pkcs7callbacks.c

vc环境下的pgp源码

/* Copyright (C) 1998 Network Associates, Inc.
   Author: Michael_Elkins@NAI.com
   Last Edit: November 12, 1998 */

#include "x509CMS.h"

#include "pgpHash.h"
#include "pgpErrors.h"
#include "pgpSymmetricCipher.h"
#include "pgpCBC.h"

int
pkcs7HashCallback (
	PKIOCTET_STRING		*hashValue,	/* OUT */
	const char		*hashAlgorithm,
	const unsigned char	*tbs,
	size_t			tbsLen,
	void			*data,
	PKICONTEXT		*asnmem
)
{
    PGPError err;
    PGPHashContextRef hash;
    PGPSize hashLen;
    PGPHashAlgorithm algid;
    X509CMSCallbackData *pgpData = (X509CMSCallbackData *) data;
    PGPMemoryMgrRef mem;

    if (!strcmp (SM_OID_ALG_MD5, hashAlgorithm))
	algid = kPGPHashAlgorithm_MD5;
    else if (!strcmp (SM_OID_ALG_SHA, hashAlgorithm))
	algid = kPGPHashAlgorithm_SHA;
    else
	return PKCS7_ERROR_HASH_ALG;

    mem = PGPGetContextMemoryMgr (pgpData->context);

    err = PGPNewHashContext (mem, algid, &hash);
    if (IsPGPError (err))
	return PKCS7_ERROR_HASH_CALLBACK;
    
    err = PGPContinueHash (hash, tbs, tbsLen);
    if (IsPGPError (err))
    {
	err = PGPFreeHashContext (hash);
	return PKCS7_ERROR_HASH_CALLBACK;
    }

    err = PGPGetHashSize (hash, &hashLen);
    if (IsPGPError (err))
    {
	err = PGPFreeHashContext (hash);
	return PKCS7_ERROR_HASH_CALLBACK;
    }
    
    hashValue->len = hashLen;
    hashValue->val = PKIAlloc (asnmem->memMgr, hashLen);
    
    err = PGPFinalizeHash (hash, hashValue->val);
    if (IsPGPError (err))
    {
	PKIFree (asnmem->memMgr, hashValue->val);
	hashValue->val = NULL;
	hashValue->len = 0;
	err = PGPFreeHashContext (hash);
	return PKCS7_ERROR_HASH_CALLBACK;
    }
    
    err = PGPFreeHashContext (hash);
    
    return PKCS7_OK;
}

int
pkcs7SignCallback (
	PKIOCTET_STRING *sigValue,		/* OUT */
	const char	*hashAlgorithm,
	const char	*signatureAlgorithm,
	PKICertificate	*signerCertificate,
	unsigned char	*tbs,
	size_t		tbsLen,
	void		*data,
	PKICONTEXT	*asnmem)
{
    PGPError err;
    PGPHashContextRef hash;
    PGPHashAlgorithm algid;
    PGPPrivateKeyContextRef privkey;
    X509CMSCallbackData *pgpData = (X509CMSCallbackData *) data;
    PGPMemoryMgrRef	mem;
    PGPOptionListRef	pass;

	(void) signatureAlgorithm;
	(void) signerCertificate;
	
    if (!strcmp (SM_OID_ALG_MD5, hashAlgorithm))
	algid = kPGPHashAlgorithm_MD5;
    else if (!strcmp (SM_OID_ALG_SHA, hashAlgorithm))
	algid = kPGPHashAlgorithm_SHA;
    else
	return PKCS7_ERROR_HASH_ALG;

    mem = PGPGetContextMemoryMgr (pgpData->context);

    err = PGPNewHashContext (mem, algid, &hash);
    if (IsPGPError (err))
	return PKCS7_ERROR_SIGN_CALLBACK;
    
    err = PGPContinueHash (hash, tbs, tbsLen);
    if (IsPGPError (err))
    {
	err = PGPFreeHashContext (hash);
	return PKCS7_ERROR_SIGN_CALLBACK;
    }

    PGPCopyOptionList (pgpData->passphrase, &pass);
    err = PGPNewPrivateKeyContext (pgpData->key,
	    kPGPPublicKeyMessageFormat_X509,
	    &privkey,
	    pass,
	    PGPOLastOption (pgpData->context));
    if (IsPGPError (err))
    {
	err = PGPFreeHashContext (hash);
	return PKCS7_ERROR_SIGN_CALLBACK;
    }
    
    err = PGPGetPrivateKeyOperationSizes (privkey, NULL, NULL, &sigValue->len);
    if (IsPGPError (err))
    {
	err = PGPFreeHashContext (hash);
	err = PGPFreePrivateKeyContext (privkey);
	return PKCS7_ERROR_SIGN_CALLBACK;
    }

    sigValue->val = PKIAlloc (asnmem->memMgr, sigValue->len);

    err = PGPPrivateKeySign (privkey, hash, sigValue->val, &sigValue->len);
    if (IsPGPError (err))
    {
	PKIFree (asnmem->memMgr, sigValue->val);
	sigValue->val = NULL;
	sigValue->len = 0;
	err = PGPFreeHashContext (hash);
	err = PGPFreePrivateKeyContext (privkey);
	return PKCS7_ERROR_HASH_CALLBACK;
    }
    
    err = PGPFreePrivateKeyContext (privkey);
    
    return PKCS7_OK;
}

int
pkcs7VerifyCallback (
 	const unsigned char     *tbs,                   /* signed data */
	size_t                  tbsLen,                 /* signed data len */
	const char              *digestAlg,             /* hash alg */
	const char              *digestEncryptionAlg,   /* alg to decrypt sig */
	PKIEncryptedDigest      *signature,             /* encrypted sig */
	PKICertificate          *cert,                  /* signer cert */
	void                    *data,                  /* [IN] callback data
							   (optional) */
	PKICONTEXT		*asnmem
)
{
    X509CMSCallbackData		*pgpData = (X509CMSCallbackData *) data;
    PGPMemoryMgrRef		mem;
    PGPHashAlgorithm		algid;
    PGPPublicKeyContextRef	pubkey;
    PGPError			err;
    PGPHashContextRef		hash;
    PGPContextRef		context;

	(void) digestEncryptionAlg;
	(void) cert;
	(void) asnmem;
	
    if (!strcmp (SM_OID_ALG_MD5, digestAlg))
	algid = kPGPHashAlgorithm_MD5;
    else if (!strcmp (SM_OID_ALG_SHA, digestAlg))
	algid = kPGPHashAlgorithm_SHA;
    else
	return PKCS7_ERROR_HASH_ALG;

    context = PGPGetKeyContext (pgpData->key);

    mem = PGPGetContextMemoryMgr (context);

    err = PGPNewHashContext (mem, algid, &hash);
    if (IsPGPError (err))
	return PKCS7_ERROR_HASH_CALLBACK;
    
    err = PGPContinueHash (hash, tbs, tbsLen);
    if (IsPGPError (err))
    {
	err = PGPFreeHashContext (hash);
	return PKCS7_ERROR_HASH_CALLBACK;
    }
    
    err = PGPNewPublicKeyContext (
	    pgpData->key,
	    kPGPPublicKeyMessageFormat_X509,
	    &pubkey);
    if (IsPGPError (err))
    {
	err = PGPFreeHashContext (hash);
	return PKCS7_ERROR_HASH_CALLBACK;
    }

    err = PGPPublicKeyVerifySignature (pubkey,
	    hash,
	    signature->val,
	    signature->len);
    if (IsPGPError (err))
    {
	err = PGPFreeHashContext (hash);
	err = PGPFreePublicKeyContext (pubkey);
	return PKCS7_ERROR_HASH_CALLBACK;
    }

    err = PGPFreePublicKeyContext (pubkey);

    return PKCS7_OK;
}

int
pkcs7EncryptCallback (
        PKIOCTET_STRING        *encryptedData, /* [OUT] encrypted data */
        PKIANY                 *encryptParam,  /* [OUT] data encryption
						   parameters (e.g.,
						   initialization vector) */
        const char              *dataEncAlg,    /* [IN] data encryption alg */
        const unsigned char     *tbe,           /* [IN] data to encrypt */
        size_t                  tbelen,         /* [IN] size of data */
        List                    *recips,        /* [IN/OUT] who to encrypt to.
                                                   The callback also returns
                                                   the encrypted session key
                                                   for each recipient in this
						   variable. */
        void                    *data,          /* [IN] user supplied data */
	PKICONTEXT		*asnmem
)
{
    PGPSymmetricCipherContextRef	cipherRef;
    PGPCBCContextRef		cbcRef;
    PGPError			err;
    PGPCipherAlgorithm		cipherAlg;
    unsigned char		*randomBuf;
    X509CMSCallbackData		*pgpData = (X509CMSCallbackData *) data;
    PGPMemoryMgr *mem = PGPGetContextMemoryMgr (pgpData->context);
    PGPSize keySize = 24;	/* size for 3des.  this has to be hardcoded
				   for now since PGPsdk doesn't provide a way
				   for the application to query the value
				   in a generic way */
    PGPSize			blockSize;
    PGPSize			plainTextLen;
    PGPPublicKeyContextRef	pubKey;
    unsigned char		*lastBlock;
    PGPSize			lastBlockLen;
    size_t				i;
    PKIOCTET_STRING		*iv;
    int				e = 0;
    List			*pRecip;

    if (!strcmp (dataEncAlg, SM_OID_ALG_3DES))
	cipherAlg = kPGPCipherAlgorithm_3DES;
    else
    {
	/* unsupported algorithm */
	return PKCS7_ERROR_CALLBACK;
    }

    err = PGPNewSymmetricCipherContext (mem, cipherAlg, keySize, &cipherRef);
    if (IsPGPError (err))
    {
	return PKCS7_ERROR_CALLBACK;
    }

    err = PGPGetSymmetricCipherSizes (cipherRef, &keySize, &blockSize);
    if (IsPGPError (err))
    {
	PGPFreeSymmetricCipherContext (cipherRef);
	return PKCS7_ERROR_CALLBACK;
    }

    err = PGPNewCBCContext (cipherRef, &cbcRef);
    if (IsPGPError (err))
    {
	PGPFreeSymmetricCipherContext (cipherRef);