[OTR-dev] SMP state machine broken?

[Uli M]

Hiho,

first of all thanks for OTR!

I'm developing an OTR module for the irssi IRC client [1]. It is
already quite usable, no matter if you use plain IRC or bitlbee.
However, I had lot's of trouble with implementing SMP authentication
because the SMP state machine is apparently broken - please correct me
here if I am wrong.

I managed to get so far that Bob can authenticate Alice (assuming
Alice started). But Alice can never be sure that it's Bob because
Alice never decodes TLV_SMP4, simply because it never expects it. A
simple grep SMP_EXPECT4 on the source reveals that this state is never
reached.

What also surprised me is that there are no callbacks for smp.
Additionally, the state is never reset to EXPECT1 unless abort is
called. Therefore, one has to replicate the SMP state machine in
his/her application and track in and outgoing messages in order to
give any feedback to the user.

I wonder how other implementations deal with this? Are people patching
libotr? Is it known to work both ways with any client?

Maybe I'm just not up to date, is there a VCS somewhere? I only found
the source tarball.

Thanks for any feedback.

Uli

[1] http://projects.tuxfamily.org/group.pl?name=irssiotr