ruby_olm 0.1.1

data/ext/ruby_olm/ext_lib_olm/staging/session.cpp

@@ -0,0 +1,461 @@
+/* Copyright 2015, 2016 OpenMarket Ltd
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include "olm/session.hh"
+#include "olm/cipher.h"
+#include "olm/crypto.h"
+#include "olm/account.hh"
+#include "olm/memory.hh"
+#include "olm/message.hh"
+#include "olm/pickle.hh"
+
+#include <cstring>
+
+namespace {
+
+static const std::uint8_t PROTOCOL_VERSION = 0x3;
+
+static const std::uint8_t ROOT_KDF_INFO[] = "OLM_ROOT";
+static const std::uint8_t RATCHET_KDF_INFO[] = "OLM_RATCHET";
+static const std::uint8_t CIPHER_KDF_INFO[] = "OLM_KEYS";
+
+static const olm::KdfInfo OLM_KDF_INFO = {
+    ROOT_KDF_INFO, sizeof(ROOT_KDF_INFO) - 1,
+    RATCHET_KDF_INFO, sizeof(RATCHET_KDF_INFO) - 1
+};
+
+static const struct _olm_cipher_aes_sha_256 OLM_CIPHER =
+    OLM_CIPHER_INIT_AES_SHA_256(CIPHER_KDF_INFO);
+
+} // namespace
+
+olm::Session::Session(
+) : ratchet(OLM_KDF_INFO, OLM_CIPHER_BASE(&OLM_CIPHER)),
+    last_error(OlmErrorCode::OLM_SUCCESS),
+    received_message(false) {
+
+}
+
+
+std::size_t olm::Session::new_outbound_session_random_length() {
+    return CURVE25519_RANDOM_LENGTH * 2;
+}
+
+
+std::size_t olm::Session::new_outbound_session(
+    olm::Account const & local_account,
+    _olm_curve25519_public_key const & identity_key,
+    _olm_curve25519_public_key const & one_time_key,
+    std::uint8_t const * random, std::size_t random_length
+) {
+    if (random_length < new_outbound_session_random_length()) {
+        last_error = OlmErrorCode::OLM_NOT_ENOUGH_RANDOM;
+        return std::size_t(-1);
+    }
+
+    _olm_curve25519_key_pair base_key;
+    _olm_crypto_curve25519_generate_key(random, &base_key);
+
+    _olm_curve25519_key_pair ratchet_key;
+    _olm_crypto_curve25519_generate_key(random + CURVE25519_RANDOM_LENGTH, &ratchet_key);
+
+    _olm_curve25519_key_pair const & alice_identity_key_pair = (
+        local_account.identity_keys.curve25519_key
+    );
+
+    received_message = false;
+    alice_identity_key = alice_identity_key_pair.public_key;
+    alice_base_key = base_key.public_key;
+    bob_one_time_key = one_time_key;
+
+    // Calculate the shared secret S via triple DH
+    std::uint8_t secret[3 * CURVE25519_SHARED_SECRET_LENGTH];
+    std::uint8_t * pos = secret;
+
+    _olm_crypto_curve25519_shared_secret(&alice_identity_key_pair, &one_time_key, pos);
+    pos += CURVE25519_SHARED_SECRET_LENGTH;
+    _olm_crypto_curve25519_shared_secret(&base_key, &identity_key, pos);
+    pos += CURVE25519_SHARED_SECRET_LENGTH;
+    _olm_crypto_curve25519_shared_secret(&base_key, &one_time_key, pos);
+
+    ratchet.initialise_as_alice(secret, sizeof(secret), ratchet_key);
+
+    olm::unset(base_key);
+    olm::unset(ratchet_key);
+    olm::unset(secret);
+
+    return std::size_t(0);
+}
+
+namespace {
+
+static bool check_message_fields(
+    olm::PreKeyMessageReader & reader, bool have_their_identity_key
+) {
+    bool ok = true;
+    ok = ok && (have_their_identity_key || reader.identity_key);
+    if (reader.identity_key) {
+        ok = ok && reader.identity_key_length == CURVE25519_KEY_LENGTH;
+    }
+    ok = ok && reader.message;
+    ok = ok && reader.base_key;
+    ok = ok && reader.base_key_length == CURVE25519_KEY_LENGTH;
+    ok = ok && reader.one_time_key;
+    ok = ok && reader.one_time_key_length == CURVE25519_KEY_LENGTH;
+    return ok;
+}
+
+} // namespace
+
+
+std::size_t olm::Session::new_inbound_session(
+    olm::Account & local_account,
+    _olm_curve25519_public_key const * their_identity_key,
+    std::uint8_t const * one_time_key_message, std::size_t message_length
