Commit 5e3861f3 authored by Matthieu Tanon's avatar Matthieu Tanon
Browse files

Final SAS behaviour improvements

parent 23b9799b
......@@ -4880,6 +4880,7 @@ void MediaSession::setAudioRoute (LinphoneAudioRoute route) {
}
void MediaSession::setAuthenticationTokenVerified (bool value) {
cout << endl << "setAuthenticationTokenVerified(" << value << ")" << endl;
L_D();
if (!d->audioStream || !media_stream_started(&d->audioStream->ms)) {
lError() << "MediaSession::setAuthenticationTokenVerified(): No audio stream or not started";
......@@ -4913,43 +4914,49 @@ void MediaSession::setAuthenticationTokenVerified (bool value) {
} else lWarning() << "Unable to get LIMEv2 context, unable to set peer device status";
// SAS verified
if (!d->authTokenVerified && value) {
cout << endl << "SAS verified" << endl;
if (value) {
cout << "SAS verified" << endl;
ms_zrtp_sas_verified(d->audioStream->ms.sessions.zrtp_context);
if (ms_zrtp_getAuxiliarySharedSecretMismatch(d->audioStream->ms.sessions.zrtp_context) == 2) {
cout << "no Ik exchange probably because LIMEv2 disabled" << endl;
lInfo() << "No auxiliary shared secret exchange because LIMEv2 disabled";
}
// SAS is verified and the auxiliary secret matches so we can trust this peer device
else if (ms_zrtp_getAuxiliarySharedSecretMismatch(d->audioStream->ms.sessions.zrtp_context) == 0) {
cout << "Ik match" << endl;
try {
cout << "setting peer device to trusted" << endl;
lInfo() << "SAS verified and Ik exchange successful";
limeV2Engine->getLimeManager()->set_peerDeviceStatus(peerDeviceId, remoteIk_vector, lime::PeerDeviceStatus::trusted);
} catch (const exception &e) {
// Ik error occured --> TODO remove lime db entry and replace it with new one + send alert if previously safe or untrusted
// Ik error occured --> the stored Ik is different from this Ik
// TODO
cout << "SAS verified but exception during set_peerDeviceStatus --> Ik mismatch --> check peer status" << endl;
cout << "SAS verified but exception during set_peerDeviceStatus --> new Ik --> check peer status --> ";
limeV2Engine->getLimeManager()->delete_peerDevice(peerDeviceId);
limeV2Engine->getLimeManager()->set_peerDeviceStatus(peerDeviceId, remoteIk_vector, lime::PeerDeviceStatus::trusted);
lime::PeerDeviceStatus status = limeV2Engine->getLimeManager()->get_peerDeviceStatus(peerDeviceId);
switch (status) {
case lime::PeerDeviceStatus::unsafe:
cout << "current peer device status is unsafe --> do nothing" << endl;
lWarning() << "Ik is different from stored Ik and peer device is unsafe";
cout << "current peer device status is unsafe --> delete and recreate trusted peer device without alert" << endl;
break;
case lime::PeerDeviceStatus::untrusted:
case lime::PeerDeviceStatus::unknown:
cout << "current peer device status is unknown/untrusted --> previous messages compromised alert --> delete peer device and set new one as trusted" << endl;
limeV2Engine->getLimeManager()->delete_peerDevice(peerDeviceId);
limeV2Engine->getLimeManager()->set_peerDeviceStatus(peerDeviceId, remoteIk_vector, lime::PeerDeviceStatus::trusted);
lWarning() << "Ik is different from stored Ik and peer device is untrusted";
cout << "current peer device status is untrusted --> previous messages compromised alert --> delete peer device and set new one as trusted" << endl;
d->addSecurityEventInChatrooms(faultyDevice, ConferenceSecurityEvent::SecurityEventType::LimeIdentityKeyChanged); // TODO specific alert
break;
case lime::PeerDeviceStatus::trusted:
cout << "current peer device status is trusted --> device changed Ik without changing GRUU alert" << endl;
lWarning() << "Ik is different from stored Ik but peer device was already trusted";
// TODO delete and recreate with trust ? or send an alert ?
break;
case lime::PeerDeviceStatus::unknown:
case lime::PeerDeviceStatus::fail:
cout << "current peer device status is fail --> should not be possible" << endl;
lWarning() << "Ik is different from stored Ik but peer device is unknown";
break;
}
}
......@@ -4958,39 +4965,27 @@ void MediaSession::setAuthenticationTokenVerified (bool value) {
else {
cout << "SAS verified but aux secret mismatch --> resetting sas + alert" << endl;
ms_zrtp_sas_reset_verified(d->audioStream->ms.sessions.zrtp_context);
// limeV2Engine->getLimeManager()->set_peerDeviceStatus(peerDeviceId, lime::PeerDeviceStatus::unsafe); // TODO what status ?
d->addSecurityEventInChatrooms(faultyDevice, ConferenceSecurityEvent::SecurityEventType::LimeIdentityKeyChanged); // TODO what event ?
limeV2Engine->getLimeManager()->set_peerDeviceStatus(peerDeviceId, lime::PeerDeviceStatus::unsafe);
d->addSecurityEventInChatrooms(faultyDevice, ConferenceSecurityEvent::SecurityEventType::ManInTheMiddleDetected);
}
}
// SAS rejected
else if (d->authTokenVerified && !value) {
cout << endl << "SAS refused" << endl;
else {
cout << "SAS refused" << endl;
ms_zrtp_sas_reset_verified(d->audioStream->ms.sessions.zrtp_context);
try {
cout << "setting peer device to unsafe" << endl;
// Set peer device to untrusted or unsafe depending on configuration
LinphoneConfig *lp_config = linphone_core_get_config(getCore()->getCCore());
lime::PeerDeviceStatus statusIfSASrefused = lp_config_get_int(lp_config, "lime", "unsafe_if_sas_refused", 1) ? lime::PeerDeviceStatus::unsafe : lime::PeerDeviceStatus::untrusted;
limeV2Engine->getLimeManager()->set_peerDeviceStatus(peerDeviceId, remoteIk_vector, statusIfSASrefused);
} catch (const exception &e) {
cout << "this shouldn't happen --> TODO" << endl;
// Ik error occured --> TODO remove lime db entry and replace it with new one + send alert if previously safe or untrusted
// lError() << "LIMEv2 identity theft detected from " << peerDeviceId << " (" << e.what() << ")";
limeV2Engine->getLimeManager()->set_peerDeviceStatus(peerDeviceId, lime::PeerDeviceStatus::unsafe); // TODO unsafe ?
d->addSecurityEventInChatrooms(faultyDevice, ConferenceSecurityEvent::SecurityEventType::LimeIdentityKeyChanged);
}
ms_free(peerDeviceId);
}
else if (!d->authTokenVerified && !value) {
cout << "sas previously invalid and now invalid too --> TODO ?" << endl;
}
cout << "sending man-in-the-middle event in chatrooms" << endl;
d->addSecurityEventInChatrooms(faultyDevice, ConferenceSecurityEvent::SecurityEventType::ManInTheMiddleDetected);
else if (d->authTokenVerified && value) {
cout << "sas previously valid and now valid too --> TODO ?" << endl;
cout << "setting peer device to unsafe" << endl;
// Set peer device to untrusted or unsafe depending on configuration
LinphoneConfig *lp_config = linphone_core_get_config(getCore()->getCCore());
lime::PeerDeviceStatus statusIfSASrefused = lp_config_get_int(lp_config, "lime", "unsafe_if_sas_refused", 1) ? lime::PeerDeviceStatus::unsafe : lime::PeerDeviceStatus::untrusted;
limeV2Engine->getLimeManager()->set_peerDeviceStatus(peerDeviceId, remoteIk_vector, statusIfSASrefused);
}
ms_free(peerDeviceId);
d->authTokenVerified = value;
d->propagateEncryptionChanged();
}
......
