Merge pull request #88 from matrix-org/manuroe/sas_pksigning

OLMKit: add Short Authentication String verification

include/olm/sas.h

@@ -93,7 +93,7 @@ size_t olm_sas_get_pubkey(
  *
  * @param[in] sas the SAS object.
  * @param[in] their_key the other user's public key.
- * @param[in] their_key_size the size of the `their_key` buffer.
+ * @param[in] their_key_length the size of the `their_key` buffer.
  *
  * @return `olm_error()` on failure.  If the `their_key` buffer is too small,
  * then `olm_sas_last_error()` will be `INPUT_BUFFER_TOO_SMALL`.

xcode/OLMKit.xcodeproj/project.pbxproj

@@ -12,6 +12,7 @@
 		3274F6071D9A633A005282E4 /* OLMKitTests.m in Sources */ = {isa = PBXBuildFile; fileRef = 3274F6061D9A633A005282E4 /* OLMKitTests.m */; };
 		3274F6131D9A698E005282E4 /* OLMKit.h in Headers */ = {isa = PBXBuildFile; fileRef = 3274F6121D9A698E005282E4 /* OLMKit.h */; };
 		32A151311DABDD4300400192 /* OLMKitGroupTests.m in Sources */ = {isa = PBXBuildFile; fileRef = 32A151301DABDD4300400192 /* OLMKitGroupTests.m */; };
+		32F143AF2236B4100077CF37 /* OLMKitSASTests.m in Sources */ = {isa = PBXBuildFile; fileRef = 32F143AE2236B4100077CF37 /* OLMKitSASTests.m */; };
 		7DBAD311AEA85CF6DB80DCFA /* libPods-OLMKitTests.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 7123FABE917D0FB140E036B7 /* libPods-OLMKitTests.a */; };
 		D667051A0BA47E17CCC4E5D7 /* libPods-OLMKit.a in Frameworks */ = {isa = PBXBuildFile; fileRef = F2F22FE8F173AF845B882805 /* libPods-OLMKit.a */; };
 /* End PBXBuildFile section */
@@ -36,6 +37,7 @@
 		3274F6081D9A633A005282E4 /* Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = Info.plist; sourceTree = "<group>"; };
 		3274F6121D9A698E005282E4 /* OLMKit.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = OLMKit.h; sourceTree = "<group>"; };
 		32A151301DABDD4300400192 /* OLMKitGroupTests.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = OLMKitGroupTests.m; sourceTree = "<group>"; };
+		32F143AE2236B4100077CF37 /* OLMKitSASTests.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = OLMKitSASTests.m; sourceTree = "<group>"; };
 		7123FABE917D0FB140E036B7 /* libPods-OLMKitTests.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = "libPods-OLMKitTests.a"; sourceTree = BUILT_PRODUCTS_DIR; };
 		875BA7A520258EA15A31DD82 /* Pods-OLMKitTests.debug.xcconfig */ = {isa = PBXFileReference; includeInIndex = 1; lastKnownFileType = text.xcconfig; name = "Pods-OLMKitTests.debug.xcconfig"; path = "Pods/Target Support Files/Pods-OLMKitTests/Pods-OLMKitTests.debug.xcconfig"; sourceTree = "<group>"; };
 		D48E486DAE1F59F4F7EA8C25 /* Pods-OLMKitTests.release.xcconfig */ = {isa = PBXFileReference; includeInIndex = 1; lastKnownFileType = text.xcconfig; name = "Pods-OLMKitTests.release.xcconfig"; path = "Pods/Target Support Files/Pods-OLMKitTests/Pods-OLMKitTests.release.xcconfig"; sourceTree = "<group>"; };
@@ -107,6 +109,7 @@
 		3274F6051D9A633A005282E4 /* OLMKitTests */ = {
 			isa = PBXGroup;
 			children = (
+				32F143AE2236B4100077CF37 /* OLMKitSASTests.m */,
 				3244277C2175EF700023EDF1 /* OLMKitPkTests.m */,
 				3274F6061D9A633A005282E4 /* OLMKitTests.m */,
 				32A151301DABDD4300400192 /* OLMKitGroupTests.m */,
@@ -282,6 +285,7 @@
 			buildActionMask = 2147483647;
 			files = (
 				3274F6071D9A633A005282E4 /* OLMKitTests.m in Sources */,
+				32F143AF2236B4100077CF37 /* OLMKitSASTests.m in Sources */,
 				3244277D2175EF700023EDF1 /* OLMKitPkTests.m in Sources */,
 				32A151311DABDD4300400192 /* OLMKitGroupTests.m in Sources */,
 			);

xcode/OLMKit/OLMKit.h

@@ -28,6 +28,8 @@
 #import <OLMKit/OLMOutboundGroupSession.h>
 #import <OLMKit/OLMPkEncryption.h>
 #import <OLMKit/OLMPkDecryption.h>
+#import <OLMKit/OLMPkSigning.h>
+#import <OLMKit/OLMSAS.h>
 
 @interface OLMKit : NSObject
 

xcode/OLMKit/OLMPkEncryption.m

@@ -65,13 +65,13 @@
 
     size_t macLength = olm_pk_mac_length(session);
     NSMutableData *macData = [NSMutableData dataWithLength:macLength];
-    if (!ciphertext) {
+    if (!macData) {
         return nil;
     }
 
     size_t ephemeralKeyLength = olm_pk_key_length();
     NSMutableData *ephemeralKeyData = [NSMutableData dataWithLength:ephemeralKeyLength];
-    if (!ciphertext) {
+    if (!ephemeralKeyData) {
         return nil;
     }
 

xcode/OLMKit/OLMPkSigning.h

@@ -0,0 +1,49 @@
+/*
+ Copyright 2019 New Vector Ltd
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ */
+
+#import <Foundation/Foundation.h>
+
+NS_ASSUME_NONNULL_BEGIN
+
+@interface OLMPkSigning : NSObject
+
+/**
+ Initialise the signing object with a public/private keypair from a seed.
+
+ @param seed the seed.
+ @param error the error if any.
+ @return the public key
+ */
+- (NSString *)doInitWithSeed:(NSData*)seed error:(NSError* _Nullable *)error;
+
+/**
+ Sign a message.
+
+ @param message the message to sign.
+ @param error the error if any.
+ @return the signature.
+ */
+- (NSString *)sign:(NSString*)message error:(NSError* _Nullable *)error;
+
+/**
+ Generate a seed.
+
+ @return the generated seed.
+ */
++ (NSData *)generateSeed;
+
+@end
+
+NS_ASSUME_NONNULL_END

xcode/OLMKit/OLMPkSigning.m

@@ -0,0 +1,125 @@
+/*
+ Copyright 2019 New Vector Ltd
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ */
+
+#import "OLMPkSigning.h"
+
+#include "olm/olm.h"
+#include "olm/pk.h"
+#include "OLMUtility.h"
+
+@interface OLMPkSigning ()
+{
+    OlmPkSigning *sign;
+}
+@end
+
+@implementation OLMPkSigning
+
+- (void)dealloc {
+    olm_clear_pk_signing(sign);
+    free(sign);
+}
+
+
+- (instancetype)init {
+    self = [super init];
+    if (self) {
+        sign = (OlmPkSigning *)malloc(olm_pk_signing_size());
+        olm_pk_signing(sign);
+    }
+    return self;
+}
+
+- (NSString *)doInitWithSeed:(NSData *)seed error:(NSError *__autoreleasing  _Nullable *)error {
+    size_t publicKeyLength = olm_pk_signing_public_key_length();
+    NSMutableData *publicKeyData = [NSMutableData dataWithLength:publicKeyLength];
+    if (!publicKeyData) {
+        return nil;
+    }
+
+    NSMutableData *mutableSeed = [NSMutableData dataWithData:seed];
+
+    size_t result = olm_pk_signing_key_from_seed(sign,
+                                                 publicKeyData.mutableBytes, publicKeyLength,
+                                                 mutableSeed.mutableBytes, mutableSeed.length);
+    if (result == olm_error()) {
+        const char *olm_error = olm_pk_signing_last_error(sign);
+
+        NSString *errorString = [NSString stringWithUTF8String:olm_error];
+        NSLog(@"[OLMPkSigning] doInitWithSeed: olm_pk_signing_key_from_seed error: %@", errorString);
+
+        if (error && olm_error && errorString) {
+            *error = [NSError errorWithDomain:OLMErrorDomain
+                                         code:0
+                                     userInfo:@{
+                                                NSLocalizedDescriptionKey: errorString,
+                                                NSLocalizedFailureReasonErrorKey: [NSString stringWithFormat:@"olm_pk_signing_key_from_seed error: %@", errorString]
+                                                }];
+        }
+
+        return nil;
+    }
+
+    [mutableSeed resetBytesInRange:NSMakeRange(0, mutableSeed.length)];
+
+    NSString *publicKey = [[NSString alloc] initWithData:publicKeyData encoding:NSUTF8StringEncoding];
+    return publicKey;
+}
+
+- (NSString *)sign:(NSString *)message error:(NSError *__autoreleasing  _Nullable *)error {
+    NSData *messageData = [message dataUsingEncoding:NSUTF8StringEncoding];
+
+    size_t signatureLength = olm_pk_signature_length();
+    NSMutableData *signatureData = [NSMutableData dataWithLength:signatureLength];
+    if (!signatureData) {
+        return nil;
+    }
+
+    size_t result = olm_pk_sign(sign,
+                                messageData.bytes, messageData.length,
+                                signatureData.mutableBytes, signatureLength);
+    if (result == olm_error()) {
+        const char *olm_error = olm_pk_signing_last_error(sign);
+
+        NSString *errorString = [NSString stringWithUTF8String:olm_error];
+        NSLog(@"[OLMPkSigning] sign: olm_pk_sign error: %@", errorString);
+
+        if (error && olm_error && errorString) {
+            *error = [NSError errorWithDomain:OLMErrorDomain
+                                         code:0
+                                     userInfo:@{
+                                                NSLocalizedDescriptionKey: errorString,
+                                                NSLocalizedFailureReasonErrorKey: [NSString stringWithFormat:@"olm_pk_sign error: %@", errorString]
+                                                }];
+        }
+
+        return nil;
+    }
+
+    NSString *signature = [[NSString alloc] initWithData:signatureData encoding:NSUTF8StringEncoding];
+    return signature;
+}
+
++ (NSData *)generateSeed {
+    size_t seedLength = olm_pk_signing_seed_length();
+    NSMutableData *seed = [OLMUtility randomBytesOfLength:seedLength];
+    if (!seed) {
+        return nil;
+    }
+
+    return seed;
+}
+
+@end

xcode/OLMKit/OLMSAS.h

@@ -0,0 +1,70 @@
+/*
+ Copyright 2019 New Vector Ltd
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ */
+
+#import <Foundation/Foundation.h>
+
+NS_ASSUME_NONNULL_BEGIN
+
+/**
+ Short Authentication String verification utility class.
+ */
+@interface OLMSAS : NSObject
+
+/**
+ Get the public key of the SAS object.
+ */
+- (NSString * _Nullable)publicKey;
+
+/**
+ Set the public key of other user.
+
+ @param theirPublicKey the other user's public key.
+ @return error the error if any.
+ */
+- (NSError* _Nullable)setTheirPublicKey:(NSString*)theirPublicKey;
+
+/**
+ Generate bytes to use for the short authentication string.
+
+ @param info extra information to mix in when generating the bytes, as per the Matrix spec.
+ @param length the size of the output buffer. For hex-based SAS as in the Matrix spec, this will be 5.
+ @return generated bytes
+ */
+- (NSData *)generateBytes:(NSString*)info length:(NSUInteger)length;
+
+/**
+ Generate a message authentication code (MAC) based on the shared secret.
+
+ @param input the message to produce the authentication code for.
+ @param info extra information to mix in when generating the MAC, as per the Matrix spec.
+ @param error the error if any.
+ @return the MAC.
+ */
+- (NSString *)calculateMac:(NSString*)input info:(NSString*)info error:(NSError* _Nullable *)error;
+
+/**
+ Generate a message authentication code (MAC) based on the shared secret.
+ For compatibility with an old version of olm.js.
+
+ @param input the message to produce the authentication code for.
+ @param info extra information to mix in when generating the MAC, as per the Matrix spec.
+ @param error the error if any.
+ @return the MAC.
+ */
+- (NSString *)calculateMacLongKdf:(NSString*)input info:(NSString*)info error:(NSError* _Nullable *)error;
+
+@end
+
+NS_ASSUME_NONNULL_END

xcode/OLMKit/OLMSAS.m

@@ -0,0 +1,174 @@
+/*
+ Copyright 2018 New Vector Ltd
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ */
+
+#import "OLMSAS.h"
+
+#include "olm/olm.h"
+#include "olm/sas.h"
+#include "OLMUtility.h"
+
+@interface OLMSAS () {
+    void *olmSASbuffer;
+    OlmSAS *olmSAS;
+}
+@end
+
+@implementation OLMSAS
+
+- (void)dealloc {
+    olm_clear_sas(olmSAS);
+    free(olmSASbuffer);
+}
+
+- (instancetype)init {
+    self = [super init];
+    if (self) {
+        olmSASbuffer = malloc(olm_sas_size());
+        olmSAS = olm_sas(olmSASbuffer);
+
+        size_t randomLength = olm_create_sas_random_length(olmSAS);
+        NSMutableData *random = [OLMUtility randomBytesOfLength:randomLength];
+        if (!random) {
+            return nil;
+        }
+
+        olm_create_sas(olmSAS, random.mutableBytes, randomLength);
+
+        [random resetBytesInRange:NSMakeRange(0, randomLength)];
+    }
+    return self;
+}
+
+- (NSString * _Nullable)publicKey {
+    size_t publicKeyLength = olm_sas_pubkey_length(olmSAS);
+    NSMutableData *publicKeyData = [NSMutableData dataWithLength:publicKeyLength];
+    if (!publicKeyData) {
+        return nil;
+    }
+
+    size_t result = olm_sas_get_pubkey(olmSAS, publicKeyData.mutableBytes, publicKeyLength);
+    if (result == olm_error()) {
+        const char *olm_error = olm_sas_last_error(olmSAS);
+        NSLog(@"[OLMSAS] publicKey: olm_sas_get_pubkey error: %s", olm_error);
+        return nil;
+    }
+
+    NSString *publicKey = [[NSString alloc] initWithData:publicKeyData encoding:NSUTF8StringEncoding];
+    return publicKey;
+}
+
+- (NSError * _Nullable)setTheirPublicKey:(NSString*)theirPublicKey {
+    NSMutableData *theirPublicKeyData = [theirPublicKey dataUsingEncoding:NSUTF8StringEncoding].mutableCopy;
+
+    size_t result = olm_sas_set_their_key(olmSAS, theirPublicKeyData.mutableBytes, theirPublicKeyData.length);
+    if (result == olm_error()) {
+        const char *olm_error = olm_sas_last_error(olmSAS);
+        NSLog(@"[OLMSAS] setTheirPublicKey: olm_sas_set_their_key error: %s", olm_error);
+
+        NSString *errorString = [NSString stringWithUTF8String:olm_error];
+        if (olm_error && errorString) {
+            return [NSError errorWithDomain:OLMErrorDomain
+                                       code:0
+                                   userInfo:@{
+                                              NSLocalizedDescriptionKey: errorString,
+                                              NSLocalizedFailureReasonErrorKey: [NSString stringWithFormat:@"olm_sas_set_their_key error: %@", errorString]
+                                              }];
+        }
+    }
+
+    return nil;
+}
+
+- (NSData *)generateBytes:(NSString *)info length:(NSUInteger)length {
+    NSData *infoData = [info dataUsingEncoding:NSUTF8StringEncoding];
+
+    NSMutableData *bytes = [NSMutableData dataWithLength:length];
+    if (!bytes) {
+        return nil;
+    }
+
+    olm_sas_generate_bytes(olmSAS, infoData.bytes, infoData.length, bytes.mutableBytes, length);
+    return bytes;
+}
+
+- (NSString *)calculateMac:(NSString *)input info:(NSString *)info error:(NSError *__autoreleasing  _Nullable *)error {
+    NSMutableData *inputData = [input dataUsingEncoding:NSUTF8StringEncoding].mutableCopy;
+    NSData *infoData = [info dataUsingEncoding:NSUTF8StringEncoding];
+
+    size_t macLength = olm_sas_mac_length(olmSAS);
+    NSMutableData *macData = [NSMutableData dataWithLength:macLength];
+    if (!macData) {
+        return nil;
+    }
+
+    size_t result = olm_sas_calculate_mac(olmSAS,
+                                          inputData.mutableBytes, inputData.length,
+                                          infoData.bytes, infoData.length,
+                                          macData.mutableBytes, macLength);
+    if (result == olm_error()) {
+        const char *olm_error = olm_sas_last_error(olmSAS);
+        NSLog(@"[OLMSAS] calculateMac: olm_sas_calculate_mac error: %s", olm_error);
+
+        NSString *errorString = [NSString stringWithUTF8String:olm_error];
+        if (error && olm_error && errorString) {
+            *error = [NSError errorWithDomain:OLMErrorDomain
+                                         code:0
+                                     userInfo:@{
+                                                NSLocalizedDescriptionKey: errorString,
+                                                NSLocalizedFailureReasonErrorKey: [NSString stringWithFormat:@"olm_sas_calculate_mac error: %@", errorString]
+                                                }];
+        }
+        return nil;
+    }
+
+    NSString *mac = [[NSString alloc] initWithData:macData encoding:NSUTF8StringEncoding];
+    return mac;
+}
+
+- (NSString *)calculateMacLongKdf:(NSString *)input info:(NSString *)info error:(NSError *__autoreleasing  _Nullable *)error {
+    NSMutableData *inputData = [input dataUsingEncoding:NSUTF8StringEncoding].mutableCopy;
+    NSData *infoData = [info dataUsingEncoding:NSUTF8StringEncoding];
+
+    size_t macLength = olm_sas_mac_length(olmSAS);
+    NSMutableData *macData = [NSMutableData dataWithLength:macLength];
+    if (!macData) {
+        return nil;
+    }
+
+    size_t result = olm_sas_calculate_mac_long_kdf(olmSAS,
+                                                   inputData.mutableBytes, inputData.length,
+                                                   infoData.bytes, infoData.length,
+                                                   macData.mutableBytes, macLength);
+    if (result == olm_error()) {
+        const char *olm_error = olm_sas_last_error(olmSAS);
+        NSLog(@"[OLMSAS] calculateMacLongKdf: olm_sas_calculate_mac error: %s", olm_error);
+
+        NSString *errorString = [NSString stringWithUTF8String:olm_error];
+        if (error && olm_error && errorString) {
+            *error = [NSError errorWithDomain:OLMErrorDomain
+                                         code:0
+                                     userInfo:@{
+                                                NSLocalizedDescriptionKey: errorString,
+                                                NSLocalizedFailureReasonErrorKey: [NSString stringWithFormat:@"olm_sas_calculate_mac_long_kdf error: %@", errorString]
+                                                }];
+        }
+        return nil;
+    }
+
+    NSString *mac = [[NSString alloc] initWithData:macData encoding:NSUTF8StringEncoding];
+    return mac;
+}
+
+@end

xcode/OLMKitTests/OLMKitPkTests.m

@@ -104,4 +104,39 @@
     XCTAssertEqualObjects(decrypted, TEST_TEXT);
 }
 
+- (void)testSignAndVerify {
+
+    UInt8 seedBytes[] = {
+        0x77, 0x07, 0x6D, 0x0A, 0x73, 0x18, 0xA5, 0x7D,
+        0x3C, 0x16, 0xC1, 0x72, 0x51, 0xB2, 0x66, 0x45,
+        0xDF, 0x4C, 0x2F, 0x87, 0xEB, 0xC0, 0x99, 0x2A,
+        0xB1, 0x77, 0xFB, 0xA5, 0x1D, 0xB9, 0x2C, 0x2A
+    };
+
+    NSData *seed = [NSData dataWithBytes:seedBytes length:sizeof(seedBytes)];
+
+    NSString *TEST_TEXT = @"We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty and the pursuit of Happiness.";
+
+    OLMPkSigning *signing = [OLMPkSigning new];
+
+    NSError *error;
+    NSString *pubKey = [signing doInitWithSeed:seed error:&error];
+    XCTAssertNotNil(pubKey);
+    XCTAssertNil(error);
+
+    NSString *sig = [signing sign:TEST_TEXT error:&error];
+    XCTAssertNotNil(sig);
+    XCTAssertNil(error);
+
+    OLMUtility *util = [OLMUtility new];
+    BOOL verify = [util verifyEd25519Signature:sig key:pubKey message:[TEST_TEXT dataUsingEncoding:NSUTF8StringEncoding] error:&error];
+    XCTAssertTrue(verify);
+    XCTAssertNil(error);
+
+    NSString *badSig = [sig stringByReplacingCharactersInRange:NSMakeRange(0, 1) withString:@"p"];
+    verify = [util verifyEd25519Signature:badSig key:pubKey message:[TEST_TEXT dataUsingEncoding:NSUTF8StringEncoding] error:&error];
+    XCTAssertFalse(verify);
+    XCTAssertNotNil(error);
+}
+
 @end

