diff --git a/pass.xcodeproj/project.pbxproj b/pass.xcodeproj/project.pbxproj index c663c28..e07195c 100644 --- a/pass.xcodeproj/project.pbxproj +++ b/pass.xcodeproj/project.pbxproj @@ -109,6 +109,9 @@ 556EC3D922335D2800934F9C /* Localizable.stringsdict in Resources */ = {isa = PBXBuildFile; fileRef = 30BF5ED521ED2434000E4154 /* Localizable.stringsdict */; }; 556EC3DA22335D3400934F9C /* InfoPlist.strings in Resources */ = {isa = PBXBuildFile; fileRef = 30C25DBF21F3599E00BB27BB /* InfoPlist.strings */; }; 556EC3DB22335D3D00934F9C /* InfoPlist.strings in Resources */ = {isa = PBXBuildFile; fileRef = 30C25DBF21F3599E00BB27BB /* InfoPlist.strings */; }; + 5F9D7B0D27AF6F7500A8AB22 /* CryptoTokenKit.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 5F9D7B0C27AF6F7300A8AB22 /* CryptoTokenKit.framework */; settings = {ATTRIBUTES = (Weak, ); }; }; + 5F9D7B0E27AF6FCA00A8AB22 /* CryptoTokenKit.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 5F9D7B0C27AF6F7300A8AB22 /* CryptoTokenKit.framework */; settings = {ATTRIBUTES = (Weak, ); }; }; + 5F9D7B0F27AF6FD200A8AB22 /* CryptoTokenKit.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 5F9D7B0C27AF6F7300A8AB22 /* CryptoTokenKit.framework */; settings = {ATTRIBUTES = (Weak, ); }; }; 9A1D1CE526E5D1CE0052028E /* OneTimePassword in Frameworks */ = {isa = PBXBuildFile; productRef = 9A1D1CE426E5D1CE0052028E /* OneTimePassword */; }; 9A1D1CE726E5D2230052028E /* OneTimePassword in Frameworks */ = {isa = PBXBuildFile; productRef = 9A1D1CE626E5D2230052028E /* OneTimePassword */; }; 9A1F47FA26E5CF4B000C0E01 /* OneTimePassword in Frameworks */ = {isa = PBXBuildFile; productRef = 9A1F47F926E5CF4B000C0E01 /* OneTimePassword */; }; @@ -413,6 +416,7 @@ 30EE3A1B241E98C6009FBB61 /* de */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = de; path = de.lproj/Intents.strings; sourceTree = ""; }; 30F6C1B327664C7200BE5AB2 /* SVProgressHUD.xcframework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.xcframework; name = SVProgressHUD.xcframework; path = Carthage/Build/SVProgressHUD.xcframework; sourceTree = ""; }; 30FD2F77214D9E0E005E0A92 /* ParserTest.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ParserTest.swift; sourceTree = ""; }; + 5F9D7B0C27AF6F7300A8AB22 /* CryptoTokenKit.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = CryptoTokenKit.framework; path = System/Library/Frameworks/CryptoTokenKit.framework; sourceTree = SDKROOT; }; 9A1EF0B324C50DD80074FEAC /* passBeta.entitlements */ = {isa = PBXFileReference; lastKnownFileType = text.plist.entitlements; path = passBeta.entitlements; sourceTree = ""; }; 9A1EF0B424C50E780074FEAC /* passBetaAutoFillExtension.entitlements */ = {isa = PBXFileReference; lastKnownFileType = text.plist.entitlements; path = passBetaAutoFillExtension.entitlements; sourceTree = ""; }; 9A1EF0B524C50EE00074FEAC /* passBetaExtension.entitlements */ = {isa = PBXFileReference; lastKnownFileType = text.plist.entitlements; path = passBetaExtension.entitlements; sourceTree = ""; }; @@ -519,6 +523,7 @@ isa = PBXFrameworksBuildPhase; buildActionMask = 2147483647; files = ( + 5F9D7B0E27AF6FCA00A8AB22 /* CryptoTokenKit.framework in Frameworks */, 9A5C6EF92786CE170003F340 /* YubiKit in Frameworks */, 9A996C6E26DEB99200A4485D /* passKit.framework in Frameworks */, 30A3001A26DA697C002A734E /* SwiftyUserDefaults in Frameworks */, @@ -555,6 +560,7 @@ isa = PBXFrameworksBuildPhase; buildActionMask = 2147483647; files = ( + 5F9D7B0F27AF6FD200A8AB22 /* CryptoTokenKit.framework in Frameworks */, 9A5C6F022787F09A0003F340 /* passKit.framework in Frameworks */, 9A5C6EFB2786CE5E0003F340 /* YubiKit in Frameworks */, 9A5C6EFF2787F0980003F340 /* Gopenpgp.xcframework in Frameworks */, @@ -573,6 +579,7 @@ isa = PBXFrameworksBuildPhase; buildActionMask = 2147483647; files = ( + 5F9D7B0D27AF6F7500A8AB22 /* CryptoTokenKit.framework in Frameworks */, 3010CB6026DA4F87008964D2 /* SwiftyUserDefaults in Frameworks */, 3010CB6326DA4FE9008964D2 /* FavIcon in Frameworks */, 9A1F47FA26E5CF4B000C0E01 /* OneTimePassword in Frameworks */, @@ -772,6 +779,7 @@ 9ADAB21926DDA4F600900F10 /* Frameworks */ = { isa = PBXGroup; children = ( + 5F9D7B0C27AF6F7300A8AB22 /* CryptoTokenKit.framework */, 30F6C1B327664C7200BE5AB2 /* SVProgressHUD.xcframework */, 9ADAB21C26DDA52400900F10 /* Gopenpgp.xcframework */, ); diff --git a/pass/Services/PasswordDecryptor.swift b/pass/Services/PasswordDecryptor.swift index 0b6d067..0e0675a 100644 --- a/pass/Services/PasswordDecryptor.swift +++ b/pass/Services/PasswordDecryptor.swift @@ -66,15 +66,20 @@ let symmetricKeyIDNameDict: [UInt8: String] = [ ] private func isEncryptKeyAlgoRSA(_ applicationRelatedData: Data) -> Bool { - let tlv = TKBERTLVRecord.sequenceOfRecords(from: applicationRelatedData)! - // 0x73: Discretionary data objects - for record in TKBERTLVRecord.sequenceOfRecords(from: tlv.first!.value)! where record.tag == 0x73 { - // 0xC2: Algorithm attributes decryption, 0x01: RSA - for record2 in TKBERTLVRecord.sequenceOfRecords(from: record.value)! where record2.tag == 0xC2 && record2.value.first! == 0x01 { - return true + if #available(iOS 13.0, *) { + let tlv = TKBERTLVRecord.sequenceOfRecords(from: applicationRelatedData)! + // 0x73: Discretionary data objects + for record in TKBERTLVRecord.sequenceOfRecords(from: tlv.first!.value)! where record.tag == 0x73 { + // 0xC2: Algorithm attributes decryption, 0x01: RSA + for record2 in TKBERTLVRecord.sequenceOfRecords(from: record.value)! where record2.tag == 0xC2 && record2.value.first! == 0x01 { + return true + } } + return false + } else { + // We need CryptoTokenKit (iOS 13.0+) to check if data is RSA, so fail open here. + return true } - return false } // swiftlint:disable cyclomatic_complexity