
154 lines
5.7 KiB
Raw Normal View History

// SessionProxy+EncryptionBridge.swift
// TunnelKit
// Created by Davide De Rosa on 2/8/17.
// Copyright © 2018 London Trust Media. All rights reserved.
import Foundation
import __TunnelKitNative
extension SessionProxy {
/// Bridges native encryption for high-level operations.
public class EncryptionBridge {
private static let maxHmacLength = 100
private let box: CryptoBox
Initializes the PRNG. Must be issued before using `SessionProxy`.
- Parameter seedLength: The length in bytes of the pseudorandom seed that will feed the PRNG.
public static func prepareRandomNumberGenerator(seedLength: Int) -> Bool {
let seed: ZeroingData
do {
seed = try SecureRandom.safeData(length: seedLength)
} catch {
return false
return CryptoBox.preparePRNG(withSeed: seed.bytes, length: seed.count)
// Ruby: keys_prf
private static func keysPRF(
_ label: String,
_ secret: ZeroingData,
_ clientSeed: ZeroingData,
_ serverSeed: ZeroingData,
_ clientSessionId: Data?,
_ serverSessionId: Data?,
_ size: Int) throws -> ZeroingData {
let seed = Z(label)
if let csi = clientSessionId {
if let ssi = serverSessionId {
let len = secret.count / 2
let lenx = len + (secret.count & 1)
let secret1 = secret.withOffset(0, count: lenx)
let secret2 = secret.withOffset(len, count: lenx)
let hash1 = try keysHash("md5", secret1, seed, size)
let hash2 = try keysHash("sha1", secret2, seed, size)
let prf = Z()
for i in 0..<hash1.count {
let h1 = hash1.bytes[i]
let h2 = hash2.bytes[i]
prf.append(Z(h1 ^ h2))
return prf
// Ruby: keys_hash
private static func keysHash(_ digestName: String, _ secret: ZeroingData, _ seed: ZeroingData, _ size: Int) throws -> ZeroingData {
let out = Z()
let buffer = Z(count: EncryptionBridge.maxHmacLength)
var chain = try EncryptionBridge.hmac(buffer, digestName, secret, seed)
while (out.count < size) {
out.append(try EncryptionBridge.hmac(buffer, digestName, secret, chain.appending(seed)))
chain = try EncryptionBridge.hmac(buffer, digestName, secret, chain)
return out.withOffset(0, count: size)
// Ruby: hmac
private static func hmac(_ buffer: ZeroingData, _ digestName: String, _ secret: ZeroingData, _ data: ZeroingData) throws -> ZeroingData {
var length = 0
try CryptoBox.hmac(
withDigestName: digestName,
secret: secret.bytes,
secretLength: secret.count,
data: data.bytes,
dataLength: data.count,
hmac: buffer.mutableBytes,
hmacLength: &length
return buffer.withOffset(0, count: length)
convenience init(_ cipher: SessionProxy.Cipher, _ digest: SessionProxy.Digest, _ auth: SessionProxy.Authenticator,
_ sessionId: Data, _ remoteSessionId: Data) throws {
guard let serverRandom1 = auth.serverRandom1, let serverRandom2 = auth.serverRandom2 else {
fatalError("Configuring encryption without server randoms")
let masterData = try EncryptionBridge.keysPRF(
CoreConfiguration.label1, auth.preMaster, auth.random1,
serverRandom1, nil, nil,
let keysData = try EncryptionBridge.keysPRF(
CoreConfiguration.label2, masterData, auth.random2,
serverRandom2, sessionId, remoteSessionId,
CoreConfiguration.keysCount * CoreConfiguration.keyLength
var keysArray = [ZeroingData]()
for i in 0..<CoreConfiguration.keysCount {
let offset = i * CoreConfiguration.keyLength
let zbuf = keysData.withOffset(offset, count: CoreConfiguration.keyLength)
let cipherEncKey = keysArray[0]
let hmacEncKey = keysArray[1]
let cipherDecKey = keysArray[2]
let hmacDecKey = keysArray[3]
try self.init(cipher, digest, cipherEncKey, cipherDecKey, hmacEncKey, hmacDecKey)
init(_ cipher: SessionProxy.Cipher, _ digest: SessionProxy.Digest, _ cipherEncKey: ZeroingData, _ cipherDecKey: ZeroingData, _ hmacEncKey: ZeroingData, _ hmacDecKey: ZeroingData) throws {
box = CryptoBox(cipherAlgorithm: cipher.rawValue, digestAlgorithm: digest.rawValue)
try box.configure(
withCipherEncKey: cipherEncKey,
cipherDecKey: cipherDecKey,
hmacEncKey: hmacEncKey,
hmacDecKey: hmacDecKey
func encrypter() -> DataPathEncrypter {
return box.encrypter().dataPathEncrypter()
func decrypter() -> DataPathDecrypter {
return box.decrypter().dataPathDecrypter()