2016-04-26 12:44:32 +02:00
|
|
|
/* Copyright 2015, 2016 OpenMarket Ltd
|
2015-06-22 18:50:56 +02:00
|
|
|
*
|
|
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
* you may not use this file except in compliance with the License.
|
|
|
|
* You may obtain a copy of the License at
|
|
|
|
*
|
|
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
*
|
|
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
* See the License for the specific language governing permissions and
|
|
|
|
* limitations under the License.
|
|
|
|
*/
|
2015-06-27 01:15:23 +02:00
|
|
|
#include "olm/account.hh"
|
2015-07-07 17:42:03 +02:00
|
|
|
#include "olm/base64.hh"
|
2015-06-27 01:15:23 +02:00
|
|
|
#include "olm/pickle.hh"
|
2015-08-19 18:18:09 +02:00
|
|
|
#include "olm/memory.hh"
|
2015-06-12 17:15:37 +02:00
|
|
|
|
2015-07-09 17:09:16 +02:00
|
|
|
olm::Account::Account(
|
|
|
|
) : next_one_time_key_id(0),
|
2016-05-16 13:08:45 +02:00
|
|
|
last_error(OlmErrorCode::OLM_SUCCESS) {
|
2015-07-09 17:09:16 +02:00
|
|
|
}
|
|
|
|
|
2015-06-12 17:15:37 +02:00
|
|
|
|
2015-07-07 17:42:03 +02:00
|
|
|
olm::OneTimeKey const * olm::Account::lookup_key(
|
2015-07-08 15:53:25 +02:00
|
|
|
olm::Curve25519PublicKey const & public_key
|
2015-06-12 17:15:37 +02:00
|
|
|
) {
|
2015-07-07 17:42:03 +02:00
|
|
|
for (olm::OneTimeKey const & key : one_time_keys) {
|
2015-08-19 18:18:09 +02:00
|
|
|
if (olm::array_equal(key.key.public_key, public_key.public_key)) {
|
2015-07-08 15:53:25 +02:00
|
|
|
return &key;
|
|
|
|
}
|
2015-06-12 17:15:37 +02:00
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2015-06-27 01:15:23 +02:00
|
|
|
std::size_t olm::Account::remove_key(
|
2015-07-08 17:00:08 +02:00
|
|
|
olm::Curve25519PublicKey const & public_key
|
2015-06-22 12:02:42 +02:00
|
|
|
) {
|
2015-07-07 17:42:03 +02:00
|
|
|
OneTimeKey * i;
|
2015-06-22 12:02:42 +02:00
|
|
|
for (i = one_time_keys.begin(); i != one_time_keys.end(); ++i) {
|
2015-08-19 18:18:09 +02:00
|
|
|
if (olm::array_equal(i->key.public_key, public_key.public_key)) {
|
2015-07-08 17:00:08 +02:00
|
|
|
std::uint32_t id = i->id;
|
2015-06-22 12:02:42 +02:00
|
|
|
one_time_keys.erase(i);
|
|
|
|
return id;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return std::size_t(-1);
|
|
|
|
}
|
2015-06-15 18:47:22 +02:00
|
|
|
|
2015-06-27 01:15:23 +02:00
|
|
|
std::size_t olm::Account::new_account_random_length() {
|
2016-09-02 16:11:14 +02:00
|
|
|
return ED25519_RANDOM_LENGTH + CURVE25519_RANDOM_LENGTH;
|
2015-06-15 18:47:22 +02:00
|
|
|
}
|
|
|
|
|
2015-06-27 01:15:23 +02:00
|
|
|
std::size_t olm::Account::new_account(
|
2015-06-15 18:47:22 +02:00
|
|
|
uint8_t const * random, std::size_t random_length
|
|
|
|
) {
|
|
|
|
if (random_length < new_account_random_length()) {
|
2016-05-16 13:08:45 +02:00
|
|
|
last_error = OlmErrorCode::OLM_NOT_ENOUGH_RANDOM;
|
2015-06-22 12:02:42 +02:00
|
|
|
return std::size_t(-1);
|
2015-06-15 18:47:22 +02:00
|
|
|
}
|
|
|
|
|
2015-07-07 17:42:03 +02:00
|
|
|
olm::ed25519_generate_key(random, identity_keys.ed25519_key);
|
2016-09-02 16:11:14 +02:00
|
|
|
random += ED25519_RANDOM_LENGTH;
|
2015-07-07 17:42:03 +02:00
|
|
|
olm::curve25519_generate_key(random, identity_keys.curve25519_key);
|
2015-06-15 18:47:22 +02:00
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2015-07-07 17:42:03 +02:00
|
|
|
namespace {
|
|
|
|
|
2015-07-10 12:57:53 +02:00
|
|
|
uint8_t KEY_JSON_ED25519[] = "\"ed25519\":";
|
|
|
|
uint8_t KEY_JSON_CURVE25519[] = "\"curve25519\":";
|
2015-07-07 17:42:03 +02:00
|
|
|
|
|
|
|
template<typename T>
|
2015-08-18 18:09:55 +02:00
|
|
|
static std::uint8_t * write_string(
|
2015-07-07 17:42:03 +02:00
|
|
|
std::uint8_t * pos,
|
|
|
|
T const & value
|
|
|
|
) {
|
|
|
|
std::memcpy(pos, value, sizeof(T) - 1);
|
|
|
|
return pos + (sizeof(T) - 1);
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2015-07-10 12:57:53 +02:00
|
|
|
std::size_t olm::Account::get_identity_json_length() {
|
2015-07-07 17:42:03 +02:00
|
|
|
std::size_t length = 0;
|
2015-07-10 12:57:53 +02:00
|
|
|
length += 1; /* { */
|
|
|
|
length += sizeof(KEY_JSON_CURVE25519) - 1;
|
|
|
|
length += 1; /* " */
|
2015-07-08 16:30:34 +02:00
|
|
|
length += olm::encode_base64_length(
|
|
|
|
sizeof(identity_keys.curve25519_key.public_key)
|
|
|
|
);
|
2015-07-10 12:57:53 +02:00
|
|
|
length += 2; /* ", */
|
|
|
|
length += sizeof(KEY_JSON_ED25519) - 1;
|
|
|
|
length += 1; /* " */
|
2015-07-08 16:30:34 +02:00
|
|
|
length += olm::encode_base64_length(
|
|
|
|
sizeof(identity_keys.ed25519_key.public_key)
|
|
|
|
);
|
2015-07-10 12:57:53 +02:00
|
|
|
length += 2; /* "} */
|
2015-07-07 17:42:03 +02:00
|
|
|
return length;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
std::size_t olm::Account::get_identity_json(
|
|
|
|
std::uint8_t * identity_json, std::size_t identity_json_length
|
|
|
|
) {
|
|
|
|
std::uint8_t * pos = identity_json;
|
2015-07-10 12:57:53 +02:00
|
|
|
size_t expected_length = get_identity_json_length();
|
2015-07-07 17:42:03 +02:00
|
|
|
|
|
|
|
if (identity_json_length < expected_length) {
|
2016-05-16 13:08:45 +02:00
|
|
|
last_error = OlmErrorCode::OLM_OUTPUT_BUFFER_TOO_SMALL;
|
2015-07-07 17:42:03 +02:00
|
|
|
return std::size_t(-1);
|
|
|
|
}
|
|
|
|
|
2015-07-10 12:57:53 +02:00
|
|
|
*(pos++) = '{';
|
|
|
|
pos = write_string(pos, KEY_JSON_CURVE25519);
|
|
|
|
*(pos++) = '\"';
|
|
|
|
pos = olm::encode_base64(
|
|
|
|
identity_keys.curve25519_key.public_key,
|
|
|
|