xcode/OLMKitTests/OLMKitSASTests.m

@@ -0,0 +1,86 @@
+/*
+ Copyright 2019 New Vector Ltd
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ */
+
+#import <XCTest/XCTest.h>
+#import <OLMKit/OLMKit.h>
+
+@interface OLMKitSASTests : XCTestCase {
+    OLMSAS *alice;
+    OLMSAS *bob;
+}
+
+@end
+
+@implementation OLMKitSASTests
+
+- (void)setUp {
+    alice = [OLMSAS new];
+    bob = [OLMSAS new];
+}
+
+- (void)tearDown {
+    alice = nil;
+    bob = nil;
+}
+
+- (void)testSASRandomness
+{
+    XCTAssertNotEqualObjects(alice.publicKey, bob.publicKey);
+}
+
+- (void)testSASBytesMatch {
+    [alice setTheirPublicKey:bob.publicKey];
+    [bob setTheirPublicKey:alice.publicKey];
+
+    NSString *sas = @"SAS";
+    NSUInteger length = 5;
+
+    XCTAssertEqualObjects([alice generateBytes:sas length:length],
+                          [bob generateBytes:sas length:length]);
+}
+
+- (void)testMACsMatch {
+    [alice setTheirPublicKey:bob.publicKey];
+    [bob setTheirPublicKey:alice.publicKey];
+
+    NSString *string = @"test";
+    NSString *info = @"MAC";
+
+    NSError *aliceError, *bobError;
+    XCTAssertEqualObjects([alice calculateMac:string info:info error:&aliceError],
+                          [bob calculateMac:string info:info error:&bobError]);
+    XCTAssertNil(aliceError);
+    XCTAssertNil(bobError);
+}
+
+- (void)testMACLongKdfsMatch {
+    [alice setTheirPublicKey:bob.publicKey];
+    [bob setTheirPublicKey:alice.publicKey];
+
+    NSString *string = @"test";
+    NSString *info = @"MAC";
+
+    NSError *aliceError, *bobError;
+    XCTAssertEqualObjects([alice calculateMacLongKdf:string info:info error:&aliceError],
+                          [bob calculateMacLongKdf:string info:info error:&bobError]);
+    XCTAssertNotEqualObjects([alice calculateMacLongKdf:string info:info error:&aliceError],
+                             [bob calculateMac:string info:info error:&bobError]);
+    XCTAssertNil(aliceError);
+    XCTAssertNil(bobError);
+}
+
+
+@end

xcode/Podfile.lock

@@ -1,9 +1,9 @@
 PODS:
-  - OLMKit (2.3.0):
+  - OLMKit (3.0.0):
-    - OLMKit/olmc (= 2.3.0)
+    - OLMKit/olmc (= 3.0.0)
-    - OLMKit/olmcpp (= 2.3.0)
+    - OLMKit/olmcpp (= 3.0.0)
-  - OLMKit/olmc (2.3.0)
+  - OLMKit/olmc (3.0.0)
-  - OLMKit/olmcpp (2.3.0)
+  - OLMKit/olmcpp (3.0.0)
 
 DEPENDENCIES:
   - OLMKit (from `../OLMKit.podspec`)
@@ -13,8 +13,8 @@ EXTERNAL SOURCES:
     :path: "../OLMKit.podspec"
 
 SPEC CHECKSUMS:
-  OLMKit: 6af55a19917c35f86df5198c213979ecdf8ba76e
+  OLMKit: 88eda69110489f817d59bcb4353b7c247570aa4f
 
 PODFILE CHECKSUM: 4e261dae61d833ec5585ced2473023b98909fd35
 
-COCOAPODS: 1.6.0.beta.2
+COCOAPODS: 1.6.0