README.md 6.76 KB
Newer Older
Aaron Raimist's avatar
Aaron Raimist committed
1
# Olm
2

3
An implementation of the Double Ratchet cryptographic ratchet described by
4
5
https://whispersystems.org/docs/specifications/doubleratchet/, written in C and
C++11 and exposed as a C API.
6

Aaron Raimist's avatar
Aaron Raimist committed
7
The specification of the Olm ratchet can be found in [docs/olm.md](docs/olm.md).
Richard van der Hoff's avatar
Richard van der Hoff committed
8
9

This library also includes an implementation of the Megolm cryptographic
Aaron Raimist's avatar
Aaron Raimist committed
10
ratchet, as specified in [docs/megolm.md](docs/megolm.md).
Matthew Hodgson's avatar
Matthew Hodgson committed
11

Aaron Raimist's avatar
Aaron Raimist committed
12
## Building
13

14
15
To build olm as a shared library run either:

Aaron Raimist's avatar
Aaron Raimist committed
16
17
18
19
```bash
cmake . -Bbuild
cmake --build build
```
20
21

or:
22

Aaron Raimist's avatar
Aaron Raimist committed
23
24
25
```bash
make
```
26

27
28
29
30
31
Using cmake is the preferred method for building the shared library; the
Makefile may be removed in the future.

To run the tests when using cmake, run:

Aaron Raimist's avatar
Aaron Raimist committed
32
33
34
35
```bash
cd build/tests
ctest .
```
36
To run the tests when using make, run:
37

Aaron Raimist's avatar
Aaron Raimist committed
38
39
40
```bash
make test
```
41

42
To build the JavaScript bindings, install emscripten from http://kripken.github.io/emscripten-site/ and then run:
43

Aaron Raimist's avatar
Aaron Raimist committed
44
45
46
```bash
make js
```
47

48
49
50
Note that if you run emscripten in a docker container, you need to pass through
the EMCC_CLOSURE_ARGS environment variable.

ylecollen's avatar
ylecollen committed
51
52
To build the android project for Android bindings, run:

Aaron Raimist's avatar
Aaron Raimist committed
53
54
55
56
```bash
cd android
./gradlew clean assembleRelease
```
57

58
59
To build the Xcode workspace for Objective-C bindings, run:

Aaron Raimist's avatar
Aaron Raimist committed
60
61
62
63
64
```bash
cd xcode
pod install
open OLMKit.xcworkspace
```
65

66
67
68
To build the Python bindings, first build olm as a shared library as above, and
then run:

Aaron Raimist's avatar
Aaron Raimist committed
69
70
71
72
```bash
cd python
make
```
73
74
75
76
77
78
79

to make both the Python 2 and Python 3 bindings.  To make only one version, use
``make olm-python2`` or ``make olm-python3`` instead of just ``make``.

To build olm as a static library (which still needs libstdc++ dynamically) run
either:

Aaron Raimist's avatar
Aaron Raimist committed
80
81
82
83
```bash
cmake . -Bbuild -DBUILD_SHARED_LIBS=NO
cmake --build build
```
84
85

or
86

Aaron Raimist's avatar
Aaron Raimist committed
87
88
89
```bash
make static
```
90

91
92
The library can also be used as a dependency with CMake using:

Aaron Raimist's avatar
Aaron Raimist committed
93
94
95
96
```cmake
find_package(Olm::Olm REQUIRED)
target_link_libraries(my_exe Olm::Olm)
```
97

Hubert Chathi's avatar
Hubert Chathi committed
98
99
100
101
102
103
## Bindings

libolm can be used in different environments using bindings. In addition to the
JavaScript, Python, Java (Android), and Objective-C bindings included in this
repository, some bindings are (in alphabetical order):

Hubert Chathi's avatar
Hubert Chathi committed
104
- [cl-megolm](https://github.com/K1D77A/cl-megolm) (MIT) Common Lisp bindings
Denis Kasak's avatar
Denis Kasak committed
105
- [dart-olm](https://gitlab.com/famedly/company/frontend/libraries/dart-olm) (AGPLv3) Dart bindings
Hubert Chathi's avatar
Hubert Chathi committed
106
- [Dhole/go-olm](https://github.com/Dhole/go-olm) (Apache-2.0) Go bindings
Hubert Chathi's avatar
Hubert Chathi committed
107
- [jOlm](https://github.com/brevilo/jolm) (Apache-2.0) Java bindings
Hubert Chathi's avatar
Hubert Chathi committed
108
109
110
111
112
- [libQtOlm](https://gitlab.com/b0/libqtolm/) (GPLv3) Qt bindings
- [matrix-kt](https://github.com/Dominaezzz/matrix-kt) (Apache-2.0) Kotlin
  library for Matrix, including Olm methods
- [maunium.net/go/mautrix/crypto/olm](https://github.com/tulir/mautrix-go/tree/master/crypto/olm)
  (Apache-2.0) fork of Dhole/go-olm
Hubert Chathi's avatar
Hubert Chathi committed
113
- [nim-olm](https://gitea.com/BarrOff/nim-olm) (MIT) Nim bindings
Hubert Chathi's avatar
Hubert Chathi committed
114
115
116
- [olm-sys](https://gitlab.gnome.org/BrainBlasted/olm-sys) (Apache-2.0) Rust
  bindings

Hubert Chathi's avatar
Hubert Chathi committed
117
118
Note that bindings may have a different license from libolm, and are *not*
endorsed by the Matrix.org Foundation C.I.C.
Hubert Chathi's avatar
Hubert Chathi committed
119

Aaron Raimist's avatar
Aaron Raimist committed
120
## Release process
121

122
First: bump version numbers in ``common.mk``, ``CMakeLists.txt``,
manuroe's avatar
manuroe committed
123
``javascript/package.json``, ``python/olm/__version__.py``, ``OLMKit.podspec``, ``Package.swift``,
Hubert Chathi's avatar
Hubert Chathi committed
124
and ``android/olm-sdk/src/main/java/org/matrix/olm/OlmManager.java`` in function ``getVersion()```.
125

Hubert Chathi's avatar
Hubert Chathi committed
126
Also, ensure the changelog is up to date, and that everything is committed to
127
git.
128

129
130
131
It's probably sensible to do the above on a release branch (``release-vx.y.z``
by convention), and merge back to master once the release is complete.

Aaron Raimist's avatar
Aaron Raimist committed
132
133
```bash
make clean
Richard van der Hoff's avatar
Richard van der Hoff committed
134

Aaron Raimist's avatar
Aaron Raimist committed
135
136
# build and test C library
make test
137

Aaron Raimist's avatar
Aaron Raimist committed
138
139
# build and test JS wrapper
make js
Hubert Chathi's avatar
Hubert Chathi committed
140
141
142
143
144
(cd javascript && \
     npm run test && \
     sha256sum olm.js olm_legacy.js olm.wasm > checksums.txt && \
     gpg -b -a -u F75FDC22C1DE8453 checksums.txt && \
     npm publish)
145

Aaron Raimist's avatar
Aaron Raimist committed
146
147
148
VERSION=x.y.z
git tag $VERSION -s
git push --tags
149

Aaron Raimist's avatar
Aaron Raimist committed
150
151
152
153
154
155
156
157
# OLMKit CocoaPod release
# Make sure the version OLMKit.podspec is the same as the git tag
# (this must be checked before git tagging)
pod spec lint OLMKit.podspec --use-libraries --allow-warnings
pod trunk push OLMKit.podspec --use-libraries --allow-warnings
# Check the pod has been successully published with:
pod search OLMKit
```
158

Hubert Chathi's avatar
Hubert Chathi committed
159
160
161
162
163
164
Python and JavaScript packages are published to the registry at
<https://gitlab.matrix.org/matrix-org/olm/-/packages>.  The GitLab
documentation contains instructions on how to set up twine (Python) and npm
(JavaScript) to upload to the registry.


