The Pointer_stringify() function is deprecated and has a couple of
issues because it tries to guess the encoding of the buffer. In some
cases it can ignore the length parameter which could end up in
inconsistencies.
Switch to UTF8toString() that takes a length parameter and respects,
that way we don't need to allocate an additional byte for a NULL byte.
Change the interface again, hopefully this time a bit more normal.
Now we wrap the emscripten module completely and just expose the
high level objects.
The olm library export is now imported as normal (ie. returns
a module rather than a function returning a module) but has an
`init` method which *must* be called. This returns a promise
which resolves when the module is ready. It also rejects if the
module failed to set up, unlike before (and unlike the
promise-not-a-promise that emscripten returns).
Generally catch failures to init the module.
Quite a lot going on in this PR:
* Updates to support recent emscripten, switching to WASM which is now the default
* Use emscripten's MODULARIZE option rather than wrapping it ourself, since doing
so in pre-post js doesn't work anymore.
* Most changes are moving the emscripten runtime functions to top-level
calls rather than in the Module object.
* Get rid of duplicated NULL_BYTE_PADDING_LENGTH
* Fix ciphertext_length used without being declared
* Fix things that caused the closure compiler to error, eg. using
OLM_OPTIONS without a declaration.
* Wait until module is inited to do OLM_ERROR = olm_error()
The main BREAKING CHANGE here is that the module now needs to initialise
asyncronously (because it has to load the wasm file). require()ing olm
now gives a function which needs to be called to create an instance.
The resulting object has a promise-like then() method that can be used
to detect when the module is ready. (We could use MODULARIZE_INSTANCE
to return the module directly as before, rather than the function,
but then we don't get the .then() method).
Make sure we null-terminate encrypted strings before passing them to
UTF8ToString.
This used to work when we allocated the buffer on the stack, because it turns
out that allocate() zeroinits the returned memory. malloc(), of course, does
not.
Messages can be very large, so we don't really want to allocate them on the
stack. Switch to using the heap for them, and try to clean up some of the
string handling while we're at it.
Repeat the fix from b10f90d for megolm messages.
It turns out that the 'length' argument to 'Pointer_stringify' doesn't work if
the input includes characters >= 128.
Rather than try to figure out which methods can return UTF-8, and which always
return plain ascii, replace all uses of Pointer_stringify with a 'length'
argument with the version that expects a NULL-terminated input, and extend the
buffer by a byte to allow space for a null-terminator.
In the case of decrypt, we need to add the null ourself.
Fixes https://github.com/vector-im/vector-web/issues/2078.
Ed25519 private keys, it turns out, have 64 bytes, not 32.
We were previously generating only 32 bytes (which is all that is required to
generate the public key), and then using the public key as the upper 32 bytes
when generating the per-message session key. This meant that everything
appeared to work, but the security of the private key was severely compromised.
By way of fixes:
* Use the correct algorithm for generating the Ed25519 private key, and store
all 512 bits of it.
* Update the account pickle format and refuse to load the old format (since we
should consider it compromised).
* Bump the library version, and add a function to retrieve the library
version, so that applications can verify that they are linked against a
fixed version of the library.
* Remove the curve25519_{sign, verify} functions which were unused and of
dubious quality.
It turns out that the 'length' argument to 'Pointer_stringify' doesn't work if
the input includes characters >= 128.
Rather than try to figure out which methods can return UTF-8, and which always
return plain ascii, replace all uses of Pointer_stringify with a 'length'
argument with the version that expects a NULL-terminated input, and extend the
buffer by a byte to allow space for a null-terminator.
In the case of decrypt, we need to add the null ourself.
Fixes https://github.com/vector-im/vector-web/issues/1719.
Hubert Chathi