Periodic commit on check_signed_message impl. fdik_sync
authorKrista Bennett <krista@pep-project.org>
Thu, 16 Mar 2017 16:12:36 +0100
branchfdik_sync
changeset 167909e74df2e875
parent 1678 0f63e86eda03
child 1680 fecf772e5842
Periodic commit on check_signed_message impl.
src/message_api.c
src/message_api.h
src/pEpEngine.h
     1.1 --- a/src/message_api.c	Thu Mar 16 09:50:00 2017 +0100
     1.2 +++ b/src/message_api.c	Thu Mar 16 16:12:36 2017 +0100
     1.3 @@ -1207,19 +1207,6 @@
     1.4      return status;
     1.5  }
     1.6  
     1.7 -PEP_STATUS check_signed_message(PEP_SESSION session,
     1.8 -                                message *src,
     1.9 -                                char** signing_key_ptr
    1.10 -                            )
    1.11 -{                          
    1.12 -    if (!signing_key_ptr)
    1.13 -        return PEP_ILLEGAL_VALUE;
    1.14 - 
    1.15 -    PEP_STATUS status = PEP_VERIFY_NO_KEY;
    1.16 -    signing_key_ptr = NULL;
    1.17 -    return status;                              
    1.18 -}
    1.19 -
    1.20  
    1.21  DYNAMIC_API PEP_STATUS encrypt_message(
    1.22          PEP_SESSION session,
    1.23 @@ -1718,6 +1705,117 @@
    1.24      return status;
    1.25  }
    1.26  
    1.27 +PEP_STATUS check_signed_message(PEP_SESSION session,
    1.28 +                                message *src,
    1.29 +                                char** signing_key_ptr
    1.30 +                            )
    1.31 +{                          
    1.32 +    if (!signing_key_ptr || !src || !session || !src->from ||
    1.33 +        !src->from->address)
    1.34 +        return PEP_ILLEGAL_VALUE;
    1.35 + 
    1.36 +    PEP_STATUS status = PEP_VERIFY_NO_KEY;
    1.37 +    signing_key_ptr = NULL;
    1.38 +    
    1.39 +    determine_encryption_format(src);
    1.40 +    if (src->enc_format != PEP_enc_none)
    1.41 +        return PEP_ILLEGAL_VALUE;
    1.42 +
    1.43 +    /* Ok, input checked, let's go */
    1.44 +    bool imported_keys = import_attached_keys(session, src, NULL);
    1.45 +
    1.46 +    // Update src->from in case we just imported a key
    1.47 +    // we would need to check signature
    1.48 +    status = _update_identity_for_incoming_message(session, src);
    1.49 +    if(status != PEP_STATUS_OK)
    1.50 +        return status;
    1.51 +    
    1.52 +    // Get detached signature, if any
    1.53 +    bloblist_t* detached_sig = NULL;
    1.54 +    char* dsig_text = NULL;
    1.55 +    size_t dsig_size = 0;
    1.56 +    status = _get_detached_signature(src, &detached_sig);
    1.57 +    if (detached_sig) {
    1.58 +        dsig_text = detached_sig->value;
    1.59 +        dsig_size = detached_sig->size;
    1.60 +    }
    1.61 +    else {
    1.62 +        // Per Volker, we don't deal with clearsigned texts here. Period.
    1.63 +        // This means that we have to implement clearsign-splitting
    1.64 +        // in parsing.
    1.65 +        return PEP_VERIFY_NO_SIGNATURE;
    1.66 +    }
    1.67 +
    1.68 +    /* Pull bodies stuck in the attachments up. */
    1.69 +    /* FIXME: Actually, this is also something  */
    1.70 +    /* that should be fixed at a higher level   */
    1.71 +    char* slong = src->longmsg;
    1.72 +    char* sform = src->longmsg_formatted;
    1.73 +    bloblist_t* satt = src->attachments;
    1.74 +    
    1.75 +    if ((!slong || slong[0] == '\0')
    1.76 +         && (!sform || sform[0] == '\0')) {
    1.77 +        if (satt) {
    1.78 +            const char* inner_mime_type = satt->mime_type;
    1.79 +            if (strcasecmp(inner_mime_type, "text/plain") == 0) {
    1.80 +                free(slong); /* in case of "" */
    1.81 +                src->longmsg = strndup(satt->value, satt->size); // N.B.: longmsg might be shorter, if attachment contains NUL bytes which are not allowed in text/plain!
    1.82 +                
    1.83 +                bloblist_t* next_node = satt->next;
    1.84 +                if (next_node) {
    1.85 +                    inner_mime_type = next_node->mime_type;
    1.86 +                    if (strcasecmp(inner_mime_type, "text/html") == 0) {
    1.87 +                        free(sform);
    1.88 +                        src->longmsg_formatted = strndup(next_node->value, next_node->size);  // N.B.: longmsg might be shorter, if attachment contains NUL bytes which are not allowed in text/plain!
    1.89 +                    }
    1.90 +                }
    1.91 +            }
    1.92 +            else if (strcasecmp(inner_mime_type, "text/html") == 0) {
    1.93 +                free(sform);
    1.94 +                src->longmsg_formatted = strndup(satt->value, satt->size);  // N.B.: longmsg might be shorter, if attachment contains NUL bytes which are not allowed in text/plain!
