📄 pgpnetconfig.c
字号:
PGPError err;
err = PGPnetOpenPrefs (PGPGetContextMemoryMgr (context), &prefref);
CKERR;
// save booleans
err = PGPSetPrefBoolean (prefref,
kPGPNetPrefEnablePGPnet,
pPNConfig->bPGPnetEnabled); CKERR;
err = PGPSetPrefBoolean (prefref,
kPGPNetPrefAllowUnconfiguredHosts,
pPNConfig->bAllowUnconfigHost); CKERR;
err = PGPSetPrefBoolean (prefref,
kPGPNetPrefRequireSecure,
pPNConfig->bRequireSecure); CKERR;
err = PGPSetPrefBoolean (prefref,
kPGPNetPrefRequireValidKey,
pPNConfig->bRequireValidKey); CKERR;
err = PGPSetPrefBoolean (prefref,
kPGPNetPrefEnablePassphraseCache,
pPNConfig->bCachePassphrases); CKERR;
err = PGPSetPrefBoolean (prefref,
kPGPNetPrefExpertMode,
pPNConfig->bExpertMode); CKERR;
err = PGPSetPrefBoolean (prefref,
kPGPNetPrefFirstExecution,
pPNConfig->bFirstExecution); CKERR;
err = PGPSetPrefBoolean (prefref,
kPGPNetPrefWarnReSharedSecret,
pPNConfig->bWarnReSharedSecret); CKERR;
err = PGPSetPrefBoolean (prefref,
kPGPNetPrefEnableIKEKByteExpiration,
pPNConfig->bIkeKByteExpiration); CKERR;
err = PGPSetPrefBoolean (prefref,
kPGPNetPrefEnableIKETimeExpiration,
pPNConfig->bIkeTimeExpiration); CKERR;
err = PGPSetPrefBoolean (prefref,
kPGPNetPrefEnableIPSECKByteExpiration,
pPNConfig->bIpsecKByteExpiration); CKERR;
err = PGPSetPrefBoolean (prefref,
kPGPNetPrefEnableIPSECTimeExpiration,
pPNConfig->bIpsecTimeExpiration); CKERR;
// save numbers
err = PGPSetPrefNumber (prefref,
kPGPNetPrefPGPAuthKeyAlgorithm,
pPNConfig->uPGPAuthKeyAlg); CKERR;
err = PGPSetPrefNumber (prefref,
kPGPNetPrefX509AuthKeyAlgorithm,
pPNConfig->uX509AuthKeyAlg); CKERR;
err = PGPSetPrefNumber (prefref,
kPGPNetPrefIKEKByteExpiration,
pPNConfig->uIkeKByteExpiration); CKERR;
err = PGPSetPrefNumber (prefref,
kPGPNetPrefIKETimeExpiration,
pPNConfig->uIkeTimeExpiration); CKERR;
err = PGPSetPrefNumber (prefref,
kPGPNetPrefIPSECKByteExpiration,
pPNConfig->uIpsecKByteExpiration); CKERR;
err = PGPSetPrefNumber (prefref,
kPGPNetPrefIPSECTimeExpiration,
pPNConfig->uIpsecTimeExpiration); CKERR;
err = PGPSetPrefNumber (prefref,
kPGPnetPrefIPSECGroupID,
pPNConfig->IkeIpsecGroupID); CKERR;
// save PGP authentication key info
err = PGPSetPrefData (prefref,
kPGPNetPrefPGPAuthKeyID,
kPGPMaxExportedKeyIDSize,
pPNConfig->expkeyidPGPAuthKey);
// save X509 authentication key info
if (pPNConfig->uX509AuthKeyAlg != kPGPPublicKeyAlgorithm_Invalid)
{
err = PGPSetPrefData (prefref,
kPGPNetPrefX509AuthKeyID,
kPGPMaxExportedKeyIDSize,
pPNConfig->expkeyidX509AuthKey);
if (pPNConfig->uX509AuthCertIASNLength > 0)
{
err = PGPSetPrefData (prefref,
kPGPNetPrefX509AuthCertIASN,
pPNConfig->uX509AuthCertIASNLength,
pPNConfig->pX509AuthCertIASN);
}
}
// save host list
sConvertHostListToStorage (context, pPNConfig, &pHostList);
err = PGPSetNetHostPrefs (prefref,
pHostList,
pPNConfig->uHostCount); CKERR;
// save IKE prefs
err = sSetIkeAlgorithmPrefs (prefref, pPNConfig); CKERR;
err = sSetIkeProposalPrefs (context, prefref, pPNConfig); CKERR;
err = sSetIpsecProposalPrefs (context, prefref, pPNConfig); CKERR;
done:
err = PGPnetClosePrefs (prefref, TRUE);
if (pHostList)
PGPFreeData (pHostList);
return err;
}
// ____________________________________
//
// load configuration information from prefs file
PGPError
PGPnetAddPromiscuousHostToConfiguration (
PGPContextRef context,
PPNCONFIG pPNConfig,
PGPUInt32 uIPAddressHost,
PGPUInt32 uIPAddressLocal,
PGPKeyRef keyAuth,
PGPSigRef sigAuth)
{
PGPError err = kPGPError_NoErr;
PGPSize size;
PGPNetHostEntry* pNewList;
PGPUInt32 u;
PGPKeyID keyid;
size = pPNConfig->uHostCount * sizeof (PGPNetHostEntry);
pNewList = PGPNewData (PGPGetContextMemoryMgr (context),
size + sizeof (PGPNetHostEntry),
kPGPMemoryMgrFlags_Clear);
if (pNewList)
{
// copy old list to new
if (pPNConfig->pHostList)
pgpCopyMemory (pPNConfig->pHostList, pNewList, size);
// fill in new list element
u = pPNConfig->uHostCount;
pNewList[u].hostType = kPGPnetSecureHost;
pNewList[u].ipAddress = uIPAddressHost;
pNewList[u].ipMask = 0xFFFFFFFF;
pNewList[u].childOf = -1;
strcpy (pNewList[u].hostName, "Untitled Host");
pNewList[u].identityType = kPGPike_ID_IPV4_Addr;
pNewList[u].identityIPAddress = uIPAddressLocal;
pNewList[u].identity[0] = '\0';
pNewList[u].sharedSecret[0] = '\0';
pNewList[u].authKeyAlg = kPGPPublicKeyAlgorithm_Invalid;
pNewList[u].authCertIASNLength = 0;
if (PGPKeyRefIsValid (keyAuth))
{
err = PGPGetKeyIDFromKey (keyAuth, &keyid); CKERR;
err = PGPExportKeyID (&keyid,
pNewList[u].authKeyExpKeyID, &size); CKERR;
err = PGPGetKeyNumber (keyAuth,
kPGPKeyPropAlgID,
&pNewList[u].authKeyAlg); CKERR;
if (PGPSigRefIsValid (sigAuth))
{
PGPGetSigPropertyBuffer (sigAuth,
kPGPSigPropX509IASN, 0, NULL,
&pNewList[u].authCertIASNLength);
if (pNewList[u].authCertIASNLength > 0)
{
err = PGPGetSigPropertyBuffer (sigAuth,
kPGPSigPropX509IASN,
sizeof(pNewList[u].authCertIASN),
pNewList[u].authCertIASN,
&pNewList[u].authCertIASNLength);
CKERR;
}
}
}
}
else
err = kPGPError_OutOfMemory;
done :
if (IsntPGPError (err))
{
if (pPNConfig->pHostList)
PGPFreeData (pPNConfig->pHostList);
pPNConfig->pHostList = pNewList;
pPNConfig->uHostCount++;
}
return err;
}
// ____________________________________
//
// get authentication key and sig refs from keyset
PGPError
PGPnetGetConfiguredAuthKeys (
