Peer's failure to decrypt a message stale the IM encryption session

src/chat/encryption/encryption-engine.h

@@ -121,6 +121,8 @@ public:
 	virtual AbstractChatRoom::SecurityLevel getSecurityLevel (const std::string &deviceId) const { return AbstractChatRoom::SecurityLevel::ClearText; }
 	virtual std::list<EncryptionParameter> getEncryptionParameters () { return std::list<EncryptionParameter>(); }
 
+	virtual void stale_session (const std::string localDeviceId, const std::string peerDeviceId) {};
+
 protected:
 	EncryptionEngine (const std::shared_ptr<Core> &core) : CoreAccessor(core) {}
 

src/chat/encryption/lime-x3dh-encryption-engine.cpp

@@ -884,6 +884,10 @@ std::shared_ptr<LimeManager> LimeX3dhEncryptionEngine::getLimeManager () {
 	return limeManager;
 }
 
+void LimeX3dhEncryptionEngine::stale_session (const std::string localDeviceId, const std::string peerDeviceId) {
+	limeManager->stale_sessions(localDeviceId, peerDeviceId);
+}
+
 lime::limeCallback LimeX3dhEncryptionEngine::setLimeCallback (string operation) {
 	lime::limeCallback callback([operation](lime::CallbackReturn returnCode, string anythingToSay) {
 		if (returnCode == lime::CallbackReturn::success) {

src/chat/encryption/lime-x3dh-encryption-engine.h

@@ -166,6 +166,7 @@ public:
 		const std::string &message
 	) override;
 
+	void stale_session (const std::string localDeviceId, const std::string peerDeviceId) override;
 private:
 	std::shared_ptr<LimeManager> limeManager;
 	std::time_t lastLimeUpdate;

src/chat/notification/imdn.cpp

@@ -27,6 +27,7 @@
 #ifdef HAVE_ADVANCED_IM
 #include "xml/imdn.h"
 #include "xml/linphone-imdn.h"
+#include "chat/encryption/encryption-engine.h"
 #endif
 
 #include "imdn.h"
@@ -204,12 +205,25 @@ void Imdn::parse (const shared_ptr<ChatMessage> &chatMessage) {
 			auto &displayNotification = imdn->getDisplayNotification();
 			if (deliveryNotification.present()) {
 				auto &status = deliveryNotification.get().getStatus();
-				if (status.getDelivered().present() && linphone_im_notif_policy_get_recv_imdn_delivered(policy))
+				if (status.getDelivered().present() && linphone_im_notif_policy_get_recv_imdn_delivered(policy)) {
 					cm->getPrivate()->setParticipantState(participantAddress, ChatMessage::State::DeliveredToUser, imdnTime);
-				else if ((status.getFailed().present() || status.getError().present())
-					&& linphone_im_notif_policy_get_recv_imdn_delivered(policy)
-				)
+				} else if ((status.getFailed().present() || status.getError().present()) && linphone_im_notif_policy_get_recv_imdn_delivered(policy)) {
 					cm->getPrivate()->setParticipantState(participantAddress, ChatMessage::State::NotDelivered, imdnTime);
+					// When the IMDN status is failed for reason code 488 (Not acceptable here) and the chatroom is encrypted,
+					// something is wrong with our encryption session with this peer, stale the active session the next
+					// message (which can be a resend of this one) will be encrypted with a new session
+					if (status.getFailed().present() && status.getReason().present() && (cr->getCapabilities() & ChatRoom::Capabilities::Encrypted)) {
+						// Check the reason code is 488
+						auto reason = status.getReason().get();
+						auto imee = cm->getCore()->getEncryptionEngine();
+						if ((reason.getCode() == 488) && imee) {
+							// stale the encryption sessions with this device: something went wrong, we will create a new one at next encryption
+							lWarning()<<"Peer "<<chatMessage->getFromAddress().asString()<<" could not decrypt message from "
+								<< cm->getFromAddress().asString()<<" -> Stale the lime X3DH session";
+							imee->stale_session(cm->getFromAddress().asString(), chatMessage->getFromAddress().asString());
+						}
+					}
+				}
 			} else if (displayNotification.present()) {
 				auto &status = displayNotification.get().getStatus();
 				if (status.getDisplayed().present() && linphone_im_notif_policy_get_recv_imdn_displayed(policy))

tester/CMakeLists.txt

@@ -28,6 +28,10 @@ endif()
 if(SQLITE3_FOUND)
 	list(APPEND OTHER_LIBS_FOR_TESTER ${SQLITE3_LIBRARIES})
 endif()
+if(SOCI_FOUND)
+	list(APPEND OTHER_LIBS_FOR_TESTER  ${SOCI_LIBRARIES} ${SOCI_sqlite3_PLUGIN})
+	add_definitions(-DHAVE_SOCI=1)
+endif()
 if(ZLIB_FOUND)
 	if (ANDROID)
 		# Starting NDK r21, libz.a has issues: https://github.com/android/ndk/issues/1179
@@ -270,6 +274,7 @@ if(ENABLE_LIME_X3DH)
 endif()
 
 set(SOURCE_FILES_CXX
+	tester.cpp
 	audio_quality_tester.cpp
 	clonable-object-tester.cpp
 	contents-tester.cpp
@@ -351,7 +356,7 @@ endif()
 # on mobile platforms, we compile the tester as a library so that we can link with it directly from native applications
 if(ANDROID OR IOS)
 	add_library(linphonetester SHARED ${HEADER_FILES} ${SOURCE_FILES_C} ${SOURCE_FILES_CXX})
-	target_include_directories(linphonetester PRIVATE ${LINPHONE_INCLUDE_DIRS} ${LIBXSD_INCLUDE_DIRS})
+	target_include_directories(linphonetester PRIVATE ${LINPHONE_INCLUDE_DIRS} ${LIBXSD_INCLUDE_DIRS} ${SOCI_INCLUDE_DIRS})
 	target_link_libraries(linphonetester ${LINPHONE_LIBS_FOR_TOOLS} ${OTHER_LIBS_FOR_TESTER})
 	#TODO: replace by if(APPLE) when we want to make apple framework on linphone-desktop too
 	if(IOS)
@@ -380,7 +385,7 @@ if(ANDROID OR IOS)
 	)
 elseif(CMAKE_SYSTEM_NAME STREQUAL "WindowsStore")
 	add_library(linphone_tester_static STATIC ${HEADER_FILES} ${SOURCE_FILES_C} ${SOURCE_FILES_CXX})
-	target_include_directories(linphone_tester_static PRIVATE ${LINPHONE_INCLUDE_DIRS})
+	target_include_directories(linphone_tester_static PRIVATE ${LINPHONE_INCLUDE_DIRS} ${SOCI_INCLUDE_DIRS})
 	target_link_libraries(linphone_tester_static ${LINPHONE_LIBS_FOR_TOOLS} ${OTHER_LIBS_FOR_TESTER})
 
 	set(RUNTIME_COMPONENT_SOURCES
@@ -415,7 +420,7 @@ if(NOT ANDROID AND NOT CMAKE_SYSTEM_NAME STREQUAL "WindowsStore")
 		set_target_properties(liblinphone_tester PROPERTIES LINK_FLAGS "${LINPHONE_LDFLAGS}")
 		set_target_properties(liblinphone_tester PROPERTIES LINKER_LANGUAGE CXX)
 		set_target_properties(liblinphone_tester PROPERTIES C_STANDARD 99)
-		target_include_directories(liblinphone_tester PRIVATE ${LINPHONE_INCLUDE_DIRS})
+		target_include_directories(liblinphone_tester PRIVATE ${LINPHONE_INCLUDE_DIRS} ${SOCI_INCLUDE_DIRS})
 		target_link_libraries(liblinphone_tester ${LINPHONE_LIBS_FOR_TOOLS} ${OTHER_LIBS_FOR_TESTER})
                 if(MSVC)
                         if(CMAKE_BUILD_TYPE STREQUAL "Debug" OR CMAKE_BUILD_TYPE STREQUAL "RelWithDebInfo")
@@ -437,7 +442,7 @@ if(NOT ANDROID AND NOT CMAKE_SYSTEM_NAME STREQUAL "WindowsStore")
 		set_target_properties(groupchat_benchmark PROPERTIES LINK_FLAGS "${LINPHONE_LDFLAGS}")
 		set_target_properties(groupchat_benchmark PROPERTIES LINKER_LANGUAGE CXX)
 		set_target_properties(groupchat_benchmark PROPERTIES C_STANDARD 99)
-		target_include_directories(groupchat_benchmark PRIVATE ${LINPHONE_INCLUDE_DIRS})
+		target_include_directories(groupchat_benchmark PRIVATE ${LINPHONE_INCLUDE_DIRS} ${SOCI_INCLUDE_DIRS})
 		target_link_libraries(groupchat_benchmark ${LINPHONE_LIBS_FOR_TOOLS} ${OTHER_LIBS_FOR_TESTER})
 
 		install(TARGETS groupchat_benchmark

tester/liblinphone_tester.h

@@ -631,6 +631,8 @@ void set_lime_curve(const int curveId, LinphoneCoreManager *manager);
 void set_lime_curve_list(const int curveId, bctbx_list_t *managerList);
 void set_lime_curve_list_tls(const int curveId, bctbx_list_t *managerList, bool_t tls_auth_server, bool_t required);
 
+void lime_delete_DRSessions(const char *limedb);
+
 
 #ifdef __cplusplus
 };

tester/tester.cpp

+/*
+ * Copyright (c) 2020 Belledonne Communications SARL.
+ *
+ * This file is part of Liblinphone.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifdef HAVE_SOCI
+#include <soci/soci.h>
+#endif
+#include "liblinphone_tester.h"
+#include "logger/logger.h"
+#include <exception>
+
+/* */
+void lime_delete_DRSessions(const char *limedb) {
+#ifdef HAVE_SOCI
+	try {
+		soci::session sql("sqlite3", limedb); // open the DB
+		// Delete all sessions from the DR_sessions table
+		sql<<"DELETE FROM DR_sessions;";
+	} catch (std::exception &e) { // swallow any error on DB
+		lWarning()<<"Cannot delete DRSessions in base "<<limedb<<". Error is "<<e.what();
+	}
+#endif
+}
+
+