Commit graph

182 commits

Author SHA1 Message Date
Hubert Chathi
631f050554 add a test for fallback keys, and clear memory when we forget the old fallback 2021-11-23 22:35:10 +00:00
Hubert Chathi
29e0287ef3 add function to forget the old fallback key 2021-11-23 22:35:10 +00:00
Hubert Chathi
4127a84b3d add function for getting length of unpublished fallback keys
and fix a typo
2021-11-23 22:35:10 +00:00
Hubert Chathi
b989db0117 track if fallback keys were published 2021-11-23 22:35:10 +00:00
Hubert Chathi
d84c1af882 East const for consistency 2021-08-06 17:36:01 -04:00
Hubert Chathi
4d6c3ba8d1 make account const in create_outbound_session 2021-08-06 17:29:56 -04:00
Denis Kasak
b70e0b06df Differentiate between malformed pickle objects and trailing junk data.
Adds the OLM_PICKLE_EXTRA_DATA error code. We fail with this code when
the pickle object looks right except for some unexpected trailing bytes
which we didn't process.
2021-07-31 01:27:43 +00:00
Denis Kasak
d704f4bd3c Fail when an unpickle succeeds but has extra junk data at the end.
Also adds tests to ensure this is working.
2021-07-31 01:27:43 +00:00
Denis Kasak
131f7cfd71 Fix off-by-one comparison error when unpickling uint32_t. 2021-07-31 01:27:43 +00:00
Denis Kasak
bdd73c5c32 Fix unpickling error handling. 2021-07-31 01:27:43 +00:00
Denis Kasak
0a8bbde361 Support building a "disarmed" target via the OLM_FUZZING macro.
Like other crypto libs, libolm contains many obstacles which a fuzzer is
unlikely to be able to surmount but which are not important for the end
goal of fuzzing. The easiest and most robust way around this is to remove
these obstacles conditionally when building the fuzzer binaries.

This commit adds a preprocessor macro OLM_FUZZING which can be used to
conditionally disables problematic bits of code during compile-time for
easier fuzzing.

Currently the only thing it disables is the encryption/decryption and
base64 encoding/decoding when processing pickled Megolm keys. This
allows the fuzzers to fuzz the unpickling functionality directly without
inadvertently fuzzing the base64 encoder and encryption (which should be
fuzzed separately).

The macro is set in the Makefile *only* when building fuzzer binaries.
2021-07-13 13:51:16 +02:00
Hubert Chathi
37c8e14e53 make functions const where possible 2021-06-16 23:22:25 -04:00
Hubert Chathi
7263c4221b add functions to get the error codes rather than error strings 2021-06-16 22:40:14 -04:00
Denis Kasak
ccc0d122ee olm_pk_decrypt: Ensure inputs are of correct length. 2021-05-24 15:50:14 +02:00
Denis Kasak
2f35e0bc61 olm_sas_set_their_key: Fail early on invalid base64. 2021-05-24 15:50:14 +02:00
Denis Kasak
e82f2601b0 Fail decoding base64 of invalid length.
olm::decode_base64 now returns the length of the raw decoded data on
success. When given input with an invalid base64 length, it fails early
(before decoding any input) and returns -1.

This also makes the C function _olm_decode_base64 an actual binding of
olm::decode_base64 instead of a wrapper with slightly different
behaviour.
2021-05-24 15:50:14 +02:00
Denis Kasak
a5efc08ef3 olm: Also initialize all fields when decoding Olm messages.
As a precaution.
2021-05-11 13:32:23 +02:00
Denis Kasak
c325db02fc megolm: Fix use of uninitialized value in group message decoding.
_olm_decode_group_message should initialize all fields of the results
struct before returning. This is because its caller
_decrypt_max_plaintext_length relies on it having initialized these
fields.

Luckily, this only allows one to subvert the version check in
_decrypt_max_plaintext_length, but not the following check that the
ciphertext field is non-null because that field *is* initialized.
2021-05-11 13:23:19 +02:00
Matthew Hodgson
09384b4d45 spell ephemeral correctly... 2021-03-18 01:29:23 +00:00
Damir Jelić
f46577a06a sas: Introduce a new calculate mac function to fix the base64 issue
Since it's important to keep backwards compatibility introduce a new
function to calculate the MAC using a SAS object.

Modifying the existing functions would break compatibility with older
releases of libolm.
2021-02-02 16:58:28 +01:00
Damir Jelić
4e927eb1cf sas: Fix the base64 encoding of the MAC.
When calculating the MAC for a message using olm_sas_calculate_mac() and
olm_sas_calculate_mac_long_kdf() the resulting MAC will be base64
encoded using _olm_encode_base64().

The _olm_encode_base64() method requires an input buffer and output
buffer to be passed alongside the input length. The method is called
with the same buffer, containing the MAC, for the input buffer as well
as for the output buffer. This results in an incorrectly base64 encoded
MAC.

For example the byte array:
    [121, 105, 187, 19, 37, 94, 119, 248, 224, 34, 94, 29, 157, 5,
     15, 230, 246, 115, 236, 217, 80, 78, 56, 200, 80, 200, 82, 158,
     168, 179, 10, 230]

will be encoded as  eWm7NyVeVmXgbVhnYlZobllsWm9ibGxzV205aWJHeHo
instead of as       eWm7EyVed/jgIl4dnQUP5vZz7NlQTjjIUMhSnqizCuY

Notice the different value at the 10th character.

The correct result can be independently checked using Python for
example:

>>> from base64 import b64encode
>>> mac = [121, 105, 187, 19, 37, 94, 119, 248, 224, 34, 94, 29, 157, \
           5, 15, 230, 246, 115, 236, 217, 80, 78, 56, 200, 80, 200, \
           82, 158, 168, 179, 10, 230]
>>> b64encode(bytearray(mac)).rstrip(b"=")
>>> b'eWm7EyVed/jgIl4dnQUP5vZz7NlQTjjIUMhSnqizCuY'

This happens because the encode_base64() method that is used does not support
in-place encoding in the general case. This is because the remainder for a 32
bit input will always be 2 (32 % 6 == 2).

The remainder will be used over here:
c01164f001/src/base64.cpp (L74)

The logic that gets executed if a remainder exists depends on the original input
values, since those already got in-place encoded the whole block will behave
differently if the input buffer is the same as the output buffer.
2021-01-31 12:56:32 +01:00
Tobias Furuholm
541a2bf6fd Fix length calculation of fallback key json 2020-11-24 13:47:27 -05:00
Hubert Chathi
ec5ff1e032 also check that the pubkey is set when calculating the MAC 2020-09-23 16:47:00 -04:00
Hubert Chathi
78d9cbabb7 set their_key_set flag explicitly on init 2020-09-23 16:11:37 -04:00
Saúl Ibarra Corretgé
2ef1f6f4fc SAS: add olm_sas_is_their_key_set
Also make olm_sas_generate_bytes fail if their key wasn't set.
2020-09-23 15:27:55 -04:00
Hubert Chathi
c47c6ca399 fix style 2020-09-16 16:14:23 -04:00
Hubert Chathi
171044f3fc add support for fallback keys 2020-08-14 17:29:41 -04:00
Hubert Chathi
fc423fad15 check return value of snprintf, fix typo, add clarification 2019-10-08 17:44:09 -04:00
David Baker
b482321213 Pass in a buffer to olm_session_describe
instead of having a static one, as that could end up taking up a
lot of memory if your app keeps olm sessions hanging about.
2019-10-04 11:43:40 +01:00
David Baker
39a1ee0b18 Add olm_session_describe
As a way to dump the state of an olm session, ie. the chain indicies,
so we can debug why olm sessions break and get out of sync.
2019-10-01 11:14:16 +01:00
Hubert Chathi
969c8b45e5 add more consts and comments 2019-05-14 22:02:50 -04:00
Hubert Chathi
0757e6df40 add comment about input buffers being overwritten
also make some params const where possible
2019-05-14 12:53:19 -04:00
Hubert Chathi
3148157ea4 add support for an incorrect KDF that snuck into Riot 1.0 2019-04-02 23:39:05 -04:00
Hubert Chathi
0348f06a56 rename functions to be more consistent 2019-03-13 22:39:21 -04:00
Hubert Chathi
48dda7922d call the right function and remove unnecessary include 2019-02-01 11:39:06 -05:00
David Baker
8df2ab7c07 Add signing class to the pk module 2019-01-29 20:47:41 +00:00
Hubert Chathi
94f664e725
initial implementation of short authentication string generation 2019-01-21 23:21:41 -05:00
Hubert Chathi
8c1169f0f5 use the correct error code 2018-10-15 10:11:47 -04:00
David Baker
fac1d52dfe Add aliases for deprecated functions 2018-10-11 18:16:39 +01:00
Hubert Chathi
f6e3f7f44a
Merge branch 'master' into dbkr/pk_private_export_import 2018-10-05 14:52:01 -04:00
Hubert Chathi
8520168e0b fix some code style issues and typos 2018-10-05 10:35:09 -04:00
David Baker
0346145a81 Work with PkDecryption keys by their private keys
Change interface to allow the app to get the private part of the
key and instantiate a decryption object from just the private part
of the key.

Changes the function generating a key from random bytes to be
initialising a key with a private key (because it's exactly the
same thing). Exports & imports private key parts as ArrayBuffer at
JS level rather than base64 assuming we are moving that way in
general.
2018-10-02 12:02:56 +01:00
David Baker
65d4ac19c8 Fix output buffer length check
...when generating a key in PkDecryption.

The pubkey is base64ed on the output, so will be longer.
2018-09-19 14:10:12 +01:00
Hubert Chathi
dac2c1064e use void in type signatures for functions with no arguments 2018-06-28 17:13:52 -04:00
Hubert Chathi
f709b062bb add functions for pickling/unpickling a decryption object 2018-06-28 17:10:36 -04:00
Hubert Chathi
128d45cc83 add initial implementation of basic private key encryption functionality 2018-06-27 16:38:45 -04:00
manuroe
9d81046f90 Fix warnings reported by LLVM 2018-06-27 12:25:27 -04:00
Hubert Chathi
ddc981c475 fix a length check and add some missing length checks 2018-06-27 12:14:19 -04:00
Alexey Rusakov
0fd406cca8 Drop unused #include
Signed-off-by: Alexey Rusakov <ktirf@users.sf.net>
2017-09-29 09:35:04 +01:00
Alexey Rusakov
3c33180fe3 Avoid C99 inside C++ code
This disrupts building at least with Visual Studio.

Signed-off-by: Alexey Rusakov <ktirf@users.sf.net>
2017-09-29 09:35:04 +01:00