aes-gsm for attachments
This commit is contained in:
parent
4399b81ec8
commit
bfd9757a37
|
@ -115,7 +115,16 @@ extension Client {
|
||||||
}
|
}
|
||||||
|
|
||||||
// encrypt data if needed
|
// encrypt data if needed
|
||||||
let ((key, iv), encrypted) = try await encryptFile(data)
|
let key = try AESGSMEngine.generateKey()
|
||||||
|
let iv = try AESGSMEngine.generateIV()
|
||||||
|
var encrypted = Data()
|
||||||
|
var tag = Data()
|
||||||
|
guard AESGSMEngine.shared.encrypt(iv: iv, key: key, message: data, output: &encrypted, tag: &tag) else {
|
||||||
|
throw AppError.securityError
|
||||||
|
}
|
||||||
|
|
||||||
|
// attach tag to end of encrypted data
|
||||||
|
encrypted.append(tag)
|
||||||
data = encrypted
|
data = encrypted
|
||||||
|
|
||||||
// upload
|
// upload
|
||||||
|
@ -192,19 +201,6 @@ private extension Client {
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func encryptFile(_ data: Data) async throws -> ((Data, Data), Data) {
|
|
||||||
guard let iv = try? AESGSMEngine.generateIV(), let key = try? AESGSMEngine.generateKey() else {
|
|
||||||
throw AppError.securityError
|
|
||||||
}
|
|
||||||
var encrypted = Data()
|
|
||||||
var tag = Data()
|
|
||||||
guard AESGSMEngine.shared.encrypt(iv: iv, key: key, message: data, output: &encrypted, tag: &tag) else {
|
|
||||||
throw AppError.securityError
|
|
||||||
}
|
|
||||||
|
|
||||||
return ((key, iv), encrypted)
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
extension Client {
|
extension Client {
|
||||||
|
|
|
@ -12,8 +12,8 @@ final class AESGSMEngine: AES_GCM_Engine {
|
||||||
let symmetricKey = SymmetricKey(data: key)
|
let symmetricKey = SymmetricKey(data: key)
|
||||||
let sealedBox = try AES.GCM.seal(message, using: symmetricKey, nonce: AES.GCM.Nonce(data: iv))
|
let sealedBox = try AES.GCM.seal(message, using: symmetricKey, nonce: AES.GCM.Nonce(data: iv))
|
||||||
|
|
||||||
if let output = output, let data = sealedBox.combined {
|
if let output = output {
|
||||||
output.pointee = data
|
output.pointee = sealedBox.ciphertext
|
||||||
}
|
}
|
||||||
if let tag = tag {
|
if let tag = tag {
|
||||||
tag.pointee = sealedBox.tag
|
tag.pointee = sealedBox.tag
|
||||||
|
|
Loading…
Reference in a new issue