From cc97b328bea8b5f7344477c993f796f6b251e7e2 Mon Sep 17 00:00:00 2001
From: michael starke <michael.starke@hicknhack-software.com>
Date: Fri, 5 Feb 2016 16:44:37 +0100
Subject: [PATCH] key file to database file mapping now hash the database url
 to obscure the mapping

---
 MacPass.xcodeproj/project.pbxproj |  6 ++++++
 MacPass/MPDocument.m              |  5 +++--
 MacPass/MPSettingsHelper.m        | 22 ++++++++++++++++++++
 MacPass/NSString+MPHash.h         | 17 ++++++++++++++++
 MacPass/NSString+MPHash.m         | 34 +++++++++++++++++++++++++++++++
 5 files changed, 82 insertions(+), 2 deletions(-)
 create mode 100644 MacPass/NSString+MPHash.h
 create mode 100644 MacPass/NSString+MPHash.m

diff --git a/MacPass.xcodeproj/project.pbxproj b/MacPass.xcodeproj/project.pbxproj
index 4c395801..48039ebd 100644
--- a/MacPass.xcodeproj/project.pbxproj
+++ b/MacPass.xcodeproj/project.pbxproj
@@ -119,6 +119,7 @@
 		4C569D9E17652B0600595B62 /* MPConstants.m in Sources */ = {isa = PBXBuildFile; fileRef = 4C569D9D17652B0600595B62 /* MPConstants.m */; };
 		4C569DA117652BFE00595B62 /* MPEntryTableDataSource.m in Sources */ = {isa = PBXBuildFile; fileRef = 4C569DA017652BFE00595B62 /* MPEntryTableDataSource.m */; };
 		4C57AE1417BA422B00CA4F34 /* MPSegmentedContextCell.m in Sources */ = {isa = PBXBuildFile; fileRef = 4C57AE1317BA422B00CA4F34 /* MPSegmentedContextCell.m */; };
+		4C5807781C64F67000E7171F /* NSString+MPHash.m in Sources */ = {isa = PBXBuildFile; fileRef = 4C5807771C64F67000E7171F /* NSString+MPHash.m */; };
 		4C586F9E16D07ABD00E7DB57 /* 00_PasswordTemplate.pdf in Resources */ = {isa = PBXBuildFile; fileRef = 4C586F9D16D07ABD00E7DB57 /* 00_PasswordTemplate.pdf */; };
 		4C586FA016D07D7200E7DB57 /* 01_PackageNetworkTemplate.pdf in Resources */ = {isa = PBXBuildFile; fileRef = 4C586F9F16D07D7200E7DB57 /* 01_PackageNetworkTemplate.pdf */; };
 		4C586FA216D07F6A00E7DB57 /* 02_MessageBoxWarningTemplate.pdf in Resources */ = {isa = PBXBuildFile; fileRef = 4C586FA116D07F6A00E7DB57 /* 02_MessageBoxWarningTemplate.pdf */; };
@@ -440,6 +441,8 @@
 		4C569DA017652BFE00595B62 /* MPEntryTableDataSource.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = MPEntryTableDataSource.m; sourceTree = "<group>"; };
 		4C57AE1217BA422B00CA4F34 /* MPSegmentedContextCell.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MPSegmentedContextCell.h; sourceTree = "<group>"; };
 		4C57AE1317BA422B00CA4F34 /* MPSegmentedContextCell.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = MPSegmentedContextCell.m; sourceTree = "<group>"; };
+		4C5807761C64F67000E7171F /* NSString+MPHash.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "NSString+MPHash.h"; sourceTree = "<group>"; };
+		4C5807771C64F67000E7171F /* NSString+MPHash.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = "NSString+MPHash.m"; sourceTree = "<group>"; };
 		4C586F9D16D07ABD00E7DB57 /* 00_PasswordTemplate.pdf */ = {isa = PBXFileReference; lastKnownFileType = image.pdf; path = 00_PasswordTemplate.pdf; sourceTree = "<group>"; };
 		4C586F9F16D07D7200E7DB57 /* 01_PackageNetworkTemplate.pdf */ = {isa = PBXFileReference; lastKnownFileType = image.pdf; path = 01_PackageNetworkTemplate.pdf; sourceTree = "<group>"; };
 		4C586FA116D07F6A00E7DB57 /* 02_MessageBoxWarningTemplate.pdf */ = {isa = PBXFileReference; lastKnownFileType = image.pdf; path = 02_MessageBoxWarningTemplate.pdf; sourceTree = "<group>"; };
@@ -856,6 +859,8 @@
 				4C77C84018E240E000D1C42B /* DDHotKey+MacPassAdditions.m */,
 				4C32B0E51A1D4436007E12F1 /* KPKFormat+MPUTIDetection.h */,
 				4C32B0E61A1D4436007E12F1 /* KPKFormat+MPUTIDetection.m */,
+				4C5807761C64F67000E7171F /* NSString+MPHash.h */,
+				4C5807771C64F67000E7171F /* NSString+MPHash.m */,
 			);
 			name = Categories;
 			sourceTree = "<group>";
@@ -1759,6 +1764,7 @@
 				4C57AE1417BA422B00CA4F34 /* MPSegmentedContextCell.m in Sources */,
 				4CE2961518429AA5005F01CE /* MPAutotypeKeyPress.m in Sources */,
 				4C32B0E71A1D4436007E12F1 /* KPKFormat+MPUTIDetection.m in Sources */,
+				4C5807781C64F67000E7171F /* NSString+MPHash.m in Sources */,
 				4CE501341BBC47F500FB819D /* MPTagsTokenFieldDelegate.m in Sources */,
 				4CC6DB7A17D23719002C6091 /* KPKNode+IconImage.m in Sources */,
 				4C15B74618BCA3B1003F8008 /* MPDocument+Search.m in Sources */,
diff --git a/MacPass/MPDocument.m b/MacPass/MPDocument.m
index 388aedfb..8e78abc6 100644
--- a/MacPass/MPDocument.m
+++ b/MacPass/MPDocument.m
@@ -37,6 +37,7 @@
 
