README.rst 4.69 KB
Newer Older
1
2
Olm
===
3

4
An implementation of the Double Ratchet cryptographic ratchet described by
5
6
https://whispersystems.org/docs/specifications/doubleratchet/, written in C and
C++11 and exposed as a C API.
7

8
The specification of the Olm ratchet can be found in `<docs/olm.rst>`_.
Richard van der Hoff's avatar
Richard van der Hoff committed
9
10

This library also includes an implementation of the Megolm cryptographic
Richard van der Hoff's avatar
Richard van der Hoff committed
11
ratchet, as specified in `<docs/megolm.rst>`_.
Matthew Hodgson's avatar
Matthew Hodgson committed
12

13
14
15
Building
--------

16
To build olm as a shared library run:
17
18
19

.. code:: bash

Richard van der Hoff's avatar
Richard van der Hoff committed
20
    make
21
22
23
24
25

To run the tests run:

.. code:: bash

Richard van der Hoff's avatar
Richard van der Hoff committed
26
    make test
27

Matthew Hodgson's avatar
Matthew Hodgson committed
28
To build the javascript bindings, install emscripten from http://kripken.github.io/emscripten-site/ and then run:
29
30
31

.. code:: bash

32
    make js
33

34
35
36
Note that if you run emscripten in a docker container, you need to pass through
the EMCC_CLOSURE_ARGS environment variable.

ylecollen's avatar
ylecollen committed
37
38
To build the android project for Android bindings, run:

39
40
41
42
.. code:: bash

    cd android
    ./gradlew clean assembleRelease
43

44
45
46
47
48
49
50
51
To build the Xcode workspace for Objective-C bindings, run:

.. code:: bash

    cd xcode
    pod install
    open OLMKit.xcworkspace

52
53
54
55
56
57
To build olm as a static library (which still needs libstdc++ dynamically) run:

.. code:: bash

    make static

58
59
Release process
---------------
60

61
62
63
64
First: bump version numbers in ``common.mk``, ``CMakeLists.txt``,
``javascript/package.json``, ``OLMKit.podspec``, and
``android/olm-sdk/build.gradle`` (``versionCode``, ``versionName`` and
``version``).
65
66
67

Also, ensure the changelog is up to date, and that everyting is committed to
git.
68

69
70
71
72
It's probably sensible to do the above on a release branch (``release-vx.y.z``
by convention), and merge back to master once the release is complete.

.. code:: bash
Richard van der Hoff's avatar
Richard van der Hoff committed
73

74
    make clean
75
76

    # build and test C library
77
    make test
78
79

    # build and test JS wrapper
80
    make js
81
    (cd javascript && npm run test)
82
    npm pack javascript
83

84
    VERSION=x.y.z
85
    scp olm-$VERSION.tgz packages@ares.matrix.org:packages/npm/olm/
Mark Haines's avatar
Mark Haines committed
86
    git tag $VERSION -s
87
    git push --tags
88

89
90
    # OLMKit CocoaPod release
    # Make sure the version OLMKit.podspec is the same as the git tag
manuroe's avatar
manuroe committed
91
    # (this must be checked before git tagging)
92
93
94
95
96
    pod spec lint OLMKit.podspec --use-libraries --allow-warnings
    pod trunk push OLMKit.podspec --use-libraries --allow-warnings
    # Check the pod has been successully published with:
    pod search OLMKit

97

98
99
100
Design
------

101
Olm is designed to be easy port to different platforms and to be easy
102
103
to write bindings for.

Richard van der Hoff's avatar
Richard van der Hoff committed
104
105
106
107
108
It was originally implemented in C++, with a plain-C layer providing the public
API. As development has progressed, it has become clear that C++ gives little
advantage, and new functionality is being added in C, with C++ parts being
rewritten as the need ariases.

109
110
111
Error Handling
~~~~~~~~~~~~~~

112
All C functions in the API for olm return ``olm_error()`` on error.
113
114
115
116
117
This makes it easy to check for error conditions within the language bindings.

Random Numbers
~~~~~~~~~~~~~~

118
Olm doesn't generate random numbers itself. Instead the caller must
119
120
121
122
123
124
125
provide the random data. This makes it easier to port the library to different
platforms since the caller can use whatever cryptographic random number
generator their platform provides.

Memory
~~~~~~

126
Olm avoids calling malloc or allocating memory on the heap itself.
127
128
129
130
131
132
133
134
135
136
137
138
Instead the library calculates how much memory will be needed to hold the
output and the caller supplies a buffer of the appropriate size.

Output Encoding
~~~~~~~~~~~~~~~

Binary output is encoded as base64 so that languages that prefer unicode
strings will find it easier to handle the output.

Dependencies
~~~~~~~~~~~~

139
Olm uses pure C implementations of the cryptographic primitives used by
140
141
the ratchet. While this decreases the performance it makes it much easier
to compile the library for different architectures.
142

Richard van der Hoff's avatar
Richard van der Hoff committed
143
144
145
146
Contributing
------------
Please see `<CONTRIBUTING.rst>`_ when making contributions to the library.

Matthew Hodgson's avatar
Matthew Hodgson committed
147
148
149
150
151
152
153
154
155
Security assessment
-------------------

Olm 1.3.0 was independently assessed by NCC Group's Cryptography Services
Practive in September 2016 to check for security issues: you can read all
about it at
https://www.nccgroup.trust/us/our-research/matrix-olm-cryptographic-review/
and https://matrix.org/blog/2016/11/21/matrixs-olm-end-to-end-encryption-security-assessment-released-and-implemented-cross-platform-on-riot-at-last/

Matthew Hodgson's avatar
Matthew Hodgson committed
156
157
158
159
Bug reports
-----------
Please file bug reports at https://github.com/matrix-org/olm/issues

160
What's an olm?
Richard van der Hoff's avatar
Richard van der Hoff committed
161
--------------
162
163

It's a really cool species of European troglodytic salamander.
Matthew Hodgson's avatar
Matthew Hodgson committed
164
http://www.postojnska-jama.eu/en/come-and-visit-us/vivarium-proteus/
Matthew Hodgson's avatar
Matthew Hodgson committed
165
166

Legal Notice
Richard van der Hoff's avatar
Richard van der Hoff committed
167
------------
Matthew Hodgson's avatar
Matthew Hodgson committed
168
169
170
171
172

The software may be subject to the U.S. export control laws and regulations
and by downloading the software the user certifies that he/she/it is
authorized to do so in accordance with those export control laws and
regulations.