2 * Copyright (c) 2019 Apple Inc. All Rights Reserved.
4 * @APPLE_LICENSE_HEADER_START@
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
21 * @APPLE_LICENSE_HEADER_END@
25 import SecurityFoundation
27 class RecoveryKey: NSObject {
28 internal var recoveryKeys: RecoveryKeySet
29 internal var secret: Data
31 internal var peerKeys: OctagonSelfPeerKeys
33 internal init(recoveryKeyString: String, recoverySalt: String) throws {
34 self.secret = Data(bytes: Array(recoveryKeyString.utf8), count: recoveryKeyString.utf8.count)
35 self.recoveryKeys = try RecoveryKeySet(secret: self.secret, recoverySalt: recoverySalt)
37 let peerID = RecoveryKey.PeerID(signingPublicKeyData: self.recoveryKeys.signingKey.publicKey.keyData)
39 try self.peerKeys = OctagonSelfPeerKeys(peerID: peerID, signingKey: self.recoveryKeys.signingKey, encryptionKey: self.recoveryKeys.encryptionKey)
42 static func PeerID(signingPublicKeyData: Data) -> String {
43 let hash = RecoveryKeySet.hashRecoveryedSigningPublicKey(keyData: signingPublicKeyData)
44 let peerID = "RK-" + hash
49 static func spki(publicKeyData: Data) throws -> Data {
50 let key = try _SFECPublicKey(data: publicKeyData, specifier: _SFECKeySpecifier(curve: SFEllipticCurve.nistp384))
51 return key.encodeSubjectPublicKeyInfo()
54 public static func asPeer(recoveryKeys: TPRecoveryKeyPair, viewList: Set<String>) throws -> TrustedPeersHelperPeer {
55 return TrustedPeersHelperPeer(peerID: self.PeerID(signingPublicKeyData: recoveryKeys.signingKeyData),
56 signingSPKI: try self.spki(publicKeyData: recoveryKeys.signingKeyData),
57 encryptionSPKI: try self.spki(publicKeyData: recoveryKeys.encryptionKeyData),
62 extension RecoveryKey {
63 enum Error: Swift.Error {
64 case OTErrorDeserializationFailure
65 case OTErrorDecryptionFailure
66 case OTErrorKeyInstantiation
67 case OTErrorKeyMismatch
68 case OTErrorRecoveryCreation
69 case OTErrorAuthCipherTextCreation
70 case OTErrorPrivateKeyCreation
71 case OTErrorRecoveryKeyCreation
72 case OTErrorEntropyCreation
73 case OTErrorEntropyKeyMismatch
77 extension RecoveryKey.Error: LocalizedError {
78 public var errorDescription: String? {
80 case .OTErrorDeserializationFailure:
81 return "Failed to deserialize Recovery peer"
82 case .OTErrorDecryptionFailure:
83 return "could not decrypt Recovery contents"
84 case .OTErrorKeyInstantiation:
85 return "Failed to instantiate octagon peer keys"
86 case .OTErrorKeyMismatch:
87 return "public and private peer signing keys do not match"
88 case .OTErrorRecoveryCreation:
89 return "failed to create Recovery"
90 case .OTErrorAuthCipherTextCreation:
91 return "failed to create authenticated ciphertext"
92 case .OTErrorPrivateKeyCreation:
93 return "failed to create private key"
94 case .OTErrorRecoveryKeyCreation:
95 return "failed to create recovery keys"
96 case .OTErrorEntropyCreation:
97 return "failed to create entropy"
98 case .OTErrorEntropyKeyMismatch:
99 return "keys generated by the entropy+salt do not match the Recovery contents"
projects / apple / security.git / blob