Implementation of the olm and megolm cryptographic ratchets
Find a file
Lukas Lihotzki 386431d831 Optionally use OpenSSL or LibreSSL instead of bundled crypto-algorithms
crypto-algorithms "have no resistence to side-channel attacks and should not
be used in contexts that need cryptographically secure implementations" (see
lib/crypto-algorithms/README.md), so using OpenSSL or LibreSSL is preferable.

This does solve https://github.com/matrix-org/olm/issues/3 for some platforms,
without breaking other platforms without these libraries (like web).

Signed-off-by: Lukas Lihotzki <lukas@lihotzki.de>
2021-05-04 18:13:40 -04:00
.circleci ...in the right dir 2018-10-03 16:26:17 +01:00
android Simplify assertions using suggestion from IDE 2021-04-16 21:57:57 +02:00
cmake Optionally use OpenSSL or LibreSSL instead of bundled crypto-algorithms 2021-05-04 18:13:40 -04:00
docs DH ratchet sequence diagram 2020-11-23 18:33:26 +00:00
fuzzers python: Remove the python bindings. 2018-07-18 17:44:32 -04:00
include Declare olm_sas_calculate_mac_fixed_base64 in header 2021-04-27 16:18:33 -04:00
javascript Add LibreJS license tag 2021-03-31 16:11:41 -04:00
lib OLMKit: Make the project build 2016-09-27 14:07:30 +02:00
python bump version number and add changelog 2021-02-22 17:06:13 -05:00
src Optionally use OpenSSL or LibreSSL instead of bundled crypto-algorithms 2021-05-04 18:13:40 -04:00
tests fix memory leaks in tests 2020-10-01 15:39:48 +02:00
tracing switch from /usr/bin/python to /usr/bin/env python. this doesn't help folks whose python path points at python3 (e.g. Arch linux) though, but I see no choice than they have to change the shebangs, as we do on Synapse. For instance, OSX doesn't have a python2 symlink, otherwise we'd use /usr/bin/env python2 shebang. 2015-11-01 13:05:51 +00:00
xcode Swift package: Update instructions 2021-04-06 17:18:50 +02:00
.gitignore Swift package: Update instructions 2021-04-06 17:18:50 +02:00
CHANGELOG.rst bump version number and add changelog 2021-02-22 17:06:13 -05:00
CMakeLists.txt Optionally use OpenSSL or LibreSSL instead of bundled crypto-algorithms 2021-05-04 18:13:40 -04:00
common.mk bump version number and add changelog 2021-02-22 17:06:13 -05:00
CONTRIBUTING.md Convert CONTRIBUTING.rst to markdown 2019-05-14 12:57:54 -04:00
exports.py fix build with emscripten 2.0.4 2020-09-26 18:23:50 +02:00
jenkins.sh python: Remove the python bindings. 2018-07-18 17:44:32 -04:00
LICENSE Copyright notices and a license 2015-02-26 16:56:25 +00:00
Makefile Add LibreJS license tag 2021-03-31 16:11:41 -04:00
olm.pc.in create and install a pkg-config file on Unix-like systems 2021-02-22 16:54:26 -05:00
OLMKit.podspec bump version number and add changelog 2021-02-22 17:06:13 -05:00
Package.swift Xcode: Add support of Swift Package Manager 2021-04-02 19:16:11 +02:00
README.md Merge branch 'fix-ncc-audit-url' into 'master' 2021-05-04 21:58:35 +00:00
version_script.ver Use a version script to restrict symbols in the .so 2016-05-20 15:15:40 +01:00

Olm

An implementation of the Double Ratchet cryptographic ratchet described by https://whispersystems.org/docs/specifications/doubleratchet/, written in C and C++11 and exposed as a C API.

The specification of the Olm ratchet can be found in docs/olm.md.

This library also includes an implementation of the Megolm cryptographic ratchet, as specified in docs/megolm.md.

Building

To build olm as a shared library run either:

cmake . -Bbuild
cmake --build build

or:

make

Using cmake is the preferred method for building the shared library; the Makefile may be removed in the future.

To run the tests when using cmake, run:

cd build/tests
ctest .

To run the tests when using make, run:

make test

To build the JavaScript bindings, install emscripten from http://kripken.github.io/emscripten-site/ and then run:

make js

Note that if you run emscripten in a docker container, you need to pass through the EMCC_CLOSURE_ARGS environment variable.

To build the android project for Android bindings, run:

cd android
./gradlew clean assembleRelease

To build the Xcode workspace for Objective-C bindings, run:

cd xcode
pod install
open OLMKit.xcworkspace

To build the Python bindings, first build olm as a shared library as above, and then run:

cd python
make

to make both the Python 2 and Python 3 bindings. To make only one version, use make olm-python2 or make olm-python3 instead of just make.

To build olm as a static library (which still needs libstdc++ dynamically) run either:

cmake . -Bbuild -DBUILD_SHARED_LIBS=NO
cmake --build build

or

make static

The library can also be used as a dependency with CMake using:

find_package(Olm::Olm REQUIRED)
target_link_libraries(my_exe Olm::Olm)

Bindings

libolm can be used in different environments using bindings. In addition to the JavaScript, Python, Java (Android), and Objective-C bindings included in this repository, some bindings are (in alphabetical order):

Note that bindings may have a different license from libolm, and are not endorsed by the Matrix.org Foundation C.I.C.

Release process

First: bump version numbers in common.mk, CMakeLists.txt, javascript/package.json, python/olm/__version__.py, OLMKit.podspec, Package.swift, and android/olm-sdk/java/org/matrix/olm/OlmManager.java in function ``getVersion()```.

Also, ensure the changelog is up to date, and that everything is committed to git.

It's probably sensible to do the above on a release branch (release-vx.y.z by convention), and merge back to master once the release is complete.

make clean

# build and test C library
make test

# build and test JS wrapper
make js
(cd javascript && \
     npm run test && \
     sha256sum olm.js olm_legacy.js olm.wasm > checksums.txt && \
     gpg -b -a -u F75FDC22C1DE8453 checksums.txt && \
     npm publish)

VERSION=x.y.z
git tag $VERSION -s
git push --tags

# OLMKit CocoaPod release
# Make sure the version OLMKit.podspec is the same as the git tag
# (this must be checked before git tagging)
pod spec lint OLMKit.podspec --use-libraries --allow-warnings
pod trunk push OLMKit.podspec --use-libraries --allow-warnings
# Check the pod has been successully published with:
pod search OLMKit

Python and JavaScript packages are published to the registry at https://gitlab.matrix.org/matrix-org/olm/-/packages. The GitLab documentation contains instructions on how to set up twine (Python) and npm (JavaScript) to upload to the registry.

Design

Olm is designed to be easy port to different platforms and to be easy to write bindings for.

It was originally implemented in C++, with a plain-C layer providing the public API. As development has progressed, it has become clear that C++ gives little advantage, and new functionality is being added in C, with C++ parts being rewritten as the need ariases.

Error Handling

All C functions in the API for olm return olm_error() on error. This makes it easy to check for error conditions within the language bindings.

Random Numbers

Olm doesn't generate random numbers itself. Instead the caller must provide the random data. This makes it easier to port the library to different platforms since the caller can use whatever cryptographic random number generator their platform provides.

Memory

Olm avoids calling malloc or allocating memory on the heap itself. Instead the library calculates how much memory will be needed to hold the output and the caller supplies a buffer of the appropriate size.

Output Encoding

Binary output is encoded as base64 so that languages that prefer unicode strings will find it easier to handle the output.

Dependencies

Olm uses pure C implementations of the cryptographic primitives used by the ratchet. While this decreases the performance it makes it much easier to compile the library for different architectures.

Contributing

Please see CONTRIBUTING.md when making contributions to the library.

Security assessment

Olm 1.3.0 was independently assessed by NCC Group's Cryptography Services Practive in September 2016 to check for security issues: you can read all about it at https://www.nccgroup.com/globalassets/our-research/us/public-reports/2016/november/ncc_group_olm_cryptogrpahic_review_2016_11_01.pdf and https://matrix.org/blog/2016/11/21/matrixs-olm-end-to-end-encryption-security-assessment-released-and-implemented-cross-platform-on-riot-at-last/

Bug reports

Please file bug reports at https://github.com/matrix-org/olm/issues

What's an olm?

It's a really cool species of European troglodytic salamander. http://www.postojnska-jama.eu/en/come-and-visit-us/vivarium-proteus/

The software may be subject to the U.S. export control laws and regulations and by downloading the software the user certifies that he/she/it is authorized to do so in accordance with those export control laws and regulations.