session-ios/SessionMessagingKit/Utilities/Sodium+Utilities.swift

import Clibsodium
import Sodium

extension Sign {

    /**
     Converts an Ed25519 public key to an X25519 public key.
     - Parameter ed25519PublicKey: The Ed25519 public key to convert.
     - Returns: The X25519 public key if conversion is successful.
     */
    public func toX25519(ed25519PublicKey: PublicKey) -> PublicKey? {
        var x25519PublicKey = PublicKey(repeating: 0, count: 32)

        // FIXME: It'd be nice to check the exit code here, but all the properties of the object
        // returned by the call below are internal.
        let _ = crypto_sign_ed25519_pk_to_curve25519 (
            &x25519PublicKey,
            ed25519PublicKey
        )

        return x25519PublicKey
    }

    /**
     Converts an Ed25519 secret key to an X25519 secret key.
     - Parameter ed25519SecretKey: The Ed25519 secret key to convert.
     - Returns: The X25519 secret key if conversion is successful.
     */
    public func toX25519(ed25519SecretKey: SecretKey) -> SecretKey? {
        var x25519SecretKey = SecretKey(repeating: 0, count: 32)

        // FIXME: It'd be nice to check the exit code here, but all the properties of the object
        // returned by the call below are internal.
        let _ = crypto_sign_ed25519_sk_to_curve25519 (
            &x25519SecretKey,
            ed25519SecretKey
        )

        return x25519SecretKey
    }
}

extension Sodium {
    public typealias SharedSecret = Data
    
    private static let publicKeyBytes: Int = Int(crypto_scalarmult_bytes())
    private static let sharedSecretBytes: Int = Int(crypto_scalarmult_bytes())
    
    public func sharedSecret(_ firstKeyBytes: [UInt8], _ secondKeyBytes: [UInt8]) -> SharedSecret? {
        guard firstKeyBytes.count == Sodium.publicKeyBytes && secondKeyBytes.count == Sodium.publicKeyBytes else {
            return nil
        }
        
        let sharedSecretPtr: UnsafeMutablePointer<UInt8> = UnsafeMutablePointer<UInt8>.allocate(capacity: Sodium.sharedSecretBytes)
        let result = secondKeyBytes.withUnsafeBytes { (secondKeyPtr: UnsafeRawBufferPointer) -> Int32 in
            return firstKeyBytes.withUnsafeBytes { (firstKeyPtr: UnsafeRawBufferPointer) -> Int32 in
                guard let firstKeyBaseAddress: UnsafePointer<UInt8> = firstKeyPtr.baseAddress?.assumingMemoryBound(to: UInt8.self) else {
                    return -1
                }
                guard let secondKeyBaseAddress: UnsafePointer<UInt8> = secondKeyPtr.baseAddress?.assumingMemoryBound(to: UInt8.self) else {
                    return -1
                }
                
                return crypto_scalarmult(sharedSecretPtr, firstKeyBaseAddress, secondKeyBaseAddress)
            }
        }
        
        guard result == 0 else { return nil }
        
        return Data(bytes: sharedSecretPtr, count: Sodium.sharedSecretBytes)
    }
}

extension GenericHash {
    public func hashSaltPersonal(
        message: Bytes,
        outputLength: Int,
        key: Bytes? = nil,
        salt: Bytes,
        personal: Bytes
    ) -> Bytes? {
        var output: [UInt8] = [UInt8](repeating: 0, count: outputLength)
        
        let result = crypto_generichash_blake2b_salt_personal(
            &output,
            outputLength,
            message,
            UInt64(message.count),
            key,
            (key?.count ?? 0),
            salt,
            personal
        )
        
        guard result == 0 else { return nil }
        
        return output
    }
}
Add X25519 conversion to Sodium 5 years ago			`import Clibsodium`
			`import Sodium`

			`extension Sign {`

			`/**`
			`Converts an Ed25519 public key to an X25519 public key.`
			`- Parameter ed25519PublicKey: The Ed25519 public key to convert.`
			`- Returns: The X25519 public key if conversion is successful.`
			`*/`
			`public func toX25519(ed25519PublicKey: PublicKey) -> PublicKey? {`
			`var x25519PublicKey = PublicKey(repeating: 0, count: 32)`

			`// FIXME: It'd be nice to check the exit code here, but all the properties of the object`
			`// returned by the call below are internal.`
			`let _ = crypto_sign_ed25519_pk_to_curve25519 (`
			`&x25519PublicKey,`
			`ed25519PublicKey`
			`)`

			`return x25519PublicKey`
			`}`

			`/**`
			`Converts an Ed25519 secret key to an X25519 secret key.`
			`- Parameter ed25519SecretKey: The Ed25519 secret key to convert.`
			`- Returns: The X25519 secret key if conversion is successful.`
			`*/`
			`public func toX25519(ed25519SecretKey: SecretKey) -> SecretKey? {`
			`var x25519SecretKey = SecretKey(repeating: 0, count: 32)`

			`// FIXME: It'd be nice to check the exit code here, but all the properties of the object`
			`// returned by the call below are internal.`
			`let _ = crypto_sign_ed25519_sk_to_curve25519 (`
			`&x25519SecretKey,`
			`ed25519SecretKey`
			`)`

			`return x25519SecretKey`
			`}`
			`}`
Added code to support generating a derived key for id blinding 4 years ago
			`extension Sodium {`
Started work on updated SOGS support Split the OpenGroupAPIV2 into separate files Started working on the new auth and blinded-id approaches (new auth working with un-blinded id suggesting blinded-id code is incorrect) Updated the SOGS request/response types to use Codable Updated the SOGS Request type to use enums instead of strings for keys (to reduce likelihood of typos breaking things) Updated SessionMessagingKit to use Codable and JSONEncoder/JSONDecoder instead of the legacy JSONSerialization Cleaned up some naming conventions in the SessionMessagingKit (calling a URLRequest body 'parameters' is very confusing...) Removed the custom TSRequest class (just using standard URLRequest everywhere instead) Added a number of extension functions to enable some more functional-coding styles Added extensions to Sodium methods to allow scalar multiplication and the ability to hash providing a salt and a personalisation value (both needed for new SOGS auth) Fixed an issue where the legacy auth for SOGS could crash due to threading issues (multiple threads accessing the same variable) Fixed an issue where if you were in two rooms in a single SOGS and deleted one of them, the other room would stop getting updates as the server public key was getting removed 4 years ago			`public typealias SharedSecret = Data`
Added code to support generating a derived key for id blinding 4 years ago
			`private static let publicKeyBytes: Int = Int(crypto_scalarmult_bytes())`
			`private static let sharedSecretBytes: Int = Int(crypto_scalarmult_bytes())`

Started work on updated SOGS support Split the OpenGroupAPIV2 into separate files Started working on the new auth and blinded-id approaches (new auth working with un-blinded id suggesting blinded-id code is incorrect) Updated the SOGS request/response types to use Codable Updated the SOGS Request type to use enums instead of strings for keys (to reduce likelihood of typos breaking things) Updated SessionMessagingKit to use Codable and JSONEncoder/JSONDecoder instead of the legacy JSONSerialization Cleaned up some naming conventions in the SessionMessagingKit (calling a URLRequest body 'parameters' is very confusing...) Removed the custom TSRequest class (just using standard URLRequest everywhere instead) Added a number of extension functions to enable some more functional-coding styles Added extensions to Sodium methods to allow scalar multiplication and the ability to hash providing a salt and a personalisation value (both needed for new SOGS auth) Fixed an issue where the legacy auth for SOGS could crash due to threading issues (multiple threads accessing the same variable) Fixed an issue where if you were in two rooms in a single SOGS and deleted one of them, the other room would stop getting updates as the server public key was getting removed 4 years ago			`public func sharedSecret(_ firstKeyBytes: [UInt8], _ secondKeyBytes: [UInt8]) -> SharedSecret? {`
			`guard firstKeyBytes.count == Sodium.publicKeyBytes && secondKeyBytes.count == Sodium.publicKeyBytes else {`
			`return nil`
			`}`
Added code to support generating a derived key for id blinding 4 years ago
			`let sharedSecretPtr: UnsafeMutablePointer<UInt8> = UnsafeMutablePointer<UInt8>.allocate(capacity: Sodium.sharedSecretBytes)`
Started work on updated SOGS support Split the OpenGroupAPIV2 into separate files Started working on the new auth and blinded-id approaches (new auth working with un-blinded id suggesting blinded-id code is incorrect) Updated the SOGS request/response types to use Codable Updated the SOGS Request type to use enums instead of strings for keys (to reduce likelihood of typos breaking things) Updated SessionMessagingKit to use Codable and JSONEncoder/JSONDecoder instead of the legacy JSONSerialization Cleaned up some naming conventions in the SessionMessagingKit (calling a URLRequest body 'parameters' is very confusing...) Removed the custom TSRequest class (just using standard URLRequest everywhere instead) Added a number of extension functions to enable some more functional-coding styles Added extensions to Sodium methods to allow scalar multiplication and the ability to hash providing a salt and a personalisation value (both needed for new SOGS auth) Fixed an issue where the legacy auth for SOGS could crash due to threading issues (multiple threads accessing the same variable) Fixed an issue where if you were in two rooms in a single SOGS and deleted one of them, the other room would stop getting updates as the server public key was getting removed 4 years ago			`let result = secondKeyBytes.withUnsafeBytes { (secondKeyPtr: UnsafeRawBufferPointer) -> Int32 in`
			`return firstKeyBytes.withUnsafeBytes { (firstKeyPtr: UnsafeRawBufferPointer) -> Int32 in`
			`guard let firstKeyBaseAddress: UnsafePointer<UInt8> = firstKeyPtr.baseAddress?.assumingMemoryBound(to: UInt8.self) else {`
			`return -1`
			`}`
			`guard let secondKeyBaseAddress: UnsafePointer<UInt8> = secondKeyPtr.baseAddress?.assumingMemoryBound(to: UInt8.self) else {`
Added code to support generating a derived key for id blinding 4 years ago			`return -1`
			`}`

