Commit f0acf658 authored by Richard van der Hoff's avatar Richard van der Hoff
Browse files

Convert Ed25519 and Curve25519 functions to plain C

parent 2aad4cfa
......@@ -25,14 +25,14 @@ namespace olm {
struct IdentityKeys {
Ed25519KeyPair ed25519_key;
Curve25519KeyPair curve25519_key;
_olm_ed25519_key_pair ed25519_key;
_olm_curve25519_key_pair curve25519_key;
};
struct OneTimeKey {
std::uint32_t id;
bool published;
Curve25519KeyPair key;
_olm_curve25519_key_pair key;
};
......@@ -128,12 +128,12 @@ struct Account {
/** Lookup a one time key with the given public key */
OneTimeKey const * lookup_key(
Curve25519PublicKey const & public_key
_olm_curve25519_public_key const & public_key
);
/** Remove a one time key with the given public key */
std::size_t remove_key(
Curve25519PublicKey const & public_key
_olm_curve25519_public_key const & public_key
);
};
......
......@@ -57,9 +57,35 @@ extern "C" {
/** length of an aes256 initialisation vector */
#define AES256_IV_LENGTH 16
struct _olm_curve25519_public_key {
uint8_t public_key[CURVE25519_KEY_LENGTH];
};
/** Computes SHA-256 of the input. The output buffer must be a least 32
* bytes long. */
struct _olm_curve25519_private_key {
uint8_t private_key[CURVE25519_KEY_LENGTH];
};
struct _olm_curve25519_key_pair {
struct _olm_curve25519_public_key public_key;
struct _olm_curve25519_private_key private_key;
};
struct _olm_ed25519_public_key {
uint8_t public_key[ED25519_PUBLIC_KEY_LENGTH];
};
struct _olm_ed25519_private_key {
uint8_t private_key[ED25519_PRIVATE_KEY_LENGTH];
};
struct _olm_ed25519_key_pair {
struct _olm_ed25519_public_key public_key;
struct _olm_ed25519_private_key private_key;
};
/** Computes SHA-256 of the input. The output buffer must be a least
* SHA256_OUTPUT_LENGTH (32) bytes long. */
void _olm_crypto_sha256(
uint8_t const * input, size_t input_length,
uint8_t * output
......@@ -68,7 +94,7 @@ void _olm_crypto_sha256(
/** HMAC: Keyed-Hashing for Message Authentication
* http://tools.ietf.org/html/rfc2104
* Computes HMAC-SHA-256 of the input for the key. The output buffer must
* be at least 32 bytes long. */
* be at least SHA256_OUTPUT_LENGTH (32) bytes long. */
void _olm_crypto_hmac_sha256(
uint8_t const * key, size_t key_length,
uint8_t const * input, size_t input_length,
......@@ -87,6 +113,53 @@ void _olm_crypto_hkdf_sha256(
);
/** Generate a curve25519 key pair
* random_32_bytes should be CURVE25519_RANDOM_LENGTH (32) bytes long.
*/
void _olm_crypto_curve25519_generate_key(
uint8_t const * random_32_bytes,
struct _olm_curve25519_key_pair *output
);
/** Create a shared secret using our private key and their public key.
* The output buffer must be at least CURVE25519_SHARED_SECRET_LENGTH (32) bytes long.
*/
void _olm_crypto_curve25519_shared_secret(
const struct _olm_curve25519_key_pair *our_key,
const struct _olm_curve25519_public_key *their_key,
uint8_t * output
);
/** Generate an ed25519 key pair
* random_32_bytes should be ED25519_RANDOM_LENGTH (32) bytes long.
*/
void _olm_crypto_ed25519_generate_key(
uint8_t const * random_bytes,
struct _olm_ed25519_key_pair *output
);
/** Signs the message using our private key.
*
* The output buffer must be at least ED25519_SIGNATURE_LENGTH (64) bytes
* long. */
void _olm_crypto_ed25519_sign(
const struct _olm_ed25519_key_pair *our_key,
const uint8_t * message, size_t message_length,
uint8_t * output
);
/** Verify an ed25519 signature
* The signature input buffer must be ED25519_SIGNATURE_LENGTH (64) bytes long.
