olm.cpp 14.8 KB
Newer Older
Mark Haines's avatar
Mark Haines committed
1
2
3
4
5
6
7
8
9
10
11
12
13
14
/* Copyright 2015 OpenMarket Ltd
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
15
16
17
18
19
#include "olm/olm.hh"
#include "olm/session.hh"
#include "olm/account.hh"
#include "olm/base64.hh"
#include "olm/cipher.hh"
20
21
22
23
24
25

#include <new>
#include <cstring>

namespace {

26
27
static OlmAccount * to_c(olm::Account * account) {
    return reinterpret_cast<OlmAccount *>(account);
28
29
}

30
31
static OlmSession * to_c(olm::Session * account) {
    return reinterpret_cast<OlmSession *>(account);
32
33
}

34
35
static olm::Account * from_c(OlmAccount * account) {
    return reinterpret_cast<olm::Account *>(account);
36
37
}

38
39
static olm::Session * from_c(OlmSession * account) {
    return reinterpret_cast<olm::Session *>(account);
40
41
42
43
44
45
46
47
48
49
50
51
}

static std::uint8_t * from_c(void * bytes) {
    return reinterpret_cast<std::uint8_t *>(bytes);
}

static std::uint8_t const * from_c(void const * bytes) {
    return reinterpret_cast<std::uint8_t const *>(bytes);
}

static const std::uint8_t CIPHER_KDF_INFO[] = "Pickle";

52
static const olm::CipherAesSha256 PICKLE_CIPHER(
53
54
55
56
57
58
59
60
    CIPHER_KDF_INFO, sizeof(CIPHER_KDF_INFO) -1
);

std::size_t enc_output_length(
    size_t raw_length
) {
    std::size_t length = PICKLE_CIPHER.encrypt_ciphertext_length(raw_length);
    length += PICKLE_CIPHER.mac_length();
61
    return olm::encode_base64_length(length);
62
63
64
65
66
67
68
69
70
}


std::uint8_t * enc_output_pos(
    std::uint8_t * output,
    size_t raw_length
) {
    std::size_t length = PICKLE_CIPHER.encrypt_ciphertext_length(raw_length);
    length += PICKLE_CIPHER.mac_length();
71
    return output + olm::encode_base64_length(length) - length;
72
73
74
75
76
77
78
79
80
81
}

std::size_t enc_output(
    std::uint8_t const * key, std::size_t key_length,
    std::uint8_t * output, size_t raw_length
) {
    std::size_t ciphertext_length = PICKLE_CIPHER.encrypt_ciphertext_length(
        raw_length
    );
    std::size_t length = ciphertext_length + PICKLE_CIPHER.mac_length();
82
    std::size_t base64_length = olm::encode_base64_length(length);
83
84
85
86
87
88
89
    std::uint8_t * raw_output = output + base64_length - length;
    PICKLE_CIPHER.encrypt(
        key, key_length,
        raw_output, raw_length,
        raw_output, ciphertext_length,
        raw_output, length
    );
90
    olm::encode_base64(raw_output, length, output);
91
92
93
94
95
96
    return raw_length;
}

std::size_t enc_input(
    std::uint8_t const * key, std::size_t key_length,
    std::uint8_t * input, size_t b64_length,
97
    olm::ErrorCode & last_error
98
) {
99
    std::size_t enc_length = olm::decode_base64_length(b64_length);
100
    if (enc_length == std::size_t(-1)) {
101
        last_error = olm::ErrorCode::INVALID_BASE64;
102
103
        return std::size_t(-1);
    }
104
    olm::decode_base64(input, b64_length, input);
105
106
107
108
109
110
111
112
    std::size_t raw_length = enc_length - PICKLE_CIPHER.mac_length();
    std::size_t result = PICKLE_CIPHER.decrypt(
        key, key_length,
        input, enc_length,
        input, raw_length,
        input, raw_length
    );
    if (result == std::size_t(-1)) {
113
        last_error = olm::ErrorCode::BAD_ACCOUNT_KEY;
114
115
116
117
118
119
120
121
    }
    return result;
}


std::size_t b64_output_length(
    size_t raw_length
) {
122
    return olm::encode_base64_length(raw_length);
123
124
125
126
127
128
}

std::uint8_t * b64_output_pos(
    std::uint8_t * output,
    size_t raw_length
) {
129
    return output + olm::encode_base64_length(raw_length) - raw_length;
130
131
132
133
134
}

