src/pgp_sequoia.c
author Krista 'DarthMama' Bennett <krista@pep.foundation>
Thu, 18 Jun 2020 19:46:26 +0200
branch2.0.5_p4a_log_test
changeset 4751 14886c314616
parent 4750 39b0b5829e14
permissions -rw-r--r--
Reverting something from ENGINE-583 - WAL checkpoint may be causing an issue, and it's not there for the right reasons anyway.
     1 // This file is under GNU General Public License 3.0
     2 // see LICENSE.txt
     3 
     4 #pragma clang diagnostic ignored "-Wgnu-zero-variadic-macro-arguments"
     5 
     6 #define _GNU_SOURCE 1
     7 
     8 #include "platform.h"
     9 #include "pEp_internal.h"
    10 #include "pgp_sequoia.h"
    11 
    12 #include <limits.h>
    13 #include <sys/stat.h>
    14 #include <sys/types.h>
    15 #include <stdlib.h>
    16 
    17 #include "wrappers.h"
    18 
    19 #define TRACING 0
    20 #ifndef TRACING
    21 #  ifndef NDEBUG
    22 #    define TRACING 0
    23 #  else
    24 #    define TRACING 1
    25 #  endif
    26 #endif
    27 
    28 // enable tracing if in debugging mode
    29 #if TRACING
    30 #include "status_to_string.h"
    31 
    32 #  ifdef ANDROID
    33 #    include <android/log.h>
    34 #    define _T(...) do {                                                \
    35         __android_log_print(ANDROID_LOG_DEBUG, "pEpEngine-sequoia",     \
    36                             ##__VA_ARGS__);                             \
    37     } while (0)
    38 #  elif _WIN32
    39 #    define _T(...) do {                        \
    40         char str[256];                          \
    41         snprintf(str, 256, ##__VA_ARGS__);      \
    42         OutputDebugStringA(str);                \
    43         fprintf(stderr, ##__VA_ARGS__);         \
    44     } while (0)
    45 
    46 #  else
    47 #    define _T(...) do {                        \
    48         fprintf(stderr, ##__VA_ARGS__);         \
    49     } while (0)
    50 #  endif
    51 #else
    52 #  define _T(...) do { } while (0)
    53 #endif
    54 
    55 // Show the start of a tracepoint (i.e., don't print a newline).
    56 #define TC(...) do {       \
    57     _T("%s: ", __func__);  \
    58     _T(__VA_ARGS__);       \
    59 } while (0)
    60 
    61 // Show a trace point.
    62 #  define T(...) do {  \
    63     TC(__VA_ARGS__); \
    64     _T("\n");          \
    65 } while(0)
    66 
    67 // Verbosely displays errors.
    68 #  define DUMP_STATUS(__de_sq_status, __de_pep_status, ...) do { \
    69     TC(__VA_ARGS__);                                            \
    70     _T(": ");                                                   \
    71     if (__de_sq_status) {                                       \
    72         _T("Sequoia: %s => ", pgp_status_to_string(__de_sq_status));   \
    73     }                                                           \
    74     _T("%s\n", pEp_status_to_string(__de_pep_status));          \
    75 } while(0)
    76 
    77 #  define DUMP_ERR(__de_err, __de_status, ...) do {             \
    78     TC(__VA_ARGS__);                                            \
    79     _T(": ");                                                   \
    80     if (__de_err) {                                             \
    81         _T("Sequoia: %s => ", pgp_error_to_string(__de_err));   \
    82         pgp_error_free(__de_err);                               \
    83     }                                                           \
    84     _T("%s\n", pEp_status_to_string(__de_status));              \
    85 } while(0)
    86 
    87 // If __ec_status is an error, then dump the error, set 'status' to
    88 // it, and jump to 'out'.
    89 #define ERROR_OUT(__e_err, __ec_status, ...) do {                   \
    90     PEP_STATUS ___ec_status = (__ec_status);                        \
    91     if ((___ec_status) != PEP_STATUS_OK) {                          \
    92         DUMP_ERR((__e_err), (___ec_status), ##__VA_ARGS__);         \
    93         status = (___ec_status);                                    \
    94         goto out;                                                   \
    95     }                                                               \
    96 } while(0)
    97 
    98 #ifdef _PEP_SQLITE_DEBUG
    99 int sq_sql_trace_callback (unsigned trace_constant,
   100                         void* context_ptr,
   101                         void* P,
   102                         void* X) {
   103     const char* TC_str = "";
   104     const char* info_str = "";
   105     const char* title = "SEQUOIA_SQL_DEBUG";
   106                                 
   107     switch (trace_constant) {
   108         case SQLITE_TRACE_STMT:
   109             TC_str = "STMT";
   110             info_str = (const char*) X;
   111             if (EMPTYSTR(info_str) || info_str[0] != '-' || info_str[1] != '-')
   112                 info_str = sqlite3_expanded_sql((sqlite3_stmt*)P);
   113             break;
   114         case SQLITE_TRACE_ROW:
   115             TC_str = "ROW";
   116             info_str = sqlite3_expanded_sql((sqlite3_stmt*)P);
   117             break;
   118         case SQLITE_TRACE_CLOSE:
   119             TC_str = "CLOSE";
   120             break;
   121         default:
   122             break;
   123     }
   124 
   125 #ifndef ANDROID
   126     fprintf(stderr, "%s: %s - %s\n", title, TC_str, info_str);
   127 #else
   128     __android_log_print(ANDROID_LOG_DEBUG, "pEpEngine", " %s :: %s :: %s :: %s ",
   129             title, TC_str, info_str, NULL);
   130 #endif    
   131     return 0;
   132 }
   133 #endif
   134 
   135 /* This is reallocarray taken from OpenBSD. See README.md for licensing. */
   136 /* Symbols are renamed for clashes, not to hide source. */
   137 /*
   138  * This is sqrt(SIZE_MAX+1), as s1*s2 <= SIZE_MAX
   139  * if both s1 < MUL_NO_OVERFLOW and s2 < MUL_NO_OVERFLOW
   140  */
   141 #define PEP_MUL_NO_OVERFLOW ((size_t)1 << (sizeof(size_t) * 4))
   142 static void* _pEp_reallocarray(void *optr, size_t nmemb, size_t size)
   143 {
   144     if ((nmemb >= PEP_MUL_NO_OVERFLOW || size >= PEP_MUL_NO_OVERFLOW) &&
   145         nmemb > 0 && SIZE_MAX / nmemb < size) {
   146             errno = ENOMEM;
   147             return NULL;
   148     }
   149     return realloc(optr, size * nmemb);
   150 }
   151 
   152 
   153 PEP_STATUS pgp_config_cipher_suite(PEP_SESSION session,
   154         PEP_CIPHER_SUITE suite)
   155 {
   156     switch (suite) {
   157         // supported cipher suites
   158         case PEP_CIPHER_SUITE_RSA2K:
   159         case PEP_CIPHER_SUITE_RSA3K:
   160         case PEP_CIPHER_SUITE_CV25519:
   161         case PEP_CIPHER_SUITE_P256:
   162         case PEP_CIPHER_SUITE_P384:
   163         case PEP_CIPHER_SUITE_P521:
   164             session->cipher_suite = suite;
   165             return PEP_STATUS_OK;
   166 
   167         case PEP_CIPHER_SUITE_DEFAULT:
   168             session->cipher_suite = PEP_CIPHER_SUITE_RSA2K;
   169             return PEP_STATUS_OK;
   170 
   171         // unsupported cipher suites
   172         default:
   173             session->cipher_suite = PEP_CIPHER_SUITE_RSA2K;
   174             return PEP_CANNOT_CONFIG;
   175     }
   176 }
   177 
   178 static pgp_cert_cipher_suite_t cipher_suite(PEP_CIPHER_SUITE suite)
   179 {
   180     switch (suite) {
   181         // supported cipher suites
   182         case PEP_CIPHER_SUITE_RSA2K:
   183             return PGP_CERT_CIPHER_SUITE_RSA2K;
   184         case PEP_CIPHER_SUITE_RSA3K:
   185             return PGP_CERT_CIPHER_SUITE_RSA3K;
   186         case PEP_CIPHER_SUITE_CV25519:
   187             return PGP_CERT_CIPHER_SUITE_CV25519;
   188         case PEP_CIPHER_SUITE_P256:
   189             return PGP_CERT_CIPHER_SUITE_P256;
   190         case PEP_CIPHER_SUITE_P384:
   191             return PGP_CERT_CIPHER_SUITE_P384;
   192         case PEP_CIPHER_SUITE_P521:
   193             return PGP_CERT_CIPHER_SUITE_P521;
   194         default:
   195             return PGP_CERT_CIPHER_SUITE_RSA2K;
   196     }
   197 }
   198 
   199 int email_cmp(void *cookie, int a_len, const void *a, int b_len, const void *b)
   200 {
   201     pgp_packet_t a_userid = pgp_user_id_from_raw (a, a_len);
   202     pgp_packet_t b_userid = pgp_user_id_from_raw (b, b_len);
   203 
   204     char *a_email = NULL;
   205     pgp_user_id_email_normalized(NULL, a_userid, &a_email);
   206     if (!a_email)
   207         pgp_user_id_uri(NULL, a_userid, &a_email);
   208 
   209     char *b_email = NULL;
   210     pgp_user_id_email_normalized(NULL, b_userid, &b_email);
   211     if (!b_email)
   212         pgp_user_id_uri(NULL, b_userid, &b_email);
   213 
   214     pgp_packet_free(a_userid);
   215     pgp_packet_free(b_userid);
   216 
   217     // return an integer that is negative, zero, or positive if the
   218     // first string is less than, equal to, or greater than the
   219     // second, respectively.
   220     int result;
   221     if (!a_email && !b_email)
   222         result = 0;
   223     else if (!a_email)
   224         result = -1;
   225     else if (!b_email)
   226         result = 1;
   227     else
   228         result = strcmp(a_email, b_email);
   229 
   230     if (true) {
   231         T("'%s' %s '%s'",
   232           a_email,
   233           result == 0 ? "==" : result < 0 ? "<" : ">",
   234           b_email);
   235     }
   236 
   237     free(a_email);
   238     free(b_email);
   239 
   240     return result;
   241 }
   242 
   243 PEP_STATUS pgp_init(PEP_SESSION session, bool in_first)
   244 {
   245     PEP_STATUS status = PEP_STATUS_OK;
   246 
   247 #ifdef _WIN32
   248 	int sqlite_result;
   249 	sqlite_result = sqlite3_open_v2(KEYS_DB,
   250 		&session->key_db,
   251 		SQLITE_OPEN_READWRITE
   252 		| SQLITE_OPEN_CREATE
   253 		| SQLITE_OPEN_FULLMUTEX
   254 		| SQLITE_OPEN_PRIVATECACHE,
   255 		NULL);
   256 #else
   257     // Create the home directory.
   258     char *home_env = NULL;
   259 #ifndef NDEBUG
   260     home_env = getenv("PEP_HOME");
   261 #endif
   262 
   263 #define PEP_KEYS_PATH "/.pEp/keys.db"
   264 
   265     if (!home_env)
   266         home_env = getenv("HOME");
   267 
   268     if (!home_env)
   269         ERROR_OUT(NULL, PEP_INIT_GPGME_INIT_FAILED, "HOME unset");
   270 
   271     // Create the DB and initialize it.
   272     size_t path_size = strlen(home_env) + sizeof(PEP_KEYS_PATH);
   273     char *path = (char *) calloc(path_size, 1);
   274     assert(path);
   275     if (!path)
   276         ERROR_OUT(NULL, PEP_OUT_OF_MEMORY, "out of memory");
   277 
   278 	int r = snprintf(path, path_size, "%s" PEP_KEYS_PATH, home_env);
   279     assert(r >= 0 && r < path_size);
   280     if (r < 0) {
   281         free(path);
   282         ERROR_OUT(NULL, PEP_UNKNOWN_ERROR, "snprintf");
   283     }
   284 
   285     int sqlite_result;
   286     sqlite_result = sqlite3_open_v2(path,
   287                                     &session->key_db,
   288                                     SQLITE_OPEN_READWRITE
   289                                     | SQLITE_OPEN_CREATE
   290                                     | SQLITE_OPEN_FULLMUTEX
   291                                     | SQLITE_OPEN_PRIVATECACHE,
   292                                     NULL);
   293     free(path);
   294 #endif
   295 
   296 #ifdef _PEP_SQLITE_DEBUG
   297     sqlite3_trace_v2(session->key_db,
   298         SQLITE_TRACE_STMT | SQLITE_TRACE_ROW | SQLITE_TRACE_CLOSE,
   299         sq_sql_trace_callback,
   300         NULL);
   301 #endif
   302 
   303     if (sqlite_result != SQLITE_OK)
   304         ERROR_OUT(NULL, PEP_INIT_CANNOT_OPEN_DB,
   305                   "opening keys DB: %s", sqlite3_errmsg(session->key_db));
   306 
   307     sqlite_result = sqlite3_exec(session->key_db,
   308                                  "PRAGMA secure_delete=true;\n"
   309                                  "PRAGMA foreign_keys=true;\n"
   310                                  "PRAGMA locking_mode=NORMAL;\n"
   311                                  "PRAGMA journal_mode=WAL;\n",
   312                                  NULL, NULL, NULL);
   313     if (sqlite_result != SQLITE_OK)
   314         ERROR_OUT(NULL, PEP_INIT_CANNOT_OPEN_DB,
   315                   "setting pragmas: %s", sqlite3_errmsg(session->key_db));
   316 
   317     sqlite3_busy_timeout(session->key_db, BUSY_WAIT_TIME);
   318 
   319     sqlite_result =
   320         sqlite3_create_collation(session->key_db,
   321                                 "EMAIL",
   322                                 SQLITE_UTF8,
   323                                 /* pArg (cookie) */ NULL,
   324                                 email_cmp);
   325     if (sqlite_result != SQLITE_OK)
   326         ERROR_OUT(NULL, PEP_INIT_CANNOT_OPEN_DB,
   327                   "registering EMAIL collation function: %s",
   328                   sqlite3_errmsg(session->key_db));
   329 
   330     sqlite_result = sqlite3_exec(session->key_db,
   331                                  "CREATE TABLE IF NOT EXISTS keys (\n"
   332                                  "   primary_key TEXT UNIQUE PRIMARY KEY,\n"
   333                                  "   secret BOOLEAN,\n"
   334                                  "   tpk BLOB\n"
   335                                  ");\n"
   336                                  "CREATE INDEX IF NOT EXISTS keys_index\n"
   337                                  "  ON keys (primary_key, secret)\n",
   338                                  NULL, NULL, NULL);
   339     if (sqlite_result != SQLITE_OK)
   340         ERROR_OUT(NULL, PEP_INIT_CANNOT_OPEN_DB,
   341                   "creating keys table: %s",
   342                   sqlite3_errmsg(session->key_db));
   343 
   344     sqlite_result = sqlite3_exec(session->key_db,
   345                                  "CREATE TABLE IF NOT EXISTS subkeys (\n"
   346                                  "   subkey TEXT NOT NULL,\n"
   347                                  "   primary_key TEXT NOT NULL,\n"
   348                                  "   UNIQUE(subkey, primary_key),\n"
   349                                  "   FOREIGN KEY (primary_key)\n"
   350                                  "       REFERENCES keys(primary_key)\n"
   351                                  "     ON DELETE CASCADE\n"
   352                                  ");\n"
   353                                  "CREATE INDEX IF NOT EXISTS subkeys_index\n"
   354                                  "  ON subkeys (subkey, primary_key)\n",
   355                                  NULL, NULL, NULL);
   356     if (sqlite_result != SQLITE_OK)
   357         ERROR_OUT(NULL, PEP_INIT_CANNOT_OPEN_DB,
   358                   "creating subkeys table: %s",
   359                   sqlite3_errmsg(session->key_db));
   360 
   361     sqlite_result = sqlite3_exec(session->key_db,
   362                                  "CREATE TABLE IF NOT EXISTS userids (\n"
   363                                  "   userid TEXT NOT NULL COLLATE EMAIL,\n"
   364                                  "   primary_key TEXT NOT NULL,\n"
   365                                  "   UNIQUE(userid, primary_key),\n"
   366                                  "   FOREIGN KEY (primary_key)\n"
   367                                  "       REFERENCES keys(primary_key)\n"
   368                                  "     ON DELETE CASCADE\n"
   369                                  ");\n"
   370                                  "CREATE INDEX IF NOT EXISTS userids_index\n"
   371                                  "  ON userids (userid COLLATE EMAIL, primary_key)\n",
   372                                  NULL, NULL, NULL);
   373     if (sqlite_result != SQLITE_OK)
   374         ERROR_OUT(NULL, PEP_INIT_CANNOT_OPEN_DB,
   375                   "creating userids table: %s",
   376                   sqlite3_errmsg(session->key_db));
   377 
   378     sqlite_result
   379         = sqlite3_prepare_v2(session->key_db, "begin transaction",
   380                              -1, &session->sq_sql.begin_transaction, NULL);
   381     assert(sqlite_result == SQLITE_OK);
   382 
   383     sqlite_result
   384         = sqlite3_prepare_v2(session->key_db, "commit transaction",
   385                              -1, &session->sq_sql.commit_transaction, NULL);
   386     assert(sqlite_result == SQLITE_OK);
   387 
   388     sqlite_result
   389         = sqlite3_prepare_v2(session->key_db, "rollback transaction",
   390                              -1, &session->sq_sql.rollback_transaction, NULL);
   391     assert(sqlite_result == SQLITE_OK);
   392 
   393     sqlite_result
   394         = sqlite3_prepare_v2(session->key_db,
   395                              "SELECT tpk, secret FROM keys"
   396                              " WHERE primary_key == ?",
   397                              -1, &session->sq_sql.cert_find, NULL);
   398     assert(sqlite_result == SQLITE_OK);
   399 
   400     sqlite_result
   401         = sqlite3_prepare_v2(session->key_db,
   402                              "SELECT tpk, secret FROM keys"
   403                              " WHERE primary_key == ? and secret == 1",
   404                              -1, &session->sq_sql.tsk_find, NULL);
   405     assert(sqlite_result == SQLITE_OK);
   406 
   407     sqlite_result
   408         = sqlite3_prepare_v2(session->key_db,
   409                              "SELECT tpk, secret FROM subkeys"
   410                              " LEFT JOIN keys"
   411                              "  ON subkeys.primary_key == keys.primary_key"
   412                              " WHERE subkey == ?",
   413                              -1, &session->sq_sql.cert_find_by_keyid, NULL);
   414     assert(sqlite_result == SQLITE_OK);
   415 
   416     sqlite_result
   417         = sqlite3_prepare_v2(session->key_db,
   418                              "SELECT tpk, secret FROM subkeys"
   419                              " LEFT JOIN keys"
   420                              "  ON subkeys.primary_key == keys.primary_key"
   421                              " WHERE subkey == ?",
   422                              -1, &session->sq_sql.cert_find_by_keyid, NULL);
   423     assert(sqlite_result == SQLITE_OK);
   424 
   425     sqlite_result
   426         = sqlite3_prepare_v2(session->key_db,
   427                              "SELECT tpk, secret FROM subkeys"
   428                              " LEFT JOIN keys"
   429                              "  ON subkeys.primary_key == keys.primary_key"
   430                              " WHERE subkey == ? and keys.secret == 1",
   431                              -1, &session->sq_sql.tsk_find_by_keyid, NULL);
   432     assert(sqlite_result == SQLITE_OK);
   433 
   434     sqlite_result
   435         = sqlite3_prepare_v2(session->key_db,
   436                              "SELECT tpk, secret FROM userids"
   437                              " LEFT JOIN keys"
   438                              "  ON userids.primary_key == keys.primary_key"
   439                              " WHERE userid == ?",
   440                              -1, &session->sq_sql.cert_find_by_email, NULL);
   441     assert(sqlite_result == SQLITE_OK);
   442 
   443     sqlite_result
   444         = sqlite3_prepare_v2(session->key_db,
   445                              "SELECT tpk, secret FROM userids"
   446                              " LEFT JOIN keys"
   447                              "  ON userids.primary_key == keys.primary_key"
   448                              " WHERE userid == ? and keys.secret == 1",
   449                              -1, &session->sq_sql.tsk_find_by_email, NULL);
   450     assert(sqlite_result == SQLITE_OK);
   451 
   452     sqlite_result
   453         = sqlite3_prepare_v2(session->key_db,
   454                              "select tpk, secret from keys",
   455                              -1, &session->sq_sql.cert_all, NULL);
   456     assert(sqlite_result == SQLITE_OK);
   457 
   458     sqlite_result
   459         = sqlite3_prepare_v2(session->key_db,
   460                              "select tpk, secret from keys where secret = 1",
   461                              -1, &session->sq_sql.tsk_all, NULL);
   462     assert(sqlite_result == SQLITE_OK);
   463 
   464     sqlite_result
   465         = sqlite3_prepare_v2(session->key_db,
   466                              "INSERT OR REPLACE INTO keys"
   467                              "   (primary_key, secret, tpk)"
   468                              " VALUES (?, ?, ?)",
   469                              -1, &session->sq_sql.cert_save_insert_primary, NULL);
   470     assert(sqlite_result == SQLITE_OK);
   471 
   472     sqlite_result
   473         = sqlite3_prepare_v2(session->key_db,
   474                              "INSERT OR REPLACE INTO subkeys"
   475                              "   (subkey, primary_key)"
   476                              " VALUES (?, ?)",
   477                              -1, &session->sq_sql.cert_save_insert_subkeys, NULL);
   478     assert(sqlite_result == SQLITE_OK);
   479 
   480     sqlite_result
   481         = sqlite3_prepare_v2(session->key_db,
   482                              "INSERT OR REPLACE INTO userids"
   483                              "   (userid, primary_key)"
   484                              " VALUES (?, ?)",
   485                              -1, &session->sq_sql.cert_save_insert_userids, NULL);
   486     assert(sqlite_result == SQLITE_OK);
   487 
   488     sqlite_result
   489         = sqlite3_prepare_v2(session->key_db,
   490                              "DELETE FROM keys WHERE primary_key = ?",
   491                              -1, &session->sq_sql.delete_keypair, NULL);
   492     assert(sqlite_result == SQLITE_OK);
   493 
   494     session->policy = pgp_null_policy ();
   495     if (! session->policy)
   496         ERROR_OUT(NULL, PEP_OUT_OF_MEMORY,
   497                   "initializing openpgp policy");
   498 
   499  out:
   500     if (status != PEP_STATUS_OK)
   501         pgp_release(session, in_first);
   502     return status;
   503 }
   504 
   505 void pgp_release(PEP_SESSION session, bool out_last)
   506 {
   507     pgp_policy_free (session->policy);
   508     session->policy = NULL;
   509 
   510     sqlite3_stmt **stmts = (sqlite3_stmt **) &session->sq_sql;
   511     for (int i = 0; i < sizeof(session->sq_sql) / sizeof(*stmts); i ++)
   512         if (stmts[i]) {
   513             sqlite3_finalize(stmts[i]);
   514             stmts[i] = NULL;
   515         }
   516 
   517     if (session->key_db) {
   518         int result = sqlite3_close_v2(session->key_db);
   519         if (result != 0)
   520             DUMP_ERR(NULL, PEP_UNKNOWN_ERROR,
   521                      "Closing key DB: sqlite3_close_v2: %s",
   522                      sqlite3_errstr(result));
   523         session->key_db = NULL;
   524     }
   525 }
   526 
   527 // Ensures that a fingerprint is in canonical form.  A canonical
   528 // fingerprint doesn't contain any white space.
   529 //
   530 // This function does *not* consume fpr.
   531 static char *pgp_fingerprint_canonicalize(const char *) __attribute__((nonnull));
   532 static char *pgp_fingerprint_canonicalize(const char *fpr)
   533 {
   534     pgp_fingerprint_t pgp_fpr = pgp_fingerprint_from_hex(fpr);
   535     char *fpr_canonicalized = pgp_fingerprint_to_hex(pgp_fpr);
   536     pgp_fingerprint_free(pgp_fpr);
   537 
   538     return fpr_canonicalized;
   539 }
   540 
   541 // step statement and load the certificate and secret.
   542 static PEP_STATUS key_load(PEP_SESSION, sqlite3_stmt *, pgp_cert_t *, int *)
   543     __attribute__((nonnull(1, 2)));
   544 static PEP_STATUS key_load(PEP_SESSION session, sqlite3_stmt *stmt,
   545                            pgp_cert_t *certp, int *secretp)
   546 {
   547     PEP_STATUS status = PEP_STATUS_OK;
   548     int sqlite_result = sqlite3_step(stmt);
   549     switch (sqlite_result) {
   550     case SQLITE_ROW:
   551         if (certp) {
   552             int data_len = sqlite3_column_bytes(stmt, 0);
   553             const void *data = sqlite3_column_blob(stmt, 0);
   554 
   555             pgp_error_t err = NULL;
   556             *certp = pgp_cert_from_bytes(&err, data, data_len);
   557             if (!*certp)
   558                 ERROR_OUT(err, PEP_GET_KEY_FAILED, "parsing certificate");
   559         }
   560 
   561         if (secretp)
   562             *secretp = sqlite3_column_int(stmt, 1);
   563 
   564         break;
   565     case SQLITE_DONE:
   566         // Got nothing.
   567         status = PEP_KEY_NOT_FOUND;
   568         break;
   569     default:
   570         ERROR_OUT(NULL, PEP_UNKNOWN_ERROR,
   571                   "stepping: %s", sqlite3_errmsg(session->key_db));
   572     }
   573 
   574  out:
   575     T(" -> %s", pEp_status_to_string(status));
   576     return status;
   577 }
   578 
   579 // step statement until exhausted and load the certificates.
   580 static PEP_STATUS key_loadn(PEP_SESSION, sqlite3_stmt *, pgp_cert_t **, int *)
   581     __attribute__((nonnull));
   582 static PEP_STATUS key_loadn(PEP_SESSION session, sqlite3_stmt *stmt,
   583                             pgp_cert_t **certsp, int *certs_countp)
   584 {
   585     PEP_STATUS status = PEP_STATUS_OK;
   586     int certs_count = 0;
   587     int certs_capacity = 8;
   588     pgp_cert_t *certs = calloc(certs_capacity, sizeof(pgp_cert_t));
   589     if (!certs)
   590         ERROR_OUT(NULL, PEP_OUT_OF_MEMORY, "out of memory");
   591 
   592     for (;;) {
   593         pgp_cert_t cert = NULL;
   594         status = key_load(session, stmt, &cert, NULL);
   595         if (status == PEP_KEY_NOT_FOUND) {
   596             status = PEP_STATUS_OK;
   597             break;
   598         }
   599         ERROR_OUT(NULL, status, "loading certificate");
   600 
   601         if (certs_count == certs_capacity) {
   602             certs_capacity *= 2;
   603             certs = realloc(certs, sizeof(certs[0]) * certs_capacity);
   604             if (!certs)
   605                 ERROR_OUT(NULL, PEP_OUT_OF_MEMORY, "certs");
   606         }
   607         certs[certs_count ++] = cert;
   608     }
   609 
   610  out:
   611     if (status != PEP_STATUS_OK) {
   612         for (int i = 0; i < certs_count; i ++)
   613             pgp_cert_free(certs[i]);
   614         free(certs);
   615     } else {
   616         *certsp = certs;
   617         *certs_countp = certs_count;
   618     }
   619 
   620     T(" -> %s (%d certs)", pEp_status_to_string(status), *certs_countp);
   621     return status;
   622 }
   623 
   624 // Returns the certificate identified by the provided fingerprint.
   625 //
   626 // This function only matches on the primary key!
   627 static PEP_STATUS cert_find(PEP_SESSION, pgp_fingerprint_t, int, pgp_cert_t *, int *)
   628     __attribute__((nonnull(1, 2)));
   629 static PEP_STATUS cert_find(PEP_SESSION session,
   630                            pgp_fingerprint_t fpr, int private_only,
   631                            pgp_cert_t *cert, int *secret)
   632 {
   633     PEP_STATUS status = PEP_STATUS_OK;
   634     char *fpr_str = pgp_fingerprint_to_hex(fpr);
   635 
   636     T("(%s, %d)", fpr_str, private_only);
   637 
   638     sqlite3_stmt *stmt
   639         = private_only ? session->sq_sql.tsk_find : session->sq_sql.cert_find;
   640     sqlite3_bind_text(stmt, 1, fpr_str, -1, SQLITE_STATIC);
   641 
   642     status = key_load(session, stmt, cert, secret);
   643     ERROR_OUT(NULL, status, "Looking up %s", fpr_str);
   644 
   645  out:
   646     sqlite3_reset(stmt);
   647     T("(%s, %d) -> %s", fpr_str, private_only, pEp_status_to_string(status));
   648     free(fpr_str);
   649     return status;
   650 }
   651 
   652 // Returns the certificate identified by the provided keyid.
   653 //
   654 // This function matches on both primary keys and subkeys!
   655 //
   656 // Note: There can be multiple certificates for a given keyid.  This can
   657 // occur, because an encryption subkey can be bound to multiple certificates.
   658 // Also, it is possible to collide key ids.  If there are multiple key
   659 // ids for a given key, this just returns one of them.
   660 //
   661 // If private_only is set, this will only consider certificates with some
   662 // secret key material.
   663 static PEP_STATUS cert_find_by_keyid_hex(PEP_SESSION, const char *, int, pgp_cert_t *, int *)
   664   __attribute__((nonnull(1, 2)));
   665 static PEP_STATUS cert_find_by_keyid_hex(
   666         PEP_SESSION session, const char *keyid_hex, int private_only,
   667         pgp_cert_t *certp, int *secretp)
   668 {
   669     PEP_STATUS status = PEP_STATUS_OK;
   670     T("(%s, %d)", keyid_hex, private_only);
   671 
   672     sqlite3_stmt *stmt
   673         = private_only ? session->sq_sql.tsk_find_by_keyid : session->sq_sql.cert_find_by_keyid;
   674     sqlite3_bind_text(stmt, 1, keyid_hex, -1, SQLITE_STATIC);
   675 
   676     status = key_load(session, stmt, certp, secretp);
   677     ERROR_OUT(NULL, status, "Looking up %s", keyid_hex);
   678 
   679  out:
   680     sqlite3_reset(stmt);
   681     T("(%s, %d) -> %s", keyid_hex, private_only, pEp_status_to_string(status));
   682     return status;
   683 }
   684 
   685 // See cert_find_by_keyid_hex.
   686 PEP_STATUS cert_find_by_keyid(PEP_SESSION, pgp_keyid_t, int, pgp_cert_t *, int *)
   687     __attribute__((nonnull(1, 2)));
   688 PEP_STATUS cert_find_by_keyid(PEP_SESSION session,
   689                              pgp_keyid_t keyid, int private_only,
   690                              pgp_cert_t *certp, int *secretp)
   691 {
   692     char *keyid_hex = pgp_keyid_to_hex(keyid);
   693     if (! keyid_hex)
   694         return PEP_OUT_OF_MEMORY;
   695     PEP_STATUS status
   696         = cert_find_by_keyid_hex(session, keyid_hex, private_only, certp, secretp);
   697     free(keyid_hex);
   698     return status;
   699 }
   700 
   701 // See cert_find_by_keyid_hex.
   702 static PEP_STATUS cert_find_by_fpr(PEP_SESSION, pgp_fingerprint_t, int,
   703                                   pgp_cert_t *, int *)
   704     __attribute__((nonnull(1, 2)));
   705 static PEP_STATUS cert_find_by_fpr(
   706     PEP_SESSION session, pgp_fingerprint_t fpr, int private_only,
   707     pgp_cert_t *certp, int *secretp)
   708 {
   709     pgp_keyid_t keyid = pgp_fingerprint_to_keyid(fpr);
   710     if (! keyid)
   711         return PEP_OUT_OF_MEMORY;
   712     PEP_STATUS status
   713         = cert_find_by_keyid(session, keyid, private_only, certp, secretp);
   714     pgp_keyid_free(keyid);
   715     return status;
   716 }
   717 
   718 // See cert_find_by_keyid_hex.
   719 static PEP_STATUS cert_find_by_fpr_hex(PEP_SESSION, const char *, int, pgp_cert_t *, int *secret)
   720     __attribute__((nonnull(1, 2)));
   721 static PEP_STATUS cert_find_by_fpr_hex(
   722     PEP_SESSION session, const char *fpr, int private_only,
   723     pgp_cert_t *certp, int *secretp)
   724 {
   725     pgp_fingerprint_t pgp_fpr = pgp_fingerprint_from_hex(fpr);
   726     if (! pgp_fpr)
   727         return PEP_OUT_OF_MEMORY;
   728     PEP_STATUS status
   729         = cert_find_by_fpr(session, pgp_fpr, private_only, certp, secretp);
   730     pgp_fingerprint_free(pgp_fpr);
   731     return status;
   732 }
   733 
   734 // Returns all known certificates.
   735 static PEP_STATUS cert_all(PEP_SESSION, int, pgp_cert_t **, int *) __attribute__((nonnull));
   736 static PEP_STATUS cert_all(PEP_SESSION session, int private_only,
   737                           pgp_cert_t **certsp, int *certs_countp) {
   738     PEP_STATUS status = PEP_STATUS_OK;
   739     sqlite3_stmt *stmt = private_only ? session->sq_sql.tsk_all : session->sq_sql.cert_all;
   740     status = key_loadn(session, stmt, certsp, certs_countp);
   741     ERROR_OUT(NULL, status, "loading certificates");
   742  out:
   743     sqlite3_reset(stmt);
   744     return status;
   745 }
   746 
   747 // Returns keys that have a user id that matches the specified pattern.
   748 //
   749 // The keys returned must be freed using pgp_cert_free.
   750 static PEP_STATUS cert_find_by_email(PEP_SESSION, const char *, int, pgp_cert_t **, int *)
   751     __attribute__((nonnull));
   752 static PEP_STATUS cert_find_by_email(PEP_SESSION session,
   753                                     const char *pattern, int private_only,
   754                                     pgp_cert_t **certsp, int *countp)
   755 {
   756     PEP_STATUS status = PEP_STATUS_OK;
   757     T("(%s)", pattern);
   758 
   759     sqlite3_stmt *stmt
   760         = private_only ? session->sq_sql.tsk_find_by_email : session->sq_sql.cert_find_by_email;
   761     sqlite3_bind_text(stmt, 1, pattern, -1, SQLITE_STATIC);
   762 
   763     status = key_loadn(session, stmt, certsp, countp);
   764     ERROR_OUT(NULL, status, "Searching for '%s'", pattern);
   765 
   766  out:
   767     sqlite3_reset(stmt);
   768     T("(%s) -> %s (%d results)", pattern, pEp_status_to_string(status), *countp);
   769     return status;
   770 }
   771 
   772 
   773 // Saves the specified certificates.
   774 //
   775 // This function takes ownership of CERT.
   776 static PEP_STATUS cert_save(PEP_SESSION, pgp_cert_t, identity_list **)
   777     __attribute__((nonnull(1, 2)));
   778 static PEP_STATUS cert_save(PEP_SESSION session, pgp_cert_t cert,
   779                            identity_list **private_idents)
   780 {
   781     PEP_STATUS status = PEP_STATUS_OK;
   782     pgp_error_t err = NULL;
   783     pgp_fingerprint_t pgp_fpr = NULL;
   784     char *fpr = NULL;
   785     void *tsk_buffer = NULL;
   786     size_t tsk_buffer_len = 0;
   787     int tried_commit = 0;
   788     pgp_cert_key_iter_t key_iter = NULL;
   789     pgp_user_id_bundle_iter_t user_id_iter = NULL;
   790     char *email = NULL;
   791     char *name = NULL;
   792 
   793     T("cert_save - begin transaction for saving %s", fpr);
   794     sqlite3_stmt *stmt = session->sq_sql.begin_transaction;
   795     int sqlite_result = sqlite3_step(stmt);
   796     sqlite3_reset(stmt);
   797     if (sqlite_result != SQLITE_DONE)
   798         ERROR_OUT(NULL, PEP_UNKNOWN_ERROR,
   799                   "begin transaction failed: %s",
   800                   sqlite3_errmsg(session->key_db));
   801                   
   802     T("cert_save - successfully began transaction for saving %s", fpr);
   803     pgp_fpr = pgp_cert_fingerprint(cert);
   804     fpr = pgp_fingerprint_to_hex(pgp_fpr);
   805     T("(%s, private_idents: %s)", fpr, private_idents ? "yes" : "no");
   806 
   807     // Merge any existing data into certificate.
   808     pgp_cert_t current = NULL;
   809     status = cert_find(session, pgp_fpr, false, &current, NULL);
   810     if (status == PEP_KEY_NOT_FOUND)
   811         status = PEP_STATUS_OK;
   812     else
   813         ERROR_OUT(NULL, status, "Looking up %s", fpr);
   814     if (current) {
   815         cert = pgp_cert_merge(&err, cert, current);
   816         if (! cert)
   817             ERROR_OUT(err, PEP_UNKNOWN_ERROR, "Merging certificates");
   818     }
   819 
   820     int is_tsk = pgp_cert_is_tsk(cert);
   821 
   822     // Serialize it.
