Periodic commit after reworking of beacon msg format - old code is still in there from previous step. Next step is to cull that and test. fdik_sync
authorKrista Bennett <krista@pep-project.org>
Thu, 23 Mar 2017 13:40:32 +0100
branchfdik_sync
changeset 1688713d66e2a90f
parent 1687 e376c005ff2d
child 1689 0579d2132265
Periodic commit after reworking of beacon msg format - old code is still in there from previous step. Next step is to cull that and test.
src/message_api.c
src/message_api.h
src/pgp_gpg.c
     1.1 --- a/src/message_api.c	Wed Mar 22 10:17:13 2017 +0100
     1.2 +++ b/src/message_api.c	Thu Mar 23 13:40:32 2017 +0100
     1.3 @@ -1110,8 +1110,172 @@
     1.4  //     }
     1.5  // }
     1.6  // 
     1.7 -
     1.8 -
     1.9 +PEP_STATUS prepare_beacon_message(PEP_SESSION session,
    1.10 +                                  char* beacon_blob,
    1.11 +                                  size_t beacon_size,
    1.12 +                                  message* beacon_msg
    1.13 +                              ) 
    1.14 +{
    1.15 +    if (!beacon_msg || !session || !beacon_blob)
    1.16 +        return PEP_ILLEGAL_VALUE;
    1.17 +    
    1.18 +    char* sig_text = NULL;
    1.19 +    size_t sig_size = 0;
    1.20 +        
    1.21 +       
    1.22 +    bloblist_t* blob = bloblist_add(beacon_msg->attachments,
    1.23 +                                      beacon_blob, 
    1.24 +                                      beacon_size,
    1.25 +                                      "application/pEp.sync",
    1.26 +                                      NULL); // FIXME: null?
    1.27 +    
    1.28 +    if (!blob)
    1.29 +        return PEP_OUT_OF_MEMORY;
    1.30 +    
    1.31 +    if (beacon_msg->attachments == NULL && blob)
    1.32 +        beacon_msg->attachments = blob;
    1.33 +
    1.34 +    PEP_STATUS status = sign_blob(session,
    1.35 +                                  beacon_msg->src->from,
    1.36 +                                  blob,
    1.37 +                                  &sig_text,
    1.38 +                                  &sig_size);
    1.39 +                                  
    1.40 +    if (status != PEP_STATUS_OK) {
    1.41 +        free_bloblist(blob);
    1.42 +        return status;
    1.43 +    }
    1.44 +    
    1.45 +    bloblist_t* sig = bloblist_add(blob,
    1.46 +                                  sig_size,
    1.47 +                                  "application/pEp.sync.sig",
    1.48 +                                  NULL);
    1.49 +    
    1.50 +    if (!sig)
    1.51 +        return PEP_OUT_OF_MEMORY;
    1.52 +                
    1.53 +    return PEP_STATUS_OK;                  
    1.54 +}
    1.55 +
    1.56 +static bool is_beacon_message(message* msg) {
    1.57 +    bloblist_t* curr = msg->attachments;
    1.58 +    bool sig_found = false;
    1.59 +    bool beacon_found = false;
    1.60 +    
    1.61 +    while (curr && !(sig_found && beacon_found)) {
    1.62 +        char* mime_type = curr->mime_type;
    1.63 +        if (mime_type) {
    1.64 +            if (strcmp(mime_type, "application/pEp.sync"))
    1.65 +                beacon_found = true;
    1.66 +            else if (strcmp(mime_type, "application/pEp.sync.sig"))
    1.67 +                sig_found = true;
    1.68 +        }
    1.69 +        curr = curr->next;
    1.70 +    }
    1.71 +    
    1.72 +    return sig_found && beacon_found;
    1.73 +}
    1.74 +
    1.75 +PEP_STATUS verify_beacon_message(PEP_SESSION session,
    1.76 +                                 message* beacon_msg,
    1.77 +                                 char** signer_fpr)
    1.78 +                              ) 
    1.79 +{
    1.80 +    if (!session || !beacon_msg || !signer_fpr ||
    1.81 +        !(is_beacon_message(beacon_msg)))
    1.82 +        return PEP_ILLEGAL_VALUE;
    1.83 +        
    1.84 +    *signer_fpr = NULL;
    1.85 +    bloblist_t* beacon = NULL;
    1.86 +    bloblist_t* sig = NULL;
    1.87 +    
    1.88 +    bloblist_t* curr_ptr = beacon_msg->attachments;
    1.89 +    
    1.90 +    for ( ; curr_ptr && (!beacon || !sig); curr_ptr = curr_ptr->next) {
    1.91 +        char* mime_type = curr_ptr->mime_type;
    1.92 +        if (mime_type) {
    1.93 +            if (strcmp(mime_type, "application/pEp.sync") == 0)
    1.94 +                beacon = curr_ptr;
    1.95 +            else if (strcmp(mime_type, "application/pEp.sync.sig") == 0)
    1.96 +                sig = curr_ptr;
    1.97 +        }             
    1.98 +    }
    1.99 +    
   1.100 +    if (!beacon || !beacon->value)
   1.101 +        return PEP_ILLEGAL_VALUE;
   1.102 +        
   1.103 +    if (!sig || !sig->value)
   1.104 +        return PEP_VERIFY_NO_SIGNATURE;
   1.105 +        
   1.106 +    stringlist_t* _verify_keylist = NULL;
   1.107 +
   1.108 +    status = verify_text(session, beacon->value,
   1.109 +                         beacon_size, sig->value, 
   1.110 +                         sig->size, &_verify_keylist);
   1.111 +
   1.112 +    if (status != PEP_VERIFIED && status != PEP_VERIFIED_AND_TRUSTED)
   1.113 +        return status;
   1.114 +        
   1.115 +    if (!_verify_keylist || !_verify_keylist->value || _verify_keylist->value[0] == '\0')
   1.116 +        return PEP_VERIFY_NO_KEY;
   1.117 +
   1.118 +    *signer_fpr = strdup(_verify_keylist->value);
   1.119 +    free_stringlist(_verify_keylist);
   1.120 +    
   1.121 +    if (!(*signer_fpr))
   1.122 +        return PEP_OUT_OF_MEMORY;
   1.123 +    
   1.124 +    return status;
   1.125 +}
   1.126 +
   1.127 +
   1.128 +PEP_STATUS sign_blob(PEP_SESSION session,
   1.129 +                     pEp_identity signer_id,
   1.130 +                     bloblist_t blob,
   1.131 +                     char** signature,
   1.132 +                     size_t* sig_size
   1.133 +                 ) 
   1.134 +{
   1.135 +    if (!session || !blob || !signature || !sig_size)
   1.136 +        return PEP_ILLEGAL_VALUE;
   1.137 +        
   1.138 +    PEP_STATUS = PEP_KEY_NOT_FOUND:
   1.139 +    
   1.140 +    status = myself(session, signer_id);
   1.141 +    if (status != PEP_STATUS_OK)
   1.142 +        goto pep_error;
   1.143 +
   1.144 +    if (!signer_id->fpr)
   1.145 +        return PEP_KEY_NOT_FOUND;
   1.146 +        
   1.147 +    stringlist_t * keys = new_stringlist(signer_id->fpr);
   1.148 +    if (keys == NULL)
   1.149 +        goto enomem;
   1.150 +    
   1.151 +    status = sign_text(session, keys, blob->value, blob->size,
   1.152 +                       signature, sig_size);
   1.153 +            
   1.154 +    if (status == PEP_OUT_OF_MEMORY)
   1.155 +       goto enomem;
   1.156 +
   1.157 +    if (status != PEP_STATUS_OK || ctext == NULL)
   1.158 +      goto pep_error;
   1.159 +      
   1.160 +    free_stringlist(keys);
   1.161 +
   1.162 +    return status;
   1.163 +
   1.164 +    enomem:
   1.165 +        status = PEP_OUT_OF_MEMORY;
   1.166 +
   1.167 +    pep_error:
   1.168 +        free_stringlist(keys);
   1.169 +
   1.170 +    return status;
   1.171 +
   1.172 +}
   1.173 +
   1.174 +// N.B. never tested.
   1.175  PEP_STATUS sign_message(PEP_SESSION session,
   1.176                          message *src,
   1.177                          message **dst
   1.178 @@ -1606,12 +1770,15 @@
   1.179      char* signed_boundary = NULL;
   1.180      char* signpost = strstr(ptext, "Content-Type: multipart/signed");
   1.181  
   1.182 +    if (!signpost) {
   1.183 +        *stext = strdup(ptext);
   1.184 +        *ssize = psize;
   1.185 +        return PEP_STATUS_OK;
   1.186 +    }
   1.187 +
   1.188      *ssize = 0;
   1.189      *stext = NULL;
   1.190  
   1.191 -    if (!signpost)
   1.192 -        return PEP_UNKNOWN_ERROR;
   1.193 -
   1.194      char* curr_line = signpost;
   1.195  //    const char* end_text = ptext + psize;
   1.196      const char* boundary_key = "boundary=\"";
     2.1 --- a/src/message_api.h	Wed Mar 22 10:17:13 2017 +0100
     2.2 +++ b/src/message_api.h	Thu Mar 23 13:40:32 2017 +0100
     2.3 @@ -19,10 +19,22 @@
     2.4          identity_list **private_idents
     2.5      );
     2.6  void attach_own_key(PEP_SESSION session, message *msg);
     2.7 +
     2.8 +PEP_STATUS sign_blob(PEP_SESSION session,
     2.9 +                     void* blob,
    2.10 +                     size_t blob_size,
    2.11 +                     char** signature,
    2.12 +                     size_t* sig_size);
    2.13 +
    2.14 +PEP_STATUS verify_blob(PEP_STATUS status,
    2.15 +                       bloblist_t* blob,
    2.16 +                       char* signature,
    2.17 +                       size_t sig_size);
    2.18 +
    2.19  PEP_STATUS sign_message(PEP_SESSION session,
    2.20                          message *src,
    2.21                          message **dst);
    2.22 -
    2.23 +                                            
    2.24  /* checks if a message is correctly signend
    2.25  with a key that has a UID with the email address of message.from. If
    2.26  result is PEP_VERIFIED, it additionally delivers fpr of the signature
     3.1 --- a/src/pgp_gpg.c	Wed Mar 22 10:17:13 2017 +0100
     3.2 +++ b/src/pgp_gpg.c	Thu Mar 23 13:40:32 2017 +0100
     3.3 @@ -818,7 +818,7 @@
     3.4                      }
     3.5                  }
     3.6                  else {
     3.7 -                    result = PEP_DECRYPT_SIGNATURE_DOES_NOT_MATCH;
     3.8 +                    result = PEP_VERIFY_SIGNATURE_DOES_NOT_MATCH;
     3.9                      break;
    3.10                  }
    3.11  
    3.12 @@ -827,10 +827,10 @@
    3.13                          || gpgme_signature->summary & GPGME_SIGSUM_SIG_EXPIRED) {
    3.14                          if (result == PEP_VERIFIED
    3.15                              || result == PEP_VERIFIED_AND_TRUSTED)
    3.16 -                            result = PEP_UNENCRYPTED;
    3.17 +                            result = PEP_UNENCRYPTED; // ?? What should this be changed to?
    3.18                      }
    3.19                      else {
    3.20 -                        result = PEP_DECRYPT_SIGNATURE_DOES_NOT_MATCH;
    3.21 +                        result = PEP_VERIFY_SIGNATURE_DOES_NOT_MATCH;
    3.22                          break;
    3.23                      }
    3.24                  }
    3.25 @@ -1062,9 +1062,9 @@
    3.26  {
    3.27      PEP_STATUS result;
    3.28      gpgme_error_t gpgme_error;
    3.29 -    gpgme_data_t plain, signeddata;
    3.30 +    gpgme_data_t plain, detached_sig;
    3.31      gpgme_key_t *rcpt;
    3.32 -    gpgme_sig_mode_t sig_mode;
    3.33 +    gpgme_sig_mode_t GPGME_SIG_MODE_DETACH;
    3.34      const stringlist_t *_keylist;
    3.35      int i, j;
    3.36  
    3.37 @@ -1088,7 +1088,7 @@
    3.38              return PEP_UNKNOWN_ERROR;
    3.39      }
    3.40  
    3.41 -    gpgme_error = gpg.gpgme_data_new(&signeddata);
    3.42 +    gpgme_error = gpg.gpgme_data_new(&detached_sig);
    3.43      gpgme_error = _GPGERR(gpgme_error);
    3.44      assert(gpgme_error == GPG_ERR_NO_ERROR);
    3.45      if (gpgme_error != GPG_ERR_NO_ERROR) {
    3.46 @@ -1104,7 +1104,7 @@
    3.47      assert(rcpt);
    3.48      if (rcpt == NULL) {
    3.49          gpg.gpgme_data_release(plain);
    3.50 -        gpg.gpgme_data_release(signeddata);
    3.51 +        gpg.gpgme_data_release(detached_sig);
    3.52          return PEP_OUT_OF_MEMORY;
    3.53      }
    3.54  
    3.55 @@ -1125,7 +1125,7 @@
    3.56              gpg.gpgme_key_unref(rcpt[0]);
    3.57              free(rcpt);
    3.58              gpg.gpgme_data_release(plain);
    3.59 -            gpg.gpgme_data_release(signeddata);
    3.60 +            gpg.gpgme_data_release(detached_sig);
    3.61              return PEP_OUT_OF_MEMORY;
    3.62          case GPG_ERR_NO_ERROR:
    3.63              gpgme_error = gpg.gpgme_signers_add(session->ctx, rcpt[0]);
    3.64 @@ -1136,26 +1136,26 @@
    3.65              gpg.gpgme_key_unref(rcpt[0]);
    3.66              free(rcpt);
    3.67              gpg.gpgme_data_release(plain);
    3.68 -            gpg.gpgme_data_release(signeddata);
    3.69 +            gpg.gpgme_data_release(detached_sig);
    3.70              return PEP_KEY_NOT_FOUND;
    3.71          case GPG_ERR_AMBIGUOUS_NAME:
    3.72              gpg.gpgme_key_unref(rcpt[0]);
    3.73              free(rcpt);
    3.74              gpg.gpgme_data_release(plain);
    3.75 -            gpg.gpgme_data_release(signeddata);
    3.76 +            gpg.gpgme_data_release(detached_sig);
    3.77              return PEP_KEY_HAS_AMBIG_NAME;
    3.78          default: // GPG_ERR_INV_VALUE if CTX or R_KEY is not a valid pointer or
    3.79              // FPR is not a fingerprint or key ID
    3.80              gpg.gpgme_key_unref(rcpt[0]);
    3.81              free(rcpt);
    3.82              gpg.gpgme_data_release(plain);
    3.83 -            gpg.gpgme_data_release(signeddata);
    3.84 +            gpg.gpgme_data_release(detached_sig);
    3.85              return PEP_GET_KEY_FAILED;
    3.86      }
    3.87  
    3.88      sig_mode = GPGME_SIG_MODE_NORMAL;
    3.89      
    3.90 -    gpgme_error = gpg.gpgme_op_sign(session->ctx, plain, signeddata, sig_mode);
    3.91 +    gpgme_error = gpg.gpgme_op_sign(session->ctx, plain, detached_sig, sig_mode);
    3.92      
    3.93      gpgme_error = _GPGERR(gpgme_error);
    3.94      switch (gpgme_error) {
    3.95 @@ -1163,9 +1163,9 @@
    3.96      {
    3.97          char *_buffer = NULL;
    3.98          size_t reading;
    3.99 -        size_t length = gpg.gpgme_data_seek(signeddata, 0, SEEK_END);
   3.100 +        size_t length = gpg.gpgme_data_seek(detached_sig, 0, SEEK_END);
   3.101          assert(length != -1);
   3.102 -        gpg.gpgme_data_seek(signeddata, 0, SEEK_SET);
   3.103 +        gpg.gpgme_data_seek(detached_sig, 0, SEEK_SET);
   3.104  
   3.105          // TODO: make things less memory consuming
   3.106          // the following algorithm allocates a buffer for the complete text
   3.107 @@ -1177,11 +1177,11 @@
   3.108                  gpg.gpgme_key_unref(rcpt[j]);
   3.109              free(rcpt);
   3.110              gpg.gpgme_data_release(plain);
   3.111 -            gpg.gpgme_data_release(signeddata);
   3.112 +            gpg.gpgme_data_release(detached_sig);
   3.113              return PEP_OUT_OF_MEMORY;
   3.114          }
   3.115  
   3.116 -        reading = gpg.gpgme_data_read(signeddata, _buffer, length);
   3.117 +        reading = gpg.gpgme_data_read(detached_sig, _buffer, length);
   3.118          assert(length == reading);
   3.119  
   3.120          *stext = _buffer;
   3.121 @@ -1197,7 +1197,7 @@
   3.122      gpg.gpgme_key_unref(rcpt[0]);
   3.123      free(rcpt);
   3.124      gpg.gpgme_data_release(plain);
   3.125 -    gpg.gpgme_data_release(signeddata);
   3.126 +    gpg.gpgme_data_release(detached_sig);
   3.127      return result;
   3.128  }
   3.129