repos/pEpEngine: src/keymanagement.c@947ce71ed741 (annotated)

vb@130	1	#include "platform.h"
vb@0	2
vb@0	3	#include <string.h>
vb@0	4	#include <stdio.h>
vb@0	5	#include <stdlib.h>
vb@0	6	#include <assert.h>
vb@0	7
vb@217	8	#include "pEp_internal.h"
vb@0	9	#include "keymanagement.h"
vb@0	10
vb@0	11	#ifndef MIN
vb@0	12	#define MIN(A, B) ((B) > (A) ? (A) : (B))
vb@0	13	#endif
vb@0	14
vb@8	15	#ifndef EMPTY
vb@8	16	#define EMPTY(STR) ((STR == NULL) \|\| (STR)[0] == 0)
vb@8	17	#endif
vb@8	18
vb@214	19	#define KEY_EXPIRE_DELTA (60 * 60 * 24 * 365)
vb@214	20
vb@0	21	DYNAMIC_API PEP_STATUS update_identity(
vb@0	22	PEP_SESSION session, pEp_identity * identity
vb@0	23	)
vb@0	24	{
vb@0	25	pEp_identity *stored_identity;
vb@0	26	PEP_STATUS status;
vb@0	27
vb@0	28	assert(session);
vb@0	29	assert(identity);
vb@21	30	assert(!EMPTY(identity->address));
vb@0	31
vb@191	32	if (!(session && identity && !EMPTY(identity->address)))
vb@191	33	return PEP_ILLEGAL_VALUE;
vb@191	34
vb@0	35	status = get_identity(session, identity->address, &stored_identity);
vb@0	36	assert(status != PEP_OUT_OF_MEMORY);
vb@0	37	if (status == PEP_OUT_OF_MEMORY)
vb@0	38	return PEP_OUT_OF_MEMORY;
vb@0	39
vb@14	40	if (stored_identity) {
vb@14	41	PEP_comm_type _comm_type_key;
vb@14	42	status = get_key_rating(session, stored_identity->fpr, &_comm_type_key);
vb@14	43	assert(status != PEP_OUT_OF_MEMORY);
vb@14	44	if (status == PEP_OUT_OF_MEMORY)
vb@14	45	return PEP_OUT_OF_MEMORY;
vb@10	46
vb@22	47	if (EMPTY(identity->user_id)) {
vb@22	48	free(identity->user_id);
vb@22	49	identity->user_id = strdup(stored_identity->user_id);
vb@22	50	if (identity->user_id == NULL)
vb@22	51	return PEP_OUT_OF_MEMORY;
vb@22	52	identity->user_id_size = stored_identity->user_id_size;
vb@22	53	}
vb@22	54
vb@22	55	if (EMPTY(identity->username)) {
vb@22	56	free(identity->username);
vb@22	57	identity->username = strdup(stored_identity->username);
vb@22	58	if (identity->username == NULL)
vb@22	59	return PEP_OUT_OF_MEMORY;
vb@22	60	identity->username_size = stored_identity->username_size;
vb@22	61	}
vb@22	62
vb@8	63	if (EMPTY(identity->fpr)) {
vb@8	64	identity->fpr = strdup(stored_identity->fpr);
vb@8	65	assert(identity->fpr);
vb@8	66	if (identity->fpr == NULL)
vb@8	67	return PEP_OUT_OF_MEMORY;
Edouard@406	68	identity->fpr_size = stored_identity->fpr_size;
vb@14	69	if (_comm_type_key < PEP_ct_unconfirmed_encryption) {
vb@14	70	identity->comm_type = _comm_type_key;
vb@14	71	}
vb@14	72	else {
vb@14	73	identity->comm_type = stored_identity->comm_type;
vb@14	74	}
vb@8	75	}
vb@8	76	else /* !EMPTY(identity->fpr) */ {
vb@14	77	if (_comm_type_key != PEP_ct_unknown) {
vb@14	78	if (_comm_type_key < PEP_ct_unconfirmed_encryption) {
vb@14	79	identity->comm_type = _comm_type_key;
vb@14	80	}
vb@14	81	else if (identity->comm_type == PEP_ct_unknown) {
vb@8	82	if (strcmp(identity->fpr, stored_identity->fpr) == 0) {
vb@8	83	identity->comm_type = stored_identity->comm_type;
vb@8	84	}
vb@8	85	else {
vb@8	86	status = get_trust(session, identity);
vb@8	87	assert(status != PEP_OUT_OF_MEMORY);
vb@8	88	if (status == PEP_OUT_OF_MEMORY)
vb@8	89	return PEP_OUT_OF_MEMORY;
vb@8	90	}
vb@8	91	}
vb@8	92	}
vb@8	93	else
vb@8	94	identity->comm_type = PEP_ct_unknown;
vb@8	95	}
vb@8	96
vb@21	97	if (identity->lang[0] == 0) {
vb@21	98	identity->lang[0] = stored_identity->lang[0];
vb@21	99	identity->lang[1] = stored_identity->lang[1];
vb@21	100	identity->lang[2] = 0;
vb@21	101	}
vb@21	102	}
vb@21	103	else /* stored_identity == NULL */ {
vb@21	104	if (!EMPTY(identity->fpr)) {
vb@21	105	PEP_comm_type _comm_type_key;
vb@21	106
vb@21	107	status = get_key_rating(session, identity->fpr, &_comm_type_key);
vb@21	108	assert(status != PEP_OUT_OF_MEMORY);
vb@21	109	if (status == PEP_OUT_OF_MEMORY)
vb@21	110	return PEP_OUT_OF_MEMORY;
vb@21	111
vb@21	112	identity->comm_type = _comm_type_key;
vb@21	113	}
vb@21	114	else /* EMPTY(identity->fpr) */ {
vb@21	115	PEP_STATUS status;
vb@21	116	stringlist_t *keylist;
vb@21	117	char *_fpr = NULL;
vb@21	118	identity->comm_type = PEP_ct_unknown;
vb@21	119
vb@21	120	status = find_keys(session, identity->address, &keylist);
vb@21	121	assert(status != PEP_OUT_OF_MEMORY);
vb@21	122	if (status == PEP_OUT_OF_MEMORY)
vb@21	123	return PEP_OUT_OF_MEMORY;
vb@21	124
vb@21	125	stringlist_t *_keylist;
vb@21	126	for (_keylist = keylist; _keylist && _keylist->value; _keylist = _keylist->next) {
vb@21	127	PEP_comm_type _comm_type_key;
vb@21	128
vb@21	129	status = get_key_rating(session, _keylist->value, &_comm_type_key);
vb@21	130	assert(status != PEP_OUT_OF_MEMORY);
vb@21	131	if (status == PEP_OUT_OF_MEMORY) {
vb@21	132	free_stringlist(keylist);
vb@21	133	return PEP_OUT_OF_MEMORY;
vb@21	134	}
vb@21	135
vb@21	136	if (identity->comm_type == PEP_ct_unknown) {
vb@21	137	if (_comm_type_key != PEP_ct_compromized && _comm_type_key != PEP_ct_unknown) {
vb@21	138	identity->comm_type = _comm_type_key;
vb@21	139	_fpr = _keylist->value;
vb@21	140	}
vb@21	141	}
vb@21	142	else {
vb@21	143	if (_comm_type_key != PEP_ct_compromized && _comm_type_key != PEP_ct_unknown) {
vb@21	144	if (_comm_type_key > identity->comm_type) {
vb@21	145	identity->comm_type = _comm_type_key;
vb@21	146	_fpr = _keylist->value;
vb@21	147	}
vb@21	148	}
vb@21	149	}
vb@21	150	}
vb@21	151
vb@21	152	if (_fpr) {
vb@21	153	free(identity->fpr);
vb@21	154
vb@21	155	identity->fpr = strdup(_fpr);
vb@21	156	if (identity->fpr == NULL) {
vb@21	157	free_stringlist(keylist);
vb@21	158	return PEP_OUT_OF_MEMORY;
vb@21	159	}
vb@21	160	identity->fpr_size = strlen(identity->fpr);
vb@21	161	}
vb@21	162	free_stringlist(keylist);
vb@21	163	}
vb@21	164	}
vb@21	165
vb@21	166	status = PEP_STATUS_OK;
vb@21	167
vb@21	168	if (identity->comm_type != PEP_ct_unknown && !EMPTY(identity->user_id)) {
vb@22	169	assert(!EMPTY(identity->username)); // this should not happen
vb@22	170
vb@22	171	if (EMPTY(identity->username)) { // mitigate
vb@0	172	free(identity->username);
vb@22	173	identity->username = strdup("anonymous");
vb@8	174	if (identity->username == NULL)
vb@8	175	return PEP_OUT_OF_MEMORY;
vb@22	176	identity->username_size = 9;
vb@0	177	}
vb@8	178
vb@8	179	status = set_identity(session, identity);
vb@8	180	assert(status == PEP_STATUS_OK);
vb@8	181	}
vb@8	182
vb@297	183	if (identity->comm_type != PEP_ct_compromized &&
vb@297	184	identity->comm_type < PEP_ct_strong_but_unconfirmed)
vb@297	185	if (session->examine_identity)
vb@297	186	session->examine_identity(identity, session->examine_management);
vb@297	187
vb@8	188	return status;
vb@0	189	}
vb@0	190
vb@0	191	DYNAMIC_API PEP_STATUS myself(PEP_SESSION session, pEp_identity * identity)
vb@0	192	{
vb@0	193	PEP_STATUS status;
vb@46	194	stringlist_t *keylist = NULL;
vb@0	195
vb@0	196	assert(session);
vb@0	197	assert(identity);
vb@0	198	assert(identity->address);
vb@0	199	assert(identity->username);
vb@0	200	assert(identity->user_id);
vb@0	201
vb@191	202	if (!(session && identity && identity->address && identity->username &&
vb@191	203	identity->user_id))
vb@191	204	return PEP_ILLEGAL_VALUE;
vb@191	205
vb@0	206	identity->comm_type = PEP_ct_pEp;
vb@0	207	identity->me = true;
vb@0	208
vb@215	209	DEBUG_LOG("myself", "debug", identity->address);
vb@0	210
vb@0	211	status = find_keys(session, identity->address, &keylist);
vb@0	212	assert(status != PEP_OUT_OF_MEMORY);
vb@0	213	if (status == PEP_OUT_OF_MEMORY)
vb@0	214	return PEP_OUT_OF_MEMORY;
vb@0	215
vb@0	216	if (keylist == NULL \|\| keylist->value == NULL) {
vb@215	217	DEBUG_LOG("generating key pair", "debug", identity->address);
vb@0	218	status = generate_keypair(session, identity);
vb@0	219	assert(status != PEP_OUT_OF_MEMORY);
vb@0	220	if (status != PEP_STATUS_OK) {
vb@0	221	char buf[11];
vb@0	222	snprintf(buf, 11, "%d", status);
vb@215	223	DEBUG_LOG("generating key pair failed", "debug", buf);
vb@0	224	return status;
vb@0	225	}
vb@0	226
vb@0	227	status = find_keys(session, identity->address, &keylist);
vb@0	228	assert(status != PEP_OUT_OF_MEMORY);
vb@0	229	if (status == PEP_OUT_OF_MEMORY)
vb@0	230	return PEP_OUT_OF_MEMORY;
vb@0	231
vb@372	232	assert(keylist && keylist->value);
Edouard@371	233	if (keylist == NULL \|\| keylist->value == NULL) {
Edouard@371	234	return PEP_UNKNOWN_ERROR;
Edouard@371	235	}
vb@0	236	}
vb@214	237	else {
vb@214	238	bool expired;
vb@214	239	status = key_expired(session, keylist->value, &expired);
vb@214	240	assert(status == PEP_STATUS_OK);
vb@214	241
vb@214	242	if (status == PEP_STATUS_OK && expired) {
vb@214	243	timestamp *ts = new_timestamp(time(NULL) + KEY_EXPIRE_DELTA);
vb@214	244	renew_key(session, keylist->value, ts);
vb@214	245	free_timestamp(ts);
vb@214	246	}
vb@214	247	}
vb@0	248
vb@0	249	if (identity->fpr)
vb@0	250	free(identity->fpr);
vb@0	251	identity->fpr = strdup(keylist->value);
vb@0	252	assert(identity->fpr);
vb@0	253	free_stringlist(keylist);
vb@0	254	if (identity->fpr == NULL)
vb@0	255	return PEP_OUT_OF_MEMORY;
vb@8	256	identity->fpr_size = strlen(identity->fpr);
vb@0	257
vb@0	258	status = set_identity(session, identity);
vb@0	259	assert(status == PEP_STATUS_OK);
vb@0	260
vb@0	261	return PEP_STATUS_OK;
vb@0	262	}
vb@0	263
vb@296	264	DYNAMIC_API PEP_STATUS register_examine_function(
vb@292	265	PEP_SESSION session,
vb@292	266	examine_identity_t examine_identity,
vb@292	267	void *management
vb@292	268	)
vb@292	269	{
vb@292	270	assert(session);
vb@292	271	if (!session)
vb@292	272	return PEP_ILLEGAL_VALUE;
vb@292	273
vb@292	274	session->examine_management = management;
vb@292	275	session->examine_identity = examine_identity;
vb@292	276
vb@292	277	return PEP_STATUS_OK;
vb@292	278	}
vb@292	279
vb@0	280	DYNAMIC_API PEP_STATUS do_keymanagement(
vb@0	281	retrieve_next_identity_t retrieve_next_identity,
vb@0	282	void *management
vb@0	283	)
vb@0	284	{
vb@0	285	PEP_SESSION session;
vb@0	286	pEp_identity *identity;
vb@0	287	PEP_STATUS status = init(&session);
vb@0	288
vb@0	289	assert(status == PEP_STATUS_OK);
vb@0	290	if (status != PEP_STATUS_OK)
vb@0	291	return status;
vb@0	292
vb@24	293	assert(retrieve_next_identity);
vb@24	294	assert(management);
vb@24	295
vb@0	296	log_event(session, "keymanagement thread started", "pEp engine", NULL, NULL);
vb@0	297
vb@36	298	while ((identity = retrieve_next_identity(management))) {
vb@0	299	assert(identity->address);
vb@220	300	DEBUG_LOG("do_keymanagement", "retrieve_next_identity", identity->address);
vb@0	301	if (identity->me) {
vb@0	302	status = myself(session, identity);
vb@0	303	assert(status != PEP_OUT_OF_MEMORY);
vb@0	304	} else {
vb@0	305	status = recv_key(session, identity->address);
vb@0	306	assert(status != PEP_OUT_OF_MEMORY);
vb@0	307	}
vb@0	308	free_identity(identity);
vb@0	309	}
vb@0	310
vb@0	311	log_event(session, "keymanagement thread shutdown", "pEp engine", NULL, NULL);
vb@0	312
vb@0	313	release(session);
vb@0	314	return PEP_STATUS_OK;
vb@0	315	}
vb@0	316
vb@357	317	DYNAMIC_API PEP_STATUS key_compromized(
vb@357	318	PEP_SESSION session,
vb@357	319	pEp_identity *ident
vb@357	320	)
vb@215	321	{
vb@218	322	PEP_STATUS status = PEP_STATUS_OK;
vb@218	323
vb@215	324	assert(session);
vb@357	325	assert(ident);
vb@357	326	assert(!EMPTY(ident->fpr));
vb@215	327
vb@357	328	if (!(session && ident && ident->fpr))
vb@215	329	return PEP_ILLEGAL_VALUE;
vb@215	330
vb@357	331	if (ident->me)
vb@357	332	revoke_key(session, ident->fpr, NULL);
vb@357	333	status = mark_as_compromized(session, ident->fpr);
vb@218	334
vb@218	335	return status;
vb@215	336	}
vb@215	337
Edouard@410	338	DYNAMIC_API PEP_STATUS key_reset_trust(
Edouard@410	339	PEP_SESSION session,
Edouard@410	340	pEp_identity *ident
Edouard@410	341	)
Edouard@410	342	{
Edouard@410	343	PEP_STATUS status = PEP_STATUS_OK;
Edouard@410	344
Edouard@410	345	assert(session);
Edouard@410	346	assert(ident);
vb@420	347	assert(!ident->me);
Edouard@410	348	assert(!EMPTY(ident->fpr));
vb@420	349	assert(!EMPTY(ident->address));
vb@420	350	assert(!EMPTY(ident->user_id));
Edouard@410	351
vb@420	352	if (!(session && ident && !ident->me && ident->fpr && ident->address &&
vb@420	353	ident->user_id))
Edouard@410	354	return PEP_ILLEGAL_VALUE;
Edouard@410	355
vb@420	356	status = update_identity(session, ident);
vb@420	357	if (status != PEP_STATUS_OK)
vb@420	358	return status;
Edouard@410	359
vb@420	360	ident->comm_type = PEP_ct_unknown;
vb@420	361	status = set_identity(session, ident);
vb@420	362
Edouard@410	363	return status;
Edouard@410	364	}
Edouard@410	365
vb@354	366	DYNAMIC_API PEP_STATUS trust_personal_key(
vb@354	367	PEP_SESSION session,
vb@354	368	pEp_identity *ident
vb@354	369	)
vb@354	370	{
vb@354	371	PEP_STATUS status = PEP_STATUS_OK;
vb@354	372
vb@354	373	assert(session);
vb@354	374	assert(ident);
vb@354	375	assert(!EMPTY(ident->address));
vb@354	376	assert(!EMPTY(ident->user_id));
vb@354	377	assert(!EMPTY(ident->fpr));
vb@354	378	assert(!ident->me);
vb@354	379
vb@354	380	if (!ident \|\| EMPTY(ident->address) \|\| EMPTY(ident->user_id) \|\|
vb@354	381	EMPTY(ident->fpr) \|\| ident->me)
vb@354	382	return PEP_ILLEGAL_VALUE;
vb@354	383
vb@354	384	status = update_identity(session, ident);
vb@354	385	if (status != PEP_STATUS_OK)
vb@354	386	return status;
vb@354	387
vb@356	388	if (ident->comm_type > PEP_ct_strong_but_unconfirmed) {
vb@356	389	ident->comm_type \|= PEP_ct_confirmed;
vb@356	390	status = update_identity(session, ident);
vb@356	391	}
vb@356	392	else {
vb@356	393	// MISSING: S/MIME has to be handled depending on trusted CAs
vb@370	394	status = PEP_CANNOT_SET_TRUST;
vb@356	395	}
vb@354	396
vb@354	397	return status;
vb@354	398	}
vb@354	399

author	Volker Birk <vb@pep-project.org>
	Wed, 20 Jan 2016 19:58:06 +0100
changeset 420	947ce71ed741
parent 410	00adb9b21ae9
child 421	724a1b68ca42
permissions	-rw-r--r--