src/pEp_internal.h
author Krista Bennett <krista@pep-project.org>
Tue, 31 Jul 2018 11:08:43 +0200
branchENGINE-450-MARK-II
changeset 2792 bc4b1dff3fdb
parent 2791 9e7e4d84b06c
permissions -rw-r--r--
Ok, so I horked the ENGINE-450 branch through a misunderstanding of strip and a lazy mistake. Recomposing here.
     1 // This file is under GNU General Public License 3.0
     2 // see LICENSE.txt
     3 
     4 
     5 // THESE MUST ALL BE CHANGED TOGETHER!!!!
     6 #define PEP_ENGINE_VERSION "1.0.441"
     7 #define PEP_ENGINE_MAJOR 1
     8 #define PEP_ENGINE_MINOR 0
     9 #define PEP_ENGINE_PATCH 441
    10 
    11 // maximum attachment size to import as key 1MB, maximum of 20 attachments
    12 
    13 #define MAX_KEY_SIZE (1024 * 1024)
    14 #define MAX_KEYS_TO_IMPORT  20
    15 
    16 #define KEY_EXPIRE_DELTA (60 * 60 * 24 * 365)
    17 
    18 // this is 20 trustwords with 79 chars max
    19 #define MAX_TRUSTWORDS_SPACE (20 * 80)
    20 
    21 // XML parameters string
    22 #define PARMS_MAX 32768
    23 
    24 // maximum busy wait time in ms
    25 #define BUSY_WAIT_TIME 5000
    26 
    27 // maximum line length for reading gpg.conf
    28 #define MAX_LINELENGTH 1024
    29 
    30 // default keyserver
    31 #ifndef DEFAULT_KEYSERVER
    32 #define DEFAULT_KEYSERVER "hkp://keys.gnupg.net"
    33 #endif
    34 
    35 // crashdump constants
    36 #ifndef CRASHDUMP_DEFAULT_LINES
    37 #define CRASHDUMP_DEFAULT_LINES 100
    38 #endif
    39 #define CRASHDUMP_MAX_LINES 32767
    40 
    41 // p≡p full string, NUL-terminated
    42 #ifndef PEP_SUBJ_STRING
    43 #define PEP_SUBJ_STRING {0x70,0xE2,0x89,0xA1,0x70,0x00}
    44 #define PEP_SUBJ_BYTELEN 5
    45 #endif
    46 
    47 #ifndef PEP_SUBJ_KEY
    48 #define PEP_SUBJ_KEY "Subject: "
    49 #define PEP_SUBJ_KEY_LC "subject: "
    50 #define PEP_SUBJ_KEY_LEN 9
    51 #endif
    52 
    53 #ifndef PEP_MSG_WRAP_KEY
    54 #define PEP_MSG_WRAP_KEY "pEp-Wrapped-Message-Info: "
    55 #define PEP_MSG_WRAP_KEY_LC "pep-wrapped-message-info: "
    56 #define PEP_MSG_WRAP_KEY_LEN 26
    57 #endif
    58 
    59 
    60 #include "platform.h"
    61 
    62 #ifdef WIN32
    63 #define LOCAL_DB windoze_local_db()
    64 #define SYSTEM_DB windoze_system_db()
    65 #define LIBGPGME "libgpgme-11.dll"
    66 #else // UNIX
    67 #define _POSIX_C_SOURCE 200809L
    68 #include <dlfcn.h>
    69 #ifdef NDEBUG
    70 #define LOCAL_DB unix_local_db()
    71 #else
    72 #define LOCAL_DB unix_local_db(false)
    73 #endif
    74 #ifndef SYSTEM_DB
    75 #define SYSTEM_DB "/usr/share/pEp/system.db"
    76 #endif
    77 #ifndef LIBGPGME
    78 #define LIBGPGME "libgpgme-pthread.so"
    79 #endif
    80 #endif
    81 
    82 #include <locale.h>
    83 #include <stdlib.h>
    84 #include <string.h>
    85 #include <assert.h>
    86 #include <stdio.h>
    87 #include <ctype.h>
    88 #include <math.h>
    89 
    90 #ifdef SQLITE3_FROM_OS
    91 #include <sqlite3.h>
    92 #else
    93 #include "sqlite3.h"
    94 #endif
    95 
    96 #include "pEpEngine.h"
    97 
    98 // If not specified, build for GPG
    99 #ifndef USE_NETPGP
   100 #ifndef USE_GPG
   101 #define USE_GPG
   102 #endif
   103 #endif
   104 
   105 #ifdef USE_GPG
   106 #include "pgp_gpg_internal.h"
   107 #elif defined(USE_NETPGP)
   108 #include "pgp_netpgp_internal.h"
   109 #endif
   110 
   111 #include "keymanagement.h"
   112 #include "cryptotech.h"
   113 #include "transport.h"
   114 #include "sync.h"
   115 
   116 #define NOT_IMPLEMENTED assert(0); return PEP_UNKNOWN_ERROR;
   117 
   118 struct _pEpSession;
   119 typedef struct _pEpSession pEpSession;
   120 struct _pEpSession {
   121     const char *version;
   122 #ifdef USE_GPG
   123     gpgme_ctx_t ctx;
   124 #elif defined(USE_NETPGP)
   125     pEpNetPGPSession ctx;
   126 #endif
   127 
   128     PEP_cryptotech_t *cryptotech;
   129     PEP_transport_t *transports;
   130 
   131     sqlite3 *db;
   132     sqlite3 *system_db;
   133 
   134     sqlite3_stmt *log;
   135     sqlite3_stmt *trustword;
   136     sqlite3_stmt *get_cached_engine_version;
   137     sqlite3_stmt *set_cached_engine_version;    
   138     sqlite3_stmt *get_identity;
   139     sqlite3_stmt *get_identity_without_trust_check;
   140     sqlite3_stmt *get_identities_by_address;
   141     sqlite3_stmt *replace_identities_fpr;
   142     sqlite3_stmt *replace_main_user_fpr;
   143     sqlite3_stmt *get_main_user_fpr;
   144     sqlite3_stmt *refresh_userid_default_key;
   145     sqlite3_stmt *remove_fpr_as_default;
   146     sqlite3_stmt *set_person;
   147     sqlite3_stmt *update_person;
   148     sqlite3_stmt *exists_person;    
   149     sqlite3_stmt *set_as_pep_user;
   150     sqlite3_stmt *is_pep_user;
   151     sqlite3_stmt *set_device_group;
   152     sqlite3_stmt *get_device_group;
   153     sqlite3_stmt *set_pgp_keypair;
   154     sqlite3_stmt *set_identity_entry;
   155     sqlite3_stmt *update_identity_entry;
   156     sqlite3_stmt *exists_identity_entry;        
   157     sqlite3_stmt *set_identity_flags;
   158     sqlite3_stmt *unset_identity_flags;
   159     sqlite3_stmt *set_trust;
   160     sqlite3_stmt *update_trust;
   161     sqlite3_stmt *update_trust_to_pep;    
   162     sqlite3_stmt *exists_trust_entry;
   163     sqlite3_stmt *update_trust_for_fpr;
   164     sqlite3_stmt *get_trust;
   165     sqlite3_stmt *least_trust;
   166     sqlite3_stmt *mark_compromised;
   167     sqlite3_stmt *reset_trust;
   168     sqlite3_stmt *crashdump;
   169     sqlite3_stmt *languagelist;
   170     sqlite3_stmt *i18n_token;
   171     sqlite3_stmt *replace_userid;
   172 
   173     // blacklist
   174     sqlite3_stmt *blacklist_add;
   175     sqlite3_stmt *blacklist_delete;
   176     sqlite3_stmt *blacklist_is_listed;
   177     sqlite3_stmt *blacklist_retrieve;
   178     
   179     // Own keys
   180     sqlite3_stmt *own_key_is_listed;
   181     sqlite3_stmt *own_identities_retrieve;
   182     sqlite3_stmt *own_keys_retrieve;
   183     sqlite3_stmt *get_user_default_key;
   184         
   185     sqlite3_stmt *get_default_own_userid;
   186 
   187 //    sqlite3_stmt *set_own_key;
   188 
   189     // sequence value
   190     sqlite3_stmt *sequence_value1;
   191     sqlite3_stmt *sequence_value2;
   192     sqlite3_stmt *sequence_value3;
   193 
   194     // revoked keys
   195     sqlite3_stmt *set_revoked;
   196     sqlite3_stmt *get_revoked;
   197 
   198     // mistrusted
   199     sqlite3_stmt* add_mistrusted_key;
   200     sqlite3_stmt* is_mistrusted_key;    
   201     sqlite3_stmt* delete_mistrusted_key;
   202     
   203     // aliases
   204     sqlite3_stmt *get_userid_alias_default;
   205     sqlite3_stmt *add_userid_alias;
   206 
   207     // callbacks
   208     examine_identity_t examine_identity;
   209     void *examine_management;
   210     void *sync_management;
   211     void *sync_obj;
   212     messageToSend_t messageToSend;
   213     notifyHandshake_t notifyHandshake;
   214     inject_sync_msg_t inject_sync_msg;
   215     retrieve_next_sync_msg_t retrieve_next_sync_msg;
   216 
   217     // key sync
   218     pEpSession* sync_session;
   219     DeviceState_state sync_state;
   220     void* sync_state_payload;
   221     char sync_uuid[37];
   222     time_t LastCannotDecrypt;
   223     time_t LastUpdateRequest;
   224 
   225     // runtime config
   226 
   227     bool passive_mode;
   228     bool unencrypted_subject;
   229     bool keep_sync_msg;
   230     bool service_log;
   231 
   232     // mistrust undo cache
   233     pEp_identity* cached_mistrusted;
   234     
   235 #ifdef DEBUG_ERRORSTACK
   236     stringlist_t* errorstack;
   237 #endif
   238 };
   239 
   240 
   241 PEP_STATUS init_transport_system(PEP_SESSION session, bool in_first);
   242 void release_transport_system(PEP_SESSION session, bool out_last);
   243 
   244 /* NOT to be exposed to the outside!!! */
   245 PEP_STATUS encrypt_only(
   246         PEP_SESSION session, const stringlist_t *keylist, const char *ptext,
   247         size_t psize, char **ctext, size_t *csize
   248 );
   249 
   250 #if defined(NDEBUG) || defined(NOLOG)
   251 #define DEBUG_LOG(TITLE, ENTITY, DESC)
   252 #else
   253 #ifdef ANDROID
   254 #include <android/log.h>
   255 #define  LOG_MORE(...)  __android_log_print(ANDROID_LOG_DEBUG, "pEpEngine", " %s :: %s :: %s :: %s ", __VA_ARGS__);
   256 #else
   257 #include <stdio.h>
   258 #define  LOG_MORE(...)  fprintf(stderr, "pEpEngine DEBUG_LOG('%s','%s','%s','%s')\n", __VA_ARGS__);
   259 #endif
   260 #define DEBUG_LOG(TITLE, ENTITY, DESC) {\
   261     log_event(session, (TITLE), (ENTITY), (DESC), "debug " __FILE__ ":" S_LINE);\
   262     LOG_MORE((TITLE), (ENTITY), (DESC), __FILE__ ":" S_LINE)\
   263 }
   264 #endif
   265 
   266 typedef enum _normalize_hex_rest_t {
   267     accept_hex,
   268     ignore_hex,
   269     reject_hex
   270 } normalize_hex_res_t;
   271 
   272 static inline normalize_hex_res_t _normalize_hex(char *hex) 
   273 {
   274     if (*hex >= '0' && *hex <= '9')
   275         return accept_hex;
   276 
   277     if (*hex >= 'A' && *hex <= 'F') {
   278         *hex += 'a' - 'A';
   279         return accept_hex;
   280     }
   281 
   282     if (*hex >= 'a' && *hex <= 'f') 
   283         return accept_hex;
   284 
   285     if (*hex == ' ') 
   286         return ignore_hex;
   287 
   288     return reject_hex;
   289 }
   290 
   291 // Space tolerant and case insensitive fingerprint string compare
   292 static inline PEP_STATUS _compare_fprs(
   293         const char* fpra,
   294         size_t fpras,
   295         const char* fprb,
   296         size_t fprbs,
   297         int* comparison)
   298 {
   299 
   300     size_t ai = 0;
   301     size_t bi = 0;
   302     size_t significant = 0;
   303     int _comparison = 0;
   304     const int _FULL_FINGERPRINT_LENGTH = 40;
   305    
   306     // First compare every non-ignored chars until an end is reached
   307     while(ai < fpras && bi < fprbs)
   308     {
   309         char fprac = fpra[ai];
   310         char fprbc = fprb[bi];
   311         normalize_hex_res_t fprah = _normalize_hex(&fprac);
   312         normalize_hex_res_t fprbh = _normalize_hex(&fprbc);
   313 
   314         if(fprah == reject_hex || fprbh == reject_hex)
   315             return PEP_ILLEGAL_VALUE;
   316 
   317         if ( fprah == ignore_hex )
   318         {
   319             ai++;
   320         }
   321         else if ( fprbh == ignore_hex )
   322         {
   323             bi++;
   324         }
   325         else
   326         {
   327             if(fprac != fprbc && _comparison == 0 )
   328             {
   329                 _comparison = fprac > fprbc ? 1 : -1;
   330             }
   331 
   332             significant++;
   333             ai++;
   334             bi++;
   335 
   336         } 
   337     }
   338 
   339     // Bail out if we didn't got enough significnt chars
   340     if (significant != _FULL_FINGERPRINT_LENGTH )
   341         return PEP_TRUSTWORDS_FPR_WRONG_LENGTH;
   342 
   343     // Then purge remaining chars, all must be ignored chars
   344     while ( ai < fpras )
   345     {
   346         char fprac = fpra[ai];
   347         normalize_hex_res_t fprah = _normalize_hex(&fprac);
   348         if( fprah == reject_hex )
   349             return PEP_ILLEGAL_VALUE;
   350         if ( fprah != ignore_hex )
   351             return PEP_TRUSTWORDS_FPR_WRONG_LENGTH;
   352         ai++;
   353     }
   354     while ( bi < fprbs )
   355     {
   356         char fprbc = fprb[bi];
   357         normalize_hex_res_t fprbh = _normalize_hex(&fprbc);
   358         if( fprbh == reject_hex )
   359             return PEP_ILLEGAL_VALUE;
   360         if ( fprbh != ignore_hex )
   361             return PEP_TRUSTWORDS_FPR_WRONG_LENGTH;
   362         bi++;
   363     }
   364 
   365     *comparison = _comparison;
   366     return PEP_STATUS_OK;
   367 }
   368 
   369 static inline int _same_fpr(
   370         const char* fpra,
   371         size_t fpras,
   372         const char* fprb,
   373         size_t fprbs
   374     )
   375 {
   376     // illegal values are ignored, and considered not same.
   377     int comparison = 1;
   378 
   379     _compare_fprs(fpra, fpras, fprb, fprbs, &comparison);
   380 
   381     return comparison == 0;
   382 }
   383 
   384 // size is the length of the bytestr that's coming in. This is really only intended
   385 // for comparing two full strings. If charstr's length is different from bytestr_size,
   386 // we'll return a non-zero value.
   387 static inline int _unsigned_signed_strcmp(const unsigned char* bytestr, const char* charstr, int bytestr_size) {
   388     int charstr_len = strlen(charstr);
   389     if (charstr_len != bytestr_size)
   390         return -1; // we don't actually care except that it's non-zero
   391     return memcmp(bytestr, charstr, bytestr_size);
   392 }
   393 
   394 // This is just a horrible example of C type madness. UTF-8 made me do it.
   395 static inline char* _pep_subj_copy() {
   396 #ifndef WIN32
   397     unsigned char pepstr[] = PEP_SUBJ_STRING;
   398     void* retval = calloc(1, sizeof(unsigned char)*PEP_SUBJ_BYTELEN + 1);
   399     memcpy(retval, pepstr, PEP_SUBJ_BYTELEN);
   400     return (char*)retval;
   401 #else
   402     return strdup("pEp");
   403 #endif
   404 }
   405 
   406 static inline bool is_me(PEP_SESSION session, pEp_identity* test_ident) {
   407     bool retval = false;
   408     if (test_ident && test_ident->user_id) {
   409         char* def_id = NULL;
   410         get_default_own_userid(session, &def_id);
   411         if (test_ident->me || 
   412             (def_id && strcmp(def_id, test_ident->user_id) == 0)) {
   413             retval = true;
   414         }
   415         free(def_id);
   416     }
   417     return retval;
   418 }
   419 
   420 #ifndef EMPTYSTR
   421 #define EMPTYSTR(STR) ((STR) == NULL || (STR)[0] == '\0')
   422 #endif
   423 
   424 #ifndef IS_PGP_CT
   425 #define IS_PGP_CT(CT) (((CT) | PEP_ct_confirmed) == PEP_ct_OpenPGP)
   426 #endif
   427 
   428 #ifndef _MIN
   429 #define _MIN(A, B) ((B) > (A) ? (A) : (B))
   430 #endif
   431 #ifndef _MAX
   432 #define _MAX(A, B) ((B) > (A) ? (B) : (A))
   433 #endif
   434 
   435 
   436 // These are globals used in generating message IDs and should only be
   437 // computed once, as they're either really constants or OS-dependent
   438 
   439 extern int _pEp_rand_max_bits;
   440 extern double _pEp_log2_36;
   441 
   442 static inline void _init_globals() {
   443     _pEp_rand_max_bits = (int) ceil(log2((double) RAND_MAX));
   444     _pEp_log2_36 = log2(36);
   445 }