diff options
Diffstat (limited to 'libs/libaxolotl/src/device_consistency.c')
-rw-r--r-- | libs/libaxolotl/src/device_consistency.c | 646 |
1 files changed, 646 insertions, 0 deletions
diff --git a/libs/libaxolotl/src/device_consistency.c b/libs/libaxolotl/src/device_consistency.c new file mode 100644 index 0000000000..f01ed15363 --- /dev/null +++ b/libs/libaxolotl/src/device_consistency.c @@ -0,0 +1,646 @@ +#include "device_consistency.h" + +#include <assert.h> +#include <string.h> + +#include "signal_protocol_internal.h" +#include "curve.h" +#include "WhisperTextProtocol.pb-c.h" +#include "utarray.h" + +#define CODE_VERSION 0 + +struct device_consistency_signature +{ + signal_type_base base; + signal_buffer *signature; + signal_buffer *vrf_output; +}; + +struct device_consistency_commitment +{ + signal_type_base base; + uint32_t generation; + signal_buffer *serialized; +}; + +struct device_consistency_message +{ + signal_type_base base; + device_consistency_signature *signature; + uint32_t generation; + signal_buffer *serialized; +}; + +struct device_consistency_signature_list +{ + UT_array *values; +}; + +static int device_consistency_message_create(device_consistency_message **message); +static void device_consistency_signature_list_sort(device_consistency_signature_list *list); + +/*------------------------------------------------------------------------*/ + +int device_consistency_signature_create(device_consistency_signature **signature, + const uint8_t *signature_data, size_t signature_len, + const uint8_t *vrf_output_data, size_t vrf_output_len) +{ + int result = 0; + device_consistency_signature *result_signature = 0; + + result_signature = malloc(sizeof(device_consistency_signature)); + if(!result_signature) { + result = SG_ERR_NOMEM; + goto complete; + } + memset(result_signature, 0, sizeof(device_consistency_signature)); + SIGNAL_INIT(result_signature, device_consistency_signature_destroy); + + result_signature->signature = signal_buffer_create(signature_data, signature_len); + if(!result_signature->signature) { + result = SG_ERR_NOMEM; + goto complete; + } + + result_signature->vrf_output = signal_buffer_create(vrf_output_data, vrf_output_len); + if(!result_signature->vrf_output) { + result = SG_ERR_NOMEM; + goto complete; + } + +complete: + if(result >= 0) { + *signature = result_signature; + } + else { + SIGNAL_UNREF(result_signature); + } + return result; +} + +signal_buffer *device_consistency_signature_get_signature(const device_consistency_signature *signature) +{ + assert(signature); + return signature->signature; +} + +signal_buffer *device_consistency_signature_get_vrf_output(const device_consistency_signature *signature) +{ + assert(signature); + return signature->vrf_output; +} + +void device_consistency_signature_destroy(signal_type_base *type) +{ + device_consistency_signature *signature = (device_consistency_signature *)type; + signal_buffer_free(signature->signature); + signal_buffer_free(signature->vrf_output); + free(signature); +} + +/*------------------------------------------------------------------------*/ + +int device_consistency_commitment_create(device_consistency_commitment **commitment, + uint32_t generation, ec_public_key_list *identity_key_list, + signal_context *global_context) +{ + static const char version[] = "DeviceConsistencyCommitment_V0"; + int result = 0; + void *digest_context = 0; + device_consistency_commitment *result_commitment = 0; + ec_public_key_list *sorted_list = 0; + uint8_t gen_data[4]; + unsigned int list_size; + unsigned int i; + + result_commitment = malloc(sizeof(device_consistency_commitment)); + if(!result_commitment) { + result = SG_ERR_NOMEM; + goto complete; + } + memset(result_commitment, 0, sizeof(device_consistency_commitment)); + SIGNAL_INIT(result_commitment, device_consistency_commitment_destroy); + + sorted_list = ec_public_key_list_copy(identity_key_list); + if(!sorted_list) { + result = SG_ERR_NOMEM; + goto complete; + } + + ec_public_key_list_sort(sorted_list); + + result = signal_sha512_digest_init(global_context, &digest_context); + if(result < 0) { + goto complete; + } + + result = signal_sha512_digest_update(global_context, digest_context, + (uint8_t *)version, sizeof(version) - 1); + if(result < 0) { + goto complete; + } + + gen_data[3] = (uint8_t)(generation); + gen_data[2] = (uint8_t)(generation >> 8); + gen_data[1] = (uint8_t)(generation >> 16); + gen_data[0] = (uint8_t)(generation >> 24); + + result = signal_sha512_digest_update(global_context, digest_context, + gen_data, sizeof(gen_data)); + if(result < 0) { + goto complete; + } + + list_size = ec_public_key_list_size(sorted_list); + for(i = 0; i < list_size; i++) { + signal_buffer *key_buffer = 0; + ec_public_key *key = ec_public_key_list_at(sorted_list, i); + + result = ec_public_key_serialize(&key_buffer, key); + if(result < 0) { + goto complete; + } + + result = signal_sha512_digest_update(global_context, digest_context, + signal_buffer_data(key_buffer), signal_buffer_len(key_buffer)); + signal_buffer_free(key_buffer); + if(result < 0) { + goto complete; + } + } + + result_commitment->generation = generation; + result = signal_sha512_digest_final(global_context, digest_context, &result_commitment->serialized); + +complete: + if(sorted_list) { + ec_public_key_list_free(sorted_list); + } + if(digest_context) { + signal_sha512_digest_cleanup(global_context, digest_context); + } + if(result >= 0) { + *commitment = result_commitment; + } + else { + SIGNAL_UNREF(result_commitment); + } + return result; +} + +uint32_t device_consistency_commitment_get_generation(const device_consistency_commitment *commitment) +{ + assert(commitment); + return commitment->generation; +} + +signal_buffer *device_consistency_commitment_get_serialized(const device_consistency_commitment *commitment) +{ + assert(commitment); + return commitment->serialized; +} + +void device_consistency_commitment_destroy(signal_type_base *type) +{ + device_consistency_commitment *commitment = (device_consistency_commitment *)type; + signal_buffer_free(commitment->serialized); + free(commitment); +} + +/*------------------------------------------------------------------------*/ + +int device_consistency_message_create(device_consistency_message **message) +{ + int result = 0; + device_consistency_message *result_message = 0; + + result_message = malloc(sizeof(device_consistency_message)); + if(!result_message) { + result = SG_ERR_NOMEM; + goto complete; + } + memset(result_message, 0, sizeof(device_consistency_message)); + SIGNAL_INIT(result_message, device_consistency_message_destroy); + +complete: + if(result >= 0) { + *message = result_message; + } + return result; +} + +int device_consistency_message_create_from_pair(device_consistency_message **message, + device_consistency_commitment *commitment, + ec_key_pair *identity_key_pair, + signal_context *global_context) +{ + int result = 0; + device_consistency_message *result_message = 0; + signal_buffer *commitment_buffer = 0; + signal_buffer *signature_buffer = 0; + signal_buffer *vrf_output_buffer = 0; + signal_buffer *serialized_signature_buffer = 0; + Textsecure__DeviceConsistencyCodeMessage message_structure = TEXTSECURE__DEVICE_CONSISTENCY_CODE_MESSAGE__INIT; + size_t len = 0; + uint8_t *data = 0; + size_t result_size = 0; + + /* Create message instance */ + result = device_consistency_message_create(&result_message); + if(result < 0) { + goto complete; + } + + /* Calculate VRF signature */ + commitment_buffer = device_consistency_commitment_get_serialized(commitment); + result = curve_calculate_vrf_signature(global_context, &signature_buffer, + ec_key_pair_get_private(identity_key_pair), + signal_buffer_data(commitment_buffer), signal_buffer_len(commitment_buffer)); + if(result < 0) { + goto complete; + } + + /* Verify VRF signature */ + result = curve_verify_vrf_signature(global_context, &vrf_output_buffer, + ec_key_pair_get_public(identity_key_pair), + signal_buffer_data(commitment_buffer), signal_buffer_len(commitment_buffer), + signal_buffer_data(signature_buffer), signal_buffer_len(signature_buffer)); + if(result < 0) { + goto complete; + } + + result_message->generation = device_consistency_commitment_get_generation(commitment); + + /* Create and assign the signature */ + result = device_consistency_signature_create(&result_message->signature, + signal_buffer_data(signature_buffer), signal_buffer_len(signature_buffer), + signal_buffer_data(vrf_output_buffer), signal_buffer_len(vrf_output_buffer)); + if(result < 0) { + goto complete; + } + + serialized_signature_buffer = device_consistency_signature_get_signature(result_message->signature); + + /* Serialize the message */ + message_structure.generation = device_consistency_commitment_get_generation(commitment); + message_structure.has_generation = 1; + message_structure.signature.data = signal_buffer_data(serialized_signature_buffer); + message_structure.signature.len = signal_buffer_len(serialized_signature_buffer); + message_structure.has_signature = 1; + + len = textsecure__device_consistency_code_message__get_packed_size(&message_structure); + result_message->serialized = signal_buffer_alloc(len); + if(!result_message->serialized) { + result = SG_ERR_NOMEM; + goto complete; + } + + data = signal_buffer_data(result_message->serialized); + + result_size = textsecure__device_consistency_code_message__pack(&message_structure, data); + if(result_size != len) { + result = SG_ERR_INVALID_PROTO_BUF; + goto complete; + } + +complete: + signal_buffer_free(signature_buffer); + signal_buffer_free(vrf_output_buffer); + if(result >= 0) { + *message = result_message; + } + else { + SIGNAL_UNREF(result_message); + } + if(result == SG_ERR_INVALID_KEY || result == SG_ERR_VRF_SIG_VERIF_FAILED) { + result = SG_ERR_UNKNOWN; + } + return result; +} + +int device_consistency_message_create_from_serialized(device_consistency_message **message, + device_consistency_commitment *commitment, + const uint8_t *serialized_data, size_t serialized_len, + ec_public_key *identity_key, + signal_context *global_context) +{ + int result = 0; + device_consistency_message *result_message = 0; + Textsecure__DeviceConsistencyCodeMessage *message_structure = 0; + signal_buffer *commitment_buffer = 0; + signal_buffer *vrf_output_buffer = 0; + + /* Create message instance */ + result = device_consistency_message_create(&result_message); + if(result < 0) { + goto complete; + } + + /* Deserialize the message */ + message_structure = textsecure__device_consistency_code_message__unpack(0, serialized_len, serialized_data); + if(!message_structure) { + result = SG_ERR_INVALID_PROTO_BUF; + goto complete; + } + + if(!message_structure->has_generation || !message_structure->has_signature) { + result = SG_ERR_INVALID_PROTO_BUF; + goto complete; + } + + /* Verify VRF signature */ + commitment_buffer = device_consistency_commitment_get_serialized(commitment); + result = curve_verify_vrf_signature(global_context, &vrf_output_buffer, + identity_key, + signal_buffer_data(commitment_buffer), signal_buffer_len(commitment_buffer), + message_structure->signature.data, message_structure->signature.len); + if(result < 0) { + goto complete; + } + + /* Assign the message fields */ + result_message->generation = message_structure->generation; + + device_consistency_signature_create(&result_message->signature, + message_structure->signature.data, message_structure->signature.len, + signal_buffer_data(vrf_output_buffer), signal_buffer_len(vrf_output_buffer)); + if(result < 0) { + goto complete; + } + + result_message->serialized = signal_buffer_create(serialized_data, serialized_len); + if(!result_message->serialized) { + result = SG_ERR_NOMEM; + } + +complete: + if(message_structure) { + textsecure__device_consistency_code_message__free_unpacked(message_structure, 0); + } + signal_buffer_free(vrf_output_buffer); + if(result >= 0) { + *message = result_message; + } + else { + SIGNAL_UNREF(result_message); + } + if(result == SG_ERR_INVALID_PROTO_BUF + || result == SG_ERR_INVALID_KEY + || result == SG_ERR_VRF_SIG_VERIF_FAILED) { + result = SG_ERR_INVALID_MESSAGE; + } + return result; +} + +signal_buffer *device_consistency_message_get_serialized(const device_consistency_message *message) +{ + assert(message); + return message->serialized; +} + +device_consistency_signature *device_consistency_message_get_signature(const device_consistency_message *message) +{ + assert(message); + return message->signature; +} + +uint32_t device_consistency_signature_get_generation(const device_consistency_message *message) +{ + assert(message); + return message->generation; +} + +void device_consistency_message_destroy(signal_type_base *type) +{ + device_consistency_message *message = (device_consistency_message *)type; + SIGNAL_UNREF(message->signature); + signal_buffer_free(message->serialized); + free(message); +} + +/*------------------------------------------------------------------------*/ + +int device_consistency_code_generate_for(device_consistency_commitment *commitment, + device_consistency_signature_list *signatures, + char **code_string, + signal_context *global_context) +{ + int result = 0; + char *result_string = 0; + void *digest_context = 0; + device_consistency_signature_list *sorted_list = 0; + uint8_t version_data[2]; + signal_buffer *commitment_buffer; + unsigned int list_size; + unsigned int i; + signal_buffer *hash_buffer = 0; + uint8_t *data = 0; + size_t len = 0; + char *encoded_string = 0; + + sorted_list = device_consistency_signature_list_copy(signatures); + if(!sorted_list) { + result = SG_ERR_NOMEM; + goto complete; + } + + device_consistency_signature_list_sort(sorted_list); + + result = signal_sha512_digest_init(global_context, &digest_context); + if(result < 0) { + goto complete; + } + + version_data[1] = (uint8_t)(CODE_VERSION); + version_data[0] = (uint8_t)(CODE_VERSION >> 8); + + result = signal_sha512_digest_update(global_context, digest_context, + version_data, sizeof(version_data)); + if(result < 0) { + goto complete; + } + + commitment_buffer = device_consistency_commitment_get_serialized(commitment); + result = signal_sha512_digest_update(global_context, digest_context, + signal_buffer_data(commitment_buffer), + signal_buffer_len(commitment_buffer)); + if(result < 0) { + goto complete; + } + + list_size = device_consistency_signature_list_size(sorted_list); + for(i = 0; i < list_size; i++) { + device_consistency_signature *signature = device_consistency_signature_list_at(sorted_list, i); + signal_buffer *vrf_output = device_consistency_signature_get_vrf_output(signature); + + result = signal_sha512_digest_update(global_context, digest_context, + signal_buffer_data(vrf_output), + signal_buffer_len(vrf_output)); + if(result < 0) { + goto complete; + } + } + + result = signal_sha512_digest_final(global_context, digest_context, &hash_buffer); + if(result < 0) { + goto complete; + } + + data = signal_buffer_data(hash_buffer); + len = signal_buffer_len(hash_buffer); + + if(len < 10) { + result = SG_ERR_UNKNOWN; + goto complete; + } + + encoded_string = malloc(11); + if(!encoded_string) { + result = SG_ERR_NOMEM; + goto complete; + } + + for(i = 0; i < 10; i += 5) { + uint64_t chunk = ((uint64_t)data[i] & 0xFFL) << 32 | + ((uint64_t)data[i + 1] & 0xFFL) << 24 | + ((uint64_t)data[i + 2] & 0xFFL) << 16 | + ((uint64_t)data[i + 3] & 0xFFL) << 8 | + ((uint64_t)data[i + 4] & 0xFFL); +#if _WINDOWS + sprintf_s(encoded_string + i, 6, "%05d", (int)(chunk % 100000)); +#else + snprintf(encoded_string + i, 6, "%05d", (int)(chunk % 100000)); +#endif + } + + result_string = malloc(7); + if(!result_string) { + result = SG_ERR_NOMEM; + goto complete; + } + + memcpy(result_string, encoded_string, 6); + result_string[6] = '\0'; + +complete: + if(sorted_list) { + device_consistency_signature_list_free(sorted_list); + } + if(digest_context) { + signal_sha512_digest_cleanup(global_context, digest_context); + } + signal_buffer_free(hash_buffer); + free(encoded_string); + if(result >= 0) { + *code_string = result_string; + } + return result; +} + +/*------------------------------------------------------------------------*/ + +device_consistency_signature_list *device_consistency_signature_list_alloc() +{ + device_consistency_signature_list *list = malloc(sizeof(device_consistency_signature_list)); + if(!list) { + return 0; + } + memset(list, 0, sizeof(device_consistency_signature_list)); + utarray_new(list->values, &ut_ptr_icd); + return list; +} + +device_consistency_signature_list *device_consistency_signature_list_copy(const device_consistency_signature_list *list) +{ + device_consistency_signature_list *result = 0; + unsigned int size; + unsigned int i; + device_consistency_signature **p; + + result = device_consistency_signature_list_alloc(); + if(!result) { + return 0; + } + + size = utarray_len(list->values); + + utarray_reserve(result->values, size); + + for (i = 0; i < size; i++) { + p = (device_consistency_signature **)utarray_eltptr(list->values, i); + device_consistency_signature_list_push_back(result, *p); + } + + return result; +} + +void device_consistency_signature_list_push_back(device_consistency_signature_list *list, device_consistency_signature *value) +{ + assert(list); + assert(value); + SIGNAL_REF(value); + utarray_push_back(list->values, &value); +} + +unsigned int device_consistency_signature_list_size(const device_consistency_signature_list *list) +{ + assert(list); + return utarray_len(list->values); +} + +device_consistency_signature *device_consistency_signature_list_at(const device_consistency_signature_list *list, unsigned int index) +{ + device_consistency_signature **value = 0; + + assert(list); + assert(index < utarray_len(list->values)); + + value = (device_consistency_signature **)utarray_eltptr(list->values, index); + + assert(*value); + + return *value; +} + +int device_consistency_signature_list_sort_comparator(const void *a, const void *b) +{ + int result; + const device_consistency_signature *sig1 = *((const device_consistency_signature **)a); + const device_consistency_signature *sig2 = *((const device_consistency_signature **)b); + signal_buffer *buf1 = device_consistency_signature_get_signature(sig1); + signal_buffer *buf2 = device_consistency_signature_get_signature(sig2); + size_t len1 = signal_buffer_len(buf1); + size_t len2 = signal_buffer_len(buf2); + + if(len1 == len2) { + result = memcmp(signal_buffer_data(buf1), signal_buffer_data(buf2), len1); + } + else { + result = len1 - len2; + } + + return result; +} + +void device_consistency_signature_list_sort(device_consistency_signature_list *list) +{ + assert(list); + utarray_sort(list->values, device_consistency_signature_list_sort_comparator); +} + +void device_consistency_signature_list_free(device_consistency_signature_list *list) +{ + unsigned int size; + unsigned int i; + device_consistency_signature **p; + if(list) { + size = utarray_len(list->values); + for (i = 0; i < size; i++) { + p = (device_consistency_signature **)utarray_eltptr(list->values, i); + SIGNAL_UNREF(*p); + } + utarray_free(list->values); + free(list); + } +} |