Implement REQUIRE_AUTHENTICATED policy #154

otrv4 · Nov 29, 2020 · e587600 · e587600
1 parent a66ae67
commit e587600
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 2 deletions.
diff --git a/src/fingerprint.c b/src/fingerprint.c
@@ -236,7 +236,7 @@ API void otrng_fingerprint_forget(const otrng_client_s *client,
 /* This returns the fingerprint of the peer, not the self.
  It only works properly if it's a v4 connection. */
 API /*@null@*/ otrng_known_fingerprint_s *
-otrng_fingerprint_get_current(const otrng_s *conn) {
+otrng_fingerprint_get_current_peer(const otrng_s *conn) {
   otrng_fingerprint fp;
   assert(conn != NULL);
 

diff --git a/src/fingerprint.h b/src/fingerprint.h
@@ -186,7 +186,7 @@ API void otrng_fingerprint_forget(const struct otrng_client_s *client,
  *
  */
 API /*@null@*/ otrng_known_fingerprint_s *
-otrng_fingerprint_get_current(const struct otrng_s *conn);
+otrng_fingerprint_get_current_peer(const struct otrng_s *conn);
 
 #ifdef OTRNG_FINGERPRINT_PRIVATE
 #endif

diff --git a/src/otrng.c b/src/otrng.c
@@ -508,6 +508,13 @@ tstatic otrng_result receive_tagged_plaintext(otrng_response_s *response,
 
   switch (otr->running_version) {
   case OTRNG_PROTOCOL_VERSION_4:
+    if (otr->policy_type == OTRNG_REQUIRE_AUTHENTICATED) {
+      otrng_known_fingerprint_s *fp_peer;
+      fp_peer = otrng_fingerprint_get_current_peer(otr);
+      if (!fp_peer || fp_peer->trusted == otrng_false) {
+        return OTRNG_ERROR;
+      }
+    }
     if (otr->policy_type & OTRNG_WHITESPACE_START_DAKE) {
       if (message_to_display_without_tag(response, msg, strlen(msg)) ==
           OTRNG_ERROR) {
@@ -531,6 +538,13 @@ tstatic otrng_result receive_query_message(otrng_response_s *response,
 
   switch (otr->running_version) {
   case OTRNG_PROTOCOL_VERSION_4:
+    if (otr->policy_type == OTRNG_REQUIRE_AUTHENTICATED) {
+      otrng_known_fingerprint_s *fp_peer;
+      fp_peer = otrng_fingerprint_get_current_peer(otr);
+      if (!fp_peer || fp_peer->trusted == otrng_false) {
+        return OTRNG_ERROR;
+      }
+    }
     return start_dake(response, otr);
   case OTRNG_PROTOCOL_VERSION_3:
     return otrng_v3_receive_message(&response->to_send, &response->to_display,