p≡p engine FORK
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

1608 lines
59 KiB

8 years ago
8 years ago
7 years ago
8 years ago
7 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
6 years ago
6 years ago
6 years ago
6 years ago
4 years ago
6 years ago
8 years ago
6 years ago
8 years ago
8 years ago
8 years ago
8 years ago
4 years ago
4 years ago
4 years ago
3 years ago
8 years ago
4 years ago
4 years ago
8 years ago
8 years ago
4 years ago
8 years ago
4 years ago
8 years ago
4 years ago
4 years ago
8 years ago
8 years ago
8 years ago
6 years ago
6 years ago
6 years ago
6 years ago
6 years ago
6 years ago
3 years ago
8 years ago
8 years ago
8 years ago
6 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
3 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
6 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
7 years ago
8 years ago
8 years ago
6 years ago
8 years ago
8 years ago
7 years ago
7 years ago
8 years ago
8 years ago
6 years ago
6 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
6 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
6 years ago
6 years ago
6 years ago
6 years ago
6 years ago
3 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
3 years ago
4 years ago
4 years ago
8 years ago
  1. // This file is under GNU General Public License 3.0
  2. // see LICENSE.txt
  3. #pragma once
  4. #ifdef __cplusplus
  5. extern "C" {
  6. #endif
  7. #include <stddef.h>
  8. #include <stdint.h>
  9. #include <stdbool.h>
  10. #include "dynamic_api.h"
  11. #include "stringlist.h"
  12. #include "stringpair.h"
  13. #include "labeled_int_list.h"
  14. #include "timestamp.h"
  15. #define PEP_VERSION "2.1" // pEp *protocol* version
  16. // RELEASE version this targets
  17. // (string: major.minor.patch)
  18. #define PEP_ENGINE_VERSION "2.1.8"
  19. #define PEP_ENGINE_VERSION_MAJOR 2
  20. #define PEP_ENGINE_VERSION_MINOR 1
  21. #define PEP_ENGINE_VERSION_PATCH 8
  22. #define PEP_ENGINE_VERSION_RC 0
  23. #define PEP_OWN_USERID "pEp_own_userId"
  24. // pEp Engine API
  25. // caveat:
  26. // Unicode data has to be normalized to NFC before calling
  27. // UTF-8 strings are UTF-8 encoded C strings (zero terminated)
  28. struct _pEpSession;
  29. typedef struct _pEpSession * PEP_SESSION;
  30. typedef enum {
  31. PEP_STATUS_OK = 0,
  32. PEP_INIT_CANNOT_LOAD_CRYPTO_LIB = 0x0110,
  33. PEP_INIT_CRYPTO_LIB_INIT_FAILED = 0x0111,
  34. PEP_INIT_NO_CRYPTO_HOME = 0x0112,
  35. // PEP_INIT_NETPGP_INIT_FAILED = 0x0113,
  36. PEP_INIT_CANNOT_DETERMINE_CRYPTO_VERSION = 0x0114,
  37. PEP_INIT_UNSUPPORTED_CRYPTO_VERSION = 0x0115,
  38. PEP_INIT_CANNOT_CONFIG_CRYPTO_AGENT = 0x0116,
  39. PEP_INIT_SQLITE3_WITHOUT_MUTEX = 0x0120,
  40. PEP_INIT_CANNOT_OPEN_DB = 0x0121,
  41. PEP_INIT_CANNOT_OPEN_SYSTEM_DB = 0x0122,
  42. PEP_INIT_DB_DOWNGRADE_VIOLATION = 0x0123,
  43. PEP_UNKNOWN_DB_ERROR = 0x01ff,
  44. PEP_KEY_NOT_FOUND = 0x0201,
  45. PEP_KEY_HAS_AMBIG_NAME = 0x0202,
  46. PEP_GET_KEY_FAILED = 0x0203,
  47. PEP_CANNOT_EXPORT_KEY = 0x0204,
  48. PEP_CANNOT_EDIT_KEY = 0x0205,
  49. PEP_KEY_UNSUITABLE = 0x0206,
  50. PEP_MALFORMED_KEY_RESET_MSG = 0x0210,
  51. PEP_KEY_NOT_RESET = 0x0211,
  52. PEP_CANNOT_DELETE_KEY = 0x0212,
  53. PEP_KEY_IMPORTED = 0x0220,
  54. PEP_NO_KEY_IMPORTED = 0x0221,
  55. PEP_KEY_IMPORT_STATUS_UNKNOWN = 0x0222,
  56. PEP_SOME_KEYS_IMPORTED = 0x0223,
  57. PEP_CANNOT_FIND_IDENTITY = 0x0301,
  58. PEP_CANNOT_SET_PERSON = 0x0381,
  59. PEP_CANNOT_SET_PGP_KEYPAIR = 0x0382,
  60. PEP_CANNOT_SET_IDENTITY = 0x0383,
  61. PEP_CANNOT_SET_TRUST = 0x0384,
  62. PEP_KEY_BLACKLISTED = 0x0385,
  63. PEP_CANNOT_FIND_PERSON = 0x0386,
  64. PEP_CANNOT_SET_PEP_VERSION = 0X0387,
  65. PEP_CANNOT_FIND_ALIAS = 0x0391,
  66. PEP_CANNOT_SET_ALIAS = 0x0392,
  67. PEP_UNENCRYPTED = 0x0400,
  68. PEP_VERIFIED = 0x0401,
  69. PEP_DECRYPTED = 0x0402,
  70. PEP_DECRYPTED_AND_VERIFIED = 0x0403,
  71. PEP_DECRYPT_WRONG_FORMAT = 0x0404,
  72. PEP_DECRYPT_NO_KEY = 0x0405,
  73. PEP_DECRYPT_SIGNATURE_DOES_NOT_MATCH = 0x0406,
  74. PEP_VERIFY_NO_KEY = 0x0407,
  75. PEP_VERIFIED_AND_TRUSTED = 0x0408,
  76. PEP_CANNOT_REENCRYPT = 0x0409,
  77. PEP_VERIFY_SIGNER_KEY_REVOKED = 0x040a,
  78. PEP_CANNOT_DECRYPT_UNKNOWN = 0x04ff,
  79. PEP_TRUSTWORD_NOT_FOUND = 0x0501,
  80. PEP_TRUSTWORDS_FPR_WRONG_LENGTH = 0x0502,
  81. PEP_TRUSTWORDS_DUPLICATE_FPR = 0x0503,
  82. PEP_CANNOT_CREATE_KEY = 0x0601,
  83. PEP_CANNOT_SEND_KEY = 0x0602,
  84. PEP_PHRASE_NOT_FOUND = 0x0701,
  85. PEP_SEND_FUNCTION_NOT_REGISTERED = 0x0801,
  86. PEP_CONTRAINTS_VIOLATED = 0x0802,
  87. PEP_CANNOT_ENCODE = 0x0803,
  88. PEP_SYNC_NO_NOTIFY_CALLBACK = 0x0901,
  89. PEP_SYNC_ILLEGAL_MESSAGE = 0x0902,
  90. PEP_SYNC_NO_INJECT_CALLBACK = 0x0903,
  91. PEP_SYNC_NO_CHANNEL = 0x0904,
  92. PEP_SYNC_CANNOT_ENCRYPT = 0x0905,
  93. PEP_SYNC_NO_MESSAGE_SEND_CALLBACK = 0x0906,
  94. PEP_SYNC_CANNOT_START = 0x0907,
  95. PEP_CANNOT_INCREASE_SEQUENCE = 0x0971,
  96. PEP_STATEMACHINE_ERROR = 0x0980,
  97. PEP_NO_TRUST = 0x0981,
  98. PEP_STATEMACHINE_INVALID_STATE = 0x0982,
  99. PEP_STATEMACHINE_INVALID_EVENT = 0x0983,
  100. PEP_STATEMACHINE_INVALID_CONDITION = 0x0984,
  101. PEP_STATEMACHINE_INVALID_ACTION = 0x0985,
  102. PEP_STATEMACHINE_INHIBITED_EVENT = 0x0986,
  103. PEP_STATEMACHINE_CANNOT_SEND = 0x0987,
  104. PEP_PASSPHRASE_REQUIRED = 0x0a00,
  105. PEP_WRONG_PASSPHRASE = 0x0a01,
  106. PEP_PASSPHRASE_FOR_NEW_KEYS_REQUIRED = 0x0a02,
  107. PEP_DISTRIBUTION_ILLEGAL_MESSAGE = 0x1002,
  108. PEP_COMMIT_FAILED = 0xff01,
  109. PEP_MESSAGE_CONSUME = 0xff02,
  110. PEP_MESSAGE_IGNORE = 0xff03,
  111. PEP_CANNOT_CONFIG = 0xff04,
  112. PEP_RECORD_NOT_FOUND = -6,
  113. PEP_CANNOT_CREATE_TEMP_FILE = -5,
  114. PEP_ILLEGAL_VALUE = -4,
  115. PEP_BUFFER_TOO_SMALL = -3,
  116. PEP_OUT_OF_MEMORY = -2,
  117. PEP_UNKNOWN_ERROR = -1,
  118. PEP_VERSION_MISMATCH = -7,
  119. } PEP_STATUS;
  120. typedef enum _PEP_enc_format {
  121. PEP_enc_none = 0, // message is not encrypted
  122. PEP_enc_pieces = 1, // inline PGP + PGP extensions, was removed
  123. PEP_enc_inline = 1, // still there
  124. PEP_enc_S_MIME, // RFC5751
  125. PEP_enc_PGP_MIME, // RFC3156
  126. PEP_enc_PEP, // pEp encryption format
  127. PEP_enc_PGP_MIME_Outlook1, // Message B0rken by Outlook type 1
  128. PEP_enc_inline_EA,
  129. PEP_enc_auto = 255 // figure out automatically where possible
  130. } PEP_enc_format;
  131. // messageToSend() - a message needs to be delivered by application
  132. //
  133. // parameters:
  134. // msg (in) message struct with message to send
  135. //
  136. // return value:
  137. // PEP_STATUS_OK or any other value on error
  138. //
  139. // caveat:
  140. // the ownership of msg goes to the callee
  141. struct _message;
  142. typedef PEP_STATUS (*messageToSend_t)(struct _message *msg);
  143. struct Sync_event;
  144. typedef struct Sync_event *SYNC_EVENT;
  145. // free_Sync_event() - free memory occupied by sync protocol message
  146. //
  147. // parameters:
  148. // ev (in) event to free
  149. DYNAMIC_API void free_Sync_event(SYNC_EVENT ev);
  150. // inject_sync_event - inject sync protocol message
  151. //
  152. // parameters:
  153. // ev (in) event to inject
  154. // management (in) application defined; usually a locked queue
  155. //
  156. // return value:
  157. // 0 if event could be stored successfully or nonzero otherwise
  158. //
  159. // caveat:
  160. // if ev is SHUTDOWN then the implementation has to be synchronous
  161. // and the shutdown must be immediate
  162. typedef int (*inject_sync_event_t)(SYNC_EVENT ev, void *management);
  163. // ensure_passphrase() - callee ensures correct password for (signing) key is configured in the session on
  164. // return, or returns error when it is not found
  165. // parameters:
  166. //. session (in) session for which the guarantee is made
  167. // fpr (in) fpr to check
  168. //
  169. // return value:
  170. // PEP_STATUS_OK passphrase is configured and ready to use
  171. // If the caller runs out of passphrases to try, PEP_*PASSWORD* errors
  172. // are acceptable.
  173. //. Other errors if, e.g., the key is not found
  174. //
  175. // caveat:
  176. // The callee is responsible for iterating through passwords
  177. // to ensure signing/encryption can occur successfully.
  178. //
  179. typedef PEP_STATUS (*ensure_passphrase_t)(PEP_SESSION session, const char* fpr);
  180. // INIT_STATUS init() - initialize pEpEngine for a thread
  181. //
  182. // parameters:
  183. // session (out) init() allocates session memory and
  184. // returns a pointer as a handle
  185. // messageToSend (in) callback for sending message by the
  186. // application
  187. // inject_sync_event (in) callback for injecting a sync event
  188. // ensure_passphrase (in) callback for ensuring correct password for key is set
  189. //
  190. // return value:
  191. // PEP_STATUS_OK = 0 if init() succeeds
  192. // PEP_INIT_SQLITE3_WITHOUT_MUTEX if SQLite3 was compiled with
  193. // SQLITE_THREADSAFE 0
  194. // PEP_INIT_CANNOT_LOAD_CRYPTO_LIB if crypto lin cannot be found
  195. // PEP_INIT_CRYPTO_LIB_INIT_FAILED if CRYPTO_LIB init fails
  196. // PEP_INIT_CANNOT_OPEN_DB if user's management db cannot be
  197. // opened
  198. // PEP_INIT_CANNOT_OPEN_SYSTEM_DB if system's management db cannot be
  199. // opened
  200. //
  201. // caveat:
  202. // THE CALLER MUST GUARD THIS CALL EXTERNALLY WITH A MUTEX. release()
  203. // should be similarly guarded.
  204. //
  205. // the pointer is valid only if the return value is PEP_STATUS_OK
  206. // in other case a NULL pointer will be returned; a valid handle must
  207. // be released using release() when it's no longer needed
  208. //
  209. // the caller has to guarantee that the first call to this function
  210. // will succeed before further calls can be done
  211. //
  212. // messageToSend can only be null if no transport is application based
  213. // if transport system is not used it must not be NULL
  214. //
  215. // ensure_refresh_key should only be NULL if the
  216. // caller can guarantee that there is only one single or zero passphrases
  217. // used in the whole of the keys database
  218. DYNAMIC_API PEP_STATUS init(
  219. PEP_SESSION *session,
  220. messageToSend_t messageToSend,
  221. inject_sync_event_t inject_sync_event,
  222. ensure_passphrase_t ensure_passphrase
  223. );
  224. // void release() - release thread session handle
  225. //
  226. // parameters:
  227. // session (in) session handle to release
  228. //
  229. // caveat:
  230. // THE CALLER MUST GUARD THIS CALL EXTERNALLY WITH A MUTEX. init() should
  231. // be similarly guarded.
  232. //
  233. // the last release() can be called only when all other release() calls
  234. // are done
  235. DYNAMIC_API void release(PEP_SESSION session);
  236. // config_passive_mode() - enable passive mode
  237. //
  238. // parameters:
  239. // session (in) session handle
  240. // enable (in) flag if enabled or disabled
  241. DYNAMIC_API void config_passive_mode(PEP_SESSION session, bool enable);
  242. // config_unencrypted_subject() - disable subject encryption
  243. //
  244. // parameters:
  245. // session (in) session handle
  246. // enable (in) flag if enabled or disabled
  247. DYNAMIC_API void config_unencrypted_subject(PEP_SESSION session, bool enable);
  248. // config_use_only_own_private_keys() - enable passive mode
  249. //
  250. // parameters:
  251. // session (in) session handle
  252. // enable (in) flag if enabled or disabled
  253. DYNAMIC_API void config_use_only_own_private_keys(PEP_SESSION session, bool enable);
  254. // config_service_log() - log more for service purposes
  255. //
  256. // session (in) session handle
  257. // enable (in) flag if enabled or disabled
  258. DYNAMIC_API void config_service_log(PEP_SESSION session, bool enable);
  259. typedef enum {
  260. PEP_CIPHER_SUITE_DEFAULT = 0,
  261. PEP_CIPHER_SUITE_CV25519 = 1,
  262. PEP_CIPHER_SUITE_P256 = 2,
  263. PEP_CIPHER_SUITE_P384 = 3,
  264. PEP_CIPHER_SUITE_P521 = 4,
  265. PEP_CIPHER_SUITE_RSA2K = 5,
  266. PEP_CIPHER_SUITE_RSA3K = 6,
  267. PEP_CIPHER_SUITE_RSA4K = 7,
  268. PEP_CIPHER_SUITE_RSA8K = 8
  269. } PEP_CIPHER_SUITE;
  270. // config_cipher_suite() - cipher suite being used when encrypting
  271. //
  272. // parameters:
  273. // session (in) session handle
  274. // cipher_suite (in) cipher suite to use
  275. //
  276. // return value:
  277. // PEP_STATUS_OK cipher suite configured
  278. // PEP_CANNOT_CONFIG configuration failed; falling back to default
  279. //
  280. // caveat: the default ciphersuite for a crypt tech implementation is
  281. // implementation defined
  282. DYNAMIC_API PEP_STATUS config_cipher_suite(PEP_SESSION session,
  283. PEP_CIPHER_SUITE suite);
  284. // decrypt_and_verify() - decrypt and/or verify a message
  285. //
  286. // parameters:
  287. // session (in) session handle
  288. // ctext (in) cipher text to decrypt and/or verify
  289. // csize (in) size of cipher text
  290. // dsigtext (in) if extant, *detached* signature text for this
  291. // message (or NULL if not)
  292. // dsize (in) size of *detached* signature text for this
  293. // message (0, if no detached sig exists)
  294. // ptext (out) pointer to internal buffer with plain text
  295. // psize (out) size of plain text
  296. // keylist (out) list of key ids which where used to encrypt
  297. // filename_ptr (out) mails produced by certain PGP implementations
  298. // may return a decrypted filename here for attachments.
  299. // Externally, this can generally be NULL, and is an optional
  300. // parameter.
  301. //
  302. // return value:
  303. // PEP_UNENCRYPTED message was unencrypted and not signed
  304. // PEP_VERIFIED message was unencrypted, signature matches
  305. // PEP_DECRYPTED message is decrypted now, no signature
  306. // PEP_DECRYPTED_AND_VERIFIED message is decrypted now and verified
  307. // PEP_DECRYPT_WRONG_FORMAT message has wrong format to handle
  308. // PEP_DECRYPT_NO_KEY key not available to decrypt and/or verify
  309. // PEP_DECRYPT_SIGNATURE_DOES_NOT_MATCH wrong signature
  310. //
  311. // caveat:
  312. // the ownerships of ptext as well as keylist are going to the caller
  313. // the caller must use free() (or an Windoze pEp_free()) and
  314. // free_stringlist() to free them
  315. //
  316. // if this function failes an error message may be the first element of
  317. // keylist and the other elements may be the keys used for encryption
  318. DYNAMIC_API PEP_STATUS decrypt_and_verify(
  319. PEP_SESSION session, const char *ctext, size_t csize,
  320. const char *dsigtext, size_t dsigsize,
  321. char **ptext, size_t *psize, stringlist_t **keylist,
  322. char ** filename_ptr
  323. );
  324. // verify_text() - verfy plain text with a digital signature
  325. //
  326. // parameters:
  327. // session (in) session handle
  328. // text (in) text to verify
  329. // size (in) size of text
  330. // signature (in) signature text
  331. // sig_size (in) size of signature
  332. // keylist (out) list of key ids which where used to encrypt or NULL on
  333. // error
  334. //
  335. // return value:
  336. // PEP_VERIFIED message was unencrypted, signature matches
  337. // PEP_DECRYPT_NO_KEY key not available to decrypt and/or verify
  338. // PEP_DECRYPT_SIGNATURE_DOES_NOT_MATCH wrong signature
  339. DYNAMIC_API PEP_STATUS verify_text(
  340. PEP_SESSION session, const char *text, size_t size,
  341. const char *signature, size_t sig_size, stringlist_t **keylist
  342. );
  343. // encrypt_and_sign() - encrypt and sign a message
  344. //
  345. // parameters:
  346. // session (in) session handle
  347. // keylist (in) list of key ids to encrypt with as C strings
  348. // ptext (in) plain text to decrypt and/or verify
  349. // psize (in) size of plain text
  350. // ctext (out) pointer to internal buffer with cipher text
  351. // csize (out) size of cipher text
  352. //
  353. // return value:
  354. // PEP_STATUS_OK = 0 encryption and signing succeeded
  355. // PEP_KEY_NOT_FOUND at least one of the recipient keys
  356. // could not be found
  357. // PEP_KEY_HAS_AMBIG_NAME at least one of the recipient keys has
  358. // an ambiguous name
  359. // PEP_GET_KEY_FAILED cannot retrieve key
  360. //
  361. // caveat:
  362. // the ownership of ctext is going to the caller
  363. // the caller is responsible to free() it (on Windoze use pEp_free())
  364. // the first key in keylist is being used to sign the message
  365. // this implies there has to be a private key for that keypair
  366. DYNAMIC_API PEP_STATUS encrypt_and_sign(
  367. PEP_SESSION session, const stringlist_t *keylist, const char *ptext,
  368. size_t psize, char **ctext, size_t *csize
  369. );
  370. DYNAMIC_API void set_debug_color(PEP_SESSION session, int ansi_color);
  371. // log_event() - log a user defined event defined by UTF-8 encoded strings into
  372. // management log
  373. //
  374. // parameters:
  375. // session (in) session handle
  376. // title (in) C string with event name
  377. // entity (in) C string with name of entity which is logging
  378. // description (in) C string with long description for event or NULL if
  379. // omitted
  380. // comment (in) C string with user defined comment or NULL if
  381. // omitted
  382. //
  383. // return value:
  384. // PEP_STATUS_OK log entry created
  385. DYNAMIC_API PEP_STATUS log_event(
  386. PEP_SESSION session,
  387. const char *title,
  388. const char *entity,
  389. const char *description,
  390. const char *comment
  391. );
  392. DYNAMIC_API PEP_STATUS log_service(PEP_SESSION session, const char *title,
  393. const char *entity, const char *description, const char *comment);
  394. #define _STR_(x) #x
  395. #define _D_STR_(x) _STR_(x)
  396. #define S_LINE _D_STR_(__LINE__)
  397. #define SERVICE_LOG(session, title, entity, desc) \
  398. log_service((session), (title), (entity), (desc), "service " __FILE__ ":" S_LINE)
  399. DYNAMIC_API void _service_error_log(PEP_SESSION session, const char *entity,
  400. PEP_STATUS status, const char *where);
  401. #define SERVICE_ERROR_LOG(session, entity, status) \
  402. _service_error_log((session), (entity), (status), __FILE__ ":" S_LINE)
  403. // trustword() - get the corresponding trustword for a 16 bit value
  404. //
  405. // parameters:
  406. // session (in) session handle
  407. // value (in) value to find a trustword for
  408. // lang (in) C string with ISO 639-1 language code
  409. // word (out) pointer to C string with trustword UTF-8 encoded
  410. // NULL if language is not supported or trustword
  411. // wordlist is damaged or unavailable
  412. // wsize (out) length of trustword
  413. //
  414. // return value:
  415. // PEP_STATUS_OK trustword retrieved
  416. // PEP_TRUSTWORD_NOT_FOUND trustword not found
  417. //
  418. // caveat:
  419. // the word pointer goes to the ownership of the caller
  420. // the caller is responsible to free() it (on Windoze use pEp_free())
  421. DYNAMIC_API PEP_STATUS trustword(
  422. PEP_SESSION session, uint16_t value, const char *lang,
  423. char **word, size_t *wsize
  424. );
  425. // trustwords() - get trustwords for a string of hex values of a fingerprint
  426. //
  427. // parameters:
  428. // session (in) session handle
  429. // fingerprint (in) C string with hex values to find trustwords for
  430. // lang (in) C string with ISO 639-1 language code
  431. // words (out) pointer to C string with trustwords UTF-8 encoded,
  432. // separated by a blank each
  433. // NULL if language is not supported or trustword
  434. // wordlist is damaged or unavailable
  435. // wsize (out) length of trustwords string
  436. // max_words (in) only generate a string with max_words;
  437. // if max_words == 0 there is no such limit
  438. //
  439. // return value:
  440. // PEP_STATUS_OK trustwords retrieved
  441. // PEP_OUT_OF_MEMORY out of memory
  442. // PEP_TRUSTWORD_NOT_FOUND at least one trustword not found
  443. //
  444. // caveat:
  445. // the word pointer goes to the ownership of the caller
  446. // the caller is responsible to free() it (on Windoze use pEp_free())
  447. //
  448. // DON'T USE THIS FUNCTION FROM HIGH LEVEL LANGUAGES!
  449. //
  450. // Better implement a simple one in the adapter yourself using trustword(), and
  451. // return a list of trustwords.
  452. // This function is provided for being used by C and C++ programs only.
  453. DYNAMIC_API PEP_STATUS trustwords(
  454. PEP_SESSION session, const char *fingerprint, const char *lang,
  455. char **words, size_t *wsize, int max_words
  456. );
  457. // TODO: increase versions in pEp.asn1 if rating changes
  458. typedef enum _PEP_comm_type {
  459. PEP_ct_unknown = 0,
  460. // range 0x01 to 0x09: no encryption, 0x0a to 0x0e: nothing reasonable
  461. PEP_ct_no_encryption = 0x01, // generic
  462. PEP_ct_no_encrypted_channel = 0x02,
  463. PEP_ct_key_not_found = 0x03,
  464. PEP_ct_key_expired = 0x04,
  465. PEP_ct_key_revoked = 0x05,
  466. PEP_ct_key_b0rken = 0x06,
  467. PEP_ct_key_expired_but_confirmed = 0x07, // NOT with confirmed bit. Just retaining info here in case of renewal.
  468. PEP_ct_my_key_not_included = 0x09,
  469. PEP_ct_security_by_obscurity = 0x0a,
  470. PEP_ct_b0rken_crypto = 0x0b,
  471. PEP_ct_key_too_short = 0x0c,
  472. PEP_ct_compromised = 0x0e, // known compromised connection
  473. PEP_ct_compromized = 0x0e, // deprecated misspelling
  474. PEP_ct_mistrusted = 0x0f, // known mistrusted key
  475. // range 0x10 to 0x3f: unconfirmed encryption
  476. PEP_ct_unconfirmed_encryption = 0x10, // generic
  477. PEP_ct_OpenPGP_weak_unconfirmed = 0x11, // RSA 1024 is weak
  478. PEP_ct_to_be_checked = 0x20, // generic
  479. PEP_ct_SMIME_unconfirmed = 0x21,
  480. PEP_ct_CMS_unconfirmed = 0x22,
  481. PEP_ct_strong_but_unconfirmed = 0x30, // generic
  482. PEP_ct_OpenPGP_unconfirmed = 0x38, // key at least 2048 bit RSA or EC
  483. PEP_ct_OTR_unconfirmed = 0x3a,
  484. // range 0x40 to 0x7f: unconfirmed encryption and anonymization
  485. PEP_ct_unconfirmed_enc_anon = 0x40, // generic
  486. PEP_ct_pEp_unconfirmed = 0x7f,
  487. PEP_ct_confirmed = 0x80, // this bit decides if trust is confirmed
  488. // range 0x81 to 0x8f: reserved
  489. // range 0x90 to 0xbf: confirmed encryption
  490. PEP_ct_confirmed_encryption = 0x90, // generic
  491. PEP_ct_OpenPGP_weak = 0x91, // RSA 1024 is weak (unused)
  492. PEP_ct_to_be_checked_confirmed = 0xa0, // generic
  493. PEP_ct_SMIME = 0xa1,
  494. PEP_ct_CMS = 0xa2,
  495. PEP_ct_strong_encryption = 0xb0, // generic
  496. PEP_ct_OpenPGP = 0xb8, // key at least 2048 bit RSA or EC
  497. PEP_ct_OTR = 0xba,
  498. // range 0xc0 to 0xff: confirmed encryption and anonymization
  499. PEP_ct_confirmed_enc_anon = 0xc0, // generic
  500. PEP_ct_pEp = 0xff
  501. } PEP_comm_type;
  502. typedef enum _identity_flags {
  503. // the first octet flags are app defined settings
  504. PEP_idf_not_for_sync = 0x0001, // don't use this identity for sync
  505. PEP_idf_list = 0x0002, // identity of list of persons
  506. // the second octet flags are calculated
  507. PEP_idf_devicegroup = 0x0100 // identity of a device group member
  508. } identity_flags;
  509. typedef unsigned int identity_flags_t;
  510. // typedef enum _keypair_flags {
  511. // } keypair_flags;
  512. typedef unsigned int keypair_flags_t;
  513. typedef struct _pEp_identity {
  514. char *address; // C string with address UTF-8 encoded
  515. char *fpr; // C string with fingerprint UTF-8 encoded
  516. char *user_id; // C string with user ID UTF-8 encoded
  517. // user_id MIGHT be set to "pEp_own_userId"
  518. // (use PEP_OWN_USERID preprocessor define)
  519. // if this is own user's identity.
  520. // But it is not REQUIRED to be.
  521. char *username; // C string with user name UTF-8 encoded
  522. PEP_comm_type comm_type; // type of communication with this ID
  523. char lang[3]; // language of conversation
  524. // ISO 639-1 ALPHA-2, last byte is 0
  525. bool me; // if this is the local user herself/himself
  526. unsigned int major_ver; // highest version of pEp message received, if any
  527. unsigned int minor_ver; // highest version of pEp message received, if any
  528. PEP_enc_format enc_format; // Last specified format we encrypted to for this identity
  529. identity_flags_t flags; // identity_flag1 | identity_flag2 | ...
  530. } pEp_identity;
  531. typedef struct _identity_list {
  532. pEp_identity *ident;
  533. struct _identity_list *next;
  534. } identity_list;
  535. // new_identity() - allocate memory and set the string and size fields
  536. //
  537. // parameters:
  538. // address (in) UTF-8 string or NULL
  539. // fpr (in) UTF-8 string or NULL
  540. // user_id (in) UTF-8 string or NULL
  541. // username (in) UTF-8 string or NULL
  542. //
  543. // return value:
  544. // pEp_identity struct or NULL if out of memory
  545. //
  546. // caveat:
  547. // the strings are copied; the original strings are still being owned by
  548. // the caller
  549. DYNAMIC_API pEp_identity *new_identity(
  550. const char *address, const char *fpr, const char *user_id,
  551. const char *username
  552. );
  553. // identity_dup() - allocate memory and duplicate
  554. //
  555. // parameters:
  556. // src (in) identity to duplicate
  557. //
  558. // return value:
  559. // pEp_identity struct or NULL if out of memory
  560. //
  561. // caveat:
  562. // the strings are copied; the original strings are still being owned by
  563. // the caller
  564. DYNAMIC_API pEp_identity *identity_dup(const pEp_identity *src);
  565. // free_identity() - free all memory being occupied by a pEp_identity struct
  566. //
  567. // parameters:
  568. // identity (in) struct to release
  569. //
  570. // caveat:
  571. // not only the struct but also all string memory referenced by the
  572. // struct is being freed; all pointers inside are invalid afterwards
  573. DYNAMIC_API void free_identity(pEp_identity *identity);
  574. // get_identity() - get identity information
  575. //
  576. // parameters:
  577. // session (in) session handle
  578. // address (in) C string with communication address, UTF-8 encoded
  579. // user_id (in) unique C string to identify person that identity
  580. // is refering to
  581. // identity (out) pointer to pEp_identity structure with results or
  582. // NULL if failure
  583. //
  584. // caveat:
  585. // address and user_id are being copied; the original strings remains in
  586. // the ownership of the caller
  587. // the resulting pEp_identity structure goes to the ownership of the
  588. // caller and has to be freed with free_identity() when not in use any
  589. // more
  590. DYNAMIC_API PEP_STATUS get_identity(
  591. PEP_SESSION session,
  592. const char *address,
  593. const char *user_id,
  594. pEp_identity **identity
  595. );
  596. PEP_STATUS replace_identities_fpr(PEP_SESSION session,
  597. const char* old_fpr,
  598. const char* new_fpr);
  599. // set_identity() - set identity information
  600. //
  601. // parameters:
  602. // session (in) session handle
  603. // identity (in) pointer to pEp_identity structure
  604. //
  605. // return value:
  606. // PEP_STATUS_OK = 0 encryption and signing succeeded
  607. // PEP_CANNOT_SET_PERSON writing to table person failed
  608. // PEP_CANNOT_SET_PGP_KEYPAIR writing to table pgp_keypair failed
  609. // PEP_CANNOT_SET_IDENTITY writing to table identity failed
  610. // PEP_COMMIT_FAILED SQL commit failed
  611. //
  612. // caveat:
  613. // address, fpr, user_id and username must be given
  614. DYNAMIC_API PEP_STATUS set_identity(
  615. PEP_SESSION session, const pEp_identity *identity
  616. );
  617. // get_default own_userid() - get the user_id of the own user
  618. //
  619. // parameters:
  620. // session (in) session handle
  621. // userid (out) own user id (if it exists)
  622. //
  623. // return value:
  624. // PEP_STATUS_OK = 0 userid was found
  625. // PEP_CANNOT_FIND_IDENTITY no own_user found in the DB
  626. // PEP_UNKNOWN_ERROR results were returned, but no ID
  627. // found (no reason this should ever occur)
  628. // caveat:
  629. // userid will be NULL if not found; otherwise, returned string
  630. // belongs to the caller.
  631. DYNAMIC_API PEP_STATUS get_default_own_userid(
  632. PEP_SESSION session,
  633. char** userid
  634. );
  635. // get_userid_alias_default() - get the default user_id which corresponds
  636. // to an alias
  637. // parameters:
  638. // session (in) session handle
  639. // alias_id (in) the user_id which may be an alias for a default id
  640. // default_id (out) the default id for this alias, if the alias
  641. // is in the DB as an alias, else NULL
  642. // return value:
  643. // PEP_STATUS_OK = 0 userid was found
  644. // PEP_CANNOT_FIND_ALIAS this userid is not listed as an
  645. // alias in the DB
  646. // PEP_UNKNOWN_ERROR results were returned, but no ID
  647. // found (no reason this should ever occur)
  648. // caveat:
  649. // default_id will be NULL if not found; otherwise, returned string
  650. // belongs to the caller.
  651. // also, current implementation does NOT check to see if this userid
  652. // IS a default.
  653. DYNAMIC_API PEP_STATUS get_userid_alias_default(
  654. PEP_SESSION session,
  655. const char* alias_id,
  656. char** default_id);
  657. // set_userid_alias() - set an alias to correspond to a default id
  658. // parameters:
  659. // session (in) session handle
  660. // default_id (in) the default id for this alias. This must
  661. // correspond to the default user_id for an
  662. // entry in the person (user) table.
  663. // alias_id (in) the alias to be set for this default id
  664. // return value:
  665. // PEP_STATUS_OK = 0 userid was found
  666. // PEP_CANNOT_SET_ALIAS there was an error setting this
  667. DYNAMIC_API PEP_STATUS set_userid_alias (
  668. PEP_SESSION session,
  669. const char* default_id,
  670. const char* alias_id);
  671. // set_identity_flags() - update identity flags on existing identity
  672. //
  673. // parameters:
  674. // session (in) session handle
  675. // identity (in,out) pointer to pEp_identity structure
  676. // flags (in) new value for flags
  677. //
  678. // return value:
  679. // PEP_STATUS_OK = 0 encryption and signing succeeded
  680. // PEP_CANNOT_SET_IDENTITY update of identity failed
  681. //
  682. // caveat:
  683. // address and user_id must be given in identity
  684. DYNAMIC_API PEP_STATUS set_identity_flags(
  685. PEP_SESSION session,
  686. pEp_identity *identity,
  687. identity_flags_t flags
  688. );
  689. // unset_identity_flags() - update identity flags on existing identity
  690. //
  691. // parameters:
  692. // session (in) session handle
  693. // identity (in,out) pointer to pEp_identity structure
  694. // flags (in) new value for flags
  695. //
  696. // return value:
  697. // PEP_STATUS_OK = 0 encryption and signing succeeded
  698. // PEP_CANNOT_SET_IDENTITY update of identity failed
  699. //
  700. // caveat:
  701. // address and user_id must be given in identity
  702. DYNAMIC_API PEP_STATUS unset_identity_flags(
  703. PEP_SESSION session,
  704. pEp_identity *identity,
  705. identity_flags_t flags
  706. );
  707. // mark_as_compromised() - mark key in trust db as compromised
  708. //
  709. // parameters:
  710. // session (in) session handle
  711. // fpr (in) fingerprint of key to mark
  712. DYNAMIC_API PEP_STATUS mark_as_compromised(
  713. PEP_SESSION session,
  714. const char *fpr
  715. );
  716. // mark_as_compromized() - deprecated to fix misspelling. Please move to
  717. // mark_as_compromised();
  718. DYNAMIC_API PEP_STATUS mark_as_compromized(
  719. PEP_SESSION session,
  720. const char *fpr
  721. );
  722. // generate_keypair() - generate a new key pair and add it to the key ring
  723. //
  724. // parameters:
  725. // session (in) session handle
  726. // identity (inout) pointer to pEp_identity structure
  727. //
  728. // return value:
  729. // PEP_STATUS_OK = 0 encryption and signing succeeded
  730. // PEP_ILLEGAL_VALUE illegal values for identity fields given
  731. // PEP_CANNOT_CREATE_KEY key engine is on strike
  732. //
  733. // caveat:
  734. // address must be set to UTF-8 string
  735. // the fpr field must be set to NULL
  736. // username field must either be NULL or be a UTF8-string conforming
  737. // to RFC4880 for PGP uid usernames
  738. //
  739. // this function allocates a string and sets set fpr field of identity
  740. // the caller is responsible to call free() for that string or use
  741. // free_identity() on the struct
  742. DYNAMIC_API PEP_STATUS generate_keypair(
  743. PEP_SESSION session, pEp_identity *identity
  744. );
  745. // delete_keypair() - delete a public key or a key pair from the key ring
  746. //
  747. // parameters:
  748. // session (in) session handle
  749. // fpr (in) C string with key id or fingerprint of the
  750. // public key
  751. //
  752. // return value:
  753. // PEP_STATUS_OK = 0 key was successfully deleted
  754. // PEP_KEY_NOT_FOUND key not found
  755. // PEP_ILLEGAL_VALUE not a valid key id or fingerprint
  756. // PEP_KEY_HAS_AMBIG_NAME fpr does not uniquely identify a key
  757. // PEP_OUT_OF_MEMORY out of memory
  758. DYNAMIC_API PEP_STATUS delete_keypair(PEP_SESSION session, const char *fpr);
  759. // import_key() - import key from data
  760. //
  761. // parameters:
  762. // session (in) session handle
  763. // key_data (in) key data, i.e. ASCII armored OpenPGP key
  764. // size (in) amount of data to handle
  765. // private_keys (out) list of identities containing the
  766. // private keys that have been imported
  767. //
  768. // return value:
  769. // PEP_STATUS_OK = 0 key was successfully imported
  770. // PEP_OUT_OF_MEMORY out of memory
  771. // PEP_ILLEGAL_VALUE there is no key data to import
  772. //
  773. // caveat:
  774. // private_keys goes to the ownership of the caller
  775. // private_keys can be left NULL, it is then ignored
  776. DYNAMIC_API PEP_STATUS import_key(
  777. PEP_SESSION session,
  778. const char *key_data,
  779. size_t size,
  780. identity_list **private_keys
  781. );
  782. // _import_key_with_fpr_return() -
  783. // INTERNAL FUNCTION - import keys from data, return optional list
  784. // of fprs imported
  785. //
  786. // parameters:
  787. // session (in) session handle
  788. // key_data (in) key data, i.e. ASCII armored OpenPGP key
  789. // size (in) amount of data to handle
  790. // private_keys (out) list of identities containing the
  791. // private keys that have been imported
  792. // imported_keys (out) if non-NULL, list of actual keys imported
  793. // changed_public_keys (out) if non-NULL AND imported_keys is non-NULL:
  794. // bitvector - corresponds to the first 64 keys
  795. // imported. If nth bit is set, import changed a
  796. // key corresponding to the nth element in
  797. // imported keys (i.e. key was in DB and was
  798. // changed by import)
  799. //
  800. // return value:
  801. // PEP_STATUS_OK = 0 key was successfully imported
  802. // PEP_OUT_OF_MEMORY out of memory
  803. // PEP_ILLEGAL_VALUE there is no key data to import, or imported keys was NULL and
  804. // changed_public_keys was not
  805. //
  806. // caveat:
  807. // private_keys and imported_keys goes to the ownership of the caller
  808. // private_keys and imported_keys can be left NULL, it is then ignored
  809. // *** THIS IS THE ACTUAL FUNCTION IMPLEMENTED BY CRYPTOTECH "import_key" ***
  810. PEP_STATUS _import_key_with_fpr_return(
  811. PEP_SESSION session,
  812. const char *key_data,
  813. size_t size,
  814. identity_list** private_keys,
  815. stringlist_t** imported_keys,
  816. uint64_t* changed_public_keys // use as bit field for the first 64 changed keys
  817. );
  818. // export_key() - export ascii armored key
  819. //
  820. // parameters:
  821. // session (in) session handle
  822. // fpr (in) key id or fingerprint of key
  823. // key_data (out) ASCII armored OpenPGP key
  824. // size (out) amount of data to handle
  825. //
  826. // return value:
  827. // PEP_STATUS_OK = 0 key was successfully exported
  828. // PEP_OUT_OF_MEMORY out of memory
  829. // PEP_KEY_NOT_FOUND key not found
  830. //
  831. // caveat:
  832. // the key_data goes to the ownership of the caller
  833. // the caller is responsible to free() it (on Windoze use pEp_free())
  834. DYNAMIC_API PEP_STATUS export_key(
  835. PEP_SESSION session, const char *fpr, char **key_data, size_t *size
  836. );
  837. // export_secret_key() - export secret key ascii armored
  838. //
  839. // parameters:
  840. // session (in) session handle
  841. // fpr (in) fingerprint of key, at least 16 hex digits
  842. // key_data (out) ASCII armored OpenPGP secret key
  843. // size (out) amount of data to handle
  844. //
  845. // return value:
  846. // PEP_STATUS_OK = 0 key was successfully exported
  847. // PEP_OUT_OF_MEMORY out of memory
  848. // PEP_KEY_NOT_FOUND key not found
  849. // PEP_CANNOT_EXPORT_KEY cannot export secret key (i.e. it's on an HKS)
  850. //
  851. // caveat:
  852. // the key_data goes to the ownership of the caller
  853. // the caller is responsible to free() it (on Windoze use pEp_free())
  854. // beware of leaking secret key data - overwrite it in memory after use
  855. DYNAMIC_API PEP_STATUS export_secret_key(
  856. PEP_SESSION session, const char *fpr, char **key_data, size_t *size
  857. );
  858. // export_secrect_key() - deprecated misspelled function. Please replace with
  859. // export_secret_key
  860. DYNAMIC_API PEP_STATUS export_secrect_key(
  861. PEP_SESSION session, const char *fpr, char **key_data, size_t *size
  862. );
  863. // recv_key() - update key(s) from keyserver
  864. //
  865. // parameters:
  866. // session (in) session handle
  867. // pattern (in) key id, user id or address to search for as
  868. // UTF-8 string
  869. DYNAMIC_API PEP_STATUS recv_key(PEP_SESSION session, const char *pattern);
  870. // find_keys() - find keys in keyring
  871. //
  872. // parameters:
  873. // session (in) session handle
  874. // pattern (in) key id, user id or address to search for as
  875. // UTF-8 string
  876. // keylist (out) list of fingerprints found or NULL on error
  877. //
  878. // caveat:
  879. // the ownerships of keylist isgoing to the caller
  880. // the caller must use free_stringlist() to free it
  881. DYNAMIC_API PEP_STATUS find_keys(
  882. PEP_SESSION session, const char *pattern, stringlist_t **keylist
  883. );
  884. // send_key() - send key(s) to keyserver
  885. //
  886. // parameters:
  887. // session (in) session handle
  888. // pattern (in) key id, user id or address to search for as
  889. // UTF-8 string
  890. DYNAMIC_API PEP_STATUS send_key(PEP_SESSION session, const char *pattern);
  891. // pEp_free() - free memory allocated by pEp engine
  892. //
  893. // parameters:
  894. // p (in) pointer to free
  895. //
  896. // The reason for this function is that heap management can be a pretty
  897. // complex task with Windoze. This free() version calls the free()
  898. // implementation of the C runtime library which was used to build pEp engine,
  899. // so you're using the correct heap. For more information, see:
  900. // <http://msdn.microsoft.com/en-us/library/windows/desktop/aa366711(v=vs.85).aspx>
  901. DYNAMIC_API void pEp_free(void *p);
  902. // pEp_realloc() - reallocate memory allocated by pEp engine
  903. //
  904. // parameters:
  905. // p (in) pointer to free
  906. // size (in) new memory size
  907. //
  908. // returns:
  909. // pointer to allocated memory
  910. //
  911. // The reason for this function is that heap management can be a pretty
  912. // complex task with Windoze. This realloc() version calls the realloc()
  913. // implementation of the C runtime library which was used to build pEp engine,
  914. // so you're using the correct heap. For more information, see:
  915. // <http://msdn.microsoft.com/en-us/library/windows/desktop/aa366711(v=vs.85).aspx>
  916. DYNAMIC_API void *pEp_realloc(void *p, size_t size);
  917. // get_trust() - get the trust level a key has for a person
  918. //
  919. // parameters:
  920. // session (in) session handle
  921. // identity (inout) user_id and fpr to check as UTF-8 strings (in)
  922. // comm_type as result (out)
  923. //
  924. // this function modifies the given identity struct; the struct remains in
  925. // the ownership of the caller
  926. // if the trust level cannot be determined identity->comm_type is set
  927. // to PEP_ct_unknown
  928. DYNAMIC_API PEP_STATUS get_trust(PEP_SESSION session, pEp_identity *identity);
  929. PEP_STATUS set_trust(PEP_SESSION session,
  930. pEp_identity* identity);
  931. PEP_STATUS update_trust_for_fpr(PEP_SESSION session,
  932. const char* fpr,
  933. PEP_comm_type comm_type);
  934. // least_trust() - get the least known trust level for a key in the database
  935. //
  936. // parameters:
  937. // session (in) session handle
  938. // fpr (in) fingerprint of key to check
  939. // comm_type (out) least comm_type as result (out)
  940. //
  941. // if the trust level cannot be determined comm_type is set to PEP_ct_unknown
  942. DYNAMIC_API PEP_STATUS least_trust(
  943. PEP_SESSION session,
  944. const char *fpr,
  945. PEP_comm_type *comm_type
  946. );
  947. // get_key_rating() - get the rating a bare key has
  948. //
  949. // parameters:
  950. // session (in) session handle
  951. // fpr (in) unique identifyer for key as UTF-8 string
  952. // comm_type (out) key rating
  953. //
  954. // if an error occurs, *comm_type is set to PEP_ct_unknown and an error
  955. // is returned
  956. DYNAMIC_API PEP_STATUS get_key_rating(
  957. PEP_SESSION session,
  958. const char *fpr,
  959. PEP_comm_type *comm_type
  960. );
  961. // renew_key() - renew an expired key
  962. //
  963. // parameters:
  964. // session (in) session handle
  965. // fpr (in) ID of key to renew as UTF-8 string
  966. // ts (in) timestamp when key should expire or NULL for
  967. // default
  968. DYNAMIC_API PEP_STATUS renew_key(
  969. PEP_SESSION session,
  970. const char *fpr,
  971. const timestamp *ts
  972. );
  973. // revoke_key() - revoke a key
  974. //
  975. // parameters:
  976. // session (in) session handle
  977. // fpr (in) ID of key to revoke as UTF-8 string
  978. // reason (in) text with reason for revoke as UTF-8 string
  979. // or NULL if reason unknown
  980. //
  981. // caveat:
  982. // reason text must not include empty lines
  983. // this function is meant for internal use only; better use
  984. // key_mistrusted() of keymanagement API
  985. DYNAMIC_API PEP_STATUS revoke_key(
  986. PEP_SESSION session,
  987. const char *fpr,
  988. const char *reason
  989. );
  990. // key_expired() - flags if a key is already expired
  991. //
  992. // parameters:
  993. // session (in) session handle
  994. // fpr (in) ID of key to check as UTF-8 string
  995. // when (in) UTC time of when should expiry be considered
  996. // expired (out) flag if key expired
  997. DYNAMIC_API PEP_STATUS key_expired(
  998. PEP_SESSION session,
  999. const char *fpr,
  1000. const time_t when,
  1001. bool *expired
  1002. );
  1003. // key_revoked() - flags if a key is already revoked
  1004. //
  1005. // parameters:
  1006. // session (in) session handle
  1007. // fpr (in) ID of key to check as UTF-8 string
  1008. // revoked (out) flag if key revoked
  1009. DYNAMIC_API PEP_STATUS key_revoked(
  1010. PEP_SESSION session,
  1011. const char *fpr,
  1012. bool *revoked
  1013. );
  1014. PEP_STATUS get_key_userids(
  1015. PEP_SESSION session,
  1016. const char* fpr,
  1017. stringlist_t** keylist
  1018. );
  1019. // get_crashdump_log() - get the last log messages out
  1020. //
  1021. // parameters:
  1022. // session (in) session handle
  1023. // maxlines (in) maximum number of lines (0 for default)
  1024. // logdata (out) logdata as string in double quoted CSV format
  1025. // column1 is title
  1026. // column2 is entity
  1027. // column3 is description
  1028. // column4 is comment
  1029. //
  1030. // caveat:
  1031. // the ownership of logdata goes to the caller
  1032. DYNAMIC_API PEP_STATUS get_crashdump_log(
  1033. PEP_SESSION session,
  1034. int maxlines,
  1035. char **logdata
  1036. );
  1037. // get_languagelist() - get the list of languages
  1038. //
  1039. // parameters:
  1040. // session (in) session handle
  1041. // languages (out) languages as string in double quoted CSV format
  1042. // column 1 is the ISO 639-1 language code
  1043. // column 2 is the name of the language
  1044. //
  1045. // caveat:
  1046. // the ownership of languages goes to the caller
  1047. DYNAMIC_API PEP_STATUS get_languagelist(
  1048. PEP_SESSION session,
  1049. char **languages
  1050. );
  1051. // get_phrase() - get phrase in a dedicated language through i18n
  1052. //
  1053. // parameters:
  1054. // session (in) session handle
  1055. // lang (in) C string with ISO 639-1 language code
  1056. // phrase_id (in) id of phrase in i18n
  1057. // phrase (out) phrase as UTF-8 string
  1058. //
  1059. // caveat:
  1060. // the ownership of phrase goes to the caller
  1061. DYNAMIC_API PEP_STATUS get_phrase(
  1062. PEP_SESSION session,
  1063. const char *lang,
  1064. int phrase_id,
  1065. char **phrase
  1066. );
  1067. // sequence_value() - raise the value of a named sequence and retrieve it
  1068. //
  1069. // parameters:
  1070. // session (in) session handle
  1071. // name (in) name of sequence
  1072. // value (out) value of sequence
  1073. //
  1074. // returns:
  1075. // PEP_STATUS_OK no error, not own sequence
  1076. // PEP_SEQUENCE_VIOLATED if sequence violated
  1077. // PEP_CANNOT_INCREASE_SEQUENCE if sequence cannot be increased
  1078. // PEP_OWN_SEQUENCE if own sequence
  1079. DYNAMIC_API PEP_STATUS sequence_value(
  1080. PEP_SESSION session,
  1081. const char *name,
  1082. int32_t *value
  1083. );
  1084. // set_revoked() - records relation between a revoked key and its replacement
  1085. //
  1086. // parameters:
  1087. // session (in) session handle
  1088. // revoked_fpr (in) revoked fingerprint
  1089. // replacement_fpr (in) replacement key fingerprint
  1090. // revocation_date (in) revocation date
  1091. DYNAMIC_API PEP_STATUS set_revoked(
  1092. PEP_SESSION session,
  1093. const char *revoked_fpr,
  1094. const char *replacement_fpr,
  1095. const uint64_t revocation_date
  1096. );
  1097. // get_revoked() - find revoked key that may have been replaced by given key, if any
  1098. //
  1099. // parameters:
  1100. // session (in) session handle
  1101. // fpr (in) given fingerprint
  1102. // revoked_fpr (out) revoked fingerprint
  1103. // revocation_date (out) revocation date
  1104. DYNAMIC_API PEP_STATUS get_revoked(
  1105. PEP_SESSION session,
  1106. const char *fpr,
  1107. char **revoked_fpr,
  1108. uint64_t *revocation_date
  1109. );
  1110. // key_created() - get creation date of a key
  1111. //
  1112. // parameters:
  1113. // session (in) session handle
  1114. // fpr (in) fingerprint of key
  1115. // created (out) date of creation
  1116. PEP_STATUS key_created(
  1117. PEP_SESSION session,
  1118. const char *fpr,
  1119. time_t *created
  1120. );
  1121. // find_private_keys() - find keys in keyring
  1122. //
  1123. // parameters:
  1124. // session (in) session handle
  1125. // pattern (in) key id, user id or address to search for as
  1126. // UTF-8 string
  1127. // keylist (out) list of fingerprints found or NULL on error
  1128. //
  1129. // caveat:
  1130. // the ownerships of keylist isgoing to the caller
  1131. // the caller must use free_stringlist() to free it
  1132. PEP_STATUS find_private_keys(PEP_SESSION session, const char* pattern,
  1133. stringlist_t **keylist);
  1134. // get_engine_version() - returns the current version of pEpEngine (this is different
  1135. // from the pEp protocol version!)
  1136. //
  1137. // parameters: none
  1138. //
  1139. // return_value: const char* to the engine version string constant
  1140. //
  1141. DYNAMIC_API const char* get_engine_version();
  1142. // get_protocol_version() - returns the pEp protocol version
  1143. DYNAMIC_API const char *get_protocol_version();
  1144. // is_pEp_user() - returns true if the USER corresponding to this identity
  1145. // has been listed in the *person* table as a pEp user.
  1146. //
  1147. // parameters:
  1148. // identity (in) - identity containing the user_id to check (this is
  1149. // the only part of the struct we require to be set)
  1150. // is_pEp (out) - boolean pointer - will return true or false by
  1151. // reference with respect to whether or not user is
  1152. // a known pEp user
  1153. //
  1154. // return_value: PEP_STATUS_OK if user found in person table
  1155. // PEP_ILLEGAL_VALUE if no user_id in input
  1156. // PEP_CANNOT_FIND_PERSON if user_id doesn't exist
  1157. //
  1158. // caveat: This *does not check comm_type*
  1159. //
  1160. DYNAMIC_API PEP_STATUS is_pEp_user(PEP_SESSION session,
  1161. pEp_identity *identity,
  1162. bool* is_pEp);
  1163. // per_user_directory() - returns the directory for pEp management db
  1164. //
  1165. // return_value:
  1166. // path to actual per user directory or NULL on failure
  1167. DYNAMIC_API const char *per_user_directory(void);
  1168. // per_machine_directory() - returns the directory for pEp system db
  1169. //
  1170. // return value:
  1171. // path to actual per user directory or NULL on failure
  1172. DYNAMIC_API const char *per_machine_directory(void);
  1173. // FIXME: replace in canonical style
  1174. //
  1175. // config_passphrase() - configure a key passphrase for the current session.
  1176. //
  1177. // A passphrase can be configured into a p≡p session. Then it is used whenever a
  1178. // secret key is used which requires a passphrase.
  1179. //
  1180. // A passphrase is a string between 1 and 1024 bytes and is only ever present in
  1181. // memory. Because strings in the p≡p engine are UTF-8 NFC, the string is
  1182. // restricted to 250 code points in UI.
  1183. //
  1184. // This function copies the passphrase into the session. It may return
  1185. // PEP_OUT_OF_MEMORY. The behaviour of all functions which use secret keys may
  1186. // change after this is configured. Error behaviour
  1187. //
  1188. // For any function which may trigger the use of a secret key, if an attempt
  1189. // to use a secret key which requires a passphrase occurs and no passphrase
  1190. // is configured for the current session, PEP_PASSPHRASE_REQUIRED is
  1191. // returned by this function (and thus, all functions which could trigger
  1192. // such a usage must be prepared to return this value). For any function
  1193. // which may trigger the use of a secret key, if a passphrase is configured
  1194. // and the configured passphrase is the wrong passphrase for the use of a
  1195. // given passphrase-protected secret key, PEP_WRONG_PASSPHRASE is returned
  1196. // by this function (and thus, all functions which could trigger such a
  1197. // usage must be prepared to return this value).
  1198. DYNAMIC_API PEP_STATUS config_passphrase(PEP_SESSION session, const char *passphrase);
  1199. // FIXME: replace in canonical style
  1200. //
  1201. // Passphrase enablement for newly-generated secret keys
  1202. //
  1203. // If it is desired that new p≡p keys are passphrase-protected, the following
  1204. // API call is used to enable the addition of passphrases to new keys during key
  1205. // generation.
  1206. //
  1207. // If enabled and a passphrase for new keys has been configured
  1208. // through this function (NOT the one above - this is a separate passphrase!),
  1209. // then anytime a secret key is generated while enabled, the configured
  1210. // passphrase will be used as the passphrase for any newly-generated secret key.
  1211. //
  1212. // If enabled and a passphrase for new keys has not been configured, then any
  1213. // function which can attempt to generate a secret key will return
  1214. // PEP_PASSPHRASE_FOR_NEW_KEYS_REQUIRED.
  1215. //
  1216. // If disabled (i.e. not enabled) and a passphrase for new keys has been
  1217. // configured, no passphrases will be used for newly-generated keys.
  1218. //
  1219. // This function copies the passphrase for new keys into a special field that is
  1220. // specifically for key generation into the session. It may return
  1221. // PEP_OUT_OF_MEMORY. The behaviour of all functions which use secret keys may
  1222. // change after this is configured.
  1223. //
  1224. DYNAMIC_API PEP_STATUS config_passphrase_for_new_keys(PEP_SESSION session,
  1225. bool enable,
  1226. const char *passphrase);
  1227. // set_ident_enc_format() - set the default encryption format for this identity
  1228. // (value only MIGHT be used, and only in the case where the
  1229. // message enc_format is PEP_enc_auto. It will be used
  1230. // opportunistically in the case on a first-come, first-serve
  1231. // basis in the order of to_list, cc_list, and bcc_list. We take
  1232. // the first set value we come to)
  1233. //
  1234. // parameters:
  1235. // session (in) session handle
  1236. // identity (in) identity->user_id and identity->address must NOT be NULL
  1237. // format (in) the desired default encryption format
  1238. //
  1239. DYNAMIC_API PEP_STATUS set_ident_enc_format(PEP_SESSION session,
  1240. pEp_identity *identity,
  1241. PEP_enc_format format);
  1242. PEP_STATUS _generate_keypair(PEP_SESSION session,
  1243. pEp_identity *identity,
  1244. bool suppress_event);
  1245. DYNAMIC_API PEP_STATUS reset_pEptest_hack(PEP_SESSION session);
  1246. // This is used internally when there is a temporary identity to be retrieved
  1247. // that may not yet have an FPR attached. See get_identity() for functionality,
  1248. // params and caveats.
  1249. PEP_STATUS get_identity_without_trust_check(
  1250. PEP_SESSION session,
  1251. const char *address,
  1252. const char *user_id,
  1253. pEp_identity **identity
  1254. );
  1255. PEP_STATUS get_identities_by_address(
  1256. PEP_SESSION session,
  1257. const char *address,
  1258. identity_list** id_list
  1259. );
  1260. PEP_STATUS get_identities_by_userid(
  1261. PEP_SESSION session,
  1262. const char *user_id,
  1263. identity_list **identities
  1264. );
  1265. PEP_STATUS is_own_address(PEP_SESSION session,
  1266. const char* address,
  1267. bool* is_own_addr);
  1268. PEP_STATUS replace_userid(PEP_SESSION session, const char* old_uid,
  1269. const char* new_uid);
  1270. PEP_STATUS remove_key(PEP_SESSION session, const char* fpr);
  1271. PEP_STATUS remove_fpr_as_default(PEP_SESSION session,
  1272. const char* fpr);
  1273. PEP_STATUS get_main_user_fpr(PEP_SESSION session,
  1274. const char* user_id,
  1275. char** main_fpr);
  1276. PEP_STATUS replace_main_user_fpr(PEP_SESSION session, const char* user_id,
  1277. const char* new_fpr);
  1278. PEP_STATUS replace_main_user_fpr_if_equal(PEP_SESSION session, const char* user_id,
  1279. const char* new_fpr, const char* compare_fpr);
  1280. DYNAMIC_API PEP_STATUS get_replacement_fpr(
  1281. PEP_SESSION session,
  1282. const char *fpr,
  1283. char **revoked_fpr,
  1284. uint64_t *revocation_date
  1285. );
  1286. PEP_STATUS refresh_userid_default_key(PEP_SESSION session, const char* user_id);
  1287. // This ONLY sets the *user* flag, and creates a shell identity if necessary.
  1288. DYNAMIC_API PEP_STATUS set_as_pEp_user(PEP_SESSION session, pEp_identity* user);
  1289. // returns true (by reference) if a person with this user_id exists;
  1290. // Also replaces aliased user_ids by defaults in identity.
  1291. PEP_STATUS exists_person(PEP_SESSION session, pEp_identity* identity, bool* exists);
  1292. PEP_STATUS set_pgp_keypair(PEP_SESSION session, const char* fpr);
  1293. PEP_STATUS set_pEp_version(PEP_SESSION session, pEp_identity* ident, unsigned int new_ver_major, unsigned int new_ver_minor);
  1294. PEP_STATUS clear_trust_info(PEP_SESSION session,
  1295. const char* user_id,
  1296. const char* fpr);
  1297. // Generally ONLY called by set_as_pEp_user, and ONLY from < 2.0 to 2.0.
  1298. PEP_STATUS upgrade_pEp_version_by_user_id(PEP_SESSION session,
  1299. pEp_identity* ident,
  1300. unsigned int new_ver_major,
  1301. unsigned int new_ver_minor
  1302. );
  1303. // exposed for testing
  1304. PEP_STATUS set_person(PEP_SESSION session, pEp_identity* identity,
  1305. bool guard_transaction);
  1306. PEP_STATUS bind_own_ident_with_contact_ident(PEP_SESSION session,
  1307. pEp_identity* own_ident,
  1308. pEp_identity* contact_ident);
  1309. PEP_STATUS get_last_contacted(
  1310. PEP_SESSION session,
  1311. identity_list** id_list
  1312. );
  1313. PEP_STATUS get_own_ident_for_contact_id(PEP_SESSION session,
  1314. const pEp_identity* contact,
  1315. pEp_identity** own_ident);
  1316. PEP_STATUS exists_trust_entry(PEP_SESSION session, pEp_identity* identity,
  1317. bool* exists);
  1318. PEP_STATUS is_own_key(PEP_SESSION session, const char* fpr, bool* own_key);
  1319. PEP_STATUS get_identities_by_main_key_id(
  1320. PEP_SESSION session,
  1321. const char *fpr,
  1322. identity_list **identities);
  1323. PEP_STATUS sign_only(PEP_SESSION session,
  1324. const char *data,
  1325. size_t data_size,
  1326. const char *fpr,
  1327. char **sign,
  1328. size_t *sign_size);
  1329. PEP_STATUS set_all_userids_to_own(PEP_SESSION session,
  1330. identity_list* id_list);
  1331. PEP_STATUS has_partner_contacted_address(PEP_SESSION session, const char* partner_id,
  1332. const char* own_address, bool* was_contacted);
  1333. #ifdef __cplusplus
  1334. }
  1335. #endif