1 // This file is under GNU General Public License 3.0
4 // maximum attachment size to import as key 1MB, maximum of 20 attachments
6 #define MAX_KEY_SIZE (1024 * 1024)
7 #define MAX_KEYS_TO_IMPORT 20
9 #define KEY_EXPIRE_DELTA (60 * 60 * 24 * 365)
11 // this is 20 trustwords with 79 chars max
12 #define MAX_TRUSTWORDS_SPACE (20 * 80)
14 // XML parameters string
15 #define PARMS_MAX 32768
17 // maximum busy wait time in ms
18 #define BUSY_WAIT_TIME 5000
21 #ifndef DEFAULT_KEYSERVER
22 #define DEFAULT_KEYSERVER "hkps://keys.openpgp.org"
25 // crashdump constants
26 #ifndef CRASHDUMP_DEFAULT_LINES
27 #define CRASHDUMP_DEFAULT_LINES 100
29 #define CRASHDUMP_MAX_LINES 32767
31 // p≡p full string, NUL-terminated
32 #ifndef PEP_SUBJ_STRING
33 #define PEP_SUBJ_STRING {0x70,0xE2,0x89,0xA1,0x70,0x00}
34 #define PEP_SUBJ_BYTELEN 5
38 #define PEP_SUBJ_KEY "Subject: "
39 #define PEP_SUBJ_KEY_LC "subject: "
40 #define PEP_SUBJ_KEY_LEN 9
43 #ifndef PEP_MSG_WRAP_KEY
44 #define PEP_MSG_WRAP_KEY "pEp-Wrapped-Message-Info: "
45 #define PEP_MSG_WRAP_KEY_LC "pep-wrapped-message-info: "
46 #define PEP_MSG_WRAP_KEY_LEN 26
49 #ifndef X_PEP_MSG_WRAP_KEY
50 #define X_PEP_MSG_WRAP_KEY "X-pEp-Wrapped-Message-Info"
53 #ifndef X_PEP_SNDR_FPR_KEY
54 #define X_PEP_SNDR_FPR_KEY "X-pEp-Sender-FPR"
60 #define KEYS_DB windoze_keys_db()
61 #define LOCAL_DB windoze_local_db()
62 #define SYSTEM_DB windoze_system_db()
64 #define _POSIX_C_SOURCE 200809L
67 #define LOCAL_DB unix_local_db()
69 #define LOCAL_DB unix_local_db(false)
72 #define SYSTEM_DB android_system_db()
74 #define SYSTEM_DB unix_system_db()
86 #ifdef SQLITE3_FROM_OS
92 #include "pEpEngine.h"
94 // If not specified, build for Sequoia
99 #if defined(USE_SEQUOIA)
100 #include "pgp_sequoia_internal.h"
103 #include "keymanagement.h"
104 #include "cryptotech.h"
105 #include "transport.h"
106 #include "sync_api.h"
107 #include "Sync_func.h"
109 #include "key_reset.h"
111 #define NOT_IMPLEMENTED assert(0); return PEP_UNKNOWN_ERROR;
114 typedef struct _pEpSession pEpSession;
117 messageToSend_t messageToSend;
119 #if defined(USE_SEQUOIA)
122 sqlite3_stmt *begin_transaction;
123 sqlite3_stmt *commit_transaction;
124 sqlite3_stmt *rollback_transaction;
125 sqlite3_stmt *cert_find;
126 sqlite3_stmt *tsk_find;
127 sqlite3_stmt *cert_find_by_keyid;
128 sqlite3_stmt *tsk_find_by_keyid;
129 sqlite3_stmt *cert_find_by_email;
130 sqlite3_stmt *tsk_find_by_email;
131 sqlite3_stmt *cert_all;
132 sqlite3_stmt *tsk_all;
133 sqlite3_stmt *cert_save_insert_primary;
134 sqlite3_stmt *cert_save_insert_subkeys;
135 sqlite3_stmt *cert_save_insert_userids;
136 sqlite3_stmt *delete_keypair;
142 PEP_cryptotech_t *cryptotech;
143 PEP_CIPHER_SUITE cipher_suite;
145 PEP_transport_t *transports;
151 sqlite3_stmt *trustword;
152 sqlite3_stmt *get_identity;
153 sqlite3_stmt *get_identity_without_trust_check;
154 sqlite3_stmt *get_identities_by_address;
155 sqlite3_stmt *get_identities_by_userid;
