Refactored touchID codebase to be more in line with the rest.

Fixed a lot of potential memory leaks
Fixed all issues reported analyzer

MacPass.xcodeproj/project.pbxproj

@@ -28,6 +28,7 @@
 		4C0F647B17B6BC9C00D9522A /* MPSavePanelAccessoryViewController.m in Sources */ = {isa = PBXBuildFile; fileRef = 4C0F647A17B6BC9C00D9522A /* MPSavePanelAccessoryViewController.m */; };
 		4C10207F1B750E2F00BFCD59 /* MPTestAutotype.m in Sources */ = {isa = PBXBuildFile; fileRef = 4C10207E1B750E2F00BFCD59 /* MPTestAutotype.m */; };
 		4C10412C178CDD44001B5239 /* NSDate+Humanized.m in Sources */ = {isa = PBXBuildFile; fileRef = 4C10412B178CDD44001B5239 /* NSDate+Humanized.m */; };
+		4C11BE6928B3B54900E2DAEA /* MPDocument+BiometricEncryptionSupport.m in Sources */ = {isa = PBXBuildFile; fileRef = 4C11BE6828B3B54900E2DAEA /* MPDocument+BiometricEncryptionSupport.m */; };
 		4C15B74618BCA3B1003F8008 /* MPDocument+Search.m in Sources */ = {isa = PBXBuildFile; fileRef = 4C15B74518BCA3B1003F8008 /* MPDocument+Search.m */; };
 		4C17D11E2250EFBC00C650C4 /* SavePanelAccessoryView.xib in Resources */ = {isa = PBXBuildFile; fileRef = 4C17D1202250EFBC00C650C4 /* SavePanelAccessoryView.xib */; };
 		4C17D8E517A1C780006C8C1E /* MPDocumentWindowDelegate.m in Sources */ = {isa = PBXBuildFile; fileRef = 4C17D8E417A1C780006C8C1E /* MPDocumentWindowDelegate.m */; };
@@ -401,6 +402,8 @@
 		4C10207E1B750E2F00BFCD59 /* MPTestAutotype.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = MPTestAutotype.m; sourceTree = "<group>"; };
 		4C10412A178CDD44001B5239 /* NSDate+Humanized.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "NSDate+Humanized.h"; sourceTree = "<group>"; };
 		4C10412B178CDD44001B5239 /* NSDate+Humanized.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = "NSDate+Humanized.m"; sourceTree = "<group>"; };
+		4C11BE6728B3B54900E2DAEA /* MPDocument+BiometricEncryptionSupport.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = "MPDocument+BiometricEncryptionSupport.h"; sourceTree = "<group>"; };
+		4C11BE6828B3B54900E2DAEA /* MPDocument+BiometricEncryptionSupport.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = "MPDocument+BiometricEncryptionSupport.m"; sourceTree = "<group>"; };
 		4C15B74518BCA3B1003F8008 /* MPDocument+Search.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = "MPDocument+Search.m"; sourceTree = "<group>"; };
 		4C17D11F2250EFBC00C650C4 /* Base */ = {isa = PBXFileReference; lastKnownFileType = file.xib; name = Base; path = Base.lproj/SavePanelAccessoryView.xib; sourceTree = "<group>"; };
 		4C17D1222250EFBF00C650C4 /* de */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = de; path = de.lproj/SavePanelAccessoryView.strings; sourceTree = "<group>"; };
@@ -1423,6 +1426,8 @@
 				6E719715172058BA00E4C5FC /* MPDatabaseVersion.h */,
 				4CE5B548173AFBA700207B39 /* MPDocument.h */,
 				4CE5B549173AFBA700207B39 /* MPDocument.m */,
+				4C11BE6728B3B54900E2DAEA /* MPDocument+BiometricEncryptionSupport.h */,
+				4C11BE6828B3B54900E2DAEA /* MPDocument+BiometricEncryptionSupport.m */,
 				4C3666401787327E00B249F1 /* MPDocument+Attachments.m */,
 				4C1FA07A18231900003A3F8C /* MPDocument+Autotype.m */,
 				4C6B7C7C18BE7EB0001D5D77 /* MPDocument+History.m */,
@@ -2027,7 +2032,7 @@
 			isa = PBXProject;
 			attributes = {
 				CLASSPREFIX = MP;
-				LastUpgradeCheck = 1250;
+				LastUpgradeCheck = 1340;
 				ORGANIZATIONNAME = "HicknHack Software GmbH";
 				TargetAttributes = {
 					4C77E36115B84A240093A587 = {
@@ -2384,6 +2389,7 @@
 				4C4B7EE917A45EC6000234C7 /* MPDatePickingViewController.m in Sources */,
 				4C4B7EEE17A467E1000234C7 /* MPGroupInspectorViewController.m in Sources */,
 				4C71BCB72167B79C00B4CBDA /* MPPluginVersionComparator.m in Sources */,
+				4C11BE6928B3B54900E2DAEA /* MPDocument+BiometricEncryptionSupport.m in Sources */,
 				4C4B7EF317A467FC000234C7 /* MPEntryInspectorViewController.m in Sources */,
 				4C1BDF2B1E4392640012A3F0 /* MPPluginDataViewController.m in Sources */,
 				4C4B7EF817A4B335000234C7 /* MPUniqueCharactersFormatter.m in Sources */,

