Before the introducee sends her ACK,
she derives a master key from the ephemeral shared secret as before.
Two nonces and a MAC key are then derived from the master key.
The local introducee signs one of the nonces and calculates a MAC
over her own identity public key, ephemeral public key,
transport properties and timestamp.
The local introducee includes the signature and MAC in her ACK.
On receiving the remote introducee's ACK,
the local introducee verifies the signature and MAC.
Should the verification fail, an ABORT is sent to the introducer and
the remote introducee that was added as inactive is deleted again.
It was possible that a malicious introducer sends new request with the
same session ID that was used previously and thus causing introducees to
have multiple states for the same session ID.
This commits prevents that from happening and adds an integration test
for that scenario.
Also if an introducee removes an introducer, all past session states
will be deleted from the database. For this, a test was added as well.
Closes#371Closes#372
* normal session where both introducees accept
* normal session where the first introducee declines
* normal session where the second introducee declines
* one session where a contact is introduced to herself
* one session where two identities of the same contact
are introduced to each other
This introduces a new IntroductionAbortedEvent to signal when the
protocol was aborted. It is not yet used in the UI.
It closes#276
