Ejemplo n.º 1
0
	PGPError
PGPX509CertToExport(
	PGPContextRef	context,
	PGPKeyRef		keyCert,
	PGPSigRef		sigCert,
	PGPUInt32*		puX509Alg,
	PGPByte*		pexpkeyidX509,
	PGPByte**		ppIASNX509,
	PGPUInt32*		puX509IASNLength )
{
	PGPError		err		= kPGPError_NoErr;
	PGPSize			size;
	PGPKeyID		keyid;

	PGPValidatePtr (puX509Alg);
	PGPValidatePtr (pexpkeyidX509);
	PGPValidatePtr (ppIASNX509);
	PGPValidatePtr (puX509IASNLength);

	*puX509Alg = kPGPPublicKeyAlgorithm_Invalid;
	*ppIASNX509 = NULL;
	*puX509IASNLength = 0;

	if (PGPKeyRefIsValid (keyCert))
	{
		err = PGPGetKeyNumber (keyCert, 
						kPGPKeyPropAlgID,
						(PGPInt32 *)puX509Alg); CKERR;

		err = PGPGetKeyIDFromKey (keyCert, &keyid); CKERR;
		err = PGPExportKeyID (&keyid, pexpkeyidX509, &size); CKERR;

		PGPGetSigPropertyBuffer (sigCert, 
					kPGPSigPropX509IASN, 0, NULL,
					(PGPSize *)puX509IASNLength);
		if (*puX509IASNLength > 0)
		{
			*ppIASNX509 = (PGPByte *)PGPNewData (
						PGPGetContextMemoryMgr (context),
						*puX509IASNLength,
						kPGPMemoryMgrFlags_Clear );

			if (*ppIASNX509)
			{
				PGPGetSigPropertyBuffer (sigCert, 
						kPGPSigPropX509IASN, *puX509IASNLength, 
						*ppIASNX509, &size);
			}
		}
	}

done:
	return err;
}
Ejemplo n.º 2
0
	static PGPError
sAddAllKeysToGroup(
	PGPGroupSetRef	set,
	PGPGroupID		id,
	PGPKeySetRef	keySet )
{
	PGPError		err	= kPGPError_NoErr;
	PGPKeyListRef	keyList;
	
	err = PGPOrderKeySet( keySet, kPGPAnyOrdering, &keyList );
	if( IsntPGPError( err ) )
	{
		PGPKeyIterRef	iter;
		
		err = PGPNewKeyIter( keyList, &iter );
		if( IsntPGPError( err ) )
		{
			PGPKeyRef		key;
			
			while( IsntPGPError( err = PGPKeyIterNext( iter, &key ) ) )
			{
				PGPKeyID	keyID;
				
				err	= PGPGetKeyIDFromKey( key, &keyID );
				if ( IsntPGPError( err ) )
				{
					PGPGroupItem	item;
					PGPInt32		algorithm;
					
					item.type				= kPGPGroupItem_KeyID;
					item.u.key.keyID		= keyID;
					PGPGetKeyNumber( key, kPGPKeyPropAlgID, &algorithm);
					item.u.key.algorithm	= (PGPPublicKeyAlgorithm) algorithm;
						
					err	= PGPAddItemToGroup( set, &item, id);
					
					if ( IsPGPError( err ) )
						break;
				}
			}
			
			if( err == kPGPError_EndOfIteration )
				err = kPGPError_NoErr;
				
			(void) PGPFreeKeyIter( iter );
		}
		(void) PGPFreeKeyList( keyList );
	}
	return( err );
}
Ejemplo n.º 3
0
PGPError printSignatureChains(struct pgpmainBones *mainbPtr,
        PGPKeySetRef bothRingsSet,
        PGPFilterRef depthFilter)
{
    struct pgpfileBones *filebPtr = mainbPtr->filebPtr;
    PGPKeyListRef depthList;
    PGPKeySetRef depthSet;
    PGPKeyRef key;
    PGPKeyIterRef keyiter;
    PGPKeyID keyID;
    PGPUserValue traceValue;

    PGPError err;
    char useridstr[ kPGPMaxUserIDSize ];
    char nulluseridstr[kPGPMaxUserIDSize];

    nulluseridstr[0] = '\0';

    err = PGPFilterKeySet( bothRingsSet, depthFilter, &depthSet);
    pgpAssertNoErr(err);

    err = PGPOrderKeySet(depthSet, kPGPAnyOrdering, &depthList);
    pgpAssertNoErr(err);
    err = PGPNewKeyIter( depthList, &keyiter );
    pgpAssertNoErr(err);
    err = PGPKeyIterRewind( keyiter );
    pgpAssertNoErr(err);
    err = PGPKeyIterNext( keyiter, &key );

    while (key != NULL) {
        err =  pgpGetUserIDStringFromKey( key, useridstr );
        pgpAssertNoErr(err);
        fprintf(filebPtr->pgpout, LANG("* %s\n"), useridstr);

        err = PGPGetKeyIDFromKey( key, &keyID);
        pgpAssertNoErr(err);

        traceValue = (PGPUserValue)( VISITED_MASK | 0 );
        err = PGPSetKeyUserVal(key, traceValue);
        pgpAssertNoErr(err);

        err = printNextSignatureChainLink(mainbPtr, bothRingsSet, key, 0, 1);
        pgpAssertNoErr(err);
        err = PGPKeyIterNext( keyiter, &key );
    }
    return 0;

} /* printSignatureChains */
Ejemplo n.º 4
0
BOOL 
KMSplitDropKeys (
		PSPLITKEYSTRUCT psks, 
		HANDLE	hMem) 
{
	PGPKeySetRef			keyset		= NULL;
	PGPKeyListRef			keylist		= NULL;
	PGPKeyIterRef			keyiter		= NULL;
	LPSTR					pMem		= NULL;

	PGPError				err;
	PGPKeyRef				key;
	PGPKeyID				keyid;
	BOOL					bKeys;
	PGPBoolean				bKeyIsUsable;
	size_t					sLen;
	PSHAREHOLDERSTRUCT		pshs;
	PGPPublicKeyAlgorithm	alg;

	bKeys = FALSE;

	if (hMem) {
		pMem = GlobalLock (hMem);
		if (pMem) {

			sLen = lstrlen (pMem);
			err = PGPImportKeySet (psks->pKM->Context, &keyset, 
							PGPOInputBuffer (psks->pKM->Context, pMem, sLen),
							PGPOLastOption (psks->pKM->Context));
			if (IsPGPError (err)) goto SplitDropCleanup;

			err = PGPOrderKeySet (keyset, kPGPAnyOrdering, &keylist);
			if (IsPGPError (err)) goto SplitDropCleanup;

			err = PGPNewKeyIter (keylist, &keyiter);
			if (IsPGPError (err)) goto SplitDropCleanup;

			PGPKeyIterNext (keyiter, &key);

			while (key) {
				bKeyIsUsable = FALSE;
				PGPGetKeyNumber (key, kPGPKeyPropAlgID, &alg);
				PGPGetKeyIDFromKey (key, &keyid);
				
				// key must either not be RSA or RSA ops must be enabled
				PGPGetKeyBoolean (key, kPGPKeyPropCanEncrypt, &bKeyIsUsable);

				// key must not be the same one that is being split
				if (alg == psks->keyalgToSplit) {
					if (PGPCompareKeyIDs (&keyid, &(psks->keyidToSplit))==0)
						bKeyIsUsable = FALSE;
				}

				// key must not already be in list
				if (sIsKeyIDAlreadyInList (&keyid, alg, psks))
					bKeyIsUsable = FALSE;

				if (bKeyIsUsable) {

					bKeys = TRUE;
					pshs = KMAlloc (sizeof(SHAREHOLDERSTRUCT));
					if (pshs) {
						PGPSize		size;

						pshs->bPublicKey = TRUE;
						pshs->pszPassphrase = NULL;
						pshs->uShares = 1;

