ENGINE-757: put in passphrase enable functions

src/pEpEngine.c

@@ -2295,6 +2295,27 @@ DYNAMIC_API void config_unencrypted_subject(PEP_SESSION session, bool enable)
         session->unencrypted_subject = enable;
 }
 
+DYNAMIC_API PEP_STATUS config_passphrase(PEP_SESSION session, const char *passphrase) {
+    if (!session)
+        return PEP_ILLEGAL_VALUE;
+        
+    PEP_STATUS status = PEP_STATUS_OK;
+    free(session->passphrase);
+    if (!passphrase)
+        session->passphrase = NULL;
+    else {
+        session->passphrase = strdup(passphrase);
+        if (!session->passphrase)
+            status = PEP_OUT_OF_MEMORY;
+    }
+    return status;
+}
+
+DYNAMIC_API void config_passphrase_for_new_keys(PEP_SESSION session, bool enable) {
+    session->new_key_pass_enable = enable;
+}
+
+
 DYNAMIC_API void config_service_log(PEP_SESSION session, bool enable)
 {
     assert(session);

src/pEpEngine.h

@@ -1350,6 +1350,53 @@ DYNAMIC_API const char *per_user_directory(void);
 
 DYNAMIC_API const char *per_machine_directory(void);
 
+// FIXME: replace in canonical style
+//
+// config_passphrase() - configure a key passphrase for the current session.
+//
+// A passphrase can be configured into a p≡p session. Then it is used whenever a
+// secret key is used which requires a passphrase.
+// 
+// A passphrase is a string between 1 and 1024 bytes and is only ever present in
+// memory. Because strings in the p≡p engine are UTF-8 NFC, the string is
+// restricted to 250 code points in UI.
+// 
+// This function copies the passphrase into the session. It may return
+// PEP_OUT_OF_MEMORY. The behaviour of all functions which use secret keys may
+// change after this is configured.  Error behaviour
+// 
+// For any function which may trigger the use of a secret key, if an attempt
+// to use a secret key which requires a passphrase occurs and no passphrase
+// is configured for the current session, PEP_PASSPHRASE_REQUIRED is
+// returned by this function (and thus, all functions which could trigger
+// such a usage must be prepared to return this value).  For any function
+// which may trigger the use of a secret key, if a passphrase is configured
+// and the configured passphrase is the wrong passphrase for the use of a
+// given passphrase-protected secret key, PEP_WRONG_PASSPHRASE is returned
+// by this function (and thus, all functions which could trigger such a
+// usage must be prepared to return this value).
+
+DYNAMIC_API PEP_STATUS config_passphrase(PEP_SESSION session, const char *passphrase);
+
+// FIXME: replace in canonical style
+//
+// Passphrase enablement for newly-generated secret keys
+// 
+// If it is desired that new p≡p keys are passphrase-protected, the following
+// API call is used to enable the addition of passphrases to new keys during key
+// generation:
+// 
+// If enabled and a passphrase has been configured (see above), then any
+// time a secret key is generated while enabled, the configured passphrase
+// will be used as the passphrase for any newly-generated secret key.  If
+// enabled and a passphrase has not been configured, then any function which
+// can attempt to generate a secret key will return
+// PEP_PASSPHRASE_FOR_NEW_KEY_REQUIRED.  If disabled (i.e. not enabled) and
+// a passphrase has been configured, no passphrases will be used for
+// newly-generated keys.
+// 
+
+DYNAMIC_API void config_passphrase_for_new_keys(PEP_SESSION session, bool enable);
 
 PEP_STATUS _generate_keypair(PEP_SESSION session, 
                              pEp_identity *identity,

src/pEp_internal.h

@@ -141,6 +141,9 @@ struct _pEpSession {
 
     PEP_cryptotech_t *cryptotech;
     PEP_CIPHER_SUITE cipher_suite;
+    
+    char* passphrase;
+    bool new_key_pass_enable;
 
     PEP_transport_t *transports;
 

test/src/EncryptForIdentityTest.cc

@@ -15,8 +15,6 @@
 #include "keymanagement.h"
 #include "test_util.h"
 
-
-
 #include "Engine.h"
 
 #include <gtest/gtest.h>