Replace hard coded references to the 32-byte key length with a constant, add...

Replace hard coded references to the 32-byte key length with a constant, add utilities for copying data to and from fixed sized arrays

Replace hard coded references to the 32-byte key length with a constant, add...
Replace hard coded references to the 32-byte key length with a constant, add utilities for copying data to and from fixed sized arrays
b3180551 · Mark Haines · a378a40b · b3180551 · b3180551 · b3180551
Commit b3180551 authored Aug 19, 2015 by Mark Haines
--- a/include/olm/crypto.hh
+++ b/include/olm/crypto.hh
@@ -20,28 +20,27 @@

 namespace olm {

+static const std::size_t KEY_LENGTH = 32;
+static const std::size_t SIGNATURE_LENGTH = 64;
+static const std::size_t IV_LENGTH = 16;

 struct Curve25519PublicKey {
-    static const int LENGTH = 32;
-    std::uint8_t public_key[32];
+    std::uint8_t public_key[KEY_LENGTH];
 };


 struct Curve25519KeyPair : public Curve25519PublicKey {
-    static const int LENGTH = 64;
-    std::uint8_t private_key[32];
+    std::uint8_t private_key[KEY_LENGTH];
 };


 struct Ed25519PublicKey {
-    static const int LENGTH = 32;
-    std::uint8_t public_key[32];
+    std::uint8_t public_key[KEY_LENGTH];
 };


 struct Ed25519KeyPair : public Ed25519PublicKey {
-    static const int LENGTH = 64;
-    std::uint8_t private_key[32];
+    std::uint8_t private_key[KEY_LENGTH];
 };


@@ -52,9 +51,6 @@ void curve25519_generate_key(
 );


-const std::size_t CURVE25519_SHARED_SECRET_LENGTH = 32;
-
-
 /** Create a shared secret using our private key and their public key.
 * The output buffer must be at least 32 bytes long. */
 void curve25519_shared_secret(
@@ -109,14 +105,12 @@ bool ed25519_verify(


 struct Aes256Key {
-    static const int LENGTH = 32;
-    std::uint8_t key[32];
+    std::uint8_t key[KEY_LENGTH];
 };


 struct Aes256Iv {
-    static const int LENGTH = 16;
-    std::uint8_t iv[16];
+    std::uint8_t iv[IV_LENGTH];
 };


@@ -156,7 +150,7 @@ void sha256(
 );


-const std::size_t HMAC_SHA256_OUTPUT_LENGTH = 32;
+const std::size_t SHA256_OUTPUT_LENGTH = 32;


 /** HMAC: Keyed-Hashing for Message Authentication

--- a/include/olm/memory.hh
+++ b/include/olm/memory.hh
@@ -14,6 +14,8 @@
 */
 #include <cstddef>
 #include <cstdint>
+#include <cstring>
+#include <type_traits>

 namespace olm {

@@ -35,4 +37,51 @@ bool is_equal(
    std::size_t length
 );

+/** Check if two fixed size arrays are equals */
+template<typename T>
+bool array_equal(
+    T const & array_a,
+    T const & array_b
+) {
+    static_assert(
+        std::is_array<T>::value
+            && std::is_convertible<T, std::uint8_t *>::value
+            && sizeof(T) > 0,
+        "Arguments to array_equal must be std::uint8_t arrays[]."
+    );
+    return is_equal(array_a, array_b, sizeof(T));
+}
+
+/** Copy into a fixed size array */
+template<typename T>
+std::uint8_t const * load_array(
+    T & destination,
+    std::uint8_t const * source
+) {
+    static_assert(
+        std::is_array<T>::value
+            && std::is_convertible<T, std::uint8_t *>::value
+            && sizeof(T) > 0,
+        "The first argument to load_array must be a std::uint8_t array[]."
+    );
+    std::memcpy(destination, source, sizeof(T));
+    return source + sizeof(T);
+}
+
+/** Copy from a fixed size array */
+template<typename T>
+std::uint8_t * store_array(
+    std::uint8_t * destination,
+    T const & source
+) {
+    static_assert(
+        std::is_array<T>::value
+            && std::is_convertible<T, std::uint8_t *>::value
+            && sizeof(T) > 0,
+        "The second argument to store_array must be a std::uint8_t array[]."
+    );
+    std::memcpy(destination, source, sizeof(T));
+    return destination + sizeof(T);
+}
+
 } // namespace olm
--- a/include/olm/ratchet.hh
+++ b/include/olm/ratchet.hh
@@ -21,7 +21,7 @@ namespace olm {

 class Cipher;

-typedef std::uint8_t SharedKey[32];
+typedef std::uint8_t SharedKey[olm::KEY_LENGTH];


 struct ChainKey {

--- a/src/account.cpp
+++ b/src/account.cpp
@@ -15,6 +15,7 @@
 #include "olm/account.hh"
 #include "olm/base64.hh"
 #include "olm/pickle.hh"
+#include "olm/memory.hh"

 olm::Account::Account(
 ) : next_one_time_key_id(0),
@@ -26,7 +27,7 @@ olm::OneTimeKey const * olm::Account::lookup_key(
    olm::Curve25519PublicKey const & public_key
 ) {
    for (olm::OneTimeKey const & key : one_time_keys) {
-        if (0 == memcmp(key.key.public_key, public_key.public_key, 32)) {
+        if (olm::array_equal(key.key.public_key, public_key.public_key)) {
            return &key;
        }
    }
@@ -38,7 +39,7 @@ std::size_t olm::Account::remove_key(
 ) {
    OneTimeKey * i;
    for (i = one_time_keys.begin(); i != one_time_keys.end(); ++i) {
-        if (0 == memcmp(i->key.public_key, public_key.public_key, 32)) {
+        if (olm::array_equal(i->key.public_key, public_key.public_key)) {
            std::uint32_t id = i->id;
            one_time_keys.erase(i);
            return id;
@@ -48,7 +49,7 @@ std::size_t olm::Account::remove_key(
 }

 std::size_t olm::Account::new_account_random_length() {
-    return 2 * 32;
+    return 2 * olm::KEY_LENGTH;
 }

 std::size_t olm::Account::new_account(
@@ -60,9 +61,8 @@ std::size_t olm::Account::new_account(
    }

    olm::ed25519_generate_key(random, identity_keys.ed25519_key);
-    random += 32;
+    random += KEY_LENGTH;
    olm::curve25519_generate_key(random, identity_keys.curve25519_key);
-    random += 32;

    return 0;
 }
@@ -107,7 +107,6 @@ std::size_t olm::Account::get_identity_json(
    std::uint8_t * identity_json, std::size_t identity_json_length
 ) {
    std::uint8_t * pos = identity_json;
-    std::uint8_t signature[64];
    size_t expected_length = get_identity_json_length();

    if (identity_json_length < expected_length) {
@@ -138,7 +137,7 @@ std::size_t olm::Account::get_identity_json(

 std::size_t olm::Account::signature_length(
 ) {
-    return 64;
+    return olm::SIGNATURE_LENGTH;
 }


@@ -239,7 +238,7 @@ std::size_t olm::Account::max_number_of_one_time_keys(
 std::size_t olm::Account::generate_one_time_keys_random_length(
    std::size_t number_of_keys
 ) {
-    return 32 * number_of_keys;
+    return olm::KEY_LENGTH * number_of_keys;
 }

 std::size_t olm::Account::generate_one_time_keys(
@@ -255,7 +254,7 @@ std::size_t olm::Account::generate_one_time_keys(
        key.id = ++next_one_time_key_id;
        key.published = false;
        olm::curve25519_generate_key(random, key.key);
-        random += 32;
+        random += olm::KEY_LENGTH;
    }
    return number_of_keys;
 }

--- a/src/cipher.cpp
+++ b/src/cipher.cpp
@@ -23,11 +23,9 @@ olm::Cipher::~Cipher() {

 namespace {

-static const std::size_t SHA256_LENGTH = 32;
-
 struct DerivedKeys {
    olm::Aes256Key aes_key;
-    std::uint8_t mac_key[SHA256_LENGTH];
+    std::uint8_t mac_key[olm::KEY_LENGTH];
    olm::Aes256Iv aes_iv;
 };

@@ -37,16 +35,17 @@ static void derive_keys(
    std::uint8_t const * key, std::size_t key_length,
    DerivedKeys & keys
 ) {
-    std::uint8_t derived_secrets[80];
+    std::uint8_t derived_secrets[2 * olm::KEY_LENGTH + olm::IV_LENGTH];
    olm::hkdf_sha256(
        key, key_length,
        nullptr, 0,
        kdf_info, kdf_info_length,
        derived_secrets, sizeof(derived_secrets)
    );
-    std::memcpy(keys.aes_key.key, derived_secrets, 32);
-    std::memcpy(keys.mac_key, derived_secrets + 32, 32);
-    std::memcpy(keys.aes_iv.iv, derived_secrets + 64, 16);
+    std::uint8_t const * pos = derived_secrets;
+    pos = olm::load_array(keys.aes_key.key, pos);
+    pos = olm::load_array(keys.mac_key, pos);
+    pos = olm::load_array(keys.aes_iv.iv, pos);
    olm::unset(derived_secrets);
 }

@@ -84,7 +83,7 @@ std::size_t olm::CipherAesSha256::encrypt(
        return std::size_t(-1);
    }
    struct DerivedKeys keys;
-    std::uint8_t mac[SHA256_LENGTH];
+    std::uint8_t mac[olm::SHA256_OUTPUT_LENGTH];

    derive_keys(kdf_info, kdf_info_length, key, key_length, keys);

@@ -93,7 +92,7 @@ std::size_t olm::CipherAesSha256::encrypt(
    );

    olm::hmac_sha256(
-        keys.mac_key, SHA256_LENGTH, output, output_length - MAC_LENGTH, mac
+        keys.mac_key, olm::KEY_LENGTH, output, output_length - MAC_LENGTH, mac
    );

    std::memcpy(output + output_length - MAC_LENGTH, mac, MAC_LENGTH);
@@ -116,12 +115,12 @@ std::size_t olm::CipherAesSha256::decrypt(
     std::uint8_t * plaintext, std::size_t max_plaintext_length
 ) const {
    DerivedKeys keys;
-    std::uint8_t mac[SHA256_LENGTH];
+    std::uint8_t mac[olm::SHA256_OUTPUT_LENGTH];

    derive_keys(kdf_info, kdf_info_length, key, key_length, keys);

    olm::hmac_sha256(
-        keys.mac_key, SHA256_LENGTH, input, input_length - MAC_LENGTH, mac
+        keys.mac_key, olm::KEY_LENGTH, input, input_length - MAC_LENGTH, mac
    );

    std::uint8_t const * input_mac = input + input_length - MAC_LENGTH;

--- a/src/crypto.cpp
+++ b/src/crypto.cpp
@@ -66,8 +66,9 @@ void ed25519_keypair(
 namespace {

 static const std::uint8_t CURVE25519_BASEPOINT[32] = {9};
+static const std::size_t AES_KEY_SCHEDULE_LENGTH = 60;
+static const std::size_t AES_KEY_BITS = 8 * olm::KEY_LENGTH;
 static const std::size_t AES_BLOCK_LENGTH = 16;
-static const std::size_t SHA256_HASH_LENGTH = 32;
 static const std::size_t SHA256_BLOCK_LENGTH = 64;
 static const std::uint8_t HKDF_DEFAULT_SALT[32] = {};

@@ -119,7 +120,7 @@ inline static void hmac_sha256_final(
    std::uint8_t const * hmac_key,
    std::uint8_t * output
 ) {
-    std::uint8_t o_pad[SHA256_BLOCK_LENGTH + SHA256_HASH_LENGTH];
+    std::uint8_t o_pad[SHA256_BLOCK_LENGTH + olm::SHA256_OUTPUT_LENGTH];
    std::memcpy(o_pad, hmac_key, SHA256_BLOCK_LENGTH);
    for (std::size_t i = 0; i < SHA256_BLOCK_LENGTH; ++i) {
        o_pad[i] ^= 0x5C;
@@ -140,7 +141,7 @@ void olm::curve25519_generate_key(
    std::uint8_t const * random_32_bytes,
    olm::Curve25519KeyPair & key_pair
 ) {
-    std::memcpy(key_pair.private_key, random_32_bytes, 32);
+    std::memcpy(key_pair.private_key, random_32_bytes, KEY_LENGTH);
    ::curve25519_donna(
        key_pair.public_key, key_pair.private_key, CURVE25519_BASEPOINT
    );
@@ -161,9 +162,9 @@ void olm::curve25519_sign(
    std::uint8_t const * message, std::size_t message_length,
    std::uint8_t * output
 ) {
-    std::uint8_t private_key[32];
-    std::uint8_t public_key[32];
-    std::memcpy(private_key, our_key.private_key, 32);
+    std::uint8_t private_key[KEY_LENGTH];
+    std::uint8_t public_key[KEY_LENGTH];
+    std::memcpy(private_key, our_key.private_key, KEY_LENGTH);
    ::ed25519_keypair(private_key, public_key);
    ::ed25519_sign(
        output,
@@ -179,10 +180,10 @@ bool olm::curve25519_verify(
    std::uint8_t const * message, std::size_t message_length,
    std::uint8_t const * signature
 ) {
-    std::uint8_t public_key[32];
-    std::uint8_t signature_buffer[64];
-    std::memcpy(public_key, their_key.public_key, 32);
-    std::memcpy(signature_buffer, signature, 64);
+    std::uint8_t public_key[KEY_LENGTH];
+    std::uint8_t signature_buffer[SIGNATURE_LENGTH];
+    std::memcpy(public_key, their_key.public_key, KEY_LENGTH);
+    std::memcpy(signature_buffer, signature, SIGNATURE_LENGTH);
    ::convert_curve25519_to_ed25519(public_key, signature_buffer);
    return 0 != ::ed25519_verify(
        signature,
@@ -196,7 +197,7 @@ void olm::ed25519_generate_key(
    std::uint8_t const * random_32_bytes,
    olm::Ed25519KeyPair & key_pair
 ) {
-    std::memcpy(key_pair.private_key, random_32_bytes, 32);
+    std::memcpy(key_pair.private_key, random_32_bytes, KEY_LENGTH);
    ::ed25519_keypair(key_pair.private_key, key_pair.public_key);
 }

@@ -240,13 +241,13 @@ void olm::aes_encrypt_cbc(
    std::uint8_t const * input, std::size_t input_length,
    std::uint8_t * output
 ) {
-    std::uint32_t key_schedule[60];
-    ::aes_key_setup(key.key, key_schedule, 256);
+    std::uint32_t key_schedule[AES_KEY_SCHEDULE_LENGTH];
+    ::aes_key_setup(key.key, key_schedule, AES_KEY_BITS);
    std::uint8_t input_block[AES_BLOCK_LENGTH];
    std::memcpy(input_block, iv.iv, AES_BLOCK_LENGTH);
    while (input_length >= AES_BLOCK_LENGTH) {
        xor_block<AES_BLOCK_LENGTH>(input_block, input);
-        ::aes_encrypt(input_block, output, key_schedule, 256);
+        ::aes_encrypt(input_block, output, key_schedule, AES_KEY_BITS);
        std::memcpy(input_block, output, AES_BLOCK_LENGTH);
        input += AES_BLOCK_LENGTH;
        output += AES_BLOCK_LENGTH;
@@ -259,7 +260,7 @@ void olm::aes_encrypt_cbc(
    for (; i < AES_BLOCK_LENGTH; ++i) {
        input_block[i] ^= AES_BLOCK_LENGTH - input_length;
    }
-    ::aes_encrypt(input_block, output, key_schedule, 256);
+    ::aes_encrypt(input_block, output, key_schedule, AES_KEY_BITS);
    olm::unset(key_schedule);
    olm::unset(input_block);
 }
@@ -271,14 +272,14 @@ std::size_t olm::aes_decrypt_cbc(
    std::uint8_t const * input, std::size_t input_length,
    std::uint8_t * output
 ) {
-    std::uint32_t key_schedule[60];
-    ::aes_key_setup(key.key, key_schedule, 256);
+    std::uint32_t key_schedule[AES_KEY_SCHEDULE_LENGTH];
+    ::aes_key_setup(key.key, key_schedule, AES_KEY_BITS);
    std::uint8_t block1[AES_BLOCK_LENGTH];
    std::uint8_t block2[AES_BLOCK_LENGTH];
    std::memcpy(block1, iv.iv, AES_BLOCK_LENGTH);
    for (std::size_t i = 0; i < input_length; i += AES_BLOCK_LENGTH) {
        std::memcpy(block2, &input[i], AES_BLOCK_LENGTH);
-        ::aes_decrypt(&input[i], &output[i], key_schedule, 256);
+        ::aes_decrypt(&input[i], &output[i], key_schedule, AES_KEY_BITS);
        xor_block<AES_BLOCK_LENGTH>(&output[i], block1);
        std::memcpy(block1, block2, AES_BLOCK_LENGTH);
    }
@@ -301,6 +302,7 @@ void olm::sha256(
    olm::unset(context);
 }

+
 void olm::hmac_sha256(
    std::uint8_t const * key, std::size_t key_length,
    std::uint8_t const * input, std::size_t input_length,
@@ -325,7 +327,7 @@ void olm::hkdf_sha256(
 ) {
    ::SHA256_CTX context;
    std::uint8_t hmac_key[SHA256_BLOCK_LENGTH];
-    std::uint8_t step_result[SHA256_HASH_LENGTH];
+    std::uint8_t step_result[olm::SHA256_OUTPUT_LENGTH];
    std::size_t bytes_remaining = output_length;
    std::uint8_t iteration = 1;
    if (!salt) {
@@ -337,20 +339,20 @@ void olm::hkdf_sha256(
    hmac_sha256_init(&context, hmac_key);
    ::sha256_update(&context, input, input_length);
    hmac_sha256_final(&context, hmac_key, step_result);
-    hmac_sha256_key(step_result, SHA256_HASH_LENGTH, hmac_key);
+    hmac_sha256_key(step_result, olm::SHA256_OUTPUT_LENGTH, hmac_key);

    /* Extract */
    hmac_sha256_init(&context, hmac_key);
    ::sha256_update(&context, info, info_length);
    ::sha256_update(&context, &iteration, 1);
    hmac_sha256_final(&context, hmac_key, step_result);
-    while (bytes_remaining > SHA256_HASH_LENGTH) {
-        std::memcpy(output, step_result, SHA256_HASH_LENGTH);
-        output += SHA256_HASH_LENGTH;
-        bytes_remaining -= SHA256_HASH_LENGTH;
+    while (bytes_remaining > olm::SHA256_OUTPUT_LENGTH) {
+        std::memcpy(output, step_result, olm::SHA256_OUTPUT_LENGTH);
+        output += olm::SHA256_OUTPUT_LENGTH;
+        bytes_remaining -= olm::SHA256_OUTPUT_LENGTH;
        iteration ++;
        hmac_sha256_init(&context, hmac_key);
-        ::sha256_update(&context, step_result, SHA256_HASH_LENGTH);
+        ::sha256_update(&context, step_result, olm::SHA256_OUTPUT_LENGTH);
        ::sha256_update(&context, info, info_length);
        ::sha256_update(&context, &iteration, 1);
        hmac_sha256_final(&context, hmac_key, step_result);

--- a/src/olm.cpp
+++ b/src/olm.cpp
@@ -520,8 +520,13 @@ size_t olm_create_outbound_session(
    void const * their_one_time_key, size_t their_one_time_key_length,
    void * random, size_t random_length
 ) {
-    if (olm::decode_base64_length(their_identity_key_length) != 32
-            || olm::decode_base64_length(their_one_time_key_length) != 32
+    std::uint8_t const * id_key = from_c(their_identity_key);
+    std::uint8_t const * ot_key = from_c(their_one_time_key);
+    std::size_t id_key_length = their_identity_key_length;
+    std::size_t ot_key_length = their_one_time_key_length;
+
+    if (olm::decode_base64_length(id_key_length) != olm::KEY_LENGTH
+            || olm::decode_base64_length(ot_key_length) != olm::KEY_LENGTH
    ) {
        from_c(session)->last_error = olm::ErrorCode::INVALID_BASE64;
        return std::size_t(-1);
@@ -529,14 +534,8 @@ size_t olm_create_outbound_session(
    olm::Curve25519PublicKey identity_key;
    olm::Curve25519PublicKey one_time_key;

