pgpnetconfig.c

vc环境下的pgp源码

/*____________________________________________________________________________
	Copyright (C) 1998 Network Associates, Inc.
	All rights reserved.
	
	PGPconfig.c - PGPnet read/write configuration info
	

	$Id: pgpNetConfig.c,v 1.38 1999/04/23 13:59:09 pbj Exp $
____________________________________________________________________________*/

#include <windows.h>

#include "pgpNetConfig.h"
#include "pgpNetPaths.h"

#include "pflPrefTypes.h"
#include "pgpMemoryMgr.h"
#include "pgpFileSpec.h"
#include "pgpMem.h"
#include "pgpKeys.h"
#include "pgpErrors.h"
#include "pgpEndianConversion.h"

// macro definitions
#define CKERR		if (IsPGPError (err)) goto done


//	______________________________________________
//
//  convert Host list from prefs (storage) format to
//	local format

static PGPError
sConvertHostListFromStorage (
		PGPContextRef			context,
		PPNCONFIG				pPNConfig, 
		PGPNetPrefHostEntry*	pStorageList)
{
	PGPSize		sizeList;
	PGPUInt32	u;

	if (pPNConfig->uHostCount == 0)
		pPNConfig->pHostList = NULL;
	else
	{
		sizeList = 
			pPNConfig->uHostCount * 
			sizeof (PGPNetHostEntry);

		pPNConfig->pHostList = 
				PGPNewData (PGPGetContextMemoryMgr (context),
							sizeList,
							kPGPMemoryMgrFlags_Clear);

		if (pPNConfig->pHostList)
		{
			for (u=0; u<pPNConfig->uHostCount; u++)
			{
				pPNConfig->pHostList[u].hostType = 
								pStorageList[u].hostType;
				pPNConfig->pHostList[u].ipAddress =
								pStorageList[u].ipAddress;
				pPNConfig->pHostList[u].ipMask =
								pStorageList[u].ipMask;
				pPNConfig->pHostList[u].childOf =
								pStorageList[u].childOf;
				pgpCopyMemory (pStorageList[u].hostName, 
								pPNConfig->pHostList[u].hostName, 
								kMaxNetHostNameLength + 1);
				pPNConfig->pHostList[u].identityType =
								pStorageList[u].identityType;
				pgpCopyMemory (pStorageList[u].identity, 
								&pPNConfig->pHostList[u].identityIPAddress, 
								sizeof(PGPUInt32));
				pgpCopyMemory (pStorageList[u].identity, 
								pPNConfig->pHostList[u].identity, 
								kMaxNetHostIdentityLength + 1);
				pgpCopyMemory (pStorageList[u].sharedSecret, 
								pPNConfig->pHostList[u].sharedSecret, 
								kMaxNetHostSharedSecretLength + 1);

				pPNConfig->pHostList[u].authKeyAlg =
								pStorageList[u].authKeyAlg;
				pgpCopyMemory (pStorageList[u].authKeyExpKeyID, 
								pPNConfig->pHostList[u].authKeyExpKeyID, 
								kMaxNetHostKeyIDSize);
				pgpCopyMemory (pStorageList[u].authCertIASN, 
								pPNConfig->pHostList[u].authCertIASN, 
								pStorageList[u].authCertIASNLength);
				pPNConfig->pHostList[u].authCertIASNLength =
								pStorageList[u].authCertIASNLength;
			}
		}
		else
			return kPGPError_OutOfMemory;
	}

	return kPGPError_NoErr;
}


//	______________________________________________
//
//  convert Host list from local format to
//	prefs (storage) format

static PGPError
sConvertHostListToStorage (
		PGPContextRef			context,
		PPNCONFIG				pPNConfig, 
		PGPNetPrefHostEntry**	ppStorageList)
{
	PGPSize		sizeList;
	PGPUInt32	u;

	if (pPNConfig->uHostCount == 0)
		*ppStorageList = NULL;
	else
	{
		sizeList = 
			pPNConfig->uHostCount * 
			sizeof (PGPNetPrefHostEntry);

		*ppStorageList = 
				PGPNewData (PGPGetContextMemoryMgr (context),
							sizeList,
							kPGPMemoryMgrFlags_Clear);

		if (*ppStorageList)
		{
			for (u=0; u<pPNConfig->uHostCount; u++)
			{
				(*ppStorageList)[u].hostType = 
									pPNConfig->pHostList[u].hostType;
				(*ppStorageList)[u].ipAddress =
									pPNConfig->pHostList[u].ipAddress;
				(*ppStorageList)[u].ipMask =
									pPNConfig->pHostList[u].ipMask;
				(*ppStorageList)[u].childOf =
									pPNConfig->pHostList[u].childOf;
				pgpCopyMemory (	pPNConfig->pHostList[u].hostName, 
									(*ppStorageList)[u].hostName, 
									kMaxNetHostNameLength + 1);
				(*ppStorageList)[u].identityType =
									pPNConfig->pHostList[u].identityType;
				if (pPNConfig->pHostList[u].identityType == 
													kPGPike_ID_IPV4_Addr)
				{
					(*ppStorageList)[u].identityLen = 4;
					pgpCopyMemory (&pPNConfig->pHostList[u].identityIPAddress, 
									(*ppStorageList)[u].identity, 
									(*ppStorageList)[u].identityLen);
				}
				else
				{
					(*ppStorageList)[u].identityLen = 
									strlen (pPNConfig->pHostList[u].identity);
					pgpCopyMemory (	pPNConfig->pHostList[u].identity, 
									(*ppStorageList)[u].identity, 
									kMaxNetHostIdentityLength + 1);
				}
				pgpCopyMemory (	pPNConfig->pHostList[u].sharedSecret, 
								(*ppStorageList)[u].sharedSecret,
								kMaxNetHostSharedSecretLength + 1);

				(*ppStorageList)[u].authKeyAlg =
									pPNConfig->pHostList[u].authKeyAlg;
				pgpCopyMemory (	pPNConfig->pHostList[u].authKeyExpKeyID, 
								(*ppStorageList)[u].authKeyExpKeyID,
								kMaxNetHostKeyIDSize);
				pgpCopyMemory (	pPNConfig->pHostList[u].authCertIASN, 
								(*ppStorageList)[u].authCertIASN,
								pPNConfig->pHostList[u].authCertIASNLength);
				(*ppStorageList)[u].authCertIASNLength =
								pPNConfig->pHostList[u].authCertIASNLength;
			}
		}
		else
			return kPGPError_OutOfMemory;
	}

	return kPGPError_NoErr;
}


//	______________________________________________
//
//  convert expiration prefs to form used by IKE

static PGPError
sComputeIkeExpirationPrefs (
		PGPContextRef		context,
		PPNCONFIG			pPNConfig)
{
	pPNConfig->IkeExpirationPrefs.pref = kPGPike_PF_Expiration;

	if (pPNConfig->bIkeKByteExpiration)
		pPNConfig->IkeExpirationPrefs.u.expiration.kbLifeTimeIKE =
			pPNConfig->uIkeKByteExpiration;
	else
		pPNConfig->IkeExpirationPrefs.u.expiration.kbLifeTimeIKE = 0;

	if (pPNConfig->bIkeTimeExpiration)
		pPNConfig->IkeExpirationPrefs.u.expiration.secLifeTimeIKE =
			pPNConfig->uIkeTimeExpiration;
	else
		pPNConfig->IkeExpirationPrefs.u.expiration.secLifeTimeIKE = 0;

	if (pPNConfig->bIpsecKByteExpiration)
		pPNConfig->IkeExpirationPrefs.u.expiration.kbLifeTimeIPSEC =
			pPNConfig->uIpsecKByteExpiration;
	else
		pPNConfig->IkeExpirationPrefs.u.expiration.kbLifeTimeIPSEC = 0;

	if (pPNConfig->bIpsecTimeExpiration)
		pPNConfig->IkeExpirationPrefs.u.expiration.secLifeTimeIPSEC =
			pPNConfig->uIpsecTimeExpiration;
	else
		pPNConfig->IkeExpirationPrefs.u.expiration.secLifeTimeIPSEC = 0;

	return kPGPError_NoErr;
}

//	______________________________________________
//
//  load algorithm prefs into structure used by IKE

PGPError
PGPnetGetIkeAlgorithmPrefs (
		PGPContextRef		context,
		PGPPrefRef			prefref, 
		PPNCONFIG			pPNConfig)
{
	PGPError	err;

	pPNConfig->IkeAlgorithmPrefs.pref = kPGPike_PF_AllowedAlgorithms;

	// get cipher algorithm booleans
	err = PGPGetPrefBoolean (prefref, 
		kPGPNetPrefAllowCipherCAST, 
		&pPNConfig->IkeAlgorithmPrefs.u.allowedAlgorithms.cast5); 
	CKERR;

	err = PGPGetPrefBoolean (prefref, 
		kPGPNetPrefAllowCipher3DES, 
		&pPNConfig->IkeAlgorithmPrefs.u.allowedAlgorithms.tripleDES); 
	CKERR;

	err = PGPGetPrefBoolean (prefref, 
		kPGPNetPrefAllowCipherDES56, 
		&pPNConfig->IkeAlgorithmPrefs.u.allowedAlgorithms.singleDES); 
	CKERR;

	err = PGPGetPrefBoolean (prefref, 
		kPGPNetPrefAllowCipherNone, 
		&pPNConfig->IkeAlgorithmPrefs.u.allowedAlgorithms.espNULL); 
	CKERR;

	// get hash algorithm booleans
	err = PGPGetPrefBoolean (prefref, 
		kPGPNetPrefAllowHashSHA1, 
		&pPNConfig->IkeAlgorithmPrefs.u.allowedAlgorithms.sha1); 
	CKERR;

	err = PGPGetPrefBoolean (prefref, 
		kPGPNetPrefAllowHashMD5, 
		&pPNConfig->IkeAlgorithmPrefs.u.allowedAlgorithms.md5); 
	CKERR;

	err = PGPGetPrefBoolean (prefref, 
		kPGPNetPrefAllowHashNone, 
		&pPNConfig->IkeAlgorithmPrefs.u.allowedAlgorithms.noAuth); 
	CKERR;

	// get compression algorithm booleans
	err = PGPGetPrefBoolean (prefref, 
		kPGPNetPrefAllowCompLZS, 
		&pPNConfig->IkeAlgorithmPrefs.u.allowedAlgorithms.lzs); 
	CKERR;

	err = PGPGetPrefBoolean (prefref, 
		kPGPNetPrefAllowCompDeflate, 
		&pPNConfig->IkeAlgorithmPrefs.u.allowedAlgorithms.deflate); 
	CKERR;

	// get Diffie-Hellman algorithm booleans
	err = PGPGetPrefBoolean (prefref, 
		kPGPNetPrefAllowDH768, 
		&pPNConfig->IkeAlgorithmPrefs.u.allowedAlgorithms.modpOne768); 
	CKERR;

	err = PGPGetPrefBoolean (prefref, 
		kPGPNetPrefAllowDH1024, 
		&pPNConfig->IkeAlgorithmPrefs.u.allowedAlgorithms.modpTwo1024); 
	CKERR;

	err = PGPGetPrefBoolean (prefref, 
		kPGPNetPrefAllowDH1536, 
		&pPNConfig->IkeAlgorithmPrefs.u.allowedAlgorithms.modpFive1536); 
	CKERR;

	err = kPGPError_NoErr;

done :
	return err;
}


//	______________________________________________
//
//  save algorithm prefs from structure used by IKE

static PGPError
sSetIkeAlgorithmPrefs (
		PGPPrefRef			prefref, 
		PPNCONFIG			pPNConfig)
{
	PGPError	err		= kPGPError_NoErr;

	// set cipher algorithm booleans
	err = PGPSetPrefBoolean (prefref, 
		kPGPNetPrefAllowCipherCAST, 
		pPNConfig->IkeAlgorithmPrefs.u.allowedAlgorithms.cast5); 
	CKERR;

	err = PGPSetPrefBoolean (prefref, 
		kPGPNetPrefAllowCipher3DES, 
		pPNConfig->IkeAlgorithmPrefs.u.allowedAlgorithms.tripleDES); 
	CKERR;

	err = PGPSetPrefBoolean (prefref, 
		kPGPNetPrefAllowCipherDES56, 
		pPNConfig->IkeAlgorithmPrefs.u.allowedAlgorithms.singleDES); 
	CKERR;

	err = PGPSetPrefBoolean (prefref, 
		kPGPNetPrefAllowCipherNone, 
		pPNConfig->IkeAlgorithmPrefs.u.allowedAlgorithms.espNULL); 
	CKERR;

	// set hash algorithm booleans
	err = PGPSetPrefBoolean (prefref, 
		kPGPNetPrefAllowHashSHA1, 
		pPNConfig->IkeAlgorithmPrefs.u.allowedAlgorithms.sha1); 
	CKERR;

	err = PGPSetPrefBoolean (prefref, 
		kPGPNetPrefAllowHashMD5, 
		pPNConfig->IkeAlgorithmPrefs.u.allowedAlgorithms.md5); 
	CKERR;

	err = PGPSetPrefBoolean (prefref, 
		kPGPNetPrefAllowHashNone, 
		pPNConfig->IkeAlgorithmPrefs.u.allowedAlgorithms.noAuth); 
	CKERR;

	// set compression algorithm booleans
	err = PGPSetPrefBoolean (prefref, 
		kPGPNetPrefAllowCompLZS, 
		pPNConfig->IkeAlgorithmPrefs.u.allowedAlgorithms.lzs); 
	CKERR;

	err = PGPSetPrefBoolean (prefref, 
		kPGPNetPrefAllowCompDeflate, 
		pPNConfig->IkeAlgorithmPrefs.u.allowedAlgorithms.deflate); 
	CKERR;

	// set Diffie-Hellman algorithm booleans
	err = PGPSetPrefBoolean (prefref, 
		kPGPNetPrefAllowDH768, 
		pPNConfig->IkeAlgorithmPrefs.u.allowedAlgorithms.modpOne768); 
	CKERR;

	err = PGPSetPrefBoolean (prefref, 
		kPGPNetPrefAllowDH1024, 
		pPNConfig->IkeAlgorithmPrefs.u.allowedAlgorithms.modpTwo1024); 
	CKERR;

	err = PGPSetPrefBoolean (prefref, 
		kPGPNetPrefAllowDH1536, 
		pPNConfig->IkeAlgorithmPrefs.u.allowedAlgorithms.modpFive1536); 
	CKERR;

done :
	return err;
}


//	______________________________________________
//
//  load IKE proposal prefs into structure used by IKE

PGPError
PGPnetGetIkeProposalPrefs (
		PGPContextRef		context,
		PGPPrefRef			prefref, 
		PPNCONFIG			pPNConfig)
{
	PGPError			err		= kPGPError_NoErr;

	PGPSize				size;
	PGPUInt32			u, uNumProposals;
	PGPikeTransform*	pIke;

	PGPNetPrefIKEProposalEntry*		prefEntry;

	err = PGPGetNetIKEProposalPrefs (
				prefref, &prefEntry, &uNumProposals); CKERR;

	pPNConfig->IkeIkeProposalPrefs.pref = kPGPike_PF_IKEProposals;
	pPNConfig->
		IkeIkeProposalPrefs.u.ikeProposals.numTransforms = uNumProposals;

	if (uNumProposals > 0)
	{
		size = uNumProposals * sizeof(PGPikeTransform);
		pPNConfig->IkeIkeProposalPrefs.u.ikeProposals.t =
				PGPNewData (PGPGetContextMemoryMgr (context),
							size, kPGPMemoryMgrFlags_Clear);

		if (pPNConfig->IkeIkeProposalPrefs.u.ikeProposals.t)
		{
			pIke = pPNConfig->IkeIkeProposalPrefs.u.ikeProposals.t;

			for (u=0; u<uNumProposals; u++)
			{
				pIke[u].authMethod	= prefEntry[u].authMethod;
				pIke[u].hash		= prefEntry[u].hash;
				pIke[u].cipher		= prefEntry[u].cipher;
				pIke[u].modpGroup	= TRUE;
				pIke[u].groupID		= prefEntry[u].groupID;
			}
		}
		else
			err = kPGPError_OutOfMemory;

		PGPDisposePrefData (prefref, prefEntry);
	}

done :
	return err;
}


//	______________________________________________
//
//  save IKE proposal prefs from structure used by IKE

static PGPError
sSetIkeProposalPrefs (
		PGPContextRef		context,
		PGPPrefRef			prefref, 
		PPNCONFIG			pPNConfig)
{