@ -267,6 +267,7 @@ DYNAMIC_API PEP_STATUS update_identity(
DYNAMIC_API PEP_STATUS myself ( PEP_SESSION session , pEp_identity * identity )
{
pEp_identity * stored_identity ;
PEP_STATUS status ;
stringlist_t * keylist = NULL ;
@ -285,12 +286,69 @@ DYNAMIC_API PEP_STATUS myself(PEP_SESSION session, pEp_identity * identity)
DEBUG_LOG ( " myself " , " debug " , identity - > address ) ;
status = find_keys ( session , identity - > address , & keylist ) ;
status = get_identity ( session ,
identity - > address ,
identity - > user_id ,
& stored_identity ) ;
assert ( status ! = PEP_OUT_OF_MEMORY ) ;
if ( status = = PEP_OUT_OF_MEMORY )
return PEP_OUT_OF_MEMORY ;
if ( keylist = = NULL | | keylist - > value = = NULL ) {
if ( stored_identity )
{
if ( EMPTYSTR ( identity - > fpr ) ) {
identity - > fpr = strndup ( stored_identity - > fpr , stored_identity - > fpr_size ) ;
assert ( identity - > fpr ) ;
if ( identity - > fpr = = NULL )
{
return PEP_OUT_OF_MEMORY ;
}
identity - > fpr_size = stored_identity - > fpr_size ;
}
}
else
{
free ( identity - > fpr ) ;
identity - > fpr_size = 0 ;
status = find_keys ( session , identity - > address , & keylist ) ;
assert ( status ! = PEP_OUT_OF_MEMORY ) ;
if ( status = = PEP_OUT_OF_MEMORY )
return PEP_OUT_OF_MEMORY ;
if ( keylist ! = NULL & & keylist - > value ! = NULL )
{
// BUG : Vulnerable to auto-key-import poisoning.
// Attacker's key with forged userId could have been
// auto imported from already received email and be used here
// TODO : iterate over list to elect best key
// TODO : discard keys which aren't private
// TODO : discard keys which aren't either
// - own generated key
// - own from synchronized device group
// - already fully trusted as a public key of known
// identity, for that same address
// (case of imported key for mailing lists)
identity - > fpr = strdup ( keylist - > value ) ;
assert ( identity - > fpr ) ;
if ( identity - > fpr = = NULL )
{
return PEP_OUT_OF_MEMORY ;
}
identity - > fpr_size = strlen ( identity - > fpr ) ;
}
}
// TODO : Check key for revoked state
if ( EMPTYSTR ( identity - > fpr ) /* or revoked */ )
{
DEBUG_LOG ( " generating key pair " , " debug " , identity - > address ) ;
status = generate_keypair ( session , identity ) ;
assert ( status ! = PEP_OUT_OF_MEMORY ) ;
@ -300,20 +358,21 @@ DYNAMIC_API PEP_STATUS myself(PEP_SESSION session, pEp_identity * identity)
DEBUG_LOG ( " generating key pair failed " , " debug " , buf ) ;
return status ;
}
status = find_keys ( session , identity - > address , & keylist ) ;
assert ( status ! = PEP_OUT_OF_MEMORY ) ;
if ( status = = PEP_OUT_OF_MEMORY )
return PEP_OUT_OF_MEMORY ;
assert ( keylist & & keylist - > value ) ;
if ( keylist = = NULL | | keylist - > value = = NULL ) {
return PEP_UNKNOWN_ERROR ;
}
}
else {
else
{
bool expired ;
status = key_expired ( session , keylist- > value , & expired ) ;
status = key_expired ( session , identity- > fpr , & expired ) ;
assert ( status = = PEP_STATUS_OK ) ;
if ( status ! = PEP_STATUS_OK ) {
goto free_keylist ;
@ -321,21 +380,11 @@ DYNAMIC_API PEP_STATUS myself(PEP_SESSION session, pEp_identity * identity)
if ( status = = PEP_STATUS_OK & & expired ) {
timestamp * ts = new_timestamp ( time ( NULL ) + KEY_EXPIRE_DELTA ) ;
renew_key ( session , keylist- > value , ts ) ;
renew_key ( session , identity- > fpr , ts ) ;
free_timestamp ( ts ) ;
}
}
if ( identity - > fpr )
free ( identity - > fpr ) ;
identity - > fpr = strdup ( keylist - > value ) ;
assert ( identity - > fpr ) ;
if ( identity - > fpr = = NULL ) {
status = PEP_OUT_OF_MEMORY ;
goto free_keylist ;
}
identity - > fpr_size = strlen ( identity - > fpr ) ;
status = set_identity ( session , identity ) ;
assert ( status = = PEP_STATUS_OK ) ;
if ( status ! = PEP_STATUS_OK ) {
Edouard Tisserant
7 years ago