sync/sync.fsm
author Volker Birk <vb@pep-project.org>
Mon, 20 Jan 2020 10:52:36 +0100
branchsync
changeset 4354 33701483ccbd
parent 4347 ae908566162e
child 4358 0f4c24ab43b6
permissions -rw-r--r--
fixing three-device-handshake
vb@2831
     1
// This file is under BSD License 2.0
vb@2831
     2
vb@2831
     3
// Sync protocol for p≡p
vb@4340
     4
// Copyright (c) 2016-2020, p≡p foundation
vb@2831
     5
vb@2831
     6
// Written by Volker Birk
vb@2831
     7
vb@2831
     8
include ./fsm.yml2
vb@2831
     9
vb@2831
    10
protocol Sync 1 {
vb@2831
    11
    // all messages have a timestamp, time out and are removed after timeout
vb@2831
    12
andreas@3892
    13
    fsm KeySync 1, threshold=300 {
vb@2831
    14
        version 1, 2;
vb@2913
    15
vb@2831
    16
        state InitState {
vb@2831
    17
            on Init {
vb@2831
    18
                if deviceGrouped
vb@2831
    19
                    go Grouped;
vb@4051
    20
                do newChallengeAndNegotiationBase;
vb@4339
    21
                debug > initial Beacon
vb@4051
    22
                send Beacon;
vb@2831
    23
                go Sole;
vb@2831
    24
            }
vb@2831
    25
        }
vb@2831
    26
vb@2908
    27
        state Sole timeout=off {
vb@2831
    28
            on Init {
vb@3525
    29
                do showBeingSole;
vb@2831
    30
            }
vb@2831
    31
vb@3601
    32
            on KeyGen {
vb@4338
    33
                debug > key generated
vb@2865
    34
                send Beacon;
vb@3601
    35
            }
vb@2831
    36
vb@4338
    37
            on CannotDecrypt {
vb@4338
    38
                debug > cry, baby
vb@2865
    39
                send Beacon;
vb@3601
    40
            }
vb@2831
    41
vb@2831
    42
            on Beacon {
vb@3514
    43
                if sameChallenge {
vb@4337
    44
                    debug > this is our own Beacon; ignore
vb@2907
    45
                }
vb@3514
    46
                else {
vb@3825
    47
                    if weAreOfferer {
vb@3779
    48
                        do useOwnChallenge;
vb@4339
    49
                        debug > we are Offerer
vb@3514
    50
                        send Beacon;
vb@3514
    51
                    }
vb@3825
    52
                    else /* we are requester */ {
vb@3781
    53
                        do openNegotiation;
vb@3518
    54
                        do tellWeAreNotGrouped;
vb@3825
    55
                        // requester is sending NegotiationRequest
vb@4339
    56
                        do useOwnResponse;
vb@3556
    57
                        send NegotiationRequest;
vb@3605
    58
                        do useOwnChallenge;
vb@3514
    59
                    }
vb@2902
    60
                }
vb@2831
    61
            }
vb@2831
    62
vb@4130
    63
            // we get this from another sole device
vb@3601
    64
            on NegotiationRequest {
vb@3779
    65
                if sameChallenge { // challenge accepted
vb@4339
    66
                    do storeNegotiation;
vb@4339
    67
                    // offerer is accepting by confirming NegotiationOpen
vb@4341
    68
                    // repeating response is implicit
vb@4339
    69
                    send NegotiationOpen;
vb@4339
    70
                    go HandshakingOfferer;
vb@2831
    71
                }
vb@2831
    72
            }
vb@3341
    73
vb@4130
    74
            // we get this from an existing device group
vb@4130
    75
            on NegotiationRequestGrouped {
vb@4339
    76
                if sameChallenge { // challenge accepted
vb@4130
    77
                    do storeNegotiation;
vb@4130
    78
                    // offerer is accepting by confirming NegotiationOpen
vb@4341
    79
