Attempt to fix rsa ssh

Sources/Config/Config.xcconfig

@@ -1,2 +1,3 @@
 CI_VERSION = GITHUB_CI_VERSION
 CI_BUILD_NUMBER = GITHUB_BUILD_NUMBER
+BUNDLE_PREFIX = com.maxgoedjen.Secretive

Sources/Config/ConfigBridging.m

@@ -0,0 +1,12 @@
+//
+//  Bridging.m
+//  Secretive
+//
+//  Created by Maxwell (Smudge) on 12/03/23.
+//  Copyright © 2023 Max Goedjen. All rights reserved.
+//
+
+#import <Foundation/Foundation.h>
+
+#define MakeString(x) #x
+NSString *const BundlePrefix = @MakeString(BUNDLE_PREFIX);

Sources/Packages/Sources/Brief/Updater.swift

@@ -11,16 +11,19 @@ public class Updater: ObservableObject, UpdaterProtocol {
     private let osVersion: SemVer
     /// The current version of the app that is running.
     private let currentVersion: SemVer
+    /// The current bundle prefix.
+    private let bundlePreifx: String
 
     /// Initializes an Updater.
     /// - Parameters:
     ///   - checkOnLaunch: A boolean describing whether the Updater should check for available updates on launch.
     ///   - checkFrequency: The interval at which the Updater should check for updates. Subject to a tolerance of 1 hour.
     ///   - osVersion: The current OS version.
     ///   - currentVersion: The current version of the app that is running.
-    public init(checkOnLaunch: Bool, checkFrequency: TimeInterval = Measurement(value: 24, unit: UnitDuration.hours).converted(to: .seconds).value, osVersion: SemVer = SemVer(ProcessInfo.processInfo.operatingSystemVersion), currentVersion: SemVer = SemVer(Bundle.main.infoDictionary?["CFBundleShortVersionString"] as? String ?? "0.0.0")) {
+    public init(checkOnLaunch: Bool, bundlePrefix: String, checkFrequency: TimeInterval = Measurement(value: 24, unit: UnitDuration.hours).converted(to: .seconds).value, osVersion: SemVer = SemVer(ProcessInfo.processInfo.operatingSystemVersion), currentVersion: SemVer = SemVer(Bundle.main.infoDictionary?["CFBundleShortVersionString"] as? String ?? "0.0.0")) {
         self.osVersion = osVersion
         self.currentVersion = currentVersion
+        self.bundlePreifx = bundlePrefix
         testBuild = currentVersion == SemVer("0.0.0")
         if checkOnLaunch {
             // Don't do a launch check if the user hasn't seen the setup prompt explaining updater yet.
@@ -83,7 +86,7 @@ extension Updater {
 
     /// The user defaults used to store user ignore state.
     var defaults: UserDefaults {
-        UserDefaults(suiteName: "com.maxgoedjen.Secretive.updater.ignorelist")!
+        UserDefaults(suiteName: "\(bundlePreifx).updater.ignorelist")!
     }
 
 }

Sources/Packages/Sources/SecretAgentKit/Agent.swift

@@ -12,13 +12,14 @@ public class Agent {
     private let writer = OpenSSHKeyWriter()
     private let requestTracer = SigningRequestTracer()
     private let certificateHandler = OpenSSHCertificateHandler()
-    private let logger = Logger(subsystem: "com.maxgoedjen.secretive.secretagent.agent", category: "")
+    private let logger: Logger
 
     /// Initializes an agent with a store list and a witness.
     /// - Parameters:
     ///   - storeList: The `SecretStoreList` to make available.
     ///   - witness: A witness to notify of requests.
-    public init(storeList: SecretStoreList, witness: SigningWitness? = nil) {
+    public init(storeList: SecretStoreList, bundlePrefix: String, witness: SigningWitness? = nil) {
+        logger = Logger(subsystem: "\(bundlePrefix).secretagent.agent", category: "")
         logger.debug("Agent is running")
         self.storeList = storeList
         self.witness = witness
@@ -149,11 +150,24 @@ extension Agent {
             rawRepresentation = try CryptoKit.P256.Signing.ECDSASignature(derRepresentation: derSignature).rawRepresentation
         case (.ellipticCurve, 384):
             rawRepresentation = try CryptoKit.P384.Signing.ECDSASignature(derRepresentation: derSignature).rawRepresentation
+        case (.rsa, 1024), (.rsa, 2048):
+            var signedData = Data()
+            var sub = Data()
+            sub.append(writer.lengthAndData(of: curveData))
+            sub.append(writer.lengthAndData(of: signed))
+            signedData.append(writer.lengthAndData(of: sub))
+
+            if let witness = witness {
+                try witness.witness(accessTo: secret, from: store, by: provenance)
+            }
+
+            logger.debug("Agent signed request")
+
+            return signedData
         default:
             throw AgentError.unsupportedKeyType
         }
 
-
         let rawLength = rawRepresentation.count/2
         // Check if we need to pad with 0x00 to prevent certain
         // ssh servers from thinking r or s is negative
@@ -206,7 +220,7 @@ extension Agent {
     func secret(matching hash: Data) -> (AnySecretStore, AnySecret)? {
         storeList.stores.compactMap { store -> (AnySecretStore, AnySecret)? in
             let allMatching = store.secrets.filter { secret in
-                hash == writer.data(secret: secret)
+                hash == writer.matchingHashData(secret: secret)
             }
             if let matching = allMatching.first {
                 return (store, matching)

Sources/Packages/Sources/SecretKit/OpenSSH/OpenSSHKeyWriter.swift

@@ -11,9 +11,19 @@ public struct OpenSSHKeyWriter {
     /// Generates an OpenSSH data payload identifying the secret.
     /// - Returns: OpenSSH data payload identifying the secret.
     public func data<SecretType: Secret>(secret: SecretType) -> Data {
-        lengthAndData(of: curveType(for: secret.algorithm, length: secret.keySize).data(using: .utf8)!) +
+        return lengthAndData(of: curveType(for: secret.algorithm, length: secret.keySize).data(using: .utf8)!) +
+        lengthAndData(of: curveIdentifier(for: secret.algorithm, length: secret.keySize).data(using: .utf8)!) +
+        lengthAndData(of: secret.publicKey)
+    }
+
+    public func matchingHashData<SecretType: Secret>(secret: SecretType) -> Data {
+        if secret.algorithm == .ellipticCurve {
+            return data(secret: secret)
+        } else {
+            return lengthAndData(of: "ssh-rsa".data(using: .utf8)!) +
             lengthAndData(of: curveIdentifier(for: secret.algorithm, length: secret.keySize).data(using: .utf8)!) +
             lengthAndData(of: secret.publicKey)
+        }
     }
 
     /// Generates an OpenSSH string representation of the secret.

Sources/Packages/Sources/SmartCardSecretKit/SmartCardStore.swift

@@ -16,9 +16,11 @@ extension SmartCard {
         @Published public private(set) var secrets: [Secret] = []
         private let watcher = TKTokenWatcher()
         private var tokenID: String?
+        private let includeEncryptionKeys: Bool
 
         /// Initializes a Store.
-        public init() {
+        public init(includeEncryptionKeys: Bool) {
+            self.includeEncryptionKeys = includeEncryptionKeys
             tokenID = watcher.nonSecureEnclaveTokens.first
             watcher.setInsertionHandler { string in
                 guard self.tokenID == nil else { return }
@@ -196,6 +198,9 @@ extension SmartCard.Store {
             let publicKeyAttributes = SecKeyCopyAttributes(publicKeySecRef) as! [CFString: Any]
             let publicKey = publicKeyAttributes[kSecValueData] as! Data
             return SmartCard.Secret(id: tokenID, name: name, algorithm: algorithm, keySize: keySize, publicKey: publicKey)
+        }.filter { key in
+            // We should exclude keys you can't use for signing to not confuse users.
+            return includeEncryptionKeys || key.name.hasPrefix("Key For Digital Signature")
         }
         secrets.append(contentsOf: wrapped)
     }
@@ -234,9 +239,7 @@ extension SmartCard.Store {
             signatureAlgorithm = .eciesEncryptionCofactorVariableIVX963SHA256AESGCM
         case (.ellipticCurve, 384):
             signatureAlgorithm = .eciesEncryptionCofactorVariableIVX963SHA256AESGCM
-        case (.rsa, 1024):
-            signatureAlgorithm = .rsaEncryptionOAEPSHA512AESGCM
-        case (.rsa, 2048):
+        case (.rsa, 1024), (.rsa, 2048):
             signatureAlgorithm = .rsaEncryptionOAEPSHA512AESGCM
         default:
             fatalError()

Sources/SecretAgent/AppDelegate.swift

@@ -13,14 +13,14 @@ class AppDelegate: NSObject, NSApplicationDelegate {
     private let storeList: SecretStoreList = {
         let list = SecretStoreList()
         list.add(store: SecureEnclave.Store())
-        list.add(store: SmartCard.Store())
+        list.add(store: SmartCard.Store(includeEncryptionKeys: false))
         return list
     }()
-    private let updater = Updater(checkOnLaunch: false)
+    private let updater = Updater(checkOnLaunch: false, bundlePrefix: BundlePrefix)
     private let notifier = Notifier()
     private let publicKeyFileStoreController = PublicKeyFileStoreController(homeDirectory: NSHomeDirectory())
     private lazy var agent: Agent = {
-        Agent(storeList: storeList, witness: notifier)
+        Agent(storeList: storeList, bundlePrefix: BundlePrefix, witness: notifier)
     }()
     private lazy var socketController: SocketController = {
         let path = (NSHomeDirectory() as NSString).appendingPathComponent("socket.ssh") as String

Sources/SecretAgent/Notifier.swift

@@ -117,18 +117,18 @@ extension Notifier {
     enum Constants {
 
         // Update notifications
-        static let updateCategoryIdentitifier  = "com.maxgoedjen.Secretive.SecretAgent.update"
-        static let criticalUpdateCategoryIdentitifier  = "com.maxgoedjen.Secretive.SecretAgent.update.critical"
-        static let updateActionIdentitifier  = "com.maxgoedjen.Secretive.SecretAgent.update.updateaction"
-        static let ignoreActionIdentitifier  = "com.maxgoedjen.Secretive.SecretAgent.update.ignoreaction"
+        static let updateCategoryIdentitifier  = BundlePrefix + ".SecretAgent.update"
+        static let criticalUpdateCategoryIdentitifier  = BundlePrefix + ".SecretAgent.update.critical"
+        static let updateActionIdentitifier  = BundlePrefix + ".SecretAgent.update.updateaction"
+        static let ignoreActionIdentitifier  = BundlePrefix + ".SecretAgent.update.ignoreaction"
 
         // Authorization persistence notificatoins
-        static let persistAuthenticationCategoryIdentitifier  = "com.maxgoedjen.Secretive.SecretAgent.persistauthentication"
-        static let doNotPersistActionIdentitifier  = "com.maxgoedjen.Secretive.SecretAgent.persistauthentication.donotpersist"
-        static let persistForActionIdentitifierPrefix  = "com.maxgoedjen.Secretive.SecretAgent.persistauthentication.persist."
+        static let persistAuthenticationCategoryIdentitifier  = BundlePrefix + ".SecretAgent.persistauthentication"
+        static let doNotPersistActionIdentitifier  = BundlePrefix + ".SecretAgent.persistauthentication.donotpersist"
+        static let persistForActionIdentitifierPrefix  = BundlePrefix + ".SecretAgent.persistauthentication.persist."
 
-        static let persistSecretIDKey  = "com.maxgoedjen.Secretive.SecretAgent.persistauthentication.secretidkey"
-        static let persistStoreIDKey  = "com.maxgoedjen.Secretive.SecretAgent.persistauthentication.storeidkey"
+        static let persistSecretIDKey  = BundlePrefix + ".SecretAgent.persistauthentication.secretidkey"
+        static let persistStoreIDKey  = BundlePrefix + ".SecretAgent.persistauthentication.storeidkey"
     }
 
 }

Sources/SecretAgent/SecretAgent-Bridging-Header.h

@@ -0,0 +1,7 @@
+//
+//  Use this file to import your target's public headers that you would like to expose to Swift.
+//
+
+#import <Foundation/Foundation.h>
+
+extern NSString *const BundlePrefix;

Sources/SecretAgent/SecretAgent.entitlements

@@ -10,7 +10,7 @@
 	<true/>
 	<key>keychain-access-groups</key>
 	<array>
-		<string>$(AppIdentifierPrefix)com.maxgoedjen.Secretive</string>
+		<string>$(AppIdentifierPrefix)$(BUNDLE_PREFIX)</string>
 	</array>
 </dict>
 </plist>