From 653790eacbf7dcf94cbf181657cdb0c30c890c3f Mon Sep 17 00:00:00 2001 From: Mark Haines Date: Thu, 20 Oct 2016 09:58:55 +0100 Subject: Return the message index when decrypting group messages. Applications can use the index to detect replays of the same message. --- include/olm/inbound_group_session.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'include/olm') diff --git a/include/olm/inbound_group_session.h b/include/olm/inbound_group_session.h index 59146c2..f8a0bc3 100644 --- a/include/olm/inbound_group_session.h +++ b/include/olm/inbound_group_session.h @@ -140,7 +140,8 @@ size_t olm_group_decrypt( uint8_t * message, size_t message_length, /* output */ - uint8_t * plaintext, size_t max_plaintext_length + uint8_t * plaintext, size_t max_plaintext_length, + uint32_t * message_index ); -- cgit v1.2.3-70-g09d2 From 21ce3491dd39485eac35ad850257a20fc99f330d Mon Sep 17 00:00:00 2001 From: Richard van der Hoff Date: Fri, 21 Oct 2016 17:19:59 +0100 Subject: Clear random buf in olm_init_outbound_group_session All the other methods clear their random inputs. This one needs to do the same, to reduce the risk of the randomness being used elsewhere and leaking key info. --- include/olm/outbound_group_session.h | 2 +- src/outbound_group_session.c | 13 ++++++++----- 2 files changed, 9 insertions(+), 6 deletions(-) (limited to 'include/olm') diff --git a/include/olm/outbound_group_session.h b/include/olm/outbound_group_session.h index 90ccca3..663f1d2 100644 --- a/include/olm/outbound_group_session.h +++ b/include/olm/outbound_group_session.h @@ -96,7 +96,7 @@ size_t olm_init_outbound_group_session_random_length( */ size_t olm_init_outbound_group_session( OlmOutboundGroupSession *session, - uint8_t const * random, size_t random_length + uint8_t *random, size_t random_length ); /** diff --git a/src/outbound_group_session.c b/src/outbound_group_session.c index 4e4561a..ae45694 100644 --- a/src/outbound_group_session.c +++ b/src/outbound_group_session.c @@ -154,20 +154,23 @@ size_t olm_init_outbound_group_session_random_length( size_t olm_init_outbound_group_session( OlmOutboundGroupSession *session, - uint8_t const * random, size_t random_length + uint8_t *random, size_t random_length ) { + const uint8_t *random_ptr = random; + if (random_length < olm_init_outbound_group_session_random_length(session)) { /* Insufficient random data for new session */ session->last_error = OLM_NOT_ENOUGH_RANDOM; return (size_t)-1; } - megolm_init(&(session->ratchet), random, 0); - random += MEGOLM_RATCHET_LENGTH; + megolm_init(&(session->ratchet), random_ptr, 0); + random_ptr += MEGOLM_RATCHET_LENGTH; - _olm_crypto_ed25519_generate_key(random, &(session->signing_key)); - random += ED25519_RANDOM_LENGTH; + _olm_crypto_ed25519_generate_key(random_ptr, &(session->signing_key)); + random_ptr += ED25519_RANDOM_LENGTH; + _olm_unset(random, random_length); return 0; } -- cgit v1.2.3-70-g09d2 From 7e9f3bebb8390f975a76c0188ce4cb460fe6692e Mon Sep 17 00:00:00 2001 From: Mark Haines Date: Tue, 25 Oct 2016 14:42:10 +0100 Subject: Document the return values for olm_matches_inbound_session --- include/olm/olm.h | 6 ++++-- tests/test_olm.cpp | 32 ++++++++++++++++++++++++++++++-- 2 files changed, 34 insertions(+), 4 deletions(-) (limited to 'include/olm') diff --git a/include/olm/olm.h b/include/olm/olm.h index 3257e53..5764eb2 100644 --- a/include/olm/olm.h +++ b/include/olm/olm.h @@ -320,7 +320,8 @@ int olm_session_has_received_message( /** Checks if the PRE_KEY message is for this in-bound session. This can happen * if multiple messages are sent to this account before this account sends a - * message in reply. Returns olm_error() on failure. If the base64 + * message in reply. Returns 1 if the session matches. Returns 0 if the session + * does not match. Returns olm_error() on failure. If the base64 * couldn't be decoded then olm_session_last_error will be "INVALID_BASE64". * If the message was for an unsupported protocol version then * olm_session_last_error() will be "BAD_MESSAGE_VERSION". If the message @@ -333,7 +334,8 @@ size_t olm_matches_inbound_session( /** Checks if the PRE_KEY message is for this in-bound session. This can happen * if multiple messages are sent to this account before this account sends a - * message in reply. Returns olm_error() on failure. If the base64 + * message in reply. Returns 1 if the session matches. Returns 0 if the session + * does not match. Returns olm_error() on failure. If the base64 * couldn't be decoded then olm_session_last_error will be "INVALID_BASE64". * If the message was for an unsupported protocol version then * olm_session_last_error() will be "BAD_MESSAGE_VERSION". If the message diff --git a/tests/test_olm.cpp b/tests/test_olm.cpp index 4619558..b24cd90 100644 --- a/tests/test_olm.cpp +++ b/tests/test_olm.cpp @@ -165,6 +165,9 @@ std::uint8_t o_random[::olm_account_generate_one_time_keys_random_length( mock_random_b(o_random, sizeof(o_random)); ::olm_account_generate_one_time_keys(b_account, 42, o_random, sizeof(o_random)); +std::uint8_t a_id_keys[::olm_account_identity_keys_length(a_account)]; +::olm_account_identity_keys(a_account, a_id_keys, sizeof(a_id_keys)); + std::uint8_t b_id_keys[::olm_account_identity_keys_length(b_account)]; std::uint8_t b_ot_keys[::olm_account_one_time_keys_length(b_account)]; ::olm_account_identity_keys(b_account, b_id_keys, sizeof(b_id_keys)); @@ -176,8 +179,8 @@ std::uint8_t a_rand[::olm_create_outbound_session_random_length(a_session)]; mock_random_a(a_rand, sizeof(a_rand)); assert_not_equals(std::size_t(-1), ::olm_create_outbound_session( a_session, a_account, - b_id_keys + 15, 43, - b_ot_keys + 25, 43, + b_id_keys + 15, 43, // B's curve25519 identity key + b_ot_keys + 25, 43, // B's curve25519 one time key a_rand, sizeof(a_rand) )); @@ -202,6 +205,31 @@ std::uint8_t b_session_buffer[::olm_account_size()]; b_session, b_account, tmp_message_1, sizeof(message_1) ); +// Check that the inbound session matches the message it was created from. +std::memcpy(tmp_message_1, message_1, sizeof(message_1)); +assert_equals(std::size_t(1), ::olm_matches_inbound_session( + b_session, + tmp_message_1, sizeof(message_1) +)); + +// Check that the inbound session matches the key this message is supposed +// to be from. +std::memcpy(tmp_message_1, message_1, sizeof(message_1)); +assert_equals(std::size_t(1), ::olm_matches_inbound_session_from( + b_session, + a_id_keys + 15, 43, // A's curve125519 identity key. + tmp_message_1, sizeof(message_1) +)); + +// Check that the inbound session isn't from a different user. +std::memcpy(tmp_message_1, message_1, sizeof(message_1)); +assert_equals(std::size_t(0), ::olm_matches_inbound_session_from( + b_session, + b_id_keys + 15, 43, // B's curve25519 identity key. + tmp_message_1, sizeof(message_1) +)); + +// Check that we can decrypt the message. std::memcpy(tmp_message_1, message_1, sizeof(message_1)); std::uint8_t plaintext_1[::olm_decrypt_max_plaintext_length( b_session, 0, tmp_message_1, sizeof(message_1) -- cgit v1.2.3-70-g09d2