session-ios/SignalServiceKit/src/Util/Cryptography.h

//
//  Copyright (c) 2018 Open Whisper Systems. All rights reserved.
//

NS_ASSUME_NONNULL_BEGIN

extern const NSUInteger kAES256_KeyByteLength;

/// Key appropriate for use in AES256-GCM
@interface OWSAES256Key : NSObject <NSSecureCoding>

/// Generates new secure random key
- (instancetype)init;
+ (instancetype)generateRandomKey;

/**
 * @param data  representing the raw key bytes
 *
 * @returns a new instance if key is of appropriate length for AES256-GCM
 *          else returns nil.
 */
+ (nullable instancetype)keyWithData:(NSData *)data;

/// The raw key material
@property (nonatomic, readonly) NSData *keyData;

@end

#pragma mark -

@interface AES25GCMEncryptionResult : NSObject

@property (nonatomic, readonly) NSData *ciphertext;
@property (nonatomic, readonly) NSData *initializationVector;
@property (nonatomic, readonly) NSData *authTag;

- (instancetype)init NS_UNAVAILABLE;
- (nullable instancetype)initWithCipherText:(NSData *)cipherText
                       initializationVector:(NSData *)initializationVector
                                    authTag:(NSData *)authTag NS_DESIGNATED_INITIALIZER;

@end

#pragma mark -

@interface Cryptography : NSObject

typedef NS_ENUM(NSInteger, TSMACType) {
    TSHMACSHA256Truncated10Bytes = 2,
    TSHMACSHA256AttachementType  = 3
};

+ (NSData *)generateRandomBytes:(NSUInteger)numberBytes;

+ (uint32_t)randomUInt32;
+ (uint64_t)randomUInt64;
+ (unsigned)randomUnsigned;

#pragma mark - SHA and HMAC methods

// Full length SHA256 digest for `data`
+ (nullable NSData *)computeSHA256Digest:(NSData *)data;

// Truncated SHA256 digest for `data`
+ (nullable NSData *)computeSHA256Digest:(NSData *)data truncatedToBytes:(NSUInteger)truncatedBytes;

+ (nullable NSString *)truncatedSHA1Base64EncodedWithoutPadding:(NSString *)string;

+ (nullable NSData *)decryptAppleMessagePayload:(NSData *)payload withSignalingKey:(NSString *)signalingKeyString;

+ (nullable NSData *)computeSHA256HMAC:(NSData *)data withHMACKey:(NSData *)HMACKey;

#pragma mark encrypt and decrypt attachment data

// Though digest can and will be nil for legacy clients, we now reject attachments lacking a digest.
+ (nullable NSData *)decryptAttachment:(NSData *)dataToDecrypt
                               withKey:(NSData *)key
                                digest:(nullable NSData *)digest
                          unpaddedSize:(UInt32)unpaddedSize
                                 error:(NSError **)error;

+ (nullable NSData *)encryptAttachmentData:(NSData *)attachmentData
                                    outKey:(NSData *_Nonnull *_Nullable)outKey
                                 outDigest:(NSData *_Nonnull *_Nullable)outDigest;

+ (nullable AES25GCMEncryptionResult *)encryptAESGCMWithData:(NSData *)plaintext
                                 additionalAuthenticatedData:(nullable NSData *)additionalAuthenticatedData
                                                         key:(OWSAES256Key *)key
  NS_SWIFT_NAME(encryptAESGCM(plainTextData:additionalAuthenticatedData:key:));

+ (nullable NSData *)decryptAESGCMWithInitializationVector:(NSData *)initializationVector
                                                ciphertext:(NSData *)ciphertext
                               additionalAuthenticatedData:(nullable NSData *)additionalAuthenticatedData
                                                   authTag:(NSData *)authTagFromEncrypt
                                                       key:(OWSAES256Key *)key;

+ (nullable NSData *)encryptAESGCMWithProfileData:(NSData *)plaintextData key:(OWSAES256Key *)key;
+ (nullable NSData *)decryptAESGCMWithProfileData:(NSData *)encryptedData key:(OWSAES256Key *)key;

+ (void)seedRandom;

@end

NS_ASSUME_NONNULL_END
Include digest in attachments - constant time compare - free buffer passed to NSData // FREEBIE 2017-03-10 18:10:52 +01:00			`//`
Respond to CR. 2018-05-21 23:02:59 +02:00			`// Copyright (c) 2018 Open Whisper Systems. All rights reserved.`
Include digest in attachments - constant time compare - free buffer passed to NSData // FREEBIE 2017-03-10 18:10:52 +01:00			`//`

			`NS_ASSUME_NONNULL_BEGIN`
Init Commit 2015-12-07 03:31:43 +01:00
aes-gcm via openssl // FREEBIE 2017-08-21 17:21:23 +02:00			`extern const NSUInteger kAES256_KeyByteLength;`
Avatar API integration / WIP crypto scheme Crypto Scheme: - Name (un)padding - WIP AES-GCM (funtioning, but need to verify against android implementation, and tag functionality) Changes to avatar API: - hard code avatar domain (cdn.signal.org) - avatar form hands out new avatar key, invalidating old avatar - preliminary aes-gcm integration Also: - New type to represent AES128 keys, rather than passing around opaque data blobs everywhere, we can use the compiler to help us make sure we're passing compliant keying material. - Started using factory pattern for API requests. This is intended to be a lighter weight way to implement new API requests, rather than the current 1-method class ceremony. // FREEBIE 2017-08-14 17:31:43 +02:00
Integrate with new contact discovery endpoint Also: * use system cookie parsing * add AESGCM additional authenticated data parameter // FREEBIE 2018-07-20 16:45:46 +02:00			`/// Key appropriate for use in AES256-GCM`
aes-gcm via openssl // FREEBIE 2017-08-21 17:21:23 +02:00			`@interface OWSAES256Key : NSObject <NSSecureCoding>`
Avatar API integration / WIP crypto scheme Crypto Scheme: - Name (un)padding - WIP AES-GCM (funtioning, but need to verify against android implementation, and tag functionality) Changes to avatar API: - hard code avatar domain (cdn.signal.org) - avatar form hands out new avatar key, invalidating old avatar - preliminary aes-gcm integration Also: - New type to represent AES128 keys, rather than passing around opaque data blobs everywhere, we can use the compiler to help us make sure we're passing compliant keying material. - Started using factory pattern for API requests. This is intended to be a lighter weight way to implement new API requests, rather than the current 1-method class ceremony. // FREEBIE 2017-08-14 17:31:43 +02:00
			`/// Generates new secure random key`
			`- (instancetype)init;`
			`+ (instancetype)generateRandomKey;`

			`/**`
			`* @param data representing the raw key bytes`
			`*`
Integrate with new contact discovery endpoint Also: * use system cookie parsing * add AESGCM additional authenticated data parameter // FREEBIE 2018-07-20 16:45:46 +02:00			`* @returns a new instance if key is of appropriate length for AES256-GCM`
Avatar API integration / WIP crypto scheme Crypto Scheme: - Name (un)padding - WIP AES-GCM (funtioning, but need to verify against android implementation, and tag functionality) Changes to avatar API: - hard code avatar domain (cdn.signal.org) - avatar form hands out new avatar key, invalidating old avatar - preliminary aes-gcm integration Also: - New type to represent AES128 keys, rather than passing around opaque data blobs everywhere, we can use the compiler to help us make sure we're passing compliant keying material. - Started using factory pattern for API requests. This is intended to be a lighter weight way to implement new API requests, rather than the current 1-method class ceremony. // FREEBIE 2017-08-14 17:31:43 +02:00			`* else returns nil.`
			`*/`
			`+ (nullable instancetype)keyWithData:(NSData *)data;`

			`/// The raw key material`
			`@property (nonatomic, readonly) NSData *keyData;`

			`@end`

Clean up data. 2018-07-25 20:02:25 +02:00			`#pragma mark -`

Integrate with new contact discovery endpoint Also: * use system cookie parsing * add AESGCM additional authenticated data parameter // FREEBIE 2018-07-20 16:45:46 +02:00			`@interface AES25GCMEncryptionResult : NSObject`

			`@property (nonatomic, readonly) NSData *ciphertext;`
			`@property (nonatomic, readonly) NSData *initializationVector;`
			`@property (nonatomic, readonly) NSData *authTag;`

Respond to code review. 2018-07-23 18:35:35 +02:00			`- (instancetype)init NS_UNAVAILABLE;`
Integrate with new contact discovery endpoint Also: * use system cookie parsing * add AESGCM additional authenticated data parameter // FREEBIE 2018-07-20 16:45:46 +02:00			`- (nullable instancetype)initWithCipherText:(NSData *)cipherText`
			`initializationVector:(NSData *)initializationVector`
			`authTag:(NSData *)authTag NS_DESIGNATED_INITIALIZER;`

			`@end`

Clean up data. 2018-07-25 20:02:25 +02:00			`#pragma mark -`

Init Commit 2015-12-07 03:31:43 +01:00			`@interface Cryptography : NSObject`

			`typedef NS_ENUM(NSInteger, TSMACType) {`
			`TSHMACSHA256Truncated10Bytes = 2,`
			`TSHMACSHA256AttachementType = 3`
			`};`

Clean up ahead of PR. 2017-12-19 03:17:11 +01:00			`+ (NSData *)generateRandomBytes:(NSUInteger)numberBytes;`
Init Commit 2015-12-07 03:31:43 +01:00
Respond to CR. 2018-05-21 23:02:59 +02:00			`+ (uint32_t)randomUInt32;`
			`+ (uint64_t)randomUInt64;`
Move seed 2018-08-03 01:21:01 +02:00			`+ (unsigned)randomUnsigned;`
Respond to CR. 2018-05-21 23:02:59 +02:00
Clean up data. 2018-07-25 20:02:25 +02:00			`#pragma mark - SHA and HMAC methods`
Init Commit 2015-12-07 03:31:43 +01:00
Include digest in attachments - constant time compare - free buffer passed to NSData // FREEBIE 2017-03-10 18:10:52 +01:00			// Full length SHA256 digest for `data`
Clean up data. 2018-07-25 20:02:25 +02:00			`+ (nullable NSData )computeSHA256Digest:(NSData )data;`
Include digest in attachments - constant time compare - free buffer passed to NSData // FREEBIE 2017-03-10 18:10:52 +01:00
			// Truncated SHA256 digest for `data`
Clean up data. 2018-07-25 20:02:25 +02:00			`+ (nullable NSData )computeSHA256Digest:(NSData )data truncatedToBytes:(NSUInteger)truncatedBytes;`
Init Commit 2015-12-07 03:31:43 +01:00
Clean up data. 2018-07-25 20:02:25 +02:00			`+ (nullable NSString )truncatedSHA1Base64EncodedWithoutPadding:(NSString )string;`
Init Commit 2015-12-07 03:31:43 +01:00
Clean up data. 2018-07-25 20:02:25 +02:00			`+ (nullable NSData )decryptAppleMessagePayload:(NSData )payload withSignalingKey:(NSString *)signalingKeyString;`
Init Commit 2015-12-07 03:31:43 +01:00
Clean up formatting. 2018-07-26 21:22:20 +02:00			`+ (nullable NSData )computeSHA256HMAC:(NSData )data withHMACKey:(NSData *)HMACKey;`

Init Commit 2015-12-07 03:31:43 +01:00			`#pragma mark encrypt and decrypt attachment data`
Attachments require digest or show explanatory error. // FREEBIE 2017-10-27 02:25:07 +02:00
			`// Though digest can and will be nil for legacy clients, we now reject attachments lacking a digest.`
Clean up data. 2018-07-25 20:02:25 +02:00			`+ (nullable NSData )decryptAttachment:(NSData )dataToDecrypt`
			`withKey:(NSData *)key`
			`digest:(nullable NSData *)digest`
			`unpaddedSize:(UInt32)unpaddedSize`
			`error:(NSError **)error;`

			`+ (nullable NSData )encryptAttachmentData:(NSData )attachmentData`
			`outKey:(NSData _Nonnull _Nullable)outKey`
			`outDigest:(NSData _Nonnull _Nullable)outDigest;`
Explain send failures for text and media messages Motivation ---------- We were often swallowing errors or yielding generic errors when it would be better to provide specific errors. We also didn't create an attachment when attachments failed to send, making it impossible to show the user what was happening with an in-progress or failed attachment. Primary Changes --------------- - Funnel all message sending through MessageSender, and remove message sending from MessagesManager. - Record most recent sending error so we can expose it in the UI - Can resend attachments. - Update message status for attachments, just like text messages - Extracted UploadingService from MessagesManager - Saving attachment stream before uploading gives uniform API for send vs. resend - update status for downloading transcript attachments - TSAttachments have a local id, separate from the server allocated id This allows us to save the attachment before the allocation request. Which is is good because: 1. can show feedback to user faster. 2. allows us to show an error when allocation fails. Code Cleanup ------------ - Replaced a lot of global singleton access with injected dependencies to make for easier testing. - Never save group meta messages. Rather than checking before (hopefully) every save, do it in the save method. - Don't use callbacks for sync code. - Handle errors on writing attachment data - Fix old long broken tests that weren't even running. =( - Removed dead code - Use constants vs define - Port flaky travis fixes from Signal-iOS // FREEBIE 2016-10-14 23:00:29 +02:00
Integrate with new contact discovery endpoint Also: * use system cookie parsing * add AESGCM additional authenticated data parameter // FREEBIE 2018-07-20 16:45:46 +02:00			`+ (nullable AES25GCMEncryptionResult )encryptAESGCMWithData:(NSData )plaintext`
			`additionalAuthenticatedData:(nullable NSData *)additionalAuthenticatedData`
			`key:(OWSAES256Key *)key`
			`NS_SWIFT_NAME(encryptAESGCM(plainTextData:additionalAuthenticatedData:key:));`
Avatar API integration / WIP crypto scheme Crypto Scheme: - Name (un)padding - WIP AES-GCM (funtioning, but need to verify against android implementation, and tag functionality) Changes to avatar API: - hard code avatar domain (cdn.signal.org) - avatar form hands out new avatar key, invalidating old avatar - preliminary aes-gcm integration Also: - New type to represent AES128 keys, rather than passing around opaque data blobs everywhere, we can use the compiler to help us make sure we're passing compliant keying material. - Started using factory pattern for API requests. This is intended to be a lighter weight way to implement new API requests, rather than the current 1-method class ceremony. // FREEBIE 2017-08-14 17:31:43 +02:00
Remote attestation. 2018-07-18 19:42:33 +02:00			`+ (nullable NSData )decryptAESGCMWithInitializationVector:(NSData )initializationVector`
			`ciphertext:(NSData *)ciphertext`
Integrate with new contact discovery endpoint Also: * use system cookie parsing * add AESGCM additional authenticated data parameter // FREEBIE 2018-07-20 16:45:46 +02:00			`additionalAuthenticatedData:(nullable NSData *)additionalAuthenticatedData`
Remote attestation. 2018-07-18 19:42:33 +02:00			`authTag:(NSData *)authTagFromEncrypt`
			`key:(OWSAES256Key *)key;`

Integrate with new contact discovery endpoint Also: * use system cookie parsing * add AESGCM additional authenticated data parameter // FREEBIE 2018-07-20 16:45:46 +02:00			`+ (nullable NSData )encryptAESGCMWithProfileData:(NSData )plaintextData key:(OWSAES256Key *)key;`
			`+ (nullable NSData )decryptAESGCMWithProfileData:(NSData )encryptedData key:(OWSAES256Key *)key;`

Move seed 2018-08-03 01:21:01 +02:00			`+ (void)seedRandom;`

Init Commit 2015-12-07 03:31:43 +01:00			`@end`
Include digest in attachments - constant time compare - free buffer passed to NSData // FREEBIE 2017-03-10 18:10:52 +01:00
			`NS_ASSUME_NONNULL_END`