Merge with sync sequoia_windows
authorThomas
Tue, 09 Jul 2019 16:52:49 +0200
branchsequoia_windows
changeset 392375bd39e465af
parent 3911 7505db47bc5f
parent 3922 a2ebf83845c9
child 3925 6aae202ba5f1
Merge with sync
src/pgp_sequoia.c
     1.1 --- a/src/pgp_sequoia.c	Tue Jul 09 11:14:01 2019 +0200
     1.2 +++ b/src/pgp_sequoia.c	Tue Jul 09 16:52:49 2019 +0200
     1.3 @@ -2414,6 +2414,245 @@
     1.4      return PEP_UNKNOWN_ERROR;
     1.5  }
     1.6  
     1.7 +
     1.8 +PEP_STATUS pgp_renew_key(
     1.9 +    PEP_SESSION session, const char *fpr, const timestamp *ts)
    1.10 +{
    1.11 +    PEP_STATUS status = PEP_STATUS_OK;
    1.12 +    pgp_error_t err = NULL;
    1.13 +    pgp_tpk_t tpk = NULL;
    1.14 +    pgp_tpk_key_iter_t iter = NULL;
    1.15 +    pgp_key_pair_t keypair = NULL;
    1.16 +    pgp_signer_t signer = NULL;
    1.17 +    time_t t = mktime((struct tm *) ts);
    1.18 +
    1.19 +    T("(%s)", fpr);
    1.20 +
    1.21 +    status = tpk_find_by_fpr_hex(session, fpr, true, &tpk, NULL);
    1.22 +    ERROR_OUT(NULL, status, "Looking up '%s'", fpr);
    1.23 +
    1.24 +    uint32_t creation_time = pgp_key_creation_time(pgp_tpk_primary(tpk));
    1.25 +    if (creation_time > t)
    1.26 +        // The creation time is after the expiration time!
    1.27 +        ERROR_OUT(NULL, PEP_UNKNOWN_ERROR,
    1.28 +                  "creation time can't be after expiration time");
    1.29 +
    1.30 +    uint32_t delta = t - creation_time;
    1.31 +
    1.32 +
    1.33 +    iter = pgp_tpk_key_iter_valid(tpk);
    1.34 +    pgp_tpk_key_iter_certification_capable (iter);
    1.35 +    pgp_tpk_key_iter_unencrypted_secret (iter, true);
    1.36 +
    1.37 +    // If there are multiple certification capable subkeys, we just
    1.38 +    // take the first one, whichever one that happens to be.
    1.39 +    pgp_key_t key = pgp_tpk_key_iter_next (iter, NULL, NULL);
    1.40 +    if (! key)
    1.41 +        ERROR_OUT (err, PEP_UNKNOWN_ERROR,
    1.42 +                   "%s has no usable certification capable key", fpr);
    1.43 +
    1.44 +    keypair = pgp_key_into_key_pair (NULL, pgp_key_clone (key));
    1.45 +    if (! keypair)
    1.46 +        ERROR_OUT (err, PEP_UNKNOWN_ERROR, "Creating a keypair");
    1.47 +
    1.48 +    signer = pgp_key_pair_as_signer (keypair);
    1.49 +    if (! signer)
    1.50 +        ERROR_OUT (err, PEP_UNKNOWN_ERROR, "Creating a signer");
    1.51 +
    1.52 +    tpk = pgp_tpk_set_expiry(&err, tpk, signer, delta);
    1.53 +    if (! tpk)
    1.54 +        ERROR_OUT(err, PEP_UNKNOWN_ERROR, "setting expiration");
    1.55 +
    1.56 +    status = tpk_save(session, tpk, NULL);
    1.57 +    tpk = NULL;
    1.58 +    ERROR_OUT(NULL, status, "Saving %s", fpr);
    1.59 +
    1.60 + out:
    1.61 +    pgp_signer_free (signer);
    1.62 +    pgp_key_pair_free (keypair);
    1.63 +    pgp_tpk_key_iter_free (iter);
    1.64 +    pgp_tpk_free(tpk);
    1.65 +
    1.66 +    T("(%s) -> %s", fpr, pEp_status_to_string(status));
    1.67 +    return status;
    1.68 +}
    1.69 +
    1.70 +PEP_STATUS pgp_revoke_key(
    1.71 +    PEP_SESSION session, const char *fpr, const char *reason)
    1.72 +{
    1.73 +    PEP_STATUS status = PEP_STATUS_OK;
    1.74 +    pgp_error_t err = NULL;
    1.75 +    pgp_tpk_t tpk = NULL;
    1.76 +    pgp_tpk_key_iter_t iter = NULL;
    1.77 +    pgp_key_pair_t keypair = NULL;
    1.78 +    pgp_signer_t signer = NULL;
    1.79 +
    1.80 +    T("(%s)", fpr);
    1.81 +
    1.82 +    status = tpk_find_by_fpr_hex(session, fpr, true, &tpk, NULL);
    1.83 +    ERROR_OUT(NULL, status, "Looking up %s", fpr);
    1.84 +
    1.85 +    iter = pgp_tpk_key_iter_valid(tpk);
    1.86 +    pgp_tpk_key_iter_certification_capable (iter);
    1.87 +    pgp_tpk_key_iter_unencrypted_secret (iter, true);
    1.88 +
    1.89 +    // If there are multiple certification capable subkeys, we just
    1.90 +    // take the first one, whichever one that happens to be.
