repos/pEpEngine: src/keymanagement.c@6f0594ac5f08 (annotated)

vb@130	1	#include "platform.h"
vb@0	2
vb@0	3	#include <string.h>
vb@0	4	#include <stdio.h>
vb@0	5	#include <stdlib.h>
vb@0	6	#include <assert.h>
Edouard@512	7	#include <ctype.h>
vb@0	8
vb@217	9	#include "pEp_internal.h"
vb@0	10	#include "keymanagement.h"
vb@0	11
edouard@1195	12	#include "sync_fsm.h"
krista@1253	13	#include "blacklist.h"
edouard@1195	14
Edouard@439	15	#ifndef EMPTYSTR
roker@500	16	#define EMPTYSTR(STR) ((STR) == NULL \|\| (STR)[0] == '\0')
vb@8	17	#endif
vb@8	18
vb@214	19	#define KEY_EXPIRE_DELTA (60 * 60 * 24 * 365)
vb@214	20
Edouard@774	21	PEP_STATUS elect_pubkey(
Edouard@755	22	PEP_SESSION session, pEp_identity * identity
Edouard@755	23	)
Edouard@755	24	{
Edouard@755	25	PEP_STATUS status;
Edouard@755	26	stringlist_t *keylist;
Edouard@755	27	char *_fpr = NULL;
Edouard@755	28	identity->comm_type = PEP_ct_unknown;
Edouard@755	29
Edouard@755	30	status = find_keys(session, identity->address, &keylist);
Edouard@755	31	assert(status != PEP_OUT_OF_MEMORY);
Edouard@755	32	if (status == PEP_OUT_OF_MEMORY)
Edouard@755	33	return PEP_OUT_OF_MEMORY;
Edouard@755	34
Edouard@755	35	stringlist_t *_keylist;
Edouard@755	36	for (_keylist = keylist; _keylist && _keylist->value; _keylist = _keylist->next) {
Edouard@755	37	PEP_comm_type _comm_type_key;
Edouard@755	38
Edouard@755	39	status = get_key_rating(session, _keylist->value, &_comm_type_key);
Edouard@755	40	assert(status != PEP_OUT_OF_MEMORY);
Edouard@755	41	if (status == PEP_OUT_OF_MEMORY) {
Edouard@755	42	free_stringlist(keylist);
Edouard@755	43	return PEP_OUT_OF_MEMORY;
Edouard@755	44	}
Edouard@755	45
Edouard@755	46	if (_comm_type_key != PEP_ct_compromized &&
Edouard@755	47	_comm_type_key != PEP_ct_unknown)
Edouard@755	48	{
Edouard@755	49	if (identity->comm_type == PEP_ct_unknown \|\|
Edouard@755	50	_comm_type_key > identity->comm_type)
Edouard@755	51	{
krista@1275	52	bool blacklisted;
krista@1275	53	status = blacklist_is_listed(session, _keylist->value, &blacklisted);
krista@1275	54	if (status == PEP_STATUS_OK && !blacklisted) {
krista@1275	55	identity->comm_type = _comm_type_key;
krista@1275	56	_fpr = _keylist->value;
krista@1275	57	}
Edouard@755	58	}
Edouard@755	59	}
Edouard@755	60	}
Edouard@755	61
Edouard@755	62	if (_fpr) {
Edouard@755	63	free(identity->fpr);
Edouard@755	64
Edouard@755	65	identity->fpr = strdup(_fpr);
Edouard@755	66	if (identity->fpr == NULL) {
Edouard@755	67	free_stringlist(keylist);
Edouard@755	68	return PEP_OUT_OF_MEMORY;
Edouard@755	69	}
Edouard@755	70	}
Edouard@755	71	free_stringlist(keylist);
Edouard@755	72	return PEP_STATUS_OK;
Edouard@755	73	}
Edouard@755	74
vb@0	75	DYNAMIC_API PEP_STATUS update_identity(
vb@0	76	PEP_SESSION session, pEp_identity * identity
vb@0	77	)
vb@0	78	{
vb@0	79	pEp_identity *stored_identity;
krista@1224	80	pEp_identity* temp_id = NULL;
vb@0	81	PEP_STATUS status;
vb@0	82
vb@0	83	assert(session);
vb@0	84	assert(identity);
Edouard@439	85	assert(!EMPTYSTR(identity->address));
vb@0	86
Edouard@439	87	if (!(session && identity && !EMPTYSTR(identity->address)))
vb@191	88	return PEP_ILLEGAL_VALUE;
vb@191	89
vb@1078	90	if (identity->me \|\| (identity->user_id && strcmp(identity->user_id, PEP_OWN_USERID) == 0)) {
vb@1078	91	identity->me = true;
vb@1078	92	return myself(session, identity);
vb@1078	93	}
vb@1078	94
Edouard@559	95	int _no_user_id = EMPTYSTR(identity->user_id);
edouard@1164	96	int _did_elect_new_key = 0;
Edouard@559	97
Edouard@559	98	if (_no_user_id)
Edouard@559	99	{
vb@1015	100	status = get_identity(session, identity->address, PEP_OWN_USERID,
vb@1015	101	&stored_identity);
vb@1015	102	if (status == PEP_STATUS_OK) {
vb@1015	103	free_identity(stored_identity);
vb@1015	104	return myself(session, identity);
vb@1015	105	}
vb@1015	106
Edouard@559	107	free(identity->user_id);
Edouard@559	108
vb@591	109	identity->user_id = calloc(1, strlen(identity->address) + 6);
Edouard@562	110	if (!identity->user_id)
Edouard@559	111	{
Edouard@562	112	return PEP_OUT_OF_MEMORY;
Edouard@559	113	}
vb@983	114	snprintf(identity->user_id, strlen(identity->address) + 6,
Edouard@562	115	"TOFU_%s", identity->address);
Edouard@559	116	}
vb@934	117
Edouard@559	118	status = get_identity(session,
Edouard@559	119	identity->address,
Edouard@559	120	identity->user_id,
Edouard@559	121	&stored_identity);
Edouard@559	122
vb@0	123	assert(status != PEP_OUT_OF_MEMORY);
vb@0	124	if (status == PEP_OUT_OF_MEMORY)
Edouard@829	125	goto exit_free;
vb@0	126
krista@1188	127	/* We elect a pubkey first in case there's no acceptable stored fpr */
krista@1224	128	temp_id = identity_dup(identity);
krista@1220	129
krista@1220	130	status = elect_pubkey(session, temp_id);
krista@1185	131	if (status != PEP_STATUS_OK)
krista@1185	132	goto exit_free;
krista@1188	133
vb@14	134	if (stored_identity) {
vb@14	135	PEP_comm_type _comm_type_key;
krista@1188	136
krista@1255	137	bool dont_use_fpr = true;
krista@1220	138
krista@1220	139	/* if we have a stored_identity fpr */
krista@1220	140	if (!EMPTYSTR(stored_identity->fpr)) {
krista@1220	141	status = blacklist_is_listed(session, stored_identity->fpr, &dont_use_fpr);
krista@1220	142	if (status != PEP_STATUS_OK)
krista@1220	143	dont_use_fpr = true;
krista@1220	144	}
krista@1188	145
krista@1220	146
krista@1220	147	if (!dont_use_fpr) {
krista@1220	148	free(temp_id->fpr);
krista@1220	149	temp_id->fpr = strdup(stored_identity->fpr);
krista@1220	150	assert(temp_id->fpr);
krista@1220	151	if (temp_id->fpr == NULL) {
krista@1220	152	status = PEP_OUT_OF_MEMORY;
krista@1188	153	goto exit_free;
krista@1220	154	}
krista@1220	155	}
krista@1220	156	else if (!EMPTYSTR(temp_id->fpr)) {
krista@1220	157	status = blacklist_is_listed(session, temp_id->fpr, &dont_use_fpr);
krista@1188	158	if (dont_use_fpr) {
krista@1220	159	free(temp_id->fpr);
krista@1220	160	temp_id->fpr = strdup("");
krista@1188	161	}
krista@1188	162	else {
krista@1188	163	_did_elect_new_key = 1;
krista@1188	164	}
krista@1188	165	}
krista@1188	166	else {
krista@1220	167	if (temp_id->fpr == NULL)
krista@1220	168	temp_id->fpr = strdup("");
krista@1188	169	}
krista@1188	170
krista@1220	171	/* ok, from here on out, use temp_id */
krista@1220	172
krista@1220	173
krista@1220	174	/* At this point, we either have a non-blacklisted fpr we can work */
krista@1220	175	/* with, or we've got nada. */
krista@1220	176	if (!EMPTYSTR(temp_id->fpr)) {
krista@1220	177	status = get_key_rating(session, temp_id->fpr, &_comm_type_key);
krista@1188	178	assert(status != PEP_OUT_OF_MEMORY);
krista@1188	179	if (status == PEP_OUT_OF_MEMORY)
krista@1188	180	goto exit_free;
krista@1188	181	if (_comm_type_key < PEP_ct_unconfirmed_encryption) {
krista@1220	182	temp_id->comm_type = _comm_type_key;
krista@1188	183	} else{
krista@1220	184	temp_id->comm_type = stored_identity->comm_type;
krista@1220	185	if (temp_id->comm_type == PEP_ct_unknown) {
krista@1220	186	temp_id->comm_type = _comm_type_key;
krista@1188	187	}
krista@1188	188	}
krista@1188	189	}
krista@1243	190	else {
krista@1243	191	/* Set comm_type accordingly */
krista@1243	192	temp_id->comm_type = PEP_ct_key_not_found;
krista@1243	193	}
krista@1243	194
krista@1220	195	if (EMPTYSTR(temp_id->username)) {
krista@1220	196	free(temp_id->username);
krista@1220	197	temp_id->username = strdup(stored_identity->username);
krista@1220	198	assert(temp_id->username);
krista@1220	199	if (temp_id->username == NULL){
Edouard@829	200	status = PEP_OUT_OF_MEMORY;
Edouard@829	201	goto exit_free;
Edouard@829	202	}
vb@22	203	}
vb@22	204
krista@1220	205	if (temp_id->lang[0] == 0) {
krista@1220	206	temp_id->lang[0] = stored_identity->lang[0];
krista@1220	207	temp_id->lang[1] = stored_identity->lang[1];
krista@1220	208	temp_id->lang[2] = 0;
vb@21	209	}
vb@932	210
krista@1220	211	temp_id->flags = stored_identity->flags;
vb@21	212	}
vb@21	213	else /* stored_identity == NULL */ {
krista@1220	214	temp_id->flags = 0;
vb@934	215
krista@1188	216	/* Work with the elected key from above */
krista@1220	217	if (!EMPTYSTR(temp_id->fpr)) {
krista@1196	218
krista@1196	219	bool dont_use_fpr = true;
krista@1220	220	status = blacklist_is_listed(session, temp_id->fpr, &dont_use_fpr);
krista@1196	221	if (status != PEP_STATUS_OK)
krista@1196	222	dont_use_fpr = true;
krista@1196	223
krista@1196	224	if (!dont_use_fpr) {
krista@1196	225	PEP_comm_type _comm_type_key;
vb@21	226
krista@1220	227	status = get_key_rating(session, temp_id->fpr, &_comm_type_key);
krista@1196	228	assert(status != PEP_OUT_OF_MEMORY);
krista@1196	229	if (status == PEP_OUT_OF_MEMORY)
krista@1196	230	goto exit_free;
vb@21	231
krista@1220	232	temp_id->comm_type = _comm_type_key;
krista@1196	233	}
krista@1196	234	else {
krista@1220	235	free(temp_id->fpr);
krista@1220	236	temp_id->fpr = strdup("");
krista@1196	237	}
vb@21	238	}
vb@21	239	}
vb@21	240
krista@1220	241	if (temp_id->fpr == NULL)
krista@1220	242	temp_id->fpr = strdup("");
krista@1193	243
krista@1193	244
vb@21	245	status = PEP_STATUS_OK;
vb@21	246
krista@1220	247	if (temp_id->comm_type != PEP_ct_unknown && !EMPTYSTR(temp_id->user_id)) {
krista@1220	248	assert(!EMPTYSTR(temp_id->username)); // this should not happen
vb@22	249
krista@1220	250	if (EMPTYSTR(temp_id->username)) { // mitigate
krista@1220	251	free(temp_id->username);
krista@1220	252	temp_id->username = strdup("anonymous");
krista@1220	253	assert(temp_id->username);
krista@1220	254	if (temp_id->username == NULL){
Edouard@829	255	status = PEP_OUT_OF_MEMORY;
Edouard@829	256	goto exit_free;
Edouard@829	257	}
vb@0	258	}
vb@8	259
Edouard@755	260	// Identity doesn't get stored if call was just about checking existing
Edouard@755	261	// user by address (i.e. no user id given but already stored)
krista@1223	262	if (!(_no_user_id && stored_identity) \|\| _did_elect_new_key)
Edouard@559	263	{
krista@1220	264	status = set_identity(session, temp_id);
Edouard@559	265	assert(status == PEP_STATUS_OK);
Edouard@559	266	if (status != PEP_STATUS_OK) {
Edouard@829	267	goto exit_free;
Edouard@559	268	}
Edouard@499	269	}
vb@8	270	}
vb@8	271
krista@1220	272	if (temp_id->comm_type != PEP_ct_compromized &&
krista@1220	273	temp_id->comm_type < PEP_ct_strong_but_unconfirmed)
vb@297	274	if (session->examine_identity)
krista@1220	275	session->examine_identity(temp_id, session->examine_management);
krista@1220	276
krista@1220	277	/* ok, we got to the end. So we can assign the output identity */
krista@1220	278	free(identity->address);
krista@1220	279	identity->address = strdup(temp_id->address);
krista@1220	280	free(identity->fpr);
krista@1220	281	identity->fpr = strdup(temp_id->fpr);
krista@1220	282	free(identity->user_id);
krista@1220	283	identity->user_id = strdup(temp_id->user_id);
krista@1220	284	free(identity->username);
krista@1220	285	identity->username = strdup(temp_id->username);
krista@1220	286	identity->comm_type = temp_id->comm_type;
krista@1220	287	identity->lang[0] = temp_id->lang[0];
krista@1220	288	identity->lang[1] = temp_id->lang[1];
krista@1220	289	identity->lang[2] = 0;
krista@1220	290	identity->me = temp_id->me;
krista@1220	291	identity->flags = temp_id->flags;
vb@297	292
Edouard@829	293	exit_free :
Edouard@829	294
Edouard@829	295	if (stored_identity){
Edouard@829	296	free_identity(stored_identity);
Edouard@829	297	}
Edouard@829	298
krista@1220	299	if (temp_id)
krista@1220	300	free_identity(temp_id);
krista@1220	301
vb@8	302	return status;
vb@0	303	}
vb@0	304
Edouard@774	305	PEP_STATUS elect_ownkey(
krista@1194	306	PEP_SESSION session, pEp_identity * identity
Edouard@774	307	)
Edouard@774	308	{
Edouard@774	309	PEP_STATUS status;
Edouard@774	310	stringlist_t *keylist = NULL;
Edouard@774	311
Edouard@774	312	free(identity->fpr);
Edouard@774	313	identity->fpr = NULL;
Edouard@774	314
Edouard@774	315	status = find_keys(session, identity->address, &keylist);
Edouard@774	316	assert(status != PEP_OUT_OF_MEMORY);
Edouard@774	317	if (status == PEP_OUT_OF_MEMORY)
Edouard@774	318	return PEP_OUT_OF_MEMORY;
Edouard@774	319
Edouard@774	320	if (keylist != NULL && keylist->value != NULL)
Edouard@774	321	{
Edouard@774	322	char *_fpr = NULL;
Edouard@774	323	identity->comm_type = PEP_ct_unknown;
Edouard@774	324
Edouard@774	325	stringlist_t *_keylist;
Edouard@774	326	for (_keylist = keylist; _keylist && _keylist->value; _keylist = _keylist->next) {
Edouard@774	327	bool is_own = false;
Edouard@774	328
Edouard@774	329	if (session->use_only_own_private_keys)
Edouard@774	330	{
Edouard@774	331	status = own_key_is_listed(session, _keylist->value, &is_own);
Edouard@774	332	assert(status == PEP_STATUS_OK);
Edouard@774	333	if (status != PEP_STATUS_OK) {
Edouard@774	334	free_stringlist(keylist);
Edouard@774	335	return status;
Edouard@774	336	}
Edouard@774	337	}
Edouard@774	338
Edouard@774	339	// TODO : also accept synchronized device group keys ?
Edouard@774	340
Edouard@774	341	if (!session->use_only_own_private_keys \|\| is_own)
Edouard@774	342	{
Edouard@774	343	PEP_comm_type _comm_type_key;
Edouard@774	344
Edouard@774	345	status = get_key_rating(session, _keylist->value, &_comm_type_key);
Edouard@774	346	assert(status != PEP_OUT_OF_MEMORY);
Edouard@774	347	if (status == PEP_OUT_OF_MEMORY) {
Edouard@774	348	free_stringlist(keylist);
Edouard@774	349	return PEP_OUT_OF_MEMORY;
Edouard@774	350	}
Edouard@774	351
Edouard@774	352	if (_comm_type_key != PEP_ct_compromized &&
Edouard@774	353	_comm_type_key != PEP_ct_unknown)
Edouard@774	354	{
Edouard@774	355	if (identity->comm_type == PEP_ct_unknown \|\|
Edouard@774	356	_comm_type_key > identity->comm_type)
Edouard@774	357	{
Edouard@774	358	identity->comm_type = _comm_type_key;
Edouard@774	359	_fpr = _keylist->value;
Edouard@774	360	}
Edouard@774	361	}
Edouard@774	362	}
Edouard@774	363	}
Edouard@774	364
Edouard@774	365	if (_fpr)
Edouard@774	366	{
Edouard@774	367	identity->fpr = strdup(_fpr);
Edouard@774	368	assert(identity->fpr);
Edouard@774	369	if (identity->fpr == NULL)
Edouard@774	370	{
Edouard@774	371	free_stringlist(keylist);
Edouard@774	372	return PEP_OUT_OF_MEMORY;
Edouard@774	373	}
Edouard@774	374	}
Edouard@774	375	free_stringlist(keylist);
Edouard@774	376	}
Edouard@774	377	return PEP_STATUS_OK;
Edouard@774	378	}
Edouard@774	379
vb@0	380	DYNAMIC_API PEP_STATUS myself(PEP_SESSION session, pEp_identity * identity)
vb@0	381	{
Edouard@560	382	pEp_identity *stored_identity;
vb@0	383	PEP_STATUS status;
vb@0	384
vb@0	385	assert(session);
vb@0	386	assert(identity);
vb@1044	387	assert(!EMPTYSTR(identity->address));
vb@1043	388
Edouard@658	389	assert(EMPTYSTR(identity->user_id) \|\|
Edouard@658	390	strcmp(identity->user_id, PEP_OWN_USERID) == 0);
vb@0	391
vb@1044	392	if (!(session && identity && !EMPTYSTR(identity->address) &&
vb@1043	393	(EMPTYSTR(identity->user_id) \|\|
vb@1043	394	strcmp(identity->user_id, PEP_OWN_USERID) == 0)))
vb@191	395	return PEP_ILLEGAL_VALUE;
vb@191	396
vb@0	397	identity->comm_type = PEP_ct_pEp;
vb@0	398	identity->me = true;
Edouard@658	399
vb@1043	400	if (EMPTYSTR(identity->user_id))
Edouard@658	401	{
Edouard@658	402	free(identity->user_id);
Edouard@658	403	identity->user_id = strdup(PEP_OWN_USERID);
Edouard@658	404	assert(identity->user_id);
Edouard@658	405	if (identity->user_id == NULL)
Edouard@658	406	return PEP_OUT_OF_MEMORY;
Edouard@658	407	}
vb@0	408
vb@215	409	DEBUG_LOG("myself", "debug", identity->address);
vb@1044	410
Edouard@560	411	status = get_identity(session,
Edouard@560	412	identity->address,
Edouard@560	413	identity->user_id,
Edouard@560	414	&stored_identity);
Edouard@560	415
vb@0	416	assert(status != PEP_OUT_OF_MEMORY);
vb@0	417	if (status == PEP_OUT_OF_MEMORY)
vb@0	418	return PEP_OUT_OF_MEMORY;
Edouard@560	419
Edouard@560	420	if (stored_identity)
Edouard@560	421	{
Edouard@560	422	if (EMPTYSTR(identity->fpr)) {
vb@591	423	identity->fpr = strdup(stored_identity->fpr);
Edouard@560	424	assert(identity->fpr);
Edouard@560	425	if (identity->fpr == NULL)
Edouard@560	426	{
Edouard@560	427	return PEP_OUT_OF_MEMORY;
Edouard@560	428	}
Edouard@560	429	}
vb@932	430
vb@932	431	identity->flags = stored_identity->flags;
Edouard@588	432	}
Edouard@588	433	else if (!EMPTYSTR(identity->fpr))
Edouard@588	434	{
Edouard@588	435	// App must have a good reason to give fpr, such as explicit
Edouard@588	436	// import of private key, or similar.
Edouard@588	437
Edouard@658	438	// Take given fpr as-is.
vb@934	439
vb@934	440	identity->flags = 0;
Edouard@560	441	}
Edouard@560	442	else
Edouard@560	443	{
Edouard@774	444	status = elect_ownkey(session, identity);
Edouard@774	445	assert(status == PEP_STATUS_OK);
Edouard@774	446	if (status != PEP_STATUS_OK) {
Edouard@774	447	return status;
Edouard@560	448	}
vb@934	449
vb@934	450	identity->flags = 0;
Edouard@560	451	}
Edouard@695	452
Edouard@695	453	bool revoked = false;
Edouard@695	454	char *r_fpr = NULL;
Edouard@695	455	if (!EMPTYSTR(identity->fpr))
Edouard@695	456	{
Edouard@695	457	status = key_revoked(session, identity->fpr, &revoked);
Edouard@775	458
Edouard@775	459	// Forces re-election if key is missing and own-key-only not forced
Edouard@775	460	if (!session->use_only_own_private_keys && status == PEP_KEY_NOT_FOUND)
Edouard@775	461	{
Edouard@775	462	status = elect_ownkey(session, identity);
Edouard@775	463	assert(status == PEP_STATUS_OK);
Edouard@775	464	if (status != PEP_STATUS_OK) {
Edouard@775	465	return status;
Edouard@775	466	}
Edouard@775	467	}
Edouard@775	468	else if (status != PEP_STATUS_OK)
Edouard@775	469	{
Edouard@695	470	return status;
Edouard@695	471	}
Edouard@695	472	}
edouard@1140	473
edouard@1140	474	bool new_key_generated = false;
edouard@1140	475
Edouard@695	476	if (EMPTYSTR(identity->fpr) \|\| revoked)
Edouard@695	477	{
Edouard@695	478	if(revoked)
Edouard@695	479	{
Edouard@697	480	r_fpr = identity->fpr;
Edouard@697	481	identity->fpr = NULL;
Edouard@695	482	}
Edouard@560	483
vb@215	484	DEBUG_LOG("generating key pair", "debug", identity->address);
vb@0	485	status = generate_keypair(session, identity);
vb@0	486	assert(status != PEP_OUT_OF_MEMORY);
vb@0	487	if (status != PEP_STATUS_OK) {
vb@0	488	char buf[11];
vb@0	489	snprintf(buf, 11, "%d", status);
vb@215	490	DEBUG_LOG("generating key pair failed", "debug", buf);
Edouard@695	491	if(revoked && r_fpr)
Edouard@695	492	free(r_fpr);
vb@0	493	return status;
vb@0	494	}
edouard@1140	495
edouard@1140	496	new_key_generated = true;
Edouard@560	497
Edouard@695	498	if(revoked)
Edouard@695	499	{
Edouard@695	500	status = set_revoked(session, r_fpr,
Edouard@695	501	identity->fpr, time(NULL));
Edouard@695	502	free(r_fpr);
Edouard@695	503	if (status != PEP_STATUS_OK) {
Edouard@695	504	return status;
Edouard@695	505	}
Edouard@371	506	}
vb@0	507	}
Edouard@560	508	else
Edouard@560	509	{
vb@214	510	bool expired;
Edouard@701	511	status = key_expired(session, identity->fpr,
Edouard@701	512	time(NULL) + (7243600), // In a week
Edouard@701	513	&expired);
Edouard@701	514
vb@214	515	assert(status == PEP_STATUS_OK);
Edouard@499	516	if (status != PEP_STATUS_OK) {
Edouard@588	517	return status;
Edouard@499	518	}
vb@214	519
vb@214	520	if (status == PEP_STATUS_OK && expired) {
vb@214	521	timestamp *ts = new_timestamp(time(NULL) + KEY_EXPIRE_DELTA);
Edouard@560	522	renew_key(session, identity->fpr, ts);
vb@214	523	free_timestamp(ts);
vb@214	524	}
vb@214	525	}
vb@0	526
vb@0	527	status = set_identity(session, identity);
vb@0	528	assert(status == PEP_STATUS_OK);
Edouard@499	529	if (status != PEP_STATUS_OK) {
Edouard@588	530	return status;
Edouard@499	531	}
vb@0	532
edouard@1145	533	if(new_key_generated)
edouard@1145	534	{
edouard@1145	535	// if a state machine for keysync is in place, inject notify
edouard@1195	536	status = inject_DeviceState_event(session, KeyGen, NULL, NULL);
edouard@1299	537	if (status == PEP_OUT_OF_MEMORY){
edouard@1299	538	return PEP_OUT_OF_MEMORY;
edouard@1299	539	}
edouard@1145	540	}
edouard@1140	541
vb@0	542	return PEP_STATUS_OK;
Edouard@499	543
vb@0	544	}
vb@0	545
vb@296	546	DYNAMIC_API PEP_STATUS register_examine_function(
vb@292	547	PEP_SESSION session,
vb@292	548	examine_identity_t examine_identity,
vb@292	549	void *management
vb@292	550	)
vb@292	551	{
vb@292	552	assert(session);
vb@292	553	if (!session)
vb@292	554	return PEP_ILLEGAL_VALUE;
vb@292	555
vb@292	556	session->examine_management = management;
vb@292	557	session->examine_identity = examine_identity;
vb@292	558
vb@292	559	return PEP_STATUS_OK;
vb@292	560	}
vb@292	561
vb@0	562	DYNAMIC_API PEP_STATUS do_keymanagement(
vb@0	563	retrieve_next_identity_t retrieve_next_identity,
vb@0	564	void *management
vb@0	565	)
vb@0	566	{
vb@0	567	PEP_SESSION session;
vb@0	568	pEp_identity *identity;
Edouard@499	569	PEP_STATUS status;
vb@0	570
vb@24	571	assert(retrieve_next_identity);
vb@24	572	assert(management);
vb@24	573
Edouard@499	574	if (!retrieve_next_identity \|\| !management)
Edouard@499	575	return PEP_ILLEGAL_VALUE;
Edouard@499	576
Edouard@499	577	status = init(&session);
Edouard@499	578	assert(status == PEP_STATUS_OK);
Edouard@499	579	if (status != PEP_STATUS_OK)
Edouard@499	580	return status;
Edouard@499	581
vb@0	582	log_event(session, "keymanagement thread started", "pEp engine", NULL, NULL);
vb@0	583
Edouard@499	584	while ((identity = retrieve_next_identity(management)))
Edouard@499	585	{
vb@0	586	assert(identity->address);
Edouard@499	587	if(identity->address)
Edouard@499	588	{
Edouard@499	589	DEBUG_LOG("do_keymanagement", "retrieve_next_identity", identity->address);
Edouard@499	590
Edouard@499	591	if (identity->me) {
Edouard@499	592	status = myself(session, identity);
Edouard@499	593	} else {
Edouard@499	594	status = recv_key(session, identity->address);
Edouard@499	595	}
Edouard@499	596
vb@0	597	assert(status != PEP_OUT_OF_MEMORY);
Edouard@499	598	if(status == PEP_OUT_OF_MEMORY)
Edouard@499	599	return PEP_OUT_OF_MEMORY;
vb@0	600	}
vb@0	601	free_identity(identity);
vb@0	602	}
vb@0	603
vb@0	604	log_event(session, "keymanagement thread shutdown", "pEp engine", NULL, NULL);
vb@0	605
vb@0	606	release(session);
vb@0	607	return PEP_STATUS_OK;
vb@0	608	}
vb@0	609
krista@1213	610	DYNAMIC_API PEP_STATUS key_mistrusted(
vb@357	611	PEP_SESSION session,
vb@357	612	pEp_identity *ident
vb@357	613	)
vb@215	614	{
vb@218	615	PEP_STATUS status = PEP_STATUS_OK;
vb@218	616
vb@215	617	assert(session);
vb@357	618	assert(ident);
Edouard@439	619	assert(!EMPTYSTR(ident->fpr));
vb@215	620
vb@357	621	if (!(session && ident && ident->fpr))
vb@215	622	return PEP_ILLEGAL_VALUE;
vb@215	623
vb@357	624	if (ident->me)
Edouard@697	625	{
vb@357	626	revoke_key(session, ident->fpr, NULL);
Edouard@697	627	myself(session, ident);
Edouard@697	628	}
Edouard@697	629	else
Edouard@697	630	{
Edouard@697	631	status = mark_as_compromized(session, ident->fpr);
Edouard@697	632	}
vb@218	633
vb@218	634	return status;
vb@215	635	}
vb@215	636
Edouard@410	637	DYNAMIC_API PEP_STATUS key_reset_trust(
Edouard@410	638	PEP_SESSION session,
Edouard@410	639	pEp_identity *ident
Edouard@410	640	)
Edouard@410	641	{
Edouard@410	642	PEP_STATUS status = PEP_STATUS_OK;
Edouard@410	643
Edouard@410	644	assert(session);
Edouard@410	645	assert(ident);
vb@420	646	assert(!ident->me);
Edouard@439	647	assert(!EMPTYSTR(ident->fpr));
Edouard@439	648	assert(!EMPTYSTR(ident->address));
Edouard@439	649	assert(!EMPTYSTR(ident->user_id));
Edouard@410	650
vb@420	651	if (!(session && ident && !ident->me && ident->fpr && ident->address &&
vb@420	652	ident->user_id))
Edouard@410	653	return PEP_ILLEGAL_VALUE;
Edouard@410	654
vb@420	655	status = update_identity(session, ident);
vb@420	656	if (status != PEP_STATUS_OK)
vb@420	657	return status;
Edouard@410	658
Edouard@442	659	if (ident->comm_type == PEP_ct_mistrusted)
vb@421	660	ident->comm_type = PEP_ct_unknown;
vb@421	661	else
vb@421	662	ident->comm_type &= ~PEP_ct_confirmed;
vb@421	663
vb@420	664	status = set_identity(session, ident);
vb@421	665	if (status != PEP_STATUS_OK)
vb@421	666	return status;
vb@421	667
vb@422	668	if (ident->comm_type == PEP_ct_unknown)
vb@422	669	status = update_identity(session, ident);
Edouard@410	670	return status;
Edouard@410	671	}
Edouard@410	672
vb@354	673	DYNAMIC_API PEP_STATUS trust_personal_key(
vb@354	674	PEP_SESSION session,
vb@354	675	pEp_identity *ident
vb@354	676	)
vb@354	677	{
vb@354	678	PEP_STATUS status = PEP_STATUS_OK;
vb@354	679
vb@354	680	assert(session);
vb@354	681	assert(ident);
Edouard@439	682	assert(!EMPTYSTR(ident->address));
Edouard@439	683	assert(!EMPTYSTR(ident->user_id));
Edouard@439	684	assert(!EMPTYSTR(ident->fpr));
vb@354	685	assert(!ident->me);
vb@354	686
Edouard@439	687	if (!ident \|\| EMPTYSTR(ident->address) \|\| EMPTYSTR(ident->user_id) \|\|
Edouard@439	688	EMPTYSTR(ident->fpr) \|\| ident->me)
vb@354	689	return PEP_ILLEGAL_VALUE;
vb@354	690
vb@354	691	status = update_identity(session, ident);
vb@354	692	if (status != PEP_STATUS_OK)
vb@354	693	return status;
vb@354	694
vb@356	695	if (ident->comm_type > PEP_ct_strong_but_unconfirmed) {
vb@356	696	ident->comm_type \|= PEP_ct_confirmed;
Edouard@488	697	status = set_identity(session, ident);
vb@356	698	}
vb@356	699	else {
vb@356	700	// MISSING: S/MIME has to be handled depending on trusted CAs
vb@370	701	status = PEP_CANNOT_SET_TRUST;
vb@356	702	}
vb@354	703
vb@354	704	return status;
vb@354	705	}
vb@354	706
Edouard@584	707	DYNAMIC_API PEP_STATUS own_key_is_listed(
vb@955	708	PEP_SESSION session,
vb@955	709	const char *fpr,
vb@955	710	bool *listed
vb@955	711	)
Edouard@584	712	{
Edouard@584	713	PEP_STATUS status = PEP_STATUS_OK;
Edouard@584	714	int count;
Edouard@584	715
Edouard@584	716	assert(session && fpr && fpr[0] && listed);
Edouard@584	717
Edouard@584	718	if (!(session && fpr && fpr[0] && listed))
Edouard@584	719	return PEP_ILLEGAL_VALUE;
Edouard@584	720
Edouard@584	721	*listed = false;
Edouard@584	722
Edouard@584	723	sqlite3_reset(session->own_key_is_listed);
Edouard@584	724	sqlite3_bind_text(session->own_key_is_listed, 1, fpr, -1, SQLITE_STATIC);
Edouard@584	725
Edouard@584	726	int result;
Edouard@584	727
Edouard@584	728	result = sqlite3_step(session->own_key_is_listed);
Edouard@584	729	switch (result) {
Edouard@584	730	case SQLITE_ROW:
Edouard@584	731	count = sqlite3_column_int(session->own_key_is_listed, 0);
Edouard@584	732	*listed = count > 0;
Edouard@584	733	status = PEP_STATUS_OK;
Edouard@584	734	break;
Edouard@584	735
Edouard@584	736	default:
Edouard@584	737	status = PEP_UNKNOWN_ERROR;
Edouard@584	738	}
Edouard@584	739
Edouard@584	740	sqlite3_reset(session->own_key_is_listed);
Edouard@584	741	return status;
Edouard@584	742	}
Edouard@584	743
vb@955	744	DYNAMIC_API PEP_STATUS own_identities_retrieve(
vb@955	745	PEP_SESSION session,
vb@955	746	identity_list **own_identities
vb@955	747	)
Edouard@584	748	{
Edouard@584	749	PEP_STATUS status = PEP_STATUS_OK;
Edouard@584	750
vb@955	751	assert(session && own_identities);
vb@955	752	if (!(session && own_identities))
Edouard@584	753	return PEP_ILLEGAL_VALUE;
Edouard@584	754
vb@955	755	*own_identities = NULL;
vb@955	756	identity_list *_own_identities = new_identity_list(NULL);
vb@955	757	if (_own_identities == NULL)
Edouard@584	758	goto enomem;
Edouard@584	759
vb@955	760	sqlite3_reset(session->own_identities_retrieve);
Edouard@584	761
Edouard@584	762	int result;
vb@955	763	// address, fpr, username, user_id, comm_type, lang, flags
vb@955	764	const char *address = NULL;
Edouard@584	765	const char *fpr = NULL;
vb@955	766	const char *username = NULL;
vb@955	767	const char *user_id = NULL;
vb@955	768	PEP_comm_type comm_type = PEP_ct_unknown;
vb@955	769	const char *lang = NULL;
vb@955	770	unsigned int flags = 0;
Edouard@584	771
vb@955	772	identity_list *_bl = _own_identities;
Edouard@584	773	do {
vb@955	774	result = sqlite3_step(session->own_identities_retrieve);
Edouard@584	775	switch (result) {
Edouard@584	776	case SQLITE_ROW:
vb@955	777	address = (const char *)
vb@955	778	sqlite3_column_text(session->own_identities_retrieve, 0);
vb@955	779	fpr = (const char *)
vb@955	780	sqlite3_column_text(session->own_identities_retrieve, 1);
vb@1071	781	user_id = PEP_OWN_USERID;
vb@1071	782	username = (const char *)
vb@955	783	sqlite3_column_text(session->own_identities_retrieve, 2);
vb@1071	784	comm_type = PEP_ct_pEp;
vb@1071	785	lang = (const char *)
vb@955	786	sqlite3_column_text(session->own_identities_retrieve, 3);
vb@1071	787	flags = (unsigned int)
vb@955	788	sqlite3_column_int(session->own_key_is_listed, 4);
vb@955	789
vb@1078	790	pEp_identity *ident = new_identity(address, fpr, user_id, username);
vb@1079	791	if (!ident)
Edouard@584	792	goto enomem;
vb@955	793	ident->comm_type = comm_type;
vb@955	794	if (lang && lang[0]) {
vb@955	795	ident->lang[0] = lang[0];
vb@955	796	ident->lang[1] = lang[1];
vb@1078	797	ident->lang[2] = 0;
vb@955	798	}
vb@1068	799	ident->me = true;
vb@955	800	ident->flags = flags;
vb@955	801
vb@955	802	_bl = identity_list_add(_bl, ident);
vb@1080	803	if (_bl == NULL) {
vb@1080	804	free_identity(ident);
Edouard@584	805	goto enomem;
vb@1080	806	}
Edouard@584	807
Edouard@584	808	break;
Edouard@584	809
Edouard@584	810	case SQLITE_DONE:
Edouard@584	811	break;
Edouard@584	812
Edouard@584	813	default:
Edouard@584	814	status = PEP_UNKNOWN_ERROR;
Edouard@584	815	result = SQLITE_DONE;
Edouard@584	816	}
Edouard@584	817	} while (result != SQLITE_DONE);
Edouard@584	818
vb@955	819	sqlite3_reset(session->own_identities_retrieve);
Edouard@584	820	if (status == PEP_STATUS_OK)
vb@955	821	*own_identities = _own_identities;
Edouard@584	822	else
vb@955	823	free_identity_list(_own_identities);
Edouard@584	824
Edouard@584	825	goto the_end;
Edouard@584	826
Edouard@584	827	enomem:
vb@955	828	free_identity_list(_own_identities);
Edouard@584	829	status = PEP_OUT_OF_MEMORY;
Edouard@584	830
Edouard@584	831	the_end:
Edouard@584	832	return status;
Edouard@584	833	}
vb@955	834

author	Edouard Tisserant <edouard@pep-project.org>
	Tue, 18 Oct 2016 01:32:05 +0200
changeset 1299	6f0594ac5f08
parent 1291	e17f94b55b0c
child 1342	89f45a5a9ae2
permissions	-rw-r--r--