14 #define DISABLE_DEBUGLOG
19 #include <gwenhywfar/ctf_context_be.h>
20 #include <gwenhywfar/misc.h>
21 #include <gwenhywfar/debug.h>
22 #include <gwenhywfar/padd.h>
23 #include <gwenhywfar/cryptkeyrsa.h>
24 #include <gwenhywfar/text.h>
26 #include <sys/types.h>
44 GWEN_CRYPT_TOKEN_FILE *lct;
54 DBG_ERROR(
GWEN_LOGDOMAIN,
"No name of the crypt token set - maybe you need to set the key file as token name? Cannot lock token.");
72 "Keyfile [%s] locked.",
84 S_IRUSR|S_IWUSR | lct->keyfile_mode);
88 struct stat statbuffer;
93 statbuffer.st_mode & (S_IRWXU
109 "Keyfile [%s] unlocked.",
132 "Keyfile [%s] unlocked.",
145 GWEN_CRYPT_TOKEN_FILE *lct;
159 if (close(lct->fd)) {
167 "Keyfile [%s] unlocked.",
181 "Keyfile [%s] unlocked.",
194 if (st.st_mode & 0007) {
196 "WARNING: Your keyfile \"%s\" is accessible by every user on your computer!\n"
197 "Nobody but you should have access to the file. You \n"
198 "should probably change this with \"chmod 600 %s\"",
202 "WARNING: Your keyfile is accessible ny every user on your computer!\n"
203 "Nobody but you should have access to the file.");
206 lct->mtime=st.st_mtime;
207 lct->ctime=st.st_ctime;
215 GWEN_CRYPT_TOKEN_FILE *lct;
222 if (lseek(lct->fd, 0, SEEK_SET)==-1) {
228 return lct->readFn(ct, lct->fd, gid);
234 GWEN_CRYPT_TOKEN_FILE *lct;
240 if (lct->writeFn==0) {
242 "No write function in crypt token type \"%s\"",
247 if (lseek(lct->fd, 0, SEEK_SET)==-1) {
253 return lct->writeFn(ct, lct->fd, cr, gid);
259 GWEN_CRYPT_TOKEN_FILE *lct;
267 GWEN_Crypt_Token_Context_List_Clear(lct->contextList);
273 "Could not open keyfile for reading (%d)", rv);
298 GWEN_CRYPT_TOKEN_FILE *lct;
309 "Could not open keyfile for writing (%d)", rv);
334 GWEN_CRYPT_TOKEN_FILE *lct;
348 if (lct->mtime!=st.st_mtime ||
349 lct->ctime!=st.st_ctime) {
354 "Keyfile changed externally, reloading it");
371 GWEN_CRYPT_TOKEN_FILE *lct;
379 GWEN_Crypt_Token_Context_List_Add(ctx, lct->contextList);
385 GWEN_CRYPT_TOKEN_FILE *lct;
392 ctx=GWEN_Crypt_Token_Context_List_First(lct->contextList);
396 ctx=GWEN_Crypt_Token_Context_List_Next(ctx);
407 GWEN_CRYPT_TOKEN_FILE *lct;
424 GWEN_CRYPT_TOKEN_FILE *lct;
440 GWEN_CRYPT_TOKEN_FILE *lct;
465 "Keyfile \"%s\" already exists, will not create it",
473 O_RDWR | O_CREAT | O_EXCL
503 GWEN_CRYPT_TOKEN_FILE *lct;
522 GWEN_CRYPT_TOKEN_FILE *lct;
535 GWEN_Crypt_Token_Context_List_Clear(lct->contextList);
549 GWEN_CRYPT_TOKEN_FILE *lct;
567 ctx=GWEN_Crypt_Token_Context_List_First(lct->contextList);
570 ctx=GWEN_Crypt_Token_Context_List_Next(ctx);
586 ctx=GWEN_Crypt_Token_Context_List_First(lct->contextList);
591 *(pIdList++)=(i<<16)+j;
593 ctx=GWEN_Crypt_Token_Context_List_Next(ctx);
607 GWEN_CRYPT_TOKEN_FILE *lct;
625 ctx=GWEN_Crypt_Token_Context_List_First(lct->contextList);
629 ctx=GWEN_Crypt_Token_Context_List_Next(ctx);
638 switch(
id & 0xffff) {
667 GWEN_CRYPT_TOKEN_FILE *lct;
689 ctx=GWEN_Crypt_Token_Context_List_First(lct->contextList);
693 ctx=GWEN_Crypt_Token_Context_List_Next(ctx);
704 switch(
id & 0xffff) {
756 switch(
id & 0xffff) {
768 "Can't set modulus and exponent for private key");
773 I18N(
"Public key replaced"));
777 if (flags & GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYNUMBER)
779 if (flags & GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYVERSION)
788 I18N(
"Unable to write key file"));
793 I18N(
"Key file saved"));
805 GWEN_CRYPT_TOKEN_FILE *lct;
828 ctx=GWEN_Crypt_Token_Context_List_First(lct->contextList);
832 ctx=GWEN_Crypt_Token_Context_List_Next(ctx);
841 switch(
id & 0xffff) {
887 if (flags & GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYVERSION) {
903 if (flags & GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYNUMBER) {
913 if ((flags & GWEN_CRYPT_TOKEN_KEYFLAGS_HASMODULUS) &&
914 (flags & GWEN_CRYPT_TOKEN_KEYFLAGS_HASEXPONENT) &&
937 if (nflags & GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYNUMBER)
939 if (nflags & GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYVERSION)
943 switch(
id & 0xffff) {
955 "Can't set modulus and exponent for private key");
960 I18N(
"Public key replaced"));
964 if (flags & GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYNUMBER)
966 if (flags & GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYVERSION)
977 I18N(
"Unable to write key file"));
982 I18N(
"Key file saved"));
991 GWEN_CRYPT_TOKEN_FILE *lct;
1016 ctx=GWEN_Crypt_Token_Context_List_First(lct->contextList);
1020 ctx=GWEN_Crypt_Token_Context_List_Next(ctx);
1043 I18N(
"Invalid key id %02x"),
id);
1049 I18N(
"No key info found"));
1089 GWEN_CRYPT_TOKEN_KEYFLAGS_HASMODULUS |
1090 GWEN_CRYPT_TOKEN_KEYFLAGS_HASEXPONENT |
1091 GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYNUMBER |
1092 GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYVERSION |
1100 else if (keyNum==6) {
1107 GWEN_CRYPT_TOKEN_KEYFLAGS_HASMODULUS |
1108 GWEN_CRYPT_TOKEN_KEYFLAGS_HASEXPONENT |
1109 GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYNUMBER |
1110 GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYVERSION |
1123 I18N(
"Unable to write key file"));
1128 I18N(
"Key file saved"));
1140 GWEN_CRYPT_TOKEN_FILE *lct;
1158 ctx=GWEN_Crypt_Token_Context_List_First(lct->contextList);
1161 ctx=GWEN_Crypt_Token_Context_List_Next(ctx);
1177 ctx=GWEN_Crypt_Token_Context_List_First(lct->contextList);
1180 ctx=GWEN_Crypt_Token_Context_List_Next(ctx);
1193 GWEN_CRYPT_TOKEN_FILE *lct;
1213 ctx=GWEN_Crypt_Token_Context_List_First(lct->contextList);
1217 ctx=GWEN_Crypt_Token_Context_List_Next(ctx);
1235 GWEN_CRYPT_TOKEN_FILE *lct;
1256 ctx=GWEN_Crypt_Token_Context_List_First(lct->contextList);
1260 ctx=GWEN_Crypt_Token_Context_List_Next(ctx);
1289 GWEN_CRYPT_TOKEN_FILE *lct;
1306 ctx=GWEN_Crypt_Token_Context_List_First(lct->contextList);
1310 ctx=GWEN_Crypt_Token_Context_List_Next(ctx);
1319 switch(
id & 0xffff) {
1338 const uint8_t *pInData,
1340 uint8_t *pSignatureData,
1341 uint32_t *pSignatureLen,
1342 uint32_t *pSeqCounter,
1344 GWEN_CRYPT_TOKEN_FILE *lct;
1369 ctx=GWEN_Crypt_Token_Context_List_First(lct->contextList);
1379 ctx=GWEN_Crypt_Token_Context_List_Next(ctx);
1389 keyNum=keyId & 0xffff;
1390 if (keyNum!=1 && keyNum!=5) {
1405 if (aid==GWEN_Crypt_PaddAlgoId_Pkcs1_Pss_Sha256) {
1408 const uint8_t *modPtr;
1412 switch(keyId & 0xffff) {
1428 while(modLen && *modPtr==0) {
1438 for (i=0; i<8; i++) {
1499 switch(keyId & 0xffff) {
1533 const uint8_t *pInData,
1535 const uint8_t *pSignatureData,
1536 uint32_t signatureLen,
1537 uint32_t seqCounter,
1539 GWEN_CRYPT_TOKEN_FILE *lct;
1564 ctx=GWEN_Crypt_Token_Context_List_First(lct->contextList);
1568 ctx=GWEN_Crypt_Token_Context_List_Next(ctx);
1578 keyNum=keyId & 0xffff;
1579 if (keyNum!=1 && keyNum!=3 && keyNum!=6) {
1591 if (aid==GWEN_Crypt_PaddAlgoId_Iso9796_2 ||
1592 aid==GWEN_Crypt_PaddAlgoId_Pkcs1_2 ||
1593 aid==GWEN_Crypt_PaddAlgoId_Pkcs1_Pss_Sha256) {
1602 pSignatureData, signatureLen,
1613 if (aid==GWEN_Crypt_PaddAlgoId_Pkcs1_Pss_Sha256) {
1616 const uint8_t *modPtr;
1634 while(modLen && *modPtr==0) {
1644 for (i=0; i<8; i++) {
1734 if (seq>=seqCounter) {
1762 const uint8_t *pInData,
1767 GWEN_CRYPT_TOKEN_FILE *lct;
1790 ctx=GWEN_Crypt_Token_Context_List_First(lct->contextList);
1794 ctx=GWEN_Crypt_Token_Context_List_Next(ctx);
1804 keyNum=keyId & 0xffff;
1805 if (keyNum!=2 && keyNum!=4) {
1851 const uint8_t *pInData,
1856 GWEN_CRYPT_TOKEN_FILE *lct;
1880 ctx=GWEN_Crypt_Token_Context_List_First(lct->contextList);
1884 ctx=GWEN_Crypt_Token_Context_List_Next(ctx);
1894 keyNum=keyId & 0xffff;
1895 if (keyNum!=2 && keyNum!=4) {
1950 GWEN_CRYPT_TOKEN_FILE *lct;
1974 keyNum=keyId & 0xffff;
1977 if (keyNum!=1 && keyNum!=2 && keyNum!=5 && keyNum!=7) {
1980 I18N(
"Can only generate local keys."));
1988 I18N(
"Only RSA keys supported."));
1994 ctx=GWEN_Crypt_Token_Context_List_First(lct->contextList);
1998 ctx=GWEN_Crypt_Token_Context_List_Next(ctx);
2024 I18N(
"Could not generate key"));
2029 I18N(
"Key generated"));
2045 I18N(
"No key info found"));
2084 GWEN_CRYPT_TOKEN_KEYFLAGS_HASMODULUS |
2085 GWEN_CRYPT_TOKEN_KEYFLAGS_HASEXPONENT |
2086 GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYNUMBER |
2087 GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYVERSION |
2095 else if (keyNum==2) {
2098 GWEN_CRYPT_TOKEN_KEYFLAGS_HASMODULUS |
2099 GWEN_CRYPT_TOKEN_KEYFLAGS_HASEXPONENT |
2100 GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYNUMBER |
2101 GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYVERSION |
2108 else if (keyNum==5) {
2115 GWEN_CRYPT_TOKEN_KEYFLAGS_HASMODULUS |
2116 GWEN_CRYPT_TOKEN_KEYFLAGS_HASEXPONENT |
2117 GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYNUMBER |
2118 GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYVERSION |
2126 else if (keyNum==7) {
2133 GWEN_CRYPT_TOKEN_KEYFLAGS_HASMODULUS |
2134 GWEN_CRYPT_TOKEN_KEYFLAGS_HASEXPONENT |
2135 GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYNUMBER |
2136 GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYVERSION |
2152 I18N(
"Unable to write key file"));
2157 I18N(
"Key generated and set"));
2169 GWEN_CRYPT_TOKEN_FILE *lct;
2171 lct=(GWEN_CRYPT_TOKEN_FILE*) p;
2172 GWEN_Crypt_Token_Context_List_free(lct->contextList);
2180 const char *tokenName) {
2182 GWEN_CRYPT_TOKEN_FILE *lct;
2188 lct->contextList=GWEN_Crypt_Token_Context_List_new();