Update Cocoapods.

signalapp · Feb 25, 2020 · f897a62 · f897a62
1 parent bca8b6e
commit f897a62
Show file tree

Hide file tree

Showing 7 changed files with 4,207 additions and 4,147 deletions.
diff --git a/Manifest.lock b/Manifest.lock
@@ -357,10 +357,10 @@ CHECKOUT OPTIONS:
     :commit: b72c2d1e6132501db906de2cffa8ded7803c54f4
     :git: https://github.com/signalapp/Mantle
   SignalCoreKit:
-    :commit: be8b50315a5cd18bc5474e8c63b5cb56c1140b6b
+    :commit: 215afc41654f182bececd949e2410b4a819fbbfb
     :git: https://github.com/signalapp/SignalCoreKit.git
   SignalMetadataKit:
-    :commit: 33dc101ee66b25ba6f4310dce04d48276a934781
+    :commit: 1d738023e4cb19d0ea502f5a03a9368a1eaefe9e
     :git: https://github.com/signalapp/SignalMetadataKit
   Starscream:
     :commit: b09ea163c3cb305152c65b299cb024610f52e735

diff --git a/Pods.xcodeproj/project.pbxproj b/Pods.xcodeproj/project.pbxproj
diff --git a/SignalCoreKit/SignalCoreKit/src/Cryptography.h b/SignalCoreKit/SignalCoreKit/src/Cryptography.h
@@ -5,7 +5,7 @@
 NS_ASSUME_NONNULL_BEGIN
 
 extern const NSUInteger kAES256_KeyByteLength;
-extern const NSUInteger kAESGCM256_IVLength;
+extern const NSUInteger kAESGCM256_DefaultIVLength;
 extern const NSUInteger kAES256CTR_IVLength;
 
 /// Key appropriate for use in AES256-GCM
@@ -112,9 +112,10 @@ typedef NS_ENUM(NSInteger, TSMACType) {
 #pragma mark - AES-GCM
 
 + (nullable AES25GCMEncryptionResult *)encryptAESGCMWithData:(NSData *)plaintext
+                                  initializationVectorLength:(NSUInteger)initializationVectorLength
                                  additionalAuthenticatedData:(nullable NSData *)additionalAuthenticatedData
                                                          key:(OWSAES256Key *)key
-    NS_SWIFT_NAME(encryptAESGCM(plainTextData:additionalAuthenticatedData:key:));
+    NS_SWIFT_NAME(encryptAESGCM(plainTextData:initializationVectorLength:additionalAuthenticatedData:key:));
 
 + (nullable AES25GCMEncryptionResult *)encryptAESGCMWithData:(NSData *)plaintext
                                         initializationVector:(NSData *)initializationVector
@@ -129,6 +130,16 @@ typedef NS_ENUM(NSInteger, TSMACType) {
                                                        key:(OWSAES256Key *)key
     NS_SWIFT_NAME(decryptAESGCM(withInitializationVector:ciphertext:additionalAuthenticatedData:authTag:key:));
 
++ (nullable NSData *)encryptAESGCMWithDataAndConcatenateResults:(NSData *)plaintext
+                                     initializationVectorLength:(NSUInteger)initializationVectorLength
+                                                            key:(OWSAES256Key *)key
+    NS_SWIFT_NAME(encryptAESGCMWithDataAndConcatenateResults(plainTextData:initializationVectorLength:key:));
+
++ (nullable NSData *)decryptAESGCMConcatenatedData:(NSData *)concatenatedData
+                        initializationVectorLength:(NSUInteger)initializationVectorLength
+                                               key:(OWSAES256Key *)key
+    NS_SWIFT_NAME(decryptAESGCMConcatenatedData(encryptedData:initializationVectorLength:key:));
+
 #pragma mark - Profiles
 
 + (nullable NSData *)encryptAESGCMWithProfileData:(NSData *)plaintextData key:(OWSAES256Key *)key

diff --git a/SignalCoreKit/SignalCoreKit/src/Cryptography.m b/SignalCoreKit/SignalCoreKit/src/Cryptography.m
@@ -20,8 +20,8 @@
 // Returned by many OpenSSL functions - indicating success
 const int kOpenSSLSuccess = 1;
 
-// length of initialization nonce for AES256-GCM
-const NSUInteger kAESGCM256_IVLength = 12;
+// default length of initialization nonce for AES256-GCM
+const NSUInteger kAESGCM256_DefaultIVLength = 12;
 
 const NSUInteger kAES256CTR_IVLength = 16;
 
