olm.cpp 13.9 KB
Newer Older
Mark Haines's avatar
Mark Haines committed
1
2
3
4
5
6
7
8
9
10
11
12
13
14
/* Copyright 2015 OpenMarket Ltd
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
15
16
17
18
19
#include "olm/olm.hh"
#include "olm/session.hh"
#include "olm/account.hh"
#include "olm/base64.hh"
#include "olm/cipher.hh"
20
21
22
23
24
25

#include <new>
#include <cstring>

namespace {

26
27
static OlmAccount * to_c(olm::Account * account) {
    return reinterpret_cast<OlmAccount *>(account);
28
29
}

30
31
static OlmSession * to_c(olm::Session * account) {
    return reinterpret_cast<OlmSession *>(account);
32
33
}

34
35
static olm::Account * from_c(OlmAccount * account) {
    return reinterpret_cast<olm::Account *>(account);
36
37
}

38
39
static olm::Session * from_c(OlmSession * account) {
    return reinterpret_cast<olm::Session *>(account);
40
41
42
43
44
45
46
47
48
49
50
51
}

static std::uint8_t * from_c(void * bytes) {
    return reinterpret_cast<std::uint8_t *>(bytes);
}

static std::uint8_t const * from_c(void const * bytes) {
    return reinterpret_cast<std::uint8_t const *>(bytes);
}

static const std::uint8_t CIPHER_KDF_INFO[] = "Pickle";

52
static const olm::CipherAesSha256 PICKLE_CIPHER(
53
54
55
56
57
58
59
60
    CIPHER_KDF_INFO, sizeof(CIPHER_KDF_INFO) -1
);

std::size_t enc_output_length(
    size_t raw_length
) {
    std::size_t length = PICKLE_CIPHER.encrypt_ciphertext_length(raw_length);
    length += PICKLE_CIPHER.mac_length();
61
    return olm::encode_base64_length(length);
62
63
64
65
66
67
68
69
70
}


std::uint8_t * enc_output_pos(
    std::uint8_t * output,
    size_t raw_length
) {
    std::size_t length = PICKLE_CIPHER.encrypt_ciphertext_length(raw_length);
    length += PICKLE_CIPHER.mac_length();
71
    return output + olm::encode_base64_length(length) - length;
72
73
74
75
76
77
78
79
80
81
}

std::size_t enc_output(
    std::uint8_t const * key, std::size_t key_length,
    std::uint8_t * output, size_t raw_length
) {
    std::size_t ciphertext_length = PICKLE_CIPHER.encrypt_ciphertext_length(
        raw_length
    );
    std::size_t length = ciphertext_length + PICKLE_CIPHER.mac_length();
82
    std::size_t base64_length = olm::encode_base64_length(length);
83
84
85
86
87
88
89
    std::uint8_t * raw_output = output + base64_length - length;
    PICKLE_CIPHER.encrypt(
        key, key_length,
        raw_output, raw_length,
        raw_output, ciphertext_length,
        raw_output, length
    );
90
    olm::encode_base64(raw_output, length, output);
91
92
93
94
95
96
    return raw_length;
}

std::size_t enc_input(
    std::uint8_t const * key, std::size_t key_length,
    std::uint8_t * input, size_t b64_length,
97
    olm::ErrorCode & last_error
98
) {
99
    std::size_t enc_length = olm::decode_base64_length(b64_length);
100
    if (enc_length == std::size_t(-1)) {
101
        last_error = olm::ErrorCode::INVALID_BASE64;
102
103
        return std::size_t(-1);
    }
104
    olm::decode_base64(input, b64_length, input);
105
106
107
108
109
110
111
112
    std::size_t raw_length = enc_length - PICKLE_CIPHER.mac_length();
    std::size_t result = PICKLE_CIPHER.decrypt(
        key, key_length,
        input, enc_length,
        input, raw_length,
        input, raw_length
    );
    if (result == std::size_t(-1)) {
113
        last_error = olm::ErrorCode::BAD_ACCOUNT_KEY;
114
115
116
117
118
119
120
121
    }
    return result;
}


std::size_t b64_output_length(
    size_t raw_length
) {
122
    return olm::encode_base64_length(raw_length);
123
124
125
126
127
128
}

std::uint8_t * b64_output_pos(
    std::uint8_t * output,
    size_t raw_length
) {
129
    return output + olm::encode_base64_length(raw_length) - raw_length;
130
131
132
133
134
}

std::size_t b64_output(
    std::uint8_t * output, size_t raw_length
) {
135
    std::size_t base64_length = olm::encode_base64_length(raw_length);
136
    std::uint8_t * raw_output = output + base64_length - raw_length;
137
    olm::encode_base64(raw_output, raw_length, output);
138
139
140
141
142
    return base64_length;
}

std::size_t b64_input(
    std::uint8_t * input, size_t b64_length,
143
    olm::ErrorCode & last_error
144
) {
145
    std::size_t raw_length = olm::decode_base64_length(b64_length);
146
    if (raw_length == std::size_t(-1)) {
147
        last_error = olm::ErrorCode::INVALID_BASE64;
148
149
        return std::size_t(-1);
    }
150
    olm::decode_base64(input, b64_length, input);
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
    return raw_length;
}

const char * errors[9] {
    "SUCCESS",
    "NOT_ENOUGH_RANDOM",
    "OUTPUT_BUFFER_TOO_SMALL",
    "BAD_MESSAGE_VERSION",
    "BAD_MESSAGE_FORMAT",
    "BAD_MESSAGE_MAC",
    "BAD_MESSAGE_KEY_ID",
    "INVALID_BASE64",
    "BAD_ACCOUNT_KEY",
};

} // namespace


extern "C" {


172
size_t olm_error() {
173
174
175
176
    return std::size_t(-1);
}


177
178
const char * olm_account_last_error(
    OlmSession * account
179
180
181
182
183
184
185
186
187
188
) {
    unsigned error = unsigned(from_c(account)->last_error);
    if (error < 9) {
        return errors[error];
    } else {
        return "UNKNOWN_ERROR";
    }
}


189
190
const char * olm_session_last_error(
    OlmSession * session
191
192
193
194
195
196
197
198
199
200
) {
    unsigned error = unsigned(from_c(session)->last_error);
    if (error < 9) {
        return errors[error];
    } else {
        return "UNKNOWN_ERROR";
    }
}


201
202
size_t olm_account_size() {
    return sizeof(olm::Account);
203
204
205
}


206
207
size_t olm_session_size() {
    return sizeof(olm::Session);
208
209
210
}


211
OlmAccount * olm_account(
212
213
    void * memory
) {
214
    return to_c(new(memory) olm::Account());
215
216
217
}


218
OlmSession * olm_session(
219
220
    void * memory
) {
221
    return to_c(new(memory) olm::Session());
222
223
224
}


225
226
size_t olm_pickle_account_length(
    OlmAccount * account
227
228
229
230
231
) {
    return enc_output_length(pickle_length(*from_c(account)));
}


232
233
size_t olm_pickle_session_length(
    OlmSession * session
234
235
236
237
238
) {
    return enc_output_length(pickle_length(*from_c(session)));
}


239
240
size_t olm_pickle_account(
    OlmAccount * account,
241
242
243
    void const * key, size_t key_length,
    void * pickled, size_t pickled_length
) {
244
    olm::Account & object = *from_c(account);
245
246
    std::size_t raw_length = pickle_length(object);
    if (pickled_length < enc_output_length(raw_length)) {
247
        object.last_error = olm::ErrorCode::OUTPUT_BUFFER_TOO_SMALL;
248
249
250
251
252
253
254
        return size_t(-1);
    }
    pickle(enc_output_pos(from_c(pickled), raw_length), object);
    return enc_output(from_c(key), key_length, from_c(pickled), raw_length);
}


255
256
size_t olm_pickle_session(
    OlmSession * session,
257
258
259
    void const * key, size_t key_length,
    void * pickled, size_t pickled_length
) {
260
    olm::Session & object = *from_c(session);
261
262
    std::size_t raw_length = pickle_length(object);
    if (pickled_length < enc_output_length(raw_length)) {
263
        object.last_error = olm::ErrorCode::OUTPUT_BUFFER_TOO_SMALL;
264
265
266
267
268
269
270
        return size_t(-1);
    }
    pickle(enc_output_pos(from_c(pickled), raw_length), object);
    return enc_output(from_c(key), key_length, from_c(pickled), raw_length);
}


