rework unled GroupKeyReset sync
authorVolker Birk <vb@pep-project.org>
Thu, 16 Jan 2020 22:30:34 +0100
branchsync
changeset 4341463e41a622dc
parent 4340 7f1a81347f7c
child 4342 2d2f2c74ca08
rework unled GroupKeyReset
sync/cond_act_sync.yml2
sync/sync.fsm
     1.1 --- a/sync/cond_act_sync.yml2	Thu Jan 16 16:38:02 2020 +0100
     1.2 +++ b/sync/cond_act_sync.yml2	Thu Jan 16 22:30:34 2020 +0100
     1.3 @@ -102,11 +102,6 @@
     1.4      free_identity(me);
     1.5  ||
     1.6  
     1.7 -condition isLedGroupKeyReset
     1.8 -||
     1.9 -    *result = session->sync_state.keysync.led;
    1.10 -||
    1.11 -
    1.12  // action: PEP_STATUS «@name»(PEP_SESSION session)
    1.13  
    1.14  function "new_UUID" {
    1.15 @@ -607,13 +602,3 @@
    1.16  ||
    1.17      disable_sync(session);
    1.18  ||
    1.19 -
    1.20 -action ledGroupKeyReset
    1.21 -||
    1.22 -    session->sync_state.keysync.led = true;
    1.23 -||
    1.24 -
    1.25 -action unledGroupKeyReset
    1.26 -||
    1.27 -    session->sync_state.keysync.led = false;
    1.28 -||
     2.1 --- a/sync/sync.fsm	Thu Jan 16 16:38:02 2020 +0100
     2.2 +++ b/sync/sync.fsm	Thu Jan 16 22:30:34 2020 +0100
     2.3 @@ -65,6 +65,7 @@
     2.4                  if sameChallenge { // challenge accepted
     2.5                      do storeNegotiation;
     2.6                      // offerer is accepting by confirming NegotiationOpen
     2.7 +                    // repeating response is implicit
     2.8                      send NegotiationOpen;
     2.9                      go HandshakingOfferer;
    2.10                  }
    2.11 @@ -75,6 +76,7 @@
    2.12                  if sameChallenge { // challenge accepted
    2.13                      do storeNegotiation;
    2.14                      // offerer is accepting by confirming NegotiationOpen
    2.15 +                    // repeating response is implicit
    2.16                      send NegotiationOpen;
    2.17                      go HandshakingToJoin;
    2.18                  }
    2.19 @@ -103,8 +105,10 @@
    2.20                  go Sole;
    2.21              }
    2.22  
    2.23 -            on Rollback if sameNegotiationAndPartner
    2.24 -                go Sole;
    2.25 +            on Rollback {
    2.26 +                if sameNegotiationAndPartner
    2.27 +                    go Sole;
    2.28 +            }
    2.29  
    2.30              // Reject is CommitReject
    2.31              on Reject {
    2.32 @@ -113,9 +117,11 @@
    2.33                  go End;
    2.34              }
    2.35  
    2.36 -            on CommitReject if sameNegotiationAndPartner {
    2.37 -                do disable;
    2.38 -                go End;
    2.39 +            on CommitReject {
    2.40 +                if sameNegotiationAndPartner {
    2.41 +                    do disable;
    2.42 +                    go End;
    2.43 +                }
    2.44              }
    2.45  
    2.46              // Accept means init Phase1Commit
    2.47 @@ -126,8 +132,10 @@
    2.48              }
    2.49  
    2.50              // got a CommitAccept from requester
    2.51 -            on CommitAcceptRequester if sameNegotiationAndPartner
    2.52 -                go HandshakingPhase2Offerer;
    2.53 +            on CommitAcceptRequester {
    2.54 +                if sameNegotiationAndPartner
    2.55 +                    go HandshakingPhase2Offerer;
    2.56 +            }
    2.57          }
    2.58  
    2.59          // handshaking without existing Device group
    2.60 @@ -141,8 +149,10 @@
    2.61                  go Sole;
    2.62              }
    2.63  
    2.64 -            on Rollback if sameNegotiationAndPartner
    2.65 -                go Sole;
    2.66 +            on Rollback {
    2.67 +                if sameNegotiationAndPartner
    2.68 +                    go Sole;
    2.69 +            }
    2.70  
    2.71              // Reject is CommitReject
    2.72              on Reject {
    2.73 @@ -151,9 +161,11 @@
    2.74                  go End;
    2.75              }
    2.76  
    2.77 -            on CommitReject if sameNegotiationAndPartner {
    2.78 -                do disable;
    2.79 -                go End;
    2.80 +            on CommitReject {
    2.81 +                if sameNegotiationAndPartner {
    2.82 +                    do disable;
    2.83 +                    go End;
    2.84 +                }
    2.85              }
    2.86  
    2.87              // Accept means init Phase1Commit
    2.88 @@ -164,41 +176,53 @@
    2.89              }
    2.90  
    2.91              // got a CommitAccept from offerer
    2.92 -            on CommitAcceptOfferer if sameNegotiationAndPartner
    2.93 -                go HandshakingPhase2Requester;
    2.94 +            on CommitAcceptOfferer {
    2.95 +                if sameNegotiationAndPartner
    2.96 +                    go HandshakingPhase2Requester;
    2.97 +            }
    2.98          }
    2.99  
   2.100          state HandshakingPhase1Offerer {
   2.101 -            on Rollback if sameNegotiationAndPartner {
   2.102 -                do untrustThisKey;
   2.103 -                go Sole;
   2.104 +            on Rollback {
   2.105 +                if sameNegotiationAndPartner {
   2.106 +                    do untrustThisKey;
   2.107 +                    go Sole;
   2.108 +                }
   2.109              }
   2.110              
   2.111 -            on CommitReject if sameNegotiationAndPartner {
   2.112 -                do untrustThisKey;
   2.113 -                do disable;
   2.114 -                go End;
   2.115 +            on CommitReject {
   2.116 +                if sameNegotiationAndPartner {
   2.117 +                    do untrustThisKey;
   2.118 +                    do disable;
   2.119 +                    go End;
   2.120 +                }
   2.121              }
   2.122  
   2.123 -            on CommitAcceptRequester if sameNegotiationAndPartner {
   2.124 -                go FormingGroupOfferer;
   2.125 +            on CommitAcceptRequester {
   2.126 +                if sameNegotiationAndPartner
   2.127 +                    go FormingGroupOfferer;
   2.128              }
   2.129          }
   2.130  
   2.131          state HandshakingPhase1Requester {
   2.132 -            on Rollback if sameNegotiationAndPartner {
   2.133 -                do untrustThisKey;
   2.134 -                go Sole;
   2.135 +            on Rollback {
   2.136 +                if sameNegotiationAndPartner {
   2.137 +                    do untrustThisKey;
   2.138 +                    go Sole;
   2.139 +                }
   2.140              }
   2.141              
   2.142 -            on CommitReject if sameNegotiationAndPartner {
   2.143 -                do untrustThisKey;
   2.144 -                do disable;
   2.145 -                go End;
   2.146 +            on CommitReject {
   2.147 +                if sameNegotiationAndPartner {
   2.148 +                    do untrustThisKey;
   2.149 +                    do disable;
   2.150 +                    go End;
   2.151 +                }
   2.152              }
   2.153  
   2.154 -            on CommitAcceptOfferer if sameNegotiationAndPartner {
   2.155 -                go FormingGroupRequester;
   2.156 +            on CommitAcceptOfferer {
   2.157 +                if sameNegotiationAndPartner
   2.158 +                    go FormingGroupRequester;
   2.159              }
   2.160          }
   2.161  
   2.162 @@ -243,7 +267,8 @@
   2.163          state FormingGroupOfferer {
   2.164              on Init {
   2.165                  do prepareOwnKeys;
   2.166 -                send OwnKeysOfferer; debug > we're not grouped yet, this is our own keys
   2.167 +                send OwnKeysOfferer;
   2.168 +                debug > we're not grouped yet, this is our own keys
   2.169              }
   2.170  
   2.171              on Cancel {
   2.172 @@ -254,11 +279,13 @@
   2.173              on Rollback
   2.174                  go Sole;
   2.175  
   2.176 -            on OwnKeysRequester if sameNegotiationAndPartner {
   2.177 -                do saveGroupKeys;
   2.178 -                do receivedKeysAreDefaultKeys;
   2.179 -                do showGroupCreated;
   2.180 -                go Grouped;
   2.181 +            on OwnKeysRequester {
   2.182 +                if sameNegotiationAndPartner {
   2.183 +                    do saveGroupKeys;
   2.184 +                    do receivedKeysAreDefaultKeys;
   2.185 +                    do showGroupCreated;
   2.186 +                    go Grouped;
   2.187 +                }
   2.188              }
   2.189          }
   2.190  
   2.191 @@ -271,13 +298,15 @@
   2.192              on Rollback
   2.193                  go Sole;
   2.194  
   2.195 -            on OwnKeysOfferer if sameNegotiationAndPartner {
   2.196 -                do saveGroupKeys;
   2.197 -                do prepareOwnKeys;
   2.198 -                do ownKeysAreDefaultKeys;
   2.199 -                send OwnKeysRequester;
   2.200 -                do showGroupCreated;
   2.201 -                go Grouped;
   2.202 +            on OwnKeysOfferer {
   2.203 +                if sameNegotiationAndPartner {
   2.204 +                    do saveGroupKeys;
   2.205 +                    do prepareOwnKeys;
   2.206 +                    do ownKeysAreDefaultKeys;
   2.207 +                    send OwnKeysRequester;
   2.208 +                    do showGroupCreated;
   2.209 +                    go Grouped;
   2.210 +                }
   2.211              }
   2.212          }
   2.213  
   2.214 @@ -287,8 +316,10 @@
   2.215                  do showBeingInGroup;
   2.216              }
   2.217  
   2.218 -            on GroupKeysUpdate if fromGroupMember // double check
   2.219 -                do saveGroupKeys;
   2.220 +            on GroupKeysUpdate {
   2.221 +                if fromGroupMember // double check
   2.222 +                    do saveGroupKeys;
   2.223 +            }
   2.224  
   2.225              on KeyGen {
   2.226                  do prepareOwnKeys;
   2.227 @@ -302,11 +333,13 @@
   2.228                  do useOwnChallenge;
   2.229              }
   2.230  
   2.231 -            on NegotiationOpen if sameNegotiationAndPartner {
   2.232 -                do storeNegotiation;
   2.233 -                do useThisKey;
   2.234 -                send GroupHandshake;
   2.235 -                go HandshakingGrouped;
   2.236 +            on NegotiationOpen {
   2.237 +                if sameNegotiationAndPartner {
   2.238 +                    do storeNegotiation;
   2.239 +                    do useThisKey;
   2.240 +                    send GroupHandshake;
   2.241 +                    go HandshakingGrouped;
   2.242 +                }
   2.243              }
   2.244  
   2.245              on GroupHandshake {
   2.246 @@ -315,13 +348,13 @@
   2.247                  go HandshakingGrouped;
   2.248              }
   2.249  
   2.250 -            on GroupTrustThisKey if fromGroupMember // double check
   2.251 -                do trustThisKey;
   2.252 +            on GroupTrustThisKey {
   2.253 +                if fromGroupMember // double check
   2.254 +                    do trustThisKey;
   2.255 +            }
   2.256  
   2.257 -            on GroupKeyResetRequired {
   2.258 -                do ledGroupKeyReset;
   2.259 +            on GroupKeyResetRequired
   2.260                  send GroupKeyReset;
   2.261 -            }
   2.262  
   2.263              // this is for a leaving group member
   2.264              on GroupKeyResetRequiredAndDisable {
   2.265 @@ -331,27 +364,37 @@
   2.266  
   2.267              on InitUnledGroupKeyReset {
   2.268                  debug > unled group key reset; new group keys will be elected
   2.269 -                do unledGroupKeyReset;
   2.270 -                send GroupKeyReset;
   2.271 +                do useOwnResponse;
   2.272 +                send ElectGroupKeyResetLeader;
   2.273 +                go WaitForGroupKeyReset;
   2.274              }
   2.275  
   2.276 -            on GroupKeyReset if fromGroupMember { // double check
   2.277 -                do saveGroupKeys;
   2.278 -                if isLedGroupKeyReset {
   2.279 -                    debug > led group key reset is executed without questions
   2.280 +            on GroupKeyReset {
   2.281 +                if fromGroupMember { // double check
   2.282 +                    do saveGroupKeys;
   2.283                      do receivedKeysAreDefaultKeys;
   2.284                  }
   2.285 +            }
   2.286 +        }
   2.287 +
   2.288 +        state WaitForGroupKeyReset {
   2.289 +            on ElectGroupKeyResetLeader {
   2.290 +                if sameResponse {
   2.291 +                    send GroupKeyReset;
   2.292 +                    go Grouped;
   2.293 +                }
   2.294                  else {
   2.295 -                    debug > unled group key reset; election takes place
   2.296 -                    if keyElectionWon {
   2.297 -                        // this is already the case:
   2.298 -                        // do ownKeysAreDefaultKeys;
   2.299 -                    }
   2.300 -                    else {
   2.301 -                        do receivedKeysAreDefaultKeys;
   2.302 -                    }
   2.303 +                    go Grouped;
   2.304                  }
   2.305              }
   2.306 +
   2.307 +            on GroupKeyReset {
   2.308 +                if fromGroupMember { // double check
   2.309 +                    do saveGroupKeys;
   2.310 +                    do receivedKeysAreDefaultKeys;
   2.311 +                }
   2.312 +                go Grouped;
   2.313 +            }
   2.314          }
   2.315  
   2.316          state DisableOnInitUnledGroupKeyReset {
   2.317 @@ -370,8 +413,10 @@
   2.318                  go Sole;
   2.319              }
   2.320  
   2.321 -            on Rollback if sameNegotiationAndPartner
   2.322 -                go Sole;
   2.323 +            on Rollback {
   2.324 +                if sameNegotiationAndPartner
   2.325 +                    go Sole;
   2.326 +            }
   2.327  
   2.328              // Reject is CommitReject
   2.329              on Reject {
   2.330 @@ -380,12 +425,16 @@
   2.331                  go End;
   2.332              }
   2.333  
   2.334 -            on CommitAcceptForGroup if sameNegotiationAndPartner
   2.335 -                go HandshakingToJoinPhase2;
   2.336 +            on CommitAcceptForGroup {
   2.337 +                if sameNegotiationAndPartner
   2.338 +                    go HandshakingToJoinPhase2;
   2.339 +            }
   2.340  
   2.341 -            on CommitReject if sameNegotiationAndPartner {
   2.342 -                do disable;
   2.343 -                go End;
   2.344 +            on CommitReject {
   2.345 +                if sameNegotiationAndPartner {
   2.346 +                    do disable;
   2.347 +                    go End;
   2.348 +                }
   2.349              }
   2.350  
   2.351              // Accept is Phase1Commit
   2.352 @@ -397,16 +446,22 @@
   2.353          }
   2.354  
   2.355          state HandshakingToJoinPhase1 {
   2.356 -            on Rollback if sameNegotiationAndPartner
   2.357 -                go Sole;
   2.358 -            
   2.359 -            on CommitReject if sameNegotiationAndPartner {
   2.360 -                do disable;
   2.361 -                go End;
   2.362 +            on Rollback {
   2.363 +                if sameNegotiationAndPartner
   2.364 +                    go Sole;
   2.365              }
   2.366  
   2.367 -            on CommitAcceptForGroup if sameNegotiationAndPartner
   2.368 -                go JoiningGroup;
   2.369 +            on CommitReject {
   2.370 +                if sameNegotiationAndPartner {
   2.371 +                    do disable;
   2.372 +                    go End;
   2.373 +                }
   2.374 +            }
   2.375 +
   2.376 +            on CommitAcceptForGroup {
   2.377 +                if sameNegotiationAndPartner
   2.378 +                    go JoiningGroup;
   2.379 +            }
   2.380          }
   2.381  
   2.382          state HandshakingToJoinPhase2 {
   2.383 @@ -429,13 +484,15 @@
   2.384          }
   2.385  
   2.386          state JoiningGroup {
   2.387 -            on GroupKeysForNewMember if sameNegotiationAndPartner {
   2.388 -                do saveGroupKeys;
   2.389 -                do receivedKeysAreDefaultKeys;
   2.390 -                do prepareOwnKeys;
   2.391 -                send GroupKeysAndClose;
   2.392 -                do showDeviceAdded;
   2.393 -                go Grouped;
   2.394 +            on GroupKeysForNewMember {
   2.395 +                if sameNegotiationAndPartner {
   2.396 +                    do saveGroupKeys;
   2.397 +                    do receivedKeysAreDefaultKeys;
   2.398 +                    do prepareOwnKeys;
   2.399 +                    send GroupKeysAndClose;
   2.400 +                    do showDeviceAdded;
   2.401 +                    go Grouped;
   2.402 +                }
   2.403              }
   2.404          }
   2.405  
   2.406 @@ -449,8 +506,10 @@
   2.407                  go Grouped;
   2.408              }
   2.409  
   2.410 -            on Rollback if sameNegotiationAndPartner
   2.411 -                go Grouped;
   2.412 +            on Rollback {
   2.413 +                if sameNegotiationAndPartner
   2.414 +                    go Grouped;
   2.415 +            }
   2.416  
   2.417              // Reject is CommitReject
   2.418              on Reject {
   2.419 @@ -458,8 +517,10 @@
   2.420                  go Grouped;
   2.421              }
   2.422  
   2.423 -            on CommitReject if sameNegotiationAndPartner
   2.424 -                go Grouped;
   2.425 +            on CommitReject {
   2.426 +                if sameNegotiationAndPartner
   2.427 +                    go Grouped;
   2.428 +            }
   2.429  
   2.430              // Accept is Phase1Commit
   2.431              on Accept {
   2.432 @@ -467,17 +528,23 @@
   2.433                  go HandshakingGroupedPhase1;
   2.434              }
   2.435  
   2.436 -            on CommitAccept if sameNegotiationAndPartner
   2.437 -                go HandshakingGroupedPhase2;
   2.438 -
   2.439 -            on GroupTrustThisKey if fromGroupMember { // double check
   2.440 -                do trustThisKey;
   2.441 -                if sameNegotiation
   2.442 -                    go Grouped;
   2.443 +            on CommitAccept {
   2.444 +                if sameNegotiationAndPartner
   2.445 +                    go HandshakingGroupedPhase2;
   2.446              }
   2.447  
   2.448 -            on GroupKeysUpdate if fromGroupMember // double check
   2.449 -                do saveGroupKeys;
   2.450 +            on GroupTrustThisKey {
   2.451 +                if fromGroupMember { // double check
   2.452 +                    do trustThisKey;
   2.453 +                    if sameNegotiation
   2.454 +                        go Grouped;
   2.455 +                }
   2.456 +            }
   2.457 +
   2.458 +            on GroupKeysUpdate {
   2.459 +                if fromGroupMember // double check
   2.460 +                    do saveGroupKeys;
   2.461 +            }
   2.462          }
   2.463  
   2.464          state HandshakingGroupedPhase1 {
   2.465 @@ -486,28 +553,40 @@
   2.466                  send CommitAcceptForGroup;
   2.467              }
   2.468  
   2.469 -            on Rollback if sameNegotiationAndPartner
   2.470 -                go Grouped;
   2.471 -
   2.472 -            on CommitReject if sameNegotiationAndPartner
   2.473 -                go Grouped;
   2.474 -
   2.475 -            on CommitAccept if sameNegotiationAndPartner {
   2.476 -                do prepareOwnKeys;
   2.477 -                send GroupKeysForNewMember;
   2.478 -                do showDeviceAccepted;
   2.479 -                go Grouped;
   2.480 +            on Rollback {
   2.481 +                if sameNegotiationAndPartner
   2.482 +                    go Grouped;
   2.483              }
   2.484  
   2.485 -            on GroupTrustThisKey if fromGroupMember // double check
   2.486 -                do trustThisKey;
   2.487 +            on CommitReject {
   2.488 +                if sameNegotiationAndPartner
   2.489 +                    go Grouped;
   2.490 +            }
   2.491  
   2.492 -            on GroupKeysUpdate if fromGroupMember // double check
   2.493 -                do saveGroupKeys;
   2.494 -            
   2.495 -            on GroupKeysAndClose if fromGroupMember { // double check
   2.496 -                do saveGroupKeys;
   2.497 -                go Grouped;
   2.498 +            on CommitAccept {
   2.499 +                if sameNegotiationAndPartner {
   2.500 +                    do prepareOwnKeys;
   2.501 +                    send GroupKeysForNewMember;
   2.502 +                    do showDeviceAccepted;
   2.503 +                    go Grouped;
   2.504 +                }
   2.505 +            }
   2.506 +
   2.507 +            on GroupTrustThisKey {
   2.508 +                if fromGroupMember // double check
   2.509 +                    do trustThisKey;
   2.510 +            }
   2.511 +
   2.512 +            on GroupKeysUpdate {
   2.513 +                if fromGroupMember // double check
   2.514 +                    do saveGroupKeys;
   2.515 +            }
   2.516 +
   2.517 +            on GroupKeysAndClose {
   2.518 +                if fromGroupMember { // double check
   2.519 +                    do saveGroupKeys;
   2.520 +                    go Grouped;
   2.521 +                }
   2.522              }
   2.523          }
   2.524  
   2.525 @@ -531,15 +610,21 @@
   2.526                  go Grouped;
   2.527              }
   2.528  
   2.529 -            on GroupTrustThisKey if fromGroupMember // double check
   2.530 -                do trustThisKey;
   2.531 +            on GroupTrustThisKey {
   2.532 +                if fromGroupMember // double check
   2.533 +                    do trustThisKey;
   2.534 +            }
   2.535  
   2.536 -            on GroupKeysUpdate if fromGroupMember // double check
   2.537 -                do saveGroupKeys;
   2.538 -            
   2.539 -            on GroupKeysAndClose if fromGroupMember { // double check
   2.540 -                do saveGroupKeys;
   2.541 -                go Grouped;
   2.542 +            on GroupKeysUpdate {
   2.543 +                if fromGroupMember // double check
   2.544 +                    do saveGroupKeys;
   2.545 +            }
   2.546 +
   2.547 +            on GroupKeysAndClose {
   2.548 +                if fromGroupMember { // double check
   2.549 +                    do saveGroupKeys;
   2.550 +                    go Grouped;
   2.551 +                }
   2.552              }
   2.553          }
   2.554   
   2.555 @@ -619,6 +704,7 @@
   2.556          // grouped handshake
   2.557          message NegotiationRequestGrouped 16, security=untrusted {
   2.558              field TID challenge;
   2.559 +            field TID response;
   2.560              auto Version version;
   2.561              field TID negotiation;
   2.562              field bool is_group;
   2.563 @@ -638,12 +724,14 @@
   2.564          message InitUnledGroupKeyReset 19 {
   2.565          }
   2.566  
   2.567 -        message GroupKeyReset 20, security=attach_own_keys_for_group {
   2.568 -            field TID challenge;
   2.569 +        message ElectGroupKeyResetLeader 20 {
   2.570 +            field TID response;
   2.571 +        }
   2.572 +
   2.573 +        message GroupKeyReset 21, security=attach_own_keys_for_group {
   2.574              // set this flag for led group key reset; delivered group keys will
   2.575              // be accepted by all group members; if not set group keys will be
   2.576              // elected
   2.577 -            field bool led;
   2.578              field IdentityList ownIdentities;
   2.579          }
   2.580      }