aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--Makefile3
-rw-r--r--include/olm/sas.h156
-rw-r--r--javascript/olm_post.js1
-rw-r--r--javascript/olm_sas.js77
-rw-r--r--javascript/test/sas.spec.js53
-rw-r--r--src/sas.c141
-rw-r--r--tests/test_sas.cpp117
7 files changed, 547 insertions, 1 deletions
diff --git a/Makefile b/Makefile
index a354e19..3269484 100644
--- a/Makefile
+++ b/Makefile
@@ -34,7 +34,7 @@ JS_EXPORTED_FUNCTIONS := javascript/exported_functions.json
JS_EXTRA_EXPORTED_RUNTIME_METHODS := ALLOC_STACK
JS_EXTERNS := javascript/externs.js
-PUBLIC_HEADERS := include/olm/olm.h include/olm/outbound_group_session.h include/olm/inbound_group_session.h include/olm/pk.h
+PUBLIC_HEADERS := include/olm/olm.h include/olm/outbound_group_session.h include/olm/inbound_group_session.h include/olm/pk.h include/olm/sas.h
SOURCES := $(wildcard src/*.cpp) $(wildcard src/*.c) \
lib/crypto-algorithms/sha256.c \
@@ -60,6 +60,7 @@ JS_PRE := $(wildcard javascript/*pre.js)
JS_POST := javascript/olm_outbound_group_session.js \
javascript/olm_inbound_group_session.js \
javascript/olm_pk.js \
+ javascript/olm_sas.js \
javascript/olm_post.js
# The prefix & suffix are just added onto the start & end
diff --git a/include/olm/sas.h b/include/olm/sas.h
new file mode 100644
index 0000000..46d4176
--- /dev/null
+++ b/include/olm/sas.h
@@ -0,0 +1,156 @@
+/* Copyright 2018-2019 New Vector Ltd
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+
+#ifndef OLM_SAS_H_
+#define OLM_SAS_H_
+
+#include <stddef.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/** @defgroup SAS Short Authentication String verification
+ * These functions are used for verifying keys using the Short Authentication
+ * String (SAS) method.
+ * @{
+ */
+
+typedef struct OlmSAS OlmSAS;
+
+/** A null terminated string describing the most recent error to happen to an
+ * SAS object. */
+const char * olm_sas_last_error(
+ OlmSAS * sas
+);
+
+/** The size of an SAS object in bytes. */
+size_t olm_sas_size(void);
+
+/** Initialize an SAS object using the supplied memory.
+ * The supplied memory must be at least `olm_sas_size()` bytes. */
+OlmSAS * olm_sas(
+ void * memory
+);
+
+/** Clears the memory used to back an SAS object. */
+size_t olm_clear_sas(
+ OlmSAS * sas
+);
+
+/** The number of random bytes needed to create an SAS object. */
+size_t olm_create_sas_random_length(
+ OlmSAS * sas
+);
+
+/** Creates a new SAS object.
+ *
+ * @param[in] sas the SAS object to create, initialized by `olm_sas()`.
+ * @param[in] random array of random bytes.
+ * @param[in] random_length the number of random bytes provided. Must be at
+ * least `olm_create_sas_random_length()`.
+ *
+ * @return `olm_error()` on failure. If there weren't enough random bytes then
+ * `olm_sas_last_error()` will be `NOT_ENOUGH_RANDOM`.
+ */
+size_t olm_create_sas(
+ OlmSAS * sas,
+ void * random, size_t random_length
+);
+
+/** The size of a public key in bytes. */
+size_t olm_sas_pubkey_length(OlmSAS * sas);
+
+/** Get the public key for the SAS object.
+ *
+ * @param[in] sas the SAS object.
+ * @param[out] pubkey buffer to store the public key.
+ * @param[in] pubkey_length the size of the `pubkey` buffer. Must be at least
+ * `olm_sas_pubkey_length()`.
+ *
+ * @return `olm_error()` on failure. If the `pubkey` buffer is too small, then
+ * `olm_sas_last_error()` will be `OUTPUT_BUFFER_TOO_SMALL`.
+ */
+size_t olm_sas_get_pubkey(
+ OlmSAS * sas,
+ void * pubkey, size_t pubkey_length
+);
+
+/** Sets the public key of other user.
+ *
+ * @param[in] sas the SAS object.
+ * @param[in] their_key the other user's public key.
+ * @param[in] their_key_size the size of the `their_key` buffer.
+ *
+ * @return `olm_error()` on failure. If the `their_key` buffer is too small,
+ * then `olm_sas_last_error()` will be `INPUT_BUFFER_TOO_SMALL`.
+ */
+size_t olm_sas_set_their_key(
+ OlmSAS *sas,
+ void * their_key, size_t their_key_length
+);
+
+/** Generate bytes to use for the short authentication string.
+ *
+ * @param[in] sas the SAS object.
+ * @param[in] info extra information to mix in when generating the bytes, as
+ * per the Matrix spec.
+ * @param[in] info_length the length of the `info` parameter.
+ * @param[out] output the output buffer.
+ * @param[in] output_length the size of the output buffer. For hex-based SAS
+ * as in the Matrix spec, this will be 5.
+ */
+size_t olm_sas_generate_bytes(
+ OlmSAS * sas,
+ const void * info, size_t info_length,
+ void * output, size_t output_length
+);
+
+/** The size of the message authentication code generated by
+ * olm_sas_calculate_mac()`. */
+size_t olm_sas_mac_length(
+ OlmSAS *sas
+);
+
+/** Generate a message authentication code (MAC) based on the shared secret.
+ *
+ * @param[in] sas the SAS object.
+ * @param[in] input the message to produce the authentication code for.
+ * @param[in] input_length the length of the message.
+ * @param[in] info extra information to mix in when generating the MAC, as per
+ * the Matrix spec.
+ * @param[in] info_length the length of the `info` parameter.
+ * @param[out] mac the buffer in which to store the MAC.
+ * @param[in] mac_length the size of the `mac` buffer. Must be at least
+ * `olm_sas_mac_length()`
+ *
+ * @return `olm_error()` on failure. If the `mac` buffer is too small, then
+ * `olm_sas_last_error()` will be `OUTPUT_BUFFER_TOO_SMALL`.
+ */
+size_t olm_sas_calculate_mac(
+ OlmSAS * sas,
+ void * input, size_t input_length,
+ const void * info, size_t info_length,
+ void * mac, size_t mac_length
+);
+
+/** @} */ // end of SAS group
+
+#ifdef __cplusplus
+} // extern "C"
+#endif
+
+#endif /* OLM_SAS_H_ */
diff --git a/javascript/olm_post.js b/javascript/olm_post.js
index 8c06fff..3bf0d66 100644
--- a/javascript/olm_post.js
+++ b/javascript/olm_post.js
@@ -534,6 +534,7 @@ olm_exports["Session"] = Session;
olm_exports["Utility"] = Utility;
olm_exports["PkEncryption"] = PkEncryption;
olm_exports["PkDecryption"] = PkDecryption;
+olm_exports["SAS"] = SAS;
olm_exports["get_library_version"] = restore_stack(function() {
var buf = stack(3);
diff --git a/javascript/olm_sas.js b/javascript/olm_sas.js
new file mode 100644
index 0000000..d5044ce
--- /dev/null
+++ b/javascript/olm_sas.js
@@ -0,0 +1,77 @@
+function SAS() {
+ var size = Module['_olm_sas_size']();
+ var random_length = Module['_olm_create_sas_random_length']();
+ var random = random_stack(random_length);
+ this.buf = malloc(size);
+ this.ptr = Module['_olm_sas'](this.buf);
+ Module['_olm_create_sas'](this.ptr, random, random_length);
+ bzero(random, random_length);
+}
+
+function sas_method(wrapped) {
+ return function() {
+ var result = wrapped.apply(this, arguments);
+ if (result === OLM_ERROR) {
+ var message = Pointer_stringify(
+ Module['_olm_sas_last_error'](arguments[0])
+ );
+ throw new Error("OLM." + message);
+ }
+ return result;
+ }
+}
+
+SAS.prototype['free'] = function() {
+ Module['_olm_clear_sas'](this.ptr);
+ free(this.ptr);
+};
+
+SAS.prototype['get_pubkey'] = restore_stack(function() {
+ var pubkey_length = sas_method(Module['_olm_sas_pubkey_length'])(this.ptr);
+ var pubkey_buffer = stack(pubkey_length + NULL_BYTE_PADDING_LENGTH);
+ sas_method(Module['_olm_sas_get_pubkey'])(this.ptr, pubkey_buffer, pubkey_length);
+ return Pointer_stringify(pubkey_buffer);
+});
+
+SAS.prototype['set_their_key'] = restore_stack(function(their_key) {
+ var their_key_array = array_from_string(their_key);
+ var their_key_buffer = stack(their_key_array);
+ sas_method(Module['_olm_sas_set_their_key'])(
+ this.ptr,
+ their_key_buffer, their_key_array.length
+ );
+});
+
+SAS.prototype['generate_bytes'] = restore_stack(function(info, length) {
+ var info_array = array_from_string(info);
+ var info_buffer = stack(info_array);
+ var output_buffer = stack(length);
+ sas_method(Module['_olm_sas_generate_bytes'])(
+ this.ptr,
+ info_buffer, info_array.length,
+ output_buffer, length
+ );
+ // The inner Uint8Array creates a view of the buffer. The outer Uint8Array
+ // copies it to a new array to return, since the original buffer will get
+ // deallocated from the stack and could get overwritten.
+ var output_arr = new Uint8Array(
+ new Uint8Array(Module['HEAPU8'].buffer, output_buffer, length)
+ );
+ return output_arr;
+});
+
+SAS.prototype['calculate_mac'] = restore_stack(function(input, info) {
+ var input_array = array_from_string(input);
+ var input_buffer = stack(input_array);
+ var info_array = array_from_string(info);
+ var info_buffer = stack(info_array);
+ var mac_length = sas_method(Module['_olm_sas_mac_length'])(this.ptr);
+ var mac_buffer = stack(mac_length + NULL_BYTE_PADDING_LENGTH);
+ sas_method(Module['_olm_sas_calculate_mac'])(
+ this.ptr,
+ input_buffer, input_array.length,
+ info_buffer, info_array.length,
+ mac_buffer, mac_length
+ );
+ return Pointer_stringify(mac_buffer);
+});
diff --git a/javascript/test/sas.spec.js b/javascript/test/sas.spec.js
new file mode 100644
index 0000000..af7ea65
--- /dev/null
+++ b/javascript/test/sas.spec.js
@@ -0,0 +1,53 @@
+/*
+Copyright 2018 New Vector Ltd
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+var Olm = require('../olm');
+
+describe("sas", function() {
+ var alice, bob;
+
+ beforeEach(async function(done) {
+ Olm.init().then(function() {
+ alice = new Olm.SAS();
+ bob = new Olm.SAS();
+
+ done();
+ });
+ });
+
+ afterEach(function () {
+ if (alice !== undefined) {
+ alice.free();
+ alice = undefined;
+ }
+ if (bob !== undefined) {
+ bob.free();
+ bob = undefined;
+ }
+ });
+
+ it('should create matching SAS bytes', function () {
+ alice.set_their_key(bob.get_pubkey());
+ bob.set_their_key(alice.get_pubkey());
+ expect(alice.generate_bytes("SAS", 5).toString()).toEqual(bob.generate_bytes("SAS", 5).toString());
+ });
+
+ it('should create matching MACs', function () {
+ alice.set_their_key(bob.get_pubkey());
+ bob.set_their_key(alice.get_pubkey());
+ expect(alice.calculate_mac("test", "MAC").toString()).toEqual(bob.calculate_mac("test", "MAC").toString());
+ });
+});
diff --git a/src/sas.c b/src/sas.c
new file mode 100644
index 0000000..c5be73f
--- /dev/null
+++ b/src/sas.c
@@ -0,0 +1,141 @@
+/* Copyright 2018-2019 New Vector Ltd
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "olm/sas.h"
+#include "olm/base64.h"
+#include "olm/crypto.h"
+#include "olm/error.h"
+#include "olm/memory.h"
+
+struct OlmSAS {
+ enum OlmErrorCode last_error;
+ struct _olm_curve25519_key_pair curve25519_key;
+ uint8_t secret[CURVE25519_SHARED_SECRET_LENGTH];
+};
+
+const char * olm_sas_last_error(
+ OlmSAS * sas
+) {
+ return _olm_error_to_string(sas->last_error);
+}
+
+size_t olm_sas_size(void) {
+ return sizeof(OlmSAS);
+}
+
+OlmSAS * olm_sas(
+ void * memory
+) {
+ _olm_unset(memory, sizeof(OlmSAS));
+ return (OlmSAS *) memory;
+}
+
+size_t olm_clear_sas(
+ OlmSAS * sas
+) {
+ _olm_unset(sas, sizeof(OlmSAS));
+ return sizeof(OlmSAS);
+}
+
+size_t olm_create_sas_random_length(OlmSAS * sas) {
+ return CURVE25519_KEY_LENGTH;
+}
+
+size_t olm_create_sas(
+ OlmSAS * sas,
+ void * random, size_t random_length
+) {
+ if (random_length < olm_create_sas_random_length(sas)) {
+ sas->last_error = OLM_NOT_ENOUGH_RANDOM;
+ return (size_t)-1;
+ }
+ _olm_crypto_curve25519_generate_key((uint8_t *) random, &sas->curve25519_key);
+ return 0;
+}
+
+size_t olm_sas_pubkey_length(OlmSAS * sas) {
+ return _olm_encode_base64_length(CURVE25519_KEY_LENGTH);
+}
+
+size_t olm_sas_get_pubkey(
+ OlmSAS * sas,
+ void * pubkey, size_t pubkey_length
+) {
+ if (pubkey_length < olm_sas_pubkey_length(sas)) {
+ sas->last_error = OLM_OUTPUT_BUFFER_TOO_SMALL;
+ return (size_t)-1;
+ }
+ _olm_encode_base64(
+ (const uint8_t *)sas->curve25519_key.public_key.public_key,
+ CURVE25519_KEY_LENGTH,
+ (uint8_t *)pubkey
+ );
+ return 0;
+}
+
+size_t olm_sas_set_their_key(
+ OlmSAS *sas,
+ void * their_key, size_t their_key_length
+) {
+ if (their_key_length < olm_sas_pubkey_length(sas)) {
+ sas->last_error = OLM_INPUT_BUFFER_TOO_SMALL;
+ return (size_t)-1;
+ }
+ _olm_decode_base64(their_key, their_key_length, their_key);
+ _olm_crypto_curve25519_shared_secret(&sas->curve25519_key, their_key, sas->secret);
+ return 0;
+}
+
+size_t olm_sas_generate_bytes(
+ OlmSAS * sas,
+ const void * info, size_t info_length,
+ void * output, size_t output_length
+) {
+ _olm_crypto_hkdf_sha256(
+ sas->secret, sizeof(sas->secret),
+ NULL, 0,
+ (const uint8_t *) info, info_length,
+ output, output_length
+ );
+ return 0;
+}
+
+size_t olm_sas_mac_length(
+ OlmSAS *sas
+) {
+ return _olm_encode_base64_length(SHA256_OUTPUT_LENGTH);
+}
+
+size_t olm_sas_calculate_mac(
+ OlmSAS * sas,
+ void * input, size_t input_length,
+ const void * info, size_t info_length,
+ void * mac, size_t mac_length
+) {
+ if (mac_length < olm_sas_mac_length(sas)) {
+ sas->last_error = OLM_OUTPUT_BUFFER_TOO_SMALL;
+ return (size_t)-1;
+ }
+ uint8_t key[32];
+ _olm_crypto_hkdf_sha256(
+ sas->secret, sizeof(sas->secret),
+ NULL, 0,
+ (const uint8_t *) info, info_length,
+ key, 32
+ );
+ _olm_crypto_hmac_sha256(key, 32, input, input_length, mac);
+ _olm_encode_base64((const uint8_t *)mac, SHA256_OUTPUT_LENGTH, (uint8_t *)mac);
+ return 0;
+}
diff --git a/tests/test_sas.cpp b/tests/test_sas.cpp
new file mode 100644
index 0000000..3578244
--- /dev/null
+++ b/tests/test_sas.cpp
@@ -0,0 +1,117 @@
+#include "olm/sas.h"
+#include "olm/crypto.h"
+#include "olm/olm.h"
+
+#include "unittest.hh"
+
+#include <iostream>
+
+int main() {
+
+
+{ /* Generate bytes */
+
+TestCase test_case("SAS generate bytes");
+
+std::uint8_t alice_private[32] = {
+ 0x77, 0x07, 0x6D, 0x0A, 0x73, 0x18, 0xA5, 0x7D,
+ 0x3C, 0x16, 0xC1, 0x72, 0x51, 0xB2, 0x66, 0x45,
+ 0xDF, 0x4C, 0x2F, 0x87, 0xEB, 0xC0, 0x99, 0x2A,
+ 0xB1, 0x77, 0xFB, 0xA5, 0x1D, 0xB9, 0x2C, 0x2A
+};
+
+const std::uint8_t *alice_public = (std::uint8_t *) "hSDwCYkwp1R0i33ctD73Wg2/Og0mOBr066SpjqqbTmo";
+
+std::uint8_t bob_private[32] = {
+ 0x5D, 0xAB, 0x08, 0x7E, 0x62, 0x4A, 0x8A, 0x4B,
+ 0x79, 0xE1, 0x7F, 0x8B, 0x83, 0x80, 0x0E, 0xE6,
+ 0x6F, 0x3B, 0xB1, 0x29, 0x26, 0x18, 0xB6, 0xFD,
+ 0x1C, 0x2F, 0x8B, 0x27, 0xFF, 0x88, 0xE0, 0xEB
+};
+
+const std::uint8_t *bob_public = (std::uint8_t *) "3p7bfXt9wbTTW2HC7OQ1Nz+DQ8hbeGdNrfx+FG+IK08";
+
+std::uint8_t alice_sas_buffer[olm_sas_size()];
+OlmSAS *alice_sas = olm_sas(alice_sas_buffer);
+olm_create_sas(alice_sas, alice_private, sizeof(alice_private));
+std::uint8_t bob_sas_buffer[olm_sas_size()];
+OlmSAS *bob_sas = olm_sas(bob_sas_buffer);
+olm_create_sas(bob_sas, bob_private, sizeof(bob_private));
+
+std::uint8_t pubkey[::olm_sas_pubkey_length(alice_sas)];
+
+olm_sas_get_pubkey(alice_sas, pubkey, sizeof(pubkey));
+
+assert_equals(alice_public, pubkey, olm_sas_pubkey_length(alice_sas));
+
+olm_sas_set_their_key(bob_sas, pubkey, olm_sas_pubkey_length(bob_sas));
+
+olm_sas_get_pubkey(bob_sas, pubkey, sizeof(pubkey));
+
+assert_equals(bob_public, pubkey, olm_sas_pubkey_length(bob_sas));
+
+olm_sas_set_their_key(alice_sas, pubkey, olm_sas_pubkey_length(alice_sas));
+
+std::uint8_t alice_bytes[6];
+std::uint8_t bob_bytes[6];
+
+olm_sas_generate_bytes(alice_sas, "SAS", 3, alice_bytes, 6);
+olm_sas_generate_bytes(bob_sas, "SAS", 3, bob_bytes, 6);
+
+assert_equals(alice_bytes, bob_bytes, 6);
+
+}
+
+{ /* Calculate MAC */
+
+TestCase test_case("SAS calculate MAC");
+
+std::uint8_t alice_private[32] = {
+ 0x77, 0x07, 0x6D, 0x0A, 0x73, 0x18, 0xA5, 0x7D,
+ 0x3C, 0x16, 0xC1, 0x72, 0x51, 0xB2, 0x66, 0x45,
+ 0xDF, 0x4C, 0x2F, 0x87, 0xEB, 0xC0, 0x99, 0x2A,
+ 0xB1, 0x77, 0xFB, 0xA5, 0x1D, 0xB9, 0x2C, 0x2A
+};
+
+const std::uint8_t *alice_public = (std::uint8_t *) "hSDwCYkwp1R0i33ctD73Wg2/Og0mOBr066SpjqqbTmo";
+
+std::uint8_t bob_private[32] = {
+ 0x5D, 0xAB, 0x08, 0x7E, 0x62, 0x4A, 0x8A, 0x4B,
+ 0x79, 0xE1, 0x7F, 0x8B, 0x83, 0x80, 0x0E, 0xE6,
+ 0x6F, 0x3B, 0xB1, 0x29, 0x26, 0x18, 0xB6, 0xFD,
+ 0x1C, 0x2F, 0x8B, 0x27, 0xFF, 0x88, 0xE0, 0xEB
+};
+
+const std::uint8_t *bob_public = (std::uint8_t *) "3p7bfXt9wbTTW2HC7OQ1Nz+DQ8hbeGdNrfx+FG+IK08";
+
+std::uint8_t alice_sas_buffer[olm_sas_size()];
+OlmSAS *alice_sas = olm_sas(alice_sas_buffer);
+olm_create_sas(alice_sas, alice_private, sizeof(alice_private));
+std::uint8_t bob_sas_buffer[olm_sas_size()];
+OlmSAS *bob_sas = olm_sas(bob_sas_buffer);
+olm_create_sas(bob_sas, bob_private, sizeof(bob_private));
+
+std::uint8_t pubkey[::olm_sas_pubkey_length(alice_sas)];
+
+olm_sas_get_pubkey(alice_sas, pubkey, sizeof(pubkey));
+
+assert_equals(alice_public, pubkey, olm_sas_pubkey_length(alice_sas));
+
+olm_sas_set_their_key(bob_sas, pubkey, olm_sas_pubkey_length(bob_sas));
+
+olm_sas_get_pubkey(bob_sas, pubkey, sizeof(pubkey));
+
+assert_equals(bob_public, pubkey, olm_sas_pubkey_length(bob_sas));
+
+olm_sas_set_their_key(alice_sas, pubkey, olm_sas_pubkey_length(alice_sas));
+
+std::uint8_t alice_mac[olm_sas_mac_length(alice_sas)];
+std::uint8_t bob_mac[olm_sas_mac_length(bob_sas)];
+
+olm_sas_calculate_mac(alice_sas, (void *) "Hello world!", 12, "MAC", 3, alice_mac, olm_sas_mac_length(alice_sas));
+olm_sas_calculate_mac(bob_sas, (void *) "Hello world!", 12, "MAC", 3, bob_mac, olm_sas_mac_length(bob_sas));
+
+assert_equals(alice_mac, bob_mac, olm_sas_mac_length(alice_sas));
+
+}
+}