156 sqlite3_stmt *get_identities_by_main_key_id;
157 sqlite3_stmt *replace_identities_fpr;
158 sqlite3_stmt *replace_main_user_fpr;
159 sqlite3_stmt *replace_main_user_fpr_if_equal;
160 sqlite3_stmt *get_main_user_fpr;
161 sqlite3_stmt *refresh_userid_default_key;
162 sqlite3_stmt *delete_key;
163 sqlite3_stmt *remove_fpr_as_identity_default;
164 sqlite3_stmt *remove_fpr_as_user_default;
165 sqlite3_stmt *set_person;
166 sqlite3_stmt *update_person;
167 sqlite3_stmt *delete_person;
168 sqlite3_stmt *exists_person;
169 sqlite3_stmt *set_as_pEp_user;
170 sqlite3_stmt *is_pEp_user;
171 sqlite3_stmt *upgrade_pEp_version_by_user_id;
172 sqlite3_stmt *add_into_social_graph;
173 sqlite3_stmt *get_own_address_binding_from_contact;
174 sqlite3_stmt *set_revoke_contact_as_notified;
175 sqlite3_stmt *get_contacted_ids_from_revoke_fpr;
176 sqlite3_stmt *was_id_for_revoke_contacted;
177 sqlite3_stmt *has_id_contacted_address;
178 sqlite3_stmt *get_last_contacted;
179 // sqlite3_stmt *set_device_group;
180 // sqlite3_stmt *get_device_group;
181 sqlite3_stmt *set_pgp_keypair;
182 sqlite3_stmt *set_identity_entry;
183 sqlite3_stmt *update_identity_entry;
184 sqlite3_stmt *exists_identity_entry;
185 sqlite3_stmt *set_identity_flags;
186 sqlite3_stmt *unset_identity_flags;
187 sqlite3_stmt *set_pEp_version;
188 sqlite3_stmt *clear_trust_info;
189 sqlite3_stmt *set_trust;
190 sqlite3_stmt *update_trust;
191 sqlite3_stmt *exists_trust_entry;
192 sqlite3_stmt *update_trust_to_pEp;
193 sqlite3_stmt *update_trust_for_fpr;
194 sqlite3_stmt *get_trust;
195 sqlite3_stmt *get_trust_by_userid;
196 sqlite3_stmt *least_trust;
197 sqlite3_stmt *mark_compromised;
198 sqlite3_stmt *reset_trust;
199 sqlite3_stmt *crashdump;
200 sqlite3_stmt *languagelist;
201 sqlite3_stmt *i18n_token;
202 sqlite3_stmt *replace_userid;
205 sqlite3_stmt *blacklist_add;
206 sqlite3_stmt *blacklist_delete;
207 sqlite3_stmt *blacklist_is_listed;
208 sqlite3_stmt *blacklist_retrieve;
211 sqlite3_stmt *own_key_is_listed;
212 sqlite3_stmt *is_own_address;
213 sqlite3_stmt *own_identities_retrieve;
214 sqlite3_stmt *own_keys_retrieve;
215 sqlite3_stmt *key_identities_retrieve;
216 sqlite3_stmt *get_user_default_key;
217 sqlite3_stmt *get_all_keys_for_user;
219 sqlite3_stmt *get_default_own_userid;
222 // sqlite3_stmt *set_own_key;
225 sqlite3_stmt *sequence_value1;
226 sqlite3_stmt *sequence_value2;
229 sqlite3_stmt *set_revoked;
230 sqlite3_stmt *get_revoked;
231 sqlite3_stmt *get_replacement_fpr;
234 sqlite3_stmt* add_mistrusted_key;
235 sqlite3_stmt* is_mistrusted_key;
236 sqlite3_stmt* delete_mistrusted_key;
239 sqlite3_stmt *get_userid_alias_default;
240 sqlite3_stmt *add_userid_alias;
243 examine_identity_t examine_identity;
244 void *examine_management;
245 notifyHandshake_t notifyHandshake;
246 inject_sync_event_t inject_sync_event;
247 retrieve_next_sync_event_t retrieve_next_sync_event;
250 void *sync_management;
252 struct Sync_state_s sync_state;
254 // void* sync_state_payload;
255 // char sync_uuid[37];
256 // time_t LastCannotDecrypt;
257 // time_t LastUpdateRequest;
262 bool unencrypted_subject;
266 # ifdef DEBUG_ERRORSTACK
267 stringlist_t* errorstack;
274 PEP_STATUS init_transport_system(PEP_SESSION session, bool in_first);
275 void release_transport_system(PEP_SESSION session, bool out_last);
277 /* NOT to be exposed to the outside!!! */
278 PEP_STATUS encrypt_only(
279 PEP_SESSION session, const stringlist_t *keylist, const char *ptext,
280 size_t psize, char **ctext, size_t *csize
283 void decorate_message(
286 stringlist_t *keylist,
290 #if defined(NDEBUG) || defined(NOLOG)
291 #define DEBUG_LOG(TITLE, ENTITY, DESC)
294 #include <android/log.h>
295 #define LOG_MORE(...) __android_log_print(ANDROID_LOG_DEBUG, "pEpEngine", " %s :: %s :: %s :: %s ", __VA_ARGS__);
298 #define LOG_MORE(...) fprintf(stderr, "pEpEngine DEBUG_LOG('%s','%s','%s','%s')\n", __VA_ARGS__);
300 #define DEBUG_LOG(TITLE, ENTITY, DESC) {\
301 log_event(session, (TITLE), (ENTITY), (DESC), "debug " __FILE__ ":" S_LINE);\
302 LOG_MORE((TITLE), (ENTITY), (DESC), __FILE__ ":" S_LINE)\
306 typedef enum _normalize_hex_rest_t {
310 } normalize_hex_res_t;
312 static inline normalize_hex_res_t _normalize_hex(char *hex)
314 if (*hex >= '0' && *hex <= '9')
317 if (*hex >= 'A' && *hex <= 'F') {
322 if (*hex >= 'a' && *hex <= 'f')
331 // Space tolerant and case insensitive fingerprint string compare
332 static inline PEP_STATUS _compare_fprs(
342 size_t significant = 0;
344 const int _FULL_FINGERPRINT_LENGTH = 40;
346 // First compare every non-ignored chars until an end is reached
347 while(ai < fpras && bi < fprbs)
349 char fprac = fpra[ai];
350 char fprbc = fprb[bi];
351 normalize_hex_res_t fprah = _normalize_hex(&fprac);
352 normalize_hex_res_t fprbh = _normalize_hex(&fprbc);
354 if(fprah == reject_hex || fprbh == reject_hex)
355 return PEP_ILLEGAL_VALUE;
357 if ( fprah == ignore_hex )
361 else if ( fprbh == ignore_hex )
367 if(fprac != fprbc && _comparison == 0 )
369 _comparison = fprac > fprbc ? 1 : -1;
379 // Bail out if we didn't got enough significnt chars
380 if (significant != _FULL_FINGERPRINT_LENGTH )
381 return PEP_TRUSTWORDS_FPR_WRONG_LENGTH;
383 // Then purge remaining chars, all must be ignored chars
386 char fprac = fpra[ai];
387 normalize_hex_res_t fprah = _normalize_hex(&fprac);
388 if( fprah == reject_hex )
389 return PEP_ILLEGAL_VALUE;
390 if ( fprah != ignore_hex )
391 return PEP_TRUSTWORDS_FPR_WRONG_LENGTH;
396 char fprbc = fprb[bi];
397 normalize_hex_res_t fprbh = _normalize_hex(&fprbc);
398 if( fprbh == reject_hex )
399 return PEP_ILLEGAL_VALUE;
400 if ( fprbh != ignore_hex )
401 return PEP_TRUSTWORDS_FPR_WRONG_LENGTH;
405 *comparison = _comparison;
406 return PEP_STATUS_OK;
409 static inline int _same_fpr(
416 // illegal values are ignored, and considered not same.
