📄 pgpp11key.c
字号:
#endif
}
PGPError
pgpTokenFormat(
PGPContextRef context,
PGPUInt32 toknumber,
PGPByte const * adminPin, PGPSize adminPinLen,
PGPByte const * newUserPin, PGPSize newUserPinLen )
{
#if PGP_WIN32
PGPError err;
PGPToken *tok;
tok = F.pgpGetNthTokenObject( toknumber );
if( IsNull( tok ) )
return kPGPError_PublicKeyUnimplemented;
err = pgpTokenObjFormat( tok,
adminPin, adminPinLen, newUserPin, newUserPinLen );
if( IsntPGPError( err ) )
pgpSyncTokenToKeyDB( context, NULL, TRUE );
return err;
#else
(void) context;
(void) toknumber;
(void) adminPin; (void) adminPinLen;
(void) newUserPin; (void) newUserPinLen;
return 0;
#endif
}
PGPError
pgpTokenCheckPassphrase(
PGPUInt32 toknumber,
PGPByte const * passphrase,
PGPSize passphraseLength )
{
#if PGP_WIN32
PGPError err;
PGPToken *tok;
tok = F.pgpGetNthTokenObject( toknumber );
if( IsNull( tok ) )
return kPGPError_PublicKeyUnimplemented;
/* Unlock token */
err = pgpTokenObjAuth( tok, passphrase, passphraseLength );
if( IsPGPError( err ) )
return kPGPError_BadPassphrase;
(void)pgpTokenObjDeAuth( tok );
return kPGPError_NoErr;
#else
(void) toknumber;
(void) passphrase;
(void) passphraseLength;
return 0;
#endif
}
PGPError
pgpSetKeyTokenNum( PGPKeyDBObj *key, PGPToken *token )
{
#if PGP_WIN32
PGPKeyInfo *kinfo;
if( !pgpKeyIsOnToken(key) )
return kPGPError_SmartCardError;
pgpAssert(OBJISKEY(key));
pgpAssert(!pgpFrontEndKey(key));
pgpAssert(F.pgpGetTokenNum);
kinfo = pgpKeyToKeyInfo( key );
if( token == NULL )
token = pgpTokenFromKeyID( kinfo->keyID );
pgpAssert( token );
kinfo->tokenNum1 = token ? F.pgpGetTokenNum( token ) + 1 : 0;
#else
(void) key;
(void) token;
#endif
return kPGPError_NoErr;
}
/*
* Call to iterate over all token objects and update one or all keydbs.
* If fixedkdb is non-NULL do just that keydb (this is called upon opening
* the keydb). If it is null, iterate over all keydbs.
* If doNotify is true, notify the front end of any changes.
*/
PGPError
pgpSyncTokenToKeyDB(
PGPContextRef context,
PGPKeyDBRef fixedkdb,
PGPBoolean doNotify )
{
#if PGP_WIN32
PGPUInt32 tokCount;
PGPUInt32 i;
PGPTokenKeyInfo *keyIDs;
const KEYIDLEN = sizeof( keyIDs[0].keyid );
PGPSize nKeyIDs;
PGPUInt32 j;
PGPKeyDBRef kdb;
PGPToken *tok;
PGPBoolean didNotify = FALSE;
static PGPBoolean reentering = FALSE;
sLoadTCL();
/* Can reenter this when we import public blobs */
if( reentering )
return kPGPError_NoErr;
reentering = TRUE;
tokCount = IsNull( hTCL ) ?
0 /* For instance, user selected "No P11 module" */ :
F.pgpCountTokenObjects( );
if( tokCount && F.pgpSetCertToKeyID )
F.pgpSetCertToKeyID( sCertToKeyID, context );
for( i=0; i<tokCount; ++i )
{
tok = F.pgpGetNthTokenObject( i );
/* Copy token public key blobs to key rings */
keyIDs = pgpTokenObjGetPubKeyIDs ( tok, &nKeyIDs );
for( j=0; IsntNull(keyIDs) && j<nKeyIDs; j++ )
{
PGPKeyID keyid;
PGPByte *pk = NULL;
PGPUInt32 pklen = 0;
PGPBoolean pk_local=TRUE;
PGPByte *cert = NULL;
PGPUInt32 cert_len = 0;
PGPTokenCertInfo *ci = NULL;
PGPInt32 ci_n=0;
PGPNewKeyID( keyIDs[j].keyid, KEYIDLEN, keyIDs[j].alg, &keyid );
kdb = IsntNull( fixedkdb )
? fixedkdb
: pgpContextGetFirstKeyDB( context );
while( IsntNull( kdb ) )
{
if( pgpKeyDBUsesTokens( kdb ) )
{
PGPError err;
PGPKeyDBObjRef key;
int k;
err = pgpGetKeyByKeyID( kdb, &keyid, FALSE, FALSE, &key );
if( err == kPGPError_ItemNotFound )
{
PGPKeyDBRef newdb_pgp_data=NULL, newdb_certs=NULL;
/* Must copy key to this keydb */
/* Get PGP public key data (one per KeyID) */
if( keyIDs[j].pgpData ) {
if( IsNull( pk ) )
{
pgpTokenDataInfo *di = NULL;
PGPSize data_size;
PGPByte *data =
pgpTokenObjGetPublicKeyData ( tok,
keyIDs[j].keyid, &data_size, &di );
/* Build public key packet form the key stub */
if( !IsNull( data ) ) {
if( !IsNull( di ) ) {
PGPByte *new_pk;
PGPSize pub_pkt_size;
PGPByte *pub_pkt =
sPgpPubKeyPktFromDataInfo( context, di, &pub_pkt_size );
pgpTokenFreeTCLMem( di );
if( IsNull(pub_pkt) ) {
err = kPGPError_OutOfMemory;
pgpTokenFreeTCLMem( data );
break;
}
new_pk = pgpContextMemAlloc( context, pub_pkt_size+data_size, 0 );
if( IsNull(new_pk) ) {
err = kPGPError_OutOfMemory;
PGPFreeData( pub_pkt );
pgpTokenFreeTCLMem( data );
break;
}
pgpCopyMemory( pub_pkt, new_pk, pub_pkt_size );
pgpCopyMemory( data, new_pk+pub_pkt_size, data_size );
PGPFreeData( pub_pkt );
pgpTokenFreeTCLMem( data );
pk = new_pk;
pklen = pub_pkt_size+data_size;
}
else {
pk = data;
pklen = data_size;
pk_local = FALSE;
}
}
}
if( pklen!=0 && IsntNull( pk ) )
{
err = pgpImportKeyBinary_internal(
context, pk, pklen, &newdb_pgp_data );
}
#if PGP_DEBUG
else {
pgpAssert(0 /* TCL consistency problem */);
pgpAssert( err == kPGPError_ItemNotFound );
}
#endif
}
else
err = kPGPError_NoErr;
/* Now get certificates, if any */
if( IsntPGPError(err) ) {
if( IsNull(ci) )
ci = pgpTokenObjGetX509Certs(tok, keyIDs+j, &ci_n );
for( k=0; k<ci_n; k++ ) {
PGPSize certlen=0;
PGPByte *cert = pgpTokenObjGetX509Cert( tok, ci+k, &certlen );
if( certlen!=0 && IsntNull( cert ) )
{
PGPKeyDBRef db=NULL;
err = pgpDecodeX509Cert( cert, certlen,
context, NULL, &db );
pgpTokenFreeTCLMem(cert);
if( ! IsNull(db) ) {
if( IsNull(newdb_certs) )
PGPNewKeyDB( context, &newdb_certs );
PGPCopyKeys( PGPPeekKeyDBRootKeySet(db), newdb_certs, NULL);
PGPFreeKeyDB( db );
}
if( IsPGPError(err) )
break;
}
}
}
if( IsntPGPError( err ) )
{
if( !IsNull(newdb_pgp_data) )
PGPCopyKeys( PGPPeekKeyDBRootKeySet(newdb_pgp_data), kdb, NULL);
if( !IsNull(newdb_certs) )
PGPCopyKeys( PGPPeekKeyDBRootKeySet(newdb_certs), kdb, NULL);
}
if( !IsNull(newdb_pgp_data) )
PGPFreeKeyDB( newdb_pgp_data );
if( !IsNull(newdb_certs) )
PGPFreeKeyDB( newdb_certs );
}
}
/* Only one iteration if given a keydb */
if( IsntNull( fixedkdb ) )
break;
/* Iterate over all if fixedkdb is null */
kdb = pgpKeyDBNextKeyDB( kdb );
}
if( ! IsNull(pk) ) {
if( pk_local )
PGPFreeData( pk );
else
pgpTokenFreeTCLMem( pk );
}
pgpTokenFreeTCLMem( ci );
}
pgpTokenFreeTCLMem(keyIDs);
/* Mark private keys as belonging to token */
keyIDs = pgpTokenObjGetPrivKeyIDs ( tok, &nKeyIDs );
for( j=0; IsntNull(keyIDs) && j<nKeyIDs ; j++ )
{
PGPKeyID keyid;
PGPNewKeyID( keyIDs[j].keyid, KEYIDLEN, keyIDs[j].alg , &keyid );
kdb = IsntNull( fixedkdb )
? fixedkdb
: pgpContextGetFirstKeyDB( context );
while( IsntNull( kdb ) )
{
if( pgpKeyDBUsesTokens( kdb ) )
{
PGPError err;
PGPKeyDBObjRef key;
err = pgpGetKeyByKeyID( kdb, &keyid, FALSE, FALSE, &key );
if( IsntPGPError( err ) && IsntNull( key ) )
{
pgpKeyOnToken( key, tok );
if( doNotify )
{
pgpSetPendingNotify( NULL, key, NULL, NULL );
didNotify = TRUE;
}
}
}
/* Only one iteration if given a keydb */
if( IsntNull( fixedkdb ) )
break;
/* Else iterate over all */
kdb = pgpKeyDBNextKeyDB( kdb );
}
}
pgpTokenFreeTCLMem(keyIDs);
keyIDs = NULL;
}
/* Now check for any keys no longer on tokens */
kdb = IsntNull( fixedkdb )
? fixedkdb
: pgpContextGetFirstKeyDB( context );
while( IsntNull( kdb ) )
{
if( 1 /* pgpKeyDBUsesTokens( kdb ) */ )
{
PGPKeyDBObjRef key;
PGPKeyIterRef kiter;
PGPNewKeyIterFromKeyDB( kdb, &kiter );
while( IsntPGPError( PGPKeyIterNextKeyDBObj( kiter,
kPGPKeyDBObjType_Key, &key )))
{
PGPByte alg;
PGPKeyID keyid;
PGPByte *keyidbytes;
if( !pgpKeyIsOnToken( key ) )
continue;
pgpKeyID8( key, &alg, &keyid );
if( alg != kPGPPublicKeyAlgorithm_RSA )
continue;
keyidbytes = (PGPByte *)pgpGetKeyIDBytes( &keyid );
if( IsntNull( hTCL ) ) {
tok = F.pgpGetTokenObjectByPrivKeyID( keyidbytes );
if( IsntNull( tok ) )
continue;
}
/* Key is no longer on any tokens */
pgpKeyOffToken( key );
if( doNotify )
{
pgpSetPendingNotify( NULL, key, NULL, NULL );
didNotify = TRUE;
}
}
PGPFreeKeyIter( kiter );
}
/* Only one iteration if given a keydb */
if( IsntNull( fixedkdb ) )
break;
/* Calculate trust changes due to new token */
/* Not if called with fixedkdb, caller will do it then */
PGPCalculateTrust( PGPPeekKeyDBRootKeySet( kdb ), NULL );
/* Else iterate over all */
kdb = pgpKeyDBNextKeyDB( kdb );
}
/* Force at least one notify if requested */
if( doNotify && !didNotify )
{
kdb = IsntNull( fixedkdb )
? fixedkdb
: pgpContextGetFirstKeyDB( context );
while( IsntNull( kdb ) )
{
if( pgpKeyDBUsesTokens( kdb ) )
{
PGPKeyDBObjRef key =
pgpFirstKeyInKeySet( PGPPeekKeyDBRootKeySet( kdb ) );
pgpSetPendingNotify( NULL, key, NULL, NULL );
didNotify = TRUE;
}
if( IsntNull( fixedkdb ) )
break;
kdb = pgpKeyDBNextKeyDB( kdb );
}
}
if( tokCount && F.pgpSetCertToKeyID ) /* clear function and context */
F.pgpSetCertToKeyID( NULL /*CertToKeyID*/, NULL /*param*/ );
reentering = FALSE;
#else /* PGP_WIN32 */
(void) context;
(void) fixedkdb;
(void) doNotify;
#endif /* PGP_WIN32 */
return kPGPError_NoErr;
}
/* This is called to query all tokens and copy any new keys to keydbs */
PGPError
pgpPollTokens(
PGPContextRef context )
{
#if PGP_WIN32
sLoadTCL();
if( IsntNull( context ) )
{
PGPBoolean changes;
changes = FALSE;
if ( IsntNull( hTCL ) ) {
if( F.pgpAcquireAllTokens() != 0 ) {
changes = TRUE;
sHadTcl = TRUE;
}
}
else if( sHadTcl ) {
changes = TRUE;
sHadTcl = FALSE;
}
/* Some change to token list */
if( changes ) {
/* Make notify tell all clients */
pgpContextSetConnectRef( context, kPGPConnectRef_Null );
pgpSyncTokenToKeyDB( context, NULL, TRUE );
}
}
#else /* PGP_WIN32 */
(void) context;
#endif /* PGP_WIN32 */
return kPGPError_NoErr;
}
PGPError
pgpUnloadTCL()
{
#if PGP_WIN32
if( IsntNull(hTCL) )
{
HANDLE h = hTCL;
hTCL = NULL;
F.pgpReleaseAllTokens();
memset( &F, 0, sizeof(F) );
FreeLibrary( h );
}
inited = 0;
sLoadTclTries = 0;
sCustomTcl = -1;
sP11Module[0] = '\0';
#endif /* PGP_WIN32 */
return kPGPError_NoErr;
}
PGPError
pgpTokenFreeTCLMem(
void *p )
{
#if PGP_WIN32
pgpAssert( F.pgpFreeMem != NULL );
if( p )
F.pgpFreeMem( p );
#else
(void) p;
#endif
return kPGPError_NoErr;
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -