Browse Source

ENGINE-140 merged to default

doc_update_sequoia
Edouard Tisserant 6 years ago
parent
commit
8f9b319736
6 changed files with 176 additions and 132 deletions
  1. +44
    -7
      src/keymanagement.c
  2. +2
    -4
      src/keymanagement.h
  3. +121
    -108
      src/pEpEngine.c
  4. +5
    -9
      src/pEpEngine.h
  5. +3
    -3
      src/pEp_internal.h
  6. +1
    -1
      src/sync_impl.c

+ 44
- 7
src/keymanagement.c View File

@ -913,9 +913,8 @@ the_end:
return status;
}
DYNAMIC_API PEP_STATUS keys_retrieve_by_flag(
DYNAMIC_API PEP_STATUS own_keys_retrieve(
PEP_SESSION session,
keypair_flags_t flags,
stringlist_t **keylist
)
{
@ -928,18 +927,17 @@ DYNAMIC_API PEP_STATUS keys_retrieve_by_flag(
*keylist = NULL;
stringlist_t *_keylist = NULL;
sqlite3_reset(session->keys_retrieve_by_flag);
sqlite3_bind_int(session->keys_retrieve_by_flag, 1, flags);
sqlite3_reset(session->own_keys_retrieve);
int result;
char *fpr = NULL;
stringlist_t *_bl = _keylist;
do {
result = sqlite3_step(session->keys_retrieve_by_flag);
result = sqlite3_step(session->own_keys_retrieve);
switch (result) {
case SQLITE_ROW:
fpr = strdup((const char *) sqlite3_column_text(session->keys_retrieve_by_flag, 0));
fpr = strdup((const char *) sqlite3_column_text(session->own_keys_retrieve, 0));
if(fpr == NULL)
goto enomem;
@ -962,7 +960,7 @@ DYNAMIC_API PEP_STATUS keys_retrieve_by_flag(
}
} while (result != SQLITE_DONE);
sqlite3_reset(session->keys_retrieve_by_flag);
sqlite3_reset(session->own_keys_retrieve);
if (status == PEP_STATUS_OK)
*keylist = _keylist;
else
@ -978,6 +976,45 @@ the_end:
return status;
}
// TODO: Unused for now, but should be used when sync receive old keys (ENGINE-145)
DYNAMIC_API PEP_STATUS set_own_key(
PEP_SESSION session,
const char *address,
const char *fpr
)
{
PEP_STATUS status = PEP_STATUS_OK;
assert(session &&
address && address[0] &&
fpr && fpr[0]
);
if (!(session &&
address && address[0] &&
fpr && fpr[0]
))
return PEP_ILLEGAL_VALUE;
sqlite3_reset(session->set_own_key);
sqlite3_bind_text(session->set_own_key, 1, address, -1, SQLITE_STATIC);
sqlite3_bind_text(session->set_own_key, 2, fpr, -1, SQLITE_STATIC);
int result;
result = sqlite3_step(session->set_own_key);
switch (result) {
case SQLITE_DONE:
status = PEP_STATUS_OK;
break;
default:
status = PEP_UNKNOWN_ERROR;
}
sqlite3_reset(session->set_own_key);
return status;
}
PEP_STATUS contains_priv_key(PEP_SESSION session, const char *fpr,
bool *has_private) {


+ 2
- 4
src/keymanagement.h View File

@ -190,18 +190,16 @@ DYNAMIC_API PEP_STATUS own_identities_retrieve(
PEP_STATUS contains_priv_key(PEP_SESSION session, const char *fpr,
bool *has_private);
// keys_retrieve_by_flag() - retrieve all flagged keypair fingerprints
// own_keys_retrieve() - retrieve all flagged keypair fingerprints
//
// parameters:
// session (in) session to use
// flags flags to compare pgp keypair's flags to
// keylist (out) list of fingerprints
//
// caveat:
// the ownership of the list goes to the caller
DYNAMIC_API PEP_STATUS keys_retrieve_by_flag(
DYNAMIC_API PEP_STATUS own_keys_retrieve(
PEP_SESSION session,
keypair_flags_t flags,
stringlist_t **keylist
);


+ 121
- 108
src/pEpEngine.c View File

@ -32,9 +32,8 @@ DYNAMIC_API PEP_STATUS init(PEP_SESSION *session)
static const char *sql_get_device_group;
static const char *sql_set_pgp_keypair;
static const char *sql_set_identity;
static const char *sql_exists_empty_fpr_entry;
static const char *sql_update_fprless_identity;
static const char *sql_set_identity_flags;
static const char *sql_unset_identity_flags;
static const char *sql_set_trust;
static const char *sql_get_trust;
static const char *sql_least_trust;
@ -52,7 +51,8 @@ DYNAMIC_API PEP_STATUS init(PEP_SESSION *session)
// Own keys
static const char *sql_own_key_is_listed;
static const char *sql_own_identities_retrieve;
static const char *sql_keys_retrieve_by_flag;
static const char *sql_own_keys_retrieve;
static const char *sql_set_own_key;
// Sequence
static const char *sql_sequence_value1;
@ -223,6 +223,18 @@ DYNAMIC_API PEP_STATUS init(PEP_SESSION *session)
" on delete cascade,\n"
" revocation_date integer\n"
");\n"
"create table if not exists own_keys (\n"
" address text,\n"
" user_id text,\n"
" fpr text not null\n"
" references pgp_keypair (fpr)\n"
" on delete cascade,\n"
" foreign key (address, user_id)\n"
" references identity\n"
" on delete cascade,\n"
" check (user_id = '" PEP_OWN_USERID "')\n"
" primary key (address, fpr)\n"
");\n"
,
NULL,
NULL,
@ -288,19 +300,6 @@ DYNAMIC_API PEP_STATUS init(PEP_SESSION *session)
assert(int_result == SQLITE_OK);
}
if (version <= atoi(_DDL_USER_VERSION)) {
int_result = sqlite3_exec(
_session->db,
"pragma user_version = "_DDL_USER_VERSION";\n"
"insert or replace into version_info (id, version)"
"values (1, '" PEP_ENGINE_VERSION "');",
NULL,
NULL,
NULL
);
assert(int_result == SQLITE_OK);
}
sql_log = "insert into log (title, entity, description, comment)"
"values (?1, ?2, ?3, ?4);";
@ -330,21 +329,34 @@ DYNAMIC_API PEP_STATUS init(PEP_SESSION *session)
sql_get_device_group = "select device_group from person "
"where id = '" PEP_OWN_USERID "';";
sql_set_pgp_keypair = "insert or replace into pgp_keypair (fpr, flags) "
"values (upper(replace(?1,' ','')), ?2) ;";
sql_set_identity = "insert or replace into identity (address, main_key_id, "
"user_id, flags) values (?1, upper(replace(?2,' ','')),"
"?3, ?4 & 255) ;";
sql_set_pgp_keypair = "insert or replace into pgp_keypair (fpr) "
"values (upper(replace(?1,' ',''))) ;";
sql_set_identity = "insert or replace into identity ("
" address, main_key_id, "
" user_id, flags"
") values ("
" ?1,"
" upper(replace(?2,' ','')),"
" ?3,"
" (select"
" coalesce("
" (select flags from identity"
" where address = ?1 and"
" user_id = ?3),"
" 0)"
" ) | (?4 & 255)"
");";
sql_exists_empty_fpr_entry = "select count(*) from identity where address = ?1 and user_id = ?2 "
"and (main_key_id is null or main_key_id = '');";
sql_update_fprless_identity = "update identity set main_key_id = upper(replace(?2,' ','')), "
"flags = ?4 & 255 where address = ?1 and user_id = ?3 and "
"(main_key_id is null or main_key_id = '');";
sql_set_identity_flags = "update identity set flags = "
" ((?1 & 255) | (select flags from identity"
" where address = ?2 and user_id = ?3)) "
"where address = ?2 and user_id = ?3 ;";
sql_set_identity_flags = "update identity set flags = ?1 & 255 "
sql_unset_identity_flags =
"update identity set flags = "
" ( ~(?1 & 255) & (select flags from identity"
" where address = ?2 and user_id = ?3)) "
"where address = ?2 and user_id = ?3 ;";
sql_set_trust = "insert or replace into trust (user_id, pgp_keypair_fpr, comm_type) "
@ -398,9 +410,13 @@ DYNAMIC_API PEP_STATUS init(PEP_SESSION *session)
" and pgp_keypair_fpr = identity.main_key_id"
" where identity.user_id = '" PEP_OWN_USERID "';";
sql_keys_retrieve_by_flag =
"select fpr from pgp_keypair"
" where (flags & ?1) = ?1;";
sql_own_keys_retrieve =
"select fpr from own_keys"
" join identity"
" where identity.flags & 1 = 0;"; // PEP_idf_not_for_sync
sql_set_own_key = "insert or replace into own_keys (address, user_id, fpr)"
" values (?1, '" PEP_OWN_USERID "', upper(replace(?2,' ','')));";
sql_sequence_value1 = "insert or replace into sequences (name, value, own) "
"values (?1, "
@ -452,21 +468,16 @@ DYNAMIC_API PEP_STATUS init(PEP_SESSION *session)
(int)strlen(sql_set_identity), &_session->set_identity, NULL);
assert(int_result == SQLITE_OK);
int_result = sqlite3_prepare_v2(_session->db, sql_exists_empty_fpr_entry,
(int)strlen(sql_exists_empty_fpr_entry), &_session->exists_empty_fpr_entry,
NULL);
assert(int_result == SQLITE_OK);
int_result = sqlite3_prepare_v2(_session->db, sql_update_fprless_identity,
(int)strlen(sql_update_fprless_identity), &_session->update_fprless_identity,
NULL);
assert(int_result == SQLITE_OK);
int_result = sqlite3_prepare_v2(_session->db, sql_set_identity_flags,
(int)strlen(sql_set_identity_flags), &_session->set_identity_flags,
NULL);
assert(int_result == SQLITE_OK);
int_result = sqlite3_prepare_v2(_session->db, sql_unset_identity_flags,
(int)strlen(sql_unset_identity_flags), &_session->unset_identity_flags,
NULL);
assert(int_result == SQLITE_OK);
int_result = sqlite3_prepare_v2(_session->db, sql_set_trust,
(int)strlen(sql_set_trust), &_session->set_trust, NULL);
assert(int_result == SQLITE_OK);
@ -529,9 +540,14 @@ DYNAMIC_API PEP_STATUS init(PEP_SESSION *session)
&_session->own_identities_retrieve, NULL);
assert(int_result == SQLITE_OK);
int_result = sqlite3_prepare_v2(_session->db, sql_keys_retrieve_by_flag,
(int)strlen(sql_keys_retrieve_by_flag),
&_session->keys_retrieve_by_flag, NULL);
int_result = sqlite3_prepare_v2(_session->db, sql_own_keys_retrieve,
(int)strlen(sql_own_keys_retrieve),
&_session->own_keys_retrieve, NULL);
assert(int_result == SQLITE_OK);
int_result = sqlite3_prepare_v2(_session->db, sql_set_own_key,
(int)strlen(sql_set_own_key),
&_session->set_own_key, NULL);
assert(int_result == SQLITE_OK);
// Sequence
@ -634,6 +650,8 @@ DYNAMIC_API void release(PEP_SESSION session)
sqlite3_finalize(session->set_identity);
if (session->set_identity_flags)
sqlite3_finalize(session->set_identity_flags);
if (session->unset_identity_flags)
sqlite3_finalize(session->unset_identity_flags);
if (session->set_trust)
sqlite3_finalize(session->set_trust);
if (session->get_trust)
@ -660,8 +678,10 @@ DYNAMIC_API void release(PEP_SESSION session)
sqlite3_finalize(session->own_key_is_listed);
if (session->own_identities_retrieve)
sqlite3_finalize(session->own_identities_retrieve);
if (session->keys_retrieve_by_flag)
sqlite3_finalize(session->keys_retrieve_by_flag);
if (session->own_keys_retrieve)
sqlite3_finalize(session->own_keys_retrieve);
if (session->set_own_key)
sqlite3_finalize(session->set_own_key);
if (session->sequence_value1)
sqlite3_finalize(session->sequence_value1);
if (session->sequence_value2)
@ -1025,47 +1045,6 @@ DYNAMIC_API PEP_STATUS get_identity(
return status;
}
static PEP_STATUS exists_empty_fpr_entry (
PEP_SESSION session,
const char* address,
const char* user_id,
bool *exists_empty_fpr
)
{
PEP_STATUS status = PEP_STATUS_OK;
int count;
assert(session && address && user_id && exists_empty_fpr);
if (!(session && address && user_id && exists_empty_fpr))
return PEP_ILLEGAL_VALUE;
*exists_empty_fpr = false;
sqlite3_reset(session->exists_empty_fpr_entry);
sqlite3_bind_text(session->exists_empty_fpr_entry, 1, address, -1, SQLITE_STATIC);
sqlite3_bind_text(session->exists_empty_fpr_entry, 2, user_id, -1, SQLITE_STATIC);
int result;
result = sqlite3_step(session->exists_empty_fpr_entry);
switch (result) {
case SQLITE_ROW:
count = sqlite3_column_int(session->exists_empty_fpr_entry, 0);
*exists_empty_fpr = count > 0;
status = PEP_STATUS_OK;
break;
default:
status = PEP_UNKNOWN_ERROR;
}
sqlite3_reset(session->exists_empty_fpr_entry);
return status;
}
DYNAMIC_API PEP_STATUS set_identity(
PEP_SESSION session, const pEp_identity *identity
)
@ -1083,7 +1062,6 @@ DYNAMIC_API PEP_STATUS set_identity(
return PEP_ILLEGAL_VALUE;
bool listed;
bool exists_empty_fpr;
if (identity->fpr && identity->fpr[0] != '\0') {
@ -1096,12 +1074,6 @@ DYNAMIC_API PEP_STATUS set_identity(
if (listed)
return PEP_KEY_BLACKLISTED;
// empty fpr already in DB
status = exists_empty_fpr_entry(session, identity->address,
identity->user_id, &exists_empty_fpr);
if (status != PEP_STATUS_OK)
return status;
}
sqlite3_exec(session->db, "BEGIN ;", NULL, NULL, NULL);
@ -1134,9 +1106,6 @@ DYNAMIC_API PEP_STATUS set_identity(
sqlite3_reset(session->set_pgp_keypair);
sqlite3_bind_text(session->set_pgp_keypair, 1, identity->fpr, -1,
SQLITE_STATIC);
sqlite3_bind_int(session->set_pgp_keypair, 2,
strcmp(identity->user_id, PEP_OWN_USERID) == 0 ?
PEP_kpf_own_key : 0);
result = sqlite3_step(session->set_pgp_keypair);
sqlite3_reset(session->set_pgp_keypair);
if (result != SQLITE_DONE) {
@ -1144,24 +1113,37 @@ DYNAMIC_API PEP_STATUS set_identity(
return PEP_CANNOT_SET_PGP_KEYPAIR;
}
sqlite3_stmt *update_or_set_identity =
(exists_empty_fpr ? session->update_fprless_identity : session->set_identity);
sqlite3_reset(update_or_set_identity);
sqlite3_bind_text(update_or_set_identity, 1, identity->address, -1,
sqlite3_reset(session->set_identity);
sqlite3_bind_text(session->set_identity, 1, identity->address, -1,
SQLITE_STATIC);
sqlite3_bind_text(update_or_set_identity, 2, identity->fpr, -1,
sqlite3_bind_text(session->set_identity, 2, identity->fpr, -1,
SQLITE_STATIC);
sqlite3_bind_text(update_or_set_identity, 3, identity->user_id, -1,
sqlite3_bind_text(session->set_identity, 3, identity->user_id, -1,
SQLITE_STATIC);
sqlite3_bind_int(update_or_set_identity, 4, identity->flags);
result = sqlite3_step(update_or_set_identity);
sqlite3_reset(update_or_set_identity);
sqlite3_bind_int(session->set_identity, 4, identity->flags);
result = sqlite3_step(session->set_identity);
sqlite3_reset(session->set_identity);
if (result != SQLITE_DONE) {
sqlite3_exec(session->db, "ROLLBACK ;", NULL, NULL, NULL);
return PEP_CANNOT_SET_IDENTITY;
}
if(strcmp(identity->user_id, PEP_OWN_USERID) == 0 &&
identity->fpr && identity->fpr[0] != '\0') {
sqlite3_reset(session->set_own_key);
sqlite3_bind_text(session->set_own_key, 1, identity->address, -1,
SQLITE_STATIC);
sqlite3_bind_text(session->set_own_key, 2, identity->fpr, -1,
SQLITE_STATIC);
result = sqlite3_step(session->set_own_key);
sqlite3_reset(session->set_own_key);
if (result != SQLITE_DONE) {
sqlite3_exec(session->db, "ROLLBACK ;", NULL, NULL, NULL);
return PEP_CANNOT_SET_PGP_KEYPAIR;
}
}
sqlite3_reset(session->set_trust);
sqlite3_bind_text(session->set_trust, 1, identity->user_id, -1,
SQLITE_STATIC);
@ -1268,6 +1250,37 @@ DYNAMIC_API PEP_STATUS set_identity_flags(
return PEP_STATUS_OK;
}
DYNAMIC_API PEP_STATUS unset_identity_flags(
PEP_SESSION session,
pEp_identity *identity,
unsigned int flags
)
{
int result;
assert(session);
assert(identity);
assert(identity->address);
assert(identity->user_id);
if (!(session && identity && identity->address && identity->user_id))
return PEP_ILLEGAL_VALUE;
sqlite3_reset(session->unset_identity_flags);
sqlite3_bind_int(session->unset_identity_flags, 1, flags);
sqlite3_bind_text(session->unset_identity_flags, 2, identity->address, -1,
SQLITE_STATIC);
sqlite3_bind_text(session->unset_identity_flags, 3, identity->user_id, -1,
SQLITE_STATIC);
result = sqlite3_step(session->unset_identity_flags);
sqlite3_reset(session->unset_identity_flags);
if (result != SQLITE_DONE)
return PEP_CANNOT_SET_IDENTITY;
identity->flags = flags;
return PEP_STATUS_OK;
}
DYNAMIC_API PEP_STATUS mark_as_compromized(
PEP_SESSION session,
const char *fpr


+ 5
- 9
src/pEpEngine.h View File

@ -412,21 +412,17 @@ typedef enum _PEP_comm_type {
typedef enum _identity_flags {
// the first octet flags are app defined settings
PEP_idf_not_for_sync = 1, // don't use this identity for sync
PEP_idf_list = 2, // identity of list of persons
PEP_idf_not_for_sync = 0x0001, // don't use this identity for sync
PEP_idf_list = 0x0002, // identity of list of persons
// the second octet flags are calculated
PEP_idf_devicegroup = 256 // identity of a device group member
PEP_idf_devicegroup = 0x0100 // identity of a device group member
} identity_flags;
typedef unsigned int identity_flags_t;
typedef enum _keypair_flags {
// the first octet flags are app defined settings
// the second octet flags are calculated
PEP_kpf_own_key = 512 // key (was) used for own identity
} keypair_flags;
// typedef enum _keypair_flags {
// } keypair_flags;
typedef unsigned int keypair_flags_t;


+ 3
- 3
src/pEp_internal.h View File

@ -99,9 +99,8 @@ typedef struct _pEpSession {
sqlite3_stmt *get_device_group;
sqlite3_stmt *set_pgp_keypair;
sqlite3_stmt *set_identity;
sqlite3_stmt *exists_empty_fpr_entry;
sqlite3_stmt *update_fprless_identity;
sqlite3_stmt *set_identity_flags;
sqlite3_stmt *unset_identity_flags;
sqlite3_stmt *set_trust;
sqlite3_stmt *get_trust;
sqlite3_stmt *least_trust;
@ -120,7 +119,8 @@ typedef struct _pEpSession {
// Own keys
sqlite3_stmt *own_key_is_listed;
sqlite3_stmt *own_identities_retrieve;
sqlite3_stmt *keys_retrieve_by_flag;
sqlite3_stmt *own_keys_retrieve;
sqlite3_stmt *set_own_key;
// sequence value
sqlite3_stmt *sequence_value1;


+ 1
- 1
src/sync_impl.c View File

@ -579,7 +579,7 @@ PEP_STATUS unicast_msg(
}
stringlist_t *keylist = NULL;
status = keys_retrieve_by_flag(session, PEP_kpf_own_key, &keylist);
status = own_keys_retrieve(session, &keylist);
if (status != PEP_STATUS_OK)
goto error;


Loading…
Cancel
Save