olm.cpp 14.6 KB
Newer Older
Mark Haines's avatar
Mark Haines committed
1
2
3
4
5
6
7
8
9
10
11
12
13
14
/* Copyright 2015 OpenMarket Ltd
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
15
16
17
18
19
#include "olm/olm.hh"
#include "olm/session.hh"
#include "olm/account.hh"
#include "olm/base64.hh"
#include "olm/cipher.hh"
20
21
22
23
24
25

#include <new>
#include <cstring>

namespace {

26
27
static OlmAccount * to_c(olm::Account * account) {
    return reinterpret_cast<OlmAccount *>(account);
28
29
}

30
31
static OlmSession * to_c(olm::Session * account) {
    return reinterpret_cast<OlmSession *>(account);
32
33
}

34
35
static olm::Account * from_c(OlmAccount * account) {
    return reinterpret_cast<olm::Account *>(account);
36
37
}

38
39
static olm::Session * from_c(OlmSession * account) {
    return reinterpret_cast<olm::Session *>(account);
40
41
42
43
44
45
46
47
48
49
50
51
}

static std::uint8_t * from_c(void * bytes) {
    return reinterpret_cast<std::uint8_t *>(bytes);
}

static std::uint8_t const * from_c(void const * bytes) {
    return reinterpret_cast<std::uint8_t const *>(bytes);
}

static const std::uint8_t CIPHER_KDF_INFO[] = "Pickle";

52
static const olm::CipherAesSha256 PICKLE_CIPHER(
53
54
55
56
57
58
59
60
    CIPHER_KDF_INFO, sizeof(CIPHER_KDF_INFO) -1
);

std::size_t enc_output_length(
    size_t raw_length
) {
    std::size_t length = PICKLE_CIPHER.encrypt_ciphertext_length(raw_length);
    length += PICKLE_CIPHER.mac_length();
61
    return olm::encode_base64_length(length);
62
63
64
65
66
67
68
69
70
}


std::uint8_t * enc_output_pos(
    std::uint8_t * output,
    size_t raw_length
) {
    std::size_t length = PICKLE_CIPHER.encrypt_ciphertext_length(raw_length);
    length += PICKLE_CIPHER.mac_length();
71
    return output + olm::encode_base64_length(length) - length;
72
73
74
75
76
77
78
79
80
81
}

std::size_t enc_output(
    std::uint8_t const * key, std::size_t key_length,
    std::uint8_t * output, size_t raw_length
) {
    std::size_t ciphertext_length = PICKLE_CIPHER.encrypt_ciphertext_length(
        raw_length
    );
    std::size_t length = ciphertext_length + PICKLE_CIPHER.mac_length();
82
    std::size_t base64_length = olm::encode_base64_length(length);
83
84
85
86
87
88
89
    std::uint8_t * raw_output = output + base64_length - length;
    PICKLE_CIPHER.encrypt(
        key, key_length,
        raw_output, raw_length,
        raw_output, ciphertext_length,
        raw_output, length
    );
90
    olm::encode_base64(raw_output, length, output);
91
92
93
94
95
96
    return raw_length;
}

std::size_t enc_input(
    std::uint8_t const * key, std::size_t key_length,
    std::uint8_t * input, size_t b64_length,
97
    olm::ErrorCode & last_error
98
) {
99
    std::size_t enc_length = olm::decode_base64_length(b64_length);
100
    if (enc_length == std::size_t(-1)) {
101
        last_error = olm::ErrorCode::INVALID_BASE64;
102
103
        return std::size_t(-1);
    }
104
    olm::decode_base64(input, b64_length, input);
105
106
107
108
109
110
111
112
    std::size_t raw_length = enc_length - PICKLE_CIPHER.mac_length();
    std::size_t result = PICKLE_CIPHER.decrypt(
        key, key_length,
        input, enc_length,
        input, raw_length,
        input, raw_length
    );
    if (result == std::size_t(-1)) {
113
        last_error = olm::ErrorCode::BAD_ACCOUNT_KEY;
114
115
116
117
118
119
120
121
    }
    return result;
}


std::size_t b64_output_length(
    size_t raw_length
) {
122
    return olm::encode_base64_length(raw_length);
123
124
125
126
127
128
}

std::uint8_t * b64_output_pos(
    std::uint8_t * output,
    size_t raw_length
) {
129
    return output + olm::encode_base64_length(raw_length) - raw_length;
130
131
132
133
134
}

