From c123120882673d8d96313e3675b566fa3b7b0c87 Mon Sep 17 00:00:00 2001
From: Michael Starke <michael.starke@hicknhack-software.com>
Date: Thu, 23 Feb 2023 23:07:12 +0100
Subject: [PATCH] feature(TouchId): use new key storage dictionary instead of a
 lot of file based default keys

---
 .../MPDocument+BiometricEncryptionSupport.m   |  4 --
 MacPass/MPTouchIdCompositeKeyStore.m          | 38 +++++++++++++++----
 2 files changed, 30 insertions(+), 12 deletions(-)

diff --git a/MacPass/MPDocument+BiometricEncryptionSupport.m b/MacPass/MPDocument+BiometricEncryptionSupport.m
index af21dc18..8f0389cd 100644
--- a/MacPass/MPDocument+BiometricEncryptionSupport.m
+++ b/MacPass/MPDocument+BiometricEncryptionSupport.m
@@ -16,10 +16,6 @@
 @dynamic biometricKey;
 
 - (NSString *)biometricKey {
-  if(nil == self.fileURL || nil == self.fileURL.lastPathComponent) {
-    return nil;
-  }
-  
   return [self.fileURL.lastPathComponent sha1HexDigest];
 }
 
diff --git a/MacPass/MPTouchIdCompositeKeyStore.m b/MacPass/MPTouchIdCompositeKeyStore.m
index 5b698b8e..6925db91 100644
--- a/MacPass/MPTouchIdCompositeKeyStore.m
+++ b/MacPass/MPTouchIdCompositeKeyStore.m
@@ -44,7 +44,7 @@
   switch(touchIdEnabledState) {
     case MPTouchIDKeyStorageTransient:
       // clear persistent store
-      [NSUserDefaults.standardUserDefaults removeObjectForKey:kMPSettingsKeyTouchIdEncryptedKeyStore];
+      [self _clearPersistenCompositeKeyData];
       break;
     case MPTouchIDKeyStoragePersistent:
       // clear transient store
@@ -52,9 +52,10 @@
       break;
     default:
       // clear persitent and transient store
-      [NSUserDefaults.standardUserDefaults removeObjectForKey:kMPSettingsKeyTouchIdEncryptedKeyStore];
+      [self _clearPersistenCompositeKeyData];
       [self.keys removeAllObjects];
   }
+  _touchIdEnabledState = touchIdEnabledState;
 }
 
 - (void)saveCompositeKey:(KPKCompositeKey *)compositeKey forDocumentKey:(NSString *)documentKey {
@@ -64,11 +65,10 @@
     NSLog(@"Unable ot encrypt composite key: %@", error);
     return;
   }
-  
-  /* FIXME this behavour is wrong. Old keys do not get cleared so this leaves a lot of data behind that should be cleaned up*/
+
   switch(self.touchIdEnabledState) {
     case MPTouchIDKeyStorageTransient:
-      [NSUserDefaults.standardUserDefaults removeObjectForKey:documentKey];
+      [self _clearPersistenCompositeKeyData];
       if(nil != encryptedCompositeKey) {
         self.keys[documentKey] = encryptedCompositeKey;
       }
@@ -76,11 +76,11 @@
     case MPTouchIDKeyStoragePersistent:
       self.keys[documentKey] = nil;
       if(nil != encryptedCompositeKey) {
-        [NSUserDefaults.standardUserDefaults setObject:encryptedCompositeKey forKey:documentKey];
+        [self _persistCompositeKeyData:encryptedCompositeKey forDocumentKey:documentKey];
       }
       break;
     case MPTouchIDKeyStorageDisabled:
-      [NSUserDefaults.standardUserDefaults removeObjectForKey:documentKey];
+      [self _clearPersistenCompositeKeyData];
       self.keys[documentKey] = nil;
       break;
     default:
@@ -91,7 +91,7 @@
 - (NSData *)loadEncryptedCompositeKeyForDocumentKey:(NSString *)documentKey {
   NSInteger touchIdMode = [NSUserDefaults.standardUserDefaults integerForKey:kMPSettingsKeyTouchIdEnabled];
   NSData* transientKey  = self.keys[documentKey];
-  NSData* persistentKey = [NSUserDefaults.standardUserDefaults dataForKey:documentKey];
+  NSData* persistentKey = [self _persitentCompositeKeyDataForDocumentKey:documentKey];
   if(nil == transientKey && nil == persistentKey) {
     return nil;
   }
@@ -247,5 +247,27 @@
   }
 }
 
+- (NSData *)_persitentCompositeKeyDataForDocumentKey:(NSString *)key {
+  if(key.length == 0) {
+    return nil;
+  }
+  return [NSUserDefaults.standardUserDefaults objectForKey:kMPSettingsKeyTouchIdEncryptedKeyStore][key];
+}
+
+- (void)_persistCompositeKeyData:(NSData *)data forDocumentKey:(NSString *)key {
+  if(data.length == 0 || key.length == 0) {
+    return;
+  }
+  NSMutableDictionary *dict = [[NSUserDefaults.standardUserDefaults objectForKey:kMPSettingsKeyTouchIdEncryptedKeyStore] mutableCopy];
+  if(nil == dict) {
+    dict = [[NSMutableDictionary alloc] init];
+  }
+  dict[key] = data;
+  [NSUserDefaults.standardUserDefaults setObject:[dict copy] forKey:kMPSettingsKeyTouchIdEncryptedKeyStore];
+}
+
+- (void)_clearPersistenCompositeKeyData {
+  [NSUserDefaults.standardUserDefaults removeObjectForKey:kMPSettingsKeyTouchIdEncryptedKeyStore];
+}
 
 @end