   823     pgp_writer_t writer = pgp_writer_alloc(&tsk_buffer, &tsk_buffer_len);
   824     if (! writer)
   825         ERROR_OUT(NULL, PEP_OUT_OF_MEMORY, "out of memory");
   826 
   827     pgp_status_t pgp_status;
   828     pgp_tsk_t tsk = pgp_cert_as_tsk(cert);
   829     pgp_status = pgp_tsk_serialize(&err, tsk, writer);
   830     pgp_tsk_free(tsk);
   831     pgp_writer_free(writer);
   832     if (pgp_status != 0)
   833         ERROR_OUT(err, PEP_UNKNOWN_ERROR, "Serializing certificates");
   834 
   835 
   836     // Insert the TSK into the DB.
   837     stmt = session->sq_sql.cert_save_insert_primary;
   838     sqlite3_bind_text(stmt, 1, fpr, -1, SQLITE_STATIC);
   839     sqlite3_bind_int(stmt, 2, is_tsk);
   840     sqlite3_bind_blob(stmt, 3, tsk_buffer, tsk_buffer_len, SQLITE_STATIC);
   841 
   842     sqlite_result = sqlite3_step(stmt);
   843     sqlite3_reset(stmt);
   844     if (sqlite_result != SQLITE_DONE)
   845         ERROR_OUT(NULL, PEP_UNKNOWN_ERROR,
   846                   "Saving certificate: %s", sqlite3_errmsg(session->key_db));
   847 
   848     // Insert the "subkeys" (the primary key and the subkeys).
   849     stmt = session->sq_sql.cert_save_insert_subkeys;
   850     // This inserts all of the keys in the certificate, i.e.,
   851     // including revoked and expired keys, which is what we want.
   852     key_iter = pgp_cert_key_iter(cert);
   853     pgp_key_amalgamation_t ka;
   854     while ((ka = pgp_cert_key_iter_next(key_iter))) {
   855         pgp_key_t key = pgp_key_amalgamation_key (ka);
   856 
   857         pgp_keyid_t keyid = pgp_key_keyid(key);
   858         char *keyid_hex = pgp_keyid_to_hex(keyid);
   859         sqlite3_bind_text(stmt, 1, keyid_hex, -1, SQLITE_STATIC);
   860         sqlite3_bind_text(stmt, 2, fpr, -1, SQLITE_STATIC);
   861 
   862         pgp_key_free (key);
   863         pgp_key_amalgamation_free (ka);
   864 
   865         sqlite_result = sqlite3_step(stmt);
   866         sqlite3_reset(stmt);
   867         free(keyid_hex);
   868         pgp_keyid_free(keyid);
   869         if (sqlite_result != SQLITE_DONE) {
   870             pgp_cert_key_iter_free(key_iter);
   871             ERROR_OUT(NULL, PEP_UNKNOWN_ERROR,
   872                       "Updating subkeys: %s", sqlite3_errmsg(session->key_db));
   873         }
   874     }
   875     pgp_cert_key_iter_free(key_iter);
   876     key_iter = NULL;
   877 
   878     // Insert the "userids".
   879     stmt = session->sq_sql.cert_save_insert_userids;
   880     user_id_iter = pgp_cert_user_id_bundle_iter(cert);
   881     pgp_user_id_bundle_t bundle;
   882     int first = 1;
   883     while ((bundle = pgp_user_id_bundle_iter_next(user_id_iter))) {
   884         char *user_id_value = pgp_user_id_bundle_user_id(bundle);
   885         if (!user_id_value || !*user_id_value)
   886             continue;
   887 
   888         // Ignore user ids with a self-revocation certificate, but no
   889         // self-signature.
   890         if (!pgp_user_id_bundle_selfsig(bundle, session->policy)) {
   891             free(user_id_value);
   892             continue;
   893         }
   894 
   895         free(name);
   896         name = NULL;
   897         free(email);
   898         email = NULL;
   899 
   900         pgp_packet_t userid = pgp_user_id_new (user_id_value);
   901         pgp_user_id_name(NULL, userid, &name);
   902         // Try to get the normalized address.
   903         pgp_user_id_email_normalized(NULL, userid, &email);
   904         if (! email)
   905             // Ok, it's not a proper RFC 2822 name-addr.  Perhaps it
   906             // is a URI.
   907             pgp_user_id_uri(NULL, userid, &email);
   908         pgp_packet_free(userid);
   909         free(user_id_value);
   910 
   911         if (email) {
   912             T("  userid: %s", email);
   913 
   914             sqlite3_bind_text(stmt, 1, email, -1, SQLITE_STATIC);
   915             sqlite3_bind_text(stmt, 2, fpr, -1, SQLITE_STATIC);
   916 
   917             sqlite_result = sqlite3_step(stmt);
   918             sqlite3_reset(stmt);
   919 
   920             if (sqlite_result != SQLITE_DONE) {
   921                 pgp_user_id_bundle_iter_free(user_id_iter);
   922                 ERROR_OUT(NULL, PEP_UNKNOWN_ERROR,
   923                           "Updating userids: %s", sqlite3_errmsg(session->key_db));
   924             }
   925         }
   926 
   927         if (first && private_idents && is_tsk) {
   928             first = 0;
   929 
   930             // Create an identity for the primary user id.
   931             pEp_identity *ident = new_identity(email, fpr, NULL, name);
   932             if (ident == NULL)
   933                 ERROR_OUT(NULL, PEP_OUT_OF_MEMORY, "new_identity");
   934 
   935             *private_idents = identity_list_add(*private_idents, ident);
   936             if (*private_idents == NULL)
   937                 ERROR_OUT(NULL, PEP_OUT_OF_MEMORY, "identity_list_add");
   938         }
   939 
   940     }
   941     pgp_user_id_bundle_iter_free(user_id_iter);
   942     user_id_iter = NULL;
   943 
   944  out:
   945     // Prevent ERROR_OUT from causing an infinite loop.
   946     if (! tried_commit) {
   947         tried_commit = 1;
   948         T("cert_save - about to %s transaction for saving %s", 
   949            (status == PEP_STATUS_OK ? "commit" : "roll back"), 
   950            fpr);        
   951         stmt = status == PEP_STATUS_OK
   952             ? session->sq_sql.commit_transaction
   953             : session->sq_sql.rollback_transaction;
   954         int sqlite_result = sqlite3_step(stmt);
   955         sqlite3_reset(stmt);        
   956         if (sqlite_result != SQLITE_DONE)
   957             ERROR_OUT(NULL, PEP_UNKNOWN_ERROR,
   958                       status == PEP_STATUS_OK
   959                       ? "commit failed: %s" : "rollback failed: %s",
   960                       sqlite3_errmsg(session->key_db));
   961         T("cert_save - %s transaction for saving %s", 
   962            (status == PEP_STATUS_OK ? "committed" : "rolled back"), 
   963            fpr);                                
   964     }
   965 
   966     T("(%s) -> %s", fpr, pEp_status_to_string(status));
   967 
   968     free(email);
   969     free(name);
   970     pgp_user_id_bundle_iter_free(user_id_iter);
   971     pgp_cert_key_iter_free(key_iter);
   972     if (stmt)
   973       sqlite3_reset(stmt);
   974     free(tsk_buffer);
   975     pgp_cert_free(cert);
   976     free(fpr);
   977     pgp_fingerprint_free(pgp_fpr);
   978 
   979     return status;
   980 }
   981 
   982 struct decrypt_cookie {
   983     PEP_SESSION session;
   984     int get_secret_keys_called;
   985     stringlist_t *recipient_keylist;
   986     stringlist_t *signer_keylist;
   987 
   988     int good_checksums;
   989     int malformed_signature;
   990     int missing_keys;
   991     int unbound_key;
   992     int revoked_key;
   993     int expired_key;
   994     int bad_key;
   995     int bad_checksums;
   996 
   997     // Whether we decrypted anything.
   998     int decrypted;
   999 
  1000     // The filename stored in the literal data packet.  Note: this is
  1001     // *not* protected by the signature and should not be trusted!!!
  1002     char *filename;
  1003 };
  1004 
  1005 static pgp_status_t
  1006 get_public_keys_cb(void *cookie_raw,
  1007                    pgp_keyid_t *keyids, size_t keyids_len,
  1008                    pgp_cert_t **certs, size_t *certs_len,
  1009                    void (**our_free)(void *))
  1010 {
  1011     struct decrypt_cookie *cookie = cookie_raw;
  1012     PEP_SESSION session = cookie->session;
  1013 
  1014     *certs = calloc(keyids_len, sizeof(*certs));
  1015     if (!*certs)
  1016         return PGP_STATUS_UNKNOWN_ERROR;
  1017     *our_free = free;
  1018 
  1019     size_t i;
  1020     int j = 0;
  1021     for (i = 0; i < keyids_len; i ++) {
  1022         pgp_cert_t cert = NULL;
  1023         PEP_STATUS status
  1024             = cert_find_by_keyid(session, keyids[i], false, &cert, NULL);
  1025         if (status == PEP_STATUS_OK)
  1026             (*certs)[j ++] = cert;
  1027     }
  1028     *certs_len = j;
  1029     return PGP_STATUS_SUCCESS;
  1030 }
  1031 
  1032 static pgp_status_t
  1033 decrypt_cb(void *cookie_opaque,
  1034            pgp_pkesk_t *pkesks, size_t pkesk_count,
  1035            pgp_skesk_t *skesks, size_t skesk_count,
  1036            uint8_t symmetric_algo,
  1037            pgp_decryptor_do_decrypt_cb_t *decrypt,
  1038            void *decrypt_cookie,
  1039            pgp_fingerprint_t *identity_out)
  1040 {
  1041     pgp_error_t err = NULL;
  1042     struct decrypt_cookie *cookie = cookie_opaque;
  1043     PEP_SESSION session = cookie->session;
  1044     pgp_cert_t *tsks = NULL;
  1045     int tsks_count = 0;
  1046     int wildcards = 0;
  1047 
  1048     if (cookie->get_secret_keys_called)
  1049         // Prevent iterations, which isn't needed since we don't
  1050         // support SKESKs.
  1051         return PGP_STATUS_UNKNOWN_ERROR;
  1052     cookie->get_secret_keys_called = 1;
  1053 
  1054     T("%zd PKESKs", pkesk_count);
  1055 
  1056     for (size_t i = 0; i < pkesk_count; i ++) {
  1057         pgp_pkesk_t pkesk = pkesks[i];
  1058         pgp_keyid_t keyid = pgp_pkesk_recipient(pkesk); /* Reference. */
  1059         char *keyid_str = pgp_keyid_to_hex(keyid);
  1060         pgp_cert_key_iter_t key_iter = NULL;
  1061         pgp_key_amalgamation_t ka = NULL;
  1062         pgp_key_t key = NULL;
  1063         pgp_session_key_t sk = NULL;
  1064 
  1065         T("Considering PKESK for %s", keyid_str);
  1066 
  1067         if (strcmp(keyid_str, "0000000000000000") == 0) {
  1068             // Initially ignore wildcards.
  1069             wildcards = 1;
  1070             goto eol;
  1071         }
  1072 
  1073         // Collect the recipients.  Note: we must return the primary
  1074         // key's fingerprint.
  1075         pgp_cert_t cert = NULL;
  1076         int is_tsk = 0;
  1077         if (cert_find_by_keyid(session, keyid, false, &cert, &is_tsk) != PEP_STATUS_OK)
  1078             goto eol;
  1079 
  1080         pgp_fingerprint_t fp = pgp_cert_fingerprint(cert);
  1081         char *fp_string = pgp_fingerprint_to_hex(fp);
  1082         stringlist_add_unique(cookie->recipient_keylist, fp_string);
  1083         free(fp_string);
  1084         pgp_fingerprint_free(fp);
  1085 
  1086         if (cookie->decrypted)
  1087             goto eol;
  1088 
  1089         // See if we have the secret key.
  1090         assert(is_tsk == pgp_cert_is_tsk(cert));
  1091         if (! is_tsk)
  1092             goto eol;
  1093 
  1094         key_iter = pgp_cert_key_iter(cert);
  1095         while (key = NULL, (ka = pgp_cert_key_iter_next(key_iter))) {
  1096             key = pgp_key_amalgamation_key (ka);
  1097             pgp_keyid_t this_keyid = pgp_key_keyid(key);
  1098             char *this_keyid_hex = pgp_keyid_to_hex(this_keyid);
  1099             pgp_keyid_free(this_keyid);
  1100 
  1101             int match = strcmp(keyid_str, this_keyid_hex) == 0;
  1102             free(this_keyid_hex);
  1103             if (match)
  1104                 break;
  1105 
  1106             pgp_key_free (key);
  1107             pgp_key_amalgamation_free (ka);
  1108         }
  1109 
  1110         if (key == NULL) {
  1111             assert(!"Inconsistent DB: key doesn't contain a subkey with keyid!");
  1112             goto eol;
  1113         }
  1114 
  1115         uint8_t algo;
  1116         uint8_t session_key[1024];
  1117         size_t session_key_len = sizeof(session_key);
  1118         if (pgp_pkesk_decrypt(&err, pkesk, key, &algo,
  1119                               session_key, &session_key_len) != 0) {
  1120             DUMP_ERR(err, PEP_UNKNOWN_ERROR, "pgp_pkesk_decrypt");
  1121             goto eol;
  1122         }
  1123 
  1124         sk = pgp_session_key_from_bytes (session_key, session_key_len);
  1125         pgp_status_t status;
  1126         if ((status = decrypt (decrypt_cookie, algo, sk))) {
  1127             DUMP_STATUS(status, PEP_UNKNOWN_ERROR, "decrypt_cb");
  1128             goto eol;
  1129         }
  1130 
  1131         T("Decrypted PKESK for %s", keyid_str);
  1132 
  1133         *identity_out = pgp_cert_fingerprint(cert);
  1134         cookie->decrypted = 1;
  1135 
  1136     eol:
  1137         pgp_session_key_free (sk);
  1138         free(keyid_str);
  1139         pgp_key_free (key);
  1140         pgp_key_amalgamation_free (ka);
  1141         pgp_cert_key_iter_free(key_iter);
  1142         pgp_cert_free(cert);
  1143     }
  1144 
  1145     // Consider wildcard recipients.
  1146     if (wildcards) for (size_t i = 0; i < pkesk_count && !cookie->decrypted; i ++) {
  1147         pgp_pkesk_t pkesk = pkesks[i];
  1148         pgp_keyid_t keyid = pgp_pkesk_recipient(pkesk); /* Reference. */
  1149         char *keyid_str = pgp_keyid_to_hex(keyid);
  1150         pgp_cert_key_iter_t key_iter = NULL;
  1151         pgp_key_amalgamation_t ka = NULL;
  1152         pgp_key_t key = NULL;
  1153         pgp_session_key_t sk = NULL;
  1154 
  1155         if (strcmp(keyid_str, "0000000000000000") != 0)
  1156             goto eol2;
  1157 
  1158         if (!tsks) {
  1159             if (cert_all(session, true, &tsks, &tsks_count) != PEP_STATUS_OK) {
  1160                 DUMP_ERR(NULL, PEP_UNKNOWN_ERROR, "Getting all tsks");
  1161             }
  1162         }
  1163 
  1164         for (int j = 0; j < tsks_count; j ++) {
  1165             pgp_cert_t tsk = tsks[j];
  1166 
  1167             key_iter = pgp_cert_key_iter(tsk);
  1168 
  1169             while (key = NULL, (ka = pgp_cert_key_iter_next(key_iter))) {
  1170                 key = pgp_key_amalgamation_key (ka);
  1171 
  1172                 // Note: for decryption to appear to succeed, we must
  1173                 // get a valid algorithm (8 of 256 values) and a
  1174                 // 16-bit checksum must match.  Thus, we have about a
  1175                 // 1 in 2**21 chance of having a false positive here.
  1176                 uint8_t algo;
  1177                 uint8_t session_key[1024];
  1178                 size_t session_key_len = sizeof(session_key);
  1179                 if (pgp_pkesk_decrypt(&err, pkesk, key,
  1180                                       &algo, session_key, &session_key_len)) {
  1181                     pgp_error_free(err);
  1182                     err = NULL;
  1183                     pgp_key_free (key);
  1184                     pgp_key_amalgamation_free (ka);
  1185                     continue;
  1186                 }
  1187 
  1188                 // Add it to the recipient list.
  1189                 pgp_fingerprint_t fp = pgp_cert_fingerprint(tsk);
  1190                 char *fp_string = pgp_fingerprint_to_hex(fp);
  1191                 T("wildcard recipient appears to be %s", fp_string);
  1192                 stringlist_add_unique(cookie->recipient_keylist, fp_string);
  1193                 free(fp_string);
  1194                 pgp_fingerprint_free(fp);
  1195 
  1196                 pgp_session_key_t sk = pgp_session_key_from_bytes (session_key,
  1197                                                                    session_key_len);
  1198                 pgp_status_t status;
  1199                 if ((status = decrypt (decrypt_cookie, algo, sk))) {
  1200                     DUMP_STATUS(status, PEP_UNKNOWN_ERROR, "decrypt_cb");
  1201                     goto eol2;
  1202                 }
  1203 
  1204                 *identity_out = pgp_cert_fingerprint(tsk);
  1205                 cookie->decrypted = 1;
  1206 
  1207                 break;
  1208             }
  1209 
  1210             pgp_key_free (key);
  1211             key = NULL;
  1212             pgp_key_amalgamation_free (ka);
  1213             ka = NULL;
  1214             pgp_cert_key_iter_free(key_iter);
  1215             key_iter = NULL;
  1216         }
  1217     eol2:
  1218         pgp_session_key_free (sk);
  1219         free(keyid_str);
  1220         pgp_key_free (key);
  1221         pgp_key_amalgamation_free (ka);
  1222         pgp_cert_key_iter_free(key_iter);
  1223     }
  1224 
  1225     if (tsks) {
  1226         for (int i = 0; i < tsks_count; i ++)
  1227             pgp_cert_free(tsks[i]);
  1228         free(tsks);
  1229     }
  1230 
  1231     return cookie->decrypted ? PGP_STATUS_SUCCESS : PGP_STATUS_UNKNOWN_ERROR;
  1232 }
  1233 
  1234 static pgp_status_t
  1235 check_signatures_cb(void *cookie_opaque, pgp_message_structure_t structure)
  1236 {
  1237     struct decrypt_cookie *cookie = cookie_opaque;
  1238 
  1239     pgp_message_structure_iter_t iter
  1240         = pgp_message_structure_iter (structure);
  1241     for (pgp_message_layer_t layer = pgp_message_structure_iter_next (iter);
  1242          layer;
  1243          layer = pgp_message_structure_iter_next (iter)) {
  1244         pgp_verification_result_iter_t results;
  1245 
  1246         switch (pgp_message_layer_variant (layer)) {
  1247         case PGP_MESSAGE_LAYER_COMPRESSION:
  1248         case PGP_MESSAGE_LAYER_ENCRYPTION:
  1249             break;
  1250 
  1251         case PGP_MESSAGE_LAYER_SIGNATURE_GROUP:
  1252             pgp_message_layer_signature_group(layer, &results);
  1253             pgp_verification_result_t result;
  1254             while ((result = pgp_verification_result_iter_next (results))) {
  1255                 pgp_signature_t sig = NULL;
  1256                 pgp_keyid_t keyid = NULL;
  1257                 char *keyid_str = NULL;
  1258                 pgp_error_t error = NULL;
  1259                 char *error_str = NULL;
  1260 
  1261                 switch (pgp_verification_result_variant (result)) {
  1262                 case PGP_VERIFICATION_RESULT_GOOD_CHECKSUM: {
  1263                     // We need to add the fingerprint of the primary
  1264                     // key to cookie->signer_keylist.
  1265 
  1266                     pgp_cert_t cert = NULL;
  1267                     pgp_verification_result_good_checksum (result, &sig,
  1268                                                            &cert,
  1269                                                            NULL, // key
  1270                                                            NULL, // binding
  1271                                                            NULL); // revocation
  1272 
  1273                     // We need the primary key's fingerprint.
  1274                     pgp_fingerprint_t primary_fpr
  1275                         = pgp_cert_fingerprint(cert);
  1276                     char *primary_fpr_str
  1277                         = pgp_fingerprint_to_hex(primary_fpr);
  1278 
  1279                     stringlist_add_unique(cookie->signer_keylist,
  1280                                           primary_fpr_str);
  1281 
  1282                     T("Good signature from %s", primary_fpr_str);
  1283 
  1284                     free (primary_fpr_str);
  1285                     pgp_fingerprint_free (primary_fpr);
  1286                     pgp_cert_free (cert);
  1287 
  1288                     cookie->good_checksums ++;
  1289                     break;
  1290                 }
  1291 
  1292                 case PGP_VERIFICATION_RESULT_MALFORMED_SIGNATURE:
  1293                     if (TRACING) {
  1294                         pgp_verification_result_malformed_signature (result,
  1295                                                                      &sig,
  1296                                                                      &error);
  1297 
  1298                         error_str = pgp_error_to_string(error);
  1299                         keyid = pgp_signature_issuer (sig);
  1300                         keyid_str = pgp_keyid_to_string (keyid);
  1301                         T("Malformed signature from %s: %s",
  1302                           keyid_str, error_str);
  1303                     }
  1304 
  1305                     cookie->malformed_signature ++;
  1306                     break;
  1307 
  1308                 case PGP_VERIFICATION_RESULT_MISSING_KEY:
  1309                     if (TRACING) {
  1310                         pgp_verification_result_missing_key (result, &sig);
  1311                         keyid = pgp_signature_issuer (sig);
  1312                         keyid_str = pgp_keyid_to_string (keyid);
  1313                         T("No key to check signature from %s", keyid_str);
  1314                     }
  1315 
  1316                     cookie->missing_keys ++;
  1317                     break;
  1318 
  1319                 case PGP_VERIFICATION_RESULT_UNBOUND_KEY:
  1320                     // This happens if the key doesn't have a binding
  1321                     // signature.
  1322 
  1323                     if (TRACING) {
  1324                         pgp_verification_result_unbound_key (result,
  1325                                                              &sig,
  1326                                                              NULL,
  1327                                                              &error);
  1328 
  1329                         error_str = pgp_error_to_string(error);
  1330                         keyid = pgp_signature_issuer (sig);
  1331                         keyid_str = pgp_keyid_to_string (keyid);
  1332                         T("key %s has no valid self-signature: %s",
  1333                           keyid_str ? keyid_str : "(missing issuer)",
  1334                           error_str);
  1335                     }
  1336 
  1337                     cookie->unbound_key ++;
  1338                     break;
  1339 
  1340                 case PGP_VERIFICATION_RESULT_BAD_KEY: {
  1341                     // This happens if the certificate is not alive or
  1342                     // revoked, if the key is not alive or revoked, of
  1343                     // if the key is not signing capable.
  1344 
  1345                     pgp_cert_t cert = NULL;
  1346                     pgp_key_t key = NULL;
  1347                     pgp_signature_t selfsig = NULL;
  1348                     pgp_revocation_status_t rs = NULL;
  1349 
  1350                     pgp_verification_result_bad_key (result,
  1351                                                      &sig,
  1352                                                      &cert, // cert
  1353                                                      &key, // key
  1354                                                      &selfsig, // binding
  1355                                                      &rs, // key revocation
  1356                                                      &error);
  1357 
  1358                     if (TRACING) {
  1359                         error_str = pgp_error_to_string(error);
  1360                         keyid = pgp_signature_issuer (sig);
  1361                         keyid_str = pgp_keyid_to_string (keyid);
  1362                         T("key %s is bad: %s",
  1363                           keyid_str ? keyid_str : "(missing issuer)",
  1364                           error_str);
  1365                     }
  1366 
  1367                     // Check if the key or certificate is revoked.
  1368                     if (pgp_revocation_status_variant(rs)
  1369                         == PGP_REVOCATION_STATUS_REVOKED) {
  1370                         // Key is revoked.
  1371                         cookie->revoked_key ++;
  1372                     } else {
  1373                         pgp_revocation_status_free (rs);
  1374                         rs = pgp_cert_revoked (cert, cookie->session->policy, 0);
  1375                         if (pgp_revocation_status_variant(rs)
  1376                             == PGP_REVOCATION_STATUS_REVOKED) {
  1377                             // Cert is revoked.
  1378                             cookie->revoked_key ++;
  1379                         }
  1380                         // Check if the key or certificate is expired.
  1381                         else if (pgp_cert_alive(NULL, cert,
  1382                                                 cookie->session->policy, 0)
  1383                                  != PGP_STATUS_SUCCESS) {
  1384                             // Certificate is expired.
  1385                             cookie->expired_key ++;
  1386                             goto out;
  1387                         } else if (pgp_signature_key_alive (NULL, selfsig, key, 0)
  1388                                    != PGP_STATUS_SUCCESS) {
  1389                             // Key is expired.
  1390                             cookie->expired_key ++;
  1391                             goto out;
  1392                         }
  1393                         // Wrong key flags or something similar.
  1394                         else {
  1395                             cookie->bad_key ++;
  1396                         }
  1397                     }
  1398 
  1399                 out:
  1400                     pgp_revocation_status_free (rs);
  1401                     pgp_signature_free (selfsig);
  1402                     pgp_key_free (key);
  1403                     pgp_cert_free (cert);
  1404 
  1405                     break;
  1406                 }
  1407 
  1408                 case PGP_VERIFICATION_RESULT_BAD_SIGNATURE:
  1409                     if (TRACING) {
  1410                         pgp_verification_result_bad_signature
  1411                             (result, &sig, NULL, NULL, NULL, NULL, &error);
  1412                         error_str = pgp_error_to_string(error);
  1413                         keyid = pgp_signature_issuer (sig);
  1414                         if (keyid) {
  1415                             keyid_str = pgp_keyid_to_string (keyid);
  1416                             T("Bad signature from %s: %s",
  1417                               keyid_str, error_str);
  1418                         } else {
  1419                             T("Bad signature without issuer information: %s",
  1420                               error_str);
  1421                         }
  1422                     }
  1423 
  1424                     cookie->bad_checksums ++;
  1425                     break;
  1426 
  1427                 default:
  1428                     assert (! "reachable");
  1429                 }
  1430 
  1431                 free (keyid_str);
  1432                 pgp_signature_free (sig);
  1433                 free (error_str);
  1434                 pgp_error_free (error);
  1435                 pgp_verification_result_free (result);
  1436             }
  1437             pgp_verification_result_iter_free (results);
  1438             break;
  1439 
  1440         default:
  1441             assert (! "reachable");
  1442         }
  1443 
  1444         pgp_message_layer_free (layer);
  1445     }
  1446 
  1447     pgp_message_structure_iter_free (iter);
  1448     pgp_message_structure_free (structure);
  1449 
  1450     return PGP_STATUS_SUCCESS;
  1451 }
  1452 
  1453 static pgp_status_t inspect_cb(
  1454     void *cookie_opaque, pgp_packet_parser_t pp)
  1455 {
  1456     struct decrypt_cookie *cookie = cookie_opaque;
  1457 
  1458     pgp_packet_t packet = pgp_packet_parser_packet(pp);
  1459     assert(packet);
  1460 
  1461     pgp_tag_t tag = pgp_packet_tag(packet);
  1462 
  1463     T("%s", pgp_tag_to_string(tag));
  1464 
  1465     if (tag == PGP_TAG_LITERAL) {
  1466         pgp_literal_t literal = pgp_packet_ref_literal(packet);
  1467         cookie->filename = pgp_literal_filename(literal);
  1468         pgp_literal_free(literal);
  1469     }
  1470 
  1471     pgp_packet_free(packet);
  1472 
  1473     return 0;
  1474 }
  1475 
  1476 PEP_STATUS pgp_decrypt_and_verify(
  1477     PEP_SESSION session, const char *ctext, size_t csize,
  1478     const char *dsigtext, size_t dsigsize,
  1479     char **ptext, size_t *psize, stringlist_t **keylist,
  1480     char** filename_ptr)
  1481 {
  1482     PEP_STATUS status = PEP_STATUS_OK;
  1483     struct decrypt_cookie cookie = { session, 0, NULL, NULL, 0, 0, 0, 0, 0, 0, 0, 0, 0, NULL };
  1484     pgp_reader_t reader = NULL;
  1485     pgp_writer_t writer = NULL;
  1486     pgp_reader_t decryptor = NULL;
  1487     *ptext = NULL;
  1488     *psize = 0;
  1489 
  1490     // XXX: We don't yet handle detached signatures over encrypted
  1491     // messages.
  1492     assert(!dsigtext);
  1493 
  1494     cookie.recipient_keylist = new_stringlist(NULL);
  1495     if (!cookie.recipient_keylist)
  1496         ERROR_OUT(NULL, PEP_OUT_OF_MEMORY, "recipient_keylist");
  1497 
  1498     cookie.signer_keylist = new_stringlist(NULL);
  1499     if (!cookie.signer_keylist)
  1500         ERROR_OUT(NULL, PEP_OUT_OF_MEMORY, "signer_keylist");
  1501 
  1502     reader = pgp_reader_from_bytes((const uint8_t *) ctext, csize);
  1503     if (! reader)
  1504         ERROR_OUT(NULL, PEP_OUT_OF_MEMORY, "Creating reader");
  1505 
  1506     writer = pgp_writer_alloc((void **) ptext, psize);
  1507     if (! writer)
  1508         ERROR_OUT(NULL, PEP_UNKNOWN_ERROR, "Creating writer");
  1509 
  1510     pgp_error_t err = NULL;
  1511     decryptor = pgp_decryptor_new(&err, session->policy, reader,
  1512                                   get_public_keys_cb, decrypt_cb,
  1513                                   check_signatures_cb, inspect_cb,
  1514                                   &cookie, 0);
  1515     if (! decryptor)
  1516         ERROR_OUT(err, PEP_DECRYPT_NO_KEY, "pgp_decryptor_new");
  1517 
  1518     // Copy 128 MB at a time.
  1519     ssize_t nread;
  1520     while ((nread = pgp_reader_copy (&err, decryptor, writer,
  1521                                      128 * 1024 * 1024) > 0))
  1522         ;
  1523     if (nread < 0)
  1524         ERROR_OUT(err, PEP_UNKNOWN_ERROR, "pgp_reader_read");
  1525 
  1526     // Add a terminating NUL for naive users
  1527     pgp_writer_write(&err, writer, (const uint8_t *) &""[0], 1);
  1528 
  1529     if (! cookie.decrypted)
  1530         ERROR_OUT(err, PEP_DECRYPT_NO_KEY, "Decryption failed");
  1531 
  1532     if (! cookie.signer_keylist) {
  1533         cookie.signer_keylist = new_stringlist("");
  1534         if (! cookie.signer_keylist)
  1535             ERROR_OUT(NULL, PEP_OUT_OF_MEMORY, "cookie.signer_keylist");
  1536     }
  1537     if (!cookie.signer_keylist->value)
  1538         stringlist_add(cookie.signer_keylist, "");
  1539 
  1540     *keylist = cookie.signer_keylist;
  1541     stringlist_append(*keylist, cookie.recipient_keylist);
  1542 
  1543     if (filename_ptr)
  1544         *filename_ptr = cookie.filename;
  1545 
  1546  out:
  1547     if (status == PEP_STATUS_OK) {
  1548         // **********************************
  1549         // Sync changes with pgp_verify_text.
  1550         // **********************************
  1551 
  1552         if (cookie.good_checksums) {
  1553             // If there is at least one signature that we can verify,
  1554             // succeed.
  1555             status = PEP_DECRYPTED_AND_VERIFIED;
  1556         } else if (cookie.revoked_key) {
  1557             // If there are any signatures from revoked keys, fail.
  1558             status = PEP_VERIFY_SIGNER_KEY_REVOKED;
  1559         } else if (cookie.expired_key) {
  1560             // If there are any signatures from expired keys, fail.
  1561             status = PEP_DECRYPTED;
  1562         } else if (cookie.bad_key) {
  1563             // If there are any signatures from invalid keys (keys
  1564             // that are not signing capable), fail.
  1565             status = PEP_DECRYPTED;
  1566         } else if (cookie.bad_checksums) {
  1567             // If there are any bad signatures, fail.
  1568             status = PEP_DECRYPT_SIGNATURE_DOES_NOT_MATCH;
  1569         } else {
  1570             // We couldn't verify any signatures (possibly because we
  1571             // don't have the keys).
  1572             status = PEP_DECRYPTED;
  1573         }
  1574     } else {
  1575         free_stringlist(cookie.recipient_keylist);
  1576         free_stringlist(cookie.signer_keylist);
  1577         free(cookie.filename);
  1578         free(*ptext);
  1579     }
  1580 
  1581     pgp_reader_free(reader);
  1582     pgp_reader_free(decryptor);
  1583     pgp_writer_free(writer);
  1584 
  1585     T("-> %s", pEp_status_to_string(status));
  1586     return status;
  1587 }
  1588 
  1589 PEP_STATUS pgp_verify_text(
  1590     PEP_SESSION session, const char *text, size_t size,
  1591     const char *signature, size_t sig_size, stringlist_t **keylist)
  1592 {
  1593     PEP_STATUS status = PEP_STATUS_OK;
  1594     pgp_error_t err = NULL;
  1595     struct decrypt_cookie cookie = { session, 0, NULL, NULL, 0, 0, 0, };
  1596     pgp_reader_t reader = NULL;
  1597     pgp_reader_t dsig_reader = NULL;
  1598     pgp_reader_t verifier = NULL;
  1599 
  1600     if (size == 0 || sig_size == 0)
  1601         return PEP_DECRYPT_WRONG_FORMAT;
  1602 
  1603 #if TRACING > 0
  1604     {
  1605         int cr = 0;
  1606         int crlf = 0;
  1607         int lf = 0;
  1608 
  1609         for (int i = 0; i < size; i ++) {
  1610             // CR
  1611             if (text[i] == '\r') {
  1612                 cr ++;
  1613             }
  1614             // LF
  1615             if (text[i] == '\n') {
  1616                 if (i > 0 && text[i - 1] == '\r') {
  1617                     cr --;
  1618                     crlf ++;
  1619                 } else {
  1620                     lf ++;
  1621                 }
  1622             }
  1623         }
  1624 
  1625         T("Text to verify: %zd bytes with %d crlfs, %d bare crs and %d bare lfs",
  1626           size, crlf, cr, lf);
  1627     }
  1628 #endif
  1629 
  1630     cookie.recipient_keylist = new_stringlist(NULL);
  1631     if (!cookie.recipient_keylist)
  1632         ERROR_OUT(NULL, PEP_OUT_OF_MEMORY, "out of memory");
  1633 
  1634     cookie.signer_keylist = new_stringlist(NULL);
  1635     if (!cookie.signer_keylist)
  1636         ERROR_OUT(NULL, PEP_OUT_OF_MEMORY, "out of memory");
  1637 
  1638     reader = pgp_reader_from_bytes((const uint8_t *) text, size);
  1639     if (! reader)
  1640         ERROR_OUT(NULL, PEP_OUT_OF_MEMORY, "Creating reader");
  1641 
  1642     dsig_reader = NULL;
  1643     if (signature) {
  1644         dsig_reader = pgp_reader_from_bytes((uint8_t *) signature, sig_size);
  1645         if (! dsig_reader)
  1646             ERROR_OUT(NULL, PEP_OUT_OF_MEMORY, "Creating signature reader");
  1647     }
  1648 
  1649     if (dsig_reader)
  1650         verifier = pgp_detached_verifier_new(&err, session->policy,
  1651                                              dsig_reader, reader,
  1652                                              get_public_keys_cb,
  1653                                              check_signatures_cb,
  1654                                              &cookie, 0);
  1655     else
  1656         verifier = pgp_verifier_new(&err, session->policy, reader,
  1657                                     get_public_keys_cb,
  1658                                     check_signatures_cb,
  1659                                     &cookie, 0);
  1660     if (! verifier)
  1661         ERROR_OUT(err, PEP_UNKNOWN_ERROR, "Creating verifier");
  1662     if (pgp_reader_discard(&err, verifier) < 0)
  1663         ERROR_OUT(err, PEP_UNKNOWN_ERROR, "verifier");
  1664 
  1665     if (! cookie.signer_keylist) {
  1666         cookie.signer_keylist = new_stringlist("");
  1667         if (! cookie.signer_keylist)
  1668             ERROR_OUT(NULL, PEP_OUT_OF_MEMORY, "cookie.signer_keylist");
  1669     }
  1670     if (!cookie.signer_keylist->value)
  1671         stringlist_add(cookie.signer_keylist, "");
  1672 
  1673     *keylist = cookie.signer_keylist;
  1674     stringlist_append(*keylist, cookie.recipient_keylist);
  1675 
  1676  out:
  1677     if (status == PEP_STATUS_OK) {
  1678         // *****************************************
  1679         // Sync changes with pgp_decrypt_and_verify.
  1680         // *****************************************
  1681 
  1682         if (cookie.good_checksums) {
  1683             // If there is at least one signature that we can verify,
  1684             // succeed.
  1685             status = PEP_VERIFIED;
  1686         } else if (cookie.revoked_key) {
  1687             // If there are any signatures from revoked keys, fail.
  1688             status = PEP_VERIFY_SIGNER_KEY_REVOKED;
  1689         } else if (cookie.expired_key) {
  1690             // If there are any signatures from expired keys, fail.
  1691             status = PEP_DECRYPTED;
  1692         } else if (cookie.bad_key) {
  1693             // If there are any signatures from invalid keys (keys
  1694             // that are not signing capable), fail.
  1695             status = PEP_DECRYPTED;
  1696         } else if (cookie.bad_checksums) {
  1697             // If there are any bad signatures, fail.
  1698             status = PEP_DECRYPT_SIGNATURE_DOES_NOT_MATCH;
  1699         } else {
  1700             // We couldn't verify any signatures (possibly because we
  1701             // don't have the keys).
  1702             status = PEP_UNENCRYPTED;
  1703         }
  1704     } else {
  1705         free_stringlist(cookie.recipient_keylist);
  1706         free_stringlist(cookie.signer_keylist);
  1707     }
  1708 
  1709     pgp_reader_free(verifier);
  1710     pgp_reader_free(reader);
  1711     pgp_reader_free(dsig_reader);
  1712 
  1713     T("-> %s", pEp_status_to_string(status));
  1714     return status;
  1715 }
  1716 
  1717 
  1718 PEP_STATUS pgp_sign_only(
  1719     PEP_SESSION session, const char* fpr, const char *ptext,
  1720     size_t psize, char **stext, size_t *ssize)
  1721 {
  1722     assert(session);
  1723     assert(fpr && fpr[0]);
  1724     assert(ptext);
  1725     assert(psize);
  1726     assert(stext);
  1727     assert(ssize);
  1728     *stext = NULL;
  1729     *ssize = 0;
  1730 
  1731     PEP_STATUS status = PEP_STATUS_OK;
  1732     pgp_error_t err = NULL;
  1733     pgp_cert_t signer_cert = NULL;
  1734     pgp_cert_valid_key_iter_t iter = NULL;
  1735     pgp_valid_key_amalgamation_t ka = NULL;
  1736     pgp_key_pair_t signing_keypair = NULL;
  1737     pgp_signer_t signer = NULL;
  1738     pgp_writer_stack_t ws = NULL;
  1739 
  1740     status = cert_find_by_fpr_hex(session, fpr, true, &signer_cert, NULL);
  1741     ERROR_OUT(NULL, status, "Looking up key '%s'", fpr);
  1742 
  1743     iter = pgp_cert_valid_key_iter(signer_cert, session->policy, 0);
  1744     pgp_cert_valid_key_iter_alive(iter);
  1745     pgp_cert_valid_key_iter_revoked(iter, false);
  1746     pgp_cert_valid_key_iter_for_signing (iter);
  1747     pgp_cert_valid_key_iter_unencrypted_secret (iter);
  1748 
  1749     // If there are multiple signing capable subkeys, we just take
  1750     // the first one, whichever one that happens to be.
  1751     ka = pgp_cert_valid_key_iter_next (iter, NULL, NULL);
  1752     if (! ka)
  1753         ERROR_OUT (err, PEP_UNKNOWN_ERROR,
  1754                    "%s has no signing capable key", fpr);
  1755 
  1756     // pgp_key_into_key_pair needs to own the key, but here we
  1757     // only get a reference (which we still need to free).
  1758     pgp_key_t key = pgp_valid_key_amalgamation_key (ka);
  1759     signing_keypair = pgp_key_into_key_pair (NULL, pgp_key_clone (key));
  1760     pgp_key_free (key);
  1761     if (! signing_keypair)
  1762         ERROR_OUT (err, PEP_UNKNOWN_ERROR, "Creating a keypair");
  1763 
  1764     signer = pgp_key_pair_as_signer (signing_keypair);
  1765     if (! signer)
  1766         ERROR_OUT (err, PEP_UNKNOWN_ERROR, "Creating a signer");
  1767 
  1768 
  1769     pgp_writer_t writer = pgp_writer_alloc((void **) stext, ssize);
  1770     writer = pgp_armor_writer_new(&err, writer,
  1771                                   PGP_ARMOR_KIND_MESSAGE, NULL, 0);
  1772     if (!writer)
  1773         ERROR_OUT(err, PEP_UNKNOWN_ERROR, "Setting up armor writer");
  1774 
  1775     ws = pgp_writer_stack_message(writer);
  1776 
  1777     ws = pgp_signer_new_detached(&err, ws, &signer, 1, 0);
  1778     if (!ws)
  1779         ERROR_OUT(err, PEP_UNKNOWN_ERROR, "Setting up signer");
  1780     // pgp_signer_new_detached consumes signer.
  1781     signer = NULL;
  1782 
  1783     pgp_status_t write_status =
  1784         pgp_writer_stack_write_all (&err, ws,
  1785                                     (uint8_t *) ptext, psize);
  1786     if (write_status != 0)
  1787         ERROR_OUT(err, PEP_UNKNOWN_ERROR, "Encrypting message");
  1788 
  1789     pgp_status_t pgp_status = pgp_writer_stack_finalize (&err, ws);
  1790     ws = NULL;
  1791     if (pgp_status != 0)
  1792         ERROR_OUT(err, PEP_UNKNOWN_ERROR, "Flushing writer");
  1793 
  1794     pgp_status = pgp_armor_writer_finalize (&err, writer);
  1795     if (pgp_status != 0)
  1796         ERROR_OUT(err, PEP_UNKNOWN_ERROR, "Flushing armor writer");
  1797 
  1798     // Add a terminating NUL for naive users
  1799     void *t = realloc(*stext, *ssize + 1);
  1800     if (! t)
  1801         ERROR_OUT(NULL, PEP_OUT_OF_MEMORY, "out of memory");
  1802     *stext = t;
  1803     (*stext)[*ssize] = 0;
  1804 
  1805  out:
  1806     pgp_signer_free (signer);
  1807     // XXX: pgp_key_pair_as_signer is only supposed to reference
  1808     // signing_keypair, but it consumes it.  If this is fixed, this
  1809     // will become a leak.
  1810     //
  1811     //pgp_key_pair_free (signing_keypair);
  1812     pgp_valid_key_amalgamation_free (ka);
  1813     pgp_cert_valid_key_iter_free (iter);
  1814     pgp_cert_free(signer_cert);
  1815 
  1816     T("(%s)-> %s", fpr, pEp_status_to_string(status));
  1817     return status;
  1818 }
  1819 
  1820 static PEP_STATUS pgp_encrypt_sign_optional(
  1821     PEP_SESSION session, const stringlist_t *keylist, const char *ptext,
  1822     size_t psize, char **ctext, size_t *csize, bool sign)
  1823 {
  1824     PEP_STATUS status = PEP_STATUS_OK;
  1825     pgp_error_t err = NULL;
  1826 
  1827     int recipient_cert_count = 0;
  1828     pgp_cert_t *recipient_certs = NULL;
  1829 
  1830     int recipient_count = 0;
  1831     int recipient_alloc = 0;
  1832     pgp_recipient_t *recipients = NULL;
  1833     int recipient_keys_count = 0;
  1834     pgp_key_t *recipient_keys = NULL;
  1835 
  1836     pgp_cert_t signer_cert = NULL;
  1837     pgp_writer_stack_t ws = NULL;
  1838     pgp_cert_valid_key_iter_t iter = NULL;
  1839     pgp_valid_key_amalgamation_t ka = NULL;
  1840     pgp_key_pair_t signing_keypair = NULL;
  1841     pgp_signer_t signer = NULL;
  1842 
  1843     assert(session);
  1844     assert(keylist);
  1845     assert(ptext);
  1846     assert(psize);
  1847     assert(ctext);
  1848     assert(csize);
  1849 
  1850     *ctext = NULL;
  1851     *csize = 0;
  1852 
  1853     int keylist_len = stringlist_length(keylist);
  1854 
  1855     // We don't need to worry about extending recipient_certs, because
  1856     // there will be at most KEYLIST_LEN certs, which we allocate up
  1857     // front.
  1858     recipient_certs = calloc(keylist_len, sizeof(*recipient_certs));
  1859     if (recipient_certs == NULL)
  1860         ERROR_OUT(NULL, PEP_OUT_OF_MEMORY, "out of memory");
  1861 
  1862     // Because there may be multiple encryption keys per certificate, we may
  1863     // need to extend recipient_keys and recipients.
  1864     recipient_alloc = keylist_len;
  1865     recipient_keys = calloc(recipient_alloc, sizeof(*recipient_keys));
  1866     if (recipient_keys == NULL)
  1867         ERROR_OUT(NULL, PEP_OUT_OF_MEMORY, "out of memory");
  1868 
  1869     recipients = calloc(recipient_alloc, sizeof(*recipients));
  1870     if (recipients == NULL)
  1871         ERROR_OUT(NULL, PEP_OUT_OF_MEMORY, "out of memory");
  1872 
  1873 
  1874     // Get the keys for the recipients.
  1875     const stringlist_t *_keylist;
  1876     for (_keylist = keylist; _keylist != NULL; _keylist = _keylist->next) {
  1877         assert(_keylist->value);
  1878 
  1879         pgp_cert_t cert;
  1880         status = cert_find_by_fpr_hex(session, _keylist->value,
  1881                                      false, &cert, NULL);
  1882         // We couldn't find a key for this recipient.
  1883         ERROR_OUT(NULL, status,
  1884                   "Looking up key for recipient '%s'", _keylist->value);
  1885 
  1886         recipient_certs[recipient_cert_count ++] = cert;
  1887 
  1888         // Collect all of the keys that have the encryption for
  1889         // transport capability.
  1890         iter = pgp_cert_valid_key_iter(cert, session->policy, 0);
  1891         if (! iter)
  1892             ERROR_OUT(NULL, PEP_OUT_OF_MEMORY, "out of memory");
  1893         pgp_cert_valid_key_iter_alive(iter);
  1894         pgp_cert_valid_key_iter_revoked(iter, false);
  1895         pgp_cert_valid_key_iter_for_transport_encryption(iter);
  1896 
  1897         while ((ka = pgp_cert_valid_key_iter_next (iter, NULL, NULL))) {
  1898             assert(recipient_count == recipient_keys_count);
  1899             if (recipient_count == recipient_alloc) {
  1900                 assert(recipient_alloc > 0);
  1901                 recipient_alloc *= 2;
  1902 
  1903                 void *t = _pEp_reallocarray(recipient_keys, recipient_alloc,
  1904                                             sizeof(*recipient_keys));
  1905                 if (! t)
  1906                     ERROR_OUT(NULL, PEP_OUT_OF_MEMORY, "out of memory");
  1907                 recipient_keys = t;
  1908 
  1909                 t = _pEp_reallocarray(recipients, recipient_alloc,
  1910                                       sizeof(*recipients));
  1911                 if (! t)
  1912                     ERROR_OUT(NULL, PEP_OUT_OF_MEMORY, "out of memory");
  1913                 recipients = t;
  1914             }
  1915 
  1916             // pgp_valid_key_amalgamation_key returns a reference to
  1917             // ka.  We need to keep it around after this iteration.
  1918             // So, we clone it.  Unfortunately, although
  1919             // pgp_recipient_new consumes the passed key id, it only
  1920             // references the key.  So, we need to remember to free it
  1921             // at the end.
  1922             pgp_key_t key = pgp_valid_key_amalgamation_key (ka);
  1923             recipient_keys[recipient_keys_count ++] = pgp_key_clone (key);
  1924             pgp_key_free (key);
  1925 
  1926             pgp_keyid_t keyid = pgp_key_keyid(recipient_keys[recipient_keys_count - 1]);
  1927             if (! keyid)
  1928                 ERROR_OUT(NULL, PEP_OUT_OF_MEMORY, "out of memory");
  1929 
  1930             recipients[recipient_count++] = pgp_recipient_new(keyid, recipient_keys[recipient_keys_count - 1]);
  1931 
  1932             pgp_valid_key_amalgamation_free (ka);
  1933         }
  1934         pgp_cert_valid_key_iter_free(iter);
  1935         iter = NULL;
  1936     }
  1937 
  1938     if (sign) {
  1939         // The first key in the keylist is the signer.
  1940         status = cert_find_by_fpr_hex(session, keylist->value, true, &signer_cert, NULL);
  1941         ERROR_OUT(NULL, status, "Looking up key for signing '%s'", keylist->value);
  1942     }
  1943 
  1944     pgp_writer_t writer_alloc = pgp_writer_alloc((void **) ctext, csize);
  1945     pgp_writer_t writer = pgp_armor_writer_new(&err, writer_alloc,
  1946                                   PGP_ARMOR_KIND_MESSAGE, NULL, 0);
  1947     if (!writer)
  1948         ERROR_OUT(err, PEP_UNKNOWN_ERROR, "Setting up armor writer");
  1949 
  1950     ws = pgp_writer_stack_message(writer);
  1951     ws = pgp_encryptor_new (&err, ws,
  1952                             NULL, 0, recipients, recipient_count,
  1953                             0, 0);
  1954     if (!ws)
  1955         ERROR_OUT(err, PEP_UNKNOWN_ERROR, "Setting up encryptor");
  1956 
  1957     // pgp_encrypt_new consumes the recipients (but not the keys).
  1958     recipient_count = 0;
  1959 
  1960     if (sign) {
  1961         iter = pgp_cert_valid_key_iter(signer_cert, session->policy, 0);
  1962         pgp_cert_valid_key_iter_alive(iter);
  1963         pgp_cert_valid_key_iter_revoked(iter, false);
  1964         pgp_cert_valid_key_iter_for_signing (iter);
  1965         pgp_cert_valid_key_iter_unencrypted_secret (iter);
  1966 
  1967         // If there are multiple signing capable subkeys, we just take
  1968         // the first one, whichever one that happens to be.
  1969         ka = pgp_cert_valid_key_iter_next (iter, NULL, NULL);
  1970         if (! ka)
  1971             ERROR_OUT (err, PEP_UNKNOWN_ERROR,
  1972                        "%s has no signing capable key", keylist->value);
  1973 
  1974         // pgp_key_into_key_pair needs to own the key, but here we
  1975         // only get a reference (which we still need to free).
  1976         pgp_key_t key = pgp_valid_key_amalgamation_key (ka);
  1977         signing_keypair = pgp_key_into_key_pair (NULL, pgp_key_clone (key));
  1978         pgp_key_free (key);
  1979         if (! signing_keypair)
  1980             ERROR_OUT (err, PEP_UNKNOWN_ERROR, "Creating a keypair");
  1981 
  1982         signer = pgp_key_pair_as_signer (signing_keypair);
  1983         if (! signer)
  1984             ERROR_OUT (err, PEP_UNKNOWN_ERROR, "Creating a signer");
  1985 
  1986         ws = pgp_signer_new(&err, ws, &signer, 1, 0);
  1987         if (!ws)
  1988             ERROR_OUT(err, PEP_UNKNOWN_ERROR, "Setting up signer");
  1989         // pgp_signer_new consumes signer.
  1990         signer = NULL;
  1991     }
  1992 
  1993     ws = pgp_literal_writer_new (&err, ws);
  1994     if (!ws)
  1995         ERROR_OUT(err, PEP_UNKNOWN_ERROR, "Setting up literal writer");
  1996 
  1997     pgp_status_t write_status =
  1998         pgp_writer_stack_write_all (&err, ws,
  1999                                     (uint8_t *) ptext, psize);
  2000     if (write_status != 0)
  2001         ERROR_OUT(err, PEP_UNKNOWN_ERROR, "Encrypting message");
  2002 
  2003     pgp_status_t pgp_status = pgp_writer_stack_finalize (&err, ws);
  2004     ws = NULL;
  2005     if (pgp_status != 0)
  2006         ERROR_OUT(err, PEP_UNKNOWN_ERROR, "Flushing writer");
  2007 
  2008     pgp_status = pgp_armor_writer_finalize (&err, writer);
  2009     if (pgp_status != 0)
  2010         ERROR_OUT(err, PEP_UNKNOWN_ERROR, "Flushing armor writer");
  2011 
  2012     pgp_writer_free (writer_alloc);
  2013 
  2014     // Add a terminating NUL for naive users
  2015     void *t = realloc(*ctext, *csize + 1);
  2016     if (! t) {
  2017         free(*ctext);
  2018         *ctext = NULL;
  2019         ERROR_OUT(NULL, PEP_OUT_OF_MEMORY, "out of memory");
  2020     }
  2021     *ctext = t;
  2022     (*ctext)[*csize] = 0;
  2023 
  2024  out:
  2025     pgp_signer_free (signer);
  2026     // XXX: pgp_key_pair_as_signer is only supposed to reference
  2027     // signing_keypair, but it consumes it.  If this is fixed, this
  2028     // will become a leak.
  2029     //
  2030     // pgp_key_pair_free (signing_keypair);
  2031     pgp_valid_key_amalgamation_free (ka);
  2032     pgp_cert_valid_key_iter_free (iter);
  2033     pgp_cert_free(signer_cert);
  2034 
  2035     for (int i = 0; i < recipient_count; i ++)
  2036         pgp_recipient_free(recipients[i]);
  2037     free(recipients);
  2038     for (int i = 0; i < recipient_keys_count; i ++)
  2039         pgp_key_free(recipient_keys[i]);
  2040     free(recipient_keys);
  2041     for (int i = 0; i < recipient_cert_count; i ++)
  2042         pgp_cert_free(recipient_certs[i]);
  2043     free(recipient_certs);
  2044 
  2045     T("-> %s", pEp_status_to_string(status));
  2046     return status;
  2047 }
  2048 
  2049 PEP_STATUS pgp_encrypt_only(
  2050     PEP_SESSION session, const stringlist_t *keylist, const char *ptext,
  2051     size_t psize, char **ctext, size_t *csize)
  2052 {
  2053     return pgp_encrypt_sign_optional(session, keylist, ptext,
  2054         psize, ctext, csize, false);
  2055 }
  2056 
  2057 PEP_STATUS pgp_encrypt_and_sign(
  2058     PEP_SESSION session, const stringlist_t *keylist, const char *ptext,
  2059     size_t psize, char **ctext, size_t *csize)
  2060 {
  2061     return pgp_encrypt_sign_optional(session, keylist, ptext,
  2062         psize, ctext, csize, true);
  2063 }
  2064 
  2065 static char* _filter_parentheses(const char* input) {
  2066     if (!input)
  2067         return NULL;
  2068     
  2069     int input_len = strlen(input) + 1;
  2070     char* retval = calloc(input_len, 1);
  2071     strlcpy(retval, input, input_len);
  2072 
  2073     char* curr_c;
  2074     
  2075     for (curr_c = retval; curr_c && *curr_c != '\0'; curr_c++) {
  2076         switch(*curr_c) {
  2077             case '(':
  2078                 *curr_c = '[';
  2079                 break;
  2080             case ')':
  2081                 *curr_c = ']';
  2082                 break;
  2083             default:
  2084                 break;
  2085         }
  2086     }  
  2087     
  2088     return retval;
  2089 }
  2090 
  2091 static char* _flatten_to_alphanum(const char* input) {
  2092     if (!input)
  2093         return NULL;
  2094     
  2095     int input_len = strlen(input) + 1;
  2096     char* retval = calloc(input_len, 1);
  2097     strlcpy(retval, input, input_len);
  2098 
  2099     char* curr_c;
  2100     
  2101     for (curr_c = retval; curr_c && *curr_c != '\0'; curr_c++) {
  2102         char c = *curr_c;
  2103 
  2104         if (c == ' ' || (c >= 'A' && c <= 'Z') || 
  2105                         (c >= 'a' && c <= 'z') ||
  2106                         (c >= '0' && c <= '9'))
  2107             continue;           
  2108 
  2109         *curr_c = '_';
  2110     }  
  2111     
  2112     return retval;
  2113 }
  2114 
  2115 PEP_STATUS _pgp_generate_keypair(PEP_SESSION session, pEp_identity *identity, time_t when)
  2116 {
  2117     PEP_STATUS status = PEP_STATUS_OK;
  2118     pgp_error_t err = NULL;
  2119     pgp_packet_t userid_packet = NULL;
  2120     char *userid = NULL;
  2121     pgp_cert_t cert = NULL;
  2122     pgp_fingerprint_t pgp_fpr = NULL;
  2123     char *fpr = NULL;
  2124 
  2125     assert(session);
  2126     assert(identity);
  2127     assert(identity->address);
  2128     assert(identity->fpr == NULL || identity->fpr[0] == 0);
  2129 //    assert(identity->username);
  2130 
  2131     char* cached_username = identity->username;
  2132     
  2133     if (identity->username && strcmp(identity->address, identity->username) == 0) {
  2134         cached_username = identity->username;
  2135         identity->username = NULL;
  2136     }
  2137     
  2138 
  2139     userid_packet = pgp_user_id_from_unchecked_address(&err,
  2140                                                        identity->username, NULL,
  2141                                                        identity->address);           
  2142                                                    
  2143     if (!userid_packet) {
  2144         char* tmpname = _filter_parentheses(identity->username);
  2145         userid_packet = pgp_user_id_from_unchecked_address(&err,
  2146                                                            tmpname, NULL,
  2147                                                            identity->address);               
  2148         free(tmpname);                                                   
  2149     }
  2150 
  2151     if (!userid_packet) {
  2152         char* tmpname = _flatten_to_alphanum(identity->username);
  2153         userid_packet = pgp_user_id_from_unchecked_address(&err,
  2154                                                            tmpname, NULL,
  2155                                                            identity->address);               
  2156         free(tmpname);                                                           
  2157     }
  2158                                             
  2159     identity->username = cached_username;                                                   
  2160     
  2161     if (!userid_packet)
  2162         ERROR_OUT(err, PEP_UNKNOWN_ERROR, "pgp_user_id_from_unchecked_address");
  2163 
  2164     size_t userid_len = 0;
  2165     const uint8_t *raw = pgp_user_id_value(userid_packet, &userid_len);
  2166 
  2167     // NUL terminate it.
  2168     userid = malloc(userid_len + 1);
  2169     if (!userid)
  2170         ERROR_OUT(NULL, PEP_OUT_OF_MEMORY, "out of memory");
  2171 
  2172     memcpy(userid, raw, userid_len);
  2173     userid[userid_len] = 0;
  2174 
  2175     T("(%s)", userid);
  2176 
  2177     // Generate a key.
  2178     pgp_cert_builder_t certb = pgp_cert_builder_general_purpose(
  2179         cipher_suite(session->cipher_suite), userid);
  2180 
  2181     pgp_cert_builder_set_creation_time(&certb, when);
  2182 
  2183     pgp_signature_t rev;
  2184     if (pgp_cert_builder_generate(&err, certb, &cert, &rev))
  2185         ERROR_OUT(err, PEP_CANNOT_CREATE_KEY, "Generating a key pair");
  2186 
  2187     // XXX: We should return this.
  2188     pgp_signature_free(rev);
  2189 
  2190     // Get the fingerprint.
  2191     pgp_fpr = pgp_cert_fingerprint(cert);
  2192     fpr = pgp_fingerprint_to_hex(pgp_fpr);
  2193 
  2194     status = cert_save(session, cert, NULL);
  2195     cert = NULL;
  2196     if (status != 0)
  2197         ERROR_OUT(NULL, PEP_CANNOT_CREATE_KEY, "saving TSK");
  2198 
  2199     free(identity->fpr);
  2200     identity->fpr = fpr;
  2201     fpr = NULL;
  2202 
  2203  out:
  2204     pgp_fingerprint_free(pgp_fpr);
  2205     free(fpr);
  2206     pgp_cert_free(cert);
  2207     free(userid);
  2208     pgp_packet_free(userid_packet);
  2209 
  2210     T("-> %s", pEp_status_to_string(status));
  2211     return status;
  2212 }
  2213 
  2214 PEP_STATUS pgp_generate_keypair(PEP_SESSION session, pEp_identity *identity)
  2215 {
  2216     return _pgp_generate_keypair(session, identity, 0);
  2217 }
  2218 
  2219 PEP_STATUS pgp_delete_keypair(PEP_SESSION session, const char *fpr_raw)
  2220 {
  2221     PEP_STATUS status = PEP_STATUS_OK;
  2222 
  2223     assert(session && fpr_raw && fpr_raw[0]);
  2224     if (!(session && fpr_raw && fpr_raw[0]))
  2225         ERROR_OUT(NULL, PEP_ILLEGAL_VALUE, "invalid arguments");
  2226 
  2227     char *fpr = pgp_fingerprint_canonicalize(fpr_raw);
  2228     if (! fpr)
  2229         ERROR_OUT(NULL, PEP_OUT_OF_MEMORY, "out of memory");
  2230 
  2231     T("Deleting %s", fpr);
  2232 
  2233     sqlite3_stmt *stmt = session->sq_sql.delete_keypair;
  2234     sqlite3_bind_text(stmt, 1, fpr, -1, free);
  2235 
  2236     int sqlite_result = sqlite3_step(stmt);
  2237     sqlite3_reset(stmt);
  2238     if (sqlite_result != SQLITE_DONE)
  2239         ERROR_OUT(NULL, PEP_CANNOT_DELETE_KEY,
  2240                   "deletion failed: %s", sqlite3_errmsg(session->key_db));
  2241 
  2242     sqlite_result = sqlite3_changes(session->key_db);
  2243     assert(sqlite_result >= 0 && sqlite_result < 2);
  2244     if (sqlite_result < 1)
  2245         ERROR_OUT(NULL, PEP_KEY_NOT_FOUND,
  2246                   "attempt to delete non-existent key: %s", fpr_raw);
  2247 
  2248  out:
  2249     return status;
  2250 }
  2251 
  2252 static unsigned int count_keydata_parts(const char* key_data, size_t size) {
  2253     unsigned int retval = 0;
  2254 
  2255     const char* pgp_begin = "-----BEGIN PGP";
  2256     size_t prefix_len = strlen(pgp_begin);
  2257     size_t size_remaining = size;
  2258 
  2259     while (key_data) {
  2260         if (size_remaining <= prefix_len || key_data[0] == '\0')
  2261             break;
  2262         key_data = strnstr(key_data, pgp_begin, size_remaining);
  2263         if (key_data) {
  2264             retval++;
  2265             key_data += prefix_len;
  2266             size_remaining -= prefix_len;
  2267         }
  2268     }
  2269     return retval;
  2270  }
  2271 
  2272 PEP_STATUS _pgp_import_keydata(PEP_SESSION session, const char *key_data,
  2273                               size_t size, identity_list **private_idents)
  2274 {
  2275     PEP_STATUS status = PEP_NO_KEY_IMPORTED;
  2276     pgp_error_t err;
  2277     pgp_cert_parser_t parser = NULL;
  2278 
  2279     if (private_idents)
  2280         *private_idents = NULL;
  2281         
  2282     T("parsing %zd bytes", size);
  2283 
  2284     pgp_packet_parser_result_t ppr
  2285         = pgp_packet_parser_from_bytes(&err, (uint8_t *) key_data, size);
  2286     if (! ppr)
  2287         ERROR_OUT(err, PEP_UNKNOWN_ERROR, "Creating packet parser");
  2288 
  2289     pgp_tag_t tag = pgp_packet_parser_result_tag(ppr);
  2290     switch (tag) {
  2291     case PGP_TAG_SIGNATURE: {
  2292         // The following asserts can't fail, because
  2293         // pgp_packet_parser_result_tag succeeded and the tag is
  2294         // right.
  2295         pgp_packet_parser_t pp = pgp_packet_parser_result_packet_parser (ppr);
  2296         assert(pp);
  2297 
  2298         pgp_packet_t packet = NULL;
  2299         if (pgp_packet_parser_next(&err, pp, &packet, &ppr))
  2300             ERROR_OUT(err, PEP_UNKNOWN_ERROR, "Getting signature packet");
  2301 
  2302         pgp_signature_t sig = pgp_packet_ref_signature (packet);
  2303         assert(sig);
  2304 
  2305         pgp_cert_t cert = NULL;
  2306 
  2307         pgp_fingerprint_t issuer_fpr = pgp_signature_issuer_fingerprint(sig);
  2308         if (issuer_fpr) {
  2309             char *issuer_fpr_hex = pgp_fingerprint_to_hex(issuer_fpr);
  2310             T("Importing a signature issued by %s", issuer_fpr_hex);
  2311 
  2312             status = cert_find_by_fpr_hex(session, issuer_fpr_hex,
  2313                                          false, &cert, NULL);
  2314             if (status && status != PEP_KEY_NOT_FOUND)
  2315                 DUMP_ERR(NULL, status, "Looking up %s", issuer_fpr_hex);
  2316 
  2317             free(issuer_fpr_hex);
  2318             pgp_fingerprint_free(issuer_fpr);
  2319         }
  2320 
  2321         if (! cert) {
  2322             pgp_keyid_t issuer = pgp_signature_issuer(sig);
  2323             if (issuer) {
  2324                 char *issuer_hex = pgp_keyid_to_hex(issuer);
  2325                 T("Importing a signature issued by %s", issuer_hex);
  2326 
  2327                 status = cert_find_by_keyid_hex(session, issuer_hex,
  2328                                                false, &cert, NULL);
  2329                 if (status && status != PEP_KEY_NOT_FOUND)
  2330                     DUMP_ERR(NULL, status, "Looking up %s", issuer_hex);
  2331 
  2332                 free(issuer_hex);
  2333                 pgp_keyid_free(issuer);
  2334             }
  2335         }
  2336 
  2337         // We need a packet.  sig is only a reference, so we just need
  2338         // to free it.
  2339         pgp_signature_free(sig);
  2340 
  2341         if (cert) {
  2342             T("Merging packet: %s", pgp_packet_debug(packet));
  2343 
  2344             cert = pgp_cert_merge_packets (&err, cert, &packet, 1);
  2345             if (! cert)
  2346                 ERROR_OUT(err, PEP_UNKNOWN_ERROR, "Merging signature");
  2347 
  2348             status = cert_save(session, cert, NULL);
  2349             if (status)
  2350                 ERROR_OUT(NULL, status, "saving merged CERT");
  2351             status = PEP_KEY_IMPORTED;
  2352         }
  2353         break;
  2354     }
  2355     case PGP_TAG_PUBLIC_KEY:
  2356     case PGP_TAG_SECRET_KEY: {
  2357         parser = pgp_cert_parser_from_packet_parser(ppr);
  2358         pgp_cert_t cert;
  2359         int count = 0;
  2360         err = NULL;
  2361         while ((cert = pgp_cert_parser_next(&err, parser))) {
  2362             count ++;
  2363 
  2364             T("#%d. CERT for %s, %s",
  2365               count, pgp_cert_primary_user_id(cert, session->policy, 0),
  2366               pgp_fingerprint_to_hex(pgp_cert_fingerprint(cert)));
  2367 
  2368             // If private_idents is not NULL and there is any private key
  2369             // material, it will be saved.
  2370             status = cert_save(session, cert, private_idents);
  2371             if (status == PEP_STATUS_OK)
  2372                 status = PEP_KEY_IMPORTED;
  2373             else
  2374                 ERROR_OUT(NULL, status, "saving certificate");
  2375         }
  2376         if (err || count == 0)
  2377             ERROR_OUT(err, PEP_UNKNOWN_ERROR, "parsing key data");
  2378         break;
  2379     }
  2380     default:
  2381         ERROR_OUT(NULL, PEP_NO_KEY_IMPORTED,
  2382                   "Can't import %s", pgp_tag_to_string(tag));
  2383         break;
  2384     }
  2385 
  2386  out:
  2387     pgp_cert_parser_free(parser);
  2388 
  2389     T("-> %s", pEp_status_to_string(status));
  2390     return status;
  2391 }
  2392 
  2393 PEP_STATUS pgp_import_keydata(PEP_SESSION session, const char *key_data,
  2394                               size_t size, identity_list **private_idents)
  2395 {
  2396 
  2397     const char* pgp_begin = "-----BEGIN PGP";
  2398     size_t prefix_len = strlen(pgp_begin);
  2399 
  2400     // Because we also import binary keys we have to be careful with this.
  2401     // 
  2402     if (strlen(key_data + prefix_len) > prefix_len) {
  2403         const char* subtract_junk = strnstr(key_data, pgp_begin, size);
  2404         // If it's not in there, we just try to import it as is...
  2405         if (subtract_junk) {
  2406             size -= (subtract_junk - key_data);
  2407             key_data = subtract_junk;
  2408         }    
  2409     }
  2410 
  2411     unsigned int keycount = count_keydata_parts(key_data, size);
  2412     if (keycount < 2)
  2413         return(_pgp_import_keydata(session, key_data, size, private_idents));
  2414 
  2415     unsigned int i;
  2416     const char* curr_begin;
  2417     size_t curr_size;
  2418 
  2419     identity_list* collected_idents = NULL;
  2420 
  2421     PEP_STATUS retval = PEP_KEY_IMPORTED;
  2422             
  2423     for (i = 0, curr_begin = key_data; i < keycount; i++) {
  2424         const char* next_begin = NULL;
  2425 
  2426         // This is assured to be OK because the count function above
  2427         // made sure that THIS round contains at least prefix_len chars
  2428         // We used strnstr to count, so we know that strstr will be ok.
  2429         if (strlen(curr_begin + prefix_len) > prefix_len)
  2430             next_begin = strstr(curr_begin + prefix_len, pgp_begin);
  2431 
  2432         if (next_begin)
  2433             curr_size = next_begin - curr_begin;
  2434         else
  2435             curr_size = (key_data + size) - curr_begin;
  2436 
  2437         PEP_STATUS curr_status = _pgp_import_keydata(session, curr_begin, curr_size, private_idents);
  2438         if (private_idents && *private_idents) {
  2439             if (!collected_idents)
  2440                 collected_idents = *private_idents;
  2441             else
  2442                 identity_list_join(collected_idents, *private_idents);
  2443             *private_idents = NULL;
  2444         }
  2445 
  2446         if (curr_status != retval) {
  2447             switch (curr_status) {
  2448                 case PEP_NO_KEY_IMPORTED:
  2449                 case PEP_KEY_NOT_FOUND:
  2450                 case PEP_UNKNOWN_ERROR:
  2451                     switch (retval) {
  2452                         case PEP_KEY_IMPORTED:
  2453                             retval = PEP_SOME_KEYS_IMPORTED;
  2454                             break;
  2455                         case PEP_UNKNOWN_ERROR:
  2456                             retval = curr_status;
  2457                             break;
  2458                         default:
  2459                             break;
  2460                     }
  2461                     break;
  2462                 case PEP_KEY_IMPORTED:
  2463                     retval = PEP_SOME_KEYS_IMPORTED;
  2464                 default:
  2465                     break;
  2466             }
  2467         }
  2468         curr_begin = next_begin;
  2469     }
  2470 
  2471     if (private_idents)
  2472         *private_idents = collected_idents;
  2473 
  2474     return retval;
  2475 }
  2476 
  2477 PEP_STATUS pgp_export_keydata(
  2478         PEP_SESSION session, const char *fpr, char **key_data, size_t *size,
  2479         bool secret)
  2480 {
  2481     PEP_STATUS status = PEP_STATUS_OK;
  2482     pgp_error_t err = NULL;
  2483     pgp_cert_t cert = NULL;
  2484     pgp_writer_t armor_writer = NULL;
  2485     pgp_writer_t memory_writer = NULL;
  2486 
  2487     assert(session);
  2488     assert(fpr);
  2489     assert(key_data);
  2490     assert(*key_data == NULL);
  2491     assert(size);
  2492 
  2493     *size = 0;
  2494 
  2495     T("(%s, %s)", fpr, secret ? "secret" : "public");
  2496 
  2497     // If the caller asks for a secret key and we only have a
  2498     // public key, then we return an error.
  2499     status = cert_find_by_fpr_hex(session, fpr, secret, &cert, NULL);
  2500     ERROR_OUT(NULL, status, "Looking up TSK for %s", fpr);
  2501 
  2502     memory_writer = pgp_writer_alloc((void **) key_data, size);
  2503     if (! memory_writer)
  2504         ERROR_OUT(NULL, PEP_UNKNOWN_ERROR, "creating memory writer");
  2505     armor_writer = pgp_armor_writer_new(&err, memory_writer,
  2506                                         PGP_ARMOR_KIND_PUBLICKEY, NULL, 0);
  2507     if (! armor_writer) {
  2508         ERROR_OUT(err, PEP_UNKNOWN_ERROR, "creating armored writer");
  2509     }
  2510 
  2511     if (secret) {
  2512         pgp_tsk_t tsk = pgp_cert_as_tsk(cert);
  2513         if (pgp_tsk_serialize(&err, tsk, armor_writer))
  2514             ERROR_OUT(err, PEP_UNKNOWN_ERROR, "serializing TSK");
  2515         pgp_tsk_free(tsk);
  2516     } else {
  2517         if (pgp_cert_serialize(&err, cert, armor_writer))
  2518             ERROR_OUT(err, PEP_UNKNOWN_ERROR, "serializing certificate");
  2519     }
  2520 
  2521     if (pgp_armor_writer_finalize(&err, armor_writer))
  2522         ERROR_OUT(NULL, PEP_UNKNOWN_ERROR, "flushing armored data");
  2523 
  2524 
  2525  out:
  2526     if (memory_writer) {
  2527         if (status == PEP_STATUS_OK) {
  2528             // Add a trailing NUL.
  2529             pgp_writer_write(NULL, memory_writer, (const uint8_t *) "", 1);
  2530         }
  2531 
  2532         pgp_writer_free(memory_writer);
  2533     }
  2534 
  2535     if (cert)
  2536         pgp_cert_free(cert);
  2537 
  2538     (*size)--;  // Sequoia is delivering the 0 byte at the end with size, but
  2539                 // pEp is expecting it without
  2540     T("(%s) -> %s", fpr, pEp_status_to_string(status));
  2541     return status;
  2542 }
  2543 
  2544 static char *_undot_address(const char* address) {
  2545     if (!address)
  2546         return NULL;
  2547 
  2548     int addr_len = strlen(address);
  2549     const char* at = memchr(address, '@', addr_len);
  2550 
  2551     if (!at)
  2552         at = address + addr_len;
  2553 
  2554     char* retval = calloc(1, addr_len + 1);
  2555 
  2556     const char* addr_curr = address;
  2557     char* retval_curr = retval;
  2558 
  2559     while (addr_curr < at) {
  2560         if (*addr_curr == '.') {
  2561             addr_curr++;
  2562             continue;
  2563         }
  2564         *retval_curr = *addr_curr;
  2565         retval_curr++;
  2566         addr_curr++;
  2567     }
  2568     if (*addr_curr == '@')
  2569         strcat(retval_curr, addr_curr);
  2570 
  2571     return retval;
  2572 }
  2573 
  2574 static stringpair_list_t *add_key(PEP_SESSION session,
  2575                                   stringpair_list_t *keyinfo_list,
  2576                                   stringlist_t* keylist,
  2577                                   pgp_cert_t cert, pgp_fingerprint_t fpr) {
  2578     bool revoked = false;
  2579     // Don't add revoked keys to the keyinfo_list.
  2580     if (keyinfo_list) {
  2581         pgp_revocation_status_t rs = pgp_cert_revoked(cert, session->policy, 0);
  2582         pgp_revocation_status_variant_t rsv = pgp_revocation_status_variant(rs);
  2583         pgp_revocation_status_free(rs);
  2584         if (rsv == PGP_REVOCATION_STATUS_REVOKED)
  2585             revoked = true;
  2586     }
  2587 
  2588     if (revoked && ! keylist)
  2589         return keyinfo_list;
  2590 
  2591     int dealloc_fpr = 0;
  2592     if (!fpr) {
  2593         dealloc_fpr = 1;
  2594         fpr = pgp_cert_fingerprint(cert);
  2595     }
  2596     char *fpr_str = pgp_fingerprint_to_hex(fpr);
  2597 
  2598     if (!revoked && keyinfo_list) {
  2599         char *user_id = pgp_cert_primary_user_id(cert, session->policy, 0);
  2600         if (user_id)
  2601             keyinfo_list = stringpair_list_add(keyinfo_list,
  2602                                                new_stringpair(fpr_str, user_id));
  2603         free(user_id);
  2604     }
  2605 
  2606     if (keylist)
  2607         keylist = stringlist_add(keylist, fpr_str);
  2608 
  2609     free(fpr_str);
  2610     if (dealloc_fpr)
  2611         pgp_fingerprint_free(fpr);
  2612 
  2613     return keyinfo_list;
  2614 }
  2615 
  2616 static PEP_STATUS list_keys(PEP_SESSION session,
  2617                             const char* pattern, int private_only,
  2618                             stringpair_list_t** keyinfo_list, stringlist_t** keylist)
  2619 {
  2620     PEP_STATUS status = PEP_STATUS_OK;
  2621     pgp_cert_t cert = NULL;
  2622     pgp_fingerprint_t fpr = NULL;
  2623 
  2624     T("('%s', private: %d)", pattern, private_only);
  2625 
  2626     stringpair_list_t* _keyinfo_list = NULL;
  2627     if (keyinfo_list) {
  2628         _keyinfo_list = new_stringpair_list(NULL);
  2629         if (!_keyinfo_list)
  2630             ERROR_OUT(NULL, PEP_OUT_OF_MEMORY, "new_stringpair_list");
  2631     }
  2632     stringlist_t* _keylist = NULL;
  2633     if (keylist) {
  2634         _keylist = new_stringlist(NULL);
  2635         if (!_keylist)
  2636             ERROR_OUT(NULL, PEP_OUT_OF_MEMORY, "new_string_list");
  2637     }
  2638 
  2639     // Trim any leading space.  This also makes it easier to recognize
  2640     // a string that is only whitespace.
  2641     while (*pattern == ' ')
  2642         pattern ++;
  2643 
  2644     if (strchr(pattern, '@') || strchr(pattern, ':')) {
  2645         // Looks like a mailbox or URI.
  2646         pgp_cert_t *certs = NULL;
  2647         int count = 0;
  2648         status = cert_find_by_email(session, pattern, private_only, &certs, &count);
  2649         ERROR_OUT(NULL, status, "Looking up '%s'", pattern);
  2650         for (int i = 0; i < count; i ++) {
  2651             add_key(session, _keyinfo_list, _keylist, certs[i], NULL);
  2652             pgp_cert_free(certs[i]);
  2653         }
  2654         free(certs);
  2655 
  2656         if (count == 0) {
  2657             // If match failed, check to see if we've got a dotted
  2658             // address in the pattern.  If so, try again without dots.
  2659             const char* dotpos = strstr(pattern, ".");
  2660             const char* atpos = strstr(pattern, "@");
  2661             if (dotpos && atpos && (dotpos < atpos)) {
  2662                 char* undotted = _undot_address(pattern);
  2663                 if (undotted) {
  2664                     PEP_STATUS status = list_keys(session, undotted, private_only,
  2665                                                   keyinfo_list, keylist);
  2666                     free(undotted);
  2667                     return status;
  2668                 }
  2669             }
  2670         }
  2671     } else if (// Only hex characters and spaces
  2672                pattern[strspn(pattern, "0123456789aAbBcCdDeEfF ")] == 0
  2673                // And a fair amount of them.
  2674                && strlen(pattern) >= 16) {
  2675         // Fingerprint.  Note: the pep engine never looks keys up by
  2676         // keyid, so we don't handle them.
  2677         fpr = pgp_fingerprint_from_hex(pattern);
  2678         status = cert_find_by_fpr(session, fpr, false, &cert, NULL);
  2679         ERROR_OUT(NULL, status, "Looking up key");
  2680         add_key(session, _keyinfo_list, _keylist, cert, fpr);
  2681     } else if (pattern[0] == 0) {
  2682         // Empty string.
  2683 
  2684         pgp_cert_t *certs = NULL;
  2685         int count = 0;
  2686         status = cert_all(session, private_only, &certs, &count);
  2687         ERROR_OUT(NULL, status, "Looking up '%s'", pattern);
  2688         for (int i = 0; i < count; i ++) {
  2689             add_key(session, _keyinfo_list, _keylist, certs[i], NULL);
  2690             pgp_cert_free(certs[i]);
  2691         }
  2692         free(certs);
  2693     } else {
  2694         T("unsupported pattern '%s'", pattern);
  2695     }
  2696 
  2697  out:
  2698     pgp_cert_free(cert);
  2699     pgp_fingerprint_free(fpr);
  2700 
  2701     if (status == PEP_KEY_NOT_FOUND)
  2702         status = PEP_STATUS_OK;
  2703 
  2704     if (status != PEP_STATUS_OK || (_keyinfo_list && !_keyinfo_list->value)) {
  2705         free_stringpair_list(_keyinfo_list);
  2706         _keyinfo_list = NULL;
  2707     }
  2708     if (keyinfo_list)
  2709         *keyinfo_list = _keyinfo_list;
  2710 
  2711     if (status != PEP_STATUS_OK || (_keylist && !_keylist->value)) {
  2712         free_stringlist(_keylist);
  2713         _keylist = NULL;
  2714     }
  2715     if (keylist)
  2716         *keylist = _keylist;
  2717 
  2718     int len = -1;
  2719     if (keylist)
  2720         len = stringlist_length(*keylist);
  2721     else if (keyinfo_list)
  2722         len = stringpair_list_length(*keyinfo_list);
  2723     T("(%s) -> %s (%d keys)", pattern, pEp_status_to_string(status), len);
  2724     return status;
  2725 }
  2726 
  2727 // pattern could be empty, an fpr, or a mailbox.
  2728 //
  2729 // keyinfo_list is a list of <fpr, openpgp userid> tuples for the
  2730 // matching keys.
  2731 //
  2732 // This function filters out revoked key, but not expired keys.
  2733 PEP_STATUS pgp_list_keyinfo(PEP_SESSION session,
  2734                             const char* pattern,
  2735                             stringpair_list_t** keyinfo_list)
  2736 {
  2737     return list_keys(session, pattern, false, keyinfo_list, NULL);
  2738 }
  2739 
  2740 PEP_STATUS pgp_recv_key(PEP_SESSION session, const char *pattern)
  2741 {
  2742     assert(!"pgp_recv_key not implemented");
  2743     return PEP_UNKNOWN_ERROR;
  2744 }
  2745 
  2746 // Unlike pgp_list_keyinfo, this function returns revoked keys.
  2747 PEP_STATUS pgp_find_keys(
  2748     PEP_SESSION session, const char *pattern, stringlist_t **keylist)
  2749 {
  2750     return list_keys(session, pattern, false, NULL, keylist);
  2751 }
  2752 
  2753 // Unlike pgp_list_keyinfo, this function returns revoked keys.
  2754 PEP_STATUS pgp_find_private_keys(
  2755     PEP_SESSION session, const char *pattern, stringlist_t **keylist)
  2756 {
  2757     return list_keys(session, pattern, true, NULL, keylist);
  2758 }
  2759 
  2760 PEP_STATUS pgp_send_key(PEP_SESSION session, const char *pattern)
  2761 {
  2762     assert(!"pgp_send_key not implemented");
  2763     return PEP_UNKNOWN_ERROR;
  2764 }
  2765 
  2766 
  2767 PEP_STATUS pgp_renew_key(
  2768     PEP_SESSION session, const char *fpr, const timestamp *ts)
  2769 {
  2770     PEP_STATUS status = PEP_STATUS_OK;
  2771     pgp_error_t err = NULL;
  2772     pgp_cert_t cert = NULL;
  2773     pgp_cert_valid_key_iter_t iter = NULL;
  2774     pgp_valid_key_amalgamation_t primary = NULL;
  2775     pgp_key_pair_t keypair = NULL;
  2776     pgp_signer_t signer = NULL;
  2777     time_t t = timegm((struct tm *) ts);
  2778     pgp_cert_valid_key_iter_t key_iter = NULL;
  2779     pgp_valid_key_amalgamation_t ka = NULL;
  2780     pgp_packet_t *packets = NULL;
  2781     size_t packet_count = 0;
  2782     size_t packet_capacity = 0;
  2783 
  2784     T("(%s)", fpr);
  2785 
  2786     status = cert_find_by_fpr_hex(session, fpr, true, &cert, NULL);
  2787     ERROR_OUT(NULL, status, "Looking up '%s'", fpr);
  2788 
  2789     time_t creation_time = pgp_key_creation_time(pgp_cert_primary_key(cert));
  2790     if (creation_time > t)
  2791         // The creation time is after the expiration time!
  2792         ERROR_OUT(NULL, PEP_UNKNOWN_ERROR,
  2793                   "creation time can't be after expiration time");
  2794 
  2795     iter = pgp_cert_valid_key_iter(cert, session->policy, 0);
  2796     pgp_cert_valid_key_iter_for_certification (iter);
  2797     pgp_cert_valid_key_iter_unencrypted_secret (iter);
  2798     pgp_cert_valid_key_iter_revoked(iter, false);
  2799 
  2800     // If there are multiple certification capable subkeys, we just
  2801     // take the first one, whichever one that happens to be.
  2802     primary = pgp_cert_valid_key_iter_next (iter, NULL, NULL);
  2803     if (! primary)
  2804         ERROR_OUT (err, PEP_UNKNOWN_ERROR,
  2805                    "%s has no usable certification capable key", fpr);
  2806 
  2807     // pgp_key_into_key_pair needs to own the key, but here we
  2808     // only get a reference (which we still need to free).
  2809     pgp_key_t key = pgp_valid_key_amalgamation_key (primary);
  2810     keypair = pgp_key_into_key_pair (NULL, pgp_key_clone (key));
  2811     pgp_key_free (key);
  2812     if (! keypair)
  2813         ERROR_OUT (err, PEP_UNKNOWN_ERROR, "Creating a keypair");
  2814 
  2815     signer = pgp_key_pair_as_signer (keypair);
  2816     if (! signer)
  2817         ERROR_OUT (err, PEP_UNKNOWN_ERROR, "Creating a signer");
  2818 
  2819     // Set the expiration for all non-revoked keys.
  2820     key_iter = pgp_cert_valid_key_iter(cert, session->policy, 0);
  2821     pgp_cert_valid_key_iter_revoked(key_iter, false);
  2822 
  2823     while ((ka = pgp_cert_valid_key_iter_next(key_iter, NULL, NULL))) {
  2824         pgp_status_t sq_status;
  2825         pgp_error_t err;
  2826         pgp_packet_t *packets_tmp = NULL;
  2827         size_t packet_count_tmp = 0;
  2828 
  2829         sq_status = pgp_valid_key_amalgamation_set_expiration_time
  2830             (&err, ka, signer, t, &packets_tmp, &packet_count_tmp);
  2831         if (sq_status)
  2832             ERROR_OUT(err, PEP_UNKNOWN_ERROR,
  2833                       "setting expiration (generating self signatures)");
  2834 
  2835         if (! packets) {
  2836             assert(packet_count == 0);
  2837             assert(packet_capacity == 0);
  2838 
  2839             packets = packets_tmp;
  2840             packet_count = packet_count_tmp;
  2841             packet_capacity = packet_count_tmp;
  2842         } else {
  2843             assert(packet_capacity > 0);
  2844             if (packet_capacity - packet_count < packet_count_tmp) {
  2845                 // Grow the array.
  2846                 int c = packet_capacity;
  2847                 while (c < packet_count + packet_count_tmp) {
  2848                     c *= 2;
  2849                 }
  2850 
  2851                 void * tmp = _pEp_reallocarray(packets, c, sizeof (*packets));
  2852                 if (! tmp)
  2853                     ERROR_OUT(NULL, PEP_OUT_OF_MEMORY,
  2854                               "setting expiration (resizing buffer)");
  2855 
  2856                 packets = tmp;
  2857                 packet_capacity = c;
  2858             }
  2859 
  2860             int i;
  2861             for (i = 0; i < packet_count_tmp; i ++) {
  2862                 packets[packet_count + i] = packets_tmp[i];
  2863             }
  2864             packet_count += packet_count_tmp;
  2865         }
  2866 
  2867         pgp_valid_key_amalgamation_free (ka);
  2868     }
  2869 
  2870     // We're going to mutate cert, which key_iter references.
  2871     // Deallocate it first.
  2872     pgp_cert_valid_key_iter_free (key_iter);
  2873     key_iter = NULL;
  2874 
  2875     cert = pgp_cert_merge_packets (&err, cert, packets, packet_count);
  2876     // The packets (but not the array) are now owned by cert.
  2877     packet_count = 0;
  2878     if (! cert)
  2879         ERROR_OUT(err, PEP_UNKNOWN_ERROR, "setting expiration (updating cert)");
  2880 
  2881     status = cert_save(session, cert, NULL);
  2882     cert = NULL;
  2883     ERROR_OUT(NULL, status, "Saving %s", fpr);
  2884 
  2885  out:
  2886     if (packets) {
  2887         for (int i = 0; i < packet_count; i ++) {
  2888             pgp_packet_free (packets[i]);
  2889         }
  2890         free (packets);
  2891     }
  2892 
  2893     pgp_valid_key_amalgamation_free (ka);
  2894     pgp_cert_valid_key_iter_free (key_iter);
  2895     pgp_signer_free (signer);
  2896     // XXX: pgp_key_pair_as_signer is only supposed to reference
  2897     // signing_keypair, but it consumes it.  If this is fixed, this
  2898     // will become a leak.
  2899     //
  2900     pgp_key_pair_free (keypair);
  2901     pgp_valid_key_amalgamation_free (primary);
  2902     pgp_cert_valid_key_iter_free (iter);
  2903     pgp_cert_free(cert);
  2904 
  2905     T("(%s) -> %s", fpr, pEp_status_to_string(status));
  2906     return status;
  2907 }
  2908 
  2909 PEP_STATUS pgp_revoke_key(
  2910     PEP_SESSION session, const char *fpr, const char *reason)
  2911 {
  2912     PEP_STATUS status = PEP_STATUS_OK;
  2913     pgp_error_t err = NULL;
  2914     pgp_cert_t cert = NULL;
  2915     pgp_cert_valid_key_iter_t iter = NULL;
  2916     pgp_valid_key_amalgamation_t ka = NULL;
  2917     pgp_key_pair_t keypair = NULL;
  2918     pgp_signer_t signer = NULL;
  2919 
  2920     T("(%s)", fpr);
  2921 
  2922     status = cert_find_by_fpr_hex(session, fpr, true, &cert, NULL);
  2923     ERROR_OUT(NULL, status, "Looking up %s", fpr);
  2924 
  2925     iter = pgp_cert_valid_key_iter(cert, session->policy, 0);
  2926     pgp_cert_valid_key_iter_alive(iter);
  2927     pgp_cert_valid_key_iter_revoked(iter, false);
  2928     pgp_cert_valid_key_iter_for_certification (iter);
  2929     pgp_cert_valid_key_iter_unencrypted_secret (iter);
  2930 
  2931     // If there are multiple certification capable subkeys, we just
  2932     // take the first one, whichever one that happens to be.
  2933     ka = pgp_cert_valid_key_iter_next (iter, NULL, NULL);
  2934     if (! ka)
  2935         ERROR_OUT (err, PEP_UNKNOWN_ERROR,
  2936                    "%s has no usable certification capable key", fpr);
  2937 
  2938     // pgp_key_into_key_pair needs to own the key, but here we
  2939     // only get a reference (which we still need to free).
  2940     pgp_key_t key = pgp_valid_key_amalgamation_key (ka);
  2941     keypair = pgp_key_into_key_pair (NULL, pgp_key_clone (key));
  2942     pgp_key_free (key);
  2943     if (! keypair)
  2944         ERROR_OUT (err, PEP_UNKNOWN_ERROR, "Creating a keypair");
  2945 
  2946     signer = pgp_key_pair_as_signer (keypair);
  2947     if (! signer)
  2948         ERROR_OUT (err, PEP_UNKNOWN_ERROR, "Creating a signer");
  2949 
  2950     cert = pgp_cert_revoke_in_place(&err, cert, signer,
  2951                                     PGP_REASON_FOR_REVOCATION_UNSPECIFIED,
  2952                                     reason);
  2953     if (! cert)
  2954         ERROR_OUT(err, PEP_UNKNOWN_ERROR, "setting expiration");
  2955 
  2956     assert(pgp_revocation_status_variant(pgp_cert_revoked(cert, session->policy, 0))
  2957            == PGP_REVOCATION_STATUS_REVOKED);
  2958 
  2959     status = cert_save(session, cert, NULL);
  2960     cert = NULL;
  2961     ERROR_OUT(NULL, status, "Saving %s", fpr);
  2962 
  2963  out:
  2964     pgp_signer_free (signer);
  2965     pgp_key_pair_free (keypair);
  2966     pgp_valid_key_amalgamation_free (ka);
  2967     pgp_cert_valid_key_iter_free (iter);
  2968     pgp_cert_free(cert);
  2969 
  2970     T("(%s) -> %s", fpr, pEp_status_to_string(status));
  2971     return status;
  2972 }
  2973 
  2974 // NOTE: Doesn't check the *validity* of these subkeys. Just checks to see 
  2975 // if they exist.
  2976 static void _pgp_contains_encryption_subkey(PEP_SESSION session, pgp_cert_t cert, bool* has_subkey) {
  2977     pgp_cert_valid_key_iter_t key_iter
  2978         = pgp_cert_valid_key_iter(cert, session->policy, 0);
  2979 
  2980     // Calling these two allegedly gives the union, I think? :)
  2981     pgp_cert_valid_key_iter_for_transport_encryption(key_iter);
  2982     pgp_cert_valid_key_iter_for_storage_encryption(key_iter);
  2983 
  2984     pgp_valid_key_amalgamation_t ka
  2985         = pgp_cert_valid_key_iter_next(key_iter, NULL, NULL);
  2986     *has_subkey = ka != NULL;
  2987     pgp_valid_key_amalgamation_free (ka);
  2988     pgp_cert_valid_key_iter_free(key_iter);
  2989 }
  2990 
  2991 // NOTE: Doesn't check the *validity* of these subkeys. Just checks to see 
  2992 // if they exist.
  2993 static void _pgp_contains_sig_subkey(PEP_SESSION session, pgp_cert_t cert, bool* has_subkey) {
  2994     pgp_cert_valid_key_iter_t key_iter
  2995         = pgp_cert_valid_key_iter(cert, session->policy, 0);
  2996 
  2997     pgp_cert_valid_key_iter_for_signing(key_iter);
  2998 
  2999     pgp_valid_key_amalgamation_t ka
  3000         = pgp_cert_valid_key_iter_next(key_iter, NULL, NULL);
  3001     *has_subkey = ka != NULL;
  3002     pgp_valid_key_amalgamation_free (ka);
  3003     pgp_cert_valid_key_iter_free(key_iter);
  3004 }
  3005 
  3006 // Check to see that key, at a minimum, even contains encryption or signing subkeys
  3007 static void _pgp_key_broken(PEP_SESSION session, pgp_cert_t cert, bool* is_broken) {
  3008     *is_broken = false;
  3009     bool unbroken = false;
  3010     _pgp_contains_sig_subkey(session, cert, &unbroken);
  3011     if (!unbroken)
  3012         *is_broken = true;
  3013     else {
  3014         _pgp_contains_encryption_subkey(session, cert, &unbroken);
  3015         if (!unbroken)
  3016             *is_broken = true;
  3017     }
  3018 }
  3019 
  3020 static void _pgp_key_expired(PEP_SESSION session, pgp_cert_t cert, const time_t when, bool* expired)
  3021 {
  3022     // Is the certificate live?
  3023     *expired = pgp_cert_alive(NULL, cert, session->policy, when) != PGP_STATUS_SUCCESS;
  3024 
  3025     if (TRACING) {
  3026         char buffer[26];
  3027         time_t now = time(NULL);
  3028 
  3029         if (when == now || when == now - 1) {
  3030             sprintf(buffer, "now");
  3031         } else {
  3032             struct tm tm;
  3033             gmtime_r(&when, &tm);
  3034             strftime(buffer, sizeof(buffer), "%Y-%m-%d %H:%M:%S", &tm);
  3035         }
  3036 
  3037         T("certificate is %slive as of %s", *expired ? "not " : "", buffer);
  3038     }
  3039     if (*expired)
  3040         goto out;
  3041 
  3042     // Check to see if the key is broken. Ideally, we'd do this in one pass below, but 
  3043     // givem the choice for how to check for expiry, this is the simplest solutiom.
  3044     bool broken = false;
  3045     _pgp_key_broken(session, cert, &broken);
  3046     if (broken)
  3047         goto out; // still isn't expired. is broken. there's a difference and a different check.    
  3048         
  3049     // Why is this an indicator of just an expired key and not a broken one?
  3050     // This will also reject keys that are not expired, but rather missing 
  3051     // subkeys.
  3052     //    
  3053     // Are there at least one certification subkey, one signing subkey
  3054     // and one encryption subkey that are live?
  3055     //    int can_certify = 0, can_encrypt = 0, can_sign = 0;
  3056     int can_encrypt = 0, can_sign = 0;
  3057 
  3058     pgp_cert_valid_key_iter_t key_iter
  3059         = pgp_cert_valid_key_iter(cert, session->policy, 0);
  3060     pgp_cert_valid_key_iter_alive(key_iter);
  3061     pgp_cert_valid_key_iter_revoked(key_iter, false);
  3062 
  3063     pgp_valid_key_amalgamation_t ka;
  3064     pgp_signature_t sig;
  3065     while ((ka = pgp_cert_valid_key_iter_next(key_iter, &sig, NULL))) {
  3066         if (pgp_signature_for_transport_encryption(sig)
  3067             || pgp_signature_for_storage_encryption(sig))
  3068             can_encrypt = 1;
  3069         if (pgp_signature_for_signing(sig))
  3070             can_sign = 1;
  3071         // if (pgp_signature_for_certification(sig))
  3072         //     can_certify = 1;
  3073 
  3074         pgp_signature_free (sig);
  3075         pgp_valid_key_amalgamation_free (ka);
  3076 
  3077 //        if (can_encrypt && can_sign && can_certify)
  3078         if (can_encrypt && can_sign)
  3079             break;
  3080     }
  3081     pgp_cert_valid_key_iter_free(key_iter);
  3082 
  3083 //    *expired = !(can_encrypt && can_sign && can_certify);
  3084     *expired = !(can_encrypt && can_sign);
  3085 
  3086     T("Key can%s encrypt, can%s sign => %s expired",
  3087       can_encrypt ? "" : "not",
  3088       can_sign ? "" : "not",
  3089       *expired ? "" : "not");
  3090 
  3091 out:
  3092     // Er, this might be problematic in terms of internal vs. external in log. FIXME?
  3093     T(" -> expired: %d", *expired);
  3094     return;
  3095 }
  3096 
  3097 PEP_STATUS pgp_key_expired(PEP_SESSION session, const char *fpr,
  3098                            const time_t when, bool *expired)
  3099 {
  3100     PEP_STATUS status = PEP_STATUS_OK;
  3101     pgp_cert_t cert = NULL;
  3102     T("(%s)", fpr);
  3103 
  3104     assert(session);
  3105     assert(fpr);
  3106     assert(expired);
  3107 
  3108     *expired = false;
  3109 
  3110     pgp_fingerprint_t pgp_fpr = pgp_fingerprint_from_hex(fpr);
  3111     status = cert_find_by_fpr(session, pgp_fpr, false, &cert, NULL);
  3112     pgp_fingerprint_free(pgp_fpr);
  3113     ERROR_OUT(NULL, status, "Looking up %s", fpr);
  3114 
  3115     _pgp_key_expired(session, cert, when, expired);
  3116  out:
  3117     pgp_cert_free(cert);
  3118     T("(%s) -> %s (expired: %d)", fpr, pEp_status_to_string(status), *expired);
  3119     return status;
  3120 }
  3121 
  3122 static void _pgp_key_revoked(PEP_SESSION session, pgp_cert_t cert, bool* revoked) {
  3123     pgp_revocation_status_t rs = pgp_cert_revoked(cert, session->policy, 0);
  3124     *revoked = pgp_revocation_status_variant(rs) == PGP_REVOCATION_STATUS_REVOKED;
  3125     pgp_revocation_status_free (rs); 
  3126     
  3127     if (*revoked)
  3128         return;
  3129         
  3130     // Ok, at this point, we need to know if for signing or encryption there is
  3131     // ONLY a revoked key available. If so, this key is also considered revoked 
  3132     pgp_cert_valid_key_iter_t key_iter
  3133         = pgp_cert_valid_key_iter(cert, session->policy, 0);
  3134     pgp_cert_valid_key_iter_for_signing(key_iter);
  3135 
  3136     bool has_non_revoked_sig_key = false;
  3137     bool has_revoked_sig_key = false;
  3138 
  3139     pgp_valid_key_amalgamation_t ka;
  3140     while (!has_non_revoked_sig_key
  3141            && (ka = pgp_cert_valid_key_iter_next(key_iter, NULL, &rs))) {
  3142         if (pgp_revocation_status_variant(rs) == PGP_REVOCATION_STATUS_REVOKED)
  3143             has_revoked_sig_key = true;
  3144         else
  3145             has_non_revoked_sig_key = true;
  3146 
  3147         pgp_revocation_status_free(rs);
  3148         pgp_valid_key_amalgamation_free (ka);
  3149     }
  3150     pgp_cert_valid_key_iter_free(key_iter);
  3151 
  3152     if (has_non_revoked_sig_key) {
  3153         key_iter = pgp_cert_valid_key_iter(cert, session->policy, 0);
  3154         pgp_cert_valid_key_iter_for_transport_encryption(key_iter);
  3155         pgp_cert_valid_key_iter_for_storage_encryption(key_iter);
  3156 
  3157         bool has_non_revoked_enc_key = false;
  3158         bool has_revoked_enc_key = false;
  3159 
  3160         pgp_valid_key_amalgamation_t ka;
  3161         while (!has_non_revoked_enc_key
  3162                && (ka = pgp_cert_valid_key_iter_next(key_iter, NULL, &rs))) {
  3163             if (pgp_revocation_status_variant(rs) == PGP_REVOCATION_STATUS_REVOKED)
  3164                 has_revoked_enc_key = true;
  3165             else
  3166                 has_non_revoked_enc_key = true;
  3167 
  3168             pgp_revocation_status_free(rs);
  3169             pgp_valid_key_amalgamation_free (ka);
  3170         }
  3171         if (!has_non_revoked_enc_key) { // this does NOT mean revoked. it MAY mean broken.
  3172             if (has_revoked_enc_key)
  3173                 *revoked = true;
  3174         }
  3175         pgp_cert_valid_key_iter_free (key_iter);
  3176     }
  3177     else if (has_revoked_sig_key) {
  3178         *revoked = true;
  3179     }
  3180 }
  3181 
  3182 PEP_STATUS pgp_key_revoked(PEP_SESSION session, const char *fpr, bool *revoked)
  3183 {
  3184     PEP_STATUS status = PEP_STATUS_OK;
  3185     pgp_cert_t cert;
  3186 
  3187     T("(%s)", fpr);
  3188 
  3189     assert(session);
  3190     assert(fpr);
  3191     assert(revoked);
  3192 
  3193     *revoked = false;
  3194 
  3195     pgp_fingerprint_t pgp_fpr = pgp_fingerprint_from_hex(fpr);
  3196     status = cert_find_by_fpr(session, pgp_fpr, false, &cert, NULL);
  3197     pgp_fingerprint_free(pgp_fpr);
  3198     ERROR_OUT(NULL, status, "Looking up %s", fpr);
  3199 
  3200     // pgp_revocation_status_t rs = pgp_cert_revoked(cert, 0);
  3201     // *revoked = pgp_revocation_status_variant(rs) == PGP_REVOCATION_STATUS_REVOKED;
  3202     // pgp_revocation_status_free (rs);
  3203     _pgp_key_revoked(session, cert, revoked);
  3204     pgp_cert_free(cert);
  3205 
  3206  out:
  3207     T("(%s) -> %s", fpr, pEp_status_to_string(status));
  3208     return status;
  3209 }
  3210 
  3211 PEP_STATUS pgp_get_key_rating(
  3212     PEP_SESSION session, const char *fpr, PEP_comm_type *comm_type)
  3213 {
  3214     PEP_STATUS status = PEP_STATUS_OK;
  3215     pgp_cert_t cert = NULL;
  3216 
  3217     assert(session);
  3218     assert(fpr);
  3219     assert(comm_type);
  3220 
  3221     *comm_type = PEP_ct_unknown;
  3222 
  3223     pgp_fingerprint_t pgp_fpr = pgp_fingerprint_from_hex(fpr);
  3224     status = cert_find_by_fpr(session, pgp_fpr, false, &cert, NULL);
  3225     pgp_fingerprint_free(pgp_fpr);
  3226     ERROR_OUT(NULL, status, "Looking up key: %s", fpr);
  3227 
  3228     *comm_type = PEP_ct_OpenPGP_unconfirmed;
  3229 
  3230     // pgp_revocation_status_t rs = pgp_cert_revoked(cert, 0);
  3231     // pgp_revocation_status_variant_t rsv = pgp_revocation_status_variant(rs);
  3232     // pgp_revocation_status_free(rs);
  3233     // if (rsv == PGP_REVOCATION_STATUS_REVOKED) {
  3234     //     *comm_type = PEP_ct_key_revoked;
  3235     //     goto out;
  3236     // }
  3237 
  3238     bool revoked = false;
  3239     _pgp_key_revoked(session, cert, &revoked);
  3240     
  3241     if (revoked) {
  3242         *comm_type = PEP_ct_key_revoked;
  3243         goto out;
  3244     }    
  3245 
  3246     bool broken = false;
  3247     _pgp_key_broken(session, cert, &broken);
  3248     if (broken) {
  3249         *comm_type = PEP_ct_key_b0rken;
  3250         goto out;
  3251     }
  3252             
  3253     bool expired = false;
  3254     // MUST guarantee the same behaviour.
  3255     _pgp_key_expired(session, cert, time(NULL), &expired);
  3256 
  3257     if (expired) {
  3258         *comm_type = PEP_ct_key_expired;
  3259         goto out;
  3260     }
  3261 
  3262     PEP_comm_type worst_enc = PEP_ct_no_encryption, worst_sign = PEP_ct_no_encryption;
  3263     pgp_cert_valid_key_iter_t key_iter
  3264         = pgp_cert_valid_key_iter(cert, session->policy, 0);
  3265     pgp_cert_valid_key_iter_alive(key_iter);
  3266     pgp_cert_valid_key_iter_revoked(key_iter, false);
  3267 
  3268     pgp_valid_key_amalgamation_t ka;
  3269     pgp_signature_t sig;
  3270     while ((ka = pgp_cert_valid_key_iter_next(key_iter, &sig, NULL))) {
  3271         pgp_key_t key = pgp_valid_key_amalgamation_key (ka);
  3272 
  3273         PEP_comm_type curr = PEP_ct_no_encryption;
  3274 
  3275         int can_enc = pgp_signature_for_transport_encryption(sig)
  3276             || pgp_signature_for_storage_encryption(sig);
  3277         int can_sign = pgp_signature_for_signing(sig);
  3278 
  3279         pgp_public_key_algo_t pk_algo = pgp_key_public_key_algo(key);
  3280 
  3281         if (pk_algo == PGP_PUBLIC_KEY_ALGO_RSA_ENCRYPT_SIGN
  3282             || pk_algo == PGP_PUBLIC_KEY_ALGO_RSA_ENCRYPT
  3283             || pk_algo == PGP_PUBLIC_KEY_ALGO_RSA_SIGN) {
  3284             int bits = pgp_key_public_key_bits(key);
  3285             if (bits < 1024)
  3286                 curr = PEP_ct_key_too_short;
  3287             else if (bits == 1024)
  3288                 curr = PEP_ct_OpenPGP_weak_unconfirmed;
  3289             else
  3290                 curr = PEP_ct_OpenPGP_unconfirmed;
  3291         } else {
  3292             curr = PEP_ct_OpenPGP_unconfirmed;
  3293         }
  3294 
  3295         if (can_enc)
  3296             worst_enc = (worst_enc == PEP_ct_no_encryption ? curr : _MIN(worst_enc, curr));
  3297             
  3298         if (can_sign)
  3299             worst_sign = (worst_sign == PEP_ct_no_encryption ? curr : _MIN(worst_sign, curr));
  3300 
  3301         pgp_key_free (key);
  3302         pgp_signature_free (sig);
  3303         pgp_valid_key_amalgamation_free (ka);
  3304     }
  3305     pgp_cert_valid_key_iter_free(key_iter);
  3306 
  3307     // This may be redundant because of the broken check above; we should revisit later.
  3308     // But because this case was falling under expired because of how that is written, this 
  3309     // was probably never hiit here
  3310     if (worst_enc == PEP_ct_no_encryption || worst_sign == PEP_ct_no_encryption) {
  3311         *comm_type = PEP_ct_key_b0rken;
  3312         goto out;
  3313     } else {
  3314         *comm_type = _MIN(worst_enc, worst_sign);
  3315     }
  3316 
  3317  out:
  3318     pgp_cert_free(cert);
  3319 
  3320     T("(%s) -> %s", fpr, pEp_comm_type_to_string(*comm_type));
  3321     return status;
  3322 }
  3323 
  3324 
  3325 PEP_STATUS pgp_key_created(PEP_SESSION session, const char *fpr, time_t *created)
  3326 {
  3327     PEP_STATUS status = PEP_STATUS_OK;
  3328     pgp_cert_t cert = NULL;
  3329     T("(%s)", fpr);
  3330 
  3331     *created = 0;
  3332 
  3333     pgp_fingerprint_t pgp_fpr = pgp_fingerprint_from_hex(fpr);
  3334     status = cert_find_by_fpr(session, pgp_fpr, false, &cert, NULL);
  3335     pgp_fingerprint_free(pgp_fpr);
  3336     ERROR_OUT(NULL, status, "Looking up %s", fpr);
  3337 
  3338     pgp_key_t k = pgp_cert_primary_key(cert);
  3339     *created = pgp_key_creation_time(k);
  3340     pgp_cert_free(cert);
  3341 
  3342  out:
  3343     T("(%s) -> %s", fpr, pEp_status_to_string(status));
  3344     return status;
  3345 }
  3346 
  3347 PEP_STATUS pgp_binary(const char **path)
  3348 {
  3349     *path = NULL;
  3350     return PEP_STATUS_OK;
  3351 }
  3352 
  3353 PEP_STATUS pgp_contains_priv_key(PEP_SESSION session, const char *fpr,
  3354                                  bool *has_private)
  3355 {
  3356     T("(%s)", fpr);
  3357     pgp_fingerprint_t pgp_fpr = pgp_fingerprint_from_hex(fpr);
  3358     PEP_STATUS status = cert_find_by_fpr(session, pgp_fpr, true, NULL, NULL);
  3359     pgp_fingerprint_free(pgp_fpr);
  3360     if (status == PEP_STATUS_OK) {
  3361         *has_private = 1;
  3362     } else if (status == PEP_KEY_NOT_FOUND) {
  3363         *has_private = 0;
  3364         status = PEP_STATUS_OK;
  3365     }
  3366     T("(%s) -> %s, %s",
  3367       fpr, *has_private ? "priv" : "pub", pEp_status_to_string(status));
  3368     return status;
  3369 }