lysann/passforios
1
0
Fork 0
Code Issues Pull requests Activity

Check existence of PGP keys before encrypt/decrypt

Browse source
This commit is contained in:
Mingshen Sun 2020-04-14 20:20:16 -07:00
parent 50dec23b02
commit 0cae6af60d
No known key found for this signature in database
GPG key ID: 1F86BA2052FED3B4
6 changed files with 41 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

12
passKit/Crypto/GopenPgp.swift
View file

@ -30,7 +30,7 @@ struct GopenPgp: PgpInterface {
}
throw AppError.KeyImport
}
publicKeys[k.getFingerprint()] = k
publicKeys[k.getFingerprint().lowercased()] = k
}
for key in prvKeys {
@ -41,7 +41,7 @@ struct GopenPgp: PgpInterface {
}
throw AppError.KeyImport
}
privateKeys[k.getFingerprint()] = k
privateKeys[k.getFingerprint().lowercased()] = k
}
}
@ -64,6 +64,14 @@ struct GopenPgp: PgpInterface {
return keys
}
func containsPublicKey(with keyID: String) -> Bool {
publicKeys.keys.contains(where: { key in key.hasSuffix(keyID.lowercased()) })
}
func containsPrivateKey(with keyID: String) -> Bool {
privateKeys.keys.contains(where: { key in key.hasSuffix(keyID.lowercased()) })
}
func decrypt(encryptedData: Data, keyID: String, passphrase: String) throws -> Data? {
guard let e = privateKeys.first(where: { (key, _) in key.hasSuffix(keyID.lowercased()) }),
let privateKey = privateKeys[e.key] else {

8
passKit/Crypto/ObjectivePgp.swift
View file

@ -42,6 +42,14 @@ struct ObjectivePgp: PgpInterface {
return encryptedData
}
func containsPublicKey(with keyID: String) -> Bool {
keyring.findKey(keyID)?.isPublic ?? false
}
func containsPrivateKey(with keyID: String) -> Bool {
keyring.findKey(keyID)?.isSecret ?? false
}
var keyID: [String] {
return keyring.keys.map({ $0.keyID.longIdentifier })
}

14
passKit/Crypto/PGPAgent.swift
View file

@ -51,6 +51,15 @@ public class PGPAgent {
self.latestDecryptStatus = false
// Init keys.
try checkAndInit()
guard let pgpInterface = pgpInterface else {
throw AppError.Decryption
}
if !pgpInterface.containsPrivateKey(with: keyID) {
throw AppError.PgpPrivateKeyNotFound(keyID: keyID)
}
// Get the PGP key passphrase.
var passphrase = ""
if previousDecryptStatus == false {
@ -59,7 +68,7 @@ public class PGPAgent {
passphrase = keyStore.get(for: AppKeychain.getPGPKeyPassphraseKey(keyID: keyID)) ?? requestPGPKeyPassphrase(keyID)
}
// Decrypt.
guard let result = try pgpInterface!.decrypt(encryptedData: encryptedData, keyID: keyID, passphrase: passphrase) else {
guard let result = try pgpInterface.decrypt(encryptedData: encryptedData, keyID: keyID, passphrase: passphrase) else {
return nil
}
// The decryption step has succeed.
@ -72,6 +81,9 @@ public class PGPAgent {
guard let pgpInterface = pgpInterface else {
throw AppError.Encryption
}
if !pgpInterface.containsPublicKey(with: keyID) {
throw AppError.PgpPublicKeyNotFound(keyID: keyID)
}
return try pgpInterface.encrypt(plainData: plainData, keyID: keyID)
}

4
passKit/Crypto/PgpInterface.swift
View file

@ -12,6 +12,10 @@ protocol PgpInterface {
func encrypt(plainData: Data, keyID: String) throws -> Data
func containsPublicKey(with keyID: String) -> Bool
func containsPrivateKey(with keyID: String) -> Bool
var keyID: [String] { get }
var shortKeyID: [String] { get }

5
passKit/Helpers/AppError.swift
View file

@ -16,7 +16,8 @@ public enum AppError: Error, Equatable {
case GitReset
case GitCommit
case PasswordEntity
case PgpPublicKeyNotExist
case PgpPublicKeyNotFound(keyID: String)
case PgpPrivateKeyNotFound(keyID: String)
case KeyExpiredOrIncompatible
case WrongPassphrase
case WrongPasswordFilename
@ -32,6 +33,8 @@ extension AppError: LocalizedError {
switch self {
case let .RepositoryRemoteBranchNotFound(name), let .RepositoryBranchNotFound(name), let .ReadingFile(name):
return localizationKey.localize(name)
case let .PgpPublicKeyNotFound(keyID), let .PgpPrivateKeyNotFound(keyID):
return localizationKey.localize(keyID)
default:
return localizationKey.localize()
}