Repository files navigation

This repository is part of the source code of Wire. You can find more information atwire.com or bycontactingopensource@wire.com.

You can find the published source code atgithub.com/wireapp/wire.

For licensing information, see the attached LICENSE file and the list of third-party licenses atwire.com/legal/licenses/.

No license is granted to the Wire trademark and its associated logos, all of which will continue to be owned exclusivelyby Wire Swiss GmbH. Any use of the Wire trademark and/or its associated logos is expressly prohibited without theexpress prior written consent of Wire Swiss GmbH.

• CoreCrypto: Abstracts MLS & Proteus in a unified API
• CoreCryptoFFI: FFI bindings for iOS, Android and WASM
• Keystore: Encrypted Keystore powered by SQLCipher on all platforms except WASM. WASM uses an IndexedDB-backed,encrypted store with AES256-GCM
• MlsProvider: RustCrypto + Keystore MLS provider

SeeARCHITECTURE.md

• rust:https://rustup.rs/
• GNU make:https://www.gnu.org/software/make/ (min version: 4.3)

• Install thepre-commit framework
• Runpre-commit install to initialize the pre-commit hooks

Install Android SDK and Build-Tools for API level 30+

exportANDROID_SDK_ROOT=~/Android/Sdk

Install the Android NDK. Make sure to set theANDROID_NDK_HOME variable to point to the NDK installation.

Install android rust targets:

rustuptargetaddx86_64-linux-androidaarch64-linux-androidarmv7-linux-androideabi

Build:

makeandroid

Install Xcode & its command-line tools:https://developer.apple.com/xcode/.

Install iOS rust targets:

rustuptargetaddaarch64-apple-iosaarch64-apple-ios-sim

Build:

makeios# Additionally, if you want to export a .XCFramework:makeios-create-xcframework

Install macOS rust targets:

rustuptargetaddaarch64-apple-darwin

Install Linux targets:

rustuptargetaddx86_64-unknown-linux-gnu

Make sure you have all prerequisites:

• Installwasm-pack
• Install thewasm32-unknown-unknown toolchain:rustup target add wasm32-unknown-unknown
• Install node.js (recommended way is viaVolta)
• Install Bun (follow the instructions onBun's website)

Build:

makets

Build bindings for Android, JVM, iOS and WASM

# builds bindings and targets for the JVM (macOS / Linux)makejvm# builds bindings and targets for Androidmakeandroid# builds iOS frameworkmakeios-create-xcframework# builds wasm binary & TS bindingsmakets

# Install cargo-nextest if you haven't done so, it yields some substantial speedupcargoinstallcargo-nextestcargonextestrun

If you haven't already, install the target and wasm-pack:

rustup target add wasm32-unknown-unknowncargo install wasm-pack

If you want to test for chrome,get chromedriver or the webdriver for thebrowser you want to test for, respectively.

Then, to run tests for a crate in the workspace do

wasm-packtest--headless--chrome./<crate-folder-to-test>

cargonextestrun--featurestest-all-cipher

make jvm-test

make android-test

No E2E testing is available as of now on Swift.

make ts-test

Note theCC_TEST_LOG_LEVEL environment variable. At 1 it emits browser console logs; at 2 it also emits CoreCryptologs.

There are benches implemented incrypto/benches for several operations on mls groups with varyingsizes or proteus. Parameters like minimum or maximum group sizes and step sizes are defined incrypto/benches/utils/mod.rs.

To execute the benches, e.g. for creating commits, run

cargo bench --bench=commit -- --quick

wherecommit is the name of the bench specified incrypto/Cargo.toml, and the correspondingfile incrypto/benches. In case you're interested in higher accuracy, and willing to trade it forexecution speed, omit the--quick flag. If you need reporting plots, remove the.without_plots() call incrypto/benches/utils/mod.rs. The reports generated by criterion will be located intarget/criterion.

• Themain branch is used as the everyday development branch.
• No merge commits. Always rebase on top ofmain.
• Release branches are namedrelease/<series>, e.g.release/1.x,release/2.x.
• Release branches contain fixes relevant to their specific release series and are never merged tomain.
• Release branches always branch off their first major release tag. For example, the output ofgit merge-base main release/2.x must be a commit pointed to by tagv2.0.0.
• Release branches are created lazily, that is, only when the first fix needs to be applied and released for a specificrelease series.
• Useconventional commits -- those are picked up by the changeloggenerator.
• If there is a JIRA ticket related to the change, you should mention it in either the PR title or the commit(s), withthe following format:[TICKET_ID].
• Sign yourcommitsandtags.
• Remove branches from the remote once you don't need them anymore.

The versioning scheme used isSemVer AKA Semantic Versioning.

1. Make a branch based onmain to prepare for release (git checkout -b prepare-release/X.Y.Z)
2. Runsh scripts/update-versions.sh X.Y.Z to update the versions of
   • all workspace member crates
   • package.json
   • crypto-ffi/bindings/gradle.properties Make sure the result of the script run is correct.
3. Generate the relevant changelog section:

   git cliff --bump --unreleased

   and add it to the top ofCHANGELOG.md. Make sure the version number generated bygit cliff matches the releaseversion.
4. If there are any release highlights, add them as the first subsection below release title:

   ##v1.0.2 - 2024-08-16###Highlights- foo- bar- baz

5. Inindex.md, copy the commented-out table row from the bottom of the file to the appropriate placein the table, ordering by version number, descending. Search and replace the first 5 occurrences ofx.x.x withX.Y.Z.
6. Make sure the changes look reasonable and complete; you can use the previous release as a reference
7. Push yourprepare-release/X.Y.Z branch and create a PR for it
8. Get it reviewed, then merge it intomain and remove theprepare-release/X.Y.Z branch from the remote
9. Now, pull your localmain:git checkout main && git pull
10. Create the release tag:git tag -s vX.Y.Z
11. Push the new tag:git push origin tag vX.Y.Z
12. Create a new release on github, copying the relevant section fromCHANGELOG.md
13. Voilà!

1. Isolate the changes toindex.md andCHANGELOG.md from the release commit itself
2. After the release is finished, cherry-pick the changes toindex.md andCHANGELOG.md and get themintomain
3. For release series4.x and newer, docs upload happens automatically. If you released from the series3.x orolder, you need to trigger docs upload manually:
   1. On GitHub, go to thedocs workflow
   2. Click theRun workflow button
   3. In theUse workflow from dropdown, chooserelease/5.x, inTag to checkout provide your release tag

Publishing Android / JVM bindings happens automatically by a github workflow when a release tag is pushed.

If you would like to publish the bindings to a local Maven cache, run:

cdcrypto-ffi/bindings./gradlew:jvm:publishToMavenLocal./gradlew:android:publishToMavenLocal

Publishing JS / WASM bindings happens automatically by a github workflow when a release tag is pushed.

If you would like to publish to@wireapp/core-crypto manually, log into NPM and just runbun publish.