Merge commit 'acae4e8' into logging_enabled
This commit is contained in:
Richard van der Hoff
commit
eb3bad7718
6 changed files with 10 additions and 44 deletions
19
docs/olm.rst
19
docs/olm.rst
|
|
@ -216,7 +216,7 @@ payload followed by a fixed length message authentication code.
|
||||||
| Version Byte | Payload Bytes | MAC Bytes |
|
| Version Byte | Payload Bytes | MAC Bytes |
|
||||||
+--------------+------------------------------------+-----------+
|
+--------------+------------------------------------+-----------+
|
||||||
|
|
||||||
The version byte is ``"\x01"``.
|
The version byte is ``"\x03"``.
|
||||||
|
|
||||||
The payload consists of key-value pairs where the keys are integers and the
|
The payload consists of key-value pairs where the keys are integers and the
|
||||||
values are integers and strings. The keys are encoded as a variable length
|
values are integers and strings. The keys are encoded as a variable length
|
||||||
|
|
@ -241,7 +241,7 @@ Cipher-Text 0x22 String The cipher-text, :math:`X_{i,j}`, of the message
|
||||||
=========== ===== ======== ================================================
|
=========== ===== ======== ================================================
|
||||||
|
|
||||||
The length of the MAC is determined by the authenticated encryption algorithm
|
The length of the MAC is determined by the authenticated encryption algorithm
|
||||||
being used. (Olm version 1 uses HMAC-SHA-256, giving a MAC of 32 bytes). The
|
being used. (Olm version 1 uses HMAC-SHA-256, truncated to 8 bytes). The
|
||||||
MAC protects all of the bytes preceding the MAC.
|
MAC protects all of the bytes preceding the MAC.
|
||||||
|
|
||||||
Pre-Key Messages
|
Pre-Key Messages
|
||||||
|
|
@ -256,7 +256,7 @@ length payload.
|
||||||
| Version Byte | Payload Bytes |
|
| Version Byte | Payload Bytes |
|
||||||
+--------------+------------------------------------+
|
+--------------+------------------------------------+
|
||||||
|
|
||||||
The version byte is ``"\x01"``.
|
The version byte is ``"\x03"``.
|
||||||
|
|
||||||
The payload uses the same key-value format as for normal messages.
|
The payload uses the same key-value format as for normal messages.
|
||||||
|
|
||||||
|
|
@ -280,9 +280,10 @@ Version 1
|
||||||
~~~~~~~~~
|
~~~~~~~~~
|
||||||
|
|
||||||
Version 1 of Olm uses AES-256_ in CBC_ mode with `PCKS#7`_ padding for
|
Version 1 of Olm uses AES-256_ in CBC_ mode with `PCKS#7`_ padding for
|
||||||
encryption and HMAC-SHA-256_ for authentication. The 256 bit AES key, 256 bit
|
encryption and HMAC-SHA-256_ (truncated to 64 bits) for authentication. The
|
||||||
HMAC key, and 128 bit AES IV are derived from the message key using
|
256 bit AES key, 256 bit HMAC key, and 128 bit AES IV are derived from the
|
||||||
HKDF-SHA-256_ using the default salt and an info of ``"OLM_KEYS"``.
|
message key using HKDF-SHA-256_ using the default salt and an info of
|
||||||
|
``"OLM_KEYS"``.
|
||||||
|
|
||||||
.. math::
|
.. math::
|
||||||
|
|
||||||
|
|
@ -295,7 +296,7 @@ The plain-text is encrypted with AES-256, using the key :math:`AES\_KEY_{i,j}`
|
||||||
and the IV :math:`AES\_IV_{i,j}` to give the cipher-text, :math:`X_{i,j}`.
|
and the IV :math:`AES\_IV_{i,j}` to give the cipher-text, :math:`X_{i,j}`.
|
||||||
|
|
||||||
Then the entire message (including the Version Byte and all Payload Bytes) are
|
Then the entire message (including the Version Byte and all Payload Bytes) are
|
||||||
passed through HMAC-SHA-256, and the MAC is appended to the message.
|
passed through HMAC-SHA-256. The first 8 bytes of the MAC are appended to the message.
|
||||||
|
|
||||||
IPR
|
IPR
|
||||||
---
|
---
|
||||||
|
|
@ -311,8 +312,8 @@ Acknowledgements
|
||||||
----------------
|
----------------
|
||||||
|
|
||||||
The ratchet that Olm implements was designed by Trevor Perrin and Moxie
|
The ratchet that Olm implements was designed by Trevor Perrin and Moxie
|
||||||
Marlinspike - details at https://github.com/trevp/axolotl/wiki. Olm is an
|
Marlinspike - details at https://github.com/trevp/double_ratchet/wiki. Olm is
|
||||||
entirely new implementation written by the Matrix.org team.
|
an entirely new implementation written by the Matrix.org team.
|
||||||
|
|
||||||
.. _`Curve25519`: http://cr.yp.to/ecdh.html
|
.. _`Curve25519`: http://cr.yp.to/ecdh.html
|
||||||
.. _`Triple Diffie-Hellman`: https://whispersystems.org/blog/simplifying-otr-deniability/
|
.. _`Triple Diffie-Hellman`: https://whispersystems.org/blog/simplifying-otr-deniability/
|
||||||
|
|
|
||||||
|
|
@ -17,7 +17,6 @@
|
||||||
|
|
||||||
#include <cstdint>
|
#include <cstdint>
|
||||||
#include <cstddef>
|
#include <cstddef>
|
||||||
#include <string>
|
|
||||||
|
|
||||||
namespace olm {
|
namespace olm {
|
||||||
|
|
||||||
|
|
@ -27,7 +26,6 @@ static const std::size_t IV_LENGTH = 16;
|
||||||
|
|
||||||
struct Curve25519PublicKey {
|
struct Curve25519PublicKey {
|
||||||
std::uint8_t public_key[KEY_LENGTH];
|
std::uint8_t public_key[KEY_LENGTH];
|
||||||
std::string to_string() const;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -87,23 +87,4 @@ std::uint8_t * store_array(
|
||||||
return destination + sizeof(T);
|
return destination + sizeof(T);
|
||||||
}
|
}
|
||||||
|
|
||||||
/** convert an array of bytes to a string representation */
|
|
||||||
template<typename T>
|
|
||||||
std::string bytes_to_string(T start, T end) {
|
|
||||||
std::ostringstream ss;
|
|
||||||
ss << std::hex << std::setfill('0');
|
|
||||||
while (start != end) {
|
|
||||||
ss << std::setw(2) << static_cast<int>(*start++);
|
|
||||||
if (start != end) {
|
|
||||||
ss << ":";
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return ss.str();
|
|
||||||
}
|
|
||||||
|
|
||||||
template<typename T>
|
|
||||||
std::string bytes_to_string(T start, size_t len) {
|
|
||||||
return bytes_to_string(start, start+len);
|
|
||||||
}
|
|
||||||
|
|
||||||
} // namespace olm
|
} // namespace olm
|
||||||
|
|
|
||||||
|
|
@ -415,13 +415,6 @@ size_t olm_ed25519_verify(
|
||||||
void * signature, size_t signature_length
|
void * signature, size_t signature_length
|
||||||
);
|
);
|
||||||
|
|
||||||
/**
|
|
||||||
* Set the log level. By default, 1, which logs only FATAL messages.
|
|
||||||
*/
|
|
||||||
void olm_set_log_level(
|
|
||||||
unsigned int level
|
|
||||||
);
|
|
||||||
|
|
||||||
#ifdef __cplusplus
|
#ifdef __cplusplus
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
|
||||||
|
|
@ -382,6 +382,4 @@ Utility.prototype['ed25519_verify'] = restore_stack(function(
|
||||||
olm_exports["Account"] = Account;
|
olm_exports["Account"] = Account;
|
||||||
olm_exports["Session"] = Session;
|
olm_exports["Session"] = Session;
|
||||||
olm_exports["Utility"] = Utility;
|
olm_exports["Utility"] = Utility;
|
||||||
|
|
||||||
olm_exports['set_log_level'] = Module['_olm_set_log_level'];
|
|
||||||
}();
|
}();
|
||||||
|
|
|
||||||
|
|
@ -101,11 +101,6 @@ inline static void hmac_sha256_final(
|
||||||
|
|
||||||
} // namespace
|
} // namespace
|
||||||
|
|
||||||
std::string olm::Curve25519PublicKey::to_string() const {
|
|
||||||
return olm::bytes_to_string(std::begin(public_key),
|
|
||||||
std::end(public_key));
|
|
||||||
};
|
|
||||||
|
|
||||||
void olm::curve25519_generate_key(
|
void olm::curve25519_generate_key(
|
||||||
std::uint8_t const * random_32_bytes,
|
std::uint8_t const * random_32_bytes,
|
||||||
olm::Curve25519KeyPair & key_pair
|
olm::Curve25519KeyPair & key_pair
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue