Commit ded55f50 authored by Hubert Chathi's avatar Hubert Chathi
Browse files

initial implementation of short authentication string generation

parent ec2695b9
......@@ -34,7 +34,7 @@ JS_EXPORTED_FUNCTIONS := javascript/exported_functions.json
JS_EXTRA_EXPORTED_RUNTIME_METHODS := ALLOC_STACK
JS_EXTERNS := javascript/externs.js
PUBLIC_HEADERS := include/olm/olm.h include/olm/outbound_group_session.h include/olm/inbound_group_session.h include/olm/pk.h
PUBLIC_HEADERS := include/olm/olm.h include/olm/outbound_group_session.h include/olm/inbound_group_session.h include/olm/pk.h include/olm/sas.h
SOURCES := $(wildcard src/*.cpp) $(wildcard src/*.c) \
lib/crypto-algorithms/sha256.c \
......@@ -60,6 +60,7 @@ JS_PRE := $(wildcard javascript/*pre.js)
JS_POST := javascript/olm_outbound_group_session.js \
javascript/olm_inbound_group_session.js \
javascript/olm_pk.js \
javascript/olm_sas.js \
javascript/olm_post.js
# The prefix & suffix are just added onto the start & end
......
/* Copyright 2018 New Vector Ltd
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef OLM_SAS_H_
#define OLM_SAS_H_
#include <stddef.h>
#ifdef __cplusplus
extern "C" {
#endif
typedef struct OlmSAS OlmSAS;
const char * olm_sas_last_error(
OlmSAS * sas
);
size_t olm_sas_size(void);
OlmSAS * olm_sas(
void * memory
);
size_t olm_clear_sas(
OlmSAS * sas
);
size_t olm_create_sas_random_length(
OlmSAS * sas
);
size_t olm_create_sas(
OlmSAS * sas,
void * random, size_t random_length
);
size_t olm_sas_pubkey_length(OlmSAS * sas);
size_t olm_sas_get_pubkey(
OlmSAS * sas,
void * pubkey, size_t pubkey_length
);
size_t olm_sas_set_their_key(
OlmSAS *sas,
void * their_key, size_t their_key_length
);
size_t olm_sas_generate_bytes(
OlmSAS * sas,
void * output, size_t output_length
);
size_t olm_sas_mac_length(
OlmSAS *sas
);
size_t olm_sas_calculate_mac(
OlmSAS * sas,
void * input, size_t input_length,
void * mac, size_t mac_length
);
#ifdef __cplusplus
} // extern "C"
#endif
#endif /* OLM_SAS_H_ */
......@@ -534,6 +534,7 @@ olm_exports["Session"] = Session;
olm_exports["Utility"] = Utility;
olm_exports["PkEncryption"] = PkEncryption;
olm_exports["PkDecryption"] = PkDecryption;
olm_exports["SAS"] = SAS;
olm_exports["get_library_version"] = restore_stack(function() {
var buf = stack(3);
......
function SAS() {
var size = Module['_olm_sas_size']();
var random_length = Module['_olm_create_sas_random_length']();
var random = random_stack(random_length);
this.buf = malloc(size);
this.ptr = Module['_olm_sas'](this.buf);
Module['_olm_create_sas'](this.ptr, random, random_length);
bzero(random, random_length);
}
function sas_method(wrapped) {
return function() {
var result = wrapped.apply(this, arguments);
if (result === OLM_ERROR) {
var message = Pointer_stringify(
Module['_olm_sas_last_error'](arguments[0])
);
throw new Error("OLM." + message);
}
return result;
}
}
SAS.prototype['free'] = function() {
Module['_olm_clear_sas'](this.ptr);
free(this.ptr);
};
SAS.prototype['get_pubkey'] = restore_stack(function() {
var pubkey_length = sas_method(Module['_olm_sas_pubkey_length'])(this.ptr);
var pubkey_buffer = stack(pubkey_length + NULL_BYTE_PADDING_LENGTH);
sas_method(Module['_olm_sas_get_pubkey'])(this.ptr, pubkey_buffer, pubkey_length);
return Pointer_stringify(pubkey_buffer);
});
SAS.prototype['set_their_key'] = restore_stack(function(their_key) {
var their_key_array = array_from_string(their_key);
var their_key_buffer = stack(their_key_array);
sas_method(Module['_olm_sas_set_their_key'])(
this.ptr,
their_key_buffer, their_key_array.length
);
});
SAS.prototype['generate_bytes'] = restore_stack(function(length) {
var output_buffer = stack(length);
sas_method(Module['_olm_sas_generate_bytes'])(
this.ptr,
output_buffer, length
);
// The inner Uint8Array creates a view of the buffer. The outer Uint8Array
// copies it to a new array to return, since the original buffer will get
// deallocated from the stack and could get overwritten.
var output_arr = new Uint8Array(
new Uint8Array(Module['HEAPU8'].buffer, output_buffer, length)
);
return output_arr;
});
SAS.prototype['calculate_mac'] = restore_stack(function(input) {
var input_array = array_from_string(input);
var input_buffer = stack(input_array)
var mac_length = sas_method(Module['_olm_sas_mac_length'])(this.ptr);
var mac_buffer = stack(mac_length + NULL_BYTE_PADDING_LENGTH);
sas_method(Module['_olm_sas_calculate_mac'])(
this.ptr,
input_buffer, input_array.length,
mac_buffer, mac_length
);
return Pointer_stringify(mac_buffer);
});
/*
Copyright 2018 New Vector Ltd
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
var Olm = require('../olm');
describe("sas", function() {
var alice, bob;
beforeEach(async function(done) {
Olm.init().then(function() {
alice = new Olm.SAS();
bob = new Olm.SAS();
done();
});
});
afterEach(function () {
if (alice !== undefined) {
alice.free();
alice = undefined;
}
if (bob !== undefined) {
bob.free();
bob = undefined;
}
});
it('should create matching SAS bytes', function () {
alice.set_their_key(bob.get_pubkey());
bob.set_their_key(alice.get_pubkey());
expect(alice.generate_bytes(5).toString()).toEqual(bob.generate_bytes(5).toString());
});
it('should create matching MACs', function () {
alice.set_their_key(bob.get_pubkey());
bob.set_their_key(alice.get_pubkey());
expect(alice.calculate_mac("test").toString()).toEqual(bob.calculate_mac("test").toString());
});
});
/* Copyright 2018 New Vector Ltd
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "olm/sas.h"
#include "olm/base64.h"
#include "olm/crypto.h"
#include "olm/error.h"
#include "olm/memory.h"
struct OlmSAS {
enum OlmErrorCode last_error;
struct _olm_curve25519_key_pair curve25519_key;
uint8_t secret[CURVE25519_SHARED_SECRET_LENGTH];
};
const char * olm_sas_last_error(
OlmSAS * sas
) {
return _olm_error_to_string(sas->last_error);
}
size_t olm_sas_size(void) {
return sizeof(OlmSAS);
}
OlmSAS * olm_sas(
void * memory
) {
_olm_unset(memory, sizeof(OlmSAS));
return (OlmSAS *) memory;
}
size_t olm_clear_sas(
OlmSAS * sas
) {
_olm_unset(sas, sizeof(OlmSAS));
return sizeof(OlmSAS);
}
size_t olm_create_sas_random_length(OlmSAS * sas) {
return CURVE25519_KEY_LENGTH;
}
size_t olm_create_sas(
OlmSAS * sas,
void * random, size_t random_length
) {
if (random_length < olm_create_sas_random_length(sas)) {
sas->last_error = OLM_NOT_ENOUGH_RANDOM;
return (size_t)-1;
}
_olm_crypto_curve25519_generate_key((uint8_t *) random, &sas->curve25519_key);
return 0;
}
size_t olm_sas_pubkey_length(OlmSAS * sas) {
return _olm_encode_base64_length(CURVE25519_KEY_LENGTH);
}
size_t olm_sas_get_pubkey(