 #import "NSError+Messages.h"
 #import "NSString+MPPasswordCreation.h"
+#import "NSString+MPHash.h"
 
 NSString *const MPDocumentDidAddGroupNotification         = @"com.hicknhack.macpass.MPDocumentDidAddGroupNotification";
 NSString *const MPDocumentDidAddEntryNotification         = @"com.hicknhack.macpass.MPDocumentDidAddEntryNotification";
@@ -331,7 +332,7 @@ NSString *const MPDocumentGroupKey                        = @"MPDocumentGroupKey
     return nil;
   }
   NSDictionary *keysForFiles = [[NSUserDefaults standardUserDefaults] dictionaryForKey:kMPSettingsKeyRememeberdKeysForDatabases];
-  NSString *keyPath = keysForFiles[[[self fileURL] path]];
+  NSString *keyPath = keysForFiles[self.fileURL.path.sha1HexDigest];
   if(!keyPath) {
     return nil;
   }
@@ -689,7 +690,7 @@ NSString *const MPDocumentGroupKey                        = @"MPDocumentGroupKey
   if(nil == keysForFiles) {
     keysForFiles = [[NSMutableDictionary alloc] initWithCapacity:1];
   }
-  keysForFiles[[[self fileURL] path]] = [keyURL path];
+  keysForFiles[self.fileURL.path.sha1HexDigest] = keyURL.path;
   [[NSUserDefaults standardUserDefaults] setObject:keysForFiles forKey:kMPSettingsKeyRememeberdKeysForDatabases];
 }
 
diff --git a/MacPass/MPSettingsHelper.m b/MacPass/MPSettingsHelper.m
index 0bc3e7ca..75bb77de 100644
--- a/MacPass/MPSettingsHelper.m
+++ b/MacPass/MPSettingsHelper.m
@@ -8,6 +8,7 @@
 
 #import "MPSettingsHelper.h"
 #import "NSString+MPPasswordCreation.h"
+#import "NSString+MPHash.h"
 #import "MPEntryViewController.h" // Sort descriptors
 #import "DDHotKey+MacPassAdditions.h" // Default hotkey;
 
