aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authormanuroe <manu@matrix.org>2019-03-13 14:54:04 +0100
committermanuroe <manu@matrix.org>2019-04-10 23:26:02 +0200
commit5de295da3e5f9ae7e4de6cfe009e2d0ad4e6a08b (patch)
tree4fd40a644de10e680f1ac914f5db0f8ad8c99c84
parent3609227c6ee4214d561ac7affff9a7e99bc658de (diff)
OLMKit: add Short Authentication String verification
(cherry picked from commit 3e954ca2729d3333ea853c878602d1696f616573)
-rw-r--r--xcode/OLMKit.xcodeproj/project.pbxproj4
-rw-r--r--xcode/OLMKit/OLMKit.h1
-rw-r--r--xcode/OLMKit/OLMSAS.h59
-rw-r--r--xcode/OLMKit/OLMSAS.m140
-rw-r--r--xcode/OLMKitTests/OLMKitSASTests.m69
-rw-r--r--xcode/Podfile.lock14
6 files changed, 280 insertions, 7 deletions
diff --git a/xcode/OLMKit.xcodeproj/project.pbxproj b/xcode/OLMKit.xcodeproj/project.pbxproj
index 7ea3d5b..821a204 100644
--- a/xcode/OLMKit.xcodeproj/project.pbxproj
+++ b/xcode/OLMKit.xcodeproj/project.pbxproj
@@ -12,6 +12,7 @@
3274F6071D9A633A005282E4 /* OLMKitTests.m in Sources */ = {isa = PBXBuildFile; fileRef = 3274F6061D9A633A005282E4 /* OLMKitTests.m */; };
3274F6131D9A698E005282E4 /* OLMKit.h in Headers */ = {isa = PBXBuildFile; fileRef = 3274F6121D9A698E005282E4 /* OLMKit.h */; };
32A151311DABDD4300400192 /* OLMKitGroupTests.m in Sources */ = {isa = PBXBuildFile; fileRef = 32A151301DABDD4300400192 /* OLMKitGroupTests.m */; };
+ 32F143AF2236B4100077CF37 /* OLMKitSASTests.m in Sources */ = {isa = PBXBuildFile; fileRef = 32F143AE2236B4100077CF37 /* OLMKitSASTests.m */; };
7DBAD311AEA85CF6DB80DCFA /* libPods-OLMKitTests.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 7123FABE917D0FB140E036B7 /* libPods-OLMKitTests.a */; };
D667051A0BA47E17CCC4E5D7 /* libPods-OLMKit.a in Frameworks */ = {isa = PBXBuildFile; fileRef = F2F22FE8F173AF845B882805 /* libPods-OLMKit.a */; };
/* End PBXBuildFile section */
@@ -36,6 +37,7 @@
3274F6081D9A633A005282E4 /* Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = Info.plist; sourceTree = "<group>"; };
3274F6121D9A698E005282E4 /* OLMKit.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = OLMKit.h; sourceTree = "<group>"; };
32A151301DABDD4300400192 /* OLMKitGroupTests.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = OLMKitGroupTests.m; sourceTree = "<group>"; };
+ 32F143AE2236B4100077CF37 /* OLMKitSASTests.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = OLMKitSASTests.m; sourceTree = "<group>"; };
7123FABE917D0FB140E036B7 /* libPods-OLMKitTests.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = "libPods-OLMKitTests.a"; sourceTree = BUILT_PRODUCTS_DIR; };
875BA7A520258EA15A31DD82 /* Pods-OLMKitTests.debug.xcconfig */ = {isa = PBXFileReference; includeInIndex = 1; lastKnownFileType = text.xcconfig; name = "Pods-OLMKitTests.debug.xcconfig"; path = "Pods/Target Support Files/Pods-OLMKitTests/Pods-OLMKitTests.debug.xcconfig"; sourceTree = "<group>"; };
D48E486DAE1F59F4F7EA8C25 /* Pods-OLMKitTests.release.xcconfig */ = {isa = PBXFileReference; includeInIndex = 1; lastKnownFileType = text.xcconfig; name = "Pods-OLMKitTests.release.xcconfig"; path = "Pods/Target Support Files/Pods-OLMKitTests/Pods-OLMKitTests.release.xcconfig"; sourceTree = "<group>"; };
@@ -107,6 +109,7 @@
3274F6051D9A633A005282E4 /* OLMKitTests */ = {
isa = PBXGroup;
children = (
+ 32F143AE2236B4100077CF37 /* OLMKitSASTests.m */,
3244277C2175EF700023EDF1 /* OLMKitPkTests.m */,
3274F6061D9A633A005282E4 /* OLMKitTests.m */,
32A151301DABDD4300400192 /* OLMKitGroupTests.m */,
@@ -282,6 +285,7 @@
buildActionMask = 2147483647;
files = (
3274F6071D9A633A005282E4 /* OLMKitTests.m in Sources */,
+ 32F143AF2236B4100077CF37 /* OLMKitSASTests.m in Sources */,
3244277D2175EF700023EDF1 /* OLMKitPkTests.m in Sources */,
32A151311DABDD4300400192 /* OLMKitGroupTests.m in Sources */,
);
diff --git a/xcode/OLMKit/OLMKit.h b/xcode/OLMKit/OLMKit.h
index 6f79399..2ed6ebd 100644
--- a/xcode/OLMKit/OLMKit.h
+++ b/xcode/OLMKit/OLMKit.h
@@ -28,6 +28,7 @@
#import <OLMKit/OLMOutboundGroupSession.h>
#import <OLMKit/OLMPkEncryption.h>
#import <OLMKit/OLMPkDecryption.h>
+#import <OLMKit/OLMSAS.h>
@interface OLMKit : NSObject
diff --git a/xcode/OLMKit/OLMSAS.h b/xcode/OLMKit/OLMSAS.h
new file mode 100644
index 0000000..454c8e0
--- /dev/null
+++ b/xcode/OLMKit/OLMSAS.h
@@ -0,0 +1,59 @@
+/*
+ Copyright 2019 New Vector Ltd
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ */
+
+#import <Foundation/Foundation.h>
+
+NS_ASSUME_NONNULL_BEGIN
+
+/**
+ Short Authentication String verification utility class.
+ */
+@interface OLMSAS : NSObject
+
+/**
+ Get the public key of the SAS object.
+ */
+- (NSString * _Nullable)publicKey;
+
+/**
+ Set the public key of other user.
+
+ @param theirPublicKey the other user's public key.
+ @return error the error if any.
+ */
+- (NSError* _Nullable)setTheirPublicKey:(NSString*)theirPublicKey;
+
+/**
+ Generate bytes to use for the short authentication string.
+
+ @param info extra information to mix in when generating the bytes, as per the Matrix spec.
+ @param length the size of the output buffer. For hex-based SAS as in the Matrix spec, this will be 5.
+ @return generated bytes
+ */
+- (NSData *)generateBytes:(NSString*)info length:(NSUInteger)length;
+
+/**
+ Generate a message authentication code (MAC) based on the shared secret.
+
+ @param input the message to produce the authentication code for.
+ @param info extra information to mix in when generating the MAC, as per the Matrix spec.
+ @param error the error if any.
+ @return the MAC.
+ */
+- (NSString *)calculateMac:(NSString*)input info:(NSString*)info error:(NSError* _Nullable *)error; // TODO: NSError?
