mirrors
/
olm
mirror of https://git.matrix.org/git/olm.git
1
0
Fork 0
Code Issues Releases Wiki Activity
olm/src/account.cpp

497 lines
14 KiB
C++
Raw Blame History

/* Copyright 2015, 2016 OpenMarket Ltd
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "olm/account.hh"
#include "olm/base64.hh"
#include "olm/pickle.h"
#include "olm/pickle.hh"
#include "olm/memory.hh"
olm::Account::Account(
) : next_one_time_key_id(0),
last_error(OlmErrorCode::OLM_SUCCESS) {
// since we don't need to keep track of whether the fallback keys are
// published, use the published flag as in indication for whether the keys
// were generated
current_fallback_key.published = false;
prev_fallback_key.published = false;
}
olm::OneTimeKey const * olm::Account::lookup_key(
_olm_curve25519_public_key const & public_key
) {
for (olm::OneTimeKey const & key : one_time_keys) {
if (olm::array_equal(key.key.public_key.public_key, public_key.public_key)) {
return &key;
}
}
if (current_fallback_key.published
&& olm::array_equal(
current_fallback_key.key.public_key.public_key, public_key.public_key
)
) {
return &current_fallback_key;
}
if (prev_fallback_key.published
&& olm::array_equal(
prev_fallback_key.key.public_key.public_key, public_key.public_key
)
) {
return &prev_fallback_key;
}
return 0;
}
std::size_t olm::Account::remove_key(
_olm_curve25519_public_key const & public_key
) {
OneTimeKey * i;
for (i = one_time_keys.begin(); i != one_time_keys.end(); ++i) {
if (olm::array_equal(i->key.public_key.public_key, public_key.public_key)) {
std::uint32_t id = i->id;
one_time_keys.erase(i);
return id;
}
}
// check if the key is a fallback key, to avoid returning an error, but
// don't actually remove it
if (current_fallback_key.published
&& olm::array_equal(
current_fallback_key.key.public_key.public_key, public_key.public_key
)
) {
return current_fallback_key.id;
}
if (prev_fallback_key.published
&& olm::array_equal(
prev_fallback_key.key.public_key.public_key, public_key.public_key
)
) {
return prev_fallback_key.id;
}
return std::size_t(-1);
}
std::size_t olm::Account::new_account_random_length() const {
return ED25519_RANDOM_LENGTH + CURVE25519_RANDOM_LENGTH;
}
std::size_t olm::Account::new_account(
uint8_t const * random, std::size_t random_length
) {
if (random_length < new_account_random_length()) {
last_error = OlmErrorCode::OLM_NOT_ENOUGH_RANDOM;
return std::size_t(-1);
}
_olm_crypto_ed25519_generate_key(random, &identity_keys.ed25519_key);
random += ED25519_RANDOM_LENGTH;
_olm_crypto_curve25519_generate_key(random, &identity_keys.curve25519_key);
return 0;
}
namespace {
uint8_t KEY_JSON_ED25519[] = "\"ed25519\":";
uint8_t KEY_JSON_CURVE25519[] = "\"curve25519\":";
template<typename T>
static std::uint8_t * write_string(
std::uint8_t * pos,
T const & value
) {
std::memcpy(pos, value, sizeof(T) - 1);
return pos + (sizeof(T) - 1);
}
}
std::size_t olm::Account::get_identity_json_length() const {
std::size_t length = 0;
length += 1; /* { */
length += sizeof(KEY_JSON_CURVE25519) - 1;
length += 1; /* " */
length += olm::encode_base64_length(
sizeof(identity_keys.curve25519_key.public_key)
);
length += 2; /* ", */
length += sizeof(KEY_JSON_ED25519) - 1;
length += 1; /* " */
length += olm::encode_base64_length(
sizeof(identity_keys.ed25519_key.public_key)
);
length += 2; /* "} */
return length;
}
std::size_t olm::Account::get_identity_json(
std::uint8_t * identity_json, std::size_t identity_json_length
) {
std::uint8_t * pos = identity_json;
size_t expected_length = get_identity_json_length();
if (identity_json_length < expected_length) {
last_error = OlmErrorCode::OLM_OUTPUT_BUFFER_TOO_SMALL;
return std::size_t(-1);
}
*(pos++) = '{';
pos = write_string(pos, KEY_JSON_CURVE25519);
*(pos++) = '\"';
pos = olm::encode_base64(
identity_keys.curve25519_key.public_key.public_key,
sizeof(identity_keys.curve25519_key.public_key.public_key),
pos
);
*(pos++) = '\"'; *(pos++) = ',';
pos = write_string(pos, KEY_JSON_ED25519);
*(pos++) = '\"';
pos = olm::encode_base64(
identity_keys.ed25519_key.public_key.public_key,
sizeof(identity_keys.ed25519_key.public_key.public_key),
pos
);
*(pos++) = '\"'; *(pos++) = '}';
return pos - identity_json;
}
std::size_t olm::Account::signature_length(
