diff options
Diffstat (limited to 'src/omemo')
-rw-r--r-- | src/omemo/crypto.c | 136 | ||||
-rw-r--r-- | src/omemo/crypto.h | 136 | ||||
-rw-r--r-- | src/omemo/omemo.c | 34 | ||||
-rw-r--r-- | src/omemo/omemo.h | 3 |
4 files changed, 307 insertions, 2 deletions
diff --git a/src/omemo/crypto.c b/src/omemo/crypto.c new file mode 100644 index 00000000..a986c729 --- /dev/null +++ b/src/omemo/crypto.c @@ -0,0 +1,136 @@ +#include <assert.h> +#include <signal/signal_protocol.h> +#include <signal/signal_protocol_types.h> +#include <sodium.h> + +#include "omemo/crypto.h" + +int +omemo_crypto_init(void) +{ + if (sodium_init() < 0) { + return -1; + } + + if (crypto_aead_aes256gcm_is_available() == 0) { + return -1; + } + + return 0; +} + +int +omemo_random_func(uint8_t *data, size_t len, void *user_data) +{ + randombytes_buf(data, len); + return 0; +} + +int +omemo_hmac_sha256_init_func(void **hmac_context, const uint8_t *key, size_t key_len, void *user_data) +{ + *hmac_context = sodium_malloc(sizeof(crypto_auth_hmacsha256_state)); + return crypto_auth_hmacsha256_init(*hmac_context, key, key_len); +} + +int +omemo_hmac_sha256_update_func(void *hmac_context, const uint8_t *data, size_t data_len, void *user_data) +{ + return crypto_auth_hmacsha256_update(hmac_context, data, data_len); +} + +int +omemo_hmac_sha256_final_func(void *hmac_context, signal_buffer **output, void *user_data) +{ + int ret; + unsigned char out[crypto_auth_hmacsha256_BYTES]; + + if ((ret = crypto_auth_hmacsha256_final(hmac_context, out)) != 0) { + return ret; + } + + *output = signal_buffer_create(out, crypto_auth_hmacsha256_BYTES); + return 0; +} + +void +omemo_hmac_sha256_cleanup_func(void *hmac_context, void *user_data) +{ + sodium_free(hmac_context); +} + +int +omemo_sha512_digest_init_func(void **digest_context, void *user_data) +{ + *digest_context = sodium_malloc(sizeof(crypto_hash_sha512_state)); + return crypto_hash_sha512_init(*digest_context); +} + +int +omemo_sha512_digest_update_func(void *digest_context, const uint8_t *data, size_t data_len, void *user_data) +{ + return crypto_hash_sha512_update(digest_context, data, data_len); +} + +int +omemo_sha512_digest_final_func(void *digest_context, signal_buffer **output, void *user_data) +{ + int ret; + unsigned char out[crypto_hash_sha512_BYTES]; + + if ((ret = crypto_hash_sha512_final(digest_context, out)) != 0) { + return ret; + } + + *output = signal_buffer_create(out, crypto_hash_sha512_BYTES); + return 0; +} + +void +omemo_sha512_digest_cleanup_func(void *digest_context, void *user_data) +{ + sodium_free(digest_context); +} + +int +omemo_encrypt_func(signal_buffer **output, int cipher, const uint8_t *key, size_t key_len, const uint8_t *iv, size_t iv_len, + const uint8_t *plaintext, size_t plaintext_len, void *user_data) +{ + unsigned char *ciphertext; + unsigned long long ciphertext_len; + + assert(cipher != SG_CIPHER_AES_GCM_NOPADDING); + assert(key_len == crypto_aead_aes256gcm_KEYBYTES); + assert(iv_len == crypto_aead_aes256gcm_NPUBBYTES); + + ciphertext = malloc(plaintext_len + crypto_aead_aes256gcm_ABYTES); + crypto_aead_aes256gcm_encrypt(ciphertext, &ciphertext_len, plaintext, plaintext_len, NULL, 0, NULL, iv, key); + + *output = signal_buffer_create(ciphertext, ciphertext_len); + free(ciphertext); + + return 0; +} + +int +omemo_decrypt_func(signal_buffer **output, int cipher, const uint8_t *key, size_t key_len, const uint8_t *iv, size_t iv_len, + const uint8_t *ciphertext, size_t ciphertext_len, void *user_data) +{ + unsigned char *plaintext; + unsigned long long plaintext_len; + + assert(cipher != SG_CIPHER_AES_GCM_NOPADDING); + assert(key_len == crypto_aead_aes256gcm_KEYBYTES); + assert(iv_len == crypto_aead_aes256gcm_NPUBBYTES); + + plaintext = malloc(ciphertext_len - crypto_aead_aes256gcm_ABYTES); + if (crypto_aead_aes256gcm_decrypt(plaintext, &plaintext_len, NULL, ciphertext, ciphertext_len, NULL, 0, iv, key) < 0) { + free(plaintext); + return -1; + } + + *output = signal_buffer_create(plaintext, plaintext_len); + free(plaintext); + + return 0; +} diff --git a/src/omemo/crypto.h b/src/omemo/crypto.h new file mode 100644 index 00000000..759cef69 --- /dev/null +++ b/src/omemo/crypto.h @@ -0,0 +1,136 @@ +#include <signal/signal_protocol_types.h> + +#define SG_CIPHER_AES_GCM_NOPADDING 1000 + +int omemo_crypto_init(void); +/** +* Callback for a secure random number generator. +* This function shall fill the provided buffer with random bytes. +* +* @param data pointer to the output buffer +* @param len size of the output buffer +* @return 0 on success, negative on failure +*/ +int omemo_random_func(uint8_t *data, size_t len, void *user_data); + +/** +* Callback for an HMAC-SHA256 implementation. +* This function shall initialize an HMAC context with the provided key. +* +* @param hmac_context private HMAC context pointer +* @param key pointer to the key +* @param key_len length of the key +* @return 0 on success, negative on failure +*/ +int omemo_hmac_sha256_init_func(void **hmac_context, const uint8_t *key, size_t key_len, void *user_data); + +/** +* Callback for an HMAC-SHA256 implementation. +* This function shall update the HMAC context with the provided data +* +* @param hmac_context private HMAC context pointer +* @param data pointer to the data +* @param data_len length of the data +* @return 0 on success, negative on failure +*/ +int omemo_hmac_sha256_update_func(void *hmac_context, const uint8_t *data, size_t data_len, void *user_data); + +/** +* Callback for an HMAC-SHA256 implementation. +* This function shall finalize an HMAC calculation and populate the output +* buffer with the result. +* +* @param hmac_context private HMAC context pointer +* @param output buffer to be allocated and populated with the result +* @return 0 on success, negative on failure +*/ +int omemo_hmac_sha256_final_func(void *hmac_context, signal_buffer **output, void *user_data); + +/** +* Callback for an HMAC-SHA256 implementation. +* This function shall free the private context allocated in +* hmac_sha256_init_func. +* +* @param hmac_context private HMAC context pointer +*/ +void omemo_hmac_sha256_cleanup_func(void *hmac_context, void *user_data); + +/** +* Callback for a SHA512 message digest implementation. +* This function shall initialize a digest context. +* +* @param digest_context private digest context pointer +* @return 0 on success, negative on failure +*/ +int omemo_sha512_digest_init_func(void **digest_context, void *user_data); + +/** +* Callback for a SHA512 message digest implementation. +* This function shall update the digest context with the provided data. +* +* @param digest_context private digest context pointer +* @param data pointer to the data +* @param data_len length of the data +* @return 0 on success, negative on failure +*/ +int omemo_sha512_digest_update_func(void *digest_context, const uint8_t *data, size_t data_len, void *user_data); + +/** +* Callback for a SHA512 message digest implementation. +* This function shall finalize the digest calculation, populate the +* output buffer with the result, and prepare the context for reuse. +* +* @param digest_context private digest context pointer +* @param output buffer to be allocated and populated with the result +* @return 0 on success, negative on failure +*/ +int omemo_sha512_digest_final_func(void *digest_context, signal_buffer **output, void *user_data); + +/** +* Callback for a SHA512 message digest implementation. +* This function shall free the private context allocated in +* sha512_digest_init_func. +* +* @param digest_context private digest context pointer +*/ +void omemo_sha512_digest_cleanup_func(void *digest_context, void *user_data); + +/** +* Callback for an AES encryption implementation. +* +* @param output buffer to be allocated and populated with the ciphertext +* @param cipher specific cipher variant to use, either SG_CIPHER_AES_CTR_NOPADDING or SG_CIPHER_AES_CBC_PKCS5 +* @param key the encryption key +* @param key_len length of the encryption key +* @param iv the initialization vector +* @param iv_len length of the initialization vector +* @param plaintext the plaintext to encrypt +* @param plaintext_len length of the plaintext +* @return 0 on success, negative on failure +*/ +int omemo_encrypt_func(signal_buffer **output, + int cipher, + const uint8_t *key, size_t key_len, + const uint8_t *iv, size_t iv_len, + const uint8_t *plaintext, size_t plaintext_len, + void *user_data); + +/** +* Callback for an AES decryption implementation. +* +* @param output buffer to be allocated and populated with the plaintext +* @param cipher specific cipher variant to use, either SG_CIPHER_AES_CTR_NOPADDING or SG_CIPHER_AES_CBC_PKCS5 +* @param key the encryption key +* @param key_len length of the encryption key +* @param iv the initialization vector +* @param iv_len length of the initialization vector +* @param ciphertext the ciphertext to decrypt +* @param ciphertext_len length of the ciphertext +* @return 0 on success, negative on failure +*/ +int omemo_decrypt_func(signal_buffer **output, + int cipher, + const uint8_t *key, size_t key_len, + const uint8_t *iv, size_t iv_len, + const uint8_t *ciphertext, size_t ciphertext_len, + void *user_data); diff --git a/src/omemo/omemo.c b/src/omemo/omemo.c index a0da5639..871f3bfc 100644 --- a/src/omemo/omemo.c +++ b/src/omemo/omemo.c @@ -1,10 +1,40 @@ #include <signal/signal_protocol.h> #include "config/account.h" +#include "ui/ui.h" +#include "omemo/crypto.h" void omemo_init(ProfAccount *account) { - signal_context *global_context; - signal_context_create(&global_context, NULL); + signal_context *global_context; + signal_crypto_provider crypto_provider = { + .random_func = omemo_random_func, + .hmac_sha256_init_func = omemo_hmac_sha256_init_func, + .hmac_sha256_update_func = omemo_hmac_sha256_update_func, + .hmac_sha256_final_func = omemo_hmac_sha256_final_func, + .hmac_sha256_cleanup_func = omemo_hmac_sha256_cleanup_func, + .sha512_digest_init_func = omemo_sha512_digest_init_func, + .sha512_digest_update_func = omemo_sha512_digest_update_func, + .sha512_digest_final_func = omemo_sha512_digest_final_func, + .sha512_digest_cleanup_func = omemo_sha512_digest_cleanup_func, + .encrypt_func = omemo_encrypt_func, + .decrypt_func = omemo_decrypt_func, + .user_data = NULL + }; + + if (omemo_crypto_init() != 0) { + cons_show("Error initializing Omemo crypto"); + } + + if (signal_context_create(&global_context, NULL) != 0) { + cons_show("Error initializing Omemo context"); + return; + } + + if (signal_context_set_crypto_provider(global_context, &crypto_provider) != 0) { + cons_show("Error initializing Omemo crypto"); + return; + } + //signal_context_set_locking_functions(global_context, lock_function, unlock_function); } diff --git a/src/omemo/omemo.h b/src/omemo/omemo.h new file mode 100644 index 00000000..2ca1c221 --- /dev/null +++ b/src/omemo/omemo.h @@ -0,0 +1,3 @@ +#include "config/account.h" + +void omemo_init(ProfAccount *account); |