gwenhywfar  4.6.0beta
cryptmgr.c
Go to the documentation of this file.
1 /***************************************************************************
2  begin : Mon Dec 01 2008
3  copyright : (C) 2008 by Martin Preuss
4  email : martin@libchipcard.de
5 
6  ***************************************************************************
7  * Please see toplevel file COPYING for license details *
8  ***************************************************************************/
9 
10 #ifdef HAVE_CONFIG_H
11 # include <config.h>
12 #endif
13 
14 #define DISABLE_DEBUGLOG
15 
16 
17 #include "cryptmgr_p.h"
18 #include "i18n_l.h"
19 #include <gwenhywfar/misc.h>
20 #include <gwenhywfar/debug.h>
21 #include <gwenhywfar/gwentime.h>
22 
23 #include <gwenhywfar/crypthead.h>
24 #include <gwenhywfar/sighead.h>
25 #include <gwenhywfar/sigtail.h>
26 #include <gwenhywfar/tag16.h>
27 #include <gwenhywfar/cryptkeysym.h>
28 #include <gwenhywfar/padd.h>
29 
30 
31 
32 
34 
35 
36 
38  GWEN_CRYPTMGR *cm;
39 
42 
43  return cm;
44 }
45 
46 
47 
49  if (cm) {
51  free(cm->localKeyName);
52  free(cm->peerKeyName);
53 
54  GWEN_FREE_OBJECT(cm);
55  }
56 }
57 
58 
59 
61  assert(cm);
62  return cm->localKeyName;
63 }
64 
65 
66 
67 void GWEN_CryptMgr_SetLocalKeyName(GWEN_CRYPTMGR *cm, const char *s) {
68  assert(cm);
69  free(cm->localKeyName);
70  if (s) cm->localKeyName=strdup(s);
71  else cm->localKeyName=NULL;
72 }
73 
74 
75 
77  assert(cm);
78  return cm->localKeyNumber;
79 }
80 
81 
82 
84  assert(cm);
85  cm->localKeyNumber=i;
86 }
87 
88 
89 
91  assert(cm);
92  return cm->localKeyVersion;
93 }
94 
95 
96 
98  assert(cm);
99  cm->localKeyVersion=i;
100 }
101 
102 
103 
105  assert(cm);
106  return cm->peerKeyName;
107 }
108 
109 
110 
111 void GWEN_CryptMgr_SetPeerKeyName(GWEN_CRYPTMGR *cm, const char *s) {
112  assert(cm);
113  free(cm->peerKeyName);
114  if (s) cm->peerKeyName=strdup(s);
115  else cm->peerKeyName=NULL;
116 }
117 
118 
119 
121  assert(cm);
122  return cm->peerKeyNumber;
123 }
124 
125 
126 
128  assert(cm);
129  cm->peerKeyNumber=i;
130 }
131 
132 
133 
135  assert(cm);
136  return cm->peerKeyVersion;
137 }
138 
139 
140 
142  assert(cm);
143  cm->peerKeyVersion=i;
144 }
145 
146 
147 
149  assert(cm);
150  return cm->cryptProfile;
151 }
152 
153 
154 
156  assert(cm);
157  cm->cryptProfile=i;
158 }
159 
160 
161 
163  assert(cm);
164  return cm->signatureProfile;
165 }
166 
167 
168 
170  assert(cm);
171  cm->signatureProfile=i;
172 }
173 
174 
175 
176 
177 
178 int GWEN_CryptMgr_SignData(GWEN_CRYPTMGR *cm, const uint8_t *pData, uint32_t lData, GWEN_BUFFER *dbuf) {
179  assert(cm);
180  if (cm->signDataFn)
181  return cm->signDataFn(cm, pData, lData, dbuf);
182  else
184 }
185 
186 
187 
188 int GWEN_CryptMgr_EncryptKey(GWEN_CRYPTMGR *cm, const uint8_t *pData, uint32_t lData, GWEN_BUFFER *dbuf) {
189  assert(cm);
190  if (cm->encryptKeyFn)
191  return cm->encryptKeyFn(cm, pData, lData, dbuf);
192  else
194 }
195 
196 
197 
199  const uint8_t *pData, uint32_t lData,
