repos/pEpEngine: src/pgp_netpgp.c@fb80b70e844d (annotated)

Edouard@174	1	#include "pEp_internal.h"
Edouard@174	2	#include "pgp_netpgp.h"
Edouard@174	3
Edouard@174	4	#include <limits.h>
Edouard@174	5
Edouard@174	6	#include "wrappers.h"
Edouard@174	7
Edouard@174	8	#include <netpgp.h>
Edouard@179	9	#include <netpgp/config.h>
Edouard@179	10	#include <netpgp/memory.h>
Edouard@179	11	#include <netpgp/crypto.h>
Edouard@180	12	#include <netpgp/netpgpsdk.h>
Edouard@180	13	#include <netpgp/validate.h>
Edouard@228	14	#include <netpgp/readerwriter.h>
Edouard@179	15
Edouard@252	16	#include <curl/curl.h>
Edouard@252	17	#include <pthread.h>
Edouard@188	18	#include <regex.h>
Edouard@188	19
Edouard@252	20	static netpgp_t netpgp;
Edouard@254	21	static pthread_mutex_t netpgp_mutex;
Edouard@252	22
Edouard@263	23	static PEP_STATUS init_netpgp()
Edouard@174	24	{
Edouard@174	25	PEP_STATUS status = PEP_STATUS_OK;
Edouard@175	26	const char *home = NULL;
Edouard@179	27
Edouard@252	28	if(pthread_mutex_init(&netpgp_mutex, NULL)){
Edouard@252	29	return PEP_OUT_OF_MEMORY;
Edouard@252	30	}
Edouard@252	31
Edouard@263	32	if(pthread_mutex_lock(&netpgp_mutex)){
Edouard@252	33	return PEP_UNKNOWN_ERROR;
Edouard@252	34	}
Edouard@174	35
Edouard@263	36	if (strcmp(setlocale(LC_ALL, NULL), "C") == 0)
Edouard@263	37	setlocale(LC_ALL, "");
Edouard@174	38
Edouard@263	39	memset(&netpgp, 0x0, sizeof(netpgp_t));
Edouard@180	40
Edouard@263	41	// netpgp_setvar(&netpgp, "max mem alloc", "4194304");
Edouard@263	42	netpgp_setvar(&netpgp, "need seckey", "1");
Edouard@315	43	// netpgp_setvar(&netpgp, "need userid", "1");
Edouard@252	44
Edouard@263	45	// NetPGP shares home with GPG
Edouard@263	46	home = gpg_home();
Edouard@263	47	if(home){
Edouard@263	48	netpgp_set_homedir(&netpgp,(char*)home, NULL, 0);
Edouard@263	49	}else{
Edouard@263	50	status = PEP_INIT_NO_GPG_HOME;
Edouard@263	51	goto unlock_netpgp;
Edouard@174	52	}
Edouard@174	53
Edouard@263	54	// pair with gpg's cert-digest-algo
Edouard@263	55	netpgp_setvar(&netpgp, "hash", "SHA256");
Edouard@263	56
Edouard@263	57	// subset of gpg's personal-cipher-preferences
Edouard@263	58	// here only one cipher can be selected
Edouard@263	59	netpgp_setvar(&netpgp, "cipher", "CAST5");
Edouard@263	60
Edouard@263	61	if (!netpgp_init(&netpgp)) {
Edouard@263	62	status = PEP_INIT_NETPGP_INIT_FAILED;
Edouard@263	63	goto unlock_netpgp;
Edouard@263	64	}
Edouard@175	65
Edouard@315	66	// netpgp_set_debug("packet-parse.c");
Edouard@315	67
Edouard@252	68	unlock_netpgp:
Edouard@252	69	pthread_mutex_unlock(&netpgp_mutex);
Edouard@263	70
Edouard@263	71	return status;
Edouard@263	72	}
Edouard@175	73
Edouard@263	74	static void release_netpgp()
Edouard@263	75	{
Edouard@263	76	if(pthread_mutex_lock(&netpgp_mutex)){
Edouard@263	77	return;
Edouard@263	78	}
Edouard@263	79	netpgp_end(&netpgp);
Edouard@263	80	memset(&netpgp, 0x0, sizeof(netpgp_t));
Edouard@263	81
Edouard@263	82	pthread_mutex_destroy(&netpgp_mutex);
Edouard@263	83
Edouard@263	84	return;
Edouard@263	85	}
Edouard@263	86
Edouard@263	87	static PEP_STATUS init_curl(
Edouard@263	88	CURL **curl,
Edouard@263	89	pthread_mutex_t *curl_mutex,
Edouard@263	90	bool in_first)
Edouard@263	91	{
Edouard@263	92	PEP_STATUS status = PEP_STATUS_OK;
Edouard@263	93	struct curl_slist *headers=NULL;
Edouard@263	94
Edouard@263	95	if(pthread_mutex_init(curl_mutex, NULL)){
Edouard@263	96	return PEP_OUT_OF_MEMORY;
Edouard@263	97	}
Edouard@263	98
Edouard@263	99	if(pthread_mutex_lock(curl_mutex)){
Edouard@263	100	return PEP_UNKNOWN_ERROR;
Edouard@263	101	}
Edouard@263	102
Edouard@263	103	if(in_first){
Edouard@263	104	curl_global_init(CURL_GLOBAL_DEFAULT);
Edouard@263	105	}
Edouard@263	106
Edouard@263	107	if ((*curl = curl_easy_init()) == NULL) {
Edouard@263	108	return PEP_OUT_OF_MEMORY;
Edouard@263	109	}
Edouard@263	110
Edouard@263	111	curl_easy_setopt(*curl, CURLOPT_FOLLOWLOCATION, 1L);
Edouard@263	112	curl_easy_setopt(*curl, CURLOPT_MAXREDIRS, 3L);
Edouard@263	113
Edouard@263	114	headers=curl_slist_append(headers,"Pragma: no-cache");
Edouard@263	115	if(headers)
Edouard@263	116	headers=curl_slist_append(headers,"Cache-Control: no-cache");
Edouard@263	117
Edouard@263	118	if(!headers)
Edouard@263	119	{
Edouard@263	120	status = PEP_OUT_OF_MEMORY;
Edouard@263	121	goto unlock_curl;
Edouard@174	122	}
Edouard@174	123
Edouard@263	124	curl_easy_setopt(curl,CURLOPT_HTTPHEADER,headers);
Edouard@263	125	curl_slist_free_all(headers);
Edouard@263	126
Edouard@263	127	// TODO curl_easy_setopt(curl,CURLOPT_PROXY,proxy);
Edouard@263	128
Edouard@263	129	unlock_curl:
Edouard@263	130	pthread_mutex_unlock(curl_mutex);
Edouard@174	131	return status;
Edouard@174	132	}
Edouard@174	133
Edouard@263	134	static void release_curl(
Edouard@263	135	CURL **curl,
Edouard@263	136	pthread_mutex_t *curl_mutex,
Edouard@263	137	bool out_last)
Edouard@263	138	{
Edouard@263	139	if(pthread_mutex_lock(curl_mutex)){
Edouard@263	140	return;
Edouard@263	141	}
Edouard@263	142
Edouard@263	143	if(*curl)
Edouard@263	144	curl_easy_cleanup(*curl);
Edouard@263	145
Edouard@263	146	*curl = NULL;
Edouard@263	147
Edouard@263	148	if(out_last){
Edouard@263	149	curl_global_cleanup();
Edouard@263	150	}
Edouard@263	151
Edouard@263	152	pthread_mutex_destroy(curl_mutex);
Edouard@263	153
Edouard@263	154	return;
Edouard@263	155	}
Edouard@263	156
Edouard@263	157	PEP_STATUS pgp_init(PEP_SESSION session, bool in_first)
Edouard@263	158	{
Edouard@263	159	PEP_STATUS status = PEP_STATUS_OK;
Edouard@263	160
Edouard@263	161	assert(session);
Edouard@263	162	if(!session) return PEP_UNKNOWN_ERROR;
Edouard@263	163
Edouard@263	164	if (in_first) {
Edouard@263	165	if((status = init_netpgp()) != PEP_STATUS_OK)
Edouard@263	166	return status;
Edouard@263	167	}
Edouard@263	168
Edouard@263	169	if((status = init_curl(
Edouard@263	170	&session->ctx.curl,
Edouard@263	171	&session->ctx.curl_mutex,
Edouard@263	172	in_first) != PEP_STATUS_OK)){
Edouard@263	173	if(in_first) release_netpgp();
Edouard@263	174	return status;
Edouard@263	175	}
Edouard@263	176
Edouard@263	177	return PEP_STATUS_OK;
Edouard@263	178	}
Edouard@263	179
Edouard@174	180	void pgp_release(PEP_SESSION session, bool out_last)
Edouard@174	181	{
Edouard@179	182	assert(session);
Edouard@179	183	if(!session) return;
Edouard@179	184
Edouard@263	185	if (out_last){
Edouard@263	186	release_netpgp();
Edouard@252	187	}
Edouard@263	188	release_curl(&session->ctx.curl, &session->ctx.curl_mutex, out_last);
Edouard@174	189	}
Edouard@174	190
Edouard@207	191	// return 1 if the file contains ascii-armoured text
Edouard@207	192	// buf MUST be \0 terminated to be checked for armour
Edouard@188	193	static unsigned
Edouard@188	194	_armoured(const char buf, size_t size, const char pattern)
Edouard@188	195	{
Edouard@188	196	unsigned armoured = 0;
Edouard@188	197	if(buf[size]=='\0'){
Edouard@188	198	regex_t r;
Edouard@188	199	regcomp(&r, pattern, REG_EXTENDED\|REG_NEWLINE\|REG_NOSUB);
Edouard@188	200	if (regexec(&r, buf, 0, NULL, 0) == 0) {
Edouard@188	201	armoured = 1;
Edouard@188	202	}
Edouard@188	203	regfree(&r);
Edouard@188	204	}
Edouard@188	205	return armoured;
Edouard@188	206	}
Edouard@188	207
Edouard@227	208	/* return key ID's hexdump as a string */
Edouard@315	209	static void id_to_str(const uint8_t keyid, char str)
Edouard@225	210	{
Edouard@225	211	int i;
Edouard@225	212	static const char *hexes = "0123456789abcdef";
Edouard@315	213	for (i = 0; i < PGP_KEY_ID_SIZE ; i++) {
Edouard@315	214	str[i * 2] = hexes[(unsigned)(keyid[i] & 0xf0) >> 4];
Edouard@315	215	str[(i * 2) + 1] = hexes[keyid[i] & 0xf];
Edouard@225	216	}
Edouard@315	217	str[PGP_KEY_ID_SIZE * 2] = 0x0;
Edouard@315	218	}
Edouard@315	219
Edouard@315	220	/* return key ID's hexdump as a string */
Edouard@315	221	static unsigned str_to_id(uint8_t keyid, const char str)
Edouard@315	222	{
Edouard@315	223	int i, n;
Edouard@315	224	static const char *hexes = "0123456789abcdef";
Edouard@315	225	for (i = 0; i < PGP_KEY_ID_SIZE ; i++) {
Edouard@315	226	uint8_t b = 0;
Edouard@315	227	for (n = 0; n < 2; n++) {
Edouard@315	228	char c = str[i * 2 + n];
Edouard@315	229	uint8_t q;
Edouard@315	230	if(c >= '0' && c <= '9'){
Edouard@315	231	q = (c - '0');
Edouard@315	232	}else if(c >= 'a' && c <= 'z'){
Edouard@315	233	q = (c - 'a' + 0xA);
Edouard@315	234	}else if(c >= 'A' && c <= 'Z'){
Edouard@315	235	q = (c - 'A' + 0xA);
Edouard@315	236	}else{
Edouard@315	237	return 0;
Edouard@315	238	}
Edouard@315	239	b \|= q << (4 * (1 - n));
Edouard@315	240	}
Edouard@315	241	keyid[i] = b;
Edouard@315	242	}
Edouard@315	243	return 1;
Edouard@225	244	}
Edouard@225	245
Edouard@185	246	// Iterate through netpgp' reported valid signatures
Edouard@185	247	// fill a list of valid figerprints
Edouard@185	248	// returns PEP_STATUS_OK if all sig reported valid
Edouard@185	249	// error status otherwise.
Edouard@279	250	static PEP_STATUS _validation_results(
Edouard@279	251	netpgp_t *netpgp,
Edouard@279	252	pgp_validation_t *vresult,
Edouard@279	253	stringlist_t **_keylist
Edouard@279	254	)
Edouard@185	255	{
Edouard@188	256	time_t now;
Edouard@188	257	time_t t;
Edouard@188	258	char buf[128];
Edouard@185	259
Edouard@188	260	now = time(NULL);
Edouard@188	261	if (now < vresult->birthtime) {
Edouard@188	262	// signature is not valid yet
Edouard@188	263	return PEP_UNENCRYPTED;
Edouard@188	264	}
Edouard@188	265	if (vresult->duration != 0 && now > vresult->birthtime + vresult->duration) {
Edouard@188	266	// signature has expired
Edouard@188	267	t = vresult->duration + vresult->birthtime;
Edouard@188	268	return PEP_UNENCRYPTED;
Edouard@188	269	}
Edouard@185	270	if (vresult->validc && vresult->valid_sigs &&
Edouard@185	271	!vresult->invalidc && !vresult->unknownc ) {
Edouard@185	272	unsigned n;
Edouard@185	273	stringlist_t *k;
Edouard@185	274	// caller responsible to free
Edouard@185	275	*_keylist = new_stringlist(NULL);
Edouard@185	276	assert(*_keylist);
Edouard@185	277	if (*_keylist == NULL) {
Edouard@185	278	return PEP_OUT_OF_MEMORY;
Edouard@185	279	}
Edouard@185	280	k = *_keylist;
Edouard@185	281	for (n = 0; n < vresult->validc; ++n) {
Edouard@185	282	char id[MAX_ID_LENGTH + 1];
Edouard@315	283	const uint8_t *keyid = vresult->valid_sigs[n].signer_id;
Edouard@185	284
Edouard@315	285	id_to_str(keyid, id);
Edouard@185	286
Edouard@185	287	k = stringlist_add(k, id);
Edouard@185	288	if(!k){
Edouard@185	289	free_stringlist(*_keylist);
Edouard@185	290	return PEP_OUT_OF_MEMORY;
Edouard@185	291	}
Edouard@185	292	}
Edouard@185	293	return PEP_STATUS_OK;
Edouard@185	294	}
Edouard@185	295	if (vresult->validc + vresult->invalidc + vresult->unknownc == 0) {
Edouard@185	296	// No signatures found - is this memory signed?
Edouard@185	297	return PEP_VERIFY_NO_KEY;
Edouard@185	298	}
Edouard@185	299
Edouard@185	300	if (vresult->invalidc) {
Edouard@185	301	// some invalid signatures
Edouard@185	302	return PEP_DECRYPT_SIGNATURE_DOES_NOT_MATCH;
Edouard@185	303	}
Edouard@185	304
Edouard@185	305	// only unknown sigs
Edouard@185	306	return PEP_DECRYPT_WRONG_FORMAT;
Edouard@185	307	}
Edouard@185	308
Edouard@207	309	#define ARMOR_HEAD "^-----BEGIN PGP MESSAGE-----\\s*$"
Edouard@174	310	PEP_STATUS pgp_decrypt_and_verify(
Edouard@174	311	PEP_SESSION session, const char *ctext, size_t csize,
Edouard@174	312	char *ptext, size_t psize, stringlist_t **keylist
Edouard@174	313	)
Edouard@174	314	{
Edouard@185	315	pgp_memory_t *mem;
Edouard@185	316	pgp_memory_t *cat;
Edouard@185	317	pgp_validation_t *vresult;
Edouard@180	318	char *_ptext = NULL;
Edouard@180	319	size_t _psize = 0;
Edouard@185	320	int ret;
Edouard@179	321
Edouard@174	322	PEP_STATUS result;
Edouard@174	323	stringlist_t *_keylist = NULL;
Edouard@174	324	int i_key = 0;
Edouard@174	325
Edouard@174	326	assert(session);
Edouard@174	327	assert(ctext);
Edouard@174	328	assert(csize);
Edouard@174	329	assert(ptext);
Edouard@174	330	assert(psize);
Edouard@174	331	assert(keylist);
Edouard@174	332
Edouard@179	333	if(!session \|\| !ctext \|\| !csize \|\| !ptext \|\| !psize \|\| !keylist)
Edouard@179	334	return PEP_UNKNOWN_ERROR;
Edouard@179	335
Edouard@263	336	if(pthread_mutex_lock(&netpgp_mutex)){
Edouard@252	337	return PEP_UNKNOWN_ERROR;
Edouard@252	338	}
Edouard@179	339
Edouard@174	340	*ptext = NULL;
Edouard@174	341	*psize = 0;
Edouard@174	342	*keylist = NULL;
Edouard@174	343
Edouard@183	344	vresult = malloc(sizeof(pgp_validation_t));
Edouard@185	345	memset(vresult, 0x0, sizeof(pgp_validation_t));
Edouard@182	346
Edouard@252	347	mem = pgp_decrypt_and_validate_buf(netpgp.io, vresult, ctext, csize,
Edouard@252	348	netpgp.secring, netpgp.pubring,
Edouard@188	349	_armoured(ctext, csize, ARMOR_HEAD),
Edouard@179	350	0 /* sshkeys */,
Edouard@180	351	NULL, -1, NULL /* pass fp,attempts,cb */);
Edouard@179	352	if (mem == NULL) {
Edouard@252	353	result = PEP_OUT_OF_MEMORY;
Edouard@252	354	goto unlock_netpgp;
Edouard@179	355	}
Edouard@179	356
Edouard@185	357	_psize = pgp_mem_len(mem);
Edouard@182	358	if (_psize){
Edouard@272	359	if ((_ptext = malloc(_psize + 1)) == NULL) {
Edouard@183	360	result = PEP_OUT_OF_MEMORY;
Edouard@183	361	goto free_pgp;
Edouard@182	362	}
Edouard@185	363	memcpy(_ptext, pgp_mem_data(mem), _psize);
Edouard@272	364	_ptext[_psize] = '\0'; // safeguard for naive users
Edouard@182	365	result = PEP_DECRYPTED;
Edouard@182	366	}else{
Edouard@183	367	result = PEP_DECRYPT_NO_KEY;
Edouard@183	368	goto free_pgp;
Edouard@182	369	}
Edouard@180	370
Edouard@185	371	if (result == PEP_DECRYPTED) {
Edouard@252	372	result = _validation_results(&netpgp, vresult, &_keylist);
Edouard@185	373	if (result != PEP_STATUS_OK) {
Edouard@185	374	goto free_ptext;
Edouard@183	375	}
Edouard@180	376	result = PEP_DECRYPTED_AND_VERIFIED;
Edouard@180	377	}
Edouard@174	378
Edouard@180	379	if (result == PEP_DECRYPTED_AND_VERIFIED
Edouard@180	380	\|\| result == PEP_DECRYPTED) {
Edouard@180	381	*ptext = _ptext;
Edouard@180	382	*psize = _psize;
Edouard@180	383	(ptext)[psize] = 0; // safeguard for naive users
Edouard@185	384	if (result == PEP_DECRYPTED_AND_VERIFIED) {
Edouard@185	385	*keylist = _keylist;
Edouard@185	386	}
Edouard@183	387
Edouard@183	388	/* _ptext and _keylist ownership transfer, don't free */
Edouard@183	389	goto free_pgp;
Edouard@180	390	}
Edouard@183	391
Edouard@183	392	free_keylist:
Edouard@183	393	free_stringlist(_keylist);
Edouard@183	394
Edouard@183	395	free_ptext:
Edouard@183	396	free(_ptext);
Edouard@183	397
Edouard@183	398	free_pgp:
Edouard@185	399	pgp_memory_free(mem);
Edouard@183	400	pgp_validate_result_free(vresult);
Edouard@183	401
Edouard@252	402	unlock_netpgp:
Edouard@252	403	pthread_mutex_unlock(&netpgp_mutex);
Edouard@252	404
Edouard@174	405	return result;
Edouard@174	406	}
Edouard@174	407
Edouard@207	408	#define ARMOR_SIG_HEAD "^-----BEGIN PGP (SIGNATURE\|SIGNED MESSAGE)-----\\s*$"
Edouard@174	409	PEP_STATUS pgp_verify_text(
Edouard@174	410	PEP_SESSION session, const char *text, size_t size,
Edouard@174	411	const char signature, size_t sig_size, stringlist_t *keylist
Edouard@174	412	)
Edouard@174	413	{
Edouard@185	414	pgp_memory_t *signedmem;
Edouard@185	415	pgp_memory_t *sig;
Edouard@185	416	pgp_validation_t *vresult;
Edouard@185	417
Edouard@174	418	PEP_STATUS result;
Edouard@174	419	stringlist_t *_keylist;
Edouard@174	420
Edouard@174	421	assert(session);
Edouard@174	422	assert(text);
Edouard@174	423	assert(size);
Edouard@174	424	assert(signature);
Edouard@174	425	assert(sig_size);
Edouard@174	426	assert(keylist);
Edouard@174	427
Edouard@185	428	if(!session \|\| !text \|\| !size \|\| !signature \|\| !sig_size \|\| !keylist)
Edouard@185	429	return PEP_UNKNOWN_ERROR;
Edouard@185	430
Edouard@263	431	if(pthread_mutex_lock(&netpgp_mutex)){
Edouard@252	432	return PEP_UNKNOWN_ERROR;
Edouard@252	433	}
Edouard@185	434
Edouard@174	435	*keylist = NULL;
Edouard@185	436
Edouard@185	437	vresult = malloc(sizeof(pgp_validation_t));
Edouard@276	438	if (vresult == NULL) {
Edouard@276	439	result = PEP_OUT_OF_MEMORY;
Edouard@276	440	goto unlock_netpgp;
Edouard@276	441	}
Edouard@185	442	memset(vresult, 0x0, sizeof(pgp_validation_t));
Edouard@185	443
Edouard@185	444	signedmem = pgp_memory_new();
Edouard@185	445	if (signedmem == NULL) {
Edouard@252	446	result = PEP_OUT_OF_MEMORY;
Edouard@252	447	goto unlock_netpgp;
Edouard@185	448	}
Edouard@185	449	pgp_memory_add(signedmem, (const uint8_t*)text, size);
Edouard@185	450
Edouard@185	451	sig = pgp_memory_new();
Edouard@185	452	if (sig == NULL) {
Edouard@185	453	pgp_memory_free(signedmem);
Edouard@252	454	result = PEP_OUT_OF_MEMORY;
Edouard@252	455	goto unlock_netpgp;
Edouard@185	456	}
Edouard@185	457	pgp_memory_add(sig, (const uint8_t*)signature, sig_size);
Edouard@185	458
Edouard@252	459	pgp_validate_mem_detached(netpgp.io, vresult, sig,
Edouard@185	460	NULL,/* output */
Edouard@207	461	_armoured(signature, sig_size, ARMOR_SIG_HEAD),
Edouard@252	462	netpgp.pubring,
Edouard@185	463	signedmem);
Edouard@185	464
Edouard@252	465	result = _validation_results(&netpgp, vresult, &_keylist);
Edouard@185	466	if (result != PEP_STATUS_OK) {
Edouard@185	467	goto free_pgp;
Edouard@185	468	}else{
Edouard@185	469	result = PEP_VERIFIED;
Edouard@185	470	}
Edouard@185	471
Edouard@185	472	if (result == PEP_VERIFIED) {
Edouard@185	473	/* TODO : check trust level */
Edouard@185	474	result = PEP_VERIFIED_AND_TRUSTED;
Edouard@185	475	}
Edouard@185	476
Edouard@185	477	if (result == PEP_VERIFIED \|\| result == PEP_VERIFIED_AND_TRUSTED) {
Edouard@185	478	*keylist = _keylist;
Edouard@185	479
Edouard@185	480	/* _keylist ownership transfer, don't free */
Edouard@185	481	goto free_pgp;
Edouard@185	482	}
Edouard@185	483
Edouard@185	484	free_keylist:
Edouard@185	485	free_stringlist(_keylist);
Edouard@185	486
Edouard@185	487	free_pgp:
Edouard@187	488	// free done by pgp_validate_mem_detached
Edouard@187	489	// pgp_memory_free(sig);
Edouard@187	490	// pgp_memory_free(signedmem);
Edouard@185	491	pgp_validate_result_free(vresult);
Edouard@185	492
Edouard@252	493	unlock_netpgp:
Edouard@252	494	pthread_mutex_unlock(&netpgp_mutex);
Edouard@252	495
Edouard@185	496	return result;
Edouard@174	497	}
Edouard@174	498
Edouard@174	499	PEP_STATUS pgp_encrypt_and_sign(
Edouard@174	500	PEP_SESSION session, const stringlist_t keylist, const char ptext,
Edouard@174	501	size_t psize, char *ctext, size_t csize
Edouard@174	502	)
Edouard@174	503	{
Edouard@315	504	const pgp_key_t *signer = NULL;
Edouard@315	505	const pgp_seckey_t *seckey = NULL;
Edouard@209	506	pgp_memory_t *signedmem;
Edouard@209	507	pgp_memory_t *cmem;
Edouard@207	508	const char *hashalg;
Edouard@209	509	pgp_keyring_t *rcpts;
Edouard@207	510
Edouard@174	511	PEP_STATUS result;
Edouard@174	512	const stringlist_t *_keylist;
Edouard@174	513
Edouard@174	514	assert(session);
Edouard@174	515	assert(keylist);
Edouard@174	516	assert(ptext);
Edouard@174	517	assert(psize);
Edouard@174	518	assert(ctext);
Edouard@174	519	assert(csize);
Edouard@174	520
Edouard@207	521	if(!session \|\| !ptext \|\| !psize \|\| !ctext \|\| !csize \|\| !keylist)
Edouard@207	522	return PEP_UNKNOWN_ERROR;
Edouard@207	523
Edouard@263	524	if(pthread_mutex_lock(&netpgp_mutex)){
Edouard@252	525	return PEP_UNKNOWN_ERROR;
Edouard@252	526	}
Edouard@208	527
Edouard@174	528	*ctext = NULL;
Edouard@174	529	*csize = 0;
Edouard@174	530
Edouard@315	531	if ((rcpts = calloc(1, sizeof(*rcpts))) == NULL) {
Edouard@315	532	result = PEP_OUT_OF_MEMORY;
Edouard@315	533	goto free_signedmem;
Edouard@315	534	}
Edouard@315	535	for (_keylist = keylist; _keylist != NULL; _keylist = _keylist->next) {
Edouard@315	536	assert(_keylist->value);
Edouard@315	537	const pgp_key_t *key;
Edouard@315	538	uint8_t keyid[PGP_KEY_ID_SIZE];
Edouard@315	539	unsigned from = 0;
Edouard@315	540
Edouard@315	541	if(!str_to_id(keyid, _keylist->value))
Edouard@315	542	{
Edouard@315	543	result = PEP_ILLEGAL_VALUE;
Edouard@315	544	goto free_rcpts;
Edouard@315	545	}
Edouard@315	546
Edouard@315	547	key = pgp_getkeybyid(netpgp.io, netpgp.pubring,
Edouard@315	548	keyid, &from, NULL, NULL,
Edouard@315	549	1, 0); /* reject revoked, accept expired */
Edouard@315	550	if(key == NULL){
Edouard@315	551	result = PEP_KEY_NOT_FOUND;
Edouard@315	552	goto free_rcpts;
Edouard@315	553	}
Edouard@315	554
Edouard@315	555	/* Signer is the first key in the list */
Edouard@315	556	if(signer == NULL){
Edouard@315	557	from = 0;
Edouard@315	558	signer = pgp_getkeybyid(netpgp.io, netpgp.secring,
Edouard@315	559	keyid, &from, NULL, NULL,
Edouard@315	560	0, 0); /* accept any */
Edouard@315	561	if(signer == NULL){
Edouard@315	562	result = PEP_KEY_NOT_FOUND;
Edouard@315	563	goto free_rcpts;
Edouard@315	564	}
Edouard@315	565	}
Edouard@315	566
Edouard@315	567	printf("ZZ %s\n", _keylist->value);
Edouard@315	568	// add key to recipients/signers
Edouard@315	569	pgp_keyring_add(rcpts, key);
Edouard@315	570	if(rcpts->keys == NULL){
Edouard@315	571	result = PEP_OUT_OF_MEMORY;
Edouard@315	572	goto free_signedmem;
Edouard@315	573	}
Edouard@315	574	printf("ZZ %s\n", _keylist->value);
Edouard@207	575	}
Edouard@209	576
Edouard@315	577	/* Empty keylist ?*/
Edouard@315	578	if(rcpts->keyc == 0){
Edouard@315	579	result = PEP_ILLEGAL_VALUE;
Edouard@315	580	goto free_signedmem;
Edouard@315	581	}
Edouard@315	582
Edouard@315	583	seckey = pgp_key_get_certkey(signer);
Edouard@315	584
Edouard@315	585	/* No signig key. Revoked ? */
Edouard@315	586	if(seckey == NULL){
Edouard@315	587	result = PEP_GET_KEY_FAILED;
Edouard@315	588	goto free_signedmem;
Edouard@315	589	}
Edouard@286	590
Edouard@252	591	hashalg = netpgp_getvar(&netpgp, "hash");
Edouard@207	592
Edouard@207	593	// Sign data
Edouard@252	594	signedmem = pgp_sign_buf(netpgp.io, ptext, psize, seckey,
Edouard@209	595	time(NULL), /* birthtime */
Edouard@209	596	0 /* duration */,
Edouard@209	597	hashalg,
Edouard@207	598	0 /* armored */,
Edouard@207	599	0 /* cleartext */);
Edouard@207	600
Edouard@207	601	if (!signedmem) {
Edouard@252	602	result = PEP_UNENCRYPTED;
Edouard@252	603	goto unlock_netpgp;
Edouard@207	604	}
Edouard@207	605
Edouard@207	606	// Encrypt signed data
Edouard@174	607
Edouard@252	608	cmem = pgp_encrypt_buf(netpgp.io, pgp_mem_data(signedmem),
Edouard@209	609	pgp_mem_len(signedmem), rcpts, 1 /* armored */,
Edouard@252	610	netpgp_getvar(&netpgp, "cipher"),
Edouard@209	611	1 /* takes raw OpenPGP message */);
Edouard@209	612
Edouard@209	613	if (cmem == NULL) {
Edouard@209	614	result = PEP_OUT_OF_MEMORY;
Edouard@209	615	goto free_signedmem;
Edouard@209	616	}else{
Edouard@209	617
Edouard@209	618	char *_buffer = NULL;
Edouard@209	619	size_t length = pgp_mem_len(cmem);
Edouard@174	620
Edouard@209	621	// Allocate transferable buffer
Edouard@209	622	_buffer = malloc(length + 1);
Edouard@209	623	assert(_buffer);
Edouard@209	624	if (_buffer == NULL) {
Edouard@209	625	result = PEP_OUT_OF_MEMORY;
Edouard@209	626	goto free_cmem;
Edouard@209	627	}
Edouard@209	628
Edouard@209	629	memcpy(_buffer, pgp_mem_data(cmem), length);
Edouard@209	630
Edouard@209	631	*ctext = _buffer;
Edouard@209	632	*csize = length;
Edouard@209	633	(ctext)[csize] = 0; // safeguard for naive users
Edouard@209	634	result = PEP_STATUS_OK;
Edouard@174	635	}
Edouard@174	636
Edouard@209	637	free_cmem :
Edouard@209	638	pgp_memory_free(cmem);
Edouard@315	639	free_signedmem :
Edouard@315	640	pgp_memory_free(signedmem);
Edouard@209	641	free_rcpts :
Edouard@209	642	pgp_keyring_free(rcpts);
Edouard@252	643	unlock_netpgp:
Edouard@252	644	pthread_mutex_unlock(&netpgp_mutex);
Edouard@175	645
Edouard@174	646	return result;
Edouard@174	647	}
Edouard@174	648
Edouard@227	649	/* return the hexdump as a string */
Edouard@227	650	static unsigned
Edouard@227	651	fpr_to_str (char *str, const uint8_t fpr, size_t length)
Edouard@227	652	{
Edouard@228	653	unsigned i;
Edouard@228	654	int n;
Edouard@227	655
Edouard@227	656	/* 5 char per byte (hexes + space) tuple -1 space at the end + null */
Edouard@227	657	str = malloc((length / 2) 5 - 1 + 1);
Edouard@227	658
Edouard@227	659	if(*str == NULL)
Edouard@227	660	return 0;
Edouard@227	661
Edouard@243	662	for (n = 0, i = 0 ; i < length - 2; i += 2) {
Edouard@243	663	n += snprintf(&((*str)[n]), 6, "%02x%02x ", fpr[i], fpr[i+1]);
Edouard@228	664	}
Edouard@243	665	snprintf(&((*str)[n]), 5, "%02x%02x", fpr[i], fpr[i+1]);
Edouard@227	666
Edouard@228	667	return 1;
Edouard@227	668	}
Edouard@227	669
Edouard@227	670	static unsigned
Edouard@227	671	str_to_fpr (const char str, uint8_t fpr, size_t *length)
Edouard@227	672	{
Edouard@227	673	unsigned i,j;
Edouard@227	674
Edouard@227	675	*length = 0;
Edouard@227	676
Edouard@227	677	while(str && length < PGP_FINGERPRINT_SIZE){
Edouard@227	678	while (*str == ' ') str++;
Edouard@227	679	for (j = 0; j < 2; j++) {
Edouard@227	680	uint8_t byte = &fpr[length];
Edouard@243	681	*byte = 0;
Edouard@227	682	for (i = 0; i < 2; i++) {
Edouard@227	683	if (i > 0)
Edouard@243	684	byte = byte << 4;
Edouard@227	685	if (str >= 'a' && str <= 'f')
Edouard@227	686	byte += 10 + str - 'a';
Edouard@227	687	else if (str >= 'A' && str <= 'F')
Edouard@227	688	byte += 10 + str - 'A';
Edouard@227	689	else if (str >= '0' && str <= '9')
Edouard@227	690	byte += str - '0';
Edouard@227	691	else
Edouard@227	692	return 0;
Edouard@227	693	str++;
Edouard@227	694	}
Edouard@243	695	(*length)++;
Edouard@227	696	}
Edouard@227	697	}
Edouard@227	698	return 1;
Edouard@227	699	}
Edouard@227	700
Edouard@174	701	PEP_STATUS pgp_generate_keypair(
Edouard@174	702	PEP_SESSION session, pEp_identity *identity
Edouard@174	703	)
Edouard@174	704	{
Edouard@313	705	pgp_key_t newseckey;
Edouard@313	706	pgp_key_t newpubkey;
Edouard@225	707
Edouard@225	708	PEP_STATUS result;
Edouard@228	709	char newid[1024];
Edouard@225	710	const char *hashalg;
Edouard@225	711	const char *cipher;
Edouard@313	712	char *fprstr = NULL;
Edouard@174	713
Edouard@174	714	assert(session);
Edouard@174	715	assert(identity);
Edouard@174	716	assert(identity->address);
Edouard@174	717	assert(identity->fpr == NULL);
Edouard@174	718	assert(identity->username);
Edouard@174	719
Edouard@225	720	if(!session \|\| !identity \|\|
Edouard@225	721	!identity->address \|\| identity->fpr \|\| !identity->username)
Edouard@225	722	return PEP_UNKNOWN_ERROR;
Edouard@174	723
Edouard@263	724	if(pthread_mutex_lock(&netpgp_mutex)){
Edouard@252	725	return PEP_UNKNOWN_ERROR;
Edouard@252	726	}
Edouard@225	727
Edouard@225	728	if(snprintf(newid, sizeof(newid),
Edouard@225	729	"%s <%s>", identity->username, identity->address) >= sizeof(newid)){
Edouard@252	730	result = PEP_BUFFER_TOO_SMALL;
Edouard@252	731	goto unlock_netpgp;
Edouard@174	732	}
Edouard@225	733
Edouard@252	734	hashalg = netpgp_getvar(&netpgp, "hash");
Edouard@252	735	cipher = netpgp_getvar(&netpgp, "cipher");
Edouard@174	736
Edouard@313	737	bzero(&newseckey, sizeof(newseckey));
Edouard@313	738	bzero(&newpubkey, sizeof(newpubkey));
Edouard@225	739
Edouard@225	740	// TODO "Expire-Date: 1y\n";
Edouard@313	741	// Generate the key
Edouard@313	742	if (!pgp_rsa_generate_keypair(&newseckey, 4096, 65537UL, hashalg, cipher,
Edouard@313	743	(const uint8_t *) "", (const size_t) 0) \|\|
Edouard@313	744	!pgp_add_selfsigned_userid(&newseckey, (uint8_t *)newid)) {
Edouard@313	745	result = PEP_CANNOT_CREATE_KEY;
Edouard@313	746	goto free_seckey;
Edouard@225	747	}
Edouard@174	748
Edouard@313	749	/* duplicate public part of generated secret key */
Edouard@313	750	newpubkey.type = PGP_PTAG_CT_PUBLIC_KEY;
Edouard@313	751	pgp_pubkey_dup(&newpubkey.key.pubkey, &newseckey.key.seckey.pubkey);
Edouard@313	752	pgp_update_userid(&newpubkey,
Edouard@313	753	newseckey.uids[0],
Edouard@313	754	&newseckey.uidsigs[0].packet,
Edouard@313	755	&newseckey.uidsigs[0].siginfo);
Edouard@313	756
Edouard@313	757	fpr_to_str(&fprstr,
Edouard@313	758	newseckey.pubkeyfpr.fingerprint,
Edouard@313	759	newseckey.pubkeyfpr.length);
Edouard@313	760
Edouard@313	761	if (fprstr == NULL) {
Edouard@313	762	result = PEP_OUT_OF_MEMORY;
Edouard@313	763	goto free_pubkey;
Edouard@313	764	}
Edouard@313	765
Edouard@313	766	// Append key to netpgp's rings (key ownership transfered)
Edouard@313	767	if (!pgp_keyring_add(netpgp.secring, &newseckey)){
Edouard@313	768	result = PEP_OUT_OF_MEMORY;
Edouard@313	769	goto free_pubkey;
Edouard@313	770	} else if (!pgp_keyring_add(netpgp.pubring, &newpubkey)){
Edouard@313	771	result = PEP_OUT_OF_MEMORY;
Edouard@313	772	goto pop_secring;
Edouard@313	773	}
Edouard@313	774
Edouard@313	775	// save rings
Edouard@313	776	if (netpgp_save_pubring(&netpgp) && netpgp_save_secring(&netpgp))
Edouard@313	777	{
Edouard@313	778	/* keys saved, now send ID back to */
Edouard@313	779	identity->fpr = fprstr;
Edouard@313	780	result = PEP_STATUS_OK;
Edouard@313	781	/* free nothing, everything transfered */
Edouard@313	782	goto unlock_netpgp;
Edouard@313	783	} else {
Edouard@313	784	/* XXX in case only pubring save succeed
Edouard@313	785	* pubring file is left as-is, but backup restore
Edouard@313	786	* could be attempted if such corner case matters */
Edouard@313	787	result = PEP_UNKNOWN_ERROR;
Edouard@313	788	}
Edouard@313	789
Edouard@313	790	pop_pubring:
Edouard@313	791	((pgp_keyring_t *)netpgp.pubring)->keyc--;
Edouard@313	792	pop_secring:
Edouard@313	793	((pgp_keyring_t *)netpgp.secring)->keyc--;
Edouard@313	794	free_fpr:
Edouard@313	795	free(fprstr);
Edouard@313	796	free_pubkey:
Edouard@313	797	pgp_key_free(&newpubkey);
Edouard@313	798	free_seckey:
Edouard@313	799	pgp_key_free(&newseckey);
Edouard@252	800	unlock_netpgp:
Edouard@252	801	pthread_mutex_unlock(&netpgp_mutex);
Edouard@228	802
Edouard@225	803	return result;
Edouard@174	804	}
Edouard@174	805
Edouard@227	806	PEP_STATUS pgp_delete_keypair(PEP_SESSION session, const char *fprstr)
Edouard@174	807	{
Edouard@227	808	uint8_t fpr[PGP_FINGERPRINT_SIZE];
Edouard@227	809	size_t length;
Edouard@227	810
Edouard@227	811	PEP_STATUS result;
Edouard@227	812
Edouard@174	813	assert(session);
Edouard@174	814	assert(fpr);
Edouard@174	815
Edouard@227	816	if (!session \|\| !fpr)
Edouard@174	817	return PEP_UNKNOWN_ERROR;
Edouard@174	818
Edouard@263	819	if(pthread_mutex_lock(&netpgp_mutex)){
Edouard@252	820	return PEP_UNKNOWN_ERROR;
Edouard@252	821	}
Edouard@227	822
Edouard@227	823	if (str_to_fpr(fprstr, fpr, &length)) {
Edouard@252	824	unsigned insec = pgp_deletekeybyfpr(netpgp.io,
Edouard@252	825	(pgp_keyring_t *)netpgp.secring,
Edouard@244	826	(const uint8_t *)fpr, length);
Edouard@252	827	unsigned inpub = pgp_deletekeybyfpr(netpgp.io,
Edouard@252	828	(pgp_keyring_t *)netpgp.pubring,
Edouard@244	829	(const uint8_t *)fpr, length);
Edouard@244	830	if(!insec && !inpub){
Edouard@244	831	result = PEP_KEY_NOT_FOUND;
Edouard@252	832	goto unlock_netpgp;
Edouard@244	833	} else {
Edouard@244	834	result = PEP_STATUS_OK;
Edouard@227	835	}
Edouard@227	836	}else{
Edouard@252	837	result = PEP_OUT_OF_MEMORY;
Edouard@252	838	goto unlock_netpgp;
Edouard@227	839	}
Edouard@174	840
Edouard@227	841	// save rings (key ownership transfered)
Edouard@252	842	if (netpgp_save_pubring(&netpgp) &&
Edouard@252	843	netpgp_save_secring(&netpgp))
Edouard@227	844	{
Edouard@227	845	result = PEP_STATUS_OK;
Edouard@227	846	}else{
Edouard@227	847	result = PEP_UNKNOWN_ERROR;
Edouard@227	848	}
Edouard@227	849
Edouard@252	850	unlock_netpgp:
Edouard@252	851	pthread_mutex_unlock(&netpgp_mutex);
Edouard@252	852
Edouard@227	853	return result;
Edouard@174	854	}
Edouard@174	855
Edouard@228	856	#define ARMOR_KEY_HEAD "^-----BEGIN PGP (PUBLIC\|PRIVATE) KEY BLOCK-----\\s*$"
Edouard@279	857	PEP_STATUS pgp_import_keydata(
Edouard@279	858	PEP_SESSION session,
Edouard@279	859	const char *key_data,
Edouard@279	860	size_t size
Edouard@279	861	)
Edouard@174	862	{
Edouard@228	863	pgp_memory_t *mem;
Edouard@271	864	unsigned i = 0;
Edouard@228	865
Edouard@271	866	PEP_STATUS result = PEP_STATUS_OK;
Edouard@228	867
Edouard@174	868	assert(session);
Edouard@174	869	assert(key_data);
Edouard@174	870
Edouard@228	871	if(!session \|\| !key_data)
Edouard@174	872	return PEP_UNKNOWN_ERROR;
Edouard@228	873
Edouard@263	874	if(pthread_mutex_lock(&netpgp_mutex)){
Edouard@252	875	return PEP_UNKNOWN_ERROR;
Edouard@252	876	}
Edouard@228	877
Edouard@228	878	mem = pgp_memory_new();
Edouard@228	879	if (mem == NULL) {
Edouard@252	880	result = PEP_OUT_OF_MEMORY;
Edouard@252	881	goto unlock_netpgp;
Edouard@228	882	}
Edouard@228	883	pgp_memory_add(mem, (const uint8_t*)key_data, size);
Edouard@228	884
Edouard@313	885	if (pgp_keyring_read_from_mem(netpgp.io, netpgp.pubring, netpgp.secring,
Edouard@228	886	_armoured(key_data, size, ARMOR_KEY_HEAD),
Edouard@228	887	mem) == 0){
Edouard@228	888	result = PEP_ILLEGAL_VALUE;
Edouard@313	889	}
Edouard@313	890
Edouard@228	891	pgp_memory_free(mem);
Edouard@228	892
Edouard@252	893	unlock_netpgp:
Edouard@252	894	pthread_mutex_unlock(&netpgp_mutex);
Edouard@252	895
Edouard@228	896	return result;
Edouard@174	897	}
Edouard@174	898
Edouard@179	899	PEP_STATUS pgp_export_keydata(
Edouard@228	900	PEP_SESSION session, const char fprstr, char key_data, size_t size
Edouard@174	901	)
Edouard@174	902	{
Edouard@228	903	pgp_key_t *key;
Edouard@228	904	pgp_output_t *output;
Edouard@228	905	pgp_memory_t *mem;
Edouard@228	906	uint8_t fpr[PGP_FINGERPRINT_SIZE];
Edouard@228	907	size_t fprlen;
Edouard@228	908
Edouard@228	909	PEP_STATUS result;
Edouard@174	910	char *buffer;
Edouard@228	911	size_t buflen;
Edouard@174	912
Edouard@174	913	assert(session);
Edouard@243	914	assert(fprstr);
Edouard@174	915	assert(key_data);
Edouard@174	916	assert(size);
Edouard@174	917
Edouard@243	918	if (!session \|\| !fprstr \|\| !key_data \|\| !size)
Edouard@174	919	return PEP_UNKNOWN_ERROR;
Edouard@174	920
Edouard@263	921	if(pthread_mutex_lock(&netpgp_mutex)){
Edouard@252	922	return PEP_UNKNOWN_ERROR;
Edouard@252	923	}
Edouard@252	924
Edouard@228	925	if (str_to_fpr(fprstr, fpr, &fprlen)) {
Edouard@252	926	if ((key = (pgp_key_t *)pgp_getkeybyfpr(netpgp.io, netpgp.pubring,
Edouard@228	927	fpr, fprlen,
Edouard@254	928	NULL)) == NULL) {
Edouard@252	929	result = PEP_KEY_NOT_FOUND;
Edouard@252	930	goto unlock_netpgp;
Edouard@228	931	}
Edouard@228	932	}else{
Edouard@252	933	result = PEP_OUT_OF_MEMORY;
Edouard@252	934	goto unlock_netpgp;
Edouard@228	935	}
Edouard@228	936
Edouard@228	937	pgp_setup_memory_write(&output, &mem, 128);
Edouard@174	938
Edouard@228	939	if (mem == NULL \|\| output == NULL) {
Edouard@252	940	result = PEP_OUT_OF_MEMORY;
Edouard@252	941	goto unlock_netpgp;
Edouard@174	942	}
Edouard@174	943
Edouard@313	944	if (!pgp_write_xfer_key(output, key, 1)) {
Edouard@228	945	result = PEP_UNKNOWN_ERROR;
Edouard@228	946	goto free_mem;
Edouard@228	947	}
Edouard@228	948
Edouard@228	949	buffer = NULL;
Edouard@228	950	buflen = pgp_mem_len(mem);
Edouard@228	951
Edouard@228	952	// Allocate transferable buffer
Edouard@228	953	buffer = malloc(buflen + 1);
Edouard@228	954	assert(buffer);
Edouard@228	955	if (buffer == NULL) {
Edouard@228	956	result = PEP_OUT_OF_MEMORY;
Edouard@228	957	goto free_mem;
Edouard@228	958	}
Edouard@228	959
Edouard@228	960	memcpy(buffer, pgp_mem_data(mem), buflen);
Edouard@174	961
Edouard@174	962	*key_data = buffer;
Edouard@228	963	*size = buflen;
Edouard@228	964	(key_data)[size] = 0; // safeguard for naive users
Edouard@228	965	result = PEP_STATUS_OK;
Edouard@174	966
Edouard@228	967	free_mem :
Edouard@228	968	pgp_teardown_memory_write(output, mem);
Edouard@252	969	unlock_netpgp:
Edouard@252	970	pthread_mutex_unlock(&netpgp_mutex);
Edouard@228	971
Edouard@228	972	return result;
Edouard@174	973	}
Edouard@174	974
Edouard@271	975	struct HKP_answer {
Edouard@271	976	char *memory;
Edouard@271	977	size_t size;
Edouard@271	978	};
Edouard@271	979
Edouard@271	980	static size_t
Edouard@271	981	HKPAnswerWriter(void contents, size_t size, size_t nmemb, void userp)
Edouard@271	982	{
Edouard@271	983	size_t realsize = size * nmemb;
Edouard@271	984	struct HKP_answer mem = (struct HKP_answer )userp;
Edouard@271	985
Edouard@271	986	mem->memory = realloc(mem->memory, mem->size + realsize + 1);
Edouard@271	987	if(mem->memory == NULL) {
Edouard@271	988	mem->size = 0;
Edouard@271	989	return 0;
Edouard@271	990	}
Edouard@271	991
Edouard@271	992	memcpy(&(mem->memory[mem->size]), contents, realsize);
Edouard@271	993	mem->size += realsize;
Edouard@271	994	mem->memory[mem->size] = 0;
Edouard@271	995
Edouard@271	996	return realsize;
Edouard@271	997	}
Edouard@271	998
Edouard@174	999	PEP_STATUS pgp_recv_key(PEP_SESSION session, const char *pattern)
Edouard@174	1000	{
Edouard@271	1001	static const char *ks_cmd = "http://keys.gnupg.net:11371/pks/lookup?"
Edouard@271	1002	"op=get&options=mr&exact=on&"
Edouard@271	1003	"search=";
Edouard@271	1004	char *encoded_pattern;
Edouard@271	1005	char *request = NULL;
Edouard@271	1006	struct HKP_answer answer;
Edouard@271	1007	CURLcode curlres;
Edouard@271	1008
Edouard@271	1009	PEP_STATUS result;
Edouard@271	1010
Edouard@271	1011	CURL *curl;
Edouard@271	1012
Edouard@174	1013	assert(session);
Edouard@174	1014	assert(pattern);
Edouard@174	1015
Edouard@271	1016	if (!session \|\| !pattern )
Edouard@271	1017	return PEP_UNKNOWN_ERROR;
Edouard@271	1018
Edouard@271	1019	if(pthread_mutex_lock(&session->ctx.curl_mutex)){
Edouard@271	1020	return PEP_UNKNOWN_ERROR;
Edouard@271	1021	}
Edouard@271	1022
Edouard@252	1023	curl = session->ctx.curl;
Edouard@252	1024
Edouard@271	1025	encoded_pattern = curl_easy_escape(curl, (char*)pattern, 0);
Edouard@271	1026	if(!encoded_pattern){
Edouard@271	1027	result = PEP_OUT_OF_MEMORY;
Edouard@271	1028	goto unlock_curl;
Edouard@271	1029	}
Edouard@271	1030
Edouard@271	1031	if((request = malloc(strlen(ks_cmd) + strlen(encoded_pattern) + 1))==NULL){
Edouard@271	1032	result = PEP_OUT_OF_MEMORY;
Edouard@271	1033	goto free_encoded_pattern;
Edouard@271	1034	}
Edouard@174	1035
Edouard@271	1036	//(*stpcpy(stpcpy(request, ks_cmd), encoded_pattern)) = '\0';
Edouard@271	1037	stpcpy(stpcpy(request, ks_cmd), encoded_pattern);
Edouard@271	1038
Edouard@271	1039	curl_easy_setopt(curl, CURLOPT_URL,request);
Edouard@271	1040
Edouard@271	1041	curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, HKPAnswerWriter);
Edouard@271	1042
Edouard@271	1043	answer.memory = NULL;
Edouard@271	1044	answer.size = 0;
Edouard@271	1045	curl_easy_setopt(curl, CURLOPT_WRITEDATA, (void *)&answer);
Edouard@174	1046
Edouard@271	1047	curlres = curl_easy_perform(curl);
Edouard@271	1048	if(curlres != CURLE_OK) {
Edouard@271	1049	result = PEP_GET_KEY_FAILED;
Edouard@271	1050	goto free_request;
Edouard@271	1051	}
Edouard@271	1052
Edouard@271	1053	if(!answer.memory \|\| !answer.size) {
Edouard@271	1054	result = PEP_OUT_OF_MEMORY;
Edouard@271	1055	goto free_request;
Edouard@271	1056	}
Edouard@174	1057
Edouard@271	1058	result = pgp_import_keydata(session,
Edouard@271	1059	answer.memory,
Edouard@271	1060	answer.size);
Edouard@271	1061
Edouard@271	1062	free_answer:
Edouard@271	1063	free(answer.memory);
Edouard@271	1064	free_request:
Edouard@271	1065	free(request);
Edouard@271	1066	free_encoded_pattern:
Edouard@271	1067	curl_free(encoded_pattern);
Edouard@271	1068	unlock_curl:
Edouard@271	1069	pthread_mutex_unlock(&session->ctx.curl_mutex);
Edouard@271	1070
Edouard@271	1071	return result;
Edouard@174	1072	}
Edouard@174	1073
Edouard@277	1074	typedef PEP_STATUS (find_key_cb_t)(void, pgp_key_t *);
Edouard@277	1075
Edouard@277	1076	static PEP_STATUS find_keys_do(
Edouard@277	1077	const char pattern, find_key_cb_t cb, void cb_arg)
Edouard@254	1078	{
Edouard@277	1079	uint8_t fpr[PGP_FINGERPRINT_SIZE];
Edouard@277	1080	size_t length;
Edouard@277	1081	pgp_key_t *key;
Edouard@277	1082
Edouard@277	1083	PEP_STATUS result;
Edouard@277	1084
Edouard@277	1085	// Try find a fingerprint in pattern
Edouard@277	1086	if (str_to_fpr(pattern, fpr, &length)) {
Edouard@277	1087
Edouard@277	1088	// Only one fingerprint can match
Edouard@277	1089	if ((key = (pgp_key_t *)pgp_getkeybyfpr(
Edouard@277	1090	netpgp.io,
Edouard@277	1091	(pgp_keyring_t *)netpgp.pubring,
Edouard@277	1092	(const uint8_t *)fpr, length,
Edouard@277	1093	NULL)) == NULL) {
Edouard@277	1094
Edouard@277	1095	return PEP_KEY_NOT_FOUND;
Edouard@277	1096	}
Edouard@277	1097
Edouard@277	1098	result = cb(cb_arg, key);
Edouard@277	1099
Edouard@277	1100	} else {
Edouard@277	1101	// Search by name for pattern. Can match many.
Edouard@277	1102	unsigned from = 0;
Edouard@277	1103	result = PEP_KEY_NOT_FOUND;
Edouard@277	1104	while((key = (pgp_key_t *)pgp_getnextkeybyname(
Edouard@277	1105	netpgp.io,
Edouard@277	1106	(pgp_keyring_t *)netpgp.pubring,
Edouard@277	1107	(const char *)pattern,
Edouard@277	1108	&from)) != NULL) {
Edouard@277	1109
Edouard@277	1110	result = cb(cb_arg, key);
Edouard@277	1111	if (result != PEP_STATUS_OK)
Edouard@277	1112	break;
Edouard@277	1113
Edouard@277	1114	from++;
Edouard@277	1115	}
Edouard@277	1116	}
Edouard@277	1117
Edouard@277	1118	return result;
Edouard@277	1119	}
Edouard@277	1120
Edouard@277	1121	static PEP_STATUS add_key_fpr_to_stringlist(void arg, pgp_key_t key)
Edouard@277	1122	{
Edouard@277	1123	stringlist_t **keylist = arg;
Edouard@254	1124	char *newfprstr = NULL;
Edouard@254	1125
Edouard@254	1126	fpr_to_str(&newfprstr,
Edouard@313	1127	key->pubkeyfpr.fingerprint,
Edouard@313	1128	key->pubkeyfpr.length);
Edouard@254	1129
Edouard@254	1130	if (newfprstr == NULL) {
Edouard@254	1131	return PEP_OUT_OF_MEMORY;
Edouard@254	1132	} else {
Edouard@254	1133
Edouard@254	1134	keylist = stringlist_add(keylist, newfprstr);
Edouard@254	1135	if (*keylist == NULL) {
Edouard@254	1136	free(newfprstr);
Edouard@254	1137	return PEP_OUT_OF_MEMORY;
Edouard@254	1138	}
Edouard@254	1139	}
Edouard@254	1140	return PEP_STATUS_OK;
Edouard@254	1141	}
Edouard@254	1142
Edouard@174	1143	PEP_STATUS pgp_find_keys(
Edouard@174	1144	PEP_SESSION session, const char pattern, stringlist_t *keylist
Edouard@174	1145	)
Edouard@174	1146	{
Edouard@254	1147	stringlist_t _keylist, _k;
Edouard@254	1148
Edouard@254	1149	PEP_STATUS result;
Edouard@174	1150
Edouard@174	1151	assert(session);
Edouard@174	1152	assert(pattern);
Edouard@174	1153	assert(keylist);
Edouard@174	1154
Edouard@254	1155	if (!session \|\| !pattern \|\| !keylist )
Edouard@254	1156	return PEP_UNKNOWN_ERROR;
Edouard@174	1157
Edouard@263	1158	if(pthread_mutex_lock(&netpgp_mutex)){
Edouard@174	1159	return PEP_UNKNOWN_ERROR;
Edouard@254	1160	}
Edouard@254	1161
Edouard@254	1162	*keylist = NULL;
Edouard@254	1163	_keylist = new_stringlist(NULL);
Edouard@254	1164	if (_k == NULL) {
Edouard@254	1165	result = PEP_OUT_OF_MEMORY;
Edouard@254	1166	goto unlock_netpgp;
Edouard@254	1167	}
Edouard@254	1168	_k = _keylist;
Edouard@254	1169
Edouard@277	1170	result = find_keys_do(pattern, &add_key_fpr_to_stringlist, &_k);
Edouard@254	1171
Edouard@254	1172	if (result == PEP_STATUS_OK) {
Edouard@254	1173	*keylist = _keylist;
Edouard@254	1174	// Transfer ownership, no free
Edouard@254	1175	goto unlock_netpgp;
Edouard@254	1176	}
Edouard@254	1177
Edouard@254	1178	free_keylist:
Edouard@254	1179	free_stringlist(_keylist);
Edouard@254	1180
Edouard@254	1181	unlock_netpgp:
Edouard@254	1182	pthread_mutex_unlock(&netpgp_mutex);
Edouard@254	1183
Edouard@254	1184	return result;
Edouard@174	1185	}
Edouard@174	1186
Edouard@277	1187	static PEP_STATUS send_key_cb(void arg, pgp_key_t key)
Edouard@277	1188	{
Edouard@277	1189	char *newfprstr = NULL;
Edouard@277	1190
Edouard@277	1191	fpr_to_str(&newfprstr,
Edouard@313	1192	key->pubkeyfpr.fingerprint,
Edouard@313	1193	key->pubkeyfpr.length);
Edouard@277	1194
Edouard@277	1195	if (newfprstr == NULL) {
Edouard@277	1196	return PEP_OUT_OF_MEMORY;
Edouard@277	1197	} else {
Edouard@277	1198
Edouard@277	1199	printf("would send:\n%s\n", newfprstr);
Edouard@277	1200	pgp_print_keydata(netpgp.io, netpgp.pubring, key, "to send", &key->key.pubkey, 0);
Edouard@277	1201	free(newfprstr);
Edouard@277	1202	}
Edouard@277	1203	return PEP_STATUS_OK;
Edouard@277	1204	}
Edouard@277	1205
Edouard@174	1206	PEP_STATUS pgp_send_key(PEP_SESSION session, const char *pattern)
Edouard@174	1207	{
Edouard@277	1208
Edouard@277	1209	PEP_STATUS result;
Edouard@277	1210
Edouard@174	1211	assert(session);
Edouard@174	1212	assert(pattern);
Edouard@174	1213
Edouard@277	1214	if (!session \|\| !pattern )
Edouard@277	1215	return PEP_UNKNOWN_ERROR;
Edouard@277	1216
Edouard@277	1217	if(pthread_mutex_lock(&netpgp_mutex)){
Edouard@277	1218	return PEP_UNKNOWN_ERROR;
Edouard@277	1219	}
Edouard@174	1220
Edouard@277	1221	result = find_keys_do(pattern, &send_key_cb, NULL);
Edouard@277	1222
Edouard@277	1223	result = PEP_CANNOT_SEND_KEY;
Edouard@277	1224	unlock_netpgp:
Edouard@277	1225	pthread_mutex_unlock(&netpgp_mutex);
Edouard@277	1226
Edouard@277	1227	return result;
Edouard@174	1228	}
Edouard@174	1229
Edouard@174	1230
Edouard@174	1231	PEP_STATUS pgp_get_key_rating(
Edouard@174	1232	PEP_SESSION session,
Edouard@174	1233	const char *fpr,
Edouard@174	1234	PEP_comm_type *comm_type
Edouard@174	1235	)
Edouard@174	1236	{
Edouard@174	1237	PEP_STATUS status = PEP_STATUS_OK;
Edouard@174	1238
Edouard@174	1239	assert(session);
Edouard@174	1240	assert(fpr);
Edouard@174	1241	assert(comm_type);
Edouard@174	1242
Edouard@174	1243	*comm_type = PEP_ct_unknown;
Edouard@174	1244
Edouard@174	1245	/* TODO get key from fpr */
Edouard@174	1246	return PEP_UNKNOWN_ERROR;
Edouard@174	1247	return PEP_GET_KEY_FAILED;
Edouard@174	1248
Edouard@174	1249	switch (/TODO key->protocol/ 4) {
Edouard@174	1250	case /* TODO OpenPGP */0:
Edouard@174	1251	case /* TODO DEFAULT */1:
Edouard@174	1252	*comm_type = PEP_ct_OpenPGP_unconfirmed;
Edouard@174	1253	break;
Edouard@174	1254	case /* TODO CMS */2:
Edouard@174	1255	*comm_type = PEP_ct_CMS_unconfirmed;
Edouard@174	1256	break;
Edouard@174	1257	default:
Edouard@174	1258	*comm_type = PEP_ct_unknown;
Edouard@174	1259	return PEP_STATUS_OK;
Edouard@174	1260	}
Edouard@174	1261
Edouard@174	1262	for (; 1 == 0; /* Each subkeys */ ) {
Edouard@174	1263	if (/* TODO length */0 < 1024)
Edouard@174	1264	*comm_type = PEP_ct_key_too_short;
Edouard@174	1265	else if (
Edouard@174	1266	(
Edouard@174	1267	( /* TODO pubkey_algo == RSA */ 0)
Edouard@174	1268	\|\| (/* TODO pubkey_algo == RSA_E*/ 0)
Edouard@174	1269	\|\| (/* TODO pubkey_algo == RSA_S*/ 0)
Edouard@174	1270	)
Edouard@174	1271	&& /* sk->length */0 == 1024
Edouard@174	1272	)
Edouard@174	1273	*comm_type = PEP_ct_OpenPGP_weak_unconfirmed;
Edouard@174	1274
Edouard@174	1275	if (/* TODO invalid */ 1) {
Edouard@174	1276	*comm_type = PEP_ct_key_b0rken;
Edouard@174	1277	break;
Edouard@174	1278	}
Edouard@174	1279	if (/* TODO expired */ 1) {
Edouard@174	1280	*comm_type = PEP_ct_key_expired;
Edouard@174	1281	break;
Edouard@174	1282	}
Edouard@175	1283	if (/* TODO revoked*/ 1) {
Edouard@174	1284	*comm_type = PEP_ct_key_revoked;
Edouard@174	1285	break;
Edouard@174	1286	}
Edouard@174	1287	}
Edouard@174	1288	*comm_type = PEP_ct_unknown;
Edouard@174	1289	return PEP_OUT_OF_MEMORY;
Edouard@174	1290	return PEP_UNKNOWN_ERROR;
Edouard@174	1291
Edouard@174	1292
Edouard@174	1293	return status;
Edouard@174	1294	}
Edouard@210	1295
Edouard@210	1296	PEP_STATUS pgp_renew_key(
Edouard@210	1297	PEP_SESSION session,
Edouard@210	1298	const char *fpr,
Edouard@210	1299	const timestamp *ts
Edouard@210	1300	)
Edouard@210	1301	{
Edouard@210	1302	PEP_STATUS status = PEP_STATUS_OK;
Edouard@210	1303	char date_text[12];
Edouard@210	1304
Edouard@210	1305	assert(session);
Edouard@210	1306	assert(fpr);
Edouard@210	1307
Edouard@210	1308	snprintf(date_text, 12, "%.4d-%.2d-%.2d\n", ts->tm_year + 1900,
Edouard@210	1309	ts->tm_mon + 1, ts->tm_mday);
Edouard@210	1310
Edouard@210	1311
Edouard@210	1312	return PEP_UNKNOWN_ERROR;
Edouard@210	1313	return PEP_STATUS_OK;
Edouard@210	1314	}
Edouard@210	1315
Edouard@226	1316	PEP_STATUS pgp_revoke_key(
Edouard@226	1317	PEP_SESSION session,
Edouard@226	1318	const char *fpr,
Edouard@226	1319	const char *reason
Edouard@226	1320	)
Edouard@210	1321	{
Edouard@210	1322	PEP_STATUS status = PEP_STATUS_OK;
Edouard@210	1323
Edouard@210	1324	assert(session);
Edouard@210	1325	assert(fpr);
Edouard@210	1326
Edouard@210	1327	return PEP_UNKNOWN_ERROR;
Edouard@210	1328
Edouard@210	1329	return PEP_STATUS_OK;
Edouard@210	1330	}
Edouard@210	1331
Edouard@226	1332	PEP_STATUS pgp_key_expired(
Edouard@226	1333	PEP_SESSION session,
Edouard@226	1334	const char *fpr,
Edouard@226	1335	bool *expired
Edouard@226	1336	)
Edouard@226	1337	{
Edouard@226	1338	PEP_STATUS status = PEP_STATUS_OK;
Edouard@226	1339
Edouard@226	1340	assert(session);
Edouard@226	1341	assert(fpr);
Edouard@226	1342	assert(expired);
Edouard@226	1343
Edouard@226	1344	*expired = false;
Edouard@226	1345
Edouard@226	1346	if (status != PEP_STATUS_OK)
Edouard@226	1347	return status;
Edouard@226	1348
Edouard@226	1349	return PEP_STATUS_OK;
Edouard@226	1350	}
Edouard@226	1351

author	Edouard Tisserant
	Thu, 11 Jun 2015 00:51:49 +0200
changeset 315	fb80b70e844d
parent 313	b79ff01373d6
child 316	db2bad72a93b
permissions	-rw-r--r--