LPSTR __cdecl _pgp_decrypt_key(LPCSTR szEncMsg, LPCSTR pgpKey) { #if defined(_WIN64) return 0; #else LPSTR szPlainMsg = 0; PGPSize dwPlainMsgLen; PGPUInt32 dwKeys; PGPKeyDBRef PrivateKeyDB; if (CheckPGPError(_pgp_import_key(&PrivateKeyDB,pgpKey))) return 0; PGPCountKeysInKeyDB(PrivateKeyDB, &dwKeys); if(dwKeys==0) { PGPFreeKeyDB(PrivateKeyDB); return 0; } int iTry = 0; do { if (!pszPassphrase && PGPPassphraseDialog(pgpContext, PGPOUIOutputPassphrase(pgpContext, &pszPassphrase), PGPOLastOption(pgpContext)) == kPGPError_UserAbort) { iTry = 3; break; } PGPError err = PGPDecode(pgpContext, PGPOInputBuffer(pgpContext, szEncMsg, lstrlen(szEncMsg)), PGPOAllocatedOutputBuffer(pgpContext, (LPVOID *)&szPlainMsg, 16384, &dwPlainMsgLen), PGPOKeyDBRef(pgpContext, PrivateKeyDB), PGPOPassphrase(pgpContext, pszPassphrase), PGPOLastOption(pgpContext)); if (CheckPGPError(err)) iTry = 3; else if (!dwPlainMsgLen) { PGPFreeData(pszPassphrase); pszPassphrase = 0; iTry++; } } while(!dwPlainMsgLen && iTry<3); PGPFreeKeyDB(PrivateKeyDB); if(iTry == 3) return 0; LPSTR szMsg = (LPSTR) LocalAlloc(LPTR,dwPlainMsgLen+1); _pgp_memcpy(szMsg, szPlainMsg, dwPlainMsgLen); szMsg[dwPlainMsgLen] = 0; PGPFreeData((LPVOID)szPlainMsg); return szMsg; #endif }
LPSTR __cdecl _pgp_decrypt_keydb(LPCSTR szEncMsg) { LPSTR szPlainMsg = 0; DWORD dwPlainMsgLen; ClearPGPError(); if(!pgpKeyDB) return 0; int iTry = 0; do { if (!pszPassphrase && PGPPassphraseDialog(pgpContext, PGPOUIOutputPassphrase(pgpContext, &pszPassphrase), PGPOLastOption(pgpContext)) == kPGPError_UserAbort) { iTry = 3; break; } PGPError err = PGPDecode(pgpContext, PGPOInputBuffer(pgpContext, szEncMsg, lstrlen(szEncMsg)), PGPOAllocatedOutputBuffer(pgpContext, (LPVOID *)&szPlainMsg, 16384, (PGPUInt32 *)&dwPlainMsgLen), #if (PGP_WIN32 < 0x700) PGPOKeySetRef(pgpContext, pgpKeyDB), #else PGPOKeyDBRef(pgpContext, pgpKeyDB), #endif PGPOPassphrase(pgpContext, pszPassphrase), PGPOLastOption(pgpContext)); if (CheckPGPError(err)) iTry = 3; else if (!dwPlainMsgLen) { PGPFreeData(pszPassphrase); pszPassphrase = 0; iTry++; } } while(!dwPlainMsgLen && iTry<3); if(iTry == 3) return 0; LPSTR szMsg = (LPSTR) LocalAlloc(LPTR,dwPlainMsgLen+1); _pgp_memcpy(szMsg, szPlainMsg, dwPlainMsgLen); szMsg[dwPlainMsgLen] = 0; PGPFreeData((LPVOID)szPlainMsg); return szMsg; }
PGPError KMGetConventionalPhrase ( PGPContextRef context, HWND hwnd, LPSTR pszPrompt, LPSTR* ppszPhrase) { PGPError err = kPGPError_BadParams; PGPOptionListRef optionList = kInvalidPGPOptionListRef; if (!ppszPhrase) return err; err = PGPBuildOptionList (context, &optionList, PGPOUIOutputPassphrase (context, ppszPhrase), PGPOUIParentWindowHandle (context, hwnd), PGPOLastOption (context)); if (IsntPGPError (err)) { // If we have a prompt, use it if (NULL!=(int) (pszPrompt)) { err = PGPAppendOptionList (optionList, PGPOUIDialogPrompt (context, pszPrompt), PGPOLastOption (context)); } if (IsntPGPError (err)) { err = PGPConventionalDecryptionPassphraseDialog (context, optionList, PGPOLastOption (context)); } } if (IsPGPError (err)) { if (*ppszPhrase) { PGPFreeData (*ppszPhrase); *ppszPhrase = NULL; } } if (PGPOptionListRefIsValid (optionList)) PGPFreeOptionList (optionList); return err; }
LPSTR __cdecl _pgp_encrypt_keydb(LPCSTR szPlainMsg, PVOID pgpKeyID) { #if defined(_WIN64) return 0; #else PGPKeyID *RemoteKeyID = (PGPKeyID *) pgpKeyID; LPSTR szEncMsg = 0; PGPSize dwEncMsgLen; ClearPGPError(); if (!pgpKeyDB) return 0; PGPKeyDBObjRef PublicKey; PGPFindKeyByKeyID(pgpKeyDB, RemoteKeyID, &PublicKey); PGPError err = PGPEncode(pgpContext, PGPOInputBuffer(pgpContext, szPlainMsg, lstrlen(szPlainMsg)), PGPOArmorOutput(pgpContext, TRUE), PGPOAllocatedOutputBuffer(pgpContext, (LPVOID *)&szEncMsg, 16384, &dwEncMsgLen), PGPOEncryptToKeyDBObj(pgpContext, PublicKey), PGPOVersionString(pgpContext, szVersionStr), PGPOLastOption(pgpContext)); if (CheckPGPError(err)) return 0; LPSTR szMsg = (LPSTR) LocalAlloc(LPTR,dwEncMsgLen+1); _pgp_memcpy(szMsg, szEncMsg, dwEncMsgLen); szMsg[dwEncMsgLen] = 0; PGPFreeData((LPVOID)szEncMsg); return szMsg; #endif }
static PGPError sRevokeKeySplit ( PGPContextRef context, PGPKeySetRef keyset, PGPKeyRef key, PGPByte* passkey, PGPSize sizePasskey) { UINT u; PGPKeyListRef keylist; PGPKeyIterRef keyiter; PGPSubKeyRef subkey; PGPError err; err = PGPRevokeKey (key, PGPOPasskeyBuffer (context, passkey, sizePasskey), PGPOLastOption (context)); if (IsPGPError (err)) return err; PGPGetKeyNumber (key, kPGPKeyPropAlgID, &u); switch (u) { case kPGPPublicKeyAlgorithm_RSA : break; case kPGPPublicKeyAlgorithm_DSA : PGPOrderKeySet (keyset, kPGPAnyOrdering, &keylist); PGPNewKeyIter (keylist, &keyiter); PGPKeyIterSeek (keyiter, key); PGPKeyIterNextSubKey (keyiter, &subkey); while (subkey) { err = PGPRevokeSubKey (subkey, PGPOPasskeyBuffer (context, passkey, sizePasskey), PGPOLastOption (context)); PGPKeyIterNextSubKey (keyiter, &subkey); } PGPFreeKeyIter (keyiter); PGPFreeKeyList (keylist); break; default : break; } return err; }
PGPError _pgp_import_key(PGPKeyDBRef *keyDB, LPCSTR pgpKey) { return PGPImport( pgpContext, keyDB, PGPOInputBuffer( pgpContext, pgpKey, lstrlen(pgpKey) ), PGPOLastOption( pgpContext ) ); }
PGPError pgpKeyPassphraseCL( PGPContextRef context, CPGPKeyPassphraseDialogOptions *options) { PGPError err; GPP gpp; memset(&gpp,0x00,sizeof(GPP)); gpp.context=context; gpp.options=options; char szNameFinal[kPGPMaxUserIDSize]; GetKeyString(options->mDefaultKey, szNameFinal); fprintf(stdout, "\n%s\n", szNameFinal); while (1) { FreePassphrases(&gpp); gpp.pszPassPhrase = (char *)secAlloc (gpp.context, KEYSIZE); if (gpp.pszPassPhrase) { PGPInt32 len = pgpCLGetPass(stdout, gpp.pszPassPhrase, KEYSIZE); if (len < 0) { err = kPGPError_UserAbort; break; } *(options->mPassphrasePtr) = gpp.pszPassPhrase; if (PassphraseLengthAndQualityOK(options,gpp.pszPassPhrase)) { PGPBoolean PassValid; PassValid = PGPPassphraseIsValid(options->mDefaultKey, PGPOPassphrase(context, gpp.pszPassPhrase), PGPOLastOption(context)); if (PassValid) { err = kPGPError_NoErr; break; } else { fprintf(stdout, "Wrong passphrase, reenter\n"); } } else { ClearPassphrases(&gpp); FreePassphrases(&gpp); } } else { err = kPGPError_OutOfMemory; break; } } ClearPassphrases(&gpp); if (err != kPGPError_NoErr) FreePassphrases(&gpp); return(err); }
