README.md 7.13 KB
Newer Older
Aaron Raimist's avatar
Aaron Raimist committed
1
# Olm
2

3
An implementation of the Double Ratchet cryptographic ratchet described by
4
5
https://whispersystems.org/docs/specifications/doubleratchet/, written in C and
C++11 and exposed as a C API.
6

Aaron Raimist's avatar
Aaron Raimist committed
7
The specification of the Olm ratchet can be found in [docs/olm.md](docs/olm.md).
Richard van der Hoff's avatar
Richard van der Hoff committed
8
9

This library also includes an implementation of the Megolm cryptographic
Aaron Raimist's avatar
Aaron Raimist committed
10
ratchet, as specified in [docs/megolm.md](docs/megolm.md).
Matthew Hodgson's avatar
Matthew Hodgson committed
11

Aaron Raimist's avatar
Aaron Raimist committed
12
## Building
13

14
To build olm as a shared library run:
15

Aaron Raimist's avatar
Aaron Raimist committed
16
17
18
19
```bash
cmake . -Bbuild
cmake --build build
```
20

21
To run the tests, run:
22

Aaron Raimist's avatar
Aaron Raimist committed
23
```bash
24
25
cd build/tests
ctest .
Aaron Raimist's avatar
Aaron Raimist committed
26
```
27

28
To build olm as a static library (which still needs libstdc++ dynamically) run:
29

Aaron Raimist's avatar
Aaron Raimist committed
30
```bash
31
32
cmake . -Bbuild -DBUILD_SHARED_LIBS=NO
cmake --build build
Aaron Raimist's avatar
Aaron Raimist committed
33
```
34

35
36
37
38
39
The library can also be used as a dependency with CMake using:

```cmake
find_package(Olm::Olm REQUIRED)
target_link_libraries(my_exe Olm::Olm)
Aaron Raimist's avatar
Aaron Raimist committed
40
```
41

42
43
44
### Bindings

To build the JavaScript bindings, install emscripten from https://emscripten.org/ and then run:
45

Aaron Raimist's avatar
Aaron Raimist committed
46
47
48
```bash
make js
```
49

50
51
52
Note that if you run emscripten in a docker container, you need to pass through
the EMCC_CLOSURE_ARGS environment variable.

ylecollen's avatar
ylecollen committed
53
54
To build the android project for Android bindings, run:

Aaron Raimist's avatar
Aaron Raimist committed
55
56
57
58
```bash
cd android
./gradlew clean assembleRelease
```
59

60
61
To build the Xcode workspace for Objective-C bindings, run:

Aaron Raimist's avatar
Aaron Raimist committed
62
63
64
65
66
```bash
cd xcode
pod install
open OLMKit.xcworkspace
```
67

68
69
70
To build the Python bindings, first build olm as a shared library as above, and
then run:

Aaron Raimist's avatar
Aaron Raimist committed
71
72
73
74
```bash
cd python
make
```
75
76
77
78

to make both the Python 2 and Python 3 bindings.  To make only one version, use
``make olm-python2`` or ``make olm-python3`` instead of just ``make``.

79
80
81
82
83
84
85
86
### Using make instead of cmake

**WARNING:** Using cmake is the preferred method for building the olm library;
the Makefile may be removed in the future or have functionality removed.  In
addition, the Makefile may make certain assumptions about your system and is
not as well tested.

To build olm as a dynamic library, run:
87

Aaron Raimist's avatar
Aaron Raimist committed
88
```bash
89
make
Aaron Raimist's avatar
Aaron Raimist committed
90
```
91

92
To run the tests, run:
93

Aaron Raimist's avatar
Aaron Raimist committed
94
```bash
95
make test
Aaron Raimist's avatar
Aaron Raimist committed
96
```
97

98
To build olm as a static library, run:
99

100
101
```bash
make static
Aaron Raimist's avatar
Aaron Raimist committed
102
```
103

Hubert Chathi's avatar
Hubert Chathi committed
104
105
106
107
108
109
## Bindings

libolm can be used in different environments using bindings. In addition to the
JavaScript, Python, Java (Android), and Objective-C bindings included in this
repository, some bindings are (in alphabetical order):

Hubert Chathi's avatar
Hubert Chathi committed
110
- [cl-megolm](https://github.com/K1D77A/cl-megolm) (MIT) Common Lisp bindings
Denis Kasak's avatar
Denis Kasak committed
111
- [dart-olm](https://gitlab.com/famedly/company/frontend/libraries/dart-olm) (AGPLv3) Dart bindings
Hubert Chathi's avatar
Hubert Chathi committed
112
- [Dhole/go-olm](https://github.com/Dhole/go-olm) (Apache-2.0) Go bindings
Hubert Chathi's avatar
Hubert Chathi committed
113
- [jOlm](https://github.com/brevilo/jolm) (Apache-2.0) Java bindings
Hubert Chathi's avatar
Hubert Chathi committed
114
115
116
117
118
- [libQtOlm](https://gitlab.com/b0/libqtolm/) (GPLv3) Qt bindings
- [matrix-kt](https://github.com/Dominaezzz/matrix-kt) (Apache-2.0) Kotlin
  library for Matrix, including Olm methods
- [maunium.net/go/mautrix/crypto/olm](https://github.com/tulir/mautrix-go/tree/master/crypto/olm)
  (Apache-2.0) fork of Dhole/go-olm
Hubert Chathi's avatar
Hubert Chathi committed
119
- [nim-olm](https://codeberg.org/BarrOff/nim-olm) (MIT) Nim bindings
Hubert Chathi's avatar
Hubert Chathi committed
120
121
122
- [olm-sys](https://gitlab.gnome.org/BrainBlasted/olm-sys) (Apache-2.0) Rust
  bindings

Hubert Chathi's avatar
Hubert Chathi committed
123
124
Note that bindings may have a different license from libolm, and are *not*
endorsed by the Matrix.org Foundation C.I.C.
Hubert Chathi's avatar
Hubert Chathi committed
125

Aaron Raimist's avatar
Aaron Raimist committed
126
## Release process
127

128
First: bump version numbers in ``common.mk``, ``CMakeLists.txt``,
129
130
``javascript/package.json``, ``python/olm/__version__.py``, ``OLMKit.podspec``,
``Package.swift``, and ``android/gradle.properties``.
131

Hubert Chathi's avatar
Hubert Chathi committed
132
Also, ensure the changelog is up to date, and that everything is committed to
133
git.
134

135
136
137
It's probably sensible to do the above on a release branch (``release-vx.y.z``
by convention), and merge back to master once the release is complete.

Aaron Raimist's avatar
Aaron Raimist committed
138
139
```bash
make clean
Richard van der Hoff's avatar
Richard van der Hoff committed
140

Aaron Raimist's avatar
Aaron Raimist committed
141
142
# build and test C library
make test
143

Aaron Raimist's avatar
Aaron Raimist committed
144
145
# build and test JS wrapper
make js
Hubert Chathi's avatar
Hubert Chathi committed
146
147
148
149
150
(cd javascript && \
     npm run test && \
     sha256sum olm.js olm_legacy.js olm.wasm > checksums.txt && \
     gpg -b -a -u F75FDC22C1DE8453 checksums.txt && \
     npm publish)
151

Aaron Raimist's avatar
Aaron Raimist committed
152
153
154
VERSION=x.y.z
git tag $VERSION -s
git push --tags
155

Aaron Raimist's avatar
Aaron Raimist committed
156
157
158
159
160
161
162
163
# OLMKit CocoaPod release
# Make sure the version OLMKit.podspec is the same as the git tag
# (this must be checked before git tagging)
pod spec lint OLMKit.podspec --use-libraries --allow-warnings
pod trunk push OLMKit.podspec --use-libraries --allow-warnings
# Check the pod has been successully published with:
pod search OLMKit
```
164

Hubert Chathi's avatar
Hubert Chathi committed
165
166
167
168
169
170
Python and JavaScript packages are published to the registry at
<https://gitlab.matrix.org/matrix-org/olm/-/packages>.  The GitLab
documentation contains instructions on how to set up twine (Python) and npm
(JavaScript) to upload to the registry.


Aaron Raimist's avatar
Aaron Raimist committed
171
## Design
172

173
Olm is designed to be easy port to different platforms and to be easy
174
175
to write bindings for.

Richard van der Hoff's avatar
Richard van der Hoff committed
176
177
178
179
180
It was originally implemented in C++, with a plain-C layer providing the public
API. As development has progressed, it has become clear that C++ gives little
advantage, and new functionality is being added in C, with C++ parts being
rewritten as the need ariases.

Aaron Raimist's avatar
Aaron Raimist committed
181
### Error Handling
182

183
All C functions in the API for olm return ``olm_error()`` on error.
184
185
This makes it easy to check for error conditions within the language bindings.

Aaron Raimist's avatar
Aaron Raimist committed
186
### Random Numbers
187

188
Olm doesn't generate random numbers itself. Instead the caller must
189
190
191
192
provide the random data. This makes it easier to port the library to different
platforms since the caller can use whatever cryptographic random number
generator their platform provides.

Aaron Raimist's avatar
Aaron Raimist committed
193
### Memory
194

195
Olm avoids calling malloc or allocating memory on the heap itself.
196
197
198
Instead the library calculates how much memory will be needed to hold the
output and the caller supplies a buffer of the appropriate size.

Aaron Raimist's avatar
Aaron Raimist committed
199
### Output Encoding
200
201
202
203

Binary output is encoded as base64 so that languages that prefer unicode
strings will find it easier to handle the output.

Aaron Raimist's avatar
Aaron Raimist committed
204
### Dependencies
205

206
Olm uses pure C implementations of the cryptographic primitives used by
207
208
the ratchet. While this decreases the performance it makes it much easier
to compile the library for different architectures.
209

Aaron Raimist's avatar
Aaron Raimist committed
210
## Contributing
Richard van der Hoff's avatar
Richard van der Hoff committed
211

Aaron Raimist's avatar
Aaron Raimist committed
212
213
214
Please see [CONTRIBUTING.md](CONTRIBUTING.md) when making contributions to the library.

## Security assessment
Matthew Hodgson's avatar
Matthew Hodgson committed
215
216
217
218

Olm 1.3.0 was independently assessed by NCC Group's Cryptography Services
Practive in September 2016 to check for security issues: you can read all
about it at
Denis Kasak's avatar
Denis Kasak committed
219
https://www.nccgroup.com/globalassets/our-research/us/public-reports/2016/november/ncc_group_olm_cryptogrpahic_review_2016_11_01.pdf
Matthew Hodgson's avatar
Matthew Hodgson committed
220
221
and https://matrix.org/blog/2016/11/21/matrixs-olm-end-to-end-encryption-security-assessment-released-and-implemented-cross-platform-on-riot-at-last/

222
223
224
225
## Security issues

If you think you found a security issue in libolm, any of its bindings or the Olm/Megolm protocols, please follow our [Security Disclosure Policy](https://matrix.org/security-disclosure-policy/) to report.

Aaron Raimist's avatar
Aaron Raimist committed
226
227
## Bug reports

228
For non-sensitive bugs, please file bug reports at https://github.com/matrix-org/olm/issues.
Matthew Hodgson's avatar
Matthew Hodgson committed
229

Aaron Raimist's avatar
Aaron Raimist committed
230
## What's an olm?
231
232

It's a really cool species of European troglodytic salamander.
Matthew Hodgson's avatar
Matthew Hodgson committed
233
http://www.postojnska-jama.eu/en/come-and-visit-us/vivarium-proteus/
Matthew Hodgson's avatar
Matthew Hodgson committed
234

Aaron Raimist's avatar
Aaron Raimist committed
235
## Legal Notice
Matthew Hodgson's avatar
Matthew Hodgson committed
236
237
238
239
240

The software may be subject to the U.S. export control laws and regulations
and by downloading the software the user certifies that he/she/it is
authorized to do so in accordance with those export control laws and
regulations.