p≡p engine fork for my own dirty testing of stuff
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 

1232 lines
38 KiB

#include "pgp_gpg.h"
#include "pEp_internal.h"
static bool ensure_keyserver()
{
static char buf[MAX_LINELENGTH];
int n;
FILE *f = fopen(gpg_conf(), "r");
if (f != NULL) {
while (!feof(f)) {
char * s = fgets(buf, MAX_LINELENGTH, f);
if (s && !feof(f)) {
char * t = strtok(s, " ");
if (t && strcmp(t, "keyserver") == 0) {
fclose(f);
return true;
}
}
}
f = freopen(gpg_conf(), "a", f);
}
else {
f = fopen(gpg_conf(), "w");
}
assert(f);
if (f == NULL)
return false;
n = fprintf(f, "keyserver %s\n", DEFAULT_KEYSERVER);
assert(n >= 0);
fclose(f);
return true;
}
PEP_STATUS pgp_init(PEP_SESSION session)
{
pEpSession *_session = (pEpSession *) session;
gpgme_error_t gpgme_error;
bool bResult = ensure_keyserver();
assert(bResult);
_session->gpgme = dlopen(LIBGPGME, RTLD_LAZY);
if (_session->gpgme == NULL) {
free(_session);
return PEP_INIT_CANNOT_LOAD_GPGME;
}
memset(&(_session->gpg), 0, sizeof(struct gpg_s));
_session->gpg.gpgme_set_locale
= (gpgme_set_locale_t) (intptr_t) dlsym(_session->gpgme,
"gpgme_set_locale");
assert(_session->gpg.gpgme_set_locale);
_session->gpg.gpgme_check
= (gpgme_check_version_t) (intptr_t) dlsym(_session->gpgme,
"gpgme_check_version");
assert(_session->gpg.gpgme_check);
_session->gpg.gpgme_new
= (gpgme_new_t) (intptr_t) dlsym(_session->gpgme, "gpgme_new");
assert(_session->gpg.gpgme_new);
_session->gpg.gpgme_release
= (gpgme_release_t) (intptr_t) dlsym(_session->gpgme, "gpgme_release");
assert(_session->gpg.gpgme_release);
_session->gpg.gpgme_set_protocol
= (gpgme_set_protocol_t) (intptr_t) dlsym(_session->gpgme,
"gpgme_set_protocol");
assert(_session->gpg.gpgme_set_protocol);
_session->gpg.gpgme_set_armor
= (gpgme_set_armor_t) (intptr_t) dlsym(_session->gpgme,
"gpgme_set_armor");
assert(_session->gpg.gpgme_set_armor);
_session->gpg.gpgme_data_new
= (gpgme_data_new_t) (intptr_t) dlsym(_session->gpgme,
"gpgme_data_new");
assert(_session->gpg.gpgme_data_new);
_session->gpg.gpgme_data_new_from_mem
= (gpgme_data_new_from_mem_t) (intptr_t) dlsym(_session->gpgme,
"gpgme_data_new_from_mem");
assert(_session->gpg.gpgme_data_new_from_mem);
_session->gpg.gpgme_data_release
= (gpgme_data_release_t) (intptr_t) dlsym(_session->gpgme,
"gpgme_data_release");
assert(_session->gpg.gpgme_data_release);
_session->gpg.gpgme_data_identify
= (gpgme_data_identify_t) (intptr_t) dlsym(_session->gpgme,
"gpgme_data_identify");
assert(_session->gpg.gpgme_data_identify);
_session->gpg.gpgme_data_seek
= (gpgme_data_seek_t) (intptr_t) dlsym(_session->gpgme,
"gpgme_data_seek");
assert(_session->gpg.gpgme_data_seek);
_session->gpg.gpgme_data_read
= (gpgme_data_read_t) (intptr_t) dlsym(_session->gpgme,
"gpgme_data_read");
assert(_session->gpg.gpgme_data_read);
_session->gpg.gpgme_op_decrypt
= (gpgme_op_decrypt_t) (intptr_t) dlsym(_session->gpgme,
"gpgme_op_decrypt");
assert(_session->gpg.gpgme_op_decrypt);
_session->gpg.gpgme_op_verify
= (gpgme_op_verify_t) (intptr_t) dlsym(_session->gpgme,
"gpgme_op_verify");
assert(_session->gpg.gpgme_op_verify);
_session->gpg.gpgme_op_decrypt_verify
= (gpgme_op_decrypt_verify_t) (intptr_t) dlsym(_session->gpgme,
"gpgme_op_decrypt_verify");
assert(_session->gpg.gpgme_op_decrypt_verify);
_session->gpg.gpgme_op_decrypt_result
= (gpgme_op_decrypt_result_t) (intptr_t) dlsym(_session->gpgme,
"gpgme_op_decrypt_result");
assert(_session->gpg.gpgme_op_decrypt_result);
_session->gpg.gpgme_op_encrypt_sign
= (gpgme_op_encrypt_sign_t) (intptr_t) dlsym(_session->gpgme,
"gpgme_op_encrypt_sign");
assert(_session->gpg.gpgme_op_encrypt_sign);
_session->gpg.gpgme_op_verify_result
= (gpgme_op_verify_result_t) (intptr_t) dlsym(_session->gpgme,
"gpgme_op_verify_result");
assert(_session->gpg.gpgme_op_verify_result);
_session->gpg.gpgme_signers_clear
= (gpgme_signers_clear_t) (intptr_t) dlsym(_session->gpgme,
"gpgme_signers_clear");
assert(_session->gpg.gpgme_signers_clear);
_session->gpg.gpgme_signers_add
= (gpgme_signers_add_t) (intptr_t) dlsym(_session->gpgme,
"gpgme_signers_add");
assert(_session->gpg.gpgme_signers_add);
_session->gpg.gpgme_get_key
= (gpgme_get_key_t) (intptr_t) dlsym(_session->gpgme, "gpgme_get_key");
assert(_session->gpg.gpgme_get_key);
_session->gpg.gpgme_op_genkey
= (gpgme_op_genkey_t) (intptr_t) dlsym(_session->gpgme,
"gpgme_op_genkey");
assert(_session->gpg.gpgme_op_genkey);
_session->gpg.gpgme_op_genkey_result
= (gpgme_op_genkey_result_t) (intptr_t) dlsym(_session->gpgme,
"gpgme_op_genkey_result");
assert(_session->gpg.gpgme_op_genkey_result);
_session->gpg.gpgme_op_delete = (gpgme_op_delete_t) (intptr_t)
dlsym(_session->gpgme, "gpgme_op_delete");
assert(_session->gpg.gpgme_op_delete);
_session->gpg.gpgme_op_import = (gpgme_op_import_t) (intptr_t)
dlsym(_session->gpgme, "gpgme_op_import");
assert(_session->gpg.gpgme_op_import);
_session->gpg.gpgme_op_export = (gpgme_op_export_t) (intptr_t)
dlsym(_session->gpgme, "gpgme_op_export");
assert(_session->gpg.gpgme_op_export);
_session->gpg.gpgme_set_keylist_mode = (gpgme_set_keylist_mode_t) (intptr_t)
dlsym(_session->gpgme, "gpgme_set_keylist_mode");
assert(_session->gpg.gpgme_set_keylist_mode);
_session->gpg.gpgme_get_keylist_mode = (gpgme_get_keylist_mode_t) (intptr_t)
dlsym(_session->gpgme, "gpgme_get_keylist_mode");
assert(_session->gpg.gpgme_get_keylist_mode);
_session->gpg.gpgme_op_keylist_start = (gpgme_op_keylist_start_t) (intptr_t)
dlsym(_session->gpgme, "gpgme_op_keylist_start");
assert(_session->gpg.gpgme_op_keylist_start);
_session->gpg.gpgme_op_keylist_next = (gpgme_op_keylist_next_t) (intptr_t)
dlsym(_session->gpgme, "gpgme_op_keylist_next");
assert(_session->gpg.gpgme_op_keylist_next);
_session->gpg.gpgme_op_keylist_end = (gpgme_op_keylist_end_t) (intptr_t)
dlsym(_session->gpgme, "gpgme_op_keylist_end");
assert(_session->gpg.gpgme_op_keylist_end);
_session->gpg.gpgme_op_import_keys = (gpgme_op_import_keys_t) (intptr_t)
dlsym(_session->gpgme, "gpgme_op_import_keys");
assert(_session->gpg.gpgme_op_import_keys);
_session->gpg.gpgme_key_ref = (gpgme_key_ref_t) (intptr_t)
dlsym(_session->gpgme, "gpgme_key_ref");
assert(_session->gpg.gpgme_key_ref);
_session->gpg.gpgme_key_unref = (gpgme_key_unref_t) (intptr_t)
dlsym(_session->gpgme, "gpgme_key_unref");
assert(_session->gpg.gpgme_key_unref);
setlocale(LC_ALL, "");
_session->version = _session->gpg.gpgme_check(NULL);
_session->gpg.gpgme_set_locale(NULL, LC_CTYPE, setlocale(LC_CTYPE, NULL));
gpgme_error = _session->gpg.gpgme_new(&_session->ctx);
gpgme_error = gpg_err_code(gpgme_error);
if (gpgme_error != GPG_ERR_NO_ERROR) {
dlclose(_session->gpgme);
free(_session);
return PEP_INIT_GPGME_INIT_FAILED;
}
assert(_session->ctx);
gpgme_error = _session->gpg.gpgme_set_protocol(_session->ctx,
GPGME_PROTOCOL_OpenPGP);
gpgme_error = gpg_err_code(gpgme_error);
assert(gpgme_error == GPG_ERR_NO_ERROR);
_session->gpg.gpgme_set_armor(_session->ctx, 1);
return PEP_STATUS_OK;
}
void pgp_release(PEP_SESSION session)
{
pEpSession *_session = (pEpSession *) session;
if (_session->ctx)
_session->gpg.gpgme_release(_session->ctx);
_session->ctx = NULL;
memset(&(_session->gpg), 0, sizeof(struct gpg_s));
dlclose(_session->gpgme);
}
PEP_STATUS pgp_decrypt_and_verify(
PEP_SESSION session, const char *ctext, size_t csize,
char **ptext, size_t *psize, stringlist_t **keylist
)
{
pEpSession *_session = (pEpSession *) session;
PEP_STATUS result;
gpgme_error_t gpgme_error;
gpgme_data_t cipher, plain;
gpgme_data_type_t dt;
stringlist_t *_keylist = NULL;
int i_key = 0;
assert(_session);
assert(ctext);
assert(csize);
assert(ptext);
assert(psize);
