1 // This file is under GNU General Public License 3.0
7 #include "keymanagement.h"
9 #include "cryptotech.h"
15 bool import_attached_keys(
18 identity_list **private_idents
21 void attach_own_key(PEP_SESSION session, message *msg);
23 PEP_cryptotech determine_encryption_format(message *msg);
25 void add_opt_field(message *msg, const char *name, const char *value);
27 typedef enum _PEP_encrypt_flags {
28 // "default" means whatever the default behaviour for the function is.
29 PEP_encrypt_flag_default = 0x0,
30 PEP_encrypt_flag_force_encryption = 0x1,
32 // This flag is for special use cases and should not be used
33 // by normal pEp clients!
34 PEP_encrypt_flag_force_unsigned = 0x2,
35 PEP_encrypt_flag_force_no_attached_key = 0x4,
37 // This is used for outer messages (used to wrap the real message)
38 // This is only used internally and (eventually) by transport functions
39 PEP_encrypt_flag_inner_message = 0x8,
41 // This is mainly used by pEp clients to send private keys to
42 // their own PGP-only device
43 PEP_encrypt_flag_force_version_1 = 0x10,
45 PEP_encrypt_flag_key_reset_only = 0x20
49 typedef unsigned int PEP_encrypt_flags_t;
51 typedef enum _message_wrap_type {
52 PEP_message_default, // typical inner/outer message 2.0
53 PEP_message_transport, // e.g. for onion layers
54 PEP_message_key_reset // for wrapped key reset information
57 // encrypt_message() - encrypt message in memory
60 // session (in) session handle
61 // src (inout) message to encrypt - usually in-only, but can be
62 // in-out for unencrypted messages; in that case,
63 // we may attach the key and decorate the message
64 // extra (in) extra keys for encryption
65 // dst (out) pointer to new encrypted message or NULL if no
66 // encryption could take place
67 // enc_format (in) encrypted format
68 // flags (in) flags to set special encryption features
71 // PEP_STATUS_OK on success
72 // PEP_KEY_HAS_AMBIG_NAME at least one of the receipient keys has
74 // PEP_UNENCRYPTED on demand or no recipients with usable
75 // key, is left unencrypted, and key is
79 // the ownership of src remains with the caller
80 // the ownership of dst goes to the caller
82 DYNAMIC_API PEP_STATUS encrypt_message(
87 PEP_enc_format enc_format,
88 PEP_encrypt_flags_t flags
92 // encrypt_message_and_add_priv_key() - encrypt message in memory, adding an encrypted private
93 // key (encrypted separately and sent within the inner message)
96 // session (in) session handle
97 // src (in) message to encrypt
98 // dst (out) pointer to new encrypted message or NULL if no
99 // encryption could take place
100 // to_fpr fingerprint of the recipient key to which the private key
101 // should be encrypted
102 // enc_format (in) encrypted format
103 // flags (in) flags to set special encryption features
106 // PEP_STATUS_OK on success
107 // PEP_KEY_HAS_AMBIG_NAME at least one of the receipient keys has
109 // PEP_UNENCRYPTED on demand or no recipients with usable
110 // key, is left unencrypted, and key is
114 // the ownershop of src remains with the caller
115 // the ownership of dst goes to the caller
116 DYNAMIC_API PEP_STATUS encrypt_message_and_add_priv_key(
121 PEP_enc_format enc_format,
122 PEP_encrypt_flags_t flags
126 // encrypt_message_for_self() - encrypt message in memory for user's identity only,
127 // ignoring recipients and other identities from
130 // session (in) session handle
131 // target_id (in) self identity this message should be encrypted for
132 // src (in) message to encrypt
133 // extra (in) extra keys for encryption
134 // dst (out) pointer to new encrypted message or NULL on failure
135 // enc_format (in) encrypted format
136 // flags (in) flags to set special encryption features
138 // return value: (FIXME: This may not be correct or complete)
139 // PEP_STATUS_OK on success
140 // PEP_KEY_NOT_FOUND at least one of the receipient keys
141 // could not be found
142 // PEP_KEY_HAS_AMBIG_NAME at least one of the receipient keys has
144 // PEP_GET_KEY_FAILED cannot retrieve key
147 // the ownership of src remains with the caller
148 // the ownership of target_id remains w/ caller
149 // the ownership of dst goes to the caller
150 // message is NOT encrypted for identities other than the target_id (and then,
151 // only if the target_id refers to self!)
152 DYNAMIC_API PEP_STATUS encrypt_message_for_self(
154 pEp_identity* target_id,
158 PEP_enc_format enc_format,
159 PEP_encrypt_flags_t flags
162 typedef enum _PEP_rating {
163 PEP_rating_undefined = 0,
164 PEP_rating_cannot_decrypt,
165 PEP_rating_have_no_key,
166 PEP_rating_unencrypted,
167 PEP_rating_unencrypted_for_some, // don't use this any more
168 PEP_rating_unreliable,
171 PEP_rating_trusted_and_anonymized,
172 PEP_rating_fully_anonymous,
174 PEP_rating_mistrust = -1,
175 PEP_rating_b0rken = -2,
176 PEP_rating_under_attack = -3
179 typedef enum _PEP_color {
180 PEP_color_no_color = 0,
187 // color_from_rating - calculate color from rating
190 // rating (in) rating
192 // return value: color representing that rating
193 DYNAMIC_API PEP_color color_from_rating(PEP_rating rating);
195 typedef enum _PEP_decrypt_flags {
196 PEP_decrypt_flag_own_private_key = 0x1,
197 PEP_decrypt_flag_consume = 0x2,
198 PEP_decrypt_flag_ignore = 0x4,
199 PEP_decrypt_flag_src_modified = 0x8,
201 PEP_decrypt_flag_untrusted_server = 0x100,
202 PEP_decrypt_flag_dont_trigger_sync = 0x200,
205 typedef unsigned int PEP_decrypt_flags_t;
208 // decrypt_message() - decrypt message in memory
211 // session (in) session handle
212 // src (inout) message to decrypt
213 // dst (out) pointer to new decrypted message or NULL on failure
214 // keylist (inout) in: stringlist with additional keyids for reencryption if needed
215 // (will be freed and replaced with output keylist)
216 // out: stringlist with keyids used for signing and encryption. first
217 // first key is signer, additional keys are the ones it was encrypted
218 // to. Only signer and whichever of the user's keys was used are
220 // rating (out) rating for the message
221 // flags (inout) flags to signal special decryption features
225 // or PEP_DECRYPTED if message decrypted but not verified
226 // or PEP_CANNOT_REENCRYPT if message was decrypted (and possibly
227 // verified) but a reencryption operation is expected by the caller
229 // or PEP_STATUS_OK on success
233 // PEP_decrypt_flag_untrusted_server
234 // used to signal that decrypt function should engage in behaviour
235 // specified for when the server storing the source is untrusted
237 // PEP_decrypt_flag_own_private_key
238 // private key was imported for one of our addresses (NOT trusted
239 // or set to be used - handshake/trust is required for that)
240 // PEP_decrypt_flag_src_modified
241 // indicates that the src object has been modified. At the moment,
242 // this is always as a direct result of the behaviour driven
243 // by the input flags. This flag is the ONLY value that should be
244 // relied upon to see if such changes have taken place.
245 // PEP_decrypt_flag_consume
247 // PEP_decrypt_flag_ignore
252 // the ownership of src remains with the caller - however, the contents
253 // might be modified (strings freed and allocated anew or set to NULL,
254 // etc) intentionally; when this happens, PEP_decrypt_flag_src_modified
256 // the ownership of dst goes to the caller
257 // the ownership of keylist goes to the caller
258 // if src is unencrypted this function returns PEP_UNENCRYPTED and sets
260 DYNAMIC_API PEP_STATUS decrypt_message(
264 stringlist_t **keylist,
266 PEP_decrypt_flags_t *flags
269 // own_message_private_key_details() - details on own key in own message
272 // session (in) session handle
273 // msg (in) message to decrypt
274 // ident (out) identity containing uid, address and fpr of key
277 // In order to obtain details about key to be possibly imported
278 // as a replacement of key currently used as own identity,
279 // application passes message that have been previously flagged by
280 // decrypt_message() as own message containing own key to this function
283 // error status or PEP_STATUS_OK on success
286 // the ownership of msg remains with the caller
287 // the ownership of ident goes to the caller
288 // msg MUST be encrypted so that this function can check own signature
289 DYNAMIC_API PEP_STATUS own_message_private_key_details(
296 // outgoing_message_rating() - get rating for an outgoing message
299 // session (in) session handle
300 // msg (in) message to get the rating for
301 // rating (out) rating for the message
304 // error status or PEP_STATUS_OK on success
307 // msg->from must point to a valid pEp_identity
308 // msg->dir must be PEP_dir_outgoing
309 // the ownership of msg remains with the caller
310 DYNAMIC_API PEP_STATUS outgoing_message_rating(
317 // outgoing_message_rating_preview() - get rating preview
320 // session (in) session handle
321 // msg (in) message to get the rating for
322 // rating (out) rating preview for the message
325 // error status or PEP_STATUS_OK on success
328 // msg->from must point to a valid pEp_identity
329 // msg->dir must be PEP_dir_outgoing
330 // the ownership of msg remains with the caller
331 DYNAMIC_API PEP_STATUS outgoing_message_rating_preview(
337 // identity_rating() - get rating for a single identity
340 // session (in) session handle
341 // ident (in) identity to get the rating for
342 // rating (out) rating for the identity
345 // error status or PEP_STATUS_OK on success
348 // the ownership of ident remains with the caller
349 DYNAMIC_API PEP_STATUS identity_rating(
356 // get_binary_path() - retrieve path of cryptotech binary if available
359 // tech (in) cryptotech to get the binary for
360 // path (out) path to cryptotech binary or NULL if not available
361 // **path is owned by the library, do not change it!
362 DYNAMIC_API PEP_STATUS get_binary_path(PEP_cryptotech tech, const char **path);
365 // get_trustwords() - get full trustwords string for a *pair* of identities
368 // session (in) session handle
369 // id1 (in) identity of first party in communication - fpr can't be NULL
370 // id2 (in) identity of second party in communication - fpr can't be NULL
371 // lang (in) C string with ISO 639-1 language code
372 // words (out) pointer to C string with all trustwords UTF-8 encoded,
373 // separated by a blank each
374 // NULL if language is not supported or trustword
375 // wordlist is damaged or unavailable
376 // wsize (out) length of full trustwords string
377 // full (in) if true, generate ALL trustwords for these identities.
378 // else, generate a fixed-size subset. (TODO: fixed-minimum-entropy
379 // subset in next version)
382 // PEP_STATUS_OK trustwords retrieved
383 // PEP_OUT_OF_MEMORY out of memory
384 // PEP_TRUSTWORD_NOT_FOUND at least one trustword not found
387 // the word pointer goes to the ownership of the caller
388 // the caller is responsible to free() it (on Windoze use pEp_free())
390 DYNAMIC_API PEP_STATUS get_trustwords(
391 PEP_SESSION session, const pEp_identity* id1, const pEp_identity* id2,
392 const char* lang, char **words, size_t *wsize, bool full
396 // get_message_trustwords() - get full trustwords string for message sender and reciever identities
399 // session (in) session handle
400 // msg (in) message to get sender identity from
401 // keylist (in) NULL if message to be decrypted,
402 // keylist returned by decrypt_message() otherwise
403 // received_by (in) identity for account receiving message can't be NULL
404 // lang (in) C string with ISO 639-1 language code
405 // words (out) pointer to C string with all trustwords UTF-8 encoded,
406 // separated by a blank each
407 // NULL if language is not supported or trustword
408 // wordlist is damaged or unavailable
409 // full (in) if true, generate ALL trustwords for these identities.
410 // else, generate a fixed-size subset. (TODO: fixed-minimum-entropy
411 // subset in next version)
414 // PEP_STATUS_OK trustwords retrieved
415 // PEP_OUT_OF_MEMORY out of memory
416 // PEP_TRUSTWORD_NOT_FOUND at least one trustword not found
417 // error status of decrypt_message() if decryption fails.
420 // the word pointer goes to the ownership of the caller
421 // the caller is responsible to free() it (on Windoze use pEp_free())
423 DYNAMIC_API PEP_STATUS get_message_trustwords(
426 stringlist_t *keylist,
427 pEp_identity* received_by,
428 const char* lang, char **words, bool full
431 // re_evaluate_message_rating() - re-evaluate already decrypted message rating
434 // session (in) session handle
435 // msg (in) message to get the rating for
436 // x_keylist (in) decrypted message recipients keys fpr
437 // x_enc_status (in) original rating for the decrypted message
438 // rating (out) rating for the message
441 // PEP_ILLEGAL_VALUE if decrypted message doesn't contain
442 // X-EncStatus optional field and x_enc_status is
443 // pEp_rating_udefined
444 // or if decrypted message doesn't contain
445 // X-Keylist optional field and x_keylist is NULL
446 // PEP_OUT_OF_MEMORY if not enough memory could be allocated
449 // msg->from must point to a valid pEp_identity
450 // the ownership of msg remains with the caller
451 // the ownership of x_keylist remains with to the caller
453 DYNAMIC_API PEP_STATUS re_evaluate_message_rating(
456 stringlist_t *x_keylist,
457 PEP_rating x_enc_status,
461 // get_key_rating_for_user() - get the rating of a certain key for a certain user
465 // session (in) session handle
466 // user_id (in) string with user ID
467 // fpr (in) string with fingerprint
468 // rating (out) rating of key for this user
471 // PEP_RECORD_NOT_FOUND if no trust record for user_id and fpr can be found
473 DYNAMIC_API PEP_STATUS get_key_rating_for_user(