Merge pull request #36 from matrix-org/manuroe/olmkit

OLMKit

Merge pull request #36 from matrix-org/manuroe/olmkit
90b36130 · Richard van der Hoff · GitHub · fb91b1f1 · 46ad7951 · 90b36130
Commit 90b36130 authored 8 years ago by Richard van der Hoff Committed by GitHub 8 years ago
--- a/.gitignore
+++ b/.gitignore
@@ -5,4 +5,25 @@
 /docs/signing.html
 /olm-*.tgz
 /README.html
-/tracing/README.html
\ No newline at end of file
+/tracing/README.html
+
+# Xcode
+build/
+DerivedData/
+*.pbxuser
+!default.pbxuser
+*.mode1v3
+!default.mode1v3
+*.mode2v3
+!default.mode2v3
+*.perspectivev3
+!default.perspectivev3
+xcuserdata/
+*.moved-aside
+*.xcuserstate
+*.hmap
+*.ipa
+*.dSYM.zip
+*.dSYM
+Pods/
+*.xcworkspace
\ No newline at end of file
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
+Changes in `2.0.1 <http://matrix.org/git/olm/commit/?h=2.0.1>`_
+===============================================================
+
+This release includes the following changes since 2.0.0
+
+* Add OLMKit, the Objective-C wrapper.
+
 Changes in `2.0.0 <http://matrix.org/git/olm/commit/?h=2.0.0>`_
 ===============================================================


--- a/Makefile
+++ b/Makefile
@@ -2,7 +2,7 @@

 MAJOR := 2
 MINOR := 0
-PATCH := 0
+PATCH := 1
 VERSION := $(MAJOR).$(MINOR).$(PATCH)
 PREFIX ?= /usr/local
 BUILD_DIR := build

--- a/OLMKit.podspec
+++ b/OLMKit.podspec
+Pod::Spec.new do |s|
+
+  # The libolm version
+  MAJOR = 2
+  MINOR = 0
+  PATCH = 1
+
+  s.name         = "OLMKit"
+  s.version      = "#{MAJOR}.#{MINOR}.#{PATCH}"
+  s.summary      = "An Objective-C wrapper of olm (http://matrix.org/git/olm)"
+
+  s.description  = <<-DESC
+				   olm is an implementation of the Double Ratchet cryptographic ratchet in C++
+                   DESC
+
+  s.homepage     = "http://matrix.org/git/olm"
+
+  s.license      = { :type => "Apache License, Version 2.0", :file => "LICENSE" }
+
+  s.authors            = { "Chris Ballinger" => "chrisballinger@gmail.com", 
+                           "matrix.org" => "support@matrix.org" }
+
+  s.platform     = :ios, "5.0"
+
+  # Expose the Objective-C wrapper API of libolm
+  s.public_header_files = "xcode/OLMKit/*.h"
+
+  s.source       = { 
+    :git => "https://matrix.org/git/olm.git", 
+    :tag => s.version.to_s 
+  }
+    
+  s.source_files = "xcode/OLMKit/*.{h,m}", "include/**/*.{h,hh}", "src/*.{c,cpp}", "lib/crypto-algorithms/sha256.c",  "lib/crypto-algorithms/aes.c", "lib/curve25519-donna/curve25519-donna.c"
+  
+  # Those files (including .c) are included by ed25519.c. We do not want to compile them twice
+  s.preserve_paths = "lib/ed25519/**/*.{h,c}"
+  
+  s.library = "c++"
+  
+  
+  # Use the same compiler options for C and C++ as olm/Makefile
+  
+  s.compiler_flags = "-g -O3 -DOLMLIB_VERSION_MAJOR=#{MAJOR} -DOLMLIB_VERSION_MINOR=#{MINOR} -DOLMLIB_VERSION_PATCH=#{PATCH}"
+
+  # For headers search paths, manage first the normal installation. Then, use paths used
+  # when the pod is local
+  s.xcconfig = { 
+    'USER_HEADER_SEARCH_PATHS' =>"${PODS_ROOT}/OLMKit/include ${PODS_ROOT}/OLMKit/lib #{File.join(File.dirname(__FILE__), 'include')} #{File.join(File.dirname(__FILE__), 'lib')}"
+  }
+  
+  s.subspec 'olmc' do |olmc|
+    olmc.source_files   = "src/*.{c}", "lib/curve25519-donna.h", "lib/crypto-algorithms/sha256.{h,c}", "lib/crypto-algorithms/aes.{h,c}",  "lib/curve25519-donna/curve25519-donna.c"
+    olmc.compiler_flags = ' -std=c99 -fPIC'
+  end
+  
+  s.subspec 'olmcpp' do |olmcpp|
+    olmcpp.source_files   = "src/*.{cpp}"
+    olmcpp.compiler_flags = ' -std=c++11 -fPIC'
+  end
+  
+end
--- a/README.rst
+++ b/README.rst
@@ -33,6 +33,14 @@ To build the javascript bindings, install emscripten from http://kripken.github.

    make js

+To build the Xcode workspace for Objective-C bindings, run:
+
+.. code:: bash
+
+    cd xcode
+    pod install
+    open OLMKit.xcworkspace
+
 Release process
 ---------------

@@ -50,6 +58,14 @@ Release process
    git tag $VERSION -s
    git push --tags

+    # OLMKit CocoaPod release
+    # Make sure the version OLMKit.podspec is the same as the git tag
+    # (this must be checked before git tagging)
+    pod spec lint OLMKit.podspec --use-libraries --allow-warnings
+    pod trunk push OLMKit.podspec --use-libraries --allow-warnings
+    # Check the pod has been successully published with:
+    pod search OLMKit
+
 It's probably sensible to do the above on a release branch (``release-vx.y.z``
 by convention), and merge back to master once complete.


--- a/lib/crypto-algorithms/aes.c
+++ b/lib/crypto-algorithms/aes.c
@@ -21,6 +21,7 @@
 #include "aes.h"

 #include <stdio.h>
+#include <string.h>

 /****************************** MACROS ******************************/
 // The least significant byte of the word is rotated to the end.

--- a/lib/crypto-algorithms/sha256.c
+++ b/lib/crypto-algorithms/sha256.c
@@ -15,6 +15,7 @@
 /*************************** HEADER FILES ***************************/
 #include <stdlib.h>
 #include <memory.h>
+#include <string.h>
 #include "sha256.h"

 /****************************** MACROS ******************************/

--- a/xcode/OLMKit.xcodeproj/project.pbxproj
+++ b/xcode/OLMKit.xcodeproj/project.pbxproj
--- a/xcode/OLMKit/Info.plist
+++ b/xcode/OLMKit/Info.plist
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>CFBundleDevelopmentRegion</key>
+	<string>en</string>
+	<key>CFBundleExecutable</key>
+	<string>$(EXECUTABLE_NAME)</string>
+	<key>CFBundleIdentifier</key>
+	<string>$(PRODUCT_BUNDLE_IDENTIFIER)</string>
+	<key>CFBundleInfoDictionaryVersion</key>
+	<string>6.0</string>
+	<key>CFBundleName</key>
+	<string>$(PRODUCT_NAME)</string>
+	<key>CFBundlePackageType</key>
+	<string>FMWK</string>
+	<key>CFBundleShortVersionString</key>
+	<string>1.0</string>
+	<key>CFBundleSignature</key>
+	<string>????</string>
+	<key>CFBundleVersion</key>
+	<string>$(CURRENT_PROJECT_VERSION)</string>
+	<key>NSPrincipalClass</key>
+	<string></string>
+</dict>
+</plist>
--- a/xcode/OLMKit/OLMAccount.h
+++ b/xcode/OLMKit/OLMAccount.h
+/*
+ Copyright 2016 Chris Ballinger
+ Copyright 2016 OpenMarket Ltd
+ Copyright 2016 Vector Creations Ltd
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ */
+
+#import <Foundation/Foundation.h>
+#import "OLMSerializable.h"
+
+@class OLMSession;
+
+@interface OLMAccount : NSObject <OLMSerializable, NSSecureCoding>
+
+/** Creates new account */
+- (instancetype) initNewAccount;
+
+/** public identity keys. base64 encoded in "curve25519" and "ed25519" keys */
+- (NSDictionary*) identityKeys;
+
+/** signs message with ed25519 key for account */
+- (NSString*) signMessage:(NSData*)messageData;
+
+/** Public parts of the unpublished one time keys for the account */
+- (NSDictionary*) oneTimeKeys;
+
+- (BOOL) removeOneTimeKeysForSession:(OLMSession*)session;
+
+/** Marks the current set of one time keys as being published. */
+- (void) markOneTimeKeysAsPublished;
+
+/** The largest number of one time keys this account can store. */
+- (NSUInteger) maxOneTimeKeys;
+
+/** Generates a number of new one time keys. If the total number of keys stored
+ * by this account exceeds -maxOneTimeKeys then the old keys are
+ * discarded. */
+- (void) generateOneTimeKeys:(NSUInteger)numberOfKeys;
+
+@end
--- a/xcode/OLMKit/OLMAccount.m
+++ b/xcode/OLMKit/OLMAccount.m
+/*
+ Copyright 2016 Chris Ballinger
+ Copyright 2016 OpenMarket Ltd
+ Copyright 2016 Vector Creations Ltd
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ */
+
+#import "OLMAccount.h"
+#import "OLMAccount_Private.h"
+#import "OLMSession.h"
+#import "OLMSession_Private.h"
+#import "OLMUtility.h"
+
+@import Security;
+
+@implementation OLMAccount
+
+- (void) dealloc {
+    olm_clear_account(_account);
+    free(_account);
+}
+
+- (BOOL) initializeAccountMemory {
+    size_t accountSize = olm_account_size();
+    _account = malloc(accountSize);
+    NSParameterAssert(_account != nil);
+    if (!_account) {
+        return NO;
+    }
+    _account = olm_account(_account);
+    NSParameterAssert(_account != nil);
+    if (!_account) {
+        return NO;
+    }
+    return YES;
+}
+
+- (instancetype) init {
+    self = [super init];
+    if (!self) {
+        return nil;
+    }
+    BOOL success = [self initializeAccountMemory];
+    if (!success) {
+        return nil;
+    }
+    return self;
+}
+
+- (instancetype) initNewAccount {
+    self = [self init];
+    if (!self) {
+        return nil;
+    }
+    size_t randomLength = olm_create_account_random_length(_account);
+    NSMutableData *random = [OLMUtility randomBytesOfLength:randomLength];
+    size_t accountResult = olm_create_account(_account, random.mutableBytes, random.length);
+    [random resetBytesInRange:NSMakeRange(0, random.length)];
+    if (accountResult == olm_error()) {
+        const char *error = olm_account_last_error(_account);
+        NSLog(@"error creating account: %s", error);
+        return nil;
+    }
+    return self;
+}
+
+- (NSUInteger) maxOneTimeKeys {
+    return olm_account_max_number_of_one_time_keys(_account);
+}
+
+
+/** public identity keys */
+- (NSDictionary*) identityKeys {
+    size_t identityKeysLength = olm_account_identity_keys_length(_account);
+    uint8_t *identityKeysBytes = malloc(identityKeysLength);
+    if (!identityKeysBytes) {
+        return nil;
+    }
+    size_t result = olm_account_identity_keys(_account, identityKeysBytes, identityKeysLength);
+    if (result == olm_error()) {
+        const char *error = olm_account_last_error(_account);
+        NSLog(@"error getting id keys: %s", error);
+        free(identityKeysBytes);
+        return nil;
+    }
+    NSData *idKeyData = [NSData dataWithBytesNoCopy:identityKeysBytes length:identityKeysLength freeWhenDone:YES];
+    NSError *error = nil;
+    NSDictionary *keysDictionary = [NSJSONSerialization JSONObjectWithData:idKeyData options:0 error:&error];
+    if (error) {
+        NSLog(@"Could not decode JSON: %@", error.localizedDescription);
+    }
+    return keysDictionary;
+}
+
+- (NSString *)signMessage:(NSData *)messageData {
+    size_t signatureLength = olm_account_signature_length(_account);
+    uint8_t *signatureBytes = malloc(signatureLength);
+    if (!signatureBytes) {
+        return nil;
+    }
+
+    size_t result = olm_account_sign(_account, messageData.bytes, messageData.length, signatureBytes, signatureLength);
+    if (result == olm_error()) {
+        const char *error = olm_account_last_error(_account);
+        NSLog(@"error signing message: %s", error);
+        free(signatureBytes);
+        return nil;
+    }
+
+    NSData *signatureData = [NSData dataWithBytesNoCopy:signatureBytes length:signatureLength freeWhenDone:YES];
+    return [[NSString alloc] initWithData:signatureData encoding:NSUTF8StringEncoding];
+}
+
+- (NSDictionary*) oneTimeKeys {
+    size_t otkLength = olm_account_one_time_keys_length(_account);
+    uint8_t *otkBytes = malloc(otkLength);
+    if (!otkBytes) {
+        return nil;
+    }
+    size_t result = olm_account_one_time_keys(_account, otkBytes, otkLength);
+    if (result == olm_error()) {
+        const char *error = olm_account_last_error(_account);
+        NSLog(@"error getting id keys: %s", error);
+        free(otkBytes);
+    }
+    NSData *otk = [NSData dataWithBytesNoCopy:otkBytes length:otkLength freeWhenDone:YES];
+    NSError *error = nil;
+    NSDictionary *keysDictionary = [NSJSONSerialization JSONObjectWithData:otk options:0 error:&error];
+    if (error) {
+        NSLog(@"Could not decode JSON: %@", error.localizedDescription);
+    }
+    return keysDictionary;
+}
+
+
+- (void) generateOneTimeKeys:(NSUInteger)numberOfKeys {
+    size_t randomLength = olm_account_generate_one_time_keys_random_length(_account, numberOfKeys);
+    NSMutableData *random = [OLMUtility randomBytesOfLength:randomLength];
+    size_t result = olm_account_generate_one_time_keys(_account, numberOfKeys, random.mutableBytes, random.length);
+    [random resetBytesInRange:NSMakeRange(0, random.length)];
+    if (result == olm_error()) {
+        const char *error = olm_account_last_error(_account);
+        NSLog(@"error generating keys: %s", error);
+    }
+}
+
+- (BOOL) removeOneTimeKeysForSession:(OLMSession *)session {
+    NSParameterAssert(session != nil);
+    if (!session) {
+        return NO;
+    }
+    size_t result = olm_remove_one_time_keys(self.account, session.session);
+    if (result == olm_error()) {
+        const char *error = olm_account_last_error(_account);
+        NSLog(@"olm_remove_one_time_keys error: %s", error);
+        return NO;
+    }
+    return YES;
+}
+
+- (void)markOneTimeKeysAsPublished
+{
+    olm_account_mark_keys_as_published(self.account);
+}
+
+#pragma mark OLMSerializable
+
+/** Initializes from encrypted serialized data. Will throw error if invalid key or invalid base64. */
+- (instancetype) initWithSerializedData:(NSString*)serializedData key:(NSData*)key error:(NSError**)error {
+    self = [self init];
+    if (!self) {
+        return nil;
+    }
+    NSParameterAssert(key.length > 0);
+    NSParameterAssert(serializedData.length > 0);
+    if (key.length == 0 || serializedData.length == 0) {
+        if (error) {
+            *error = [NSError errorWithDomain:OLMErrorDomain code:0 userInfo:@{NSLocalizedDescriptionKey: @"Bad length."}];
+        }
+        return nil;
+    }
+    NSMutableData *pickle = [serializedData dataUsingEncoding:NSUTF8StringEncoding].mutableCopy;
+    size_t result = olm_unpickle_account(_account, key.bytes, key.length, pickle.mutableBytes, pickle.length);
+    if (result == olm_error()) {
+        const char *olm_error = olm_account_last_error(_account);
+        NSString *errorString = [NSString stringWithUTF8String:olm_error];
+        if (error && errorString) {
+            *error = [NSError errorWithDomain:OLMErrorDomain code:0 userInfo:@{NSLocalizedDescriptionKey: errorString}];
+        }
+        return nil;
+    }
+    return self;
+}
+
+/** Serializes and encrypts object data, outputs base64 blob */
+- (NSString*) serializeDataWithKey:(NSData*)key error:(NSError**)error {
+    NSParameterAssert(key.length > 0);
+    size_t length = olm_pickle_account_length(_account);
+    NSMutableData *pickled = [NSMutableData dataWithLength:length];
+    size_t result = olm_pickle_account(_account, key.bytes, key.length, pickled.mutableBytes, pickled.length);
+    if (result == olm_error()) {
+        const char *olm_error = olm_account_last_error(_account);
+        NSString *errorString = [NSString stringWithUTF8String:olm_error];
+        if (error && errorString) {
+            *error = [NSError errorWithDomain:OLMErrorDomain code:0 userInfo:@{NSLocalizedDescriptionKey: errorString}];
+        }
+        return nil;
+    }
+    NSString *pickleString = [[NSString alloc] initWithData:pickled encoding:NSUTF8StringEncoding];
+    return pickleString;
+}
+
+#pragma mark NSSecureCoding
+
+ (BOOL) supportsSecureCoding {
+    return YES;
+}
+
+#pragma mark NSCoding
+
+- (id)initWithCoder:(NSCoder *)decoder {
+    NSString *version = [decoder decodeObjectOfClass:[NSString class] forKey:@"version"];
+    
+    NSError *error = nil;
+    
+    if ([version isEqualToString:@"1"]) {
+        NSString *pickle = [decoder decodeObjectOfClass:[NSString class] forKey:@"pickle"];
+        NSData *key = [decoder decodeObjectOfClass:[NSData class] forKey:@"key"];
+
+        self = [self initWithSerializedData:pickle key:key error:&error];
+    }
+    
+    NSParameterAssert(error == nil);
+    NSParameterAssert(self != nil);
+    if (!self) {
+        return nil;
+    }
+    
+    return self;
+}
+
+- (void)encodeWithCoder:(NSCoder *)encoder {
+    NSData *key = [OLMUtility randomBytesOfLength:32];
+    NSError *error = nil;
+    NSString *pickle = [self serializeDataWithKey:key error:&error];
+    NSParameterAssert(pickle.length > 0 && error == nil);
+    
+    [encoder encodeObject:pickle forKey:@"pickle"];
+    [encoder encodeObject:key forKey:@"key"];
+    [encoder encodeObject:@"1" forKey:@"version"];
+}
+
+
+@end
--- a/xcode/OLMKit/OLMAccount_Private.h
+++ b/xcode/OLMKit/OLMAccount_Private.h
+/*
+ Copyright 2016 Chris Ballinger
+ Copyright 2016 OpenMarket Ltd
+ Copyright 2016 Vector Creations Ltd
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ */
+
+#include "olm/olm.h"
+
+@interface OLMAccount()
+
+@property (nonatomic) OlmAccount *account;
+
+@end
--- a/xcode/OLMKit/OLMInboundGroupSession.h
+++ b/xcode/OLMKit/OLMInboundGroupSession.h
+/*
+ Copyright 2016 OpenMarket Ltd
+ Copyright 2016 Vector Creations Ltd
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ */
+
+#import <Foundation/Foundation.h>
+#import "OLMSerializable.h"
+
+@interface OLMInboundGroupSession : NSObject <OLMSerializable, NSSecureCoding>
+
+- (instancetype) initInboundGroupSessionWithSessionKey:(NSString*)sessionKey error:(NSError**)error;
+
+- (NSString*)sessionIdentifier;
+
+/** base64 ciphertext -> UTF-8 plaintext */
+- (NSString*)decryptMessage:(NSString*)message messageIndex:(NSUInteger*)messageIndex error:(NSError**)error;
+
+@end
--- a/xcode/OLMKit/OLMInboundGroupSession.m
+++ b/xcode/OLMKit/OLMInboundGroupSession.m
+/*
+ Copyright 2016 OpenMarket Ltd
+ Copyright 2016 Vector Creations Ltd
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ */
+
+#import "OLMInboundGroupSession.h"
+
+#import "OLMUtility.h"
+#include "olm/olm.h"
+
+@interface OLMInboundGroupSession ()
+{
+    OlmInboundGroupSession *session;
+}
+@end
+
+
+@implementation OLMInboundGroupSession
+
+- (void)dealloc {
+    olm_clear_inbound_group_session(session);
+    free(session);
+}
+
+- (instancetype)init {
+    self = [super init];
+    if (self)
+    {
+        session = malloc(olm_inbound_group_session_size());
+        if (session) {
+            session = olm_inbound_group_session(session);
+        }
+
+        if (!session) {
+            return nil;
+        }
+    }
+    return self;
+}
+
+- (instancetype)initInboundGroupSessionWithSessionKey:(NSString *)sessionKey error:(NSError**)error {
+    self = [self init];
+    if (self) {
+        NSData *sessionKeyData = [sessionKey dataUsingEncoding:NSUTF8StringEncoding];
+        size_t result = olm_init_inbound_group_session(session, sessionKeyData.bytes, sessionKeyData.length);
+        if (result == olm_error())   {
+            const char *olm_error = olm_inbound_group_session_last_error(session);
+
+            NSString *errorString = [NSString stringWithUTF8String:olm_error];
