update symmetric to use naci instead

[cvasilak]

done for AGIOS-172

[corinnekrych]

/Cryptographically/cryptographically/

[corinnekrych]

+1

[corinnekrych]

Actually trying to use this version in AeroGear-iOS (replacing AGCryptoBox by AGSecretBox ) I run into issue in [1] when trying to initialize a crypto box with a KDF derived key because its length (160bytes does not comply with [2])

[1] https://github.com/aerogear/aerogear-ios/blob/master/AeroGear-iOS/security/AGPassphraseEncryptionServices.m#L32
[2] https://github.com/cvasilak/aerogear-crypto-ios/blob/cc-naci/crypto-sdk/AGSecretBox.m#L26

[abstractj]

@cvasilak the PR looks, however the test with @corinnekrych's scenario is failing to me. Please take a look:

    it(@"should accept KDF keys", ^{

        AGPBKDF2 *pbkdf2 = [[AGPBKDF2 alloc] init];
        NSString *PASSWORD = @"My Bonnie lies over the ocean, my Bonnie lies over the sea";
        NSData *salt = [AGRandomGenerator randomBytes];
        NSData *key = [pbkdf2 deriveKey:PASSWORD salt:salt];

        NSData *nonce = [AGUtil hexStringToBytes:BOX_NONCE];
        NSData *message = [AGUtil hexStringToBytes:BOX_MESSAGE];

        secretBox = [[AGSecretBox alloc] initWithKey:key];

        NSData *cipherText = [secretBox encrypt:message nonce:nonce];

        //Create a new box to test end to end symmetric encryption
        AGSecretBox *pandora = [[AGSecretBox alloc] initWithKey:key];
        NSData *plainText = [pandora decrypt:cipherText nonce:nonce];
        [[[AGUtil hexString:plainText] should] equal:BOX_MESSAGE];
    });

I was concerned about SecretBox in C, so I did the same experiment with Kalium (abstractj/kalium@2a07397) and seems to be working correctly.

[corinnekrych]

Using @abstractj test case on @cvasilak brnahc and removing key length check:
https://github.com/cvasilak/aerogear-crypto-ios/blob/cc-naci/crypto-sdk/AGSecretBox.m#L38
and removing statuscode return assert:
https://github.com/cvasilak/aerogear-crypto-ios/blob/cc-naci/crypto-sdk/AGSecretBox.m#L50
I manage to have a success test.

I wonder if the status code == 0 really means a failure....

[cvasilak]

the error here seems to be the incorrect key length specified when initialising SecretBox, making the assertion to fail. It expects 32 bytes but the default AGPBKDF2 class generates 160 bytes.

@abstractj the DERIVED_KEY_LENGTH used in Pbkdf2 is 32 bytes (256 bits). Replacing here with that size, makes the test run. Unfortunately, I can't recall why the use of 160 bytes as the minimum derived key.

I think this should be replaced on our side with the correct 32, wdyth?

[abstractj]

@cvasilak aloha, I think is the way to go. Once the SecretBox will expect bytes, instead of bits. Thanks for the explanation

[corinnekrych]

+1
works like a charm.
As easy as changing the size :)

[matzew]

Gave @cvasilak branch a shot -> 👍

[matzew]

Oh, should we change all the 5.0 references, like:
https://github.com/cvasilak/aerogear-crypto-ios/blob/cc-naci/crypto-sdk.xcodeproj/project.pbxproj#L515

to 7.0 ?

[cvasilak]

thanks @matzew done

[abstractj]

@cvasilak landed, thank you