src/pgp_sequoia.c
author Neal H. Walfield <neal@pep.foundation>
Sat, 01 Jun 2019 14:50:15 +0200
branchneal/tpk-cache
changeset 3798 8c5a4548b7d1
parent 3797 657dc02b1cc3
permissions -rw-r--r--
Sequoia: Add a TPK cache

- It's not unusual for the engine to use the same key multiple times
in a row, e.g., to get a key's rating and then encrypt to it. The
engine references keys by fingerprint.

- This change introduces a single entry cache so that we can avoid
querying the DB and parsing & verifying the TPK multiple times in
these cases.
     1 // This file is under GNU General Public License 3.0
     2 // see LICENSE.txt
     3 
     4 #pragma clang diagnostic ignored "-Wgnu-zero-variadic-macro-arguments"
     5 
     6 #define _GNU_SOURCE 1
     7 
     8 #include "platform.h"
     9 #include "pEp_internal.h"
    10 #include "pgp_gpg.h"
    11 
    12 #include <limits.h>
    13 #include <sys/stat.h>
    14 #include <sys/types.h>
    15 
    16 #include "wrappers.h"
    17 
    18 #define TRACING 0
    19 #ifndef TRACING
    20 #  ifndef NDEBUG
    21 #    define TRACING 0
    22 #  else
    23 #    define TRACING 1
    24 #  endif
    25 #endif
    26 
    27 // enable tracing if in debugging mode
    28 #if TRACING
    29 #include "status_to_string.h"
    30 
    31 #  ifdef ANDROID
    32 #    include <android/log.h>
    33 #    define _T(...) do {                                                \
    34         __android_log_print(ANDROID_LOG_DEBUG, "pEpEngine-sequoia",     \
    35                             ##__VA_ARGS__);                             \
    36     } while (0)
    37 #  else
    38 #    define _T(...) do {                        \
    39         fprintf(stderr, ##__VA_ARGS__);         \
    40     } while (0)
    41 #  endif
    42 #else
    43 #  define _T(...) do { } while (0)
    44 #endif
    45 
    46 // Show the start of a tracepoint (i.e., don't print a newline).
    47 #define TC(...) do {       \
    48     _T("%s: ", __func__);  \
    49     _T(__VA_ARGS__);       \
    50 } while (0)
    51 
    52 // Show a trace point.
    53 #  define T(...) do {  \
    54     TC(__VA_ARGS__); \
    55     _T("\n");          \
    56 } while(0)
    57 
    58 // Verbosely displays errors.
    59 #  define DUMP_STATUS(__de_sq_status, __de_pep_status, ...) do { \
    60     TC(__VA_ARGS__);                                            \
    61     _T(": ");                                                   \
    62     if (__de_sq_status) {                                       \
    63         _T("Sequoia: %s => ", pgp_status_to_string(__de_sq_status));   \
    64     }                                                           \
    65     _T("%s\n", pEp_status_to_string(__de_pep_status));          \
    66 } while(0)
    67 
    68 #  define DUMP_ERR(__de_err, __de_status, ...) do {             \
    69     TC(__VA_ARGS__);                                            \
    70     _T(": ");                                                   \
    71     if (__de_err) {                                             \
    72         _T("Sequoia: %s => ", pgp_error_to_string(__de_err));   \
    73         pgp_error_free(__de_err);                               \
    74     }                                                           \
    75     _T("%s\n", pEp_status_to_string(__de_status));              \
    76 } while(0)
    77 
    78 // If __ec_status is an error, then disable the error, set 'status' to
    79 // it, and jump to 'out'.
    80 #define ERROR_OUT(__e_err, __ec_status, ...) do {                   \
    81     PEP_STATUS ___ec_status = (__ec_status);                        \
    82     if ((___ec_status) != PEP_STATUS_OK) {                          \
    83         DUMP_ERR((__e_err), (___ec_status), ##__VA_ARGS__);         \
    84         status = (___ec_status);                                    \
    85         goto out;                                                   \
    86     }                                                               \
    87 } while(0)
    88 
    89 PEP_STATUS pgp_config_cipher_suite(PEP_SESSION session,
    90         PEP_CIPHER_SUITE suite)
    91 {
    92     switch (suite) {
    93         // supported cipher suites
    94         case PEP_CIPHER_SUITE_RSA2K:
    95         case PEP_CIPHER_SUITE_RSA3K:
    96         case PEP_CIPHER_SUITE_CV25519:
    97         case PEP_CIPHER_SUITE_P256:
    98         case PEP_CIPHER_SUITE_P384:
    99         case PEP_CIPHER_SUITE_P521:
   100             session->cipher_suite = suite;
   101             return PEP_STATUS_OK;
   102 
   103         case PEP_CIPHER_SUITE_DEFAULT:
   104             session->cipher_suite = PEP_CIPHER_SUITE_RSA2K;
   105             return PEP_STATUS_OK;
   106 
   107         // unsupported cipher suites
   108         default:
   109             session->cipher_suite = PEP_CIPHER_SUITE_RSA2K;
   110             return PEP_CANNOT_CONFIG;
   111     }
   112 }
   113 
   114 static pgp_tpk_cipher_suite_t cipher_suite(PEP_CIPHER_SUITE suite)
   115 {
   116     switch (suite) {
   117         // supported cipher suites
   118         case PEP_CIPHER_SUITE_RSA2K:
   119             return PGP_TPK_CIPHER_SUITE_RSA2K;
   120         case PEP_CIPHER_SUITE_RSA3K:
   121             return PGP_TPK_CIPHER_SUITE_RSA3K;
   122         case PEP_CIPHER_SUITE_CV25519:
   123             return PGP_TPK_CIPHER_SUITE_CV25519;
   124         case PEP_CIPHER_SUITE_P256:
   125             return PGP_TPK_CIPHER_SUITE_P256;
   126         case PEP_CIPHER_SUITE_P384:
   127             return PGP_TPK_CIPHER_SUITE_P384;
   128         case PEP_CIPHER_SUITE_P521:
   129             return PGP_TPK_CIPHER_SUITE_P521;
   130         default:
   131             return PGP_TPK_CIPHER_SUITE_RSA2K;
   132     }
   133 }
   134 
   135 int email_cmp(void *cookie, int a_len, const void *a, int b_len, const void *b)
   136 {
   137     pgp_packet_t a_userid = pgp_user_id_from_raw (a, a_len);
   138     pgp_packet_t b_userid = pgp_user_id_from_raw (b, b_len);
   139 
   140     T("(%.*s, %.*s)", a_len, (const char *) a, b_len, (const char *) b);
   141 
   142     char *a_address = NULL;
   143     pgp_user_id_address_normalized(NULL, a_userid, &a_address);
   144     if (!a_address)
   145         pgp_user_id_other(NULL, a_userid, &a_address);
   146 
   147     char *b_address = NULL;
   148     pgp_user_id_address_normalized(NULL, b_userid, &b_address);
   149     if (!b_address)
   150         pgp_user_id_other(NULL, b_userid, &b_address);
   151 
   152     pgp_packet_free(a_userid);
   153     pgp_packet_free(b_userid);
   154 
   155     // return an integer that is negative, zero, or positive if the
   156     // first string is less than, equal to, or greater than the
   157     // second, respectively.
   158     int result;
   159     if (!a_address && !b_address)
   160         result = 0;
   161     else if (!a_address)
   162         result = -1;
   163     else if (!b_address)
   164         result = 1;
   165     else
   166         result = strcmp(a_address, b_address);
   167 
   168     if (true) {
   169         T("'%s' %s '%s'",
   170           a_address,
   171           result == 0 ? "==" : result < 0 ? "<" : ">",
   172           b_address);
   173     }
   174 
   175     free(a_address);
   176     free(b_address);
   177 
   178     return result;
   179 }
   180 
   181 PEP_STATUS pgp_init(PEP_SESSION session, bool in_first)
   182 {
   183     PEP_STATUS status = PEP_STATUS_OK;
   184 
   185 #define PEP_KEYS_PATH "/.pEp_keys.db"
   186 
   187     // Create the home directory.
   188     char *home_env = NULL;
   189 #ifndef NDEBUG
   190     home_env = getenv("PEP_HOME");
   191 #endif
   192     if (!home_env)
   193         home_env = getenv("HOME");
   194     if (!home_env)
   195         ERROR_OUT(NULL, PEP_INIT_GPGME_INIT_FAILED, "HOME unset");
   196 
   197     // Create the DB and initialize it.
   198     size_t path_size = strlen(home_env) + sizeof(PEP_KEYS_PATH);
   199     char *path = (char *) calloc(1, path_size);
   200     assert(path);
   201     if (!path)
   202         ERROR_OUT(NULL, PEP_OUT_OF_MEMORY, "out of memory");
   203 
   204     int r = snprintf(path, path_size, "%s" PEP_KEYS_PATH, home_env);
   205     assert(r >= 0 && r < path_size);
   206     if (r < 0)
   207         ERROR_OUT(NULL, PEP_UNKNOWN_ERROR, "snprintf");
   208 
   209     int sqlite_result;
   210     sqlite_result = sqlite3_open_v2(path,
   211                                     &session->key_db,
   212                                     SQLITE_OPEN_READWRITE
   213                                     | SQLITE_OPEN_CREATE
   214                                     | SQLITE_OPEN_FULLMUTEX
   215                                     | SQLITE_OPEN_PRIVATECACHE,
   216                                     NULL);
   217     free(path);
   218     if (sqlite_result != SQLITE_OK)
   219         ERROR_OUT(NULL, PEP_INIT_CANNOT_OPEN_DB,
   220                   "opening keys DB: %s", sqlite3_errmsg(session->key_db));
   221 
   222     sqlite_result = sqlite3_exec(session->key_db,
   223                                  "PRAGMA secure_delete=true;\n"
   224                                  "PRAGMA foreign_keys=true;\n"
   225                                  "PRAGMA locking_mode=NORMAL;\n"
   226                                  "PRAGMA journal_mode=WAL;\n",
   227                                  NULL, NULL, NULL);
   228     if (sqlite_result != SQLITE_OK)
   229         ERROR_OUT(NULL, PEP_INIT_CANNOT_OPEN_DB,
   230                   "setting pragmas: %s", sqlite3_errmsg(session->key_db));
   231 
   232     sqlite3_busy_timeout(session->key_db, BUSY_WAIT_TIME);
   233 
   234     sqlite_result =
   235         sqlite3_create_collation(session->key_db,
   236                                 "EMAIL",
   237                                 SQLITE_UTF8,
   238                                 /* pArg (cookie) */ NULL,
   239                                 email_cmp);
   240     if (sqlite_result != SQLITE_OK)
   241         ERROR_OUT(NULL, PEP_INIT_CANNOT_OPEN_DB,
   242                   "registering EMAIL collation function: %s",
   243                   sqlite3_errmsg(session->key_db));
   244 
   245     sqlite_result = sqlite3_exec(session->key_db,
   246                                  "CREATE TABLE IF NOT EXISTS keys (\n"
   247                                  "   primary_key TEXT UNIQUE PRIMARY KEY,\n"
   248                                  "   secret BOOLEAN,\n"
   249                                  "   tpk BLOB\n"
   250                                  ");\n"
   251                                  "CREATE INDEX IF NOT EXISTS keys_index\n"
   252                                  "  ON keys (primary_key, secret)\n",
   253                                  NULL, NULL, NULL);
   254     if (sqlite_result != SQLITE_OK)
   255         ERROR_OUT(NULL, PEP_INIT_CANNOT_OPEN_DB,
   256                   "creating keys table: %s",
   257                   sqlite3_errmsg(session->key_db));
   258 
   259     sqlite_result = sqlite3_exec(session->key_db,
   260                                  "CREATE TABLE IF NOT EXISTS subkeys (\n"
   261                                  "   subkey TEXT NOT NULL,\n"
   262                                  "   primary_key TEXT NOT NULL,\n"
   263                                  "   UNIQUE(subkey, primary_key),\n"
   264                                  "   FOREIGN KEY (primary_key)\n"
   265                                  "       REFERENCES keys(primary_key)\n"
   266                                  "     ON DELETE CASCADE\n"
   267                                  ");\n"
   268                                  "CREATE INDEX IF NOT EXISTS subkeys_index\n"
   269                                  "  ON subkeys (subkey, primary_key)\n",
   270                                  NULL, NULL, NULL);
   271     if (sqlite_result != SQLITE_OK)
   272         ERROR_OUT(NULL, PEP_INIT_CANNOT_OPEN_DB,
   273                   "creating subkeys table: %s",
   274                   sqlite3_errmsg(session->key_db));
   275 
   276     sqlite_result = sqlite3_exec(session->key_db,
   277                                  "CREATE TABLE IF NOT EXISTS userids (\n"
   278                                  "   userid TEXT NOT NULL COLLATE EMAIL,\n"
   279                                  "   primary_key TEXT NOT NULL,\n"
   280                                  "   UNIQUE(userid, primary_key),\n"
   281                                  "   FOREIGN KEY (primary_key)\n"
   282                                  "       REFERENCES keys(primary_key)\n"
   283                                  "     ON DELETE CASCADE\n"
   284                                  ");\n"
   285                                  "CREATE INDEX IF NOT EXISTS userids_index\n"
   286                                  "  ON userids (userid COLLATE EMAIL, primary_key)\n",
   287                                  NULL, NULL, NULL);
   288     if (sqlite_result != SQLITE_OK)
   289         ERROR_OUT(NULL, PEP_INIT_CANNOT_OPEN_DB,
   290                   "creating userids table: %s",
   291                   sqlite3_errmsg(session->key_db));
   292 
   293     sqlite_result
   294         = sqlite3_prepare_v2(session->key_db, "begin transaction",
   295                              -1, &session->sq_sql.begin_transaction, NULL);
   296     assert(sqlite_result == SQLITE_OK);
   297 
   298     sqlite_result
   299         = sqlite3_prepare_v2(session->key_db, "commit transaction",
   300                              -1, &session->sq_sql.commit_transaction, NULL);
   301     assert(sqlite_result == SQLITE_OK);
   302 
   303     sqlite_result
   304         = sqlite3_prepare_v2(session->key_db, "rollback transaction",
   305                              -1, &session->sq_sql.rollback_transaction, NULL);
   306     assert(sqlite_result == SQLITE_OK);
   307 
   308     sqlite_result
   309         = sqlite3_prepare_v2(session->key_db,
   310                              "SELECT tpk, secret FROM keys"
   311                              " WHERE primary_key == ?",
   312                              -1, &session->sq_sql.tpk_find, NULL);
   313     assert(sqlite_result == SQLITE_OK);
   314 
   315     sqlite_result
   316         = sqlite3_prepare_v2(session->key_db,
   317                              "SELECT tpk, secret FROM keys"
   318                              " WHERE primary_key == ? and secret == 1",
   319                              -1, &session->sq_sql.tsk_find, NULL);
   320     assert(sqlite_result == SQLITE_OK);
   321 
   322     sqlite_result
   323         = sqlite3_prepare_v2(session->key_db,
   324                              "SELECT tpk, secret FROM subkeys"
   325                              " LEFT JOIN keys"
   326                              "  ON subkeys.primary_key == keys.primary_key"
   327                              " WHERE subkey == ?",
   328                              -1, &session->sq_sql.tpk_find_by_keyid, NULL);
   329     assert(sqlite_result == SQLITE_OK);
   330 
   331     sqlite_result
   332         = sqlite3_prepare_v2(session->key_db,
   333                              "SELECT tpk, secret FROM subkeys"
   334                              " LEFT JOIN keys"
   335                              "  ON subkeys.primary_key == keys.primary_key"
   336                              " WHERE subkey == ?",
   337                              -1, &session->sq_sql.tpk_find_by_keyid, NULL);
   338     assert(sqlite_result == SQLITE_OK);
   339 
   340     sqlite_result
   341         = sqlite3_prepare_v2(session->key_db,
   342                              "SELECT tpk, secret FROM subkeys"
   343                              " LEFT JOIN keys"
   344                              "  ON subkeys.primary_key == keys.primary_key"
   345                              " WHERE subkey == ? and keys.secret == 1",
   346                              -1, &session->sq_sql.tsk_find_by_keyid, NULL);
   347     assert(sqlite_result == SQLITE_OK);
   348 
   349     sqlite_result
   350         = sqlite3_prepare_v2(session->key_db,
   351                              "SELECT tpk, secret FROM userids"
   352                              " LEFT JOIN keys"
   353                              "  ON userids.primary_key == keys.primary_key"
   354                              " WHERE userid == ?",
   355                              -1, &session->sq_sql.tpk_find_by_email, NULL);
   356     assert(sqlite_result == SQLITE_OK);
   357 
   358     sqlite_result
   359         = sqlite3_prepare_v2(session->key_db,
   360                              "SELECT tpk, secret FROM userids"
   361                              " LEFT JOIN keys"
   362                              "  ON userids.primary_key == keys.primary_key"
   363                              " WHERE userid == ? and keys.secret == 1",
   364                              -1, &session->sq_sql.tsk_find_by_email, NULL);
   365     assert(sqlite_result == SQLITE_OK);
   366 
   367     sqlite_result
   368         = sqlite3_prepare_v2(session->key_db,
   369                              "select tpk, secret from keys",
   370                              -1, &session->sq_sql.tpk_all, NULL);
   371     assert(sqlite_result == SQLITE_OK);
   372 
   373     sqlite_result
   374         = sqlite3_prepare_v2(session->key_db,
   375                              "select tpk, secret from keys where secret = 1",
   376                              -1, &session->sq_sql.tsk_all, NULL);
   377     assert(sqlite_result == SQLITE_OK);
   378 
   379     sqlite_result
   380         = sqlite3_prepare_v2(session->key_db,
   381                              "INSERT OR REPLACE INTO keys"
   382                              "   (primary_key, secret, tpk)"
   383                              " VALUES (?, ?, ?)",
   384                              -1, &session->sq_sql.tpk_save_insert_primary, NULL);
   385     assert(sqlite_result == SQLITE_OK);
   386 
   387     sqlite_result
   388         = sqlite3_prepare_v2(session->key_db,
   389                              "INSERT OR REPLACE INTO subkeys"
   390                              "   (subkey, primary_key)"
   391                              " VALUES (?, ?)",
   392                              -1, &session->sq_sql.tpk_save_insert_subkeys, NULL);
   393     assert(sqlite_result == SQLITE_OK);
   394 
   395     sqlite_result
   396         = sqlite3_prepare_v2(session->key_db,
   397                              "INSERT OR REPLACE INTO userids"
   398                              "   (userid, primary_key)"
   399                              " VALUES (?, ?)",
   400                              -1, &session->sq_sql.tpk_save_insert_userids, NULL);
   401     assert(sqlite_result == SQLITE_OK);
   402 
   403     sqlite_result
   404         = sqlite3_prepare_v2(session->key_db,
   405                              "DELETE FROM keys WHERE primary_key = ?",
   406                              -1, &session->sq_sql.delete_keypair, NULL);
   407     assert(sqlite_result == SQLITE_OK);
   408 
   409  out:
   410     if (status != PEP_STATUS_OK)
   411         pgp_release(session, in_first);
   412     return status;
   413 }
   414 
   415 void pgp_release(PEP_SESSION session, bool out_last)
   416 {
   417     sqlite3_stmt **stmts = (sqlite3_stmt **) &session->sq_sql;
   418     for (int i = 0; i < sizeof(session->sq_sql) / sizeof(*stmts); i ++)
   419         if (stmts[i]) {
   420             sqlite3_finalize(stmts[i]);
   421             stmts[i] = NULL;
   422         }
   423 
   424     if (session->key_db) {
   425         int result = sqlite3_close_v2(session->key_db);
   426         if (result != 0)
   427             DUMP_ERR(NULL, PEP_UNKNOWN_ERROR,
   428                      "Closing key DB: sqlite3_close_v2: %s",
   429                      sqlite3_errstr(result));
   430         session->key_db = NULL;
   431     }
   432 }
   433 
   434 // Ensures that a fingerprint is in canonical form.  A canonical
   435 // fingerprint doesn't contain any white space.
   436 //
   437 // This function does *not* consume fpr.
   438 static char *pgp_fingerprint_canonicalize(const char *) __attribute__((nonnull));
   439 static char *pgp_fingerprint_canonicalize(const char *fpr)
   440 {
   441     pgp_fingerprint_t pgp_fpr = pgp_fingerprint_from_hex(fpr);
   442     char *fpr_canonicalized = pgp_fingerprint_to_hex(pgp_fpr);
   443     pgp_fingerprint_free(pgp_fpr);
   444 
   445     return fpr_canonicalized;
   446 }
   447 
   448 // step statement and load the tpk and secret.
   449 static PEP_STATUS key_load(PEP_SESSION, sqlite3_stmt *, pgp_tpk_t *, int *)
   450     __attribute__((nonnull(1, 2)));
   451 static PEP_STATUS key_load(PEP_SESSION session, sqlite3_stmt *stmt,
   452                            pgp_tpk_t *tpkp, int *secretp)
   453 {
   454     PEP_STATUS status = PEP_STATUS_OK;
   455     int sqlite_result = Sqlite3_step(stmt);
   456     switch (sqlite_result) {
   457     case SQLITE_ROW:
   458         if (tpkp) {
   459             int data_len = sqlite3_column_bytes(stmt, 0);
   460             const void *data = sqlite3_column_blob(stmt, 0);
   461 
   462             pgp_error_t err = NULL;
   463             *tpkp = pgp_tpk_from_bytes(&err, data, data_len);
   464             if (!*tpkp)
   465                 ERROR_OUT(err, PEP_GET_KEY_FAILED, "parsing TPK");
   466         }
   467 
   468         if (secretp)
   469             *secretp = sqlite3_column_int(stmt, 1);
   470 
   471         break;
   472     case SQLITE_DONE:
   473         // Got nothing.
   474         status = PEP_KEY_NOT_FOUND;
   475         break;
   476     default:
   477         ERROR_OUT(NULL, PEP_UNKNOWN_ERROR,
   478                   "stepping: %s", sqlite3_errmsg(session->key_db));
   479     }
   480 
   481  out:
   482     T(" -> %s", pEp_status_to_string(status));
   483     return status;
   484 }
   485 
   486 // step statement until exhausted and load the tpks.
   487 static PEP_STATUS key_loadn(PEP_SESSION, sqlite3_stmt *, pgp_tpk_t **, int *)
   488     __attribute__((nonnull));
   489 static PEP_STATUS key_loadn(PEP_SESSION session, sqlite3_stmt *stmt,
   490                             pgp_tpk_t **tpksp, int *tpks_countp)
   491 {
   492     PEP_STATUS status = PEP_STATUS_OK;
   493     int tpks_count = 0;
   494     int tpks_capacity = 8;
   495     pgp_tpk_t *tpks = calloc(tpks_capacity, sizeof(pgp_tpk_t));
   496     if (!tpks)
   497         ERROR_OUT(NULL, PEP_OUT_OF_MEMORY, "out of memory");
   498 
   499     for (;;) {
   500         pgp_tpk_t tpk = NULL;
   501         status = key_load(session, stmt, &tpk, NULL);
   502         if (status == PEP_KEY_NOT_FOUND) {
   503             status = PEP_STATUS_OK;
   504             break;
   505         }
   506         ERROR_OUT(NULL, status, "loading TPK");
   507 
   508         if (tpks_count == tpks_capacity) {
   509             tpks_capacity *= 2;
   510             tpks = realloc(tpks, sizeof(tpks[0]) * tpks_capacity);
   511             if (!tpks)
   512                 ERROR_OUT(NULL, PEP_OUT_OF_MEMORY, "tpks");
   513         }
   514         tpks[tpks_count ++] = tpk;
   515     }
   516 
   517  out:
   518     if (status != PEP_STATUS_OK) {
   519         for (int i = 0; i < tpks_count; i ++)
   520             pgp_tpk_free(tpks[i]);
   521         free(tpks);
   522     } else {
   523         *tpksp = tpks;
   524         *tpks_countp = tpks_count;
   525     }
   526 
   527     T(" -> %s (%d tpks)", pEp_status_to_string(status), *tpks_countp);
   528     return status;
   529 }
   530 
   531 struct tpk_cache {
   532     // The TPK's (primary key's) fingerprint.
   533     pgp_fingerprint_t fpr;
   534     pgp_tpk_t tpk;
   535     int inserts;
   536     int hits;
   537     int misses;
   538 };
   539 
   540 #define TPK_CACHE_FMT "(%d hits, %d misses, %d%% hit rate, %d inserts)"
   541 #define TPK_CACHE_PRINTF(o) \
   542     (o.hits), (o.misses), (((o.hits + 1) * 100) / (o.misses + 1)), (o.inserts)
   543 
   544 static __thread struct tpk_cache tpk_cache;
   545 
   546 static pgp_tpk_t tpk_cache_lookup(pgp_fingerprint_t fpr)
   547 {
   548     if (tpk_cache.fpr && pgp_fingerprint_equal(tpk_cache.fpr, fpr)) {
   549         T("HIT: found %s in tpk cache! "TPK_CACHE_FMT,
   550           pgp_fingerprint_to_string(fpr), TPK_CACHE_PRINTF(tpk_cache));
   551         tpk_cache.hits ++;
   552         return pgp_tpk_clone(tpk_cache.tpk);
   553     } else {
   554         T("MISS: %s not in tpk cache (%s)! "TPK_CACHE_FMT,
   555           pgp_fingerprint_to_string(fpr),
   556           tpk_cache.fpr ? pgp_fingerprint_to_string(tpk_cache.fpr) : " (empty)",
   557           TPK_CACHE_PRINTF(tpk_cache));
   558         tpk_cache.misses ++;
   559         return NULL;
   560     }
   561 }
   562 
   563 static pgp_tpk_t tpk_cache_lookup_keyid(pgp_keyid_t keyid)
   564 {
   565     if (! tpk_cache.fpr) {
   566         tpk_cache.hits ++;
   567         T("MISS: %s not in tpk cache (empty)! "TPK_CACHE_FMT,
   568           pgp_keyid_to_string(keyid),
   569           TPK_CACHE_PRINTF(tpk_cache));
   570         return NULL;
   571     }
   572 
   573     pgp_keyid_t cache_keyid = pgp_fingerprint_to_keyid(tpk_cache.fpr);
   574     if (pgp_keyid_equal(cache_keyid, keyid)) {
   575         T("HIT: found %s in tpk cache! "TPK_CACHE_FMT,
   576           pgp_keyid_to_string(keyid),
   577           TPK_CACHE_PRINTF(tpk_cache));
   578         return pgp_tpk_clone(tpk_cache.tpk);
   579     } else {
   580         T("MISS: %s not in tpk cache (%s)! "TPK_CACHE_FMT,
   581           pgp_keyid_to_string(keyid),
   582           pgp_fingerprint_to_string(tpk_cache.fpr),
   583           TPK_CACHE_PRINTF(tpk_cache));
   584         tpk_cache.misses ++;
   585         return NULL;
   586     }
   587 }
   588 
   589 static void tpk_cache_clear(void)
   590 {
   591     T("Clearing tpk cache. "TPK_CACHE_FMT, TPK_CACHE_PRINTF(tpk_cache));
   592 
   593     if (tpk_cache.fpr) {
   594         // Evict the old entry.
   595         pgp_fingerprint_free(tpk_cache.fpr);
   596         tpk_cache.fpr = NULL;
   597 
   598         pgp_tpk_free(tpk_cache.tpk);
   599         tpk_cache.tpk = NULL;
   600     }
   601 }
   602 
   603 static void tpk_cache_insert(pgp_tpk_t tpk)
   604 {
   605     pgp_fingerprint_t fpr = pgp_tpk_fingerprint(tpk);
   606     if (! fpr)
   607         return;
   608 
   609     tpk_cache_clear();
   610 
   611     T("Inserting %s into tpk cache", pgp_fingerprint_to_string(fpr));
   612     tpk_cache.inserts ++;
   613 
   614     // Insert the new one.
   615     tpk_cache.fpr = fpr;
   616     tpk_cache.tpk = pgp_tpk_clone(tpk);
   617 }
   618 
   619 // Returns the TPK identified by the provided fingerprint.
   620 //
   621 // This function only matches on the primary key!
   622 static PEP_STATUS tpk_find(PEP_SESSION, pgp_fingerprint_t, int, pgp_tpk_t *, int *)
   623     __attribute__((nonnull(1, 2)));
   624 static PEP_STATUS tpk_find(PEP_SESSION session,
   625                            pgp_fingerprint_t fpr, int private_only,
   626                            pgp_tpk_t *tpk, int *secret)
   627 {
   628     PEP_STATUS status = PEP_STATUS_OK;
   629     char *fpr_str = pgp_fingerprint_to_hex(fpr);
   630     sqlite3_stmt *stmt = NULL;
   631 
   632     T("(%s, %d)", fpr_str, private_only);
   633 
   634     if (! private_only && tpk) {
   635         *tpk = tpk_cache_lookup(fpr);
   636         if (*tpk)
   637             goto out;
   638     }
   639 
   640     stmt = private_only ? session->sq_sql.tsk_find : session->sq_sql.tpk_find;
   641     sqlite3_bind_text(stmt, 1, fpr_str, -1, SQLITE_STATIC);
   642 
   643     status = key_load(session, stmt, tpk, secret);
   644     ERROR_OUT(NULL, status, "Looking up %s", fpr_str);
   645 
   646     if (tpk && *tpk)
   647         tpk_cache_insert(*tpk);
   648 
   649  out:
   650     if (stmt)
   651         sqlite3_reset(stmt);
   652     T("(%s, %d) -> %s", fpr_str, private_only, pEp_status_to_string(status));
   653     free(fpr_str);
   654     return status;
   655 }
   656 
   657 // Returns the TPK identified by the provided keyid.
   658 //
   659 // This function matches on both primary keys and subkeys!
   660 //
   661 // Note: There can be multiple TPKs for a given keyid.  This can
   662 // occur, because an encryption subkey can be bound to multiple TPKs.
   663 // Also, it is possible to collide key ids.  If there are multiple key
   664 // ids for a given key, this just returns one of them.
   665 //
   666 // If private_only is set, this will only consider TPKs with some
   667 // secret key material.
   668 static PEP_STATUS tpk_find_by_keyid_hex(PEP_SESSION, const char *, int, pgp_tpk_t *, int *)
   669   __attribute__((nonnull(1, 2)));
   670 static PEP_STATUS tpk_find_by_keyid_hex(
   671         PEP_SESSION session, const char *keyid_hex, int private_only,
   672         pgp_tpk_t *tpkp, int *secretp)
   673 {
   674     PEP_STATUS status = PEP_STATUS_OK;
   675     sqlite3_stmt *stmt = NULL;
   676 
   677     T("(%s, %d)", keyid_hex, private_only);
   678 
   679     if (! private_only && tpkp) {
   680         pgp_keyid_t keyid = pgp_keyid_from_hex(keyid_hex);
   681         *tpkp = tpk_cache_lookup_keyid(keyid);
   682         pgp_keyid_free(keyid);
   683         if (*tpkp)
   684             goto out;
   685     }
   686 
   687     stmt = private_only ? session->sq_sql.tsk_find_by_keyid : session->sq_sql.tpk_find_by_keyid;
   688     sqlite3_bind_text(stmt, 1, keyid_hex, -1, SQLITE_STATIC);
   689 
   690     status = key_load(session, stmt, tpkp, secretp);
   691     ERROR_OUT(NULL, status, "Looking up %s", keyid_hex);
   692 
   693     if (tpkp && *tpkp)
   694         tpk_cache_insert(*tpkp);
   695 
   696  out:
   697     if (stmt)
   698         sqlite3_reset(stmt);
   699     T("(%s, %d) -> %s", keyid_hex, private_only, pEp_status_to_string(status));
   700     return status;
   701 }
   702 
   703 // See tpk_find_by_keyid_hex.
   704 PEP_STATUS tpk_find_by_keyid(PEP_SESSION, pgp_keyid_t, int, pgp_tpk_t *, int *)
   705     __attribute__((nonnull(1, 2)));
   706 PEP_STATUS tpk_find_by_keyid(PEP_SESSION session,
   707                              pgp_keyid_t keyid, int private_only,
   708                              pgp_tpk_t *tpkp, int *secretp)
   709 {
   710     char *keyid_hex = pgp_keyid_to_hex(keyid);
   711     if (! keyid_hex)
   712         return PEP_OUT_OF_MEMORY;
   713     PEP_STATUS status
   714         = tpk_find_by_keyid_hex(session, keyid_hex, private_only, tpkp, secretp);
   715     free(keyid_hex);
   716     return status;
   717 }
   718 
   719 // See tpk_find_by_keyid_hex.
   720 static PEP_STATUS tpk_find_by_fpr(PEP_SESSION, pgp_fingerprint_t, int,
   721                                   pgp_tpk_t *, int *)
   722     __attribute__((nonnull(1, 2)));
   723 static PEP_STATUS tpk_find_by_fpr(
   724     PEP_SESSION session, pgp_fingerprint_t fpr, int private_only,
   725     pgp_tpk_t *tpkp, int *secretp)
   726 {
   727     pgp_keyid_t keyid = pgp_fingerprint_to_keyid(fpr);
   728     if (! keyid)
   729         return PEP_OUT_OF_MEMORY;
   730     PEP_STATUS status
   731         = tpk_find_by_keyid(session, keyid, private_only, tpkp, secretp);
   732     pgp_keyid_free(keyid);
   733     return status;
   734 }
   735 
   736 // See tpk_find_by_keyid_hex.
   737 static PEP_STATUS tpk_find_by_fpr_hex(PEP_SESSION, const char *, int, pgp_tpk_t *, int *secret)
   738     __attribute__((nonnull(1, 2)));
   739 static PEP_STATUS tpk_find_by_fpr_hex(
   740     PEP_SESSION session, const char *fpr, int private_only,
   741     pgp_tpk_t *tpkp, int *secretp)
   742 {
   743     pgp_fingerprint_t pgp_fpr = pgp_fingerprint_from_hex(fpr);
   744     if (! pgp_fpr)
   745         return PEP_OUT_OF_MEMORY;
   746     PEP_STATUS status
   747         = tpk_find_by_fpr(session, pgp_fpr, private_only, tpkp, secretp);
   748     pgp_fingerprint_free(pgp_fpr);
   749     return status;
   750 }
   751 
   752 // Returns all known TPKs.
   753 static PEP_STATUS tpk_all(PEP_SESSION, int, pgp_tpk_t **, int *) __attribute__((nonnull));
   754 static PEP_STATUS tpk_all(PEP_SESSION session, int private_only,
   755                           pgp_tpk_t **tpksp, int *tpks_countp) {
   756     PEP_STATUS status = PEP_STATUS_OK;
   757     sqlite3_stmt *stmt = private_only ? session->sq_sql.tsk_all : session->sq_sql.tpk_all;
   758     status = key_loadn(session, stmt, tpksp, tpks_countp);
   759     ERROR_OUT(NULL, status, "loading TPKs");
   760  out:
   761     sqlite3_reset(stmt);
   762     return status;
   763 }
   764 
   765 // Returns keys that have a user id that matches the specified pattern.
   766 //
   767 // The keys returned must be freed using pgp_tpk_free.
   768 static PEP_STATUS tpk_find_by_email(PEP_SESSION, const char *, int, pgp_tpk_t **, int *)
   769     __attribute__((nonnull));
   770 static PEP_STATUS tpk_find_by_email(PEP_SESSION session,
   771                                     const char *pattern, int private_only,
   772                                     pgp_tpk_t **tpksp, int *countp)
   773 {
   774     PEP_STATUS status = PEP_STATUS_OK;
   775     T("(%s)", pattern);
   776 
   777     sqlite3_stmt *stmt
   778         = private_only ? session->sq_sql.tsk_find_by_email : session->sq_sql.tpk_find_by_email;
   779     sqlite3_bind_text(stmt, 1, pattern, -1, SQLITE_STATIC);
   780 
   781     status = key_loadn(session, stmt, tpksp, countp);
   782     ERROR_OUT(NULL, status, "Searching for '%s'", pattern);
   783 
   784     if (*tpksp && *countp > 0)
   785         tpk_cache_insert((*tpksp)[0]);
   786 
   787  out:
   788     sqlite3_reset(stmt);
   789     T("(%s) -> %s (%d results)", pattern, pEp_status_to_string(status), *countp);
   790     return status;
   791 }
   792 
   793 
   794 // Saves the specified TPK.
   795 //
   796 // This function takes ownership of TPK.
   797 static PEP_STATUS tpk_save(PEP_SESSION, pgp_tpk_t, identity_list **)
   798     __attribute__((nonnull(1, 2)));
   799 static PEP_STATUS tpk_save(PEP_SESSION session, pgp_tpk_t tpk,
   800                            identity_list **private_idents)
   801 {
   802     PEP_STATUS status = PEP_STATUS_OK;
   803     pgp_error_t err = NULL;
   804     pgp_fingerprint_t pgp_fpr = NULL;
   805     char *fpr = NULL;
   806     void *tsk_buffer = NULL;
   807     size_t tsk_buffer_len = 0;
   808     int tried_commit = 0;
   809     pgp_tpk_key_iter_t key_iter = NULL;
   810     pgp_user_id_binding_iter_t user_id_iter = NULL;
   811     char *email = NULL;
   812     char *name = NULL;
   813 
   814     pgp_fpr = pgp_tpk_fingerprint(tpk);
   815     fpr = pgp_fingerprint_to_hex(pgp_fpr);
   816     T("(%s, private_idents: %s)", fpr, private_idents ? "yes" : "no");
   817 
   818     sqlite3_stmt *stmt = session->sq_sql.begin_transaction;
   819     int sqlite_result = Sqlite3_step(stmt);
   820     sqlite3_reset(stmt);
   821     if (sqlite_result != SQLITE_DONE)
   822         ERROR_OUT(NULL, PEP_UNKNOWN_ERROR,
   823                   "begin transaction failed: %s",
   824                   sqlite3_errmsg(session->key_db));
   825 
   826     // Make sure we read from the DB.
   827     tpk_cache_clear();
   828 
   829     // Merge any existing data into TPK.
   830     pgp_tpk_t current = NULL;
   831     status = tpk_find(session, pgp_fpr, false, &current, NULL);
   832     if (status == PEP_KEY_NOT_FOUND)
   833         status = PEP_STATUS_OK;
   834     else
   835         ERROR_OUT(NULL, status, "Looking up %s", fpr);
   836     if (current) {
   837         tpk = pgp_tpk_merge(&err, tpk, current);
   838         if (! tpk)
   839             ERROR_OUT(err, PEP_UNKNOWN_ERROR, "Merging TPKs");
   840     }
   841 
   842     int is_tsk = pgp_tpk_is_tsk(tpk);
   843 
   844     // Serialize it.
   845     pgp_writer_t writer = pgp_writer_alloc(&tsk_buffer, &tsk_buffer_len);
   846     if (! writer)
   847         ERROR_OUT(NULL, PEP_OUT_OF_MEMORY, "out of memory");
   848 
   849     pgp_status_t pgp_status;
   850     pgp_tsk_t tsk = pgp_tpk_as_tsk(tpk);
   851     pgp_status = pgp_tsk_serialize(&err, tsk, writer);
   852     pgp_tsk_free(tsk);
   853     //pgp_writer_free(writer);
   854     if (pgp_status != 0)
   855         ERROR_OUT(err, PEP_UNKNOWN_ERROR, "Serializing TPK");
   856 
   857 
   858     // Insert the TSK into the DB.
   859     stmt = session->sq_sql.tpk_save_insert_primary;
   860     sqlite3_bind_text(stmt, 1, fpr, -1, SQLITE_STATIC);
   861     sqlite3_bind_int(stmt, 2, is_tsk);
   862     sqlite3_bind_blob(stmt, 3, tsk_buffer, tsk_buffer_len, SQLITE_STATIC);
   863 
   864     sqlite_result = Sqlite3_step(stmt);
   865     sqlite3_reset(stmt);
   866     if (sqlite_result != SQLITE_DONE)
   867         ERROR_OUT(NULL, PEP_UNKNOWN_ERROR,
   868                   "Saving TPK: %s", sqlite3_errmsg(session->key_db));
   869 
   870     // Insert the "subkeys" (the primary key and the subkeys).
   871     stmt = session->sq_sql.tpk_save_insert_subkeys;
   872     // This inserts all of the keys in the TPK, i.e., revoked and
   873     // expired keys, which is what we want.
   874     key_iter = pgp_tpk_key_iter_all(tpk);
   875     pgp_key_t key;
   876     while ((key = pgp_tpk_key_iter_next(key_iter, NULL, NULL))) {
   877         pgp_keyid_t keyid = pgp_key_keyid(key);
   878         char *keyid_hex = pgp_keyid_to_hex(keyid);
   879         sqlite3_bind_text(stmt, 1, keyid_hex, -1, SQLITE_STATIC);
   880         sqlite3_bind_text(stmt, 2, fpr, -1, SQLITE_STATIC);
   881 
   882         sqlite_result = Sqlite3_step(stmt);
   883         sqlite3_reset(stmt);
   884         free(keyid_hex);
   885         pgp_keyid_free(keyid);
   886         if (sqlite_result != SQLITE_DONE) {
   887             pgp_tpk_key_iter_free(key_iter);
   888             ERROR_OUT(NULL, PEP_UNKNOWN_ERROR,
   889                       "Updating subkeys: %s", sqlite3_errmsg(session->key_db));
   890         }
   891     }
   892     pgp_tpk_key_iter_free(key_iter);
   893     key_iter = NULL;
   894 
   895     // Insert the "userids".
   896     stmt = session->sq_sql.tpk_save_insert_userids;
   897     user_id_iter = pgp_tpk_user_id_binding_iter(tpk);
   898     pgp_user_id_binding_t binding;
   899     int first = 1;
   900     while ((binding = pgp_user_id_binding_iter_next(user_id_iter))) {
   901         char *user_id_value = pgp_user_id_binding_user_id(binding);
   902         if (!user_id_value || !*user_id_value)
   903             continue;
   904 
   905         // Ignore bindings with a self-revocation certificate, but no
   906         // self-signature.
   907         if (!pgp_user_id_binding_selfsig(binding)) {
   908             free(user_id_value);
   909             continue;
   910         }
   911 
   912         free(name);
   913         name = NULL;
   914         free(email);
   915         email = NULL;
   916 
   917         pgp_packet_t userid = pgp_user_id_new (user_id_value);
   918         pgp_user_id_name(NULL, userid, &name);
   919         pgp_user_id_address_or_other(NULL, userid, &email);
   920         pgp_packet_free(userid);
   921         free(user_id_value);
   922 
   923         if (email) {
   924             T("  userid: %s", email);
   925 
   926             sqlite3_bind_text(stmt, 1, email, -1, SQLITE_STATIC);
   927             sqlite3_bind_text(stmt, 2, fpr, -1, SQLITE_STATIC);
   928 
   929             sqlite_result = Sqlite3_step(stmt);
   930             sqlite3_reset(stmt);
   931 
   932             if (sqlite_result != SQLITE_DONE) {
   933                 pgp_user_id_binding_iter_free(user_id_iter);
   934                 ERROR_OUT(NULL, PEP_UNKNOWN_ERROR,
   935                           "Updating userids: %s", sqlite3_errmsg(session->key_db));
   936             }
   937         }
   938 
   939         if (first && private_idents && is_tsk) {
   940             first = 0;
   941 
   942             // Create an identity for the primary user id.
   943             pEp_identity *ident = new_identity(email, fpr, NULL, name);
   944             if (ident == NULL)
   945                 ERROR_OUT(NULL, PEP_OUT_OF_MEMORY, "new_identity");
   946 
   947             *private_idents = identity_list_add(*private_idents, ident);
   948             if (*private_idents == NULL)
   949                 ERROR_OUT(NULL, PEP_OUT_OF_MEMORY, "identity_list_add");
   950         }
   951 
   952     }
   953     pgp_user_id_binding_iter_free(user_id_iter);
   954     user_id_iter = NULL;
   955 
   956     // It's essential that we at least clear the cache.
   957     tpk_cache_insert(tpk);
   958  out:
   959     // Prevent ERROR_OUT from causing an infinite loop.
   960     if (! tried_commit) {
   961         tried_commit = 1;
   962         stmt = status == PEP_STATUS_OK
   963             ? session->sq_sql.commit_transaction
   964             : session->sq_sql.rollback_transaction;
   965         int sqlite_result = Sqlite3_step(stmt);
   966         sqlite3_reset(stmt);
   967         if (sqlite_result != SQLITE_DONE)
   968             ERROR_OUT(NULL, PEP_UNKNOWN_ERROR,
   969                       status == PEP_STATUS_OK
   970                       ? "commit failed: %s" : "rollback failed: %s",
   971                       sqlite3_errmsg(session->key_db));
   972     }
   973 
   974     T("(%s) -> %s", fpr, pEp_status_to_string(status));
   975 
   976     free(email);
   977     free(name);
   978     if (user_id_iter)
   979         pgp_user_id_binding_iter_free(user_id_iter);
   980     if (key_iter)
   981         pgp_tpk_key_iter_free(key_iter);
   982     if (stmt)
   983       sqlite3_reset(stmt);
   984     free(tsk_buffer);
   985     if (tpk)
   986         pgp_tpk_free(tpk);
   987     free(fpr);
   988     pgp_fingerprint_free(pgp_fpr);
   989 
   990     return status;
   991 }
   992 
   993 struct decrypt_cookie {
   994     PEP_SESSION session;
   995     int get_secret_keys_called;
   996     stringlist_t *recipient_keylist;
   997     stringlist_t *signer_keylist;
   998     int good_checksums;
   999     int good_but_expired;
  1000     int good_but_revoked;
  1001     int missing_keys;
  1002     int bad_checksums;
  1003 
  1004     // Whether we decrypted anything.
  1005     int decrypted;
  1006 
  1007     // The filename stored in the literal data packet.  Note: this is
  1008     // *not* protected by the signature and should not be trusted!!!
  1009     char *filename;
  1010 };
  1011 
  1012 static pgp_status_t
  1013 get_public_keys_cb(void *cookie_raw,
  1014                    pgp_keyid_t *keyids, size_t keyids_len,
  1015                    pgp_tpk_t **tpks, size_t *tpk_len,
  1016                    void (**our_free)(void *))
  1017 {
  1018     struct decrypt_cookie *cookie = cookie_raw;
  1019     PEP_SESSION session = cookie->session;
  1020 
  1021     *tpks = calloc(keyids_len, sizeof(*tpks));
  1022     if (!*tpks)
  1023         return PGP_STATUS_UNKNOWN_ERROR;
  1024     *our_free = free;
  1025 
  1026     int i, j;
  1027     j = 0;
  1028     for (i = 0; i < keyids_len; i ++) {
  1029         pgp_tpk_t tpk = NULL;
  1030         PEP_STATUS status
  1031             = tpk_find_by_keyid(session, keyids[i], false, &tpk, NULL);
  1032         if (status == PEP_STATUS_OK)
  1033             (*tpks)[j ++] = tpk;
  1034     }
  1035     *tpk_len = j;
  1036     return PGP_STATUS_SUCCESS;
  1037 }
  1038 
  1039 static pgp_status_t
  1040 decrypt_cb(void *cookie_opaque,
  1041            pgp_pkesk_t *pkesks, size_t pkesk_count,
  1042            pgp_skesk_t *skesks, size_t skesk_count,
  1043            pgp_decryptor_do_decrypt_cb_t *decrypt,
  1044            void *decrypt_cookie,
  1045            pgp_fingerprint_t *identity_out)
  1046 {
  1047     pgp_error_t err = NULL;
  1048     struct decrypt_cookie *cookie = cookie_opaque;
  1049     PEP_SESSION session = cookie->session;
  1050     pgp_tpk_t *tsks = NULL;
  1051     int tsks_count = 0;
  1052     int wildcards = 0;
  1053 
  1054     if (cookie->get_secret_keys_called)
  1055         // Prevent iterations, which isn't needed since we don't
  1056         // support SKESKs.
  1057         return PGP_STATUS_UNKNOWN_ERROR;
  1058     cookie->get_secret_keys_called = 1;
  1059 
  1060     T("%zd PKESKs", pkesk_count);
  1061 
  1062     for (int i = 0; i < pkesk_count; i ++) {
  1063         pgp_pkesk_t pkesk = pkesks[i];
  1064         pgp_keyid_t keyid = pgp_pkesk_recipient(pkesk); /* Reference. */
  1065         char *keyid_str = pgp_keyid_to_hex(keyid);
  1066         pgp_tpk_key_iter_t key_iter = NULL;
  1067         pgp_session_key_t sk = NULL;
  1068 
  1069         T("Considering PKESK for %s", keyid_str);
  1070 
  1071         if (strcmp(keyid_str, "0000000000000000") == 0) {
  1072             // Initially ignore wildcards.
  1073             wildcards = 1;
  1074             goto eol;
  1075         }
  1076 
  1077         // Collect the recipients.  Note: we must return the primary
  1078         // key's fingerprint.
  1079         pgp_tpk_t tpk = NULL;
  1080         int is_tsk = 0;
  1081         if (tpk_find_by_keyid(session, keyid, false, &tpk, &is_tsk) != PEP_STATUS_OK)
  1082             goto eol;
  1083 
  1084         pgp_fingerprint_t fp = pgp_tpk_fingerprint(tpk);
  1085         char *fp_string = pgp_fingerprint_to_hex(fp);
  1086         stringlist_add_unique(cookie->recipient_keylist, fp_string);
  1087         free(fp_string);
  1088         pgp_fingerprint_free(fp);
  1089 
  1090         if (cookie->decrypted)
  1091             goto eol;
  1092 
  1093         // See if we have the secret key.
  1094         assert(is_tsk == pgp_tpk_is_tsk(tpk));
  1095         if (! is_tsk)
  1096             goto eol;
  1097 
  1098         key_iter = pgp_tpk_key_iter_all(tpk);
  1099         pgp_key_t key;
  1100         while ((key = pgp_tpk_key_iter_next(key_iter, NULL, NULL))) {
  1101             pgp_keyid_t this_keyid = pgp_key_keyid(key);
  1102             char *this_keyid_hex = pgp_keyid_to_hex(this_keyid);
  1103             pgp_keyid_free(this_keyid);
  1104 
  1105             int match = strcmp(keyid_str, this_keyid_hex) == 0;
  1106             free(this_keyid_hex);
  1107             if (match)
  1108                 break;
  1109         }
  1110 
  1111         if (key == NULL) {
  1112             assert(!"Inconsistent DB: key doesn't contain a subkey with keyid!");
  1113             goto eol;
  1114         }
  1115 
  1116         uint8_t algo;
  1117         uint8_t session_key[1024];
  1118         size_t session_key_len = sizeof(session_key);
  1119         if (pgp_pkesk_decrypt(&err, pkesk, key, &algo,
  1120                               session_key, &session_key_len) != 0) {
  1121             DUMP_ERR(err, PEP_UNKNOWN_ERROR, "pgp_pkesk_decrypt");
  1122             goto eol;
  1123         }
  1124 
  1125         sk = pgp_session_key_from_bytes (session_key, session_key_len);
  1126         pgp_status_t status;
  1127         if ((status = decrypt (decrypt_cookie, algo, sk))) {
  1128             DUMP_STATUS(status, PEP_UNKNOWN_ERROR, "decrypt_cb");
  1129             goto eol;
  1130         }
  1131 
  1132         T("Decrypted PKESK for %s", keyid_str);
  1133 
  1134         *identity_out = pgp_tpk_fingerprint(tpk);
  1135         cookie->decrypted = 1;
  1136 
  1137     eol:
  1138         if (sk)
  1139             pgp_session_key_free (sk);
  1140         free(keyid_str);
  1141         if (key_iter)
  1142             pgp_tpk_key_iter_free(key_iter);
  1143         if (tpk)
  1144             pgp_tpk_free(tpk);
  1145     }
  1146 
  1147     // Consider wildcard recipients.
  1148     if (wildcards) for (int i = 0; i < pkesk_count && !cookie->decrypted; i ++) {
  1149         pgp_pkesk_t pkesk = pkesks[i];
  1150         pgp_keyid_t keyid = pgp_pkesk_recipient(pkesk); /* Reference. */
  1151         char *keyid_str = pgp_keyid_to_hex(keyid);
  1152         pgp_tpk_key_iter_t key_iter = NULL;
  1153         pgp_session_key_t sk = NULL;
  1154 
  1155         if (strcmp(keyid_str, "0000000000000000") != 0)
  1156             goto eol2;
  1157 
  1158         if (!tsks) {
  1159             if (tpk_all(session, true, &tsks, &tsks_count) != PEP_STATUS_OK) {
  1160                 DUMP_ERR(NULL, PEP_UNKNOWN_ERROR, "Getting all tsks");
  1161             }
  1162         }
  1163 
  1164         for (int j = 0; j < tsks_count; j ++) {
  1165             pgp_tpk_t tsk = tsks[j];
  1166 
  1167             key_iter = pgp_tpk_key_iter_all(tsk);
  1168             pgp_key_t key;
  1169             pgp_signature_t selfsig;
  1170             while ((key = pgp_tpk_key_iter_next(key_iter, &selfsig, NULL))) {
  1171                 if (! (pgp_signature_can_encrypt_at_rest(selfsig)
  1172                        || pgp_signature_can_encrypt_for_transport(selfsig)))
  1173                     continue;
  1174 
  1175                 fprintf(stderr, "key: %s\n", pgp_key_debug(key));
  1176 
  1177                 // Note: for decryption to appear to succeed, we must
  1178                 // get a valid algorithm (8 of 256 values) and a
  1179                 // 16-bit checksum must match.  Thus, we have about a
  1180                 // 1 in 2**21 chance of having a false positive here.
  1181                 uint8_t algo;
  1182                 uint8_t session_key[1024];
  1183                 size_t session_key_len = sizeof(session_key);
  1184                 if (pgp_pkesk_decrypt(&err, pkesk, key,
  1185                                       &algo, session_key, &session_key_len)) {
  1186                     pgp_error_free(err);
  1187                     err = NULL;
  1188                     continue;
  1189                 }
  1190 
  1191                 // Add it to the recipient list.
  1192                 pgp_fingerprint_t fp = pgp_tpk_fingerprint(tsk);
  1193                 char *fp_string = pgp_fingerprint_to_hex(fp);
  1194                 T("wildcard recipient appears to be %s", fp_string);
  1195                 stringlist_add_unique(cookie->recipient_keylist, fp_string);
  1196                 free(fp_string);
  1197                 pgp_fingerprint_free(fp);
  1198 
  1199                 pgp_session_key_t sk = pgp_session_key_from_bytes (session_key,
  1200                                                                    session_key_len);
  1201                 pgp_status_t status;
  1202                 if ((status = decrypt (decrypt_cookie, algo, sk))) {
  1203                     DUMP_STATUS(status, PEP_UNKNOWN_ERROR, "decrypt_cb");
  1204                     goto eol2;
  1205                 }
  1206 
  1207                 *identity_out = pgp_tpk_fingerprint(tsk);
  1208                 cookie->decrypted = 1;
  1209 
  1210                 break;
  1211             }
  1212 
  1213             pgp_tpk_key_iter_free(key_iter);
  1214             key_iter = NULL;
  1215         }
  1216     eol2:
  1217         if (sk)
  1218             pgp_session_key_free (sk);
  1219         free(keyid_str);
  1220         if (key_iter)
  1221             pgp_tpk_key_iter_free(key_iter);
  1222     }
  1223 
  1224     if (tsks) {
  1225         for (int i = 0; i < tsks_count; i ++)
  1226             pgp_tpk_free(tsks[i]);
  1227         free(tsks);
  1228     }
  1229 
  1230     return cookie->decrypted ? PGP_STATUS_SUCCESS : PGP_STATUS_UNKNOWN_ERROR;
  1231 }
  1232 
  1233 static pgp_status_t
  1234 check_signatures_cb(void *cookie_opaque, pgp_message_structure_t structure)
  1235 {
  1236     struct decrypt_cookie *cookie = cookie_opaque;
  1237     PEP_SESSION session = cookie->session;
  1238 
  1239     pgp_message_structure_iter_t iter
  1240         = pgp_message_structure_iter (structure);
  1241     for (pgp_message_layer_t layer = pgp_message_structure_iter_next (iter);
  1242          layer;
  1243          layer = pgp_message_structure_iter_next (iter)) {
  1244         pgp_verification_result_iter_t results;
  1245 
  1246         switch (pgp_message_layer_variant (layer)) {
  1247         case PGP_MESSAGE_LAYER_COMPRESSION:
  1248         case PGP_MESSAGE_LAYER_ENCRYPTION:
  1249             break;
  1250 
  1251         case PGP_MESSAGE_LAYER_SIGNATURE_GROUP:
  1252             pgp_message_layer_signature_group(layer, &results);
  1253             pgp_verification_result_t result;
  1254             while ((result = pgp_verification_result_iter_next (results))) {
  1255                 pgp_signature_t sig;
  1256                 pgp_keyid_t keyid = NULL;
  1257                 char *keyid_str = NULL;
  1258 
  1259                 switch (pgp_verification_result_variant (result)) {
  1260                 case PGP_VERIFICATION_RESULT_GOOD_CHECKSUM:
  1261                     // We need to add the fingerprint of the primary
  1262                     // key to cookie->signer_keylist.
  1263 
  1264                     pgp_verification_result_good_checksum (result, &sig, NULL,
  1265                                                            NULL, NULL, NULL);
  1266 
  1267                     // First try looking up by the TPK using the
  1268                     // IssuerFingerprint subpacket.
  1269                     pgp_fingerprint_t fpr
  1270                         = pgp_signature_issuer_fingerprint(sig);
  1271                     if (fpr) {
  1272                         // Even though we have a fingerprint, we have
  1273                         // to look the key up by keyid, because we
  1274                         // want to match on subkeys and we only store
  1275                         // keyids for subkeys.
  1276                         keyid = pgp_fingerprint_to_keyid(fpr);
  1277                         pgp_fingerprint_free(fpr);
  1278                     } else {
  1279                         // That is not available, try using the Issuer
  1280                         // subpacket.
  1281                         keyid = pgp_signature_issuer(sig);
  1282                     }
  1283 
  1284                     if (! keyid) {
  1285                         T("signature with no Issuer or Issuer Fingerprint subpacket!");
  1286                         goto eol;
  1287                     }
  1288 
  1289                     pgp_tpk_t tpk;
  1290                     if (tpk_find_by_keyid(session, keyid, false,
  1291                                           &tpk, NULL) != PEP_STATUS_OK)
  1292                         ; // Soft error.  Ignore.
  1293 
  1294                     keyid_str = pgp_keyid_to_string (keyid);
  1295 
  1296                     if (tpk) {
  1297                         // Ok, we have a TPK.
  1298 
  1299                         // We need the primary key's fingerprint (not
  1300                         // the issuer fingerprint).
  1301                         pgp_fingerprint_t primary_fpr
  1302                             = pgp_tpk_fingerprint(tpk);
  1303                         char *primary_fpr_str
  1304                             = pgp_fingerprint_to_hex(primary_fpr);
  1305 
  1306                         bool good = true;
  1307 
  1308                         // Make sure the TPK is not revoked, it's
  1309                         // creation time is <= now, and it hasn't
  1310                         // expired.
  1311                         pgp_revocation_status_t rs = pgp_tpk_revocation_status(tpk);
  1312                         bool revoked = (pgp_revocation_status_variant(rs)
  1313                                         == PGP_REVOCATION_STATUS_REVOKED);
  1314                         pgp_revocation_status_free(rs);
  1315                         if (revoked) {
  1316                             T("TPK %s is revoked.", primary_fpr_str);
  1317                             good = false;
  1318                             cookie->good_but_revoked ++;
  1319                         } else if (! pgp_tpk_alive(tpk)) {
  1320                             T("TPK %s is not alive.", primary_fpr_str);
  1321                             good = false;
  1322                             cookie->good_but_expired ++;
  1323                         }
  1324 
  1325                         // Same thing for the signing key.
  1326                         if (good) {
  1327                             pgp_tpk_key_iter_t iter = pgp_tpk_key_iter_all(tpk);
  1328                             pgp_key_t key;
  1329                             pgp_signature_t sig;
  1330                             while ((key = pgp_tpk_key_iter_next(iter, &sig, &rs))
  1331                                    && good) {
  1332                                 pgp_keyid_t x = pgp_key_keyid(key);
  1333                                 if (pgp_keyid_equal(keyid, x)) {
  1334                                     // Found the signing key.  Let's make
  1335                                     // sure it is valid.
  1336 
  1337                                     revoked = (pgp_revocation_status_variant(rs)
  1338                                                == PGP_REVOCATION_STATUS_REVOKED);
  1339                                     if (revoked) {
  1340                                         T("TPK %s's signing key %s is revoked.",
  1341                                           primary_fpr_str, keyid_str);
  1342                                         good = false;
  1343                                         cookie->good_but_revoked ++;
  1344                                     } else if (! pgp_signature_key_alive(sig, key)) {
  1345                                         T("TPK %s's signing key %s is expired.",
  1346                                           primary_fpr_str, keyid_str);
  1347                                         good = false;
  1348                                         cookie->good_but_expired ++;
  1349                                     }
  1350                                 }
  1351                                 pgp_keyid_free(x);
  1352                                 pgp_revocation_status_free(rs);
  1353                                 pgp_signature_free(sig);
  1354                                 pgp_key_free(key);
  1355                             }
  1356                             pgp_tpk_key_iter_free(iter);
  1357                         }
  1358 
  1359                         if (good) {
  1360                             stringlist_add_unique(cookie->signer_keylist,
  1361                                                   primary_fpr_str);
  1362 
  1363                             T("Good signature from %s", primary_fpr_str);
  1364 
  1365                             cookie->good_checksums ++;
  1366                         }
  1367 
  1368                         free(primary_fpr_str);
  1369                         pgp_fingerprint_free(primary_fpr);
  1370                         pgp_tpk_free(tpk);
  1371                     } else {
  1372                         // If we get
  1373                         // PGP_VERIFICATION_RESULT_CODE_GOOD_CHECKSUM,
  1374                         // then the TPK should be available.  But,
  1375                         // another process could have deleted the key
  1376                         // from the store in the mean time, so be
  1377                         // tolerant.
  1378                         T("Key to check signature from %s disappeared",
  1379                           keyid_str);
  1380                         cookie->missing_keys ++;
  1381                     }
  1382                     break;
  1383 
  1384                 case PGP_VERIFICATION_RESULT_MISSING_KEY:
  1385                     pgp_verification_result_missing_key (result, &sig);
  1386                     keyid = pgp_signature_issuer (sig);
  1387                     keyid_str = pgp_keyid_to_string (keyid);
  1388                     T("No key to check signature from %s", keyid_str);
  1389 
  1390                     cookie->missing_keys ++;
  1391                     break;
  1392 
  1393                 case PGP_VERIFICATION_RESULT_BAD_CHECKSUM:
  1394                     pgp_verification_result_bad_checksum (result, &sig);
  1395                     keyid = pgp_signature_issuer (sig);
  1396                     if (keyid) {
  1397                         keyid_str = pgp_keyid_to_string (keyid);
  1398                         T("Bad signature from %s", keyid_str);
  1399                     } else {
  1400                         T("Bad signature without issuer information");
  1401                     }
  1402 
  1403                     cookie->bad_checksums ++;
  1404                     break;
  1405 
  1406                 default:
  1407                     assert (! "reachable");
  1408                 }
  1409 
  1410             eol:
  1411                 free (keyid_str);
  1412                 pgp_signature_free (sig);
  1413                 pgp_verification_result_free (result);
  1414             }
  1415             pgp_verification_result_iter_free (results);
  1416             break;
  1417 
  1418         default:
  1419             assert (! "reachable");
  1420         }
  1421 
  1422         pgp_message_layer_free (layer);
  1423     }
  1424 
  1425     pgp_message_structure_iter_free (iter);
  1426     pgp_message_structure_free (structure);
  1427 
  1428     return PGP_STATUS_SUCCESS;
  1429 }
  1430 
  1431 static pgp_status_t inspect_cb(
  1432     void *cookie_opaque, pgp_packet_parser_t pp)
  1433 {
  1434     struct decrypt_cookie *cookie = cookie_opaque;
  1435 
  1436     pgp_packet_t packet = pgp_packet_parser_packet(pp);
  1437     assert(packet);
  1438 
  1439     pgp_tag_t tag = pgp_packet_tag(packet);
  1440 
  1441     T("%s", pgp_tag_to_string(tag));
  1442 
  1443     if (tag == PGP_TAG_LITERAL) {
  1444         pgp_literal_t literal = pgp_packet_ref_literal(packet);
  1445         cookie->filename = pgp_literal_filename(literal);
  1446         pgp_literal_free(literal);
  1447     }
  1448 
  1449     pgp_packet_free(packet);
  1450 
  1451     return 0;
  1452 }
  1453 
  1454 PEP_STATUS pgp_decrypt_and_verify(
  1455     PEP_SESSION session, const char *ctext, size_t csize,
  1456     const char *dsigtext, size_t dsigsize,
  1457     char **ptext, size_t *psize, stringlist_t **keylist,
  1458     char** filename_ptr)
  1459 {
  1460     PEP_STATUS status = PEP_STATUS_OK;
  1461     struct decrypt_cookie cookie = { session, 0, NULL, NULL, 0, 0, 0, 0, 0, 0, NULL };
  1462     pgp_reader_t reader = NULL;
  1463     pgp_writer_t writer = NULL;
  1464     pgp_reader_t decryptor = NULL;
  1465     *ptext = NULL;
  1466     *psize = 0;
  1467 
  1468     // XXX: We don't yet handle detached signatures over encrypted
  1469     // messages.
  1470     assert(!dsigtext);
  1471 
  1472     cookie.recipient_keylist = new_stringlist(NULL);
  1473     if (!cookie.recipient_keylist)
  1474         ERROR_OUT(NULL, PEP_OUT_OF_MEMORY, "recipient_keylist");
  1475 
  1476     cookie.signer_keylist = new_stringlist(NULL);
  1477     if (!cookie.signer_keylist)
  1478         ERROR_OUT(NULL, PEP_OUT_OF_MEMORY, "signer_keylist");
  1479 
  1480     reader = pgp_reader_from_bytes((const uint8_t *) ctext, csize);
  1481     if (! reader)
  1482         ERROR_OUT(NULL, PEP_OUT_OF_MEMORY, "Creating reader");
  1483 
  1484     writer = pgp_writer_alloc((void **) ptext, psize);
  1485     if (! writer)
  1486         ERROR_OUT(NULL, PEP_UNKNOWN_ERROR, "Creating writer");
  1487 
  1488     pgp_error_t err = NULL;
  1489     decryptor = pgp_decryptor_new(&err, reader,
  1490                                   get_public_keys_cb, decrypt_cb,
  1491                                   check_signatures_cb, inspect_cb,
  1492                                   &cookie, 0);
  1493     if (! decryptor)
  1494         ERROR_OUT(err, PEP_DECRYPT_NO_KEY, "pgp_decryptor_new");
  1495 
  1496     // Copy 128 MB at a time.
  1497     ssize_t nread;
  1498     while ((nread = pgp_reader_copy (&err, decryptor, writer,
  1499                                      128 * 1024 * 1024) > 0))
  1500         ;
  1501     if (nread < 0)
  1502         ERROR_OUT(err, PEP_UNKNOWN_ERROR, "pgp_reader_read");
  1503 
  1504     // Add a terminating NUL for naive users
  1505     pgp_writer_write(&err, writer, (const uint8_t *) &""[0], 1);
  1506 
  1507     if (! cookie.decrypted)
  1508         ERROR_OUT(err, PEP_DECRYPT_NO_KEY, "Decryption failed");
  1509 
  1510     if (! cookie.signer_keylist) {
  1511         cookie.signer_keylist = new_stringlist("");
  1512         if (! cookie.signer_keylist)
  1513             ERROR_OUT(NULL, PEP_OUT_OF_MEMORY, "cookie.signer_keylist");
  1514     }
  1515     if (!cookie.signer_keylist->value)
  1516         stringlist_add(cookie.signer_keylist, "");
  1517 
  1518     *keylist = cookie.signer_keylist;
  1519     stringlist_append(*keylist, cookie.recipient_keylist);
  1520 
  1521     if (filename_ptr)
  1522         *filename_ptr = cookie.filename;
  1523 
  1524  out:
  1525     if (status == PEP_STATUS_OK) {
  1526         // **********************************
  1527         // Sync changes with pgp_verify_text.
  1528         // **********************************
  1529 
  1530         if (cookie.good_checksums) {
  1531             // If there is at least one signature that we can verify,
  1532             // succeed.
  1533             status = PEP_DECRYPTED_AND_VERIFIED;
  1534         } else if (cookie.good_but_revoked) {
  1535             // If there are any signatures from revoked keys, fail.
  1536             status = PEP_DECRYPT_SIGNATURE_DOES_NOT_MATCH;
  1537         } else if (cookie.bad_checksums) {
  1538             // If there are any bad signatures, fail.
  1539             status = PEP_DECRYPT_SIGNATURE_DOES_NOT_MATCH;
  1540         } else if (cookie.good_but_expired) {
  1541             // If there are any signatures from expired keys, fail.
  1542             status = PEP_DECRYPTED;
  1543         } else {
  1544             // We couldn't verify any signatures (possibly because we
  1545             // don't have the keys).
  1546             status = PEP_DECRYPTED;
  1547         }
  1548     } else {
  1549         free_stringlist(cookie.recipient_keylist);
  1550         free_stringlist(cookie.signer_keylist);
  1551         free(cookie.filename);
  1552         free(*ptext);
  1553     }
  1554 
  1555     if (reader)
  1556         pgp_reader_free(reader);
  1557     if (decryptor)
  1558         pgp_reader_free(decryptor);
  1559     if (writer)
  1560         pgp_writer_free(writer);
  1561 
  1562     T("-> %s", pEp_status_to_string(status));
  1563     return status;
  1564 }
  1565 
  1566 PEP_STATUS pgp_verify_text(
  1567     PEP_SESSION session, const char *text, size_t size,
  1568     const char *signature, size_t sig_size, stringlist_t **keylist)
  1569 {
  1570     PEP_STATUS status = PEP_STATUS_OK;
  1571     pgp_error_t err = NULL;
  1572     struct decrypt_cookie cookie = { session, 0, NULL, NULL, 0, 0, 0, };
  1573     pgp_reader_t reader = NULL;
  1574     pgp_reader_t dsig_reader = NULL;
  1575     pgp_reader_t verifier = NULL;
  1576 
  1577     if (size == 0 || sig_size == 0)
  1578         return PEP_DECRYPT_WRONG_FORMAT;
  1579 
  1580     cookie.recipient_keylist = new_stringlist(NULL);
  1581     if (!cookie.recipient_keylist)
  1582         ERROR_OUT(NULL, PEP_OUT_OF_MEMORY, "out of memory");
  1583 
  1584     cookie.signer_keylist = new_stringlist(NULL);
  1585     if (!cookie.signer_keylist)
  1586         ERROR_OUT(NULL, PEP_OUT_OF_MEMORY, "out of memory");
  1587 
  1588     reader = pgp_reader_from_bytes((const uint8_t *) text, size);
  1589     if (! reader)
  1590         ERROR_OUT(NULL, PEP_OUT_OF_MEMORY, "Creating reader");
  1591 
  1592     dsig_reader = NULL;
  1593     if (signature) {
  1594         dsig_reader = pgp_reader_from_bytes((uint8_t *) signature, sig_size);
  1595         if (! dsig_reader)
  1596             ERROR_OUT(NULL, PEP_OUT_OF_MEMORY, "Creating signature reader");
  1597     }
  1598 
  1599     if (dsig_reader)
  1600         verifier = pgp_detached_verifier_new(&err, dsig_reader, reader,
  1601                                              get_public_keys_cb,
  1602                                              check_signatures_cb,
  1603                                              &cookie, 0);
  1604     else
  1605         verifier = pgp_verifier_new(&err, reader,
  1606                                     get_public_keys_cb,
  1607                                     check_signatures_cb,
  1608                                     &cookie, 0);
  1609     if (! verifier)
  1610         ERROR_OUT(err, PEP_UNKNOWN_ERROR, "Creating verifier");
  1611     if (pgp_reader_discard(&err, verifier) < 0)
  1612         ERROR_OUT(err, PEP_UNKNOWN_ERROR, "verifier");
  1613 
  1614     if (! cookie.signer_keylist) {
  1615         cookie.signer_keylist = new_stringlist("");
  1616         if (! cookie.signer_keylist)
  1617             ERROR_OUT(NULL, PEP_OUT_OF_MEMORY, "cookie.signer_keylist");
  1618     }
  1619     if (!cookie.signer_keylist->value)
  1620         stringlist_add(cookie.signer_keylist, "");
  1621 
  1622     *keylist = cookie.signer_keylist;
  1623     stringlist_append(*keylist, cookie.recipient_keylist);
  1624 
  1625  out:
  1626     if (status == PEP_STATUS_OK) {
  1627         // *****************************************
  1628         // Sync changes with pgp_decrypt_and_verify.
  1629         // *****************************************
  1630 
  1631         if (cookie.good_but_expired) {
  1632             // If there are any signatures from expired keys, fail.
  1633             status = PEP_UNENCRYPTED;
  1634         } else if (cookie.good_but_revoked) {
  1635             // If there are any signatures from revoked keys, fail.
  1636             status = PEP_DECRYPT_SIGNATURE_DOES_NOT_MATCH;
  1637         } else if (cookie.bad_checksums) {
  1638             // If there are any bad signatures, fail.
  1639             status = PEP_DECRYPT_SIGNATURE_DOES_NOT_MATCH;
  1640         } else if (cookie.good_checksums) {
  1641             // If there is at least one signature that we can verify,
  1642             // succeed.
  1643             status = PEP_VERIFIED;
  1644         } else {
  1645             // We couldn't verify any signatures (possibly because we
  1646             // don't have the keys).
  1647             status = PEP_UNENCRYPTED;
  1648         }
  1649     } else {
  1650         free_stringlist(cookie.recipient_keylist);
  1651         free_stringlist(cookie.signer_keylist);
  1652     }
  1653 
  1654     if (verifier)
  1655         pgp_reader_free(verifier);
  1656     if (reader)
  1657         pgp_reader_free(reader);
  1658     if (dsig_reader)
  1659         pgp_reader_free(dsig_reader);
  1660 
  1661     T("-> %s", pEp_status_to_string(status));
  1662     return status;
  1663 }
  1664 
  1665 
  1666 PEP_STATUS pgp_sign_only(
  1667     PEP_SESSION session, const char* fpr, const char *ptext,
  1668     size_t psize, char **stext, size_t *ssize)
  1669 {
  1670     assert(session);
  1671     assert(fpr && fpr[0]);
  1672     assert(ptext);
  1673     assert(psize);
  1674     assert(stext);
  1675     assert(ssize);
  1676     *stext = NULL;
  1677     *ssize = 0;
  1678 
  1679     PEP_STATUS status = PEP_STATUS_OK;
  1680     pgp_error_t err = NULL;
  1681     pgp_tpk_t signer_tpk = NULL;
  1682     pgp_tpk_key_iter_t iter = NULL;
  1683     pgp_key_pair_t signing_keypair = NULL;
  1684     pgp_signer_t signer = NULL;
  1685     pgp_writer_stack_t ws = NULL;
  1686 
  1687     status = tpk_find_by_fpr_hex(session, fpr, true, &signer_tpk, NULL);
  1688     ERROR_OUT(NULL, status, "Looking up key '%s'", fpr);
  1689 
  1690     iter = pgp_tpk_key_iter_valid(signer_tpk);
  1691     pgp_tpk_key_iter_signing_capable (iter);
  1692     pgp_tpk_key_iter_unencrypted_secret (iter, true);
  1693 
  1694     // If there are multiple signing capable subkeys, we just take
  1695     // the first one, whichever one that happens to be.
  1696     pgp_key_t key = pgp_tpk_key_iter_next (iter, NULL, NULL);
  1697     if (! key)
  1698         ERROR_OUT (err, PEP_UNKNOWN_ERROR,
  1699                    "%s has no signing capable key", fpr);
  1700 
  1701     signing_keypair = pgp_key_into_key_pair (NULL, pgp_key_clone (key));
  1702     if (! signing_keypair)
  1703         ERROR_OUT (err, PEP_UNKNOWN_ERROR, "Creating a keypair");
  1704 
  1705     signer = pgp_key_pair_as_signer (signing_keypair);
  1706     if (! signer)
  1707         ERROR_OUT (err, PEP_UNKNOWN_ERROR, "Creating a signer");
  1708 
  1709 
  1710     pgp_writer_t writer = pgp_writer_alloc((void **) stext, ssize);
  1711     writer = pgp_armor_writer_new(&err, writer,
  1712                                   PGP_ARMOR_KIND_MESSAGE, NULL, 0);
  1713     if (!writer)
  1714         ERROR_OUT(err, PEP_UNKNOWN_ERROR, "Setting up armor writer");
  1715 
  1716     ws = pgp_writer_stack_message(writer);
  1717 
  1718     ws = pgp_signer_new_detached(&err, ws, &signer, 1, 0);
  1719     if (!ws)
  1720         ERROR_OUT(err, PEP_UNKNOWN_ERROR, "Setting up signer");
  1721 
  1722     pgp_status_t write_status =
  1723         pgp_writer_stack_write_all (&err, ws,
  1724                                     (uint8_t *) ptext, psize);
  1725     if (write_status != 0)
  1726         ERROR_OUT(err, PEP_UNKNOWN_ERROR, "Encrypting message");
  1727 
  1728     pgp_status_t pgp_status = pgp_writer_stack_finalize (&err, ws);
  1729     ws = NULL;
  1730     if (pgp_status != 0)
  1731         ERROR_OUT(err, PEP_UNKNOWN_ERROR, "Flushing writer");
  1732 
  1733     // Add a terminating NUL for naive users
  1734     void *t = realloc(*stext, *ssize + 1);
  1735     if (! t)
  1736         ERROR_OUT(NULL, PEP_OUT_OF_MEMORY, "out of memory");
  1737     *stext = t;
  1738     (*stext)[*ssize] = 0;
  1739 
  1740  out:
  1741     if (signer)
  1742         pgp_signer_free (signer);
  1743     if (signing_keypair)
  1744         pgp_key_pair_free (signing_keypair);
  1745     if (iter)
  1746         pgp_tpk_key_iter_free (iter);
  1747     if (signer_tpk)
  1748         pgp_tpk_free(signer_tpk);
  1749 
  1750     T("(%s)-> %s", fpr, pEp_status_to_string(status));
  1751     return status;
  1752 }
  1753 
  1754 static PEP_STATUS pgp_encrypt_sign_optional(
  1755     PEP_SESSION session, const stringlist_t *keylist, const char *ptext,
  1756     size_t psize, char **ctext, size_t *csize, bool sign)
  1757 {
  1758     PEP_STATUS status = PEP_STATUS_OK;
  1759     pgp_error_t err = NULL;
  1760     int keys_count = 0;
  1761     pgp_tpk_t *keys = NULL;
  1762     pgp_tpk_t signer_tpk = NULL;
  1763     pgp_writer_stack_t ws = NULL;
  1764     pgp_tpk_key_iter_t iter = NULL;
  1765     pgp_key_pair_t signing_keypair = NULL;
  1766     pgp_signer_t signer = NULL;
  1767 
  1768     assert(session);
  1769     assert(keylist);
  1770     assert(ptext);
  1771     assert(psize);
  1772     assert(ctext);
  1773     assert(csize);
  1774 
  1775     *ctext = NULL;
  1776     *csize = 0;
  1777 
  1778     keys = calloc(stringlist_length(keylist), sizeof(*keys));
  1779     if (keys == NULL)
  1780         ERROR_OUT(NULL, PEP_OUT_OF_MEMORY, "out of memory");
  1781 
  1782     // Get the keys for the recipients.
  1783     const stringlist_t *_keylist;
  1784     for (_keylist = keylist; _keylist != NULL; _keylist = _keylist->next) {
  1785         assert(_keylist->value);
  1786         pgp_fingerprint_t pgp_fpr = pgp_fingerprint_from_hex(_keylist->value);
  1787         status = tpk_find_by_fpr(session, pgp_fpr, false, &keys[keys_count ++], NULL);
  1788         pgp_fingerprint_free(pgp_fpr);
  1789         ERROR_OUT(NULL, status, "Looking up key for recipient '%s'", _keylist->value);
  1790     }
  1791 
  1792     if (sign) {
  1793         // The first key in the keylist is the signer.
  1794         status = tpk_find_by_fpr_hex(session, keylist->value, true, &signer_tpk, NULL);
  1795         ERROR_OUT(NULL, status, "Looking up key for signing '%s'", keylist->value);
  1796     }
  1797 
  1798     pgp_writer_t writer = pgp_writer_alloc((void **) ctext, csize);
  1799     writer = pgp_armor_writer_new(&err, writer,
  1800                                   PGP_ARMOR_KIND_MESSAGE, NULL, 0);
  1801     if (!writer)
  1802         ERROR_OUT(err, PEP_UNKNOWN_ERROR, "Setting up armor writer");
  1803 
  1804     ws = pgp_writer_stack_message(writer);
  1805     ws = pgp_encryptor_new (&err, ws,
  1806                             NULL, 0, keys, keys_count,
  1807                             PGP_ENCRYPTION_MODE_FOR_TRANSPORT, 0);
  1808     if (!ws)
  1809         ERROR_OUT(err, PEP_UNKNOWN_ERROR, "Setting up encryptor");
  1810 
  1811     if (sign) {
  1812         iter = pgp_tpk_key_iter_valid(signer_tpk);
  1813         pgp_tpk_key_iter_signing_capable (iter);
  1814         pgp_tpk_key_iter_unencrypted_secret (iter, true);
  1815 
  1816         // If there are multiple signing capable subkeys, we just take
  1817         // the first one, whichever one that happens to be.
  1818         pgp_key_t key = pgp_tpk_key_iter_next (iter, NULL, NULL);
  1819         if (! key)
  1820             ERROR_OUT (err, PEP_UNKNOWN_ERROR,
  1821                        "%s has no signing capable key", keylist->value);
  1822 
  1823         signing_keypair = pgp_key_into_key_pair (NULL, pgp_key_clone (key));
  1824         if (! signing_keypair)
  1825             ERROR_OUT (err, PEP_UNKNOWN_ERROR, "Creating a keypair");
  1826 
  1827         signer = pgp_key_pair_as_signer (signing_keypair);
  1828         if (! signer)
  1829             ERROR_OUT (err, PEP_UNKNOWN_ERROR, "Creating a signer");
  1830 
  1831         ws = pgp_signer_new(&err, ws, &signer, 1, 0);
  1832         if (!ws)
  1833             ERROR_OUT(err, PEP_UNKNOWN_ERROR, "Setting up signer");
  1834     }
  1835 
  1836     ws = pgp_literal_writer_new (&err, ws);
  1837     if (!ws)
  1838         ERROR_OUT(err, PEP_UNKNOWN_ERROR, "Setting up literal writer");
  1839 
  1840     pgp_status_t write_status =
  1841         pgp_writer_stack_write_all (&err, ws,
  1842                                     (uint8_t *) ptext, psize);
  1843     if (write_status != 0)
  1844         ERROR_OUT(err, PEP_UNKNOWN_ERROR, "Encrypting message");
  1845 
  1846     pgp_status_t pgp_status = pgp_writer_stack_finalize (&err, ws);
  1847     ws = NULL;
  1848     if (pgp_status != 0)
  1849         ERROR_OUT(err, PEP_UNKNOWN_ERROR, "Flushing writer");
  1850 
  1851     // Add a terminating NUL for naive users
  1852     void *t = realloc(*ctext, *csize + 1);
  1853     if (! t) {
  1854         free(*ctext);
  1855         *ctext = NULL;
  1856         ERROR_OUT(NULL, PEP_OUT_OF_MEMORY, "out of memory");
  1857     }
  1858     *ctext = t;
  1859     (*ctext)[*csize] = 0;
  1860 
  1861  out:
  1862     if (signer)
  1863         pgp_signer_free (signer);
  1864     if (signing_keypair)
  1865         pgp_key_pair_free (signing_keypair);
  1866     if (iter)
  1867         pgp_tpk_key_iter_free (iter);
  1868     if (signer_tpk)
  1869         pgp_tpk_free(signer_tpk);
  1870 
  1871     for (int i = 0; i < keys_count; i ++)
  1872         pgp_tpk_free(keys[i]);
  1873     free(keys);
  1874 
  1875     T("-> %s", pEp_status_to_string(status));
  1876     return status;
  1877 }
  1878 
  1879 PEP_STATUS pgp_encrypt_only(
  1880     PEP_SESSION session, const stringlist_t *keylist, const char *ptext,
  1881     size_t psize, char **ctext, size_t *csize)
  1882 {
  1883     return pgp_encrypt_sign_optional(session, keylist, ptext,
  1884         psize, ctext, csize, false);
  1885 }
  1886 
  1887 PEP_STATUS pgp_encrypt_and_sign(
  1888     PEP_SESSION session, const stringlist_t *keylist, const char *ptext,
  1889     size_t psize, char **ctext, size_t *csize)
  1890 {
  1891     return pgp_encrypt_sign_optional(session, keylist, ptext,
  1892         psize, ctext, csize, true);
  1893 }
  1894 
  1895 
  1896 PEP_STATUS pgp_generate_keypair(PEP_SESSION session, pEp_identity *identity)
  1897 {
  1898     PEP_STATUS status = PEP_STATUS_OK;
  1899     pgp_error_t err = NULL;
  1900     pgp_packet_t userid_packet = NULL;
  1901     char *userid = NULL;
  1902     pgp_tpk_t tpk = NULL;
  1903     pgp_fingerprint_t pgp_fpr = NULL;
  1904     char *fpr = NULL;
  1905 
  1906     assert(session);
  1907     assert(identity);
  1908     assert(identity->address);
  1909     assert(identity->fpr == NULL || identity->fpr[0] == 0);
  1910     assert(identity->username);
  1911 
  1912     userid_packet = pgp_user_id_from_unchecked_address(&err,
  1913                                                        identity->username, NULL,
  1914                                                        identity->address);
  1915     if (!userid_packet)
  1916         ERROR_OUT(err, PEP_UNKNOWN_ERROR, "pgp_user_id_from_other_address");
  1917 
  1918     size_t userid_len = 0;
  1919     const uint8_t *raw = pgp_user_id_value(userid_packet, &userid_len);
  1920 
  1921     // Null terminate it.
  1922     userid = malloc(userid_len + 1);
  1923     if (!userid)
  1924         ERROR_OUT(NULL, PEP_OUT_OF_MEMORY, "out of memory");
  1925 
  1926     memcpy(userid, raw, userid_len);
  1927     userid[userid_len] = 0;
  1928 
  1929     T("(%s)", userid);
  1930 
  1931     // Generate a key.
  1932     pgp_tpk_builder_t tpkb = pgp_tpk_builder_general_purpose(
  1933         cipher_suite(session->cipher_suite), userid);
  1934     pgp_signature_t rev;
  1935     if (pgp_tpk_builder_generate(&err, tpkb, &tpk, &rev))
  1936         ERROR_OUT(err, PEP_CANNOT_CREATE_KEY, "Generating a key pair");
  1937 
  1938     // XXX: We should return this.
  1939     pgp_signature_free(rev);
  1940 
  1941     // Get the fingerprint.
  1942     pgp_fpr = pgp_tpk_fingerprint(tpk);
  1943     fpr = pgp_fingerprint_to_hex(pgp_fpr);
  1944 
  1945     status = tpk_save(session, tpk, NULL);
  1946     tpk = NULL;
  1947     if (status != 0)
  1948         ERROR_OUT(NULL, PEP_CANNOT_CREATE_KEY, "saving TSK");
  1949 
  1950     free(identity->fpr);
  1951     identity->fpr = fpr;
  1952     fpr = NULL;
  1953 
  1954  out:
  1955     if (pgp_fpr)
  1956         pgp_fingerprint_free(pgp_fpr);
  1957     free(fpr);
  1958     if (tpk)
  1959         pgp_tpk_free(tpk);
  1960     free(userid);
  1961     if (userid_packet)
  1962         pgp_packet_free(userid_packet);
  1963 
  1964     T("-> %s", pEp_status_to_string(status));
  1965     return status;
  1966 }
  1967 
  1968 PEP_STATUS pgp_delete_keypair(PEP_SESSION session, const char *fpr_raw)
  1969 {
  1970     PEP_STATUS status = PEP_STATUS_OK;
  1971 
  1972     assert(session && fpr_raw && fpr_raw[0]);
  1973     if (!(session && fpr_raw && fpr_raw[0]))
  1974         ERROR_OUT(NULL, PEP_ILLEGAL_VALUE, "invalid arguments");
  1975 
  1976     char *fpr = pgp_fingerprint_canonicalize(fpr_raw);
  1977     if (! fpr)
  1978         ERROR_OUT(NULL, PEP_OUT_OF_MEMORY, "out of memory");
  1979 
  1980     tpk_cache_clear();
  1981 
  1982     T("Deleting %s", fpr);
  1983 
  1984     sqlite3_stmt *stmt = session->sq_sql.delete_keypair;
  1985     sqlite3_bind_text(stmt, 1, fpr, -1, free);
  1986 
  1987     int sqlite_result = Sqlite3_step(stmt);
  1988     sqlite3_reset(stmt);
  1989     if (sqlite_result != SQLITE_DONE)
  1990         ERROR_OUT(NULL, PEP_CANNOT_DELETE_KEY,
  1991                   "deletion failed: %s", sqlite3_errmsg(session->key_db));
  1992 
  1993     sqlite_result = sqlite3_changes(session->key_db);
  1994     assert(sqlite_result >= 0 && sqlite_result < 2);
  1995     if (sqlite_result < 1)
  1996         ERROR_OUT(NULL, PEP_KEY_NOT_FOUND,
  1997                   "attempt to delete non-existent key: %s", fpr_raw);
  1998 
  1999  out:
  2000     return status;
  2001 }
  2002 
  2003 PEP_STATUS pgp_import_keydata(PEP_SESSION session, const char *key_data,
  2004                               size_t size, identity_list **private_idents)
  2005 {
  2006     PEP_STATUS status = PEP_NO_KEY_IMPORTED;
  2007     pgp_error_t err;
  2008     pgp_tpk_parser_t parser = NULL;
  2009 
  2010     if (private_idents)
  2011         *private_idents = NULL;
  2012 
  2013     tpk_cache_clear();
  2014 
  2015     T("parsing %zd bytes", size);
  2016 
  2017     pgp_packet_parser_result_t ppr
  2018         = pgp_packet_parser_from_bytes(&err, (uint8_t *) key_data, size);
  2019     if (! ppr)
  2020         ERROR_OUT(err, PEP_UNKNOWN_ERROR, "Creating packet parser");
  2021 
  2022     pgp_tag_t tag = pgp_packet_parser_result_tag(ppr);
  2023     switch (tag) {
  2024     case PGP_TAG_SIGNATURE: {
  2025         // The following asserts can't fail, because
  2026         // pgp_packet_parser_result_tag succeeded and the tag is
  2027         // right.
  2028         pgp_packet_parser_t pp = pgp_packet_parser_result_packet_parser (ppr);
  2029         assert(pp);
  2030 
  2031         pgp_packet_t packet = NULL;
  2032         if (pgp_packet_parser_next(&err, pp, &packet, &ppr))
  2033             ERROR_OUT(err, PEP_UNKNOWN_ERROR, "Getting signature packet");
  2034 
  2035         pgp_signature_t sig = pgp_packet_ref_signature (packet);
  2036         assert(sig);
  2037 
  2038         pgp_tpk_t tpk = NULL;
  2039 
  2040         pgp_fingerprint_t issuer_fpr = pgp_signature_issuer_fingerprint(sig);
  2041         if (issuer_fpr) {
  2042             char *issuer_fpr_hex = pgp_fingerprint_to_hex(issuer_fpr);
  2043             T("Importing a signature issued by %s", issuer_fpr_hex);
  2044 
  2045             status = tpk_find_by_fpr_hex(session, issuer_fpr_hex,
  2046                                          false, &tpk, NULL);
  2047             if (status && status != PEP_KEY_NOT_FOUND)
  2048                 DUMP_ERR(NULL, status, "Looking up %s", issuer_fpr_hex);
  2049 
  2050             free(issuer_fpr_hex);
  2051             pgp_fingerprint_free(issuer_fpr);
  2052         }
  2053 
  2054         if (! tpk) {
  2055             pgp_keyid_t issuer = pgp_signature_issuer(sig);
  2056             if (issuer) {
  2057                 char *issuer_hex = pgp_keyid_to_hex(issuer);
  2058                 T("Importing a signature issued by %s", issuer_hex);
  2059 
  2060                 status = tpk_find_by_keyid_hex(session, issuer_hex,
  2061                                                false, &tpk, NULL);
  2062                 if (status && status != PEP_KEY_NOT_FOUND)
  2063                     DUMP_ERR(NULL, status, "Looking up %s", issuer_hex);
  2064 
  2065                 free(issuer_hex);
  2066                 pgp_keyid_free(issuer);
  2067             }
  2068         }
  2069 
  2070         // We need a packet.  sig is only a reference, so we just need
  2071         // to free it.
  2072         pgp_signature_free(sig);
  2073 
  2074         if (tpk) {
  2075             T("Merging packet: %s", pgp_packet_debug(packet));
  2076 
  2077             tpk = pgp_tpk_merge_packets (&err, tpk, &packet, 1);
  2078             if (! tpk)
  2079                 ERROR_OUT(err, PEP_UNKNOWN_ERROR, "Merging signature");
  2080 
  2081             status = tpk_save(session, tpk, NULL);
  2082             if (status)
  2083                 ERROR_OUT(NULL, status, "saving merged TPK");
  2084             status = PEP_KEY_IMPORTED;
  2085         }
  2086         break;
  2087     }
  2088     case PGP_TAG_PUBLIC_KEY:
  2089     case PGP_TAG_SECRET_KEY: {
  2090         parser = pgp_tpk_parser_from_packet_parser(ppr);
  2091         pgp_tpk_t tpk;
  2092         int count = 0;
  2093         err = NULL;
  2094         while ((tpk = pgp_tpk_parser_next(&err, parser))) {
  2095             count ++;
  2096 
  2097             T("#%d. TPK for %s, %s",
  2098               count, pgp_tpk_primary_user_id(tpk),
  2099               pgp_fingerprint_to_hex(pgp_tpk_fingerprint(tpk)));
  2100 
  2101             // If private_idents is not NULL and there is any private key
  2102             // material, it will be saved.
  2103             status = tpk_save(session, tpk, private_idents);
  2104             if (status == PEP_STATUS_OK)
  2105                 status = PEP_KEY_IMPORTED;
  2106             else
  2107                 ERROR_OUT(NULL, status, "saving TPK");
  2108         }
  2109         if (err || count == 0)
  2110             ERROR_OUT(err, PEP_UNKNOWN_ERROR, "parsing key data");
  2111         break;
  2112     }
  2113     default:
  2114         ERROR_OUT(NULL, PEP_NO_KEY_IMPORTED,
  2115                   "Can't import %s", pgp_tag_to_string(tag));
  2116         break;
  2117     }
  2118 
  2119  out:
  2120     if (parser)
  2121         pgp_tpk_parser_free(parser);
  2122 
  2123     T("-> %s", pEp_status_to_string(status));
  2124     return status;
  2125 }
  2126 
  2127 PEP_STATUS pgp_export_keydata(
  2128         PEP_SESSION session, const char *fpr, char **key_data, size_t *size,
  2129         bool secret)
  2130 {
  2131     PEP_STATUS status = PEP_STATUS_OK;
  2132     pgp_error_t err = NULL;
  2133     pgp_tpk_t tpk = NULL;
  2134     pgp_writer_t armor_writer = NULL;
  2135     pgp_writer_t memory_writer = NULL;
  2136 
  2137     assert(session);
  2138     assert(fpr);
  2139     assert(key_data);
  2140     assert(*key_data == NULL);
  2141     assert(size);
  2142 
  2143     *size = 0;
  2144 
  2145     T("(%s, %s)", fpr, secret ? "secret" : "public");
  2146 
  2147     // If the caller asks for a secret key and we only have a
  2148     // public key, then we return an error.
  2149     status = tpk_find_by_fpr_hex(session, fpr, secret, &tpk, NULL);
  2150     ERROR_OUT(NULL, status, "Looking up TSK for %s", fpr);
  2151 
  2152     memory_writer = pgp_writer_alloc((void **) key_data, size);
  2153     if (! memory_writer)
  2154         ERROR_OUT(NULL, PEP_UNKNOWN_ERROR, "creating memory writer");
  2155     armor_writer = pgp_armor_writer_new(&err, memory_writer,
  2156                                         PGP_ARMOR_KIND_PUBLICKEY, NULL, 0);
  2157     if (! armor_writer) {
  2158         ERROR_OUT(err, PEP_UNKNOWN_ERROR, "creating armored writer");
  2159     }
  2160 
  2161     if (secret) {
  2162         pgp_tsk_t tsk = pgp_tpk_as_tsk(tpk);
  2163         if (pgp_tsk_serialize(&err, tsk, armor_writer))
  2164             ERROR_OUT(err, PEP_UNKNOWN_ERROR, "serializing TSK");
  2165         pgp_tsk_free(tsk);
  2166     } else {
  2167         if (pgp_tpk_serialize(&err, tpk, armor_writer))
  2168             ERROR_OUT(err, PEP_UNKNOWN_ERROR, "serializing TPK");
  2169     }
  2170 
  2171  out:
  2172     if (armor_writer)
  2173         pgp_writer_free(armor_writer);
  2174 
  2175     if (memory_writer) {
  2176         if (status == PEP_STATUS_OK) {
  2177             // Add a trailing NUL.
  2178             pgp_writer_write(NULL, memory_writer, (const uint8_t *) "", 1);
  2179         }
  2180 
  2181         pgp_writer_free(memory_writer);
  2182     }
  2183 
  2184     if (tpk)
  2185         pgp_tpk_free(tpk);
  2186 
  2187     (*size)--;  // Sequoia is delivering the 0 byte at the end with size, but
  2188                 // pEp is expecting it without
  2189     T("(%s) -> %s", fpr, pEp_status_to_string(status));
  2190     return status;
  2191 }
  2192 
  2193 char* _undot_address(const char* address) {
  2194     if (!address)
  2195         return NULL;
  2196 
  2197     int addr_len = strlen(address);
  2198     const char* at = strstr(address, "@");
  2199 
  2200     if (!at)
  2201         at = address + addr_len;
  2202 
  2203     char* retval = calloc(1, addr_len + 1);
  2204 
  2205     const char* addr_curr = address;
  2206     char* retval_curr = retval;
  2207 
  2208     while (addr_curr < at) {
  2209         if (*addr_curr == '.') {
  2210             addr_curr++;
  2211             continue;
  2212         }
  2213         *retval_curr = *addr_curr;
  2214         retval_curr++;
  2215         addr_curr++;
  2216     }
  2217     if (*addr_curr == '@')
  2218         strcat(retval_curr, addr_curr);
  2219 
  2220     return retval;
  2221 }
  2222 
  2223 static stringpair_list_t *add_key(PEP_SESSION session,
  2224                                   stringpair_list_t *keyinfo_list,
  2225                                   stringlist_t* keylist,
  2226                                   pgp_tpk_t tpk, pgp_fingerprint_t fpr) {
  2227     bool revoked = false;
  2228     // Don't add revoked keys to the keyinfo_list.
  2229     if (keyinfo_list) {
  2230         pgp_revocation_status_t rs = pgp_tpk_revocation_status(tpk);
  2231         pgp_revocation_status_variant_t rsv = pgp_revocation_status_variant(rs);
  2232         pgp_revocation_status_free(rs);
  2233         if (rsv == PGP_REVOCATION_STATUS_REVOKED)
  2234             revoked = true;
  2235     }
  2236 
  2237     if (revoked && ! keylist)
  2238         return keyinfo_list;
  2239 
  2240     int dealloc_fpr = 0;
  2241     if (!fpr) {
  2242         dealloc_fpr = 1;
  2243         fpr = pgp_tpk_fingerprint(tpk);
  2244     }
  2245     char *fpr_str = pgp_fingerprint_to_hex(fpr);
  2246 
  2247     if (!revoked && keyinfo_list) {
  2248         char *user_id = pgp_tpk_primary_user_id(tpk);
  2249         if (user_id)
  2250             keyinfo_list = stringpair_list_add(keyinfo_list,
  2251                                                new_stringpair(fpr_str, user_id));
  2252         free(user_id);
  2253     }
  2254 
  2255     if (keylist)
  2256         keylist = stringlist_add(keylist, fpr_str);
  2257 
  2258     free(fpr_str);
  2259     if (dealloc_fpr)
  2260         pgp_fingerprint_free(fpr);
  2261 
  2262     return keyinfo_list;
  2263 }
  2264 
  2265 static PEP_STATUS list_keys(PEP_SESSION session,
  2266                             const char* pattern, int private_only,
  2267                             stringpair_list_t** keyinfo_list, stringlist_t** keylist)
  2268 {
  2269     PEP_STATUS status = PEP_STATUS_OK;
  2270     pgp_tpk_t tpk = NULL;
  2271     pgp_fingerprint_t fpr = NULL;
  2272 
  2273     T("('%s', private: %d)", pattern, private_only);
  2274 
  2275     stringpair_list_t* _keyinfo_list = NULL;
  2276     if (keyinfo_list) {
  2277         _keyinfo_list = new_stringpair_list(NULL);
  2278         if (!_keyinfo_list)
  2279             ERROR_OUT(NULL, PEP_OUT_OF_MEMORY, "new_stringpair_list");
  2280     }
  2281     stringlist_t* _keylist = NULL;
  2282     if (keylist) {
  2283         _keylist = new_stringlist(NULL);
  2284         if (!_keylist)
  2285             ERROR_OUT(NULL, PEP_OUT_OF_MEMORY, "new_string_list");
  2286     }
  2287 
  2288     // Trim any leading space.  This also makes it easier to recognize
  2289     // a string that is only whitespace.
  2290     while (*pattern == ' ')
  2291         pattern ++;
  2292 
  2293     if (strchr(pattern, '@')) {
  2294         // Looks like a mailbox.
  2295         pgp_tpk_t *tpks = NULL;
  2296         int count = 0;
  2297         status = tpk_find_by_email(session, pattern, private_only, &tpks, &count);
  2298         ERROR_OUT(NULL, status, "Looking up '%s'", pattern);
  2299         for (int i = 0; i < count; i ++) {
  2300             add_key(session, _keyinfo_list, _keylist, tpks[i], NULL);
  2301             pgp_tpk_free(tpks[i]);
  2302         }
  2303         free(tpks);
  2304 
  2305         if (count == 0) {
  2306             // If match failed, check to see if we've got a dotted
  2307             // address in the pattern.  If so, try again without dots.
  2308             const char* dotpos = strstr(pattern, ".");
  2309             const char* atpos = strstr(pattern, "@");
  2310             if (dotpos && atpos && (dotpos < atpos)) {
  2311                 char* undotted = _undot_address(pattern);
  2312                 if (undotted) {
  2313                     PEP_STATUS status = list_keys(session, undotted, private_only,
  2314                                                   keyinfo_list, keylist);
  2315                     free(undotted);
  2316                     return status;
  2317                 }
  2318             }
  2319         }
  2320     } else if (// Only hex characters and spaces
  2321                pattern[strspn(pattern, "0123456789aAbBcCdDeEfF ")] == 0
  2322                // And a fair amount of them.
  2323                && strlen(pattern) >= 16) {
  2324         // Fingerprint.  Note: the pep engine never looks keys up by
  2325         // keyid, so we don't handle them.
  2326         fpr = pgp_fingerprint_from_hex(pattern);
  2327         status = tpk_find_by_fpr(session, fpr, false, &tpk, NULL);
  2328         ERROR_OUT(NULL, status, "Looking up key");
  2329         add_key(session, _keyinfo_list, _keylist, tpk, fpr);
  2330     } else if (pattern[0] == 0) {
  2331         // Empty string.
  2332 
  2333         pgp_tpk_t *tpks = NULL;
  2334         int count = 0;
  2335         status = tpk_all(session, private_only, &tpks, &count);
  2336         ERROR_OUT(NULL, status, "Looking up '%s'", pattern);
  2337         for (int i = 0; i < count; i ++) {
  2338             add_key(session, _keyinfo_list, _keylist, tpks[i], NULL);
  2339             pgp_tpk_free(tpks[i]);
  2340         }
  2341         free(tpks);
  2342     } else {
  2343         T("unsupported pattern '%s'", pattern);
  2344     }
  2345 
  2346  out:
  2347     if (tpk)
  2348         pgp_tpk_free(tpk);
  2349     if (fpr)
  2350         pgp_fingerprint_free(fpr);
  2351 
  2352     if (status == PEP_KEY_NOT_FOUND)
  2353         status = PEP_STATUS_OK;
  2354 
  2355     if (status != PEP_STATUS_OK || (_keyinfo_list && !_keyinfo_list->value)) {
  2356         free_stringpair_list(_keyinfo_list);
  2357         _keyinfo_list = NULL;
  2358     }
  2359     if (keyinfo_list)
  2360         *keyinfo_list = _keyinfo_list;
  2361 
  2362     if (status != PEP_STATUS_OK || (_keylist && !_keylist->value)) {
  2363         free_stringlist(_keylist);
  2364         _keylist = NULL;
  2365     }
  2366     if (keylist)
  2367         *keylist = _keylist;
  2368 
  2369     int len = -1;
  2370     if (keylist)
  2371         len = stringlist_length(*keylist);
  2372     else if (keyinfo_list)
  2373         len = stringpair_list_length(*keyinfo_list);
  2374     T("(%s) -> %s (%d keys)", pattern, pEp_status_to_string(status), len);
  2375     return status;
  2376 }
  2377 
  2378 // pattern could be empty, an fpr, or a mailbox.
  2379 //
  2380 // keyinfo_list is a list of <fpr, openpgp userid> tuples for the
  2381 // matching keys.
  2382 //
  2383 // This function filters out revoked key, but not expired keys.
  2384 PEP_STATUS pgp_list_keyinfo(PEP_SESSION session,
  2385                             const char* pattern,
  2386                             stringpair_list_t** keyinfo_list)
  2387 {
  2388     return list_keys(session, pattern, false, keyinfo_list, NULL);
  2389 }
  2390 
  2391 PEP_STATUS pgp_recv_key(PEP_SESSION session, const char *pattern)
  2392 {
  2393     assert(!"pgp_recv_key not implemented");
  2394     return PEP_UNKNOWN_ERROR;
  2395 }
  2396 
  2397 // Unlike pgp_list_keyinfo, this function returns revoked keys.
  2398 PEP_STATUS pgp_find_keys(
  2399     PEP_SESSION session, const char *pattern, stringlist_t **keylist)
  2400 {
  2401     return list_keys(session, pattern, false, NULL, keylist);
  2402 }
  2403 
  2404 // Unlike pgp_list_keyinfo, this function returns revoked keys.
  2405 PEP_STATUS pgp_find_private_keys(
  2406     PEP_SESSION session, const char *pattern, stringlist_t **keylist)
  2407 {
  2408     return list_keys(session, pattern, true, NULL, keylist);
  2409 }
  2410 
  2411 PEP_STATUS pgp_send_key(PEP_SESSION session, const char *pattern)
  2412 {
  2413     assert(!"pgp_send_key not implemented");
  2414     return PEP_UNKNOWN_ERROR;
  2415 }
  2416 
  2417 PEP_STATUS pgp_get_key_rating(
  2418     PEP_SESSION session, const char *fpr, PEP_comm_type *comm_type)
  2419 {
  2420     PEP_STATUS status = PEP_STATUS_OK;
  2421     pgp_tpk_t tpk = NULL;
  2422 
  2423     assert(session);
  2424     assert(fpr);
  2425     assert(comm_type);
  2426 
  2427     *comm_type = PEP_ct_unknown;
  2428 
  2429     pgp_fingerprint_t pgp_fpr = pgp_fingerprint_from_hex(fpr);
  2430     status = tpk_find_by_fpr(session, pgp_fpr, false, &tpk, NULL);
  2431     pgp_fingerprint_free(pgp_fpr);
  2432     ERROR_OUT(NULL, status, "Looking up key: %s", fpr);
  2433 
  2434     *comm_type = PEP_ct_OpenPGP_unconfirmed;
  2435 
  2436     if (pgp_tpk_expired(tpk)) {
  2437         *comm_type = PEP_ct_key_expired;
  2438         goto out;
  2439     }
  2440 
  2441     pgp_revocation_status_t rs = pgp_tpk_revocation_status(tpk);
  2442     pgp_revocation_status_variant_t rsv = pgp_revocation_status_variant(rs);
  2443     pgp_revocation_status_free(rs);
  2444     if (rsv == PGP_REVOCATION_STATUS_REVOKED) {
  2445         *comm_type = PEP_ct_key_revoked;
  2446         goto out;
  2447     }
  2448 
  2449     PEP_comm_type best_enc = PEP_ct_no_encryption, best_sign = PEP_ct_no_encryption;
  2450     pgp_tpk_key_iter_t key_iter = pgp_tpk_key_iter_valid(tpk);
  2451     pgp_key_t key;
  2452     pgp_signature_t sig;
  2453     pgp_revocation_status_t rev;
  2454     while ((key = pgp_tpk_key_iter_next(key_iter, &sig, &rev))) {
  2455         if (! sig)
  2456             continue;
  2457 
  2458         PEP_comm_type curr = PEP_ct_no_encryption;
  2459 
  2460         int can_enc = pgp_signature_can_encrypt_for_transport(sig)
  2461             || pgp_signature_can_encrypt_at_rest(sig);
  2462         int can_sign = pgp_signature_can_sign(sig);
  2463 
  2464         pgp_public_key_algo_t pk_algo = pgp_key_public_key_algo(key);
  2465         if (pk_algo == PGP_PUBLIC_KEY_ALGO_RSA_ENCRYPT_SIGN
  2466             || pk_algo == PGP_PUBLIC_KEY_ALGO_RSA_ENCRYPT
  2467             || pk_algo == PGP_PUBLIC_KEY_ALGO_RSA_SIGN) {
  2468             int bits = pgp_key_public_key_bits(key);
  2469             if (bits < 1024)
  2470                 curr = PEP_ct_key_too_short;
  2471             else if (bits == 1024)
  2472                 curr = PEP_ct_OpenPGP_weak_unconfirmed;
  2473             else
  2474                 curr = PEP_ct_OpenPGP_unconfirmed;
  2475         } else {
  2476             curr = PEP_ct_OpenPGP_unconfirmed;
  2477         }
  2478 
  2479         if (can_enc)
  2480             best_enc = _MAX(best_enc, curr);
  2481 
  2482         if (can_sign)
  2483             best_sign = _MAX(best_sign, curr);
  2484     }
  2485     pgp_tpk_key_iter_free(key_iter);
  2486 
  2487     if (best_enc == PEP_ct_no_encryption || best_sign == PEP_ct_no_encryption) {
  2488         *comm_type = PEP_ct_key_b0rken;
  2489         goto out;
  2490     } else {
  2491         *comm_type = _MIN(best_enc, best_sign);
  2492     }
  2493 
  2494  out:
  2495     if (tpk)
  2496         pgp_tpk_free(tpk);
  2497 
  2498     T("(%s) -> %s", fpr, pEp_comm_type_to_string(*comm_type));
  2499     return status;
  2500 }
  2501 
  2502 
  2503 PEP_STATUS pgp_renew_key(
  2504     PEP_SESSION session, const char *fpr, const timestamp *ts)
  2505 {
  2506     PEP_STATUS status = PEP_STATUS_OK;
  2507     pgp_error_t err = NULL;
  2508     pgp_tpk_t tpk = NULL;
  2509     pgp_tpk_key_iter_t iter = NULL;
  2510     pgp_key_pair_t keypair = NULL;
  2511     pgp_signer_t signer = NULL;
  2512     time_t t = mktime((struct tm *) ts);
  2513 
  2514     T("(%s)", fpr);
  2515 
  2516     status = tpk_find_by_fpr_hex(session, fpr, true, &tpk, NULL);
  2517     ERROR_OUT(NULL, status, "Looking up '%s'", fpr);
  2518 
  2519     uint32_t creation_time = pgp_key_creation_time(pgp_tpk_primary(tpk));
  2520     if (creation_time > t)
  2521         // The creation time is after the expiration time!
  2522         ERROR_OUT(NULL, PEP_UNKNOWN_ERROR,
  2523                   "creation time can't be after expiration time");
  2524 
  2525     uint32_t delta = t - creation_time;
  2526 
  2527 
  2528     iter = pgp_tpk_key_iter_valid(tpk);
  2529     pgp_tpk_key_iter_certification_capable (iter);
  2530     pgp_tpk_key_iter_unencrypted_secret (iter, true);
  2531 
  2532     // If there are multiple certification capable subkeys, we just
  2533     // take the first one, whichever one that happens to be.
  2534     pgp_key_t key = pgp_tpk_key_iter_next (iter, NULL, NULL);
  2535     if (! key)
  2536         ERROR_OUT (err, PEP_UNKNOWN_ERROR,
  2537                    "%s has no usable certification capable key", fpr);
  2538 
  2539     keypair = pgp_key_into_key_pair (NULL, pgp_key_clone (key));
  2540     if (! keypair)
  2541         ERROR_OUT (err, PEP_UNKNOWN_ERROR, "Creating a keypair");
  2542 
  2543     signer = pgp_key_pair_as_signer (keypair);
  2544     if (! signer)
  2545         ERROR_OUT (err, PEP_UNKNOWN_ERROR, "Creating a signer");
  2546 
  2547     tpk = pgp_tpk_set_expiry(&err, tpk, signer, delta);
  2548     if (! tpk)
  2549         ERROR_OUT(err, PEP_UNKNOWN_ERROR, "setting expiration");
  2550 
  2551     status = tpk_save(session, tpk, NULL);
  2552     tpk = NULL;
  2553     ERROR_OUT(NULL, status, "Saving %s", fpr);
  2554 
  2555  out:
  2556     if (signer)
  2557         pgp_signer_free (signer);
  2558     if (keypair)
  2559         pgp_key_pair_free (keypair);
  2560     if (iter)
  2561         pgp_tpk_key_iter_free (iter);
  2562     if (tpk)
  2563         pgp_tpk_free(tpk);
  2564 
  2565     T("(%s) -> %s", fpr, pEp_status_to_string(status));
  2566     return status;
  2567 }
  2568 
  2569 PEP_STATUS pgp_revoke_key(
  2570     PEP_SESSION session, const char *fpr, const char *reason)
  2571 {
  2572     PEP_STATUS status = PEP_STATUS_OK;
  2573     pgp_error_t err = NULL;
  2574     pgp_tpk_t tpk = NULL;
  2575     pgp_tpk_key_iter_t iter = NULL;
  2576     pgp_key_pair_t keypair = NULL;
  2577     pgp_signer_t signer = NULL;
  2578 
  2579     T("(%s)", fpr);
  2580 
  2581     status = tpk_find_by_fpr_hex(session, fpr, true, &tpk, NULL);
  2582     ERROR_OUT(NULL, status, "Looking up %s", fpr);
  2583 
  2584     iter = pgp_tpk_key_iter_valid(tpk);
  2585     pgp_tpk_key_iter_certification_capable (iter);
  2586     pgp_tpk_key_iter_unencrypted_secret (iter, true);
  2587 
  2588     // If there are multiple certification capable subkeys, we just
  2589     // take the first one, whichever one that happens to be.
  2590     pgp_key_t key = pgp_tpk_key_iter_next (iter, NULL, NULL);
  2591     if (! key)
  2592         ERROR_OUT (err, PEP_UNKNOWN_ERROR,
  2593                    "%s has no usable certification capable key", fpr);
  2594 
  2595     keypair = pgp_key_into_key_pair (NULL, pgp_key_clone (key));
  2596     if (! keypair)
  2597         ERROR_OUT (err, PEP_UNKNOWN_ERROR, "Creating a keypair");
  2598 
  2599     signer = pgp_key_pair_as_signer (keypair);
  2600     if (! signer)
  2601         ERROR_OUT (err, PEP_UNKNOWN_ERROR, "Creating a signer");
  2602 
  2603     tpk = pgp_tpk_revoke_in_place(&err, tpk, signer,
  2604                                   PGP_REASON_FOR_REVOCATION_UNSPECIFIED,
  2605                                   reason);
  2606     if (! tpk)
  2607         ERROR_OUT(err, PEP_UNKNOWN_ERROR, "setting expiration");
  2608 
  2609     assert(pgp_revocation_status_variant(pgp_tpk_revocation_status(tpk))
  2610            == PGP_REVOCATION_STATUS_REVOKED);
  2611 
  2612     status = tpk_save(session, tpk, NULL);
  2613     tpk = NULL;
  2614     ERROR_OUT(NULL, status, "Saving %s", fpr);
  2615 
  2616  out:
  2617     if (signer)
  2618         pgp_signer_free (signer);
  2619     if (keypair)
  2620         pgp_key_pair_free (keypair);
  2621     if (iter)
  2622         pgp_tpk_key_iter_free (iter);
  2623     if (tpk)
  2624         pgp_tpk_free(tpk);
  2625 
  2626     T("(%s) -> %s", fpr, pEp_status_to_string(status));
  2627     return status;
  2628 }
  2629 
  2630 PEP_STATUS pgp_key_expired(PEP_SESSION session, const char *fpr,
  2631                            const time_t when, bool *expired)
  2632 {
  2633     PEP_STATUS status = PEP_STATUS_OK;
  2634     pgp_tpk_t tpk = NULL;
  2635     T("(%s)", fpr);
  2636 
  2637     assert(session);
  2638     assert(fpr);
  2639     assert(expired);
  2640 
  2641     *expired = false;
  2642 
  2643     pgp_fingerprint_t pgp_fpr = pgp_fingerprint_from_hex(fpr);
  2644     status = tpk_find_by_fpr(session, pgp_fpr, false, &tpk, NULL);
  2645     pgp_fingerprint_free(pgp_fpr);
  2646     ERROR_OUT(NULL, status, "Looking up %s", fpr);
  2647 
  2648     // Is the TPK live?
  2649     *expired = !pgp_tpk_alive_at(tpk, when);
  2650     if (*expired)
  2651         goto out;
  2652 
  2653     // Are there at least one certification subkey, one signing subkey
  2654     // and one encryption subkey that are live?
  2655     int can_certify = 0, can_encrypt = 0, can_sign = 0;
  2656 
  2657     pgp_tpk_key_iter_t key_iter = pgp_tpk_key_iter_valid(tpk);
  2658     pgp_key_t key;
  2659     pgp_signature_t sig;
  2660     pgp_revocation_status_t rev;
  2661     while ((key = pgp_tpk_key_iter_next(key_iter, &sig, &rev))) {
  2662         if (! sig)
  2663             continue;
  2664 
  2665         if (pgp_signature_can_encrypt_for_transport(sig)
  2666             || pgp_signature_can_encrypt_at_rest(sig))
  2667             can_encrypt = 1;
  2668         if (pgp_signature_can_sign(sig))
  2669             can_sign = 1;
  2670         if (pgp_signature_can_certify(sig))
  2671             can_certify = 1;
  2672 
  2673         if (can_encrypt && can_sign && can_certify)
  2674             break;
  2675     }
  2676     pgp_tpk_key_iter_free(key_iter);
  2677 
  2678     *expired = !(can_encrypt && can_sign && can_certify);
  2679 
  2680  out:
  2681     if (tpk)
  2682         pgp_tpk_free(tpk);
  2683     T("(%s) -> %s", fpr, pEp_status_to_string(status));
  2684     return status;
  2685 }
  2686 
  2687 PEP_STATUS pgp_key_revoked(PEP_SESSION session, const char *fpr, bool *revoked)
  2688 {
  2689     PEP_STATUS status = PEP_STATUS_OK;
  2690     pgp_tpk_t tpk;
  2691 
  2692     T("(%s)", fpr);
  2693 
  2694     assert(session);
  2695     assert(fpr);
  2696     assert(revoked);
  2697 
  2698     *revoked = false;
  2699 
  2700     pgp_fingerprint_t pgp_fpr = pgp_fingerprint_from_hex(fpr);
  2701     status = tpk_find_by_fpr(session, pgp_fpr, false, &tpk, NULL);
  2702     pgp_fingerprint_free(pgp_fpr);
  2703     ERROR_OUT(NULL, status, "Looking up %s", fpr);
  2704 
  2705     pgp_revocation_status_t rs = pgp_tpk_revocation_status(tpk);
  2706     *revoked = pgp_revocation_status_variant(rs) == PGP_REVOCATION_STATUS_REVOKED;
  2707     pgp_revocation_status_free (rs);
  2708     pgp_tpk_free(tpk);
  2709 
  2710  out:
  2711     T("(%s) -> %s", fpr, pEp_status_to_string(status));
  2712     return status;
  2713 }
  2714 
  2715 PEP_STATUS pgp_key_created(PEP_SESSION session, const char *fpr, time_t *created)
  2716 {
  2717     PEP_STATUS status = PEP_STATUS_OK;
  2718     pgp_tpk_t tpk = NULL;
  2719     T("(%s)", fpr);
  2720 
  2721     *created = 0;
  2722 
  2723     pgp_fingerprint_t pgp_fpr = pgp_fingerprint_from_hex(fpr);
  2724     status = tpk_find_by_fpr(session, pgp_fpr, false, &tpk, NULL);
  2725     pgp_fingerprint_free(pgp_fpr);
  2726     ERROR_OUT(NULL, status, "Looking up %s", fpr);
  2727 
  2728     pgp_key_t k = pgp_tpk_primary(tpk);
  2729     *created = pgp_key_creation_time(k);
  2730     pgp_tpk_free(tpk);
  2731 
  2732  out:
  2733     T("(%s) -> %s", fpr, pEp_status_to_string(status));
  2734     return status;
  2735 }
  2736 
  2737 PEP_STATUS pgp_binary(const char **path)
  2738 {
  2739     *path = NULL;
  2740     return PEP_STATUS_OK;
  2741 }
  2742 
  2743 PEP_STATUS pgp_contains_priv_key(PEP_SESSION session, const char *fpr,
  2744                                  bool *has_private)
  2745 {
  2746     T("(%s)", fpr);
  2747     pgp_fingerprint_t pgp_fpr = pgp_fingerprint_from_hex(fpr);
  2748     PEP_STATUS status = tpk_find_by_fpr(session, pgp_fpr, true, NULL, NULL);
  2749     pgp_fingerprint_free(pgp_fpr);
  2750     if (status == PEP_STATUS_OK) {
  2751         *has_private = 1;
  2752     } else if (status == PEP_KEY_NOT_FOUND) {
  2753         *has_private = 0;
  2754         status = PEP_STATUS_OK;
  2755     }
  2756     T("(%s) -> %s, %s",
  2757       fpr, *has_private ? "priv" : "pub", pEp_status_to_string(status));
  2758     return status;
  2759 }