    1.95 +            }
    1.96 +        }
    1.97 +    }
    1.98 +
    1.99 +    if (detached_sig) {
   1.100 +        dsig_text = detached_sig->value;
   1.101 +        dsig_size = detached_sig->size;
   1.102 +        size_t ssize = 0;
   1.103 +        char* stext = NULL;
   1.104 +
   1.105 +        // FIXME
   1.106 +        status = _get_signed_text(ptext, psize, &stext, &ssize);
   1.107 +        stringlist_t *_verify_keylist = NULL;
   1.108 +
   1.109 +        if (ssize > 0 && stext) {
   1.110 +            status = cryptotech[crypto].verify_text(session, stext,
   1.111 +                                                    ssize, dsig_text, dsig_size,
   1.112 +                                                    &_verify_keylist);
   1.113 +
   1.114 +        }
   1.115 +    }
   1.116 +    if (status != PEP_VERIFIED && status != PEP_VERIFIED_AND_TRUSTED) {
   1.117 +        status = cryptotech[crypto].verify_text(session, stext,
   1.118 +                                                ssize, NULL, NULL,
   1.119 +                                                &_verify_keylist);        
   1.120 +    }
   1.121 +    
   1.122 +    if (status == PEP_VERIFIED || status == PEP_VERIFIED_AND_TRUSTED) {
   1.123 +        // FIXME: free stext et al ??
   1.124 +        if (!_verify_keylist) // These should NEVER happen... bug if so!
   1.125 +            return PEP_UNKNOWN_ERROR;
   1.126 +        char* retfpr = _verify_keylist->value;
   1.127 +        if (!retfpr || retfpr[0] == '\0') {
   1.128 +            free_stringlist(_verify_keylist);
   1.129 +            return PEP_UNKNOWN_ERROR; // Still would be a bug...
   1.130 +        }
   1.131 +        // FIXME - check stringlist_t ownership
   1.132 +        signing_key_ptr == strdup(retfpr);
   1.133 +    }
   1.134 +
   1.135 +    return status;                              
   1.136 +}
   1.137 +
   1.138  
   1.139  DYNAMIC_API PEP_STATUS _decrypt_message(
   1.140          PEP_SESSION session,
   1.141 @@ -2053,7 +2151,7 @@
   1.142                      NOT_IMPLEMENTED
   1.143          }
   1.144  
   1.145 -        // check for private key in decrypted message attachement while inporting
   1.146 +        // check for private key in decrypted message attachement while importing
   1.147          identity_list *_private_il = NULL;
   1.148          imported_keys = import_attached_keys(session, msg, &_private_il);
   1.149          if (_private_il &&
     2.1 --- a/src/message_api.h	Thu Mar 16 09:50:00 2017 +0100
     2.2 +++ b/src/message_api.h	Thu Mar 16 16:12:36 2017 +0100
     2.3 @@ -23,9 +23,15 @@
     2.4                          message *src,
     2.5                          message **dst);
     2.6  
     2.7 +/* checks if a message is correctly signend
     2.8 +with a key that has a UID with the email address of message.from. If
     2.9 +result is PEP_VERIFIED, it additionally delivers fpr of the signature
    2.10 +key. The function has to import attached keys first before doing the
    2.11 +check.  It must not handle encrypted messages but give an error value
    2.12 +for them. */
    2.13  PEP_STATUS check_signed_message(PEP_SESSION session,
    2.14                                  message *src,
    2.15 -                                char** signing_key);
    2.16 +                                char** signing_key_ptr);
    2.17  
    2.18  PEP_cryptotech determine_encryption_format(message *msg);
    2.19  void add_opt_field(message *msg, const char *name, const char *value);
     3.1 --- a/src/pEpEngine.h	Thu Mar 16 09:50:00 2017 +0100
     3.2 +++ b/src/pEpEngine.h	Thu Mar 16 16:12:36 2017 +0100
     3.3 @@ -63,6 +63,8 @@
     3.4      PEP_DECRYPT_SIGNATURE_DOES_NOT_MATCH            = 0x0406,
     3.5      PEP_VERIFY_NO_KEY                               = 0x0407,
     3.6      PEP_VERIFIED_AND_TRUSTED                        = 0x0408,
     3.7 +    PEP_VERIFY_NO_SIGNATURE                         = 0x0409,
     3.8 +    PEP_VERIFY_SIGNATURE_DOES_NOT_MATCH             = 0x040a,
     3.9      PEP_CANNOT_DECRYPT_UNKNOWN                      = 0x04ff,
    3.10  
    3.11      PEP_TRUSTWORD_NOT_FOUND                         = 0x0501,
    3.12 @@ -98,6 +100,7 @@
    3.13      PEP_MESSAGE_CONSUME                             = 0xff02,
    3.14      PEP_MESSAGE_IGNORE                              = 0xff03,
    3.15  
    3.16 +    PEP_UNIMPLEMENTED                               = -7,
    3.17      PEP_RECORD_NOT_FOUND                            = -6,
    3.18      PEP_CANNOT_CREATE_TEMP_FILE                     = -5,
    3.19      PEP_ILLEGAL_VALUE                               = -4,