Fix listings and session print

Hello,

Setuptools 69.0.0 deprecated a bunch stuff leading to a nasty errors during install.

> File "/tmp/pip-build-env-w815o5v3/overlay/lib/python3.11/site-packages/setuptools/config/_apply_pyprojecttoml.py", line 183, in _license
>          _set_config(dist, "license", val["text"])
>                                       ~~~^^^^^^^^
> KeyError: 'text'
> [end of output]

__version__.py wasn't used anywhere except setup.py so removing and setting it all pyproject.toml is safe.

During this decided to move as much as I could out of setup.py, zip-safe has been obsolete for modern setuptools installation methods so dropped it.

From c0be008217350f03de7f856866a402d95b5db2a3 Mon Sep 17 00:00:00 2001
From: Alfred Wingate <parona@protonmail.com>
Date: Tue, 21 Nov 2023 15:13:35 +0200
Subject: [PATCH] Move metadata to project.toml

* Setuptools 69.0.0 deprecated a slew of old style configurations.

Signed-off-by: Alfred Wingate <parona@protonmail.com>

CHANGELOG.rst

@@ -1,3 +1,33 @@
+Changes in `3.2.16 <https://gitlab.matrix.org/matrix-org/olm/tags/3.2.16>`_
+===========================================================================
+
+This release includes the following changes since 3.2.15:
+
+* Fix and modernize the Python packaging (thanks to Alfred Wingate)
+
+Changes in `3.2.15 <https://gitlab.matrix.org/matrix-org/olm/tags/3.2.15>`_
+===========================================================================
+
+This release includes the following changes since 3.2.14:
+
+* Improvements to Python packaging
+  * No longer depend on ``future`` since Python 2 is no longer supported.
+  * Improve compatibility with tox 4.
+  * Add support for making standalone sdist.
+* Improvements to Nix flake (Thanks to Jon Ringer)
+  * Improve structure.
+  * Enable Darwin builds.
+* Typescript type fix.
+
+Changes in `3.2.14 <https://gitlab.matrix.org/matrix-org/olm/tags/3.2.14>`_
+===========================================================================
+
+This release includes the following changes since 3.2.13:
+
+* TypeScript type improvements.
+* Improvements to Python packaging
+* Documentation improvements.
+
 Changes in `3.2.13 <https://gitlab.matrix.org/matrix-org/olm/tags/3.2.13>`_
 ===========================================================================
 

CMakeLists.txt

@@ -1,6 +1,6 @@
 cmake_minimum_required(VERSION 3.4)
 
-project(olm VERSION 3.2.13 LANGUAGES CXX C)
+project(olm VERSION 3.2.16 LANGUAGES CXX C)
 
 option(OLM_TESTS "Build tests" ON)
 option(BUILD_SHARED_LIBS "Build as a shared library" ON)

Makefile

@@ -8,7 +8,6 @@ RELEASE_OPTIMIZE_FLAGS ?= -O3
 DEBUG_OPTIMIZE_FLAGS ?= -g -O0 -U_FORTIFY_SOURCE
 JS_OPTIMIZE_FLAGS ?= -O3
 FUZZER_OPTIMIZE_FLAGS ?= -O3
-CC = gcc
 EMCC = emcc
 EMAR = emar
 AR = ar
@@ -31,7 +30,7 @@ JS_ASMJS_TARGET := javascript/olm_legacy.js
 WASM_TARGET := $(BUILD_DIR)/wasm/libolm.a
 
 JS_EXPORTED_FUNCTIONS := javascript/exported_functions.json
-JS_EXPORTED_RUNTIME_METHODS := [ALLOC_STACK,writeAsciiToMemory,intArrayFromString]
+JS_EXPORTED_RUNTIME_METHODS := [ALLOC_STACK,writeAsciiToMemory,intArrayFromString,UTF8ToString,stringToUTF8]
 JS_EXTERNS := javascript/externs.js
 
 PUBLIC_HEADERS := include/olm/olm.h include/olm/outbound_group_session.h include/olm/inbound_group_session.h include/olm/pk.h include/olm/sas.h include/olm/error.h include/olm/olm_export.h
@@ -94,7 +93,7 @@ LDFLAGS += -Wall -Werror
 CFLAGS_NATIVE = -fPIC
 CXXFLAGS_NATIVE = -fPIC
 
-EMCCFLAGS = --closure 1 --memory-init-file 0 -s NO_FILESYSTEM=1 -s INVOKE_RUN=0 -s MODULARIZE=1
+EMCCFLAGS = --closure 1 --memory-init-file 0 -s NO_FILESYSTEM=1 -s INVOKE_RUN=0 -s MODULARIZE=1 -Wno-error=closure
 
 # Olm generally doesn't need a lot of memory to encrypt / decrypt its usual
 # payloads (ie. Matrix messages), but we do need about 128K of heap to encrypt
@@ -106,7 +105,7 @@ EMCCFLAGS = --closure 1 --memory-init-file 0 -s NO_FILESYSTEM=1 -s INVOKE_RUN=0
 # we don't use this for the legacy build.)
 EMCCFLAGS_WASM += -s TOTAL_STACK=65536 -s TOTAL_MEMORY=262144 -s ALLOW_MEMORY_GROWTH
 
-EMCCFLAGS_ASMJS += -s WASM=0 -Wno-error=closure
+EMCCFLAGS_ASMJS += -s WASM=0
 
 EMCC.c = $(EMCC) $(CFLAGS) $(CPPFLAGS) -c -DNDEBUG -DOLM_STATIC_DEFINE=1
 EMCC.cc = $(EMCC) $(CXXFLAGS) $(CPPFLAGS) -c -DNDEBUG -DOLM_STATIC_DEFINE=1

OLMKit.podspec

@@ -3,7 +3,7 @@ Pod::Spec.new do |s|
   # The libolm version
   MAJOR = 3
   MINOR = 2
-  PATCH = 13
+  PATCH = 16
 
   s.name         = "OLMKit"
   s.version      = "#{MAJOR}.#{MINOR}.#{PATCH}"

Package.swift

@@ -2,7 +2,7 @@
 
 import PackageDescription
 
-let major = 3, minor = 2, patch = 13
+let major = 3, minor = 2, patch = 16
 
 let package = Package(
     name: "Olm",

README.md

@@ -52,13 +52,16 @@ You can use pre-built npm packages, available at
 
 #### Python
 
-Pre-built packages for Python are available for certain architectures at
+A Python source package and pre-built packages for certain architectures from
-<https://gitlab.matrix.org/matrix-org/olm/-/packages?type=PyPI>.  They can be
+<https://pypi.org/project/python-olm/>.  If a pre-built package is not
-installed by running
+available for your architecture, you will need:
 
-```bash
+- cmake (recommended) or GNU make
-pip install python-olm --extra-index-url https://gitlab.matrix.org/api/v4/projects/27/packages/pypi/simple
+- a C/C++ compiler
-```
+
+to build the source package.
+
+You can then run `pip install python-olm`.
 
 Currently, we try to provide packages for all supported versions of Python on
 x86-64, i686, and aarch64, but we cannot guarantee that packages for all
@@ -203,7 +206,7 @@ endorsed by the Matrix.org Foundation C.I.C.
 ## Release process
 
 First: bump version numbers in ``common.mk``, ``CMakeLists.txt``,
-``javascript/package.json``, ``python/olm/__version__.py``, ``OLMKit.podspec``,
+``javascript/package.json``, ``python/pyproject.toml``, ``OLMKit.podspec``,
 ``Package.swift``, and ``android/gradle.properties``.
 
 Also, ensure the changelog is up to date, and that everything is committed to

Windows64.cmake

@@ -11,8 +11,8 @@
 SET(CMAKE_SYSTEM_NAME Windows)
 
 # which compilers to use for C and C++
-SET(CMAKE_C_COMPILER x86_64-w64-mingw32-gcc)
+SET(CMAKE_C_COMPILER x86_64-w64-mingw32-gcc-posix)
-SET(CMAKE_CXX_COMPILER x86_64-w64-mingw32-g++)
+SET(CMAKE_CXX_COMPILER x86_64-w64-mingw32-g++-posix)
 SET(CMAKE_RC_COMPILER x86_64-w64-mingw32-windres)
 
 # here is the target environment located

android/gradle.properties

@@ -26,7 +26,7 @@ org.gradle.configureondemand=false
 # Ref: https://github.com/vanniktech/gradle-maven-publish-plugin
 GROUP=org.matrix.android
 POM_ARTIFACT_ID=olm
-VERSION_NAME=3.2.13
+VERSION_NAME=3.2.16
 
 POM_PACKAGING=aar
 

common.mk

@@ -1,4 +1,4 @@
 
 MAJOR := 3
 MINOR := 2
-PATCH := 13
+PATCH := 16

docs/megolm.md

@@ -28,18 +28,56 @@ channels. Provided that peer-to-peer channel provides authenticity of the
 messages to the participants and deniability of the messages to third parties,
 the Megolm session will inherit those properties.
 
-## The Megolm V2 ratchet algorithm
+## The Megolm ratchet algorithm
 
-The Megolm V2 ratchet $`R_i`$ is based on a single key whose length depends
+The Megolm ratchet $`R_i`$ consists of four parts, $`R_{i,j}`$ for
-on the hash function in use (256 bits for this version of Megolm).
+$`j \in {0,1,2,3}`$. The length of each part depends on the hash function
+in use (256 bits for this version of Megolm).
 
-The key is initialised with cryptographically-secure random data, and
+The ratchet is initialised with cryptographically-secure random data, and
-after each use is advanced by setting $`R_{i+1} = H(R_i)`$, where $`H`$ is
+advanced as follows:
-a hash function.
 
-The ratchet value, $`R_{i}`$, is hashed to generate the keys used
+```math
-to encrypt each message. This scheme allows a client
+\begin{aligned}
-to decrypt chat history onwards from the earliest value of the ratchet
+R_{i,0} &=
+  \begin{cases}
+  H_0\left(R_{2^{24}(n-1),0}\right) &\text{if }\exists n | i = 2^{24}n\\
+  R_{i-1,0} &\text{otherwise}
+  \end{cases}\\
+R_{i,1} &=
+  \begin{cases}
+  H_1\left(R_{2^{24}(n-1),0}\right) &\text{if }\exists n | i = 2^{24}n\\
+  H_1\left(R_{2^{16}(m-1),1}\right) &\text{if }\exists m | i = 2^{16}m\\
+  R_{i-1,1} &\text{otherwise}
+  \end{cases}\\
+R_{i,2} &=
+  \begin{cases}
+  H_2\left(R_{2^{24}(n-1),0}\right) &\text{if }\exists n | i = 2^{24}n\\
+  H_2\left(R_{2^{16}(m-1),1}\right) &\text{if }\exists m | i = 2^{16}m\\
+  H_2\left(R_{2^8(p-1),2}\right) &\text{if }\exists p | i = 2^8p\\
+  R_{i-1,2} &\text{otherwise}
+  \end{cases}\\
+R_{i,3} &=
+  \begin{cases}
+  H_3\left(R_{2^{24}(n-1),0}\right) &\text{if }\exists n | i = 2^{24}n\\
+  H_3\left(R_{2^{16}(m-1),1}\right) &\text{if }\exists m | i = 2^{16}m\\
+  H_3\left(R_{2^8(p-1),2}\right) &\text{if }\exists p | i = 2^8p\\
+  H_3\left(R_{i-1,3}\right) &\text{otherwise}
+  \end{cases}
+\end{aligned}
+```
+
+where $`H_0`$, $`H_1`$, $`H_2`$, and $`H_3`$ are different hash
+functions. In summary: every $`2^8`$ iterations, $`R_{i,3}`$ is
+reseeded from $`R_{i,2}`$. Every $`2^{16}`$ iterations, $`R_{i,2}`$
+and $`R_{i,3}`$ are reseeded from $`R_{i,1}`$. Every $`2^{24}`$
+iterations, $`R_{i,1}`$, $`R_{i,2}`$ and $`R_{i,3}`$ are reseeded
+from $`R_{i,0}`$.
+
+The complete ratchet value, $`R_{i}`$, is hashed to generate the keys used
+to encrypt each message. This scheme allows the ratchet to be advanced an
+arbitrary amount forwards while needing at most 1020 hash computations.  A
+client can decrypt chat history onwards from the earliest value of the ratchet
 it is aware of, but cannot decrypt history from before that point without
 reversing the hash function.
 
@@ -47,6 +85,7 @@ This allows a participant to share its ability to decrypt chat history with
 another from a point in the conversation onwards by giving a copy of the
 ratchet at that point in the conversation.
 
+
 ## The Megolm protocol
 
 ### Session setup
@@ -56,7 +95,8 @@ session consists of three parts:
 
 * a 32 bit counter, $`i`$.
 * an [Ed25519][] keypair, $`K`$.
-* a ratchet, $`R_i`$, consisting of a single 256-bit value.
+* a ratchet, $`R_i`$, which consists of four 256-bit values,
+  $`R_{i,j}`$ for $`j \in {0,1,2,3}`$.
 
 The counter $`i`$ is initialised to $`0`$. A new Ed25519 keypair is
 generated for $`K`$. The ratchet is simply initialised with 1024 bits of
@@ -117,16 +157,18 @@ received the session data.
 ### Advancing the ratchet
 
 After each message is encrypted, the ratchet is advanced. This is done as
-described in [The Megolm V2 ratchet algorithm](#the-megolm-v2-ratchet-algorithm),
+described in [The Megolm ratchet algorithm](#the-megolm-ratchet-algorithm), using the following definitions:
-using the following definition for $`H`$:
 
 ```math
 \begin{aligned}
-    H(A) &\equiv \operatorname{HMAC}(A,\text{``\char`\\x00"}) \\
+    H_0(A) &\equiv \operatorname{HMAC}(A,\text{``\char`\\x00"}) \\
+    H_1(A) &\equiv \operatorname{HMAC}(A,\text{``\char`\\x01"}) \\
+    H_2(A) &\equiv \operatorname{HMAC}(A,\text{``\char`\\x02"}) \\
+    H_3(A) &\equiv \operatorname{HMAC}(A,\text{``\char`\\x03"}) \\
 \end{aligned}
 ```
 
-where $`\operatorname{HMAC}(A, T)`$ is the HMAC-SHA-256 of $`T`$, using $`A`$ as the
+where $`\operatorname{HMAC}(A, T)`$ is the HMAC-SHA-256 of ``T``, using ``A`` as the
 key.
 
 For outbound sessions, the updated ratchet and counter are stored in the
@@ -149,16 +191,16 @@ session.
 The session sharing format is as follows:
 
 ```
-+---+----+------+------+-----------+
++---+----+--------+--------+--------+--------+------+-----------+
-| V | i  | R(i) | Kpub | Signature |
+| V | i  | R(i,0) | R(i,1) | R(i,2) | R(i,3) | Kpub | Signature |
-+---+----+------+------+-----------+
++---+----+--------+--------+--------+--------+------+-----------+
-0   1    5      37     69         133   bytes          
+0   1    5        37       69      101      133    165         229   bytes
 ```
 
-The version byte, ``V``, is ``"\x04"``.
+The version byte, ``V``, is ``"\x02"``.
 
 This is followed by the ratchet index, $`i`$, which is encoded as a
-big-endian 32-bit integer; the ratchet value $`R_{i}`$; and the public
+big-endian 32-bit integer; the ratchet values $`R_{i,j}`$; and the public
 part of the Ed25519 keypair $`K`$.
 
 The data is then signed using the Ed25519 keypair, and the 64-byte signature is
@@ -179,16 +221,16 @@ format](#session-sharing-format) except for dropping the signature.
 The Megolm session export format is thus as follows:
 
 ```
-+---+----+------+------+
++---+----+--------+--------+--------+--------+------+
-| V | i  | R(i) | Kpub |
+| V | i  | R(i,0) | R(i,1) | R(i,2) | R(i,3) | Kpub |
-+---+----+------+------+
++---+----+--------+--------+--------+--------+------+
-0   1    5      37     69  bytes
+0   1    5        37       69      101      133    165   bytes
 ```
 
-The version byte, ``V``, is ``"\x03"``.
+The version byte, ``V``, is ``"\x01"``.
 
 This is followed by the ratchet index, $`i`$, which is encoded as a
-big-endian 32-bit integer; the ratchet value $`R_{i}`$; and the public
+big-endian 32-bit integer; the ratchet values $`R_{i,j}`$; and the public
 part of the Ed25519 keypair $`K`$.
 
 ### Message format

flake.nix

@@ -11,126 +11,30 @@
   };
 
   outputs = { self, nixpkgs, flake-utils, npmlock2nix }:
-   (
+    let
+      localOverlay = import ./nix/overlay.nix;
+      pkgsForSystem = system: import nixpkgs {
+        inherit system;
+        overlays = [
+          (final: prev: {
+            npmlock2nix = final.callPackage npmlock2nix {};
+            node_modules = final.npmlock2nix.node_modules { src = ./javascript; };
+          })
+          localOverlay
+        ];
+      };
+    in (
       # some systems cause issues, e.g. i686-linux is unsupported by gradle,
       # which causes "nix flake check" to fail. Investigate more later, but for
       # now, we will just allow x86_64-linux
-      flake-utils.lib.eachSystem [ "x86_64-linux" ] (system:
+      flake-utils.lib.eachSystem [ "x86_64-linux" "x86_64-darwin" "aarch64-darwin" ] (system: rec {
-        let
+        legacyPackages = pkgsForSystem system;
-          pkgs = import nixpkgs {
+        checks = {
-            inherit system;
+          inherit (legacyPackages) olm-gcc-cmake olm-clang-cmake olm-gcc-make;
-            overlays = [
+        };
-              (final: prev: {
+        packages = {
-                npmlock2nix = final.callPackage npmlock2nix {};
+          javascript = legacyPackages.olm-javascript;
-              })
+        };
-            ];
+      }
-          };
+    ));
-          node_modules = pkgs.npmlock2nix.node_modules { src = ./javascript; };
-        in
-          rec {
-            checks.gcc-cmake = pkgs.gccStdenv.mkDerivation {
-              name = "olm";
-
-              buildInputs = [ pkgs.cmake ];
-
-              src = ./.;
-
-              buildPhase = ''
-                cmake . -Bbuild
-                cmake --build build
-              '';
-
-              doCheck = true;
-              checkPhase = ''
-                cd build/tests
-                ctest .
-                cd ../..
-              '';
-            };
-
-            checks.clang-cmake = pkgs.clangStdenv.mkDerivation {
-              name = "olm";
-
-              buildInputs = [ pkgs.cmake ];
-
-              src = ./.;
-
-              buildPhase = ''
-                cmake . -Bbuild
-                cmake --build build
-              '';
-
-              doCheck = true;
-              checkPhase = ''
-                cd build/tests
-                ctest .
-                cd ../..
-              '';
-            };
-
-            checks.gcc-make = pkgs.gccStdenv.mkDerivation {
-              name = "olm";
-
-              src = ./.;
-
-              buildPhase = ''
-                make
-              '';
-
-              doCheck = true;
-              checkPhase = ''
-                make test
-              '';
-
-              installPhase = ''
-                make install PREFIX=$out
-              '';
-            };
-
-            packages.javascript = pkgs.buildEmscriptenPackage {
-              pname = "olm";
-              inherit (builtins.fromJSON (builtins.readFile ./javascript/package.json)) version;
-
-              buildInputs = with pkgs; [ gnumake python3 nodejs ];
-
-              src = ./.;
-
-              postPatch = ''
-                patchShebangs .
-              '';
-
-              configurePhase = "";
-
-              buildPhase = ''
-                export EM_CACHE=$TMPDIR
-                make javascript/exported_functions.json
-                make js
-              '';
-
-              output = [ "out" ];
-
-              installPhase = ''
-                mkdir -p $out/javascript
-                cd javascript
-                echo sha256: > checksums.txt
-	              sha256sum olm.js olm_legacy.js olm.wasm >> checksums.txt
-	              echo sha512: >> checksums.txt
-	              sha512sum olm.js olm_legacy.js olm.wasm >> checksums.txt
-                cp package.json olm.js olm.wasm olm_legacy.js index.d.ts README.md checksums.txt $out/javascript
-                cd ..
-              '';
-
-              checkPhase = ''
-                cd javascript
-                export HOME=$TMPDIR
-                ln -s ${node_modules}/node_modules ./node_modules
-                npm test
-                cd ..
-              '';
-            };
-
-            packages.default = packages.javascript;
-          }
-      )
-   );
 }

include/olm/list.hh

@@ -99,9 +99,9 @@ public:
             return *this;
         }
         T * this_pos = _data;
-        T * const other_pos = other._data;
+        const T * other_pos = other._data;
         while (other_pos != other._end) {
-            *this_pos = *other;
+            *this_pos = *other_pos;
             ++this_pos;
             ++other_pos;
         }

include/olm/olm_export.h

@@ -9,15 +9,15 @@
 #  ifndef OLM_EXPORT
 #    ifdef olm_EXPORTS
         /* We are building this library */
-#      define OLM_EXPORT __attribute__((visibility("default")))
+#      define OLM_EXPORT 
 #    else
         /* We are using this library */
-#      define OLM_EXPORT __attribute__((visibility("default")))
+#      define OLM_EXPORT 
 #    endif
 #  endif
 
 #  ifndef OLM_NO_EXPORT
-#    define OLM_NO_EXPORT __attribute__((visibility("hidden")))
+#    define OLM_NO_EXPORT 
 #  endif
 #endif
 

javascript/index.d.ts

@@ -51,7 +51,10 @@ declare class Session {
     has_received_message(): boolean;
     matches_inbound(one_time_key_message: string): boolean;
     matches_inbound_from(identity_key: string, one_time_key_message: string): boolean;
-    encrypt(plaintext: string): object;
+    encrypt(plaintext: string): {
+        type: 0 | 1; // 0: PreKey, 1: Message
+        body: string;
+    };
     decrypt(message_type: number, message: string): string;
     describe(): string;
 }
@@ -70,7 +73,10 @@ declare class InboundGroupSession {
     unpickle(key: string | Uint8Array, pickle: string): void;
     create(session_key: string): string;
     import_session(session_key: string): string;
-    decrypt(message: string): object;
+    decrypt(message: string): {
+        message_index: number;
+        plaintext: string;
+    };
     session_id(): string;
     first_known_index(): number;
     export_session(message_index: number): string;
@@ -92,7 +98,11 @@ declare class PkEncryption {
     constructor();
     free(): void;
     set_recipient_key(key: string): void;
-    encrypt(plaintext: string): object;
+    encrypt(plaintext: string): {
+        ciphertext: string;
+        mac: string;
+        ephemeral: string;
+    };
 }
 
 declare class PkDecryption {

javascript/olm_pre.js

@@ -14,7 +14,6 @@ if (typeof(window) !== 'undefined') {
         var bytes = nodeCrypto['randomBytes'](buf.length);
         buf.set(bytes);
     };
-    process = global["process"];
 } else {
     throw new Error("Cannot find global to attach library to");
 }

javascript/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@matrix-org/olm",
-  "version": "3.2.13",
+  "version": "3.2.16",
   "description": "An implementation of the Double Ratchet cryptographic ratchet",
   "main": "olm.js",
   "files": [
@@ -31,8 +31,5 @@
   "homepage": "https://gitlab.matrix.org/matrix-org/olm",
   "devDependencies": {
     "jasmine": "^3.0.0"
-  },
-  "publishConfig": {
-    "@matrix-org:registry":"https://gitlab.matrix.org/api/v4/projects/27/packages/npm/"
   }
 }

lib/crypto-algorithms/aes.h

@@ -1,123 +1,123 @@
-/*********************************************************************
+/*********************************************************************
-* Filename:   aes.h
+* Filename:   aes.h
-* Author:     Brad Conte (brad AT bradconte.com)
+* Author:     Brad Conte (brad AT bradconte.com)
-* Copyright:
+* Copyright:
-* Disclaimer: This code is presented "as is" without any guarantees.
+* Disclaimer: This code is presented "as is" without any guarantees.
-* Details:    Defines the API for the corresponding AES implementation.
+* Details:    Defines the API for the corresponding AES implementation.
-*********************************************************************/
+*********************************************************************/
-
+
-#ifndef AES_H
+#ifndef AES_H
-#define AES_H
+#define AES_H
-
+
-/*************************** HEADER FILES ***************************/
+/*************************** HEADER FILES ***************************/
-#include <stddef.h>
+#include <stddef.h>
-
+#include <stdint.h>
-/****************************** MACROS ******************************/
+/****************************** MACROS ******************************/
-#define AES_BLOCK_SIZE 16               // AES operates on 16 bytes at a time
+#define AES_BLOCK_SIZE 16               // AES operates on 16 bytes at a time
-
+
-/**************************** DATA TYPES ****************************/
+/**************************** DATA TYPES ****************************/
-typedef unsigned char BYTE;            // 8-bit byte
+typedef uint8_t BYTE;            // 8-bit byte
-typedef unsigned int WORD;             // 32-bit word, change to "long" for 16-bit machines
+typedef uint32_t WORD;             // 32-bit word, change to "long" for 16-bit machines
-
+
-/*********************** FUNCTION DECLARATIONS **********************/
+/*********************** FUNCTION DECLARATIONS **********************/
-///////////////////
+///////////////////
-// AES
+// AES
-///////////////////
+///////////////////
-// Key setup must be done before any AES en/de-cryption functions can be used.
+// Key setup must be done before any AES en/de-cryption functions can be used.
-void aes_key_setup(const BYTE key[],          // The key, must be 128, 192, or 256 bits
+void aes_key_setup(const BYTE key[],          // The key, must be 128, 192, or 256 bits
-                   WORD w[],                  // Output key schedule to be used later
+                   WORD w[],                  // Output key schedule to be used later
-                   int keysize);              // Bit length of the key, 128, 192, or 256
+                   int keysize);              // Bit length of the key, 128, 192, or 256
-
+
-void aes_encrypt(const BYTE in[],             // 16 bytes of plaintext
+void aes_encrypt(const BYTE in[],             // 16 bytes of plaintext
-                 BYTE out[],                  // 16 bytes of ciphertext
+                 BYTE out[],                  // 16 bytes of ciphertext
-                 const WORD key[],            // From the key setup
+                 const WORD key[],            // From the key setup
-                 int keysize);                // Bit length of the key, 128, 192, or 256
+                 int keysize);                // Bit length of the key, 128, 192, or 256
-
+
-void aes_decrypt(const BYTE in[],             // 16 bytes of ciphertext
+void aes_decrypt(const BYTE in[],             // 16 bytes of ciphertext
-                 BYTE out[],                  // 16 bytes of plaintext
+                 BYTE out[],                  // 16 bytes of plaintext
-                 const WORD key[],            // From the key setup
+                 const WORD key[],            // From the key setup
-                 int keysize);                // Bit length of the key, 128, 192, or 256
+                 int keysize);                // Bit length of the key, 128, 192, or 256
-
+
-///////////////////
+///////////////////
-// AES - CBC
+// AES - CBC
-///////////////////
+///////////////////
-int aes_encrypt_cbc(const BYTE in[],          // Plaintext
+int aes_encrypt_cbc(const BYTE in[],          // Plaintext
-                    size_t in_len,            // Must be a multiple of AES_BLOCK_SIZE
+                    size_t in_len,            // Must be a multiple of AES_BLOCK_SIZE
-                    BYTE out[],               // Ciphertext, same length as plaintext
+                    BYTE out[],               // Ciphertext, same length as plaintext
-                    const WORD key[],         // From the key setup
+                    const WORD key[],         // From the key setup
-                    int keysize,              // Bit length of the key, 128, 192, or 256
+                    int keysize,              // Bit length of the key, 128, 192, or 256
-                    const BYTE iv[]);         // IV, must be AES_BLOCK_SIZE bytes long
+                    const BYTE iv[]);         // IV, must be AES_BLOCK_SIZE bytes long
-
+
-// Only output the CBC-MAC of the input.
+// Only output the CBC-MAC of the input.
-int aes_encrypt_cbc_mac(const BYTE in[],      // plaintext
+int aes_encrypt_cbc_mac(const BYTE in[],      // plaintext
-                        size_t in_len,        // Must be a multiple of AES_BLOCK_SIZE
+                        size_t in_len,        // Must be a multiple of AES_BLOCK_SIZE
-                        BYTE out[],           // Output MAC
+                        BYTE out[],           // Output MAC
-                        const WORD key[],     // From the key setup
+                        const WORD key[],     // From the key setup
-                        int keysize,          // Bit length of the key, 128, 192, or 256
+                        int keysize,          // Bit length of the key, 128, 192, or 256
-                        const BYTE iv[]);     // IV, must be AES_BLOCK_SIZE bytes long
+                        const BYTE iv[]);     // IV, must be AES_BLOCK_SIZE bytes long
-
+
-///////////////////
+///////////////////
-// AES - CTR
+// AES - CTR
-///////////////////
+///////////////////
-void increment_iv(BYTE iv[],                  // Must be a multiple of AES_BLOCK_SIZE
+void increment_iv(BYTE iv[],                  // Must be a multiple of AES_BLOCK_SIZE
-                  int counter_size);          // Bytes of the IV used for counting (low end)
+                  int counter_size);          // Bytes of the IV used for counting (low end)
-
+
-void aes_encrypt_ctr(const BYTE in[],         // Plaintext
+void aes_encrypt_ctr(const BYTE in[],         // Plaintext
-                     size_t in_len,           // Any byte length
+                     size_t in_len,           // Any byte length
-                     BYTE out[],              // Ciphertext, same length as plaintext
+                     BYTE out[],              // Ciphertext, same length as plaintext
-                     const WORD key[],        // From the key setup
+                     const WORD key[],        // From the key setup
-                     int keysize,             // Bit length of the key, 128, 192, or 256
+                     int keysize,             // Bit length of the key, 128, 192, or 256
-                     const BYTE iv[]);        // IV, must be AES_BLOCK_SIZE bytes long
+                     const BYTE iv[]);        // IV, must be AES_BLOCK_SIZE bytes long
-
+
-void aes_decrypt_ctr(const BYTE in[],         // Ciphertext
+void aes_decrypt_ctr(const BYTE in[],         // Ciphertext
-                     size_t in_len,           // Any byte length
+                     size_t in_len,           // Any byte length
-                     BYTE out[],              // Plaintext, same length as ciphertext
+                     BYTE out[],              // Plaintext, same length as ciphertext
-                     const WORD key[],        // From the key setup
+                     const WORD key[],        // From the key setup
-                     int keysize,             // Bit length of the key, 128, 192, or 256
+                     int keysize,             // Bit length of the key, 128, 192, or 256
-                     const BYTE iv[]);        // IV, must be AES_BLOCK_SIZE bytes long
+                     const BYTE iv[]);        // IV, must be AES_BLOCK_SIZE bytes long
-
+
-///////////////////
+///////////////////
-// AES - CCM
+// AES - CCM
-///////////////////
+///////////////////
-// Returns True if the input parameters do not violate any constraint.
+// Returns True if the input parameters do not violate any constraint.
-int aes_encrypt_ccm(const BYTE plaintext[],              // IN  - Plaintext.
+int aes_encrypt_ccm(const BYTE plaintext[],              // IN  - Plaintext.
-                    WORD plaintext_len,                  // IN  - Plaintext length.
+                    WORD plaintext_len,                  // IN  - Plaintext length.
-                    const BYTE associated_data[],        // IN  - Associated Data included in authentication, but not encryption.
+                    const BYTE associated_data[],        // IN  - Associated Data included in authentication, but not encryption.
-                    unsigned short associated_data_len,  // IN  - Associated Data length in bytes.
+                    unsigned short associated_data_len,  // IN  - Associated Data length in bytes.
-                    const BYTE nonce[],                  // IN  - The Nonce to be used for encryption.
+                    const BYTE nonce[],                  // IN  - The Nonce to be used for encryption.
-                    unsigned short nonce_len,            // IN  - Nonce length in bytes.
+                    unsigned short nonce_len,            // IN  - Nonce length in bytes.
-                    BYTE ciphertext[],                   // OUT - Ciphertext, a concatination of the plaintext and the MAC.
+                    BYTE ciphertext[],                   // OUT - Ciphertext, a concatination of the plaintext and the MAC.
-                    WORD *ciphertext_len,                // OUT - The length of the ciphertext, always plaintext_len + mac_len.
+                    WORD *ciphertext_len,                // OUT - The length of the ciphertext, always plaintext_len + mac_len.
-                    WORD mac_len,                        // IN  - The desired length of the MAC, must be 4, 6, 8, 10, 12, 14, or 16.
+                    WORD mac_len,                        // IN  - The desired length of the MAC, must be 4, 6, 8, 10, 12, 14, or 16.
-                    const BYTE key[],                    // IN  - The AES key for encryption.
+                    const BYTE key[],                    // IN  - The AES key for encryption.
-                    int keysize);                        // IN  - The length of the key in bits. Valid values are 128, 192, 256.
+                    int keysize);                        // IN  - The length of the key in bits. Valid values are 128, 192, 256.
-
+
-// Returns True if the input parameters do not violate any constraint.
+// Returns True if the input parameters do not violate any constraint.
-// Use mac_auth to ensure decryption/validation was preformed correctly.
+// Use mac_auth to ensure decryption/validation was preformed correctly.
-// If authentication does not succeed, the plaintext is zeroed out. To overwride
+// If authentication does not succeed, the plaintext is zeroed out. To overwride
-// this, call with mac_auth = NULL. The proper proceedure is to decrypt with
+// this, call with mac_auth = NULL. The proper proceedure is to decrypt with
-// authentication enabled (mac_auth != NULL) and make a second call to that
+// authentication enabled (mac_auth != NULL) and make a second call to that
-// ignores authentication explicitly if the first call failes.
+// ignores authentication explicitly if the first call failes.
-int aes_decrypt_ccm(const BYTE ciphertext[],             // IN  - Ciphertext, the concatination of encrypted plaintext and MAC.
+int aes_decrypt_ccm(const BYTE ciphertext[],             // IN  - Ciphertext, the concatination of encrypted plaintext and MAC.
-                    WORD ciphertext_len,                 // IN  - Ciphertext length in bytes.
+                    WORD ciphertext_len,                 // IN  - Ciphertext length in bytes.
-                    const BYTE assoc[],                  // IN  - The Associated Data, required for authentication.
+                    const BYTE assoc[],                  // IN  - The Associated Data, required for authentication.
-                    unsigned short assoc_len,            // IN  - Associated Data length in bytes.
+                    unsigned short assoc_len,            // IN  - Associated Data length in bytes.
-                    const BYTE nonce[],                  // IN  - The Nonce to use for decryption, same one as for encryption.
+                    const BYTE nonce[],                  // IN  - The Nonce to use for decryption, same one as for encryption.
-                    unsigned short nonce_len,            // IN  - Nonce length in bytes.
+                    unsigned short nonce_len,            // IN  - Nonce length in bytes.
-                    BYTE plaintext[],                    // OUT - The plaintext that was decrypted. Will need to be large enough to hold ciphertext_len - mac_len.
+                    BYTE plaintext[],                    // OUT - The plaintext that was decrypted. Will need to be large enough to hold ciphertext_len - mac_len.
-                    WORD *plaintext_len,                 // OUT - Length in bytes of the output plaintext, always ciphertext_len - mac_len .
+                    WORD *plaintext_len,                 // OUT - Length in bytes of the output plaintext, always ciphertext_len - mac_len .
-                    WORD mac_len,                        // IN  - The length of the MAC that was calculated.
+                    WORD mac_len,                        // IN  - The length of the MAC that was calculated.
-                    int *mac_auth,                       // OUT - TRUE if authentication succeeded, FALSE if it did not. NULL pointer will ignore the authentication.
+                    int *mac_auth,                       // OUT - TRUE if authentication succeeded, FALSE if it did not. NULL pointer will ignore the authentication.
-                    const BYTE key[],                    // IN  - The AES key for decryption.
+                    const BYTE key[],                    // IN  - The AES key for decryption.
-                    int keysize);                        // IN  - The length of the key in BITS. Valid values are 128, 192, 256.
+                    int keysize);                        // IN  - The length of the key in BITS. Valid values are 128, 192, 256.
-
+
-///////////////////
+///////////////////
-// Test functions
+// Test functions
-///////////////////
+///////////////////
-int aes_test();
+int aes_test();
-int aes_ecb_test();
+int aes_ecb_test();
-int aes_cbc_test();
+int aes_cbc_test();
-int aes_ctr_test();
+int aes_ctr_test();
-int aes_ccm_test();
+int aes_ccm_test();
-
+
-#endif   // AES_H
+#endif   // AES_H

lib/crypto-algorithms/sha256.h

@@ -11,13 +11,14 @@
 
 /*************************** HEADER FILES ***************************/
 #include <stddef.h>
+#include <stdint.h>
 
 /****************************** MACROS ******************************/
 #define SHA256_BLOCK_SIZE 32            // SHA256 outputs a 32 byte digest
 
 /**************************** DATA TYPES ****************************/
-typedef unsigned char BYTE;             // 8-bit byte
+typedef uint8_t BYTE;             // 8-bit byte
-typedef unsigned int  WORD;             // 32-bit word, change to "long" for 16-bit machines
+typedef uint32_t  WORD;             // 32-bit word, change to "long" for 16-bit machines
 
 typedef struct {
 	BYTE data[64];

lib/doctest/doctest/doctest.h

@@ -4498,7 +4498,7 @@ namespace {
             sigaltstack(&sigStack, &oldSigStack);
             struct sigaction sa = {};
             sa.sa_handler       = handleSignal; // NOLINT
-            sa.sa_flags         = SA_ONSTACK;
+            sa.sa_flags         = SS_ONSTACK;
             for(std::size_t i = 0; i < DOCTEST_COUNTOF(signalDefs); ++i) {
                 sigaction(signalDefs[i].id, &sa, &oldSigActions[i]);
             }

lib/doctest/doctest/parts/doctest.cpp

@@ -1684,7 +1684,7 @@ namespace {
             sigaltstack(&sigStack, &oldSigStack);
             struct sigaction sa = {};
             sa.sa_handler       = handleSignal; // NOLINT
-            sa.sa_flags         = SA_ONSTACK;
+            sa.sa_flags         = SS_ONSTACK;
             for(std::size_t i = 0; i < DOCTEST_COUNTOF(signalDefs); ++i) {
                 sigaction(signalDefs[i].id, &sa, &oldSigActions[i]);
             }

nix/overlay.nix

@@ -0,0 +1,76 @@
+final: prev: {
+  olm-gcc-cmake = prev.gccStdenv.mkDerivation {
+    name = "olm_gcc_cmake";
+
+    src = ./..;
+
+    nativeBuildInputs = [ prev.cmake ];
+    doCheck = true;
+    checkPhase = ''
+      (cd tests && ctest . -j $NIX_BUILD_CORES)
+    '';
+  };
+
+  olm-clang-cmake = prev.clangStdenv.mkDerivation {
+    name = "olm_clang_cmake";
+
+    src = ./..;
+
+    nativeBuildInputs = [ prev.cmake ];
+
+    doCheck = true;
+    checkPhase = ''
+      (cd tests && ctest . -j $NIX_BUILD_CORES)
+    '';
+  };
+
+  olm-gcc-make = prev.gccStdenv.mkDerivation {
+    name = "olm";
+
+    src = ./..;
+
+    doCheck = true;
+    makeFlags = [ "PREFIX=$out" ];
+  };
+
+  olm-javascript = final.buildEmscriptenPackage {
+    pname = "olm_javascript";
+    inherit (builtins.fromJSON (builtins.readFile ../javascript/package.json)) version;
+
+    src = ./..;
+
+    nativeBuildInputs = with prev; [ gnumake python3 nodejs ];
+
+    postPatch = ''
+      patchShebangs .
+    '';
+
+    configurePhase = false;
+
+    buildPhase = ''
+      export EM_CACHE=$TMPDIR
+      make javascript/exported_functions.json
+      make js
+    '';
+
+    installPhase = ''
+      mkdir -p $out/javascript
+      cd javascript
+      echo sha256: > checksums.txt
+      sha256sum olm.js olm_legacy.js olm.wasm >> checksums.txt
+      echo sha512: >> checksums.txt
+      sha512sum olm.js olm_legacy.js olm.wasm >> checksums.txt
+      cp package.json olm.js olm.wasm olm_legacy.js index.d.ts README.md checksums.txt $out/javascript
+      cd ..
+    '';
+
+    checkPhase = ''
+      cd javascript
+      export HOME=$TMPDIR
+      ln -s ${final.node_modules}/node_modules ./node_modules
+      npm test
+      cd ..
+    '';
+  };
+
+}

python/.gitlab-ci.yml

@@ -34,7 +34,7 @@ test:python:
   image: docker.io/python:$PYTHON_VERSIONS
   parallel:
     matrix:
-      - PYTHON_VERSIONS: [ "3.6", "3.7", "3.8", "3.9" ]
+      - PYTHON_VERSIONS: [ "3.8", "3.9", "3.10", "3.11", "3.12" ]
   script:
     - pip install tox
     - make headers

python/MANIFEST.in

@@ -1,5 +1,3 @@
-include include/olm/olm.h
+include include/olm/*.h
-include include/olm/pk.h
-include include/olm/sas.h
 include Makefile
 include olm_build.py

python/README.md

@@ -15,6 +15,18 @@ found [here][6].
 
 The full API reference can be found [here][7].
 
+# Installation instructions
+
+To install from the source package, you will need:
+
+- cmake (recommended) or GNU make
+- a C/C++ compiler
+
+You can then run `pip install python-olm`.
+
+This should work in UNIX-like environments, including macOS, and may work in
+other environments too, but is known to not work yet in Windows.
+
 # Accounts
 
 Accounts create and hold the central identity of the Olm protocol, they consist of a fingerprint and identity

python/make_sdist.sh

@@ -0,0 +1,35 @@
+#!/bin/bash
+set -e
+
+DIR=$(mktemp -d)
+SRC=$(pwd)
+
+echo "Making headers"
+make headers
+
+cd $DIR
+
+echo "Copying python module"
+cp -a $SRC/* .
+mkdir -p libolm
+echo "Cleaning sources"
+make clean > /dev/null
+cp -a $SRC/include .
+echo "Copying libolm sources"
+for src in cmake CMakeLists.txt common.mk include lib Makefile olm.pc.in src tests; do
+    cp -a $SRC/../$src libolm
+done
+find libolm -name \*~ -delete
+find libolm -name \#\*\# -delete
+
+echo "Building"
+patch -p1 < $SRC/packaging.diff
+python3 -m build -s
+
+echo "Copying result"
+mkdir -p $SRC/dist
+cp dist/* $SRC/dist
+
+echo "Cleaning up"
+cd $SRC
+rm -rf $DIR

python/olm/__version__.py

@@ -1,9 +0,0 @@
-__title__ = "python-olm"
-__description__ = ("python CFFI bindings for the olm "
-                   "cryptographic ratchet library")
-__url__ = "https://github.com/poljar/python-olm"
-__version__ = "3.2.13"
-__author__ = "Damir Jelić"
-__author_email__ = "poljar@termina.org.uk"
-__license__ = "Apache 2.0"
-__copyright__ = "Copyright 2018-2019 Damir Jelić"

python/olm/_finalize.py

@@ -23,7 +23,6 @@
 
 This is designed for avoiding __del__.
 """
-from __future__ import print_function
 
 import sys
 import traceback

python/olm/account.py

@@ -32,8 +32,6 @@ import json
 from builtins import bytes, super
 from typing import AnyStr, Dict, Optional, Type
 
-from future.utils import bytes_to_native_str
-
 # pylint: disable=no-name-in-module
 from _libolm import ffi, lib  # type: ignore
 
@@ -93,8 +91,7 @@ class Account(object):
         if ret != lib.olm_error():
             return
 
-        last_error = bytes_to_native_str(
+        last_error = ffi.string((lib.olm_account_last_error(self._account))).decode()
-            ffi.string((lib.olm_account_last_error(self._account))))
 
         raise OlmAccountError(last_error)
 
@@ -209,7 +206,7 @@ class Account(object):
                 for i in range(0, len(bytes_message)):
                     bytes_message[i] = 0
 
-        return bytes_to_native_str(ffi.unpack(out_buffer, out_length))
+        return ffi.unpack(out_buffer, out_length).decode()
 
     @property
     def max_one_time_keys(self):

python/olm/group_session.py

@@ -28,8 +28,6 @@ Examples:
 from builtins import bytes, super
 from typing import AnyStr, Optional, Tuple, Type
 
-from future.utils import bytes_to_native_str
-
 # pylint: disable=no-name-in-module
 from _libolm import ffi, lib  # type: ignore
 
@@ -171,8 +169,9 @@ class InboundGroupSession(object):
         if ret != lib.olm_error():
             return
 
-        last_error = bytes_to_native_str(ffi.string(
+        last_error = ffi.string(
-            lib.olm_inbound_group_session_last_error(self._session)))
+            lib.olm_inbound_group_session_last_error(self._session)
+        ).decode()
 
         raise OlmGroupSessionError(last_error)
 
@@ -252,7 +251,7 @@ class InboundGroupSession(object):
             id_length
         )
         self._check_error(ret)
-        return bytes_to_native_str(ffi.unpack(id_buffer, id_length))
+        return ffi.unpack(id_buffer, id_length).decode()
 
     @property
     def first_known_index(self):
@@ -290,7 +289,7 @@ class InboundGroupSession(object):
             message_index
         )
         self._check_error(ret)
-        export_str = bytes_to_native_str(ffi.unpack(export_buffer, export_length))
+        export_str = ffi.unpack(export_buffer, export_length).decode()
 
         # clear out copies of the key
         lib.memset(export_buffer, 0, export_length)
@@ -373,9 +372,9 @@ class OutboundGroupSession(object):
         if ret != lib.olm_error():
             return
 
-        last_error = bytes_to_native_str(ffi.string(
+        last_error = ffi.string(
             lib.olm_outbound_group_session_last_error(self._session)
-        ))
+        ).decode()
 
         raise OlmGroupSessionError(last_error)
 
@@ -483,7 +482,7 @@ class OutboundGroupSession(object):
                 for i in range(0, len(byte_plaintext)):
                     byte_plaintext[i] = 0
 
-        return bytes_to_native_str(ffi.unpack(message_buffer, message_length))
+        return ffi.unpack(message_buffer, message_length).decode()
 
     @property
     def id(self):
@@ -499,7 +498,7 @@ class OutboundGroupSession(object):
         )
         self._check_error(ret)
 
-        return bytes_to_native_str(ffi.unpack(id_buffer, id_length))
+        return ffi.unpack(id_buffer, id_length).decode()
 
     @property
     def message_index(self):
@@ -529,4 +528,4 @@ class OutboundGroupSession(object):
         )
         self._check_error(ret)
 
-        return bytes_to_native_str(ffi.unpack(key_buffer, key_length))
+        return ffi.unpack(key_buffer, key_length).decode()

python/olm/pk.py

@@ -36,8 +36,6 @@ Examples:
 from builtins import super
 from typing import AnyStr, Type
 
-from future.utils import bytes_to_native_str
-
 from _libolm import ffi, lib  # type: ignore
 
 from ._compat import URANDOM, to_bytearray, to_unicode_str
@@ -116,8 +114,9 @@ class PkEncryption(object):
         if ret != lib.olm_error():
             return
 
-        last_error = bytes_to_native_str(
+        last_error = ffi.string(
-            ffi.string(lib.olm_pk_encryption_last_error(self._pk_encryption)))
+            lib.olm_pk_encryption_last_error(self._pk_encryption)
+        ).decode()
 
         raise PkEncryptionError(last_error)
 
@@ -166,12 +165,9 @@ class PkEncryption(object):
                     byte_plaintext[i] = 0
 
         message = PkMessage(
-            bytes_to_native_str(
+            ffi.unpack(ephemeral_key, ephemeral_key_size).decode(),
-                ffi.unpack(ephemeral_key, ephemeral_key_size)),
+            ffi.unpack(mac, mac_length).decode(),
-            bytes_to_native_str(
+            ffi.unpack(ciphertext, ciphertext_length).decode(),
-                ffi.unpack(mac, mac_length)),
-            bytes_to_native_str(
-                ffi.unpack(ciphertext, ciphertext_length))
         )
         return message
 
@@ -217,18 +213,19 @@ class PkDecryption(object):
             random_buffer, random_length
         )
         self._check_error(ret)
-        self.public_key: str = bytes_to_native_str(ffi.unpack(
+        self.public_key: str = ffi.unpack(
             key_buffer,
             key_length
-        ))
+        ).decode()
 
     def _check_error(self, ret):
         # type: (int) -> None
         if ret != lib.olm_error():
             return
 
-        last_error = bytes_to_native_str(
+        last_error = ffi.string(
-            ffi.string(lib.olm_pk_decryption_last_error(self._pk_decryption)))
+            lib.olm_pk_decryption_last_error(self._pk_decryption)
+        ).decode()
 
         raise PkDecryptionError(last_error)
 
@@ -306,10 +303,10 @@ class PkDecryption(object):
             for i in range(0, len(byte_key)):
                 byte_key[i] = 0
 
-        obj.public_key = bytes_to_native_str(ffi.unpack(
+        obj.public_key = ffi.unpack(
             pubkey_buffer,
             pubkey_length
-        ))
+        ).decode()
 
         return obj
 
@@ -411,17 +408,14 @@ class PkSigning(object):
 
         self._check_error(ret)
 
-        self.public_key = bytes_to_native_str(
+        self.public_key = ffi.unpack(pubkey_buffer, pubkey_length).decode()
-            ffi.unpack(pubkey_buffer, pubkey_length)
-        )
 
     def _check_error(self, ret):
         # type: (int) -> None
         if ret != lib.olm_error():
             return
 
-        last_error = bytes_to_native_str(
+        last_error = ffi.string(lib.olm_pk_signing_last_error(self._pk_signing)).decode()
-            ffi.string(lib.olm_pk_signing_last_error(self._pk_signing)))
 
         raise PkSigningError(last_error)
 
@@ -456,6 +450,4 @@ class PkSigning(object):
             signature_buffer, signature_length)
         self._check_error(ret)
 
-        return bytes_to_native_str(
+        return ffi.unpack(signature_buffer, signature_length).decode()
-            ffi.unpack(signature_buffer, signature_length)
-        )

python/olm/sas.py

@@ -34,8 +34,6 @@ from builtins import bytes
 from functools import wraps
 from typing import Optional
 
-from future.utils import bytes_to_native_str
-
 from _libolm import ffi, lib
 
 from ._compat import URANDOM, to_bytearray, to_bytes
@@ -92,8 +90,7 @@ class Sas(object):
         if ret != lib.olm_error():
             return
 
-        last_error = bytes_to_native_str(
+        last_error = ffi.string((lib.olm_sas_last_error(self._sas))).decode()
-            ffi.string((lib.olm_sas_last_error(self._sas))))
 
         raise OlmSasError(last_error)
 
@@ -115,7 +112,7 @@ class Sas(object):
             lib.olm_sas_get_pubkey(self._sas, pubkey_buffer, pubkey_length)
         )
 
-        return bytes_to_native_str(ffi.unpack(pubkey_buffer, pubkey_length))
+        return ffi.unpack(pubkey_buffer, pubkey_length).decode()
 
     @property
     def other_key_set(self):
@@ -208,7 +205,7 @@ class Sas(object):
                 mac_length
             )
         )
-        return bytes_to_native_str(ffi.unpack(mac_buffer, mac_length))
+        return ffi.unpack(mac_buffer, mac_length).decode()
 
     def calculate_mac_fixed_base64(self, message, extra_info):
         # type: (str, str) -> str
@@ -242,7 +239,7 @@ class Sas(object):
                 mac_length
             )
         )
-        return bytes_to_native_str(ffi.unpack(mac_buffer, mac_length))
+        return ffi.unpack(mac_buffer, mac_length).decode()
 
     def calculate_mac_long_kdf(self, message, extra_info):
         # type: (str, str) -> str
@@ -276,4 +273,4 @@ class Sas(object):
                 mac_length
             )
         )
-        return bytes_to_native_str(ffi.unpack(mac_buffer, mac_length))
+        return ffi.unpack(mac_buffer, mac_length).decode()

python/olm/session.py

@@ -35,8 +35,6 @@ Examples:
 from builtins import bytes, super
 from typing import AnyStr, Optional, Type
 
-from future.utils import bytes_to_native_str
-
 # pylint: disable=no-name-in-module
 from _libolm import ffi, lib  # type: ignore
 
@@ -146,8 +144,7 @@ class Session(object):
         if ret != lib.olm_error():
             return
 
-        last_error = bytes_to_native_str(
+        last_error = ffi.string(lib.olm_session_last_error(self._session)).decode()
-            ffi.string(lib.olm_session_last_error(self._session)))
 
         raise OlmSessionError(last_error)
 
@@ -260,16 +257,16 @@ class Session(object):
 
         if message_type == lib.OLM_MESSAGE_TYPE_PRE_KEY:
             return OlmPreKeyMessage(
-                bytes_to_native_str(ffi.unpack(
+                ffi.unpack(
                     ciphertext_buffer,
                     ciphertext_length
-                )))
+                ).decode())
         elif message_type == lib.OLM_MESSAGE_TYPE_MESSAGE:
             return OlmMessage(
-                bytes_to_native_str(ffi.unpack(
+                ffi.unpack(
                     ciphertext_buffer,
                     ciphertext_length
-                )))
+                ).decode())
         else:  # pragma: no cover
             raise ValueError("Unknown message type")
 
@@ -340,7 +337,7 @@ class Session(object):
         self._check_error(
             lib.olm_session_id(self._session, id_buffer, id_length)
         )
-        return bytes_to_native_str(ffi.unpack(id_buffer, id_length))
+        return ffi.unpack(id_buffer, id_length).decode()
 
     def matches(self, message, identity_key=None):
         # type: (OlmPreKeyMessage, Optional[AnyStr]) -> bool
@@ -407,7 +404,7 @@ class Session(object):
         lib.olm_session_describe(
             self._session, describe_buffer, buffer_length
         )
-        return bytes_to_native_str(ffi.string(describe_buffer))
+        return ffi.string(describe_buffer).decode()
 
 
 class InboundSession(Session):

python/olm/utility.py

@@ -33,8 +33,6 @@ Examples:
 # pylint: disable=redefined-builtin,unused-import
 from typing import AnyStr, Type
 
-from future.utils import bytes_to_native_str
-
 # pylint: disable=no-name-in-module
 from _libolm import ffi, lib  # type: ignore
 
@@ -123,7 +121,7 @@ class _Utility(object):
 
         cls._check_error(ret, OlmHashError)
 
-        return bytes_to_native_str(ffi.unpack(hash, hash_length))
+        return ffi.unpack(hash, hash_length).decode()
 
 
 def ed25519_verify(key, message, signature):

python/olm_build.py

@@ -15,8 +15,6 @@
 # CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
 # CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
-from __future__ import unicode_literals
-
 import os
 import subprocess
 
@@ -28,18 +26,10 @@ PATH = os.path.dirname(__file__)
 DEVELOP = os.environ.get("DEVELOP")
 
 compile_args = ["-I../include"]
-link_args = ["-L../build"]
 
 if DEVELOP and DEVELOP.lower() in ["yes", "true", "1"]:
     link_args.append('-Wl,-rpath=../build')
 
-# If libolm is compiled statically, we may need to link to the C++ standard
-# library dynamically.  This flag allows passing the required linker flag to do
-# so.
-CXX_LIB = os.environ.get("CXX_LIB")
-if CXX_LIB:
-    link_args.append(CXX_LIB)
-
 headers_build = subprocess.Popen("make headers", shell=True)
 headers_build.wait()
 
@@ -53,8 +43,10 @@ ffibuilder.set_source(
         #include <olm/sas.h>
     """,
     libraries=["olm"],
+    library_dirs=[os.path.join("..", "build")],
     extra_compile_args=compile_args,
-    extra_link_args=link_args)
+    source_extension=".cpp", # we need to link the C++ standard library, so use a C++ extension
+)
 
 with open(os.path.join(PATH, "include/olm/error.h")) as f:
     ffibuilder.cdef(f.read(), override=True)

python/packaging.diff

@@ -0,0 +1,56 @@
+--- a/MANIFEST.in
++++ b/MANIFEST.in
+@@ -1,3 +1,8 @@
+ include include/olm/*.h
+-include Makefile
+ include olm_build.py
++include libolm/*
++include libolm/cmake/*
++include libolm/include/olm/*
++recursive-include libolm/lib *
++include libolm/src/*
++recursive-include libolm/tests *
+--- a/olm_build.py
++++ b/olm_build.py
+@@ -25,12 +25,29 @@
+ 
+ DEVELOP = os.environ.get("DEVELOP")
+ 
+-compile_args = ["-I../include"]
++compile_args = ["-Ilibolm/include"]
+ 
+ if DEVELOP and DEVELOP.lower() in ["yes", "true", "1"]:
+     link_args.append('-Wl,-rpath=../build')
+ 
+-headers_build = subprocess.Popen("make headers", shell=True)
+-headers_build.wait()
++# Try to build with cmake first, fall back to GNU make
++try:
++    subprocess.run(
++        ["cmake", ".", "-Bbuild", "-DBUILD_SHARED_LIBS=NO"],
++        cwd="libolm", check=True,
++    )
++    subprocess.run(
++        ["cmake", "--build", "build"],
++        cwd="libolm", check=True,
++    )
++except FileNotFoundError:
++    try:
++        # try "gmake" first because some systems have a non-GNU make
++        # installed as "make"
++        subprocess.run(["gmake", "static"], cwd="libolm", check=True)
++    except FileNotFoundError:
++        # some systems have GNU make installed without the leading "g"
++        # so give that a try (though this may fail if it isn't GNU make)
++        subprocess.run(["make", "static"], cwd="libolm", check=True)
+ 
+ ffibuilder.set_source(
+@@ -43,7 +60,7 @@
+         #include <olm/sas.h>
+     """,
+     libraries=["olm"],
+-    library_dirs=[os.path.join("..", "build")],
++    library_dirs=[os.path.join("libolm", "build")],
+     extra_compile_args=compile_args,
+     source_extension=".cpp", # we need to link the C++ standard library, so use a C++ extension
+ )

python/pyproject.toml

@@ -0,0 +1,22 @@
+[build-system]
+requires = ["setuptools", "cffi>=1.0.0"]
+build-backend = "setuptools.build_meta"
+
+[project]
+name = "python-olm"
+version = "3.2.16"
+description = "python CFFI bindings for the olm cryptographic ratchet library"
+authors = [{name = "Damir Jelić", email = "poljar@termina.org.uk"}]
+license = {text = "Apache-2.0"}
+readme = "README.md"
+classifiers = [
+    "License :: OSI Approved :: Apache Software License",
+    "Topic :: Communications",
+]
+dependencies = ["cffi>=1.0.0"]
+
+[project.urls]
+homepage = "https://gitlab.matrix.org/matrix-org/olm/-/tree/master/python"
+
+[tool.setuptools]
+packages = [ "olm" ]

python/requirements.txt

@@ -1,3 +1,2 @@
-future
 cffi
 typing

python/setup.cfg

@@ -3,6 +3,3 @@ testpaths = tests
 flake8-ignore =
     olm/*.py F401
     tests/*.py W503
-
-[coverage:run]
-omit=olm/__version__.py

python/setup.py

@@ -1,34 +1,6 @@
 # -*- coding: utf-8 -*-
-
-import os
-from codecs import open
-
 from setuptools import setup
 
-here = os.path.abspath(os.path.dirname(__file__))
-
-about = {}
-with open(os.path.join(here, "olm", "__version__.py"), "r", "utf-8") as f:
-    exec(f.read(), about)
-
 setup(
-    name=about["__title__"],
+    cffi_modules=["olm_build.py:ffibuilder"]
-    version=about["__version__"],
-    description=about["__description__"],
-    author=about["__author__"],
-    author_email=about["__author_email__"],
-    url=about["__url__"],
-    license=about["__license__"],
-    packages=["olm"],
-    setup_requires=["cffi>=1.0.0"],
-    cffi_modules=["olm_build.py:ffibuilder"],
-    install_requires=[
-        "cffi>=1.0.0",
-        "future",
-        "typing;python_version<'3.5'"
-    ],
-    zip_safe=False,
-    package_data={
-        "olm": ["py.typed"]
-    }
 )

python/tests/utils_test.py

@@ -1,8 +1,6 @@
 import base64
 import hashlib
 
-from future.utils import bytes_to_native_str
-
 from olm import sha256
 from olm._compat import to_bytes
 
@@ -19,7 +17,7 @@ class TestClass(object):
             hashlib.sha256(to_bytes(input1)).digest()
         )
 
-        hashlib_hash = bytes_to_native_str(hashlib_hash[:-1])
+        hashlib_hash = hashlib_hash[:-1].decode()
 
         assert first_hash != second_hash
         assert hashlib_hash == first_hash

python/tox.ini

@@ -6,7 +6,7 @@ envlist = py27,py36,pypy,{py2,py3}-cov,coverage
 deps = -rrequirements.txt
        -rtest-requirements.txt
 
-passenv = TOXENV CI TRAVIS TRAVIS_*
+passenv = TOXENV,CI,TRAVIS,TRAVIS_*
 commands = pytest --benchmark-disable
 usedevelop = True
 

src/session.cpp

@@ -437,7 +437,7 @@ void olm::Session::describe(char *describe_buffer, size_t buflen) {
 
     size = snprintf(
         describe_buffer, remaining,
-        "sender chain index: %d ", ratchet.sender_chain[0].chain_key.index
+        "sender chain index: %lu ", ratchet.sender_chain[0].chain_key.index
     );
     CHECK_SIZE_AND_ADVANCE;
 
@@ -447,7 +447,7 @@ void olm::Session::describe(char *describe_buffer, size_t buflen) {
     for (size_t i = 0; i < ratchet.receiver_chains.size(); ++i) {
         size = snprintf(
             describe_buffer, remaining,
-            " %d", ratchet.receiver_chains[i].chain_key.index
+            " %lu", ratchet.receiver_chains[i].chain_key.index
         );
         CHECK_SIZE_AND_ADVANCE;
     }
@@ -458,7 +458,7 @@ void olm::Session::describe(char *describe_buffer, size_t buflen) {
     for (size_t i = 0; i < ratchet.skipped_message_keys.size(); ++i) {
         size = snprintf(
             describe_buffer, remaining,
-            " %d", ratchet.skipped_message_keys[i].message_key.index
+            " %lu", ratchet.skipped_message_keys[i].message_key.index
         );
         CHECK_SIZE_AND_ADVANCE;
     }

tests/include/doctest.h

@@ -4498,7 +4498,7 @@ namespace {
             sigaltstack(&sigStack, &oldSigStack);
             struct sigaction sa = {};
             sa.sa_handler       = handleSignal; // NOLINT
-            sa.sa_flags         = SA_ONSTACK;
+            sa.sa_flags         = SS_ONSTACK;
             for(std::size_t i = 0; i < DOCTEST_COUNTOF(signalDefs); ++i) {
                 sigaction(signalDefs[i].id, &sa, &oldSigActions[i]);
             }