END_TEST

START_TEST(test_unique_signatures)
{
    int result;
    size_t i;
    size_t r;
    ec_key_pair *key_pair = 0;
    uint8_t *message = 0;
    signal_buffer *signature = 0;
    signal_buffer *vrf_output = 0;

    result = curve_generate_key_pair(global_context, &key_pair);
    ck_assert_int_eq(result, 0);

    message = malloc(256);
    ck_assert_ptr_ne(message, 0);

    for(i = 1; i <= 256; i++) {
        result = signal_crypto_random(global_context, message, i);
        ck_assert_int_eq(result, 0);

        result = curve_calculate_vrf_signature(global_context, &signature,
                ec_key_pair_get_private(key_pair), message, i);
        ck_assert_int_eq(result, 0);

        result = curve_verify_vrf_signature(global_context, &vrf_output,
                ec_key_pair_get_public(key_pair), message, i,
                signal_buffer_data(signature), signal_buffer_len(signature));
        ck_assert_int_eq(result, 0);

        result = curve_verify_signature(
                ec_key_pair_get_public(key_pair), message, i,
                signal_buffer_data(signature), signal_buffer_len(signature));
        ck_assert_int_ne(result, 0);

        signal_buffer_free(vrf_output);

        result = signal_crypto_random(global_context, (uint8_t *)&r, sizeof(size_t));
        ck_assert_int_eq(result, 0);

        message[r % i] ^= 0x01;

        result = curve_verify_vrf_signature(global_context, &vrf_output,
                ec_key_pair_get_public(key_pair), message, i,
                signal_buffer_data(signature), signal_buffer_len(signature));
        ck_assert_int_eq(result, SG_ERR_VRF_SIG_VERIF_FAILED);

        signal_buffer_free(signature);
    }

    /* Cleanup */
    SIGNAL_UNREF(key_pair);
    if(message) {
        free(message);
    }
}
END_TEST

START_TEST(test_unique_signature_vector)
{
    uint8_t publicKey[] = {
            0x05,
            0x21, 0xf7, 0x34, 0x5f, 0x56, 0xd9, 0x60, 0x2f,
            0x15, 0x23, 0x29, 0x8f, 0x4f, 0x6f, 0xce, 0xcb,
            0x14, 0xdd, 0xe2, 0xd5, 0xb9, 0xa9, 0xb4, 0x8b,
            0xca, 0x82, 0x42, 0x68, 0x14, 0x92, 0xb9, 0x20};
    uint8_t privateKey[] = {
            0x38, 0x61, 0x1d, 0x25, 0x3b, 0xea, 0x85, 0xa2,
            0x03, 0x80, 0x53, 0x43, 0xb7, 0x4a, 0x93, 0x6d,
            0x3b, 0x13, 0xb9, 0xe3, 0x12, 0x14, 0x53, 0xe9,
            0x74, 0x0b, 0x6b, 0x82, 0x7e, 0x33, 0x7e, 0x5d};
    uint8_t message[] = {
            0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20,
            0x75, 0x6e, 0x69, 0x71, 0x75, 0x65, 0x2e};
    uint8_t vrf[] = {
            0x75, 0xad, 0x49, 0xbc, 0x95, 0x5f, 0x38, 0xdc,
            0xf6, 0x5f, 0xb6, 0x72, 0x08, 0x6b, 0xd5, 0x09,
            0xcb, 0x4b, 0x4c, 0x41, 0x04, 0x7d, 0xb1, 0x7e,
            0xfd, 0xaf, 0xee, 0xbc, 0x33, 0x03, 0x71, 0xe6};

    int result;
    ec_public_key *public_key = 0;
    ec_private_key *private_key = 0;
    signal_buffer *signature = 0;
    signal_buffer *vrf_output = 0;

    result = curve_decode_point(&public_key, publicKey, sizeof(publicKey), global_context);
    ck_assert_int_eq(result, 0);

    result = curve_decode_private_point(&private_key, privateKey, sizeof(privateKey), global_context);
    ck_assert_int_eq(result, 0);

    result = curve_calculate_vrf_signature(global_context, &signature,
            private_key, message, sizeof(message));
    ck_assert_int_eq(result, 0);

    result = curve_verify_vrf_signature(global_context, &vrf_output,
            public_key, message, sizeof(message),
            signal_buffer_data(signature), signal_buffer_len(signature));
    ck_assert_int_eq(result, 0);

    ck_assert_int_eq(signal_buffer_len(vrf_output), sizeof(vrf));
    ck_assert_int_eq(memcmp(signal_buffer_data(vrf_output), vrf, sizeof(vrf)), 0);

    /* Cleanup */
    signal_buffer_free(signature);
    signal_buffer_free(vrf_output);
    SIGNAL_UNREF(public_key);
    SIGNAL_UNREF(private_key);
}
int ratchet_identity_key_pair_serialize(signal_buffer **buffer, const ratchet_identity_key_pair *key_pair)
{
    int result = 0;
    size_t result_size = 0;
    signal_buffer *result_buf = 0;
    Textsecure__IdentityKeyPairStructure key_structure = TEXTSECURE__IDENTITY_KEY_PAIR_STRUCTURE__INIT;
    size_t len = 0;
    uint8_t *data = 0;

    if(!key_pair) {
        result = SG_ERR_INVAL;
        goto complete;
    }

    result = ec_public_key_serialize_protobuf(&key_structure.publickey, key_pair->public_key);
    if(result < 0) {
        goto complete;
    }
    key_structure.has_publickey = 1;

    result = ec_private_key_serialize_protobuf(&key_structure.privatekey, key_pair->private_key);
    if(result < 0) {
        goto complete;
    }
    key_structure.has_privatekey = 1;

    len = textsecure__identity_key_pair_structure__get_packed_size(&key_structure);
    result_buf = signal_buffer_alloc(len);
    if(!result_buf) {
        result = SG_ERR_NOMEM;
        goto complete;
    }

    data = signal_buffer_data(result_buf);
    result_size = textsecure__identity_key_pair_structure__pack(&key_structure, data);
    if(result_size != len) {
        signal_buffer_free(result_buf);
        result = SG_ERR_INVALID_PROTO_BUF;
        result_buf = 0;
        goto complete;
    }

complete:
    if(key_structure.has_publickey) {
        free(key_structure.publickey.data);
    }
    if(key_structure.has_privatekey) {
        free(key_structure.privatekey.data);
    }
    if(result >= 0) {
        result = 0;
        *buffer = result_buf;
    }
    return result;
}
END_TEST

START_TEST(test_serialize_sender_key_message)
{
    int result = 0;
    sender_key_message *message = 0;
    sender_key_message *result_message = 0;
    static const char ciphertext[] = "WhisperCipherText";
    ec_key_pair *signature_key_pair = 0;

    result = curve_generate_key_pair(global_context, &signature_key_pair);
    ck_assert_int_eq(result, 0);

    result = sender_key_message_create(&message,
                                       10, /* key_id */
                                       1,  /* iteration */
                                       (uint8_t *)ciphertext, sizeof(ciphertext) - 1,
                                       ec_key_pair_get_private(signature_key_pair),
                                       global_context);
    ck_assert_int_eq(result, 0);

    result = sender_key_message_verify_signature(message, ec_key_pair_get_public(signature_key_pair));
    ck_assert_int_eq(result, 0);

    signal_buffer *serialized = ciphertext_message_get_serialized((ciphertext_message *)message);
    ck_assert_ptr_ne(serialized, 0);

    result = sender_key_message_deserialize(&result_message,
                                            signal_buffer_data(serialized),
                                            signal_buffer_len(serialized),
                                            global_context);
    ck_assert_int_eq(result, 0);

    result = sender_key_message_verify_signature(result_message, ec_key_pair_get_public(signature_key_pair));
    ck_assert_int_eq(result, 0);

    int key_id1 = sender_key_message_get_key_id(message);
    int key_id2 = sender_key_message_get_key_id(result_message);
    ck_assert_int_eq(key_id1, key_id2);

    int iteration1 = sender_key_message_get_iteration(message);
    int iteration2 = sender_key_message_get_iteration(result_message);
    ck_assert_int_eq(iteration1, iteration2);

    signal_buffer *ciphertext1 = sender_key_message_get_ciphertext(message);
    signal_buffer *ciphertext2 = sender_key_message_get_ciphertext(result_message);
    ck_assert_int_eq(signal_buffer_compare(ciphertext1, ciphertext2), 0);

    /* Cleanup */
    SIGNAL_UNREF(message);
    SIGNAL_UNREF(result_message);
    SIGNAL_UNREF(signature_key_pair);
}
Esempio n. 5
0
int device_consistency_signature_list_sort_comparator(const void *a, const void *b)
{
    int result;
    const device_consistency_signature *sig1 = *((const device_consistency_signature **)a);
    const device_consistency_signature *sig2 = *((const device_consistency_signature **)b);
    signal_buffer *buf1 = device_consistency_signature_get_vrf_output(sig1);
    signal_buffer *buf2 = device_consistency_signature_get_vrf_output(sig2);
    size_t len1 = signal_buffer_len(buf1);
    size_t len2 = signal_buffer_len(buf2);

    if(len1 == len2) {
        result = memcmp(signal_buffer_data(buf1), signal_buffer_data(buf2), len1);
    }
    else if (len1 < len2) {
        result = -1;
    } else {
        result = 1;
    }

    return result;
}
END_TEST

START_TEST(test_serialize_sender_key_distribution_message)
{
    int result = 0;
    sender_key_distribution_message *message = 0;
    sender_key_distribution_message *result_message = 0;
    static const char chain_key[] = "WhisperChainKey";
    ec_public_key *signature_key = create_test_ec_public_key(global_context);

    result = sender_key_distribution_message_create(&message,
             10, /* id */
             1,  /* iteration */
             (uint8_t *)chain_key, sizeof(chain_key) - 1,
             signature_key,
             global_context);
    ck_assert_int_eq(result, 0);

    signal_buffer *serialized = ciphertext_message_get_serialized((ciphertext_message *)message);
    ck_assert_ptr_ne(serialized, 0);

    result = sender_key_distribution_message_deserialize(&result_message,
             signal_buffer_data(serialized),
             signal_buffer_len(serialized),
             global_context);
    ck_assert_int_eq(result, 0);

    int id1 = sender_key_distribution_message_get_id(message);
    int id2 = sender_key_distribution_message_get_id(result_message);
    ck_assert_int_eq(id1, id2);

    int iteration1 = sender_key_distribution_message_get_iteration(message);
    int iteration2 = sender_key_distribution_message_get_iteration(result_message);
    ck_assert_int_eq(iteration1, iteration2);

    signal_buffer *chain_key1 = sender_key_distribution_message_get_chain_key(message);
    signal_buffer *chain_key2 = sender_key_distribution_message_get_chain_key(result_message);
    ck_assert_int_eq(signal_buffer_compare(chain_key1, chain_key2), 0);

    ec_public_key *signature_key1 = sender_key_distribution_message_get_signature_key(message);
    ec_public_key *signature_key2 = sender_key_distribution_message_get_signature_key(result_message);
    ck_assert_int_eq(ec_public_key_compare(signature_key1, signature_key2), 0);

    /* Cleanup */
    SIGNAL_UNREF(message);
    SIGNAL_UNREF(result_message);
    SIGNAL_UNREF(signature_key);
}
int ratchet_chain_key_get_key(const ratchet_chain_key *chain_key, signal_buffer **buffer)
{
    signal_buffer *buf = 0;
    uint8_t *data = 0;
    
    buf = signal_buffer_alloc(chain_key->key_len);
    if(!buf) {
        return SG_ERR_NOMEM;
    }

    data = signal_buffer_data(buf);
    memcpy(data, chain_key->key, chain_key->key_len);

    *buffer = buf;

    return 0;
}
ssize_t ratchet_chain_key_get_base_material(const ratchet_chain_key *chain_key, uint8_t **material, const uint8_t *seed, size_t seed_len)
{
    int result = 0;
    signal_buffer *output_buffer = 0;
    uint8_t *output = 0;
    size_t output_len = 0;

    void *hmac_context = 0;
    result = signal_hmac_sha256_init(chain_key->global_context, &hmac_context, chain_key->key, chain_key->key_len);
    if(result < 0) {
        goto complete;
    }

    result = signal_hmac_sha256_update(chain_key->global_context, hmac_context, seed, seed_len);
    if(result < 0) {
        goto complete;
    }

    result = signal_hmac_sha256_final(chain_key->global_context, hmac_context, &output_buffer);
    if(result < 0) {
        goto complete;
    }

    output_len = signal_buffer_len(output_buffer);
    output = malloc(output_len);
    if(!output) {
        result = SG_ERR_NOMEM;
        goto complete;
    }

    memcpy(output, signal_buffer_data(output_buffer), output_len);

complete:
    signal_hmac_sha256_cleanup(chain_key->global_context, hmac_context);
    signal_buffer_free(output_buffer);

    if(result >= 0) {
        *material = output;
        return (ssize_t)output_len;
    }
    else {
        return result;
    }
}
int ratchet_root_key_get_key(ratchet_root_key *root_key, signal_buffer **buffer)
{
    signal_buffer *buf = 0;
    uint8_t *data = 0;

    assert(root_key);
    
    buf = signal_buffer_alloc(root_key->key_len);
    if(!buf) {
        return SG_ERR_NOMEM;
    }

    data = signal_buffer_data(buf);
    memcpy(data, root_key->key, root_key->key_len);

    *buffer = buf;

    return 0;
}
END_TEST

START_TEST(test_curve25519_large_signatures)
{
    int result;

    ec_key_pair *keys = 0;
    result = curve_generate_key_pair(global_context, &keys);
    ck_assert_int_eq(result, 0);

    uint8_t message[1048576];
    memset(message, 0, sizeof(message));

    signal_buffer *signature = 0;

    result = curve_calculate_signature(global_context, &signature,
            ec_key_pair_get_private(keys), message, sizeof(message));
    ck_assert_int_eq(result, 0);

    uint8_t *data = signal_buffer_data(signature);
    size_t len = signal_buffer_len(signature);

    result = curve_verify_signature(ec_key_pair_get_public(keys),
            message, sizeof(message), data, len);
    ck_assert_int_eq(result, 1);

    data[0] ^= 0x01;

    result = curve_verify_signature(ec_key_pair_get_public(keys),
            message, sizeof(message), data, len);
    ck_assert_int_eq(result, 0);

    /* Cleanup */
    SIGNAL_UNREF(keys);
    if(signature) {
        signal_buffer_free(signature);
    }
}
END_TEST

START_TEST(test_vectors)
{
    int result = 0;
    ec_public_key *alice_identity_key = 0;
    ec_public_key *bob_identity_key = 0;
    fingerprint_generator *generator = 0;
    fingerprint *alice_fingerprint = 0;
    fingerprint *bob_fingerprint = 0;
    signal_buffer *alice_buffer = 0;
    signal_buffer *bob_buffer = 0;

    uint8_t aliceIdentity[] = {
        0x05, 0x06, 0x86, 0x3b, 0xc6, 0x6d, 0x02, 0xb4,
        0x0d, 0x27, 0xb8, 0xd4, 0x9c, 0xa7, 0xc0, 0x9e,
        0x92, 0x39, 0x23, 0x6f, 0x9d, 0x7d, 0x25, 0xd6,
        0xfc, 0xca, 0x5c, 0xe1, 0x3c, 0x70, 0x64, 0xd8,
        0x68
    };

    uint8_t bobIdentity[] = {
        0x05, 0xf7, 0x81, 0xb6, 0xfb, 0x32, 0xfe, 0xd9,
        0xba, 0x1c, 0xf2, 0xde, 0x97, 0x8d, 0x4d, 0x5d,
        0xa2, 0x8d, 0xc3, 0x40, 0x46, 0xae, 0x81, 0x44,
        0x02, 0xb5, 0xc0, 0xdb, 0xd9, 0x6f, 0xda, 0x90,
        0x7b
    };

    const char *displayableFingerprint =
        "300354477692869396892869876765458257569162576843440918079131";

    uint8_t aliceScannableFingerprint[] = {
        0x08, 0x00, 0x12, 0x31, 0x0a, 0x21, 0x05, 0x06,
        0x86, 0x3b, 0xc6, 0x6d, 0x02, 0xb4, 0x0d, 0x27,
        0xb8, 0xd4, 0x9c, 0xa7, 0xc0, 0x9e, 0x92, 0x39,
        0x23, 0x6f, 0x9d, 0x7d, 0x25, 0xd6, 0xfc, 0xca,
        0x5c, 0xe1, 0x3c, 0x70, 0x64, 0xd8, 0x68, 0x12,
        0x0c, 0x2b, 0x31, 0x34, 0x31, 0x35, 0x32, 0x32,
        0x32, 0x32, 0x32, 0x32, 0x32, 0x1a, 0x31, 0x0a,
        0x21, 0x05, 0xf7, 0x81, 0xb6, 0xfb, 0x32, 0xfe,
        0xd9, 0xba, 0x1c, 0xf2, 0xde, 0x97, 0x8d, 0x4d,
        0x5d, 0xa2, 0x8d, 0xc3, 0x40, 0x46, 0xae, 0x81,
        0x44, 0x02, 0xb5, 0xc0, 0xdb, 0xd9, 0x6f, 0xda,
        0x90, 0x7b, 0x12, 0x0c, 0x2b, 0x31, 0x34, 0x31,
        0x35, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33
    };

    uint8_t bobScannableFingerprint[] = {
        0x08, 0x00, 0x12, 0x31, 0x0a, 0x21, 0x05, 0xf7,
        0x81, 0xb6, 0xfb, 0x32, 0xfe, 0xd9, 0xba, 0x1c,
        0xf2, 0xde, 0x97, 0x8d, 0x4d, 0x5d, 0xa2, 0x8d,
        0xc3, 0x40, 0x46, 0xae, 0x81, 0x44, 0x02, 0xb5,
        0xc0, 0xdb, 0xd9, 0x6f, 0xda, 0x90, 0x7b, 0x12,
        0x0c, 0x2b, 0x31, 0x34, 0x31, 0x35, 0x33, 0x33,
        0x33, 0x33, 0x33, 0x33, 0x33, 0x1a, 0x31, 0x0a,
        0x21, 0x05, 0x06, 0x86, 0x3b, 0xc6, 0x6d, 0x02,
        0xb4, 0x0d, 0x27, 0xb8, 0xd4, 0x9c, 0xa7, 0xc0,
        0x9e, 0x92, 0x39, 0x23, 0x6f, 0x9d, 0x7d, 0x25,
        0xd6, 0xfc, 0xca, 0x5c, 0xe1, 0x3c, 0x70, 0x64,
        0xd8, 0x68, 0x12, 0x0c, 0x2b, 0x31, 0x34, 0x31,
        0x35, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32
    };

    result = curve_decode_point(&alice_identity_key, aliceIdentity, sizeof(aliceIdentity), global_context);
    ck_assert_int_eq(result, 0);

    result = curve_decode_point(&bob_identity_key, bobIdentity, sizeof(bobIdentity), global_context);
    ck_assert_int_eq(result, 0);

    result = fingerprint_generator_create(&generator, 5200, global_context);
    ck_assert_int_eq(result, 0);

    result = fingerprint_generator_create_for(generator,
             "+14152222222", alice_identity_key,
             "+14153333333", bob_identity_key,
             &alice_fingerprint);
    ck_assert_int_eq(result, 0);

    result = fingerprint_generator_create_for(generator,
             "+14153333333", bob_identity_key,
             "+14152222222", alice_identity_key,
             &bob_fingerprint);
    ck_assert_int_eq(result, 0);

    displayable_fingerprint *alice_displayable = fingerprint_get_displayable(alice_fingerprint);
    ck_assert_str_eq(
        displayable_fingerprint_text(alice_displayable),
        displayableFingerprint);

    displayable_fingerprint *bob_displayable = fingerprint_get_displayable(bob_fingerprint);
    ck_assert_str_eq(
        displayable_fingerprint_text(bob_displayable),
        displayableFingerprint);

    scannable_fingerprint *alice_scannable = fingerprint_get_scannable(alice_fingerprint);
    scannable_fingerprint_serialize(&alice_buffer, alice_scannable);
    ck_assert_int_eq(result, 0);

    ck_assert_int_eq(signal_buffer_len(alice_buffer), sizeof(aliceScannableFingerprint));
    ck_assert_int_eq(memcmp(signal_buffer_data(alice_buffer), aliceScannableFingerprint, sizeof(aliceScannableFingerprint)), 0);

    scannable_fingerprint *bob_scannable = fingerprint_get_scannable(bob_fingerprint);
    scannable_fingerprint_serialize(&bob_buffer, bob_scannable);
    ck_assert_int_eq(result, 0);

    ck_assert_int_eq(signal_buffer_len(bob_buffer), sizeof(bobScannableFingerprint));
    ck_assert_int_eq(memcmp(signal_buffer_data(bob_buffer), bobScannableFingerprint, sizeof(bobScannableFingerprint)), 0);

    /* Cleanup */
    signal_buffer_free(alice_buffer);
    signal_buffer_free(bob_buffer);
    fingerprint_generator_free(generator);
    SIGNAL_UNREF(alice_identity_key);
    SIGNAL_UNREF(bob_identity_key);
    SIGNAL_UNREF(alice_fingerprint);
    SIGNAL_UNREF(bob_fingerprint);
}
int scannable_fingerprint_serialize(signal_buffer **buffer, const scannable_fingerprint *scannable)
{
    int result = 0;
    size_t result_size = 0;
    signal_buffer *result_buf = 0;
    Textsecure__CombinedFingerprint combined_fingerprint = TEXTSECURE__COMBINED_FINGERPRINT__INIT;
    Textsecure__FingerprintData local_fingerprint = TEXTSECURE__FINGERPRINT_DATA__INIT;
    Textsecure__FingerprintData remote_fingerprint = TEXTSECURE__FINGERPRINT_DATA__INIT;
    size_t len = 0;
    uint8_t *data = 0;

    combined_fingerprint.version = scannable->version;
    combined_fingerprint.has_version = 1;

    if(scannable->local_stable_identifier && scannable->local_identity_key) {
        signal_protocol_str_serialize_protobuf(&local_fingerprint.identifier, scannable->local_stable_identifier);
        local_fingerprint.has_identifier = 1;

        result = ec_public_key_serialize_protobuf(&local_fingerprint.publickey, scannable->local_identity_key);
        if(result < 0) {
            goto complete;
        }
        local_fingerprint.has_publickey = 1;

        combined_fingerprint.localfingerprint = &local_fingerprint;
    }

    if(scannable->remote_stable_identifier && scannable->remote_identity_key) {
        signal_protocol_str_serialize_protobuf(&remote_fingerprint.identifier, scannable->remote_stable_identifier);
        remote_fingerprint.has_identifier = 1;

        result = ec_public_key_serialize_protobuf(&remote_fingerprint.publickey, scannable->remote_identity_key);
        if(result < 0) {
            goto complete;
        }
        remote_fingerprint.has_publickey = 1;

        combined_fingerprint.remotefingerprint = &remote_fingerprint;
    }

    len = textsecure__combined_fingerprint__get_packed_size(&combined_fingerprint);

    result_buf = signal_buffer_alloc(len);
    if(!result_buf) {
        result = SG_ERR_NOMEM;
        goto complete;
    }

    data = signal_buffer_data(result_buf);
    result_size = textsecure__combined_fingerprint__pack(&combined_fingerprint, data);
    if(result_size != len) {
        signal_buffer_free(result_buf);
        result = SG_ERR_INVALID_PROTO_BUF;
        result_buf = 0;
        goto complete;
    }

complete:
    if(local_fingerprint.publickey.data) {
        free(local_fingerprint.publickey.data);
    }
    if(remote_fingerprint.publickey.data) {
        free(remote_fingerprint.publickey.data);
    }
    if(result >= 0) {
        *buffer = result_buf;
    }
    return result;
}
int fingerprint_generator_create_display_string(fingerprint_generator *generator, char **display_string,
        const char *stable_identifier, ec_public_key *identity_key)
{
    int result = 0;
    char *result_string = 0;
    signal_buffer *identity_buffer = 0;
    signal_buffer *hash_buffer = 0;
    signal_buffer *hash_in_buffer = 0;
    signal_buffer *hash_out_buffer = 0;
    uint8_t *data = 0;
    size_t len = 0;
    uint8_t *in_data = 0;
    size_t in_len = 0;
    int i = 0;

    assert(generator);
    assert(stable_identifier);
    assert(identity_key);
    assert(generator->global_context->crypto_provider.sha512_digest_func);

    result = ec_public_key_serialize(&identity_buffer, identity_key);
    if(result < 0) {
        goto complete;
    }

    len = 2 + signal_buffer_len(identity_buffer) + strlen(stable_identifier);

    hash_buffer = signal_buffer_alloc(len);
    if(!hash_buffer) {
        result = SG_ERR_NOMEM;
        goto complete;
    }

    data = signal_buffer_data(hash_buffer);

    memset(data, 0, len);

    data[0] = 0;
    data[1] = (uint8_t)VERSION;
    memcpy(data + 2, signal_buffer_data(identity_buffer), signal_buffer_len(identity_buffer));
    memcpy(data + 2 + signal_buffer_len(identity_buffer), stable_identifier, strlen(stable_identifier));

    hash_in_buffer = signal_buffer_alloc(MAX(len, SHA512_DIGEST_LENGTH) + signal_buffer_len(identity_buffer));
    if(!hash_in_buffer) {
        result = SG_ERR_NOMEM;
        goto complete;
    }

    in_data = signal_buffer_data(hash_in_buffer);
    in_len = len + signal_buffer_len(identity_buffer);

    for(i = 0; i < generator->iterations; i++) {
        data = signal_buffer_data(hash_buffer);
        len = signal_buffer_len(hash_buffer);
        in_len = signal_buffer_len(hash_buffer) + signal_buffer_len(identity_buffer);
        memcpy(in_data, data, len);
        memcpy(in_data + len,
                signal_buffer_data(identity_buffer),
                signal_buffer_len(identity_buffer));

        result = signal_sha512_digest(generator->global_context,
                &hash_out_buffer, in_data, in_len);
        if(result < 0) {
            goto complete;
        }
        if(signal_buffer_len(hash_out_buffer) != SHA512_DIGEST_LENGTH) {
            result = SG_ERR_INVAL;
            goto complete;
        }

        signal_buffer_free(hash_buffer);
        hash_buffer = hash_out_buffer;
        hash_out_buffer = 0;
    }

    data = signal_buffer_data(hash_buffer);
    len = signal_buffer_len(hash_buffer);

    if(len < 30) {
        result = SG_ERR_UNKNOWN;
        goto complete;
    }

    result_string = malloc(31);
    if(!result_string) {
        result = SG_ERR_NOMEM;
        goto complete;
    }

    for(i = 0; i < 30; i += 5) {
        uint64_t chunk = ((uint64_t)data[i] & 0xFFL) << 32 |
                ((uint64_t)data[i + 1] & 0xFFL) << 24 |
                ((uint64_t)data[i + 2] & 0xFFL) << 16 |
                ((uint64_t)data[i + 3] & 0xFFL) << 8 |
                ((uint64_t)data[i + 4] & 0xFFL);
#if _WINDOWS
        sprintf_s(result_string + i, 6, "%05d", (int)(chunk % 100000));
#else
        snprintf(result_string + i, 6, "%05d", (int)(chunk % 100000));
#endif
    }

complete:
    signal_buffer_free(identity_buffer);
    signal_buffer_free(hash_buffer);
    signal_buffer_free(hash_in_buffer);
    signal_buffer_free(hash_out_buffer);
    if(result >= 0) {
        *display_string = result_string;
    }
    return result;
}
Esempio n. 14
0
int device_consistency_code_generate_for(device_consistency_commitment *commitment,
        device_consistency_signature_list *signatures,
        char **code_string,
        signal_context *global_context)
{
    int result = 0;
    char *result_string = 0;
    void *digest_context = 0;
    device_consistency_signature_list *sorted_list = 0;
    uint8_t version_data[2];
    signal_buffer *commitment_buffer;
    unsigned int list_size;
    unsigned int i;
    signal_buffer *hash_buffer = 0;
    uint8_t *data = 0;
    size_t len = 0;
    char *encoded_string = 0;

    sorted_list = device_consistency_signature_list_copy(signatures);
    if(!sorted_list) {
        result = SG_ERR_NOMEM;
        goto complete;
    }

    device_consistency_signature_list_sort(sorted_list);

    result = signal_sha512_digest_init(global_context, &digest_context);
    if(result < 0) {
        goto complete;
    }

    version_data[1] = (uint8_t)(CODE_VERSION);
    version_data[0] = (uint8_t)(CODE_VERSION >> 8);

    result = signal_sha512_digest_update(global_context, digest_context,
            version_data, sizeof(version_data));
    if(result < 0) {
        goto complete;
    }

    commitment_buffer = device_consistency_commitment_get_serialized(commitment);
    result = signal_sha512_digest_update(global_context, digest_context,
            signal_buffer_data(commitment_buffer),
            signal_buffer_len(commitment_buffer));
    if(result < 0) {
        goto complete;
    }

    list_size = device_consistency_signature_list_size(sorted_list);
    for(i = 0; i < list_size; i++) {
        device_consistency_signature *signature = device_consistency_signature_list_at(sorted_list, i);
        signal_buffer *vrf_output = device_consistency_signature_get_vrf_output(signature);

        result = signal_sha512_digest_update(global_context, digest_context,
                signal_buffer_data(vrf_output),
                signal_buffer_len(vrf_output));
        if(result < 0) {
            goto complete;
        }
    }

    result = signal_sha512_digest_final(global_context, digest_context, &hash_buffer);
    if(result < 0) {
        goto complete;
    }

    data = signal_buffer_data(hash_buffer);
    len = signal_buffer_len(hash_buffer);

    if(len < 10) {
        result = SG_ERR_UNKNOWN;
        goto complete;
    }

    encoded_string = malloc(11);
    if(!encoded_string) {
        result = SG_ERR_NOMEM;
        goto complete;
    }

    for(i = 0; i < 10; i += 5) {
        uint64_t chunk = ((uint64_t)data[i] & 0xFFL) << 32 |
                ((uint64_t)data[i + 1] & 0xFFL) << 24 |
                ((uint64_t)data[i + 2] & 0xFFL) << 16 |
                ((uint64_t)data[i + 3] & 0xFFL) << 8 |
                ((uint64_t)data[i + 4] & 0xFFL);
#if _WINDOWS
        sprintf_s(encoded_string + i, 6, "%05d", (int)(chunk % 100000));
#else
        snprintf(encoded_string + i, 6, "%05d", (int)(chunk % 100000));
#endif
    }

    result_string = malloc(7);
    if(!result_string) {
        result = SG_ERR_NOMEM;
        goto complete;
    }

    memcpy(result_string, encoded_string, 6);
    result_string[6] = '\0';

complete:
    if(sorted_list) {
        device_consistency_signature_list_free(sorted_list);
    }
    if(digest_context) {
        signal_sha512_digest_cleanup(global_context, digest_context);
    }
    signal_buffer_free(hash_buffer);
    free(encoded_string);
    if(result >= 0) {
        *code_string = result_string;
    }
    return result;
}
Esempio n. 15
0
int device_consistency_message_create_from_serialized(device_consistency_message **message,
        device_consistency_commitment *commitment,
        const uint8_t *serialized_data, size_t serialized_len,
        ec_public_key *identity_key,
        signal_context *global_context)
{
    int result = 0;
    device_consistency_message *result_message = 0;
    Textsecure__DeviceConsistencyCodeMessage *message_structure = 0;
    signal_buffer *commitment_buffer = 0;
    signal_buffer *vrf_output_buffer = 0;

    /* Create message instance */
    result = device_consistency_message_create(&result_message);
    if(result < 0) {
        goto complete;
    }

    /* Deserialize the message */
    message_structure = textsecure__device_consistency_code_message__unpack(0, serialized_len, serialized_data);
    if(!message_structure) {
        result = SG_ERR_INVALID_PROTO_BUF;
        goto complete;
    }

    if(!message_structure->has_generation || !message_structure->has_signature) {
        result = SG_ERR_INVALID_PROTO_BUF;
        goto complete;
    }

    /* Verify VRF signature */
    commitment_buffer = device_consistency_commitment_get_serialized(commitment);
    result = curve_verify_vrf_signature(global_context, &vrf_output_buffer,
            identity_key,
            signal_buffer_data(commitment_buffer), signal_buffer_len(commitment_buffer),
            message_structure->signature.data, message_structure->signature.len);
    if(result < 0) {
        goto complete;
    }

    /* Assign the message fields */
    result_message->generation = message_structure->generation;

    result = device_consistency_signature_create(&result_message->signature,
            message_structure->signature.data, message_structure->signature.len,
            signal_buffer_data(vrf_output_buffer), signal_buffer_len(vrf_output_buffer));
    if(result < 0) {
        goto complete;
    }

    result_message->serialized = signal_buffer_create(serialized_data, serialized_len);
    if(!result_message->serialized) {
        result = SG_ERR_NOMEM;
    }

complete:
    if(message_structure) {
        textsecure__device_consistency_code_message__free_unpacked(message_structure, 0);
    }
    signal_buffer_free(vrf_output_buffer);
    if(result >= 0) {
        *message = result_message;
    }
    else {
        SIGNAL_UNREF(result_message);
    }
    if(result == SG_ERR_INVALID_PROTO_BUF
            || result == SG_ERR_INVALID_KEY
            || result == SG_ERR_VRF_SIG_VERIF_FAILED) {
        result = SG_ERR_INVALID_MESSAGE;
    }
    return result;
}
Esempio n. 16
0
int device_consistency_message_create_from_pair(device_consistency_message **message,
        device_consistency_commitment *commitment,
        ec_key_pair *identity_key_pair,
        signal_context *global_context)
{
    int result = 0;
    device_consistency_message *result_message = 0;
    signal_buffer *commitment_buffer = 0;
    signal_buffer *signature_buffer = 0;
    signal_buffer *vrf_output_buffer = 0;
    signal_buffer *serialized_signature_buffer = 0;
    Textsecure__DeviceConsistencyCodeMessage message_structure = TEXTSECURE__DEVICE_CONSISTENCY_CODE_MESSAGE__INIT;
    size_t len = 0;
    uint8_t *data = 0;
    size_t result_size = 0;

    /* Create message instance */
    result = device_consistency_message_create(&result_message);
    if(result < 0) {
        goto complete;
    }

    /* Calculate VRF signature */
    commitment_buffer = device_consistency_commitment_get_serialized(commitment);
    result = curve_calculate_vrf_signature(global_context, &signature_buffer,
            ec_key_pair_get_private(identity_key_pair),
            signal_buffer_data(commitment_buffer), signal_buffer_len(commitment_buffer));
    if(result < 0) {
        goto complete;
    }

    /* Verify VRF signature */
    result = curve_verify_vrf_signature(global_context, &vrf_output_buffer,
            ec_key_pair_get_public(identity_key_pair),
            signal_buffer_data(commitment_buffer), signal_buffer_len(commitment_buffer),
            signal_buffer_data(signature_buffer), signal_buffer_len(signature_buffer));
    if(result < 0) {
        goto complete;
    }

    result_message->generation = device_consistency_commitment_get_generation(commitment);

    /* Create and assign the signature */
    result = device_consistency_signature_create(&result_message->signature,
            signal_buffer_data(signature_buffer), signal_buffer_len(signature_buffer),
            signal_buffer_data(vrf_output_buffer), signal_buffer_len(vrf_output_buffer));
    if(result < 0) {
        goto complete;
    }

    serialized_signature_buffer = device_consistency_signature_get_signature(result_message->signature);

    /* Serialize the message */
    message_structure.generation = device_consistency_commitment_get_generation(commitment);
    message_structure.has_generation = 1;
    message_structure.signature.data = signal_buffer_data(serialized_signature_buffer);
    message_structure.signature.len = signal_buffer_len(serialized_signature_buffer);
    message_structure.has_signature = 1;

    len = textsecure__device_consistency_code_message__get_packed_size(&message_structure);
    result_message->serialized = signal_buffer_alloc(len);
    if(!result_message->serialized) {
        result = SG_ERR_NOMEM;
        goto complete;
    }

    data = signal_buffer_data(result_message->serialized);

    result_size = textsecure__device_consistency_code_message__pack(&message_structure, data);
    if(result_size != len) {
        result = SG_ERR_INVALID_PROTO_BUF;
        goto complete;
    }

complete:
    signal_buffer_free(signature_buffer);
    signal_buffer_free(vrf_output_buffer);
    if(result >= 0) {
        *message = result_message;
    }
    else {
        SIGNAL_UNREF(result_message);
    }
    if(result == SG_ERR_INVALID_KEY || result == SG_ERR_VRF_SIG_VERIF_FAILED) {
        result = SG_ERR_UNKNOWN;
    }
    return result;
}
Esempio n. 17
0
static int session_cipher_decrypt_from_state_and_signal_message(session_cipher *cipher,
        session_state *state, signal_message *ciphertext, signal_buffer **plaintext)
{
    int result = 0;
    signal_buffer *result_buf = 0;
    ec_public_key *their_ephemeral = 0;
    uint32_t counter = 0;
    ratchet_chain_key *chain_key = 0;
    ratchet_message_keys message_keys;
    uint8_t message_version = 0;
    uint32_t session_version = 0;
    ec_public_key *remote_identity_key = 0;
    ec_public_key *local_identity_key = 0;
    signal_buffer *ciphertext_body = 0;

    if(!session_state_has_sender_chain(state)) {
        signal_log(cipher->global_context, SG_LOG_WARNING, "Uninitialized session!");
        result = SG_ERR_INVALID_MESSAGE;
        goto complete;
    }

    message_version = signal_message_get_message_version(ciphertext);
    session_version = session_state_get_session_version(state);

    if(message_version != session_version) {
        signal_log(cipher->global_context, SG_LOG_WARNING, "Message version %d, but session version %d", message_version, session_version);
        result = SG_ERR_INVALID_MESSAGE;
        goto complete;
    }

    their_ephemeral = signal_message_get_sender_ratchet_key(ciphertext);
    if(!their_ephemeral) {
        result = SG_ERR_UNKNOWN;
        goto complete;
    }

    counter = signal_message_get_counter(ciphertext);

    result = session_cipher_get_or_create_chain_key(cipher, &chain_key, state, their_ephemeral);
    if(result < 0) {
        goto complete;
    }

    result = session_cipher_get_or_create_message_keys(&message_keys, state,
            their_ephemeral, chain_key, counter, cipher->global_context);
    if(result < 0) {
        goto complete;
    }

    remote_identity_key = session_state_get_remote_identity_key(state);
    if(!remote_identity_key) {
        result = SG_ERR_UNKNOWN;
        goto complete;
    }

    local_identity_key = session_state_get_local_identity_key(state);
    if(!local_identity_key) {
        result = SG_ERR_UNKNOWN;
        goto complete;
    }

    result = signal_message_verify_mac(ciphertext,
            remote_identity_key, local_identity_key,
            message_keys.mac_key, sizeof(message_keys.mac_key),
            cipher->global_context);
    if(result != 1) {
        if(result == 0) {
            signal_log(cipher->global_context, SG_LOG_WARNING, "Message mac not verified");
            result = SG_ERR_INVALID_MESSAGE;
        }
        else if(result < 0) {
            signal_log(cipher->global_context, SG_LOG_WARNING, "Error attempting to verify message mac");
        }
        goto complete;
    }

    ciphertext_body = signal_message_get_body(ciphertext);
    if(!ciphertext_body) {
        signal_log(cipher->global_context, SG_LOG_WARNING, "Message body does not exist");
        result = SG_ERR_INVALID_MESSAGE;
        goto complete;
    }

    result = session_cipher_get_plaintext(cipher, &result_buf, message_version, &message_keys,
            signal_buffer_data(ciphertext_body), signal_buffer_len(ciphertext_body));
    if(result < 0) {
        goto complete;
    }

    session_state_clear_unacknowledged_pre_key_message(state);

complete:
    SIGNAL_UNREF(chain_key);
    if(result >= 0) {
        *plaintext = result_buf;
    }
    else {
        signal_buffer_free(result_buf);
    }
    signal_explicit_bzero(&message_keys, sizeof(ratchet_message_keys));
    return result;
}
END_TEST

START_TEST(test_serialize_pre_key_signal_message)
{
    int result = 0;

    static const char ciphertext[] = "WhisperCipherText";
    ec_public_key *sender_ratchet_key = create_test_ec_public_key(global_context);
    ec_public_key *sender_identity_key = create_test_ec_public_key(global_context);
    ec_public_key *receiver_identity_key = create_test_ec_public_key(global_context);
    ec_public_key *base_key = create_test_ec_public_key(global_context);
    ec_public_key *identity_key = create_test_ec_public_key(global_context);
    uint8_t mac_key[RATCHET_MAC_KEY_LENGTH];
    memset(mac_key, 1, sizeof(mac_key));

    signal_message *message = 0;
    pre_key_signal_message *pre_key_message = 0;
    pre_key_signal_message *result_pre_key_message = 0;

    result = signal_message_create(&message, 3,
                                   mac_key, sizeof(mac_key),
                                   sender_ratchet_key,
                                   2, /* counter */
                                   1, /* previous counter */
                                   (uint8_t *)ciphertext, sizeof(ciphertext) - 1,
                                   sender_identity_key, receiver_identity_key,
                                   global_context);
    ck_assert_int_eq(result, 0);

    uint32_t pre_key_id = 56;
    result = pre_key_signal_message_create(&pre_key_message,
                                           3,  /* message version */
                                           42, /* registration ID */
                                           &pre_key_id, /* pre key ID */
                                           72, /* signed pre key ID */
                                           base_key, identity_key,
                                           message,
                                           global_context);
    ck_assert_int_eq(result, 0);

    signal_buffer *serialized = ciphertext_message_get_serialized((ciphertext_message *)pre_key_message);
    ck_assert_ptr_ne(serialized, 0);

    result = pre_key_signal_message_deserialize(&result_pre_key_message,
             signal_buffer_data(serialized),
             signal_buffer_len(serialized),
             global_context);
    ck_assert_int_eq(result, 0);

    int version1 = pre_key_signal_message_get_message_version(pre_key_message);
    int version2 = pre_key_signal_message_get_message_version(result_pre_key_message);
    ck_assert_int_eq(version1, version2);

    ec_public_key *identity_key1 = pre_key_signal_message_get_identity_key(pre_key_message);
    ec_public_key *identity_key2 = pre_key_signal_message_get_identity_key(result_pre_key_message);
    ck_assert_int_eq(ec_public_key_compare(identity_key1, identity_key2), 0);

    int registration_id1 = pre_key_signal_message_get_registration_id(pre_key_message);
    int registration_id2 = pre_key_signal_message_get_registration_id(result_pre_key_message);
    ck_assert_int_eq(registration_id1, registration_id2);

    int has_pre_key_id1 = pre_key_signal_message_has_pre_key_id(pre_key_message);
    int has_pre_key_id2 = pre_key_signal_message_has_pre_key_id(result_pre_key_message);
    ck_assert_int_eq(has_pre_key_id1, has_pre_key_id2);

    if(has_pre_key_id1) {
        int pre_key_id1 = pre_key_signal_message_get_pre_key_id(pre_key_message);
        int pre_key_id2 = pre_key_signal_message_get_pre_key_id(result_pre_key_message);
        ck_assert_int_eq(pre_key_id1, pre_key_id2);
    }

    int signed_pre_key_id1 = pre_key_signal_message_get_signed_pre_key_id(pre_key_message);
    int signed_pre_key_id2 = pre_key_signal_message_get_signed_pre_key_id(result_pre_key_message);
    ck_assert_int_eq(signed_pre_key_id1, signed_pre_key_id2);

    ec_public_key *base_key1 = pre_key_signal_message_get_base_key(pre_key_message);
    ec_public_key *base_key2 = pre_key_signal_message_get_base_key(result_pre_key_message);
    ck_assert_int_eq(ec_public_key_compare(base_key1, base_key2), 0);

    signal_message *message1 = pre_key_signal_message_get_signal_message(pre_key_message);
    signal_message *message2 = pre_key_signal_message_get_signal_message(result_pre_key_message);
    compare_signal_messages(message1, message2);

    /* Cleanup */
    SIGNAL_UNREF(message);
    SIGNAL_UNREF(result_pre_key_message);
    SIGNAL_UNREF(pre_key_message);
    SIGNAL_UNREF(sender_ratchet_key);
    SIGNAL_UNREF(sender_identity_key);
    SIGNAL_UNREF(receiver_identity_key);
    SIGNAL_UNREF(base_key);
    SIGNAL_UNREF(identity_key);
}
Esempio n. 19
0
int session_cipher_encrypt(session_cipher *cipher,
        const uint8_t *padded_message, size_t padded_message_len,
        ciphertext_message **encrypted_message)
{
    int result = 0;
    session_record *record = 0;
    session_state *state = 0;
    ratchet_chain_key *chain_key = 0;
    ratchet_chain_key *next_chain_key = 0;
    ratchet_message_keys message_keys;
    ec_public_key *sender_ephemeral = 0;
    uint32_t previous_counter = 0;
    uint32_t session_version = 0;
    signal_buffer *ciphertext = 0;
    uint32_t chain_key_index = 0;
    ec_public_key *local_identity_key = 0;
    ec_public_key *remote_identity_key = 0;
    signal_message *message = 0;
    pre_key_signal_message *pre_key_message = 0;
    uint8_t *ciphertext_data = 0;
    size_t ciphertext_len = 0;

    assert(cipher);
    signal_lock(cipher->global_context);

    if(cipher->inside_callback == 1) {
        result = SG_ERR_INVAL;
        goto complete;
    }

    result = signal_protocol_session_load_session(cipher->store, &record, cipher->remote_address);
    if(result < 0) {
        goto complete;
    }

    state = session_record_get_state(record);
    if(!state) {
        result = SG_ERR_UNKNOWN;
        goto complete;
    }

    chain_key = session_state_get_sender_chain_key(state);
    if(!chain_key) {
        result = SG_ERR_UNKNOWN;
        goto complete;
    }

    result = ratchet_chain_key_get_message_keys(chain_key, &message_keys);
    if(result < 0) {
        goto complete;
    }

    sender_ephemeral = session_state_get_sender_ratchet_key(state);
    if(!sender_ephemeral) {
        result = SG_ERR_UNKNOWN;
        goto complete;
    }

    previous_counter = session_state_get_previous_counter(state);
    session_version = session_state_get_session_version(state);

    result = session_cipher_get_ciphertext(cipher,
            &ciphertext,
            session_version, &message_keys,
            padded_message, padded_message_len);
    if(result < 0) {
        goto complete;
    }
    ciphertext_data = signal_buffer_data(ciphertext);
    ciphertext_len = signal_buffer_len(ciphertext);

    chain_key_index = ratchet_chain_key_get_index(chain_key);

    local_identity_key = session_state_get_local_identity_key(state);
    if(!local_identity_key) {
        result = SG_ERR_UNKNOWN;
        goto complete;
    }

    remote_identity_key = session_state_get_remote_identity_key(state);
    if(!remote_identity_key) {
        result = SG_ERR_UNKNOWN;
        goto complete;
    }

    result = signal_message_create(&message,
            session_version,
            message_keys.mac_key, sizeof(message_keys.mac_key),
            sender_ephemeral,
            chain_key_index, previous_counter,
            ciphertext_data, ciphertext_len,
            local_identity_key, remote_identity_key,
            cipher->global_context);
    if(result < 0) {
        goto complete;
    }

    if(session_state_has_unacknowledged_pre_key_message(state) == 1) {
        uint32_t local_registration_id = session_state_get_local_registration_id(state);
        int has_pre_key_id = 0;
        uint32_t pre_key_id = 0;
        uint32_t signed_pre_key_id;
        ec_public_key *base_key;
        
        if(session_state_unacknowledged_pre_key_message_has_pre_key_id(state)) {
            has_pre_key_id = 1;
            pre_key_id = session_state_unacknowledged_pre_key_message_get_pre_key_id(state);
        }
        signed_pre_key_id = session_state_unacknowledged_pre_key_message_get_signed_pre_key_id(state);
        base_key = session_state_unacknowledged_pre_key_message_get_base_key(state);

        if(!base_key) {
            result = SG_ERR_UNKNOWN;
            goto complete;
        }

        result = pre_key_signal_message_create(&pre_key_message,
                session_version, local_registration_id, (has_pre_key_id ? &pre_key_id : 0),
                signed_pre_key_id, base_key, local_identity_key,
                message,
                cipher->global_context);
        if(result < 0) {
            goto complete;
        }
        SIGNAL_UNREF(message);
        message = 0;
    }

    result = ratchet_chain_key_create_next(chain_key, &next_chain_key);
    if(result < 0) {
        goto complete;
    }

    result = session_state_set_sender_chain_key(state, next_chain_key);
    if(result < 0) {
        goto complete;
    }

    result = signal_protocol_session_store_session(cipher->store, cipher->remote_address, record);

complete:
    if(result >= 0) {
        if(pre_key_message) {
            *encrypted_message = (ciphertext_message *)pre_key_message;
        }
        else {
            *encrypted_message = (ciphertext_message *)message;
        }
    }
    else {
        SIGNAL_UNREF(pre_key_message);
        SIGNAL_UNREF(message);
    }
    signal_buffer_free(ciphertext);
    SIGNAL_UNREF(next_chain_key);
    SIGNAL_UNREF(record);
    signal_explicit_bzero(&message_keys, sizeof(ratchet_message_keys));
    signal_unlock(cipher->global_context);
    return result;
}
Esempio n. 20
0
int device_consistency_commitment_create(device_consistency_commitment **commitment,
        uint32_t generation, ec_public_key_list *identity_key_list,
        signal_context *global_context)
{
    static const char version[] = "DeviceConsistencyCommitment_V0";
    int result = 0;
    void *digest_context = 0;
    device_consistency_commitment *result_commitment = 0;
    ec_public_key_list *sorted_list = 0;
    uint8_t gen_data[4];
    unsigned int list_size;
    unsigned int i;

    result_commitment = malloc(sizeof(device_consistency_commitment));
    if(!result_commitment) {
        result = SG_ERR_NOMEM;
        goto complete;
    }
    memset(result_commitment, 0, sizeof(device_consistency_commitment));
    SIGNAL_INIT(result_commitment, device_consistency_commitment_destroy);

    sorted_list = ec_public_key_list_copy(identity_key_list);
    if(!sorted_list) {
        result = SG_ERR_NOMEM;
        goto complete;
    }

    ec_public_key_list_sort(sorted_list);

    result = signal_sha512_digest_init(global_context, &digest_context);
    if(result < 0) {
        goto complete;
    }

    result = signal_sha512_digest_update(global_context, digest_context,
            (uint8_t *)version, sizeof(version) - 1);
    if(result < 0) {
        goto complete;
    }

    gen_data[3] = (uint8_t)(generation);
    gen_data[2] = (uint8_t)(generation >> 8);
    gen_data[1] = (uint8_t)(generation >> 16);
    gen_data[0] = (uint8_t)(generation >> 24);

    result = signal_sha512_digest_update(global_context, digest_context,
            gen_data, sizeof(gen_data));
    if(result < 0) {
        goto complete;
    }

    list_size = ec_public_key_list_size(sorted_list);
    for(i = 0; i < list_size; i++) {
        signal_buffer *key_buffer = 0;
        ec_public_key *key = ec_public_key_list_at(sorted_list, i);

        result = ec_public_key_serialize(&key_buffer, key);
        if(result < 0) {
            goto complete;
        }

        result = signal_sha512_digest_update(global_context, digest_context,
                signal_buffer_data(key_buffer), signal_buffer_len(key_buffer));
        signal_buffer_free(key_buffer);
        if(result < 0) {
            goto complete;
        }
    }

    result_commitment->generation = generation;
    result = signal_sha512_digest_final(global_context, digest_context, &result_commitment->serialized);

complete:
    if(sorted_list) {
        ec_public_key_list_free(sorted_list);
    }
    if(digest_context) {
        signal_sha512_digest_cleanup(global_context, digest_context);
    }
    if(result >= 0) {
        *commitment = result_commitment;
    }
    else {
        SIGNAL_UNREF(result_commitment);
    }
    return result;
}