Browse Source

ENGINE-183 remove session.use_only_own_private_keys, and add existing priv keys to own_keys table at initial startup. Also added fpr from own_keys to own_key_is_listed, influencing result of ellect_own_key.

doc_update_sequoia
Edouard Tisserant 5 years ago
parent
commit
3a5010ac24
4 changed files with 61 additions and 35 deletions
  1. +7
    -21
      src/keymanagement.c
  2. +6
    -0
      src/keymanagement.h
  3. +48
    -13
      src/pEpEngine.c
  4. +0
    -1
      src/pEp_internal.h

+ 7
- 21
src/keymanagement.c View File

@ -339,19 +339,14 @@ PEP_STATUS elect_ownkey(
for (_keylist = keylist; _keylist && _keylist->value; _keylist = _keylist->next) {
bool is_own = false;
if (session->use_only_own_private_keys)
{
status = own_key_is_listed(session, _keylist->value, &is_own);
assert(status == PEP_STATUS_OK);
if (status != PEP_STATUS_OK) {
free_stringlist(keylist);
return status;
}
status = own_key_is_listed(session, _keylist->value, &is_own);
assert(status == PEP_STATUS_OK);
if (status != PEP_STATUS_OK) {
free_stringlist(keylist);
return status;
}
// TODO : also accept synchronized device group keys ?
if (!session->use_only_own_private_keys || is_own)
if (is_own)
{
PEP_comm_type _comm_type_key;
@ -543,16 +538,7 @@ PEP_STATUS _myself(PEP_SESSION session, pEp_identity * identity, bool do_keygen,
{
status = key_revoked(session, identity->fpr, &revoked);
// Forces re-election if key is missing and own-key-only not forced
if (!session->use_only_own_private_keys && status == PEP_KEY_NOT_FOUND)
{
status = elect_ownkey(session, identity);
assert(status == PEP_STATUS_OK);
if (status != PEP_STATUS_OK) {
return status;
}
}
else if (status != PEP_STATUS_OK)
if (status != PEP_STATUS_OK)
{
return status;
}


+ 6
- 0
src/keymanagement.h View File

@ -235,6 +235,12 @@ DYNAMIC_API PEP_STATUS own_keys_retrieve(
stringlist_t **keylist
);
DYNAMIC_API PEP_STATUS set_own_key(
PEP_SESSION session,
const char *address,
const char *fpr
);
#ifdef __cplusplus
}
#endif


+ 48
- 13
src/pEpEngine.c View File

@ -136,7 +136,11 @@ static const char *sql_own_key_is_listed =
" union "
" select main_key_id from identity "
" where main_key_id = upper(replace(?1,' ',''))"
" and user_id = '" PEP_OWN_USERID "' );";
" and user_id = '" PEP_OWN_USERID "' "
" union "
" select fpr from own_key "
" where fpr = upper(replace(?1,' ',''))"
" );";
static const char *sql_own_identities_retrieve =
"select address, fpr, username, "
@ -209,6 +213,7 @@ DYNAMIC_API PEP_STATUS init(PEP_SESSION *session)
int int_result;
bool in_first = false;
bool very_first = false;
assert(sqlite3_threadsafe());
if (!sqlite3_threadsafe())
@ -462,6 +467,11 @@ DYNAMIC_API PEP_STATUS init(PEP_SESSION *session)
assert(int_result == SQLITE_OK);
}
}
else {
// Version from DB was 0, it means this is initial setup.
// DB has just been created, and all tables are empty.
very_first = true;
}
if (version < atoi(_DDL_USER_VERSION)) {
int_result = sqlite3_exec(
@ -475,7 +485,6 @@ DYNAMIC_API PEP_STATUS init(PEP_SESSION *session)
);
assert(int_result == SQLITE_OK);
}
}
int_result = sqlite3_prepare_v2(_session->db, sql_log,
@ -635,11 +644,44 @@ DYNAMIC_API PEP_STATUS init(PEP_SESSION *session)
// runtime config
#ifdef ANDROID
_session->use_only_own_private_keys = true;
#elif TARGET_OS_IPHONE
_session->use_only_own_private_keys = true;
#else
_session->use_only_own_private_keys = false;
#else /* Desktop */
if (very_first)
{
// On first run, all private keys already present in PGP keyring
// are taken as own in order to seamlessly integrate with
// pre-existing GPG setup.
////////////////////////////// WARNING: ///////////////////////////
// Considering all PGP priv keys as own is dangerous in case of
// re-initialization of pEp DB, while keeping PGP keyring as-is!
//
// Indeed, if pEpEngine did import spoofed private keys in previous
// install, then those keys become automatically trusted in case
// pEp_management.db is deleted.
//
// A solution to distinguish bare GPG keyring from pEp keyring is
// needed here. Then keys managed by pEpEngine wouldn't be
// confused with GPG keys managed by the user through GPA.
///////////////////////////////////////////////////////////////////
stringlist_t *keylist = NULL;
status = find_private_keys(_session, "", &keylist);
assert(status != PEP_OUT_OF_MEMORY);
if (status == PEP_OUT_OF_MEMORY)
return PEP_OUT_OF_MEMORY;
if (keylist != NULL && keylist->value != NULL)
{
stringlist_t *_keylist;
for (_keylist = keylist; _keylist && _keylist->value; _keylist = _keylist->next) {
status = set_own_key(_session,
"" /* address is unused in own_keys */,
_keylist->value);
}
}
}
#endif
// sync_session set to own session by default
@ -765,13 +807,6 @@ DYNAMIC_API void config_unencrypted_subject(PEP_SESSION session, bool enable)
session->unencrypted_subject = enable;
}
DYNAMIC_API void config_use_only_own_private_keys(PEP_SESSION session,
bool enable)
{
assert(session);
session->use_only_own_private_keys = enable;
}
DYNAMIC_API void config_keep_sync_msg(PEP_SESSION session, bool enable)
{
assert(session);


+ 0
- 1
src/pEp_internal.h View File

@ -159,7 +159,6 @@ struct _pEpSession {
bool passive_mode;
bool unencrypted_subject;
bool use_only_own_private_keys;
bool keep_sync_msg;
};


Loading…
Cancel
Save