mirror of
https://github.com/signalapp/libsignal.git
synced 2026-05-05 06:32:35 +02:00
zkgroup: Add CallLinkAuthCredential
This is very similar to the AuthCredential used by the group server, but using CallLinkParams to encrypt the user ID rather than GroupParams (and using GenericServerParams to issue the credential rather than the group server's ServerParams).
This commit is contained in:
Jordan Rose
@@ -0,0 +1,39 @@
|
||||
//
|
||||
// Copyright 2023 Signal Messenger, LLC.
|
||||
// SPDX-License-Identifier: AGPL-3.0-only
|
||||
//
|
||||
|
||||
import Foundation
|
||||
import SignalFfi
|
||||
|
||||
public class CallLinkAuthCredential: ByteArray {
|
||||
|
||||
public required init(contents: [UInt8]) throws {
|
||||
try super.init(contents, checkValid: signal_call_link_auth_credential_check_valid_contents)
|
||||
}
|
||||
|
||||
public func present(userId: UUID, redemptionTime: Date, serverParams: GenericServerPublicParams, callLinkParams: CallLinkSecretParams) -> CallLinkAuthCredentialPresentation {
|
||||
return failOnError {
|
||||
present(userId: userId, redemptionTime: redemptionTime, serverParams: serverParams, callLinkParams: callLinkParams, randomness: try .generate())
|
||||
}
|
||||
}
|
||||
|
||||
public func present(userId: UUID, redemptionTime: Date, serverParams: GenericServerPublicParams, callLinkParams: CallLinkSecretParams, randomness: Randomness) -> CallLinkAuthCredentialPresentation {
|
||||
return failOnError {
|
||||
try withUnsafeBorrowedBuffer { contents in
|
||||
try withUnsafePointer(to: userId.uuid) { userId in
|
||||
try serverParams.withUnsafeBorrowedBuffer { serverParams in
|
||||
try callLinkParams.withUnsafeBorrowedBuffer { callLinkParams in
|
||||
try randomness.withUnsafePointerToBytes { randomness in
|
||||
try invokeFnReturningVariableLengthSerialized {
|
||||
signal_call_link_auth_credential_present_deterministic($0, contents, userId, UInt64(redemptionTime.timeIntervalSince1970), serverParams, callLinkParams, randomness)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
@@ -0,0 +1,34 @@
|
||||
//
|
||||
// Copyright 2023 Signal Messenger, LLC.
|
||||
// SPDX-License-Identifier: AGPL-3.0-only
|
||||
//
|
||||
|
||||
import Foundation
|
||||
import SignalFfi
|
||||
|
||||
public class CallLinkAuthCredentialPresentation: ByteArray {
|
||||
|
||||
public required init(contents: [UInt8]) throws {
|
||||
try super.init(contents, checkValid: signal_call_link_auth_credential_presentation_check_valid_contents)
|
||||
}
|
||||
|
||||
public func verify(now: Date = Date(), serverParams: GenericServerSecretParams, callLinkParams: CallLinkPublicParams) throws {
|
||||
try withUnsafeBorrowedBuffer { contents in
|
||||
try serverParams.withUnsafeBorrowedBuffer { serverParams in
|
||||
try callLinkParams.withUnsafeBorrowedBuffer { callLinkParams in
|
||||
try checkError(signal_call_link_auth_credential_presentation_verify(contents, UInt64(now.timeIntervalSince1970), serverParams, callLinkParams))
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
public var userId: UuidCiphertext {
|
||||
return failOnError {
|
||||
try withUnsafeBorrowedBuffer { contents in
|
||||
try invokeFnReturningSerialized {
|
||||
signal_call_link_auth_credential_presentation_get_user_id($0, contents)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,45 @@
|
||||
//
|
||||
// Copyright 2023 Signal Messenger, LLC.
|
||||
// SPDX-License-Identifier: AGPL-3.0-only
|
||||
//
|
||||
|
||||
import Foundation
|
||||
import SignalFfi
|
||||
|
||||
public class CallLinkAuthCredentialResponse: ByteArray {
|
||||
public required init(contents: [UInt8]) throws {
|
||||
try super.init(contents, checkValid: signal_call_link_auth_credential_response_check_valid_contents)
|
||||
}
|
||||
|
||||
public static func issueCredential(userId: UUID, redemptionTime: Date, params: GenericServerSecretParams) -> CallLinkAuthCredentialResponse {
|
||||
return failOnError {
|
||||
issueCredential(userId: userId, redemptionTime: redemptionTime, params: params, randomness: try .generate())
|
||||
}
|
||||
}
|
||||
|
||||
public static func issueCredential(userId: UUID, redemptionTime: Date, params: GenericServerSecretParams, randomness: Randomness) -> CallLinkAuthCredentialResponse {
|
||||
return failOnError {
|
||||
try withUnsafePointer(to: userId.uuid) { userId in
|
||||
try params.withUnsafeBorrowedBuffer { params in
|
||||
try randomness.withUnsafePointerToBytes { randomness in
|
||||
try invokeFnReturningVariableLengthSerialized {
|
||||
signal_call_link_auth_credential_response_issue_deterministic($0, userId, UInt64(redemptionTime.timeIntervalSince1970), params, randomness)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
public func receive(userId: UUID, redemptionTime: Date, params: GenericServerPublicParams) throws -> CallLinkAuthCredential {
|
||||
return try withUnsafeBorrowedBuffer { contents in
|
||||
try withUnsafePointer(to: userId.uuid) { userId in
|
||||
try params.withUnsafeBorrowedBuffer { params in
|
||||
try invokeFnReturningVariableLengthSerialized {
|
||||
signal_call_link_auth_credential_response_receive($0, contents, userId, UInt64(redemptionTime.timeIntervalSince1970), params)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -32,4 +32,14 @@ public class CallLinkSecretParams: ByteArray {
|
||||
}
|
||||
}
|
||||
|
||||
public func decryptUserId(_ ciphertext: UuidCiphertext) throws -> UUID {
|
||||
return try withUnsafeBorrowedBuffer { contents in
|
||||
try ciphertext.withUnsafePointerToSerialized { ciphertext in
|
||||
try invokeFnReturningUuid {
|
||||
signal_call_link_secret_params_decrypt_user_id($0, contents, ciphertext)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user