session-ios/SignalServiceKit/tests/Util/CryptographyTests.m

//
//  Copyright (c) 2017 Open Whisper Systems. All rights reserved.
//

#import <XCTest/XCTest.h>
#import "Cryptography.h"
#import "NSData+Base64.h"

NS_ASSUME_NONNULL_BEGIN

@interface Cryptography (TestingPrivateMethods)

+ (nullable NSData *)decryptAESGCMWithInitializationVector:(NSData *)initializationVector
                                                ciphertext:(NSData *)ciphertext
                                                   authTag:(NSData *)authTagFromEncrypt
                                                       key:(OWSAES256Key *)key;

@end

@interface CryptographyTests : XCTestCase

@end

@interface Cryptography (Test)
+ (NSData *)truncatedSHA256HMAC:(NSData *)dataToHMAC withHMACKey:(NSData *)HMACKey truncation:(int)bytes;
+ (NSData *)encryptCBCMode:(NSData *)dataToEncrypt
                   withKey:(NSData *)key
                    withIV:(NSData *)iv
               withVersion:(NSData *)version
               withHMACKey:(NSData *)hmacKey
              withHMACType:(TSMACType)hmacType
              computedHMAC:(NSData **)hmac;

+ (NSData *)decryptCBCMode:(NSData *)dataToDecrypt
                       key:(NSData *)key
                        IV:(NSData *)iv
                   version:(NSData *)version
                   HMACKey:(NSData *)hmacKey
                  HMACType:(TSMACType)hmacType
              matchingHMAC:(NSData *)hmac;
@end

@implementation CryptographyTests

- (void)testEncryptAttachmentData
{

    NSString *plainText = @"SGF3YWlpIGlzIEF3ZXNvbWUh";
    NSData *plainTextData = [NSData dataFromBase64String:plainText];

    // Sanity
    XCTAssertNotNil(plainTextData);

    NSData *generatedKey;
    NSData *generatedDigest;

    NSData *cipherText =
        [Cryptography encryptAttachmentData:plainTextData outKey:&generatedKey outDigest:&generatedDigest];

    NSData *decryptedData = [Cryptography decryptAttachment:cipherText withKey:generatedKey digest:generatedDigest];

    XCTAssertEqualObjects(plainTextData, decryptedData);
}

- (void)testDecryptAttachmentWithBadKey
{
    NSString *plainText = @"SGF3YWlpIGlzIEF3ZXNvbWUh";
    NSData *plainTextData = [NSData dataFromBase64String:plainText];

    // Sanity
    XCTAssertNotNil(plainTextData);

    NSData *generatedKey;
    NSData *generatedDigest;

    NSData *cipherText =
        [Cryptography encryptAttachmentData:plainTextData outKey:&generatedKey outDigest:&generatedDigest];

    NSData *badKey = [Cryptography generateRandomBytes:64];

    NSData *decryptedData = [Cryptography decryptAttachment:cipherText withKey:badKey digest:generatedDigest];

    XCTAssertNil(decryptedData);
}

- (void)testDecryptAttachmentWithBadDigest
{
    NSString *plainText = @"SGF3YWlpIGlzIEF3ZXNvbWUh";
    NSData *plainTextData = [NSData dataFromBase64String:plainText];

    // Sanity
    XCTAssertNotNil(plainTextData);

    NSData *generatedKey;
    NSData *generatedDigest;

    NSData *cipherText =
        [Cryptography encryptAttachmentData:plainTextData outKey:&generatedKey outDigest:&generatedDigest];

    NSData *badDigest = [Cryptography generateRandomBytes:32];

    NSData *decryptedData = [Cryptography decryptAttachment:cipherText withKey:generatedKey digest:badDigest];

    XCTAssertNil(decryptedData);
}

- (void)testComputeSHA256Digest
{
    NSString *plainText = @"SGF3YWlpIGlzIEF3ZXNvbWUh";
    NSData *plainTextData = [NSData dataFromBase64String:plainText];
    NSData *digest = [Cryptography computeSHA256Digest:plainTextData];

    const uint8_t expectedBytes[] = {
        0xba, 0x5f, 0xf1, 0x26,
        0x82, 0xbb, 0xb2, 0x51,
        0x8b, 0xe6, 0x06, 0x48,
        0xc5, 0x53, 0xd0, 0xa2,
        0xbf, 0x71, 0xf1, 0xec,
        0xb4, 0xdb, 0x02, 0x12,
        0x5f, 0x80, 0xea, 0x34,
        0xc9, 0x8d, 0xee, 0x1f
    };

    NSData *expectedDigest = [NSData dataWithBytes:expectedBytes length:32];
    XCTAssertEqualObjects(expectedDigest, digest);

    NSData *expectedTruncatedDigest = [NSData dataWithBytes:expectedBytes length:10];
    NSData *truncatedDigest = [Cryptography computeSHA256Digest:plainTextData truncatedToBytes:10];
    XCTAssertEqualObjects(expectedTruncatedDigest, truncatedDigest);
}

- (void)testGCMRoundTrip
{
    NSData *plainTextData = [@"Super🔥secret🔥test🔥data🏁🏁" dataUsingEncoding:NSUTF8StringEncoding];
    // Sanity Check
    XCTAssertEqual(39, plainTextData.length);

    OWSAES256Key *key = [OWSAES256Key new];
    NSData *_Nullable encryptedData = [Cryptography encryptAESGCMWithData:plainTextData key:key];

    const NSUInteger ivLength = 12;
    const NSUInteger tagLength = 16;
    
    XCTAssertEqual(ivLength + plainTextData.length + tagLength, encryptedData.length);

    NSData *_Nullable decryptedData = [Cryptography decryptAESGCMWithData:encryptedData key:key];
    XCTAssert(decryptedData != nil);
    XCTAssertEqual(39, decryptedData.length);
    XCTAssertEqualObjects(plainTextData, decryptedData);
    XCTAssertEqualObjects(@"Super🔥secret🔥test🔥data🏁🏁", [[NSString alloc] initWithData:decryptedData encoding:NSUTF8StringEncoding]);
}

- (void)testGCMWithBadTag
{
    NSData *plainTextData = [@"Super🔥secret🔥test🔥data🏁🏁" dataUsingEncoding:NSUTF8StringEncoding];
    // Sanity Check
    XCTAssertEqual(39, plainTextData.length);

    OWSAES256Key *key = [OWSAES256Key new];
    NSData *_Nullable encryptedData = [Cryptography encryptAESGCMWithData:plainTextData key:key];

    const NSUInteger ivLength = 12;
    const NSUInteger tagLength = 16;

    XCTAssertEqual(ivLength + plainTextData.length + tagLength, encryptedData.length);

    // Logic to slice up encryptedData copied from `[Cryptography decryptAESGCMWithData:key:]`

    // encryptedData layout: initializationVector || cipherText || authTag
    NSUInteger cipherTextLength = encryptedData.length - ivLength - tagLength;

    NSData *initializationVector = [encryptedData subdataWithRange:NSMakeRange(0, ivLength)];
    NSData *cipherText = [encryptedData subdataWithRange:NSMakeRange(ivLength, cipherTextLength)];
    NSData *authTag = [encryptedData subdataWithRange:NSMakeRange(ivLength + cipherTextLength, tagLength)];

    NSData *_Nullable decryptedData = [Cryptography decryptAESGCMWithInitializationVector:initializationVector
                                                                               ciphertext:cipherText
                                                                                  authTag:authTag
                                                                                      key:key];

    // Before we corrupt the tag, make sure we can decrypt the text as a sanity check to ensure we divided up the
    // encryptedData correctly.
    XCTAssert(decryptedData != nil);
    XCTAssertEqualObjects(
        @"Super🔥secret🔥test🔥data🏁🏁", [[NSString alloc] initWithData:decryptedData encoding:NSUTF8StringEncoding]);

    // Now that we know it decrypts, try again with a bogus authTag
    NSMutableData *bogusAuthTag = [authTag mutableCopy];

    // Corrupt one byte in the bogusAuthTag
    uint8_t flippedByte;
    [bogusAuthTag getBytes:&flippedByte length:1];
    flippedByte = flippedByte ^ 0xff;
    [bogusAuthTag replaceBytesInRange:NSMakeRange(0, 1) withBytes:&flippedByte];

    decryptedData = [Cryptography decryptAESGCMWithInitializationVector:initializationVector
                                                             ciphertext:cipherText
                                                                authTag:bogusAuthTag
                                                                    key:key];

    XCTAssertNil(decryptedData, @"Should have failed to decrypt");
}

@end

NS_ASSUME_NONNULL_END
Init Commit 10 years ago			`//`
Include digest in attachments - constant time compare - free buffer passed to NSData // FREEBIE 9 years ago			`// Copyright (c) 2017 Open Whisper Systems. All rights reserved.`
Init Commit 10 years ago			`//`

			`#import <XCTest/XCTest.h>`
			`#import "Cryptography.h"`
			`#import "NSData+Base64.h"`

Include digest in attachments - constant time compare - free buffer passed to NSData // FREEBIE 9 years ago			`NS_ASSUME_NONNULL_BEGIN`

verification on decrypt // FREEBIE 8 years ago			`@interface Cryptography (TestingPrivateMethods)`

			`+ (nullable NSData )decryptAESGCMWithInitializationVector:(NSData )initializationVector`
aes-gcm via openssl // FREEBIE 8 years ago			`ciphertext:(NSData *)ciphertext`
verification on decrypt // FREEBIE 8 years ago			`authTag:(NSData *)authTagFromEncrypt`
aes-gcm via openssl // FREEBIE 8 years ago			`key:(OWSAES256Key *)key;`
verification on decrypt // FREEBIE 8 years ago
			`@end`

Init Commit 10 years ago			`@interface CryptographyTests : XCTestCase`

			`@end`

			`@interface Cryptography (Test)`
			`+ (NSData )truncatedSHA256HMAC:(NSData )dataToHMAC withHMACKey:(NSData *)HMACKey truncation:(int)bytes;`
			`+ (NSData )encryptCBCMode:(NSData )dataToEncrypt`
			`withKey:(NSData *)key`
			`withIV:(NSData *)iv`
			`withVersion:(NSData *)version`
			`withHMACKey:(NSData *)hmacKey`
			`withHMACType:(TSMACType)hmacType`
			`computedHMAC:(NSData **)hmac;`

			`+ (NSData )decryptCBCMode:(NSData )dataToDecrypt`
			`key:(NSData *)key`
			`IV:(NSData *)iv`
			`version:(NSData *)version`
			`HMACKey:(NSData *)hmacKey`
			`HMACType:(TSMACType)hmacType`
			`matchingHMAC:(NSData *)hmac;`
			`@end`

			`@implementation CryptographyTests`

Include digest in attachments - constant time compare - free buffer passed to NSData // FREEBIE 9 years ago			`- (void)testEncryptAttachmentData`
			`{`

			`NSString *plainText = @"SGF3YWlpIGlzIEF3ZXNvbWUh";`
			`NSData *plainTextData = [NSData dataFromBase64String:plainText];`

			`// Sanity`
			`XCTAssertNotNil(plainTextData);`

			`NSData *generatedKey;`
			`NSData *generatedDigest;`

			`NSData *cipherText =`
			`[Cryptography encryptAttachmentData:plainTextData outKey:&generatedKey outDigest:&generatedDigest];`

			`NSData *decryptedData = [Cryptography decryptAttachment:cipherText withKey:generatedKey digest:generatedDigest];`

			`XCTAssertEqualObjects(plainTextData, decryptedData);`
			`}`

			`- (void)testDecryptAttachmentWithBadKey`
			`{`
			`NSString *plainText = @"SGF3YWlpIGlzIEF3ZXNvbWUh";`
			`NSData *plainTextData = [NSData dataFromBase64String:plainText];`

			`// Sanity`
			`XCTAssertNotNil(plainTextData);`

			`NSData *generatedKey;`
			`NSData *generatedDigest;`

			`NSData *cipherText =`
			`[Cryptography encryptAttachmentData:plainTextData outKey:&generatedKey outDigest:&generatedDigest];`
Init Commit 10 years ago
Include digest in attachments - constant time compare - free buffer passed to NSData // FREEBIE 9 years ago			`NSData *badKey = [Cryptography generateRandomBytes:64];`

			`NSData *decryptedData = [Cryptography decryptAttachment:cipherText withKey:badKey digest:generatedDigest];`

			`XCTAssertNil(decryptedData);`
			`}`

			`- (void)testDecryptAttachmentWithBadDigest`
			`{`
			`NSString *plainText = @"SGF3YWlpIGlzIEF3ZXNvbWUh";`
			`NSData *plainTextData = [NSData dataFromBase64String:plainText];`

			`// Sanity`
			`XCTAssertNotNil(plainTextData);`

			`NSData *generatedKey;`
			`NSData *generatedDigest;`

			`NSData *cipherText =`
			`[Cryptography encryptAttachmentData:plainTextData outKey:&generatedKey outDigest:&generatedDigest];`

			`NSData *badDigest = [Cryptography generateRandomBytes:32];`

			`NSData *decryptedData = [Cryptography decryptAttachment:cipherText withKey:generatedKey digest:badDigest];`

			`XCTAssertNil(decryptedData);`
Init Commit 10 years ago			`}`

Include digest in attachments - constant time compare - free buffer passed to NSData // FREEBIE 9 years ago			`- (void)testComputeSHA256Digest`
			`{`
			`NSString *plainText = @"SGF3YWlpIGlzIEF3ZXNvbWUh";`
			`NSData *plainTextData = [NSData dataFromBase64String:plainText];`
			`NSData *digest = [Cryptography computeSHA256Digest:plainTextData];`

			`const uint8_t expectedBytes[] = {`
			`0xba, 0x5f, 0xf1, 0x26,`
			`0x82, 0xbb, 0xb2, 0x51,`
			`0x8b, 0xe6, 0x06, 0x48,`
			`0xc5, 0x53, 0xd0, 0xa2,`
			`0xbf, 0x71, 0xf1, 0xec,`
			`0xb4, 0xdb, 0x02, 0x12,`
			`0x5f, 0x80, 0xea, 0x34,`
			`0xc9, 0x8d, 0xee, 0x1f`
			`};`

			`NSData *expectedDigest = [NSData dataWithBytes:expectedBytes length:32];`
			`XCTAssertEqualObjects(expectedDigest, digest);`

			`NSData *expectedTruncatedDigest = [NSData dataWithBytes:expectedBytes length:10];`
			`NSData *truncatedDigest = [Cryptography computeSHA256Digest:plainTextData truncatedToBytes:10];`
			`XCTAssertEqualObjects(expectedTruncatedDigest, truncatedDigest);`
			`}`

Avatar API integration / WIP crypto scheme Crypto Scheme: - Name (un)padding - WIP AES-GCM (funtioning, but need to verify against android implementation, and tag functionality) Changes to avatar API: - hard code avatar domain (cdn.signal.org) - avatar form hands out new avatar key, invalidating old avatar - preliminary aes-gcm integration Also: - New type to represent AES128 keys, rather than passing around opaque data blobs everywhere, we can use the compiler to help us make sure we're passing compliant keying material. - Started using factory pattern for API requests. This is intended to be a lighter weight way to implement new API requests, rather than the current 1-method class ceremony. // FREEBIE 8 years ago			`- (void)testGCMRoundTrip`
			`{`
			`NSData *plainTextData = [@"Super🔥secret🔥test🔥data🏁🏁" dataUsingEncoding:NSUTF8StringEncoding];`
			`// Sanity Check`
			`XCTAssertEqual(39, plainTextData.length);`
aes-gcm via openssl // FREEBIE 8 years ago
			`OWSAES256Key *key = [OWSAES256Key new];`
verification on decrypt // FREEBIE 8 years ago			`NSData *_Nullable encryptedData = [Cryptography encryptAESGCMWithData:plainTextData key:key];`

Avatar API integration / WIP crypto scheme Crypto Scheme: - Name (un)padding - WIP AES-GCM (funtioning, but need to verify against android implementation, and tag functionality) Changes to avatar API: - hard code avatar domain (cdn.signal.org) - avatar form hands out new avatar key, invalidating old avatar - preliminary aes-gcm integration Also: - New type to represent AES128 keys, rather than passing around opaque data blobs everywhere, we can use the compiler to help us make sure we're passing compliant keying material. - Started using factory pattern for API requests. This is intended to be a lighter weight way to implement new API requests, rather than the current 1-method class ceremony. // FREEBIE 8 years ago			`const NSUInteger ivLength = 12;`
			`const NSUInteger tagLength = 16;`

			`XCTAssertEqual(ivLength + plainTextData.length + tagLength, encryptedData.length);`
verification on decrypt // FREEBIE 8 years ago
			`NSData *_Nullable decryptedData = [Cryptography decryptAESGCMWithData:encryptedData key:key];`
			`XCTAssert(decryptedData != nil);`
Avatar API integration / WIP crypto scheme Crypto Scheme: - Name (un)padding - WIP AES-GCM (funtioning, but need to verify against android implementation, and tag functionality) Changes to avatar API: - hard code avatar domain (cdn.signal.org) - avatar form hands out new avatar key, invalidating old avatar - preliminary aes-gcm integration Also: - New type to represent AES128 keys, rather than passing around opaque data blobs everywhere, we can use the compiler to help us make sure we're passing compliant keying material. - Started using factory pattern for API requests. This is intended to be a lighter weight way to implement new API requests, rather than the current 1-method class ceremony. // FREEBIE 8 years ago			`XCTAssertEqual(39, decryptedData.length);`
			`XCTAssertEqualObjects(plainTextData, decryptedData);`
			`XCTAssertEqualObjects(@"Super🔥secret🔥test🔥data🏁🏁", [[NSString alloc] initWithData:decryptedData encoding:NSUTF8StringEncoding]);`
			`}`
Include digest in attachments - constant time compare - free buffer passed to NSData // FREEBIE 9 years ago
verification on decrypt // FREEBIE 8 years ago			`- (void)testGCMWithBadTag`
			`{`
			`NSData *plainTextData = [@"Super🔥secret🔥test🔥data🏁🏁" dataUsingEncoding:NSUTF8StringEncoding];`
			`// Sanity Check`
			`XCTAssertEqual(39, plainTextData.length);`

aes-gcm via openssl // FREEBIE 8 years ago			`OWSAES256Key *key = [OWSAES256Key new];`
verification on decrypt // FREEBIE 8 years ago			`NSData *_Nullable encryptedData = [Cryptography encryptAESGCMWithData:plainTextData key:key];`

			`const NSUInteger ivLength = 12;`
			`const NSUInteger tagLength = 16;`

			`XCTAssertEqual(ivLength + plainTextData.length + tagLength, encryptedData.length);`

			// Logic to slice up encryptedData copied from `[Cryptography decryptAESGCMWithData:key:]`

			`// encryptedData layout: initializationVector \|\| cipherText \|\| authTag`
			`NSUInteger cipherTextLength = encryptedData.length - ivLength - tagLength;`

			`NSData *initializationVector = [encryptedData subdataWithRange:NSMakeRange(0, ivLength)];`
			`NSData *cipherText = [encryptedData subdataWithRange:NSMakeRange(ivLength, cipherTextLength)];`
			`NSData *authTag = [encryptedData subdataWithRange:NSMakeRange(ivLength + cipherTextLength, tagLength)];`

			`NSData *_Nullable decryptedData = [Cryptography decryptAESGCMWithInitializationVector:initializationVector`
aes-gcm via openssl // FREEBIE 8 years ago			`ciphertext:cipherText`
verification on decrypt // FREEBIE 8 years ago			`authTag:authTag`
			`key:key];`

			`// Before we corrupt the tag, make sure we can decrypt the text as a sanity check to ensure we divided up the`
			`// encryptedData correctly.`
			`XCTAssert(decryptedData != nil);`
			`XCTAssertEqualObjects(`
			`@"Super🔥secret🔥test🔥data🏁🏁", [[NSString alloc] initWithData:decryptedData encoding:NSUTF8StringEncoding]);`

			`// Now that we know it decrypts, try again with a bogus authTag`
			`NSMutableData *bogusAuthTag = [authTag mutableCopy];`

			`// Corrupt one byte in the bogusAuthTag`
			`uint8_t flippedByte;`
			`[bogusAuthTag getBytes:&flippedByte length:1];`
			`flippedByte = flippedByte ^ 0xff;`
			`[bogusAuthTag replaceBytesInRange:NSMakeRange(0, 1) withBytes:&flippedByte];`

			`decryptedData = [Cryptography decryptAESGCMWithInitializationVector:initializationVector`
aes-gcm via openssl // FREEBIE 8 years ago			`ciphertext:cipherText`
verification on decrypt // FREEBIE 8 years ago			`authTag:bogusAuthTag`
			`key:key];`

			`XCTAssertNil(decryptedData, @"Should have failed to decrypt");`
			`}`

Init Commit 10 years ago			`@end`
Include digest in attachments - constant time compare - free buffer passed to NSData // FREEBIE 9 years ago
			`NS_ASSUME_NONNULL_END`