feature(touchIdSettings): Migrate touchID settings correctly to hashed databasefilenames

2025-12-15 17:22:25 +00:00 · 2023-02-23 14:44:18 +01:00
parent fb7c55b651
commit 78f2de9393
6 changed files with 87 additions and 87 deletions
--- a/MacPass/Base.lproj/IntegrationPreferences.xib
+++ b/MacPass/Base.lproj/IntegrationPreferences.xib
@@ -1,8 +1,7 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<document type="com.apple.InterfaceBuilder3.Cocoa.XIB" version="3.0" toolsVersion="17701" targetRuntime="MacOSX.Cocoa" propertyAccessControl="none" useAutolayout="YES">
+<document type="com.apple.InterfaceBuilder3.Cocoa.XIB" version="3.0" toolsVersion="21225" targetRuntime="MacOSX.Cocoa" propertyAccessControl="none" useAutolayout="YES">
    <dependencies>
-        <deployment identifier="macosx"/>
-        <plugIn identifier="com.apple.InterfaceBuilder.CocoaPlugin" version="17701"/>
+        <plugIn identifier="com.apple.InterfaceBuilder.CocoaPlugin" version="21225"/>
        <capability name="documents saved in the Xcode 8 format" minToolsVersion="8.0"/>
    </dependencies>
    <objects>
@@ -48,7 +47,7 @@
                                        </textFieldCell>
                                    </textField>
                                    <button horizontalHuggingPriority="251" verticalHuggingPriority="750" translatesAutoresizingMaskIntoConstraints="NO" id="jai-b6-Qv4">
-                                        <rect key="frame" x="-7" y="276" width="171" height="32"/>
+                                        <rect key="frame" x="-7" y="276" width="172" height="32"/>
                                        <buttonCell key="cell" type="push" title="Run Autotype Doctor…" bezelStyle="rounded" alignment="center" borderStyle="border" inset="2" id="NP0-R3-m6n">
                                            <behavior key="behavior" pushIn="YES" lightByBackground="YES" lightByGray="YES"/>
                                            <font key="font" metaFont="system"/>
@@ -252,7 +251,7 @@
                                    <font key="font" metaFont="system"/>
                                </buttonCell>
                                <connections>
-                                    <action selector="RenewTouchIdKey:" target="-2" id="dl7-WD-Abu"/>
+                                    <action selector="renewTouchIdKey:" target="-2" id="dl7-WD-Abu"/>
                                </connections>
                            </button>
                            <textField verticalHuggingPriority="750" horizontalCompressionResistancePriority="250" translatesAutoresizingMaskIntoConstraints="NO" id="9kv-ns-mQx">
--- a/MacPass/MPDocument+BiometricEncryptionSupport.m
+++ b/MacPass/MPDocument+BiometricEncryptionSupport.m
@@ -7,8 +7,9 @@
 //

 #import "MPDocument+BiometricEncryptionSupport.h"
-#import "MPSettingsHelper.h"
 #import "MPTouchIdCompositeKeyStore.h"
+#import "NSString+MPHash.h"
+

@implementation MPDocument (BiometricEncryptionSupport)

@@ -18,7 +19,8 @@
  if(nil == self.fileURL || nil == self.fileURL.lastPathComponent) {
    return nil;
  }
-  return [NSString stringWithFormat:kMPSettingsKeyEntryTouchIdDatabaseEncryptedKeyFormat, self.fileURL.lastPathComponent];
+  
+  return [self.fileURL.lastPathComponent sha1HexDigest];
 }

 - (NSData *)encryptedKeyData {
--- a/MacPass/MPIntegrationPreferencesController.m
+++ b/MacPass/MPIntegrationPreferencesController.m
@@ -137,7 +137,7 @@

 #pragma mark -
 #pragma mark Keychain Actions
- (IBAction)RenewTouchIdKey:(id)sender {
+- (IBAction)renewTouchIdKey:(id)sender {
    NSData* publicKeyTag = [MPTouchIdUnlockPublicKeyTag dataUsingEncoding:NSUTF8StringEncoding];
    NSDictionary *publicKeyQuery = @{
      (id)kSecClass: (id)kSecClassKey,
--- a/MacPass/MPSettingsHelper.h
+++ b/MacPass/MPSettingsHelper.h
@@ -25,7 +25,6 @@
 /* TouchID */
 APPKIT_EXTERN NSString *const kMPSettingsKeyTouchIdEnabled;
 APPKIT_EXTERN NSString *const kMPSettingsKeyTouchIdEncryptedKeyStore;       // NSDictionary with hased file names mapped to keys
-APPKIT_EXTERN NSString *const kMPSettingsKeyEntryTouchIdDatabaseEncryptedKeyFormat;

 /* Clipboard */
 APPKIT_EXTERN NSString *const kMPSettingsKeyPasteboardClearTimeout;
--- a/MacPass/MPSettingsHelper.m
+++ b/MacPass/MPSettingsHelper.m
@@ -26,6 +26,8 @@
 #import "MPEntrySearchContext.h"
 #import "DDHotKey+MacPassAdditions.h" // Default hotkey;

+#import "NSString+MPHash.h"
+
 NSString *const kMPSettingsKeyPasteboardClearTimeout                            = @"ClipboardClearTimeout";
 NSString *const kMPSettingsKeyClearPasteboardOnQuit                             = @"ClearClipboardOnQuit";
 NSString *const kMPSettingsKeyPreventUniversalClipboard                         = @"PreventUniversalClipboard";
@@ -69,7 +71,6 @@ NSString *const kMPSettingsKeyGloablAutotypeAlwaysShowCandidateSelection  = @"Gl

 NSString *const kMPSettingsKeyTouchIdEnabled                                    = @"EnableSubsequentUnlocksWithTouchID";
 NSString *const kMPSettingsKeyTouchIdEncryptedKeyStore                          = @"TouchIdEncryptedKeyStore";
-NSString *const kMPSettingsKeyEntryTouchIdDatabaseEncryptedKeyFormat      = @"EncryptedDatabaseKeyForTouchID-%@";

 NSString *const kMPSettingsKeyEntrySearchFilterContext                          = @"EntrySearchFilterContext";

@@ -113,6 +114,7 @@ NSString *const kMPDeprecatedSettingsKeyShowMenuItem                      = @"Sh
 NSString *const kMPDeprecatedSettingsKeyDefaultPasswordRounds                   = @"KeyDefaultPasswordRounds";
 NSString *const kMPDepricatedSettingsKeyLoadUnsecurePlugins                     = @"MPLoadUnsecurePlugins";
 NSString *const kMPDepricatedSettingsKeyAutotypeHideAccessibiltyWarning         = @"AutotypeHideAccessibiltyWarning";
+NSString *const kMPDepricatedSettingsKeyEntryTouchIdDatabaseEncryptedKeyFormat  = @"EncryptedDatabaseKeyForTouchID-%@";

@implementation MPSettingsHelper

@@ -320,13 +322,13 @@ return deprecatedSettings;
  NSArray *defaultKeys = [NSUserDefaults.standardUserDefaults dictionaryRepresentation].allKeys;
  // find all keys in old format
  for(NSString *key in defaultKeys) {
-    NSString *prefix = [NSString stringWithFormat:kMPSettingsKeyEntryTouchIdDatabaseEncryptedKeyFormat, @""];
+    NSString *prefix = [NSString stringWithFormat:kMPDepricatedSettingsKeyEntryTouchIdDatabaseEncryptedKeyFormat, @""];
    if([key hasPrefix:prefix]) {
-      // database name was adde
-      NSString *databaseName = [key substringFromIndex:prefix.length];
+      // database name was added
+      NSString *databaseNameHash = [key substringFromIndex:prefix.length].sha1HexDigest;
      NSData *encryptedKey = [NSUserDefaults.standardUserDefaults dataForKey:key];
-      if(!storedKeys[databaseName] && encryptedKey) {
-        storedKeys[databaseName] = encryptedKey;
+      if(!storedKeys[databaseNameHash] && encryptedKey) {
+        storedKeys[databaseNameHash] = encryptedKey;
      }
      [NSUserDefaults.standardUserDefaults removeObjectForKey:key];
    }
--- a/MacPass/MPTouchIdCompositeKeyStore.m
+++ b/MacPass/MPTouchIdCompositeKeyStore.m
@@ -66,9 +66,7 @@
  }
  
  /* FIXME this behavour is wrong. Old keys do not get cleared so this leaves a lot of data behind that should be cleaned up*/
-  
-  MPTouchIDKeyStorage touchIdMode = [NSUserDefaults.standardUserDefaults integerForKey:kMPSettingsKeyTouchIdEnabled];
-  switch(touchIdMode) {
+  switch(self.touchIdEnabledState) {
    case MPTouchIDKeyStorageTransient:
      [NSUserDefaults.standardUserDefaults removeObjectForKey:documentKey];
      if(nil != encryptedCompositeKey) {