Browse Source

...

pEpMIME_windows
Volker Birk 3 years ago
parent
commit
b93678a50d
4 changed files with 121 additions and 57 deletions
  1. +8
    -6
      sync/cond_act_sync.yml2
  2. +14
    -7
      sync/gen_message_func.ysl2
  3. +98
    -43
      sync/gen_statemachine.ysl2
  4. +1
    -1
      sync/sync.fsm

+ 8
- 6
sync/cond_act_sync.yml2 View File

@ -153,6 +153,8 @@ action closeTransaction
||
memset(session->sync_state.keysync.negotiation.buf, 0,
session->sync_state.keysync.negotiation.size);
memset(session->own_sync_state.negotiation.buf, 0,
session->own_sync_state.negotiation.size);
||
action storeTransaction {
@ -274,9 +276,9 @@ action prepareOwnKeys
if (status)
return status;
if (session->sync_state.common.own_keys)
free_stringlist(session->sync_state.common.own_keys);
session->sync_state.common.own_keys = own_keys;
if (session->own_sync_state.own_keys)
free_stringlist(session->own_sync_state.own_keys);
session->own_sync_state.own_keys = own_keys;
identity_list *il;
status = _own_identities_retrieve(session, &il, PEP_idf_not_for_sync);
@ -309,7 +311,7 @@ action ownKeysAreGroupKeys
PEP_STATUS status = PEP_STATUS_OK;
// set flag for current keys
for (identity_list *il = session->sync_state.common.own_identities; il && il->ident ; il = il->next) {
for (identity_list *il = session->own_sync_state.own_identities; il && il->ident ; il = il->next) {
if (!(il->ident->flags && PEP_idf_not_for_sync)) {
status = set_identity_flags(session, il->ident, PEP_idf_devicegroup);
if (status)
@ -323,7 +325,7 @@ action receivedKeysAreGroupKeys
PEP_STATUS status = PEP_STATUS_OK;
// set flag for current keys
for (identity_list *il = session->sync_state.common.own_identities; il && il->ident ; il = il->next) {
for (identity_list *il = session->own_sync_state.own_identities; il && il->ident ; il = il->next) {
if (!(il->ident->flags && PEP_idf_not_for_sync)) {
status = set_identity_flags(session, il->ident, PEP_idf_devicegroup);
if (status)
@ -335,7 +337,7 @@ action receivedKeysAreGroupKeys
if (!il)
return PEP_OUT_OF_MEMORY;
for (il = session->sync_state.common.own_identities; il && il->ident ; il = il->next) {
for (il = session->own_sync_state.own_identities; il && il->ident ; il = il->next) {
// replace partner's user_id with own user_id
free(il->ident->user_id);
il->ident->user_id = strdup(session->sync_state.common.from->user_id);


+ 14
- 7
sync/gen_message_func.ysl2 View File

@ -39,19 +39,23 @@ extern "C" {
// state
struct «@name»_state_s {
struct common_state_s {
pEp_identity *from;
stringlist_t *own_keys;
identity_list *own_identities;
// common buffer for all types of «@name» messages
struct common_state_s {
// transport data
pEp_identity *from;
char *signature_fpr;
} common;
`` apply "fsm", mode=state
};
// own state
struct own_«@name»_state_s {
stringlist_t *own_keys;
identity_list *own_identities;
`` if "func:distinctName(fsm/message/field[@type='TID'])" |> // active TIDs
`` for "func:distinctName(fsm/message/field[@type='TID'])" |> «func:ctype()» «@name»;
// transport data
@ -78,6 +82,9 @@ PEP_STATUS update_«@name»_message(PEP_SESSION session, «@name»_t *msg);
template "fsm", mode=state
||
// buffer for «@name» messages
struct _«@name»_state_s {
int state;
@ -105,8 +112,8 @@ void free_«@name»_state(PEP_SESSION session)
free_identity(session->«yml:lcase(@name)»_state.common.from);
free(session->«yml:lcase(@name)»_state.common.signature_fpr);
free_stringlist(session->«yml:lcase(@name)»_state.common.own_keys);
free_identity_list(session->«yml:lcase(@name)»_state.common.own_identities);
free_stringlist(session->own_«yml:lcase(@name)»_state.own_keys);
free_identity_list(session->own_«yml:lcase(@name)»_state.own_identities);
||
for "fsm"


+ 98
- 43
sync/gen_statemachine.ysl2 View File

@ -40,7 +40,6 @@ tstylesheet {
pEp_identity *from;
char *signature_fpr;
// identities to sync
identity_list *own_identities;
} «@name»_event_t;
@ -418,6 +417,8 @@ tstylesheet {
identity_list *channels = NULL;
char *key_data = NULL;
size_t key_data_size = 0;
stringlist_t *extra = NULL;
bool transaction;
status = update_«@name»_message(session, msg);
if (status)
@ -498,8 +499,6 @@ tstylesheet {
}
memcpy(_data, data, size);
stringlist_t *extra = NULL;
switch (message_type) {
`` for "fsm/message[@security='unencrypted']" |>>> case «../@name»_PR_«yml:mixedCase(@name)»:
status = base_prepare_message(
@ -519,22 +518,76 @@ tstylesheet {
m = _m;
break;
`` for "fsm/message[@security='attach_own_keys']" |>>> case «../@name»_PR_«yml:mixedCase(@name)»:
assert(session->«yml:lcase(@name)»_state.common.signature_fpr &&
session->«yml:lcase(@name)»_state.common.from &&
session->«yml:lcase(@name)»_state.common.from->user_id);
if (!(session->«yml:lcase(@name)»_state.common.signature_fpr &&
session->«yml:lcase(@name)»_state.common.from &&
session->«yml:lcase(@name)»_state.common.from->user_id))
{
`` for "fsm/message[@security='untrusted']" |>>> case «../@name»_PR_«yml:mixedCase(@name)»:
// add fpr of key of comm partner
assert(session->«yml:lcase(@name)»_state.common.signature_fpr);
if (!session->«yml:lcase(@name)»_state.common.signature_fpr) {
status = PEP_«yml:ucase(@name)»_CANNOT_ENCRYPT;
goto the_end;
}
extra = new_stringlist(session->«yml:lcase(@name)»_state.common.signature_fpr);
if (!extra) {
status = PEP_OUT_OF_MEMORY;
goto the_end;
}
status = base_prepare_message(
session,
li->ident,
li->ident,
_data,
size,
NULL,
&_m
);
if (status) {
free(_data);
goto the_end;
}
status = encrypt_message(session, _m, extra, &m, PEP_enc_PEP, 0);
if (status) {
status = PEP_«yml:ucase(@name)»_CANNOT_ENCRYPT;
goto the_end;
}
free_message(_m);
break;
`` for "fsm/message[@security='attach_own_keys']" |>>> case «../@name»_PR_«yml:mixedCase(@name)»:
// check if this is the key of a former negotiation
transaction = false;
for (int i=0; i < session->own_«yml:lcase(@name)»_state.negotiation.size; i++) {
if (session->own_«yml:lcase(@name)»_state.negotiation.buf[i]) {
transaction = true;
break;
}
}
// if it is a former negotiation check if the key
// is fully trusted and the sender key of this
// transaction; if so add the sender key to extra
// keys allowing this new partner to read the
// secret keys
if (transaction) {
assert(session->own_«yml:lcase(@name)»_state.signature_fpr &&
session->«yml:lcase(@name)»_state.common.from &&
session->«yml:lcase(@name)»_state.common.from->user_id);
if (!(session->own_«yml:lcase(@name)»_state.signature_fpr &&
session->«yml:lcase(@name)»_state.common.from &&
session->«yml:lcase(@name)»_state.common.from->user_id))
{
status = PEP_«yml:ucase(@name)»_CANNOT_ENCRYPT;
goto the_end;
}
// double check if we fully trust this comm partner
{
// test if this is a green channel
pEp_identity *ident = new_identity(NULL,
session->«yml:lcase(@name)»_state.common.signature_fpr,
session->own_«yml:lcase(@name)»_state.signature_fpr,
session->«yml:lcase(@name)»_state.common.from->user_id,
NULL
);
@ -554,6 +607,29 @@ tstylesheet {
goto the_end;
}
free_identity(ident);
// test if we accepted this as own key already
bool is_own_key = false;
status = own_key_is_listed(session,
session->own_«yml:lcase(@name)»_state.signature_fpr,
&is_own_key);
assert(!status);
if (status)
goto the_end;
assert(is_own_key);
if (!is_own_key) {
status = PEP_«yml:ucase(@name)»_CANNOT_ENCRYPT;
goto the_end;
}
// if so add key of comm partner to extra keys
extra = new_stringlist(session->own_«yml:lcase(@name)»_state.signature_fpr);
if (!extra) {
status = PEP_OUT_OF_MEMORY;
goto the_end;
}
}
status = base_prepare_message(
@ -582,7 +658,7 @@ tstylesheet {
}
key_data_size = 1;
for (stringlist_t *sl = session->«yml:lcase(@name)»_state.common.own_keys;
for (stringlist_t *sl = session->own_«yml:lcase(@name)»_state.own_keys;
sl && sl->value ; sl = sl->next)
{
char *_key_data = NULL;
@ -645,16 +721,7 @@ tstylesheet {
}
key_data = NULL;
// add fpr of key of comm partner
extra = new_stringlist(session->«yml:lcase(@name)»_state.common.signature_fpr);
if (extra) {
status = encrypt_message(session, _m, extra, &m, PEP_enc_PEP, 0);
free_stringlist(extra);
}
else {
status = PEP_OUT_OF_MEMORY;
}
status = encrypt_message(session, _m, extra, &m, PEP_enc_PEP, 0);
if (status) {
status = PEP_«yml:ucase(@name)»_CANNOT_ENCRYPT;
goto the_end;
@ -662,7 +729,7 @@ tstylesheet {
free_message(_m);
break;
default:
default: // security=trusted only
status = base_prepare_message(
session,
li->ident,
@ -677,20 +744,7 @@ tstylesheet {
goto the_end;
}
assert(session->«yml:lcase(@name)»_state.common.signature_fpr);
if (!session->«yml:lcase(@name)»_state.common.signature_fpr) {
status = PEP_«yml:ucase(@name)»_CANNOT_ENCRYPT;
goto the_end;
}
stringlist_t *extra = new_stringlist(session->«yml:lcase(@name)»_state.common.signature_fpr);
if (extra) {
status = encrypt_message(session, _m, extra, &m, PEP_enc_PEP, 0);
free_stringlist(extra);
}
else {
status = PEP_OUT_OF_MEMORY;
}
status = encrypt_message(session, _m, NULL, &m, PEP_enc_PEP, 0);
if (status) {
status = PEP_«yml:ucase(@name)»_CANNOT_ENCRYPT;
goto the_end;
@ -703,6 +757,7 @@ tstylesheet {
}
the_end:
free_stringlist(extra);
free_identity_list(channels);
free_message(m);
free(data);
@ -762,8 +817,8 @@ tstylesheet {
// update own identities
if (ev->own_identities && ev->own_identities->ident) {
free_identity_list(session->«yml:lcase(@name)»_state.common.own_identities);
session->«yml:lcase(@name)»_state.common.own_identities = ev->own_identities;
free_identity_list(session->own_«yml:lcase(@name)»_state.own_identities);
session->own_«yml:lcase(@name)»_state.own_identities = ev->own_identities;
ev->own_identities = NULL;
}
@ -1134,7 +1189,7 @@ tstylesheet {
`` apply "event", 2, mode=fsm
default:
// ignore events not handled here
«../@name»_SERVICE_LOG("ignoring event", KeySync_event_name(event));
«../@name»_SERVICE_LOG("ignoring event", «../@name»_event_name(event));
return invalid_event;
}
break;


+ 1
- 1
sync/sync.fsm View File

@ -535,7 +535,7 @@ protocol Sync 1 {
field Hash key;
}
// security=attach_own_keys implies security=trusted
// trust in future
message GroupKeys 12, security=attach_own_keys {
field IdentityList ownIdentities;
}


Loading…
Cancel
Save