LPSTR __cdecl _pgp_decrypt_key(LPCSTR szEncMsg, LPCSTR pgpKey)
{
#if defined(_WIN64)
return 0;
#else
LPSTR szPlainMsg = 0;
PGPSize dwPlainMsgLen;
PGPUInt32 dwKeys;
PGPKeyDBRef PrivateKeyDB;
if (CheckPGPError(_pgp_import_key(&PrivateKeyDB,pgpKey)))
return 0;
PGPCountKeysInKeyDB(PrivateKeyDB, &dwKeys);
if(dwKeys==0) {
PGPFreeKeyDB(PrivateKeyDB);
return 0;
}
int iTry = 0;
do {
if (!pszPassphrase &&
PGPPassphraseDialog(pgpContext,
PGPOUIOutputPassphrase(pgpContext, &pszPassphrase),
PGPOLastOption(pgpContext)) == kPGPError_UserAbort) {
iTry = 3;
break;
}
PGPError err = PGPDecode(pgpContext,
PGPOInputBuffer(pgpContext, szEncMsg, lstrlen(szEncMsg)),
PGPOAllocatedOutputBuffer(pgpContext, (LPVOID *)&szPlainMsg, 16384, &dwPlainMsgLen),
PGPOKeyDBRef(pgpContext, PrivateKeyDB),
PGPOPassphrase(pgpContext, pszPassphrase),
PGPOLastOption(pgpContext));
if (CheckPGPError(err))
iTry = 3;
else
if (!dwPlainMsgLen) {
PGPFreeData(pszPassphrase);
pszPassphrase = 0;
iTry++;
}
} while(!dwPlainMsgLen && iTry<3);
PGPFreeKeyDB(PrivateKeyDB);
if(iTry == 3) return 0;
LPSTR szMsg = (LPSTR) LocalAlloc(LPTR,dwPlainMsgLen+1);
_pgp_memcpy(szMsg, szPlainMsg, dwPlainMsgLen);
szMsg[dwPlainMsgLen] = 0;
PGPFreeData((LPVOID)szPlainMsg);
return szMsg;
#endif
}
LPSTR __cdecl _pgp_decrypt_keydb(LPCSTR szEncMsg)
{
LPSTR szPlainMsg = 0;
DWORD dwPlainMsgLen;
ClearPGPError();
if(!pgpKeyDB)
return 0;
int iTry = 0;
do {
if (!pszPassphrase &&
PGPPassphraseDialog(pgpContext,
PGPOUIOutputPassphrase(pgpContext, &pszPassphrase),
PGPOLastOption(pgpContext)) == kPGPError_UserAbort) {
iTry = 3;
break;
}
PGPError err = PGPDecode(pgpContext,
PGPOInputBuffer(pgpContext, szEncMsg, lstrlen(szEncMsg)),
PGPOAllocatedOutputBuffer(pgpContext, (LPVOID *)&szPlainMsg, 16384, (PGPUInt32 *)&dwPlainMsgLen),
#if (PGP_WIN32 < 0x700)
PGPOKeySetRef(pgpContext, pgpKeyDB),
#else
PGPOKeyDBRef(pgpContext, pgpKeyDB),
#endif
PGPOPassphrase(pgpContext, pszPassphrase),
PGPOLastOption(pgpContext));
if (CheckPGPError(err))
iTry = 3;
else
if (!dwPlainMsgLen) {
PGPFreeData(pszPassphrase);
pszPassphrase = 0;
iTry++;
}
} while(!dwPlainMsgLen && iTry<3);
if(iTry == 3) return 0;
LPSTR szMsg = (LPSTR) LocalAlloc(LPTR,dwPlainMsgLen+1);
_pgp_memcpy(szMsg, szPlainMsg, dwPlainMsgLen);
szMsg[dwPlainMsgLen] = 0;
PGPFreeData((LPVOID)szPlainMsg);
return szMsg;
}
PGPError
KMGetConventionalPhrase (
PGPContextRef context,
HWND hwnd,
LPSTR pszPrompt,
LPSTR* ppszPhrase)
{
PGPError err = kPGPError_BadParams;
PGPOptionListRef optionList = kInvalidPGPOptionListRef;
if (!ppszPhrase) return err;
err = PGPBuildOptionList (context, &optionList,
PGPOUIOutputPassphrase (context, ppszPhrase),
PGPOUIParentWindowHandle (context, hwnd),
PGPOLastOption (context));
if (IsntPGPError (err))
{
// If we have a prompt, use it
if (NULL!=(int) (pszPrompt))
{
err = PGPAppendOptionList (optionList,
PGPOUIDialogPrompt (context, pszPrompt),
PGPOLastOption (context));
}
if (IsntPGPError (err))
{
err = PGPConventionalDecryptionPassphraseDialog (context,
optionList,
PGPOLastOption (context));
}
}
if (IsPGPError (err))
{
if (*ppszPhrase)
{
PGPFreeData (*ppszPhrase);
*ppszPhrase = NULL;
}
}
if (PGPOptionListRefIsValid (optionList))
PGPFreeOptionList (optionList);
return err;
}
LPSTR __cdecl _pgp_encrypt_keydb(LPCSTR szPlainMsg, PVOID pgpKeyID)
{
#if defined(_WIN64)
return 0;
#else
PGPKeyID *RemoteKeyID = (PGPKeyID *) pgpKeyID;
LPSTR szEncMsg = 0;
PGPSize dwEncMsgLen;
ClearPGPError();
if (!pgpKeyDB)
return 0;
PGPKeyDBObjRef PublicKey;
PGPFindKeyByKeyID(pgpKeyDB, RemoteKeyID, &PublicKey);
PGPError err = PGPEncode(pgpContext,
PGPOInputBuffer(pgpContext, szPlainMsg, lstrlen(szPlainMsg)),
PGPOArmorOutput(pgpContext, TRUE),
PGPOAllocatedOutputBuffer(pgpContext, (LPVOID *)&szEncMsg, 16384, &dwEncMsgLen),
PGPOEncryptToKeyDBObj(pgpContext, PublicKey),
PGPOVersionString(pgpContext, szVersionStr),
PGPOLastOption(pgpContext));
if (CheckPGPError(err))
return 0;
LPSTR szMsg = (LPSTR) LocalAlloc(LPTR,dwEncMsgLen+1);
_pgp_memcpy(szMsg, szEncMsg, dwEncMsgLen);
szMsg[dwEncMsgLen] = 0;
PGPFreeData((LPVOID)szEncMsg);
return szMsg;
#endif
}
static PGPError
sRevokeKeySplit (
PGPContextRef context,
PGPKeySetRef keyset,
PGPKeyRef key,
PGPByte* passkey,
PGPSize sizePasskey)
{
UINT u;
PGPKeyListRef keylist;
PGPKeyIterRef keyiter;
PGPSubKeyRef subkey;
PGPError err;
err = PGPRevokeKey (key,
PGPOPasskeyBuffer (context, passkey, sizePasskey),
PGPOLastOption (context));
if (IsPGPError (err)) return err;
PGPGetKeyNumber (key, kPGPKeyPropAlgID, &u);
switch (u) {
case kPGPPublicKeyAlgorithm_RSA :
break;
case kPGPPublicKeyAlgorithm_DSA :
PGPOrderKeySet (keyset, kPGPAnyOrdering, &keylist);
PGPNewKeyIter (keylist, &keyiter);
PGPKeyIterSeek (keyiter, key);
PGPKeyIterNextSubKey (keyiter, &subkey);
while (subkey) {
err = PGPRevokeSubKey (subkey,
PGPOPasskeyBuffer (context, passkey, sizePasskey),
PGPOLastOption (context));
PGPKeyIterNextSubKey (keyiter, &subkey);
}
PGPFreeKeyIter (keyiter);
PGPFreeKeyList (keylist);
break;
default :
break;
}
return err;
}
PGPError _pgp_import_key(PGPKeyDBRef *keyDB, LPCSTR pgpKey)
{
return PGPImport( pgpContext,
keyDB,
PGPOInputBuffer( pgpContext,
pgpKey,
lstrlen(pgpKey) ),
PGPOLastOption( pgpContext ) );
}
PGPError
pgpKeyPassphraseCL(
PGPContextRef context,
CPGPKeyPassphraseDialogOptions *options)
{
PGPError err;
GPP gpp;
memset(&gpp,0x00,sizeof(GPP));
gpp.context=context;
gpp.options=options;
char szNameFinal[kPGPMaxUserIDSize];
GetKeyString(options->mDefaultKey, szNameFinal);
fprintf(stdout, "\n%s\n", szNameFinal);
while (1) {
FreePassphrases(&gpp);
gpp.pszPassPhrase = (char *)secAlloc (gpp.context, KEYSIZE);
if (gpp.pszPassPhrase) {
PGPInt32 len = pgpCLGetPass(stdout, gpp.pszPassPhrase, KEYSIZE);
if (len < 0) {
err = kPGPError_UserAbort;
break;
}
*(options->mPassphrasePtr) = gpp.pszPassPhrase;
if (PassphraseLengthAndQualityOK(options,gpp.pszPassPhrase)) {
PGPBoolean PassValid;
PassValid = PGPPassphraseIsValid(options->mDefaultKey,
PGPOPassphrase(context, gpp.pszPassPhrase),
PGPOLastOption(context));
if (PassValid) {
err = kPGPError_NoErr;
break;
} else {
fprintf(stdout, "Wrong passphrase, reenter\n");
}
} else {
ClearPassphrases(&gpp);
FreePassphrases(&gpp);
}
} else {
err = kPGPError_OutOfMemory;
break;
}
}
ClearPassphrases(&gpp);
if (err != kPGPError_NoErr)
FreePassphrases(&gpp);
return(err);
}
PGPError
ValidateSigningPhrase (HWND hDlg,
GPP *gpp,
LPSTR pszPhrase,
PGPKeyRef key)
{
CHAR szName[kPGPMaxUserIDSize];
CHAR sz[128];
CHAR sz2[kPGPMaxUserIDSize + 128];
PGPSize size;
CPGPSigningPassphraseDialogOptions *options;
options=(CPGPSigningPassphraseDialogOptions *)gpp->options;
// does phrase match selected key ?
if (PGPPassphraseIsValid (key,
PGPOPassphrase (gpp->context, pszPhrase),
PGPOLastOption (gpp->context))) {
*(options->mPassphraseKeyPtr) = key;
return kPGPError_NoErr;
}
if(options->mFindMatchingKey)
{
// does phrase match any private key ?
key=GetKeyForPassphrase(options->mKeySet,pszPhrase,TRUE);
if (key!=NULL)
{
// ask user to use other key
LoadString (gPGPsdkUILibInst, IDS_FOUNDMATCHFORPHRASE, sz, sizeof(sz));
PGPGetPrimaryUserIDNameBuffer (key, sizeof(szName), szName, &size);
wsprintf (sz2, sz, szName);
LoadString (gPGPsdkUILibInst, IDS_PGP, sz, sizeof(sz));
if (MessageBox (hDlg, sz2, sz, MB_ICONQUESTION|MB_YESNO) == IDYES)
{
*(options->mPassphraseKeyPtr) = key;
return kPGPError_NoErr;
}
return kPGPError_BadPassphrase;
}
}
// phrase doesn't match any key
PGPsdkUIMessageBox (hDlg,
IDS_PGPERROR,IDS_BADPASSREENTER,
MB_OK|MB_ICONSTOP);
LoadString (gPGPsdkUILibInst, IDS_WRONGPHRASE, sz, sizeof (sz));
SetDlgItemText (hDlg, IDC_PROMPTSTRING, sz);
return kPGPError_BadPassphrase;
}
static PGPError
sSendToServerInternal (
HWND hwndParent,
PGPContextRef context,
PGPtlsContextRef tlsContext,
UINT uServer,
PGPKeyServerEntry* pkeyserver,
LPSTR pszUserID,
PGPKeySetRef keysetMain,
PGPKeySetRef keysetToSend)
{
PGPError err = kPGPError_NoErr;
PGPKeyServerEntry* pentryList = NULL;
PGPKeyServerSpec* pserverList = NULL;
PGPInt32 iNumEntries = 0;
PCLIENTSERVERSTRUCT pcss = NULL;
PGPKeySetRef keysetFailed = kInvalidPGPKeySetRef;
PGPMemoryMgrRef memMgr;
PGPPrefRef clientPrefsRef;
PGPValidatePtr (keysetToSend);
PGPValidatePtr (context);
PGPValidatePtr (pszUserID);
memMgr=PGPGetContextMemoryMgr(context);
err=PGPclOpenClientPrefs (memMgr,&clientPrefsRef);
if(IsntPGPError(err))
{
err=CLInitKeyServerPrefs(uServer,pkeyserver,
hwndParent,context,keysetMain,clientPrefsRef,pszUserID,
&pcss,&pentryList,&pserverList,&iNumEntries);
PGPclCloseClientPrefs (clientPrefsRef, FALSE);
}
if (IsntPGPError (err))
{
err = PGPSendToKeyServerDialog (context, &(pserverList[0]),
tlsContext, keysetToSend, &keysetFailed,
PGPOUIParentWindowHandle (context, hwndParent),
PGPOLastOption (context));
if (PGPKeySetRefIsValid (keysetFailed))
PGPFreeKeySet (keysetFailed);
}
CLUninitKeyServerPrefs(uServer,
pcss,pentryList,pserverList,iNumEntries);
return err;
}
PGPError _pgp_import_key(PGPKeyDBRef *keyDB, LPCSTR pgpKey)
{
#if defined(_WIN64)
return 0;
#else
return PGPImport( pgpContext,
keyDB,
PGPOInputBuffer( pgpContext,
pgpKey,
lstrlen(pgpKey) ),
PGPOLastOption(pgpContext ));
#endif
}
static PGPError
sQueryServerInternal (
HWND hwndParent,
PGPContextRef context,
PGPtlsContextRef tlsContext,
PGPOptionListRef optionSearch,
UINT uServer,
LPSTR pszUserID,
PGPKeySetRef keysetMain,
PGPKeySetRef* pkeysetResult)
{
PGPError err = kPGPError_NoErr;
PGPKeyServerEntry* pentryList = NULL;
PGPKeyServerSpec* pserverList = NULL;
PGPInt32 iNumEntries = 0;
PCLIENTSERVERSTRUCT pcss = NULL;
PGPMemoryMgrRef memMgr;
PGPPrefRef clientPrefsRef;
PGPValidatePtr (pkeysetResult);
PGPValidatePtr (context);
PGPValidatePtr (pszUserID);
memMgr=PGPGetContextMemoryMgr(context);
err=PGPclOpenClientPrefs (memMgr,&clientPrefsRef);
if(IsntPGPError(err))
{
err=CLInitKeyServerPrefs(uServer,NULL,
hwndParent,context,keysetMain,clientPrefsRef,pszUserID,
&pcss,&pentryList,&pserverList,&iNumEntries);
PGPclCloseClientPrefs (clientPrefsRef, FALSE);
}
if (IsntPGPError (err))
{
err = PGPSearchKeyServerDialog (context, iNumEntries,
pserverList, tlsContext,
FALSE, pkeysetResult, optionSearch,
PGPOUIParentWindowHandle (context, hwndParent),
PGPOLastOption (context));
}
CLUninitKeyServerPrefs(uServer,
pcss,pentryList,pserverList,iNumEntries);
return err;
}
LPSTR __cdecl _pgp_encrypt_key(LPCSTR szPlainMsg, LPCSTR pgpKey)
{
#if defined(_WIN64)
return 0;
#else
LPSTR szEncMsg = 0;
PGPSize dwEncMsgLen;
PGPUInt32 dwKeys;
PGPKeyDBRef PublicKeyDB;
if (CheckPGPError(_pgp_import_key(&PublicKeyDB,pgpKey)))
return 0;
PGPKeyIterRef KeyIterRef;
PGPNewKeyIterFromKeyDB(PublicKeyDB, &KeyIterRef);
PGPKeyDBObjRef PublicKey;
PGPKeyIterNextKeyDBObj(KeyIterRef, kPGPKeyDBObjType_Key, &PublicKey);
PGPCountKeysInKeyDB(PublicKeyDB, &dwKeys);
if(dwKeys==0) {
PGPFreeKeyIter(KeyIterRef);
PGPFreeKeyDB(PublicKeyDB);
return 0;
}
PGPError err = PGPEncode(pgpContext,
PGPOInputBuffer(pgpContext, szPlainMsg, lstrlen(szPlainMsg)),
PGPOArmorOutput(pgpContext, TRUE),
PGPOAllocatedOutputBuffer(pgpContext, (LPVOID *)&szEncMsg, 16384, &dwEncMsgLen),
PGPOEncryptToKeyDBObj(pgpContext, PublicKey),
PGPOVersionString(pgpContext, szVersionStr),
PGPOLastOption(pgpContext));
PGPFreeKeyIter(KeyIterRef);
PGPFreeKeyDB(PublicKeyDB);
if (CheckPGPError(err))
return 0;
LPSTR szMsg = (LPSTR) LocalAlloc(LPTR,dwEncMsgLen+1);
_pgp_memcpy(szMsg, szEncMsg, dwEncMsgLen);
