aboutsummaryrefslogtreecommitdiff
path: root/javascript/olm_post.js
AgeCommit message (Collapse)Author
2016-09-05Fix megolm decryption of UTF-8Richard van der Hoff
Repeat the fix from b10f90d for megolm messages. It turns out that the 'length' argument to 'Pointer_stringify' doesn't work if the input includes characters >= 128. Rather than try to figure out which methods can return UTF-8, and which always return plain ascii, replace all uses of Pointer_stringify with a 'length' argument with the version that expects a NULL-terminated input, and extend the buffer by a byte to allow space for a null-terminator. In the case of decrypt, we need to add the null ourself. Fixes https://github.com/vector-im/vector-web/issues/2078.
2016-09-01Fix Ed25519 keypair generationRichard van der Hoff
Ed25519 private keys, it turns out, have 64 bytes, not 32. We were previously generating only 32 bytes (which is all that is required to generate the public key), and then using the public key as the upper 32 bytes when generating the per-message session key. This meant that everything appeared to work, but the security of the private key was severely compromised. By way of fixes: * Use the correct algorithm for generating the Ed25519 private key, and store all 512 bits of it. * Update the account pickle format and refuse to load the old format (since we should consider it compromised). * Bump the library version, and add a function to retrieve the library version, so that applications can verify that they are linked against a fixed version of the library. * Remove the curve25519_{sign, verify} functions which were unused and of dubious quality.
2016-07-06JS: make sure returned strings are null-terminatedRichard van der Hoff
It turns out that the 'length' argument to 'Pointer_stringify' doesn't work if the input includes characters >= 128. Rather than try to figure out which methods can return UTF-8, and which always return plain ascii, replace all uses of Pointer_stringify with a 'length' argument with the version that expects a NULL-terminated input, and extend the buffer by a byte to allow space for a null-terminator. In the case of decrypt, we need to add the null ourself. Fixes https://github.com/vector-im/vector-web/issues/1719.
2016-05-16Remove vestiges of loggingRichard van der Hoff
Remove the (now non-functional) declarations of olm_set_log_level in the C and js wrappers.
2016-04-26Add a basic logging implementationRichard van der Hoff
2015-08-04Add sha256 and ed25519_verify methods to javascript bindingsMark Haines
2015-07-21Fix javascript bindings: matches_inbound doesn't take an account argumentMark Haines
2015-07-17Add remove_one_time_keys to the javascript bindingsMark Haines
2015-07-16Add method getting a session id. Update the python and javascript bindingsMark Haines
2015-07-14Tweak the javascript bindings so that they will work with Node.jsMark Haines
2015-07-10Output simpler JSON for the account keys, don't sign the JSON but instead ↵Mark Haines
provide a olm_account_sign method so that the user of the library can sign the JSON themselves
2015-07-09Add c bindings for the methods for managing one time keysMark Haines
2015-07-08Don't pass a key id when creating a new outbound sessionMark Haines
2015-07-08Update the javascript bindings and demo to match the format of the identity ↵Mark Haines
key JSON
2015-06-27Rename axolotlpp as olm to avoid confusion with Axolotl-the-spec and ↵Matthew Hodgson
Axolotl-the-OWS-libraries at moxie's request