seb-m / cryptopill Goto Github PK
View Code? Open in Web Editor NEWCore Secret's crypto code.
Home Page: coresecret.io
License: Other
Core Secret's crypto code.
Home Page: coresecret.io
License: Other
When there is a problem encrypting or decrypting SecretBox returns nil. This is fine but it would be good to include an NSError out which lists why.
For example, instead of:
+ (NSData *)secretBoxDataOpen:(NSData *)encryptedData key:(SecureData *)key {
+ (NSData *)secretBoxDataOpen:(NSData *)encryptedData key:(SecureData *)key error:(NSError **)error {
and then in the method before returning nil in an error case:
if (error) *error = [NSError errorWithDomain.... ];
which gives the reason for the error.
Just return hex;
instead of removing the last char.
Instead of returning nil in hmacSha256WithKey if item is not NSData, probably better to do an assert?
https://github.com/seb-m/CryptoPill/blob/master/CryptoPill/common/NSArray%2BHMAC.m#L26
NSAssert([item isKindOfClass:[NSData class]], @"Item must be an NSData");
I added a CryptoPill podsec to CocoaPods/Specs so projects can do:
pod 'CyptoPill'
(see https://github.com/CocoaPods/Specs/blob/master/CryptoPill/1.0.1/CryptoPill.podspec)
to include. However its using a branch of libsodium at https://github.com/mochtu/libsodium-ios which is on version 0.4.3.
Also if you add a LICENSE file the repo you can remove the license text in the podspec
+ (NSData *)secretBoxOpen:(NSData *)data key:(SecureData *)key {
if (!data || [data length] < crypto_secretbox_noncebytes() || !key || [key length] != crypto_secretbox_keybytes())
return nil;
// Split it into nonce and encrypted data
NSData *nonce = [NSData dataWithBytes:[data bytes] length:crypto_secretbox_noncebytes()];
NSData *encryptedData = [NSData dataWithBytes:([data bytes] + crypto_secretbox_noncebytes()) length:[data length] - crypto_secretbox_noncebytes()];
// First BOXZEROBYTES must be 0
NSMutableData *encryptedPaddedData = [NSMutableData dataWithLength:crypto_secretbox_boxzerobytes()];
[encryptedPaddedData appendData:encryptedData];
NSMutableData *outData = [NSMutableData dataWithLength:[encryptedPaddedData length]];
int retval = crypto_secretbox_open([outData mutableBytes],
[encryptedPaddedData bytes], [encryptedPaddedData length],
[nonce bytes], [key bytes]);
if (retval != 0) return nil;
// Remove ZEROBYTES from out data
return [NSData dataWithBytes:([outData bytes] + crypto_secretbox_zerobytes())
length:([outData length] - crypto_secretbox_zerobytes())];
}
You'll notice in RbNaCL library open method here:
https://github.com/cryptosphere/rbnacl/blob/master/lib/rbnacl/secret_boxes/xsalsa20poly1305.rb
as required in docs at http://nacl.cr.yp.to/secretbox.html
Here is the other side:
+ (NSData *)secretBox:(NSData *)data key:(SecureData *)key {
NSData *nonce = [Random randomData:crypto_secretbox_noncebytes()];
if (!data || !key || [key length] != crypto_secretbox_keybytes() || !nonce || [nonce length] != crypto_secretbox_noncebytes())
return nil;
// Pad the datas by ZEROBYTES
NSMutableData *paddedData = [NSMutableData dataWithLength:crypto_secretbox_zerobytes()];
[paddedData appendData:data];
NSMutableData *outData = [NSMutableData dataWithLength:[paddedData length]];
int retval = crypto_secretbox([outData mutableBytes],
[paddedData bytes], [paddedData length],
[nonce bytes],
[key bytes]);
if (retval != 0) return nil;
// Remove BOXZEROBYTES from out data
outData = [NSData dataWithBytes:([outData bytes] + crypto_secretbox_boxzerobytes())
length:([outData length] - crypto_secretbox_boxzerobytes())];
NSMutableData *combined = [NSMutableData dataWithData:nonce];
[combined appendData:outData];
return combined;
}
Some headers have changed, some removed, some added. Bit rot and all that. I have tweaked my version of the project, but also the libsodium.sh doesn't leave any libs in the libsodium_dst directory (although it does put the headers there). It would be great if - as part of the docs - you specified with which version of libsodium you are compatible.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.