seb-m / cryptopill Goto Github PK
View Code? Open in Web Editor NEWCore Secret's crypto code.
Home Page: coresecret.io
License: Other
cryptopill's People
Contributors
Stargazers
Watchers
cryptopill's Issues
CryptoPill podspec
I added a CryptoPill podsec to CocoaPods/Specs so projects can do:
pod 'CyptoPill'
(see https://github.com/CocoaPods/Specs/blob/master/CryptoPill/1.0.1/CryptoPill.podspec)
to include. However its using a branch of libsodium at https://github.com/mochtu/libsodium-ios which is on version 0.4.3.
Also if you add a LICENSE file the repo you can remove the license text in the podspec
Use an assert instead of returning nil in hmacSha256WithKey
Instead of returning nil in hmacSha256WithKey if item is not NSData, probably better to do an assert?
https://github.com/seb-m/CryptoPill/blob/master/CryptoPill/common/NSArray%2BHMAC.m#L26
NSAssert([item isKindOfClass:[NSData class]], @"Item must be an NSData");
Project does not build against latest libsodium 0.7.0 release
Some headers have changed, some removed, some added. Bit rot and all that. I have tweaked my version of the project, but also the libsodium.sh doesn't leave any libs in the libsodium_dst directory (although it does put the headers there). It would be great if - as part of the docs - you specified with which version of libsodium you are compatible.
Include an NSError out on SecretBox methods for better error handling
When there is a problem encrypting or decrypting SecretBox returns nil. This is fine but it would be good to include an NSError out which lists why.
For example, instead of:
+ (NSData *)secretBoxDataOpen:(NSData *)encryptedData key:(SecureData *)key {
+ (NSData *)secretBoxDataOpen:(NSData *)encryptedData key:(SecureData *)key error:(NSError **)error {
and then in the method before returning nil in an error case:
if (error) *error = [NSError errorWithDomain.... ];
which gives the reason for the error.
NSData+Hex methods trim an extra character off the string
Just return hex; instead of removing the last char.
First c bytes of crypto_secretbox_open must be padded with crypto_secretbox_boxzerobytes()
+ (NSData *)secretBoxOpen:(NSData *)data key:(SecureData *)key {
if (!data || [data length] < crypto_secretbox_noncebytes() || !key || [key length] != crypto_secretbox_keybytes())
return nil;
// Split it into nonce and encrypted data
NSData *nonce = [NSData dataWithBytes:[data bytes] length:crypto_secretbox_noncebytes()];
NSData *encryptedData = [NSData dataWithBytes:([data bytes] + crypto_secretbox_noncebytes()) length:[data length] - crypto_secretbox_noncebytes()];
// First BOXZEROBYTES must be 0
NSMutableData *encryptedPaddedData = [NSMutableData dataWithLength:crypto_secretbox_boxzerobytes()];
[encryptedPaddedData appendData:encryptedData];
NSMutableData *outData = [NSMutableData dataWithLength:[encryptedPaddedData length]];
int retval = crypto_secretbox_open([outData mutableBytes],
[encryptedPaddedData bytes], [encryptedPaddedData length],
[nonce bytes], [key bytes]);
if (retval != 0) return nil;
// Remove ZEROBYTES from out data
return [NSData dataWithBytes:([outData bytes] + crypto_secretbox_zerobytes())
length:([outData length] - crypto_secretbox_zerobytes())];
}You'll notice in RbNaCL library open method here:
https://github.com/cryptosphere/rbnacl/blob/master/lib/rbnacl/secret_boxes/xsalsa20poly1305.rb
as required in docs at http://nacl.cr.yp.to/secretbox.html
Here is the other side:
+ (NSData *)secretBox:(NSData *)data key:(SecureData *)key {
NSData *nonce = [Random randomData:crypto_secretbox_noncebytes()];
if (!data || !key || [key length] != crypto_secretbox_keybytes() || !nonce || [nonce length] != crypto_secretbox_noncebytes())
return nil;
// Pad the datas by ZEROBYTES
NSMutableData *paddedData = [NSMutableData dataWithLength:crypto_secretbox_zerobytes()];
[paddedData appendData:data];
NSMutableData *outData = [NSMutableData dataWithLength:[paddedData length]];
int retval = crypto_secretbox([outData mutableBytes],
[paddedData bytes], [paddedData length],
[nonce bytes],
[key bytes]);
if (retval != 0) return nil;
// Remove BOXZEROBYTES from out data
outData = [NSData dataWithBytes:([outData bytes] + crypto_secretbox_boxzerobytes())
length:([outData length] - crypto_secretbox_boxzerobytes())];
NSMutableData *combined = [NSMutableData dataWithData:nonce];
[combined appendData:outData];
return combined;
}
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.