ruby_olm 0.1.1

data/ext/ruby_olm/ext_lib_olm/olm/include/olm/ratchet.hh

@@ -0,0 +1,184 @@
+/* Copyright 2015 OpenMarket Ltd
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <cstdint>
+
+#include "olm/crypto.h"
+#include "olm/list.hh"
+#include "olm/error.h"
+
+struct _olm_cipher;
+
+namespace olm {
+
+/** length of a shared key: the root key R(i), chain key C(i,j), and message key
+ * M(i,j)). They are all only used to stuff into HMACs, so could be any length
+ * for that. The chain key and message key are both derived from SHA256
+ * operations, so their length is determined by that. */
+const std::size_t OLM_SHARED_KEY_LENGTH = SHA256_OUTPUT_LENGTH;
+
+typedef std::uint8_t SharedKey[OLM_SHARED_KEY_LENGTH];
+
+struct ChainKey {
+    std::uint32_t index;
+    SharedKey key;
+};
+
+struct MessageKey {
+    std::uint32_t index;
+    SharedKey key;
+};
+
+
+struct SenderChain {
+    _olm_curve25519_key_pair ratchet_key;
+    ChainKey chain_key;
+};
+
+
+struct ReceiverChain {
+    _olm_curve25519_public_key ratchet_key;
+    ChainKey chain_key;
+};
+
+
+struct SkippedMessageKey {
+    _olm_curve25519_public_key ratchet_key;
+    MessageKey message_key;
+};
+
+
+static std::size_t const MAX_RECEIVER_CHAINS = 5;
+static std::size_t const MAX_SKIPPED_MESSAGE_KEYS = 40;
+
+
+struct KdfInfo {
+    std::uint8_t const * root_info;
+    std::size_t root_info_length;
+    std::uint8_t const * ratchet_info;
+    std::size_t ratchet_info_length;
+};
+
+
+struct Ratchet {
+
+    Ratchet(
+        KdfInfo const & kdf_info,
+        _olm_cipher const *ratchet_cipher
+    );
+
+    /** A some strings identifying the application to feed into the KDF. */
+    KdfInfo const & kdf_info;
+
+    /** The AEAD cipher to use for encrypting messages. */
+    _olm_cipher const *ratchet_cipher;
+
+    /** The last error that happened encrypting or decrypting a message. */
+    OlmErrorCode last_error;
+
+    /** The root key is used to generate chain keys from the ephemeral keys.
+     * A new root_key derived each time a new chain is started. */
+    SharedKey root_key;
+
+    /** The sender chain is used to send messages. Each time a new ephemeral
+     * key is received from the remote server we generate a new sender chain
+     * with a new empheral key when we next send a message. */
+    List<SenderChain, 1> sender_chain;
+
+    /** The receiver chain is used to decrypt received messages. We store the
+     * last few chains so we can decrypt any out of order messages we haven't
+     * received yet. */
+    List<ReceiverChain, MAX_RECEIVER_CHAINS> receiver_chains;
+
+    /** List of message keys we've skipped over when advancing the receiver
+     * chain. */
+    List<SkippedMessageKey, MAX_SKIPPED_MESSAGE_KEYS> skipped_message_keys;
+
+    /** Initialise the session using a shared secret and the public part of the
+     * remote's first ratchet key */
+    void initialise_as_bob(
+        std::uint8_t const * shared_secret, std::size_t shared_secret_length,
+        _olm_curve25519_public_key const & their_ratchet_key
+    );
+
+    /** Initialise the session using a shared secret and the public/private key
+     * pair for the first ratchet key */
+    void initialise_as_alice(
+        std::uint8_t const * shared_secret, std::size_t shared_secret_length,
+        _olm_curve25519_key_pair const & our_ratchet_key
+    );
+
+    /** The number of bytes of output the encrypt method will write for
+     * a given message length. */
+    std::size_t encrypt_output_length(
+        std::size_t plaintext_length
+    );
+
+    /** The number of bytes of random data the encrypt method will need to
+     * encrypt a message. This will be 32 bytes if the session needs to
+     * generate a new ephemeral key, or will be 0 bytes otherwise.*/
+    std::size_t encrypt_random_length();
+
+    /** Encrypt some plain-text. Returns the length of the encrypted message
+     * or std::size_t(-1) on failure. On failure last_error will be set with
+     * an error code. The last_error will be NOT_ENOUGH_RANDOM if the number
+     * of random bytes is too small. The last_error will be
+     * OUTPUT_BUFFER_TOO_SMALL if the output buffer is too small. */
+    std::size_t encrypt(
+        std::uint8_t const * plaintext, std::size_t plaintext_length,
+        std::uint8_t const * random, std::size_t random_length,
+        std::uint8_t * output, std::size_t max_output_length
+    );
+
+    /** An upper bound on the number of bytes of plain-text the decrypt method
+     * will write for a given input message length. */
+    std::size_t decrypt_max_plaintext_length(
+        std::uint8_t const * input, std::size_t input_length
+    );
+
+    /** Decrypt a message. Returns the length of the decrypted plain-text or
+     * std::size_t(-1) on failure. On failure last_error will be set with an
+     * error code. The last_error will be OUTPUT_BUFFER_TOO_SMALL if the
+     * plain-text buffer is too small. The last_error will be
+     * BAD_MESSAGE_VERSION if the message was encrypted with an unsupported
+     * version of the protocol. The last_error will be BAD_MESSAGE_FORMAT if
+     * the message headers could not be decoded. The last_error will be
+     * BAD_MESSAGE_MAC if the message could not be verified */
+    std::size_t decrypt(
+        std::uint8_t const * input, std::size_t input_length,
+        std::uint8_t * plaintext, std::size_t max_plaintext_length
+    );
+};
+
+
+std::size_t pickle_length(
+    Ratchet const & value
+);
+
+
+std::uint8_t * pickle(
+    std::uint8_t * pos,
+    Ratchet const & value
+);
+
+
+std::uint8_t const * unpickle(
+    std::uint8_t const * pos, std::uint8_t const * end,
+    Ratchet & value,
+    bool includes_chain_index
+);
+
+
+} // namespace olm

data/ext/ruby_olm/ext_lib_olm/olm/include/olm/session.hh

@@ -0,0 +1,156 @@
+/* Copyright 2015 OpenMarket Ltd
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef OLM_SESSION_HH_
+#define OLM_SESSION_HH_
+
+#include "olm/ratchet.hh"
+
+namespace olm {
+
+struct Account;
+
+enum struct MessageType {
+    PRE_KEY = 0,
+    MESSAGE = 1,
+};
+
+struct Session {
+
+    Session();
+
+    Ratchet ratchet;
+    OlmErrorCode last_error;
+
+    bool received_message;
+
+    _olm_curve25519_public_key alice_identity_key;
+    _olm_curve25519_public_key alice_base_key;
+    _olm_curve25519_public_key bob_one_time_key;
+
+    /** The number of random bytes that are needed to create a new outbound
+     * session. This will be 64 bytes since two ephemeral keys are needed. */
+    std::size_t new_outbound_session_random_length();
+
+    /** Start a new outbound session. Returns std::size_t(-1) on failure. On
+     * failure last_error will be set with an error code. The last_error will be
+     * NOT_ENOUGH_RANDOM if the number of random bytes was too small. */
+    std::size_t new_outbound_session(
+        Account const & local_account,
+        _olm_curve25519_public_key const & identity_key,
+        _olm_curve25519_public_key const & one_time_key,
+        std::uint8_t const * random, std::size_t random_length
+    );
+
+    /** Start a new inbound session from a pre-key message.
+     * Returns std::size_t(-1) on failure. On failure last_error will be set
+     * with an error code. The last_error will be BAD_MESSAGE_FORMAT if
+     * the message headers could not be decoded. */
+    std::size_t new_inbound_session(
+        Account & local_account,
+        _olm_curve25519_public_key const * their_identity_key,
+        std::uint8_t const * pre_key_message, std::size_t message_length
+    );
+
+    /** The number of bytes written by session_id() */
+    std::size_t session_id_length();
+
+    /** An identifier for this session. Generated by hashing the public keys
+     * used to create the session. Returns the length of the session id on
+     * success or std::size_t(-1) on failure. On failure last_error will be set
+     * with an error code. The last_error will be OUTPUT_BUFFER_TOO_SMALL if
+     * the id buffer was too small. */
+    std::size_t session_id(
+        std::uint8_t * id, std::size_t id_length
+    );
+
+    /** True if this session can be used to decode an inbound pre-key message.
+     * This can be used to test whether a pre-key message should be decoded
+     * with an existing session or if a new session will need to be created.
+     * Returns true if the session is the same. Returns false if either the
+     * session does not match or the pre-key message could not be decoded.
+     */
+    bool matches_inbound_session(
+        _olm_curve25519_public_key const * their_identity_key,
+        std::uint8_t const * pre_key_message, std::size_t message_length
+    );
+
+    /** Whether the next message will be a pre-key message or a normal message.
+     * An outbound session will send pre-key messages until it receives a
+     * message with a ratchet key. */
+    MessageType encrypt_message_type();
+
+    std::size_t encrypt_message_length(
+        std::size_t plaintext_length
+    );
+
+    /** The number of bytes of random data the encrypt method will need to
+     * encrypt a message. This will be 32 bytes if the session needs to
+     * generate a new ephemeral key, or will be 0 bytes otherwise. */
+    std::size_t encrypt_random_length();
+
+    /** Encrypt some plain-text. Returns the length of the encrypted message
+      * or std::size_t(-1) on failure. On failure last_error will be set with
+      * an error code. The last_error will be NOT_ENOUGH_RANDOM if the number
+      * of random bytes is too small. The last_error will be
+      * OUTPUT_BUFFER_TOO_SMALL if the output buffer is too small. */
+    std::size_t encrypt(
+        std::uint8_t const * plaintext, std::size_t plaintext_length,
+        std::uint8_t const * random, std::size_t random_length,
+        std::uint8_t * message, std::size_t message_length
+    );
+
+    /** An upper bound on the number of bytes of plain-text the decrypt method
+     * will write for a given input message length. */
+    std::size_t decrypt_max_plaintext_length(
+        MessageType message_type,
+        std::uint8_t const * message, std::size_t message_length
+    );
+
+    /** Decrypt a message. Returns the length of the decrypted plain-text or
+     * std::size_t(-1) on failure. On failure last_error will be set with an
+     * error code. The last_error will be OUTPUT_BUFFER_TOO_SMALL if the
+     * plain-text buffer is too small. The last_error will be
+     * BAD_MESSAGE_VERSION if the message was encrypted with an unsupported
+     * version of the protocol. The last_error will be BAD_MESSAGE_FORMAT if
+     * the message headers could not be decoded. The last_error will be
+     * BAD_MESSAGE_MAC if the message could not be verified */
+    std::size_t decrypt(
+        MessageType message_type,
+        std::uint8_t const * message, std::size_t message_length,
+        std::uint8_t * plaintext, std::size_t max_plaintext_length
+    );
+};
+
+
+std::size_t pickle_length(
+    Session const & value
+);
+
+
+std::uint8_t * pickle(
+    std::uint8_t * pos,
+    Session const & value
+);
+
+
+std::uint8_t const * unpickle(
+    std::uint8_t const * pos, std::uint8_t const * end,
+    Session & value
+);
+
+
+} // namespace olm
+
+#endif /* OLM_SESSION_HH_ */

data/ext/ruby_olm/ext_lib_olm/olm/include/olm/utility.hh

@@ -0,0 +1,61 @@
+/* Copyright 2015 OpenMarket Ltd
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef UTILITY_HH_
+#define UTILITY_HH_
+
+#include "olm/error.h"
+
+#include <cstddef>
+#include <cstdint>
+
+struct _olm_ed25519_public_key;
+
+namespace olm {
+
+struct Utility {
+
+    Utility();
+
+    OlmErrorCode last_error;
+
+    /** The length of a SHA-256 hash in bytes. */
+    std::size_t sha256_length();
+
+    /** Compute a SHA-256 hash. Returns the length of the SHA-256 hash in bytes
+     * on success. Returns std::size_t(-1) on failure. On failure last_error
+     * will be set with an error code. If the output buffer was too small then
+     * last error will be OUTPUT_BUFFER_TOO_SMALL. */
+    std::size_t sha256(
+        std::uint8_t const * input, std::size_t input_length,
+        std::uint8_t * output, std::size_t output_length
+    );
+
+    /** Verify a ed25519 signature. Returns std::size_t(0) on success. Returns
+     * std::size_t(-1) on failure or if the signature was invalid. On failure
+     * last_error will be set with an error code. If the signature was too short
+     * or was not a valid signature then last_error will be BAD_MESSAGE_MAC. */
+    std::size_t ed25519_verify(
+        _olm_ed25519_public_key const & key,
+        std::uint8_t const * message, std::size_t message_length,
+        std::uint8_t const * signature, std::size_t signature_length
+    );
+
+};
+
+
+} // namespace olm
+
+#endif /* UTILITY_HH_ */