* Returns non-zero if the signature is valid. */
int _olm_crypto_ed25519_verify(
const struct _olm_ed25519_public_key *their_key,
const uint8_t * message, size_t message_length,
const uint8_t * signature
);
#ifdef __cplusplus
} // extern "C"
#endif
......
......@@ -25,67 +25,6 @@
namespace olm {
struct Curve25519PublicKey {
std::uint8_t public_key[CURVE25519_KEY_LENGTH];
};
struct Curve25519KeyPair : public Curve25519PublicKey {
std::uint8_t private_key[CURVE25519_KEY_LENGTH];
};
struct Ed25519PublicKey {
std::uint8_t public_key[ED25519_PUBLIC_KEY_LENGTH];
};
struct Ed25519KeyPair : public Ed25519PublicKey {
std::uint8_t private_key[ED25519_PRIVATE_KEY_LENGTH];
};
/** Generate a curve25519 key pair from 32 random bytes. */
void curve25519_generate_key(
std::uint8_t const * random_32_bytes,
Curve25519KeyPair & key_pair
);
/** Create a shared secret using our private key and their public key.
* The output buffer must be at least 32 bytes long. */
void curve25519_shared_secret(
Curve25519KeyPair const & our_key,
Curve25519PublicKey const & their_key,
std::uint8_t * output
);
/** Generate a curve25519 key pair from 32 random bytes. */
void ed25519_generate_key(
std::uint8_t const * random_32_bytes,
Ed25519KeyPair & key_pair
);
/** Signs the message using our private key.
* The output buffer must be at least 64 bytes long. */
void ed25519_sign(
Ed25519KeyPair const & our_key,
std::uint8_t const * message, std::size_t message_length,
std::uint8_t * output
);
/** Verify their message using their public key.
* The signature input buffer must be 64 bytes long.
* Returns true if the signature is valid. */
bool ed25519_verify(
Ed25519PublicKey const & their_key,
std::uint8_t const * message, std::size_t message_length,
std::uint8_t const * signature
);
struct Aes256Key {
std::uint8_t key[AES256_KEY_LENGTH];
......
......@@ -109,70 +109,70 @@ std::uint8_t const * unpickle_bytes(
std::size_t pickle_length(
const Curve25519PublicKey & value
const _olm_curve25519_public_key & value
);
std::uint8_t * pickle(
std::uint8_t * pos,
const Curve25519PublicKey & value
const _olm_curve25519_public_key & value
);
std::uint8_t const * unpickle(
std::uint8_t const * pos, std::uint8_t const * end,
Curve25519PublicKey & value
_olm_curve25519_public_key & value
);
std::size_t pickle_length(
const Curve25519KeyPair & value
const _olm_curve25519_key_pair & value
);
std::uint8_t * pickle(
std::uint8_t * pos,
const Curve25519KeyPair & value
const _olm_curve25519_key_pair & value
);
std::uint8_t const * unpickle(
std::uint8_t const * pos, std::uint8_t const * end,
Curve25519KeyPair & value
_olm_curve25519_key_pair & value
);
std::size_t pickle_length(
const Ed25519PublicKey & value
const _olm_ed25519_public_key & value
);
std::uint8_t * pickle(
std::uint8_t * pos,
const Ed25519PublicKey & value
const _olm_ed25519_public_key & value
);
std::uint8_t const * unpickle(
std::uint8_t const * pos, std::uint8_t const * end,
Ed25519PublicKey & value
_olm_ed25519_public_key & value
);
std::size_t pickle_length(
const Ed25519KeyPair & value
const _olm_ed25519_key_pair & value
);
std::uint8_t * pickle(
std::uint8_t * pos,
const Ed25519KeyPair & value
const _olm_ed25519_key_pair & value
);
std::uint8_t const * unpickle(
std::uint8_t const * pos, std::uint8_t const * end,
Ed25519KeyPair & value
_olm_ed25519_key_pair & value
);
} // namespace olm
......