@@ -131,7 +131,7 @@ - (nullable instancetype)initWithCipherText:(NSData *)cipherText
     _initializationVector = [initializationVector copy];
     _authTag = [authTag copy];
 
-    if (_ciphertext == nil || _initializationVector.length != kAESGCM256_IVLength
+    if (_ciphertext == nil || _initializationVector.length < kAESGCM256_DefaultIVLength
         || _authTag.length != kAESGCM256_TagLength) {
         return nil;
     }
@@ -682,10 +682,13 @@ + (nullable NSData *)encryptAttachmentData:(NSData *)attachmentData
 #pragma mark - AES-GCM
 
 + (nullable AES25GCMEncryptionResult *)encryptAESGCMWithData:(NSData *)plaintext
+                                  initializationVectorLength:(NSUInteger)initializationVectorLength
                                  additionalAuthenticatedData:(nullable NSData *)additionalAuthenticatedData
                                                          key:(OWSAES256Key *)key
 {
-    NSData *initializationVector = [Cryptography generateRandomBytes:kAESGCM256_IVLength];
+    OWSAssertDebug(initializationVectorLength >= kAESGCM256_DefaultIVLength);
+
+    NSData *initializationVector = [Cryptography generateRandomBytes:initializationVectorLength];
 
     return [self encryptAESGCMWithData:plaintext
                   initializationVector:initializationVector
@@ -698,7 +701,7 @@ + (nullable AES25GCMEncryptionResult *)encryptAESGCMWithData:(NSData *)plaintext
                                  additionalAuthenticatedData:(nullable NSData *)additionalAuthenticatedData
                                                          key:(OWSAES256Key *)key
 {
-    OWSAssert(initializationVector.length == kAESGCM256_IVLength);
+    OWSAssertDebug(initializationVector.length >= kAESGCM256_DefaultIVLength);
 
     NSMutableData *ciphertext = [NSMutableData dataWithLength:plaintext.length];
     NSMutableData *authTag = [NSMutableData dataWithLength:kAESGCM256_TagLength];
@@ -799,7 +802,7 @@ + (nullable NSData *)decryptAESGCMWithInitializationVector:(NSData *)initializat
                                                    authTag:(NSData *)authTagFromEncrypt
                                                        key:(OWSAES256Key *)key
 {
-    OWSAssertDebug(initializationVector.length == kAESGCM256_IVLength);
+    OWSAssertDebug(initializationVector.length >= kAESGCM256_DefaultIVLength);
     OWSAssertDebug(ciphertext.length > 0);
     OWSAssertDebug(authTagFromEncrypt.length == kAESGCM256_TagLength);
     OWSAssertDebug(key);
@@ -821,7 +824,7 @@ + (nullable NSData *)decryptAESGCMWithInitializationVector:(NSData *)initializat
     }
 
     // Set IV length. Not necessary if this is 12 bytes (96 bits)
-    if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, kAESGCM256_IVLength, NULL) != kOpenSSLSuccess) {
+    if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, (int)initializationVector.length, NULL) != kOpenSSLSuccess) {
         OWSFailDebug(@"failed to set key and iv while decrypting");
         return nil;
     }
@@ -903,36 +906,45 @@ + (nullable NSData *)decryptAESGCMWithInitializationVector:(NSData *)initializat
     }
 }
 
-#pragma mark - Profiles
-
-+ (nullable NSData *)encryptAESGCMWithProfileData:(NSData *)plaintext key:(OWSAES256Key *)key
++ (nullable NSData *)encryptAESGCMWithDataAndConcatenateResults:(NSData *)plaintext
+                                     initializationVectorLength:(NSUInteger)initializationVectorLength
+                                                            key:(OWSAES256Key *)key
 {
-    AES25GCMEncryptionResult *result = [self encryptAESGCMWithData:plaintext additionalAuthenticatedData:nil key:key];
+    OWSAssertDebug(initializationVectorLength >= kAESGCM256_DefaultIVLength);
+
+    AES25GCMEncryptionResult *result = [self encryptAESGCMWithData:plaintext
+                                        initializationVectorLength:initializationVectorLength
+                                       additionalAuthenticatedData:nil
+                                                               key:key];
     return [NSData join:@[
         result.initializationVector,
         result.ciphertext,
         result.authTag,
     ]];
 }
 
-+ (nullable NSData *)decryptAESGCMWithProfileData:(NSData *)encryptedData key:(OWSAES256Key *)key
++ (nullable NSData *)decryptAESGCMConcatenatedData:(NSData *)concatenatedData
+                        initializationVectorLength:(NSUInteger)initializationVectorLength
+                                               key:(OWSAES256Key *)key
 {
+    OWSAssertDebug(initializationVectorLength >= kAESGCM256_DefaultIVLength);
+
     NSUInteger cipherTextLength;
     BOOL didOverflow
-        = __builtin_sub_overflow(encryptedData.length, (kAESGCM256_IVLength + kAESGCM256_TagLength), &cipherTextLength);
+        = __builtin_sub_overflow(concatenatedData.length, (initializationVectorLength + kAESGCM256_TagLength), &cipherTextLength);
     if (didOverflow) {
-        OWSFailDebug(@"unexpectedly short encryptedData.length: %lu", (unsigned long)encryptedData.length);
+        OWSFailDebug(@"unexpectedly short encryptedData.length: %lu", (unsigned long)concatenatedData.length);
         return nil;
     }
 
     // encryptedData layout: initializationVector || ciphertext || authTag
-    NSData *initializationVector = [encryptedData subdataWithRange:NSMakeRange(0, kAESGCM256_IVLength)];
-    NSData *ciphertext = [encryptedData subdataWithRange:NSMakeRange(kAESGCM256_IVLength, cipherTextLength)];
+    NSData *initializationVector = [concatenatedData subdataWithRange:NSMakeRange(0, initializationVectorLength)];
+    NSData *ciphertext = [concatenatedData subdataWithRange:NSMakeRange(initializationVectorLength, cipherTextLength)];
 
     NSUInteger tagOffset;
-    ows_add_overflow(kAESGCM256_IVLength, cipherTextLength, &tagOffset);
+    ows_add_overflow(initializationVectorLength, cipherTextLength, &tagOffset);
 
-    NSData *authTag = [encryptedData subdataWithRange:NSMakeRange(tagOffset, kAESGCM256_TagLength)];
+    NSData *authTag = [concatenatedData subdataWithRange:NSMakeRange(tagOffset, kAESGCM256_TagLength)];
 
     return [self decryptAESGCMWithInitializationVector:initializationVector
                                             ciphertext:ciphertext
@@ -941,6 +953,18 @@ + (nullable NSData *)decryptAESGCMWithProfileData:(NSData *)encryptedData key:(O
                                                    key:key];
 }
 
+#pragma mark - Profiles
+
++ (nullable NSData *)encryptAESGCMWithProfileData:(NSData *)plaintext key:(OWSAES256Key *)key
+{
+    return [self encryptAESGCMWithDataAndConcatenateResults:plaintext initializationVectorLength:kAESGCM256_DefaultIVLength key:key];
+}
+
++ (nullable NSData *)decryptAESGCMWithProfileData:(NSData *)encryptedData key:(OWSAES256Key *)key
+{
+    return [self decryptAESGCMConcatenatedData:encryptedData initializationVectorLength:kAESGCM256_DefaultIVLength key:key];
+}
+
 #pragma mark - AES-CTR
 
 + (nullable AES256CTREncryptionResult *)encryptAESCTRWithData:(NSData *)plaintext

diff --git a/SignalCoreKit/SignalCoreKitTests/src/CryptographyTests.m b/SignalCoreKit/SignalCoreKitTests/src/CryptographyTests.m
@@ -250,11 +250,11 @@ - (void)testAESGCM
     OWSAES256Key *key = [OWSAES256Key new];
 
     AES25GCMEncryptionResult *_Nullable result =
-        [Cryptography encryptAESGCMWithData:plainTextData additionalAuthenticatedData:nil key:key];
+    [Cryptography encryptAESGCMWithData:plainTextData initializationVectorLength:16 additionalAuthenticatedData:nil key:key];
     XCTAssertNotNil(result);
     XCTAssertTrue(result.ciphertext.length > 0);
     XCTAssertTrue(result.authTag.length > 0);
-    XCTAssertTrue(result.initializationVector.length == kAESGCM256_IVLength);
+    XCTAssertTrue(result.initializationVector.length == 16);
 
     NSData *_Nullable decryptedData = [Cryptography decryptAESGCMWithInitializationVector:result.initializationVector
                                                                                ciphertext:result.ciphertext
@@ -267,10 +267,11 @@ - (void)testAESGCM
 
 - (void)testAESGCM_randomIV
 {
+    NSUInteger ivLength = 12;
     NSString *plainText = @"Super🔥secret🔥test🔥data🏁🏁";
     NSData *plainTextData = [plainText dataUsingEncoding:NSUTF8StringEncoding];
-    NSData *initializationVector = [Cryptography generateRandomBytes:kAESGCM256_IVLength];
-    XCTAssertTrue(initializationVector.length == kAESGCM256_IVLength);
+    NSData *initializationVector = [Cryptography generateRandomBytes:ivLength];
+    XCTAssertTrue(initializationVector.length == ivLength);
 
