Browse Source

ENGINE-294: basic code is in to remove blacklisting from anything but encrypt_message and outgoing_message_rating, but tests need to be extended, and have to switch to ENGINE-397 and fix that to keep the keyring clean.

doc_update_sequoia
Krista Bennett 4 years ago
parent
commit
c9cffaea4e
5 changed files with 158 additions and 43 deletions
  1. +27
    -20
      src/keymanagement.c
  2. +10
    -0
      src/keymanagement.h
  3. +77
    -1
      src/message_api.c
  4. +15
    -1
      test/blacklist_accept_new_key_test.cc
  5. +29
    -21
      test/blacklist_test.cc

+ 27
- 20
src/keymanagement.c View File

@ -43,7 +43,7 @@ static bool key_matches_address(PEP_SESSION session, const char* address,
}
PEP_STATUS elect_pubkey(
PEP_SESSION session, pEp_identity * identity
PEP_SESSION session, pEp_identity * identity, bool check_blacklist
)
{
PEP_STATUS status;
@ -76,10 +76,10 @@ PEP_STATUS elect_pubkey(
if (identity->comm_type == PEP_ct_unknown ||
_comm_type_key > identity->comm_type)
{
bool blacklisted;
bool mistrusted;
bool blacklisted = false;
bool mistrusted = false;
status = is_mistrusted_key(session, _keylist->value, &mistrusted);
if (status == PEP_STATUS_OK)
if (status == PEP_STATUS_OK && check_blacklist)
status = blacklist_is_listed(session, _keylist->value, &blacklisted);
if (status == PEP_STATUS_OK && !mistrusted && !blacklisted) {
identity->comm_type = _comm_type_key;
@ -106,7 +106,8 @@ PEP_STATUS elect_pubkey(
}
static PEP_STATUS validate_fpr(PEP_SESSION session,
pEp_identity* ident) {
pEp_identity* ident,
bool check_blacklist) {
PEP_STATUS status = PEP_STATUS_OK;
@ -173,7 +174,7 @@ static PEP_STATUS validate_fpr(PEP_SESSION session,
if (status != PEP_STATUS_OK)
return status;
if ((ct | PEP_ct_confirmed) == PEP_ct_OpenPGP &&
if (check_blacklist && (ct | PEP_ct_confirmed) == PEP_ct_OpenPGP &&
!ident->me) {
status = blacklist_is_listed(session,
fpr,
@ -274,7 +275,8 @@ PEP_STATUS get_valid_pubkey(PEP_SESSION session,
pEp_identity* stored_identity,
bool* is_identity_default,
bool* is_user_default,
bool* is_address_default) {
bool* is_address_default,
bool check_blacklist) {
PEP_STATUS status = PEP_STATUS_OK;
@ -291,7 +293,7 @@ PEP_STATUS get_valid_pubkey(PEP_SESSION session,
// Input: stored identity retrieved from database
// if stored identity contains a default key
if (!EMPTYSTR(stored_fpr)) {
status = validate_fpr(session, stored_identity);
status = validate_fpr(session, stored_identity, check_blacklist);
if (status == PEP_STATUS_OK && !EMPTYSTR(stored_identity->fpr)) {
*is_identity_default = *is_address_default = true;
return status;
@ -311,7 +313,7 @@ PEP_STATUS get_valid_pubkey(PEP_SESSION session,
if (!EMPTYSTR(user_fpr)) {
// There exists a default key for user, so validate
stored_identity->fpr = user_fpr;
status = validate_fpr(session, stored_identity);
status = validate_fpr(session, stored_identity, check_blacklist);
if (status == PEP_STATUS_OK && stored_identity->fpr) {
*is_user_default = true;
*is_address_default = key_matches_address(session,
@ -325,10 +327,10 @@ PEP_STATUS get_valid_pubkey(PEP_SESSION session,
}
}
status = elect_pubkey(session, stored_identity);
status = elect_pubkey(session, stored_identity, check_blacklist);
if (status == PEP_STATUS_OK) {
if (!EMPTYSTR(stored_identity->fpr))
validate_fpr(session, stored_identity);
validate_fpr(session, stored_identity, false); // blacklist already filtered of needed
}
else if (status != PEP_KEY_NOT_FOUND && first_reject_status != PEP_KEY_NOT_FOUND) {
first_reject_status = status;
@ -348,6 +350,11 @@ PEP_STATUS get_valid_pubkey(PEP_SESSION session,
stored_identity->comm_type = first_reject_comm_type;
break;
default:
if (check_blacklist && status == PEP_KEY_BLACKLISTED) {
free(stored_identity->fpr);
stored_identity->fpr = NULL;
stored_identity->comm_type = PEP_ct_key_not_found;
}
break;
}
return status;
@ -398,7 +405,8 @@ static PEP_STATUS prepare_updated_identity(PEP_SESSION session,
status = get_valid_pubkey(session, stored_ident,
&is_identity_default,
&is_user_default,
&is_address_default);
&is_address_default,
false);
if (status == PEP_STATUS_OK && stored_ident->fpr && *(stored_ident->fpr) != '\0') {
// set identity comm_type from trust db (user_id, FPR)
@ -599,7 +607,7 @@ DYNAMIC_API PEP_STATUS update_identity(
// (this is the input id without the fpr + comm type!)
if (status == PEP_STATUS_OK) {
elect_pubkey(session, identity);
elect_pubkey(session, identity, false);
}
// * We've already checked and retrieved
@ -694,7 +702,7 @@ DYNAMIC_API PEP_STATUS update_identity(
// any applicable temporary identities above. If we're
// here, none of them fit.
status = elect_pubkey(session, identity);
status = elect_pubkey(session, identity, false);
// * call set_identity() to store
if (identity->fpr)
@ -762,7 +770,7 @@ DYNAMIC_API PEP_STATUS update_identity(
identity->fpr = NULL;
identity->comm_type = PEP_ct_unknown;
status = elect_pubkey(session, identity);
status = elect_pubkey(session, identity, false);
if (identity->fpr)
status = get_key_rating(session, identity->fpr, &identity->comm_type);
@ -962,7 +970,7 @@ PEP_STATUS _myself(PEP_SESSION session, pEp_identity * identity, bool do_keygen,
// check stored identity
if (stored_identity && !EMPTYSTR(stored_identity->fpr)) {
// Fall back / retrieve
status = validate_fpr(session, stored_identity);
status = validate_fpr(session, stored_identity, false);
if (status == PEP_OUT_OF_MEMORY)
goto pep_free;
if (status == PEP_STATUS_OK) {
@ -1355,7 +1363,7 @@ DYNAMIC_API PEP_STATUS trust_personal_key(
// First, set up a temp trusted identity for the input fpr without a comm type;
tmp_id = new_identity(ident->address, ident->fpr, ident->user_id, NULL);
status = validate_fpr(session, tmp_id);
status = validate_fpr(session, tmp_id, false);
if (status == PEP_STATUS_OK) {
// Validate fpr gets trust DB or, when that fails, key comm type. we checked
@ -1414,7 +1422,7 @@ DYNAMIC_API PEP_STATUS trust_personal_key(
if (!tmp_user_ident)
status = PEP_OUT_OF_MEMORY;
else {
status = validate_fpr(session, tmp_user_ident);
status = validate_fpr(session, tmp_user_ident, false);
if (status != PEP_STATUS_OK ||
tmp_user_ident->comm_type < PEP_ct_strong_but_unconfirmed ||
@ -1678,7 +1686,7 @@ DYNAMIC_API PEP_STATUS set_own_key(
if (!me->fpr)
return PEP_OUT_OF_MEMORY;
status = validate_fpr(session, me);
status = validate_fpr(session, me, false);
if (status)
return status;
@ -1869,4 +1877,3 @@ PEP_STATUS pgp_import_ultimately_trusted_keypairs(PEP_SESSION session) {
return status;
}
#endif // USE_GPG

+ 10
- 0
src/keymanagement.h View File

@ -364,6 +364,16 @@ PEP_STATUS add_mistrusted_key(PEP_SESSION session, const char* fpr);
PEP_STATUS delete_mistrusted_key(PEP_SESSION session, const char* fpr);
PEP_STATUS is_mistrusted_key(PEP_SESSION session, const char* fpr, bool* mistrusted);
// Only call on retrieval of previously stored identity!
// Also, we presume that if the stored_identity was sent in
// without an fpr, there wasn't one in the trust DB for this
// identity.
PEP_STATUS get_valid_pubkey(PEP_SESSION session,
pEp_identity* stored_identity,
bool* is_identity_default,
bool* is_user_default,
bool* is_address_default,
bool check_blacklist);
#ifdef __cplusplus
}


+ 77
- 1
src/message_api.c View File

@ -6,6 +6,7 @@
#include "platform.h"
#include "mime.h"
#include "blacklist.h"
#include <assert.h>
#include <string.h>
@ -1533,6 +1534,26 @@ DYNAMIC_API PEP_STATUS encrypt_message(
_il->ident->comm_type = PEP_ct_key_not_found;
_status = PEP_STATUS_OK;
}
bool is_blacklisted = false;
if (_il->ident->fpr) {
_status = blacklist_is_listed(session, _il->ident->fpr, &is_blacklisted);
if (_status != PEP_STATUS_OK) {
// DB error
status = PEP_UNENCRYPTED;
goto pep_error;
}
if (is_blacklisted) {
bool user_default, ident_default, address_default;
_status = get_valid_pubkey(session, _il->ident,
&ident_default, &user_default,
&address_default,
true);
if (_status != PEP_STATUS_OK || _il->ident->fpr == NULL) {
_il->ident->comm_type = PEP_ct_key_not_found;
_status = PEP_STATUS_OK;
}
}
}
if (!has_pep_user && !EMPTYSTR(_il->ident->user_id))
is_pep_user(session, _il->ident, &has_pep_user);
}
@ -1565,6 +1586,26 @@ DYNAMIC_API PEP_STATUS encrypt_message(
_il->ident->comm_type = PEP_ct_key_not_found;
_status = PEP_STATUS_OK;
}
bool is_blacklisted = false;
if (_il->ident->fpr) {
_status = blacklist_is_listed(session, _il->ident->fpr, &is_blacklisted);
if (_status != PEP_STATUS_OK) {
// DB error
status = PEP_UNENCRYPTED;
goto pep_error;
}
if (is_blacklisted) {
bool user_default, ident_default, address_default;
_status = get_valid_pubkey(session, _il->ident,
&ident_default, &user_default,
&address_default,
true);
if (_status != PEP_STATUS_OK || _il->ident->fpr == NULL) {
_il->ident->comm_type = PEP_ct_key_not_found;
_status = PEP_STATUS_OK;
}
}
}
if (!has_pep_user && !EMPTYSTR(_il->ident->user_id))
is_pep_user(session, _il->ident, &has_pep_user);
}
@ -1596,6 +1637,26 @@ DYNAMIC_API PEP_STATUS encrypt_message(
_il->ident->comm_type = PEP_ct_key_not_found;
_status = PEP_STATUS_OK;
}
bool is_blacklisted = false;
if (_il->ident->fpr) {
_status = blacklist_is_listed(session, _il->ident->fpr, &is_blacklisted);
if (_status != PEP_STATUS_OK) {
// DB error
status = PEP_UNENCRYPTED;
goto pep_error;
}
if (is_blacklisted) {
bool user_default, ident_default, address_default;
_status = get_valid_pubkey(session, _il->ident,
&ident_default, &user_default,
&address_default,
true);
if (_status != PEP_STATUS_OK || _il->ident->fpr == NULL) {
_il->ident->comm_type = PEP_ct_key_not_found;
_status = PEP_STATUS_OK;
}
}
}
if (!has_pep_user && !EMPTYSTR(_il->ident->user_id))
is_pep_user(session, _il->ident, &has_pep_user);
}
@ -2919,7 +2980,22 @@ static void _max_comm_type_from_identity_list(
status = update_identity(session, il->ident);
else
status = myself(session, il->ident);
bool is_blacklisted = false;
if (il->ident->fpr) {
status = blacklist_is_listed(session, il->ident->fpr, &is_blacklisted);
if (is_blacklisted) {
bool user_default, ident_default, address_default;
status = get_valid_pubkey(session, il->ident,
&ident_default, &user_default,
&address_default,
true);
if (status != PEP_STATUS_OK || il->ident->fpr == NULL) {
il->ident->comm_type = PEP_ct_key_not_found;
}
}
}
// check for the return statuses which might not a representative
// value in the comm_type
if (status == PEP_ILLEGAL_VALUE || status == PEP_CANNOT_SET_PERSON ||


+ 15
- 1
test/blacklist_accept_new_key_test.cc View File

@ -48,7 +48,20 @@ int main() {
PEP_STATUS status8 = update_identity(session, blacklisted_identity);
PEP_STATUS status9 = blacklist_add(session, bl_fpr_1);
PEP_STATUS status10 = blacklist_is_listed(session, bl_fpr_1, &is_blacklisted);
assert(is_blacklisted);
PEP_STATUS status11 = update_identity(session, blacklisted_identity);
assert(status11 == PEP_KEY_BLACKLISTED);
assert(_streq(bl_fpr_1, blacklisted_identity->fpr));
bool id_def, us_def, addr_def;
status11 = get_valid_pubkey(session, blacklisted_identity,
&id_def, &us_def, &addr_def, true);
if (!(blacklisted_identity->fpr))
cout << "OK! blacklisted_identity->fpr is empty. Yay!" << endl;
else
cout << "Not OK. blacklisted_identity->fpr is " << blacklisted_identity->fpr << "." << endl
<< "Expected it to be empty." << endl;
assert(!(blacklisted_identity->fpr) || blacklisted_identity->fpr[0] == '\0');
/* identity is blacklisted. Now let's read in a message which contains a new key for that ID. */
@ -67,7 +80,8 @@ int main() {
assert(status == PEP_STATUS_OK);
status = decrypt_message(session, msg_ptr, &dest_msg, &keylist, &rating, &flags);
PEP_STATUS status12 = update_identity(session, blacklisted_identity);
PEP_STATUS status12 = get_valid_pubkey(session, blacklisted_identity,
&id_def, &us_def, &addr_def, true);
assert(strcasecmp(blacklisted_identity->fpr, new_key) == 0);


+ 29
- 21
test/blacklist_test.cc View File

@ -92,7 +92,7 @@ int main() {
"Blacklist Keypair");
PEP_STATUS status8 = update_identity(session, blacklisted_identity);
// THERE IS NO BLACKLISTING OF PEP KEYS
//blacklisted_identity->comm_type = PEP_ct_pEp;
blacklisted_identity->comm_type = PEP_ct_OpenPGP_unconfirmed;
@ -108,6 +108,15 @@ int main() {
PEP_STATUS status9 = blacklist_add(session, bl_fpr_1);
status10 = blacklist_is_listed(session, bl_fpr_1, &is_blacklisted);
PEP_STATUS status11 = update_identity(session, blacklisted_identity);
/* new!!! */
assert(is_blacklisted);
assert(status11 == PEP_KEY_BLACKLISTED);
assert(_streq(bl_fpr_1, blacklisted_identity->fpr));
bool id_def, us_def, addr_def;
status11 = get_valid_pubkey(session, blacklisted_identity,
&id_def, &us_def, &addr_def, true);
if (!(blacklisted_identity->fpr))
cout << "OK! blacklisted_identity->fpr is empty. Yay!" << endl;
else if (strcmp(blacklisted_identity->fpr, bl_fpr_2) == 0)
@ -120,7 +129,6 @@ int main() {
<< "Expected it to be empty or (possibly) " << bl_fpr_2 << endl;
assert(!(blacklisted_identity->fpr) || blacklisted_identity->fpr[0] == '\0'|| (strcmp(blacklisted_identity->fpr, bl_fpr_2) == 0));
const string keytext2 = slurp("blacklisted_pub2.asc");
PEP_STATUS status14 = import_key(session, keytext2.c_str(), keytext2.length(), NULL);
@ -129,25 +137,25 @@ int main() {
NULL,
"Blacklist Keypair");
PEP_STATUS status15 = update_identity(session, blacklisted_identity2);
assert(blacklisted_identity2->fpr && strcmp(blacklisted_identity2->fpr, bl_fpr_2) == 0);
if (blacklisted_identity2->fpr && strcmp(blacklisted_identity2->fpr, bl_fpr_2) == 0)
cout << "blacklisted identity's fpr successfully replaced by the unblacklisted one" << endl;
// else
// cout << "blacklisted_identity->fpr should be " << bl_fpr_2 << " but is " << blacklisted_identity->fpr << endl;
PEP_STATUS status12 = blacklist_delete(session, bl_fpr_1);
PEP_STATUS status13 = update_identity(session, blacklisted_identity);
pEp_identity* stored_identity = new_identity("blacklistedkeys@kgrothoff.org",
NULL,
blacklisted_identity->user_id,
"Blacklist Keypair");
PEP_STATUS status00 = update_identity(session, stored_identity);
// FIXME
// assert(stored_identity->comm_type == PEP_ct_pEp);
//
// assert(blacklisted_identity2->fpr && strcmp(blacklisted_identity2->fpr, bl_fpr_2) == 0);
// if (blacklisted_identity2->fpr && strcmp(blacklisted_identity2->fpr, bl_fpr_2) == 0)
// cout << "blacklisted identity's fpr successfully replaced by the unblacklisted one" << endl;
// // else
// // cout << "blacklisted_identity->fpr should be " << bl_fpr_2 << " but is " << blacklisted_identity->fpr << endl;
//
// PEP_STATUS status12 = blacklist_delete(session, bl_fpr_1);
// PEP_STATUS status13 = update_identity(session, blacklisted_identity);
//
// pEp_identity* stored_identity = new_identity("blacklistedkeys@kgrothoff.org",
// NULL,
// blacklisted_identity->user_id,
// "Blacklist Keypair");
//
// PEP_STATUS status00 = update_identity(session, stored_identity);
//
// // FIXME
// // assert(stored_identity->comm_type == PEP_ct_pEp);
PEP_STATUS status16 = delete_keypair(session, bl_fpr_1);
update_identity(session, blacklisted_identity);


Loading…
Cancel
Save