Added DarkStar cipher mode

OperatorFoundation · Sep 24, 2021 · 3e9377e · 3e9377e
1 parent 331260b
commit 3e9377e
Show file tree

Hide file tree

Showing 5 changed files with 278 additions and 155 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,3 +1,4 @@
+Package.resolved
 .DS_Store
 /.build
 /Packages

diff --git a/Package.resolved b/Package.resolved
diff --git a/Package.swift b/Package.swift
@@ -15,11 +15,12 @@ let package = Package(
     ],
     dependencies: [
         .package(url: "https://github.com/OperatorFoundation/Chord.git", from: "0.0.12"),
-        .package(url: "https://github.com/OperatorFoundation/Datable.git", from: "3.0.4"),
+        .package(url: "https://github.com/OperatorFoundation/Datable.git", from: "3.1.0"),
         .package(url: "https://github.com/apple/swift-log.git", from: "1.4.2"),
         .package(url: "https://github.com/OperatorFoundation/SwiftHexTools.git", from: "1.2.2"),
         .package(url: "https://github.com/OperatorFoundation/Transmission.git", from: "0.2.3"),
-        .package(url: "https://github.com/OperatorFoundation/Transport.git", from: "2.3.5")
+        .package(url: "https://github.com/OperatorFoundation/Transport.git", from: "2.3.5"),
+        .package(url: "https://github.com/apple/swift-crypto", from: "2.0.0")
     ],
     targets: [
         .target(
@@ -29,7 +30,9 @@ let package = Package(
                 "Datable",
                 "Transmission",
                 "Transport",
-                .product(name: "Logging", package: "swift-log")]),
+                .product(name: "Logging", package: "swift-log"),
+                .product(name: "Crypto", package: "swift-crypto")
+            ]),
         .testTarget(
             name: "ShadowSwiftTests",
             dependencies: [

diff --git a/Sources/ShadowSwift/Cipher.swift b/Sources/ShadowSwift/Cipher.swift
@@ -84,12 +84,14 @@ class Cipher
 
         switch mode
         {
-        case .AES_128_GCM:
-            saltSize = 16
-        case .AES_256_GCM:
-            saltSize = 32
-        case .CHACHA20_IETF_POLY1305:
-            saltSize = 32
+            case .AES_128_GCM:
+                saltSize = 16
+            case .AES_256_GCM:
+                saltSize = 32
+            case .CHACHA20_IETF_POLY1305:
+                saltSize = 32
+            default:
+                return nil
         }
 
         return generateRandomBytes(count: saltSize)
@@ -116,12 +118,14 @@ class Cipher
 
         switch shadowConfig.mode
         {
-        case .AES_128_GCM:
-            keyLength = 16
-        case .AES_256_GCM:
-            keyLength = 32
-        case .CHACHA20_IETF_POLY1305:
-            keyLength = 32
+            case .AES_128_GCM:
+                keyLength = 16
+            case .AES_256_GCM:
+                keyLength = 32
+            case .CHACHA20_IETF_POLY1305:
+                keyLength = 32
+            default:
+                return Data()
         }
 
         while keyBuffer.count < keyLength
@@ -197,44 +201,47 @@ class Cipher
 
         switch mode
         {
-        case .AES_128_GCM:
-            do
-            {
-                let aesGCMNonce = try AES.GCM.Nonce(data: nonce())
-                let sealedBox = try AES.GCM.seal(plaintext, using: key, nonce: aesGCMNonce)
-                cipherText = sealedBox.ciphertext
-                tag = sealedBox.tag
-            }
-            catch let encryptError
-            {
-                log.error("Error running AESGCM encryption: \(encryptError)")
-            }
-
-        case .AES_256_GCM:
-            do
-            {
-                let aesGCMNonce = try AES.GCM.Nonce(data: nonce())
-                let sealedBox = try AES.GCM.seal(plaintext, using: key, nonce: aesGCMNonce)
-                cipherText = sealedBox.ciphertext
-                tag = sealedBox.tag
-            }
-            catch let encryptError
-            {
-                log.error("Error running AESGCM encryption: \(encryptError)")
-            }
-
-        case .CHACHA20_IETF_POLY1305:
-            do
-            {
-                let chachaPolyNonce = try ChaChaPoly.Nonce(data: nonce())
-                let sealedBox = try ChaChaPoly.seal(plaintext, using: key, nonce: chachaPolyNonce)
-                cipherText = sealedBox.ciphertext
-                tag = sealedBox.tag
-            }
-            catch let encryptError
-            {
-                log.error("Error running ChaChaPoly encryption: \(encryptError)")
-            }
+            case .AES_128_GCM:
+                do
+                {
+                    let aesGCMNonce = try AES.GCM.Nonce(data: nonce())
+                    let sealedBox = try AES.GCM.seal(plaintext, using: key, nonce: aesGCMNonce)
+                    cipherText = sealedBox.ciphertext
+                    tag = sealedBox.tag
+                }
+                catch let encryptError
+                {
+                    log.error("Error running AESGCM encryption: \(encryptError)")
+                }
+
+            case .AES_256_GCM:
+                do
+                {
+                    let aesGCMNonce = try AES.GCM.Nonce(data: nonce())
+                    let sealedBox = try AES.GCM.seal(plaintext, using: key, nonce: aesGCMNonce)
+                    cipherText = sealedBox.ciphertext
+                    tag = sealedBox.tag
+                }
+                catch let encryptError
+                {
+                    log.error("Error running AESGCM encryption: \(encryptError)")
+                }
+
+            case .CHACHA20_IETF_POLY1305:
+                do
+                {
+                    let chachaPolyNonce = try ChaChaPoly.Nonce(data: nonce())
+                    let sealedBox = try ChaChaPoly.seal(plaintext, using: key, nonce: chachaPolyNonce)
+                    cipherText = sealedBox.ciphertext
+                    tag = sealedBox.tag
+                }
+                catch let encryptError
+                {
+                    log.error("Error running ChaChaPoly encryption: \(encryptError)")
+                }
+            case .DARKSTAR:
+                // FIXME
+                break
         }
 
         return (cipherText, tag)
@@ -260,39 +267,42 @@ class Cipher
     {
         switch mode
         {
-        case .AES_128_GCM:
-            do
-            {
-                let sealedBox = try AES.GCM.SealedBox(nonce: AES.GCM.Nonce(data: nonce()), ciphertext: encrypted, tag: tag)
-                return try AES.GCM.open(sealedBox, using: key)
-            }
-            catch let decryptError
-            {
-                log.error("Error running AESGCM decryption: \(decryptError)")
-                return nil
-            }
-        case .AES_256_GCM:
-            do
-            {
-                let sealedBox = try AES.GCM.SealedBox(nonce: AES.GCM.Nonce(data: nonce()), ciphertext: encrypted, tag: tag)
-                return try AES.GCM.open(sealedBox, using: key)
-            }
-            catch let decryptError
-            {
-                log.error("Error running AESGCM decryption: \(decryptError)")
+            case .AES_128_GCM:
+                do
+                {
+                    let sealedBox = try AES.GCM.SealedBox(nonce: AES.GCM.Nonce(data: nonce()), ciphertext: encrypted, tag: tag)
+                    return try AES.GCM.open(sealedBox, using: key)
+                }
+                catch let decryptError
+                {
+                    log.error("Error running AESGCM decryption: \(decryptError)")
+                    return nil
+                }
+            case .AES_256_GCM:
+                do
+                {
+                    let sealedBox = try AES.GCM.SealedBox(nonce: AES.GCM.Nonce(data: nonce()), ciphertext: encrypted, tag: tag)
+                    return try AES.GCM.open(sealedBox, using: key)
+                }
+                catch let decryptError
+                {
+                    log.error("Error running AESGCM decryption: \(decryptError)")
+                    return nil
+                }
+            case .CHACHA20_IETF_POLY1305:
+                do
+                {
+                    let sealedBox = try ChaChaPoly.SealedBox(nonce: ChaChaPoly.Nonce(data: nonce()), ciphertext: encrypted, tag: tag)
+                    return try ChaChaPoly.open(sealedBox, using: key)
+                }
+                catch let decryptError
+                {
+                    log.error("Error running ChaChaPoly decryption: \(decryptError)")
+                    return nil
+                }
+            case .DARKSTAR:
+                // FIXME
                 return nil
-            }
-        case .CHACHA20_IETF_POLY1305:
-            do
-            {
-                let sealedBox = try ChaChaPoly.SealedBox(nonce: ChaChaPoly.Nonce(data: nonce()), ciphertext: encrypted, tag: tag)
-                return try ChaChaPoly.open(sealedBox, using: key)
-            }
-            catch let decryptError
-            {
-                log.error("Error running ChaChaPoly decryption: \(decryptError)")
-                return nil
-            }
         }
     }
 
@@ -329,5 +339,8 @@ public enum CipherMode: String, Codable
     case AES_128_GCM = "AES-128-GCM"
     case AES_256_GCM = "AES-256-GCM"
     case CHACHA20_IETF_POLY1305 = "CHACHA20-IETF-POLY1305"
+
+    // New cipher mode
+    case DARKSTAR = "DarkStar"
 }