assert(keylist);
*ptext = NULL;
*psize = 0;
*keylist = NULL;
gpgme_error = _session->gpg.gpgme_data_new_from_mem(&cipher, ctext, csize, 0);
gpgme_error = gpg_err_code(gpgme_error);
assert(gpgme_error == GPG_ERR_NO_ERROR);
if (gpgme_error != GPG_ERR_NO_ERROR) {
if (gpgme_error == GPG_ERR_ENOMEM)
return PEP_OUT_OF_MEMORY;
else
return PEP_UNKNOWN_ERROR;
}
gpgme_error = _session->gpg.gpgme_data_new(&plain);
gpgme_error = gpg_err_code(gpgme_error);
assert(gpgme_error == GPG_ERR_NO_ERROR);
if (gpgme_error != GPG_ERR_NO_ERROR) {
_session->gpg.gpgme_data_release(cipher);
if (gpgme_error == GPG_ERR_ENOMEM)
return PEP_OUT_OF_MEMORY;
else
return PEP_UNKNOWN_ERROR;
}
dt = _session->gpg.gpgme_data_identify(cipher);
switch (dt) {
case GPGME_DATA_TYPE_PGP_SIGNED:
case GPGME_DATA_TYPE_PGP_OTHER:
gpgme_error = _session->gpg.gpgme_op_decrypt_verify(_session->ctx, cipher,
plain);
gpgme_error = gpg_err_code(gpgme_error);
assert(gpgme_error != GPG_ERR_INV_VALUE);
assert(gpgme_error != GPG_ERR_NO_DATA);
switch (gpgme_error) {
case GPG_ERR_NO_ERROR:
{
gpgme_verify_result_t gpgme_verify_result;
char *_buffer = NULL;
size_t reading;
size_t length = _session->gpg.gpgme_data_seek(plain, 0, SEEK_END);
gpgme_signature_t gpgme_signature;
assert(length != -1);
_session->gpg.gpgme_data_seek(plain, 0, SEEK_SET);
// TODO: make things less memory consuming
// the following algorithm allocates memory for the complete
// text
_buffer = malloc(length + 1);
assert(_buffer);
if (_buffer == NULL) {
_session->gpg.gpgme_data_release(plain);
_session->gpg.gpgme_data_release(cipher);
return PEP_OUT_OF_MEMORY;
}
reading = _session->gpg.gpgme_data_read(plain, _buffer, length);
assert(length == reading);
gpgme_verify_result =
_session->gpg.gpgme_op_verify_result(_session->ctx);
assert(gpgme_verify_result);
gpgme_signature = gpgme_verify_result->signatures;
if (gpgme_signature) {
stringlist_t *k;
_keylist = new_stringlist(NULL);
assert(_keylist);
if (_keylist == NULL) {
_session->gpg.gpgme_data_release(plain);
_session->gpg.gpgme_data_release(cipher);
free(_buffer);
return PEP_OUT_OF_MEMORY;
}
k = _keylist;
result = PEP_DECRYPTED_AND_VERIFIED;
do {
switch (gpgme_signature->status) {
case GPG_ERR_NO_ERROR:
k = stringlist_add(k, gpgme_signature->fpr);
break;
case GPG_ERR_CERT_REVOKED:
case GPG_ERR_BAD_SIGNATURE:
result = PEP_DECRYPT_SIGNATURE_DOES_NOT_MATCH;
break;
case GPG_ERR_SIG_EXPIRED:
case GPG_ERR_KEY_EXPIRED:
case GPG_ERR_NO_PUBKEY:
k = stringlist_add(k, gpgme_signature->fpr);
if (result == PEP_DECRYPTED_AND_VERIFIED)
result = PEP_DECRYPTED;
break;
case GPG_ERR_GENERAL:
break;
default:
if (result == PEP_DECRYPTED_AND_VERIFIED)
result = PEP_DECRYPTED;
break;
}
} while ((gpgme_signature = gpgme_signature->next));
}
else {
result = PEP_DECRYPTED;
}
if (result == PEP_DECRYPTED_AND_VERIFIED
|| result == PEP_DECRYPTED) {
*ptext = _buffer;
*psize = reading;
(*ptext)[*psize] = 0; // safeguard for naive users
*keylist = _keylist;
}
else {
free_stringlist(_keylist);
free(_buffer);
}
break;
}
case GPG_ERR_DECRYPT_FAILED:
result = PEP_DECRYPT_WRONG_FORMAT;
break;
case GPG_ERR_BAD_PASSPHRASE:
NOT_IMPLEMENTED;
default:
{
gpgme_decrypt_result_t gpgme_decrypt_result = _session->gpg.gpgme_op_decrypt_result(_session->ctx);
result = PEP_DECRYPT_NO_KEY;
if (gpgme_decrypt_result != NULL) {
if (gpgme_decrypt_result->unsupported_algorithm)
*keylist = new_stringlist(gpgme_decrypt_result->unsupported_algorithm);
else
*keylist = new_stringlist("");
assert(*keylist);
if (*keylist == NULL) {
result = PEP_OUT_OF_MEMORY;
break;
}
stringlist_t *_keylist = *keylist;
for (gpgme_recipient_t r = gpgme_decrypt_result->recipients; r != NULL; r = r->next) {
_keylist = stringlist_add(_keylist, r->keyid);
assert(_keylist);
if (_keylist == NULL) {
free_stringlist(*keylist);
*keylist = NULL;
result = PEP_OUT_OF_MEMORY;
break;
}
}
if (result == PEP_OUT_OF_MEMORY)
break;
}
}
}
break;
default:
result = PEP_DECRYPT_WRONG_FORMAT;
}
_session->gpg.gpgme_data_release(plain);
_session->gpg.gpgme_data_release(cipher);
return result;
}
PEP_STATUS pgp_verify_text(
PEP_SESSION session, const char *text, size_t size,
const char *signature, size_t sig_size, stringlist_t **keylist
)
{
pEpSession *_session = (pEpSession *) session;
PEP_STATUS result;
gpgme_error_t gpgme_error;
gpgme_data_t d_text, d_sig;
stringlist_t *_keylist;
assert(session);
assert(text);
assert(size);
assert(signature);
assert(sig_size);
assert(keylist);
*keylist = NULL;
gpgme_error = _session->gpg.gpgme_data_new_from_mem(&d_text, text, size, 0);
gpgme_error = gpg_err_code(gpgme_error);
assert(gpgme_error == GPG_ERR_NO_ERROR);
if (gpgme_error != GPG_ERR_NO_ERROR) {
if (gpgme_error == GPG_ERR_ENOMEM)
return PEP_OUT_OF_MEMORY;
else
return PEP_UNKNOWN_ERROR;
}
gpgme_error = _session->gpg.gpgme_data_new_from_mem(&d_sig, signature, sig_size, 0);
gpgme_error = gpg_err_code(gpgme_error);
assert(gpgme_error == GPG_ERR_NO_ERROR);
if (gpgme_error != GPG_ERR_NO_ERROR) {
_session->gpg.gpgme_data_release(d_text);
if (gpgme_error == GPG_ERR_ENOMEM)
return PEP_OUT_OF_MEMORY;
else
return PEP_UNKNOWN_ERROR;
}
gpgme_error = _session->gpg.gpgme_op_verify(_session->ctx, d_sig, d_text, NULL);
gpgme_error = gpg_err_code(gpgme_error);
assert(gpgme_error != GPG_ERR_INV_VALUE);
switch (gpgme_error) {
case GPG_ERR_NO_ERROR:
{
gpgme_verify_result_t gpgme_verify_result;
gpgme_signature_t gpgme_signature;
gpgme_verify_result =
_session->gpg.gpgme_op_verify_result(_session->ctx);
assert(gpgme_verify_result);
gpgme_signature = gpgme_verify_result->signatures;
if (gpgme_signature) {
stringlist_t *k;
_keylist = new_stringlist(NULL);
assert(_keylist);
if (_keylist == NULL) {
_session->gpg.gpgme_data_release(d_text);
_session->gpg.gpgme_data_release(d_sig);
return PEP_OUT_OF_MEMORY;
}
k = _keylist;
result = PEP_VERIFIED;
do {
k = stringlist_add(k, gpgme_signature->fpr);
if (k == NULL) {
free_stringlist(_keylist);
_session->gpg.gpgme_data_release(d_text);
_session->gpg.gpgme_data_release(d_sig);
return PEP_OUT_OF_MEMORY;
}
if (gpgme_signature->summary & GPGME_SIGSUM_RED) {
if (gpgme_signature->summary & GPGME_SIGSUM_KEY_EXPIRED
|| gpgme_signature->summary & GPGME_SIGSUM_SIG_EXPIRED) {
if (result == PEP_VERIFIED
|| result == PEP_VERIFIED_AND_TRUSTED)
result = PEP_UNENCRYPTED;
}
else {
result = PEP_DECRYPT_SIGNATURE_DOES_NOT_MATCH;
break;
}
}
else {
if (gpgme_signature->summary & GPGME_SIGSUM_VALID) {
if (result == PEP_VERIFIED)
result = PEP_VERIFIED_AND_TRUSTED;
}
if (gpgme_signature->summary & GPGME_SIGSUM_GREEN) {
// good
}
else if (gpgme_signature->summary & GPGME_SIGSUM_KEY_MISSING) {
result = PEP_VERIFY_NO_KEY;
}
else if (gpgme_signature->summary & GPGME_SIGSUM_SYS_ERROR) {
if (result == PEP_VERIFIED
|| result == PEP_VERIFIED_AND_TRUSTED)
result = PEP_UNENCRYPTED;
}
else {
// do nothing
}
}
} while ((gpgme_signature = gpgme_signature->next));
*keylist = _keylist;
}
else {
result = PEP_UNENCRYPTED;
}
break;
}
break;
case GPG_ERR_NO_DATA:
result = PEP_DECRYPT_WRONG_FORMAT;
break;
case GPG_ERR_INV_VALUE:
default:
result = PEP_UNKNOWN_ERROR;
break;
}
_session->gpg.gpgme_data_release(d_text);
_session->gpg.gpgme_data_release(d_sig);
return result;
}
PEP_STATUS pgp_encrypt_and_sign(
PEP_SESSION session, const stringlist_t *keylist, const char *ptext,
size_t psize, char **ctext, size_t *csize
)
{
pEpSession *_session = (pEpSession *) session;
PEP_STATUS result;
gpgme_error_t gpgme_error;
gpgme_data_t plain, cipher;
gpgme_key_t *rcpt;
gpgme_encrypt_flags_t flags;
const stringlist_t *_keylist;
int i, j;
assert(_session);
assert(keylist);
assert(ptext);
assert(psize);
assert(ctext);
assert(csize);
*ctext = NULL;
*csize = 0;
gpgme_error = _session->gpg.gpgme_data_new_from_mem(&plain, ptext, psize, 0);
gpgme_error = gpg_err_code(gpgme_error);
assert(gpgme_error == GPG_ERR_NO_ERROR);
if (gpgme_error != GPG_ERR_NO_ERROR) {
if (gpgme_error == GPG_ERR_ENOMEM)
return PEP_OUT_OF_MEMORY;
else
return PEP_UNKNOWN_ERROR;
}
gpgme_error = _session->gpg.gpgme_data_new(&cipher);
gpgme_error = gpg_err_code(gpgme_error);
assert(gpgme_error == GPG_ERR_NO_ERROR);
if (gpgme_error != GPG_ERR_NO_ERROR) {
_session->gpg.gpgme_data_release(plain);
if (gpgme_error == GPG_ERR_ENOMEM)
return PEP_OUT_OF_MEMORY;
else
return PEP_UNKNOWN_ERROR;
}
rcpt = (gpgme_key_t *) calloc(stringlist_length(keylist) + 1,
sizeof(gpgme_key_t));
assert(rcpt);
if (rcpt == NULL) {
_session->gpg.gpgme_data_release(plain);
_session->gpg.gpgme_data_release(cipher);
return PEP_OUT_OF_MEMORY;
}
_session->gpg.gpgme_signers_clear(_session->ctx);
for (_keylist = keylist, i = 0; _keylist != NULL; _keylist = _keylist->next, i++) {
assert(_keylist->value);
gpgme_error = _session->gpg.gpgme_get_key(_session->ctx, _keylist->value,
&rcpt[i], 0);
gpgme_error = gpg_err_code(gpgme_error);
assert(gpgme_error != GPG_ERR_ENOMEM);
switch (gpgme_error) {
case GPG_ERR_ENOMEM:
for (j = 0; j<i; j++)
_session->gpg.gpgme_key_unref(rcpt[j]);
free(rcpt);
_session->gpg.gpgme_data_release(plain);
_session->gpg.gpgme_data_release(cipher);
return PEP_OUT_OF_MEMORY;
case GPG_ERR_NO_ERROR:
if (i == 0) {
gpgme_error_t _gpgme_error = _session->gpg.gpgme_signers_add(_session->ctx, rcpt[0]);
_gpgme_error = gpg_err_code(_gpgme_error);
assert(_gpgme_error == GPG_ERR_NO_ERROR);
}
break;
case GPG_ERR_EOF:
for (j = 0; j<i; j++)
_session->gpg.gpgme_key_unref(rcpt[j]);
free(rcpt);
_session->gpg.gpgme_data_release(plain);
_session->gpg.gpgme_data_release(cipher);
return PEP_KEY_NOT_FOUND;
case GPG_ERR_AMBIGUOUS_NAME:
for (j = 0; j<i; j++)
_session->gpg.gpgme_key_unref(rcpt[j]);
free(rcpt);
_session->gpg.gpgme_data_release(plain);
_session->gpg.gpgme_data_release(cipher);
return PEP_KEY_HAS_AMBIG_NAME;
default: // GPG_ERR_INV_VALUE if CTX or R_KEY is not a valid pointer or
// FPR is not a fingerprint or key ID
for (j = 0; j<i; j++)
_session->gpg.gpgme_key_unref(rcpt[j]);
free(rcpt);
_session->gpg.gpgme_data_release(plain);
_session->gpg.gpgme_data_release(cipher);
return PEP_GET_KEY_FAILED;
}
}
// TODO: remove that and replace with proper key management
flags = GPGME_ENCRYPT_ALWAYS_TRUST;
gpgme_error = _session->gpg.gpgme_op_encrypt_sign(_session->ctx, rcpt, flags,
plain, cipher);
gpgme_error = gpg_err_code(gpgme_error);
switch (gpgme_error) {
case GPG_ERR_NO_ERROR:
{
char *_buffer = NULL;
size_t reading;
size_t length = _session->gpg.gpgme_data_seek(cipher, 0, SEEK_END);
assert(length != -1);
_session->gpg.gpgme_data_seek(cipher, 0, SEEK_SET);
// TODO: make things less memory consuming
// the following algorithm allocates a buffer for the complete text
_buffer = (char *) malloc(length + 1);
assert(_buffer);
if (_buffer == NULL) {
for (j = 0; j<stringlist_length(keylist); j++)
_session->gpg.gpgme_key_unref(rcpt[j]);
free(rcpt);
_session->gpg.gpgme_data_release(plain);
_session->gpg.gpgme_data_release(cipher);
return PEP_OUT_OF_MEMORY;
}
reading = _session->gpg.gpgme_data_read(cipher, _buffer, length);
assert(length == reading);
*ctext = _buffer;
*csize = reading;
(*ctext)[*csize] = 0; // safeguard for naive users
result = PEP_STATUS_OK;
break;
}
default:
result = PEP_UNKNOWN_ERROR;
}
for (j = 0; j<stringlist_length(keylist); j++)
_session->gpg.gpgme_key_unref(rcpt[j]);
free(rcpt);
_session->gpg.gpgme_data_release(plain);
_session->gpg.gpgme_data_release(cipher);
return result;
}
PEP_STATUS pgp_generate_keypair(
PEP_SESSION session, pEp_identity *identity
)
{
pEpSession *_session = (pEpSession *) session;
gpgme_error_t gpgme_error;
char *parms;
const char *template =
"<GnupgKeyParms format=\"internal\">\n"
"Key-Type: RSA\n"
"Key-Length: 4096\n"
"Name-Real: %s\n"
"Name-Email: %s\n"
/* "Passphrase: %s\n" */
"Expire-Date: 1y\n"
"</GnupgKeyParms>\n";
int result;
gpgme_genkey_result_t gpgme_genkey_result;
assert(session);
assert(identity);
assert(identity->address);
assert(identity->fpr == NULL);
assert(identity->username);
parms = calloc(1, PARMS_MAX);
assert(parms);
if (parms == NULL)
return PEP_OUT_OF_MEMORY;
result = snprintf(parms, PARMS_MAX, template, identity->username,
identity->address); // , _session->passphrase);
assert(result < PARMS_MAX);
if (result >= PARMS_MAX) {
free(parms);
return PEP_BUFFER_TOO_SMALL;
}
gpgme_error = _session->gpg.gpgme_op_genkey(_session->ctx, parms, NULL, NULL);
gpgme_error = gpg_err_code(gpgme_error);
free(parms);
switch (gpgme_error) {
case GPG_ERR_NO_ERROR:
break;
case GPG_ERR_INV_VALUE:
return PEP_ILLEGAL_VALUE;
case GPG_ERR_GENERAL:
return PEP_CANNOT_CREATE_KEY;
default:
assert(0);
return PEP_UNKNOWN_ERROR;
}
gpgme_genkey_result = _session->gpg.gpgme_op_genkey_result(_session->ctx);
assert(gpgme_genkey_result);
assert(gpgme_genkey_result->fpr);
identity->fpr = strdup(gpgme_genkey_result->fpr);
return PEP_STATUS_OK;
}
PEP_STATUS pgp_delete_keypair(PEP_SESSION session, const char *fpr)
{
pEpSession *_session = (pEpSession *) session;
gpgme_error_t gpgme_error;
gpgme_key_t key;
assert(session);
assert(fpr);
gpgme_error = _session->gpg.gpgme_get_key(_session->ctx, fpr, &key, 0);
gpgme_error = gpg_err_code(gpgme_error);
assert(gpgme_error != GPG_ERR_ENOMEM);
switch (gpgme_error) {
case GPG_ERR_NO_ERROR:
break;
case GPG_ERR_EOF:
return PEP_KEY_NOT_FOUND;
case GPG_ERR_INV_VALUE:
return PEP_ILLEGAL_VALUE;
case GPG_ERR_AMBIGUOUS_NAME:
return PEP_KEY_HAS_AMBIG_NAME;
case GPG_ERR_ENOMEM:
return PEP_OUT_OF_MEMORY;
default:
assert(0);
return PEP_UNKNOWN_ERROR;
}
gpgme_error = _session->gpg.gpgme_op_delete(_session->ctx, key, 1);
gpgme_error = gpg_err_code(gpgme_error);
_session->gpg.gpgme_key_unref(key);
switch (gpgme_error) {
case GPG_ERR_NO_ERROR:
break;
case GPG_ERR_INV_VALUE:
assert(0);
return PEP_UNKNOWN_ERROR;
case GPG_ERR_NO_PUBKEY:
assert(0);
return PEP_KEY_NOT_FOUND;
case GPG_ERR_AMBIGUOUS_NAME:
assert(0);
return PEP_KEY_HAS_AMBIG_NAME;
default:
assert(0);
return PEP_UNKNOWN_ERROR;
}
return PEP_STATUS_OK;
}
PEP_STATUS pgp_import_key(PEP_SESSION session, const char *key_data, size_t size)
{
pEpSession *_session = (pEpSession *) session;
gpgme_error_t gpgme_error;
gpgme_data_t dh;
assert(session);
assert(key_data);
gpgme_error = _session->gpg.gpgme_data_new_from_mem(&dh, key_data, size, 0);
gpgme_error = gpg_err_code(gpgme_error);
assert(gpgme_error != GPG_ERR_ENOMEM);
switch (gpgme_error) {
case GPG_ERR_NO_ERROR:
break;
case GPG_ERR_ENOMEM:
return PEP_OUT_OF_MEMORY;
case GPG_ERR_INV_VALUE:
assert(0);
return PEP_UNKNOWN_ERROR;
default:
assert(0);
return PEP_UNKNOWN_ERROR;
}
gpgme_error = _session->gpg.gpgme_op_import(_session->ctx, dh);
gpgme_error = gpg_err_code(gpgme_error);
switch (gpgme_error) {
case GPG_ERR_NO_ERROR:
break;
case GPG_ERR_INV_VALUE:
assert(0);
_session->gpg.gpgme_data_release(dh);
return PEP_UNKNOWN_ERROR;
case GPG_ERR_NO_DATA:
_session->gpg.gpgme_data_release(dh);
return PEP_ILLEGAL_VALUE;
default:
assert(0);
_session->gpg.gpgme_data_release(dh);
return PEP_UNKNOWN_ERROR;
}
_session->gpg.gpgme_data_release(dh);
return PEP_STATUS_OK;
}
PEP_STATUS pgp_export_key(
PEP_SESSION session, const char *fpr, char **key_data, size_t *size
)
{
pEpSession *_session = (pEpSession *) session;
gpgme_error_t gpgme_error;
gpgme_data_t dh;
size_t _size;
char *buffer;
int reading;
assert(session);
assert(fpr);
assert(key_data);
assert(size);
gpgme_error = _session->gpg.gpgme_data_new(&dh);
gpgme_error = gpg_err_code(gpgme_error);
assert(gpgme_error != GPG_ERR_ENOMEM);
switch (gpgme_error) {
case GPG_ERR_NO_ERROR:
break;
case GPG_ERR_ENOMEM:
return PEP_OUT_OF_MEMORY;
case GPG_ERR_INV_VALUE:
assert(0);
return PEP_UNKNOWN_ERROR;
default:
assert(0);
return PEP_UNKNOWN_ERROR;
}
gpgme_error = _session->gpg.gpgme_op_export(_session->ctx, fpr,
GPGME_EXPORT_MODE_MINIMAL, dh);
gpgme_error = gpg_err_code(gpgme_error);
switch (gpgme_error) {
case GPG_ERR_NO_ERROR:
break;
case GPG_ERR_EOF:
_session->gpg.gpgme_data_release(dh);
return PEP_KEY_NOT_FOUND;
case GPG_ERR_INV_VALUE:
assert(0);
_session->gpg.gpgme_data_release(dh);
return PEP_UNKNOWN_ERROR;
default:
assert(0);
_session->gpg.gpgme_data_release(dh);
return PEP_UNKNOWN_ERROR;
};
_size = _session->gpg.gpgme_data_seek(dh, 0, SEEK_END);
assert(_size != -1);
_session->gpg.gpgme_data_seek(dh, 0, SEEK_SET);
buffer = malloc(_size + 1);
assert(buffer);
if (buffer == NULL) {
_session->gpg.gpgme_data_release(dh);
return PEP_OUT_OF_MEMORY;
}
reading = _session->gpg.gpgme_data_read(dh, buffer, _size);
assert(_size == reading);
// safeguard for the naive user
buffer[_size] = 0;
*key_data = buffer;
*size = _size;
_session->gpg.gpgme_data_release(dh);
return PEP_STATUS_OK;
}
static void _switch_mode(pEpSession *_session, gpgme_keylist_mode_t remove_mode,
gpgme_keylist_mode_t add_mode)
{
gpgme_error_t gpgme_error;
gpgme_keylist_mode_t mode;
mode = _session->gpg.gpgme_get_keylist_mode(_session->ctx);
mode &= ~remove_mode;
mode |= add_mode;
gpgme_error = _session->gpg.gpgme_set_keylist_mode(_session->ctx, mode);
gpgme_error = gpg_err_code(gpgme_error);
assert(gpgme_error == GPG_ERR_NO_ERROR);
}
PEP_STATUS pgp_recv_key(PEP_SESSION session, const char *pattern)
{
pEpSession *_session = (pEpSession *) session;
gpgme_error_t gpgme_error;
gpgme_key_t key;
assert(session);
assert(pattern);
_switch_mode(_session, GPGME_KEYLIST_MODE_LOCAL, GPGME_KEYLIST_MODE_EXTERN);
gpgme_error = _session->gpg.gpgme_op_keylist_start(_session->ctx, pattern, 0);
gpgme_error = gpg_err_code(gpgme_error);
switch (gpgme_error) {
case GPG_ERR_NO_ERROR:
break;
case GPG_ERR_INV_VALUE:
assert(0);
_switch_mode(_session, GPGME_KEYLIST_MODE_EXTERN,
GPGME_KEYLIST_MODE_LOCAL);
return PEP_UNKNOWN_ERROR;
default:
_switch_mode(_session, GPGME_KEYLIST_MODE_EXTERN,
GPGME_KEYLIST_MODE_LOCAL);
return PEP_GET_KEY_FAILED;
};
do {
gpgme_error = _session->gpg.gpgme_op_keylist_next(_session->ctx, &key);
gpgme_error = gpg_err_code(gpgme_error);
assert(gpgme_error != GPG_ERR_INV_VALUE);
switch (gpgme_error) {
case GPG_ERR_EOF:
break;
case GPG_ERR_NO_ERROR:
{
gpgme_error_t gpgme_error;
gpgme_key_t keys[2];
keys[0] = key;
keys[1] = NULL;
gpgme_error = _session->gpg.gpgme_op_import_keys(_session->ctx, keys);
gpgme_error = gpg_err_code(gpgme_error);
_session->gpg.gpgme_key_unref(key);
assert(gpgme_error != GPG_ERR_INV_VALUE);
assert(gpgme_error != GPG_ERR_CONFLICT);
}
break;
case GPG_ERR_ENOMEM:
_switch_mode(_session, GPGME_KEYLIST_MODE_EXTERN,
GPGME_KEYLIST_MODE_LOCAL);
_session->gpg.gpgme_op_keylist_end(_session->ctx);
return PEP_OUT_OF_MEMORY;
default:
// BUG: GPGME returns an illegal value instead of GPG_ERR_EOF after
// reading first key
#ifndef NDEBUG
fprintf(stderr, "warning: unknown result 0x%x of"
" gpgme_op_keylist_next()\n", gpgme_error);
#endif
gpgme_error = GPG_ERR_EOF;
break;
};
} while (gpgme_error != GPG_ERR_EOF);
_session->gpg.gpgme_op_keylist_end(_session->ctx);
_switch_mode(_session, GPGME_KEYLIST_MODE_EXTERN,
GPGME_KEYLIST_MODE_LOCAL);
return PEP_STATUS_OK;
}
PEP_STATUS pgp_find_keys(
PEP_SESSION session, const char *pattern, stringlist_t **keylist
)
{
pEpSession *_session = (pEpSession *) session;
gpgme_error_t gpgme_error;
gpgme_key_t key;
stringlist_t *_keylist;
char *fpr;
assert(session);
assert(pattern);
assert(keylist);
*keylist = NULL;
gpgme_error = _session->gpg.gpgme_op_keylist_start(_session->ctx, pattern, 0);
gpgme_error = gpg_err_code(gpgme_error);
switch (gpgme_error) {
case GPG_ERR_NO_ERROR:
break;
case GPG_ERR_INV_VALUE:
assert(0);
return PEP_UNKNOWN_ERROR;
default:
return PEP_GET_KEY_FAILED;
};
_keylist = new_stringlist(NULL);
stringlist_t *_k = _keylist;
do {
gpgme_error = _session->gpg.gpgme_op_keylist_next(_session->ctx, &key);
gpgme_error = gpg_err_code(gpgme_error);
assert(gpgme_error != GPG_ERR_INV_VALUE);
switch (gpgme_error) {
case GPG_ERR_EOF:
break;
case GPG_ERR_NO_ERROR:
assert(key);
assert(key->subkeys);
fpr = key->subkeys->fpr;
assert(fpr);
_k = stringlist_add(_k, fpr);
assert(_k);
if (_k != NULL)
break;
case GPG_ERR_ENOMEM:
free_stringlist(_keylist);
_session->gpg.gpgme_op_keylist_end(_session->ctx);
return PEP_OUT_OF_MEMORY;
default:
// BUG: GPGME returns an illegal value instead of GPG_ERR_EOF after
// reading first key
#ifndef NDEBUG
fprintf(stderr, "warning: unknown result 0x%x of"
" gpgme_op_keylist_next()\n", gpgme_error);
#endif
gpgme_error = GPG_ERR_EOF;
break;
};
} while (gpgme_error != GPG_ERR_EOF);
_session->gpg.gpgme_op_keylist_end(_session->ctx);
*keylist = _keylist;
return PEP_STATUS_OK;
}
PEP_STATUS pgp_send_key(PEP_SESSION session, const char *pattern)
{
pEpSession *_session = (pEpSession *) session;
gpgme_error_t gpgme_error;
assert(session);
assert(pattern);
gpgme_error = _session->gpg.gpgme_op_export(_session->ctx, pattern,
GPGME_EXPORT_MODE_EXTERN, NULL);
gpgme_error = gpg_err_code(gpgme_error);
assert(gpgme_error != GPG_ERR_INV_VALUE);
if (gpgme_error == GPG_ERR_NO_ERROR)
return PEP_STATUS_OK;
else
return PEP_CANNOT_SEND_KEY;
}
PEP_STATUS pgp_get_key_rating(
PEP_SESSION session,
const char *fpr,
PEP_comm_type *comm_type
)
{
pEpSession *_session = (pEpSession *) session;
PEP_STATUS status = PEP_STATUS_OK;
gpgme_error_t gpgme_error;
gpgme_key_t key;
assert(session);
assert(fpr);
assert(comm_type);
*comm_type = PEP_ct_unknown;
gpgme_error = _session->gpg.gpgme_op_keylist_start(_session->ctx, fpr, 0);
gpgme_error = gpg_err_code(gpgme_error);
switch (gpgme_error) {
case GPG_ERR_NO_ERROR:
break;
case GPG_ERR_INV_VALUE:
assert(0);
return PEP_UNKNOWN_ERROR;
default:
return PEP_GET_KEY_FAILED;
};
gpgme_error = _session->gpg.gpgme_op_keylist_next(_session->ctx, &key);
gpgme_error = gpg_err_code(gpgme_error);
assert(gpgme_error != GPG_ERR_INV_VALUE);
if (key == NULL) {
_session->gpg.gpgme_op_keylist_end(_session->ctx);
return PEP_KEY_NOT_FOUND;
}
switch (key->protocol) {
case GPGME_PROTOCOL_OpenPGP:
case GPGME_PROTOCOL_DEFAULT:
*comm_type = PEP_ct_OpenPGP_unconfirmed;
break;
case GPGME_PROTOCOL_CMS:
*comm_type = PEP_ct_CMS_unconfirmed;
break;
default:
*comm_type = PEP_ct_unknown;
_session->gpg.gpgme_op_keylist_end(_session->ctx);
return PEP_STATUS_OK;
}
switch (gpgme_error) {
case GPG_ERR_EOF:
break;
case GPG_ERR_NO_ERROR:
assert(key);
assert(key->subkeys);
for (gpgme_subkey_t sk = key->subkeys; sk != NULL; sk = sk->next) {
if (sk->length < 1024)
*comm_type = PEP_ct_key_too_short;
else if (
(
(sk->pubkey_algo == GPGME_PK_RSA)
|| (sk->pubkey_algo == GPGME_PK_RSA_E)
|| (sk->pubkey_algo == GPGME_PK_RSA_S)
)
&& sk->length == 1024
)
*comm_type = PEP_ct_OpenPGP_1024_RSA_unconfirmed;
if (sk->invalid) {
*comm_type = PEP_ct_key_b0rken;
break;
}
if (sk->expired) {
*comm_type = PEP_ct_key_expired;
break;
}
if (sk->revoked) {
*comm_type = PEP_ct_key_revoked;
break;
}
}
break;
case GPG_ERR_ENOMEM:
_session->gpg.gpgme_op_keylist_end(_session->ctx);
*comm_type = PEP_ct_unknown;
return PEP_OUT_OF_MEMORY;
default:
// BUG: GPGME returns an illegal value instead of GPG_ERR_EOF after
// reading first key
#ifndef NDEBUG
fprintf(stderr, "warning: unknown result 0x%x of"
" gpgme_op_keylist_next()\n", gpgme_error);
#endif
gpgme_error = GPG_ERR_EOF;
break;
};
_session->gpg.gpgme_op_keylist_end(_session->ctx);
return status;
}