Wire CoreCrypto

This repository is part of the source code of Wire. You can find more information at wire.com or by
contacting opensource@wire.com.
You can find the published source code at github.com/wireapp/wire.
For licensing information, see the attached LICENSE file and the list of third-party licenses at
wire.com/legal/licenses/.
No license is granted to the Wire trademark and its associated logos, all of which will continue to be owned exclusively
by Wire Swiss GmbH. Any use of the Wire trademark and/or its associated logos is expressly prohibited without the
express prior written consent of Wire Swiss GmbH.
Documentation
Building
General Requirements
- rust: https://rustup.rs/
- GNU make: https://www.gnu.org/software/make/ (min version: 4.3)
- nextest: https://nexte.st/:
cargo install --locked cargo-nextest
Pre-commit
- Install the
pre-commit framework
- Run
pre-commit install to initialize the pre-commit hooks
JVM
- Install SDKMAN!:
curl -s "https://get.sdkman.io" | bash
- Install Java 17:
sdk install java 17.0.17-tem
- Install Kotlin:
sdk install kotlin
make jvm
make jvm-test
Android
Install Android SDK and Build-Tools for API level 30+
[!IMPORTANT]
If you are building on macOS you'll need to setup $ANDROID_SDK_ROOT path variable manually:
export ANDROID_SDK_ROOT=~/Android/Sdk
Install the Android NDK. Make sure to set the
ANDROID_NDK_HOME variable to point to the NDK installation.
Install android rust targets:
rustup target add x86_64-linux-android aarch64-linux-android armv7-linux-androideabi
Build:
make android
iOS
Install Xcode & its command-line tools: https://developer.apple.com/xcode/.
Install Sourcery
brew install sourcery
Install iOS rust targets:
rustup target add aarch64-apple-ios aarch64-apple-ios-sim
Build:
make ios
make ios-create-xcframework
MacOS
Install macOS rust targets:
rustup target add aarch64-apple-darwin
Linux
[!NOTE]
If cross-compiling from macOS, you'll need to install
https://github.com/messense/homebrew-macos-cross-toolchains.
Install Linux targets:
rustup target add x86_64-unknown-linux-gnu
WASM
Make sure you have all prerequisites:
Build:
make ts
make ts-test
Bindings
Build bindings for Android, JVM, iOS and WASM
make jvm
make android
make ios-create-xcframework
make ts
Testing
Rust Unit/Integration Tests
cargo nextest run
All Cipher Suites
[!WARNING]
This takes quite a while.
cargo nextest run --features test-all-cipher
Keystore Wasm tests
Sometimes for the Keystore it is valuable to run Rust unit/integration tests on the WASM target.
- Ensure you are set up to build wasm
- Install
wasm-pack: cargo install wasm-pack.
Then, just use wasm-pack to run the tests:
wasm-pack test --headless --chrome -- ./keystore --locked
Run tests containing the word proteus, additionally enabling the feature proteus-keystore:
wasm-pack test --headless --chrome -- ./keystore --locked --features proteus-keystore -- proteus
Unfortunately it appears that nextest doesn't work well with the wasm runner, so we're stuck with the basic test runner.
Platform-specific tests for WASM/Web
make ts-test
Note the CC_TEST_LOG_LEVEL environment variable. At 1 it emits browser console logs; at 2 it also emits CoreCrypto
logs.
Platform-specific tests for Kotlin/JVM
make jvm-test
Platform-specific tests for Android
make android-test
Swift/iOS
Currently works on macOS only.
make ios-test
Interop
- Make sure you've successfully run each platform-specific test suite that is supported on your machine, since the
setup required for this test is a superset of the requirements for each platform.
- Install Chrome and
chromedriver
make interop-test
End-to-end-identity (E2EI) testing
Preparing the container runtime environment
Some tests require a working container runtime, so make sure to prepare one before running all tests. Platform-specific
instructions follow below.
On Linux with Docker
Make sure to start the Docker service if it is not already running:
systemctl start docker.service
On Linux with Podman
systemctl --user start podman.socket
podman version
export DOCKER_HOST=unix:///run/user/$UID/podman/podman.sock
On macOS with Docker
Note: Docker under macOS requires Docker Desktop, which must run as a GUI application.
brew install docker docker-desktop
docker version
On macOS with Podman
brew install podman
sudo podman-mac-helper install
podman machine init --image docker://quay.io/podman/machine-os:5.5
podman machine start
podman version
ln -s /opt/homebrew/bin/podman /opt/homebrew/bin/docker
Choosing the OIDC identity provider
Choose the OIDC identity provider to use in tests by setting the TEST_IDP variable:
export TEST_IDP=keycloak
export TEST_IDP=authelia
Running all tests at once
Simply execute the run-e2ei-tests.sh script:
bash scripts/run-e2ei-tests.sh
The script will take care of cleaning up processes and containers that are started during tests.
Running specific tests
run-e2ei-tests.sh forwards its arguments to cargo nextest, which can be used to run a specific test, or any subset
of tests, e.g.
bash scripts/run-e2ei-tests.sh alg::p256
Manually invoking tests
First, you need to start test-wire-server:
$ cargo run --locked --bin test-wire-server
[...]
127.0.0.1:20530
Note the IP and port printed by test-wire-server and export that as TEST_WIRE_SERVER_ADDR:
export TEST_WIRE_SERVER_ADDR=127.0.0.1:20530
Now that the environment is ready, you can run a specific test, or any subset of tests, e.g.
cargo nextest run --locked --ignore-default-filter -p wire-e2e-identity alg::p256
Once you are done with testing, terminate the IdP container that has been started:
docker kill keycloak && docker rm keycloak
docker kill authelia.local && docker rm authelia.local
as well as the test-wire-server instance.
Formatting and Linting
For all languages we provide make rules for formatting and checking.
Requirements
Swift
We're using swift-format to format swift files and use
swiftlint for linting.
Kotlin
We're using ktlint to format and lint kotlin files.
Markdown
We're using mdformat for consistent formatting of our markdown files. Install it with the following extensions
mdformat-gfm
mdformat-frontmatter
mdformat-footnote
mdformat-gfm-alerts
mdformat-toc
Toml
We're using taplo to format .toml files.
Benchmarks
Nightly run
Every night we run benchmarks on the main branch and publish the results on the
CoreCrypto Benchmarks page.
FFI Bindings
There are benchmarks for jvm, browser, and ts-native bindings run via the corresponding make rule. You can filter
Benchmarks by setting BENCH.
JVM
make jvm-bench
Browser
make ts-browser-bench
TS-Native
make ts-native-bench
Profiling
We can attach a profiler to the JVM benchmarks. We provide configuration for async-profiler via make.
Install async-profiler
Set ASYNC_PROFILER_LIB to the .so or .dylib file of the installation, e.g. :
export ASYNC_PROFILER_LIB=<install-path>/async-profiler/4.3/lib/libasyncProfiler.dylib
You can then create flamegraphs for any jvm benchmarks using:
make jvm-bench PROFILE=1
Results are saved to core-crypto/crypto-ffi/bindings/jvm/build/reports/async.
Git workflow
Publishing
Versioning
The versioning scheme used is SemVer AKA Semantic Versioning.
Making a new release
Consider when making a release from a release branch
- Isolate the changes to index.md and
[release notes](cc-book/src/release_notes.md) from the release
commit itself
- After the release is finished, cherry-pick the changes to index.md and
[release notes](cc-book/src/release_notes.md) and get them into main