szMsg[dwEncMsgLen] = 0;
PGPFreeData((LPVOID)szEncMsg);
return szMsg;
#endif
}
LPSTR __cdecl _pgp_encrypt_keydb(LPCSTR szPlainMsg, PVOID pgpKeyID)
{
PGPKeyID *RemoteKeyID = (PGPKeyID *) pgpKeyID;
LPSTR szEncMsg = 0;
DWORD dwEncMsgLen;
ClearPGPError();
if(!pgpKeyDB)
return 0;
#if (PGP_WIN32 < 0x700)
PGPFilterRef IDFilter;
PGPNewKeyIDFilter(pgpContext, RemoteKeyID, &IDFilter);
PGPKeySetRef PublicKey;
PGPFilterKeySet(pgpKeyDB, IDFilter, &PublicKey);
#else
PGPKeyDBObjRef PublicKey;
PGPFindKeyByKeyID(pgpKeyDB, RemoteKeyID, &PublicKey);
#endif
PGPError err = PGPEncode(pgpContext,
PGPOInputBuffer(pgpContext, szPlainMsg, lstrlen(szPlainMsg)),
PGPOArmorOutput(pgpContext, TRUE),
PGPOAllocatedOutputBuffer(pgpContext, (LPVOID *)&szEncMsg, 16384, (PGPUInt32 *)&dwEncMsgLen),
#if (PGP_WIN32 < 0x700)
PGPOEncryptToKeySet(pgpContext, PublicKey),
#else
PGPOEncryptToKeyDBObj(pgpContext, PublicKey),
#endif
PGPOVersionString(pgpContext, szVersionStr),
PGPOLastOption(pgpContext));
#if (PGP_WIN32 < 0x700)
PGPFreeKeySet(PublicKey);
PGPFreeFilter(IDFilter);
#endif
if (CheckPGPError(err))
return 0;
LPSTR szMsg = (LPSTR) LocalAlloc(LPTR,dwEncMsgLen+1);
_pgp_memcpy(szMsg, szEncMsg, dwEncMsgLen);
szMsg[dwEncMsgLen] = 0;
PGPFreeData((LPVOID)szEncMsg);
return szMsg;
}
PGPError AddKeyFileListStub (MYSTATE *ms)
{
PGPContextRef context;
PGPFileSpecRef inref;
PGPOptionListRef opts;
FILELIST *FileCurrent;
PGPError err;
err=kPGPError_NoErr;
context=ms->context;
FileCurrent=ms->ListHead;
while(!(SCGetProgressCancel(ms->hPrgDlg))&&(FileCurrent!=0)&&(IsntPGPError(err)))
{
if(FileCurrent->IsDirectory)
{
FileCurrent=FileCurrent->next;
continue;
}
PGPNewFileSpecFromFullPath (context,
FileCurrent->name, &inref);
PGPBuildOptionList(context,&opts,
PGPOInputFile(context,inref),
PGPOLastOption(context));
err=GenericAddKey(ms,opts,FileCurrent->name);
PGPFreeOptionList(opts);
PGPFreeFileSpec( inref );
FileCurrent=FileCurrent->next;
}
return err;
}
PGPError GenericAddKey(MYSTATE *ms,
PGPOptionListRef opts,
char *OperationTarget)
{
PGPKeySetRef AddKeySet;
PGPContextRef context;
PGPError err;
err=kPGPError_NoErr;
context=ms->context;
ms->fileName=OperationTarget;
if(ms->Operation!=MS_ADDKEYCLIPBOARD)
SCSetProgressNewFilename(ms->hPrgDlg,"From '%s'",ms->fileName,TRUE);
err=PGPImportKeySet(context,&AddKeySet,
opts,
PGPOSendNullEvents(context,75),
PGPOEventHandler(context,AddEvents,ms),
PGPOLastOption(context));
SCSetProgressBar(ms->hPrgDlg,100,TRUE);
if(IsntPGPError(err))
{
PGPUInt32 numKeys;
PGPCountKeys( AddKeySet, &numKeys);
if ( numKeys > 0)
{
err=PGPclQueryAddKeys (context,
ms->tlsContext,ms->hwndWorking,AddKeySet,NULL);
}
PGPFreeKeySet (AddKeySet);
}
return err;
}
PVOID __cdecl _pgp_select_keyid(HWND hDlg,LPSTR szKeyID)
{
#if defined(_WIN64)
return 0;
#else
PGPKeyDBRef ContactKeyDB;
PGPError err;
err = PGPRecipientDialog(pgpContext, pgpKeyDB, TRUE, &ContactKeyDB,
PGPOUIParentWindowHandle(pgpContext, hDlg),
PGPOUIWindowTitle(pgpContext, "Select Contact's Key"),
PGPOLastOption(pgpContext));
if (err == kPGPError_UserAbort)
return 0;
PGPUInt32 dwKeys;
PGPCountKeysInKeyDB(ContactKeyDB, &dwKeys);
if (!dwKeys)
return 0;
if (dwKeys > 1)
MessageBox(hDlg, "You selected more than one key. Only the first key will be used.", szModuleName, MB_ICONINFORMATION);
static PGPKeyID KeyID;
PGPKeyIterRef KeyIterRef;
PGPNewKeyIterFromKeyDB(ContactKeyDB, &KeyIterRef);
PGPKeyDBObjRef KeyDBObjRef;
PGPKeyIterNextKeyDBObj(KeyIterRef, kPGPKeyDBObjType_Key, &KeyDBObjRef);
PGPSize dwFilled;
PGPGetKeyDBObjDataProperty(KeyDBObjRef, kPGPKeyProperty_KeyID, &KeyID, sizeof(PGPKeyID), &dwFilled);
PGPGetKeyIDString(&KeyID, kPGPKeyIDString_Abbreviated, szKeyID);
PGPFreeKeyIter(KeyIterRef);
PGPFreeKeyDB(ContactKeyDB);
return (PVOID)&KeyID;
#endif
}
PGPError AddKeyClipboardStub (MYSTATE *ms)
{
PGPOptionListRef opts;
PGPContextRef context;
char StrRes[100];
PGPError err;
err=kPGPError_NoErr;
context=ms->context;
PGPBuildOptionList(context,&opts,
PGPOInputBuffer(context,ms->pInput,ms->dwInputSize),
PGPOLastOption(context));
LoadString (g_hinst, IDS_CLIPBOARD, StrRes, sizeof(StrRes));
err=GenericAddKey(ms,opts,StrRes);
PGPFreeOptionList(opts);
return err;
}
PGPError
ValidateSigningPhrase (GPP *gpp, char * pszPhrase, PGPKeyRef key)
{
char szName[kPGPMaxUserIDSize];
char sz[128];
char sz2[kPGPMaxUserIDSize + 128];
PGPSize size;
CPGPSigningPassphraseDialogOptions *options;
options = (CPGPSigningPassphraseDialogOptions *)gpp->options;
// does phrase match selected key ?
if (PGPPassphraseIsValid (key,
PGPOPassphrase (gpp->context, pszPhrase),
PGPOLastOption (gpp->context))) {
*(options->mPassphraseKeyPtr) = key;
return kPGPError_NoErr;
}
if (options->mFindMatchingKey) {
// does phrase match any private key ?
key=GetKeyForPassphrase(options->mKeySet,pszPhrase,TRUE);
if (key != NULL) {
// ask user to use other key
PGPGetPrimaryUserIDNameBuffer (key, sizeof(szName), szName, &size);
sprintf (sz2, sz, szName);
return kPGPError_BadPassphrase;
}
}
// phrase doesn't match any key
printf("Bad Passphrase: Please re-enter\n");
return kPGPError_BadPassphrase;
}
LPSTR __cdecl _pgp_decrypt_key(LPCSTR szEncMsg, LPCSTR pgpKey)
{
LPSTR szPlainMsg = 0;
DWORD dwPlainMsgLen;
PGPUInt32 dwKeys;
#if (PGP_WIN32 < 0x700)
PGPKeySetRef PrivateKeyDB;
if (CheckPGPError(_pgp_import_key(&PrivateKeyDB,pgpKey)))
return 0;
PGPCountKeys(PrivateKeyDB, &dwKeys);
#else
PGPKeyDBRef PrivateKeyDB;
if (CheckPGPError(_pgp_import_key(&PrivateKeyDB,pgpKey)))
return 0;
PGPCountKeysInKeyDB(PrivateKeyDB, &dwKeys);
#endif
if(dwKeys==0) {
#if (PGP_WIN32 < 0x700)
PGPFreeKeySet(PrivateKeyDB);
#else
PGPFreeKeyDB(PrivateKeyDB);
#endif
return 0;
}
int iTry = 0;
do {
if (!pszPassphrase &&
PGPPassphraseDialog(pgpContext,
PGPOUIOutputPassphrase(pgpContext, &pszPassphrase),
PGPOLastOption(pgpContext)) == kPGPError_UserAbort) {
iTry = 3;
break;
}
/*
#if (PGP_WIN32 < 0x700)
PGPKeyListRef PrivateKeyList;
PGPOrderKeySet(PrivateKeyDB, kPGPKeyIDOrdering, &PrivateKeyList);
PGPKeyIterRef KeyIterRef;
PGPNewKeyIter(PrivateKeyList, &KeyIterRef);
PGPKeyRef PrivateKey;
for(int i=0;i<dwKeys;i++) {
PGPKeyIterNext(KeyIterRef, &PrivateKey);
PGPOPassphraseIsValid(PrivateKey,
PGPOPassphrase(pgpContext, pszPassphrase),
PGPOLastOption(pgpContext));
}
PGPFreeKeyList(PrivateKeyList);
PGPFreeKeyIter(KeyIterRef);
#else
PGPKeyIterRef KeyIterRef;
PGPNewKeyIterFromKeyDB(PrivateKeyDB, &KeyIterRef);
PGPKeyDBObjRef KeyDBObjRef;
for(int i=0;i<dwKeys;i++) {
PGPKeyIterNextKeyDBObj(KeyIterRef, kPGPKeyDBObjType_Key, &KeyDBObjRef);
PGPOPassphraseIsValid(PrivateKey,
PGPOPassphrase(pgpContext, pszPassphrase),
PGPOLastOption(pgpContext));
}
PGPFreeKeyIter(KeyIterRef);
#endif
*/
PGPError err = PGPDecode(pgpContext,
PGPOInputBuffer(pgpContext, szEncMsg, lstrlen(szEncMsg)),
PGPOAllocatedOutputBuffer(pgpContext, (LPVOID *)&szPlainMsg, 16384, (PGPUInt32 *)&dwPlainMsgLen),
#if (PGP_WIN32 < 0x700)
PGPOKeySetRef(pgpContext, PrivateKeyDB),
#else
PGPOKeyDBRef(pgpContext, PrivateKeyDB),
#endif
PGPOPassphrase(pgpContext, pszPassphrase),
PGPOLastOption(pgpContext));
if (CheckPGPError(err))
iTry = 3;
else
if (!dwPlainMsgLen) {
PGPFreeData(pszPassphrase);
pszPassphrase = 0;
iTry++;
}
} while(!dwPlainMsgLen && iTry<3);
#if (PGP_WIN32 < 0x700)
PGPFreeKeySet(PrivateKeyDB);
#else
PGPFreeKeyDB(PrivateKeyDB);
#endif
if(iTry == 3) return 0;
LPSTR szMsg = (LPSTR) LocalAlloc(LPTR,dwPlainMsgLen+1);
_pgp_memcpy(szMsg, szPlainMsg, dwPlainMsgLen);
szMsg[dwPlainMsgLen] = 0;
PGPFreeData((LPVOID)szPlainMsg);
return szMsg;
}
int
pkcs7DecryptCallback (
unsigned char **msg, /* [OUT] decrypted data */
size_t *msgLen, /* [OUT] decrypted data len */
const char *contentEncAlg, /* [IN] data encrypted alg */
PKIANY *param, /* [IN] data encryption
parameter (e.g.,
initialization vector) */
PKIEncryptedContent *content, /* [IN] encrypted data */
const char *keyEncAlg, /* [IN] key encryption alg */
PKIEncryptedKey *enckey, /* [IN] encrypted key */
PKICertificate *cert, /* [IN] key to decrypt with */
void *data, /* [IN] callback data
(optional) */
PKICONTEXT *asnmem
)
{
X509CMSCallbackData *pgpData = (X509CMSCallbackData *) data;
PGPError err;
PGPSize decmax;
PGPByte *encKeyData;
PGPMemoryMgrRef mem;
PGPCipherAlgorithm symKeyAlg;
PGPSymmetricCipherContextRef cipherRef;
PGPCBCContextRef cbcRef;
PGPPrivateKeyContextRef privKey;
PGPSize keySize;
PGPSize blockSize;
PGPOptionListRef pass;
PKIOCTET_STRING *iv;
int e = 0;
size_t pad;
(void) keyEncAlg;
(void) cert;
*msg = NULL;
*msgLen = 0;
if (!strcmp (contentEncAlg, SM_OID_ALG_3DES))
symKeyAlg = kPGPCipherAlgorithm_3DES;
else
{
/* unsupported algorithm */
return PKCS7_ERROR_CALLBACK;
}
/* decrypt the encrypted session key with our private key */
PGPCopyOptionList (pgpData->passphrase, &pass);
err = PGPNewPrivateKeyContext (pgpData->key,
kPGPPublicKeyMessageFormat_PKCS1,
&privKey,
pass,
PGPOLastOption (pgpData->context));
if (IsPGPError (err))
return PKCS7_ERROR_CALLBACK;
err = PGPGetPrivateKeyOperationSizes (privKey, &decmax, NULL, NULL);
if (IsPGPError (err))
{
err = PGPFreePrivateKeyContext (privKey);
return PKCS7_ERROR_CALLBACK;
}
mem = PGPGetContextMemoryMgr (pgpData->context);
encKeyData = PGPNewSecureData (mem, decmax, 0);
err = PGPPrivateKeyDecrypt (privKey,
enckey->val,
enckey->len,
encKeyData,
&decmax);
if (IsPGPError (err))
{
PGPFreeData (encKeyData);
err = PGPFreePrivateKeyContext (privKey);
return PKCS7_ERROR_CALLBACK;
}
err = PGPFreePrivateKeyContext (privKey);
/* unpack the parameters for the decryption (IV) */
PKIUnpackOCTET_STRING (asnmem, &iv, param->val, param->len, &e);
if (e)
{
PGPFreeData (encKeyData);
return PKCS7_ERROR_CALLBACK;
}
/* now decrypt the message data with the extracted key */
err = PGPNewSymmetricCipherContext (mem, symKeyAlg, decmax, &cipherRef);
if (IsPGPError (err))
{
PGPFreeData (encKeyData);
PKIFreeOCTET_STRING (asnmem, iv);
return PKCS7_ERROR_CALLBACK;
}
err = PGPGetSymmetricCipherSizes (cipherRef, &keySize, &blockSize);
if (IsPGPError (err))
{
PGPFreeData (encKeyData);
PKIFreeOCTET_STRING (asnmem, iv);
err = PGPFreeSymmetricCipherContext (cipherRef);
return PKCS7_ERROR_CALLBACK;
}
err = PGPNewCBCContext (cipherRef, &cbcRef);
if (IsPGPError (err))
{
PGPFreeData (encKeyData);
err = PGPFreeSymmetricCipherContext (cipherRef);
PKIFreeOCTET_STRING (asnmem, iv);
return PKCS7_ERROR_CALLBACK;
}
err = PGPInitCBC (cbcRef, encKeyData, iv->val);
if (IsPGPError (err))
{
err = PGPFreeCBCContext (cbcRef);
PKIFreeOCTET_STRING (asnmem, iv);
PGPFreeData (encKeyData);
return PKCS7_ERROR_CALLBACK;
}
PKIFreeOCTET_STRING (asnmem, iv);
PGPFreeData (encKeyData);
*msgLen = content->len;
*msg = PKIAlloc (asnmem->memMgr, content->len);
err = PGPCBCDecrypt (cbcRef, content->val, content->len, *msg);
if (IsPGPError (err))
{
PKIFree (asnmem->memMgr, *msg);
*msg = NULL;
*msgLen = 0;
err = PGPFreeCBCContext (cbcRef);
return PKCS7_ERROR_CALLBACK;
}
/* remove PKCS7 padding in last block */
pad = *(*msg + *msgLen - 1);
if (pad < 1 || pad > blockSize)
return PKCS7_ERROR_CALLBACK; /* invalid pad, decryption failed */
*msgLen -= pad;
return PKCS7_OK;
}
int
pkcs7SignCallback (
PKIOCTET_STRING *sigValue, /* OUT */
const char *hashAlgorithm,
const char *signatureAlgorithm,
PKICertificate *signerCertificate,
unsigned char *tbs,
size_t tbsLen,
void *data,
PKICONTEXT *asnmem)
{
PGPError err;
PGPHashContextRef hash;
PGPHashAlgorithm algid;
PGPPrivateKeyContextRef privkey;
X509CMSCallbackData *pgpData = (X509CMSCallbackData *) data;
PGPMemoryMgrRef mem;
PGPOptionListRef pass;
(void) signatureAlgorithm;
(void) signerCertificate;
if (!strcmp (SM_OID_ALG_MD5, hashAlgorithm))
algid = kPGPHashAlgorithm_MD5;
else if (!strcmp (SM_OID_ALG_SHA, hashAlgorithm))
algid = kPGPHashAlgorithm_SHA;
else
return PKCS7_ERROR_HASH_ALG;
mem = PGPGetContextMemoryMgr (pgpData->context);
err = PGPNewHashContext (mem, algid, &hash);
if (IsPGPError (err))
return PKCS7_ERROR_SIGN_CALLBACK;
err = PGPContinueHash (hash, tbs, tbsLen);
if (IsPGPError (err))
{
err = PGPFreeHashContext (hash);
return PKCS7_ERROR_SIGN_CALLBACK;
}
PGPCopyOptionList (pgpData->passphrase, &pass);
err = PGPNewPrivateKeyContext (pgpData->key,
kPGPPublicKeyMessageFormat_X509,
&privkey,
pass,
PGPOLastOption (pgpData->context));
if (IsPGPError (err))
{
err = PGPFreeHashContext (hash);
return PKCS7_ERROR_SIGN_CALLBACK;
}
err = PGPGetPrivateKeyOperationSizes (privkey, NULL, NULL, &sigValue->len);
if (IsPGPError (err))
{
err = PGPFreeHashContext (hash);
err = PGPFreePrivateKeyContext (privkey);
return PKCS7_ERROR_SIGN_CALLBACK;
}
sigValue->val = PKIAlloc (asnmem->memMgr, sigValue->len);
err = PGPPrivateKeySign (privkey, hash, sigValue->val, &sigValue->len);
if (IsPGPError (err))
{
PKIFree (asnmem->memMgr, sigValue->val);
sigValue->val = NULL;
sigValue->len = 0;
err = PGPFreeHashContext (hash);
err = PGPFreePrivateKeyContext (privkey);
return PKCS7_ERROR_HASH_CALLBACK;
}
err = PGPFreePrivateKeyContext (privkey);
return PKCS7_OK;
}
BOOL CALLBACK
pgpKeyPassphraseDlgProc (
HWND hDlg,
UINT uMsg,
WPARAM wParam,
LPARAM lParam)
{
CPGPKeyPassphraseDialogOptions *options;
GPP *gpp;
INT i;
DWORD Common;
Common=DoCommonCalls (hDlg,uMsg,wParam,lParam);
if(Common)
return Common;
switch (uMsg)
{
case WM_INITDIALOG:
{
RECT rc;
int iTextWidth;
HDC hdc;
char szNameFinal[kPGPMaxUserIDSize];
gpp=(GPP *)GetWindowLong (hDlg, GWL_USERDATA);
options = (CPGPKeyPassphraseDialogOptions *)
gpp->options;
gpp->iNextTabControl = IDOK;
gpp->wpOrigPhrase1Proc = (WNDPROC) SetWindowLong(
GetDlgItem(hDlg, IDC_PHRASE1),
GWL_WNDPROC,
(LONG) PhraseSubclassProc);
GetClientRect(GetDlgItem(hDlg,IDC_KEYNAME), &rc);
iTextWidth = rc.right-rc.left;
hdc = GetDC (GetDlgItem(hDlg,IDC_KEYNAME));
GetKeyString(hdc,iTextWidth,options->mDefaultKey,szNameFinal);
SetWindowText(GetDlgItem(hDlg,IDC_KEYNAME),szNameFinal);
ReleaseDC (GetDlgItem (hDlg, IDC_KEYNAME), hdc);
gpp->hwndOptionsControl=DisplayOptions(hDlg,options->mDialogOptions,130);
return FALSE;
}
case WM_COMMAND:
{
gpp=(GPP *)GetWindowLong (hDlg, GWL_USERDATA);
options = (CPGPKeyPassphraseDialogOptions *)
gpp->options;
switch (LOWORD (wParam))
{
case IDOK:
{
PGPBoolean PassValid;
FreePassphrases(gpp);
i = SendDlgItemMessage (hDlg, IDC_PHRASE1,
WM_GETTEXTLENGTH, 0, 0) +1;
gpp->szDummy = (char *)secAlloc (gpp->context, i);
if(gpp->szDummy)
{
gpp->pszPassPhrase = (char *)secAlloc (gpp->context, i);
if (gpp->pszPassPhrase)
{
GetDlgItemText (hDlg, IDC_PHRASE1, gpp->szDummy, i);
if(PassphraseLengthAndQualityOK(hDlg,options,gpp->pszPassPhrase))
{
if(!options->mVerifyPassphrase)
{
ClearPassphrases(hDlg,gpp);
SaveOptionSettings(gpp->hwndOptionsControl);
EndDialog (hDlg, kPGPError_NoErr);
break;
}
PassValid=PGPPassphraseIsValid (options->mDefaultKey,
PGPOPassphrase (gpp->context, gpp->pszPassPhrase),
PGPOLastOption (gpp->context));
if(PassValid)
{
ClearPassphrases(hDlg,gpp);
SaveOptionSettings(gpp->hwndOptionsControl);
EndDialog (hDlg, kPGPError_NoErr);
break;
}
else
{
PGPsdkUIMessageBox (hDlg,
IDS_PGPERROR,IDS_BADPASSREENTER,
MB_OK|MB_ICONSTOP);
}
}
// Bad passphrase/quality
ClearPassphrases(hDlg,gpp);
FreePassphrases(gpp);
break;
}
}
// Couldn't allocate passphrases
ClearPassphrases(hDlg,gpp);
FreePassphrases(gpp);
EndDialog (hDlg, kPGPError_OutOfMemory);
break;
}
}
}
break;
}
return FALSE;
}
PluginError PerformTranslation(
short trans_id,
char* in_file,
char* out_file,
char** addresses,
emsMIMEtypeP in_mime,
emsMIMEtypeP* out_mime
)
{
PluginError pluginReturn = EMSR_UNKNOWN_FAIL;
BOOL bSign = FALSE;
PGPError error = 0;
PGPSize mimeBodyOffset = 0;
char szExe[256];
char szDll[256];
assert(in_file);
assert(out_file);
LoadString(g_hinst, IDS_EXE, szExe, sizeof(szExe));
LoadString(g_hinst, IDS_DLL, szDll, sizeof(szDll));
switch( trans_id )
{
case kEncryptTranslatorID:
case kSignTranslatorID:
case kEncryptAndSignTranslatorID:
{
char** RecipientList = NULL;
unsigned long numRecipients = 0;
PGPOptionListRef pgpOptions = NULL;
PGPOptionListRef signOptions = NULL;
char mimeSeparator[kPGPMimeSeparatorSize];
PRECIPIENTDIALOGSTRUCT prds = NULL;
// allocate a recipient dialog structure
prds = (PRECIPIENTDIALOGSTRUCT)
calloc(sizeof(RECIPIENTDIALOGSTRUCT), 1);
if(prds)
{
char szTitle[256] = {0x00}; // title for recipient dialog
UINT recipientReturn = FALSE; // recipient dialog result
error = PGPsdkLoadDefaultPrefs(g_pgpContext);
if (IsPGPError(error))
{
PGPclEncDecErrorBox(g_hwndEudoraMainWindow, error);
return EMSR_UNKNOWN_FAIL;
}
error = PGPOpenDefaultKeyRings(g_pgpContext,
(PGPKeyRingOpenFlags)0,
&(prds->OriginalKeySetRef));
if (IsPGPError(error))
{
PGPclEncDecErrorBox(g_hwndEudoraMainWindow, error);
return EMSR_UNKNOWN_FAIL;
}
if ((trans_id == kEncryptTranslatorID) ||
(trans_id == kEncryptAndSignTranslatorID))
{
if(addresses) // do we have addresses to pass along
{
numRecipients = CreateRecipientList(addresses,
&RecipientList);
}
LoadString(GetModuleHandle("PGPplugin.dll"),
IDS_TITLE_RECIPIENTDIALOG, szTitle, sizeof(szTitle));
prds->Context = g_pgpContext;
prds->tlsContext = g_tlsContext;
prds->Version = CurrentPGPrecipVersion;
prds->hwndParent = g_hwndEudoraMainWindow;
prds->szTitle = szTitle;
prds->dwOptions = PGPCL_ASCIIARMOR;
prds->dwDisableFlags = PGPCL_DISABLE_WIPEORIG |
PGPCL_DISABLE_ASCIIARMOR |
PGPCL_DISABLE_SDA;
prds->dwNumRecipients = numRecipients;
prds->szRecipientArray = RecipientList;
/* Disable FYEO if there's an attachment or HTML */
if (in_mime && !match_mime_type(in_mime, "text", "plain"))
prds->dwDisableFlags |= PGPCL_DISABLE_FYEO;
// If shift is pressed, force the dialog to pop.