std::size_t b64_output(
    std::uint8_t * output, size_t raw_length
) {
135
    std::size_t base64_length = olm::encode_base64_length(raw_length);
136
    std::uint8_t * raw_output = output + base64_length - raw_length;
137
    olm::encode_base64(raw_output, raw_length, output);
138
139
140
141
142
    return base64_length;
}

std::size_t b64_input(
    std::uint8_t * input, size_t b64_length,
143
    olm::ErrorCode & last_error
144
) {
145
    std::size_t raw_length = olm::decode_base64_length(b64_length);
146
    if (raw_length == std::size_t(-1)) {
147
        last_error = olm::ErrorCode::INVALID_BASE64;
148
149
        return std::size_t(-1);
    }
150
    olm::decode_base64(input, b64_length, input);
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
    return raw_length;
}

const char * errors[9] {
    "SUCCESS",
    "NOT_ENOUGH_RANDOM",
    "OUTPUT_BUFFER_TOO_SMALL",
    "BAD_MESSAGE_VERSION",
    "BAD_MESSAGE_FORMAT",
    "BAD_MESSAGE_MAC",
    "BAD_MESSAGE_KEY_ID",
    "INVALID_BASE64",
    "BAD_ACCOUNT_KEY",
};

} // namespace


extern "C" {


172
size_t olm_error() {
173
174
175
176
    return std::size_t(-1);
}


177
178
const char * olm_account_last_error(
    OlmSession * account
179
180
181
182
183
184
185
186
187
188
) {
    unsigned error = unsigned(from_c(account)->last_error);
    if (error < 9) {
        return errors[error];
    } else {
        return "UNKNOWN_ERROR";
    }
}


189
190
const char * olm_session_last_error(
    OlmSession * session
191
192
193
194
195
196
197
198
199
200
) {
    unsigned error = unsigned(from_c(session)->last_error);
    if (error < 9) {
        return errors[error];
    } else {
        return "UNKNOWN_ERROR";
    }
}


201
202
size_t olm_account_size() {
    return sizeof(olm::Account);
203
204
205
}


206
207
size_t olm_session_size() {
    return sizeof(olm::Session);
208
209
210
}


211
OlmAccount * olm_account(
212
213
    void * memory
) {
214
    return to_c(new(memory) olm::Account());
215
216
217
}


218
OlmSession * olm_session(
219
220
    void * memory
) {
221
    return to_c(new(memory) olm::Session());
222
223
224
}


225
226
size_t olm_pickle_account_length(
    OlmAccount * account
227
228
229
230
231
) {
    return enc_output_length(pickle_length(*from_c(account)));
}


232
233
size_t olm_pickle_session_length(
    OlmSession * session
234
235
236
237
238
) {
    return enc_output_length(pickle_length(*from_c(session)));
}


239
240
size_t olm_pickle_account(
    OlmAccount * account,
241
242
243
    void const * key, size_t key_length,
    void * pickled, size_t pickled_length
) {
244
    olm::Account & object = *from_c(account);
245
246
    std::size_t raw_length = pickle_length(object);
    if (pickled_length < enc_output_length(raw_length)) {
247
        object.last_error = olm::ErrorCode::OUTPUT_BUFFER_TOO_SMALL;
248
249
250
251
252
253
254
        return size_t(-1);
    }
    pickle(enc_output_pos(from_c(pickled), raw_length), object);
    return enc_output(from_c(key), key_length, from_c(pickled), raw_length);
}


255
256
size_t olm_pickle_session(
    OlmSession * session,
257
258
259
    void const * key, size_t key_length,
    void * pickled, size_t pickled_length
) {
260
    olm::Session & object = *from_c(session);
261
262
    std::size_t raw_length = pickle_length(object);
    if (pickled_length < enc_output_length(raw_length)) {
263
        object.last_error = olm::ErrorCode::OUTPUT_BUFFER_TOO_SMALL;
264
265
266
267
268
269
270
        return size_t(-1);
    }
    pickle(enc_output_pos(from_c(pickled), raw_length), object);
    return enc_output(from_c(key), key_length, from_c(pickled), raw_length);
}


271
272
size_t olm_unpickle_account(
    OlmAccount * account,
273
274
275
    void const * key, size_t key_length,
    void * pickled, size_t pickled_length
) {
276
    olm::Account & object = *from_c(account);
277
278
279
280
281
282
283
284
285
286
287
288
289
    std::uint8_t * const pos = from_c(pickled);
    std::size_t raw_length = enc_input(
        from_c(key), key_length, pos, pickled_length, object.last_error
    );
    if (raw_length == std::size_t(-1)) {
        return std::size_t(-1);
    }
    std::uint8_t * const end = pos + raw_length;
    unpickle(pos, end, object);
    return pickled_length;
}


290
291
size_t olm_unpickle_session(
    OlmSession * session,
292
293
294
    void const * key, size_t key_length,
    void * pickled, size_t pickled_length
) {
295
    olm::Session & object = *from_c(session);
296
297
298
299
300
301
302
303
304
305
306
307
308
    std::uint8_t * const pos = from_c(pickled);
    std::size_t raw_length = enc_input(
        from_c(key), key_length, pos, pickled_length, object.last_error
    );
    if (raw_length == std::size_t(-1)) {
        return std::size_t(-1);
    }
    std::uint8_t * const end = pos + raw_length;
    unpickle(pos, end, object);
    return pickled_length;
}


309
310
size_t olm_create_account_random_length(
    OlmAccount * account
311
312
313
314
315
) {
    return from_c(account)->new_account_random_length();
}


316
317
size_t olm_create_account(
    OlmAccount * account,
318
319
320
321
322
    void const * random, size_t random_length
) {
    return from_c(account)->new_account(from_c(random), random_length);
}

323
size_t olm_account_identity_keys_length(
324
325
326
327
328
    OlmAccount * account,
    size_t user_id_length,
    size_t device_id_length,
    uint64_t valid_after_ts,
    uint64_t valid_until_ts
329
) {
330
331
332
333
334
335
    return from_c(account)->get_identity_json_length(
        user_id_length,
        device_id_length,
        valid_after_ts,
        valid_until_ts
    );
336
337
}

338
339
size_t olm_account_identity_keys(
    OlmAccount * account,
340
341
342
343
    void const * user_id, size_t user_id_length,
    void const * device_id, size_t device_id_length,
    uint64_t valid_after_ts,
    uint64_t valid_until_ts,
344
345
    void * identity_keys, size_t identity_key_length
) {
346
347
348
349
350
351
352
    return from_c(account)->get_identity_json(
        from_c(user_id), user_id_length,
        from_c(device_id), device_id_length,
        valid_after_ts,
        valid_until_ts,
        from_c(identity_keys), identity_key_length
    );
353
354
355
}


356
357
size_t olm_account_one_time_keys_length(
    OlmAccount * account
358
) {
359
    return from_c(account)->get_one_time_keys_json_length();
360
361
362
}


363
364
size_t olm_account_one_time_keys(
    OlmAccount * account,
365
    void * one_time_keys_json, size_t one_time_key_json_length
366
) {
367
368
369
    return from_c(account)->get_one_time_keys_json(
        from_c(one_time_keys_json), one_time_key_json_length
    );
370
371
372
}


373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
size_t olm_account_mark_keys_as_published(
    OlmAccount * account
) {
    return from_c(account)->mark_keys_as_published();
}


size_t olm_account_max_number_of_one_time_keys(
    OlmAccount * account
) {
    return from_c(account)->max_number_of_one_time_keys();
}


size_t olm_account_generate_one_time_keys_random_length(
    OlmAccount * account,
    size_t number_of_keys
) {
    return from_c(account)->generate_one_time_keys_random_length(number_of_keys);
}


size_t olm_account_generate_one_time_keys(
    OlmAccount * account,
    size_t number_of_keys,
    void const * random, size_t random_length
) {
    return from_c(account)->generate_one_time_keys(
        number_of_keys,
        from_c(random), random_length
    );
}


407
408
size_t olm_create_outbound_session_random_length(
    OlmSession * session
Mark Haines's avatar
Mark Haines committed
409
410
411
412
) {
    return from_c(session)->new_outbound_session_random_length();
}

413

414
415
416
size_t olm_create_outbound_session(
    OlmSession * session,
    OlmAccount * account,
417
418
419
420
    void const * their_identity_key, size_t their_identity_key_length,
    void const * their_one_time_key, size_t their_one_time_key_length,
    void const * random, size_t random_length
) {
421
422
    if (olm::decode_base64_length(their_identity_key_length) != 32
            || olm::decode_base64_length(their_one_time_key_length) != 32
423
    ) {
424
        from_c(session)->last_error = olm::ErrorCode::INVALID_BASE64;
425
426
        return std::size_t(-1);
    }
427
    olm::Curve25519PublicKey identity_key;
428
    olm::Curve25519PublicKey one_time_key;
429