std::size_t b64_output(
    std::uint8_t * output, size_t raw_length
) {
135
    std::size_t base64_length = olm::encode_base64_length(raw_length);
136
    std::uint8_t * raw_output = output + base64_length - raw_length;
137
    olm::encode_base64(raw_output, raw_length, output);
138
139
140
141
142
    return base64_length;
}

std::size_t b64_input(
    std::uint8_t * input, size_t b64_length,
143
    olm::ErrorCode & last_error
144
) {
145
    std::size_t raw_length = olm::decode_base64_length(b64_length);
146
    if (raw_length == std::size_t(-1)) {
147
        last_error = olm::ErrorCode::INVALID_BASE64;
148
149
        return std::size_t(-1);
    }
150
    olm::decode_base64(input, b64_length, input);
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
    return raw_length;
}

const char * errors[9] {
    "SUCCESS",
    "NOT_ENOUGH_RANDOM",
    "OUTPUT_BUFFER_TOO_SMALL",
    "BAD_MESSAGE_VERSION",
    "BAD_MESSAGE_FORMAT",
    "BAD_MESSAGE_MAC",
    "BAD_MESSAGE_KEY_ID",
    "INVALID_BASE64",
    "BAD_ACCOUNT_KEY",
};

} // namespace


extern "C" {


172
size_t olm_error() {
173
174
175
176
    return std::size_t(-1);
}


177
178
const char * olm_account_last_error(
    OlmSession * account
179
180
181
182
183
184
185
186
187
188
) {
    unsigned error = unsigned(from_c(account)->last_error);
    if (error < 9) {
        return errors[error];
    } else {
        return "UNKNOWN_ERROR";
    }
}


189
190
const char * olm_session_last_error(
    OlmSession * session
191
192
193
194
195
196
197
198
199
200
) {
    unsigned error = unsigned(from_c(session)->last_error);
    if (error < 9) {
        return errors[error];
    } else {
        return "UNKNOWN_ERROR";
    }
}


201
202
size_t olm_account_size() {
    return sizeof(olm::Account);
203
204
205
}


206
207
size_t olm_session_size() {
    return sizeof(olm::Session);
208
209
210
}


211
OlmAccount * olm_account(
212
213
    void * memory
) {
214
    return to_c(new(memory) olm::Account());
215
216
217
}


218
OlmSession * olm_session(
219
220
    void * memory
) {
221
    return to_c(new(memory) olm::Session());
222
223
224
}


225
226
size_t olm_pickle_account_length(
    OlmAccount * account
227
228
229
230
231
) {
    return enc_output_length(pickle_length(*from_c(account)));
}


232
233
size_t olm_pickle_session_length(
    OlmSession * session
234
235
236
237
238
) {
    return enc_output_length(pickle_length(*from_c(session)));
}


239
240
size_t olm_pickle_account(
    OlmAccount * account,
241
242
243
    void const * key, size_t key_length,
    void * pickled, size_t pickled_length
) {
244
    olm::Account & object = *from_c(account);
245
246
    std::size_t raw_length = pickle_length(object);
    if (pickled_length < enc_output_length(raw_length)) {
247
        object.last_error = olm::ErrorCode::OUTPUT_BUFFER_TOO_SMALL;
248
249
250
251
252
253
254
        return size_t(-1);
    }
    pickle(enc_output_pos(from_c(pickled), raw_length), object);
    return enc_output(from_c(key), key_length, from_c(pickled), raw_length);
}


255
256
size_t olm_pickle_session(
    OlmSession * session,
257
258
259
    void const * key, size_t key_length,
    void * pickled, size_t pickled_length
) {
260
    olm::Session & object = *from_c(session);
261
262
    std::size_t raw_length = pickle_length(object);
    if (pickled_length < enc_output_length(raw_length)) {
263
        object.last_error = olm::ErrorCode::OUTPUT_BUFFER_TOO_SMALL;
264
265
266
267
268
269
270
        return size_t(-1);
    }
    pickle(enc_output_pos(from_c(pickled), raw_length), object);
    return enc_output(from_c(key), key_length, from_c(pickled), raw_length);
}


271
272
size_t olm_unpickle_account(
    OlmAccount * account,
273
274
275
    void const * key, size_t key_length,
    void * pickled, size_t pickled_length
) {
276
    olm::Account & object = *from_c(account);
277
278
279
280
281
282
283
284
285
286
287
288
289
    std::uint8_t * const pos = from_c(pickled);
    std::size_t raw_length = enc_input(
        from_c(key), key_length, pos, pickled_length, object.last_error
    );
    if (raw_length == std::size_t(-1)) {
        return std::size_t(-1);
    }
    std::uint8_t * const end = pos + raw_length;
    unpickle(pos, end, object);
    return pickled_length;
}


290
291
size_t olm_unpickle_session(
    OlmSession * session,
292
293
294
    void const * key, size_t key_length,
    void * pickled, size_t pickled_length
) {
295
    olm::Session & object = *from_c(session);
296
297
298
299
300
301
302
303
304
305
306
307
308
    std::uint8_t * const pos = from_c(pickled);
    std::size_t raw_length = enc_input(
        from_c(key), key_length, pos, pickled_length, object.last_error
    );
    if (raw_length == std::size_t(-1)) {
        return std::size_t(-1);
    }
    std::uint8_t * const end = pos + raw_length;
    unpickle(pos, end, object);
    return pickled_length;
}


309
310
size_t olm_create_account_random_length(
    OlmAccount * account
311
312
313
314
315
) {
    return from_c(account)->new_account_random_length();
}


316
317
size_t olm_create_account(
    OlmAccount * account,
318
319
320
321
322
    void const * random, size_t random_length
) {
    return from_c(account)->new_account(from_c(random), random_length);
}

323

324
size_t olm_account_identity_keys_length(
325
326
327
    OlmAccount * account
) {
    return from_c(account)->get_identity_json_length();
328
329
}

330

331
332
size_t olm_account_identity_keys(
    OlmAccount * account,
333
334
    void * identity_keys, size_t identity_key_length
) {
335
336
337
    return from_c(account)->get_identity_json(
        from_c(identity_keys), identity_key_length
    );
338
339
340
}


341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
size_t olm_account_signature_length(
    OlmAccount * account
) {
    return b64_output_length(from_c(account)->signature_length());
}


size_t olm_account_sign(
    OlmAccount * account,
    void const * message, size_t message_length,
    void * signature, size_t signature_length
) {
    std::size_t raw_length = from_c(account)->signature_length();
    if (signature_length < b64_output_length(raw_length)) {
        from_c(account)->last_error =
            olm::ErrorCode::OUTPUT_BUFFER_TOO_SMALL;
        return std::size_t(-1);
    }
    from_c(account)->sign(
         from_c(message), message_length,
         b64_output_pos(from_c(signature), raw_length), raw_length
    );
    return b64_output(from_c(signature), raw_length);
}


367
368
size_t olm_account_one_time_keys_length(
    OlmAccount * account
369
) {
370
    return from_c(account)->get_one_time_keys_json_length();
371
372
373
}


374
375
size_t olm_account_one_time_keys(
    OlmAccount * account,
376
    void * one_time_keys_json, size_t one_time_key_json_length
377
) {
378
379
380
    return from_c(account)->get_one_time_keys_json(
        from_c(one_time_keys_json), one_time_key_json_length
    );
381
382
383
}


384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
size_t olm_account_mark_keys_as_published(
    OlmAccount * account
) {
    return from_c(account)->mark_keys_as_published();
}


size_t olm_account_max_number_of_one_time_keys(
    OlmAccount * account
) {
    return from_c(account)->max_number_of_one_time_keys();
}


size_t olm_account_generate_one_time_keys_random_length(
    OlmAccount * account,
    size_t number_of_keys
) {
    return from_c(account)->generate_one_time_keys_random_length(number_of_keys);
}


size_t olm_account_generate_one_time_keys(
    OlmAccount * account,
    size_t number_of_keys,
    void const * random, size_t random_length
) {
    return from_c(account)->generate_one_time_keys(
        number_of_keys,
        from_c(random), random_length
    );
}


418
419
size_t olm_create_outbound_session_random_length(
    OlmSession * session
Mark Haines's avatar
Mark Haines committed
420
421
422
423
) {
    return from_c(session)->new_outbound_session_random_length();
}

424

425
426
427
size_t olm_create_outbound_session(
    OlmSession * session,
    OlmAccount * account,
428
429
430
431
    void const * their_identity_key, size_t their_identity_key_length,
    void const * their_one_time_key, size_t their_one_time_key_length,
    void const * random, size_t random_length
) {
432
433
    if (olm::decode_base64_length(their_identity_key_length) != 32
            || olm::decode_base64_length(their_one_time_key_length) != 32
434
    ) {
435
        from_c(session)->last_error = olm::ErrorCode::INVALID_BASE64;
436
437
        return std::size_t(-1);
    }
438
    olm::Curve25519PublicKey identity_key;
439
    olm::Curve25519PublicKey one_time_key;
440

441
    olm::decode_base64(
442
443
444
        from_c(their_identity_key), their_identity_key_length,
        identity_key.public_key
    );
445
    olm::decode_base64(
446
        from_c(their_one_time_key), their_one_time_key_length,
447
        one_time_key.public_key
448
449
450
451
452
453
454
455
456
    );

    return from_c(session)->new_outbound_session(
        *from_c(account), identity_key, one_time_key,
        from_c(random), random_length
    );
}


457
458
459
size_t olm_create_inbound_session(
    OlmSession * session,
    OlmAccount * account,
460
461
462
463
464
465
466
467
468
469
470
471
472
473
    void * one_time_key_message, size_t message_length
) {
    std::size_t raw_length = b64_input(
        from_c(one_time_key_message), message_length, from_c(session)->last_error
    );
    if (raw_length == std::size_t(-1)) {
        return std::size_t(-1);
    }
    return from_c(session)->new_inbound_session(
        *from_c(account), from_c(one_time_key_message), raw_length
    );
}


474
475
size_t olm_matches_inbound_session(
    OlmSession * session,
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
    void * one_time_key_message, size_t message_length
) {
    std::size_t raw_length = b64_input(
        from_c(one_time_key_message), message_length, from_c(session)->last_error
    );
    if (raw_length == std::size_t(-1)) {
        return std::size_t(-1);
    }
    bool matches = from_c(session)->matches_inbound_session(
        from_c(one_time_key_message), raw_length
    );
    return matches ? 1 : 0;
}


491
492
493
size_t olm_remove_one_time_keys(
    OlmAccount * account,
    OlmSession * session
494
495
) {
    size_t result = from_c(account)->remove_key(
496
        from_c(session)->bob_one_time_key
497
498
    );
    if (result == std::size_t(-1)) {
499
        from_c(account)->last_error = olm::ErrorCode::BAD_MESSAGE_KEY_ID;
500
501
502
503
504
    }
    return result;
}


505
506
size_t olm_encrypt_message_type(
    OlmSession * session
507
508
509
510
511
) {
    return size_t(from_c(session)->encrypt_message_type());
}


512
513
size_t olm_encrypt_random_length(
    OlmSession * session
514
515
516
517
518
) {
    return from_c(session)->encrypt_random_length();
}


519
520
size_t olm_encrypt_message_length(
    OlmSession * session,
521
522
523
524
525
526
527
528
    size_t plaintext_length
) {
    return b64_output_length(
        from_c(session)->encrypt_message_length(plaintext_length)
    );
}


529
530
size_t olm_encrypt(
    OlmSession * session,
531
532
533
534
535
536
537
    void const * plaintext, size_t plaintext_length,
    void const * random, size_t random_length,
    void * message, size_t message_length
) {
    std::size_t raw_length = from_c(session)->encrypt_message_length(
        plaintext_length
    );
538
    if (message_length < b64_output_length(raw_length)) {
539
        from_c(session)->last_error =
540
            olm::ErrorCode::OUTPUT_BUFFER_TOO_SMALL;
541
542
543
544
545
546
547
548
549
550
551
        return std::size_t(-1);
    }
    from_c(session)->encrypt(
        from_c(plaintext), plaintext_length,
        from_c(random), random_length,
        b64_output_pos(from_c(message), raw_length), raw_length
    );
    return b64_output(from_c(message), raw_length);
}


552
553
size_t olm_decrypt_max_plaintext_length(
    OlmSession * session,
554
555
556
557
558
559
560
561
562
563
    size_t message_type,
    void * message, size_t message_length
) {
    std::size_t raw_length = b64_input(
        from_c(message), message_length, from_c(session)->last_error
    );
    if (raw_length == std::size_t(-1)) {
        return std::size_t(-1);
    }
    return from_c(session)->decrypt_max_plaintext_length(
564
        olm::MessageType(message_type), from_c(message), raw_length
565
566
567
568
    );
}


569
570
size_t olm_decrypt(
    OlmSession * session,
571
572
573
574
575
576
577
578
579
580
581
    size_t message_type,
    void * message, size_t message_length,
    void * plaintext, size_t max_plaintext_length
) {
    std::size_t raw_length = b64_input(
        from_c(message), message_length, from_c(session)->last_error
    );
    if (raw_length == std::size_t(-1)) {
        return std::size_t(-1);
    }
    return from_c(session)->decrypt(
582
        olm::MessageType(message_type), from_c(message), raw_length,
583
584
585
586
587
        from_c(plaintext), max_plaintext_length
    );
}

}