PGPError _pgp_import_key(PGPKeySetRef *keySet, LPCSTR pgpKey) { return PGPImportKeySet( pgpContext, keySet, PGPOInputBuffer( pgpContext, pgpKey, lstrlen(pgpKey) ), PGPOLastOption( pgpContext ) ); }
PGPError GenericAddKey(MYSTATE *ms, PGPOptionListRef opts, char *OperationTarget) { PGPKeySetRef AddKeySet; PGPContextRef context; PGPError err; err=kPGPError_NoErr; context=ms->context; ms->fileName=OperationTarget; if(ms->Operation!=MS_ADDKEYCLIPBOARD) SCSetProgressNewFilename(ms->hPrgDlg,"From '%s'",ms->fileName,TRUE); err=PGPImportKeySet(context,&AddKeySet, opts, PGPOSendNullEvents(context,75), PGPOEventHandler(context,AddEvents,ms), PGPOLastOption(context)); SCSetProgressBar(ms->hPrgDlg,100,TRUE); if(IsntPGPError(err)) { PGPUInt32 numKeys; PGPCountKeys( AddKeySet, &numKeys); if ( numKeys > 0) { err=PGPclQueryAddKeys (context, ms->tlsContext,ms->hwndWorking,AddKeySet,NULL); } PGPFreeKeySet (AddKeySet); } return err; }
/***** * * verify_signature * * Call-out routine used by the CMS library for verifying a signature. * Parameters and return values defined in CMS docs. This uses the * PGP SDK. See "PGP Software Developer's Kit, Reference Manual" * for details on calls used here. * *****/ int x509CMSVerifyCallback ( unsigned char *data, size_t dataLen, unsigned char *sigalg, size_t algLen, unsigned char *params, size_t paramLen, unsigned char *signature, size_t sigLen, unsigned char *pubkey, size_t pubkeyLen, TC_CERT *issuer, void *verData, TC_CONTEXT *ctx) { X509CMSCallbackData *pgpData = (X509CMSCallbackData *) verData; PGPMemoryMgrRef mgrRef; PGPPublicKeyContextRef publicKey; PGPHashContextRef hash; PGPKeySetRef keySet; PGPKeyListRef klist; PGPKeyIterRef kiter; PGPKeyRef mykey; PGPError err; PGPByte *certData; PGPSize certDataLen; int rtn = -1; PGPHashAlgorithm hashAlg; (void) params; (void) paramLen; (void) pubkey; (void) pubkeyLen; do { /* check that the algorithm ID is allowed */ /* TODO... */ /* if we dont have the issuer's certificate, we can't verify the signature. */ /* PGPsdk needs to have a function that takes raw ASN.1 encoded key material and returns a KeyRef in order to support verification of PKCS10 requests */ if (!issuer) break; /* import the certificate into pgp */ tc_pack_cert (&certData, &certDataLen, issuer, ctx); /* import the key into a PGP key set */ err = PGPImportKeySet (pgpData->context, &keySet, PGPOX509Encoding (pgpData->context, 1), PGPOInputBuffer (pgpData->context, certData, certDataLen), PGPOLastOption (pgpData->context)); TC_Free (ctx->memMgr, certData); if (IsPGPError (err)) break; /* extract the key into a PGPKeyRef */ err = PGPOrderKeySet (keySet, kPGPAnyOrdering, &klist); if (IsPGPError (err)) break; err = PGPNewKeyIter (klist, &kiter); if (IsPGPError (err)) break; err = PGPKeyIterNext (kiter, &mykey); if (IsPGPError (err)) break; /* create the public key context */ err = PGPNewPublicKeyContext (mykey, kPGPPublicKeyMessageFormat_X509, &publicKey); if (IsPGPError (err)) break; hashAlg = x509HashAlgorithm (sigalg, algLen); /* create and calculate the hash, do not finalize hash for PGPPublicKeyVerify() call */ mgrRef = PGPGetContextMemoryMgr (pgpData->context); err = PGPNewHashContext (mgrRef, hashAlg, &hash); if (IsPGPError (err)) break; err = PGPContinueHash (hash, data, dataLen); if (IsPGPError (err)) break; err = PGPPublicKeyVerifySignature ( publicKey, hash, (void *)signature, sigLen); hash = NULL; if ( IsPGPError(err) ) break; rtn = 0; } while (0); /* clean-up */ PGPFreeKeyIter(kiter); PGPFreeKeyList(klist); PGPFreeKeySet(keySet); if (hash) PGPFreeHashContext(hash); PGPFreePublicKeyContext (publicKey); return rtn; } /* verify_signature */
BOOL KMSplitDropKeys ( PSPLITKEYSTRUCT psks, HANDLE hMem) { PGPKeySetRef keyset = NULL; PGPKeyListRef keylist = NULL; PGPKeyIterRef keyiter = NULL; LPSTR pMem = NULL; PGPError err; PGPKeyRef key; PGPKeyID keyid; BOOL bKeys; PGPBoolean bKeyIsUsable; size_t sLen; PSHAREHOLDERSTRUCT pshs; PGPPublicKeyAlgorithm alg; bKeys = FALSE; if (hMem) { pMem = GlobalLock (hMem); if (pMem) { sLen = lstrlen (pMem); err = PGPImportKeySet (psks->pKM->Context, &keyset, PGPOInputBuffer (psks->pKM->Context, pMem, sLen), PGPOLastOption (psks->pKM->Context)); if (IsPGPError (err)) goto SplitDropCleanup; err = PGPOrderKeySet (keyset, kPGPAnyOrdering, &keylist); if (IsPGPError (err)) goto SplitDropCleanup; err = PGPNewKeyIter (keylist, &keyiter); if (IsPGPError (err)) goto SplitDropCleanup; PGPKeyIterNext (keyiter, &key); while (key) { bKeyIsUsable = FALSE; PGPGetKeyNumber (key, kPGPKeyPropAlgID, &alg); PGPGetKeyIDFromKey (key, &keyid); // key must either not be RSA or RSA ops must be enabled PGPGetKeyBoolean (key, kPGPKeyPropCanEncrypt, &bKeyIsUsable); // key must not be the same one that is being split if (alg == psks->keyalgToSplit) { if (PGPCompareKeyIDs (&keyid, &(psks->keyidToSplit))==0) bKeyIsUsable = FALSE; } // key must not already be in list if (sIsKeyIDAlreadyInList (&keyid, alg, psks)) bKeyIsUsable = FALSE; if (bKeyIsUsable) { bKeys = TRUE; pshs = KMAlloc (sizeof(SHAREHOLDERSTRUCT)); if (pshs) { PGPSize size; pshs->bPublicKey = TRUE; pshs->pszPassphrase = NULL; pshs->uShares = 1; PGPGetPrimaryUserIDNameBuffer (key, sizeof(pshs->szUserID), pshs->szUserID, &size); PGPGetKeyIDFromKey (key, &(pshs->keyid)); PGPGetKeyNumber (key, kPGPKeyPropAlgID, &(pshs->keyalg)); if (sAddShareHolder (psks, pshs, KMDetermineUserIDIcon (key, NULL, NULL), psks->hwndList)) { psks->uTotalShares += pshs->uShares; SetDlgItemInt (psks->hwndDlg, IDC_TOTALSHARES, psks->uTotalShares, FALSE); SendMessage (psks->hwndDlg, WM_COMMAND, MAKEWPARAM(IDC_THRESHOLD, EN_CHANGE), 0); } else { KMFree (pshs); } } } PGPKeyIterNext (keyiter, &key); } SplitDropCleanup : if (keyiter) PGPFreeKeyIter (keyiter); if (keylist) PGPFreeKeyList (keylist); if (keyset) PGPFreeKeySet (keyset); if (pMem) GlobalUnlock (hMem); } } return bKeys; }