MacPass.xcodeproj/xcshareddata/xcschemes/MacPass.xcscheme

@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <Scheme
-   LastUpgradeVersion = "1250"
+   LastUpgradeVersion = "1340"
    version = "2.0">
    <BuildAction
       parallelizeBuildables = "YES"

MacPass/MPAutotypeDaemon.m

@@ -219,7 +219,8 @@ - (void)_runAutotypeWithEnvironment:(MPAutotypeEnvironment *)env {
     NSNotificationCenter * __weak nc = [NSNotificationCenter defaultCenter];
     MPAutotypeDaemon * __weak welf = self;
     NSTimeInterval requestTime = NSDate.date.timeIntervalSinceReferenceDate;
-    id __block unlockToken = [nc addObserverForName:MPDocumentDidUnlockDatabaseNotification
+    id __block unlockToken; // silence init value never read analyzer warning
+    unlockToken = [nc addObserverForName:MPDocumentDidUnlockDatabaseNotification
                                              object:nil
                                               queue:NSOperationQueue.mainQueue
                                          usingBlock:^(NSNotification *notification) {
@@ -247,7 +248,8 @@ - (void)_runAutotypeWithEnvironment:(MPAutotypeEnvironment *)env {
     NSNotificationCenter * __weak nc = [NSNotificationCenter defaultCenter];
     MPAutotypeDaemon * __weak welf = self;
     NSTimeInterval requestTime = NSDate.date.timeIntervalSinceReferenceDate;
-    id __block unlockToken = [nc addObserverForName:MPDocumentDidUnlockDatabaseNotification
+    id __block unlockToken; // silence init value never read analyzer warning
+    unlockToken = [nc addObserverForName:MPDocumentDidUnlockDatabaseNotification
                                              object:nil
                                               queue:NSOperationQueue.mainQueue
                                          usingBlock:^(NSNotification *notification) {
@@ -408,7 +410,8 @@ - (BOOL)_orderApplicationToFront:(pid_t)processIdentifier completionHandler:(voi
   }
 
   NSNotificationCenter * __weak nc = NSWorkspace.sharedWorkspace.notificationCenter;
-  id __block didActivateToken = [nc addObserverForName:NSWorkspaceDidActivateApplicationNotification
+  id __block didActivateToken; // silence init value never read analyzer warning
+  didActivateToken = [nc addObserverForName:NSWorkspaceDidActivateApplicationNotification
                                            object:nil
                                             queue:NSOperationQueue.mainQueue
                                        usingBlock:^(NSNotification *notification) {

MacPass/MPConstants.h

@@ -44,7 +44,7 @@ FOUNDATION_EXPORT NSString *const MPPluginCompatibilityURLKey;
 /**
  Keychain Keys
  */
-extern NSString *const TouchIdUnlockPublicKeyTag;
-extern NSString *const TouchIdUnlockPrivateKeyTag;
+extern NSString *const MPTouchIdUnlockPublicKeyTag;
+extern NSString *const MPTouchIdUnlockPrivateKeyTag;
 
 #endif

MacPass/MPConstants.m

@@ -31,6 +31,6 @@
 NSString *const MPBundlePluginRepositoryURLKey    = @"MPPluginRepositoryURL";
 NSString *const MPPluginCompatibilityURLKey  = @"MPPluginCompatibilityURLKey";
 
-NSString *const TouchIdUnlockPublicKeyTag = @"com.hicknhacksoftware.macpass.publickey";
-NSString *const TouchIdUnlockPrivateKeyTag = @"com.hicknhacksoftware.macpass.privatekey";
+NSString *const MPTouchIdUnlockPublicKeyTag = @"com.hicknhacksoftware.macpass.publickey";
+NSString *const MPTouchIdUnlockPrivateKeyTag = @"com.hicknhacksoftware.macpass.privatekey";
 

MacPass/MPDocument+BiometricEncryptionSupport.h

@@ -0,0 +1,19 @@
+//
+//  MPDocument+BiometricEncryptionSupport.h
+//  MacPass
+//
+//  Created by Michael Starke on 22.08.22.
+//  Copyright © 2022 HicknHack Software GmbH. All rights reserved.
+//
+
+#import "MPDocument.h"
+
+NS_ASSUME_NONNULL_BEGIN
+
+@interface MPDocument (BiometricEncryptionSupport)
+@property (nonatomic, readonly, copy, nullable) NSString *biometricKey;
+@property (nonatomic, readonly, copy, nullable) NSData *encryptedKeyData;
+
+@end
+
+NS_ASSUME_NONNULL_END

MacPass/MPDocument+BiometricEncryptionSupport.m

@@ -0,0 +1,32 @@
+//
+//  MPDocument+BiometricEncryptionSupport.m
+//  MacPass
+//
+//  Created by Michael Starke on 22.08.22.
+//  Copyright © 2022 HicknHack Software GmbH. All rights reserved.
+//
+
+#import "MPDocument+BiometricEncryptionSupport.h"
+#import "MPSettingsHelper.h"
+#import "MPTouchIdCompositeKeyStore.h"
+
+@implementation MPDocument (BiometricEncryptionSupport)
+
+@dynamic biometricKey;
+
+- (NSString *)biometricKey {
+  if(nil == self.fileURL || nil == self.fileURL.lastPathComponent) {
+    return nil;
+  }
+  return [NSString stringWithFormat:kMPSettingsKeyEntryTouchIdDatabaseEncryptedKeyFormat, self.fileURL.lastPathComponent];
+}
+
+- (NSData *)encryptedKeyData {
+  NSString *documentKey = self.biometricKey;
+  if(nil == documentKey) {
+    return nil;
+  }
+  return [MPTouchIdCompositeKeyStore.defaultStore loadEncryptedCompositeKeyForDocumentKey:documentKey];
+}
+
+@end

MacPass/MPEntryInspectorViewController.m

@@ -346,7 +346,6 @@ - (BOOL)validateMenuItem:(NSMenuItem *)menuItem {
       return YES;
   }
 }
-
 #pragma mark -
 #pragma mark QLPreviewPanelDelegate
 

MacPass/MPIntegrationPreferencesController.m

@@ -138,27 +138,27 @@ - (void)runAutotypeDoctor:(id)sender {
 #pragma mark -
 #pragma mark Keychain Actions
 - (IBAction)RenewTouchIdKey:(id)sender {
-    NSData* publicKeyTag = [TouchIdUnlockPublicKeyTag dataUsingEncoding:NSUTF8StringEncoding];
+    NSData* publicKeyTag = [MPTouchIdUnlockPublicKeyTag dataUsingEncoding:NSUTF8StringEncoding];
     NSDictionary *publicKeyQuery = @{
       (id)kSecClass: (id)kSecClassKey,
       (id)kSecAttrApplicationTag: publicKeyTag,
       (id)kSecReturnRef: @YES,
     };
     OSStatus status = SecItemDelete((__bridge CFDictionaryRef)publicKeyQuery);
     if (status != errSecSuccess) {
-        NSString* description = (__bridge NSString*)SecCopyErrorMessageString(status, NULL);
+      NSString* description = CFBridgingRelease(SecCopyErrorMessageString(status, NULL));
         NSLog(@"Error while trying to delete public key from Keychain: %@", description);
     }
 
-    NSData* privateKeyTag = [TouchIdUnlockPrivateKeyTag dataUsingEncoding:NSUTF8StringEncoding];
+    NSData* privateKeyTag = [MPTouchIdUnlockPrivateKeyTag dataUsingEncoding:NSUTF8StringEncoding];
     NSDictionary *privateKeyQuery = @{
       (id)kSecClass: (id)kSecClassKey,
       (id)kSecAttrApplicationTag: privateKeyTag,
       (id)kSecReturnRef: @YES,
     };
     status = SecItemDelete((__bridge CFDictionaryRef)privateKeyQuery);
     if (status != errSecSuccess) {
-        NSString* description = (__bridge NSString*)SecCopyErrorMessageString(status, NULL);
+        NSString* description = CFBridgingRelease(SecCopyErrorMessageString(status, NULL));
         NSLog(@"Error while trying to delete private key from Keychain: %@", description);
     }
 }

MacPass/MPKeyMapper.m

@@ -88,6 +88,9 @@ + (NSString *)stringForModifiedKey:(MPModifiedKey)modifiedKey {
                            sizeof(chars) / sizeof(chars[0]),
                            &realLength,
                            chars);
+  if(0 != success) {
+    NSLog(@"Unable to transpate modifiedKey:%@", MPStringFromModifiedKey(modifiedKey));
+  }
   return CFBridgingRelease(CFStringCreateWithCharacters(kCFAllocatorDefault, chars, realLength));
 }
 

MacPass/MPModifiedKey.h

@@ -40,6 +40,10 @@ NS_INLINE BOOL MPIsValidModifiedKey(MPModifiedKey k) {
   return (k.keyCode == kMPUnknownKeyCode);
 }
 
+NS_INLINE NSString *MPStringFromModifiedKey(MPModifiedKey key) {
+  return [NSString stringWithFormat:@"keyCode:%hu %llud", key.keyCode, key.modifier];
+}
+
 @interface NSValue(NSValueMPModifiedKeyExtensions)
 @property (nonatomic, readonly, assign) MPModifiedKey modifiedKeyValue;
 + (instancetype)valueWithModifiedKey:(MPModifiedKey)key;

MacPass/MPPasswordEditWindowController.m

@@ -151,7 +151,7 @@ - (IBAction)clearKey:(id)sender {
 - (IBAction)generateKey:(id)sender {
   MPDocument *document = self.document;
   KPKFileVersion fileVersion = document.tree.minimumVersion;
-  NSArray *fileTypes = @[];
+  NSArray *fileTypes;
   KPKKeyFileType keyFileType;
 
   if(fileVersion.format == KPKDatabaseFormatUnknown) {