You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2106 lines
70 KiB
C
2106 lines
70 KiB
C
/**
|
|
* @file pEpEngine.h
|
|
* @brief pEp Engine API, as well as exposed internal functions and structures. (The latter should probably be factored out at some point)
|
|
* @license GNU General Public License 3.0 - see LICENSE.txt
|
|
*/
|
|
|
|
#ifndef PEP_ENGINE_H
|
|
#define PEP_ENGINE_H
|
|
|
|
#ifdef __cplusplus
|
|
extern "C" {
|
|
#endif
|
|
|
|
#include <stddef.h>
|
|
#include <stdint.h>
|
|
#include <stdbool.h>
|
|
|
|
#include "dynamic_api.h"
|
|
#include "stringlist.h"
|
|
#include "stringpair.h"
|
|
#include "labeled_int_list.h"
|
|
#include "timestamp.h"
|
|
|
|
#define PEP_VERSION "3.2" ///< pEp *protocol* version
|
|
|
|
/// @def PEP_ENGINE_VERSION
|
|
/// RELEASE version this targets. Each item indicates the last already-released
|
|
/// or being-released version.
|
|
/// The optional plus sign at the end means that the current version contains
|
|
/// changes which follow the release.
|
|
/// When the branch is in a non-RC or non-plus state we can just comment the
|
|
/// definition of PEP_ENGINE_VERSION_RC , the definition of
|
|
/// PEP_ENGINE_VERSION_PLUS , or both.
|
|
|
|
#define PEP_ENGINE_VERSION_MAJOR 3
|
|
#define PEP_ENGINE_VERSION_MINOR 2
|
|
#define PEP_ENGINE_VERSION_PATCH 0 // the last already-released or
|
|
// being-released patchlevel,
|
|
// which must always be defined
|
|
#define PEP_ENGINE_VERSION_RC 7 // the last already-released RC for this
|
|
// patchlevel, or not defined if not an RC
|
|
#define PEP_ENGINE_VERSION_PLUS + // Only defined when the repo is in a
|
|
// non-released non-RC state.
|
|
|
|
/* The following macros serve to machine-generate a definition of
|
|
PEP_ENGINE_VERSION, following the correct format as a string, from the
|
|
definitions above. The format is
|
|
major.minor.patch[-RCrc][+]
|
|
. */
|
|
#define _PEP_STRINGIZE_INTERNAL(X) \
|
|
/* This ugly CPP stringizing hack is more or less standard. It is \
|
|
explained in the GNU CPP manual at §"Stringizing". */ \
|
|
#X
|
|
#define _PEP_STRINGIZE(X) \
|
|
/* See the comment in _PEP_STRINGIZE_INTERNAL . */ \
|
|
_PEP_STRINGIZE_INTERNAL(X)
|
|
#if defined (PEP_ENGINE_VERSION_RC)
|
|
# define _PEP_ENGINE_VERSION_RC_STRING \
|
|
"-RC" _PEP_STRINGIZE(PEP_ENGINE_VERSION_RC)
|
|
#else
|
|
# define _PEP_ENGINE_VERSION_RC_STRING \
|
|
""
|
|
#endif /* PEP_ENGINE_VERSION_RC */
|
|
#if defined (PEP_ENGINE_VERSION_PLUS)
|
|
# define _PEP_ENGINE_VERSION_PLUS_STRING "+"
|
|
#else
|
|
# define _PEP_ENGINE_VERSION_PLUS_STRING ""
|
|
#endif /* PEP_ENGINE_VERSION_PLUS */
|
|
/** @internal
|
|
* An internal convenience macro to generate PEP_ENGINE_VERSION. */
|
|
#define _PEP_MAKE_ENGINE_VERSION(major, minor, patch, rc_string, \
|
|
plus_string) \
|
|
_PEP_STRINGIZE (major) "." \
|
|
_PEP_STRINGIZE (minor) "." \
|
|
_PEP_STRINGIZE (patch) \
|
|
rc_string \
|
|
plus_string
|
|
|
|
/** The actual public definition. */
|
|
#define PEP_ENGINE_VERSION \
|
|
_PEP_MAKE_ENGINE_VERSION(PEP_ENGINE_VERSION_MAJOR, \
|
|
PEP_ENGINE_VERSION_MINOR, \
|
|
PEP_ENGINE_VERSION_PATCH, \
|
|
_PEP_ENGINE_VERSION_RC_STRING, \
|
|
_PEP_ENGINE_VERSION_PLUS_STRING)
|
|
|
|
#define PEP_OWN_USERID "pEp_own_userId"
|
|
|
|
// pEp Engine API
|
|
|
|
// caveat:
|
|
// Unicode data has to be normalized to NFC before calling
|
|
// UTF-8 strings are UTF-8 encoded C strings (zero terminated)
|
|
|
|
|
|
struct _pEpSession;
|
|
typedef struct _pEpSession * PEP_SESSION;
|
|
|
|
/**
|
|
* @enum PEP_STATUS
|
|
*
|
|
* @brief Collection of all status codes Engine API functions might return
|
|
*
|
|
*/
|
|
typedef enum {
|
|
PEP_STATUS_OK = 0,
|
|
|
|
PEP_INIT_CANNOT_LOAD_CRYPTO_LIB = 0x0110,
|
|
PEP_INIT_CRYPTO_LIB_INIT_FAILED = 0x0111,
|
|
PEP_INIT_NO_CRYPTO_HOME = 0x0112,
|
|
// PEP_INIT_NETPGP_INIT_FAILED = 0x0113,
|
|
PEP_INIT_CANNOT_DETERMINE_CRYPTO_VERSION = 0x0114,
|
|
PEP_INIT_UNSUPPORTED_CRYPTO_VERSION = 0x0115,
|
|
PEP_INIT_CANNOT_CONFIG_CRYPTO_AGENT = 0x0116,
|
|
|
|
PEP_INIT_SQLITE3_WITHOUT_MUTEX = 0x0120,
|
|
PEP_INIT_CANNOT_OPEN_DB = 0x0121,
|
|
PEP_INIT_CANNOT_OPEN_SYSTEM_DB = 0x0122,
|
|
PEP_INIT_DB_DOWNGRADE_VIOLATION = 0x0123,
|
|
PEP_UNKNOWN_DB_ERROR = 0x01ff,
|
|
|
|
PEP_KEY_NOT_FOUND = 0x0201,
|
|
PEP_KEY_HAS_AMBIG_NAME = 0x0202,
|
|
PEP_GET_KEY_FAILED = 0x0203,
|
|
PEP_CANNOT_EXPORT_KEY = 0x0204,
|
|
PEP_CANNOT_EDIT_KEY = 0x0205,
|
|
PEP_KEY_UNSUITABLE = 0x0206,
|
|
PEP_MALFORMED_KEY_RESET_MSG = 0x0210,
|
|
PEP_KEY_NOT_RESET = 0x0211,
|
|
PEP_CANNOT_DELETE_KEY = 0x0212,
|
|
|
|
PEP_KEY_IMPORTED = 0x0220,
|
|
PEP_NO_KEY_IMPORTED = 0x0221,
|
|
PEP_KEY_IMPORT_STATUS_UNKNOWN = 0x0222,
|
|
PEP_SOME_KEYS_IMPORTED = 0x0223,
|
|
|
|
PEP_CANNOT_FIND_IDENTITY = 0x0301,
|
|
PEP_CANNOT_SET_PERSON = 0x0381,
|
|
PEP_CANNOT_SET_PGP_KEYPAIR = 0x0382,
|
|
PEP_CANNOT_SET_IDENTITY = 0x0383,
|
|
PEP_CANNOT_SET_TRUST = 0x0384,
|
|
PEP_KEY_BLACKLISTED = 0x0385, /// @deprecated
|
|
PEP_CANNOT_FIND_PERSON = 0x0386,
|
|
PEP_CANNOT_SET_PEP_VERSION = 0X0387,
|
|
|
|
PEP_CANNOT_FIND_ALIAS = 0x0391,
|
|
PEP_CANNOT_SET_ALIAS = 0x0392,
|
|
PEP_NO_OWN_USERID_FOUND = 0x0393,
|
|
|
|
PEP_UNENCRYPTED = 0x0400,
|
|
PEP_VERIFIED = 0x0401,
|
|
PEP_DECRYPTED = 0x0402,
|
|
PEP_DECRYPTED_AND_VERIFIED = 0x0403,
|
|
PEP_DECRYPT_WRONG_FORMAT = 0x0404,
|
|
PEP_DECRYPT_NO_KEY = 0x0405,
|
|
PEP_DECRYPT_SIGNATURE_DOES_NOT_MATCH = 0x0406,
|
|
PEP_VERIFY_NO_KEY = 0x0407,
|
|
PEP_VERIFIED_AND_TRUSTED = 0x0408,
|
|
PEP_CANNOT_REENCRYPT = 0x0409,
|
|
PEP_VERIFY_SIGNER_KEY_REVOKED = 0x040a,
|
|
PEP_CANNOT_DECRYPT_UNKNOWN = 0x04ff,
|
|
|
|
|
|
PEP_TRUSTWORD_NOT_FOUND = 0x0501,
|
|
PEP_TRUSTWORDS_FPR_WRONG_LENGTH = 0x0502,
|
|
PEP_TRUSTWORDS_DUPLICATE_FPR = 0x0503,
|
|
|
|
PEP_CANNOT_CREATE_KEY = 0x0601,
|
|
PEP_CANNOT_SEND_KEY = 0x0602,
|
|
|
|
PEP_PHRASE_NOT_FOUND = 0x0701,
|
|
|
|
PEP_SEND_FUNCTION_NOT_REGISTERED = 0x0801,
|
|
PEP_CONTRAINTS_VIOLATED = 0x0802,
|
|
PEP_CANNOT_ENCODE = 0x0803,
|
|
|
|
PEP_SYNC_NO_NOTIFY_CALLBACK = 0x0901,
|
|
PEP_SYNC_ILLEGAL_MESSAGE = 0x0902,
|
|
PEP_SYNC_NO_INJECT_CALLBACK = 0x0903,
|
|
PEP_SYNC_NO_CHANNEL = 0x0904,
|
|
PEP_SYNC_CANNOT_ENCRYPT = 0x0905,
|
|
PEP_SYNC_NO_MESSAGE_SEND_CALLBACK = 0x0906,
|
|
PEP_SYNC_CANNOT_START = 0x0907,
|
|
|
|
PEP_CANNOT_INCREASE_SEQUENCE = 0x0971,
|
|
|
|
PEP_STATEMACHINE_ERROR = 0x0980,
|
|
PEP_NO_TRUST = 0x0981,
|
|
PEP_STATEMACHINE_INVALID_STATE = 0x0982,
|
|
PEP_STATEMACHINE_INVALID_EVENT = 0x0983,
|
|
PEP_STATEMACHINE_INVALID_CONDITION = 0x0984,
|
|
PEP_STATEMACHINE_INVALID_ACTION = 0x0985,
|
|
PEP_STATEMACHINE_INHIBITED_EVENT = 0x0986,
|
|
PEP_STATEMACHINE_CANNOT_SEND = 0x0987,
|
|
|
|
PEP_PASSPHRASE_REQUIRED = 0x0a00,
|
|
PEP_WRONG_PASSPHRASE = 0x0a01,
|
|
PEP_PASSPHRASE_FOR_NEW_KEYS_REQUIRED = 0x0a02,
|
|
|
|
PEP_CANNOT_CREATE_GROUP = 0x0b00,
|
|
PEP_CANNOT_FIND_GROUP_ENTRY = 0x0b01,
|
|
PEP_GROUP_EXISTS = 0x0b02,
|
|
PEP_GROUP_NOT_FOUND = 0x0b03,
|
|
PEP_CANNOT_ENABLE_GROUP = 0x0b04,
|
|
PEP_CANNOT_DISABLE_GROUP = 0x0b05,
|
|
PEP_CANNOT_ADD_GROUP_MEMBER = 0x0b06,
|
|
PEP_CANNOT_DEACTIVATE_GROUP_MEMBER = 0x0b07,
|
|
PEP_NO_MEMBERSHIP_STATUS_FOUND = 0x0b08,
|
|
PEP_CANNOT_LEAVE_GROUP = 0x0b09,
|
|
PEP_CANNOT_JOIN_GROUP = 0x0b0a,
|
|
PEP_CANNOT_RETRIEVE_MEMBERSHIP_INFO = 0x0b0b,
|
|
|
|
PEP_DISTRIBUTION_ILLEGAL_MESSAGE = 0x1002,
|
|
PEP_STORAGE_ILLEGAL_MESSAGE = 0x1102,
|
|
PEP_PEPMESSAGE_ILLEGAL_MESSAGE = 0x1202,
|
|
|
|
// transport cannot init at all
|
|
PEP_TRANSPORT_CANNOT_INIT = 0x2000,
|
|
|
|
// transport can init recv but not send
|
|
PEP_TRANSPORT_CANNOT_INIT_SEND = 0x2001,
|
|
|
|
// transport can init send but not recv
|
|
PEP_TRANSPORT_CANNOT_INIT_RECV = 0x2002,
|
|
|
|
// transport init good but temporary down
|
|
PEP_TRANSPORT_DOWN = 0x2003,
|
|
|
|
// general error in transport
|
|
PEP_TRANSPORT_ERROR = 0x20ff,
|
|
|
|
PEP_COMMIT_FAILED = 0xff01,
|
|
PEP_MESSAGE_CONSUME = 0xff02,
|
|
PEP_MESSAGE_IGNORE = 0xff03,
|
|
PEP_CANNOT_CONFIG = 0xff04,
|
|
|
|
PEP_UNBOUND_ENVIRONMENT_VARIABLE = -8,
|
|
PEP_PATH_SYNTAX_ERROR = -7,
|
|
PEP_RECORD_NOT_FOUND = -6,
|
|
PEP_CANNOT_CREATE_TEMP_FILE = -5,
|
|
PEP_ILLEGAL_VALUE = -4,
|
|
PEP_BUFFER_TOO_SMALL = -3,
|
|
PEP_OUT_OF_MEMORY = -2,
|
|
PEP_UNKNOWN_ERROR = -1,
|
|
|
|
PEP_VERSION_MISMATCH = -9,
|
|
} PEP_STATUS;
|
|
|
|
/**
|
|
* @enum PEP_enc_format
|
|
*
|
|
* @brief TODO
|
|
*
|
|
*/
|
|
typedef enum _PEP_enc_format {
|
|
PEP_enc_none = 0, // message is not encrypted
|
|
PEP_enc_pieces = 1, // inline PGP + PGP extensions, was removed
|
|
PEP_enc_inline = 1, // still there
|
|
PEP_enc_S_MIME, // RFC5751
|
|
PEP_enc_PGP_MIME, // RFC3156
|
|
PEP_enc_PEP, // pEp encryption format
|
|
PEP_enc_PGP_MIME_Outlook1, // Message B0rken by Outlook type 1
|
|
PEP_enc_inline_EA,
|
|
PEP_enc_auto = 255 // figure out automatically where possible
|
|
} PEP_enc_format;
|
|
|
|
/**
|
|
* @enum PEP_rating
|
|
*
|
|
* @brief TODO
|
|
*
|
|
*/
|
|
typedef enum _PEP_rating {
|
|
PEP_rating_undefined = 0,
|
|
|
|
// no color
|
|
|
|
PEP_rating_cannot_decrypt = 1,
|
|
PEP_rating_have_no_key = 2,
|
|
PEP_rating_unencrypted = 3,
|
|
PEP_rating_unreliable = 5,
|
|
|
|
PEP_rating_b0rken = -2,
|
|
|
|
// yellow
|
|
|
|
PEP_rating_reliable = 6,
|
|
|
|
// green
|
|
|
|
PEP_rating_trusted = 7,
|
|
PEP_rating_trusted_and_anonymized = 8,
|
|
PEP_rating_fully_anonymous = 9,
|
|
|
|
// red
|
|
|
|
PEP_rating_mistrust = -1,
|
|
PEP_rating_under_attack = -3
|
|
} PEP_rating;
|
|
|
|
|
|
/**
|
|
* <!-- messageToSend() -->
|
|
*
|
|
* @brief A message needs to be delivered by application
|
|
*
|
|
* @param[in] msg message struct with message to send
|
|
*
|
|
* @retval PEP_STATUS_OK or any other value on error
|
|
*
|
|
* @warning the ownership of msg goes to the callee
|
|
*
|
|
*/
|
|
|
|
struct _message;
|
|
typedef PEP_STATUS (*messageToSend_t)(struct _message *msg);
|
|
|
|
|
|
struct Sync_event;
|
|
typedef struct Sync_event *SYNC_EVENT;
|
|
|
|
/**
|
|
* <!-- free_Sync_event() -->
|
|
*
|
|
* @brief Free memory occupied by sync protocol message
|
|
*
|
|
* @param[in] ev event to free
|
|
*
|
|
*
|
|
*/
|
|
|
|
DYNAMIC_API void free_Sync_event(SYNC_EVENT ev);
|
|
|
|
|
|
/**
|
|
* <!-- inject_sync_event() -->
|
|
*
|
|
* @brief Inject sync protocol message
|
|
*
|
|
* @param[in] ev event to inject
|
|
* @param[in] management application defined; usually a locked queue
|
|
*
|
|
* @retval 0 if event could be stored successfully
|
|
* @retval nonzero otherwise
|
|
*
|
|
* @warning if ev is SHUTDOWN then the implementation has to be synchronous
|
|
* and the shutdown must be immediate
|
|
*
|
|
*/
|
|
|
|
typedef int (*inject_sync_event_t)(SYNC_EVENT ev, void *management);
|
|
|
|
/**
|
|
* <!-- ensure_passphrase() -->
|
|
*
|
|
* @brief Callee ensures correct password for (signing) key is configured in the session on
|
|
* return, or returns error when it is not found
|
|
*
|
|
* @param[in] fpr fpr to check
|
|
*
|
|
* @retval PEP_STATUS_OK passphrase is configured and ready to use
|
|
* @retval PEP_PASSPHRASE* If the caller runs out of passphrases to try, PEP_*PASSWORD* errors
|
|
* are acceptable.
|
|
* @retval **ERROR** Other errors if, for example, the key is not found
|
|
* @warning The callee is responsible for iterating through passwords
|
|
* to ensure signing/encryption can occur successfully.
|
|
*
|
|
*/
|
|
typedef PEP_STATUS (*ensure_passphrase_t)(PEP_SESSION session, const char* fpr);
|
|
|
|
/**
|
|
* <!-- init() -->
|
|
*
|
|
* @brief Initialize pEpEngine for a thread
|
|
*
|
|
* @param[out] session init() allocates session memory and
|
|
* returns a pointer as a handle
|
|
* @param[in] messageToSend callback for sending message by the
|
|
* application
|
|
* @param[in] inject_sync_event callback for injecting a sync event
|
|
* @param[in] ensure_passphrase callback for ensuring correct password for key is set
|
|
*
|
|
* @retval PEP_STATUS_OK if init() succeeds
|
|
* @retval PEP_INIT_SQLITE3_WITHOUT_MUTEX if SQLite3 was compiled with
|
|
* SQLITE_THREADSAFE 0
|
|
* @retval PEP_INIT_CANNOT_LOAD_CRYPTO_LIB if crypto lin cannot be found
|
|
* @retval PEP_INIT_CRYPTO_LIB_INIT_FAILED if CRYPTO_LIB init fails
|
|
* @retval PEP_INIT_CANNOT_OPEN_DB if user's management db cannot be
|
|
* opened
|
|
* @retval PEP_INIT_CANNOT_OPEN_SYSTEM_DB if system's management db cannot be
|
|
* opened
|
|
*
|
|
* @warning THE CALLER MUST GUARD THIS CALL EXTERNALLY WITH A MUTEX. release()
|
|
* should be similarly guarded.
|
|
*
|
|
* @warning the pointer is valid only if the return value is PEP_STATUS_OK
|
|
* in other case a NULL pointer will be returned; a valid handle must
|
|
* be released using release() when it's no longer needed
|
|
*
|
|
* @warning the caller has to guarantee that the first call to this function
|
|
* will succeed before further calls can be done
|
|
* messageToSend can only be null if no transport is application based
|
|
* if transport system is not used it must not be NULL
|
|
*
|
|
* @warning ensure_refresh_key should only be NULL if the
|
|
* caller can guarantee that there is only one single or zero passphrases
|
|
* used in the whole of the keys database
|
|
*
|
|
*/
|
|
|
|
DYNAMIC_API PEP_STATUS init(
|
|
PEP_SESSION *session,
|
|
messageToSend_t messageToSend,
|
|
inject_sync_event_t inject_sync_event,
|
|
ensure_passphrase_t ensure_passphrase
|
|
);
|
|
|
|
|
|
|
|
/**
|
|
* <!-- release() -->
|
|
*
|
|
* @brief Release thread session handle
|
|
*
|
|
* @param[in] session session handle to release
|
|
*
|
|
* @warning THE CALLER MUST GUARD THIS CALL EXTERNALLY WITH A MUTEX. init() should
|
|
* be similarly guarded.
|
|
*
|
|
* @warning the last release() can be called only when all other release() calls
|
|
* are done
|
|
*
|
|
*/
|
|
|
|
DYNAMIC_API void release(PEP_SESSION session);
|
|
|
|
/**
|
|
* <!-- config_passive_mode() -->
|
|
*
|
|
* @brief Enable passive mode
|
|
*
|
|
* @param[in] session session handle
|
|
* @param[in] enable flag if enabled or disabled
|
|
*
|
|
*
|
|
*/
|
|
|
|
DYNAMIC_API void config_passive_mode(PEP_SESSION session, bool enable);
|
|
|
|
|
|
/**
|
|
* <!-- config_unencrypted_subject() -->
|
|
*
|
|
* @brief Disable subject encryption
|
|
*
|
|
* @param[in] session session handle
|
|
* @param[in] enable flag if enabled or disabled
|
|
*
|
|
*
|
|
*/
|
|
|
|
DYNAMIC_API void config_unencrypted_subject(PEP_SESSION session, bool enable);
|
|
|
|
|
|
/**
|
|
* <!-- config_use_only_own_private_keys() -->
|
|
*
|
|
* @brief Enable passive mode
|
|
*
|
|
* @param[in] session session handle
|
|
* @param[in] enable flag if enabled or disabled
|
|
*
|
|
*
|
|
*/
|
|
|
|
DYNAMIC_API void config_use_only_own_private_keys(PEP_SESSION session, bool enable);
|
|
|
|
|
|
/**
|
|
* <!-- config_service_log() -->
|
|
*
|
|
* @brief Log more for service purposes
|
|
*
|
|
* @param[in] session session handle
|
|
* @param[in] enable flag if enabled or disabled
|
|
*
|
|
*
|
|
*/
|
|
|
|
DYNAMIC_API void config_service_log(PEP_SESSION session, bool enable);
|
|
|
|
|
|
/**
|
|
* @typedef PEP_CIPHER_SUITE
|
|
*
|
|
* @brief TODO
|
|
*
|
|
*/
|
|
typedef enum {
|
|
PEP_CIPHER_SUITE_DEFAULT = 0,
|
|
PEP_CIPHER_SUITE_CV25519 = 1,
|
|
PEP_CIPHER_SUITE_P256 = 2,
|
|
PEP_CIPHER_SUITE_P384 = 3,
|
|
PEP_CIPHER_SUITE_P521 = 4,
|
|
PEP_CIPHER_SUITE_RSA2K = 5,
|
|
PEP_CIPHER_SUITE_RSA3K = 6,
|
|
PEP_CIPHER_SUITE_RSA4K = 7,
|
|
PEP_CIPHER_SUITE_RSA8K = 8
|
|
} PEP_CIPHER_SUITE;
|
|
|
|
/**
|
|
* <!-- config_cipher_suite() -->
|
|
*
|
|
* @brief Cipher suite being used when encrypting
|
|
*
|
|
* @param[in] session session handle
|
|
* @param[in] suite cipher suite to use
|
|
*
|
|
* @retval PEP_STATUS_OK cipher suite configured
|
|
* @retval PEP_CANNOT_CONFIG configuration failed; falling back to default
|
|
* @retval PEP_ILLEGAL_VALUE illegal parameter values
|
|
*
|
|
* @warning the default ciphersuite for a crypt tech implementation is implementation defined
|
|
*
|
|
*/
|
|
|
|
DYNAMIC_API PEP_STATUS config_cipher_suite(PEP_SESSION session,
|
|
PEP_CIPHER_SUITE suite);
|
|
|
|
|
|
/**
|
|
* <!-- decrypt_and_verify() -->
|
|
*
|
|
* @brief Decrypt and/or verify a message
|
|
*
|
|
* @param[in] session session handle
|
|
* @param[in] ctext cipher text to decrypt and/or verify
|
|
* @param[in] csize size of cipher text
|
|
* @param[in] dsigtext if extant, *detached* signature text for this
|
|
* message (or NULL if not)
|
|
* @param[in] dsigsize size of *detached* signature text for this
|
|
* message (0, if no detached sig exists)
|
|
* @param[out] ptext pointer to internal buffer with plain text
|
|
* @param[out] psize size of plain text
|
|
* @param[out] keylist list of key ids which where used to encrypt
|
|
* @param[out] filename_ptr mails produced by certain PGP implementations
|
|
* may return a decrypted filename here for attachments.
|
|
* Externally, this can generally be NULL, and is an optional
|
|
* parameter.
|
|
*
|
|
* @retval PEP_UNENCRYPTED message was unencrypted and not signed
|
|
* @retval PEP_VERIFIED message was unencrypted, signature matches
|
|
* @retval PEP_DECRYPTED message is decrypted now, no signature
|
|
* @retval PEP_DECRYPTED_AND_VERIFIED message is decrypted now and verified
|
|
* @retval PEP_DECRYPT_WRONG_FORMAT message has wrong format to handle
|
|
* @retval PEP_DECRYPT_NO_KEY key not available to decrypt and/or verify
|
|
* @retval PEP_DECRYPT_SIGNATURE_DOES_NOT_MATCH wrong signature
|
|
* @retval PEP_ILLEGAL_VALUE illegal parameter values
|
|
*
|
|
* @warning the ownerships of ptext as well as keylist are going to the caller
|
|
* the caller must use free() (or an Windoze pEp_free()) and
|
|
* free_stringlist() to free them
|
|
*
|
|
* @note if this function fails an error message may be the first element of
|
|
* keylist and the other elements may be the keys used for encryption
|
|
*
|
|
*/
|
|
|
|
DYNAMIC_API PEP_STATUS decrypt_and_verify(
|
|
PEP_SESSION session, const char *ctext, size_t csize,
|
|
const char *dsigtext, size_t dsigsize,
|
|
char **ptext, size_t *psize, stringlist_t **keylist,
|
|
char ** filename_ptr
|
|
);
|
|
|
|
|
|
/**
|
|
* <!-- verify_text() -->
|
|
*
|
|
* @brief Verfy plain text with a digital signature
|
|
*
|
|
* @param[in] session session handle
|
|
* @param[in] text text to verify
|
|
* @param[in] size size of text
|
|
* @param[in] signature signature text
|
|
* @param[in] sig_size size of signature
|
|
* @param[out] keylist list of key ids which where used to encrypt or NULL on
|
|
* error
|
|
*
|
|
* @retval PEP_VERIFIED message was unencrypted, signature matches
|
|
* @retval PEP_DECRYPT_NO_KEY key not available to decrypt and/or verify
|
|
* @retval PEP_DECRYPT_SIGNATURE_DOES_NOT_MATCH wrong signature
|
|
* @retval PEP_ILLEGAL_VALUE illegal parameter values
|
|
*
|
|
*/
|
|
|
|
DYNAMIC_API PEP_STATUS verify_text(
|
|
PEP_SESSION session, const char *text, size_t size,
|
|
const char *signature, size_t sig_size, stringlist_t **keylist
|
|
);
|
|
|
|
|
|
/**
|
|
* <!-- encrypt_and_sign() -->
|
|
*
|
|
* @brief Encrypt and sign a message
|
|
*
|
|
* @param[in] session session handle
|
|
* @param[in] keylist list of key ids to encrypt with as C strings
|
|
* @param[in] ptext plain text to encrypt
|
|
* @param[in] psize size of plain text
|
|
* @param[out] ctext pointer to internal buffer with cipher text
|
|
* @param[out] csize size of cipher text
|
|
*
|
|
* @retval PEP_STATUS_OK encryption and signing succeeded
|
|
* @retval PEP_KEY_NOT_FOUND at least one of the recipient keys
|
|
* could not be found
|
|
* @retval PEP_KEY_HAS_AMBIG_NAME at least one of the recipient keys has
|
|
* an ambiguous name
|
|
* @retval PEP_GET_KEY_FAILED cannot retrieve key
|
|
* @retval PEP_ILLEGAL_VALUE illegal parameter values
|
|
*
|
|
* @warning the ownership of ctext goes to the caller
|
|
* the caller is responsible to free() it (on Windoze use pEp_free())
|
|
* the first key in keylist is being used to sign the message
|
|
* this implies there has to be a private key for that keypair
|
|
*
|
|
*/
|
|
|
|
DYNAMIC_API PEP_STATUS encrypt_and_sign(
|
|
PEP_SESSION session, const stringlist_t *keylist, const char *ptext,
|
|
size_t psize, char **ctext, size_t *csize
|
|
);
|
|
|
|
/**
|
|
* <!-- probe_encrypt() -->
|
|
*
|
|
* @brief Test if passphrase for a key is working in current session
|
|
*
|
|
* @param[in] session session handle
|
|
* @param[in] fpr fingerprint of key to test
|
|
*
|
|
* @retval PEP_STATUS_OK in case passphrase works
|
|
* @retval error if not
|
|
*
|
|
*
|
|
*/
|
|
|
|
DYNAMIC_API PEP_STATUS probe_encrypt(PEP_SESSION session, const char *fpr);
|
|
|
|
/**
|
|
* <!-- set_debug_color() -->
|
|
*
|
|
* @brief TODO
|
|
*
|
|
* @param[in] session session handle
|
|
* @param[in] ansi_color int
|
|
*
|
|
*/
|
|
DYNAMIC_API void set_debug_color(PEP_SESSION session, int ansi_color);
|
|
|
|
/**
|
|
* <!-- log_event() -->
|
|
*
|
|
* @brief Log a user defined event defined by UTF-8 encoded strings into
|
|
* management log
|
|
*
|
|
* @param[in] session session handle
|
|
* @param[in] title C string with event name
|
|
* @param[in] entity C string with name of entity which is logging
|
|
* @param[in] description C string with long description for event or NULL if
|
|
* omitted
|
|
* @param[in] comment C string with user defined comment or NULL if
|
|
* omitted
|
|
*
|
|
* @retval PEP_STATUS_OK log entry created
|
|
* @retval PEP_ILLEGAL_VALUE illegal parameter value
|
|
*
|
|
*/
|
|
|
|
DYNAMIC_API PEP_STATUS log_event(
|
|
PEP_SESSION session,
|
|
const char *title,
|
|
const char *entity,
|
|
const char *description,
|
|
const char *comment
|
|
);
|
|
|
|
|
|
/**
|
|
* <!-- log_service() -->
|
|
*
|
|
* @brief TODO
|
|
*
|
|
* @param[in] session session handle
|
|
* @param[in] title const char*
|
|
* @param[in] entity const char*
|
|
* @param[in] description const char*
|
|
* @param[in] comment const char*
|
|
|
|
* @retval PEP_STATUS_OK
|
|
* @retval PEP_ILLEGAL_VALUE
|
|
*
|
|
*/
|
|
DYNAMIC_API PEP_STATUS log_service(PEP_SESSION session, const char *title,
|
|
const char *entity, const char *description, const char *comment);
|
|
|
|
#define _STR_(x) #x
|
|
#define _D_STR_(x) _STR_(x)
|
|
#define S_LINE _D_STR_(__LINE__)
|
|
|
|
#define SERVICE_LOG(session, title, entity, desc) \
|
|
log_service((session), (title), (entity), (desc), "service " __FILE__ ":" S_LINE)
|
|
|
|
/**
|
|
* @internal
|
|
* <!-- _service_error_log() -->
|
|
*
|
|
* @brief TODO
|
|
*
|
|
* @param[in] session session handle
|
|
* @param[in] entity const char*
|
|
* @param[in] status PEP_STATUS
|
|
* @param[in] where const char*
|
|
*
|
|
*/
|
|
DYNAMIC_API void _service_error_log(PEP_SESSION session, const char *entity,
|
|
PEP_STATUS status, const char *where);
|
|
|
|
#define SERVICE_ERROR_LOG(session, entity, status) \
|
|
_service_error_log((session), (entity), (status), __FILE__ ":" S_LINE)
|
|
|
|
/**
|
|
* <!-- trustword() -->
|
|
*
|
|
* @brief Get the corresponding trustword for a 16 bit value
|
|
*
|
|
* @param[in] session session handle
|
|
* @param[in] value value to find a trustword for
|
|
* @param[in] lang C string with ISO 639-1 language code
|
|
* @param[out] word pointer to C string with trustword UTF-8 encoded;
|
|
* NULL if language is not supported or trustword
|
|
* wordlist is damaged or unavailable
|
|
* @param[out] wsize length of trustword
|
|
*
|
|
* @retval PEP_STATUS_OK trustword retrieved
|
|
* @retval PEP_TRUSTWORD_NOT_FOUND trustword not found
|
|
* @retval PEP_OUT_OF_MEMORY out of memory
|
|
* @retval PEP_ILLEGAL_VALUE illegal parameter values
|
|
*
|
|
* @warning the word pointer goes to the ownership of the caller
|
|
* the caller is responsible to free() it (on Windoze use pEp_free())
|
|
*
|
|
*/
|
|
|
|
DYNAMIC_API PEP_STATUS trustword(
|
|
PEP_SESSION session, uint16_t value, const char *lang,
|
|
char **word, size_t *wsize
|
|
);
|
|
|
|
|
|
/**
|
|
* <!-- trustwords() -->
|
|
*
|
|
* @brief Get trustwords for a string of hex values of a fingerprint
|
|
*
|
|
* @param[in] session session handle
|
|
* @param[in] fingerprint C string with hex values to find trustwords for
|
|
* @param[in] lang C string with ISO 639-1 language code
|
|
* @param[out] words pointer to C string with trustwords UTF-8 encoded,
|
|
* separated by a blank each;
|
|
* NULL if language is not supported or trustword
|
|
* wordlist is damaged or unavailable
|
|
* @param[out] wsize length of trustwords string
|
|
* @param[in] max_words only generate a string with max_words;
|
|
* if max_words == 0 there is no such limit
|
|
*
|
|
* @retval PEP_STATUS_OK trustwords retrieved
|
|
* @retval PEP_OUT_OF_MEMORY out of memory
|
|
* @retval PEP_TRUSTWORD_NOT_FOUND at least one trustword not found
|
|
* @retval PEP_ILLEGAL_VALUE illegal parameter values
|
|
*
|
|
* @warning the word pointer goes to the ownership of the caller
|
|
* the caller is responsible to free() it (on Windoze use pEp_free())
|
|
*
|
|
* @warning DON'T USE THIS FUNCTION FROM HIGH LEVEL LANGUAGES!
|
|
* Better implement a simple one in the adapter yourself using trustword(), and
|
|
* return a list of trustwords.
|
|
*
|
|
* @warning This function is provided for being used by C and C++ programs only.
|
|
*
|
|
*/
|
|
|
|
DYNAMIC_API PEP_STATUS trustwords(
|
|
PEP_SESSION session, const char *fingerprint, const char *lang,
|
|
char **words, size_t *wsize, int max_words
|
|
);
|
|
|
|
|
|
// TODO: increase versions in pEp.asn1 if rating changes
|
|
|
|
/*
|
|
* @enum PEP_comm_type*/
|
|
/**
|
|
* @brief TODO
|
|
*
|
|
*/
|
|
typedef enum _PEP_comm_type {
|
|
PEP_ct_unknown = 0,
|
|
|
|
// range 0x01 to 0x09: no encryption, 0x0a to 0x0e: nothing reasonable
|
|
|
|
PEP_ct_no_encryption = 0x01, // generic
|
|
PEP_ct_no_encrypted_channel = 0x02,
|
|
PEP_ct_key_not_found = 0x03,
|
|
PEP_ct_key_expired = 0x04,
|
|
PEP_ct_key_revoked = 0x05,
|
|
PEP_ct_key_b0rken = 0x06,
|
|
PEP_ct_key_expired_but_confirmed = 0x07, // NOT with confirmed bit. Just retaining info here in case of renewal.
|
|
PEP_ct_my_key_not_included = 0x09,
|
|
|
|
PEP_ct_security_by_obscurity = 0x0a,
|
|
PEP_ct_b0rken_crypto = 0x0b,
|
|
PEP_ct_key_too_short = 0x0c,
|
|
|
|
PEP_ct_compromised = 0x0e, // known compromised connection
|
|
PEP_ct_compromized = 0x0e, // deprecated misspelling
|
|
PEP_ct_mistrusted = 0x0f, // known mistrusted key
|
|
|
|
// range 0x10 to 0x3f: unconfirmed encryption
|
|
|
|
PEP_ct_unconfirmed_encryption = 0x10, // generic
|
|
PEP_ct_OpenPGP_weak_unconfirmed = 0x11, // RSA 1024 is weak
|
|
|
|
PEP_ct_to_be_checked = 0x20, // generic
|
|
PEP_ct_SMIME_unconfirmed = 0x21,
|
|
PEP_ct_CMS_unconfirmed = 0x22,
|
|
|
|
PEP_ct_strong_but_unconfirmed = 0x30, // generic
|
|
PEP_ct_OpenPGP_unconfirmed = 0x38, // key at least 2048 bit RSA or EC
|
|
PEP_ct_OTR_unconfirmed = 0x3a,
|
|
|
|
// range 0x40 to 0x7f: unconfirmed encryption and anonymization
|
|
|
|
PEP_ct_unconfirmed_enc_anon = 0x40, // generic
|
|
PEP_ct_pEp_unconfirmed = 0x7f,
|
|
|
|
PEP_ct_confirmed = 0x80, // this bit decides if trust is confirmed
|
|
|
|
// range 0x81 to 0x8f: reserved
|
|
// range 0x90 to 0xbf: confirmed encryption
|
|
|
|
PEP_ct_confirmed_encryption = 0x90, // generic
|
|
PEP_ct_OpenPGP_weak = 0x91, // RSA 1024 is weak (unused)
|
|
|
|
PEP_ct_to_be_checked_confirmed = 0xa0, // generic
|
|
PEP_ct_SMIME = 0xa1,
|
|
PEP_ct_CMS = 0xa2,
|
|
|
|
PEP_ct_strong_encryption = 0xb0, // generic
|
|
PEP_ct_OpenPGP = 0xb8, // key at least 2048 bit RSA or EC
|
|
PEP_ct_OTR = 0xba,
|
|
|
|
// range 0xc0 to 0xff: confirmed encryption and anonymization
|
|
|
|
PEP_ct_confirmed_enc_anon = 0xc0, // generic
|
|
PEP_ct_pEp = 0xff
|
|
} PEP_comm_type;
|
|
|
|
/**
|
|
* @enum identity_flags
|
|
*
|
|
* @brief TODO
|
|
*
|
|
*/
|
|
typedef enum _identity_flags {
|
|
// the first octet flags are app defined settings
|
|
PEP_idf_not_for_sync = 0x0001, // don't use this identity for sync
|
|
PEP_idf_list = 0x0002, // identity of list of persons
|
|
// the second octet flags are calculated
|
|
PEP_idf_devicegroup = 0x0100, // identity of a device group member
|
|
PEP_idf_org_ident = 0x0200, // identity is associated with an org (i.e. NOT a private account - could be company email)
|
|
PEP_idf_group_ident = 0x0400, // identity is a group identity (e.g. mailing list) - N.B. not related to device group!
|
|
PEP_idf_transport_mandatory = 0x0800
|
|
// for this identity stick with transport referenced by address
|
|
} identity_flags;
|
|
|
|
typedef unsigned int identity_flags_t;
|
|
|
|
//typedef enum _keypair_flags {
|
|
//} keypair_flags;
|
|
//
|
|
//typedef unsigned int keypair_flags_t;
|
|
|
|
/**
|
|
* <!-- pEp_identity -->
|
|
*
|
|
* @brief This is the engine representation of the pEp identity concept,
|
|
* which is at its base a user bound to an address (and is uniquely
|
|
* identified as such). Other information such as default keys,
|
|
* the default language used with the user, etc, are associated
|
|
* in this structure as well.
|
|
*
|
|
*/
|
|
typedef struct _pEp_identity {
|
|
char *address; ///< C string with address UTF-8 encoded
|
|
char *fpr; ///< C string with fingerprint UTF-8 encoded
|
|
char *user_id; ///< C string with user ID UTF-8 encoded\n
|
|
///< user_id MIGHT be set to "pEp_own_userId"
|
|
///< (use PEP_OWN_USERID preprocessor define)
|
|
///< if this is own user's identity.
|
|
///< But it is not REQUIRED to be.
|
|
char *username; ///< C string with user name UTF-8 encoded
|
|
PEP_comm_type comm_type; ///< type of communication with this ID
|
|
char lang[3]; ///< language of conversation
|
|
///< ISO 639-1 ALPHA-2, last byte is 0
|
|
bool me; ///< if this is the local user herself/himself
|
|
unsigned int major_ver; ///< highest version of pEp message received, if any
|
|
unsigned int minor_ver; ///< highest version of pEp message received, if any
|
|
PEP_enc_format enc_format; ///< Last specified format we encrypted to for this identity
|
|
identity_flags_t flags; ///< identity_flag1 | identity_flag2 | ...
|
|
} pEp_identity;
|
|
|
|
/**
|
|
* <!-- identity_list -->
|
|
*
|
|
* @brief List nodes for pEp_identity structs
|
|
*
|
|
*/
|
|
typedef struct _identity_list {
|
|
pEp_identity *ident; ///< This node's identity
|
|
struct _identity_list *next; ///< The next identity node in the list, or NULL if this is the tail
|
|
} identity_list;
|
|
|
|
|
|
/**
|
|
* <!-- new_identity() -->
|
|
*
|
|
* @brief Allocate memory and set the string and size fields
|
|
*
|
|
* @param[in] address UTF-8 string or NULL
|
|
* @param[in] fpr UTF-8 string or NULL
|
|
* @param[in] user_id UTF-8 string or NULL
|
|
* @param[in] username UTF-8 string or NULL
|
|
*
|
|
* @retval pEp_identity duplicate identity struct
|
|
* @retval NULL if out of memory
|
|
*
|
|
* @ownership the strings are copied; the original strings are still being owned by
|
|
* the caller
|
|
*
|
|
*/
|
|
|
|
DYNAMIC_API pEp_identity *new_identity(
|
|
const char *address, const char *fpr, const char *user_id,
|
|
const char *username
|
|
);
|
|
|
|
|
|
/**
|
|
* <!-- identity_dup() -->
|
|
*
|
|
* @brief Allocate memory and duplicate
|
|
*
|
|
* @param[in] src identity to duplicate
|
|
*
|
|
* @retval pEp_identity duplicate identity struct
|
|
* @retval NULL if out of memory
|
|
*
|
|
* @ownership the strings are copied; the original strings are still being owned by
|
|
* the caller
|
|
*
|
|
*/
|
|
|
|
DYNAMIC_API pEp_identity *identity_dup(const pEp_identity *src);
|
|
|
|
|
|
/**
|
|
* <!-- free_identity() -->
|
|
*
|
|
* @brief Free all memory being occupied by a pEp_identity struct
|
|
*
|
|
* @param[in] identity struct to release
|
|
*
|
|
* @warning not only the struct but also all string memory referenced by the
|
|
* struct is being freed; all pointers inside are invalid afterwards
|
|
*
|
|
*/
|
|
|
|
DYNAMIC_API void free_identity(pEp_identity *identity);
|
|
|
|
|
|
/**
|
|
* <!-- get_identity() -->
|
|
*
|
|
* @brief Get identity information
|
|
*
|
|
* @param[in] session session handle
|
|
* @param[in] address C string with communication address, UTF-8 encoded
|
|
* @param[in] user_id unique C string to identify person that identity
|
|
* is refering to
|
|
* @param[out] identity pointer to pEp_identity structure with results or
|
|
* NULL if failure
|
|
*
|
|
* @retval PEP_STATUS_OK
|
|
* @retval PEP_ILLEGAL_VALUE illegal parameter
|
|
* @retval PEP_OUT_OF_MEMORY out of memory
|
|
* @retval PEP_CANNOT_FIND_IDENTITY
|
|
*
|
|
* @warning address and user_id are being copied; the original strings remains in
|
|
* the ownership of the caller
|
|
* the resulting pEp_identity structure goes to the ownership of the
|
|
* caller and has to be freed with free_identity() when not in use any
|
|
* more
|
|
*
|
|
*/
|
|
|
|
DYNAMIC_API PEP_STATUS get_identity(
|
|
PEP_SESSION session,
|
|
const char *address,
|
|
const char *user_id,
|
|
pEp_identity **identity
|
|
);
|
|
|
|
|
|
/**
|
|
* <!-- set_identity() -->
|
|
*
|
|
* @brief Set identity information
|
|
*
|
|
* @param[in] session session handle
|
|
* @param[in] identity pointer to pEp_identity structure
|
|
*
|
|
* @retval PEP_STATUS_OK encryption and signing succeeded
|
|
* @retval PEP_CANNOT_SET_PERSON writing to table person failed
|
|
* @retval PEP_CANNOT_SET_PGP_KEYPAIR writing to table pgp_keypair failed
|
|
* @retval PEP_CANNOT_SET_IDENTITY writing to table identity failed
|
|
* @retval PEP_COMMIT_FAILED SQL commit failed
|
|
* @retval PEP_ILLEGAL_VALUE illegal parameter value
|
|
* @retval PEP_OUT_OF_MEMORY out of memory
|
|
*
|
|
* @warning address, fpr, user_id and username must be given
|
|
*
|
|
*/
|
|
|
|
DYNAMIC_API PEP_STATUS set_identity(
|
|
PEP_SESSION session, const pEp_identity *identity
|
|
);
|
|
|
|
/**
|
|
* <!-- get_default_own_userid() -->
|
|
*
|
|
* @brief Get the user_id of the own user
|
|
*
|
|
* @param[in] session session handle
|
|
* @param[out] userid own user id (if it exists)
|
|
*
|
|
* @retval PEP_STATUS_OK userid was found
|
|
* @retval PEP_CANNOT_FIND_IDENTITY no own_user found in the DB
|
|
* @retval PEP_UNKNOWN_ERROR results were returned, but no ID
|
|
* found (no reason this should ever
|
|
* occur)
|
|
* @retval PEP_ILLEGAL_VALUE illegal parameter value
|
|
* @retval PEP_OUT_OF_MEMORY out of memory
|
|
*
|
|
* @warning userid will be NULL if not found; otherwise, returned string
|
|
* belongs to the caller.
|
|
*
|
|
*/
|
|
|
|
DYNAMIC_API PEP_STATUS get_default_own_userid(
|
|
PEP_SESSION session,
|
|
char** userid
|
|
);
|
|
|
|
/**
|
|
* <!-- get_userid_alias_default() -->
|
|
*
|
|
* @brief Get the default user_id which corresponds
|
|
* to an alias
|
|
*
|
|
* @param[in] session session handle
|
|
* @param[in] alias_id the user_id which may be an alias for a default id
|
|
* @param[out] default_id the default id for this alias, if the alias
|
|
* is in the DB as an alias, else NULL
|
|
*
|
|
* @retval PEP_STATUS_OK userid was found
|
|
* @retval PEP_CANNOT_FIND_ALIAS this userid is not listed as an
|
|
* alias in the DB
|
|
* @retval PEP_UNKNOWN_ERROR results were returned, but no ID
|
|
* found (no reason this should ever
|
|
* occur)
|
|
* @retval PEP_ILLEGAL_VALUE illegal parameter value
|
|
* @retval PEP_OUT_OF_MEMORY out of memory
|
|
*
|
|
* @warning default_id will be NULL if not found; otherwise, returned string
|
|
* belongs to the caller.
|
|
* also, current implementation does NOT check to see if this userid
|
|
* IS a default.
|
|
*
|
|
*/
|
|
|
|
DYNAMIC_API PEP_STATUS get_userid_alias_default(
|
|
PEP_SESSION session,
|
|
const char* alias_id,
|
|
char** default_id);
|
|
|
|
/**
|
|
* <!-- set_userid_alias() -->
|
|
*
|
|
* @brief Set an alias to correspond to a default id
|
|
*
|
|
* @param[in] session session handle
|
|
* @param[in] default_id the default id for this alias. This must
|
|
* correspond to the default user_id for an
|
|
* entry in the person (user) table.
|
|
* @param[in] alias_id the alias to be set for this default id
|
|
*
|
|
* @retval PEP_STATUS_OK userid was found
|
|
* @retval PEP_CANNOT_SET_ALIAS there was an error setting this
|
|
* @retval PEP_ILLEGAL_VALUE illegal parameter value
|
|
*
|
|
*
|
|
*/
|
|
|
|
DYNAMIC_API PEP_STATUS set_userid_alias (
|
|
PEP_SESSION session,
|
|
const char* default_id,
|
|
const char* alias_id);
|
|
|
|
/**
|
|
* <!-- set_identity_flags() -->
|
|
*
|
|
* @brief Update identity flags on existing identity
|
|
*
|
|
* @param[in] session session handle
|
|
* @param[in,out] identity pointer to pEp_identity structure
|
|
* @param[in] flags new value for flags
|
|
*
|
|
* @retval PEP_STATUS_OK encryption and signing succeeded
|
|
* @retval PEP_CANNOT_SET_IDENTITY update of identity failed
|
|
* @retval PEP_ILLEGAL_VALUE illegal parameter value
|
|
*
|
|
* @warning address and user_id must be given in identity
|
|
*
|
|
*/
|
|
|
|
DYNAMIC_API PEP_STATUS set_identity_flags(
|
|
PEP_SESSION session,
|
|
pEp_identity *identity,
|
|
identity_flags_t flags
|
|
);
|
|
|
|
/**
|
|
* <!-- unset_identity_flags() -->
|
|
*
|
|
* @brief Update identity flags on existing identity
|
|
*
|
|
* @param[in] session session handle
|
|
* @param[in,out] identity pointer to pEp_identity structure
|
|
* @param[in] flags new value for flags
|
|
*
|
|
* @retval PEP_STATUS_OK encryption and signing succeeded
|
|
* @retval PEP_CANNOT_SET_IDENTITY update of identity failed
|
|
* @retval PEP_ILLEGAL_VALUE illegal parameter value
|
|
*
|
|
* @warning address and user_id must be given in identity
|
|
*
|
|
*/
|
|
|
|
DYNAMIC_API PEP_STATUS unset_identity_flags(
|
|
PEP_SESSION session,
|
|
pEp_identity *identity,
|
|
identity_flags_t flags
|
|
);
|
|
|
|
/**
|
|
* <!-- mark_as_compromised() -->
|
|
*
|
|
* @brief Mark key in trust db as compromised
|
|
*
|
|
* @param[in] session session handle
|
|
* @param[in] fpr fingerprint of key to mark
|
|
*
|
|
* @retval PEP_STATUS_OK
|
|
* @retval PEP_ILLEGAL_VALUE
|
|
* @retval PEP_CANNOT_SET_TRUST
|
|
*
|
|
*/
|
|
DYNAMIC_API PEP_STATUS mark_as_compromised(
|
|
PEP_SESSION session,
|
|
const char *fpr
|
|
);
|
|
|
|
/**
|
|
* <!-- mark_as_compromized() -->
|
|
*
|
|
* @brief Deprecated to fix misspelling. Please move to
|
|
* mark_as_compromised();
|
|
*
|
|
*
|
|
*/
|
|
|
|
DYNAMIC_API PEP_STATUS mark_as_compromized(
|
|
PEP_SESSION session,
|
|
const char *fpr
|
|
);
|
|
|
|
|
|
/**
|
|
* <!-- generate_keypair() -->
|
|
*
|
|
* @brief Generate a new key pair and add it to the key ring
|
|
*
|
|
* @param[in] session session handle
|
|
* @param[in,out] identity pointer to pEp_identity structure
|
|
*
|
|
* @retval PEP_STATUS_OK encryption and signing succeeded
|
|
* @retval PEP_ILLEGAL_VALUE illegal values for identity fields given
|
|
* @retval PEP_CANNOT_CREATE_KEY key engine is on strike
|
|
* @retval PEP_OUT_OF_MEMORY out of memory
|
|
* @retval any other value on error
|
|
*
|
|
* @warning address must be set to UTF-8 string
|
|
* the fpr field must be set to NULL
|
|
* username field must either be NULL or be a UTF8-string conforming
|
|
* to RFC4880 for PGP uid usernames
|
|
*
|
|
* @note this function allocates a string and sets set fpr field of identity
|
|
* the caller is responsible to call free() for that string or use
|
|
* free_identity() on the struct
|
|
*
|
|
*/
|
|
|
|
DYNAMIC_API PEP_STATUS generate_keypair(
|
|
PEP_SESSION session, pEp_identity *identity
|
|
);
|
|
|
|
|
|
/**
|
|
* <!-- delete_keypair() -->
|
|
*
|
|
* @brief Delete a public key or a key pair from the key ring
|
|
*
|
|
* @param[in] session session handle
|
|
* @param[in] fpr C string with fingerprint of the
|
|
* public key
|
|
*
|
|
* @retval PEP_STATUS_OK key was successfully deleted
|
|
* @retval PEP_KEY_NOT_FOUND key not found
|
|
* @retval PEP_ILLEGAL_VALUE not a valid fingerprint
|
|
* @retval PEP_KEY_HAS_AMBIG_NAME fpr does not uniquely identify a key
|
|
* @retval PEP_OUT_OF_MEMORY out of memory
|
|
*
|
|
*
|
|
*/
|
|
|
|
DYNAMIC_API PEP_STATUS delete_keypair(PEP_SESSION session, const char *fpr);
|
|
|
|
|
|
/**
|
|
* <!-- import_key_with_fpr_return() -->
|
|
*
|
|
* @brief import keys from data, return optional list of fprs imported
|
|
*
|
|
* @param[in] session session handle
|
|
* @param[in] key_data key data, i.e. ASCII armored OpenPGP key
|
|
* @param[in] size amount of data to handle
|
|
* @param[out] private_keys list of identities containing the
|
|
* private keys that have been imported
|
|
* @param[out] imported_keys if non-NULL, list of actual keys imported
|
|
* @param[out] changed_public_keys if non-NULL AND imported_keys is non-NULL:
|
|
* bitvector - corresponds to the first 64 keys
|
|
* imported. If nth bit is set, import changed a
|
|
* key corresponding to the nth element in
|
|
* imported keys (i.e. key was in DB and was
|
|
* changed by import)
|
|
*
|
|
* @retval PEP_KEY_IMPORTED key was successfully imported
|
|
* @retval PEP_OUT_OF_MEMORY out of memory
|
|
* @retval PEP_ILLEGAL_VALUE there is no key data to import, or imported keys was NULL and
|
|
* changed_public_keys was not
|
|
*
|
|
* @warning private_keys and imported_keys goes to the ownership of the caller
|
|
* private_keys and imported_keys can be left NULL, it is then ignored
|
|
* *** THIS IS THE ACTUAL FUNCTION IMPLEMENTED BY CRYPTOTECH "import_key" ***
|
|
*
|
|
*/
|
|
|
|
DYNAMIC_API PEP_STATUS import_key_with_fpr_return(
|
|
PEP_SESSION session,
|
|
const char *key_data,
|
|
size_t size,
|
|
identity_list** private_keys,
|
|
stringlist_t** imported_keys,
|
|
uint64_t* changed_public_keys // use as bit field for the first 64 changed keys
|
|
);
|
|
|
|
|
|
/**
|
|
* <!-- import_key() -->
|
|
*
|
|
* @brief Import key from data
|
|
*
|
|
* @param[in] session session handle
|
|
* @param[in] key_data key data, i.e. ASCII armored OpenPGP key
|
|
* @param[in] size amount of data to handle
|
|
* @param[out] private_keys list of identities containing the
|
|
* private keys that have been imported
|
|
*
|
|
* @retval PEP_KEY_IMPORTED key was successfully imported
|
|
* @retval PEP_OUT_OF_MEMORY out of memory
|
|
* @retval PEP_ILLEGAL_VALUE there is no key data to import
|
|
*
|
|
* @warning private_keys goes to the ownership of the caller
|
|
* private_keys can be left NULL, it is then ignored
|
|
*
|
|
*/
|
|
|
|
DYNAMIC_API PEP_STATUS import_key(
|
|
PEP_SESSION session,
|
|
const char *key_data,
|
|
size_t size,
|
|
identity_list **private_keys
|
|
);
|
|
|
|
|
|
/**
|
|
* <!-- export_key() -->
|
|
*
|
|
* @brief Export ascii armored key
|
|
*
|
|
* @param[in] session session handle
|
|
* @param[in] fpr fingerprint of key
|
|
* @param[out] key_data ASCII armored OpenPGP key
|
|
* @param[out] size amount of data to handle
|
|
*
|
|
* @retval PEP_STATUS_OK key was successfully exported
|
|
* @retval PEP_OUT_OF_MEMORY out of memory
|
|
* @retval PEP_KEY_NOT_FOUND key not found
|
|
* @retval PEP_ILLEGAL_VALUE illegal parameter value
|
|
*
|
|
* @warning the key_data goes to the ownership of the caller
|
|
* the caller is responsible to free() it (on Windoze use pEp_free())
|
|
*
|
|
*/
|
|
|
|
DYNAMIC_API PEP_STATUS export_key(
|
|
PEP_SESSION session, const char *fpr, char **key_data, size_t *size
|
|
);
|
|
|
|
|
|
/**
|
|
* <!-- export_secret_key() -->
|
|
*
|
|
* @brief Export secret key ascii armored
|
|
*
|
|
* @param[in] session session handle
|
|
* @param[in] fpr fingerprint of key, at least 16 hex digits
|
|
* @param[out] key_data ASCII armored OpenPGP secret key
|
|
* @param[out] size amount of data to handle
|
|
*
|
|
* @retval PEP_STATUS_OK key was successfully exported
|
|
* @retval PEP_OUT_OF_MEMORY out of memory
|
|
* @retval PEP_KEY_NOT_FOUND key not found
|
|
* @retval PEP_CANNOT_EXPORT_KEY cannot export secret key (i.e. it's on an HKS)
|
|
* @retval PEP_ILLEGAL_VALUE illegal parameter value
|
|
*
|
|
* @warning the key_data goes to the ownership of the caller
|
|
* the caller is responsible to free() it (on Windoze use pEp_free())
|
|
* beware of leaking secret key data - overwrite it in memory after use
|
|
*
|
|
*/
|
|
|
|
DYNAMIC_API PEP_STATUS export_secret_key(
|
|
PEP_SESSION session, const char *fpr, char **key_data, size_t *size
|
|
);
|
|
|
|
|
|
/**
|
|
* <!-- export_secrect_key() -->
|
|
*
|
|
* @brief Deprecated misspelled function. Please replace with
|
|
* export_secret_key
|
|
*
|
|
* @deprecated
|
|
*/
|
|
|
|
DYNAMIC_API PEP_STATUS export_secrect_key(
|
|
PEP_SESSION session, const char *fpr, char **key_data, size_t *size
|
|
);
|
|
|
|
|
|
/**
|
|
* <!-- recv_key() -->
|
|
*
|
|
* @brief Update key(s) from keyserver
|
|
*
|
|
* @param[in] session session handle
|
|
* @param[in] pattern key id, user id or address to search for as
|
|
* UTF-8 string
|
|
*
|
|
*
|
|
*/
|
|
|
|
DYNAMIC_API PEP_STATUS recv_key(PEP_SESSION session, const char *pattern);
|
|
|
|
|
|
/**
|
|
* <!-- find_keys() -->
|
|
*
|
|
* @brief Find keys in keyring
|
|
*
|
|
* @param[in] session session handle
|
|
* @param[in] pattern fingerprint or address to search for as
|
|
* UTF-8 string
|
|
* @param[out] keylist list of fingerprints found or NULL on error
|
|
*
|
|
* @retval PEP_STATUS_OK
|
|
* @retval PEP_ILLEGAL_VALUE illegal parametres
|
|
*
|
|
* @warning the ownership of keylist and its elements go to the caller
|
|
* the caller must use free_stringlist() to free it
|
|
*
|
|
*/
|
|
|
|
|
|
DYNAMIC_API PEP_STATUS find_keys(
|
|
PEP_SESSION session, const char *pattern, stringlist_t **keylist
|
|
);
|
|
|
|
/**
|
|
* <!-- send_key() -->
|
|
*
|
|
* @brief Send key(s) to keyserver
|
|
*
|
|
* @param[in] session session handle
|
|
* @param[in] pattern key id, user id or address to search for as
|
|
* UTF-8 string
|
|
*
|
|
*
|
|
*/
|
|
|
|
DYNAMIC_API PEP_STATUS send_key(PEP_SESSION session, const char *pattern);
|
|
|
|
|
|
/**
|
|
* <!-- pEp_free() -->
|
|
*
|
|
* @brief Free memory allocated by pEp engine
|
|
*
|
|
* @param[in] p pointer to free <br>
|
|
* The reason for this function is that heap management can be a pretty
|
|
* complex task with Windoze. This free() version calls the free()
|
|
* implementation of the C runtime library which was used to build pEp engine,
|
|
* so you're using the correct heap. For more information, see:
|
|
* <http://msdn.microsoft.com/en-us/library/windows/desktop/aa366711(v=vs.85).aspx>
|
|
*
|
|
*
|
|
*/
|
|
|
|
DYNAMIC_API void pEp_free(void *p);
|
|
|
|
|
|
/**
|
|
* <!-- pEp_realloc() -->
|
|
*
|
|
* @brief Reallocate memory allocated by pEp engine
|
|
*
|
|
* @param[in] p pointer to free
|
|
* @param[in] size new memory size
|
|
*
|
|
* @retval pointer to allocated memory
|
|
*
|
|
* @note The reason for this function is that heap management can be a pretty
|
|
* complex task with Windoze. This realloc() version calls the realloc()
|
|
* implementation of the C runtime library which was used to build pEp engine,
|
|
* so you're using the correct heap. For more information, see:
|
|
* <http://msdn.microsoft.com/en-us/library/windows/desktop/aa366711(v=vs.85).aspx>
|
|
*
|
|
*
|
|
*/
|
|
|
|
DYNAMIC_API void *pEp_realloc(void *p, size_t size);
|
|
|
|
|
|
/**
|
|
* <!-- get_trust() -->
|
|
*
|
|
* @brief Get the trust level a key has for a person
|
|
*
|
|
* @param[in] session session handle
|
|
* @param[in,out] identity user_id and fpr to check as UTF-8 strings (in)
|
|
* comm_type as result (out)
|
|
* this function modifies the given identity struct; the struct remains in
|
|
* the ownership of the caller
|
|
* if the trust level cannot be determined identity->comm_type is set
|
|
* to PEP_ct_unknown
|
|
*
|
|
* @retval PEP_STATUS_OK
|
|
* @retval PEP_ILLEGAL_VALUE illegal parameter value
|
|
* @retval PEP_CANNOT_FIND_IDENTITY
|
|
*
|
|
*/
|
|
|
|
DYNAMIC_API PEP_STATUS get_trust(PEP_SESSION session, pEp_identity *identity);
|
|
|
|
|
|
/**
|
|
* <!-- least_trust() -->
|
|
*
|
|
* @brief Get the least known trust level for a key in the database
|
|
*
|
|
* @param[in] session session handle
|
|
* @param[in] fpr fingerprint of key to check
|
|
* @param[out] comm_type least comm_type as result (out)
|
|
* if the trust level cannot be determined comm_type is set to PEP_ct_unknown
|
|
*
|
|
* @retval PEP_STATUS_OK
|
|
* @retval PEP_ILLEGAL_VALUE illegal parameter value
|
|
* @retval PEP_CANNOT_FIND_IDENTITY
|
|
*
|
|
*/
|
|
|
|
DYNAMIC_API PEP_STATUS least_trust(
|
|
PEP_SESSION session,
|
|
const char *fpr,
|
|
PEP_comm_type *comm_type
|
|
);
|
|
|
|
|
|
/**
|
|
* <!-- get_key_rating() -->
|
|
*
|
|
* @brief Get the rating a bare key has
|
|
*
|
|
* @param[in] session session handle
|
|
* @param[in] fpr unique identifyer for key as UTF-8 string
|
|
* @param[out] comm_type key rating
|
|
* if an error occurs, *comm_type is set to PEP_ct_unknown and an error
|
|
* is returned
|
|
*
|
|
* @retval PEP_STATUS_OK
|
|
* @retval PEP_ILLEGAL_VALUE illegal parameter value
|
|
*
|
|
*/
|
|
|
|
DYNAMIC_API PEP_STATUS get_key_rating(
|
|
PEP_SESSION session,
|
|
const char *fpr,
|
|
PEP_comm_type *comm_type
|
|
);
|
|
|
|
|
|
/**
|
|
* <!-- renew_key() -->
|
|
*
|
|
* @brief Renew an expired key
|
|
*
|
|
* @param[in] session session handle
|
|
* @param[in] fpr ID of key to renew as UTF-8 string
|
|
* @param[in] ts timestamp when key should expire or NULL for
|
|
* default
|
|
*
|
|
* @retval PEP_STATUS_OK key renewed
|
|
* @retval PEP_ILLEGAL_VALUE illegal parameter value
|
|
* @retval PEP_KEY_NOT_FOUND key not found
|
|
*
|
|
*/
|
|
|
|
DYNAMIC_API PEP_STATUS renew_key(
|
|
PEP_SESSION session,
|
|
const char *fpr,
|
|
const timestamp *ts
|
|
);
|
|
|
|
|
|
/**
|
|
* <!-- revoke_key() -->
|
|
*
|
|
* @brief Revoke a key
|
|
*
|
|
* @param[in] session session handle
|
|
* @param[in] fpr ID of key to revoke as UTF-8 string
|
|
* @param[in] reason text with reason for revoke as UTF-8 string
|
|
* or NULL if reason unknown
|
|
*
|
|
* @retval PEP_STATUS_OK if key revoked
|
|
* @retval PEP_ILLEGAL_VALUE illegal parameter value
|
|
* @retval PEP_KEY_NOT_FOUND key not found
|
|
*
|
|
* @warning reason text must not include empty lines
|
|
* this function is meant for internal use only; better use
|
|
* key_mistrusted() of keymanagement API
|
|
*
|
|
*/
|
|
|
|
DYNAMIC_API PEP_STATUS revoke_key(
|
|
PEP_SESSION session,
|
|
const char *fpr,
|
|
const char *reason
|
|
);
|
|
|
|
|
|
/**
|
|
* <!-- key_expired() -->
|
|
*
|
|
* @brief Flags if a key is already expired
|
|
*
|
|
* @param[in] session session handle
|
|
* @param[in] fpr ID of key to check as UTF-8 string
|
|
* @param[in] when UTC time of when should expiry be considered
|
|
* @param[out] expired flag if key expired
|
|
*
|
|
* @retval PEP_STATUS_OK
|
|
* @retval PEP_ILLEGAL_VALUE illegal parameter value
|
|
* @retval PEP_KEY_NOT_FOUND key not found
|
|
*
|
|
*/
|
|
|
|
DYNAMIC_API PEP_STATUS key_expired(
|
|
PEP_SESSION session,
|
|
const char *fpr,
|
|
const time_t when,
|
|
bool *expired
|
|
);
|
|
|
|
|
|
/**
|
|
* <!-- key_revoked() -->
|
|
*
|
|
* @brief Flags if a key is already revoked
|
|
*
|
|
* @param[in] session session handle
|
|
* @param[in] fpr ID of key to check as UTF-8 string
|
|
* @param[out] revoked flag if key revoked
|
|
*
|
|
* @retval PEP_STATUS_OK
|
|
* @retval PEP_ILLEGAL_VALUE illegal parameter value
|
|
* @retval PEP_KEY_NOT_FOUND key not found
|
|
*
|
|
*/
|
|
|
|
DYNAMIC_API PEP_STATUS key_revoked(
|
|
PEP_SESSION session,
|
|
const char *fpr,
|
|
bool *revoked
|
|
);
|
|
|
|
|
|
/**
|
|
* <!-- get_crashdump_log() -->
|
|
*
|
|
* @brief Get the last log messages out
|
|
*
|
|
* @param[in] session session handle
|
|
* @param[in] maxlines maximum number of lines (0 for default)
|
|
* @param[out] logdata logdata as string in double quoted CSV format
|
|
* column1 is title
|
|
* column2 is entity
|
|
* column3 is description
|
|
* column4 is comment
|
|
*
|
|
* @retval PEP_STATUS_OK
|
|
* @retval PEP_OUT_OF_MEMORY out of memory
|
|
* @retval PEP_ILLEGAL_VALUE illegal parameter value
|
|
* @retval PEP_UNKNOWN_ERROR
|
|
*
|
|
* @warning the ownership of logdata goes to the caller
|
|
*
|
|
*/
|
|
|
|
DYNAMIC_API PEP_STATUS get_crashdump_log(
|
|
PEP_SESSION session,
|
|
int maxlines,
|
|
char **logdata
|
|
);
|
|
|
|
|
|
/**
|
|
* <!-- get_languagelist() -->
|
|
*
|
|
* @brief Get the list of languages
|
|
*
|
|
* @param[in] session session handle
|
|
* @param[out] languages languages as string in double quoted CSV format
|
|
* column 1 is the ISO 639-1 language code
|
|
* column 2 is the name of the language
|
|
*
|
|
* @retval PEP_STATUS_OK
|
|
* @retval PEP_OUT_OF_MEMORY out of memory
|
|
* @retval PEP_ILLEGAL_VALUE illegal parameter value
|
|
* @retval PEP_UNKNOWN_DB_ERROR
|
|
*
|
|
* @warning the ownership of languages goes to the caller
|
|
*
|
|
*/
|
|
|
|
DYNAMIC_API PEP_STATUS get_languagelist(
|
|
PEP_SESSION session,
|
|
char **languages
|
|
);
|
|
|
|
|
|
/**
|
|
* <!-- get_phrase() -->
|
|
*
|
|
* @brief Get phrase in a dedicated language through i18n
|
|
*
|
|
* @param[in] session session handle
|
|
* @param[in] lang C string with ISO 639-1 language code
|
|
* @param[in] phrase_id id of phrase in i18n
|
|
* @param[out] phrase phrase as UTF-8 string
|
|
*
|
|
* @retval PEP_STATUS_OK
|
|
* @retval PEP_OUT_OF_MEMORY out of memory
|
|
* @retval PEP_ILLEGAL_VALUE illegal parameter value
|
|
* @retval PEP_UNKNOWN_DB_ERROR
|
|
* @retval PEP_PHRASE_NOT_FOUND
|
|
*
|
|
* @warning the ownership of phrase goes to the caller
|
|
*
|
|
*/
|
|
|
|
DYNAMIC_API PEP_STATUS get_phrase(
|
|
PEP_SESSION session,
|
|
const char *lang,
|
|
int phrase_id,
|
|
char **phrase
|
|
);
|
|
|
|
|
|
/**
|
|
* <!-- sequence_value() -->
|
|
*
|
|
* @brief Raise the value of a named sequence and retrieve it
|
|
*
|
|
* @param[in] session session handle
|
|
* @param[in] name name of sequence
|
|
* @param[out] value value of sequence
|
|
*
|
|
* @retval PEP_STATUS_OK no error, not own sequence
|
|
* @retval PEP_SEQUENCE_VIOLATED if sequence violated
|
|
* @retval PEP_CANNOT_INCREASE_SEQUENCE if sequence cannot be increased
|
|
* @retval PEP_OWN_SEQUENCE if own sequence
|
|
* @retval PEP_COMMIT_FAILED
|
|
* @retval PEP_ILLEGAL_VALUE illegal parameter value
|
|
*
|
|
*
|
|
*/
|
|
|
|
DYNAMIC_API PEP_STATUS sequence_value(
|
|
PEP_SESSION session,
|
|
const char *name,
|
|
int32_t *value
|
|
);
|
|
|
|
|
|
/**
|
|
* <!-- set_revoked() -->
|
|
*
|
|
* @brief Records relation between a revoked key and its replacement
|
|
*
|
|
* @param[in] session session handle
|
|
* @param[in] revoked_fpr revoked fingerprint
|
|
* @param[in] replacement_fpr replacement key fingerprint
|
|
* @param[in] revocation_date revocation date
|
|
*
|
|
* @retval PEP_STATUS_OK
|
|
* @retval PEP_ILLEGAL_VALUE illegal parameter value
|
|
* @retval PEP_UNKNOWN_DB_ERROR
|
|
*
|
|
*/
|
|
|
|
DYNAMIC_API PEP_STATUS set_revoked(
|
|
PEP_SESSION session,
|
|
const char *revoked_fpr,
|
|
const char *replacement_fpr,
|
|
const uint64_t revocation_date
|
|
);
|
|
|
|
|
|
/**
|
|
* <!-- get_revoked() -->
|
|
*
|
|
* @brief Find revoked key that may have been replaced by given key, if any
|
|
*
|
|
* @param[in] session session handle
|
|
* @param[in] fpr given fingerprint
|
|
* @param[out] revoked_fpr revoked fingerprint
|
|
* @param[out] revocation_date revocation date
|
|
*
|
|
* @retval PEP_STATUS_OK
|
|
* @retval PEP_ILLEGAL_VALUE illegal parameter value
|
|
* @retval PEP_CANNOT_FIND_IDENTITY
|
|
*
|
|
*/
|
|
|
|
DYNAMIC_API PEP_STATUS get_revoked(
|
|
PEP_SESSION session,
|
|
const char *fpr,
|
|
char **revoked_fpr,
|
|
uint64_t *revocation_date
|
|
);
|
|
|
|
|
|
/**
|
|
* <!-- get_engine_version() -->
|
|
*
|
|
* @brief Returns the current version of pEpEngine (this is different
|
|
* from the pEp protocol version!)
|
|
*
|
|
* @retval PEP_ENGINE_VERSION
|
|
*
|
|
*/
|
|
DYNAMIC_API const char* get_engine_version();
|
|
|
|
/**
|
|
* <!-- get_protocol_version() -->
|
|
*
|
|
* @brief Returns the pEp protocol version
|
|
*
|
|
* @retval PEP_VERSION
|
|
*
|
|
*/
|
|
|
|
DYNAMIC_API const char *get_protocol_version();
|
|
|
|
/**
|
|
* <!-- is_pEp_user() -->
|
|
*
|
|
* @brief Returns true if the USER corresponding to this identity
|
|
* has been listed in the *person* table as a pEp user.
