Open olivia-fox opened 1 month ago
Yes this is planned. Dart bindings for the Rust library is already in progress 👍
fwiw the vulns disclosed by soatok are two timing side channels and Ed25519 signature malleability. it seems libolm devs have known about the side channels for a while now.
i'm not sure how feasible it is to actually collect this kind of timing information from libolm from an attacker's pov, but if such a threat vector is identified it seems like things could be pretty bad.
In about two weeks there is going to be a disclosure of unfixed vulnerabilities in libolm, which in response has been deprecated by the Matrix developers in favour of vodozemac. Is migrating to vodozemac something that might be possible?
Edit: @tusooa is looking at fixing up vodozemac-bindings: https://github.com/Nheko-Reborn/nheko/issues/1786#issuecomment-2264412161