📄 keysplit.c
字号:
}
}
err = PGPGetShareFileUserID (sharefileref,
sizeof(szName), szName, &size);
if (IsPGPError (err)) goto AddCleanup;
uNumShares = PGPGetNumSharesInFile (sharefileref);
// decrypt specified share file
pRecon->bBadPassphrase = FALSE;
PGPBuildOptionList (context, &optionsDecode,
PGPOKeySetRef (context, mainbPtr->workingRingSet),
PGPOEventHandler (context, sHandlerDecode, pRecon),
PGPOLastOption (context));
err = PGPCopySharesFromFile (context, sharefileref,
optionsDecode, &shares);
if (IsPGPError (err)) goto AddCleanup;
// add shares to collection
if (pRecon->sharesCombined) {
err = PGPCombineShares (shares,
pRecon->sharesCombined, &sharesTemp);
if (IsPGPError (err))
goto AddCleanup;
PGPFreeShares (pRecon->sharesCombined);
pRecon->sharesCombined = sharesTemp;
}
else {
pRecon->sharesCombined = shares;
shares = NULL;
}
// share is OK, add it to list
pRecon->uNeededShares = uThreshold;
pRecon->uCollectedShares += uNumShares;
if(pRecon->uCollectedShares >= pRecon->uNeededShares)
pbIsEnough = TRUE;
AddCleanup :
if (shares)
PGPFreeShares (shares);
if (sharefileref)
PGPFreeShareFile (sharefileref);
if (fileref)
PFLFreeFileSpec (fileref);
if (optionsDecode)
PGPFreeOptionList(optionsDecode);
if (PGPKeySetRefIsValid (pRecon->keysetDecryption))
PGPFreeKeySet (pRecon->keysetDecryption);
if (pRecon->keyidsDecryption)
free(pRecon->keyidsDecryption);
switch (err)
{
/* should probably print some descriptive info here for each case */
case kPGPClientError_IdenticalShares :
#if 0
PGPclMessageBox (hwnd, IDS_CAPTION, IDS_DUPLICATESHARES,
MB_OK|MB_ICONEXCLAMATION);
#endif 0
break;
case kPGPClientError_DifferentSharePool :
#if 0
PGPclMessageBox (hwnd, IDS_CAPTION, IDS_SHARENUMMISMATCH,
MB_OK|MB_ICONEXCLAMATION);
#endif 0
break;
case kPGPClientError_DifferentSplitKeys :
#if 0
PGPclMessageBox (hwnd, IDS_CAPTION, IDS_SHAREKEYMISMATCH,
MB_OK|MB_ICONEXCLAMATION);
#endif 0
break;
default:
#if 0
PGPclErrorBox (hwnd, err);
#endif 0
break;
}
#if 0 /* this allowed the user to add keys to their keyring, don't think this is needed for command line */
if (PGPKeySetRefIsValid (prks->keysetToAdd)) {
if (IsntPGPError (err)) {
PGPclQueryAddKeys (prks->context, prks->tlsContext, hwnd,
prks->keysetToAdd, prks->keyset);
}
PGPFreeKeySet (prks->keysetToAdd);
}
#else 0
if(PGPKeySetRefIsValid(pRecon->keysetToAdd))
PGPFreeKeySet(pRecon->keysetToAdd);
#endif
return err;
}
// ______________________________________________
//
// decode event handler
static PGPError
sHandlerDecode (
PGPContextRef context,
PGPEvent* event,
PGPUserValue userValue)
{
PGPError err = kPGPError_NoErr;
RECONKEYSTRUCT *pRecon = NULL;
switch (event->type) {
case kPGPEvent_PassphraseEvent:
{
char *psz = NULL;
PGPByte* pbyte = NULL;
PGPSize size;
PGPUInt16 uLen;
char szPrompt[64];
pRecon = (RECONKEYSTRUCT *)userValue;
if (!pRecon->bBadPassphrase)
{
#if 0
LoadString (g_hInst, IDS_DECRYPTSHARESPROMPT,
szPrompt, sizeof(szPrompt));
#endif 0
}
else
{
#if 0
LoadString (g_hInst, IDS_BADSHAREFILEPASSPHRASE,
szPrompt, sizeof(szPrompt));
#endif 0
}
if (event->data.passphraseData.fConventional)
{
err = pgpPassphraseDialogCmdline(pRecon->mainbPtr, TRUE,
"Enter share descryption passphrase: ", &psz);
}
else
{
/* need to get key from the keyset pRecon->keysetDecryption and then get passphrase for it */
/* if key is split, need to rejoin key to get keybuffer and pass that to PGPAddJobOptions below */
PGPKeyRef key = kPGPInvalidRef;
PGPBoolean bSplitKey = FALSE;
PGPBoolean bNeedsFree = FALSE;
PGPKeyListRef keylist = kPGPInvalidRef;
PGPKeyIterRef keyiter = kPGPInvalidRef;
err = PGPOrderKeySet(pRecon->keysetDecryption, kPGPUserIDOrdering, &keylist );
pgpAssertNoErr(err);
err = PGPNewKeyIter(keylist, &keyiter );
pgpAssertNoErr(err);
err = PGPKeyIterRewind( keyiter );
pgpAssertNoErr(err);
err = PGPKeyIterNext(keyiter, &key);
if(key != kPGPInvalidRef)
{
/* check to see if key is a split key */
err = PGPGetKeyBoolean(key, kPGPKeyPropIsSecretShared, &bSplitKey);
pgpAssertNoErr(err);
if(bSplitKey)
{
/* reconstitute that key dude */
}
else
{
/* get passphrase for key */
err = pgpGetValidPassphrase(pRecon->mainbPtr, key, &psz, &bNeedsFree );
}
}
else
{
err = kPGPError_UserAbort;
}
#if 0
err = KMGetDecryptionPhrase (context, prks->tlsContext,
prks->hwndDlg, szPrompt, prks->keyset,
NULL, prks->keysetDecryption,
prks->iKeyIDCount, prks->keyidsDecryption,
&prks->keysetToAdd, &psz, &pbyte, &size);
prks->iIconIndex = IDX_DSAUSERID;
#endif 0
}
if (IsntPGPError (err))
{
if (psz)
{
uLen = strlen (psz);
PGPAddJobOptions (event->job,
PGPOPassphraseBuffer (context, psz, uLen),
PGPOLastOption (context));
}
else
{
PGPAddJobOptions (event->job,
PGPOPasskeyBuffer (context, pbyte, size),
PGPOLastOption (context));
}
}
if(psz)
PGPFreeData(psz);
if (pbyte)
{
memset(pbyte, 0, size);
PGPFreeData(pbyte);
}
// If passphrase event comes up again, the passphrase
// must have been bad
pRecon->bBadPassphrase = TRUE;
}
break;
case kPGPEvent_RecipientsEvent:
{
PGPUInt32 i;
PGPEventRecipientsData *pData = &event->data.recipientsData;
pRecon = (RECONKEYSTRUCT *)userValue;
/* Save recipient key set for passphrase dialog */
pRecon->keysetDecryption = pData->recipientSet;
PGPIncKeySetRefCount (pRecon->keysetDecryption);
/* Save unknown keyids */
/* should probably just error if there are keys required that aren't available in key set */
if (pData->keyCount > 0)
{
pRecon->iKeyIDCount = pData->keyCount;
pRecon->keyidsDecryption =
(PGPKeyID *)calloc(pData->keyCount, sizeof(PGPKeyID));
for (i=0; i<pData->keyCount; i++)
{
pRecon->keyidsDecryption[i] = pData->keyIDArray[i];
}
}
}
break;
}
return err;
}
PGPError ReconstituteKey(struct pgpmainBones *mainbPtr,
PGPKeyRef key,
PGPByte **ppPasskeyBuffer,
PGPSize *piPasskeyLength)
{
PGPError err = kPGPError_NoErr;
return err;
}
/*
__________________________________________________________________________________________
*/
#if 0
/* taken from KMChange.c */
// ___________________________________________________
//
// Change passphrase on key
BOOL
KMChangePhrase (
HWND hwndParent,
PKEYMAN pKM,
PGPContextRef context,
PGPtlsContextRef tlsContext,
PGPKeySetRef keyset,
PGPKeyRef key)
{
LPSTR pszOldPhrase = NULL;
LPSTR pszNewPhrase = NULL;
PGPByte* pPasskey = NULL;
PGPPrefRef prefs = kInvalidPGPPrefRef;
INT iMinPhraseLength = 0;
INT iMinPhraseQuality = 0;
CHAR szPrompt[64];
PGPSize sizePasskey;
PGPError err;
BOOL bSplit;
#if PGP_BUSINESS_SECURITY
PGPBoolean b;
PGPUInt32 u;
#endif
if (!sbChangingPhrase) {
sbChangingPhrase = TRUE;
// minimum passphrase length
#if PGP_BUSINESS_SECURITY
err = PGPclOpenAdminPrefs (
PGPGetContextMemoryMgr (context),
&prefs, PGPclIsAdminInstall ()); CKERR;
b = FALSE;
err = PGPGetPrefBoolean (prefs, kPGPPrefEnforceMinChars, &b); CKERR;
if (b) {
err = PGPGetPrefNumber (prefs, kPGPPrefMinChars, &u); CKERR;
iMinPhraseLength = (INT)u;
}
#endif
// minimum passphrase quality
#if PGP_BUSINESS_SECURITY
b = FALSE;
PGPGetPrefBoolean (prefs, kPGPPrefEnforceMinQuality, &b); CKERR;
if (b) {
err = PGPGetPrefNumber (prefs, kPGPPrefMinQuality, &u); CKERR;
iMinPhraseQuality = (INT)u;
}
#endif
err = KMGetKeyPhrase (
context,
tlsContext,
hwndParent,
NULL,
keyset,
key,
&pszOldPhrase,
&pPasskey,
&sizePasskey);
if (IsntPGPError (err)) {
LoadString (g_hInst, IDS_NEWPHRASEPROMPT,
szPrompt, sizeof(szPrompt));
err = KMGetConfirmationPhrase (
context,
hwndParent,
szPrompt,
keyset,
iMinPhraseLength,
iMinPhraseQuality,
&pszNewPhrase);
if (IsntPGPError (err)) {
if (pszOldPhrase) bSplit = FALSE;
else bSplit = TRUE;
if (bSplit) {
err = sChangePhraseSplit (
context,
keyset,
key,
pPasskey,
sizePasskey,
pszNewPhrase);
}
else {
err = sChangePhraseNormal (
context,
keyset,
key,
pszOldPhrase,
pszNewPhrase);
}
}
}
if (pszOldPhrase)
KMFreePhrase (pszOldPhrase);
if (pszNewPhrase)
KMFreePhrase (pszNewPhrase);
if (pPasskey)
KMFreePasskey (pPasskey, sizePasskey);
if (IsPGPError (err))
PGPclErrorBox (hwndParent, err);
else {
PGPclNotifyPurgePassphraseCache (
PGPCL_DECRYPTIONCACHE|PGPCL_SIGNINGCACHE, 0);
if (bSplit)
KMMessageBox (hwndParent, IDS_PGP, IDS_KEYRECONSTITUTED,
MB_OK|MB_ICONINFORMATION);
else
KMMessageBox (hwndParent, IDS_PGP, IDS_PHRASECHANGED,
MB_OK|MB_ICONINFORMATION);
}
}
#if PGP_BUSINESS_SECURITY
done :
if (PGPPrefRefIsValid (prefs))
PGPclCloseAdminPrefs (prefs, FALSE);
#endif
sbChangingPhrase = FALSE;
PGPclErrorBox (hwndParent, err);
return (IsntPGPError (err));
}
// ___________________________________________________
//
// Change Passphrase of split key and all subkeys
static PGPError
sChangePhraseSplit (
PGPContextRef context,
PGPKeySetRef keyset,
PGPKeyRef key,
PGPByte* passkey,
PGPSize sizePasskey,
LPSTR szNew)
{
UINT u;
PGPKeyListRef keylist;
PGPKeyIterRef keyiter;
PGPSubKeyRef subkey;
PGPError err;
err = PGPChangePassphrase (key,
PGPOPasskeyBuffer (context, passkey, sizePasskey),
PGPOPassphrase (context, szNew),
PGPOLastOption (context));
if (IsPGPError (err)) return err;
PGPGetKeyNumber (key, kPGPKeyPropAlgID, &u);
switch (u) {
case kPGPPublicKeyAlgorithm_RSA :
break;
case kPGPPublicKeyAlgorithm_DSA :
PGPOrderKeySet (keyset, kPGPAnyOrdering, &keylist);
PGPNewKeyIter (keylist, &keyiter);
PGPKeyIterSeek (keyiter, key);
PGPKeyIterNextSubKey (keyiter, &subkey);
while (subkey) {
err = PGPChangeSubKeyPassphrase (subkey,
PGPOPasskeyBuffer (context, passkey, sizePasskey),
PGPOPassphrase (context, szNew),
PGPOLastOption (context));
PGPKeyIterNextSubKey (keyiter, &subkey);
}
PGPFreeKeyIter (keyiter);
PGPFreeKeyList (keylist);
break;
default :
break;
}
return err;
}
/* taken from clrecon.c */
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -