Commit 78e01080 authored by johan's avatar johan

Add API to get the trust status of a peer active device

- this function shall be used in a mono-device per account environment
- give the trust status of a peer uri based on the
last device involved in a ZRTP exchange associated to that uri.
parent c4625d00
......@@ -187,6 +187,18 @@ typedef struct bzrtpCallbacks_struct {
#define BZRTP_CACHE_SETUP 0x2000
#define BZRTP_CACHE_UPDATE 0x2001
#define BZRTP_CACHE_DATA_NOTFOUND 0x2002
#define BZRTP_CACHE_PEER_STATUS_UNKNOWN 0x2010
#define BZRTP_CACHE_PEER_STATUS_VALID 0x2011
#define BZRTP_CACHE_PEER_STATUS_INVALID 0x2012
/* cache function error codes */
#define BZRTP_ZIDCACHE_INVALID_CONTEXT 0x2101
#define BZRTP_ZIDCACHE_INVALID_CACHE 0x2102
#define BZRTP_ZIDCACHE_UNABLETOUPDATE 0x2103
#define BZRTP_ZIDCACHE_UNABLETOREAD 0x2104
#define BZRTP_ZIDCACHE_BADINPUTDATA 0x2105
#define BZRTP_ZIDCACHE_RUNTIME_CACHELESS 0x2110
/**
* @brief bzrtpContext_t The ZRTP engine context
* Store current state, timers, HMAC and encryption keys
......@@ -496,6 +508,33 @@ BZRTP_EXPORT int bzrtp_cache_migration(void *cacheXmlPtr, void *cacheSqlite, con
*/
BZRTP_EXPORT int bzrtp_exportKey(bzrtpContext_t *zrtpContext, char *label, size_t labelLength, uint8_t *derivedKey, size_t *derivedKeyLength);
/**
* @brief Retrieve from bzrtp cache the trust status(based on the previously verified flag) of a peer URI
*
* This function will return the SAS validation status of the active device
* associated to the given peerURI.
*
* Important note about the active device:
* - any ZRTP exchange with a peer device will set it to be the active one for its sip:uri
* - the concept of active device is shared between local accounts if there are several of them, it means that :
* - if you have several local users on your device, each of them may have an entry in the ZRTP cache with a particular peer sip:uri (if they ever got in contact with it) but only one of this entry is set to active
* - this function will return the status associated to the last updated entry without any consideration for the local users it is associated with
* - any call where the SAS was neither accepted or rejected will not update the trust status but will set as active device for the peer sip:uri the one involved in the call
*
* This function is intended for use in a mono-device environment.
*
* @param[in] dbPointer Pointer to an already opened sqlite db
* @param[in] peerURI The peer sip:uri we're interested in
*
* @return one of:
* - BZRTP_CACHE_PEER_STATUS_UNKNOWN : this uri is not present in cache OR during calls with the active device, SAS never was validated or rejected
* Note: once the SAS has been validated or rejected, the status will never return to UNKNOWN(unless you delete your cache)
* - BZRTP_CACHE_PEER_STATUS_VALID : the active device status is set to valid
* - BZRTP_CACHE_PEER_STATUS_INVALID : the active peer device status is set to invalid
*
*/
BZRTP_EXPORT int bzrtp_cache_getPeerStatus(void *dbPointer, const char *peerURI);
#ifdef __cplusplus
}
#endif
......
......@@ -29,12 +29,6 @@
#include "typedef.h"
#define BZRTP_ZIDCACHE_INVALID_CONTEXT 0x2001
#define BZRTP_ZIDCACHE_INVALID_CACHE 0x2002
#define BZRTP_ZIDCACHE_UNABLETOUPDATE 0x2003
#define BZRTP_ZIDCACHE_UNABLETOREAD 0x2004
#define BZRTP_ZIDCACHE_BADINPUTDATA 0x2005
#define BZRTP_ZIDCACHE_RUNTIME_CACHELESS 0x2010
/**
* @brief Parse the cache to find secrets associated to the given ZID, set them and their length in the context if they are found
......@@ -68,4 +62,25 @@ BZRTP_EXPORT int bzrtp_getPeerAssociatedSecrets(bzrtpContext_t *context, uint8_t
#define BZRTP_ZIDCACHE_INSERT_ZUID 1
BZRTP_EXPORT int bzrtp_cache_getZuid(void *dbPointer, const char *selfURI, const char *peerURI, const uint8_t peerZID[12], const uint8_t insertFlag, int *zuid);
/**
* @brief This is a convenience wrapper to the bzrtp_cache_write function which will also take care of
* setting the ziduri table 'active' flag to one for the current row and reset all other rows with matching peeruri
*
* Write(insert or update) data in cache, adressing it by zuid (ZID/URI binding id used in cache)
* Get arrays of column names, values to be inserted, lengths of theses values
* All three arrays must be the same lenght: columnsCount
* If the row isn't present in the given table, it will be inserted
*
* @param[in/out] dbPointer Pointer to an already opened sqlite db
* @param[in] zuid The DB internal id to adress the correct row(binding between local uri and peer ZID+URI)
* @param[in] tableName The name of the table to write in the db, must already exists. Null terminated string
* @param[in] columns An array of null terminated strings containing the name of the columns to update
* @param[in] values An array of buffers containing the values to insert/update matching the order of columns array
* @param[in] lengths An array of integer containing the lengths of values array buffer matching the order of columns array
* @param[in] columnsCount length common to columns,values and lengths arrays
*
* @return 0 on succes, error code otherwise
*/
BZRTP_EXPORT int bzrtp_cache_write_active(void *dbPointer, int zuid, const char *tableName, const char **columns, uint8_t **values, size_t *lengths, uint8_t columnsCount);
#endif /* ZIDCACHE_H */
......@@ -557,7 +557,7 @@ int state_keyAgreement_sendingCommit(bzrtpEvent_t event) {
size_t colLength[] = {1};
zrtpContext->cachedSecret.previouslyVerifiedSas = 0;
bzrtp_cache_write(zrtpContext->zidCache, zrtpContext->zuid, "zrtp", colNames, colValues, colLength, 1);
bzrtp_cache_write_active(zrtpContext->zidCache, zrtpContext->zuid, "zrtp", colNames, colValues, colLength, 1);
/* if we have a statusMessage callback, use it to warn user */
if (zrtpContext->zrtpCallbacks.bzrtp_statusMessage!=NULL && zrtpContext->zrtpCallbacks.bzrtp_messageLevel>=BZRTP_MESSAGE_ERROR) { /* use error level as this one MUST (RFC section 4.3.2) be warned */
......@@ -861,7 +861,7 @@ int state_keyAgreement_responderSendingDHPart1(bzrtpEvent_t event) {
size_t colLength[] = {1};
zrtpContext->cachedSecret.previouslyVerifiedSas = 0;
bzrtp_cache_write(zrtpContext->zidCache, zrtpContext->zuid, "zrtp", colNames, colValues, colLength, 1);
bzrtp_cache_write_active(zrtpContext->zidCache, zrtpContext->zuid, "zrtp", colNames, colValues, colLength, 1);
/* if we have a statusMessage callback, use it to warn user */
if (zrtpContext->zrtpCallbacks.bzrtp_statusMessage!=NULL && zrtpContext->zrtpCallbacks.bzrtp_messageLevel>=BZRTP_MESSAGE_ERROR) { /* use error level as this one MUST (RFC section 4.3.2) be warned */
......@@ -2260,7 +2260,7 @@ int bzrtp_updateCachedSecrets(bzrtpContext_t *zrtpContext, bzrtpChannelContext_t
bzrtp_cache_getZuid((void *)zrtpContext->zidCache, zrtpContext->selfURI, zrtpContext->peerURI, zrtpContext->peerZID, BZRTP_ZIDCACHE_INSERT_ZUID, &zrtpContext->zuid);
}
bzrtp_cache_write(zrtpContext->zidCache, zrtpContext->zuid, "zrtp", colNames, colValues, colLength, 2);
bzrtp_cache_write_active(zrtpContext->zidCache, zrtpContext->zuid, "zrtp", colNames, colValues, colLength, 2);
/* if exist, call the callback function to perform custom cache operation that may use s0(writing exported key into cache) */
if (zrtpContext->zrtpCallbacks.bzrtp_contextReadyForExportedKeys != NULL) {
......
This diff is collapsed.
This diff is collapsed.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment