From pesco at khjk.org Sun Oct 3 09:01:07 2010 From: pesco at khjk.org (Sven Moritz Hallberg) Date: Sun, 03 Oct 2010 15:01:07 +0200 Subject: [OTR-dev] libotr silent api change / bug wrt smp Message-ID: <1286110228-sup-8307@khjk.org> Hi all, In the process of updating OTR support for the BitlBee[1] IM client, I've stumbled across this: When using SMP with the new "question and answer" style (initiated via SMP1Q), libotr did not set the active fingerprint's trust string after receiving SMP3 (i.e. in the role of the *respondent* to an smp "challenge"). I've worked around this by a) checking for success of the smp session by means of the new sm_prog_state field instead of the trust string. This is, however, counter to the description in the libotr UPGRADING file which specifically states that the success condition for smp is "trust not NULL and not the empty string". b) then setting the trust string myself in the handler code for the SMP3 tlv. As far as I understand, this should not be necessary. (?) The sm_prog_state field and associated SMP_PROG_* values are not documented in UPGRADING, only hinted at by the check for SMP_PROG_CHEATED in the example. I'm not sure I understood the example correctly, it references some otrg_* functions... I handle the CHEATED case by sending an smp abort and resetting the context's smstate. I'd appreciate confirmation that this is what's intended. See: BitlBee bugtracker thread http://bugs.bitlbee.org/bitlbee/ticket/115#comment:80 Function otr_handle_smp in BitlBee's otr.c http://bugs.bitlbee.org/bitlbee/browser/merging-otr/otr.c#L1049 especially the comment in the SMP3 block: http://bugs.bitlbee.org/bitlbee/browser/merging-otr/otr.c#L1131 Best regards! pesco 1: http://www.bitlbee.org/ From fnord at pentabarf.de Sun Oct 3 10:10:39 2010 From: fnord at pentabarf.de (Kjell Braden) Date: Sun, 03 Oct 2010 16:10:39 +0200 Subject: [OTR-dev] libotr silent api change / bug wrt smp In-Reply-To: <1286110228-sup-8307@khjk.org> References: <1286110228-sup-8307@khjk.org> Message-ID: <4CA88EDF.8050909@pentabarf.de> On 03.10.2010 15:01, Sven Moritz Hallberg wrote: > Hi all, > > In the process of updating OTR support for the BitlBee[1] IM client, I've > stumbled across this: > > When using SMP with the new "question and answer" style (initiated via SMP1Q), > libotr did not set the active fingerprint's trust string after receiving SMP3 > (i.e. in the role of the *respondent* to an smp "challenge"). > Hi Sven, that behavior is correct. The "question and answer"-style-authentication is not supposed to set the trust level on both sides, but rather on the side that posed the question. If Alice sent Bob the Question, Bob will receive SMP1Q and SMP3. After SMP3 Bob knows if the his answer was correct, and he should be offered to verify Alice now by asking her a question himself. Your handling of the CHEATED case sounds correct to me, as it's the same thing the "reference implementation" (pidgin-otr) does. HTH -- Kjell From pesco at khjk.org Sun Oct 3 13:54:31 2010 From: pesco at khjk.org (Sven Moritz Hallberg) Date: Sun, 03 Oct 2010 19:54:31 +0200 Subject: [OTR-dev] libotr silent api change / bug wrt smp In-Reply-To: <4CA88EDF.8050909@pentabarf.de> References: <1286110228-sup-8307@khjk.org> <4CA88EDF.8050909@pentabarf.de> Message-ID: <1286127854-sup-208@khjk.org> Excerpts from Kjell Braden's message of 2010-10-03 16:10:39 +0200: > that behavior is correct. The "question and > answer"-style-authentication is not supposed to set the trust level on > both sides, but rather on the side that posed the question. Oh, I see, it's not assumed that both sides trust the question! Thanks for the clarification. Maybe a note about this case should be made in UPGRADING. -pesco