PGPError ValidateSigningPhrase (HWND hDlg, GPP *gpp, LPSTR pszPhrase, PGPKeyRef key) { CHAR szName[kPGPMaxUserIDSize]; CHAR sz[128]; CHAR sz2[kPGPMaxUserIDSize + 128]; PGPSize size; CPGPSigningPassphraseDialogOptions *options; options=(CPGPSigningPassphraseDialogOptions *)gpp->options; // does phrase match selected key ? if (PGPPassphraseIsValid (key, PGPOPassphrase (gpp->context, pszPhrase), PGPOLastOption (gpp->context))) { *(options->mPassphraseKeyPtr) = key; return kPGPError_NoErr; } if(options->mFindMatchingKey) { // does phrase match any private key ? key=GetKeyForPassphrase(options->mKeySet,pszPhrase,TRUE); if (key!=NULL) { // ask user to use other key LoadString (gPGPsdkUILibInst, IDS_FOUNDMATCHFORPHRASE, sz, sizeof(sz)); PGPGetPrimaryUserIDNameBuffer (key, sizeof(szName), szName, &size); wsprintf (sz2, sz, szName); LoadString (gPGPsdkUILibInst, IDS_PGP, sz, sizeof(sz)); if (MessageBox (hDlg, sz2, sz, MB_ICONQUESTION|MB_YESNO) == IDYES) { *(options->mPassphraseKeyPtr) = key; return kPGPError_NoErr; } return kPGPError_BadPassphrase; } } // phrase doesn't match any key PGPsdkUIMessageBox (hDlg, IDS_PGPERROR,IDS_BADPASSREENTER, MB_OK|MB_ICONSTOP); LoadString (gPGPsdkUILibInst, IDS_WRONGPHRASE, sz, sizeof (sz)); SetDlgItemText (hDlg, IDC_PROMPTSTRING, sz); return kPGPError_BadPassphrase; }
static PGPError sSendToServerInternal ( HWND hwndParent, PGPContextRef context, PGPtlsContextRef tlsContext, UINT uServer, PGPKeyServerEntry* pkeyserver, LPSTR pszUserID, PGPKeySetRef keysetMain, PGPKeySetRef keysetToSend) { PGPError err = kPGPError_NoErr; PGPKeyServerEntry* pentryList = NULL; PGPKeyServerSpec* pserverList = NULL; PGPInt32 iNumEntries = 0; PCLIENTSERVERSTRUCT pcss = NULL; PGPKeySetRef keysetFailed = kInvalidPGPKeySetRef; PGPMemoryMgrRef memMgr; PGPPrefRef clientPrefsRef; PGPValidatePtr (keysetToSend); PGPValidatePtr (context); PGPValidatePtr (pszUserID); memMgr=PGPGetContextMemoryMgr(context); err=PGPclOpenClientPrefs (memMgr,&clientPrefsRef); if(IsntPGPError(err)) { err=CLInitKeyServerPrefs(uServer,pkeyserver, hwndParent,context,keysetMain,clientPrefsRef,pszUserID, &pcss,&pentryList,&pserverList,&iNumEntries); PGPclCloseClientPrefs (clientPrefsRef, FALSE); } if (IsntPGPError (err)) { err = PGPSendToKeyServerDialog (context, &(pserverList[0]), tlsContext, keysetToSend, &keysetFailed, PGPOUIParentWindowHandle (context, hwndParent), PGPOLastOption (context)); if (PGPKeySetRefIsValid (keysetFailed)) PGPFreeKeySet (keysetFailed); } CLUninitKeyServerPrefs(uServer, pcss,pentryList,pserverList,iNumEntries); return err; }
PGPError _pgp_import_key(PGPKeyDBRef *keyDB, LPCSTR pgpKey) { #if defined(_WIN64) return 0; #else return PGPImport( pgpContext, keyDB, PGPOInputBuffer( pgpContext, pgpKey, lstrlen(pgpKey) ), PGPOLastOption(pgpContext )); #endif }
static PGPError sQueryServerInternal ( HWND hwndParent, PGPContextRef context, PGPtlsContextRef tlsContext, PGPOptionListRef optionSearch, UINT uServer, LPSTR pszUserID, PGPKeySetRef keysetMain, PGPKeySetRef* pkeysetResult) { PGPError err = kPGPError_NoErr; PGPKeyServerEntry* pentryList = NULL; PGPKeyServerSpec* pserverList = NULL; PGPInt32 iNumEntries = 0; PCLIENTSERVERSTRUCT pcss = NULL; PGPMemoryMgrRef memMgr; PGPPrefRef clientPrefsRef; PGPValidatePtr (pkeysetResult); PGPValidatePtr (context); PGPValidatePtr (pszUserID); memMgr=PGPGetContextMemoryMgr(context); err=PGPclOpenClientPrefs (memMgr,&clientPrefsRef); if(IsntPGPError(err)) { err=CLInitKeyServerPrefs(uServer,NULL, hwndParent,context,keysetMain,clientPrefsRef,pszUserID, &pcss,&pentryList,&pserverList,&iNumEntries); PGPclCloseClientPrefs (clientPrefsRef, FALSE); } if (IsntPGPError (err)) { err = PGPSearchKeyServerDialog (context, iNumEntries, pserverList, tlsContext, FALSE, pkeysetResult, optionSearch, PGPOUIParentWindowHandle (context, hwndParent), PGPOLastOption (context)); } CLUninitKeyServerPrefs(uServer, pcss,pentryList,pserverList,iNumEntries); return err; }
LPSTR __cdecl _pgp_encrypt_key(LPCSTR szPlainMsg, LPCSTR pgpKey) { #if defined(_WIN64) return 0; #else LPSTR szEncMsg = 0; PGPSize dwEncMsgLen; PGPUInt32 dwKeys; PGPKeyDBRef PublicKeyDB; if (CheckPGPError(_pgp_import_key(&PublicKeyDB,pgpKey))) return 0; PGPKeyIterRef KeyIterRef; PGPNewKeyIterFromKeyDB(PublicKeyDB, &KeyIterRef); PGPKeyDBObjRef PublicKey; PGPKeyIterNextKeyDBObj(KeyIterRef, kPGPKeyDBObjType_Key, &PublicKey); PGPCountKeysInKeyDB(PublicKeyDB, &dwKeys); if(dwKeys==0) { PGPFreeKeyIter(KeyIterRef); PGPFreeKeyDB(PublicKeyDB); return 0; } PGPError err = PGPEncode(pgpContext, PGPOInputBuffer(pgpContext, szPlainMsg, lstrlen(szPlainMsg)), PGPOArmorOutput(pgpContext, TRUE), PGPOAllocatedOutputBuffer(pgpContext, (LPVOID *)&szEncMsg, 16384, &dwEncMsgLen), PGPOEncryptToKeyDBObj(pgpContext, PublicKey), PGPOVersionString(pgpContext, szVersionStr), PGPOLastOption(pgpContext)); PGPFreeKeyIter(KeyIterRef); PGPFreeKeyDB(PublicKeyDB); if (CheckPGPError(err)) return 0; LPSTR szMsg = (LPSTR) LocalAlloc(LPTR,dwEncMsgLen+1); _pgp_memcpy(szMsg, szEncMsg, dwEncMsgLen); szMsg[dwEncMsgLen] = 0; PGPFreeData((LPVOID)szEncMsg); return szMsg; #endif }
