passforios/passExtension/Crypto/GopenPGPInterface.swift

//
//  GopenPGPInterface.swift
//  passKit
//
//  Created by Danny Moesch on 08.09.19.
//  Copyright © 2019 Bob Sun. All rights reserved.
//

import Crypto

struct GopenPGPInterface: PGPInterface {
    private static let errorMapping: [String: Error] = [
        "gopenpgp: error in unlocking key: openpgp: invalid data: private key checksum failure": AppError.WrongPassphrase,
        "openpgp: incorrect key": AppError.KeyExpiredOrIncompatible,
    ]

    private var publicKeys: [String: CryptoKey] = [:]
    private var privateKeys: [String: CryptoKey] = [:]

    init(publicArmoredKey: String, privateArmoredKey: String) throws {
        let pubKeys = extractKeysFromArmored(str: publicArmoredKey)
        let prvKeys = extractKeysFromArmored(str: privateArmoredKey)

        for key in pubKeys {
            var error: NSError?
            guard let k = CryptoNewKeyFromArmored(key, &error) else {
                guard error == nil else {
                    throw error!
                }
                throw AppError.KeyImport
            }
            publicKeys[k.getFingerprint().lowercased()] = k
        }

        for key in prvKeys {
            var error: NSError?
            guard let k = CryptoNewKeyFromArmored(key, &error) else {
                guard error == nil else {
                    throw error!
                }
                throw AppError.KeyImport
            }
            privateKeys[k.getFingerprint().lowercased()] = k
        }
    }

    func extractKeysFromArmored(str: String) -> [String] {
        var keys: [String] = []
        var key: String = ""
        for line in str.splitByNewline() {
            if line.trimmed.uppercased().hasPrefix("-----BEGIN PGP") {
                key = ""
                key += line
            } else if line.trimmed.uppercased().hasPrefix("-----END PGP") {
                key += line
                keys.append(key)
            } else {
                key += line
            }
            key += "\n"
        }
        return keys
    }

    func containsPublicKey(with keyID: String) -> Bool {
        publicKeys.keys.contains { key in key.hasSuffix(keyID.lowercased()) }
    }

    func containsPrivateKey(with keyID: String) -> Bool {
        privateKeys.keys.contains { key in key.hasSuffix(keyID.lowercased()) }
    }

    func decrypt(encryptedData: Data, keyID: String, passphrase: String) throws -> Data? {
        guard let e = privateKeys.first(where: { key, _ in key.hasSuffix(keyID.lowercased()) }),
            let privateKey = privateKeys[e.key] else {
            throw AppError.Decryption
        }

        do {
            let unlockedKey = try privateKey.unlock(passphrase.data(using: .utf8))
            var error: NSError?

            guard let keyRing = CryptoNewKeyRing(unlockedKey, &error) else {
                guard error == nil else {
                    throw error!
                }
                throw AppError.Decryption
            }

            let message = createPgpMessage(from: encryptedData)
            return try keyRing.decrypt(message, verifyKey: nil, verifyTime: 0).data
        } catch {
            throw Self.errorMapping[error.localizedDescription, default: error]
        }
    }

    func encrypt(plainData: Data, keyID: String) throws -> Data {
        guard let e = publicKeys.first(where: { key, _ in key.hasSuffix(keyID.lowercased()) }),
            let publicKey = publicKeys[e.key] else {
            throw AppError.Encryption
        }

        var error: NSError?

        guard let keyRing = CryptoNewKeyRing(publicKey, &error) else {
            guard error == nil else {
                throw error!
            }
            throw AppError.Encryption
        }

        let encryptedData = try keyRing.encrypt(CryptoNewPlainMessage(plainData.mutable as Data), privateKey: nil)
        if Defaults.encryptInArmored {
            var error: NSError?
            let armor = encryptedData.getArmored(&error)
            guard error == nil else {
                throw error!
            }
            return armor.data(using: .ascii)!
        }
        return encryptedData.getBinary()!
    }

    var keyID: [String] {
        publicKeys.keys.map { $0.uppercased() }
    }

    var shortKeyID: [String] {
        publicKeys.keys.map { $0.suffix(8).uppercased() }
    }

    private func createPgpMessage(from encryptedData: Data) -> CryptoPGPMessage? {
        // Important note:
        // Even if Defaults.encryptInArmored is true now, it could be different during the encryption.
        var error: NSError?
        let message = CryptoNewPGPMessageFromArmored(String(data: encryptedData, encoding: .ascii), &error)
        if error == nil {
            return message
        }
        return CryptoNewPGPMessage(encryptedData.mutable as Data)
    }
}
Separate encryption/decryption logic for different frameworks used 2019-09-08 23:00:46 +02:00			`//`
Name classes/structs consistently 2020-04-19 15:41:30 +02:00			`// GopenPGPInterface.swift`
Separate encryption/decryption logic for different frameworks used 2019-09-08 23:00:46 +02:00			`// passKit`
			`//`
			`// Created by Danny Moesch on 08.09.19.`
			`// Copyright © 2019 Bob Sun. All rights reserved.`
			`//`

			`import Crypto`

Name classes/structs consistently 2020-04-19 15:41:30 +02:00			`struct GopenPGPInterface: PGPInterface {`
Wrap GopenPGP errors into more understandable app errors 2019-10-20 12:14:51 +02:00			`private static let errorMapping: [String: Error] = [`
Format code with SwiftFormat automatically in every build 2020-06-28 21:25:40 +02:00			`"gopenpgp: error in unlocking key: openpgp: invalid data: private key checksum failure": AppError.WrongPassphrase,`
			`"openpgp: incorrect key": AppError.KeyExpiredOrIncompatible,`
Wrap GopenPGP errors into more understandable app errors 2019-10-20 12:14:51 +02:00			`]`

Partially implement multikeys support (decryption) 2020-04-13 01:30:00 -07:00			`private var publicKeys: [String: CryptoKey] = [:]`
			`private var privateKeys: [String: CryptoKey] = [:]`
Separate encryption/decryption logic for different frameworks used 2019-09-08 23:00:46 +02:00
			`init(publicArmoredKey: String, privateArmoredKey: String) throws {`
Partially implement multikeys support (decryption) 2020-04-13 01:30:00 -07:00			`let pubKeys = extractKeysFromArmored(str: publicArmoredKey)`
			`let prvKeys = extractKeysFromArmored(str: privateArmoredKey)`

			`for key in pubKeys {`
			`var error: NSError?`
			`guard let k = CryptoNewKeyFromArmored(key, &error) else {`
			`guard error == nil else {`
			`throw error!`
			`}`
			`throw AppError.KeyImport`
			`}`
Check existence of PGP keys before encrypt/decrypt 2020-04-14 20:20:16 -07:00			`publicKeys[k.getFingerprint().lowercased()] = k`
Partially implement multikeys support (decryption) 2020-04-13 01:30:00 -07:00			`}`

			`for key in prvKeys {`
			`var error: NSError?`
			`guard let k = CryptoNewKeyFromArmored(key, &error) else {`
			`guard error == nil else {`
			`throw error!`
			`}`
			`throw AppError.KeyImport`
Update to gopengpg v2.0.0 2020-04-11 23:23:38 -07:00			`}`
Check existence of PGP keys before encrypt/decrypt 2020-04-14 20:20:16 -07:00			`privateKeys[k.getFingerprint().lowercased()] = k`
Separate encryption/decryption logic for different frameworks used 2019-09-08 23:00:46 +02:00			`}`
			`}`

Partially implement multikeys support (decryption) 2020-04-13 01:30:00 -07:00			`func extractKeysFromArmored(str: String) -> [String] {`
Format code with SwiftFormat automatically in every build 2020-06-28 21:25:40 +02:00			`var keys: [String] = []`
			`var key: String = ""`
			`for line in str.splitByNewline() {`
			`if line.trimmed.uppercased().hasPrefix("-----BEGIN PGP") {`
			`key = ""`
			`key += line`
			`} else if line.trimmed.uppercased().hasPrefix("-----END PGP") {`
			`key += line`
			`keys.append(key)`
			`} else {`
			`key += line`
			`}`
Change logic of passphrass for multikeys 2020-04-13 19:15:52 -07:00			`key += "\n"`
Format code with SwiftFormat automatically in every build 2020-06-28 21:25:40 +02:00			`}`
			`return keys`
			`}`
Partially implement multikeys support (decryption) 2020-04-13 01:30:00 -07:00
Check existence of PGP keys before encrypt/decrypt 2020-04-14 20:20:16 -07:00			`func containsPublicKey(with keyID: String) -> Bool {`
Enable SwiftLint rule 'trailing_closure' and fix all violations 2020-07-05 23:15:29 +02:00			`publicKeys.keys.contains { key in key.hasSuffix(keyID.lowercased()) }`
Check existence of PGP keys before encrypt/decrypt 2020-04-14 20:20:16 -07:00			`}`

			`func containsPrivateKey(with keyID: String) -> Bool {`
Enable SwiftLint rule 'trailing_closure' and fix all violations 2020-07-05 23:15:29 +02:00			`privateKeys.keys.contains { key in key.hasSuffix(keyID.lowercased()) }`
Check existence of PGP keys before encrypt/decrypt 2020-04-14 20:20:16 -07:00			`}`

Update to gopengpg v2.0.0 2020-04-11 23:23:38 -07:00			`func decrypt(encryptedData: Data, keyID: String, passphrase: String) throws -> Data? {`
Format code with SwiftFormat automatically in every build 2020-06-28 21:25:40 +02:00			`guard let e = privateKeys.first(where: { key, _ in key.hasSuffix(keyID.lowercased()) }),`
Partially implement multikeys support (decryption) 2020-04-13 01:30:00 -07:00			`let privateKey = privateKeys[e.key] else {`
			`throw AppError.Decryption`
			`}`

Wrap GopenPGP errors into more understandable app errors 2019-10-20 12:14:51 +02:00			`do {`
Update to gopengpg v2.0.0 2020-04-11 23:23:38 -07:00			`let unlockedKey = try privateKey.unlock(passphrase.data(using: .utf8))`
			`var error: NSError?`

			`guard let keyRing = CryptoNewKeyRing(unlockedKey, &error) else {`
			`guard error == nil else {`
			`throw error!`
			`}`
			`throw AppError.Decryption`
			`}`

			`let message = createPgpMessage(from: encryptedData)`
			`return try keyRing.decrypt(message, verifyKey: nil, verifyTime: 0).data`
Wrap GopenPGP errors into more understandable app errors 2019-10-20 12:14:51 +02:00			`} catch {`
			`throw Self.errorMapping[error.localizedDescription, default: error]`
			`}`
Separate encryption/decryption logic for different frameworks used 2019-09-08 23:00:46 +02:00			`}`

Update to gopengpg v2.0.0 2020-04-11 23:23:38 -07:00			`func encrypt(plainData: Data, keyID: String) throws -> Data {`
Format code with SwiftFormat automatically in every build 2020-06-28 21:25:40 +02:00			`guard let e = publicKeys.first(where: { key, _ in key.hasSuffix(keyID.lowercased()) }),`
Partially implement multikeys support (decryption) 2020-04-13 01:30:00 -07:00			`let publicKey = publicKeys[e.key] else {`
			`throw AppError.Encryption`
			`}`

Update to gopengpg v2.0.0 2020-04-11 23:23:38 -07:00			`var error: NSError?`

			`guard let keyRing = CryptoNewKeyRing(publicKey, &error) else {`
			`guard error == nil else {`
			`throw error!`
			`}`
			`throw AppError.Encryption`
			`}`

			`let encryptedData = try keyRing.encrypt(CryptoNewPlainMessage(plainData.mutable as Data), privateKey: nil)`
Update SwiftyUserDefaults to current version 5.0.0 2020-01-02 00:48:00 +01:00			`if Defaults.encryptInArmored {`
Separate encryption/decryption logic for different frameworks used 2019-09-08 23:00:46 +02:00			`var error: NSError?`
			`let armor = encryptedData.getArmored(&error)`
			`guard error == nil else {`
			`throw error!`
			`}`
			`return armor.data(using: .ascii)!`
			`}`
			`return encryptedData.getBinary()!`
			`}`

Change logic of passphrass for multikeys 2020-04-13 19:15:52 -07:00			`var keyID: [String] {`
Format code with SwiftFormat automatically in every build 2020-06-28 21:25:40 +02:00			`publicKeys.keys.map { $0.uppercased() }`
Update to gopengpg v2.0.0 2020-04-11 23:23:38 -07:00			`}`

Change logic of passphrass for multikeys 2020-04-13 19:15:52 -07:00			`var shortKeyID: [String] {`
Format code with SwiftFormat automatically in every build 2020-06-28 21:25:40 +02:00			`publicKeys.keys.map { $0.suffix(8).uppercased() }`
Separate encryption/decryption logic for different frameworks used 2019-09-08 23:00:46 +02:00			`}`

			`private func createPgpMessage(from encryptedData: Data) -> CryptoPGPMessage? {`
Fix a decryption bug 2019-09-30 00:12:54 +08:00			`// Important note:`
Update SwiftyUserDefaults to current version 5.0.0 2020-01-02 00:48:00 +01:00			`// Even if Defaults.encryptInArmored is true now, it could be different during the encryption.`
Fix a decryption bug 2019-09-30 00:12:54 +08:00			`var error: NSError?`
			`let message = CryptoNewPGPMessageFromArmored(String(data: encryptedData, encoding: .ascii), &error)`
			`if error == nil {`
			`return message`
Separate encryption/decryption logic for different frameworks used 2019-09-08 23:00:46 +02:00			`}`
			`return CryptoNewPGPMessage(encryptedData.mutable as Data)`
			`}`
			`}`