[OTR-dev] SMP state machine broken?
Ian Goldberg
ian at cypherpunks.ca
Tue Jun 3 08:44:49 EDT 2008
On Mon, Jun 02, 2008 at 02:07:26AM +0000, Uli M wrote:
> Hiho,
>
> first of all thanks for OTR!
>
> I'm developing an OTR module for the irssi IRC client [1]. It is
> already quite usable, no matter if you use plain IRC or bitlbee.
> However, I had lot's of trouble with implementing SMP authentication
> because the SMP state machine is apparently broken - please correct me
> here if I am wrong.
>
> I managed to get so far that Bob can authenticate Alice (assuming
> Alice started). But Alice can never be sure that it's Bob because
> Alice never decodes TLV_SMP4, simply because it never expects it. A
> simple grep SMP_EXPECT4 on the source reveals that this state is never
> reached.
>
> What also surprised me is that there are no callbacks for smp.
> Additionally, the state is never reset to EXPECT1 unless abort is
> called. Therefore, one has to replicate the SMP state machine in
> his/her application and track in and outgoing messages in order to
> give any feedback to the user.
>
> I wonder how other implementations deal with this? Are people patching
> libotr? Is it known to work both ways with any client?
>
> Maybe I'm just not up to date, is there a VCS somewhere? I only found
> the source tarball.
This is part of the current API problems we're working on cleaning up.
Right now, there's some stuff libotr does for you, and some you need to
do in the calling application. This was done to avoid adding another
callback (since the application, not the library, needs to handle
certain cases), but I agree that it's very messy, and one or more
callbacks will be the way it'll be handled in v4.
For now, see the UPGRADING file in the libotr source to see how to add
the necessary support into your application.
Also, you can find the current cvs at sourceforge:
http://sourceforge.net/cvs/?group_id=128860
- Ian
More information about the OTR-dev
mailing list