+            NSLog(@"olm_init_inbound_group_session error: %@", errorString);
+
+            if (error && olm_error && errorString) {
+                *error = [NSError errorWithDomain:OLMErrorDomain
+                                             code:0
+                                         userInfo:@{
+                                                    NSLocalizedDescriptionKey: errorString,
+                                                    NSLocalizedFailureReasonErrorKey: [NSString stringWithFormat:@"olm_init_inbound_group_session error: %@", errorString]
+                                                    }];
+            }
+
+            return nil;
+        }
+    }
+    return self;
+}
+
+- (NSString *)sessionIdentifier {
+    size_t length = olm_inbound_group_session_id_length(session);
+    NSMutableData *idData = [NSMutableData dataWithLength:length];
+    if (!idData) {
+        return nil;
+    }
+    size_t result = olm_inbound_group_session_id(session, idData.mutableBytes, idData.length);
+    if (result == olm_error()) {
+        const char *error = olm_inbound_group_session_last_error(session);
+        NSLog(@"olm_inbound_group_session_id error: %s", error);
+        return nil;
+    }
+    NSString *idString = [[NSString alloc] initWithData:idData encoding:NSUTF8StringEncoding];
+    return idString;
+}
+
+- (NSString *)decryptMessage:(NSString *)message messageIndex:(NSUInteger*)messageIndex error:(NSError**)error
+{
+    NSParameterAssert(message != nil);
+    NSData *messageData = [message dataUsingEncoding:NSUTF8StringEncoding];
+    if (!messageData) {
+        return nil;
+    }
+    NSMutableData *mutMessage = messageData.mutableCopy;
+    size_t maxPlaintextLength = olm_group_decrypt_max_plaintext_length(session, mutMessage.mutableBytes, mutMessage.length);
+    if (maxPlaintextLength == olm_error()) {
+        const char *olm_error = olm_inbound_group_session_last_error(session);
+
+        NSString *errorString = [NSString stringWithUTF8String:olm_error];
+        NSLog(@"olm_group_decrypt_max_plaintext_length error: %@", errorString);
+
+        if (error && olm_error && errorString) {
+            *error = [NSError errorWithDomain:OLMErrorDomain
+                                         code:0
+                                     userInfo:@{
+                                                NSLocalizedDescriptionKey: errorString,
+                                                NSLocalizedFailureReasonErrorKey: [NSString stringWithFormat:@"olm_group_decrypt_max_plaintext_length error: %@", errorString]
+                                                }];
+        }
+        
+        return nil;
+    }
+    // message buffer is destroyed by olm_group_decrypt_max_plaintext_length
+    mutMessage = messageData.mutableCopy;
+    NSMutableData *plaintextData = [NSMutableData dataWithLength:maxPlaintextLength];
+
+    uint32_t message_index;
+    size_t plaintextLength = olm_group_decrypt(session, mutMessage.mutableBytes, mutMessage.length, plaintextData.mutableBytes, plaintextData.length, &message_index);
+    if (plaintextLength == olm_error()) {
+        const char *olm_error = olm_inbound_group_session_last_error(session);
+
+        NSString *errorString = [NSString stringWithUTF8String:olm_error];
+        NSLog(@"olm_group_decrypt error: %@", errorString);
+
+        if (error && olm_error && errorString) {
+            *error = [NSError errorWithDomain:OLMErrorDomain
+                                         code:0
+                                     userInfo:@{
+                                                NSLocalizedDescriptionKey: errorString,
+                                                NSLocalizedFailureReasonErrorKey: [NSString stringWithFormat:@"olm_group_decrypt error: %@", errorString]
+                                                }];
+        }
+
+        return nil;
+    }
+    plaintextData.length = plaintextLength;
+    NSString *plaintext = [[NSString alloc] initWithData:plaintextData encoding:NSUTF8StringEncoding];
+    [plaintextData resetBytesInRange:NSMakeRange(0, plaintextData.length)];
+
+    if (messageIndex)
+    {
+        *messageIndex = message_index;
+    }
+
+    return plaintext;
+}
+
+
+#pragma mark OLMSerializable
+
+/** Initializes from encrypted serialized data. Will throw error if invalid key or invalid base64. */
+- (instancetype) initWithSerializedData:(NSString *)serializedData key:(NSData *)key error:(NSError *__autoreleasing *)error {
+    self = [self init];
+    if (!self) {
+        return nil;
+    }
+    NSParameterAssert(key.length > 0);
+    NSParameterAssert(serializedData.length > 0);
+    if (key.length == 0 || serializedData.length == 0) {
+        if (error) {
+            *error = [NSError errorWithDomain:OLMErrorDomain code:0 userInfo:@{NSLocalizedDescriptionKey: @"Bad length."}];
+        }
+        return nil;
+    }
+    NSMutableData *pickle = [serializedData dataUsingEncoding:NSUTF8StringEncoding].mutableCopy;
+    size_t result = olm_unpickle_inbound_group_session(session, key.bytes, key.length, pickle.mutableBytes, pickle.length);
+    if (result == olm_error()) {
+        const char *olm_error = olm_inbound_group_session_last_error(session);
+        NSString *errorString = [NSString stringWithUTF8String:olm_error];
+        if (error && errorString) {
+            *error = [NSError errorWithDomain:OLMErrorDomain code:0 userInfo:@{NSLocalizedDescriptionKey: errorString}];
+        }
+        return nil;
+    }
+    return self;
+}
+
+/** Serializes and encrypts object data, outputs base64 blob */
+- (NSString*) serializeDataWithKey:(NSData*)key error:(NSError**)error {
+    NSParameterAssert(key.length > 0);
+    size_t length = olm_pickle_inbound_group_session_length(session);
+    NSMutableData *pickled = [NSMutableData dataWithLength:length];
+    size_t result = olm_pickle_inbound_group_session(session, key.bytes, key.length, pickled.mutableBytes, pickled.length);
+    if (result == olm_error()) {
+        const char *olm_error = olm_inbound_group_session_last_error(session);
+        NSString *errorString = [NSString stringWithUTF8String:olm_error];
+        if (error && errorString) {
+            *error = [NSError errorWithDomain:OLMErrorDomain code:0 userInfo:@{NSLocalizedDescriptionKey: errorString}];
+        }
+        return nil;
+    }
+    NSString *pickleString = [[NSString alloc] initWithData:pickled encoding:NSUTF8StringEncoding];
+    return pickleString;
+}
+
+#pragma mark NSSecureCoding
+
+ (BOOL) supportsSecureCoding {
+    return YES;
+}
+
+#pragma mark NSCoding
+
+- (id)initWithCoder:(NSCoder *)decoder {
+    NSString *version = [decoder decodeObjectOfClass:[NSString class] forKey:@"version"];
+
+    NSError *error = nil;
+
+    if ([version isEqualToString:@"1"]) {
+        NSString *pickle = [decoder decodeObjectOfClass:[NSString class] forKey:@"pickle"];
+        NSData *key = [decoder decodeObjectOfClass:[NSData class] forKey:@"key"];
+
+        self = [self initWithSerializedData:pickle key:key error:&error];
+    }
+
+    NSParameterAssert(error == nil);
+    NSParameterAssert(self != nil);
+    if (!self) {
+        return nil;
+    }
+
+    return self;
+}
+
+- (void)encodeWithCoder:(NSCoder *)encoder {
+    NSData *key = [OLMUtility randomBytesOfLength:32];
+    NSError *error = nil;
+    NSString *pickle = [self serializeDataWithKey:key error:&error];
+    NSParameterAssert(pickle.length > 0 && error == nil);
+
+    [encoder encodeObject:pickle forKey:@"pickle"];
+    [encoder encodeObject:key forKey:@"key"];
+    [encoder encodeObject:@"1" forKey:@"version"];
+}
+
+@end
--- a/xcode/OLMKit/OLMKit.h
+++ b/xcode/OLMKit/OLMKit.h
+/*
+ Copyright 2016 Chris Ballinger
+ Copyright 2016 OpenMarket Ltd
+ Copyright 2016 Vector Creations Ltd
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ */
+
+#import <UIKit/UIKit.h>
+
+//! Project version string for OLMKit, the same as libolm.
+NSString *OLMKitVersionString();
+
+// In this header, you should import all the public headers of your framework using statements like #import <OLMKit/PublicHeader.h>
+
+#import <OLMKit/OLMAccount.h>
+#import <OLMKit/OLMSession.h>
+#import <OLMKit/OLMMessage.h>
+#import <OLMKit/OLMUtility.h>
+#import <OLMKit/OLMInboundGroupSession.h>
+#import <OLMKit/OLMOutboundGroupSession.h>
--- a/xcode/OLMKit/OLMKit.m
+++ b/xcode/OLMKit/OLMKit.m
+/*
+ Copyright 2016 OpenMarket Ltd
+ Copyright 2016 Vector Creations Ltd
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ */
+
+#import "OLMKit.h"
+
+#include "olm/olm.h"
+
+NSString *OLMKitVersionString()
+{
+    uint8_t major, minor, patch;
+
+    olm_get_library_version(&major, &minor, &patch);
+
+    return [NSString stringWithFormat:@"%tu.%tu.%tu", major, minor, patch];
+}
--- a/xcode/OLMKit/OLMMessage.h
+++ b/xcode/OLMKit/OLMMessage.h
+/*
+ Copyright 2016 Chris Ballinger
+ Copyright 2016 OpenMarket Ltd
+ Copyright 2016 Vector Creations Ltd
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ */
+
+#import <Foundation/Foundation.h>
+
+/*
+ from olm.hh
+ static const size_t OLM_MESSAGE_TYPE_PRE_KEY = 0;
+ static const size_t OLM_MESSAGE_TYPE_MESSAGE = 1;
+ */
+typedef NS_ENUM(NSInteger, OLMMessageType) {
+    OLMMessageTypePreKey = 0,
+    OLMMessageTypeMessage = 1
+};
+
+@interface OLMMessage : NSObject
+
+@property (nonatomic, copy, readonly, nonnull) NSString *ciphertext;
+@property (readonly) OLMMessageType type;
+
+- (nullable instancetype) initWithCiphertext:(nonnull NSString*)ciphertext type:(OLMMessageType)type;
+
+@end
--- a/xcode/OLMKit/OLMMessage.m
+++ b/xcode/OLMKit/OLMMessage.m
+/*
+ Copyright 2016 Chris Ballinger
+ Copyright 2016 OpenMarket Ltd
+ Copyright 2016 Vector Creations Ltd
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ */
+
+#import "OLMMessage.h"
+
+@implementation OLMMessage
+
+- (nullable instancetype) initWithCiphertext:(nonnull NSString*)ciphertext type:(OLMMessageType)type {
+    NSParameterAssert(ciphertext != nil);
+    self = [super init];
+    if (!self) {
+        return nil;
+    }
+    _ciphertext = [ciphertext copy];
+    _type = type;
+    return self;
+}
+
+@end
--- a/xcode/OLMKit/OLMOutboundGroupSession.h
+++ b/xcode/OLMKit/OLMOutboundGroupSession.h
+/*
+ Copyright 2016 OpenMarket Ltd
+ Copyright 2016 Vector Creations Ltd
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ */
+
+#import <Foundation/Foundation.h>
+#import "OLMSerializable.h"
+
+@interface OLMOutboundGroupSession : NSObject <OLMSerializable, NSSecureCoding>
+
+- (instancetype) initOutboundGroupSession;
+
+- (NSString*)sessionIdentifier;
+- (NSUInteger)messageIndex;
+- (NSString*)sessionKey;
+
+/** UTF-8 plaintext -> base64 ciphertext */
+- (NSString*)encryptMessage:(NSString*)message error:(NSError**)error;
+
+@end
--- a/xcode/OLMKit/OLMOutboundGroupSession.m
+++ b/xcode/OLMKit/OLMOutboundGroupSession.m
+/*
+ Copyright 2016 OpenMarket Ltd
+ Copyright 2016 Vector Creations Ltd
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ */
+
+#import "OLMOutboundGroupSession.h"
+
+#import "OLMUtility.h"
+#include "olm/olm.h"
+
+@interface OLMOutboundGroupSession ()
+{
+    OlmOutboundGroupSession *session;
+}
+@end
+
+@implementation OLMOutboundGroupSession
+
+- (void)dealloc {
+    olm_clear_outbound_group_session(session);
+    free(session);
+}
+
+- (instancetype)init {
+    self = [super init];
+    if (self)
+    {
+        session = malloc(olm_outbound_group_session_size());
+        if (session) {
+            session = olm_outbound_group_session(session);
+        }
+
+        if (!session) {
+            return nil;
+        }
+    }
+    return self;
+}
+
+- (instancetype)initOutboundGroupSession {
+    self = [self init];
+    if (self) {
+        NSMutableData *random = [OLMUtility randomBytesOfLength:olm_init_outbound_group_session_random_length(session)];
+
+        size_t result = olm_init_outbound_group_session(session, random.mutableBytes, random.length);
+        [random resetBytesInRange:NSMakeRange(0, random.length)];
+        if (result == olm_error())   {
+            const char *error = olm_outbound_group_session_last_error(session);
+            NSLog(@"olm_init_outbound_group_session error: %s", error);
+            return nil;
+        }
+    }
+    return self;
+}
+
+- (NSString *)sessionIdentifier {
+    size_t length = olm_outbound_group_session_id_length(session);
+    NSMutableData *idData = [NSMutableData dataWithLength:length];
+    if (!idData) {
+        return nil;
+    }
+    size_t result = olm_outbound_group_session_id(session, idData.mutableBytes, idData.length);
+    if (result == olm_error()) {
+        const char *error = olm_outbound_group_session_last_error(session);
+        NSLog(@"olm_outbound_group_session_id error: %s", error);
+        return nil;
+    }
+    NSString *idString = [[NSString alloc] initWithData:idData encoding:NSUTF8StringEncoding];
+    return idString;
+}
+
+- (NSUInteger)messageIndex {
+    return olm_outbound_group_session_message_index(session);
+}
+
+- (NSString *)sessionKey {
+    size_t length = olm_outbound_group_session_key_length(session);
+    NSMutableData *sessionKeyData = [NSMutableData dataWithLength:length];
+    if (!sessionKeyData) {
+        return nil;
+    }
+    size_t result = olm_outbound_group_session_key(session, sessionKeyData.mutableBytes, sessionKeyData.length);
+    if (result == olm_error()) {
+        const char *error = olm_outbound_group_session_last_error(session);
+        NSLog(@"olm_outbound_group_session_key error: %s", error);
+        return nil;
+    }
+    NSString *sessionKey = [[NSString alloc] initWithData:sessionKeyData encoding:NSUTF8StringEncoding];
+    [sessionKeyData resetBytesInRange:NSMakeRange(0, sessionKeyData.length)];
+    return sessionKey;
+}
+
+- (NSString *)encryptMessage:(NSString *)message error:(NSError**)error {
+    NSData *plaintextData = [message dataUsingEncoding:NSUTF8StringEncoding];
+    size_t ciphertextLength = olm_group_encrypt_message_length(session, plaintextData.length);
+    NSMutableData *ciphertext = [NSMutableData dataWithLength:ciphertextLength];
+    if (!ciphertext) {
+        return nil;
+    }
+    size_t result = olm_group_encrypt(session, plaintextData.bytes, plaintextData.length, ciphertext.mutableBytes, ciphertext.length);
+    if (result == olm_error()) {
+        const char *olm_error = olm_outbound_group_session_last_error(session);
+
+        NSString *errorString = [NSString stringWithUTF8String:olm_error];
+        NSLog(@"olm_group_encrypt error: %@", errorString);
+
+        if (error && olm_error && errorString) {
+            *error = [NSError errorWithDomain:OLMErrorDomain
+                                         code:0
+                                     userInfo:@{
+                                                NSLocalizedDescriptionKey: errorString,
+                                                NSLocalizedFailureReasonErrorKey: [NSString stringWithFormat:@"olm_group_encrypt error: %@", errorString]
+                                                }];
+        }
+
+        return nil;
+    }
+    return [[NSString alloc] initWithData:ciphertext encoding:NSUTF8StringEncoding];
+}
+
+#pragma mark OLMSerializable
+
+/** Initializes from encrypted serialized data. Will throw error if invalid key or invalid base64. */
+- (instancetype) initWithSerializedData:(NSString *)serializedData key:(NSData *)key error:(NSError *__autoreleasing *)error {
+    self = [self init];
+    if (!self) {
+        return nil;
+    }
+    NSParameterAssert(key.length > 0);
+    NSParameterAssert(serializedData.length > 0);
+    if (key.length == 0 || serializedData.length == 0) {
+        if (error) {
+            *error = [NSError errorWithDomain:OLMErrorDomain code:0 userInfo:@{NSLocalizedDescriptionKey: @"Bad length."}];
+        }
+        return nil;
+    }
+    NSMutableData *pickle = [serializedData dataUsingEncoding:NSUTF8StringEncoding].mutableCopy;
+    size_t result = olm_unpickle_outbound_group_session(session, key.bytes, key.length, pickle.mutableBytes, pickle.length);
+    if (result == olm_error()) {
+        const char *olm_error = olm_outbound_group_session_last_error(session);
+        NSString *errorString = [NSString stringWithUTF8String:olm_error];
+        if (error && errorString) {
+            *error = [NSError errorWithDomain:OLMErrorDomain code:0 userInfo:@{NSLocalizedDescriptionKey: errorString}];
+        }
+        return nil;
+    }
+    return self;
+}
+
+/** Serializes and encrypts object data, outputs base64 blob */
+- (NSString*) serializeDataWithKey:(NSData*)key error:(NSError**)error {
+    NSParameterAssert(key.length > 0);
+    size_t length = olm_pickle_outbound_group_session_length(session);
+    NSMutableData *pickled = [NSMutableData dataWithLength:length];
+    size_t result = olm_pickle_outbound_group_session(session, key.bytes, key.length, pickled.mutableBytes, pickled.length);
+    if (result == olm_error()) {
+        const char *olm_error = olm_outbound_group_session_last_error(session);
+        NSString *errorString = [NSString stringWithUTF8String:olm_error];
+        if (error && errorString) {
+            *error = [NSError errorWithDomain:OLMErrorDomain code:0 userInfo:@{NSLocalizedDescriptionKey: errorString}];
+        }
+        return nil;
+    }
+    NSString *pickleString = [[NSString alloc] initWithData:pickled encoding:NSUTF8StringEncoding];
+    return pickleString;
+}
+
+#pragma mark NSSecureCoding
+
+ (BOOL) supportsSecureCoding {
+    return YES;
+}
+
+#pragma mark NSCoding
+
+- (id)initWithCoder:(NSCoder *)decoder {
+    NSString *version = [decoder decodeObjectOfClass:[NSString class] forKey:@"version"];
+
+    NSError *error = nil;
+
+    if ([version isEqualToString:@"1"]) {
+        NSString *pickle = [decoder decodeObjectOfClass:[NSString class] forKey:@"pickle"];
+        NSData *key = [decoder decodeObjectOfClass:[NSData class] forKey:@"key"];
+
+        self = [self initWithSerializedData:pickle key:key error:&error];
+    }
+
+    NSParameterAssert(error == nil);
+    NSParameterAssert(self != nil);
+    if (!self) {
+        return nil;
+    }
+
+    return self;
+}
+
+- (void)encodeWithCoder:(NSCoder *)encoder {
+    NSData *key = [OLMUtility randomBytesOfLength:32];
+    NSError *error = nil;
+    NSString *pickle = [self serializeDataWithKey:key error:&error];
+    NSParameterAssert(pickle.length > 0 && error == nil);
+
+    [encoder encodeObject:pickle forKey:@"pickle"];
+    [encoder encodeObject:key forKey:@"key"];
+    [encoder encodeObject:@"1" forKey:@"version"];
+}
+
+@end