ENGINE-217 avoid including sender rating inside recipients keylist rating, causing least_trust() to downgrade rating in case of message to myself (existing entry with own FPR can exist in trust db when sync handshake happened). Rationalized keylist rating even more. ENGINE-217
authorEdouard Tisserant <edouard@pep-project.org>
Tue, 20 Jun 2017 23:53:40 +0200
branchENGINE-217
changeset 187667fdbb8e9ab4
parent 1875 5db850315b5a
child 1877 e2f357447046
child 2732 2d177ec3804b
ENGINE-217 avoid including sender rating inside recipients keylist rating, causing least_trust() to downgrade rating in case of message to myself (existing entry with own FPR can exist in trust db when sync handshake happened). Rationalized keylist rating even more.
src/message_api.c
     1.1 --- a/src/message_api.c	Tue Jun 20 23:16:47 2017 +0200
     1.2 +++ b/src/message_api.c	Tue Jun 20 23:53:40 2017 +0200
     1.3 @@ -826,69 +826,61 @@
     1.4  
     1.5  
     1.6      PEP_comm_type bare_comm_type = PEP_ct_unknown;
     1.7 +    PEP_comm_type resulting_comm_type = PEP_ct_unknown;
     1.8      PEP_STATUS status = get_key_rating(session, fpr, &bare_comm_type);
     1.9      if (status != PEP_STATUS_OK)
    1.10          return PEP_rating_undefined;
    1.11  
    1.12 -    PEP_comm_type least_trust_type = PEP_ct_unknown;
    1.13 -    least_trust(session, fpr, &least_trust_type);
    1.14 -
    1.15 -    if (least_trust_type == PEP_ct_unknown) {
    1.16 -        return _rating(bare_comm_type, PEP_rating_undefined);
    1.17 +    PEP_comm_type least_comm_type = PEP_ct_unknown;
    1.18 +    least_trust(session, fpr, &least_comm_type);
    1.19 +
    1.20 +    if (least_comm_type == PEP_ct_unknown) {
    1.21 +        resulting_comm_type = bare_comm_type;
    1.22 +    } else if (least_comm_type < PEP_ct_strong_but_unconfirmed ||
    1.23 +               bare_comm_type < PEP_ct_strong_but_unconfirmed) {
    1.24 +        // take minimum if anything bad
    1.25 +        resulting_comm_type = least_comm_type < bare_comm_type ? 
    1.26 +                              least_comm_type : 
    1.27 +                              bare_comm_type;
    1.28      } else {
    1.29 -        return _rating(least_trust_type, PEP_rating_undefined);
    1.30 +        resulting_comm_type = least_comm_type;
    1.31      }
    1.32 +    return _rating(resulting_comm_type, PEP_rating_undefined);
    1.33  }
    1.34  
    1.35  static PEP_rating worst_rating(PEP_rating rating1, PEP_rating rating2) {
    1.36      return ((rating1 < rating2) ? rating1 : rating2);
    1.37  }
    1.38  
    1.39 -static PEP_rating keylist_rating(PEP_SESSION session, stringlist_t *keylist)
    1.40 +static PEP_rating keylist_rating(PEP_SESSION session, stringlist_t *keylist, char* sender_fpr, PEP_rating sender_rating)
    1.41  {
    1.42 -    PEP_rating rating = PEP_rating_undefined;
    1.43 +    PEP_rating rating = sender_rating;
    1.44  
    1.45      assert(keylist && keylist->value);
    1.46      if (keylist == NULL || keylist->value == NULL)
    1.47          return PEP_rating_undefined;
    1.48  
    1.49      stringlist_t *_kl;
    1.50 -    bool first = true;
    1.51      for (_kl = keylist; _kl && _kl->value; _kl = _kl->next) {
    1.52 -        PEP_comm_type ct;
    1.53 -        PEP_STATUS status;
    1.54 +
    1.55 +        // Ignore own fpr
    1.56 +        if(_same_fpr(sender_fpr, strlen(sender_fpr), _kl->value, strlen(_kl->value)))
    1.57 +            continue;
    1.58  
    1.59          PEP_rating _rating_ = key_rating(session, _kl->value);
    1.60           
    1.61          if (_rating_ <= PEP_rating_mistrust)
    1.62              return _rating_;
    1.63              
    1.64 -        if (first) {
    1.65 -            rating = _rating_;
    1.66 -            first = false;
    1.67 -        }
    1.68 -        else if (rating == PEP_rating_undefined)
    1.69 -            rating = worst_rating(rating, _rating_);
    1.70 -
    1.71 -        if (_rating_ >= PEP_rating_reliable) {
    1.72 -            status = least_trust(session, _kl->value, &ct);
    1.73 -            if (status != PEP_STATUS_OK)
    1.74 -                return PEP_rating_undefined;
    1.75 -            if (ct == PEP_ct_unknown){
    1.76 -                /* per edouard, we reduce reliable+ ratings to reliable because
    1.77 -                   ct unknown */
    1.78 -                if (rating >= PEP_rating_reliable){
    1.79 -                    rating = PEP_rating_reliable; 
    1.80 -                }
    1.81 -            }
    1.82 -            else{
    1.83 -                rating = worst_rating(rating, _rating(ct, rating));
    1.84 -            }
    1.85 -        }
    1.86 -        else if (_rating_ == PEP_rating_unencrypted) {
    1.87 +        if (_rating_ == PEP_rating_unencrypted)
    1.88 +        {
    1.89              if (rating > PEP_rating_unencrypted_for_some)
    1.90                  rating = worst_rating(rating, PEP_rating_unencrypted_for_some);
    1.91          }
    1.92 +        else
    1.93 +        {
    1.94 +            rating = worst_rating(rating, _rating_);
    1.95 +        }
    1.96      }
    1.97  
    1.98      return rating;
    1.99 @@ -1609,38 +1601,32 @@
   1.100      PEP_STATUS status = PEP_STATUS_OK;
   1.101  
   1.102      if (*rating > PEP_rating_mistrust) {
   1.103 -        PEP_rating kl_rating = PEP_rating_undefined;
   1.104 -
   1.105 -        if (recipients)
   1.106 -            kl_rating = keylist_rating(session, recipients);
   1.107 -
   1.108 -        if (kl_rating <= PEP_rating_mistrust) {
   1.109 -            *rating = kl_rating;
   1.110 +
   1.111 +        if (recipients == NULL) {
   1.112 +            *rating = PEP_rating_undefined;
   1.113 +            return PEP_STATUS_OK;
   1.114          }
   1.115 -        else if (*rating >= PEP_rating_reliable &&
   1.116 -                 kl_rating < PEP_rating_reliable) {
   1.117 +
   1.118 +        char *fpr = recipients->value;
   1.119 +
   1.120 +        if (!(sender && sender->user_id && sender->user_id[0] && fpr && fpr[0])) {
   1.121              *rating = PEP_rating_unreliable;
   1.122          }
   1.123 -        else if (*rating >= PEP_rating_reliable &&
   1.124 -                 kl_rating >= PEP_rating_reliable) {
   1.125 -            if (!(sender && sender->user_id && sender->user_id[0])) {
   1.126 -                *rating = PEP_rating_unreliable;
   1.127 +        else {
   1.128 +            pEp_identity *_sender = new_identity(sender->address, fpr,
   1.129 +                                               sender->user_id, sender->username);
   1.130 +            if (_sender == NULL)
   1.131 +                return PEP_OUT_OF_MEMORY;
   1.132 +
   1.133 +            status = get_trust(session, _sender);
   1.134 +            if (_sender->comm_type != PEP_ct_unknown) {
   1.135 +                *rating = keylist_rating(session, recipients, 
   1.136 +                            fpr, _rating(_sender->comm_type, 
   1.137 +                                          PEP_rating_undefined));
   1.138              }
   1.139 -            else {
   1.140 -                char *fpr = recipients->value;
   1.141 -                pEp_identity *_sender = new_identity(sender->address, fpr,
   1.142 -                                                   sender->user_id, sender->username);
   1.143 -                if (_sender == NULL)
   1.144 -                    return PEP_OUT_OF_MEMORY;
   1.145 -                status = get_trust(session, _sender);
   1.146 -                if (_sender->comm_type != PEP_ct_unknown) {
   1.147 -                    *rating = worst_rating(_rating(_sender->comm_type, PEP_rating_undefined),
   1.148 -                              kl_rating);
   1.149 -                }
   1.150 -                free_identity(_sender);
   1.151 -                if (status == PEP_CANNOT_FIND_IDENTITY)
   1.152 -                   status = PEP_STATUS_OK;
   1.153 -            }
   1.154 +            free_identity(_sender);
   1.155 +            if (status == PEP_CANNOT_FIND_IDENTITY)
   1.156 +               status = PEP_STATUS_OK;
   1.157          }
   1.158      }
   1.159      return status;