📄 pgpnetconfig.c
字号:
/*____________________________________________________________________________
Copyright (C) 2002 PGP Corporation
All rights reserved.
PGPconfig.c - PGPnet read/write configuration info
$Id: pgpNetConfig.c,v 1.43 2002/08/06 20:10:28 dallen Exp $
____________________________________________________________________________*/
#include <windows.h>
#include "pgpNetConfig.h"
#include "pflPrefTypes.h"
#include "pgpMemoryMgr.h"
#include "pgpFileSpec.h"
#include "pgpMem.h"
#include "pgpKeys.h"
#include "pgpErrors.h"
#include "pgpEndianConversion.h"
#include "pgpPFLPriv.h"
#include "pgpBuild.h"
// macro definitions
#define CKERR if (IsPGPError (err)) goto done
// ______________________________________________
//
// convert expiration prefs to form used by IKE
static PGPError
sComputeIkeExpirationPrefs (
PGPContextRef context,
PPNCONFIG pPNConfig)
{
pPNConfig->IkeExpirationPrefs.pref = kPGPike_PF_Expiration;
if (pPNConfig->bIkeKByteExpiration)
pPNConfig->IkeExpirationPrefs.u.expiration.kbLifeTimeIKE =
pPNConfig->uIkeKByteExpiration;
else
pPNConfig->IkeExpirationPrefs.u.expiration.kbLifeTimeIKE = 0;
if (pPNConfig->bIkeTimeExpiration)
pPNConfig->IkeExpirationPrefs.u.expiration.secLifeTimeIKE =
pPNConfig->uIkeTimeExpiration;
else
pPNConfig->IkeExpirationPrefs.u.expiration.secLifeTimeIKE = 0;
if (pPNConfig->bIpsecKByteExpiration)
pPNConfig->IkeExpirationPrefs.u.expiration.kbLifeTimeIPSEC =
pPNConfig->uIpsecKByteExpiration;
else
pPNConfig->IkeExpirationPrefs.u.expiration.kbLifeTimeIPSEC = 0;
if (pPNConfig->bIpsecTimeExpiration)
pPNConfig->IkeExpirationPrefs.u.expiration.secLifeTimeIPSEC =
pPNConfig->uIpsecTimeExpiration;
else
pPNConfig->IkeExpirationPrefs.u.expiration.secLifeTimeIPSEC = 0;
return kPGPError_NoErr;
}
// ______________________________________________
//
// load algorithm prefs into structure used by IKE
PGPError
PGPnetGetIkeAlgorithmPrefs (
PGPContextRef context,
PGPPrefRef prefref,
PPNCONFIG pPNConfig)
{
PGPError err;
pPNConfig->IkeAlgorithmPrefs.pref = kPGPike_PF_AllowedAlgorithms;
// get cipher algorithm booleans
err = PGPGetPrefBoolean (prefref,
kPGPNetPrefAllowCipherCAST,
&pPNConfig->IkeAlgorithmPrefs.u.allowedAlgorithms.cast5);
CKERR;
err = PGPGetPrefBoolean (prefref,
kPGPNetPrefAllowCipher3DES,
&pPNConfig->IkeAlgorithmPrefs.u.allowedAlgorithms.tripleDES);
CKERR;
err = PGPGetPrefBoolean (prefref,
kPGPNetPrefAllowCipherDES56,
&pPNConfig->IkeAlgorithmPrefs.u.allowedAlgorithms.singleDES);
CKERR;
err = PGPGetPrefBoolean (prefref,
kPGPNetPrefAllowCipherNone,
&pPNConfig->IkeAlgorithmPrefs.u.allowedAlgorithms.espNULL);
CKERR;
// get hash algorithm booleans
err = PGPGetPrefBoolean (prefref,
kPGPNetPrefAllowHashSHA1,
&pPNConfig->IkeAlgorithmPrefs.u.allowedAlgorithms.sha1);
CKERR;
err = PGPGetPrefBoolean (prefref,
kPGPNetPrefAllowHashMD5,
&pPNConfig->IkeAlgorithmPrefs.u.allowedAlgorithms.md5);
CKERR;
err = PGPGetPrefBoolean (prefref,
kPGPNetPrefAllowHashNone,
&pPNConfig->IkeAlgorithmPrefs.u.allowedAlgorithms.noAuth);
CKERR;
// get compression algorithm booleans
