ENGINE-329: gpg implementation of first-time import of ultimately trusted keys is in. Apparently, netpgp bluffs trust completely, so a stub is in here for them instead. Too bad :( ENGINE-329
authorKrista Bennett <krista@pep-project.org>
Fri, 26 Jan 2018 16:30:39 +0100
branchENGINE-329
changeset 24582dfe65bd3613
parent 2457 51a4829805b9
child 2459 5c0f7385757d
child 2460 e4ab0408475d
ENGINE-329: gpg implementation of first-time import of ultimately trusted keys is in. Apparently, netpgp bluffs trust completely, so a stub is in here for them instead. Too bad :(
Makefile.conf
src/cryptotech.c
src/cryptotech.h
src/openpgp_compat.c
src/openpgp_compat.h
src/pEpEngine.c
src/pEpEngine.h
src/pgp_gpg.c
src/pgp_gpg.h
src/pgp_netpgp.c
src/pgp_netpgp.h
     1.1 --- a/Makefile.conf	Fri Jan 26 10:33:37 2018 +0100
     1.2 +++ b/Makefile.conf	Fri Jan 26 16:30:39 2018 +0100
     1.3 @@ -89,7 +89,7 @@
     1.4  #GPG_CMD:=$(shell gpgconf --list-components | awk -F: '/^gpg:/ { print $$3; exit 0; }')
     1.5  
     1.6  # Selects OpenPGP implementation. must be either `GPG` or `NETPGP`
     1.7 -#OPENPGP=GPG
     1.8 +OPENPGP=NETPGP
     1.9  
    1.10  # Path of libGPGME binary
    1.11  #LIBGPGME=libgpgme.so.11
     2.1 --- a/src/cryptotech.c	Fri Jan 26 10:33:37 2018 +0100
     2.2 +++ b/src/cryptotech.c	Fri Jan 26 16:30:39 2018 +0100
     2.3 @@ -53,6 +53,7 @@
     2.4          cryptotech[PEP_crypt_OpenPGP].key_created = pgp_key_created;
     2.5          cryptotech[PEP_crypt_OpenPGP].contains_priv_key = pgp_contains_priv_key;
     2.6          cryptotech[PEP_crypt_OpenPGP].find_private_keys = pgp_find_private_keys;
     2.7 +        cryptotech[PEP_crypt_OpenPGP].import_trusted_own_keys = pgp_import_ultimately_trusted_keypairs;
     2.8  #ifdef PGP_BINARY_PATH
     2.9          cryptotech[PEP_crypt_OpenPGP].binary_path = PGP_BINARY_PATH;
    2.10  #endif
     3.1 --- a/src/cryptotech.h	Fri Jan 26 10:33:37 2018 +0100
     3.2 +++ b/src/cryptotech.h	Fri Jan 26 16:30:39 2018 +0100
     3.3 @@ -89,6 +89,10 @@
     3.4      PEP_SESSION session, const char *pattern, stringlist_t **keylist
     3.5  );
     3.6  
     3.7 +typedef PEP_STATUS(*import_trusted_own_keys_t)(
     3.8 +    PEP_SESSION session
     3.9 +);
    3.10 +
    3.11  typedef struct _PEP_cryptotech_t {
    3.12      uint8_t id;
    3.13      // the following are default values; comm_type may vary with key length or b0rken crypto
    3.14 @@ -114,6 +118,7 @@
    3.15      binary_path_t binary_path;
    3.16      contains_priv_key_t contains_priv_key;
    3.17      find_private_keys_t find_private_keys;
    3.18 +    import_trusted_own_keys_t import_trusted_own_keys;
    3.19  } PEP_cryptotech_t;
    3.20  
    3.21  extern PEP_cryptotech_t cryptotech[PEP_crypt__count];
     4.1 --- a/src/openpgp_compat.c	Fri Jan 26 10:33:37 2018 +0100
     4.2 +++ b/src/openpgp_compat.c	Fri Jan 26 16:30:39 2018 +0100
     4.3 @@ -24,7 +24,3 @@
     4.4      
     4.5      return retval;
     4.6  }
     4.7 -
     4.8 -PEP_STATUS import_ultimately_trusted_keypairs (PEP_SESSION session) {
     4.9 -    
    4.10 -}
     5.1 --- a/src/openpgp_compat.h	Fri Jan 26 10:33:37 2018 +0100
     5.2 +++ b/src/openpgp_compat.h	Fri Jan 26 16:30:39 2018 +0100
     5.3 @@ -42,8 +42,6 @@
     5.4          PEP_SESSION session, const char* search_pattern, stringpair_list_t** keyinfo_list
     5.5      );
     5.6      
     5.7 -PEP_STATUS import_ultimately_trusted_keypairs (PEP_SESSION session);
     5.8 -
     5.9  #ifdef __cplusplus
    5.10  }
    5.11  #endif
     6.1 --- a/src/pEpEngine.c	Fri Jan 26 10:33:37 2018 +0100
     6.2 +++ b/src/pEpEngine.c	Fri Jan 26 16:30:39 2018 +0100
     6.3 @@ -1020,35 +1020,15 @@
     6.4          // are taken as own in order to seamlessly integrate with
     6.5          // pre-existing GPG setup.
     6.6  
     6.7 -        ////////////////////////////// WARNING: ///////////////////////////
     6.8 -        // Considering all PGP priv keys as own is dangerous in case of 
     6.9 -        // re-initialization of pEp DB, while keeping PGP keyring as-is!
    6.10 -        //
    6.11 -        // Indeed, if pEpEngine did import spoofed private keys in previous
    6.12 -        // install, then those keys become automatically trusted in case 
    6.13 -        // management.db is deleted.
    6.14 -        //
    6.15 -        // A solution to distinguish bare GPG keyring from pEp keyring is
    6.16 -        // needed here. Then keys managed by pEpEngine wouldn't be
    6.17 -        // confused with GPG keys managed by the user through GPA.
    6.18 -        ///////////////////////////////////////////////////////////////////
    6.19 -        
    6.20 -        stringlist_t *keylist = NULL;
    6.21 -
    6.22 -        status = find_private_keys(_session, NULL, &keylist);
    6.23 -        assert(status != PEP_OUT_OF_MEMORY);
    6.24 -        if (status == PEP_OUT_OF_MEMORY)
    6.25 -            return PEP_OUT_OF_MEMORY;
    6.26 -        
    6.27 -        if (keylist != NULL && keylist->value != NULL)
    6.28 -        {
    6.29 -            stringlist_t *_keylist;
    6.30 -            for (_keylist = keylist; _keylist && _keylist->value; _keylist = _keylist->next) {
    6.31 -                status = set_own_key(_session, 
    6.32 -                                     "" /* address is unused in own_keys */,
    6.33 -                                     _keylist->value);
    6.34 -            }
    6.35 -        }
    6.36 +        // Note: earlier fears about danger because of DB reinitialisation should
    6.37 +        // be a non-issue here, as we ONLY take the ultimately trusted keys now.
    6.38 +        // Thus, unless the user has assigned ultimate trust through PGP, there is
    6.39 +        // no chance of automatically imported pEp keys from a previous run making
    6.40 +        // their way into PEP trusted status without explicit action (Bare imported
    6.41 +        // private keys have an 'unknown' trust designation in PGP).
    6.42 +
    6.43 +        // We don't really worry about the status here.
    6.44 +        status = import_trusted_own_keys(_session);        
    6.45      }
    6.46  
    6.47      // sync_session set to own session by default
    6.48 @@ -3186,6 +3166,14 @@
    6.49                                                                      keylist);
    6.50  }
    6.51  
    6.52 +PEP_STATUS import_trusted_own_keys(PEP_SESSION session) {
    6.53 +    assert(session);
    6.54 +    if (!session)
    6.55 +        return PEP_ILLEGAL_VALUE;
    6.56 +        
    6.57 +    return session->cryptotech[PEP_crypt_OpenPGP].import_trusted_own_keys(session); 
    6.58 +}
    6.59 +
    6.60  DYNAMIC_API const char* get_engine_version() {
    6.61      return PEP_ENGINE_VERSION;
    6.62  }
     7.1 --- a/src/pEpEngine.h	Fri Jan 26 10:33:37 2018 +0100
     7.2 +++ b/src/pEpEngine.h	Fri Jan 26 16:30:39 2018 +0100
     7.3 @@ -1229,6 +1229,8 @@
     7.4      
     7.5  PEP_STATUS refresh_userid_default_key(PEP_SESSION session, const char* user_id);
     7.6  
     7.7 +PEP_STATUS import_trusted_own_keys(PEP_SESSION session);
     7.8 +
     7.9  #ifdef __cplusplus
    7.10  }
    7.11  #endif
     8.1 --- a/src/pgp_gpg.c	Fri Jan 26 10:33:37 2018 +0100
     8.2 +++ b/src/pgp_gpg.c	Fri Jan 26 16:30:39 2018 +0100
     8.3 @@ -292,9 +292,9 @@
     8.4  
     8.5          gpg.gpgme_get_engine_info
     8.6              = (gpgme_get_engine_info_t) (intptr_t) dlsym(gpgme,
     8.7 +            "gpgme_get_engine_info");
     8.8          assert(gpg.gpgme_get_engine_info);
     8.9  
    8.10 -        "gpgme_get_engine_info");
    8.11          gpgme_engine_info_t info;
    8.12          int err = gpg.gpgme_get_engine_info(&info);
    8.13          assert(err == GPG_ERR_NO_ERROR);
    8.14 @@ -1940,16 +1940,23 @@
    8.15  }
    8.16  
    8.17  PEP_STATUS pgp_import_ultimately_trusted_keypairs(PEP_SESSION session) {
    8.18 +    assert(session);
    8.19 +    if (!session)
    8.20 +        return PEP_ILLEGAL_VALUE;
    8.21 +
    8.22      stringlist_t* priv_keylist = NULL;
    8.23      gpgme_key_t key;
    8.24 +    gpgme_error_t gpgme_error;
    8.25 +    PEP_STATUS status = PEP_STATUS_OK;
    8.26      PEP_STATUS first_fail = PEP_STATUS_OK;
    8.27  
    8.28 +
    8.29      // 1. get keys
    8.30      first_fail = pgp_find_private_keys(session, NULL, &priv_keylist);
    8.31  
    8.32      bool has_already_failed = (first_fail != PEP_STATUS_OK);
    8.33  
    8.34 -    if (status == PEP_STATUS_OK) {    
    8.35 +    if (!has_already_failed) {    
    8.36          stringlist_t* keylist_curr;    
    8.37          
    8.38          // 2. for each key
    8.39 @@ -1978,23 +1985,23 @@
    8.40                      break;
    8.41                  default:
    8.42                      assert(0);
    8.43 -                    first_fail = (has_already_failed ? first_fail : PEP_UNKNOWN_ERROR;
    8.44 +                    first_fail = (has_already_failed ? first_fail : PEP_UNKNOWN_ERROR);
    8.45              }
    8.46              if (key && gpgme_error == GPG_ERR_NO_ERROR) {
    8.47                  if (key->revoked || key->disabled)
    8.48                      first_fail = (has_already_failed ? first_fail : PEP_KEY_UNSUITABLE);
    8.49                  else {
    8.50 -                    if (key->fpr && key->private && key->can_encrypt && key->can_sign) {
    8.51 +                    if (key->fpr && key->secret && key->can_encrypt && key->can_sign) {
    8.52                          if (key->owner_trust == GPGME_VALIDITY_ULTIMATE &&
    8.53                                              key->uids && key->uids->address) { 
    8.54                              pEp_identity* new_id = new_identity(key->uids->address,
    8.55 -                                                                key->uids->fpr,
    8.56 +                                                                key->fpr,
    8.57                                                                  PEP_OWN_USERID,
    8.58                                                                  key->uids->name);
    8.59                              if (!new_id)
    8.60                                  status = PEP_OUT_OF_MEMORY;
    8.61                              else    
    8.62 -                                status = myself(new_id);
    8.63 +                                status = myself(session, new_id);
    8.64                                  
    8.65                              first_fail = (has_already_failed ? first_fail : status);
    8.66                          }
     9.1 --- a/src/pgp_gpg.h	Fri Jan 26 10:33:37 2018 +0100
     9.2 +++ b/src/pgp_gpg.h	Fri Jan 26 16:30:39 2018 +0100
     9.3 @@ -106,6 +106,10 @@
     9.4  
     9.5  PEP_STATUS pgp_binary(const char **path);
     9.6  
     9.7 +// Returns first failure status, if there were any. Keys may have been
     9.8 +// imported into DB regardless of status.
     9.9 +PEP_STATUS pgp_import_ultimately_trusted_keypairs(PEP_SESSION session);
    9.10 +
    9.11  /* Really only internal. */
    9.12  PEP_STATUS pgp_replace_only_uid(
    9.13          PEP_SESSION session,
    10.1 --- a/src/pgp_netpgp.c	Fri Jan 26 10:33:37 2018 +0100
    10.2 +++ b/src/pgp_netpgp.c	Fri Jan 26 16:30:39 2018 +0100
    10.3 @@ -1950,3 +1950,9 @@
    10.4      }
    10.5      return status;
    10.6  }
    10.7 +
    10.8 +PEP_STATUS pgp_import_ultimately_trusted_keypairs(PEP_SESSION session) {
    10.9 +    // Not implemented - netpgp doesn't appear to keep track of trust status in
   10.10 +    // a meaningful way, though there is space for it in the structs.
   10.11 +    return PEP_STATUS_OK;
   10.12 +}
    11.1 --- a/src/pgp_netpgp.h	Fri Jan 26 10:33:37 2018 +0100
    11.2 +++ b/src/pgp_netpgp.h	Fri Jan 26 16:30:39 2018 +0100
    11.3 @@ -100,3 +100,6 @@
    11.4  PEP_STATUS pgp_find_private_keys(
    11.5      PEP_SESSION session, const char *pattern, stringlist_t **keylist
    11.6  );
    11.7 +
    11.8 +// Stub - just returns PEP_STATUS_OK, as netpgp isn't sufficient to do this.
    11.9 +PEP_STATUS pgp_import_ultimately_trusted_keypairs(PEP_SESSION session);