+
+@end
+
+NS_ASSUME_NONNULL_END
diff --git a/xcode/OLMKit/OLMSAS.m b/xcode/OLMKit/OLMSAS.m
new file mode 100644
index 0000000..d95f948
--- /dev/null
+++ b/xcode/OLMKit/OLMSAS.m
@@ -0,0 +1,140 @@
+/*
+ Copyright 2018 New Vector Ltd
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ */
+
+#import "OLMSAS.h"
+
+#include "olm/olm.h"
+#include "olm/sas.h"
+#include "OLMUtility.h"
+
+@interface OLMSAS () {
+ void *olmSASbuffer;
+ OlmSAS *olmSAS;
+}
+@end
+
+@implementation OLMSAS
+
+- (void)dealloc {
+ olm_clear_sas(olmSAS);
+ free(olmSASbuffer);
+}
+
+- (instancetype)init {
+ self = [super init];
+ if (self) {
+ olmSASbuffer = malloc(olm_sas_size());
+ olmSAS = olm_sas(olmSASbuffer);
+
+ size_t randomLength = olm_create_sas_random_length(olmSAS);
+ NSMutableData *random = [OLMUtility randomBytesOfLength:randomLength];
+ if (!random) {
+ return nil;
+ }
+
+ olm_create_sas(olmSAS, random.mutableBytes, randomLength);
+
+ [random resetBytesInRange:NSMakeRange(0, randomLength)];
+ }
+ return self;
+}
+
+- (NSString * _Nullable)publicKey {
+ size_t publicKeyLength = olm_sas_pubkey_length(olmSAS);
+ NSMutableData *publicKeyData = [NSMutableData dataWithLength:publicKeyLength];
+ if (!publicKeyData) {
+ return nil;
+ }
+
+ size_t result = olm_sas_get_pubkey(olmSAS, publicKeyData.mutableBytes, publicKeyLength);
+ if (result == olm_error()) {
+ const char *olm_error = olm_sas_last_error(olmSAS);
+ NSLog(@"[OLMSAS] publicKey: olm_sas_get_pubkey error: %s", olm_error);
+ return nil;
+ }
+
+ NSString *publicKey = [[NSString alloc] initWithData:publicKeyData encoding:NSUTF8StringEncoding];
+ return publicKey;
+}
+
+- (NSError * _Nullable)setTheirPublicKey:(NSString*)theirPublicKey {
+ NSMutableData *theirPublicKeyData = [theirPublicKey dataUsingEncoding:NSUTF8StringEncoding].mutableCopy;
+
+ size_t result = olm_sas_set_their_key(olmSAS, theirPublicKeyData.mutableBytes, theirPublicKeyData.length);
+ if (result == olm_error()) {
+ const char *olm_error = olm_sas_last_error(olmSAS);
+ NSLog(@"[OLMSAS] setTheirPublicKey: olm_sas_set_their_key error: %s", olm_error);
+
+ NSString *errorString = [NSString stringWithUTF8String:olm_error];
+ if (olm_error && errorString) {
+ return [NSError errorWithDomain:OLMErrorDomain
+ code:0
+ userInfo:@{
+ NSLocalizedDescriptionKey: errorString,
+ NSLocalizedFailureReasonErrorKey: [NSString stringWithFormat:@"olm_sas_set_their_key error: %@", errorString]
+ }];
+ }
+ }
+
+ return nil;
+}
+
+- (NSData *)generateBytes:(NSString *)info length:(NSUInteger)length {
+ NSData *infoData = [info dataUsingEncoding:NSUTF8StringEncoding];
+
+ NSMutableData *bytes = [NSMutableData dataWithLength:length];
+ if (!bytes) {
+ return nil;
+ }
+
+ olm_sas_generate_bytes(olmSAS, infoData.bytes, infoData.length, bytes.mutableBytes, length);
+ return bytes;
+}
+
+- (NSString *)calculateMac:(NSString *)input info:(NSString *)info error:(NSError *__autoreleasing _Nullable *)error {
+ NSMutableData *inputData = [input dataUsingEncoding:NSUTF8StringEncoding].mutableCopy;
+ NSData *infoData = [info dataUsingEncoding:NSUTF8StringEncoding];
+
+ size_t macLength = olm_sas_mac_length(olmSAS);
+ NSMutableData *macData = [NSMutableData dataWithLength:macLength];
+ if (!macData) {
+ return nil;
+ }
+
+ size_t result = olm_sas_calculate_mac(olmSAS,
+ inputData.mutableBytes, inputData.length,
+ infoData.bytes, infoData.length,
+ macData.mutableBytes, macLength);
+ if (result == olm_error()) {
+ const char *olm_error = olm_sas_last_error(olmSAS);
+ NSLog(@"[OLMSAS] calculateMac: olm_sas_calculate_mac error: %s", olm_error);
+
+ NSString *errorString = [NSString stringWithUTF8String:olm_error];
+ if (error && olm_error && errorString) {
+ *error = [NSError errorWithDomain:OLMErrorDomain
+ code:0
+ userInfo:@{
+ NSLocalizedDescriptionKey: errorString,
+ NSLocalizedFailureReasonErrorKey: [NSString stringWithFormat:@"olm_sas_calculate_mac error: %@", errorString]
+ }];
+ }
+ return nil;
+ }
+
+ NSString *mac = [[NSString alloc] initWithData:macData encoding:NSUTF8StringEncoding];
+ return mac;
+}
+
+@end
diff --git a/xcode/OLMKitTests/OLMKitSASTests.m b/xcode/OLMKitTests/OLMKitSASTests.m
new file mode 100644
index 0000000..08a2490
--- /dev/null
+++ b/xcode/OLMKitTests/OLMKitSASTests.m
@@ -0,0 +1,69 @@
+/*
+ Copyright 2019 New Vector Ltd
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ */
+
+#import <XCTest/XCTest.h>
+#import <OLMKit/OLMKit.h>
+
+@interface OLMKitSASTests : XCTestCase {
+ OLMSAS *alice;
+ OLMSAS *bob;
+}
+
+@end
+
+@implementation OLMKitSASTests
+
+- (void)setUp {
+ alice = [OLMSAS new];
+ bob = [OLMSAS new];
+}
+
+- (void)tearDown {
+ alice = nil;
+ bob = nil;
+}
+
+- (void)testSASRandomness
+{
+ XCTAssertNotEqualObjects(alice.publicKey, bob.publicKey);
+}
+
+- (void)testSASBytesMatch {
+ [alice setTheirPublicKey:bob.publicKey];
+ [bob setTheirPublicKey:alice.publicKey];
+
+ NSString *sas = @"SAS";
+ NSUInteger length = 5;
+
+ XCTAssertEqualObjects([alice generateBytes:sas length:length],
+ [bob generateBytes:sas length:length]);
+}
+
+- (void)testMACsMatch {
+ [alice setTheirPublicKey:bob.publicKey];
+ [bob setTheirPublicKey:alice.publicKey];
+
+ NSString *string = @"test";
+ NSString *info = @"MAC";
+
+ NSError *aliceError, *bobError;
+ XCTAssertEqualObjects([alice calculateMac:string info:info error:&aliceError],
+ [bob calculateMac:string info:info error:&bobError]);
+ XCTAssertNil(aliceError);
+ XCTAssertNil(bobError);
+}
+
+@end
diff --git a/xcode/Podfile.lock b/xcode/Podfile.lock
index e9099c4..678923e 100644
--- a/xcode/Podfile.lock
+++ b/xcode/Podfile.lock
@@ -1,9 +1,9 @@
PODS:
- - OLMKit (2.3.0):
- - OLMKit/olmc (= 2.3.0)
- - OLMKit/olmcpp (= 2.3.0)
- - OLMKit/olmc (2.3.0)
- - OLMKit/olmcpp (2.3.0)
+ - OLMKit (3.0.0):
+ - OLMKit/olmc (= 3.0.0)
+ - OLMKit/olmcpp (= 3.0.0)
+ - OLMKit/olmc (3.0.0)
+ - OLMKit/olmcpp (3.0.0)
DEPENDENCIES:
- OLMKit (from `../OLMKit.podspec`)
@@ -13,8 +13,8 @@ EXTERNAL SOURCES:
:path: "../OLMKit.podspec"
SPEC CHECKSUMS:
- OLMKit: 6af55a19917c35f86df5198c213979ecdf8ba76e
+ OLMKit: 88eda69110489f817d59bcb4353b7c247570aa4f
PODFILE CHECKSUM: 4e261dae61d833ec5585ced2473023b98909fd35
-COCOAPODS: 1.6.0.beta.2
+COCOAPODS: 1.6.0