Aaron Raimist's avatar
Aaron Raimist committed
165
## Design
166

167
Olm is designed to be easy port to different platforms and to be easy
168
169
to write bindings for.

Richard van der Hoff's avatar
Richard van der Hoff committed
170
171
172
173
174
It was originally implemented in C++, with a plain-C layer providing the public
API. As development has progressed, it has become clear that C++ gives little
advantage, and new functionality is being added in C, with C++ parts being
rewritten as the need ariases.

Aaron Raimist's avatar
Aaron Raimist committed
175
### Error Handling
176

177
All C functions in the API for olm return ``olm_error()`` on error.
178
179
This makes it easy to check for error conditions within the language bindings.

Aaron Raimist's avatar
Aaron Raimist committed
180
### Random Numbers
181

182
Olm doesn't generate random numbers itself. Instead the caller must
183
184
185
186
provide the random data. This makes it easier to port the library to different
platforms since the caller can use whatever cryptographic random number
generator their platform provides.

Aaron Raimist's avatar
Aaron Raimist committed
187
### Memory
188

189
Olm avoids calling malloc or allocating memory on the heap itself.
190
191
192
Instead the library calculates how much memory will be needed to hold the
output and the caller supplies a buffer of the appropriate size.

Aaron Raimist's avatar
Aaron Raimist committed
193
### Output Encoding
194
195
196
197

Binary output is encoded as base64 so that languages that prefer unicode
strings will find it easier to handle the output.

Aaron Raimist's avatar
Aaron Raimist committed
198
### Dependencies
199

200
Olm uses pure C implementations of the cryptographic primitives used by
201
202
the ratchet. While this decreases the performance it makes it much easier
to compile the library for different architectures.
203

Aaron Raimist's avatar
Aaron Raimist committed
204
## Contributing
Richard van der Hoff's avatar
Richard van der Hoff committed
205

Aaron Raimist's avatar
Aaron Raimist committed
206
207
208
Please see [CONTRIBUTING.md](CONTRIBUTING.md) when making contributions to the library.

## Security assessment
Matthew Hodgson's avatar
Matthew Hodgson committed
209
210
211
212

Olm 1.3.0 was independently assessed by NCC Group's Cryptography Services
Practive in September 2016 to check for security issues: you can read all
about it at
Denis Kasak's avatar
Denis Kasak committed
213
https://www.nccgroup.com/globalassets/our-research/us/public-reports/2016/november/ncc_group_olm_cryptogrpahic_review_2016_11_01.pdf
Matthew Hodgson's avatar
Matthew Hodgson committed
214
215
and https://matrix.org/blog/2016/11/21/matrixs-olm-end-to-end-encryption-security-assessment-released-and-implemented-cross-platform-on-riot-at-last/

Aaron Raimist's avatar
Aaron Raimist committed
216
217
## Bug reports

Matthew Hodgson's avatar
Matthew Hodgson committed
218
219
Please file bug reports at https://github.com/matrix-org/olm/issues

Aaron Raimist's avatar
Aaron Raimist committed
220
## What's an olm?
221
222

It's a really cool species of European troglodytic salamander.
Matthew Hodgson's avatar
Matthew Hodgson committed
223
http://www.postojnska-jama.eu/en/come-and-visit-us/vivarium-proteus/
Matthew Hodgson's avatar
Matthew Hodgson committed
224

Aaron Raimist's avatar
Aaron Raimist committed
225
## Legal Notice
Matthew Hodgson's avatar
Matthew Hodgson committed
226
227
228
229
230

The software may be subject to the U.S. export control laws and regulations
and by downloading the software the user certifies that he/she/it is
authorized to do so in accordance with those export control laws and
regulations.