ruby_olm 0.1.1

data/ext/ruby_olm/ext_lib_olm/staging/megolm.c

@@ -0,0 +1,150 @@
+/* Copyright 2016 OpenMarket Ltd
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+
+#include "olm/megolm.h"
+
+#include <string.h>
+
+#include "olm/cipher.h"
+#include "olm/crypto.h"
+#include "olm/pickle.h"
+
+static const struct _olm_cipher_aes_sha_256 MEGOLM_CIPHER =
+    OLM_CIPHER_INIT_AES_SHA_256("MEGOLM_KEYS");
+const struct _olm_cipher *megolm_cipher = OLM_CIPHER_BASE(&MEGOLM_CIPHER);
+
+/* the seeds used in the HMAC-SHA-256 functions for each part of the ratchet.
+ */
+#define HASH_KEY_SEED_LENGTH 1
+static uint8_t HASH_KEY_SEEDS[MEGOLM_RATCHET_PARTS][HASH_KEY_SEED_LENGTH] = {
+    {0x00},
+    {0x01},
+    {0x02},
+    {0x03}
+};
+
+static void rehash_part(
+    uint8_t data[MEGOLM_RATCHET_PARTS][MEGOLM_RATCHET_PART_LENGTH],
+    int rehash_from_part, int rehash_to_part
+) {
+    _olm_crypto_hmac_sha256(
+        data[rehash_from_part],
+        MEGOLM_RATCHET_PART_LENGTH,
+        HASH_KEY_SEEDS[rehash_to_part], HASH_KEY_SEED_LENGTH,
+        data[rehash_to_part]
+    );
+}
+
+
+
+void megolm_init(Megolm *megolm, uint8_t const *random_data, uint32_t counter) {
+    megolm->counter = counter;
+    memcpy(megolm->data, random_data, MEGOLM_RATCHET_LENGTH);
+}
+
+size_t megolm_pickle_length(const Megolm *megolm) {
+    size_t length = 0;
+    length += _olm_pickle_bytes_length(megolm_get_data(megolm), MEGOLM_RATCHET_LENGTH);
+    length += _olm_pickle_uint32_length(megolm->counter);
+    return length;
+
+}
+
+uint8_t * megolm_pickle(const Megolm *megolm,  uint8_t *pos) {
+    pos = _olm_pickle_bytes(pos, megolm_get_data(megolm), MEGOLM_RATCHET_LENGTH);
+    pos = _olm_pickle_uint32(pos, megolm->counter);
+    return pos;
+}
+
+const uint8_t * megolm_unpickle(Megolm *megolm, const uint8_t *pos,
+                                const uint8_t *end) {
+    pos = _olm_unpickle_bytes(pos, end, (uint8_t *)(megolm->data),
+                             MEGOLM_RATCHET_LENGTH);
+    pos = _olm_unpickle_uint32(pos, end, &megolm->counter);
+    return pos;
+}
+
+/* simplistic implementation for a single step */
+void megolm_advance(Megolm *megolm) {
+    uint32_t mask = 0x00FFFFFF;
+    int h = 0;
+    int i;
+
+    megolm->counter++;
+
+    /* figure out how much we need to rekey */
+    while (h < (int)MEGOLM_RATCHET_PARTS) {
+        if (!(megolm->counter & mask))
+            break;
+        h++;
+        mask >>= 8;
+    }
+
+    /* now update R(h)...R(3) based on R(h) */
+    for (i = MEGOLM_RATCHET_PARTS-1; i >= h; i--) {
+        rehash_part(megolm->data, h, i);
+    }
+}
+
+void megolm_advance_to(Megolm *megolm, uint32_t advance_to) {
+    int j;
+
+    /* starting with R0, see if we need to update each part of the hash */
+    for (j = 0; j < (int)MEGOLM_RATCHET_PARTS; j++) {
+        int shift = (MEGOLM_RATCHET_PARTS-j-1) * 8;
+        uint32_t mask = (~(uint32_t)0) << shift;
+        int k;
+
+        /* how many times do we need to rehash this part?
+         *
+         * '& 0xff' ensures we handle integer wraparound correctly
+         */
+        unsigned int steps =
+            ((advance_to >> shift) - (megolm->counter >> shift)) & 0xff;
+
+        if (steps == 0) {
+            /* deal with the edge case where megolm->counter is slightly larger
+             * than advance_to. This should only happen for R(0), and implies
+             * that advance_to has wrapped around and we need to advance R(0)
+             * 256 times.
