Commit 2c3a66a4 authored by johan's avatar johan

Improve set/get peerDevice Status API

- set to unsafe or untrusted without giving the Ik.
parent 636df6c7
......@@ -254,6 +254,19 @@ namespace lime {
*/
void set_peerDeviceStatus(const std::string &peerDeviceId, const std::vector<uint8_t> &Ik, lime::PeerDeviceStatus status);
/**
* @brief set the peer device status flag in local storage: unsafe or untrusted.
* This variation allows to set a peer Device status to unsafe or untrusted only whithout providing its identity key Ik
*
* @param[in] peerDeviceId The device Id of peer, shall be its GRUU
* @param[in] status value of flag to set: accepted values are untrusted or unsafe
*
* throw an exception if the status flag value is unexpected (not one of untrusted, unsafe)
*
* if peer Device is not present in local storage, it is just ignored
*/
void set_peerDeviceStatus(const std::string &peerDeviceId, lime::PeerDeviceStatus status);
/**
* @brief get the status of a peer device: unknown, untrusted, trusted, unsafe
*
......
......@@ -327,6 +327,34 @@ void Db::set_peerDeviceStatus(const std::string &peerDeviceId, const std::vector
}
}
/**
* @brief set the peer device status flag in local storage: unsafe or untrusted.
* This variation allows to set a peer Device status to unsafe or untrusted only whithout providing its identity key Ik
*
* @param[in] peerDeviceId The device Id of peer, shall be its GRUU
* @param[in] status value of flag to set: accepted values are untrusted or unsafe
*
* throw an exception if the status flag value is unexpected (not one of untrusted, unsafe)
*
* if peer Device is not present in local storage, it is just ignored
*/
void Db::set_peerDeviceStatus(const std::string &peerDeviceId, lime::PeerDeviceStatus status) {
// Check the status flag value, accepted values are: untrusted, unsafe
if (status != lime::PeerDeviceStatus::unsafe
&& status != lime::PeerDeviceStatus::untrusted) {
throw BCTBX_EXCEPTION << "Trying to set a status for peer device "<<peerDeviceId<<" without providing a Ik which is not acceptable (differs from unsafe or untrusted)";
}
uint8_t statusInteger = static_cast<uint8_t>(status);
// Do we have this peerDevice in lime_PeerDevices
long long id;
sql<<"SELECT Did FROM Lime_PeerDevices WHERE DeviceId = :peerDeviceId;", into(id), use(peerDeviceId);
if (sql.got_data()) { // Found it
sql<<"UPDATE Lime_PeerDevices SET Status = :Status WHERE Did = :id;", use(statusInteger), use(id);
}
}
/**
* @brief get the status of a peer device: unknown, untrusted, trusted, unsafe
*
......
......@@ -101,6 +101,20 @@ namespace lime {
*/
void set_peerDeviceStatus(const std::string &peerDeviceId, const std::vector<uint8_t> &Ik, lime::PeerDeviceStatus status);
/**
* @brief set the peer device status flag in local storage: unsafe or untrusted.
* This variation allows to set a peer Device status to unsafe or untrusted only whithout providing its identity key Ik
*
* @param[in] peerDeviceId The device Id of peer, shall be its GRUU
* @param[in] status value of flag to set: accepted values are untrusted or unsafe
*
* throw an exception if the status flag value is unexpected (not one of untrusted, unsafe)
*
* if peer Device is not present in local storage, it is just ignored
*/
void set_peerDeviceStatus(const std::string &peerDeviceId, lime::PeerDeviceStatus status);
/**
* @brief get the status of a peer device: unknown, untrusted, trusted, unsafe
*
......
......@@ -177,6 +177,13 @@ namespace lime {
localStorage->set_peerDeviceStatus(peerDeviceId, Ik, status);
}
void LimeManager::set_peerDeviceStatus(const std::string &peerDeviceId, lime::PeerDeviceStatus status) {
// open local DB
auto localStorage = std::unique_ptr<lime::Db>(new lime::Db(m_db_access));
localStorage->set_peerDeviceStatus(peerDeviceId, status);
}
lime::PeerDeviceStatus LimeManager::get_peerDeviceStatus(const std::string &peerDeviceId) {
// open local DB
auto localStorage = std::unique_ptr<lime::Db>(new lime::Db(m_db_access));
......
......@@ -682,9 +682,11 @@ static void lime_encryptionPolicy() {
* - set alice key as verified in bob's context
* - check it is now verified
* - set it to unsafe and check
* - set it as non verified and check
* - set it to unsafe and then untrusted using the alternative API without giving the Ik
* - try to set it to trusted using the API without Ik, we shall have and exception
* - try to set it to unknown, we shall have and exception
* - try to set it to fail, we shall have and exception
* - set it as non verified and check
* - try to set a different alice identity key in bob's context, we shall have an exception
* - bob encrypts a message to alice -> check return status give NOT all recipients trusted
* - set alice key as verified in bob's context
......@@ -752,12 +754,31 @@ static void lime_identityVerifiedStatus_test(const lime::CurveId curve, const st
bobManager->set_peerDeviceStatus(*aliceDeviceId, aliceIk, lime::PeerDeviceStatus::untrusted);
BC_ASSERT_TRUE(bobManager->get_peerDeviceStatus(*aliceDeviceId) == lime::PeerDeviceStatus::untrusted);
// set to unsafe without using alice Ik
bobManager->set_peerDeviceStatus(*aliceDeviceId, lime::PeerDeviceStatus::unsafe);
BC_ASSERT_TRUE(bobManager->get_peerDeviceStatus(*aliceDeviceId) == lime::PeerDeviceStatus::unsafe);
// set to untrusted without using alice Ik
bobManager->set_peerDeviceStatus(*aliceDeviceId, lime::PeerDeviceStatus::untrusted);
BC_ASSERT_TRUE(bobManager->get_peerDeviceStatus(*aliceDeviceId) == lime::PeerDeviceStatus::untrusted);
} catch (BctbxException &e) {
LIME_LOGE <<e;;
BC_FAIL();
}
auto gotException = false;
// set it to trusted without giving the Ik, it shall generate an exception
try {
bobManager->set_peerDeviceStatus(*aliceDeviceId, lime::PeerDeviceStatus::trusted);
} catch (BctbxException &e) {
BC_PASS();
gotException = true;
}
BC_ASSERT_TRUE(gotException);
gotException = false;
// set it to unknown, it shall generate an exception
try {
bobManager->set_peerDeviceStatus(*aliceDeviceId, aliceIk, lime::PeerDeviceStatus::unknown);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment