repos/pEpEngine: src/pgp_netpgp.c@7cbc1b22a250 (annotated)

vb@1517	1	// This file is under GNU General Public License 3.0
vb@1517	2	// see LICENSE.txt
vb@1517	3
Edouard@174	4	#include "pEp_internal.h"
Edouard@174	5	#include "pgp_netpgp.h"
Edouard@174	6
Edouard@174	7	#include <limits.h>
Edouard@174	8
Edouard@174	9	#include "wrappers.h"
Edouard@174	10
vb@334	11	#include "netpgp.h"
dirk@533	12	#include <netpgp/config.h>
dirk@533	13	#include <netpgp/memory.h>
dirk@533	14	#include <netpgp/crypto.h>
dirk@533	15	#include <netpgp/netpgpsdk.h>
dirk@533	16	#include <netpgp/validate.h>
dirk@533	17	#include <netpgp/readerwriter.h>
Edouard@179	18
Edouard@252	19	#include <curl/curl.h>
Edouard@252	20	#include <pthread.h>
Edouard@188	21	#include <regex.h>
Edouard@188	22
Edouard@252	23	static netpgp_t netpgp;
Edouard@254	24	static pthread_mutex_t netpgp_mutex;
Edouard@252	25
Edouard@263	26	static PEP_STATUS init_netpgp()
Edouard@174	27	{
Edouard@174	28	PEP_STATUS status = PEP_STATUS_OK;
Edouard@175	29	const char *home = NULL;
Edouard@179	30
Edouard@252	31	if(pthread_mutex_init(&netpgp_mutex, NULL)){
Edouard@252	32	return PEP_OUT_OF_MEMORY;
Edouard@252	33	}
Edouard@252	34
Edouard@263	35	if(pthread_mutex_lock(&netpgp_mutex)){
Edouard@252	36	return PEP_UNKNOWN_ERROR;
Edouard@252	37	}
Edouard@174	38
Edouard@263	39	if (strcmp(setlocale(LC_ALL, NULL), "C") == 0)
Edouard@263	40	setlocale(LC_ALL, "");
Edouard@174	41
Edouard@263	42	memset(&netpgp, 0x0, sizeof(netpgp_t));
Edouard@180	43
Edouard@263	44	// netpgp_setvar(&netpgp, "max mem alloc", "4194304");
Edouard@263	45	netpgp_setvar(&netpgp, "need seckey", "1");
Edouard@315	46	// netpgp_setvar(&netpgp, "need userid", "1");
Edouard@252	47
Edouard@263	48	// NetPGP shares home with GPG
Edouard@263	49	home = gpg_home();
Edouard@263	50	if(home){
Edouard@263	51	netpgp_set_homedir(&netpgp,(char*)home, NULL, 0);
Edouard@263	52	}else{
Edouard@263	53	status = PEP_INIT_NO_GPG_HOME;
Edouard@263	54	goto unlock_netpgp;
Edouard@174	55	}
Edouard@174	56
Edouard@263	57	// pair with gpg's cert-digest-algo
Edouard@263	58	netpgp_setvar(&netpgp, "hash", "SHA256");
Edouard@263	59
Edouard@263	60	// subset of gpg's personal-cipher-preferences
Edouard@263	61	// here only one cipher can be selected
Edouard@263	62	netpgp_setvar(&netpgp, "cipher", "CAST5");
Edouard@263	63
Edouard@263	64	if (!netpgp_init(&netpgp)) {
Edouard@263	65	status = PEP_INIT_NETPGP_INIT_FAILED;
Edouard@263	66	goto unlock_netpgp;
Edouard@263	67	}
Edouard@175	68
Edouard@315	69	// netpgp_set_debug("packet-parse.c");
Edouard@315	70
Edouard@252	71	unlock_netpgp:
Edouard@252	72	pthread_mutex_unlock(&netpgp_mutex);
krista@1435	73
Edouard@263	74	return status;
Edouard@263	75	}
Edouard@175	76
Edouard@263	77	static void release_netpgp()
Edouard@263	78	{
Edouard@263	79	if(pthread_mutex_lock(&netpgp_mutex)){
Edouard@263	80	return;
Edouard@263	81	}
Edouard@263	82	netpgp_end(&netpgp);
Edouard@263	83	memset(&netpgp, 0x0, sizeof(netpgp_t));
Edouard@263	84
Edouard@263	85	pthread_mutex_destroy(&netpgp_mutex);
Edouard@263	86
Edouard@263	87	return;
Edouard@263	88	}
Edouard@263	89
Edouard@263	90	static PEP_STATUS init_curl(
Edouard@263	91	pthread_mutex_t *curl_mutex,
Edouard@263	92	bool in_first)
Edouard@263	93	{
Edouard@263	94	PEP_STATUS status = PEP_STATUS_OK;
Edouard@263	95
Edouard@263	96	if(pthread_mutex_init(curl_mutex, NULL)){
Edouard@263	97	return PEP_OUT_OF_MEMORY;
Edouard@263	98	}
Edouard@263	99
Edouard@263	100	if(pthread_mutex_lock(curl_mutex)){
Edouard@263	101	return PEP_UNKNOWN_ERROR;
Edouard@263	102	}
Edouard@263	103
Edouard@263	104	if(in_first){
Edouard@263	105	curl_global_init(CURL_GLOBAL_DEFAULT);
Edouard@263	106	}
Edouard@263	107
Edouard@322	108	pthread_mutex_unlock(curl_mutex);
Edouard@322	109	return status;
Edouard@322	110	}
Edouard@322	111
Edouard@322	112	static void release_curl(
krista@1435	113	pthread_mutex_t *curl_mutex,
Edouard@322	114	bool out_last)
Edouard@322	115	{
Edouard@322	116	if(pthread_mutex_lock(curl_mutex)){
Edouard@322	117	return;
Edouard@322	118	}
Edouard@322	119
Edouard@322	120	if(out_last){
Edouard@322	121	curl_global_cleanup();
Edouard@322	122	}
Edouard@322	123
Edouard@322	124	pthread_mutex_destroy(curl_mutex);
Edouard@322	125
Edouard@322	126	return;
Edouard@322	127	}
Edouard@322	128
Edouard@322	129	static PEP_STATUS curl_get_ctx(
Edouard@322	130	CURL **curl)
Edouard@322	131	{
Edouard@322	132	PEP_STATUS status = PEP_STATUS_OK;
Edouard@322	133	struct curl_slist *headers=NULL;
Edouard@322	134
Edouard@263	135	if ((*curl = curl_easy_init()) == NULL) {
Edouard@263	136	return PEP_OUT_OF_MEMORY;
Edouard@263	137	}
Edouard@263	138
Edouard@263	139	curl_easy_setopt(*curl, CURLOPT_FOLLOWLOCATION, 1L);
Edouard@263	140	curl_easy_setopt(*curl, CURLOPT_MAXREDIRS, 3L);
Edouard@263	141
Edouard@263	142	headers=curl_slist_append(headers,"Pragma: no-cache");
Edouard@263	143	if(headers)
Edouard@263	144	headers=curl_slist_append(headers,"Cache-Control: no-cache");
Edouard@263	145
Edouard@263	146	if(!headers)
Edouard@263	147	{
Edouard@322	148	return PEP_OUT_OF_MEMORY;
Edouard@174	149	}
Edouard@174	150
Edouard@263	151	curl_easy_setopt(curl,CURLOPT_HTTPHEADER,headers);
Edouard@263	152	curl_slist_free_all(headers);
Edouard@263	153
Edouard@263	154	// TODO curl_easy_setopt(curl,CURLOPT_PROXY,proxy);
Edouard@174	155	return status;
Edouard@174	156	}
Edouard@174	157
Edouard@322	158	static void curl_release_ctx(
Edouard@322	159	CURL **curl)
Edouard@263	160	{
Edouard@263	161	if(*curl)
Edouard@263	162	curl_easy_cleanup(*curl);
Edouard@263	163
Edouard@263	164	*curl = NULL;
Edouard@263	165
Edouard@263	166	return;
Edouard@263	167	}
Edouard@263	168
Edouard@263	169	PEP_STATUS pgp_init(PEP_SESSION session, bool in_first)
Edouard@263	170	{
Edouard@263	171	PEP_STATUS status = PEP_STATUS_OK;
Edouard@263	172
Edouard@263	173	assert(session);
Edouard@661	174	if(!session) return PEP_ILLEGAL_VALUE;
Edouard@263	175
Edouard@263	176	if (in_first) {
Edouard@263	177	if((status = init_netpgp()) != PEP_STATUS_OK)
Edouard@263	178	return status;
Edouard@263	179	}
Edouard@263	180
Edouard@263	181	if((status = init_curl(
Edouard@263	182	&session->ctx.curl_mutex,
Edouard@263	183	in_first) != PEP_STATUS_OK)){
Edouard@263	184	if(in_first) release_netpgp();
Edouard@263	185	return status;
Edouard@263	186	}
Edouard@263	187
Edouard@263	188	return PEP_STATUS_OK;
Edouard@263	189	}
Edouard@263	190
Edouard@174	191	void pgp_release(PEP_SESSION session, bool out_last)
Edouard@174	192	{
Edouard@179	193	assert(session);
Edouard@179	194	if(!session) return;
Edouard@179	195
Edouard@263	196	if (out_last){
Edouard@263	197	release_netpgp();
Edouard@252	198	}
Edouard@322	199	release_curl(&session->ctx.curl_mutex, out_last);
Edouard@174	200	}
Edouard@174	201
Edouard@446	202	// return 1 if the file contains ascii-armoured text
Edouard@188	203	static unsigned
Edouard@188	204	_armoured(const char buf, size_t size, const char pattern)
Edouard@188	205	{
Edouard@188	206	unsigned armoured = 0;
Edouard@446	207	regex_t r;
Edouard@446	208	regcomp(&r, pattern, REG_EXTENDED\|REG_NOSUB);
Edouard@446	209	if (regnexec(&r, buf, size, 0, NULL, 0) == 0) {
Edouard@446	210	armoured = 1;
Edouard@188	211	}
Edouard@446	212	regfree(&r);
Edouard@188	213	return armoured;
Edouard@188	214	}
Edouard@188	215
Edouard@393	216	/* write key fingerprint hexdump as a string */
Edouard@393	217	static unsigned
Edouard@393	218	fpr_to_str (char *str, const uint8_t fpr, size_t length)
Edouard@393	219	{
Edouard@393	220	unsigned i;
Edouard@393	221	int n;
krista@1435	222
Edouard@491	223	/* 4 hexes per short + null */
Edouard@490	224	str = malloc((length / 2) 4 + 1);
krista@1435	225
Edouard@393	226	if(*str == NULL)
Edouard@393	227	return 0;
krista@1435	228
Edouard@489	229	for (n = 0, i = 0 ; i < length; i += 2) {
Edouard@489	230	n += snprintf(&((*str)[n]), 5, "%02x%02x", fpr[i], fpr[i+1]);
Edouard@393	231	}
krista@1435	232
Edouard@393	233	return 1;
Edouard@393	234	}
Edouard@393	235
Edouard@393	236	/* write key fingerprint bytes read from hex string
Edouard@393	237	* accept spaces and hexes */
Edouard@393	238	static unsigned
Edouard@393	239	str_to_fpr (const char str, uint8_t fpr, size_t *length)
Edouard@393	240	{
Edouard@393	241	unsigned i,j;
krista@1435	242
Edouard@393	243	*length = 0;
krista@1435	244
Edouard@393	245	while(str && length < PGP_FINGERPRINT_SIZE){
Edouard@393	246	while (*str == ' ') str++;
Edouard@393	247	for (j = 0; j < 2; j++) {
Edouard@393	248	uint8_t byte = &fpr[length];
Edouard@393	249	*byte = 0;
Edouard@393	250	for (i = 0; i < 2; i++) {
Edouard@393	251	if (i > 0)
Edouard@393	252	byte = byte << 4;
Edouard@393	253	if (str >= 'a' && str <= 'f')
Edouard@393	254	byte += 10 + str - 'a';
Edouard@393	255	else if (str >= 'A' && str <= 'F')
Edouard@393	256	byte += 10 + str - 'A';
Edouard@393	257	else if (str >= '0' && str <= '9')
Edouard@393	258	byte += str - '0';
Edouard@393	259	else
Edouard@393	260	return 0;
Edouard@393	261	str++;
Edouard@393	262	}
Edouard@393	263	(*length)++;
Edouard@393	264	}
Edouard@393	265	}
Edouard@393	266	return 1;
Edouard@393	267	}
Edouard@393	268
krista@1435	269	// Iterate through netpgp' reported valid signatures
Edouard@185	270	// fill a list of valid figerprints
Edouard@185	271	// returns PEP_STATUS_OK if all sig reported valid
Edouard@185	272	// error status otherwise.
Edouard@279	273	static PEP_STATUS _validation_results(
Edouard@279	274	netpgp_t *netpgp,
Edouard@279	275	pgp_validation_t *vresult,
Edouard@279	276	stringlist_t **_keylist
Edouard@279	277	)
Edouard@185	278	{
Edouard@188	279	time_t now;
Edouard@188	280	time_t t;
Edouard@185	281
Edouard@188	282	now = time(NULL);
Edouard@188	283	if (now < vresult->birthtime) {
Edouard@188	284	// signature is not valid yet
Edouard@431	285	return PEP_DECRYPT_SIGNATURE_DOES_NOT_MATCH;
Edouard@188	286	}
Edouard@188	287	if (vresult->duration != 0 && now > vresult->birthtime + vresult->duration) {
Edouard@188	288	// signature has expired
Edouard@188	289	t = vresult->duration + vresult->birthtime;
Edouard@431	290	return PEP_DECRYPT_SIGNATURE_DOES_NOT_MATCH;
Edouard@188	291	}
Edouard@185	292	if (vresult->validc && vresult->valid_sigs &&
Edouard@185	293	!vresult->invalidc && !vresult->unknownc ) {
roker@1559	294
Edouard@185	295	// caller responsible to free
Edouard@185	296	*_keylist = new_stringlist(NULL);
Edouard@185	297	assert(*_keylist);
Edouard@185	298	if (*_keylist == NULL) {
Edouard@185	299	return PEP_OUT_OF_MEMORY;
Edouard@185	300	}
roker@1559	301
roker@1559	302	stringlist_t k = _keylist;
roker@1559	303	for (unsigned n = 0; n < vresult->validc; ++n) {
Edouard@393	304	unsigned from = 0;
Edouard@393	305	const pgp_key_t *signer;
Edouard@393	306	char *fprstr = NULL;
Edouard@315	307	const uint8_t *keyid = vresult->valid_sigs[n].signer_id;
krista@1435	308
Edouard@393	309	signer = pgp_getkeybyid(netpgp->io, netpgp->pubring,
Edouard@393	310	keyid, &from, NULL, NULL,
krista@1435	311	0, 0); /* check neither revocation nor expiry
Edouard@393	312	as is should be checked already */
Edouard@393	313	if(signer)
Edouard@393	314	fpr_to_str(&fprstr,
Edouard@393	315	signer->pubkeyfpr.fingerprint,
Edouard@393	316	signer->pubkeyfpr.length);
Edouard@393	317	else
Edouard@393	318	return PEP_VERIFY_NO_KEY;
krista@1435	319
Edouard@393	320	if (fprstr == NULL)
Edouard@393	321	return PEP_OUT_OF_MEMORY;
krista@1435	322
Edouard@393	323	k = stringlist_add(k, fprstr);
krista@1435	324
Edouard@393	325	free(fprstr);
krista@1435	326
Edouard@185	327	if(!k){
Edouard@185	328	free_stringlist(*_keylist);
Edouard@185	329	return PEP_OUT_OF_MEMORY;
Edouard@185	330	}
Edouard@185	331	}
Edouard@185	332	return PEP_STATUS_OK;
Edouard@185	333	}
Edouard@185	334	if (vresult->validc + vresult->invalidc + vresult->unknownc == 0) {
Edouard@185	335	// No signatures found - is this memory signed?
krista@1435	336	return PEP_VERIFY_NO_KEY;
krista@1435	337	}
krista@1435	338
Edouard@185	339	if (vresult->invalidc) {
Edouard@185	340	// some invalid signatures
Edouard@185	341	return PEP_DECRYPT_SIGNATURE_DOES_NOT_MATCH;
Edouard@185	342	}
krista@1435	343
Edouard@185	344	// only unknown sigs
Edouard@431	345	return PEP_DECRYPTED;
Edouard@185	346	}
Edouard@185	347
Edouard@389	348	#define _ENDL "\\s*(\r\n\|\r\|\n)"
Edouard@389	349	#define ARMOR_HEAD "^-----BEGIN PGP MESSAGE-----"_ENDL
Edouard@174	350	PEP_STATUS pgp_decrypt_and_verify(
Edouard@174	351	PEP_SESSION session, const char *ctext, size_t csize,
krista@1435	352	const char *dsigtext, size_t dsigsize,
Edouard@174	353	char *ptext, size_t psize, stringlist_t **keylist
Edouard@174	354	)
Edouard@174	355	{
Edouard@180	356	char *_ptext = NULL;
Edouard@179	357
Edouard@174	358	PEP_STATUS result;
Edouard@174	359	stringlist_t *_keylist = NULL;
Edouard@174	360
Edouard@174	361	assert(session);
Edouard@174	362	assert(ctext);
Edouard@174	363	assert(csize);
Edouard@174	364	assert(ptext);
Edouard@174	365	assert(psize);
Edouard@174	366	assert(keylist);
Edouard@174	367
krista@1435	368	if(!session \|\| !ctext \|\| !csize \|\| !ptext \|\| !psize \|\| !keylist)
Edouard@661	369	return PEP_ILLEGAL_VALUE;
Edouard@179	370
Edouard@263	371	if(pthread_mutex_lock(&netpgp_mutex)){
Edouard@252	372	return PEP_UNKNOWN_ERROR;
Edouard@252	373	}
Edouard@179	374
Edouard@174	375	*ptext = NULL;
Edouard@174	376	*psize = 0;
Edouard@174	377	*keylist = NULL;
Edouard@174	378
roker@1559	379	pgp_validation_t *vresult = malloc(sizeof(pgp_validation_t));
Edouard@185	380	memset(vresult, 0x0, sizeof(pgp_validation_t));
Edouard@182	381
roker@1559	382	pgp_memory_t *mem = pgp_decrypt_and_validate_buf(netpgp.io, vresult, ctext, csize,
Edouard@252	383	netpgp.secring, netpgp.pubring,
Edouard@188	384	_armoured(ctext, csize, ARMOR_HEAD),
Edouard@179	385	0 /* sshkeys */,
Edouard@180	386	NULL, -1, NULL /* pass fp,attempts,cb */);
Edouard@179	387	if (mem == NULL) {
Edouard@252	388	result = PEP_OUT_OF_MEMORY;
Edouard@252	389	goto unlock_netpgp;
Edouard@179	390	}
Edouard@179	391
roker@1559	392	const size_t _psize = pgp_mem_len(mem);
Edouard@182	393	if (_psize){
Edouard@272	394	if ((_ptext = malloc(_psize + 1)) == NULL) {
Edouard@183	395	result = PEP_OUT_OF_MEMORY;
Edouard@183	396	goto free_pgp;
Edouard@182	397	}
Edouard@185	398	memcpy(_ptext, pgp_mem_data(mem), _psize);
Edouard@272	399	_ptext[_psize] = '\0'; // safeguard for naive users
Edouard@182	400	result = PEP_DECRYPTED;
Edouard@182	401	}else{
Edouard@183	402	result = PEP_DECRYPT_NO_KEY;
Edouard@183	403	goto free_pgp;
Edouard@182	404	}
Edouard@180	405
Edouard@185	406	if (result == PEP_DECRYPTED) {
Edouard@252	407	result = _validation_results(&netpgp, vresult, &_keylist);
Edouard@431	408	if (result == PEP_DECRYPTED) {
Edouard@431	409	//no change
Edouard@449	410	} else if (result == PEP_VERIFY_NO_KEY) {
Edouard@449	411	result = PEP_DECRYPTED;
Edouard@431	412	}else if (result != PEP_STATUS_OK) {
Edouard@185	413	goto free_ptext;
Edouard@431	414	}else{
Edouard@431	415	result = PEP_DECRYPTED_AND_VERIFIED;
Edouard@183	416	}
Edouard@180	417	}
Edouard@174	418
Edouard@180	419	if (result == PEP_DECRYPTED_AND_VERIFIED
Edouard@180	420	\|\| result == PEP_DECRYPTED) {
Edouard@180	421	*ptext = _ptext;
Edouard@180	422	*psize = _psize;
Edouard@180	423	(ptext)[psize] = 0; // safeguard for naive users
Edouard@185	424	if (result == PEP_DECRYPTED_AND_VERIFIED) {
Edouard@185	425	*keylist = _keylist;
Edouard@185	426	}
Edouard@183	427
Edouard@183	428	/* _ptext and _keylist ownership transfer, don't free */
Edouard@183	429	goto free_pgp;
Edouard@180	430	}
Edouard@183	431
Edouard@183	432	free_stringlist(_keylist);
Edouard@183	433
Edouard@183	434	free_ptext:
Edouard@183	435	free(_ptext);
Edouard@183	436
Edouard@183	437	free_pgp:
Edouard@185	438	pgp_memory_free(mem);
Edouard@183	439	pgp_validate_result_free(vresult);
Edouard@183	440
Edouard@252	441	unlock_netpgp:
Edouard@252	442	pthread_mutex_unlock(&netpgp_mutex);
Edouard@252	443
Edouard@174	444	return result;
Edouard@174	445	}
Edouard@174	446
Edouard@389	447	#define ARMOR_SIG_HEAD "^-----BEGIN PGP (SIGNATURE\|SIGNED MESSAGE)-----"_ENDL
Edouard@174	448	PEP_STATUS pgp_verify_text(
Edouard@174	449	PEP_SESSION session, const char *text, size_t size,
Edouard@174	450	const char signature, size_t sig_size, stringlist_t *keylist
Edouard@174	451	)
Edouard@174	452	{
Edouard@185	453	pgp_memory_t *signedmem;
Edouard@185	454	pgp_memory_t *sig;
Edouard@185	455	pgp_validation_t *vresult;
Edouard@185	456
Edouard@174	457	PEP_STATUS result;
Edouard@174	458	stringlist_t *_keylist;
Edouard@174	459
Edouard@174	460	assert(session);
Edouard@174	461	assert(text);
Edouard@174	462	assert(size);
Edouard@174	463	assert(signature);
Edouard@174	464	assert(sig_size);
Edouard@174	465	assert(keylist);
Edouard@174	466
krista@1435	467	if(!session \|\| !text \|\| !size \|\| !signature \|\| !sig_size \|\| !keylist)
Edouard@661	468	return PEP_ILLEGAL_VALUE;
Edouard@185	469
Edouard@263	470	if(pthread_mutex_lock(&netpgp_mutex)){
Edouard@252	471	return PEP_UNKNOWN_ERROR;
Edouard@252	472	}
Edouard@185	473
Edouard@174	474	*keylist = NULL;
Edouard@185	475
Edouard@185	476	vresult = malloc(sizeof(pgp_validation_t));
Edouard@276	477	if (vresult == NULL) {
Edouard@276	478	result = PEP_OUT_OF_MEMORY;
Edouard@276	479	goto unlock_netpgp;
Edouard@276	480	}
Edouard@185	481	memset(vresult, 0x0, sizeof(pgp_validation_t));
Edouard@185	482
Edouard@185	483	signedmem = pgp_memory_new();
Edouard@185	484	if (signedmem == NULL) {
Edouard@252	485	result = PEP_OUT_OF_MEMORY;
Edouard@252	486	goto unlock_netpgp;
Edouard@185	487	}
Edouard@185	488	pgp_memory_add(signedmem, (const uint8_t*)text, size);
Edouard@185	489
Edouard@185	490	sig = pgp_memory_new();
Edouard@185	491	if (sig == NULL) {
Edouard@185	492	pgp_memory_free(signedmem);
Edouard@252	493	result = PEP_OUT_OF_MEMORY;
Edouard@252	494	goto unlock_netpgp;
Edouard@185	495	}
Edouard@185	496	pgp_memory_add(sig, (const uint8_t*)signature, sig_size);
Edouard@185	497
Edouard@252	498	pgp_validate_mem_detached(netpgp.io, vresult, sig,
Edouard@185	499	NULL,/* output */
Edouard@207	500	_armoured(signature, sig_size, ARMOR_SIG_HEAD),
Edouard@252	501	netpgp.pubring,
Edouard@185	502	signedmem);
Edouard@185	503
Edouard@252	504	result = _validation_results(&netpgp, vresult, &_keylist);
Edouard@185	505	if (result != PEP_STATUS_OK) {
Edouard@185	506	goto free_pgp;
Edouard@185	507	}else{
Edouard@185	508	result = PEP_VERIFIED;
Edouard@185	509	}
Edouard@185	510
Edouard@185	511	if (result == PEP_VERIFIED) {
Edouard@185	512	/* TODO : check trust level */
Edouard@185	513	result = PEP_VERIFIED_AND_TRUSTED;
Edouard@185	514	}
Edouard@185	515
Edouard@185	516	if (result == PEP_VERIFIED \|\| result == PEP_VERIFIED_AND_TRUSTED) {
Edouard@185	517	*keylist = _keylist;
Edouard@185	518
Edouard@185	519	/* _keylist ownership transfer, don't free */
Edouard@185	520	goto free_pgp;
Edouard@185	521	}
Edouard@185	522
Edouard@185	523	free_stringlist(_keylist);
Edouard@185	524
Edouard@185	525	free_pgp:
Edouard@187	526	// free done by pgp_validate_mem_detached
Edouard@187	527	// pgp_memory_free(sig);
Edouard@187	528	// pgp_memory_free(signedmem);
Edouard@185	529	pgp_validate_result_free(vresult);
Edouard@185	530
Edouard@252	531	unlock_netpgp:
Edouard@252	532	pthread_mutex_unlock(&netpgp_mutex);
Edouard@252	533
Edouard@185	534	return result;
Edouard@174	535	}
Edouard@174	536
edouard@1693	537	static PEP_STATUS _encrypt_and_sign(
Edouard@174	538	PEP_SESSION session, const stringlist_t keylist, const char ptext,
edouard@1693	539	size_t psize, char *ctext, size_t csize, bool do_sign
Edouard@174	540	)
Edouard@174	541	{
Edouard@412	542	pgp_key_t *signer = NULL;
Edouard@412	543	pgp_seckey_t *seckey = NULL;
edouard@1693	544	pgp_memory_t *signedmem = NULL;
Edouard@209	545	pgp_memory_t *cmem;
Edouard@207	546	const char *hashalg;
Edouard@209	547	pgp_keyring_t *rcpts;
Edouard@207	548
Edouard@174	549	PEP_STATUS result;
Edouard@174	550	const stringlist_t *_keylist;
Edouard@174	551
Edouard@174	552	assert(session);
Edouard@174	553	assert(keylist);
Edouard@174	554	assert(ptext);
Edouard@174	555	assert(psize);
Edouard@174	556	assert(ctext);
Edouard@174	557	assert(csize);
Edouard@174	558
krista@1435	559	if(!session \|\| !ptext \|\| !psize \|\| !ctext \|\| !csize \|\| !keylist)
Edouard@661	560	return PEP_ILLEGAL_VALUE;
Edouard@207	561
Edouard@263	562	if(pthread_mutex_lock(&netpgp_mutex)){
Edouard@252	563	return PEP_UNKNOWN_ERROR;
Edouard@252	564	}
Edouard@208	565
Edouard@174	566	*ctext = NULL;
Edouard@174	567	*csize = 0;
Edouard@174	568
Edouard@315	569	if ((rcpts = calloc(1, sizeof(*rcpts))) == NULL) {
Edouard@315	570	result = PEP_OUT_OF_MEMORY;
Edouard@391	571	goto unlock_netpgp;
Edouard@315	572	}
Edouard@315	573	for (_keylist = keylist; _keylist != NULL; _keylist = _keylist->next) {
Edouard@315	574	assert(_keylist->value);
krista@1435	575
Edouard@315	576	const pgp_key_t *key;
Edouard@391	577	uint8_t fpr[PGP_FINGERPRINT_SIZE];
Edouard@391	578	size_t fprlen;
Edouard@315	579	unsigned from = 0;
Edouard@315	580
Edouard@391	581	if (str_to_fpr(_keylist->value, fpr, &fprlen)) {
Edouard@391	582	if ((key = (pgp_key_t *)pgp_getkeybyfpr(netpgp.io, netpgp.pubring,
Edouard@391	583	fpr, fprlen, &from, NULL,
Edouard@391	584	/* reject revoked, accept expired */
Edouard@391	585	1,0)) == NULL) {
Edouard@391	586	result = PEP_KEY_NOT_FOUND;
Edouard@391	587	goto free_rcpts;
Edouard@391	588	}
Edouard@391	589	}else{
Edouard@315	590	result = PEP_ILLEGAL_VALUE;
Edouard@315	591	goto free_rcpts;
Edouard@315	592	}
Edouard@315	593
Edouard@315	594	/* Signer is the first key in the list */
Edouard@315	595	if(signer == NULL){
Edouard@315	596	from = 0;
Edouard@391	597	signer = (pgp_key_t *)pgp_getkeybyfpr(netpgp.io, netpgp.secring,
Edouard@391	598	fpr, fprlen,
Edouard@391	599	&from,
Edouard@391	600	NULL,
Edouard@391	601	0,0); /* accept any */
Edouard@315	602	if(signer == NULL){
Edouard@315	603	result = PEP_KEY_NOT_FOUND;
Edouard@315	604	goto free_rcpts;
Edouard@315	605	}
Edouard@315	606	}
Edouard@315	607
Edouard@315	608	// add key to recipients/signers
Edouard@315	609	pgp_keyring_add(rcpts, key);
Edouard@315	610	if(rcpts->keys == NULL){
Edouard@315	611	result = PEP_OUT_OF_MEMORY;
Edouard@391	612	goto free_rcpts;
Edouard@315	613	}
Edouard@207	614	}
Edouard@209	615
Edouard@315	616	/* Empty keylist ?*/
Edouard@315	617	if(rcpts->keyc == 0){
Edouard@315	618	result = PEP_ILLEGAL_VALUE;
Edouard@391	619	goto free_rcpts;
Edouard@315	620	}
Edouard@315	621
Edouard@315	622	seckey = pgp_key_get_certkey(signer);
Edouard@315	623
Edouard@315	624	/* No signig key. Revoked ? */
Edouard@315	625	if(seckey == NULL){
Edouard@315	626	result = PEP_GET_KEY_FAILED;
Edouard@391	627	goto free_rcpts;
Edouard@315	628	}
Edouard@286	629
Edouard@252	630	hashalg = netpgp_getvar(&netpgp, "hash");
Edouard@207	631
edouard@1693	632	const char *stext;
edouard@1693	633	size_t ssize;
edouard@1693	634	unsigned encrypt_raw_packet;
edouard@1693	635
edouard@1693	636	if (do_sign) {
edouard@1693	637	// Sign data
edouard@1693	638	signedmem = pgp_sign_buf(netpgp.io, ptext, psize, seckey,
edouard@1693	639	time(NULL), /* birthtime */
edouard@1693	640	0 /* duration */,
edouard@1693	641	hashalg,
edouard@1693	642	0 /* armored */,
edouard@1693	643	0 /* cleartext */);
Edouard@207	644
edouard@1693	645	if (!signedmem) {
edouard@1693	646	result = PEP_UNENCRYPTED;
edouard@1693	647	goto free_rcpts;
edouard@1693	648	}
edouard@1693	649	stext = (char*) pgp_mem_data(signedmem);
edouard@1693	650	ssize = pgp_mem_len(signedmem);
edouard@1693	651	encrypt_raw_packet = 1 /* takes raw OpenPGP message */;
edouard@1693	652	} else {
edouard@1693	653	stext = ptext;
edouard@1693	654	ssize = psize;
edouard@1693	655	encrypt_raw_packet = 0 /* not a raw OpenPGP message */;
Edouard@207	656	}
Edouard@207	657
edouard@1693	658	// Encrypt (maybe) signed data
Edouard@174	659
edouard@1693	660	cmem = pgp_encrypt_buf(netpgp.io, stext,
edouard@1693	661	ssize, rcpts, 1 /* armored */,
krista@1435	662	netpgp_getvar(&netpgp, "cipher"),
edouard@1693	663	encrypt_raw_packet);
Edouard@209	664
Edouard@209	665	if (cmem == NULL) {
Edouard@209	666	result = PEP_OUT_OF_MEMORY;
Edouard@209	667	goto free_signedmem;
Edouard@209	668	}else{
Edouard@209	669
Edouard@209	670	char *_buffer = NULL;
Edouard@209	671	size_t length = pgp_mem_len(cmem);
Edouard@174	672
Edouard@209	673	// Allocate transferable buffer
Edouard@209	674	_buffer = malloc(length + 1);
Edouard@209	675	assert(_buffer);
Edouard@209	676	if (_buffer == NULL) {
Edouard@209	677	result = PEP_OUT_OF_MEMORY;
Edouard@209	678	goto free_cmem;
Edouard@209	679	}
Edouard@209	680
Edouard@209	681	memcpy(_buffer, pgp_mem_data(cmem), length);
Edouard@209	682
Edouard@209	683	*ctext = _buffer;
Edouard@209	684	*csize = length;
Edouard@209	685	(ctext)[csize] = 0; // safeguard for naive users
Edouard@209	686	result = PEP_STATUS_OK;
Edouard@174	687	}
Edouard@174	688
Edouard@209	689	free_cmem :
Edouard@209	690	pgp_memory_free(cmem);
Edouard@315	691	free_signedmem :
edouard@1693	692	if (do_sign) {
edouard@1693	693	pgp_memory_free(signedmem);
edouard@1693	694	}
Edouard@209	695	free_rcpts :
Edouard@209	696	pgp_keyring_free(rcpts);
Edouard@252	697	unlock_netpgp:
Edouard@252	698	pthread_mutex_unlock(&netpgp_mutex);
Edouard@175	699
Edouard@174	700	return result;
Edouard@174	701	}
Edouard@174	702
edouard@1693	703	PEP_STATUS pgp_encrypt_and_sign(
edouard@1693	704	PEP_SESSION session, const stringlist_t keylist, const char ptext,
edouard@1693	705	size_t psize, char *ctext, size_t csize
edouard@1693	706	)
edouard@1693	707	{
edouard@1693	708	PEP_STATUS result;
edouard@1693	709	result = _encrypt_and_sign(session, keylist, ptext, psize, ctext, csize,
edouard@1693	710	true);
edouard@1693	711	return result;
edouard@1693	712	}
edouard@1693	713
krista@1674	714	PEP_STATUS pgp_encrypt_only(
krista@1674	715	PEP_SESSION session, const stringlist_t keylist, const char ptext,
krista@1674	716	size_t psize, char *ctext, size_t csize
krista@1674	717	)
krista@1674	718	{
edouard@1693	719	PEP_STATUS result;
edouard@1693	720	result = _encrypt_and_sign(session, keylist, ptext, psize, ctext, csize,
edouard@1693	721	false);
edouard@1693	722	return result;
krista@1674	723	}
krista@1674	724
