repos/pEpEngine: src/keymanagement.c@f992b45d7e08 (annotated)

vb@130	1	#include "platform.h"
vb@0	2
vb@0	3	#include <string.h>
vb@0	4	#include <stdio.h>
vb@0	5	#include <stdlib.h>
vb@0	6	#include <assert.h>
Edouard@512	7	#include <ctype.h>
vb@0	8
vb@217	9	#include "pEp_internal.h"
vb@0	10	#include "keymanagement.h"
vb@0	11
Edouard@439	12	#ifndef EMPTYSTR
roker@500	13	#define EMPTYSTR(STR) ((STR) == NULL \|\| (STR)[0] == '\0')
vb@8	14	#endif
vb@8	15
vb@214	16	#define KEY_EXPIRE_DELTA (60 * 60 * 24 * 365)
vb@214	17
Edouard@512	18	// Space tolerant and case insensitive fingerprint string compare
Edouard@512	19	static int _same_fpr(
Edouard@512	20	const char* fpra,
Edouard@512	21	size_t fpras,
Edouard@512	22	const char* fprb,
Edouard@512	23	size_t fprbs
Edouard@512	24	)
Edouard@512	25	{
Edouard@512	26	size_t ai = 0;
Edouard@512	27	size_t bi = 0;
Edouard@512	28
Edouard@544	29	do
Edouard@544	30	{
Edouard@544	31	if(fpra[ai] == 0 \|\| fprb[bi] == 0)
Edouard@544	32	{
Edouard@512	33	return 0;
Edouard@544	34	}
Edouard@544	35	else if(fpra[ai] == ' ')
Edouard@544	36	{
Edouard@512	37	ai++;
Edouard@544	38	}
Edouard@544	39	else if(fprb[bi] == ' ')
Edouard@544	40	{
Edouard@512	41	bi++;
Edouard@544	42	}
Edouard@544	43	else if(toupper(fpra[ai]) == toupper(fprb[bi]))
Edouard@544	44	{
Edouard@512	45	ai++;
Edouard@512	46	bi++;
Edouard@512	47	}
Edouard@544	48	else
Edouard@544	49	{
Edouard@544	50	return 0;
Edouard@544	51	}
Edouard@544	52
Edouard@544	53	}
Edouard@544	54	while(ai < fpras && bi < fprbs);
Edouard@512	55
Edouard@512	56	return ai == fpras && bi == fprbs;
Edouard@512	57	}
Edouard@512	58
Edouard@774	59	PEP_STATUS elect_pubkey(
Edouard@755	60	PEP_SESSION session, pEp_identity * identity
Edouard@755	61	)
Edouard@755	62	{
Edouard@755	63	PEP_STATUS status;
Edouard@755	64	stringlist_t *keylist;
Edouard@755	65	char *_fpr = NULL;
Edouard@755	66	identity->comm_type = PEP_ct_unknown;
Edouard@755	67
Edouard@755	68	status = find_keys(session, identity->address, &keylist);
Edouard@755	69	assert(status != PEP_OUT_OF_MEMORY);
Edouard@755	70	if (status == PEP_OUT_OF_MEMORY)
Edouard@755	71	return PEP_OUT_OF_MEMORY;
Edouard@755	72
Edouard@755	73	stringlist_t *_keylist;
Edouard@755	74	for (_keylist = keylist; _keylist && _keylist->value; _keylist = _keylist->next) {
Edouard@755	75	PEP_comm_type _comm_type_key;
Edouard@755	76
Edouard@755	77	status = get_key_rating(session, _keylist->value, &_comm_type_key);
Edouard@755	78	assert(status != PEP_OUT_OF_MEMORY);
Edouard@755	79	if (status == PEP_OUT_OF_MEMORY) {
Edouard@755	80	free_stringlist(keylist);
Edouard@755	81	return PEP_OUT_OF_MEMORY;
Edouard@755	82	}
Edouard@755	83
Edouard@755	84	if (_comm_type_key != PEP_ct_compromized &&
Edouard@755	85	_comm_type_key != PEP_ct_unknown)
Edouard@755	86	{
Edouard@755	87	if (identity->comm_type == PEP_ct_unknown \|\|
Edouard@755	88	_comm_type_key > identity->comm_type)
Edouard@755	89	{
Edouard@755	90	identity->comm_type = _comm_type_key;
Edouard@755	91	_fpr = _keylist->value;
Edouard@755	92	}
Edouard@755	93	}
Edouard@755	94	}
Edouard@755	95
Edouard@755	96	if (_fpr) {
Edouard@755	97	free(identity->fpr);
Edouard@755	98
Edouard@755	99	identity->fpr = strdup(_fpr);
Edouard@755	100	if (identity->fpr == NULL) {
Edouard@755	101	free_stringlist(keylist);
Edouard@755	102	return PEP_OUT_OF_MEMORY;
Edouard@755	103	}
Edouard@755	104	}
Edouard@755	105	free_stringlist(keylist);
Edouard@755	106	return PEP_STATUS_OK;
Edouard@755	107	}
Edouard@755	108
vb@0	109	DYNAMIC_API PEP_STATUS update_identity(
vb@0	110	PEP_SESSION session, pEp_identity * identity
vb@0	111	)
vb@0	112	{
vb@0	113	pEp_identity *stored_identity;
vb@0	114	PEP_STATUS status;
vb@0	115
vb@0	116	assert(session);
vb@0	117	assert(identity);
Edouard@439	118	assert(!EMPTYSTR(identity->address));
vb@0	119
Edouard@439	120	if (!(session && identity && !EMPTYSTR(identity->address)))
vb@191	121	return PEP_ILLEGAL_VALUE;
vb@191	122
Edouard@559	123	int _no_user_id = EMPTYSTR(identity->user_id);
edouard@1164	124	int _did_elect_new_key = 0;
Edouard@559	125
Edouard@559	126	if (_no_user_id)
Edouard@559	127	{
Edouard@559	128	free(identity->user_id);
Edouard@559	129
vb@591	130	identity->user_id = calloc(1, strlen(identity->address) + 6);
Edouard@562	131	if (!identity->user_id)
Edouard@562	132	{
Edouard@562	133	return PEP_OUT_OF_MEMORY;
Edouard@562	134	}
vb@983	135	snprintf(identity->user_id, strlen(identity->address) + 6,
Edouard@562	136	"TOFU_%s", identity->address);
Edouard@559	137	}
vb@934	138
Edouard@559	139	status = get_identity(session,
Edouard@559	140	identity->address,
Edouard@559	141	identity->user_id,
Edouard@559	142	&stored_identity);
Edouard@559	143
vb@0	144	assert(status != PEP_OUT_OF_MEMORY);
vb@0	145	if (status == PEP_OUT_OF_MEMORY)
Edouard@829	146	goto exit_free;
vb@0	147
krista@1188	148	/* We elect a pubkey first in case there's no acceptable stored fpr */
krista@1220	149	pEp_identity* temp_id = identity_dup(identity);
krista@1220	150
krista@1220	151	status = elect_pubkey(session, temp_id);
krista@1185	152	if (status != PEP_STATUS_OK)
krista@1185	153	goto exit_free;
krista@1188	154
vb@14	155	if (stored_identity) {
vb@14	156	PEP_comm_type _comm_type_key;
krista@1188	157
krista@1188	158	bool dont_use_fpr = true;
krista@1220	159
krista@1220	160	/* if we have a stored_identity fpr */
krista@1220	161	if (!EMPTYSTR(stored_identity->fpr)) {
krista@1220	162	status = blacklist_is_listed(session, stored_identity->fpr, &dont_use_fpr);
krista@1220	163	if (status != PEP_STATUS_OK)
krista@1220	164	dont_use_fpr = true;
krista@1220	165	}
krista@1188	166
krista@1220	167
krista@1220	168	if (!dont_use_fpr) {
krista@1220	169	free(temp_id->fpr);
krista@1220	170	temp_id->fpr = strdup(stored_identity->fpr);
krista@1220	171	assert(temp_id->fpr);
krista@1220	172	if (temp_id->fpr == NULL) {
krista@1220	173	status = PEP_OUT_OF_MEMORY;
krista@1188	174	goto exit_free;
krista@1220	175	}
krista@1220	176	}
krista@1220	177	else if (!EMPTYSTR(temp_id->fpr)) {
krista@1220	178	status = blacklist_is_listed(session, temp_id->fpr, &dont_use_fpr);
krista@1188	179	if (dont_use_fpr) {
krista@1220	180	free(temp_id->fpr);
krista@1220	181	temp_id->fpr = strdup("");
krista@1188	182	}
krista@1188	183	else {
krista@1188	184	_did_elect_new_key = 1;
krista@1188	185	}
krista@1188	186	}
krista@1188	187	else {
krista@1220	188	if (temp_id->fpr == NULL)
krista@1220	189	temp_id->fpr = strdup("");
krista@1188	190	}
krista@1188	191
krista@1220	192	/* ok, from here on out, use temp_id */
krista@1220	193
krista@1220	194
krista@1220	195	/* At this point, we either have a non-blacklisted fpr we can work */
krista@1220	196	/* with, or we've got nada. */
krista@1220	197	if (!EMPTYSTR(temp_id->fpr)) {
krista@1220	198	status = get_key_rating(session, temp_id->fpr, &_comm_type_key);
krista@1188	199	assert(status != PEP_OUT_OF_MEMORY);
krista@1188	200	if (status == PEP_OUT_OF_MEMORY)
krista@1188	201	goto exit_free;
krista@1220	202	status = get_trust(session, temp_id);
krista@1188	203	if (status == PEP_OUT_OF_MEMORY)
krista@1188	204	goto exit_free;
krista@1188	205	if (_comm_type_key < PEP_ct_unconfirmed_encryption) {
krista@1220	206	temp_id->comm_type = _comm_type_key;
krista@1188	207	} else{
krista@1220	208	temp_id->comm_type = stored_identity->comm_type;
krista@1220	209	if (temp_id->comm_type == PEP_ct_unknown) {
krista@1220	210	temp_id->comm_type = _comm_type_key;
krista@1188	211	}
krista@1188	212	}
krista@1188	213	}
krista@1188	214
krista@1220	215	if (EMPTYSTR(temp_id->username)) {
krista@1220	216	free(temp_id->username);
krista@1220	217	temp_id->username = strdup(stored_identity->username);
krista@1220	218	assert(temp_id->username);
krista@1220	219	if (temp_id->username == NULL){
Edouard@829	220	status = PEP_OUT_OF_MEMORY;
Edouard@829	221	goto exit_free;
Edouard@829	222	}
vb@22	223	}
vb@22	224
krista@1220	225	if (temp_id->lang[0] == 0) {
krista@1220	226	temp_id->lang[0] = stored_identity->lang[0];
krista@1220	227	temp_id->lang[1] = stored_identity->lang[1];
krista@1220	228	temp_id->lang[2] = 0;
vb@21	229	}
vb@932	230
krista@1220	231	temp_id->flags = stored_identity->flags;
vb@21	232	}
vb@21	233	else /* stored_identity == NULL */ {
krista@1220	234	temp_id->flags = 0;
vb@934	235
krista@1188	236	/* Work with the elected key from above */
krista@1220	237	if (!EMPTYSTR(temp_id->fpr)) {
krista@1196	238
krista@1196	239	bool dont_use_fpr = true;
krista@1220	240	status = blacklist_is_listed(session, temp_id->fpr, &dont_use_fpr);
krista@1196	241	if (status != PEP_STATUS_OK)
krista@1196	242	dont_use_fpr = true;
vb@21	243
krista@1196	244	if (!dont_use_fpr) {
krista@1196	245	PEP_comm_type _comm_type_key;
vb@21	246
krista@1220	247	status = get_key_rating(session, temp_id->fpr, &_comm_type_key);
krista@1196	248	assert(status != PEP_OUT_OF_MEMORY);
krista@1196	249	if (status == PEP_OUT_OF_MEMORY)
krista@1196	250	goto exit_free;
krista@1196	251
krista@1220	252	temp_id->comm_type = _comm_type_key;
krista@1196	253	}
krista@1196	254	else {
krista@1220	255	free(temp_id->fpr);
krista@1220	256	temp_id->fpr = strdup("");
krista@1196	257	}
vb@21	258	}
vb@21	259	}
vb@21	260
krista@1220	261	if (temp_id->fpr == NULL)
krista@1220	262	temp_id->fpr = strdup("");
krista@1193	263
krista@1193	264
vb@21	265	status = PEP_STATUS_OK;
vb@21	266
krista@1220	267	if (temp_id->comm_type != PEP_ct_unknown && !EMPTYSTR(temp_id->user_id)) {
krista@1220	268	assert(!EMPTYSTR(temp_id->username)); // this should not happen
vb@22	269
krista@1220	270	if (EMPTYSTR(temp_id->username)) { // mitigate
krista@1220	271	free(temp_id->username);
krista@1220	272	temp_id->username = strdup("anonymous");
krista@1220	273	assert(temp_id->username);
krista@1220	274	if (temp_id->username == NULL){
Edouard@829	275	status = PEP_OUT_OF_MEMORY;
Edouard@829	276	goto exit_free;
Edouard@829	277	}
vb@0	278	}
vb@8	279
Edouard@755	280	// Identity doesn't get stored if call was just about checking existing
Edouard@755	281	// user by address (i.e. no user id given but already stored)
edouard@1164	282	if (!(_no_user_id && stored_identity) \|\| _did_elect_new_key)
Edouard@559	283	{
krista@1220	284	status = set_identity(session, temp_id);
Edouard@559	285	assert(status == PEP_STATUS_OK);
Edouard@559	286	if (status != PEP_STATUS_OK) {
Edouard@829	287	goto exit_free;
Edouard@559	288	}
Edouard@499	289	}
vb@8	290	}
vb@8	291
krista@1220	292	if (temp_id->comm_type != PEP_ct_compromized &&
krista@1220	293	temp_id->comm_type < PEP_ct_strong_but_unconfirmed)
vb@297	294	if (session->examine_identity)
krista@1220	295	session->examine_identity(temp_id, session->examine_management);
krista@1220	296
krista@1220	297	/* ok, we got to the end. So we can assign the output identity */
krista@1220	298	free(identity->address);
krista@1220	299	identity->address = strdup(temp_id->address);
krista@1220	300	free(identity->fpr);
krista@1220	301	identity->fpr = strdup(temp_id->fpr);
krista@1220	302	free(identity->user_id);
krista@1220	303	identity->user_id = strdup(temp_id->user_id);
krista@1220	304	free(identity->username);
krista@1220	305	identity->username = strdup(temp_id->username);
krista@1220	306	identity->comm_type = temp_id->comm_type;
krista@1220	307	identity->lang[0] = temp_id->lang[0];
krista@1220	308	identity->lang[1] = temp_id->lang[1];
krista@1220	309	identity->lang[2] = 0;
krista@1220	310	identity->me = temp_id->me;
krista@1220	311	identity->flags = temp_id->flags;
vb@297	312
Edouard@829	313	exit_free :
Edouard@829	314
Edouard@829	315	if (stored_identity){
Edouard@829	316	free_identity(stored_identity);
Edouard@829	317	}
Edouard@829	318
krista@1220	319	if (temp_id)
krista@1220	320	free_identity(temp_id);
krista@1220	321
vb@8	322	return status;
vb@0	323	}
vb@0	324
Edouard@774	325	PEP_STATUS elect_ownkey(
krista@1194	326	PEP_SESSION session, pEp_identity * identity
Edouard@774	327	)
Edouard@774	328	{
Edouard@774	329	PEP_STATUS status;
Edouard@774	330	stringlist_t *keylist = NULL;
Edouard@774	331
Edouard@774	332	free(identity->fpr);
Edouard@774	333	identity->fpr = NULL;
Edouard@774	334
Edouard@774	335	status = find_keys(session, identity->address, &keylist);
Edouard@774	336	assert(status != PEP_OUT_OF_MEMORY);
Edouard@774	337	if (status == PEP_OUT_OF_MEMORY)
Edouard@774	338	return PEP_OUT_OF_MEMORY;
Edouard@774	339
Edouard@774	340	if (keylist != NULL && keylist->value != NULL)
Edouard@774	341	{
Edouard@774	342	char *_fpr = NULL;
Edouard@774	343	identity->comm_type = PEP_ct_unknown;
Edouard@774	344
Edouard@774	345	stringlist_t *_keylist;
Edouard@774	346	for (_keylist = keylist; _keylist && _keylist->value; _keylist = _keylist->next) {
Edouard@774	347	bool is_own = false;
Edouard@774	348
Edouard@774	349	if (session->use_only_own_private_keys)
Edouard@774	350	{
Edouard@774	351	status = own_key_is_listed(session, _keylist->value, &is_own);
Edouard@774	352	assert(status == PEP_STATUS_OK);
Edouard@774	353	if (status != PEP_STATUS_OK) {
Edouard@774	354	free_stringlist(keylist);
Edouard@774	355	return status;
Edouard@774	356	}
Edouard@774	357	}
Edouard@774	358
Edouard@774	359	// TODO : also accept synchronized device group keys ?
Edouard@774	360
Edouard@774	361	if (!session->use_only_own_private_keys \|\| is_own)
Edouard@774	362	{
Edouard@774	363	PEP_comm_type _comm_type_key;
Edouard@774	364
Edouard@774	365	status = get_key_rating(session, _keylist->value, &_comm_type_key);
Edouard@774	366	assert(status != PEP_OUT_OF_MEMORY);
Edouard@774	367	if (status == PEP_OUT_OF_MEMORY) {
Edouard@774	368	free_stringlist(keylist);
Edouard@774	369	return PEP_OUT_OF_MEMORY;
Edouard@774	370	}
Edouard@774	371
Edouard@774	372	if (_comm_type_key != PEP_ct_compromized &&
Edouard@774	373	_comm_type_key != PEP_ct_unknown)
Edouard@774	374	{
Edouard@774	375	if (identity->comm_type == PEP_ct_unknown \|\|
Edouard@774	376	_comm_type_key > identity->comm_type)
Edouard@774	377	{
Edouard@774	378	identity->comm_type = _comm_type_key;
Edouard@774	379	_fpr = _keylist->value;
Edouard@774	380	}
Edouard@774	381	}
Edouard@774	382	}
Edouard@774	383	}
Edouard@774	384
Edouard@774	385	if (_fpr)
Edouard@774	386	{
Edouard@774	387	identity->fpr = strdup(_fpr);
Edouard@774	388	assert(identity->fpr);
Edouard@774	389	if (identity->fpr == NULL)
Edouard@774	390	{
Edouard@774	391	free_stringlist(keylist);
Edouard@774	392	return PEP_OUT_OF_MEMORY;
Edouard@774	393	}
Edouard@774	394	}
Edouard@774	395	free_stringlist(keylist);
Edouard@774	396	}
Edouard@774	397	return PEP_STATUS_OK;
Edouard@774	398	}
Edouard@774	399
vb@0	400	DYNAMIC_API PEP_STATUS myself(PEP_SESSION session, pEp_identity * identity)
vb@0	401	{
Edouard@560	402	pEp_identity *stored_identity;
vb@0	403	PEP_STATUS status;
vb@0	404
vb@0	405	assert(session);
vb@0	406	assert(identity);
vb@0	407	assert(identity->address);
vb@0	408	assert(identity->username);
Edouard@658	409	assert(EMPTYSTR(identity->user_id) \|\|
Edouard@658	410	strcmp(identity->user_id, PEP_OWN_USERID) == 0);
vb@0	411
vb@191	412	if (!(session && identity && identity->address && identity->username &&
Edouard@658	413	(EMPTYSTR(identity->user_id) \|\|
Edouard@658	414	strcmp(identity->user_id, PEP_OWN_USERID) == 0)))
vb@191	415	return PEP_ILLEGAL_VALUE;
vb@191	416
vb@0	417	identity->comm_type = PEP_ct_pEp;
vb@0	418	identity->me = true;
Edouard@658	419
Edouard@658	420	if(EMPTYSTR(identity->user_id))
Edouard@658	421	{
Edouard@658	422	free(identity->user_id);
Edouard@658	423	identity->user_id = strdup(PEP_OWN_USERID);
Edouard@658	424	assert(identity->user_id);
Edouard@658	425	if (identity->user_id == NULL)
Edouard@658	426	{
Edouard@658	427	return PEP_OUT_OF_MEMORY;
Edouard@658	428	}
Edouard@658	429	}
vb@0	430
vb@215	431	DEBUG_LOG("myself", "debug", identity->address);
Edouard@560	432
Edouard@560	433	status = get_identity(session,
Edouard@560	434	identity->address,
Edouard@560	435	identity->user_id,
Edouard@560	436	&stored_identity);
Edouard@560	437
vb@0	438	assert(status != PEP_OUT_OF_MEMORY);
vb@0	439	if (status == PEP_OUT_OF_MEMORY)
vb@0	440	return PEP_OUT_OF_MEMORY;
Edouard@560	441
Edouard@560	442	if (stored_identity)
Edouard@560	443	{
Edouard@560	444	if (EMPTYSTR(identity->fpr)) {
vb@591	445	identity->fpr = strdup(stored_identity->fpr);
Edouard@560	446	assert(identity->fpr);
Edouard@560	447	if (identity->fpr == NULL)
Edouard@560	448	{
Edouard@560	449	return PEP_OUT_OF_MEMORY;
Edouard@560	450	}
Edouard@560	451	}
vb@932	452
vb@932	453	identity->flags = stored_identity->flags;
Edouard@588	454	}
Edouard@588	455	else if (!EMPTYSTR(identity->fpr))
Edouard@588	456	{
Edouard@588	457	// App must have a good reason to give fpr, such as explicit
Edouard@588	458	// import of private key, or similar.
Edouard@588	459
Edouard@658	460	// Take given fpr as-is.
vb@934	461
vb@934	462	identity->flags = 0;
Edouard@560	463	}
Edouard@560	464	else
Edouard@560	465	{
Edouard@774	466	status = elect_ownkey(session, identity);
Edouard@774	467	assert(status == PEP_STATUS_OK);
Edouard@774	468	if (status != PEP_STATUS_OK) {
Edouard@774	469	return status;
Edouard@560	470	}
vb@934	471
vb@934	472	identity->flags = 0;
Edouard@560	473	}
Edouard@695	474
Edouard@695	475	bool revoked = false;
Edouard@695	476	char *r_fpr = NULL;
Edouard@695	477	if (!EMPTYSTR(identity->fpr))
Edouard@695	478	{
Edouard@695	479	status = key_revoked(session, identity->fpr, &revoked);
Edouard@775	480
Edouard@775	481	// Forces re-election if key is missing and own-key-only not forced
Edouard@775	482	if (!session->use_only_own_private_keys && status == PEP_KEY_NOT_FOUND)
Edouard@775	483	{
Edouard@775	484	status = elect_ownkey(session, identity);
Edouard@775	485	assert(status == PEP_STATUS_OK);
Edouard@775	486	if (status != PEP_STATUS_OK) {
Edouard@775	487	return status;
Edouard@775	488	}
Edouard@775	489	}
Edouard@775	490	else if (status != PEP_STATUS_OK)
Edouard@775	491	{
Edouard@695	492	return status;
Edouard@695	493	}
Edouard@695	494	}
Edouard@560	495
Edouard@695	496	if (EMPTYSTR(identity->fpr) \|\| revoked)
Edouard@695	497	{
Edouard@695	498	if(revoked)
Edouard@695	499	{
Edouard@697	500	r_fpr = identity->fpr;
Edouard@697	501	identity->fpr = NULL;
Edouard@695	502	}
Edouard@560	503
vb@215	504	DEBUG_LOG("generating key pair", "debug", identity->address);
vb@0	505	status = generate_keypair(session, identity);
vb@0	506	assert(status != PEP_OUT_OF_MEMORY);
vb@0	507	if (status != PEP_STATUS_OK) {
vb@0	508	char buf[11];
vb@0	509	snprintf(buf, 11, "%d", status);
vb@215	510	DEBUG_LOG("generating key pair failed", "debug", buf);
Edouard@695	511	if(revoked && r_fpr)
Edouard@695	512	free(r_fpr);
vb@0	513	return status;
vb@0	514	}
Edouard@560	515
Edouard@695	516	if(revoked)
Edouard@695	517	{
Edouard@695	518	status = set_revoked(session, r_fpr,
Edouard@695	519	identity->fpr, time(NULL));
Edouard@695	520	free(r_fpr);
Edouard@695	521	if (status != PEP_STATUS_OK) {
Edouard@695	522	return status;
Edouard@695	523	}
Edouard@588	524	}
vb@0	525	}
Edouard@560	526	else
Edouard@560	527	{
vb@214	528	bool expired;
Edouard@701	529	status = key_expired(session, identity->fpr,
Edouard@701	530	time(NULL) + (7243600), // In a week
Edouard@701	531	&expired);
Edouard@701	532
vb@214	533	assert(status == PEP_STATUS_OK);
Edouard@499	534	if (status != PEP_STATUS_OK) {
Edouard@588	535	return status;
Edouard@499	536	}
vb@214	537
vb@214	538	if (status == PEP_STATUS_OK && expired) {
vb@214	539	timestamp *ts = new_timestamp(time(NULL) + KEY_EXPIRE_DELTA);
Edouard@560	540	renew_key(session, identity->fpr, ts);
vb@214	541	free_timestamp(ts);
vb@214	542	}
vb@214	543	}
vb@0	544
vb@0	545	status = set_identity(session, identity);
vb@0	546	assert(status == PEP_STATUS_OK);
Edouard@499	547	if (status != PEP_STATUS_OK) {
Edouard@588	548	return status;
Edouard@499	549	}
vb@0	550
vb@0	551	return PEP_STATUS_OK;
Edouard@499	552
vb@0	553	}
vb@0	554
vb@296	555	DYNAMIC_API PEP_STATUS register_examine_function(
vb@292	556	PEP_SESSION session,
vb@292	557	examine_identity_t examine_identity,
vb@292	558	void *management
vb@292	559	)
vb@292	560	{
vb@292	561	assert(session);
vb@292	562	if (!session)
vb@292	563	return PEP_ILLEGAL_VALUE;
vb@292	564
vb@292	565	session->examine_management = management;
vb@292	566	session->examine_identity = examine_identity;
vb@292	567
vb@292	568	return PEP_STATUS_OK;
vb@292	569	}
vb@292	570
vb@0	571	DYNAMIC_API PEP_STATUS do_keymanagement(
vb@0	572	retrieve_next_identity_t retrieve_next_identity,
vb@0	573	void *management
vb@0	574	)
vb@0	575	{
vb@0	576	PEP_SESSION session;
vb@0	577	pEp_identity *identity;
Edouard@499	578	PEP_STATUS status;
vb@0	579
Edouard@499	580	assert(retrieve_next_identity);
Edouard@499	581	assert(management);
Edouard@499	582
Edouard@499	583	if (!retrieve_next_identity \|\| !management)
Edouard@499	584	return PEP_ILLEGAL_VALUE;
Edouard@499	585
Edouard@499	586	status = init(&session);
vb@0	587	assert(status == PEP_STATUS_OK);
vb@0	588	if (status != PEP_STATUS_OK)
vb@0	589	return status;
vb@0	590
vb@0	591	log_event(session, "keymanagement thread started", "pEp engine", NULL, NULL);
vb@0	592
Edouard@499	593	while ((identity = retrieve_next_identity(management)))
Edouard@499	594	{
vb@0	595	assert(identity->address);
Edouard@499	596	if(identity->address)
Edouard@499	597	{
Edouard@499	598	DEBUG_LOG("do_keymanagement", "retrieve_next_identity", identity->address);
Edouard@499	599
Edouard@499	600	if (identity->me) {
Edouard@499	601	status = myself(session, identity);
Edouard@499	602	} else {
Edouard@499	603	status = recv_key(session, identity->address);
Edouard@499	604	}
Edouard@499	605
vb@0	606	assert(status != PEP_OUT_OF_MEMORY);
Edouard@499	607	if(status == PEP_OUT_OF_MEMORY)
Edouard@499	608	return PEP_OUT_OF_MEMORY;
vb@0	609	}
vb@0	610	free_identity(identity);
vb@0	611	}
vb@0	612
vb@0	613	log_event(session, "keymanagement thread shutdown", "pEp engine", NULL, NULL);
vb@0	614
vb@0	615	release(session);
vb@0	616	return PEP_STATUS_OK;
vb@0	617	}
vb@0	618
vb@357	619	DYNAMIC_API PEP_STATUS key_compromized(
vb@357	620	PEP_SESSION session,
vb@357	621	pEp_identity *ident
vb@357	622	)
vb@215	623	{
vb@218	624	PEP_STATUS status = PEP_STATUS_OK;
vb@218	625
vb@215	626	assert(session);
vb@357	627	assert(ident);
Edouard@439	628	assert(!EMPTYSTR(ident->fpr));
vb@215	629
vb@357	630	if (!(session && ident && ident->fpr))
vb@215	631	return PEP_ILLEGAL_VALUE;
vb@215	632
vb@357	633	if (ident->me)
Edouard@697	634	{
vb@357	635	revoke_key(session, ident->fpr, NULL);
Edouard@697	636	myself(session, ident);
Edouard@697	637	}
Edouard@697	638	else
Edouard@697	639	{
Edouard@697	640	status = mark_as_compromized(session, ident->fpr);
Edouard@697	641	}
vb@218	642
vb@218	643	return status;
vb@215	644	}
vb@215	645
Edouard@410	646	DYNAMIC_API PEP_STATUS key_reset_trust(
Edouard@410	647	PEP_SESSION session,
Edouard@410	648	pEp_identity *ident
Edouard@410	649	)
Edouard@410	650	{
Edouard@410	651	PEP_STATUS status = PEP_STATUS_OK;
Edouard@410	652
Edouard@410	653	assert(session);
Edouard@410	654	assert(ident);
vb@420	655	assert(!ident->me);
Edouard@439	656	assert(!EMPTYSTR(ident->fpr));
Edouard@439	657	assert(!EMPTYSTR(ident->address));
Edouard@439	658	assert(!EMPTYSTR(ident->user_id));
Edouard@410	659
vb@420	660	if (!(session && ident && !ident->me && ident->fpr && ident->address &&
vb@420	661	ident->user_id))
Edouard@410	662	return PEP_ILLEGAL_VALUE;
Edouard@410	663
vb@420	664	status = update_identity(session, ident);
vb@420	665	if (status != PEP_STATUS_OK)
vb@420	666	return status;
Edouard@410	667
Edouard@442	668	if (ident->comm_type == PEP_ct_mistrusted)
vb@421	669	ident->comm_type = PEP_ct_unknown;
vb@421	670	else
vb@421	671	ident->comm_type &= ~PEP_ct_confirmed;
vb@421	672
vb@420	673	status = set_identity(session, ident);
vb@421	674	if (status != PEP_STATUS_OK)
vb@421	675	return status;
vb@421	676
vb@422	677	if (ident->comm_type == PEP_ct_unknown)
vb@422	678	status = update_identity(session, ident);
Edouard@410	679	return status;
Edouard@410	680	}
Edouard@410	681
vb@354	682	DYNAMIC_API PEP_STATUS trust_personal_key(
vb@354	683	PEP_SESSION session,
vb@354	684	pEp_identity *ident
vb@354	685	)
vb@354	686	{
vb@354	687	PEP_STATUS status = PEP_STATUS_OK;
vb@354	688
vb@354	689	assert(session);
vb@354	690	assert(ident);
Edouard@439	691	assert(!EMPTYSTR(ident->address));
Edouard@439	692	assert(!EMPTYSTR(ident->user_id));
Edouard@439	693	assert(!EMPTYSTR(ident->fpr));
vb@354	694	assert(!ident->me);
vb@354	695
Edouard@439	696	if (!ident \|\| EMPTYSTR(ident->address) \|\| EMPTYSTR(ident->user_id) \|\|
Edouard@439	697	EMPTYSTR(ident->fpr) \|\| ident->me)
vb@354	698	return PEP_ILLEGAL_VALUE;
vb@354	699
vb@354	700	status = update_identity(session, ident);
vb@354	701	if (status != PEP_STATUS_OK)
vb@354	702	return status;
vb@354	703
vb@356	704	if (ident->comm_type > PEP_ct_strong_but_unconfirmed) {
vb@356	705	ident->comm_type \|= PEP_ct_confirmed;
Edouard@488	706	status = set_identity(session, ident);
vb@356	707	}
vb@356	708	else {
vb@356	709	// MISSING: S/MIME has to be handled depending on trusted CAs
vb@370	710	status = PEP_CANNOT_SET_TRUST;
vb@356	711	}
vb@354	712
vb@354	713	return status;
vb@354	714	}
vb@354	715
Edouard@584	716	DYNAMIC_API PEP_STATUS own_key_is_listed(
Edouard@584	717	PEP_SESSION session,
Edouard@584	718	const char *fpr,
Edouard@584	719	bool *listed
Edouard@584	720	)
Edouard@584	721	{
Edouard@584	722	PEP_STATUS status = PEP_STATUS_OK;
Edouard@584	723	int count;
Edouard@584	724
Edouard@584	725	assert(session && fpr && fpr[0] && listed);
Edouard@584	726
Edouard@584	727	if (!(session && fpr && fpr[0] && listed))
Edouard@584	728	return PEP_ILLEGAL_VALUE;
Edouard@584	729
Edouard@584	730	*listed = false;
Edouard@584	731
Edouard@584	732	sqlite3_reset(session->own_key_is_listed);
Edouard@584	733	sqlite3_bind_text(session->own_key_is_listed, 1, fpr, -1, SQLITE_STATIC);
Edouard@584	734
Edouard@584	735	int result;
Edouard@584	736
Edouard@584	737	result = sqlite3_step(session->own_key_is_listed);
Edouard@584	738	switch (result) {
Edouard@584	739	case SQLITE_ROW:
Edouard@584	740	count = sqlite3_column_int(session->own_key_is_listed, 0);
Edouard@584	741	*listed = count > 0;
Edouard@584	742	status = PEP_STATUS_OK;
Edouard@584	743	break;
Edouard@584	744
Edouard@584	745	default:
Edouard@584	746	status = PEP_UNKNOWN_ERROR;
Edouard@584	747	}
Edouard@584	748
Edouard@584	749	sqlite3_reset(session->own_key_is_listed);
Edouard@584	750	return status;
Edouard@584	751	}
Edouard@584	752
Edouard@584	753	DYNAMIC_API PEP_STATUS own_key_retrieve(
Edouard@584	754	PEP_SESSION session,
Edouard@584	755	stringlist_t **own_key
Edouard@584	756	)
Edouard@584	757	{
Edouard@584	758	PEP_STATUS status = PEP_STATUS_OK;
Edouard@584	759
Edouard@584	760	assert(session);
Edouard@584	761	assert(own_key);
Edouard@584	762
Edouard@584	763	if (!(session && own_key))
Edouard@584	764	return PEP_ILLEGAL_VALUE;
Edouard@584	765
Edouard@584	766	*own_key = NULL;
Edouard@584	767	stringlist_t *_own_key = new_stringlist(NULL);
Edouard@584	768	if (_own_key == NULL)
Edouard@584	769	goto enomem;
Edouard@584	770
Edouard@584	771	sqlite3_reset(session->own_key_retrieve);
Edouard@584	772
Edouard@584	773	int result;
Edouard@584	774	const char *fpr = NULL;
Edouard@584	775
Edouard@584	776	stringlist_t *_bl = _own_key;
Edouard@584	777	do {
Edouard@584	778	result = sqlite3_step(session->own_key_retrieve);
Edouard@584	779	switch (result) {
Edouard@584	780	case SQLITE_ROW:
Edouard@584	781	fpr = (const char *) sqlite3_column_text(session->own_key_retrieve, 0);
Edouard@584	782
Edouard@584	783	_bl = stringlist_add(_bl, fpr);
Edouard@584	784	if (_bl == NULL)
Edouard@584	785	goto enomem;
Edouard@584	786
Edouard@584	787	break;
Edouard@584	788
Edouard@584	789	case SQLITE_DONE:
Edouard@584	790	break;
Edouard@584	791
Edouard@584	792	default:
Edouard@584	793	status = PEP_UNKNOWN_ERROR;
Edouard@584	794	result = SQLITE_DONE;
Edouard@584	795	}
Edouard@584	796	} while (result != SQLITE_DONE);
Edouard@584	797
Edouard@584	798	sqlite3_reset(session->own_key_retrieve);
Edouard@584	799	if (status == PEP_STATUS_OK)
Edouard@584	800	*own_key = _own_key;
Edouard@584	801	else
Edouard@584	802	free_stringlist(_own_key);
Edouard@584	803
Edouard@584	804	goto the_end;
Edouard@584	805
Edouard@584	806	enomem:
Edouard@584	807	free_stringlist(_own_key);
Edouard@584	808	status = PEP_OUT_OF_MEMORY;
Edouard@584	809
Edouard@584	810	the_end:
Edouard@584	811	return status;
Edouard@584	812	}

author	Krista Grothoff <krista@pep-project.org>
	Thu, 29 Sep 2016 11:08:50 +0200
branch	ENGINE-27
changeset 1220	f992b45d7e08
parent 1196	d75a7a2e6577
child 1222	31d0844f3a18
permissions	-rw-r--r--