From b57fdaddbaad0a3400e013a331eabe347acde320 Mon Sep 17 00:00:00 2001 From: Matthew Chen Date: Tue, 23 Apr 2019 14:20:47 -0400 Subject: [PATCH] Sketch out sticker management views. --- .../Messages/Stickers/StickerManager.swift | 24 +------ .../src/Messages/Stickers/StickerUtils.h | 6 +- .../src/Messages/Stickers/StickerUtils.m | 62 +++---------------- 3 files changed, 11 insertions(+), 81 deletions(-) diff --git a/SignalServiceKit/src/Messages/Stickers/StickerManager.swift b/SignalServiceKit/src/Messages/Stickers/StickerManager.swift index a5b059dee7..111ac0b2cb 100644 --- a/SignalServiceKit/src/Messages/Stickers/StickerManager.swift +++ b/SignalServiceKit/src/Messages/Stickers/StickerManager.swift @@ -439,29 +439,7 @@ public class StickerManager: NSObject { owsFailDebug("Could not derive sticker key.") throw StickerError.invalidInput } - guard let key = OWSAES256Key(data: packKey) else { - owsFailDebug("Invalid pack key.") - throw StickerError.invalidInput - } - - // TODO: We might want to rename this method if we end up using it for more than - // profile data. - Logger.verbose("key: \(packKey.count), \(packKey.hexadecimalString)") - Logger.verbose("key: \(stickerKey.count), \(stickerKey.hexadecimalString)") -// + (nullable NSData *)decryptAttachment:(NSData *)dataToDecrypt -// withKey:(NSData *)key -// digest:(nullable NSData *)digest -// unpaddedSize:(UInt32)unpaddedSize -// error:(NSError **)error - - let plaintext = try StickerUtils.decryptAttachment(ciphertext, withKey: stickerKey) -// let plaintext = try Cryptography.decryptAttachment(ciphertext, withKey: stickerKey, digest: nil, unpaddedSize: 0) -// guard let plaintext = Cryptography.decryptAESGCMProfileData(encryptedData: ciphertext, key: key) else { -// owsFailDebug("Decryption failed.") -// throw StickerError.invalidInput -// } - - return plaintext + return try StickerUtils.decryptStickerData(ciphertext, withKey: stickerKey) } private class func enqueueAllStickerDownloads() { diff --git a/SignalServiceKit/src/Messages/Stickers/StickerUtils.h b/SignalServiceKit/src/Messages/Stickers/StickerUtils.h index 76359c82b3..af53b1f227 100644 --- a/SignalServiceKit/src/Messages/Stickers/StickerUtils.h +++ b/SignalServiceKit/src/Messages/Stickers/StickerUtils.h @@ -10,9 +10,9 @@ NS_ASSUME_NONNULL_BEGIN + (nullable NSData *)stickerKeyForPackKey:(NSData *)packKey; -+ (nullable NSData *)decryptAttachment:(NSData *)dataToDecrypt - withKey:(NSData *)key - error:(NSError **)error; ++ (nullable NSData *)decryptStickerData:(NSData *)dataToDecrypt + withKey:(NSData *)key + error:(NSError **)error; @end diff --git a/SignalServiceKit/src/Messages/Stickers/StickerUtils.m b/SignalServiceKit/src/Messages/Stickers/StickerUtils.m index 22c029d382..fe4dc885d6 100644 --- a/SignalServiceKit/src/Messages/Stickers/StickerUtils.m +++ b/SignalServiceKit/src/Messages/Stickers/StickerUtils.m @@ -39,62 +39,14 @@ NS_ASSUME_NONNULL_BEGIN return stickerKey; } -#define HMAC256_KEY_LENGTH 32 -#define HMAC256_OUTPUT_LENGTH 32 -#define AES_CBC_IV_LENGTH 16 -#define AES_KEY_SIZE 32 - -+ (nullable NSData *)decryptAttachment:(NSData *)dataToDecrypt - withKey:(NSData *)key - error:(NSError **)error ++ (nullable NSData *)decryptStickerData:(NSData *)dataToDecrypt + withKey:(NSData *)key + error:(NSError **)error { - NSData *_Nullable digest = nil; -// if (digest.length <= 0) { -// // This *could* happen with sufficiently outdated clients. -// OWSLogError(@"Refusing to decrypt attachment without a digest."); -// *error = OWSErrorWithCodeDescription(OWSErrorCodeInvalidStickerData, -// NSLocalizedString(@"ERROR_MESSAGE_INVALID_MESSAGE", @"")); -// return nil; -// } - - if (([dataToDecrypt length] < AES_CBC_IV_LENGTH + HMAC256_OUTPUT_LENGTH) || - ([key length] < AES_KEY_SIZE + HMAC256_KEY_LENGTH)) { - OWSLogError(@"Message shorter than crypto overhead!"); - *error = OWSErrorWithCodeDescription(OWSErrorCodeInvalidStickerData, - NSLocalizedString(@"ERROR_MESSAGE_INVALID_MESSAGE", @"")); - return nil; - } - - // key: 32 byte AES key || 32 byte Hmac-SHA256 key. - NSData *encryptionKey = [key subdataWithRange:NSMakeRange(0, AES_KEY_SIZE)]; - NSData *hmacKey = [key subdataWithRange:NSMakeRange(AES_KEY_SIZE, HMAC256_KEY_LENGTH)]; - - // dataToDecrypt: IV || Ciphertext || truncated MAC(IV||Ciphertext) - NSData *iv = [dataToDecrypt subdataWithRange:NSMakeRange(0, AES_CBC_IV_LENGTH)]; - - NSUInteger cipherTextLength; - ows_sub_overflow(dataToDecrypt.length, (AES_CBC_IV_LENGTH + HMAC256_OUTPUT_LENGTH), &cipherTextLength); - NSData *encryptedAttachment = [dataToDecrypt subdataWithRange:NSMakeRange(AES_CBC_IV_LENGTH, cipherTextLength)]; - - NSUInteger hmacOffset; - ows_sub_overflow(dataToDecrypt.length, HMAC256_OUTPUT_LENGTH, &hmacOffset); - NSData *hmac = [dataToDecrypt subdataWithRange:NSMakeRange(hmacOffset, HMAC256_OUTPUT_LENGTH)]; - - NSData *_Nullable paddedPlainText = [Cryptography decryptCBCMode:encryptedAttachment - key:encryptionKey - IV:iv - version:nil - HMACKey:hmacKey - HMACType:TSHMACSHA256AttachementType - matchingHMAC:hmac - digest:digest]; - if (!paddedPlainText) { - OWSFailDebug(@"couldn't decrypt attachment."); - *error = OWSErrorWithCodeDescription(OWSErrorCodeInvalidStickerData, NSLocalizedString(@"ERROR_MESSAGE_INVALID_MESSAGE", @"")); - return nil; - } else { - return paddedPlainText; - } + // TODO: + *error = OWSErrorWithCodeDescription(OWSErrorCodeInvalidStickerData, + NSLocalizedString(@"ERROR_MESSAGE_INVALID_MESSAGE", @"")); + return nil; } @end