passforios/passKit/Crypto/GopenPGPInterface.swift

//
//  GopenPGPInterface.swift
//  passKit
//
//  Created by Danny Moesch on 08.09.19.
//  Copyright © 2019 Bob Sun. All rights reserved.
//

import Gopenpgp

struct GopenPGPInterface: PGPInterface {
    private static let errorMapping: [String: Error] = [
        "gopenpgp: error in unlocking key: openpgp: invalid data: private key checksum failure": AppError.wrongPassphrase,
        "gopenpgp: error in reading message: openpgp: incorrect key": AppError.keyExpiredOrIncompatible,
    ]

    private var publicKeys: [String: CryptoKey] = [:]
    private var privateKeys: [String: CryptoKey] = [:]

    init(publicArmoredKey: String, privateArmoredKey: String) throws {
        let pubKeys = extractKeysFromArmored(str: publicArmoredKey)
        let prvKeys = extractKeysFromArmored(str: privateArmoredKey)

        for key in pubKeys {
            var error: NSError?
            guard let cryptoKey = CryptoNewKeyFromArmored(key, &error) else {
                guard error == nil else {
                    throw error!
                }
                throw AppError.keyImport
            }
            publicKeys[cryptoKey.getFingerprint().lowercased()] = cryptoKey
        }

        for key in prvKeys {
            var error: NSError?
            guard let cryptoKey = CryptoNewKeyFromArmored(key, &error) else {
                guard error == nil else {
                    throw error!
                }
                throw AppError.keyImport
            }
            privateKeys[cryptoKey.getFingerprint().lowercased()] = cryptoKey
        }
    }

    func extractKeysFromArmored(str: String) -> [String] {
        var keys: [String] = []
        var key = ""
        for line in str.splitByNewline() {
            if line.trimmed.uppercased().hasPrefix("-----BEGIN PGP") {
                key = ""
                key += line
            } else if line.trimmed.uppercased().hasPrefix("-----END PGP") {
                key += line
                keys.append(key)
            } else {
                key += line
            }
            key += "\n"
        }
        return keys
    }

    func containsPublicKey(with keyID: String) -> Bool {
        publicKeys.keys.contains { key in key.hasSuffix(keyID.lowercased()) }
    }

    func containsPrivateKey(with keyID: String) -> Bool {
        privateKeys.keys.contains { key in key.hasSuffix(keyID.lowercased()) }
    }

    func decrypt(encryptedData: Data, keyID: String?, passphrase: String) throws -> Data? {
        let key: CryptoKey? = {
            if let keyID {
                return privateKeys.first(where: { key, _ in key.hasSuffix(keyID.lowercased()) })?.value
            }
            return privateKeys.first?.value
        }()

        guard let privateKey = key else {
            throw AppError.decryption
        }

        do {
            var isLocked: ObjCBool = false
            try privateKey.isLocked(&isLocked)
            var unlockedKey: CryptoKey!
            if isLocked.boolValue {
                unlockedKey = try privateKey.unlock(passphrase.data(using: .utf8))
            } else {
                unlockedKey = privateKey
            }
            var error: NSError?

            guard let keyRing = CryptoNewKeyRing(unlockedKey, &error) else {
                guard error == nil else {
                    throw error!
                }
                throw AppError.decryption
            }

            let message = createPGPMessage(from: encryptedData)
            return try keyRing.decrypt(message, verifyKey: nil, verifyTime: 0).data
        } catch {
            throw Self.errorMapping[error.localizedDescription, default: error]
        }
    }

    func encrypt(plainData: Data, keyID: String?) throws -> Data {
        let key: CryptoKey? = {
            if let keyID {
                return publicKeys.first(where: { key, _ in key.hasSuffix(keyID.lowercased()) })?.value
            }
            return publicKeys.first?.value
        }()

        guard let publicKey = key else {
            throw AppError.encryption
        }

        var error: NSError?

        guard let keyRing = CryptoNewKeyRing(publicKey, &error) else {
            guard error == nil else {
                throw error!
            }
            throw AppError.encryption
        }

        let encryptedData = try keyRing.encrypt(CryptoNewPlainMessage(plainData.mutable as Data), privateKey: nil)
        if Defaults.encryptInArmored {
            var error: NSError?
            let armor = encryptedData.getArmored(&error)
            guard error == nil else {
                throw error!
            }
            return armor.data(using: .ascii)!
        }
        return encryptedData.getBinary()!
    }

    var keyID: [String] {
        publicKeys.keys.map { $0.uppercased() }
    }

    var shortKeyID: [String] {
        publicKeys.keys.map { $0.suffix(8).uppercased() }
    }

    private func createPGPMessage(from encryptedData: Data) -> CryptoPGPMessage? {
        // Important note:
        // Even if Defaults.encryptInArmored is true now, it could be different during the encryption.
        var error: NSError?
        let message = CryptoNewPGPMessageFromArmored(String(data: encryptedData, encoding: .ascii), &error)
        if error == nil {
            return message
        }
        return CryptoNewPGPMessage(encryptedData.mutable as Data)
    }
}
Separate encryption/decryption logic for different frameworks used 2019-09-08 23:00:46 +02:00			`//`
Name classes/structs consistently 2020-04-19 15:41:30 +02:00			`// GopenPGPInterface.swift`
Separate encryption/decryption logic for different frameworks used 2019-09-08 23:00:46 +02:00			`// passKit`
			`//`
			`// Created by Danny Moesch on 08.09.19.`
			`// Copyright © 2019 Bob Sun. All rights reserved.`
			`//`

Use ProtonMail's GopenPGP library This allows for a simpler setup and the usage of a recent version of Go. The library provides a build script which creates an XCFramework containing binaries for multiple target architectures. The gnu-dummy.patch is taken from mssun/gopenpgp. The forks are not needed anymore. 2021-06-20 00:33:48 +02:00			`import Gopenpgp`
Separate encryption/decryption logic for different frameworks used 2019-09-08 23:00:46 +02:00
Name classes/structs consistently 2020-04-19 15:41:30 +02:00			`struct GopenPGPInterface: PGPInterface {`
Wrap GopenPGP errors into more understandable app errors 2019-10-20 12:14:51 +02:00			`private static let errorMapping: [String: Error] = [`
Enable SwiftLint rule 'identifier_name' and handle all violations 2020-09-20 15:07:18 +02:00			`"gopenpgp: error in unlocking key: openpgp: invalid data: private key checksum failure": AppError.wrongPassphrase,`
Use ProtonMail's GopenPGP library This allows for a simpler setup and the usage of a recent version of Go. The library provides a build script which creates an XCFramework containing binaries for multiple target architectures. The gnu-dummy.patch is taken from mssun/gopenpgp. The forks are not needed anymore. 2021-06-20 00:33:48 +02:00			`"gopenpgp: error in reading message: openpgp: incorrect key": AppError.keyExpiredOrIncompatible,`
Wrap GopenPGP errors into more understandable app errors 2019-10-20 12:14:51 +02:00			`]`

Partially implement multikeys support (decryption) 2020-04-13 01:30:00 -07:00			`private var publicKeys: [String: CryptoKey] = [:]`
			`private var privateKeys: [String: CryptoKey] = [:]`
Separate encryption/decryption logic for different frameworks used 2019-09-08 23:00:46 +02:00
			`init(publicArmoredKey: String, privateArmoredKey: String) throws {`
Partially implement multikeys support (decryption) 2020-04-13 01:30:00 -07:00			`let pubKeys = extractKeysFromArmored(str: publicArmoredKey)`
			`let prvKeys = extractKeysFromArmored(str: privateArmoredKey)`

			`for key in pubKeys {`
			`var error: NSError?`
Enable SwiftLint rule 'identifier_name' and handle all violations 2020-09-20 15:07:18 +02:00			`guard let cryptoKey = CryptoNewKeyFromArmored(key, &error) else {`
Partially implement multikeys support (decryption) 2020-04-13 01:30:00 -07:00			`guard error == nil else {`
			`throw error!`
			`}`
Enable SwiftLint rule 'identifier_name' and handle all violations 2020-09-20 15:07:18 +02:00			`throw AppError.keyImport`
Partially implement multikeys support (decryption) 2020-04-13 01:30:00 -07:00			`}`
Enable SwiftLint rule 'identifier_name' and handle all violations 2020-09-20 15:07:18 +02:00			`publicKeys[cryptoKey.getFingerprint().lowercased()] = cryptoKey`
Partially implement multikeys support (decryption) 2020-04-13 01:30:00 -07:00			`}`

			`for key in prvKeys {`
			`var error: NSError?`
Enable SwiftLint rule 'identifier_name' and handle all violations 2020-09-20 15:07:18 +02:00			`guard let cryptoKey = CryptoNewKeyFromArmored(key, &error) else {`
Partially implement multikeys support (decryption) 2020-04-13 01:30:00 -07:00			`guard error == nil else {`
			`throw error!`
			`}`
Enable SwiftLint rule 'identifier_name' and handle all violations 2020-09-20 15:07:18 +02:00			`throw AppError.keyImport`
Update to gopengpg v2.0.0 2020-04-11 23:23:38 -07:00			`}`
Enable SwiftLint rule 'identifier_name' and handle all violations 2020-09-20 15:07:18 +02:00			`privateKeys[cryptoKey.getFingerprint().lowercased()] = cryptoKey`
Separate encryption/decryption logic for different frameworks used 2019-09-08 23:00:46 +02:00			`}`
			`}`

Partially implement multikeys support (decryption) 2020-04-13 01:30:00 -07:00			`func extractKeysFromArmored(str: String) -> [String] {`
Format code with SwiftFormat automatically in every build 2020-06-28 21:25:40 +02:00			`var keys: [String] = []`
Use SwiftFormat version 0.49.x and enable some new rules (#527) 2021-12-28 02:57:11 +01:00			`var key = ""`
Format code with SwiftFormat automatically in every build 2020-06-28 21:25:40 +02:00			`for line in str.splitByNewline() {`
			`if line.trimmed.uppercased().hasPrefix("-----BEGIN PGP") {`
			`key = ""`
			`key += line`
			`} else if line.trimmed.uppercased().hasPrefix("-----END PGP") {`
			`key += line`
			`keys.append(key)`
			`} else {`
			`key += line`
			`}`
Change logic of passphrass for multikeys 2020-04-13 19:15:52 -07:00			`key += "\n"`
Format code with SwiftFormat automatically in every build 2020-06-28 21:25:40 +02:00			`}`
			`return keys`
			`}`
Partially implement multikeys support (decryption) 2020-04-13 01:30:00 -07:00
Check existence of PGP keys before encrypt/decrypt 2020-04-14 20:20:16 -07:00			`func containsPublicKey(with keyID: String) -> Bool {`
Enable SwiftLint rule 'trailing_closure' and fix all violations 2020-07-05 23:15:29 +02:00			`publicKeys.keys.contains { key in key.hasSuffix(keyID.lowercased()) }`
Check existence of PGP keys before encrypt/decrypt 2020-04-14 20:20:16 -07:00			`}`

			`func containsPrivateKey(with keyID: String) -> Bool {`
Enable SwiftLint rule 'trailing_closure' and fix all violations 2020-07-05 23:15:29 +02:00			`privateKeys.keys.contains { key in key.hasSuffix(keyID.lowercased()) }`
Check existence of PGP keys before encrypt/decrypt 2020-04-14 20:20:16 -07:00			`}`

Add ignore .gpg-id switch default ON 2021-01-07 21:58:38 -08:00			`func decrypt(encryptedData: Data, keyID: String?, passphrase: String) throws -> Data? {`
			`let key: CryptoKey? = {`
Update SwiftLint and SwiftFormat (#613) * Update Swift version used by SwiftFormat * Update SwiftLint version * Rely on new virtual 'all' rule in SwiftLint * Enable SwiftLint rule 'direct_return' rule and fix all violations * Enable SwiftLint rule 'shorthand_optional_binding' rule and fix all violations * Enable SwiftLint rule 'blanket_disable_command' rule and fix all violations 2023-04-23 22:01:37 +02:00			`if let keyID {`
Add ignore .gpg-id switch default ON 2021-01-07 21:58:38 -08:00			`return privateKeys.first(where: { key, _ in key.hasSuffix(keyID.lowercased()) })?.value`
			`}`
Remove redundant 'else' blocks 2021-01-31 13:34:37 +01:00			`return privateKeys.first?.value`
Add ignore .gpg-id switch default ON 2021-01-07 21:58:38 -08:00			`}()`

			`guard let privateKey = key else {`
Enable SwiftLint rule 'identifier_name' and handle all violations 2020-09-20 15:07:18 +02:00			`throw AppError.decryption`
Partially implement multikeys support (decryption) 2020-04-13 01:30:00 -07:00			`}`

Wrap GopenPGP errors into more understandable app errors 2019-10-20 12:14:51 +02:00			`do {`
Fix decryption issue when key without passphrase set 2021-01-10 15:01:21 -08:00			`var isLocked: ObjCBool = false`
			`try privateKey.isLocked(&isLocked)`
			`var unlockedKey: CryptoKey!`
			`if isLocked.boolValue {`
			`unlockedKey = try privateKey.unlock(passphrase.data(using: .utf8))`
			`} else {`
			`unlockedKey = privateKey`
			`}`
Update to gopengpg v2.0.0 2020-04-11 23:23:38 -07:00			`var error: NSError?`

			`guard let keyRing = CryptoNewKeyRing(unlockedKey, &error) else {`
			`guard error == nil else {`
			`throw error!`
			`}`
Enable SwiftLint rule 'identifier_name' and handle all violations 2020-09-20 15:07:18 +02:00			`throw AppError.decryption`
Update to gopengpg v2.0.0 2020-04-11 23:23:38 -07:00			`}`

Use SwiftFormat version 0.49.x and enable some new rules (#527) 2021-12-28 02:57:11 +01:00			`let message = createPGPMessage(from: encryptedData)`
Update to gopengpg v2.0.0 2020-04-11 23:23:38 -07:00			`return try keyRing.decrypt(message, verifyKey: nil, verifyTime: 0).data`
Wrap GopenPGP errors into more understandable app errors 2019-10-20 12:14:51 +02:00			`} catch {`
			`throw Self.errorMapping[error.localizedDescription, default: error]`
			`}`
Separate encryption/decryption logic for different frameworks used 2019-09-08 23:00:46 +02:00			`}`

Add ignore .gpg-id switch default ON 2021-01-07 21:58:38 -08:00			`func encrypt(plainData: Data, keyID: String?) throws -> Data {`
			`let key: CryptoKey? = {`
Update SwiftLint and SwiftFormat (#613) * Update Swift version used by SwiftFormat * Update SwiftLint version * Rely on new virtual 'all' rule in SwiftLint * Enable SwiftLint rule 'direct_return' rule and fix all violations * Enable SwiftLint rule 'shorthand_optional_binding' rule and fix all violations * Enable SwiftLint rule 'blanket_disable_command' rule and fix all violations 2023-04-23 22:01:37 +02:00			`if let keyID {`
Add ignore .gpg-id switch default ON 2021-01-07 21:58:38 -08:00			`return publicKeys.first(where: { key, _ in key.hasSuffix(keyID.lowercased()) })?.value`
			`}`
Remove redundant 'else' blocks 2021-01-31 13:34:37 +01:00			`return publicKeys.first?.value`
Add ignore .gpg-id switch default ON 2021-01-07 21:58:38 -08:00			`}()`

			`guard let publicKey = key else {`
Enable SwiftLint rule 'identifier_name' and handle all violations 2020-09-20 15:07:18 +02:00			`throw AppError.encryption`
Partially implement multikeys support (decryption) 2020-04-13 01:30:00 -07:00			`}`

Update to gopengpg v2.0.0 2020-04-11 23:23:38 -07:00			`var error: NSError?`

			`guard let keyRing = CryptoNewKeyRing(publicKey, &error) else {`
			`guard error == nil else {`
			`throw error!`
			`}`
Enable SwiftLint rule 'identifier_name' and handle all violations 2020-09-20 15:07:18 +02:00			`throw AppError.encryption`
Update to gopengpg v2.0.0 2020-04-11 23:23:38 -07:00			`}`

			`let encryptedData = try keyRing.encrypt(CryptoNewPlainMessage(plainData.mutable as Data), privateKey: nil)`
Update SwiftyUserDefaults to current version 5.0.0 2020-01-02 00:48:00 +01:00			`if Defaults.encryptInArmored {`
Separate encryption/decryption logic for different frameworks used 2019-09-08 23:00:46 +02:00			`var error: NSError?`
			`let armor = encryptedData.getArmored(&error)`
			`guard error == nil else {`
			`throw error!`
			`}`
			`return armor.data(using: .ascii)!`
			`}`
			`return encryptedData.getBinary()!`
			`}`

Change logic of passphrass for multikeys 2020-04-13 19:15:52 -07:00			`var keyID: [String] {`
Format code with SwiftFormat automatically in every build 2020-06-28 21:25:40 +02:00			`publicKeys.keys.map { $0.uppercased() }`
Update to gopengpg v2.0.0 2020-04-11 23:23:38 -07:00			`}`

Change logic of passphrass for multikeys 2020-04-13 19:15:52 -07:00			`var shortKeyID: [String] {`
Format code with SwiftFormat automatically in every build 2020-06-28 21:25:40 +02:00			`publicKeys.keys.map { $0.suffix(8).uppercased() }`
Separate encryption/decryption logic for different frameworks used 2019-09-08 23:00:46 +02:00			`}`

Use SwiftFormat version 0.49.x and enable some new rules (#527) 2021-12-28 02:57:11 +01:00			`private func createPGPMessage(from encryptedData: Data) -> CryptoPGPMessage? {`
Fix a decryption bug 2019-09-30 00:12:54 +08:00			`// Important note:`
Update SwiftyUserDefaults to current version 5.0.0 2020-01-02 00:48:00 +01:00			`// Even if Defaults.encryptInArmored is true now, it could be different during the encryption.`
Fix a decryption bug 2019-09-30 00:12:54 +08:00			`var error: NSError?`
			`let message = CryptoNewPGPMessageFromArmored(String(data: encryptedData, encoding: .ascii), &error)`
			`if error == nil {`
			`return message`
Separate encryption/decryption logic for different frameworks used 2019-09-08 23:00:46 +02:00			`}`
			`return CryptoNewPGPMessage(encryptedData.mutable as Data)`
			`}`
			`}`