LPSTR __cdecl _pgp_encrypt_keydb(LPCSTR szPlainMsg, PVOID pgpKeyID) { PGPKeyID *RemoteKeyID = (PGPKeyID *) pgpKeyID; LPSTR szEncMsg = 0; DWORD dwEncMsgLen; ClearPGPError(); if(!pgpKeyDB) return 0; #if (PGP_WIN32 < 0x700) PGPFilterRef IDFilter; PGPNewKeyIDFilter(pgpContext, RemoteKeyID, &IDFilter); PGPKeySetRef PublicKey; PGPFilterKeySet(pgpKeyDB, IDFilter, &PublicKey); #else PGPKeyDBObjRef PublicKey; PGPFindKeyByKeyID(pgpKeyDB, RemoteKeyID, &PublicKey); #endif PGPError err = PGPEncode(pgpContext, PGPOInputBuffer(pgpContext, szPlainMsg, lstrlen(szPlainMsg)), PGPOArmorOutput(pgpContext, TRUE), PGPOAllocatedOutputBuffer(pgpContext, (LPVOID *)&szEncMsg, 16384, (PGPUInt32 *)&dwEncMsgLen), #if (PGP_WIN32 < 0x700) PGPOEncryptToKeySet(pgpContext, PublicKey), #else PGPOEncryptToKeyDBObj(pgpContext, PublicKey), #endif PGPOVersionString(pgpContext, szVersionStr), PGPOLastOption(pgpContext)); #if (PGP_WIN32 < 0x700) PGPFreeKeySet(PublicKey); PGPFreeFilter(IDFilter); #endif if (CheckPGPError(err)) return 0; LPSTR szMsg = (LPSTR) LocalAlloc(LPTR,dwEncMsgLen+1); _pgp_memcpy(szMsg, szEncMsg, dwEncMsgLen); szMsg[dwEncMsgLen] = 0; PGPFreeData((LPVOID)szEncMsg); return szMsg; }
PGPError AddKeyFileListStub (MYSTATE *ms) { PGPContextRef context; PGPFileSpecRef inref; PGPOptionListRef opts; FILELIST *FileCurrent; PGPError err; err=kPGPError_NoErr; context=ms->context; FileCurrent=ms->ListHead; while(!(SCGetProgressCancel(ms->hPrgDlg))&&(FileCurrent!=0)&&(IsntPGPError(err))) { if(FileCurrent->IsDirectory) { FileCurrent=FileCurrent->next; continue; } PGPNewFileSpecFromFullPath (context, FileCurrent->name, &inref); PGPBuildOptionList(context,&opts, PGPOInputFile(context,inref), PGPOLastOption(context)); err=GenericAddKey(ms,opts,FileCurrent->name); PGPFreeOptionList(opts); PGPFreeFileSpec( inref ); FileCurrent=FileCurrent->next; } return err; }
PGPError GenericAddKey(MYSTATE *ms, PGPOptionListRef opts, char *OperationTarget) { PGPKeySetRef AddKeySet; PGPContextRef context; PGPError err; err=kPGPError_NoErr; context=ms->context; ms->fileName=OperationTarget; if(ms->Operation!=MS_ADDKEYCLIPBOARD) SCSetProgressNewFilename(ms->hPrgDlg,"From '%s'",ms->fileName,TRUE); err=PGPImportKeySet(context,&AddKeySet, opts, PGPOSendNullEvents(context,75), PGPOEventHandler(context,AddEvents,ms), PGPOLastOption(context)); SCSetProgressBar(ms->hPrgDlg,100,TRUE); if(IsntPGPError(err)) { PGPUInt32 numKeys; PGPCountKeys( AddKeySet, &numKeys); if ( numKeys > 0) { err=PGPclQueryAddKeys (context, ms->tlsContext,ms->hwndWorking,AddKeySet,NULL); } PGPFreeKeySet (AddKeySet); } return err; }
PVOID __cdecl _pgp_select_keyid(HWND hDlg,LPSTR szKeyID) { #if defined(_WIN64) return 0; #else PGPKeyDBRef ContactKeyDB; PGPError err; err = PGPRecipientDialog(pgpContext, pgpKeyDB, TRUE, &ContactKeyDB, PGPOUIParentWindowHandle(pgpContext, hDlg), PGPOUIWindowTitle(pgpContext, "Select Contact's Key"), PGPOLastOption(pgpContext)); if (err == kPGPError_UserAbort) return 0; PGPUInt32 dwKeys; PGPCountKeysInKeyDB(ContactKeyDB, &dwKeys); if (!dwKeys) return 0; if (dwKeys > 1) MessageBox(hDlg, "You selected more than one key. Only the first key will be used.", szModuleName, MB_ICONINFORMATION); static PGPKeyID KeyID; PGPKeyIterRef KeyIterRef; PGPNewKeyIterFromKeyDB(ContactKeyDB, &KeyIterRef); PGPKeyDBObjRef KeyDBObjRef; PGPKeyIterNextKeyDBObj(KeyIterRef, kPGPKeyDBObjType_Key, &KeyDBObjRef); PGPSize dwFilled; PGPGetKeyDBObjDataProperty(KeyDBObjRef, kPGPKeyProperty_KeyID, &KeyID, sizeof(PGPKeyID), &dwFilled); PGPGetKeyIDString(&KeyID, kPGPKeyIDString_Abbreviated, szKeyID); PGPFreeKeyIter(KeyIterRef); PGPFreeKeyDB(ContactKeyDB); return (PVOID)&KeyID; #endif }
PGPError AddKeyClipboardStub (MYSTATE *ms) { PGPOptionListRef opts; PGPContextRef context; char StrRes[100]; PGPError err; err=kPGPError_NoErr; context=ms->context; PGPBuildOptionList(context,&opts, PGPOInputBuffer(context,ms->pInput,ms->dwInputSize), PGPOLastOption(context)); LoadString (g_hinst, IDS_CLIPBOARD, StrRes, sizeof(StrRes)); err=GenericAddKey(ms,opts,StrRes); PGPFreeOptionList(opts); return err; }
PGPError ValidateSigningPhrase (GPP *gpp, char * pszPhrase, PGPKeyRef key) { char szName[kPGPMaxUserIDSize]; char sz[128]; char sz2[kPGPMaxUserIDSize + 128]; PGPSize size; CPGPSigningPassphraseDialogOptions *options; options = (CPGPSigningPassphraseDialogOptions *)gpp->options; // does phrase match selected key ? if (PGPPassphraseIsValid (key, PGPOPassphrase (gpp->context, pszPhrase), PGPOLastOption (gpp->context))) { *(options->mPassphraseKeyPtr) = key; return kPGPError_NoErr; } if (options->mFindMatchingKey) { // does phrase match any private key ? key=GetKeyForPassphrase(options->mKeySet,pszPhrase,TRUE); if (key != NULL) { // ask user to use other key PGPGetPrimaryUserIDNameBuffer (key, sizeof(szName), szName, &size); sprintf (sz2, sz, szName); return kPGPError_BadPassphrase; } } // phrase doesn't match any key printf("Bad Passphrase: Please re-enter\n"); return kPGPError_BadPassphrase; }
LPSTR __cdecl _pgp_decrypt_key(LPCSTR szEncMsg, LPCSTR pgpKey) { LPSTR szPlainMsg = 0; DWORD dwPlainMsgLen; PGPUInt32 dwKeys; #if (PGP_WIN32 < 0x700) PGPKeySetRef PrivateKeyDB; if (CheckPGPError(_pgp_import_key(&PrivateKeyDB,pgpKey))) return 0; PGPCountKeys(PrivateKeyDB, &dwKeys); #else PGPKeyDBRef PrivateKeyDB; if (CheckPGPError(_pgp_import_key(&PrivateKeyDB,pgpKey))) return 0; PGPCountKeysInKeyDB(PrivateKeyDB, &dwKeys); #endif if(dwKeys==0) { #if (PGP_WIN32 < 0x700) PGPFreeKeySet(PrivateKeyDB); #else PGPFreeKeyDB(PrivateKeyDB); #endif return 0; } int iTry = 0; do { if (!pszPassphrase && PGPPassphraseDialog(pgpContext, PGPOUIOutputPassphrase(pgpContext, &pszPassphrase), PGPOLastOption(pgpContext)) == kPGPError_UserAbort) { iTry = 3; break; } /* #if (PGP_WIN32 < 0x700) PGPKeyListRef PrivateKeyList; PGPOrderKeySet(PrivateKeyDB, kPGPKeyIDOrdering, &PrivateKeyList); PGPKeyIterRef KeyIterRef; PGPNewKeyIter(PrivateKeyList, &KeyIterRef); PGPKeyRef PrivateKey; for(int i=0;i<dwKeys;i++) { PGPKeyIterNext(KeyIterRef, &PrivateKey); PGPOPassphraseIsValid(PrivateKey, PGPOPassphrase(pgpContext, pszPassphrase), PGPOLastOption(pgpContext)); } PGPFreeKeyList(PrivateKeyList); PGPFreeKeyIter(KeyIterRef); #else PGPKeyIterRef KeyIterRef; PGPNewKeyIterFromKeyDB(PrivateKeyDB, &KeyIterRef); PGPKeyDBObjRef KeyDBObjRef; for(int i=0;i<dwKeys;i++) { PGPKeyIterNextKeyDBObj(KeyIterRef, kPGPKeyDBObjType_Key, &KeyDBObjRef); PGPOPassphraseIsValid(PrivateKey, PGPOPassphrase(pgpContext, pszPassphrase), PGPOLastOption(pgpContext)); } PGPFreeKeyIter(KeyIterRef); #endif */ PGPError err = PGPDecode(pgpContext, PGPOInputBuffer(pgpContext, szEncMsg, lstrlen(szEncMsg)), PGPOAllocatedOutputBuffer(pgpContext, (LPVOID *)&szPlainMsg, 16384, (PGPUInt32 *)&dwPlainMsgLen), #if (PGP_WIN32 < 0x700) PGPOKeySetRef(pgpContext, PrivateKeyDB), #else PGPOKeyDBRef(pgpContext, PrivateKeyDB), #endif PGPOPassphrase(pgpContext, pszPassphrase), PGPOLastOption(pgpContext)); if (CheckPGPError(err)) iTry = 3; else if (!dwPlainMsgLen) { PGPFreeData(pszPassphrase); pszPassphrase = 0; iTry++; } } while(!dwPlainMsgLen && iTry<3); #if (PGP_WIN32 < 0x700) PGPFreeKeySet(PrivateKeyDB); #else PGPFreeKeyDB(PrivateKeyDB); #endif if(iTry == 3) return 0; LPSTR szMsg = (LPSTR) LocalAlloc(LPTR,dwPlainMsgLen+1); _pgp_memcpy(szMsg, szPlainMsg, dwPlainMsgLen); szMsg[dwPlainMsgLen] = 0; PGPFreeData((LPVOID)szPlainMsg); return szMsg; }
