Added rovoked_keys SQL table and C getter and setter.

doc_update_sequoia
Edouard Tisserant 7 years ago
parent d40a4dee65
commit 610ef11dab

@ -34,9 +34,14 @@ DYNAMIC_API PEP_STATUS init(PEP_SESSION *session)
static const char *sql_own_key_is_listed;
static const char *sql_own_key_retrieve;
// Sequence
static const char *sql_sequence_value1;
static const char *sql_sequence_value2;
// Revocation tracking
static const char *sql_set_revoked;
static const char *sql_get_revoked;
bool in_first = false;
assert(sqlite3_threadsafe());
@ -177,6 +182,13 @@ DYNAMIC_API PEP_STATUS init(PEP_SESSION *session)
" name text primary key,\n"
" value integer default 0\n"
");\n"
"create table if not exists revoked_keys (\n"
" revoked_fpr text primary key,\n"
" replacement_fpr text not null\n"
" references pgp_keypair (fpr)\n"
" on delete cascade,\n"
" revocation_date integer\n"
");\n"
,
NULL,
NULL,
@ -275,6 +287,15 @@ DYNAMIC_API PEP_STATUS init(PEP_SESSION *session)
"(select coalesce((select value + 1 from sequences "
"where name = ?1), 1 ))) ; ";
sql_sequence_value2 = "select value from sequences where name = ?1 ;";
sql_set_revoked = "insert or replace into revoked_keys ("
" revoked_fpr, replacement_fpr, revocation_date) "
"values (upper(replace(?1,' ','')),"
" upper(replace(?2,' ','')),"
" ?3) ;";
sql_get_revoked = "select revoked_fpr, revocation_date from revoked_keys"
" where replacement_fpr = upper(replace(?1,' ','')) ;";
}
int_result = sqlite3_prepare_v2(_session->db, sql_log, (int)strlen(sql_log),
@ -367,6 +388,16 @@ DYNAMIC_API PEP_STATUS init(PEP_SESSION *session)
(int)strlen(sql_sequence_value2), &_session->sequence_value2, NULL);
assert(int_result == SQLITE_OK);
// Revocation tracking
int_result = sqlite3_prepare_v2(_session->db, sql_set_revoked,
(int)strlen(sql_set_revoked), &_session->set_revoked, NULL);
assert(int_result == SQLITE_OK);
int_result = sqlite3_prepare_v2(_session->db, sql_get_revoked,
(int)strlen(sql_get_revoked), &_session->get_revoked, NULL);
assert(int_result == SQLITE_OK);
status = init_cryptotech(_session, in_first);
if (status != PEP_STATUS_OK)
goto pep_error;
@ -552,7 +583,7 @@ DYNAMIC_API PEP_STATUS trustword(
if (*word)
*wsize = sqlite3_column_bytes(session->trustword, 1);
else
status = PEP_TRUSTWORD_NOT_FOUND;
status = PEP_OUT_OF_MEMORY;
} else
status = PEP_TRUSTWORD_NOT_FOUND;
@ -1473,6 +1504,95 @@ DYNAMIC_API PEP_STATUS sequence_value(
return status;
}
DYNAMIC_API PEP_STATUS set_revoked(
PEP_SESSION session,
const char *revoked_fpr,
const char *replacement_fpr,
const uint64_t revocation_date
)
{
PEP_STATUS status = PEP_STATUS_OK;
assert(session &&
revoked_fpr && revoked_fpr[0] &&
replacement_fpr && replacement_fpr[0]
);
if (!(session &&
revoked_fpr && revoked_fpr[0] &&
replacement_fpr && replacement_fpr[0]
))
return PEP_ILLEGAL_VALUE;
sqlite3_reset(session->set_revoked);
sqlite3_bind_text(session->set_revoked, 1, revoked_fpr, -1, SQLITE_STATIC);
sqlite3_bind_text(session->set_revoked, 2, replacement_fpr, -1, SQLITE_STATIC);
sqlite3_bind_int64(session->set_revoked, 3, revocation_date);
int result;
result = sqlite3_step(session->set_revoked);
switch (result) {
case SQLITE_DONE:
status = PEP_STATUS_OK;
break;
default:
status = PEP_UNKNOWN_ERROR;
}
sqlite3_reset(session->set_revoked);
return status;
}
DYNAMIC_API PEP_STATUS get_revoked(
PEP_SESSION session,
const char *fpr,
char **revoked_fpr,
uint64_t *revocation_date
)
{
PEP_STATUS status = PEP_STATUS_OK;
assert(session &&
revoked_fpr &&
fpr && fpr[0]
);
if (!(session &&
revoked_fpr &&
fpr && fpr[0]
))
return PEP_ILLEGAL_VALUE;
*revoked_fpr = NULL;
*revocation_date = 0;
sqlite3_reset(session->get_revoked);
sqlite3_bind_text(session->get_revoked, 1, fpr, -1, SQLITE_STATIC);
int result;
result = sqlite3_step(session->get_revoked);
switch (result) {
case SQLITE_ROW: {
*revoked_fpr = strdup((const char *) sqlite3_column_text(session->get_revoked, 0));
if(*revoked_fpr)
*revocation_date = sqlite3_column_int64(session->get_revoked, 1);
else
status = PEP_OUT_OF_MEMORY;
break;
}
default:
status = PEP_CANNOT_FIND_IDENTITY;
}
sqlite3_reset(session->get_revoked);
return status;
}
DYNAMIC_API PEP_STATUS reset_peptest_hack(PEP_SESSION session)
{
assert(session);

@ -781,6 +781,20 @@ DYNAMIC_API PEP_STATUS sequence_value(
int32_t *value
);
DYNAMIC_API PEP_STATUS set_revoked(
PEP_SESSION session,
const char *revoked_fpr,
const char *replacement_fpr,
const uint64_t revocation_date
);
DYNAMIC_API PEP_STATUS get_revoked(
PEP_SESSION session,
const char *fpr,
char **revoked_fpr,
uint64_t *revocation_date
);
DYNAMIC_API PEP_STATUS reset_peptest_hack(PEP_SESSION session);

@ -115,7 +115,11 @@ typedef struct _pEpSession {
sqlite3_stmt *sequence_value1;
sqlite3_stmt *sequence_value2;
// callbacks
// sequence value
sqlite3_stmt *set_revoked;
sqlite3_stmt *get_revoked;
// callbacks
examine_identity_t examine_identity;
void *examine_management;
void *sync_obj;

Loading…
Cancel
Save