271
272
size_t olm_unpickle_account(
    OlmAccount * account,
273
274
275
    void const * key, size_t key_length,
    void * pickled, size_t pickled_length
) {
276
    olm::Account & object = *from_c(account);
277
278
279
280
281
282
283
284
285
286
287
288
289
    std::uint8_t * const pos = from_c(pickled);
    std::size_t raw_length = enc_input(
        from_c(key), key_length, pos, pickled_length, object.last_error
    );
    if (raw_length == std::size_t(-1)) {
        return std::size_t(-1);
    }
    std::uint8_t * const end = pos + raw_length;
    unpickle(pos, end, object);
    return pickled_length;
}


290
291
size_t olm_unpickle_session(
    OlmSession * session,
292
293
294
    void const * key, size_t key_length,
    void * pickled, size_t pickled_length
) {
295
    olm::Session & object = *from_c(session);
296
297
298
299
300
301
302
303
304
305
306
307
308
    std::uint8_t * const pos = from_c(pickled);
    std::size_t raw_length = enc_input(
        from_c(key), key_length, pos, pickled_length, object.last_error
    );
    if (raw_length == std::size_t(-1)) {
        return std::size_t(-1);
    }
    std::uint8_t * const end = pos + raw_length;
    unpickle(pos, end, object);
    return pickled_length;
}


309
310
size_t olm_create_account_random_length(
    OlmAccount * account
311
312
313
314
315
) {
    return from_c(account)->new_account_random_length();
}


316
317
size_t olm_create_account(
    OlmAccount * account,
318
319
320
321
322
    void const * random, size_t random_length
) {
    return from_c(account)->new_account(from_c(random), random_length);
}

323
size_t olm_account_identity_keys_length(
324
325
326
327
328
    OlmAccount * account,
    size_t user_id_length,
    size_t device_id_length,
    uint64_t valid_after_ts,
    uint64_t valid_until_ts
329
) {
330
331
332
333
334
335
    return from_c(account)->get_identity_json_length(
        user_id_length,
        device_id_length,
        valid_after_ts,
        valid_until_ts
    );
336
337
}

338
339
size_t olm_account_identity_keys(
    OlmAccount * account,
340
341
342
343
    void const * user_id, size_t user_id_length,
    void const * device_id, size_t device_id_length,
    uint64_t valid_after_ts,
    uint64_t valid_until_ts,
344
345
    void * identity_keys, size_t identity_key_length
) {
346
347
348
349
350
351
352
    return from_c(account)->get_identity_json(
        from_c(user_id), user_id_length,
        from_c(device_id), device_id_length,
        valid_after_ts,
        valid_until_ts,
        from_c(identity_keys), identity_key_length
    );
353
354
355
}


356
357
size_t olm_account_one_time_keys_length(
    OlmAccount * account
358
) {
359
    return from_c(account)->get_one_time_keys_json_length();
360
361
362
}


363
364
size_t olm_account_one_time_keys(
    OlmAccount * account,
365
    void * one_time_keys_json, size_t one_time_key_json_length
366
) {
367
368
369
    return from_c(account)->get_one_time_keys_json(
        from_c(one_time_keys_json), one_time_key_json_length
    );
370
371
372
}


373
374
size_t olm_create_outbound_session_random_length(
    OlmSession * session
Mark Haines's avatar
Mark Haines committed
375
376
377
378
) {
    return from_c(session)->new_outbound_session_random_length();
}

379
380
381
size_t olm_create_outbound_session(
    OlmSession * session,
    OlmAccount * account,
382
383
384
385
    void const * their_identity_key, size_t their_identity_key_length,
    void const * their_one_time_key, size_t their_one_time_key_length,
    void const * random, size_t random_length
) {
386
387
    if (olm::decode_base64_length(their_identity_key_length) != 32
            || olm::decode_base64_length(their_one_time_key_length) != 32
388
    ) {
389
        from_c(session)->last_error = olm::ErrorCode::INVALID_BASE64;
390
391
        return std::size_t(-1);
    }
392
    olm::Curve25519PublicKey identity_key;
393
    olm::Curve25519PublicKey one_time_key;
394

395
    olm::decode_base64(
396
397
398
        from_c(their_identity_key), their_identity_key_length,
        identity_key.public_key
    );
399
    olm::decode_base64(
400
        from_c(their_one_time_key), their_one_time_key_length,
401
        one_time_key.public_key
402
403
404
405
406
407
408
409
410
    );

    return from_c(session)->new_outbound_session(
        *from_c(account), identity_key, one_time_key,
        from_c(random), random_length
    );
}


411
412
413
size_t olm_create_inbound_session(
    OlmSession * session,
    OlmAccount * account,
414
415
416
417
418
419
420
421
422
423
424
425
426
427
    void * one_time_key_message, size_t message_length
) {
    std::size_t raw_length = b64_input(
        from_c(one_time_key_message), message_length, from_c(session)->last_error
    );
    if (raw_length == std::size_t(-1)) {
        return std::size_t(-1);
    }
    return from_c(session)->new_inbound_session(
        *from_c(account), from_c(one_time_key_message), raw_length
    );
}


428
429
size_t olm_matches_inbound_session(
    OlmSession * session,
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
    void * one_time_key_message, size_t message_length
) {
    std::size_t raw_length = b64_input(
        from_c(one_time_key_message), message_length, from_c(session)->last_error
    );
    if (raw_length == std::size_t(-1)) {
        return std::size_t(-1);
    }
    bool matches = from_c(session)->matches_inbound_session(
        from_c(one_time_key_message), raw_length
    );
    return matches ? 1 : 0;
}


445
446
447
size_t olm_remove_one_time_keys(
    OlmAccount * account,
    OlmSession * session
448
449
450
451
452
) {
    size_t result = from_c(account)->remove_key(
        from_c(session)->bob_one_time_key_id
    );
    if (result == std::size_t(-1)) {
453
        from_c(account)->last_error = olm::ErrorCode::BAD_MESSAGE_KEY_ID;
454
455
456
457
458
    }
    return result;
}


459
460
size_t olm_encrypt_message_type(
    OlmSession * session
461
462
463
464
465
) {
    return size_t(from_c(session)->encrypt_message_type());
}


466
467
size_t olm_encrypt_random_length(
    OlmSession * session
468
469
470
471
472
) {
    return from_c(session)->encrypt_random_length();
}


473
474
size_t olm_encrypt_message_length(
    OlmSession * session,
475
476
477
478
479
480
481
482
    size_t plaintext_length
) {
    return b64_output_length(
        from_c(session)->encrypt_message_length(plaintext_length)
    );
}


483
484
size_t olm_encrypt(
    OlmSession * session,
485
486
487
488
489
490
491
492
493
    void const * plaintext, size_t plaintext_length,
    void const * random, size_t random_length,
    void * message, size_t message_length
) {
    std::size_t raw_length = from_c(session)->encrypt_message_length(
        plaintext_length
    );
    if (message_length < raw_length) {
        from_c(session)->last_error =
494
            olm::ErrorCode::OUTPUT_BUFFER_TOO_SMALL;
495
496
497
498
499
500
501
502
503
504
505
        return std::size_t(-1);
    }
    from_c(session)->encrypt(
        from_c(plaintext), plaintext_length,
        from_c(random), random_length,
        b64_output_pos(from_c(message), raw_length), raw_length
    );
    return b64_output(from_c(message), raw_length);
}


506
507
size_t olm_decrypt_max_plaintext_length(
    OlmSession * session,
508
509
510
511
512
513
514
515
516
517
    size_t message_type,
    void * message, size_t message_length
) {
    std::size_t raw_length = b64_input(
        from_c(message), message_length, from_c(session)->last_error
    );
    if (raw_length == std::size_t(-1)) {
        return std::size_t(-1);
    }
    return from_c(session)->decrypt_max_plaintext_length(
518
        olm::MessageType(message_type), from_c(message), raw_length
519
520
521
522
    );
}


523
524
size_t olm_decrypt(
    OlmSession * session,
525
526
527
528
529
530
531
532
533
534
535
    size_t message_type,
    void * message, size_t message_length,
    void * plaintext, size_t max_plaintext_length
) {
    std::size_t raw_length = b64_input(
        from_c(message), message_length, from_c(session)->last_error
    );
    if (raw_length == std::size_t(-1)) {
        return std::size_t(-1);
    }
    return from_c(session)->decrypt(
536
        olm::MessageType(message_type), from_c(message), raw_length,
537
538
539
540
541
        from_c(plaintext), max_plaintext_length
    );
}

}