int pkcs7DecryptCallback ( unsigned char **msg, /* [OUT] decrypted data */ size_t *msgLen, /* [OUT] decrypted data len */ const char *contentEncAlg, /* [IN] data encrypted alg */ PKIANY *param, /* [IN] data encryption parameter (e.g., initialization vector) */ PKIEncryptedContent *content, /* [IN] encrypted data */ const char *keyEncAlg, /* [IN] key encryption alg */ PKIEncryptedKey *enckey, /* [IN] encrypted key */ PKICertificate *cert, /* [IN] key to decrypt with */ void *data, /* [IN] callback data (optional) */ PKICONTEXT *asnmem ) { X509CMSCallbackData *pgpData = (X509CMSCallbackData *) data; PGPError err; PGPSize decmax; PGPByte *encKeyData; PGPMemoryMgrRef mem; PGPCipherAlgorithm symKeyAlg; PGPSymmetricCipherContextRef cipherRef; PGPCBCContextRef cbcRef; PGPPrivateKeyContextRef privKey; PGPSize keySize; PGPSize blockSize; PGPOptionListRef pass; PKIOCTET_STRING *iv; int e = 0; size_t pad; (void) keyEncAlg; (void) cert; *msg = NULL; *msgLen = 0; if (!strcmp (contentEncAlg, SM_OID_ALG_3DES)) symKeyAlg = kPGPCipherAlgorithm_3DES; else { /* unsupported algorithm */ return PKCS7_ERROR_CALLBACK; } /* decrypt the encrypted session key with our private key */ PGPCopyOptionList (pgpData->passphrase, &pass); err = PGPNewPrivateKeyContext (pgpData->key, kPGPPublicKeyMessageFormat_PKCS1, &privKey, pass, PGPOLastOption (pgpData->context)); if (IsPGPError (err)) return PKCS7_ERROR_CALLBACK; err = PGPGetPrivateKeyOperationSizes (privKey, &decmax, NULL, NULL); if (IsPGPError (err)) { err = PGPFreePrivateKeyContext (privKey); return PKCS7_ERROR_CALLBACK; } mem = PGPGetContextMemoryMgr (pgpData->context); encKeyData = PGPNewSecureData (mem, decmax, 0); err = PGPPrivateKeyDecrypt (privKey, enckey->val, enckey->len, encKeyData, &decmax); if (IsPGPError (err)) { PGPFreeData (encKeyData); err = PGPFreePrivateKeyContext (privKey); return PKCS7_ERROR_CALLBACK; } err = PGPFreePrivateKeyContext (privKey); /* unpack the parameters for the decryption (IV) */ PKIUnpackOCTET_STRING (asnmem, &iv, param->val, param->len, &e); if (e) { PGPFreeData (encKeyData); return PKCS7_ERROR_CALLBACK; } /* now decrypt the message data with the extracted key */ err = PGPNewSymmetricCipherContext (mem, symKeyAlg, decmax, &cipherRef); if (IsPGPError (err)) { PGPFreeData (encKeyData); PKIFreeOCTET_STRING (asnmem, iv); return PKCS7_ERROR_CALLBACK; } err = PGPGetSymmetricCipherSizes (cipherRef, &keySize, &blockSize); if (IsPGPError (err)) { PGPFreeData (encKeyData); PKIFreeOCTET_STRING (asnmem, iv); err = PGPFreeSymmetricCipherContext (cipherRef); return PKCS7_ERROR_CALLBACK; } err = PGPNewCBCContext (cipherRef, &cbcRef); if (IsPGPError (err)) { PGPFreeData (encKeyData); err = PGPFreeSymmetricCipherContext (cipherRef); PKIFreeOCTET_STRING (asnmem, iv); return PKCS7_ERROR_CALLBACK; } err = PGPInitCBC (cbcRef, encKeyData, iv->val); if (IsPGPError (err)) { err = PGPFreeCBCContext (cbcRef); PKIFreeOCTET_STRING (asnmem, iv); PGPFreeData (encKeyData); return PKCS7_ERROR_CALLBACK; } PKIFreeOCTET_STRING (asnmem, iv); PGPFreeData (encKeyData); *msgLen = content->len; *msg = PKIAlloc (asnmem->memMgr, content->len); err = PGPCBCDecrypt (cbcRef, content->val, content->len, *msg); if (IsPGPError (err)) { PKIFree (asnmem->memMgr, *msg); *msg = NULL; *msgLen = 0; err = PGPFreeCBCContext (cbcRef); return PKCS7_ERROR_CALLBACK; } /* remove PKCS7 padding in last block */ pad = *(*msg + *msgLen - 1); if (pad < 1 || pad > blockSize) return PKCS7_ERROR_CALLBACK; /* invalid pad, decryption failed */ *msgLen -= pad; return PKCS7_OK; }
int pkcs7SignCallback ( PKIOCTET_STRING *sigValue, /* OUT */ const char *hashAlgorithm, const char *signatureAlgorithm, PKICertificate *signerCertificate, unsigned char *tbs, size_t tbsLen, void *data, PKICONTEXT *asnmem) { PGPError err; PGPHashContextRef hash; PGPHashAlgorithm algid; PGPPrivateKeyContextRef privkey; X509CMSCallbackData *pgpData = (X509CMSCallbackData *) data; PGPMemoryMgrRef mem; PGPOptionListRef pass; (void) signatureAlgorithm; (void) signerCertificate; if (!strcmp (SM_OID_ALG_MD5, hashAlgorithm)) algid = kPGPHashAlgorithm_MD5; else if (!strcmp (SM_OID_ALG_SHA, hashAlgorithm)) algid = kPGPHashAlgorithm_SHA; else return PKCS7_ERROR_HASH_ALG; mem = PGPGetContextMemoryMgr (pgpData->context); err = PGPNewHashContext (mem, algid, &hash); if (IsPGPError (err)) return PKCS7_ERROR_SIGN_CALLBACK; err = PGPContinueHash (hash, tbs, tbsLen); if (IsPGPError (err)) { err = PGPFreeHashContext (hash); return PKCS7_ERROR_SIGN_CALLBACK; } PGPCopyOptionList (pgpData->passphrase, &pass); err = PGPNewPrivateKeyContext (pgpData->key, kPGPPublicKeyMessageFormat_X509, &privkey, pass, PGPOLastOption (pgpData->context)); if (IsPGPError (err)) { err = PGPFreeHashContext (hash); return PKCS7_ERROR_SIGN_CALLBACK; } err = PGPGetPrivateKeyOperationSizes (privkey, NULL, NULL, &sigValue->len); if (IsPGPError (err)) { err = PGPFreeHashContext (hash); err = PGPFreePrivateKeyContext (privkey); return PKCS7_ERROR_SIGN_CALLBACK; } sigValue->val = PKIAlloc (asnmem->memMgr, sigValue->len); err = PGPPrivateKeySign (privkey, hash, sigValue->val, &sigValue->len); if (IsPGPError (err)) { PKIFree (asnmem->memMgr, sigValue->val); sigValue->val = NULL; sigValue->len = 0; err = PGPFreeHashContext (hash); err = PGPFreePrivateKeyContext (privkey); return PKCS7_ERROR_HASH_CALLBACK; } err = PGPFreePrivateKeyContext (privkey); return PKCS7_OK; }
BOOL CALLBACK pgpKeyPassphraseDlgProc ( HWND hDlg, UINT uMsg, WPARAM wParam, LPARAM lParam) { CPGPKeyPassphraseDialogOptions *options; GPP *gpp; INT i; DWORD Common; Common=DoCommonCalls (hDlg,uMsg,wParam,lParam); if(Common) return Common; switch (uMsg) { case WM_INITDIALOG: { RECT rc; int iTextWidth; HDC hdc; char szNameFinal[kPGPMaxUserIDSize]; gpp=(GPP *)GetWindowLong (hDlg, GWL_USERDATA); options = (CPGPKeyPassphraseDialogOptions *) gpp->options; gpp->iNextTabControl = IDOK; gpp->wpOrigPhrase1Proc = (WNDPROC) SetWindowLong( GetDlgItem(hDlg, IDC_PHRASE1), GWL_WNDPROC, (LONG) PhraseSubclassProc); GetClientRect(GetDlgItem(hDlg,IDC_KEYNAME), &rc); iTextWidth = rc.right-rc.left; hdc = GetDC (GetDlgItem(hDlg,IDC_KEYNAME)); GetKeyString(hdc,iTextWidth,options->mDefaultKey,szNameFinal); SetWindowText(GetDlgItem(hDlg,IDC_KEYNAME),szNameFinal); ReleaseDC (GetDlgItem (hDlg, IDC_KEYNAME), hdc); gpp->hwndOptionsControl=DisplayOptions(hDlg,options->mDialogOptions,130); return FALSE; } case WM_COMMAND: { gpp=(GPP *)GetWindowLong (hDlg, GWL_USERDATA); options = (CPGPKeyPassphraseDialogOptions *) gpp->options; switch (LOWORD (wParam)) { case IDOK: { PGPBoolean PassValid; FreePassphrases(gpp); i = SendDlgItemMessage (hDlg, IDC_PHRASE1, WM_GETTEXTLENGTH, 0, 0) +1; gpp->szDummy = (char *)secAlloc (gpp->context, i); if(gpp->szDummy) { gpp->pszPassPhrase = (char *)secAlloc (gpp->context, i); if (gpp->pszPassPhrase) { GetDlgItemText (hDlg, IDC_PHRASE1, gpp->szDummy, i); if(PassphraseLengthAndQualityOK(hDlg,options,gpp->pszPassPhrase)) { if(!options->mVerifyPassphrase) { ClearPassphrases(hDlg,gpp); SaveOptionSettings(gpp->hwndOptionsControl); EndDialog (hDlg, kPGPError_NoErr); break; } PassValid=PGPPassphraseIsValid (options->mDefaultKey, PGPOPassphrase (gpp->context, gpp->pszPassPhrase), PGPOLastOption (gpp->context)); if(PassValid) { ClearPassphrases(hDlg,gpp); SaveOptionSettings(gpp->hwndOptionsControl); EndDialog (hDlg, kPGPError_NoErr); break; } else { PGPsdkUIMessageBox (hDlg, IDS_PGPERROR,IDS_BADPASSREENTER, MB_OK|MB_ICONSTOP); } } // Bad passphrase/quality ClearPassphrases(hDlg,gpp); FreePassphrases(gpp); break; } } // Couldn't allocate passphrases ClearPassphrases(hDlg,gpp); FreePassphrases(gpp); EndDialog (hDlg, kPGPError_OutOfMemory); break; } } } break; } return FALSE; }
PluginError PerformTranslation( short trans_id, char* in_file, char* out_file, char** addresses, emsMIMEtypeP in_mime, emsMIMEtypeP* out_mime ) { PluginError pluginReturn = EMSR_UNKNOWN_FAIL; BOOL bSign = FALSE; PGPError error = 0; PGPSize mimeBodyOffset = 0; char szExe[256]; char szDll[256]; assert(in_file); assert(out_file); LoadString(g_hinst, IDS_EXE, szExe, sizeof(szExe)); LoadString(g_hinst, IDS_DLL, szDll, sizeof(szDll)); switch( trans_id ) { case kEncryptTranslatorID: case kSignTranslatorID: case kEncryptAndSignTranslatorID: { char** RecipientList = NULL; unsigned long numRecipients = 0; PGPOptionListRef pgpOptions = NULL; PGPOptionListRef signOptions = NULL; char mimeSeparator[kPGPMimeSeparatorSize]; PRECIPIENTDIALOGSTRUCT prds = NULL; // allocate a recipient dialog structure prds = (PRECIPIENTDIALOGSTRUCT) calloc(sizeof(RECIPIENTDIALOGSTRUCT), 1); if(prds) { char szTitle[256] = {0x00}; // title for recipient dialog UINT recipientReturn = FALSE; // recipient dialog result error = PGPsdkLoadDefaultPrefs(g_pgpContext); if (IsPGPError(error)) { PGPclEncDecErrorBox(g_hwndEudoraMainWindow, error); return EMSR_UNKNOWN_FAIL; } error = PGPOpenDefaultKeyRings(g_pgpContext, (PGPKeyRingOpenFlags)0, &(prds->OriginalKeySetRef)); if (IsPGPError(error)) { PGPclEncDecErrorBox(g_hwndEudoraMainWindow, error); return EMSR_UNKNOWN_FAIL; } if ((trans_id == kEncryptTranslatorID) || (trans_id == kEncryptAndSignTranslatorID)) { if(addresses) // do we have addresses to pass along { numRecipients = CreateRecipientList(addresses, &RecipientList); } LoadString(GetModuleHandle("PGPplugin.dll"), IDS_TITLE_RECIPIENTDIALOG, szTitle, sizeof(szTitle)); prds->Context = g_pgpContext; prds->tlsContext = g_tlsContext; prds->Version = CurrentPGPrecipVersion; prds->hwndParent = g_hwndEudoraMainWindow; prds->szTitle = szTitle; prds->dwOptions = PGPCL_ASCIIARMOR; prds->dwDisableFlags = PGPCL_DISABLE_WIPEORIG | PGPCL_DISABLE_ASCIIARMOR | PGPCL_DISABLE_SDA; prds->dwNumRecipients = numRecipients; prds->szRecipientArray = RecipientList; /* Disable FYEO if there's an attachment or HTML */ if (in_mime && !match_mime_type(in_mime, "text", "plain")) prds->dwDisableFlags |= PGPCL_DISABLE_FYEO; // If shift is pressed, force the dialog to pop. if (GetAsyncKeyState( VK_CONTROL) & 0x8000) prds->dwDisableFlags|=PGPCL_DISABLE_AUTOMODE; // See who we wish to encrypt this to recipientReturn = PGPclRecipientDialog( prds ); if (prds->AddedKeys != NULL) { PGPUInt32 numKeys; PGPCountKeys(prds->AddedKeys, &numKeys); if (numKeys > 0) PGPclQueryAddKeys(g_pgpContext, g_tlsContext, g_hwndEudoraMainWindow, prds->AddedKeys, NULL); PGPFreeKeySet(prds->AddedKeys); prds->AddedKeys = NULL; } if (!recipientReturn) { if (RecipientList) FreeRecipientList(RecipientList, numRecipients); if (prds->SelectedKeySetRef != NULL) PGPFreeKeySet(prds->SelectedKeySetRef); PGPFreeKeySet(prds->OriginalKeySetRef); free(prds); return EMSR_UNKNOWN_FAIL; } } if( IsntPGPError(error) ) { error = PGPBuildOptionList(g_pgpContext, &pgpOptions, PGPOOutputLineEndType(g_pgpContext, kPGPLineEnd_CRLF), PGPOPGPMIMEEncoding(g_pgpContext, TRUE, &mimeBodyOffset, mimeSeparator), PGPOLastOption(g_pgpContext) ); } if(IsntPGPError( error)) { error = EncryptSignFile(g_hinst, g_hwndEudoraMainWindow, g_pgpContext, g_tlsContext, szExe, szDll, in_file, prds, pgpOptions, &signOptions, out_file, ((trans_id == kSignTranslatorID) ? FALSE : TRUE ), ((trans_id == kEncryptTranslatorID) ? FALSE : TRUE ), FALSE); PGPFreeOptionList(pgpOptions); PGPFreeOptionList(signOptions); } else { PGPclEncDecErrorBox (NULL, error); } if (RecipientList) FreeRecipientList(RecipientList, numRecipients); if (prds->SelectedKeySetRef != NULL) PGPFreeKeySet(prds->SelectedKeySetRef); PGPFreeKeySet(prds->OriginalKeySetRef); free(prds); if( IsntPGPError(error) ) { if( out_mime ) { pluginReturn = BuildEncryptedPGPMIMEType( out_mime, mimeSeparator ); if(EMSR_OK == pluginReturn) { pluginReturn = AddMIMEParam(*out_mime, "PGPFormat", "PGPMIME-encrypted" ); } } } } break; } case kDecryptTranslatorID: case kVerifyTranslatorID: { char *szTempFile = NULL; BOOL bFYEO = FALSE; void *pOutput = NULL; PGPSize outSize = 0; error = DecryptVerifyFile(g_hinst, g_hwndEudoraMainWindow, g_pgpContext, g_tlsContext, szExe, szDll, in_file, TRUE, FALSE, &szTempFile, &pOutput, &outSize, &bFYEO); if( IsntPGPError(error) ) { if ((bFYEO)||(GetSecureViewerPref((void *)g_pgpContext))) TempestViewer((void *)g_pgpContext,NULL,pOutput,outSize, bFYEO); CopyFile(szTempFile, out_file, FALSE); DeleteFile(szTempFile); if( out_mime ) { ParseFileForMIMEType( out_file, out_mime ); } if ((bFYEO)||(GetSecureViewerPref((void *)g_pgpContext))) pluginReturn = EMSR_UNKNOWN_FAIL; else pluginReturn = EMSR_OK; } if (szTempFile != NULL) PGPFreeData(szTempFile); if (pOutput != NULL) PGPFreeData(pOutput); break; } } return pluginReturn; }
/***** * * sign_certificate * * Call-out routine used by the CMS library for signing provided data * (a certificate). * * Parameters and return values defined in CMS docs. This uses the * PGP SDK. See "PGP Software Developer's Kit, Reference Manual" * for details on calls used here. * *****/ int x509CMSSignCallback (unsigned char **sig, size_t *siglen, unsigned char *ber, size_t berlen, const unsigned char *alg, size_t algLen, void *data, TC_CONTEXT *ctx) { X509CMSCallbackData *pgpData = (X509CMSCallbackData *) data; PGPPrivateKeyContextRef privKey = NULL; PGPHashContextRef hash; PGPMemoryMgrRef mgrRef; PGPError err; int ret = -1; PGPOptionListRef pass; PGPHashAlgorithm hashAlg; (void) alg; (void) algLen; if (!pgpData || !pgpData->passphrase || !pgpData->context) return -1; do { /* create and calculate the hash, do not finalize hash for PGPPrivateKeySign() call */ mgrRef = PGPGetContextMemoryMgr (pgpData->context); hashAlg = x509HashAlgorithm (alg, algLen); err = PGPNewHashContext (mgrRef, hashAlg, &hash); if (IsPGPError (err)) break; err = PGPContinueHash (hash, ber, berlen); if (IsPGPError (err)) break; /* create the private key context */ PGPCopyOptionList (pgpData->passphrase, &pass); err = PGPNewPrivateKeyContext (pgpData->key, kPGPPublicKeyMessageFormat_X509, &privKey, pass, PGPOLastOption (pgpData->context)); if (IsPGPError (err)) break; /* figure out signature size */ err = PGPGetPrivateKeyOperationSizes (privKey, NULL, NULL, siglen); if (IsPGPError (err)) break; if (*siglen == 0) /* can't use key to sign */ break; *sig = TC_Alloc (ctx->memMgr, *siglen); if (*sig == NULL) break; memset (*sig, 0, *siglen); /* calculate signature */ err = PGPPrivateKeySign (privKey, hash, *sig, siglen); hash = NULL; /* dont attempt to free it later */ if (IsPGPError (err)) break; ret = 0; } while (0); /* clean-up */ if (hash) err = PGPFreeHashContext (hash); err = PGPFreePrivateKeyContext (privKey); return ret; } /* sign */
/***** * * verify_signature * * Call-out routine used by the CMS library for verifying a signature. * Parameters and return values defined in CMS docs. This uses the * PGP SDK. See "PGP Software Developer's Kit, Reference Manual" * for details on calls used here. * *****/ int x509CMSVerifyCallback ( unsigned char *data, size_t dataLen, unsigned char *sigalg, size_t algLen, unsigned char *params, size_t paramLen, unsigned char *signature, size_t sigLen, unsigned char *pubkey, size_t pubkeyLen, TC_CERT *issuer, void *verData, TC_CONTEXT *ctx) { X509CMSCallbackData *pgpData = (X509CMSCallbackData *) verData; PGPMemoryMgrRef mgrRef; PGPPublicKeyContextRef publicKey; PGPHashContextRef hash; PGPKeySetRef keySet; PGPKeyListRef klist; PGPKeyIterRef kiter; PGPKeyRef mykey; PGPError err; PGPByte *certData; PGPSize certDataLen; int rtn = -1; PGPHashAlgorithm hashAlg; (void) params; (void) paramLen; (void) pubkey; (void) pubkeyLen; do { /* check that the algorithm ID is allowed */ /* TODO... */ /* if we dont have the issuer's certificate, we can't verify the signature. */ /* PGPsdk needs to have a function that takes raw ASN.1 encoded key material and returns a KeyRef in order to support verification of PKCS10 requests */ if (!issuer) break; /* import the certificate into pgp */ tc_pack_cert (&certData, &certDataLen, issuer, ctx); /* import the key into a PGP key set */ err = PGPImportKeySet (pgpData->context, &keySet, PGPOX509Encoding (pgpData->context, 1), PGPOInputBuffer (pgpData->context, certData, certDataLen), PGPOLastOption (pgpData->context)); TC_Free (ctx->memMgr, certData); if (IsPGPError (err)) break; /* extract the key into a PGPKeyRef */ err = PGPOrderKeySet (keySet, kPGPAnyOrdering, &klist); if (IsPGPError (err)) break; err = PGPNewKeyIter (klist, &kiter); if (IsPGPError (err)) break; err = PGPKeyIterNext (kiter, &mykey); if (IsPGPError (err)) break; /* create the public key context */ err = PGPNewPublicKeyContext (mykey, kPGPPublicKeyMessageFormat_X509, &publicKey); if (IsPGPError (err)) break; hashAlg = x509HashAlgorithm (sigalg, algLen); /* create and calculate the hash, do not finalize hash for PGPPublicKeyVerify() call */ mgrRef = PGPGetContextMemoryMgr (pgpData->context); err = PGPNewHashContext (mgrRef, hashAlg, &hash); if (IsPGPError (err)) break; err = PGPContinueHash (hash, data, dataLen); if (IsPGPError (err)) break; err = PGPPublicKeyVerifySignature ( publicKey, hash, (void *)signature, sigLen); hash = NULL; if ( IsPGPError(err) ) break; rtn = 0; } while (0); /* clean-up */ PGPFreeKeyIter(kiter); PGPFreeKeyList(klist); PGPFreeKeySet(keySet); if (hash) PGPFreeHashContext(hash); PGPFreePublicKeyContext (publicKey); return rtn; } /* verify_signature */
int revokeOrDisableKey(struct pgpmainBones *mainbPtr, char *keyguffin, PGPFileSpecRef keyfilespec) { PGPContextRef context = mainbPtr->pgpContext; struct pgpfileBones *filebPtr = mainbPtr->filebPtr; PGPEnv *env = mainbPtr->envbPtr->m_env; PGPBoolean compatible = mainbPtr->envbPtr->compatible; PGPKeySetRef ringset = NULL; PGPKeyListRef keylist = NULL; PGPKeyIterRef keyiter = NULL; PGPKeyRef key; PGPBoolean propData = FALSE; PGPError err, er2; PGPUInt32 pri; PGPBoolean needsfree = FALSE; char* passphrase = 0; int nkeysrevoked = 0; err = pgpOpenKeyringsFromPubringSpec( mainbPtr, keyfilespec, &ringset, kPGPKeyRingOpenFlags_Mutable ); if ( IsPGPError(err)) goto done; mainbPtr->workingRingSet=ringset; /*mainbPtr->workingGroupSet=NULL;*/ err = pgpGetMatchingKeyList( mainbPtr, keyguffin, kMatch_NotKeyServer, &keylist ); pgpAssertNoErr(err); err = PGPNewKeyIter( keylist, &keyiter ); pgpAssertNoErr(err); err = PGPKeyIterRewind( keyiter ); pgpAssertNoErr(err); err = PGPKeyIterNext( keyiter, &key ); while( key != NULL ) { pgpShowKeyBrief( filebPtr, key ); pgpShowKeyFingerprint( filebPtr, key ); /* XXX the old version used to ask for your password here... now is different a bit*/ err = PGPGetKeyBoolean( key, kPGPKeyPropIsSecret, &propData ); if( propData ) { PGPUserIDRef alias; PGPSize actual; char useridstr[ kPGPMaxUserIDSize ]; err = PGPGetPrimaryUserID( key, &alias ); pgpAssertNoErr(err); err = PGPGetUserIDStringBuffer( alias, kPGPUserIDPropName, kPGPMaxUserIDSize, useridstr, &actual ); pgpAssertNoErr(err); fprintf(filebPtr->pgpout, LANG("\nDo you want to permanently revoke your public key\n" "by issuing a secret key compromise certificate\n" "for \"%s\" (y/N)? "), useridstr ); if( getyesno( filebPtr, 'n', 0 ) ) { err = pgpGetValidPassphrase( mainbPtr, key, &passphrase, &needsfree); if( err == 0 ) { nkeysrevoked++; err = PGPRevokeKey( key, PGPOPassphrase( context, passphrase ), PGPOLastOption( context ) ); pgpAssertNoErr( err ); } goto tail; } } err = PGPGetKeyBoolean( key, kPGPKeyPropIsDisabled, &propData ); pgpAssertNoErr( err ); if( propData ) { fprintf( filebPtr->pgpout, LANG("\nKey is already disabled.\n" "Do you want to enable this key again (y/N)? ")); if( getyesno( filebPtr,'n',0) ) { err = PGPEnableKey( key ); pgpAssertNoErr( err ); } } else { fprintf( filebPtr->pgpout, LANG("\nDisable this key (y/N)? ")); if( getyesno( filebPtr,'n',0) ) { err = PGPDisableKey( key ); pgpAssertNoErr( err ); } } tail: err = PGPKeyIterNext( keyiter, &key ); } /*if( nkeysrevoked > 0 ) { err = PGPPropagateTrust( ringset ); pgpAssertNoErr( err ); }*/ if( PGPKeySetNeedsCommit( ringset ) ) { err = PGPCommitKeyRingChanges( ringset ); } done: if( needsfree ) { PGPFreeData( passphrase ); pgpRemoveFromPointerList( mainbPtr->leaks, passphrase ); } if (ringset) er2 = PGPFreeKeySet( ringset ); mainbPtr->workingRingSet = NULL; if (keyiter) er2 = PGPFreeKeyIter( keyiter ); if (keylist) er2 = PGPFreeKeyList( keylist ); if ( !compatible && IsPGPError(err) && pgpenvGetInt( env, PGPENV_VERBOSE, &pri, &er2) ) pgpShowError(filebPtr, err,__FILE__,__LINE__); return err; }
static PGPError sChangeKeyPhrase ( PGPContextRef context, PGPKeySetRef keyset, PGPKeyRef key, LPSTR szOld, PGPByte* pPasskeyOld, PGPSize sizePasskeyOld, PGPByte* pPasskey, PGPSize sizePasskey) { UINT u; PGPKeyListRef keylist; PGPKeyIterRef keyiter; PGPSubKeyRef subkey; PGPError err; if (szOld) { err = PGPChangePassphrase (key, PGPOPassphrase (context, szOld), PGPOPasskeyBuffer (context, pPasskey, sizePasskey), PGPOLastOption (context)); } else if (sizePasskeyOld > 0) { err = PGPChangePassphrase (key, PGPOPasskeyBuffer (context, pPasskeyOld, sizePasskeyOld), PGPOPasskeyBuffer (context, pPasskey, sizePasskey), PGPOLastOption (context)); } else { err = PGPChangePassphrase (key, PGPOPassphrase (context, ""), PGPOPasskeyBuffer (context, pPasskey, sizePasskey), PGPOLastOption (context)); } if (IsPGPError (err)) return err; PGPGetKeyNumber (key, kPGPKeyPropAlgID, &u); switch (u) { case kPGPPublicKeyAlgorithm_RSA : break; case kPGPPublicKeyAlgorithm_DSA : PGPOrderKeySet (keyset, kPGPAnyOrdering, &keylist); PGPNewKeyIter (keylist, &keyiter); PGPKeyIterSeek (keyiter, key); PGPKeyIterNextSubKey (keyiter, &subkey); while (subkey) { if (szOld) { err = PGPChangeSubKeyPassphrase (subkey, PGPOPassphrase (context, szOld), PGPOPasskeyBuffer (context, pPasskey, sizePasskey), PGPOLastOption (context)); } else if (sizePasskeyOld > 0) { err = PGPChangeSubKeyPassphrase (subkey, PGPOPasskeyBuffer (context, pPasskeyOld, sizePasskeyOld), PGPOPasskeyBuffer (context, pPasskey, sizePasskey), PGPOLastOption (context)); } else { err = PGPChangeSubKeyPassphrase (subkey, PGPOPassphrase (context, ""), PGPOPasskeyBuffer (context, pPasskey, sizePasskey), PGPOLastOption (context)); } PGPKeyIterNextSubKey (keyiter, &subkey); } PGPFreeKeyIter (keyiter); PGPFreeKeyList (keylist); break; default : break; } return err; }
