Sender fpr checks are in, but we broke reencrypt tests. so need to check. still buggy, no tests. sender-fpr-checks
authorKrista 'DarthMama' Bennett <krista@pep.foundation>
Wed, 04 Sep 2019 17:34:44 +0200
branchsender-fpr-checks
changeset 40470960c85f3264
parent 4046 5374196b515e
child 4048 1b987bcd8efe
Sender fpr checks are in, but we broke reencrypt tests. so need to check. still buggy, no tests.
src/message_api.c
sync/gen_statemachine.ysl2
     1.1 --- a/src/message_api.c	Mon Sep 02 20:53:32 2019 +0200
     1.2 +++ b/src/message_api.c	Wed Sep 04 17:34:44 2019 +0200
     1.3 @@ -3983,8 +3983,19 @@
     1.4              }            
     1.5          }
     1.6      }
     1.7 +    
     1.8 +    // Double-check for message 2.1:
     1.9 +    if (major_ver > 2 || (major_ver == 2 && minor_ver > 0)) {
    1.10 +        if (EMPTYSTR((*dst)->_sender_fpr) || 
    1.11 +           (!EMPTYSTR(_keylist->value) && (strcasecmp((*dst)->_sender_fpr, _keylist->value) != 0))) {
    1.12 +            if (decrypt_status == PEP_DECRYPTED_AND_VERIFIED)
    1.13 +                decrypt_status = PEP_DECRYPTED;
    1.14 +            if (*rating > PEP_rating_unreliable)
    1.15 +                *rating = PEP_rating_unreliable;
    1.16 +        }
    1.17 +    }
    1.18          
    1.19 -    if(decrypt_status == PEP_DECRYPTED_AND_VERIFIED)
    1.20 +    if (decrypt_status == PEP_DECRYPTED_AND_VERIFIED)
    1.21          return PEP_STATUS_OK;
    1.22      else
    1.23          return decrypt_status;
    1.24 @@ -4027,20 +4038,24 @@
    1.25  
    1.26      message *msg = *dst ? *dst : src;
    1.27  
    1.28 -    if (session->inject_sync_event && msg && msg->from &&
    1.29 -            !(*flags & PEP_decrypt_flag_dont_trigger_sync)) {
    1.30 -        size_t size;
    1.31 -        const char *data;
    1.32 -        char *sender_fpr = NULL;
    1.33 -        PEP_STATUS tmpstatus = base_extract_message(session, msg, &size, &data, &sender_fpr);
    1.34 -        if (!tmpstatus && size && data) {
    1.35 -            if (sender_fpr)
    1.36 -                signal_Sync_message(session, *rating, data, size, msg->from, sender_fpr);
    1.37 -            // FIXME: this must be changed to sender_fpr
    1.38 -            else if (*keylist)
    1.39 -                signal_Sync_message(session, *rating, data, size, msg->from, (*keylist)->value);
    1.40 +    if (status == PEP_UNENCRYPTED || status == PEP_DECRYPTED_AND_VERIFIED) {
    1.41 +        if (session->inject_sync_event && msg && msg->from &&
    1.42 +                !(*flags & PEP_decrypt_flag_dont_trigger_sync)) {
    1.43 +            size_t size;
    1.44 +            const char *data;
    1.45 +            char *sender_fpr = NULL;
    1.46 +            
    1.47 +            PEP_STATUS tmpstatus = base_extract_message(session, msg, &size, &data, &sender_fpr);
    1.48 +            if (!tmpstatus && size && data) {
    1.49 +                const char* event_sender_fpr = ((*dst)->_sender_fpr ? (*dst)->_sender_fpr : sender_fpr);
    1.50 +                // FIXME - I don't think this is OK anymore. We either have a signed beacon or a properly encrypted/signed 2.1 message
    1.51 +                // if ((!event_sender_fpr) && *keylist)
    1.52 +                //     event_sender_fpr = (*keylist)->value;
    1.53 +                if (event_sender_fpr)
    1.54 +                    signal_Sync_message(session, *rating, data, size, msg->from, event_sender_fpr);
    1.55 +            }
    1.56 +            free(sender_fpr);
    1.57          }
    1.58 -        free(sender_fpr);
    1.59      }
    1.60  
    1.61      return status;
     2.1 --- a/sync/gen_statemachine.ysl2	Mon Sep 02 20:53:32 2019 +0200
     2.2 +++ b/sync/gen_statemachine.ysl2	Wed Sep 04 17:34:44 2019 +0200
     2.3 @@ -820,6 +820,23 @@
     2.4                  if (ev->sender_fpr) {
     2.5                      free(session->«yml:lcase(@name)»_state.transport.sender_fpr);
     2.6                      session->«yml:lcase(@name)»_state.transport.sender_fpr = ev->sender_fpr;
     2.7 +                    
     2.8 +                    // Check against saved comm_partner sender_fpr state, if there is one yet
     2.9 +                    if (session->«yml:lcase(@name)»_state.comm_partner.sender_fpr) {
    2.10 +                        // 1. Does it match sender_fpr?
    2.11 +                        if (strcasecmp(session->«yml:lcase(@name)»_state.comm_partner.sender_fpr, ev->sender_fpr) != 0) {
    2.12 +                            // 2. If not, is it a group key?
    2.13 +                            bool is_own_key = false;
    2.14 +                            status = own_key_is_listed(session, ev->sender_fpr, &is_own_key);
    2.15 +                            if (status)
    2.16 +                                goto the_end;
    2.17 +                            if (!is_own_key) {
    2.18 +                                status = PEP_ILLEGAL_VALUE;
    2.19 +                                goto the_end;
    2.20 +                            }    
    2.21 +                        }
    2.22 +                    }
    2.23 +                                                            
    2.24                      ev->sender_fpr = NULL;
    2.25                  }
    2.26  
    2.27 @@ -831,6 +848,7 @@
    2.28                      ev->own_identities = NULL;
    2.29                  }
    2.30  
    2.31 +                
    2.32                  status = «@name»_driver(session, fsm, event);
    2.33  
    2.34              the_end: