diff options
Diffstat (limited to 'src/crypto.cpp')
-rw-r--r-- | src/crypto.cpp | 52 |
1 files changed, 27 insertions, 25 deletions
diff --git a/src/crypto.cpp b/src/crypto.cpp index fffda4c..8024355 100644 --- a/src/crypto.cpp +++ b/src/crypto.cpp @@ -66,8 +66,9 @@ void ed25519_keypair( namespace { static const std::uint8_t CURVE25519_BASEPOINT[32] = {9}; +static const std::size_t AES_KEY_SCHEDULE_LENGTH = 60; +static const std::size_t AES_KEY_BITS = 8 * olm::KEY_LENGTH; static const std::size_t AES_BLOCK_LENGTH = 16; -static const std::size_t SHA256_HASH_LENGTH = 32; static const std::size_t SHA256_BLOCK_LENGTH = 64; static const std::uint8_t HKDF_DEFAULT_SALT[32] = {}; @@ -119,7 +120,7 @@ inline static void hmac_sha256_final( std::uint8_t const * hmac_key, std::uint8_t * output ) { - std::uint8_t o_pad[SHA256_BLOCK_LENGTH + SHA256_HASH_LENGTH]; + std::uint8_t o_pad[SHA256_BLOCK_LENGTH + olm::SHA256_OUTPUT_LENGTH]; std::memcpy(o_pad, hmac_key, SHA256_BLOCK_LENGTH); for (std::size_t i = 0; i < SHA256_BLOCK_LENGTH; ++i) { o_pad[i] ^= 0x5C; @@ -140,7 +141,7 @@ void olm::curve25519_generate_key( std::uint8_t const * random_32_bytes, olm::Curve25519KeyPair & key_pair ) { - std::memcpy(key_pair.private_key, random_32_bytes, 32); + std::memcpy(key_pair.private_key, random_32_bytes, KEY_LENGTH); ::curve25519_donna( key_pair.public_key, key_pair.private_key, CURVE25519_BASEPOINT ); @@ -161,9 +162,9 @@ void olm::curve25519_sign( std::uint8_t const * message, std::size_t message_length, std::uint8_t * output ) { - std::uint8_t private_key[32]; - std::uint8_t public_key[32]; - std::memcpy(private_key, our_key.private_key, 32); + std::uint8_t private_key[KEY_LENGTH]; + std::uint8_t public_key[KEY_LENGTH]; + std::memcpy(private_key, our_key.private_key, KEY_LENGTH); ::ed25519_keypair(private_key, public_key); ::ed25519_sign( output, @@ -179,10 +180,10 @@ bool olm::curve25519_verify( std::uint8_t const * message, std::size_t message_length, std::uint8_t const * signature ) { - std::uint8_t public_key[32]; - std::uint8_t signature_buffer[64]; - std::memcpy(public_key, their_key.public_key, 32); - std::memcpy(signature_buffer, signature, 64); + std::uint8_t public_key[KEY_LENGTH]; + std::uint8_t signature_buffer[SIGNATURE_LENGTH]; + std::memcpy(public_key, their_key.public_key, KEY_LENGTH); + std::memcpy(signature_buffer, signature, SIGNATURE_LENGTH); ::convert_curve25519_to_ed25519(public_key, signature_buffer); return 0 != ::ed25519_verify( signature, @@ -196,7 +197,7 @@ void olm::ed25519_generate_key( std::uint8_t const * random_32_bytes, olm::Ed25519KeyPair & key_pair ) { - std::memcpy(key_pair.private_key, random_32_bytes, 32); + std::memcpy(key_pair.private_key, random_32_bytes, KEY_LENGTH); ::ed25519_keypair(key_pair.private_key, key_pair.public_key); } @@ -240,13 +241,13 @@ void olm::aes_encrypt_cbc( std::uint8_t const * input, std::size_t input_length, std::uint8_t * output ) { - std::uint32_t key_schedule[60]; - ::aes_key_setup(key.key, key_schedule, 256); + std::uint32_t key_schedule[AES_KEY_SCHEDULE_LENGTH]; + ::aes_key_setup(key.key, key_schedule, AES_KEY_BITS); std::uint8_t input_block[AES_BLOCK_LENGTH]; std::memcpy(input_block, iv.iv, AES_BLOCK_LENGTH); while (input_length >= AES_BLOCK_LENGTH) { xor_block<AES_BLOCK_LENGTH>(input_block, input); - ::aes_encrypt(input_block, output, key_schedule, 256); + ::aes_encrypt(input_block, output, key_schedule, AES_KEY_BITS); std::memcpy(input_block, output, AES_BLOCK_LENGTH); input += AES_BLOCK_LENGTH; output += AES_BLOCK_LENGTH; @@ -259,7 +260,7 @@ void olm::aes_encrypt_cbc( for (; i < AES_BLOCK_LENGTH; ++i) { input_block[i] ^= AES_BLOCK_LENGTH - input_length; } - ::aes_encrypt(input_block, output, key_schedule, 256); + ::aes_encrypt(input_block, output, key_schedule, AES_KEY_BITS); olm::unset(key_schedule); olm::unset(input_block); } @@ -271,14 +272,14 @@ std::size_t olm::aes_decrypt_cbc( std::uint8_t const * input, std::size_t input_length, std::uint8_t * output ) { - std::uint32_t key_schedule[60]; - ::aes_key_setup(key.key, key_schedule, 256); + std::uint32_t key_schedule[AES_KEY_SCHEDULE_LENGTH]; + ::aes_key_setup(key.key, key_schedule, AES_KEY_BITS); std::uint8_t block1[AES_BLOCK_LENGTH]; std::uint8_t block2[AES_BLOCK_LENGTH]; std::memcpy(block1, iv.iv, AES_BLOCK_LENGTH); for (std::size_t i = 0; i < input_length; i += AES_BLOCK_LENGTH) { std::memcpy(block2, &input[i], AES_BLOCK_LENGTH); - ::aes_decrypt(&input[i], &output[i], key_schedule, 256); + ::aes_decrypt(&input[i], &output[i], key_schedule, AES_KEY_BITS); xor_block<AES_BLOCK_LENGTH>(&output[i], block1); std::memcpy(block1, block2, AES_BLOCK_LENGTH); } @@ -301,6 +302,7 @@ void olm::sha256( olm::unset(context); } + void olm::hmac_sha256( std::uint8_t const * key, std::size_t key_length, std::uint8_t const * input, std::size_t input_length, @@ -325,7 +327,7 @@ void olm::hkdf_sha256( ) { ::SHA256_CTX context; std::uint8_t hmac_key[SHA256_BLOCK_LENGTH]; - std::uint8_t step_result[SHA256_HASH_LENGTH]; + std::uint8_t step_result[olm::SHA256_OUTPUT_LENGTH]; std::size_t bytes_remaining = output_length; std::uint8_t iteration = 1; if (!salt) { @@ -337,20 +339,20 @@ void olm::hkdf_sha256( hmac_sha256_init(&context, hmac_key); ::sha256_update(&context, input, input_length); hmac_sha256_final(&context, hmac_key, step_result); - hmac_sha256_key(step_result, SHA256_HASH_LENGTH, hmac_key); + hmac_sha256_key(step_result, olm::SHA256_OUTPUT_LENGTH, hmac_key); /* Extract */ hmac_sha256_init(&context, hmac_key); ::sha256_update(&context, info, info_length); ::sha256_update(&context, &iteration, 1); hmac_sha256_final(&context, hmac_key, step_result); - while (bytes_remaining > SHA256_HASH_LENGTH) { - std::memcpy(output, step_result, SHA256_HASH_LENGTH); - output += SHA256_HASH_LENGTH; - bytes_remaining -= SHA256_HASH_LENGTH; + while (bytes_remaining > olm::SHA256_OUTPUT_LENGTH) { + std::memcpy(output, step_result, olm::SHA256_OUTPUT_LENGTH); + output += olm::SHA256_OUTPUT_LENGTH; + bytes_remaining -= olm::SHA256_OUTPUT_LENGTH; iteration ++; hmac_sha256_init(&context, hmac_key); - ::sha256_update(&context, step_result, SHA256_HASH_LENGTH); + ::sha256_update(&context, step_result, olm::SHA256_OUTPUT_LENGTH); ::sha256_update(&context, info, info_length); ::sha256_update(&context, &iteration, 1); hmac_sha256_final(&context, hmac_key, step_result); |