about summary refs log tree commit diff stats
path: root/src/omemo
diff options
context:
space:
mode:
authorPaul Fariello <paul@fariello.eu>2019-02-26 20:33:06 +0140
committerPaul Fariello <paul@fariello.eu>2019-04-10 16:03:50 +0200
commit0fb27dc4961608eb9b088ca659eb087dd2c1cae7 (patch)
treecaf8fd8ac5d330e98376b98f471115303b8cc523 /src/omemo
parentb1ae220aa47ff503fe368e4802061be159dfb42b (diff)
downloadprofani-tty-0fb27dc4961608eb9b088ca659eb087dd2c1cae7.tar.gz
Add OMEMO message encryption and decryption
Diffstat (limited to 'src/omemo')
-rw-r--r--src/omemo/crypto.c194
-rw-r--r--src/omemo/crypto.h14
-rw-r--r--src/omemo/omemo.c172
-rw-r--r--src/omemo/omemo.h12
-rw-r--r--src/omemo/store.c12
5 files changed, 374 insertions, 30 deletions
diff --git a/src/omemo/crypto.c b/src/omemo/crypto.c
index a986c729..73b2ba0d 100644
--- a/src/omemo/crypto.c
+++ b/src/omemo/crypto.c
@@ -2,7 +2,9 @@
 #include <signal/signal_protocol.h>
 #include <signal/signal_protocol_types.h>
 #include <sodium.h>
+#include <gcrypt.h>
 
+#include "omemo/omemo.h"
 #include "omemo/crypto.h"
 
 int
@@ -12,10 +14,12 @@ omemo_crypto_init(void)
         return -1;
     }
 
-    if (crypto_aead_aes256gcm_is_available() == 0) {
+    if (!gcry_check_version(GCRYPT_VERSION)) {
         return -1;
     }
 
+    gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0);
+
     return 0;
 }
 
@@ -96,41 +100,195 @@ int
 omemo_encrypt_func(signal_buffer **output, int cipher, const uint8_t *key, size_t key_len, const uint8_t *iv, size_t iv_len,
     const uint8_t *plaintext, size_t plaintext_len, void *user_data)
 {
+    gcry_cipher_hd_t hd;
+    unsigned char *padded_plaintext;
     unsigned char *ciphertext;
-    unsigned long long ciphertext_len;
+    size_t ciphertext_len;
+    int mode;
+    int algo;
+    uint8_t padding = 0;
+
+    switch (key_len) {
+        case 32:
+            algo = GCRY_CIPHER_AES256;
+            break;
+        default:
+            return OMEMO_ERR_UNSUPPORTED_CRYPTO;
+    }
 
-    assert(cipher != SG_CIPHER_AES_GCM_NOPADDING);
-    assert(key_len == crypto_aead_aes256gcm_KEYBYTES);
-    assert(iv_len == crypto_aead_aes256gcm_NPUBBYTES);
+    switch (cipher) {
+        case SG_CIPHER_AES_CBC_PKCS5:
+            mode = GCRY_CIPHER_MODE_CBC;
+            break;
+        default:
+            return OMEMO_ERR_UNSUPPORTED_CRYPTO;
+    }
 
-    ciphertext = malloc(plaintext_len + crypto_aead_aes256gcm_ABYTES);
-    crypto_aead_aes256gcm_encrypt(ciphertext, &ciphertext_len, plaintext, plaintext_len, NULL, 0, NULL, iv, key);
+    gcry_cipher_open(&hd, algo, mode, GCRY_CIPHER_SECURE);
+
+    gcry_cipher_setkey(hd, key, key_len);
+
+    switch (cipher) {
+        case SG_CIPHER_AES_CBC_PKCS5:
+            gcry_cipher_setiv(hd, iv, iv_len);
+            padding = 16 - (plaintext_len % 16);
+            break;
+        default:
+            assert(FALSE);
+    }
+
+    padded_plaintext = malloc(plaintext_len + padding);
+    memcpy(padded_plaintext, plaintext, plaintext_len);
+    memset(padded_plaintext + plaintext_len, padding, padding);
+
+    ciphertext_len = plaintext_len + padding;
+    ciphertext = malloc(ciphertext_len);
+    gcry_cipher_encrypt(hd, ciphertext, ciphertext_len, padded_plaintext, plaintext_len + padding);
 
     *output = signal_buffer_create(ciphertext, ciphertext_len);
+    free(padded_plaintext);
     free(ciphertext);
 
-    return 0;
+    gcry_cipher_close(hd);
+
+    return SG_SUCCESS;
 }
 
 int
 omemo_decrypt_func(signal_buffer **output, int cipher, const uint8_t *key, size_t key_len, const uint8_t *iv, size_t iv_len,
     const uint8_t *ciphertext, size_t ciphertext_len, void *user_data)
 {
+    int ret = SG_SUCCESS;
+    gcry_cipher_hd_t hd;
     unsigned char *plaintext;
-    unsigned long long plaintext_len;
+    size_t plaintext_len;
+    int mode;
+    int algo;
+    uint8_t padding = 0;
 
-    assert(cipher != SG_CIPHER_AES_GCM_NOPADDING);
-    assert(key_len == crypto_aead_aes256gcm_KEYBYTES);
-    assert(iv_len == crypto_aead_aes256gcm_NPUBBYTES);
+    switch (key_len) {
+        case 32:
+            algo = GCRY_CIPHER_AES256;
+            break;
+        default:
+            return OMEMO_ERR_UNSUPPORTED_CRYPTO;
+    }
 
-    plaintext = malloc(ciphertext_len - crypto_aead_aes256gcm_ABYTES);
-    if (crypto_aead_aes256gcm_decrypt(plaintext, &plaintext_len, NULL, ciphertext, ciphertext_len, NULL, 0, iv, key) < 0) {
-        free(plaintext);
-        return -1;
+    switch (cipher) {
+        case SG_CIPHER_AES_CBC_PKCS5:
+            mode = GCRY_CIPHER_MODE_CBC;
+            break;
+        default:
+            return OMEMO_ERR_UNSUPPORTED_CRYPTO;
     }
 
-    *output = signal_buffer_create(plaintext, plaintext_len);
+    gcry_cipher_open(&hd, algo, mode, GCRY_CIPHER_SECURE);
+
+    gcry_cipher_setkey(hd, key, key_len);
+
+    switch (cipher) {
+        case SG_CIPHER_AES_CBC_PKCS5:
+            gcry_cipher_setiv(hd, iv, iv_len);
+            break;
+        default:
+            assert(FALSE);
+    }
+
+    plaintext_len = ciphertext_len;
+    plaintext = malloc(plaintext_len);
+    gcry_cipher_decrypt(hd, plaintext, plaintext_len, ciphertext, ciphertext_len);
+
+    switch (cipher) {
+        case SG_CIPHER_AES_CBC_PKCS5:
+            padding = plaintext[plaintext_len - 1];
+            break;
+        default:
+            assert(FALSE);
+    }
+
+    int i;
+    for (i = 0; i < padding; i++) {
+        if (plaintext[plaintext_len - 1 - i] != padding) {
+            ret = SG_ERR_UNKNOWN;
+            goto out;
+        }
+    }
+
+    *output = signal_buffer_create(plaintext, plaintext_len - padding);
+
+out:
     free(plaintext);
 
-    return 0;
+    gcry_cipher_close(hd);
+
+    return ret;
+}
+
+int
+aes128gcm_encrypt(unsigned char *ciphertext, size_t *ciphertext_len, const unsigned char *const plaintext, size_t plaintext_len, const unsigned char *const iv, const unsigned char *const key)
+{
+    gcry_error_t res;
+    gcry_cipher_hd_t hd;
+
+    res = gcry_cipher_open(&hd, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_GCM, GCRY_CIPHER_SECURE);
+    if (res != GPG_ERR_NO_ERROR) {
+        goto out;
+    }
+    res = gcry_cipher_setkey(hd, key, AES128_GCM_KEY_LENGTH);
+    if (res != GPG_ERR_NO_ERROR) {
+        goto out;
+    }
+    res = gcry_cipher_setiv(hd, iv, AES128_GCM_IV_LENGTH);
+    if (res != GPG_ERR_NO_ERROR) {
+        goto out;
+    }
+
+    res = gcry_cipher_encrypt(hd, ciphertext, *ciphertext_len, plaintext, plaintext_len);
+    if (res != GPG_ERR_NO_ERROR) {
+        goto out;
+    }
+
+    res = gcry_cipher_gettag(hd, ciphertext + plaintext_len, AES128_GCM_TAG_LENGTH);
+    if (res != GPG_ERR_NO_ERROR) {
+        goto out;
+    }
+
+out:
+    gcry_cipher_close(hd);
+    return res;
+}
+
+int
+aes128gcm_decrypt(unsigned char *plaintext, size_t *plaintext_len, const unsigned char *const ciphertext, size_t ciphertext_len, const unsigned char *const iv, const unsigned char *const key)
+{
+    gcry_error_t res;
+    gcry_cipher_hd_t hd;
+
+    res = gcry_cipher_open(&hd, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_GCM, GCRY_CIPHER_SECURE);
+    if (res != GPG_ERR_NO_ERROR) {
+        goto out;
+    }
+
+    res = gcry_cipher_setkey(hd, key, AES128_GCM_KEY_LENGTH);
+    if (res != GPG_ERR_NO_ERROR) {
+        goto out;
+    }
+
+    res = gcry_cipher_setiv(hd, iv, AES128_GCM_IV_LENGTH);
+    if (res != GPG_ERR_NO_ERROR) {
+        goto out;
+    }
+
+    res = gcry_cipher_decrypt(hd, plaintext, *plaintext_len, ciphertext, ciphertext_len);
+    if (res != GPG_ERR_NO_ERROR) {
+        goto out;
+    }
+    //res = gcry_cipher_checktag(hd, ciphertext + ciphertext_len - AES128_GCM_TAG_LENGTH, AES128_GCM_TAG_LENGTH);
+    //if (res != GPG_ERR_NO_ERROR) {
+    //    goto out;
+    //}
+
+out:
+    gcry_cipher_close(hd);
+    return res;
 }
diff --git a/src/omemo/crypto.h b/src/omemo/crypto.h
index 759cef69..35c5d72a 100644
--- a/src/omemo/crypto.h
+++ b/src/omemo/crypto.h
@@ -1,6 +1,8 @@
 #include <signal/signal_protocol_types.h>
 
-#define SG_CIPHER_AES_GCM_NOPADDING 1000
+#define AES128_GCM_KEY_LENGTH 16
+#define AES128_GCM_IV_LENGTH 16
+#define AES128_GCM_TAG_LENGTH 16
 
 int omemo_crypto_init(void);
 /**
@@ -134,3 +136,13 @@ int omemo_decrypt_func(signal_buffer **output,
     const uint8_t *iv, size_t iv_len,
     const uint8_t *ciphertext, size_t ciphertext_len,
     void *user_data);
+
+int aes128gcm_encrypt(unsigned char *ciphertext,
+    size_t *ciphertext_len, const unsigned char *const cleartext,
+    size_t cleatext_len, const unsigned char *const iv,
+    const unsigned char *const key);
+
+int aes128gcm_decrypt(unsigned char *plaintext,
+    size_t *plaintext_len, const unsigned char *const ciphertext,
+    size_t ciphertext_len, const unsigned char *const iv,
+    const unsigned char *const key);
diff --git a/src/omemo/omemo.c b/src/omemo/omemo.c
index 95de1aa2..a9860851 100644
--- a/src/omemo/omemo.c
+++ b/src/omemo/omemo.c
@@ -3,8 +3,10 @@
 #include <glib.h>
 #include <pthread.h>
 #include <signal/key_helper.h>
+#include <signal/protocol.h>
 #include <signal/signal_protocol.h>
 #include <signal/session_builder.h>
+#include <signal/session_cipher.h>
 #include <sodium.h>
 
 #include "config/account.h"
@@ -21,6 +23,7 @@ static gboolean loaded;
 
 static void lock(void *user_data);
 static void unlock(void *user_data);
+static void omemo_log(int level, const char *message, size_t len, void *user_data);
 
 struct omemo_context_t {
     pthread_mutexattr_t attr;
@@ -37,6 +40,7 @@ struct omemo_context_t {
     GHashTable *pre_key_store;
     GHashTable *signed_pre_key_store;
     identity_key_store_t identity_key_store;
+    GHashTable *device_ids;
 };
 
 static omemo_context omemo_ctx;
@@ -73,6 +77,10 @@ omemo_init(void)
         return;
     }
 
+    if (signal_context_set_log_function(omemo_ctx.signal, omemo_log) != 0) {
+        cons_show("Error initializing OMEMO log");
+    }
+
     if (signal_context_set_crypto_provider(omemo_ctx.signal, &crypto_provider) != 0) {
         cons_show("Error initializing OMEMO crypto");
         return;
@@ -123,6 +131,8 @@ omemo_init(void)
         .get_local_registration_id = get_local_registration_id,
         .save_identity = save_identity,
         .is_trusted_identity = is_trusted_identity,
+        .destroy_func = NULL,
+        .user_data = &omemo_ctx.identity_key_store
     };
     signal_protocol_store_context_set_identity_key_store(omemo_ctx.store, &identity_key_store);
 
@@ -148,6 +158,9 @@ omemo_generate_crypto_materials(ProfAccount *account)
     unsigned long long timestamp = (unsigned long long)(tv.tv_sec) * 1000 + (unsigned long long)(tv.tv_usec) / 1000;
     signal_protocol_key_helper_generate_signed_pre_key(&omemo_ctx.signed_pre_key, omemo_ctx.identity_key_pair, 5, timestamp, omemo_ctx.signal);
 
+    ec_public_key_serialize(&omemo_ctx.identity_key_store.public, ratchet_identity_key_pair_get_public(omemo_ctx.identity_key_pair));
+    ec_private_key_serialize(&omemo_ctx.identity_key_store.private, ratchet_identity_key_pair_get_private(omemo_ctx.identity_key_pair));
+
     loaded = TRUE;
 
     /* Ensure we get our current device list, and it gets updated with our
@@ -191,7 +204,7 @@ omemo_identity_key(unsigned char **output, size_t *length)
     ec_public_key_serialize(&buffer, ratchet_identity_key_pair_get_public(omemo_ctx.identity_key_pair));
     *length = signal_buffer_len(buffer);
     *output = malloc(*length);
-    memcpy(*output, signal_buffer_const_data(buffer), *length);
+    memcpy(*output, signal_buffer_data(buffer), *length);
     signal_buffer_free(buffer);
 }
 
@@ -202,7 +215,7 @@ omemo_signed_prekey(unsigned char **output, size_t *length)
     ec_public_key_serialize(&buffer, ec_key_pair_get_public(session_signed_pre_key_get_key_pair(omemo_ctx.signed_pre_key)));
     *length = signal_buffer_len(buffer);
     *output = malloc(*length);
-    memcpy(*output, signal_buffer_const_data(buffer), *length);
+    memcpy(*output, signal_buffer_data(buffer), *length);
     signal_buffer_free(buffer);
 }
 
@@ -224,7 +237,7 @@ omemo_prekeys(GList **prekeys, GList **ids, GList **lengths)
         ec_public_key_serialize(&buffer, ec_key_pair_get_public(session_pre_key_get_key_pair(prekey)));
         size_t length = signal_buffer_len(buffer);
         unsigned char *prekey_value = malloc(length);
-        memcpy(prekey_value, signal_buffer_const_data(buffer), length);
+        memcpy(prekey_value, signal_buffer_data(buffer), length);
         signal_buffer_free(buffer);
         *prekeys = g_list_append(*prekeys, prekey_value);
         *ids = g_list_append(*ids, GINT_TO_POINTER(session_pre_key_get_id(prekey)));
@@ -257,12 +270,15 @@ omemo_start_device_session(const char *const jid, uint32_t device_id,
     size_t identity_key_len)
 {
     session_pre_key_bundle *bundle;
-    signal_protocol_address address = {
-        jid, strlen(jid), device_id
-    };
+    signal_protocol_address *address;
+
+    address = malloc(sizeof(signal_protocol_address));
+    address->name = strdup(jid);
+    address->name_len = strlen(jid);
+    address->device_id = device_id;
 
     session_builder *builder;
-    session_builder_create(&builder, omemo_ctx.store, &address, omemo_ctx.signal);
+    session_builder_create(&builder, omemo_ctx.store, address, omemo_ctx.signal);
 
     ec_public_key *prekey;
     curve_decode_point(&prekey, prekey_raw, prekey_len, omemo_ctx.signal);
@@ -275,6 +291,142 @@ omemo_start_device_session(const char *const jid, uint32_t device_id,
     session_builder_process_pre_key_bundle(builder, bundle);
 }
 
