OLMKit: add Short Authentication String verification

(cherry picked from commit 3e954ca2729d3333ea853c878602d1696f616573)

OLMKit: add Short Authentication String verification
(cherry picked from commit 3e954ca2729d3333ea853c878602d1696f616573)
5de295da · manuroe · 3609227c · 5de295da · 5de295da · 5de295da
Commit 5de295da authored Mar 13, 2019 by manuroe
6 changed files
--- a/xcode/OLMKit.xcodeproj/project.pbxproj
+++ b/xcode/OLMKit.xcodeproj/project.pbxproj
@@ -12,6 +12,7 @@
 		3274F6071D9A633A005282E4 /* OLMKitTests.m in Sources */ = {isa = PBXBuildFile; fileRef = 3274F6061D9A633A005282E4 /* OLMKitTests.m */; };
 		3274F6131D9A698E005282E4 /* OLMKit.h in Headers */ = {isa = PBXBuildFile; fileRef = 3274F6121D9A698E005282E4 /* OLMKit.h */; };
 		32A151311DABDD4300400192 /* OLMKitGroupTests.m in Sources */ = {isa = PBXBuildFile; fileRef = 32A151301DABDD4300400192 /* OLMKitGroupTests.m */; };
+		32F143AF2236B4100077CF37 /* OLMKitSASTests.m in Sources */ = {isa = PBXBuildFile; fileRef = 32F143AE2236B4100077CF37 /* OLMKitSASTests.m */; };
 		7DBAD311AEA85CF6DB80DCFA /* libPods-OLMKitTests.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 7123FABE917D0FB140E036B7 /* libPods-OLMKitTests.a */; };
 		D667051A0BA47E17CCC4E5D7 /* libPods-OLMKit.a in Frameworks */ = {isa = PBXBuildFile; fileRef = F2F22FE8F173AF845B882805 /* libPods-OLMKit.a */; };
 /* End PBXBuildFile section */
@@ -36,6 +37,7 @@
 		3274F6081D9A633A005282E4 /* Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = Info.plist; sourceTree = "<group>"; };
 		3274F6121D9A698E005282E4 /* OLMKit.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = OLMKit.h; sourceTree = "<group>"; };
 		32A151301DABDD4300400192 /* OLMKitGroupTests.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = OLMKitGroupTests.m; sourceTree = "<group>"; };
+		32F143AE2236B4100077CF37 /* OLMKitSASTests.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = OLMKitSASTests.m; sourceTree = "<group>"; };
 		7123FABE917D0FB140E036B7 /* libPods-OLMKitTests.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = "libPods-OLMKitTests.a"; sourceTree = BUILT_PRODUCTS_DIR; };
 		875BA7A520258EA15A31DD82 /* Pods-OLMKitTests.debug.xcconfig */ = {isa = PBXFileReference; includeInIndex = 1; lastKnownFileType = text.xcconfig; name = "Pods-OLMKitTests.debug.xcconfig"; path = "Pods/Target Support Files/Pods-OLMKitTests/Pods-OLMKitTests.debug.xcconfig"; sourceTree = "<group>"; };
 		D48E486DAE1F59F4F7EA8C25 /* Pods-OLMKitTests.release.xcconfig */ = {isa = PBXFileReference; includeInIndex = 1; lastKnownFileType = text.xcconfig; name = "Pods-OLMKitTests.release.xcconfig"; path = "Pods/Target Support Files/Pods-OLMKitTests/Pods-OLMKitTests.release.xcconfig"; sourceTree = "<group>"; };
@@ -107,6 +109,7 @@
 		3274F6051D9A633A005282E4 /* OLMKitTests */ = {
 			isa = PBXGroup;
 			children = (
+				32F143AE2236B4100077CF37 /* OLMKitSASTests.m */,
 				3244277C2175EF700023EDF1 /* OLMKitPkTests.m */,
 				3274F6061D9A633A005282E4 /* OLMKitTests.m */,
 				32A151301DABDD4300400192 /* OLMKitGroupTests.m */,
@@ -282,6 +285,7 @@
 			buildActionMask = 2147483647;
 			files = (
 				3274F6071D9A633A005282E4 /* OLMKitTests.m in Sources */,
+				32F143AF2236B4100077CF37 /* OLMKitSASTests.m in Sources */,
 				3244277D2175EF700023EDF1 /* OLMKitPkTests.m in Sources */,
 				32A151311DABDD4300400192 /* OLMKitGroupTests.m in Sources */,
 			);

--- a/xcode/OLMKit/OLMKit.h
+++ b/xcode/OLMKit/OLMKit.h
@@ -28,6 +28,7 @@
 #import <OLMKit/OLMOutboundGroupSession.h>
 #import <OLMKit/OLMPkEncryption.h>
 #import <OLMKit/OLMPkDecryption.h>
+#import <OLMKit/OLMSAS.h>

 @interface OLMKit : NSObject


--- a/xcode/OLMKit/OLMSAS.h
+++ b/xcode/OLMKit/OLMSAS.h
+/*
+ Copyright 2019 New Vector Ltd
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ */
+
+#import <Foundation/Foundation.h>
+
+NS_ASSUME_NONNULL_BEGIN
+
+/**
+ Short Authentication String verification utility class.
+ */
+@interface OLMSAS : NSObject
+
+/**
+ Get the public key of the SAS object.
+ */
+- (NSString * _Nullable)publicKey;
+
+/**
+ Set the public key of other user.
+
+ @param theirPublicKey the other user's public key.
+ @return error the error if any.
+ */
+- (NSError* _Nullable)setTheirPublicKey:(NSString*)theirPublicKey;
+
+/**
+ Generate bytes to use for the short authentication string.
+
+ @param info extra information to mix in when generating the bytes, as per the Matrix spec.
+ @param length the size of the output buffer. For hex-based SAS as in the Matrix spec, this will be 5.
+ @return generated bytes
+ */
+- (NSData *)generateBytes:(NSString*)info length:(NSUInteger)length;
+
+/**
+ Generate a message authentication code (MAC) based on the shared secret.
+
+ @param input the message to produce the authentication code for.
+ @param info extra information to mix in when generating the MAC, as per the Matrix spec.
+ @param error the error if any.
+ @return the MAC.
+ */
+- (NSString *)calculateMac:(NSString*)input info:(NSString*)info error:(NSError* _Nullable *)error; // TODO: NSError?
+
+@end
+
+NS_ASSUME_NONNULL_END
--- a/xcode/OLMKit/OLMSAS.m
+++ b/xcode/OLMKit/OLMSAS.m
+/*
+ Copyright 2018 New Vector Ltd
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ */
+
+#import "OLMSAS.h"
+
+#include "olm/olm.h"
+#include "olm/sas.h"
+#include "OLMUtility.h"
+
+@interface OLMSAS () {
+    void *olmSASbuffer;
+    OlmSAS *olmSAS;
+}
+@end
+
+@implementation OLMSAS
+
+- (void)dealloc {
+    olm_clear_sas(olmSAS);
+    free(olmSASbuffer);
+}
+
+- (instancetype)init {
+    self = [super init];
+    if (self) {
+        olmSASbuffer = malloc(olm_sas_size());
+        olmSAS = olm_sas(olmSASbuffer);
+
+        size_t randomLength = olm_create_sas_random_length(olmSAS);
+        NSMutableData *random = [OLMUtility randomBytesOfLength:randomLength];
+        if (!random) {
+            return nil;
+        }
+
+        olm_create_sas(olmSAS, random.mutableBytes, randomLength);
+
+        [random resetBytesInRange:NSMakeRange(0, randomLength)];
+    }
+    return self;
+}
+
+- (NSString * _Nullable)publicKey {
+    size_t publicKeyLength = olm_sas_pubkey_length(olmSAS);
+    NSMutableData *publicKeyData = [NSMutableData dataWithLength:publicKeyLength];
+    if (!publicKeyData) {
+        return nil;
+    }
+
+    size_t result = olm_sas_get_pubkey(olmSAS, publicKeyData.mutableBytes, publicKeyLength);
+    if (result == olm_error()) {
+        const char *olm_error = olm_sas_last_error(olmSAS);
+        NSLog(@"[OLMSAS] publicKey: olm_sas_get_pubkey error: %s", olm_error);
+        return nil;
+    }
+
+    NSString *publicKey = [[NSString alloc] initWithData:publicKeyData encoding:NSUTF8StringEncoding];
+    return publicKey;
+}
+
+- (NSError * _Nullable)setTheirPublicKey:(NSString*)theirPublicKey {
+    NSMutableData *theirPublicKeyData = [theirPublicKey dataUsingEncoding:NSUTF8StringEncoding].mutableCopy;
+
+    size_t result = olm_sas_set_their_key(olmSAS, theirPublicKeyData.mutableBytes, theirPublicKeyData.length);
+    if (result == olm_error()) {
+        const char *olm_error = olm_sas_last_error(olmSAS);
+        NSLog(@"[OLMSAS] setTheirPublicKey: olm_sas_set_their_key error: %s", olm_error);
+
+        NSString *errorString = [NSString stringWithUTF8String:olm_error];
+        if (olm_error && errorString) {
+            return [NSError errorWithDomain:OLMErrorDomain
+                                       code:0
+                                   userInfo:@{
+                                              NSLocalizedDescriptionKey: errorString,
+                                              NSLocalizedFailureReasonErrorKey: [NSString stringWithFormat:@"olm_sas_set_their_key error: %@", errorString]
+                                              }];
+        }
+    }
+
+    return nil;
+}
+
+- (NSData *)generateBytes:(NSString *)info length:(NSUInteger)length {
+    NSData *infoData = [info dataUsingEncoding:NSUTF8StringEncoding];
+
+    NSMutableData *bytes = [NSMutableData dataWithLength:length];
+    if (!bytes) {
+        return nil;
+    }
+
+    olm_sas_generate_bytes(olmSAS, infoData.bytes, infoData.length, bytes.mutableBytes, length);
+    return bytes;
+}
+
+- (NSString *)calculateMac:(NSString *)input info:(NSString *)info error:(NSError *__autoreleasing  _Nullable *)error {
+    NSMutableData *inputData = [input dataUsingEncoding:NSUTF8StringEncoding].mutableCopy;
+    NSData *infoData = [info dataUsingEncoding:NSUTF8StringEncoding];
+
+    size_t macLength = olm_sas_mac_length(olmSAS);
+    NSMutableData *macData = [NSMutableData dataWithLength:macLength];
+    if (!macData) {
+        return nil;
+    }
+
+    size_t result = olm_sas_calculate_mac(olmSAS,
+                                          inputData.mutableBytes, inputData.length,
+                                          infoData.bytes, infoData.length,
+                                          macData.mutableBytes, macLength);
+    if (result == olm_error()) {
+        const char *olm_error = olm_sas_last_error(olmSAS);
+        NSLog(@"[OLMSAS] calculateMac: olm_sas_calculate_mac error: %s", olm_error);
+
+        NSString *errorString = [NSString stringWithUTF8String:olm_error];
+        if (error && olm_error && errorString) {
+            *error = [NSError errorWithDomain:OLMErrorDomain
+                                         code:0
+                                     userInfo:@{
+                                                NSLocalizedDescriptionKey: errorString,
+                                                NSLocalizedFailureReasonErrorKey: [NSString stringWithFormat:@"olm_sas_calculate_mac error: %@", errorString]
+                                                }];
+        }
+        return nil;
+    }
+
+    NSString *mac = [[NSString alloc] initWithData:macData encoding:NSUTF8StringEncoding];
+    return mac;
+}
+
+@end
--- a/xcode/OLMKitTests/OLMKitSASTests.m
+++ b/xcode/OLMKitTests/OLMKitSASTests.m
+/*
+ Copyright 2019 New Vector Ltd
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ */
+
+#import <XCTest/XCTest.h>
+#import <OLMKit/OLMKit.h>
+
+@interface OLMKitSASTests : XCTestCase {
+    OLMSAS *alice;
+    OLMSAS *bob;
+}
+
+@end
+
+@implementation OLMKitSASTests
+
+- (void)setUp {
+    alice = [OLMSAS new];
+    bob = [OLMSAS new];
+}
+
+- (void)tearDown {
+    alice = nil;
+    bob = nil;
+}
+
+- (void)testSASRandomness
+{
+    XCTAssertNotEqualObjects(alice.publicKey, bob.publicKey);
+}
+
+- (void)testSASBytesMatch {
+    [alice setTheirPublicKey:bob.publicKey];
+    [bob setTheirPublicKey:alice.publicKey];
+
+    NSString *sas = @"SAS";
+    NSUInteger length = 5;
+
+    XCTAssertEqualObjects([alice generateBytes:sas length:length],
+                          [bob generateBytes:sas length:length]);
+}
+
+- (void)testMACsMatch {
+    [alice setTheirPublicKey:bob.publicKey];
+    [bob setTheirPublicKey:alice.publicKey];
+
+    NSString *string = @"test";
+    NSString *info = @"MAC";
+
+    NSError *aliceError, *bobError;
+    XCTAssertEqualObjects([alice calculateMac:string info:info error:&aliceError],
+                          [bob calculateMac:string info:info error:&bobError]);
+    XCTAssertNil(aliceError);
+    XCTAssertNil(bobError);
+}
+
+@end
--- a/xcode/Podfile.lock
+++ b/xcode/Podfile.lock
 PODS:
-  - OLMKit (2.3.0):
-    - OLMKit/olmc (= 2.3.0)
-    - OLMKit/olmcpp (= 2.3.0)
-  - OLMKit/olmc (2.3.0)
-  - OLMKit/olmcpp (2.3.0)
+  - OLMKit (3.0.0):
+    - OLMKit/olmc (= 3.0.0)
+    - OLMKit/olmcpp (= 3.0.0)
+  - OLMKit/olmc (3.0.0)
+  - OLMKit/olmcpp (3.0.0)

 DEPENDENCIES:
  - OLMKit (from `../OLMKit.podspec`)
@@ -13,8 +13,8 @@ EXTERNAL SOURCES:
    :path: "../OLMKit.podspec"

 SPEC CHECKSUMS:
-  OLMKit: 6af55a19917c35f86df5198c213979ecdf8ba76e
+  OLMKit: 88eda69110489f817d59bcb4353b7c247570aa4f

 PODFILE CHECKSUM: 4e261dae61d833ec5585ced2473023b98909fd35

-COCOAPODS: 1.6.0.beta.2
+COCOAPODS: 1.6.0