PGPError _pgp_import_key(PGPKeySetRef *keySet, LPCSTR pgpKey)
{
return PGPImportKeySet( pgpContext,
keySet,
PGPOInputBuffer( pgpContext,
pgpKey,
lstrlen(pgpKey) ),
PGPOLastOption( pgpContext ) );
}
PGPError GenericAddKey(MYSTATE *ms,
PGPOptionListRef opts,
char *OperationTarget)
{
PGPKeySetRef AddKeySet;
PGPContextRef context;
PGPError err;
err=kPGPError_NoErr;
context=ms->context;
ms->fileName=OperationTarget;
if(ms->Operation!=MS_ADDKEYCLIPBOARD)
SCSetProgressNewFilename(ms->hPrgDlg,"From '%s'",ms->fileName,TRUE);
err=PGPImportKeySet(context,&AddKeySet,
opts,
PGPOSendNullEvents(context,75),
PGPOEventHandler(context,AddEvents,ms),
PGPOLastOption(context));
SCSetProgressBar(ms->hPrgDlg,100,TRUE);
if(IsntPGPError(err))
{
PGPUInt32 numKeys;
PGPCountKeys( AddKeySet, &numKeys);
if ( numKeys > 0)
{
err=PGPclQueryAddKeys (context,
ms->tlsContext,ms->hwndWorking,AddKeySet,NULL);
}
PGPFreeKeySet (AddKeySet);
}
return err;
}
/*****
*
* verify_signature
*
* Call-out routine used by the CMS library for verifying a signature.
* Parameters and return values defined in CMS docs. This uses the
* PGP SDK. See "PGP Software Developer's Kit, Reference Manual"
* for details on calls used here.
*
*****/
int
x509CMSVerifyCallback (
unsigned char *data,
size_t dataLen,
unsigned char *sigalg,
size_t algLen,
unsigned char *params,
size_t paramLen,
unsigned char *signature,
size_t sigLen,
unsigned char *pubkey,
size_t pubkeyLen,
TC_CERT *issuer,
void *verData,
TC_CONTEXT *ctx)
{
X509CMSCallbackData *pgpData = (X509CMSCallbackData *) verData;
PGPMemoryMgrRef mgrRef;
PGPPublicKeyContextRef publicKey;
PGPHashContextRef hash;
PGPKeySetRef keySet;
PGPKeyListRef klist;
PGPKeyIterRef kiter;
PGPKeyRef mykey;
PGPError err;
PGPByte *certData;
PGPSize certDataLen;
int rtn = -1;
PGPHashAlgorithm hashAlg;
(void) params;
(void) paramLen;
(void) pubkey;
(void) pubkeyLen;
do {
/* check that the algorithm ID is allowed */
/* TODO... */
/* if we dont have the issuer's certificate, we can't verify the
signature. */
/* PGPsdk needs to have a function that takes raw ASN.1 encoded
key material and returns a KeyRef in order to support
verification of PKCS10 requests */
if (!issuer)
break;
/* import the certificate into pgp */
tc_pack_cert (&certData, &certDataLen, issuer, ctx);
/* import the key into a PGP key set */
err = PGPImportKeySet (pgpData->context,
&keySet,
PGPOX509Encoding (pgpData->context, 1),
PGPOInputBuffer (pgpData->context, certData, certDataLen),
PGPOLastOption (pgpData->context));
TC_Free (ctx->memMgr, certData);
if (IsPGPError (err))
break;
/* extract the key into a PGPKeyRef */
err = PGPOrderKeySet (keySet, kPGPAnyOrdering, &klist);
if (IsPGPError (err))
break;
err = PGPNewKeyIter (klist, &kiter);
if (IsPGPError (err))
break;
err = PGPKeyIterNext (kiter, &mykey);
if (IsPGPError (err))
break;
/* create the public key context */
err = PGPNewPublicKeyContext (mykey,
kPGPPublicKeyMessageFormat_X509,