430
    olm::decode_base64(
431
432
433
        from_c(their_identity_key), their_identity_key_length,
        identity_key.public_key
    );
434
    olm::decode_base64(
435
        from_c(their_one_time_key), their_one_time_key_length,
436
        one_time_key.public_key
437
438
439
440
441
442
443
444
445
    );

    return from_c(session)->new_outbound_session(
        *from_c(account), identity_key, one_time_key,
        from_c(random), random_length
    );
}


446
447
448
size_t olm_create_inbound_session(
    OlmSession * session,
    OlmAccount * account,
449
450
451
452
453
454
455
456
457
458
459
460
461
462
    void * one_time_key_message, size_t message_length
) {
    std::size_t raw_length = b64_input(
        from_c(one_time_key_message), message_length, from_c(session)->last_error
    );
    if (raw_length == std::size_t(-1)) {
        return std::size_t(-1);
    }
    return from_c(session)->new_inbound_session(
        *from_c(account), from_c(one_time_key_message), raw_length
    );
}


463
464
size_t olm_matches_inbound_session(
    OlmSession * session,
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
    void * one_time_key_message, size_t message_length
) {
    std::size_t raw_length = b64_input(
        from_c(one_time_key_message), message_length, from_c(session)->last_error
    );
    if (raw_length == std::size_t(-1)) {
        return std::size_t(-1);
    }
    bool matches = from_c(session)->matches_inbound_session(
        from_c(one_time_key_message), raw_length
    );
    return matches ? 1 : 0;
}


480
481
482
size_t olm_remove_one_time_keys(
    OlmAccount * account,
    OlmSession * session
483
484
) {
    size_t result = from_c(account)->remove_key(
485
        from_c(session)->bob_one_time_key
486
487
    );
    if (result == std::size_t(-1)) {
488
        from_c(account)->last_error = olm::ErrorCode::BAD_MESSAGE_KEY_ID;
489
490
491
492
493
    }
    return result;
}


494
495
size_t olm_encrypt_message_type(
    OlmSession * session
496
497
498
499
500
) {
    return size_t(from_c(session)->encrypt_message_type());
}


501
502
size_t olm_encrypt_random_length(
    OlmSession * session
503
504
505
506
507
) {
    return from_c(session)->encrypt_random_length();
}


508
509
size_t olm_encrypt_message_length(
    OlmSession * session,
510
511
512
513
514
515
516
517
    size_t plaintext_length
) {
    return b64_output_length(
        from_c(session)->encrypt_message_length(plaintext_length)
    );
}


518
519
size_t olm_encrypt(
    OlmSession * session,
520
521
522
523
524
525
526
527
528
    void const * plaintext, size_t plaintext_length,
    void const * random, size_t random_length,
    void * message, size_t message_length
) {
    std::size_t raw_length = from_c(session)->encrypt_message_length(
        plaintext_length
    );
    if (message_length < raw_length) {
        from_c(session)->last_error =
529
            olm::ErrorCode::OUTPUT_BUFFER_TOO_SMALL;
530
531
532
533
534
535
536
537
538
539
540
        return std::size_t(-1);
    }
    from_c(session)->encrypt(
        from_c(plaintext), plaintext_length,
        from_c(random), random_length,
        b64_output_pos(from_c(message), raw_length), raw_length
    );
    return b64_output(from_c(message), raw_length);
}


541
542
size_t olm_decrypt_max_plaintext_length(
    OlmSession * session,
543
544
545
546
547
548
549
550
551
552
    size_t message_type,
    void * message, size_t message_length
) {
    std::size_t raw_length = b64_input(
        from_c(message), message_length, from_c(session)->last_error
    );
    if (raw_length == std::size_t(-1)) {
        return std::size_t(-1);
    }
    return from_c(session)->decrypt_max_plaintext_length(
553
        olm::MessageType(message_type), from_c(message), raw_length
554
555
556
557
    );
}


558
559
size_t olm_decrypt(
    OlmSession * session,
560
561
562
563
564
565
566
567
568
569
570
    size_t message_type,
    void * message, size_t message_length,
    void * plaintext, size_t max_plaintext_length
) {
    std::size_t raw_length = b64_input(
        from_c(message), message_length, from_c(session)->last_error
    );
    if (raw_length == std::size_t(-1)) {
        return std::size_t(-1);
    }
    return from_c(session)->decrypt(
571
        olm::MessageType(message_type), from_c(message), raw_length,
572
573
574
575
576
        from_c(plaintext), max_plaintext_length
    );
}

}