static bool SOSOTRSAppendStartPacket(SecOTRSessionRef session, CFMutableDataRef appendPacket, CFErrorRef *error) { OSStatus otrStatus = SecOTRSAppendStartPacket(session, appendPacket); if (otrStatus != errSecSuccess) { SOSCreateErrorWithFormat(kSOSErrorEncodeFailure, (error != NULL) ? *error : NULL, error, NULL, CFSTR("append start packet returned: %" PRIdOSStatus), otrStatus); } return otrStatus == errSecSuccess; }
bool _SecOTRSessionProcessPacketRemote(CFDataRef sessionData, CFDataRef inputPacket, CFDataRef* outputSessionData, CFDataRef* outputPacket, bool *readyForMessages, CFErrorRef *error) { SecOTRSessionRef session = SecOTRSessionCreateFromData(kCFAllocatorDefault, sessionData); CFMutableDataRef negotiationResponse = CFDataCreateMutable(kCFAllocatorDefault, 0); if (inputPacket) { SecOTRSProcessPacket(session, inputPacket, negotiationResponse); } else { SecOTRSAppendStartPacket(session, negotiationResponse); } CFMutableDataRef outputSession = CFDataCreateMutable(kCFAllocatorDefault, 0); SecOTRSAppendSerialization(session, outputSession); *outputSessionData = outputSession; *outputPacket = negotiationResponse; *readyForMessages = SecOTRSGetIsReadyForMessages(session); return true; }
static void negotiate(SecOTRSessionRef* aliceSession, SecOTRSessionRef* bobSession, bool serializeNegotiating, bool serializeMessaging, bool textMode, bool compact) { const int kEmptyMessageSize = textMode ? 6 : 0; // Step 1: Create a start packet for each side of the transaction CFMutableDataRef bobStartPacket = CFDataCreateMutable(kCFAllocatorDefault, 0); ok_status(SecOTRSAppendStartPacket(*bobSession, bobStartPacket), "Bob start packet"); if (serializeNegotiating) serializeAndDeserialize(bobSession); CFMutableDataRef aliceStartPacket = CFDataCreateMutable(kCFAllocatorDefault, 0); ok_status(SecOTRSAppendStartPacket(*aliceSession, aliceStartPacket), "Alice start packet"); if (serializeNegotiating) serializeAndDeserialize(aliceSession); // Step 2: Exchange the start packets, forcing the DH commit messages to collide CFMutableDataRef aliceDHKeyResponse = CFDataCreateMutable(kCFAllocatorDefault, 0); ok_status(SecOTRSProcessPacket(*aliceSession, bobStartPacket, aliceDHKeyResponse), "Bob DH packet failed"); if (serializeNegotiating) serializeAndDeserialize(aliceSession); CFReleaseNull(bobStartPacket); CFMutableDataRef bobDHKeyResponse = CFDataCreateMutable(kCFAllocatorDefault, 0); ok_status(SecOTRSProcessPacket(*bobSession, aliceStartPacket, bobDHKeyResponse), "Alice DH packet failed"); if (serializeNegotiating) serializeAndDeserialize(bobSession); CFReleaseNull(aliceStartPacket); // Step 3: With one "real" DH key message, and one replayed DH commit message, try to get a "reveal sig" out of one side CFMutableDataRef bobRevealSigResponse = CFDataCreateMutable(kCFAllocatorDefault, 0); ok_status(SecOTRSProcessPacket(*bobSession, aliceDHKeyResponse, bobRevealSigResponse), "Alice DH Key packet failed"); if (serializeNegotiating) serializeAndDeserialize(bobSession); CFReleaseNull(aliceDHKeyResponse); CFMutableDataRef aliceRevealSigResponse = CFDataCreateMutable(kCFAllocatorDefault, 0); ok_status(SecOTRSProcessPacket(*aliceSession, bobDHKeyResponse, aliceRevealSigResponse), "Bob DH Key packet failed"); if (serializeNegotiating) serializeAndDeserialize(aliceSession); CFReleaseNull(bobDHKeyResponse); // Step 4: Having gotten the reveal signature, now work for the signature CFMutableDataRef aliceSigResponse = CFDataCreateMutable(kCFAllocatorDefault, 0); ok_status(SecOTRSProcessPacket(*aliceSession, bobRevealSigResponse, aliceSigResponse), "Bob Reveal sig failed"); if (serializeNegotiating) serializeAndDeserialize(aliceSession); CFReleaseNull(bobRevealSigResponse); CFMutableDataRef bobSigResponse = CFDataCreateMutable(kCFAllocatorDefault, 0); ok_status(SecOTRSProcessPacket(*bobSession, aliceRevealSigResponse, bobSigResponse), "Alice Reveal sig failed"); if (serializeNegotiating) serializeAndDeserialize(bobSession); CFReleaseNull(aliceRevealSigResponse); // Step 5: All the messages have been sent, now deal with any replays from the collision handling CFMutableDataRef bobFinalResponse = CFDataCreateMutable(kCFAllocatorDefault, 0); ok_status(SecOTRSProcessPacket(*bobSession, aliceSigResponse, bobFinalResponse), "Alice Final Sig failed"); if (serializeNegotiating) serializeAndDeserialize(bobSession); CFMutableDataRef aliceFinalResponse = CFDataCreateMutable(kCFAllocatorDefault, 0); ok_status(SecOTRSProcessPacket(*aliceSession, bobSigResponse, aliceFinalResponse), "Bob Final Sig failed"); is(kEmptyMessageSize, CFDataGetLength(aliceFinalResponse), "Alice had nothing left to say"); CFReleaseNull(aliceFinalResponse); CFReleaseNull(bobSigResponse); if (serializeNegotiating) serializeAndDeserialize(aliceSession); is(kEmptyMessageSize, CFDataGetLength(bobFinalResponse), "Bob had nothing left to say"); ok(SecOTRSGetIsReadyForMessages(*bobSession), "Bob is ready"); ok(SecOTRSGetIsReadyForMessages(*aliceSession), "Alice is ready"); CFReleaseNull(aliceSigResponse); CFReleaseNull(bobFinalResponse); sendMessages(5, bobSession, aliceSession, serializeMessaging); const char* aliceToBob = "deferredMessage"; CFDataRef rawAliceToBob = CFDataCreate(kCFAllocatorDefault, (const uint8_t*)aliceToBob, (CFIndex) strlen(aliceToBob)); CFMutableDataRef protectedAliceToBob = CFDataCreateMutable(kCFAllocatorDefault, 0); CFMutableDataRef bobDecode = CFDataCreateMutable(kCFAllocatorDefault, 0); ok_status(SecOTRSSignAndProtectMessage(*aliceSession, rawAliceToBob, protectedAliceToBob), "encode message"); sendMessages(1, bobSession, aliceSession, serializeMessaging); is(SecOTRSVerifyAndExposeMessage(*bobSession, protectedAliceToBob, bobDecode), errSecOTRTooOld, "Decode old message"); sendMessages(1, bobSession, aliceSession, serializeMessaging); is(SecOTRSVerifyAndExposeMessage(*bobSession, protectedAliceToBob, bobDecode), errSecOTRTooOld, "Decode excessively old message"); sendMessages(3, bobSession, aliceSession, serializeMessaging); CFReleaseNull(rawAliceToBob); CFReleaseNull(protectedAliceToBob); CFReleaseNull(bobDecode); }