1 // This file is under GNU General Public License 3.0
14 #include "dynamic_api.h"
15 #include "stringlist.h"
16 #include "stringpair.h"
17 #include "timestamp.h"
19 #define PEP_VERSION "2.0" // protocol version
21 #define PEP_OWN_USERID "pEp_own_userId"
26 // Unicode data has to be normalized to NFC before calling
27 // UTF-8 strings are UTF-8 encoded C strings (zero terminated)
31 typedef struct _pEpSession * PEP_SESSION;
36 PEP_INIT_CANNOT_LOAD_GPGME = 0x0110,
37 PEP_INIT_GPGME_INIT_FAILED = 0x0111,
38 PEP_INIT_NO_GPG_HOME = 0x0112,
39 PEP_INIT_NETPGP_INIT_FAILED = 0x0113,
40 PEP_INIT_CANNOT_DETERMINE_GPG_VERSION = 0x0114,
41 PEP_INIT_UNSUPPORTED_GPG_VERSION = 0x0115,
42 PEP_INIT_CANNOT_CONFIG_GPG_AGENT = 0x0116,
44 PEP_INIT_SQLITE3_WITHOUT_MUTEX = 0x0120,
45 PEP_INIT_CANNOT_OPEN_DB = 0x0121,
46 PEP_INIT_CANNOT_OPEN_SYSTEM_DB = 0x0122,
48 PEP_KEY_NOT_FOUND = 0x0201,
49 PEP_KEY_HAS_AMBIG_NAME = 0x0202,
50 PEP_GET_KEY_FAILED = 0x0203,
51 PEP_CANNOT_EXPORT_KEY = 0x0204,
52 PEP_CANNOT_EDIT_KEY = 0x0205,
53 PEP_KEY_UNSUITABLE = 0x0206,
55 PEP_CANNOT_FIND_IDENTITY = 0x0301,
56 PEP_CANNOT_SET_PERSON = 0x0381,
57 PEP_CANNOT_SET_PGP_KEYPAIR = 0x0382,
58 PEP_CANNOT_SET_IDENTITY = 0x0383,
59 PEP_CANNOT_SET_TRUST = 0x0384,
60 PEP_KEY_BLACKLISTED = 0x0385,
61 PEP_CANNOT_FIND_PERSON = 0x0386,
63 PEP_CANNOT_FIND_ALIAS = 0x0391,
64 PEP_CANNOT_SET_ALIAS = 0x0392,
66 PEP_UNENCRYPTED = 0x0400,
67 PEP_VERIFIED = 0x0401,
68 PEP_DECRYPTED = 0x0402,
69 PEP_DECRYPTED_AND_VERIFIED = 0x0403,
70 PEP_DECRYPT_WRONG_FORMAT = 0x0404,
71 PEP_DECRYPT_NO_KEY = 0x0405,
72 PEP_DECRYPT_SIGNATURE_DOES_NOT_MATCH = 0x0406,
73 PEP_VERIFY_NO_KEY = 0x0407,
74 PEP_VERIFIED_AND_TRUSTED = 0x0408,
75 PEP_CANNOT_REENCRYPT = 0x0409,
76 PEP_CANNOT_DECRYPT_UNKNOWN = 0x04ff,
78 PEP_TRUSTWORD_NOT_FOUND = 0x0501,
79 PEP_TRUSTWORDS_FPR_WRONG_LENGTH = 0x0502,
80 PEP_TRUSTWORDS_DUPLICATE_FPR = 0x0503,
82 PEP_CANNOT_CREATE_KEY = 0x0601,
83 PEP_CANNOT_SEND_KEY = 0x0602,
85 PEP_PHRASE_NOT_FOUND = 0x0701,
87 PEP_SEND_FUNCTION_NOT_REGISTERED = 0x0801,
88 PEP_CONTRAINTS_VIOLATED = 0x0802,
89 PEP_CANNOT_ENCODE = 0x0803,
91 PEP_SYNC_NO_NOTIFY_CALLBACK = 0x0901,
92 PEP_SYNC_ILLEGAL_MESSAGE = 0x0902,
93 PEP_SYNC_NO_INJECT_CALLBACK = 0x0903,
95 PEP_SEQUENCE_VIOLATED = 0x0970,
96 PEP_CANNOT_INCREASE_SEQUENCE = 0x0971,
97 PEP_CANNOT_SET_SEQUENCE_VALUE = 0x0972,
98 PEP_OWN_SEQUENCE = 0x097f,
100 PEP_SYNC_STATEMACHINE_ERROR = 0x0980,
101 PEP_SYNC_NO_TRUST = 0x0981,
102 PEP_STATEMACHINE_INVALID_STATE = 0x0982,
103 PEP_STATEMACHINE_INVALID_EVENT = 0x0983,
104 PEP_STATEMACHINE_INVALID_CONDITION = 0x0984,
105 PEP_STATEMACHINE_INVALID_ACTION = 0x0985,
106 PEP_STATEMACHINE_INHIBITED_EVENT = 0x0986,
108 PEP_COMMIT_FAILED = 0xff01,
109 PEP_MESSAGE_CONSUME = 0xff02,
110 PEP_MESSAGE_IGNORE = 0xff03,
112 PEP_RECORD_NOT_FOUND = -6,
113 PEP_CANNOT_CREATE_TEMP_FILE = -5,
114 PEP_ILLEGAL_VALUE = -4,
115 PEP_BUFFER_TOO_SMALL = -3,
116 PEP_OUT_OF_MEMORY = -2,
117 PEP_UNKNOWN_ERROR = -1,
119 PEP_VERSION_MISMATCH = -7,
123 // INIT_STATUS init() - initialize pEpEngine for a thread
126 // session (out) init() allocates session memory and returns a pointer
130 // PEP_STATUS_OK = 0 if init() succeeds
131 // PEP_INIT_SQLITE3_WITHOUT_MUTEX if SQLite3 was compiled with
132 // SQLITE_THREADSAFE 0
133 // PEP_INIT_CANNOT_LOAD_GPGME if libgpgme.dll cannot be found
134 // PEP_INIT_GPGME_INIT_FAILED if GPGME init fails
135 // PEP_INIT_CANNOT_OPEN_DB if user's management db cannot be
137 // PEP_INIT_CANNOT_OPEN_SYSTEM_DB if system's management db cannot be
141 // THE CALLER MUST GUARD THIS CALL EXTERNALLY WITH A MUTEX. release() should
142 // be similarly guarded.
144 // the pointer is valid only if the return value is PEP_STATUS_OK
145 // in other case a NULL pointer will be returned; a valid handle must
146 // be released using release() when it's no longer needed
148 // the caller has to guarantee that the first call to this function
149 // will succeed before further calls can be done
151 DYNAMIC_API PEP_STATUS init(PEP_SESSION *session);
154 // void release() - release thread session handle
157 // session (in) session handle to release
160 // THE CALLER MUST GUARD THIS CALL EXTERNALLY WITH A MUTEX. init() should
161 // be similarly guarded.
163 // the last release() can be called only when all other release() calls
166 DYNAMIC_API void release(PEP_SESSION session);
169 // const stringlist_t* get_errorstack(PEP_SESSION) - get the error stack for that session, if any
172 // session (in) session handle
175 // To get a useful error stack you have to compile with -DDEBUG_ERRORSTACK
176 // The error stack belongs to the session. Do no not change it!
177 DYNAMIC_API const stringlist_t* get_errorstack(PEP_SESSION session);
180 // void clear_errorstack(PEP_SESSION) - clear the error stack for that session, if any
183 // session (in) session handle
185 DYNAMIC_API void clear_errorstack(PEP_SESSION session);
188 // config_passive_mode() - enable passive mode
191 // session (in) session handle
192 // enable (in) flag if enabled or disabled
194 DYNAMIC_API void config_passive_mode(PEP_SESSION session, bool enable);
197 // config_unencrypted_subject() - disable subject encryption
200 // session (in) session handle
201 // enable (in) flag if enabled or disabled
203 DYNAMIC_API void config_unencrypted_subject(PEP_SESSION session, bool enable);
206 // config_use_only_own_private_keys() - enable passive mode
209 // session (in) session handle
210 // enable (in) flag if enabled or disabled
212 DYNAMIC_API void config_use_only_own_private_keys(PEP_SESSION session, bool enable);
215 // config_keep_sync_msg() - do not remove sync messages (for debugging purposes)
217 // session (in) session handle
218 // enable (in) flag if enabled or disabled
220 DYNAMIC_API void config_keep_sync_msg(PEP_SESSION session, bool enable);
223 // config_service_log() - log more for service purposes
225 // session (in) session handle
226 // enable (in) flag if enabled or disabled
228 DYNAMIC_API void config_service_log(PEP_SESSION session, bool enable);
231 // decrypt_and_verify() - decrypt and/or verify a message
234 // session (in) session handle
235 // ctext (in) cipher text to decrypt and/or verify
236 // csize (in) size of cipher text
237 // dsigtext (in) if extant, *detached* signature text for this
238 // message (or NULL if not)
239 // dsize (in) size of *detached* signature text for this
240 // message (0, if no detached sig exists)
241 // ptext (out) pointer to internal buffer with plain text
242 // psize (out) size of plain text
243 // keylist (out) list of key ids which where used to encrypt
246 // PEP_UNENCRYPTED message was unencrypted and not signed
247 // PEP_VERIFIED message was unencrypted, signature matches
248 // PEP_DECRYPTED message is decrypted now, no signature
249 // PEP_DECRYPTED_AND_VERIFIED message is decrypted now and verified
250 // PEP_DECRYPT_WRONG_FORMAT message has wrong format to handle
251 // PEP_DECRYPT_NO_KEY key not available to decrypt and/or verify
252 // PEP_DECRYPT_SIGNATURE_DOES_NOT_MATCH wrong signature
255 // the ownerships of ptext as well as keylist are going to the caller
256 // the caller must use free() (or an Windoze pEp_free()) and
257 // free_stringlist() to free them
259 // if this function failes an error message may be the first element of
260 // keylist and the other elements may be the keys used for encryption
262 DYNAMIC_API PEP_STATUS decrypt_and_verify(
263 PEP_SESSION session, const char *ctext, size_t csize,
264 const char *dsigtext, size_t dsigsize,
265 char **ptext, size_t *psize, stringlist_t **keylist
269 // verify_text() - verfy plain text with a digital signature
272 // session (in) session handle
273 // text (in) text to verify
274 // size (in) size of text
275 // signature (in) signature text
276 // sig_size (in) size of signature
277 // keylist (out) list of key ids which where used to encrypt or NULL on
281 // PEP_VERIFIED message was unencrypted, signature matches
282 // PEP_DECRYPT_NO_KEY key not available to decrypt and/or verify
283 // PEP_DECRYPT_SIGNATURE_DOES_NOT_MATCH wrong signature
285 DYNAMIC_API PEP_STATUS verify_text(
286 PEP_SESSION session, const char *text, size_t size,
287 const char *signature, size_t sig_size, stringlist_t **keylist
291 // encrypt_and_sign() - encrypt and sign a message
294 // session (in) session handle
295 // keylist (in) list of key ids to encrypt with as C strings
296 // ptext (in) plain text to decrypt and/or verify
297 // psize (in) size of plain text
298 // ctext (out) pointer to internal buffer with cipher text
299 // csize (out) size of cipher text
302 // PEP_STATUS_OK = 0 encryption and signing succeeded
303 // PEP_KEY_NOT_FOUND at least one of the recipient keys
304 // could not be found
305 // PEP_KEY_HAS_AMBIG_NAME at least one of the recipient keys has
307 // PEP_GET_KEY_FAILED cannot retrieve key
310 // the ownership of ctext is going to the caller
311 // the caller is responsible to free() it (on Windoze use pEp_free())
312 // the first key in keylist is being used to sign the message
313 // this implies there has to be a private key for that keypair
315 DYNAMIC_API PEP_STATUS encrypt_and_sign(
316 PEP_SESSION session, const stringlist_t *keylist, const char *ptext,
317 size_t psize, char **ctext, size_t *csize
321 // log_event() - log a user defined event defined by UTF-8 encoded strings into
325 // session (in) session handle
326 // title (in) C string with event name
327 // entity (in) C string with name of entity which is logging
328 // description (in) C string with long description for event or NULL if
330 // comment (in) C string with user defined comment or NULL if
334 // PEP_STATUS_OK log entry created
336 DYNAMIC_API PEP_STATUS log_event(
340 const char *description,
345 DYNAMIC_API PEP_STATUS log_service(PEP_SESSION session, const char *title,
346 const char *entity, const char *description, const char *comment);
349 #define _D_STR_(x) _STR_(x)
350 #define S_LINE _D_STR_(__LINE__)
352 #define SERVICE_LOG(session, title, entity, desc) \
353 log_service((session), (title), (entity), (desc), "service " __FILE__ ":" S_LINE)
356 // trustword() - get the corresponding trustword for a 16 bit value
359 // session (in) session handle
360 // value (in) value to find a trustword for
361 // lang (in) C string with ISO 639-1 language code
362 // word (out) pointer to C string with trustword UTF-8 encoded
363 // NULL if language is not supported or trustword
364 // wordlist is damaged or unavailable
365 // wsize (out) length of trustword
368 // PEP_STATUS_OK trustword retrieved
369 // PEP_TRUSTWORD_NOT_FOUND trustword not found
372 // the word pointer goes to the ownership of the caller
373 // the caller is responsible to free() it (on Windoze use pEp_free())
375 DYNAMIC_API PEP_STATUS trustword(
376 PEP_SESSION session, uint16_t value, const char *lang,
377 char **word, size_t *wsize
381 // trustwords() - get trustwords for a string of hex values of a fingerprint
384 // session (in) session handle
385 // fingerprint (in) C string with hex values to find trustwords for
386 // lang (in) C string with ISO 639-1 language code
387 // words (out) pointer to C string with trustwords UTF-8 encoded,
388 // separated by a blank each
389 // NULL if language is not supported or trustword
390 // wordlist is damaged or unavailable
391 // wsize (out) length of trustwords string
392 // max_words (in) only generate a string with max_words;
393 // if max_words == 0 there is no such limit
396 // PEP_STATUS_OK trustwords retrieved
397 // PEP_OUT_OF_MEMORY out of memory
398 // PEP_TRUSTWORD_NOT_FOUND at least one trustword not found
401 // the word pointer goes to the ownership of the caller
402 // the caller is responsible to free() it (on Windoze use pEp_free())
404 // DON'T USE THIS FUNCTION FROM HIGH LEVEL LANGUAGES!
406 // Better implement a simple one in the adapter yourself using trustword(), and
407 // return a list of trustwords.
408 // This function is provided for being used by C and C++ programs only.
410 DYNAMIC_API PEP_STATUS trustwords(
411 PEP_SESSION session, const char *fingerprint, const char *lang,
412 char **words, size_t *wsize, int max_words
416 // TODO: increase versions in pEp.asn1 if rating changes
418 typedef enum _PEP_comm_type {
421 // range 0x01 to 0x09: no encryption, 0x0a to 0x0e: nothing reasonable
423 PEP_ct_no_encryption = 0x01, // generic
424 PEP_ct_no_encrypted_channel = 0x02,
425 PEP_ct_key_not_found = 0x03,
426 PEP_ct_key_expired = 0x04,
427 PEP_ct_key_revoked = 0x05,
428 PEP_ct_key_b0rken = 0x06,
429 PEP_ct_my_key_not_included = 0x09,
431 PEP_ct_security_by_obscurity = 0x0a,
432 PEP_ct_b0rken_crypto = 0x0b,
433 PEP_ct_key_too_short = 0x0c,
435 PEP_ct_compromised = 0x0e, // known compromised connection
436 PEP_ct_compromized = 0x0e, // deprecated misspelling
437 PEP_ct_mistrusted = 0x0f, // known mistrusted key
439 // range 0x10 to 0x3f: unconfirmed encryption
441 PEP_ct_unconfirmed_encryption = 0x10, // generic
442 PEP_ct_OpenPGP_weak_unconfirmed = 0x11, // RSA 1024 is weak
444 PEP_ct_to_be_checked = 0x20, // generic
445 PEP_ct_SMIME_unconfirmed = 0x21,
446 PEP_ct_CMS_unconfirmed = 0x22,
448 PEP_ct_strong_but_unconfirmed = 0x30, // generic
449 PEP_ct_OpenPGP_unconfirmed = 0x38, // key at least 2048 bit RSA or EC
450 PEP_ct_OTR_unconfirmed = 0x3a,
452 // range 0x40 to 0x7f: unconfirmed encryption and anonymization
454 PEP_ct_unconfirmed_enc_anon = 0x40, // generic
455 PEP_ct_pEp_unconfirmed = 0x7f,
457 PEP_ct_confirmed = 0x80, // this bit decides if trust is confirmed
459 // range 0x81 to 0x8f: reserved
460 // range 0x90 to 0xbf: confirmed encryption
462 PEP_ct_confirmed_encryption = 0x90, // generic
463 PEP_ct_OpenPGP_weak = 0x91, // RSA 1024 is weak (unused)
465 PEP_ct_to_be_checked_confirmed = 0xa0, //generic
469 PEP_ct_strong_encryption = 0xb0, // generic
470 PEP_ct_OpenPGP = 0xb8, // key at least 2048 bit RSA or EC
473 // range 0xc0 to 0xff: confirmed encryption and anonymization
475 PEP_ct_confirmed_enc_anon = 0xc0, // generic
479 typedef enum _identity_flags {
480 // the first octet flags are app defined settings
481 PEP_idf_not_for_sync = 0x0001, // don't use this identity for sync
482 PEP_idf_list = 0x0002, // identity of list of persons
483 // the second octet flags are calculated
484 PEP_idf_devicegroup = 0x0100 // identity of a device group member
487 typedef unsigned int identity_flags_t;
489 // typedef enum _keypair_flags {
492 typedef unsigned int keypair_flags_t;
494 typedef struct _pEp_identity {
495 char *address; // C string with address UTF-8 encoded
496 char *fpr; // C string with fingerprint UTF-8 encoded
497 char *user_id; // C string with user ID UTF-8 encoded
498 // user_id MIGHT be set to "pEp_own_userId"
499 // (use PEP_OWN_USERID preprocessor define)
500 // if this is own user's identity.
501 // But it is not REQUIRED to be.
502 char *username; // C string with user name UTF-8 encoded
503 PEP_comm_type comm_type; // type of communication with this ID
504 char lang[3]; // language of conversation
505 // ISO 639-1 ALPHA-2, last byte is 0
506 bool me; // if this is the local user herself/himself
507 identity_flags_t flags; // identity_flag1 | identity_flag2 | ...
510 typedef struct _identity_list {
512 struct _identity_list *next;
516 // new_identity() - allocate memory and set the string and size fields
519 // address (in) UTF-8 string or NULL
520 // fpr (in) UTF-8 string or NULL
521 // user_id (in) UTF-8 string or NULL
522 // username (in) UTF-8 string or NULL
525 // pEp_identity struct or NULL if out of memory
528 // the strings are copied; the original strings are still being owned by
531 DYNAMIC_API pEp_identity *new_identity(
532 const char *address, const char *fpr, const char *user_id,
537 // identity_dup() - allocate memory and duplicate
540 // src (in) identity to duplicate
543 // pEp_identity struct or NULL if out of memory
546 // the strings are copied; the original strings are still being owned by
549 DYNAMIC_API pEp_identity *identity_dup(const pEp_identity *src);
552 // free_identity() - free all memory being occupied by a pEp_identity struct
555 // identity (in) struct to release
558 // not only the struct but also all string memory referenced by the
559 // struct is being freed; all pointers inside are invalid afterwards
561 DYNAMIC_API void free_identity(pEp_identity *identity);
564 // get_identity() - get identity information
567 // session (in) session handle
568 // address (in) C string with communication address, UTF-8 encoded
569 // user_id (in) unique C string to identify person that identity
571 // identity (out) pointer to pEp_identity structure with results or
575 // address and user_id are being copied; the original strings remains in
576 // the ownership of the caller
577 // the resulting pEp_identity structure goes to the ownership of the
578 // caller and has to be freed with free_identity() when not in use any
581 DYNAMIC_API PEP_STATUS get_identity(
585 pEp_identity **identity
588 PEP_STATUS replace_identities_fpr(PEP_SESSION session,
590 const char* new_fpr);
593 // set_identity() - set identity information
596 // session (in) session handle
597 // identity (in) pointer to pEp_identity structure
600 // PEP_STATUS_OK = 0 encryption and signing succeeded
601 // PEP_CANNOT_SET_PERSON writing to table person failed
602 // PEP_CANNOT_SET_PGP_KEYPAIR writing to table pgp_keypair failed
603 // PEP_CANNOT_SET_IDENTITY writing to table identity failed
604 // PEP_COMMIT_FAILED SQL commit failed
607 // address, fpr, user_id and username must be given
609 DYNAMIC_API PEP_STATUS set_identity(
610 PEP_SESSION session, const pEp_identity *identity
613 // get_default own_userid() - get the user_id of the own user
616 // session (in) session handle
617 // userid (out) own user id (if it exists)
620 // PEP_STATUS_OK = 0 userid was found
621 // PEP_CANNOT_FIND_IDENTITY no own_user found in the DB
622 // PEP_UNKNOWN_ERROR results were returned, but no ID
623 // found (no reason this should ever occur)
625 // userid will be NULL if not found; otherwise, returned string
626 // belongs to the caller.
628 DYNAMIC_API PEP_STATUS get_default_own_userid(
633 // get_userid_alias_default() - get the default user_id which corresponds
636 // session (in) session handle
637 // alias_id (in) the user_id which may be an alias for a default id
638 // default_id (out) the default id for this alias, if the alias
639 // is in the DB as an alias, else NULL
641 // PEP_STATUS_OK = 0 userid was found
642 // PEP_CANNOT_FIND_ALIAS this userid is not listed as an
644 // PEP_UNKNOWN_ERROR results were returned, but no ID
645 // found (no reason this should ever occur)
647 // default_id will be NULL if not found; otherwise, returned string
648 // belongs to the caller.
649 // also, current implementation does NOT check to see if this userid
652 DYNAMIC_API PEP_STATUS get_userid_alias_default(
654 const char* alias_id,
657 // set_userid_alias() - set an alias to correspond to a default id
659 // session (in) session handle
660 // default_id (in) the default id for this alias. This must
661 // correspond to the default user_id for an
662 // entry in the person (user) table.
663 // alias_id (in) the alias to be set for this default id
665 // PEP_STATUS_OK = 0 userid was found
666 // PEP_CANNOT_SET_ALIAS there was an error setting this
668 DYNAMIC_API PEP_STATUS set_userid_alias (
670 const char* default_id,
671 const char* alias_id);
674 // set_device_group() - update own person's device group
677 // session (in) session handle
678 // group_name (in) new group name
681 // PEP_STATUS_OK = 0 device group was updated
682 // PEP_CANNOT_SET_PERSON update failed
684 DYNAMIC_API PEP_STATUS set_device_group(
686 const char *group_name
689 // get_device_group() - get own person's device group
692 // session (in) session handle
693 // group_name (in) new group name
696 // PEP_STATUS_OK = 0 couldn't get device group
697 // PEP_RECORD_NOT_FOUND update failed
700 // the ownerships of group_name is going to the caller
702 DYNAMIC_API PEP_STATUS get_device_group(
707 // set_identity_flags() - update identity flags on existing identity
710 // session (in) session handle
711 // identity (in,out) pointer to pEp_identity structure
712 // flags (in) new value for flags
715 // PEP_STATUS_OK = 0 encryption and signing succeeded
716 // PEP_CANNOT_SET_IDENTITY update of identity failed
719 // address and user_id must be given in identity
721 DYNAMIC_API PEP_STATUS set_identity_flags(
723 pEp_identity *identity,
724 identity_flags_t flags
727 // unset_identity_flags() - update identity flags on existing identity
730 // session (in) session handle
731 // identity (in,out) pointer to pEp_identity structure
732 // flags (in) new value for flags
735 // PEP_STATUS_OK = 0 encryption and signing succeeded
736 // PEP_CANNOT_SET_IDENTITY update of identity failed
739 // address and user_id must be given in identity
741 DYNAMIC_API PEP_STATUS unset_identity_flags(
743 pEp_identity *identity,
744 identity_flags_t flags
747 // mark_as_compromised() - mark key in trust db as compromised
750 // session (in) session handle
751 // fpr (in) fingerprint of key to mark
753 DYNAMIC_API PEP_STATUS mark_as_compromised(
759 // mark_as_compromized() - deprecated to fix misspelling. Please move to
760 // mark_as_compromised();
762 DYNAMIC_API PEP_STATUS mark_as_compromized(
768 // generate_keypair() - generate a new key pair and add it to the key ring
771 // session (in) session handle
772 // identity (inout) pointer to pEp_identity structure
775 // PEP_STATUS_OK = 0 encryption and signing succeeded
776 // PEP_ILLEGAL_VALUE illegal values for identity fields given
777 // PEP_CANNOT_CREATE_KEY key engine is on strike
780 // address and username fields must be set to UTF-8 strings
781 // the fpr field must be set to NULL
783 // this function allocates a string and sets set fpr field of identity
784 // the caller is responsible to call free() for that string or use
785 // free_identity() on the struct
787 DYNAMIC_API PEP_STATUS generate_keypair(
788 PEP_SESSION session, pEp_identity *identity
792 // delete_keypair() - delete a public key or a key pair from the key ring
795 // session (in) session handle
796 // fpr (in) C string with key id or fingerprint of the
800 // PEP_STATUS_OK = 0 key was successfully deleted
801 // PEP_KEY_NOT_FOUND key not found
802 // PEP_ILLEGAL_VALUE not a valid key id or fingerprint
803 // PEP_KEY_HAS_AMBIG_NAME fpr does not uniquely identify a key
804 // PEP_OUT_OF_MEMORY out of memory
806 DYNAMIC_API PEP_STATUS delete_keypair(PEP_SESSION session, const char *fpr);
809 // import_key() - import key from data
812 // session (in) session handle
813 // key_data (in) key data, i.e. ASCII armored OpenPGP key
814 // size (in) amount of data to handle
815 // private_keys (out) list of private keys that have been imported
818 // PEP_STATUS_OK = 0 key was successfully imported
819 // PEP_OUT_OF_MEMORY out of memory
820 // PEP_ILLEGAL_VALUE there is no key data to import
823 // private_keys goes to the ownership of the caller
824 // private_keys can be left NULL, it is then ignored
826 DYNAMIC_API PEP_STATUS import_key(
828 const char *key_data,
830 identity_list **private_keys
834 // export_key() - export ascii armored key
837 // session (in) session handle
838 // fpr (in) key id or fingerprint of key
839 // key_data (out) ASCII armored OpenPGP key
840 // size (out) amount of data to handle
843 // PEP_STATUS_OK = 0 key was successfully exported
844 // PEP_OUT_OF_MEMORY out of memory
845 // PEP_KEY_NOT_FOUND key not found
848 // the key_data goes to the ownership of the caller
849 // the caller is responsible to free() it (on Windoze use pEp_free())
851 DYNAMIC_API PEP_STATUS export_key(
852 PEP_SESSION session, const char *fpr, char **key_data, size_t *size
856 // export_secret_key() - export secret key ascii armored
859 // session (in) session handle
860 // fpr (in) fingerprint of key, at least 16 hex digits
861 // key_data (out) ASCII armored OpenPGP secret key
862 // size (out) amount of data to handle
865 // PEP_STATUS_OK = 0 key was successfully exported
866 // PEP_OUT_OF_MEMORY out of memory
867 // PEP_KEY_NOT_FOUND key not found
868 // PEP_CANNOT_EXPORT_KEY cannot export secret key (i.e. it's on an HKS)
871 // the key_data goes to the ownership of the caller
872 // the caller is responsible to free() it (on Windoze use pEp_free())
873 // beware of leaking secret key data - overwrite it in memory after use
875 DYNAMIC_API PEP_STATUS export_secret_key(
876 PEP_SESSION session, const char *fpr, char **key_data, size_t *size
880 // export_secrect_key() - deprecated misspelled function. Please replace with
883 DYNAMIC_API PEP_STATUS export_secrect_key(
884 PEP_SESSION session, const char *fpr, char **key_data, size_t *size
888 // recv_key() - update key(s) from keyserver
891 // session (in) session handle
892 // pattern (in) key id, user id or address to search for as
895 DYNAMIC_API PEP_STATUS recv_key(PEP_SESSION session, const char *pattern);
898 // find_keys() - find keys in keyring
901 // session (in) session handle
902 // pattern (in) key id, user id or address to search for as
904 // keylist (out) list of fingerprints found or NULL on error
907 // the ownerships of keylist isgoing to the caller
908 // the caller must use free_stringlist() to free it
911 DYNAMIC_API PEP_STATUS find_keys(
912 PEP_SESSION session, const char *pattern, stringlist_t **keylist
915 // send_key() - send key(s) to keyserver
918 // session (in) session handle
919 // pattern (in) key id, user id or address to search for as
922 DYNAMIC_API PEP_STATUS send_key(PEP_SESSION session, const char *pattern);
925 // pEp_free() - free memory allocated by pEp engine
928 // p (in) pointer to free
930 // The reason for this function is that heap management can be a pretty
931 // complex task with Windoze. This free() version calls the free()
932 // implementation of the C runtime library which was used to build pEp engine,
933 // so you're using the correct heap. For more information, see:
934 // <http://msdn.microsoft.com/en-us/library/windows/desktop/aa366711(v=vs.85).aspx>
936 DYNAMIC_API void pEp_free(void *p);
939 // get_trust() - get the trust level a key has for a person
942 // session (in) session handle
943 // identity (inout) user_id and fpr to check as UTF-8 strings (in)
944 // comm_type as result (out)
946 // this function modifies the given identity struct; the struct remains in
947 // the ownership of the caller
948 // if the trust level cannot be determined identity->comm_type is set
951 DYNAMIC_API PEP_STATUS get_trust(PEP_SESSION session, pEp_identity *identity);
954 PEP_STATUS set_trust(PEP_SESSION session,
955 pEp_identity* identity);
957 PEP_STATUS update_trust_for_fpr(PEP_SESSION session,
959 PEP_comm_type comm_type);
961 // least_trust() - get the least known trust level for a key in the database
964 // session (in) session handle
965 // fpr (in) fingerprint of key to check
966 // comm_type (out) least comm_type as result (out)
968 // if the trust level cannot be determined comm_type is set to PEP_ct_unknown
970 DYNAMIC_API PEP_STATUS least_trust(
973 PEP_comm_type *comm_type
977 // get_key_rating() - get the rating a bare key has
980 // session (in) session handle
981 // fpr (in) unique identifyer for key as UTF-8 string
982 // comm_type (out) key rating
984 // if an error occurs, *comm_type is set to PEP_ct_unknown and an error
987 DYNAMIC_API PEP_STATUS get_key_rating(
990 PEP_comm_type *comm_type
994 // renew_key() - renew an expired key
997 // session (in) session handle
998 // fpr (in) ID of key to renew as UTF-8 string
999 // ts (in) timestamp when key should expire or NULL for
1002 DYNAMIC_API PEP_STATUS renew_key(
1003 PEP_SESSION session,
1009 // revoke_key() - revoke a key
1012 // session (in) session handle
1013 // fpr (in) ID of key to revoke as UTF-8 string
1014 // reason (in) text with reason for revoke as UTF-8 string
1015 // or NULL if reason unknown
1018 // reason text must not include empty lines
1019 // this function is meant for internal use only; better use
1020 // key_mistrusted() of keymanagement API
1022 DYNAMIC_API PEP_STATUS revoke_key(
1023 PEP_SESSION session,
1029 // key_expired() - flags if a key is already expired
1032 // session (in) session handle
1033 // fpr (in) ID of key to check as UTF-8 string
1034 // when (in) UTC time of when should expiry be considered
1035 // expired (out) flag if key expired
1037 DYNAMIC_API PEP_STATUS key_expired(
1038 PEP_SESSION session,
1045 // key_revoked() - flags if a key is already revoked
1048 // session (in) session handle
1049 // fpr (in) ID of key to check as UTF-8 string
1050 // revoked (out) flag if key revoked
1052 DYNAMIC_API PEP_STATUS key_revoked(
1053 PEP_SESSION session,
1058 PEP_STATUS get_key_userids(
1059 PEP_SESSION session,
1061 stringlist_t** keylist
1065 // get_crashdump_log() - get the last log messages out
1068 // session (in) session handle
1069 // maxlines (in) maximum number of lines (0 for default)
1070 // logdata (out) logdata as string in double quoted CSV format
1072 // column2 is entity
1073 // column3 is description
1074 // column4 is comment
1077 // the ownership of logdata goes to the caller
1079 DYNAMIC_API PEP_STATUS get_crashdump_log(
1080 PEP_SESSION session,
1086 // get_languagelist() - get the list of languages
1089 // session (in) session handle
1090 // languages (out) languages as string in double quoted CSV format
1091 // column 1 is the ISO 639-1 language code
1092 // column 2 is the name of the language
1095 // the ownership of languages goes to the caller
1097 DYNAMIC_API PEP_STATUS get_languagelist(
1098 PEP_SESSION session,
1103 // get_phrase() - get phrase in a dedicated language through i18n
1106 // session (in) session handle
1107 // lang (in) C string with ISO 639-1 language code
1108 // phrase_id (in) id of phrase in i18n
1109 // phrase (out) phrase as UTF-8 string
1112 // the ownership of phrase goes to the caller
1114 DYNAMIC_API PEP_STATUS get_phrase(
1115 PEP_SESSION session,
1122 // sequence_value() - raise the value of a named sequence and retrieve it
1125 // session (in) session handle
1126 // name (inout) name of sequence or char[37] set to {0, }
1127 // for new own sequence named as UUID
1128 // value (inout) value of sequence value to test or 0 for
1129 // getting next value
1132 // PEP_STATUS_OK no error, not own sequence
1133 // PEP_SEQUENCE_VIOLATED if sequence violated
1134 // PEP_CANNOT_INCREASE_SEQUENCE if sequence cannot be increased
1135 // PEP_OWN_SEQUENCE if own sequence
1137 DYNAMIC_API PEP_STATUS sequence_value(
1138 PEP_SESSION session,
1144 // set_revoked() - records relation between a revoked key and its replacement
1147 // session (in) session handle
1148 // revoked_fpr (in) revoked fingerprint
1149 // replacement_fpr (in) replacement key fingerprint
1150 // revocation_date (in) revocation date
1152 DYNAMIC_API PEP_STATUS set_revoked(
1153 PEP_SESSION session,
1154 const char *revoked_fpr,
1155 const char *replacement_fpr,
1156 const uint64_t revocation_date
1160 // get_revoked() - find revoked key that may have been replaced by given key, if any
1163 // session (in) session handle
1164 // fpr (in) given fingerprint
1165 // revoked_fpr (out) revoked fingerprint
1166 // revocation_date (out) revocation date
1168 DYNAMIC_API PEP_STATUS get_revoked(
1169 PEP_SESSION session,
1172 uint64_t *revocation_date
1176 // key_created() - get creation date of a key
1179 // session (in) session handle
1180 // fpr (in) fingerprint of key
1181 // created (out) date of creation
1183 PEP_STATUS key_created(
1184 PEP_SESSION session,
1190 // find_private_keys() - find keys in keyring
1193 // session (in) session handle
1194 // pattern (in) key id, user id or address to search for as
1196 // keylist (out) list of fingerprints found or NULL on error
1199 // the ownerships of keylist isgoing to the caller
1200 // the caller must use free_stringlist() to free it
1201 PEP_STATUS find_private_keys(PEP_SESSION session, const char* pattern,
1202 stringlist_t **keylist);
1204 // get_engine_version() - returns the current version of pEpEngine (this is different
1205 // from the pEp protocol version!)
1209 // return_value: const char* to the engine version string constant
1211 DYNAMIC_API const char* get_engine_version();
1213 // is_pep_user() - returns true if the USER corresponding to this identity
1214 // has been listed in the *person* table as a pEp user.
1217 // identity (in) - identity containing the user_id to check (this is
1218 // the only part of the struct we require to be set)
1219 // is_pep (out) - boolean pointer - will return true or false by
1220 // reference with respect to whether or not user is
1223 // return_value: PEP_STATUS_OK if user found in person table
1224 // PEP_ILLEGAL_VALUE if no user_id in input
1225 // PEP_CANNOT_FIND_PERSON if user_id doesn't exist
1227 // caveat: This *does not check comm_type*
1229 DYNAMIC_API PEP_STATUS is_pep_user(PEP_SESSION session,
1230 pEp_identity *identity,
1235 DYNAMIC_API PEP_STATUS reset_peptest_hack(PEP_SESSION session);
1237 // This is used internally when there is a temporary identity to be retrieved
1238 // that may not yet have an FPR attached. See get_identity() for functionality,
1239 // params and caveats.
1240 PEP_STATUS get_identity_without_trust_check(
1241 PEP_SESSION session,
1242 const char *address,
1243 const char *user_id,
1244 pEp_identity **identity
1247 PEP_STATUS get_identities_by_address(
1248 PEP_SESSION session,
1249 const char *address,
1250 identity_list** id_list
1253 PEP_STATUS replace_userid(PEP_SESSION session, const char* old_uid,
1254 const char* new_uid);
1256 PEP_STATUS remove_fpr_as_default(PEP_SESSION session,
1260 PEP_STATUS get_main_user_fpr(PEP_SESSION session,
1261 const char* user_id,
1264 PEP_STATUS replace_main_user_fpr(PEP_SESSION session, const char* user_id,
1265 const char* new_fpr);
1267 PEP_STATUS refresh_userid_default_key(PEP_SESSION session, const char* user_id);
1269 // This ONLY sets the *user* flag, and creates a shell identity if necessary.
1270 PEP_STATUS set_as_pep_user(PEP_SESSION session, pEp_identity* user);
1272 // returns true (by reference) if a person with this user_id exists;
1273 // Also replaces aliased user_ids by defaults in identity.
1274 PEP_STATUS exists_person(PEP_SESSION session, pEp_identity* identity, bool* exists);
1276 PEP_STATUS set_pgp_keypair(PEP_SESSION session, const char* fpr);