keysplit.c

vc环境下的pgp源码

	if (pszPath[strlen(pszPath)-1] != '\\') {
		strcat (pszPath, "\\");
		iLen -= 1;
	}

	// look for invalid characters and truncate
	strcpy (sz, pszUserID);
	i = strcspn (sz, "\\/:*?""<>|");
	sz[i] = '\0';

	// remove trailing spaces
	while ((i > 0) && (sz[i-1] == ' ')) {
		i--;
		sz[i] = '\0';
	}

	// check if we've truncated too much
	if (strlen (sz) < 2) 
		strcpy (sz, szDefName);

	// check if name is too long
	iLen -= (strlen (szDefExt) +1);
	if ((strlen(sz) + strlen(szShares) + strlen(pszModifier)) >= iLen) {
		if ((strlen (sz) + strlen (pszModifier)) >= iLen) {
			if (strlen (sz) >= iLen) {
				sz[iLen-1] = '\0';
			}
			strcat (pszPath, sz);
			strcat (pszPath, ".");
			strcat (pszPath, szDefExt);

		}
		else {
			strcat (pszPath, sz);
			strcat (pszPath, pszModifier);
			strcat (pszPath, ".");
			strcat (pszPath, szDefExt);
		}
	}
	else {
		// construct full path
		strcat (pszPath, sz);
		strcat (pszPath, szShares);
		strcat (pszPath, pszModifier);
		strcat (pszPath, ".");
		strcat (pszPath, szDefExt);
	}

	return kPGPError_NoErr;
}

/*	End of section taken from PGPKeys
 *	____________________________________________________
 *
 */


/* this struct is used only in pgpParseShares */
typedef struct _PARSESTRUCT {
	char			szUserID[kPGPMaxUserIDSize];
	PGPUInt16		uShares;
} PARSESTRUCT;

						 
PGPError pgpParseShares(struct pgpmainBones *mainbPtr,
						SHAREHOLDERSTRUCT	**pshs, 
						char				**ppszUsers,
						PGPUInt16			myArgc,
						PGPUInt32			*pdwThreshold,
						PGPUInt32			*pdwTotalShares,
						PGPUInt32			*dwTotal)
{
	struct pgpfileBones		*filebPtr = mainbPtr->filebPtr;
	PGPUInt16				i = 0;
	PGPError				err = kPGPError_NoErr;
    PGPKeyListRef			keylist = kPGPInvalidRef;
    PGPKeyIterRef			keyiter = kPGPInvalidRef;
    PGPKeyRef				key = kPGPInvalidRef;
	PGPKeySetRef			keyset = kPGPInvalidRef;
	SHAREHOLDERSTRUCT		*pTemp = NULL;
	PGPUInt32				num = 0;
	PARSESTRUCT				*pParse = malloc(sizeof(PARSESTRUCT) * myArgc);

	if(!pParse)
		return kPGPError_OutOfMemory;

	for(i = 3; i < myArgc; i++)
	{
		if(ppszUsers[i][0] == '-')
		{
			if(ppszUsers[i][1] == 'n')
			{
				if((i + 1) > (myArgc - 1))
				{
					err = kPGPError_BadParams;
					goto done;
				}
				else
				{
					char		*numShares = &ppszUsers[i][2];
					pParse[num].uShares = atoi(numShares);
					/* check to see if valid value, if not, default to 1 share */
					if(!pParse[num].uShares)
						pParse[num].uShares = 1;
					i++;
					*pdwTotalShares += pParse[num].uShares;
					strcpy(pParse[num].szUserID, ppszUsers[i]);
				}
				num++;
			}
			else if(ppszUsers[i][1] == 'r')
			{
				if((i + 1) > (myArgc - 1))
				{
					err = kPGPError_BadParams;
					goto done;
				}
				else
				{
					char		*pszThreshold = &ppszUsers[++i][0];
					*pdwThreshold = atoi(pszThreshold);
				}
			}
			else
			{ 
				/* should get here if everything is working correctly */
				err = kPGPError_BadParams;
				goto done;
			}
		}
		else
		{
			strcpy(pParse[num].szUserID, ppszUsers[i]);
			pParse[num].uShares = 1;
			(*pdwTotalShares)++;
			num++;
		}
	}

	*dwTotal = num;

	/* make sure threshold value is valid */
	if(*pdwThreshold > *pdwTotalShares)
	{
		fprintf(filebPtr->pgpout,
			LANG("Error, threshold greater than total number of shares.\n"));
		err = kPGPError_BadParams;
		goto done;
	}
	else if(!(*pdwThreshold))
	{
		*pdwThreshold = *pdwTotalShares;
	}

	*pshs = calloc(num, sizeof(SHAREHOLDERSTRUCT));
	if(*pshs == NULL)
		return kPGPError_OutOfMemory;

	pTemp = *pshs;

	for(i = 0; i < num; i++)
	{
		//err = pgpGetMatchingKeySet( mainbPtr, ppszUsers[3 + i], 0, &keyset);
		err = pgpGetMatchingKeySet( mainbPtr, pParse[i].szUserID, 0, &keyset);
		if(IsPGPError(err))
			goto done;

		err = PGPOrderKeySet( keyset, kPGPUserIDOrdering, &keylist );
		pgpAssertNoErr(err);
		err = PGPNewKeyIter( keylist, &keyiter );
		pgpAssertNoErr(err);
		err = PGPKeyIterRewind( keyiter );
		pgpAssertNoErr(err);

		err = PGPKeyIterNext( keyiter, &key);

		if(IsntPGPError(err) && key != kPGPInvalidRef)
		{
			PGPSize		length = 0;
			pTemp[i].bPublicKey = TRUE;
			
			err = PGPGetKeyIDFromKey(key, &pTemp[i].keyid);
			if(IsPGPError(err))
				goto done;

			err = PGPGetKeyNumber(key, kPGPKeyPropAlgID, &pTemp[i].keyalg);
			if(IsPGPError(err))
				goto done;

			//strcpy(pTemp[i].szUserID, ppszUsers[3 + i]);
			strcpy(pTemp[i].szUserID, pParse[i].szUserID);

#if 0
			err = PGPGetPrimaryUserIDNameBuffer(key, sizeof(pTemp[i].szUserID),
												pTemp[i].szUserID, &length);
			if(IsPGPError(err))
				goto done;
#endif 0

			
		}
		else if(err == kPGPError_EndOfIteration)
		{
			err = kPGPError_NoErr;
			/* conventionally encrypt this bad boy */
			pTemp[i].bPublicKey = FALSE;
			//strcpy(pTemp[i].szUserID, ppszUsers[3 + i]);
			strcpy(pTemp[i].szUserID, pParse[i].szUserID);
		}
		else
		{
			/* shouldn't get here */
			goto done;
		}

		pTemp[i].uShares = pParse[i].uShares;

		if(keyiter != kPGPInvalidRef)
		{
			PGPFreeKeyIter(keyiter);
			keyiter = kPGPInvalidRef;
		}
		if(keylist != kPGPInvalidRef)
		{
			PGPFreeKeyList(keylist);
			keylist = kPGPInvalidRef;
		}
		if(keyset != kPGPInvalidRef)
		{
			PGPFreeKeySet(keyset);
			keyset = kPGPInvalidRef;
		}
	}

done:
	if(pParse)
		free(pParse);
    if(keyiter != kPGPInvalidRef)
        PGPFreeKeyIter(keyiter);
    if(keylist != kPGPInvalidRef)
        PGPFreeKeyList(keylist);
	if(keyset != kPGPInvalidRef)
		PGPFreeKeySet(keyset);

