From bfbc8edcad16e576041d7a81a4d58c70fa17a3fa Mon Sep 17 00:00:00 2001
From: Paul Fariello <paul@fariello.eu>
Date: Tue, 19 Feb 2019 19:18:15 +0140
Subject: [PATCH] Add crypto backend for signal-protocol

---
 Makefile.am        |   3 +-
 configure.ac       |   8 +++
 src/omemo/crypto.c | 136 +++++++++++++++++++++++++++++++++++++++++++++
 src/omemo/crypto.h | 136 +++++++++++++++++++++++++++++++++++++++++++++
 src/omemo/omemo.c  |  34 +++++++++++-
 src/omemo/omemo.h  |   3 +
 6 files changed, 317 insertions(+), 3 deletions(-)
 create mode 100644 src/omemo/crypto.c
 create mode 100644 src/omemo/crypto.h
 create mode 100644 src/omemo/omemo.h

diff --git a/Makefile.am b/Makefile.am
index 226f9bad..8bfffd7a 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -70,6 +70,7 @@ unittest_sources = \
 	src/otr/otr.h \
 	src/pgp/gpg.h \
 	src/omemo/omemo.h \
+	src/omemo/crypto.h \
 	src/command/cmd_defs.h src/command/cmd_defs.c \
 	src/command/cmd_funcs.h src/command/cmd_funcs.c \
 	src/command/cmd_ac.h src/command/cmd_ac.c \
@@ -170,7 +171,7 @@ otr4_sources = \
 	src/otr/otrlib.h src/otr/otrlibv4.c src/otr/otr.h src/otr/otr.c
 
 omemo_sources = \
-	src/omemo/omemo.h src/omemo/omemo.c
+	src/omemo/omemo.h src/omemo/omemo.c src/omemo/crypto.h src/omemo/crypto.c
 
 if BUILD_PYTHON_API
 core_sources += $(python_sources)
diff --git a/configure.ac b/configure.ac
index 9cce9840..5ba70464 100644
--- a/configure.ac
+++ b/configure.ac
@@ -275,6 +275,14 @@ if test "x$enable_omemo" != xno; then
         [AS_IF([test "x$enable_omemo" = xyes],
             [AC_MSG_ERROR([libsignal-protocol-c is required for omemo support])],
             [AC_MSG_NOTICE([libsignal-protocol-c not found, omemo support not enabled])])])
+
+    AC_CHECK_LIB([sodium], [sodium_init],
+        [AM_CONDITIONAL([BUILD_OMEMO], [true])
+         AC_DEFINE([HAVE_LIBSIGNAL_PROTOCOL], [1], [Have omemo]),
+         LIBS="-lsodium $LIBS"],
+        [AS_IF([test "x$enable_omemo" = xyes],
+            [AC_MSG_ERROR([libsodium is required for omemo support])],
+            [AC_MSG_NOTICE([libsodium not found, omemo support not enabled])])])
 fi
 
 AS_IF([test "x$with_themes" = xno],
diff --git a/src/omemo/crypto.c b/src/omemo/crypto.c
new file mode 100644
index 00000000..a986c729
--- /dev/null
+++ b/src/omemo/crypto.c
@@ -0,0 +1,136 @@
+#include <assert.h>
+#include <signal/signal_protocol.h>
+#include <signal/signal_protocol_types.h>
+#include <sodium.h>
+
+#include "omemo/crypto.h"
+
+int
+omemo_crypto_init(void)
+{
+    if (sodium_init() < 0) {
+        return -1;
+    }
+
+    if (crypto_aead_aes256gcm_is_available() == 0) {
+        return -1;
+    }
+
+    return 0;
+}
+
+int
+omemo_random_func(uint8_t *data, size_t len, void *user_data)
+{
+    randombytes_buf(data, len);
+    return 0;
+}
+
+int
+omemo_hmac_sha256_init_func(void **hmac_context, const uint8_t *key, size_t key_len, void *user_data)
+{
+    *hmac_context = sodium_malloc(sizeof(crypto_auth_hmacsha256_state));
+    return crypto_auth_hmacsha256_init(*hmac_context, key, key_len);
+}
+
+int
+omemo_hmac_sha256_update_func(void *hmac_context, const uint8_t *data, size_t data_len, void *user_data)
+{
+    return crypto_auth_hmacsha256_update(hmac_context, data, data_len);
+}
+
+int
+omemo_hmac_sha256_final_func(void *hmac_context, signal_buffer **output, void *user_data)
+{
+    int ret;
+    unsigned char out[crypto_auth_hmacsha256_BYTES];
+
+    if ((ret = crypto_auth_hmacsha256_final(hmac_context, out)) != 0) {
+        return ret;
+    }
+
+    *output = signal_buffer_create(out, crypto_auth_hmacsha256_BYTES);
+    return 0;
+}
+
+void
+omemo_hmac_sha256_cleanup_func(void *hmac_context, void *user_data)
+{
+    sodium_free(hmac_context);
+}
+
+int
+omemo_sha512_digest_init_func(void **digest_context, void *user_data)
+{
+    *digest_context = sodium_malloc(sizeof(crypto_hash_sha512_state));
+    return crypto_hash_sha512_init(*digest_context);
+}
+
+int
+omemo_sha512_digest_update_func(void *digest_context, const uint8_t *data, size_t data_len, void *user_data)
+{
+    return crypto_hash_sha512_update(digest_context, data, data_len);
+}
+
+int
+omemo_sha512_digest_final_func(void *digest_context, signal_buffer **output, void *user_data)
+{
+    int ret;
+    unsigned char out[crypto_hash_sha512_BYTES];
+
+    if ((ret = crypto_hash_sha512_final(digest_context, out)) != 0) {
+        return ret;
+    }
+
+    *output = signal_buffer_create(out, crypto_hash_sha512_BYTES);
+    return 0;
+}
+
+void
+omemo_sha512_digest_cleanup_func(void *digest_context, void *user_data)
+{
+    sodium_free(digest_context);
+}
+
+int
+omemo_encrypt_func(signal_buffer **output, int cipher, const uint8_t *key, size_t key_len, const uint8_t *iv, size_t iv_len,
+    const uint8_t *plaintext, size_t plaintext_len, void *user_data)
+{
+    unsigned char *ciphertext;
+    unsigned long long ciphertext_len;
+
+    assert(cipher != SG_CIPHER_AES_GCM_NOPADDING);
+    assert(key_len == crypto_aead_aes256gcm_KEYBYTES);
+    assert(iv_len == crypto_aead_aes256gcm_NPUBBYTES);
+
+    ciphertext = malloc(plaintext_len + crypto_aead_aes256gcm_ABYTES);
+    crypto_aead_aes256gcm_encrypt(ciphertext, &ciphertext_len, plaintext, plaintext_len, NULL, 0, NULL, iv, key);
+
+    *output = signal_buffer_create(ciphertext, ciphertext_len);
+    free(ciphertext);
+
+    return 0;
+}
+
+int
+omemo_decrypt_func(signal_buffer **output, int cipher, const uint8_t *key, size_t key_len, const uint8_t *iv, size_t iv_len,
+    const uint8_t *ciphertext, size_t ciphertext_len, void *user_data)
+{
+    unsigned char *plaintext;
+    unsigned long long plaintext_len;
+
+    assert(cipher != SG_CIPHER_AES_GCM_NOPADDING);
+    assert(key_len == crypto_aead_aes256gcm_KEYBYTES);
+    assert(iv_len == crypto_aead_aes256gcm_NPUBBYTES);
+
+    plaintext = malloc(ciphertext_len - crypto_aead_aes256gcm_ABYTES);
+    if (crypto_aead_aes256gcm_decrypt(plaintext, &plaintext_len, NULL, ciphertext, ciphertext_len, NULL, 0, iv, key) < 0) {
+        free(plaintext);
+        return -1;
+    }
+
+    *output = signal_buffer_create(plaintext, plaintext_len);
+    free(plaintext);
+
+    return 0;
+}
diff --git a/src/omemo/crypto.h b/src/omemo/crypto.h
new file mode 100644
index 00000000..759cef69
--- /dev/null
+++ b/src/omemo/crypto.h
@@ -0,0 +1,136 @@
+#include <signal/signal_protocol_types.h>
+
+#define SG_CIPHER_AES_GCM_NOPADDING 1000
+
+int omemo_crypto_init(void);
+/**
+* Callback for a secure random number generator.
+* This function shall fill the provided buffer with random bytes.
+*
+* @param data pointer to the output buffer
+* @param len size of the output buffer
+* @return 0 on success, negative on failure
+*/
+int omemo_random_func(uint8_t *data, size_t len, void *user_data);
+
+/**
+* Callback for an HMAC-SHA256 implementation.
+* This function shall initialize an HMAC context with the provided key.
+*
+* @param hmac_context private HMAC context pointer
+* @param key pointer to the key
+* @param key_len length of the key
+* @return 0 on success, negative on failure
+*/
+int omemo_hmac_sha256_init_func(void **hmac_context, const uint8_t *key, size_t key_len, void *user_data);
+
+/**
+* Callback for an HMAC-SHA256 implementation.
+* This function shall update the HMAC context with the provided data
+*
+* @param hmac_context private HMAC context pointer
+* @param data pointer to the data
+* @param data_len length of the data
+* @return 0 on success, negative on failure
+*/
+int omemo_hmac_sha256_update_func(void *hmac_context, const uint8_t *data, size_t data_len, void *user_data);
+
+/**
+* Callback for an HMAC-SHA256 implementation.
+* This function shall finalize an HMAC calculation and populate the output
+* buffer with the result.
+*
+* @param hmac_context private HMAC context pointer
+* @param output buffer to be allocated and populated with the result
+* @return 0 on success, negative on failure
+*/
+int omemo_hmac_sha256_final_func(void *hmac_context, signal_buffer **output, void *user_data);
+
+/**
+* Callback for an HMAC-SHA256 implementation.
+* This function shall free the private context allocated in
+* hmac_sha256_init_func.
+*
+* @param hmac_context private HMAC context pointer
+*/
+void omemo_hmac_sha256_cleanup_func(void *hmac_context, void *user_data);
+
+/**
+* Callback for a SHA512 message digest implementation.
+* This function shall initialize a digest context.
+*
+* @param digest_context private digest context pointer
+* @return 0 on success, negative on failure
+*/
+int omemo_sha512_digest_init_func(void **digest_context, void *user_data);
+
+/**
+* Callback for a SHA512 message digest implementation.
+* This function shall update the digest context with the provided data.
+*
+* @param digest_context private digest context pointer
+* @param data pointer to the data
+* @param data_len length of the data
+* @return 0 on success, negative on failure
+*/
+int omemo_sha512_digest_update_func(void *digest_context, const uint8_t *data, size_t data_len, void *user_data);
+
+/**
+* Callback for a SHA512 message digest implementation.
+* This function shall finalize the digest calculation, populate the
+* output buffer with the result, and prepare the context for reuse.
+*
+* @param digest_context private digest context pointer
+* @param output buffer to be allocated and populated with the result
+* @return 0 on success, negative on failure
+*/
+int omemo_sha512_digest_final_func(void *digest_context, signal_buffer **output, void *user_data);
+
+/**
+* Callback for a SHA512 message digest implementation.
+* This function shall free the private context allocated in
+* sha512_digest_init_func.
+*
+* @param digest_context private digest context pointer
+*/
+void omemo_sha512_digest_cleanup_func(void *digest_context, void *user_data);
+
+/**
+* Callback for an AES encryption implementation.
+*
+* @param output buffer to be allocated and populated with the ciphertext
+* @param cipher specific cipher variant to use, either SG_CIPHER_AES_CTR_NOPADDING or SG_CIPHER_AES_CBC_PKCS5
+* @param key the encryption key
+* @param key_len length of the encryption key
+* @param iv the initialization vector
+* @param iv_len length of the initialization vector
+* @param plaintext the plaintext to encrypt
+* @param plaintext_len length of the plaintext
+* @return 0 on success, negative on failure
+*/
+int omemo_encrypt_func(signal_buffer **output,
+    int cipher,
+    const uint8_t *key, size_t key_len,
+    const uint8_t *iv, size_t iv_len,
+    const uint8_t *plaintext, size_t plaintext_len,
+    void *user_data);
+
+/**
+* Callback for an AES decryption implementation.
+*
+* @param output buffer to be allocated and populated with the plaintext
+* @param cipher specific cipher variant to use, either SG_CIPHER_AES_CTR_NOPADDING or SG_CIPHER_AES_CBC_PKCS5
+* @param key the encryption key
+* @param key_len length of the encryption key
+* @param iv the initialization vector
+* @param iv_len length of the initialization vector
+* @param ciphertext the ciphertext to decrypt
+* @param ciphertext_len length of the ciphertext
+* @return 0 on success, negative on failure
+*/
+int omemo_decrypt_func(signal_buffer **output,
+    int cipher,
+    const uint8_t *key, size_t key_len,
+    const uint8_t *iv, size_t iv_len,
+    const uint8_t *ciphertext, size_t ciphertext_len,
+    void *user_data);
diff --git a/src/omemo/omemo.c b/src/omemo/omemo.c
index a0da5639..871f3bfc 100644
--- a/src/omemo/omemo.c
+++ b/src/omemo/omemo.c
@@ -1,10 +1,40 @@
 #include <signal/signal_protocol.h>
 
