1.1 --- a/src/key_reset.c Thu Jan 09 09:19:36 2020 +0100
1.2 +++ b/src/key_reset.c Thu Jan 09 22:02:58 2020 +0100
1.3 @@ -895,96 +895,94 @@
1.4
1.5 if (is_own_private) {
1.6
1.7 - // If there's no address, we want to reset this key for every identity
1.8 - // it's a part of. Since this means generating new keys, we have to
1.9 - // grab all the identities associated with it.
1.10 - if (EMPTYSTR(tmp_ident->address)) {
1.11 - status = get_identities_by_main_key_id(session, fpr_copy, &key_idents);
1.12 -
1.13 - if (status != PEP_CANNOT_FIND_IDENTITY) {
1.14 - if (status == PEP_STATUS_OK) {
1.15 - // now have ident list, or should
1.16 - identity_list* curr_ident;
1.17 + // This is now the "is_own" base case - we don't do this
1.18 + // per-identity, because all identities using this key will
1.19 + // need new ones. That said, this is really only a problem
1.20 + // with manual key management, something which we only support
1.21 + // to a limited extent in any event.
1.22 +
1.23 + bool is_grouped = false;
1.24 + status = deviceGrouped(session, &is_grouped);
1.25 +
1.26 + // Regardless of the single identity this is for, for own keys, we do this
1.27 + // for all keys associated with the identity.
1.28 + status = get_identities_by_main_key_id(session, fpr_copy, &key_idents);
1.29 +
1.30 + if (status != PEP_CANNOT_FIND_IDENTITY) {
1.31 + if (is_grouped)
1.32 + status = _key_reset_device_group_for_shared_key(session, key_idents, fpr_copy);
1.33 + else if (status == PEP_STATUS_OK) {
1.34 + // now have ident list, or should
1.35 + identity_list* curr_ident;
1.36
1.37 - bool is_grouped = false;
1.38 - if (!deviceGrouped(session, &is_grouped)) {
1.39 - for (curr_ident = key_idents; curr_ident && curr_ident->ident;
1.40 - curr_ident = curr_ident->next) {
1.41 -
1.42 - pEp_identity* this_identity = curr_ident->ident;
1.43 - // Do the full reset on this identity
1.44 - status = key_reset(session, fpr_copy, this_identity);
1.45 -
1.46 - // Ident list gets freed below, do not free here!
1.47 + for (curr_ident = key_idents; curr_ident && curr_ident->ident;
1.48 + curr_ident = curr_ident->next) {
1.49 +
1.50 + pEp_identity* this_identity = curr_ident->ident;
1.51 +
1.52 + // Do the full reset on this identity
1.53 + // Base case for is_own_private starts here
1.54 + // tmp ident is an actual identity now (not just a skeleton?)
1.55 + status = revoke_key(session, fpr_copy, NULL);
1.56 +
1.57 + // If we have a full identity, we have some cleanup and generation tasks here
1.58 + if (!EMPTYSTR(tmp_ident->address)) {
1.59 + // generate new key
1.60 + if (status == PEP_STATUS_OK) {
1.61 + tmp_ident->fpr = NULL;
1.62 + status = myself(session, tmp_ident);
1.63 }
1.64 - }
1.65 - else {
1.66 - status = _key_reset_device_group_for_shared_key(session, key_idents, fpr_copy); }
1.67 + if (status == PEP_STATUS_OK && tmp_ident->fpr && strcmp(fpr_copy, tmp_ident->fpr) != 0)
1.68 + new_key = strdup(tmp_ident->fpr);
1.69 + // Error handling?
1.70 +
1.71 + // mistrust fpr from trust
1.72 + tmp_ident->fpr = fpr_copy;
1.73 +
1.74 + tmp_ident->comm_type = PEP_ct_mistrusted;
1.75 + status = set_trust(session, tmp_ident);
1.76 + tmp_ident->fpr = NULL;
1.77 +
1.78 + // Done with old use of ident.
1.79 + if (status == PEP_STATUS_OK) {
1.80 + // Update fpr for outgoing
1.81 + status = myself(session, tmp_ident);
1.82 + }
1.83 + }
1.84 +
1.85 + if (status == PEP_STATUS_OK)
1.86 + // cascade that mistrust for anyone using this key
1.87 + status = mark_as_compromised(session, fpr_copy);
1.88 +
1.89 + if (status == PEP_STATUS_OK)
1.90 + status = remove_fpr_as_default(session, fpr_copy);
1.91 + if (status == PEP_STATUS_OK)
1.92 + status = add_mistrusted_key(session, fpr_copy);
1.93 +
1.94 + // If there's a new key, do the DB linkage with the revoked one, and
1.95 + // send the key reset mail opportunistically to recently contacted
1.96 + // partners
1.97 + if (new_key) {
1.98 + // add to revocation list
1.99 + if (status == PEP_STATUS_OK)
1.100 + status = set_revoked(session, fpr_copy, new_key, time(NULL));
1.101 + // for all active communication partners:
1.102 + // active_send revocation
1.103 +
1.104 + tmp_ident->fpr = fpr_copy;
1.105 + if (status == PEP_STATUS_OK)
1.106 + status = send_key_reset_to_recents(session, tmp_ident, fpr_copy, new_key);
1.107 + tmp_ident->fpr = NULL;
1.108 + }
1.109 + // Ident list gets freed below, do not free here!
1.110 }
1.111 - // Ok, we've either now reset for each own identity with this key, or
1.112 - // we got an error and want to bail anyway.
1.113 - goto pEp_free;
1.114 }
1.115 - else
1.116 - return PEP_CANNOT_FIND_IDENTITY;
1.117 + // Ok, we've either now reset for each own identity with this key, or
1.118 + // we got an error and want to bail anyway.
1.119 + goto pEp_free;
1.120 }
1.121 -
1.122 -
1.123 - // Ok, first we generate a new key.
1.124 -
1.125 - // Base case for is_own_private starts here
1.126 - // tmp ident is an actual identity now (not just a skeleton?)
1.127 - status = revoke_key(session, fpr_copy, NULL);
1.128 -
1.129 - // If we have a full identity, we have some cleanup and generation tasks here
1.130 - if (!EMPTYSTR(tmp_ident->address)) {
1.131 - // generate new key
1.132 - if (status == PEP_STATUS_OK) {
1.133 - tmp_ident->fpr = NULL;
1.134 - status = myself(session, tmp_ident);
1.135 - }
1.136 - if (status == PEP_STATUS_OK && tmp_ident->fpr && strcmp(fpr_copy, tmp_ident->fpr) != 0)
1.137 - new_key = strdup(tmp_ident->fpr);
1.138 - // Error handling?
1.139 -
1.140 - // mistrust fpr from trust
1.141 - tmp_ident->fpr = fpr_copy;
1.142 -
1.143 - tmp_ident->comm_type = PEP_ct_mistrusted;
1.144 - status = set_trust(session, tmp_ident);
1.145 - tmp_ident->fpr = NULL;
1.146 -
1.147 - // Done with old use of ident.
1.148 - if (status == PEP_STATUS_OK) {
1.149 - // Update fpr for outgoing
1.150 - status = myself(session, tmp_ident);
1.151 - }
1.152 - }
1.153 -
1.154 - if (status == PEP_STATUS_OK)
1.155 - // cascade that mistrust for anyone using this key
1.156 - status = mark_as_compromised(session, fpr_copy);
1.157 -
1.158 - if (status == PEP_STATUS_OK)
1.159 - status = remove_fpr_as_default(session, fpr_copy);
1.160 - if (status == PEP_STATUS_OK)
1.161 - status = add_mistrusted_key(session, fpr_copy);
1.162 -
1.163 - // If there's a new key, do the DB linkage with the revoked one, and
1.164 - // send the key reset mail opportunistically to recently contacted
1.165 - // partners
1.166 - if (new_key) {
1.167 - // add to revocation list
1.168 - if (status == PEP_STATUS_OK)
1.169 - status = set_revoked(session, fpr_copy, new_key, time(NULL));
1.170 - // for all active communication partners:
1.171 - // active_send revocation
1.172 -
1.173 - tmp_ident->fpr = fpr_copy;
1.174 - if (status == PEP_STATUS_OK)
1.175 - status = send_key_reset_to_recents(session, tmp_ident, fpr_copy, new_key);
1.176 - tmp_ident->fpr = NULL;
1.177 - }
1.178 + else
1.179 + return PEP_CANNOT_FIND_IDENTITY;
1.180 } // end is_own_private
1.181 else {
1.182 // if it's mistrusted, make it not be so.
2.1 --- a/test/src/KeyResetMessageTest.cc Thu Jan 09 09:19:36 2020 +0100
2.2 +++ b/test/src/KeyResetMessageTest.cc Thu Jan 09 22:02:58 2020 +0100
2.3 @@ -622,6 +622,30 @@
2.4 }
2.5
2.6 // PASS
2.7 +TEST_F(KeyResetMessageTest, check_reset_grouped_own) {
2.8 + send_setup(); // lazy
2.9 + pEp_identity* alice = new_identity("pep.test.alice@pep-project.org", NULL, alice_user_id.c_str(), NULL);
2.10 + PEP_STATUS status = myself(session, alice);
2.11 +
2.12 + ASSERT_EQ(status , PEP_STATUS_OK);
2.13 + ASSERT_TRUE(alice->fpr && alice->fpr[0]);
2.14 + ASSERT_TRUE(alice->me);
2.15 + ASSERT_STREQ(alice->fpr, alice_fpr);
2.16 +
2.17 + status = set_identity_flags(session, alice, alice->flags | PEP_idf_devicegroup);
2.18 + status = key_reset_identity(session, alice, alice_fpr);
2.19 + status = myself(session, alice);
2.20 + ASSERT_EQ(status , PEP_STATUS_OK);
2.21 + char* alice_new_fpr = alice->fpr;
2.22 + ASSERT_TRUE(alice_new_fpr && alice_new_fpr[0]);
2.23 + ASSERT_STRNE(alice_fpr, alice_new_fpr);
2.24 +
2.25 + ASSERT_EQ(m_queue.size(), 1);
2.26 +
2.27 +}
2.28 +
2.29 +
2.30 +// PASS
2.31 TEST_F(KeyResetMessageTest, check_reset_ident_other_pub_fpr) {
2.32 send_setup(); // lazy
2.33 pEp_identity* bob = new_identity("pep.test.bob@pep-project.org", NULL, bob_user_id.c_str(), NULL);
3.1 --- a/test/src/KeyringImportTest.cc Thu Jan 09 09:19:36 2020 +0100
3.2 +++ b/test/src/KeyringImportTest.cc Thu Jan 09 22:02:58 2020 +0100
3.3 @@ -130,7 +130,7 @@
3.4 pEp_identity *id = new_identity(address, NULL, NULL, NULL);
3.5 PEP_STATUS status = update_identity(session, id);
3.6 ASSERT_EQ(status , PEP_STATUS_OK);
3.7 - output_stream << "Got: " << (id->fpr ?: "NULL") << " -> " << (id->address ?: "NULL") << endl;
3.8 + output_stream << "Got: " << (id->fpr ? id->fpr : "NULL") << " -> " << (id->address ? id->address : "NULL") << endl;
3.9
3.10 // We should always get the same fingerprint.
3.11 ASSERT_NE(id->fpr, nullptr);
3.12 @@ -197,7 +197,7 @@
3.13 pEp_identity *id = new_identity(address, NULL, NULL, NULL);
3.14 PEP_STATUS status = update_identity(session, id);
3.15 ASSERT_EQ(status , PEP_STATUS_OK);
3.16 - output_stream << "Got: " << (id->fpr ?: "NULL") << " (expected: " << fpr << ") -> " << (id->address ?: "NULL") << endl;
3.17 + output_stream << "Got: " << (id->fpr ? id->fpr : "NULL") << " (expected: " << fpr << ") -> " << (id->address ? id->address : "NULL") << endl;
3.18
3.19 // We should always get the same fingerprint.
3.20 ASSERT_NE(id->fpr, nullptr);