200  const uint8_t *pSignature, uint32_t lSignature) {
201  assert(cm);
202  if (cm->verifyDataFn)
203  return cm->verifyDataFn(cm, pData, lData, pSignature, lSignature);
204  else
206 }
207 
208 
209 
210 int GWEN_CryptMgr_DecryptKey(GWEN_CRYPTMGR *cm, const uint8_t *pData, uint32_t lData, GWEN_BUFFER *dbuf) {
211  assert(cm);
212  if (cm->decryptKeyFn)
213  return cm->decryptKeyFn(cm, pData, lData, dbuf);
214  else
216 }
217 
218 
219 
223 
224  assert(cm);
225  of=cm->signDataFn;
226  cm->signDataFn=f;
227  return of;
228 }
229 
230 
231 
235 
236  assert(cm);
237  of=cm->verifyDataFn;
238  cm->verifyDataFn=f;
239  return of;
240 }
241 
242 
243 
247 
248  assert(cm);
249  of=cm->encryptKeyFn;
250  cm->encryptKeyFn=f;
251  return of;
252 }
253 
254 
255 
259 
260  assert(cm);
261  of=cm->decryptKeyFn;
262  cm->decryptKeyFn=f;
263  return of;
264 }
265 
266 
267 
268 int GWEN_CryptMgr_Sign(GWEN_CRYPTMGR *cm, const uint8_t *pData, uint32_t lData, GWEN_BUFFER *dbuf) {
269  GWEN_SIGHEAD *sh;
270  GWEN_SIGTAIL *st;
271  GWEN_TIME *ti;
272  uint32_t pos;
273  uint32_t shPos;
274  uint8_t *p;
275  uint32_t l;
276  int rv;
277  GWEN_BUFFER *sigbuf;
278 
279  assert(cm);
281  pos=GWEN_Buffer_GetPos(dbuf);
282  GWEN_Buffer_AppendByte(dbuf, 0);
283  GWEN_Buffer_AppendByte(dbuf, 0);
284 
285  /* prepare signature head */
286  sh=GWEN_SigHead_new();
287  GWEN_SigHead_SetKeyName(sh, cm->localKeyName);
288  GWEN_SigHead_SetKeyNumber(sh, cm->localKeyNumber);
289  GWEN_SigHead_SetKeyVersion(sh, cm->localKeyVersion);
290  ti=GWEN_CurrentTime();
291  GWEN_SigHead_SetDateTime(sh, ti);
292  GWEN_Time_free(ti);
293  GWEN_SigHead_SetSignatureProfile(sh, cm->signatureProfile);
295 
296  /* write signature head to buffer */
297  shPos=GWEN_Buffer_GetPos(dbuf);
298  rv=GWEN_SigHead_toBuffer(sh, dbuf, GWEN_CRYPTMGR_TLV_SIGHEAD);
299  GWEN_SigHead_free(sh);
300  if (rv<0) {
301  DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
302  return rv;
303  }
304 
305  /* write data to buffer */
306  if (pData && lData)
307  GWEN_Tag16_DirectlyToBuffer(GWEN_CRYPTMGR_TLV_SIGDATA,
308  (const char*)pData,
309  lData,
310  dbuf);
311 
312  /* sign data: signature head TLV + data TLV */
313  sigbuf=GWEN_Buffer_new(0, 300, 0, 1);
314  p=((uint8_t*)GWEN_Buffer_GetStart(dbuf))+shPos;
315  l=GWEN_Buffer_GetPos(dbuf)-shPos;
316  rv=GWEN_CryptMgr_SignData(cm, p, l, sigbuf);
317  if (rv<0) {
318  DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
319  GWEN_Buffer_free(sigbuf);
320  return rv;
321  }
322 
323  /* create signature tail */
324  st=GWEN_SigTail_new();
326  (const uint8_t*)GWEN_Buffer_GetStart(sigbuf),
327  GWEN_Buffer_GetUsedBytes(sigbuf));
328  GWEN_Buffer_free(sigbuf);
330 
331  /* write signature tail */
332  rv=GWEN_SigTail_toBuffer(st, dbuf, GWEN_CRYPTMGR_TLV_SIGTAIL);
333  GWEN_SigTail_free(st);
334  if (rv<0) {
335  DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
336  return rv;
337  }
338 
339  /* write complete size */
340  l=GWEN_Buffer_GetPos(dbuf)-pos-2;
341  p=(uint8_t*)GWEN_Buffer_GetStart(dbuf)+pos;
342  *(p++)=l & 0xff;
343  *p=(l>>8) & 0xff;
344 
345  return 0;
346 }
347 
348 
349 
350 int GWEN_CryptMgr_Encrypt(GWEN_CRYPTMGR *cm, const uint8_t *pData, uint32_t lData, GWEN_BUFFER *dbuf) {
351  GWEN_CRYPTHEAD *ch;
352  uint32_t pos;
353  uint8_t *p;
354  uint32_t l;
355  int rv;
356  GWEN_BUFFER *cryptbuf;
357  GWEN_BUFFER *tbuf;
358  GWEN_CRYPT_KEY *mkey;
359 
360  assert(cm);
361 
362  /* generate a message key */
364  if (mkey==NULL) {
365  DBG_ERROR(GWEN_LOGDOMAIN, "Unable to generate BLOWFISH key");
366  return GWEN_ERROR_GENERIC;
367  }
368 
370  pos=GWEN_Buffer_GetPos(dbuf);
371  GWEN_Buffer_AppendByte(dbuf, 0);
372  GWEN_Buffer_AppendByte(dbuf, 0);
373 
374  /* prepare signature head */
375  ch=GWEN_CryptHead_new();
376  GWEN_CryptHead_SetKeyName(ch, cm->peerKeyName);
377  GWEN_CryptHead_SetKeyNumber(ch, cm->peerKeyNumber);
378  GWEN_CryptHead_SetKeyVersion(ch, cm->peerKeyVersion);
379  GWEN_CryptHead_SetCryptProfile(ch, cm->signatureProfile);
380 
381  /* encrypt key */
382  cryptbuf=GWEN_Buffer_new(0, lData+256, 0, 1);
386  cryptbuf);
387  if (rv<0) {
388  DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
389  GWEN_Buffer_free(cryptbuf);
391  GWEN_Crypt_Key_free(mkey);
392  return rv;
393  }
395  (const uint8_t*)GWEN_Buffer_GetStart(cryptbuf),
396  GWEN_Buffer_GetUsedBytes(cryptbuf));
397  GWEN_Buffer_free(cryptbuf);
398 
399  /* write crypt head to buffer */
400  rv=GWEN_CryptHead_toBuffer(ch, dbuf, GWEN_CRYPTMGR_TLV_CRYPTHEAD);
402  if (rv<0) {
403  DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
404  GWEN_Crypt_Key_free(mkey);
405  return rv;
406  }
407 
408  /* padd plain text data */
409  tbuf=GWEN_Buffer_new(0, lData+256, 0, 1);
410  GWEN_Buffer_AppendBytes(tbuf, (const char*)pData, lData);
412 
413  /* encrypt with message key */
414  cryptbuf=GWEN_Buffer_new(0, lData+256, 0, 1);
416  rv=GWEN_Crypt_Key_Encipher(mkey,
417  (const uint8_t*)GWEN_Buffer_GetStart(tbuf),
419  (uint8_t*)GWEN_Buffer_GetStart(cryptbuf),
420  &l);
421  GWEN_Buffer_free(tbuf);
422  if (rv<0) {
423  DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
424  GWEN_Buffer_free(cryptbuf);
425  GWEN_Crypt_Key_free(mkey);
426  return rv;
427  }
428  GWEN_Buffer_IncrementPos(cryptbuf, l);
429  GWEN_Buffer_AdjustUsedBytes(cryptbuf);
430 
431  /* write encrypted data */
432  GWEN_Tag16_DirectlyToBuffer(GWEN_CRYPTMGR_TLV_CRYPTDATA,
433  GWEN_Buffer_GetStart(cryptbuf),
434  GWEN_Buffer_GetUsedBytes(cryptbuf),
435  dbuf);
436  GWEN_Buffer_free(cryptbuf);
437  GWEN_Crypt_Key_free(mkey);
438 
439  /* write complete size */
440  l=GWEN_Buffer_GetPos(dbuf)-pos-2;
441  p=(uint8_t*)GWEN_Buffer_GetStart(dbuf)+pos;
442  *(p++)=l & 0xff;
443  *p=(l>>8) & 0xff;
444 
445  return 0;
446 }
447 
448 
449 
450 int GWEN_CryptMgr_Verify(GWEN_CRYPTMGR *cm, const uint8_t *pData, uint32_t lData, GWEN_BUFFER *dbuf) {
451  GWEN_TAG16 *tag;
452  const uint8_t *p;
453  uint32_t l;
454  GWEN_SIGHEAD *sh=NULL;
455  GWEN_SIGTAIL *st=NULL;
456  const uint8_t *pSignedData=NULL;
457  uint32_t lSignedData=0;
458  int rv;
459 
460  assert(cm);
461  if (lData<3) {
462  DBG_ERROR(GWEN_LOGDOMAIN, "Too few bytes");
463  return GWEN_ERROR_BAD_DATA;
464  }
465 
466  tag=GWEN_Tag16_fromBuffer2(pData, lData, 0);
467  if (tag==NULL) {
468  DBG_ERROR(GWEN_LOGDOMAIN, "Data doesn't contain a valid TLV");
469  return GWEN_ERROR_BAD_DATA;
470  }
471 
473  DBG_ERROR(GWEN_LOGDOMAIN, "Data does not contain asigned object");
474  GWEN_Tag16_free(tag);
475  return GWEN_ERROR_BAD_DATA;
476  }
477 
478  p=GWEN_Tag16_GetTagData(tag);
480 
481  /* read sighead */
482  if (l) {
483  GWEN_TAG16 *subtag;
484 
485  subtag=GWEN_Tag16_fromBuffer2(p, l, 0);
486  if (subtag) {
487  if (GWEN_Tag16_GetTagType(subtag)==GWEN_CRYPTMGR_TLV_SIGHEAD) {
489  GWEN_Tag16_GetTagLength(subtag));
490  if (sh) {
491  pSignedData=p;
492  lSignedData=GWEN_Tag16_GetTagSize(subtag);
493  }
494  }
495  p+=GWEN_Tag16_GetTagSize(subtag);
496  l-=GWEN_Tag16_GetTagSize(subtag);
497  GWEN_Tag16_free(subtag);
498  }
499  }
500 
501  /* read and store signed data */
502  if (l) {
503  GWEN_TAG16 *subtag;
504 
505  subtag=GWEN_Tag16_fromBuffer2(p, l, 0);
506  if (subtag) {
507  if (GWEN_Tag16_GetTagType(subtag)==GWEN_CRYPTMGR_TLV_SIGDATA) {
509  GWEN_Tag16_GetTagData(subtag),
510  GWEN_Tag16_GetTagLength(subtag));
511  if ((pSignedData+lSignedData)==p) {
512  lSignedData+=GWEN_Tag16_GetTagSize(subtag);
513  }
514  else {
515  DBG_ERROR(GWEN_LOGDOMAIN, "data TLV must follow sighead TLV");
516  GWEN_Tag16_free(subtag);
517  GWEN_SigHead_free(sh);
518  GWEN_Tag16_free(tag);
519  return GWEN_ERROR_BAD_DATA;
520  }
521  }
522  p+=GWEN_Tag16_GetTagSize(subtag);
523  l-=GWEN_Tag16_GetTagSize(subtag);
524  GWEN_Tag16_free(subtag);
525  }
526  }
527 
528  /* read sigtail (contains the signature) */
529  if (l) {
530  GWEN_TAG16 *subtag;
531 
532  subtag=GWEN_Tag16_fromBuffer2(p, l, 0);
533  if (subtag) {
534  if (GWEN_Tag16_GetTagType(subtag)==GWEN_CRYPTMGR_TLV_SIGTAIL) {
536  GWEN_Tag16_GetTagLength(subtag));
537  }
538  p+=GWEN_Tag16_GetTagSize(subtag);
539  l-=GWEN_Tag16_GetTagSize(subtag);
540  GWEN_Tag16_free(subtag);
541  }
542  }
543 
544  /* check for all needed components */
545  if (!(sh && st && pSignedData && lSignedData)) {
546  DBG_ERROR(GWEN_LOGDOMAIN, "Signed object is not complete");
547  GWEN_SigTail_free(st);
548  GWEN_SigHead_free(sh);
549  GWEN_Tag16_free(tag);
550  return GWEN_ERROR_BAD_DATA;
551  }
552 
554  DBG_ERROR(GWEN_LOGDOMAIN, "Sighead doesn't match sigtail");
555  GWEN_SigTail_free(st);
556  GWEN_SigHead_free(sh);
557  GWEN_Tag16_free(tag);
558  return GWEN_ERROR_BAD_DATA;
559  }
560 
561  /* store or check peer key info */
562  if (cm->peerKeyName==NULL) {
563  /* store peer info */
567  }
568  else {
569  const char *s;
570 
571  /* compare peer info with expected info */
573  if (!(cm->peerKeyName && s && (strcasecmp(cm->peerKeyName, s)==0) &&
574  (cm->peerKeyNumber==GWEN_SigHead_GetKeyNumber(sh)) &&
575  (cm->peerKeyVersion==GWEN_SigHead_GetKeyVersion(sh)))) {
576  DBG_ERROR(GWEN_LOGDOMAIN, "Unexpected peer key information in signature");
577  GWEN_SigTail_free(st);
578  GWEN_SigHead_free(sh);
579  GWEN_Tag16_free(tag);
580 
581  return GWEN_ERROR_BAD_DATA;
582  }
583  }
584 
585  /* verify signature */
587  pSignedData, lSignedData,
590  GWEN_SigTail_free(st);
591  GWEN_SigHead_free(sh);
592  GWEN_Tag16_free(tag);
593 
594  if (rv<0) {
595  DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
596  return rv;
597  }
598 
599  return 0;
600 }
601 
602 
603 
604 int GWEN_CryptMgr_Decrypt(GWEN_CRYPTMGR *cm, const uint8_t *pData, uint32_t lData, GWEN_BUFFER *dbuf) {
605  GWEN_TAG16 *tag;
606  const uint8_t *p;
607  uint32_t l;
608  GWEN_CRYPTHEAD *ch=NULL;
609  const uint8_t *pEncryptedData=NULL;
610  uint32_t lEncryptedData=0;
611  int rv;
612  GWEN_BUFFER *tbuf;
613  GWEN_CRYPT_KEY *mkey;
614 
615  assert(cm);
616  if (lData<3) {
617  DBG_ERROR(GWEN_LOGDOMAIN, "Too few bytes");
618  return GWEN_ERROR_BAD_DATA;
619  }
620 
621  tag=GWEN_Tag16_fromBuffer2(pData, lData, 0);
622  if (tag==NULL) {
623  DBG_ERROR(GWEN_LOGDOMAIN, "Data doesn't contain a valid TLV");
624  return GWEN_ERROR_BAD_DATA;
625  }
626 
628  DBG_ERROR(GWEN_LOGDOMAIN, "Data does not contain an encrypted object");
629  GWEN_Tag16_free(tag);
630  return GWEN_ERROR_BAD_DATA;
631  }
632 
633  p=GWEN_Tag16_GetTagData(tag);
635 
636  /* read crypthead */
637  if (l) {
638  GWEN_TAG16 *subtag;
639 
640  subtag=GWEN_Tag16_fromBuffer2(p, l, 0);
641  if (subtag) {
642  if (GWEN_Tag16_GetTagType(subtag)==GWEN_CRYPTMGR_TLV_CRYPTHEAD) {
644  GWEN_Tag16_GetTagLength(subtag));
645  }
646  p+=GWEN_Tag16_GetTagSize(subtag);
647  l-=GWEN_Tag16_GetTagSize(subtag);
648  GWEN_Tag16_free(subtag);
649  }
650  }
651 
652  /* read encrypted data */
653  if (l) {
654  GWEN_TAG16 *subtag;
655 
656  subtag=GWEN_Tag16_fromBuffer2(p, l, 0);
657  if (subtag) {
658  if (GWEN_Tag16_GetTagType(subtag)==GWEN_CRYPTMGR_TLV_CRYPTDATA) {
659  pEncryptedData=GWEN_Tag16_GetTagData(subtag);
660  lEncryptedData=GWEN_Tag16_GetTagLength(subtag);
661  }
662  p+=GWEN_Tag16_GetTagSize(subtag);
663  l-=GWEN_Tag16_GetTagSize(subtag);
664  GWEN_Tag16_free(subtag);
665  }
666  }
667 
668  /* check for all needed components */
669  if (!(ch && pEncryptedData && lEncryptedData)) {
670  DBG_ERROR(GWEN_LOGDOMAIN, "Encrypted object is not complete");
672  GWEN_Tag16_free(tag);
673  return GWEN_ERROR_BAD_DATA;
674  }
675 
676  /* store or check peer key info */
677  if (cm->localKeyName) {
678  const char *s;
679 
680  /* compare peer info with expected info */
682  if (!(cm->localKeyName && s && (strcasecmp(cm->localKeyName, s)==0) &&
683  (cm->localKeyNumber==GWEN_CryptHead_GetKeyNumber(ch)) &&
684  (cm->localKeyVersion==GWEN_CryptHead_GetKeyVersion(ch)))) {
685  DBG_ERROR(GWEN_LOGDOMAIN, "Unexpected local key information in signature");
687  GWEN_Tag16_free(tag);
688 
689  return GWEN_ERROR_BAD_DATA;
690  }
691  }
692 
693  /* decrypt message key */
694  tbuf=GWEN_Buffer_new(0, GWEN_CryptHead_GetKeyLen(ch), 0, 1);
698  tbuf);
700  if (rv<0) {
701  DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
702  GWEN_Buffer_free(tbuf);
703  GWEN_Tag16_free(tag);
704  return rv;
705  }
706 
707  /* create message key */
709  256/8,
710  (const uint8_t*) GWEN_Buffer_GetStart(tbuf),
712  GWEN_Buffer_free(tbuf);
713  if (mkey==NULL) {
714  DBG_ERROR(GWEN_LOGDOMAIN, "Unable to create BLOWFISH key from received data");
715  GWEN_Tag16_free(tag);
716  return GWEN_ERROR_BAD_DATA;
717  }
718 
719 
720  /* decrypt data with message key */
721  tbuf=GWEN_Buffer_new(0, lEncryptedData+256, 0, 1);
723  rv=GWEN_Crypt_Key_Decipher(mkey,
724  pEncryptedData, lEncryptedData,
725  (uint8_t*)GWEN_Buffer_GetStart(tbuf),
726  &l);
727  if (rv<0) {
728  DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
729  GWEN_Buffer_free(tbuf);
730  GWEN_Crypt_Key_free(mkey);
731  GWEN_Tag16_free(tag);
732  return rv;
733  }
734  GWEN_Buffer_IncrementPos(tbuf, l);
736 
737  /* unpadd data */
739  if (rv<0) {
740  DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
741  GWEN_Buffer_free(tbuf);
742  GWEN_Crypt_Key_free(mkey);
743  GWEN_Tag16_free(tag);
744  return rv;
745  }
746 
747  /* store data */
748  GWEN_Buffer_AppendBuffer(dbuf, tbuf);
749 
750  GWEN_Buffer_free(tbuf);
751  GWEN_Crypt_Key_free(mkey);
752  GWEN_Tag16_free(tag);
753 
754  return 0;
755 }
756 
757 
758 
759 int GWEN_CryptMgr_Encode(GWEN_CRYPTMGR *cm, const uint8_t *pData, uint32_t lData, GWEN_BUFFER *dbuf) {
760  GWEN_BUFFER *tbuf;
761  int rv;
762 
763  tbuf=GWEN_Buffer_new(0, lData, 0, 1);
764 
765  /* create signed object */
766  DBG_INFO(GWEN_LOGDOMAIN, "Signing data");
767  rv=GWEN_CryptMgr_Sign(cm, pData, lData, tbuf);
768  if (rv<0) {
769  DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
770  GWEN_Buffer_free(tbuf);
771  return rv;
772  }
773 
774  /* create encrypted object (containing a signed object in this case) */
775  DBG_INFO(GWEN_LOGDOMAIN, "Encrypting data");
776  rv=GWEN_CryptMgr_Encrypt(cm,
777  (const uint8_t*)GWEN_Buffer_GetStart(tbuf),
779  dbuf);
780  GWEN_Buffer_free(tbuf);
781  if (rv<0) {
782  DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
783  return rv;
784  }
785 
786  return 0;
787 }
788 
789 
790 
791 int GWEN_CryptMgr_Decode(GWEN_CRYPTMGR *cm, const uint8_t *pData, uint32_t lData, GWEN_BUFFER *dbuf) {
792  GWEN_BUFFER *tbuf;
793  int rv;
794 
795  tbuf=GWEN_Buffer_new(0, lData, 0, 1);
796 
797  /* decrypt encrypted object */
798  DBG_INFO(GWEN_LOGDOMAIN, "Decrypting data");
799  rv=GWEN_CryptMgr_Decrypt(cm, pData, lData, tbuf);
800  if (rv<0) {
801  DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
802  GWEN_Buffer_free(tbuf);
803  return rv;
804  }
805 
806  /* verify signature, copy signed data to dbuf in the process */
807  DBG_INFO(GWEN_LOGDOMAIN, "Verifying data");
808  rv=GWEN_CryptMgr_Verify(cm,
809  (const uint8_t*)GWEN_Buffer_GetStart(tbuf),
811  dbuf);
812  GWEN_Buffer_free(tbuf);
813  if (rv<0) {
814  DBG_INFO(GWEN_LOGDOMAIN, "here (%d)", rv);
815  return rv;
816  }
817 
818  return 0;
819 }
820 
821 
822 
823 
824