1. 25 Oct, 2016 1 commit
  2. 20 Oct, 2016 1 commit
  3. 14 Sep, 2016 2 commits
  4. 13 Sep, 2016 2 commits
  5. 06 Sep, 2016 3 commits
  6. 05 Sep, 2016 1 commit
  7. 04 Sep, 2016 2 commits
    • Richard van der Hoff's avatar
      Fix megolm decryption of UTF-8 · 1d4c13c7
      Richard van der Hoff authored
      Repeat the fix from b10f90d for megolm messages.
      
      It turns out that the 'length' argument to 'Pointer_stringify' doesn't work if
      the input includes characters >= 128.
      
      Rather than try to figure out which methods can return UTF-8, and which always
      return plain ascii, replace all uses of Pointer_stringify with a 'length'
      argument with the version that expects a NULL-terminated input, and extend the
      buffer by a byte to allow space for a null-terminator.
      
      In the case of decrypt, we need to add the null ourself.
      
      Fixes https://github.com/vector-im/vector-web/issues/2078.
      1d4c13c7
    • Richard van der Hoff's avatar
      OlmSession.has_received_message · 2e9021c2
      Richard van der Hoff authored
      I find myself wanting to know if an OlmSession is in the pre-key state or not,
      to help debugging at the application level.
      2e9021c2
  8. 01 Sep, 2016 2 commits
    • Richard van der Hoff's avatar
      Bump version in package.json · 0c3f527d
      Richard van der Hoff authored
      ... to match the Makefile
      0c3f527d
    • Richard van der Hoff's avatar
      Fix Ed25519 keypair generation · 0c462cff
      Richard van der Hoff authored
      Ed25519 private keys, it turns out, have 64 bytes, not 32.
      
      We were previously generating only 32 bytes (which is all that is required to
      generate the public key), and then using the public key as the upper 32 bytes
      when generating the per-message session key. This meant that everything
      appeared to work, but the security of the private key was severely compromised.
      
      By way of fixes:
      
       * Use the correct algorithm for generating the Ed25519 private key, and store
         all 512 bits of it.
      
       * Update the account pickle format and refuse to load the old format (since we
         should consider it compromised).
      
       * Bump the library version, and add a function to retrieve the library
         version, so that applications can verify that they are linked against a
         fixed version of the library.
      
       * Remove the curve25519_{sign, verify} functions which were unused and of
         dubious quality.
      0c462cff
  9. 11 Jul, 2016 1 commit
  10. 06 Jul, 2016 1 commit
    • Richard van der Hoff's avatar
      JS: make sure returned strings are null-terminated · 939aa747
      Richard van der Hoff authored
      It turns out that the 'length' argument to 'Pointer_stringify' doesn't work if
      the input includes characters >= 128.
      
      Rather than try to figure out which methods can return UTF-8, and which always
      return plain ascii, replace all uses of Pointer_stringify with a 'length'
      argument with the version that expects a NULL-terminated input, and extend the
      buffer by a byte to allow space for a null-terminator.
      
      In the case of decrypt, we need to add the null ourself.
      
      Fixes https://github.com/vector-im/vector-web/issues/1719.
      939aa747
  11. 26 May, 2016 3 commits
  12. 25 May, 2016 2 commits
  13. 20 May, 2016 1 commit
  14. 16 May, 2016 1 commit
  15. 26 Apr, 2016 4 commits
  16. 02 Dec, 2015 2 commits
  17. 01 Nov, 2015 1 commit
  18. 04 Aug, 2015 1 commit
  19. 21 Jul, 2015 3 commits
  20. 20 Jul, 2015 1 commit
  21. 17 Jul, 2015 1 commit
  22. 16 Jul, 2015 1 commit
  23. 14 Jul, 2015 1 commit
  24. 10 Jul, 2015 1 commit
  25. 09 Jul, 2015 1 commit