......@@ -41,19 +41,19 @@ struct MessageKey {
struct SenderChain {
Curve25519KeyPair ratchet_key;
_olm_curve25519_key_pair ratchet_key;
ChainKey chain_key;
};
struct ReceiverChain {
Curve25519PublicKey ratchet_key;
_olm_curve25519_public_key ratchet_key;
ChainKey chain_key;
};
struct SkippedMessageKey {
Curve25519PublicKey ratchet_key;
_olm_curve25519_public_key ratchet_key;
MessageKey message_key;
};
......@@ -108,14 +108,14 @@ struct Ratchet {
* remote's first ratchet key */
void initialise_as_bob(
std::uint8_t const * shared_secret, std::size_t shared_secret_length,
Curve25519PublicKey const & their_ratchet_key
_olm_curve25519_public_key const & their_ratchet_key
);
/** Initialise the session using a shared secret and the public/private key
* pair for the first ratchet key */
void initialise_as_alice(
std::uint8_t const * shared_secret, std::size_t shared_secret_length,
Curve25519KeyPair const & our_ratchet_key
_olm_curve25519_key_pair const & our_ratchet_key
);
/** The number of bytes of output the encrypt method will write for
......
......@@ -35,9 +35,9 @@ struct Session {
bool received_message;
Curve25519PublicKey alice_identity_key;
Curve25519PublicKey alice_base_key;
Curve25519PublicKey bob_one_time_key;
_olm_curve25519_public_key alice_identity_key;
_olm_curve25519_public_key alice_base_key;
_olm_curve25519_public_key bob_one_time_key;
/** The number of random bytes that are needed to create a new outbound
* session. This will be 64 bytes since two ephemeral keys are needed. */
......@@ -48,8 +48,8 @@ struct Session {
* NOT_ENOUGH_RANDOM if the number of random bytes was too small. */
std::size_t new_outbound_session(
Account const & local_account,
Curve25519PublicKey const & identity_key,
Curve25519PublicKey const & one_time_key,
_olm_curve25519_public_key const & identity_key,
_olm_curve25519_public_key const & one_time_key,
std::uint8_t const * random, std::size_t random_length
);
......@@ -59,7 +59,7 @@ struct Session {
* the message headers could not be decoded. */
std::size_t new_inbound_session(
Account & local_account,
Curve25519PublicKey const * their_identity_key,
_olm_curve25519_public_key const * their_identity_key,
std::uint8_t const * pre_key_message, std::size_t message_length
);
......@@ -82,7 +82,7 @@ struct Session {
* session does not match or the pre-key message could not be decoded.
*/
bool matches_inbound_session(
Curve25519PublicKey const * their_identity_key,
_olm_curve25519_public_key const * their_identity_key,
std::uint8_t const * pre_key_message, std::size_t message_length
);
......
......@@ -21,9 +21,9 @@
#include <cstddef>
#include <cstdint>
namespace olm {
struct _olm_ed25519_public_key;
struct Ed25519PublicKey;
namespace olm {
struct Utility {
......@@ -48,7 +48,7 @@ struct Utility {
* last_error will be set with an error code. If the signature was too short
* or was not a valid signature then last_error will be BAD_MESSAGE_MAC. */
std::size_t ed25519_verify(
Ed25519PublicKey const & key,
_olm_ed25519_public_key const & key,
std::uint8_t const * message, std::size_t message_length,
std::uint8_t const * signature, std::size_t signature_length
);
......
......@@ -24,10 +24,10 @@ olm::Account::Account(
olm::OneTimeKey const * olm::Account::lookup_key(
olm::Curve25519PublicKey const & public_key
_olm_curve25519_public_key const & public_key
) {
for (olm::OneTimeKey const & key : one_time_keys) {
if (olm::array_equal(key.key.public_key, public_key.public_key)) {
if (olm::array_equal(key.key.public_key.public_key, public_key.public_key)) {
return &key;
}
}
......@@ -35,11 +35,11 @@ olm::OneTimeKey const * olm::Account::lookup_key(
}
std::size_t olm::Account::remove_key(
olm::Curve25519PublicKey const & public_key
_olm_curve25519_public_key const & public_key
) {
OneTimeKey * i;
for (i = one_time_keys.begin(); i != one_time_keys.end(); ++i) {
if (olm::array_equal(i->key.public_key, public_key.public_key)) {
if (olm::array_equal(i->key.public_key.public_key, public_key.public_key)) {
std::uint32_t id = i->id;
one_time_keys.erase(i);
return id;
......@@ -60,9 +60,9 @@ std::size_t olm::Account::new_account(
return std::size_t(-1);
}
olm::ed25519_generate_key(random, identity_keys.ed25519_key);
_olm_crypto_ed25519_generate_key(random, &identity_keys.ed25519_key);
random += ED25519_RANDOM_LENGTH;
olm::curve25519_generate_key(random, identity_keys.curve25519_key);
_olm_crypto_curve25519_generate_key(random, &identity_keys.curve25519_key);
return 0;
}
......@@ -118,16 +118,16 @@ std::size_t olm::Account::get_identity_json(
pos = write_string(pos, KEY_JSON_CURVE25519);
*(pos++) = '\"';
pos = olm::encode_base64(
identity_keys.curve25519_key.public_key,
sizeof(identity_keys.curve25519_key.public_key),
identity_keys.curve25519_key.public_key.public_key,
sizeof(identity_keys.curve25519_key.public_key.public_key),
pos
);
*(pos++) = '\"'; *(pos++) = ',';
pos = write_string(pos, KEY_JSON_ED25519);
*(pos++) = '\"';
pos = olm::encode_base64(
identity_keys.ed25519_key.public_key,
sizeof(identity_keys.ed25519_key.public_key),
identity_keys.ed25519_key.public_key.public_key,
sizeof(identity_keys.ed25519_key.public_key.public_key),
pos
);
*(pos++) = '\"'; *(pos++) = '}';
......@@ -149,8 +149,8 @@ std::size_t olm::Account::sign(
last_error = OlmErrorCode::OLM_OUTPUT_BUFFER_TOO_SMALL;
return std::size_t(-1);
}
olm::ed25519_sign(
identity_keys.ed25519_key, message, message_length, signature
_olm_crypto_ed25519_sign(
&identity_keys.ed25519_key, message, message_length, signature
);
return this->signature_length();
}
......@@ -202,7 +202,7 @@ std::size_t olm::Account::get_one_time_keys_json(
pos = olm::encode_base64(key_id, sizeof(key_id), pos);
*(pos++) = '\"'; *(pos++) = ':'; *(pos++) = '\"';
pos = olm::encode_base64(
key.key.public_key, sizeof(key.key.public_key), pos
key.key.public_key.public_key, sizeof(key.key.public_key.public_key), pos
);
*(pos++) = '\"';
sep = ',';
......@@ -253,7 +253,7 @@ std::size_t olm::Account::generate_one_time_keys(
OneTimeKey & key = *one_time_keys.insert(one_time_keys.begin());
key.id = ++next_one_time_key_id;
key.published = false;
olm::curve25519_generate_key(random, key.key);
_olm_crypto_curve25519_generate_key(random, &key.key);
random += CURVE25519_RANDOM_LENGTH;
}
return number_of_keys;
......
