Added rovoked_keys SQL table and C getter and setter.
authorEdouard Tisserant
Sat, 28 May 2016 15:42:49 +0200
changeset 69345ac944f2b2e
parent 689 bce702a2bfa0
child 694 7e236f95f1e4
Added rovoked_keys SQL table and C getter and setter.
src/pEpEngine.c
src/pEpEngine.h
src/pEp_internal.h
     1.1 --- a/src/pEpEngine.c	Fri May 27 11:46:24 2016 +0200
     1.2 +++ b/src/pEpEngine.c	Sat May 28 15:42:49 2016 +0200
     1.3 @@ -34,9 +34,14 @@
     1.4      static const char *sql_own_key_is_listed;
     1.5      static const char *sql_own_key_retrieve;
     1.6  
     1.7 +    // Sequence
     1.8      static const char *sql_sequence_value1;
     1.9      static const char *sql_sequence_value2;
    1.10  
    1.11 +    // Revocation tracking
    1.12 +    static const char *sql_set_revoked;
    1.13 +    static const char *sql_get_revoked;
    1.14 +    
    1.15      bool in_first = false;
    1.16  
    1.17      assert(sqlite3_threadsafe());
    1.18 @@ -177,6 +182,13 @@
    1.19                  "   name text primary key,\n"
    1.20                  "   value integer default 0\n"
    1.21                  ");\n"
    1.22 +                "create table if not exists revoked_keys (\n"
    1.23 +                "   revoked_fpr text primary key,\n"
    1.24 +                "   replacement_fpr text not null\n"
    1.25 +                "       references pgp_keypair (fpr)\n"
    1.26 +                "       on delete cascade,\n"
    1.27 +                "   revocation_date integer\n"
    1.28 +                ");\n"
    1.29                  ,
    1.30              NULL,
    1.31              NULL,
    1.32 @@ -275,6 +287,15 @@
    1.33                                "(select coalesce((select value + 1 from sequences "
    1.34                                "where name = ?1), 1 ))) ; ";
    1.35          sql_sequence_value2 = "select value from sequences where name = ?1 ;";
    1.36 +        
    1.37 +        sql_set_revoked =     "insert or replace into revoked_keys ("
    1.38 +                              "    revoked_fpr, replacement_fpr, revocation_date) "
    1.39 +                              "values (upper(replace(?1,' ','')),"
    1.40 +                              "        upper(replace(?2,' ','')),"
    1.41 +                              "        ?3) ;";
    1.42 +        
    1.43 +        sql_get_revoked =     "select revoked_fpr, revocation_date from revoked_keys"
    1.44 +                              "    where replacement_fpr = upper(replace(?1,' ','')) ;";
    1.45      }
    1.46  
    1.47      int_result = sqlite3_prepare_v2(_session->db, sql_log, (int)strlen(sql_log),
    1.48 @@ -367,6 +388,16 @@
    1.49              (int)strlen(sql_sequence_value2), &_session->sequence_value2, NULL);
    1.50      assert(int_result == SQLITE_OK);
    1.51  
    1.52 +    // Revocation tracking
    1.53 +    
    1.54 +    int_result = sqlite3_prepare_v2(_session->db, sql_set_revoked,
    1.55 +                                    (int)strlen(sql_set_revoked), &_session->set_revoked, NULL);
    1.56 +    assert(int_result == SQLITE_OK);
    1.57 +    
    1.58 +    int_result = sqlite3_prepare_v2(_session->db, sql_get_revoked,
    1.59 +                                    (int)strlen(sql_get_revoked), &_session->get_revoked, NULL);
    1.60 +    assert(int_result == SQLITE_OK);
    1.61 +    
    1.62      status = init_cryptotech(_session, in_first);
    1.63      if (status != PEP_STATUS_OK)
    1.64          goto pep_error;
    1.65 @@ -552,7 +583,7 @@
    1.66          if (*word)
    1.67              *wsize = sqlite3_column_bytes(session->trustword, 1);
    1.68          else
    1.69 -            status = PEP_TRUSTWORD_NOT_FOUND;
    1.70 +            status = PEP_OUT_OF_MEMORY;
    1.71      } else
    1.72          status = PEP_TRUSTWORD_NOT_FOUND;
    1.73  
    1.74 @@ -1473,6 +1504,95 @@
    1.75      return status;
    1.76  }
    1.77  
    1.78 +DYNAMIC_API PEP_STATUS set_revoked(
    1.79 +       PEP_SESSION session,
    1.80 +       const char *revoked_fpr,
    1.81 +       const char *replacement_fpr,
    1.82 +       const uint64_t revocation_date
    1.83 +    )
    1.84 +{
    1.85 +    PEP_STATUS status = PEP_STATUS_OK;
    1.86 +    
    1.87 +    assert(session &&
    1.88 +           revoked_fpr && revoked_fpr[0] &&
    1.89 +           replacement_fpr && replacement_fpr[0]
    1.90 +          );
    1.91 +    
    1.92 +    if (!(session &&
    1.93 +          revoked_fpr && revoked_fpr[0] &&
    1.94 +          replacement_fpr && replacement_fpr[0]
    1.95 +         ))
    1.96 +        return PEP_ILLEGAL_VALUE;
    1.97 +    
    1.98 +    sqlite3_reset(session->set_revoked);
    1.99 +    sqlite3_bind_text(session->set_revoked, 1, revoked_fpr, -1, SQLITE_STATIC);
   1.100 +    sqlite3_bind_text(session->set_revoked, 2, replacement_fpr, -1, SQLITE_STATIC);
   1.101 +    sqlite3_bind_int64(session->set_revoked, 3, revocation_date);
   1.102 +
   1.103 +    int result;
   1.104 +    
   1.105 +    result = sqlite3_step(session->set_revoked);
   1.106 +    switch (result) {
   1.107 +        case SQLITE_DONE:
   1.108 +            status = PEP_STATUS_OK;
   1.109 +            break;
   1.110 +            
   1.111 +        default:
   1.112 +            status = PEP_UNKNOWN_ERROR;
   1.113 +    }
   1.114 +    
   1.115 +    sqlite3_reset(session->set_revoked);
   1.116 +    return status;
   1.117 +}
   1.118 +
   1.119 +DYNAMIC_API PEP_STATUS get_revoked(
   1.120 +        PEP_SESSION session,
   1.121 +        const char *fpr,
   1.122 +        char **revoked_fpr,
   1.123 +        uint64_t *revocation_date
   1.124 +    )
   1.125 +{
   1.126 +    PEP_STATUS status = PEP_STATUS_OK;
   1.127 +
   1.128 +    assert(session &&
   1.129 +           revoked_fpr &&
   1.130 +           fpr && fpr[0]
   1.131 +          );
   1.132 +    
   1.133 +    if (!(session &&
   1.134 +           revoked_fpr &&
   1.135 +           fpr && fpr[0]
   1.136 +          ))
   1.137 +        return PEP_ILLEGAL_VALUE;
   1.138 +
   1.139 +    *revoked_fpr = NULL;
   1.140 +    *revocation_date = 0;
   1.141 +
   1.142 +    sqlite3_reset(session->get_revoked);
   1.143 +    sqlite3_bind_text(session->get_revoked, 1, fpr, -1, SQLITE_STATIC);
   1.144 +
   1.145 +    int result;
   1.146 +    
   1.147 +    result = sqlite3_step(session->get_revoked);
   1.148 +    switch (result) {
   1.149 +        case SQLITE_ROW: {
   1.150 +            *revoked_fpr = strdup((const char *) sqlite3_column_text(session->get_revoked, 0));
   1.151 +            if(*revoked_fpr)
   1.152 +                *revocation_date = sqlite3_column_int64(session->get_revoked, 1);
   1.153 +            else
   1.154 +                status = PEP_OUT_OF_MEMORY;
   1.155 +
   1.156 +            break;
   1.157 +        }
   1.158 +        default:
   1.159 +            status = PEP_CANNOT_FIND_IDENTITY;
   1.160 +    }
   1.161 +
   1.162 +    sqlite3_reset(session->get_revoked);
   1.163 +
   1.164 +    return status;
   1.165 +}
   1.166 +
   1.167  DYNAMIC_API PEP_STATUS reset_peptest_hack(PEP_SESSION session)
   1.168  {
   1.169      assert(session);
     2.1 --- a/src/pEpEngine.h	Fri May 27 11:46:24 2016 +0200
     2.2 +++ b/src/pEpEngine.h	Sat May 28 15:42:49 2016 +0200
     2.3 @@ -781,6 +781,20 @@
     2.4          int32_t *value
     2.5      );
     2.6  
     2.7 +DYNAMIC_API PEP_STATUS set_revoked(
     2.8 +       PEP_SESSION session,
     2.9 +       const char *revoked_fpr,
    2.10 +       const char *replacement_fpr,
    2.11 +       const uint64_t revocation_date
    2.12 +    );
    2.13 +
    2.14 +DYNAMIC_API PEP_STATUS get_revoked(
    2.15 +        PEP_SESSION session,
    2.16 +        const char *fpr,
    2.17 +        char **revoked_fpr,
    2.18 +        uint64_t *revocation_date
    2.19 +    );
    2.20 +
    2.21  
    2.22  DYNAMIC_API PEP_STATUS reset_peptest_hack(PEP_SESSION session);
    2.23  
     3.1 --- a/src/pEp_internal.h	Fri May 27 11:46:24 2016 +0200
     3.2 +++ b/src/pEp_internal.h	Sat May 28 15:42:49 2016 +0200
     3.3 @@ -115,7 +115,11 @@
     3.4      sqlite3_stmt *sequence_value1;
     3.5      sqlite3_stmt *sequence_value2;
     3.6  
     3.7 -    // callbacks   
     3.8 +    // sequence value
     3.9 +    sqlite3_stmt *set_revoked;
    3.10 +    sqlite3_stmt *get_revoked;
    3.11 +
    3.12 +    // callbacks
    3.13      examine_identity_t examine_identity;
    3.14      void *examine_management;
    3.15      void *sync_obj;