Age | Commit message (Collapse) | Author |
|
Repeat the fix from b10f90d for megolm messages.
It turns out that the 'length' argument to 'Pointer_stringify' doesn't work if
the input includes characters >= 128.
Rather than try to figure out which methods can return UTF-8, and which always
return plain ascii, replace all uses of Pointer_stringify with a 'length'
argument with the version that expects a NULL-terminated input, and extend the
buffer by a byte to allow space for a null-terminator.
In the case of decrypt, we need to add the null ourself.
Fixes https://github.com/vector-im/vector-web/issues/2078.
|
|
I find myself wanting to know if an OlmSession is in the pre-key state or not,
to help debugging at the application level.
|
|
... to match the Makefile
|
|
Ed25519 private keys, it turns out, have 64 bytes, not 32.
We were previously generating only 32 bytes (which is all that is required to
generate the public key), and then using the public key as the upper 32 bytes
when generating the per-message session key. This meant that everything
appeared to work, but the security of the private key was severely compromised.
By way of fixes:
* Use the correct algorithm for generating the Ed25519 private key, and store
all 512 bits of it.
* Update the account pickle format and refuse to load the old format (since we
should consider it compromised).
* Bump the library version, and add a function to retrieve the library
version, so that applications can verify that they are linked against a
fixed version of the library.
* Remove the curve25519_{sign, verify} functions which were unused and of
dubious quality.
|
|
|
|
It turns out that the 'length' argument to 'Pointer_stringify' doesn't work if
the input includes characters >= 128.
Rather than try to figure out which methods can return UTF-8, and which always
return plain ascii, replace all uses of Pointer_stringify with a 'length'
argument with the version that expects a NULL-terminated input, and extend the
buffer by a byte to allow space for a null-terminator.
In the case of decrypt, we need to add the null ourself.
Fixes https://github.com/vector-im/vector-web/issues/1719.
|
|
It's important that group messages be signed by the sender, rather than by a
secret derived from the shared secret.
|
|
To make sure that we don't sneakily use methods which we wouldn't be able to
for remote users, expose an interface object which contains the remote
interface.
|
|
message.length counts codepoints; we need bytes.
|
|
|
|
|
|
Now that we have C and C++, we need to split the compile and link steps
(because we need different flags for the C and C++ files), so this is
easier with a Makefile.
|
|
Remove the (now non-functional) declarations of olm_set_log_level in the C and
js wrappers.
|
|
|
|
|
|
|
|
|
|
something about 'global' not defined
|
|
Build into 'javascript' dir and tell package.json exactly which files we care
about.
|
|
whose python path points at python3 (e.g. Arch linux) though, but I see no choice than they have to change the shebangs, as we do on Synapse. For instance, OSX doesn't have a python2 symlink, otherwise we'd use /usr/bin/env python2 shebang.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
provide a olm_account_sign method so that the user of the library can sign the JSON themselves
|
|
|
|
|
|
key JSON
|
|
Axolotl-the-OWS-libraries at moxie's request
|
|
|
|
|
|
|
|
|
|
|