session-ios/SignalServiceKit/src/Loki/API/Onion Requests/OnionRequestAPI+Encryption.swift

import CryptoSwift
import PromiseKit

extension OnionRequestAPI {

    internal static func encode(ciphertext: Data, json: JSON) throws -> Data {
        // The encoding of V2 onion requests looks like: | 4 bytes: size N of ciphertext | N bytes: ciphertext | json as utf8 |
        guard JSONSerialization.isValidJSONObject(json) else { throw HTTP.Error.invalidJSON }
        let jsonAsData = try JSONSerialization.data(withJSONObject: json, options: [ .fragmentsAllowed ])
        let ciphertextSize = Int32(ciphertext.count).littleEndian
        let ciphertextSizeAsData = withUnsafePointer(to: ciphertextSize) { Data(bytes: $0, count: MemoryLayout<Int32>.size) }
        return ciphertextSizeAsData + ciphertext + jsonAsData
    }

    /// Encrypts `payload` for `destination` and returns the result. Use this to build the core of an onion request.
    internal static func encrypt(_ payload: JSON, for destination: Destination) -> Promise<EncryptionResult> {
        let (promise, seal) = Promise<EncryptionResult>.pending()
        DispatchQueue.global(qos: .userInitiated).async {
            do {
                guard JSONSerialization.isValidJSONObject(payload) else { return seal.reject(HTTP.Error.invalidJSON) }
                // Wrapping isn't needed for file server or open group onion requests
                switch destination {
                case .snode(let snode):
                    guard let snodeX25519PublicKey = snode.publicKeySet?.x25519Key else { return seal.reject(Error.snodePublicKeySetMissing) }
                    let payloadAsData = try JSONSerialization.data(withJSONObject: payload, options: [ .fragmentsAllowed ])
                    let plaintext = try encode(ciphertext: payloadAsData, json: [ "headers" : "" ])
                    let result = try EncryptionUtilities.encrypt(plaintext, using: snodeX25519PublicKey)
                    seal.fulfill(result)
                case .server(_, let serverX25519PublicKey):
                    let plaintext = try JSONSerialization.data(withJSONObject: payload, options: [ .fragmentsAllowed ])
                    let result = try EncryptionUtilities.encrypt(plaintext, using: serverX25519PublicKey)
                    seal.fulfill(result)
                }
            } catch (let error) {
                seal.reject(error)
            }
        }
        return promise
    }

    /// Encrypts the previous encryption result (i.e. that of the hop after this one) for this hop. Use this to build the layers of an onion request.
    internal static func encryptHop(from lhs: Destination, to rhs: Destination, using previousEncryptionResult: EncryptionResult) -> Promise<EncryptionResult> {
        let (promise, seal) = Promise<EncryptionResult>.pending()
        DispatchQueue.global(qos: .userInitiated).async {
            var parameters: JSON
            switch rhs {
            case .snode(let snode):
                guard let snodeED25519PublicKey = snode.publicKeySet?.ed25519Key else { return seal.reject(Error.snodePublicKeySetMissing) }
                parameters = [ "destination" : snodeED25519PublicKey ]
            case .server(let host, _):
                parameters = [ "host" : host, "target" : "/loki/v2/lsrpc", "method" : "POST" ]
            }
            parameters["ephemeral_key"] = previousEncryptionResult.ephemeralPublicKey.toHexString()
            let x25519PublicKey: String
            switch lhs {
            case .snode(let snode):
                guard let snodeX25519PublicKey = snode.publicKeySet?.x25519Key else { return seal.reject(Error.snodePublicKeySetMissing) }
                x25519PublicKey = snodeX25519PublicKey
            case .server(_, let serverX25519PublicKey):
                x25519PublicKey = serverX25519PublicKey
            }
            do {
                let plaintext = try encode(ciphertext: previousEncryptionResult.ciphertext, json: parameters)
                let result = try EncryptionUtilities.encrypt(plaintext, using: x25519PublicKey)
                seal.fulfill(result)
            } catch (let error) {
                seal.reject(error)
            }
        }
        return promise
    }
}
Implement onion request encryption 2020-03-31 05:52:56 +02:00			`import CryptoSwift`
			`import PromiseKit`

			`extension OnionRequestAPI {`

Implement new onion request encoding 2020-10-06 07:52:31 +02:00			`internal static func encode(ciphertext: Data, json: JSON) throws -> Data {`
			`// The encoding of V2 onion requests looks like: \| 4 bytes: size N of ciphertext \| N bytes: ciphertext \| json as utf8 \|`
			`guard JSONSerialization.isValidJSONObject(json) else { throw HTTP.Error.invalidJSON }`
			`let jsonAsData = try JSONSerialization.data(withJSONObject: json, options: [ .fragmentsAllowed ])`
Guarantee little endianness 2020-10-08 05:50:57 +02:00			`let ciphertextSize = Int32(ciphertext.count).littleEndian`
Debug 2020-10-07 06:39:34 +02:00			`let ciphertextSizeAsData = withUnsafePointer(to: ciphertextSize) { Data(bytes: $0, count: MemoryLayout<Int32>.size) }`
Implement new onion request encoding 2020-10-06 07:52:31 +02:00			`return ciphertextSizeAsData + ciphertext + jsonAsData`
			`}`

Implement feedback 2020-07-23 04:03:39 +02:00			/// Encrypts `payload` for `destination` and returns the result. Use this to build the core of an onion request.
			`internal static func encrypt(_ payload: JSON, for destination: Destination) -> Promise<EncryptionResult> {`
Implement onion request encryption 2020-03-31 05:52:56 +02:00			`let (promise, seal) = Promise<EncryptionResult>.pending()`
Slightly improve performance 2020-05-07 03:57:40 +02:00			`DispatchQueue.global(qos: .userInitiated).async {`
Implement onion request encryption 2020-03-31 05:52:56 +02:00			`do {`
Move HTTP utilities into their own file 2020-04-02 05:54:52 +02:00			`guard JSONSerialization.isValidJSONObject(payload) else { return seal.reject(HTTP.Error.invalidJSON) }`
Implement feedback 2020-07-23 04:03:39 +02:00			`// Wrapping isn't needed for file server or open group onion requests`
			`switch destination {`
			`case .snode(let snode):`
			`guard let snodeX25519PublicKey = snode.publicKeySet?.x25519Key else { return seal.reject(Error.snodePublicKeySetMissing) }`
use onion routing for file server requests 2020-07-21 06:51:15 +02:00			`let payloadAsData = try JSONSerialization.data(withJSONObject: payload, options: [ .fragmentsAllowed ])`
Debug 2020-10-07 06:39:34 +02:00			`let plaintext = try encode(ciphertext: payloadAsData, json: [ "headers" : "" ])`
Implement SSK protocol changes 2020-09-14 07:16:51 +02:00			`let result = try EncryptionUtilities.encrypt(plaintext, using: snodeX25519PublicKey)`
use onion routing for file server requests 2020-07-21 06:51:15 +02:00			`seal.fulfill(result)`
Implement feedback 2020-07-23 04:03:39 +02:00			`case .server(_, let serverX25519PublicKey):`
use onion routing for file server requests 2020-07-21 06:51:15 +02:00			`let plaintext = try JSONSerialization.data(withJSONObject: payload, options: [ .fragmentsAllowed ])`
Implement SSK protocol changes 2020-09-14 07:16:51 +02:00			`let result = try EncryptionUtilities.encrypt(plaintext, using: serverX25519PublicKey)`
use onion routing for file server requests 2020-07-21 06:51:15 +02:00			`seal.fulfill(result)`
			`}`
Implement onion request encryption 2020-03-31 05:52:56 +02:00			`} catch (let error) {`
			`seal.reject(error)`
			`}`
			`}`
			`return promise`
			`}`

Add more documentation 2020-04-02 00:53:03 +02:00			`/// Encrypts the previous encryption result (i.e. that of the hop after this one) for this hop. Use this to build the layers of an onion request.`
Implement feedback 2020-07-23 04:03:39 +02:00			`internal static func encryptHop(from lhs: Destination, to rhs: Destination, using previousEncryptionResult: EncryptionResult) -> Promise<EncryptionResult> {`
Implement onion request encryption 2020-03-31 05:52:56 +02:00			`let (promise, seal) = Promise<EncryptionResult>.pending()`
Slightly improve performance 2020-05-07 03:57:40 +02:00			`DispatchQueue.global(qos: .userInitiated).async {`
Implement feedback 2020-07-23 04:03:39 +02:00			`var parameters: JSON`
			`switch rhs {`
			`case .snode(let snode):`
			`guard let snodeED25519PublicKey = snode.publicKeySet?.ed25519Key else { return seal.reject(Error.snodePublicKeySetMissing) }`
			`parameters = [ "destination" : snodeED25519PublicKey ]`
			`case .server(let host, _):`
Fix incorrect endpoint 2020-10-21 05:30:55 +02:00			`parameters = [ "host" : host, "target" : "/loki/v2/lsrpc", "method" : "POST" ]`
Implement feedback 2020-07-23 04:03:39 +02:00			`}`
refactor and prepare for file server onion request 2020-07-17 09:18:26 +02:00			`parameters["ephemeral_key"] = previousEncryptionResult.ephemeralPublicKey.toHexString()`
Implement feedback 2020-07-23 04:03:39 +02:00			`let x25519PublicKey: String`
			`switch lhs {`
			`case .snode(let snode):`
			`guard let snodeX25519PublicKey = snode.publicKeySet?.x25519Key else { return seal.reject(Error.snodePublicKeySetMissing) }`
			`x25519PublicKey = snodeX25519PublicKey`
			`case .server(_, let serverX25519PublicKey):`
			`x25519PublicKey = serverX25519PublicKey`
			`}`
Implement onion request encryption 2020-03-31 05:52:56 +02:00			`do {`
Implement new onion request encoding 2020-10-06 07:52:31 +02:00			`let plaintext = try encode(ciphertext: previousEncryptionResult.ciphertext, json: parameters)`
Implement SSK protocol changes 2020-09-14 07:16:51 +02:00			`let result = try EncryptionUtilities.encrypt(plaintext, using: x25519PublicKey)`
Implement onion request encryption 2020-03-31 05:52:56 +02:00			`seal.fulfill(result)`
			`} catch (let error) {`
			`seal.reject(error)`
			`}`
			`}`
			`return promise`
			`}`
			`}`