SAS: add olm_sas_is_their_key_set

Also make olm_sas_generate_bytes fail if their key wasn't set.
This commit is contained in:
Saúl Ibarra Corretgé 2020-09-23 10:13:46 +02:00 committed by Hubert Chathi
parent 4bae4134eb
commit 2ef1f6f4fc
6 changed files with 44 additions and 4 deletions

View file

@ -53,10 +53,10 @@ enum OlmErrorCode {
OLM_INPUT_BUFFER_TOO_SMALL = 15, OLM_INPUT_BUFFER_TOO_SMALL = 15,
// Not an error code, just here to pad out the enum past 16 because /**
// otherwise the compiler warns about a redunant check. If you're * SAS doesn't have their key set.
// adding an error code, replace this one! */
OLM_ERROR_NOT_INVENTED_YET = 16, OLM_SAS_THEIR_KEY_NOT_SET = 16,
/* remember to update the list of string constants in error.c when updating /* remember to update the list of string constants in error.c when updating
* this list. */ * this list. */

View file

@ -105,6 +105,15 @@ size_t olm_sas_set_their_key(
void * their_key, size_t their_key_length void * their_key, size_t their_key_length
); );
/** Checks if their key was set.
*
* @param[in] sas the SAS object.
*
*/
int olm_sas_is_their_key_set(
OlmSAS *sas
);
/** Generate bytes to use for the short authentication string. /** Generate bytes to use for the short authentication string.
* *
* @param[in] sas the SAS object. * @param[in] sas the SAS object.
@ -114,6 +123,9 @@ size_t olm_sas_set_their_key(
* @param[out] output the output buffer. * @param[out] output the output buffer.
* @param[in] output_length the size of the output buffer. For hex-based SAS * @param[in] output_length the size of the output buffer. For hex-based SAS
* as in the Matrix spec, this will be 5. * as in the Matrix spec, this will be 5.
*
* @return `olm_error()` on failure. If their key wasn't set then
* `olm_sas_last_error()` will be `SAS_THEIR_KEY_NOT_SET`.
*/ */
size_t olm_sas_generate_bytes( size_t olm_sas_generate_bytes(
OlmSAS * sas, OlmSAS * sas,

View file

@ -42,6 +42,12 @@ SAS.prototype['set_their_key'] = restore_stack(function(their_key) {
); );
}); });
SAS.prototype['is_their_key_set'] = restore_stack(function() {
return sas_method(Module['_olm_sas_is_their_key_set'])(
this.ptr
) ? true : false;
});
SAS.prototype['generate_bytes'] = restore_stack(function(info, length) { SAS.prototype['generate_bytes'] = restore_stack(function(info, length) {
var info_array = array_from_string(info); var info_array = array_from_string(info);
var info_buffer = stack(info_array); var info_buffer = stack(info_array);

View file

@ -50,4 +50,13 @@ describe("sas", function() {
bob.set_their_key(alice.get_pubkey()); bob.set_their_key(alice.get_pubkey());
expect(alice.calculate_mac("test", "MAC").toString()).toEqual(bob.calculate_mac("test", "MAC").toString()); expect(alice.calculate_mac("test", "MAC").toString()).toEqual(bob.calculate_mac("test", "MAC").toString());
}); });
it('should fail to generate bytes if their key is not set', function () {
expect(alice.is_their_key_set()).toBeFalsy();
expect(() => {
alice.generate_bytes("SAS", 5);
}).toThrow();
alice.set_their_key(bob.get_pubkey());
expect(alice.is_their_key_set()).toBeTruthy();
});
}); });

View file

@ -32,6 +32,7 @@ static const char * ERRORS[] = {
"BAD_LEGACY_ACCOUNT_PICKLE", "BAD_LEGACY_ACCOUNT_PICKLE",
"BAD_SIGNATURE", "BAD_SIGNATURE",
"OLM_INPUT_BUFFER_TOO_SMALL", "OLM_INPUT_BUFFER_TOO_SMALL",
"OLM_SAS_THEIR_KEY_NOT_SET"
}; };
const char * _olm_error_to_string(enum OlmErrorCode error) const char * _olm_error_to_string(enum OlmErrorCode error)

View file

@ -23,6 +23,7 @@ struct OlmSAS {
enum OlmErrorCode last_error; enum OlmErrorCode last_error;
struct _olm_curve25519_key_pair curve25519_key; struct _olm_curve25519_key_pair curve25519_key;
uint8_t secret[CURVE25519_SHARED_SECRET_LENGTH]; uint8_t secret[CURVE25519_SHARED_SECRET_LENGTH];
int their_key_set;
}; };
const char * olm_sas_last_error( const char * olm_sas_last_error(
@ -95,14 +96,25 @@ size_t olm_sas_set_their_key(
} }
_olm_decode_base64(their_key, their_key_length, their_key); _olm_decode_base64(their_key, their_key_length, their_key);
_olm_crypto_curve25519_shared_secret(&sas->curve25519_key, their_key, sas->secret); _olm_crypto_curve25519_shared_secret(&sas->curve25519_key, their_key, sas->secret);
sas->their_key_set = 1;
return 0; return 0;
} }
int olm_sas_is_their_key_set(
OlmSAS *sas
) {
return sas->their_key_set;
}
size_t olm_sas_generate_bytes( size_t olm_sas_generate_bytes(
OlmSAS * sas, OlmSAS * sas,
const void * info, size_t info_length, const void * info, size_t info_length,
void * output, size_t output_length void * output, size_t output_length
) { ) {
if (!sas->their_key_set) {
sas->last_error = OLM_SAS_THEIR_KEY_NOT_SET;
return (size_t)-1;
}
_olm_crypto_hkdf_sha256( _olm_crypto_hkdf_sha256(
sas->secret, sizeof(sas->secret), sas->secret, sizeof(sas->secret),
NULL, 0, NULL, 0,