&publicKey);
if (IsPGPError (err))
break;
hashAlg = x509HashAlgorithm (sigalg, algLen);
/* create and calculate the hash, do not finalize hash
for PGPPublicKeyVerify() call */
mgrRef = PGPGetContextMemoryMgr (pgpData->context);
err = PGPNewHashContext (mgrRef, hashAlg, &hash);
if (IsPGPError (err))
break;
err = PGPContinueHash (hash, data, dataLen);
if (IsPGPError (err))
break;
err = PGPPublicKeyVerifySignature (
publicKey, hash, (void *)signature, sigLen);
hash = NULL;
if ( IsPGPError(err) )
break;
rtn = 0;
} while (0);
/* clean-up */
PGPFreeKeyIter(kiter);
PGPFreeKeyList(klist);
PGPFreeKeySet(keySet);
if (hash)
PGPFreeHashContext(hash);
PGPFreePublicKeyContext (publicKey);
return rtn;
} /* verify_signature */
BOOL
KMSplitDropKeys (
PSPLITKEYSTRUCT psks,
HANDLE hMem)
{
PGPKeySetRef keyset = NULL;
PGPKeyListRef keylist = NULL;
PGPKeyIterRef keyiter = NULL;
LPSTR pMem = NULL;
PGPError err;
PGPKeyRef key;
PGPKeyID keyid;
BOOL bKeys;
PGPBoolean bKeyIsUsable;
size_t sLen;
PSHAREHOLDERSTRUCT pshs;
PGPPublicKeyAlgorithm alg;
bKeys = FALSE;
if (hMem) {
pMem = GlobalLock (hMem);
if (pMem) {
sLen = lstrlen (pMem);
err = PGPImportKeySet (psks->pKM->Context, &keyset,
PGPOInputBuffer (psks->pKM->Context, pMem, sLen),
PGPOLastOption (psks->pKM->Context));
if (IsPGPError (err)) goto SplitDropCleanup;
err = PGPOrderKeySet (keyset, kPGPAnyOrdering, &keylist);
if (IsPGPError (err)) goto SplitDropCleanup;
err = PGPNewKeyIter (keylist, &keyiter);
if (IsPGPError (err)) goto SplitDropCleanup;
PGPKeyIterNext (keyiter, &key);
while (key) {
bKeyIsUsable = FALSE;
PGPGetKeyNumber (key, kPGPKeyPropAlgID, &alg);
PGPGetKeyIDFromKey (key, &keyid);
// key must either not be RSA or RSA ops must be enabled
PGPGetKeyBoolean (key, kPGPKeyPropCanEncrypt, &bKeyIsUsable);
// key must not be the same one that is being split
if (alg == psks->keyalgToSplit) {
if (PGPCompareKeyIDs (&keyid, &(psks->keyidToSplit))==0)
bKeyIsUsable = FALSE;
}
// key must not already be in list
if (sIsKeyIDAlreadyInList (&keyid, alg, psks))
bKeyIsUsable = FALSE;
if (bKeyIsUsable) {
bKeys = TRUE;
pshs = KMAlloc (sizeof(SHAREHOLDERSTRUCT));
if (pshs) {
PGPSize size;
pshs->bPublicKey = TRUE;
pshs->pszPassphrase = NULL;
pshs->uShares = 1;
PGPGetPrimaryUserIDNameBuffer (key,
sizeof(pshs->szUserID), pshs->szUserID, &size);
PGPGetKeyIDFromKey (key, &(pshs->keyid));
PGPGetKeyNumber (key,
kPGPKeyPropAlgID, &(pshs->keyalg));
if (sAddShareHolder (psks, pshs,
KMDetermineUserIDIcon (key, NULL, NULL),
psks->hwndList)) {
psks->uTotalShares += pshs->uShares;
SetDlgItemInt (psks->hwndDlg, IDC_TOTALSHARES,
psks->uTotalShares, FALSE);
SendMessage (psks->hwndDlg, WM_COMMAND,
MAKEWPARAM(IDC_THRESHOLD, EN_CHANGE), 0);
}
else {
KMFree (pshs);
}
}
}
PGPKeyIterNext (keyiter, &key);
}
SplitDropCleanup :
if (keyiter)
PGPFreeKeyIter (keyiter);
if (keylist)
PGPFreeKeyList (keylist);
if (keyset)
PGPFreeKeySet (keyset);
if (pMem)
GlobalUnlock (hMem);
}
}
return bKeys;
}
