ENGINE-294: basic code is in to remove blacklisting from anything but encrypt_message and outgoing_message_rating, but tests need to be extended, and have to switch to ENGINE-397 and fix that to keep the keyring clean. ENGINE-294
authorKrista Bennett <krista@pep-project.org>
Wed, 28 Feb 2018 12:24:48 +0100
branchENGINE-294
changeset 25483bfda8f2136e
parent 2547 f7c2c8840267
child 2549 5fc5d6be0b36
ENGINE-294: basic code is in to remove blacklisting from anything but encrypt_message and outgoing_message_rating, but tests need to be extended, and have to switch to ENGINE-397 and fix that to keep the keyring clean.
src/keymanagement.c
src/keymanagement.h
src/message_api.c
test/blacklist_accept_new_key_test.cc
test/blacklist_test.cc
     1.1 --- a/src/keymanagement.c	Wed Feb 28 10:31:50 2018 +0100
     1.2 +++ b/src/keymanagement.c	Wed Feb 28 12:24:48 2018 +0100
     1.3 @@ -43,7 +43,7 @@
     1.4  }
     1.5  
     1.6  PEP_STATUS elect_pubkey(
     1.7 -        PEP_SESSION session, pEp_identity * identity
     1.8 +        PEP_SESSION session, pEp_identity * identity, bool check_blacklist
     1.9      )
    1.10  {
    1.11      PEP_STATUS status;
    1.12 @@ -76,10 +76,10 @@
    1.13                  if (identity->comm_type == PEP_ct_unknown ||
    1.14                      _comm_type_key > identity->comm_type)
    1.15                  {
    1.16 -                    bool blacklisted;
    1.17 -                    bool mistrusted;
    1.18 +                    bool blacklisted = false;
    1.19 +                    bool mistrusted = false;
    1.20                      status = is_mistrusted_key(session, _keylist->value, &mistrusted);
    1.21 -                    if (status == PEP_STATUS_OK)
    1.22 +                    if (status == PEP_STATUS_OK && check_blacklist)
    1.23                          status = blacklist_is_listed(session, _keylist->value, &blacklisted);
    1.24                      if (status == PEP_STATUS_OK && !mistrusted && !blacklisted) {
    1.25                          identity->comm_type = _comm_type_key;
    1.26 @@ -106,7 +106,8 @@
    1.27  }
    1.28  
    1.29  static PEP_STATUS validate_fpr(PEP_SESSION session, 
    1.30 -                               pEp_identity* ident) {
    1.31 +                               pEp_identity* ident,
    1.32 +                               bool check_blacklist) {
    1.33      
    1.34      PEP_STATUS status = PEP_STATUS_OK;
    1.35      
    1.36 @@ -173,7 +174,7 @@
    1.37          if (status != PEP_STATUS_OK)
    1.38              return status;
    1.39  
    1.40 -        if ((ct | PEP_ct_confirmed) == PEP_ct_OpenPGP &&
    1.41 +        if (check_blacklist && (ct | PEP_ct_confirmed) == PEP_ct_OpenPGP &&
    1.42              !ident->me) {
    1.43              status = blacklist_is_listed(session, 
    1.44                                           fpr, 
    1.45 @@ -274,7 +275,8 @@
    1.46                           pEp_identity* stored_identity,
    1.47                           bool* is_identity_default,
    1.48                           bool* is_user_default,
    1.49 -                         bool* is_address_default) {
    1.50 +                         bool* is_address_default,
    1.51 +                         bool check_blacklist) {
    1.52      
    1.53      PEP_STATUS status = PEP_STATUS_OK;
    1.54  
    1.55 @@ -291,7 +293,7 @@
    1.56      // Input: stored identity retrieved from database
    1.57      // if stored identity contains a default key
    1.58      if (!EMPTYSTR(stored_fpr)) {
    1.59 -        status = validate_fpr(session, stored_identity);    
    1.60 +        status = validate_fpr(session, stored_identity, check_blacklist);    
    1.61          if (status == PEP_STATUS_OK && !EMPTYSTR(stored_identity->fpr)) {
    1.62              *is_identity_default = *is_address_default = true;
    1.63              return status;
    1.64 @@ -311,7 +313,7 @@
    1.65      if (!EMPTYSTR(user_fpr)) {             
    1.66          // There exists a default key for user, so validate
    1.67          stored_identity->fpr = user_fpr;
    1.68 -        status = validate_fpr(session, stored_identity);
    1.69 +        status = validate_fpr(session, stored_identity, check_blacklist);
    1.70          if (status == PEP_STATUS_OK && stored_identity->fpr) {
    1.71              *is_user_default = true;
    1.72              *is_address_default = key_matches_address(session, 
    1.73 @@ -325,10 +327,10 @@
    1.74          }
    1.75      }
    1.76      
    1.77 -    status = elect_pubkey(session, stored_identity);
    1.78 +    status = elect_pubkey(session, stored_identity, check_blacklist);
    1.79      if (status == PEP_STATUS_OK) {
    1.80          if (!EMPTYSTR(stored_identity->fpr))
    1.81 -            validate_fpr(session, stored_identity);
    1.82 +            validate_fpr(session, stored_identity, false); // blacklist already filtered of needed
    1.83      }    
    1.84      else if (status != PEP_KEY_NOT_FOUND && first_reject_status != PEP_KEY_NOT_FOUND) {
    1.85          first_reject_status = status;
    1.86 @@ -348,6 +350,11 @@
    1.87              stored_identity->comm_type = first_reject_comm_type;
    1.88              break;    
    1.89          default:
    1.90 +            if (check_blacklist && status == PEP_KEY_BLACKLISTED) {
    1.91 +                free(stored_identity->fpr);
    1.92 +                stored_identity->fpr = NULL;
    1.93 +                stored_identity->comm_type = PEP_ct_key_not_found;
    1.94 +            }
    1.95              break;
    1.96      }
    1.97      return status;
    1.98 @@ -398,7 +405,8 @@
    1.99      status = get_valid_pubkey(session, stored_ident,
   1.100                                  &is_identity_default,
   1.101                                  &is_user_default,
   1.102 -                                &is_address_default);
   1.103 +                                &is_address_default,
   1.104 +                              false);
   1.105                                  
   1.106      if (status == PEP_STATUS_OK && stored_ident->fpr && *(stored_ident->fpr) != '\0') {
   1.107      // set identity comm_type from trust db (user_id, FPR)
   1.108 @@ -599,7 +607,7 @@
   1.109              //      (this is the input id without the fpr + comm type!)
   1.110  
   1.111              if (status == PEP_STATUS_OK) {
   1.112 -                elect_pubkey(session, identity);
   1.113 +                elect_pubkey(session, identity, false);
   1.114              }
   1.115                          
   1.116              //    * We've already checked and retrieved
   1.117 @@ -694,7 +702,7 @@
   1.118                  //      any applicable temporary identities above. If we're 
   1.119                  //      here, none of them fit.
   1.120                  
   1.121 -                status = elect_pubkey(session, identity);
   1.122 +                status = elect_pubkey(session, identity, false);
   1.123                               
   1.124                  //    * call set_identity() to store
   1.125                  if (identity->fpr)
   1.126 @@ -762,7 +770,7 @@
   1.127              identity->fpr = NULL;
   1.128              identity->comm_type = PEP_ct_unknown;
   1.129  
   1.130 -            status = elect_pubkey(session, identity);
   1.131 +            status = elect_pubkey(session, identity, false);
   1.132                           
   1.133              if (identity->fpr)
   1.134                  status = get_key_rating(session, identity->fpr, &identity->comm_type);
   1.135 @@ -962,7 +970,7 @@
   1.136      // check stored identity
   1.137      if (stored_identity && !EMPTYSTR(stored_identity->fpr)) {
   1.138          // Fall back / retrieve
   1.139 -        status = validate_fpr(session, stored_identity);
   1.140 +        status = validate_fpr(session, stored_identity, false);
   1.141          if (status == PEP_OUT_OF_MEMORY)
   1.142              goto pep_free;
   1.143          if (status == PEP_STATUS_OK) {
   1.144 @@ -1355,7 +1363,7 @@
   1.145  
   1.146      // First, set up a temp trusted identity for the input fpr without a comm type;
   1.147      tmp_id = new_identity(ident->address, ident->fpr, ident->user_id, NULL);
   1.148 -    status = validate_fpr(session, tmp_id);
   1.149 +    status = validate_fpr(session, tmp_id, false);
   1.150          
   1.151      if (status == PEP_STATUS_OK) {
   1.152          // Validate fpr gets trust DB or, when that fails, key comm type. we checked
   1.153 @@ -1414,7 +1422,7 @@
   1.154                      if (!tmp_user_ident)
   1.155                          status = PEP_OUT_OF_MEMORY;
   1.156                      else {
   1.157 -                        status = validate_fpr(session, tmp_user_ident);
   1.158 +                        status = validate_fpr(session, tmp_user_ident, false);
   1.159                          
   1.160                          if (status != PEP_STATUS_OK ||
   1.161                              tmp_user_ident->comm_type < PEP_ct_strong_but_unconfirmed ||
   1.162 @@ -1678,7 +1686,7 @@
   1.163      if (!me->fpr)
   1.164          return PEP_OUT_OF_MEMORY;
   1.165  
   1.166 -    status = validate_fpr(session, me);
   1.167 +    status = validate_fpr(session, me, false);
   1.168      if (status)
   1.169          return status;
   1.170  
   1.171 @@ -1869,4 +1877,3 @@
   1.172      return status;
   1.173  }
   1.174  #endif // USE_GPG
   1.175 -
     2.1 --- a/src/keymanagement.h	Wed Feb 28 10:31:50 2018 +0100
     2.2 +++ b/src/keymanagement.h	Wed Feb 28 12:24:48 2018 +0100
     2.3 @@ -364,6 +364,16 @@
     2.4  PEP_STATUS delete_mistrusted_key(PEP_SESSION session, const char* fpr);
     2.5  PEP_STATUS is_mistrusted_key(PEP_SESSION session, const char* fpr, bool* mistrusted);
     2.6  
     2.7 +// Only call on retrieval of previously stored identity!
     2.8 +// Also, we presume that if the stored_identity was sent in
     2.9 +// without an fpr, there wasn't one in the trust DB for this
    2.10 +// identity.
    2.11 +PEP_STATUS get_valid_pubkey(PEP_SESSION session,
    2.12 +                            pEp_identity* stored_identity,
    2.13 +                            bool* is_identity_default,
    2.14 +                            bool* is_user_default,
    2.15 +                            bool* is_address_default,
    2.16 +                            bool check_blacklist);
    2.17  
    2.18  #ifdef __cplusplus
    2.19  }
     3.1 --- a/src/message_api.c	Wed Feb 28 10:31:50 2018 +0100
     3.2 +++ b/src/message_api.c	Wed Feb 28 12:24:48 2018 +0100
     3.3 @@ -6,6 +6,7 @@
     3.4  
     3.5  #include "platform.h"
     3.6  #include "mime.h"
     3.7 +#include "blacklist.h"
     3.8  
     3.9  #include <assert.h>
    3.10  #include <string.h>
    3.11 @@ -1533,6 +1534,26 @@
    3.12                  _il->ident->comm_type = PEP_ct_key_not_found;
    3.13                  _status = PEP_STATUS_OK;
    3.14              }
    3.15 +            bool is_blacklisted = false;
    3.16 +            if (_il->ident->fpr) {
    3.17 +                _status = blacklist_is_listed(session, _il->ident->fpr, &is_blacklisted);
    3.18 +                if (_status != PEP_STATUS_OK) {
    3.19 +                    // DB error
    3.20 +                    status = PEP_UNENCRYPTED;
    3.21 +                    goto pep_error;
    3.22 +                }
    3.23 +                if (is_blacklisted) {
    3.24 +                    bool user_default, ident_default, address_default; 
    3.25 +                    _status = get_valid_pubkey(session, _il->ident,
    3.26 +                                               &ident_default, &user_default,
    3.27 +                                               &address_default,
    3.28 +                                               true);
    3.29 +                    if (_status != PEP_STATUS_OK || _il->ident->fpr == NULL) {
    3.30 +                        _il->ident->comm_type = PEP_ct_key_not_found;
    3.31 +                        _status = PEP_STATUS_OK;                        
    3.32 +                    }
    3.33 +                }    
    3.34 +            }
    3.35              if (!has_pep_user && !EMPTYSTR(_il->ident->user_id))
    3.36                  is_pep_user(session, _il->ident, &has_pep_user);
    3.37          }
    3.38 @@ -1565,6 +1586,26 @@
    3.39                      _il->ident->comm_type = PEP_ct_key_not_found;
    3.40                      _status = PEP_STATUS_OK;
    3.41                  }
    3.42 +                bool is_blacklisted = false;
    3.43 +                if (_il->ident->fpr) {
    3.44 +                    _status = blacklist_is_listed(session, _il->ident->fpr, &is_blacklisted);
    3.45 +                    if (_status != PEP_STATUS_OK) {
    3.46 +                        // DB error
    3.47 +                        status = PEP_UNENCRYPTED;
    3.48 +                        goto pep_error;
    3.49 +                    }
    3.50 +                    if (is_blacklisted) {
    3.51 +                        bool user_default, ident_default, address_default; 
    3.52 +                        _status = get_valid_pubkey(session, _il->ident,
    3.53 +                                                   &ident_default, &user_default,
    3.54 +                                                   &address_default,
    3.55 +                                                   true);
    3.56 +                        if (_status != PEP_STATUS_OK || _il->ident->fpr == NULL) {
    3.57 +                            _il->ident->comm_type = PEP_ct_key_not_found;
    3.58 +                            _status = PEP_STATUS_OK;                        
    3.59 +                        }
    3.60 +                    }    
    3.61 +                }
    3.62                  if (!has_pep_user && !EMPTYSTR(_il->ident->user_id))
    3.63                      is_pep_user(session, _il->ident, &has_pep_user);
    3.64              }
    3.65 @@ -1596,6 +1637,26 @@
    3.66                      _il->ident->comm_type = PEP_ct_key_not_found;
    3.67                      _status = PEP_STATUS_OK;
    3.68                  }
    3.69 +                bool is_blacklisted = false;
    3.70 +                if (_il->ident->fpr) {
    3.71 +                    _status = blacklist_is_listed(session, _il->ident->fpr, &is_blacklisted);
    3.72 +                    if (_status != PEP_STATUS_OK) {
    3.73 +                        // DB error
    3.74 +                        status = PEP_UNENCRYPTED;
    3.75 +                        goto pep_error;
    3.76 +                    }
    3.77 +                    if (is_blacklisted) {
    3.78 +                        bool user_default, ident_default, address_default; 
    3.79 +                        _status = get_valid_pubkey(session, _il->ident,
    3.80 +                                                   &ident_default, &user_default,
    3.81 +                                                   &address_default,
    3.82 +                                                   true);
    3.83 +                        if (_status != PEP_STATUS_OK || _il->ident->fpr == NULL) {
    3.84 +                            _il->ident->comm_type = PEP_ct_key_not_found;
    3.85 +                            _status = PEP_STATUS_OK;                        
    3.86 +                        }
    3.87 +                    }    
    3.88 +                }
    3.89                  if (!has_pep_user && !EMPTYSTR(_il->ident->user_id))
    3.90                      is_pep_user(session, _il->ident, &has_pep_user);
    3.91              }
    3.92 @@ -2919,7 +2980,22 @@
    3.93                  status = update_identity(session, il->ident);
    3.94              else
    3.95                  status = myself(session, il->ident);
    3.96 -                
    3.97 +            
    3.98 +            bool is_blacklisted = false;
    3.99 +            if (il->ident->fpr) {
   3.100 +                status = blacklist_is_listed(session, il->ident->fpr, &is_blacklisted);
   3.101 +                if (is_blacklisted) {
   3.102 +                    bool user_default, ident_default, address_default; 
   3.103 +                    status = get_valid_pubkey(session, il->ident,
   3.104 +                                              &ident_default, &user_default,
   3.105 +                                              &address_default,
   3.106 +                                              true);
   3.107 +                    if (status != PEP_STATUS_OK || il->ident->fpr == NULL) {
   3.108 +                        il->ident->comm_type = PEP_ct_key_not_found;
   3.109 +                    }
   3.110 +                }    
   3.111 +            }
   3.112 +    
   3.113              // check for the return statuses which might not a representative
   3.114              // value in the comm_type
   3.115              if (status == PEP_ILLEGAL_VALUE || status == PEP_CANNOT_SET_PERSON ||
     4.1 --- a/test/blacklist_accept_new_key_test.cc	Wed Feb 28 10:31:50 2018 +0100
     4.2 +++ b/test/blacklist_accept_new_key_test.cc	Wed Feb 28 12:24:48 2018 +0100
     4.3 @@ -48,7 +48,20 @@
     4.4      PEP_STATUS status8 = update_identity(session, blacklisted_identity);
     4.5      PEP_STATUS status9 = blacklist_add(session, bl_fpr_1);
     4.6      PEP_STATUS status10 = blacklist_is_listed(session, bl_fpr_1, &is_blacklisted);
     4.7 +    assert(is_blacklisted);
     4.8      PEP_STATUS status11 = update_identity(session, blacklisted_identity);
     4.9 +    assert(status11 == PEP_KEY_BLACKLISTED);
    4.10 +    assert(_streq(bl_fpr_1, blacklisted_identity->fpr));
    4.11 +    
    4.12 +    bool id_def, us_def, addr_def;
    4.13 +    status11 = get_valid_pubkey(session, blacklisted_identity,
    4.14 +                                &id_def, &us_def, &addr_def, true);
    4.15 +    if (!(blacklisted_identity->fpr))
    4.16 +        cout << "OK! blacklisted_identity->fpr is empty. Yay!" << endl;
    4.17 +    else
    4.18 +        cout << "Not OK. blacklisted_identity->fpr is " << blacklisted_identity->fpr << "." << endl
    4.19 +             << "Expected it to be empty." << endl;
    4.20 +    assert(!(blacklisted_identity->fpr) || blacklisted_identity->fpr[0] == '\0');
    4.21  
    4.22      /* identity is blacklisted. Now let's read in a message which contains a new key for that ID. */
    4.23      
    4.24 @@ -67,7 +80,8 @@
    4.25      assert(status == PEP_STATUS_OK);
    4.26      status = decrypt_message(session, msg_ptr, &dest_msg, &keylist, &rating, &flags);
    4.27  
    4.28 -    PEP_STATUS status12 = update_identity(session, blacklisted_identity);
    4.29 +    PEP_STATUS status12 = get_valid_pubkey(session, blacklisted_identity,
    4.30 +                                           &id_def, &us_def, &addr_def, true);
    4.31  
    4.32      assert(strcasecmp(blacklisted_identity->fpr, new_key) == 0);
    4.33  
     5.1 --- a/test/blacklist_test.cc	Wed Feb 28 10:31:50 2018 +0100
     5.2 +++ b/test/blacklist_test.cc	Wed Feb 28 12:24:48 2018 +0100
     5.3 @@ -92,7 +92,7 @@
     5.4                                                        "Blacklist Keypair");
     5.5  
     5.6      PEP_STATUS status8 = update_identity(session, blacklisted_identity);
     5.7 -    
     5.8 +        
     5.9      // THERE IS NO BLACKLISTING OF PEP KEYS
    5.10      //blacklisted_identity->comm_type = PEP_ct_pEp;
    5.11      blacklisted_identity->comm_type = PEP_ct_OpenPGP_unconfirmed;
    5.12 @@ -108,6 +108,15 @@
    5.13      PEP_STATUS status9 = blacklist_add(session, bl_fpr_1);
    5.14      status10 = blacklist_is_listed(session, bl_fpr_1, &is_blacklisted);
    5.15      PEP_STATUS status11 = update_identity(session, blacklisted_identity);
    5.16 +    /* new!!! */
    5.17 +    assert(is_blacklisted);
    5.18 +    assert(status11 == PEP_KEY_BLACKLISTED);
    5.19 +    assert(_streq(bl_fpr_1, blacklisted_identity->fpr));
    5.20 +    
    5.21 +    bool id_def, us_def, addr_def;
    5.22 +    status11 = get_valid_pubkey(session, blacklisted_identity,
    5.23 +                                &id_def, &us_def, &addr_def, true);
    5.24 +    
    5.25      if (!(blacklisted_identity->fpr))
    5.26          cout << "OK! blacklisted_identity->fpr is empty. Yay!" << endl;
    5.27      else if (strcmp(blacklisted_identity->fpr, bl_fpr_2) == 0)
    5.28 @@ -120,7 +129,6 @@
    5.29               << "Expected it to be empty or (possibly) " << bl_fpr_2 << endl;
    5.30      assert(!(blacklisted_identity->fpr) || blacklisted_identity->fpr[0] == '\0'|| (strcmp(blacklisted_identity->fpr, bl_fpr_2) == 0));
    5.31  
    5.32 -
    5.33      const string keytext2 = slurp("blacklisted_pub2.asc");
    5.34      PEP_STATUS status14 = import_key(session, keytext2.c_str(), keytext2.length(), NULL);
    5.35      
    5.36 @@ -129,25 +137,25 @@
    5.37                                                          NULL,
    5.38                                                         "Blacklist Keypair");
    5.39      PEP_STATUS status15 = update_identity(session, blacklisted_identity2);
    5.40 -
    5.41 -    assert(blacklisted_identity2->fpr && strcmp(blacklisted_identity2->fpr, bl_fpr_2) == 0);
    5.42 -    if (blacklisted_identity2->fpr && strcmp(blacklisted_identity2->fpr, bl_fpr_2) == 0)
    5.43 -        cout << "blacklisted identity's fpr successfully replaced by the unblacklisted one" << endl;
    5.44 -    // else
    5.45 -    //     cout << "blacklisted_identity->fpr should be " << bl_fpr_2 << " but is " << blacklisted_identity->fpr << endl;
    5.46 -    
    5.47 -    PEP_STATUS status12 = blacklist_delete(session, bl_fpr_1);
    5.48 -    PEP_STATUS status13 = update_identity(session, blacklisted_identity);
    5.49 -        
    5.50 -    pEp_identity* stored_identity = new_identity("blacklistedkeys@kgrothoff.org",
    5.51 -                                                  NULL,
    5.52 -                                                  blacklisted_identity->user_id,
    5.53 -                                                  "Blacklist Keypair");
    5.54 -     
    5.55 -    PEP_STATUS status00 = update_identity(session, stored_identity);
    5.56 -    
    5.57 -    // FIXME
    5.58 -    // assert(stored_identity->comm_type == PEP_ct_pEp);    
    5.59 +    // 
    5.60 +    // assert(blacklisted_identity2->fpr && strcmp(blacklisted_identity2->fpr, bl_fpr_2) == 0);
    5.61 +    // if (blacklisted_identity2->fpr && strcmp(blacklisted_identity2->fpr, bl_fpr_2) == 0)
    5.62 +    //     cout << "blacklisted identity's fpr successfully replaced by the unblacklisted one" << endl;
    5.63 +    // // else
    5.64 +    // //     cout << "blacklisted_identity->fpr should be " << bl_fpr_2 << " but is " << blacklisted_identity->fpr << endl;
    5.65 +    // 
    5.66 +    // PEP_STATUS status12 = blacklist_delete(session, bl_fpr_1);
    5.67 +    // PEP_STATUS status13 = update_identity(session, blacklisted_identity);
    5.68 +    //     
    5.69 +    // pEp_identity* stored_identity = new_identity("blacklistedkeys@kgrothoff.org",
    5.70 +    //                                               NULL,
    5.71 +    //                                               blacklisted_identity->user_id,
    5.72 +    //                                               "Blacklist Keypair");
    5.73 +    //  
    5.74 +    // PEP_STATUS status00 = update_identity(session, stored_identity);
    5.75 +    // 
    5.76 +    // // FIXME
    5.77 +    // // assert(stored_identity->comm_type == PEP_ct_pEp);    
    5.78      
    5.79      PEP_STATUS status16 = delete_keypair(session, bl_fpr_1);
    5.80      update_identity(session, blacklisted_identity);