err = PGPGetPrefBoolean (prefref,
kPGPNetPrefAllowCompLZS,
&pPNConfig->IkeAlgorithmPrefs.u.allowedAlgorithms.lzs);
CKERR;
err = PGPGetPrefBoolean (prefref,
kPGPNetPrefAllowCompDeflate,
&pPNConfig->IkeAlgorithmPrefs.u.allowedAlgorithms.deflate);
CKERR;
// get Diffie-Hellman algorithm booleans
err = PGPGetPrefBoolean (prefref,
kPGPNetPrefAllowDH768,
&pPNConfig->IkeAlgorithmPrefs.u.allowedAlgorithms.modpOne768);
CKERR;
err = PGPGetPrefBoolean (prefref,
kPGPNetPrefAllowDH1024,
&pPNConfig->IkeAlgorithmPrefs.u.allowedAlgorithms.modpTwo1024);
CKERR;
err = PGPGetPrefBoolean (prefref,
kPGPNetPrefAllowDH1536,
&pPNConfig->IkeAlgorithmPrefs.u.allowedAlgorithms.modpFive1536);
CKERR;
err = PGPGetPrefBoolean (prefref,
kPGPNetPrefAllowEC163,
&pPNConfig->IkeAlgorithmPrefs.u.allowedAlgorithms.ec2n163 );
CKERR;
err = PGPGetPrefBoolean (prefref,
kPGPNetPrefAllowEC283,
&pPNConfig->IkeAlgorithmPrefs.u.allowedAlgorithms.ec2n283 );
CKERR;
done :
return err;
}
// ______________________________________________
//
// save algorithm prefs from structure used by IKE
static PGPError
sSetIkeAlgorithmPrefs (
PGPPrefRef prefref,
PPNCONFIG pPNConfig)
{
PGPError err = kPGPError_NoErr;
// set cipher algorithm booleans
err = PGPSetPrefBoolean (prefref,
kPGPNetPrefAllowCipherCAST,
pPNConfig->IkeAlgorithmPrefs.u.allowedAlgorithms.cast5);
CKERR;
err = PGPSetPrefBoolean (prefref,
kPGPNetPrefAllowCipher3DES,
pPNConfig->IkeAlgorithmPrefs.u.allowedAlgorithms.tripleDES);
CKERR;
err = PGPSetPrefBoolean (prefref,
kPGPNetPrefAllowCipherDES56,
pPNConfig->IkeAlgorithmPrefs.u.allowedAlgorithms.singleDES);
CKERR;
err = PGPSetPrefBoolean (prefref,
kPGPNetPrefAllowCipherNone,
pPNConfig->IkeAlgorithmPrefs.u.allowedAlgorithms.espNULL);
CKERR;
// set hash algorithm booleans
err = PGPSetPrefBoolean (prefref,
kPGPNetPrefAllowHashSHA1,
pPNConfig->IkeAlgorithmPrefs.u.allowedAlgorithms.sha1);
CKERR;
err = PGPSetPrefBoolean (prefref,
kPGPNetPrefAllowHashMD5,
pPNConfig->IkeAlgorithmPrefs.u.allowedAlgorithms.md5);
CKERR;
err = PGPSetPrefBoolean (prefref,
kPGPNetPrefAllowHashNone,
pPNConfig->IkeAlgorithmPrefs.u.allowedAlgorithms.noAuth);
CKERR;
// set compression algorithm booleans
err = PGPSetPrefBoolean (prefref,
kPGPNetPrefAllowCompLZS,
pPNConfig->IkeAlgorithmPrefs.u.allowedAlgorithms.lzs);
CKERR;
err = PGPSetPrefBoolean (prefref,
kPGPNetPrefAllowCompDeflate,
pPNConfig->IkeAlgorithmPrefs.u.allowedAlgorithms.deflate);
CKERR;
// set Diffie-Hellman algorithm booleans
err = PGPSetPrefBoolean (prefref,
kPGPNetPrefAllowDH768,
pPNConfig->IkeAlgorithmPrefs.u.allowedAlgorithms.modpOne768);
CKERR;
err = PGPSetPrefBoolean (prefref,
kPGPNetPrefAllowDH1024,
pPNConfig->IkeAlgorithmPrefs.u.allowedAlgorithms.modpTwo1024);
CKERR;
err = PGPSetPrefBoolean (prefref,
kPGPNetPrefAllowDH1536,
pPNConfig->IkeAlgorithmPrefs.u.allowedAlgorithms.modpFive1536);
CKERR;
err = PGPSetPrefBoolean (prefref,
kPGPNetPrefAllowEC163,
pPNConfig->IkeAlgorithmPrefs.u.allowedAlgorithms.ec2n163 );
CKERR;
err = PGPSetPrefBoolean (prefref,
kPGPNetPrefAllowEC283,
pPNConfig->IkeAlgorithmPrefs.u.allowedAlgorithms.ec2n283 );
CKERR;
done :
return err;
}
// ______________________________________________
//
// load IKE proposal prefs into structure used by IKE
PGPError
PGPnetGetIkeProposalPrefs (
PGPContextRef context,
PGPPrefRef prefref,
PPNCONFIG pPNConfig)
{
PGPError err = kPGPError_NoErr;
PGPSize size;
PGPUInt32 u, uNumProposals;
PGPikeTransform* pIke;
PGPNetPrefIKEProposalEntry* prefEntry;
err = PGPGetNetIKEProposalPrefs (
prefref, &prefEntry, &uNumProposals); CKERR;
pPNConfig->IkeIkeProposalPrefs.pref = kPGPike_PF_IKEProposals;
pPNConfig->
IkeIkeProposalPrefs.u.ikeProposals.numTransforms = uNumProposals;
if (uNumProposals > 0)
{
size = uNumProposals * sizeof(PGPikeTransform);
pPNConfig->IkeIkeProposalPrefs.u.ikeProposals.t =
PGPNewData (PGPPeekContextMemoryMgr (context),
size, kPGPMemoryMgrFlags_Clear);
if (pPNConfig->IkeIkeProposalPrefs.u.ikeProposals.t)
{
pIke = pPNConfig->IkeIkeProposalPrefs.u.ikeProposals.t;
for (u=0; u<uNumProposals; u++)
{
pIke[u].authMethod = prefEntry[u].authMethod;
pIke[u].hash = prefEntry[u].hash;
pIke[u].cipher = prefEntry[u].cipher;
pIke[u].groupID = prefEntry[u].groupID;
}
}
else
err = kPGPError_OutOfMemory;
PGPFreeData(prefEntry);
}
done :
return err;
}
// ______________________________________________
//
// save IKE proposal prefs from structure used by IKE
static PGPError
sSetIkeProposalPrefs (
PGPContextRef context,
PGPPrefRef prefref,
PPNCONFIG pPNConfig)
{
PGPError err = kPGPError_NoErr;
PGPSize size;
PGPUInt32 u, uNumProposals;
PGPikeTransform* pIke;
PGPNetPrefIKEProposalEntry* prefEntry;
uNumProposals =
pPNConfig->IkeIkeProposalPrefs.u.ikeProposals.numTransforms;
if (uNumProposals > 0)
{
size = uNumProposals * sizeof(PGPNetPrefIKEProposalEntry);
prefEntry = PGPNewData (PGPPeekContextMemoryMgr (context),
size, kPGPMemoryMgrFlags_Clear);
if (prefEntry)
{
pIke = pPNConfig->IkeIkeProposalPrefs.u.ikeProposals.t;
for (u=0; u<uNumProposals; u++)
{
prefEntry[u].authMethod = pIke[u].authMethod;
prefEntry[u].hash = pIke[u].hash;
prefEntry[u].cipher = pIke[u].cipher;
prefEntry[u].groupID = pIke[u].groupID;
}
err = PGPSetNetIKEProposalPrefs (
prefref, prefEntry, uNumProposals);
PGPFreeData (prefEntry);
}
else
err = kPGPError_OutOfMemory;
}
return err;
}
// ______________________________________________
//
// load IPSEC proposal prefs into structure used by IKE
PGPError
PGPnetGetIpsecProposalPrefs (
PGPContextRef context,
PGPPrefRef prefref,
PPNCONFIG pPNConfig)
{
PGPError err = kPGPError_NoErr;
PGPSize size;
PGPUInt32 u, uNumProposals;
PGPipsecTransform* pIpsec;
PGPNetPrefIPSECProposalEntry* prefEntry;
err = PGPGetPrefNumber (
prefref, kPGPnetPrefIPSECGroupID,
&pPNConfig->IkeIpsecGroupID); CKERR;
err = PGPGetNetIPSECProposalPrefs (
prefref, &prefEntry, &uNumProposals); CKERR;
pPNConfig->IkeIpsecProposalPrefs.pref = kPGPike_PF_IPSECProposals;
pPNConfig->
IkeIpsecProposalPrefs.u.ipsecProposals.numTransforms = uNumProposals;
if (uNumProposals > 0)
{
size = uNumProposals * sizeof(PGPipsecTransform);
pPNConfig->IkeIpsecProposalPrefs.u.ipsecProposals.t =
PGPNewData (PGPPeekContextMemoryMgr (context),
size, kPGPMemoryMgrFlags_Clear);
if (pPNConfig->IkeIpsecProposalPrefs.u.ipsecProposals.t)
{
pIpsec = pPNConfig->IkeIpsecProposalPrefs.u.ipsecProposals.t;
for (u=0; u<uNumProposals; u++)
{
pIpsec[u].useESP = prefEntry[u].useESP;
pIpsec[u].esp.cipher = prefEntry[u].espCipher;
pIpsec[u].esp.authAttr = prefEntry[u].espHash;
pIpsec[u].useAH = prefEntry[u].useAH;
pIpsec[u].ah.authAlg = prefEntry[u].ahAuthAlg;
pIpsec[u].ah.authAttr = prefEntry[u].ahHash;
pIpsec[u].useIPCOMP = prefEntry[u].useIPCOMP;
pIpsec[u].ipcomp.compAlg = prefEntry[u].ipcomp;
pIpsec[u].groupID = pPNConfig->IkeIpsecGroupID;
}
}
else
err = kPGPError_OutOfMemory;
PGPFreeData(prefEntry);
}
done :
return err;
}
// ______________________________________________
//
// save IPSEC proposal prefs from structure used by IKE
static PGPError
sSetIpsecProposalPrefs (
PGPContextRef context,
PGPPrefRef prefref,
PPNCONFIG pPNConfig)
{
PGPError err = kPGPError_NoErr;
PGPSize size;
PGPUInt32 u, uNumProposals;
PGPipsecTransform* pIpsec;
PGPNetPrefIPSECProposalEntry* prefEntry;
uNumProposals =
pPNConfig->IkeIpsecProposalPrefs.u.ipsecProposals.numTransforms;
if (uNumProposals > 0)
{
size = uNumProposals * sizeof(PGPNetPrefIPSECProposalEntry);
prefEntry = PGPNewData (PGPPeekContextMemoryMgr (context),
size, kPGPMemoryMgrFlags_Clear);
if (prefEntry)
{
pIpsec = pPNConfig->IkeIpsecProposalPrefs.u.ipsecProposals.t;
for (u=0; u<uNumProposals; u++)
{
prefEntry[u].useESP = pIpsec[u].useESP;
prefEntry[u].espCipher = pIpsec[u].esp.cipher;
prefEntry[u].espHash = pIpsec[u].esp.authAttr;
prefEntry[u].useAH = pIpsec[u].useAH;
prefEntry[u].ahAuthAlg = pIpsec[u].ah.authAlg;
prefEntry[u].ahHash = pIpsec[u].ah.authAttr;
prefEntry[u].useIPCOMP = pIpsec[u].useIPCOMP;
prefEntry[u].ipcomp = pIpsec[u].ipcomp.compAlg;
}
err = PGPSetNetIPSECProposalPrefs (
prefref, prefEntry, uNumProposals);
PGPFreeData (prefEntry);
}
else
err = kPGPError_OutOfMemory;
}
return err;
}
// ____________________________________
//
// load configuration information from prefs file
PGPError
PGPnetLoadConfiguration (
PGPContextRef context,
PGPPrefRef prefref,
PPNCONFIG pPNConfig)
{
PGPError err;
PGPUInt32 u;
PGPSize size;
PGPByte* pbyte;
if (!PGPPrefRefIsValid (prefref))
return kPGPError_BadParams;
pgpFillMemory(pPNConfig, sizeof(PNCONFIG), '\0');
// get booleans
err = PGPGetPrefBoolean (prefref,
kPGPNetPrefEnablePGPnet,
&pPNConfig->bPGPnetEnabled); CKERR;
err = PGPGetPrefBoolean (prefref,
kPGPNetPrefEnableVPN,
&pPNConfig->bPGPnetVPNEnabled); CKERR;
err = PGPGetPrefBoolean (prefref,
kPGPNetPrefEnableFirewall,
&pPNConfig->bPGPnetFirewallEnabled); CKERR;
err = PGPGetPrefFlags (prefref,
kPGPNetPrefEnablePGPnet, &u); CKERR;
pPNConfig->bPGPnetEnabledLocked = (u & kPGPPrefFlags_DisableGUI);
err = PGPGetPrefBoolean (prefref,
kPGPNetPrefRequireValidKeyConfigured,
&pPNConfig->bRequireValidKeyConfigured); CKERR;
err = PGPGetPrefBoolean (prefref,
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -