From fd92b6e4339736dd274afabd81aa7edb17ba42ef Mon Sep 17 00:00:00 2001 From: Nora Trapp Date: Thu, 20 Feb 2020 13:58:49 -0800 Subject: [PATCH] Update pods --- Manifest.lock | 4 +- .../SignalCoreKit/src/Cryptography.h | 15 ++++- .../SignalCoreKit/src/Cryptography.m | 60 +++++++++++++------ .../src/CryptographyTests.m | 32 +++++++--- .../src/SMKUDAccessKey.swift | 2 +- 5 files changed, 82 insertions(+), 31 deletions(-) diff --git a/Manifest.lock b/Manifest.lock index 38d45425..c67b017a 100644 --- a/Manifest.lock +++ b/Manifest.lock @@ -357,10 +357,10 @@ CHECKOUT OPTIONS: :commit: b72c2d1e6132501db906de2cffa8ded7803c54f4 :git: https://github.com/signalapp/Mantle SignalCoreKit: - :commit: be8b50315a5cd18bc5474e8c63b5cb56c1140b6b + :commit: 215afc41654f182bececd949e2410b4a819fbbfb :git: https://github.com/signalapp/SignalCoreKit.git SignalMetadataKit: - :commit: 33dc101ee66b25ba6f4310dce04d48276a934781 + :commit: 1d738023e4cb19d0ea502f5a03a9368a1eaefe9e :git: https://github.com/signalapp/SignalMetadataKit Starscream: :commit: b09ea163c3cb305152c65b299cb024610f52e735 diff --git a/SignalCoreKit/SignalCoreKit/src/Cryptography.h b/SignalCoreKit/SignalCoreKit/src/Cryptography.h index 9779e3ac..226c595c 100644 --- a/SignalCoreKit/SignalCoreKit/src/Cryptography.h +++ b/SignalCoreKit/SignalCoreKit/src/Cryptography.h @@ -5,7 +5,7 @@ NS_ASSUME_NONNULL_BEGIN extern const NSUInteger kAES256_KeyByteLength; -extern const NSUInteger kAESGCM256_IVLength; +extern const NSUInteger kAESGCM256_DefaultIVLength; extern const NSUInteger kAES256CTR_IVLength; /// Key appropriate for use in AES256-GCM @@ -112,9 +112,10 @@ typedef NS_ENUM(NSInteger, TSMACType) { #pragma mark - AES-GCM + (nullable AES25GCMEncryptionResult *)encryptAESGCMWithData:(NSData *)plaintext + initializationVectorLength:(NSUInteger)initializationVectorLength additionalAuthenticatedData:(nullable NSData *)additionalAuthenticatedData key:(OWSAES256Key *)key - NS_SWIFT_NAME(encryptAESGCM(plainTextData:additionalAuthenticatedData:key:)); + NS_SWIFT_NAME(encryptAESGCM(plainTextData:initializationVectorLength:additionalAuthenticatedData:key:)); + (nullable AES25GCMEncryptionResult *)encryptAESGCMWithData:(NSData *)plaintext initializationVector:(NSData *)initializationVector @@ -129,6 +130,16 @@ typedef NS_ENUM(NSInteger, TSMACType) { key:(OWSAES256Key *)key NS_SWIFT_NAME(decryptAESGCM(withInitializationVector:ciphertext:additionalAuthenticatedData:authTag:key:)); ++ (nullable NSData *)encryptAESGCMWithDataAndConcatenateResults:(NSData *)plaintext + initializationVectorLength:(NSUInteger)initializationVectorLength + key:(OWSAES256Key *)key + NS_SWIFT_NAME(encryptAESGCMWithDataAndConcatenateResults(plainTextData:initializationVectorLength:key:)); + ++ (nullable NSData *)decryptAESGCMConcatenatedData:(NSData *)concatenatedData + initializationVectorLength:(NSUInteger)initializationVectorLength + key:(OWSAES256Key *)key + NS_SWIFT_NAME(decryptAESGCMConcatenatedData(encryptedData:initializationVectorLength:key:)); + #pragma mark - Profiles + (nullable NSData *)encryptAESGCMWithProfileData:(NSData *)plaintextData key:(OWSAES256Key *)key diff --git a/SignalCoreKit/SignalCoreKit/src/Cryptography.m b/SignalCoreKit/SignalCoreKit/src/Cryptography.m index 161ae13b..37b83fad 100644 --- a/SignalCoreKit/SignalCoreKit/src/Cryptography.m +++ b/SignalCoreKit/SignalCoreKit/src/Cryptography.m @@ -20,8 +20,8 @@ // Returned by many OpenSSL functions - indicating success const int kOpenSSLSuccess = 1; -// length of initialization nonce for AES256-GCM -const NSUInteger kAESGCM256_IVLength = 12; +// default length of initialization nonce for AES256-GCM +const NSUInteger kAESGCM256_DefaultIVLength = 12; const NSUInteger kAES256CTR_IVLength = 16; @@ -131,7 +131,7 @@ - (nullable instancetype)initWithCipherText:(NSData *)cipherText _initializationVector = [initializationVector copy]; _authTag = [authTag copy]; - if (_ciphertext == nil || _initializationVector.length != kAESGCM256_IVLength + if (_ciphertext == nil || _initializationVector.length < kAESGCM256_DefaultIVLength || _authTag.length != kAESGCM256_TagLength) { return nil; } @@ -682,10 +682,13 @@ + (nullable NSData *)encryptAttachmentData:(NSData *)attachmentData #pragma mark - AES-GCM + (nullable AES25GCMEncryptionResult *)encryptAESGCMWithData:(NSData *)plaintext + initializationVectorLength:(NSUInteger)initializationVectorLength additionalAuthenticatedData:(nullable NSData *)additionalAuthenticatedData key:(OWSAES256Key *)key { - NSData *initializationVector = [Cryptography generateRandomBytes:kAESGCM256_IVLength]; + OWSAssertDebug(initializationVectorLength >= kAESGCM256_DefaultIVLength); + + NSData *initializationVector = [Cryptography generateRandomBytes:initializationVectorLength]; return [self encryptAESGCMWithData:plaintext initializationVector:initializationVector @@ -698,7 +701,7 @@ + (nullable AES25GCMEncryptionResult *)encryptAESGCMWithData:(NSData *)plaintext additionalAuthenticatedData:(nullable NSData *)additionalAuthenticatedData key:(OWSAES256Key *)key { - OWSAssert(initializationVector.length == kAESGCM256_IVLength); + OWSAssertDebug(initializationVector.length >= kAESGCM256_DefaultIVLength); NSMutableData *ciphertext = [NSMutableData dataWithLength:plaintext.length]; NSMutableData *authTag = [NSMutableData dataWithLength:kAESGCM256_TagLength]; @@ -799,7 +802,7 @@ + (nullable NSData *)decryptAESGCMWithInitializationVector:(NSData *)initializat authTag:(NSData *)authTagFromEncrypt key:(OWSAES256Key *)key { - OWSAssertDebug(initializationVector.length == kAESGCM256_IVLength); + OWSAssertDebug(initializationVector.length >= kAESGCM256_DefaultIVLength); OWSAssertDebug(ciphertext.length > 0); OWSAssertDebug(authTagFromEncrypt.length == kAESGCM256_TagLength); OWSAssertDebug(key); @@ -821,7 +824,7 @@ + (nullable NSData *)decryptAESGCMWithInitializationVector:(NSData *)initializat } // Set IV length. Not necessary if this is 12 bytes (96 bits) - if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, kAESGCM256_IVLength, NULL) != kOpenSSLSuccess) { + if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, (int)initializationVector.length, NULL) != kOpenSSLSuccess) { OWSFailDebug(@"failed to set key and iv while decrypting"); return nil; } @@ -903,11 +906,16 @@ + (nullable NSData *)decryptAESGCMWithInitializationVector:(NSData *)initializat } } -#pragma mark - Profiles - -+ (nullable NSData *)encryptAESGCMWithProfileData:(NSData *)plaintext key:(OWSAES256Key *)key ++ (nullable NSData *)encryptAESGCMWithDataAndConcatenateResults:(NSData *)plaintext + initializationVectorLength:(NSUInteger)initializationVectorLength + key:(OWSAES256Key *)key { - AES25GCMEncryptionResult *result = [self encryptAESGCMWithData:plaintext additionalAuthenticatedData:nil key:key]; + OWSAssertDebug(initializationVectorLength >= kAESGCM256_DefaultIVLength); + + AES25GCMEncryptionResult *result = [self encryptAESGCMWithData:plaintext + initializationVectorLength:initializationVectorLength + additionalAuthenticatedData:nil + key:key]; return [NSData join:@[ result.initializationVector, result.ciphertext, @@ -915,24 +923,28 @@ + (nullable NSData *)encryptAESGCMWithProfileData:(NSData *)plaintext key:(OWSAE ]]; } -+ (nullable NSData *)decryptAESGCMWithProfileData:(NSData *)encryptedData key:(OWSAES256Key *)key ++ (nullable NSData *)decryptAESGCMConcatenatedData:(NSData *)concatenatedData + initializationVectorLength:(NSUInteger)initializationVectorLength + key:(OWSAES256Key *)key { + OWSAssertDebug(initializationVectorLength >= kAESGCM256_DefaultIVLength); + NSUInteger cipherTextLength; BOOL didOverflow - = __builtin_sub_overflow(encryptedData.length, (kAESGCM256_IVLength + kAESGCM256_TagLength), &cipherTextLength); + = __builtin_sub_overflow(concatenatedData.length, (initializationVectorLength + kAESGCM256_TagLength), &cipherTextLength); if (didOverflow) { - OWSFailDebug(@"unexpectedly short encryptedData.length: %lu", (unsigned long)encryptedData.length); + OWSFailDebug(@"unexpectedly short encryptedData.length: %lu", (unsigned long)concatenatedData.length); return nil; } // encryptedData layout: initializationVector || ciphertext || authTag - NSData *initializationVector = [encryptedData subdataWithRange:NSMakeRange(0, kAESGCM256_IVLength)]; - NSData *ciphertext = [encryptedData subdataWithRange:NSMakeRange(kAESGCM256_IVLength, cipherTextLength)]; + NSData *initializationVector = [concatenatedData subdataWithRange:NSMakeRange(0, initializationVectorLength)]; + NSData *ciphertext = [concatenatedData subdataWithRange:NSMakeRange(initializationVectorLength, cipherTextLength)]; NSUInteger tagOffset; - ows_add_overflow(kAESGCM256_IVLength, cipherTextLength, &tagOffset); + ows_add_overflow(initializationVectorLength, cipherTextLength, &tagOffset); - NSData *authTag = [encryptedData subdataWithRange:NSMakeRange(tagOffset, kAESGCM256_TagLength)]; + NSData *authTag = [concatenatedData subdataWithRange:NSMakeRange(tagOffset, kAESGCM256_TagLength)]; return [self decryptAESGCMWithInitializationVector:initializationVector ciphertext:ciphertext @@ -941,6 +953,18 @@ + (nullable NSData *)decryptAESGCMWithProfileData:(NSData *)encryptedData key:(O key:key]; } +#pragma mark - Profiles + ++ (nullable NSData *)encryptAESGCMWithProfileData:(NSData *)plaintext key:(OWSAES256Key *)key +{ + return [self encryptAESGCMWithDataAndConcatenateResults:plaintext initializationVectorLength:kAESGCM256_DefaultIVLength key:key]; +} + ++ (nullable NSData *)decryptAESGCMWithProfileData:(NSData *)encryptedData key:(OWSAES256Key *)key +{ + return [self decryptAESGCMConcatenatedData:encryptedData initializationVectorLength:kAESGCM256_DefaultIVLength key:key]; +} + #pragma mark - AES-CTR + (nullable AES256CTREncryptionResult *)encryptAESCTRWithData:(NSData *)plaintext diff --git a/SignalCoreKit/SignalCoreKitTests/src/CryptographyTests.m b/SignalCoreKit/SignalCoreKitTests/src/CryptographyTests.m index 122cab6b..5d23c2cd 100644 --- a/SignalCoreKit/SignalCoreKitTests/src/CryptographyTests.m +++ b/SignalCoreKit/SignalCoreKitTests/src/CryptographyTests.m @@ -250,11 +250,11 @@ - (void)testAESGCM OWSAES256Key *key = [OWSAES256Key new]; AES25GCMEncryptionResult *_Nullable result = - [Cryptography encryptAESGCMWithData:plainTextData additionalAuthenticatedData:nil key:key]; + [Cryptography encryptAESGCMWithData:plainTextData initializationVectorLength:16 additionalAuthenticatedData:nil key:key]; XCTAssertNotNil(result); XCTAssertTrue(result.ciphertext.length > 0); XCTAssertTrue(result.authTag.length > 0); - XCTAssertTrue(result.initializationVector.length == kAESGCM256_IVLength); + XCTAssertTrue(result.initializationVector.length == 16); NSData *_Nullable decryptedData = [Cryptography decryptAESGCMWithInitializationVector:result.initializationVector ciphertext:result.ciphertext @@ -267,10 +267,11 @@ - (void)testAESGCM - (void)testAESGCM_randomIV { + NSUInteger ivLength = 12; NSString *plainText = @"Super🔥secret🔥test🔥data🏁🏁"; NSData *plainTextData = [plainText dataUsingEncoding:NSUTF8StringEncoding]; - NSData *initializationVector = [Cryptography generateRandomBytes:kAESGCM256_IVLength]; - XCTAssertTrue(initializationVector.length == kAESGCM256_IVLength); + NSData *initializationVector = [Cryptography generateRandomBytes:ivLength]; + XCTAssertTrue(initializationVector.length == ivLength); OWSAES256Key *key = [OWSAES256Key new]; @@ -281,7 +282,7 @@ - (void)testAESGCM_randomIV XCTAssertNotNil(result); XCTAssertTrue(result.ciphertext.length > 0); XCTAssertTrue(result.authTag.length > 0); - XCTAssertTrue(result.initializationVector.length == kAESGCM256_IVLength); + XCTAssertTrue(result.initializationVector.length == ivLength); XCTAssertEqualObjects(initializationVector, result.initializationVector); NSData *_Nullable decryptedData = [Cryptography decryptAESGCMWithInitializationVector:result.initializationVector @@ -293,12 +294,27 @@ - (void)testAESGCM_randomIV XCTAssertEqualObjects(plainTextData, decryptedData); } +- (void)testAESGCM_concatenatedEncryptDecrypt +{ + NSString *plainText = @"Super🔥secret🔥test🔥data🏁🏁"; + NSData *plainTextData = [plainText dataUsingEncoding:NSUTF8StringEncoding]; + OWSAES256Key *key = [OWSAES256Key new]; + + for (NSUInteger ivLength = kAESGCM256_DefaultIVLength; ivLength <= 64; ivLength++) { + NSData *ivAndCipher = [Cryptography encryptAESGCMWithDataAndConcatenateResults:plainTextData initializationVectorLength:ivLength key:key]; + NSData *decryptedData = [Cryptography decryptAESGCMConcatenatedData:ivAndCipher initializationVectorLength:ivLength key:key]; + + XCTAssertEqualObjects(plainTextData, decryptedData); + } +} + - (void)testAESGCM_allZeroIV { + NSUInteger ivLength = 32; NSString *plainText = @"Super🔥secret🔥test🔥data🏁🏁"; NSData *plainTextData = [plainText dataUsingEncoding:NSUTF8StringEncoding]; - NSMutableData *initializationVector = [NSMutableData dataWithLength:kAESGCM256_IVLength]; - XCTAssertTrue(initializationVector.length == kAESGCM256_IVLength); + NSMutableData *initializationVector = [NSMutableData dataWithLength:ivLength]; + XCTAssertTrue(initializationVector.length == ivLength); const uint8_t *ivBytes = initializationVector.bytes; for (NSUInteger i = 0; i < initializationVector.length; i++) { XCTAssertEqual(ivBytes[i], 0); @@ -313,7 +329,7 @@ - (void)testAESGCM_allZeroIV XCTAssertNotNil(result); XCTAssertTrue(result.ciphertext.length > 0); XCTAssertTrue(result.authTag.length > 0); - XCTAssertTrue(result.initializationVector.length == kAESGCM256_IVLength); + XCTAssertTrue(result.initializationVector.length == ivLength); XCTAssertEqualObjects(initializationVector, result.initializationVector); NSData *_Nullable decryptedData = [Cryptography decryptAESGCMWithInitializationVector:result.initializationVector diff --git a/SignalMetadataKit/SignalMetadataKit/src/SMKUDAccessKey.swift b/SignalMetadataKit/SignalMetadataKit/src/SMKUDAccessKey.swift index d1243417..71aa6e9f 100644 --- a/SignalMetadataKit/SignalMetadataKit/src/SMKUDAccessKey.swift +++ b/SignalMetadataKit/SignalMetadataKit/src/SMKUDAccessKey.swift @@ -23,7 +23,7 @@ public class SMKUDAccessKey: NSObject { // We derive the "ud access key" from the private key by encrypting zeroes. let emptyPlaintextLength = 16 let emptyPlaintext = Data(count: Int(emptyPlaintextLength)) - let initializationVector = Data(count: Int(kAESGCM256_IVLength)) + let initializationVector = Data(count: Int(kAESGCM256_DefaultIVLength)) guard let keyData = Cryptography.encryptAESGCM(plainTextData: emptyPlaintext, initializationVector: initializationVector, additionalAuthenticatedData: nil,