, BAD_CAST "body", NULL);
/* fill */
s=EBC_User_GetPeerId(u);
if (s)
EB_Msg_SetCharValue(msg, "header/static/HostID", s);
s=AB_User_GetCustomerId(u);
if (s)
EB_Msg_SetCharValue(msg, "header/static/PartnerID", s);
EB_Msg_SetCharValue(msg, "header/static/UserID",
AB_User_GetUserId(u));
EB_Msg_SetCharValue(msg, "header/static/OrderDetails/OrderType", "INI");
tbuf=GWEN_Buffer_new(0, 16, 0, 1);
rv=EBC_Provider_Generate_OrderId(pro, tbuf);
if (rv<0) {
DBG_ERROR(AQEBICS_LOGDOMAIN, "Error creating order id (%d)", rv);
GWEN_Buffer_free(tbuf);
GWEN_Buffer_free(bufB64);
EB_Msg_free(msg);
return rv;
}
EB_Msg_SetCharValue(msg, "header/static/OrderDetails/OrderID",
GWEN_Buffer_GetStart(tbuf));
GWEN_Buffer_free(tbuf);
EB_Msg_SetCharValue(msg,
"header/static/OrderDetails/OrderAttribute",
"DZNNN");
EB_Msg_SetCharValue(msg, "header/static/SecurityMedium", "0000");
EB_Msg_SetCharValue(msg, "body/DataTransfer/OrderData",
GWEN_Buffer_GetStart(bufB64));
GWEN_Buffer_free(bufB64);
/* exchange requests */
rv=EBC_Dialog_ExchangeMessages(sess, msg, &mRsp);
if (rv<0 || rv>=300) {
DBG_ERROR(AQEBICS_LOGDOMAIN, "Error exchanging messages (%d)", rv);
EB_Msg_free(msg);
return rv;
}
EB_Msg_free(msg);
/* check response */
assert(mRsp);
/* log results */
EBC_Provider_LogRequestResults(pro, mRsp, NULL);
rc=EB_Msg_GetResultCode(mRsp);
if ((rc & 0xff0000)==0x090000 ||
(rc & 0xff0000)==0x060000) {
DBG_ERROR(AQEBICS_LOGDOMAIN, "Error response: (%06x)", rc);
EB_Msg_free(mRsp);
return AB_ERROR_SECURITY;
}
rc=EB_Msg_GetBodyResultCode(mRsp);
if (rc) {
if ((rc & 0xff0000)==0x090000 ||
(rc & 0xff0000)==0x060000) {
DBG_ERROR(AQEBICS_LOGDOMAIN, "Error response: (%06x)", rc);
EB_Msg_free(mRsp);
if ((rc & 0xfff00)==0x091300 ||
(rc & 0xfff00)==0x091200)
return AB_ERROR_SECURITY;
else
return GWEN_ERROR_GENERIC;
}
}
EB_Msg_free(mRsp);
/* adjust user status and flags */
DBG_NOTICE(AQEBICS_LOGDOMAIN, "Adjusting user flags");
EBC_User_AddFlags(u, EBC_USER_FLAGS_INI);
if ((EBC_User_GetFlags(u) & (EBC_USER_FLAGS_INI | EBC_USER_FLAGS_HIA))
==
(EBC_USER_FLAGS_INI | EBC_USER_FLAGS_HIA))
EBC_User_SetStatus(u, EBC_UserStatus_Init2);
else
EBC_User_SetStatus(u, EBC_UserStatus_Init1);
return 0;
}
int EBC_Provider_XchgHiaRequest_H003(AB_PROVIDER *pro,
GWEN_HTTP_SESSION *sess,
AB_USER *u)
{
int rv;
GWEN_CRYPT_TOKEN *ct;
const GWEN_CRYPT_TOKEN_CONTEXT *ctx;
uint32_t kid;
const GWEN_CRYPT_TOKEN_KEYINFO *cryptKeyInfo=NULL;
const GWEN_CRYPT_TOKEN_KEYINFO *authKeyInfo=NULL;
xmlNsPtr ns;
EB_MSG *msg;
const char *userId;
const char *partnerId;
EB_MSG *mRsp;
EB_RC rc;
xmlDocPtr doc;
xmlNodePtr root_node = NULL;
xmlNodePtr node = NULL;
/*xmlNodePtr nodeX = NULL;*/
GWEN_BUFFER *mbuf;
GWEN_BUFFER *tbuf;
const char *s;
userId=AB_User_GetUserId(u);
partnerId=AB_User_GetCustomerId(u);
/* get crypt token and context */
rv=EBC_Provider_MountToken(pro, u, &ct, &ctx);
if (rv<0) {
DBG_INFO(AQEBICS_LOGDOMAIN, "here (%d)", rv);
return rv;
}
/* get crypt key info */
kid=GWEN_Crypt_Token_Context_GetDecipherKeyId(ctx);
if (kid) {
cryptKeyInfo=GWEN_Crypt_Token_GetKeyInfo(ct, kid,
GWEN_CRYPT_TOKEN_KEYFLAGS_HASMODULUS |
GWEN_CRYPT_TOKEN_KEYFLAGS_HASEXPONENT |
GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYVERSION |
GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYNUMBER,
0);
if (cryptKeyInfo==NULL) {
DBG_ERROR(AQEBICS_LOGDOMAIN, "Crypt key info not found on crypt token");
GWEN_Gui_ProgressLog(0,
GWEN_LoggerLevel_Error,
I18N("Crypt key info not found on crypt token"));
return GWEN_ERROR_NOT_FOUND;
}
}
/* get auth sign key info */
kid=GWEN_Crypt_Token_Context_GetAuthSignKeyId(ctx);
if (kid) {
authKeyInfo=GWEN_Crypt_Token_GetKeyInfo(ct, kid,
GWEN_CRYPT_TOKEN_KEYFLAGS_HASMODULUS |
GWEN_CRYPT_TOKEN_KEYFLAGS_HASEXPONENT |
GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYVERSION |
GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYNUMBER,
0);
if (authKeyInfo==NULL) {
DBG_ERROR(AQEBICS_LOGDOMAIN, "Auth key info not found on crypt token");
GWEN_Gui_ProgressLog(0,
GWEN_LoggerLevel_Error,
I18N("Auth key info not found on crypt token"));
return GWEN_ERROR_NOT_FOUND;
}
}
/* create HIARequestOrderData */
doc=xmlNewDoc(BAD_CAST "1.0");
doc->encoding=xmlCharStrdup("UTF-8");
root_node=xmlNewNode(NULL, BAD_CAST "HIARequestOrderData");
xmlDocSetRootElement(doc, root_node);
ns=xmlNewNs(root_node,
BAD_CAST "http://www.ebics.org/H003",
NULL);
assert(ns);
ns=xmlNewNs(root_node,
BAD_CAST "http://www.w3.org/2000/09/xmldsig#",
BAD_CAST "ds");
assert(ns);
ns=xmlNewNs(root_node,
BAD_CAST "http://www.w3.org/2001/XMLSchema-instance",
BAD_CAST "xsi");
xmlNewNsProp(root_node,
ns,
BAD_CAST "schemaLocation", /* xsi:schemaLocation */
BAD_CAST "http://www.ebics.org/H003 "
"http://www.ebics.org/H003/ebics_orders.xsd");
/* create auth key tree */
node=xmlNewChild(root_node, NULL,
BAD_CAST "AuthenticationPubKeyInfo", NULL);
rv=EB_Key_Info_toXml(authKeyInfo, node);
if (rv<0) {
DBG_ERROR(AQEBICS_LOGDOMAIN, "Error response: (%d)", rv);
xmlFreeDoc(doc);
return GWEN_ERROR_INVALID;
}
xmlNewChild(node, NULL,
BAD_CAST "AuthenticationVersion",
BAD_CAST "X002");
/* create crypt key tree */
node=xmlNewChild(root_node, NULL,
BAD_CAST "EncryptionPubKeyInfo", NULL);
rv=EB_Key_Info_toXml(cryptKeyInfo, node);
if (rv<0) {
DBG_ERROR(AQEBICS_LOGDOMAIN, "Error response: (%d)", rv);
xmlFreeDoc(doc);
return rv;
}
xmlNewChild(node, NULL,
BAD_CAST "EncryptionVersion",
BAD_CAST "E002");
/* store partner id and user id */
node=xmlNewChild(root_node, NULL,
BAD_CAST "PartnerID",
BAD_CAST partnerId);
node=xmlNewChild(root_node, NULL,
BAD_CAST "UserID",
BAD_CAST userId);
/* compress and base64 doc */
mbuf=GWEN_Buffer_new(0, 512, 0, 1);
rv=EB_Xml_Compress64Doc(doc, mbuf);
if (rv<0) {
DBG_ERROR(AQEBICS_LOGDOMAIN, "Error compressing/encoding doc (%d)", rv);
xmlFreeDoc(doc);
return rv;
}
xmlFreeDoc(doc);
/* create request */
msg=EB_Msg_new();
doc=EB_Msg_GetDoc(msg);
root_node=xmlNewNode(NULL, BAD_CAST "ebicsUnsecuredRequest");
xmlDocSetRootElement(doc, root_node);
ns=xmlNewNs(root_node,
BAD_CAST "http://www.ebics.org/H003",
NULL);
assert(ns);
ns=xmlNewNs(root_node,
BAD_CAST "http://www.w3.org/2000/09/xmldsig#",
BAD_CAST "ds");
assert(ns);
ns=xmlNewNs(root_node,
BAD_CAST "http://www.w3.org/2001/XMLSchema-instance",
BAD_CAST "xsi");
xmlNewNsProp(root_node,
ns,
BAD_CAST "schemaLocation", /* xsi:schemaLocation */
BAD_CAST "http://www.ebics.org/H003 "
"http://www.ebics.org/H003/ebics_keymgmt_request.xsd");
xmlNewProp(root_node, BAD_CAST "Version", BAD_CAST "H003");
xmlNewProp(root_node, BAD_CAST "Revision", BAD_CAST "1");
/* header */
node=xmlNewChild(root_node, NULL, BAD_CAST "header", NULL);
xmlNewProp(node, BAD_CAST "authenticate", BAD_CAST "true");
xmlNewChild(node, NULL, BAD_CAST "static", NULL);
xmlNewChild(node, NULL, BAD_CAST "mutable", NULL);
/* body */
node=xmlNewChild(root_node, NULL, BAD_CAST "body", NULL);
/* fill */
s=EBC_User_GetPeerId(u);
if (s)
EB_Msg_SetCharValue(msg, "header/static/HostID", s);
s=AB_User_GetCustomerId(u);
if (s)
EB_Msg_SetCharValue(msg, "header/static/PartnerID", s);
EB_Msg_SetCharValue(msg, "header/static/UserID",
AB_User_GetUserId(u));
EB_Msg_SetCharValue(msg, "header/static/OrderDetails/OrderType", "HIA");
tbuf=GWEN_Buffer_new(0, 16, 0, 1);
rv=EBC_Provider_Generate_OrderId(pro, tbuf);
if (rv<0) {
DBG_ERROR(AQEBICS_LOGDOMAIN, "Error exchanging messages (%d)", rv);
GWEN_Buffer_free(tbuf);
GWEN_Buffer_free(mbuf);
EB_Msg_free(msg);
return rv;
}
EB_Msg_SetCharValue(msg, "header/static/OrderDetails/OrderID",
GWEN_Buffer_GetStart(tbuf));
GWEN_Buffer_free(tbuf);
EB_Msg_SetCharValue(msg,
"header/static/OrderDetails/OrderAttribute",
"DZNNN");
EB_Msg_SetCharValue(msg, "header/static/SecurityMedium", "0200");
EB_Msg_SetCharValue(msg, "body/DataTransfer/OrderData",
GWEN_Buffer_GetStart(mbuf));
GWEN_Buffer_free(mbuf);
/* exchange requests */
rv=EBC_Dialog_ExchangeMessages(sess, msg, &mRsp);
if (rv<0 || rv>=300) {
DBG_ERROR(AQEBICS_LOGDOMAIN, "Error exchanging messages (%d)", rv);
EB_Msg_free(msg);
return rv;
}
EB_Msg_free(msg);
/* check response */
assert(mRsp);
/* log results */
EBC_Provider_LogRequestResults(pro, mRsp, NULL);
rc=EB_Msg_GetResultCode(mRsp);
if ((rc & 0xff0000)==0x090000 ||
(rc & 0xff0000)==0x060000) {
DBG_ERROR(AQEBICS_LOGDOMAIN, "Error response: (%06x)", rc);
EB_Msg_free(mRsp);
return AB_ERROR_SECURITY;
}
rc=EB_Msg_GetBodyResultCode(mRsp);
if (rc) {
if ((rc & 0xff0000)==0x090000 ||
(rc & 0xff0000)==0x060000) {
DBG_ERROR(AQEBICS_LOGDOMAIN, "Error response: (%06x)", rc);
EB_Msg_free(mRsp);
if ((rc & 0xfff00)==0x091300 ||
(rc & 0xfff00)==0x091200)
return AB_ERROR_SECURITY;
else
return GWEN_ERROR_GENERIC;
}
}
EB_Msg_free(mRsp);
/* adjust user status and flags */
DBG_NOTICE(AQEBICS_LOGDOMAIN, "Adjusting user flags");
EBC_User_AddFlags(u, EBC_USER_FLAGS_HIA);
if ((EBC_User_GetFlags(u) & (EBC_USER_FLAGS_INI | EBC_USER_FLAGS_HIA))
==
(EBC_USER_FLAGS_INI | EBC_USER_FLAGS_HIA))
EBC_User_SetStatus(u, EBC_UserStatus_Init2);
else
EBC_User_SetStatus(u, EBC_UserStatus_Init1);
return 0;
}
int EBC_Provider_XchgPubRequest_H002(AB_PROVIDER *pro,
GWEN_HTTP_SESSION *sess,
AB_USER *u,
const char *signVersion) {
EBC_PROVIDER *dp;
int rv;
const char *userId;
const char *partnerId;
GWEN_BUFFER *bufKey;
GWEN_CRYPT_TOKEN *ct;
const GWEN_CRYPT_TOKEN_CONTEXT *ctx;
uint32_t kid;
const GWEN_CRYPT_TOKEN_KEYINFO *signKeyInfo=NULL;
assert(pro);
dp=GWEN_INHERIT_GETDATA(AB_PROVIDER, EBC_PROVIDER, pro);
assert(dp);
userId=AB_User_GetUserId(u);
partnerId=AB_User_GetCustomerId(u);
/* get crypt token and context */
rv=EBC_Provider_MountToken(pro, u, &ct, &ctx);
if (rv<0) {
DBG_INFO(AQEBICS_LOGDOMAIN, "here (%d)", rv);
return rv;
}
/* get crypt key info */
kid=GWEN_Crypt_Token_Context_GetTempSignKeyId(ctx);
if (kid) {
signKeyInfo=GWEN_Crypt_Token_GetKeyInfo(ct, kid,
GWEN_CRYPT_TOKEN_KEYFLAGS_HASMODULUS |
GWEN_CRYPT_TOKEN_KEYFLAGS_HASEXPONENT |
GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYVERSION |
GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYNUMBER,
0);
if (signKeyInfo==NULL) {
DBG_ERROR(AQEBICS_LOGDOMAIN, "Sign key info not found on crypt token");
GWEN_Gui_ProgressLog(0,
GWEN_LoggerLevel_Error,
I18N("Sign key info not found on crypt token"));
return GWEN_ERROR_NOT_FOUND;
}
}
if (strcasecmp(signVersion, "A004")==0) {
EB_RC rc;
/* encode according to "DFUE-Abkommen" */
bufKey=GWEN_Buffer_new(0, 512, 0, 1);
rc=EB_Key_Info_toBin(signKeyInfo, userId, "A004", 1024, bufKey);
if (rc) {
DBG_ERROR(AQEBICS_LOGDOMAIN, "Error writing key (rc=%06x)", rc);
GWEN_Buffer_free(bufKey);
return GWEN_ERROR_GENERIC;
}
}
else {
xmlDocPtr doc;
xmlNodePtr root_node = NULL;
xmlNodePtr node = NULL;
xmlNsPtr ns;
/* create INIRequestOrderData */
doc=xmlNewDoc(BAD_CAST "1.0");
doc->encoding=xmlCharStrdup("UTF-8");
root_node=xmlNewNode(NULL, BAD_CAST "PUBRequestOrderData");
xmlDocSetRootElement(doc, root_node);
ns=xmlNewNs(root_node,
BAD_CAST "http://www.ebics.org/H002",
NULL);
assert(ns);
ns=xmlNewNs(root_node,
BAD_CAST "http://www.w3.org/2000/09/xmldsig#",
BAD_CAST "ds");
assert(ns);
ns=xmlNewNs(root_node,
BAD_CAST "http://www.w3.org/2001/XMLSchema-instance",
BAD_CAST "xsi");
xmlNewNsProp(root_node,
ns,
BAD_CAST "schemaLocation", /* xsi:schemaLocation */
BAD_CAST "http://www.ebics.org/H002 "
"http://www.ebics.org/H002/ebics_orders.xsd");
/* create sign key tree */
node=xmlNewChild(root_node, NULL,
BAD_CAST "SignaturePubKeyInfo", NULL);
rv=EB_Key_Info_toXml(signKeyInfo, node);
if (rv<0) {
DBG_ERROR(AQEBICS_LOGDOMAIN, "Error response: (%d)", rv);
xmlFreeDoc(doc);
return GWEN_ERROR_INVALID;
}
xmlNewChild(node, NULL,
BAD_CAST "SignatureVersion",
BAD_CAST signVersion);
/* store partner id and user id */
node=xmlNewChild(root_node, NULL,
BAD_CAST "PartnerID",
BAD_CAST partnerId);
node=xmlNewChild(root_node, NULL,
BAD_CAST "UserID",
BAD_CAST userId);
/* compress and base64 doc */
bufKey=GWEN_Buffer_new(0, 4096, 0, 1);
rv=EB_Xml_Compress64Doc(doc, bufKey);
if (rv<0) {
DBG_ERROR(AQEBICS_LOGDOMAIN, "Error compressing/encoding doc (%d)", rv);
xmlFreeDoc(doc);
return rv;
}
xmlFreeDoc(doc);
}
rv=EBC_Provider_XchgUploadRequest(pro, sess, u, "PUB",
(const uint8_t*)GWEN_Buffer_GetStart(bufKey),
GWEN_Buffer_GetUsedBytes(bufKey));
if (rv<0) {
DBG_INFO(AQEBICS_LOGDOMAIN, "here (%d)", rv);
GWEN_Buffer_free(bufKey);
return rv;
}
GWEN_Buffer_free(bufKey);
return 0;
}
