repos/pEpEngine: src/keymanagement.c@16829200236d (annotated)

vb@130	1	#include "platform.h"
vb@0	2
vb@0	3	#include <string.h>
vb@0	4	#include <stdio.h>
vb@0	5	#include <stdlib.h>
vb@0	6	#include <assert.h>
Edouard@512	7	#include <ctype.h>
vb@0	8
vb@217	9	#include "pEp_internal.h"
vb@0	10	#include "keymanagement.h"
vb@0	11
edouard@1195	12	#include "sync_fsm.h"
krista@1253	13	#include "blacklist.h"
edouard@1195	14
Edouard@439	15	#ifndef EMPTYSTR
roker@500	16	#define EMPTYSTR(STR) ((STR) == NULL \|\| (STR)[0] == '\0')
vb@8	17	#endif
vb@8	18
vb@214	19	#define KEY_EXPIRE_DELTA (60 * 60 * 24 * 365)
vb@214	20
Edouard@774	21	PEP_STATUS elect_pubkey(
Edouard@755	22	PEP_SESSION session, pEp_identity * identity
Edouard@755	23	)
Edouard@755	24	{
Edouard@755	25	PEP_STATUS status;
Edouard@755	26	stringlist_t *keylist;
krista@1342	27	char *_fpr = "";
Edouard@755	28	identity->comm_type = PEP_ct_unknown;
Edouard@755	29
Edouard@755	30	status = find_keys(session, identity->address, &keylist);
Edouard@755	31	assert(status != PEP_OUT_OF_MEMORY);
Edouard@755	32	if (status == PEP_OUT_OF_MEMORY)
Edouard@755	33	return PEP_OUT_OF_MEMORY;
Edouard@755	34
Edouard@755	35	stringlist_t *_keylist;
Edouard@755	36	for (_keylist = keylist; _keylist && _keylist->value; _keylist = _keylist->next) {
Edouard@755	37	PEP_comm_type _comm_type_key;
Edouard@755	38
Edouard@755	39	status = get_key_rating(session, _keylist->value, &_comm_type_key);
Edouard@755	40	assert(status != PEP_OUT_OF_MEMORY);
Edouard@755	41	if (status == PEP_OUT_OF_MEMORY) {
Edouard@755	42	free_stringlist(keylist);
Edouard@755	43	return PEP_OUT_OF_MEMORY;
Edouard@755	44	}
Edouard@755	45
Edouard@755	46	if (_comm_type_key != PEP_ct_compromized &&
Edouard@755	47	_comm_type_key != PEP_ct_unknown)
Edouard@755	48	{
Edouard@755	49	if (identity->comm_type == PEP_ct_unknown \|\|
Edouard@755	50	_comm_type_key > identity->comm_type)
Edouard@755	51	{
krista@1275	52	bool blacklisted;
krista@1275	53	status = blacklist_is_listed(session, _keylist->value, &blacklisted);
krista@1275	54	if (status == PEP_STATUS_OK && !blacklisted) {
krista@1275	55	identity->comm_type = _comm_type_key;
krista@1275	56	_fpr = _keylist->value;
krista@1275	57	}
Edouard@755	58	}
Edouard@755	59	}
Edouard@755	60	}
Edouard@755	61
krista@1342	62
krista@1342	63	// if (_fpr) {
krista@1342	64	free(identity->fpr);
Edouard@755	65
krista@1342	66	identity->fpr = strdup(_fpr);
krista@1342	67	if (identity->fpr == NULL) {
krista@1342	68	free_stringlist(keylist);
krista@1342	69	return PEP_OUT_OF_MEMORY;
Edouard@755	70	}
krista@1342	71	// }
Edouard@755	72	free_stringlist(keylist);
Edouard@755	73	return PEP_STATUS_OK;
Edouard@755	74	}
Edouard@755	75
edouard@1406	76	PEP_STATUS _myself(PEP_SESSION session, pEp_identity * identity, bool do_keygen, bool ignore_flags);
edouard@1385	77
edouard@1385	78	DYNAMIC_API PEP_STATUS update_identity(
edouard@1385	79	PEP_SESSION session, pEp_identity * identity
vb@0	80	)
vb@0	81	{
vb@0	82	pEp_identity *stored_identity;
krista@1224	83	pEp_identity* temp_id = NULL;
vb@0	84	PEP_STATUS status;
vb@0	85
vb@0	86	assert(session);
vb@0	87	assert(identity);
Edouard@439	88	assert(!EMPTYSTR(identity->address));
vb@0	89
Edouard@439	90	if (!(session && identity && !EMPTYSTR(identity->address)))
vb@191	91	return PEP_ILLEGAL_VALUE;
vb@191	92
vb@1078	93	if (identity->me \|\| (identity->user_id && strcmp(identity->user_id, PEP_OWN_USERID) == 0)) {
edouard@1385	94	identity->me = true;
edouard@1406	95	return _myself(session, identity, false, true);
vb@1078	96	}
vb@1078	97
Edouard@559	98	int _no_user_id = EMPTYSTR(identity->user_id);
edouard@1164	99	int _did_elect_new_key = 0;
Edouard@559	100
Edouard@559	101	if (_no_user_id)
Edouard@559	102	{
vb@1015	103	status = get_identity(session, identity->address, PEP_OWN_USERID,
vb@1015	104	&stored_identity);
vb@1015	105	if (status == PEP_STATUS_OK) {
vb@1015	106	free_identity(stored_identity);
edouard@1406	107	return _myself(session, identity, false, true);
vb@1015	108	}
vb@1015	109
Edouard@559	110	free(identity->user_id);
Edouard@559	111
vb@591	112	identity->user_id = calloc(1, strlen(identity->address) + 6);
Edouard@562	113	if (!identity->user_id)
Edouard@559	114	{
Edouard@562	115	return PEP_OUT_OF_MEMORY;
Edouard@559	116	}
vb@983	117	snprintf(identity->user_id, strlen(identity->address) + 6,
Edouard@562	118	"TOFU_%s", identity->address);
Edouard@559	119	}
vb@934	120
Edouard@559	121	status = get_identity(session,
Edouard@559	122	identity->address,
Edouard@559	123	identity->user_id,
Edouard@559	124	&stored_identity);
Edouard@559	125
vb@0	126	assert(status != PEP_OUT_OF_MEMORY);
vb@0	127	if (status == PEP_OUT_OF_MEMORY)
Edouard@829	128	goto exit_free;
vb@0	129
krista@1188	130	/* We elect a pubkey first in case there's no acceptable stored fpr */
krista@1224	131	temp_id = identity_dup(identity);
krista@1220	132
krista@1220	133	status = elect_pubkey(session, temp_id);
krista@1185	134	if (status != PEP_STATUS_OK)
krista@1185	135	goto exit_free;
krista@1188	136
vb@14	137	if (stored_identity) {
vb@14	138	PEP_comm_type _comm_type_key;
krista@1188	139
krista@1255	140	bool dont_use_fpr = true;
krista@1220	141
krista@1220	142	/* if we have a stored_identity fpr */
krista@1342	143	if (!EMPTYSTR(stored_identity->fpr) && !EMPTYSTR(temp_id->fpr)) {
krista@1220	144	status = blacklist_is_listed(session, stored_identity->fpr, &dont_use_fpr);
krista@1220	145	if (status != PEP_STATUS_OK)
krista@1220	146	dont_use_fpr = true;
krista@1220	147	}
krista@1188	148
krista@1220	149
krista@1220	150	if (!dont_use_fpr) {
krista@1220	151	free(temp_id->fpr);
krista@1220	152	temp_id->fpr = strdup(stored_identity->fpr);
krista@1220	153	assert(temp_id->fpr);
krista@1220	154	if (temp_id->fpr == NULL) {
krista@1220	155	status = PEP_OUT_OF_MEMORY;
krista@1188	156	goto exit_free;
krista@1220	157	}
krista@1220	158	}
krista@1220	159	else if (!EMPTYSTR(temp_id->fpr)) {
krista@1220	160	status = blacklist_is_listed(session, temp_id->fpr, &dont_use_fpr);
krista@1188	161	if (dont_use_fpr) {
krista@1220	162	free(temp_id->fpr);
krista@1220	163	temp_id->fpr = strdup("");
krista@1188	164	}
krista@1188	165	else {
krista@1188	166	_did_elect_new_key = 1;
krista@1188	167	}
krista@1188	168	}
krista@1188	169	else {
krista@1220	170	if (temp_id->fpr == NULL)
krista@1220	171	temp_id->fpr = strdup("");
krista@1188	172	}
krista@1188	173
krista@1220	174	/* ok, from here on out, use temp_id */
krista@1220	175
krista@1220	176
krista@1220	177	/* At this point, we either have a non-blacklisted fpr we can work */
krista@1220	178	/* with, or we've got nada. */
krista@1220	179	if (!EMPTYSTR(temp_id->fpr)) {
krista@1220	180	status = get_key_rating(session, temp_id->fpr, &_comm_type_key);
krista@1188	181	assert(status != PEP_OUT_OF_MEMORY);
krista@1188	182	if (status == PEP_OUT_OF_MEMORY)
krista@1188	183	goto exit_free;
krista@1188	184	if (_comm_type_key < PEP_ct_unconfirmed_encryption) {
krista@1220	185	temp_id->comm_type = _comm_type_key;
krista@1188	186	} else{
krista@1220	187	temp_id->comm_type = stored_identity->comm_type;
krista@1220	188	if (temp_id->comm_type == PEP_ct_unknown) {
krista@1220	189	temp_id->comm_type = _comm_type_key;
krista@1188	190	}
krista@1188	191	}
krista@1188	192	}
krista@1243	193	else {
krista@1243	194	/* Set comm_type accordingly */
krista@1243	195	temp_id->comm_type = PEP_ct_key_not_found;
krista@1243	196	}
krista@1243	197
krista@1220	198	if (EMPTYSTR(temp_id->username)) {
krista@1220	199	free(temp_id->username);
krista@1220	200	temp_id->username = strdup(stored_identity->username);
krista@1220	201	assert(temp_id->username);
krista@1220	202	if (temp_id->username == NULL){
Edouard@829	203	status = PEP_OUT_OF_MEMORY;
Edouard@829	204	goto exit_free;
Edouard@829	205	}
vb@22	206	}
vb@22	207
krista@1220	208	if (temp_id->lang[0] == 0) {
krista@1220	209	temp_id->lang[0] = stored_identity->lang[0];
krista@1220	210	temp_id->lang[1] = stored_identity->lang[1];
krista@1220	211	temp_id->lang[2] = 0;
vb@21	212	}
vb@932	213
krista@1220	214	temp_id->flags = stored_identity->flags;
vb@21	215	}
vb@21	216	else /* stored_identity == NULL */ {
krista@1220	217	temp_id->flags = 0;
vb@934	218
krista@1188	219	/* Work with the elected key from above */
krista@1220	220	if (!EMPTYSTR(temp_id->fpr)) {
krista@1196	221
krista@1196	222	bool dont_use_fpr = true;
krista@1220	223	status = blacklist_is_listed(session, temp_id->fpr, &dont_use_fpr);
krista@1196	224	if (status != PEP_STATUS_OK)
krista@1196	225	dont_use_fpr = true;
krista@1196	226
krista@1196	227	if (!dont_use_fpr) {
krista@1196	228	PEP_comm_type _comm_type_key;
krista@1449	229
krista@1449	230	// We don't want to lose a previous trust entry!!!
