1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
|
# Olm
An implementation of the Double Ratchet cryptographic ratchet described by
https://whispersystems.org/docs/specifications/doubleratchet/, written in C and
C++11 and exposed as a C API.
The specification of the Olm ratchet can be found in [docs/olm.md](docs/olm.md).
This library also includes an implementation of the Megolm cryptographic
ratchet, as specified in [docs/megolm.md](docs/megolm.md).
## Building
To build olm as a shared library run either:
```bash
cmake . -Bbuild
cmake --build build
```
or:
```bash
make
```
Using cmake is the preferred method for building the shared library; the
Makefile may be removed in the future.
To run the tests when using cmake, run:
```bash
cd build/tests
ctest .
```
To run the tests when using make, run:
```bash
make test
```
To build the JavaScript bindings, install emscripten from http://kripken.github.io/emscripten-site/ and then run:
```bash
make js
```
Note that if you run emscripten in a docker container, you need to pass through
the EMCC_CLOSURE_ARGS environment variable.
To build the android project for Android bindings, run:
```bash
cd android
./gradlew clean assembleRelease
```
To build the Xcode workspace for Objective-C bindings, run:
```bash
cd xcode
pod install
open OLMKit.xcworkspace
```
To build the Python bindings, first build olm as a shared library as above, and
then run:
```bash
cd python
make
```
to make both the Python 2 and Python 3 bindings. To make only one version, use
``make olm-python2`` or ``make olm-python3`` instead of just ``make``.
To build olm as a static library (which still needs libstdc++ dynamically) run
either:
```bash
cmake . -Bbuild -DBUILD_SHARED_LIBS=NO
cmake --build build
```
or
```bash
make static
```
The library can also be used as a dependency with CMake using:
```cmake
find_package(Olm::Olm REQUIRED)
target_link_libraries(my_exe Olm::Olm)
```
## Bindings
libolm can be used in different environments using bindings. In addition to the
JavaScript, Python, Java (Android), and Objective-C bindings included in this
repository, some bindings are (in alphabetical order):
- [dart-olm](https://gitlab.com/famedly/libraries/dart-olm) (AGPLv3) Dart bindings
- [Dhole/go-olm](https://github.com/Dhole/go-olm) (Apache-2.0) Go bindings
- [libQtOlm](https://gitlab.com/b0/libqtolm/) (GPLv3) Qt bindings
- [matrix-kt](https://github.com/Dominaezzz/matrix-kt) (Apache-2.0) Kotlin
library for Matrix, including Olm methods
- [maunium.net/go/mautrix/crypto/olm](https://github.com/tulir/mautrix-go/tree/master/crypto/olm)
(Apache-2.0) fork of Dhole/go-olm
- [olm-sys](https://gitlab.gnome.org/BrainBlasted/olm-sys) (Apache-2.0) Rust
bindings
Note that bindings may have a different license from libolm.
## Release process
First: bump version numbers in ``common.mk``, ``CMakeLists.txt``,
``javascript/package.json``, ``python/olm/__version__.py``, ``OLMKit.podspec``,
and ``android/olm-sdk/build.gradle`` (``versionCode``, ``versionName`` and
``version``).
Also, ensure the changelog is up to date, and that everything is committed to
git.
It's probably sensible to do the above on a release branch (``release-vx.y.z``
by convention), and merge back to master once the release is complete.
```bash
make clean
# build and test C library
make test
# build and test JS wrapper
make js
(cd javascript && npm run test && npm pack javascript)
VERSION=x.y.z
gpg -b -a -u F75FDC22C1DE8453 javascript/olm-$VERSION.tgz
scp javascript/olm-$VERSION.tgz packages@ares.matrix.org:packages/npm/olm/
git tag $VERSION -s
git push --tags
# OLMKit CocoaPod release
# Make sure the version OLMKit.podspec is the same as the git tag
# (this must be checked before git tagging)
pod spec lint OLMKit.podspec --use-libraries --allow-warnings
pod trunk push OLMKit.podspec --use-libraries --allow-warnings
# Check the pod has been successully published with:
pod search OLMKit
```
## Design
Olm is designed to be easy port to different platforms and to be easy
to write bindings for.
It was originally implemented in C++, with a plain-C layer providing the public
API. As development has progressed, it has become clear that C++ gives little
advantage, and new functionality is being added in C, with C++ parts being
rewritten as the need ariases.
### Error Handling
All C functions in the API for olm return ``olm_error()`` on error.
This makes it easy to check for error conditions within the language bindings.
### Random Numbers
Olm doesn't generate random numbers itself. Instead the caller must
provide the random data. This makes it easier to port the library to different
platforms since the caller can use whatever cryptographic random number
generator their platform provides.
### Memory
Olm avoids calling malloc or allocating memory on the heap itself.
Instead the library calculates how much memory will be needed to hold the
output and the caller supplies a buffer of the appropriate size.
### Output Encoding
Binary output is encoded as base64 so that languages that prefer unicode
strings will find it easier to handle the output.
### Dependencies
Olm uses pure C implementations of the cryptographic primitives used by
the ratchet. While this decreases the performance it makes it much easier
to compile the library for different architectures.
## Contributing
Please see [CONTRIBUTING.md](CONTRIBUTING.md) when making contributions to the library.
## Security assessment
Olm 1.3.0 was independently assessed by NCC Group's Cryptography Services
Practive in September 2016 to check for security issues: you can read all
about it at
https://www.nccgroup.trust/us/our-research/matrix-olm-cryptographic-review/
and https://matrix.org/blog/2016/11/21/matrixs-olm-end-to-end-encryption-security-assessment-released-and-implemented-cross-platform-on-riot-at-last/
## Bug reports
Please file bug reports at https://github.com/matrix-org/olm/issues
## What's an olm?
It's a really cool species of European troglodytic salamander.
http://www.postojnska-jama.eu/en/come-and-visit-us/vivarium-proteus/
## Legal Notice
The software may be subject to the U.S. export control laws and regulations
and by downloading the software the user certifies that he/she/it is
authorized to do so in accordance with those export control laws and
regulations.
|