                    // repeating response is implicit
vb@4130
    80
                    send NegotiationOpen;
vb@4130
    81
                    go HandshakingToJoin;
vb@4130
    82
                }
vb@4130
    83
            }
vb@4130
    84
vb@4339
    85
            on NegotiationOpen {
vb@4339
    86
                if sameResponse {
vb@4339
    87
                    debug > Requester is receiving NegotiationOpen
vb@4339
    88
                    do storeNegotiation;
vb@4339
    89
                    go HandshakingRequester;
vb@4339
    90
                }
vb@4339
    91
                else {
vb@4339
    92
                    debug > cannot approve NegotiationOpen
vb@4339
    93
                }
vb@3509
    94
            }
vb@2831
    95
        }
vb@2831
    96
vb@2831
    97
        // handshaking without existing Device group
vb@3825
    98
        state HandshakingOfferer timeout=600 {
vb@3470
    99
            on Init
vb@2831
   100
                do showSoleHandshake;
vb@2831
   101
vb@2831
   102
            // Cancel is Rollback
vb@2831
   103
            on Cancel {
vb@2865
   104
                send Rollback;
vb@2831
   105
                go Sole;
vb@2831
   106
            }
vb@2831
   107
vb@4341
   108
            on Rollback {
vb@4341
   109
                if sameNegotiationAndPartner
vb@4341
   110
                    go Sole;
vb@4341
   111
            }
vb@2831
   112
vb@2831
   113
            // Reject is CommitReject
vb@2831
   114
            on Reject {
vb@2865
   115
                send CommitReject;
vb@2831
   116
                do disable;
vb@2831
   117
                go End;
vb@2831
   118
            }
vb@2831
   119
vb@4341
   120
            on CommitReject {
vb@4341
   121
                if sameNegotiationAndPartner {
vb@4341
   122
                    do disable;
vb@4341
   123
                    go End;
vb@4341
   124
                }
vb@2831
   125
            }
vb@2831
   126
vb@3509
   127
            // Accept means init Phase1Commit
vb@2831
   128
            on Accept {
vb@3516
   129
                do trustThisKey;
vb@3825
   130
                send CommitAcceptOfferer;
vb@3825
   131
                go HandshakingPhase1Offerer;
vb@3509
   132
            }
vb@3509
   133
vb@3825
   134
            // got a CommitAccept from requester
vb@4341
   135
            on CommitAcceptRequester {
vb@4341
   136
                if sameNegotiationAndPartner
vb@4341
   137
                    go HandshakingPhase2Offerer;
vb@4341
   138
            }
vb@3509
   139
        }
vb@3509
   140
vb@3509
   141
        // handshaking without existing Device group
vb@3825
   142
        state HandshakingRequester timeout=600 {
vb@3509
   143
            on Init
vb@3509
   144
                do showSoleHandshake;
vb@3509
   145
vb@3509
   146
            // Cancel is Rollback
vb@3509
   147
            on Cancel {
vb@3509
   148
                send Rollback;
vb@3509
   149
                go Sole;
vb@3509
   150
            }
vb@3509
   151
vb@4341
   152
            on Rollback {
vb@4341
   153
                if sameNegotiationAndPartner
vb@4341
   154
                    go Sole;
vb@4341
   155
            }
vb@3509
   156
vb@3509
   157
            // Reject is CommitReject
vb@3509
   158
            on Reject {
vb@3509
   159
                send CommitReject;
vb@3509
   160
                do disable;
vb@3509
   161
                go End;
vb@3509
   162
            }
vb@3509
   163
vb@4341
   164
            on CommitReject {
vb@4341
   165
                if sameNegotiationAndPartner {
vb@4341
   166
                    do disable;
vb@4341
   167
                    go End;
vb@4341
   168
                }
vb@3509
   169
            }
vb@3509
   170
vb@3509
   171
            // Accept means init Phase1Commit
vb@3509
   172
            on Accept {
vb@3516
   173
                do trustThisKey;
vb@3825
   174
                send CommitAcceptRequester;
vb@3825
   175
                go HandshakingPhase1Requester;
vb@3509
   176
            }
vb@3509
   177
vb@3825
   178
            // got a CommitAccept from offerer
vb@4341
   179
            on CommitAcceptOfferer {
vb@4341
   180
                if sameNegotiationAndPartner
vb@4341
   181
                    go HandshakingPhase2Requester;
vb@4341
   182
            }
vb@3509
   183
        }
vb@3509
   184
vb@3825
   185
        state HandshakingPhase1Offerer {
vb@4341
   186
            on Rollback {
vb@4341
   187
                if sameNegotiationAndPartner {
vb@4341
   188
                    do untrustThisKey;
vb@4341
   189
                    go Sole;
vb@4341
   190
                }
vb@3524
   191
            }
vb@3509
   192
            
vb@4341
   193
            on CommitReject {
vb@4341
   194
                if sameNegotiationAndPartner {
vb@4341
   195
                    do untrustThisKey;
vb@4341
   196
                    do disable;
vb@4341
   197
                    go End;
vb@4341
   198
                }
vb@2831
   199
            }
vb@2831
   200
vb@4341
   201
            on CommitAcceptRequester {
vb@4341
   202
                if sameNegotiationAndPartner
vb@4341
   203
                    go FormingGroupOfferer;
vb@3550
   204
            }
vb@2831
   205
        }
vb@2831
   206
vb@3825
   207
        state HandshakingPhase1Requester {
vb@4341
   208
            on Rollback {
vb@4341
   209
                if sameNegotiationAndPartner {
vb@4341
   210
                    do untrustThisKey;
vb@4341
   211
                    go Sole;
vb@4341
   212
                }
vb@3524
   213
            }
vb@2831
   214
            
vb@4341
   215
            on CommitReject {
vb@4341
   216
                if sameNegotiationAndPartner {
vb@4341
   217
                    do untrustThisKey;
vb@4341
   218
                    do disable;
vb@4341
   219
                    go End;
vb@4341
   220
                }
vb@2831
   221
            }
vb@2831
   222
vb@4341
   223
            on CommitAcceptOfferer {
vb@4341
   224
                if sameNegotiationAndPartner
vb@4341
   225
                    go FormingGroupRequester;
vb@3550
   226
            }
vb@2831
   227
        }
vb@2831
   228
vb@3825
   229
        state HandshakingPhase2Offerer {
vb@2831
   230
            on Cancel {
vb@2865
   231
                send Rollback;
vb@2831
   232
                go Sole;
vb@2831
   233
            }
vb@2831
   234
vb@2831
   235
            on Reject {
vb@2865
   236
                send CommitReject;
vb@2831
   237
                do disable;
vb@2831
   238
                go End;
vb@2831
   239
            }
vb@2831
   240
vb@3516
   241
            on Accept {
vb@4177
   242
                do trustThisKey;
vb@3825
   243
                send CommitAcceptOfferer;
vb@3825
   244
                go FormingGroupOfferer;
vb@3516
   245
            }
vb@2831
   246
        }
vb@2831
   247
vb@3825
   248
        state HandshakingPhase2Requester {
vb@3517
   249
            on Cancel {
vb@3517
   250
                send Rollback;
vb@3517
   251
                go Sole;
vb@3517
   252
            }
vb@3517
   253
vb@3517
   254
            on Reject {
vb@3517
   255
                send CommitReject;
vb@3517
   256
                do disable;
vb@3517
   257
                go End;
vb@3517
   258
            }
vb@3517
   259
vb@3517
   260
            on Accept {
vb@4177
   261
                do trustThisKey;
vb@3825
   262
                send CommitAcceptRequester;
vb@3825
   263
                go FormingGroupRequester;
vb@3517
   264
            }
vb@3517
   265
        }
vb@3517
   266
vb@3825
   267
        state FormingGroupOfferer {
vb@3517
   268
            on Init {
vb@3517
   269
                do prepareOwnKeys;
vb@4341
   270
                send OwnKeysOfferer;
vb@4341
   271
                debug > we're not grouped yet, this is our own keys
vb@3517
   272
            }
vb@3517
   273
vb@3971
   274
            on Cancel {
vb@3971
   275
                send Rollback;
vb@3971
   276
                go Sole;
vb@3971
   277
            }
vb@3971
   278
vb@3971
   279
            on Rollback
vb@3971
   280
                go Sole;
vb@3971
   281
vb@4341
   282
            on OwnKeysRequester {
vb@4341
   283
                if sameNegotiationAndPartner {
vb@4341
   284
                    do saveGroupKeys;
vb@4341
   285
                    do receivedKeysAreDefaultKeys;
vb@4341
   286
                    do showGroupCreated;
vb@4341
   287
                    go Grouped;
vb@4341
   288
                }
vb@3517
   289
            }
vb@3517
   290
        }
vb@3517
   291
vb@3825
   292
        state FormingGroupRequester {
vb@3971
   293
            on Cancel {
vb@3971
   294
                send Rollback;
vb@3971
   295
                go Sole;
vb@3390
   296
            }
vb@2831
   297
vb@3971
   298
            on Rollback
vb@3971
   299
                go Sole;
vb@3971
   300
vb@4341
   301
            on OwnKeysOfferer {
vb@4341
   302
                if sameNegotiationAndPartner {
vb@4341
   303
                    do saveGroupKeys;
vb@4341
   304
                    do prepareOwnKeys;
vb@4341
   305
                    do ownKeysAreDefaultKeys;
vb@4341
   306
                    send OwnKeysRequester;
vb@4341
   307
                    do showGroupCreated;
vb@4341
   308
                    go Grouped;
vb@4341
   309
                }
vb@2831
   310
            }
vb@2831
   311
        }
vb@2831
   312
vb@3518
   313
        state Grouped timeout=off {
vb@3525
   314
            on Init {
vb@3781
   315
                do newChallengeAndNegotiationBase;
vb@3525
   316
                do showBeingInGroup;
vb@3525
   317
            }
vb@3518
   318
vb@4341
   319
            on GroupKeysUpdate {
vb@4341
   320
                if fromGroupMember // double check
vb@4341
   321
                    do saveGroupKeys;
vb@4341
   322
            }
vb@3518
   323
vb@3543
   324
            on KeyGen {
vb@3543
   325
                do prepareOwnKeys;
vb@4251
   326
                send GroupKeysUpdate;
vb@3543
   327
            }
vb@3518
   328
vb@3518
   329
            on Beacon {
vb@3781
   330
                do openNegotiation;
vb@3518
   331
                do tellWeAreGrouped;
vb@4354
   332
                do useOwnResponse;
vb@4130
   333
                send NegotiationRequestGrouped;
vb@3605
   334
                do useOwnChallenge;
vb@3518
   335
            }
vb@3518
   336
vb@4341
   337
            on NegotiationOpen {
vb@4354
   338
                if sameResponse {
vb@4341
   339
                    do storeNegotiation;
vb@4341
   340
                    do useThisKey;
vb@4341
   341
                    send GroupHandshake;
vb@4341
   342
                    go HandshakingGrouped;
vb@4341
   343
                }
vb@4354
   344
                else {
vb@4354
   345
                    debug > cannot approve NegotiationOpen
vb@4354
   346
                }
vb@3791
   347
            }
vb@4140
   348
vb@4130
   349
            on GroupHandshake {
vb@4141
   350
                do storeNegotiation;
vb@4132
   351
                do storeThisKey;
vb@4130
   352
                go HandshakingGrouped;
vb@4130
   353
            }
vb@4140
   354
vb@4341
   355
            on GroupTrustThisKey {
vb@4341
   356
                if fromGroupMember // double check
vb@4341
   357
                    do trustThisKey;
vb@4341
   358
            }
vb@4240
   359
vb@4289
   360
            // this is for a leaving group member
vb@4240
   361
            on GroupKeyResetRequiredAndDisable {
vb@4287
   362
                send InitUnledGroupKeyReset;
vb@4287
   363
                go DisableOnInitUnledGroupKeyReset;
vb@4240
   364
            }
vb@4240
   365
vb@4287
   366
            on InitUnledGroupKeyReset {
vb@4338
   367
                debug > unled group key reset; new group keys will be elected
vb@4341
   368
                do useOwnResponse;
vb@4341
   369
                send ElectGroupKeyResetLeader;
vb@4347
   370
                go GroupKeyResetElection;
vb@4287
   371
            }
vb@4341
   372
        }
vb@4341
   373
vb@4347
   374
        state GroupKeyResetElection {
vb@4341
   375
            on ElectGroupKeyResetLeader {
vb@4341
   376
                if sameResponse {
vb@4342
   377
                    // the first one is from us, we're leading this
vb@4343
   378
                    do resetOwnGroupedKeys;
vb@4341
   379
                    go Grouped;
vb@4341
   380
                }
vb@4287
   381
                else {
vb@4342
   382
                    // the first one is not from us
vb@4341
   383
                    go Grouped;
vb@4287
   384
                }
vb@4240
   385
            }
vb@3518
   386
        }
vb@3518
   387
vb@4287
   388
        state DisableOnInitUnledGroupKeyReset {
vb@4287
   389
            on InitUnledGroupKeyReset
vb@4244
   390
                do disable;
vb@4244
   391
        }
vb@4244
   392
vb@3519
   393
        // sole device handshaking with group
vb@3825
   394
        state HandshakingToJoin {
vb@2831
   395
            on Init
vb@2831
   396
                do showJoinGroupHandshake;
vb@2831
   397
vb@2831
   398
            // Cancel is Rollback
vb@2831
   399
            on Cancel {
vb@2865
   400
                send Rollback;
vb@2831
   401
                go Sole;
vb@2831
   402
            }
vb@2831
   403
vb@4341
   404
            on Rollback {
vb@4341
   405
                if sameNegotiationAndPartner
vb@4341
   406
                    go Sole;
vb@4341
   407
            }
vb@2831
   408
vb@2831
   409
            // Reject is CommitReject
vb@2831
   410
            on Reject {
vb@2865
   411
                send CommitReject;
vb@2831
   412
                do disable;
vb@2831
   413
                go End;
vb@2831
   414
            }
vb@2831
   415
vb@4341
   416
            on CommitAcceptForGroup {
vb@4341
   417
                if sameNegotiationAndPartner
vb@4341
   418
                    go HandshakingToJoinPhase2;
vb@4341
   419
            }
vb@3814
   420
vb@4341
   421
            on CommitReject {
vb@4341
   422
                if sameNegotiationAndPartner {
vb@4341
   423
                    do disable;
vb@4341
   424
                    go End;
vb@4341
   425
                }
vb@2831
   426
            }
vb@2831
   427
vb@2831
   428
            // Accept is Phase1Commit
vb@2831
   429
            on Accept {
vb@3516
   430
                do trustThisKey;
vb@2865
   431
                send CommitAccept;
vb@3825
   432
                go HandshakingToJoinPhase1;
vb@2831
   433
            }
vb@2831
   434
        }
vb@2831
   435
vb@3825
   436
        state HandshakingToJoinPhase1 {
vb@4341
   437
            on Rollback {
vb@4341
   438
                if sameNegotiationAndPartner
vb@4341
   439
                    go Sole;
vb@2831
   440
            }
vb@2831
   441
vb@4341
   442
            on CommitReject {
vb@4341
   443
                if sameNegotiationAndPartner {
vb@4341
   444
                    do disable;
vb@4341
   445
                    go End;
vb@4341
   446
                }
vb@4341
   447
            }
vb@4341
   448
vb@4341
   449
            on CommitAcceptForGroup {
vb@4341
   450
                if sameNegotiationAndPartner
vb@4341
   451
                    go JoiningGroup;
vb@4341
   452
            }
vb@2831
   453
        }
vb@2831
   454
vb@3825
   455
        state HandshakingToJoinPhase2 {
vb@2831
   456
            on Cancel {
vb@2865
   457
                send Rollback;
vb@2831
   458
                go Sole;
vb@2831
   459
            }
vb@2831
   460
vb@2831
   461
            on Reject {
vb@2865
   462
                send CommitReject;
vb@2831
   463
                do disable;
vb@2831
   464
                go End;
vb@2831
   465
            }
vb@2831
   466
vb@3516
   467
            on Accept {
vb@3516
   468
                do trustThisKey;
vb@4177
   469
                send CommitAccept;
vb@3825
   470
                go JoiningGroup;
vb@3516
   471
            }
vb@2831
   472
        }
vb@2831
   473
vb@3825
   474
        state JoiningGroup {
vb@4341
   475
            on GroupKeysForNewMember {
vb@4341
   476
                if sameNegotiationAndPartner {
vb@4341
   477
                    do saveGroupKeys;
vb@4341
   478
                    do receivedKeysAreDefaultKeys;
vb@4341
   479
                    do prepareOwnKeys;
vb@4341
   480
                    send GroupKeysAndClose;
vb@4341
   481
                    do showDeviceAdded;
vb@4341
   482
                    go Grouped;
vb@4341
   483
                }
vb@3509
   484
            }
vb@3509
   485
        }
vb@3509
   486
vb@2831
   487
        state HandshakingGrouped {
vb@2831
   488
            on Init
vb@2831
   489
                do showGroupedHandshake;
vb@2831
   490
    
vb@2831
   491
            // Cancel is Rollback
vb@2831
   492
            on Cancel {
vb@2865
   493
                send Rollback;
vb@2831
   494
                go Grouped;
vb@2831
   495
            }
vb@2831
   496
vb@4341
   497
            on Rollback {
vb@4341
   498
                if sameNegotiationAndPartner
vb@4341
   499
                    go Grouped;
vb@4341
   500
            }
vb@2831
   501
vb@2831
   502
            // Reject is CommitReject
vb@2831
   503
            on Reject {
vb@2865
   504
                send CommitReject;
vb@2831
   505
                go Grouped;
vb@2831
   506
            }
vb@2831
   507
vb@4341
   508
            on CommitReject {
vb@4341
   509
                if sameNegotiationAndPartner
vb@4341
   510
                    go Grouped;
vb@4341
   511
            }
vb@2831
   512
vb@2831
   513
            // Accept is Phase1Commit
vb@2831
   514
            on Accept {
vb@3516
   515
                do trustThisKey;
vb@2831
   516
                go HandshakingGroupedPhase1;
vb@2831
   517
            }
vb@2831
   518
vb@4341
   519
            on CommitAccept {
vb@4341
   520
                if sameNegotiationAndPartner
vb@4341
   521
                    go HandshakingGroupedPhase2;
vb@3524
   522
            }
vb@3524
   523
vb@4341
   524
            on GroupTrustThisKey {
vb@4341
   525
                if fromGroupMember { // double check
vb@4341
   526
                    do trustThisKey;
vb@4341
   527
                    if sameNegotiation
vb@4341
   528
                        go Grouped;
vb@4341
   529
                }
vb@4341
   530
            }
vb@4341
   531
vb@4341
   532
            on GroupKeysUpdate {
vb@4341
   533
                if fromGroupMember // double check
vb@4341
   534
                    do saveGroupKeys;
vb@4341
   535
            }
vb@2831
   536
        }
vb@2831
   537
vb@2831
   538
        state HandshakingGroupedPhase1 {
vb@4168
   539
            on Init {
vb@4168
   540
                send GroupTrustThisKey;
vb@4168
   541
                send CommitAcceptForGroup;
vb@4168
   542
            }
vb@4168
   543
vb@4341
   544
            on Rollback {
vb@4341
   545
                if sameNegotiationAndPartner
vb@4341
   546
                    go Grouped;
vb@2831
   547
            }
vb@2831
   548
vb@4341
   549
            on CommitReject {
vb@4341
   550
                if sameNegotiationAndPartner
vb@4341
   551
                    go Grouped;
vb@4341
   552
            }
vb@3524
   553
vb@4341
   554
            on CommitAccept {
vb@4341
   555
                if sameNegotiationAndPartner {
vb@4341
   556
                    do prepareOwnKeys;
vb@4341
   557
                    send GroupKeysForNewMember;
vb@4341
   558
                    do showDeviceAccepted;
vb@4341
   559
                    go Grouped;
vb@4341
   560
                }
vb@4341
   561
            }
vb@4341
   562
vb@4341
   563
            on GroupTrustThisKey {
vb@4341
   564
                if fromGroupMember // double check
vb@4341
   565
                    do trustThisKey;
vb@4341
   566
            }
vb@4341
   567
vb@4341
   568
            on GroupKeysUpdate {
vb@4341
   569
                if fromGroupMember // double check
vb@4341
   570
                    do saveGroupKeys;
vb@4341
   571
            }
vb@4341
   572
vb@4341
   573
            on GroupKeysAndClose {
vb@4341
   574
                if fromGroupMember { // double check
vb@4341
   575
                    do saveGroupKeys;
vb@4341
   576
                    go Grouped;
vb@4341
   577
                }
vb@4168
   578
            }
vb@2831
   579
        }
vb@2831
   580
vb@3521
   581
        state HandshakingGroupedPhase2 {
vb@2831
   582
            on Cancel {
vb@2865
   583
                send Rollback;
vb@2831
   584
                go Grouped;
vb@2831
   585
            }
vb@2831
   586
vb@2831
   587
            on Reject {
vb@2865
   588
                send CommitReject;
vb@2831
   589
                go Grouped;
vb@2831
   590
            }
vb@2831
   591
vb@2831
   592
            on Accept {
vb@3516
   593
                do trustThisKey;
vb@3523
   594
                send GroupTrustThisKey;
vb@3788
   595
                do prepareOwnKeys;
vb@4251
   596
                send GroupKeysForNewMember;
vb@4167
   597
                do showDeviceAccepted;
vb@2831
   598
                go Grouped;
vb@2831
   599
            }
vb@2831
   600
vb@4341
   601
            on GroupTrustThisKey {
vb@4341
   602
                if fromGroupMember // double check
vb@4341
   603
                    do trustThisKey;
vb@4341
   604
            }
vb@3524
   605
vb@4341
   606
            on GroupKeysUpdate {
vb@4341
   607
                if fromGroupMember // double check
vb@4341
   608
                    do saveGroupKeys;
vb@4341
   609
            }
vb@4341
   610
vb@4341
   611
            on GroupKeysAndClose {
vb@4341
   612
                if fromGroupMember { // double check
vb@4341
   613
                    do saveGroupKeys;
vb@4341
   614
                    go Grouped;
vb@4341
   615
                }
vb@4168
   616
            }
vb@2831
   617
        }
vb@2831
   618
 
vb@3384
   619
        external Accept 129;
vb@3384
   620
        external Reject 130;
vb@3384
   621
        external Cancel 131;
vb@2831
   622
vb@2867
   623
        // beacons are always broadcasted
vb@2867
   624
vb@2876
   625
        message Beacon 2, type=broadcast, security=unencrypted {
vb@2831
   626
            field TID challenge;
vb@2831
   627
            auto Version version;
vb@2831
   628
        }
vb@2831
   629
vb@3556
   630
        message NegotiationRequest 3, security=untrusted {
vb@2831
   631
            field TID challenge;
vb@4339
   632
            field TID response;
vb@2831
   633
            auto Version version;
vb@3550
   634
            field TID negotiation;
vb@2831
   635
            field bool is_group;
vb@2831
   636
        }
vb@2831
   637
vb@3556
   638
        message NegotiationOpen 4, security=untrusted {
vb@4339
   639
            field TID response;
vb@3379
   640
            auto Version version;
vb@3550
   641
            field TID negotiation;
vb@2831
   642
        }
vb@2831
   643
vb@2876
   644
        message Rollback 5, security=untrusted {
vb@3550
   645
            field TID negotiation;
vb@2831
   646
        }
vb@2831
   647
vb@2876
   648
        message CommitReject 6, security=untrusted {
vb@3550
   649
            field TID negotiation;
vb@2831
   650
        }
vb@2831
   651
vb@3825
   652
        message CommitAcceptOfferer 7, security=untrusted {
vb@3550
   653
            field TID negotiation;
vb@2831
   654
        }
vb@2831
   655
vb@3825
   656
        message CommitAcceptRequester 8, security=untrusted {
vb@3550
   657
            field TID negotiation;
vb@3550
   658
        }
vb@3550
   659
vb@3550
   660
        message CommitAccept 9, security=untrusted {
vb@3550
   661
            field TID negotiation;
vb@3550
   662
        }
vb@3550
   663
vb@3550
   664
        message CommitAcceptForGroup 10, security=untrusted {
vb@3550
   665
            field TID negotiation;
vb@3439
   666
        }
vb@3439
   667
vb@4289
   668
        // default: security=truste
vb@4289
   669
        // messages are only accepted when coming from the device group
vb@3550
   670
        message GroupTrustThisKey 11 {
vb@3523
   671
            field Hash key;
vb@4148
   672
            field TID negotiation;
vb@3523
   673
        }
vb@3523
   674
vb@3594
   675
        // trust in future
vb@4251
   676
        message GroupKeysForNewMember 12, security=attach_own_keys_for_new_member {
vb@3390
   677
            field IdentityList ownIdentities;
vb@2831
   678
        }
vb@2831
   679
vb@4251
   680
        message GroupKeysAndClose 13, security=attach_own_keys_for_new_member {
vb@3550
   681
            field IdentityList ownIdentities;
vb@3550
   682
        }
vb@3550
   683
vb@4251
   684
        message OwnKeysOfferer 14, security=attach_own_keys_for_new_member {
vb@4168
   685
            field IdentityList ownIdentities;
vb@4168
   686
        }
vb@4168
   687
vb@4251
   688
        message OwnKeysRequester 15, security=attach_own_keys_for_new_member {
vb@3390
   689
            field IdentityList ownIdentities;
vb@2831
   690
        }
vb@4130
   691
vb@4130
   692
        // grouped handshake
vb@4168
   693
        message NegotiationRequestGrouped 16, security=untrusted {
vb@4130
   694
            field TID challenge;
vb@4341
   695
            field TID response;
vb@4130
   696
            auto Version version;
vb@4130
   697
            field TID negotiation;
vb@4130
   698
            field bool is_group;
vb@4130
   699
        }
vb@4130
   700
vb@4168
   701
        message GroupHandshake 17 {
vb@4130
   702
            field TID negotiation;
vb@4132
   703
            field Hash key;
vb@4130
   704
        }
vb@4237
   705
vb@4251
   706
        // update group
vb@4251
   707
        message GroupKeysUpdate 18, security=attach_own_keys_for_group {
vb@4251
   708
            field IdentityList ownIdentities;
vb@4237
   709
        }
vb@4237
   710
vb@4287
   711
        // initiate unled group key reset
vb@4287
   712
        message InitUnledGroupKeyReset 19 {
vb@4251
   713
        }
vb@4251
   714
vb@4341
   715
        message ElectGroupKeyResetLeader 20 {
vb@4341
   716
            field TID response;
vb@4341
   717
        }
vb@2831
   718
    }
vb@2831
   719
}
vb@2831
   720