PGPContextRef context,
PPNCONFIG pPNConfig,
PGPKeySetRef keyset,
PGPKeyRef* pkeyPGP,
PGPKeyRef* pkeyX509,
PGPSigRef* psigX509)
{
PGPKeyListRef keylist = kInvalidPGPKeyListRef;
PGPKeyIterRef keyiter = kInvalidPGPKeyIterRef;
PGPKeySetRef keysetX509 = kInvalidPGPKeySetRef;
PGPKeyRef key = kInvalidPGPKeyRef;
PGPUserIDRef userid = kInvalidPGPUserIDRef;
PGPSigRef sig = kInvalidPGPSigRef;
PGPError err = kPGPError_NoErr;
PGPByte* pIASN = NULL;
PGPBoolean bPGPKeyNotFound = FALSE;
PGPKeyID keyid;
PGPSize size;
PGPValidatePtr (pkeyPGP);
PGPValidatePtr (pkeyX509);
PGPValidatePtr (psigX509);
*pkeyPGP = kInvalidPGPKeyRef;
*pkeyX509 = kInvalidPGPKeyRef;
*psigX509 = kInvalidPGPSigRef;
if (!PGPKeySetRefIsValid (keyset))
return kPGPError_BadParams;
// get PGP key ref
if (pPNConfig->uPGPAuthKeyAlg != kPGPPublicKeyAlgorithm_Invalid)
{
err = PGPImportKeyID (pPNConfig->expkeyidPGPAuthKey, &keyid); CKERR;
err = PGPGetKeyByKeyID (
keyset, &keyid, pPNConfig->uPGPAuthKeyAlg, pkeyPGP);
// if key is missing, we still want to look for X.509 key
if (err == kPGPError_ItemNotFound)
{
err = kPGPError_NoErr;
bPGPKeyNotFound = TRUE;
}
CKERR;
}
// get X.509 key
if ((pPNConfig->pX509AuthCertIASN != NULL) &&
(pPNConfig->uX509AuthKeyAlg != kPGPPublicKeyAlgorithm_Invalid))
{
err = PGPImportKeyID (pPNConfig->expkeyidX509AuthKey, &keyid); CKERR;
err = PGPGetKeyByKeyID (
keyset, &keyid, pPNConfig->uX509AuthKeyAlg, pkeyX509); CKERR;
}
// get X.509 sig
if (PGPKeyRefIsValid (*pkeyX509))
{
err = PGPNewSingletonKeySet (*pkeyX509, &keysetX509); CKERR;
err = PGPOrderKeySet (keysetX509, kPGPAnyOrdering, &keylist); CKERR;
err = PGPNewKeyIter (keylist, &keyiter); CKERR;
err = PGPKeyIterNext (keyiter, &key); CKERR;
err = PGPKeyIterNextUserID (keyiter, &userid); CKERR;
while (userid)
{
PGPKeyIterNextUIDSig (keyiter, &sig);
while ( (sig != kInvalidPGPSigRef) &&
(*psigX509 == kInvalidPGPSigRef))
{
size = 0;
PGPGetSigPropertyBuffer (sig,
kPGPSigPropX509IASN, 0, NULL, &size);
if (size == pPNConfig->uX509AuthCertIASNLength)
{
pIASN = PGPNewData (
PGPGetContextMemoryMgr (context),
size, kPGPMemoryMgrFlags_Clear);
if (pIASN)
{
err = PGPGetSigPropertyBuffer (sig,
kPGPSigPropX509IASN, size, pIASN, &size); CKERR;
if (pgpMemoryEqual (pIASN,
pPNConfig->pX509AuthCertIASN, size))
{
*psigX509 = sig;
}
PGPFreeData (pIASN);
pIASN = NULL;
}
}
PGPKeyIterNextUIDSig (keyiter, &sig);
}
PGPKeyIterNextUserID (keyiter, &userid);
}
}
done :
if (pIASN != NULL)
PGPFreeData (pIASN);
if (PGPKeySetRefIsValid (keysetX509))
PGPFreeKeySet (keysetX509);
if (PGPKeyIterRefIsValid (keyiter))
PGPFreeKeyIter (keyiter);
if (PGPKeyListRefIsValid (keylist))
PGPFreeKeyList (keylist);
if (IsntPGPError (err) && (bPGPKeyNotFound))
err = kPGPError_ItemNotFound;
return err;
}
// ____________________________________
//
// get host authentication key and sig refs from keyset
PGPError
PGPnetGetConfiguredHostAuthKeys (
PGPContextRef context,
PGPNetHostEntry* pHost,
PGPKeySetRef keyset,
PGPKeyRef* pkey,
PGPSigRef* psig)
{
PGPKeyListRef keylist = kInvalidPGPKeyListRef;
PGPKeyIterRef keyiter = kInvalidPGPKeyIterRef;
PGPKeySetRef keysetX509 = kInvalidPGPKeySetRef;
PGPKeyRef key = kInvalidPGPKeyRef;
PGPUserIDRef userid = kInvalidPGPUserIDRef;
PGPSigRef sig = kInvalidPGPSigRef;
PGPError err = kPGPError_NoErr;
PGPByte* pIASN = NULL;
PGPKeyID keyid;
PGPSize size;
PGPValidatePtr (pkey);
PGPValidatePtr (psig);
*pkey = kInvalidPGPKeyRef;
*psig = kInvalidPGPSigRef;
// if no authentication key, just return
if (pHost->authKeyAlg == kPGPPublicKeyAlgorithm_Invalid)
{
goto done;
}
// if no IASN, must be a PGP key
if (pHost->authCertIASNLength == 0)
{
err = PGPImportKeyID (pHost->authKeyExpKeyID, &keyid); CKERR;
err = PGPGetKeyByKeyID (
keyset, &keyid, pHost->authKeyAlg, pkey); CKERR;
goto done;
}
// otherwise, must be an X.509 key
err = PGPImportKeyID (pHost->authKeyExpKeyID, &keyid); CKERR;
err = PGPGetKeyByKeyID (
keyset, &keyid, pHost->authKeyAlg, pkey); CKERR;
// get X.509 sig
if (PGPKeyRefIsValid (*pkey))
{
err = PGPNewSingletonKeySet (*pkey, &keysetX509); CKERR;
err = PGPOrderKeySet (keysetX509, kPGPAnyOrdering, &keylist); CKERR;
err = PGPNewKeyIter (keylist, &keyiter); CKERR;
err = PGPKeyIterNext (keyiter, &key); CKERR;
err = PGPKeyIterNextUserID (keyiter, &userid); CKERR;
while (userid)
{
PGPKeyIterNextUIDSig (keyiter, &sig);
while ( (sig != kInvalidPGPSigRef) &&
(*psig == kInvalidPGPSigRef))
{
size = 0;
PGPGetSigPropertyBuffer (sig,
kPGPSigPropX509IASN, 0, NULL, &size);
if (size == pHost->authCertIASNLength)
{
pIASN = PGPNewData (
PGPGetContextMemoryMgr (context),
size, kPGPMemoryMgrFlags_Clear);
if (pIASN)
{
err = PGPGetSigPropertyBuffer (sig,
kPGPSigPropX509IASN, size, pIASN, &size); CKERR;
if (pgpMemoryEqual (pIASN,
pHost->authCertIASN, size))
{
*psig = sig;
}
PGPFreeData (pIASN);
pIASN = NULL;
}
}
PGPKeyIterNextUIDSig (keyiter, &sig);
}
PGPKeyIterNextUserID (keyiter, &userid);
}
if (*psig == kInvalidPGPSigRef)
err = kPGPError_ItemNotFound;
}
done :
if (pIASN != NULL)
PGPFreeData (pIASN);
if (PGPKeySetRefIsValid (keysetX509))
PGPFreeKeySet (keysetX509);
if (PGPKeyIterRefIsValid (keyiter))
PGPFreeKeyIter (keyiter);
if (PGPKeyListRefIsValid (keylist))
PGPFreeKeyList (keylist);
return err;
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -