src/cryptotech.h
author Edouard Tisserant
Mon, 25 Apr 2016 14:53:45 +0200
branchasync_key_management
changeset 539 c8a4c7b86064
parent 507 288496838ffb
child 701 331a6b3aaeab
permissions -rw-r--r--
This is Work in Progress branch for async key management.
- All DB operation altering identity, person, trust, pgp_keypair tables
are now serialized in key management thread.
- myself() returns immediately.
- Database is updated asynchronously, by key management thread.
- update_identity() and mysel() returned identity reflects input confronted
to informations immediately available in pEpEngine. Changes to DB are
applied later.
- confront_identity() is resposnible to selectively modify given identity
according to content of DB and keyrings but without changing pEp state.
It detects if confrontation resulted in some changes deserving to be
examined. It is called by update_identity() and myself() before queueing
identity to be examined by key management thread.
- Key management itself calls confront_identity() in order to detect and
mitigate concurrent conflicting operation on same identity.
- ensure_own_key() is also called by key management to deal with cases
where own identity key is inexistant, revoked or expired.
- examine_identity() as well as retrieve_next_identity() got their signature
updated, and adapters have to update. Those callbacks are now also used to
signal keymanagement activity to the app, thus avoiding app writer to poll
identity or message colors when waiting for long operation to complete
(i.e. key gen)
- Updated some SQL :
- Now address and user_id ar together primary key of identity.
- Use of still unused pgp_keypair.created column to mark own key pair
- Added sql_get_pgp_keypair_created
- Ensured consistant storage and comparing of fingerprints (spaces, case)
- Added sql_get_best_user as a (questionable) fallback for app
developper that would still not give identity.user_id after already having
already created a person for that identity/address.
- Changed mark_as_compromized into a more generic set_fpr_trust, with
comm_type given as a parameter, not anymore hard-coded in SQL statement.
- Added test to detect revoked key in pgp_netpgp.c + various minor fixes.
- Renamed key_compromized() to key_mistrusted()
     1 #pragma once
     2 
     3 #include "pEpEngine.h"
     4 
     5 typedef enum _PEP_cryptotech {
     6     PEP_crypt_none = 0,
     7     PEP_crypt_OpenPGP,
     8     //    PEP_ctypt_PEP,
     9     //    PEP_crypt_SMIME,
    10     //    PEP_crypt_CMS,
    11 
    12     PEP_crypt__count
    13 } PEP_cryptotech;
    14 
    15 typedef PEP_STATUS (*decrypt_and_verify_t)(
    16         PEP_SESSION session, const char *ctext, size_t csize,
    17         char **ptext, size_t *psize, stringlist_t **keylist
    18     );
    19 
    20 typedef PEP_STATUS (*verify_text_t)(
    21         PEP_SESSION session, const char *text, size_t size,
    22         const char *signature, size_t sig_size, stringlist_t **keylist
    23     );
    24 
    25 typedef PEP_STATUS (*encrypt_and_sign_t)(
    26         PEP_SESSION session, const stringlist_t *keylist, const char *ptext,
    27         size_t psize, char **ctext, size_t *csize
    28     );
    29 
    30 typedef PEP_STATUS (*delete_keypair_t)(PEP_SESSION session, const char *fpr);
    31 
    32 typedef PEP_STATUS (*export_key_t)(
    33         PEP_SESSION session, const char *fpr, char **key_data, size_t *size
    34     );
    35 
    36 typedef PEP_STATUS (*find_keys_t)(
    37         PEP_SESSION session, const char *pattern, stringlist_t **keylist
    38     );
    39 
    40 typedef PEP_STATUS (*generate_keypair_t)(
    41         PEP_SESSION session, pEp_identity *identity
    42     );
    43 
    44 typedef PEP_STATUS (*get_key_rating_t)(
    45         PEP_SESSION session,
    46         const char *fpr,
    47         PEP_comm_type *comm_type
    48     );
    49 
    50 typedef PEP_STATUS (*import_key_t)(PEP_SESSION session, const char *key_data,
    51         size_t size);
    52 
    53 typedef PEP_STATUS (*recv_key_t)(PEP_SESSION session, const char *pattern);
    54 
    55 typedef PEP_STATUS (*send_key_t)(PEP_SESSION session, const char *pattern);
    56 
    57 typedef PEP_STATUS (*renew_key_t)(PEP_SESSION session, const char *fpr,
    58         const timestamp *ts);
    59 
    60 typedef PEP_STATUS (*revoke_key_t)(PEP_SESSION session, const char *fpr,
    61         const char *reason);
    62 
    63 typedef PEP_STATUS (*key_expired_t)(PEP_SESSION session, const char *fpr,
    64         bool *expired);
    65 
    66 typedef PEP_STATUS (*key_revoked_t)(PEP_SESSION session, const char *fpr,
    67                                     bool *revoked);
    68 
    69 typedef PEP_STATUS (*binary_path_t)(const char **path);
    70 
    71 typedef struct _PEP_cryptotech_t {
    72     uint8_t id;
    73     // the following are default values; comm_type may vary with key length or b0rken crypto
    74     uint8_t unconfirmed_comm_type;
    75     uint8_t confirmed_comm_type;
    76     decrypt_and_verify_t decrypt_and_verify;
    77     verify_text_t verify_text;
    78     encrypt_and_sign_t encrypt_and_sign;
    79     delete_keypair_t delete_keypair;
    80     export_key_t export_key;
    81     find_keys_t find_keys;
    82     generate_keypair_t generate_keypair;
    83     get_key_rating_t get_key_rating;
    84     import_key_t import_key;
    85     recv_key_t recv_key;
    86     send_key_t send_key;
    87     renew_key_t renew_key;
    88     revoke_key_t revoke_key;
    89     key_expired_t key_expired;
    90     key_revoked_t key_revoked;
    91     binary_path_t binary_path;
    92 } PEP_cryptotech_t;
    93 
    94 extern PEP_cryptotech_t cryptotech[PEP_crypt__count];
    95 
    96 typedef uint64_t cryptotech_mask;
    97 
    98 PEP_STATUS init_cryptotech(PEP_SESSION session, bool in_first);
    99 void release_cryptotech(PEP_SESSION session, bool out_last);