+             */
+            if (advance_to < megolm->counter) {
+                steps = 0x100;
+            } else {
+                continue;
+            }
+        }
+
+        /* for all but the last step, we can just bump R(j) without regard
+         * to R(j+1)...R(3).
+         */
+        while (steps > 1) {
+            rehash_part(megolm->data, j, j);
+            steps --;
+        }
+
+        /* on the last step we also need to bump R(j+1)...R(3).
+         *
+         * (Theoretically, we could skip bumping R(j+2) if we're going to bump
+         * R(j+1) again, but the code to figure that out is a bit baroque and
+         * doesn't save us much).
+         */
+        for (k = 3; k >= j; k--) {
+            rehash_part(megolm->data, j, k);
+        }
+        megolm->counter = advance_to & mask;
+    }
+}

data/ext/ruby_olm/ext_lib_olm/staging/memory.cpp

@@ -0,0 +1,45 @@
+/* Copyright 2015 OpenMarket Ltd
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include "olm/memory.hh"
+#include "olm/memory.h"
+
+void _olm_unset(
+    void volatile * buffer, size_t buffer_length
+) {
+    olm::unset(buffer, buffer_length);
+}
+
+void olm::unset(
+    void volatile * buffer, std::size_t buffer_length
+) {
+    char volatile * pos = reinterpret_cast<char volatile *>(buffer);
+    char volatile * end = pos + buffer_length;
+    while (pos != end) {
+        *(pos++) = 0;
+    }
+}
+
+
+bool olm::is_equal(
+    std::uint8_t const * buffer_a,
+    std::uint8_t const * buffer_b,
+    std::size_t length
+) {
+    std::uint8_t volatile result = 0;
+    while (length--) {
+        result |= (*(buffer_a++)) ^ (*(buffer_b++));
+    }
+    return result == 0;
+}

data/ext/ruby_olm/ext_lib_olm/staging/message.cpp

@@ -0,0 +1,401 @@
+/* Copyright 2015-2016 OpenMarket Ltd
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include "olm/message.hh"
+
+#include "olm/memory.hh"
+
+namespace {
+
+template<typename T>
+static std::size_t varint_length(
+    T value
+) {
+    std::size_t result = 1;
+    while (value >= 128U) {
+        ++result;
+        value >>= 7;
+    }
+    return result;
+}
+
+
+template<typename T>
+static std::uint8_t * varint_encode(
+    std::uint8_t * output,
+    T value
+) {
+    while (value >= 128U) {
+        *(output++) = (0x7F & value) | 0x80;
+        value >>= 7;
+    }
+    (*output++) = value;
+    return output;
+}
+
+
+template<typename T>
+static T varint_decode(
+    std::uint8_t const * varint_start,
+    std::uint8_t const * varint_end
+) {
+    T value = 0;
+    if (varint_end == varint_start) {
+        return 0;
+    }
+    do {
+        value <<= 7;
+        value |= 0x7F & *(--varint_end);
+    } while (varint_end != varint_start);
+    return value;
+}
+
+
+static std::uint8_t const * varint_skip(
+    std::uint8_t const * input,
+    std::uint8_t const * input_end
+) {
+    while (input != input_end) {
+        std::uint8_t tmp = *(input++);
+        if ((tmp & 0x80) == 0) {
+            return input;
+        }
+    }
+    return input;
+}
+
+
+static std::size_t varstring_length(
+    std::size_t string_length
+) {
+    return varint_length(string_length) + string_length;
+}
+
+static std::size_t const VERSION_LENGTH = 1;
+static std::uint8_t const RATCHET_KEY_TAG = 012;
+static std::uint8_t const COUNTER_TAG = 020;
+static std::uint8_t const CIPHERTEXT_TAG = 042;
+
+static std::uint8_t * encode(
+    std::uint8_t * pos,
+    std::uint8_t tag,
+    std::uint32_t value
+) {
+    *(pos++) = tag;
+    return varint_encode(pos, value);
+}
+
+static std::uint8_t * encode(
+    std::uint8_t * pos,
+    std::uint8_t tag,
+    std::uint8_t * & value, std::size_t value_length
+) {
+    *(pos++) = tag;
+    pos = varint_encode(pos, value_length);
+    value = pos;
+    return pos + value_length;
+}
+
+static std::uint8_t const * decode(
+    std::uint8_t const * pos, std::uint8_t const * end,
+    std::uint8_t tag,
+    std::uint32_t & value, bool & has_value
+) {
+    if (pos != end && *pos == tag) {
+        ++pos;
+        std::uint8_t const * value_start = pos;
+        pos = varint_skip(pos, end);
+        value = varint_decode<std::uint32_t>(value_start, pos);
+        has_value = true;
+    }
+    return pos;
+}
+
+
+static std::uint8_t const * decode(
+    std::uint8_t const * pos, std::uint8_t const * end,
+    std::uint8_t tag,
+    std::uint8_t const * & value, std::size_t & value_length
+) {
+    if (pos != end && *pos == tag) {
+        ++pos;
+        std::uint8_t const * len_start = pos;
+        pos = varint_skip(pos, end);
+        std::size_t len = varint_decode<std::size_t>(len_start, pos);
+        if (len > std::size_t(end - pos)) return end;
+        value = pos;
+        value_length = len;
+        pos += len;
+    }
+    return pos;
+}
+
+static std::uint8_t const * skip_unknown(
+    std::uint8_t const * pos, std::uint8_t const * end
+) {
+    if (pos != end) {
+        uint8_t tag = *pos;
+        if ((tag & 0x7) == 0) {
+            pos = varint_skip(pos, end);
+            pos = varint_skip(pos, end);
+        } else if ((tag & 0x7) == 2) {
+            pos = varint_skip(pos, end);
+            std::uint8_t const * len_start = pos;
+            pos = varint_skip(pos, end);
+            std::size_t len = varint_decode<std::size_t>(len_start, pos);
+            if (len > std::size_t(end - pos)) return end;
+            pos += len;
+        } else {
+            return end;
+        }
+    }
+    return pos;
+}
+
+} // namespace
+
+
+std::size_t olm::encode_message_length(
+    std::uint32_t counter,
+    std::size_t ratchet_key_length,
+    std::size_t ciphertext_length,
+    std::size_t mac_length
+) {
+    std::size_t length = VERSION_LENGTH;
+    length += 1 + varstring_length(ratchet_key_length);
+    length += 1 + varint_length(counter);
+    length += 1 + varstring_length(ciphertext_length);
+    length += mac_length;
+    return length;
+}
+
+
+void olm::encode_message(
+    olm::MessageWriter & writer,
+    std::uint8_t version,
+    std::uint32_t counter,
+    std::size_t ratchet_key_length,
+    std::size_t ciphertext_length,
+    std::uint8_t * output
+) {
+    std::uint8_t * pos = output;
+    *(pos++) = version;
+    pos = encode(pos, RATCHET_KEY_TAG, writer.ratchet_key, ratchet_key_length);
+    pos = encode(pos, COUNTER_TAG, counter);
+    pos = encode(pos, CIPHERTEXT_TAG, writer.ciphertext, ciphertext_length);
+}
+
+
+void olm::decode_message(
+    olm::MessageReader & reader,
+    std::uint8_t const * input, std::size_t input_length,
+    std::size_t mac_length
+) {
+    std::uint8_t const * pos = input;
+    std::uint8_t const * end = input + input_length - mac_length;
+    std::uint8_t const * unknown = nullptr;
+
+    reader.input = input;
+    reader.input_length = input_length;
+    reader.has_counter = false;
+    reader.ratchet_key = nullptr;
+    reader.ratchet_key_length = 0;
+    reader.ciphertext = nullptr;
+    reader.ciphertext_length = 0;
+
+    if (input_length < mac_length) return;
+
+    if (pos == end) return;
+    reader.version = *(pos++);
+
+    while (pos != end) {
+        unknown = pos;
+        pos = decode(
+            pos, end, RATCHET_KEY_TAG,
+            reader.ratchet_key, reader.ratchet_key_length
+        );
+        pos = decode(
+            pos, end, COUNTER_TAG,
+            reader.counter, reader.has_counter
+        );
+        pos = decode(
+            pos, end, CIPHERTEXT_TAG,
+            reader.ciphertext, reader.ciphertext_length
+        );
+        if (unknown == pos) {
+            pos = skip_unknown(pos, end);
+        }
+    }
+}
+
+
+namespace {
+
+static std::uint8_t const ONE_TIME_KEY_ID_TAG = 012;
+static std::uint8_t const BASE_KEY_TAG = 022;
+static std::uint8_t const IDENTITY_KEY_TAG = 032;
+static std::uint8_t const MESSAGE_TAG = 042;
+
+} // namespace
+
+
+std::size_t olm::encode_one_time_key_message_length(
+    std::size_t one_time_key_length,
+    std::size_t identity_key_length,
+    std::size_t base_key_length,
+    std::size_t message_length
+) {
+    std::size_t length = VERSION_LENGTH;
+    length += 1 + varstring_length(one_time_key_length);
+    length += 1 + varstring_length(identity_key_length);
+    length += 1 + varstring_length(base_key_length);
