Merge commit '27b57c8' into logging_enabled
This commit is contained in:
commit
61072c640c
24 changed files with 2296 additions and 120 deletions
|
@ -31,8 +31,21 @@ enum OlmErrorCode {
|
|||
OLM_BAD_ACCOUNT_KEY = 8, /*!< The supplied account key is invalid */
|
||||
OLM_UNKNOWN_PICKLE_VERSION = 9, /*!< The pickled object is too new */
|
||||
OLM_CORRUPTED_PICKLE = 10, /*!< The pickled object couldn't be decoded */
|
||||
|
||||
OLM_BAD_SESSION_KEY = 11, /*!< Attempt to initialise an inbound group
|
||||
session from an invalid session key */
|
||||
OLM_UNKNOWN_MESSAGE_INDEX = 12, /*!< Attempt to decode a message whose
|
||||
* index is earlier than our earliest
|
||||
* known session key.
|
||||
*/
|
||||
|
||||
/* remember to update the list of string constants in error.c when updating
|
||||
* this list. */
|
||||
};
|
||||
|
||||
/** get a string representation of the given error code. */
|
||||
const char * _olm_error_to_string(enum OlmErrorCode error);
|
||||
|
||||
#ifdef __cplusplus
|
||||
} // extern "C"
|
||||
#endif
|
||||
|
|
153
include/olm/inbound_group_session.h
Normal file
153
include/olm/inbound_group_session.h
Normal file
|
@ -0,0 +1,153 @@
|
|||
/* Copyright 2016 OpenMarket Ltd
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
#ifndef OLM_INBOUND_GROUP_SESSION_H_
|
||||
#define OLM_INBOUND_GROUP_SESSION_H_
|
||||
|
||||
#include <stddef.h>
|
||||
#include <stdint.h>
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
typedef struct OlmInboundGroupSession OlmInboundGroupSession;
|
||||
|
||||
/** get the size of an inbound group session, in bytes. */
|
||||
size_t olm_inbound_group_session_size();
|
||||
|
||||
/**
|
||||
* Initialise an inbound group session object using the supplied memory
|
||||
* The supplied memory should be at least olm_inbound_group_session_size()
|
||||
* bytes.
|
||||
*/
|
||||
OlmInboundGroupSession * olm_inbound_group_session(
|
||||
void *memory
|
||||
);
|
||||
|
||||
/**
|
||||
* A null terminated string describing the most recent error to happen to a
|
||||
* group session */
|
||||
const char *olm_inbound_group_session_last_error(
|
||||
const OlmInboundGroupSession *session
|
||||
);
|
||||
|
||||
/** Clears the memory used to back this group session */
|
||||
size_t olm_clear_inbound_group_session(
|
||||
OlmInboundGroupSession *session
|
||||
);
|
||||
|
||||
/** Returns the number of bytes needed to store an inbound group session */
|
||||
size_t olm_pickle_inbound_group_session_length(
|
||||
const OlmInboundGroupSession *session
|
||||
);
|
||||
|
||||
/**
|
||||
* Stores a group session as a base64 string. Encrypts the session using the
|
||||
* supplied key. Returns the length of the session on success.
|
||||
*
|
||||
* Returns olm_error() on failure. If the pickle output buffer
|
||||
* is smaller than olm_pickle_inbound_group_session_length() then
|
||||
* olm_inbound_group_session_last_error() will be "OUTPUT_BUFFER_TOO_SMALL"
|
||||
*/
|
||||
size_t olm_pickle_inbound_group_session(
|
||||
OlmInboundGroupSession *session,
|
||||
void const * key, size_t key_length,
|
||||
void * pickled, size_t pickled_length
|
||||
);
|
||||
|
||||
/**
|
||||
* Loads a group session from a pickled base64 string. Decrypts the session
|
||||
* using the supplied key.
|
||||
*
|
||||
* Returns olm_error() on failure. If the key doesn't match the one used to
|
||||
* encrypt the account then olm_inbound_group_session_last_error() will be
|
||||
* "BAD_ACCOUNT_KEY". If the base64 couldn't be decoded then
|
||||
* olm_inbound_group_session_last_error() will be "INVALID_BASE64". The input
|
||||
* pickled buffer is destroyed
|
||||
*/
|
||||
size_t olm_unpickle_inbound_group_session(
|
||||
OlmInboundGroupSession *session,
|
||||
void const * key, size_t key_length,
|
||||
void * pickled, size_t pickled_length
|
||||
);
|
||||
|
||||
|
||||
/**
|
||||
* Start a new inbound group session, based on the parameters supplied.
|
||||
*
|
||||
* Returns olm_error() on failure. On failure last_error will be set with an
|
||||
* error code. The last_error will be:
|
||||
*
|
||||
* * OLM_INVALID_BASE64 if the session_key is not valid base64
|
||||
* * OLM_BAD_SESSION_KEY if the session_key is invalid
|
||||
*/
|
||||
size_t olm_init_inbound_group_session(
|
||||
OlmInboundGroupSession *session,
|
||||
uint32_t message_index,
|
||||
|
||||
/* base64-encoded key */
|
||||
uint8_t const * session_key, size_t session_key_length
|
||||
);
|
||||
|
||||
/**
|
||||
* Get an upper bound on the number of bytes of plain-text the decrypt method
|
||||
* will write for a given input message length. The actual size could be
|
||||
* different due to padding.
|
||||
*
|
||||
* The input message buffer is destroyed.
|
||||
*
|
||||
* Returns olm_error() on failure.
|
||||
*/
|
||||
size_t olm_group_decrypt_max_plaintext_length(
|
||||
OlmInboundGroupSession *session,
|
||||
uint8_t * message, size_t message_length
|
||||
);
|
||||
|
||||
/**
|
||||
* Decrypt a message.
|
||||
*
|
||||
* The input message buffer is destroyed.
|
||||
*
|
||||
* Returns the length of the decrypted plain-text, or olm_error() on failure.
|
||||
*
|
||||
* On failure last_error will be set with an error code. The last_error will
|
||||
* be:
|
||||
* * OLM_OUTPUT_BUFFER_TOO_SMALL if the plain-text buffer is too small
|
||||
* * OLM_INVALID_BASE64 if the message is not valid base-64
|
||||
* * OLM_BAD_MESSAGE_VERSION if the message was encrypted with an unsupported
|
||||
* version of the protocol
|
||||
* * OLM_BAD_MESSAGE_FORMAT if the message headers could not be decoded
|
||||
* * OLM_BAD_MESSAGE_MAC if the message could not be verified
|
||||
* * OLM_UNKNOWN_MESSAGE_INDEX if we do not have a session key corresponding to the
|
||||
* message's index (ie, it was sent before the session key was shared with
|
||||
* us)
|
||||
*/
|
||||
size_t olm_group_decrypt(
|
||||
OlmInboundGroupSession *session,
|
||||
|
||||
/* input; note that it will be overwritten with the base64-decoded
|
||||
message. */
|
||||
uint8_t * message, size_t message_length,
|
||||
|
||||
/* output */
|
||||
uint8_t * plaintext, size_t max_plaintext_length
|
||||
);
|
||||
|
||||
|
||||
#ifdef __cplusplus
|
||||
} // extern "C"
|
||||
#endif
|
||||
|
||||
#endif /* OLM_INBOUND_GROUP_SESSION_H_ */
|
95
include/olm/megolm.h
Normal file
95
include/olm/megolm.h
Normal file
|
@ -0,0 +1,95 @@
|
|||
/* Copyright 2016 OpenMarket Ltd
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#ifndef OLM_MEGOLM_H_
|
||||
#define OLM_MEGOLM_H_
|
||||
|
||||
/**
|
||||
* implementation of the Megolm multi-part ratchet used in group chats.
|
||||
*/
|
||||
|
||||
#include <stdint.h>
|
||||
#include <stdlib.h>
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* number of bytes in each part of the ratchet; this should be the same as
|
||||
* the length of the hash function used in the HMAC (32 bytes for us, as we
|
||||
* use HMAC-SHA-256)
|
||||
*/
|
||||
#define MEGOLM_RATCHET_PART_LENGTH 32 /* SHA256_OUTPUT_LENGTH */
|
||||
|
||||
/**
|
||||
* number of parts in the ratchet; the advance() implementations rely on
|
||||
* this being 4.
|
||||
*/
|
||||
#define MEGOLM_RATCHET_PARTS 4
|
||||
|
||||
#define MEGOLM_RATCHET_LENGTH (MEGOLM_RATCHET_PARTS * MEGOLM_RATCHET_PART_LENGTH)
|
||||
|
||||
typedef struct Megolm {
|
||||
uint8_t data[MEGOLM_RATCHET_PARTS][MEGOLM_RATCHET_PART_LENGTH];
|
||||
uint32_t counter;
|
||||
} Megolm;
|
||||
|
||||
|
||||
/**
|
||||
* The cipher used in megolm-backed conversations
|
||||
*
|
||||
* (AES256 + SHA256, with keys based on an HKDF with info of MEGOLM_KEYS)
|
||||
*/
|
||||
extern const struct _olm_cipher *megolm_cipher;
|
||||
|
||||
/**
|
||||
* initialize the megolm ratchet. random_data should be at least
|
||||
* MEGOLM_RATCHET_LENGTH bytes of randomness.
|
||||
*/
|
||||
void megolm_init(Megolm *megolm, uint8_t const *random_data, uint32_t counter);
|
||||
|
||||
/** Returns the number of bytes needed to store a megolm */
|
||||
size_t megolm_pickle_length(const Megolm *megolm);
|
||||
|
||||
/**
|
||||
* Pickle the megolm. Returns a pointer to the next free space in the buffer.
|
||||
*/
|
||||
uint8_t * megolm_pickle(const Megolm *megolm, uint8_t *pos);
|
||||
|
||||
/**
|
||||
* Unpickle the megolm. Returns a pointer to the next item in the buffer.
|
||||
*/
|
||||
const uint8_t * megolm_unpickle(Megolm *megolm, const uint8_t *pos,
|
||||
const uint8_t *end);
|
||||
|
||||
|
||||
/** advance the ratchet by one step */
|
||||
void megolm_advance(Megolm *megolm);
|
||||
|
||||
/**
|
||||
* get the key data in the ratchet. The returned data is
|
||||
* MEGOLM_RATCHET_LENGTH bytes long.
|
||||
*/
|
||||
#define megolm_get_data(megolm) ((const uint8_t *)((megolm)->data))
|
||||
|
||||
/** advance the ratchet to a given count */
|
||||
void megolm_advance_to(Megolm *megolm, uint32_t advance_to);
|
||||
|
||||
#ifdef __cplusplus
|
||||
} // extern "C"
|
||||
#endif
|
||||
|
||||
#endif /* OLM_MEGOLM_H_ */
|
98
include/olm/message.h
Normal file
98
include/olm/message.h
Normal file
|
@ -0,0 +1,98 @@
|
|||
/* Copyright 2016 OpenMarket Ltd
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
/**
|
||||
* functions for encoding and decoding messages in the Olm protocol.
|
||||
*
|
||||
* Some of these functions have only C++ bindings, and are declared in
|
||||
* message.hh; in time, they should probably be converted to plain C and
|
||||
* declared here.
|
||||
*/
|
||||
|
||||
#ifndef OLM_MESSAGE_H_
|
||||
#define OLM_MESSAGE_H_
|
||||
|
||||
#include <stdint.h>
|
||||
#include <stddef.h>
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* The length of the buffer needed to hold a group message.
|
||||
*/
|
||||
size_t _olm_encode_group_message_length(
|
||||
size_t group_session_id_length,
|
||||
uint32_t chain_index,
|
||||
size_t ciphertext_length,
|
||||
size_t mac_length
|
||||
);
|
||||
|
||||
/**
|
||||
* Writes the message headers into the output buffer.
|
||||
*
|
||||
* version: version number of the olm protocol
|
||||
* session_id: group session identifier
|
||||
* session_id_length: length of session_id
|
||||
* message_index: message index
|
||||
* ciphertext_length: length of the ciphertext
|
||||
* output: where to write the output. Should be at least
|
||||
* olm_encode_group_message_length() bytes long.
|
||||
* ciphertext_ptr: returns the address that the ciphertext
|
||||
* should be written to, followed by the MAC.
|
||||
*
|
||||
* Returns the size of the message, up to the MAC.
|
||||
*/
|
||||
size_t _olm_encode_group_message(
|
||||
uint8_t version,
|
||||
const uint8_t *session_id,
|
||||
size_t session_id_length,
|
||||
uint32_t message_index,
|
||||
size_t ciphertext_length,
|
||||
uint8_t *output,
|
||||
uint8_t **ciphertext_ptr
|
||||
);
|
||||
|
||||
|
||||
struct _OlmDecodeGroupMessageResults {
|
||||
uint8_t version;
|
||||
const uint8_t *session_id;
|
||||
size_t session_id_length;
|
||||
uint32_t message_index;
|
||||
int has_message_index;
|
||||
const uint8_t *ciphertext;
|
||||
size_t ciphertext_length;
|
||||
};
|
||||
|
||||
|
||||
/**
|
||||
* Reads the message headers from the input buffer.
|
||||
*/
|
||||
void _olm_decode_group_message(
|
||||
const uint8_t *input, size_t input_length,
|
||||
size_t mac_length,
|
||||
|
||||
/* output structure: updated with results */
|
||||
struct _OlmDecodeGroupMessageResults *results
|
||||
);
|
||||
|
||||
|
||||
|
||||
#ifdef __cplusplus
|
||||
} // extern "C"
|
||||
#endif
|
||||
|
||||
#endif /* OLM_MESSAGE_H_ */
|
|
@ -12,6 +12,18 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
|
||||
/**
|
||||
* functions for encoding and decoding messages in the Olm protocol.
