more security sync
authorVolker Birk <vb@pep-project.org>
Fri, 20 Dec 2019 11:14:52 +0100
branchsync
changeset 428979af186cae4e
parent 4288 929625a777b1
child 4290 9ef77432a291
more security
src/message_api.c
sync/cond_act_sync.yml2
sync/gen_statemachine.ysl2
sync/sync.fsm
     1.1 --- a/src/message_api.c	Thu Dec 19 14:43:42 2019 +0100
     1.2 +++ b/src/message_api.c	Fri Dec 20 11:14:52 2019 +0100
     1.3 @@ -2742,30 +2742,30 @@
     1.4                      
     1.5      switch (src->enc_format) {
     1.6      case PEP_enc_PGP_MIME:
     1.7 -        *crypto_text = src->attachments->next->value;
     1.8 -        if (src->attachments->next->value[src->attachments->next->size - 1]) {
     1.9 -            // if the attachment is not ending with a trailing 0
    1.10 -            // then it is containing the crypto text directly
    1.11 -            *text_size = src->attachments->next->size;
    1.12 -        }
    1.13 -        else {
    1.14 -            // if the attachment is ending with trailing 0
    1.15 -            // then it is containting a string
    1.16 -            *text_size = strlen(src->attachments->next->value);
    1.17 -        }
    1.18 -        break;
    1.19 -
    1.20 -    case PEP_enc_PGP_MIME_Outlook1:
    1.21 -        *crypto_text = src->attachments->value;
    1.22 -        if (src->attachments->value[src->attachments->size - 1]) {
    1.23 -            // if the attachment is not ending with a trailing 0
    1.24 -            // then it is containing the crypto text directly
    1.25 -            *text_size = src->attachments->size;
    1.26 -        }
    1.27 -        else {
    1.28 -            // if the attachment is ending with trailing 0
    1.29 -            // then it is containting a string
    1.30 -            *text_size = strlen(src->attachments->value);
    1.31 +        *crypto_text = src->attachments->next->value;
    1.32 +        if (src->attachments->next->value[src->attachments->next->size - 1]) {
    1.33 +            // if the attachment is not ending with a trailing 0
    1.34 +            // then it is containing the crypto text directly
    1.35 +            *text_size = src->attachments->next->size;
    1.36 +        }
    1.37 +        else {
    1.38 +            // if the attachment is ending with trailing 0
    1.39 +            // then it is containting a string
    1.40 +            *text_size = strlen(src->attachments->next->value);
    1.41 +        }
    1.42 +        break;
    1.43 +
    1.44 +    case PEP_enc_PGP_MIME_Outlook1:
    1.45 +        *crypto_text = src->attachments->value;
    1.46 +        if (src->attachments->value[src->attachments->size - 1]) {
    1.47 +            // if the attachment is not ending with a trailing 0
    1.48 +            // then it is containing the crypto text directly
    1.49 +            *text_size = src->attachments->size;
    1.50 +        }
    1.51 +        else {
    1.52 +            // if the attachment is ending with trailing 0
    1.53 +            // then it is containting a string
    1.54 +            *text_size = strlen(src->attachments->value);
    1.55          }
    1.56          break;
    1.57  
     2.1 --- a/sync/cond_act_sync.yml2	Thu Dec 19 14:43:42 2019 +0100
     2.2 +++ b/sync/cond_act_sync.yml2	Fri Dec 20 11:14:52 2019 +0100
     2.3 @@ -60,6 +60,12 @@
     2.4              && s1 && s2 && strcmp(s1, s2) == 0;
     2.5  ||
     2.6  
     2.7 +condition fromGroupMember
     2.8 +||
     2.9 +    const char *sender_fpr = session->sync_state.comm_partner.sender_fpr;
    2.10 +    return is_own_key(session, sender_fpr, result);
    2.11 +||
    2.12 +
    2.13  condition keyElectionWon
    2.14  ||
    2.15      pEp_identity *from = session->sync_state.transport.from;
     3.1 --- a/sync/gen_statemachine.ysl2	Thu Dec 19 14:43:42 2019 +0100
     3.2 +++ b/sync/gen_statemachine.ysl2	Fri Dec 20 11:14:52 2019 +0100
     3.3 @@ -839,7 +839,8 @@
     3.4                              }
     3.5                              key_data = NULL;
     3.6  
     3.7 -                            status = encrypt_message(session, _m, extra, &m, PEP_enc_PEP, 0);
     3.8 +                            // we do not support extra keys here and will only encrypt to ourselves
     3.9 +                            status = encrypt_message(session, _m, NULL, &m, PEP_enc_PEP, 0);
    3.10                              if (status) {
    3.11                                  status = PEP_«yml:ucase(@name)»_CANNOT_ENCRYPT;
    3.12                                  goto the_end;
     4.1 --- a/sync/sync.fsm	Thu Dec 19 14:43:42 2019 +0100
     4.2 +++ b/sync/sync.fsm	Fri Dec 20 11:14:52 2019 +0100
     4.3 @@ -249,7 +249,7 @@
     4.4              on Rollback
     4.5                  go Sole;
     4.6  
     4.7 -            on OwnKeysRequester {
     4.8 +            on OwnKeysRequester if sameNegotiationAndPartner {
     4.9                  do saveGroupKeys;
    4.10                  do receivedKeysAreDefaultKeys;
    4.11                  do showGroupCreated;
    4.12 @@ -266,7 +266,7 @@
    4.13              on Rollback
    4.14                  go Sole;
    4.15  
    4.16 -            on OwnKeysOfferer {
    4.17 +            on OwnKeysOfferer if sameNegotiationAndPartner {
    4.18                  do saveGroupKeys;
    4.19                  do prepareOwnKeys;
    4.20                  do ownKeysAreDefaultKeys;
    4.21 @@ -282,7 +282,7 @@
    4.22                  do showBeingInGroup;
    4.23              }
    4.24  
    4.25 -            on GroupKeysUpdate
    4.26 +            on GroupKeysUpdate if fromGroupMember // double check
    4.27                  do saveGroupKeys;
    4.28  
    4.29              on KeyGen {
    4.30 @@ -310,12 +310,15 @@
    4.31                  go HandshakingGrouped;
    4.32              }
    4.33  
    4.34 -            on GroupTrustThisKey
    4.35 +            on GroupTrustThisKey if fromGroupMember // double check
    4.36                  do trustThisKey;
    4.37  
    4.38 -            on GroupKeyResetRequired
    4.39 -                send InitUnledGroupKeyReset;
    4.40 +            on GroupKeyResetRequired {
    4.41 +                do ledGroupKeyReset;
    4.42 +                send GroupKeyReset;
    4.43 +            }
    4.44  
    4.45 +            // this is for a leaving group member
    4.46              on GroupKeyResetRequiredAndDisable {
    4.47                  send InitUnledGroupKeyReset;
    4.48                  go DisableOnInitUnledGroupKeyReset;
    4.49 @@ -327,7 +330,7 @@
    4.50                  send GroupKeyReset;
    4.51              }
    4.52  
    4.53 -            on GroupKeyReset {
    4.54 +            on GroupKeyReset if fromGroupMember { // double check
    4.55                  do saveGroupKeys;
    4.56                  if isLedGroupKeyReset {
    4.57                      // led group key reset is executed without questions
    4.58 @@ -421,7 +424,7 @@
    4.59          }
    4.60  
    4.61          state JoiningGroup {
    4.62 -            on GroupKeysForNewMember {
    4.63 +            on GroupKeysForNewMember if sameNegotiationAndPartner {
    4.64                  do saveGroupKeys;
    4.65                  do receivedKeysAreDefaultKeys;
    4.66                  do prepareOwnKeys;
    4.67 @@ -462,13 +465,13 @@
    4.68              on CommitAccept if sameNegotiationAndPartner
    4.69                  go HandshakingGroupedPhase2;
    4.70  
    4.71 -            on GroupTrustThisKey {
    4.72 +            on GroupTrustThisKey if fromGroupMember { // double check
    4.73                  do trustThisKey;
    4.74                  if sameNegotiation
    4.75                      go Grouped;
    4.76              }
    4.77  
    4.78 -            on GroupKeysUpdate
    4.79 +            on GroupKeysUpdate if fromGroupMember // double check
    4.80                  do saveGroupKeys;
    4.81          }
    4.82  
    4.83 @@ -491,13 +494,13 @@
    4.84                  go Grouped;
    4.85              }
    4.86  
    4.87 -            on GroupTrustThisKey
    4.88 +            on GroupTrustThisKey if fromGroupMember // double check
    4.89                  do trustThisKey;
    4.90  
    4.91 -            on GroupKeysUpdate
    4.92 +            on GroupKeysUpdate if fromGroupMember // double check
    4.93                  do saveGroupKeys;
    4.94              
    4.95 -            on GroupKeysAndClose {
    4.96 +            on GroupKeysAndClose if fromGroupMember { // double check
    4.97                  do saveGroupKeys;
    4.98                  go Grouped;
    4.99              }
   4.100 @@ -523,13 +526,13 @@
   4.101                  go Grouped;
   4.102              }
   4.103  
   4.104 -            on GroupTrustThisKey
   4.105 +            on GroupTrustThisKey if fromGroupMember // double check
   4.106                  do trustThisKey;
   4.107  
   4.108 -            on GroupKeysUpdate
   4.109 +            on GroupKeysUpdate if fromGroupMember // double check
   4.110                  do saveGroupKeys;
   4.111              
   4.112 -            on GroupKeysAndClose {
   4.113 +            on GroupKeysAndClose if fromGroupMember { // double check
   4.114                  do saveGroupKeys;
   4.115                  go Grouped;
   4.116              }
   4.117 @@ -582,7 +585,8 @@
   4.118              field TID negotiation;
   4.119          }
   4.120  
   4.121 -        // default: security=trusted only
   4.122 +        // default: security=truste
   4.123 +        // messages are only accepted when coming from the device group
   4.124          message GroupTrustThisKey 11 {
   4.125              field Hash key;
   4.126              field TID negotiation;