Commit 5de295da authored by manuroe's avatar manuroe

OLMKit: add Short Authentication String verification

(cherry picked from commit 3e954ca2729d3333ea853c878602d1696f616573)
parent 3609227c
......@@ -12,6 +12,7 @@
3274F6071D9A633A005282E4 /* OLMKitTests.m in Sources */ = {isa = PBXBuildFile; fileRef = 3274F6061D9A633A005282E4 /* OLMKitTests.m */; };
3274F6131D9A698E005282E4 /* OLMKit.h in Headers */ = {isa = PBXBuildFile; fileRef = 3274F6121D9A698E005282E4 /* OLMKit.h */; };
32A151311DABDD4300400192 /* OLMKitGroupTests.m in Sources */ = {isa = PBXBuildFile; fileRef = 32A151301DABDD4300400192 /* OLMKitGroupTests.m */; };
32F143AF2236B4100077CF37 /* OLMKitSASTests.m in Sources */ = {isa = PBXBuildFile; fileRef = 32F143AE2236B4100077CF37 /* OLMKitSASTests.m */; };
7DBAD311AEA85CF6DB80DCFA /* libPods-OLMKitTests.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 7123FABE917D0FB140E036B7 /* libPods-OLMKitTests.a */; };
D667051A0BA47E17CCC4E5D7 /* libPods-OLMKit.a in Frameworks */ = {isa = PBXBuildFile; fileRef = F2F22FE8F173AF845B882805 /* libPods-OLMKit.a */; };
/* End PBXBuildFile section */
......@@ -36,6 +37,7 @@
3274F6081D9A633A005282E4 /* Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = Info.plist; sourceTree = "<group>"; };
3274F6121D9A698E005282E4 /* OLMKit.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = OLMKit.h; sourceTree = "<group>"; };
32A151301DABDD4300400192 /* OLMKitGroupTests.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = OLMKitGroupTests.m; sourceTree = "<group>"; };
32F143AE2236B4100077CF37 /* OLMKitSASTests.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = OLMKitSASTests.m; sourceTree = "<group>"; };
7123FABE917D0FB140E036B7 /* libPods-OLMKitTests.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = "libPods-OLMKitTests.a"; sourceTree = BUILT_PRODUCTS_DIR; };
875BA7A520258EA15A31DD82 /* Pods-OLMKitTests.debug.xcconfig */ = {isa = PBXFileReference; includeInIndex = 1; lastKnownFileType = text.xcconfig; name = "Pods-OLMKitTests.debug.xcconfig"; path = "Pods/Target Support Files/Pods-OLMKitTests/Pods-OLMKitTests.debug.xcconfig"; sourceTree = "<group>"; };
D48E486DAE1F59F4F7EA8C25 /* Pods-OLMKitTests.release.xcconfig */ = {isa = PBXFileReference; includeInIndex = 1; lastKnownFileType = text.xcconfig; name = "Pods-OLMKitTests.release.xcconfig"; path = "Pods/Target Support Files/Pods-OLMKitTests/Pods-OLMKitTests.release.xcconfig"; sourceTree = "<group>"; };
......@@ -107,6 +109,7 @@
3274F6051D9A633A005282E4 /* OLMKitTests */ = {
isa = PBXGroup;
children = (
32F143AE2236B4100077CF37 /* OLMKitSASTests.m */,
3244277C2175EF700023EDF1 /* OLMKitPkTests.m */,
3274F6061D9A633A005282E4 /* OLMKitTests.m */,
32A151301DABDD4300400192 /* OLMKitGroupTests.m */,
......@@ -282,6 +285,7 @@
buildActionMask = 2147483647;
files = (
3274F6071D9A633A005282E4 /* OLMKitTests.m in Sources */,
32F143AF2236B4100077CF37 /* OLMKitSASTests.m in Sources */,
3244277D2175EF700023EDF1 /* OLMKitPkTests.m in Sources */,
32A151311DABDD4300400192 /* OLMKitGroupTests.m in Sources */,
);
......
......@@ -28,6 +28,7 @@
#import <OLMKit/OLMOutboundGroupSession.h>
#import <OLMKit/OLMPkEncryption.h>
#import <OLMKit/OLMPkDecryption.h>
#import <OLMKit/OLMSAS.h>
@interface OLMKit : NSObject
......
/*
Copyright 2019 New Vector Ltd
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
#import <Foundation/Foundation.h>
NS_ASSUME_NONNULL_BEGIN
/**
Short Authentication String verification utility class.
*/
@interface OLMSAS : NSObject
/**
Get the public key of the SAS object.
*/
- (NSString * _Nullable)publicKey;
/**
Set the public key of other user.
@param theirPublicKey the other user's public key.
@return error the error if any.
*/
- (NSError* _Nullable)setTheirPublicKey:(NSString*)theirPublicKey;
/**
Generate bytes to use for the short authentication string.
@param info extra information to mix in when generating the bytes, as per the Matrix spec.
@param length the size of the output buffer. For hex-based SAS as in the Matrix spec, this will be 5.
@return generated bytes
*/
- (NSData *)generateBytes:(NSString*)info length:(NSUInteger)length;
/**
Generate a message authentication code (MAC) based on the shared secret.
@param input the message to produce the authentication code for.
@param info extra information to mix in when generating the MAC, as per the Matrix spec.
@param error the error if any.
@return the MAC.
*/
- (NSString *)calculateMac:(NSString*)input info:(NSString*)info error:(NSError* _Nullable *)error; // TODO: NSError?
@end
NS_ASSUME_NONNULL_END
/*
Copyright 2018 New Vector Ltd
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
#import "OLMSAS.h"
#include "olm/olm.h"
#include "olm/sas.h"
#include "OLMUtility.h"
@interface OLMSAS () {
void *olmSASbuffer;
OlmSAS *olmSAS;
}
@end
@implementation OLMSAS
- (void)dealloc {
olm_clear_sas(olmSAS);
free(olmSASbuffer);
}
- (instancetype)init {
self = [super init];
if (self) {
olmSASbuffer = malloc(olm_sas_size());
olmSAS = olm_sas(olmSASbuffer);
size_t randomLength = olm_create_sas_random_length(olmSAS);
NSMutableData *random = [OLMUtility randomBytesOfLength:randomLength];
if (!random) {
return nil;
}
olm_create_sas(olmSAS, random.mutableBytes, randomLength);
[random resetBytesInRange:NSMakeRange(0, randomLength)];
}
return self;
}
- (NSString * _Nullable)publicKey {
size_t publicKeyLength = olm_sas_pubkey_length(olmSAS);
NSMutableData *publicKeyData = [NSMutableData dataWithLength:publicKeyLength];
if (!publicKeyData) {
return nil;
}
size_t result = olm_sas_get_pubkey(olmSAS, publicKeyData.mutableBytes, publicKeyLength);
if (result == olm_error()) {
const char *olm_error = olm_sas_last_error(olmSAS);
NSLog(@"[OLMSAS] publicKey: olm_sas_get_pubkey error: %s", olm_error);
return nil;
}
NSString *publicKey = [[NSString alloc] initWithData:publicKeyData encoding:NSUTF8StringEncoding];
return publicKey;
}
- (NSError * _Nullable)setTheirPublicKey:(NSString*)theirPublicKey {
NSMutableData *theirPublicKeyData = [theirPublicKey dataUsingEncoding:NSUTF8StringEncoding].mutableCopy;
size_t result = olm_sas_set_their_key(olmSAS, theirPublicKeyData.mutableBytes, theirPublicKeyData.length);
if (result == olm_error()) {
const char *olm_error = olm_sas_last_error(olmSAS);
NSLog(@"[OLMSAS] setTheirPublicKey: olm_sas_set_their_key error: %s", olm_error);
NSString *errorString = [NSString stringWithUTF8String:olm_error];
if (olm_error && errorString) {
return [NSError errorWithDomain:OLMErrorDomain
code:0
userInfo:@{
NSLocalizedDescriptionKey: errorString,
NSLocalizedFailureReasonErrorKey: [NSString stringWithFormat:@"olm_sas_set_their_key error: %@", errorString]
}];
}
}
return nil;
}
- (NSData *)generateBytes:(NSString *)info length:(NSUInteger)length {
NSData *infoData = [info dataUsingEncoding:NSUTF8StringEncoding];
NSMutableData *bytes = [NSMutableData dataWithLength:length];
if (!bytes) {
return nil;
}
olm_sas_generate_bytes(olmSAS, infoData.bytes, infoData.length, bytes.mutableBytes, length);
return bytes;
}
- (NSString *)calculateMac:(NSString *)input info:(NSString *)info error:(NSError *__autoreleasing _Nullable *)error {
NSMutableData *inputData = [input dataUsingEncoding:NSUTF8StringEncoding].mutableCopy;
NSData *infoData = [info dataUsingEncoding:NSUTF8StringEncoding];
size_t macLength = olm_sas_mac_length(olmSAS);
NSMutableData *macData = [NSMutableData dataWithLength:macLength];
if (!macData) {
return nil;
}
size_t result = olm_sas_calculate_mac(olmSAS,
inputData.mutableBytes, inputData.length,
infoData.bytes, infoData.length,
macData.mutableBytes, macLength);
if (result == olm_error()) {
const char *olm_error = olm_sas_last_error(olmSAS);
NSLog(@"[OLMSAS] calculateMac: olm_sas_calculate_mac error: %s", olm_error);
NSString *errorString = [NSString stringWithUTF8String:olm_error];
if (error && olm_error && errorString) {
*error = [NSError errorWithDomain:OLMErrorDomain
code:0
userInfo:@{
NSLocalizedDescriptionKey: errorString,
NSLocalizedFailureReasonErrorKey: [NSString stringWithFormat:@"olm_sas_calculate_mac error: %@", errorString]
}];
}
return nil;
}
NSString *mac = [[NSString alloc] initWithData:macData encoding:NSUTF8StringEncoding];
return mac;
}
@end
/*
Copyright 2019 New Vector Ltd
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
#import <XCTest/XCTest.h>
#import <OLMKit/OLMKit.h>
@interface OLMKitSASTests : XCTestCase {
OLMSAS *alice;
OLMSAS *bob;
}
@end
@implementation OLMKitSASTests
- (void)setUp {
alice = [OLMSAS new];
bob = [OLMSAS new];
}
- (void)tearDown {
alice = nil;
bob = nil;
}
- (void)testSASRandomness
{
XCTAssertNotEqualObjects(alice.publicKey, bob.publicKey);
}
- (void)testSASBytesMatch {
[alice setTheirPublicKey:bob.publicKey];
[bob setTheirPublicKey:alice.publicKey];
NSString *sas = @"SAS";
NSUInteger length = 5;
XCTAssertEqualObjects([alice generateBytes:sas length:length],
[bob generateBytes:sas length:length]);
}
- (void)testMACsMatch {
[alice setTheirPublicKey:bob.publicKey];
[bob setTheirPublicKey:alice.publicKey];
NSString *string = @"test";
NSString *info = @"MAC";
NSError *aliceError, *bobError;
XCTAssertEqualObjects([alice calculateMac:string info:info error:&aliceError],
[bob calculateMac:string info:info error:&bobError]);
XCTAssertNil(aliceError);
XCTAssertNil(bobError);
}
@end
PODS:
- OLMKit (2.3.0):
- OLMKit/olmc (= 2.3.0)
- OLMKit/olmcpp (= 2.3.0)
- OLMKit/olmc (2.3.0)
- OLMKit/olmcpp (2.3.0)
- OLMKit (3.0.0):
- OLMKit/olmc (= 3.0.0)
- OLMKit/olmcpp (= 3.0.0)
- OLMKit/olmc (3.0.0)
- OLMKit/olmcpp (3.0.0)
DEPENDENCIES:
- OLMKit (from `../OLMKit.podspec`)
......@@ -13,8 +13,8 @@ EXTERNAL SOURCES:
:path: "../OLMKit.podspec"
SPEC CHECKSUMS:
OLMKit: 6af55a19917c35f86df5198c213979ecdf8ba76e
OLMKit: 88eda69110489f817d59bcb4353b7c247570aa4f
PODFILE CHECKSUM: 4e261dae61d833ec5585ced2473023b98909fd35
COCOAPODS: 1.6.0.beta.2
COCOAPODS: 1.6.0
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment