repos/pEpEngine: src/keymanagement.c@ab5de5449d7d (annotated)

vb@130	1	#include "platform.h"
vb@0	2
vb@0	3	#include <string.h>
vb@0	4	#include <stdio.h>
vb@0	5	#include <stdlib.h>
vb@0	6	#include <assert.h>
Edouard@512	7	#include <ctype.h>
vb@0	8
vb@217	9	#include "pEp_internal.h"
vb@0	10	#include "keymanagement.h"
vb@0	11
edouard@1195	12	#include "sync_fsm.h"
krista@1253	13	#include "blacklist.h"
edouard@1195	14
Edouard@439	15	#ifndef EMPTYSTR
roker@500	16	#define EMPTYSTR(STR) ((STR) == NULL \|\| (STR)[0] == '\0')
vb@8	17	#endif
vb@8	18
vb@214	19	#define KEY_EXPIRE_DELTA (60 * 60 * 24 * 365)
vb@214	20
Edouard@774	21	PEP_STATUS elect_pubkey(
Edouard@755	22	PEP_SESSION session, pEp_identity * identity
Edouard@755	23	)
Edouard@755	24	{
Edouard@755	25	PEP_STATUS status;
Edouard@755	26	stringlist_t *keylist;
krista@1342	27	char *_fpr = "";
Edouard@755	28	identity->comm_type = PEP_ct_unknown;
Edouard@755	29
Edouard@755	30	status = find_keys(session, identity->address, &keylist);
Edouard@755	31	assert(status != PEP_OUT_OF_MEMORY);
Edouard@755	32	if (status == PEP_OUT_OF_MEMORY)
Edouard@755	33	return PEP_OUT_OF_MEMORY;
Edouard@755	34
Edouard@755	35	stringlist_t *_keylist;
Edouard@755	36	for (_keylist = keylist; _keylist && _keylist->value; _keylist = _keylist->next) {
Edouard@755	37	PEP_comm_type _comm_type_key;
Edouard@755	38
Edouard@755	39	status = get_key_rating(session, _keylist->value, &_comm_type_key);
Edouard@755	40	assert(status != PEP_OUT_OF_MEMORY);
Edouard@755	41	if (status == PEP_OUT_OF_MEMORY) {
Edouard@755	42	free_stringlist(keylist);
Edouard@755	43	return PEP_OUT_OF_MEMORY;
Edouard@755	44	}
Edouard@755	45
Edouard@755	46	if (_comm_type_key != PEP_ct_compromized &&
Edouard@755	47	_comm_type_key != PEP_ct_unknown)
Edouard@755	48	{
Edouard@755	49	if (identity->comm_type == PEP_ct_unknown \|\|
Edouard@755	50	_comm_type_key > identity->comm_type)
Edouard@755	51	{
krista@1275	52	bool blacklisted;
krista@1275	53	status = blacklist_is_listed(session, _keylist->value, &blacklisted);
krista@1275	54	if (status == PEP_STATUS_OK && !blacklisted) {
krista@1275	55	identity->comm_type = _comm_type_key;
krista@1275	56	_fpr = _keylist->value;
krista@1275	57	}
Edouard@755	58	}
Edouard@755	59	}
Edouard@755	60	}
Edouard@755	61
krista@1342	62
krista@1342	63	// if (_fpr) {
krista@1342	64	free(identity->fpr);
Edouard@755	65
krista@1342	66	identity->fpr = strdup(_fpr);
krista@1342	67	if (identity->fpr == NULL) {
krista@1342	68	free_stringlist(keylist);
krista@1342	69	return PEP_OUT_OF_MEMORY;
Edouard@755	70	}
krista@1342	71	// }
Edouard@755	72	free_stringlist(keylist);
Edouard@755	73	return PEP_STATUS_OK;
Edouard@755	74	}
Edouard@755	75
edouard@1406	76	PEP_STATUS _myself(PEP_SESSION session, pEp_identity * identity, bool do_keygen, bool ignore_flags);
edouard@1385	77
edouard@1385	78	DYNAMIC_API PEP_STATUS update_identity(
edouard@1385	79	PEP_SESSION session, pEp_identity * identity
vb@0	80	)
vb@0	81	{
vb@0	82	pEp_identity *stored_identity;
krista@1224	83	pEp_identity* temp_id = NULL;
vb@0	84	PEP_STATUS status;
vb@0	85
vb@0	86	assert(session);
vb@0	87	assert(identity);
Edouard@439	88	assert(!EMPTYSTR(identity->address));
vb@0	89
Edouard@439	90	if (!(session && identity && !EMPTYSTR(identity->address)))
vb@191	91	return PEP_ILLEGAL_VALUE;
vb@191	92
vb@1078	93	if (identity->me \|\| (identity->user_id && strcmp(identity->user_id, PEP_OWN_USERID) == 0)) {
edouard@1385	94	identity->me = true;
edouard@1406	95	return _myself(session, identity, false, true);
vb@1078	96	}
vb@1078	97
Edouard@559	98	int _no_user_id = EMPTYSTR(identity->user_id);
edouard@1164	99	int _did_elect_new_key = 0;
Edouard@559	100
Edouard@559	101	if (_no_user_id)
Edouard@559	102	{
vb@1015	103	status = get_identity(session, identity->address, PEP_OWN_USERID,
vb@1015	104	&stored_identity);
vb@1015	105	if (status == PEP_STATUS_OK) {
vb@1015	106	free_identity(stored_identity);
edouard@1406	107	return _myself(session, identity, false, true);
vb@1015	108	}
vb@1015	109
Edouard@559	110	free(identity->user_id);
Edouard@559	111
vb@591	112	identity->user_id = calloc(1, strlen(identity->address) + 6);
Edouard@562	113	if (!identity->user_id)
Edouard@562	114	{
Edouard@562	115	return PEP_OUT_OF_MEMORY;
Edouard@562	116	}
vb@983	117	snprintf(identity->user_id, strlen(identity->address) + 6,
Edouard@562	118	"TOFU_%s", identity->address);
Edouard@559	119	}
vb@934	120
Edouard@559	121	status = get_identity(session,
Edouard@559	122	identity->address,
Edouard@559	123	identity->user_id,
Edouard@559	124	&stored_identity);
Edouard@559	125
vb@0	126	assert(status != PEP_OUT_OF_MEMORY);
vb@0	127	if (status == PEP_OUT_OF_MEMORY)
Edouard@829	128	goto exit_free;
vb@0	129
krista@1224	130	temp_id = identity_dup(identity);
krista@1220	131
edouard@1501	132	/* We don't take given fpr.
edouard@1501	133	In case there's no acceptable stored fpr, it will be elected. */
edouard@1501	134	free(temp_id->fpr);
edouard@1501	135	temp_id->fpr = NULL;
edouard@1501	136	temp_id->comm_type = PEP_ct_unknown;
edouard@1501	137
edouard@1501	138	if (stored_identity) {
krista@1188	139
edouard@1501	140	bool dont_use_stored_fpr = true;
krista@1220	141
krista@1220	142	/* if we have a stored_identity fpr */
edouard@1501	143	if (!EMPTYSTR(stored_identity->fpr)) {
edouard@1501	144	status = blacklist_is_listed(session, stored_identity->fpr, &dont_use_stored_fpr);
krista@1220	145	if (status != PEP_STATUS_OK)
edouard@1501	146	dont_use_stored_fpr = true;
krista@1220	147	}
krista@1188	148
krista@1220	149
edouard@1501	150	if (!dont_use_stored_fpr) {
krista@1220	151	temp_id->fpr = strdup(stored_identity->fpr);
krista@1220	152	assert(temp_id->fpr);
krista@1220	153	if (temp_id->fpr == NULL) {
krista@1220	154	status = PEP_OUT_OF_MEMORY;
krista@1188	155	goto exit_free;
krista@1220	156	}
edouard@1501	157
edouard@1501	158	/* Check stored comm_type */
edouard@1501	159	PEP_comm_type _comm_type_key;
edouard@1501	160	status = get_key_rating(session, temp_id->fpr, &_comm_type_key);
edouard@1501	161	assert(status != PEP_OUT_OF_MEMORY);
edouard@1501	162	if (status == PEP_OUT_OF_MEMORY)
edouard@1501	163	goto exit_free;
edouard@1501	164	if (_comm_type_key < PEP_ct_unconfirmed_encryption) {
edouard@1501	165	/* if key not good anymore,
edouard@1501	166	downgrade eventually trusted comm_type */
edouard@1501	167	temp_id->comm_type = _comm_type_key;
edouard@1501	168	} else {
edouard@1501	169	/* otherwise take stored comm_type as-is */
edouard@1501	170	temp_id->comm_type = stored_identity->comm_type;
edouard@1501	171	if (temp_id->comm_type == PEP_ct_unknown) {
edouard@1501	172	/* except if unknown */
edouard@1501	173	temp_id->comm_type = _comm_type_key;
edouard@1501	174	}
edouard@1501	175	}
krista@1220	176	}
edouard@1501	177	else {
edouard@1501	178	status = elect_pubkey(session, temp_id);
edouard@1501	179	if (status != PEP_STATUS_OK)
edouard@1501	180	goto exit_free;
krista@1188	181	else {
krista@1188	182	_did_elect_new_key = 1;
krista@1188	183	}
krista@1188	184	}
krista@1188	185
krista@1220	186	/* ok, from here on out, use temp_id */
krista@1220	187
krista@1220	188
krista@1220	189	/* At this point, we either have a non-blacklisted fpr we can work */
krista@1220	190	/* with, or we've got nada. */
edouard@1501	191
edouard@1501	192	if (EMPTYSTR(temp_id->fpr)) {
edouard@1501	193	/* nada : set comm_type accordingly */
krista@1243	194	temp_id->comm_type = PEP_ct_key_not_found;
krista@1243	195	}
krista@1243	196
krista@1220	197	if (EMPTYSTR(temp_id->username)) {
krista@1220	198	free(temp_id->username);
krista@1220	199	temp_id->username = strdup(stored_identity->username);
krista@1220	200	assert(temp_id->username);
krista@1220	201	if (temp_id->username == NULL){
Edouard@829	202	status = PEP_OUT_OF_MEMORY;
Edouard@829	203	goto exit_free;
Edouard@829	204	}
vb@22	205	}
vb@22	206
krista@1220	207	if (temp_id->lang[0] == 0) {
krista@1220	208	temp_id->lang[0] = stored_identity->lang[0];
krista@1220	209	temp_id->lang[1] = stored_identity->lang[1];
krista@1220	210	temp_id->lang[2] = 0;
vb@21	211	}
vb@932	212
krista@1220	213	temp_id->flags = stored_identity->flags;
vb@21	214	}
vb@21	215	else /* stored_identity == NULL */ {
krista@1220	216	temp_id->flags = 0;
vb@934	217
edouard@1501	218	/* We elect a pubkey */
edouard@1501	219	status = elect_pubkey(session, temp_id);
edouard@1501	220	if (status != PEP_STATUS_OK)
edouard@1501	221	goto exit_free;
edouard@1501	222
edouard@1501	223	/* Work with the elected key */
krista@1220	224	if (!EMPTYSTR(temp_id->fpr)) {
krista@1196	225
edouard@1502	226	PEP_comm_type _comm_type_key = temp_id->comm_type;
edouard@1502	227
edouard@1502	228	_did_elect_new_key = 1;
vb@21	229
edouard@1502	230	// We don't want to lose a previous trust entry!!!
edouard@1502	231	status = get_trust(session, temp_id);
edouard@1501	232
edouard@1502	233	bool has_trust_status = (status == PEP_STATUS_OK);
vb@21	234
edouard@1502	235	if (!has_trust_status)
edouard@1502	236	temp_id->comm_type = _comm_type_key;
vb@21	237	}
vb@21	238	}
vb@21	239
edouard@1501	240	if (temp_id->fpr == NULL) {
krista@1220	241	temp_id->fpr = strdup("");
edouard@1501	242	if (temp_id->fpr == NULL) {
edouard@1501	243	status = PEP_OUT_OF_MEMORY;
edouard@1501	244	goto exit_free;
edouard@1501	245	}
edouard@1501	246	}
krista@1193	247
krista@1193	248
vb@21	249	status = PEP_STATUS_OK;
vb@21	250
krista@1220	251	if (temp_id->comm_type != PEP_ct_unknown && !EMPTYSTR(temp_id->user_id)) {
krista@1220	252	assert(!EMPTYSTR(temp_id->username)); // this should not happen
vb@22	253
krista@1220	254	if (EMPTYSTR(temp_id->username)) { // mitigate
krista@1220	255	free(temp_id->username);
krista@1220	256	temp_id->username = strdup("anonymous");
krista@1220	257	assert(temp_id->username);
krista@1220	258	if (temp_id->username == NULL){
Edouard@829	259	status = PEP_OUT_OF_MEMORY;
Edouard@829	260	goto exit_free;
Edouard@829	261	}
vb@0	262	}
vb@8	263
Edouard@755	264	// Identity doesn't get stored if call was just about checking existing
Edouard@755	265	// user by address (i.e. no user id given but already stored)
krista@1223	266	if (!(_no_user_id && stored_identity) \|\| _did_elect_new_key)
Edouard@559	267	{
krista@1220	268	status = set_identity(session, temp_id);
Edouard@559	269	assert(status == PEP_STATUS_OK);
Edouard@559	270	if (status != PEP_STATUS_OK) {
Edouard@829	271	goto exit_free;
Edouard@559	272	}
Edouard@499	273	}
vb@8	274	}
vb@8	275
krista@1220	276	if (temp_id->comm_type != PEP_ct_compromized &&
krista@1220	277	temp_id->comm_type < PEP_ct_strong_but_unconfirmed)
vb@297	278	if (session->examine_identity)
krista@1220	279	session->examine_identity(temp_id, session->examine_management);
krista@1220	280
krista@1220	281	/* ok, we got to the end. So we can assign the output identity */
krista@1220	282	free(identity->address);
krista@1220	283	identity->address = strdup(temp_id->address);
krista@1220	284	free(identity->fpr);
krista@1220	285	identity->fpr = strdup(temp_id->fpr);
krista@1220	286	free(identity->user_id);
krista@1220	287	identity->user_id = strdup(temp_id->user_id);
krista@1220	288	free(identity->username);
krista@1492	289	identity->username = strdup(temp_id->username ? temp_id->username : "anonymous");
krista@1220	290	identity->comm_type = temp_id->comm_type;
krista@1220	291	identity->lang[0] = temp_id->lang[0];
krista@1220	292	identity->lang[1] = temp_id->lang[1];
krista@1220	293	identity->lang[2] = 0;
krista@1220	294	identity->me = temp_id->me;
krista@1220	295	identity->flags = temp_id->flags;
vb@297	296
Edouard@829	297	exit_free :
Edouard@829	298
Edouard@829	299	if (stored_identity){
Edouard@829	300	free_identity(stored_identity);
Edouard@829	301	}
Edouard@829	302
krista@1220	303	if (temp_id)
krista@1220	304	free_identity(temp_id);
krista@1220	305
vb@8	306	return status;
vb@0	307	}
vb@0	308
Edouard@774	309	PEP_STATUS elect_ownkey(
krista@1194	310	PEP_SESSION session, pEp_identity * identity
Edouard@774	311	)
Edouard@774	312	{
Edouard@774	313	PEP_STATUS status;
Edouard@774	314	stringlist_t *keylist = NULL;
Edouard@774	315
Edouard@774	316	free(identity->fpr);
Edouard@774	317	identity->fpr = NULL;
Edouard@774	318
krista@1357	319	status = find_private_keys(session, identity->address, &keylist);
Edouard@774	320	assert(status != PEP_OUT_OF_MEMORY);
Edouard@774	321	if (status == PEP_OUT_OF_MEMORY)
Edouard@774	322	return PEP_OUT_OF_MEMORY;
Edouard@774	323
Edouard@774	324	if (keylist != NULL && keylist->value != NULL)
Edouard@774	325	{
Edouard@774	326	char *_fpr = NULL;
Edouard@774	327	identity->comm_type = PEP_ct_unknown;
Edouard@774	328
Edouard@774	329	stringlist_t *_keylist;
Edouard@774	330	for (_keylist = keylist; _keylist && _keylist->value; _keylist = _keylist->next) {
Edouard@774	331	bool is_own = false;
Edouard@774	332
Edouard@774	333	if (session->use_only_own_private_keys)
Edouard@774	334	{
Edouard@774	335	status = own_key_is_listed(session, _keylist->value, &is_own);
Edouard@774	336	assert(status == PEP_STATUS_OK);
Edouard@774	337	if (status != PEP_STATUS_OK) {
Edouard@774	338	free_stringlist(keylist);
Edouard@774	339	return status;
Edouard@774	340	}
Edouard@774	341	}
Edouard@774	342
Edouard@774	343	// TODO : also accept synchronized device group keys ?
Edouard@774	344
Edouard@774	345	if (!session->use_only_own_private_keys \|\| is_own)
Edouard@774	346	{
Edouard@774	347	PEP_comm_type _comm_type_key;
Edouard@774	348
Edouard@774	349	status = get_key_rating(session, _keylist->value, &_comm_type_key);
Edouard@774	350	assert(status != PEP_OUT_OF_MEMORY);
Edouard@774	351	if (status == PEP_OUT_OF_MEMORY) {
Edouard@774	352	free_stringlist(keylist);
Edouard@774	353	return PEP_OUT_OF_MEMORY;
Edouard@774	354	}
Edouard@774	355
Edouard@774	356	if (_comm_type_key != PEP_ct_compromized &&
Edouard@774	357	_comm_type_key != PEP_ct_unknown)
Edouard@774	358	{
Edouard@774	359	if (identity->comm_type == PEP_ct_unknown \|\|
Edouard@774	360	_comm_type_key > identity->comm_type)
Edouard@774	361	{
Edouard@774	362	identity->comm_type = _comm_type_key;
Edouard@774	363	_fpr = _keylist->value;
Edouard@774	364	}
Edouard@774	365	}
Edouard@774	366	}
Edouard@774	367	}
Edouard@774	368
Edouard@774	369	if (_fpr)
Edouard@774	370	{
Edouard@774	371	identity->fpr = strdup(_fpr);
Edouard@774	372	assert(identity->fpr);
Edouard@774	373	if (identity->fpr == NULL)
Edouard@774	374	{
Edouard@774	375	free_stringlist(keylist);
Edouard@774	376	return PEP_OUT_OF_MEMORY;
Edouard@774	377	}
Edouard@774	378	}
Edouard@774	379	free_stringlist(keylist);
Edouard@774	380	}
Edouard@774	381	return PEP_STATUS_OK;
Edouard@774	382	}
Edouard@774	383
krista@1357	384	PEP_STATUS _has_usable_priv_key(PEP_SESSION session, char* fpr,
krista@1357	385	bool* is_usable) {
krista@1357	386
krista@1357	387	bool dont_use_fpr = true;
krista@1357	388
krista@1357	389	PEP_STATUS status = blacklist_is_listed(session, fpr, &dont_use_fpr);
krista@1371	390	if (status == PEP_STATUS_OK && !dont_use_fpr) {
krista@1357	391	// Make sure there is a private key associated with this fpr
krista@1357	392	bool has_private = false;
krista@1357	393	status = contains_priv_key(session, fpr, &has_private);
krista@1371	394
krista@1371	395	if (status == PEP_STATUS_OK)
krista@1371	396	dont_use_fpr = !has_private;
krista@1357	397	}
krista@1357	398
krista@1357	399	*is_usable = !dont_use_fpr;
krista@1357	400
krista@1357	401	return status;
krista@1357	402	}
krista@1357	403
edouard@1406	404	PEP_STATUS _myself(PEP_SESSION session, pEp_identity * identity, bool do_keygen, bool ignore_flags)
vb@0	405	{
Edouard@560	406	pEp_identity *stored_identity;
vb@0	407	PEP_STATUS status;
vb@0	408
vb@0	409	assert(session);
vb@0	410	assert(identity);
vb@1044	411	assert(!EMPTYSTR(identity->address));
vb@1043	412
Edouard@658	413	assert(EMPTYSTR(identity->user_id) \|\|
Edouard@658	414	strcmp(identity->user_id, PEP_OWN_USERID) == 0);
vb@0	415
vb@1044	416	if (!(session && identity && !EMPTYSTR(identity->address) &&
vb@1043	417	(EMPTYSTR(identity->user_id) \|\|
vb@1043	418	strcmp(identity->user_id, PEP_OWN_USERID) == 0)))
vb@191	419	return PEP_ILLEGAL_VALUE;
vb@191	420
vb@0	421	identity->comm_type = PEP_ct_pEp;
vb@0	422	identity->me = true;
edouard@1406	423	if(ignore_flags)
edouard@1406	424	identity->flags = 0;
Edouard@658	425
vb@1043	426	if (EMPTYSTR(identity->user_id))
Edouard@658	427	{
Edouard@658	428	free(identity->user_id);
Edouard@658	429	identity->user_id = strdup(PEP_OWN_USERID);
Edouard@658	430	assert(identity->user_id);
Edouard@658	431	if (identity->user_id == NULL)
Edouard@658	432	return PEP_OUT_OF_MEMORY;
Edouard@658	433	}
vb@0	434
edouard@1488	435	if (EMPTYSTR(identity->username))
edouard@1488	436	{
edouard@1488	437	free(identity->username);
edouard@1488	438	identity->username = strdup("anonymous");
edouard@1488	439	assert(identity->username);
edouard@1488	440	if (identity->username == NULL)
edouard@1488	441	return PEP_OUT_OF_MEMORY;
edouard@1488	442	}
edouard@1488	443
vb@215	444	DEBUG_LOG("myself", "debug", identity->address);
vb@1044	445
Edouard@560	446	status = get_identity(session,
Edouard@560	447	identity->address,
Edouard@560	448	identity->user_id,
Edouard@560	449	&stored_identity);
Edouard@560	450
vb@0	451	assert(status != PEP_OUT_OF_MEMORY);
vb@0	452	if (status == PEP_OUT_OF_MEMORY)
vb@0	453	return PEP_OUT_OF_MEMORY;
krista@1357	454
krista@1357	455	bool dont_use_stored_fpr = true;
krista@1357	456	bool dont_use_input_fpr = true;
krista@1359	457
Edouard@560	458	if (stored_identity)
Edouard@560	459	{
Edouard@560	460	if (EMPTYSTR(identity->fpr)) {
krista@1352	461
krista@1357	462	bool has_private = false;
krista@1352	463
krista@1357	464	status = _has_usable_priv_key(session, stored_identity->fpr, &has_private);
krista@1352	465
krista@1371	466	// N.B. has_private is never true if the returned status is not PEP_STATUS_OK
krista@1357	467	if (has_private) {
krista@1357	468	identity->fpr = strdup(stored_identity->fpr);
krista@1357	469	assert(identity->fpr);
krista@1357	470	if (identity->fpr == NULL)
krista@1357	471	{
krista@1357	472	return PEP_OUT_OF_MEMORY;
krista@1357	473	}
krista@1357	474	dont_use_stored_fpr = false;
Edouard@560	475	}
Edouard@560	476	}
krista@1357	477
edouard@1406	478	identity->flags = (identity->flags & 255) \| stored_identity->flags;
edouard@1367	479
edouard@1367	480	free_identity(stored_identity);
Edouard@588	481	}
krista@1357	482
krista@1357	483	if (dont_use_stored_fpr && !EMPTYSTR(identity->fpr))
Edouard@588	484	{
Edouard@588	485	// App must have a good reason to give fpr, such as explicit
Edouard@588	486	// import of private key, or similar.
Edouard@588	487
Edouard@658	488	// Take given fpr as-is.
vb@934	489
krista@1357	490	// BUT:
krista@1357	491	// First check to see if it's blacklisted or private part is missing?
krista@1357	492	bool has_private = false;
krista@1357	493
krista@1357	494	status = _has_usable_priv_key(session, identity->fpr, &has_private);
krista@1357	495
krista@1371	496	// N.B. has_private is never true if the returned status is not PEP_STATUS_OK
krista@1357	497	if (has_private) {
krista@1357	498	dont_use_input_fpr = false;
krista@1357	499	}
Edouard@560	500	}
krista@1357	501
krista@1357	502	// Ok, we failed to get keys either way, so let's elect one.
krista@1357	503	if (dont_use_input_fpr && dont_use_stored_fpr)
Edouard@560	504	{
Edouard@774	505	status = elect_ownkey(session, identity);
Edouard@774	506	assert(status == PEP_STATUS_OK);
Edouard@774	507	if (status != PEP_STATUS_OK) {
Edouard@774	508	return status;
Edouard@560	509	}
vb@934	510
krista@1357	511	bool has_private = false;
krista@1359	512	if (identity->fpr) {
krista@1359	513	// ok, we elected something.
krista@1359	514	// elect_ownkey only returns private keys, so we don't check again.
krista@1359	515	// Check to see if it's blacklisted
krista@1359	516	bool listed;
krista@1359	517	status = blacklist_is_listed(session, identity->fpr, &listed);
krista@1371	518
krista@1371	519	if (status == PEP_STATUS_OK)
krista@1371	520	has_private = !listed;
krista@1359	521	}
krista@1357	522
krista@1357	523	if (has_private) {
krista@1357	524	dont_use_input_fpr = false;
krista@1357	525	}
krista@1357	526	else { // OK, we've tried everything. Time to generate new keys.
krista@1359	527	free(identity->fpr); // It can stay in this state (unallocated) because we'll generate a new key
krista@1359	528	identity->fpr = NULL;
krista@1357	529	}
Edouard@560	530	}
Edouard@695	531
Edouard@695	532	bool revoked = false;
Edouard@695	533	char *r_fpr = NULL;
Edouard@695	534	if (!EMPTYSTR(identity->fpr))
Edouard@695	535	{
Edouard@695	536	status = key_revoked(session, identity->fpr, &revoked);
Edouard@775	537
Edouard@775	538	// Forces re-election if key is missing and own-key-only not forced
Edouard@775	539	if (!session->use_only_own_private_keys && status == PEP_KEY_NOT_FOUND)
Edouard@775	540	{
Edouard@775	541	status = elect_ownkey(session, identity);
Edouard@775	542	assert(status == PEP_STATUS_OK);
Edouard@775	543	if (status != PEP_STATUS_OK) {
Edouard@775	544	return status;
Edouard@775	545	}
Edouard@775	546	}
Edouard@775	547	else if (status != PEP_STATUS_OK)
Edouard@775	548	{
Edouard@695	549	return status;
Edouard@695	550	}
Edouard@695	551	}
edouard@1140	552
edouard@1140	553	bool new_key_generated = false;
edouard@1140	554
Edouard@695	555	if (EMPTYSTR(identity->fpr) \|\| revoked)
Edouard@695	556	{
edouard@1385	557	if(!do_keygen){
edouard@1385	558	return PEP_GET_KEY_FAILED;
edouard@1385	559	}
edouard@1385	560
Edouard@695	561	if(revoked)
Edouard@695	562	{
Edouard@697	563	r_fpr = identity->fpr;
Edouard@697	564	identity->fpr = NULL;
Edouard@695	565	}
Edouard@560	566
vb@215	567	DEBUG_LOG("generating key pair", "debug", identity->address);
vb@0	568	status = generate_keypair(session, identity);
vb@0	569	assert(status != PEP_OUT_OF_MEMORY);
vb@0	570	if (status != PEP_STATUS_OK) {
vb@0	571	char buf[11];
vb@0	572	snprintf(buf, 11, "%d", status);
vb@215	573	DEBUG_LOG("generating key pair failed", "debug", buf);
Edouard@695	574	if(revoked && r_fpr)
Edouard@695	575	free(r_fpr);
vb@0	576	return status;
vb@0	577	}
edouard@1140	578
edouard@1140	579	new_key_generated = true;
Edouard@560	580
Edouard@695	581	if(revoked)
Edouard@695	582	{
Edouard@695	583	status = set_revoked(session, r_fpr,
Edouard@695	584	identity->fpr, time(NULL));
Edouard@695	585	free(r_fpr);
Edouard@695	586	if (status != PEP_STATUS_OK) {
Edouard@695	587	return status;
Edouard@695	588	}
Edouard@588	589	}
vb@0	590	}
Edouard@560	591	else
Edouard@560	592	{
vb@214	593	bool expired;
Edouard@701	594	status = key_expired(session, identity->fpr,
Edouard@701	595	time(NULL) + (7243600), // In a week
Edouard@701	596	&expired);
Edouard@701	597
vb@214	598	assert(status == PEP_STATUS_OK);
Edouard@499	599	if (status != PEP_STATUS_OK) {
Edouard@588	600	return status;
Edouard@499	601	}
vb@214	602
vb@214	603	if (status == PEP_STATUS_OK && expired) {
vb@214	604	timestamp *ts = new_timestamp(time(NULL) + KEY_EXPIRE_DELTA);
Edouard@560	605	renew_key(session, identity->fpr, ts);
vb@214	606	free_timestamp(ts);
vb@214	607	}
vb@214	608	}
vb@0	609
krista@1353	610	if (!identity->username)
krista@1353	611	identity->username = strdup("");
krista@1353	612
vb@0	613	status = set_identity(session, identity);
vb@0	614	assert(status == PEP_STATUS_OK);
Edouard@499	615	if (status != PEP_STATUS_OK) {
Edouard@588	616	return status;
Edouard@499	617	}
vb@0	618
edouard@1145	619	if(new_key_generated)
edouard@1145	620	{
edouard@1145	621	// if a state machine for keysync is in place, inject notify
edouard@1195	622	status = inject_DeviceState_event(session, KeyGen, NULL, NULL);
edouard@1299	623	if (status == PEP_OUT_OF_MEMORY){
edouard@1299	624	return PEP_OUT_OF_MEMORY;
edouard@1299	625	}
edouard@1145	626	}
edouard@1140	627
vb@0	628	return PEP_STATUS_OK;
Edouard@499	629
vb@0	630	}
vb@0	631
edouard@1385	632	DYNAMIC_API PEP_STATUS myself(PEP_SESSION session, pEp_identity * identity)
edouard@1385	633	{
edouard@1406	634	return _myself(session, identity, true, false);
edouard@1385	635	}
edouard@1385	636
vb@296	637	DYNAMIC_API PEP_STATUS register_examine_function(
vb@292	638	PEP_SESSION session,
vb@292	639	examine_identity_t examine_identity,
vb@292	640	void *management
vb@292	641	)
vb@292	642	{
vb@292	643	assert(session);
vb@292	644	if (!session)
vb@292	645	return PEP_ILLEGAL_VALUE;
vb@292	646
vb@292	647	session->examine_management = management;
vb@292	648	session->examine_identity = examine_identity;
vb@292	649
vb@292	650	return PEP_STATUS_OK;
vb@292	651	}
vb@292	652
vb@0	653	DYNAMIC_API PEP_STATUS do_keymanagement(
vb@0	654	retrieve_next_identity_t retrieve_next_identity,
vb@0	655	void *management
vb@0	656	)
vb@0	657	{
vb@0	658	PEP_SESSION session;
vb@0	659	pEp_identity *identity;
Edouard@499	660	PEP_STATUS status;
vb@0	661
Edouard@499	662	assert(retrieve_next_identity);
Edouard@499	663	assert(management);
Edouard@499	664
Edouard@499	665	if (!retrieve_next_identity \|\| !management)
Edouard@499	666	return PEP_ILLEGAL_VALUE;
Edouard@499	667
Edouard@499	668	status = init(&session);
vb@0	669	assert(status == PEP_STATUS_OK);
vb@0	670	if (status != PEP_STATUS_OK)
vb@0	671	return status;
vb@0	672
vb@0	673	log_event(session, "keymanagement thread started", "pEp engine", NULL, NULL);
vb@0	674
Edouard@499	675	while ((identity = retrieve_next_identity(management)))
Edouard@499	676	{
vb@0	677	assert(identity->address);
Edouard@499	678	if(identity->address)
Edouard@499	679	{
Edouard@499	680	DEBUG_LOG("do_keymanagement", "retrieve_next_identity", identity->address);
Edouard@499	681
Edouard@499	682	if (identity->me) {
Edouard@499	683	status = myself(session, identity);
Edouard@499	684	} else {
Edouard@499	685	status = recv_key(session, identity->address);
Edouard@499	686	}
Edouard@499	687
vb@0	688	assert(status != PEP_OUT_OF_MEMORY);
Edouard@499	689	if(status == PEP_OUT_OF_MEMORY)
Edouard@499	690	return PEP_OUT_OF_MEMORY;
vb@0	691	}
vb@0	692	free_identity(identity);
vb@0	693	}
vb@0	694
vb@0	695	log_event(session, "keymanagement thread shutdown", "pEp engine", NULL, NULL);
vb@0	696
vb@0	697	release(session);
vb@0	698	return PEP_STATUS_OK;
vb@0	699	}
vb@0	700
krista@1213	701	DYNAMIC_API PEP_STATUS key_mistrusted(
vb@357	702	PEP_SESSION session,
vb@357	703	pEp_identity *ident
vb@357	704	)
vb@215	705	{
vb@218	706	PEP_STATUS status = PEP_STATUS_OK;
vb@218	707
vb@215	708	assert(session);
vb@357	709	assert(ident);
Edouard@439	710	assert(!EMPTYSTR(ident->fpr));
vb@215	711
vb@357	712	if (!(session && ident && ident->fpr))
vb@215	713	return PEP_ILLEGAL_VALUE;
vb@215	714
vb@357	715	if (ident->me)
Edouard@697	716	{
vb@357	717	revoke_key(session, ident->fpr, NULL);
Edouard@697	718	myself(session, ident);
Edouard@697	719	}
Edouard@697	720	else
Edouard@697	721	{
Edouard@697	722	status = mark_as_compromized(session, ident->fpr);
Edouard@697	723	}
vb@218	724
vb@218	725	return status;
vb@215	726	}
vb@215	727
Edouard@410	728	DYNAMIC_API PEP_STATUS key_reset_trust(
Edouard@410	729	PEP_SESSION session,
Edouard@410	730	pEp_identity *ident
Edouard@410	731	)
Edouard@410	732	{
Edouard@410	733	PEP_STATUS status = PEP_STATUS_OK;
Edouard@410	734
Edouard@410	735	assert(session);
Edouard@410	736	assert(ident);
vb@420	737	assert(!ident->me);
Edouard@439	738	assert(!EMPTYSTR(ident->fpr));
Edouard@439	739	assert(!EMPTYSTR(ident->address));
Edouard@439	740	assert(!EMPTYSTR(ident->user_id));
Edouard@410	741
vb@420	742	if (!(session && ident && !ident->me && ident->fpr && ident->address &&
vb@420	743	ident->user_id))
Edouard@410	744	return PEP_ILLEGAL_VALUE;
Edouard@410	745
vb@420	746	status = update_identity(session, ident);
vb@420	747	if (status != PEP_STATUS_OK)
vb@420	748	return status;
Edouard@410	749
Edouard@442	750	if (ident->comm_type == PEP_ct_mistrusted)
vb@421	751	ident->comm_type = PEP_ct_unknown;
vb@421	752	else
vb@421	753	ident->comm_type &= ~PEP_ct_confirmed;
vb@421	754
vb@420	755	status = set_identity(session, ident);
vb@421	756	if (status != PEP_STATUS_OK)
vb@421	757	return status;
vb@421	758
vb@422	759	if (ident->comm_type == PEP_ct_unknown)
vb@422	760	status = update_identity(session, ident);
Edouard@410	761	return status;
Edouard@410	762	}
Edouard@410	763
vb@354	764	DYNAMIC_API PEP_STATUS trust_personal_key(
vb@354	765	PEP_SESSION session,
vb@354	766	pEp_identity *ident
vb@354	767	)
vb@354	768	{
vb@354	769	PEP_STATUS status = PEP_STATUS_OK;
vb@354	770
vb@354	771	assert(session);
vb@354	772	assert(ident);
Edouard@439	773	assert(!EMPTYSTR(ident->address));
Edouard@439	774	assert(!EMPTYSTR(ident->user_id));
Edouard@439	775	assert(!EMPTYSTR(ident->fpr));
vb@354	776	assert(!ident->me);
vb@354	777
Edouard@439	778	if (!ident \|\| EMPTYSTR(ident->address) \|\| EMPTYSTR(ident->user_id) \|\|
Edouard@439	779	EMPTYSTR(ident->fpr) \|\| ident->me)
vb@354	780	return PEP_ILLEGAL_VALUE;
vb@354	781
vb@354	782	status = update_identity(session, ident);
vb@354	783	if (status != PEP_STATUS_OK)
vb@354	784	return status;
vb@354	785
vb@356	786	if (ident->comm_type > PEP_ct_strong_but_unconfirmed) {
vb@356	787	ident->comm_type \|= PEP_ct_confirmed;
Edouard@488	788	status = set_identity(session, ident);
vb@356	789	}
vb@356	790	else {
vb@356	791	// MISSING: S/MIME has to be handled depending on trusted CAs
vb@370	792	status = PEP_CANNOT_SET_TRUST;
vb@356	793	}
vb@354	794
vb@354	795	return status;
vb@354	796	}
vb@354	797
Edouard@584	798	DYNAMIC_API PEP_STATUS own_key_is_listed(
vb@955	799	PEP_SESSION session,
vb@955	800	const char *fpr,
vb@955	801	bool *listed
vb@955	802	)
Edouard@584	803	{
Edouard@584	804	PEP_STATUS status = PEP_STATUS_OK;
Edouard@584	805	int count;
Edouard@584	806
Edouard@584	807	assert(session && fpr && fpr[0] && listed);
Edouard@584	808
Edouard@584	809	if (!(session && fpr && fpr[0] && listed))
Edouard@584	810	return PEP_ILLEGAL_VALUE;
Edouard@584	811
Edouard@584	812	*listed = false;
Edouard@584	813
Edouard@584	814	sqlite3_reset(session->own_key_is_listed);
Edouard@584	815	sqlite3_bind_text(session->own_key_is_listed, 1, fpr, -1, SQLITE_STATIC);
Edouard@584	816
Edouard@584	817	int result;
Edouard@584	818
Edouard@584	819	result = sqlite3_step(session->own_key_is_listed);
Edouard@584	820	switch (result) {
Edouard@584	821	case SQLITE_ROW:
Edouard@584	822	count = sqlite3_column_int(session->own_key_is_listed, 0);
Edouard@584	823	*listed = count > 0;
Edouard@584	824	status = PEP_STATUS_OK;
Edouard@584	825	break;
Edouard@584	826
Edouard@584	827	default:
Edouard@584	828	status = PEP_UNKNOWN_ERROR;
Edouard@584	829	}
Edouard@584	830
Edouard@584	831	sqlite3_reset(session->own_key_is_listed);
Edouard@584	832	return status;
Edouard@584	833	}
Edouard@584	834
edouard@1412	835	PEP_STATUS _own_identities_retrieve(
vb@955	836	PEP_SESSION session,
edouard@1412	837	identity_list **own_identities,
edouard@1412	838	identity_flags_t excluded_flags
vb@955	839	)
Edouard@584	840	{
Edouard@584	841	PEP_STATUS status = PEP_STATUS_OK;
Edouard@584	842
vb@955	843	assert(session && own_identities);
vb@955	844	if (!(session && own_identities))
Edouard@584	845	return PEP_ILLEGAL_VALUE;
Edouard@584	846
vb@955	847	*own_identities = NULL;
vb@955	848	identity_list *_own_identities = new_identity_list(NULL);
vb@955	849	if (_own_identities == NULL)
Edouard@584	850	goto enomem;
Edouard@584	851
vb@955	852	sqlite3_reset(session->own_identities_retrieve);
Edouard@584	853
Edouard@584	854	int result;
vb@955	855	// address, fpr, username, user_id, comm_type, lang, flags
vb@955	856	const char *address = NULL;
Edouard@584	857	const char *fpr = NULL;
vb@955	858	const char *username = NULL;
vb@955	859	const char *user_id = NULL;
vb@955	860	PEP_comm_type comm_type = PEP_ct_unknown;
vb@955	861	const char *lang = NULL;
vb@955	862	unsigned int flags = 0;
Edouard@584	863
vb@955	864	identity_list *_bl = _own_identities;
Edouard@584	865	do {
edouard@1412	866	sqlite3_bind_int(session->own_identities_retrieve, 1, excluded_flags);
vb@955	867	result = sqlite3_step(session->own_identities_retrieve);
Edouard@584	868	switch (result) {
Edouard@584	869	case SQLITE_ROW:
vb@955	870	address = (const char *)
vb@955	871	sqlite3_column_text(session->own_identities_retrieve, 0);
vb@955	872	fpr = (const char *)
vb@955	873	sqlite3_column_text(session->own_identities_retrieve, 1);
vb@1071	874	user_id = PEP_OWN_USERID;
vb@1071	875	username = (const char *)
vb@1069	876	sqlite3_column_text(session->own_identities_retrieve, 2);
vb@1071	877	comm_type = PEP_ct_pEp;
vb@1071	878	lang = (const char *)
vb@955	879	sqlite3_column_text(session->own_identities_retrieve, 3);
vb@1071	880	flags = (unsigned int)
edouard@1444	881	sqlite3_column_int(session->own_identities_retrieve, 4);
vb@955	882
vb@1078	883	pEp_identity *ident = new_identity(address, fpr, user_id, username);
vb@1079	884	if (!ident)
Edouard@584	885	goto enomem;
vb@955	886	ident->comm_type = comm_type;
vb@955	887	if (lang && lang[0]) {
vb@955	888	ident->lang[0] = lang[0];
vb@955	889	ident->lang[1] = lang[1];
vb@1078	890	ident->lang[2] = 0;
vb@955	891	}
vb@1068	892	ident->me = true;
vb@955	893	ident->flags = flags;
vb@955	894
vb@955	895	_bl = identity_list_add(_bl, ident);
vb@1080	896	if (_bl == NULL) {
vb@1080	897	free_identity(ident);
vb@983	898	goto enomem;
vb@1080	899	}
Edouard@584	900
Edouard@584	901	break;
Edouard@584	902
Edouard@584	903	case SQLITE_DONE:
Edouard@584	904	break;
Edouard@584	905
Edouard@584	906	default:
Edouard@584	907	status = PEP_UNKNOWN_ERROR;
Edouard@584	908	result = SQLITE_DONE;
Edouard@584	909	}
Edouard@584	910	} while (result != SQLITE_DONE);
Edouard@584	911
vb@955	912	sqlite3_reset(session->own_identities_retrieve);
Edouard@584	913	if (status == PEP_STATUS_OK)
vb@955	914	*own_identities = _own_identities;
Edouard@584	915	else
vb@955	916	free_identity_list(_own_identities);
Edouard@584	917
Edouard@584	918	goto the_end;
Edouard@584	919
Edouard@584	920	enomem:
vb@955	921	free_identity_list(_own_identities);
Edouard@584	922	status = PEP_OUT_OF_MEMORY;
Edouard@584	923
Edouard@584	924	the_end:
Edouard@584	925	return status;
Edouard@584	926	}
vb@955	927
edouard@1412	928	DYNAMIC_API PEP_STATUS own_identities_retrieve(
edouard@1364	929	PEP_SESSION session,
edouard@1412	930	identity_list **own_identities
edouard@1412	931	)
edouard@1412	932	{
edouard@1412	933	return _own_identities_retrieve(session, own_identities, 0);
edouard@1412	934	}
edouard@1412	935
edouard@1412	936	PEP_STATUS _own_keys_retrieve(
edouard@1412	937	PEP_SESSION session,
edouard@1412	938	stringlist_t **keylist,
edouard@1412	939	identity_flags_t excluded_flags
edouard@1364	940	)
edouard@1364	941	{
edouard@1364	942	PEP_STATUS status = PEP_STATUS_OK;
edouard@1364	943
edouard@1364	944	assert(session && keylist);
edouard@1364	945	if (!(session && keylist))
edouard@1364	946	return PEP_ILLEGAL_VALUE;
edouard@1364	947
edouard@1364	948	*keylist = NULL;
edouard@1364	949	stringlist_t *_keylist = NULL;
edouard@1364	950
edouard@1394	951	sqlite3_reset(session->own_keys_retrieve);
edouard@1364	952
edouard@1364	953	int result;
edouard@1364	954	char *fpr = NULL;
edouard@1364	955
edouard@1364	956	stringlist_t *_bl = _keylist;
edouard@1364	957	do {
edouard@1412	958	sqlite3_bind_int(session->own_keys_retrieve, 1, excluded_flags);
edouard@1394	959	result = sqlite3_step(session->own_keys_retrieve);
edouard@1364	960	switch (result) {
edouard@1364	961	case SQLITE_ROW:
edouard@1394	962	fpr = strdup((const char *) sqlite3_column_text(session->own_keys_retrieve, 0));
edouard@1364	963	if(fpr == NULL)
edouard@1364	964	goto enomem;
edouard@1364	965
edouard@1364	966	_bl = stringlist_add(_bl, fpr);
edouard@1364	967	if (_bl == NULL) {
edouard@1364	968	free(fpr);
edouard@1364	969	goto enomem;
edouard@1364	970	}
edouard@1364	971	if (_keylist == NULL)
edouard@1364	972	_keylist = _bl;
edouard@1364	973
edouard@1364	974	break;
edouard@1364	975
edouard@1364	976	case SQLITE_DONE:
edouard@1364	977	break;
edouard@1364	978
edouard@1364	979	default:
edouard@1364	980	status = PEP_UNKNOWN_ERROR;
edouard@1364	981	result = SQLITE_DONE;
edouard@1364	982	}
edouard@1364	983	} while (result != SQLITE_DONE);
edouard@1364	984
edouard@1394	985	sqlite3_reset(session->own_keys_retrieve);
edouard@1364	986	if (status == PEP_STATUS_OK)
edouard@1364	987	*keylist = _keylist;
edouard@1364	988	else
edouard@1364	989	free_stringlist(_keylist);
edouard@1364	990
edouard@1364	991	goto the_end;
edouard@1364	992
edouard@1364	993	enomem:
edouard@1364	994	free_stringlist(_keylist);
edouard@1364	995	status = PEP_OUT_OF_MEMORY;
edouard@1364	996
edouard@1364	997	the_end:
edouard@1364	998	return status;
edouard@1364	999	}
edouard@1364	1000
edouard@1412	1001	DYNAMIC_API PEP_STATUS own_keys_retrieve(PEP_SESSION session, stringlist_t **keylist)
edouard@1412	1002	{
edouard@1412	1003	return _own_keys_retrieve(session, keylist, 0);
edouard@1412	1004	}
edouard@1412	1005
edouard@1394	1006	// TODO: Unused for now, but should be used when sync receive old keys (ENGINE-145)
edouard@1394	1007	DYNAMIC_API PEP_STATUS set_own_key(
edouard@1394	1008	PEP_SESSION session,
edouard@1394	1009	const char *address,
edouard@1394	1010	const char *fpr
edouard@1394	1011	)
edouard@1394	1012	{
edouard@1394	1013	PEP_STATUS status = PEP_STATUS_OK;
edouard@1394	1014
edouard@1394	1015	assert(session &&
edouard@1394	1016	address && address[0] &&
edouard@1394	1017	fpr && fpr[0]
edouard@1394	1018	);
edouard@1394	1019
edouard@1394	1020	if (!(session &&
edouard@1394	1021	address && address[0] &&
edouard@1394	1022	fpr && fpr[0]
edouard@1394	1023	))
edouard@1394	1024	return PEP_ILLEGAL_VALUE;
edouard@1394	1025
edouard@1394	1026	sqlite3_reset(session->set_own_key);
edouard@1394	1027	sqlite3_bind_text(session->set_own_key, 1, address, -1, SQLITE_STATIC);
edouard@1394	1028	sqlite3_bind_text(session->set_own_key, 2, fpr, -1, SQLITE_STATIC);
edouard@1394	1029
edouard@1394	1030	int result;
edouard@1394	1031
edouard@1394	1032	result = sqlite3_step(session->set_own_key);
edouard@1394	1033	switch (result) {
edouard@1394	1034	case SQLITE_DONE:
edouard@1394	1035	status = PEP_STATUS_OK;
edouard@1394	1036	break;
edouard@1394	1037
edouard@1394	1038	default:
edouard@1394	1039	status = PEP_UNKNOWN_ERROR;
edouard@1394	1040	}
edouard@1394	1041
edouard@1394	1042	sqlite3_reset(session->set_own_key);
edouard@1394	1043	return status;
edouard@1394	1044	}
krista@1357	1045
krista@1357	1046	PEP_STATUS contains_priv_key(PEP_SESSION session, const char *fpr,
krista@1357	1047	bool *has_private) {
krista@1357	1048
krista@1357	1049	assert(session);
krista@1357	1050	assert(fpr);
krista@1357	1051	assert(has_private);
krista@1357	1052
krista@1357	1053	if (!(session && fpr && has_private))
krista@1357	1054	return PEP_ILLEGAL_VALUE;
krista@1357	1055
krista@1357	1056	return session->cryptotech[PEP_crypt_OpenPGP].contains_priv_key(session, fpr, has_private);
edouard@1385	1057	}

author	Edouard Tisserant <edouard@pep-project.org>
	Tue, 20 Dec 2016 14:07:45 +0100
branch	ENGINE-137
changeset 1502	ab5de5449d7d
parent 1501	a47ea9fdbd81
child 1506	fc7d96185247
child 1517	f29830f1c407
permissions	-rw-r--r--