From f0acf6582f88ca66b3fabf7d622278da51a94c10 Mon Sep 17 00:00:00 2001 From: Richard van der Hoff Date: Fri, 2 Sep 2016 15:13:24 +0100 Subject: Convert Ed25519 and Curve25519 functions to plain C --- include/olm/account.hh | 10 +++---- include/olm/crypto.h | 79 ++++++++++++++++++++++++++++++++++++++++++++++++-- include/olm/crypto.hh | 61 -------------------------------------- include/olm/pickle.hh | 24 +++++++-------- include/olm/ratchet.hh | 10 +++---- include/olm/session.hh | 14 ++++----- include/olm/utility.hh | 6 ++-- 7 files changed, 108 insertions(+), 96 deletions(-) (limited to 'include') diff --git a/include/olm/account.hh b/include/olm/account.hh index 6ea0d19..4b7b190 100644 --- a/include/olm/account.hh +++ b/include/olm/account.hh @@ -25,14 +25,14 @@ namespace olm { struct IdentityKeys { - Ed25519KeyPair ed25519_key; - Curve25519KeyPair curve25519_key; + _olm_ed25519_key_pair ed25519_key; + _olm_curve25519_key_pair curve25519_key; }; struct OneTimeKey { std::uint32_t id; bool published; - Curve25519KeyPair key; + _olm_curve25519_key_pair key; }; @@ -128,12 +128,12 @@ struct Account { /** Lookup a one time key with the given public key */ OneTimeKey const * lookup_key( - Curve25519PublicKey const & public_key + _olm_curve25519_public_key const & public_key ); /** Remove a one time key with the given public key */ std::size_t remove_key( - Curve25519PublicKey const & public_key + _olm_curve25519_public_key const & public_key ); }; diff --git a/include/olm/crypto.h b/include/olm/crypto.h index 325080e..9fc3842 100644 --- a/include/olm/crypto.h +++ b/include/olm/crypto.h @@ -57,9 +57,35 @@ extern "C" { /** length of an aes256 initialisation vector */ #define AES256_IV_LENGTH 16 +struct _olm_curve25519_public_key { + uint8_t public_key[CURVE25519_KEY_LENGTH]; +}; -/** Computes SHA-256 of the input. The output buffer must be a least 32 - * bytes long. */ +struct _olm_curve25519_private_key { + uint8_t private_key[CURVE25519_KEY_LENGTH]; +}; + +struct _olm_curve25519_key_pair { + struct _olm_curve25519_public_key public_key; + struct _olm_curve25519_private_key private_key; +}; + +struct _olm_ed25519_public_key { + uint8_t public_key[ED25519_PUBLIC_KEY_LENGTH]; +}; + +struct _olm_ed25519_private_key { + uint8_t private_key[ED25519_PRIVATE_KEY_LENGTH]; +}; + +struct _olm_ed25519_key_pair { + struct _olm_ed25519_public_key public_key; + struct _olm_ed25519_private_key private_key; +}; + + +/** Computes SHA-256 of the input. The output buffer must be a least + * SHA256_OUTPUT_LENGTH (32) bytes long. */ void _olm_crypto_sha256( uint8_t const * input, size_t input_length, uint8_t * output @@ -68,7 +94,7 @@ void _olm_crypto_sha256( /** HMAC: Keyed-Hashing for Message Authentication * http://tools.ietf.org/html/rfc2104 * Computes HMAC-SHA-256 of the input for the key. The output buffer must - * be at least 32 bytes long. */ + * be at least SHA256_OUTPUT_LENGTH (32) bytes long. */ void _olm_crypto_hmac_sha256( uint8_t const * key, size_t key_length, uint8_t const * input, size_t input_length, @@ -87,6 +113,53 @@ void _olm_crypto_hkdf_sha256( ); +/** Generate a curve25519 key pair + * random_32_bytes should be CURVE25519_RANDOM_LENGTH (32) bytes long. + */ +void _olm_crypto_curve25519_generate_key( + uint8_t const * random_32_bytes, + struct _olm_curve25519_key_pair *output +); + + +/** Create a shared secret using our private key and their public key. + * The output buffer must be at least CURVE25519_SHARED_SECRET_LENGTH (32) bytes long. + */ +void _olm_crypto_curve25519_shared_secret( + const struct _olm_curve25519_key_pair *our_key, + const struct _olm_curve25519_public_key *their_key, + uint8_t * output +); + +/** Generate an ed25519 key pair + * random_32_bytes should be ED25519_RANDOM_LENGTH (32) bytes long. + */ +void _olm_crypto_ed25519_generate_key( + uint8_t const * random_bytes, + struct _olm_ed25519_key_pair *output +); + +/** Signs the message using our private key. + * + * The output buffer must be at least ED25519_SIGNATURE_LENGTH (64) bytes + * long. */ +void _olm_crypto_ed25519_sign( + const struct _olm_ed25519_key_pair *our_key, + const uint8_t * message, size_t message_length, + uint8_t * output +); + +/** Verify an ed25519 signature + * The signature input buffer must be ED25519_SIGNATURE_LENGTH (64) bytes long. + * Returns non-zero if the signature is valid. */ +int _olm_crypto_ed25519_verify( + const struct _olm_ed25519_public_key *their_key, + const uint8_t * message, size_t message_length, + const uint8_t * signature +); + + + #ifdef __cplusplus } // extern "C" #endif diff --git a/include/olm/crypto.hh b/include/olm/crypto.hh index 13fd7e9..e3098cc 100644 --- a/include/olm/crypto.hh +++ b/include/olm/crypto.hh @@ -25,67 +25,6 @@ namespace olm { -struct Curve25519PublicKey { - std::uint8_t public_key[CURVE25519_KEY_LENGTH]; -}; - - -struct Curve25519KeyPair : public Curve25519PublicKey { - std::uint8_t private_key[CURVE25519_KEY_LENGTH]; -}; - - -struct Ed25519PublicKey { - std::uint8_t public_key[ED25519_PUBLIC_KEY_LENGTH]; -}; - - -struct Ed25519KeyPair : public Ed25519PublicKey { - std::uint8_t private_key[ED25519_PRIVATE_KEY_LENGTH]; -}; - - -/** Generate a curve25519 key pair from 32 random bytes. */ -void curve25519_generate_key( - std::uint8_t const * random_32_bytes, - Curve25519KeyPair & key_pair -); - - -/** Create a shared secret using our private key and their public key. - * The output buffer must be at least 32 bytes long. */ -void curve25519_shared_secret( - Curve25519KeyPair const & our_key, - Curve25519PublicKey const & their_key, - std::uint8_t * output -); - - -/** Generate a curve25519 key pair from 32 random bytes. */ -void ed25519_generate_key( - std::uint8_t const * random_32_bytes, - Ed25519KeyPair & key_pair -); - - -/** Signs the message using our private key. - * The output buffer must be at least 64 bytes long. */ -void ed25519_sign( - Ed25519KeyPair const & our_key, - std::uint8_t const * message, std::size_t message_length, - std::uint8_t * output -); - - -/** Verify their message using their public key. - * The signature input buffer must be 64 bytes long. - * Returns true if the signature is valid. */ -bool ed25519_verify( - Ed25519PublicKey const & their_key, - std::uint8_t const * message, std::size_t message_length, - std::uint8_t const * signature -); - struct Aes256Key { std::uint8_t key[AES256_KEY_LENGTH]; diff --git a/include/olm/pickle.hh b/include/olm/pickle.hh index 13e6b01..c0b6ebf 100644 --- a/include/olm/pickle.hh +++ b/include/olm/pickle.hh @@ -109,70 +109,70 @@ std::uint8_t const * unpickle_bytes( std::size_t pickle_length( - const Curve25519PublicKey & value + const _olm_curve25519_public_key & value ); std::uint8_t * pickle( std::uint8_t * pos, - const Curve25519PublicKey & value + const _olm_curve25519_public_key & value ); std::uint8_t const * unpickle( std::uint8_t const * pos, std::uint8_t const * end, - Curve25519PublicKey & value + _olm_curve25519_public_key & value ); std::size_t pickle_length( - const Curve25519KeyPair & value + const _olm_curve25519_key_pair & value ); std::uint8_t * pickle( std::uint8_t * pos, - const Curve25519KeyPair & value + const _olm_curve25519_key_pair & value ); std::uint8_t const * unpickle( std::uint8_t const * pos, std::uint8_t const * end, - Curve25519KeyPair & value + _olm_curve25519_key_pair & value ); std::size_t pickle_length( - const Ed25519PublicKey & value + const _olm_ed25519_public_key & value ); std::uint8_t * pickle( std::uint8_t * pos, - const Ed25519PublicKey & value + const _olm_ed25519_public_key & value ); std::uint8_t const * unpickle( std::uint8_t const * pos, std::uint8_t const * end, - Ed25519PublicKey & value + _olm_ed25519_public_key & value ); std::size_t pickle_length( - const Ed25519KeyPair & value + const _olm_ed25519_key_pair & value ); std::uint8_t * pickle( std::uint8_t * pos, - const Ed25519KeyPair & value + const _olm_ed25519_key_pair & value ); std::uint8_t const * unpickle( std::uint8_t const * pos, std::uint8_t const * end, - Ed25519KeyPair & value + _olm_ed25519_key_pair & value ); } // namespace olm diff --git a/include/olm/ratchet.hh b/include/olm/ratchet.hh index e91d634..cdcba6b 100644 --- a/include/olm/ratchet.hh +++ b/include/olm/ratchet.hh @@ -41,19 +41,19 @@ struct MessageKey { struct SenderChain { - Curve25519KeyPair ratchet_key; + _olm_curve25519_key_pair ratchet_key; ChainKey chain_key; }; struct ReceiverChain { - Curve25519PublicKey ratchet_key; + _olm_curve25519_public_key ratchet_key; ChainKey chain_key; }; struct SkippedMessageKey { - Curve25519PublicKey ratchet_key; + _olm_curve25519_public_key ratchet_key; MessageKey message_key; }; @@ -108,14 +108,14 @@ struct Ratchet { * remote's first ratchet key */ void initialise_as_bob( std::uint8_t const * shared_secret, std::size_t shared_secret_length, - Curve25519PublicKey const & their_ratchet_key + _olm_curve25519_public_key const & their_ratchet_key ); /** Initialise the session using a shared secret and the public/private key * pair for the first ratchet key */ void initialise_as_alice( std::uint8_t const * shared_secret, std::size_t shared_secret_length, - Curve25519KeyPair const & our_ratchet_key + _olm_curve25519_key_pair const & our_ratchet_key ); /** The number of bytes of output the encrypt method will write for diff --git a/include/olm/session.hh b/include/olm/session.hh index 5b91cb1..9d44816 100644 --- a/include/olm/session.hh +++ b/include/olm/session.hh @@ -35,9 +35,9 @@ struct Session { bool received_message; - Curve25519PublicKey alice_identity_key; - Curve25519PublicKey alice_base_key; - Curve25519PublicKey bob_one_time_key; + _olm_curve25519_public_key alice_identity_key; + _olm_curve25519_public_key alice_base_key; + _olm_curve25519_public_key bob_one_time_key; /** The number of random bytes that are needed to create a new outbound * session. This will be 64 bytes since two ephemeral keys are needed. */ @@ -48,8 +48,8 @@ struct Session { * NOT_ENOUGH_RANDOM if the number of random bytes was too small. */ std::size_t new_outbound_session( Account const & local_account, - Curve25519PublicKey const & identity_key, - Curve25519PublicKey const & one_time_key, + _olm_curve25519_public_key const & identity_key, + _olm_curve25519_public_key const & one_time_key, std::uint8_t const * random, std::size_t random_length ); @@ -59,7 +59,7 @@ struct Session { * the message headers could not be decoded. */ std::size_t new_inbound_session( Account & local_account, - Curve25519PublicKey const * their_identity_key, + _olm_curve25519_public_key const * their_identity_key, std::uint8_t const * pre_key_message, std::size_t message_length ); @@ -82,7 +82,7 @@ struct Session { * session does not match or the pre-key message could not be decoded. */ bool matches_inbound_session( - Curve25519PublicKey const * their_identity_key, + _olm_curve25519_public_key const * their_identity_key, std::uint8_t const * pre_key_message, std::size_t message_length ); diff --git a/include/olm/utility.hh b/include/olm/utility.hh index 1339fe5..d650abc 100644 --- a/include/olm/utility.hh +++ b/include/olm/utility.hh @@ -21,9 +21,9 @@ #include #include -namespace olm { +struct _olm_ed25519_public_key; -struct Ed25519PublicKey; +namespace olm { struct Utility { @@ -48,7 +48,7 @@ struct Utility { * last_error will be set with an error code. If the signature was too short * or was not a valid signature then last_error will be BAD_MESSAGE_MAC. */ std::size_t ed25519_verify( - Ed25519PublicKey const & key, + _olm_ed25519_public_key const & key, std::uint8_t const * message, std::size_t message_length, std::uint8_t const * signature, std::size_t signature_length ); -- cgit v1.2.3 From 69f269ffaf88515f6d5c0b34178bf0096cf5773b Mon Sep 17 00:00:00 2001 From: Richard van der Hoff Date: Fri, 2 Sep 2016 15:35:04 +0100 Subject: Convert AES functions to plain C --- include/olm/account.hh | 2 +- include/olm/crypto.h | 35 +++++++++++++++++++++++++ include/olm/crypto.hh | 69 -------------------------------------------------- include/olm/pickle.hh | 2 +- include/olm/ratchet.hh | 4 ++- 5 files changed, 40 insertions(+), 72 deletions(-) delete mode 100644 include/olm/crypto.hh (limited to 'include') diff --git a/include/olm/account.hh b/include/olm/account.hh index 4b7b190..7e58ca3 100644 --- a/include/olm/account.hh +++ b/include/olm/account.hh @@ -16,7 +16,7 @@ #define OLM_ACCOUNT_HH_ #include "olm/list.hh" -#include "olm/crypto.hh" +#include "olm/crypto.h" #include "olm/error.h" #include diff --git a/include/olm/crypto.h b/include/olm/crypto.h index 9fc3842..dbf78ed 100644 --- a/include/olm/crypto.h +++ b/include/olm/crypto.h @@ -57,6 +57,15 @@ extern "C" { /** length of an aes256 initialisation vector */ #define AES256_IV_LENGTH 16 +struct _olm_aes256_key { + uint8_t key[AES256_KEY_LENGTH]; +}; + +struct _olm_aes256_iv { + uint8_t iv[AES256_IV_LENGTH]; +}; + + struct _olm_curve25519_public_key { uint8_t public_key[CURVE25519_KEY_LENGTH]; }; @@ -84,6 +93,32 @@ struct _olm_ed25519_key_pair { }; +/** The length of output the aes_encrypt_cbc function will write */ +size_t _olm_crypto_aes_encrypt_cbc_length( + size_t input_length +); + +/** Encrypts the input using AES256 in CBC mode with PKCS#7 padding. + * The output buffer must be big enough to hold the output including padding */ +void _olm_crypto_aes_encrypt_cbc( + const struct _olm_aes256_key *key, + const struct _olm_aes256_iv *iv, + const uint8_t *input, size_t input_length, + uint8_t *output +); + +/** Decrypts the input using AES256 in CBC mode. The output buffer must be at + * least the same size as the input buffer. Returns the length of the plaintext + * without padding on success or std::size_t(-1) if the padding is invalid. + */ +size_t _olm_crypto_aes_decrypt_cbc( + const struct _olm_aes256_key *key, + const struct _olm_aes256_iv *iv, + uint8_t const * input, size_t input_length, + uint8_t * output +); + + /** Computes SHA-256 of the input. The output buffer must be a least * SHA256_OUTPUT_LENGTH (32) bytes long. */ void _olm_crypto_sha256( diff --git a/include/olm/crypto.hh b/include/olm/crypto.hh deleted file mode 100644 index e3098cc..0000000 --- a/include/olm/crypto.hh +++ /dev/null @@ -1,69 +0,0 @@ -/* Copyright 2015 OpenMarket Ltd - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef OLM_CRYPTO_HH_ -#define OLM_CRYPTO_HH_ - -#include -#include - -// eventually all of this needs to move into crypto.h, and everything should -// use that. For now, include crypto.h here. - -#include "olm/crypto.h" - -namespace olm { - - -struct Aes256Key { - std::uint8_t key[AES256_KEY_LENGTH]; -}; - - -struct Aes256Iv { - std::uint8_t iv[AES256_IV_LENGTH]; -}; - - -/** The length of output the aes_encrypt_cbc function will write */ -std::size_t aes_encrypt_cbc_length( - std::size_t input_length -); - - -/** Encrypts the input using AES256 in CBC mode with PKCS#7 padding. - * The output buffer must be big enough to hold the output including padding */ -void aes_encrypt_cbc( - Aes256Key const & key, - Aes256Iv const & iv, - std::uint8_t const * input, std::size_t input_length, - std::uint8_t * output -); - - -/** Decrypts the input using AES256 in CBC mode. The output buffer must be at - * least the same size as the input buffer. Returns the length of the plaintext - * without padding on success or std::size_t(-1) if the padding is invalid. - */ -std::size_t aes_decrypt_cbc( - Aes256Key const & key, - Aes256Iv const & iv, - std::uint8_t const * input, std::size_t input_length, - std::uint8_t * output -); - - -} // namespace olm - -#endif /* OLM_CRYPTO_HH_ */ diff --git a/include/olm/pickle.hh b/include/olm/pickle.hh index c0b6ebf..a09b8a1 100644 --- a/include/olm/pickle.hh +++ b/include/olm/pickle.hh @@ -16,7 +16,7 @@ #define OLM_PICKLE_HH_ #include "olm/list.hh" -#include "olm/crypto.hh" +#include "olm/crypto.h" #include #include diff --git a/include/olm/ratchet.hh b/include/olm/ratchet.hh index cdcba6b..2e87e35 100644 --- a/include/olm/ratchet.hh +++ b/include/olm/ratchet.hh @@ -13,7 +13,9 @@ * limitations under the License. */ -#include "olm/crypto.hh" +#include + +#include "olm/crypto.h" #include "olm/list.hh" #include "olm/error.h" -- cgit v1.2.3