......@@ -5112,8 +5112,8 @@ static void group_chat_lime_v2_chatroom_security_alert (void) {
BC_ASSERT_TRUE(wait_for_list(coresList, &laure->stat.number_of_MultideviceParticipantDetected, initialLaureStats.number_of_MultideviceParticipantDetected + 1, 3000));
// Check the security level was downgraded for Marie and Laure
BC_ASSERT_EQUAL(linphone_chat_room_get_security_level(marieCr), LinphoneChatRoomSecurityLevelEncrypted, int, "%d"); // TODO shall be unsafe thanks to new LIMEv2 API
BC_ASSERT_EQUAL(linphone_chat_room_get_security_level(laureCr), LinphoneChatRoomSecurityLevelEncrypted, int, "%d"); // TODO shall be unsafe thanks to new LIMEv2 API
BC_ASSERT_EQUAL(linphone_chat_room_get_security_level(marieCr), LinphoneChatRoomSecurityLevelUnsafe, int, "%d");
BC_ASSERT_EQUAL(linphone_chat_room_get_security_level(laureCr), LinphoneChatRoomSecurityLevelUnsafe, int, "%d");
// Laure sends a messages to trigger a LIMEv2 security alerts because maxNumberOfDevicePerParticipant has been exceeded
if (lp_config_get_int(linphone_core_get_config(laure->lc), "lime", "allow_message_in_unsafe_chatroom", 0) == 0) {
......@@ -5123,33 +5123,8 @@ static void group_chat_lime_v2_chatroom_security_alert (void) {
BC_ASSERT_FALSE((marie->stat.number_of_LinphoneMessageReceived == initialPauline1Stats.number_of_LinphoneMessageReceived + 3));
BC_ASSERT_FALSE((pauline1->stat.number_of_LinphoneMessageReceived == initialPauline1Stats.number_of_LinphoneMessageReceived + 3));
BC_ASSERT_FALSE((pauline2->stat.number_of_LinphoneMessageReceived == initialPauline2Stats.number_of_LinphoneMessageReceived + 1));
goto end;
}
// Laure starts composing a message
linphone_chat_room_compose(laureCr);
// No new security alert sent because there is a recent one
BC_ASSERT_TRUE(wait_for_list(coresList, &laure->stat.number_of_MultideviceParticipantDetected, initialLaureStats.number_of_MultideviceParticipantDetected + 1, 3000));
// Laure sends the message
const char *laureMessage = "I'm going to the cinema";
_send_message(laureCr, laureMessage);
// No new security alert sent because there is a recent one
BC_ASSERT_TRUE(wait_for_list(coresList, &laure->stat.number_of_MultideviceParticipantDetected, initialLaureStats.number_of_MultideviceParticipantDetected + 1, 3000));
// Laure sends another message
_send_message(laureCr, laureMessage);
// Check that Laure received another security alert because a multidevice participant was detected during encryption
BC_ASSERT_TRUE(wait_for_list(coresList, &laure->stat.number_of_MultideviceParticipantDetected, initialLaureStats.number_of_MultideviceParticipantDetected + 2, 3000));
// Check that the message was not received by Pauline1 or Laure
// TODO optimize and choose wether we are still allowed to send message during a security alert or not
BC_ASSERT_TRUE(wait_for_list(coresList, &pauline1->stat.number_of_LinphoneMessageReceived, initialPauline1Stats.number_of_LinphoneMessageReceived + 1, 3000));
BC_ASSERT_TRUE(wait_for_list(coresList, &laure->stat.number_of_LinphoneMessageReceived, initialLaureStats.number_of_LinphoneMessageReceived + 1, 3000));
end:
// Clean local LIMEv2 databases
......@@ -5421,19 +5396,19 @@ static void group_chat_lime_v2_send_encrypted_message_to_disabled_lime_v2 (void)
// Marie starts composing a message
linphone_chat_room_compose(marieCr);
// Check that the IsComposing is undecryptable and that an undecryptabled message error IMDN is returned to Marie
// Check that the IsComposing is undecipherable and that an undecipherable message error IMDN is returned to Marie
BC_ASSERT_FALSE(wait_for_list(coresList, &pauline->stat.number_of_LinphoneIsComposingActiveReceived, initialPaulineStats.number_of_LinphoneIsComposingActiveReceived + 1, 3000));
// Marie sends the message
const char *marieMessage = "What's up ?";
_send_message(marieCr, marieMessage);
// Check that the message is discarded and that an undecrpytabled message error IMDN is returned to Marie
// Check that the message is discarded and that an undecipherable message error IMDN is returned to Marie
BC_ASSERT_FALSE(wait_for_list(coresList, &pauline->stat.number_of_LinphoneMessageReceived, initialPaulineStats.number_of_LinphoneMessageReceived + 1, 3000));
// Check the chatrooms security level
BC_ASSERT_EQUAL(linphone_chat_room_get_security_level(marieCr), LinphoneChatRoomSecurityLevelEncrypted, int, "%d");
BC_ASSERT_EQUAL(linphone_chat_room_get_security_level(paulineCr), LinphoneChatRoomSecurityLevelClearText, int, "%d");
BC_ASSERT_EQUAL(linphone_chat_room_get_security_level(paulineCr), LinphoneChatRoomSecurityLevelEncrypted, int, "%d");
// Clean local LIMEv2 databases
linphone_core_enable_lime_v2(pauline->lc, TRUE);
......@@ -5713,8 +5688,6 @@ end:
linphone_core_manager_destroy(pauline);
}
static void group_chat_lime_v2_update_keys (void) {
LinphoneCoreManager *marie = linphone_core_manager_create("marie_lime_v2_rc");
LinphoneCoreManager *pauline = linphone_core_manager_create("pauline_lime_v2_rc");
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment