ENGINE-757: put in passphrase enable functions

doxygen-key-id
parent 90b7d44731
commit 099d9cee7a

@ -2295,6 +2295,27 @@ DYNAMIC_API void config_unencrypted_subject(PEP_SESSION session, bool enable)
session->unencrypted_subject = enable;
}
DYNAMIC_API PEP_STATUS config_passphrase(PEP_SESSION session, const char *passphrase) {
if (!session)
return PEP_ILLEGAL_VALUE;
PEP_STATUS status = PEP_STATUS_OK;
free(session->passphrase);
if (!passphrase)
session->passphrase = NULL;
else {
session->passphrase = strdup(passphrase);
if (!session->passphrase)
status = PEP_OUT_OF_MEMORY;
}
return status;
}
DYNAMIC_API void config_passphrase_for_new_keys(PEP_SESSION session, bool enable) {
session->new_key_pass_enable = enable;
}
DYNAMIC_API void config_service_log(PEP_SESSION session, bool enable)
{
assert(session);

@ -1350,6 +1350,53 @@ DYNAMIC_API const char *per_user_directory(void);
DYNAMIC_API const char *per_machine_directory(void);
// FIXME: replace in canonical style
//
// config_passphrase() - configure a key passphrase for the current session.
//
// A passphrase can be configured into a p≡p session. Then it is used whenever a
// secret key is used which requires a passphrase.
//
// A passphrase is a string between 1 and 1024 bytes and is only ever present in
// memory. Because strings in the p≡p engine are UTF-8 NFC, the string is
// restricted to 250 code points in UI.
//
// This function copies the passphrase into the session. It may return
// PEP_OUT_OF_MEMORY. The behaviour of all functions which use secret keys may
// change after this is configured. Error behaviour
//
// For any function which may trigger the use of a secret key, if an attempt
// to use a secret key which requires a passphrase occurs and no passphrase
// is configured for the current session, PEP_PASSPHRASE_REQUIRED is
// returned by this function (and thus, all functions which could trigger
// such a usage must be prepared to return this value). For any function
// which may trigger the use of a secret key, if a passphrase is configured
// and the configured passphrase is the wrong passphrase for the use of a
// given passphrase-protected secret key, PEP_WRONG_PASSPHRASE is returned
// by this function (and thus, all functions which could trigger such a
// usage must be prepared to return this value).
DYNAMIC_API PEP_STATUS config_passphrase(PEP_SESSION session, const char *passphrase);
// FIXME: replace in canonical style
//
// Passphrase enablement for newly-generated secret keys
//
// If it is desired that new p≡p keys are passphrase-protected, the following
// API call is used to enable the addition of passphrases to new keys during key
// generation:
//
// If enabled and a passphrase has been configured (see above), then any
// time a secret key is generated while enabled, the configured passphrase
// will be used as the passphrase for any newly-generated secret key. If
// enabled and a passphrase has not been configured, then any function which
// can attempt to generate a secret key will return
// PEP_PASSPHRASE_FOR_NEW_KEY_REQUIRED. If disabled (i.e. not enabled) and
// a passphrase has been configured, no passphrases will be used for
// newly-generated keys.
//
DYNAMIC_API void config_passphrase_for_new_keys(PEP_SESSION session, bool enable);
PEP_STATUS _generate_keypair(PEP_SESSION session,
pEp_identity *identity,

@ -141,6 +141,9 @@ struct _pEpSession {
PEP_cryptotech_t *cryptotech;
PEP_CIPHER_SUITE cipher_suite;
char* passphrase;
bool new_key_pass_enable;
PEP_transport_t *transports;

@ -15,8 +15,6 @@
#include "keymanagement.h"
#include "test_util.h"
#include "Engine.h"
#include <gtest/gtest.h>

Loading…
Cancel
Save