More comments
This commit is contained in:
parent
65bb5d4e5b
commit
b3496b0aa1
2 changed files with 60 additions and 4 deletions
|
@ -83,41 +83,80 @@ struct Session {
|
||||||
KdfInfo const & kdf_info
|
KdfInfo const & kdf_info
|
||||||
);
|
);
|
||||||
|
|
||||||
/** A pair of string to feed into the KDF identifing the application */
|
/** A some strings identifing the application to feed into the KDF. */
|
||||||
KdfInfo kdf_info;
|
KdfInfo kdf_info;
|
||||||
/** The last error that happened encypting or decrypting a message */
|
|
||||||
|
/** The last error that happened encypting or decrypting a message. */
|
||||||
ErrorCode last_error;
|
ErrorCode last_error;
|
||||||
|
|
||||||
|
/** The root key is used to generate chain keys from the ephemeral keys.
|
||||||
|
* A new root_key derived each time a chain key is derived. */
|
||||||
SharedKey root_key;
|
SharedKey root_key;
|
||||||
|
|
||||||
|
/** The sender chain is used to send messages. Each time a new ephemeral
|
||||||
|
* key is received from the remote server we generate a new sender chain
|
||||||
|
* with a new empheral key when we next send a message. */
|
||||||
List<SenderChain, 1> sender_chain;
|
List<SenderChain, 1> sender_chain;
|
||||||
|
|
||||||
|
/** The receiver chain is used to decrypt recieved messages. We store the
|
||||||
|
* last few chains so we can decrypt any out of order messages we haven't
|
||||||
|
* received yet. */
|
||||||
List<ReceiverChain, MAX_RECEIVER_CHAINS> receiver_chains;
|
List<ReceiverChain, MAX_RECEIVER_CHAINS> receiver_chains;
|
||||||
|
|
||||||
|
/** List of message keys we've skipped over when advancing the receiver
|
||||||
|
* chain. */
|
||||||
List<SkippedMessageKey, MAX_SKIPPED_MESSAGE_KEYS> skipped_message_keys;
|
List<SkippedMessageKey, MAX_SKIPPED_MESSAGE_KEYS> skipped_message_keys;
|
||||||
|
|
||||||
|
/** Initialise the session using a shared secret and the public part of the
|
||||||
|
* remote's first ratchet key */
|
||||||
void initialise_as_bob(
|
void initialise_as_bob(
|
||||||
std::uint8_t const * shared_secret, std::size_t shared_secret_length,
|
std::uint8_t const * shared_secret, std::size_t shared_secret_length,
|
||||||
Curve25519PublicKey const & their_ratchet_key
|
Curve25519PublicKey const & their_ratchet_key
|
||||||
);
|
);
|
||||||
|
|
||||||
|
/** Intialise the session using a shared secret and the public/private key
|
||||||
|
* pair for the first ratchet key */
|
||||||
void initialise_as_alice(
|
void initialise_as_alice(
|
||||||
std::uint8_t const * shared_secret, std::size_t shared_secret_length,
|
std::uint8_t const * shared_secret, std::size_t shared_secret_length,
|
||||||
Curve25519KeyPair const & our_ratchet_key
|
Curve25519KeyPair const & our_ratchet_key
|
||||||
);
|
);
|
||||||
|
|
||||||
|
/** The maximum number of bytes of output the encrypt method will write for
|
||||||
|
* a given message length. */
|
||||||
std::size_t encrypt_max_output_length(
|
std::size_t encrypt_max_output_length(
|
||||||
std::size_t plaintext_length
|
std::size_t plaintext_length
|
||||||
);
|
);
|
||||||
|
|
||||||
|
/** The number of bytes of random data the encrypt method will need to
|
||||||
|
* encrypt a message. This will be 32 bytes if the session needs to
|
||||||
|
* generate a new ephemeral key, or will be 0 bytes otherwise.*/
|
||||||
std::size_t encrypt_random_length();
|
std::size_t encrypt_random_length();
|
||||||
|
|
||||||
|
/** Encrypt some plaintext. Returns the length of the encrypted message
|
||||||
|
* or std::size_t(-1) on failure. On failure last_error will be set with
|
||||||
|
* an error code. The last_error will be NOT_ENOUGH_RANDOM if the number
|
||||||
|
* of random bytes is too small. The last_error will be
|
||||||
|
* OUTPUT_BUFFER_TOO_SMALL if the output buffer is too small. */
|
||||||
std::size_t encrypt(
|
std::size_t encrypt(
|
||||||
std::uint8_t const * plaintext, std::size_t plaintext_length,
|
std::uint8_t const * plaintext, std::size_t plaintext_length,
|
||||||
std::uint8_t const * random, std::size_t random_length,
|
std::uint8_t const * random, std::size_t random_length,
|
||||||
std::uint8_t * output, std::size_t max_output_length
|
std::uint8_t * output, std::size_t max_output_length
|
||||||
);
|
);
|
||||||
|
|
||||||
|
/** An upper bound on the number of bytes of plaintext the decrypt method
|
||||||
|
* will write for a given input message length. */
|
||||||
std::size_t decrypt_max_plaintext_length(
|
std::size_t decrypt_max_plaintext_length(
|
||||||
std::size_t input_length
|
std::size_t input_length
|
||||||
);
|
);
|
||||||
|
|
||||||
|
/** Decrypt a message. Returns the length of the decrypted plaintext or
|
||||||
|
* std::size_t(-1) on failure. On failure last_error will be set with an
|
||||||
|
* error code. The last_error will be OUTPUT_BUFFER_TOO_SMALL if the
|
||||||
|
* plaintext buffer is too small. The last_error will be
|
||||||
|
* BAD_MESSAGE_VERSION if the message was encrypted with an unsupported
|
||||||
|
* version of the protocol. The last_error will be BAD_MESSAGE_FORMAT if
|
||||||
|
* the message headers could not be decoded. The last_error will be
|
||||||
|
* BAD_MESSAGE_MAC if the message could not be verified */
|
||||||
std::size_t decrypt(
|
std::size_t decrypt(
|
||||||
std::uint8_t const * input, std::size_t input_length,
|
std::uint8_t const * input, std::size_t input_length,
|
||||||
std::uint8_t * plaintext, std::size_t max_plaintext_length
|
std::uint8_t * plaintext, std::size_t max_plaintext_length
|
||||||
|
|
|
@ -28,7 +28,7 @@ struct Curve25519KeyPair : public Curve25519PublicKey {
|
||||||
std::uint8_t private_key[32];
|
std::uint8_t private_key[32];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
/** Generate a curve25519 key pair from 32 random bytes. */
|
||||||
void generate_key(
|
void generate_key(
|
||||||
std::uint8_t const * random_32_bytes,
|
std::uint8_t const * random_32_bytes,
|
||||||
Curve25519KeyPair & key_pair
|
Curve25519KeyPair & key_pair
|
||||||
|
@ -37,7 +37,8 @@ void generate_key(
|
||||||
|
|
||||||
const std::size_t CURVE25519_SHARED_SECRET_LENGTH = 32;
|
const std::size_t CURVE25519_SHARED_SECRET_LENGTH = 32;
|
||||||
|
|
||||||
|
/** Create a shared secret using our private key and their public key.
|
||||||
|
* The output buffer must be at least 32 bytes long. */
|
||||||
void curve25519_shared_secret(
|
void curve25519_shared_secret(
|
||||||
Curve25519KeyPair const & our_key,
|
Curve25519KeyPair const & our_key,
|
||||||
Curve25519PublicKey const & their_key,
|
Curve25519PublicKey const & their_key,
|
||||||
|
@ -57,11 +58,14 @@ struct Aes256Iv {
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
|
/** The length of output the aes_encrypt_cbc function will write */
|
||||||
std::size_t aes_encrypt_cbc_length(
|
std::size_t aes_encrypt_cbc_length(
|
||||||
std::size_t input_length
|
std::size_t input_length
|
||||||
);
|
);
|
||||||
|
|
||||||
|
|
||||||
|
/** Encrypts the input using AES256 in CBC mode with PKCS#7 padding.
|
||||||
|
* The output buffer must be big enough to hold the output including padding */
|
||||||
void aes_encrypt_cbc(
|
void aes_encrypt_cbc(
|
||||||
Aes256Key const & key,
|
Aes256Key const & key,
|
||||||
Aes256Iv const & iv,
|
Aes256Iv const & iv,
|
||||||
|
@ -70,6 +74,10 @@ void aes_encrypt_cbc(
|
||||||
);
|
);
|
||||||
|
|
||||||
|
|
||||||
|
/** Decrypts the input using AES256 in CBC mode. The output buffer must be at
|
||||||
|
* least the same size as the input buffer. Returns the length of the plaintext
|
||||||
|
* without padding on success or std::size_t(-1) if the padding is invalid.
|
||||||
|
*/
|
||||||
std::size_t aes_decrypt_cbc(
|
std::size_t aes_decrypt_cbc(
|
||||||
Aes256Key const & key,
|
Aes256Key const & key,
|
||||||
Aes256Iv const & iv,
|
Aes256Iv const & iv,
|
||||||
|
@ -78,6 +86,8 @@ std::size_t aes_decrypt_cbc(
|
||||||
);
|
);
|
||||||
|
|
||||||
|
|
||||||
|
/** Computes SHA-256 of the input. The output buffer must be a least 32
|
||||||
|
* bytes long. */
|
||||||
void sha256(
|
void sha256(
|
||||||
std::uint8_t const * input, std::size_t input_length,
|
std::uint8_t const * input, std::size_t input_length,
|
||||||
std::uint8_t * output
|
std::uint8_t * output
|
||||||
|
@ -87,6 +97,10 @@ void sha256(
|
||||||
const std::size_t HMAC_SHA256_OUTPUT_LENGTH = 32;
|
const std::size_t HMAC_SHA256_OUTPUT_LENGTH = 32;
|
||||||
|
|
||||||
|
|
||||||
|
/** HMAC: Keyed-Hashing for Message Authentication
|
||||||
|
* http://tools.ietf.org/html/rfc2104
|
||||||
|
* Computes HMAC-SHA-256 of the input for the key. The output buffer must
|
||||||
|
* be at least 32 bytes long. */
|
||||||
void hmac_sha256(
|
void hmac_sha256(
|
||||||
std::uint8_t const * key, std::size_t key_length,
|
std::uint8_t const * key, std::size_t key_length,
|
||||||
std::uint8_t const * input, std::size_t input_length,
|
std::uint8_t const * input, std::size_t input_length,
|
||||||
|
@ -94,6 +108,9 @@ void hmac_sha256(
|
||||||
);
|
);
|
||||||
|
|
||||||
|
|
||||||
|
/** HMAC-based Key Derivation Function (HKDF)
|
||||||
|
* https://tools.ietf.org/html/rfc5869
|
||||||
|
* Derives key material from the input bytes. */
|
||||||
void hkdf_sha256(
|
void hkdf_sha256(
|
||||||
std::uint8_t const * input, std::size_t input_length,
|
std::uint8_t const * input, std::size_t input_length,
|
||||||
std::uint8_t const * info, std::size_t info_length,
|
std::uint8_t const * info, std::size_t info_length,
|
||||||
|
|
Loading…
Reference in a new issue