sizeof(identity_keys.curve25519_key.public_key),
|
|
|
|
pos
|
2015-07-07 17:42:03 +02:00
|
|
|
);
|
2015-07-10 12:57:53 +02:00
|
|
|
*(pos++) = '\"'; *(pos++) = ',';
|
|
|
|
pos = write_string(pos, KEY_JSON_ED25519);
|
|
|
|
*(pos++) = '\"';
|
|
|
|
pos = olm::encode_base64(
|
|
|
|
identity_keys.ed25519_key.public_key,
|
|
|
|
sizeof(identity_keys.ed25519_key.public_key),
|
|
|
|
pos
|
|
|
|
);
|
|
|
|
*(pos++) = '\"'; *(pos++) = '}';
|
2015-07-07 17:42:03 +02:00
|
|
|
return pos - identity_json;
|
|
|
|
}
|
2015-06-15 18:47:22 +02:00
|
|
|
|
2015-07-10 12:57:53 +02:00
|
|
|
|
|
|
|
std::size_t olm::Account::signature_length(
|
|
|
|
) {
|
2016-09-02 16:11:14 +02:00
|
|
|
return ED25519_SIGNATURE_LENGTH;
|
2015-07-08 16:30:34 +02:00
|
|
|
}
|
|
|
|
|
2015-07-10 12:57:53 +02:00
|
|
|
|
|
|
|
std::size_t olm::Account::sign(
|
|
|
|
std::uint8_t const * message, std::size_t message_length,
|
|
|
|
std::uint8_t * signature, std::size_t signature_length
|
|
|
|
) {
|
|
|
|
if (signature_length < this->signature_length()) {
|
2016-05-16 13:08:45 +02:00
|
|
|
last_error = OlmErrorCode::OLM_OUTPUT_BUFFER_TOO_SMALL;
|
2015-07-10 12:57:53 +02:00
|
|
|
return std::size_t(-1);
|
|
|
|
}
|
|
|
|
olm::ed25519_sign(
|
|
|
|
identity_keys.ed25519_key, message, message_length, signature
|
|
|
|
);
|
|
|
|
return this->signature_length();
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2015-07-08 16:30:34 +02:00
|
|
|
std::size_t olm::Account::get_one_time_keys_json_length(
|
|
|
|
) {
|
|
|
|
std::size_t length = 0;
|
2015-08-18 18:09:55 +02:00
|
|
|
bool is_empty = true;
|
2015-07-08 16:30:34 +02:00
|
|
|
for (auto const & key : one_time_keys) {
|
2015-07-09 17:09:16 +02:00
|
|
|
if (key.published) {
|
|
|
|
continue;
|
|
|
|
}
|
2015-08-18 18:09:55 +02:00
|
|
|
is_empty = false;
|
2015-07-08 16:30:34 +02:00
|
|
|
length += 2; /* {" */
|
|
|
|
length += olm::encode_base64_length(olm::pickle_length(key.id));
|
|
|
|
length += 3; /* ":" */
|
|
|
|
length += olm::encode_base64_length(sizeof(key.key.public_key));
|
|
|
|
length += 1; /* " */
|
|
|
|
}
|
2015-08-18 18:09:55 +02:00
|
|
|
if (is_empty) {
|
|
|
|
length += 1; /* { */
|
2015-07-08 16:30:34 +02:00
|
|
|
}
|
2015-07-10 12:57:53 +02:00
|
|
|
length += 3; /* }{} */
|
|
|
|
length += sizeof(KEY_JSON_CURVE25519) - 1;
|
|
|
|
return length;
|
2015-07-08 16:30:34 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
std::size_t olm::Account::get_one_time_keys_json(
|
|
|
|
std::uint8_t * one_time_json, std::size_t one_time_json_length
|
|
|
|
) {
|
|
|
|
std::uint8_t * pos = one_time_json;
|
|
|
|
if (one_time_json_length < get_one_time_keys_json_length()) {
|
2016-05-16 13:08:45 +02:00
|
|
|
last_error = OlmErrorCode::OLM_OUTPUT_BUFFER_TOO_SMALL;
|
2015-07-08 16:30:34 +02:00
|
|
|
return std::size_t(-1);
|
|
|
|
}
|
2015-07-10 12:57:53 +02:00
|
|
|
*(pos++) = '{';
|
|
|
|
pos = write_string(pos, KEY_JSON_CURVE25519);
|
2015-07-08 16:30:34 +02:00
|
|
|
std::uint8_t sep = '{';
|
|
|
|
for (auto const & key : one_time_keys) {
|
2015-07-09 17:09:16 +02:00
|
|
|
if (key.published) {
|
|
|
|
continue;
|
|
|
|
}
|
2015-07-08 16:30:34 +02:00
|
|
|
*(pos++) = sep;
|
|
|
|
*(pos++) = '\"';
|
|
|
|
std::uint8_t key_id[olm::pickle_length(key.id)];
|
|
|
|
olm::pickle(key_id, key.id);
|
|
|
|
pos = olm::encode_base64(key_id, sizeof(key_id), pos);
|
|
|
|
*(pos++) = '\"'; *(pos++) = ':'; *(pos++) = '\"';
|
|
|
|
pos = olm::encode_base64(
|
|
|
|
key.key.public_key, sizeof(key.key.public_key), pos
|
|
|
|
);
|
|
|
|
*(pos++) = '\"';
|
|
|
|
sep = ',';
|
|
|
|
}
|
|
|
|
if (sep != ',') {
|
2015-08-18 18:09:55 +02:00
|
|
|
/* The list was empty */
|
2015-07-08 16:30:34 +02:00
|
|
|
*(pos++) = sep;
|
|
|
|
}
|
|
|
|
*(pos++) = '}';
|
2015-07-10 12:57:53 +02:00
|
|
|
*(pos++) = '}';
|
2015-07-08 16:30:34 +02:00
|
|
|
return pos - one_time_json;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2015-07-09 17:09:16 +02:00
|
|
|
std::size_t olm::Account::mark_keys_as_published(
|
|
|
|
) {
|
|
|
|
std::size_t count = 0;
|
|
|
|
for (auto & key : one_time_keys) {
|
|
|
|
if (!key.published) {
|
|
|
|
key.published = true;
|
|
|
|
count++;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return count;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
std::size_t olm::Account::max_number_of_one_time_keys(
|
|
|
|
) {
|
|
|
|
return olm::MAX_ONE_TIME_KEYS;
|
|
|
|
}
|
|
|
|
|
|
|
|
std::size_t olm::Account::generate_one_time_keys_random_length(
|
|
|
|
std::size_t number_of_keys
|
|
|
|
) {
|
2016-09-02 16:11:14 +02:00
|
|
|
return CURVE25519_RANDOM_LENGTH * number_of_keys;
|
2015-07-09 17:09:16 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
std::size_t olm::Account::generate_one_time_keys(
|
|
|
|
std::size_t number_of_keys,
|
|
|
|
std::uint8_t const * random, std::size_t random_length
|
|
|
|
) {
|
|
|
|
if (random_length < generate_one_time_keys_random_length(number_of_keys)) {
|
2016-05-16 13:08:45 +02:00
|
|
|
last_error = OlmErrorCode::OLM_NOT_ENOUGH_RANDOM;
|
2015-07-09 17:09:16 +02:00
|
|
|
return std::size_t(-1);
|
|
|
|
}
|
|
|
|
for (unsigned i = 0; i < number_of_keys; ++i) {
|
|
|
|
OneTimeKey & key = *one_time_keys.insert(one_time_keys.begin());
|
|
|
|
key.id = ++next_one_time_key_id;
|
|
|
|
key.published = false;
|
|
|
|
olm::curve25519_generate_key(random, key.key);
|
2016-09-02 16:11:14 +02:00
|
|
|
random += CURVE25519_RANDOM_LENGTH;
|
2015-07-09 17:09:16 +02:00
|
|
|
}
|
|
|
|
return number_of_keys;
|
|
|
|
}
|
|
|
|
|
2015-06-27 01:15:23 +02:00
|
|
|
namespace olm {
|
2015-06-12 17:15:37 +02:00
|
|
|
|
2015-07-07 17:42:03 +02:00
|
|
|
static std::size_t pickle_length(
|
|
|
|
olm::IdentityKeys const & value
|
|
|
|
) {
|
|
|
|
size_t length = 0;
|
|
|
|
length += olm::pickle_length(value.ed25519_key);
|
|
|
|
length += olm::pickle_length(value.curve25519_key);
|
|
|
|
return length;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static std::uint8_t * pickle(
|
|
|
|
std::uint8_t * pos,
|
|
|
|
olm::IdentityKeys const & value
|
|
|
|
) {
|
|
|
|
pos = olm::pickle(pos, value.ed25519_key);
|
|
|
|
pos = olm::pickle(pos, value.curve25519_key);
|
|
|
|
return pos;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static std::uint8_t const * unpickle(
|
|
|
|
std::uint8_t const * pos, std::uint8_t const * end,
|
|
|
|
olm::IdentityKeys & value
|
|
|
|
) {
|
|
|
|
pos = olm::unpickle(pos, end, value.ed25519_key);
|
|
|
|
pos = olm::unpickle(pos, end, value.curve25519_key);
|
|
|
|
return pos;
|
|
|
|
}
|
|
|
|
|
2015-06-12 17:15:37 +02:00
|
|
|
|
|
|
|
static std::size_t pickle_length(
|
2015-07-07 17:42:03 +02:00
|
|
|
olm::OneTimeKey const & value
|
2015-06-12 17:15:37 +02:00
|
|
|
) {
|
2015-07-09 17:09:16 +02:00
|
|
|
std::size_t length = 0;
|
|
|
|
length += olm::pickle_length(value.id);
|
|
|
|
length += olm::pickle_length(value.published);
|
|
|
|
length += olm::pickle_length(value.key);
|
|
|
|
return length;
|
2015-06-12 17:15:37 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static std::uint8_t * pickle(
|
|
|
|
std::uint8_t * pos,
|
2015-07-07 17:42:03 +02:00
|
|
|
olm::OneTimeKey const & value
|
2015-06-12 17:15:37 +02:00
|
|
|
) {
|
2015-06-27 01:15:23 +02:00
|
|
|
pos = olm::pickle(pos, value.id);
|
2015-07-09 17:09:16 +02:00
|
|
|
pos = olm::pickle(pos, value.published);
|
2015-06-27 01:15:23 +02:00
|
|
|
pos = olm::pickle(pos, value.key);
|
2015-06-12 17:15:37 +02:00
|
|
|
return pos;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static std::uint8_t const * unpickle(
|
|
|
|
std::uint8_t const * pos, std::uint8_t const * end,
|
2015-07-07 17:42:03 +02:00
|
|
|
olm::OneTimeKey & value
|
2015-06-12 17:15:37 +02:00
|
|
|
) {
|
2015-06-27 01:15:23 +02:00
|
|
|
pos = olm::unpickle(pos, end, value.id);
|
2015-07-09 17:09:16 +02:00
|
|
|
pos = olm::unpickle(pos, end, value.published);
|
2015-06-27 01:15:23 +02:00
|
|
|
pos = olm::unpickle(pos, end, value.key);
|
2015-06-12 17:15:37 +02:00
|
|
|
return pos;
|
|
|
|
}
|
|
|
|
|
2015-06-27 01:15:23 +02:00
|
|
|
} // namespace olm
|
2015-06-12 17:15:37 +02:00
|
|
|
|
2015-07-10 19:00:18 +02:00
|
|
|
namespace {
|
2016-09-01 14:35:23 +02:00
|
|
|
// pickle version 1 used only 32 bytes for the ed25519 private key.
|
|
|
|
// Any keys thus used should be considered compromised.
|
|
|
|
static const std::uint32_t ACCOUNT_PICKLE_VERSION = 2;
|
2015-07-10 19:00:18 +02:00
|
|
|
}
|
|
|
|
|
2015-06-12 17:15:37 +02:00
|
|
|
|
2015-06-27 01:15:23 +02:00
|
|
|
std::size_t olm::pickle_length(
|
|
|
|
olm::Account const & value
|
2015-06-12 17:15:37 +02:00
|
|
|
) {
|
|
|
|
std::size_t length = 0;
|
2015-07-10 19:00:18 +02:00
|
|
|
length += olm::pickle_length(ACCOUNT_PICKLE_VERSION);
|
2015-07-07 17:42:03 +02:00
|
|
|
length += olm::pickle_length(value.identity_keys);
|
2015-06-27 01:15:23 +02:00
|
|
|
length += olm::pickle_length(value.one_time_keys);
|
2015-07-09 17:09:16 +02:00
|
|
|
length += olm::pickle_length(value.next_one_time_key_id);
|
2015-06-12 17:15:37 +02:00
|
|
|
return length;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2015-06-27 01:15:23 +02:00
|
|
|
std::uint8_t * olm::pickle(
|
2015-06-12 17:15:37 +02:00
|
|
|
std::uint8_t * pos,
|
2015-06-27 01:15:23 +02:00
|
|
|
olm::Account const & value
|
2015-06-12 17:15:37 +02:00
|
|
|
) {
|
2015-07-10 19:00:18 +02:00
|
|
|
pos = olm::pickle(pos, ACCOUNT_PICKLE_VERSION);
|
2015-07-07 17:42:03 +02:00
|
|
|
pos = olm::pickle(pos, value.identity_keys);
|
2015-06-27 01:15:23 +02:00
|
|
|
pos = olm::pickle(pos, value.one_time_keys);
|
2015-07-09 17:09:16 +02:00
|
|
|
pos = olm::pickle(pos, value.next_one_time_key_id);
|
2015-06-12 17:15:37 +02:00
|
|
|
return pos;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2015-06-27 01:15:23 +02:00
|
|
|
std::uint8_t const * olm::unpickle(
|
2015-06-12 17:15:37 +02:00
|
|
|
std::uint8_t const * pos, std::uint8_t const * end,
|
2015-06-27 01:15:23 +02:00
|
|
|
olm::Account & value
|
2015-06-12 17:15:37 +02:00
|
|
|
) {
|
2015-07-10 19:00:18 +02:00
|
|
|
uint32_t pickle_version;
|
|
|
|
pos = olm::unpickle(pos, end, pickle_version);
|
2016-09-01 14:35:23 +02:00
|
|
|
switch (pickle_version) {
|
|
|
|
case ACCOUNT_PICKLE_VERSION:
|
|
|
|
break;
|
|
|
|
case 1:
|
|
|
|
value.last_error = OlmErrorCode::OLM_BAD_LEGACY_ACCOUNT_PICKLE;
|
|
|
|
return end;
|
|
|
|
default:
|
|
|
|
value.last_error = OlmErrorCode::OLM_UNKNOWN_PICKLE_VERSION;
|
|
|
|
return end;
|
2015-07-10 19:00:18 +02:00
|
|
|
}
|
2015-07-07 17:42:03 +02:00
|
|
|
pos = olm::unpickle(pos, end, value.identity_keys);
|
2015-06-27 01:15:23 +02:00
|
|
|
pos = olm::unpickle(pos, end, value.one_time_keys);
|
2015-07-09 17:09:16 +02:00
|
|
|
pos = olm::unpickle(pos, end, value.next_one_time_key_id);
|
2015-06-12 17:15:37 +02:00
|
|
|
return pos;
|
|
|
|
}
|