• This repository has been archived on 13/Feb/2022
  • Stars
    star
    1,404
  • Rank 33,499 (Top 0.7 %)
  • Language
    C
  • License
    GNU General Publi...
  • Created about 9 years ago
  • Updated over 4 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Overview

This is a ratcheting forward secrecy protocol that works in synchronous and asynchronous messaging environments. See the Java library for more details.

Building libsignal-protocol-c

Development host setup

Build dependencies

Most of these dependencies are required just for the unit test suite and development of the library itself. When integrating into actual applications, you should not need anything beyond CMake. Alternatively, you may integrate the code using a build system of your choice. Items marked with *1 are required for tests, with *2 are additionally required for code coverage.

Setting up a fresh source tree

$ cd /path/to/libsignal-protocol-c
$ mkdir build
$ cd build
$ cmake -DCMAKE_BUILD_TYPE=Debug ..
$ make

Running the unit tests

$ cd /path/to/libsignal-protocol-c/build
$ cmake -DCMAKE_BUILD_TYPE=Debug -DBUILD_TESTING=1 ..
$ cd tests
$ make
$ cd ..
$ ctest

Creating the code coverage report

$ cd /path/to/libsignal-protocol-c/build
$ cmake -DCMAKE_BUILD_TYPE=Debug -DBUILD_TESTING=1 -DCOVERAGE=1 ..
$ make coverage

The generated code coverage report can be found in: /path/to/libsignal-protocol-c/build/coverage

Eclipse project setup

CMake provides a tutorial on Eclipse project setup here: https://cmake.org/Wiki/CMake:Eclipse_UNIX_Tutorial

It is recommended to follow the more manual "Option 2," since the Eclipse project generator built into CMake tends to be outdated and leads you toward a very awkward and occasionally broken project configuration.

Protocol Buffers compiler

This project uses serialization code based on Protocol Buffers. Since the official library does not support C, the protobuf-c generator is used instead. For the sake of convenience, the generated code and its dependencies are included in the source tree. The generated code can be regenerated at any time by installing the two mentioned packages and running "make" in the "protobuf/" subdirectory.

Target platforms

CMake toolchain files have been included from the following sources:

Using libsignal-protocol-c

Library initialization

Before using the library, a libsignal-protocol-c client needs to initialize a global context. This global context is used to provide callbacks for implementations of functions used across the library that need client-specific implementations. Refer to "signal_protocol.h" for detailed documentation on these functions, and the unit tests for example implementations.

signal_context *global_context;
signal_context_create(&global_context, user_data);
signal_context_set_crypto_provider(global_context, &provider);
signal_context_set_locking_functions(global_context, lock_function, unlock_function);

Client install time

At install time, a libsignal-protocol-c client needs to generate its identity keys, registration id, and prekeys.

ratchet_identity_key_pair *identity_key_pair;
uint32_t registration_id;
signal_protocol_key_helper_pre_key_list_node *pre_keys_head;
session_signed_pre_key *signed_pre_key;

signal_protocol_key_helper_generate_identity_key_pair(&identity_key_pair, global_context);
signal_protocol_key_helper_generate_registration_id(&registration_id, 0, global_context);
signal_protocol_key_helper_generate_pre_keys(&pre_keys_head, start_id, 100, global_context);
signal_protocol_key_helper_generate_signed_pre_key(&signed_pre_key, identity_key_pair, 5, timestamp, global_context);

/* Store identity_key_pair somewhere durable and safe. */
/* Store registration_id somewhere durable and safe. */

/* Store pre keys in the pre key store. */
/* Store signed pre key in the signed pre key store. */

The above example is simplified for the sake of clarity. All of these functions return errors on failure, and those errors should be checked for in real usage.

There are also iteration and serialization methods for the above types that should be used as appropriate.

Building a session

A libsignal-protocol-c client needs to implement four data store callback interfaces: signal_protocol_identity_key_store, signal_protocol_pre_key_store, signal_protocol_signed_pre_key_store, and signal_protocol_session_store. These will manage loading and storing of identity, prekeys, signed prekeys, and session state.

These callback interfaces are designed such that implementations should treat all data flowing through them as opaque binary blobs. Anything necessary for referencing that data will be provided as separate function arguments to those callbacks. If it is ever necessary for clients to directly access stored data in terms of library data structures, they should use the accessor functions declared in "signal_protocol.h" for these data stores.

Once the callbacks for these data stores are implemented, building a session is fairly straightforward:

/* Create the data store context, and add all the callbacks to it */
signal_protocol_store_context *store_context;
signal_protocol_store_context_create(&store_context, context);
signal_protocol_store_context_set_session_store(store_context, &session_store);
signal_protocol_store_context_set_pre_key_store(store_context, &pre_key_store);
signal_protocol_store_context_set_signed_pre_key_store(store_context, &signed_pre_key_store);
signal_protocol_store_context_set_identity_key_store(store_context, &identity_key_store);

/* Instantiate a session_builder for a recipient address. */
signal_protocol_address address = {
    "+14159998888", 12, 1
};
session_builder *builder;
session_builder_create(&builder, store_context, &address, global_context);

/* Build a session with a pre key retrieved from the server. */
session_builder_process_pre_key_bundle(builder, retrieved_pre_key);

/* Create the session cipher and encrypt the message */
session_cipher *cipher;
session_cipher_create(&cipher, store_context, &address, global_context);

ciphertext_message *encrypted_message;
session_cipher_encrypt(cipher, message, message_len, &encrypted_message);

/* Get the serialized content and deliver it */
signal_buffer *serialized = ciphertext_message_get_serialized(encrypted_message);

deliver(signal_buffer_data(serialized), signal_buffer_len(serialized));

/* Cleanup */
SIGNAL_UNREF(encrypted_message);
session_cipher_free(cipher);
session_builder_free(builder);
signal_protocol_store_context_destroy(store_context);

The above example is simplified for the sake of clarity. All of these functions return errors on failure, and those errors should be checked for in real usage.

Memory management notes

For every custom data type that the libsignal-protocol-c library can allocate and return, a corresponding way of deallocating an instance of that data type is provided.

The more basic and higher level data types provide a type-specific free or destroy function. These types include signal_context, signal_protocol_store_context, signal_buffer, signal_buffer_list, signal_int_list, signal_protocol_key_helper_pre_key_list_node, session_builder, session_cipher, group_session_builder, group_cipher, and fingerprint_generator.

Most of the other data types, including everything internal, use a reference counting mechanism. If you are going to hold onto a reference to one of these types, use the SIGNAL_REF(x) macro to increment its count. If you are done with a reference, use SIGNAL_UNREF(x) to decrement its count. When the count reaches 0, the type's destructor function is called.

Legal things

Cryptography Notice

This distribution includes cryptographic software. The country in which you currently reside may have restrictions on the import, possession, use, and/or re-export to another country, of encryption software. BEFORE using any encryption software, please check your country's laws, regulations and policies concerning the import, possession, or use, and re-export of encryption software, to see if this is permitted. See http://www.wassenaar.org/ for more information.

The U.S. Government Department of Commerce, Bureau of Industry and Security (BIS), has classified this software as Export Commodity Control Number (ECCN) 5D002.C.1, which includes information security software using or performing cryptographic functions with asymmetric algorithms. The form and manner of this distribution makes it eligible for export under the License Exception ENC Technology Software Unrestricted (TSU) exception (see the BIS Export Administration Regulations, Section 740.13) for both object code and source code.

License

Copyright 2015-2016 Open Whisper Systems

Licensed under the GPLv3: http://www.gnu.org/licenses/gpl-3.0.html

Additional Permissions For Submission to Apple App Store: Provided that you are otherwise in compliance with the GPLv3 for each covered work you convey (including without limitation making the Corresponding Source available in compliance with Section 6 of the GPLv3), Open Whisper Systems also grants you the additional permission to convey through the Apple App Store non-source executable versions of the Program as incorporated into each applicable covered work as Executable Versions only under the Mozilla Public License version 2.0 (https://www.mozilla.org/en-US/MPL/2.0/).

More Repositories

1

Signal-Android

A private messenger for Android.
Kotlin
25,358
star
2

Signal-Desktop

A private messenger for Windows, macOS, and Linux.
TypeScript
14,441
star
3

Signal-iOS

A private messenger for iOS.
Swift
10,703
star
4

Signal-Server

Server supporting the Signal Private Messenger applications on Android, Desktop, and iOS
Java
9,071
star
5

libsignal

Home to the Signal Protocol as well as other cryptographic primitives which make Signal possible.
Rust
3,345
star
6

libsignal-protocol-javascript

This library is no longer maintained. libsignal-protocol-javascript was an implementation of the Signal Protocol, written in JavaScript. It has been replaced by libsignal-client’s typesafe TypeScript API.
JavaScript
1,954
star
7

libsignal-protocol-java

Java
1,823
star
8

BitHub

BTC + BitHub = An experiment in funding privacy OSS.
Java
997
star
9

Signal-TLS-Proxy

Shell
830
star
10

libsignal-service-java

A Java/Android library for communicating with the Signal messaging service.
Java
584
star
11

ringrtc

Rust
538
star
12

Signal-Calling-Service

Forwards media from 1 group call device to N group call devices.
Rust
412
star
13

Flock

Private contact and calendar sync for Android.
Java
358
star
14

ContactDiscoveryService

C
279
star
15

SecureValueRecovery

Rust
274
star
16

curve25519-java

Pure Java and JNI backed Curve25519 implementation.
C
230
star
17

gradle-witness

A gradle plugin that enables static verification for remote dependencies.
Groovy
229
star
18

SignalProtocolKit

This library is no longer maintained. SignalProtocolKit was an implementation of the Signal Protocol, written in Objective-C. It has been replaced by libsignal-client’s type safe Swift API.
Objective-C
213
star
19

webrtc

C++
140
star
20

PushServer

A microservice for communicating with push gateways.
Java
115
star
21

WhisperYAFFS

Encrypted Filesystem Support For YAFFS2
C
104
star
22

jobmanager

Android library for executing tasks.
Java
103
star
23

WebSocket-Resources

A Dropwizard library that lets you use Jersey-style Resources over WebSockets
Java
91
star
24

better-sqlite3

C++
76
star
25

SignalServiceKit

SignalServiceKit has moved to Signal-iOS. See README.md for details.
Objective-C
68
star
26

libwebrtc-android

Android WebRTC Packages
Java
60
star
27

Signal-Pods

Pods dependency tracker for Signal-iOS
C
57
star
28

signal-ringrtc-node

TypeScript
50
star
29

gcm-sender-async

Asynchronous Google Cloud Messaging (GCM) Library
Java
48
star
30

zkgroup

41
star
31

curve25519-dalek

Rust
37
star
32

SecureValueRecovery2

C++
37
star
33

libsignal-protocol-rust

Rust
37
star
34

Argon2

Java
36
star
35

Signal-Design

A place to archive design assets used by Signal.
35
star
36

SignalCoreKit

Swift
34
star
37

storage-service

Java
34
star
38

signal-webrtc-ios

Python
33
star
39

Signal-FTS5-Extension

A FTS5 extension for signal_tokenizer.
Rust
32
star
40

ContactDiscoveryService-Icelake

C
31
star
41

maven

27
star
42

libpastelog

Java
27
star
43

tus-server

An implementation of the TUS server protocol for resumable uploads
TypeScript
25
star
44

Mock-Signal-Server

TypeScript
24
star
45

registration-service

Registration Service for Signal
Java
23
star
46

dropwizard-simpleauth

Dropwizard library for simple @Auth annotations that support multiple types
Java
22
star
47

CLAServer

GitHub Integration for managing CLA signatures
Java
22
star
48

mio

Rust
20
star
49

AES-GCM-Provider

A BoringSSL-backed AES-GCM provider for Android with support for "incremental" encryption/decryption
Java
20
star
50

libaxolotl-j2me

Axolotl J2ME
Java
17
star
51

Signal-Art-Creator

Sticker Pack Creator Web App
TypeScript
17
star
52

signal-webrtc-ios-artifacts

Objective-C
17
star
53

SQLCipherVsSharedData

Demo Project to demonstrate a bug in SQLCipher
Objective-C
15
star
54

dropwizard-wavefront

Dropwizard Metrics Reporter For Wavefront
Java
14
star
55

sgx_common

Rust
14
star
56

emoji-search-index

Static assets used for to generate a search index for emoji within Signal.
12
star
57

Signal-Carthage

Objective-C
12
star
58

SignalMetadataKit

Swift
12
star
59

libmobilecoin-ios-artifacts

Swift
12
star
60

libsignal-client-node

11
star
61

redis-dispatch

Java
11
star
62

sqlcipher

C
11
star
63

libsignal-metadata-java

Java
11
star
64

mp4san

A Rust MP4 format sanitizer
Rust
10
star
65

poksho

9
star
66

AccountStream

Java
8
star
67

signal-zkgroup-node

TypeScript
8
star
68

s3-upload-maven-plugin

Maven plugin to upload files to s3
Java
7
star
69

jekyll-simple-i18n

Ruby
7
star
70

HsmEnclave

HSM-backed remote-attestable enclave.
C
5
star
71

sqlcipher-android

A light fork of https://github.com/sqlcipher/sqlcipher-android
C
5
star
72

storage-manager

Manage objects inside a cdn
TypeScript
5
star
73

libsignal-ffi

Rust
4
star
74

partial-default

Provides PartialDefault, a Rust trait similar to Default but with fewer guarantees
Rust
4
star
75

signal-zkgroup-swift

Swift
4
star
76

libsignal-protocol-swift

Swift
2
star
77

Signal-Message-Backup-Tests

Signal Message Backup shared client integration test cases
Rust
2
star
78

libmobilecoin-apple-artifacts

C
2
star
79

Signal-Sqlcipher-Extension

A sqlcipher extension for crypto provider.
Rust
1
star