sync/sync.fsm
author Volker Birk <vb@pep-project.org>
Mon, 20 Jan 2020 10:52:36 +0100
branchsync
changeset 4354 33701483ccbd
parent 4347 ae908566162e
child 4358 0f4c24ab43b6
permissions -rw-r--r--
fixing three-device-handshake
     1 // This file is under BSD License 2.0
     2 
     3 // Sync protocol for p≡p
     4 // Copyright (c) 2016-2020, p≡p foundation
     5 
     6 // Written by Volker Birk
     7 
     8 include ./fsm.yml2
     9 
    10 protocol Sync 1 {
    11     // all messages have a timestamp, time out and are removed after timeout
    12 
    13     fsm KeySync 1, threshold=300 {
    14         version 1, 2;
    15 
    16         state InitState {
    17             on Init {
    18                 if deviceGrouped
    19                     go Grouped;
    20                 do newChallengeAndNegotiationBase;
    21                 debug > initial Beacon
    22                 send Beacon;
    23                 go Sole;
    24             }
    25         }
    26 
    27         state Sole timeout=off {
    28             on Init {
    29                 do showBeingSole;
    30             }
    31 
    32             on KeyGen {
    33                 debug > key generated
    34                 send Beacon;
    35             }
    36 
    37             on CannotDecrypt {
    38                 debug > cry, baby
    39                 send Beacon;
    40             }
    41 
    42             on Beacon {
    43                 if sameChallenge {
    44                     debug > this is our own Beacon; ignore
    45                 }
    46                 else {
    47                     if weAreOfferer {
    48                         do useOwnChallenge;
    49                         debug > we are Offerer
    50                         send Beacon;
    51                     }
    52                     else /* we are requester */ {
    53                         do openNegotiation;
    54                         do tellWeAreNotGrouped;
    55                         // requester is sending NegotiationRequest
    56                         do useOwnResponse;
    57                         send NegotiationRequest;
    58                         do useOwnChallenge;
    59                     }
    60                 }
    61             }
    62 
    63             // we get this from another sole device
    64             on NegotiationRequest {
    65                 if sameChallenge { // challenge accepted
    66                     do storeNegotiation;
    67                     // offerer is accepting by confirming NegotiationOpen
    68                     // repeating response is implicit
    69                     send NegotiationOpen;
    70                     go HandshakingOfferer;
    71                 }
    72             }
    73 
    74             // we get this from an existing device group
    75             on NegotiationRequestGrouped {
    76                 if sameChallenge { // challenge accepted
    77                     do storeNegotiation;
    78                     // offerer is accepting by confirming NegotiationOpen
    79                     // repeating response is implicit
    80                     send NegotiationOpen;
    81                     go HandshakingToJoin;
    82                 }
    83             }
    84 
    85             on NegotiationOpen {
    86                 if sameResponse {
    87                     debug > Requester is receiving NegotiationOpen
    88                     do storeNegotiation;
    89                     go HandshakingRequester;
    90                 }
    91                 else {
    92                     debug > cannot approve NegotiationOpen
    93                 }
    94             }
    95         }
    96 
    97         // handshaking without existing Device group
    98         state HandshakingOfferer timeout=600 {
    99             on Init
   100                 do showSoleHandshake;
   101 
   102             // Cancel is Rollback
   103             on Cancel {
   104                 send Rollback;
   105                 go Sole;
   106             }
   107 
   108             on Rollback {
   109                 if sameNegotiationAndPartner
   110                     go Sole;
   111             }
   112 
   113             // Reject is CommitReject
   114             on Reject {
   115                 send CommitReject;
   116                 do disable;
   117                 go End;
   118             }
   119 
   120             on CommitReject {
   121                 if sameNegotiationAndPartner {
   122                     do disable;
   123                     go End;
   124                 }
   125             }
   126 
   127             // Accept means init Phase1Commit
   128             on Accept {
   129                 do trustThisKey;
   130                 send CommitAcceptOfferer;
   131                 go HandshakingPhase1Offerer;
   132             }
   133 
   134             // got a CommitAccept from requester
   135             on CommitAcceptRequester {
   136                 if sameNegotiationAndPartner
   137                     go HandshakingPhase2Offerer;
   138             }
   139         }
   140 
   141         // handshaking without existing Device group
   142         state HandshakingRequester timeout=600 {
   143             on Init
   144                 do showSoleHandshake;
   145 
   146             // Cancel is Rollback
   147             on Cancel {
   148                 send Rollback;
   149                 go Sole;
   150             }
   151 
   152             on Rollback {
   153                 if sameNegotiationAndPartner
   154                     go Sole;
   155             }
   156 
   157             // Reject is CommitReject
   158             on Reject {
   159                 send CommitReject;
   160                 do disable;
   161                 go End;
   162             }
   163 
   164             on CommitReject {
   165                 if sameNegotiationAndPartner {
   166                     do disable;
   167                     go End;
   168                 }
   169             }
   170 
   171             // Accept means init Phase1Commit
   172             on Accept {
   173                 do trustThisKey;
   174                 send CommitAcceptRequester;
   175                 go HandshakingPhase1Requester;
   176             }
   177 
   178             // got a CommitAccept from offerer
   179             on CommitAcceptOfferer {
   180                 if sameNegotiationAndPartner
   181                     go HandshakingPhase2Requester;
   182             }
   183         }
   184 
   185         state HandshakingPhase1Offerer {
   186             on Rollback {
   187                 if sameNegotiationAndPartner {
   188                     do untrustThisKey;
   189                     go Sole;
   190                 }
   191             }
   192             
   193             on CommitReject {
   194                 if sameNegotiationAndPartner {
   195                     do untrustThisKey;
   196                     do disable;
   197                     go End;
   198                 }
   199             }
   200 
   201             on CommitAcceptRequester {
   202                 if sameNegotiationAndPartner
   203                     go FormingGroupOfferer;
   204             }
   205         }
   206 
   207         state HandshakingPhase1Requester {
   208             on Rollback {
   209                 if sameNegotiationAndPartner {
   210                     do untrustThisKey;
   211                     go Sole;
   212                 }
   213             }
   214             
   215             on CommitReject {
   216                 if sameNegotiationAndPartner {
   217                     do untrustThisKey;
   218                     do disable;
   219                     go End;
   220                 }
   221             }
   222 
   223             on CommitAcceptOfferer {
   224                 if sameNegotiationAndPartner
   225                     go FormingGroupRequester;
   226             }
   227         }
   228 
   229         state HandshakingPhase2Offerer {
   230             on Cancel {
   231                 send Rollback;
   232                 go Sole;
   233             }
   234 
   235             on Reject {
   236                 send CommitReject;
   237                 do disable;
   238                 go End;
   239             }
   240 
   241             on Accept {
   242                 do trustThisKey;
   243                 send CommitAcceptOfferer;
   244                 go FormingGroupOfferer;
   245             }
   246         }
   247 
   248         state HandshakingPhase2Requester {
   249             on Cancel {
   250                 send Rollback;
   251                 go Sole;
   252             }
   253 
   254             on Reject {
   255                 send CommitReject;
   256                 do disable;
   257                 go End;
   258             }
   259 
   260             on Accept {
   261                 do trustThisKey;
   262                 send CommitAcceptRequester;
   263                 go FormingGroupRequester;
   264             }
   265         }
   266 
   267         state FormingGroupOfferer {
   268             on Init {
   269                 do prepareOwnKeys;
   270                 send OwnKeysOfferer;
   271                 debug > we're not grouped yet, this is our own keys
   272             }
   273 
   274             on Cancel {
   275                 send Rollback;
   276                 go Sole;
   277             }
   278 
   279             on Rollback
   280                 go Sole;
   281 
   282             on OwnKeysRequester {
   283                 if sameNegotiationAndPartner {
   284                     do saveGroupKeys;
   285                     do receivedKeysAreDefaultKeys;
   286                     do showGroupCreated;
   287                     go Grouped;
   288                 }
   289             }
   290         }
   291 
   292         state FormingGroupRequester {
   293             on Cancel {
   294                 send Rollback;
   295                 go Sole;
   296             }
   297 
   298             on Rollback
   299                 go Sole;
   300 
   301             on OwnKeysOfferer {
   302                 if sameNegotiationAndPartner {
   303                     do saveGroupKeys;
   304                     do prepareOwnKeys;
   305                     do ownKeysAreDefaultKeys;
   306                     send OwnKeysRequester;
   307                     do showGroupCreated;
   308                     go Grouped;
   309                 }
   310             }
   311         }
   312 
   313         state Grouped timeout=off {
   314             on Init {
   315                 do newChallengeAndNegotiationBase;
   316                 do showBeingInGroup;
   317             }
   318 
   319             on GroupKeysUpdate {
   320                 if fromGroupMember // double check
   321                     do saveGroupKeys;
   322             }
   323 
   324             on KeyGen {
   325                 do prepareOwnKeys;
   326                 send GroupKeysUpdate;
   327             }
   328 
   329             on Beacon {
   330                 do openNegotiation;
   331                 do tellWeAreGrouped;
   332                 do useOwnResponse;
   333                 send NegotiationRequestGrouped;
   334                 do useOwnChallenge;
   335             }
   336 
   337             on NegotiationOpen {
   338                 if sameResponse {
   339                     do storeNegotiation;
   340                     do useThisKey;
   341                     send GroupHandshake;
   342                     go HandshakingGrouped;
   343                 }
   344                 else {
   345                     debug > cannot approve NegotiationOpen
   346                 }
   347             }
   348 
   349             on GroupHandshake {
   350                 do storeNegotiation;
   351                 do storeThisKey;
   352                 go HandshakingGrouped;
   353             }
   354 
   355             on GroupTrustThisKey {
   356                 if fromGroupMember // double check
   357                     do trustThisKey;
   358             }
   359 
   360             // this is for a leaving group member
   361             on GroupKeyResetRequiredAndDisable {
   362                 send InitUnledGroupKeyReset;
   363                 go DisableOnInitUnledGroupKeyReset;
   364             }
   365 
   366             on InitUnledGroupKeyReset {
   367                 debug > unled group key reset; new group keys will be elected
   368                 do useOwnResponse;
   369                 send ElectGroupKeyResetLeader;
   370                 go GroupKeyResetElection;
   371             }
   372         }
   373 
   374         state GroupKeyResetElection {
   375             on ElectGroupKeyResetLeader {
   376                 if sameResponse {
   377                     // the first one is from us, we're leading this
   378                     do resetOwnGroupedKeys;
   379                     go Grouped;
   380                 }
   381                 else {
   382                     // the first one is not from us
   383                     go Grouped;
   384                 }
   385             }
   386         }
   387 
   388         state DisableOnInitUnledGroupKeyReset {
   389             on InitUnledGroupKeyReset
   390                 do disable;
   391         }
   392 
   393         // sole device handshaking with group
   394         state HandshakingToJoin {
   395             on Init
   396                 do showJoinGroupHandshake;
   397 
   398             // Cancel is Rollback
   399             on Cancel {
   400                 send Rollback;
   401                 go Sole;
   402             }
   403 
   404             on Rollback {
   405                 if sameNegotiationAndPartner
   406                     go Sole;
   407             }
   408 
   409             // Reject is CommitReject
   410             on Reject {
   411                 send CommitReject;
   412                 do disable;
   413                 go End;
   414             }
   415 
   416             on CommitAcceptForGroup {
   417                 if sameNegotiationAndPartner
   418                     go HandshakingToJoinPhase2;
   419             }
   420 
   421             on CommitReject {
   422                 if sameNegotiationAndPartner {
   423                     do disable;
   424                     go End;
   425                 }
   426             }
   427 
   428             // Accept is Phase1Commit
   429             on Accept {
   430                 do trustThisKey;
   431                 send CommitAccept;
   432                 go HandshakingToJoinPhase1;
   433             }
   434         }
   435 
   436         state HandshakingToJoinPhase1 {
   437             on Rollback {
   438                 if sameNegotiationAndPartner
   439                     go Sole;
   440             }
   441 
   442             on CommitReject {
   443                 if sameNegotiationAndPartner {
   444                     do disable;
   445                     go End;
   446                 }
   447             }
   448 
   449             on CommitAcceptForGroup {
   450                 if sameNegotiationAndPartner
   451                     go JoiningGroup;
   452             }
   453         }
   454 
   455         state HandshakingToJoinPhase2 {
   456             on Cancel {
   457                 send Rollback;
   458                 go Sole;
   459             }
   460 
   461             on Reject {
   462                 send CommitReject;
   463                 do disable;
   464                 go End;
   465             }
   466 
   467             on Accept {
   468                 do trustThisKey;
   469                 send CommitAccept;
   470                 go JoiningGroup;
   471             }
   472         }
   473 
   474         state JoiningGroup {
   475             on GroupKeysForNewMember {
   476                 if sameNegotiationAndPartner {
   477                     do saveGroupKeys;
   478                     do receivedKeysAreDefaultKeys;
   479                     do prepareOwnKeys;
   480                     send GroupKeysAndClose;
   481                     do showDeviceAdded;
   482                     go Grouped;
   483                 }
   484             }
   485         }
   486 
   487         state HandshakingGrouped {
   488             on Init
   489                 do showGroupedHandshake;
   490     
   491             // Cancel is Rollback
   492             on Cancel {
   493                 send Rollback;
   494                 go Grouped;
   495             }
   496 
   497             on Rollback {
   498                 if sameNegotiationAndPartner
   499                     go Grouped;
   500             }
   501 
   502             // Reject is CommitReject
   503             on Reject {
   504                 send CommitReject;
   505                 go Grouped;
   506             }
   507 
   508             on CommitReject {
   509                 if sameNegotiationAndPartner
   510                     go Grouped;
   511             }
   512 
   513             // Accept is Phase1Commit
   514             on Accept {
   515                 do trustThisKey;
   516                 go HandshakingGroupedPhase1;
   517             }
   518 
   519             on CommitAccept {
   520                 if sameNegotiationAndPartner
   521                     go HandshakingGroupedPhase2;
   522             }
   523 
   524             on GroupTrustThisKey {
   525                 if fromGroupMember { // double check
   526                     do trustThisKey;
   527                     if sameNegotiation
   528                         go Grouped;
   529                 }
   530             }
   531 
   532             on GroupKeysUpdate {
   533                 if fromGroupMember // double check
   534                     do saveGroupKeys;
   535             }
   536         }
   537 
   538         state HandshakingGroupedPhase1 {
   539             on Init {
   540                 send GroupTrustThisKey;
   541                 send CommitAcceptForGroup;
   542             }
   543 
   544             on Rollback {
   545                 if sameNegotiationAndPartner
   546                     go Grouped;
   547             }
   548 
   549             on CommitReject {
   550                 if sameNegotiationAndPartner
   551                     go Grouped;
   552             }
   553 
   554             on CommitAccept {
   555                 if sameNegotiationAndPartner {
   556                     do prepareOwnKeys;
   557                     send GroupKeysForNewMember;
   558                     do showDeviceAccepted;
   559                     go Grouped;
   560                 }
   561             }
   562 
   563             on GroupTrustThisKey {
   564                 if fromGroupMember // double check
   565                     do trustThisKey;
   566             }
   567 
   568             on GroupKeysUpdate {
   569                 if fromGroupMember // double check
   570                     do saveGroupKeys;
   571             }
   572 
   573             on GroupKeysAndClose {
   574                 if fromGroupMember { // double check
   575                     do saveGroupKeys;
   576                     go Grouped;
   577                 }
   578             }
   579         }
   580 
   581         state HandshakingGroupedPhase2 {
   582             on Cancel {
   583                 send Rollback;
   584                 go Grouped;
   585             }
   586 
   587             on Reject {
   588                 send CommitReject;
   589                 go Grouped;
   590             }
   591 
   592             on Accept {
   593                 do trustThisKey;
   594                 send GroupTrustThisKey;
   595                 do prepareOwnKeys;
   596                 send GroupKeysForNewMember;
   597                 do showDeviceAccepted;
   598                 go Grouped;
   599             }
   600 
   601             on GroupTrustThisKey {
   602                 if fromGroupMember // double check
   603                     do trustThisKey;
   604             }
   605 
   606             on GroupKeysUpdate {
   607                 if fromGroupMember // double check
   608                     do saveGroupKeys;
   609             }
   610 
   611             on GroupKeysAndClose {
   612                 if fromGroupMember { // double check
   613                     do saveGroupKeys;
   614                     go Grouped;
   615                 }
   616             }
   617         }
   618  
   619         external Accept 129;
   620         external Reject 130;
   621         external Cancel 131;
   622 
   623         // beacons are always broadcasted
   624 
   625         message Beacon 2, type=broadcast, security=unencrypted {
   626             field TID challenge;
   627             auto Version version;
   628         }
   629 
   630         message NegotiationRequest 3, security=untrusted {
   631             field TID challenge;
   632             field TID response;
   633             auto Version version;
   634             field TID negotiation;
   635             field bool is_group;
   636         }
   637 
   638         message NegotiationOpen 4, security=untrusted {
   639             field TID response;
   640             auto Version version;
   641             field TID negotiation;
   642         }
   643 
   644         message Rollback 5, security=untrusted {
   645             field TID negotiation;
   646         }
   647 
   648         message CommitReject 6, security=untrusted {
   649             field TID negotiation;
   650         }
   651 
   652         message CommitAcceptOfferer 7, security=untrusted {
   653             field TID negotiation;
   654         }
   655 
   656         message CommitAcceptRequester 8, security=untrusted {
   657             field TID negotiation;
   658         }
   659 
   660         message CommitAccept 9, security=untrusted {
   661             field TID negotiation;
   662         }
   663 
   664         message CommitAcceptForGroup 10, security=untrusted {
   665             field TID negotiation;
   666         }
   667 
   668         // default: security=truste
   669         // messages are only accepted when coming from the device group
   670         message GroupTrustThisKey 11 {
   671             field Hash key;
   672             field TID negotiation;
   673         }
   674 
   675         // trust in future
   676         message GroupKeysForNewMember 12, security=attach_own_keys_for_new_member {
   677             field IdentityList ownIdentities;
   678         }
   679 
   680         message GroupKeysAndClose 13, security=attach_own_keys_for_new_member {
   681             field IdentityList ownIdentities;
   682         }
   683 
   684         message OwnKeysOfferer 14, security=attach_own_keys_for_new_member {
   685             field IdentityList ownIdentities;
   686         }
   687 
   688         message OwnKeysRequester 15, security=attach_own_keys_for_new_member {
   689             field IdentityList ownIdentities;
   690         }
   691 
   692         // grouped handshake
   693         message NegotiationRequestGrouped 16, security=untrusted {
   694             field TID challenge;
   695             field TID response;
   696             auto Version version;
   697             field TID negotiation;
   698             field bool is_group;
   699         }
   700 
   701         message GroupHandshake 17 {
   702             field TID negotiation;
   703             field Hash key;
   704         }
   705 
   706         // update group
   707         message GroupKeysUpdate 18, security=attach_own_keys_for_group {
   708             field IdentityList ownIdentities;
   709         }
   710 
   711         // initiate unled group key reset
   712         message InitUnledGroupKeyReset 19 {
   713         }
   714 
   715         message ElectGroupKeyResetLeader 20 {
   716             field TID response;
   717         }
   718     }
   719 }
   720