) const {
return ED25519_SIGNATURE_LENGTH;
}
std::size_t olm::Account::sign(
std::uint8_t const * message, std::size_t message_length,
std::uint8_t * signature, std::size_t signature_length
) {
if (signature_length < this->signature_length()) {
last_error = OlmErrorCode::OLM_OUTPUT_BUFFER_TOO_SMALL;
return std::size_t(-1);
}
_olm_crypto_ed25519_sign(
&identity_keys.ed25519_key, message, message_length, signature
);
return this->signature_length();
}
std::size_t olm::Account::get_one_time_keys_json_length(
) const {
std::size_t length = 0;
bool is_empty = true;
for (auto const & key : one_time_keys) {
if (key.published) {
continue;
}
is_empty = false;
length += 2; /* {" */
length += olm::encode_base64_length(_olm_pickle_uint32_length(key.id));
length += 3; /* ":" */
length += olm::encode_base64_length(sizeof(key.key.public_key));
length += 1; /* " */
}
if (is_empty) {
length += 1; /* { */
}
length += 3; /* }{} */
length += sizeof(KEY_JSON_CURVE25519) - 1;
return length;
}
std::size_t olm::Account::get_one_time_keys_json(
std::uint8_t * one_time_json, std::size_t one_time_json_length
) {
std::uint8_t * pos = one_time_json;
if (one_time_json_length < get_one_time_keys_json_length()) {
last_error = OlmErrorCode::OLM_OUTPUT_BUFFER_TOO_SMALL;
return std::size_t(-1);
}
*(pos++) = '{';
pos = write_string(pos, KEY_JSON_CURVE25519);
std::uint8_t sep = '{';
for (auto const & key : one_time_keys) {
if (key.published) {
continue;
}
*(pos++) = sep;
*(pos++) = '\"';
std::uint8_t key_id[_olm_pickle_uint32_length(key.id)];
_olm_pickle_uint32(key_id, key.id);
pos = olm::encode_base64(key_id, sizeof(key_id), pos);
*(pos++) = '\"'; *(pos++) = ':'; *(pos++) = '\"';
pos = olm::encode_base64(
key.key.public_key.public_key, sizeof(key.key.public_key.public_key), pos
);
*(pos++) = '\"';
sep = ',';
}
if (sep != ',') {
/* The list was empty */
*(pos++) = sep;
}
*(pos++) = '}';
*(pos++) = '}';
return pos - one_time_json;
}
std::size_t olm::Account::mark_keys_as_published(
) {
std::size_t count = 0;
for (auto & key : one_time_keys) {
if (!key.published) {
key.published = true;
count++;
}
}
return count;
}
std::size_t olm::Account::max_number_of_one_time_keys(
) const {
return olm::MAX_ONE_TIME_KEYS;
}
std::size_t olm::Account::generate_one_time_keys_random_length(
std::size_t number_of_keys
) const {
return CURVE25519_RANDOM_LENGTH * number_of_keys;
}
std::size_t olm::Account::generate_one_time_keys(
std::size_t number_of_keys,
std::uint8_t const * random, std::size_t random_length
) {
if (random_length < generate_one_time_keys_random_length(number_of_keys)) {
last_error = OlmErrorCode::OLM_NOT_ENOUGH_RANDOM;
return std::size_t(-1);
}
for (unsigned i = 0; i < number_of_keys; ++i) {
OneTimeKey & key = *one_time_keys.insert(one_time_keys.begin());
key.id = ++next_one_time_key_id;
key.published = false;
_olm_crypto_curve25519_generate_key(random, &key.key);
random += CURVE25519_RANDOM_LENGTH;
}
return number_of_keys;
}
std::size_t olm::Account::generate_fallback_key_random_length() const {
return CURVE25519_RANDOM_LENGTH;
}
std::size_t olm::Account::generate_fallback_key(
std::uint8_t const * random, std::size_t random_length
) {
if (random_length < generate_fallback_key_random_length()) {
last_error = OlmErrorCode::OLM_NOT_ENOUGH_RANDOM;
return std::size_t(-1);
}
prev_fallback_key = current_fallback_key;
current_fallback_key.id = ++next_one_time_key_id;
current_fallback_key.published = true;
_olm_crypto_curve25519_generate_key(random, &current_fallback_key.key);
return 1;
}
std::size_t olm::Account::get_fallback_key_json_length(
) const {
std::size_t length = 4 + sizeof(KEY_JSON_CURVE25519) - 1; /* {"curve25519":{}} */
const OneTimeKey & key = current_fallback_key;
if (key.published) {
length += 1; /* " */
length += olm::encode_base64_length(_olm_pickle_uint32_length(key.id));
length += 3; /* ":" */
length += olm::encode_base64_length(sizeof(key.key.public_key));
length += 1; /* " */
}
return length;
}
std::size_t olm::Account::get_fallback_key_json(
std::uint8_t * fallback_json, std::size_t fallback_json_length
) {
std::uint8_t * pos = fallback_json;
if (fallback_json_length < get_fallback_key_json_length()) {
last_error = OlmErrorCode::OLM_OUTPUT_BUFFER_TOO_SMALL;
return std::size_t(-1);
}
*(pos++) = '{';
pos = write_string(pos, KEY_JSON_CURVE25519);
*(pos++) = '{';
OneTimeKey & key = current_fallback_key;
if (key.published) {
*(pos++) = '\"';
std::uint8_t key_id[_olm_pickle_uint32_length(key.id)];
_olm_pickle_uint32(key_id, key.id);
pos = olm::encode_base64(key_id, sizeof(key_id), pos);
*(pos++) = '\"'; *(pos++) = ':'; *(pos++) = '\"';
pos = olm::encode_base64(
key.key.public_key.public_key, sizeof(key.key.public_key.public_key), pos
);
*(pos++) = '\"';
}
*(pos++) = '}';
*(pos++) = '}';
return pos - fallback_json;
}
namespace olm {
static std::size_t pickle_length(
olm::IdentityKeys const & value
) {
size_t length = 0;
length += _olm_pickle_ed25519_key_pair_length(&value.ed25519_key);
length += olm::pickle_length(value.curve25519_key);
return length;
}
static std::uint8_t * pickle(
std::uint8_t * pos,
olm::IdentityKeys const & value
) {
pos = _olm_pickle_ed25519_key_pair(pos, &value.ed25519_key);
pos = olm::pickle(pos, value.curve25519_key);
return pos;
}
static std::uint8_t const * unpickle(
std::uint8_t const * pos, std::uint8_t const * end,
olm::IdentityKeys & value
) {
pos = _olm_unpickle_ed25519_key_pair(pos, end, &value.ed25519_key); UNPICKLE_OK(pos);
pos = olm::unpickle(pos, end, value.curve25519_key); UNPICKLE_OK(pos);
return pos;
}
static std::size_t pickle_length(
olm::OneTimeKey const & value
) {
std::size_t length = 0;
length += olm::pickle_length(value.id);
length += olm::pickle_length(value.published);
length += olm::pickle_length(value.key);
return length;
}
static std::uint8_t * pickle(
std::uint8_t * pos,
olm::OneTimeKey const & value
) {
pos = olm::pickle(pos, value.id);
pos = olm::pickle(pos, value.published);
pos = olm::pickle(pos, value.key);
return pos;
}
static std::uint8_t const * unpickle(
std::uint8_t const * pos, std::uint8_t const * end,
olm::OneTimeKey & value
) {
pos = olm::unpickle(pos, end, value.id); UNPICKLE_OK(pos);
pos = olm::unpickle(pos, end, value.published); UNPICKLE_OK(pos);
pos = olm::unpickle(pos, end, value.key); UNPICKLE_OK(pos);
return pos;
}
} // namespace olm
namespace {
// pickle version 1 used only 32 bytes for the ed25519 private key.
// Any keys thus used should be considered compromised.
// pickle version 2 does not have fallback keys.
static const std::uint32_t ACCOUNT_PICKLE_VERSION = 3;
}
std::size_t olm::pickle_length(
olm::Account const & value
) {
std::size_t length = 0;
length += olm::pickle_length(ACCOUNT_PICKLE_VERSION);
length += olm::pickle_length(value.identity_keys);
length += olm::pickle_length(value.one_time_keys);
length += olm::pickle_length(value.current_fallback_key);
length += olm::pickle_length(value.prev_fallback_key);
length += olm::pickle_length(value.next_one_time_key_id);
return length;
}
std::uint8_t * olm::pickle(
std::uint8_t * pos,
olm::Account const & value
) {
pos = olm::pickle(pos, ACCOUNT_PICKLE_VERSION);
pos = olm::pickle(pos, value.identity_keys);
pos = olm::pickle(pos, value.one_time_keys);
pos = olm::pickle(pos, value.current_fallback_key);
pos = olm::pickle(pos, value.prev_fallback_key);
pos = olm::pickle(pos, value.next_one_time_key_id);
return pos;
}
std::uint8_t const * olm::unpickle(
std::uint8_t const * pos, std::uint8_t const * end,
olm::Account & value
) {
uint32_t pickle_version;
pos = olm::unpickle(pos, end, pickle_version); UNPICKLE_OK(pos);
switch (pickle_version) {
case ACCOUNT_PICKLE_VERSION:
case 2:
break;
case 1:
value.last_error = OlmErrorCode::OLM_BAD_LEGACY_ACCOUNT_PICKLE;
return nullptr;
default:
value.last_error = OlmErrorCode::OLM_UNKNOWN_PICKLE_VERSION;
return nullptr;
}
pos = olm::unpickle(pos, end, value.identity_keys); UNPICKLE_OK(pos);
pos = olm::unpickle(pos, end, value.one_time_keys); UNPICKLE_OK(pos);
if (pickle_version == 2) {
// version 2 did not have fallback keys
value.current_fallback_key.published = false;
value.prev_fallback_key.published = false;
} else {
pos = olm::unpickle(pos, end, value.current_fallback_key); UNPICKLE_OK(pos);
pos = olm::unpickle(pos, end, value.prev_fallback_key); UNPICKLE_OK(pos);
}
pos = olm::unpickle(pos, end, value.next_one_time_key_id); UNPICKLE_OK(pos);
return pos;
}
Reference in New Issue View Git Blame Copy Permalink