src/pEp_internal.h
author Edouard Tisserant <edouard@pep-project.org>
Sun, 07 May 2017 13:45:04 +0200
branchENGINE-183
changeset 1752 6991834e731a
parent 1746 498b0671ff4e
child 1764 e1c31ee55aad
permissions -rw-r--r--
ENGINE-183 remove session.use_only_own_private_keys, and add existing priv keys to own_keys table at initial startup. Also added fpr from own_keys to own_key_is_listed, influencing result of ellect_own_key.
     1 // This file is under GNU General Public License 3.0
     2 // see LICENSE.txt
     3 
     4 #define PEP_ENGINE_VERSION "0.8.0"
     5 
     6 // maximum attachment size to import as key 1MB, maximum of 20 attachments
     7 
     8 #define MAX_KEY_SIZE (1024 * 1024)
     9 #define MAX_KEYS_TO_IMPORT  20
    10 
    11 // this is 20 trustwords with 79 chars max
    12 #define MAX_TRUSTWORDS_SPACE (20 * 80)
    13 
    14 // XML parameters string
    15 #define PARMS_MAX 32768
    16 
    17 // maximum busy wait time in ms
    18 #define BUSY_WAIT_TIME 5000
    19 
    20 // maximum line length for reading gpg.conf
    21 #define MAX_LINELENGTH 1024
    22 
    23 // default keyserver
    24 #ifndef DEFAULT_KEYSERVER
    25 #define DEFAULT_KEYSERVER "hkp://keys.gnupg.net"
    26 #endif
    27 
    28 // crashdump constants
    29 #ifndef CRASHDUMP_DEFAULT_LINES
    30 #define CRASHDUMP_DEFAULT_LINES 100
    31 #endif
    32 #define CRASHDUMP_MAX_LINES 32767
    33 
    34 #include "platform.h"
    35 
    36 #ifdef WIN32
    37 #define LOCAL_DB windoze_local_db()
    38 #define SYSTEM_DB windoze_system_db()
    39 #define LIBGPGME "libgpgme-11.dll"
    40 #else // UNIX
    41 #define _POSIX_C_SOURCE 200809L
    42 #include <dlfcn.h>
    43 #define LOCAL_DB unix_local_db()
    44 #ifndef SYSTEM_DB
    45 #define SYSTEM_DB "/usr/share/pEp/system.db"
    46 #endif
    47 #ifndef LIBGPGME
    48 #define LIBGPGME "libgpgme-pthread.so"
    49 #endif
    50 #endif
    51 
    52 #include <locale.h>
    53 #include <stdlib.h>
    54 #include <string.h>
    55 #include <assert.h>
    56 #include <stdio.h>
    57 #include <ctype.h>
    58 
    59 #include "sqlite3.h"
    60 
    61 #define _EXPORT_PEP_ENGINE_DLL
    62 #include "pEpEngine.h"
    63 
    64 // If not specified, build for GPG
    65 #ifndef USE_NETPGP
    66 #ifndef USE_GPG
    67 #define USE_GPG
    68 #endif
    69 #endif
    70 
    71 #ifdef USE_GPG
    72 #include "pgp_gpg_internal.h"
    73 #elif defined(USE_NETPGP)
    74 #include "pgp_netpgp_internal.h"
    75 #endif
    76 
    77 #include "keymanagement.h"
    78 #include "cryptotech.h"
    79 #include "transport.h"
    80 #include "sync.h"
    81 
    82 #define NOT_IMPLEMENTED assert(0); return PEP_UNKNOWN_ERROR;
    83 
    84 struct _pEpSession;
    85 typedef struct _pEpSession pEpSession;
    86 struct _pEpSession {
    87     const char *version;
    88 #ifdef USE_GPG
    89     gpgme_ctx_t ctx;
    90 #elif defined(USE_NETPGP)
    91     pEpNetPGPSession ctx;
    92 #endif
    93 
    94     PEP_cryptotech_t *cryptotech;
    95     PEP_transport_t *transports;
    96 
    97     sqlite3 *db;
    98     sqlite3 *system_db;
    99 
   100     sqlite3_stmt *log;
   101     sqlite3_stmt *trustword;
   102     sqlite3_stmt *get_identity;
   103     sqlite3_stmt *set_person;
   104     sqlite3_stmt *set_device_group;
   105     sqlite3_stmt *get_device_group;
   106     sqlite3_stmt *set_pgp_keypair;
   107     sqlite3_stmt *set_identity;
   108     sqlite3_stmt *set_identity_flags;
   109     sqlite3_stmt *unset_identity_flags;
   110     sqlite3_stmt *set_trust;
   111     sqlite3_stmt *get_trust;
   112     sqlite3_stmt *least_trust;
   113     sqlite3_stmt *mark_compromized;
   114     sqlite3_stmt *reset_trust;
   115     sqlite3_stmt *crashdump;
   116     sqlite3_stmt *languagelist;
   117     sqlite3_stmt *i18n_token;
   118 
   119     // blacklist
   120     sqlite3_stmt *blacklist_add;
   121     sqlite3_stmt *blacklist_delete;
   122     sqlite3_stmt *blacklist_is_listed;
   123     sqlite3_stmt *blacklist_retrieve;
   124     
   125     // Own keys
   126     sqlite3_stmt *own_key_is_listed;
   127     sqlite3_stmt *own_identities_retrieve;
   128     sqlite3_stmt *own_keys_retrieve;
   129     sqlite3_stmt *set_own_key;
   130 
   131     // sequence value
   132     sqlite3_stmt *sequence_value1;
   133     sqlite3_stmt *sequence_value2;
   134     sqlite3_stmt *sequence_value3;
   135 
   136     // revoked keys
   137     sqlite3_stmt *set_revoked;
   138     sqlite3_stmt *get_revoked;
   139 
   140     // callbacks
   141     examine_identity_t examine_identity;
   142     void *examine_management;
   143     void *sync_management;
   144     void *sync_obj;
   145     messageToSend_t messageToSend;
   146     notifyHandshake_t notifyHandshake;
   147     inject_sync_msg_t inject_sync_msg;
   148     retrieve_next_sync_msg_t retrieve_next_sync_msg;
   149 
   150     // key sync
   151     pEpSession* sync_session;
   152     DeviceState_state sync_state;
   153     void* sync_state_payload;
   154     char sync_uuid[37];
   155     time_t LastCannotDecrypt;
   156     time_t LastUpdateRequest;
   157 
   158     // runtime config
   159 
   160     bool passive_mode;
   161     bool unencrypted_subject;
   162     bool keep_sync_msg;
   163     
   164 };
   165 
   166 PEP_STATUS init_transport_system(PEP_SESSION session, bool in_first);
   167 void release_transport_system(PEP_SESSION session, bool out_last);
   168 
   169 /* NOT to be exposed to the outside!!! */
   170 PEP_STATUS encrypt_only(
   171         PEP_SESSION session, const stringlist_t *keylist, const char *ptext,
   172         size_t psize, char **ctext, size_t *csize
   173 );
   174 
   175 #ifdef NDEBUG
   176 #define DEBUG_LOG(TITLE, ENTITY, DESC)
   177 #else
   178 #ifdef ANDROID
   179 #include <android/log.h>
   180 #define  LOG_MORE(...)  __android_log_print(ANDROID_LOG_DEBUG, "pEpEngine", " %s :: %s :: %s ", __VA_ARGS__);
   181 #else
   182 #include <stdio.h>
   183 #define  LOG_MORE(...)  printf("pEpEngine DEBUG_LOG('%s','%s','%s')\n", __VA_ARGS__);
   184 #endif
   185 #define DEBUG_LOG(TITLE, ENTITY, DESC) {\
   186     log_event(session, (TITLE), (ENTITY), (DESC), "debug");\
   187     LOG_MORE((TITLE), (ENTITY), (DESC))\
   188 }
   189 #endif
   190 
   191 typedef enum _normalize_hex_rest_t {
   192     accept_hex,
   193     ignore_hex,
   194     reject_hex
   195 } normalize_hex_res_t;
   196 
   197 static inline normalize_hex_res_t _normalize_hex(char *hex) 
   198 {
   199     if (*hex >= '0' && *hex <= '9')
   200         return accept_hex;
   201 
   202     if (*hex >= 'A' && *hex <= 'F') {
   203         *hex += 'a' - 'A';
   204         return accept_hex;
   205     }
   206 
   207     if (*hex >= 'a' && *hex <= 'f') 
   208         return accept_hex;
   209 
   210     if (*hex == ' ') 
   211         return ignore_hex;
   212 
   213     return reject_hex;
   214 }
   215 
   216 // Space tolerant and case insensitive fingerprint string compare
   217 static inline PEP_STATUS _compare_fprs(
   218         const char* fpra,
   219         size_t fpras,
   220         const char* fprb,
   221         size_t fprbs,
   222         int* comparison)
   223 {
   224 
   225     size_t ai = 0;
   226     size_t bi = 0;
   227     size_t significant = 0;
   228     int _comparison = 0;
   229     const int _FULL_FINGERPRINT_LENGTH = 40;
   230    
   231     // First compare every non-ignored chars until an end is reached
   232     while(ai < fpras && bi < fprbs)
   233     {
   234         char fprac = fpra[ai];
   235         char fprbc = fprb[bi];
   236         normalize_hex_res_t fprah = _normalize_hex(&fprac);
   237         normalize_hex_res_t fprbh = _normalize_hex(&fprbc);
   238 
   239         if(fprah == reject_hex || fprbh == reject_hex)
   240             return PEP_ILLEGAL_VALUE;
   241 
   242         if ( fprah == ignore_hex )
   243         {
   244             ai++;
   245         }
   246         else if ( fprbh == ignore_hex )
   247         {
   248             bi++;
   249         }
   250         else
   251         {
   252             if(fprac != fprbc && _comparison == 0 )
   253             {
   254                 _comparison = fprac > fprbc ? 1 : -1;
   255             }
   256 
   257             significant++;
   258             ai++;
   259             bi++;
   260 
   261         } 
   262     }
   263 
   264     // Bail out if we didn't got enough significnt chars
   265     if (significant != _FULL_FINGERPRINT_LENGTH )
   266         return PEP_TRUSTWORDS_FPR_WRONG_LENGTH;
   267 
   268     // Then purge remaining chars, all must be ignored chars
   269     while ( ai < fpras )
   270     {
   271         char fprac = fpra[ai];
   272         normalize_hex_res_t fprah = _normalize_hex(&fprac);
   273         if( fprah == reject_hex )
   274             return PEP_ILLEGAL_VALUE;
   275         if ( fprah != ignore_hex )
   276             return PEP_TRUSTWORDS_FPR_WRONG_LENGTH;
   277         ai++;
   278     }
   279     while ( bi < fprbs )
   280     {
   281         char fprbc = fprb[bi];
   282         normalize_hex_res_t fprbh = _normalize_hex(&fprbc);
   283         if( fprbh == reject_hex )
   284             return PEP_ILLEGAL_VALUE;
   285         if ( fprbh != ignore_hex )
   286             return PEP_TRUSTWORDS_FPR_WRONG_LENGTH;
   287         bi++;
   288     }
   289 
   290     *comparison = _comparison;
   291     return PEP_STATUS_OK;
   292 }
   293 
   294 static inline int _same_fpr(
   295         const char* fpra,
   296         size_t fpras,
   297         const char* fprb,
   298         size_t fprbs
   299     )
   300 {
   301     // illegal values are ignored, and considered not same.
   302     int comparison = 1;
   303 
   304     _compare_fprs(fpra, fpras, fprb, fprbs, &comparison);
   305 
   306     return comparison == 0;
   307 }