	return err;
}


/* code to rejoin split keys */
typedef struct {
	PGPContextRef		context;
	struct pgpmainBones	*mainbPtr;
	/*PGPKeySetRef		keyset;*/
	PGPKeyRef			keyToJoin;
	PGPKeyID			keyidToJoin;
	PGPKeyRef			keyAuthenticating;
	PGPKeySetRef		keysetDecryption;
	PGPUInt32			iKeyIDCount;
	PGPKeyID*			keyidsDecryption;
	PGPKeySetRef		keysetToAdd;
	char				szAuthUserID[kPGPMaxUserIDSize+1];
	char				*pszPhraseAuth;
	PGPByte*			pPasskeyAuth;
	PGPSize				sizePasskeyAuth;
	PGPUInt16			uNeededShares;
	PGPUInt16			uCollectedShares;
	PGPShareRef			sharesCombined;
	/*PGPskepRef			skep;			/* used for key exchange via network I think */
	PGPUInt16			iIconIndex;
	PGPBoolean			bServerMode;
	PGPBoolean			bStop;
	PGPBoolean			bUserCancel;
	PGPBoolean			bUserOK;
	PGPBoolean			bBadPassphrase;
} RECONKEYSTRUCT, *PRECONKEYSTRUCT;

#define UNKNOWN_SHARES_NEEDED			999999

PGPError sHandlerDecode(PGPContextRef	context,
						PGPEvent*		event,
						PGPUserValue	userValue);




PGPError JoinSplitKey(struct pgpmainBones	*mainbPtr,
					  char					*pszKeyToSplit,
					  char					**ppszUsers,
					  PGPUInt16				myArgc)
{
    PGPContextRef			context = mainbPtr->pgpContext;
	struct pgpargsBones		*argsbPtr = mainbPtr->argsbPtr;
    struct pgpfileBones		*filebPtr = mainbPtr->filebPtr;
    struct pgpenvBones		*envbPtr = mainbPtr->envbPtr;
	PGPKeySetRef			workingset = kPGPInvalidRef;
	PGPKeySetRef			keyset = kPGPInvalidRef;
    PGPKeyListRef			keylist = kPGPInvalidRef;
    PGPKeyIterRef			keyiter = kPGPInvalidRef;
    /*PGPKeyRef				keyToJoin = kPGPInvalidRef;*/


	PGPShareRef				shares = kPGPInvalidRef;
	PGPUInt32				dwThreshold = 0, dwTotalShares = 0;
	PGPError				err = kPGPError_NoErr;

	PGPByte*				pPasskey = NULL;
	PGPUInt32				iPasskeyLength;
	char					*pszNew = NULL;

	RECONKEYSTRUCT			recon;
	memset(&recon, 0, sizeof(RECONKEYSTRUCT));

	recon.mainbPtr = mainbPtr;

	/* open default key rings */
	err = PGPOpenDefaultKeyRings(context, kPGPKeyRingOpenFlags_Mutable, &workingset);
	if(IsPGPError(err))
		return err;
	mainbPtr->workingRingSet = workingset;

	err = pgpGetMatchingKeySet( mainbPtr, pszKeyToSplit, 0, &keyset);
	if(IsPGPError(err))
		goto done;

    err = PGPOrderKeySet( keyset, kPGPUserIDOrdering, &keylist );
    pgpAssertNoErr(err);
    err = PGPNewKeyIter( keylist, &keyiter );
    pgpAssertNoErr(err);
    err = PGPKeyIterRewind( keyiter );
    pgpAssertNoErr(err);

    err = PGPKeyIterNext( keyiter, &recon.keyToJoin);
	if(recon.keyToJoin != kPGPInvalidRef)
	{
		PGPBoolean			bIsSplit = FALSE;
		PGPBoolean			bEnough = FALSE;
		PGPUInt16			i = 3;

		/* make sure that key is split */
		err = PGPGetKeyBoolean (recon.keyToJoin, kPGPKeyPropIsSecretShared, &bIsSplit);
		pgpAssertNoErr(err);
		if(!bIsSplit)
		{
			fprintf(filebPtr->pgpout,
				LANG("Error: Specified key is not split!\n"));
			err = kPGPError_BadParams;
			goto done;
		}

		/* gather shares to rejoin key */
		while(!bEnough)
		{
			err = AddShareFile(mainbPtr, &recon, ppszUsers[i++], &bEnough);
			if(IsPGPError(err))
			{
			}
			if(!bEnough && i > myArgc)
			{
				/* not enough shares to rejoin key */
				fprintf(filebPtr->pgpout,
					LANG("Error: Not enough shares to rejoin key!\n"));
				err = kPGPError_BadParams;
				goto done;
			}
		}

		err = PGPGetPasskeyFromShares (recon.sharesCombined, 
						&pPasskey, &iPasskeyLength);
		if(IsPGPError(err))
		{
			fprintf(filebPtr->pgpout,
				LANG("Error extracting passkey from shares!\n"));
			goto done;
		}

		if (!PGPPassphraseIsValid(recon.keyToJoin, 
					PGPOPasskeyBuffer (context, pPasskey, iPasskeyLength),
					PGPOLastOption (context)))
		{
			fprintf(filebPtr->pgpout,
				LANG("Error: Bad passphrase!\n"));
			err = kPGPError_BadPassphrase;
			goto done;
		}

		/* need to change passphrase of key to something here */ 
		err = pgpPassphraseDialogCmdline(mainbPtr, TRUE, 
					"Enter new passphrase: ", &pszNew);
		if(IsPGPError(err))
		{
			fprintf(filebPtr->pgpout,
				LANG("Error getting new passphrase for key!\n"));
			err = kPGPError_BadPassphrase;
			goto done;
		}


		/* get new passphrase for rejoined key here and put it in szNew */
		err = PGPChangePassphrase (recon.keyToJoin, 
				PGPOPasskeyBuffer (context, pPasskey, iPasskeyLength),
				PGPOPassphrase (context, pszNew), 
				PGPOLastOption (context));



	}
	else
	{
		fprintf(filebPtr->pgpout,
			LANG("Error: Key not found!\n"));
		err = kPGPError_BadParams;
	}

done:
    if(keyiter != kPGPInvalidRef)
        PGPFreeKeyIter(keyiter);
    if(keylist != kPGPInvalidRef)
        PGPFreeKeyList(keylist);
	if(keyset != kPGPInvalidRef)
		PGPFreeKeySet(keyset);
	if(workingset != kPGPInvalidRef)
	{
		PGPFreeKeySet(workingset);
		mainbPtr->workingRingSet = kPGPInvalidRef;
	}
	return err;
}

/* taken from CLrecon.c */
PGPError AddShareFile(struct pgpmainBones	*mainbPtr,
					  RECONKEYSTRUCT		*pRecon,
					  char					*pszShareFile,
					  PGPBoolean			*pbIsEnough)
{
    PGPContextRef			context = mainbPtr->pgpContext;
    struct pgpfileBones		*filebPtr = mainbPtr->filebPtr;

	PGPError				err	= kPGPError_NoErr;
	PFLFileSpecRef			fileref	= NULL;
	PGPShareFileRef			sharefileref = NULL;
	PGPOptionListRef		optionsDecode = NULL;
	PGPShareRef				shares = NULL;
	PGPShareRef				sharesTemp = NULL;


	char					*p;
	char					szName[kPGPMaxUserIDSize+1];
	char					sz[256];
	PGPUInt32				size;
	PGPUInt32				uNumShares;
	PGPUInt32				uThreshold;
	PGPKeyID				keyid;

	/* initialize */
	pRecon->keysetToAdd			= kInvalidPGPKeySetRef;
	pRecon->keysetDecryption	= kInvalidPGPKeySetRef;
	pRecon->iKeyIDCount			= 0;
	pRecon->keyidsDecryption	= NULL;

	err = PFLNewFileSpecFromFullPath (context, pszShareFile, &fileref);
	if (IsPGPError (err)) goto AddCleanup;

	err = PGPOpenShareFile (fileref, &sharefileref);
	if (IsPGPError (err)) goto AddCleanup;

	err = PGPGetShareFileSharedKeyID (sharefileref, &keyid);
	if (IsPGPError (err)) goto AddCleanup;

	if (PGPCompareKeyIDs (&keyid, &(pRecon->keyidToJoin)))
	{
		goto AddCleanup;
	}

	// check that threshold corresponds to other share files
	uThreshold = PGPGetShareThresholdInFile (sharefileref);
	if (pRecon->uNeededShares != UNKNOWN_SHARES_NEEDED) 
	{
		if (uThreshold != pRecon->uNeededShares)
		{
			fprintf(filebPtr->pgpout,
				LANG("Error: Threshold found in shares differs!\n"));
			goto AddCleanup;