-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
ea89a66
commit 0c15ff2
Showing
40 changed files
with
837 additions
and
800 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
on: | ||
pull_request: | ||
paths: | ||
- "ios/**" | ||
- ".github/workflows/ios.yaml" | ||
branches: | ||
- "main" | ||
|
||
name: iOS | ||
|
||
jobs: | ||
build: | ||
name: Synchronize libraries | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout sources | ||
uses: actions/checkout@v3 | ||
|
||
- name: Add secret key to runner | ||
env: | ||
SLOTH_IOS_KEY: ${{ secrets.SLOTH_IOS_KEY }} | ||
run: | | ||
mkdir -p ~/.ssh | ||
echo "$SLOTH_IOS_KEY" > ~/.ssh/id_ed25519 | ||
chmod 400 ~/.ssh/id_ed25519 | ||
wc ~/.ssh/id_ed25519 | ||
- name: Checkout remote | ||
run: | | ||
git clone [email protected]:lambdapioneer/sloth-ios.git target | ||
cd target | ||
- name: Replace contents | ||
run: | | ||
cd target | ||
cp -rv ../ios/RainbowSloth/* . | ||
git add . | ||
- name: Pushy to remote | ||
run: | | ||
git diff-index --quiet HEAD || git commit -m "Automatic publish from github.com/project" | ||
git push origin main |
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
.DS_Store | ||
/.build | ||
/Packages | ||
xcuserdata/ | ||
DerivedData/ | ||
.swiftpm/configuration/registries.json | ||
.swiftpm/xcode/package.xcworkspace/contents.xcworkspacedata | ||
.netrc |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
// swift-tools-version: 5.9 | ||
|
||
import PackageDescription | ||
|
||
let package = Package( | ||
name: "RainbowSloth", | ||
platforms: [.iOS(.v14)], | ||
products: [ | ||
.library( | ||
name: "RainbowSloth", | ||
targets: ["RainbowSloth"]), | ||
], | ||
dependencies: [ | ||
.package(url: "https://github.com/jedisct1/swift-sodium.git", from: "0.9.1"), | ||
], | ||
targets: [ | ||
.target( | ||
name: "RainbowSloth", | ||
dependencies: [ | ||
.product(name: "Sodium", package: "swift-sodium") | ||
] | ||
), | ||
.testTarget( | ||
name: "RainbowSlothTests", | ||
dependencies: ["RainbowSloth"]), | ||
] | ||
) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,49 @@ | ||
# Sloth: iOS | ||
|
||
We have implemented the SE-backed key stretching scheme RainbowSloth for iOS 15+. | ||
This folder gets synced into a designated repository to allow inclusion as a Swift package dependency. | ||
|
||
For changes refer to the main repository here: https://github.com/lambdapioneer/sloth | ||
|
||
|
||
## Setting up | ||
|
||
Add this repository as a dependency to your `Package.swift` file like so: | ||
|
||
```swift | ||
dependencies: [ | ||
.package(url: "https://github.com/lambdapioneer/sloth-ios.git", from: "0.0.1"), | ||
], | ||
|
||
// ... | ||
|
||
dependencies: [ | ||
.product(name: "RainbowSloth", package: "sloth-ios") | ||
] | ||
``` | ||
|
||
|
||
## Using RainbowSloth | ||
|
||
After adding the dependency you can import the library in the respective `.swift` files and use it: | ||
|
||
```swift | ||
import RainbowSloth | ||
|
||
// create a new Sloth instance | ||
let sloth = RainbowSloth(withN: 100) // see paper on how to choose `n` | ||
|
||
// create a new key | ||
let (storageState, key) = try sloth.keygen( | ||
pw: "user-passphrase", | ||
handle: "your-identifier", | ||
outputLength: 32 | ||
) | ||
|
||
// re-derive the same key later | ||
let key = try sloth.derive( | ||
storageState: storageState, | ||
pw: "user-passphrase", | ||
outputLength: 32 | ||
) | ||
``` |
6 changes: 4 additions & 2 deletions
6
...nclaveBench/SecureEnclaveBench/Hkdf.swift → ...nbowSloth/Sources/RainbowSloth/Hkdf.swift
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
import Sodium | ||
import Foundation | ||
|
||
/// Wrapper around the Argon2id password hashing algorithm as provided by `Sodium`. | ||
public struct PwHash { | ||
|
||
/// Derives a key from the given `salt` and password `pw`. The output will be `outputLength` bytes long. | ||
public static func derive(salt: Data, pw: Data, outputLength: Int) -> Data { | ||
// OWASP: "Use Argon2id with a minimum configuration of 19 MiB of memory, an iteration count of 2, and 1 degree of parallelism." | ||
let sodium = Sodium.init() | ||
let sodiumPwHash = sodium.pwHash | ||
let res = sodiumPwHash.hash( | ||
outputLength: outputLength, | ||
passwd: Array(pw), | ||
salt: Array(salt), | ||
opsLimit: 2, | ||
memLimit: 19*1024*1024 // 19 MiB | ||
) | ||
return Data(res!) | ||
} | ||
|
||
/// Creates a new random `salt` byte array that can be used with the `derive` function. | ||
public static func randomSalt(outputLength: Int = 16) -> Data { | ||
var bytes = [UInt8](repeating: 0, count: outputLength) | ||
let result = SecRandomCopyBytes(kSecRandomDefault, bytes.count, &bytes) | ||
assert(result == errSecSuccess, "Failed to generate random bytes") | ||
return Data(bytes) | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.