krista@1674	725
Edouard@174	726	PEP_STATUS pgp_generate_keypair(
Edouard@174	727	PEP_SESSION session, pEp_identity *identity
Edouard@174	728	)
Edouard@174	729	{
Edouard@313	730	pgp_key_t newseckey;
Edouard@316	731	pgp_key_t *newpubkey;
Edouard@225	732
Edouard@225	733	PEP_STATUS result;
Edouard@228	734	char newid[1024];
Edouard@225	735	const char *hashalg;
Edouard@225	736	const char *cipher;
Edouard@174	737
Edouard@174	738	assert(session);
Edouard@174	739	assert(identity);
Edouard@174	740	assert(identity->address);
Edouard@174	741	assert(identity->fpr == NULL);
Edouard@174	742	assert(identity->username);
Edouard@174	743
krista@1435	744	if(!session \|\| !identity \|\|
Edouard@225	745	!identity->address \|\| identity->fpr \|\| !identity->username)
Edouard@661	746	return PEP_ILLEGAL_VALUE;
Edouard@174	747
Edouard@263	748	if(pthread_mutex_lock(&netpgp_mutex)){
Edouard@252	749	return PEP_UNKNOWN_ERROR;
Edouard@252	750	}
Edouard@225	751
Edouard@225	752	if(snprintf(newid, sizeof(newid),
Edouard@225	753	"%s <%s>", identity->username, identity->address) >= sizeof(newid)){
Edouard@252	754	result = PEP_BUFFER_TOO_SMALL;
Edouard@252	755	goto unlock_netpgp;
Edouard@174	756	}
krista@1435	757
Edouard@252	758	hashalg = netpgp_getvar(&netpgp, "hash");
Edouard@252	759	cipher = netpgp_getvar(&netpgp, "cipher");
Edouard@174	760
Edouard@313	761	bzero(&newseckey, sizeof(newseckey));
Edouard@225	762
Edouard@313	763	// Generate the key
Edouard@313	764	if (!pgp_rsa_generate_keypair(&newseckey, 4096, 65537UL, hashalg, cipher,
Edouard@327	765	(const uint8_t *) "", (const size_t) 0))
Edouard@327	766	{
Edouard@313	767	result = PEP_CANNOT_CREATE_KEY;
Edouard@313	768	goto free_seckey;
Edouard@225	769	}
Edouard@174	770
Edouard@316	771	/* make a public key out of generated secret key */
Edouard@327	772	if((newpubkey = pgp_ensure_pubkey(
Edouard@316	773	netpgp.pubring,
Edouard@316	774	&newseckey.key.seckey.pubkey,
Edouard@327	775	newseckey.pubkeyid))==NULL)
Edouard@327	776	{
Edouard@316	777	result = PEP_OUT_OF_MEMORY;
Edouard@316	778	goto free_seckey;
Edouard@316	779	}
Edouard@316	780
Edouard@328	781	// "Expire-Date: 1y\n";
krista@1435	782	if (!pgp_add_selfsigned_userid(&newseckey, newpubkey,
Edouard@329	783	(uint8_t )newid, 36524*3600))
Edouard@327	784	{
Edouard@327	785	result = PEP_CANNOT_CREATE_KEY;
Edouard@327	786	goto delete_pubkey;
Edouard@327	787	}
Edouard@313	788
Edouard@327	789	if (newpubkey == NULL)
Edouard@327	790	{
Edouard@327	791	result = PEP_OUT_OF_MEMORY;
Edouard@327	792	goto delete_pubkey;
Edouard@327	793	}
Edouard@313	794
Edouard@313	795	// Append key to netpgp's rings (key ownership transfered)
Edouard@313	796	if (!pgp_keyring_add(netpgp.secring, &newseckey)){
Edouard@313	797	result = PEP_OUT_OF_MEMORY;
Edouard@316	798	goto delete_pubkey;
krista@1435	799	}
Edouard@313	800
krista@1435	801	// save rings
Edouard@313	802	if (netpgp_save_pubring(&netpgp) && netpgp_save_secring(&netpgp))
Edouard@313	803	{
Edouard@316	804	char *fprstr = NULL;
Edouard@316	805	fpr_to_str(&fprstr,
Edouard@316	806	newseckey.pubkeyfpr.fingerprint,
Edouard@316	807	newseckey.pubkeyfpr.length);
Edouard@316	808
Edouard@316	809	if (fprstr == NULL) {
Edouard@316	810	result = PEP_OUT_OF_MEMORY;
Edouard@316	811	goto pop_secring;
krista@1435	812	}
Edouard@316	813
Edouard@316	814	/* keys saved, pass fingerprint back */
Edouard@313	815	identity->fpr = fprstr;
Edouard@313	816	result = PEP_STATUS_OK;
Edouard@316	817
Edouard@313	818	/* free nothing, everything transfered */
Edouard@313	819	goto unlock_netpgp;
Edouard@313	820	} else {
Edouard@313	821	/* XXX in case only pubring save succeed
Edouard@313	822	* pubring file is left as-is, but backup restore
Edouard@313	823	* could be attempted if such corner case matters */
Edouard@313	824	result = PEP_UNKNOWN_ERROR;
Edouard@313	825	}
Edouard@313	826
Edouard@313	827	pop_secring:
Edouard@313	828	((pgp_keyring_t *)netpgp.secring)->keyc--;
Edouard@316	829	delete_pubkey:
Edouard@316	830	pgp_deletekeybyfpr(netpgp.io,
krista@1435	831	(pgp_keyring_t *)netpgp.pubring,
Edouard@316	832	newseckey.pubkeyfpr.fingerprint,
Edouard@316	833	newseckey.pubkeyfpr.length);
Edouard@313	834	free_seckey:
Edouard@313	835	pgp_key_free(&newseckey);
Edouard@252	836	unlock_netpgp:
Edouard@252	837	pthread_mutex_unlock(&netpgp_mutex);
Edouard@228	838
Edouard@225	839	return result;
Edouard@174	840	}
Edouard@174	841
Edouard@227	842	PEP_STATUS pgp_delete_keypair(PEP_SESSION session, const char *fprstr)
Edouard@174	843	{
Edouard@227	844	uint8_t fpr[PGP_FINGERPRINT_SIZE];
Edouard@227	845	size_t length;
Edouard@227	846
Edouard@227	847	PEP_STATUS result;
Edouard@227	848
Edouard@174	849	assert(session);
Edouard@386	850	assert(fprstr);
Edouard@174	851
Edouard@386	852	if (!session \|\| !fprstr)
Edouard@661	853	return PEP_ILLEGAL_VALUE;
Edouard@174	854
Edouard@263	855	if(pthread_mutex_lock(&netpgp_mutex)){
Edouard@252	856	return PEP_UNKNOWN_ERROR;
Edouard@252	857	}
krista@1435	858
Edouard@227	859	if (str_to_fpr(fprstr, fpr, &length)) {
Edouard@252	860	unsigned insec = pgp_deletekeybyfpr(netpgp.io,
krista@1435	861	(pgp_keyring_t *)netpgp.secring,
Edouard@244	862	(const uint8_t *)fpr, length);
Edouard@252	863	unsigned inpub = pgp_deletekeybyfpr(netpgp.io,
krista@1435	864	(pgp_keyring_t *)netpgp.pubring,
Edouard@244	865	(const uint8_t *)fpr, length);
Edouard@244	866	if(!insec && !inpub){
Edouard@244	867	result = PEP_KEY_NOT_FOUND;
Edouard@252	868	goto unlock_netpgp;
Edouard@244	869	} else {
Edouard@244	870	result = PEP_STATUS_OK;
Edouard@227	871	}
Edouard@227	872	}else{
Edouard@252	873	result = PEP_OUT_OF_MEMORY;
Edouard@252	874	goto unlock_netpgp;
Edouard@227	875	}
Edouard@174	876
krista@1435	877	// save rings
krista@1435	878	if (netpgp_save_pubring(&netpgp) &&
Edouard@252	879	netpgp_save_secring(&netpgp))
Edouard@227	880	{
Edouard@227	881	result = PEP_STATUS_OK;
Edouard@227	882	}else{
Edouard@227	883	result = PEP_UNKNOWN_ERROR;
Edouard@227	884	}
Edouard@227	885
Edouard@252	886	unlock_netpgp:
Edouard@252	887	pthread_mutex_unlock(&netpgp_mutex);
Edouard@252	888
Edouard@227	889	return result;
Edouard@174	890	}
Edouard@174	891
Edouard@389	892	#define ARMOR_KEY_HEAD "^-----BEGIN PGP (PUBLIC\|PRIVATE) KEY BLOCK-----"_ENDL
Edouard@279	893	PEP_STATUS pgp_import_keydata(
Edouard@279	894	PEP_SESSION session,
krista@1435	895	const char *key_data,
edouard@1677	896	size_t size,
edouard@1677	897	identity_list **private_idents
Edouard@279	898	)
Edouard@174	899	{
Edouard@228	900	pgp_memory_t *mem;
Edouard@228	901
Edouard@271	902	PEP_STATUS result = PEP_STATUS_OK;
Edouard@228	903
Edouard@174	904	assert(session);
Edouard@174	905	assert(key_data);
Edouard@174	906
edouard@1677	907	// reporting imported private keys not supported
edouard@1677	908	// stub code to be reomoved
edouard@1677	909	if(private_idents)
edouard@1677	910	*private_idents = NULL;
edouard@1677	911
krista@1435	912	if(!session \|\| !key_data)
Edouard@661	913	return PEP_ILLEGAL_VALUE;
Edouard@228	914
Edouard@263	915	if(pthread_mutex_lock(&netpgp_mutex)){
Edouard@252	916	return PEP_UNKNOWN_ERROR;
Edouard@252	917	}
Edouard@228	918
Edouard@228	919	mem = pgp_memory_new();
Edouard@228	920	if (mem == NULL) {
Edouard@252	921	result = PEP_OUT_OF_MEMORY;
Edouard@252	922	goto unlock_netpgp;
Edouard@228	923	}
Edouard@228	924	pgp_memory_add(mem, (const uint8_t*)key_data, size);
Edouard@228	925
krista@1435	926	if (pgp_keyring_read_from_mem(netpgp.io, netpgp.pubring, netpgp.secring,
Edouard@228	927	_armoured(key_data, size, ARMOR_KEY_HEAD),
Edouard@228	928	mem) == 0){
Edouard@228	929	result = PEP_ILLEGAL_VALUE;
krista@1435	930	}
Edouard@313	931
Edouard@228	932	pgp_memory_free(mem);
Edouard@228	933
krista@1435	934	// save rings
krista@1435	935	if (netpgp_save_pubring(&netpgp) &&
Edouard@325	936	netpgp_save_secring(&netpgp))
Edouard@325	937	{
Edouard@325	938	result = PEP_STATUS_OK;
Edouard@325	939	}else{
Edouard@325	940	result = PEP_UNKNOWN_ERROR;
Edouard@325	941	}
Edouard@325	942
Edouard@252	943	unlock_netpgp:
Edouard@252	944	pthread_mutex_unlock(&netpgp_mutex);
Edouard@252	945
Edouard@228	946	return result;
Edouard@174	947	}
Edouard@174	948
Edouard@318	949	static PEP_STATUS _export_keydata(
Edouard@318	950	pgp_key_t *key,
Edouard@318	951	char **buffer,
Edouard@318	952	size_t *buflen
Edouard@318	953	)
Edouard@318	954	{
Edouard@318	955	PEP_STATUS result;
Edouard@318	956	pgp_output_t *output;
Edouard@318	957	pgp_memory_t *mem;
