Implementation of the olm and megolm cryptographic ratchets
Find a file
Richard van der Hoff 0c462cff11 Fix Ed25519 keypair generation
Ed25519 private keys, it turns out, have 64 bytes, not 32.

We were previously generating only 32 bytes (which is all that is required to
generate the public key), and then using the public key as the upper 32 bytes
when generating the per-message session key. This meant that everything
appeared to work, but the security of the private key was severely compromised.

By way of fixes:

 * Use the correct algorithm for generating the Ed25519 private key, and store
   all 512 bits of it.

 * Update the account pickle format and refuse to load the old format (since we
   should consider it compromised).

 * Bump the library version, and add a function to retrieve the library
   version, so that applications can verify that they are linked against a
   fixed version of the library.

 * Remove the curve25519_{sign, verify} functions which were unused and of
   dubious quality.
2016-09-01 13:35:23 +01:00
docs Correct a couple of errors in the spec 2016-05-18 18:17:29 +01:00
fuzzers Add a fuzzer for olm_group_decrypt 2016-05-26 13:25:34 +01:00
include/olm Fix Ed25519 keypair generation 2016-09-01 13:35:23 +01:00
javascript Fix Ed25519 keypair generation 2016-09-01 13:35:23 +01:00
lib Fix Ed25519 keypair generation 2016-09-01 13:35:23 +01:00
python Fix Ed25519 keypair generation 2016-09-01 13:35:23 +01:00
src Fix Ed25519 keypair generation 2016-09-01 13:35:23 +01:00
tests Fix Ed25519 keypair generation 2016-09-01 13:35:23 +01:00
tracing switch from /usr/bin/python to /usr/bin/env python. this doesn't help folks whose python path points at python3 (e.g. Arch linux) though, but I see no choice than they have to change the shebangs, as we do on Synapse. For instance, OSX doesn't have a python2 symlink, otherwise we'd use /usr/bin/env python2 shebang. 2015-11-01 13:05:51 +00:00
.gitignore Makefile rules to build the rst into html 2016-07-11 14:50:49 +01:00
CHANGELOG.rst Fix Ed25519 keypair generation 2016-09-01 13:35:23 +01:00
jenkins.sh add a script for jenkins to run 2016-05-24 14:45:32 +01:00
LICENSE Copyright notices and a license 2015-02-26 16:56:25 +00:00
Makefile Fix Ed25519 keypair generation 2016-09-01 13:35:23 +01:00
README.rst Document the release process 2016-07-11 14:51:04 +01:00
version_script.ver Use a version script to restrict symbols in the .so 2016-05-20 15:15:40 +01:00

Olm
===

An implementation of the cryptographic ratchet described by
https://github.com/trevp/axolotl/wiki, written in C++11 and exposed as a C API

The specification of the Olm ratchet can be found in docs/olm.rst or
https://matrix.org/docs/spec/olm.html

Building
--------

To build olm as a shared library run:

.. code:: bash

    make

To run the tests run:

.. code:: bash

    make test

To build the javascript bindings, install emscripten from http://kripken.github.io/emscripten-site/ and then run:

.. code:: bash

    make js

Release process
---------------

# Bump version numbers in ``Makefile`` and ``javascript/package.json``
# Prepare changelog
# ``git commit``
# ``make test``
# ``make js``
# ``npm pack javascript``
# ``scp olm-x.y.z.tgz packages@ldc-prd-matrix-001:/sites/matrix/packages/npm/olm/``
# ``git tag x.y.z``
# ``git push --tags``

It's probably sensible to do the above on a release branch (``release-vx.y.z``
by convention), and merge back to master once complete.


Design
------

Olm is designed to be easy port to different platforms and to be easy
to write bindings for.

It was originally implemented in C++, with a plain-C layer providing the public
API. As development has progressed, it has become clear that C++ gives little
advantage, and new functionality is being added in C, with C++ parts being
rewritten as the need ariases.

Error Handling
~~~~~~~~~~~~~~

All C functions in the API for olm return ``olm_error()`` on error.
This makes it easy to check for error conditions within the language bindings.

Random Numbers
~~~~~~~~~~~~~~

Olm doesn't generate random numbers itself. Instead the caller must
provide the random data. This makes it easier to port the library to different
platforms since the caller can use whatever cryptographic random number
generator their platform provides.

Memory
~~~~~~

Olm avoids calling malloc or allocating memory on the heap itself.
Instead the library calculates how much memory will be needed to hold the
output and the caller supplies a buffer of the appropriate size.

Output Encoding
~~~~~~~~~~~~~~~

Binary output is encoded as base64 so that languages that prefer unicode
strings will find it easier to handle the output.

Dependencies
~~~~~~~~~~~~

Olm uses pure C implementations of the cryptographic primitives used by
the ratchet. While this decreases the performance it makes it much easier
to compile the library for different architectures.

What's an olm?
--------------

It's a really cool species of European troglodytic salamander.
http://www.postojnska-jama.eu/en/come-and-visit-us/vivarium-proteus/

Legal Notice
------------

The software may be subject to the U.S. export control laws and regulations
and by downloading the software the user certifies that he/she/it is
authorized to do so in accordance with those export control laws and
regulations.