-    olm::decode_base64(
-        from_c(their_identity_key), their_identity_key_length,
-        identity_key.public_key
-    );
-    olm::decode_base64(
-        from_c(their_one_time_key), their_one_time_key_length,
-        one_time_key.public_key
-    );
+    olm::decode_base64(id_key, id_key_length, identity_key.public_key);
+    olm::decode_base64(ot_key, ot_key_length, one_time_key.public_key);

    size_t result = from_c(session)->new_outbound_session(
        *from_c(account), identity_key, one_time_key,
@@ -570,15 +569,15 @@ size_t olm_create_inbound_session_from(
    void const * their_identity_key, size_t their_identity_key_length,
    void * one_time_key_message, size_t message_length
 ) {
-    if (olm::decode_base64_length(their_identity_key_length) != 32) {
+    std::uint8_t const * id_key = from_c(their_identity_key);
+    std::size_t id_key_length = their_identity_key_length;
+
+    if (olm::decode_base64_length(id_key_length) != olm::KEY_LENGTH) {
        from_c(session)->last_error = olm::ErrorCode::INVALID_BASE64;
        return std::size_t(-1);
    }
    olm::Curve25519PublicKey identity_key;
-    olm::decode_base64(
-        from_c(their_identity_key), their_identity_key_length,
-        identity_key.public_key
-    );
+    olm::decode_base64(id_key, id_key_length, identity_key.public_key);

    std::size_t raw_length = b64_input(
        from_c(one_time_key_message), message_length, from_c(session)->last_error
@@ -641,15 +640,15 @@ size_t olm_matches_inbound_session_from(
    void const * their_identity_key, size_t their_identity_key_length,
    void * one_time_key_message, size_t message_length
 ) {
-    if (olm::decode_base64_length(their_identity_key_length) != 32) {
+    std::uint8_t const * id_key = from_c(their_identity_key);
+    std::size_t id_key_length = their_identity_key_length;
+
+    if (olm::decode_base64_length(id_key_length) != olm::KEY_LENGTH) {
        from_c(session)->last_error = olm::ErrorCode::INVALID_BASE64;
        return std::size_t(-1);
    }
    olm::Curve25519PublicKey identity_key;
-    olm::decode_base64(
-        from_c(their_identity_key), their_identity_key_length,
-        identity_key.public_key
-    );
+    olm::decode_base64(id_key, id_key_length, identity_key.public_key);

    std::size_t raw_length = b64_input(
        from_c(one_time_key_message), message_length, from_c(session)->last_error
@@ -800,15 +799,12 @@ size_t olm_ed25519_verify(
    void const * message, size_t message_length,
    void * signature, size_t signature_length
 ) {
-    if (olm::decode_base64_length(key_length) != 32) {
+    if (olm::decode_base64_length(key_length) != olm::KEY_LENGTH) {
        from_c(utility)->last_error = olm::ErrorCode::INVALID_BASE64;
        return std::size_t(-1);
    }
    olm::Ed25519PublicKey verify_key;
-    olm::decode_base64(
-        from_c(key), key_length,
-        verify_key.public_key
-    );
+    olm::decode_base64(from_c(key), key_length, verify_key.public_key);
    std::size_t raw_signature_length = b64_input(
        from_c(signature), signature_length, from_c(utility)->last_error
    );
@@ -822,5 +818,4 @@ size_t olm_ed25519_verify(
    );
 }

-
 }
--- a/src/ratchet.cpp
+++ b/src/ratchet.cpp
@@ -23,11 +23,10 @@

 namespace {

-std::uint8_t PROTOCOL_VERSION = 3;
-std::size_t KEY_LENGTH = olm::Curve25519PublicKey::LENGTH;
-std::uint8_t MESSAGE_KEY_SEED[1] = {0x01};
-std::uint8_t CHAIN_KEY_SEED[1] = {0x02};
-std::size_t MAX_MESSAGE_GAP = 2000;
+static const std::uint8_t PROTOCOL_VERSION = 3;
+static const std::uint8_t MESSAGE_KEY_SEED[1] = {0x01};
+static const std::uint8_t CHAIN_KEY_SEED[1] = {0x02};
+static const std::size_t MAX_MESSAGE_GAP = 2000;

 static void create_chain_key(
    olm::SharedKey const & root_key,
@@ -39,15 +38,16 @@ static void create_chain_key(
 ) {
    olm::SharedKey secret;
    olm::curve25519_shared_secret(our_key, their_key, secret);
-    std::uint8_t derived_secrets[64];
+    std::uint8_t derived_secrets[2 * olm::KEY_LENGTH];
    olm::hkdf_sha256(
        secret, sizeof(secret),
        root_key, sizeof(root_key),
        info.ratchet_info, info.ratchet_info_length,
        derived_secrets, sizeof(derived_secrets)
    );
-    std::memcpy(new_root_key, derived_secrets, 32);
-    std::memcpy(new_chain_key.key, derived_secrets + 32, 32);
+    std::uint8_t const * pos = derived_secrets;
+    pos = olm::load_array(new_root_key, pos);
+    pos = olm::load_array(new_chain_key.key, pos);
    new_chain_key.index = 0;
    olm::unset(derived_secrets);
    olm::unset(secret);
@@ -148,9 +148,7 @@ static std::size_t verify_mac_and_decrypt_for_new_chain(
    if (reader.counter > MAX_MESSAGE_GAP) {
        return std::size_t(-1);
    }
-    std::memcpy(
-        new_chain.ratchet_key.public_key, reader.ratchet_key, KEY_LENGTH
-    );
+    olm::load_array(new_chain.ratchet_key.public_key, reader.ratchet_key);

    create_chain_key(
        session.root_key, session.sender_chain[0].ratchet_key,
@@ -183,7 +181,7 @@ void olm::Ratchet::initialise_as_bob(
    std::uint8_t const * shared_secret, std::size_t shared_secret_length,
    olm::Curve25519PublicKey const & their_ratchet_key
 ) {
-    std::uint8_t derived_secrets[64];
+    std::uint8_t derived_secrets[2 * olm::KEY_LENGTH];
    olm::hkdf_sha256(
        shared_secret, shared_secret_length,
        nullptr, 0,
@@ -192,8 +190,9 @@ void olm::Ratchet::initialise_as_bob(
    );
    receiver_chains.insert();
    receiver_chains[0].chain_key.index = 0;
-    std::memcpy(root_key, derived_secrets, 32);
-    std::memcpy(receiver_chains[0].chain_key.key, derived_secrets + 32, 32);
+    std::uint8_t const * pos = derived_secrets;
+    pos = olm::load_array(root_key, pos);
+    pos = olm::load_array(receiver_chains[0].chain_key.key, pos);
    receiver_chains[0].ratchet_key = their_ratchet_key;
    olm::unset(derived_secrets);
 }
@@ -203,7 +202,7 @@ void olm::Ratchet::initialise_as_alice(
    std::uint8_t const * shared_secret, std::size_t shared_secret_length,
    olm::Curve25519KeyPair const & our_ratchet_key
 ) {
-    std::uint8_t derived_secrets[64];
+    std::uint8_t derived_secrets[2 * olm::KEY_LENGTH];
    olm::hkdf_sha256(
        shared_secret, shared_secret_length,
        nullptr, 0,
@@ -212,8 +211,9 @@ void olm::Ratchet::initialise_as_alice(
    );
    sender_chain.insert();
    sender_chain[0].chain_key.index = 0;
-    std::memcpy(root_key, derived_secrets, 32);
-    std::memcpy(sender_chain[0].chain_key.key, derived_secrets + 32, 32);
+    std::uint8_t const * pos = derived_secrets;
+    pos = olm::load_array(root_key, pos);
+    pos = olm::load_array(sender_chain[0].chain_key.key, pos);
    sender_chain[0].ratchet_key = our_ratchet_key;
    olm::unset(derived_secrets);
 }
@@ -224,7 +224,7 @@ namespace olm {
 static std::size_t pickle_length(