@@ -80,6 +81,7 @@ NSString *const kMPDeprecatedSettingsKeyShowMenuItem                      = @"Sh
   [self _fixEntryTableSortDescriptors];
   [self _migrateURLDoubleClickPreferences];
   [self _migrateEntrySearchFlags];
+  [self _migrateRememberedKeyFiles];
   [self _removeDeprecatedValues];
 }
 
@@ -182,6 +184,7 @@ NSString *const kMPDeprecatedSettingsKeyShowMenuItem                      = @"Sh
 }
 
 + (void)_migrateEntrySearchFlags {
+  /* Entry filters are now stored as archivd search context not just flags */
   NSInteger flags = [[NSUserDefaults standardUserDefaults] integerForKey:kMPDeprecatedSettingsKeyEntrySearchFilterMode];
   if(flags != 0) {
     MPEntrySearchContext *context = [[MPEntrySearchContext alloc] initWithString:nil flags:flags];
@@ -190,4 +193,23 @@ NSString *const kMPDeprecatedSettingsKeyShowMenuItem                      = @"Sh
   }
 }
 
++ (void)_migrateRememberedKeyFiles {
+  /*
+   Database file paths was stored as plain text in keyfile mapping.
+   We only need to store the key file ulr in plain text, thus hashing the path is sufficent
+   */
+  NSDictionary<NSString *, NSString *> *plainTextDict = [[NSUserDefaults standardUserDefaults] dictionaryForKey:kMPSettingsKeyRememeberdKeysForDatabases];
+  if(!plainTextDict) {
+    return;
+  }
+  NSMutableDictionary *hashedDict = [[NSMutableDictionary alloc] initWithCapacity:plainTextDict.count];
+  for(NSString *key in plainTextDict) {
+    NSString *digest = key.sha1HexDigest;
+    if(digest) {
+      hashedDict[key.sha1HexDigest] = plainTextDict[key];
+    }
+  }
+  [[NSUserDefaults standardUserDefaults] setObject:hashedDict forKey:kMPSettingsKeyRememeberdKeysForDatabases];
+}
+
 @end
diff --git a/MacPass/NSString+MPHash.h b/MacPass/NSString+MPHash.h
new file mode 100644
index 00000000..9e28e674
--- /dev/null
+++ b/MacPass/NSString+MPHash.h
@@ -0,0 +1,17 @@
+//
+//  NSString+MPHash.h
+//  MacPass
+//
+//  Created by Michael Starke on 05/02/16.
+//  Copyright © 2016 HicknHack Software GmbH. All rights reserved.
+//
+
+#import <Foundation/Foundation.h>
+
+@interface NSString (MPHash)
+
+@property (copy, readonly, nonatomic) NSString *sha1HexDigest;
+
++ (NSString *)sha1HexDigest:(NSString*)input;
+
+@end
diff --git a/MacPass/NSString+MPHash.m b/MacPass/NSString+MPHash.m
new file mode 100644
index 00000000..6003fd7c
--- /dev/null
+++ b/MacPass/NSString+MPHash.m
@@ -0,0 +1,34 @@
+//
+//  NSString+MPHash.m
+//  MacPass
+//
+//  Created by Michael Starke on 05/02/16.
+//  Copyright © 2016 HicknHack Software GmbH. All rights reserved.
+//
+
+#import "NSString+MPHash.h"
+
+#import <CommonCrypto/CommonCrypto.h>
+
+@implementation NSString (MPHash)
+
++ (NSString*)sha1HexDigest:(NSString*)input {
+  if(input.length == 0) {
+    return nil;
+  }
+  const char* str = input.UTF8String;
+  unsigned char result[CC_SHA1_DIGEST_LENGTH];
+  CC_SHA1(str, (CC_LONG)strlen(str), result);
+  
+  NSMutableString *hexDigest = [NSMutableString stringWithCapacity:CC_SHA1_DIGEST_LENGTH*2];
+  for(int i = 0; i<CC_SHA1_DIGEST_LENGTH; i++) {
+    [hexDigest appendFormat:@"%02x",result[i]];
+  }
+  return hexDigest;
+}
+
+- (NSString *)sha1HexDigest {
+  return [NSString sha1HexDigest:self];
+}
+
+@end