Commit graph

44 commits

Author SHA1 Message Date
Hubert Chathi
8519ce0269 clear out random arrays 2021-12-10 16:15:22 -05:00
Hubert Chathi
4b2f68d11e add missing word 2021-12-01 15:36:46 -05:00
Hubert Chathi
ee76674f03 remove duplicate definition 2021-12-01 14:34:29 -05:00
Hubert Chathi
29e0287ef3 add function to forget the old fallback key 2021-11-23 22:35:10 +00:00
Hubert Chathi
c5eff859cb add JavaScript function for getting unpublished fallback key 2021-11-23 22:35:10 +00:00
Lukas Lihotzki
030e506c00 use stackAlloc instead of allocate 2020-10-06 12:02:17 +02:00
Hubert Chathi
c45f19f12d Merge branch 'master' into uhoreg/fallback 2020-09-01 15:57:20 -04:00
Hubert Chathi
89050dc0b6 allow some things to be Uint8Array, and fix some TypeScript declarations 2020-08-31 10:50:33 -04:00
Hubert Chathi
171044f3fc add support for fallback keys 2020-08-14 17:29:41 -04:00
David Baker
b482321213 Pass in a buffer to olm_session_describe
instead of having a static one, as that could end up taking up a
lot of memory if your app keeps olm sessions hanging about.
2019-10-04 11:43:40 +01:00
David Baker
39a1ee0b18 Add olm_session_describe
As a way to dump the state of an olm session, ie. the chain indicies,
so we can debug why olm sessions break and get out of sync.
2019-10-01 11:14:16 +01:00
Hubert Chathi
ebc156e7c2 re-add null termination in javascript
because older versions of emscripten don't support the length argument to
UTF8ToString.
2019-04-08 15:54:02 -04:00
Damir Jelić
071029c201 javascript: Switch from deprecated Pointer_stringify() to UTF8toString().
The Pointer_stringify() function is deprecated and has a couple of
issues because it tries to guess the encoding of the buffer. In some
cases it can ignore the length parameter which could end up in
inconsistencies.

Switch to UTF8toString() that takes a length parameter and respects,
that way we don't need to allocate an additional byte for a NULL byte.
2019-04-08 15:18:28 -04:00
David Baker
8df2ab7c07 Add signing class to the pk module 2019-01-29 20:47:41 +00:00
Hubert Chathi
94f664e725
initial implementation of short authentication string generation 2019-01-21 23:21:41 -05:00
Hubert Chathi
93f764200e zero buffers in the JavaScript bindings 2018-10-16 17:50:34 -04:00
David Baker
602c00a8d6 Dual-build wasm and asm.js olm 2018-10-04 20:09:54 +01:00
David Baker
263b94428a Another day, another interface
Change the interface again, hopefully this time a bit more normal.
Now we wrap the emscripten module completely and just expose the
high level objects.

The olm library export is now imported as normal (ie. returns
a module rather than a function returning a module) but has an
`init` method which *must* be called. This returns a promise
which resolves when the module is ready. It also rejects if the
module failed to set up, unlike before (and unlike the
promise-not-a-promise that emscripten returns).

Generally catch failures to init the module.
2018-09-25 17:13:29 +01:00
David Baker
122867c45c WebAssembly support!
Quite a lot going on in this PR:
 * Updates to support recent emscripten, switching to WASM which is now the default
 * Use emscripten's MODULARIZE option rather than wrapping it ourself, since doing
   so in pre-post js doesn't work anymore.
 * Most changes are moving the emscripten runtime functions to top-level
   calls rather than in the Module object.
 * Get rid of duplicated NULL_BYTE_PADDING_LENGTH
 * Fix ciphertext_length used without being declared
 * Fix things that caused the closure compiler to error, eg. using
   OLM_OPTIONS without a declaration.
 * Wait until module is inited to do OLM_ERROR = olm_error()

The main BREAKING CHANGE here is that the module now needs to initialise
asyncronously (because it has to load the wasm file). require()ing olm
now gives a function which needs to be called to create an instance.
The resulting object has a promise-like then() method that can be used
to detect when the module is ready. (We could use MODULARIZE_INSTANCE
to return the module directly as before, rather than the function,
but then we don't get the .then() method).
2018-09-21 16:01:51 +01:00
Hubert Chathi
128d45cc83 add initial implementation of basic private key encryption functionality 2018-06-27 16:38:45 -04:00
Hubert Chathi
3f5b9dd6d7 patch for libolm: fix some typos in JavaScript library
From 4a82d31e8cb808a04956fc847ed0ec0ff322b956 Mon Sep 17 00:00:00 2001
From: Hubert Chathi <hubert@uhoreg.ca>
Date: Wed, 3 Jan 2018 21:37:43 -0500
Subject: [PATCH] fix some typos in JavaScript library

Signed-off-by: Hubert Chathi <hubert@uhoreg.ca>
2018-01-09 15:57:47 +00:00
Richard van der Hoff
8e554ab5ef Avoid buffer overrun on encryption
Make sure we null-terminate encrypted strings before passing them to
UTF8ToString.

This used to work when we allocated the buffer on the stack, because it turns
out that allocate() zeroinits the returned memory. malloc(), of course, does
not.
2016-12-16 14:42:41 +00:00
Richard van der Hoff
7fd63bcac7 Merge pull request #39 from matrix-org/rav/messages_on_heap
Allocate memory for message blobs on the heap
2016-12-15 16:54:39 +00:00
Richard van der Hoff
09b3e1eecd typo 2016-12-15 16:28:30 +00:00
Richard van der Hoff
8356fa37ad zero out plaintext buffers
Avoid leaving copies of the plaintext sitting around in the emscripten heap.
2016-12-15 13:37:34 +00:00
Richard van der Hoff
76610c0a3a Allocate memory for message blobs on the heap
Messages can be very large, so we don't really want to allocate them on the
stack. Switch to using the heap for them, and try to clean up some of the
string handling while we're at it.
2016-12-14 12:05:56 +00:00
Richard van der Hoff
1bf807bf33 Better handling of exceptions during loading
If we get an exception during load, don't define half of window.Olm (which
confuses apps).

This is a partial fix to https://github.com/vector-im/riot-web/issues/2726.
2016-12-12 16:52:03 +00:00
Richard van der Hoff
2aad4cfa86 Merge pull request #15 from matrix-org/rav/has_received_message
OlmSession.has_received_message
2016-09-05 10:38:41 +01:00
Richard van der Hoff
1d4c13c798 Fix megolm decryption of UTF-8
Repeat the fix from b10f90d for megolm messages.

It turns out that the 'length' argument to 'Pointer_stringify' doesn't work if
the input includes characters >= 128.

Rather than try to figure out which methods can return UTF-8, and which always
return plain ascii, replace all uses of Pointer_stringify with a 'length'
argument with the version that expects a NULL-terminated input, and extend the
buffer by a byte to allow space for a null-terminator.

In the case of decrypt, we need to add the null ourself.

Fixes https://github.com/vector-im/vector-web/issues/2078.
2016-09-05 00:49:36 +01:00
Richard van der Hoff
2e9021c2e7 OlmSession.has_received_message
I find myself wanting to know if an OlmSession is in the pre-key state or not,
to help debugging at the application level.
2016-09-04 23:41:10 +01:00
Richard van der Hoff
0c462cff11 Fix Ed25519 keypair generation
Ed25519 private keys, it turns out, have 64 bytes, not 32.

We were previously generating only 32 bytes (which is all that is required to
generate the public key), and then using the public key as the upper 32 bytes
when generating the per-message session key. This meant that everything
appeared to work, but the security of the private key was severely compromised.

By way of fixes:

 * Use the correct algorithm for generating the Ed25519 private key, and store
   all 512 bits of it.

 * Update the account pickle format and refuse to load the old format (since we
   should consider it compromised).

 * Bump the library version, and add a function to retrieve the library
   version, so that applications can verify that they are linked against a
   fixed version of the library.

 * Remove the curve25519_{sign, verify} functions which were unused and of
   dubious quality.
2016-09-01 13:35:23 +01:00
Richard van der Hoff
939aa747dd JS: make sure returned strings are null-terminated
It turns out that the 'length' argument to 'Pointer_stringify' doesn't work if
the input includes characters >= 128.

Rather than try to figure out which methods can return UTF-8, and which always
return plain ascii, replace all uses of Pointer_stringify with a 'length'
argument with the version that expects a NULL-terminated input, and extend the
buffer by a byte to allow space for a null-terminator.

In the case of decrypt, we need to add the null ourself.

Fixes https://github.com/vector-im/vector-web/issues/1719.
2016-07-06 22:32:51 +01:00
Richard van der Hoff
2a09ccbd63 Remove vestiges of logging
Remove the (now non-functional) declarations of olm_set_log_level in the C and
js wrappers.
2016-05-16 11:50:44 +01:00
Richard van der Hoff
e7a2af1ede Add a basic logging implementation 2016-04-26 12:30:18 +01:00
Mark Haines
41a8fb61af Add sha256 and ed25519_verify methods to javascript bindings 2015-08-04 11:55:04 +01:00
Mark Haines
bb70307b11 Fix javascript bindings: matches_inbound doesn't take an account argument 2015-07-21 10:50:17 +01:00
Mark Haines
970fc60f8b Add remove_one_time_keys to the javascript bindings 2015-07-17 18:43:41 +01:00
Mark Haines
3468886e27 Add method getting a session id. Update the python and javascript bindings 2015-07-16 11:45:20 +01:00
Mark Haines
bede3a8499 Tweak the javascript bindings so that they will work with Node.js 2015-07-14 16:45:00 +01:00
Mark Haines
b6e248c9a5 Output simpler JSON for the account keys, don't sign the JSON but instead provide a olm_account_sign method so that the user of the library can sign the JSON themselves 2015-07-10 11:57:53 +01:00
Mark Haines
373acefde7 Add c bindings for the methods for managing one time keys 2015-07-09 18:35:54 +01:00
Mark Haines
0e988237f6 Don't pass a key id when creating a new outbound session 2015-07-08 16:04:18 +01:00
Mark Haines
974e0984bd Update the javascript bindings and demo to match the format of the identity key JSON 2015-07-08 11:16:00 +01:00
Matthew Hodgson
09d4125ff1 Rename axolotlpp as olm to avoid confusion with Axolotl-the-spec and Axolotl-the-OWS-libraries at moxie's request 2015-06-27 01:15:23 +02:00
Renamed from javascript/axolotl_post.js (Browse further)