add support for an incorrect KDF that snuck into Riot 1.0

3148157e · Hubert Chathi · d5c0eb9d · 3148157e · 3148157e · 3148157e
Commit 3148157e authored Apr 02, 2019 by Hubert Chathi
Hide whitespace changes
Inline Side-by-side

Showing with 47 additions and 0 deletions

sas.h include/olm/sas.h +8 -0

olm_sas.js javascript/olm_sas.js +16 -0

sas.c src/sas.c +23 -0

No files found.
--- a/include/olm/sas.h
+++ b/include/olm/sas.h
@@ -147,6 +147,14 @@ size_t olm_sas_calculate_mac(
    void * mac, size_t mac_length
 );

+// for compatibility with an old version of Riot
+size_t olm_sas_calculate_mac_long_kdf(
+    OlmSAS * sas,
+    void * input, size_t input_length,
+    const void * info, size_t info_length,
+    void * mac, size_t mac_length
+);
+
 /** @} */ // end of SAS group

 #ifdef __cplusplus

--- a/javascript/olm_sas.js
+++ b/javascript/olm_sas.js
@@ -75,3 +75,19 @@ SAS.prototype['calculate_mac'] = restore_stack(function(input, info) {
    );
    return Pointer_stringify(mac_buffer);
 });
+
+SAS.prototype['calculate_mac_long_kdf'] = restore_stack(function(input, info) {
+    var input_array = array_from_string(input);
+    var input_buffer = stack(input_array);
+    var info_array = array_from_string(info);
+    var info_buffer = stack(info_array);
+    var mac_length = sas_method(Module['_olm_sas_mac_length'])(this.ptr);
+    var mac_buffer = stack(mac_length + NULL_BYTE_PADDING_LENGTH);
+    sas_method(Module['_olm_sas_calculate_mac_long_kdf'])(
+        this.ptr,
+        input_buffer, input_array.length,
+        info_buffer, info_array.length,
+        mac_buffer, mac_length
+    );
+    return Pointer_stringify(mac_buffer);
+});
--- a/src/sas.c
+++ b/src/sas.c
@@ -139,3 +139,26 @@ size_t olm_sas_calculate_mac(
    _olm_encode_base64((const uint8_t *)mac, SHA256_OUTPUT_LENGTH, (uint8_t *)mac);
    return 0;
 }
+
+// for compatibility with an old version of Riot
+size_t olm_sas_calculate_mac_long_kdf(
+    OlmSAS * sas,
+    void * input, size_t input_length,
+    const void * info, size_t info_length,
+    void * mac, size_t mac_length
+) {
+    if (mac_length < olm_sas_mac_length(sas)) {
+        sas->last_error = OLM_OUTPUT_BUFFER_TOO_SMALL;
+        return (size_t)-1;
+    }
+    uint8_t key[256];
+    _olm_crypto_hkdf_sha256(
+        sas->secret, sizeof(sas->secret),
+        NULL, 0,
+        (const uint8_t *) info, info_length,
+        key, 256
+    );
+    _olm_crypto_hmac_sha256(key, 256, input, input_length, mac);
+    _olm_encode_base64((const uint8_t *)mac, SHA256_OUTPUT_LENGTH, (uint8_t *)mac);
+    return 0;
+}