     OWSAES256Key *key = [OWSAES256Key new];
 
@@ -281,7 +282,7 @@ - (void)testAESGCM_randomIV
     XCTAssertNotNil(result);
     XCTAssertTrue(result.ciphertext.length > 0);
     XCTAssertTrue(result.authTag.length > 0);
-    XCTAssertTrue(result.initializationVector.length == kAESGCM256_IVLength);
+    XCTAssertTrue(result.initializationVector.length == ivLength);
     XCTAssertEqualObjects(initializationVector, result.initializationVector);
 
     NSData *_Nullable decryptedData = [Cryptography decryptAESGCMWithInitializationVector:result.initializationVector
@@ -293,12 +294,27 @@ - (void)testAESGCM_randomIV
     XCTAssertEqualObjects(plainTextData, decryptedData);
 }
 
+- (void)testAESGCM_concatenatedEncryptDecrypt
+{
+    NSString *plainText = @"Super🔥secret🔥test🔥data🏁🏁";
+    NSData *plainTextData = [plainText dataUsingEncoding:NSUTF8StringEncoding];
+    OWSAES256Key *key = [OWSAES256Key new];
+
+    for (NSUInteger ivLength = kAESGCM256_DefaultIVLength; ivLength <= 64; ivLength++) {
+        NSData *ivAndCipher = [Cryptography encryptAESGCMWithDataAndConcatenateResults:plainTextData initializationVectorLength:ivLength key:key];
+        NSData *decryptedData = [Cryptography decryptAESGCMConcatenatedData:ivAndCipher initializationVectorLength:ivLength key:key];
+
+        XCTAssertEqualObjects(plainTextData, decryptedData);
+    }
+}
+
 - (void)testAESGCM_allZeroIV
 {
+    NSUInteger ivLength = 32;
     NSString *plainText = @"Super🔥secret🔥test🔥data🏁🏁";
     NSData *plainTextData = [plainText dataUsingEncoding:NSUTF8StringEncoding];
-    NSMutableData *initializationVector = [NSMutableData dataWithLength:kAESGCM256_IVLength];
-    XCTAssertTrue(initializationVector.length == kAESGCM256_IVLength);
+    NSMutableData *initializationVector = [NSMutableData dataWithLength:ivLength];
+    XCTAssertTrue(initializationVector.length == ivLength);
     const uint8_t *ivBytes = initializationVector.bytes;
     for (NSUInteger i = 0; i < initializationVector.length; i++) {
         XCTAssertEqual(ivBytes[i], 0);
@@ -313,7 +329,7 @@ - (void)testAESGCM_allZeroIV
     XCTAssertNotNil(result);
     XCTAssertTrue(result.ciphertext.length > 0);
     XCTAssertTrue(result.authTag.length > 0);
-    XCTAssertTrue(result.initializationVector.length == kAESGCM256_IVLength);
+    XCTAssertTrue(result.initializationVector.length == ivLength);
     XCTAssertEqualObjects(initializationVector, result.initializationVector);
 
     NSData *_Nullable decryptedData = [Cryptography decryptAESGCMWithInitializationVector:result.initializationVector

diff --git a/SignalMetadataKit/SignalMetadataKit/src/SMKUDAccessKey.swift b/SignalMetadataKit/SignalMetadataKit/src/SMKUDAccessKey.swift
@@ -23,7 +23,7 @@ public class SMKUDAccessKey: NSObject {
         // We derive the "ud access key" from the private key by encrypting zeroes.
         let emptyPlaintextLength = 16
         let emptyPlaintext = Data(count: Int(emptyPlaintextLength))
-        let initializationVector = Data(count: Int(kAESGCM256_IVLength))
+        let initializationVector = Data(count: Int(kAESGCM256_DefaultIVLength))
         guard let keyData = Cryptography.encryptAESGCM(plainTextData: emptyPlaintext,
                                                 initializationVector: initializationVector,
                                                 additionalAuthenticatedData: nil,

diff --git a/Target Support Files/SignalServiceKit/SignalServiceKit-umbrella.h b/Target Support Files/SignalServiceKit/SignalServiceKit-umbrella.h
@@ -50,6 +50,7 @@
 #import "OWSSyncFetchLatestMessage.h"
 #import "OWSSyncGroupsMessage.h"
 #import "OWSSyncKeysMessage.h"
+#import "OWSSyncMessageRequestResponseMessage.h"
 #import "OWSSyncRequestMessage.h"
 #import "OWSContact+Private.h"
 #import "OWSContact.h"