static PGPError sSaveSharesToFile ( PSHAREHOLDERSTRUCT pshs, PGPContextRef context, PGPShareRef sharesTotal, PGPKeySetRef keyset, LPSTR pszFolder) { PFLFileSpecRef filespec = NULL; PGPShareFileRef sharefile = NULL; PGPShareRef sharesHolder = NULL; PGPOptionListRef encodeOptions = NULL; PGPError err = kPGPError_NoErr; INT iModifier = 0; CHAR szPath[MAX_PATH]; CHAR szModifier[MAX_SHARES_LEN+1]; CHAR sz1[32]; CHAR sz2[kPGPMaxUserIDSize + 32]; PGPKeyRef key; // create file name and filespec err = sCreateFilePathFromUserName (pszFolder, pshs->szUserID, pshs->uShares, NULL, szPath, sizeof(szPath)); if (IsPGPError (err)) goto SaveFileCleanup; // check for pre-existence of file while (GetFileAttributes (szPath) != 0xFFFFFFFF) { iModifier++; if (iModifier > MAX_SHARES) { err = kPGPError_CantOpenFile; goto SaveFileCleanup; } wsprintf (szModifier, " %i", iModifier); err = sCreateFilePathFromUserName (pszFolder, pshs->szUserID, pshs->uShares, szModifier, szPath, sizeof(szPath)); if (IsPGPError (err)) goto SaveFileCleanup; } err = PFLNewFileSpecFromFullPath (PGPGetContextMemoryMgr (context), szPath, &filespec); if (IsPGPError (err)) goto SaveFileCleanup; err = PFLFileSpecCreate (filespec); if (IsPGPError (err)) goto SaveFileCleanup; err = PGPNewShareFile (filespec, &sharefile); if (IsPGPError (err)) goto SaveFileCleanup; err = PGPSetShareFileUserID (sharefile, pshs->szUserID); if (IsPGPError (err)) goto SaveFileCleanup; err = PGPSplitShares (sharesTotal, pshs->uShares, &sharesHolder); if (IsPGPError (err)) goto SaveFileCleanup; // if this shareholder has public key, use it if (pshs->bPublicKey) { err = PGPSetShareFileOwnerKeyID (sharefile, pshs->keyid); if (IsPGPError (err)) goto SaveFileCleanup; err = PGPGetKeyByKeyID (keyset, &(pshs->keyid), pshs->keyalg, &key); if (IsPGPError (err)) { LoadString (g_hInst, IDS_CAPTIONERROR, sz1, sizeof(sz1)); LoadString (g_hInst, IDS_SHAREKEYGONE, sz2, sizeof(sz2)); lstrcat (sz2, pshs->szUserID); MessageBox (NULL, sz2, sz1, MB_OK|MB_ICONERROR); err = kPGPError_UserAbort; goto SaveFileCleanup; } err = PGPBuildOptionList (context, &encodeOptions, PGPOEncryptToKey (context, key), PGPOLastOption (context)); if (IsPGPError (err)) goto SaveFileCleanup; } // there is no public key for this shareholder else { err = PGPBuildOptionList (context, &encodeOptions, PGPOConventionalEncrypt (context, PGPOPassphrase (context, pshs->pszPassphrase), PGPOLastOption (context)), PGPOLastOption (context)); if (IsPGPError (err)) goto SaveFileCleanup; } err = PGPCopySharesToFile (context, sharefile, encodeOptions, sharesHolder); if (IsPGPError (err)) goto SaveFileCleanup; err = PGPSaveShareFile (sharefile); SaveFileCleanup: if (encodeOptions != NULL) PGPFreeOptionList (encodeOptions); if (sharesHolder != NULL) PGPFreeShares (sharesHolder); if (sharefile != NULL) PGPFreeShareFile (sharefile); if (filespec != NULL) PFLFreeFileSpec (filespec); return err; }
BOOL KMSplitDropKeys ( PSPLITKEYSTRUCT psks, HANDLE hMem) { PGPKeySetRef keyset = NULL; PGPKeyListRef keylist = NULL; PGPKeyIterRef keyiter = NULL; LPSTR pMem = NULL; PGPError err; PGPKeyRef key; PGPKeyID keyid; BOOL bKeys; PGPBoolean bKeyIsUsable; size_t sLen; PSHAREHOLDERSTRUCT pshs; PGPPublicKeyAlgorithm alg; bKeys = FALSE; if (hMem) { pMem = GlobalLock (hMem); if (pMem) { sLen = lstrlen (pMem); err = PGPImportKeySet (psks->pKM->Context, &keyset, PGPOInputBuffer (psks->pKM->Context, pMem, sLen), PGPOLastOption (psks->pKM->Context)); if (IsPGPError (err)) goto SplitDropCleanup; err = PGPOrderKeySet (keyset, kPGPAnyOrdering, &keylist); if (IsPGPError (err)) goto SplitDropCleanup; err = PGPNewKeyIter (keylist, &keyiter); if (IsPGPError (err)) goto SplitDropCleanup; PGPKeyIterNext (keyiter, &key); while (key) { bKeyIsUsable = FALSE; PGPGetKeyNumber (key, kPGPKeyPropAlgID, &alg); PGPGetKeyIDFromKey (key, &keyid); // key must either not be RSA or RSA ops must be enabled PGPGetKeyBoolean (key, kPGPKeyPropCanEncrypt, &bKeyIsUsable); // key must not be the same one that is being split if (alg == psks->keyalgToSplit) { if (PGPCompareKeyIDs (&keyid, &(psks->keyidToSplit))==0) bKeyIsUsable = FALSE; } // key must not already be in list if (sIsKeyIDAlreadyInList (&keyid, alg, psks)) bKeyIsUsable = FALSE; if (bKeyIsUsable) { bKeys = TRUE; pshs = KMAlloc (sizeof(SHAREHOLDERSTRUCT)); if (pshs) { PGPSize size; pshs->bPublicKey = TRUE; pshs->pszPassphrase = NULL; pshs->uShares = 1; PGPGetPrimaryUserIDNameBuffer (key, sizeof(pshs->szUserID), pshs->szUserID, &size); PGPGetKeyIDFromKey (key, &(pshs->keyid)); PGPGetKeyNumber (key, kPGPKeyPropAlgID, &(pshs->keyalg)); if (sAddShareHolder (psks, pshs, KMDetermineUserIDIcon (key, NULL, NULL), psks->hwndList)) { psks->uTotalShares += pshs->uShares; SetDlgItemInt (psks->hwndDlg, IDC_TOTALSHARES, psks->uTotalShares, FALSE); SendMessage (psks->hwndDlg, WM_COMMAND, MAKEWPARAM(IDC_THRESHOLD, EN_CHANGE), 0); } else { KMFree (pshs); } } } PGPKeyIterNext (keyiter, &key); } SplitDropCleanup : if (keyiter) PGPFreeKeyIter (keyiter); if (keylist) PGPFreeKeyList (keylist); if (keyset) PGPFreeKeySet (keyset); if (pMem) GlobalUnlock (hMem); } } return bKeys; }
PGPUInt32 CHTTPXcertServer::DigestKey( PGPKeyRef inKey, char * inOutputBuffer) { StPGPKeySetRef singleKeySet; StPGPHashContextRef hashContext; StPGPDataRef buffer; PGPSize bufSize; StPGPDataRef encodedBuffer; PGPError pgpErr; pgpErr = PGPNewSingletonKeySet(inKey, &singleKeySet); ThrowIfPGPError_(pgpErr); pgpErr = PGPExportKeySet( singleKeySet, PGPOExportFormat(mContext, kPGPExportFormat_X509Cert), PGPOAllocatedOutputBuffer( mContext, (void **) &buffer, MAX_PGPSize, &bufSize), PGPOLastOption(mContext)); ThrowIfPGPError_(pgpErr); singleKeySet.Free(); encodedBuffer = static_cast<PGPByte *>( PGPNewData( PGPGetContextMemoryMgr(mContext), GetMaxBase64EncodedBufferSize(bufSize), kPGPMemoryMgrFlags_None)); if (encodedBuffer == 0) { ThrowPGPError_(kPGPError_OutOfMemory); }; bufSize = Base64Encode( static_cast<const PGPByte *>(buffer), bufSize, encodedBuffer); buffer.Free(); pgpErr = PGPNewHashContext( PGPGetContextMemoryMgr(mContext), kPGPHashAlgorithm_MD5, &hashContext); ThrowIfPGPError_(pgpErr); // We have to skip the CRs in order to match XCert's hash char * cur = encodedBuffer; char * next; while ((next = strchr(cur, '\r')) != 0) { pgpErr = PGPContinueHash(hashContext, cur, next - cur); ThrowIfPGPError_(pgpErr); cur = next + 1; } pgpErr = PGPContinueHash(hashContext, cur, strlen(cur)); ThrowIfPGPError_(pgpErr); encodedBuffer.Free(); pgpErr = PGPGetHashSize(hashContext, &bufSize); buffer = static_cast<PGPByte *>(PGPNewData( PGPGetContextMemoryMgr(mContext), bufSize, kPGPMemoryMgrFlags_None)); if (buffer == 0) { ThrowPGPError_(kPGPError_OutOfMemory); }; pgpErr = PGPFinalizeHash(hashContext, static_cast<char *>(buffer)); ThrowIfPGPError_(pgpErr); return HexEncode(buffer, bufSize, inOutputBuffer); }