Started work on updated SOGS support Split the OpenGroupAPIV2 into separate files Started working on the new auth and blinded-id approaches (new auth working with un-blinded id suggesting blinded-id code is incorrect) Updated the SOGS request/response types to use Codable Updated the SOGS Request type to use enums instead of strings for keys (to reduce likelihood of typos breaking things) Updated SessionMessagingKit to use Codable and JSONEncoder/JSONDecoder instead of the legacy JSONSerialization Cleaned up some naming conventions in the SessionMessagingKit (calling a URLRequest body 'parameters' is very confusing...) Removed the custom TSRequest class (just using standard URLRequest everywhere instead) Added a number of extension functions to enable some more functional-coding styles Added extensions to Sodium methods to allow scalar multiplication and the ability to hash providing a salt and a personalisation value (both needed for new SOGS auth) Fixed an issue where the legacy auth for SOGS could crash due to threading issues (multiple threads accessing the same variable) Fixed an issue where if you were in two rooms in a single SOGS and deleted one of them, the other room would stop getting updates as the server public key was getting removed 4 years ago			`return crypto_scalarmult(sharedSecretPtr, firstKeyBaseAddress, secondKeyBaseAddress)`
Added code to support generating a derived key for id blinding 4 years ago			`}`
			`}`

			`guard result == 0 else { return nil }`

			`return Data(bytes: sharedSecretPtr, count: Sodium.sharedSecretBytes)`
			`}`
			`}`
Started work on updated SOGS support Split the OpenGroupAPIV2 into separate files Started working on the new auth and blinded-id approaches (new auth working with un-blinded id suggesting blinded-id code is incorrect) Updated the SOGS request/response types to use Codable Updated the SOGS Request type to use enums instead of strings for keys (to reduce likelihood of typos breaking things) Updated SessionMessagingKit to use Codable and JSONEncoder/JSONDecoder instead of the legacy JSONSerialization Cleaned up some naming conventions in the SessionMessagingKit (calling a URLRequest body 'parameters' is very confusing...) Removed the custom TSRequest class (just using standard URLRequest everywhere instead) Added a number of extension functions to enable some more functional-coding styles Added extensions to Sodium methods to allow scalar multiplication and the ability to hash providing a salt and a personalisation value (both needed for new SOGS auth) Fixed an issue where the legacy auth for SOGS could crash due to threading issues (multiple threads accessing the same variable) Fixed an issue where if you were in two rooms in a single SOGS and deleted one of them, the other room would stop getting updates as the server public key was getting removed 4 years ago
			`extension GenericHash {`
			`public func hashSaltPersonal(`
			`message: Bytes,`
			`outputLength: Int,`
			`key: Bytes? = nil,`
			`salt: Bytes,`
			`personal: Bytes`
			`) -> Bytes? {`
			`var output: [UInt8] = [UInt8](repeating: 0, count: outputLength)`

			`let result = crypto_generichash_blake2b_salt_personal(`
			`&output,`
			`outputLength,`
			`message,`
			`UInt64(message.count),`
			`key,`
			`(key?.count ?? 0),`
			`salt,`
			`personal`
			`)`

			`guard result == 0 else { return nil }`

			`return output`
			`}`
			`}`