|
||||
*
|
||||
* Some of these functions have plain-C bindings, and are declared in
|
||||
* message.h; in time, all of the functions declared here should probably be
|
||||
* converted to plain C and moved to message.h.
|
||||
*/
|
||||
|
||||
#include "message.h"
|
||||
|
||||
#include <cstddef>
|
||||
#include <cstdint>
|
||||
|
||||
|
|
|
@ -19,6 +19,9 @@
|
|||
#include <stddef.h>
|
||||
#include <stdint.h>
|
||||
|
||||
#include "olm/inbound_group_session.h"
|
||||
#include "olm/outbound_group_session.h"
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
|
181
include/olm/outbound_group_session.h
Normal file
181
include/olm/outbound_group_session.h
Normal file
|
@ -0,0 +1,181 @@
|
|||
/* Copyright 2016 OpenMarket Ltd
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
#ifndef OLM_OUTBOUND_GROUP_SESSION_H_
|
||||
#define OLM_OUTBOUND_GROUP_SESSION_H_
|
||||
|
||||
#include <stddef.h>
|
||||
#include <stdint.h>
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
typedef struct OlmOutboundGroupSession OlmOutboundGroupSession;
|
||||
|
||||
/** get the size of an outbound group session, in bytes. */
|
||||
size_t olm_outbound_group_session_size();
|
||||
|
||||
/**
|
||||
* Initialise an outbound group session object using the supplied memory
|
||||
* The supplied memory should be at least olm_outbound_group_session_size()
|
||||
* bytes.
|
||||
*/
|
||||
OlmOutboundGroupSession * olm_outbound_group_session(
|
||||
void *memory
|
||||
);
|
||||
|
||||
/**
|
||||
* A null terminated string describing the most recent error to happen to a
|
||||
* group session */
|
||||
const char *olm_outbound_group_session_last_error(
|
||||
const OlmOutboundGroupSession *session
|
||||
);
|
||||
|
||||
/** Clears the memory used to back this group session */
|
||||
size_t olm_clear_outbound_group_session(
|
||||
OlmOutboundGroupSession *session
|
||||
);
|
||||
|
||||
/** Returns the number of bytes needed to store an outbound group session */
|
||||
size_t olm_pickle_outbound_group_session_length(
|
||||
const OlmOutboundGroupSession *session
|
||||
);
|
||||
|
||||
/**
|
||||
* Stores a group session as a base64 string. Encrypts the session using the
|
||||
* supplied key. Returns the length of the session on success.
|
||||
*
|
||||
* Returns olm_error() on failure. If the pickle output buffer
|
||||
* is smaller than olm_pickle_outbound_group_session_length() then
|
||||
* olm_outbound_group_session_last_error() will be "OUTPUT_BUFFER_TOO_SMALL"
|
||||
*/
|
||||
size_t olm_pickle_outbound_group_session(
|
||||
OlmOutboundGroupSession *session,
|
||||
void const * key, size_t key_length,
|
||||
void * pickled, size_t pickled_length
|
||||
);
|
||||
|
||||
/**
|
||||
* Loads a group session from a pickled base64 string. Decrypts the session
|
||||
* using the supplied key.
|
||||
*
|
||||
* Returns olm_error() on failure. If the key doesn't match the one used to
|
||||
* encrypt the account then olm_outbound_group_session_last_error() will be
|
||||
* "BAD_ACCOUNT_KEY". If the base64 couldn't be decoded then
|
||||
* olm_outbound_group_session_last_error() will be "INVALID_BASE64". The input
|
||||
* pickled buffer is destroyed
|
||||
*/
|
||||
size_t olm_unpickle_outbound_group_session(
|
||||
OlmOutboundGroupSession *session,
|
||||
void const * key, size_t key_length,
|
||||
void * pickled, size_t pickled_length
|
||||
);
|
||||
|
||||
|
||||
/** The number of random bytes needed to create an outbound group session */
|
||||
size_t olm_init_outbound_group_session_random_length(
|
||||
const OlmOutboundGroupSession *session
|
||||
);
|
||||
|
||||
/**
|
||||
* Start a new outbound group session. Returns olm_error() on failure. On
|
||||
* failure last_error will be set with an error code. The last_error will be
|
||||
* NOT_ENOUGH_RANDOM if the number of random bytes was too small.
|
||||
*/
|
||||
size_t olm_init_outbound_group_session(
|
||||
OlmOutboundGroupSession *session,
|
||||
uint8_t const * random, size_t random_length
|
||||
);
|
||||
|
||||
/**
|
||||
* The number of bytes that will be created by encrypting a message
|
||||
*/
|
||||
size_t olm_group_encrypt_message_length(
|
||||
OlmOutboundGroupSession *session,
|
||||
size_t plaintext_length
|
||||
);
|
||||
|
||||
/**
|
||||
* Encrypt some plain-text. Returns the length of the encrypted message or
|
||||
* olm_error() on failure. On failure last_error will be set with an
|
||||
* error code. The last_error will be OUTPUT_BUFFER_TOO_SMALL if the output
|
||||
* buffer is too small.
|
||||
*/
|
||||
size_t olm_group_encrypt(
|
||||
OlmOutboundGroupSession *session,
|
||||
uint8_t const * plaintext, size_t plaintext_length,
|
||||
uint8_t * message, size_t message_length
|
||||
);
|
||||
|
||||
|
||||
/**
|
||||
* Get the number of bytes returned by olm_outbound_group_session_id()
|
||||
*/
|
||||
size_t olm_outbound_group_session_id_length(
|
||||
const OlmOutboundGroupSession *session
|
||||
);
|
||||
|
||||
/**
|
||||
* Get a base64-encoded identifier for this session.
|
||||
*
|
||||
* Returns the length of the session id on success or olm_error() on
|
||||
* failure. On failure last_error will be set with an error code. The
|
||||
* last_error will be OUTPUT_BUFFER_TOO_SMALL if the id buffer was too
|
||||
* small.
|
||||
*/
|
||||
size_t olm_outbound_group_session_id(
|
||||
OlmOutboundGroupSession *session,
|
||||
uint8_t * id, size_t id_length
|
||||
);
|
||||
|
||||
/**
|
||||
* Get the current message index for this session.
|
||||
*
|
||||
* Each message is sent with an increasing index; this returns the index for
|
||||
* the next message.
|
||||
*/
|
||||
uint32_t olm_outbound_group_session_message_index(
|
||||
OlmOutboundGroupSession *session
|
||||
);
|
||||
|
||||
/**
|
||||
* Get the number of bytes returned by olm_outbound_group_session_key()
|
||||
*/
|
||||
size_t olm_outbound_group_session_key_length(
|
||||
const OlmOutboundGroupSession *session
|
||||
);
|
||||
|
||||
/**
|
||||
* Get the base64-encoded current ratchet key for this session.
|
||||
*
|
||||
* Each message is sent with a diffent ratchet key. This function returns the
|
||||
* ratchet key that will be used for the next message.
|
||||
*
|
||||
* Returns the length of the ratchet key on success or olm_error() on
|
||||
* failure. On failure last_error will be set with an error code. The
|
||||
* last_error will be OUTPUT_BUFFER_TOO_SMALL if the buffer was too small.
|
||||
*/
|
||||
size_t olm_outbound_group_session_key(
|
||||
OlmOutboundGroupSession *session,
|
||||
uint8_t * key, size_t key_length
|
||||
);
|
||||
|
||||
|
||||
|
||||
#ifdef __cplusplus
|
||||
} // extern "C"
|
||||
#endif
|
||||
|
||||
#endif /* OLM_OUTBOUND_GROUP_SESSION_H_ */
|
76
include/olm/pickle_encoding.h
Normal file
76
include/olm/pickle_encoding.h
Normal file
|
@ -0,0 +1,76 @@
|
|||
/* Copyright 2016 OpenMarket Ltd
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
/* functions for encrypting and decrypting pickled representations of objects */
|
||||
|
||||
#ifndef OLM_PICKLE_ENCODING_H_
|
||||
#define OLM_PICKLE_ENCODING_H_
|
||||
|
||||
#include <stddef.h>
|
||||
#include <stdint.h>
|
||||
|
||||
#include "olm/error.h"
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
/**
|
||||
* Get the number of bytes needed to encode a pickle of the length given
|
||||
*/
|
||||
size_t _olm_enc_output_length(size_t raw_length);
|
||||
|
||||
/**
|
||||
* Get the point in the output buffer that the raw pickle should be written to.
|
||||
*
|
||||
* In order that we can use the same buffer for the raw pickle, and the encoded
|
||||
* pickle, the raw pickle needs to be written at the end of the buffer. (The
|
||||
* base-64 encoding would otherwise overwrite the end of the input before it
|
||||
* was encoded.)
|
||||
*/
|
||||
uint8_t *_olm_enc_output_pos(uint8_t * output, size_t raw_length);
|
||||
|
||||
/**
|
||||
* Encrypt and encode the given pickle in-situ.
|
||||
*
|
||||
* The raw pickle should have been written to enc_output_pos(pickle,
|
||||
* raw_length).
|
||||
*
|
||||
* Returns the number of bytes in the encoded pickle.
|
||||
*/
|
||||
size_t _olm_enc_output(
|
||||
uint8_t const * key, size_t key_length,
|
||||
uint8_t *pickle, size_t raw_length
|
||||
);
|
||||
|
||||
/**
|
||||
* Decode and decrypt the given pickle in-situ.
|
||||
*
|
||||
* Returns the number of bytes in the decoded pickle, or olm_error() on error,
|
||||
* in which case *last_error will be updated, if last_error is non-NULL.
|
||||
*/
|
||||
size_t _olm_enc_input(
|
||||
uint8_t const * key, size_t key_length,
|
||||
uint8_t * input, size_t b64_length,
|
||||
enum OlmErrorCode * last_error
|
||||
);
|
||||
|
||||
|
||||
#ifdef __cplusplus
|
||||
} // extern "C"
|
||||
#endif
|
||||
|
||||
#endif /* OLM_PICKLE_ENCODING_H_ */
|
1
python/.gitignore
vendored
1
python/.gitignore
vendored
|
@ -1,3 +1,4 @@
|
|||
*.pyc
|
||||
/*.account
|
||||
/*.session
|
||||
/*.group_session
|
||||
|
|
|
@ -1,2 +1,4 @@
|
|||
from .account import Account
|
||||
from .session import Session
|
||||
from .outbound_group_session import OutboundGroupSession
|
||||
from .inbound_group_session import InboundGroupSession
|
||||
|
|
|
@ -10,8 +10,7 @@ import yaml
|
|||
|
||||
from . import *
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
def build_arg_parser():
|
||||
parser = argparse.ArgumentParser()
|
||||
parser.add_argument("--key", help="Account encryption key", default="")
|
||||
commands = parser.add_subparsers()
|
||||
|
@ -242,5 +241,107 @@ if __name__ == '__main__':
|
|||
|
||||
decrypt.set_defaults(func=do_decrypt)
|
||||
|
||||
outbound_group = commands.add_parser("outbound_group", help="Create an outbound group session")
|
||||
outbound_group.add_argument("session_file", help="Local group session file")
|
||||
outbound_group.set_defaults(func=do_outbound_group)
|
||||
|
||||
group_credentials = commands.add_parser("group_credentials", help="Export the current outbound group session credentials")
|
||||
group_credentials.add_argument("session_file", help="Local outbound group session file")
|
||||
group_credentials.add_argument("credentials_file", help="File to write credentials to (default stdout)",
|
||||
type=argparse.FileType('w'), nargs='?',
|
||||
default=sys.stdout)
|
||||
group_credentials.set_defaults(func=do_group_credentials)
|
||||
|
||||
group_encrypt = commands.add_parser("group_encrypt", help="Encrypt a group message")
|
||||
group_encrypt.add_argument("session_file", help="Local outbound group session file")
|
||||
group_encrypt.add_argument("plaintext_file", help="Plaintext file (default stdin)",
|
||||
type=argparse.FileType('rb'), nargs='?',
|
||||
default=sys.stdin)
|
||||
group_encrypt.add_argument("message_file", help="Message file (default stdout)",
|
||||
type=argparse.FileType('w'), nargs='?',
|
||||
default=sys.stdout)
|
||||
group_encrypt.set_defaults(func=do_group_encrypt)
|
||||
|
||||
inbound_group = commands.add_parser(
|
||||
"inbound_group",
|
||||
help=("Create an inbound group session based on credentials from an "+
|
||||
"outbound group session"))
|
||||
inbound_group.add_argument("session_file", help="Local inbound group session file")
|
||||
inbound_group.add_argument("credentials_file",
|
||||
help="File to read credentials from (default stdin)",
|
||||
type=argparse.FileType('r'), nargs='?',
|
||||
default=sys.stdin)
|
||||
inbound_group.set_defaults(func=do_inbound_group)
|
||||
|
||||
group_decrypt = commands.add_parser("group_decrypt", help="Decrypt a group message")
|
||||
group_decrypt.add_argument("session_file", help="Local inbound group session file")
|
||||
group_decrypt.add_argument("message_file", help="Message file (default stdin)",
|
||||
type=argparse.FileType('r'), nargs='?',
|
||||
default=sys.stdin)
|
||||
group_decrypt.add_argument("plaintext_file", help="Plaintext file (default stdout)",
|
||||
type=argparse.FileType('wb'), nargs='?',
|
||||
default=sys.stdout)
|
||||
group_decrypt.set_defaults(func=do_group_decrypt)
|
||||
return parser
|
||||
|
||||
def do_outbound_group(args):
|
||||
if os.path.exists(args.session_file):
|
||||
sys.stderr.write("Session %r file already exists" % (
|
||||
args.session_file,
|
||||
))
|
||||
sys.exit(1)
|
||||
session = OutboundGroupSession()
|
||||
with open(args.session_file, "wb") as f:
|
||||
f.write(session.pickle(args.key))
|
||||
|
||||
def do_group_encrypt(args):
|
||||
session = OutboundGroupSession()
|
||||
with open(args.session_file, "rb") as f:
|
||||
session.unpickle(args.key, f.read())
|
||||
plaintext = args.plaintext_file.read()
|
||||
message = session.encrypt(plaintext)
|
||||
with open(args.session_file, "wb") as f:
|
||||
f.write(session.pickle(args.key))
|
||||
args.message_file.write(message)
|
||||
|
||||
def do_group_credentials(args):
|
||||
session = OutboundGroupSession()
|
||||
with open(args.session_file, "rb") as f:
|
||||
session.unpickle(args.key, f.read())
|
||||
result = {
|
||||
'message_index': session.message_index(),
|
||||
'session_key': session.session_key(),
|
||||
}
|
||||
json.dump(result, args.credentials_file, indent=4)
|
||||
|
||||
def do_inbound_group(args):
|
||||
if os.path.exists(args.session_file):
|
||||
sys.stderr.write("Session %r file already exists\n" % (
|
||||
args.session_file,
|
||||
))
|
||||
sys.exit(1)
|
||||
credentials = json.load(args.credentials_file)
|
||||
for k in ('message_index', 'session_key'):
|
||||
if not k in credentials:
|
||||
sys.stderr.write("Credentials file is missing %s\n" % k)
|
||||
sys.exit(1);
|
||||
|
||||
session = InboundGroupSession()
|
||||
session.init(credentials['message_index'], credentials['session_key'])
|
||||
with open(args.session_file, "wb") as f:
|
||||
f.write(session.pickle(args.key))
|
||||
|
||||
def do_group_decrypt(args):
|
||||
session = InboundGroupSession()
|
||||
with open(args.session_file, "rb") as f:
|
||||
session.unpickle(args.key, f.read())
|
||||
message = args.message_file.read()
|
||||
plaintext = session.decrypt(message)
|
||||
with open(args.session_file, "wb") as f:
|
||||
f.write(session.pickle(args.key))
|
||||
args.plaintext_file.write(plaintext)
|
||||
|
||||
if __name__ == '__main__':
|
||||
parser = build_arg_parser()
|
||||
args = parser.parse_args()
|
||||
args.func(args)
|
||||
|
|
86
python/olm/inbound_group_session.py
Normal file
86
python/olm/inbound_group_session.py
Normal file
|
@ -0,0 +1,86 @@
|
|||
import json
|
||||
|
||||
from ._base import *
|
||||
|
||||
lib.olm_inbound_group_session_size.argtypes = []
|
||||
lib.olm_inbound_group_session_size.restype = c_size_t
|
||||
|
||||
lib.olm_inbound_group_session.argtypes = [c_void_p]
|
||||
lib.olm_inbound_group_session.restype = c_void_p
|
||||
|
||||
lib.olm_inbound_group_session_last_error.argtypes = [c_void_p]
|
||||
lib.olm_inbound_group_session_last_error.restype = c_char_p
|
||||
|
||||
def inbound_group_session_errcheck(res, func, args):
|
||||
if res == ERR:
|
||||
raise OlmError("%s: %s" % (
|
||||
func.__name__, lib.olm_inbound_group_session_last_error(args[0])
|
||||
))
|
||||
return res
|
||||
|
||||
|
||||
def inbound_group_session_function(func, *types):
|
||||
func.argtypes = (c_void_p,) + types
|
||||
func.restypes = c_size_t
|
||||
func.errcheck = inbound_group_session_errcheck
|
||||
|
||||
|
||||
inbound_group_session_function(
|
||||
lib.olm_pickle_inbound_group_session, c_void_p, c_size_t, c_void_p, c_size_t
|
||||
)
|
||||
inbound_group_session_function(
|
||||
lib.olm_unpickle_inbound_group_session, c_void_p, c_size_t, c_void_p, c_size_t
|
||||
)
|
||||
|
||||
inbound_group_session_function(
|
||||
lib.olm_init_inbound_group_session, c_uint32, c_void_p, c_size_t
|
||||
)
|
||||
|
||||
inbound_group_session_function(
|
||||
lib.olm_group_decrypt_max_plaintext_length, c_void_p, c_size_t
|
||||
)
|
||||
inbound_group_session_function(
|
||||
lib.olm_group_decrypt,
|
||||
c_void_p, c_size_t, # message
|
||||
c_void_p, c_size_t, # plaintext
|
||||
)
|
||||
|
||||
class InboundGroupSession(object):
|
||||
def __init__(self):
|
||||
self.buf = create_string_buffer(lib.olm_inbound_group_session_size())
|
||||
self.ptr = lib.olm_inbound_group_session(self.buf)
|
||||
|
||||
def pickle(self, key):
|
||||
key_buffer = create_string_buffer(key)
|
||||
pickle_length = lib.olm_pickle_inbound_group_session_length(self.ptr)
|
||||
pickle_buffer = create_string_buffer(pickle_length)
|
||||
lib.olm_pickle_inbound_group_session(
|
||||
self.ptr, key_buffer, len(key), pickle_buffer, pickle_length
|
||||
)
|
||||
return pickle_buffer.raw
|
||||
|
||||
def unpickle(self, key, pickle):
|
||||
key_buffer = create_string_buffer(key)
|
||||
pickle_buffer = create_string_buffer(pickle)
|
||||
lib.olm_unpickle_inbound_group_session(
|
||||
self.ptr, key_buffer, len(key), pickle_buffer, len(pickle)
|
||||
)
|
||||
|
||||
def init(self, message_index, session_key):
|
||||
key_buffer = create_string_buffer(session_key)
|
||||
lib.olm_init_inbound_group_session(
|
||||
self.ptr, message_index, key_buffer, len(session_key)
|
||||
)
|
||||
|
||||
def decrypt(self, message):
|
||||
message_buffer = create_string_buffer(message)
|
||||
max_plaintext_length = lib.olm_group_decrypt_max_plaintext_length(
|
||||
self.ptr, message_buffer, len(message)
|
||||
)
|
||||
plaintext_buffer = create_string_buffer(max_plaintext_length)
|
||||
message_buffer = create_string_buffer(message)
|
||||
plaintext_length = lib.olm_group_decrypt(
|
||||
self.ptr, message_buffer, len(message),
|
||||
plaintext_buffer, max_plaintext_length
|
||||
)
|
||||
return plaintext_buffer.raw[:plaintext_length]
|
107
python/olm/outbound_group_session.py
Normal file
107
python/olm/outbound_group_session.py
Normal file
|
@ -0,0 +1,107 @@
|
|||
import json
|
||||
|
||||
from ._base import *
|
||||
|
||||
lib.olm_outbound_group_session_size.argtypes = []
|
||||
lib.olm_outbound_group_session_size.restype = c_size_t
|
||||
|
||||
lib.olm_outbound_group_session.argtypes = [c_void_p]
|
||||
lib.olm_outbound_group_session.restype = c_void_p
|
||||
|
||||
lib.olm_outbound_group_session_last_error.argtypes = [c_void_p]
|
||||
lib.olm_outbound_group_session_last_error.restype = c_char_p
|
||||
|
||||
def outbound_group_session_errcheck(res, func, args):
|
||||
if res == ERR:
|
||||
raise OlmError("%s: %s" % (
|
||||
func.__name__, lib.olm_outbound_group_session_last_error(args[0])
|
||||
))
|
||||
return res
|
||||
|
||||
|
||||
def outbound_group_session_function(func, *types):
|
||||
func.argtypes = (c_void_p,) + types
|
||||
func.restypes = c_size_t
|
||||
func.errcheck = outbound_group_session_errcheck
|
||||
|
||||
|
||||
outbound_group_session_function(
|
||||
lib.olm_pickle_outbound_group_session, c_void_p, c_size_t, c_void_p, c_size_t
|
||||
)
|
||||
outbound_group_session_function(
|
||||
lib.olm_unpickle_outbound_group_session, c_void_p, c_size_t, c_void_p, c_size_t
|
||||
)
|
||||
|
||||
outbound_group_session_function(lib.olm_init_outbound_group_session_random_length)
|
||||
outbound_group_session_function(lib.olm_init_outbound_group_session, c_void_p, c_size_t)
|
||||
|
||||
lib.olm_outbound_group_session_message_index.argtypes = [c_void_p]
|
||||
lib.olm_outbound_group_session_message_index.restype = c_uint32
|
||||
|
||||
outbound_group_session_function(lib.olm_group_encrypt_message_length, c_size_t)
|
||||
outbound_group_session_function(lib.olm_group_encrypt,
|
||||
c_void_p, c_size_t, # Plaintext
|
||||
c_void_p, c_size_t, # Message
|
||||
)
|
||||
|
||||
outbound_group_session_function(lib.olm_outbound_group_session_id_length)
|
||||
outbound_group_session_function(lib.olm_outbound_group_session_id, c_void_p, c_size_t)
|
||||
outbound_group_session_function(lib.olm_outbound_group_session_key_length)
|
||||
outbound_group_session_function(lib.olm_outbound_group_session_key, c_void_p, c_size_t)
|
||||
|
||||
|
||||
class OutboundGroupSession(object):
|
||||
def __init__(self):
|
||||
self.buf = create_string_buffer(lib.olm_outbound_group_session_size())
|
||||
self.ptr = lib.olm_outbound_group_session(self.buf)
|
||||
|
||||
random_length = lib.olm_init_outbound_group_session_random_length(self.ptr)
|
||||
random = read_random(random_length)
|
||||
random_buffer = create_string_buffer(random)
|
||||
lib.olm_init_outbound_group_session(self.ptr, random_buffer, random_length)
|
||||
|
||||
def pickle(self, key):
|
||||
key_buffer = create_string_buffer(key)
|
||||
pickle_length = lib.olm_pickle_outbound_group_session_length(self.ptr)
|
||||
pickle_buffer = create_string_buffer(pickle_length)
|
||||
lib.olm_pickle_outbound_group_session(
|
||||
self.ptr, key_buffer, len(key), pickle_buffer, pickle_length
|
||||
)
|
||||
return pickle_buffer.raw
|
||||
|
||||
def unpickle(self, key, pickle):
|
||||
key_buffer = create_string_buffer(key)
|
||||
pickle_buffer = create_string_buffer(pickle)
|
||||
lib.olm_unpickle_outbound_group_session(
|
||||
self.ptr, key_buffer, len(key), pickle_buffer, len(pickle)
|
||||
)
|
||||
|
||||
def encrypt(self, plaintext):
|
||||
message_length = lib.olm_group_encrypt_message_length(
|
||||
self.ptr, len(plaintext)
|
||||
)
|
||||
message_buffer = create_string_buffer(message_length)
|
||||
|
||||
plaintext_buffer = create_string_buffer(plaintext)
|
||||
|
||||
lib.olm_group_encrypt(
|
||||
self.ptr,
