LPSTR __cdecl _pgp_decrypt_key(LPCSTR szEncMsg, LPCSTR pgpKey)
{
#if defined(_WIN64)
return 0;
#else
LPSTR szPlainMsg = 0;
PGPSize dwPlainMsgLen;
PGPUInt32 dwKeys;
PGPKeyDBRef PrivateKeyDB;
if (CheckPGPError(_pgp_import_key(&PrivateKeyDB,pgpKey)))
return 0;
PGPCountKeysInKeyDB(PrivateKeyDB, &dwKeys);
if(dwKeys==0) {
PGPFreeKeyDB(PrivateKeyDB);
return 0;
}
int iTry = 0;
do {
if (!pszPassphrase &&
PGPPassphraseDialog(pgpContext,
PGPOUIOutputPassphrase(pgpContext, &pszPassphrase),
PGPOLastOption(pgpContext)) == kPGPError_UserAbort) {
iTry = 3;
break;
}
PGPError err = PGPDecode(pgpContext,
PGPOInputBuffer(pgpContext, szEncMsg, lstrlen(szEncMsg)),
PGPOAllocatedOutputBuffer(pgpContext, (LPVOID *)&szPlainMsg, 16384, &dwPlainMsgLen),
PGPOKeyDBRef(pgpContext, PrivateKeyDB),
PGPOPassphrase(pgpContext, pszPassphrase),
PGPOLastOption(pgpContext));
if (CheckPGPError(err))
iTry = 3;
else
if (!dwPlainMsgLen) {
PGPFreeData(pszPassphrase);
pszPassphrase = 0;
iTry++;
}
} while(!dwPlainMsgLen && iTry<3);
PGPFreeKeyDB(PrivateKeyDB);
if(iTry == 3) return 0;
LPSTR szMsg = (LPSTR) LocalAlloc(LPTR,dwPlainMsgLen+1);
_pgp_memcpy(szMsg, szPlainMsg, dwPlainMsgLen);
szMsg[dwPlainMsgLen] = 0;
PGPFreeData((LPVOID)szPlainMsg);
return szMsg;
#endif
}
LPSTR __cdecl _pgp_encrypt_keydb(LPCSTR szPlainMsg, PVOID pgpKeyID)
{
#if defined(_WIN64)
return 0;
#else
PGPKeyID *RemoteKeyID = (PGPKeyID *) pgpKeyID;
LPSTR szEncMsg = 0;
PGPSize dwEncMsgLen;
ClearPGPError();
if (!pgpKeyDB)
return 0;
PGPKeyDBObjRef PublicKey;
PGPFindKeyByKeyID(pgpKeyDB, RemoteKeyID, &PublicKey);
PGPError err = PGPEncode(pgpContext,
PGPOInputBuffer(pgpContext, szPlainMsg, lstrlen(szPlainMsg)),
PGPOArmorOutput(pgpContext, TRUE),
PGPOAllocatedOutputBuffer(pgpContext, (LPVOID *)&szEncMsg, 16384, &dwEncMsgLen),
PGPOEncryptToKeyDBObj(pgpContext, PublicKey),
PGPOVersionString(pgpContext, szVersionStr),
PGPOLastOption(pgpContext));
if (CheckPGPError(err))
return 0;
LPSTR szMsg = (LPSTR) LocalAlloc(LPTR,dwEncMsgLen+1);
_pgp_memcpy(szMsg, szEncMsg, dwEncMsgLen);
szMsg[dwEncMsgLen] = 0;
PGPFreeData((LPVOID)szEncMsg);
return szMsg;
#endif
}
PGPError _pgp_import_key(PGPKeyDBRef *keyDB, LPCSTR pgpKey)
{
return PGPImport( pgpContext,
keyDB,
PGPOInputBuffer( pgpContext,
pgpKey,
lstrlen(pgpKey) ),
PGPOLastOption( pgpContext ) );
}
PGPError _pgp_import_key(PGPKeyDBRef *keyDB, LPCSTR pgpKey)
{
#if defined(_WIN64)
return 0;
#else
return PGPImport( pgpContext,
keyDB,
PGPOInputBuffer( pgpContext,
pgpKey,
lstrlen(pgpKey) ),
PGPOLastOption(pgpContext ));
#endif
}
LPSTR __cdecl _pgp_decrypt_keydb(LPCSTR szEncMsg)
{
LPSTR szPlainMsg = 0;
DWORD dwPlainMsgLen;
ClearPGPError();
if(!pgpKeyDB)
return 0;
int iTry = 0;
do {
if (!pszPassphrase &&
PGPPassphraseDialog(pgpContext,
PGPOUIOutputPassphrase(pgpContext, &pszPassphrase),
PGPOLastOption(pgpContext)) == kPGPError_UserAbort) {
iTry = 3;
break;
}
PGPError err = PGPDecode(pgpContext,
PGPOInputBuffer(pgpContext, szEncMsg, lstrlen(szEncMsg)),
PGPOAllocatedOutputBuffer(pgpContext, (LPVOID *)&szPlainMsg, 16384, (PGPUInt32 *)&dwPlainMsgLen),
#if (PGP_WIN32 < 0x700)
PGPOKeySetRef(pgpContext, pgpKeyDB),
#else
PGPOKeyDBRef(pgpContext, pgpKeyDB),
#endif
PGPOPassphrase(pgpContext, pszPassphrase),
PGPOLastOption(pgpContext));
if (CheckPGPError(err))
iTry = 3;
else
if (!dwPlainMsgLen) {
PGPFreeData(pszPassphrase);
pszPassphrase = 0;
iTry++;
}
} while(!dwPlainMsgLen && iTry<3);
if(iTry == 3) return 0;
LPSTR szMsg = (LPSTR) LocalAlloc(LPTR,dwPlainMsgLen+1);
_pgp_memcpy(szMsg, szPlainMsg, dwPlainMsgLen);
szMsg[dwPlainMsgLen] = 0;
PGPFreeData((LPVOID)szPlainMsg);
return szMsg;
}
LPSTR __cdecl _pgp_encrypt_key(LPCSTR szPlainMsg, LPCSTR pgpKey)
{
#if defined(_WIN64)
return 0;
#else
LPSTR szEncMsg = 0;
PGPSize dwEncMsgLen;
PGPUInt32 dwKeys;
PGPKeyDBRef PublicKeyDB;
if (CheckPGPError(_pgp_import_key(&PublicKeyDB,pgpKey)))
return 0;
PGPKeyIterRef KeyIterRef;
PGPNewKeyIterFromKeyDB(PublicKeyDB, &KeyIterRef);
PGPKeyDBObjRef PublicKey;
PGPKeyIterNextKeyDBObj(KeyIterRef, kPGPKeyDBObjType_Key, &PublicKey);
PGPCountKeysInKeyDB(PublicKeyDB, &dwKeys);
if(dwKeys==0) {
PGPFreeKeyIter(KeyIterRef);
PGPFreeKeyDB(PublicKeyDB);
return 0;
}
PGPError err = PGPEncode(pgpContext,
PGPOInputBuffer(pgpContext, szPlainMsg, lstrlen(szPlainMsg)),
PGPOArmorOutput(pgpContext, TRUE),
PGPOAllocatedOutputBuffer(pgpContext, (LPVOID *)&szEncMsg, 16384, &dwEncMsgLen),
PGPOEncryptToKeyDBObj(pgpContext, PublicKey),
PGPOVersionString(pgpContext, szVersionStr),
PGPOLastOption(pgpContext));
PGPFreeKeyIter(KeyIterRef);
PGPFreeKeyDB(PublicKeyDB);
if (CheckPGPError(err))
return 0;
LPSTR szMsg = (LPSTR) LocalAlloc(LPTR,dwEncMsgLen+1);
_pgp_memcpy(szMsg, szEncMsg, dwEncMsgLen);
szMsg[dwEncMsgLen] = 0;
PGPFreeData((LPVOID)szEncMsg);
return szMsg;
#endif
}
LPSTR __cdecl _pgp_encrypt_keydb(LPCSTR szPlainMsg, PVOID pgpKeyID)
{
PGPKeyID *RemoteKeyID = (PGPKeyID *) pgpKeyID;
LPSTR szEncMsg = 0;
DWORD dwEncMsgLen;
ClearPGPError();
if(!pgpKeyDB)
return 0;
#if (PGP_WIN32 < 0x700)
PGPFilterRef IDFilter;
PGPNewKeyIDFilter(pgpContext, RemoteKeyID, &IDFilter);
PGPKeySetRef PublicKey;
PGPFilterKeySet(pgpKeyDB, IDFilter, &PublicKey);
#else
PGPKeyDBObjRef PublicKey;
PGPFindKeyByKeyID(pgpKeyDB, RemoteKeyID, &PublicKey);
#endif
PGPError err = PGPEncode(pgpContext,
PGPOInputBuffer(pgpContext, szPlainMsg, lstrlen(szPlainMsg)),
PGPOArmorOutput(pgpContext, TRUE),
PGPOAllocatedOutputBuffer(pgpContext, (LPVOID *)&szEncMsg, 16384, (PGPUInt32 *)&dwEncMsgLen),
#if (PGP_WIN32 < 0x700)
PGPOEncryptToKeySet(pgpContext, PublicKey),
#else
PGPOEncryptToKeyDBObj(pgpContext, PublicKey),
#endif
PGPOVersionString(pgpContext, szVersionStr),
PGPOLastOption(pgpContext));
#if (PGP_WIN32 < 0x700)
PGPFreeKeySet(PublicKey);
PGPFreeFilter(IDFilter);
#endif
if (CheckPGPError(err))
return 0;
LPSTR szMsg = (LPSTR) LocalAlloc(LPTR,dwEncMsgLen+1);
_pgp_memcpy(szMsg, szEncMsg, dwEncMsgLen);
szMsg[dwEncMsgLen] = 0;
PGPFreeData((LPVOID)szEncMsg);
return szMsg;
}
PGPError AddKeyClipboardStub (MYSTATE *ms)
{
PGPOptionListRef opts;
PGPContextRef context;
char StrRes[100];
PGPError err;
err=kPGPError_NoErr;
context=ms->context;
PGPBuildOptionList(context,&opts,
PGPOInputBuffer(context,ms->pInput,ms->dwInputSize),
PGPOLastOption(context));
LoadString (g_hinst, IDS_CLIPBOARD, StrRes, sizeof(StrRes));
err=GenericAddKey(ms,opts,StrRes);
PGPFreeOptionList(opts);
return err;
}
/*****
*
* verify_signature
*
* Call-out routine used by the CMS library for verifying a signature.
* Parameters and return values defined in CMS docs. This uses the
* PGP SDK. See "PGP Software Developer's Kit, Reference Manual"
* for details on calls used here.
*
*****/
int
x509CMSVerifyCallback (
unsigned char *data,
size_t dataLen,
unsigned char *sigalg,
size_t algLen,
unsigned char *params,
size_t paramLen,
unsigned char *signature,
size_t sigLen,
unsigned char *pubkey,
size_t pubkeyLen,
TC_CERT *issuer,
void *verData,
TC_CONTEXT *ctx)
{
X509CMSCallbackData *pgpData = (X509CMSCallbackData *) verData;
PGPMemoryMgrRef mgrRef;
PGPPublicKeyContextRef publicKey;
PGPHashContextRef hash;
PGPKeySetRef keySet;
PGPKeyListRef klist;
PGPKeyIterRef kiter;
PGPKeyRef mykey;
PGPError err;
PGPByte *certData;
PGPSize certDataLen;
int rtn = -1;
PGPHashAlgorithm hashAlg;
(void) params;
(void) paramLen;
(void) pubkey;
(void) pubkeyLen;
do {
/* check that the algorithm ID is allowed */
/* TODO... */
/* if we dont have the issuer's certificate, we can't verify the
signature. */
/* PGPsdk needs to have a function that takes raw ASN.1 encoded
key material and returns a KeyRef in order to support
verification of PKCS10 requests */
if (!issuer)
break;
/* import the certificate into pgp */
tc_pack_cert (&certData, &certDataLen, issuer, ctx);
/* import the key into a PGP key set */
err = PGPImportKeySet (pgpData->context,
&keySet,
PGPOX509Encoding (pgpData->context, 1),
PGPOInputBuffer (pgpData->context, certData, certDataLen),
PGPOLastOption (pgpData->context));
TC_Free (ctx->memMgr, certData);
if (IsPGPError (err))
break;
/* extract the key into a PGPKeyRef */
err = PGPOrderKeySet (keySet, kPGPAnyOrdering, &klist);
if (IsPGPError (err))
break;
err = PGPNewKeyIter (klist, &kiter);
if (IsPGPError (err))
break;
err = PGPKeyIterNext (kiter, &mykey);
if (IsPGPError (err))
break;
/* create the public key context */
err = PGPNewPublicKeyContext (mykey,
kPGPPublicKeyMessageFormat_X509,
&publicKey);
if (IsPGPError (err))
break;
hashAlg = x509HashAlgorithm (sigalg, algLen);
/* create and calculate the hash, do not finalize hash
for PGPPublicKeyVerify() call */
mgrRef = PGPGetContextMemoryMgr (pgpData->context);
err = PGPNewHashContext (mgrRef, hashAlg, &hash);
if (IsPGPError (err))
break;
err = PGPContinueHash (hash, data, dataLen);
if (IsPGPError (err))
break;
err = PGPPublicKeyVerifySignature (
publicKey, hash, (void *)signature, sigLen);
hash = NULL;
if ( IsPGPError(err) )
break;
rtn = 0;
} while (0);
/* clean-up */
PGPFreeKeyIter(kiter);
PGPFreeKeyList(klist);
PGPFreeKeySet(keySet);
if (hash)
PGPFreeHashContext(hash);
PGPFreePublicKeyContext (publicKey);
return rtn;
} /* verify_signature */
BOOL
KMSplitDropKeys (
PSPLITKEYSTRUCT psks,
HANDLE hMem)
{
PGPKeySetRef keyset = NULL;
PGPKeyListRef keylist = NULL;
PGPKeyIterRef keyiter = NULL;
LPSTR pMem = NULL;
PGPError err;
PGPKeyRef key;
PGPKeyID keyid;
BOOL bKeys;
PGPBoolean bKeyIsUsable;
size_t sLen;
PSHAREHOLDERSTRUCT pshs;
PGPPublicKeyAlgorithm alg;
bKeys = FALSE;
if (hMem) {
pMem = GlobalLock (hMem);
if (pMem) {
sLen = lstrlen (pMem);
err = PGPImportKeySet (psks->pKM->Context, &keyset,
PGPOInputBuffer (psks->pKM->Context, pMem, sLen),
PGPOLastOption (psks->pKM->Context));
if (IsPGPError (err)) goto SplitDropCleanup;
err = PGPOrderKeySet (keyset, kPGPAnyOrdering, &keylist);
if (IsPGPError (err)) goto SplitDropCleanup;
err = PGPNewKeyIter (keylist, &keyiter);
if (IsPGPError (err)) goto SplitDropCleanup;
PGPKeyIterNext (keyiter, &key);
while (key) {
bKeyIsUsable = FALSE;
PGPGetKeyNumber (key, kPGPKeyPropAlgID, &alg);
PGPGetKeyIDFromKey (key, &keyid);
// key must either not be RSA or RSA ops must be enabled
PGPGetKeyBoolean (key, kPGPKeyPropCanEncrypt, &bKeyIsUsable);
// key must not be the same one that is being split
if (alg == psks->keyalgToSplit) {
if (PGPCompareKeyIDs (&keyid, &(psks->keyidToSplit))==0)
bKeyIsUsable = FALSE;
}
// key must not already be in list
if (sIsKeyIDAlreadyInList (&keyid, alg, psks))
bKeyIsUsable = FALSE;
if (bKeyIsUsable) {
bKeys = TRUE;
pshs = KMAlloc (sizeof(SHAREHOLDERSTRUCT));
if (pshs) {
PGPSize size;
pshs->bPublicKey = TRUE;
pshs->pszPassphrase = NULL;
pshs->uShares = 1;
PGPGetPrimaryUserIDNameBuffer (key,
sizeof(pshs->szUserID), pshs->szUserID, &size);
PGPGetKeyIDFromKey (key, &(pshs->keyid));
PGPGetKeyNumber (key,
kPGPKeyPropAlgID, &(pshs->keyalg));
if (sAddShareHolder (psks, pshs,
KMDetermineUserIDIcon (key, NULL, NULL),
psks->hwndList)) {
psks->uTotalShares += pshs->uShares;
SetDlgItemInt (psks->hwndDlg, IDC_TOTALSHARES,
psks->uTotalShares, FALSE);
SendMessage (psks->hwndDlg, WM_COMMAND,
MAKEWPARAM(IDC_THRESHOLD, EN_CHANGE), 0);
}
else {
KMFree (pshs);
}
}
}
PGPKeyIterNext (keyiter, &key);
}
SplitDropCleanup :
if (keyiter)
PGPFreeKeyIter (keyiter);
if (keylist)
PGPFreeKeyList (keylist);
if (keyset)
PGPFreeKeySet (keyset);
if (pMem)
GlobalUnlock (hMem);
}
}
return bKeys;
}
LPSTR __cdecl _pgp_decrypt_key(LPCSTR szEncMsg, LPCSTR pgpKey)
{
LPSTR szPlainMsg = 0;
DWORD dwPlainMsgLen;
PGPUInt32 dwKeys;
#if (PGP_WIN32 < 0x700)
PGPKeySetRef PrivateKeyDB;
if (CheckPGPError(_pgp_import_key(&PrivateKeyDB,pgpKey)))
return 0;
PGPCountKeys(PrivateKeyDB, &dwKeys);
#else
PGPKeyDBRef PrivateKeyDB;
if (CheckPGPError(_pgp_import_key(&PrivateKeyDB,pgpKey)))
return 0;
PGPCountKeysInKeyDB(PrivateKeyDB, &dwKeys);
#endif
if(dwKeys==0) {
#if (PGP_WIN32 < 0x700)
PGPFreeKeySet(PrivateKeyDB);
#else
PGPFreeKeyDB(PrivateKeyDB);
#endif
return 0;
}
int iTry = 0;
do {
if (!pszPassphrase &&
PGPPassphraseDialog(pgpContext,
PGPOUIOutputPassphrase(pgpContext, &pszPassphrase),
PGPOLastOption(pgpContext)) == kPGPError_UserAbort) {
iTry = 3;
break;
}
/*
#if (PGP_WIN32 < 0x700)
PGPKeyListRef PrivateKeyList;
PGPOrderKeySet(PrivateKeyDB, kPGPKeyIDOrdering, &PrivateKeyList);
PGPKeyIterRef KeyIterRef;
PGPNewKeyIter(PrivateKeyList, &KeyIterRef);
PGPKeyRef PrivateKey;
for(int i=0;i<dwKeys;i++) {
PGPKeyIterNext(KeyIterRef, &PrivateKey);
PGPOPassphraseIsValid(PrivateKey,
PGPOPassphrase(pgpContext, pszPassphrase),
PGPOLastOption(pgpContext));
}
PGPFreeKeyList(PrivateKeyList);
PGPFreeKeyIter(KeyIterRef);
#else
PGPKeyIterRef KeyIterRef;
PGPNewKeyIterFromKeyDB(PrivateKeyDB, &KeyIterRef);
PGPKeyDBObjRef KeyDBObjRef;
for(int i=0;i<dwKeys;i++) {
PGPKeyIterNextKeyDBObj(KeyIterRef, kPGPKeyDBObjType_Key, &KeyDBObjRef);
PGPOPassphraseIsValid(PrivateKey,
PGPOPassphrase(pgpContext, pszPassphrase),
PGPOLastOption(pgpContext));
}
PGPFreeKeyIter(KeyIterRef);
#endif
*/
PGPError err = PGPDecode(pgpContext,
PGPOInputBuffer(pgpContext, szEncMsg, lstrlen(szEncMsg)),
PGPOAllocatedOutputBuffer(pgpContext, (LPVOID *)&szPlainMsg, 16384, (PGPUInt32 *)&dwPlainMsgLen),
#if (PGP_WIN32 < 0x700)
PGPOKeySetRef(pgpContext, PrivateKeyDB),
#else
PGPOKeyDBRef(pgpContext, PrivateKeyDB),
#endif
PGPOPassphrase(pgpContext, pszPassphrase),
PGPOLastOption(pgpContext));
if (CheckPGPError(err))
iTry = 3;
else
if (!dwPlainMsgLen) {
PGPFreeData(pszPassphrase);
pszPassphrase = 0;
iTry++;
}
} while(!dwPlainMsgLen && iTry<3);
#if (PGP_WIN32 < 0x700)
PGPFreeKeySet(PrivateKeyDB);
#else
PGPFreeKeyDB(PrivateKeyDB);
#endif
if(iTry == 3) return 0;
LPSTR szMsg = (LPSTR) LocalAlloc(LPTR,dwPlainMsgLen+1);
_pgp_memcpy(szMsg, szPlainMsg, dwPlainMsgLen);
szMsg[dwPlainMsgLen] = 0;
PGPFreeData((LPVOID)szPlainMsg);
return szMsg;
}
void
CCRSVerisignServer::PackageAndSendCRSMessage(
PGPExportFormat inExportFormat,
PGPOutputFormat inOutputFormat,
PGPKeyRef inKey,
PGPKeyRef inSigningKey,
PGPByte * inPassphrase,
PGPSize inPassphraseLength,
PGPBoolean inIsPassphrase,
void ** outBuffer,
PGPSize * outBufferSize)
{
PGPError pgpErr;
StPGPKeySetRef singleKeySet;
StPGPDataRef buffer;
PGPSize bufSize;
StPGPDataRef crsMessage;
PGPSize crsMessageSize;
InitOperation();
if (! PGPKeyRefIsValid(inKey)) {
ThrowPGPError_(kPGPError_OptionNotFound);
}
if (! PGPKeyRefIsValid(inSigningKey)) {
ThrowPGPError_(kPGPError_OptionNotFound);
}
if (NULL==(int)(inPassphrase)) {
ThrowPGPError_(kPGPError_OptionNotFound);
}
pgpErr = PGPNewSingletonKeySet(inKey, &singleKeySet);
ThrowIfPGPError_(pgpErr);
pgpErr = PGPExportKeySet( singleKeySet,
PGPOExportFormat( mContext,
inExportFormat),
PGPOAllocatedOutputBuffer( mContext,
(void **) &buffer,
MAX_PGPSize,
&bufSize),
PGPOLastOption(mContext));
ThrowIfPGPError_(pgpErr);
singleKeySet.Free();
pgpErr = PGPEncode( mContext,
PGPOSignWithKey( mContext,
inSigningKey,
(inIsPassphrase) ?
PGPOPassphraseBuffer(mContext,
inPassphrase, inPassphraseLength) :
PGPOPasskeyBuffer(mContext,
inPassphrase, inPassphraseLength),
PGPOLastOption(mContext)),
PGPOInputBuffer(mContext, static_cast<PGPByte *>(buffer), bufSize),
PGPOAllocatedOutputBuffer( mContext,
(void **) &crsMessage,
MAX_PGPSize,
&crsMessageSize),
PGPOOutputFormat( mContext,
inOutputFormat),
PGPOLastOption(mContext));
ThrowIfPGPError_(pgpErr);
buffer.Free();
*outBufferSize = PostCRSMessage(kPGPKeyServerState_Querying,
(mPath == 0) ? kDefaultPath : mPath,
reinterpret_cast<PGPByte **>(outBuffer),
crsMessageSize,
static_cast<const PGPByte *>(crsMessage));
}
