Simultaneous SMP results in abort

[erbbysam]

After AKE, if both users simultaneously attempt to run SMP, system will abort both. Can share example code if needed.

[arlolra]

Thanks for reporting. Out of curiosity, where are you using this library? Maybe you want it included in the list.

Looking at the spec, I think this is the correct procedure. By simultaneous, I'm assuming you mean that both users are in SMPSTATE_EXPECT1 and they independently form a type 2 TLV (SMP message 1), send it across the wire then transition to SMPSTATE_EXPECT2. At which point, they both receive the type 2 TLV, the spec says,

If smpstate is not SMPSTATE_EXPECT1: Set smpstate to SMPSTATE_EXPECT1 and send a type 6 TLV (SMP abort) to Alice.

If I'm misinterpreting, please share the code example. Hope that helps.

[erbbysam]

I'm currently integrating OTR into https://github.com/erbbysam/webRTCCopy / rtccopy.com . It's not completed yet, but I will definitely let you know when it's done.

That actually makes a lot of sense (based on the spec). The reason I hit this problem was because I was prompted both users for a password before an initial connection. Once connected I would try and run SMP starting from both sides with that password, hitting this problem. I have no way currently to say "this user is starting the SMP transaction and this user responds", so I'm going to have to introduce one (each user has a unique ID, so I would likely just take the one that is smaller as the SMP initiator).

Thanks for the quick response! I'll close the bug and I might also follow up with OTR development team if this could turn into a feature request (having 2 users simultaneously initiate SMP being handled somehow). -Sam

[arlolra]

I'm currently integrating OTR into https://github.com/erbbysam/webRTCCopy / rtccopy.com . It's not completed yet, but I will definitely let you know when it's done.

Very interesting. You might like, Data over OTR or OTR Encrypted File Transfer Specification. Please do let me know.

Thanks for the quick response! I'll close the bug and I might also follow up with OTR development team if this could turn into a feature request (having 2 users simultaneously initiate SMP being handled somehow).

No problem.

I just noticed something in the spec. When the user requests to begin SMP,

If smpstate is not set to SMPSTATE_EXPECT1: SMP is already underway. If you wish to restart SMP, send a type 6 TLV (SMP abort) to the other party and then proceed as if smpstate was SMPSTATE_EXPECT1. Otherwise, you may simply continue the current SMP instance.

Currently the library always restarts. I could add a flag to let you continue and then you could introduce a delay on one side, but I suppose that's no different than only having one initiator and adds a race condition.

Just a thought.

[erbbysam]

I'll definitely have take a look at those. My currently plan is to use the symmetric key generated during AKE as a password into SJCL.

[erbbysam]

Ended up using RC4drop for file transfer after exchanging the key over OTR (half the key being the key received during OTRv3 initialization, the other half being something random chosen by the receiver) with a hash verification sent over the OTR channel. Anyhow, if you don't mind, could you accept the pull request I just sent to add this site to the list https://github.com/arlolra/otr/pull/38 ? Thanks, Sam

[arlolra]

RC4 ... scary.

[erbbysam]

Yes I know. I did try and use AES, but the transfer rate to slow so I fell back to something I knew was fast (a stream cipher). I'm thinking I might test out Rabbit as a replacement (the other stream cipher supported by Crypto-JS) - https://code.google.com/p/crypto-js/#Rabbit It seems to be less broken.

Thanks for the merge! -Sam

[arlolra]

There's also Salsa20, though I haven't profiled it. https://github.com/arlolra/otr/blob/master/vendor/salsa20.js