From b3496b0aa16b8c4f9974ed54fca59ef631f83705 Mon Sep 17 00:00:00 2001
From: Mark Haines <mark.haines@matrix.org>
Date: Fri, 27 Feb 2015 15:07:45 +0000
Subject: [PATCH] More comments

---
 include/axolotl/axolotl.hh | 43 ++++++++++++++++++++++++++++++++++++--
 include/axolotl/crypto.hh  | 21 +++++++++++++++++--
 2 files changed, 60 insertions(+), 4 deletions(-)

diff --git a/include/axolotl/axolotl.hh b/include/axolotl/axolotl.hh
index bd230dd..9d7ff9a 100644
--- a/include/axolotl/axolotl.hh
+++ b/include/axolotl/axolotl.hh
@@ -83,41 +83,80 @@ struct Session {
         KdfInfo const & kdf_info
     );
 
-    /** A pair of string to feed into the KDF identifing the application */
+    /** A some strings identifing the application to feed into the KDF. */
     KdfInfo kdf_info;
-    /** The last error that happened encypting or decrypting a message */
+
+    /** The last error that happened encypting or decrypting a message. */
     ErrorCode last_error;
+
+    /** The root key is used to generate chain keys from the ephemeral keys.
+     * A new root_key derived each time a chain key is derived. */
     SharedKey root_key;
+
+    /** The sender chain is used to send messages. Each time a new ephemeral
+     * key is received from the remote server we generate a new sender chain
+     * with a new empheral key when we next send a message. */
     List<SenderChain, 1> sender_chain;
+
+    /** The receiver chain is used to decrypt recieved messages. We store the
+     * last few chains so we can decrypt any out of order messages we haven't
+     * received yet. */
     List<ReceiverChain, MAX_RECEIVER_CHAINS> receiver_chains;
+
+    /** List of message keys we've skipped over when advancing the receiver
+     * chain. */
     List<SkippedMessageKey, MAX_SKIPPED_MESSAGE_KEYS> skipped_message_keys;
 
+    /** Initialise the session using a shared secret and the public part of the
+     * remote's first ratchet key */
     void initialise_as_bob(
         std::uint8_t const * shared_secret, std::size_t shared_secret_length,
         Curve25519PublicKey const & their_ratchet_key
     );
 
+    /** Intialise the session using a shared secret and the public/private key
+     * pair for the first ratchet key */
     void initialise_as_alice(
         std::uint8_t const * shared_secret, std::size_t shared_secret_length,
         Curve25519KeyPair const & our_ratchet_key
     );
 
+    /** The maximum number of bytes of output the encrypt method will write for
+     * a given message length. */
     std::size_t encrypt_max_output_length(
         std::size_t plaintext_length
     );
 
+    /** The number of bytes of random data the encrypt method will need to
+     * encrypt a message. This will be 32 bytes if the session needs to
+     * generate a new ephemeral key, or will be 0 bytes otherwise.*/
     std::size_t encrypt_random_length();
 
+    /** Encrypt some plaintext. Returns the length of the encrypted message
+     * or std::size_t(-1) on failure. On failure last_error will be set with
+     * an error code. The last_error will be NOT_ENOUGH_RANDOM if the number
+     * of random bytes is too small. The last_error will be
+     * OUTPUT_BUFFER_TOO_SMALL if the output buffer is too small. */
     std::size_t encrypt(
         std::uint8_t const * plaintext, std::size_t plaintext_length,
         std::uint8_t const * random, std::size_t random_length,
         std::uint8_t * output, std::size_t max_output_length
     );
 
+    /** An upper bound on the number of bytes of plaintext the decrypt method
+     * will write for a given input message length. */
     std::size_t decrypt_max_plaintext_length(
         std::size_t input_length
     );
 
+    /** Decrypt a message. Returns the length of the decrypted plaintext or
+     * std::size_t(-1) on failure. On failure last_error will be set with an
+     * error code. The last_error will be OUTPUT_BUFFER_TOO_SMALL if the
+     * plaintext buffer is too small. The last_error will be
+     * BAD_MESSAGE_VERSION if the message was encrypted with an unsupported
+     * version of the protocol. The last_error will be BAD_MESSAGE_FORMAT if
+     * the message headers could not be decoded. The last_error will be
+     * BAD_MESSAGE_MAC if the message could not be verified */
     std::size_t decrypt(
         std::uint8_t const * input, std::size_t input_length,
         std::uint8_t * plaintext, std::size_t max_plaintext_length
diff --git a/include/axolotl/crypto.hh b/include/axolotl/crypto.hh
index d3586b3..09e5b8e 100644
--- a/include/axolotl/crypto.hh
+++ b/include/axolotl/crypto.hh
@@ -28,7 +28,7 @@ struct Curve25519KeyPair : public Curve25519PublicKey {
     std::uint8_t private_key[32];
 };
 
-
+/** Generate a curve25519 key pair from 32 random bytes. */
 void generate_key(
     std::uint8_t const * random_32_bytes,
     Curve25519KeyPair & key_pair
@@ -37,7 +37,8 @@ void generate_key(
 
 const std::size_t CURVE25519_SHARED_SECRET_LENGTH = 32;
 
-
+/** Create a shared secret using our private key and their public key.
+ * The output buffer must be at least 32 bytes long. */
 void curve25519_shared_secret(
     Curve25519KeyPair const & our_key,
     Curve25519PublicKey const & their_key,
@@ -57,11 +58,14 @@ struct Aes256Iv {
 };
 
 
+/** The length of output the aes_encrypt_cbc function will write */
 std::size_t aes_encrypt_cbc_length(
     std::size_t input_length
 );
 
 
+/** Encrypts the input using AES256 in CBC mode with PKCS#7 padding.
+ * The output buffer must be big enough to hold the output including padding */
 void aes_encrypt_cbc(
     Aes256Key const & key,
     Aes256Iv const & iv,
@@ -70,6 +74,10 @@ void aes_encrypt_cbc(
 );
 
 
+/** Decrypts the input using AES256 in CBC mode. The output buffer must be at
+ * least the same size as the input buffer. Returns the length of the plaintext
+ * without padding on success or std::size_t(-1) if the padding is invalid.
+ */
 std::size_t aes_decrypt_cbc(
     Aes256Key const & key,
     Aes256Iv const & iv,
@@ -78,6 +86,8 @@ std::size_t aes_decrypt_cbc(
 );
 
 
+/** Computes SHA-256 of the input. The output buffer must be a least 32
+ * bytes long. */
 void sha256(
     std::uint8_t const * input, std::size_t input_length,
     std::uint8_t * output
@@ -87,6 +97,10 @@ void sha256(
 const std::size_t HMAC_SHA256_OUTPUT_LENGTH = 32;
 
 
+/** HMAC: Keyed-Hashing for Message Authentication
+ * http://tools.ietf.org/html/rfc2104
+ * Computes HMAC-SHA-256 of the input for the key. The output buffer must
+ * be at least 32 bytes long. */
 void hmac_sha256(
     std::uint8_t const * key, std::size_t key_length,
     std::uint8_t const * input, std::size_t input_length,
@@ -94,6 +108,9 @@ void hmac_sha256(
 );
 
 
+/** HMAC-based Key Derivation Function (HKDF)
+ * https://tools.ietf.org/html/rfc5869
+ * Derives key material from the input bytes. */
 void hkdf_sha256(
     std::uint8_t const * input, std::size_t input_length,
     std::uint8_t const * info, std::size_t info_length,