// // EncryptedResponse.swift // Befund // // Created by Irakli Abetschkhrischwili on 15.05.22. // Copyright © 2022 MVZ Dr. Stein und Kollegen. All rights reserved. import Foundation import CryptoKit extension Core.Models.Response { public class EncryptedResponse : Encodable, Decodable { public var descriptor: String! public var encrypted_content: String? = nil public var hmac: String? = nil public func Decrypt(key: CryptoKit.SymmetricKey) -> Any? { var result: Any? = nil do { self.descriptor = Core.Security.AES.Decrypt(value: self.descriptor, deriveKey: key) if(self.descriptor != nil && self.encrypted_content != nil) { self.encrypted_content = Core.Security.AES.Decrypt(value: self.encrypted_content!, deriveKey: key) if(self.encrypted_content != nil) { let data : Data? = self.encrypted_content!.data(using: .utf8) if(data != nil) { let decoder = JSONDecoder() if(self.descriptor.lowercased() == "success") { result = try decoder.decode(Core.Models.Response.Success.self, from: data!) } else if(self.descriptor!.lowercased() == "responseexception") { result = try decoder.decode(Core.Models.Response.Exception.self, from: data!) } else if(self.descriptor!.lowercased() == "list") { result = try decoder.decode([Core.Models.Database.Status].self, from: data!) } else if(self.descriptor!.lowercased() == "download") { result = try decoder.decode(Core.Models.Response.Download.self, from: data!) } else if(self.descriptor!.lowercased() == "pin") { result = try decoder.decode(Core.Models.Response.PIN.self, from: data!) } } } } } catch { Core.Log.Error(err: error, namespace: "Core.Models.Response.EncryptedResponse", method: "Decrypt(SymmetricKey)") } return result; } /** * Validates the encrypted request by HMAC and Ed25519 * * @param deriveKey - shared derive key, that should be used for the HMAC Authentification * @param clientSignature - client signature, that should be verified * @param clientSignatureKey - client public signature key, that was used in client signature * @return returns true if request is valid */ public func ValidSignature(deriveKey: SymmetricKey, clientSignature: String, clientSignatureKey: String) -> Bool { if(self.encrypted_content != nil && !self.encrypted_content!.isEmpty) { return // Validate over HMAC (self.hmac != nil && !self.hmac!.isEmpty && Core.Security.SHA512.isValidAuthenticationCode(hmac: self.hmac!, message: self.encrypted_content!.data(using: .utf8)!, key: deriveKey) && //Validate over Ed25519 Core.Security.Curve25519.CheckValid(signature: Core.Security.Base64.FromBase64String(base64: clientSignature)!, message: self.encrypted_content!.data(using: .utf8)!, publicKey: Core.Security.Base64.FromBase64String(base64: clientSignatureKey)!)) } else { return // Validate over HMAC (self.hmac != nil && !self.hmac!.isEmpty && Core.Security.SHA512.isValidAuthenticationCode(hmac: self.hmac!, message: self.descriptor.data(using: .utf8)!, key: deriveKey) && //Validate over Ed25519 Core.Security.Curve25519.CheckValid(signature: Core.Security.Base64.FromBase64String(base64: clientSignature)!, message: self.descriptor.data(using: .utf8)!, publicKey: Core.Security.Base64.FromBase64String(base64: clientSignatureKey)!)) } } } }