Richard van der Hoff
0c462cff11
Fix Ed25519 keypair generation
...
Ed25519 private keys, it turns out, have 64 bytes, not 32.
We were previously generating only 32 bytes (which is all that is required to
generate the public key), and then using the public key as the upper 32 bytes
when generating the per-message session key. This meant that everything
appeared to work, but the security of the private key was severely compromised.
By way of fixes:
* Use the correct algorithm for generating the Ed25519 private key, and store
all 512 bits of it.
* Update the account pickle format and refuse to load the old format (since we
should consider it compromised).
* Bump the library version, and add a function to retrieve the library
version, so that applications can verify that they are linked against a
fixed version of the library.
* Remove the curve25519_{sign, verify} functions which were unused and of
dubious quality.
2016-09-01 13:35:23 +01:00
Richard van der Hoff
d8b24acb77
PR feedback
...
* write V1 pickles on the master branch
* the logging branch is going to write v0x80000001
2016-06-30 14:01:02 +01:00
Richard van der Hoff
8dd3c182ee
Make space in the session pickle for chain index
...
Keeping track of the chain index is a useful thing to do, but is only required
if we've enabled diagnostics. Extend the session pickle format to make a space
for it, so that pickles can be transferred between the logging_enabled branch
and the master branch without loss of information.
Also add some tests for session pickling which explicitly check that we can
unpickle both formats of pickle.
2016-06-30 11:38:01 +01:00
Richard van der Hoff
757c422578
Remove unused 'chain_index' from Ratchet
...
This was introduced when I was experimenting with support for logging progress
in Olm. That is now relegated to the logging_enabled branch, so this should
probably be removed.
This also fixes the incompatibility of session pickles from the current master
branch with those from olm 0.1.0.
2016-06-30 11:31:36 +01:00
Richard van der Hoff
708fddd747
Remove session_id from group messages
...
Putting the session_id inside the packed message body makes it hard to extract
so that we can decide which session to use. We don't think there is any
advantage to having thes sesion_id protected by the HMACs, so we're going to
move it to the JSON framing.
2016-05-25 17:42:32 +01:00
Mark Haines
19a7fb5df5
Fix an integer wrap around bug and add a couple more tests
2016-05-25 15:00:05 +01:00
Richard van der Hoff
01ea3d4b9a
Fix handling of integer wraparound in megolm.c
2016-05-24 17:52:35 +01:00
Richard van der Hoff
fc4756ddf1
Fix up some names, and protobuf tags
...
Make names (of session_key and message_index) more consistent.
Use our own protobuf tags rather than trying to piggyback on the one-to-one
structure.
2016-05-24 13:40:21 +01:00
Richard van der Hoff
a073d12d83
Support for pickling inbound group sessions
2016-05-24 13:40:21 +01:00
Richard van der Hoff
39ad75314b
Implement decrypting inbound group messages
...
Includes creation of inbound sessions, etc
2016-05-24 13:39:34 +01:00
Richard van der Hoff
c058554132
Implement pickling/unpickling for outbound group sessions
2016-05-24 13:39:34 +01:00
Richard van der Hoff
caaed796ad
Implementation of an outbound group session
2016-05-24 13:39:34 +01:00
Richard van der Hoff
68d3c7bfa9
Implementation of the megolm ratchet
2016-05-24 13:39:34 +01:00
Richard van der Hoff
2fd28a6682
Rewrite _olm_cipher_aes_sha_256 initialisation
...
Replace the init-static-var dance with some preprocessor macros
2016-05-24 12:06:47 +01:00
Richard van der Hoff
444ef1f706
Prefix for internal symbols
...
Give a load of internal symbols "_olm_" prefixes. This better delineates the
public and private interfaces in the module, and helps avoid internal symbols
leaking out and possibly being abused.
2016-05-23 18:55:06 +01:00
Richard van der Hoff
c57b2b71c5
C bindings for base64 functions
2016-05-23 18:55:06 +01:00
Richard van der Hoff
294cf482ea
Convert cipher.hh to plain C
2016-05-23 18:55:05 +01:00
Richard van der Hoff
e533b0dc8e
Give SHA256 functions C bindings
2016-05-23 18:55:05 +01:00
Richard van der Hoff
4f1bb49d20
Rename olm.hh to olm.h
2016-05-23 18:55:05 +01:00
Richard van der Hoff
e21d5cb222
Fix warnings and set -Werror
2016-05-23 18:08:22 +01:00
Mark Haines
b318055185
Replace hard coded references to the 32-byte key length with a constant, add utilities for copying data to and from fixed sized arrays
2015-08-19 17:32:06 +01:00
Mark Haines
158f7ee891
Fix crash where the message length was shorter than the length of the mac
2015-08-07 19:33:48 +01:00
Mark Haines
a4b2927884
Initialise the length fields of the reader struct in decode_message, even if the message is invalid, fixes a crash where the message was too short
2015-08-07 18:58:42 +01:00
Mark Haines
76ecd85c2c
Fix a crash when decoding messages that are too short
2015-08-07 18:25:21 +01:00
Mark Haines
39c1f3b355
Add methods for computing sha256 hashes and validating ed25519 signatures
2015-07-24 14:29:52 +01:00
Mark Haines
3468886e27
Add method getting a session id. Update the python and javascript bindings
2015-07-16 11:45:20 +01:00
Mark Haines
7523b700cf
Add a test of olm which uses malloc to create it's buffers so that it is possible to check of out of bounds reads and writes using valgrind
2015-07-15 17:34:48 +01:00
Mark Haines
3bfa8e5863
Fix bug in list where the wrong value was copied if an item was inserted at the beinging of the list
2015-07-15 16:31:45 +01:00
Mark Haines
a59fbdfe7f
Add a test for pickling and unpickling sessions, fix off by one error when unpickling sessions
2015-07-14 11:32:11 +01:00
Mark Haines
b6e248c9a5
Output simpler JSON for the account keys, don't sign the JSON but instead provide a olm_account_sign method so that the user of the library can sign the JSON themselves
2015-07-10 11:57:53 +01:00
Mark Haines
373acefde7
Add c bindings for the methods for managing one time keys
2015-07-09 18:35:54 +01:00
Mark Haines
532dc0d4e7
Change the JSON format for one time keys to include what algorithm they are for
2015-07-08 15:30:34 +01:00
Mark Haines
5291ec78b5
Send the public part of the one time key rather than passing an identifier
2015-07-08 14:53:25 +01:00
Mark Haines
3a382aec59
Encode the account keys as a signed JSON object
2015-07-07 16:42:03 +01:00
Mark Haines
2a873fd4e1
Add functions for creating and verifying ed25519 signatures
2015-07-07 09:50:32 +01:00
Mark Haines
a30a64d179
Rename generate_key to curve25519_generate_key
2015-07-07 09:03:12 +01:00
Matthew Hodgson
09d4125ff1
Rename axolotlpp as olm to avoid confusion with Axolotl-the-spec and Axolotl-the-OWS-libraries at moxie's request
2015-06-27 01:15:23 +02:00
Mark Haines
84d6fbb0dc
Add some tests which advance the ratchet on both sides a few times
2015-06-26 14:42:24 +01:00
Mark Haines
0ca3797d2d
Make the 'random' numbers different for each key in the tests
2015-06-21 18:33:46 +01:00
Mark Haines
9cd53394e7
Fix a few valgrind warnings in the tests
2015-06-20 20:13:31 +01:00
Mark Haines
76f49cf177
Add a test for the axolotl API
2015-06-16 15:15:40 +01:00
Mark Haines
7cdde73560
Add base64 encoders and decoders
2015-06-15 17:48:09 +01:00
Mark Haines
08a7e44a96
Pass the message body to decrypt_max_plaintext_length so we can get a more accurate estimate, rename encrypt_max_output_length to encrypt_output_length and change the api to return the exact number of bytes needed to hold the message
2015-06-12 09:08:15 +01:00
Mark Haines
bcb05d1a99
rename Session to Ratchet
2015-06-11 16:10:55 +01:00
Mark Haines
e44c82a7b4
Add encoder and decoder for PreKey messages
2015-06-11 15:57:45 +01:00
Mark Haines
816435a860
Move AES specific details behind a cipher interface
2015-06-11 14:20:35 +01:00
Mark Haines
a0e9065f1f
Rename the ratchet source and include files from axolotl to ratchet
2015-03-03 11:50:17 +00:00
Mark Haines
315caaba7e
Add functions for signing and verifying messages using curve25519 keys
2015-03-03 11:18:07 +00:00
Mark Haines
a98acb8f0d
Test out of order delivery of messages
2015-02-27 11:36:58 +00:00
Mark Haines
d142eb64dd
Copyright notices and a license
2015-02-26 16:56:25 +00:00