krista@1449	231	status = get_trust(session, temp_id);
vb@21	232
krista@1449	233	bool has_trust_status = (status == PEP_STATUS_OK);
krista@1449	234
krista@1220	235	status = get_key_rating(session, temp_id->fpr, &_comm_type_key);
krista@1449	236
krista@1196	237	assert(status != PEP_OUT_OF_MEMORY);
krista@1196	238	if (status == PEP_OUT_OF_MEMORY)
krista@1196	239	goto exit_free;
vb@21	240
krista@1449	241	if (!has_trust_status \|\| _comm_type_key > temp_id->comm_type)
krista@1449	242	temp_id->comm_type = _comm_type_key;
krista@1196	243	}
krista@1196	244	else {
krista@1220	245	free(temp_id->fpr);
krista@1220	246	temp_id->fpr = strdup("");
krista@1196	247	}
vb@21	248	}
vb@21	249	}
vb@21	250
krista@1220	251	if (temp_id->fpr == NULL)
krista@1220	252	temp_id->fpr = strdup("");
krista@1193	253
krista@1193	254
vb@21	255	status = PEP_STATUS_OK;
vb@21	256
krista@1220	257	if (temp_id->comm_type != PEP_ct_unknown && !EMPTYSTR(temp_id->user_id)) {
krista@1220	258	assert(!EMPTYSTR(temp_id->username)); // this should not happen
vb@22	259
krista@1220	260	if (EMPTYSTR(temp_id->username)) { // mitigate
krista@1220	261	free(temp_id->username);
krista@1220	262	temp_id->username = strdup("anonymous");
krista@1220	263	assert(temp_id->username);
krista@1220	264	if (temp_id->username == NULL){
Edouard@829	265	status = PEP_OUT_OF_MEMORY;
Edouard@829	266	goto exit_free;
Edouard@829	267	}
vb@0	268	}
vb@8	269
Edouard@755	270	// Identity doesn't get stored if call was just about checking existing
Edouard@755	271	// user by address (i.e. no user id given but already stored)
krista@1223	272	if (!(_no_user_id && stored_identity) \|\| _did_elect_new_key)
Edouard@559	273	{
krista@1220	274	status = set_identity(session, temp_id);
Edouard@559	275	assert(status == PEP_STATUS_OK);
Edouard@559	276	if (status != PEP_STATUS_OK) {
Edouard@829	277	goto exit_free;
Edouard@559	278	}
Edouard@499	279	}
vb@8	280	}
vb@8	281
krista@1220	282	if (temp_id->comm_type != PEP_ct_compromized &&
krista@1220	283	temp_id->comm_type < PEP_ct_strong_but_unconfirmed)
vb@297	284	if (session->examine_identity)
krista@1220	285	session->examine_identity(temp_id, session->examine_management);
krista@1220	286
krista@1220	287	/* ok, we got to the end. So we can assign the output identity */
krista@1220	288	free(identity->address);
krista@1220	289	identity->address = strdup(temp_id->address);
krista@1220	290	free(identity->fpr);
krista@1220	291	identity->fpr = strdup(temp_id->fpr);
krista@1220	292	free(identity->user_id);
krista@1220	293	identity->user_id = strdup(temp_id->user_id);
krista@1220	294	free(identity->username);
krista@1220	295	identity->username = strdup(temp_id->username);
krista@1220	296	identity->comm_type = temp_id->comm_type;
krista@1220	297	identity->lang[0] = temp_id->lang[0];
krista@1220	298	identity->lang[1] = temp_id->lang[1];
krista@1220	299	identity->lang[2] = 0;
krista@1220	300	identity->me = temp_id->me;
krista@1220	301	identity->flags = temp_id->flags;
vb@297	302
Edouard@829	303	exit_free :
Edouard@829	304
Edouard@829	305	if (stored_identity){
Edouard@829	306	free_identity(stored_identity);
Edouard@829	307	}
Edouard@829	308
krista@1220	309	if (temp_id)
krista@1220	310	free_identity(temp_id);
krista@1220	311
vb@8	312	return status;
vb@0	313	}
vb@0	314
Edouard@774	315	PEP_STATUS elect_ownkey(
krista@1194	316	PEP_SESSION session, pEp_identity * identity
Edouard@774	317	)
Edouard@774	318	{
Edouard@774	319	PEP_STATUS status;
Edouard@774	320	stringlist_t *keylist = NULL;
Edouard@774	321
Edouard@774	322	free(identity->fpr);
Edouard@774	323	identity->fpr = NULL;
Edouard@774	324
krista@1357	325	status = find_private_keys(session, identity->address, &keylist);
Edouard@774	326	assert(status != PEP_OUT_OF_MEMORY);
Edouard@774	327	if (status == PEP_OUT_OF_MEMORY)
Edouard@774	328	return PEP_OUT_OF_MEMORY;
Edouard@774	329
Edouard@774	330	if (keylist != NULL && keylist->value != NULL)
Edouard@774	331	{
Edouard@774	332	char *_fpr = NULL;
Edouard@774	333	identity->comm_type = PEP_ct_unknown;
Edouard@774	334
Edouard@774	335	stringlist_t *_keylist;
Edouard@774	336	for (_keylist = keylist; _keylist && _keylist->value; _keylist = _keylist->next) {
Edouard@774	337	bool is_own = false;
Edouard@774	338
Edouard@774	339	if (session->use_only_own_private_keys)
Edouard@774	340	{
Edouard@774	341	status = own_key_is_listed(session, _keylist->value, &is_own);
Edouard@774	342	assert(status == PEP_STATUS_OK);
Edouard@774	343	if (status != PEP_STATUS_OK) {
Edouard@774	344	free_stringlist(keylist);
Edouard@774	345	return status;
Edouard@774	346	}
Edouard@774	347	}
Edouard@774	348
Edouard@774	349	// TODO : also accept synchronized device group keys ?
Edouard@774	350
Edouard@774	351	if (!session->use_only_own_private_keys \|\| is_own)
Edouard@774	352	{
Edouard@774	353	PEP_comm_type _comm_type_key;
Edouard@774	354
Edouard@774	355	status = get_key_rating(session, _keylist->value, &_comm_type_key);
Edouard@774	356	assert(status != PEP_OUT_OF_MEMORY);
Edouard@774	357	if (status == PEP_OUT_OF_MEMORY) {
Edouard@774	358	free_stringlist(keylist);
Edouard@774	359	return PEP_OUT_OF_MEMORY;
Edouard@774	360	}
Edouard@774	361
Edouard@774	362	if (_comm_type_key != PEP_ct_compromized &&
Edouard@774	363	_comm_type_key != PEP_ct_unknown)
Edouard@774	364	{
Edouard@774	365	if (identity->comm_type == PEP_ct_unknown \|\|
Edouard@774	366	_comm_type_key > identity->comm_type)
Edouard@774	367	{
Edouard@774	368	identity->comm_type = _comm_type_key;
Edouard@774	369	_fpr = _keylist->value;
Edouard@774	370	}
Edouard@774	371	}
Edouard@774	372	}
Edouard@774	373	}
Edouard@774	374
Edouard@774	375	if (_fpr)
Edouard@774	376	{
Edouard@774	377	identity->fpr = strdup(_fpr);
Edouard@774	378	assert(identity->fpr);
Edouard@774	379	if (identity->fpr == NULL)
Edouard@774	380	{
Edouard@774	381	free_stringlist(keylist);
Edouard@774	382	return PEP_OUT_OF_MEMORY;
Edouard@774	383	}
Edouard@774	384	}
Edouard@774	385	free_stringlist(keylist);
Edouard@774	386	}
Edouard@774	387	return PEP_STATUS_OK;
Edouard@774	388	}
Edouard@774	389
krista@1357	390	PEP_STATUS _has_usable_priv_key(PEP_SESSION session, char* fpr,
krista@1357	391	bool* is_usable) {
krista@1357	392
krista@1357	393	bool dont_use_fpr = true;
krista@1357	394
krista@1357	395	PEP_STATUS status = blacklist_is_listed(session, fpr, &dont_use_fpr);
krista@1371	396	if (status == PEP_STATUS_OK && !dont_use_fpr) {
krista@1357	397	// Make sure there is a private key associated with this fpr
krista@1357	398	bool has_private = false;
krista@1357	399	status = contains_priv_key(session, fpr, &has_private);
krista@1371	400
krista@1371	401	if (status == PEP_STATUS_OK)
krista@1371	402	dont_use_fpr = !has_private;
krista@1357	403	}
krista@1357	404
krista@1357	405	*is_usable = !dont_use_fpr;
krista@1357	406
krista@1357	407	return status;
krista@1357	408	}
krista@1357	409
edouard@1406	410	PEP_STATUS _myself(PEP_SESSION session, pEp_identity * identity, bool do_keygen, bool ignore_flags)
vb@0	411	{
Edouard@560	412	pEp_identity *stored_identity;
vb@0	413	PEP_STATUS status;
vb@0	414
vb@0	415	assert(session);
vb@0	416	assert(identity);
vb@1044	417	assert(!EMPTYSTR(identity->address));
vb@1043	418
Edouard@658	419	assert(EMPTYSTR(identity->user_id) \|\|
Edouard@658	420	strcmp(identity->user_id, PEP_OWN_USERID) == 0);
vb@0	421
vb@1044	422	if (!(session && identity && !EMPTYSTR(identity->address) &&
vb@1043	423	(EMPTYSTR(identity->user_id) \|\|
vb@1043	424	strcmp(identity->user_id, PEP_OWN_USERID) == 0)))
vb@191	425	return PEP_ILLEGAL_VALUE;
vb@191	426
vb@0	427	identity->comm_type = PEP_ct_pEp;
vb@0	428	identity->me = true;
edouard@1406	429	if(ignore_flags)
edouard@1406	430	identity->flags = 0;
Edouard@658	431
vb@1043	432	if (EMPTYSTR(identity->user_id))
Edouard@658	433	{
Edouard@658	434	free(identity->user_id);
Edouard@658	435	identity->user_id = strdup(PEP_OWN_USERID);
Edouard@658	436	assert(identity->user_id);
Edouard@658	437	if (identity->user_id == NULL)
Edouard@658	438	return PEP_OUT_OF_MEMORY;
Edouard@658	439	}
vb@0	440
edouard@1488	441	if (EMPTYSTR(identity->username))
edouard@1488	442	{
edouard@1488	443	free(identity->username);
edouard@1488	444	identity->username = strdup("anonymous");
edouard@1488	445	assert(identity->username);
edouard@1488	446	if (identity->username == NULL)
edouard@1488	447	return PEP_OUT_OF_MEMORY;
edouard@1488	448	}
edouard@1488	449
vb@215	450	DEBUG_LOG("myself", "debug", identity->address);
vb@1044	451
Edouard@560	452	status = get_identity(session,
Edouard@560	453	identity->address,
Edouard@560	454	identity->user_id,
Edouard@560	455	&stored_identity);
Edouard@560	456
vb@0	457	assert(status != PEP_OUT_OF_MEMORY);
vb@0	458	if (status == PEP_OUT_OF_MEMORY)
vb@0	459	return PEP_OUT_OF_MEMORY;
krista@1357	460
krista@1357	461	bool dont_use_stored_fpr = true;
krista@1357	462	bool dont_use_input_fpr = true;
krista@1359	463
Edouard@560	464	if (stored_identity)
Edouard@560	465	{
Edouard@560	466	if (EMPTYSTR(identity->fpr)) {
krista@1352	467
krista@1357	468	bool has_private = false;
krista@1352	469
krista@1357	470	status = _has_usable_priv_key(session, stored_identity->fpr, &has_private);
krista@1352	471
krista@1371	472	// N.B. has_private is never true if the returned status is not PEP_STATUS_OK
krista@1357	473	if (has_private) {
krista@1357	474	identity->fpr = strdup(stored_identity->fpr);
krista@1357	475	assert(identity->fpr);
krista@1357	476	if (identity->fpr == NULL)
krista@1357	477	{
krista@1357	478	return PEP_OUT_OF_MEMORY;
krista@1357	479	}
krista@1357	480	dont_use_stored_fpr = false;
Edouard@560	481	}
Edouard@560	482	}
krista@1357	483
edouard@1406	484	identity->flags = (identity->flags & 255) \| stored_identity->flags;
edouard@1367	485
edouard@1367	486	free_identity(stored_identity);
Edouard@588	487	}
krista@1357	488
krista@1357	489	if (dont_use_stored_fpr && !EMPTYSTR(identity->fpr))
Edouard@588	490	{
Edouard@588	491	// App must have a good reason to give fpr, such as explicit
Edouard@588	492	// import of private key, or similar.
Edouard@588	493
Edouard@658	494	// Take given fpr as-is.
vb@934	495
krista@1357	496	// BUT:
krista@1357	497	// First check to see if it's blacklisted or private part is missing?
krista@1357	498	bool has_private = false;
krista@1357	499
krista@1357	500	status = _has_usable_priv_key(session, identity->fpr, &has_private);
krista@1357	501
krista@1371	502	// N.B. has_private is never true if the returned status is not PEP_STATUS_OK
krista@1357	503	if (has_private) {
krista@1357	504	dont_use_input_fpr = false;
krista@1357	505	}
Edouard@560	506	}
krista@1357	507
krista@1357	508	// Ok, we failed to get keys either way, so let's elect one.
krista@1357	509	if (dont_use_input_fpr && dont_use_stored_fpr)
Edouard@560	510	{
Edouard@774	511	status = elect_ownkey(session, identity);
Edouard@774	512	assert(status == PEP_STATUS_OK);
Edouard@774	513	if (status != PEP_STATUS_OK) {
Edouard@774	514	return status;
Edouard@560	515	}
vb@934	516
krista@1357	517	bool has_private = false;
krista@1359	518	if (identity->fpr) {
krista@1359	519	// ok, we elected something.
krista@1359	520	// elect_ownkey only returns private keys, so we don't check again.
krista@1359	521	// Check to see if it's blacklisted
krista@1359	522	bool listed;
krista@1359	523	status = blacklist_is_listed(session, identity->fpr, &listed);
krista@1371	524
krista@1371	525	if (status == PEP_STATUS_OK)
krista@1371	526	has_private = !listed;
krista@1359	527	}
krista@1357	528
krista@1357	529	if (has_private) {
krista@1357	530	dont_use_input_fpr = false;
krista@1357	531	}
krista@1357	532	else { // OK, we've tried everything. Time to generate new keys.
krista@1359	533	free(identity->fpr); // It can stay in this state (unallocated) because we'll generate a new key
krista@1359	534	identity->fpr = NULL;
krista@1357	535	}
Edouard@560	536	}
Edouard@695	537
Edouard@695	538	bool revoked = false;
Edouard@695	539	char *r_fpr = NULL;
Edouard@695	540	if (!EMPTYSTR(identity->fpr))
Edouard@695	541	{
Edouard@695	542	status = key_revoked(session, identity->fpr, &revoked);
Edouard@775	543
Edouard@775	544	// Forces re-election if key is missing and own-key-only not forced
Edouard@775	545	if (!session->use_only_own_private_keys && status == PEP_KEY_NOT_FOUND)
Edouard@775	546	{
Edouard@775	547	status = elect_ownkey(session, identity);
Edouard@775	548	assert(status == PEP_STATUS_OK);
Edouard@775	549	if (status != PEP_STATUS_OK) {
Edouard@775	550	return status;
Edouard@775	551	}
Edouard@775	552	}
Edouard@775	553	else if (status != PEP_STATUS_OK)
Edouard@775	554	{
Edouard@695	555	return status;
Edouard@695	556	}
Edouard@695	557	}
edouard@1140	558
edouard@1140	559	bool new_key_generated = false;
edouard@1140	560
Edouard@695	561	if (EMPTYSTR(identity->fpr) \|\| revoked)
Edouard@695	562	{
edouard@1385	563	if(!do_keygen){
edouard@1385	564	return PEP_GET_KEY_FAILED;
edouard@1385	565	}
edouard@1385	566
Edouard@695	567	if(revoked)
Edouard@695	568	{
Edouard@697	569	r_fpr = identity->fpr;
Edouard@697	570	identity->fpr = NULL;
Edouard@695	571	}
Edouard@560	572
vb@215	573	DEBUG_LOG("generating key pair", "debug", identity->address);
vb@0	574	status = generate_keypair(session, identity);
vb@0	575	assert(status != PEP_OUT_OF_MEMORY);
vb@0	576	if (status != PEP_STATUS_OK) {
vb@0	577	char buf[11];
vb@0	578	snprintf(buf, 11, "%d", status);
vb@215	579	DEBUG_LOG("generating key pair failed", "debug", buf);
Edouard@695	580	if(revoked && r_fpr)
Edouard@695	581	free(r_fpr);
vb@0	582	return status;
vb@0	583	}
edouard@1140	584
edouard@1140	585	new_key_generated = true;
Edouard@560	586
Edouard@695	587	if(revoked)
Edouard@695	588	{
Edouard@695	589	status = set_revoked(session, r_fpr,
Edouard@695	590	identity->fpr, time(NULL));
Edouard@695	591	free(r_fpr);
Edouard@695	592	if (status != PEP_STATUS_OK) {
Edouard@695	593	return status;
Edouard@695	594	}
Edouard@371	595	}
vb@0	596	}
Edouard@560	597	else
Edouard@560	598	{
vb@214	599	bool expired;
Edouard@701	600	status = key_expired(session, identity->fpr,
Edouard@701	601	time(NULL) + (7243600), // In a week
Edouard@701	602	&expired);
Edouard@701	603
vb@214	604	assert(status == PEP_STATUS_OK);
Edouard@499	605	if (status != PEP_STATUS_OK) {
Edouard@588	606	return status;
Edouard@499	607	}
vb@214	608
vb@214	609	if (status == PEP_STATUS_OK && expired) {
vb@214	610	timestamp *ts = new_timestamp(time(NULL) + KEY_EXPIRE_DELTA);
Edouard@560	611	renew_key(session, identity->fpr, ts);
vb@214	612	free_timestamp(ts);
vb@214	613	}
vb@214	614	}
vb@0	615
krista@1353	616	if (!identity->username)
krista@1353	617	identity->username = strdup("");
krista@1353	618
vb@0	619	status = set_identity(session, identity);
vb@0	620	assert(status == PEP_STATUS_OK);
Edouard@499	621	if (status != PEP_STATUS_OK) {
Edouard@588	622	return status;
Edouard@499	623	}
vb@0	624
edouard@1145	625	if(new_key_generated)
edouard@1145	626	{
edouard@1145	627	// if a state machine for keysync is in place, inject notify
edouard@1195	628	status = inject_DeviceState_event(session, KeyGen, NULL, NULL);
edouard@1299	629	if (status == PEP_OUT_OF_MEMORY){
edouard@1299	630	return PEP_OUT_OF_MEMORY;
edouard@1299	631	}
edouard@1145	632	}
edouard@1140	633
vb@0	634	return PEP_STATUS_OK;
Edouard@499	635
vb@0	636	}
vb@0	637
edouard@1385	638	DYNAMIC_API PEP_STATUS myself(PEP_SESSION session, pEp_identity * identity)
edouard@1385	639	{
edouard@1406	640	return _myself(session, identity, true, false);
edouard@1385	641	}
edouard@1385	642
vb@296	643	DYNAMIC_API PEP_STATUS register_examine_function(
vb@292	644	PEP_SESSION session,
vb@292	645	examine_identity_t examine_identity,
vb@292	646	void *management
vb@292	647	)
vb@292	648	{
vb@292	649	assert(session);
vb@292	650	if (!session)
vb@292	651	return PEP_ILLEGAL_VALUE;
vb@292	652
vb@292	653	session->examine_management = management;
vb@292	654	session->examine_identity = examine_identity;
vb@292	655
vb@292	656	return PEP_STATUS_OK;
vb@292	657	}
vb@292	658
vb@0	659	DYNAMIC_API PEP_STATUS do_keymanagement(
vb@0	660	retrieve_next_identity_t retrieve_next_identity,
vb@0	661	void *management
vb@0	662	)
vb@0	663	{
vb@0	664	PEP_SESSION session;
vb@0	665	pEp_identity *identity;
Edouard@499	666	PEP_STATUS status;
vb@0	667
vb@24	668	assert(retrieve_next_identity);
vb@24	669	assert(management);
vb@24	670
Edouard@499	671	if (!retrieve_next_identity \|\| !management)
Edouard@499	672	return PEP_ILLEGAL_VALUE;
Edouard@499	673
Edouard@499	674	status = init(&session);
Edouard@499	675	assert(status == PEP_STATUS_OK);
Edouard@499	676	if (status != PEP_STATUS_OK)
Edouard@499	677	return status;
Edouard@499	678
vb@0	679	log_event(session, "keymanagement thread started", "pEp engine", NULL, NULL);
vb@0	680
Edouard@499	681	while ((identity = retrieve_next_identity(management)))
Edouard@499	682	{
vb@0	683	assert(identity->address);
Edouard@499	684	if(identity->address)
Edouard@499	685	{
Edouard@499	686	DEBUG_LOG("do_keymanagement", "retrieve_next_identity", identity->address);
Edouard@499	687
Edouard@499	688	if (identity->me) {
Edouard@499	689	status = myself(session, identity);
Edouard@499	690	} else {
Edouard@499	691	status = recv_key(session, identity->address);
Edouard@499	692	}
Edouard@499	693
vb@0	694	assert(status != PEP_OUT_OF_MEMORY);
Edouard@499	695	if(status == PEP_OUT_OF_MEMORY)
Edouard@499	696	return PEP_OUT_OF_MEMORY;
vb@0	697	}
vb@0	698	free_identity(identity);
vb@0	699	}
vb@0	700
vb@0	701	log_event(session, "keymanagement thread shutdown", "pEp engine", NULL, NULL);
vb@0	702
vb@0	703	release(session);
vb@0	704	return PEP_STATUS_OK;
vb@0	705	}
vb@0	706
krista@1213	707	DYNAMIC_API PEP_STATUS key_mistrusted(
vb@357	708	PEP_SESSION session,
vb@357	709	pEp_identity *ident
vb@357	710	)
vb@215	711	{
vb@218	712	PEP_STATUS status = PEP_STATUS_OK;
vb@218	713
vb@215	714	assert(session);
vb@357	715	assert(ident);
Edouard@439	716	assert(!EMPTYSTR(ident->fpr));
vb@215	717
vb@357	718	if (!(session && ident && ident->fpr))
vb@215	719	return PEP_ILLEGAL_VALUE;
vb@215	720
vb@357	721	if (ident->me)
Edouard@697	722	{
vb@357	723	revoke_key(session, ident->fpr, NULL);
Edouard@697	724	myself(session, ident);
Edouard@697	725	}
Edouard@697	726	else
Edouard@697	727	{
Edouard@697	728	status = mark_as_compromized(session, ident->fpr);
Edouard@697	729	}
vb@218	730
vb@218	731	return status;
vb@215	732	}
vb@215	733
Edouard@410	734	DYNAMIC_API PEP_STATUS key_reset_trust(
Edouard@410	735	PEP_SESSION session,
Edouard@410	736	pEp_identity *ident
Edouard@410	737	)
Edouard@410	738	{
Edouard@410	739	PEP_STATUS status = PEP_STATUS_OK;
Edouard@410	740
Edouard@410	741	assert(session);
Edouard@410	742	assert(ident);
vb@420	743	assert(!ident->me);
Edouard@439	744	assert(!EMPTYSTR(ident->fpr));
Edouard@439	745	assert(!EMPTYSTR(ident->address));
Edouard@439	746	assert(!EMPTYSTR(ident->user_id));
Edouard@410	747
vb@420	748	if (!(session && ident && !ident->me && ident->fpr && ident->address &&
vb@420	749	ident->user_id))
Edouard@410	750	return PEP_ILLEGAL_VALUE;
Edouard@410	751
vb@420	752	status = update_identity(session, ident);
vb@420	753	if (status != PEP_STATUS_OK)
vb@420	754	return status;
Edouard@410	755
Edouard@442	756	if (ident->comm_type == PEP_ct_mistrusted)
vb@421	757	ident->comm_type = PEP_ct_unknown;
vb@421	758	else
vb@421	759	ident->comm_type &= ~PEP_ct_confirmed;
vb@421	760
vb@420	761	status = set_identity(session, ident);
vb@421	762	if (status != PEP_STATUS_OK)
vb@421	763	return status;
vb@421	764
vb@422	765	if (ident->comm_type == PEP_ct_unknown)
vb@422	766	status = update_identity(session, ident);
Edouard@410	767	return status;
Edouard@410	768	}
Edouard@410	769
vb@354	770	DYNAMIC_API PEP_STATUS trust_personal_key(
vb@354	771	PEP_SESSION session,
vb@354	772	pEp_identity *ident
vb@354	773	)
vb@354	774	{
vb@354	775	PEP_STATUS status = PEP_STATUS_OK;
vb@354	776
vb@354	777	assert(session);
vb@354	778	assert(ident);
Edouard@439	779	assert(!EMPTYSTR(ident->address));
Edouard@439	780	assert(!EMPTYSTR(ident->user_id));
Edouard@439	781	assert(!EMPTYSTR(ident->fpr));
vb@354	782	assert(!ident->me);
vb@354	783
Edouard@439	784	if (!ident \|\| EMPTYSTR(ident->address) \|\| EMPTYSTR(ident->user_id) \|\|
Edouard@439	785	EMPTYSTR(ident->fpr) \|\| ident->me)
vb@354	786	return PEP_ILLEGAL_VALUE;
vb@354	787
vb@354	788	status = update_identity(session, ident);
vb@354	789	if (status != PEP_STATUS_OK)
vb@354	790	return status;
vb@354	791
vb@356	792	if (ident->comm_type > PEP_ct_strong_but_unconfirmed) {
vb@356	793	ident->comm_type \|= PEP_ct_confirmed;
Edouard@488	794	status = set_identity(session, ident);
vb@356	795	}
vb@356	796	else {
vb@356	797	// MISSING: S/MIME has to be handled depending on trusted CAs
vb@370	798	status = PEP_CANNOT_SET_TRUST;
vb@356	799	}
vb@354	800
vb@354	801	return status;
vb@354	802	}
vb@354	803
Edouard@584	804	DYNAMIC_API PEP_STATUS own_key_is_listed(
vb@955	805	PEP_SESSION session,
vb@955	806	const char *fpr,
vb@955	807	bool *listed
vb@955	808	)
Edouard@584	809	{
Edouard@584	810	PEP_STATUS status = PEP_STATUS_OK;
Edouard@584	811	int count;
Edouard@584	812
Edouard@584	813	assert(session && fpr && fpr[0] && listed);
Edouard@584	814
Edouard@584	815	if (!(session && fpr && fpr[0] && listed))
Edouard@584	816	return PEP_ILLEGAL_VALUE;
Edouard@584	817
Edouard@584	818	*listed = false;
Edouard@584	819
Edouard@584	820	sqlite3_reset(session->own_key_is_listed);
Edouard@584	821	sqlite3_bind_text(session->own_key_is_listed, 1, fpr, -1, SQLITE_STATIC);
Edouard@584	822
Edouard@584	823	int result;
Edouard@584	824
Edouard@584	825	result = sqlite3_step(session->own_key_is_listed);
Edouard@584	826	switch (result) {
Edouard@584	827	case SQLITE_ROW:
Edouard@584	828	count = sqlite3_column_int(session->own_key_is_listed, 0);
Edouard@584	829	*listed = count > 0;
Edouard@584	830	status = PEP_STATUS_OK;
Edouard@584	831	break;
Edouard@584	832
Edouard@584	833	default:
Edouard@584	834	status = PEP_UNKNOWN_ERROR;
Edouard@584	835	}
Edouard@584	836
Edouard@584	837	sqlite3_reset(session->own_key_is_listed);
Edouard@584	838	return status;
Edouard@584	839	}
Edouard@584	840
edouard@1412	841	PEP_STATUS _own_identities_retrieve(
vb@955	842	PEP_SESSION session,
edouard@1412	843	identity_list **own_identities,
edouard@1412	844	identity_flags_t excluded_flags
vb@955	845	)
Edouard@584	846	{
Edouard@584	847	PEP_STATUS status = PEP_STATUS_OK;
Edouard@584	848
vb@955	849	assert(session && own_identities);
vb@955	850	if (!(session && own_identities))
Edouard@584	851	return PEP_ILLEGAL_VALUE;
Edouard@584	852
vb@955	853	*own_identities = NULL;
vb@955	854	identity_list *_own_identities = new_identity_list(NULL);
vb@955	855	if (_own_identities == NULL)
Edouard@584	856	goto enomem;
Edouard@584	857
vb@955	858	sqlite3_reset(session->own_identities_retrieve);
Edouard@584	859
Edouard@584	860	int result;
vb@955	861	// address, fpr, username, user_id, comm_type, lang, flags
vb@955	862	const char *address = NULL;
Edouard@584	863	const char *fpr = NULL;
vb@955	864	const char *username = NULL;
vb@955	865	const char *user_id = NULL;
vb@955	866	PEP_comm_type comm_type = PEP_ct_unknown;
vb@955	867	const char *lang = NULL;
vb@955	868	unsigned int flags = 0;
Edouard@584	869
vb@955	870	identity_list *_bl = _own_identities;
Edouard@584	871	do {
edouard@1412	872	sqlite3_bind_int(session->own_identities_retrieve, 1, excluded_flags);
vb@955	873	result = sqlite3_step(session->own_identities_retrieve);
Edouard@584	874	switch (result) {
Edouard@584	875	case SQLITE_ROW:
vb@955	876	address = (const char *)
vb@955	877	sqlite3_column_text(session->own_identities_retrieve, 0);
vb@955	878	fpr = (const char *)
vb@955	879	sqlite3_column_text(session->own_identities_retrieve, 1);
vb@1071	880	user_id = PEP_OWN_USERID;
vb@1071	881	username = (const char *)
vb@955	882	sqlite3_column_text(session->own_identities_retrieve, 2);
vb@1071	883	comm_type = PEP_ct_pEp;
vb@1071	884	lang = (const char *)
vb@955	885	sqlite3_column_text(session->own_identities_retrieve, 3);
vb@1071	886	flags = (unsigned int)
edouard@1444	887	sqlite3_column_int(session->own_identities_retrieve, 4);
vb@955	888
vb@1078	889	pEp_identity *ident = new_identity(address, fpr, user_id, username);
vb@1079	890	if (!ident)
Edouard@584	891	goto enomem;
vb@955	892	ident->comm_type = comm_type;
vb@955	893	if (lang && lang[0]) {
vb@955	894	ident->lang[0] = lang[0];
vb@955	895	ident->lang[1] = lang[1];
vb@1078	896	ident->lang[2] = 0;
vb@955	897	}
vb@1068	898	ident->me = true;
vb@955	899	ident->flags = flags;
vb@955	900
vb@955	901	_bl = identity_list_add(_bl, ident);
vb@1080	902	if (_bl == NULL) {
vb@1080	903	free_identity(ident);
Edouard@584	904	goto enomem;
vb@1080	905	}
Edouard@584	906
Edouard@584	907	break;
Edouard@584	908
Edouard@584	909	case SQLITE_DONE:
Edouard@584	910	break;
Edouard@584	911
Edouard@584	912	default:
Edouard@584	913	status = PEP_UNKNOWN_ERROR;
Edouard@584	914	result = SQLITE_DONE;
Edouard@584	915	}
Edouard@584	916	} while (result != SQLITE_DONE);
Edouard@584	917
vb@955	918	sqlite3_reset(session->own_identities_retrieve);
Edouard@584	919	if (status == PEP_STATUS_OK)
vb@955	920	*own_identities = _own_identities;
Edouard@584	921	else
vb@955	922	free_identity_list(_own_identities);
Edouard@584	923
Edouard@584	924	goto the_end;
Edouard@584	925
Edouard@584	926	enomem:
vb@955	927	free_identity_list(_own_identities);
Edouard@584	928	status = PEP_OUT_OF_MEMORY;
Edouard@584	929
Edouard@584	930	the_end:
Edouard@584	931	return status;
Edouard@584	932	}
vb@955	933
edouard@1412	934	DYNAMIC_API PEP_STATUS own_identities_retrieve(
edouard@1364	935	PEP_SESSION session,
edouard@1412	936	identity_list **own_identities
edouard@1412	937	)
edouard@1412	938	{
edouard@1412	939	return _own_identities_retrieve(session, own_identities, 0);
edouard@1412	940	}
edouard@1412	941
edouard@1412	942	PEP_STATUS _own_keys_retrieve(
edouard@1412	943	PEP_SESSION session,
edouard@1412	944	stringlist_t **keylist,
edouard@1412	945	identity_flags_t excluded_flags
edouard@1364	946	)
edouard@1364	947	{
edouard@1364	948	PEP_STATUS status = PEP_STATUS_OK;
edouard@1364	949
edouard@1364	950	assert(session && keylist);
edouard@1364	951	if (!(session && keylist))
edouard@1364	952	return PEP_ILLEGAL_VALUE;
edouard@1364	953
edouard@1364	954	*keylist = NULL;
edouard@1364	955	stringlist_t *_keylist = NULL;
edouard@1364	956
edouard@1394	957	sqlite3_reset(session->own_keys_retrieve);
edouard@1364	958
edouard@1364	959	int result;
edouard@1364	960	char *fpr = NULL;
edouard@1364	961
edouard@1364	962	stringlist_t *_bl = _keylist;
edouard@1364	963	do {
edouard@1412	964	sqlite3_bind_int(session->own_keys_retrieve, 1, excluded_flags);
edouard@1394	965	result = sqlite3_step(session->own_keys_retrieve);
edouard@1364	966	switch (result) {
edouard@1364	967	case SQLITE_ROW:
edouard@1394	968	fpr = strdup((const char *) sqlite3_column_text(session->own_keys_retrieve, 0));
edouard@1364	969	if(fpr == NULL)
edouard@1364	970	goto enomem;
edouard@1364	971
edouard@1364	972	_bl = stringlist_add(_bl, fpr);
edouard@1364	973	if (_bl == NULL) {
edouard@1364	974	free(fpr);
edouard@1364	975	goto enomem;
edouard@1364	976	}
edouard@1364	977	if (_keylist == NULL)
edouard@1364	978	_keylist = _bl;
edouard@1364	979
edouard@1364	980	break;
edouard@1364	981
edouard@1364	982	case SQLITE_DONE:
edouard@1364	983	break;
edouard@1364	984
edouard@1364	985	default:
edouard@1364	986	status = PEP_UNKNOWN_ERROR;
edouard@1364	987	result = SQLITE_DONE;
edouard@1364	988	}
edouard@1364	989	} while (result != SQLITE_DONE);
edouard@1364	990
edouard@1394	991	sqlite3_reset(session->own_keys_retrieve);
edouard@1364	992	if (status == PEP_STATUS_OK)
edouard@1364	993	*keylist = _keylist;
edouard@1364	994	else
edouard@1364	995	free_stringlist(_keylist);
edouard@1364	996
edouard@1364	997	goto the_end;
edouard@1364	998
edouard@1364	999	enomem:
edouard@1364	1000	free_stringlist(_keylist);
edouard@1364	1001	status = PEP_OUT_OF_MEMORY;
edouard@1364	1002
edouard@1364	1003	the_end:
edouard@1364	1004	return status;
edouard@1364	1005	}
edouard@1364	1006
edouard@1412	1007	DYNAMIC_API PEP_STATUS own_keys_retrieve(PEP_SESSION session, stringlist_t **keylist)
edouard@1412	1008	{
edouard@1412	1009	return _own_keys_retrieve(session, keylist, 0);
edouard@1412	1010	}
edouard@1412	1011
edouard@1394	1012	// TODO: Unused for now, but should be used when sync receive old keys (ENGINE-145)
edouard@1394	1013	DYNAMIC_API PEP_STATUS set_own_key(
edouard@1394	1014	PEP_SESSION session,
edouard@1394	1015	const char *address,
edouard@1394	1016	const char *fpr
edouard@1394	1017	)
edouard@1394	1018	{
edouard@1394	1019	PEP_STATUS status = PEP_STATUS_OK;
edouard@1394	1020
edouard@1394	1021	assert(session &&
edouard@1394	1022	address && address[0] &&
edouard@1394	1023	fpr && fpr[0]
edouard@1394	1024	);
edouard@1394	1025
edouard@1394	1026	if (!(session &&
edouard@1394	1027	address && address[0] &&
edouard@1394	1028	fpr && fpr[0]
edouard@1394	1029	))
edouard@1394	1030	return PEP_ILLEGAL_VALUE;
edouard@1394	1031
edouard@1394	1032	sqlite3_reset(session->set_own_key);
edouard@1394	1033	sqlite3_bind_text(session->set_own_key, 1, address, -1, SQLITE_STATIC);
edouard@1394	1034	sqlite3_bind_text(session->set_own_key, 2, fpr, -1, SQLITE_STATIC);
edouard@1394	1035
edouard@1394	1036	int result;
edouard@1394	1037
edouard@1394	1038	result = sqlite3_step(session->set_own_key);
edouard@1394	1039	switch (result) {
edouard@1394	1040	case SQLITE_DONE:
edouard@1394	1041	status = PEP_STATUS_OK;
edouard@1394	1042	break;
edouard@1394	1043
edouard@1394	1044	default:
edouard@1394	1045	status = PEP_UNKNOWN_ERROR;
edouard@1394	1046	}
edouard@1394	1047
edouard@1394	1048	sqlite3_reset(session->set_own_key);
edouard@1394	1049	return status;
edouard@1394	1050	}
krista@1357	1051
krista@1357	1052	PEP_STATUS contains_priv_key(PEP_SESSION session, const char *fpr,
krista@1357	1053	bool *has_private) {
krista@1357	1054
krista@1357	1055	assert(session);
krista@1357	1056	assert(fpr);
krista@1357	1057	assert(has_private);
krista@1357	1058
krista@1357	1059	if (!(session && fpr && has_private))
krista@1357	1060	return PEP_ILLEGAL_VALUE;
krista@1357	1061
krista@1357	1062	return session->cryptotech[PEP_crypt_OpenPGP].contains_priv_key(session, fpr, has_private);
edouard@1385	1063	}

author	Edouard Tisserant <edouard@pep-project.org>
	Wed, 14 Dec 2016 17:08:28 +0100
changeset 1488	16829200236d
parent 1450	ed4cb23e3932
child 1492	cc9037bf19d2
permissions	-rw-r--r--