static bool SOSOTRSAppendStartPacket(SecOTRSessionRef session, CFMutableDataRef appendPacket, CFErrorRef *error) {
OSStatus otrStatus = SecOTRSAppendStartPacket(session, appendPacket);
if (otrStatus != errSecSuccess) {
SOSCreateErrorWithFormat(kSOSErrorEncodeFailure, (error != NULL) ? *error : NULL, error, NULL, CFSTR("append start packet returned: %" PRIdOSStatus), otrStatus);
}
return otrStatus == errSecSuccess;
}
bool _SecOTRSessionProcessPacketRemote(CFDataRef sessionData, CFDataRef inputPacket, CFDataRef* outputSessionData, CFDataRef* outputPacket, bool *readyForMessages, CFErrorRef *error) {
SecOTRSessionRef session = SecOTRSessionCreateFromData(kCFAllocatorDefault, sessionData);
CFMutableDataRef negotiationResponse = CFDataCreateMutable(kCFAllocatorDefault, 0);
if (inputPacket) {
SecOTRSProcessPacket(session, inputPacket, negotiationResponse);
} else {
SecOTRSAppendStartPacket(session, negotiationResponse);
}
CFMutableDataRef outputSession = CFDataCreateMutable(kCFAllocatorDefault, 0);
SecOTRSAppendSerialization(session, outputSession);
*outputSessionData = outputSession;
*outputPacket = negotiationResponse;
*readyForMessages = SecOTRSGetIsReadyForMessages(session);
return true;
}
static void negotiate(SecOTRSessionRef* aliceSession, SecOTRSessionRef* bobSession, bool serializeNegotiating, bool serializeMessaging, bool textMode, bool compact)
{
const int kEmptyMessageSize = textMode ? 6 : 0;
// Step 1: Create a start packet for each side of the transaction
CFMutableDataRef bobStartPacket = CFDataCreateMutable(kCFAllocatorDefault, 0);
ok_status(SecOTRSAppendStartPacket(*bobSession, bobStartPacket), "Bob start packet");
if (serializeNegotiating)
serializeAndDeserialize(bobSession);
CFMutableDataRef aliceStartPacket = CFDataCreateMutable(kCFAllocatorDefault, 0);
ok_status(SecOTRSAppendStartPacket(*aliceSession, aliceStartPacket), "Alice start packet");
if (serializeNegotiating)
serializeAndDeserialize(aliceSession);
// Step 2: Exchange the start packets, forcing the DH commit messages to collide
CFMutableDataRef aliceDHKeyResponse = CFDataCreateMutable(kCFAllocatorDefault, 0);
ok_status(SecOTRSProcessPacket(*aliceSession, bobStartPacket, aliceDHKeyResponse),
"Bob DH packet failed");
if (serializeNegotiating)
serializeAndDeserialize(aliceSession);
CFReleaseNull(bobStartPacket);
CFMutableDataRef bobDHKeyResponse = CFDataCreateMutable(kCFAllocatorDefault, 0);
ok_status(SecOTRSProcessPacket(*bobSession, aliceStartPacket, bobDHKeyResponse),
"Alice DH packet failed");
if (serializeNegotiating)
serializeAndDeserialize(bobSession);
CFReleaseNull(aliceStartPacket);
// Step 3: With one "real" DH key message, and one replayed DH commit message, try to get a "reveal sig" out of one side
CFMutableDataRef bobRevealSigResponse = CFDataCreateMutable(kCFAllocatorDefault, 0);
ok_status(SecOTRSProcessPacket(*bobSession, aliceDHKeyResponse, bobRevealSigResponse),
"Alice DH Key packet failed");
if (serializeNegotiating)
serializeAndDeserialize(bobSession);
CFReleaseNull(aliceDHKeyResponse);
CFMutableDataRef aliceRevealSigResponse = CFDataCreateMutable(kCFAllocatorDefault, 0);
ok_status(SecOTRSProcessPacket(*aliceSession, bobDHKeyResponse, aliceRevealSigResponse),
"Bob DH Key packet failed");
if (serializeNegotiating)
serializeAndDeserialize(aliceSession);
CFReleaseNull(bobDHKeyResponse);
// Step 4: Having gotten the reveal signature, now work for the signature
CFMutableDataRef aliceSigResponse = CFDataCreateMutable(kCFAllocatorDefault, 0);
ok_status(SecOTRSProcessPacket(*aliceSession, bobRevealSigResponse, aliceSigResponse),
"Bob Reveal sig failed");
if (serializeNegotiating)
serializeAndDeserialize(aliceSession);
CFReleaseNull(bobRevealSigResponse);
CFMutableDataRef bobSigResponse = CFDataCreateMutable(kCFAllocatorDefault, 0);
ok_status(SecOTRSProcessPacket(*bobSession, aliceRevealSigResponse, bobSigResponse),
"Alice Reveal sig failed");
if (serializeNegotiating)
serializeAndDeserialize(bobSession);
CFReleaseNull(aliceRevealSigResponse);
// Step 5: All the messages have been sent, now deal with any replays from the collision handling
CFMutableDataRef bobFinalResponse = CFDataCreateMutable(kCFAllocatorDefault, 0);
ok_status(SecOTRSProcessPacket(*bobSession, aliceSigResponse, bobFinalResponse),
"Alice Final Sig failed");
if (serializeNegotiating)
serializeAndDeserialize(bobSession);
CFMutableDataRef aliceFinalResponse = CFDataCreateMutable(kCFAllocatorDefault, 0);
ok_status(SecOTRSProcessPacket(*aliceSession, bobSigResponse, aliceFinalResponse),
"Bob Final Sig failed");
is(kEmptyMessageSize, CFDataGetLength(aliceFinalResponse), "Alice had nothing left to say");
CFReleaseNull(aliceFinalResponse);
CFReleaseNull(bobSigResponse);
if (serializeNegotiating)
serializeAndDeserialize(aliceSession);
is(kEmptyMessageSize, CFDataGetLength(bobFinalResponse), "Bob had nothing left to say");
ok(SecOTRSGetIsReadyForMessages(*bobSession), "Bob is ready");
ok(SecOTRSGetIsReadyForMessages(*aliceSession), "Alice is ready");
CFReleaseNull(aliceSigResponse);
CFReleaseNull(bobFinalResponse);
sendMessages(5, bobSession, aliceSession, serializeMessaging);
const char* aliceToBob = "deferredMessage";
CFDataRef rawAliceToBob = CFDataCreate(kCFAllocatorDefault, (const uint8_t*)aliceToBob, (CFIndex) strlen(aliceToBob));
CFMutableDataRef protectedAliceToBob = CFDataCreateMutable(kCFAllocatorDefault, 0);
CFMutableDataRef bobDecode = CFDataCreateMutable(kCFAllocatorDefault, 0);
ok_status(SecOTRSSignAndProtectMessage(*aliceSession, rawAliceToBob, protectedAliceToBob), "encode message");
sendMessages(1, bobSession, aliceSession, serializeMessaging);
is(SecOTRSVerifyAndExposeMessage(*bobSession, protectedAliceToBob, bobDecode), errSecOTRTooOld, "Decode old message");
sendMessages(1, bobSession, aliceSession, serializeMessaging);
is(SecOTRSVerifyAndExposeMessage(*bobSession, protectedAliceToBob, bobDecode), errSecOTRTooOld, "Decode excessively old message");
sendMessages(3, bobSession, aliceSession, serializeMessaging);
CFReleaseNull(rawAliceToBob);
CFReleaseNull(protectedAliceToBob);
CFReleaseNull(bobDecode);
}
