Expand description
This is an intermediate crate that exposes the C API of libolm to Rust. If you want to start building things with libolm from Rust, check out olm-rs.
Supported Platforms
- Android
- Linux
- macOS
- Windows
- FreeBSD
- WebAssembly
Building
This library can either be built by statically or dynamically linking against libolm:
Static
This is the default and requires no further action. libolm is built locally and then linked against statically.
Build dependencies
libstdc++/libc++- cmake
- GNU make or a compatible variant (WebAssembly only)
- Emscripten (WebAssembly only)
Dynamic
For linking against libolm dynamically, first make sure that you have the library in your link path.
Then build this library with the OLM_LINK_VARIANT environment variable set to dylib.
For example, building your project using olm-sys as a dependency would look like this:
$ OLM_LINK_VARIANT=dylib cargo buildCross compiling for Android
To enable cross compilation for Android set the environment variable
ANDROID_NDK to the location of your NDK installation, for example:
$ ANRDOID_NDK=/home/user/Android/Sdk/ndk/22.0.7026061/The linker needs to be set to an target specific one as well, for example for
aarch64-linux-android set this into your cargo config:
[target.aarch64-linux-android]
ar = "/home/user/Android/Sdk/ndk/22.0.7026061/toolchains/llvm/prebuilt/linux-x86_64/bin/ar"
linker = "/home/user/Android/Sdk/ndk/22.0.7026061/toolchains/llvm/prebuilt/linux-x86_64/bin/aarch64-linux-android30-clang"After both of these are set, compilation should work as usual using cargo:
$ ANDROID_NDK=~/Android/Sdk/ndk/22.0.7026061 cargo build --target aarch64-linux-androidStructs
Constants
< The supplied account key is invalid
Attempt to unpickle an account which uses pickle version 1 (which did not save enough space for the Ed25519 key; the key should be considered compromised. We don’t let the user reload the account.
< The message couldn’t be decoded
< The message references an unknown key id
< The message couldn’t be decrypted
< The message version is unsupported
< Attempt to initialise an inbound group session from an invalid session key
Received message had a bad signature
< The pickled object couldn’t be decoded
Received message had a bad signature
< The input base64 was invalid
< Not enough entropy was supplied
< Supplied output buffer is too small
The pickled object was successfully decoded, but the unpickling still failed because it had some extraneous junk data at the end.
SAS doesn’t have their key set.
< There wasn’t an error
< Attempt to decode a message whose index is earlier than our earliest known session key.
< The pickled object is too new
Functions
get a string representation of the given error code.
Initialise an account object using the supplied memory The supplied memory must be at least olm_account_size() bytes
Deprecated: use olm_account_unpublished_fallback_key instead
The number of bytes needed to hold the fallback key as returned by olm_account_fallback_key.
Forget about the old fallback key. This should be called once you are reasonably certain that you will not receive any more messages that use the old fallback key (e.g. 5 minutes after the new fallback key has been published).
Generates a new fallback key. Only one previous fallback key is stored. Returns olm_error() on error. If the number of random bytes is too small then olm_account_last_error() will be “NOT_ENOUGH_RANDOM”.
The number of random bytes needed to generate a fallback key.
Generates a number of new one time keys. If the total number of keys stored by this account exceeds max_number_of_one_time_keys() then the old keys are discarded. Returns olm_error() on error. If the number of random bytes is too small then olm_account_last_error() will be “NOT_ENOUGH_RANDOM”.
The number of random bytes needed to generate a given number of new one time keys.
Writes the public parts of the identity keys for the account into the identity_keys output buffer. Returns olm_error() on failure. If the identity_keys buffer was too small then olm_account_last_error() will be “OUTPUT_BUFFER_TOO_SMALL”.
The size of the output buffer needed to hold the identity keys
A null terminated string describing the most recent error to happen to an account
An error code describing the most recent error to happen to an account
Marks the current set of one time keys and fallback key as being published Once marked as published, the one time keys will no longer be returned by olm_account_one_time_keys(), and the fallback key will no longer be returned by olm_account_unpublished_fallback_key().
The largest number of one time keys this account can store.
Writes the public parts of the unpublished one time keys for the account into the one_time_keys output buffer.
The size of the output buffer needed to hold the one time keys
Signs a message with the ed25519 key for this account. Returns olm_error() on failure. If the signature buffer was too small then olm_account_last_error() will be “OUTPUT_BUFFER_TOO_SMALL”
The length of an ed25519 signature encoded as base64.
The size of an account object in bytes
Returns the fallback key (if present, and if unpublished) into the fallback_key buffer
The number of bytes needed to hold the unpublished fallback key as returned by olm_account_unpublished fallback_key.
Clears the memory used to back this account
Clears the memory used to back this group session
Clears the memory used to back this group session
Clears the memory used to back this decryption object
Clears the memory used to back this encryption object
Clears the memory used to back this signing object
Clears the memory used to back an SAS object.
Clears the memory used to back this session
Clears the memory used to back this utility
Creates a new account. Returns olm_error() on failure. If there weren’t enough random bytes then olm_account_last_error() will be “NOT_ENOUGH_RANDOM”
The number of random bytes needed to create an account.
Create a new in-bound session for sending/receiving messages from an incoming PRE_KEY message. Returns olm_error() on failure. If the base64 couldn’t be decoded then olm_session_last_error will be “INVALID_BASE64”. If the message was for an unsupported protocol version then olm_session_last_error() will be “BAD_MESSAGE_VERSION”. If the message couldn’t be decoded then olm_session_last_error() will be “BAD_MESSAGE_FORMAT”. If the message refers to an unknown one time key then olm_session_last_error() will be “BAD_MESSAGE_KEY_ID”.
Same as olm_create_inbound_session, but ensures that the identity key
in the pre-key message matches the expected identity key, supplied via the
their_identity_key parameter. Fails early if there is no match.
Creates a new out-bound session for sending messages to a given identity_key and one_time_key. Returns olm_error() on failure. If the keys couldn’t be decoded as base64 then olm_session_last_error() will be “INVALID_BASE64” If there weren’t enough random bytes then olm_session_last_error() will be “NOT_ENOUGH_RANDOM”.
The number of random bytes needed to create an outbound session
Creates a new SAS object.
The number of random bytes needed to create an SAS object.
Decrypts a message using the session. The input message buffer is destroyed. Returns the length of the plain-text on success. Returns olm_error() on failure. If the plain-text buffer is smaller than olm_decrypt_max_plaintext_length() then olm_session_last_error() will be “OUTPUT_BUFFER_TOO_SMALL”. If the base64 couldn’t be decoded then olm_session_last_error() will be “INVALID_BASE64”. If the message is for an unsupported version of the protocol then olm_session_last_error() will be “BAD_MESSAGE_VERSION”. If the message couldn’t be decoded then olm_session_last_error() will be BAD_MESSAGE_FORMAT“. If the MAC on the message was invalid then olm_session_last_error() will be “BAD_MESSAGE_MAC”.
The maximum number of bytes of plain-text a given message could decode to. The actual size could be different due to padding. The input message buffer is destroyed. Returns olm_error() on failure. If the message base64 couldn’t be decoded then olm_session_last_error() will be “INVALID_BASE64”. If the message is for an unsupported version of the protocol then olm_session_last_error() will be “BAD_MESSAGE_VERSION”. If the message couldn’t be decoded then olm_session_last_error() will be “BAD_MESSAGE_FORMAT”.
Verify an ed25519 signature. If the key was too small then olm_utility_last_error() will be “INVALID_BASE64”. If the signature was invalid then olm_utility_last_error() will be “BAD_MESSAGE_MAC”.
Encrypts a message using the session. Returns the length of the message in bytes on success. Writes the message as base64 into the message buffer. Returns olm_error() on failure. If the message buffer is too small then olm_session_last_error() will be “OUTPUT_BUFFER_TOO_SMALL”. If there weren’t enough random bytes then olm_session_last_error() will be “NOT_ENOUGH_RANDOM”.
The size of the next message in bytes for the given number of plain-text bytes.
The type of the next message that olm_encrypt() will return. Returns OLM_MESSAGE_TYPE_PRE_KEY if the message will be a PRE_KEY message. Returns OLM_MESSAGE_TYPE_MESSAGE if the message will be a normal message. Returns olm_error on failure.
The number of random bytes needed to encrypt the next message.
Export the base64-encoded ratchet key for this session, at the given index, in a format which can be used by olm_import_inbound_group_session
Get the number of bytes returned by olm_export_inbound_group_session()
Get the version number of the library. Arguments will be updated if non-null.
Decrypt a message.
Get an upper bound on the number of bytes of plain-text the decrypt method will write for a given input message length. The actual size could be different due to padding.
Encrypt some plain-text. Returns the length of the encrypted message or olm_error() on failure. On failure last_error will be set with an error code. The last_error will be OUTPUT_BUFFER_TOO_SMALL if the output buffer is too small.
The number of bytes that will be created by encrypting a message
Import an inbound group session, from a previous export.
Initialise an inbound group session object using the supplied memory The supplied memory should be at least olm_inbound_group_session_size() bytes.
Get the first message index we know how to decrypt.
Get a base64-encoded identifier for this session.
Get the number of bytes returned by olm_inbound_group_session_id()
Check if the session has been verified as a valid session.
A null terminated string describing the most recent error to happen to a group session
An error code describing the most recent error to happen to a group session
get the size of an inbound group session, in bytes.
Start a new inbound group session, from a key exported from olm_outbound_group_session_key
Start a new outbound group session. Returns olm_error() on failure. On failure last_error will be set with an error code. The last_error will be NOT_ENOUGH_RANDOM if the number of random bytes was too small.
The number of random bytes needed to create an outbound group session
Checks if the PRE_KEY message is for this in-bound session. This can happen if multiple messages are sent to this account before this account sends a message in reply. The one_time_key_message buffer is destroyed. Returns 1 if the session matches. Returns 0 if the session does not match. Returns olm_error() on failure. If the base64 couldn’t be decoded then olm_session_last_error will be “INVALID_BASE64”. If the message was for an unsupported protocol version then olm_session_last_error() will be “BAD_MESSAGE_VERSION”. If the message couldn’t be decoded then then olm_session_last_error() will be “BAD_MESSAGE_FORMAT”.
Checks if the PRE_KEY message is for this in-bound session. This can happen if multiple messages are sent to this account before this account sends a message in reply. The one_time_key_message buffer is destroyed. Returns 1 if the session matches. Returns 0 if the session does not match. Returns olm_error() on failure. If the base64 couldn’t be decoded then olm_session_last_error will be “INVALID_BASE64”. If the message was for an unsupported protocol version then olm_session_last_error() will be “BAD_MESSAGE_VERSION”. If the message couldn’t be decoded then then olm_session_last_error() will be “BAD_MESSAGE_FORMAT”.
Initialise an outbound group session object using the supplied memory The supplied memory should be at least olm_outbound_group_session_size() bytes.
Get a base64-encoded identifier for this session.
Get the number of bytes returned by olm_outbound_group_session_id()
Get the base64-encoded current ratchet key for this session.
Get the number of bytes returned by olm_outbound_group_session_key()
A null terminated string describing the most recent error to happen to a group session
An error code describing the most recent error to happen to a group session
Get the current message index for this session.
get the size of an outbound group session, in bytes.
Stores an account as a base64 string. Encrypts the account using the supplied key. Returns the length of the pickled account on success. Returns olm_error() on failure. If the pickle output buffer is smaller than olm_pickle_account_length() then olm_account_last_error() will be “OUTPUT_BUFFER_TOO_SMALL”
Returns the number of bytes needed to store an account
Stores a group session as a base64 string. Encrypts the session using the supplied key. Returns the length of the session on success.
Returns the number of bytes needed to store an inbound group session
Stores a group session as a base64 string. Encrypts the session using the supplied key. Returns the length of the session on success.
Returns the number of bytes needed to store an outbound group session
Stores decryption object as a base64 string. Encrypts the object using the supplied key. Returns the length of the pickled object on success. Returns olm_error() on failure. If the pickle output buffer is smaller than olm_pickle_pk_decryption_length() then olm_pk_decryption_last_error() will be “OUTPUT_BUFFER_TOO_SMALL”
Returns the number of bytes needed to store a decryption object.
Stores a session as a base64 string. Encrypts the session using the supplied key. Returns the length of the pickled session on success. Returns olm_error() on failure. If the pickle output buffer is smaller than olm_pickle_session_length() then olm_session_last_error() will be “OUTPUT_BUFFER_TOO_SMALL”
Returns the number of bytes needed to store a session
Get the length of the ciphertext that will correspond to a plaintext of the given length.
Decrypt a ciphertext. The input ciphertext buffer is destroyed. See the olm_pk_encrypt function for descriptions of the ephemeral_key and mac arguments. Returns the length of the plaintext on success. Returns olm_error() on failure. If the plaintext buffer is too small then olm_pk_encryption_last_error() will be “OUTPUT_BUFFER_TOO_SMALL”.
Initialise a decryption object using the supplied memory The supplied memory must be at least olm_pk_decryption_size() bytes
A null terminated string describing the most recent error to happen to a decription object
An error code describing the most recent error to happen to a decription object
Encrypt a plaintext for the recipient set using olm_pk_encryption_set_recipient_key. Writes to the ciphertext, mac, and ephemeral_key buffers, whose values should be sent to the recipient. mac is a Message Authentication Code to ensure that the data is received and decrypted properly. ephemeral_key is the public part of the ephemeral key used (together with the recipient’s key) to generate a symmetric encryption key. Returns olm_error() on failure. If the ciphertext, mac, or ephemeral_key buffers were too small then olm_pk_encryption_last_error() will be “OUTPUT_BUFFER_TOO_SMALL”. If there weren’t enough random bytes then olm_pk_encryption_last_error() will be “OLM_INPUT_BUFFER_TOO_SMALL”.
The number of random bytes needed to encrypt a message.
Initialise an encryption object using the supplied memory The supplied memory must be at least olm_pk_encryption_size() bytes
A null terminated string describing the most recent error to happen to an encryption object
An error code describing the most recent error to happen to an encryption object
Set the recipient’s public key for encrypting to
DEPRECATED: Use olm_pk_key_from_private
DEPRECATED: Use olm_pk_private_key_length()
Get the private key for an OlmDecryption object as an unencoded byte array private_key must be a pointer to a buffer of at least olm_pk_private_key_length() bytes and this length must be passed in private_key_length. If the given buffer is too small, returns olm_error() and olm_pk_encryption_last_error() will be “OUTPUT_BUFFER_TOO_SMALL”. Returns the number of bytes written.
Initialise the key from the private part of a key as returned by olm_pk_get_private_key(). The associated public key will be written to the pubkey buffer. Returns olm_error() on failure. If the pubkey buffer is too small then olm_pk_decryption_last_error() will be “OUTPUT_BUFFER_TOO_SMALL”. If the private key was not long enough then olm_pk_decryption_last_error() will be “OLM_INPUT_BUFFER_TOO_SMALL”.
Get the length of a public or ephemeral key
Get the length of the message authentication code.
Get the length of the plaintext that will correspond to a ciphertext of the given length.
Get the number of bytes required to store an olm private key
Sign a message. The signature will be written to the signature buffer. Returns olm_error() on failure. If the signature buffer is too small, olm_pk_signing_last_error() will be “OUTPUT_BUFFER_TOO_SMALL”.
The size of a signature created by a signing object.
Initialise a signing object using the supplied memory The supplied memory must be at least olm_pk_signing_size() bytes
Initialise the signing object with a public/private keypair from a seed. The associated public key will be written to the pubkey buffer. Returns olm_error() on failure. If the public key buffer is too small then olm_pk_signing_last_error() will be “OUTPUT_BUFFER_TOO_SMALL”. If the seed buffer is too small then olm_pk_signing_last_error() will be “INPUT_BUFFER_TOO_SMALL”.
A null terminated string describing the most recent error to happen to a signing object
A null terminated string describing the most recent error to happen to a signing object
The size of the public key of a signing object.
The size required for the seed for initialising a signing object.
Removes the one time keys that the session used from the account. Returns olm_error() on failure. If the account doesn’t have any matching one time keys then olm_account_last_error() will be “BAD_MESSAGE_KEY_ID”.
Initialize an SAS object using the supplied memory.
The supplied memory must be at least olm_sas_size() bytes.
Generate a message authentication code (MAC) based on the shared secret.
Generate bytes to use for the short authentication string.
Get the public key for the SAS object.
Checks if their key was set.
A null terminated string describing the most recent error to happen to an SAS object.
An error code describing the most recent error to happen to an SAS object.
The size of the message authentication code generated by olm_sas_calculate_mac()`.
The size of a public key in bytes.
Sets the public key of other user.
The size of an SAS object in bytes.
Initialise a session object using the supplied memory The supplied memory must be at least olm_session_size() bytes
Write a null-terminated string describing the internal state of an olm session to the buffer provided for debugging and logging purposes.
An identifier for this session. Will be the same for both ends of the conversation. If the id buffer is too small then olm_session_last_error() will be “OUTPUT_BUFFER_TOO_SMALL”.
The length of the buffer needed to return the id for this session.
A null terminated string describing the most recent error to happen to a session
An error code describing the most recent error to happen to a session
The size of a session object in bytes
Calculates the SHA-256 hash of the input and encodes it as base64. If the output buffer is smaller than olm_sha256_length() then olm_utility_last_error() will be “OUTPUT_BUFFER_TOO_SMALL”.
The length of the buffer needed to hold the SHA-256 hash.
Loads an account from a pickled base64 string. Decrypts the account using the supplied key. Returns olm_error() on failure. If the key doesn’t match the one used to encrypt the account then olm_account_last_error() will be “BAD_ACCOUNT_KEY”. If the base64 couldn’t be decoded then olm_account_last_error() will be “INVALID_BASE64”. The input pickled buffer is destroyed
Loads a group session from a pickled base64 string. Decrypts the session using the supplied key.
Loads a group session from a pickled base64 string. Decrypts the session using the supplied key.
Loads a decryption object from a pickled base64 string. The associated public key will be written to the pubkey buffer. Decrypts the object using the supplied key. Returns olm_error() on failure. If the key doesn’t match the one used to encrypt the account then olm_pk_decryption_last_error() will be “BAD_ACCOUNT_KEY”. If the base64 couldn’t be decoded then olm_pk_decryption_last_error() will be “INVALID_BASE64”. The input pickled buffer is destroyed
Loads a session from a pickled base64 string. Decrypts the session using the supplied key. Returns olm_error() on failure. If the key doesn’t match the one used to encrypt the account then olm_session_last_error() will be “BAD_ACCOUNT_KEY”. If the base64 couldn’t be decoded then olm_session_last_error() will be “INVALID_BASE64”. The input pickled buffer is destroyed
Initialise a utility object using the supplied memory The supplied memory must be at least olm_utility_size() bytes
A null terminated string describing the most recent error to happen to a utility
An error code describing the most recent error to happen to a utility
The size of a utility object in bytes