Switched to archiving the complete composite key for TouchID unlock

cathyjf · Feb 14, 2021 · 431b636 · 431b636
1 parent 51bdf12
commit 431b636
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 12 deletions.
diff --git a/MacPass/Base.lproj/PasswordInputView.xib b/MacPass/Base.lproj/PasswordInputView.xib
@@ -16,7 +16,6 @@
                 <outlet property="messageInfoTextField" destination="268" id="ahE-sq-QzR"/>
                 <outlet property="passwordTextField" destination="338" id="495"/>
                 <outlet property="togglePasswordButton" destination="408" id="493"/>
-                <outlet property="touchIDEnabled" destination="Hs8-Tc-ezo" id="eqF-wX-rvg"/>
                 <outlet property="touchIdButton" destination="mQA-C0-JyU" id="fM3-PG-1OB"/>
                 <outlet property="touchIdEnabled" destination="Hs8-Tc-ezo" id="9Go-LQ-mSw"/>
                 <outlet property="unlockButton" destination="2" id="ZRr-Ui-ExP"/>

diff --git a/MacPass/MPPasswordInputController.m b/MacPass/MPPasswordInputController.m
@@ -149,7 +149,7 @@ - (IBAction)_submit:(id)sender {
   BOOL result = self.completionHandler(compositeKey, keyURL, cancel, &error);
   if(cancel || result) {
     if(result && self.keyPathControl.URL == nil && self.touchIdEnabled.state) {
-      [self _storePasswordForTouchIDUnlock:password forDatabase:self.absoluteURLString];
+      [self _storePasswordForTouchIDUnlock:compositeKey forDatabase:self.absoluteURLString];
     }
     return;
   }
@@ -210,8 +210,8 @@ - (void) _createAndAddRSAKeyPair {
   }
 }
 
-- (void) _storePasswordForTouchIDUnlock: (NSString*) password forDatabase: (NSString*) databaseId {
-  NSData* passwordData = [password dataUsingEncoding:NSUTF8StringEncoding];
+- (void) _storePasswordForTouchIDUnlock: (KPKCompositeKey*) compositeKey forDatabase: (NSString*) databaseId {
+  NSData* keyData = [NSKeyedArchiver archivedDataWithRootObject:compositeKey];
   NSData* tag = [@"com.hicknhacksoftware.macpass.publickey" dataUsingEncoding:NSUTF8StringEncoding];
   NSDictionary *getquery = @{
     (id)kSecClass: (id)kSecClassKey,
@@ -235,9 +235,9 @@ - (void) _storePasswordForTouchIDUnlock: (NSString*) password forDatabase: (NSSt
     int k = (int)SecKeyGetBlockSize(publicKey);
     int hlen = 512 / 8;
     int maxMessageLengthInByte = k - 2 * hlen - 2;
-    if([passwordData length] <= maxMessageLengthInByte) {
+    if([keyData length] <= maxMessageLengthInByte) {
       CFErrorRef error = NULL;
-      NSData* cipherText = (NSData*)CFBridgingRelease(SecKeyCreateEncryptedData(publicKey, algorithm, (__bridge CFDataRef)passwordData, &error));
+      NSData* cipherText = (NSData*)CFBridgingRelease(SecKeyCreateEncryptedData(publicKey, algorithm, (__bridge CFDataRef)keyData, &error));
       if (cipherText) {
         [touchIDSecuredPasswords setObject:cipherText forKey:databaseId];
       }
@@ -257,8 +257,8 @@ - (void) _storePasswordForTouchIDUnlock: (NSString*) password forDatabase: (NSSt
   if (publicKey)  { CFRelease(publicKey);  }
 }
 
-- (NSString*) _loadPasswordForTochIDUnlock: (NSString*) databaseId {
-  NSString* result = nil;
+- (KPKCompositeKey*) _loadPasswordForTochIDUnlock: (NSString*) databaseId {
+  KPKCompositeKey* result = nil;
   NSData* cipherText = [touchIDSecuredPasswords valueForKey:databaseId];
   if(cipherText != nil) {
     NSData* tag = [@"com.hicknhacksoftware.macpass.privatekey" dataUsingEncoding:NSUTF8StringEncoding];
@@ -278,7 +278,7 @@ - (NSString*) _loadPasswordForTochIDUnlock: (NSString*) databaseId {
           CFErrorRef error = NULL;
           NSData* clearText = (NSData*)CFBridgingRelease(SecKeyCreateDecryptedData(privateKey, algorithm, (__bridge CFDataRef)cipherText, &error));
           if (clearText) {
-            result = [[NSString alloc]initWithData:clearText encoding:NSUTF8StringEncoding];
+            result = [NSKeyedUnarchiver unarchiveObjectWithData:clearText];
           }
           else {
             NSError *err = CFBridgingRelease(error);
@@ -408,10 +408,9 @@ - (void)_didSetKeyURL:(NSNotification *)notification {
 }
 
 - (IBAction)unlockWithTouchID:(id)sender {
-  NSString* password = [self _loadPasswordForTochIDUnlock:self.absoluteURLString];
-  if(password != nil) {
+  KPKCompositeKey* compositeKey = [self _loadPasswordForTochIDUnlock:self.absoluteURLString];
+  if(compositeKey != nil) {
     NSError* error;
-    KPKCompositeKey *compositeKey = [[KPKCompositeKey alloc] initWithPassword:password keyFileData:nil];
     self.completionHandler(compositeKey, nil, false, &error);
     [self _showError:error];
   }