Allow encrypting a file without custom padding used for bucketing

2024-06-03 12:55:20 -07:00 · 2024-06-03 12:55:20 -07:00 · 52afaa82ef
commit 52afaa82ef
parent 0e1ee42f41
1 changed files with 47 additions and 1 deletions
--- a/SignalCoreKit/src/Cryptography.swift
+++ b/SignalCoreKit/src/Cryptography.swift
@ -197,10 +197,45 @@ public extension Cryptography {
    /// - parameter encryptedUrl: Where to write the encrypted output file.
    /// - parameter encryptionKey: The key to encrypt with; the AES key and the hmac key concatenated together.
    ///     (The same format as ``EncryptionMetadata/key``). A random key will be generated if none is provided.
+    static func encryptFile(
+        at unencryptedUrl: URL,
+        output encryptedUrl: URL,
+        encryptionKey inputKey: Data? = nil
+    ) throws -> EncryptionMetadata {
+        return try _encryptFile(
+            at: unencryptedUrl,
+            output: encryptedUrl,
+            encryptionKey: inputKey,
+            applyExtraPadding: false
+        )
+    }
+
+    /// Encrypt an input file to a provided output file location.
+    /// The encrypted output is prefixed with the random iv and postfixed with the hmac. The ciphertext is padded
+    /// using standard pkcs7 padding AND with custom bucketing padding applied to the plaintext prior to encryption.
+    ///
+    /// - parameter unencryptedUrl: The file to encrypt.
+    /// - parameter encryptedUrl: Where to write the encrypted output file.
+    /// - parameter encryptionKey: The key to encrypt with; the AES key and the hmac key concatenated together.
+    ///     (The same format as ``EncryptionMetadata/key``). A random key will be generated if none is provided.
    static func encryptAttachment(
        at unencryptedUrl: URL,
        output encryptedUrl: URL,
        encryptionKey inputKey: Data? = nil
+    ) throws -> EncryptionMetadata {
+        return try _encryptFile(
+            at: unencryptedUrl,
+            output: encryptedUrl,
+            encryptionKey: inputKey,
+            applyExtraPadding: true
+        )
+    }
+
+    static func _encryptFile(
+        at unencryptedUrl: URL,
+        output encryptedUrl: URL,
+        encryptionKey inputKey: Data?,
+        applyExtraPadding: Bool
    ) throws -> EncryptionMetadata {
        if let inputKey, inputKey.count != concatenatedEncryptionKeyLength {
            throw OWSAssertionError("Invalid encryption key length")
@ -235,7 +270,7 @@ public extension Cryptography {
            },
            encryptionKey: encryptionKey,
            hmacKey: hmacKey,
-            applyExtraPadding: true
+            applyExtraPadding: applyExtraPadding
        )
    }

@ -426,6 +461,17 @@ public extension Cryptography {
        )
    }

+    static func encryptedFileHandle(
+        at encryptedUrl: URL,
+        encryptionKey: Data
+    ) throws -> EncryptedFileHandle {
+        return try EncryptedFileHandleImpl(
+            encryptedUrl: encryptedUrl,
+            paddingDecryptionStrategy: .pkcs7Only,
+            encryptionKey: encryptionKey
+        )
+    }
+
    static func decryptFile(
        at encryptedUrl: URL,
        metadata: EncryptionMetadata,