+) {
+    olm::PreKeyMessageReader reader;
+    decode_one_time_key_message(reader, one_time_key_message, message_length);
+
+    if (!check_message_fields(reader, their_identity_key)) {
+        last_error = OlmErrorCode::OLM_BAD_MESSAGE_FORMAT;
+        return std::size_t(-1);
+    }
+
+    if (reader.identity_key && their_identity_key) {
+        bool same = 0 == std::memcmp(
+            their_identity_key->public_key, reader.identity_key, CURVE25519_KEY_LENGTH
+        );
+        if (!same) {
+            last_error = OlmErrorCode::OLM_BAD_MESSAGE_KEY_ID;
+            return std::size_t(-1);
+        }
+    }
+
+    olm::load_array(alice_identity_key.public_key, reader.identity_key);
+    olm::load_array(alice_base_key.public_key, reader.base_key);
+    olm::load_array(bob_one_time_key.public_key, reader.one_time_key);
+
+    olm::MessageReader message_reader;
+    decode_message(
+        message_reader, reader.message, reader.message_length,
+        ratchet.ratchet_cipher->ops->mac_length(ratchet.ratchet_cipher)
+    );
+
+    if (!message_reader.ratchet_key
+            || message_reader.ratchet_key_length != CURVE25519_KEY_LENGTH) {
+        last_error = OlmErrorCode::OLM_BAD_MESSAGE_FORMAT;
+        return std::size_t(-1);
+    }
+
+    _olm_curve25519_public_key ratchet_key;
+    olm::load_array(ratchet_key.public_key, message_reader.ratchet_key);
+
+    olm::OneTimeKey const * our_one_time_key = local_account.lookup_key(
+        bob_one_time_key
+    );
+
+    if (!our_one_time_key) {
+        last_error = OlmErrorCode::OLM_BAD_MESSAGE_KEY_ID;
+        return std::size_t(-1);
+    }
+
+    _olm_curve25519_key_pair const & bob_identity_key = (
+        local_account.identity_keys.curve25519_key
+    );
+    _olm_curve25519_key_pair const & bob_one_time_key = our_one_time_key->key;
+
+    // Calculate the shared secret S via triple DH
+    std::uint8_t secret[CURVE25519_SHARED_SECRET_LENGTH * 3];
+    std::uint8_t * pos = secret;
+    _olm_crypto_curve25519_shared_secret(&bob_one_time_key, &alice_identity_key, pos);
+    pos += CURVE25519_SHARED_SECRET_LENGTH;
+    _olm_crypto_curve25519_shared_secret(&bob_identity_key, &alice_base_key, pos);
+    pos += CURVE25519_SHARED_SECRET_LENGTH;
+    _olm_crypto_curve25519_shared_secret(&bob_one_time_key, &alice_base_key, pos);
+
+    ratchet.initialise_as_bob(secret, sizeof(secret), ratchet_key);
+
+    olm::unset(secret);
+
+    return std::size_t(0);
+}
+
+
+std::size_t olm::Session::session_id_length() {
+    return SHA256_OUTPUT_LENGTH;
+}
+
+
+std::size_t olm::Session::session_id(
+    std::uint8_t * id, std::size_t id_length
+) {
+    if (id_length < session_id_length()) {
+        last_error = OlmErrorCode::OLM_OUTPUT_BUFFER_TOO_SMALL;
+        return std::size_t(-1);
+    }
+    std::uint8_t tmp[CURVE25519_KEY_LENGTH * 3];
+    std::uint8_t * pos = tmp;
+    pos = olm::store_array(pos, alice_identity_key.public_key);
+    pos = olm::store_array(pos, alice_base_key.public_key);
+    pos = olm::store_array(pos, bob_one_time_key.public_key);
+    _olm_crypto_sha256(tmp, sizeof(tmp), id);
+    return session_id_length();
+}
+
+bool olm::Session::matches_inbound_session(
+    _olm_curve25519_public_key const * their_identity_key,
+    std::uint8_t const * one_time_key_message, std::size_t message_length
+) {
+    olm::PreKeyMessageReader reader;
+    decode_one_time_key_message(reader, one_time_key_message, message_length);
+
+    if (!check_message_fields(reader, their_identity_key)) {
+        return false;
+    }
+
+    bool same = true;
+    if (reader.identity_key) {
+        same = same && 0 == std::memcmp(
+            reader.identity_key, alice_identity_key.public_key, CURVE25519_KEY_LENGTH
+        );
+    }
+    if (their_identity_key) {
+        same = same && 0 == std::memcmp(
+            their_identity_key->public_key, alice_identity_key.public_key,
+            CURVE25519_KEY_LENGTH
+        );
+    }
+    same = same && 0 == std::memcmp(
+        reader.base_key, alice_base_key.public_key, CURVE25519_KEY_LENGTH
+    );
+    same = same && 0 == std::memcmp(
+        reader.one_time_key, bob_one_time_key.public_key, CURVE25519_KEY_LENGTH
+    );
+    return same;
+}
+
+
+olm::MessageType olm::Session::encrypt_message_type() {
+    if (received_message) {
+        return olm::MessageType::MESSAGE;
+    } else {
+        return olm::MessageType::PRE_KEY;
+    }
+}
+
+
+std::size_t olm::Session::encrypt_message_length(
+    std::size_t plaintext_length
+) {
+    std::size_t message_length = ratchet.encrypt_output_length(
+        plaintext_length
+    );
+
+    if (received_message) {
+        return message_length;
+    }
+
+    return encode_one_time_key_message_length(
+        CURVE25519_KEY_LENGTH,
+        CURVE25519_KEY_LENGTH,
+        CURVE25519_KEY_LENGTH,
+        message_length
+    );
+}
+
+
+std::size_t olm::Session::encrypt_random_length() {
+    return ratchet.encrypt_random_length();
+}
+
+
+std::size_t olm::Session::encrypt(
+    std::uint8_t const * plaintext, std::size_t plaintext_length,
+    std::uint8_t const * random, std::size_t random_length,
+    std::uint8_t * message, std::size_t message_length
+) {
+    if (message_length < encrypt_message_length(plaintext_length)) {
+        last_error = OlmErrorCode::OLM_OUTPUT_BUFFER_TOO_SMALL;
+        return std::size_t(-1);
+    }
+    std::uint8_t * message_body;
+    std::size_t message_body_length = ratchet.encrypt_output_length(
+        plaintext_length
+    );
+
+    if (received_message) {
+        message_body = message;
+    } else {
+        olm::PreKeyMessageWriter writer;
+        encode_one_time_key_message(
+            writer,
+            PROTOCOL_VERSION,
+            CURVE25519_KEY_LENGTH,
+            CURVE25519_KEY_LENGTH,
+            CURVE25519_KEY_LENGTH,
+            message_body_length,
+            message
+        );
+        olm::store_array(writer.one_time_key, bob_one_time_key.public_key);
+        olm::store_array(writer.identity_key, alice_identity_key.public_key);
+        olm::store_array(writer.base_key, alice_base_key.public_key);
+        message_body = writer.message;
+    }
+
+    std::size_t result = ratchet.encrypt(
+        plaintext, plaintext_length,
+        random, random_length,
+        message_body, message_body_length
+    );
+
+    if (result == std::size_t(-1)) {
+        last_error = ratchet.last_error;
+        ratchet.last_error = OlmErrorCode::OLM_SUCCESS;
+        return result;
+    }
+
+    return result;
+}
+
+
+std::size_t olm::Session::decrypt_max_plaintext_length(
+    MessageType message_type,
+    std::uint8_t const * message, std::size_t message_length
+) {
+    std::uint8_t const * message_body;
+    std::size_t message_body_length;
+    if (message_type == olm::MessageType::MESSAGE) {
+        message_body = message;
+        message_body_length = message_length;
+    } else {
+        olm::PreKeyMessageReader reader;
+        decode_one_time_key_message(reader, message, message_length);
+        if (!reader.message) {
+            last_error = OlmErrorCode::OLM_BAD_MESSAGE_FORMAT;
+            return std::size_t(-1);
+        }
+        message_body = reader.message;
+        message_body_length = reader.message_length;
+    }
+
+    std::size_t result = ratchet.decrypt_max_plaintext_length(
+        message_body, message_body_length
+    );
+
+    if (result == std::size_t(-1)) {
+        last_error = ratchet.last_error;
+        ratchet.last_error = OlmErrorCode::OLM_SUCCESS;
+    }
+    return result;
+}
+
+
+std::size_t olm::Session::decrypt(
+    olm::MessageType message_type,
+    std::uint8_t const * message, std::size_t message_length,
+    std::uint8_t * plaintext, std::size_t max_plaintext_length
+) {
+    std::uint8_t const * message_body;
+    std::size_t message_body_length;
+    if (message_type == olm::MessageType::MESSAGE) {
+        message_body = message;
+        message_body_length = message_length;
+    } else {
+        olm::PreKeyMessageReader reader;
+        decode_one_time_key_message(reader, message, message_length);
+        if (!reader.message) {
+            last_error = OlmErrorCode::OLM_BAD_MESSAGE_FORMAT;
+            return std::size_t(-1);
+        }
+        message_body = reader.message;
+        message_body_length = reader.message_length;
+    }
+
+    std::size_t result = ratchet.decrypt(
+        message_body, message_body_length, plaintext, max_plaintext_length
+    );
+
+    if (result == std::size_t(-1)) {
+        last_error = ratchet.last_error;
+        ratchet.last_error = OlmErrorCode::OLM_SUCCESS;
+        return result;
+    }
+
+    received_message = true;
+    return result;
+}
+
+namespace {
+// the master branch writes pickle version 1; the logging_enabled branch writes
+// 0x80000001.
+static const std::uint32_t SESSION_PICKLE_VERSION = 1;
+}
+
+std::size_t olm::pickle_length(
+    Session const & value
+) {
+    std::size_t length = 0;
+    length += olm::pickle_length(SESSION_PICKLE_VERSION);
+    length += olm::pickle_length(value.received_message);
+    length += olm::pickle_length(value.alice_identity_key);
+    length += olm::pickle_length(value.alice_base_key);
+    length += olm::pickle_length(value.bob_one_time_key);
+    length += olm::pickle_length(value.ratchet);
+    return length;
+}
+
+
+std::uint8_t * olm::pickle(
+    std::uint8_t * pos,
+    Session const & value
+) {
+    pos = olm::pickle(pos, SESSION_PICKLE_VERSION);
+    pos = olm::pickle(pos, value.received_message);
+    pos = olm::pickle(pos, value.alice_identity_key);
+    pos = olm::pickle(pos, value.alice_base_key);
+    pos = olm::pickle(pos, value.bob_one_time_key);
+    pos = olm::pickle(pos, value.ratchet);
+    return pos;
+}
+
+
+std::uint8_t const * olm::unpickle(
+    std::uint8_t const * pos, std::uint8_t const * end,
+    Session & value
+) {
+    uint32_t pickle_version;
+    pos = olm::unpickle(pos, end, pickle_version);
+
+    bool includes_chain_index;
+    switch (pickle_version) {
+        case 1:
+            includes_chain_index = false;
+            break;
+
+        case 0x80000001UL:
+            includes_chain_index = true;
+            break;
+
+        default:
+            value.last_error = OlmErrorCode::OLM_UNKNOWN_PICKLE_VERSION;
+            return end;
+    }
+
+    pos = olm::unpickle(pos, end, value.received_message);
+    pos = olm::unpickle(pos, end, value.alice_identity_key);
+    pos = olm::unpickle(pos, end, value.alice_base_key);
+    pos = olm::unpickle(pos, end, value.bob_one_time_key);
+    pos = olm::unpickle(pos, end, value.ratchet, includes_chain_index);
+    return pos;
+}

data/ext/ruby_olm/ext_lib_olm/staging/sha256.c

@@ -0,0 +1,159 @@
+/*********************************************************************
+* Filename:   sha256.c
+* Author:     Brad Conte (brad AT bradconte.com)
+* Copyright:
+* Disclaimer: This code is presented "as is" without any guarantees.
+* Details:    Implementation of the SHA-256 hashing algorithm.
+              SHA-256 is one of the three algorithms in the SHA2
+              specification. The others, SHA-384 and SHA-512, are not
+              offered in this implementation.
+              Algorithm specification can be found here:
+               * http://csrc.nist.gov/publications/fips/fips180-2/fips180-2withchangenotice.pdf
+              This implementation uses little endian byte order.
+*********************************************************************/
+
+/*************************** HEADER FILES ***************************/
+#include <stdlib.h>
+#include <memory.h>
+#include <string.h>
+#include "sha256.h"
+
+/****************************** MACROS ******************************/
+#define ROTLEFT(a,b) (((a) << (b)) | ((a) >> (32-(b))))
+#define ROTRIGHT(a,b) (((a) >> (b)) | ((a) << (32-(b))))
+
+#define CH(x,y,z) (((x) & (y)) ^ (~(x) & (z)))
+#define MAJ(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
+#define EP0(x) (ROTRIGHT(x,2) ^ ROTRIGHT(x,13) ^ ROTRIGHT(x,22))
+#define EP1(x) (ROTRIGHT(x,6) ^ ROTRIGHT(x,11) ^ ROTRIGHT(x,25))
+#define SIG0(x) (ROTRIGHT(x,7) ^ ROTRIGHT(x,18) ^ ((x) >> 3))
+#define SIG1(x) (ROTRIGHT(x,17) ^ ROTRIGHT(x,19) ^ ((x) >> 10))
+
+/**************************** VARIABLES *****************************/
+static const WORD k[64] = {
+	0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5,0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5,
+	0xd807aa98,0x12835b01,0x243185be,0x550c7dc3,0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174,
+	0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc,0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da,
+	0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7,0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967,
+	0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13,0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85,
+	0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3,0xd192e819,0xd6990624,0xf40e3585,0x106aa070,
+	0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5,0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3,
+	0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208,0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
+};
+
+/*********************** FUNCTION DEFINITIONS ***********************/
+void sha256_transform(SHA256_CTX *ctx, const BYTE data[])
+{
+	WORD a, b, c, d, e, f, g, h, i, j, t1, t2, m[64];
+
+	for (i = 0, j = 0; i < 16; ++i, j += 4)
+		m[i] = (data[j] << 24) | (data[j + 1] << 16) | (data[j + 2] << 8) | (data[j + 3]);
+	for ( ; i < 64; ++i)
+		m[i] = SIG1(m[i - 2]) + m[i - 7] + SIG0(m[i - 15]) + m[i - 16];
+
+	a = ctx->state[0];
+	b = ctx->state[1];
+	c = ctx->state[2];
+	d = ctx->state[3];
+	e = ctx->state[4];
+	f = ctx->state[5];
+	g = ctx->state[6];
+	h = ctx->state[7];
+
+	for (i = 0; i < 64; ++i) {
+		t1 = h + EP1(e) + CH(e,f,g) + k[i] + m[i];
+		t2 = EP0(a) + MAJ(a,b,c);
+		h = g;
+		g = f;
+		f = e;
+		e = d + t1;
+		d = c;
+		c = b;
+		b = a;
+		a = t1 + t2;
+	}
+
+	ctx->state[0] += a;
+	ctx->state[1] += b;
+	ctx->state[2] += c;
+	ctx->state[3] += d;
+	ctx->state[4] += e;
+	ctx->state[5] += f;
+	ctx->state[6] += g;
+	ctx->state[7] += h;
+}
+
+void sha256_init(SHA256_CTX *ctx)
+{
+	ctx->datalen = 0;
+	ctx->bitlen = 0;
+	ctx->state[0] = 0x6a09e667;
+	ctx->state[1] = 0xbb67ae85;
+	ctx->state[2] = 0x3c6ef372;
+	ctx->state[3] = 0xa54ff53a;
+	ctx->state[4] = 0x510e527f;
+	ctx->state[5] = 0x9b05688c;
+	ctx->state[6] = 0x1f83d9ab;
+	ctx->state[7] = 0x5be0cd19;
+}
+
+void sha256_update(SHA256_CTX *ctx, const BYTE data[], size_t len)
+{
+	WORD i;
+
+	for (i = 0; i < len; ++i) {
+		ctx->data[ctx->datalen] = data[i];
+		ctx->datalen++;
+		if (ctx->datalen == 64) {
+			sha256_transform(ctx, ctx->data);
+			ctx->bitlen += 512;
+			ctx->datalen = 0;
+		}
+	}
+}
+
+void sha256_final(SHA256_CTX *ctx, BYTE hash[])
+{
+	WORD i;
+
+	i = ctx->datalen;
+
+	// Pad whatever data is left in the buffer.
