key_compromized() added

src/keymanagement.c

@@ -317,17 +317,23 @@ DYNAMIC_API PEP_STATUS do_keymanagement(
     return PEP_STATUS_OK;
 }
 
-DYNAMIC_API PEP_STATUS key_compromized(PEP_SESSION session, const char *fpr)
+DYNAMIC_API PEP_STATUS key_compromized(
+        PEP_SESSION session,
+        pEp_identity *ident
+    )
 {
     PEP_STATUS status = PEP_STATUS_OK;
 
     assert(session);
-    assert(fpr);
+    assert(ident);
+    assert(!EMPTY(ident->fpr));
 
-    if (!(session && fpr))
+    if (!(session && ident && ident->fpr))
         return PEP_ILLEGAL_VALUE;
 
-    status = revoke_key(session, fpr, NULL);
+    if (ident->me)
+        revoke_key(session, ident->fpr, NULL);
+    status = mark_as_compromized(session, ident->fpr);
 
     return status;
 }

src/keymanagement.h

@@ -117,9 +117,12 @@ DYNAMIC_API PEP_STATUS do_keymanagement(
 //
 //  parameters:
 //      session (in)        session to use
-//      fpr (in)            key which was compromized
+//      ident (in)          person and key which was compromized
 
-DYNAMIC_API PEP_STATUS key_compromized(PEP_SESSION session, const char *fpr);
+DYNAMIC_API PEP_STATUS key_compromized(
+        PEP_SESSION session,
+        pEp_identity *ident
+    );
 
 
 // trust_personal_key() - mark a key as trusted with a person

src/pEpEngine.c

@@ -18,6 +18,7 @@ DYNAMIC_API PEP_STATUS init(PEP_SESSION *session)
 	static const char *sql_set_trust;
     static const char *sql_get_trust;
     static const char *sql_least_trust;
+    static const char *sql_mark_as_compromized;
     bool in_first = false;
 
     assert(sqlite3_threadsafe());
@@ -196,6 +197,8 @@ DYNAMIC_API PEP_STATUS init(PEP_SESSION *session)
                         "and pgp_keypair_fpr = ?2 ;";
 
         sql_least_trust = "select min(comm_type) from trust where pgp_keypair_fpr = ?1 ;";
+
+        sql_mark_as_compromized = "update trust set comm_type = 15 where pgp_keypair_fpr = ?1 ;";
     }
 
     int_result = sqlite3_prepare_v2(_session->db, sql_log, strlen(sql_log),
@@ -234,6 +237,10 @@ DYNAMIC_API PEP_STATUS init(PEP_SESSION *session)
             strlen(sql_least_trust), &_session->least_trust, NULL);
     assert(int_result == SQLITE_OK);
 
+    int_result = sqlite3_prepare_v2(_session->db, sql_mark_as_compromized,
+            strlen(sql_mark_as_compromized), &_session->mark_compromized, NULL);
+    assert(int_result == SQLITE_OK);
+
     status = init_cryptotech(_session, in_first);
     if (status != PEP_STATUS_OK)
         goto pep_error;
@@ -695,6 +702,31 @@ DYNAMIC_API PEP_STATUS set_identity(
 		return PEP_COMMIT_FAILED;
 }
 
+DYNAMIC_API PEP_STATUS mark_as_compromized(
+        PEP_SESSION session,
+        const char *fpr
+    )
+{
+	int result;
+
+	assert(session);
+    assert(fpr && fpr[0]);
+
+    if (!(session && fpr && fpr[0]))
+        return PEP_ILLEGAL_VALUE;
+
+	sqlite3_reset(session->mark_compromized);
+    sqlite3_bind_text(session->mark_compromized, 1, fpr, -1,
+            SQLITE_STATIC);
+    result = sqlite3_step(session->mark_compromized);
+	sqlite3_reset(session->mark_compromized);
+
+    if (result != SQLITE_DONE)
+        return PEP_CANNOT_SET_IDENTITY;
+
+    return PEP_STATUS_OK;
+}
+
 void pEp_free(void *p)
 {
     free(p);

src/pEpEngine.h

@@ -445,6 +445,18 @@ DYNAMIC_API PEP_STATUS set_identity(
     );
 
 
+// mark_as_compromized() - mark key in trust db as compromized
+//
+//	parameters:
+//		session (in)		session handle
+//		fpr (in)            fingerprint of key to mark
+
+DYNAMIC_API PEP_STATUS mark_as_compromized(
+        PEP_SESSION session,
+        const char *fpr
+    );
+
+
 // generate_keypair() - generate a new key pair and add it to the key ring
 //
 //  parameters:

src/pEp_internal.h

@@ -86,6 +86,7 @@ typedef struct _pEpSession {
     sqlite3_stmt *set_trust;
     sqlite3_stmt *get_trust;
     sqlite3_stmt *least_trust;
+    sqlite3_stmt *mark_compromized;
 
     examine_identity_t examine_identity;
     void *examine_management;