Unverified Commit 94f664e7 authored by Hubert Chathi's avatar Hubert Chathi Committed by GitHub

initial implementation of short authentication string generation

parent ec2695b9
......@@ -34,7 +34,7 @@ JS_EXPORTED_FUNCTIONS := javascript/exported_functions.json
JS_EXTRA_EXPORTED_RUNTIME_METHODS := ALLOC_STACK
JS_EXTERNS := javascript/externs.js
PUBLIC_HEADERS := include/olm/olm.h include/olm/outbound_group_session.h include/olm/inbound_group_session.h include/olm/pk.h
PUBLIC_HEADERS := include/olm/olm.h include/olm/outbound_group_session.h include/olm/inbound_group_session.h include/olm/pk.h include/olm/sas.h
SOURCES := $(wildcard src/*.cpp) $(wildcard src/*.c) \
lib/crypto-algorithms/sha256.c \
......@@ -60,6 +60,7 @@ JS_PRE := $(wildcard javascript/*pre.js)
JS_POST := javascript/olm_outbound_group_session.js \
javascript/olm_inbound_group_session.js \
javascript/olm_pk.js \
javascript/olm_sas.js \
javascript/olm_post.js
# The prefix & suffix are just added onto the start & end
......
/* Copyright 2018-2019 New Vector Ltd
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef OLM_SAS_H_
#define OLM_SAS_H_
#include <stddef.h>
#ifdef __cplusplus
extern "C" {
#endif
/** @defgroup SAS Short Authentication String verification
* These functions are used for verifying keys using the Short Authentication
* String (SAS) method.
* @{
*/
typedef struct OlmSAS OlmSAS;
/** A null terminated string describing the most recent error to happen to an
* SAS object. */
const char * olm_sas_last_error(
OlmSAS * sas
);
/** The size of an SAS object in bytes. */
size_t olm_sas_size(void);
/** Initialize an SAS object using the supplied memory.
* The supplied memory must be at least `olm_sas_size()` bytes. */
OlmSAS * olm_sas(
void * memory
);
/** Clears the memory used to back an SAS object. */
size_t olm_clear_sas(
OlmSAS * sas
);
/** The number of random bytes needed to create an SAS object. */
size_t olm_create_sas_random_length(
OlmSAS * sas
);
/** Creates a new SAS object.
*
* @param[in] sas the SAS object to create, initialized by `olm_sas()`.
* @param[in] random array of random bytes.
* @param[in] random_length the number of random bytes provided. Must be at
* least `olm_create_sas_random_length()`.
*
* @return `olm_error()` on failure. If there weren't enough random bytes then
* `olm_sas_last_error()` will be `NOT_ENOUGH_RANDOM`.
*/
size_t olm_create_sas(
OlmSAS * sas,
void * random, size_t random_length
);
/** The size of a public key in bytes. */
size_t olm_sas_pubkey_length(OlmSAS * sas);
/** Get the public key for the SAS object.
*
* @param[in] sas the SAS object.
* @param[out] pubkey buffer to store the public key.
* @param[in] pubkey_length the size of the `pubkey` buffer. Must be at least
* `olm_sas_pubkey_length()`.
*
* @return `olm_error()` on failure. If the `pubkey` buffer is too small, then
* `olm_sas_last_error()` will be `OUTPUT_BUFFER_TOO_SMALL`.
*/
size_t olm_sas_get_pubkey(
OlmSAS * sas,
void * pubkey, size_t pubkey_length
);
/** Sets the public key of other user.
*
* @param[in] sas the SAS object.
* @param[in] their_key the other user's public key.
* @param[in] their_key_size the size of the `their_key` buffer.
*
* @return `olm_error()` on failure. If the `their_key` buffer is too small,
* then `olm_sas_last_error()` will be `INPUT_BUFFER_TOO_SMALL`.
*/
size_t olm_sas_set_their_key(
OlmSAS *sas,
void * their_key, size_t their_key_length
);
/** Generate bytes to use for the short authentication string.
*
* @param[in] sas the SAS object.
* @param[in] info extra information to mix in when generating the bytes, as
* per the Matrix spec.
* @param[in] info_length the length of the `info` parameter.
* @param[out] output the output buffer.
* @param[in] output_length the size of the output buffer. For hex-based SAS
* as in the Matrix spec, this will be 5.
*/
size_t olm_sas_generate_bytes(
OlmSAS * sas,
const void * info, size_t info_length,
void * output, size_t output_length
);
/** The size of the message authentication code generated by
* olm_sas_calculate_mac()`. */
size_t olm_sas_mac_length(
OlmSAS *sas
);
/** Generate a message authentication code (MAC) based on the shared secret.
*
* @param[in] sas the SAS object.
* @param[in] input the message to produce the authentication code for.
* @param[in] input_length the length of the message.
* @param[in] info extra information to mix in when generating the MAC, as per
* the Matrix spec.
* @param[in] info_length the length of the `info` parameter.
* @param[out] mac the buffer in which to store the MAC.
* @param[in] mac_length the size of the `mac` buffer. Must be at least
* `olm_sas_mac_length()`
*
* @return `olm_error()` on failure. If the `mac` buffer is too small, then
* `olm_sas_last_error()` will be `OUTPUT_BUFFER_TOO_SMALL`.
*/
size_t olm_sas_calculate_mac(
OlmSAS * sas,
void * input, size_t input_length,
const void * info, size_t info_length,
void * mac, size_t mac_length
);
/** @} */ // end of SAS group
#ifdef __cplusplus
} // extern "C"
#endif
#endif /* OLM_SAS_H_ */
......@@ -534,6 +534,7 @@ olm_exports["Session"] = Session;
olm_exports["Utility"] = Utility;
olm_exports["PkEncryption"] = PkEncryption;
olm_exports["PkDecryption"] = PkDecryption;
olm_exports["SAS"] = SAS;
olm_exports["get_library_version"] = restore_stack(function() {
var buf = stack(3);
......
function SAS() {
var size = Module['_olm_sas_size']();
var random_length = Module['_olm_create_sas_random_length']();
var random = random_stack(random_length);
this.buf = malloc(size);
this.ptr = Module['_olm_sas'](this.buf);
Module['_olm_create_sas'](this.ptr, random, random_length);
bzero(random, random_length);
}
function sas_method(wrapped) {
return function() {
var result = wrapped.apply(this, arguments);
if (result === OLM_ERROR) {
var message = Pointer_stringify(
Module['_olm_sas_last_error'](arguments[0])
);
throw new Error("OLM." + message);
}
return result;
}
}
SAS.prototype['free'] = function() {
Module['_olm_clear_sas'](this.ptr);
free(this.ptr);
};
SAS.prototype['get_pubkey'] = restore_stack(function() {
var pubkey_length = sas_method(Module['_olm_sas_pubkey_length'])(this.ptr);
var pubkey_buffer = stack(pubkey_length + NULL_BYTE_PADDING_LENGTH);
sas_method(Module['_olm_sas_get_pubkey'])(this.ptr, pubkey_buffer, pubkey_length);
return Pointer_stringify(pubkey_buffer);
});
SAS.prototype['set_their_key'] = restore_stack(function(their_key) {
var their_key_array = array_from_string(their_key);
var their_key_buffer = stack(their_key_array);
sas_method(Module['_olm_sas_set_their_key'])(
this.ptr,
their_key_buffer, their_key_array.length
);
});
SAS.prototype['generate_bytes'] = restore_stack(function(info, length) {
var info_array = array_from_string(info);
var info_buffer = stack(info_array);
var output_buffer = stack(length);
sas_method(Module['_olm_sas_generate_bytes'])(
this.ptr,
info_buffer, info_array.length,
output_buffer, length
);
// The inner Uint8Array creates a view of the buffer. The outer Uint8Array
// copies it to a new array to return, since the original buffer will get
// deallocated from the stack and could get overwritten.
var output_arr = new Uint8Array(
new Uint8Array(Module['HEAPU8'].buffer, output_buffer, length)
);
return output_arr;
});
SAS.prototype['calculate_mac'] = restore_stack(function(input, info) {
var input_array = array_from_string(input);
var input_buffer = stack(input_array);
var info_array = array_from_string(info);
var info_buffer = stack(info_array);
var mac_length = sas_method(Module['_olm_sas_mac_length'])(this.ptr);
var mac_buffer = stack(mac_length + NULL_BYTE_PADDING_LENGTH);
sas_method(Module['_olm_sas_calculate_mac'])(
this.ptr,
input_buffer, input_array.length,
info_buffer, info_array.length,
mac_buffer, mac_length
);
return Pointer_stringify(mac_buffer);
});
/*
Copyright 2018 New Vector Ltd
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
var Olm = require('../olm');
describe("sas", function() {
var alice, bob;
beforeEach(async function(done) {
Olm.init().then(function() {
alice = new Olm.SAS();
bob = new Olm.SAS();
done();
});
});
afterEach(function () {
if (alice !== undefined) {
alice.free();
alice = undefined;
}
if (bob !== undefined) {
bob.free();
bob = undefined;
}
});
it('should create matching SAS bytes', function () {
alice.set_their_key(bob.get_pubkey());
bob.set_their_key(alice.get_pubkey());
expect(alice.generate_bytes("SAS", 5).toString()).toEqual(bob.generate_bytes("SAS", 5).toString());
});
it('should create matching MACs', function () {
alice.set_their_key(bob.get_pubkey());
bob.set_their_key(alice.get_pubkey());
expect(alice.calculate_mac("test", "MAC").toString()).toEqual(bob.calculate_mac("test", "MAC").toString());
});
});
/* Copyright 2018-2019 New Vector Ltd
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "olm/sas.h"
#include "olm/base64.h"
#include "olm/crypto.h"
#include "olm/error.h"
#include "olm/memory.h"
struct OlmSAS {
enum OlmErrorCode last_error;
struct _olm_curve25519_key_pair curve25519_key;
uint8_t secret[CURVE25519_SHARED_SECRET_LENGTH];
};
const char * olm_sas_last_error(
OlmSAS * sas
) {
return _olm_error_to_string(sas->last_error);
}
size_t olm_sas_size(void) {
return sizeof(OlmSAS);
}
OlmSAS * olm_sas(
void * memory
) {
_olm_unset(memory, sizeof(OlmSAS));
return (OlmSAS *) memory;
}
size_t olm_clear_sas(
OlmSAS * sas
) {
_olm_unset(sas, sizeof(OlmSAS));
return sizeof(OlmSAS);
}
size_t olm_create_sas_random_length(OlmSAS * sas) {
return CURVE25519_KEY_LENGTH;
}
size_t olm_create_sas(
OlmSAS * sas,
void * random, size_t random_length
) {
if (random_length < olm_create_sas_random_length(sas)) {
sas->last_error = OLM_NOT_ENOUGH_RANDOM;
return (size_t)-1;
}
_olm_crypto_curve25519_generate_key((uint8_t *) random, &sas->curve25519_key);
return 0;
}
size_t olm_sas_pubkey_length(OlmSAS * sas) {
return _olm_encode_base64_length(CURVE25519_KEY_LENGTH);
}
size_t olm_sas_get_pubkey(
OlmSAS * sas,
void * pubkey, size_t pubkey_length
) {
if (pubkey_length < olm_sas_pubkey_length(sas)) {
sas->last_error = OLM_OUTPUT_BUFFER_TOO_SMALL;
return (size_t)-1;
}
_olm_encode_base64(
(const uint8_t *)sas->curve25519_key.public_key.public_key,
CURVE25519_KEY_LENGTH,
(uint8_t *)pubkey
);
return 0;
}
size_t olm_sas_set_their_key(
OlmSAS *sas,
void * their_key, size_t their_key_length
) {
if (their_key_length < olm_sas_pubkey_length(sas)) {
sas->last_error = OLM_INPUT_BUFFER_TOO_SMALL;
return (size_t)-1;
}
_olm_decode_base64(their_key, their_key_length, their_key);
_olm_crypto_curve25519_shared_secret(&sas->curve25519_key, their_key, sas->secret);
return 0;
}
size_t olm_sas_generate_bytes(
OlmSAS * sas,
const void * info, size_t info_length,
void * output, size_t output_length
) {
_olm_crypto_hkdf_sha256(
sas->secret, sizeof(sas->secret),
NULL, 0,
(const uint8_t *) info, info_length,
output, output_length
);
return 0;
}
size_t olm_sas_mac_length(
OlmSAS *sas
) {
return _olm_encode_base64_length(SHA256_OUTPUT_LENGTH);
}
size_t olm_sas_calculate_mac(
OlmSAS * sas,
void * input, size_t input_length,
const void * info, size_t info_length,
void * mac, size_t mac_length
) {
if (mac_length < olm_sas_mac_length(sas)) {
sas->last_error = OLM_OUTPUT_BUFFER_TOO_SMALL;
return (size_t)-1;
}
uint8_t key[32];
_olm_crypto_hkdf_sha256(
sas->secret, sizeof(sas->secret),
NULL, 0,
(const uint8_t *) info, info_length,
key, 32
);
_olm_crypto_hmac_sha256(key, 32, input, input_length, mac);
_olm_encode_base64((const uint8_t *)mac, SHA256_OUTPUT_LENGTH, (uint8_t *)mac);
return 0;
}
#include "olm/sas.h"
#include "olm/crypto.h"
#include "olm/olm.h"
#include "unittest.hh"
#include <iostream>
int main() {
{ /* Generate bytes */
TestCase test_case("SAS generate bytes");
std::uint8_t alice_private[32] = {
0x77, 0x07, 0x6D, 0x0A, 0x73, 0x18, 0xA5, 0x7D,
0x3C, 0x16, 0xC1, 0x72, 0x51, 0xB2, 0x66, 0x45,
0xDF, 0x4C, 0x2F, 0x87, 0xEB, 0xC0, 0x99, 0x2A,
0xB1, 0x77, 0xFB, 0xA5, 0x1D, 0xB9, 0x2C, 0x2A
};
const std::uint8_t *alice_public = (std::uint8_t *) "hSDwCYkwp1R0i33ctD73Wg2/Og0mOBr066SpjqqbTmo";
std::uint8_t bob_private[32] = {
0x5D, 0xAB, 0x08, 0x7E, 0x62, 0x4A, 0x8A, 0x4B,
0x79, 0xE1, 0x7F, 0x8B, 0x83, 0x80, 0x0E, 0xE6,
0x6F, 0x3B, 0xB1, 0x29, 0x26, 0x18, 0xB6, 0xFD,
0x1C, 0x2F, 0x8B, 0x27, 0xFF, 0x88, 0xE0, 0xEB
};
const std::uint8_t *bob_public = (std::uint8_t *) "3p7bfXt9wbTTW2HC7OQ1Nz+DQ8hbeGdNrfx+FG+IK08";
std::uint8_t alice_sas_buffer[olm_sas_size()];
OlmSAS *alice_sas = olm_sas(alice_sas_buffer);
olm_create_sas(alice_sas, alice_private, sizeof(alice_private));
std::uint8_t bob_sas_buffer[olm_sas_size()];
OlmSAS *bob_sas = olm_sas(bob_sas_buffer);
olm_create_sas(bob_sas, bob_private, sizeof(bob_private));
std::uint8_t pubkey[::olm_sas_pubkey_length(alice_sas)];
olm_sas_get_pubkey(alice_sas, pubkey, sizeof(pubkey));
assert_equals(alice_public, pubkey, olm_sas_pubkey_length(alice_sas));
olm_sas_set_their_key(bob_sas, pubkey, olm_sas_pubkey_length(bob_sas));
olm_sas_get_pubkey(bob_sas, pubkey, sizeof(pubkey));
assert_equals(bob_public, pubkey, olm_sas_pubkey_length(bob_sas));
olm_sas_set_their_key(alice_sas, pubkey, olm_sas_pubkey_length(alice_sas));
std::uint8_t alice_bytes[6];
std::uint8_t bob_bytes[6];
olm_sas_generate_bytes(alice_sas, "SAS", 3, alice_bytes, 6);
olm_sas_generate_bytes(bob_sas, "SAS", 3, bob_bytes, 6);
assert_equals(alice_bytes, bob_bytes, 6);
}
{ /* Calculate MAC */
TestCase test_case("SAS calculate MAC");
std::uint8_t alice_private[32] = {
0x77, 0x07, 0x6D, 0x0A, 0x73, 0x18, 0xA5, 0x7D,
0x3C, 0x16, 0xC1, 0x72, 0x51, 0xB2, 0x66, 0x45,
0xDF, 0x4C, 0x2F, 0x87, 0xEB, 0xC0, 0x99, 0x2A,
0xB1, 0x77, 0xFB, 0xA5, 0x1D, 0xB9, 0x2C, 0x2A
};
const std::uint8_t *alice_public = (std::uint8_t *) "hSDwCYkwp1R0i33ctD73Wg2/Og0mOBr066SpjqqbTmo";
std::uint8_t bob_private[32] = {
0x5D, 0xAB, 0x08, 0x7E, 0x62, 0x4A, 0x8A, 0x4B,
0x79, 0xE1, 0x7F, 0x8B, 0x83, 0x80, 0x0E, 0xE6,
0x6F, 0x3B, 0xB1, 0x29, 0x26, 0x18, 0xB6, 0xFD,
0x1C, 0x2F, 0x8B, 0x27, 0xFF, 0x88, 0xE0, 0xEB
};
const std::uint8_t *bob_public = (std::uint8_t *) "3p7bfXt9wbTTW2HC7OQ1Nz+DQ8hbeGdNrfx+FG+IK08";
std::uint8_t alice_sas_buffer[olm_sas_size()];
OlmSAS *alice_sas = olm_sas(alice_sas_buffer);
olm_create_sas(alice_sas, alice_private, sizeof(alice_private));
std::uint8_t bob_sas_buffer[olm_sas_size()];
OlmSAS *bob_sas = olm_sas(bob_sas_buffer);
olm_create_sas(bob_sas, bob_private, sizeof(bob_private));
std::uint8_t pubkey[::olm_sas_pubkey_length(alice_sas)];
olm_sas_get_pubkey(alice_sas, pubkey, sizeof(pubkey));
assert_equals(alice_public, pubkey, olm_sas_pubkey_length(alice_sas));
olm_sas_set_their_key(bob_sas, pubkey, olm_sas_pubkey_length(bob_sas));
olm_sas_get_pubkey(bob_sas, pubkey, sizeof(pubkey));
assert_equals(bob_public, pubkey, olm_sas_pubkey_length(bob_sas));
olm_sas_set_their_key(alice_sas, pubkey, olm_sas_pubkey_length(alice_sas));
std::uint8_t alice_mac[olm_sas_mac_length(alice_sas)];
std::uint8_t bob_mac[olm_sas_mac_length(bob_sas)];
olm_sas_calculate_mac(alice_sas, (void *) "Hello world!", 12, "MAC", 3, alice_mac, olm_sas_mac_length(alice_sas));
olm_sas_calculate_mac(bob_sas, (void *) "Hello world!", 12, "MAC", 3, bob_mac, olm_sas_mac_length(bob_sas));
assert_equals(alice_mac, bob_mac, olm_sas_mac_length(alice_sas));
}
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment