Commit graph

97 commits

Author SHA1 Message Date
Hubert Chathi
609e7e8d40 make sure we have enough space for the encrypted and encoded version of the junk 2021-11-17 14:18:03 -05:00
Hubert Chathi
6c552dd7eb use the right size in the tests 2021-08-09 16:21:13 -04:00
Denis Kasak
b70e0b06df Differentiate between malformed pickle objects and trailing junk data.
Adds the OLM_PICKLE_EXTRA_DATA error code. We fail with this code when
the pickle object looks right except for some unexpected trailing bytes
which we didn't process.
2021-07-31 01:27:43 +00:00
Denis Kasak
d704f4bd3c Fail when an unpickle succeeds but has extra junk data at the end.
Also adds tests to ensure this is working.
2021-07-31 01:27:43 +00:00
Johannes Hayeß
254a4a5619 Fix building of tests with MSVC
Hi,

currently tests don't build with MSVC, because the Base64 test tries to initialize multiple arrays with a length value that was derived from a non-const context. I have fixed this by using vectors instead.

Sincerely

Johannes Hayeß

From 2d76972a862f0aa04b5011537bef71a49aa82a03 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Johannes=20Haye=C3=9F?= <jhaye@mailbox.org>
Date: Sun, 27 Jun 2021 17:46:24 +0200
Subject: [PATCH] Fix compiling with MSVC
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Previously attempts to initialize arrays with non-const value. This
seemingly works on GCC/clang due to their static code analysis, but
fails with MSVC. This switches to dynamic memory allocation with
std::vector, to solve the problem.

Signed-off-by: Johannes Hayeß <jhaye@mailbox.org>
2021-06-29 13:14:05 -04:00
Denis Kasak
e82f2601b0 Fail decoding base64 of invalid length.
olm::decode_base64 now returns the length of the raw decoded data on
success. When given input with an invalid base64 length, it fails early
(before decoding any input) and returns -1.

This also makes the C function _olm_decode_base64 an actual binding of
olm::decode_base64 instead of a wrapper with slightly different
behaviour.
2021-05-24 15:50:14 +02:00
Lukas Lihotzki
be0c31894a fix memory leaks in tests 2020-10-01 15:39:48 +02:00
Hubert Chathi
38649855f7 avoid variable length arrays in SAS test 2019-04-29 14:49:47 -04:00
Hubert Chathi
ba1c20d6b4 disable test_ratchet on dynamically-linked Windows builds 2019-04-29 13:32:46 -04:00
Hubert Chathi
099b3ce82a also add SAS to the tests cmake 2019-04-29 11:47:55 -04:00
Hubert Chathi
8ec6387615 include the C++ string library in unit tests
to fix compilation errors in some compilers
2019-04-22 13:14:39 -04:00
Hubert Chathi
ea13edcae0 don't use variable length or zero-length arrays in test files
as some compilers don't handle that
2019-04-22 10:12:42 -04:00
Hubert Chathi
157c0fa67e remove some debugging output from tests 2019-04-22 10:11:43 -04:00
Hubert Chathi
d5c0eb9d20 update unit test to match function name change 2019-03-28 13:38:08 -04:00
David Baker
8df2ab7c07 Add signing class to the pk module 2019-01-29 20:47:41 +00:00
Hubert Chathi
94f664e725
initial implementation of short authentication string generation 2019-01-21 23:21:41 -05:00
Hubert Chathi
3da5b60823 add pk files to cmake, avoid some duplication, and update documentation 2018-10-12 16:22:12 -04:00
Konstantinos Sideris
4e94dfc7e0 Add CMake support
The library can now be installed using CMake v3.0+.

Below is an example configuration.

1. Generate configuation

cmake -H. -Bbuild
    -GNinja
    -DCMAKE_BUILD_TYPE=Release // The default profile.
    -DCMAKE_INSTALL_PREFIX=/usr/local/
    -DBUILD_SHARED_LIBS=ON
    -DOLM_TESTS=1
    -DOLM_FUZZERS=1

2. Build & install the targets

cmake --build build --config Release --target install

3. Run the tests

cd build/test && ctest .

The library can also be used as a dependency with CMake using

find_package(Olm::Olm REQUIRED)
target_link_libraries(my_exe Olm::Olm)

Signed-off-by: Konstantinos Sideris <sideris.konstantin@gmail.com>
2018-10-12 16:22:03 -04:00
David Baker
0346145a81 Work with PkDecryption keys by their private keys
Change interface to allow the app to get the private part of the
key and instantiate a decryption object from just the private part
of the key.

Changes the function generating a key from random bytes to be
initialising a key with a private key (because it's exactly the
same thing). Exports & imports private key parts as ArrayBuffer at
JS level rather than base64 assuming we are moving that way in
general.
2018-10-02 12:02:56 +01:00
David Baker
2835110cee Remove trailing letter 'K's from the test pubkeys
base64 encoded newlines somehow?
2018-10-01 20:01:47 +01:00
Hubert Chathi
f709b062bb add functions for pickling/unpickling a decryption object 2018-06-28 17:10:36 -04:00
Hubert Chathi
b91c77721d improve public key encryption unit test 2018-06-28 15:11:53 -04:00
Hubert Chathi
128d45cc83 add initial implementation of basic private key encryption functionality 2018-06-27 16:38:45 -04:00
Richard van der Hoff
c04b770cd3 Add some tests for inbound session import/export 2017-01-10 14:11:42 +00:00
Mark Haines
7e9f3bebb8 Document the return values for olm_matches_inbound_session 2016-10-25 14:42:10 +01:00
Richard van der Hoff
a7310c5821 Return the base64-encoded length of pickles
make olm_pickle_* return the lengths of the base64-encoded pickles, rather than
the raw pickle. (From the application's POV, the format of the pickle is
opaque: it doesn't even know that it is base64-encoded. So returning the length
of the raw pickle is particularly unhelpful.)
2016-10-24 10:06:06 +01:00
Mark Haines
9a8d2d15d9 Check the message index in the tests 2016-10-20 11:51:56 +01:00
Mark Haines
653790eacb Return the message index when decrypting group messages.
Applications can use the index to detect replays of the same message.
2016-10-20 09:58:55 +01:00
Mark Haines
d7bc00c81d Merge pull request #23 from matrix-org/markjh/remove_message_index
Remove the messsage index from olm_init_inbound_group_session
2016-09-13 17:54:14 +01:00
Mark Haines
a628ef41bd Remove the messsage index from olm_init_inbound_group_session since it is read from the session_key 2016-09-13 17:51:02 +01:00
Mark Haines
71bcaa5d45 Add a test to check the equivalence of session ids for inbound and outbound sessions 2016-09-13 17:15:28 +01:00
Mark Haines
d62e344db7 Use the ed22519 public key as the group session id.
Some clients expect the session id to be globally unique,
so allowing the end devices to pick the session id will cause
problems.

Include the current ratchet index with the initial keys, this decreases
the risk that the client will supply the wrong index causing problems.

Sign the initial keys with the ratchet ed25519 key, this reduces the
risk of a client claiming a session that they didn't create.
2016-09-13 15:42:47 +01:00
Richard van der Hoff
2fc83aa9ac Sign megolm messages
Add ed25519 keys to the inbound and outbound sessions, and use them to sign and
verify megolm messages.

We just stuff the ed25519 public key in alongside the megolm session key (and
add a version byte), to save adding more boilerplate to the JS/python/etc
layers.
2016-09-06 15:26:26 +01:00
Richard van der Hoff
69f269ffaf Convert AES functions to plain C 2016-09-05 10:40:39 +01:00
Richard van der Hoff
f0acf6582f Convert Ed25519 and Curve25519 functions to plain C 2016-09-05 10:40:39 +01:00
Richard van der Hoff
39212987bd Create new constants for key lengths, etc
We were using olm::KEY_LENGTH for everything under the sun which happened to be
32 bytes long, and making a bunch of assumptions in the process. Create a bunch
of new constants (as C #defines rather than C++ consts so that I can use them
in another forthcoming refactor).
2016-09-02 15:11:14 +01:00
Richard van der Hoff
0c462cff11 Fix Ed25519 keypair generation
Ed25519 private keys, it turns out, have 64 bytes, not 32.

We were previously generating only 32 bytes (which is all that is required to
generate the public key), and then using the public key as the upper 32 bytes
when generating the per-message session key. This meant that everything
appeared to work, but the security of the private key was severely compromised.

By way of fixes:

 * Use the correct algorithm for generating the Ed25519 private key, and store
   all 512 bits of it.

 * Update the account pickle format and refuse to load the old format (since we
   should consider it compromised).

 * Bump the library version, and add a function to retrieve the library
   version, so that applications can verify that they are linked against a
   fixed version of the library.

 * Remove the curve25519_{sign, verify} functions which were unused and of
   dubious quality.
2016-09-01 13:35:23 +01:00
Richard van der Hoff
d8b24acb77 PR feedback
* write V1 pickles on the master branch
* the logging branch is going to write v0x80000001
2016-06-30 14:01:02 +01:00
Richard van der Hoff
8dd3c182ee Make space in the session pickle for chain index
Keeping track of the chain index is a useful thing to do, but is only required
if we've enabled diagnostics. Extend the session pickle format to make a space
for it, so that pickles can be transferred between the logging_enabled branch
and the master branch without loss of information.

Also add some tests for session pickling which explicitly check that we can
unpickle both formats of pickle.
2016-06-30 11:38:01 +01:00
Richard van der Hoff
757c422578 Remove unused 'chain_index' from Ratchet
This was introduced when I was experimenting with support for logging progress
in Olm. That is now relegated to the logging_enabled branch, so this should
probably be removed.

This also fixes the incompatibility of session pickles from the current master
branch with those from olm 0.1.0.
2016-06-30 11:31:36 +01:00
Richard van der Hoff
708fddd747 Remove session_id from group messages
Putting the session_id inside the packed message body makes it hard to extract
so that we can decide which session to use. We don't think there is any
advantage to having thes sesion_id protected by the HMACs, so we're going to
move it to the JSON framing.
2016-05-25 17:42:32 +01:00
Mark Haines
19a7fb5df5 Fix an integer wrap around bug and add a couple more tests 2016-05-25 15:00:05 +01:00
Richard van der Hoff
01ea3d4b9a Fix handling of integer wraparound in megolm.c 2016-05-24 17:52:35 +01:00
Richard van der Hoff
fc4756ddf1 Fix up some names, and protobuf tags
Make names (of session_key and message_index) more consistent.

Use our own protobuf tags rather than trying to piggyback on the one-to-one
structure.
2016-05-24 13:40:21 +01:00
Richard van der Hoff
a073d12d83 Support for pickling inbound group sessions 2016-05-24 13:40:21 +01:00
Richard van der Hoff
39ad75314b Implement decrypting inbound group messages
Includes creation of inbound sessions, etc
2016-05-24 13:39:34 +01:00
Richard van der Hoff
c058554132 Implement pickling/unpickling for outbound group sessions 2016-05-24 13:39:34 +01:00
Richard van der Hoff
caaed796ad Implementation of an outbound group session 2016-05-24 13:39:34 +01:00
Richard van der Hoff
68d3c7bfa9 Implementation of the megolm ratchet 2016-05-24 13:39:34 +01:00
Richard van der Hoff
2fd28a6682 Rewrite _olm_cipher_aes_sha_256 initialisation
Replace the init-static-var dance with some preprocessor macros
2016-05-24 12:06:47 +01:00