pEp.foundation
/
pEpEngine
16
2
Fork 17
Code Issues 19 Pull Requests 2 Releases 46 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'b15638be12'
${ noResults }
pEpEngine/src/keymanagement.h

269 lines
8.3 KiB
Raw Normal View History Unescape

adding license info to each file
6 years ago
// This file is under GNU General Public License 3.0
// see LICENSE.txt
...
8 years ago
#pragma once
...
8 years ago
#include "pEpEngine.h"
initial commit
9 years ago
#ifdef __cplusplus
extern "C" {
#endif
// update_identity() - update identity information
//
// parameters:
// session (in) session to use
// identity (inout) identity information of communication partner
ENGINE-27: blacklist_is_listed will no longer be called with empty/null strings in update_identity (caused assert failure)
7 years ago
// (identity->fpr is OUT ONLY)
ENGINE-149 Updated update_identity() documentation about returned value
6 years ago
// return value:
// PEP_STATUS_OK if identity could be updated,
// PEP_GET_KEY_FAILED for own identity that must be completed (myself())
// any other value on error
//
initial commit
9 years ago
// caveat:
...
9 years ago
// if this function returns PEP_ct_unknown or PEP_ct_key_expired in
// identity->comm_type, the caller must insert the identity into the
// asynchronous management implementation, so retrieve_next_identity()
// will return this identity later
bugfix: when identity is not stored yet, update_identity failes
9 years ago
// at least identity->address must be a non-empty UTF-8 string as input
adding set_identity_flags()
7 years ago
// update_identity() never writes flags; use set_identity_flags() for
// writing
ENGINE-27: blacklist_is_listed will no longer be called with empty/null strings in update_identity (caused assert failure)
7 years ago
// this function NEVER reads the incoming fpr, only writes to it.
initial commit
9 years ago
FIX: gpgme_key_release was not dynamically loaded FIX: missing DYNAMIC_API on declaration of update_identity()
6 years ago
DYNAMIC_API PEP_STATUS update_identity(
initial commit
9 years ago
PEP_SESSION session, pEp_identity * identity
);
// myself() - ensures that the own identity is being complete
//
// parameters:
// session (in) session to use
// identity (inout) identity of local user
// at least .address, .username, .user_id must be set
//
// return value:
// PEP_STATUS_OK if identity could be completed or was already complete,
// any other value on error
//
// caveat:
// this function generates a keypair on demand; because it's synchronous
// it can need a decent amount of time to return
// if you need to do this asynchronous, you need to return an identity
// with retrieve_next_identity() where pEp_identity.me is true
DYNAMIC_API PEP_STATUS myself(PEP_SESSION session, pEp_identity * identity);
ENGINE-140 changed identities flags update policy
6 years ago
PEP_STATUS _myself(PEP_SESSION session, pEp_identity * identity, bool do_keygen, bool ignore_flags);
initial commit
9 years ago
// retrieve_next_identity() - callback being called by do_keymanagement()
//
// parameters:
// management (in) data structure to deliver (implementation defined)
//
// return value:
// identity to check or NULL to terminate do_keymanagement()
// if given identity must be created with new_identity()
// the identity struct is going to the ownership of this library
// it must not be freed by the callee
//
// caveat:
// this callback has to block until an identity or NULL can be returned
// an implementation is not provided by this library; instead it has to be
// implemented by the user of this library
typedef pEp_identity *(*retrieve_next_identity_t)(void *management);
examine callback
8 years ago
// examine_identity() - callback for appending to queue
//
// parameters:
// ident (in) identity to examine
// management (in) data structure to deliver (implementation defined)
//
// return value:
// 0 if identity was added successfully to queue or nonzero otherwise
bugfix
8 years ago
typedef int (*examine_identity_t)(pEp_identity *ident, void *management);
examine callback
8 years ago
// register_examine_function() - register examine_identity() callback
//
// parameters:
// session (in) session to use
// examine_identity (in) examine_identity() function to register
// management (in) data structure to deliver (implementation defined)
bugfix
8 years ago
DYNAMIC_API PEP_STATUS register_examine_function(
examine callback
8 years ago
PEP_SESSION session,
examine_identity_t examine_identity,
void *management
);
initial commit
9 years ago
// do_keymanagement() - function to be run on an extra thread
//
// parameters:
// retrieve_next_identity pointer to retrieve_next_identity() callback
// which returns at least a valid address field in
// the identity struct
// management management data to give to keymanagement
// (implementation defined)
//
// return value:
// PEP_STATUS_OK if thread has to terminate successfully or any other
// value on failure
//
// caveat:
// to ensure proper working of this library, a thread has to be started
// with this function immediately after initialization
// do_keymanagement() calls retrieve_next_identity(management)
DYNAMIC_API PEP_STATUS do_keymanagement(
retrieve_next_identity_t retrieve_next_identity,
void *management
);
DEBUG_LOG() for keymanagement
8 years ago
ENGINE-254: ENGINE-266: undo function now in pEpEngine for last mistrust action
6 years ago
// key_mistrusted() - mark key as being compromised
DEBUG_LOG() for keymanagement
8 years ago
//
// parameters:
// session (in) session to use
ENGINE-254: ENGINE-266: undo function now in pEpEngine for last mistrust action
6 years ago
// ident (in) person and key which was compromised
DEBUG_LOG() for keymanagement
8 years ago
ENGINE-96: #comment all calls renamed. Roker is checking out the semantics of the references to 'compromized' to see if they also need to be renamed to 'mistrusted' for consistency within the engine. THIS IS AN API CHANGE AND WILL BREAK ADAPTERS.
7 years ago
DYNAMIC_API PEP_STATUS key_mistrusted(
key_compromized() added
8 years ago
PEP_SESSION session,
pEp_identity *ident
);
DEBUG_LOG() for keymanagement
8 years ago
ENGINE-254: ENGINE-266: undo function now in pEpEngine for last mistrust action
6 years ago
// undo_last_mistrust() - reset identity and trust status for the last
// identity in this session marked as mistrusted
// to their cached values from the time of mistrust
// parameters:
// session (in) session to use
//
// return value:
// PEP_STATUS_OK if identity and trust were successfully restored.
// Otherwise, error status from attempts to set.
//
// caveat:
// only works for this session, and only once. cache is invalidated
// upon use.
//
//  WILL NOT WORK ON MISTRUSTED OWN KEY
DYNAMIC_API PEP_STATUS undo_last_mistrust(PEP_SESSION session);
DEBUG_LOG() for keymanagement
8 years ago
adding trust_personal_key()
8 years ago
// trust_personal_key() - mark a key as trusted with a person
//
// parameters:
// session (in) session to use
// ident (in) person and key to trust in
//
// caveat:
// the fields user_id, address and fpr must be supplied
DYNAMIC_API PEP_STATUS trust_personal_key(
PEP_SESSION session,
pEp_identity *ident
);
ENGINE-96: #comment all calls renamed. Roker is checking out the semantics of the references to 'compromized' to see if they also need to be renamed to 'mistrusted' for consistency within the engine. THIS IS AN API CHANGE AND WILL BREAK ADAPTERS.
7 years ago
// key_reset_trust() - undo trust_personal_key and key_mistrusted() for keys
An undo is possible for keys we don't own, and therefore have not revoked.
7 years ago
// we don't own
Added key_reset_trust, accepting identity instead of fpr
7 years ago
//
// parameters:
// session (in) session to use
// ident (in) person and key which was compromized
DYNAMIC_API PEP_STATUS key_reset_trust(
PEP_SESSION session,
pEp_identity *ident
);
Own keys (SQL and accessors functions)
7 years ago
// own_key_is_listed() - returns true id key is listed as own key
//
// parameters:
// session (in) session to use
// fpr (in) fingerprint of key to test
fix documentation comment
6 years ago
// listed (out) flags if key is own
Own keys (SQL and accessors functions)
7 years ago
DYNAMIC_API PEP_STATUS own_key_is_listed(
PEP_SESSION session,
const char *fpr,
bool *listed
);
ENGINE-140 clean'up own_identities_retrieve so that available pEpEngine API returns all own identities, not only those that can be synced
6 years ago
// _own_identities_retrieve() - retrieve all own identities
//
// parameters:
// session (in) session to use
// own_identities (out) list of own identities
// excluded_flags (int) flags to exclude from results
//
// caveat:
// the ownership of the copy of own_identities goes to the caller
DYNAMIC_API PEP_STATUS _own_identities_retrieve(
PEP_SESSION session,
identity_list **own_identities,
identity_flags_t excluded_flags
);
...
7 years ago
// own_identities_retrieve() - retrieve all own identities
Own keys (SQL and accessors functions)
7 years ago
//
// parameters:
...
7 years ago
// session (in) session to use
// own_identities (out) list of own identities
Own keys (SQL and accessors functions)
7 years ago
//
// caveat:
export secret keys
7 years ago
// the ownership of the copy of own_identities goes to the caller
Own keys (SQL and accessors functions)
7 years ago
...
7 years ago
DYNAMIC_API PEP_STATUS own_identities_retrieve(
Own keys (SQL and accessors functions)
7 years ago
PEP_SESSION session,
...
7 years ago
identity_list **own_identities
Own keys (SQL and accessors functions)
7 years ago
);
Added key_reset_trust, accepting identity instead of fpr
7 years ago
ENGINE-84: working on ensuring keypairs missing private keys are not selected for encryption candidates
6 years ago
PEP_STATUS contains_priv_key(PEP_SESSION session, const char *fpr,
bool *has_private);
ENGINE-140 clean'up own_identities_retrieve so that available pEpEngine API returns all own identities, not only those that can be synced
6 years ago
// _own_keys_retrieve() - retrieve all flagged keypair fingerprints
//
// parameters:
// session (in) session to use
// keylist (out) list of fingerprints
// excluded_flags (int) flags to exclude from results
//
// caveat:
// the ownership of the list goes to the caller
DYNAMIC_API PEP_STATUS _own_keys_retrieve(
PEP_SESSION session,
stringlist_t **keylist,
identity_flags_t excluded_flags
);
ENGINE-140 #comment Added own_keys table, linking pgp_keypair to identity in case user_id = PEP_OWN_USERID. Added related set_own_key and own_keys_retieve. Updated set_identity, set_identity_flags and added unset_identity_flags, all doing bitwise logic to untouched keep flags accross calls. Removed keys_retrieve_by_flag and PEP_kpf_own_key, now replaced by own_keys table. Removed duplicated code seting _DDL_USER_VERSION in manageent DB. Removed exists_empty_fpr_entry update_fprless_identity, and corresponding logic in set_identity() Builds, but doesn't pass test - DO NOT USE
6 years ago
// own_keys_retrieve() - retrieve all flagged keypair fingerprints
ENGINE-140: now send all keys that have been at some point used as own key _on that device_
6 years ago
//
// parameters:
// session (in) session to use
// keylist (out) list of fingerprints
//
// caveat:
// the ownership of the list goes to the caller
ENGINE-140 #comment Added own_keys table, linking pgp_keypair to identity in case user_id = PEP_OWN_USERID. Added related set_own_key and own_keys_retieve. Updated set_identity, set_identity_flags and added unset_identity_flags, all doing bitwise logic to untouched keep flags accross calls. Removed keys_retrieve_by_flag and PEP_kpf_own_key, now replaced by own_keys table. Removed duplicated code seting _DDL_USER_VERSION in manageent DB. Removed exists_empty_fpr_entry update_fprless_identity, and corresponding logic in set_identity() Builds, but doesn't pass test - DO NOT USE
6 years ago
DYNAMIC_API PEP_STATUS own_keys_retrieve(
ENGINE-140: now send all keys that have been at some point used as own key _on that device_
6 years ago
PEP_SESSION session,
stringlist_t **keylist
);
ENGINE-183 remove session.use_only_own_private_keys, and add existing priv keys to own_keys table at initial startup. Also added fpr from own_keys to own_key_is_listed, influencing result of ellect_own_key.
6 years ago
DYNAMIC_API PEP_STATUS set_own_key(
PEP_SESSION session,
const char *address,
const char *fpr
);
initial commit
9 years ago
#ifdef __cplusplus
}
#endif