private ESKSequence CreateESKSequence(TransportablePublicKey[] tpkKeys, AsymActions aaAction, SymAlgorithms saAlgo, byte[] bSymKey)
{
ESKSequence esksReturn = new ESKSequence();
for (int i = 0; i < tpkKeys.Length; i++)
{
TransportablePublicKey tpkKey = tpkKeys[i];
PublicKeyPacket pkpKey = tpkKey.FindKey(aaAction);
if (pkpKey == null)
{
throw new Exception("Could not find subkey fitting to the selected action. Concerned Key: " + tpkKey.PrimaryUserID);
}
AsymSessionKeyPacket skpKey = new AsymSessionKeyPacket();
skpKey.KeyID = pkpKey.KeyID;
skpKey.PublicAlgorithm = pkpKey.Algorithm;
skpKey.SymmetricAlgorithm = saAlgo;
skpKey.SessionKey = bSymKey;
skpKey.EncryptSessionKey(pkpKey);
esksReturn.AddAsymSessionKey(skpKey);
}
return(esksReturn);
}
private static ESKSequence CreateESKSequence(ArrayList alKeys, AsymActions aaAction, SymAlgorithms saAlgo, byte[] bSymKey)
{
IEnumerator ieKeys = alKeys.GetEnumerator();
ESKSequence esksReturn = new ESKSequence();
while (ieKeys.MoveNext())
{
TransportablePublicKey tpkKey = (TransportablePublicKey)ieKeys.Current;
PublicKeyPacket pkpKey = tpkKey.FindKey(aaAction);
if (pkpKey == null)
{
throw new Exception("Could not find subkey fitting to the selected action. Concerned Key: " + tpkKey.PrimaryUserID);
}
AsymSessionKeyPacket skpKey = new AsymSessionKeyPacket();
skpKey.KeyID = pkpKey.KeyID;
skpKey.PublicAlgorithm = pkpKey.Algorithm;
skpKey.SymmetricAlgorithm = saAlgo;
skpKey.SessionKey = bSymKey;
skpKey.EncryptSessionKey(pkpKey);
esksReturn.AddAsymSessionKey(skpKey);
}
return(esksReturn);
}
/// <summary>
/// Verifies the revocation status of a key
/// </summary>
/// <param name="KeyID">the key to verify</param>
/// <returns>the revocation status of the key</returns>
public bool isRevoked(ulong KeyID)
{
TransportablePublicKey tpkKey = this.Find(KeyID, true);
if (tpkKey == null)
{
return(false);
}
if (tpkKey.PrimaryKey.KeyID == KeyID)
{
ArrayList nvsigatures = this.verifySignatures(tpkKey);
foreach (SignaturePacket sp in tpkKey.PrimaryUserIDCert.Certificates)
{
if (sp.SignatureType == SignatureTypes.UserIDSignature ||
sp.SignatureType == SignatureTypes.UserIDSignature_CasualVerification ||
sp.SignatureType == SignatureTypes.UserIDSignature_NoVerification ||
sp.SignatureType == SignatureTypes.UserIDSignature_PositivVerification)
{
if (!sp.isRevocable())
{
return(false);
}
}
}
if (tpkKey.RevocationSignatures == null || tpkKey.RevocationSignatures.Count == 0)
{
return(false);
}
else
{
foreach (SignaturePacket revocation in tpkKey.RevocationSignatures)
{
if (revocation.KeyID == tpkKey.PrimaryKey.KeyID)
{
PublicKeyPacket pkpKey = tpkKey.FindKey(revocation.KeyID);
byte[] key = new byte[tpkKey.PrimaryKey.Length];
tpkKey.PrimaryKey.Header.CopyTo(key, 0);
tpkKey.PrimaryKey.Body.CopyTo(key, tpkKey.PrimaryKey.Header.Length);
revocation.Verify(key, pkpKey);
if (revocation.SignatureStatus == SignatureStatusTypes.Valid)
{
return(true);
}
else if (revocation.SignatureStatus == SignatureStatusTypes.Invalid)
{
continue;
}
else
{
continue;
}
}
else
{
TransportablePublicKey revtpkKey = this.Find(revocation.KeyID, true);
if (revtpkKey == null)
{
return(false);
}
foreach (SignaturePacket spPacket in tpkKey.RevocationKeys)
{
foreach (BigInteger revoker in spPacket.FindRevokerKeys())
{
if (revoker.ToString() == revtpkKey.PrimaryKey.Fingerprint.ToString())
{
PublicKeyPacket pkpKey = revtpkKey.PrimaryKey;
byte[] key = new byte[tpkKey.PrimaryKey.Length];
tpkKey.PrimaryKey.Header.CopyTo(key, 0);
tpkKey.PrimaryKey.Body.CopyTo(key, tpkKey.PrimaryKey.Header.Length);
revocation.Verify(key, pkpKey);
if (revocation.SignatureStatus == SignatureStatusTypes.Valid)
{
return(true);
}
else if (revocation.SignatureStatus == SignatureStatusTypes.Invalid)
{
continue;
}
else
{
continue;
}
}
}
}
}
}
}
}
else
{
ArrayList signaturesNotOK = this.verifySignatures(tpkKey);
foreach (CertifiedPublicSubkey cps in tpkKey.SubKeys)
{
if (cps.Subkey.KeyID == KeyID)
{
if (cps.RevocationSignature != null && !signaturesNotOK.Contains(cps.RevocationSignature) && cps.KeyBindingSignature.isRevocable())
{
ulong issuer = cps.RevocationSignature.KeyID;
if (issuer == tpkKey.PrimaryKey.KeyID)
{
return(true);
}
else
{
foreach (SignaturePacket spPacket in tpkKey.RevocationKeys)
{
foreach (BigInteger revoker in spPacket.FindRevokerKeys())
{
if (revoker == this.Find(issuer, true).PrimaryKey.Fingerprint)
{
return(true);
}
}
}
}
}
}
}
}
return(false);
}
/// <summary>
/// Verifies key signatures
/// </summary>
/// <param name="tpkKey">the key to be verified</param>
/// <returns>
/// list of invalid signatures or objects containing invalid signatures:
/// SignaturePacket
/// CertifiedUserID
/// CertifiedPublicSubkey
/// </returns>
private ArrayList verifySignatures(TransportablePublicKey tpkKey)
{
ArrayList signaturesNotOK = new ArrayList();
//Verify Revocation Signatures
foreach (SignaturePacket revocation in tpkKey.RevocationSignatures)
{
if (revocation.KeyID == tpkKey.PrimaryKey.KeyID)
{
PublicKeyPacket pkpKey = tpkKey.FindKey(revocation.KeyID);
byte[] key = new byte[tpkKey.PrimaryKey.Length];
tpkKey.PrimaryKey.Header.CopyTo(key, 0);
tpkKey.PrimaryKey.Body.CopyTo(key, tpkKey.PrimaryKey.Header.Length);
if (pkpKey == null)
{
revocation.SignatureStatus = SignatureStatusTypes.Signing_Key_Not_Available;
signaturesNotOK.Add(revocation);
}
else
{
revocation.Verify(key, pkpKey);
if (revocation.SignatureStatus == SignatureStatusTypes.Invalid ||
revocation.SignatureStatus == SignatureStatusTypes.Not_Verified ||
revocation.SignatureStatus == SignatureStatusTypes.Signing_Key_Not_Available)
{
signaturesNotOK.Add(revocation);
}
}
}
else
{
TransportablePublicKey revtpkKey = this.Find(revocation.KeyID, true);
if (revtpkKey != null)
{
foreach (SignaturePacket spPacket in tpkKey.RevocationKeys)
{
foreach (BigInteger revoker in spPacket.FindRevokerKeys())
{
if (revoker.ToString() == revtpkKey.PrimaryKey.Fingerprint.ToString())
{
PublicKeyPacket pkpKey = revtpkKey.PrimaryKey;
byte[] key = new byte[tpkKey.PrimaryKey.Length];
tpkKey.PrimaryKey.Header.CopyTo(key, 0);
tpkKey.PrimaryKey.Body.CopyTo(key, tpkKey.PrimaryKey.Header.Length);
revocation.Verify(key, pkpKey);
if (revocation.SignatureStatus == SignatureStatusTypes.Invalid ||
revocation.SignatureStatus == SignatureStatusTypes.Not_Verified ||
revocation.SignatureStatus == SignatureStatusTypes.Signing_Key_Not_Available)
{
signaturesNotOK.Add(revocation);
}
}
}
}
}
else
{
revocation.SignatureStatus = SignatureStatusTypes.Signing_Key_Not_Available;
signaturesNotOK.Add(revocation);
}
}
}
//Verify UserID
foreach (CertifiedUserID userId in tpkKey.Certifications)
{
userId.Validate(tpkKey.PrimaryKey, this);
if (userId.CertificationValidityStatus == CertifiedUserID.ValidityStatus.Invalid ||
userId.CertificationValidityStatus == CertifiedUserID.ValidityStatus.NotYetValidated ||
userId.CertificationValidityStatus == CertifiedUserID.ValidityStatus.ValidationKeyUnavailable)
{
foreach (SignaturePacket sp in userId.Certificates)
{
if (sp.SignatureStatus != SignatureStatusTypes.Valid)
{
signaturesNotOK.Add(sp);
}
}
}
}
foreach (CertifiedPublicSubkey cps in tpkKey.SubKeys)
{
if (cps.KeyBindingSignature == null)
{
signaturesNotOK.Add(cps);
}
else
{
cps.VerifyKeyBindingSignature(tpkKey.PrimaryKey);
if (cps.KeyBindingSignature.SignatureStatus == SignatureStatusTypes.Invalid ||
cps.KeyBindingSignature.SignatureStatus == SignatureStatusTypes.Not_Verified ||
cps.KeyBindingSignature.SignatureStatus == SignatureStatusTypes.Signing_Key_Not_Available)
{
signaturesNotOK.Add(cps.KeyBindingSignature);
}
}
//Verify Subkey Revocation Signature
SignaturePacket revocation = cps.RevocationSignature;
if (revocation != null)
{
if (revocation.KeyID == tpkKey.PrimaryKey.KeyID)
{
byte[] subkey = new byte[cps.Subkey.Length];
cps.Subkey.Header.CopyTo(subkey, 0);
cps.Subkey.Body.CopyTo(subkey, cps.Subkey.Header.Length);
subkey[0] = 0x99;
byte[] mainkey = new byte[tpkKey.PrimaryKey.Length];
tpkKey.PrimaryKey.Header.CopyTo(mainkey, 0);
tpkKey.PrimaryKey.Body.CopyTo(mainkey, tpkKey.PrimaryKey.Header.Length);
byte[] key = new byte[subkey.Length + mainkey.Length];
mainkey.CopyTo(key, 0);
subkey.CopyTo(key, mainkey.Length);
revocation.Verify(key, tpkKey.PrimaryKey);
if (revocation.SignatureStatus == SignatureStatusTypes.Invalid ||
revocation.SignatureStatus == SignatureStatusTypes.Not_Verified ||
revocation.SignatureStatus == SignatureStatusTypes.Signing_Key_Not_Available)
{
signaturesNotOK.Add(revocation);
}
}
else
{
TransportablePublicKey revtpkKey = this.Find(revocation.KeyID, true);
if (revtpkKey != null)
{
foreach (SignaturePacket spPacket in tpkKey.RevocationKeys)
{
foreach (BigInteger revoker in spPacket.FindRevokerKeys())
{
if (revoker.ToString() == revtpkKey.PrimaryKey.Fingerprint.ToString())
{
byte[] subkey = new byte[cps.Subkey.Length];
cps.Subkey.Header.CopyTo(subkey, 0);
cps.Subkey.Body.CopyTo(subkey, cps.Subkey.Header.Length);
subkey[0] = 0x99;
byte[] mainkey = new byte[revtpkKey.PrimaryKey.Length];
tpkKey.PrimaryKey.Header.CopyTo(mainkey, 0);
tpkKey.PrimaryKey.Body.CopyTo(mainkey, revtpkKey.PrimaryKey.Header.Length);
byte[] key = new byte[subkey.Length + mainkey.Length];
mainkey.CopyTo(key, 0);
subkey.CopyTo(key, mainkey.Length);
revocation.Verify(key, revtpkKey.PrimaryKey);
if (revocation.SignatureStatus == SignatureStatusTypes.Invalid ||
revocation.SignatureStatus == SignatureStatusTypes.Not_Verified ||
revocation.SignatureStatus == SignatureStatusTypes.Signing_Key_Not_Available)
{
signaturesNotOK.Add(revocation);
}
}
}
}
}
else
{
signaturesNotOK.Add(revocation);
}
}
}
}
return(signaturesNotOK);
}
