aes-gsm for attachments

ConversationsClassic/AppData/Client/Client.swift

@@ -115,7 +115,16 @@ extension Client {
         }
 
         // encrypt data if needed
-        let ((key, iv), encrypted) = try await encryptFile(data)
+        let key = try AESGSMEngine.generateKey()
+        let iv = try AESGSMEngine.generateIV()
+        var encrypted = Data()
+        var tag = Data()
+        guard AESGSMEngine.shared.encrypt(iv: iv, key: key, message: data, output: &encrypted, tag: &tag) else {
+            throw AppError.securityError
+        }
+
+        // attach tag to end of encrypted data
+        encrypted.append(tag)
         data = encrypted
 
         // upload
@@ -192,19 +201,6 @@ private extension Client {
             })
         }
     }
-
-    func encryptFile(_ data: Data) async throws -> ((Data, Data), Data) {
-        guard let iv = try? AESGSMEngine.generateIV(), let key = try? AESGSMEngine.generateKey() else {
-            throw AppError.securityError
-        }
-        var encrypted = Data()
-        var tag = Data()
-        guard AESGSMEngine.shared.encrypt(iv: iv, key: key, message: data, output: &encrypted, tag: &tag) else {
-            throw AppError.securityError
-        }
-
-        return ((key, iv), encrypted)
-    }
 }
 
 extension Client {

ConversationsClassic/AppData/Services/AESGSMEngine.swift

@@ -12,8 +12,8 @@ final class AESGSMEngine: AES_GCM_Engine {
             let symmetricKey = SymmetricKey(data: key)
             let sealedBox = try AES.GCM.seal(message, using: symmetricKey, nonce: AES.GCM.Nonce(data: iv))
 
-            if let output = output, let data = sealedBox.combined {
-                output.pointee = data
+            if let output = output {
+                output.pointee = sealedBox.ciphertext
             }
             if let tag = tag {
                 tag.pointee = sealedBox.tag