diff --git a/OmnipodKit.xcodeproj/project.pbxproj b/OmnipodKit.xcodeproj/project.pbxproj index 81a2c2f..e4f678e 100644 --- a/OmnipodKit.xcodeproj/project.pbxproj +++ b/OmnipodKit.xcodeproj/project.pbxproj @@ -994,7 +994,7 @@ repositoryURL = "https://github.com/krzyzanowskim/CryptoSwift"; requirement = { kind = upToNextMajorVersion; - minimumVersion = 1.4.1; + minimumVersion = 1.10.0; }; }; D8F83FB32D1563B70005D165 /* XCRemoteSwiftPackageReference "SlideButton" */ = { diff --git a/OmnipodKit/Bluetooth/EnDecrypt/EnDecrypt.swift b/OmnipodKit/Bluetooth/EnDecrypt/EnDecrypt.swift index f0f7f44..eb83e87 100644 --- a/OmnipodKit/Bluetooth/EnDecrypt/EnDecrypt.swift +++ b/OmnipodKit/Bluetooth/EnDecrypt/EnDecrypt.swift @@ -27,9 +27,9 @@ class EnDecrypt { let header = msg.asData(forEncryption: false).subdata(in: 0..<16) let n = nonce.toData(sqn: nonceSeq, podReceiving: false) - let ccm = CCM(iv: n.bytes, tagLength: MAC_SIZE, messageLength: payload.count - MAC_SIZE, additionalAuthenticatedData: header.bytes) - let aes = try AES(key: ck.bytes, blockMode: ccm, padding: .noPadding) - let decryptedPayload = try aes.decrypt(payload.bytes) + let ccm = CCM(iv: n.byteArray, tagLength: MAC_SIZE, messageLength: payload.count - MAC_SIZE, additionalAuthenticatedData: header.byteArray) + let aes = try AES(key: ck.byteArray, blockMode: ccm, padding: .noPadding) + let decryptedPayload = try aes.decrypt(payload.byteArray) var msgCopy = msg msgCopy.payload = Data(decryptedPayload) @@ -41,9 +41,9 @@ class EnDecrypt { let header = headerMessage.asData(forEncryption: true).subdata(in: 0..<16) let n = nonce.toData(sqn: nonceSeq, podReceiving: true) - let ccm = CCM(iv: n.bytes, tagLength: MAC_SIZE, messageLength: payload.count, additionalAuthenticatedData: header.bytes) - let aes = try AES(key: ck.bytes, blockMode: ccm, padding: .noPadding) - let encryptedPayload = try aes.encrypt(payload.bytes) + let ccm = CCM(iv: n.byteArray, tagLength: MAC_SIZE, messageLength: payload.count, additionalAuthenticatedData: header.byteArray) + let aes = try AES(key: ck.byteArray, blockMode: ccm, padding: .noPadding) + let encryptedPayload = try aes.encrypt(payload.byteArray) var msgCopy = headerMessage msgCopy.payload = Data(encryptedPayload) diff --git a/OmnipodKit/Bluetooth/Pair/DashKeyExchange.swift b/OmnipodKit/Bluetooth/Pair/DashKeyExchange.swift index f32b57f..8f33cd3 100644 --- a/OmnipodKit/Bluetooth/Pair/DashKeyExchange.swift +++ b/OmnipodKit/Bluetooth/Pair/DashKeyExchange.swift @@ -101,7 +101,7 @@ class DashKeyExchange { } private func aesCmac(_ key: Data, _ data: Data) throws -> Data { - let mac = try CMAC(key: key.bytes) - return try Data(mac.authenticate(data.bytes)) + let mac = try CMAC(key: key.byteArray) + return try Data(mac.authenticate(data.byteArray)) } } diff --git a/OmnipodKit/Bluetooth/Pair/O5KeyExchange.swift b/OmnipodKit/Bluetooth/Pair/O5KeyExchange.swift index 6b88d02..5479f3e 100644 --- a/OmnipodKit/Bluetooth/Pair/O5KeyExchange.swift +++ b/OmnipodKit/Bluetooth/Pair/O5KeyExchange.swift @@ -253,7 +253,7 @@ class O5KeyExchange { } private func o5aesCmac(_ key: Data, _ data: Data) throws -> Data { - let mac = try CMAC(key: key.bytes) - return try Data(mac.authenticate(data.bytes)) + let mac = try CMAC(key: key.byteArray) + return try Data(mac.authenticate(data.byteArray)) } } diff --git a/OmnipodKit/Bluetooth/Pair/O5LTKExchanger.swift b/OmnipodKit/Bluetooth/Pair/O5LTKExchanger.swift index a91ca9c..2dd24cf 100644 --- a/OmnipodKit/Bluetooth/Pair/O5LTKExchanger.swift +++ b/OmnipodKit/Bluetooth/Pair/O5LTKExchanger.swift @@ -283,7 +283,7 @@ class O5LTKExchanger { let crc = O5LTKExchanger.crc16XMODEM(header) var payload = header payload.appendBigEndian(UInt16(crc)) - log.debug("Generated SPS0 value: %@", payload.bytes.toHexString()) + log.debug("Generated SPS0 value: %@", payload.byteArray.toHexString()) return payload } @@ -306,7 +306,7 @@ class O5LTKExchanger { // Validate the structure: first byte 0x00, direction 0x00 (pod), algorithm 0x09 guard payload[0] == 0x00 && payload[1] == 0x00 && payload[2] == 0x09 else { - throw PodProtocolError.pairingException("Unexpected SPS0 header bytes: \(payload.bytes.toHexString())") + throw PodProtocolError.pairingException("Unexpected SPS0 header bytes: \(payload.byteArray.toHexString())") } // Verify CRC-16/XMODEM over the first 3 bytes @@ -354,12 +354,12 @@ class O5LTKExchanger { let nonce = keyExchange.getSPSNonce(direction: .write) let key = keyExchange.conf log.info("Encrypting SPS2.1: key=%{public}@, nonce=%{public}@, plaintext=%{public}d bytes", - key.bytes.toHexString(), nonce.bytes.toHexString(), certDER.count) + key.byteArray.toHexString(), nonce.byteArray.toHexString(), certDER.count) let encrypted: [UInt8] do { - let ccm = CCM(iv: nonce.bytes, tagLength: 8, messageLength: certDER.count) - let aes = try AES(key: key.bytes, blockMode: ccm, padding: .noPadding) - encrypted = try aes.encrypt(certDER.bytes) + let ccm = CCM(iv: nonce.byteArray, tagLength: 8, messageLength: certDER.count) + let aes = try AES(key: key.byteArray, blockMode: ccm, padding: .noPadding) + encrypted = try aes.encrypt(certDER.byteArray) } catch { log.error("AES-CCM encrypt FAILED for SPS2.1: %{public}@", String(describing: error)) throw PodProtocolError.pairingException("SPS2.1 encrypt failed: \(error)") @@ -389,14 +389,14 @@ class O5LTKExchanger { // Decrypt the pod's SPS2.1 payload let nonce = keyExchange.getSPSNonce(direction: .read) let key = keyExchange.conf - log.info("Decrypting pod SPS2.1: key=%{public}@, nonce=%{public}@, ciphertext=%{public}d bytes", key.toHexString(), nonce.bytes.toHexString(), payload.count) + log.info("Decrypting pod SPS2.1: key=%{public}@, nonce=%{public}@, ciphertext=%{public}d bytes", key.toHexString(), nonce.byteArray.toHexString(), payload.count) let decryptedPayload: Data do { - let ccm = CCM(iv: nonce.bytes, tagLength: 8, messageLength: payload.count - 8) - let aes = try AES(key: key.bytes, blockMode: ccm, padding: .noPadding) - decryptedPayload = Data(try aes.decrypt(payload.bytes)) + let ccm = CCM(iv: nonce.byteArray, tagLength: 8, messageLength: payload.count - 8) + let aes = try AES(key: key.byteArray, blockMode: ccm, padding: .noPadding) + decryptedPayload = Data(try aes.decrypt(payload.byteArray)) } catch { - log.error("AES-CCM decrypt FAILED for pod SPS2.1: key=%{public}@, nonce=%{public}@, payload=%{public}d bytes, error=%{public}@", key.toHexString(), nonce.bytes.toHexString(), payload.count, String(describing: error)) + log.error("AES-CCM decrypt FAILED for pod SPS2.1: key=%{public}@, nonce=%{public}@, payload=%{public}d bytes, error=%{public}@", key.toHexString(), nonce.byteArray.toHexString(), payload.count, String(describing: error)) throw PodProtocolError.pairingException("Pod SPS2.1 decrypt failed (\(payload.count) bytes): \(error)") } keyExchange.incrementNonce(direction: .read) @@ -435,10 +435,10 @@ class O5LTKExchanger { // Build the 171-byte channel-binding transcript and sign with secondary key let transcript = keyExchange.buildChannelBindingTranscript() - log.info("Channel-binding transcript (%d bytes): %{public}@", transcript.count, transcript.bytes.toHexString()) + log.info("Channel-binding transcript (%d bytes): %{public}@", transcript.count, transcript.byteArray.toHexString()) let signatureRaw = try certStore.signRaw(transcript) - log.info("ECDSA signature (64 bytes): %{public}@", signatureRaw.bytes.toHexString()) + log.info("ECDSA signature (64 bytes): %{public}@", signatureRaw.byteArray.toHexString()) // Assemble plaintext: cert_DER || signature(64) var plaintext = Data(capacity: certDER.count + 64) @@ -452,12 +452,12 @@ class O5LTKExchanger { let nonce = keyExchange.getSPSNonce(direction: .write) let key = keyExchange.conf log.info("Encrypting SPS2: key=%{public}@, nonce=%{public}@, plaintext=%{public}d bytes", - key.bytes.toHexString(), nonce.bytes.toHexString(), plaintext.count) + key.byteArray.toHexString(), nonce.byteArray.toHexString(), plaintext.count) let encrypted: [UInt8] do { - let ccm = CCM(iv: nonce.bytes, tagLength: 8, messageLength: plaintext.count) - let aes = try AES(key: key.bytes, blockMode: ccm, padding: .noPadding) - encrypted = try aes.encrypt(plaintext.bytes) + let ccm = CCM(iv: nonce.byteArray, tagLength: 8, messageLength: plaintext.count) + let aes = try AES(key: key.byteArray, blockMode: ccm, padding: .noPadding) + encrypted = try aes.encrypt(plaintext.byteArray) } catch { log.error("AES-CCM encrypt FAILED for SPS2: %{public}@", String(describing: error)) throw PodProtocolError.pairingException("SPS2 encrypt failed: \(error)") @@ -486,14 +486,14 @@ class O5LTKExchanger { // Decrypt the pod's SPS2 payload let nonce = keyExchange.getSPSNonce(direction: .read) let key = keyExchange.conf - log.info("Decrypting pod SPS2: key=%{public}@, nonce=%{public}@, ciphertext=%{public}d bytes", key.toHexString(), nonce.bytes.toHexString(), payload.count) + log.info("Decrypting pod SPS2: key=%{public}@, nonce=%{public}@, ciphertext=%{public}d bytes", key.toHexString(), nonce.byteArray.toHexString(), payload.count) let decryptedPayload: Data do { - let ccm = CCM(iv: nonce.bytes, tagLength: 8, messageLength: payload.count - 8) - let aes = try AES(key: key.bytes, blockMode: ccm, padding: .noPadding) - decryptedPayload = Data(try aes.decrypt(payload.bytes)) + let ccm = CCM(iv: nonce.byteArray, tagLength: 8, messageLength: payload.count - 8) + let aes = try AES(key: key.byteArray, blockMode: ccm, padding: .noPadding) + decryptedPayload = Data(try aes.decrypt(payload.byteArray)) } catch { - log.error("AES-CCM decrypt FAILED for pod SPS2: key=%{public}@, nonce=%{public}@, payload=%{public}d bytes, error=%{public}@", key.toHexString(), nonce.bytes.toHexString(), payload.count, String(describing: error)) + log.error("AES-CCM decrypt FAILED for pod SPS2: key=%{public}@, nonce=%{public}@, payload=%{public}d bytes, error=%{public}@", key.toHexString(), nonce.byteArray.toHexString(), payload.count, String(describing: error)) throw PodProtocolError.pairingException("Pod SPS2 decrypt failed (\(payload.count) bytes): \(error)") } keyExchange.incrementNonce(direction: .read) @@ -575,7 +575,7 @@ class O5LTKExchanger { // MARK: - Helpers private func o5aesCmac(_ key: Data, _ data: Data) throws -> Data { - let mac = try CMAC(key: key.bytes) - return try Data(mac.authenticate(data.bytes)) + let mac = try CMAC(key: key.byteArray) + return try Data(mac.authenticate(data.byteArray)) } } diff --git a/OmnipodKit/Bluetooth/Session/Milenage.swift b/OmnipodKit/Bluetooth/Session/Milenage.swift index eaf7e7a..f796e74 100644 --- a/OmnipodKit/Bluetooth/Session/Milenage.swift +++ b/OmnipodKit/Bluetooth/Session/Milenage.swift @@ -50,19 +50,19 @@ class Milenage { self.auts = auts self.amf = amf - let cipher = try AES(key: k.bytes, blockMode: ECB(), padding: .noPadding) + let cipher = try AES(key: k.byteArray, blockMode: ECB(), padding: .noPadding) let random = OmniRandomByteGenerator() rand = randParam ?? random.nextBytes(length: Milenage.KEY_SIZE) - let opc = Data(try cipher.encrypt(Milenage.MILENAGE_OP.bytes)) ^ Milenage.MILENAGE_OP - let randOpcEncrypted = Data(try cipher.encrypt((rand ^ opc).bytes)) + let opc = Data(try cipher.encrypt(Milenage.MILENAGE_OP.byteArray)) ^ Milenage.MILENAGE_OP + let randOpcEncrypted = Data(try cipher.encrypt((rand ^ opc).byteArray)) let randOpcEncryptedxorOpc = randOpcEncrypted ^ opc var resAkInput = randOpcEncryptedxorOpc.subdata(in: 0..