diff options
-rw-r--r-- | include/axolotl/axolotl.hh | 43 | ||||
-rw-r--r-- | include/axolotl/crypto.hh | 21 |
2 files changed, 60 insertions, 4 deletions
diff --git a/include/axolotl/axolotl.hh b/include/axolotl/axolotl.hh index bd230dd..9d7ff9a 100644 --- a/include/axolotl/axolotl.hh +++ b/include/axolotl/axolotl.hh @@ -83,41 +83,80 @@ struct Session { KdfInfo const & kdf_info ); - /** A pair of string to feed into the KDF identifing the application */ + /** A some strings identifing the application to feed into the KDF. */ KdfInfo kdf_info; - /** The last error that happened encypting or decrypting a message */ + + /** The last error that happened encypting or decrypting a message. */ ErrorCode last_error; + + /** The root key is used to generate chain keys from the ephemeral keys. + * A new root_key derived each time a chain key is derived. */ SharedKey root_key; + + /** The sender chain is used to send messages. Each time a new ephemeral + * key is received from the remote server we generate a new sender chain + * with a new empheral key when we next send a message. */ List<SenderChain, 1> sender_chain; + + /** The receiver chain is used to decrypt recieved messages. We store the + * last few chains so we can decrypt any out of order messages we haven't + * received yet. */ List<ReceiverChain, MAX_RECEIVER_CHAINS> receiver_chains; + + /** List of message keys we've skipped over when advancing the receiver + * chain. */ List<SkippedMessageKey, MAX_SKIPPED_MESSAGE_KEYS> skipped_message_keys; + /** Initialise the session using a shared secret and the public part of the + * remote's first ratchet key */ void initialise_as_bob( std::uint8_t const * shared_secret, std::size_t shared_secret_length, Curve25519PublicKey const & their_ratchet_key ); + /** Intialise the session using a shared secret and the public/private key + * pair for the first ratchet key */ void initialise_as_alice( std::uint8_t const * shared_secret, std::size_t shared_secret_length, Curve25519KeyPair const & our_ratchet_key ); + /** The maximum number of bytes of output the encrypt method will write for + * a given message length. */ std::size_t encrypt_max_output_length( std::size_t plaintext_length ); + /** The number of bytes of random data the encrypt method will need to + * encrypt a message. This will be 32 bytes if the session needs to + * generate a new ephemeral key, or will be 0 bytes otherwise.*/ std::size_t encrypt_random_length(); + /** Encrypt some plaintext. Returns the length of the encrypted message + * or std::size_t(-1) on failure. On failure last_error will be set with + * an error code. The last_error will be NOT_ENOUGH_RANDOM if the number + * of random bytes is too small. The last_error will be + * OUTPUT_BUFFER_TOO_SMALL if the output buffer is too small. */ std::size_t encrypt( std::uint8_t const * plaintext, std::size_t plaintext_length, std::uint8_t const * random, std::size_t random_length, std::uint8_t * output, std::size_t max_output_length ); + /** An upper bound on the number of bytes of plaintext the decrypt method + * will write for a given input message length. */ std::size_t decrypt_max_plaintext_length( std::size_t input_length ); + /** Decrypt a message. Returns the length of the decrypted plaintext or + * std::size_t(-1) on failure. On failure last_error will be set with an + * error code. The last_error will be OUTPUT_BUFFER_TOO_SMALL if the + * plaintext buffer is too small. The last_error will be + * BAD_MESSAGE_VERSION if the message was encrypted with an unsupported + * version of the protocol. The last_error will be BAD_MESSAGE_FORMAT if + * the message headers could not be decoded. The last_error will be + * BAD_MESSAGE_MAC if the message could not be verified */ std::size_t decrypt( std::uint8_t const * input, std::size_t input_length, std::uint8_t * plaintext, std::size_t max_plaintext_length diff --git a/include/axolotl/crypto.hh b/include/axolotl/crypto.hh index d3586b3..09e5b8e 100644 --- a/include/axolotl/crypto.hh +++ b/include/axolotl/crypto.hh @@ -28,7 +28,7 @@ struct Curve25519KeyPair : public Curve25519PublicKey { std::uint8_t private_key[32]; }; - +/** Generate a curve25519 key pair from 32 random bytes. */ void generate_key( std::uint8_t const * random_32_bytes, Curve25519KeyPair & key_pair @@ -37,7 +37,8 @@ void generate_key( const std::size_t CURVE25519_SHARED_SECRET_LENGTH = 32; - +/** Create a shared secret using our private key and their public key. + * The output buffer must be at least 32 bytes long. */ void curve25519_shared_secret( Curve25519KeyPair const & our_key, Curve25519PublicKey const & their_key, @@ -57,11 +58,14 @@ struct Aes256Iv { }; +/** The length of output the aes_encrypt_cbc function will write */ std::size_t aes_encrypt_cbc_length( std::size_t input_length ); +/** Encrypts the input using AES256 in CBC mode with PKCS#7 padding. + * The output buffer must be big enough to hold the output including padding */ void aes_encrypt_cbc( Aes256Key const & key, Aes256Iv const & iv, @@ -70,6 +74,10 @@ void aes_encrypt_cbc( ); +/** Decrypts the input using AES256 in CBC mode. The output buffer must be at + * least the same size as the input buffer. Returns the length of the plaintext + * without padding on success or std::size_t(-1) if the padding is invalid. + */ std::size_t aes_decrypt_cbc( Aes256Key const & key, Aes256Iv const & iv, @@ -78,6 +86,8 @@ std::size_t aes_decrypt_cbc( ); +/** Computes SHA-256 of the input. The output buffer must be a least 32 + * bytes long. */ void sha256( std::uint8_t const * input, std::size_t input_length, std::uint8_t * output @@ -87,6 +97,10 @@ void sha256( const std::size_t HMAC_SHA256_OUTPUT_LENGTH = 32; +/** HMAC: Keyed-Hashing for Message Authentication + * http://tools.ietf.org/html/rfc2104 + * Computes HMAC-SHA-256 of the input for the key. The output buffer must + * be at least 32 bytes long. */ void hmac_sha256( std::uint8_t const * key, std::size_t key_length, std::uint8_t const * input, std::size_t input_length, @@ -94,6 +108,9 @@ void hmac_sha256( ); +/** HMAC-based Key Derivation Function (HKDF) + * https://tools.ietf.org/html/rfc5869 + * Derives key material from the input bytes. */ void hkdf_sha256( std::uint8_t const * input, std::size_t input_length, std::uint8_t const * info, std::size_t info_length, |