chore: update core crypto to 6.x - WPB-17651

WireCoreCrypto/Package.swift

@@ -21,15 +21,15 @@ let package = Package(
     targets: [
         .binaryTarget(
             name: "WireCoreCrypto",
-            url: "https://github.com/wireapp/core-crypto/releases/download/v5.3.0/WireCoreCrypto.xcframework.zip",
-            checksum: "d291cf8ef997b1414448890446893465bb2147f23b396e92e6a8098de948b7f9"
+            url: "https://github.com/wireapp/core-crypto/releases/download/v6.0.1/WireCoreCrypto.xcframework.zip",
+            checksum: "a75e11dd3ff4ec4ec6f455d8512a9f0b0d8b98dba12f62672ed97aa4c2072e81"
         ),
         // this is an internal dependency to WireCoreCrypto but currently needs to explictly
         // added as a dependency due to limitations of Swift packages.
         .binaryTarget(
             name: "WireCoreCryptoUniffi",
-            url: "https://github.com/wireapp/core-crypto/releases/download/v5.3.0/WireCoreCryptoUniffi.xcframework.zip",
-            checksum: "4931c7473c83e157f5c89a6e6dda9a087d746e97f9b0a4443b106cb56e5b8789"
+            url: "https://github.com/wireapp/core-crypto/releases/download/v6.0.1/WireCoreCryptoUniffi.xcframework.zip",
+            checksum: "93113420d7194ea38e5b7a6a4ab4827e7e6793f01d3e6b6df103db9e56732a03"
         )
     ]
 )

wire-ios-data-model/Source/Core Crypto/CoreCryptoConfiguration.swift

@@ -24,7 +24,7 @@ import WireSystem
 public struct CoreCryptoConfiguration {
 
     public let path: String
-    public let key: String
+    public let key: Data
     public let clientID: String
 
     public var clientIDBytes: ClientId? {
@@ -51,11 +51,11 @@ public class CoreCryptoConfigProvider {
         sharedContainerURL: URL,
         selfUser: ZMUser,
         createKeyIfNeeded: Bool
-    ) throws -> CoreCryptoConfiguration {
+    ) async throws -> CoreCryptoConfiguration {
 
         let qualifiedClientID = try clientID(of: selfUser)
 
-        let initialConfig = try createInitialConfiguration(
+        let initialConfig = try await createInitialConfiguration(
             sharedContainerURL: sharedContainerURL,
             userID: selfUser.remoteIdentifier,
             createKeyIfNeeded: createKeyIfNeeded
@@ -72,7 +72,7 @@ public class CoreCryptoConfigProvider {
         sharedContainerURL: URL,
         userID: UUID,
         createKeyIfNeeded: Bool
-    ) throws -> (path: String, key: String) {
+    ) async throws -> (path: String, key: Data) {
 
         let accountDirectory = CoreDataStack.accountDataFolder(
             accountIdentifier: userID,
@@ -83,10 +83,10 @@ public class CoreCryptoConfigProvider {
         let coreCryptoDirectory = accountDirectory.appendingPathComponent("corecrypto")
 
         do {
-            let key = try coreCryptoKeyProvider.coreCryptoKey(createIfNeeded: createKeyIfNeeded)
+            let key = try await coreCryptoKeyProvider.coreCryptoKey(createIfNeeded: createKeyIfNeeded, path: coreCryptoDirectory.path)
             return (
                 path: coreCryptoDirectory.path,
-                key: key.base64EncodedString()
+                key: key
             )
         } catch {
             WireLogger.coreCrypto.error("Failed to get core crypto key \(String(describing: error))")
@@ -105,6 +105,31 @@ public class CoreCryptoConfigProvider {
         return clientID
     }
 