						PGPGetPrimaryUserIDNameBuffer (key, 
							sizeof(pshs->szUserID), pshs->szUserID, &size);
						PGPGetKeyIDFromKey (key, &(pshs->keyid));
						PGPGetKeyNumber (key, 
							kPGPKeyPropAlgID, &(pshs->keyalg));

						if (sAddShareHolder (psks, pshs, 
								KMDetermineUserIDIcon (key, NULL, NULL), 
								psks->hwndList)) {
							psks->uTotalShares += pshs->uShares;
							SetDlgItemInt (psks->hwndDlg, IDC_TOTALSHARES, 
									psks->uTotalShares, FALSE);
							SendMessage (psks->hwndDlg, WM_COMMAND, 
									MAKEWPARAM(IDC_THRESHOLD, EN_CHANGE), 0);
						}
						else {
							KMFree (pshs);
						}
					}
				}

				PGPKeyIterNext (keyiter, &key);
			}

SplitDropCleanup :
			if (keyiter)
				PGPFreeKeyIter (keyiter);

			if (keylist)
				PGPFreeKeyList (keylist);

			if (keyset)
				PGPFreeKeySet (keyset);

			if (pMem)
				GlobalUnlock (hMem);
		}
	}
	
	return bKeys;
}
Ejemplo n.º 5
0
BOOL KMSplitKey (PKEYMAN pKM, PGPKeyRef key) 
{
	PSPLITKEYSTRUCT			psks;
	BOOL					bOK;
	PGPKeyID				keyidToSplit;
	PGPPublicKeyAlgorithm	keyalgToSplit;
	HWND					hwnd;

	// find existing dialog struct for this key
	PGPGetKeyIDFromKey (key, &keyidToSplit);
	PGPGetKeyNumber (key, kPGPKeyPropAlgID, &keyalgToSplit);
	psks = pKM->pSplitKeyDialogList;
	while (psks) {
		if (PGPCompareKeyIDs (&keyidToSplit, &(psks->keyidToSplit)) == 0) {
			if (keyalgToSplit == psks->keyalgToSplit) 
				break;
		}
		psks = psks->next;
	}

	// if dialog already exists, move to foreground
	if (psks) {
		SetForegroundWindow (psks->hwndDlg);
		bOK = TRUE;
	}

	// otherwise create new dialog
	else {
		psks = KMAlloc (sizeof (SPLITKEYSTRUCT));
		if (psks) {
			// initialize struct
			psks->pKM = pKM;
			psks->pHeadOfList = &(pKM->pSplitKeyDialogList);
			PGPGetKeyIDFromKey (key, &(psks->keyidToSplit));
			psks->keyalgToSplit = keyalgToSplit;
			KMGetKeyName (key, psks->szUserIDToSplit, kPGPMaxUserIDSize);
			psks->uTotalShares = 0;
			psks->uThreshold = 2;
			psks->iIndexCurrent = -1;
			psks->pshsCurrent = NULL;
			psks->pDropTarget = NULL; 

			// create modeless dialog
			hwnd = CreateDialogParam (g_hInst, 
					MAKEINTRESOURCE (IDD_SPLITKEY),
					NULL, sSplitKeyDlgProc, (LPARAM)psks);

			// make it "floating"
			SetWindowPos (hwnd, HWND_TOPMOST, 
							0, 0, 0, 0, SWP_NOSIZE|SWP_NOMOVE);

			// add dialog struct to list
			psks->next = pKM->pSplitKeyDialogList;
			pKM->pSplitKeyDialogList = psks;
			bOK = TRUE;
		}
		else 
			bOK = FALSE;
	}

	return bOK;
}
Ejemplo n.º 6
0
PVOID __cdecl _pgp_select_keyid(HWND hDlg,LPSTR szKeyID)
{
#if (PGP_WIN32 < 0x700)
	PGPKeySetRef ContactKeyDB;
#else
	PGPKeyDBRef ContactKeyDB;
#endif
    PGPError err;
    err = PGPRecipientDialog(pgpContext, pgpKeyDB, TRUE, &ContactKeyDB,
          PGPOUIParentWindowHandle(pgpContext, hDlg),
          PGPOUIWindowTitle(pgpContext, "Select Contact's Key"),
          PGPOLastOption(pgpContext));
    if (err == kPGPError_UserAbort)
       return 0;

    PGPUInt32 dwKeys;
#if (PGP_WIN32 < 0x700)
	PGPCountKeys(ContactKeyDB, &dwKeys);
#else
	PGPCountKeysInKeyDB(ContactKeyDB, &dwKeys);
#endif
    if (!dwKeys) {
       return 0;
    } else if (dwKeys > 1)
       MessageBox(hDlg, "You selected more than one key. Only the first key will be used.", szModuleName, MB_ICONINFORMATION);

	static PGPKeyID KeyID;

#if (PGP_WIN32 < 0x700)
    PGPKeyListRef ContactKeyList;
    PGPOrderKeySet(ContactKeyDB, kPGPKeyIDOrdering, &ContactKeyList);

    PGPKeyIterRef KeyIterRef;
    PGPNewKeyIter(ContactKeyList, &KeyIterRef);

    PGPKeyRef ContactKey;
    PGPKeyIterNext(KeyIterRef, &ContactKey);

    PGPGetKeyIDFromKey(ContactKey, &KeyID);
	PGPGetKeyIDString(&KeyID, kPGPKeyIDString_Abbreviated, szKeyID);

    PGPFreeKeyList(ContactKeyList);
    PGPFreeKeyIter(KeyIterRef);
    PGPFreeKeySet(ContactKeyDB);
#else
    PGPKeyIterRef KeyIterRef;
    PGPNewKeyIterFromKeyDB(ContactKeyDB, &KeyIterRef);

    PGPKeyDBObjRef KeyDBObjRef;
    PGPKeyIterNextKeyDBObj(KeyIterRef, kPGPKeyDBObjType_Key, &KeyDBObjRef);

    PGPSize dwFilled;
    PGPGetKeyDBObjDataProperty(KeyDBObjRef, kPGPKeyProperty_KeyID, &KeyID, sizeof(PGPKeyID), &dwFilled);
	PGPGetKeyIDString(&KeyID, kPGPKeyIDString_Abbreviated, szKeyID);

    PGPFreeKeyIter(KeyIterRef);
    PGPFreeKeyDB(ContactKeyDB);
#endif

    return (PVOID)&KeyID;
}
Ejemplo n.º 7
0
PGPError PGPclExport 
PGPclUpdateKeySetFromServer (
		PGPContextRef		context,
		PGPtlsContextRef	tlsContext,
		HWND				hwndParent, 
		PGPKeySetRef		keysetToUpdate,
		UINT				uServer,
		PGPKeySetRef		keysetMain,
		PGPKeySetRef*		pkeysetResult)
{
	PGPError				err				= kPGPError_NoErr;
	PGPKeySetRef			keysetCollect	= kInvalidPGPKeySetRef;
	PGPOptionListRef		optionSearch	= kInvalidPGPOptionListRef;
	PGPKeyListRef			keylist			= kInvalidPGPKeyListRef;
	PGPKeyIterRef			keyiter			= kInvalidPGPKeyIterRef;
	PGPKeySetRef			keyset			= kInvalidPGPKeySetRef;

	PGPKeyID				keyid;

	// initialize return keyset
	PGPValidatePtr (pkeysetResult);
	*pkeysetResult = kInvalidPGPKeySetRef;

	if (uServer == PGPCL_USERIDBASEDSERVER) {
		PGPKeyRef		key			= kInvalidPGPKeyRef;

		CHAR			szUserID[kPGPMaxUserIDSize+1];
		PGPSize			size;

		err = PGPNewKeySet (context, &keysetCollect); CKERR;
		err = PGPOrderKeySet (keysetToUpdate, 
								kPGPAnyOrdering, &keylist); CKERR;
		err = PGPNewKeyIter (keylist, &keyiter); CKERR;

		while (	IsntPGPError (err) &&
				IsntPGPError (PGPKeyIterNext (keyiter, &key)) && 
				PGPKeyRefIsValid (key))
		{
			err = PGPGetPrimaryUserIDNameBuffer (key, kPGPMaxUserIDSize,
							szUserID, &size); CKERR;

			err = PGPGetKeyIDFromKey (key, &keyid); CKERR;

			optionSearch = PGPOUIKeyServerSearchKeyIDList (context,
								1, &keyid);

			if (PGPOptionListRefIsValid (optionSearch)) {

				err = sQueryServerInternal (hwndParent,
											context,
											tlsContext,
											optionSearch,
											uServer,
											szUserID,
											keysetMain,
											&keyset); 

				if (IsPGPError (PGPclErrorBox (hwndParent, err)))
					err = kPGPError_NoErr;

				if (IsntPGPError (err))
				{
					if (PGPKeySetRefIsValid (keyset))
					{	
						err = PGPAddKeys (keyset, keysetCollect);
						if (IsntPGPError (PGPclErrorBox (hwndParent, err))) 
						{
							err = PGPCommitKeyRingChanges (keysetCollect);
							PGPclErrorBox (hwndParent, err);
						}
					}
				}

				if (PGPKeySetRefIsValid (keyset))
				{
					PGPFreeKeySet (keyset);
					keyset = kInvalidPGPKeySetRef;
				}
			}
		}

		if (PGPKeySetRefIsValid (keysetCollect)) 
		{	
			*pkeysetResult = keysetCollect;
			keysetCollect = kInvalidPGPKeySetRef;
		}
	}

	else { 
		optionSearch = PGPOUIKeyServerSearchKeySet (context, keysetToUpdate);

		if (PGPOptionListRefIsValid (optionSearch)) {

			err = sQueryServerInternal (hwndParent,
										context,
										tlsContext,
										optionSearch,
										uServer,
										"",
										keysetMain,
										&keysetCollect);

			if (IsntPGPError (err)) 
			{	
				*pkeysetResult = keysetCollect;
				keysetCollect = kInvalidPGPKeySetRef;
			}
		}
	}

done :
	if (PGPKeyListRefIsValid (keylist))
		PGPFreeKeyList (keylist);
	if (PGPKeyIterRefIsValid (keyiter))
		PGPFreeKeyIter (keyiter);
	if (PGPKeySetRefIsValid (keyset))
		PGPFreeKeySet (keyset);
	if (PGPKeySetRefIsValid (keysetCollect))
		PGPFreeKeySet (keysetCollect);

	return err;
}
Ejemplo n.º 8
0
PGPError findUltimatelyTrustedKeys(struct pgpmainBones *mainbPtr,
        PGPKeySetRef secRingSet,
        PGPKeySetRef bothRingsSet,
        PGPFilterRef *depthFilter)
{

    struct pgpfileBones *filebPtr = mainbPtr->filebPtr;
    PGPKeyIterRef keyiter;
    PGPKeyRef skey;
    PGPKeyListRef secKeylist;
    PGPKeyListRef bothKeylist;
    PGPError err;
    PGPUInt32 trust;
    PGPBoolean compatible = mainbPtr->envbPtr->compatible;
    char kstr[kPGPMaxKeyIDStringSize];
    char useridstr[ kPGPMaxUserIDSize ];
    PGPContextRef context = mainbPtr->pgpContext;
    PGPKeyID kid;
    PGPBoolean firstUltimatelyTrustedKey = TRUE;
    PGPFilterRef singletonFilter = NULL;

    /* Pass 1: locate ultimately-trusted keys. */

    fprintf(filebPtr->pgpout,
        LANG("\nPass 1: Looking for the \"ultimately-trusted\" keys...\n"));

    err = PGPOrderKeySet( secRingSet, kPGPAnyOrdering, &secKeylist );
    if( IsPGPError(err) )
        return -1;

    err = PGPOrderKeySet( bothRingsSet, kPGPAnyOrdering, &bothKeylist );
    if( IsPGPError(err) )
        return -1;

    err = PGPNewKeyIter( secKeylist, &keyiter );
    pgpAssertNoErr(err);
    err = PGPKeyIterRewind( keyiter );
    pgpAssertNoErr(err);

    err = PGPKeyIterNext( keyiter, &skey);
    /*if error, no keys found.*/

    if (err) {
        fprintf(filebPtr->pgpout, LANG("No ultimately-trusted keys.") );
        return err;
    }

    while( skey != NULL )
    {

        err = PGPGetKeyNumber( skey, kPGPKeyPropTrust, &trust);
        pgpAssertNoErr(err);

        if (trust == kPGPKeyTrust_Ultimate) {

            err = pgpGetKeyIDStringCompatFromKey( skey, TRUE, compatible,
                    kstr );

            pgpAssertNoErr(err);
            err =  pgpGetUserIDStringFromKey( skey, useridstr );
            pgpAssertNoErr(err);

            /*  '*' means axiomatically trusted.  */

            fprintf(filebPtr->pgpout, LANG("* %s %s\n") ,kstr,useridstr);

            /* Make filter for depth 0 (=ultimately-trusted) keys. */

            err = PGPGetKeyIDFromKey  (skey, &kid);
            pgpAssertNoErr(err);

            if (firstUltimatelyTrustedKey) {

                err = PGPNewKeyIDFilter( context, &kid, depthFilter );
                pgpAssertNoErr(err);
                firstUltimatelyTrustedKey = FALSE;
            }
            else {

                err = PGPNewKeyIDFilter( context, &kid, &singletonFilter );
                pgpAssertNoErr(err);

                err = PGPUnionFilters ( singletonFilter, *depthFilter,
                        depthFilter );

                pgpAssertNoErr(err);
            }
        }
        err = PGPKeyIterNext( keyiter, &skey);

    }

    err = PGPFreeKeyList( bothKeylist );
    pgpAssertNoErr(err);
    err = PGPFreeKeyList( secKeylist );
    pgpAssertNoErr(err);

    return 0;
} /* findUltimatelyTrustedKeys */
Ejemplo n.º 9
0
PGPError printNextSignatureChainLink(struct pgpmainBones *mainbPtr,
        PGPKeySetRef bothRingsSet,
        PGPKeyRef key,
        PGPBoolean visited,
        PGPUInt32 currentDepth)
{
    PGPContextRef context = mainbPtr->pgpContext;
    struct pgpfileBones *filebPtr = mainbPtr->filebPtr;
    PGPUserValue traceValue;
    PGPUInt32 keyDepth;
    PGPKeyListRef kidsList;
    PGPKeySetRef kidsSet;
    PGPFilterRef kidsFilter;
    PGPFilterRef singletonFilter;
    PGPFilterRef notParentFilter;
    PGPKeyIterRef keyIter;
    char useridstr[kPGPMaxUserIDSize];
    PGPError err = kPGPError_NoErr;
    PGPKeyID keyID;

