until Grouped sync
authorVolker Birk <vb@pep-project.org>
Sun, 14 Apr 2019 13:04:34 +0200
branchsync
changeset 3518673f89ac1def
parent 3517 157a9616132a
child 3519 2b360f5f1d30
until Grouped
sync/cond_act_sync.yml2
sync/gen_statemachine.ysl2
sync/sync.fsm
     1.1 --- a/sync/cond_act_sync.yml2	Sun Apr 14 11:09:11 2019 +0200
     1.2 +++ b/sync/cond_act_sync.yml2	Sun Apr 14 13:04:34 2019 +0200
     1.3 @@ -266,5 +266,15 @@
     1.4          return status;
     1.5  ||
     1.6  
     1.7 +action tellWeAreGrouped
     1.8 +||
     1.9 +    session->sync_state.keysync.is_group = true;
    1.10 +||
    1.11 +
    1.12 +action tellWeAreNotGrouped
    1.13 +||
    1.14 +    session->sync_state.keysync.is_group = false;
    1.15 +||
    1.16 +
    1.17  action disable;
    1.18  
     2.1 --- a/sync/gen_statemachine.ysl2	Sun Apr 14 11:09:11 2019 +0200
     2.2 +++ b/sync/gen_statemachine.ysl2	Sun Apr 14 13:04:34 2019 +0200
     2.3 @@ -690,50 +690,44 @@
     2.4          case «../@name»_PR_«yml:lcase(@name)»:
     2.5              switch (msg->choice.«yml:lcase(@name)».present) {
     2.6          ||
     2.7 -        if "message[@security='unencrypted']" {
     2.8 -            |>> // these messages require a detached signature
     2.9 -            for "message[@security='unencrypted']" {
    2.10 -            ||
    2.11 -                    case «../@name»_PR_«yml:mixedCase(@name)»:
    2.12 -                        if (!signature_fpr) {
    2.13 -                            status = PEP_«yml:ucase(ancestor::protocol/@name)»_ILLEGAL_MESSAGE;
    2.14 -                            goto the_end;
    2.15 -                        }
    2.16 -                        event = «@name»;
    2.17 -                        break;
    2.18 +        for "message[@security='unencrypted']" {
    2.19 +        if "position()=1" |>> // these messages require a detached signature
    2.20 +        ||
    2.21 +                case «../@name»_PR_«yml:mixedCase(@name)»:
    2.22 +                    if (!signature_fpr) {
    2.23 +                        status = PEP_«yml:ucase(ancestor::protocol/@name)»_ILLEGAL_MESSAGE;
    2.24 +                        goto the_end;
    2.25 +                    }
    2.26 +                    event = «@name»;
    2.27 +                    break;
    2.28  
    2.29 -            ||
    2.30 -            }
    2.31 +        ||
    2.32          }
    2.33 -        if "message[@security='untrusted']" {
    2.34 -            |>> // these messages must arrive encrypted
    2.35 -            for "message[@security='untrusted']" {
    2.36 -            ||
    2.37 -                    case «../@name»_PR_«yml:mixedCase(@name)»:
    2.38 -                        if (rating < PEP_rating_reliable) {
    2.39 -                            status = PEP_«yml:ucase(ancestor::protocol/@name)»_ILLEGAL_MESSAGE;
    2.40 -                            goto the_end;
    2.41 -                        }
    2.42 -                        event = «@name»;
    2.43 -                        break;
    2.44 +        for "message[@security='untrusted']" {
    2.45 +        if "position()=1" |>> // these messages must arrive encrypted
    2.46 +        ||
    2.47 +                case «../@name»_PR_«yml:mixedCase(@name)»:
    2.48 +                    if (rating < PEP_rating_reliable) {
    2.49 +                        status = PEP_«yml:ucase(ancestor::protocol/@name)»_ILLEGAL_MESSAGE;
    2.50 +                        goto the_end;
    2.51 +                    }
    2.52 +                    event = «@name»;
    2.53 +                    break;
    2.54  
    2.55 -            ||
    2.56 -            }
    2.57 +        ||
    2.58          }
    2.59 -        if "message[@security='trusted']" {
    2.60 -            |>> // these messages must come through a trusted channel
    2.61 -            for "message[@security='trusted']" {
    2.62 -            ||
    2.63 -                    case «../@name»_PR_«yml:mixedCase(@name)»:
    2.64 -                        if (rating < PEP_rating_trusted) {
    2.65 -                            status = PEP_«yml:ucase(ancestor::protocol/@name)»_ILLEGAL_MESSAGE;
    2.66 -                            goto the_end;
    2.67 -                        }
    2.68 -                        event = «@name»;
    2.69 -                        break;
    2.70 +        for "message[@security!='unencrypted' and @security!='untrusted']" {
    2.71 +        if "position()=1" |>> // these messages must come through a trusted channel
    2.72 +        ||
    2.73 +                case «../@name»_PR_«yml:mixedCase(@name)»:
    2.74 +                    if (rating < PEP_rating_trusted) {
    2.75 +                        status = PEP_«yml:ucase(ancestor::protocol/@name)»_ILLEGAL_MESSAGE;
    2.76 +                        goto the_end;
    2.77 +                    }
    2.78 +                    event = «@name»;
    2.79 +                    break;
    2.80  
    2.81 -            ||
    2.82 -            }
    2.83 +        ||
    2.84          }
    2.85          ||
    2.86                  default:
     3.1 --- a/sync/sync.fsm	Sun Apr 14 11:09:11 2019 +0200
     3.2 +++ b/sync/sync.fsm	Sun Apr 14 13:04:34 2019 +0200
     3.3 @@ -46,6 +46,7 @@
     3.4                          do storeChallenge; // partner's challenge
     3.5                          do openTransaction; // NOP if transaction already open
     3.6                          do storeTransaction;
     3.7 +                        do tellWeAreNotGrouped;
     3.8                          // second is sending HandshakeRequest
     3.9                          send HandshakeRequest;
    3.10                      }
    3.11 @@ -232,7 +233,7 @@
    3.12                  send GroupKeysAndClose; // we're not grouped yet, this is our own keys
    3.13              }
    3.14  
    3.15 -            on GroupKeys if sameTransaction {
    3.16 +            on GroupKeys {
    3.17                  if keyElectionWon
    3.18                      do ownKeysAreGroupKeys;
    3.19                  else
    3.20 @@ -241,6 +242,28 @@
    3.21              }
    3.22          }
    3.23  
    3.24 +        state Grouped timeout=off {
    3.25 +            on Init
    3.26 +                do closeTransaction;
    3.27 +
    3.28 +            on GroupKeys
    3.29 +                do saveGroupKeys;
    3.30 +
    3.31 +            on KeyGen
    3.32 +                send GroupKeys;
    3.33 +
    3.34 +            on Beacon {
    3.35 +                do storeChallenge;
    3.36 +                do openTransaction;
    3.37 +                do storeTransaction;
    3.38 +                do tellWeAreGrouped;
    3.39 +                send HandshakeRequest;
    3.40 +            }
    3.41 +
    3.42 +            on HandshakeAnswer if sameTransaction
    3.43 +                go HandshakingGrouped;
    3.44 +        }
    3.45 +
    3.46          state HandshakingWithGroup {
    3.47              on Init
    3.48                  do showJoinGroupHandshake;
    3.49 @@ -324,20 +347,6 @@
    3.50              }
    3.51          }
    3.52  
    3.53 -        state Grouped timeout=off {
    3.54 -            on GroupKeys
    3.55 -                do saveGroupKeys;
    3.56 -
    3.57 -            on KeyGen
    3.58 -                send GroupKeys;
    3.59 -
    3.60 -            on Beacon
    3.61 -                send HandshakeRequest;
    3.62 -
    3.63 -            on HandshakeAnswer
    3.64 -                go HandshakingGrouped;
    3.65 -        }
    3.66 -
    3.67          state HandshakingGrouped {
    3.68              on Init
    3.69                  do showGroupedHandshake;