felixfoertsch/bundesmessenger-ios
1
0
Fork 0
mirror of https://gitlab.opencode.de/bwi/bundesmessenger/clients/bundesmessenger-ios.git synced 2026-04-19 16:13:42 +02:00
Code Issues Packages Projects Releases Wiki Activity

MESSENGER-2762 Initial Merge

Browse Source
This commit is contained in:
Frank Rotermund
2022-03-17 15:51:23 +01:00
parent ecae8d618f
commit c2108a2178
384 changed files with 17708 additions and 1928 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Riot/Managers/EncryptionKeyManager/EncryptionKeyManager.swift
+72 -61
View File
@@ -1,5 +1,6 @@
//
//
// Copyright 2020 New Vector Ltd
// Copyright (c) 2021 BWI GmbH
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -22,85 +23,95 @@ import MatrixSDK
@objcMembers
class EncryptionKeyManager: NSObject, MXKeyProviderDelegate {
static let shared = EncryptionKeyManager()
private static let keychainService: String = BuildSettings.baseBundleIdentifier + ".encryption-manager-service"
private static let contactsIv: KeyValueStoreKey = "contactsIv"
private static let contactsAesKey: KeyValueStoreKey = "contactsAesKey"
private static let accountIv: KeyValueStoreKey = "accountIv"
private static let accountAesKey: KeyValueStoreKey = "accountAesKey"
private static let cryptoOlmPickleKey: KeyValueStoreKey = "cryptoOlmPickleKey"
private static let roomLastMessageIv: KeyValueStoreKey = "roomLastMessageIv"
private static let roomLastMessageAesKey: KeyValueStoreKey = "roomLastMessageAesKey"
private let keychainStore: KeyValueStore = KeychainStore(withKeychain: Keychain(service: keychainService, accessGroup: BuildSettings.keychainAccessGroup))
private static let keychainService: String = BuildSettings.baseBundleIdentifier + ".encryption-manager-service"
private static let contactsIv = "iv"
private static let contactsAesKey = "key"
private static let accountIv = "acountIv"
private static let accountAesKey = "acountKey"
private static let cryptoOlmPickleKey = "cryptoOlmPickleKey"
private static let roomLastMessageIv = "roomLastMessageIv"
private static let roomLastMessageAesKey = "roomLastMessageAesKey"
private let keychainVault = KeychainVault(Keychain(service: keychainService, accessGroup: BuildSettings.keychainAccessGroup))
private let securedFileStore: SecureFileStorage = SecureFileStorage.shared
private let vault: KeyValueVault
private override init() {
super.init()
initKeys()
vault = BwiBuildSettings.forcedPinProtection ? securedFileStore : keychainVault
}
private func initKeys() {
generateIvIfNotExists(forKey: EncryptionKeyManager.accountIv)
generateAesKeyIfNotExists(forKey: EncryptionKeyManager.accountAesKey)
generateIvIfNotExists(forKey: EncryptionKeyManager.contactsIv)
generateAesKeyIfNotExists(forKey: EncryptionKeyManager.contactsAesKey)
generateKeyIfNotExists(forKey: EncryptionKeyManager.cryptoOlmPickleKey, size: 32)
generateIvIfNotExists(forKey: EncryptionKeyManager.roomLastMessageIv)
generateAesKeyIfNotExists(forKey: EncryptionKeyManager.roomLastMessageAesKey)
assert(keychainStore.containsObject(forKey: EncryptionKeyManager.contactsIv), "[EncryptionKeyManager] initKeys: Failed to generate IV for acount")
assert(keychainStore.containsObject(forKey: EncryptionKeyManager.contactsAesKey), "[EncryptionKeyManager] initKeys: Failed to generate AES Key for acount")
assert(keychainStore.containsObject(forKey: EncryptionKeyManager.contactsIv), "[EncryptionKeyManager] initKeys: Failed to generate IV for contacts")
assert(keychainStore.containsObject(forKey: EncryptionKeyManager.contactsAesKey), "[EncryptionKeyManager] initKeys: Failed to generate AES Key for contacts")
assert(keychainStore.containsObject(forKey: EncryptionKeyManager.cryptoOlmPickleKey), "[EncryptionKeyManager] initKeys: Failed to generate Key for olm pickle key")
assert(keychainStore.containsObject(forKey: EncryptionKeyManager.roomLastMessageIv), "[EncryptionKeyManager] initKeys: Failed to generate IV for room last message")
assert(keychainStore.containsObject(forKey: EncryptionKeyManager.roomLastMessageAesKey), "[EncryptionKeyManager] initKeys: Failed to generate AES Key for room last message encryption")
func initKeys() {
generateIvIfNotExists(forKey: EncryptionKeyManager.accountIv, inStore: keychainVault)
generateAesKeyIfNotExists(forKey: EncryptionKeyManager.accountAesKey, inStore: keychainVault)
generateKeyIfNotExists(forKey: EncryptionKeyManager.cryptoOlmPickleKey, inStore: keychainVault, size: 32)
assert(keychainVault.objectExists(withKey: EncryptionKeyManager.accountIv), "[EncryptionKeyManager] initKeys: Failed to generate IV for acount")
assert(keychainVault.objectExists(withKey: EncryptionKeyManager.accountAesKey), "[EncryptionKeyManager] initKeys: Failed to generate AES Key for acount")
assert(keychainVault.objectExists(withKey: EncryptionKeyManager.cryptoOlmPickleKey), "[EncryptionKeyManager] initKeys: Failed to generate Key for olm pickle key")
generateIvIfNotExists(forKey: EncryptionKeyManager.roomLastMessageIv, inStore: keychainVault)
generateAesKeyIfNotExists(forKey: EncryptionKeyManager.roomLastMessageAesKey, inStore: keychainVault)
assert(keychainVault.objectExists(withKey: EncryptionKeyManager.roomLastMessageIv), "[EncryptionKeyManager] initKeys: Failed to generate IV for room last message")
assert(keychainVault.objectExists(withKey: EncryptionKeyManager.roomLastMessageAesKey), "[EncryptionKeyManager] initKeys: Failed to generate AES Key for room last message encryption")
guard !BwiBuildSettings.forcedPinProtection || !SecureFileStorage.shared.locked else {
MXLog.debug("[EncryptionKeyManager] initKeys: cannot init keys as store is not ready")
return
}
generateIvIfNotExists(forKey: EncryptionKeyManager.contactsIv, inStore: vault)
generateAesKeyIfNotExists(forKey: EncryptionKeyManager.contactsAesKey, inStore: vault)
assert(vault.objectExists(withKey: EncryptionKeyManager.contactsIv), "[EncryptionKeyManager] initKeys: Failed to generate IV for contacts")
assert(vault.objectExists(withKey: EncryptionKeyManager.contactsAesKey), "[EncryptionKeyManager] initKeys: Failed to generate AES Key for contacts")
}
// MARK: - MXKeyProviderDelegate
func isEncryptionAvailableForData(ofType dataType: String) -> Bool {
return dataType == MXKContactManagerDataType
|| dataType == MXKAccountManagerDataType
|| dataType == MXCryptoOlmPickleKeyDataType
|| dataType == MXRoomLastMessageDataType
}
func hasKeyForData(ofType dataType: String) -> Bool {
switch dataType {
case MXKContactManagerDataType:
return keychainStore.containsObject(forKey: EncryptionKeyManager.contactsIv) && keychainStore.containsObject(forKey: EncryptionKeyManager.contactsAesKey)
return vault.objectExists(withKey: EncryptionKeyManager.contactsIv) && vault.objectExists(withKey: EncryptionKeyManager.contactsAesKey)
case MXKAccountManagerDataType:
return keychainStore.containsObject(forKey: EncryptionKeyManager.accountIv) && keychainStore.containsObject(forKey: EncryptionKeyManager.accountAesKey)
return keychainVault.objectExists(withKey: EncryptionKeyManager.accountIv) && keychainVault.objectExists(withKey: EncryptionKeyManager.accountAesKey)
case MXCryptoOlmPickleKeyDataType:
return keychainStore.containsObject(forKey: EncryptionKeyManager.cryptoOlmPickleKey)
return keychainVault.objectExists(withKey: EncryptionKeyManager.cryptoOlmPickleKey)
case MXRoomLastMessageDataType:
return keychainStore.containsObject(forKey: EncryptionKeyManager.roomLastMessageIv) &&
keychainStore.containsObject(forKey: EncryptionKeyManager.roomLastMessageAesKey)
return keychainVault.objectExists(withKey: EncryptionKeyManager.roomLastMessageIv) &&
keychainVault.objectExists(withKey: EncryptionKeyManager.roomLastMessageAesKey)
default:
return false
}
}
func keyDataForData(ofType dataType: String) -> MXKeyData? {
switch dataType {
case MXKContactManagerDataType:
if let ivKey = try? keychainStore.data(forKey: EncryptionKeyManager.contactsIv),
let aesKey = try? keychainStore.data(forKey: EncryptionKeyManager.contactsAesKey) {
if let ivKey = try? vault.data(forKey: EncryptionKeyManager.contactsIv),
let aesKey = try? vault.data(forKey: EncryptionKeyManager.contactsAesKey) {
return MXAesKeyData(iv: ivKey, key: aesKey)
}
case MXKAccountManagerDataType:
if let ivKey = try? keychainStore.data(forKey: EncryptionKeyManager.accountIv),
let aesKey = try? keychainStore.data(forKey: EncryptionKeyManager.accountAesKey) {
if let ivKey = try? keychainVault.data(forKey: EncryptionKeyManager.accountIv),
let aesKey = try? keychainVault.data(forKey: EncryptionKeyManager.accountAesKey) {
return MXAesKeyData(iv: ivKey, key: aesKey)
}
case MXCryptoOlmPickleKeyDataType:
if let key = try? keychainStore.data(forKey: EncryptionKeyManager.cryptoOlmPickleKey) {
if let key = try? keychainVault.data(forKey: EncryptionKeyManager.cryptoOlmPickleKey) {
return MXRawDataKey(key: key)
}
case MXRoomLastMessageDataType:
if let ivKey = try? keychainStore.data(forKey: EncryptionKeyManager.roomLastMessageIv),
let aesKey = try? keychainStore.data(forKey: EncryptionKeyManager.roomLastMessageAesKey) {
if let ivKey = try? keychainVault.data(forKey: EncryptionKeyManager.roomLastMessageIv),
let aesKey = try? keychainVault.data(forKey: EncryptionKeyManager.roomLastMessageAesKey) {
return MXAesKeyData(iv: ivKey, key: aesKey)
}
default:
@@ -108,34 +119,34 @@ class EncryptionKeyManager: NSObject, MXKeyProviderDelegate {
}
return nil
}
// MARK: - Private methods
private func generateIvIfNotExists(forKey key: String) {
guard !keychainStore.containsObject(forKey: key) else {
private func generateIvIfNotExists(forKey key: String, inStore store: KeyValueVault) {
guard !store.objectExists(withKey: key) else {
return
}
do {
try keychainStore.set(MXAes.iv(), forKey: key)
try store.set(MXAes.iv(), forKey: key)
} catch {
MXLog.debug("[EncryptionKeyManager] initKeys: Failed to generate IV: \(error.localizedDescription)")
}
}
private func generateAesKeyIfNotExists(forKey key: String) {
generateKeyIfNotExists(forKey: key, size: kCCKeySizeAES256)
private func generateAesKeyIfNotExists(forKey key: String, inStore store: KeyValueVault) {
generateKeyIfNotExists(forKey: key, inStore: store, size: kCCKeySizeAES256)
}
private func generateKeyIfNotExists(forKey key: String, size: Int) {
guard !keychainStore.containsObject(forKey: key) else {
private func generateKeyIfNotExists(forKey key: String, inStore store: KeyValueVault, size: Int) {
guard !store.objectExists(withKey: key) else {
return
}
do {
var keyBytes = [UInt8](repeating: 0, count: size)
_ = SecRandomCopyBytes(kSecRandomDefault, size, &keyBytes)
try keychainStore.set(Data(bytes: keyBytes, count: size), forKey: key)
var aesKeyBytes = [UInt8](repeating: 0, count: size)
_ = SecRandomCopyBytes(kSecRandomDefault, size, &aesKeyBytes)
try store.set(Data(bytes: aesKeyBytes, count: size), forKey: key)
} catch {
MXLog.debug("[EncryptionKeyManager] initKeys: Failed to generate Key[\(key)]: \(error.localizedDescription)")
}