    /* For first time at node? Create keyset containing its children. */

    if (!visited)  {

        err = PGPGetKeyIDFromKey( key, &keyID);
        pgpAssertNoErr(err);

        err = PGPNewSigKeyIDFilter(context, &keyID, &kidsFilter);
        pgpAssertNoErr(err);

        err = PGPNewKeyIDFilter( context, &keyID, &singletonFilter );
        pgpAssertNoErr(err);

        err = PGPNegateFilter( singletonFilter, &notParentFilter);
        pgpAssertNoErr(err);

        err = PGPIntersectFilters( notParentFilter, kidsFilter,
                &kidsFilter );

        pgpAssertNoErr(err);


        if (kidsFilter == NULL) return 0;           /* childless node */

        err = PGPFilterKeySet(bothRingsSet, kidsFilter, &kidsSet);
        pgpAssertNoErr(err);

        err = PGPOrderKeySet( kidsSet, kPGPAnyOrdering, &kidsList);
        pgpAssertNoErr(err);

        err = PGPNewKeyIter(kidsList, &keyIter);
        pgpAssertNoErr(err);

        err = PGPKeyIterRewind( keyIter);
        pgpAssertNoErr(err);

        err = PGPKeyIterNext( keyIter, &key);

        if (IsPGPError(err)) {  /* childless */

            PGPFreeKeyIter( keyIter);
            return 0;
        }
    }

    while (key != NULL) {

        err = PGPGetKeyUserVal(key, &traceValue);
        pgpAssertNoErr(err);

        visited = (PGPUInt32)traceValue & VISITED_MASK;
        keyDepth = (PGPUInt32)traceValue & DEPTH_MASK;

        err = pgpGetUserIDStringFromKey(key, useridstr);
        pgpAssertNoErr(err);

        fprintf(filebPtr->pgpout, LANG("%*s"), (2 * currentDepth), " ");
        fprintf(filebPtr->pgpout, LANG("> %s\n"), useridstr);

        if (visited || (keyDepth < currentDepth) )  return 0;

        traceValue = (PGPUserValue)( VISITED_MASK | keyDepth);
        err = PGPSetKeyUserVal(key, traceValue);
        pgpAssertNoErr(err);

        err = PGPGetKeyIDFromKey( key, &keyID);
        pgpAssertNoErr(err);

        err = printNextSignatureChainLink(mainbPtr, bothRingsSet, key,
                visited, currentDepth+1);

        err = PGPKeyIterNext( keyIter, &key );

        if ( IsPGPError(err) ) {    /* traversed all children of this node */

            PGPFreeKeyIter( keyIter);
            return 0;
        }
    }
    return err;
} /* printNextSignatureChainLink */
Ejemplo n.º 10
0
PGPError markSignatureChainDepths(struct pgpmainBones *mainbPtr,
        PGPKeySetRef bothRingsSet,
        PGPFilterRef depthFilter)
{
    struct pgpfileBones *filebPtr = mainbPtr->filebPtr;
    PGPContextRef context = mainbPtr->pgpContext;
    PGPBoolean compatible = mainbPtr->envbPtr->compatible;

    PGPKeyIterRef keyiter;
    PGPKeyID kid;
    PGPKeySetRef depthSet;
    PGPKeyListRef depthList;
    PGPKeyRef key;
    PGPFilterRef signedByMeFilter = NULL;
    PGPFilterRef usedKeysFilter = NULL;
    PGPFilterRef unusedKeysFilter = NULL;
    char kstr[kPGPMaxKeyIDStringSize];
    char useridstr[ kPGPMaxUserIDSize ];

    PGPError err;
    PGPBoolean firstKeyAtThisDepth;
    PGPUInt32 depth = 0;
    PGPUInt32 count;
    PGPUserValue traceValue;
    /* Trace value contains highest depth in sig chain where this key
       appears.  High bit ='visited' flag - indicates if chain has been
       followed from this point. */

    fprintf(filebPtr->pgpout,
            LANG("\nPass 2: Tracing signature chains...\n"));

    usedKeysFilter = depthFilter;
    err = PGPNegateFilter( usedKeysFilter, &unusedKeysFilter );
    pgpAssertNoErr(err);

    err = PGPFilterKeySet( bothRingsSet, depthFilter, &depthSet);
    pgpAssertNoErr(err);

    err = PGPCountKeys( depthSet, &count);
    pgpAssertNoErr(err);

    if (count == 0) {
        fprintf(filebPtr->pgpout, LANG("No ultimately-trusted keys.") );
        return -1;
    }

    while ( TRUE ) {
        firstKeyAtThisDepth = TRUE;
        err = PGPOrderKeySet(depthSet, kPGPAnyOrdering, &depthList);
        pgpAssertNoErr(err);
        err = PGPNewKeyIter( depthList, &keyiter );
        pgpAssertNoErr(err);
        err = PGPKeyIterRewind( keyiter );
        pgpAssertNoErr(err);
        err = PGPKeyIterNext( keyiter, &key);

        while( key != NULL ) {

            err = pgpGetKeyIDStringCompatFromKey( key, TRUE, compatible,
                    kstr );
            pgpAssertNoErr(err);
            err =  pgpGetUserIDStringFromKey( key, useridstr );
            pgpAssertNoErr(err);

            /* Mark its highest depth level on each key. */

            err = PGPGetKeyUserVal( key, &traceValue);
            pgpAssertNoErr(err);

            if ( (PGPUInt32)traceValue == 0) {
                (PGPUInt32)traceValue = depth;

                err = PGPSetKeyUserVal( key, traceValue);
                pgpAssertNoErr(err);
            }

            err = PGPGetKeyIDFromKey( key, &kid );
            pgpAssertNoErr(err);

            if (firstKeyAtThisDepth) {

                err = PGPNewSigKeyIDFilter(context, &kid, &depthFilter);
                pgpAssertNoErr(err);
                firstKeyAtThisDepth = FALSE;
            } else {

                err = PGPNewSigKeyIDFilter(context, &kid, &signedByMeFilter);
                pgpAssertNoErr(err);
                err = PGPUnionFilters( signedByMeFilter, depthFilter,
                        &depthFilter);
                pgpAssertNoErr(err);
            }

            err = PGPKeyIterNext( keyiter, &key);
        }

        err = PGPIntersectFilters(unusedKeysFilter, depthFilter,
                &depthFilter);

        pgpAssertNoErr(err);

        /* Create next depth level. */
        err = PGPFreeKeySet( depthSet );
        pgpAssertNoErr(err);
        err = PGPFilterKeySet( bothRingsSet, depthFilter, &depthSet);
        pgpAssertNoErr(err);
        err = PGPCountKeys( depthSet, &count);
        pgpAssertNoErr(err);

        err = PGPFreeKeyIter( keyiter );
        pgpAssertNoErr(err);

        if (count == 0) return 0;

        err = PGPUnionFilters( depthFilter, usedKeysFilter, &usedKeysFilter);
        pgpAssertNoErr(err);
        err = PGPNegateFilter( usedKeysFilter, &unusedKeysFilter );
        pgpAssertNoErr(err);
        depth ++;
    }
} /* markSignatureChainDepths */
Ejemplo n.º 11
0
void ShowKeyring(HWND hWnd, 
				 int nListCtrl, 
				 PGPContextRef pgpContext,
				 PGPKeySetRef onlyThisKeySet,
				 PGPBoolean bShowRSA, 
				 PGPBoolean bShowDH,
				 PGPBoolean bMustEncrypt,
				 PGPBoolean bMustSign)
{
    PGPKeyRef       newKey		= NULL;
	PGPKeyID		newKeyID;
	PGPSubKeyRef	newSubKey	= NULL;
    PGPError        err;
	PGPKeySetRef	userKeySet	= NULL;
    PGPKeyListRef	klist;
    PGPKeyIterRef	kiter;

	unsigned char	szUserID[kPGPMaxUserIDSize+1];
	char			szTempKeyID[kPGPMaxKeyIDStringSize+1];
	char			szSize[64];
	char			szCreation[64];
	char			szTitle[255];
	UINT			nLength;
	HWND			hList;
	HDC				hDC;
	int				iNumBits;
	LV_ITEM			lviKey;
	LV_COLUMN		lvcKey;
	UINT			nItem;
	HIMAGELIST		hImages;
	HBITMAP			hBmp;
	PGPInt32		nSignSize;
	PGPInt32		nEncryptSize;
	PGPTime			tCreation;
	PGPUInt16		year, month, day;
	PGPBoolean		bIsRevoked;
	PGPBoolean		bIsDisabled;
	PGPBoolean		bIsExpired;
	PGPBoolean		bIsEncryptKey;
	PGPBoolean		bIsSigningKey;

	PGPPublicKeyAlgorithm lAlg;

    if(IsPGPError(err = PGPOpenDefaultKeyRings(pgpContext, 
							(PGPKeyRingOpenFlags) 0, &userKeySet)))
	{
		MessageBox(NULL, "PGPOpenDefaultKeyRings error", "debug", MB_OK);
		return;
	}

	hList = GetDlgItem(hWnd, nListCtrl);
	ListView_DeleteAllItems(hList);
	ListView_DeleteColumn(hList, 2);
	ListView_DeleteColumn(hList, 1);
	ListView_DeleteColumn(hList, 0);
	
	hDC = GetDC (NULL);		// DC for desktop
	iNumBits = GetDeviceCaps (hDC, BITSPIXEL) * GetDeviceCaps (hDC, PLANES);
	ReleaseDC (NULL, hDC);

	if (iNumBits <= 8) 
	{
		hImages = ImageList_Create (16, 16, ILC_COLOR | ILC_MASK, 
					NUM_BITMAPS, 0); 
		hBmp = LoadBitmap (g_hInstance, MAKEINTRESOURCE (IDB_IMAGES4BIT));
		ImageList_AddMasked (hImages, hBmp, RGB(255, 0, 255));
		DeleteObject (hBmp);
	}
	else 
	{
		hImages = ImageList_Create (16, 16, ILC_COLOR24 | ILC_MASK, 
					NUM_BITMAPS, 0); 
		hBmp = LoadBitmap (g_hInstance, MAKEINTRESOURCE (IDB_IMAGES24BIT));
		ImageList_AddMasked (hImages, hBmp, RGB(255, 0, 255));
		DeleteObject (hBmp);
	}

	ListView_SetImageList(hList, hImages, LVSIL_SMALL);

	// Setup the list control columns
	LoadString(g_hInstance, IDS_USERID, szTitle, 254); 
	lvcKey.mask = LVCF_FMT | LVCF_TEXT | LVCF_WIDTH | LVCF_SUBITEM;
	lvcKey.fmt = LVCFMT_LEFT;
	lvcKey.cx = 175;
	lvcKey.pszText = szTitle;
	lvcKey.iSubItem = -1;
	ListView_InsertColumn(hList, 0, &lvcKey);
	
	LoadString(g_hInstance, IDS_CREATION, szTitle, 254); 
	lvcKey.mask = LVCF_FMT | LVCF_TEXT | LVCF_WIDTH | LVCF_SUBITEM;
	lvcKey.fmt = LVCFMT_CENTER;
	lvcKey.cx = 75;
	lvcKey.pszText = szTitle;
	lvcKey.iSubItem = 1;
	ListView_InsertColumn(hList, 1, &lvcKey);
	
	LoadString(g_hInstance, IDS_KEYSIZE, szTitle, 254); 
	lvcKey.mask = LVCF_FMT | LVCF_TEXT | LVCF_WIDTH | LVCF_SUBITEM;
	lvcKey.fmt = LVCFMT_CENTER;
	lvcKey.cx = 75;
	lvcKey.pszText = szTitle;
	lvcKey.iSubItem = 2;
	ListView_InsertColumn(hList, 2, &lvcKey);

    /* Initialize keyrings */

    PGPOrderKeySet(userKeySet, kPGPUserIDOrdering, &klist);
    PGPNewKeyIter(klist, &kiter);
	PGPKeyIterNext(kiter, &newKey);

	nItem = 0;
	while (newKey)
	{
		PGPGetKeyBoolean(newKey, kPGPKeyPropIsRevoked, &bIsRevoked);
		PGPGetKeyBoolean(newKey, kPGPKeyPropIsDisabled, &bIsDisabled);
		PGPGetKeyBoolean(newKey, kPGPKeyPropIsExpired, &bIsExpired);
		PGPGetKeyBoolean(newKey, kPGPKeyPropIsEncryptionKey, &bIsEncryptKey);
		PGPGetKeyBoolean(newKey, kPGPKeyPropIsSigningKey, &bIsSigningKey);

		if ((bIsRevoked || bIsDisabled || bIsExpired) ||
			(!bIsEncryptKey && bMustEncrypt) ||
			(!bIsSigningKey && bMustSign))
		{
			PGPKeyIterNext(kiter, &newKey);
			continue;
		}

		PGPGetKeyNumber(newKey, kPGPKeyPropAlgID, (PGPInt32 *) &lAlg);
		if ((bShowRSA && (lAlg == kPGPPublicKeyAlgorithm_RSA)) ||
			(bShowDH && (lAlg == kPGPPublicKeyAlgorithm_DSA)))
		{
			if (IsPGPError(PGPGetPrimaryUserIDNameBuffer(newKey,
					kPGPMaxUserIDSize, (char*)szUserID,  &nLength)))
			{
				PGPKeyIterNext(kiter, &newKey);
				continue;
			}
			szUserID[nLength] = 0;

			if (IsPGPError(PGPGetKeyNumber(newKey, kPGPKeyPropBits, 
							&nSignSize)))
			{
				PGPKeyIterNext(kiter, &newKey);
				continue;
			}

			if (lAlg == kPGPPublicKeyAlgorithm_DSA)
			{
				PGPKeyIterNextSubKey(kiter, &newSubKey);
				if (newSubKey) {
					if (IsPGPError(PGPGetSubKeyNumber(newSubKey, 
									kPGPKeyPropBits, &nEncryptSize)))
					{
						PGPKeyIterNext(kiter, &newKey);
						continue;
					}
					wsprintf(szSize, "%d/%d", nEncryptSize, nSignSize);
				}
				else
					wsprintf(szSize, "%d", nSignSize);
			}
			else
				wsprintf(szSize, "%d", nSignSize);

			if (IsPGPError(PGPGetKeyTime(newKey, kPGPKeyPropCreation, 
							&tCreation)))
			{
				PGPKeyIterNext(kiter, &newKey);
				continue;
			}
			PGPGetYMDFromPGPTime(tCreation, &year, &month, &day);
			wsprintf(szCreation, "%d/%d/%d", month, day, year);

			if (onlyThisKeySet != NULL)
			{
				if (!PGPKeySetIsMember(newKey, onlyThisKeySet))
				{
					PGPKeyIterNext(kiter, &newKey);
					continue;
				}
			}

			PGPGetKeyIDFromKey(newKey, &newKeyID);
			PGPGetKeyIDString(&newKeyID, kPGPKeyIDString_Full, szTempKeyID);
			
			lviKey.mask = LVIF_TEXT | LVIF_PARAM | LVIF_IMAGE;
			lviKey.pszText = (char *) szUserID;
			lviKey.iItem = nItem;
			lviKey.iSubItem = 0;
			if (lAlg == kPGPPublicKeyAlgorithm_RSA)
				lviKey.iImage = IDX_RSAPUBKEY;
			if (lAlg == kPGPPublicKeyAlgorithm_DSA)
				lviKey.iImage = IDX_DSAPUBKEY;
			lviKey.lParam = (long) pgpAlloc(strlen(szTempKeyID)+1);
			strcpy((char *) lviKey.lParam, szTempKeyID);
			ListView_InsertItem(hList, &lviKey);

			lviKey.mask = LVIF_TEXT;
			lviKey.pszText = szCreation;
			lviKey.iItem = nItem;
			lviKey.iSubItem = 1;
			ListView_SetItem(hList, &lviKey);

			lviKey.mask = LVIF_TEXT;
			lviKey.pszText = szSize;
			lviKey.iItem = nItem;
			lviKey.iSubItem = 2;
			ListView_SetItem(hList, &lviKey);

			nItem++;
		}
		PGPKeyIterNext(kiter, &newKey);
	}
	PGPFreeKeyIter( kiter );
	PGPFreeKeyList( klist );

    /* Everything was OK */
    err = kPGPError_NoErr;
	PGPFreeKeySet(userKeySet);
	return;
}
Ejemplo n.º 12
0
PGPError PGPclExport
PGPclGetCachedSigningPhrase (
		PGPContextRef		context, 
		PGPtlsContextRef	tlsContext,
		HWND				hwnd,
		LPSTR				szPrompt,
		BOOL				bForceUserInput, 
		LPSTR*				pszBuffer, 
		PGPKeySetRef		keysetSigning,
		PGPKeyRef*			pkeySigning,
		PGPHashAlgorithm*	pulHashAlg,
		UINT*				puOptions, 
		UINT				uFlags,
		PGPByte**			ppPasskeyBuffer,
		PGPUInt32*			piPasskeyLength,
		PGPKeySetRef*		pkeysetAdded,
		char *				szTitle)
{
	PGPBoolean		bCacheEnabled	= FALSE;
	PGPUInt32		uCacheSecs		= 0;
	PGPError		err				= kPGPError_NoErr;
	PGPBoolean		bWarnRSADSA		= FALSE;
	BOOL			bAskUser		= TRUE;
	PGPSize			size;
	PGPPrefRef		prefref;
	PGPKeyID		keyid;
	DWORD			dw;

	// Get needed preferences
	err = PGPclOpenClientPrefs (PGPGetContextMemoryMgr (context), &prefref);
	if (IsntPGPError (err))
	{
		PGPGetPrefBoolean (prefref, kPGPPrefSignCacheEnable, &bCacheEnabled);
		PGPGetPrefNumber (prefref, kPGPPrefSignCacheSeconds, &uCacheSecs);
		// Need a never show again box?
		PGPGetPrefBoolean (prefref, 
					kPGPPrefWarnOnRSARecipAndNonRSASigner, &bWarnRSADSA);
		PGPclCloseClientPrefs (prefref, FALSE);
	}

	EnterCriticalSection (&criticalSectionCache);

	// use phrase from cache
	if (!bForceUserInput && 
		bCacheEnabled && 
		sIsCacheValid (&cacheSigning)) 
	{
		err = kPGPError_NoErr;

		if (bWarnRSADSA && 
			(cacheSigning.CachedKeyAlg != kPGPPublicKeyAlgorithm_RSA) && 
			(uFlags & PGPCL_RSAENCRYPT)) 
		{
			PGPBoolean bNeverShowAgain	= FALSE;

			err = PGPclRSADSAMixWarning (hwnd, &bNeverShowAgain);

			switch (err) {
			case kPGPError_NoErr :
				bAskUser = TRUE;
				if (bNeverShowAgain) {
					err = PGPclOpenClientPrefs (
								PGPGetContextMemoryMgr (context), &prefref);
					if (IsntPGPError (err))
					{
						PGPSetPrefBoolean (prefref, 
							kPGPPrefWarnOnRSARecipAndNonRSASigner, FALSE);
						PGPclCloseClientPrefs (prefref, TRUE);
					}
				}
				break;

			case kPGPError_UserAbort :
				bAskUser = FALSE;
				break;
			}
		}

		if (err == kPGPError_NoErr) {
			// reset cache duration
			sSetCacheDuration (&cacheSigning, uCacheSecs);

			// see if cached key is in keyset
			if (pkeySigning) {
				err = PGPImportKeyID (&cacheSigning.CachedKeyID, &keyid);
				if (IsntPGPError (err)) {

					// if so, get keyref for this keyid
					err = PGPGetKeyByKeyID (keysetSigning, &keyid, 
								kPGPPublicKeyAlgorithm_Invalid, pkeySigning);
					if (IsPGPError (err)) 
						*pkeySigning = NULL;
				}

				err = sCopyCache (&cacheSigning, context, pszBuffer, 
										ppPasskeyBuffer, piPasskeyLength);

				if (pulHashAlg) 
					*pulHashAlg = cacheSigning.CachedHashAlg;
				if (puOptions) 
					*puOptions = cacheSigning.uCachedOptions;

				bAskUser = FALSE;
			}
		}
	}

	// otherwise, get phrase from user
	if (bAskUser) 
	{
		sEmptyCache (&cacheSigning);

		// call PGPcl routine to post passphrase dialog
		err = PGPclGetPhrase (context, keysetSigning, hwnd, szPrompt, 
									 &cacheSigning.pszCachedPassphrase, 
									 NULL, NULL, 0, pkeySigning, puOptions, 
									 uFlags,
									 &cacheSigning.pCachedPasskey,
									 &cacheSigning.iCachedPasskeyLength,
									 0, 0, tlsContext, pkeysetAdded,szTitle);

		// user entered phrase -- setup cache
		if ((err == kPGPError_NoErr) && 
			(cacheSigning.pszCachedPassphrase || 
						cacheSigning.pCachedPasskey)) 
		{
			// scramble cache contents
			sScrambleCache (&cacheSigning);

			if (bCacheEnabled) {
				sSetCacheDuration (&cacheSigning, uCacheSecs);

				if (!cacheSigning.bCacheActive) {
					cacheSigning.bCacheActive = TRUE;
					_beginthreadex (NULL, 0, 
						(LPTHREAD_START_ROUTINE)sClearSigningCacheThread, 
						0, 0, &dw);
				}
			}

			// copy to caller's buffers
			err = sCopyCache (&cacheSigning, context, pszBuffer, 
								ppPasskeyBuffer, piPasskeyLength);

			PGPGetHashAlgUsed (*pkeySigning, &cacheSigning.CachedHashAlg);
			if (pulHashAlg) 
				*pulHashAlg = cacheSigning.CachedHashAlg;

			if (bCacheEnabled) {
				if (puOptions) 
					cacheSigning.uCachedOptions = *puOptions;
				else 
					cacheSigning.uCachedOptions = 0;

				PGPGetKeyIDFromKey (*pkeySigning, &keyid);
				PGPExportKeyID (&keyid, 
									cacheSigning.CachedKeyID, &size);

				PGPGetKeyNumber (*pkeySigning, 
					kPGPKeyPropAlgID, &cacheSigning.CachedKeyAlg);
			}
			else 
			{
				sEmptyCache (&cacheSigning);
			}
		}

		// problem (cancel or other error) -- flush cache
		else {
			sEmptyCache (&cacheSigning);
			sSetCacheDuration (&cacheSigning, 0);

			if (err == kPGPError_NoErr)
				err = kPGPError_UserAbort;
		}
	}

	LeaveCriticalSection (&criticalSectionCache);

	return err;
}
Ejemplo n.º 13
0
PGPError addToWorkingRingSet(struct pgpmainBones *mainbPtr, PGPKeySetRef
                             keySet, PGPBoolean bAddToDefault )
{
    PGPContextRef context = mainbPtr->pgpContext;
    PGPEnv *env = pgpContextGetEnvironment( context );
    struct pgpfileBones *filebPtr = mainbPtr->filebPtr;
    struct pgpenvBones *envbPtr = mainbPtr->envbPtr;
    PGPKeyIterRef iter = NULL;
    PGPError err;
    PGPKeyRef key = 0;
    PGPKeyRef origkey = 0;
    PGPKeyID keyid;
    int copying = 0;
    int newkeys = 0, newsigs = 0, newuids = 0, newrvks = 0;
    PGPKeyListRef keylist = 0;
    char* ringfile = "";
    PGPInt32 pri;
    PGPInt32 verbose = pgpenvGetInt( env, PGPENV_VERBOSE, &pri, &err );
    PGPInt32 interactive = envbPtr->interactiveAdd;
    PGPBoolean batchmode = pgpenvGetInt( env, PGPENV_BATCHMODE, &pri, &err );
    PGPKeySetRef keepset = NULL, origset = NULL;
    PGPBoolean ans;

    PGPKeySetRef		defKeySet = kPGPInvalidRef;
    err = PGPOpenDefaultKeyRings(context, kPGPKeyRingOpenFlags_Mutable, &defKeySet);
    if(IsPGPError(err))
        goto done;

    if(bAddToDefault)
        mainbPtr->workingRingSet = defKeySet;

    pgpAssertAddrValid( mainbPtr, struct pgpmainBones );
    pgpAssertAddrValid( mainbPtr->workingRingSet, PGPKeySetRef );

    err = PGPNewEmptyKeySet( mainbPtr->workingRingSet, &origset );
    pgpAssertNoErr(err);

    err = PGPOrderKeySet( keySet, kPGPAnyOrdering, &keylist );
    pgpAssertNoErr(err);

    err = PGPNewKeyIter( keylist, &iter );
    pgpAssertNoErr(err);

    if(verbose)
        fprintf(filebPtr->pgpout,
                LANG("\nPASS 1.. find the existing keys\n"));

    err = PGPKeyIterRewind( iter );
    pgpAssertNoErr(err);
    err = PGPKeyIterNext( iter, &key);
    if( err ) {
        fprintf( filebPtr->pgpout,LANG("Could not read key from keyfile."));
        goto done;
    }
    while( key ) {
        err = PGPGetKeyIDFromKey( key, &keyid );
        pgpAssertNoErr(err);
        err = PGPGetKeyByKeyID( defKeySet, &keyid,
                                kPGPPublicKeyAlgorithm_Invalid,
                                &origkey );
        if(err == 0 )
            err = pgpAddKeyToKeySet( origkey, origset );
        err = PGPKeyIterNext( iter, &key );
    }

    if(verbose)
        fprintf(filebPtr->pgpout,
                LANG("\nPASS 2.. ask whether to add the new keys\n"));

    err = PGPKeyIterRewind( iter );
    pgpAssertNoErr(err);

    err = PGPKeyIterNext( iter, &key);
    if( err ) {
        fprintf( filebPtr->pgpout,LANG("Could not read key from keyfile."));
        goto done;
    }

    while( key ) {
        PGPBoolean isnew;
        err = PGPGetKeyIDFromKey( key, &keyid );
        pgpAssertNoErr(err);
        err = PGPGetKeyByKeyID( defKeySet, &keyid,
                                kPGPPublicKeyAlgorithm_Invalid,
                                &origkey );

        /* Copy if all criteria are met */
        copying = 0;
        isnew = FALSE;
        if(err == 0 ) {
            copying = 1;
        } else {
            /* is a new key*/
            err = pgpShowKeyListFormat( filebPtr,
                                        mainbPtr->workingRingSet, iter, key, kShow_Sigs |
                                        kShow_Checks );

            if( interactive ) {
                fprintf( filebPtr->pgpout, LANG(
                             "\nDo you want to add this key to keyring '%s' (y/N)? "), ringfile);

                copying = getyesno(filebPtr,'n', batchmode ) ? 1 : 0;
            } else
                copying = 1;
            if(copying) {
                isnew=TRUE;
                newkeys++;
            }
        }
        if( copying ) {
            if(keepset == NULL) {
                err = PGPNewKeySet( context, &keepset );
                pgpAssertNoErr(err);
            }
            err = pgpAddKeyToKeySet( key, keepset );
            if(IsPGPError(err)) {
                pgpShowError(filebPtr, err,__FILE__,__LINE__);
            }
            if( isnew && !batchmode ) {
                /* This is not efficient, because it loops on
                   keepset, so avoid calling it in batchmode. */
                err = pgpMarkKeyInSet( keepset, key );
            }
        }
        err = PGPKeyIterNext( iter, &key );
        if( err != 0 || key == 0 ) {
            break;
        }
    }
    if(err == kPGPError_EndOfIteration)
        err = 0;


    if( newkeys > 0 && !interactive ) {
        fprintf( filebPtr->pgpout, LANG("\nkeyfile contains %d new keys. "),
                 newkeys);
        fprintf( filebPtr->pgpout, LANG(
                     "Add these keys to keyring ? (Y/n) "));
        fflush( filebPtr->pgpout );
        ans = getyesno(filebPtr, 'y', batchmode);

        /* add a newline to make it easier to read */
        fprintf(filebPtr->pgpout, "\n");
        fflush(filebPtr->pgpout);

        if(!ans)
            goto done;
    }

    if(verbose)
        fprintf(filebPtr->pgpout, LANG(
                    "\nPASS 3.. show the new userids and new sigs\n"));
    {
        PGPSize keys,uids,sigs,rvks;

        err = pgpMarkKeySet( origset );
        pgpAssertNoErr(err);

        err = PGPAddKeys( origset, keepset );
        pgpAssertNoErr(err);


        /*
         *	mark default key set to determine which keys are
         *	being added in, need to do this because mainbPtr->workingRingSet
         *	might be a in memory key set
         */
        err = pgpMarkKeySet( defKeySet );
        pgpAssertNoErr(err);

        err = PGPAddKeys( keepset, defKeySet );
        pgpAssertNoErr(err);

        err = pgpShowKeySetUnmarked( filebPtr, defKeySet, &keys, &uids,
                                     &sigs, &rvks );

        pgpAssertNoErr(err);
        /*newkeys += keys;*/
        newuids += uids;
        newsigs += sigs;
        newrvks += rvks;
    }

    if(verbose)
        fprintf(filebPtr->pgpout,
                LANG("\nPASS 4... add them to the keyring\n"));

    if(!bAddToDefault)
    {
        err = PGPAddKeys( keepset, mainbPtr->workingRingSet );
        pgpAssertNoErr(err);
    }

    /* For now AddKeys should be more or less the same as mergekeys */

    /* User feedback */

    if( newsigs == 0 && newkeys == 0 && newuids == 0 && newrvks == 0 ) {
        goto done;
    }

    /* Check signatures */
    PGPCheckKeyRingSigs( keepset, mainbPtr->workingRingSet, 0, NULL, NULL );

    if( err ) {
        if( verbose ) {
            fprintf(filebPtr->pgpout, LANG(
                        "addToWorkingRingSet: pgpDoCheckKeySet() returned %d\n"), err);
        }
        goto done;
    }

    /* More user feedback */

    fprintf(filebPtr->pgpout, LANG("\nKeyfile contains:\n"));
    if (newkeys)
        fprintf(filebPtr->pgpout, LANG("%4d new key(s)\n"), newkeys);
    if (newsigs)
        fprintf(filebPtr->pgpout, LANG("%4d new signatures(s)\n"), newsigs);
    if (newuids)
        fprintf(filebPtr->pgpout, LANG("%4d new user ID(s)\n"), newuids);
    if (newrvks)
        fprintf(filebPtr->pgpout, LANG("%4d new revocation(s)\n"), newrvks);

    err = PGPPropagateTrust( mainbPtr->workingRingSet );
    pgpAssertNoErr(err);

    /* mainbPtr->workingRingSet = ringSet;*/
    /* mainbPtr->workingGroupSet = NULL;*/
    err = pgpProcessUncertifiedKeys( mainbPtr, keepset );
    if( IsPGPError(err)) {
        if(err == kPGPError_UserAbort)
            err = kPGPError_NoErr;
        goto done;
    }

    err = pgpProcessUntrustedKeys( mainbPtr, keepset,
                                   mainbPtr->workingRingSet );

done:
    if(PGPKeySetNeedsCommit(mainbPtr->workingRingSet))
        PGPCommitKeyRingChanges(mainbPtr->workingRingSet);
    if(defKeySet != kPGPInvalidRef)
        PGPFreeKeySet(defKeySet);
    if(keepset != NULL)
        PGPFreeKeySet( keepset );
    if( iter )
        PGPFreeKeyIter( iter );
    if( keylist)
        PGPFreeKeyList( keylist );
    if( origset )
        PGPFreeKeySet( origset );


    /* The event handler will call addToRingSetFinish( ringSet ); before
       this is done */

    return err;
}
Ejemplo n.º 14
0
/*
   Examines the keys in keyset and updates the trust of corresponding
   keys in ringSet.

   It is not assumed that parameter keyset comes from the same key
   database as ringSet.
 */
PGPError pgpProcessUntrustedKeys( struct pgpmainBones *mainbPtr,
                                  PGPKeySetRef keyset, PGPKeySetRef ringSet )
{
    struct pgpfileBones *filebPtr = mainbPtr->filebPtr;
    PGPKeyRef key,origkey;
    PGPKeyID keyid;
    PGPKeyIterRef keyiter = NULL;
    PGPKeyListRef keylist = NULL;
    PGPError err;

    err = PGPOrderKeySet( keyset, kPGPAnyOrdering, &keylist);
    pgpAssertNoErr(err);
    err = PGPNewKeyIter( keylist, &keyiter );
    pgpAssertNoErr(err);

    for(;;) {
        PGPBoolean endloop;

        /* loop while there are any (at least marginally valid) keys
           whose trust has not been set. */

        /* while keys still with undefined trust, allow wetware editing
           of trust parameter (avoid iterating main ringSet due to ldap
           servers and potential size of set) */

        endloop = TRUE;
        err = PGPKeyIterRewind( keyiter );
        pgpAssertNoErr(err);
        err = PGPKeyIterNext( keyiter, &key);
        while( key ) {
            PGPInt32 validity;
            PGPUserValue val;

            err = PGPGetKeyIDFromKey( key, &keyid );
            if( err )  {
                pgpShowError( filebPtr, err,__FILE__,__LINE__ );
                goto next;
            }

            err = PGPGetKeyByKeyID( ringSet, &keyid,
                                    kPGPPublicKeyAlgorithm_Invalid, &origkey );

            if( err ) {
                pgpShowError( filebPtr, err,__FILE__,__LINE__ );
                goto next;
            }

            err = PGPGetKeyNumber( key, kPGPKeyPropValidity, &validity);
            pgpAssertNoErr(err);

            err = PGPGetKeyUserVal( key, &val );
            pgpAssertNoErr(err);

            if( (validity > kPGPValidity_Invalid) && ! ((PGPInt32)val &
                    kMark_Trust ) ) /* key has not been processed*/

            {
                PGPUserIDRef userid;
                PGPSize scrap;
                char useridstr[ kPGPMaxUserIDSize ];
                err = PGPGetPrimaryUserID( origkey, &userid );
                pgpAssertNoErr(err);
                err = PGPGetUserIDStringBuffer( userid,
                                                kPGPUserIDPropName, kPGPMaxUserIDSize, useridstr,
                                                &scrap);

                pgpAssertNoErr(err);
                if( pgpGetKeyTrust( origkey ) <= kPGPKeyTrust_Unknown ) {
                    err = pgpShowKeyBrief( filebPtr, key );
                    pgpAssertNoErr(err);
                    err = pgpEditPublicTrustParameter( filebPtr,
                                                       useridstr, key );

                    if( err ) {
                        pgpShowError( filebPtr, err,__FILE__,__LINE__ );
                        goto done;
                    }
                    PGPPropagateTrust( ringSet );
                    PGPSetKeyUserVal( key, (PGPUserValue)( (PGPInt32)val |
                                                           kMark_Trust )); /* key has been processed*/

                    endloop = FALSE;
                }
            }
next:
            err = PGPKeyIterNext( keyiter, &key );
            /*if err, no more*/
        }

        if( endloop == TRUE ) break;
    }
done:
    if( keyiter )
        PGPFreeKeyIter( keyiter );
    if( keylist )
        PGPFreeKeyList( keylist );
    return err;
}
Ejemplo n.º 15
0
PGPError pgpProcessUncertifiedKeys( struct pgpmainBones *mainbPtr,
                                    PGPKeySetRef keyset )
{
    struct pgpfileBones *filebPtr = mainbPtr->filebPtr;
    PGPKeyRef key,origkey;
    PGPKeyID keyid;
    PGPKeyIterRef keyiter = NULL;
    PGPKeyListRef keylist = NULL;
    PGPError err;
    PGPBoolean ask_first_latch = TRUE;

    pgpAssertAddrValid( mainbPtr, struct pgpmainBones );
    pgpAssertAddrValid( mainbPtr->workingRingSet, PGPKeySetRef );

    err = PGPOrderKeySet( keyset, kPGPAnyOrdering, &keylist);
    pgpAssertNoErr(err);
    err = PGPNewKeyIter( keylist, &keyiter );
    pgpAssertNoErr(err);

    /* Sign unverifiable keys by hand */
    err = PGPKeyIterRewind( keyiter );
    pgpAssertNoErr(err);
    err = PGPKeyIterNext( keyiter, &key);
    pgpAssertNoErr(err);
    while( key ) {
        PGPBoolean issec;

        PGPGetKeyBoolean( key, kPGPKeyPropIsSecret, &issec );
        if(issec)
            goto next;

        err = PGPGetKeyIDFromKey( key, &keyid );
        if( IsPGPError(err) )  {
            pgpShowError( filebPtr, err,__FILE__,__LINE__ );
            goto next;
        }
        err = PGPGetKeyByKeyID( mainbPtr->workingRingSet, &keyid,
                                kPGPPublicKeyAlgorithm_Invalid, &origkey );
        if( IsPGPError(err) ) {
            if( err != kPGPError_ItemNotFound )
                pgpShowError( filebPtr, err,__FILE__,__LINE__ );
            goto next;
        }
        /*mainbPtr->workingRingSet=ringSet;*/
        /*mainbPtr->workingGroupSet=NULL;*/
        err=askToSign( mainbPtr, origkey, ask_first_latch );
        switch(err) {
        case kPGPError_NoErr:
            break;
        case kPGPError_UserAbort:
            /*err = kPGPError_NoErr;*/
            goto done;
        case kPGPError_ItemAlreadyExists:
            goto next;
        default:
            pgpShowError( filebPtr, err,__FILE__,__LINE__ );
            goto done;
        }
        ask_first_latch = FALSE; /* should stay false now */
next:
        err = PGPKeyIterNext( keyiter, &key );
        /*if err, there are no more*/
    }
    if( err == kPGPError_EndOfIteration )
        err = kPGPError_NoErr;
done:
    if( keyiter )
        PGPFreeKeyIter( keyiter );
    if( keylist )
        PGPFreeKeyList( keylist );
    return err;
}
Ejemplo n.º 16
0
PGPError KeyIdFilterFromKeySet(	PGPKeySetRef keySet,
								PGPFilterRef* filter)
{
	PGPError		error	= kPGPError_NoErr;
	PGPKeyListRef	list	= kPGPInvalidRef;
	PGPKeyIterRef	iter	= kPGPInvalidRef;
	PGPKeyRef		key		= kPGPInvalidRef;
	PGPFilterRef	aFilter = kPGPInvalidRef;
	PGPFilterRef	idFilter= kPGPInvalidRef;
	PGPKeyID		keyId;

	error = PGPOrderKeySet(	keySet,
							kPGPAnyOrdering,
							&list);

	if( IsntPGPError(error) )
	{
		error = PGPNewKeyIter(	list,
								&iter);

		if(IsntPGPError(error) )
		{
			PGPError iterError = kPGPError_NoErr;

			do
			{
				iterError = PGPKeyIterNext(iter, &key);

				if( IsntPGPError(iterError) )
				{
					error = PGPGetKeyIDFromKey(	key,
												&keyId);

					if( IsntPGPError(error) )
					{
						error = PGPNewSigKeyIDFilter(	g_Context, 
														&keyId, 
														&aFilter );

						if(idFilter == kPGPInvalidRef)
						{
							idFilter = aFilter;
						}
						else
						{
							PGPFilterRef combinedFilter = NULL;

							error = PGPUnionFilters(idFilter,
													aFilter, 
													&combinedFilter);

							idFilter = combinedFilter;
						}
					}
				}

			}while(IsntPGPError(iterError) && IsntPGPError(error));

			PGPFreeKeyIter(iter);
		}

		PGPFreeKeyList(list);
	}


	if( IsntPGPError(error) )
	{
		*filter = idFilter;
	}

	return error;
}