+    length += 1 + varstring_length(message_length);
+    return length;
+}
+
+
+void olm::encode_one_time_key_message(
+    olm::PreKeyMessageWriter & writer,
+    std::uint8_t version,
+    std::size_t identity_key_length,
+    std::size_t base_key_length,
+    std::size_t one_time_key_length,
+    std::size_t message_length,
+    std::uint8_t * output
+) {
+    std::uint8_t * pos = output;
+    *(pos++) = version;
+    pos = encode(pos, ONE_TIME_KEY_ID_TAG, writer.one_time_key, one_time_key_length);
+    pos = encode(pos, BASE_KEY_TAG, writer.base_key, base_key_length);
+    pos = encode(pos, IDENTITY_KEY_TAG, writer.identity_key, identity_key_length);
+    pos = encode(pos, MESSAGE_TAG, writer.message, message_length);
+}
+
+
+void olm::decode_one_time_key_message(
+    PreKeyMessageReader & reader,
+    std::uint8_t const * input, std::size_t input_length
+) {
+    std::uint8_t const * pos = input;
+    std::uint8_t const * end = input + input_length;
+    std::uint8_t const * unknown = nullptr;
+
+    reader.one_time_key = nullptr;
+    reader.one_time_key_length = 0;
+    reader.identity_key = nullptr;
+    reader.identity_key_length = 0;
+    reader.base_key = nullptr;
+    reader.base_key_length = 0;
+    reader.message = nullptr;
+    reader.message_length = 0;
+
+    if (pos == end) return;
+    reader.version = *(pos++);
+
+    while (pos != end) {
+        unknown = pos;
+        pos = decode(
+            pos, end, ONE_TIME_KEY_ID_TAG,
+            reader.one_time_key, reader.one_time_key_length
+        );
+        pos = decode(
+            pos, end, BASE_KEY_TAG,
+            reader.base_key, reader.base_key_length
+        );
+        pos = decode(
+            pos, end, IDENTITY_KEY_TAG,
+            reader.identity_key, reader.identity_key_length
+        );
+        pos = decode(
+            pos, end, MESSAGE_TAG,
+            reader.message, reader.message_length
+        );
+        if (unknown == pos) {
+            pos = skip_unknown(pos, end);
+        }
+    }
+}
+
+
+
+static const std::uint8_t GROUP_MESSAGE_INDEX_TAG = 010;
+static const std::uint8_t GROUP_CIPHERTEXT_TAG = 022;
+
+size_t _olm_encode_group_message_length(
+    uint32_t message_index,
+    size_t ciphertext_length,
+    size_t mac_length,
+    size_t signature_length
+) {
+    size_t length = VERSION_LENGTH;
+    length += 1 + varint_length(message_index);
+    length += 1 + varstring_length(ciphertext_length);
+    length += mac_length;
+    length += signature_length;
+    return length;
+}
+
+
+size_t _olm_encode_group_message(
+    uint8_t version,
+    uint32_t message_index,
+    size_t ciphertext_length,
+    uint8_t *output,
+    uint8_t **ciphertext_ptr
+) {
+    std::uint8_t * pos = output;
+
+    *(pos++) = version;
+    pos = encode(pos, GROUP_MESSAGE_INDEX_TAG, message_index);
+    pos = encode(pos, GROUP_CIPHERTEXT_TAG, *ciphertext_ptr, ciphertext_length);
+    return pos-output;
+}
+
+void _olm_decode_group_message(
+    const uint8_t *input, size_t input_length,
+    size_t mac_length, size_t signature_length,
+    struct _OlmDecodeGroupMessageResults *results
+) {
+    std::uint8_t const * pos = input;
+    std::size_t trailer_length = mac_length + signature_length;
+    std::uint8_t const * end = input + input_length - trailer_length;
+    std::uint8_t const * unknown = nullptr;
+
+    bool has_message_index = false;
+    results->message_index = 0;
+    results->ciphertext = nullptr;
+    results->ciphertext_length = 0;
+
+    if (input_length < trailer_length) return;
+
+    if (pos == end) return;
+    results->version = *(pos++);
+
+    while (pos != end) {
+        unknown = pos;
+        pos = decode(
+            pos, end, GROUP_MESSAGE_INDEX_TAG,
+            results->message_index, has_message_index
+        );
+        pos = decode(
+            pos, end, GROUP_CIPHERTEXT_TAG,
+            results->ciphertext, results->ciphertext_length
+        );
+        if (unknown == pos) {
+            pos = skip_unknown(pos, end);
+        }
+    }
+
+    results->has_message_index = (int)has_message_index;
+}