src/pEp_internal.h
author Krista Bennett <krista@pep-project.org>
Tue, 12 Sep 2017 19:17:44 +0200
changeset 2047 a4d4320b09bc
parent 1997 2c10033e2ade
child 2048 4612060c1d49
permissions -rw-r--r--
Added NOLOG define so that -DNOLOG can be used to shut down debug logs when not using -NDEBUG (we still need our asserts in testing even when we don't want logs ;)
     1 // This file is under GNU General Public License 3.0
     2 // see LICENSE.txt
     3 
     4 #define PEP_ENGINE_VERSION "0.8.0"
     5 
     6 // maximum attachment size to import as key 1MB, maximum of 20 attachments
     7 
     8 #define MAX_KEY_SIZE (1024 * 1024)
     9 #define MAX_KEYS_TO_IMPORT  20
    10 
    11 // this is 20 trustwords with 79 chars max
    12 #define MAX_TRUSTWORDS_SPACE (20 * 80)
    13 
    14 // XML parameters string
    15 #define PARMS_MAX 32768
    16 
    17 // maximum busy wait time in ms
    18 #define BUSY_WAIT_TIME 5000
    19 
    20 // maximum line length for reading gpg.conf
    21 #define MAX_LINELENGTH 1024
    22 
    23 // default keyserver
    24 #ifndef DEFAULT_KEYSERVER
    25 #define DEFAULT_KEYSERVER "hkp://keys.gnupg.net"
    26 #endif
    27 
    28 // crashdump constants
    29 #ifndef CRASHDUMP_DEFAULT_LINES
    30 #define CRASHDUMP_DEFAULT_LINES 100
    31 #endif
    32 #define CRASHDUMP_MAX_LINES 32767
    33 
    34 #include "platform.h"
    35 
    36 #ifdef WIN32
    37 #define LOCAL_DB windoze_local_db()
    38 #define SYSTEM_DB windoze_system_db()
    39 #define LIBGPGME "libgpgme-11.dll"
    40 #else // UNIX
    41 #define _POSIX_C_SOURCE 200809L
    42 #include <dlfcn.h>
    43 #define LOCAL_DB unix_local_db()
    44 #ifndef SYSTEM_DB
    45 #define SYSTEM_DB "/usr/share/pEp/system.db"
    46 #endif
    47 #ifndef LIBGPGME
    48 #define LIBGPGME "libgpgme-pthread.so"
    49 #endif
    50 #endif
    51 
    52 #include <locale.h>
    53 #include <stdlib.h>
    54 #include <string.h>
    55 #include <assert.h>
    56 #include <stdio.h>
    57 #include <ctype.h>
    58 
    59 #ifdef SQLITE3_FROM_OS
    60 #include <sqlite3.h>
    61 #else
    62 #include "sqlite3.h"
    63 #endif
    64 
    65 #define _EXPORT_PEP_ENGINE_DLL
    66 #include "pEpEngine.h"
    67 
    68 // If not specified, build for GPG
    69 #ifndef USE_NETPGP
    70 #ifndef USE_GPG
    71 #define USE_GPG
    72 #endif
    73 #endif
    74 
    75 #ifdef USE_GPG
    76 #include "pgp_gpg_internal.h"
    77 #elif defined(USE_NETPGP)
    78 #include "pgp_netpgp_internal.h"
    79 #endif
    80 
    81 #include "keymanagement.h"
    82 #include "cryptotech.h"
    83 #include "transport.h"
    84 #include "sync.h"
    85 
    86 #define NOT_IMPLEMENTED assert(0); return PEP_UNKNOWN_ERROR;
    87 
    88 struct _pEpSession;
    89 typedef struct _pEpSession pEpSession;
    90 struct _pEpSession {
    91     const char *version;
    92 #ifdef USE_GPG
    93     gpgme_ctx_t ctx;
    94 #elif defined(USE_NETPGP)
    95     pEpNetPGPSession ctx;
    96 #endif
    97 
    98     PEP_cryptotech_t *cryptotech;
    99     PEP_transport_t *transports;
   100 
   101     sqlite3 *db;
   102     sqlite3 *system_db;
   103 
   104     sqlite3_stmt *log;
   105     sqlite3_stmt *trustword;
   106     sqlite3_stmt *get_identity;
   107     sqlite3_stmt *replace_identities_fpr;
   108     sqlite3_stmt *set_person;
   109     sqlite3_stmt *set_device_group;
   110     sqlite3_stmt *get_device_group;
   111     sqlite3_stmt *set_pgp_keypair;
   112     sqlite3_stmt *set_identity;
   113     sqlite3_stmt *set_identity_flags;
   114     sqlite3_stmt *unset_identity_flags;
   115     sqlite3_stmt *set_trust;
   116     sqlite3_stmt *update_trust_for_fpr;
   117     sqlite3_stmt *get_trust;
   118     sqlite3_stmt *least_trust;
   119     sqlite3_stmt *mark_compromized;
   120     sqlite3_stmt *reset_trust;
   121     sqlite3_stmt *crashdump;
   122     sqlite3_stmt *languagelist;
   123     sqlite3_stmt *i18n_token;
   124 
   125     // blacklist
   126     sqlite3_stmt *blacklist_add;
   127     sqlite3_stmt *blacklist_delete;
   128     sqlite3_stmt *blacklist_is_listed;
   129     sqlite3_stmt *blacklist_retrieve;
   130     
   131     // Own keys
   132     sqlite3_stmt *own_key_is_listed;
   133     sqlite3_stmt *own_identities_retrieve;
   134     sqlite3_stmt *own_keys_retrieve;
   135     sqlite3_stmt *set_own_key;
   136 
   137     // sequence value
   138     sqlite3_stmt *sequence_value1;
   139     sqlite3_stmt *sequence_value2;
   140     sqlite3_stmt *sequence_value3;
   141 
   142     // revoked keys
   143     sqlite3_stmt *set_revoked;
   144     sqlite3_stmt *get_revoked;
   145 
   146     // callbacks
   147     examine_identity_t examine_identity;
   148     void *examine_management;
   149     void *sync_management;
   150     void *sync_obj;
   151     messageToSend_t messageToSend;
   152     notifyHandshake_t notifyHandshake;
   153     inject_sync_msg_t inject_sync_msg;
   154     retrieve_next_sync_msg_t retrieve_next_sync_msg;
   155 
   156     // key sync
   157     pEpSession* sync_session;
   158     DeviceState_state sync_state;
   159     void* sync_state_payload;
   160     char sync_uuid[37];
   161     time_t LastCannotDecrypt;
   162     time_t LastUpdateRequest;
   163 
   164     // runtime config
   165 
   166     bool passive_mode;
   167     bool unencrypted_subject;
   168     bool keep_sync_msg;
   169     bool service_log;
   170     
   171 #ifdef DEBUG_ERRORSTACK
   172     stringlist_t* errorstack;
   173 #endif
   174 };
   175 
   176 
   177 PEP_STATUS init_transport_system(PEP_SESSION session, bool in_first);
   178 void release_transport_system(PEP_SESSION session, bool out_last);
   179 
   180 /* NOT to be exposed to the outside!!! */
   181 PEP_STATUS encrypt_only(
   182         PEP_SESSION session, const stringlist_t *keylist, const char *ptext,
   183         size_t psize, char **ctext, size_t *csize
   184 );
   185 
   186 #if defined(NDEBUG) || defined(NOLOG)
   187 #define DEBUG_LOG(TITLE, ENTITY, DESC)
   188 #else
   189 #ifdef ANDROID
   190 #include <android/log.h>
   191 #define  LOG_MORE(...)  __android_log_print(ANDROID_LOG_DEBUG, "pEpEngine", " %s :: %s :: %s :: %s ", __VA_ARGS__);
   192 #else
   193 #include <stdio.h>
   194 #define  LOG_MORE(...)  fprintf(stderr, "pEpEngine DEBUG_LOG('%s','%s','%s','%s')\n", __VA_ARGS__);
   195 #endif
   196 #define DEBUG_LOG(TITLE, ENTITY, DESC) {\
   197     log_event(session, (TITLE), (ENTITY), (DESC), "debug " __FILE__ ":" S_LINE);\
   198     LOG_MORE((TITLE), (ENTITY), (DESC), __FILE__ ":" S_LINE)\
   199 }
   200 #endif
   201 
   202 typedef enum _normalize_hex_rest_t {
   203     accept_hex,
   204     ignore_hex,
   205     reject_hex
   206 } normalize_hex_res_t;
   207 
   208 static inline normalize_hex_res_t _normalize_hex(char *hex) 
   209 {
   210     if (*hex >= '0' && *hex <= '9')
   211         return accept_hex;
   212 
   213     if (*hex >= 'A' && *hex <= 'F') {
   214         *hex += 'a' - 'A';
   215         return accept_hex;
   216     }
   217 
   218     if (*hex >= 'a' && *hex <= 'f') 
   219         return accept_hex;
   220 
   221     if (*hex == ' ') 
   222         return ignore_hex;
   223 
   224     return reject_hex;
   225 }
   226 
   227 // Space tolerant and case insensitive fingerprint string compare
   228 static inline PEP_STATUS _compare_fprs(
   229         const char* fpra,
   230         size_t fpras,
   231         const char* fprb,
   232         size_t fprbs,
   233         int* comparison)
   234 {
   235 
   236     size_t ai = 0;
   237     size_t bi = 0;
   238     size_t significant = 0;
   239     int _comparison = 0;
   240     const int _FULL_FINGERPRINT_LENGTH = 40;
   241    
   242     // First compare every non-ignored chars until an end is reached
   243     while(ai < fpras && bi < fprbs)
   244     {
   245         char fprac = fpra[ai];
   246         char fprbc = fprb[bi];
   247         normalize_hex_res_t fprah = _normalize_hex(&fprac);
   248         normalize_hex_res_t fprbh = _normalize_hex(&fprbc);
   249 
   250         if(fprah == reject_hex || fprbh == reject_hex)
   251             return PEP_ILLEGAL_VALUE;
   252 
   253         if ( fprah == ignore_hex )
   254         {
   255             ai++;
   256         }
   257         else if ( fprbh == ignore_hex )
   258         {
   259             bi++;
   260         }
   261         else
   262         {
   263             if(fprac != fprbc && _comparison == 0 )
   264             {
   265                 _comparison = fprac > fprbc ? 1 : -1;
   266             }
   267 
   268             significant++;
   269             ai++;
   270             bi++;
   271 
   272         } 
   273     }
   274 
   275     // Bail out if we didn't got enough significnt chars
   276     if (significant != _FULL_FINGERPRINT_LENGTH )
   277         return PEP_TRUSTWORDS_FPR_WRONG_LENGTH;
   278 
   279     // Then purge remaining chars, all must be ignored chars
   280     while ( ai < fpras )
   281     {
   282         char fprac = fpra[ai];
   283         normalize_hex_res_t fprah = _normalize_hex(&fprac);
   284         if( fprah == reject_hex )
   285             return PEP_ILLEGAL_VALUE;
   286         if ( fprah != ignore_hex )
   287             return PEP_TRUSTWORDS_FPR_WRONG_LENGTH;
   288         ai++;
   289     }
   290     while ( bi < fprbs )
   291     {
   292         char fprbc = fprb[bi];
   293         normalize_hex_res_t fprbh = _normalize_hex(&fprbc);
   294         if( fprbh == reject_hex )
   295             return PEP_ILLEGAL_VALUE;
   296         if ( fprbh != ignore_hex )
   297             return PEP_TRUSTWORDS_FPR_WRONG_LENGTH;
   298         bi++;
   299     }
   300 
   301     *comparison = _comparison;
   302     return PEP_STATUS_OK;
   303 }
   304 
   305 static inline int _same_fpr(
   306         const char* fpra,
   307         size_t fpras,
   308         const char* fprb,
   309         size_t fprbs
   310     )
   311 {
   312     // illegal values are ignored, and considered not same.
   313     int comparison = 1;
   314 
   315     _compare_fprs(fpra, fpras, fprb, fprbs, &comparison);
   316 
   317     return comparison == 0;
   318 }
   319 
   320 static inline bool _identity_me(
   321         pEp_identity * identity
   322     )
   323 {
   324     return identity->user_id && strcmp(identity->user_id, PEP_OWN_USERID) == 0;
   325 }
   326 
   327 #ifdef DEBUG_ERRORSTACK
   328     PEP_STATUS session_add_error(PEP_SESSION session, const char* file, unsigned line, PEP_STATUS status);
   329     #define ADD_TO_LOG(status)   session_add_error(session, __FILE__, __LINE__, (status))
   330     #define GOTO(label)          do{ (void)session_add_error(session, __FILE__, __LINE__, status); goto label; }while(0)
   331 #else
   332     #define ADD_TO_LOG(status)   (status)
   333     #define GOTO(label)          goto label
   334 #endif