Typing is part of standard library from python 3.5 and from python 3.7
onwards trying to install it results in an error.
This patch disables typing installation on python versions that are
newer than 3.5.
Signed-off-by: Damir Jelić <poljar@termina.org.uk>
This is a workaround for a bug where signature verification would
overwrite the variable holding the signature.
This only happens on python2.
Signed-off-by: Damir Jelić <poljar@termina.org.uk>
- build both Python2 and Python3 libs by default, and add separate rules
building Python2 and Python.
- use the libraries as built by setuptools, rather than building again
separately
This patch adds the ability to build the bindings without having a
globally installed Olm C library.
Provided that the C library is already built, the tests can be run now
with make test.
Signed-off-by: Damir Jelić <poljar@termina.org.uk>
This commit imports the python bindings from:
https://github.com/poljar/python-olm
The bindings are imported at commit c44b145818520d69eaaa350fb95afcb846125e0f
Minor modifications were made while importing:
- Removed travis config
- Removed Arch Linux PKGBUILD
- Removed the html docs, they can be rebuild by running make html in
the docs folder
- Slightly modified the README
The new bindings feature some improvements over the old ones:
- Python 2 and 3 support
- Automatic memory management
- Automatic memory clearing before it is freed
- Type signatures via the python typing module
- Full test coverage
- Properties are utilized where it makes sense (e.g. account.id)
Signed-off-by: Damir Jelić <poljar@termina.org.uk>
Ed25519 private keys, it turns out, have 64 bytes, not 32.
We were previously generating only 32 bytes (which is all that is required to
generate the public key), and then using the public key as the upper 32 bytes
when generating the per-message session key. This meant that everything
appeared to work, but the security of the private key was severely compromised.
By way of fixes:
* Use the correct algorithm for generating the Ed25519 private key, and store
all 512 bits of it.
* Update the account pickle format and refuse to load the old format (since we
should consider it compromised).
* Bump the library version, and add a function to retrieve the library
version, so that applications can verify that they are linked against a
fixed version of the library.
* Remove the curve25519_{sign, verify} functions which were unused and of
dubious quality.