vb@130
|
1 |
#include "platform.h"
|
vb@0
|
2 |
|
vb@0
|
3 |
#include <string.h>
|
vb@0
|
4 |
#include <stdio.h>
|
vb@0
|
5 |
#include <stdlib.h>
|
vb@0
|
6 |
#include <assert.h>
|
Edouard@512
|
7 |
#include <ctype.h>
|
vb@0
|
8 |
|
vb@217
|
9 |
#include "pEp_internal.h"
|
vb@0
|
10 |
#include "keymanagement.h"
|
vb@0
|
11 |
|
Edouard@439
|
12 |
#ifndef EMPTYSTR
|
roker@500
|
13 |
#define EMPTYSTR(STR) ((STR) == NULL || (STR)[0] == '\0')
|
vb@8
|
14 |
#endif
|
vb@8
|
15 |
|
vb@214
|
16 |
#define KEY_EXPIRE_DELTA (60 * 60 * 24 * 365)
|
vb@214
|
17 |
|
Edouard@512
|
18 |
// Space tolerant and case insensitive fingerprint string compare
|
Edouard@512
|
19 |
static int _same_fpr(
|
Edouard@512
|
20 |
const char* fpra,
|
Edouard@512
|
21 |
size_t fpras,
|
Edouard@512
|
22 |
const char* fprb,
|
Edouard@512
|
23 |
size_t fprbs
|
Edouard@512
|
24 |
)
|
Edouard@512
|
25 |
{
|
Edouard@512
|
26 |
size_t ai = 0;
|
Edouard@512
|
27 |
size_t bi = 0;
|
Edouard@512
|
28 |
|
Edouard@544
|
29 |
do
|
Edouard@544
|
30 |
{
|
Edouard@544
|
31 |
if(fpra[ai] == 0 || fprb[bi] == 0)
|
Edouard@544
|
32 |
{
|
Edouard@512
|
33 |
return 0;
|
Edouard@544
|
34 |
}
|
Edouard@544
|
35 |
else if(fpra[ai] == ' ')
|
Edouard@544
|
36 |
{
|
Edouard@512
|
37 |
ai++;
|
Edouard@544
|
38 |
}
|
Edouard@544
|
39 |
else if(fprb[bi] == ' ')
|
Edouard@544
|
40 |
{
|
Edouard@512
|
41 |
bi++;
|
Edouard@544
|
42 |
}
|
Edouard@544
|
43 |
else if(toupper(fpra[ai]) == toupper(fprb[bi]))
|
Edouard@544
|
44 |
{
|
Edouard@512
|
45 |
ai++;
|
Edouard@512
|
46 |
bi++;
|
Edouard@512
|
47 |
}
|
Edouard@544
|
48 |
else
|
Edouard@544
|
49 |
{
|
Edouard@544
|
50 |
return 0;
|
Edouard@544
|
51 |
}
|
Edouard@544
|
52 |
|
Edouard@544
|
53 |
}
|
Edouard@544
|
54 |
while(ai < fpras && bi < fprbs);
|
Edouard@512
|
55 |
|
Edouard@512
|
56 |
return ai == fpras && bi == fprbs;
|
Edouard@512
|
57 |
}
|
Edouard@512
|
58 |
|
Edouard@774
|
59 |
PEP_STATUS elect_pubkey(
|
Edouard@755
|
60 |
PEP_SESSION session, pEp_identity * identity
|
Edouard@755
|
61 |
)
|
Edouard@755
|
62 |
{
|
Edouard@755
|
63 |
PEP_STATUS status;
|
Edouard@755
|
64 |
stringlist_t *keylist;
|
Edouard@755
|
65 |
char *_fpr = NULL;
|
Edouard@755
|
66 |
identity->comm_type = PEP_ct_unknown;
|
Edouard@755
|
67 |
|
Edouard@755
|
68 |
status = find_keys(session, identity->address, &keylist);
|
Edouard@755
|
69 |
assert(status != PEP_OUT_OF_MEMORY);
|
Edouard@755
|
70 |
if (status == PEP_OUT_OF_MEMORY)
|
Edouard@755
|
71 |
return PEP_OUT_OF_MEMORY;
|
Edouard@755
|
72 |
|
Edouard@755
|
73 |
stringlist_t *_keylist;
|
Edouard@755
|
74 |
for (_keylist = keylist; _keylist && _keylist->value; _keylist = _keylist->next) {
|
Edouard@755
|
75 |
PEP_comm_type _comm_type_key;
|
Edouard@755
|
76 |
|
Edouard@755
|
77 |
status = get_key_rating(session, _keylist->value, &_comm_type_key);
|
Edouard@755
|
78 |
assert(status != PEP_OUT_OF_MEMORY);
|
Edouard@755
|
79 |
if (status == PEP_OUT_OF_MEMORY) {
|
Edouard@755
|
80 |
free_stringlist(keylist);
|
Edouard@755
|
81 |
return PEP_OUT_OF_MEMORY;
|
Edouard@755
|
82 |
}
|
Edouard@755
|
83 |
|
Edouard@755
|
84 |
if (_comm_type_key != PEP_ct_compromized &&
|
Edouard@755
|
85 |
_comm_type_key != PEP_ct_unknown)
|
Edouard@755
|
86 |
{
|
Edouard@755
|
87 |
if (identity->comm_type == PEP_ct_unknown ||
|
Edouard@755
|
88 |
_comm_type_key > identity->comm_type)
|
Edouard@755
|
89 |
{
|
Edouard@755
|
90 |
identity->comm_type = _comm_type_key;
|
Edouard@755
|
91 |
_fpr = _keylist->value;
|
Edouard@755
|
92 |
}
|
Edouard@755
|
93 |
}
|
Edouard@755
|
94 |
}
|
Edouard@755
|
95 |
|
Edouard@755
|
96 |
if (_fpr) {
|
Edouard@755
|
97 |
free(identity->fpr);
|
Edouard@755
|
98 |
|
Edouard@755
|
99 |
identity->fpr = strdup(_fpr);
|
Edouard@755
|
100 |
if (identity->fpr == NULL) {
|
Edouard@755
|
101 |
free_stringlist(keylist);
|
Edouard@755
|
102 |
return PEP_OUT_OF_MEMORY;
|
Edouard@755
|
103 |
}
|
Edouard@755
|
104 |
}
|
Edouard@755
|
105 |
free_stringlist(keylist);
|
Edouard@755
|
106 |
return PEP_STATUS_OK;
|
Edouard@755
|
107 |
}
|
Edouard@755
|
108 |
|
vb@0
|
109 |
DYNAMIC_API PEP_STATUS update_identity(
|
vb@0
|
110 |
PEP_SESSION session, pEp_identity * identity
|
vb@0
|
111 |
)
|
vb@0
|
112 |
{
|
vb@0
|
113 |
pEp_identity *stored_identity;
|
vb@0
|
114 |
PEP_STATUS status;
|
vb@0
|
115 |
|
vb@0
|
116 |
assert(session);
|
vb@0
|
117 |
assert(identity);
|
Edouard@439
|
118 |
assert(!EMPTYSTR(identity->address));
|
vb@0
|
119 |
|
Edouard@439
|
120 |
if (!(session && identity && !EMPTYSTR(identity->address)))
|
vb@191
|
121 |
return PEP_ILLEGAL_VALUE;
|
vb@191
|
122 |
|
Edouard@559
|
123 |
int _no_user_id = EMPTYSTR(identity->user_id);
|
edouard@1164
|
124 |
int _did_elect_new_key = 0;
|
Edouard@559
|
125 |
|
Edouard@559
|
126 |
if (_no_user_id)
|
Edouard@559
|
127 |
{
|
Edouard@559
|
128 |
free(identity->user_id);
|
Edouard@559
|
129 |
|
vb@591
|
130 |
identity->user_id = calloc(1, strlen(identity->address) + 6);
|
Edouard@562
|
131 |
if (!identity->user_id)
|
Edouard@559
|
132 |
{
|
Edouard@562
|
133 |
return PEP_OUT_OF_MEMORY;
|
Edouard@559
|
134 |
}
|
vb@983
|
135 |
snprintf(identity->user_id, strlen(identity->address) + 6,
|
Edouard@562
|
136 |
"TOFU_%s", identity->address);
|
Edouard@559
|
137 |
}
|
vb@934
|
138 |
|
Edouard@559
|
139 |
status = get_identity(session,
|
Edouard@559
|
140 |
identity->address,
|
Edouard@559
|
141 |
identity->user_id,
|
Edouard@559
|
142 |
&stored_identity);
|
Edouard@559
|
143 |
|
vb@0
|
144 |
assert(status != PEP_OUT_OF_MEMORY);
|
vb@0
|
145 |
if (status == PEP_OUT_OF_MEMORY)
|
Edouard@829
|
146 |
goto exit_free;
|
vb@0
|
147 |
|
krista@1188
|
148 |
/* We elect a pubkey first in case there's no acceptable stored fpr */
|
krista@1220
|
149 |
pEp_identity* temp_id = identity_dup(identity);
|
krista@1220
|
150 |
|
krista@1220
|
151 |
status = elect_pubkey(session, temp_id);
|
krista@1185
|
152 |
if (status != PEP_STATUS_OK)
|
krista@1185
|
153 |
goto exit_free;
|
krista@1188
|
154 |
|
vb@14
|
155 |
if (stored_identity) {
|
vb@14
|
156 |
PEP_comm_type _comm_type_key;
|
krista@1188
|
157 |
|
krista@1188
|
158 |
bool dont_use_fpr = true;
|
krista@1220
|
159 |
|
krista@1220
|
160 |
/* if we have a stored_identity fpr */
|
krista@1220
|
161 |
if (!EMPTYSTR(stored_identity->fpr)) {
|
krista@1220
|
162 |
status = blacklist_is_listed(session, stored_identity->fpr, &dont_use_fpr);
|
krista@1220
|
163 |
if (status != PEP_STATUS_OK)
|
krista@1220
|
164 |
dont_use_fpr = true;
|
krista@1220
|
165 |
}
|
krista@1188
|
166 |
|
krista@1220
|
167 |
|
krista@1220
|
168 |
if (!dont_use_fpr) {
|
krista@1220
|
169 |
free(temp_id->fpr);
|
krista@1220
|
170 |
temp_id->fpr = strdup(stored_identity->fpr);
|
krista@1220
|
171 |
assert(temp_id->fpr);
|
krista@1220
|
172 |
if (temp_id->fpr == NULL) {
|
krista@1220
|
173 |
status = PEP_OUT_OF_MEMORY;
|
krista@1188
|
174 |
goto exit_free;
|
krista@1220
|
175 |
}
|
krista@1220
|
176 |
}
|
krista@1220
|
177 |
else if (!EMPTYSTR(temp_id->fpr)) {
|
krista@1220
|
178 |
status = blacklist_is_listed(session, temp_id->fpr, &dont_use_fpr);
|
krista@1188
|
179 |
if (dont_use_fpr) {
|
krista@1220
|
180 |
free(temp_id->fpr);
|
krista@1220
|
181 |
temp_id->fpr = strdup("");
|
krista@1188
|
182 |
}
|
krista@1188
|
183 |
else {
|
krista@1188
|
184 |
_did_elect_new_key = 1;
|
krista@1188
|
185 |
}
|
krista@1188
|
186 |
}
|
krista@1188
|
187 |
else {
|
krista@1220
|
188 |
if (temp_id->fpr == NULL)
|
krista@1220
|
189 |
temp_id->fpr = strdup("");
|
krista@1188
|
190 |
}
|
krista@1188
|
191 |
|
krista@1220
|
192 |
/* ok, from here on out, use temp_id */
|
krista@1220
|
193 |
|
krista@1220
|
194 |
|
krista@1220
|
195 |
/* At this point, we either have a non-blacklisted fpr we can work */
|
krista@1220
|
196 |
/* with, or we've got nada. */
|
krista@1220
|
197 |
if (!EMPTYSTR(temp_id->fpr)) {
|
krista@1220
|
198 |
status = get_key_rating(session, temp_id->fpr, &_comm_type_key);
|
krista@1188
|
199 |
assert(status != PEP_OUT_OF_MEMORY);
|
krista@1188
|
200 |
if (status == PEP_OUT_OF_MEMORY)
|
krista@1188
|
201 |
goto exit_free;
|
krista@1220
|
202 |
status = get_trust(session, temp_id);
|
krista@1188
|
203 |
if (status == PEP_OUT_OF_MEMORY)
|
krista@1188
|
204 |
goto exit_free;
|
krista@1188
|
205 |
if (_comm_type_key < PEP_ct_unconfirmed_encryption) {
|
krista@1220
|
206 |
temp_id->comm_type = _comm_type_key;
|
krista@1188
|
207 |
} else{
|
krista@1220
|
208 |
temp_id->comm_type = stored_identity->comm_type;
|
krista@1220
|
209 |
if (temp_id->comm_type == PEP_ct_unknown) {
|
krista@1220
|
210 |
temp_id->comm_type = _comm_type_key;
|
krista@1188
|
211 |
}
|
krista@1188
|
212 |
}
|
krista@1188
|
213 |
}
|
krista@1188
|
214 |
|
krista@1220
|
215 |
if (EMPTYSTR(temp_id->username)) {
|
krista@1220
|
216 |
free(temp_id->username);
|
krista@1220
|
217 |
temp_id->username = strdup(stored_identity->username);
|
krista@1220
|
218 |
assert(temp_id->username);
|
krista@1220
|
219 |
if (temp_id->username == NULL){
|
Edouard@829
|
220 |
status = PEP_OUT_OF_MEMORY;
|
Edouard@829
|
221 |
goto exit_free;
|
Edouard@829
|
222 |
}
|
vb@22
|
223 |
}
|
vb@22
|
224 |
|
krista@1220
|
225 |
if (temp_id->lang[0] == 0) {
|
krista@1220
|
226 |
temp_id->lang[0] = stored_identity->lang[0];
|
krista@1220
|
227 |
temp_id->lang[1] = stored_identity->lang[1];
|
krista@1220
|
228 |
temp_id->lang[2] = 0;
|
vb@21
|
229 |
}
|
vb@932
|
230 |
|
krista@1220
|
231 |
temp_id->flags = stored_identity->flags;
|
vb@21
|
232 |
}
|
vb@21
|
233 |
else /* stored_identity == NULL */ {
|
krista@1220
|
234 |
temp_id->flags = 0;
|
vb@934
|
235 |
|
krista@1188
|
236 |
/* Work with the elected key from above */
|
krista@1220
|
237 |
if (!EMPTYSTR(temp_id->fpr)) {
|
krista@1196
|
238 |
|
krista@1196
|
239 |
bool dont_use_fpr = true;
|
krista@1220
|
240 |
status = blacklist_is_listed(session, temp_id->fpr, &dont_use_fpr);
|
krista@1196
|
241 |
if (status != PEP_STATUS_OK)
|
krista@1196
|
242 |
dont_use_fpr = true;
|
krista@1196
|
243 |
|
krista@1196
|
244 |
if (!dont_use_fpr) {
|
krista@1196
|
245 |
PEP_comm_type _comm_type_key;
|
vb@21
|
246 |
|
krista@1220
|
247 |
status = get_key_rating(session, temp_id->fpr, &_comm_type_key);
|
krista@1196
|
248 |
assert(status != PEP_OUT_OF_MEMORY);
|
krista@1196
|
249 |
if (status == PEP_OUT_OF_MEMORY)
|
krista@1196
|
250 |
goto exit_free;
|
vb@21
|
251 |
|
krista@1220
|
252 |
temp_id->comm_type = _comm_type_key;
|
krista@1196
|
253 |
}
|
krista@1196
|
254 |
else {
|
krista@1220
|
255 |
free(temp_id->fpr);
|
krista@1220
|
256 |
temp_id->fpr = strdup("");
|
krista@1196
|
257 |
}
|
vb@21
|
258 |
}
|
vb@21
|
259 |
}
|
vb@21
|
260 |
|
krista@1220
|
261 |
if (temp_id->fpr == NULL)
|
krista@1220
|
262 |
temp_id->fpr = strdup("");
|
krista@1193
|
263 |
|
krista@1193
|
264 |
|
vb@21
|
265 |
status = PEP_STATUS_OK;
|
vb@21
|
266 |
|
krista@1220
|
267 |
if (temp_id->comm_type != PEP_ct_unknown && !EMPTYSTR(temp_id->user_id)) {
|
krista@1220
|
268 |
assert(!EMPTYSTR(temp_id->username)); // this should not happen
|
vb@22
|
269 |
|
krista@1220
|
270 |
if (EMPTYSTR(temp_id->username)) { // mitigate
|
krista@1220
|
271 |
free(temp_id->username);
|
krista@1220
|
272 |
temp_id->username = strdup("anonymous");
|
krista@1220
|
273 |
assert(temp_id->username);
|
krista@1220
|
274 |
if (temp_id->username == NULL){
|
Edouard@829
|
275 |
status = PEP_OUT_OF_MEMORY;
|
Edouard@829
|
276 |
goto exit_free;
|
Edouard@829
|
277 |
}
|
vb@0
|
278 |
}
|
vb@8
|
279 |
|
Edouard@755
|
280 |
// Identity doesn't get stored if call was just about checking existing
|
Edouard@755
|
281 |
// user by address (i.e. no user id given but already stored)
|
edouard@1164
|
282 |
if (!(_no_user_id && stored_identity) || _did_elect_new_key)
|
Edouard@559
|
283 |
{
|
krista@1220
|
284 |
status = set_identity(session, temp_id);
|
Edouard@559
|
285 |
assert(status == PEP_STATUS_OK);
|
Edouard@559
|
286 |
if (status != PEP_STATUS_OK) {
|
Edouard@829
|
287 |
goto exit_free;
|
Edouard@559
|
288 |
}
|
Edouard@499
|
289 |
}
|
vb@8
|
290 |
}
|
vb@8
|
291 |
|
krista@1220
|
292 |
if (temp_id->comm_type != PEP_ct_compromized &&
|
krista@1220
|
293 |
temp_id->comm_type < PEP_ct_strong_but_unconfirmed)
|
vb@297
|
294 |
if (session->examine_identity)
|
krista@1220
|
295 |
session->examine_identity(temp_id, session->examine_management);
|
krista@1220
|
296 |
|
krista@1220
|
297 |
/* ok, we got to the end. So we can assign the output identity */
|
krista@1220
|
298 |
free(identity->address);
|
krista@1220
|
299 |
identity->address = strdup(temp_id->address);
|
krista@1220
|
300 |
free(identity->fpr);
|
krista@1220
|
301 |
identity->fpr = strdup(temp_id->fpr);
|
krista@1220
|
302 |
free(identity->user_id);
|
krista@1220
|
303 |
identity->user_id = strdup(temp_id->user_id);
|
krista@1220
|
304 |
free(identity->username);
|
krista@1220
|
305 |
identity->username = strdup(temp_id->username);
|
krista@1220
|
306 |
identity->comm_type = temp_id->comm_type;
|
krista@1220
|
307 |
identity->lang[0] = temp_id->lang[0];
|
krista@1220
|
308 |
identity->lang[1] = temp_id->lang[1];
|
krista@1220
|
309 |
identity->lang[2] = 0;
|
krista@1220
|
310 |
identity->me = temp_id->me;
|
krista@1220
|
311 |
identity->flags = temp_id->flags;
|
vb@297
|
312 |
|
Edouard@829
|
313 |
exit_free :
|
Edouard@829
|
314 |
|
Edouard@829
|
315 |
if (stored_identity){
|
Edouard@829
|
316 |
free_identity(stored_identity);
|
Edouard@829
|
317 |
}
|
Edouard@829
|
318 |
|
krista@1220
|
319 |
if (temp_id)
|
krista@1220
|
320 |
free_identity(temp_id);
|
krista@1220
|
321 |
|
vb@8
|
322 |
return status;
|
vb@0
|
323 |
}
|
vb@0
|
324 |
|
Edouard@774
|
325 |
PEP_STATUS elect_ownkey(
|
krista@1194
|
326 |
PEP_SESSION session, pEp_identity * identity
|
Edouard@774
|
327 |
)
|
Edouard@774
|
328 |
{
|
Edouard@774
|
329 |
PEP_STATUS status;
|
Edouard@774
|
330 |
stringlist_t *keylist = NULL;
|
Edouard@774
|
331 |
|
Edouard@774
|
332 |
free(identity->fpr);
|
Edouard@774
|
333 |
identity->fpr = NULL;
|
Edouard@774
|
334 |
|
Edouard@774
|
335 |
status = find_keys(session, identity->address, &keylist);
|
Edouard@774
|
336 |
assert(status != PEP_OUT_OF_MEMORY);
|
Edouard@774
|
337 |
if (status == PEP_OUT_OF_MEMORY)
|
Edouard@774
|
338 |
return PEP_OUT_OF_MEMORY;
|
Edouard@774
|
339 |
|
Edouard@774
|
340 |
if (keylist != NULL && keylist->value != NULL)
|
Edouard@774
|
341 |
{
|
Edouard@774
|
342 |
char *_fpr = NULL;
|
Edouard@774
|
343 |
identity->comm_type = PEP_ct_unknown;
|
Edouard@774
|
344 |
|
Edouard@774
|
345 |
stringlist_t *_keylist;
|
Edouard@774
|
346 |
for (_keylist = keylist; _keylist && _keylist->value; _keylist = _keylist->next) {
|
Edouard@774
|
347 |
bool is_own = false;
|
Edouard@774
|
348 |
|
Edouard@774
|
349 |
if (session->use_only_own_private_keys)
|
Edouard@774
|
350 |
{
|
Edouard@774
|
351 |
status = own_key_is_listed(session, _keylist->value, &is_own);
|
Edouard@774
|
352 |
assert(status == PEP_STATUS_OK);
|
Edouard@774
|
353 |
if (status != PEP_STATUS_OK) {
|
Edouard@774
|
354 |
free_stringlist(keylist);
|
Edouard@774
|
355 |
return status;
|
Edouard@774
|
356 |
}
|
Edouard@774
|
357 |
}
|
Edouard@774
|
358 |
|
Edouard@774
|
359 |
// TODO : also accept synchronized device group keys ?
|
Edouard@774
|
360 |
|
Edouard@774
|
361 |
if (!session->use_only_own_private_keys || is_own)
|
Edouard@774
|
362 |
{
|
Edouard@774
|
363 |
PEP_comm_type _comm_type_key;
|
Edouard@774
|
364 |
|
Edouard@774
|
365 |
status = get_key_rating(session, _keylist->value, &_comm_type_key);
|
Edouard@774
|
366 |
assert(status != PEP_OUT_OF_MEMORY);
|
Edouard@774
|
367 |
if (status == PEP_OUT_OF_MEMORY) {
|
Edouard@774
|
368 |
free_stringlist(keylist);
|
Edouard@774
|
369 |
return PEP_OUT_OF_MEMORY;
|
Edouard@774
|
370 |
}
|
Edouard@774
|
371 |
|
Edouard@774
|
372 |
if (_comm_type_key != PEP_ct_compromized &&
|
Edouard@774
|
373 |
_comm_type_key != PEP_ct_unknown)
|
Edouard@774
|
374 |
{
|
Edouard@774
|
375 |
if (identity->comm_type == PEP_ct_unknown ||
|
Edouard@774
|
376 |
_comm_type_key > identity->comm_type)
|
Edouard@774
|
377 |
{
|
Edouard@774
|
378 |
identity->comm_type = _comm_type_key;
|
Edouard@774
|
379 |
_fpr = _keylist->value;
|
Edouard@774
|
380 |
}
|
Edouard@774
|
381 |
}
|
Edouard@774
|
382 |
}
|
Edouard@774
|
383 |
}
|
Edouard@774
|
384 |
|
Edouard@774
|
385 |
if (_fpr)
|
Edouard@774
|
386 |
{
|
Edouard@774
|
387 |
identity->fpr = strdup(_fpr);
|
Edouard@774
|
388 |
assert(identity->fpr);
|
Edouard@774
|
389 |
if (identity->fpr == NULL)
|
Edouard@774
|
390 |
{
|
Edouard@774
|
391 |
free_stringlist(keylist);
|
Edouard@774
|
392 |
return PEP_OUT_OF_MEMORY;
|
Edouard@774
|
393 |
}
|
Edouard@774
|
394 |
}
|
Edouard@774
|
395 |
free_stringlist(keylist);
|
Edouard@774
|
396 |
}
|
Edouard@774
|
397 |
return PEP_STATUS_OK;
|
Edouard@774
|
398 |
}
|
Edouard@774
|
399 |
|
vb@0
|
400 |
DYNAMIC_API PEP_STATUS myself(PEP_SESSION session, pEp_identity * identity)
|
vb@0
|
401 |
{
|
Edouard@560
|
402 |
pEp_identity *stored_identity;
|
vb@0
|
403 |
PEP_STATUS status;
|
vb@0
|
404 |
|
vb@0
|
405 |
assert(session);
|
vb@0
|
406 |
assert(identity);
|
vb@0
|
407 |
assert(identity->address);
|
vb@0
|
408 |
assert(identity->username);
|
Edouard@658
|
409 |
assert(EMPTYSTR(identity->user_id) ||
|
Edouard@658
|
410 |
strcmp(identity->user_id, PEP_OWN_USERID) == 0);
|
vb@0
|
411 |
|
vb@191
|
412 |
if (!(session && identity && identity->address && identity->username &&
|
Edouard@658
|
413 |
(EMPTYSTR(identity->user_id) ||
|
Edouard@658
|
414 |
strcmp(identity->user_id, PEP_OWN_USERID) == 0)))
|
vb@191
|
415 |
return PEP_ILLEGAL_VALUE;
|
vb@191
|
416 |
|
vb@0
|
417 |
identity->comm_type = PEP_ct_pEp;
|
vb@0
|
418 |
identity->me = true;
|
Edouard@658
|
419 |
|
Edouard@658
|
420 |
if(EMPTYSTR(identity->user_id))
|
Edouard@658
|
421 |
{
|
Edouard@658
|
422 |
free(identity->user_id);
|
Edouard@658
|
423 |
identity->user_id = strdup(PEP_OWN_USERID);
|
Edouard@658
|
424 |
assert(identity->user_id);
|
Edouard@658
|
425 |
if (identity->user_id == NULL)
|
Edouard@658
|
426 |
{
|
Edouard@658
|
427 |
return PEP_OUT_OF_MEMORY;
|
Edouard@658
|
428 |
}
|
Edouard@658
|
429 |
}
|
vb@0
|
430 |
|
vb@215
|
431 |
DEBUG_LOG("myself", "debug", identity->address);
|
Edouard@560
|
432 |
|
Edouard@560
|
433 |
status = get_identity(session,
|
Edouard@560
|
434 |
identity->address,
|
Edouard@560
|
435 |
identity->user_id,
|
Edouard@560
|
436 |
&stored_identity);
|
Edouard@560
|
437 |
|
vb@0
|
438 |
assert(status != PEP_OUT_OF_MEMORY);
|
vb@0
|
439 |
if (status == PEP_OUT_OF_MEMORY)
|
vb@0
|
440 |
return PEP_OUT_OF_MEMORY;
|
Edouard@560
|
441 |
|
Edouard@560
|
442 |
if (stored_identity)
|
Edouard@560
|
443 |
{
|
Edouard@560
|
444 |
if (EMPTYSTR(identity->fpr)) {
|
vb@591
|
445 |
identity->fpr = strdup(stored_identity->fpr);
|
Edouard@560
|
446 |
assert(identity->fpr);
|
Edouard@560
|
447 |
if (identity->fpr == NULL)
|
Edouard@560
|
448 |
{
|
Edouard@560
|
449 |
return PEP_OUT_OF_MEMORY;
|
Edouard@560
|
450 |
}
|
Edouard@560
|
451 |
}
|
vb@932
|
452 |
|
vb@932
|
453 |
identity->flags = stored_identity->flags;
|
Edouard@588
|
454 |
}
|
Edouard@588
|
455 |
else if (!EMPTYSTR(identity->fpr))
|
Edouard@588
|
456 |
{
|
Edouard@588
|
457 |
// App must have a good reason to give fpr, such as explicit
|
Edouard@588
|
458 |
// import of private key, or similar.
|
Edouard@588
|
459 |
|
Edouard@658
|
460 |
// Take given fpr as-is.
|
vb@934
|
461 |
|
vb@934
|
462 |
identity->flags = 0;
|
Edouard@560
|
463 |
}
|
Edouard@560
|
464 |
else
|
Edouard@560
|
465 |
{
|
Edouard@774
|
466 |
status = elect_ownkey(session, identity);
|
Edouard@774
|
467 |
assert(status == PEP_STATUS_OK);
|
Edouard@774
|
468 |
if (status != PEP_STATUS_OK) {
|
Edouard@774
|
469 |
return status;
|
Edouard@560
|
470 |
}
|
vb@934
|
471 |
|
vb@934
|
472 |
identity->flags = 0;
|
Edouard@560
|
473 |
}
|
Edouard@695
|
474 |
|
Edouard@695
|
475 |
bool revoked = false;
|
Edouard@695
|
476 |
char *r_fpr = NULL;
|
Edouard@695
|
477 |
if (!EMPTYSTR(identity->fpr))
|
Edouard@695
|
478 |
{
|
Edouard@695
|
479 |
status = key_revoked(session, identity->fpr, &revoked);
|
Edouard@775
|
480 |
|
Edouard@775
|
481 |
// Forces re-election if key is missing and own-key-only not forced
|
Edouard@775
|
482 |
if (!session->use_only_own_private_keys && status == PEP_KEY_NOT_FOUND)
|
Edouard@775
|
483 |
{
|
Edouard@775
|
484 |
status = elect_ownkey(session, identity);
|
Edouard@775
|
485 |
assert(status == PEP_STATUS_OK);
|
Edouard@775
|
486 |
if (status != PEP_STATUS_OK) {
|
Edouard@775
|
487 |
return status;
|
Edouard@775
|
488 |
}
|
Edouard@775
|
489 |
}
|
Edouard@775
|
490 |
else if (status != PEP_STATUS_OK)
|
Edouard@775
|
491 |
{
|
Edouard@695
|
492 |
return status;
|
Edouard@695
|
493 |
}
|
Edouard@695
|
494 |
}
|
Edouard@560
|
495 |
|
Edouard@695
|
496 |
if (EMPTYSTR(identity->fpr) || revoked)
|
Edouard@695
|
497 |
{
|
Edouard@695
|
498 |
if(revoked)
|
Edouard@695
|
499 |
{
|
Edouard@697
|
500 |
r_fpr = identity->fpr;
|
Edouard@697
|
501 |
identity->fpr = NULL;
|
Edouard@695
|
502 |
}
|
Edouard@560
|
503 |
|
vb@215
|
504 |
DEBUG_LOG("generating key pair", "debug", identity->address);
|
vb@0
|
505 |
status = generate_keypair(session, identity);
|
vb@0
|
506 |
assert(status != PEP_OUT_OF_MEMORY);
|
vb@0
|
507 |
if (status != PEP_STATUS_OK) {
|
vb@0
|
508 |
char buf[11];
|
vb@0
|
509 |
snprintf(buf, 11, "%d", status);
|
vb@215
|
510 |
DEBUG_LOG("generating key pair failed", "debug", buf);
|
Edouard@695
|
511 |
if(revoked && r_fpr)
|
Edouard@695
|
512 |
free(r_fpr);
|
vb@0
|
513 |
return status;
|
vb@0
|
514 |
}
|
Edouard@560
|
515 |
|
Edouard@695
|
516 |
if(revoked)
|
Edouard@695
|
517 |
{
|
Edouard@695
|
518 |
status = set_revoked(session, r_fpr,
|
Edouard@695
|
519 |
identity->fpr, time(NULL));
|
Edouard@695
|
520 |
free(r_fpr);
|
Edouard@695
|
521 |
if (status != PEP_STATUS_OK) {
|
Edouard@695
|
522 |
return status;
|
Edouard@695
|
523 |
}
|
Edouard@371
|
524 |
}
|
vb@0
|
525 |
}
|
Edouard@560
|
526 |
else
|
Edouard@560
|
527 |
{
|
vb@214
|
528 |
bool expired;
|
Edouard@701
|
529 |
status = key_expired(session, identity->fpr,
|
Edouard@701
|
530 |
time(NULL) + (7*24*3600), // In a week
|
Edouard@701
|
531 |
&expired);
|
Edouard@701
|
532 |
|
vb@214
|
533 |
assert(status == PEP_STATUS_OK);
|
Edouard@499
|
534 |
if (status != PEP_STATUS_OK) {
|
Edouard@588
|
535 |
return status;
|
Edouard@499
|
536 |
}
|
vb@214
|
537 |
|
vb@214
|
538 |
if (status == PEP_STATUS_OK && expired) {
|
vb@214
|
539 |
timestamp *ts = new_timestamp(time(NULL) + KEY_EXPIRE_DELTA);
|
Edouard@560
|
540 |
renew_key(session, identity->fpr, ts);
|
vb@214
|
541 |
free_timestamp(ts);
|
vb@214
|
542 |
}
|
vb@214
|
543 |
}
|
vb@0
|
544 |
|
vb@0
|
545 |
status = set_identity(session, identity);
|
vb@0
|
546 |
assert(status == PEP_STATUS_OK);
|
Edouard@499
|
547 |
if (status != PEP_STATUS_OK) {
|
Edouard@588
|
548 |
return status;
|
Edouard@499
|
549 |
}
|
vb@0
|
550 |
|
vb@0
|
551 |
return PEP_STATUS_OK;
|
Edouard@499
|
552 |
|
vb@0
|
553 |
}
|
vb@0
|
554 |
|
vb@296
|
555 |
DYNAMIC_API PEP_STATUS register_examine_function(
|
vb@292
|
556 |
PEP_SESSION session,
|
vb@292
|
557 |
examine_identity_t examine_identity,
|
vb@292
|
558 |
void *management
|
vb@292
|
559 |
)
|
vb@292
|
560 |
{
|
vb@292
|
561 |
assert(session);
|
vb@292
|
562 |
if (!session)
|
vb@292
|
563 |
return PEP_ILLEGAL_VALUE;
|
vb@292
|
564 |
|
vb@292
|
565 |
session->examine_management = management;
|
vb@292
|
566 |
session->examine_identity = examine_identity;
|
vb@292
|
567 |
|
vb@292
|
568 |
return PEP_STATUS_OK;
|
vb@292
|
569 |
}
|
vb@292
|
570 |
|
vb@0
|
571 |
DYNAMIC_API PEP_STATUS do_keymanagement(
|
vb@0
|
572 |
retrieve_next_identity_t retrieve_next_identity,
|
vb@0
|
573 |
void *management
|
vb@0
|
574 |
)
|
vb@0
|
575 |
{
|
vb@0
|
576 |
PEP_SESSION session;
|
vb@0
|
577 |
pEp_identity *identity;
|
Edouard@499
|
578 |
PEP_STATUS status;
|
vb@0
|
579 |
|
vb@24
|
580 |
assert(retrieve_next_identity);
|
vb@24
|
581 |
assert(management);
|
vb@24
|
582 |
|
Edouard@499
|
583 |
if (!retrieve_next_identity || !management)
|
Edouard@499
|
584 |
return PEP_ILLEGAL_VALUE;
|
Edouard@499
|
585 |
|
Edouard@499
|
586 |
status = init(&session);
|
Edouard@499
|
587 |
assert(status == PEP_STATUS_OK);
|
Edouard@499
|
588 |
if (status != PEP_STATUS_OK)
|
Edouard@499
|
589 |
return status;
|
Edouard@499
|
590 |
|
vb@0
|
591 |
log_event(session, "keymanagement thread started", "pEp engine", NULL, NULL);
|
vb@0
|
592 |
|
Edouard@499
|
593 |
while ((identity = retrieve_next_identity(management)))
|
Edouard@499
|
594 |
{
|
vb@0
|
595 |
assert(identity->address);
|
Edouard@499
|
596 |
if(identity->address)
|
Edouard@499
|
597 |
{
|
Edouard@499
|
598 |
DEBUG_LOG("do_keymanagement", "retrieve_next_identity", identity->address);
|
Edouard@499
|
599 |
|
Edouard@499
|
600 |
if (identity->me) {
|
Edouard@499
|
601 |
status = myself(session, identity);
|
Edouard@499
|
602 |
} else {
|
Edouard@499
|
603 |
status = recv_key(session, identity->address);
|
Edouard@499
|
604 |
}
|
Edouard@499
|
605 |
|
vb@0
|
606 |
assert(status != PEP_OUT_OF_MEMORY);
|
Edouard@499
|
607 |
if(status == PEP_OUT_OF_MEMORY)
|
Edouard@499
|
608 |
return PEP_OUT_OF_MEMORY;
|
vb@0
|
609 |
}
|
vb@0
|
610 |
free_identity(identity);
|
vb@0
|
611 |
}
|
vb@0
|
612 |
|
vb@0
|
613 |
log_event(session, "keymanagement thread shutdown", "pEp engine", NULL, NULL);
|
vb@0
|
614 |
|
vb@0
|
615 |
release(session);
|
vb@0
|
616 |
return PEP_STATUS_OK;
|
vb@0
|
617 |
}
|
vb@0
|
618 |
|
vb@357
|
619 |
DYNAMIC_API PEP_STATUS key_compromized(
|
vb@357
|
620 |
PEP_SESSION session,
|
vb@357
|
621 |
pEp_identity *ident
|
vb@357
|
622 |
)
|
vb@215
|
623 |
{
|
vb@218
|
624 |
PEP_STATUS status = PEP_STATUS_OK;
|
vb@218
|
625 |
|
vb@215
|
626 |
assert(session);
|
vb@357
|
627 |
assert(ident);
|
Edouard@439
|
628 |
assert(!EMPTYSTR(ident->fpr));
|
vb@215
|
629 |
|
vb@357
|
630 |
if (!(session && ident && ident->fpr))
|
vb@215
|
631 |
return PEP_ILLEGAL_VALUE;
|
vb@215
|
632 |
|
vb@357
|
633 |
if (ident->me)
|
Edouard@697
|
634 |
{
|
vb@357
|
635 |
revoke_key(session, ident->fpr, NULL);
|
Edouard@697
|
636 |
myself(session, ident);
|
Edouard@697
|
637 |
}
|
Edouard@697
|
638 |
else
|
Edouard@697
|
639 |
{
|
Edouard@697
|
640 |
status = mark_as_compromized(session, ident->fpr);
|
Edouard@697
|
641 |
}
|
vb@218
|
642 |
|
vb@218
|
643 |
return status;
|
vb@215
|
644 |
}
|
vb@215
|
645 |
|
Edouard@410
|
646 |
DYNAMIC_API PEP_STATUS key_reset_trust(
|
Edouard@410
|
647 |
PEP_SESSION session,
|
Edouard@410
|
648 |
pEp_identity *ident
|
Edouard@410
|
649 |
)
|
Edouard@410
|
650 |
{
|
Edouard@410
|
651 |
PEP_STATUS status = PEP_STATUS_OK;
|
Edouard@410
|
652 |
|
Edouard@410
|
653 |
assert(session);
|
Edouard@410
|
654 |
assert(ident);
|
vb@420
|
655 |
assert(!ident->me);
|
Edouard@439
|
656 |
assert(!EMPTYSTR(ident->fpr));
|
Edouard@439
|
657 |
assert(!EMPTYSTR(ident->address));
|
Edouard@439
|
658 |
assert(!EMPTYSTR(ident->user_id));
|
Edouard@410
|
659 |
|
vb@420
|
660 |
if (!(session && ident && !ident->me && ident->fpr && ident->address &&
|
vb@420
|
661 |
ident->user_id))
|
Edouard@410
|
662 |
return PEP_ILLEGAL_VALUE;
|
Edouard@410
|
663 |
|
vb@420
|
664 |
status = update_identity(session, ident);
|
vb@420
|
665 |
if (status != PEP_STATUS_OK)
|
vb@420
|
666 |
return status;
|
Edouard@410
|
667 |
|
Edouard@442
|
668 |
if (ident->comm_type == PEP_ct_mistrusted)
|
vb@421
|
669 |
ident->comm_type = PEP_ct_unknown;
|
vb@421
|
670 |
else
|
vb@421
|
671 |
ident->comm_type &= ~PEP_ct_confirmed;
|
vb@421
|
672 |
|
vb@420
|
673 |
status = set_identity(session, ident);
|
vb@421
|
674 |
if (status != PEP_STATUS_OK)
|
vb@421
|
675 |
return status;
|
vb@421
|
676 |
|
vb@422
|
677 |
if (ident->comm_type == PEP_ct_unknown)
|
vb@422
|
678 |
status = update_identity(session, ident);
|
Edouard@410
|
679 |
return status;
|
Edouard@410
|
680 |
}
|
Edouard@410
|
681 |
|
vb@354
|
682 |
DYNAMIC_API PEP_STATUS trust_personal_key(
|
vb@354
|
683 |
PEP_SESSION session,
|
vb@354
|
684 |
pEp_identity *ident
|
vb@354
|
685 |
)
|
vb@354
|
686 |
{
|
vb@354
|
687 |
PEP_STATUS status = PEP_STATUS_OK;
|
vb@354
|
688 |
|
vb@354
|
689 |
assert(session);
|
vb@354
|
690 |
assert(ident);
|
Edouard@439
|
691 |
assert(!EMPTYSTR(ident->address));
|
Edouard@439
|
692 |
assert(!EMPTYSTR(ident->user_id));
|
Edouard@439
|
693 |
assert(!EMPTYSTR(ident->fpr));
|
vb@354
|
694 |
assert(!ident->me);
|
vb@354
|
695 |
|
Edouard@439
|
696 |
if (!ident || EMPTYSTR(ident->address) || EMPTYSTR(ident->user_id) ||
|
Edouard@439
|
697 |
EMPTYSTR(ident->fpr) || ident->me)
|
vb@354
|
698 |
return PEP_ILLEGAL_VALUE;
|
vb@354
|
699 |
|
vb@354
|
700 |
status = update_identity(session, ident);
|
vb@354
|
701 |
if (status != PEP_STATUS_OK)
|
vb@354
|
702 |
return status;
|
vb@354
|
703 |
|
vb@356
|
704 |
if (ident->comm_type > PEP_ct_strong_but_unconfirmed) {
|
vb@356
|
705 |
ident->comm_type |= PEP_ct_confirmed;
|
Edouard@488
|
706 |
status = set_identity(session, ident);
|
vb@356
|
707 |
}
|
vb@356
|
708 |
else {
|
vb@356
|
709 |
// MISSING: S/MIME has to be handled depending on trusted CAs
|
vb@370
|
710 |
status = PEP_CANNOT_SET_TRUST;
|
vb@356
|
711 |
}
|
vb@354
|
712 |
|
vb@354
|
713 |
return status;
|
vb@354
|
714 |
}
|
vb@354
|
715 |
|
Edouard@584
|
716 |
DYNAMIC_API PEP_STATUS own_key_is_listed(
|
Edouard@584
|
717 |
PEP_SESSION session,
|
Edouard@584
|
718 |
const char *fpr,
|
Edouard@584
|
719 |
bool *listed
|
Edouard@584
|
720 |
)
|
Edouard@584
|
721 |
{
|
Edouard@584
|
722 |
PEP_STATUS status = PEP_STATUS_OK;
|
Edouard@584
|
723 |
int count;
|
Edouard@584
|
724 |
|
Edouard@584
|
725 |
assert(session && fpr && fpr[0] && listed);
|
Edouard@584
|
726 |
|
Edouard@584
|
727 |
if (!(session && fpr && fpr[0] && listed))
|
Edouard@584
|
728 |
return PEP_ILLEGAL_VALUE;
|
Edouard@584
|
729 |
|
Edouard@584
|
730 |
*listed = false;
|
Edouard@584
|
731 |
|
Edouard@584
|
732 |
sqlite3_reset(session->own_key_is_listed);
|
Edouard@584
|
733 |
sqlite3_bind_text(session->own_key_is_listed, 1, fpr, -1, SQLITE_STATIC);
|
Edouard@584
|
734 |
|
Edouard@584
|
735 |
int result;
|
Edouard@584
|
736 |
|
Edouard@584
|
737 |
result = sqlite3_step(session->own_key_is_listed);
|
Edouard@584
|
738 |
switch (result) {
|
Edouard@584
|
739 |
case SQLITE_ROW:
|
Edouard@584
|
740 |
count = sqlite3_column_int(session->own_key_is_listed, 0);
|
Edouard@584
|
741 |
*listed = count > 0;
|
Edouard@584
|
742 |
status = PEP_STATUS_OK;
|
Edouard@584
|
743 |
break;
|
Edouard@584
|
744 |
|
Edouard@584
|
745 |
default:
|
Edouard@584
|
746 |
status = PEP_UNKNOWN_ERROR;
|
Edouard@584
|
747 |
}
|
Edouard@584
|
748 |
|
Edouard@584
|
749 |
sqlite3_reset(session->own_key_is_listed);
|
Edouard@584
|
750 |
return status;
|
Edouard@584
|
751 |
}
|
Edouard@584
|
752 |
|
Edouard@584
|
753 |
DYNAMIC_API PEP_STATUS own_key_retrieve(
|
Edouard@584
|
754 |
PEP_SESSION session,
|
Edouard@584
|
755 |
stringlist_t **own_key
|
Edouard@584
|
756 |
)
|
Edouard@584
|
757 |
{
|
Edouard@584
|
758 |
PEP_STATUS status = PEP_STATUS_OK;
|
Edouard@584
|
759 |
|
Edouard@584
|
760 |
assert(session);
|
Edouard@584
|
761 |
assert(own_key);
|
Edouard@584
|
762 |
|
Edouard@584
|
763 |
if (!(session && own_key))
|
Edouard@584
|
764 |
return PEP_ILLEGAL_VALUE;
|
Edouard@584
|
765 |
|
Edouard@584
|
766 |
*own_key = NULL;
|
Edouard@584
|
767 |
stringlist_t *_own_key = new_stringlist(NULL);
|
Edouard@584
|
768 |
if (_own_key == NULL)
|
Edouard@584
|
769 |
goto enomem;
|
Edouard@584
|
770 |
|
Edouard@584
|
771 |
sqlite3_reset(session->own_key_retrieve);
|
Edouard@584
|
772 |
|
Edouard@584
|
773 |
int result;
|
Edouard@584
|
774 |
const char *fpr = NULL;
|
Edouard@584
|
775 |
|
Edouard@584
|
776 |
stringlist_t *_bl = _own_key;
|
Edouard@584
|
777 |
do {
|
Edouard@584
|
778 |
result = sqlite3_step(session->own_key_retrieve);
|
Edouard@584
|
779 |
switch (result) {
|
Edouard@584
|
780 |
case SQLITE_ROW:
|
Edouard@584
|
781 |
fpr = (const char *) sqlite3_column_text(session->own_key_retrieve, 0);
|
Edouard@584
|
782 |
|
Edouard@584
|
783 |
_bl = stringlist_add(_bl, fpr);
|
Edouard@584
|
784 |
if (_bl == NULL)
|
Edouard@584
|
785 |
goto enomem;
|
Edouard@584
|
786 |
|
Edouard@584
|
787 |
break;
|
Edouard@584
|
788 |
|
Edouard@584
|
789 |
case SQLITE_DONE:
|
Edouard@584
|
790 |
break;
|
Edouard@584
|
791 |
|
Edouard@584
|
792 |
default:
|
Edouard@584
|
793 |
status = PEP_UNKNOWN_ERROR;
|
Edouard@584
|
794 |
result = SQLITE_DONE;
|
Edouard@584
|
795 |
}
|
Edouard@584
|
796 |
} while (result != SQLITE_DONE);
|
Edouard@584
|
797 |
|
Edouard@584
|
798 |
sqlite3_reset(session->own_key_retrieve);
|
Edouard@584
|
799 |
if (status == PEP_STATUS_OK)
|
Edouard@584
|
800 |
*own_key = _own_key;
|
Edouard@584
|
801 |
else
|
Edouard@584
|
802 |
free_stringlist(_own_key);
|
Edouard@584
|
803 |
|
Edouard@584
|
804 |
goto the_end;
|
Edouard@584
|
805 |
|
Edouard@584
|
806 |
enomem:
|
Edouard@584
|
807 |
free_stringlist(_own_key);
|
Edouard@584
|
808 |
status = PEP_OUT_OF_MEMORY;
|
Edouard@584
|
809 |
|
Edouard@584
|
810 |
the_end:
|
Edouard@584
|
811 |
return status;
|
Edouard@584
|
812 |
}
|