 #include "config/account.h"
+#include "ui/ui.h"
+#include "omemo/crypto.h"
 
 void
 omemo_init(ProfAccount *account)
 {
-	signal_context *global_context;
-	signal_context_create(&global_context, NULL);
+    signal_context *global_context;
+    signal_crypto_provider crypto_provider = {
+        .random_func = omemo_random_func,
+        .hmac_sha256_init_func = omemo_hmac_sha256_init_func,
+        .hmac_sha256_update_func = omemo_hmac_sha256_update_func,
+        .hmac_sha256_final_func = omemo_hmac_sha256_final_func,
+        .hmac_sha256_cleanup_func = omemo_hmac_sha256_cleanup_func,
+        .sha512_digest_init_func = omemo_sha512_digest_init_func,
+        .sha512_digest_update_func = omemo_sha512_digest_update_func,
+        .sha512_digest_final_func = omemo_sha512_digest_final_func,
+        .sha512_digest_cleanup_func = omemo_sha512_digest_cleanup_func,
+        .encrypt_func = omemo_encrypt_func,
+        .decrypt_func = omemo_decrypt_func,
+        .user_data = NULL
+    };
+
+    if (omemo_crypto_init() != 0) {
+        cons_show("Error initializing Omemo crypto");
+    }
+
+    if (signal_context_create(&global_context, NULL) != 0) {
+        cons_show("Error initializing Omemo context");
+        return;
+    }
+
+    if (signal_context_set_crypto_provider(global_context, &crypto_provider) != 0) {
+        cons_show("Error initializing Omemo crypto");
+        return;
+    }
+    //signal_context_set_locking_functions(global_context, lock_function, unlock_function);
 }
diff --git a/src/omemo/omemo.h b/src/omemo/omemo.h
new file mode 100644
index 00000000..2ca1c221
--- /dev/null
+++ b/src/omemo/omemo.h
@@ -0,0 +1,3 @@
+#include "config/account.h"
+
+void omemo_init(ProfAccount *account);