......@@ -100,59 +100,65 @@ inline static void hmac_sha256_final(
} // namespace
void olm::curve25519_generate_key(
std::uint8_t const * random_32_bytes,
olm::Curve25519KeyPair & key_pair
void _olm_crypto_curve25519_generate_key(
uint8_t const * random_32_bytes,
struct _olm_curve25519_key_pair *key_pair
) {
std::memcpy(key_pair.private_key, random_32_bytes, CURVE25519_KEY_LENGTH);
std::memcpy(
key_pair->private_key.private_key, random_32_bytes,
CURVE25519_KEY_LENGTH
);
::curve25519_donna(
key_pair.public_key, key_pair.private_key, CURVE25519_BASEPOINT
key_pair->public_key.public_key,
key_pair->private_key.private_key,
CURVE25519_BASEPOINT
);
}
void olm::curve25519_shared_secret(
olm::Curve25519KeyPair const & our_key,
olm::Curve25519PublicKey const & their_key,
void _olm_crypto_curve25519_shared_secret(
const struct _olm_curve25519_key_pair *our_key,
const struct _olm_curve25519_public_key * their_key,
std::uint8_t * output
) {
::curve25519_donna(output, our_key.private_key, their_key.public_key);
::curve25519_donna(output, our_key->private_key.private_key, their_key->public_key);
}
void olm::ed25519_generate_key(
void _olm_crypto_ed25519_generate_key(
std::uint8_t const * random_32_bytes,
olm::Ed25519KeyPair & key_pair
struct _olm_ed25519_key_pair *key_pair
) {
::ed25519_create_keypair(
key_pair.public_key, key_pair.private_key,
key_pair->public_key.public_key, key_pair->private_key.private_key,
random_32_bytes
);
}
void olm::ed25519_sign(
olm::Ed25519KeyPair const & our_key,
void _olm_crypto_ed25519_sign(
const struct _olm_ed25519_key_pair *our_key,
std::uint8_t const * message, std::size_t message_length,
std::uint8_t * output
) {
::ed25519_sign(
output,
message, message_length,
our_key.public_key, our_key.private_key
our_key->public_key.public_key,
our_key->private_key.private_key
);
}
bool olm::ed25519_verify(
olm::Ed25519PublicKey const & their_key,
int _olm_crypto_ed25519_verify(
const struct _olm_ed25519_public_key *their_key,
std::uint8_t const * message, std::size_t message_length,
std::uint8_t const * signature
) {
return 0 != ::ed25519_verify(
signature,
message, message_length,
their_key.public_key
their_key->public_key
);
}
......
......@@ -442,8 +442,8 @@ size_t olm_create_outbound_session(
from_c(session)->last_error = OlmErrorCode::OLM_INVALID_BASE64;
return std::size_t(-1);
}
olm::Curve25519PublicKey identity_key;
olm::Curve25519PublicKey one_time_key;
_olm_curve25519_public_key identity_key;
_olm_curve25519_public_key one_time_key;
olm::decode_base64(id_key, id_key_length, identity_key.public_key);
olm::decode_base64(ot_key, ot_key_length, one_time_key.public_key);
......@@ -487,7 +487,7 @@ size_t olm_create_inbound_session_from(
from_c(session)->last_error = OlmErrorCode::OLM_INVALID_BASE64;
return std::size_t(-1);
}
olm::Curve25519PublicKey identity_key;
_olm_curve25519_public_key identity_key;
olm::decode_base64(id_key, id_key_length, identity_key.public_key);
std::size_t raw_length = b64_input(
......@@ -564,7 +564,7 @@ size_t olm_matches_inbound_session_from(
from_c(session)->last_error = OlmErrorCode::OLM_INVALID_BASE64;
return std::size_t(-1);
}
olm::Curve25519PublicKey identity_key;
_olm_curve25519_public_key identity_key;
olm::decode_base64(id_key, id_key_length, identity_key.public_key);
std::size_t raw_length = b64_input(
......@@ -720,7 +720,7 @@ size_t olm_ed25519_verify(
from_c(utility)->last_error = OlmErrorCode::OLM_INVALID_BASE64;
return std::size_t(-1);
}
olm::Ed25519PublicKey verify_key;
_olm_ed25519_public_key verify_key;
olm::decode_base64(from_c(key), key_length, verify_key.public_key);
std::size_t raw_signature_length = b64_input(
from_c(signature), signature_length, from_c(utility)->last_error
......
......@@ -71,7 +71,7 @@ std::uint8_t const * olm::unpickle_bytes(
std::size_t olm::pickle_length(
const olm::Curve25519PublicKey & value
const _olm_curve25519_public_key & value
) {
return sizeof(value.public_key);
}
......@@ -79,7 +79,7 @@ std::size_t olm::pickle_length(
std::uint8_t * olm::pickle(
std::uint8_t * pos,
const olm::Curve25519PublicKey & value
const _olm_curve25519_public_key & value
) {
pos = olm::pickle_bytes(
pos, value.public_key, sizeof(value.public_key)
......@@ -90,7 +90,7 @@ std::uint8_t * olm::pickle(
std::uint8_t const * olm::unpickle(
std::uint8_t const * pos, std::uint8_t const * end,
olm::Curve25519PublicKey & value
_olm_curve25519_public_key & value
) {
pos = olm::unpickle_bytes(