aboutsummaryrefslogtreecommitdiff
path: root/include
diff options
context:
space:
mode:
authorRichard van der Hoff <richard@matrix.org>2016-09-01 13:35:23 +0100
committerRichard van der Hoff <richard@matrix.org>2016-09-01 13:35:23 +0100
commit0c462cff112589fc52d13da6c919f881cb6d3f8c (patch)
tree9c71802ce0d583856b7cd47bfcf20cdfa05354ba /include
parentf03febb772c47855ab748ed6dee2f29db9f9c5ba (diff)
Fix Ed25519 keypair generation
Ed25519 private keys, it turns out, have 64 bytes, not 32. We were previously generating only 32 bytes (which is all that is required to generate the public key), and then using the public key as the upper 32 bytes when generating the per-message session key. This meant that everything appeared to work, but the security of the private key was severely compromised. By way of fixes: * Use the correct algorithm for generating the Ed25519 private key, and store all 512 bits of it. * Update the account pickle format and refuse to load the old format (since we should consider it compromised). * Bump the library version, and add a function to retrieve the library version, so that applications can verify that they are linked against a fixed version of the library. * Remove the curve25519_{sign, verify} functions which were unused and of dubious quality.
Diffstat (limited to 'include')
-rw-r--r--include/olm/crypto.hh21
-rw-r--r--include/olm/error.h7
-rw-r--r--include/olm/olm.h5
3 files changed, 14 insertions, 19 deletions
diff --git a/include/olm/crypto.hh b/include/olm/crypto.hh
index 64e8f7d..484dc83 100644
--- a/include/olm/crypto.hh
+++ b/include/olm/crypto.hh
@@ -25,6 +25,7 @@
namespace olm {
+static const std::size_t ED25519_PRIVATE_KEY_LENGTH = 64;
static const std::size_t KEY_LENGTH = 32;
static const std::size_t SIGNATURE_LENGTH = 64;
static const std::size_t IV_LENGTH = 16;
@@ -45,7 +46,7 @@ struct Ed25519PublicKey {
struct Ed25519KeyPair : public Ed25519PublicKey {
- std::uint8_t private_key[KEY_LENGTH];
+ std::uint8_t private_key[ED25519_PRIVATE_KEY_LENGTH];
};
@@ -65,24 +66,6 @@ void curve25519_shared_secret(
);
-/** Signs the message using our private key.
- * The output buffer must be at least 64 bytes long. */
-void curve25519_sign(
- Curve25519KeyPair const & our_key,
- std::uint8_t const * message, std::size_t message_length,
- std::uint8_t * output
-);
-
-
-/** Verify their message using their public key.
- * The signature input buffer must be 64 bytes long.
- * Returns true if the signature is valid. */
-bool curve25519_verify(
- Curve25519PublicKey const & their_key,
- std::uint8_t const * message, std::size_t message_length,
- std::uint8_t const * signature
-);
-
/** Generate a curve25519 key pair from 32 random bytes. */
void ed25519_generate_key(
std::uint8_t const * random_32_bytes,
diff --git a/include/olm/error.h b/include/olm/error.h
index 98d2cf5..1c44de8 100644
--- a/include/olm/error.h
+++ b/include/olm/error.h
@@ -39,6 +39,13 @@ enum OlmErrorCode {
* known session key.
*/
+ /**
+ * Attempt to unpickle an account which uses pickle version 1 (which did
+ * not save enough space for the Ed25519 key; the key should be considered
+ * compromised. We don't let the user reload the account.
+ */
+ OLM_BAD_LEGACY_ACCOUNT_PICKLE = 13,
+
/* remember to update the list of string constants in error.c when updating
* this list. */
};
diff --git a/include/olm/olm.h b/include/olm/olm.h
index dbaf71e..0886fa9 100644
--- a/include/olm/olm.h
+++ b/include/olm/olm.h
@@ -33,6 +33,11 @@ typedef struct OlmAccount OlmAccount;
typedef struct OlmSession OlmSession;
typedef struct OlmUtility OlmUtility;
+/** Get the version number of the library.
+ * Arguments will be updated if non-null.
+ */
+void olm_get_library_version(uint8_t *major, uint8_t *minor, uint8_t *patch);
+
/** The size of an account object in bytes */
size_t olm_account_size();