keejef
/
session-ios
mirror of https://github.com/oxen-io/session-ios
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
dev
voice-calls-2
voice-calls
authentication
2.5.0
2.4.5
2.4.4
2.4.3
2.4.2
2.4.1
2.4.0
2.3.2
2.3.1
2.3.0
2.2.14
2.2.13
2.2.12
2.2.11
2.2.10
2.2.9
2.2.6
2.2.4
2.2.2
2.2.1
2.2.0
2.1.1
2.0.3
2.0.2
2.0.1
2.0.0
1.0.0-alpha.1
audit-2
audit
2.8.0
2.7.4
2.7.3
2.7.2
2.7.1
2.7.0
2.6.3
2.6.2
2.6.1
2.6.0
2.2.8
2.2.7
2.2.5
2.2.3
2.1.0
1.9.7
1.9.6
1.9.5
1.9.4
1.9.3
1.9.1
1.9.0
1.8.3
1.8.2
1.8.1
1.8.0
1.7.8
1.7.7
1.7.6
1.7.5
1.7.4
1.7.3
1.7.2
1.7.0
1.6.5
1.6.4
1.6.3
1.6.2
1.6.1
1.6.0
1.5.3
1.5.2
1.5.1-beta
1.5.0-beta
1.5.0
1.4.7
1.4.6
1.4.5
1.4.4
1.4.3
1.4.2
1.4.0-beta
1.4.0
1.3.0-alpha.1
1.3.0
1.2.6
1.2.5
1.2.4
1.2.3
1.2.1
1.2.0-alpha.2
1.2.0-alpha.1
1.2.0
1.13.0
1.12.9
1.12.8
1.12.7
1.12.6
1.12.5
1.12.4
1.12.2
1.12.1
1.11.9
1.11.8
1.11.7
1.11.6
1.11.5
1.11.4
1.11.3
1.11.24
1.11.23
1.11.22
1.11.21
1.11.20
1.11.2
1.11.19
1.11.18
1.11.17
1.11.16
1.11.15
1.11.14
1.11.13
1.11.12
1.11.11
1.11.10
1.11.1
1.11.0
1.10.2
1.10.1
1.10.0
1.1.0-alpha.4
1.1.0-alpha.3
1.1.0-alpha.2
1.1.0-alpha.1
1.1.0
1.0.8
1.0.7
1.0.6
1.0.5
1.0.4
1.0.3
1.0.2
1.0.1
1.0.0-alpha.3
1.0.0-alpha.2
1.0.0
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '49839900bc'
${ noResults }
session-ios/SignalServiceKit/src/Loki/API/Onion Requests/OnionRequestAPI+Encryption....

79 lines
4.3 KiB
Swift
Raw Normal View History Unescape Escape

Implement onion request encryption
5 years ago
import CryptoSwift
import PromiseKit
extension OnionRequestAPI {
internal typealias EncryptionResult = (ciphertext: Data, symmetricKey: Data, ephemeralPublicKey: Data)
/// Returns `size` bytes of random data generated using the default random number generator. See
/// [SecRandomCopyBytes](https://developer.apple.com/documentation/security/1399291-secrandomcopybytes) for more information.
private static func getRandomData(ofSize size: UInt) throws -> Data {
var data = Data(count: Int(size))
let result = data.withUnsafeMutableBytes { SecRandomCopyBytes(kSecRandomDefault, Int(size), $0.baseAddress!) }
guard result == errSecSuccess else { throw Error.randomDataGenerationFailed }
return data
}
/// - Note: Sync. Don't call from the main thread.
private static func encrypt(_ plaintext: Data, usingAESGCMWithSymmetricKey symmetricKey: Data) throws -> Data {
guard !Thread.isMainThread else { preconditionFailure("It's illegal to call encryptUsingAESGCM(symmetricKey:plainText:) from the main thread.") }
let ivSize: UInt = 12
let iv = try getRandomData(ofSize: ivSize)
let gcmTagLength: UInt = 128
let gcm = GCM(iv: iv.bytes, tagLength: Int(gcmTagLength), mode: .combined)
let aes = try AES(key: symmetricKey.bytes, blockMode: gcm, padding: .noPadding)
let ciphertext = try aes.encrypt(plaintext.bytes)
return Data(bytes: ciphertext)
}
/// - Note: Sync. Don't call from the main thread.
private static func encrypt(_ plaintext: Data, forSnode snode: LokiAPITarget) throws -> EncryptionResult {
guard !Thread.isMainThread else { preconditionFailure("It's illegal to call encrypt(_:forSnode:) from the main thread.") }
guard let hexEncodedSnodeX25519PublicKey = snode.publicKeySet?.x25519Key else { throw Error.snodePublicKeySetMissing }
let snodeX25519PublicKey = Data(hex: hexEncodedSnodeX25519PublicKey)
let ephemeralKeyPair = Curve25519.generateKeyPair()
let ephemeralSharedSecret = try Curve25519.generateSharedSecret(fromPublicKey: snodeX25519PublicKey, privateKey: ephemeralKeyPair.privateKey)
let password = "LOKI"
let key = try HKDF(password: password.bytes, variant: .sha256).calculate()
let symmetricKey = try HMAC(key: key, variant: .sha256).authenticate(ephemeralSharedSecret.bytes)
let ciphertext = try encrypt(plaintext, usingAESGCMWithSymmetricKey: Data(bytes: symmetricKey))
return (ciphertext, Data(bytes: symmetricKey), ephemeralKeyPair.publicKey)
}
/// Encrypts `payload` for `snode` and returns the result. Use this to build the core of an onion request.
internal static func encrypt(_ payload: Data, forTargetSnode snode: LokiAPITarget) -> Promise<EncryptionResult> {
let (promise, seal) = Promise<EncryptionResult>.pending()
workQueue.async {
let parameters: JSON = [ "body" : payload ]
do {
let plaintext = try JSONSerialization.data(withJSONObject: parameters, options: [])
let result = try encrypt(plaintext, forSnode: snode)
seal.fulfill(result)
} catch (let error) {
seal.reject(error)
}
}
return promise
}
/// Encrypts the previous encryption result (i.e. that of the hop after this one) for the given hop. Use this to build the layers of an onion request.
internal static func encryptHop(from snode1: LokiAPITarget, to snode2: LokiAPITarget, using previousEncryptionResult: EncryptionResult) -> Promise<EncryptionResult> {
let (promise, seal) = Promise<EncryptionResult>.pending()
workQueue.async {
let parameters: JSON = [
"ciphertext" : previousEncryptionResult.ciphertext.base64EncodedString(),
"ephemeral_key" : previousEncryptionResult.ephemeralPublicKey.toHexString(),
"destination" : snode2.publicKeySet!.ed25519Key
]
do {
let plaintext = try JSONSerialization.data(withJSONObject: parameters, options: [])
let result = try encrypt(plaintext, forSnode: snode1)
seal.fulfill(result)
} catch (let error) {
seal.reject(error)
}
}
return promise
}
}