if (GetAsyncKeyState( VK_CONTROL) & 0x8000)
prds->dwDisableFlags|=PGPCL_DISABLE_AUTOMODE;
// See who we wish to encrypt this to
recipientReturn = PGPclRecipientDialog( prds );
if (prds->AddedKeys != NULL)
{
PGPUInt32 numKeys;
PGPCountKeys(prds->AddedKeys, &numKeys);
if (numKeys > 0)
PGPclQueryAddKeys(g_pgpContext, g_tlsContext,
g_hwndEudoraMainWindow, prds->AddedKeys,
NULL);
PGPFreeKeySet(prds->AddedKeys);
prds->AddedKeys = NULL;
}
if (!recipientReturn)
{
if (RecipientList)
FreeRecipientList(RecipientList, numRecipients);
if (prds->SelectedKeySetRef != NULL)
PGPFreeKeySet(prds->SelectedKeySetRef);
PGPFreeKeySet(prds->OriginalKeySetRef);
free(prds);
return EMSR_UNKNOWN_FAIL;
}
}
if( IsntPGPError(error) )
{
error = PGPBuildOptionList(g_pgpContext, &pgpOptions,
PGPOOutputLineEndType(g_pgpContext,
kPGPLineEnd_CRLF),
PGPOPGPMIMEEncoding(g_pgpContext,
TRUE,
&mimeBodyOffset,
mimeSeparator),
PGPOLastOption(g_pgpContext) );
}
if(IsntPGPError( error))
{
error = EncryptSignFile(g_hinst, g_hwndEudoraMainWindow,
g_pgpContext, g_tlsContext, szExe,
szDll, in_file, prds, pgpOptions,
&signOptions, out_file,
((trans_id ==
kSignTranslatorID) ? FALSE : TRUE ),
((trans_id ==
kEncryptTranslatorID) ? FALSE : TRUE ),
FALSE);
PGPFreeOptionList(pgpOptions);
PGPFreeOptionList(signOptions);
}
else
{
PGPclEncDecErrorBox (NULL, error);
}
if (RecipientList)
FreeRecipientList(RecipientList, numRecipients);
if (prds->SelectedKeySetRef != NULL)
PGPFreeKeySet(prds->SelectedKeySetRef);
PGPFreeKeySet(prds->OriginalKeySetRef);
free(prds);
if( IsntPGPError(error) )
{
if( out_mime )
{
pluginReturn = BuildEncryptedPGPMIMEType(
out_mime,
mimeSeparator );
if(EMSR_OK == pluginReturn)
{
pluginReturn = AddMIMEParam(*out_mime,
"PGPFormat",
"PGPMIME-encrypted" );
}
}
}
}
break;
}
case kDecryptTranslatorID:
case kVerifyTranslatorID:
{
char *szTempFile = NULL;
BOOL bFYEO = FALSE;
void *pOutput = NULL;
PGPSize outSize = 0;
error = DecryptVerifyFile(g_hinst, g_hwndEudoraMainWindow,
g_pgpContext, g_tlsContext, szExe, szDll, in_file,
TRUE, FALSE, &szTempFile, &pOutput, &outSize, &bFYEO);
if( IsntPGPError(error) )
{
if ((bFYEO)||(GetSecureViewerPref((void *)g_pgpContext)))
TempestViewer((void *)g_pgpContext,NULL,pOutput,outSize,
bFYEO);
CopyFile(szTempFile, out_file, FALSE);
DeleteFile(szTempFile);
if( out_mime )
{
ParseFileForMIMEType( out_file, out_mime );
}
if ((bFYEO)||(GetSecureViewerPref((void *)g_pgpContext)))
pluginReturn = EMSR_UNKNOWN_FAIL;
else
pluginReturn = EMSR_OK;
}
if (szTempFile != NULL)
PGPFreeData(szTempFile);
if (pOutput != NULL)
PGPFreeData(pOutput);
break;
}
}
return pluginReturn;
}
/*****
*
* sign_certificate
*
* Call-out routine used by the CMS library for signing provided data
* (a certificate).
*
* Parameters and return values defined in CMS docs. This uses the
* PGP SDK. See "PGP Software Developer's Kit, Reference Manual"
* for details on calls used here.
*
*****/
int
x509CMSSignCallback (unsigned char **sig,
size_t *siglen,
unsigned char *ber,
size_t berlen,
const unsigned char *alg,
size_t algLen,
void *data,
TC_CONTEXT *ctx)
{
X509CMSCallbackData *pgpData = (X509CMSCallbackData *) data;
PGPPrivateKeyContextRef privKey = NULL;
PGPHashContextRef hash;
PGPMemoryMgrRef mgrRef;
PGPError err;
int ret = -1;
PGPOptionListRef pass;
PGPHashAlgorithm hashAlg;
(void) alg;
(void) algLen;
if (!pgpData || !pgpData->passphrase || !pgpData->context)
return -1;
do {
/* create and calculate the hash, do not finalize hash
for PGPPrivateKeySign() call */
mgrRef = PGPGetContextMemoryMgr (pgpData->context);
hashAlg = x509HashAlgorithm (alg, algLen);
err = PGPNewHashContext (mgrRef, hashAlg, &hash);
if (IsPGPError (err))
break;
err = PGPContinueHash (hash, ber, berlen);
if (IsPGPError (err))
break;
/* create the private key context */
PGPCopyOptionList (pgpData->passphrase, &pass);
err = PGPNewPrivateKeyContext (pgpData->key,
kPGPPublicKeyMessageFormat_X509,
&privKey,
pass,
PGPOLastOption (pgpData->context));
if (IsPGPError (err))
break;
/* figure out signature size */
err = PGPGetPrivateKeyOperationSizes (privKey, NULL, NULL, siglen);
if (IsPGPError (err))
break;
if (*siglen == 0) /* can't use key to sign */
break;
*sig = TC_Alloc (ctx->memMgr, *siglen);
if (*sig == NULL)
break;
memset (*sig, 0, *siglen);
/* calculate signature */
err = PGPPrivateKeySign (privKey, hash, *sig, siglen);
hash = NULL; /* dont attempt to free it later */
if (IsPGPError (err))
break;
ret = 0;
}
while (0);
/* clean-up */
if (hash)
err = PGPFreeHashContext (hash);
err = PGPFreePrivateKeyContext (privKey);
return ret;
} /* sign */
/*****
*
* verify_signature
*
* Call-out routine used by the CMS library for verifying a signature.
* Parameters and return values defined in CMS docs. This uses the
* PGP SDK. See "PGP Software Developer's Kit, Reference Manual"
* for details on calls used here.
*
*****/
int
x509CMSVerifyCallback (
unsigned char *data,
size_t dataLen,
unsigned char *sigalg,
size_t algLen,
unsigned char *params,
size_t paramLen,
unsigned char *signature,
size_t sigLen,
unsigned char *pubkey,
size_t pubkeyLen,
TC_CERT *issuer,
void *verData,
TC_CONTEXT *ctx)
{
X509CMSCallbackData *pgpData = (X509CMSCallbackData *) verData;
PGPMemoryMgrRef mgrRef;
PGPPublicKeyContextRef publicKey;
PGPHashContextRef hash;
PGPKeySetRef keySet;
PGPKeyListRef klist;
PGPKeyIterRef kiter;
PGPKeyRef mykey;
PGPError err;
PGPByte *certData;
PGPSize certDataLen;
int rtn = -1;
PGPHashAlgorithm hashAlg;
(void) params;
(void) paramLen;
(void) pubkey;
(void) pubkeyLen;
do {
/* check that the algorithm ID is allowed */
/* TODO... */
/* if we dont have the issuer's certificate, we can't verify the
signature. */
/* PGPsdk needs to have a function that takes raw ASN.1 encoded
key material and returns a KeyRef in order to support
verification of PKCS10 requests */
if (!issuer)
break;
/* import the certificate into pgp */
tc_pack_cert (&certData, &certDataLen, issuer, ctx);
/* import the key into a PGP key set */
err = PGPImportKeySet (pgpData->context,
&keySet,
PGPOX509Encoding (pgpData->context, 1),
PGPOInputBuffer (pgpData->context, certData, certDataLen),
PGPOLastOption (pgpData->context));
TC_Free (ctx->memMgr, certData);
if (IsPGPError (err))
break;
/* extract the key into a PGPKeyRef */
err = PGPOrderKeySet (keySet, kPGPAnyOrdering, &klist);
if (IsPGPError (err))
break;
err = PGPNewKeyIter (klist, &kiter);
if (IsPGPError (err))
break;
err = PGPKeyIterNext (kiter, &mykey);
if (IsPGPError (err))
break;
/* create the public key context */
err = PGPNewPublicKeyContext (mykey,
kPGPPublicKeyMessageFormat_X509,
&publicKey);
if (IsPGPError (err))
break;
hashAlg = x509HashAlgorithm (sigalg, algLen);
/* create and calculate the hash, do not finalize hash
for PGPPublicKeyVerify() call */
mgrRef = PGPGetContextMemoryMgr (pgpData->context);
err = PGPNewHashContext (mgrRef, hashAlg, &hash);
if (IsPGPError (err))
break;
err = PGPContinueHash (hash, data, dataLen);
if (IsPGPError (err))
break;
err = PGPPublicKeyVerifySignature (
publicKey, hash, (void *)signature, sigLen);
hash = NULL;
if ( IsPGPError(err) )
break;
rtn = 0;
} while (0);
/* clean-up */
PGPFreeKeyIter(kiter);
PGPFreeKeyList(klist);
PGPFreeKeySet(keySet);
if (hash)
PGPFreeHashContext(hash);
PGPFreePublicKeyContext (publicKey);
return rtn;
} /* verify_signature */
int revokeOrDisableKey(struct pgpmainBones *mainbPtr, char *keyguffin,
PGPFileSpecRef keyfilespec)
{
PGPContextRef context = mainbPtr->pgpContext;
struct pgpfileBones *filebPtr = mainbPtr->filebPtr;
PGPEnv *env = mainbPtr->envbPtr->m_env;
PGPBoolean compatible = mainbPtr->envbPtr->compatible;
PGPKeySetRef ringset = NULL;
PGPKeyListRef keylist = NULL;
PGPKeyIterRef keyiter = NULL;
PGPKeyRef key;
PGPBoolean propData = FALSE;
PGPError err, er2;
PGPUInt32 pri;
PGPBoolean needsfree = FALSE;
char* passphrase = 0;
int nkeysrevoked = 0;
err = pgpOpenKeyringsFromPubringSpec( mainbPtr, keyfilespec, &ringset, kPGPKeyRingOpenFlags_Mutable );
if ( IsPGPError(err)) goto done;
mainbPtr->workingRingSet=ringset;
/*mainbPtr->workingGroupSet=NULL;*/
err = pgpGetMatchingKeyList( mainbPtr, keyguffin, kMatch_NotKeyServer,
&keylist );
pgpAssertNoErr(err);
err = PGPNewKeyIter( keylist, &keyiter );
pgpAssertNoErr(err);
err = PGPKeyIterRewind( keyiter );
pgpAssertNoErr(err);
err = PGPKeyIterNext( keyiter, &key );
while( key != NULL ) {
pgpShowKeyBrief( filebPtr, key );
pgpShowKeyFingerprint( filebPtr, key );
/* XXX the old version used to ask for your password here... now
is different a bit*/
err = PGPGetKeyBoolean( key, kPGPKeyPropIsSecret, &propData );
if( propData ) {
PGPUserIDRef alias;
PGPSize actual;
char useridstr[ kPGPMaxUserIDSize ];
err = PGPGetPrimaryUserID( key, &alias );
pgpAssertNoErr(err);
err = PGPGetUserIDStringBuffer( alias, kPGPUserIDPropName,
kPGPMaxUserIDSize, useridstr, &actual );
pgpAssertNoErr(err);
fprintf(filebPtr->pgpout,
LANG("\nDo you want to permanently revoke your public key\n"
"by issuing a secret key compromise certificate\n"
"for \"%s\" (y/N)? "), useridstr );
if( getyesno( filebPtr, 'n', 0 ) ) {
err = pgpGetValidPassphrase( mainbPtr, key, &passphrase,
&needsfree);
if( err == 0 ) {
nkeysrevoked++;
err = PGPRevokeKey( key,
PGPOPassphrase( context, passphrase ),
PGPOLastOption( context )
);
pgpAssertNoErr( err );
}
goto tail;
}
}
err = PGPGetKeyBoolean( key, kPGPKeyPropIsDisabled, &propData );
pgpAssertNoErr( err );
if( propData ) {
fprintf( filebPtr->pgpout,
LANG("\nKey is already disabled.\n"
"Do you want to enable this key again (y/N)? "));
if( getyesno( filebPtr,'n',0) ) {
err = PGPEnableKey( key );
pgpAssertNoErr( err );
}
} else {
fprintf( filebPtr->pgpout,
LANG("\nDisable this key (y/N)? "));
if( getyesno( filebPtr,'n',0) ) {
err = PGPDisableKey( key );
pgpAssertNoErr( err );
}
}
tail:
err = PGPKeyIterNext( keyiter, &key );
}
/*if( nkeysrevoked > 0 ) {
err = PGPPropagateTrust( ringset );
pgpAssertNoErr( err );
}*/
if( PGPKeySetNeedsCommit( ringset ) ) {
err = PGPCommitKeyRingChanges( ringset );
}
done:
if( needsfree ) {
PGPFreeData( passphrase );
pgpRemoveFromPointerList( mainbPtr->leaks, passphrase );
}
if (ringset)
er2 = PGPFreeKeySet( ringset );
mainbPtr->workingRingSet = NULL;
if (keyiter)
er2 = PGPFreeKeyIter( keyiter );
if (keylist)
er2 = PGPFreeKeyList( keylist );
if ( !compatible && IsPGPError(err) &&
pgpenvGetInt( env, PGPENV_VERBOSE, &pri, &er2) )
pgpShowError(filebPtr, err,__FILE__,__LINE__);
return err;
}
static PGPError
sChangeKeyPhrase (
PGPContextRef context,
PGPKeySetRef keyset,
PGPKeyRef key,
LPSTR szOld,
PGPByte* pPasskeyOld,
PGPSize sizePasskeyOld,
PGPByte* pPasskey,
PGPSize sizePasskey)
{
UINT u;
PGPKeyListRef keylist;
PGPKeyIterRef keyiter;
PGPSubKeyRef subkey;
PGPError err;
if (szOld) {
err = PGPChangePassphrase (key,
PGPOPassphrase (context, szOld),
PGPOPasskeyBuffer (context, pPasskey, sizePasskey),
PGPOLastOption (context));
}
else if (sizePasskeyOld > 0) {
err = PGPChangePassphrase (key,
PGPOPasskeyBuffer (context, pPasskeyOld, sizePasskeyOld),
PGPOPasskeyBuffer (context, pPasskey, sizePasskey),
PGPOLastOption (context));
}
else {
err = PGPChangePassphrase (key,
PGPOPassphrase (context, ""),
PGPOPasskeyBuffer (context, pPasskey, sizePasskey),
PGPOLastOption (context));
}
if (IsPGPError (err)) return err;
PGPGetKeyNumber (key, kPGPKeyPropAlgID, &u);
switch (u) {
case kPGPPublicKeyAlgorithm_RSA :
break;
case kPGPPublicKeyAlgorithm_DSA :
PGPOrderKeySet (keyset, kPGPAnyOrdering, &keylist);
PGPNewKeyIter (keylist, &keyiter);
PGPKeyIterSeek (keyiter, key);
PGPKeyIterNextSubKey (keyiter, &subkey);
while (subkey) {
if (szOld) {
err = PGPChangeSubKeyPassphrase (subkey,
PGPOPassphrase (context, szOld),
PGPOPasskeyBuffer (context, pPasskey, sizePasskey),
PGPOLastOption (context));
}
else if (sizePasskeyOld > 0) {
err = PGPChangeSubKeyPassphrase (subkey,
PGPOPasskeyBuffer (context,
pPasskeyOld, sizePasskeyOld),
PGPOPasskeyBuffer (context, pPasskey, sizePasskey),
PGPOLastOption (context));
}
else {
err = PGPChangeSubKeyPassphrase (subkey,
