| | 1 | /* |
| | 2 | * Copyright (c) 2019 Apple Inc. All Rights Reserved. |
| | 3 | * |
| | 4 | * @APPLE_LICENSE_HEADER_START@ |
| | 5 | * |
| | 6 | * This file contains Original Code and/or Modifications of Original Code |
| | 7 | * as defined in and that are subject to the Apple Public Source License |
| | 8 | * Version 2.0 (the 'License'). You may not use this file except in |
| | 9 | * compliance with the License. Please obtain a copy of the License at |
| | 10 | * http://www.opensource.apple.com/apsl/ and read it before using this |
| | 11 | * file. |
| | 12 | * |
| | 13 | * The Original Code and all software distributed under the License are |
| | 14 | * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER |
| | 15 | * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, |
| | 16 | * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, |
| | 17 | * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. |
| | 18 | * Please see the License for the specific language governing rights and |
| | 19 | * limitations under the License. |
| | 20 | * |
| | 21 | * @APPLE_LICENSE_HEADER_END@ |
| | 22 | */ |
| | 23 | |
| | 24 | import Foundation |
| | 25 | import SecurityFoundation |
| | 26 | |
| | 27 | class RecoveryKey: NSObject { |
| | 28 | internal var recoveryKeys: RecoveryKeySet |
| | 29 | internal var secret: Data |
| | 30 | |
| | 31 | internal var peerKeys: OctagonSelfPeerKeys |
| | 32 | |
| | 33 | internal init(recoveryKeyString: String, recoverySalt: String) throws { |
| | 34 | self.secret = Data(bytes: Array(recoveryKeyString.utf8), count: recoveryKeyString.utf8.count) |
| | 35 | self.recoveryKeys = try RecoveryKeySet(secret: self.secret, recoverySalt: recoverySalt) |
| | 36 | |
| | 37 | let peerID = RecoveryKey.PeerID(signingPublicKeyData: self.recoveryKeys.signingKey.publicKey.keyData) |
| | 38 | |
| | 39 | try self.peerKeys = OctagonSelfPeerKeys(peerID: peerID, signingKey: self.recoveryKeys.signingKey, encryptionKey: self.recoveryKeys.encryptionKey) |
| | 40 | } |
| | 41 | |
| | 42 | static func PeerID(signingPublicKeyData: Data) -> String { |
| | 43 | let hash = RecoveryKeySet.hashRecoveryedSigningPublicKey(keyData: signingPublicKeyData) |
| | 44 | let peerID = "RK-" + hash |
| | 45 | |
| | 46 | return peerID |
| | 47 | } |
| | 48 | |
| | 49 | static func spki(publicKeyData: Data) throws -> Data { |
| | 50 | let key = try _SFECPublicKey(data: publicKeyData, specifier: _SFECKeySpecifier(curve: SFEllipticCurve.nistp384)) |
| | 51 | return key.encodeSubjectPublicKeyInfo() |
| | 52 | } |
| | 53 | |
| | 54 | public static func asPeer(recoveryKeys: TPRecoveryKeyPair, viewList: Set<String>) throws -> TrustedPeersHelperPeer { |
| | 55 | return TrustedPeersHelperPeer(peerID: self.PeerID(signingPublicKeyData: recoveryKeys.signingKeyData), |
| | 56 | signingSPKI: try self.spki(publicKeyData: recoveryKeys.signingKeyData), |
| | 57 | encryptionSPKI: try self.spki(publicKeyData: recoveryKeys.encryptionKeyData), |
| | 58 | viewList: viewList) |
| | 59 | } |
| | 60 | } |
| | 61 | |
| | 62 | extension RecoveryKey { |
| | 63 | enum Error: Swift.Error { |
| | 64 | case OTErrorDeserializationFailure |
| | 65 | case OTErrorDecryptionFailure |
| | 66 | case OTErrorKeyInstantiation |
| | 67 | case OTErrorKeyMismatch |
| | 68 | case OTErrorRecoveryCreation |
| | 69 | case OTErrorAuthCipherTextCreation |
| | 70 | case OTErrorPrivateKeyCreation |
| | 71 | case OTErrorRecoveryKeyCreation |
| | 72 | case OTErrorEntropyCreation |
| | 73 | case OTErrorEntropyKeyMismatch |
| | 74 | } |
| | 75 | } |
| | 76 | |
| | 77 | extension RecoveryKey.Error: LocalizedError { |
| | 78 | public var errorDescription: String? { |
| | 79 | switch self { |
| | 80 | case .OTErrorDeserializationFailure: |
| | 81 | return "Failed to deserialize Recovery peer" |
| | 82 | case .OTErrorDecryptionFailure: |
| | 83 | return "could not decrypt Recovery contents" |
| | 84 | case .OTErrorKeyInstantiation: |
| | 85 | return "Failed to instantiate octagon peer keys" |
| | 86 | case .OTErrorKeyMismatch: |
| | 87 | return "public and private peer signing keys do not match" |
| | 88 | case .OTErrorRecoveryCreation: |
| | 89 | return "failed to create Recovery" |
| | 90 | case .OTErrorAuthCipherTextCreation: |
| | 91 | return "failed to create authenticated ciphertext" |
| | 92 | case .OTErrorPrivateKeyCreation: |
| | 93 | return "failed to create private key" |
| | 94 | case .OTErrorRecoveryKeyCreation: |
| | 95 | return "failed to create recovery keys" |
| | 96 | case .OTErrorEntropyCreation: |
| | 97 | return "failed to create entropy" |
| | 98 | case .OTErrorEntropyKeyMismatch: |
| | 99 | return "keys generated by the entropy+salt do not match the Recovery contents" |
| | 100 | } |
| | 101 | } |
| | 102 | } |
projects / apple / security.git / blame_incremental