+gboolean
+omemo_on_message_send(ProfChatWin *chatwin, const char *const message, gboolean request_receipt)
+{
+    int res;
+    xmpp_ctx_t * const ctx = connection_get_ctx();
+    char *barejid = xmpp_jid_bare(ctx, session_get_account_name());
+    GList *device_ids = NULL;
+
+    GList *recipient_device_id = g_hash_table_lookup(omemo_ctx.device_list, chatwin->barejid);
+    if (!recipient_device_id) {
+        return FALSE;
+    }
+    device_ids = g_list_copy(recipient_device_id);
+
+    GList *sender_device_id = g_hash_table_lookup(omemo_ctx.device_list, barejid);
+    device_ids = g_list_concat(device_ids, g_list_copy(sender_device_id));
+
+    /* TODO generate fresh AES-GCM materials */
+    /* TODO encrypt message */
+    unsigned char *key;
+    unsigned char *iv;
+    unsigned char *ciphertext;
+    size_t ciphertext_len;
+
+    key = sodium_malloc(AES128_GCM_KEY_LENGTH);
+    iv = sodium_malloc(AES128_GCM_IV_LENGTH);
+    ciphertext_len = strlen(message) + AES128_GCM_TAG_LENGTH;
+    ciphertext = malloc(ciphertext_len);
+
+    randombytes_buf(key, 16);
+    randombytes_buf(iv, 16);
+
+    res = aes128gcm_encrypt(ciphertext, &ciphertext_len, (const unsigned char * const)message, strlen(message), iv, key);
+    if (res != 0) {
+        return FALSE;
+    }
+
+    GList *keys = NULL;
+    GList *device_ids_iter;
+    for (device_ids_iter = device_ids; device_ids_iter != NULL; device_ids_iter = device_ids_iter->next) {
+        int res;
+        ciphertext_message *ciphertext;
+        session_cipher *cipher;
+        signal_protocol_address address = {
+            chatwin->barejid, strlen(chatwin->barejid), GPOINTER_TO_INT(device_ids_iter->data)
+        };
+
+        res = session_cipher_create(&cipher, omemo_ctx.store, &address, omemo_ctx.signal);
+        if (res != 0) {
+            continue;
+        }
+
+        res = session_cipher_encrypt(cipher, key, AES128_GCM_KEY_LENGTH, &ciphertext);
+        if (res != 0) {
+            continue;
+        }
+        signal_buffer *buffer = ciphertext_message_get_serialized(ciphertext);
+        omemo_key_t *key = malloc(sizeof(omemo_key_t));
+        key->data = signal_buffer_data(buffer);
+        key->length = signal_buffer_len(buffer);
+        key->device_id = GPOINTER_TO_INT(device_ids_iter->data);
+        key->prekey = TRUE;
+        keys = g_list_append(keys, key);
+    }
+
+    char *id = message_send_chat_omemo(chatwin->barejid, omemo_ctx.device_id, keys, iv, AES128_GCM_IV_LENGTH, ciphertext, ciphertext_len, request_receipt);
+    chat_log_omemo_msg_out(chatwin->barejid, message);
+    chatwin_outgoing_msg(chatwin, message, id, PROF_MSG_OMEMO, request_receipt);
+
+    free(id);
+    g_list_free_full(keys, free);
+    free(ciphertext);
+    sodium_free(key);
+    sodium_free(iv);
+    g_list_free(device_ids);
+
+    return TRUE;
+}
+
+char *
+omemo_on_message_recv(const char *const from, uint32_t sid,
+    const unsigned char *const iv, size_t iv_len, GList *keys,
+    const unsigned char *const payload, size_t payload_len)
+{
+    int res;
+    GList *key_iter;
+    omemo_key_t *key = NULL;
+    for (key_iter = keys; key_iter != NULL; key_iter = key_iter->next) {
+        if (((omemo_key_t *)key_iter->data)->device_id == omemo_ctx.device_id) {
+            key = key_iter->data;
+            break;
+        }
+    }
+
+    if (!key) {
+        return NULL;
+    }
+
+    session_cipher *cipher;
+    signal_buffer *plaintext_key;
+    signal_protocol_address address = {
+        from, strlen(from), sid
+    };
+
+    res = session_cipher_create(&cipher, omemo_ctx.store, &address, omemo_ctx.signal);
+    if (res != 0) {
+        return NULL;
+    }
+
+    if (key->prekey) {
+        pre_key_signal_message *message;
+        pre_key_signal_message_deserialize(&message, key->data, key->length, omemo_ctx.signal);
+        res = session_cipher_decrypt_pre_key_signal_message(cipher, message, NULL, &plaintext_key);
+    } else {
+        signal_message *message;
+        signal_message_deserialize(&message, key->data, key->length, omemo_ctx.signal);
+        res = session_cipher_decrypt_signal_message(cipher, message, NULL, &plaintext_key);
+    }
+    if (res != 0) {
+        return NULL;
+    }
+
+    size_t plaintext_len = payload_len;
+    unsigned char *plaintext = malloc(plaintext_len + 1);
+    res = aes128gcm_decrypt(plaintext, &plaintext_len, payload, payload_len, iv, signal_buffer_data(plaintext_key));
+    if (res != 0) {
+        free(plaintext);
+        return NULL;
+    }
+
+    plaintext[plaintext_len] = '\0';
+
+    return (char *)plaintext;
+
+}
+
 static void
 lock(void *user_data)
 {
@@ -288,3 +440,9 @@ unlock(void *user_data)
     omemo_context *ctx = (omemo_context *)user_data;
     pthread_mutex_unlock(&ctx->lock);
 }
+
+static void
+omemo_log(int level, const char *message, size_t len, void *user_data)
+{
+        cons_show(message);
+}
diff --git a/src/omemo/omemo.h b/src/omemo/omemo.h
index bf42b3e3..eb9569a3 100644
--- a/src/omemo/omemo.h
+++ b/src/omemo/omemo.h
@@ -1,9 +1,19 @@
 #include <glib.h>
 
+#include "ui/ui.h"
 #include "config/account.h"
 
+#define OMEMO_ERR_UNSUPPORTED_CRYPTO -10000
+
 typedef struct omemo_context_t omemo_context;
 
+typedef struct omemo_key {
+    const unsigned char *data;
+    size_t length;
+    gboolean prekey;
+    uint32_t device_id;
+} omemo_key_t;
+
 void omemo_init(void);
 void omemo_generate_crypto_materials(ProfAccount *account);
 
@@ -18,3 +28,5 @@ void omemo_start_session(const char *const barejid);
 void omemo_start_device_session(const char *const jid, uint32_t device_id, uint32_t prekey_id, const unsigned char *const prekey, size_t prekey_len, uint32_t signed_prekey_id, const unsigned char *const signed_prekey, size_t signed_prekey_len, const unsigned char *const signature, size_t signature_len, const unsigned char *const identity_key, size_t identity_key_len);
 
 gboolean omemo_loaded(void);
+gboolean omemo_on_message_send(ProfChatWin *chatwin, const char *const message, gboolean request_receipt);
+char * omemo_on_message_recv(const char *const from, uint32_t sid, const unsigned char *const iv, size_t iv_len, GList *keys, const unsigned char *const payload, size_t payload_len);
diff --git a/src/omemo/store.c b/src/omemo/store.c
index 384eb9ce..ab8cd81b 100644
--- a/src/omemo/store.c
+++ b/src/omemo/store.c
@@ -39,12 +39,16 @@ load_session(signal_buffer **record, const signal_protocol_address *address,
     device_store = g_hash_table_lookup(session_store, address->name);
     if (!device_store) {
         *record = NULL;
-        return SG_SUCCESS;
+        return 0;
     }
 
     signal_buffer *original = g_hash_table_lookup(device_store, GINT_TO_POINTER(address->device_id));
+    if (!original) {
+        *record = NULL;
+        return 0;
+    }
     *record = signal_buffer_copy(original);
-    return SG_SUCCESS;
+    return 1;
 }
 
 int
@@ -208,8 +212,8 @@ get_identity_key_pair(signal_buffer **public_data, signal_buffer **private_data,
 {
     identity_key_store_t *identity_key_store = (identity_key_store_t *)user_data;
 
-    *public_data = identity_key_store->public;
-    *private_data = identity_key_store->private;
+    *public_data = signal_buffer_copy(identity_key_store->public);
+    *private_data = signal_buffer_copy(identity_key_store->private);
 
     return SG_SUCCESS;
 }