|
|
*
|
|
* @param[in] identity identity containing the user_id to check (this is
|
|
* the only part of the struct we require to be set)
|
|
* @param[out] is_pEp boolean pointer - will return true or false by
|
|
* reference with respect to whether or not user is
|
|
* a known pEp user
|
|
*
|
|
* @retval PEP_STATUS_OK if user found in person table
|
|
* @retval PEP_ILLEGAL_VALUE if no user_id in input
|
|
* @retval PEP_CANNOT_FIND_PERSON if user_id doesn't exist
|
|
*
|
|
*
|
|
*/
|
|
DYNAMIC_API PEP_STATUS is_pEp_user(PEP_SESSION session,
|
|
pEp_identity *identity,
|
|
bool* is_pEp);
|
|
|
|
|
|
/**
|
|
* <!-- per_user_relative_directory() -->
|
|
*
|
|
* @brief Returns the directory for pEp management db as a relative
|
|
* path from the home directory (or the pEp home directory)
|
|
* The returned pointed refers memory managed by
|
|
* the engine, which will remain valid until
|
|
* the next call to reset_path_cache.
|
|
*
|
|
* @retval char* relative pathname
|
|
* @retval NULL on failure
|
|
*
|
|
*/
|
|
|
|
DYNAMIC_API const char *per_user_relative_directory(void);
|
|
|
|
/**
|
|
* <!-- per_user_directory() -->
|
|
*
|
|
* @brief Returns the directory for pEp management db.
|
|
* The returned pointed refers memory managed by
|
|
* the engine, which will remain valid until
|
|
* the next call to reset_path_cache.
|
|
*
|
|
* @retval char* path to actual per user directory
|
|
* @retval NULL on failure
|
|
*
|
|
*
|
|
*/
|
|
|
|
DYNAMIC_API const char *per_user_directory(void);
|
|
|
|
|
|
/**
|
|
* <!-- per_machine_directory() -->
|
|
*
|
|
* @brief Returns the directory for pEp system db
|
|
* The returned pointed refers memory managed by
|
|
* the engine, which will remain valid until
|
|
* the next call to reset_path_cache.
|
|
*
|
|
* @retval char* path to actual per machine directory
|
|
* @retval NULL on failure
|
|
*
|
|
*
|
|
*/
|
|
|
|
DYNAMIC_API const char *per_machine_directory(void);
|
|
|
|
// FIXME: replace in canonical style
|
|
//
|
|
/**
|
|
* <!-- config_passphrase() -->
|
|
*
|
|
* @brief Configure a key passphrase for the current session.
|
|
*
|
|
* A passphrase can be configured into a p≡p session. Then it is used whenever a
|
|
* secret key is used which requires a passphrase.
|
|
*
|
|
* A passphrase is a string between 1 and 1024 bytes and is only ever present in
|
|
* memory. Because strings in the p≡p engine are UTF-8 NFC, the string is
|
|
* restricted to 250 code points in UI.
|
|
*
|
|
* This function copies the passphrase into the session. It may return
|
|
* PEP_OUT_OF_MEMORY. The behaviour of all functions which use secret keys may
|
|
* change after this is configured.
|
|
*
|
|
* @par Error behaviour:
|
|
*
|
|
* For any function which may trigger the use of a secret key, if an attempt
|
|
* to use a secret key which requires a passphrase occurs and no passphrase
|
|
* is configured for the current session, PEP_PASSPHRASE_REQUIRED is
|
|
* returned by this function (and thus, all functions which could trigger
|
|
* such a usage must be prepared to return this value). For any function
|
|
* which may trigger the use of a secret key, if a passphrase is configured
|
|
* and the configured passphrase is the wrong passphrase for the use of a
|
|
* given passphrase-protected secret key, PEP_WRONG_PASSPHRASE is returned
|
|
* by this function (and thus, all functions which could trigger such a
|
|
* usage must be prepared to return this value).
|
|
*
|
|
*
|
|
* @param[in] session session handle
|
|
* @param[in] passphrase
|
|
*
|
|
* @retval PEP_STATUS_OK
|
|
* @retval PEP_ILLEGAL_VALUE illegal parameter value
|
|
* @retval PEP_OUT_OF_MEMORY out of memory
|
|
*
|
|
*/
|
|
|
|
DYNAMIC_API PEP_STATUS config_passphrase(PEP_SESSION session, const char *passphrase);
|
|
|
|
// FIXME: replace in canonical style
|
|
//
|
|
|
|
/**
|
|
* <!-- config_passphrase_for_new_keys() -->
|
|
*
|
|
* @brief Passphrase enablement for newly-generated secret keys
|
|
*
|
|
* If it is desired that new p≡p keys are passphrase-protected, the following
|
|
* API call is used to enable the addition of passphrases to new keys during key
|
|
* generation.
|
|
*
|
|
* If enabled and a passphrase for new keys has been configured
|
|
* through this function (NOT the one above - this is a separate passphrase!),
|
|
* then anytime a secret key is generated while enabled, the configured
|
|
* passphrase will be used as the passphrase for any newly-generated secret key.
|
|
*
|
|
* If enabled and a passphrase for new keys has not been configured, then any
|
|
* function which can attempt to generate a secret key will return
|
|
* PEP_PASSPHRASE_FOR_NEW_KEYS_REQUIRED.
|
|
*
|
|
* If disabled (i.e. not enabled) and a passphrase for new keys has been
|
|
* configured, no passphrases will be used for newly-generated keys.
|
|
*
|
|
* This function copies the passphrase for new keys into a special field that is
|
|
* specifically for key generation into the session. It may return
|
|
* PEP_OUT_OF_MEMORY. The behaviour of all functions which use secret keys may
|
|
* change after this is configured.
|
|
*
|
|
* @param[in] session session handle
|
|
* @param[in] enable
|
|
* @param[in] passphrase
|
|
*
|
|
* @retval PEP_STATUS_OK
|
|
* @retval PEP_ILLEGAL_VALUE illegal parameter value
|
|
* @retval PEP_OUT_OF_MEMORY out of memory
|
|
*
|
|
*/
|
|
|
|
DYNAMIC_API PEP_STATUS config_passphrase_for_new_keys(PEP_SESSION session,
|
|
bool enable,
|
|
const char *passphrase);
|
|
/**
|
|
* <!-- set_ident_enc_format() -->
|
|
*
|
|
* @brief Set the default encryption format for this identity.
|
|
*
|
|
* (value only MIGHT be used, and only in the case where the
|
|
* message enc_format is PEP_enc_auto. It will be used
|
|
* opportunistically in the case on a first-come, first-serve
|
|
* basis in the order of to_list, cc_list, and bcc_list. We take
|
|
* the first set value we come to)
|
|
*
|
|
* @param[in] session session handle
|
|
* @param[in] identity identity->user_id and identity->address must NOT be NULL
|
|
* @param[in] format the desired default encryption format
|
|
*
|
|
* @retval PEP_STATUS_OK
|
|
* @retval PEP_ILLEGAL_VALUE illegal parameter value
|
|
* @retval PEP_CANNOT_SET_IDENTITY
|
|
*
|
|
*/
|
|
|
|
DYNAMIC_API PEP_STATUS set_ident_enc_format(PEP_SESSION session,
|
|
pEp_identity *identity,
|
|
PEP_enc_format format);
|
|
|
|
/**
|
|
* <!-- reset_pEptest_hack() -->
|
|
*
|
|
* @brief TODO
|
|
*
|
|
* @param[in] session session handle
|
|
*
|
|
*
|
|
* @retval PEP_STATUS_OK
|
|
* @retval PEP_ILLEGAL_VALUE illegal parameter value
|
|
* @retval PEP_UNKNOWN_DB_ERROR
|
|
*
|
|
*/
|
|
DYNAMIC_API PEP_STATUS reset_pEptest_hack(PEP_SESSION session);
|
|
|
|
|
|
/**
|
|
* <!-- get_replacement_fpr() -->
|
|
*
|
|
* @brief TODO
|
|
*
|
|
* @param[in] session session handle
|
|
* @param[in] fpr const char*
|
|
* @param[in] revoked_fpr char**
|
|
* @param[in] revocation_date uint64_t*
|
|
*
|
|
* @retval PEP_STATUS_OK
|
|
* @retval PEP_ILLEGAL_VALUE illegal parameter value
|
|
* @retval PEP_CANNOT_FIND_IDENTITY
|
|
* @retval PEP_OUT_OF_MEMORY out of memory
|
|
*
|
|
*/
|
|
DYNAMIC_API PEP_STATUS get_replacement_fpr(
|
|
PEP_SESSION session,
|
|
const char *fpr,
|
|
char **revoked_fpr,
|
|
uint64_t *revocation_date
|
|
);
|
|
|
|
|
|
/**
|
|
* <!-- set_as_pEp_user() -->
|
|
*
|
|
* @brief TODO
|
|
*
|
|
* This ONLY sets the *user* flag, and creates a shell identity if necessary.
|
|
*
|
|
* @param[in] session session handle
|
|
* @param[in] user pEp_identity*
|
|
*
|
|
* @retval PEP_STATUS_OK
|
|
* @retval PEP_ILLEGAL_VALUE illegal parameter value
|
|
* @retval PEP_CANNOT_SET_PERSON
|
|
*
|
|
*/
|
|
DYNAMIC_API PEP_STATUS set_as_pEp_user(PEP_SESSION session, pEp_identity* user);
|
|
|
|
/**
|
|
* <!-- reset_path_cache() -->
|
|
*
|
|
* @brief Recompute pathnames according to the current value of the
|
|
* environment.
|
|
*
|
|
* This is automatically called by init on
|
|
* platforms where a pathname cache exists, but it is possible
|
|
* to call it again explicitly in case the paths need to be
|
|
* recomputed from updated environment variables; the intended
|
|
* use case is test suites, working with temporary
|
|
* directories.
|
|
*
|
|
* @retval PEP_STATUS_OK success
|
|
* @retval PEP_UNBOUND_ENVIRONMENT_VARIABLE unknown variable referenced
|
|
* @retval PEP_PATH_SYNTAX_ERROR invalid syntax in argument
|
|
* @retval PEP_OUT_OF_MEMORY out of memory
|
|
*
|
|
*/
|
|
DYNAMIC_API PEP_STATUS reset_path_cache(void);
|
|
|
|
/**
|
|
* <!-- reset_path_cache() -->
|
|
*
|
|
* @brief Empty the path cache, releasing resources.
|
|
*
|
|
* This may invalidate
|
|
* the memory used by the results of per_user_relative_directory,
|
|
* per_user_directory, per_machine_directory, android_system_db,
|
|
* unix_system_db, unix_local_db.
|
|
*
|
|
*/
|
|
DYNAMIC_API void clear_path_cache(void);
|
|
|
|
#ifdef __cplusplus
|
|
}
|
|
#endif
|
|
#endif
|