OlmSAS * sas,
void * pubkey, size_t pubkey_length
) {
if (pubkey_length < olm_sas_pubkey_length(sas)) {
sas->last_error = OLM_OUTPUT_BUFFER_TOO_SMALL;
return (size_t)-1;
}
_olm_encode_base64(
(const uint8_t *)sas->curve25519_key.public_key.public_key,
CURVE25519_KEY_LENGTH,
(uint8_t *)pubkey
);
return 0;
}
size_t olm_sas_set_their_key(
OlmSAS *sas,
void * their_key, size_t their_key_length
) {
if (their_key_length < olm_sas_pubkey_length(sas)) {
sas->last_error = OLM_INPUT_BUFFER_TOO_SMALL;
return (size_t)-1;
}
_olm_decode_base64(their_key, their_key_length, their_key);
_olm_crypto_curve25519_shared_secret(&sas->curve25519_key, their_key, sas->secret);
return 0;
}
size_t olm_sas_generate_bytes(
OlmSAS * sas,
void * output, size_t output_length
) {
_olm_crypto_hkdf_sha256(
sas->secret, sizeof(sas->secret),
NULL, 0,
(const uint8_t *) "SAS", 3,
output, output_length
);
return 0;
}
size_t olm_sas_mac_length(
OlmSAS *sas
) {
return _olm_encode_base64_length(SHA256_OUTPUT_LENGTH);
}
size_t olm_sas_calculate_mac(
OlmSAS * sas,
void * input, size_t input_length,
void * mac, size_t mac_length
) {
if (mac_length < olm_sas_mac_length(sas)) {
sas->last_error = OLM_OUTPUT_BUFFER_TOO_SMALL;
return (size_t)-1;
}
// FIXME: base64-decode input?
uint8_t key[256];
_olm_crypto_hkdf_sha256(
sas->secret, sizeof(sas->secret),
NULL, 0,
(const uint8_t *) "MAC", 3,
key, 256
);
_olm_crypto_hmac_sha256(key, 256, input, input_length, mac);
_olm_encode_base64((const uint8_t *)mac, SHA256_OUTPUT_LENGTH, (uint8_t *)mac);
return 0;
}
#include "olm/sas.h"
#include "olm/crypto.h"
#include "olm/olm.h"
#include "unittest.hh"
#include <iostream>
int main() {
{ /* Generate bytes */
TestCase test_case("SAS generate bytes");
std::uint8_t alice_private[32] = {
0x77, 0x07, 0x6D, 0x0A, 0x73, 0x18, 0xA5, 0x7D,
0x3C, 0x16, 0xC1, 0x72, 0x51, 0xB2, 0x66, 0x45,
0xDF, 0x4C, 0x2F, 0x87, 0xEB, 0xC0, 0x99, 0x2A,
0xB1, 0x77, 0xFB, 0xA5, 0x1D, 0xB9, 0x2C, 0x2A
};
const std::uint8_t *alice_public = (std::uint8_t *) "hSDwCYkwp1R0i33ctD73Wg2/Og0mOBr066SpjqqbTmo";
std::uint8_t bob_private[32] = {
0x5D, 0xAB, 0x08, 0x7E, 0x62, 0x4A, 0x8A, 0x4B,
0x79, 0xE1, 0x7F, 0x8B, 0x83, 0x80, 0x0E, 0xE6,
0x6F, 0x3B, 0xB1, 0x29, 0x26, 0x18, 0xB6, 0xFD,
0x1C, 0x2F, 0x8B, 0x27, 0xFF, 0x88, 0xE0, 0xEB
};
const std::uint8_t *bob_public = (std::uint8_t *) "3p7bfXt9wbTTW2HC7OQ1Nz+DQ8hbeGdNrfx+FG+IK08";
std::uint8_t alice_sas_buffer[olm_sas_size()];
OlmSAS *alice_sas = olm_sas(alice_sas_buffer);
olm_create_sas(alice_sas, alice_private, sizeof(alice_private));
std::uint8_t bob_sas_buffer[olm_sas_size()];
OlmSAS *bob_sas = olm_sas(bob_sas_buffer);
olm_create_sas(bob_sas, bob_private, sizeof(bob_private));
std::uint8_t pubkey[::olm_sas_pubkey_length(alice_sas)];
olm_sas_get_pubkey(alice_sas, pubkey, sizeof(pubkey));
assert_equals(alice_public, pubkey, olm_sas_pubkey_length(alice_sas));
olm_sas_set_their_key(bob_sas, pubkey, olm_sas_pubkey_length(bob_sas));
olm_sas_get_pubkey(bob_sas, pubkey, sizeof(pubkey));
assert_equals(bob_public, pubkey, olm_sas_pubkey_length(bob_sas));
olm_sas_set_their_key(alice_sas, pubkey, olm_sas_pubkey_length(alice_sas));
std::uint8_t alice_bytes[6];
std::uint8_t bob_bytes[6];
olm_sas_generate_bytes(alice_sas, alice_bytes, 6);
olm_sas_generate_bytes(bob_sas, bob_bytes, 6);
assert_equals(alice_bytes, bob_bytes, 6);
}
{ /* Calculate MAC */
TestCase test_case("SAS calculate MAC");
std::uint8_t alice_private[32] = {
0x77, 0x07, 0x6D, 0x0A, 0x73, 0x18, 0xA5, 0x7D,
0x3C, 0x16, 0xC1, 0x72, 0x51, 0xB2, 0x66, 0x45,
0xDF, 0x4C, 0x2F, 0x87, 0xEB, 0xC0, 0x99, 0x2A,
0xB1, 0x77, 0xFB, 0xA5, 0x1D, 0xB9, 0x2C, 0x2A
};
const std::uint8_t *alice_public = (std::uint8_t *) "hSDwCYkwp1R0i33ctD73Wg2/Og0mOBr066SpjqqbTmo";
std::uint8_t bob_private[32] = {
0x5D, 0xAB, 0x08, 0x7E, 0x62, 0x4A, 0x8A, 0x4B,
0x79, 0xE1, 0x7F, 0x8B, 0x83, 0x80, 0x0E, 0xE6,
0x6F, 0x3B, 0xB1, 0x29, 0x26, 0x18, 0xB6, 0xFD,
0x1C, 0x2F, 0x8B, 0x27, 0xFF, 0x88, 0xE0, 0xEB
};
const std::uint8_t *bob_public = (std::uint8_t *) "3p7bfXt9wbTTW2HC7OQ1Nz+DQ8hbeGdNrfx+FG+IK08";
std::uint8_t alice_sas_buffer[olm_sas_size()];
OlmSAS *alice_sas = olm_sas(alice_sas_buffer);
olm_create_sas(alice_sas, alice_private, sizeof(alice_private));
std::uint8_t bob_sas_buffer[olm_sas_size()];
OlmSAS *bob_sas = olm_sas(bob_sas_buffer);
olm_create_sas(bob_sas, bob_private, sizeof(bob_private));
std::uint8_t pubkey[::olm_sas_pubkey_length(alice_sas)];
olm_sas_get_pubkey(alice_sas, pubkey, sizeof(pubkey));
assert_equals(alice_public, pubkey, olm_sas_pubkey_length(alice_sas));
olm_sas_set_their_key(bob_sas, pubkey, olm_sas_pubkey_length(bob_sas));
olm_sas_get_pubkey(bob_sas, pubkey, sizeof(pubkey));
assert_equals(bob_public, pubkey, olm_sas_pubkey_length(bob_sas));
olm_sas_set_their_key(alice_sas, pubkey, olm_sas_pubkey_length(alice_sas));
std::uint8_t alice_mac[olm_sas_mac_length(alice_sas)];
std::uint8_t bob_mac[olm_sas_mac_length(bob_sas)];
olm_sas_calculate_mac(alice_sas, (void *) "Hello world!", 12, alice_mac, olm_sas_mac_length(alice_sas));
olm_sas_calculate_mac(bob_sas, (void *) "Hello world!", 12, bob_mac, olm_sas_mac_length(bob_sas));
assert_equals(alice_mac, bob_mac, olm_sas_mac_length(alice_sas));
}
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment