LPSTR __cdecl _pgp_decrypt_key(LPCSTR szEncMsg, LPCSTR pgpKey) { #if defined(_WIN64) return 0; #else LPSTR szPlainMsg = 0; PGPSize dwPlainMsgLen; PGPUInt32 dwKeys; PGPKeyDBRef PrivateKeyDB; if (CheckPGPError(_pgp_import_key(&PrivateKeyDB,pgpKey))) return 0; PGPCountKeysInKeyDB(PrivateKeyDB, &dwKeys); if(dwKeys==0) { PGPFreeKeyDB(PrivateKeyDB); return 0; } int iTry = 0; do { if (!pszPassphrase && PGPPassphraseDialog(pgpContext, PGPOUIOutputPassphrase(pgpContext, &pszPassphrase), PGPOLastOption(pgpContext)) == kPGPError_UserAbort) { iTry = 3; break; } PGPError err = PGPDecode(pgpContext, PGPOInputBuffer(pgpContext, szEncMsg, lstrlen(szEncMsg)), PGPOAllocatedOutputBuffer(pgpContext, (LPVOID *)&szPlainMsg, 16384, &dwPlainMsgLen), PGPOKeyDBRef(pgpContext, PrivateKeyDB), PGPOPassphrase(pgpContext, pszPassphrase), PGPOLastOption(pgpContext)); if (CheckPGPError(err)) iTry = 3; else if (!dwPlainMsgLen) { PGPFreeData(pszPassphrase); pszPassphrase = 0; iTry++; } } while(!dwPlainMsgLen && iTry<3); PGPFreeKeyDB(PrivateKeyDB); if(iTry == 3) return 0; LPSTR szMsg = (LPSTR) LocalAlloc(LPTR,dwPlainMsgLen+1); _pgp_memcpy(szMsg, szPlainMsg, dwPlainMsgLen); szMsg[dwPlainMsgLen] = 0; PGPFreeData((LPVOID)szPlainMsg); return szMsg; #endif }
LPSTR __cdecl _pgp_encrypt_keydb(LPCSTR szPlainMsg, PVOID pgpKeyID) { #if defined(_WIN64) return 0; #else PGPKeyID *RemoteKeyID = (PGPKeyID *) pgpKeyID; LPSTR szEncMsg = 0; PGPSize dwEncMsgLen; ClearPGPError(); if (!pgpKeyDB) return 0; PGPKeyDBObjRef PublicKey; PGPFindKeyByKeyID(pgpKeyDB, RemoteKeyID, &PublicKey); PGPError err = PGPEncode(pgpContext, PGPOInputBuffer(pgpContext, szPlainMsg, lstrlen(szPlainMsg)), PGPOArmorOutput(pgpContext, TRUE), PGPOAllocatedOutputBuffer(pgpContext, (LPVOID *)&szEncMsg, 16384, &dwEncMsgLen), PGPOEncryptToKeyDBObj(pgpContext, PublicKey), PGPOVersionString(pgpContext, szVersionStr), PGPOLastOption(pgpContext)); if (CheckPGPError(err)) return 0; LPSTR szMsg = (LPSTR) LocalAlloc(LPTR,dwEncMsgLen+1); _pgp_memcpy(szMsg, szEncMsg, dwEncMsgLen); szMsg[dwEncMsgLen] = 0; PGPFreeData((LPVOID)szEncMsg); return szMsg; #endif }
PGPError _pgp_import_key(PGPKeyDBRef *keyDB, LPCSTR pgpKey) { return PGPImport( pgpContext, keyDB, PGPOInputBuffer( pgpContext, pgpKey, lstrlen(pgpKey) ), PGPOLastOption( pgpContext ) ); }
PGPError _pgp_import_key(PGPKeyDBRef *keyDB, LPCSTR pgpKey) { #if defined(_WIN64) return 0; #else return PGPImport( pgpContext, keyDB, PGPOInputBuffer( pgpContext, pgpKey, lstrlen(pgpKey) ), PGPOLastOption(pgpContext )); #endif }
LPSTR __cdecl _pgp_decrypt_keydb(LPCSTR szEncMsg) { LPSTR szPlainMsg = 0; DWORD dwPlainMsgLen; ClearPGPError(); if(!pgpKeyDB) return 0; int iTry = 0; do { if (!pszPassphrase && PGPPassphraseDialog(pgpContext, PGPOUIOutputPassphrase(pgpContext, &pszPassphrase), PGPOLastOption(pgpContext)) == kPGPError_UserAbort) { iTry = 3; break; } PGPError err = PGPDecode(pgpContext, PGPOInputBuffer(pgpContext, szEncMsg, lstrlen(szEncMsg)), PGPOAllocatedOutputBuffer(pgpContext, (LPVOID *)&szPlainMsg, 16384, (PGPUInt32 *)&dwPlainMsgLen), #if (PGP_WIN32 < 0x700) PGPOKeySetRef(pgpContext, pgpKeyDB), #else PGPOKeyDBRef(pgpContext, pgpKeyDB), #endif PGPOPassphrase(pgpContext, pszPassphrase), PGPOLastOption(pgpContext)); if (CheckPGPError(err)) iTry = 3; else if (!dwPlainMsgLen) { PGPFreeData(pszPassphrase); pszPassphrase = 0; iTry++; } } while(!dwPlainMsgLen && iTry<3); if(iTry == 3) return 0; LPSTR szMsg = (LPSTR) LocalAlloc(LPTR,dwPlainMsgLen+1); _pgp_memcpy(szMsg, szPlainMsg, dwPlainMsgLen); szMsg[dwPlainMsgLen] = 0; PGPFreeData((LPVOID)szPlainMsg); return szMsg; }
LPSTR __cdecl _pgp_encrypt_key(LPCSTR szPlainMsg, LPCSTR pgpKey) { #if defined(_WIN64) return 0; #else LPSTR szEncMsg = 0; PGPSize dwEncMsgLen; PGPUInt32 dwKeys; PGPKeyDBRef PublicKeyDB; if (CheckPGPError(_pgp_import_key(&PublicKeyDB,pgpKey))) return 0; PGPKeyIterRef KeyIterRef; PGPNewKeyIterFromKeyDB(PublicKeyDB, &KeyIterRef); PGPKeyDBObjRef PublicKey; PGPKeyIterNextKeyDBObj(KeyIterRef, kPGPKeyDBObjType_Key, &PublicKey); PGPCountKeysInKeyDB(PublicKeyDB, &dwKeys); if(dwKeys==0) { PGPFreeKeyIter(KeyIterRef); PGPFreeKeyDB(PublicKeyDB); return 0; } PGPError err = PGPEncode(pgpContext, PGPOInputBuffer(pgpContext, szPlainMsg, lstrlen(szPlainMsg)), PGPOArmorOutput(pgpContext, TRUE), PGPOAllocatedOutputBuffer(pgpContext, (LPVOID *)&szEncMsg, 16384, &dwEncMsgLen), PGPOEncryptToKeyDBObj(pgpContext, PublicKey), PGPOVersionString(pgpContext, szVersionStr), PGPOLastOption(pgpContext)); PGPFreeKeyIter(KeyIterRef); PGPFreeKeyDB(PublicKeyDB); if (CheckPGPError(err)) return 0; LPSTR szMsg = (LPSTR) LocalAlloc(LPTR,dwEncMsgLen+1); _pgp_memcpy(szMsg, szEncMsg, dwEncMsgLen); szMsg[dwEncMsgLen] = 0; PGPFreeData((LPVOID)szEncMsg); return szMsg; #endif }
LPSTR __cdecl _pgp_encrypt_keydb(LPCSTR szPlainMsg, PVOID pgpKeyID) { PGPKeyID *RemoteKeyID = (PGPKeyID *) pgpKeyID; LPSTR szEncMsg = 0; DWORD dwEncMsgLen; ClearPGPError(); if(!pgpKeyDB) return 0; #if (PGP_WIN32 < 0x700) PGPFilterRef IDFilter; PGPNewKeyIDFilter(pgpContext, RemoteKeyID, &IDFilter); PGPKeySetRef PublicKey; PGPFilterKeySet(pgpKeyDB, IDFilter, &PublicKey); #else PGPKeyDBObjRef PublicKey; PGPFindKeyByKeyID(pgpKeyDB, RemoteKeyID, &PublicKey); #endif PGPError err = PGPEncode(pgpContext, PGPOInputBuffer(pgpContext, szPlainMsg, lstrlen(szPlainMsg)), PGPOArmorOutput(pgpContext, TRUE), PGPOAllocatedOutputBuffer(pgpContext, (LPVOID *)&szEncMsg, 16384, (PGPUInt32 *)&dwEncMsgLen), #if (PGP_WIN32 < 0x700) PGPOEncryptToKeySet(pgpContext, PublicKey), #else PGPOEncryptToKeyDBObj(pgpContext, PublicKey), #endif PGPOVersionString(pgpContext, szVersionStr), PGPOLastOption(pgpContext)); #if (PGP_WIN32 < 0x700) PGPFreeKeySet(PublicKey); PGPFreeFilter(IDFilter); #endif if (CheckPGPError(err)) return 0; LPSTR szMsg = (LPSTR) LocalAlloc(LPTR,dwEncMsgLen+1); _pgp_memcpy(szMsg, szEncMsg, dwEncMsgLen); szMsg[dwEncMsgLen] = 0; PGPFreeData((LPVOID)szEncMsg); return szMsg; }
PGPError AddKeyClipboardStub (MYSTATE *ms) { PGPOptionListRef opts; PGPContextRef context; char StrRes[100]; PGPError err; err=kPGPError_NoErr; context=ms->context; PGPBuildOptionList(context,&opts, PGPOInputBuffer(context,ms->pInput,ms->dwInputSize), PGPOLastOption(context)); LoadString (g_hinst, IDS_CLIPBOARD, StrRes, sizeof(StrRes)); err=GenericAddKey(ms,opts,StrRes); PGPFreeOptionList(opts); return err; }
/***** * * verify_signature * * Call-out routine used by the CMS library for verifying a signature. * Parameters and return values defined in CMS docs. This uses the * PGP SDK. See "PGP Software Developer's Kit, Reference Manual" * for details on calls used here. * *****/ int x509CMSVerifyCallback ( unsigned char *data, size_t dataLen, unsigned char *sigalg, size_t algLen, unsigned char *params, size_t paramLen, unsigned char *signature, size_t sigLen, unsigned char *pubkey, size_t pubkeyLen, TC_CERT *issuer, void *verData, TC_CONTEXT *ctx) { X509CMSCallbackData *pgpData = (X509CMSCallbackData *) verData; PGPMemoryMgrRef mgrRef; PGPPublicKeyContextRef publicKey; PGPHashContextRef hash; PGPKeySetRef keySet; PGPKeyListRef klist; PGPKeyIterRef kiter; PGPKeyRef mykey; PGPError err; PGPByte *certData; PGPSize certDataLen; int rtn = -1; PGPHashAlgorithm hashAlg; (void) params; (void) paramLen; (void) pubkey; (void) pubkeyLen; do { /* check that the algorithm ID is allowed */ /* TODO... */ /* if we dont have the issuer's certificate, we can't verify the signature. */ /* PGPsdk needs to have a function that takes raw ASN.1 encoded key material and returns a KeyRef in order to support verification of PKCS10 requests */ if (!issuer) break; /* import the certificate into pgp */ tc_pack_cert (&certData, &certDataLen, issuer, ctx); /* import the key into a PGP key set */ err = PGPImportKeySet (pgpData->context, &keySet, PGPOX509Encoding (pgpData->context, 1), PGPOInputBuffer (pgpData->context, certData, certDataLen), PGPOLastOption (pgpData->context)); TC_Free (ctx->memMgr, certData); if (IsPGPError (err)) break; /* extract the key into a PGPKeyRef */ err = PGPOrderKeySet (keySet, kPGPAnyOrdering, &klist); if (IsPGPError (err)) break; err = PGPNewKeyIter (klist, &kiter); if (IsPGPError (err)) break; err = PGPKeyIterNext (kiter, &mykey); if (IsPGPError (err)) break; /* create the public key context */ err = PGPNewPublicKeyContext (mykey, kPGPPublicKeyMessageFormat_X509, &publicKey); if (IsPGPError (err)) break; hashAlg = x509HashAlgorithm (sigalg, algLen); /* create and calculate the hash, do not finalize hash for PGPPublicKeyVerify() call */ mgrRef = PGPGetContextMemoryMgr (pgpData->context); err = PGPNewHashContext (mgrRef, hashAlg, &hash); if (IsPGPError (err)) break; err = PGPContinueHash (hash, data, dataLen); if (IsPGPError (err)) break; err = PGPPublicKeyVerifySignature ( publicKey, hash, (void *)signature, sigLen); hash = NULL; if ( IsPGPError(err) ) break; rtn = 0; } while (0); /* clean-up */ PGPFreeKeyIter(kiter); PGPFreeKeyList(klist); PGPFreeKeySet(keySet); if (hash) PGPFreeHashContext(hash); PGPFreePublicKeyContext (publicKey); return rtn; } /* verify_signature */
BOOL KMSplitDropKeys ( PSPLITKEYSTRUCT psks, HANDLE hMem) { PGPKeySetRef keyset = NULL; PGPKeyListRef keylist = NULL; PGPKeyIterRef keyiter = NULL; LPSTR pMem = NULL; PGPError err; PGPKeyRef key; PGPKeyID keyid; BOOL bKeys; PGPBoolean bKeyIsUsable; size_t sLen; PSHAREHOLDERSTRUCT pshs; PGPPublicKeyAlgorithm alg; bKeys = FALSE; if (hMem) { pMem = GlobalLock (hMem); if (pMem) { sLen = lstrlen (pMem); err = PGPImportKeySet (psks->pKM->Context, &keyset, PGPOInputBuffer (psks->pKM->Context, pMem, sLen), PGPOLastOption (psks->pKM->Context)); if (IsPGPError (err)) goto SplitDropCleanup; err = PGPOrderKeySet (keyset, kPGPAnyOrdering, &keylist); if (IsPGPError (err)) goto SplitDropCleanup; err = PGPNewKeyIter (keylist, &keyiter); if (IsPGPError (err)) goto SplitDropCleanup; PGPKeyIterNext (keyiter, &key); while (key) { bKeyIsUsable = FALSE; PGPGetKeyNumber (key, kPGPKeyPropAlgID, &alg); PGPGetKeyIDFromKey (key, &keyid); // key must either not be RSA or RSA ops must be enabled PGPGetKeyBoolean (key, kPGPKeyPropCanEncrypt, &bKeyIsUsable); // key must not be the same one that is being split if (alg == psks->keyalgToSplit) { if (PGPCompareKeyIDs (&keyid, &(psks->keyidToSplit))==0) bKeyIsUsable = FALSE; } // key must not already be in list if (sIsKeyIDAlreadyInList (&keyid, alg, psks)) bKeyIsUsable = FALSE; if (bKeyIsUsable) { bKeys = TRUE; pshs = KMAlloc (sizeof(SHAREHOLDERSTRUCT)); if (pshs) { PGPSize size; pshs->bPublicKey = TRUE; pshs->pszPassphrase = NULL; pshs->uShares = 1; PGPGetPrimaryUserIDNameBuffer (key, sizeof(pshs->szUserID), pshs->szUserID, &size); PGPGetKeyIDFromKey (key, &(pshs->keyid)); PGPGetKeyNumber (key, kPGPKeyPropAlgID, &(pshs->keyalg)); if (sAddShareHolder (psks, pshs, KMDetermineUserIDIcon (key, NULL, NULL), psks->hwndList)) { psks->uTotalShares += pshs->uShares; SetDlgItemInt (psks->hwndDlg, IDC_TOTALSHARES, psks->uTotalShares, FALSE); SendMessage (psks->hwndDlg, WM_COMMAND, MAKEWPARAM(IDC_THRESHOLD, EN_CHANGE), 0); } else { KMFree (pshs); } } } PGPKeyIterNext (keyiter, &key); } SplitDropCleanup : if (keyiter) PGPFreeKeyIter (keyiter); if (keylist) PGPFreeKeyList (keylist); if (keyset) PGPFreeKeySet (keyset); if (pMem) GlobalUnlock (hMem); } } return bKeys; }
LPSTR __cdecl _pgp_decrypt_key(LPCSTR szEncMsg, LPCSTR pgpKey) { LPSTR szPlainMsg = 0; DWORD dwPlainMsgLen; PGPUInt32 dwKeys; #if (PGP_WIN32 < 0x700) PGPKeySetRef PrivateKeyDB; if (CheckPGPError(_pgp_import_key(&PrivateKeyDB,pgpKey))) return 0; PGPCountKeys(PrivateKeyDB, &dwKeys); #else PGPKeyDBRef PrivateKeyDB; if (CheckPGPError(_pgp_import_key(&PrivateKeyDB,pgpKey))) return 0; PGPCountKeysInKeyDB(PrivateKeyDB, &dwKeys); #endif if(dwKeys==0) { #if (PGP_WIN32 < 0x700) PGPFreeKeySet(PrivateKeyDB); #else PGPFreeKeyDB(PrivateKeyDB); #endif return 0; } int iTry = 0; do { if (!pszPassphrase && PGPPassphraseDialog(pgpContext, PGPOUIOutputPassphrase(pgpContext, &pszPassphrase), PGPOLastOption(pgpContext)) == kPGPError_UserAbort) { iTry = 3; break; } /* #if (PGP_WIN32 < 0x700) PGPKeyListRef PrivateKeyList; PGPOrderKeySet(PrivateKeyDB, kPGPKeyIDOrdering, &PrivateKeyList); PGPKeyIterRef KeyIterRef; PGPNewKeyIter(PrivateKeyList, &KeyIterRef); PGPKeyRef PrivateKey; for(int i=0;i<dwKeys;i++) { PGPKeyIterNext(KeyIterRef, &PrivateKey); PGPOPassphraseIsValid(PrivateKey, PGPOPassphrase(pgpContext, pszPassphrase), PGPOLastOption(pgpContext)); } PGPFreeKeyList(PrivateKeyList); PGPFreeKeyIter(KeyIterRef); #else PGPKeyIterRef KeyIterRef; PGPNewKeyIterFromKeyDB(PrivateKeyDB, &KeyIterRef); PGPKeyDBObjRef KeyDBObjRef; for(int i=0;i<dwKeys;i++) { PGPKeyIterNextKeyDBObj(KeyIterRef, kPGPKeyDBObjType_Key, &KeyDBObjRef); PGPOPassphraseIsValid(PrivateKey, PGPOPassphrase(pgpContext, pszPassphrase), PGPOLastOption(pgpContext)); } PGPFreeKeyIter(KeyIterRef); #endif */ PGPError err = PGPDecode(pgpContext, PGPOInputBuffer(pgpContext, szEncMsg, lstrlen(szEncMsg)), PGPOAllocatedOutputBuffer(pgpContext, (LPVOID *)&szPlainMsg, 16384, (PGPUInt32 *)&dwPlainMsgLen), #if (PGP_WIN32 < 0x700) PGPOKeySetRef(pgpContext, PrivateKeyDB), #else PGPOKeyDBRef(pgpContext, PrivateKeyDB), #endif PGPOPassphrase(pgpContext, pszPassphrase), PGPOLastOption(pgpContext)); if (CheckPGPError(err)) iTry = 3; else if (!dwPlainMsgLen) { PGPFreeData(pszPassphrase); pszPassphrase = 0; iTry++; } } while(!dwPlainMsgLen && iTry<3); #if (PGP_WIN32 < 0x700) PGPFreeKeySet(PrivateKeyDB); #else PGPFreeKeyDB(PrivateKeyDB); #endif if(iTry == 3) return 0; LPSTR szMsg = (LPSTR) LocalAlloc(LPTR,dwPlainMsgLen+1); _pgp_memcpy(szMsg, szPlainMsg, dwPlainMsgLen); szMsg[dwPlainMsgLen] = 0; PGPFreeData((LPVOID)szPlainMsg); return szMsg; }
void CCRSVerisignServer::PackageAndSendCRSMessage( PGPExportFormat inExportFormat, PGPOutputFormat inOutputFormat, PGPKeyRef inKey, PGPKeyRef inSigningKey, PGPByte * inPassphrase, PGPSize inPassphraseLength, PGPBoolean inIsPassphrase, void ** outBuffer, PGPSize * outBufferSize) { PGPError pgpErr; StPGPKeySetRef singleKeySet; StPGPDataRef buffer; PGPSize bufSize; StPGPDataRef crsMessage; PGPSize crsMessageSize; InitOperation(); if (! PGPKeyRefIsValid(inKey)) { ThrowPGPError_(kPGPError_OptionNotFound); } if (! PGPKeyRefIsValid(inSigningKey)) { ThrowPGPError_(kPGPError_OptionNotFound); } if (NULL==(int)(inPassphrase)) { ThrowPGPError_(kPGPError_OptionNotFound); } pgpErr = PGPNewSingletonKeySet(inKey, &singleKeySet); ThrowIfPGPError_(pgpErr); pgpErr = PGPExportKeySet( singleKeySet, PGPOExportFormat( mContext, inExportFormat), PGPOAllocatedOutputBuffer( mContext, (void **) &buffer, MAX_PGPSize, &bufSize), PGPOLastOption(mContext)); ThrowIfPGPError_(pgpErr); singleKeySet.Free(); pgpErr = PGPEncode( mContext, PGPOSignWithKey( mContext, inSigningKey, (inIsPassphrase) ? PGPOPassphraseBuffer(mContext, inPassphrase, inPassphraseLength) : PGPOPasskeyBuffer(mContext, inPassphrase, inPassphraseLength), PGPOLastOption(mContext)), PGPOInputBuffer(mContext, static_cast<PGPByte *>(buffer), bufSize), PGPOAllocatedOutputBuffer( mContext, (void **) &crsMessage, MAX_PGPSize, &crsMessageSize), PGPOOutputFormat( mContext, inOutputFormat), PGPOLastOption(mContext)); ThrowIfPGPError_(pgpErr); buffer.Free(); *outBufferSize = PostCRSMessage(kPGPKeyServerState_Querying, (mPath == 0) ? kDefaultPath : mPath, reinterpret_cast<PGPByte **>(outBuffer), crsMessageSize, static_cast<const PGPByte *>(crsMessage)); }