|
|
@ -34,9 +34,14 @@ DYNAMIC_API PEP_STATUS init(PEP_SESSION *session) |
|
|
|
static const char *sql_own_key_is_listed; |
|
|
|
static const char *sql_own_key_retrieve; |
|
|
|
|
|
|
|
// Sequence |
|
|
|
static const char *sql_sequence_value1; |
|
|
|
static const char *sql_sequence_value2; |
|
|
|
|
|
|
|
// Revocation tracking |
|
|
|
static const char *sql_set_revoked; |
|
|
|
static const char *sql_get_revoked; |
|
|
|
|
|
|
|
bool in_first = false; |
|
|
|
|
|
|
|
assert(sqlite3_threadsafe()); |
|
|
@ -177,6 +182,13 @@ DYNAMIC_API PEP_STATUS init(PEP_SESSION *session) |
|
|
|
" name text primary key,\n" |
|
|
|
" value integer default 0\n" |
|
|
|
");\n" |
|
|
|
"create table if not exists revoked_keys (\n" |
|
|
|
" revoked_fpr text primary key,\n" |
|
|
|
" replacement_fpr text not null\n" |
|
|
|
" references pgp_keypair (fpr)\n" |
|
|
|
" on delete cascade,\n" |
|
|
|
" revocation_date integer\n" |
|
|
|
");\n" |
|
|
|
, |
|
|
|
NULL, |
|
|
|
NULL, |
|
|
@ -275,6 +287,15 @@ DYNAMIC_API PEP_STATUS init(PEP_SESSION *session) |
|
|
|
"(select coalesce((select value + 1 from sequences " |
|
|
|
"where name = ?1), 1 ))) ; "; |
|
|
|
sql_sequence_value2 = "select value from sequences where name = ?1 ;"; |
|
|
|
|
|
|
|
sql_set_revoked = "insert or replace into revoked_keys (" |
|
|
|
" revoked_fpr, replacement_fpr, revocation_date) " |
|
|
|
"values (upper(replace(?1,' ',''))," |
|
|
|
" upper(replace(?2,' ',''))," |
|
|
|
" ?3) ;"; |
|
|
|
|
|
|
|
sql_get_revoked = "select revoked_fpr, revocation_date from revoked_keys" |
|
|
|
" where replacement_fpr = upper(replace(?1,' ','')) ;"; |
|
|
|
} |
|
|
|
|
|
|
|
int_result = sqlite3_prepare_v2(_session->db, sql_log, (int)strlen(sql_log), |
|
|
@ -367,6 +388,16 @@ DYNAMIC_API PEP_STATUS init(PEP_SESSION *session) |
|
|
|
(int)strlen(sql_sequence_value2), &_session->sequence_value2, NULL); |
|
|
|
assert(int_result == SQLITE_OK); |
|
|
|
|
|
|
|
// Revocation tracking |
|
|
|
|
|
|
|
int_result = sqlite3_prepare_v2(_session->db, sql_set_revoked, |
|
|
|
(int)strlen(sql_set_revoked), &_session->set_revoked, NULL); |
|
|
|
assert(int_result == SQLITE_OK); |
|
|
|
|
|
|
|
int_result = sqlite3_prepare_v2(_session->db, sql_get_revoked, |
|
|
|
(int)strlen(sql_get_revoked), &_session->get_revoked, NULL); |
|
|
|
assert(int_result == SQLITE_OK); |
|
|
|
|
|
|
|
status = init_cryptotech(_session, in_first); |
|
|
|
if (status != PEP_STATUS_OK) |
|
|
|
goto pep_error; |
|
|
@ -552,7 +583,7 @@ DYNAMIC_API PEP_STATUS trustword( |
|
|
|
if (*word) |
|
|
|
*wsize = sqlite3_column_bytes(session->trustword, 1); |
|
|
|
else |
|
|
|
status = PEP_TRUSTWORD_NOT_FOUND; |
|
|
|
status = PEP_OUT_OF_MEMORY; |
|
|
|
} else |
|
|
|
status = PEP_TRUSTWORD_NOT_FOUND; |
|
|
|
|
|
|
@ -1473,6 +1504,95 @@ DYNAMIC_API PEP_STATUS sequence_value( |
|
|
|
return status; |
|
|
|
} |
|
|
|
|
|
|
|
DYNAMIC_API PEP_STATUS set_revoked( |
|
|
|
PEP_SESSION session, |
|
|
|
const char *revoked_fpr, |
|
|
|
const char *replacement_fpr, |
|
|
|
const uint64_t revocation_date |
|
|
|
) |
|
|
|
{ |
|
|
|
PEP_STATUS status = PEP_STATUS_OK; |
|
|
|
|
|
|
|
assert(session && |
|
|
|
revoked_fpr && revoked_fpr[0] && |
|
|
|
replacement_fpr && replacement_fpr[0] |
|
|
|
); |
|
|
|
|
|
|
|
if (!(session && |
|
|
|
revoked_fpr && revoked_fpr[0] && |
|
|
|
replacement_fpr && replacement_fpr[0] |
|
|
|
)) |
|
|
|
return PEP_ILLEGAL_VALUE; |
|
|
|
|
|
|
|
sqlite3_reset(session->set_revoked); |
|
|
|
sqlite3_bind_text(session->set_revoked, 1, revoked_fpr, -1, SQLITE_STATIC); |
|
|
|
sqlite3_bind_text(session->set_revoked, 2, replacement_fpr, -1, SQLITE_STATIC); |
|
|
|
sqlite3_bind_int64(session->set_revoked, 3, revocation_date); |
|
|
|
|
|
|
|
int result; |
|
|
|
|
|
|
|
result = sqlite3_step(session->set_revoked); |
|
|
|
switch (result) { |
|
|
|
case SQLITE_DONE: |
|
|
|
status = PEP_STATUS_OK; |
|
|
|
break; |
|
|
|
|
|
|
|
default: |
|
|
|
status = PEP_UNKNOWN_ERROR; |
|
|
|
} |
|
|
|
|
|
|
|
sqlite3_reset(session->set_revoked); |
|
|
|
return status; |
|
|
|
} |
|
|
|
|
|
|
|
DYNAMIC_API PEP_STATUS get_revoked( |
|
|
|
PEP_SESSION session, |
|
|
|
const char *fpr, |
|
|
|
char **revoked_fpr, |
|
|
|
uint64_t *revocation_date |
|
|
|
) |
|
|
|
{ |
|
|
|
PEP_STATUS status = PEP_STATUS_OK; |
|
|
|
|
|
|
|
assert(session && |
|
|
|
revoked_fpr && |
|
|
|
fpr && fpr[0] |
|
|
|
); |
|
|
|
|
|
|
|
if (!(session && |
|
|
|
revoked_fpr && |
|
|
|
fpr && fpr[0] |
|
|
|
)) |
|
|
|
return PEP_ILLEGAL_VALUE; |
|
|
|
|
|
|
|
*revoked_fpr = NULL; |
|
|
|
*revocation_date = 0; |
|
|
|
|
|
|
|
sqlite3_reset(session->get_revoked); |
|
|
|
sqlite3_bind_text(session->get_revoked, 1, fpr, -1, SQLITE_STATIC); |
|
|
|
|
|
|
|
int result; |
|
|
|
|
|
|
|
result = sqlite3_step(session->get_revoked); |
|
|
|
switch (result) { |
|
|
|
case SQLITE_ROW: { |
|
|
|
*revoked_fpr = strdup((const char *) sqlite3_column_text(session->get_revoked, 0)); |
|
|
|
if(*revoked_fpr) |
|
|
|
*revocation_date = sqlite3_column_int64(session->get_revoked, 1); |
|
|
|
else |
|
|
|
status = PEP_OUT_OF_MEMORY; |
|
|
|
|
|
|
|
break; |
|
|
|
} |
|
|
|
default: |
|
|
|
status = PEP_CANNOT_FIND_IDENTITY; |
|
|
|
} |
|
|
|
|
|
|
|
sqlite3_reset(session->get_revoked); |
|
|
|
|
|
|
|
return status; |
|
|
|
} |
|
|
|
|
|
|
|
DYNAMIC_API PEP_STATUS reset_peptest_hack(PEP_SESSION session) |
|
|
|
{ |
|
|
|
assert(session); |
|
|
|