419 _compare_fprs(fpra, fpras, fprb, fprbs, &comparison);
421 return comparison == 0;
424 // size is the length of the bytestr that's coming in. This is really only intended
425 // for comparing two full strings. If charstr's length is different from bytestr_size,
426 // we'll return a non-zero value.
427 static inline int _unsigned_signed_strcmp(const unsigned char* bytestr, const char* charstr, int bytestr_size) {
428 int charstr_len = strlen(charstr);
429 if (charstr_len != bytestr_size)
430 return -1; // we don't actually care except that it's non-zero
431 return memcmp(bytestr, charstr, bytestr_size);
434 // This is just a horrible example of C type madness. UTF-8 made me do it.
435 static inline char* _pEp_subj_copy() {
437 unsigned char pEpstr[] = PEP_SUBJ_STRING;
438 void* retval = calloc(1, sizeof(unsigned char)*PEP_SUBJ_BYTELEN + 1);
439 memcpy(retval, pEpstr, PEP_SUBJ_BYTELEN);
440 return (char*)retval;
442 return strdup("pEp");
446 static inline bool is_me(PEP_SESSION session, pEp_identity* test_ident) {
448 if (test_ident && test_ident->user_id) {
450 get_default_own_userid(session, &def_id);
451 if (test_ident->me ||
452 (def_id && strcmp(def_id, test_ident->user_id) == 0)) {
460 static inline float pEp_version_numeric(const char* version_str) {
463 if (!version_str || sscanf(version_str, "%f", &retval) != 1)
469 static inline void pEp_version_major_minor(const char* version_str, unsigned int* major, unsigned int* minor) {
470 if (!major || !minor)
473 if (!version_str || sscanf(version_str, "%u.%u", major, minor) != 2) {
481 static inline int compare_versions(unsigned int first_maj, unsigned int first_min,
482 unsigned int second_maj, unsigned int second_min) {
483 if (first_maj > second_maj)
485 if (first_maj < second_maj)
487 if (first_min > second_min)
489 if (first_min < second_min)
494 static inline void set_min_version(unsigned int first_maj, unsigned int first_minor,
495 unsigned int second_maj, unsigned int second_minor,
496 unsigned int* result_maj, unsigned int* result_minor) {
497 int result = compare_versions(first_maj, first_minor, second_maj, second_minor);
499 *result_maj = first_maj;
500 *result_minor = first_minor;
503 *result_maj = second_maj;
504 *result_minor = second_minor;
508 static inline void set_max_version(unsigned int first_maj, unsigned int first_minor,
509 unsigned int second_maj, unsigned int second_minor,
510 unsigned int* result_maj, unsigned int* result_minor) {
511 int result = compare_versions(first_maj, first_minor, second_maj, second_minor);
513 *result_maj = first_maj;
514 *result_minor = first_minor;
517 *result_maj = second_maj;
518 *result_minor = second_minor;
523 #define EMPTYSTR(STR) ((STR) == NULL || (STR)[0] == '\0')
527 #define IS_PGP_CT(CT) (((CT) | PEP_ct_confirmed) == PEP_ct_OpenPGP)
531 #define _MIN(A, B) ((B) > (A) ? (A) : (B))
534 #define _MAX(A, B) ((B) > (A) ? (B) : (A))
537 // These are globals used in generating message IDs and should only be
538 // computed once, as they're either really constants or OS-dependent
540 extern int _pEp_rand_max_bits;
541 extern double _pEp_log2_36;
543 static inline void _init_globals() {
544 _pEp_rand_max_bits = (int) ceil(log2((double) RAND_MAX));
545 _pEp_log2_36 = log2(36);
548 // spinlock implementation
550 static inline int Sqlite3_step(sqlite3_stmt* stmt)
554 rc = sqlite3_step(stmt);
555 } while (rc == SQLITE_BUSY || rc == SQLITE_LOCKED);