PGPOPassphrase (context, ""),
PGPOPasskeyBuffer (context, pPasskey, sizePasskey),
PGPOLastOption (context));
}
PGPKeyIterNextSubKey (keyiter, &subkey);
}
PGPFreeKeyIter (keyiter);
PGPFreeKeyList (keylist);
break;
default :
break;
}
return err;
}
static PGPError
sSaveSharesToFile (
PSHAREHOLDERSTRUCT pshs,
PGPContextRef context,
PGPShareRef sharesTotal,
PGPKeySetRef keyset,
LPSTR pszFolder)
{
PFLFileSpecRef filespec = NULL;
PGPShareFileRef sharefile = NULL;
PGPShareRef sharesHolder = NULL;
PGPOptionListRef encodeOptions = NULL;
PGPError err = kPGPError_NoErr;
INT iModifier = 0;
CHAR szPath[MAX_PATH];
CHAR szModifier[MAX_SHARES_LEN+1];
CHAR sz1[32];
CHAR sz2[kPGPMaxUserIDSize + 32];
PGPKeyRef key;
// create file name and filespec
err = sCreateFilePathFromUserName (pszFolder, pshs->szUserID,
pshs->uShares, NULL, szPath, sizeof(szPath));
if (IsPGPError (err)) goto SaveFileCleanup;
// check for pre-existence of file
while (GetFileAttributes (szPath) != 0xFFFFFFFF) {
iModifier++;
if (iModifier > MAX_SHARES) {
err = kPGPError_CantOpenFile;
goto SaveFileCleanup;
}
wsprintf (szModifier, " %i", iModifier);
err = sCreateFilePathFromUserName (pszFolder, pshs->szUserID,
pshs->uShares, szModifier, szPath, sizeof(szPath));
if (IsPGPError (err)) goto SaveFileCleanup;
}
err = PFLNewFileSpecFromFullPath (PGPGetContextMemoryMgr (context),
szPath, &filespec);
if (IsPGPError (err)) goto SaveFileCleanup;
err = PFLFileSpecCreate (filespec);
if (IsPGPError (err)) goto SaveFileCleanup;
err = PGPNewShareFile (filespec, &sharefile);
if (IsPGPError (err)) goto SaveFileCleanup;
err = PGPSetShareFileUserID (sharefile, pshs->szUserID);
if (IsPGPError (err)) goto SaveFileCleanup;
err = PGPSplitShares (sharesTotal, pshs->uShares, &sharesHolder);
if (IsPGPError (err)) goto SaveFileCleanup;
// if this shareholder has public key, use it
if (pshs->bPublicKey) {
err = PGPSetShareFileOwnerKeyID (sharefile, pshs->keyid);
if (IsPGPError (err)) goto SaveFileCleanup;
err = PGPGetKeyByKeyID (keyset, &(pshs->keyid), pshs->keyalg, &key);
if (IsPGPError (err)) {
LoadString (g_hInst, IDS_CAPTIONERROR, sz1, sizeof(sz1));
LoadString (g_hInst, IDS_SHAREKEYGONE, sz2, sizeof(sz2));
lstrcat (sz2, pshs->szUserID);
MessageBox (NULL, sz2, sz1, MB_OK|MB_ICONERROR);
err = kPGPError_UserAbort;
goto SaveFileCleanup;
}
err = PGPBuildOptionList (context, &encodeOptions,
PGPOEncryptToKey (context, key),
PGPOLastOption (context));
if (IsPGPError (err)) goto SaveFileCleanup;
}
// there is no public key for this shareholder
else {
err = PGPBuildOptionList (context, &encodeOptions,
PGPOConventionalEncrypt (context,
PGPOPassphrase (context, pshs->pszPassphrase),
PGPOLastOption (context)),
PGPOLastOption (context));
if (IsPGPError (err)) goto SaveFileCleanup;
}
err = PGPCopySharesToFile (context, sharefile,
encodeOptions, sharesHolder);
if (IsPGPError (err)) goto SaveFileCleanup;
err = PGPSaveShareFile (sharefile);
SaveFileCleanup:
if (encodeOptions != NULL)
PGPFreeOptionList (encodeOptions);
if (sharesHolder != NULL)
PGPFreeShares (sharesHolder);
if (sharefile != NULL)
PGPFreeShareFile (sharefile);
if (filespec != NULL)
PFLFreeFileSpec (filespec);
return err;
}
BOOL
KMSplitDropKeys (
PSPLITKEYSTRUCT psks,
HANDLE hMem)
{
PGPKeySetRef keyset = NULL;
PGPKeyListRef keylist = NULL;
PGPKeyIterRef keyiter = NULL;
LPSTR pMem = NULL;
PGPError err;
PGPKeyRef key;
PGPKeyID keyid;
BOOL bKeys;
PGPBoolean bKeyIsUsable;
size_t sLen;
PSHAREHOLDERSTRUCT pshs;
PGPPublicKeyAlgorithm alg;
bKeys = FALSE;
if (hMem) {
pMem = GlobalLock (hMem);
if (pMem) {
sLen = lstrlen (pMem);
err = PGPImportKeySet (psks->pKM->Context, &keyset,
PGPOInputBuffer (psks->pKM->Context, pMem, sLen),
PGPOLastOption (psks->pKM->Context));
if (IsPGPError (err)) goto SplitDropCleanup;
err = PGPOrderKeySet (keyset, kPGPAnyOrdering, &keylist);
if (IsPGPError (err)) goto SplitDropCleanup;
err = PGPNewKeyIter (keylist, &keyiter);
if (IsPGPError (err)) goto SplitDropCleanup;
PGPKeyIterNext (keyiter, &key);
while (key) {
bKeyIsUsable = FALSE;
PGPGetKeyNumber (key, kPGPKeyPropAlgID, &alg);
PGPGetKeyIDFromKey (key, &keyid);
// key must either not be RSA or RSA ops must be enabled
PGPGetKeyBoolean (key, kPGPKeyPropCanEncrypt, &bKeyIsUsable);
// key must not be the same one that is being split
if (alg == psks->keyalgToSplit) {
if (PGPCompareKeyIDs (&keyid, &(psks->keyidToSplit))==0)
bKeyIsUsable = FALSE;
}
// key must not already be in list
if (sIsKeyIDAlreadyInList (&keyid, alg, psks))
bKeyIsUsable = FALSE;
if (bKeyIsUsable) {
bKeys = TRUE;
pshs = KMAlloc (sizeof(SHAREHOLDERSTRUCT));
if (pshs) {
PGPSize size;
pshs->bPublicKey = TRUE;
pshs->pszPassphrase = NULL;
pshs->uShares = 1;
PGPGetPrimaryUserIDNameBuffer (key,
sizeof(pshs->szUserID), pshs->szUserID, &size);
PGPGetKeyIDFromKey (key, &(pshs->keyid));
PGPGetKeyNumber (key,
kPGPKeyPropAlgID, &(pshs->keyalg));
if (sAddShareHolder (psks, pshs,
KMDetermineUserIDIcon (key, NULL, NULL),
psks->hwndList)) {
psks->uTotalShares += pshs->uShares;
SetDlgItemInt (psks->hwndDlg, IDC_TOTALSHARES,
psks->uTotalShares, FALSE);
SendMessage (psks->hwndDlg, WM_COMMAND,
MAKEWPARAM(IDC_THRESHOLD, EN_CHANGE), 0);
}
else {
KMFree (pshs);
}
}
}
PGPKeyIterNext (keyiter, &key);
}
SplitDropCleanup :
if (keyiter)
PGPFreeKeyIter (keyiter);
if (keylist)
PGPFreeKeyList (keylist);
if (keyset)
PGPFreeKeySet (keyset);
if (pMem)
GlobalUnlock (hMem);
}
}
return bKeys;
}
PGPUInt32
CHTTPXcertServer::DigestKey(
PGPKeyRef inKey,
char * inOutputBuffer)
{
StPGPKeySetRef singleKeySet;
StPGPHashContextRef hashContext;
StPGPDataRef buffer;
PGPSize bufSize;
StPGPDataRef encodedBuffer;
PGPError pgpErr;
pgpErr = PGPNewSingletonKeySet(inKey, &singleKeySet);
ThrowIfPGPError_(pgpErr);
pgpErr = PGPExportKeySet( singleKeySet,
PGPOExportFormat(mContext, kPGPExportFormat_X509Cert),
PGPOAllocatedOutputBuffer( mContext,
(void **) &buffer,
MAX_PGPSize,
&bufSize),
PGPOLastOption(mContext));
ThrowIfPGPError_(pgpErr);
singleKeySet.Free();
encodedBuffer = static_cast<PGPByte *>(
PGPNewData( PGPGetContextMemoryMgr(mContext),
GetMaxBase64EncodedBufferSize(bufSize),
kPGPMemoryMgrFlags_None));
if (encodedBuffer == 0) {
ThrowPGPError_(kPGPError_OutOfMemory);
};
bufSize = Base64Encode( static_cast<const PGPByte *>(buffer),
bufSize,
encodedBuffer);
buffer.Free();
pgpErr = PGPNewHashContext( PGPGetContextMemoryMgr(mContext),
kPGPHashAlgorithm_MD5,
&hashContext);
ThrowIfPGPError_(pgpErr);
// We have to skip the CRs in order to match XCert's hash
char * cur = encodedBuffer;
char * next;
while ((next = strchr(cur, '\r')) != 0) {
pgpErr = PGPContinueHash(hashContext, cur, next - cur);
ThrowIfPGPError_(pgpErr);
cur = next + 1;
}
pgpErr = PGPContinueHash(hashContext, cur, strlen(cur));
ThrowIfPGPError_(pgpErr);
encodedBuffer.Free();
pgpErr = PGPGetHashSize(hashContext, &bufSize);
buffer = static_cast<PGPByte *>(PGPNewData( PGPGetContextMemoryMgr(mContext),
bufSize,
kPGPMemoryMgrFlags_None));
if (buffer == 0) {
ThrowPGPError_(kPGPError_OutOfMemory);
};
pgpErr = PGPFinalizeHash(hashContext, static_cast<char *>(buffer));
ThrowIfPGPError_(pgpErr);
return HexEncode(buffer, bufSize, inOutputBuffer);
}