From 3148157ea4262082d957f45b36016c44f8e1415a Mon Sep 17 00:00:00 2001 From: Hubert Chathi Date: Tue, 2 Apr 2019 23:39:05 -0400 Subject: [PATCH] add support for an incorrect KDF that snuck into Riot 1.0 --- include/olm/sas.h | 8 ++++++++ javascript/olm_sas.js | 16 ++++++++++++++++ src/sas.c | 23 +++++++++++++++++++++++ 3 files changed, 47 insertions(+) diff --git a/include/olm/sas.h b/include/olm/sas.h index 46d4176..ec90ae7 100644 --- a/include/olm/sas.h +++ b/include/olm/sas.h @@ -147,6 +147,14 @@ size_t olm_sas_calculate_mac( void * mac, size_t mac_length ); +// for compatibility with an old version of Riot +size_t olm_sas_calculate_mac_long_kdf( + OlmSAS * sas, + void * input, size_t input_length, + const void * info, size_t info_length, + void * mac, size_t mac_length +); + /** @} */ // end of SAS group #ifdef __cplusplus diff --git a/javascript/olm_sas.js b/javascript/olm_sas.js index d5044ce..a2f82ee 100644 --- a/javascript/olm_sas.js +++ b/javascript/olm_sas.js @@ -75,3 +75,19 @@ SAS.prototype['calculate_mac'] = restore_stack(function(input, info) { ); return Pointer_stringify(mac_buffer); }); + +SAS.prototype['calculate_mac_long_kdf'] = restore_stack(function(input, info) { + var input_array = array_from_string(input); + var input_buffer = stack(input_array); + var info_array = array_from_string(info); + var info_buffer = stack(info_array); + var mac_length = sas_method(Module['_olm_sas_mac_length'])(this.ptr); + var mac_buffer = stack(mac_length + NULL_BYTE_PADDING_LENGTH); + sas_method(Module['_olm_sas_calculate_mac_long_kdf'])( + this.ptr, + input_buffer, input_array.length, + info_buffer, info_array.length, + mac_buffer, mac_length + ); + return Pointer_stringify(mac_buffer); +}); diff --git a/src/sas.c b/src/sas.c index c5be73f..b5a3131 100644 --- a/src/sas.c +++ b/src/sas.c @@ -139,3 +139,26 @@ size_t olm_sas_calculate_mac( _olm_encode_base64((const uint8_t *)mac, SHA256_OUTPUT_LENGTH, (uint8_t *)mac); return 0; } + +// for compatibility with an old version of Riot +size_t olm_sas_calculate_mac_long_kdf( + OlmSAS * sas, + void * input, size_t input_length, + const void * info, size_t info_length, + void * mac, size_t mac_length +) { + if (mac_length < olm_sas_mac_length(sas)) { + sas->last_error = OLM_OUTPUT_BUFFER_TOO_SMALL; + return (size_t)-1; + } + uint8_t key[256]; + _olm_crypto_hkdf_sha256( + sas->secret, sizeof(sas->secret), + NULL, 0, + (const uint8_t *) info, info_length, + key, 256 + ); + _olm_crypto_hmac_sha256(key, 256, input, input_length, mac); + _olm_encode_base64((const uint8_t *)mac, SHA256_OUTPUT_LENGTH, (uint8_t *)mac); + return 0; +}