diff options
| -rw-r--r-- | include/olm/crypto.hh | 26 | ||||
| -rw-r--r-- | include/olm/memory.hh | 49 | ||||
| -rw-r--r-- | include/olm/ratchet.hh | 2 | ||||
| -rw-r--r-- | src/account.cpp | 17 | ||||
| -rw-r--r-- | src/cipher.cpp | 21 | ||||
| -rw-r--r-- | src/crypto.cpp | 52 | ||||
| -rw-r--r-- | src/olm.cpp | 47 | ||||
| -rw-r--r-- | src/ratchet.cpp | 61 | ||||
| -rw-r--r-- | src/session.cpp | 123 | ||||
| -rw-r--r-- | src/utility.cpp | 6 | ||||
| -rw-r--r-- | tests/test_base64.cpp | 1 | ||||
| -rw-r--r-- | tests/test_crypto.cpp | 2 |
12 files changed, 219 insertions, 188 deletions
diff --git a/include/olm/crypto.hh b/include/olm/crypto.hh index b845bfe..7a05f8d 100644 --- a/include/olm/crypto.hh +++ b/include/olm/crypto.hh @@ -20,28 +20,27 @@ namespace olm { +static const std::size_t KEY_LENGTH = 32; +static const std::size_t SIGNATURE_LENGTH = 64; +static const std::size_t IV_LENGTH = 16; struct Curve25519PublicKey { - static const int LENGTH = 32; - std::uint8_t public_key[32]; + std::uint8_t public_key[KEY_LENGTH]; }; struct Curve25519KeyPair : public Curve25519PublicKey { - static const int LENGTH = 64; - std::uint8_t private_key[32]; + std::uint8_t private_key[KEY_LENGTH]; }; struct Ed25519PublicKey { - static const int LENGTH = 32; - std::uint8_t public_key[32]; + std::uint8_t public_key[KEY_LENGTH]; }; struct Ed25519KeyPair : public Ed25519PublicKey { - static const int LENGTH = 64; - std::uint8_t private_key[32]; + std::uint8_t private_key[KEY_LENGTH]; }; @@ -52,9 +51,6 @@ void curve25519_generate_key( ); -const std::size_t CURVE25519_SHARED_SECRET_LENGTH = 32; - - /** Create a shared secret using our private key and their public key. * The output buffer must be at least 32 bytes long. */ void curve25519_shared_secret( @@ -109,14 +105,12 @@ bool ed25519_verify( struct Aes256Key { - static const int LENGTH = 32; - std::uint8_t key[32]; + std::uint8_t key[KEY_LENGTH]; }; struct Aes256Iv { - static const int LENGTH = 16; - std::uint8_t iv[16]; + std::uint8_t iv[IV_LENGTH]; }; @@ -156,7 +150,7 @@ void sha256( ); -const std::size_t HMAC_SHA256_OUTPUT_LENGTH = 32; +const std::size_t SHA256_OUTPUT_LENGTH = 32; /** HMAC: Keyed-Hashing for Message Authentication diff --git a/include/olm/memory.hh b/include/olm/memory.hh index b19c74b..128990a 100644 --- a/include/olm/memory.hh +++ b/include/olm/memory.hh @@ -14,6 +14,8 @@ */ #include <cstddef> #include <cstdint> +#include <cstring> +#include <type_traits> namespace olm { @@ -35,4 +37,51 @@ bool is_equal( std::size_t length ); +/** Check if two fixed size arrays are equals */ +template<typename T> +bool array_equal( + T const & array_a, + T const & array_b +) { + static_assert( + std::is_array<T>::value + && std::is_convertible<T, std::uint8_t *>::value + && sizeof(T) > 0, + "Arguments to array_equal must be std::uint8_t arrays[]." + ); + return is_equal(array_a, array_b, sizeof(T)); +} + +/** Copy into a fixed size array */ +template<typename T> +std::uint8_t const * load_array( + T & destination, + std::uint8_t const * source +) { + static_assert( + std::is_array<T>::value + && std::is_convertible<T, std::uint8_t *>::value + && sizeof(T) > 0, + "The first argument to load_array must be a std::uint8_t array[]." + ); + std::memcpy(destination, source, sizeof(T)); + return source + sizeof(T); +} + +/** Copy from a fixed size array */ +template<typename T> +std::uint8_t * store_array( + std::uint8_t * destination, + T const & source +) { + static_assert( + std::is_array<T>::value + && std::is_convertible<T, std::uint8_t *>::value + && sizeof(T) > 0, + "The second argument to store_array must be a std::uint8_t array[]." + ); + std::memcpy(destination, source, sizeof(T)); + return destination + sizeof(T); +} + } // namespace olm diff --git a/include/olm/ratchet.hh b/include/olm/ratchet.hh index 7274255..2393e5b 100644 --- a/include/olm/ratchet.hh +++ b/include/olm/ratchet.hh @@ -21,7 +21,7 @@ namespace olm { class Cipher; -typedef std::uint8_t SharedKey[32]; +typedef std::uint8_t SharedKey[olm::KEY_LENGTH]; struct ChainKey { diff --git a/src/account.cpp b/src/account.cpp index d0ef838..43033c8 100644 --- a/src/account.cpp +++ b/src/account.cpp @@ -15,6 +15,7 @@ #include "olm/account.hh" #include "olm/base64.hh" #include "olm/pickle.hh" +#include "olm/memory.hh" olm::Account::Account( ) : next_one_time_key_id(0), @@ -26,7 +27,7 @@ olm::OneTimeKey const * olm::Account::lookup_key( olm::Curve25519PublicKey const & public_key ) { for (olm::OneTimeKey const & key : one_time_keys) { - if (0 == memcmp(key.key.public_key, public_key.public_key, 32)) { + if (olm::array_equal(key.key.public_key, public_key.public_key)) { return &key; } } @@ -38,7 +39,7 @@ std::size_t olm::Account::remove_key( ) { OneTimeKey * i; for (i = one_time_keys.begin(); i != one_time_keys.end(); ++i) { - if (0 == memcmp(i->key.public_key, public_key.public_key, 32)) { + if (olm::array_equal(i->key.public_key, public_key.public_key)) { std::uint32_t id = i->id; one_time_keys.erase(i); return id; @@ -48,7 +49,7 @@ std::size_t olm::Account::remove_key( } std::size_t olm::Account::new_account_random_length() { - return 2 * 32; + return 2 * olm::KEY_LENGTH; } std::size_t olm::Account::new_account( @@ -60,9 +61,8 @@ std::size_t olm::Account::new_account( } olm::ed25519_generate_key(random, identity_keys.ed25519_key); - random += 32; + random += KEY_LENGTH; olm::curve25519_generate_key(random, identity_keys.curve25519_key); - random += 32; return 0; } @@ -107,7 +107,6 @@ std::size_t olm::Account::get_identity_json( std::uint8_t * identity_json, std::size_t identity_json_length ) { std::uint8_t * pos = identity_json; - std::uint8_t signature[64]; size_t expected_length = get_identity_json_length(); if (identity_json_length < expected_length) { @@ -138,7 +137,7 @@ std::size_t olm::Account::get_identity_json( std::size_t olm::Account::signature_length( ) { - return 64; + return olm::SIGNATURE_LENGTH; } @@ -239,7 +238,7 @@ std::size_t olm::Account::max_number_of_one_time_keys( std::size_t olm::Account::generate_one_time_keys_random_length( std::size_t number_of_keys ) { - return 32 * number_of_keys; + return olm::KEY_LENGTH * number_of_keys; } std::size_t olm::Account::generate_one_time_keys( @@ -255,7 +254,7 @@ std::size_t olm::Account::generate_one_time_keys( key.id = ++next_one_time_key_id; key.published = false; olm::curve25519_generate_key(random, key.key); - random += 32; + random += olm::KEY_LENGTH; } return number_of_keys; } diff --git a/src/cipher.cpp b/src/cipher.cpp index 2202746..7bb11b8 100644 --- a/src/cipher.cpp +++ b/src/cipher.cpp @@ -23,11 +23,9 @@ olm::Cipher::~Cipher() { namespace { -static const std::size_t SHA256_LENGTH = 32; - struct DerivedKeys { olm::Aes256Key aes_key; - std::uint8_t mac_key[SHA256_LENGTH]; + std::uint8_t mac_key[olm::KEY_LENGTH]; olm::Aes256Iv aes_iv; }; @@ -37,16 +35,17 @@ static void derive_keys( std::uint8_t const * key, std::size_t key_length, DerivedKeys & keys ) { - std::uint8_t derived_secrets[80]; + std::uint8_t derived_secrets[2 * olm::KEY_LENGTH + olm::IV_LENGTH]; olm::hkdf_sha256( key, key_length, nullptr, 0, kdf_info, kdf_info_length, derived_secrets, sizeof(derived_secrets) ); - std::memcpy(keys.aes_key.key, derived_secrets, 32); - std::memcpy(keys.mac_key, derived_secrets + 32, 32); - std::memcpy(keys.aes_iv.iv, derived_secrets + 64, 16); + std::uint8_t const * pos = derived_secrets; + pos = olm::load_array(keys.aes_key.key, pos); + pos = olm::load_array(keys.mac_key, pos); + pos = olm::load_array(keys.aes_iv.iv, pos); olm::unset(derived_secrets); } @@ -84,7 +83,7 @@ std::size_t olm::CipherAesSha256::encrypt( return std::size_t(-1); } struct DerivedKeys keys; - std::uint8_t mac[SHA256_LENGTH]; + std::uint8_t mac[olm::SHA256_OUTPUT_LENGTH]; derive_keys(kdf_info, kdf_info_length, key, key_length, keys); @@ -93,7 +92,7 @@ std::size_t olm::CipherAesSha256::encrypt( ); olm::hmac_sha256( - keys.mac_key, SHA256_LENGTH, output, output_length - MAC_LENGTH, mac + keys.mac_key, olm::KEY_LENGTH, output, output_length - MAC_LENGTH, mac ); std::memcpy(output + output_length - MAC_LENGTH, mac, MAC_LENGTH); @@ -116,12 +115,12 @@ std::size_t olm::CipherAesSha256::decrypt( std::uint8_t * plaintext, std::size_t max_plaintext_length ) const { DerivedKeys keys; - std::uint8_t mac[SHA256_LENGTH]; + std::uint8_t mac[olm::SHA256_OUTPUT_LENGTH]; derive_keys(kdf_info, kdf_info_length, key, key_length, keys); olm::hmac_sha256( - keys.mac_key, SHA256_LENGTH, input, input_length - MAC_LENGTH, mac + keys.mac_key, olm::KEY_LENGTH, input, input_length - MAC_LENGTH, mac ); std::uint8_t const * input_mac = input + input_length - MAC_LENGTH; diff --git a/src/crypto.cpp b/src/crypto.cpp index fffda4c..8024355 100644 --- a/src/crypto.cpp +++ b/src/crypto.cpp @@ -66,8 +66,9 @@ void ed25519_keypair( namespace { static const std::uint8_t CURVE25519_BASEPOINT[32] = {9}; +static const std::size_t AES_KEY_SCHEDULE_LENGTH = 60; +static const std::size_t AES_KEY_BITS = 8 * olm::KEY_LENGTH; static const std::size_t AES_BLOCK_LENGTH = 16; -static const std::size_t SHA256_HASH_LENGTH = 32; static const std::size_t SHA256_BLOCK_LENGTH = 64; static const std::uint8_t HKDF_DEFAULT_SALT[32] = {}; @@ -119,7 +120,7 @@ inline static void hmac_sha256_final( std::uint8_t const * hmac_key, std::uint8_t * output ) { - std::uint8_t o_pad[SHA256_BLOCK_LENGTH + SHA256_HASH_LENGTH]; + std::uint8_t o_pad[SHA256_BLOCK_LENGTH + olm::SHA256_OUTPUT_LENGTH]; std::memcpy(o_pad, hmac_key, SHA256_BLOCK_LENGTH); for (std::size_t i = 0; i < SHA256_BLOCK_LENGTH; ++i) { o_pad[i] ^= 0x5C; @@ -140,7 +141,7 @@ void olm::curve25519_generate_key( std::uint8_t const * random_32_bytes, olm::Curve25519KeyPair & key_pair ) { - std::memcpy(key_pair.private_key, random_32_bytes, 32); + std::memcpy(key_pair.private_key, random_32_bytes, KEY_LENGTH); ::curve25519_donna( key_pair.public_key, key_pair.private_key, CURVE25519_BASEPOINT ); @@ -161,9 +162,9 @@ void olm::curve25519_sign( std::uint8_t const * message, std::size_t message_length, std::uint8_t * output ) { - std::uint8_t private_key[32]; - std::uint8_t public_key[32]; - std::memcpy(private_key, our_key.private_key, 32); + std::uint8_t private_key[KEY_LENGTH]; + std::uint8_t public_key[KEY_LENGTH]; + std::memcpy(private_key, our_key.private_key, KEY_LENGTH); ::ed25519_keypair(private_key, public_key); ::ed25519_sign( output, @@ -179,10 +180,10 @@ bool olm::curve25519_verify( std::uint8_t const * message, std::size_t message_length, std::uint8_t const * signature ) { - std::uint8_t public_key[32]; - std::uint8_t signature_buffer[64]; - std::memcpy(public_key, their_key.public_key, 32); - std::memcpy(signature_buffer, signature, 64); + std::uint8_t public_key[KEY_LENGTH]; + std::uint8_t signature_buffer[SIGNATURE_LENGTH]; + std::memcpy(public_key, their_key.public_key, KEY_LENGTH); + std::memcpy(signature_buffer, signature, SIGNATURE_LENGTH); ::convert_curve25519_to_ed25519(public_key, signature_buffer); return 0 != ::ed25519_verify( signature, @@ -196,7 +197,7 @@ void olm::ed25519_generate_key( std::uint8_t const * random_32_bytes, olm::Ed25519KeyPair & key_pair ) { - std::memcpy(key_pair.private_key, random_32_bytes, 32); + std::memcpy(key_pair.private_key, random_32_bytes, KEY_LENGTH); ::ed25519_keypair(key_pair.private_key, key_pair.public_key); } @@ -240,13 +241,13 @@ void olm::aes_encrypt_cbc( std::uint8_t const * input, std::size_t input_length, std::uint8_t * output ) { - std::uint32_t key_schedule[60]; - ::aes_key_setup(key.key, key_schedule, 256); + std::uint32_t key_schedule[AES_KEY_SCHEDULE_LENGTH]; + ::aes_key_setup(key.key, key_schedule, AES_KEY_BITS); std::uint8_t input_block[AES_BLOCK_LENGTH]; std::memcpy(input_block, iv.iv, AES_BLOCK_LENGTH); while (input_length >= AES_BLOCK_LENGTH) { xor_block<AES_BLOCK_LENGTH>(input_block, input); - ::aes_encrypt(input_block, output, key_schedule, 256); + ::aes_encrypt(input_block, output, key_schedule, AES_KEY_BITS); std::memcpy(input_block, output, AES_BLOCK_LENGTH); input += AES_BLOCK_LENGTH; output += AES_BLOCK_LENGTH; @@ -259,7 +260,7 @@ void olm::aes_encrypt_cbc( for (; i < AES_BLOCK_LENGTH; ++i) { input_block[i] ^= AES_BLOCK_LENGTH - input_length; } - ::aes_encrypt(input_block, output, key_schedule, 256); + ::aes_encrypt(input_block, output, key_schedule, AES_KEY_BITS); olm::unset(key_schedule); olm::unset(input_block); } @@ -271,14 +272,14 @@ std::size_t olm::aes_decrypt_cbc( std::uint8_t const * input, std::size_t input_length, std::uint8_t * output ) { - std::uint32_t key_schedule[60]; - ::aes_key_setup(key.key, key_schedule, 256); + std::uint32_t key_schedule[AES_KEY_SCHEDULE_LENGTH]; + ::aes_key_setup(key.key, key_schedule, AES_KEY_BITS); std::uint8_t block1[AES_BLOCK_LENGTH]; std::uint8_t block2[AES_BLOCK_LENGTH]; std::memcpy(block1, iv.iv, AES_BLOCK_LENGTH); for (std::size_t i = 0; i < input_length; i += AES_BLOCK_LENGTH) { std::memcpy(block2, &input[i], AES_BLOCK_LENGTH); - ::aes_decrypt(&input[i], &output[i], key_schedule, 256); + ::aes_decrypt(&input[i], &output[i], key_schedule, AES_KEY_BITS); xor_block<AES_BLOCK_LENGTH>(&output[i], block1); std::memcpy(block1, block2, AES_BLOCK_LENGTH); } @@ -301,6 +302,7 @@ void olm::sha256( olm::unset(context); } + void olm::hmac_sha256( std::uint8_t const * key, std::size_t key_length, std::uint8_t const * input, std::size_t input_length, @@ -325,7 +327,7 @@ void olm::hkdf_sha256( ) { ::SHA256_CTX context; std::uint8_t hmac_key[SHA256_BLOCK_LENGTH]; - std::uint8_t step_result[SHA256_HASH_LENGTH]; + std::uint8_t step_result[olm::SHA256_OUTPUT_LENGTH]; std::size_t bytes_remaining = output_length; std::uint8_t iteration = 1; if (!salt) { @@ -337,20 +339,20 @@ void olm::hkdf_sha256( hmac_sha256_init(&context, hmac_key); ::sha256_update(&context, input, input_length); hmac_sha256_final(&context, hmac_key, step_result); - hmac_sha256_key(step_result, SHA256_HASH_LENGTH, hmac_key); + hmac_sha256_key(step_result, olm::SHA256_OUTPUT_LENGTH, hmac_key); /* Extract */ hmac_sha256_init(&context, hmac_key); ::sha256_update(&context, info, info_length); ::sha256_update(&context, &iteration, 1); hmac_sha256_final(&context, hmac_key, step_result); - while (bytes_remaining > SHA256_HASH_LENGTH) { - std::memcpy(output, step_result, SHA256_HASH_LENGTH); - output += SHA256_HASH_LENGTH; - bytes_remaining -= SHA256_HASH_LENGTH; + while (bytes_remaining > olm::SHA256_OUTPUT_LENGTH) { + std::memcpy(output, step_result, olm::SHA256_OUTPUT_LENGTH); + output += olm::SHA256_OUTPUT_LENGTH; + bytes_remaining -= olm::SHA256_OUTPUT_LENGTH; iteration ++; hmac_sha256_init(&context, hmac_key); - ::sha256_update(&context, step_result, SHA256_HASH_LENGTH); + ::sha256_update(&context, step_result, olm::SHA256_OUTPUT_LENGTH); ::sha256_update(&context, info, info_length); ::sha256_update(&context, &iteration, 1); hmac_sha256_final(&context, hmac_key, step_result); diff --git a/src/olm.cpp b/src/olm.cpp index 28b194f..63f3d83 100644 --- a/src/olm.cpp +++ b/src/olm.cpp @@ -520,8 +520,13 @@ size_t olm_create_outbound_session( void const * their_one_time_key, size_t their_one_time_key_length, void * random, size_t random_length ) { - if (olm::decode_base64_length(their_identity_key_length) != 32 - || olm::decode_base64_length(their_one_time_key_length) != 32 + std::uint8_t const * id_key = from_c(their_identity_key); + std::uint8_t const * ot_key = from_c(their_one_time_key); + std::size_t id_key_length = their_identity_key_length; + std::size_t ot_key_length = their_one_time_key_length; + + if (olm::decode_base64_length(id_key_length) != olm::KEY_LENGTH + || olm::decode_base64_length(ot_key_length) != olm::KEY_LENGTH ) { from_c(session)->last_error = olm::ErrorCode::INVALID_BASE64; return std::size_t(-1); @@ -529,14 +534,8 @@ size_t olm_create_outbound_session( olm::Curve25519PublicKey identity_key; olm::Curve25519PublicKey one_time_key; - olm::decode_base64( - from_c(their_identity_key), their_identity_key_length, - identity_key.public_key - ); - olm::decode_base64( - from_c(their_one_time_key), their_one_time_key_length, - one_time_key.public_key - ); + olm::decode_base64(id_key, id_key_length, identity_key.public_key); + olm::decode_base64(ot_key, ot_key_length, one_time_key.public_key); size_t result = from_c(session)->new_outbound_session( *from_c(account), identity_key, one_time_key, @@ -570,15 +569,15 @@ size_t olm_create_inbound_session_from( void const * their_identity_key, size_t their_identity_key_length, void * one_time_key_message, size_t message_length ) { - if (olm::decode_base64_length(their_identity_key_length) != 32) { + std::uint8_t const * id_key = from_c(their_identity_key); + std::size_t id_key_length = their_identity_key_length; + + if (olm::decode_base64_length(id_key_length) != olm::KEY_LENGTH) { from_c(session)->last_error = olm::ErrorCode::INVALID_BASE64; return std::size_t(-1); } olm::Curve25519PublicKey identity_key; - olm::decode_base64( - from_c(their_identity_key), their_identity_key_length, - identity_key.public_key - ); + olm::decode_base64(id_key, id_key_length, identity_key.public_key); std::size_t raw_length = b64_input( from_c(one_time_key_message), message_length, from_c(session)->last_error @@ -641,15 +640,15 @@ size_t olm_matches_inbound_session_from( void const * their_identity_key, size_t their_identity_key_length, void * one_time_key_message, size_t message_length ) { - if (olm::decode_base64_length(their_identity_key_length) != 32) { + std::uint8_t const * id_key = from_c(their_identity_key); + std::size_t id_key_length = their_identity_key_length; + + if (olm::decode_base64_length(id_key_length) != olm::KEY_LENGTH) { from_c(session)->last_error = olm::ErrorCode::INVALID_BASE64; return std::size_t(-1); } olm::Curve25519PublicKey identity_key; - olm::decode_base64( - from_c(their_identity_key), their_identity_key_length, - identity_key.public_key - ); + olm::decode_base64(id_key, id_key_length, identity_key.public_key); std::size_t raw_length = b64_input( from_c(one_time_key_message), message_length, from_c(session)->last_error @@ -800,15 +799,12 @@ size_t olm_ed25519_verify( void const * message, size_t message_length, void * signature, size_t signature_length ) { - if (olm::decode_base64_length(key_length) != 32) { + if (olm::decode_base64_length(key_length) != olm::KEY_LENGTH) { from_c(utility)->last_error = olm::ErrorCode::INVALID_BASE64; return std::size_t(-1); } olm::Ed25519PublicKey verify_key; - olm::decode_base64( - from_c(key), key_length, - verify_key.public_key - ); + olm::decode_base64(from_c(key), key_length, verify_key.public_key); std::size_t raw_signature_length = b64_input( from_c(signature), signature_length, from_c(utility)->last_error ); @@ -822,5 +818,4 @@ size_t olm_ed25519_verify( ); } - } diff --git a/src/ratchet.cpp b/src/ratchet.cpp index 110ea93..5ef1e56 100644 --- a/src/ratchet.cpp +++ b/src/ratchet.cpp @@ -23,11 +23,10 @@ namespace { -std::uint8_t PROTOCOL_VERSION = 3; -std::size_t KEY_LENGTH = olm::Curve25519PublicKey::LENGTH; -std::uint8_t MESSAGE_KEY_SEED[1] = {0x01}; -std::uint8_t CHAIN_KEY_SEED[1] = {0x02}; -std::size_t MAX_MESSAGE_GAP = 2000; +static const std::uint8_t PROTOCOL_VERSION = 3; +static const std::uint8_t MESSAGE_KEY_SEED[1] = {0x01}; +static const std::uint8_t CHAIN_KEY_SEED[1] = {0x02}; +static const std::size_t MAX_MESSAGE_GAP = 2000; static void create_chain_key( olm::SharedKey const & root_key, @@ -39,15 +38,16 @@ static void create_chain_key( ) { olm::SharedKey secret; olm::curve25519_shared_secret(our_key, their_key, secret); - std::uint8_t derived_secrets[64]; + std::uint8_t derived_secrets[2 * olm::KEY_LENGTH]; olm::hkdf_sha256( secret, sizeof(secret), root_key, sizeof(root_key), info.ratchet_info, info.ratchet_info_length, derived_secrets, sizeof(derived_secrets) ); - std::memcpy(new_root_key, derived_secrets, 32); - std::memcpy(new_chain_key.key, derived_secrets + 32, 32); + std::uint8_t const * pos = derived_secrets; + pos = olm::load_array(new_root_key, pos); + pos = olm::load_array(new_chain_key.key, pos); new_chain_key.index = 0; olm::unset(derived_secrets); olm::unset(secret); @@ -148,9 +148,7 @@ static std::size_t verify_mac_and_decrypt_for_new_chain( if (reader.counter > MAX_MESSAGE_GAP) { return std::size_t(-1); } - std::memcpy( - new_chain.ratchet_key.public_key, reader.ratchet_key, KEY_LENGTH - ); + olm::load_array(new_chain.ratchet_key.public_key, reader.ratchet_key); create_chain_key( session.root_key, session.sender_chain[0].ratchet_key, @@ -183,7 +181,7 @@ void olm::Ratchet::initialise_as_bob( std::uint8_t const * shared_secret, std::size_t shared_secret_length, olm::Curve25519PublicKey const & their_ratchet_key ) { - std::uint8_t derived_secrets[64]; + std::uint8_t derived_secrets[2 * olm::KEY_LENGTH]; olm::hkdf_sha256( shared_secret, shared_secret_length, nullptr, 0, @@ -192,8 +190,9 @@ void olm::Ratchet::initialise_as_bob( ); receiver_chains.insert(); receiver_chains[0].chain_key.index = 0; - std::memcpy(root_key, derived_secrets, 32); - std::memcpy(receiver_chains[0].chain_key.key, derived_secrets + 32, 32); + std::uint8_t const * pos = derived_secrets; + pos = olm::load_array(root_key, pos); + pos = olm::load_array(receiver_chains[0].chain_key.key, pos); receiver_chains[0].ratchet_key = their_ratchet_key; olm::unset(derived_secrets); } @@ -203,7 +202,7 @@ void olm::Ratchet::initialise_as_alice( std::uint8_t const * shared_secret, std::size_t shared_secret_length, olm::Curve25519KeyPair const & our_ratchet_key ) { - std::uint8_t derived_secrets[64]; + std::uint8_t derived_secrets[2 * olm::KEY_LENGTH]; olm::hkdf_sha256( shared_secret, shared_secret_length, nullptr, 0, @@ -212,8 +211,9 @@ void olm::Ratchet::initialise_as_alice( ); sender_chain.insert(); sender_chain[0].chain_key.index = 0; - std::memcpy(root_key, derived_secrets, 32); - std::memcpy(sender_chain[0].chain_key.key, derived_secrets + 32, 32); + std::uint8_t const * pos = derived_secrets; + pos = olm::load_array(root_key, pos); + pos = olm::load_array(sender_chain[0].chain_key.key, pos); sender_chain[0].ratchet_key = our_ratchet_key; olm::unset(derived_secrets); } @@ -224,7 +224,7 @@ namespace olm { static std::size_t pickle_length( const olm::SharedKey & value ) { - return KEY_LENGTH; + return olm::KEY_LENGTH; } @@ -232,7 +232,7 @@ static std::uint8_t * pickle( std::uint8_t * pos, const olm::SharedKey & value ) { - return olm::pickle_bytes(pos, value, KEY_LENGTH); + return olm::pickle_bytes(pos, value, olm::KEY_LENGTH); } @@ -240,7 +240,7 @@ static std::uint8_t const * unpickle( std::uint8_t const * pos, std::uint8_t const * end, olm::SharedKey & value ) { - return olm::unpickle_bytes(pos, end, value, KEY_LENGTH); + return olm::unpickle_bytes(pos, end, value, olm::KEY_LENGTH); } @@ -349,7 +349,7 @@ std::size_t olm::pickle_length( olm::Ratchet const & value ) { std::size_t length = 0; - length += KEY_LENGTH; + length += olm::KEY_LENGTH; length += olm::pickle_length(value.sender_chain); length += olm::pickle_length(value.receiver_chains); length += olm::pickle_length(value.skipped_message_keys); @@ -391,13 +391,13 @@ std::size_t olm::Ratchet::encrypt_output_length( plaintext_length ); return olm::encode_message_length( - counter, KEY_LENGTH, padded, ratchet_cipher.mac_length() + counter, olm::KEY_LENGTH, padded, ratchet_cipher.mac_length() ); } std::size_t olm::Ratchet::encrypt_random_length() { - return sender_chain.empty() ? KEY_LENGTH : 0; + return sender_chain.empty() ? olm::KEY_LENGTH : 0; } @@ -442,10 +442,11 @@ std::size_t olm::Ratchet::encrypt( olm::MessageWriter writer; olm::encode_message( - writer, PROTOCOL_VERSION, counter, KEY_LENGTH, ciphertext_length, output + writer, PROTOCOL_VERSION, counter, olm::KEY_LENGTH, ciphertext_length, + output ); - std::memcpy(writer.ratchet_key, ratchet_key.public_key, KEY_LENGTH); + olm::store_array(writer.ratchet_key, ratchet_key.public_key); ratchet_cipher.encrypt( keys.key, sizeof(keys.key), @@ -504,7 +505,7 @@ std::size_t olm::Ratchet::decrypt( return std::size_t(-1); } - if (reader.ratchet_key_length != KEY_LENGTH) { + if (reader.ratchet_key_length != olm::KEY_LENGTH) { last_error = olm::ErrorCode::BAD_MESSAGE_FORMAT; return std::size_t(-1); } @@ -513,7 +514,7 @@ std::size_t olm::Ratchet::decrypt( for (olm::ReceiverChain & receiver_chain : receiver_chains) { if (0 == std::memcmp( receiver_chain.ratchet_key.public_key, reader.ratchet_key, - KEY_LENGTH + olm::KEY_LENGTH )) { chain = &receiver_chain; break; @@ -533,7 +534,7 @@ std::size_t olm::Ratchet::decrypt( if (reader.counter == skipped.message_key.index && 0 == std::memcmp( skipped.ratchet_key.public_key, reader.ratchet_key, - KEY_LENGTH + olm::KEY_LENGTH ) ) { /* Found the key for this message. Check the MAC. */ @@ -569,9 +570,7 @@ std::size_t olm::Ratchet::decrypt( * We can discard our previous empheral ratchet key. * We will generate a new key when we send the next message. */ chain = receiver_chains.insert(); - std::memcpy( - chain->ratchet_key.public_key, reader.ratchet_key, KEY_LENGTH - ); + olm::load_array(chain->ratchet_key.public_key, reader.ratchet_key); create_chain_key( root_key, sender_chain[0].ratchet_key, chain->ratchet_key, kdf_info, root_key, chain->chain_key diff --git a/src/session.cpp b/src/session.cpp index 18f0000..71c80e4 100644 --- a/src/session.cpp +++ b/src/session.cpp @@ -24,7 +24,6 @@ namespace { -static const std::size_t KEY_LENGTH = 32; static const std::uint8_t PROTOCOL_VERSION = 0x3; static const std::uint8_t ROOT_KDF_INFO[] = "OLM_ROOT"; @@ -51,7 +50,7 @@ olm::Session::Session( std::size_t olm::Session::new_outbound_session_random_length() { - return KEY_LENGTH * 2; + return olm::KEY_LENGTH * 2; } @@ -66,35 +65,35 @@ std::size_t olm::Session::new_outbound_session( return std::size_t(-1); } - Curve25519KeyPair base_key; + olm::Curve25519KeyPair base_key; olm::curve25519_generate_key(random, base_key); - Curve25519KeyPair ratchet_key; - olm::curve25519_generate_key(random + 32, ratchet_key); + olm::Curve25519KeyPair ratchet_key; + olm::curve25519_generate_key(random + olm::KEY_LENGTH, ratchet_key); + + olm::Curve25519KeyPair const & alice_identity_key_pair = ( + local_account.identity_keys.curve25519_key + ); received_message = false; - alice_identity_key = local_account.identity_keys.curve25519_key; + alice_identity_key = alice_identity_key_pair; alice_base_key = base_key; bob_one_time_key = one_time_key; - std::uint8_t shared_secret[96]; + std::uint8_t secret[3 * olm::KEY_LENGTH]; + std::uint8_t * pos = secret; - olm::curve25519_shared_secret( - local_account.identity_keys.curve25519_key, - one_time_key, shared_secret - ); - olm::curve25519_shared_secret( - base_key, identity_key, shared_secret + 32 - ); - olm::curve25519_shared_secret( - base_key, one_time_key, shared_secret + 64 - ); + olm::curve25519_shared_secret(alice_identity_key_pair, one_time_key, pos); + pos += olm::KEY_LENGTH; + olm::curve25519_shared_secret(base_key, identity_key, pos); + pos += olm::KEY_LENGTH; + olm::curve25519_shared_secret(base_key, one_time_key, pos); - ratchet.initialise_as_alice(shared_secret, 96, ratchet_key); + ratchet.initialise_as_alice(secret, sizeof(secret), ratchet_key); olm::unset(base_key); olm::unset(ratchet_key); - olm::unset(shared_secret); + olm::unset(secret); return std::size_t(0); } @@ -107,13 +106,13 @@ static bool check_message_fields( bool ok = true; ok = ok && (have_their_identity_key || reader.identity_key); if (reader.identity_key) { - ok = ok && reader.identity_key_length == KEY_LENGTH; + ok = ok && reader.identity_key_length == olm::KEY_LENGTH; } ok = ok && reader.message; ok = ok && reader.base_key; - ok = ok && reader.base_key_length == KEY_LENGTH; + ok = ok && reader.base_key_length == olm::KEY_LENGTH; ok = ok && reader.one_time_key; - ok = ok && reader.one_time_key_length == KEY_LENGTH; + ok = ok && reader.one_time_key_length == olm::KEY_LENGTH; return ok; } @@ -135,7 +134,7 @@ std::size_t olm::Session::new_inbound_session( if (reader.identity_key && their_identity_key) { bool same = 0 == std::memcmp( - their_identity_key->public_key, reader.identity_key, KEY_LENGTH + their_identity_key->public_key, reader.identity_key, olm::KEY_LENGTH ); if (!same) { last_error = olm::ErrorCode::BAD_MESSAGE_KEY_ID; @@ -150,16 +149,16 @@ std::size_t olm::Session::new_inbound_session( ); if (!message_reader.ratchet_key - || message_reader.ratchet_key_length != KEY_LENGTH) { + || message_reader.ratchet_key_length != olm::KEY_LENGTH) { last_error = olm::ErrorCode::BAD_MESSAGE_FORMAT; return std::size_t(-1); } - std::memcpy(alice_identity_key.public_key, reader.identity_key, 32); - std::memcpy(alice_base_key.public_key, reader.base_key, 32); - std::memcpy(bob_one_time_key.public_key, reader.one_time_key, 32); + olm::load_array(alice_identity_key.public_key, reader.identity_key); + olm::load_array(alice_base_key.public_key, reader.base_key); + olm::load_array(bob_one_time_key.public_key, reader.one_time_key); olm::Curve25519PublicKey ratchet_key; - std::memcpy(ratchet_key.public_key, message_reader.ratchet_key, 32); + olm::load_array(ratchet_key.public_key, message_reader.ratchet_key); olm::OneTimeKey const * our_one_time_key = local_account.lookup_key( bob_one_time_key @@ -170,27 +169,28 @@ std::size_t olm::Session::new_inbound_session( return std::size_t(-1); } - std::uint8_t shared_secret[96]; - - olm::curve25519_shared_secret( - our_one_time_key->key, alice_identity_key, shared_secret - ); - olm::curve25519_shared_secret( - local_account.identity_keys.curve25519_key, - alice_base_key, shared_secret + 32 - ); - olm::curve25519_shared_secret( - our_one_time_key->key, alice_base_key, shared_secret + 64 + olm::Curve25519KeyPair const & bob_identity_key = ( + local_account.identity_keys.curve25519_key ); + olm::Curve25519KeyPair const & bob_one_time_key = our_one_time_key->key; + + std::uint8_t secret[olm::KEY_LENGTH * 3]; + std::uint8_t * pos = secret; + olm::curve25519_shared_secret(bob_one_time_key, alice_identity_key, pos); + pos += olm::KEY_LENGTH; + olm::curve25519_shared_secret(bob_identity_key, alice_base_key, pos); + pos += olm::KEY_LENGTH; + olm::curve25519_shared_secret(bob_one_time_key, alice_base_key, pos); - ratchet.initialise_as_bob(shared_secret, 96, ratchet_key); + ratchet.initialise_as_bob(secret, sizeof(secret), ratchet_key); + olm::unset(secret); return std::size_t(0); } std::size_t olm::Session::session_id_length() { - return 32; + return olm::SHA256_OUTPUT_LENGTH; } @@ -201,10 +201,11 @@ std::size_t olm::Session::session_id( last_error = olm::ErrorCode::OUTPUT_BUFFER_TOO_SMALL; return std::size_t(-1); } - std::uint8_t tmp[96]; - std::memcpy(tmp, alice_identity_key.public_key, 32); - std::memcpy(tmp + 32, alice_base_key.public_key, 32); - std::memcpy(tmp + 64, bob_one_time_key.public_key, 32); + std::uint8_t tmp[olm::KEY_LENGTH * 3]; + std::uint8_t * pos = tmp; + pos = olm::store_array(pos, alice_identity_key.public_key); + pos = olm::store_array(pos, alice_base_key.public_key); + pos = olm::store_array(pos, bob_one_time_key.public_key); olm::sha256(tmp, sizeof(tmp), id); return session_id_length(); } @@ -224,20 +225,20 @@ bool olm::Session::matches_inbound_session( bool same = true; if (reader.identity_key) { same = same && 0 == std::memcmp( - reader.identity_key, alice_identity_key.public_key, KEY_LENGTH + reader.identity_key, alice_identity_key.public_key, olm::KEY_LENGTH ); } if (their_identity_key) { same = same && 0 == std::memcmp( their_identity_key->public_key, alice_identity_key.public_key, - KEY_LENGTH + olm::KEY_LENGTH ); } same = same && 0 == std::memcmp( - reader.base_key, alice_base_key.public_key, KEY_LENGTH + reader.base_key, alice_base_key.public_key, olm::KEY_LENGTH ); same = same && 0 == std::memcmp( - reader.one_time_key, bob_one_time_key.public_key, KEY_LENGTH + reader.one_time_key, bob_one_time_key.public_key, olm::KEY_LENGTH ); return same; } @@ -264,9 +265,9 @@ std::size_t olm::Session::encrypt_message_length( } return encode_one_time_key_message_length( - KEY_LENGTH, - KEY_LENGTH, - KEY_LENGTH, + olm::KEY_LENGTH, + olm::KEY_LENGTH, + olm::KEY_LENGTH, message_length ); } @@ -298,21 +299,15 @@ std::size_t olm::Session::encrypt( encode_one_time_key_message( writer, PROTOCOL_VERSION, - KEY_LENGTH, - KEY_LENGTH, - KEY_LENGTH, + olm::KEY_LENGTH, + olm::KEY_LENGTH, + olm::KEY_LENGTH, message_body_length, message ); - std::memcpy( - writer.one_time_key, bob_one_time_key.public_key, KEY_LENGTH - ); - std::memcpy( - writer.identity_key, alice_identity_key.public_key, KEY_LENGTH - ); - std::memcpy( - writer.base_key, alice_base_key.public_key, KEY_LENGTH - ); + olm::store_array(writer.one_time_key, bob_one_time_key.public_key); + olm::store_array(writer.identity_key, alice_identity_key.public_key); + olm::store_array(writer.base_key, alice_base_key.public_key); message_body = writer.message; } diff --git a/src/utility.cpp b/src/utility.cpp index 1d8c5c1..bc51cff 100644 --- a/src/utility.cpp +++ b/src/utility.cpp @@ -23,7 +23,7 @@ olm::Utility::Utility( size_t olm::Utility::sha256_length() { - return olm::HMAC_SHA256_OUTPUT_LENGTH; + return olm::SHA256_OUTPUT_LENGTH; } @@ -36,7 +36,7 @@ size_t olm::Utility::sha256( return std::size_t(-1); } olm::sha256(input, input_length, output); - return 32; + return olm::SHA256_OUTPUT_LENGTH; } @@ -45,7 +45,7 @@ size_t olm::Utility::ed25519_verify( std::uint8_t const * message, std::size_t message_length, std::uint8_t const * signature, std::size_t signature_length ) { - if (signature_length < 64) { + if (signature_length < olm::SIGNATURE_LENGTH) { last_error = olm::ErrorCode::BAD_MESSAGE_MAC; return std::size_t(-1); } diff --git a/tests/test_base64.cpp b/tests/test_base64.cpp index e6b3710..5bae2f9 100644 --- a/tests/test_base64.cpp +++ b/tests/test_base64.cpp @@ -33,5 +33,4 @@ olm::decode_base64(input, input_length, output); assert_equals(expected_output, output, output_length); } - } diff --git a/tests/test_crypto.cpp b/tests/test_crypto.cpp index b3ff593..4606c52 100644 --- a/tests/test_crypto.cpp +++ b/tests/test_crypto.cpp @@ -70,7 +70,7 @@ olm::curve25519_generate_key(bob_private, bob_pair); assert_equals(bob_private, bob_pair.private_key, 32); assert_equals(bob_public, bob_pair.public_key, 32); -std::uint8_t actual_agreement[olm::CURVE25519_SHARED_SECRET_LENGTH] = {}; +std::uint8_t actual_agreement[olm::KEY_LENGTH] = {}; olm::curve25519_shared_secret(alice_pair, bob_pair, actual_agreement); |