repos/pEpEngine: src/keymanagement.c@239640860531 (annotated)

vb@130	1	#include "platform.h"
vb@0	2
vb@0	3	#include <string.h>
vb@0	4	#include <stdio.h>
vb@0	5	#include <stdlib.h>
vb@0	6	#include <assert.h>
Edouard@512	7	#include <ctype.h>
vb@0	8
vb@217	9	#include "pEp_internal.h"
vb@0	10	#include "keymanagement.h"
vb@0	11
edouard@1195	12	#include "sync_fsm.h"
krista@1253	13	#include "blacklist.h"
edouard@1195	14
Edouard@439	15	#ifndef EMPTYSTR
roker@500	16	#define EMPTYSTR(STR) ((STR) == NULL \|\| (STR)[0] == '\0')
vb@8	17	#endif
vb@8	18
vb@214	19	#define KEY_EXPIRE_DELTA (60 * 60 * 24 * 365)
vb@214	20
Edouard@774	21	PEP_STATUS elect_pubkey(
Edouard@755	22	PEP_SESSION session, pEp_identity * identity
Edouard@755	23	)
Edouard@755	24	{
Edouard@755	25	PEP_STATUS status;
Edouard@755	26	stringlist_t *keylist;
krista@1342	27	char *_fpr = "";
Edouard@755	28	identity->comm_type = PEP_ct_unknown;
Edouard@755	29
Edouard@755	30	status = find_keys(session, identity->address, &keylist);
Edouard@755	31	assert(status != PEP_OUT_OF_MEMORY);
Edouard@755	32	if (status == PEP_OUT_OF_MEMORY)
Edouard@755	33	return PEP_OUT_OF_MEMORY;
Edouard@755	34
Edouard@755	35	stringlist_t *_keylist;
Edouard@755	36	for (_keylist = keylist; _keylist && _keylist->value; _keylist = _keylist->next) {
Edouard@755	37	PEP_comm_type _comm_type_key;
Edouard@755	38
Edouard@755	39	status = get_key_rating(session, _keylist->value, &_comm_type_key);
Edouard@755	40	assert(status != PEP_OUT_OF_MEMORY);
Edouard@755	41	if (status == PEP_OUT_OF_MEMORY) {
Edouard@755	42	free_stringlist(keylist);
Edouard@755	43	return PEP_OUT_OF_MEMORY;
Edouard@755	44	}
Edouard@755	45
Edouard@755	46	if (_comm_type_key != PEP_ct_compromized &&
Edouard@755	47	_comm_type_key != PEP_ct_unknown)
Edouard@755	48	{
Edouard@755	49	if (identity->comm_type == PEP_ct_unknown \|\|
Edouard@755	50	_comm_type_key > identity->comm_type)
Edouard@755	51	{
krista@1275	52	bool blacklisted;
krista@1275	53	status = blacklist_is_listed(session, _keylist->value, &blacklisted);
krista@1275	54	if (status == PEP_STATUS_OK && !blacklisted) {
krista@1275	55	identity->comm_type = _comm_type_key;
krista@1275	56	_fpr = _keylist->value;
krista@1275	57	}
Edouard@755	58	}
Edouard@755	59	}
Edouard@755	60	}
Edouard@755	61
krista@1342	62
krista@1342	63	// if (_fpr) {
krista@1342	64	free(identity->fpr);
Edouard@755	65
krista@1342	66	identity->fpr = strdup(_fpr);
krista@1342	67	if (identity->fpr == NULL) {
krista@1342	68	free_stringlist(keylist);
krista@1342	69	return PEP_OUT_OF_MEMORY;
Edouard@755	70	}
krista@1342	71	// }
Edouard@755	72	free_stringlist(keylist);
Edouard@755	73	return PEP_STATUS_OK;
Edouard@755	74	}
Edouard@755	75
vb@0	76	DYNAMIC_API PEP_STATUS update_identity(
vb@0	77	PEP_SESSION session, pEp_identity * identity
vb@0	78	)
vb@0	79	{
vb@0	80	pEp_identity *stored_identity;
krista@1224	81	pEp_identity* temp_id = NULL;
vb@0	82	PEP_STATUS status;
vb@0	83
vb@0	84	assert(session);
vb@0	85	assert(identity);
Edouard@439	86	assert(!EMPTYSTR(identity->address));
vb@0	87
Edouard@439	88	if (!(session && identity && !EMPTYSTR(identity->address)))
vb@191	89	return PEP_ILLEGAL_VALUE;
vb@191	90
vb@1078	91	if (identity->me \|\| (identity->user_id && strcmp(identity->user_id, PEP_OWN_USERID) == 0)) {
vb@1078	92	identity->me = true;
vb@1078	93	return myself(session, identity);
vb@1078	94	}
vb@1078	95
Edouard@559	96	int _no_user_id = EMPTYSTR(identity->user_id);
edouard@1164	97	int _did_elect_new_key = 0;
Edouard@559	98
Edouard@559	99	if (_no_user_id)
Edouard@559	100	{
vb@1015	101	status = get_identity(session, identity->address, PEP_OWN_USERID,
vb@1015	102	&stored_identity);
vb@1015	103	if (status == PEP_STATUS_OK) {
vb@1015	104	free_identity(stored_identity);
vb@1015	105	return myself(session, identity);
vb@1015	106	}
vb@1015	107
Edouard@559	108	free(identity->user_id);
Edouard@559	109
vb@591	110	identity->user_id = calloc(1, strlen(identity->address) + 6);
Edouard@562	111	if (!identity->user_id)
Edouard@559	112	{
Edouard@562	113	return PEP_OUT_OF_MEMORY;
Edouard@559	114	}
vb@983	115	snprintf(identity->user_id, strlen(identity->address) + 6,
Edouard@562	116	"TOFU_%s", identity->address);
Edouard@559	117	}
vb@934	118
Edouard@559	119	status = get_identity(session,
Edouard@559	120	identity->address,
Edouard@559	121	identity->user_id,
Edouard@559	122	&stored_identity);
Edouard@559	123
vb@0	124	assert(status != PEP_OUT_OF_MEMORY);
vb@0	125	if (status == PEP_OUT_OF_MEMORY)
Edouard@829	126	goto exit_free;
vb@0	127
krista@1188	128	/* We elect a pubkey first in case there's no acceptable stored fpr */
krista@1224	129	temp_id = identity_dup(identity);
krista@1220	130
krista@1220	131	status = elect_pubkey(session, temp_id);
krista@1185	132	if (status != PEP_STATUS_OK)
krista@1185	133	goto exit_free;
krista@1188	134
vb@14	135	if (stored_identity) {
vb@14	136	PEP_comm_type _comm_type_key;
krista@1188	137
krista@1255	138	bool dont_use_fpr = true;
krista@1220	139
krista@1220	140	/* if we have a stored_identity fpr */
krista@1342	141	if (!EMPTYSTR(stored_identity->fpr) && !EMPTYSTR(temp_id->fpr)) {
krista@1220	142	status = blacklist_is_listed(session, stored_identity->fpr, &dont_use_fpr);
krista@1220	143	if (status != PEP_STATUS_OK)
krista@1220	144	dont_use_fpr = true;
krista@1220	145	}
krista@1188	146
krista@1220	147
krista@1220	148	if (!dont_use_fpr) {
krista@1220	149	free(temp_id->fpr);
krista@1220	150	temp_id->fpr = strdup(stored_identity->fpr);
krista@1220	151	assert(temp_id->fpr);
krista@1220	152	if (temp_id->fpr == NULL) {
krista@1220	153	status = PEP_OUT_OF_MEMORY;
krista@1188	154	goto exit_free;
krista@1220	155	}
krista@1220	156	}
krista@1220	157	else if (!EMPTYSTR(temp_id->fpr)) {
krista@1220	158	status = blacklist_is_listed(session, temp_id->fpr, &dont_use_fpr);
krista@1188	159	if (dont_use_fpr) {
krista@1220	160	free(temp_id->fpr);
krista@1220	161	temp_id->fpr = strdup("");
krista@1188	162	}
krista@1188	163	else {
krista@1188	164	_did_elect_new_key = 1;
krista@1188	165	}
krista@1188	166	}
krista@1188	167	else {
krista@1220	168	if (temp_id->fpr == NULL)
krista@1220	169	temp_id->fpr = strdup("");
krista@1188	170	}
krista@1188	171
krista@1220	172	/* ok, from here on out, use temp_id */
krista@1220	173
krista@1220	174
krista@1220	175	/* At this point, we either have a non-blacklisted fpr we can work */
krista@1220	176	/* with, or we've got nada. */
krista@1220	177	if (!EMPTYSTR(temp_id->fpr)) {
krista@1220	178	status = get_key_rating(session, temp_id->fpr, &_comm_type_key);
krista@1188	179	assert(status != PEP_OUT_OF_MEMORY);
krista@1188	180	if (status == PEP_OUT_OF_MEMORY)
krista@1188	181	goto exit_free;
krista@1188	182	if (_comm_type_key < PEP_ct_unconfirmed_encryption) {
krista@1220	183	temp_id->comm_type = _comm_type_key;
krista@1188	184	} else{
krista@1220	185	temp_id->comm_type = stored_identity->comm_type;
krista@1220	186	if (temp_id->comm_type == PEP_ct_unknown) {
krista@1220	187	temp_id->comm_type = _comm_type_key;
krista@1188	188	}
krista@1188	189	}
krista@1188	190	}
krista@1243	191	else {
krista@1243	192	/* Set comm_type accordingly */
krista@1243	193	temp_id->comm_type = PEP_ct_key_not_found;
krista@1243	194	}
krista@1243	195
krista@1220	196	if (EMPTYSTR(temp_id->username)) {
krista@1220	197	free(temp_id->username);
krista@1220	198	temp_id->username = strdup(stored_identity->username);
krista@1220	199	assert(temp_id->username);
krista@1220	200	if (temp_id->username == NULL){
Edouard@829	201	status = PEP_OUT_OF_MEMORY;
Edouard@829	202	goto exit_free;
Edouard@829	203	}
vb@22	204	}
vb@22	205
krista@1220	206	if (temp_id->lang[0] == 0) {
krista@1220	207	temp_id->lang[0] = stored_identity->lang[0];
krista@1220	208	temp_id->lang[1] = stored_identity->lang[1];
krista@1220	209	temp_id->lang[2] = 0;
vb@21	210	}
vb@932	211
krista@1220	212	temp_id->flags = stored_identity->flags;
vb@21	213	}
vb@21	214	else /* stored_identity == NULL */ {
krista@1220	215	temp_id->flags = 0;
vb@934	216
krista@1188	217	/* Work with the elected key from above */
krista@1220	218	if (!EMPTYSTR(temp_id->fpr)) {
krista@1196	219
krista@1196	220	bool dont_use_fpr = true;
krista@1220	221	status = blacklist_is_listed(session, temp_id->fpr, &dont_use_fpr);
krista@1196	222	if (status != PEP_STATUS_OK)
krista@1196	223	dont_use_fpr = true;
krista@1196	224
krista@1196	225	if (!dont_use_fpr) {
krista@1196	226	PEP_comm_type _comm_type_key;
vb@21	227
krista@1220	228	status = get_key_rating(session, temp_id->fpr, &_comm_type_key);
krista@1196	229	assert(status != PEP_OUT_OF_MEMORY);
krista@1196	230	if (status == PEP_OUT_OF_MEMORY)
krista@1196	231	goto exit_free;
vb@21	232
krista@1220	233	temp_id->comm_type = _comm_type_key;
krista@1196	234	}
krista@1196	235	else {
krista@1220	236	free(temp_id->fpr);
krista@1220	237	temp_id->fpr = strdup("");
krista@1196	238	}
vb@21	239	}
vb@21	240	}
vb@21	241
krista@1220	242	if (temp_id->fpr == NULL)
krista@1220	243	temp_id->fpr = strdup("");
krista@1193	244
krista@1193	245
vb@21	246	status = PEP_STATUS_OK;
vb@21	247
krista@1220	248	if (temp_id->comm_type != PEP_ct_unknown && !EMPTYSTR(temp_id->user_id)) {
krista@1220	249	assert(!EMPTYSTR(temp_id->username)); // this should not happen
vb@22	250
krista@1220	251	if (EMPTYSTR(temp_id->username)) { // mitigate
krista@1220	252	free(temp_id->username);
krista@1220	253	temp_id->username = strdup("anonymous");
krista@1220	254	assert(temp_id->username);
krista@1220	255	if (temp_id->username == NULL){
Edouard@829	256	status = PEP_OUT_OF_MEMORY;
Edouard@829	257	goto exit_free;
Edouard@829	258	}
vb@0	259	}
vb@8	260
Edouard@755	261	// Identity doesn't get stored if call was just about checking existing
Edouard@755	262	// user by address (i.e. no user id given but already stored)
krista@1223	263	if (!(_no_user_id && stored_identity) \|\| _did_elect_new_key)
Edouard@559	264	{
krista@1220	265	status = set_identity(session, temp_id);
Edouard@559	266	assert(status == PEP_STATUS_OK);
Edouard@559	267	if (status != PEP_STATUS_OK) {
Edouard@829	268	goto exit_free;
Edouard@559	269	}
Edouard@499	270	}
vb@8	271	}
vb@8	272
krista@1220	273	if (temp_id->comm_type != PEP_ct_compromized &&
krista@1220	274	temp_id->comm_type < PEP_ct_strong_but_unconfirmed)
vb@297	275	if (session->examine_identity)
krista@1220	276	session->examine_identity(temp_id, session->examine_management);
krista@1220	277
krista@1220	278	/* ok, we got to the end. So we can assign the output identity */
krista@1220	279	free(identity->address);
krista@1220	280	identity->address = strdup(temp_id->address);
krista@1220	281	free(identity->fpr);
krista@1220	282	identity->fpr = strdup(temp_id->fpr);
krista@1220	283	free(identity->user_id);
krista@1220	284	identity->user_id = strdup(temp_id->user_id);
krista@1220	285	free(identity->username);
krista@1220	286	identity->username = strdup(temp_id->username);
krista@1220	287	identity->comm_type = temp_id->comm_type;
krista@1220	288	identity->lang[0] = temp_id->lang[0];
krista@1220	289	identity->lang[1] = temp_id->lang[1];
krista@1220	290	identity->lang[2] = 0;
krista@1220	291	identity->me = temp_id->me;
krista@1220	292	identity->flags = temp_id->flags;
vb@297	293
Edouard@829	294	exit_free :
Edouard@829	295
Edouard@829	296	if (stored_identity){
Edouard@829	297	free_identity(stored_identity);
Edouard@829	298	}
Edouard@829	299
krista@1220	300	if (temp_id)
krista@1220	301	free_identity(temp_id);
krista@1220	302
vb@8	303	return status;
vb@0	304	}
vb@0	305
Edouard@774	306	PEP_STATUS elect_ownkey(
krista@1194	307	PEP_SESSION session, pEp_identity * identity
Edouard@774	308	)
Edouard@774	309	{
Edouard@774	310	PEP_STATUS status;
Edouard@774	311	stringlist_t *keylist = NULL;
Edouard@774	312
Edouard@774	313	free(identity->fpr);
Edouard@774	314	identity->fpr = NULL;
Edouard@774	315
Edouard@774	316	status = find_keys(session, identity->address, &keylist);
Edouard@774	317	assert(status != PEP_OUT_OF_MEMORY);
Edouard@774	318	if (status == PEP_OUT_OF_MEMORY)
Edouard@774	319	return PEP_OUT_OF_MEMORY;
Edouard@774	320
Edouard@774	321	if (keylist != NULL && keylist->value != NULL)
Edouard@774	322	{
Edouard@774	323	char *_fpr = NULL;
Edouard@774	324	identity->comm_type = PEP_ct_unknown;
Edouard@774	325
Edouard@774	326	stringlist_t *_keylist;
Edouard@774	327	for (_keylist = keylist; _keylist && _keylist->value; _keylist = _keylist->next) {
Edouard@774	328	bool is_own = false;
Edouard@774	329
Edouard@774	330	if (session->use_only_own_private_keys)
Edouard@774	331	{
Edouard@774	332	status = own_key_is_listed(session, _keylist->value, &is_own);
Edouard@774	333	assert(status == PEP_STATUS_OK);
Edouard@774	334	if (status != PEP_STATUS_OK) {
Edouard@774	335	free_stringlist(keylist);
Edouard@774	336	return status;
Edouard@774	337	}
Edouard@774	338	}
Edouard@774	339
Edouard@774	340	// TODO : also accept synchronized device group keys ?
Edouard@774	341
Edouard@774	342	if (!session->use_only_own_private_keys \|\| is_own)
Edouard@774	343	{
Edouard@774	344	PEP_comm_type _comm_type_key;
Edouard@774	345
Edouard@774	346	status = get_key_rating(session, _keylist->value, &_comm_type_key);
Edouard@774	347	assert(status != PEP_OUT_OF_MEMORY);
Edouard@774	348	if (status == PEP_OUT_OF_MEMORY) {
Edouard@774	349	free_stringlist(keylist);
Edouard@774	350	return PEP_OUT_OF_MEMORY;
Edouard@774	351	}
Edouard@774	352
Edouard@774	353	if (_comm_type_key != PEP_ct_compromized &&
Edouard@774	354	_comm_type_key != PEP_ct_unknown)
Edouard@774	355	{
Edouard@774	356	if (identity->comm_type == PEP_ct_unknown \|\|
Edouard@774	357	_comm_type_key > identity->comm_type)
Edouard@774	358	{
Edouard@774	359	identity->comm_type = _comm_type_key;
Edouard@774	360	_fpr = _keylist->value;
Edouard@774	361	}
Edouard@774	362	}
Edouard@774	363	}
Edouard@774	364	}
Edouard@774	365
Edouard@774	366	if (_fpr)
Edouard@774	367	{
Edouard@774	368	identity->fpr = strdup(_fpr);
Edouard@774	369	assert(identity->fpr);
Edouard@774	370	if (identity->fpr == NULL)
Edouard@774	371	{
Edouard@774	372	free_stringlist(keylist);
Edouard@774	373	return PEP_OUT_OF_MEMORY;
Edouard@774	374	}
Edouard@774	375	}
Edouard@774	376	free_stringlist(keylist);
Edouard@774	377	}
Edouard@774	378	return PEP_STATUS_OK;
Edouard@774	379	}
Edouard@774	380
vb@0	381	DYNAMIC_API PEP_STATUS myself(PEP_SESSION session, pEp_identity * identity)
vb@0	382	{
Edouard@560	383	pEp_identity *stored_identity;
vb@0	384	PEP_STATUS status;
vb@0	385
vb@0	386	assert(session);
vb@0	387	assert(identity);
vb@1044	388	assert(!EMPTYSTR(identity->address));
vb@1043	389
Edouard@658	390	assert(EMPTYSTR(identity->user_id) \|\|
Edouard@658	391	strcmp(identity->user_id, PEP_OWN_USERID) == 0);
vb@0	392
vb@1044	393	if (!(session && identity && !EMPTYSTR(identity->address) &&
vb@1043	394	(EMPTYSTR(identity->user_id) \|\|
vb@1043	395	strcmp(identity->user_id, PEP_OWN_USERID) == 0)))
vb@191	396	return PEP_ILLEGAL_VALUE;
vb@191	397
vb@0	398	identity->comm_type = PEP_ct_pEp;
vb@0	399	identity->me = true;
Edouard@658	400
vb@1043	401	if (EMPTYSTR(identity->user_id))
Edouard@658	402	{
Edouard@658	403	free(identity->user_id);
Edouard@658	404	identity->user_id = strdup(PEP_OWN_USERID);
Edouard@658	405	assert(identity->user_id);
Edouard@658	406	if (identity->user_id == NULL)
Edouard@658	407	return PEP_OUT_OF_MEMORY;
Edouard@658	408	}
vb@0	409
vb@215	410	DEBUG_LOG("myself", "debug", identity->address);
vb@1044	411
Edouard@560	412	status = get_identity(session,
Edouard@560	413	identity->address,
Edouard@560	414	identity->user_id,
Edouard@560	415	&stored_identity);
Edouard@560	416
vb@0	417	assert(status != PEP_OUT_OF_MEMORY);
vb@0	418	if (status == PEP_OUT_OF_MEMORY)
vb@0	419	return PEP_OUT_OF_MEMORY;
Edouard@560	420
Edouard@560	421	if (stored_identity)
Edouard@560	422	{
Edouard@560	423	if (EMPTYSTR(identity->fpr)) {
krista@1352	424
krista@1352	425	// First check to see if it's blacklisted?
krista@1352	426	char* stored_fpr = stored_identity->fpr;
krista@1352	427
krista@1352	428	bool dont_use_fpr = false;
krista@1352	429
krista@1352	430	status = blacklist_is_listed(session, stored_fpr, &dont_use_fpr);
krista@1352	431	if (!dont_use_fpr) {
krista@1352	432	// Make sure there is a private key associated with this fpr
krista@1352	433	}
krista@1352	434
vb@591	435	identity->fpr = strdup(stored_identity->fpr);
Edouard@560	436	assert(identity->fpr);
Edouard@560	437	if (identity->fpr == NULL)
Edouard@560	438	{
Edouard@560	439	return PEP_OUT_OF_MEMORY;
Edouard@560	440	}
Edouard@560	441	}
vb@932	442
vb@932	443	identity->flags = stored_identity->flags;
Edouard@588	444	}
Edouard@588	445	else if (!EMPTYSTR(identity->fpr))
Edouard@588	446	{
Edouard@588	447	// App must have a good reason to give fpr, such as explicit
Edouard@588	448	// import of private key, or similar.
Edouard@588	449
Edouard@658	450	// Take given fpr as-is.
vb@934	451
vb@934	452	identity->flags = 0;
Edouard@560	453	}
Edouard@560	454	else
Edouard@560	455	{
Edouard@774	456	status = elect_ownkey(session, identity);
Edouard@774	457	assert(status == PEP_STATUS_OK);
Edouard@774	458	if (status != PEP_STATUS_OK) {
Edouard@774	459	return status;
Edouard@560	460	}
vb@934	461
vb@934	462	identity->flags = 0;
Edouard@560	463	}
Edouard@695	464
Edouard@695	465	bool revoked = false;
Edouard@695	466	char *r_fpr = NULL;
Edouard@695	467	if (!EMPTYSTR(identity->fpr))
Edouard@695	468	{
Edouard@695	469	status = key_revoked(session, identity->fpr, &revoked);
Edouard@775	470
Edouard@775	471	// Forces re-election if key is missing and own-key-only not forced
Edouard@775	472	if (!session->use_only_own_private_keys && status == PEP_KEY_NOT_FOUND)
Edouard@775	473	{
Edouard@775	474	status = elect_ownkey(session, identity);
Edouard@775	475	assert(status == PEP_STATUS_OK);
Edouard@775	476	if (status != PEP_STATUS_OK) {
Edouard@775	477	return status;
Edouard@775	478	}
Edouard@775	479	}
Edouard@775	480	else if (status != PEP_STATUS_OK)
Edouard@775	481	{
Edouard@695	482	return status;
Edouard@695	483	}
Edouard@695	484	}
edouard@1140	485
edouard@1140	486	bool new_key_generated = false;
edouard@1140	487
Edouard@695	488	if (EMPTYSTR(identity->fpr) \|\| revoked)
Edouard@695	489	{
Edouard@695	490	if(revoked)
Edouard@695	491	{
Edouard@697	492	r_fpr = identity->fpr;
Edouard@697	493	identity->fpr = NULL;
Edouard@695	494	}
Edouard@560	495
vb@215	496	DEBUG_LOG("generating key pair", "debug", identity->address);
vb@0	497	status = generate_keypair(session, identity);
vb@0	498	assert(status != PEP_OUT_OF_MEMORY);
vb@0	499	if (status != PEP_STATUS_OK) {
vb@0	500	char buf[11];
vb@0	501	snprintf(buf, 11, "%d", status);
vb@215	502	DEBUG_LOG("generating key pair failed", "debug", buf);
Edouard@695	503	if(revoked && r_fpr)
Edouard@695	504	free(r_fpr);
vb@0	505	return status;
vb@0	506	}
edouard@1140	507
edouard@1140	508	new_key_generated = true;
Edouard@560	509
Edouard@695	510	if(revoked)
Edouard@695	511	{
Edouard@695	512	status = set_revoked(session, r_fpr,
Edouard@695	513	identity->fpr, time(NULL));
Edouard@695	514	free(r_fpr);
Edouard@695	515	if (status != PEP_STATUS_OK) {
Edouard@695	516	return status;
Edouard@695	517	}
Edouard@371	518	}
vb@0	519	}
Edouard@560	520	else
Edouard@560	521	{
vb@214	522	bool expired;
Edouard@701	523	status = key_expired(session, identity->fpr,
Edouard@701	524	time(NULL) + (7243600), // In a week
Edouard@701	525	&expired);
Edouard@701	526
vb@214	527	assert(status == PEP_STATUS_OK);
Edouard@499	528	if (status != PEP_STATUS_OK) {
Edouard@588	529	return status;
Edouard@499	530	}
vb@214	531
vb@214	532	if (status == PEP_STATUS_OK && expired) {
vb@214	533	timestamp *ts = new_timestamp(time(NULL) + KEY_EXPIRE_DELTA);
Edouard@560	534	renew_key(session, identity->fpr, ts);
vb@214	535	free_timestamp(ts);
vb@214	536	}
vb@214	537	}
vb@0	538
vb@0	539	status = set_identity(session, identity);
vb@0	540	assert(status == PEP_STATUS_OK);
Edouard@499	541	if (status != PEP_STATUS_OK) {
Edouard@588	542	return status;
Edouard@499	543	}
vb@0	544
edouard@1145	545	if(new_key_generated)
edouard@1145	546	{
edouard@1145	547	// if a state machine for keysync is in place, inject notify
edouard@1195	548	status = inject_DeviceState_event(session, KeyGen, NULL, NULL);
edouard@1299	549	if (status == PEP_OUT_OF_MEMORY){
edouard@1299	550	return PEP_OUT_OF_MEMORY;
edouard@1299	551	}
edouard@1145	552	}
edouard@1140	553
vb@0	554	return PEP_STATUS_OK;
Edouard@499	555
vb@0	556	}
vb@0	557
vb@296	558	DYNAMIC_API PEP_STATUS register_examine_function(
vb@292	559	PEP_SESSION session,
vb@292	560	examine_identity_t examine_identity,
vb@292	561	void *management
vb@292	562	)
vb@292	563	{
vb@292	564	assert(session);
vb@292	565	if (!session)
vb@292	566	return PEP_ILLEGAL_VALUE;
vb@292	567
vb@292	568	session->examine_management = management;
vb@292	569	session->examine_identity = examine_identity;
vb@292	570
vb@292	571	return PEP_STATUS_OK;
vb@292	572	}
vb@292	573
vb@0	574	DYNAMIC_API PEP_STATUS do_keymanagement(
vb@0	575	retrieve_next_identity_t retrieve_next_identity,
vb@0	576	void *management
vb@0	577	)
vb@0	578	{
vb@0	579	PEP_SESSION session;
vb@0	580	pEp_identity *identity;
Edouard@499	581	PEP_STATUS status;
vb@0	582
vb@24	583	assert(retrieve_next_identity);
vb@24	584	assert(management);
vb@24	585
Edouard@499	586	if (!retrieve_next_identity \|\| !management)
Edouard@499	587	return PEP_ILLEGAL_VALUE;
Edouard@499	588
Edouard@499	589	status = init(&session);
Edouard@499	590	assert(status == PEP_STATUS_OK);
Edouard@499	591	if (status != PEP_STATUS_OK)
Edouard@499	592	return status;
Edouard@499	593
vb@0	594	log_event(session, "keymanagement thread started", "pEp engine", NULL, NULL);
vb@0	595
Edouard@499	596	while ((identity = retrieve_next_identity(management)))
Edouard@499	597	{
vb@0	598	assert(identity->address);
Edouard@499	599	if(identity->address)
Edouard@499	600	{
Edouard@499	601	DEBUG_LOG("do_keymanagement", "retrieve_next_identity", identity->address);
Edouard@499	602
Edouard@499	603	if (identity->me) {
Edouard@499	604	status = myself(session, identity);
Edouard@499	605	} else {
Edouard@499	606	status = recv_key(session, identity->address);
Edouard@499	607	}
Edouard@499	608
vb@0	609	assert(status != PEP_OUT_OF_MEMORY);
Edouard@499	610	if(status == PEP_OUT_OF_MEMORY)
Edouard@499	611	return PEP_OUT_OF_MEMORY;
vb@0	612	}
vb@0	613	free_identity(identity);
vb@0	614	}
vb@0	615
vb@0	616	log_event(session, "keymanagement thread shutdown", "pEp engine", NULL, NULL);
vb@0	617
vb@0	618	release(session);
vb@0	619	return PEP_STATUS_OK;
vb@0	620	}
vb@0	621
krista@1213	622	DYNAMIC_API PEP_STATUS key_mistrusted(
vb@357	623	PEP_SESSION session,
vb@357	624	pEp_identity *ident
vb@357	625	)
vb@215	626	{
vb@218	627	PEP_STATUS status = PEP_STATUS_OK;
vb@218	628
vb@215	629	assert(session);
vb@357	630	assert(ident);
Edouard@439	631	assert(!EMPTYSTR(ident->fpr));
vb@215	632
vb@357	633	if (!(session && ident && ident->fpr))
vb@215	634	return PEP_ILLEGAL_VALUE;
vb@215	635
vb@357	636	if (ident->me)
Edouard@697	637	{
vb@357	638	revoke_key(session, ident->fpr, NULL);
Edouard@697	639	myself(session, ident);
Edouard@697	640	}
Edouard@697	641	else
Edouard@697	642	{
Edouard@697	643	status = mark_as_compromized(session, ident->fpr);
Edouard@697	644	}
vb@218	645
vb@218	646	return status;
vb@215	647	}
vb@215	648
Edouard@410	649	DYNAMIC_API PEP_STATUS key_reset_trust(
Edouard@410	650	PEP_SESSION session,
Edouard@410	651	pEp_identity *ident
Edouard@410	652	)
Edouard@410	653	{
Edouard@410	654	PEP_STATUS status = PEP_STATUS_OK;
Edouard@410	655
Edouard@410	656	assert(session);
Edouard@410	657	assert(ident);
vb@420	658	assert(!ident->me);
Edouard@439	659	assert(!EMPTYSTR(ident->fpr));
Edouard@439	660	assert(!EMPTYSTR(ident->address));
Edouard@439	661	assert(!EMPTYSTR(ident->user_id));
Edouard@410	662
vb@420	663	if (!(session && ident && !ident->me && ident->fpr && ident->address &&
vb@420	664	ident->user_id))
Edouard@410	665	return PEP_ILLEGAL_VALUE;
Edouard@410	666
vb@420	667	status = update_identity(session, ident);
vb@420	668	if (status != PEP_STATUS_OK)
vb@420	669	return status;
Edouard@410	670
Edouard@442	671	if (ident->comm_type == PEP_ct_mistrusted)
vb@421	672	ident->comm_type = PEP_ct_unknown;
vb@421	673	else
vb@421	674	ident->comm_type &= ~PEP_ct_confirmed;
vb@421	675
vb@420	676	status = set_identity(session, ident);
vb@421	677	if (status != PEP_STATUS_OK)
vb@421	678	return status;
vb@421	679
vb@422	680	if (ident->comm_type == PEP_ct_unknown)
vb@422	681	status = update_identity(session, ident);
Edouard@410	682	return status;
Edouard@410	683	}
Edouard@410	684
vb@354	685	DYNAMIC_API PEP_STATUS trust_personal_key(
vb@354	686	PEP_SESSION session,
vb@354	687	pEp_identity *ident
vb@354	688	)
vb@354	689	{
vb@354	690	PEP_STATUS status = PEP_STATUS_OK;
vb@354	691
vb@354	692	assert(session);
vb@354	693	assert(ident);
Edouard@439	694	assert(!EMPTYSTR(ident->address));
Edouard@439	695	assert(!EMPTYSTR(ident->user_id));
Edouard@439	696	assert(!EMPTYSTR(ident->fpr));
vb@354	697	assert(!ident->me);
vb@354	698
Edouard@439	699	if (!ident \|\| EMPTYSTR(ident->address) \|\| EMPTYSTR(ident->user_id) \|\|
Edouard@439	700	EMPTYSTR(ident->fpr) \|\| ident->me)
vb@354	701	return PEP_ILLEGAL_VALUE;
vb@354	702
vb@354	703	status = update_identity(session, ident);
vb@354	704	if (status != PEP_STATUS_OK)
vb@354	705	return status;
vb@354	706
vb@356	707	if (ident->comm_type > PEP_ct_strong_but_unconfirmed) {
vb@356	708	ident->comm_type \|= PEP_ct_confirmed;
Edouard@488	709	status = set_identity(session, ident);
vb@356	710	}
vb@356	711	else {
vb@356	712	// MISSING: S/MIME has to be handled depending on trusted CAs
vb@370	713	status = PEP_CANNOT_SET_TRUST;
vb@356	714	}
vb@354	715
vb@354	716	return status;
vb@354	717	}
vb@354	718
Edouard@584	719	DYNAMIC_API PEP_STATUS own_key_is_listed(
vb@955	720	PEP_SESSION session,
vb@955	721	const char *fpr,
vb@955	722	bool *listed
vb@955	723	)
Edouard@584	724	{
Edouard@584	725	PEP_STATUS status = PEP_STATUS_OK;
Edouard@584	726	int count;
Edouard@584	727
Edouard@584	728	assert(session && fpr && fpr[0] && listed);
Edouard@584	729
Edouard@584	730	if (!(session && fpr && fpr[0] && listed))
Edouard@584	731	return PEP_ILLEGAL_VALUE;
Edouard@584	732
Edouard@584	733	*listed = false;
Edouard@584	734
Edouard@584	735	sqlite3_reset(session->own_key_is_listed);
Edouard@584	736	sqlite3_bind_text(session->own_key_is_listed, 1, fpr, -1, SQLITE_STATIC);
Edouard@584	737
Edouard@584	738	int result;
Edouard@584	739
Edouard@584	740	result = sqlite3_step(session->own_key_is_listed);
Edouard@584	741	switch (result) {
Edouard@584	742	case SQLITE_ROW:
Edouard@584	743	count = sqlite3_column_int(session->own_key_is_listed, 0);
Edouard@584	744	*listed = count > 0;
Edouard@584	745	status = PEP_STATUS_OK;
Edouard@584	746	break;
Edouard@584	747
Edouard@584	748	default:
Edouard@584	749	status = PEP_UNKNOWN_ERROR;
Edouard@584	750	}
Edouard@584	751
Edouard@584	752	sqlite3_reset(session->own_key_is_listed);
Edouard@584	753	return status;
Edouard@584	754	}
Edouard@584	755
vb@955	756	DYNAMIC_API PEP_STATUS own_identities_retrieve(
vb@955	757	PEP_SESSION session,
vb@955	758	identity_list **own_identities
vb@955	759	)
Edouard@584	760	{
Edouard@584	761	PEP_STATUS status = PEP_STATUS_OK;
Edouard@584	762
vb@955	763	assert(session && own_identities);
vb@955	764	if (!(session && own_identities))
Edouard@584	765	return PEP_ILLEGAL_VALUE;
Edouard@584	766
vb@955	767	*own_identities = NULL;
vb@955	768	identity_list *_own_identities = new_identity_list(NULL);
vb@955	769	if (_own_identities == NULL)
Edouard@584	770	goto enomem;
Edouard@584	771
vb@955	772	sqlite3_reset(session->own_identities_retrieve);
Edouard@584	773
Edouard@584	774	int result;
vb@955	775	// address, fpr, username, user_id, comm_type, lang, flags
vb@955	776	const char *address = NULL;
Edouard@584	777	const char *fpr = NULL;
vb@955	778	const char *username = NULL;
vb@955	779	const char *user_id = NULL;
vb@955	780	PEP_comm_type comm_type = PEP_ct_unknown;
vb@955	781	const char *lang = NULL;
vb@955	782	unsigned int flags = 0;
Edouard@584	783
vb@955	784	identity_list *_bl = _own_identities;
Edouard@584	785	do {
vb@955	786	result = sqlite3_step(session->own_identities_retrieve);
Edouard@584	787	switch (result) {
Edouard@584	788	case SQLITE_ROW:
vb@955	789	address = (const char *)
vb@955	790	sqlite3_column_text(session->own_identities_retrieve, 0);
vb@955	791	fpr = (const char *)
vb@955	792	sqlite3_column_text(session->own_identities_retrieve, 1);
vb@1071	793	user_id = PEP_OWN_USERID;
vb@1071	794	username = (const char *)
vb@955	795	sqlite3_column_text(session->own_identities_retrieve, 2);
vb@1071	796	comm_type = PEP_ct_pEp;
vb@1071	797	lang = (const char *)
vb@955	798	sqlite3_column_text(session->own_identities_retrieve, 3);
vb@1071	799	flags = (unsigned int)
vb@955	800	sqlite3_column_int(session->own_key_is_listed, 4);
vb@955	801
vb@1078	802	pEp_identity *ident = new_identity(address, fpr, user_id, username);
vb@1079	803	if (!ident)
Edouard@584	804	goto enomem;
vb@955	805	ident->comm_type = comm_type;
vb@955	806	if (lang && lang[0]) {
vb@955	807	ident->lang[0] = lang[0];
vb@955	808	ident->lang[1] = lang[1];
vb@1078	809	ident->lang[2] = 0;
vb@955	810	}
vb@1068	811	ident->me = true;
vb@955	812	ident->flags = flags;
vb@955	813
vb@955	814	_bl = identity_list_add(_bl, ident);
vb@1080	815	if (_bl == NULL) {
vb@1080	816	free_identity(ident);
Edouard@584	817	goto enomem;
vb@1080	818	}
Edouard@584	819
Edouard@584	820	break;
Edouard@584	821
Edouard@584	822	case SQLITE_DONE:
Edouard@584	823	break;
Edouard@584	824
Edouard@584	825	default:
Edouard@584	826	status = PEP_UNKNOWN_ERROR;
Edouard@584	827	result = SQLITE_DONE;
Edouard@584	828	}
Edouard@584	829	} while (result != SQLITE_DONE);
Edouard@584	830
vb@955	831	sqlite3_reset(session->own_identities_retrieve);
Edouard@584	832	if (status == PEP_STATUS_OK)
vb@955	833	*own_identities = _own_identities;
Edouard@584	834	else
vb@955	835	free_identity_list(_own_identities);
Edouard@584	836
Edouard@584	837	goto the_end;
Edouard@584	838
Edouard@584	839	enomem:
vb@955	840	free_identity_list(_own_identities);
Edouard@584	841	status = PEP_OUT_OF_MEMORY;
Edouard@584	842
Edouard@584	843	the_end:
Edouard@584	844	return status;
Edouard@584	845	}
vb@955	846

author	Krista Grothoff <krista@pep-project.org>
	Sun, 06 Nov 2016 22:55:37 +0100
branch	ENGINE-84
changeset 1352	239640860531
parent 1342	89f45a5a9ae2
child 1357	b1677cd84729
permissions	-rw-r--r--