lysann/passforios
1
0
Fork 0
Code Issues Pull requests Activity

Separate encryption/decryption logic for different frameworks used

Browse source
This commit is contained in:
Danny Moesch 2019-09-08 23:00:46 +02:00 committed by Mingshen Sun
parent e2201ffa52
commit 730542d5bb
24 changed files with 428 additions and 414 deletions
Download patch file Download diff file Expand all files Collapse all files

57
passKit/Crypto/GopenPgp.swift Normal file
View file

@ -0,0 +1,57 @@
//
// GopenPgp.swift
// passKit
//
// Created by Danny Moesch on 08.09.19.
// Copyright © 2019 Bob Sun. All rights reserved.
//
import Crypto
struct GopenPgp: PgpInterface {
private let publicKey: CryptoKeyRing
private let privateKey: CryptoKeyRing
init(publicArmoredKey: String, privateArmoredKey: String) throws {
guard let pgp = CryptoGetGopenPGP() else {
throw AppError.KeyImport
}
publicKey = try pgp.buildKeyRingArmored(publicArmoredKey)
privateKey = try pgp.buildKeyRingArmored(privateArmoredKey)
}
func decrypt(encryptedData: Data, passphrase: String) throws -> Data? {
try privateKey.unlock(withPassphrase: passphrase)
let message = createPgpMessage(from: encryptedData)
return try privateKey.decrypt(message, verifyKey: nil, verifyTime: 0).data
}
func encrypt(plainData: Data) throws -> Data {
let encryptedData = try publicKey.encrypt(CryptoNewPlainMessage(plainData.mutable as Data), privateKey: nil)
if SharedDefaults[.encryptInArmored] {
var error: NSError?
let armor = encryptedData.getArmored(&error)
guard error == nil else {
throw error!
}
return armor.data(using: .ascii)!
}
return encryptedData.getBinary()!
}
var keyId: String {
var error: NSError?
let fingerprint = publicKey.getFingerprint(&error)
return error == nil ? String(fingerprint.suffix(8)).uppercased() : ""
}
private func createPgpMessage(from encryptedData: Data) -> CryptoPGPMessage? {
if SharedDefaults[.encryptInArmored] {
var error: NSError?
let message = CryptoNewPGPMessageFromArmored(String(data: encryptedData, encoding: .ascii), &error)
return error == nil ? message : nil
}
return CryptoNewPGPMessage(encryptedData.mutable as Data)
}
}

48
passKit/Crypto/ObjectivePgp.swift Normal file
View file

@ -0,0 +1,48 @@
//
// ObjectivePgp.swift
// passKit
//
// Created by Danny Moesch on 08.09.19.
// Copyright © 2019 Bob Sun. All rights reserved.
//
import ObjectivePGP
struct ObjectivePgp: PgpInterface {
private let publicKey: Key
private let privateKey: Key
private let keyring = ObjectivePGP.defaultKeyring
init(publicArmoredKey: String, privateArmoredKey: String) throws {
guard let publicKeyData = publicArmoredKey.data(using: .ascii), let privateKeyData = privateArmoredKey.data(using: .ascii) else {
throw AppError.KeyImport
}
let publicKeys = try ObjectivePGP.readKeys(from: publicKeyData)
let privateKeys = try ObjectivePGP.readKeys(from: privateKeyData)
keyring.import(keys: publicKeys)
keyring.import(keys: privateKeys)
guard let publicKey = publicKeys.first, let privateKey = privateKeys.first else {
throw AppError.KeyImport
}
self.publicKey = publicKey
self.privateKey = privateKey
}
func decrypt(encryptedData: Data, passphrase: String) throws -> Data? {
return try ObjectivePGP.decrypt(encryptedData, andVerifySignature: false, using: keyring.keys) { _ in passphrase }
}
func encrypt(plainData: Data) throws -> Data {
let encryptedData = try ObjectivePGP.encrypt(plainData, addSignature: false, using: keyring.keys, passphraseForKey: nil)
if SharedDefaults[.encryptInArmored] {
return Armor.armored(encryptedData, as: .message).data(using: .ascii)!
}
return encryptedData
}
var keyId: String {
return publicKey.keyID.shortIdentifier
}
}

64
passKit/Crypto/PGPAgent.swift Normal file
View file

@ -0,0 +1,64 @@
//
// PGPAgent.swift
// passKit
//
// Created by Yishi Lin on 2019/7/17.
// Copyright © 2019 Bob Sun. All rights reserved.
//
public class PGPAgent {
public static let shared: PGPAgent = PGPAgent()
private let keyStore: KeyStore
private var pgpInterface: PgpInterface?
public init(keyStore: KeyStore = AppKeychain.shared) {
self.keyStore = keyStore
}
public func initKeys() throws {
guard let publicKey: String = keyStore.get(for: PgpKey.PUBLIC.getKeychainKey()),
let privateKey: String = keyStore.get(for: PgpKey.PRIVATE.getKeychainKey()) else {
throw AppError.KeyImport
}
do {
pgpInterface = try GopenPgp(publicArmoredKey: publicKey, privateArmoredKey: privateKey)
} catch {
pgpInterface = try ObjectivePgp(publicArmoredKey: publicKey, privateArmoredKey: privateKey)
}
}
public func uninitKeys() {
pgpInterface = nil
}
public var keyId: String? {
return pgpInterface?.keyId
}
public func decrypt(encryptedData: Data, requestPGPKeyPassphrase: () -> String) throws -> Data? {
try checkAndInit()
let passphrase = keyStore.get(for: Globals.pgpKeyPassphrase) ?? requestPGPKeyPassphrase()
return try pgpInterface!.decrypt(encryptedData: encryptedData, passphrase: passphrase)
}
public func encrypt(plainData: Data) throws -> Data {
try checkAndInit()
guard let pgpInterface = pgpInterface else {
throw AppError.Encryption
}
return try pgpInterface.encrypt(plainData: plainData)
}
public var isPrepared: Bool {
return keyStore.contains(key: PgpKey.PUBLIC.getKeychainKey())
&& keyStore.contains(key: PgpKey.PRIVATE.getKeychainKey())
}
private func checkAndInit() throws {
if pgpInterface == nil || !keyStore.contains(key: Globals.pgpKeyPassphrase) {
try initKeys()
}
}
}

16
passKit/Crypto/PgpInterface.swift Normal file
View file

@ -0,0 +1,16 @@
//
// PgpInterface.swift
// passKit
//
// Created by Danny Moesch on 08.09.19.
// Copyright © 2019 Bob Sun. All rights reserved.
//
protocol PgpInterface {
func decrypt(encryptedData: Data, passphrase: String) throws -> Data?
func encrypt(plainData: Data) throws -> Data
var keyId: String { get }
}

1
passKit/Helpers/AppError.swift
View file

@ -20,6 +20,7 @@ public enum AppError: Error, Equatable {
case WrongPasswordFilename
case Decryption
case Encryption
case Encoding
case Unknown
}

2
passKit/Helpers/Globals.swift
View file

@ -29,6 +29,8 @@ public class Globals {
public static let iTunesFileSharingPGPPrivate = iTunesFileSharingPath + "/gpg_key"
public static let iTunesFileSharingSSHPrivate = iTunesFileSharingPath + "/ssh_key"
public static let pgpKeyPassphrase = "pgpKeyPassphrase"
public static let gitSignatureDefaultName = "Pass for iOS"
public static let gitSignatureDefaultEmail = "user@passforios"

27
passKit/Helpers/KeyFileManager.swift
View file

@ -7,7 +7,7 @@
//
public class KeyFileManager {
public typealias KeyHandler = (Data, String) -> ()
public typealias KeyHandler = (String, String) -> Void
public static let PublicPgp = KeyFileManager(keyType: PgpKey.PUBLIC)
public static let PrivatePgp = KeyFileManager(keyType: PgpKey.PRIVATE)
@ -15,24 +15,35 @@ public class KeyFileManager {
private let keyType: CryptographicKey
private let keyPath: String
private let keyHandler: KeyHandler
private convenience init(keyType: CryptographicKey) {
self.init(keyType: keyType, keyPath: keyType.getFileSharingPath())
}
public init(keyType: CryptographicKey, keyPath: String) {
public init(keyType: CryptographicKey, keyPath: String, keyHandler: @escaping KeyHandler = AppKeychain.shared.add) {
self.keyType = keyType
self.keyPath = keyPath
self.keyHandler = keyHandler
}
public func importKeyAndDeleteFile(keyHandler: KeyHandler = AppKeychain.shared.add) throws {
guard let keyFileContent = FileManager.default.contents(atPath: keyPath) else {
throw AppError.ReadingFile(URL(fileURLWithPath: keyPath).lastPathComponent)
}
keyHandler(keyFileContent, keyType.getKeychainKey())
public func importKeyFromFileSharing() throws {
let keyFileContent = try String(contentsOfFile: keyPath, encoding: .ascii)
try importKey(from: keyFileContent)
try FileManager.default.removeItem(atPath: keyPath)
}
public func importKey(from string: String) throws {
guard string.unicodeScalars.allSatisfy({ $0.isASCII }) else {
throw AppError.Encoding
}
keyHandler(string, keyType.getKeychainKey())
}
public func importKey(from url: URL) throws {
try importKey(from: String(contentsOf: url, encoding: .ascii))
}
public func doesKeyFileExist() -> Bool {
return FileManager.default.fileExists(atPath: keyPath)
}

223
passKit/Models/PGPAgent.swift
View file

@ -1,223 +0,0 @@
//
// PGPAgent.swift
// passKit
//
// Created by Yishi Lin on 2019/7/17.
// Copyright © 2019 Bob Sun. All rights reserved.
//
import Foundation
import ObjectivePGP
import KeychainAccess
import Crypto
public class PGPAgent {
private let keyStore: KeyStore
public init(keyStore: KeyStore = AppKeychain.shared) {
self.keyStore = keyStore
}
public var pgpKeyID: String?
// PGP passphrase
public var passphrase: String? {
set {
keyStore.add(string: newValue, for: "pgpKeyPassphrase")
}
get {
return keyStore.get(for: "pgpKeyPassphrase")
}
}
// Gopenpgpwrapper
private var publicKey: CryptoKeyRing? {
didSet {
var err: NSError? = nil
let fp = publicKey?.getFingerprint(&err)
if err == nil && fp != nil {
pgpKeyID = String(fp!.suffix(8)).uppercased()
} else {
pgpKeyID = ""
}
}
}
private var privateKey: CryptoKeyRing?
// ObjectivePGP
private let keyring = ObjectivePGP.defaultKeyring
private var publicKeyV2: Key? {
didSet {
pgpKeyID = publicKeyV2?.keyID.shortIdentifier
}
}
private var privateKeyV2: Key?
public var isImported: Bool {
get {
return (publicKey != nil || publicKeyV2 != nil) && (privateKey != nil || privateKeyV2 != nil)
}
}
public var isFileSharingReady: Bool {
get {
return KeyFileManager.PublicPgp.doesKeyFileExist() && KeyFileManager.PrivatePgp.doesKeyFileExist()
}
}
public func initPGPKeys() throws {
try initPGPKey(.PUBLIC)
try initPGPKey(.PRIVATE)
}
public func initPGPKey(_ keyType: PgpKey) throws {
// Clean up the previously set public/private key.
switch keyType {
case .PUBLIC:
self.publicKey = nil
self.publicKeyV2 = nil
case .PRIVATE:
self.privateKey = nil
self.privateKeyV2 = nil
}
// Read the key data from keychain.
guard let pgpKeyData: Data = keyStore.get(for: keyType.getKeychainKey()) else {
throw AppError.KeyImport
}
// Remove the key data from keychain temporary, in case the following step crashes repeatedly.
keyStore.removeContent(for: keyType.getKeychainKey())
// Try GopenPGP first.
let pgp = CryptoGetGopenPGP()
// Treat keys as binary first
if let key = try? pgp?.buildKeyRing(pgpKeyData) {
switch keyType {
case .PUBLIC:
self.publicKey = key
case .PRIVATE:
self.privateKey = key
}
keyStore.add(data: pgpKeyData, for: keyType.getKeychainKey())
return
}
// Treat key as ASCII armored keys if binary fails
if let key = try? pgp?.buildKeyRingArmored(String(data: pgpKeyData, encoding: .ascii)) {
switch keyType {
case .PUBLIC:
self.publicKey = key
case .PRIVATE:
self.privateKey = key
}
keyStore.add(data: pgpKeyData, for: keyType.getKeychainKey())
return
}
// Try ObjectivePGP as a backup plan.
// [ObjectivePGP.readKeys MAY CRASH!!!]
if let keys = try? ObjectivePGP.readKeys(from: pgpKeyData),
let key = keys.first {
keyring.import(keys: keys)
switch keyType {
case .PUBLIC:
self.publicKeyV2 = key
case .PRIVATE:
self.privateKeyV2 = key
}
keyStore.add(data: pgpKeyData, for: keyType.getKeychainKey())
return
}
throw AppError.KeyImport
}
public func initPGPKey(from url: URL, keyType: PgpKey) throws {
let pgpKeyData = try Data(contentsOf: url)
keyStore.add(data: pgpKeyData, for: keyType.getKeychainKey())
try initPGPKey(keyType)
}
public func initPGPKey(with armorKey: String, keyType: PgpKey) throws {
let pgpKeyData = armorKey.data(using: .ascii)!
keyStore.add(data: pgpKeyData, for: keyType.getKeychainKey())
try initPGPKey(keyType)
}
public func initPGPKeyFromFileSharing() throws {
try KeyFileManager.PublicPgp.importKeyAndDeleteFile(keyHandler: keyStore.add)
try KeyFileManager.PrivatePgp.importKeyAndDeleteFile(keyHandler: keyStore.add)
try initPGPKeys()
}
public func decrypt(encryptedData: Data, requestPGPKeyPassphrase: () -> String) throws -> Data? {
guard privateKey != nil || privateKeyV2 != nil else {
throw AppError.PgpPublicKeyNotExist
}
let passphrase = self.passphrase ?? requestPGPKeyPassphrase()
// Try Gopenpgp.
if privateKey != nil {
try privateKey?.unlock(withPassphrase: passphrase)
var err : NSError? = nil
var message = CryptoNewPGPMessageFromArmored(String(data: encryptedData, encoding: .ascii), &err)
if err != nil {
message = CryptoNewPGPMessage(encryptedData)
}
if let decryptedData = try? privateKey?.decrypt(message, verifyKey: nil, verifyTime: 0) {
return decryptedData.data
}
}
// Try ObjectivePGP.
if privateKeyV2 != nil {
if let decryptedData = try? ObjectivePGP.decrypt(encryptedData, andVerifySignature: false, using: keyring.keys, passphraseForKey: {(_) in passphrase}) {
return decryptedData
}
}
throw AppError.Decryption
}
public func encrypt(plainData: Data) throws -> Data {
guard publicKey != nil || publicKeyV2 != nil else {
throw AppError.PgpPublicKeyNotExist
}
// Try Gopenpgp.
if publicKey != nil {
if let encryptedData = try? publicKey?.encrypt(CryptoNewPlainMessageFromString(String(data: plainData, encoding: .utf8)), privateKey: nil) {
if SharedDefaults[.encryptInArmored] {
var err : NSError? = nil
let armor = encryptedData.getArmored(&err)
if err == nil {
return armor.data(using: .ascii)!
}
} else {
return encryptedData.getBinary()!
}
}
}
// Try ObjectivePGP.
if publicKeyV2 != nil {
if let encryptedData = try? ObjectivePGP.encrypt(plainData, addSignature: false, using: keyring.keys, passphraseForKey: nil) {
if SharedDefaults[.encryptInArmored] {
return Armor.armored(encryptedData, as: .message).data(using: .utf8)!
} else {
return encryptedData
}
}
}
throw AppError.Encryption
}
public func removePGPKeys() {
keyStore.removeContent(for: PgpKey.PUBLIC.getKeychainKey())
keyStore.removeContent(for: PgpKey.PRIVATE.getKeychainKey())
passphrase = nil
publicKey = nil
privateKey = nil
publicKeyV2 = nil
privateKeyV2 = nil
keyring.deleteAll()
}
}

24
passKit/Models/PasswordStore.swift
View file

@ -24,9 +24,7 @@ public class PasswordStore {
public let storeURL = URL(fileURLWithPath: "\(Globals.repositoryPath)")
public let tempStoreURL = URL(fileURLWithPath: "\(Globals.repositoryPath)-temp")
public let pgpAgent = PGPAgent()
public var storeRepository: GTRepository?
public var gitSignatureForNow: GTSignature? {
@ -111,7 +109,6 @@ public class PasswordStore {
if fm.fileExists(atPath: storeURL.path) {
try storeRepository = GTRepository.init(url: storeURL)
}
try self.pgpAgent.initPGPKeys()
} catch {
print(error)
}
@ -119,9 +116,9 @@ public class PasswordStore {
private func importExistingKeysIntoKeychain() {
// App Store update: v0.5.1 -> v0.6.0
try? KeyFileManager(keyType: PgpKey.PUBLIC, keyPath: Globals.pgpPublicKeyPath).importKeyAndDeleteFile()
try? KeyFileManager(keyType: PgpKey.PRIVATE, keyPath: Globals.pgpPrivateKeyPath).importKeyAndDeleteFile()
try? KeyFileManager(keyType: SshKey.PRIVATE, keyPath: Globals.gitSSHPrivateKeyPath).importKeyAndDeleteFile()
try? KeyFileManager(keyType: PgpKey.PUBLIC, keyPath: Globals.pgpPublicKeyPath).importKeyFromFileSharing()
try? KeyFileManager(keyType: PgpKey.PRIVATE, keyPath: Globals.pgpPrivateKeyPath).importKeyFromFileSharing()
try? KeyFileManager(keyType: SshKey.PRIVATE, keyPath: Globals.gitSSHPrivateKeyPath).importKeyFromFileSharing()
SharedDefaults.remove(.pgpPublicKeyArmor)
SharedDefaults.remove(.pgpPrivateKeyArmor)
SharedDefaults.remove(.gitSSHPrivateKeyArmor)
@ -638,7 +635,8 @@ public class PasswordStore {
try? fm.removeItem(atPath: Globals.gitSSHPrivateKeyPath)
self.pgpAgent.removePGPKeys()
AppKeychain.shared.removeContent(for: PgpKey.PUBLIC.getKeychainKey())
AppKeychain.shared.removeContent(for: PgpKey.PRIVATE.getKeychainKey())
AppKeychain.shared.removeAllContent()
@ -699,7 +697,7 @@ public class PasswordStore {
public func decrypt(passwordEntity: PasswordEntity, requestPGPKeyPassphrase: () -> String) throws -> Password? {
let encryptedDataPath = storeURL.appendingPathComponent(passwordEntity.getPath())
let encryptedData = try Data(contentsOf: encryptedDataPath)
guard let decryptedData = try self.pgpAgent.decrypt(encryptedData: encryptedData, requestPGPKeyPassphrase: requestPGPKeyPassphrase) else {
guard let decryptedData = try PGPAgent.shared.decrypt(encryptedData: encryptedData, requestPGPKeyPassphrase: requestPGPKeyPassphrase) else {
throw AppError.Decryption
}
let plainText = String(data: decryptedData, encoding: .utf8) ?? ""
@ -708,11 +706,7 @@ public class PasswordStore {
}
public func encrypt(password: Password) throws -> Data {
return try self.pgpAgent.encrypt(plainData: password.plainData)
}
public func removePGPKeys() {
self.pgpAgent.removePGPKeys()
return try PGPAgent.shared.encrypt(plainData: password.plainData)
}
public func removeGitSSHKeys() {
@ -725,6 +719,6 @@ public class PasswordStore {
}
public func gitSSHKeyImportFromFileSharing() throws {
try KeyFileManager.PrivateSsh.importKeyAndDeleteFile()
try KeyFileManager.PrivateSsh.importKeyFromFileSharing()
}
}