Use createPGPMessage instead of CryptoNewPGPMessage to support ASCII-armored password with YubiKey (#658)

mssun · web-flow · commit c5d9d258d878 · 2024-11-30T11:29:27.000-08:00
diff --git a/pass/Services/PasswordDecryptor.swift b/pass/Services/PasswordDecryptor.swift
@@ -206,7 +206,7 @@ func verifyPin(smartCard: YKFSmartCardInterface, pin: String) async throws {
 
 func decipher(smartCard: YKFSmartCardInterface, ciphertext: Data, chained: Bool) async throws -> Data {
     var error: NSError?
-    let message = CryptoNewPGPMessage(ciphertext)
+    let message = createPGPMessage(from: ciphertext)
     guard let mpi1 = Gopenpgp.HelperPassGetEncryptedMPI1(message, &error) else {
         throw AppError.yubiKey(.decipher(message: "Failed to get encrypted MPI."))
     }
@@ -225,7 +225,7 @@ func decipher(smartCard: YKFSmartCardInterface, ciphertext: Data, chained: Bool)
 }
 
 func decryptPassword(deciphered: Data, ciphertext: Data) throws -> String {
-    let message = CryptoNewPGPMessage(ciphertext)
+    let message = createPGPMessage(from: ciphertext)
 
     guard let algoByte = deciphered.first, let algo = symmetricKeyIDNameDict[algoByte] else {
         throw AppError.yubiKey(.decipher(message: "Failed to new session key."))
diff --git a/passKit/Crypto/GopenPGPInterface.swift b/passKit/Crypto/GopenPGPInterface.swift
@@ -147,15 +147,15 @@ struct GopenPGPInterface: PGPInterface {
     var shortKeyID: [String] {
         publicKeys.keys.map { $0.suffix(8).uppercased() }
     }
+}
 
-    private func createPGPMessage(from encryptedData: Data) -> CryptoPGPMessage? {
-        // Important note:
-        // Even if Defaults.encryptInArmored is true now, it could be different during the encryption.
-        var error: NSError?
-        let message = CryptoNewPGPMessageFromArmored(String(data: encryptedData, encoding: .ascii), &error)
-        if error == nil {
-            return message
-        }
-        return CryptoNewPGPMessage(encryptedData.mutable as Data)
+public func createPGPMessage(from encryptedData: Data) -> CryptoPGPMessage? {
+    // Important note:
+    // Even if Defaults.encryptInArmored is true now, it could be different during the encryption.
+    var error: NSError?
+    let message = CryptoNewPGPMessageFromArmored(String(data: encryptedData, encoding: .ascii), &error)
+    if error == nil {
+        return message
     }
+    return CryptoNewPGPMessage(encryptedData.mutable as Data)
 }

Original file line number	Diff line number	Diff line change
`@@ -206,7 +206,7 @@ func verifyPin(smartCard: YKFSmartCardInterface, pin: String) async throws {`
`206`	`206`
`207`	`207`	`func decipher(smartCard: YKFSmartCardInterface, ciphertext: Data, chained: Bool) async throws -> Data {`
`208`	`208`	`var error: NSError?`
`209`		`- let message = CryptoNewPGPMessage(ciphertext)`
	`209`	`+ let message = createPGPMessage(from: ciphertext)`
`210`	`210`	`guard let mpi1 = Gopenpgp.HelperPassGetEncryptedMPI1(message, &error) else {`
`211`	`211`	`throw AppError.yubiKey(.decipher(message: "Failed to get encrypted MPI."))`
`212`	`212`	`}`
`@@ -225,7 +225,7 @@ func decipher(smartCard: YKFSmartCardInterface, ciphertext: Data, chained: Bool)`
`225`	`225`	`}`
`226`	`226`
`227`	`227`	`func decryptPassword(deciphered: Data, ciphertext: Data) throws -> String {`
`228`		`- let message = CryptoNewPGPMessage(ciphertext)`
	`228`	`+ let message = createPGPMessage(from: ciphertext)`
`229`	`229`
`230`	`230`	`guard let algoByte = deciphered.first, let algo = symmetricKeyIDNameDict[algoByte] else {`
`231`	`231`	`throw AppError.yubiKey(.decipher(message: "Failed to new session key."))`