src/pEp_internal.h
author Claudio Luck <claudio.luck@pep.foundation>
Mon, 06 May 2019 17:52:20 +0200
branchENGINE-524
changeset 3638 4ba9bd8b80c1
parent 3540 8b1730bcb3e0
child 3735 25b31318dcdc
permissions -rw-r--r--
WIP: ENGINE-524: make paths to sys, mgmt and keys DB configurable via env

Rationale: full compatibility on systems which already have a system and management DB,
while moving things under $HOME/.pEp (or $XDG_CONFIG_DIR/pEp) on new sytems.

TODO:

- Write and run tests
- Do we need to create sub-directories (e.g. ~/.pEp)?
- Bring the new defines into the Makefiles
- Implementation for Windows: windoze_local_db()

Changes:

- The hardcoded location for system DB is now in /usr/local/share/pEp instead of
/usr/share/pEp, the Makefile should default to /usr/share/pEp.


User documentation:

Set the following environment variables to select the location of the various databases:

TRUSTWORDS sets path to:
- $TRUSTWORDS/system.db

PEPHOME sets path to:
- $PEPHOME/pEp_management.db (*)
- $PEPHOME/pEp_keys.db (**)
- $PEPHOME/system.db (***)

(*) Note that there is no dot in the filename (pEp_management.db) when PEPHOME
is set. The default is still $HOME/.pEp_management.db (with dot) when PEPHOME
is unset.

(**) When you set PEPHOME, both pEp_keys.db and pEp_management.db must be
co-located. If the databases don't exist, new ones will be initialized. The
PEPHOME directory must exist before starting the adapters.

(***) system.db will be found in PEPHOME only if TRUSTWORDS is not set. If
TRUSTWORDS is set, the system DB MUST be where TRUSTWORDS points to. Otherwise,
if TRUSTWORDS is unset and PEPHOME contains no system DB, search will continue
at the default location. In other words, while keys and management DB must be
in PEPHOME when set, the system DB may be in the default location too.

The default locations are:
- $HOME/.pEp/pEp_management.db (if file exists)
- $HOME/.pEp_management.db (otherwise)
- /usr/local/share/pEp/system.db
- $HOME/.pEp_keys.db
     1 // This file is under GNU General Public License 3.0
     2 // see LICENSE.txt
     3 
     4 #define PEP_ENGINE_VERSION "1.1.1"
     5 
     6 // maximum attachment size to import as key 1MB, maximum of 20 attachments
     7 
     8 #define MAX_KEY_SIZE (1024 * 1024)
     9 #define MAX_KEYS_TO_IMPORT  20
    10 
    11 #define KEY_EXPIRE_DELTA (60 * 60 * 24 * 365)
    12 
    13 // this is 20 trustwords with 79 chars max
    14 #define MAX_TRUSTWORDS_SPACE (20 * 80)
    15 
    16 // XML parameters string
    17 #define PARMS_MAX 32768
    18 
    19 // maximum busy wait time in ms
    20 #define BUSY_WAIT_TIME 5000
    21 
    22 // maximum line length for reading gpg.conf
    23 #define MAX_LINELENGTH 1024
    24 
    25 // default keyserver
    26 #ifndef DEFAULT_KEYSERVER
    27 #define DEFAULT_KEYSERVER "hkp://keys.gnupg.net"
    28 #endif
    29 
    30 // crashdump constants
    31 #ifndef CRASHDUMP_DEFAULT_LINES
    32 #define CRASHDUMP_DEFAULT_LINES 100
    33 #endif
    34 #define CRASHDUMP_MAX_LINES 32767
    35 
    36 // p≡p full string, NUL-terminated
    37 #ifndef PEP_SUBJ_STRING
    38 #define PEP_SUBJ_STRING {0x70,0xE2,0x89,0xA1,0x70,0x00}
    39 #define PEP_SUBJ_BYTELEN 5
    40 #endif
    41 
    42 #ifndef PEP_SUBJ_KEY
    43 #define PEP_SUBJ_KEY "Subject: "
    44 #define PEP_SUBJ_KEY_LC "subject: "
    45 #define PEP_SUBJ_KEY_LEN 9
    46 #endif
    47 
    48 #ifndef PEP_MSG_WRAP_KEY
    49 #define PEP_MSG_WRAP_KEY "pEp-Wrapped-Message-Info: "
    50 #define PEP_MSG_WRAP_KEY_LC "pep-wrapped-message-info: "
    51 #define PEP_MSG_WRAP_KEY_LEN 26
    52 #endif
    53 
    54 
    55 #include "platform.h"
    56 
    57 #ifdef WIN32
    58 #define LOCAL_DB windoze_local_db()
    59 #define LOCAL_KEYS_DB windoze_local_db()
    60 #define SYSTEM_DB windoze_system_db()
    61 #define LIBGPGME "libgpgme-11.dll"
    62 #else // UNIX
    63 #define _POSIX_C_SOURCE 200809L
    64 #include <dlfcn.h>
    65 #ifdef NDEBUG
    66 #define LOCAL_DB unix_local_db()
    67 #define LOCAL_KEYS_DB unix_local_keys_db()
    68 #else
    69 #define LOCAL_DB unix_local_db(false)
    70 #define LOCAL_KEYS_DB unix_local_keys_db(false)
    71 #endif
    72 #ifndef SYSTEM_DB
    73 #ifdef NDEBUG
    74 #define SYSTEM_DB unix_system_db()
    75 #else
    76 #define SYSTEM_DB unix_system_db(false)
    77 #endif
    78 #endif
    79 #ifndef LIBGPGME
    80 #define LIBGPGME "libgpgme-pthread.so"
    81 #endif
    82 #endif
    83 
    84 #include <locale.h>
    85 #include <stdlib.h>
    86 #include <string.h>
    87 #include <assert.h>
    88 #include <stdio.h>
    89 #include <ctype.h>
    90 #include <math.h>
    91 
    92 #ifdef SQLITE3_FROM_OS
    93 #include <sqlite3.h>
    94 #else
    95 #include "sqlite3.h"
    96 #endif
    97 
    98 #include "pEpEngine.h"
    99 
   100 // If not specified, build for GPG
   101 #ifndef USE_SEQUOIA
   102 #ifndef USE_NETPGP
   103 #ifndef USE_GPG
   104 #define USE_GPG
   105 #endif
   106 #endif
   107 #endif
   108 
   109 #if defined(USE_SEQUOIA)
   110 #include "pgp_sequoia_internal.h"
   111 #elif defined(USE_NETPGP)
   112 #include "pgp_netpgp_internal.h"
   113 #elif defined(USE_GPG)
   114 #include "pgp_gpg_internal.h"
   115 #endif
   116 
   117 #include "keymanagement.h"
   118 #include "cryptotech.h"
   119 #include "transport.h"
   120 #include "sync_api.h"
   121 #include "Sync_func.h"
   122 
   123 #include "key_reset.h"
   124 
   125 #define NOT_IMPLEMENTED assert(0); return PEP_UNKNOWN_ERROR;
   126 
   127 struct _pEpSession;
   128 typedef struct _pEpSession pEpSession;
   129 struct _pEpSession {
   130     const char *version;
   131     messageToSend_t messageToSend;
   132 
   133 #ifdef USE_GPG
   134     gpgme_ctx_t ctx;
   135 #elif defined(USE_NETPGP)
   136     pEpNetPGPSession ctx;
   137 #elif defined(USE_SEQUOIA)
   138     sqlite3 *key_db;
   139     struct {
   140         sqlite3_stmt *begin_transaction;
   141         sqlite3_stmt *commit_transaction;
   142         sqlite3_stmt *rollback_transaction;
   143         sqlite3_stmt *tpk_find;
   144         sqlite3_stmt *tsk_find;
   145         sqlite3_stmt *tpk_find_by_keyid;
   146         sqlite3_stmt *tsk_find_by_keyid;
   147         sqlite3_stmt *tpk_find_by_email;
   148         sqlite3_stmt *tsk_find_by_email;
   149         sqlite3_stmt *tpk_all;
   150         sqlite3_stmt *tsk_all;
   151         sqlite3_stmt *tpk_save_insert_primary;
   152         sqlite3_stmt *tpk_save_insert_subkeys;
   153         sqlite3_stmt *tpk_save_insert_userids;
   154     } sq_sql;
   155 #endif
   156 
   157     PEP_cryptotech_t *cryptotech;
   158     PEP_transport_t *transports;
   159 
   160     sqlite3 *db;
   161     sqlite3 *system_db;
   162 
   163     sqlite3_stmt *log;
   164     sqlite3_stmt *trustword;
   165     sqlite3_stmt *get_identity;
   166     sqlite3_stmt *get_identity_without_trust_check;
   167     sqlite3_stmt *get_identities_by_address;
   168     sqlite3_stmt *get_identities_by_userid;
   169     sqlite3_stmt *get_identities_by_main_key_id;
   170     sqlite3_stmt *replace_identities_fpr;
   171     sqlite3_stmt *replace_main_user_fpr;
   172     sqlite3_stmt *get_main_user_fpr;
   173     sqlite3_stmt *refresh_userid_default_key;
   174     sqlite3_stmt *delete_key;
   175     sqlite3_stmt *remove_fpr_as_default;
   176     sqlite3_stmt *set_person;
   177     sqlite3_stmt *update_person;
   178     sqlite3_stmt *delete_person;
   179     sqlite3_stmt *exists_person;    
   180     sqlite3_stmt *set_as_pEp_user;
   181     sqlite3_stmt *is_pEp_user;
   182     sqlite3_stmt *add_into_social_graph;
   183     sqlite3_stmt *get_own_address_binding_from_contact;
   184     sqlite3_stmt *set_revoke_contact_as_notified;
   185     sqlite3_stmt *get_contacted_ids_from_revoke_fpr;
   186     sqlite3_stmt *was_id_for_revoke_contacted;
   187     sqlite3_stmt *get_last_contacted;
   188     // sqlite3_stmt *set_device_group;
   189     // sqlite3_stmt *get_device_group;
   190     sqlite3_stmt *set_pgp_keypair;
   191     sqlite3_stmt *set_identity_entry;
   192     sqlite3_stmt *update_identity_entry;
   193     sqlite3_stmt *exists_identity_entry;        
   194     sqlite3_stmt *set_identity_flags;
   195     sqlite3_stmt *unset_identity_flags;
   196     sqlite3_stmt *set_trust;
   197     sqlite3_stmt *update_trust;
   198     sqlite3_stmt *exists_trust_entry;
   199     sqlite3_stmt *update_trust_to_pEp;
   200     sqlite3_stmt *update_trust_for_fpr;
   201     sqlite3_stmt *get_trust;
   202     sqlite3_stmt *get_trust_by_userid;
   203     sqlite3_stmt *least_trust;
   204     sqlite3_stmt *mark_compromised;
   205     sqlite3_stmt *reset_trust;
   206     sqlite3_stmt *crashdump;
   207     sqlite3_stmt *languagelist;
   208     sqlite3_stmt *i18n_token;
   209     sqlite3_stmt *replace_userid;
   210 
   211     // blacklist
   212     sqlite3_stmt *blacklist_add;
   213     sqlite3_stmt *blacklist_delete;
   214     sqlite3_stmt *blacklist_is_listed;
   215     sqlite3_stmt *blacklist_retrieve;
   216     
   217     // Keys
   218     sqlite3_stmt *own_key_is_listed;
   219     sqlite3_stmt *is_own_address;
   220     sqlite3_stmt *own_identities_retrieve;
   221     sqlite3_stmt *own_keys_retrieve;
   222     sqlite3_stmt *get_user_default_key;
   223     sqlite3_stmt *get_all_keys_for_user;
   224         
   225     sqlite3_stmt *get_default_own_userid;
   226 
   227 
   228 //    sqlite3_stmt *set_own_key;
   229 
   230     // sequence value
   231     sqlite3_stmt *sequence_value1;
   232     sqlite3_stmt *sequence_value2;
   233 
   234     // revoked keys
   235     sqlite3_stmt *set_revoked;
   236     sqlite3_stmt *get_revoked;
   237     sqlite3_stmt *get_replacement_fpr;
   238 
   239     // mistrusted
   240     sqlite3_stmt* add_mistrusted_key;
   241     sqlite3_stmt* is_mistrusted_key;    
   242     sqlite3_stmt* delete_mistrusted_key;
   243     
   244     // aliases
   245     sqlite3_stmt *get_userid_alias_default;
   246     sqlite3_stmt *add_userid_alias;
   247 
   248     // callbacks
   249     examine_identity_t examine_identity;
   250     void *examine_management;
   251     notifyHandshake_t notifyHandshake;
   252     inject_sync_event_t inject_sync_event;
   253     retrieve_next_sync_event_t retrieve_next_sync_event;
   254 
   255     // pEp Sync
   256     void *sync_management;
   257     void *sync_obj;
   258     struct Sync_state_s sync_state;
   259     struct own_Sync_state_s own_sync_state;
   260 
   261 //     void* sync_state_payload;
   262 //     char sync_uuid[37];
   263 //     time_t LastCannotDecrypt;
   264 //     time_t LastUpdateRequest;
   265 
   266     // runtime config
   267 
   268     bool passive_mode;
   269     bool unencrypted_subject;
   270     bool service_log;
   271     
   272 #ifdef DEBUG_ERRORSTACK
   273     stringlist_t* errorstack;
   274 #endif
   275 };
   276 
   277 
   278 PEP_STATUS init_transport_system(PEP_SESSION session, bool in_first);
   279 void release_transport_system(PEP_SESSION session, bool out_last);
   280 
   281 /* NOT to be exposed to the outside!!! */
   282 PEP_STATUS encrypt_only(
   283         PEP_SESSION session, const stringlist_t *keylist, const char *ptext,
   284         size_t psize, char **ctext, size_t *csize
   285 );
   286 
   287 #if defined(NDEBUG) || defined(NOLOG)
   288 #define DEBUG_LOG(TITLE, ENTITY, DESC)
   289 #else
   290 #ifdef ANDROID
   291 #include <android/log.h>
   292 #define  LOG_MORE(...)  __android_log_print(ANDROID_LOG_DEBUG, "pEpEngine", " %s :: %s :: %s :: %s ", __VA_ARGS__);
   293 #else
   294 #include <stdio.h>
   295 #define  LOG_MORE(...)  fprintf(stderr, "pEpEngine DEBUG_LOG('%s','%s','%s','%s')\n", __VA_ARGS__);
   296 #endif
   297 #define DEBUG_LOG(TITLE, ENTITY, DESC) {\
   298     log_event(session, (TITLE), (ENTITY), (DESC), "debug " __FILE__ ":" S_LINE);\
   299     LOG_MORE((TITLE), (ENTITY), (DESC), __FILE__ ":" S_LINE)\
   300 }
   301 #endif
   302 
   303 typedef enum _normalize_hex_rest_t {
   304     accept_hex,
   305     ignore_hex,
   306     reject_hex
   307 } normalize_hex_res_t;
   308 
   309 static inline normalize_hex_res_t _normalize_hex(char *hex) 
   310 {
   311     if (*hex >= '0' && *hex <= '9')
   312         return accept_hex;
   313 
   314     if (*hex >= 'A' && *hex <= 'F') {
   315         *hex += 'a' - 'A';
   316         return accept_hex;
   317     }
   318 
   319     if (*hex >= 'a' && *hex <= 'f') 
   320         return accept_hex;
   321 
   322     if (*hex == ' ') 
   323         return ignore_hex;
   324 
   325     return reject_hex;
   326 }
   327 
   328 // Space tolerant and case insensitive fingerprint string compare
   329 static inline PEP_STATUS _compare_fprs(
   330         const char* fpra,
   331         size_t fpras,
   332         const char* fprb,
   333         size_t fprbs,
   334         int* comparison)
   335 {
   336 
   337     size_t ai = 0;
   338     size_t bi = 0;
   339     size_t significant = 0;
   340     int _comparison = 0;
   341     const int _FULL_FINGERPRINT_LENGTH = 40;
   342    
   343     // First compare every non-ignored chars until an end is reached
   344     while(ai < fpras && bi < fprbs)
   345     {
   346         char fprac = fpra[ai];
   347         char fprbc = fprb[bi];
   348         normalize_hex_res_t fprah = _normalize_hex(&fprac);
   349         normalize_hex_res_t fprbh = _normalize_hex(&fprbc);
   350 
   351         if(fprah == reject_hex || fprbh == reject_hex)
   352             return PEP_ILLEGAL_VALUE;
   353 
   354         if ( fprah == ignore_hex )
   355         {
   356             ai++;
   357         }
   358         else if ( fprbh == ignore_hex )
   359         {
   360             bi++;
   361         }
   362         else
   363         {
   364             if(fprac != fprbc && _comparison == 0 )
   365             {
   366                 _comparison = fprac > fprbc ? 1 : -1;
   367             }
   368 
   369             significant++;
   370             ai++;
   371             bi++;
   372 
   373         } 
   374     }
   375 
   376     // Bail out if we didn't got enough significnt chars
   377     if (significant != _FULL_FINGERPRINT_LENGTH )
   378         return PEP_TRUSTWORDS_FPR_WRONG_LENGTH;
   379 
   380     // Then purge remaining chars, all must be ignored chars
   381     while ( ai < fpras )
   382     {
   383         char fprac = fpra[ai];
   384         normalize_hex_res_t fprah = _normalize_hex(&fprac);
   385         if( fprah == reject_hex )
   386             return PEP_ILLEGAL_VALUE;
   387         if ( fprah != ignore_hex )
   388             return PEP_TRUSTWORDS_FPR_WRONG_LENGTH;
   389         ai++;
   390     }
   391     while ( bi < fprbs )
   392     {
   393         char fprbc = fprb[bi];
   394         normalize_hex_res_t fprbh = _normalize_hex(&fprbc);
   395         if( fprbh == reject_hex )
   396             return PEP_ILLEGAL_VALUE;
   397         if ( fprbh != ignore_hex )
   398             return PEP_TRUSTWORDS_FPR_WRONG_LENGTH;
   399         bi++;
   400     }
   401 
   402     *comparison = _comparison;
   403     return PEP_STATUS_OK;
   404 }
   405 
   406 static inline int _same_fpr(
   407         const char* fpra,
   408         size_t fpras,
   409         const char* fprb,
   410         size_t fprbs
   411     )
   412 {
   413     // illegal values are ignored, and considered not same.
   414     int comparison = 1;
   415 
   416     _compare_fprs(fpra, fpras, fprb, fprbs, &comparison);
   417 
   418     return comparison == 0;
   419 }
   420 
   421 // size is the length of the bytestr that's coming in. This is really only intended
   422 // for comparing two full strings. If charstr's length is different from bytestr_size,
   423 // we'll return a non-zero value.
   424 static inline int _unsigned_signed_strcmp(const unsigned char* bytestr, const char* charstr, int bytestr_size) {
   425     int charstr_len = strlen(charstr);
   426     if (charstr_len != bytestr_size)
   427         return -1; // we don't actually care except that it's non-zero
   428     return memcmp(bytestr, charstr, bytestr_size);
   429 }
   430 
   431 // This is just a horrible example of C type madness. UTF-8 made me do it.
   432 static inline char* _pEp_subj_copy() {
   433 #ifndef WIN32
   434     unsigned char pEpstr[] = PEP_SUBJ_STRING;
   435     void* retval = calloc(1, sizeof(unsigned char)*PEP_SUBJ_BYTELEN + 1);
   436     memcpy(retval, pEpstr, PEP_SUBJ_BYTELEN);
   437     return (char*)retval;
   438 #else
   439     return strdup("pEp");
   440 #endif
   441 }
   442 
   443 static inline bool is_me(PEP_SESSION session, pEp_identity* test_ident) {
   444     bool retval = false;
   445     if (test_ident && test_ident->user_id) {
   446         char* def_id = NULL;
   447         get_default_own_userid(session, &def_id);
   448         if (test_ident->me || 
   449             (def_id && strcmp(def_id, test_ident->user_id) == 0)) {
   450             retval = true;
   451         }
   452         free(def_id);
   453     }
   454     return retval;
   455 }
   456 
   457 #ifndef EMPTYSTR
   458 #define EMPTYSTR(STR) ((STR) == NULL || (STR)[0] == '\0')
   459 #endif
   460 
   461 #ifndef IS_PGP_CT
   462 #define IS_PGP_CT(CT) (((CT) | PEP_ct_confirmed) == PEP_ct_OpenPGP)
   463 #endif
   464 
   465 #ifndef _MIN
   466 #define _MIN(A, B) ((B) > (A) ? (A) : (B))
   467 #endif
   468 #ifndef _MAX
   469 #define _MAX(A, B) ((B) > (A) ? (B) : (A))
   470 #endif
   471 
   472 
   473 // These are globals used in generating message IDs and should only be
   474 // computed once, as they're either really constants or OS-dependent
   475 
   476 extern int _pEp_rand_max_bits;
   477 extern double _pEp_log2_36;
   478 
   479 static inline void _init_globals() {
   480     _pEp_rand_max_bits = (int) ceil(log2((double) RAND_MAX));
   481     _pEp_log2_36 = log2(36);
   482 }