add support for an incorrect KDF that snuck into Riot 1.0

This commit is contained in:
Hubert Chathi 2019-04-02 23:39:05 -04:00
parent d5c0eb9d20
commit 3148157ea4
3 changed files with 47 additions and 0 deletions

View file

@ -147,6 +147,14 @@ size_t olm_sas_calculate_mac(
void * mac, size_t mac_length void * mac, size_t mac_length
); );
// for compatibility with an old version of Riot
size_t olm_sas_calculate_mac_long_kdf(
OlmSAS * sas,
void * input, size_t input_length,
const void * info, size_t info_length,
void * mac, size_t mac_length
);
/** @} */ // end of SAS group /** @} */ // end of SAS group
#ifdef __cplusplus #ifdef __cplusplus

View file

@ -75,3 +75,19 @@ SAS.prototype['calculate_mac'] = restore_stack(function(input, info) {
); );
return Pointer_stringify(mac_buffer); return Pointer_stringify(mac_buffer);
}); });
SAS.prototype['calculate_mac_long_kdf'] = restore_stack(function(input, info) {
var input_array = array_from_string(input);
var input_buffer = stack(input_array);
var info_array = array_from_string(info);
var info_buffer = stack(info_array);
var mac_length = sas_method(Module['_olm_sas_mac_length'])(this.ptr);
var mac_buffer = stack(mac_length + NULL_BYTE_PADDING_LENGTH);
sas_method(Module['_olm_sas_calculate_mac_long_kdf'])(
this.ptr,
input_buffer, input_array.length,
info_buffer, info_array.length,
mac_buffer, mac_length
);
return Pointer_stringify(mac_buffer);
});

View file

@ -139,3 +139,26 @@ size_t olm_sas_calculate_mac(
_olm_encode_base64((const uint8_t *)mac, SHA256_OUTPUT_LENGTH, (uint8_t *)mac); _olm_encode_base64((const uint8_t *)mac, SHA256_OUTPUT_LENGTH, (uint8_t *)mac);
return 0; return 0;
} }
// for compatibility with an old version of Riot
size_t olm_sas_calculate_mac_long_kdf(
OlmSAS * sas,
void * input, size_t input_length,
const void * info, size_t info_length,
void * mac, size_t mac_length
) {
if (mac_length < olm_sas_mac_length(sas)) {
sas->last_error = OLM_OUTPUT_BUFFER_TOO_SMALL;
return (size_t)-1;
}
uint8_t key[256];
_olm_crypto_hkdf_sha256(
sas->secret, sizeof(sas->secret),
NULL, 0,
(const uint8_t *) info, info_length,
key, 256
);
_olm_crypto_hmac_sha256(key, 256, input, input_length, mac);
_olm_encode_base64((const uint8_t *)mac, SHA256_OUTPUT_LENGTH, (uint8_t *)mac);
return 0;
}