Edouard@318	958	pgp_setup_memory_write(&output, &mem, 128);
Edouard@318	959
Edouard@318	960	if (mem == NULL \|\| output == NULL) {
Edouard@661	961	return PEP_ILLEGAL_VALUE;
Edouard@318	962	}
Edouard@318	963
Edouard@318	964	if (!pgp_write_xfer_key(output, key, 1)) {
Edouard@318	965	result = PEP_UNKNOWN_ERROR;
Edouard@318	966	goto free_mem;
Edouard@318	967	}
Edouard@318	968
Edouard@318	969	*buffer = NULL;
Edouard@318	970	*buflen = pgp_mem_len(mem);
Edouard@318	971
Edouard@318	972	// Allocate transferable buffer
Edouard@318	973	buffer = malloc(buflen + 1);
Edouard@318	974	assert(*buffer);
Edouard@318	975	if (*buffer == NULL) {
Edouard@318	976	result = PEP_OUT_OF_MEMORY;
Edouard@318	977	goto free_mem;
Edouard@318	978	}
Edouard@318	979
Edouard@318	980	memcpy(buffer, pgp_mem_data(mem), buflen);
Edouard@318	981	(buffer)[buflen] = 0; // safeguard for naive users
Edouard@318	982
Edouard@318	983	return PEP_STATUS_OK;
Edouard@318	984
Edouard@318	985	free_mem :
Edouard@318	986	pgp_teardown_memory_write(output, mem);
Edouard@318	987
Edouard@318	988	return result;
Edouard@318	989	}
Edouard@318	990
Edouard@179	991	PEP_STATUS pgp_export_keydata(
edouard@1677	992	PEP_SESSION session, const char fprstr, char key_data, size_t size,
edouard@1677	993	bool secret
Edouard@174	994	)
Edouard@174	995	{
Edouard@228	996	pgp_key_t *key;
Edouard@228	997	uint8_t fpr[PGP_FINGERPRINT_SIZE];
Edouard@228	998	size_t fprlen;
Edouard@228	999
Edouard@228	1000	PEP_STATUS result;
Edouard@174	1001	char *buffer;
Edouard@228	1002	size_t buflen;
Edouard@174	1003
Edouard@174	1004	assert(session);
Edouard@243	1005	assert(fprstr);
Edouard@174	1006	assert(key_data);
Edouard@174	1007	assert(size);
Edouard@174	1008
edouard@1677	1009	// TODO : support export secret key
edouard@1677	1010	// crashing stub until export secret supported
edouard@1677	1011	assert(!secret);
edouard@1677	1012	if (secret)
edouard@1677	1013	return PEP_ILLEGAL_VALUE;
edouard@1677	1014
Edouard@243	1015	if (!session \|\| !fprstr \|\| !key_data \|\| !size)
Edouard@661	1016	return PEP_ILLEGAL_VALUE;
Edouard@174	1017
Edouard@263	1018	if(pthread_mutex_lock(&netpgp_mutex)){
Edouard@252	1019	return PEP_UNKNOWN_ERROR;
Edouard@252	1020	}
Edouard@252	1021
Edouard@228	1022	if (str_to_fpr(fprstr, fpr, &fprlen)) {
Edouard@391	1023	unsigned from = 0;
Edouard@391	1024
Edouard@391	1025	if ((key = (pgp_key_t *)pgp_getkeybyfpr(netpgp.io, netpgp.pubring,
Edouard@391	1026	fpr, fprlen, &from,
Edouard@391	1027	NULL,0,0)) == NULL) {
Edouard@252	1028	result = PEP_KEY_NOT_FOUND;
Edouard@252	1029	goto unlock_netpgp;
Edouard@228	1030	}
Edouard@228	1031	}else{
Edouard@252	1032	result = PEP_OUT_OF_MEMORY;
Edouard@252	1033	goto unlock_netpgp;
Edouard@228	1034	}
krista@1435	1035
Edouard@318	1036	result = _export_keydata(key, &buffer, &buflen);
krista@1435	1037
Edouard@318	1038	if(result == PEP_STATUS_OK)
Edouard@318	1039	{
Edouard@318	1040	*key_data = buffer;
Edouard@318	1041	*size = buflen;
Edouard@318	1042	result = PEP_STATUS_OK;
Edouard@228	1043	}
Edouard@228	1044
Edouard@252	1045	unlock_netpgp:
Edouard@252	1046	pthread_mutex_unlock(&netpgp_mutex);
Edouard@228	1047
Edouard@228	1048	return result;
Edouard@174	1049	}
Edouard@174	1050
Edouard@271	1051	struct HKP_answer {
Edouard@271	1052	char *memory;
Edouard@271	1053	size_t size;
Edouard@271	1054	};
krista@1435	1055
Edouard@271	1056	static size_t
Edouard@271	1057	HKPAnswerWriter(void contents, size_t size, size_t nmemb, void userp)
Edouard@271	1058	{
Edouard@271	1059	size_t realsize = size * nmemb;
Edouard@271	1060	struct HKP_answer mem = (struct HKP_answer )userp;
krista@1435	1061
Edouard@271	1062	mem->memory = realloc(mem->memory, mem->size + realsize + 1);
Edouard@271	1063	if(mem->memory == NULL) {
Edouard@271	1064	mem->size = 0;
Edouard@271	1065	return 0;
Edouard@271	1066	}
krista@1435	1067
Edouard@271	1068	memcpy(&(mem->memory[mem->size]), contents, realsize);
Edouard@271	1069	mem->size += realsize;
Edouard@271	1070	mem->memory[mem->size] = 0;
krista@1435	1071
Edouard@271	1072	return realsize;
Edouard@271	1073	}
Edouard@271	1074
Edouard@323	1075	#define HKP_SERVER "http://keys.gnupg.net:11371"
Edouard@323	1076	// #define HKP_SERVER "http://127.0.0.1:11371"
Edouard@321	1077
Edouard@174	1078	PEP_STATUS pgp_recv_key(PEP_SESSION session, const char *pattern)
Edouard@174	1079	{
Edouard@321	1080	static const char *ks_cmd = HKP_SERVER
Edouard@321	1081	"/pks/lookup?"
Edouard@271	1082	"op=get&options=mr&exact=on&"
Edouard@271	1083	"search=";
Edouard@271	1084	char *encoded_pattern;
Edouard@271	1085	char *request = NULL;
Edouard@271	1086	struct HKP_answer answer;
Edouard@271	1087	CURLcode curlres;
krista@1435	1088
Edouard@271	1089	PEP_STATUS result;
Edouard@271	1090
Edouard@271	1091	CURL *curl;
Edouard@271	1092
Edouard@174	1093	assert(session);
Edouard@174	1094	assert(pattern);
Edouard@174	1095
Edouard@271	1096	if (!session \|\| !pattern )
Edouard@661	1097	return PEP_ILLEGAL_VALUE;
Edouard@271	1098
Edouard@271	1099	if(pthread_mutex_lock(&session->ctx.curl_mutex)){
Edouard@271	1100	return PEP_UNKNOWN_ERROR;
Edouard@271	1101	}
Edouard@271	1102
Edouard@322	1103	result = curl_get_ctx(&curl);
Edouard@322	1104	if(result != PEP_STATUS_OK){
Edouard@322	1105	goto unlock_curl;
Edouard@322	1106	}
Edouard@252	1107
Edouard@271	1108	encoded_pattern = curl_easy_escape(curl, (char*)pattern, 0);
Edouard@271	1109	if(!encoded_pattern){
Edouard@271	1110	result = PEP_OUT_OF_MEMORY;
Edouard@322	1111	goto release_curl_ctx;
Edouard@271	1112	}
Edouard@271	1113
Edouard@271	1114	if((request = malloc(strlen(ks_cmd) + strlen(encoded_pattern) + 1))==NULL){
Edouard@271	1115	result = PEP_OUT_OF_MEMORY;
Edouard@271	1116	goto free_encoded_pattern;
Edouard@271	1117	}
Edouard@174	1118
Edouard@271	1119	//(*stpcpy(stpcpy(request, ks_cmd), encoded_pattern)) = '\0';
Edouard@271	1120	stpcpy(stpcpy(request, ks_cmd), encoded_pattern);
Edouard@271	1121
Edouard@271	1122	curl_easy_setopt(curl, CURLOPT_URL,request);
Edouard@271	1123
Edouard@271	1124	curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, HKPAnswerWriter);
Edouard@271	1125
Edouard@271	1126	answer.memory = NULL;
Edouard@271	1127	answer.size = 0;
Edouard@271	1128	curl_easy_setopt(curl, CURLOPT_WRITEDATA, (void *)&answer);
Edouard@174	1129
Edouard@271	1130	curlres = curl_easy_perform(curl);
Edouard@271	1131	if(curlres != CURLE_OK) {
Edouard@271	1132	result = PEP_GET_KEY_FAILED;
Edouard@271	1133	goto free_request;
Edouard@271	1134	}
Edouard@271	1135
Edouard@271	1136	if(!answer.memory \|\| !answer.size) {
Edouard@271	1137	result = PEP_OUT_OF_MEMORY;
Edouard@271	1138	goto free_request;
Edouard@271	1139	}
Edouard@174	1140
krista@1435	1141	result = pgp_import_keydata(session,
krista@1435	1142	answer.memory,
edouard@1677	1143	answer.size,
edouard@1677	1144	NULL);
Edouard@271	1145
Edouard@271	1146	free(answer.memory);
Edouard@271	1147	free_request:
Edouard@271	1148	free(request);
Edouard@271	1149	free_encoded_pattern:
Edouard@271	1150	curl_free(encoded_pattern);
Edouard@322	1151	release_curl_ctx:
Edouard@322	1152	curl_release_ctx(&curl);
Edouard@271	1153	unlock_curl:
Edouard@271	1154	pthread_mutex_unlock(&session->ctx.curl_mutex);
Edouard@271	1155
Edouard@271	1156	return result;
Edouard@174	1157	}
Edouard@174	1158
Edouard@277	1159	typedef PEP_STATUS (find_key_cb_t)(void, pgp_key_t *);
Edouard@277	1160
Edouard@277	1161	static PEP_STATUS find_keys_do(
Edouard@277	1162	const char pattern, find_key_cb_t cb, void cb_arg)
Edouard@254	1163	{
Edouard@277	1164	uint8_t fpr[PGP_FINGERPRINT_SIZE];
Edouard@277	1165	size_t length;
Edouard@277	1166	pgp_key_t *key;
Edouard@277	1167
Edouard@277	1168	PEP_STATUS result;
Edouard@277	1169
Edouard@277	1170	// Try find a fingerprint in pattern
Edouard@277	1171	if (str_to_fpr(pattern, fpr, &length)) {
Edouard@391	1172	unsigned from = 0;
Edouard@391	1173
Edouard@277	1174
Edouard@277	1175	// Only one fingerprint can match
Edouard@277	1176	if ((key = (pgp_key_t *)pgp_getkeybyfpr(
Edouard@277	1177	netpgp.io,
krista@1435	1178	(pgp_keyring_t *)netpgp.pubring,
Edouard@277	1179	(const uint8_t *)fpr, length,
Edouard@391	1180	&from,
Edouard@391	1181	NULL, 0, 0)) == NULL) {
Edouard@277	1182
Edouard@277	1183	return PEP_KEY_NOT_FOUND;
Edouard@277	1184	}
Edouard@277	1185
Edouard@277	1186	result = cb(cb_arg, key);
Edouard@277	1187
Edouard@277	1188	} else {
Edouard@277	1189	// Search by name for pattern. Can match many.
Edouard@277	1190	unsigned from = 0;
Edouard@277	1191	result = PEP_KEY_NOT_FOUND;
Edouard@277	1192	while((key = (pgp_key_t *)pgp_getnextkeybyname(
Edouard@277	1193	netpgp.io,
krista@1435	1194	(pgp_keyring_t *)netpgp.pubring,
Edouard@277	1195	(const char *)pattern,
Edouard@277	1196	&from)) != NULL) {
Edouard@277	1197
Edouard@277	1198	result = cb(cb_arg, key);
Edouard@277	1199	if (result != PEP_STATUS_OK)
Edouard@277	1200	break;
Edouard@277	1201
Edouard@277	1202	from++;
Edouard@277	1203	}
Edouard@277	1204	}
Edouard@277	1205
Edouard@277	1206	return result;
Edouard@277	1207	}
Edouard@277	1208
Edouard@277	1209	static PEP_STATUS add_key_fpr_to_stringlist(void arg, pgp_key_t key)
Edouard@277	1210	{
Edouard@277	1211	stringlist_t **keylist = arg;
Edouard@254	1212	char *newfprstr = NULL;
Edouard@254	1213
Edouard@254	1214	fpr_to_str(&newfprstr,
Edouard@313	1215	key->pubkeyfpr.fingerprint,
Edouard@313	1216	key->pubkeyfpr.length);
Edouard@254	1217
Edouard@254	1218	if (newfprstr == NULL) {
Edouard@254	1219	return PEP_OUT_OF_MEMORY;
krista@1435	1220	} else {
Edouard@254	1221
krista@1033	1222	stringlist_add(*keylist, newfprstr);
roker@869	1223	free(newfprstr);
Edouard@254	1224	if (*keylist == NULL) {
Edouard@254	1225	return PEP_OUT_OF_MEMORY;
Edouard@254	1226	}
Edouard@254	1227	}
Edouard@254	1228	return PEP_STATUS_OK;
Edouard@254	1229	}
Edouard@254	1230
krista@1362	1231	static PEP_STATUS add_secret_key_fpr_to_stringlist(void arg, pgp_key_t key)
krista@1362	1232	{
krista@1362	1233	if (pgp_is_key_secret(key)) {
krista@1362	1234	stringlist_t **keylist = arg;
krista@1362	1235	char *newfprstr = NULL;
krista@1435	1236
krista@1362	1237	fpr_to_str(&newfprstr,
krista@1362	1238	key->pubkeyfpr.fingerprint,
krista@1362	1239	key->pubkeyfpr.length);
krista@1435	1240
krista@1362	1241	if (newfprstr == NULL) {
krista@1362	1242	return PEP_OUT_OF_MEMORY;
krista@1435	1243	} else {
krista@1362	1244	stringlist_add(*keylist, newfprstr);
krista@1362	1245	free(newfprstr);
krista@1362	1246	if (*keylist == NULL) {
krista@1362	1247	return PEP_OUT_OF_MEMORY;
krista@1362	1248	}
krista@1362	1249	}
krista@1362	1250	}
krista@1362	1251	return PEP_STATUS_OK;
krista@1362	1252	}
krista@1362	1253
krista@1031	1254	static PEP_STATUS add_keyinfo_to_stringpair_list(void* arg, pgp_key_t *key) {
krista@1031	1255	stringpair_list_t keyinfo_list = (stringpair_list_t)arg;
krista@1033	1256	stringpair_t* pair = NULL;
krista@1031	1257	char* id_fpr = NULL;
krista@1031	1258	char* primary_userid = (char*)pgp_key_get_primary_userid(key);
krista@1435	1259
hernani@1390	1260	// Unused:
hernani@1389	1261	// bool key_revoked = false;
krista@1435	1262
krista@1040	1263	// PEP_STATUS key_status = pgp_key_revoked(session, id_fpr, &key_revoked);
krista@1435	1264
krista@1040	1265	// if (key_revoked \|\| key_status == PEP_GET_KEY_FAILED)
krista@1040	1266	// return PEP_STATUS_OK; // we just move on
krista@1435	1267
krista@1031	1268	fpr_to_str(&id_fpr, key->pubkeyfpr.fingerprint,
krista@1031	1269	key->pubkeyfpr.length);
krista@1031	1270
krista@1031	1271	pair = new_stringpair(id_fpr, primary_userid);
krista@1435	1272
krista@1031	1273	if (pair == NULL)
krista@1031	1274	return PEP_OUT_OF_MEMORY;
krista@1435	1275
krista@1031	1276	keyinfo_list = stringpair_list_add(keyinfo_list, pair);
krista@1031	1277	free(id_fpr);
krista@1031	1278	if (*keyinfo_list == NULL)
krista@1031	1279	return PEP_OUT_OF_MEMORY;
krista@1031	1280	return PEP_STATUS_OK;
krista@1031	1281	}
krista@1031	1282
Edouard@174	1283	PEP_STATUS pgp_find_keys(
Edouard@174	1284	PEP_SESSION session, const char pattern, stringlist_t *keylist
Edouard@174	1285	)
Edouard@174	1286	{
Edouard@254	1287	stringlist_t _keylist, _k;
Edouard@254	1288
Edouard@254	1289	PEP_STATUS result;
Edouard@174	1290
Edouard@174	1291	assert(session);
Edouard@174	1292	assert(pattern);
Edouard@174	1293	assert(keylist);
Edouard@174	1294
Edouard@254	1295	if (!session \|\| !pattern \|\| !keylist )
Edouard@661	1296	{
Edouard@661	1297	return PEP_ILLEGAL_VALUE;
Edouard@661	1298	}
Edouard@174	1299
Edouard@661	1300	if (pthread_mutex_lock(&netpgp_mutex))
Edouard@661	1301	{
Edouard@174	1302	return PEP_UNKNOWN_ERROR;
Edouard@254	1303	}
Edouard@254	1304
Edouard@254	1305	*keylist = NULL;
Edouard@254	1306	_keylist = new_stringlist(NULL);
Edouard@384	1307	if (_keylist == NULL) {
Edouard@254	1308	result = PEP_OUT_OF_MEMORY;
Edouard@254	1309	goto unlock_netpgp;
Edouard@254	1310	}
Edouard@254	1311	_k = _keylist;
Edouard@254	1312
Edouard@277	1313	result = find_keys_do(pattern, &add_key_fpr_to_stringlist, &_k);
Edouard@254	1314
Edouard@254	1315	if (result == PEP_STATUS_OK) {
Edouard@254	1316	*keylist = _keylist;
Edouard@254	1317	// Transfer ownership, no free
Edouard@254	1318	goto unlock_netpgp;
Edouard@254	1319	}
Edouard@254	1320
Edouard@254	1321	free_stringlist(_keylist);
Edouard@254	1322
Edouard@254	1323	unlock_netpgp:
Edouard@254	1324	pthread_mutex_unlock(&netpgp_mutex);
Edouard@254	1325
Edouard@254	1326	return result;
Edouard@174	1327	}
Edouard@174	1328
Edouard@321	1329	#define HKP_REQ_PREFIX "keytext="
Edouard@321	1330	#define HKP_REQ_PREFIX_LEN 8
Edouard@321	1331
Edouard@277	1332	static PEP_STATUS send_key_cb(void arg, pgp_key_t key)
Edouard@277	1333	{
Edouard@318	1334	char *buffer = NULL;
Edouard@318	1335	size_t buflen = 0;
Edouard@318	1336	PEP_STATUS result;
Edouard@318	1337	stringlist_t *encoded_keys;
Edouard@318	1338	encoded_keys = (stringlist_t*)arg;
Edouard@277	1339
Edouard@318	1340	result = _export_keydata(key, &buffer, &buflen);
krista@1435	1341
Edouard@318	1342	if(result == PEP_STATUS_OK){
roker@869	1343	char *encoded_key = curl_escape(buffer, (int)buflen);
Edouard@318	1344	if(!encoded_key){
Edouard@321	1345	result = PEP_OUT_OF_MEMORY;
Edouard@321	1346	goto free_buffer;
Edouard@318	1347	}
roker@869	1348	size_t encoded_key_len = strlen(encoded_key);
Edouard@321	1349
roker@869	1350	char *request = calloc(1, HKP_REQ_PREFIX_LEN + encoded_key_len + 1);
Edouard@321	1351	if(!request){
Edouard@321	1352	result = PEP_OUT_OF_MEMORY;
Edouard@321	1353	goto free_encoded_key;
Edouard@321	1354	}
krista@1435	1355
Edouard@321	1356	memcpy(request, HKP_REQ_PREFIX, HKP_REQ_PREFIX_LEN);
Edouard@321	1357	memcpy(request + HKP_REQ_PREFIX_LEN, encoded_key, encoded_key_len);
Edouard@321	1358	request[HKP_REQ_PREFIX_LEN + encoded_key_len] = '\0';
Edouard@321	1359
Edouard@321	1360	if(!stringlist_add(encoded_keys, request)){
roker@869	1361	free(request);
Edouard@318	1362	result = PEP_OUT_OF_MEMORY;
Edouard@318	1363	}
Edouard@321	1364
Edouard@321	1365	free(request);
Edouard@321	1366
Edouard@321	1367	free_encoded_key:
Edouard@318	1368	curl_free(encoded_key);
Edouard@321	1369
krista@1435	1370	free_buffer:
Edouard@321	1371	free(buffer);
Edouard@318	1372	}
Edouard@277	1373
Edouard@318	1374	return result;
Edouard@277	1375	}
Edouard@277	1376
Edouard@174	1377	PEP_STATUS pgp_send_key(PEP_SESSION session, const char *pattern)
Edouard@174	1378	{
Edouard@321	1379	static const char *ks_cmd = HKP_SERVER "/pks/add";
Edouard@318	1380
Edouard@277	1381	PEP_STATUS result;
roker@869	1382	CURL *curl = NULL;
Edouard@322	1383
Edouard@174	1384	assert(session);
Edouard@174	1385	assert(pattern);
Edouard@174	1386
Edouard@277	1387	if (!session \|\| !pattern )
Edouard@661	1388	return PEP_ILLEGAL_VALUE;
Edouard@277	1389
roker@869	1390	stringlist_t *encoded_keys = new_stringlist(NULL);
Edouard@318	1391	assert(encoded_keys);
Edouard@318	1392	if (encoded_keys == NULL) {
Edouard@318	1393	return PEP_OUT_OF_MEMORY;
Edouard@318	1394	}
Edouard@318	1395
Edouard@277	1396	if(pthread_mutex_lock(&netpgp_mutex)){
Edouard@322	1397	result = PEP_UNKNOWN_ERROR;
Edouard@322	1398	goto free_encoded_keys;
Edouard@277	1399	}
Edouard@174	1400
Edouard@318	1401	result = find_keys_do(pattern, &send_key_cb, (void*)encoded_keys);
Edouard@277	1402
Edouard@277	1403	pthread_mutex_unlock(&netpgp_mutex);
Edouard@277	1404
Edouard@322	1405	if(result != PEP_STATUS_OK){
Edouard@322	1406	goto free_encoded_keys;
Edouard@322	1407	}
Edouard@322	1408
Edouard@318	1409	if(pthread_mutex_lock(&session->ctx.curl_mutex)){
Edouard@322	1410	result = PEP_UNKNOWN_ERROR;
Edouard@322	1411	goto free_encoded_keys;
Edouard@322	1412	}
Edouard@322	1413
Edouard@322	1414	result = curl_get_ctx(&curl);
Edouard@322	1415	if(result != PEP_STATUS_OK){
Edouard@322	1416	goto unlock_curl;
Edouard@318	1417	}
Edouard@318	1418
Edouard@318	1419	if(result == PEP_STATUS_OK){
Edouard@318	1420	CURLcode curlres;
Edouard@318	1421
roker@869	1422	for (const stringlist_t *post = encoded_keys; post != NULL; post = post->next) {
Edouard@318	1423	assert(post->value);
Edouard@318	1424
Edouard@318	1425	curl_easy_setopt(curl, CURLOPT_URL, ks_cmd);
Edouard@318	1426	curl_easy_setopt(curl, CURLOPT_POST, 1L);
Edouard@318	1427	curl_easy_setopt(curl, CURLOPT_POSTFIELDS, post->value);
Edouard@318	1428	curl_easy_setopt(curl, CURLOPT_FAILONERROR, 1L);
Edouard@318	1429
Edouard@323	1430	// Uncomment if debugging
Edouard@323	1431	// curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L);
Edouard@318	1432
Edouard@318	1433	curlres = curl_easy_perform(curl);
Edouard@318	1434
Edouard@318	1435	if(curlres != CURLE_OK) {
Edouard@318	1436
Edouard@318	1437	result = PEP_CANNOT_SEND_KEY;
Edouard@322	1438	goto release_curl_ctx;
Edouard@318	1439	}
Edouard@318	1440	}
Edouard@318	1441	}
Edouard@318	1442
Edouard@322	1443	release_curl_ctx:
Edouard@322	1444	curl_release_ctx(&curl);
Edouard@322	1445	unlock_curl:
Edouard@322	1446	pthread_mutex_unlock(&session->ctx.curl_mutex);
Edouard@318	1447	free_encoded_keys:
Edouard@318	1448	free_stringlist(encoded_keys);
Edouard@318	1449
Edouard@277	1450	return result;
Edouard@174	1451	}
Edouard@174	1452
Edouard@174	1453
Edouard@174	1454	PEP_STATUS pgp_get_key_rating(
Edouard@174	1455	PEP_SESSION session,
Edouard@384	1456	const char *fprstr,
Edouard@174	1457	PEP_comm_type *comm_type
Edouard@174	1458	)
Edouard@174	1459	{
Edouard@412	1460	pgp_key_t *key;
Edouard@384	1461	uint8_t fpr[PGP_FINGERPRINT_SIZE];
Edouard@324	1462	unsigned from = 0;
Edouard@384	1463	size_t length;
Edouard@384	1464
Edouard@324	1465
Edouard@174	1466	PEP_STATUS status = PEP_STATUS_OK;
Edouard@174	1467
Edouard@174	1468	assert(session);
Edouard@384	1469	assert(fprstr);
Edouard@174	1470	assert(comm_type);
Edouard@174	1471
Edouard@384	1472	if (!session \|\| !fprstr \|\| !comm_type )
Edouard@661	1473	return PEP_ILLEGAL_VALUE;
Edouard@324	1474
Edouard@384	1475	*comm_type = PEP_ct_unknown;
Edouard@384	1476
Edouard@324	1477	if(pthread_mutex_lock(&netpgp_mutex)){
Edouard@324	1478	return PEP_UNKNOWN_ERROR;
Edouard@324	1479	}
Edouard@324	1480
Edouard@384	1481	if (!str_to_fpr(fprstr, fpr, &length)) {
Edouard@324	1482	status = PEP_ILLEGAL_VALUE;
Edouard@324	1483	goto unlock_netpgp;
Edouard@324	1484	}
krista@1435	1485
Edouard@384	1486	key = pgp_getkeybyfpr(
Edouard@384	1487	netpgp.io,
Edouard@384	1488	netpgp.pubring,
Edouard@391	1489	fpr, length, &from, NULL,0,0);
Edouard@174	1490
Edouard@324	1491	if(key == NULL)
Edouard@324	1492	{
Edouard@324	1493	status = PEP_KEY_NOT_FOUND;
Edouard@324	1494	goto unlock_netpgp;
Edouard@324	1495	}
Edouard@324	1496
Edouard@324	1497	switch(pgp_key_get_rating(key)){
Edouard@324	1498	case PGP_VALID:
Edouard@174	1499	*comm_type = PEP_ct_OpenPGP_unconfirmed;
Edouard@174	1500	break;
Edouard@324	1501	case PGP_WEAK:
Edouard@324	1502	*comm_type = PEP_ct_OpenPGP_weak_unconfirmed;
Edouard@324	1503	break;
Edouard@324	1504	case PGP_TOOSHORT:
Edouard@324	1505	*comm_type = PEP_ct_key_too_short;
Edouard@324	1506	break;
Edouard@324	1507	case PGP_INVALID:
Edouard@324	1508	*comm_type = PEP_ct_key_b0rken;
Edouard@324	1509	break;
Edouard@324	1510	case PGP_EXPIRED:
Edouard@324	1511	*comm_type = PEP_ct_key_expired;
Edouard@324	1512	break;
Edouard@324	1513	case PGP_REVOKED:
Edouard@324	1514	*comm_type = PEP_ct_key_revoked;
Edouard@174	1515	break;
Edouard@174	1516	default:
Edouard@324	1517	break;
Edouard@174	1518	}
Edouard@174	1519
Edouard@324	1520	unlock_netpgp:
Edouard@324	1521	pthread_mutex_unlock(&netpgp_mutex);
Edouard@174	1522
Edouard@174	1523	return status;
Edouard@174	1524	}
Edouard@210	1525
Edouard@210	1526	PEP_STATUS pgp_renew_key(
Edouard@210	1527	PEP_SESSION session,
Edouard@511	1528	const char *fprstr,
Edouard@210	1529	const timestamp *ts
Edouard@210	1530	)
Edouard@210	1531	{
Edouard@329	1532	pgp_key_t *pkey;
Edouard@329	1533	pgp_key_t *skey;
Edouard@511	1534	uint8_t fpr[PGP_FINGERPRINT_SIZE];
Edouard@511	1535	size_t length;
Edouard@329	1536	unsigned from = 0;
Edouard@412	1537	time_t duration;
Edouard@412	1538	const uint8_t *primid;
Edouard@329	1539
Edouard@210	1540	PEP_STATUS status = PEP_STATUS_OK;
Edouard@210	1541
Edouard@210	1542	assert(session);
Edouard@511	1543	assert(fprstr);
Edouard@329	1544
Edouard@511	1545	if (!session \|\| !fprstr )
Edouard@661	1546	return PEP_ILLEGAL_VALUE;
Edouard@329	1547
Edouard@329	1548	if(ts)
Edouard@329	1549	{
Edouard@329	1550	time_t now, when;
Edouard@329	1551	now = time(NULL);
Edouard@329	1552	when = mktime((struct tm*)ts);
Edouard@329	1553	if(now && when && when > now){
Edouard@412	1554	duration = when - now;
Edouard@329	1555	}else{
Edouard@329	1556	return PEP_ILLEGAL_VALUE;
Edouard@329	1557	}
Edouard@329	1558	}else{
Edouard@329	1559	/* Default 1 year from now */
Edouard@329	1560	duration = 365243600;
Edouard@329	1561	}
Edouard@329	1562
Edouard@329	1563	if(pthread_mutex_lock(&netpgp_mutex)){
Edouard@329	1564	return PEP_UNKNOWN_ERROR;
Edouard@329	1565	}
Edouard@210	1566
krista@1435	1567
Edouard@511	1568	if (!str_to_fpr(fprstr, fpr, &length)) {
Edouard@329	1569	status = PEP_ILLEGAL_VALUE;
Edouard@329	1570	goto unlock_netpgp;
Edouard@329	1571	}
krista@1435	1572
Edouard@511	1573	pkey = pgp_getkeybyfpr(
Edouard@511	1574	netpgp.io,
Edouard@511	1575	netpgp.pubring,
Edouard@511	1576	fpr, length, &from, NULL,
Edouard@511	1577	1, 0); /* reject revoked, accept expired */
Edouard@329	1578
Edouard@329	1579	if(pkey == NULL)
Edouard@329	1580	{
Edouard@329	1581	status = PEP_KEY_NOT_FOUND;
Edouard@329	1582	goto unlock_netpgp;
Edouard@329	1583	}
Edouard@329	1584
Edouard@329	1585	from = 0;
Edouard@511	1586	skey = pgp_getkeybyfpr(
Edouard@511	1587	netpgp.io,
Edouard@521	1588	netpgp.secring,
Edouard@511	1589	fpr, length, &from, NULL,
Edouard@511	1590	1, 0); /* reject revoked, accept expired */
Edouard@329	1591
Edouard@329	1592	if(skey == NULL)
Edouard@329	1593	{
Edouard@329	1594	status = PEP_KEY_NOT_FOUND;
Edouard@329	1595	goto unlock_netpgp;
Edouard@329	1596	}
Edouard@329	1597
Edouard@412	1598	if((primid = pgp_key_get_primary_userid(skey)) == NULL)
Edouard@329	1599	{
Edouard@329	1600	status = PEP_KEY_HAS_AMBIG_NAME;
Edouard@329	1601	goto unlock_netpgp;
Edouard@329	1602	}
Edouard@210	1603
Edouard@522	1604	// FIXME : renew in a more gentle way
Edouard@329	1605	if (!pgp_add_selfsigned_userid(skey, pkey, primid, duration))
Edouard@329	1606	{
Edouard@329	1607	status = PEP_CANNOT_CREATE_KEY;
Edouard@329	1608	goto unlock_netpgp;
Edouard@329	1609	}
Edouard@329	1610
Edouard@521	1611	// save rings
Edouard@521	1612	if (netpgp_save_pubring(&netpgp) &&
Edouard@521	1613	netpgp_save_secring(&netpgp))
Edouard@521	1614	{
Edouard@521	1615	status = PEP_STATUS_OK;
Edouard@521	1616	}else{
Edouard@521	1617	status = PEP_UNKNOWN_ERROR;
Edouard@521	1618	}
krista@1435	1619
Edouard@329	1620	unlock_netpgp:
Edouard@329	1621	pthread_mutex_unlock(&netpgp_mutex);
Edouard@329	1622
Edouard@329	1623	return status;
Edouard@210	1624	}
Edouard@210	1625
Edouard@226	1626	PEP_STATUS pgp_revoke_key(
Edouard@226	1627	PEP_SESSION session,
Edouard@522	1628	const char *fprstr,
Edouard@226	1629	const char *reason
Edouard@226	1630	)
Edouard@210	1631	{
Edouard@522	1632	uint8_t fpr[PGP_FINGERPRINT_SIZE];
Edouard@522	1633	size_t length;
Edouard@326	1634	unsigned from = 0;
Edouard@326	1635
Edouard@210	1636	PEP_STATUS status = PEP_STATUS_OK;
Edouard@326	1637
Edouard@210	1638	assert(session);
Edouard@522	1639	assert(fprstr);
Edouard@210	1640
Edouard@522	1641	if (!session \|\| !fprstr)
Edouard@210	1642	return PEP_UNKNOWN_ERROR;
Edouard@210	1643
Edouard@326	1644	if(pthread_mutex_lock(&netpgp_mutex)){
Edouard@326	1645	return PEP_UNKNOWN_ERROR;
Edouard@326	1646	}
Edouard@326	1647
Edouard@522	1648	// FIXME : deduplicate that code w/ renew
Edouard@522	1649	if (!str_to_fpr(fprstr, fpr, &length)) {
Edouard@326	1650	status = PEP_ILLEGAL_VALUE;
Edouard@326	1651	goto unlock_netpgp;
Edouard@326	1652	}
krista@1435	1653
roker@869	1654	pgp_key_t *pkey = pgp_getkeybyfpr(
Edouard@522	1655	netpgp.io,
Edouard@522	1656	netpgp.pubring,
Edouard@522	1657	fpr, length, &from, NULL,
Edouard@522	1658	1, 0); /* reject revoked, accept expired */
krista@1435	1659
Edouard@326	1660	if(pkey == NULL)
Edouard@326	1661	{
Edouard@326	1662	status = PEP_KEY_NOT_FOUND;
Edouard@326	1663	goto unlock_netpgp;
Edouard@326	1664	}
krista@1435	1665
Edouard@326	1666	from = 0;
roker@869	1667	pgp_key_t *skey = pgp_getkeybyfpr(
Edouard@522	1668	netpgp.io,
Edouard@522	1669	netpgp.secring,
Edouard@522	1670	fpr, length, &from, NULL,
Edouard@522	1671	1, 0); /* reject revoked, accept expired */
krista@1435	1672
Edouard@326	1673	if(skey == NULL)
Edouard@326	1674	{
Edouard@326	1675	status = PEP_KEY_NOT_FOUND;
Edouard@326	1676	goto unlock_netpgp;
Edouard@326	1677	}
Edouard@326	1678
Edouard@326	1679	pgp_key_revoke(skey, pkey,
Edouard@326	1680	0, /* no reason code specified */
Edouard@326	1681	reason);
Edouard@326	1682
Edouard@326	1683	unlock_netpgp:
Edouard@326	1684	pthread_mutex_unlock(&netpgp_mutex);
Edouard@326	1685
Edouard@326	1686	return status;
Edouard@210	1687	}
Edouard@210	1688
Edouard@226	1689	PEP_STATUS pgp_key_expired(
Edouard@226	1690	PEP_SESSION session,
Edouard@661	1691	const char *fprstr,
Edouard@701	1692	const time_t when,
Edouard@226	1693	bool *expired
Edouard@226	1694	)
Edouard@226	1695	{
Edouard@226	1696	PEP_STATUS status = PEP_STATUS_OK;
Edouard@325	1697	PEP_comm_type comm_type;
Edouard@226	1698
Edouard@226	1699	assert(session);
Edouard@661	1700	assert(fprstr);
Edouard@226	1701	assert(expired);
Edouard@226	1702
Edouard@661	1703	if (!session \|\| !fprstr \|\| !expired)
Edouard@661	1704	return PEP_UNKNOWN_ERROR;
Edouard@661	1705
krista@1435	1706	// TODO : take "when" in account
Edouard@661	1707
Edouard@226	1708	*expired = false;
Edouard@226	1709
Edouard@661	1710	status = pgp_get_key_rating(session, fprstr, &comm_type);
Edouard@325	1711
Edouard@226	1712	if (status != PEP_STATUS_OK)
Edouard@226	1713	return status;
Edouard@226	1714
Edouard@325	1715	if (comm_type == PEP_ct_key_expired){
Edouard@325	1716	*expired = true;
Edouard@325	1717	}
Edouard@325	1718
Edouard@226	1719	return PEP_STATUS_OK;
Edouard@226	1720	}
Edouard@226	1721
Edouard@661	1722	PEP_STATUS pgp_key_revoked(
Edouard@661	1723	PEP_SESSION session,
Edouard@661	1724	const char *fprstr,
Edouard@661	1725	bool *revoked
Edouard@661	1726	)
Edouard@661	1727	{
Edouard@661	1728	PEP_STATUS status = PEP_STATUS_OK;
Edouard@661	1729	PEP_comm_type comm_type;
krista@1435	1730
Edouard@661	1731	assert(session);
Edouard@661	1732	assert(fprstr);
Edouard@661	1733	assert(revoked);
krista@1435	1734
Edouard@661	1735	*revoked = false;
krista@1435	1736
Edouard@661	1737	status = pgp_get_key_rating(session, fprstr, &comm_type);
krista@1435	1738
Edouard@661	1739	if (status != PEP_STATUS_OK)
Edouard@661	1740	return status;
krista@1435	1741
Edouard@661	1742	if (comm_type == PEP_ct_key_revoked){
Edouard@661	1743	*revoked = true;
Edouard@661	1744	}
krista@1435	1745
Edouard@661	1746	return PEP_STATUS_OK;
Edouard@661	1747	}
krista@1010	1748
dirk@973	1749	PEP_STATUS pgp_key_created(
dirk@973	1750	PEP_SESSION session,
dirk@973	1751	const char *fprstr,
dirk@973	1752	time_t *created
dirk@973	1753	)
dirk@973	1754	{
dirk@973	1755	uint8_t fpr[PGP_FINGERPRINT_SIZE];
dirk@973	1756	pgp_key_t *key;
dirk@973	1757	size_t length;
dirk@973	1758	unsigned from = 0;
dirk@973	1759
dirk@973	1760	PEP_STATUS status = PEP_STATUS_OK;
dirk@973	1761
dirk@973	1762	assert(session);
dirk@973	1763	assert(fprstr);
dirk@973	1764	assert(created);
dirk@973	1765
dirk@973	1766	if (!session \|\| !fprstr \|\| !created)
dirk@973	1767	return PEP_UNKNOWN_ERROR;
dirk@973	1768
dirk@973	1769	*created = 0;
dirk@973	1770
dirk@973	1771	if(pthread_mutex_lock(&netpgp_mutex)){
dirk@973	1772	return PEP_UNKNOWN_ERROR;
dirk@973	1773	}
dirk@973	1774
dirk@973	1775	if (!str_to_fpr(fprstr, fpr, &length)) {
dirk@973	1776	status = PEP_ILLEGAL_VALUE;
dirk@973	1777	goto unlock_netpgp;
dirk@973	1778	}
krista@1435	1779
dirk@973	1780	key = pgp_getkeybyfpr(
dirk@973	1781	netpgp.io,
dirk@973	1782	netpgp.pubring,
dirk@973	1783	fpr, length, &from, NULL,0,0);
dirk@973	1784
dirk@973	1785	if (key)
dirk@973	1786	{
dirk@973	1787	*created = (time_t) key->key.pubkey.birthtime;
dirk@973	1788	}
dirk@973	1789	else
dirk@973	1790	{
dirk@973	1791	status = PEP_KEY_NOT_FOUND;
dirk@973	1792	goto unlock_netpgp;
dirk@973	1793	}
krista@1435	1794
dirk@973	1795
dirk@973	1796
dirk@973	1797	unlock_netpgp:
dirk@973	1798	pthread_mutex_unlock(&netpgp_mutex);
dirk@973	1799
dirk@973	1800	return status;
dirk@973	1801	}
roker@1057	1802
krista@1018	1803
krista@1030	1804	PEP_STATUS pgp_list_keyinfo(
krista@1030	1805	PEP_SESSION session, const char* pattern, stringpair_list_t** keyinfo_list)
krista@1030	1806	{
krista@1435	1807
krista@1030	1808	if (!session \|\| !keyinfo_list)
krista@1030	1809	return PEP_UNKNOWN_ERROR;
krista@1435	1810
krista@1030	1811	if (pthread_mutex_lock(&netpgp_mutex))
krista@1030	1812	{
krista@1030	1813	return PEP_UNKNOWN_ERROR;
krista@1018	1814	}
krista@1435	1815
hernani@1390	1816	// Unused:
hernani@1390	1817	// pgp_key_t *key;
krista@1010	1818
krista@1010	1819	PEP_STATUS result;
krista@1435	1820
krista@1031	1821	result = find_keys_do(pattern, &add_keyinfo_to_stringpair_list, (void*)keyinfo_list);
krista@1435	1822
krista@1031	1823	if (!keyinfo_list)
krista@1031	1824	result = PEP_KEY_NOT_FOUND;
krista@1435	1825
krista@1030	1826	pthread_mutex_unlock(&netpgp_mutex);
krista@1435	1827
krista@1018	1828	return result;
krista@1018	1829	}
krista@1362	1830
krista@1362	1831	/* copied from find_keys, but we need to use a callback that filters. */
krista@1363	1832	PEP_STATUS pgp_find_private_keys(
krista@1362	1833	PEP_SESSION session, const char pattern, stringlist_t *keylist)
krista@1362	1834	{
krista@1362	1835	stringlist_t _keylist, _k;
krista@1435	1836
krista@1362	1837	PEP_STATUS result;
krista@1435	1838
krista@1362	1839	assert(session);
krista@1362	1840	assert(pattern);
krista@1362	1841	assert(keylist);
krista@1435	1842
krista@1362	1843	if (!session \|\| !pattern \|\| !keylist )
krista@1362	1844	{
krista@1362	1845	return PEP_ILLEGAL_VALUE;
krista@1362	1846	}
krista@1435	1847
krista@1362	1848	if (pthread_mutex_lock(&netpgp_mutex))
krista@1362	1849	{
krista@1362	1850	return PEP_UNKNOWN_ERROR;
krista@1362	1851	}
krista@1435	1852
krista@1362	1853	*keylist = NULL;
krista@1362	1854	_keylist = new_stringlist(NULL);
krista@1362	1855	if (_keylist == NULL) {
krista@1362	1856	result = PEP_OUT_OF_MEMORY;
krista@1362	1857	goto unlock_netpgp;
krista@1362	1858	}
krista@1362	1859	_k = _keylist;
krista@1435	1860
krista@1362	1861	result = find_keys_do(pattern, &add_secret_key_fpr_to_stringlist, &_k);
krista@1435	1862
krista@1362	1863	if (result == PEP_STATUS_OK) {
krista@1362	1864	*keylist = _keylist;
krista@1362	1865	// Transfer ownership, no free
krista@1362	1866	goto unlock_netpgp;
krista@1362	1867	}
krista@1435	1868
krista@1362	1869	free_stringlist(_keylist);
krista@1435	1870
krista@1362	1871	unlock_netpgp:
krista@1362	1872	pthread_mutex_unlock(&netpgp_mutex);
krista@1435	1873
krista@1435	1874	return result;
krista@1362	1875	}
krista@1362	1876
krista@1362	1877	PEP_STATUS pgp_contains_priv_key(
krista@1435	1878	PEP_SESSION session,
krista@1362	1879	const char *fpr,
krista@1362	1880	bool *has_private) {
krista@1362	1881	stringlist_t* keylist = NULL;
krista@1363	1882	PEP_STATUS status = pgp_find_private_keys(session, fpr, &keylist);
krista@1362	1883	if (status == PEP_STATUS_OK && keylist) {
krista@1362	1884	free_stringlist(keylist);
krista@1362	1885	*has_private = true;
krista@1362	1886	}
krista@1362	1887	else {
krista@1362	1888	has_private = false;
krista@1362	1889	}
krista@1362	1890	return status;
krista@1362	1891	}

author	Edouard Tisserant <edouard@pep-project.org>
	Tue, 21 Mar 2017 11:18:34 +0100
changeset 1693	7cbc1b22a250
parent 1677	e02c53c94550
child 1694	032e59ccdd93
permissions	-rw-r--r--