diff options
author | Hubert Chathi <hubert@uhoreg.ca> | 2018-12-27 18:16:56 -0500 |
---|---|---|
committer | Hubert Chathi <hubert@uhoreg.ca> | 2018-12-27 18:16:56 -0500 |
commit | ded55f50536d852b544c7255551fc3b8c1e7b044 (patch) | |
tree | 9ec78736060fdebcf0eec7dfec6e8723af05caf1 | |
parent | ec2695b9c945fa577c6fc4501d65a186208ecfed (diff) |
initial implementation of short authentication string generation
-rw-r--r-- | Makefile | 3 | ||||
-rw-r--r-- | include/olm/sas.h | 82 | ||||
-rw-r--r-- | javascript/olm_post.js | 1 | ||||
-rw-r--r-- | javascript/olm_sas.js | 71 | ||||
-rw-r--r-- | javascript/test/sas.spec.js | 53 | ||||
-rw-r--r-- | src/sas.c | 140 | ||||
-rw-r--r-- | tests/test_sas.cpp | 117 |
7 files changed, 466 insertions, 1 deletions
@@ -34,7 +34,7 @@ JS_EXPORTED_FUNCTIONS := javascript/exported_functions.json JS_EXTRA_EXPORTED_RUNTIME_METHODS := ALLOC_STACK JS_EXTERNS := javascript/externs.js -PUBLIC_HEADERS := include/olm/olm.h include/olm/outbound_group_session.h include/olm/inbound_group_session.h include/olm/pk.h +PUBLIC_HEADERS := include/olm/olm.h include/olm/outbound_group_session.h include/olm/inbound_group_session.h include/olm/pk.h include/olm/sas.h SOURCES := $(wildcard src/*.cpp) $(wildcard src/*.c) \ lib/crypto-algorithms/sha256.c \ @@ -60,6 +60,7 @@ JS_PRE := $(wildcard javascript/*pre.js) JS_POST := javascript/olm_outbound_group_session.js \ javascript/olm_inbound_group_session.js \ javascript/olm_pk.js \ + javascript/olm_sas.js \ javascript/olm_post.js # The prefix & suffix are just added onto the start & end diff --git a/include/olm/sas.h b/include/olm/sas.h new file mode 100644 index 0000000..688b587 --- /dev/null +++ b/include/olm/sas.h @@ -0,0 +1,82 @@ +/* Copyright 2018 New Vector Ltd + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + + +#ifndef OLM_SAS_H_ +#define OLM_SAS_H_ + +#include <stddef.h> + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct OlmSAS OlmSAS; + +const char * olm_sas_last_error( + OlmSAS * sas +); + +size_t olm_sas_size(void); + +OlmSAS * olm_sas( + void * memory +); + +size_t olm_clear_sas( + OlmSAS * sas +); + +size_t olm_create_sas_random_length( + OlmSAS * sas +); + +size_t olm_create_sas( + OlmSAS * sas, + void * random, size_t random_length +); + +size_t olm_sas_pubkey_length(OlmSAS * sas); + +size_t olm_sas_get_pubkey( + OlmSAS * sas, + void * pubkey, size_t pubkey_length +); + +size_t olm_sas_set_their_key( + OlmSAS *sas, + void * their_key, size_t their_key_length +); + +size_t olm_sas_generate_bytes( + OlmSAS * sas, + void * output, size_t output_length +); + +size_t olm_sas_mac_length( + OlmSAS *sas +); + +size_t olm_sas_calculate_mac( + OlmSAS * sas, + void * input, size_t input_length, + void * mac, size_t mac_length +); + +#ifdef __cplusplus +} // extern "C" +#endif + +#endif /* OLM_SAS_H_ */ diff --git a/javascript/olm_post.js b/javascript/olm_post.js index 8c06fff..3bf0d66 100644 --- a/javascript/olm_post.js +++ b/javascript/olm_post.js @@ -534,6 +534,7 @@ olm_exports["Session"] = Session; olm_exports["Utility"] = Utility; olm_exports["PkEncryption"] = PkEncryption; olm_exports["PkDecryption"] = PkDecryption; +olm_exports["SAS"] = SAS; olm_exports["get_library_version"] = restore_stack(function() { var buf = stack(3); diff --git a/javascript/olm_sas.js b/javascript/olm_sas.js new file mode 100644 index 0000000..8fc535b --- /dev/null +++ b/javascript/olm_sas.js @@ -0,0 +1,71 @@ +function SAS() { + var size = Module['_olm_sas_size'](); + var random_length = Module['_olm_create_sas_random_length'](); + var random = random_stack(random_length); + this.buf = malloc(size); + this.ptr = Module['_olm_sas'](this.buf); + Module['_olm_create_sas'](this.ptr, random, random_length); + bzero(random, random_length); +} + +function sas_method(wrapped) { + return function() { + var result = wrapped.apply(this, arguments); + if (result === OLM_ERROR) { + var message = Pointer_stringify( + Module['_olm_sas_last_error'](arguments[0]) + ); + throw new Error("OLM." + message); + } + return result; + } +} + +SAS.prototype['free'] = function() { + Module['_olm_clear_sas'](this.ptr); + free(this.ptr); +}; + +SAS.prototype['get_pubkey'] = restore_stack(function() { + var pubkey_length = sas_method(Module['_olm_sas_pubkey_length'])(this.ptr); + var pubkey_buffer = stack(pubkey_length + NULL_BYTE_PADDING_LENGTH); + sas_method(Module['_olm_sas_get_pubkey'])(this.ptr, pubkey_buffer, pubkey_length); + return Pointer_stringify(pubkey_buffer); +}); + +SAS.prototype['set_their_key'] = restore_stack(function(their_key) { + var their_key_array = array_from_string(their_key); + var their_key_buffer = stack(their_key_array); + sas_method(Module['_olm_sas_set_their_key'])( + this.ptr, + their_key_buffer, their_key_array.length + ); +}); + +SAS.prototype['generate_bytes'] = restore_stack(function(length) { + var output_buffer = stack(length); + sas_method(Module['_olm_sas_generate_bytes'])( + this.ptr, + output_buffer, length + ); + // The inner Uint8Array creates a view of the buffer. The outer Uint8Array + // copies it to a new array to return, since the original buffer will get + // deallocated from the stack and could get overwritten. + var output_arr = new Uint8Array( + new Uint8Array(Module['HEAPU8'].buffer, output_buffer, length) + ); + return output_arr; +}); + +SAS.prototype['calculate_mac'] = restore_stack(function(input) { + var input_array = array_from_string(input); + var input_buffer = stack(input_array) + var mac_length = sas_method(Module['_olm_sas_mac_length'])(this.ptr); + var mac_buffer = stack(mac_length + NULL_BYTE_PADDING_LENGTH); + sas_method(Module['_olm_sas_calculate_mac'])( + this.ptr, + input_buffer, input_array.length, + mac_buffer, mac_length + ); + return Pointer_stringify(mac_buffer); +}); diff --git a/javascript/test/sas.spec.js b/javascript/test/sas.spec.js new file mode 100644 index 0000000..544131d --- /dev/null +++ b/javascript/test/sas.spec.js @@ -0,0 +1,53 @@ +/* +Copyright 2018 New Vector Ltd + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +var Olm = require('../olm'); + +describe("sas", function() { + var alice, bob; + + beforeEach(async function(done) { + Olm.init().then(function() { + alice = new Olm.SAS(); + bob = new Olm.SAS(); + + done(); + }); + }); + + afterEach(function () { + if (alice !== undefined) { + alice.free(); + alice = undefined; + } + if (bob !== undefined) { + bob.free(); + bob = undefined; + } + }); + + it('should create matching SAS bytes', function () { + alice.set_their_key(bob.get_pubkey()); + bob.set_their_key(alice.get_pubkey()); + expect(alice.generate_bytes(5).toString()).toEqual(bob.generate_bytes(5).toString()); + }); + + it('should create matching MACs', function () { + alice.set_their_key(bob.get_pubkey()); + bob.set_their_key(alice.get_pubkey()); + expect(alice.calculate_mac("test").toString()).toEqual(bob.calculate_mac("test").toString()); + }); +}); diff --git a/src/sas.c b/src/sas.c new file mode 100644 index 0000000..6de6278 --- /dev/null +++ b/src/sas.c @@ -0,0 +1,140 @@ +/* Copyright 2018 New Vector Ltd + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "olm/sas.h" +#include "olm/base64.h" +#include "olm/crypto.h" +#include "olm/error.h" +#include "olm/memory.h" + +struct OlmSAS { + enum OlmErrorCode last_error; + struct _olm_curve25519_key_pair curve25519_key; + uint8_t secret[CURVE25519_SHARED_SECRET_LENGTH]; +}; + +const char * olm_sas_last_error( + OlmSAS * sas +) { + return _olm_error_to_string(sas->last_error); +} + +size_t olm_sas_size(void) { + return sizeof(OlmSAS); +} + +OlmSAS * olm_sas( + void * memory +) { + _olm_unset(memory, sizeof(OlmSAS)); + return (OlmSAS *) memory; +} + +size_t olm_clear_sas( + OlmSAS * sas +) { + _olm_unset(sas, sizeof(OlmSAS)); + return sizeof(OlmSAS); +} + +size_t olm_create_sas_random_length(OlmSAS * sas) { + return CURVE25519_KEY_LENGTH; +} + +size_t olm_create_sas( + OlmSAS * sas, + void * random, size_t random_length +) { + if (random_length < olm_create_sas_random_length(sas)) { + sas->last_error = OLM_NOT_ENOUGH_RANDOM; + return (size_t)-1; + } + _olm_crypto_curve25519_generate_key((uint8_t *) random, &sas->curve25519_key); + return 0; +} + +size_t olm_sas_pubkey_length(OlmSAS * sas) { + return _olm_encode_base64_length(CURVE25519_KEY_LENGTH); +} + +size_t olm_sas_get_pubkey( + OlmSAS * sas, + void * pubkey, size_t pubkey_length +) { + if (pubkey_length < olm_sas_pubkey_length(sas)) { + sas->last_error = OLM_OUTPUT_BUFFER_TOO_SMALL; + return (size_t)-1; + } + _olm_encode_base64( + (const uint8_t *)sas->curve25519_key.public_key.public_key, + CURVE25519_KEY_LENGTH, + (uint8_t *)pubkey + ); + return 0; +} + +size_t olm_sas_set_their_key( + OlmSAS *sas, + void * their_key, size_t their_key_length +) { + if (their_key_length < olm_sas_pubkey_length(sas)) { + sas->last_error = OLM_INPUT_BUFFER_TOO_SMALL; + return (size_t)-1; + } + _olm_decode_base64(their_key, their_key_length, their_key); + _olm_crypto_curve25519_shared_secret(&sas->curve25519_key, their_key, sas->secret); + return 0; +} + +size_t olm_sas_generate_bytes( + OlmSAS * sas, + void * output, size_t output_length +) { + _olm_crypto_hkdf_sha256( + sas->secret, sizeof(sas->secret), + NULL, 0, + (const uint8_t *) "SAS", 3, + output, output_length + ); + return 0; +} + +size_t olm_sas_mac_length( + OlmSAS *sas +) { + return _olm_encode_base64_length(SHA256_OUTPUT_LENGTH); +} + +size_t olm_sas_calculate_mac( + OlmSAS * sas, + void * input, size_t input_length, + void * mac, size_t mac_length +) { + if (mac_length < olm_sas_mac_length(sas)) { + sas->last_error = OLM_OUTPUT_BUFFER_TOO_SMALL; + return (size_t)-1; + } + // FIXME: base64-decode input? + uint8_t key[256]; + _olm_crypto_hkdf_sha256( + sas->secret, sizeof(sas->secret), + NULL, 0, + (const uint8_t *) "MAC", 3, + key, 256 + ); + _olm_crypto_hmac_sha256(key, 256, input, input_length, mac); + _olm_encode_base64((const uint8_t *)mac, SHA256_OUTPUT_LENGTH, (uint8_t *)mac); + return 0; +} diff --git a/tests/test_sas.cpp b/tests/test_sas.cpp new file mode 100644 index 0000000..bbb43d8 --- /dev/null +++ b/tests/test_sas.cpp @@ -0,0 +1,117 @@ +#include "olm/sas.h" +#include "olm/crypto.h" +#include "olm/olm.h" + +#include "unittest.hh" + +#include <iostream> + +int main() { + + +{ /* Generate bytes */ + +TestCase test_case("SAS generate bytes"); + +std::uint8_t alice_private[32] = { + 0x77, 0x07, 0x6D, 0x0A, 0x73, 0x18, 0xA5, 0x7D, + 0x3C, 0x16, 0xC1, 0x72, 0x51, 0xB2, 0x66, 0x45, + 0xDF, 0x4C, 0x2F, 0x87, 0xEB, 0xC0, 0x99, 0x2A, + 0xB1, 0x77, 0xFB, 0xA5, 0x1D, 0xB9, 0x2C, 0x2A +}; + +const std::uint8_t *alice_public = (std::uint8_t *) "hSDwCYkwp1R0i33ctD73Wg2/Og0mOBr066SpjqqbTmo"; + +std::uint8_t bob_private[32] = { + 0x5D, 0xAB, 0x08, 0x7E, 0x62, 0x4A, 0x8A, 0x4B, + 0x79, 0xE1, 0x7F, 0x8B, 0x83, 0x80, 0x0E, 0xE6, + 0x6F, 0x3B, 0xB1, 0x29, 0x26, 0x18, 0xB6, 0xFD, + 0x1C, 0x2F, 0x8B, 0x27, 0xFF, 0x88, 0xE0, 0xEB +}; + +const std::uint8_t *bob_public = (std::uint8_t *) "3p7bfXt9wbTTW2HC7OQ1Nz+DQ8hbeGdNrfx+FG+IK08"; + +std::uint8_t alice_sas_buffer[olm_sas_size()]; +OlmSAS *alice_sas = olm_sas(alice_sas_buffer); +olm_create_sas(alice_sas, alice_private, sizeof(alice_private)); +std::uint8_t bob_sas_buffer[olm_sas_size()]; +OlmSAS *bob_sas = olm_sas(bob_sas_buffer); +olm_create_sas(bob_sas, bob_private, sizeof(bob_private)); + +std::uint8_t pubkey[::olm_sas_pubkey_length(alice_sas)]; + +olm_sas_get_pubkey(alice_sas, pubkey, sizeof(pubkey)); + +assert_equals(alice_public, pubkey, olm_sas_pubkey_length(alice_sas)); + +olm_sas_set_their_key(bob_sas, pubkey, olm_sas_pubkey_length(bob_sas)); + +olm_sas_get_pubkey(bob_sas, pubkey, sizeof(pubkey)); + +assert_equals(bob_public, pubkey, olm_sas_pubkey_length(bob_sas)); + +olm_sas_set_their_key(alice_sas, pubkey, olm_sas_pubkey_length(alice_sas)); + +std::uint8_t alice_bytes[6]; +std::uint8_t bob_bytes[6]; + +olm_sas_generate_bytes(alice_sas, alice_bytes, 6); +olm_sas_generate_bytes(bob_sas, bob_bytes, 6); + +assert_equals(alice_bytes, bob_bytes, 6); + +} + +{ /* Calculate MAC */ + +TestCase test_case("SAS calculate MAC"); + +std::uint8_t alice_private[32] = { + 0x77, 0x07, 0x6D, 0x0A, 0x73, 0x18, 0xA5, 0x7D, + 0x3C, 0x16, 0xC1, 0x72, 0x51, 0xB2, 0x66, 0x45, + 0xDF, 0x4C, 0x2F, 0x87, 0xEB, 0xC0, 0x99, 0x2A, + 0xB1, 0x77, 0xFB, 0xA5, 0x1D, 0xB9, 0x2C, 0x2A +}; + +const std::uint8_t *alice_public = (std::uint8_t *) "hSDwCYkwp1R0i33ctD73Wg2/Og0mOBr066SpjqqbTmo"; + +std::uint8_t bob_private[32] = { + 0x5D, 0xAB, 0x08, 0x7E, 0x62, 0x4A, 0x8A, 0x4B, + 0x79, 0xE1, 0x7F, 0x8B, 0x83, 0x80, 0x0E, 0xE6, + 0x6F, 0x3B, 0xB1, 0x29, 0x26, 0x18, 0xB6, 0xFD, + 0x1C, 0x2F, 0x8B, 0x27, 0xFF, 0x88, 0xE0, 0xEB +}; + +const std::uint8_t *bob_public = (std::uint8_t *) "3p7bfXt9wbTTW2HC7OQ1Nz+DQ8hbeGdNrfx+FG+IK08"; + +std::uint8_t alice_sas_buffer[olm_sas_size()]; +OlmSAS *alice_sas = olm_sas(alice_sas_buffer); +olm_create_sas(alice_sas, alice_private, sizeof(alice_private)); +std::uint8_t bob_sas_buffer[olm_sas_size()]; +OlmSAS *bob_sas = olm_sas(bob_sas_buffer); +olm_create_sas(bob_sas, bob_private, sizeof(bob_private)); + +std::uint8_t pubkey[::olm_sas_pubkey_length(alice_sas)]; + +olm_sas_get_pubkey(alice_sas, pubkey, sizeof(pubkey)); + +assert_equals(alice_public, pubkey, olm_sas_pubkey_length(alice_sas)); + +olm_sas_set_their_key(bob_sas, pubkey, olm_sas_pubkey_length(bob_sas)); + +olm_sas_get_pubkey(bob_sas, pubkey, sizeof(pubkey)); + +assert_equals(bob_public, pubkey, olm_sas_pubkey_length(bob_sas)); + +olm_sas_set_their_key(alice_sas, pubkey, olm_sas_pubkey_length(alice_sas)); + +std::uint8_t alice_mac[olm_sas_mac_length(alice_sas)]; +std::uint8_t bob_mac[olm_sas_mac_length(bob_sas)]; + +olm_sas_calculate_mac(alice_sas, (void *) "Hello world!", 12, alice_mac, olm_sas_mac_length(alice_sas)); +olm_sas_calculate_mac(bob_sas, (void *) "Hello world!", 12, bob_mac, olm_sas_mac_length(bob_sas)); + +assert_equals(alice_mac, bob_mac, olm_sas_mac_length(alice_sas)); + +} +} |