pgpmakesig.c

可以实现对邮件的加密解密以及签名

			pgpCopyMemory (extra+1, pktbuf+l+2, 4);
			l += 6;
		}
		
		/* KeyID, always present in unhashed portion */
		if (!hashedpart) {
			pktbuf[l+1] = SIGSUB_KEYID;
			pktbuf[l] = 8 + 1;
			pgpCopyMemory (keyidbytes, pktbuf+l+2, 8);
			l += 8 + 2;
		}

		/* Sig expiration */
		if( (flags=pgpSigSpecSigExpiration (spec, &dat))
								& kPGPSigFlags_Present ) {
			if (!(flags & kPGPSigFlags_Unhashed) == hashedpart) {
				pktbuf[l+1] = SIGSUB_EXPIRATION | CRIT(flags);
				pktbuf[l] = 1 + 4;
				pktbuf[l+2] = (PGPByte)(dat >> 24);
				pktbuf[l+3] = (PGPByte)(dat >> 16);
				pktbuf[l+4] = (PGPByte)(dat >>  8);
				pktbuf[l+5] = (PGPByte)(dat >>  0);
				l += 2 + 4;
			}
		}

		/* Exportability information */
		if( (flags=pgpSigSpecExportable (spec, &bool1))
								& kPGPSigFlags_Present ) {
			if (!(flags & kPGPSigFlags_Unhashed) == hashedpart) {
				pktbuf[l+1] = SIGSUB_EXPORTABLE | CRIT(flags);
				pktbuf[l] = 1 + 1;
				pktbuf[l+2] = bool1;
				l += 1 + 2;
			}
		}

		/* Trust information */
		if( (flags=pgpSigSpecTrustLevel(spec, &trustLevel, &trustValue))
								& kPGPSigFlags_Present ) {
			if (!(flags & kPGPSigFlags_Unhashed) == hashedpart) {
				pktbuf[l+1] = SIGSUB_TRUST | CRIT(flags);
				pktbuf[l] = 1 + 2;
				pktbuf[l+2] = trustLevel;
				pktbuf[l+3] = trustValue;
				l += 2 + 2;
			}
		}

		/* Regexp information */
		if( (flags=pgpSigSpecRegExp (spec, &regExp))
								& kPGPSigFlags_Present ) {
			if (!(flags & kPGPSigFlags_Unhashed) == hashedpart) {
				PGPSize regExpLength = strlen(regExp) + 1;
				pktbuf[l+1] = SIGSUB_REGEXP | CRIT(flags);
				pktbuf[l] = 1 + regExpLength;
				pgpCopyMemory( regExp, pktbuf+l+2, regExpLength );
				l += regExpLength + 2;
			}
		}

		/* Revokability information */
		if( (flags=pgpSigSpecRevocable (spec, &bool1))
								& kPGPSigFlags_Present ) {
			if (!(flags & kPGPSigFlags_Unhashed) == hashedpart) {
				pktbuf[l+1] = SIGSUB_REVOCABLE | CRIT(flags);
				pktbuf[l] = 1 + 1;
				pktbuf[l+2] = bool1;
				l += 1 + 2;
			}
		}

		/* Key expiration (self sig) */
		if( (flags=pgpSigSpecKeyExpiration (spec, &dat))
								& kPGPSigFlags_Present ) {
			if (!(flags & kPGPSigFlags_Unhashed) == hashedpart) {
				pktbuf[l+1] = SIGSUB_KEY_EXPIRATION | CRIT(flags);
				pktbuf[l] = 1 + 4;
				pktbuf[l+2] = (PGPByte)(dat >> 24);
				pktbuf[l+3] = (PGPByte)(dat >> 16);
				pktbuf[l+4] = (PGPByte)(dat >>  8);
				pktbuf[l+5] = (PGPByte)(dat >>  0);
				l += 2 + 4;
			}
		}

		/* Additional decryption fingerprint (self sig) */
		for (i=0;
			 (flags=pgpSigSpecAdditionalRecipientRequest (spec, &adkey,
														  &adkeylen, i))
								 & kPGPSigFlags_Present;
			 ++i) {
			if (!(flags & kPGPSigFlags_Unhashed) == hashedpart) {
				pgpAssert (adkeylen + 1 < 192);
				pktbuf[l+1] = SIGSUB_KEY_ADDITIONAL_RECIPIENT_REQUEST
							| CRIT(flags);
				pktbuf[l] = adkeylen + 1;
				pgpCopyMemory (adkey, pktbuf+l+2, adkeylen);
				l += adkeylen + 2;
			}
		}

		/* Preferred algorithms (self sig) */
		if( (flags=pgpSigSpecPrefAlgs (spec, &pktdata, &pktdatalen))
								& kPGPSigFlags_Present ) {
			if (!(flags & kPGPSigFlags_Unhashed) == hashedpart) {
				pktbuf[l+1] = SIGSUB_PREFERRED_ENCRYPTION_ALGS | CRIT(flags);
				pktbuf[l] = pktdatalen+1;
				pgpCopyMemory (pktdata, pktbuf+l+2, pktdatalen);
				l += pktdatalen + 2;
			}
		}

		/* Key revocation key fingerprint (self sig) */
		for (i=0;
			 (flags=pgpSigSpecRevocationKey (spec, &adkey, &adkeylen, i))
					 			& kPGPSigFlags_Present;
			 ++i) {
			if (!(flags & kPGPSigFlags_Unhashed) == hashedpart) {
				pgpAssert (adkeylen + 1 < 192);
				pktbuf[l+1] = SIGSUB_KEY_REVOCATION_KEY | CRIT(flags);
				pktbuf[l] = adkeylen + 1;
				pgpCopyMemory (adkey, pktbuf+l+2, adkeylen);
				l += adkeylen + 2;
			}
		}

		/* Primary userid flag */
		if( (flags=pgpSigSpecPrimaryUserID (spec, &bool1))
								& kPGPSigFlags_Present ) {
			if (!(flags & kPGPSigFlags_Unhashed) == hashedpart) {
				pktbuf[l+1] = SIGSUB_PRIMARY_USERID | CRIT(flags);
				pktbuf[l] = 1 + 1;
				pktbuf[l+2] = bool1;
				l += 1 + 2;
			}
		}

		/* Keyserver preferences (self sig) */
		if( (flags=pgpSigSpecKeyServPrefs (spec, &pktdata, &pktdatalen))
								& kPGPSigFlags_Present ) {
			if (!(flags & kPGPSigFlags_Unhashed) == hashedpart) {
				pktbuf[l+1] = SIGSUB_KEYSERVER_PREFERENCES | CRIT(flags);
				pktbuf[l] = pktdatalen+1;
				pgpCopyMemory (pktdata, pktbuf+l+2, pktdatalen);
				l += pktdatalen + 2;
			}
		}

		/* Preferred keyserver (self sig) */
		if( (flags=pgpSigSpecPrefKeyServ (spec, &pktdata, &pktdatalen))
								& kPGPSigFlags_Present ) {
			if (!(flags & kPGPSigFlags_Unhashed) == hashedpart) {
				pktbuf[l+1] = SIGSUB_PREFERRED_KEYSERVER | CRIT(flags);
				pktbuf[l] = pktdatalen+1;
				pgpCopyMemory (pktdata, pktbuf+l+2, pktdatalen);
				l += pktdatalen + 2;
			}
		}

		/* Key flags (self sig) */
		if( (flags=pgpSigSpecKeyFlags (spec, &pktdata, &pktdatalen))
								& kPGPSigFlags_Present ) {
			if (!(flags & kPGPSigFlags_Unhashed) == hashedpart) {
				pktbuf[l+1] = SIGSUB_KEYFLAGS | CRIT(flags);
				pktbuf[l] = pktdatalen+1;
				pgpCopyMemory (pktdata, pktbuf+l+2, pktdatalen);
				l += pktdatalen + 2;
			}
		}

		/* Unrecognized subpackets we are copying verbatim */
		for (i=0;
			 (flags=pgpSigSpecPacket (spec, &pack, &packlen, i))
					 			& kPGPSigFlags_Present;
			 ++i) {
			/* packlen includes the type byte */
			if (!(flags & kPGPSigFlags_Unhashed) == hashedpart) {
				if (PKTLEN_ONE_BYTE(packlen)) {
					pktbuf[l] = packlen;
					pgpCopyMemory (pack, pktbuf+l+1, packlen);
					pktbuf[l+1] |= CRIT(flags);
					l += packlen + 1;
				} else if (PKTLEN_TWO_BYTES(packlen)) {
					pktbuf[l  ] = PKTLEN_BYTE0(packlen);
					pktbuf[l+1] = PKTLEN_BYTE1(packlen);
					pgpCopyMemory (pack, pktbuf+l+2, packlen);
					pktbuf[l+2] |= CRIT(flags);
					l += packlen + 2;
				} else {
					pktbuf[l  ] = 0xff;
					pktbuf[l+1] = (packlen >> 24) & 0xff;
					pktbuf[l+2] = (packlen >> 16) & 0xff;
					pktbuf[l+3] = (packlen >>  8) & 0xff;
					pktbuf[l+4] = (packlen >>  0) & 0xff;
					pgpCopyMemory (pack, pktbuf+l+5, packlen);
					pktbuf[l+5] |= CRIT(flags);
					l += packlen + 5;
				}
			}
		}
		
		/* Now can go back and fill in length field */
		pktbuf[l_init  ] = (PGPByte)((l-l_init-2) >> 8);
		pktbuf[l_init+1] = (PGPByte)((l-l_init-2) >> 0);

		if (hashedpart) {
			PGPContinueHash (temp_hc, pktbuf, l);

			/* Add hash "postscript", ensure hashed data not alias anything */
			postscript[0] = PGPVERSION_4;  /* Hash-convention version */
			postscript[1] = 0xff;   /* 5th from end, != any sig type value */
			postscript[2] = (PGPByte)(l >> 24);
			postscript[3] = (PGPByte)(l >> 16);
			postscript[4] = (PGPByte)(l >>  8);
			postscript[5] = (PGPByte)(l >>  0);
			PGPContinueHash (temp_hc, postscript, sizeof(postscript));
		}
		hashedpart = !hashedpart;
		l_init = l;
	} while (!hashedpart);

	/* Now finish hash calculation, copy over 2 csum bytes, put in sig */
	pgpAssert( l+2 <= pktbuflen );
	hash = (PGPByte *) pgpHashFinal(temp_hc);
	pgpCopyMemory (hash, pktbuf+l, 2);
	passphrase = pgpSigSpecPassphrase( spec, &passphraseLength, &hashedPhrase);
	h = pgpHashGetVTBL( hc );
	i = pgpKeySign( seckey, passphrase, passphraseLength, hashedPhrase,
					0, FALSE, h->algorithm, hash, h->hashsize,
					kPGPPublicKeyMessageFormat_PGP, &sigbuf, &sigsize );
	PGPFreeHashContext(temp_hc);
	if (i < 0) {
		pktbuf[l] = 0;
		pktbuf[l+1] = 0;
		return i;
	}
	vbuf = pktbuf;
	if( IsPGPError( pgpContextMemRealloc( context, &vbuf, pktbuflen+sigsize,
										  0 ) ) )
	{
		pgpContextMemFree( context, pktbuf );
		pgpContextMemFree( context, sigbuf );
	}
	pktbuf = vbuf;
	pgpCopyMemory( sigbuf, pktbuf+l+2, sigsize );
	pgpContextMemFree( context, sigbuf );

	*buf = pktbuf;
	return (int)sigsize+l+2;
}



/* Routines for 1-pass signature headers */

/* Right now the header is always 13 bytes long */
int
pgpMakeSigHeaderMaxSize (PGPSigSpec const *spec)
{
	(void)spec;
	return 13;
}

/*
 * Given a buffer of appropriate length (currently 13), create a
 * single-pass signature header, which is a "one-pass" signature that
 * will have a real signature later on.  Don't forget that you'll need
 * the packet header (2 more bytes) before this.  The format is:
 *
 *      Offset  Length  Meaning
 *       0      1       Version byte (=3)
 *       1      1       Signature type
 *       2      1       Hash Algorithm
 *       3      1       PK Algorithm
 *       4      8       KeyID
 *       12     1       nested flag
 */
int
pgpMakeSigHeader (PGPByte *buf, PGPSigSpec const *spec, PGPByte nest)
{
	PGPHashVTBL const *h;
	PGPKeyDBObjRef seckey;
	PGPByte const *extra;
	PGPSize extralen;
	PGPInt32 pkalg;
	PGPKeyID keyid;
	PGPByte const *keyidbytes;
	PGPSize dummy;

	extra = pgpSigSpecExtra (spec, &extralen);
	h = pgpSigSpecHash (spec);
	seckey = pgpSigSpecSeckey (spec);

	/* XXX: This should be more graceful */
	pgpAssert (extra);
	pgpAssert (h);
	pgpAssert (seckey);

	pgpGetKeyNumber( seckey, kPGPKeyProperty_AlgorithmID, &pkalg );
	pgpGetKeyPropertyBuffer( seckey, kPGPKeyProperty_KeyID, sizeof(keyid),
							 &keyid, &dummy );
	keyidbytes = pgpGetKeyIDBytes( &keyid );

	buf[0] = (PGPByte)PGPVERSION_3;		/* Force version 3 as format */
	buf[1] = *extra;
	buf[2] = h->algorithm;
	buf[3] = (PGPByte) pkalg;
	pgpCopyMemory(keyidbytes, buf+4, 8);
	buf[12] = nest;

	return 13;
}



/*__Editor_settings____

	Local Variables:
	tab-width: 4
	End:
	vi: ts=4 sw=4
	vim: si
_____________________*/