Browse Source

shelving mistrust investigation and fixes to fry bigger fish

doc_update_sequoia
Krista Bennett 4 years ago
parent
commit
9696808ead
5 changed files with 143 additions and 19 deletions
  1. +1
    -0
      src/keymanagement.c
  2. +6
    -0
      src/message_api.c
  3. +16
    -1
      src/pEpEngine.c
  4. +2
    -2
      src/pEp_internal.h
  5. +118
    -16
      test/new_update_id_and_myself_test.cc

+ 1
- 0
src/keymanagement.c View File

@ -199,6 +199,7 @@ static PEP_STATUS validate_fpr(PEP_SESSION session,
status = update_trust_for_fpr(session,
fpr,
ct);
case PEP_ct_mistrusted:
free(ident->fpr);
ident->fpr = NULL;
ident->comm_type = ct;


+ 6
- 0
src/message_api.c View File

@ -20,6 +20,12 @@
#define _MAX(A, B) ((B) > (A) ? (B) : (A))
#endif
// These are globals used in generating message IDs and should only be
// computed once, as they're either really constants or OS-dependent
int _pEp_rand_max_bits;
double _pEp_log2_36;
static bool is_a_pEpmessage(const message *msg)
{
for (stringpair_list_t *i = msg->opt_fields; i && i->value ; i=i->next) {


+ 16
- 1
src/pEpEngine.c View File

@ -468,7 +468,7 @@ DYNAMIC_API PEP_STATUS init(PEP_SESSION *session)
sqlite3_busy_timeout(_session->system_db, 1000);
// increment this when patching DDL
#define _DDL_USER_VERSION "6"
#define _DDL_USER_VERSION "7"
if (in_first) {
@ -564,6 +564,10 @@ DYNAMIC_API PEP_STATUS init(PEP_SESSION *session)
" on delete cascade on update cascade,\n"
" alternate_id text primary key\n"
");\n"
// mistrusted keys
"create table if not exists mistrusted_keys (\n"
" fpr text primary key\n"
");\n"
,
NULL,
NULL,
@ -778,6 +782,17 @@ DYNAMIC_API PEP_STATUS init(PEP_SESSION *session)
assert(int_result == SQLITE_OK);
}
}
if (version < 7) {
int_result = sqlite3_exec(
_session->db,
"create table if not exists mistrusted_keys (\n"
" fpr text primary key\n"
");\n"
NULL,
NULL,
NULL
);
}
else {
// Version from DB was 0, it means this is initial setup.
// DB has just been created, and all tables are empty.


+ 2
- 2
src/pEp_internal.h View File

@ -405,8 +405,8 @@ static inline bool is_me(PEP_SESSION session, pEp_identity* test_ident) {
// These are globals used in generating message IDs and should only be
// computed once, as they're either really constants or OS-dependent
int _pEp_rand_max_bits;
double _pEp_log2_36;
extern int _pEp_rand_max_bits;
extern double _pEp_log2_36;
static inline void _init_globals() {
_pEp_rand_max_bits = ceil(log2(RAND_MAX));


+ 118
- 16
test/new_update_id_and_myself_test.cc View File

@ -38,7 +38,7 @@ int main() {
cout << uniqname << "\n";
const char* own_user_id = "FineOwnIdentitiesOfBuckTFerris";
const char* own_user_id = get_new_uuid();
const char* start_username = "Unser Testkandidat";
pEp_identity * new_me = new_identity(uniqname, NULL, own_user_id, start_username);
@ -481,28 +481,130 @@ int main() {
cout << "****************************************************************************************" << endl;
cout << "* III: 2. key election: get identity for user with only revoked keys " << endl;
cout << "* III: 2. key election: get identity for user with only revoked or mistrusted keys " << endl;
cout << "****************************************************************************************" << endl << endl;
// Create id with no key
cout << "Creating new id with no key for : ";
char *uniqname_10000 = strdup("AAAAtestuser@testdomain.org");
srandom(time(NULL));
for(int i=0; i < 4;i++)
uniqname_10000[i] += random() & 0xf;
cout << uniqname_10000 << "\n";
char* revoke_uuid = get_new_uuid();
pEp_identity * revokemaster_3000 = new_identity(uniqname_10000, NULL, revoke_uuid, start_username);
cout << "Generate three keys for " << uniqname_10000 << " who has user_id " << revoke_uuid << endl;
char* revoke_fpr_arr[3];
status = generate_keypair(session, revokemaster_3000);
assert(status == PEP_STATUS_OK && revokemaster_3000->fpr);
revoke_fpr_arr[0] = strdup(revokemaster_3000->fpr);
free(revokemaster_3000->fpr);
revokemaster_3000->fpr = NULL;
status = generate_keypair(session, revokemaster_3000);
assert(status == PEP_STATUS_OK && revokemaster_3000->fpr);
revoke_fpr_arr[1] = strdup(revokemaster_3000->fpr);
free(revokemaster_3000->fpr);
revokemaster_3000->fpr = NULL;
status = generate_keypair(session, revokemaster_3000);
assert(status == PEP_STATUS_OK && revokemaster_3000->fpr);
revoke_fpr_arr[2] = strdup(revokemaster_3000->fpr);
free(revokemaster_3000->fpr);
revokemaster_3000->fpr = NULL;
cout << "Trust " << revoke_fpr_arr[2] << " (default for identity) and " << revoke_fpr_arr[0] << endl;
status = revoke_key(session, new_fpr, "Because it's more fun to revoke ALL of someone's keys");
free(revokemaster_3000->fpr);
revokemaster_3000->fpr = strdup(revoke_fpr_arr[2]);
status = trust_personal_key(session, revokemaster_3000);
assert(status == PEP_STATUS_OK);
assert(revokemaster_3000->comm_type & PEP_ct_confirmed);
free(revokemaster_3000->fpr);
revokemaster_3000->fpr = strdup(revoke_fpr_arr[0]);
status = trust_personal_key(session, revokemaster_3000);
assert(status == PEP_STATUS_OK);
assert(revokemaster_3000->comm_type & PEP_ct_confirmed);
status = update_identity(session, revokemaster_3000);
assert(status == PEP_STATUS_OK);
assert(revokemaster_3000->fpr);
assert(strcmp(revokemaster_3000->fpr, revoke_fpr_arr[2]) == 0);
assert(revokemaster_3000->comm_type & PEP_ct_confirmed);
cout << "update_identity returns the correct identity default." << endl;
cout << "Ok, now... we revoke the default..." << endl;
cout << "Revoking " << revoke_fpr_arr[2] << endl;
status = revoke_key(session, revoke_fpr_arr[2], "This little pubkey went to market");
assert (status == PEP_STATUS_OK);
bool is_revoked;
status = key_revoked(session, revokemaster_3000->fpr, &is_revoked);
assert(status == PEP_STATUS_OK);
assert(is_revoked);
cout << "Success revoking " << revoke_fpr_arr[2] << "!!! get_trust for this fpr gives us " << revokemaster_3000->comm_type << endl;
cout << "Now see if update_identity gives us " << revoke_fpr_arr[0] << ", the only trusted key left." << endl;
status = update_identity(session, revokemaster_3000);
assert(status == PEP_STATUS_OK);
assert(revokemaster_3000->fpr);
assert(strcmp(revokemaster_3000->fpr, revoke_fpr_arr[0]) == 0);
assert(revokemaster_3000->comm_type & PEP_ct_confirmed);
new_me = new_identity(uniqname, NULL, NULL, NULL);
cout << "Success! So let's mistrust it, because seriously, that key was so uncool." << endl;
status = update_identity(session, new_me);
assert(status != PEP_STATUS_OK);
assert(!new_me->fpr);
assert(new_me->username);
assert(strcmp(new_me->username, start_username) == 0);
assert(new_me->user_id);
assert(strcmp(new_me->user_id, default_own_id) == 0);
assert(new_me->me);
assert(new_me->comm_type == PEP_ct_key_revoked);
status = key_mistrusted(session, revokemaster_3000);
assert(status == PEP_STATUS_OK);
status = get_trust(session, revokemaster_3000);
assert(status == PEP_STATUS_OK);
assert(revokemaster_3000->comm_type == PEP_ct_mistrusted);
cout << "PASS: update_identity() correctly rejected two revoked keys with PEP_KEY_UNSUITABLE and PEP_ct_key_revoked";
cout << endl << endl;
cout << "Success! get_trust for this fpr gives us " << revokemaster_3000->comm_type << endl;
free_identity(new_me);
cout << "The only fpr left is an untrusted one - let's make sure this is what we get from update_identity." << endl;
status = update_identity(session, revokemaster_3000);
assert(status == PEP_STATUS_OK);
assert(revokemaster_3000->fpr);
assert(strcmp(revokemaster_3000->fpr, revoke_fpr_arr[1]) == 0);
assert(!(revokemaster_3000->comm_type & PEP_ct_confirmed));
cout << "Success! We got " << revoke_fpr_arr[1] << "as the fpr with comm_type " << revokemaster_3000->comm_type << endl;
cout << "But, you know... let's revoke that one too and see what update_identity gives us." << endl;
status = revoke_key(session, revoke_fpr_arr[1], "Because it's more fun to revoke ALL of someone's keys");
assert (status == PEP_STATUS_OK);
status = key_revoked(session, revokemaster_3000->fpr, &is_revoked);
assert(status == PEP_STATUS_OK);
assert(is_revoked);
cout << "Success! get_trust for this fpr gives us " << revokemaster_3000->comm_type << endl;
cout << "Call update_identity - we expect nothing, plus an error comm type." << endl;
status = update_identity(session, revokemaster_3000);
assert(status != PEP_STATUS_OK);
assert(!revokemaster_3000->fpr);
assert(revokemaster_3000->username);
assert(strcmp(revokemaster_3000->user_id, revoke_uuid) == 0);
assert(revokemaster_3000->comm_type == PEP_ct_key_revoked || revokemaster_3000->comm_type == PEP_ct_mistrusted);
cout << "Success! No key found. The comm_status error was " << revokemaster_3000->comm_type << "and the return status was " << tl_status_string(status) << endl;
free_identity(revokemaster_3000);
cout << "****************************************************************************************" << endl;
cout << "* III: 100000000. key election: more to come " << endl;


Loading…
Cancel
Save