|
||||
plaintext_buffer, len(plaintext),
|
||||
message_buffer, message_length,
|
||||
)
|
||||
return message_buffer.raw
|
||||
|
||||
def session_id(self):
|
||||
id_length = lib.olm_outbound_group_session_id_length(self.ptr)
|
||||
id_buffer = create_string_buffer(id_length)
|
||||
lib.olm_outbound_group_session_id(self.ptr, id_buffer, id_length);
|
||||
return id_buffer.raw
|
||||
|
||||
def message_index(self):
|
||||
return lib.olm_outbound_group_session_message_index(self.ptr)
|
||||
|
||||
def session_key(self):
|
||||
key_length = lib.olm_outbound_group_session_key_length(self.ptr)
|
||||
key_buffer = create_string_buffer(key_length)
|
||||
lib.olm_outbound_group_session_key(self.ptr, key_buffer, key_length);
|
||||
return key_buffer.raw
|
|
@ -6,11 +6,14 @@ OLM="python -m olm"
|
|||
|
||||
ALICE_ACCOUNT=alice.account
|
||||
ALICE_SESSION=alice.session
|
||||
ALICE_GROUP_SESSION=alice.group_session
|
||||
BOB_ACCOUNT=bob.account
|
||||
BOB_SESSION=bob.session
|
||||
BOB_GROUP_SESSION=bob.group_session
|
||||
|
||||
rm $ALICE_ACCOUNT $BOB_ACCOUNT
|
||||
rm $ALICE_SESSION $BOB_SESSION
|
||||
rm $ALICE_GROUP_SESSION $BOB_GROUP_SESSION
|
||||
|
||||
$OLM create_account $ALICE_ACCOUNT
|
||||
$OLM create_account $BOB_ACCOUNT
|
||||
|
@ -22,3 +25,10 @@ BOB_ONE_TIME_KEY="$($OLM one_time_key $BOB_ACCOUNT)"
|
|||
$OLM outbound $ALICE_ACCOUNT $ALICE_SESSION "$BOB_IDENTITY_KEY" "$BOB_ONE_TIME_KEY"
|
||||
|
||||
echo "Hello world" | $OLM encrypt $ALICE_SESSION - - | $OLM inbound $BOB_ACCOUNT $BOB_SESSION - -
|
||||
|
||||
|
||||
### group sessions
|
||||
|
||||
$OLM outbound_group $ALICE_GROUP_SESSION
|
||||
$OLM group_credentials $ALICE_GROUP_SESSION | $OLM inbound_group $BOB_GROUP_SESSION
|
||||
echo "Hello group" | $OLM group_encrypt $ALICE_GROUP_SESSION - - | $OLM group_decrypt $BOB_GROUP_SESSION
|
||||
|
|
41
src/error.c
Normal file
41
src/error.c
Normal file
|
@ -0,0 +1,41 @@
|
|||
/* Copyright 2016 OpenMarket Ltd
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#include "olm/error.h"
|
||||
|
||||
static const char * ERRORS[] = {
|
||||
"SUCCESS",
|
||||
"NOT_ENOUGH_RANDOM",
|
||||
"OUTPUT_BUFFER_TOO_SMALL",
|
||||
"BAD_MESSAGE_VERSION",
|
||||
"BAD_MESSAGE_FORMAT",
|
||||
"BAD_MESSAGE_MAC",
|
||||
"BAD_MESSAGE_KEY_ID",
|
||||
"INVALID_BASE64",
|
||||
"BAD_ACCOUNT_KEY",
|
||||
"UNKNOWN_PICKLE_VERSION",
|
||||
"CORRUPTED_PICKLE",
|
||||
"BAD_SESSION_KEY",
|
||||
"UNKNOWN_MESSAGE_INDEX",
|
||||
};
|
||||
|
||||
const char * _olm_error_to_string(enum OlmErrorCode error)
|
||||
{
|
||||
if (error < (sizeof(ERRORS)/sizeof(ERRORS[0]))) {
|
||||
return ERRORS[error];
|
||||
} else {
|
||||
return "UNKNOWN_ERROR";
|
||||
}
|
||||
}
|
302
src/inbound_group_session.c
Normal file
302
src/inbound_group_session.c
Normal file
|
@ -0,0 +1,302 @@
|
|||
/* Copyright 2016 OpenMarket Ltd
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#include "olm/inbound_group_session.h"
|
||||
|
||||
#include <string.h>
|
||||
|
||||
#include "olm/base64.h"
|
||||
#include "olm/cipher.h"
|
||||
#include "olm/error.h"
|
||||
#include "olm/megolm.h"
|
||||
#include "olm/memory.h"
|
||||
#include "olm/message.h"
|
||||
#include "olm/pickle.h"
|
||||
#include "olm/pickle_encoding.h"
|
||||
|
||||
|
||||
#define OLM_PROTOCOL_VERSION 3
|
||||
#define PICKLE_VERSION 1
|
||||
|
||||
struct OlmInboundGroupSession {
|
||||
/** our earliest known ratchet value */
|
||||
Megolm initial_ratchet;
|
||||
|
||||
/** The most recent ratchet value */
|
||||
Megolm latest_ratchet;
|
||||
|
||||
enum OlmErrorCode last_error;
|
||||
};
|
||||
|
||||
size_t olm_inbound_group_session_size() {
|
||||
return sizeof(OlmInboundGroupSession);
|
||||
}
|
||||
|
||||
OlmInboundGroupSession * olm_inbound_group_session(
|
||||
void *memory
|
||||
) {
|
||||
OlmInboundGroupSession *session = memory;
|
||||
olm_clear_inbound_group_session(session);
|
||||
return session;
|
||||
}
|
||||
|
||||
const char *olm_inbound_group_session_last_error(
|
||||
const OlmInboundGroupSession *session
|
||||
) {
|
||||
return _olm_error_to_string(session->last_error);
|
||||
}
|
||||
|
||||
size_t olm_clear_inbound_group_session(
|
||||
OlmInboundGroupSession *session
|
||||
) {
|
||||
_olm_unset(session, sizeof(OlmInboundGroupSession));
|
||||
return sizeof(OlmInboundGroupSession);
|
||||
}
|
||||
|
||||
size_t olm_init_inbound_group_session(
|
||||
OlmInboundGroupSession *session,
|
||||
uint32_t message_index,
|
||||
const uint8_t * session_key, size_t session_key_length
|
||||
) {
|
||||
uint8_t key_buf[MEGOLM_RATCHET_LENGTH];
|
||||
size_t raw_length = _olm_decode_base64_length(session_key_length);
|
||||
|
||||
if (raw_length == (size_t)-1) {
|
||||
session->last_error = OLM_INVALID_BASE64;
|
||||
return (size_t)-1;
|
||||
}
|
||||
|
||||
if (raw_length != MEGOLM_RATCHET_LENGTH) {
|
||||
session->last_error = OLM_BAD_SESSION_KEY;
|
||||
return (size_t)-1;
|
||||
}
|
||||
|
||||
_olm_decode_base64(session_key, session_key_length, key_buf);
|
||||
megolm_init(&session->initial_ratchet, key_buf, message_index);
|
||||
megolm_init(&session->latest_ratchet, key_buf, message_index);
|
||||
_olm_unset(key_buf, MEGOLM_RATCHET_LENGTH);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
static size_t raw_pickle_length(
|
||||
const OlmInboundGroupSession *session
|
||||
) {
|
||||
size_t length = 0;
|
||||
length += _olm_pickle_uint32_length(PICKLE_VERSION);
|
||||
length += megolm_pickle_length(&session->initial_ratchet);
|
||||
length += megolm_pickle_length(&session->latest_ratchet);
|
||||
return length;
|
||||
}
|
||||
|
||||
size_t olm_pickle_inbound_group_session_length(
|
||||
const OlmInboundGroupSession *session
|
||||
) {
|
||||
return _olm_enc_output_length(raw_pickle_length(session));
|
||||
}
|
||||
|
||||
size_t olm_pickle_inbound_group_session(
|
||||
OlmInboundGroupSession *session,
|
||||
void const * key, size_t key_length,
|
||||
void * pickled, size_t pickled_length
|
||||
) {
|
||||
size_t raw_length = raw_pickle_length(session);
|
||||
uint8_t *pos;
|
||||
|
||||
if (pickled_length < _olm_enc_output_length(raw_length)) {
|
||||
session->last_error = OLM_OUTPUT_BUFFER_TOO_SMALL;
|
||||
return (size_t)-1;
|
||||
}
|
||||
|
||||
pos = _olm_enc_output_pos(pickled, raw_length);
|
||||
pos = _olm_pickle_uint32(pos, PICKLE_VERSION);
|
||||
pos = megolm_pickle(&session->initial_ratchet, pos);
|
||||
pos = megolm_pickle(&session->latest_ratchet, pos);
|
||||
|
||||
return _olm_enc_output(key, key_length, pickled, raw_length);
|
||||
}
|
||||
|
||||
size_t olm_unpickle_inbound_group_session(
|
||||
OlmInboundGroupSession *session,
|
||||
void const * key, size_t key_length,
|
||||
void * pickled, size_t pickled_length
|
||||
) {
|
||||
const uint8_t *pos;
|
||||
const uint8_t *end;
|
||||
uint32_t pickle_version;
|
||||
|
||||
size_t raw_length = _olm_enc_input(
|
||||
key, key_length, pickled, pickled_length, &(session->last_error)
|
||||
);
|
||||
if (raw_length == (size_t)-1) {
|
||||
return raw_length;
|
||||
}
|
||||
|
||||
pos = pickled;
|
||||
end = pos + raw_length;
|
||||
pos = _olm_unpickle_uint32(pos, end, &pickle_version);
|
||||
if (pickle_version != PICKLE_VERSION) {
|
||||
session->last_error = OLM_UNKNOWN_PICKLE_VERSION;
|
||||
return (size_t)-1;
|
||||
}
|
||||
pos = megolm_unpickle(&session->initial_ratchet, pos, end);
|
||||
pos = megolm_unpickle(&session->latest_ratchet, pos, end);
|
||||
|
||||
if (end != pos) {
|
||||
/* We had the wrong number of bytes in the input. */
|
||||
session->last_error = OLM_CORRUPTED_PICKLE;
|
||||
return (size_t)-1;
|
||||
}
|
||||
|
||||
return pickled_length;
|
||||
}
|
||||
|
||||
/**
|
||||
* get the max plaintext length in an un-base64-ed message
|
||||
*/
|
||||
static size_t _decrypt_max_plaintext_length(
|
||||
OlmInboundGroupSession *session,
|
||||
uint8_t * message, size_t message_length
|
||||
) {
|
||||
struct _OlmDecodeGroupMessageResults decoded_results;
|
||||
|
||||
_olm_decode_group_message(
|
||||
message, message_length,
|
||||
megolm_cipher->ops->mac_length(megolm_cipher),
|
||||
&decoded_results);
|
||||
|
||||
if (decoded_results.version != OLM_PROTOCOL_VERSION) {
|
||||
session->last_error = OLM_BAD_MESSAGE_VERSION;
|
||||
return (size_t)-1;
|
||||
}
|
||||
|
||||
if (!decoded_results.ciphertext) {
|
||||
session->last_error = OLM_BAD_MESSAGE_FORMAT;
|
||||
return (size_t)-1;
|
||||
}
|
||||
|
||||
return megolm_cipher->ops->decrypt_max_plaintext_length(
|
||||
megolm_cipher, decoded_results.ciphertext_length);
|
||||
}
|
||||
|
||||
size_t olm_group_decrypt_max_plaintext_length(
|
||||
OlmInboundGroupSession *session,
|
||||
uint8_t * message, size_t message_length
|
||||
) {
|
||||
size_t raw_length;
|
||||
|
||||
raw_length = _olm_decode_base64(message, message_length, message);
|
||||
if (raw_length == (size_t)-1) {
|
||||
session->last_error = OLM_INVALID_BASE64;
|
||||
return (size_t)-1;
|
||||
}
|
||||
|
||||
return _decrypt_max_plaintext_length(
|
||||
session, message, raw_length
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* decrypt an un-base64-ed message
|
||||
*/
|
||||
static size_t _decrypt(
|
||||
OlmInboundGroupSession *session,
|
||||
uint8_t * message, size_t message_length,
|
||||
uint8_t * plaintext, size_t max_plaintext_length
|
||||
) {
|
||||
struct _OlmDecodeGroupMessageResults decoded_results;
|
||||
size_t max_length, r;
|
||||
Megolm *megolm;
|
||||
Megolm tmp_megolm;
|
||||
|
||||
_olm_decode_group_message(
|
||||
message, message_length,
|
||||
megolm_cipher->ops->mac_length(megolm_cipher),
|
||||
&decoded_results);
|
||||
|
||||
if (decoded_results.version != OLM_PROTOCOL_VERSION) {
|
||||
session->last_error = OLM_BAD_MESSAGE_VERSION;
|
||||
return (size_t)-1;
|
||||
}
|
||||
|
||||
if (!decoded_results.has_message_index || !decoded_results.session_id
|
||||
|| !decoded_results.ciphertext
|
||||
) {
|
||||
session->last_error = OLM_BAD_MESSAGE_FORMAT;
|
||||
return (size_t)-1;
|
||||
}
|
||||
|
||||
max_length = megolm_cipher->ops->decrypt_max_plaintext_length(
|
||||
megolm_cipher,
|
||||
decoded_results.ciphertext_length
|
||||
);
|
||||
if (max_plaintext_length < max_length) {
|
||||
session->last_error = OLM_OUTPUT_BUFFER_TOO_SMALL;
|
||||
return (size_t)-1;
|
||||
}
|
||||
|
||||
/* pick a megolm instance to use. If we're at or beyond the latest ratchet
|
||||
* value, use that */
|
||||
if ((decoded_results.message_index - session->latest_ratchet.counter) < (1U << 31)) {
|
||||
megolm = &session->latest_ratchet;
|
||||
} else if ((decoded_results.message_index - session->initial_ratchet.counter) >= (1U << 31)) {
|
||||
/* the counter is before our intial ratchet - we can't decode this. */
|
||||
session->last_error = OLM_UNKNOWN_MESSAGE_INDEX;
|
||||
return (size_t)-1;
|
||||
} else {
|
||||
/* otherwise, start from the initial megolm. Take a copy so that we
|
||||
* don't overwrite the initial megolm */
|
||||
tmp_megolm = session->initial_ratchet;
|
||||
megolm = &tmp_megolm;
|
||||
}
|
||||
|
||||
megolm_advance_to(megolm, decoded_results.message_index);
|
||||
|
||||
/* now try checking the mac, and decrypting */
|
||||
r = megolm_cipher->ops->decrypt(
|
||||
megolm_cipher,
|
||||
megolm_get_data(megolm), MEGOLM_RATCHET_LENGTH,
|
||||
message, message_length,
|
||||
decoded_results.ciphertext, decoded_results.ciphertext_length,
|
||||
plaintext, max_plaintext_length
|
||||
);
|
||||
|
||||
_olm_unset(&tmp_megolm, sizeof(tmp_megolm));
|
||||
if (r == (size_t)-1) {
|
||||
session->last_error = OLM_BAD_MESSAGE_MAC;
|
||||
return r;
|
||||
}
|
||||
|
||||
return r;
|
||||
}
|
||||
|
||||
size_t olm_group_decrypt(
|
||||
OlmInboundGroupSession *session,
|
||||
uint8_t * message, size_t message_length,
|
||||
uint8_t * plaintext, size_t max_plaintext_length
|
||||
) {
|
||||
size_t raw_message_length;
|
||||
|
||||
raw_message_length = _olm_decode_base64(message, message_length, message);
|
||||
if (raw_message_length == (size_t)-1) {
|
||||
session->last_error = OLM_INVALID_BASE64;
|
||||
return (size_t)-1;
|
||||
}
|
||||
|
||||
return _decrypt(
|
||||
session, message, raw_message_length,
|
||||
plaintext, max_plaintext_length
|
||||
);
|
||||
}
|
150
src/megolm.c
Normal file
150
src/megolm.c
Normal file
|
@ -0,0 +1,150 @@
|
|||
/* Copyright 2016 OpenMarket Ltd
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
|
||||
#include "olm/megolm.h"
|
||||
|
||||
#include <string.h>
|
||||
|
||||
#include "olm/cipher.h"
|
||||
#include "olm/crypto.h"
|
||||
#include "olm/pickle.h"
|
||||
|
||||
static const struct _olm_cipher_aes_sha_256 MEGOLM_CIPHER =
|
||||
OLM_CIPHER_INIT_AES_SHA_256("MEGOLM_KEYS");
|
||||
const struct _olm_cipher *megolm_cipher = OLM_CIPHER_BASE(&MEGOLM_CIPHER);
|
||||
|
||||
/* the seeds used in the HMAC-SHA-256 functions for each part of the ratchet.
|
||||
*/
|
||||
#define HASH_KEY_SEED_LENGTH 1
|
||||
static uint8_t HASH_KEY_SEEDS[MEGOLM_RATCHET_PARTS][HASH_KEY_SEED_LENGTH] = {
|
||||
{0x00},
|
||||
{0x01},
|
||||
{0x02},
|
||||
{0x03}
|
||||
};
|
||||
|
||||
static void rehash_part(
|
||||
uint8_t data[MEGOLM_RATCHET_PARTS][MEGOLM_RATCHET_PART_LENGTH],
|
||||
int rehash_from_part, int rehash_to_part
|
||||
) {
|
||||
_olm_crypto_hmac_sha256(
|
||||
data[rehash_from_part],
|
||||
MEGOLM_RATCHET_PART_LENGTH,
|
||||
HASH_KEY_SEEDS[rehash_to_part], HASH_KEY_SEED_LENGTH,
|
||||
data[rehash_to_part]
|
||||
);
|
||||
}
|
||||
|
||||
|
||||
|
||||
void megolm_init(Megolm *megolm, uint8_t const *random_data, uint32_t counter) {
|
||||
megolm->counter = counter;
|
||||
memcpy(megolm->data, random_data, MEGOLM_RATCHET_LENGTH);
|
||||
}
|
||||
|
||||
size_t megolm_pickle_length(const Megolm *megolm) {
|
||||
size_t length = 0;
|
||||
length += _olm_pickle_bytes_length(megolm_get_data(megolm), MEGOLM_RATCHET_LENGTH);
|
||||
length += _olm_pickle_uint32_length(megolm->counter);
|
||||
return length;
|
||||
|
||||
}
|
||||
|
||||
uint8_t * megolm_pickle(const Megolm *megolm, uint8_t *pos) {
|
||||
pos = _olm_pickle_bytes(pos, megolm_get_data(megolm), MEGOLM_RATCHET_LENGTH);
|
||||
pos = _olm_pickle_uint32(pos, megolm->counter);
|
||||
return pos;
|
||||
}
|
||||
|
||||
const uint8_t * megolm_unpickle(Megolm *megolm, const uint8_t *pos,
|
||||
const uint8_t *end) {
|
||||
pos = _olm_unpickle_bytes(pos, end, (uint8_t *)(megolm->data),
|
||||
MEGOLM_RATCHET_LENGTH);
|
||||
pos = _olm_unpickle_uint32(pos, end, &megolm->counter);
|
||||
return pos;
|
||||
}
|
||||
|
||||
/* simplistic implementation for a single step */
|
||||
void megolm_advance(Megolm *megolm) {
|
||||
uint32_t mask = 0x00FFFFFF;
|
||||
int h = 0;
|
||||
int i;
|
||||
|
||||
megolm->counter++;
|
||||
|
||||
/* figure out how much we need to rekey */
|
||||
while (h < (int)MEGOLM_RATCHET_PARTS) {
|
||||
if (!(megolm->counter & mask))
|
||||
break;
|
||||
h++;
|
||||
mask >>= 8;
|
||||
}
|
||||
|
||||
/* now update R(h)...R(3) based on R(h) */
|
||||
for (i = MEGOLM_RATCHET_PARTS-1; i >= h; i--) {
|
||||
rehash_part(megolm->data, h, i);
|
||||
}
|
||||
}
|
||||
|
||||
void megolm_advance_to(Megolm *megolm, uint32_t advance_to) {
|
||||
int j;
|
||||
|
||||
/* starting with R0, see if we need to update each part of the hash */
|
||||
for (j = 0; j < (int)MEGOLM_RATCHET_PARTS; j++) {
|
||||
int shift = (MEGOLM_RATCHET_PARTS-j-1) * 8;
|
||||
uint32_t mask = (~(uint32_t)0) << shift;
|
||||
int k;
|
||||
|
||||
/* how many times do we need to rehash this part?
|
||||
*
|
||||
* '& 0xff' ensures we handle integer wraparound correctly
|
||||
*/
|
||||
unsigned int steps =
|
||||
((advance_to >> shift) - (megolm->counter >> shift)) & 0xff;
|
||||
|
||||
if (steps == 0) {
|
||||
/* deal with the edge case where megolm->counter is slightly larger
|
||||
* than advance_to. This should only happen for R(0), and implies
|
||||
* that advance_to has wrapped around and we need to advance R(0)
|
||||
* 256 times.
|
||||
*/
|
||||
if (advance_to < megolm->counter) {
|
||||
steps = 0x100;
|
||||
} else {
|
||||
continue;
|
||||
}
|
||||
}
|
||||
|
||||
/* for all but the last step, we can just bump R(j) without regard
|
||||
* to R(j+1)...R(3).
|
||||
*/
|
||||
while (steps > 1) {
|
||||
rehash_part(megolm->data, j, j);
|
||||
steps --;
|
||||
}
|
||||
|
||||
/* on the last step we also need to bump R(j+1)...R(3).
|
||||
*
|
||||
* (Theoretically, we could skip bumping R(j+2) if we're going to bump
|
||||
* R(j+1) again, but the code to figure that out is a bit baroque and
|
||||
* doesn't save us much).
|
||||
*/
|
||||
for (k = 3; k >= j; k--) {
|
||||
rehash_part(megolm->data, j, k);
|
||||
}
|
||||
megolm->counter = advance_to & mask;
|
||||
}
|
||||
}
|
|
@ -1,4 +1,4 @@
|
|||
/* Copyright 2015 OpenMarket Ltd
|
||||
/* Copyright 2015-2016 OpenMarket Ltd
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
@ -345,3 +345,86 @@ void olm::decode_one_time_key_message(
|
|||
olm::bytes_to_string(reader.message, reader.message_length).c_str()
|
||||
);
|
||||
}
|
||||
|
||||
|
||||
|
||||
static const std::uint8_t GROUP_SESSION_ID_TAG = 012;
|
||||
static const std::uint8_t GROUP_MESSAGE_INDEX_TAG = 020;
|
||||
static const std::uint8_t GROUP_CIPHERTEXT_TAG = 032;
|
||||
|
||||
size_t _olm_encode_group_message_length(
|
||||
size_t group_session_id_length,
|
||||
uint32_t message_index,
|
||||
size_t ciphertext_length,
|
||||
size_t mac_length
|
||||
) {
|
||||
size_t length = VERSION_LENGTH;
|
||||
length += 1 + varstring_length(group_session_id_length);
|
||||
length += 1 + varint_length(message_index);
|
||||
length += 1 + varstring_length(ciphertext_length);
|
||||
length += mac_length;
|
||||
return length;
|
||||
}
|
||||
|
||||
|
||||
size_t _olm_encode_group_message(
|
||||
uint8_t version,
|
||||
const uint8_t *session_id,
|
||||
size_t session_id_length,
|
||||
uint32_t message_index,
|
||||
size_t ciphertext_length,
|
||||
uint8_t *output,
|
||||
uint8_t **ciphertext_ptr
|
||||
) {
|
||||
std::uint8_t * pos = output;
|
||||
std::uint8_t * session_id_pos;
|
||||
|
||||
*(pos++) = version;
|
||||
pos = encode(pos, GROUP_SESSION_ID_TAG, session_id_pos, session_id_length);
|
||||
std::memcpy(session_id_pos, session_id, session_id_length);
|
||||
pos = encode(pos, GROUP_MESSAGE_INDEX_TAG, message_index);
|
||||
pos = encode(pos, GROUP_CIPHERTEXT_TAG, *ciphertext_ptr, ciphertext_length);
|
||||
return pos-output;
|
||||
}
|
||||
|
||||
void _olm_decode_group_message(
|
||||
const uint8_t *input, size_t input_length,
|
||||
size_t mac_length,
|
||||
struct _OlmDecodeGroupMessageResults *results
|
||||
) {
|
||||
std::uint8_t const * pos = input;
|
||||
std::uint8_t const * end = input + input_length - mac_length;
|
||||
std::uint8_t const * unknown = nullptr;
|
||||
|
||||
results->session_id = nullptr;
|
||||
results->session_id_length = 0;
|
||||
bool has_message_index = false;
|
||||
results->message_index = 0;
|
||||
results->ciphertext = nullptr;
|
||||
results->ciphertext_length = 0;
|
||||
|
||||
if (pos == end) return;
|
||||
if (input_length < mac_length) return;
|
||||
results->version = *(pos++);
|
||||
|
||||
while (pos != end) {
|
||||
pos = decode(
|
||||
pos, end, GROUP_SESSION_ID_TAG,
|
||||
results->session_id, results->session_id_length
|
||||
);
|
||||
pos = decode(
|
||||
pos, end, GROUP_MESSAGE_INDEX_TAG,
|
||||
results->message_index, has_message_index
|
||||
);
|
||||
pos = decode(
|
||||
pos, end, GROUP_CIPHERTEXT_TAG,
|
||||
results->ciphertext, results->ciphertext_length
|
||||
);
|
||||
if (unknown == pos) {
|
||||
pos = skip_unknown(pos, end);
|
||||
}
|
||||
unknown = pos;
|
||||
}
|
||||
|
||||
results->has_message_index = (int)has_message_index;
|
||||
}
|
||||
|
|
135
src/olm.cpp
135
src/olm.cpp
|
@ -16,6 +16,7 @@
|
|||
#include "olm/session.hh"
|
||||
#include "olm/account.hh"
|
||||
#include "olm/cipher.h"
|
||||
#include "olm/pickle_encoding.h"
|
||||
#include "olm/utility.hh"
|
||||
#include "olm/base64.hh"
|
||||
#include "olm/memory.hh"
|
||||
|
@ -58,78 +59,6 @@ static std::uint8_t const * from_c(void const * bytes) {
|
|||
return reinterpret_cast<std::uint8_t const *>(bytes);
|
||||
}
|
||||
|
||||
static const struct _olm_cipher_aes_sha_256 PICKLE_CIPHER =
|
||||
OLM_CIPHER_INIT_AES_SHA_256("Pickle");
|
||||
|
||||
std::size_t enc_output_length(
|
||||
size_t raw_length
|
||||
) {
|
||||
auto *cipher = OLM_CIPHER_BASE(&PICKLE_CIPHER);
|
||||
std::size_t length = cipher->ops->encrypt_ciphertext_length(cipher, raw_length);
|
||||
length += cipher->ops->mac_length(cipher);
|
||||
return olm::encode_base64_length(length);
|
||||
}
|
||||
|
||||
|
||||
std::uint8_t * enc_output_pos(
|
||||
std::uint8_t * output,
|
||||
size_t raw_length
|
||||
) {
|
||||
auto *cipher = OLM_CIPHER_BASE(&PICKLE_CIPHER);
|
||||
std::size_t length = cipher->ops->encrypt_ciphertext_length(cipher, raw_length);
|
||||
length += cipher->ops->mac_length(cipher);
|
||||
return output + olm::encode_base64_length(length) - length;
|
||||
}
|
||||
|
||||
std::size_t enc_output(
|
||||
std::uint8_t const * key, std::size_t key_length,
|
||||
std::uint8_t * output, size_t raw_length
|
||||
) {
|
||||
auto *cipher = OLM_CIPHER_BASE(&PICKLE_CIPHER);
|
||||
std::size_t ciphertext_length = cipher->ops->encrypt_ciphertext_length(
|
||||
cipher, raw_length
|
||||
);
|
||||
std::size_t length = ciphertext_length + cipher->ops->mac_length(cipher);
|
||||
std::size_t base64_length = olm::encode_base64_length(length);
|
||||
std::uint8_t * raw_output = output + base64_length - length;
|
||||
cipher->ops->encrypt(
|
||||
cipher,
|
||||
key, key_length,
|
||||
raw_output, raw_length,
|
||||
raw_output, ciphertext_length,
|
||||
raw_output, length
|
||||
);
|
||||
olm::encode_base64(raw_output, length, output);
|
||||
return raw_length;
|
||||
}
|
||||
|
||||
std::size_t enc_input(
|
||||
std::uint8_t const * key, std::size_t key_length,
|
||||
std::uint8_t * input, size_t b64_length,
|
||||
OlmErrorCode & last_error
|
||||
) {
|
||||
std::size_t enc_length = olm::decode_base64_length(b64_length);
|
||||
if (enc_length == std::size_t(-1)) {
|
||||
last_error = OlmErrorCode::OLM_INVALID_BASE64;
|
||||
return std::size_t(-1);
|
||||
}
|
||||
olm::decode_base64(input, b64_length, input);
|
||||
auto *cipher = OLM_CIPHER_BASE(&PICKLE_CIPHER);
|
||||
std::size_t raw_length = enc_length - cipher->ops->mac_length(cipher);
|
||||
std::size_t result = cipher->ops->decrypt(
|
||||
cipher,
|
||||
key, key_length,
|
||||
input, enc_length,
|
||||
input, raw_length,
|
||||
input, raw_length
|
||||
);
|
||||
if (result == std::size_t(-1)) {
|
||||
last_error = OlmErrorCode::OLM_BAD_ACCOUNT_KEY;
|
||||
}
|
||||
return result;
|
||||
}
|
||||
|
||||
|
||||
std::size_t b64_output_length(
|
||||
size_t raw_length
|
||||
) {
|
||||
|
@ -165,20 +94,6 @@ std::size_t b64_input(
|
|||
return raw_length;
|
||||
}
|
||||
|
||||
static const char * ERRORS[11] {
|
||||
"SUCCESS",
|
||||
"NOT_ENOUGH_RANDOM",
|
||||
"OUTPUT_BUFFER_TOO_SMALL",
|
||||
"BAD_MESSAGE_VERSION",
|
||||
"BAD_MESSAGE_FORMAT",
|
||||
"BAD_MESSAGE_MAC",
|
||||
"BAD_MESSAGE_KEY_ID",
|
||||
"INVALID_BASE64",
|
||||
"BAD_ACCOUNT_KEY",
|
||||
"UNKNOWN_PICKLE_VERSION",
|
||||
"CORRUPTED_PICKLE",
|
||||
};
|
||||
|
||||
} // namespace
|
||||
|
||||
|
||||
|
@ -193,35 +108,23 @@ size_t olm_error() {
|
|||
const char * olm_account_last_error(
|
||||
OlmAccount * account
|
||||
) {
|
||||
unsigned error = unsigned(from_c(account)->last_error);
|
||||
if (error < (sizeof(ERRORS)/sizeof(ERRORS[0]))) {
|
||||
return ERRORS[error];
|
||||
} else {
|
||||
return "UNKNOWN_ERROR";
|
||||
}
|
||||
auto error = from_c(account)->last_error;
|
||||
return _olm_error_to_string(error);
|
||||
}
|
||||
|
||||
|
||||
const char * olm_session_last_error(
|
||||
OlmSession * session
|
||||
) {
|
||||
unsigned error = unsigned(from_c(session)->last_error);
|
||||
if (error < (sizeof(ERRORS)/sizeof(ERRORS[0]))) {
|
||||
return ERRORS[error];
|
||||
} else {
|
||||
return "UNKNOWN_ERROR";
|
||||
}
|
||||
auto error = from_c(session)->last_error;
|
||||
return _olm_error_to_string(error);
|
||||
}
|
||||
|
||||
const char * olm_utility_last_error(
|
||||
OlmUtility * utility
|
||||
) {
|
||||
unsigned error = unsigned(from_c(utility)->last_error);
|
||||
if (error < (sizeof(ERRORS)/sizeof(ERRORS[0]))) {
|
||||
return ERRORS[error];
|
||||
} else {
|
||||
return "UNKNOWN_ERROR";
|
||||
}
|
||||
auto error = from_c(utility)->last_error;
|
||||
return _olm_error_to_string(error);
|
||||
}
|
||||
|
||||
size_t olm_account_size() {
|
||||
|
@ -297,14 +200,14 @@ size_t olm_clear_utility(
|
|||
size_t olm_pickle_account_length(
|
||||
OlmAccount * account
|
||||
) {
|
||||
return enc_output_length(pickle_length(*from_c(account)));
|
||||
return _olm_enc_output_length(pickle_length(*from_c(account)));
|
||||
}
|
||||
|
||||
|
||||
size_t olm_pickle_session_length(
|
||||
OlmSession * session
|
||||
) {
|
||||
return enc_output_length(pickle_length(*from_c(session)));
|
||||
return _olm_enc_output_length(pickle_length(*from_c(session)));
|
||||
}
|
||||
|
||||
|
||||
|
@ -315,12 +218,12 @@ size_t olm_pickle_account(
|
|||
) {
|
||||
olm::Account & object = *from_c(account);
|
||||
std::size_t raw_length = pickle_length(object);
|
||||
if (pickled_length < enc_output_length(raw_length)) {
|
||||
if (pickled_length < _olm_enc_output_length(raw_length)) {
|
||||
object.last_error = OlmErrorCode::OLM_OUTPUT_BUFFER_TOO_SMALL;
|
||||
return size_t(-1);
|
||||
}
|
||||
pickle(enc_output_pos(from_c(pickled), raw_length), object);
|
||||
return enc_output(from_c(key), key_length, from_c(pickled), raw_length);
|
||||
pickle(_olm_enc_output_pos(from_c(pickled), raw_length), object);
|
||||
return _olm_enc_output(from_c(key), key_length, from_c(pickled), raw_length);
|
||||
}
|
||||
|
||||
|
||||
|
@ -331,12 +234,12 @@ size_t olm_pickle_session(
|
|||
) {
|
||||
olm::Session & object = *from_c(session);
|
||||
std::size_t raw_length = pickle_length(object);
|
||||
if (pickled_length < enc_output_length(raw_length)) {
|
||||
if (pickled_length < _olm_enc_output_length(raw_length)) {
|
||||
object.last_error = OlmErrorCode::OLM_OUTPUT_BUFFER_TOO_SMALL;
|
||||
return size_t(-1);
|
||||
}
|
||||
pickle(enc_output_pos(from_c(pickled), raw_length), object);
|
||||
return enc_output(from_c(key), key_length, from_c(pickled), raw_length);
|
||||
pickle(_olm_enc_output_pos(from_c(pickled), raw_length), object);
|
||||
return _olm_enc_output(from_c(key), key_length, from_c(pickled), raw_length);
|
||||
}
|
||||
|
||||
|
||||
|
@ -347,8 +250,8 @@ size_t olm_unpickle_account(
|
|||
) {
|
||||
olm::Account & object = *from_c(account);
|
||||
std::uint8_t * const pos = from_c(pickled);
|
||||
std::size_t raw_length = enc_input(
|
||||
from_c(key), key_length, pos, pickled_length, object.last_error
|
||||
std::size_t raw_length = _olm_enc_input(
|
||||
from_c(key), key_length, pos, pickled_length, &object.last_error
|
||||
);
|
||||
if (raw_length == std::size_t(-1)) {
|
||||
return std::size_t(-1);
|
||||
|
@ -375,8 +278,8 @@ size_t olm_unpickle_session(
|
|||
) {
|
||||
olm::Session & object = *from_c(session);
|
||||
std::uint8_t * const pos = from_c(pickled);
|
||||
std::size_t raw_length = enc_input(
|
||||
from_c(key), key_length, pos, pickled_length, object.last_error
|
||||
std::size_t raw_length = _olm_enc_input(
|
||||
from_c(key), key_length, pos, pickled_length, &object.last_error
|
||||
);
|
||||
if (raw_length == std::size_t(-1)) {
|
||||
return std::size_t(-1);
|
||||
|
|
325
src/outbound_group_session.c
Normal file
325
src/outbound_group_session.c
Normal file
|
@ -0,0 +1,325 @@
|
|||
/* Copyright 2016 OpenMarket Ltd
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#include "olm/outbound_group_session.h"
|
||||
|
||||
#include <string.h>
|
||||
#include <sys/time.h>
|
||||
|
||||
#include "olm/base64.h"
|
||||
#include "olm/cipher.h"
|
||||
#include "olm/error.h"
|
||||
#include "olm/megolm.h"
|
||||
#include "olm/memory.h"
|
||||
#include "olm/message.h"
|
||||
#include "olm/pickle.h"
|
||||
#include "olm/pickle_encoding.h"
|
||||
|
||||
#define OLM_PROTOCOL_VERSION 3
|
||||
#define SESSION_ID_RANDOM_BYTES 4
|
||||
#define GROUP_SESSION_ID_LENGTH (sizeof(struct timeval) + SESSION_ID_RANDOM_BYTES)
|
||||
#define PICKLE_VERSION 1
|
||||
|
||||
struct OlmOutboundGroupSession {
|
||||
/** the Megolm ratchet providing the encryption keys */
|
||||
Megolm ratchet;
|
||||
|
||||
/** unique identifier for this session */
|
||||
uint8_t session_id[GROUP_SESSION_ID_LENGTH];
|
||||
|
||||
enum OlmErrorCode last_error;
|
||||
};
|
||||
|
||||
|
||||
size_t olm_outbound_group_session_size() {
|
||||
return sizeof(OlmOutboundGroupSession);
|
||||
}
|
||||
|
||||
OlmOutboundGroupSession * olm_outbound_group_session(
|
||||
void *memory
|
||||
) {
|
||||
OlmOutboundGroupSession *session = memory;
|
||||
olm_clear_outbound_group_session(session);
|
||||
return session;
|
||||
}
|
||||
|
||||
const char *olm_outbound_group_session_last_error(
|
||||
const OlmOutboundGroupSession *session
|
||||
) {
|
||||
return _olm_error_to_string(session->last_error);
|
||||
}
|
||||
|
||||
size_t olm_clear_outbound_group_session(
|
||||
OlmOutboundGroupSession *session
|
||||
) {
|
||||
_olm_unset(session, sizeof(OlmOutboundGroupSession));
|
||||
return sizeof(OlmOutboundGroupSession);
|
||||
}
|
||||
|
||||
static size_t raw_pickle_length(
|
||||
const OlmOutboundGroupSession *session
|
||||
) {
|
||||
size_t length = 0;
|
||||
length += _olm_pickle_uint32_length(PICKLE_VERSION);
|
||||
length += megolm_pickle_length(&(session->ratchet));
|
||||
length += _olm_pickle_bytes_length(session->session_id,
|
||||
GROUP_SESSION_ID_LENGTH);
|
||||
return length;
|
||||
}
|
||||
|
||||
size_t olm_pickle_outbound_group_session_length(
|
||||
const OlmOutboundGroupSession *session
|
||||
) {
|
||||
return _olm_enc_output_length(raw_pickle_length(session));
|
||||
}
|
||||
|
||||
size_t olm_pickle_outbound_group_session(
|
||||
OlmOutboundGroupSession *session,
|
||||
void const * key, size_t key_length,
|
||||
void * pickled, size_t pickled_length
|
||||
) {
|
||||
size_t raw_length = raw_pickle_length(session);
|
||||
uint8_t *pos;
|
||||
|
||||
if (pickled_length < _olm_enc_output_length(raw_length)) {
|
||||
session->last_error = OLM_OUTPUT_BUFFER_TOO_SMALL;
|
||||
return (size_t)-1;
|
||||
}
|
||||
|
||||
pos = _olm_enc_output_pos(pickled, raw_length);
|
||||
pos = _olm_pickle_uint32(pos, PICKLE_VERSION);
|
||||
pos = megolm_pickle(&(session->ratchet), pos);
|
||||
pos = _olm_pickle_bytes(pos, session->session_id, GROUP_SESSION_ID_LENGTH);
|
||||
|
||||
return _olm_enc_output(key, key_length, pickled, raw_length);
|
||||
}
|
||||
|
||||
size_t olm_unpickle_outbound_group_session(
|
||||
OlmOutboundGroupSession *session,
|
||||
void const * key, size_t key_length,
|
||||
void * pickled, size_t pickled_length
|
||||
) {
|
||||
const uint8_t *pos;
|
||||
const uint8_t *end;
|
||||
uint32_t pickle_version;
|
||||
|
||||
size_t raw_length = _olm_enc_input(
|
||||
key, key_length, pickled, pickled_length, &(session->last_error)
|
||||
);
|
||||
if (raw_length == (size_t)-1) {
|
||||
return raw_length;
|
||||
}
|
||||
|
||||
pos = pickled;
|
||||
end = pos + raw_length;
|
||||
pos = _olm_unpickle_uint32(pos, end, &pickle_version);
|
||||
if (pickle_version != PICKLE_VERSION) {
|
||||
session->last_error = OLM_UNKNOWN_PICKLE_VERSION;
|
||||
return (size_t)-1;
|
||||
}
|
||||
pos = megolm_unpickle(&(session->ratchet), pos, end);
|
||||
pos = _olm_unpickle_bytes(pos, end, session->session_id, GROUP_SESSION_ID_LENGTH);
|
||||
|
||||
if (end != pos) {
|
||||
/* We had the wrong number of bytes in the input. */
|
||||
session->last_error = OLM_CORRUPTED_PICKLE;
|
||||
return (size_t)-1;
|
||||
}
|
||||
|
||||
return pickled_length;
|
||||
}
|
||||
|
||||
|
||||
size_t olm_init_outbound_group_session_random_length(
|
||||
const OlmOutboundGroupSession *session
|
||||
) {
|
||||
/* we need data to initialize the megolm ratchet, plus some more for the
|
||||
* session id.
|
||||
*/
|
||||
return MEGOLM_RATCHET_LENGTH + SESSION_ID_RANDOM_BYTES;
|
||||
}
|
||||
|
||||
size_t olm_init_outbound_group_session(
|
||||
OlmOutboundGroupSession *session,
|
||||
uint8_t const * random, size_t random_length
|
||||
) {
|
||||
if (random_length < olm_init_outbound_group_session_random_length(session)) {
|
||||
/* Insufficient random data for new session */
|
||||
session->last_error = OLM_NOT_ENOUGH_RANDOM;
|
||||
return (size_t)-1;
|
||||
}
|
||||
|
||||
megolm_init(&(session->ratchet), random, 0);
|
||||
random += MEGOLM_RATCHET_LENGTH;
|
||||
|
||||
/* initialise the session id. This just has to be unique. We use the
|
||||
* current time plus some random data.
|
||||
*/
|
||||
gettimeofday((struct timeval *)(session->session_id), NULL);
|
||||
memcpy((session->session_id) + sizeof(struct timeval),
|
||||
random, SESSION_ID_RANDOM_BYTES);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
static size_t raw_message_length(
|
||||
OlmOutboundGroupSession *session,
|
||||
size_t plaintext_length)
|
||||
{
|
||||
size_t ciphertext_length, mac_length;
|
||||
|
||||
ciphertext_length = megolm_cipher->ops->encrypt_ciphertext_length(
|
||||
megolm_cipher, plaintext_length
|
||||
);
|
||||
|
||||
mac_length = megolm_cipher->ops->mac_length(megolm_cipher);
|
||||
|
||||
return _olm_encode_group_message_length(
|
||||
GROUP_SESSION_ID_LENGTH, session->ratchet.counter,
|
||||
ciphertext_length, mac_length);
|
||||
}
|
||||
|
||||
size_t olm_group_encrypt_message_length(
|
||||
OlmOutboundGroupSession *session,
|
||||
size_t plaintext_length
|
||||
) {
|
||||
size_t message_length = raw_message_length(session, plaintext_length);
|
||||
return _olm_encode_base64_length(message_length);
|
||||
}
|
||||
|
||||
/** write an un-base64-ed message to the buffer */
|
||||
static size_t _encrypt(
|
||||
OlmOutboundGroupSession *session, uint8_t const * plaintext, size_t plaintext_length,
|
||||
uint8_t * buffer
|
||||
) {
|
||||
size_t ciphertext_length, mac_length, message_length;
|
||||
size_t result;
|
||||
uint8_t *ciphertext_ptr;
|
||||
|
||||
ciphertext_length = megolm_cipher->ops->encrypt_ciphertext_length(
|
||||
megolm_cipher,
|
||||
plaintext_length
|
||||
);
|
||||
|
||||
mac_length = megolm_cipher->ops->mac_length(megolm_cipher);
|
||||
|
||||
/* first we build the message structure, then we encrypt
|
||||
* the plaintext into it.
|
||||
*/
|
||||
message_length = _olm_encode_group_message(
|
||||
OLM_PROTOCOL_VERSION,
|
||||
session->session_id, GROUP_SESSION_ID_LENGTH,
|
||||
session->ratchet.counter,
|
||||
ciphertext_length,
|
||||
buffer,
|
||||
&ciphertext_ptr);
|
||||
|
||||
message_length += mac_length;
|
||||
|
||||
result = megolm_cipher->ops->encrypt(
|
||||
megolm_cipher,
|
||||
megolm_get_data(&(session->ratchet)), MEGOLM_RATCHET_LENGTH,
|
||||
plaintext, plaintext_length,
|
||||
ciphertext_ptr, ciphertext_length,
|
||||
buffer, message_length
|
||||
);
|
||||
|
||||
if (result == (size_t)-1) {
|
||||
return result;
|
||||
}
|
||||
|
||||
megolm_advance(&(session->ratchet));
|
||||
|
||||
return result;
|
||||
}
|
||||
|
||||
size_t olm_group_encrypt(
|
||||
OlmOutboundGroupSession *session,
|
||||
uint8_t const * plaintext, size_t plaintext_length,
|
||||
uint8_t * message, size_t max_message_length
|
||||
) {
|
||||
size_t rawmsglen;
|
||||
size_t result;
|
||||
uint8_t *message_pos;
|
||||
|
||||
rawmsglen = raw_message_length(session, plaintext_length);
|
||||
|
||||
if (max_message_length < _olm_encode_base64_length(rawmsglen)) {
|
||||
session->last_error = OLM_OUTPUT_BUFFER_TOO_SMALL;
|
||||
return (size_t)-1;
|
||||
}
|
||||
|
||||
/* we construct the message at the end of the buffer, so that
|
||||
* we have room to base64-encode it once we're done.
|
||||
*/
|
||||
message_pos = message + _olm_encode_base64_length(rawmsglen) - rawmsglen;
|
||||
|
||||
/* write the message, and encrypt it, at message_pos */
|
||||
result = _encrypt(session, plaintext, plaintext_length, message_pos);
|
||||
if (result == (size_t)-1) {
|
||||
return result;
|
||||
}
|
||||
|
||||
/* bas64-encode it */
|
||||
return _olm_encode_base64(
|
||||
message_pos, rawmsglen, message
|
||||
);
|
||||
}
|
||||
|
||||
|
||||
size_t olm_outbound_group_session_id_length(
|
||||
const OlmOutboundGroupSession *session
|
||||
) {
|
||||
return _olm_encode_base64_length(GROUP_SESSION_ID_LENGTH);
|
||||
}
|
||||
|
||||
size_t olm_outbound_group_session_id(
|
||||
OlmOutboundGroupSession *session,
|
||||
uint8_t * id, size_t id_length
|
||||
) {
|
||||
if (id_length < olm_outbound_group_session_id_length(session)) {
|
||||
session->last_error = OLM_OUTPUT_BUFFER_TOO_SMALL;
|
||||
return (size_t)-1;
|
||||
}
|
||||
|
||||
return _olm_encode_base64(session->session_id, GROUP_SESSION_ID_LENGTH, id);
|
||||
}
|
||||
|
||||
uint32_t olm_outbound_group_session_message_index(
|
||||
OlmOutboundGroupSession *session
|
||||
) {
|
||||
return session->ratchet.counter;
|
||||
}
|
||||
|
||||
size_t olm_outbound_group_session_key_length(
|
||||
const OlmOutboundGroupSession *session
|
||||
) {
|
||||
return _olm_encode_base64_length(MEGOLM_RATCHET_LENGTH);
|
||||
}
|
||||
|
||||
size_t olm_outbound_group_session_key(
|
||||
OlmOutboundGroupSession *session,
|
||||
uint8_t * key, size_t key_length
|
||||
) {
|
||||
if (key_length < olm_outbound_group_session_key_length(session)) {
|
||||
session->last_error = OLM_OUTPUT_BUFFER_TOO_SMALL;
|
||||
return (size_t)-1;
|
||||
}
|
||||
|
||||
return _olm_encode_base64(
|
||||
megolm_get_data(&session->ratchet),
|
||||
MEGOLM_RATCHET_LENGTH, key
|
||||
);
|
||||
}
|
92
src/pickle_encoding.c
Normal file
92
src/pickle_encoding.c
Normal file
|
@ -0,0 +1,92 @@
|
|||
/* Copyright 2016 OpenMarket Ltd
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#include "olm/pickle_encoding.h"
|
||||
|
||||
#include "olm/base64.h"
|
||||
#include "olm/cipher.h"
|
||||
#include "olm/olm.h"
|
||||
|
||||
static const struct _olm_cipher_aes_sha_256 PICKLE_CIPHER =
|
||||
OLM_CIPHER_INIT_AES_SHA_256("Pickle");
|
||||
|
||||
size_t _olm_enc_output_length(
|
||||
size_t raw_length
|
||||
) {
|
||||
const struct _olm_cipher *cipher = OLM_CIPHER_BASE(&PICKLE_CIPHER);
|
||||
size_t length = cipher->ops->encrypt_ciphertext_length(cipher, raw_length);
|
||||
length += cipher->ops->mac_length(cipher);
|
||||
return _olm_encode_base64_length(length);
|
||||
}
|
||||
|
||||
uint8_t * _olm_enc_output_pos(
|
||||
uint8_t * output,
|
||||
size_t raw_length
|
||||
) {
|
||||
const struct _olm_cipher *cipher = OLM_CIPHER_BASE(&PICKLE_CIPHER);
|
||||
size_t length = cipher->ops->encrypt_ciphertext_length(cipher, raw_length);
|
||||
length += cipher->ops->mac_length(cipher);
|
||||
return output + _olm_encode_base64_length(length) - length;
|
||||
}
|
||||
|
||||
size_t _olm_enc_output(
|
||||
uint8_t const * key, size_t key_length,
|
||||
uint8_t * output, size_t raw_length
|
||||
) {
|
||||
const struct _olm_cipher *cipher = OLM_CIPHER_BASE(&PICKLE_CIPHER);
|
||||
size_t ciphertext_length = cipher->ops->encrypt_ciphertext_length(
|
||||
cipher, raw_length
|
||||
);
|
||||
size_t length = ciphertext_length + cipher->ops->mac_length(cipher);
|
||||
size_t base64_length = _olm_encode_base64_length(length);
|
||||
uint8_t * raw_output = output + base64_length - length;
|
||||
cipher->ops->encrypt(
|
||||
cipher,
|
||||
key, key_length,
|
||||
raw_output, raw_length,
|
||||
raw_output, ciphertext_length,
|
||||
raw_output, length
|
||||
);
|
||||
_olm_encode_base64(raw_output, length, output);
|
||||
return raw_length;
|
||||
}
|
||||
|
||||
|
||||
size_t _olm_enc_input(uint8_t const * key, size_t key_length,
|
||||
uint8_t * input, size_t b64_length,
|
||||
enum OlmErrorCode * last_error
|
||||
) {
|
||||
size_t enc_length = _olm_decode_base64_length(b64_length);
|
||||
if (enc_length == (size_t)-1) {
|
||||
if (last_error) {
|
||||
*last_error = OLM_INVALID_BASE64;
|
||||
}
|
||||
return (size_t)-1;
|
||||
}
|
||||
_olm_decode_base64(input, b64_length, input);
|
||||
const struct _olm_cipher *cipher = OLM_CIPHER_BASE(&PICKLE_CIPHER);
|
||||
size_t raw_length = enc_length - cipher->ops->mac_length(cipher);
|
||||
size_t result = cipher->ops->decrypt(
|
||||
cipher,
|
||||
key, key_length,
|
||||
input, enc_length,
|
||||
input, raw_length,
|
||||
input, raw_length
|
||||
);
|
||||
if (result == (size_t)-1 && last_error) {
|
||||
*last_error = OLM_BAD_ACCOUNT_KEY;
|
||||
}
|
||||
return result;
|
||||
}
|
151
tests/test_group_session.cpp
Normal file
151
tests/test_group_session.cpp
Normal file
|
@ -0,0 +1,151 @@
|
|||
/* Copyright 2016 OpenMarket Ltd
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
#include "olm/inbound_group_session.h"
|
||||
#include "olm/outbound_group_session.h"
|
||||
#include "unittest.hh"
|
||||
|
||||
|
||||
int main() {
|
||||
|
||||
{
|
||||
TestCase test_case("Pickle outbound group session");
|
||||
|
||||
size_t size = olm_outbound_group_session_size();
|
||||
uint8_t memory[size];
|
||||
OlmOutboundGroupSession *session = olm_outbound_group_session(memory);
|
||||
|
||||
size_t pickle_length = olm_pickle_outbound_group_session_length(session);
|
||||
uint8_t pickle1[pickle_length];
|
||||
olm_pickle_outbound_group_session(session,
|
||||
"secret_key", 10,
|
||||
pickle1, pickle_length);
|
||||
uint8_t pickle2[pickle_length];
|
||||
memcpy(pickle2, pickle1, pickle_length);
|
||||
|
||||
uint8_t buffer2[size];
|
||||
OlmOutboundGroupSession *session2 = olm_outbound_group_session(buffer2);
|
||||
size_t res = olm_unpickle_outbound_group_session(session2,
|
||||
"secret_key", 10,
|
||||
pickle2, pickle_length);
|
||||
assert_not_equals((size_t)-1, res);
|
||||
assert_equals(pickle_length,
|
||||
olm_pickle_outbound_group_session_length(session2));
|
||||
olm_pickle_outbound_group_session(session2,
|
||||
"secret_key", 10,
|
||||
pickle2, pickle_length);
|
||||
|
||||
assert_equals(pickle1, pickle2, pickle_length);
|
||||
}
|
||||
|
||||
|
||||
{
|
||||
TestCase test_case("Pickle inbound group session");
|
||||
|
||||
size_t size = olm_inbound_group_session_size();
|
||||
uint8_t memory[size];
|
||||
OlmInboundGroupSession *session = olm_inbound_group_session(memory);
|
||||
|
||||
size_t pickle_length = olm_pickle_inbound_group_session_length(session);
|
||||
uint8_t pickle1[pickle_length];
|
||||
olm_pickle_inbound_group_session(session,
|
||||
"secret_key", 10,
|
||||
pickle1, pickle_length);
|
||||
uint8_t pickle2[pickle_length];
|
||||
memcpy(pickle2, pickle1, pickle_length);
|
||||
|
||||
uint8_t buffer2[size];
|
||||
OlmInboundGroupSession *session2 = olm_inbound_group_session(buffer2);
|
||||
size_t res = olm_unpickle_inbound_group_session(session2,
|
||||
"secret_key", 10,
|
||||
pickle2, pickle_length);
|
||||
assert_not_equals((size_t)-1, res);
|
||||
assert_equals(pickle_length,
|
||||
olm_pickle_inbound_group_session_length(session2));
|
||||
olm_pickle_inbound_group_session(session2,
|
||||
"secret_key", 10,
|
||||
pickle2, pickle_length);
|
||||
|
||||
assert_equals(pickle1, pickle2, pickle_length);
|
||||
}
|
||||
|
||||
|
||||
{
|
||||
TestCase test_case("Group message send/receive");
|
||||
|
||||
uint8_t random_bytes[] =
|
||||
"0123456789ABDEF0123456789ABCDEF"
|
||||
"0123456789ABDEF0123456789ABCDEF"
|
||||
"0123456789ABDEF0123456789ABCDEF"
|
||||
"0123456789ABDEF0123456789ABCDEF"
|
||||
"0123456789ABDEF0123456789ABCDEF";
|
||||
|
||||
|
||||
/* build the outbound session */
|
||||
size_t size = olm_outbound_group_session_size();
|
||||
uint8_t memory[size];
|
||||
OlmOutboundGroupSession *session = olm_outbound_group_session(memory);
|
||||
|
||||
assert_equals((size_t)132,
|
||||
olm_init_outbound_group_session_random_length(session));
|
||||
|
||||
size_t res = olm_init_outbound_group_session(
|
||||
session, random_bytes, sizeof(random_bytes));
|
||||
assert_equals((size_t)0, res);
|
||||
|
||||
assert_equals(0U, olm_outbound_group_session_message_index(session));
|
||||
size_t session_key_len = olm_outbound_group_session_key_length(session);
|
||||
uint8_t session_key[session_key_len];
|
||||
olm_outbound_group_session_key(session, session_key, session_key_len);
|
||||
|
||||
|
||||
/* encode the message */
|
||||
uint8_t plaintext[] = "Message";
|
||||
size_t plaintext_length = sizeof(plaintext) - 1;
|
||||
|
||||
size_t msglen = olm_group_encrypt_message_length(
|
||||
session, plaintext_length);
|
||||
|
||||
uint8_t msg[msglen];
|
||||
res = olm_group_encrypt(session, plaintext, plaintext_length,
|
||||
msg, msglen);
|
||||
assert_equals(msglen, res);
|
||||
assert_equals(1U, olm_outbound_group_session_message_index(session));
|
||||
|
||||
|
||||
/* build the inbound session */
|
||||
size = olm_inbound_group_session_size();
|
||||
uint8_t inbound_session_memory[size];
|
||||
OlmInboundGroupSession *inbound_session =
|
||||
olm_inbound_group_session(inbound_session_memory);
|
||||
|
||||
res = olm_init_inbound_group_session(
|
||||
inbound_session, 0U, session_key, session_key_len);
|
||||
assert_equals((size_t)0, res);
|
||||
|
||||
/* decode the message */
|
||||
|
||||
/* olm_group_decrypt_max_plaintext_length destroys the input so we have to
|
||||
copy it. */
|
||||
uint8_t msgcopy[msglen];
|
||||
memcpy(msgcopy, msg, msglen);
|
||||
size = olm_group_decrypt_max_plaintext_length(inbound_session, msgcopy, msglen);
|
||||
uint8_t plaintext_buf[size];
|
||||
res = olm_group_decrypt(inbound_session, msg, msglen,
|
||||
plaintext_buf, size);
|
||||
assert_equals(plaintext_length, res);
|
||||
assert_equals(plaintext, plaintext_buf, res);
|
||||
}
|
||||
|
||||
}
|
134
tests/test_megolm.cpp
Normal file
134
tests/test_megolm.cpp
Normal file
|
@ -0,0 +1,134 @@
|
|||
/* Copyright 2016 OpenMarket Ltd
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
#include "olm/megolm.h"
|
||||
#include "olm/memory.hh"
|
||||
|
||||
#include "unittest.hh"
|
||||
|
||||
|
||||
int main() {
|
||||
|
||||
std::uint8_t random_bytes[] =
|
||||
"0123456789ABCDEF0123456789ABCDEF"
|
||||
"0123456789ABCDEF0123456789ABCDEF"
|
||||
"0123456789ABCDEF0123456789ABCDEF"
|
||||
"0123456789ABCDEF0123456789ABCDEF";
|
||||
|
||||
{
|
||||
TestCase test_case("Megolm::advance");
|
||||
|
||||
Megolm mr;
|
||||
|
||||
megolm_init(&mr, random_bytes, 0);
|
||||
// single-step advance
|
||||
megolm_advance(&mr);
|
||||
const std::uint8_t expected1[] = {
|
||||
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46,
|
||||
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46,
|
||||
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46,
|
||||
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46,
|
||||
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46,
|
||||
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46,
|
||||
0xba, 0x9c, 0xd9, 0x55, 0x74, 0x1d, 0x1c, 0x16, 0x23, 0x23, 0xec, 0x82, 0x5e, 0x7c, 0x5c, 0xe8,
|
||||
0x89, 0xbb, 0xb4, 0x23, 0xa1, 0x8f, 0x23, 0x82, 0x8f, 0xb2, 0x09, 0x0d, 0x6e, 0x2a, 0xf8, 0x6a
|
||||
};
|
||||
assert_equals(1U, mr.counter);
|
||||
assert_equals(expected1, megolm_get_data(&mr), MEGOLM_RATCHET_LENGTH);
|
||||
|
||||
// repeat with complex advance
|
||||
megolm_init(&mr, random_bytes, 0);
|
||||
megolm_advance_to(&mr, 1);
|
||||
assert_equals(1U, mr.counter);
|
||||
assert_equals(expected1, megolm_get_data(&mr), MEGOLM_RATCHET_LENGTH);
|
||||
|
||||
megolm_advance_to(&mr, 0x1000000);
|
||||
const std::uint8_t expected2[] = {
|
||||
0x54, 0x02, 0x2d, 0x7d, 0xc0, 0x29, 0x8e, 0x16, 0x37, 0xe2, 0x1c, 0x97, 0x15, 0x30, 0x92, 0xf9,
|
||||
0x33, 0xc0, 0x56, 0xff, 0x74, 0xfe, 0x1b, 0x92, 0x2d, 0x97, 0x1f, 0x24, 0x82, 0xc2, 0x85, 0x9c,
|
||||
0x70, 0x04, 0xc0, 0x1e, 0xe4, 0x9b, 0xd6, 0xef, 0xe0, 0x07, 0x35, 0x25, 0xaf, 0x9b, 0x16, 0x32,
|
||||
0xc5, 0xbe, 0x72, 0x6d, 0x12, 0x34, 0x9c, 0xc5, 0xbd, 0x47, 0x2b, 0xdc, 0x2d, 0xf6, 0x54, 0x0f,
|
||||
0x31, 0x12, 0x59, 0x11, 0x94, 0xfd, 0xa6, 0x17, 0xe5, 0x68, 0xc6, 0x83, 0x10, 0x1e, 0xae, 0xcd,
|
||||
0x7e, 0xdd, 0xd6, 0xde, 0x1f, 0xbc, 0x07, 0x67, 0xae, 0x34, 0xda, 0x1a, 0x09, 0xa5, 0x4e, 0xab,
|
||||
0xba, 0x9c, 0xd9, 0x55, 0x74, 0x1d, 0x1c, 0x16, 0x23, 0x23, 0xec, 0x82, 0x5e, 0x7c, 0x5c, 0xe8,
|
||||
0x89, 0xbb, 0xb4, 0x23, 0xa1, 0x8f, 0x23, 0x82, 0x8f, 0xb2, 0x09, 0x0d, 0x6e, 0x2a, 0xf8, 0x6a,
|
||||
};
|
||||
assert_equals(0x1000000U, mr.counter);
|
||||
assert_equals(expected2, megolm_get_data(&mr), MEGOLM_RATCHET_LENGTH);
|
||||
|
||||
megolm_advance_to(&mr, 0x1041506);
|
||||
const std::uint8_t expected3[] = {
|
||||
0x54, 0x02, 0x2d, 0x7d, 0xc0, 0x29, 0x8e, 0x16, 0x37, 0xe2, 0x1c, 0x97, 0x15, 0x30, 0x92, 0xf9,
|
||||
0x33, 0xc0, 0x56, 0xff, 0x74, 0xfe, 0x1b, 0x92, 0x2d, 0x97, 0x1f, 0x24, 0x82, 0xc2, 0x85, 0x9c,
|
||||
0x55, 0x58, 0x8d, 0xf5, 0xb7, 0xa4, 0x88, 0x78, 0x42, 0x89, 0x27, 0x86, 0x81, 0x64, 0x58, 0x9f,
|
||||
0x36, 0x63, 0x44, 0x7b, 0x51, 0xed, 0xc3, 0x59, 0x5b, 0x03, 0x6c, 0xa6, 0x04, 0xc4, 0x6d, 0xcd,
|
||||
0x5c, 0x54, 0x85, 0x0b, 0xfa, 0x98, 0xa1, 0xfd, 0x79, 0xa9, 0xdf, 0x1c, 0xbe, 0x8f, 0xc5, 0x68,
|
||||
0x19, 0x37, 0xd3, 0x0c, 0x85, 0xc8, 0xc3, 0x1f, 0x7b, 0xb8, 0x28, 0x81, 0x6c, 0xf9, 0xff, 0x3b,
|
||||
0x95, 0x6c, 0xbf, 0x80, 0x7e, 0x65, 0x12, 0x6a, 0x49, 0x55, 0x8d, 0x45, 0xc8, 0x4a, 0x2e, 0x4c,
|
||||
0xd5, 0x6f, 0x03, 0xe2, 0x44, 0x16, 0xb9, 0x8e, 0x1c, 0xfd, 0x97, 0xc2, 0x06, 0xaa, 0x90, 0x7a
|
||||
};
|
||||
assert_equals(0x1041506U, mr.counter);
|
||||
assert_equals(expected3, megolm_get_data(&mr), MEGOLM_RATCHET_LENGTH);
|
||||
}
|
||||
|
||||
{
|
||||
TestCase test_case("Megolm::advance wraparound");
|
||||
|
||||
Megolm mr1, mr2;
|
||||
|
||||
megolm_init(&mr1, random_bytes, 0xffffffffUL);
|
||||
megolm_advance_to(&mr1, 0x1000000);
|
||||
assert_equals(0x1000000U, mr1.counter);
|
||||
|
||||
megolm_init(&mr2, random_bytes, 0);
|
||||
megolm_advance_to(&mr2, 0x2000000);
|
||||
assert_equals(0x2000000U, mr2.counter);
|
||||
|
||||
assert_equals(megolm_get_data(&mr2), megolm_get_data(&mr1), MEGOLM_RATCHET_LENGTH);
|
||||
}
|
||||
|
||||
{
|
||||
TestCase test_case("Megolm::advance overflow by one");
|
||||
|
||||
Megolm mr1, mr2;
|
||||
|
||||
megolm_init(&mr1, random_bytes, 0xffffffffUL);
|
||||
megolm_advance_to(&mr1, 0x0);
|
||||
assert_equals(0x0U, mr1.counter);
|
||||
|
||||
megolm_init(&mr2, random_bytes, 0xffffffffUL);
|
||||
megolm_advance(&mr2);
|
||||
assert_equals(0x0U, mr2.counter);
|
||||
|
||||
assert_equals(megolm_get_data(&mr2), megolm_get_data(&mr1), MEGOLM_RATCHET_LENGTH);
|
||||
}
|
||||
|
||||
{
|
||||
TestCase test_case("Megolm::advance overflow");
|
||||
|
||||
Megolm mr1, mr2;
|
||||
|
||||
megolm_init(&mr1, random_bytes, 0x1UL);
|
||||
megolm_advance_to(&mr1, 0x80000000UL);
|
||||
megolm_advance_to(&mr1, 0x0);
|
||||
assert_equals(0x0U, mr1.counter);
|
||||
|
||||
megolm_init(&mr2, random_bytes, 0x1UL);
|
||||
megolm_advance_to(&mr2, 0x0UL);
|
||||
assert_equals(0x0U, mr2.counter);
|
||||
|
||||
assert_equals(megolm_get_data(&mr2), megolm_get_data(&mr1), MEGOLM_RATCHET_LENGTH);
|
||||
}
|
||||
|
||||
}
|
|
@ -1,4 +1,4 @@
|
|||
/* Copyright 2015 OpenMarket Ltd
|
||||
/* Copyright 2015-2016 OpenMarket Ltd
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
@ -62,4 +62,61 @@ assert_equals(message2, output, 35);
|
|||
|
||||
} /* Message encode test */
|
||||
|
||||
|
||||
{ /* group message encode test */
|
||||
|
||||
TestCase test_case("Group message encode test");
|
||||
|
||||
const uint8_t session_id[] = "sessionid";
|
||||
size_t session_id_len = 9;
|
||||
|
||||
size_t length = _olm_encode_group_message_length(
|
||||
session_id_len, 200, 10, 8);
|
||||
size_t expected_length = 1 + (2+session_id_len) + (1+2) + (2+10) + 8;
|
||||
assert_equals(expected_length, length);
|
||||
|
||||
uint8_t output[50];
|
||||
uint8_t *ciphertext_ptr;
|
||||
|
||||
_olm_encode_group_message(
|
||||
3,
|
||||
session_id, session_id_len,
|
||||
200, // counter
|
||||
10, // ciphertext length
|
||||
output,
|
||||
&ciphertext_ptr
|
||||
);
|
||||
|
||||
uint8_t expected[] =
|
||||
"\x03"
|
||||
"\x0A\x09sessionid"
|
||||
"\x10\xC8\x01"
|
||||
"\x1A\x0A";
|
||||
|
||||
assert_equals(expected, output, sizeof(expected)-1);
|
||||
assert_equals(output+sizeof(expected)-1, ciphertext_ptr);
|
||||
} /* group message encode test */
|
||||
|
||||
{
|
||||
TestCase test_case("Group message decode test");
|
||||
|
||||
struct _OlmDecodeGroupMessageResults results;
|
||||
std::uint8_t message[] =
|
||||
"\x03"
|
||||
"\x0A\x09sessionid"
|
||||
"\x10\xC8\x01"
|
||||
"\x1A\x0A" "ciphertext"
|
||||
"hmacsha2";
|
||||
|
||||
const uint8_t expected_session_id[] = "sessionid";
|
||||
|
||||
_olm_decode_group_message(message, sizeof(message)-1, 8, &results);
|
||||
assert_equals(std::uint8_t(3), results.version);
|
||||
assert_equals(std::size_t(9), results.session_id_length);
|
||||
assert_equals(expected_session_id, results.session_id, 9);
|
||||
assert_equals(1, results.has_message_index);
|
||||
assert_equals(std::uint32_t(200), results.message_index);
|
||||
assert_equals(std::size_t(10), results.ciphertext_length);
|
||||
assert_equals(ciphertext, results.ciphertext, 10);
|
||||
} /* group message decode test */
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue