Browse Source

completing rating

doc_update_sequoia
Volker Birk 7 years ago
parent
commit
21925e7e4b
8 changed files with 261 additions and 93 deletions
  1. +8
    -0
      db/CREATE_DB.txt
  2. +12
    -0
      db/create_system_db.sql
  3. +135
    -59
      src/message_api.c
  4. +32
    -22
      src/message_api.h
  5. +50
    -6
      src/pEpEngine.c
  6. +20
    -4
      src/pEpEngine.h
  7. +2
    -1
      src/pEp_internal.h
  8. +2
    -1
      test/message_api_test.cc

+ 8
- 0
db/CREATE_DB.txt View File

@ -0,0 +1,8 @@
To create system.db:
1) run the create script
2) import wordlists, 65535 words each language
3) insert an i18n text per language

+ 12
- 0
db/create_system_db.sql View File

@ -6,3 +6,15 @@ CREATE TABLE wordlist (
);
CREATE UNIQUE INDEX wordlist_pk on wordlist (lang, id);
CREATE TABLE i18n (
lang text,
id integer,
phrase text
);
CREATE UNIQUE INDEX i18n_pk on i18n (lang, id);
INSERT INTO i18n VALUES ('en', 1, 'I want to have this conversation in English language');
INSERT INTO i18n VALUES ('de', 1, 'Ich möchte diese Unterhaltung auf Deutsch führen');
' add more languages here

+ 135
- 59
src/message_api.c View File

@ -379,7 +379,8 @@ DYNAMIC_API PEP_STATUS encrypt_message(
PEP_MIME_format mime = (enc_format == PEP_enc_PEP) ? PEP_MIME :
PEP_MIME_fields_omitted;
status = decrypt_message(session, src, mime, &_dst, &_keylist);
PEP_color color;
status = decrypt_message(session, src, mime, &_dst, &_keylist, &color);
if (status != PEP_STATUS_OK)
goto pep_error;
free_stringlist(_keylist);
@ -663,12 +664,109 @@ static char * without_double_ending(const char *filename)
return strndup(filename, ext - filename);
}
static PEP_color decrypt_color(PEP_STATUS status)
{
switch (status) {
case PEP_UNENCRYPTED:
case PEP_VERIFIED:
case PEP_VERIFY_NO_KEY:
case PEP_VERIFIED_AND_TRUSTED:
return PEP_rating_unencrypted;
case PEP_DECRYPTED:
return PEP_rating_unreliable;
case PEP_DECRYPTED_AND_VERIFIED:
return PEP_rating_reliable;
case PEP_DECRYPT_WRONG_FORMAT:
case PEP_DECRYPT_NO_KEY:
case PEP_CANNOT_DECRYPT_UNKNOWN:
return PEP_rating_cannot_decrypt;
default:
return PEP_rating_undefined;
}
}
static PEP_color _rating(PEP_comm_type ct)
{
if (ct == PEP_ct_unknown)
return PEP_rating_undefined;
else if (ct == PEP_ct_compromized)
return PEP_rating_under_attack;
else if (ct >= PEP_ct_confirmed_enc_anon)
return PEP_rating_trusted_and_anonymized;
else if (ct >= PEP_ct_strong_encryption)
return PEP_rating_trusted;
else if (ct >= PEP_ct_strong_but_unconfirmed && ct < PEP_ct_confirmed)
return PEP_rating_reliable;
else if (ct == PEP_ct_no_encryption || ct == PEP_ct_no_encrypted_channel)
return PEP_rating_unencrypted;
else
return PEP_rating_unreliable;
}
static PEP_color key_color(PEP_SESSION session, const char *fpr) {
PEP_comm_type comm_type = PEP_ct_unknown;
assert(session);
assert(fpr);
PEP_STATUS status = get_key_rating(session, fpr, &comm_type);
if (status != PEP_STATUS_OK)
return PEP_rating_undefined;
return _rating(comm_type);
}
static PEP_color keylist_color(PEP_SESSION session, stringlist_t *keylist)
{
PEP_color color = PEP_rating_reliable;
assert(keylist && keylist->value);
if (keylist == NULL || keylist->value == NULL)
return PEP_rating_unencrypted;
stringlist_t *_kl;
for (_kl = keylist; _kl && _kl->value; _kl = _kl->next) {
PEP_comm_type ct;
PEP_STATUS status;
PEP_color _color;
_color = key_color(session, _kl->value);
if (_color == PEP_rating_under_attack)
return PEP_rating_under_attack;
color = MIN(color, _color);
status = least_trust(session, _kl->value, &ct);
if (status != PEP_STATUS_OK)
return PEP_rating_undefined;
_color = _rating(ct);
if (_color == PEP_rating_under_attack)
return PEP_rating_under_attack;
color = MIN(color, _color);
}
return color;
}
DYNAMIC_API PEP_STATUS decrypt_message(
PEP_SESSION session,
message *src,
PEP_MIME_format mime,
message **dst,
stringlist_t **keylist
stringlist_t **keylist,
PEP_color *color
)
{
PEP_STATUS status = PEP_STATUS_OK;
@ -684,11 +782,14 @@ DYNAMIC_API PEP_STATUS decrypt_message(
assert(src);
assert(dst);
assert(keylist);
assert(color);
if (!(session && src && dst && keylist))
if (!(session && src && dst && keylist && color))
return PEP_ILLEGAL_VALUE;
*dst = NULL;
*keylist = NULL;
*color = PEP_rating_undefined;
determine_encryption_format(src);
import_attached_keys(session, src);
@ -724,9 +825,18 @@ DYNAMIC_API PEP_STATUS decrypt_message(
status = decrypt_and_verify(session, ctext, csize, &ptext, &psize,
&_keylist);
*color = decrypt_color(status);
if (ptext == NULL)
goto pep_error;
if (*color != PEP_rating_under_attack) {
PEP_color _color = keylist_color(session, _keylist);
if (_color == PEP_rating_under_attack)
*color = PEP_rating_under_attack;
else
*color = MIN(*color, _color);
}
switch (src->enc_format) {
case PEP_enc_PGP_MIME:
status = mime_decode_message(ptext, &msg);
@ -902,31 +1012,7 @@ static PEP_comm_type _get_comm_type(
}
}
static PEP_color _rating(PEP_comm_type ct)
{
if (ct == PEP_ct_unknown)
return PEP_rating_undefined;
else if (ct == PEP_ct_compromized)
return PEP_rating_under_attack;
else if (ct >= PEP_ct_confirmed_enc_anon)
return PEP_rating_trusted_and_anonymized;
else if (ct >= PEP_ct_strong_encryption)
return PEP_rating_trusted;
else if (ct >= PEP_ct_strong_but_unconfirmed && ct < PEP_ct_confirmed)
return PEP_rating_reliable;
else if (ct == PEP_ct_no_encryption || ct == PEP_ct_no_encrypted_channel)
return PEP_rating_unencrypted;
else
return PEP_rating_unreliable;
}
DYNAMIC_API PEP_STATUS message_color(
DYNAMIC_API PEP_STATUS outgoing_message_color(
PEP_SESSION session,
message *msg,
PEP_color *color
@ -939,50 +1025,40 @@ DYNAMIC_API PEP_STATUS message_color(
assert(session);
assert(msg);
assert(msg->from);
assert(msg->dir == PEP_dir_outgoing);
assert(color);
if (!(session && msg && color))
return PEP_ILLEGAL_VALUE;
if (msg->from == NULL || msg->dir != PEP_dir_outgoing)
return PEP_ILLEGAL_VALUE;
*color = PEP_rating_undefined;
assert(msg->from);
if (msg->from == NULL)
return PEP_ILLEGAL_VALUE;
switch (msg->dir) {
case PEP_dir_incoming:
status = update_identity(session, msg->from);
if (status != PEP_STATUS_OK)
return status;
max_comm_type = msg->from->comm_type;
comm_type_determined = true;
break;
case PEP_dir_outgoing:
status = myself(session, msg->from);
if (status != PEP_STATUS_OK)
return status;
for (il = msg->to; il != NULL; il = il->next) {
if (il->ident) {
max_comm_type = _get_comm_type(session, max_comm_type,
il->ident);
comm_type_determined = true;
}
}
status = myself(session, msg->from);
if (status != PEP_STATUS_OK)
return status;
for (il = msg->cc; il != NULL; il = il->next) {
if (il->ident) {
max_comm_type = _get_comm_type(session, max_comm_type,
il->ident);
comm_type_determined = true;
}
}
break;
for (il = msg->to; il != NULL; il = il->next) {
if (il->ident) {
max_comm_type = _get_comm_type(session, max_comm_type,
il->ident);
comm_type_determined = true;
}
}
default:
return PEP_ILLEGAL_VALUE;
for (il = msg->cc; il != NULL; il = il->next) {
if (il->ident) {
max_comm_type = _get_comm_type(session, max_comm_type,
il->ident);
comm_type_determined = true;
}
}
if (comm_type_determined == false)


+ 32
- 22
src/message_api.h View File

@ -31,7 +31,8 @@ void attach_own_key(PEP_SESSION session, message *msg);
// PEP_GET_KEY_FAILED cannot retrieve key
//
// caveat:
// the ownership of the new message goes to the caller
// the ownershop of src remains with the caller
// the ownership of dst goes to the caller
// if src is unencrypted this function returns PEP_UNENCRYPTED and sets
// dst to NULL
@ -44,6 +45,23 @@ DYNAMIC_API PEP_STATUS encrypt_message(
);
typedef enum _PEP_color {
PEP_rating_undefined = 0,
PEP_rating_unencrypted,
PEP_rating_cannot_decrypt,
PEP_rating_unreliable,
PEP_rating_reliable,
PEP_rating_yellow = PEP_rating_reliable,
PEP_rating_trusted,
PEP_rating_green = PEP_rating_trusted,
PEP_rating_trusted_and_anonymized,
PEP_rating_fully_anonymous,
PEP_rating_under_attack = -1,
PEP_rating_red = PEP_rating_under_attack,
PEP_rating_b0rken = -2
} PEP_color;
// decrypt_message() - decrypt message in memory
//
// parameters:
@ -52,40 +70,27 @@ DYNAMIC_API PEP_STATUS encrypt_message(
// mime (in) MIME encoding wanted
// dst (out) pointer to new decrypted message or NULL on failure
// keylist (out) stringlist with keyids
// color (out) color for the message
//
// return value:
// error status or PEP_STATUS_OK on success
//
// caveat:
// the ownership of the new message goes to the caller
// the ownership of src remains with the caller
// the ownership of dst goes to the caller
// the ownership of keylist goes to the caller
DYNAMIC_API PEP_STATUS decrypt_message(
PEP_SESSION session,
message *src,
PEP_MIME_format mime,
message **dst,
stringlist_t **keylist
stringlist_t **keylist,
PEP_color *color
);
typedef enum _PEP_color {
PEP_rating_undefined = 0,
PEP_rating_unencrypted,
PEP_rating_cannot_decrypt,
PEP_rating_unreliable,
PEP_rating_reliable,
PEP_rating_yellow = PEP_rating_reliable,
PEP_rating_trusted,
PEP_rating_green = PEP_rating_trusted,
PEP_rating_trusted_and_anonymized,
PEP_rating_fully_anonymous,
PEP_rating_under_attack = -1,
PEP_rating_red = PEP_rating_under_attack,
PEP_rating_b0rken = -2
} PEP_color;
// message_color() - get color for a message
// outgoing_message_color() - get color for an outgoing message
//
// parameters:
// session (in) session handle
@ -97,8 +102,10 @@ typedef enum _PEP_color {
//
// caveat:
// msg->from must point to a valid pEp_identity
// msg->dir must be PEP_dir_outgoing
// the ownership of msg remains with the caller
DYNAMIC_API PEP_STATUS message_color(
DYNAMIC_API PEP_STATUS outgoing_message_color(
PEP_SESSION session,
message *msg,
PEP_color *color
@ -114,6 +121,9 @@ DYNAMIC_API PEP_STATUS message_color(
//
// return value:
// error status or PEP_STATUS_OK on success
//
// caveat:
// the ownership of ident remains with the caller
DYNAMIC_API PEP_STATUS identity_color(
PEP_SESSION session,


+ 50
- 6
src/pEpEngine.c View File

@ -17,6 +17,7 @@ DYNAMIC_API PEP_STATUS init(PEP_SESSION *session)
static const char *sql_set_identity;
static const char *sql_set_trust;
static const char *sql_get_trust;
static const char *sql_least_trust;
bool in_first = false;
assert(sqlite3_threadsafe());
@ -193,6 +194,8 @@ DYNAMIC_API PEP_STATUS init(PEP_SESSION *session)
sql_get_trust = "select user_id, comm_type from trust where user_id = ?1 "
"and pgp_keypair_fpr = ?2 ;";
sql_least_trust = "select min(comm_type) from trust where pgp_keypair_fpr = ?1 ;";
}
int_result = sqlite3_prepare_v2(_session->db, sql_log, strlen(sql_log),
@ -227,6 +230,10 @@ DYNAMIC_API PEP_STATUS init(PEP_SESSION *session)
strlen(sql_get_trust), &_session->get_trust, NULL);
assert(int_result == SQLITE_OK);
int_result = sqlite3_prepare_v2(_session->db, sql_least_trust,
strlen(sql_least_trust), &_session->least_trust, NULL);
assert(int_result == SQLITE_OK);
status = init_cryptotech(_session, in_first);
if (status != PEP_STATUS_OK)
goto pep_error;
@ -285,6 +292,8 @@ DYNAMIC_API void release(PEP_SESSION session)
sqlite3_finalize(session->set_trust);
if (session->get_trust)
sqlite3_finalize(session->get_trust);
if (session->least_trust)
sqlite3_finalize(session->least_trust);
if (session->db)
sqlite3_close_v2(session->db);
@ -374,9 +383,9 @@ DYNAMIC_API PEP_STATUS trustword(
if (*word)
*wsize = sqlite3_column_bytes(session->trustword, 1);
else
status = PEP_SAFEWORD_NOT_FOUND;
status = PEP_TRUSTWORD_NOT_FOUND;
} else
status = PEP_SAFEWORD_NOT_FOUND;
status = PEP_TRUSTWORD_NOT_FOUND;
sqlite3_reset(session->trustword);
return status;
@ -405,7 +414,7 @@ DYNAMIC_API PEP_STATUS trustwords(
*words = NULL;
*wsize = 0;
buffer = calloc(1, MAX_SAFEWORDS_SPACE);
buffer = calloc(1, MAX_TRUSTWORDS_SPACE);
assert(buffer);
if (buffer == NULL)
return PEP_OUT_OF_MEMORY;
@ -447,10 +456,10 @@ DYNAMIC_API PEP_STATUS trustwords(
}
if (word == NULL) {
free(buffer);
return PEP_SAFEWORD_NOT_FOUND;
return PEP_TRUSTWORD_NOT_FOUND;
}
if (dest + _wsize < buffer + MAX_SAFEWORDS_SPACE - 1) {
if (dest + _wsize < buffer + MAX_TRUSTWORDS_SPACE - 1) {
strncpy(dest, word, _wsize);
free(word);
dest += _wsize;
@ -461,7 +470,7 @@ DYNAMIC_API PEP_STATUS trustwords(
}
if (source < fingerprint + fsize
&& dest + _wsize < buffer + MAX_SAFEWORDS_SPACE - 1)
&& dest + _wsize < buffer + MAX_TRUSTWORDS_SPACE - 1)
*dest++ = ' ';
++n_words;
@ -738,6 +747,41 @@ DYNAMIC_API PEP_STATUS get_trust(PEP_SESSION session, pEp_identity *identity)
return status;
}
DYNAMIC_API PEP_STATUS least_trust(
PEP_SESSION session,
const char *fpr,
PEP_comm_type *comm_type
)
{
PEP_STATUS status = PEP_STATUS_OK;
int result;
PEP_comm_type _comm_type = PEP_ct_unknown;
assert(session);
assert(fpr);
assert(comm_type);
if (!(session && fpr && comm_type))
return PEP_ILLEGAL_VALUE;
sqlite3_reset(session->least_trust);
sqlite3_bind_text(session->least_trust, 1, fpr, -1, SQLITE_STATIC);
result = sqlite3_step(session->least_trust);
switch (result) {
case SQLITE_ROW: {
*comm_type = (PEP_comm_type)
sqlite3_column_int(session->get_identity, 1);
break;
}
default:
status = PEP_CANNOT_FIND_IDENTITY;
}
sqlite3_reset(session->least_trust);
return status;
}
DYNAMIC_API PEP_STATUS decrypt_and_verify(
PEP_SESSION session, const char *ctext, size_t csize,
char **ptext, size_t *psize, stringlist_t **keylist


+ 20
- 4
src/pEpEngine.h View File

@ -56,7 +56,7 @@ typedef enum {
PEP_VERIFIED_AND_TRUSTED = 0x0408,
PEP_CANNOT_DECRYPT_UNKNOWN = 0x04ff,
PEP_SAFEWORD_NOT_FOUND = 0x0501,
PEP_TRUSTWORD_NOT_FOUND = 0x0501,
PEP_CANNOT_CREATE_KEY = 0x0601,
PEP_CANNOT_SEND_KEY = 0x0602,
@ -230,7 +230,7 @@ DYNAMIC_API PEP_STATUS log_event(
//
// return value:
// PEP_STATUS_OK trustword retrieved
// PEP_SAFEWORD_NOT_FOUND trustword not found
// PEP_TRUSTWORD_NOT_FOUND trustword not found
//
// caveat:
// the word pointer goes to the ownership of the caller
@ -259,7 +259,7 @@ DYNAMIC_API PEP_STATUS trustword(
// return value:
// PEP_STATUS_OK trustwords retrieved
// PEP_OUT_OF_MEMORY out of memory
// PEP_SAFEWORD_NOT_FOUND at least one trustword not found
// PEP_TRUSTWORD_NOT_FOUND at least one trustword not found
//
// caveat:
// the word pointer goes to the ownership of the caller
@ -583,13 +583,29 @@ DYNAMIC_API void pEp_free(void *p);
// user_id and comm_type as result (out)
//
// this function modifies the given identity struct; the struct remains in
// the ownership of the caller
// the ownership of the caller
// if the trust level cannot be determined identity->comm_type is set
// to PEP_ct_unknown
DYNAMIC_API PEP_STATUS get_trust(PEP_SESSION session, pEp_identity *identity);
// least_trust() - get the least known trust level for a key in the database
//
// parameters:
// session (in) session handle
// fpr (in) fingerprint of key to check
// comm_type (out) least comm_type as result (out)
//
// if the trust level cannot be determined comm_type is set to PEP_ct_unknown
DYNAMIC_API PEP_STATUS least_trust(
PEP_SESSION session,
const char *fpr,
PEP_comm_type *comm_type
);
// get_key_rating() - get the rating a bare key has
//
// parameters:


+ 2
- 1
src/pEp_internal.h View File

@ -1,7 +1,7 @@
#define PEP_ENGINE_VERSION "0.5.0"
// this is 20 trustwords with 79 chars max
#define MAX_SAFEWORDS_SPACE (20 * 80)
#define MAX_TRUSTWORDS_SPACE (20 * 80)
// XML parameters string
#define PARMS_MAX 32768
@ -84,6 +84,7 @@ typedef struct _pEpSession {
sqlite3_stmt *set_identity;
sqlite3_stmt *set_trust;
sqlite3_stmt *get_trust;
sqlite3_stmt *least_trust;
} pEpSession;
PEP_STATUS init_transport_system(PEP_SESSION session, bool in_first);


+ 2
- 1
test/message_api_test.cc View File

@ -66,7 +66,8 @@ int main() {
message *msg4;
stringlist_t *keylist4;
PEP_STATUS status4 = decrypt_message(session, enc_msg2, PEP_MIME_none, &msg4, &keylist4);
PEP_color color;
PEP_STATUS status4 = decrypt_message(session, enc_msg2, PEP_MIME_none, &msg4, &keylist4, &color);
assert(status4 == PEP_STATUS_OK);
assert(msg4);
assert(keylist4);


Loading…
Cancel
Save