README.md 6.35 KB
Newer Older
Aaron Raimist's avatar
Aaron Raimist committed
1
# Olm
2

3
An implementation of the Double Ratchet cryptographic ratchet described by
4 5
https://whispersystems.org/docs/specifications/doubleratchet/, written in C and
C++11 and exposed as a C API.
6

Aaron Raimist's avatar
Aaron Raimist committed
7
The specification of the Olm ratchet can be found in [docs/olm.md](docs/olm.md).
Richard van der Hoff's avatar
Richard van der Hoff committed
8 9

This library also includes an implementation of the Megolm cryptographic
Aaron Raimist's avatar
Aaron Raimist committed
10
ratchet, as specified in [docs/megolm.md](docs/megolm.md).
Matthew Hodgson's avatar
Matthew Hodgson committed
11

Aaron Raimist's avatar
Aaron Raimist committed
12
## Building
13

14 15
To build olm as a shared library run either:

Aaron Raimist's avatar
Aaron Raimist committed
16 17 18 19
```bash
cmake . -Bbuild
cmake --build build
```
20 21

or:
22

Aaron Raimist's avatar
Aaron Raimist committed
23 24 25
```bash
make
```
26

27 28 29 30 31
Using cmake is the preferred method for building the shared library; the
Makefile may be removed in the future.

To run the tests when using cmake, run:

Aaron Raimist's avatar
Aaron Raimist committed
32 33 34 35
```bash
cd build/tests
ctest .
```
36
To run the tests when using make, run:
37

Aaron Raimist's avatar
Aaron Raimist committed
38 39 40
```bash
make test
```
41

42
To build the JavaScript bindings, install emscripten from http://kripken.github.io/emscripten-site/ and then run:
43

Aaron Raimist's avatar
Aaron Raimist committed
44 45 46
```bash
make js
```
47

48 49 50
Note that if you run emscripten in a docker container, you need to pass through
the EMCC_CLOSURE_ARGS environment variable.

ylecollen's avatar
ylecollen committed
51 52
To build the android project for Android bindings, run:

Aaron Raimist's avatar
Aaron Raimist committed
53 54 55 56
```bash
cd android
./gradlew clean assembleRelease
```
57

58 59
To build the Xcode workspace for Objective-C bindings, run:

Aaron Raimist's avatar
Aaron Raimist committed
60 61 62 63 64
```bash
cd xcode
pod install
open OLMKit.xcworkspace
```
65

66 67 68
To build the Python bindings, first build olm as a shared library as above, and
then run:

Aaron Raimist's avatar
Aaron Raimist committed
69 70 71 72
```bash
cd python
make
```
73 74 75 76 77 78 79

to make both the Python 2 and Python 3 bindings.  To make only one version, use
``make olm-python2`` or ``make olm-python3`` instead of just ``make``.

To build olm as a static library (which still needs libstdc++ dynamically) run
either:

Aaron Raimist's avatar
Aaron Raimist committed
80 81 82 83
```bash
cmake . -Bbuild -DBUILD_SHARED_LIBS=NO
cmake --build build
```
84 85

or
86

Aaron Raimist's avatar
Aaron Raimist committed
87 88 89
```bash
make static
```
90

91 92
The library can also be used as a dependency with CMake using:

Aaron Raimist's avatar
Aaron Raimist committed
93 94 95 96
```cmake
find_package(Olm::Olm REQUIRED)
target_link_libraries(my_exe Olm::Olm)
```
97

Hubert Chathi's avatar
Hubert Chathi committed
98 99 100 101 102 103
## Bindings

libolm can be used in different environments using bindings. In addition to the
JavaScript, Python, Java (Android), and Objective-C bindings included in this
repository, some bindings are (in alphabetical order):

Hubert Chathi's avatar
Hubert Chathi committed
104
- [cl-megolm](https://github.com/K1D77A/cl-megolm) (MIT) Common Lisp bindings
Hubert Chathi's avatar
Hubert Chathi committed
105 106 107 108 109 110 111
- [dart-olm](https://gitlab.com/famedly/libraries/dart-olm) (AGPLv3) Dart bindings
- [Dhole/go-olm](https://github.com/Dhole/go-olm) (Apache-2.0) Go bindings
- [libQtOlm](https://gitlab.com/b0/libqtolm/) (GPLv3) Qt bindings
- [matrix-kt](https://github.com/Dominaezzz/matrix-kt) (Apache-2.0) Kotlin
  library for Matrix, including Olm methods
- [maunium.net/go/mautrix/crypto/olm](https://github.com/tulir/mautrix-go/tree/master/crypto/olm)
  (Apache-2.0) fork of Dhole/go-olm
Hubert Chathi's avatar
Hubert Chathi committed
112
- [nim-olm](https://gitea.com/BarrOff/nim-olm) (MIT) Nim bindings
Hubert Chathi's avatar
Hubert Chathi committed
113 114 115
- [olm-sys](https://gitlab.gnome.org/BrainBlasted/olm-sys) (Apache-2.0) Rust
  bindings

Hubert Chathi's avatar
Hubert Chathi committed
116 117
Note that bindings may have a different license from libolm, and are *not*
endorsed by the Matrix.org Foundation C.I.C.
Hubert Chathi's avatar
Hubert Chathi committed
118

Aaron Raimist's avatar
Aaron Raimist committed
119
## Release process
120

121
First: bump version numbers in ``common.mk``, ``CMakeLists.txt``,
122 123
``javascript/package.json``, ``python/olm/__version__.py``, ``OLMKit.podspec``,
and ``android/olm-sdk/build.gradle`` (``versionCode``, ``versionName`` and
124
``version``).
125

Hubert Chathi's avatar
Hubert Chathi committed
126
Also, ensure the changelog is up to date, and that everything is committed to
127
git.
128

129 130 131
It's probably sensible to do the above on a release branch (``release-vx.y.z``
by convention), and merge back to master once the release is complete.

Aaron Raimist's avatar
Aaron Raimist committed
132 133
```bash
make clean
Richard van der Hoff's avatar
Richard van der Hoff committed
134

Aaron Raimist's avatar
Aaron Raimist committed
135 136
# build and test C library
make test
137

Aaron Raimist's avatar
Aaron Raimist committed
138 139
# build and test JS wrapper
make js
Hubert Chathi's avatar
Hubert Chathi committed
140
(cd javascript && npm run test && npm pack javascript)
141

Aaron Raimist's avatar
Aaron Raimist committed
142
VERSION=x.y.z
Hubert Chathi's avatar
Hubert Chathi committed
143 144
gpg -b -a -u F75FDC22C1DE8453 javascript/olm-$VERSION.tgz
scp javascript/olm-$VERSION.tgz [email protected]:packages/npm/olm/
Aaron Raimist's avatar
Aaron Raimist committed
145 146
git tag $VERSION -s
git push --tags
147

Aaron Raimist's avatar
Aaron Raimist committed
148 149 150 151 152 153 154 155
# OLMKit CocoaPod release
# Make sure the version OLMKit.podspec is the same as the git tag
# (this must be checked before git tagging)
pod spec lint OLMKit.podspec --use-libraries --allow-warnings
pod trunk push OLMKit.podspec --use-libraries --allow-warnings
# Check the pod has been successully published with:
pod search OLMKit
```
156

Aaron Raimist's avatar
Aaron Raimist committed
157
## Design
158

159
Olm is designed to be easy port to different platforms and to be easy
160 161
to write bindings for.

Richard van der Hoff's avatar
Richard van der Hoff committed
162 163 164 165 166
It was originally implemented in C++, with a plain-C layer providing the public
API. As development has progressed, it has become clear that C++ gives little
advantage, and new functionality is being added in C, with C++ parts being
rewritten as the need ariases.

Aaron Raimist's avatar
Aaron Raimist committed
167
### Error Handling
168

169
All C functions in the API for olm return ``olm_error()`` on error.
170 171
This makes it easy to check for error conditions within the language bindings.

Aaron Raimist's avatar
Aaron Raimist committed
172
### Random Numbers
173

174
Olm doesn't generate random numbers itself. Instead the caller must
175 176 177 178
provide the random data. This makes it easier to port the library to different
platforms since the caller can use whatever cryptographic random number
generator their platform provides.

Aaron Raimist's avatar
Aaron Raimist committed
179
### Memory
180

181
Olm avoids calling malloc or allocating memory on the heap itself.
182 183 184
Instead the library calculates how much memory will be needed to hold the
output and the caller supplies a buffer of the appropriate size.

Aaron Raimist's avatar
Aaron Raimist committed
185
### Output Encoding
186 187 188 189

Binary output is encoded as base64 so that languages that prefer unicode
strings will find it easier to handle the output.

Aaron Raimist's avatar
Aaron Raimist committed
190
### Dependencies
191

192
Olm uses pure C implementations of the cryptographic primitives used by
193 194
the ratchet. While this decreases the performance it makes it much easier
to compile the library for different architectures.
195

Aaron Raimist's avatar
Aaron Raimist committed
196
## Contributing
Richard van der Hoff's avatar
Richard van der Hoff committed
197

Aaron Raimist's avatar
Aaron Raimist committed
198 199 200
Please see [CONTRIBUTING.md](CONTRIBUTING.md) when making contributions to the library.

## Security assessment
Matthew Hodgson's avatar
Matthew Hodgson committed
201 202 203 204 205 206 207

Olm 1.3.0 was independently assessed by NCC Group's Cryptography Services
Practive in September 2016 to check for security issues: you can read all
about it at
https://www.nccgroup.trust/us/our-research/matrix-olm-cryptographic-review/
and https://matrix.org/blog/2016/11/21/matrixs-olm-end-to-end-encryption-security-assessment-released-and-implemented-cross-platform-on-riot-at-last/

Aaron Raimist's avatar
Aaron Raimist committed
208 209
## Bug reports

Matthew Hodgson's avatar
Matthew Hodgson committed
210 211
Please file bug reports at https://github.com/matrix-org/olm/issues

Aaron Raimist's avatar
Aaron Raimist committed
212
## What's an olm?
213 214

It's a really cool species of European troglodytic salamander.
Matthew Hodgson's avatar
Matthew Hodgson committed
215
http://www.postojnska-jama.eu/en/come-and-visit-us/vivarium-proteus/
Matthew Hodgson's avatar
Matthew Hodgson committed
216

Aaron Raimist's avatar
Aaron Raimist committed
217
## Legal Notice
Matthew Hodgson's avatar
Matthew Hodgson committed
218 219 220 221 222

The software may be subject to the U.S. export control laws and regulations
and by downloading the software the user certifies that he/she/it is
authorized to do so in accordance with those export control laws and
regulations.