src/pEp_internal.h
author Krista 'DarthMama' Bennett <krista@pep.foundation>
Wed, 20 May 2020 12:26:22 +0200
changeset 4713 6a2d68d3e7db
parent 4672 9f99a202f9b9
child 4712 e01853b3f59d
permissions -rw-r--r--
Removing rancid doc files. If we have build instructions, we have a responsibility to keep them up to date. If not, they're more dangerous than they're worth.
     1 // This file is under GNU General Public License 3.0
     2 // see LICENSE.txt
     3 
     4 // maximum attachment size to import as key 1MB, maximum of 20 attachments
     5 
     6 #define MAX_KEY_SIZE (1024 * 1024)
     7 #define MAX_KEYS_TO_IMPORT  20
     8 
     9 #define KEY_EXPIRE_DELTA (60 * 60 * 24 * 365)
    10 
    11 // this is 20 trustwords with 79 chars max
    12 #define MAX_TRUSTWORDS_SPACE (20 * 80)
    13 
    14 // XML parameters string
    15 #define PARMS_MAX 32768
    16 
    17 // maximum busy wait time in ms
    18 #define BUSY_WAIT_TIME 5000
    19 
    20 // default keyserver
    21 #ifndef DEFAULT_KEYSERVER
    22 #define DEFAULT_KEYSERVER "hkps://keys.openpgp.org"
    23 #endif
    24 
    25 // crashdump constants
    26 #ifndef CRASHDUMP_DEFAULT_LINES
    27 #define CRASHDUMP_DEFAULT_LINES 100
    28 #endif
    29 #define CRASHDUMP_MAX_LINES 32767
    30 
    31 // p≡p full string, NUL-terminated
    32 #ifndef PEP_SUBJ_STRING
    33 #define PEP_SUBJ_STRING {0x70,0xE2,0x89,0xA1,0x70,0x00}
    34 #define PEP_SUBJ_BYTELEN 5
    35 #endif
    36 
    37 #ifndef PEP_SUBJ_KEY
    38 #define PEP_SUBJ_KEY "Subject: "
    39 #define PEP_SUBJ_KEY_LC "subject: "
    40 #define PEP_SUBJ_KEY_LEN 9
    41 #endif
    42 
    43 #ifndef PEP_MSG_WRAP_KEY
    44 #define PEP_MSG_WRAP_KEY "pEp-Wrapped-Message-Info: "
    45 #define PEP_MSG_WRAP_KEY_LC "pep-wrapped-message-info: "
    46 #define PEP_MSG_WRAP_KEY_LEN 26
    47 #endif
    48 
    49 #ifndef X_PEP_MSG_WRAP_KEY
    50 #define X_PEP_MSG_WRAP_KEY "X-pEp-Wrapped-Message-Info"
    51 #endif
    52 
    53 #ifndef X_PEP_SNDR_FPR_KEY
    54 #define X_PEP_SNDR_FPR_KEY "X-pEp-Sender-FPR"
    55 #endif
    56  
    57 #include "platform.h"
    58 
    59 #ifdef WIN32
    60 #define KEYS_DB windoze_keys_db()
    61 #define LOCAL_DB windoze_local_db()
    62 #define SYSTEM_DB windoze_system_db()
    63 #else // UNIX
    64 #define _POSIX_C_SOURCE 200809L
    65 #include <dlfcn.h>
    66 #ifdef NDEBUG
    67 #define LOCAL_DB unix_local_db()
    68 #else
    69 #define LOCAL_DB unix_local_db(false)
    70 #endif
    71 #ifdef ANDROID
    72 #define SYSTEM_DB android_system_db()
    73 #else
    74 #define SYSTEM_DB unix_system_db()
    75 #endif
    76 #endif
    77 
    78 #include <locale.h>
    79 #include <stdlib.h>
    80 #include <string.h>
    81 #include <assert.h>
    82 #include <stdio.h>
    83 #include <ctype.h>
    84 #include <math.h>
    85 
    86 #ifdef SQLITE3_FROM_OS
    87 #include <sqlite3.h>
    88 #else
    89 #include "sqlite3.h"
    90 #endif
    91 
    92 #include "pEpEngine.h"
    93 
    94 // If not specified, build for Sequoia
    95 #ifndef USE_SEQUOIA
    96 #define USE_SEQUOIA
    97 #endif
    98 
    99 #if defined(USE_SEQUOIA)
   100 #include "pgp_sequoia_internal.h"
   101 #endif
   102 
   103 #include "keymanagement.h"
   104 #include "cryptotech.h"
   105 #include "transport.h"
   106 #include "sync_api.h"
   107 #include "Sync_func.h"
   108 
   109 #include "key_reset.h"
   110 
   111 #define NOT_IMPLEMENTED assert(0); return PEP_UNKNOWN_ERROR;
   112 
   113 struct _pEpSession;
   114 typedef struct _pEpSession pEpSession;
   115 struct _pEpSession {
   116     const char *version;
   117     messageToSend_t messageToSend;
   118 
   119 #if defined(USE_SEQUOIA)
   120     sqlite3 *key_db;
   121     struct {
   122         sqlite3_stmt *begin_transaction;
   123         sqlite3_stmt *commit_transaction;
   124         sqlite3_stmt *rollback_transaction;
   125         sqlite3_stmt *cert_find;
   126         sqlite3_stmt *tsk_find;
   127         sqlite3_stmt *cert_find_by_keyid;
   128         sqlite3_stmt *tsk_find_by_keyid;
   129         sqlite3_stmt *cert_find_by_email;
   130         sqlite3_stmt *tsk_find_by_email;
   131         sqlite3_stmt *cert_all;
   132         sqlite3_stmt *tsk_all;
   133         sqlite3_stmt *cert_save_insert_primary;
   134         sqlite3_stmt *cert_save_insert_subkeys;
   135         sqlite3_stmt *cert_save_insert_userids;
   136         sqlite3_stmt *delete_keypair;
   137     } sq_sql;
   138 
   139     pgp_policy_t policy;
   140 #endif
   141 
   142     PEP_cryptotech_t *cryptotech;
   143     PEP_CIPHER_SUITE cipher_suite;
   144 
   145     PEP_transport_t *transports;
   146 
   147     sqlite3 *db;
   148     sqlite3 *system_db;
   149 
   150     sqlite3_stmt *log;
   151     sqlite3_stmt *trustword;
   152     sqlite3_stmt *get_identity;
   153     sqlite3_stmt *get_identity_without_trust_check;
   154     sqlite3_stmt *get_identities_by_address;
   155     sqlite3_stmt *get_identities_by_userid;
   156     sqlite3_stmt *get_identities_by_main_key_id;
   157     sqlite3_stmt *replace_identities_fpr;
   158     sqlite3_stmt *replace_main_user_fpr;
   159     sqlite3_stmt *replace_main_user_fpr_if_equal;
   160     sqlite3_stmt *get_main_user_fpr;
   161     sqlite3_stmt *refresh_userid_default_key;
   162     sqlite3_stmt *delete_key;
   163     sqlite3_stmt *remove_fpr_as_identity_default;
   164     sqlite3_stmt *remove_fpr_as_user_default;
   165     sqlite3_stmt *set_person;
   166     sqlite3_stmt *update_person;
   167     sqlite3_stmt *delete_person;
   168     sqlite3_stmt *exists_person;    
   169     sqlite3_stmt *set_as_pEp_user;
   170     sqlite3_stmt *is_pEp_user;
   171     sqlite3_stmt *upgrade_pEp_version_by_user_id;
   172     sqlite3_stmt *add_into_social_graph;
   173     sqlite3_stmt *get_own_address_binding_from_contact;
   174     sqlite3_stmt *set_revoke_contact_as_notified;
   175     sqlite3_stmt *get_contacted_ids_from_revoke_fpr;
   176     sqlite3_stmt *was_id_for_revoke_contacted;
   177     sqlite3_stmt *has_id_contacted_address;
   178     sqlite3_stmt *get_last_contacted;
   179     // sqlite3_stmt *set_device_group;
   180     // sqlite3_stmt *get_device_group;
   181     sqlite3_stmt *set_pgp_keypair;
   182     sqlite3_stmt *set_identity_entry;
   183     sqlite3_stmt *update_identity_entry;
   184     sqlite3_stmt *exists_identity_entry;        
   185     sqlite3_stmt *set_identity_flags;
   186     sqlite3_stmt *unset_identity_flags;
   187     sqlite3_stmt *set_pEp_version; 
   188     sqlite3_stmt *clear_trust_info;   
   189     sqlite3_stmt *set_trust;
   190     sqlite3_stmt *update_trust;
   191     sqlite3_stmt *exists_trust_entry;
   192     sqlite3_stmt *update_trust_to_pEp;
   193     sqlite3_stmt *update_trust_for_fpr;
   194     sqlite3_stmt *get_trust;
   195     sqlite3_stmt *get_trust_by_userid;
   196     sqlite3_stmt *least_trust;
   197     sqlite3_stmt *mark_compromised;
   198     sqlite3_stmt *reset_trust;
   199     sqlite3_stmt *crashdump;
   200     sqlite3_stmt *languagelist;
   201     sqlite3_stmt *i18n_token;
   202     sqlite3_stmt *replace_userid;
   203 
   204     // blacklist
   205     sqlite3_stmt *blacklist_add;
   206     sqlite3_stmt *blacklist_delete;
   207     sqlite3_stmt *blacklist_is_listed;
   208     sqlite3_stmt *blacklist_retrieve;
   209     
   210     // Keys
   211     sqlite3_stmt *own_key_is_listed;
   212     sqlite3_stmt *is_own_address;
   213     sqlite3_stmt *own_identities_retrieve;
   214     sqlite3_stmt *own_keys_retrieve;
   215     sqlite3_stmt *key_identities_retrieve;
   216     sqlite3_stmt *get_user_default_key;
   217     sqlite3_stmt *get_all_keys_for_user;
   218         
   219     sqlite3_stmt *get_default_own_userid;
   220 
   221 
   222 //    sqlite3_stmt *set_own_key;
   223 
   224     // sequence value
   225     sqlite3_stmt *sequence_value1;
   226     sqlite3_stmt *sequence_value2;
   227 
   228     // revoked keys
   229     sqlite3_stmt *set_revoked;
   230     sqlite3_stmt *get_revoked;
   231     sqlite3_stmt *get_replacement_fpr;
   232 
   233     // mistrusted
   234     sqlite3_stmt* add_mistrusted_key;
   235     sqlite3_stmt* is_mistrusted_key;    
   236     sqlite3_stmt* delete_mistrusted_key;
   237     
   238     // aliases
   239     sqlite3_stmt *get_userid_alias_default;
   240     sqlite3_stmt *add_userid_alias;
   241 
   242     // callbacks
   243     examine_identity_t examine_identity;
   244     void *examine_management;
   245     notifyHandshake_t notifyHandshake;
   246     inject_sync_event_t inject_sync_event;
   247     retrieve_next_sync_event_t retrieve_next_sync_event;
   248 
   249     // pEp Sync
   250     void *sync_management;
   251     void *sync_obj;
   252     struct Sync_state_s sync_state;
   253 
   254 //     void* sync_state_payload;
   255 //     char sync_uuid[37];
   256 //     time_t LastCannotDecrypt;
   257 //     time_t LastUpdateRequest;
   258 
   259     // runtime config
   260 
   261     bool passive_mode;
   262     bool unencrypted_subject;
   263     bool service_log;
   264     
   265 #ifndef NDEBUG
   266 #   ifdef DEBUG_ERRORSTACK
   267     stringlist_t* errorstack;
   268 #   endif
   269     int debug_color;
   270 #endif
   271 };
   272 
   273 
   274 PEP_STATUS init_transport_system(PEP_SESSION session, bool in_first);
   275 void release_transport_system(PEP_SESSION session, bool out_last);
   276 
   277 /* NOT to be exposed to the outside!!! */
   278 PEP_STATUS encrypt_only(
   279         PEP_SESSION session, const stringlist_t *keylist, const char *ptext,
   280         size_t psize, char **ctext, size_t *csize
   281 );
   282 
   283 void decorate_message(
   284     message *msg,
   285     PEP_rating rating,
   286     stringlist_t *keylist,
   287     bool add_version,
   288     bool clobber);
   289 
   290 #if defined(NDEBUG) || defined(NOLOG)
   291 #define DEBUG_LOG(TITLE, ENTITY, DESC)
   292 #else
   293 #ifdef ANDROID
   294 #include <android/log.h>
   295 #define  LOG_MORE(...)  __android_log_print(ANDROID_LOG_DEBUG, "pEpEngine", " %s :: %s :: %s :: %s ", __VA_ARGS__);
   296 #else
   297 #include <stdio.h>
   298 #define  LOG_MORE(...)  fprintf(stderr, "pEpEngine DEBUG_LOG('%s','%s','%s','%s')\n", __VA_ARGS__);
   299 #endif
   300 #define DEBUG_LOG(TITLE, ENTITY, DESC) {\
   301     log_event(session, (TITLE), (ENTITY), (DESC), "debug " __FILE__ ":" S_LINE);\
   302     LOG_MORE((TITLE), (ENTITY), (DESC), __FILE__ ":" S_LINE)\
   303 }
   304 #endif
   305 
   306 typedef enum _normalize_hex_rest_t {
   307     accept_hex,
   308     ignore_hex,
   309     reject_hex
   310 } normalize_hex_res_t;
   311 
   312 static inline normalize_hex_res_t _normalize_hex(char *hex) 
   313 {
   314     if (*hex >= '0' && *hex <= '9')
   315         return accept_hex;
   316 
   317     if (*hex >= 'A' && *hex <= 'F') {
   318         *hex += 'a' - 'A';
   319         return accept_hex;
   320     }
   321 
   322     if (*hex >= 'a' && *hex <= 'f') 
   323         return accept_hex;
   324 
   325     if (*hex == ' ') 
   326         return ignore_hex;
   327 
   328     return reject_hex;
   329 }
   330 
   331 // Space tolerant and case insensitive fingerprint string compare
   332 static inline PEP_STATUS _compare_fprs(
   333         const char* fpra,
   334         size_t fpras,
   335         const char* fprb,
   336         size_t fprbs,
   337         int* comparison)
   338 {
   339 
   340     size_t ai = 0;
   341     size_t bi = 0;
   342     size_t significant = 0;
   343     int _comparison = 0;
   344     const int _FULL_FINGERPRINT_LENGTH = 40;
   345    
   346     // First compare every non-ignored chars until an end is reached
   347     while(ai < fpras && bi < fprbs)
   348     {
   349         char fprac = fpra[ai];
   350         char fprbc = fprb[bi];
   351         normalize_hex_res_t fprah = _normalize_hex(&fprac);
   352         normalize_hex_res_t fprbh = _normalize_hex(&fprbc);
   353 
   354         if(fprah == reject_hex || fprbh == reject_hex)
   355             return PEP_ILLEGAL_VALUE;
   356 
   357         if ( fprah == ignore_hex )
   358         {
   359             ai++;
   360         }
   361         else if ( fprbh == ignore_hex )
   362         {
   363             bi++;
   364         }
   365         else
   366         {
   367             if(fprac != fprbc && _comparison == 0 )
   368             {
   369                 _comparison = fprac > fprbc ? 1 : -1;
   370             }
   371 
   372             significant++;
   373             ai++;
   374             bi++;
   375 
   376         } 
   377     }
   378 
   379     // Bail out if we didn't got enough significnt chars
   380     if (significant != _FULL_FINGERPRINT_LENGTH )
   381         return PEP_TRUSTWORDS_FPR_WRONG_LENGTH;
   382 
   383     // Then purge remaining chars, all must be ignored chars
   384     while ( ai < fpras )
   385     {
   386         char fprac = fpra[ai];
   387         normalize_hex_res_t fprah = _normalize_hex(&fprac);
   388         if( fprah == reject_hex )
   389             return PEP_ILLEGAL_VALUE;
   390         if ( fprah != ignore_hex )
   391             return PEP_TRUSTWORDS_FPR_WRONG_LENGTH;
   392         ai++;
   393     }
   394     while ( bi < fprbs )
   395     {
   396         char fprbc = fprb[bi];
   397         normalize_hex_res_t fprbh = _normalize_hex(&fprbc);
   398         if( fprbh == reject_hex )
   399             return PEP_ILLEGAL_VALUE;
   400         if ( fprbh != ignore_hex )
   401             return PEP_TRUSTWORDS_FPR_WRONG_LENGTH;
   402         bi++;
   403     }
   404 
   405     *comparison = _comparison;
   406     return PEP_STATUS_OK;
   407 }
   408 
   409 static inline int _same_fpr(
   410         const char* fpra,
   411         size_t fpras,
   412         const char* fprb,
   413         size_t fprbs
   414     )
   415 {
   416     // illegal values are ignored, and considered not same.
   417     int comparison = 1;
   418 
   419     _compare_fprs(fpra, fpras, fprb, fprbs, &comparison);
   420 
   421     return comparison == 0;
   422 }
   423 
   424 // size is the length of the bytestr that's coming in. This is really only intended
   425 // for comparing two full strings. If charstr's length is different from bytestr_size,
   426 // we'll return a non-zero value.
   427 static inline int _unsigned_signed_strcmp(const unsigned char* bytestr, const char* charstr, int bytestr_size) {
   428     int charstr_len = strlen(charstr);
   429     if (charstr_len != bytestr_size)
   430         return -1; // we don't actually care except that it's non-zero
   431     return memcmp(bytestr, charstr, bytestr_size);
   432 }
   433 
   434 // This is just a horrible example of C type madness. UTF-8 made me do it.
   435 static inline char* _pEp_subj_copy() {
   436 #ifndef WIN32
   437     unsigned char pEpstr[] = PEP_SUBJ_STRING;
   438     void* retval = calloc(1, sizeof(unsigned char)*PEP_SUBJ_BYTELEN + 1);
   439     memcpy(retval, pEpstr, PEP_SUBJ_BYTELEN);
   440     return (char*)retval;
   441 #else
   442     return strdup("pEp");
   443 #endif
   444 }
   445 
   446 static inline bool is_me(PEP_SESSION session, pEp_identity* test_ident) {
   447     bool retval = false;
   448     if (test_ident && test_ident->user_id) {
   449         char* def_id = NULL;
   450         get_default_own_userid(session, &def_id);
   451         if (test_ident->me || 
   452             (def_id && strcmp(def_id, test_ident->user_id) == 0)) {
   453             retval = true;
   454         }
   455         free(def_id);
   456     }
   457     return retval;
   458 }
   459 
   460 static inline float pEp_version_numeric(const char* version_str) {
   461     float retval = 0;    
   462         
   463     if (!version_str || sscanf(version_str, "%f", &retval) != 1)
   464         return 0;
   465         
   466     return retval;    
   467 }
   468 
   469 static inline void pEp_version_major_minor(const char* version_str, unsigned int* major, unsigned int* minor) {
   470     if (!major || !minor)
   471         return;
   472                 
   473     if (!version_str || sscanf(version_str, "%u.%u", major, minor) != 2) {
   474         *major = 0;
   475         *minor = 0;
   476     }
   477         
   478     return;    
   479 }
   480 
   481 static inline int compare_versions(unsigned int first_maj, unsigned int first_min,
   482                                    unsigned int second_maj, unsigned int second_min) {
   483     if (first_maj > second_maj)
   484         return 1;
   485     if (first_maj < second_maj)
   486         return -1;
   487     if (first_min > second_min)
   488         return 1;
   489     if (first_min < second_min)
   490         return -1;
   491     return 0;    
   492 }
   493 
   494 static inline void set_min_version(unsigned int first_maj, unsigned int first_minor,
   495                                    unsigned int second_maj, unsigned int second_minor,
   496                                    unsigned int* result_maj, unsigned int* result_minor) {
   497     int result = compare_versions(first_maj, first_minor, second_maj, second_minor);
   498     if (result < 0) {
   499         *result_maj = first_maj;
   500         *result_minor = first_minor;
   501     }
   502     else {
   503         *result_maj = second_maj;
   504         *result_minor = second_minor;
   505     }    
   506 }
   507 
   508 static inline void set_max_version(unsigned int first_maj, unsigned int first_minor,
   509                                    unsigned int second_maj, unsigned int second_minor,
   510                                    unsigned int* result_maj, unsigned int* result_minor) {
   511     int result = compare_versions(first_maj, first_minor, second_maj, second_minor);
   512     if (result > 0) {
   513         *result_maj = first_maj;
   514         *result_minor = first_minor;
   515     }
   516     else {
   517         *result_maj = second_maj;
   518         *result_minor = second_minor;
   519     }    
   520 }
   521 
   522 #ifndef EMPTYSTR
   523 #define EMPTYSTR(STR) ((STR) == NULL || (STR)[0] == '\0')
   524 #endif
   525 
   526 #ifndef IS_PGP_CT
   527 #define IS_PGP_CT(CT) (((CT) | PEP_ct_confirmed) == PEP_ct_OpenPGP)
   528 #endif
   529 
   530 #ifndef _MIN
   531 #define _MIN(A, B) ((B) > (A) ? (A) : (B))
   532 #endif
   533 #ifndef _MAX
   534 #define _MAX(A, B) ((B) > (A) ? (B) : (A))
   535 #endif
   536 
   537 // These are globals used in generating message IDs and should only be
   538 // computed once, as they're either really constants or OS-dependent
   539 
   540 extern int _pEp_rand_max_bits;
   541 extern double _pEp_log2_36;
   542 
   543 static inline void _init_globals() {
   544     _pEp_rand_max_bits = (int) ceil(log2((double) RAND_MAX));
   545     _pEp_log2_36 = log2(36);
   546 }
   547 
   548 // spinlock implementation
   549 
   550 static inline int Sqlite3_step(sqlite3_stmt* stmt)
   551 {
   552     int rc;
   553     do {
   554         rc = sqlite3_step(stmt);
   555     } while (rc == SQLITE_BUSY || rc == SQLITE_LOCKED);
   556     return rc;
   557 }