+	if (ctx->datalen < 56) {
+		ctx->data[i++] = 0x80;
+		while (i < 56)
+			ctx->data[i++] = 0x00;
+	}
+	else {
+		ctx->data[i++] = 0x80;
+		while (i < 64)
+			ctx->data[i++] = 0x00;
+		sha256_transform(ctx, ctx->data);
+		memset(ctx->data, 0, 56);
+	}
+
+	// Append to the padding the total message's length in bits and transform.
+	ctx->bitlen += ctx->datalen * 8;
+	ctx->data[63] = ctx->bitlen;
+	ctx->data[62] = ctx->bitlen >> 8;
+	ctx->data[61] = ctx->bitlen >> 16;
+	ctx->data[60] = ctx->bitlen >> 24;
+	ctx->data[59] = ctx->bitlen >> 32;
+	ctx->data[58] = ctx->bitlen >> 40;
+	ctx->data[57] = ctx->bitlen >> 48;
+	ctx->data[56] = ctx->bitlen >> 56;
+	sha256_transform(ctx, ctx->data);
+
+	// Since this implementation uses little endian byte ordering and SHA uses big endian,
+	// reverse all the bytes when copying the final state to the output hash.
+	for (i = 0; i < 4; ++i) {
+		hash[i]      = (ctx->state[0] >> (24 - i * 8)) & 0x000000ff;
+		hash[i + 4]  = (ctx->state[1] >> (24 - i * 8)) & 0x000000ff;
+		hash[i + 8]  = (ctx->state[2] >> (24 - i * 8)) & 0x000000ff;
+		hash[i + 12] = (ctx->state[3] >> (24 - i * 8)) & 0x000000ff;
+		hash[i + 16] = (ctx->state[4] >> (24 - i * 8)) & 0x000000ff;
+		hash[i + 20] = (ctx->state[5] >> (24 - i * 8)) & 0x000000ff;
+		hash[i + 24] = (ctx->state[6] >> (24 - i * 8)) & 0x000000ff;
+		hash[i + 28] = (ctx->state[7] >> (24 - i * 8)) & 0x000000ff;
+	}
+}

data/ext/ruby_olm/ext_lib_olm/staging/utility.cpp

@@ -0,0 +1,57 @@
+/* Copyright 2015 OpenMarket Ltd
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "olm/utility.hh"
+#include "olm/crypto.h"
+
+
+olm::Utility::Utility(
+) : last_error(OlmErrorCode::OLM_SUCCESS) {
+}
+
+
+size_t olm::Utility::sha256_length() {
+    return SHA256_OUTPUT_LENGTH;
+}
+
+
+size_t olm::Utility::sha256(
+    std::uint8_t const * input, std::size_t input_length,
+    std::uint8_t * output, std::size_t output_length
+) {
+    if (output_length < sha256_length()) {
+        last_error = OlmErrorCode::OLM_OUTPUT_BUFFER_TOO_SMALL;
+        return std::size_t(-1);
+    }
+    _olm_crypto_sha256(input, input_length, output);
+    return SHA256_OUTPUT_LENGTH;
+}
+
+
+size_t olm::Utility::ed25519_verify(
+    _olm_ed25519_public_key const & key,
+    std::uint8_t const * message, std::size_t message_length,
+    std::uint8_t const * signature, std::size_t signature_length
+) {
+    if (signature_length < ED25519_SIGNATURE_LENGTH) {
+        last_error = OlmErrorCode::OLM_BAD_MESSAGE_MAC;
+        return std::size_t(-1);
+    }
+    if (!_olm_crypto_ed25519_verify(&key, message, message_length, signature)) {
+        last_error = OlmErrorCode::OLM_BAD_MESSAGE_MAC;
+        return std::size_t(-1);
+    }
+    return std::size_t(0);
+}