    1.91 +    pgp_key_t key = pgp_tpk_key_iter_next (iter, NULL, NULL);
    1.92 +    if (! key)
    1.93 +        ERROR_OUT (err, PEP_UNKNOWN_ERROR,
    1.94 +                   "%s has no usable certification capable key", fpr);
    1.95 +
    1.96 +    keypair = pgp_key_into_key_pair (NULL, pgp_key_clone (key));
    1.97 +    if (! keypair)
    1.98 +        ERROR_OUT (err, PEP_UNKNOWN_ERROR, "Creating a keypair");
    1.99 +
   1.100 +    signer = pgp_key_pair_as_signer (keypair);
   1.101 +    if (! signer)
   1.102 +        ERROR_OUT (err, PEP_UNKNOWN_ERROR, "Creating a signer");
   1.103 +
   1.104 +    tpk = pgp_tpk_revoke_in_place(&err, tpk, signer,
   1.105 +                                  PGP_REASON_FOR_REVOCATION_UNSPECIFIED,
   1.106 +                                  reason);
   1.107 +    if (! tpk)
   1.108 +        ERROR_OUT(err, PEP_UNKNOWN_ERROR, "setting expiration");
   1.109 +
   1.110 +    assert(pgp_revocation_status_variant(pgp_tpk_revocation_status(tpk))
   1.111 +           == PGP_REVOCATION_STATUS_REVOKED);
   1.112 +
   1.113 +    status = tpk_save(session, tpk, NULL);
   1.114 +    tpk = NULL;
   1.115 +    ERROR_OUT(NULL, status, "Saving %s", fpr);
   1.116 +
   1.117 + out:
   1.118 +    pgp_signer_free (signer);
   1.119 +    pgp_key_pair_free (keypair);
   1.120 +    pgp_tpk_key_iter_free (iter);
   1.121 +    pgp_tpk_free(tpk);
   1.122 +
   1.123 +    T("(%s) -> %s", fpr, pEp_status_to_string(status));
   1.124 +    return status;
   1.125 +}
   1.126 +
   1.127 +static void _pgp_key_expired(pgp_tpk_t tpk, const time_t when, bool* expired)
   1.128 +{
   1.129 +    // Is the TPK live?
   1.130 +    *expired = !pgp_tpk_alive_at(tpk, when);
   1.131 +
   1.132 +#ifdef TRACING
   1.133 +    {
   1.134 +        char buffer[26];
   1.135 +        time_t now = time(NULL);
   1.136 +
   1.137 +        if (when == now || when == now - 1) {
   1.138 +            sprintf(buffer, "now");
   1.139 +        } else {
   1.140 +            struct tm tm;
   1.141 +            gmtime_r(&when, &tm);
   1.142 +            strftime(buffer, sizeof(buffer), "%Y-%m-%d %H:%M:%S", &tm);
   1.143 +        }
   1.144 +
   1.145 +        T("TPK is %slive as of %s", *expired ? "not " : "", buffer);
   1.146 +    }
   1.147 +#endif
   1.148 +    if (*expired)
   1.149 +        goto out;
   1.150 +
   1.151 +    // Are there at least one certification subkey, one signing subkey
   1.152 +    // and one encryption subkey that are live?
   1.153 +    //    int can_certify = 0, can_encrypt = 0, can_sign = 0;
   1.154 +    int can_encrypt = 0, can_sign = 0;
   1.155 +
   1.156 +    pgp_tpk_key_iter_t key_iter = pgp_tpk_key_iter_valid(tpk);
   1.157 +    pgp_key_t key;
   1.158 +    pgp_signature_t sig;
   1.159 +    pgp_revocation_status_t rev;
   1.160 +    while ((key = pgp_tpk_key_iter_next(key_iter, &sig, &rev))) {
   1.161 +        if (! sig)
   1.162 +            continue;
   1.163 +
   1.164 +        if (pgp_signature_can_encrypt_for_transport(sig)
   1.165 +            || pgp_signature_can_encrypt_at_rest(sig))
   1.166 +            can_encrypt = 1;
   1.167 +        if (pgp_signature_can_sign(sig))
   1.168 +            can_sign = 1;
   1.169 +        // if (pgp_signature_can_certify(sig))
   1.170 +        //     can_certify = 1;
   1.171 +
   1.172 +//        if (can_encrypt && can_sign && can_certify)
   1.173 +        if (can_encrypt && can_sign)
   1.174 +            break;
   1.175 +    }
   1.176 +    pgp_tpk_key_iter_free(key_iter);
   1.177 +
   1.178 +//    *expired = !(can_encrypt && can_sign && can_certify);
   1.179 +    *expired = !(can_encrypt && can_sign);
   1.180 +
   1.181 +    T("Key can%s encrypt, can%s sign, can%s certify => %sexpired",
   1.182 +      can_encrypt ? "" : "not",
   1.183 +      can_sign ? "" : "not",
   1.184 +      // can_certify ? "" : "not",
   1.185 +      *expired ? "" : "not ");
   1.186 +      
   1.187 +out:
   1.188 +    // Er, this might be problematic in terms of internal vs. external in log. FIXME?
   1.189 +    T("(%s) -> %s (expired: %d)", fpr, pEp_status_to_string(status), *expired);
   1.190 +    return;
   1.191 +}
   1.192 +                            
   1.193 +PEP_STATUS pgp_key_expired(PEP_SESSION session, const char *fpr,
   1.194 +                           const time_t when, bool *expired)
   1.195 +{
   1.196 +    PEP_STATUS status = PEP_STATUS_OK;
   1.197 +    pgp_tpk_t tpk = NULL;
   1.198 +    T("(%s)", fpr);
   1.199 +
   1.200 +    assert(session);
   1.201 +    assert(fpr);
   1.202 +    assert(expired);
   1.203 +
   1.204 +    *expired = false;
   1.205 +
   1.206 +    pgp_fingerprint_t pgp_fpr = pgp_fingerprint_from_hex(fpr);
   1.207 +    status = tpk_find_by_fpr(session, pgp_fpr, false, &tpk, NULL);
   1.208 +    pgp_fingerprint_free(pgp_fpr);
   1.209 +    ERROR_OUT(NULL, status, "Looking up %s", fpr);
   1.210 +
   1.211 +    _pgp_key_expired(tpk, when, expired);
   1.212 + out:
   1.213 +    pgp_tpk_free(tpk);
   1.214 +    T("(%s) -> %s (expired: %d)", fpr, pEp_status_to_string(status), *expired);
   1.215 +    return status;
   1.216 +}
   1.217 +
   1.218 +PEP_STATUS pgp_key_revoked(PEP_SESSION session, const char *fpr, bool *revoked)
   1.219 +{
   1.220 +    PEP_STATUS status = PEP_STATUS_OK;
   1.221 +    pgp_tpk_t tpk;
   1.222 +
   1.223 +    T("(%s)", fpr);
   1.224 +
   1.225 +    assert(session);
   1.226 +    assert(fpr);
   1.227 +    assert(revoked);
   1.228 +
   1.229 +    *revoked = false;
   1.230 +
   1.231 +    pgp_fingerprint_t pgp_fpr = pgp_fingerprint_from_hex(fpr);
   1.232 +    status = tpk_find_by_fpr(session, pgp_fpr, false, &tpk, NULL);
   1.233 +    pgp_fingerprint_free(pgp_fpr);
   1.234 +    ERROR_OUT(NULL, status, "Looking up %s", fpr);
   1.235 +
   1.236 +    pgp_revocation_status_t rs = pgp_tpk_revocation_status(tpk);
   1.237 +    *revoked = pgp_revocation_status_variant(rs) == PGP_REVOCATION_STATUS_REVOKED;
   1.238 +    pgp_revocation_status_free (rs);
   1.239 +    pgp_tpk_free(tpk);
   1.240 +
   1.241 + out:
   1.242 +    T("(%s) -> %s", fpr, pEp_status_to_string(status));
   1.243 +    return status;
   1.244 +}
   1.245 +
   1.246  PEP_STATUS pgp_get_key_rating(
   1.247      PEP_SESSION session, const char *fpr, PEP_comm_type *comm_type)
   1.248  {
   1.249 @@ -2433,10 +2672,20 @@
   1.250  
   1.251      *comm_type = PEP_ct_OpenPGP_unconfirmed;
   1.252  
   1.253 -    if (pgp_tpk_expired(tpk)) {
   1.254 +    bool expired = false;
   1.255 +    
   1.256 +    // MUST guarantee the same behaviour.
   1.257 +    _pgp_key_expired(tpk, time(NULL), &expired);
   1.258 +    
   1.259 +    if (expired) {
   1.260          *comm_type = PEP_ct_key_expired;
   1.261 -        goto out;
   1.262 +        goto out;        
   1.263      }
   1.264 +    
   1.265 +    // if (pgp_tpk_expired(tpk)) {
   1.266 +    //     *comm_type = PEP_ct_key_expired;
   1.267 +    //     goto out;
   1.268 +    // }
   1.269  
   1.270      pgp_revocation_status_t rs = pgp_tpk_revocation_status(tpk);
   1.271      pgp_revocation_status_variant_t rsv = pgp_revocation_status_variant(rs);
   1.272 @@ -2499,231 +2748,6 @@
   1.273  }
   1.274  
   1.275  
   1.276 -PEP_STATUS pgp_renew_key(
   1.277 -    PEP_SESSION session, const char *fpr, const timestamp *ts)
   1.278 -{
   1.279 -    PEP_STATUS status = PEP_STATUS_OK;
   1.280 -    pgp_error_t err = NULL;
   1.281 -    pgp_tpk_t tpk = NULL;
   1.282 -    pgp_tpk_key_iter_t iter = NULL;
   1.283 -    pgp_key_pair_t keypair = NULL;
   1.284 -    pgp_signer_t signer = NULL;
   1.285 -    time_t t = mktime((struct tm *) ts);
   1.286 -
   1.287 -    T("(%s)", fpr);
   1.288 -
   1.289 -    status = tpk_find_by_fpr_hex(session, fpr, true, &tpk, NULL);
   1.290 -    ERROR_OUT(NULL, status, "Looking up '%s'", fpr);
   1.291 -
   1.292 -    uint32_t creation_time = pgp_key_creation_time(pgp_tpk_primary(tpk));
   1.293 -    if (creation_time > t)
   1.294 -        // The creation time is after the expiration time!
   1.295 -        ERROR_OUT(NULL, PEP_UNKNOWN_ERROR,
   1.296 -                  "creation time can't be after expiration time");
   1.297 -
   1.298 -    uint32_t delta = t - creation_time;
   1.299 -
   1.300 -
   1.301 -    iter = pgp_tpk_key_iter_valid(tpk);
   1.302 -    pgp_tpk_key_iter_certification_capable (iter);
   1.303 -    pgp_tpk_key_iter_unencrypted_secret (iter, true);
   1.304 -
   1.305 -    // If there are multiple certification capable subkeys, we just
   1.306 -    // take the first one, whichever one that happens to be.
   1.307 -    pgp_key_t key = pgp_tpk_key_iter_next (iter, NULL, NULL);
   1.308 -    if (! key)
   1.309 -        ERROR_OUT (err, PEP_UNKNOWN_ERROR,
   1.310 -                   "%s has no usable certification capable key", fpr);
   1.311 -
   1.312 -    keypair = pgp_key_into_key_pair (NULL, pgp_key_clone (key));
   1.313 -    if (! keypair)
   1.314 -        ERROR_OUT (err, PEP_UNKNOWN_ERROR, "Creating a keypair");
   1.315 -
   1.316 -    signer = pgp_key_pair_as_signer (keypair);
   1.317 -    if (! signer)
   1.318 -        ERROR_OUT (err, PEP_UNKNOWN_ERROR, "Creating a signer");
   1.319 -
   1.320 -    tpk = pgp_tpk_set_expiry(&err, tpk, signer, delta);
   1.321 -    if (! tpk)
   1.322 -        ERROR_OUT(err, PEP_UNKNOWN_ERROR, "setting expiration");
   1.323 -
   1.324 -    status = tpk_save(session, tpk, NULL);
   1.325 -    tpk = NULL;
   1.326 -    ERROR_OUT(NULL, status, "Saving %s", fpr);
   1.327 -
   1.328 - out:
   1.329 -    pgp_signer_free (signer);
   1.330 -    pgp_key_pair_free (keypair);
   1.331 -    pgp_tpk_key_iter_free (iter);
   1.332 -    pgp_tpk_free(tpk);
   1.333 -
   1.334 -    T("(%s) -> %s", fpr, pEp_status_to_string(status));
   1.335 -    return status;
   1.336 -}
   1.337 -
   1.338 -PEP_STATUS pgp_revoke_key(
   1.339 -    PEP_SESSION session, const char *fpr, const char *reason)
   1.340 -{
   1.341 -    PEP_STATUS status = PEP_STATUS_OK;
   1.342 -    pgp_error_t err = NULL;
   1.343 -    pgp_tpk_t tpk = NULL;
   1.344 -    pgp_tpk_key_iter_t iter = NULL;
   1.345 -    pgp_key_pair_t keypair = NULL;
   1.346 -    pgp_signer_t signer = NULL;
   1.347 -
   1.348 -    T("(%s)", fpr);
   1.349 -
   1.350 -    status = tpk_find_by_fpr_hex(session, fpr, true, &tpk, NULL);
   1.351 -    ERROR_OUT(NULL, status, "Looking up %s", fpr);
   1.352 -
   1.353 -    iter = pgp_tpk_key_iter_valid(tpk);
   1.354 -    pgp_tpk_key_iter_certification_capable (iter);
   1.355 -    pgp_tpk_key_iter_unencrypted_secret (iter, true);
   1.356 -
   1.357 -    // If there are multiple certification capable subkeys, we just
   1.358 -    // take the first one, whichever one that happens to be.
   1.359 -    pgp_key_t key = pgp_tpk_key_iter_next (iter, NULL, NULL);
   1.360 -    if (! key)
   1.361 -        ERROR_OUT (err, PEP_UNKNOWN_ERROR,
   1.362 -                   "%s has no usable certification capable key", fpr);
   1.363 -
   1.364 -    keypair = pgp_key_into_key_pair (NULL, pgp_key_clone (key));
   1.365 -    if (! keypair)
   1.366 -        ERROR_OUT (err, PEP_UNKNOWN_ERROR, "Creating a keypair");
   1.367 -
   1.368 -    signer = pgp_key_pair_as_signer (keypair);
   1.369 -    if (! signer)
   1.370 -        ERROR_OUT (err, PEP_UNKNOWN_ERROR, "Creating a signer");
   1.371 -
   1.372 -    tpk = pgp_tpk_revoke_in_place(&err, tpk, signer,
   1.373 -                                  PGP_REASON_FOR_REVOCATION_UNSPECIFIED,
   1.374 -                                  reason);
   1.375 -    if (! tpk)
   1.376 -        ERROR_OUT(err, PEP_UNKNOWN_ERROR, "setting expiration");
   1.377 -
   1.378 -    assert(pgp_revocation_status_variant(pgp_tpk_revocation_status(tpk))
   1.379 -           == PGP_REVOCATION_STATUS_REVOKED);
   1.380 -
   1.381 -    status = tpk_save(session, tpk, NULL);
   1.382 -    tpk = NULL;
   1.383 -    ERROR_OUT(NULL, status, "Saving %s", fpr);
   1.384 -
   1.385 - out:
   1.386 -    pgp_signer_free (signer);
   1.387 -    pgp_key_pair_free (keypair);
   1.388 -    pgp_tpk_key_iter_free (iter);
   1.389 -    pgp_tpk_free(tpk);
   1.390 -
   1.391 -    T("(%s) -> %s", fpr, pEp_status_to_string(status));
   1.392 -    return status;
   1.393 -}
   1.394 -
   1.395 -PEP_STATUS pgp_key_expired(PEP_SESSION session, const char *fpr,
   1.396 -                           const time_t when, bool *expired)
   1.397 -{
   1.398 -    PEP_STATUS status = PEP_STATUS_OK;
   1.399 -    pgp_tpk_t tpk = NULL;
   1.400 -    T("(%s)", fpr);
   1.401 -
   1.402 -    assert(session);
   1.403 -    assert(fpr);
   1.404 -    assert(expired);
   1.405 -
   1.406 -    *expired = false;
   1.407 -
   1.408 -    pgp_fingerprint_t pgp_fpr = pgp_fingerprint_from_hex(fpr);
   1.409 -    status = tpk_find_by_fpr(session, pgp_fpr, false, &tpk, NULL);
   1.410 -    pgp_fingerprint_free(pgp_fpr);
   1.411 -    ERROR_OUT(NULL, status, "Looking up %s", fpr);
   1.412 -
   1.413 -    // Is the TPK live?
   1.414 -    *expired = !pgp_tpk_alive_at(tpk, when);
   1.415 -#ifdef TRACING
   1.416 -    {
   1.417 -        char buffer[26];
   1.418 -        time_t now = time(NULL);
   1.419 -
   1.420 -        if (when == now || when == now - 1) {
   1.421 -            sprintf(buffer, "now");
   1.422 -        } else {
   1.423 -            struct tm tm;
   1.424 -            gmtime_r(&when, &tm);
   1.425 -            strftime(buffer, sizeof(buffer), "%Y-%m-%d %H:%M:%S", &tm);
   1.426 -        }
   1.427 -
   1.428 -        T("TPK is %slive as of %s", *expired ? "not " : "", buffer);
   1.429 -    }
   1.430 -#endif
   1.431 -    if (*expired)
   1.432 -        goto out;
   1.433 -
   1.434 -    // Are there at least one certification subkey, one signing subkey
   1.435 -    // and one encryption subkey that are live?
   1.436 -    int can_certify = 0, can_encrypt = 0, can_sign = 0;
   1.437 -
   1.438 -    pgp_tpk_key_iter_t key_iter = pgp_tpk_key_iter_valid(tpk);
   1.439 -    pgp_key_t key;
   1.440 -    pgp_signature_t sig;
   1.441 -    pgp_revocation_status_t rev;
   1.442 -    while ((key = pgp_tpk_key_iter_next(key_iter, &sig, &rev))) {
   1.443 -        if (! sig)
   1.444 -            continue;
   1.445 -
   1.446 -        if (pgp_signature_can_encrypt_for_transport(sig)
   1.447 -            || pgp_signature_can_encrypt_at_rest(sig))
   1.448 -            can_encrypt = 1;
   1.449 -        if (pgp_signature_can_sign(sig))
   1.450 -            can_sign = 1;
   1.451 -        if (pgp_signature_can_certify(sig))
   1.452 -            can_certify = 1;
   1.453 -
   1.454 -        if (can_encrypt && can_sign && can_certify)
   1.455 -            break;
   1.456 -    }
   1.457 -    pgp_tpk_key_iter_free(key_iter);
   1.458 -
   1.459 -    *expired = !(can_encrypt && can_sign && can_certify);
   1.460 -
   1.461 -    T("Key can%s encrypt, can%s sign, can%s certify => %sexpired",
   1.462 -      can_encrypt ? "" : "not",
   1.463 -      can_sign ? "" : "not",
   1.464 -      can_certify ? "" : "not",
   1.465 -      *expired ? "" : "not ");
   1.466 -
   1.467 - out:
   1.468 -    pgp_tpk_free(tpk);
   1.469 -    T("(%s) -> %s (expired: %d)", fpr, pEp_status_to_string(status), *expired);
   1.470 -    return status;
   1.471 -}
   1.472 -
   1.473 -PEP_STATUS pgp_key_revoked(PEP_SESSION session, const char *fpr, bool *revoked)
   1.474 -{
   1.475 -    PEP_STATUS status = PEP_STATUS_OK;
   1.476 -    pgp_tpk_t tpk;
   1.477 -
   1.478 -    T("(%s)", fpr);
   1.479 -
   1.480 -    assert(session);
   1.481 -    assert(fpr);
   1.482 -    assert(revoked);
   1.483 -
   1.484 -    *revoked = false;
   1.485 -
   1.486 -    pgp_fingerprint_t pgp_fpr = pgp_fingerprint_from_hex(fpr);
   1.487 -    status = tpk_find_by_fpr(session, pgp_fpr, false, &tpk, NULL);
   1.488 -    pgp_fingerprint_free(pgp_fpr);
   1.489 -    ERROR_OUT(NULL, status, "Looking up %s", fpr);
   1.490 -
   1.491 -    pgp_revocation_status_t rs = pgp_tpk_revocation_status(tpk);
   1.492 -    *revoked = pgp_revocation_status_variant(rs) == PGP_REVOCATION_STATUS_REVOKED;
   1.493 -    pgp_revocation_status_free (rs);
   1.494 -    pgp_tpk_free(tpk);
   1.495 -
   1.496 - out:
   1.497 -    T("(%s) -> %s", fpr, pEp_status_to_string(status));
   1.498 -    return status;
   1.499 -}
   1.500 -
   1.501  PEP_STATUS pgp_key_created(PEP_SESSION session, const char *fpr, time_t *created)
   1.502  {
   1.503      PEP_STATUS status = PEP_STATUS_OK;
     2.1 --- a/sync/gen_statemachine.ysl2	Tue Jul 09 11:14:01 2019 +0200
     2.2 +++ b/sync/gen_statemachine.ysl2	Tue Jul 09 16:52:49 2019 +0200
     2.3 @@ -1046,8 +1046,10 @@
     2.4  
     2.5          // state machine
     2.6  
     2.7 +        #ifndef NDEBUG
     2.8          const char *«@name»_state_name(int state);
     2.9          const char *«@name»_event_name(int event);
    2.10 +        #endif
    2.11  
    2.12          // the state machine function is returning the next state in case of a
    2.13          // transition or None for staying
    2.14 @@ -1073,6 +1075,9 @@
    2.15          #include "«@name»_fsm.h"
    2.16          #include <stdlib.h>
    2.17  
    2.18 +        #ifdef NDEBUG
    2.19 +        static
    2.20 +        #endif
    2.21          const char *«@name»_state_name(int state)
    2.22          {
    2.23              switch (state) {
    2.24 @@ -1093,6 +1098,9 @@
    2.25              }
    2.26          }
    2.27  
    2.28 +        #ifdef NDEBUG
    2.29 +        static
    2.30 +        #endif
    2.31          const char *«@name»_event_name(int event)
    2.32          {
    2.33              switch (event) {
    2.34 @@ -1158,7 +1166,7 @@
    2.35              switch (state) {
    2.36                  `` apply "state", 2, mode=fsm
    2.37                  default:
    2.38 -                    «@name»_ERR_LOG_INT("invalid state", state);
    2.39 +                    «@name»_ERR_LOG("invalid state", «@name»_state_name(state));
    2.40                      return invalid_state;
    2.41              }
    2.42              
     3.1 --- a/test/src/SuiteMaker.cc	Tue Jul 09 11:14:01 2019 +0200
     3.2 +++ b/test/src/SuiteMaker.cc	Tue Jul 09 16:52:49 2019 +0200
     3.3 @@ -21,6 +21,7 @@
     3.4  #include "Engine463Tests.h"
     3.5  #include "IOS1664Tests.h"
     3.6  #include "BloblistTests.h"
     3.7 +#include "KeyImportAndRetrieveTests.h"
     3.8  #include "NewUpdateIdAndMyselfTests.h"
     3.9  #include "NoOwnIdentWritesOnDecryptTests.h"
    3.10  #include "LiteralFilenameTests.h"
    3.11 @@ -29,6 +30,7 @@
    3.12  #include "PgpBinaryTests.h"
    3.13  #include "SubkeyRatingEvalTests.h"
    3.14  #include "MessageNullFromTests.h"
    3.15 +#include "Engine587Tests.h"
    3.16  #include "ExportKeyTests.h"
    3.17  #include "LeastCommonDenomColorTests.h"
    3.18  #include "StringlistTests.h"
    3.19 @@ -87,6 +89,7 @@
    3.20      "Engine463Tests",
    3.21      "IOS1664Tests",
    3.22      "BloblistTests",
    3.23 +    "KeyImportAndRetrieveTests",
    3.24      "NewUpdateIdAndMyselfTests",
    3.25      "NoOwnIdentWritesOnDecryptTests",
    3.26      "LiteralFilenameTests",
    3.27 @@ -95,6 +98,7 @@
    3.28      "PgpBinaryTests",
    3.29      "SubkeyRatingEvalTests",
    3.30      "MessageNullFromTests",
    3.31 +    "Engine587Tests",
    3.32      "ExportKeyTests",
    3.33      "LeastCommonDenomColorTests",
    3.34      "StringlistTests",
    3.35 @@ -144,7 +148,7 @@
    3.36  };
    3.37  
    3.38  // This file is generated, so magic constants are ok.
    3.39 -int SuiteMaker::num_suites = 63;
    3.40 +int SuiteMaker::num_suites = 65;
    3.41  
    3.42  void SuiteMaker::suitemaker_build(const char* test_class_name, const char* test_home, Test::Suite** test_suite) {
    3.43      if (strcmp(test_class_name, "URIAddressTests") == 0)
    3.44 @@ -165,6 +169,8 @@
    3.45          *test_suite = new IOS1664Tests(test_class_name, test_home);
    3.46      else if (strcmp(test_class_name, "BloblistTests") == 0)
    3.47          *test_suite = new BloblistTests(test_class_name, test_home);
    3.48 +    else if (strcmp(test_class_name, "KeyImportAndRetrieveTests") == 0)
    3.49 +        *test_suite = new KeyImportAndRetrieveTests(test_class_name, test_home);
    3.50      else if (strcmp(test_class_name, "NewUpdateIdAndMyselfTests") == 0)
    3.51          *test_suite = new NewUpdateIdAndMyselfTests(test_class_name, test_home);
    3.52      else if (strcmp(test_class_name, "NoOwnIdentWritesOnDecryptTests") == 0)
    3.53 @@ -181,6 +187,8 @@
    3.54          *test_suite = new SubkeyRatingEvalTests(test_class_name, test_home);
    3.55      else if (strcmp(test_class_name, "MessageNullFromTests") == 0)
    3.56          *test_suite = new MessageNullFromTests(test_class_name, test_home);
    3.57 +    else if (strcmp(test_class_name, "Engine587Tests") == 0)
    3.58 +        *test_suite = new Engine587Tests(test_class_name, test_home);
    3.59      else if (strcmp(test_class_name, "ExportKeyTests") == 0)
    3.60          *test_suite = new ExportKeyTests(test_class_name, test_home);
    3.61      else if (strcmp(test_class_name, "LeastCommonDenomColorTests") == 0)
     4.1 --- a/test/src/engine_tests/IOS1664Tests.cc	Tue Jul 09 11:14:01 2019 +0200
     4.2 +++ b/test/src/engine_tests/IOS1664Tests.cc	Tue Jul 09 16:52:49 2019 +0200
     4.3 @@ -62,11 +62,11 @@
     4.4      TEST_ASSERT(status == PEP_STATUS_OK);
     4.5      TEST_ASSERT_MSG(rating == PEP_rating_trusted_and_anonymized, tl_rating_string(rating));
     4.6      status = identity_rating(session, out_msg->to->ident, &rating);
     4.7 -    TEST_ASSERT_MSG(status == PEP_KEY_NOT_FOUND, tl_status_string(status));
     4.8 -    TEST_ASSERT_MSG(rating == PEP_rating_undefined, tl_rating_string(rating));
     4.9 +    TEST_ASSERT_MSG(status == PEP_STATUS_OK, tl_status_string(status));
    4.10 +    TEST_ASSERT_MSG(rating == PEP_rating_reliable, tl_rating_string(rating));
    4.11  
    4.12      status = outgoing_message_rating(session, out_msg, &rating);
    4.13 -    TEST_ASSERT(rating == PEP_rating_unencrypted);
    4.14 +    TEST_ASSERT(rating == PEP_rating_reliable);
    4.15      
    4.16      TEST_ASSERT(true);
    4.17  }