+//    public func migrateDatabaseKeyIfNeeded(
+//        sharedContainerURL: URL,
+//        userID: UUID
+//    ) async throws {
+//        let coreCryptoKeyV2 = try? coreCryptoKeyProvider.fetchCoreCryptoKeyV2()
+//        if coreCryptoKeyV2 == nil {
+//            let accountDirectory = CoreDataStack.accountDataFolder(
+//                accountIdentifier: userID,
+//                applicationContainer: sharedContainerURL
+//            )
+//
+//            try FileManager.default.createAndProtectDirectory(at: accountDirectory)
+//            let coreCryptoDirectory = accountDirectory.appendingPathComponent("corecrypto")
+//            let oldKey = try coreCryptoKeyProvider.coreCryptoKey(createIfNeeded: false, path: coreCryptoDirectory.path)
+//            let newKey = try coreCryptoKeyProvider.createCoreCryptoKeyV2()
+//
+//            print("Kate333 migrateDatabaseKeyTypeToBytes")
+//            try await migrateDatabaseKeyTypeToBytes(
+//                path: coreCryptoDirectory.path,
+//                oldKey: oldKey.base64EncodedString(),
+//                newKey: newKey
+//            )
+//        }
+//    }
+
     public enum ConfigurationSetupFailure: Error, Equatable {
         case failedToGetClientId
         case failedToGetCoreCryptoKey

wire-ios-data-model/Source/Core Crypto/CoreCryptoKeyProvider.swift

@@ -17,27 +17,62 @@
 //
 
 import Foundation
+import WireCoreCrypto
 import WireLogging
 import WireSystem
 
 public class CoreCryptoKeyProvider {
 
     public init() {}
 
-    public func coreCryptoKey(createIfNeeded: Bool) throws -> Data {
+    public func coreCryptoKey(createIfNeeded: Bool, path: String) async throws -> Data {
         removeLegacyKeyIfNeeded()
 
         do {
-            return try fetchCoreCryptoKey()
+            return try fetchCoreCryptoKeyV2()
         } catch {
             if createIfNeeded {
-                return try createCoreCryptoKey()
+                guard let oldKey = try? fetchCoreCryptoKey() else {
+                    return try createCoreCryptoKeyV2()
+                }
+                return try await migrateDatabaseKey(path: path, oldKey: oldKey)
+
             } else {
                 throw error
             }
         }
     }
 
+    private func fetchCoreCryptoKeyV2() throws -> Data {
+        let item = CoreCryptoKeychainItemV2()
+        let key: Data = try KeychainManager.fetchItem(item)
+        WireLogger.coreCrypto.info("Core crypto key_v2 exists: \(key.base64String()). Returning...")
+        return key
+    }
+
+    private func createCoreCryptoKeyV2() throws -> Data {
+        let item = CoreCryptoKeychainItemV2()
+        WireLogger.coreCrypto.info("Core crypto key_v2 doesn't exist. Creating...")
+        let key = try KeychainManager.generateKey(numberOfBytes: 32)
+        WireLogger.coreCrypto.info("Created core crypto key_v2: \(key.base64String()). Storing...")
+        try KeychainManager.storeItem(item, value: key)
+        WireLogger.coreCrypto.info("Stored core crypto key_v2. Returning...")
+        return key
+    }
+
+    private func migrateDatabaseKey(path: String, oldKey: Data) async throws -> Data {
+        WireLogger.coreCrypto.info("Migrating CoreCrypto key from v1 to v2")
+        let newKey = try createCoreCryptoKeyV2()
+
+        try await migrateDatabaseKeyTypeToBytes(
+            path: path,
+            oldKey: oldKey.base64EncodedString(),
+            newKey: newKey
+        )
+
+        return newKey
+    }
+
     private func fetchCoreCryptoKey() throws -> Data {
         let item = CoreCryptoKeychainItem()
         let key: Data = try KeychainManager.fetchItem(item)
@@ -129,3 +164,35 @@ struct LegacyCoreCryptoKeychainItem: KeychainItemProtocol {
         ]
     }
 }
+
+struct CoreCryptoKeychainItemV2: KeychainItemProtocol {
+
+    var id: String {
+        "com.wire.mls.key"
+    }
+
+    var keychainServiceName: String {
+        "wire.com"
+    }
+
+    var getQuery: [CFString: Any] {
+        [
+            kSecClass: kSecClassGenericPassword,
+            kSecAttrService: keychainServiceName,
+            kSecAttrAccount: id,
+            kSecReturnData: true
+        ]
+    }
+
+    func setQuery(value: some Any) -> [CFString: Any] {
+        [
+            kSecClass: kSecClassGenericPassword,
+            kSecAttrService: keychainServiceName,
+            kSecAttrAccount: id,
+            kSecAttrComment: "6.0.1",
+            kSecValueData: value,
+            kSecAttrAccessible: kSecAttrAccessibleAfterFirstUnlock
+        ]
+    }
+
+}

wire-ios-data-model/Source/Core Crypto/CoreCryptoProvider.swift

@@ -91,6 +91,10 @@ public actor CoreCryptoProvider: CoreCryptoProviderProtocol {
         self.featureRespository = FeatureRepository(context: syncContext)
     }
 
+    deinit {
+        print("deinit333 \(coreCrypto)")
+    }
+
     public func coreCrypto() async throws -> SafeCoreCryptoProtocol {
         let coreCrypto = try await getCoreCrypto()
         try await registerMlsTransportIfNecessary(coreCrypto: coreCrypto)
@@ -117,7 +121,7 @@ public actor CoreCryptoProvider: CoreCryptoProviderProtocol {
         certificateChain: String
     ) async throws -> CRLsDistributionPoints? {
         WireLogger.mls.info("Initialising MLS client from end-to-end identity enrollment")
-        let coreCrypto = try await coreCrypto()
+        let coreCrypto = try await coreCrypto()//
         let crls = try await coreCrypto.perform { context in
             let crlsDistributionPoints = try await context.e2eiMlsInitOnly(
                 enrollment: enrollment,
@@ -205,10 +209,17 @@ public actor CoreCryptoProvider: CoreCryptoProviderProtocol {
         coreCryptoContinuations = []
     }
 
+//    func migrateDatabaseKeyIfNeeded() async throws {
+//        let provider = CoreCryptoConfigProvider()
+//        try await provider.migrateDatabaseKeyIfNeeded(
+//            sharedContainerURL: sharedContainerURL,
+//            userID: selfUserID)
+//    }
+
     func createCoreCrypto() async throws -> SafeCoreCrypto {
         let provider = CoreCryptoConfigProvider()
 
-        let configuration = try provider.createInitialConfiguration(
+        let configuration = try await provider.createInitialConfiguration(
             sharedContainerURL: sharedContainerURL,
             userID: selfUserID,
             createKeyIfNeeded: allowCreation
@@ -218,7 +229,7 @@ public actor CoreCryptoProvider: CoreCryptoProviderProtocol {
             path: configuration.path,
             key: configuration.key
         )
-
+        
         updateKeychainItemAccess()
         await migrateCryptoboxSessionsIfNeeded(with: coreCrypto)
 
@@ -314,7 +325,7 @@ public actor CoreCryptoProvider: CoreCryptoProviderProtocol {
 
     private func generateClientPublicKeys(
         with coreCrypto: CoreCryptoContextProtocol,
-        credentialType: MlsCredentialType
+        credentialType: CredentialType
     ) async throws {
         WireLogger.mls.info("generating public key")
         let ciphersuite = await featureRespository.fetchMLS().config.defaultCipherSuite

wire-ios-data-model/Source/Core Crypto/SafeCoreCrypto.swift

@@ -39,11 +39,11 @@ public class SafeCoreCrypto: SafeCoreCryptoProtocol {
     private let safeContext: SafeFileContext
     private let databasePath: String
 
-    public convenience init(path: String, key: String) async throws {
+    public convenience init(path: String, key: Data) async throws {
 
         let coreCrypto = try await CoreCrypto(
             keystorePath: path,
-            keystoreSecret: Data(key.utf8)
+            key: key
         )
 
         setLogger(logger: CoreCryptoLoggerProxy(), level: .info)

wire-ios-data-model/Source/E2EIdentity/E2EIService.swift

@@ -135,7 +135,7 @@ public final class E2EIService: E2EIServiceInterface {
                 throw E2EIServiceFailure.missingCoreCrypto
             }
 
-            return try await self.e2eIdentity.contextNewOidcChallengeResponse(cc: coreCrypto, challenge: challenge)
+            return try await self.e2eIdentity.newOidcChallengeResponse(cc: coreCrypto, challenge: challenge)
         }
     }