Enabling strict memory safety.

Sources/Packages/Package.swift

@@ -77,7 +77,7 @@ let package = Package(
         ),
         .target(
             name: "XPCWrappers",
-            swiftSettings: swiftSettings + [.treatWarning("DeprecatedDeclaration", as: .warning)],
+            swiftSettings: swiftSettings,
         ),
     ]
 )
@@ -90,5 +90,6 @@ var swiftSettings: [PackageDescription.SwiftSetting] {
     [
         .swiftLanguageMode(.v6),
         .treatAllWarnings(as: .error),
+        .strictMemorySafety()
     ]
 }

Sources/Packages/Sources/SecretAgentKit/Agent.swift

@@ -84,7 +84,7 @@ extension Agent {
         }
         logger.log("Agent enumerated \(count) identities")
         var countBigEndian = UInt32(count).bigEndian
-        let countData = Data(bytes: &countBigEndian, count: MemoryLayout<UInt32>.size)
+        let countData = unsafe Data(bytes: &countBigEndian, count: MemoryLayout<UInt32>.size)
         return countData + keyData
     }
 
@@ -150,7 +150,7 @@ extension SSHAgent.Response {
 
     var data: Data {
         var raw = self.rawValue
-        return Data(bytes: &raw, count: MemoryLayout<UInt8>.size)
+        return unsafe Data(bytes: &raw, count: MemoryLayout<UInt8>.size)
     }
 
 }

Sources/Packages/Sources/SecretAgentKit/FileHandleProtocols.swift

@@ -5,8 +5,8 @@ extension FileHandle {
     public var pidOfConnectedProcess: Int32 {
         let pidPointer = UnsafeMutableRawPointer.allocate(byteCount: MemoryLayout<Int32>.size, alignment: 1)
         var len = socklen_t(MemoryLayout<Int32>.size)
-        getsockopt(fileDescriptor, SOCK_STREAM, LOCAL_PEERPID, pidPointer, &len)
+        unsafe getsockopt(fileDescriptor, SOCK_STREAM, LOCAL_PEERPID, pidPointer, &len)
-        return pidPointer.load(as: Int32.self)
+        return unsafe pidPointer.load(as: Int32.self)
     }
 
 }

Sources/Packages/Sources/SecretAgentKit/OpenSSHReader.swift

@@ -29,7 +29,7 @@ final class OpenSSHReader {
         let lengthRange = 0..<size
         let lengthChunk = remaining[lengthRange]
         remaining.removeSubrange(lengthRange)
-        return lengthChunk.bytes.unsafeLoad(as: T.self)
+        return unsafe lengthChunk.bytes.unsafeLoad(as: T.self)
     }
 
     func readNextChunkAsString(convertEndianness: Bool = true) throws(OpenSSHReaderError) -> String {

Sources/Packages/Sources/SecretAgentKit/SSHAgentInputParser.swift

@@ -21,7 +21,7 @@ public struct SSHAgentInputParser: SSHAgentInputParserProtocol {
         guard data.count > 4 else {
             throw .invalidData
         }
-        let specifiedLength = (data[0..<4].bytes.unsafeLoad(as: UInt32.self).bigEndian) + 4
+        let specifiedLength = unsafe (data[0..<4].bytes.unsafeLoad(as: UInt32.self).bigEndian) + 4
         let rawRequestInt = data[4]
         let remainingDataRange = 5..<min(Int(specifiedLength), data.count)
         lazy var body: Data = { Data(data[remainingDataRange]) }()

Sources/Packages/Sources/SecretAgentKit/SigningRequestTracer.swift

@@ -25,11 +25,11 @@ extension SigningRequestTracer {
     /// - Parameter pid: The process ID to look up.
     /// - Returns: a `kinfo_proc` struct describing the process ID.
     func pidAndNameInfo(from pid: Int32) -> kinfo_proc {
-        var len = MemoryLayout<kinfo_proc>.size
+        var len = unsafe MemoryLayout<kinfo_proc>.size
         let infoPointer = UnsafeMutableRawPointer.allocate(byteCount: len, alignment: 1)
         var name: [Int32] = [CTL_KERN, KERN_PROC, KERN_PROC_PID, pid]
-        sysctl(&name, UInt32(name.count), infoPointer, &len, nil, 0)
+        unsafe sysctl(&name, UInt32(name.count), infoPointer, &len, nil, 0)
-        return infoPointer.load(as: kinfo_proc.self)
+        return unsafe infoPointer.load(as: kinfo_proc.self)
     }
 
     /// Generates a ``SecretKit.SigningRequestProvenance.Process`` from a provided process ID.
@@ -37,18 +37,18 @@ extension SigningRequestTracer {
     /// - Returns: A ``SecretKit.SigningRequestProvenance.Process`` describing the process.
     func process(from pid: Int32) -> SigningRequestProvenance.Process {
         var pidAndNameInfo = self.pidAndNameInfo(from: pid)
-        let ppid = pidAndNameInfo.kp_eproc.e_ppid != 0 ? pidAndNameInfo.kp_eproc.e_ppid : nil
+        let ppid = unsafe pidAndNameInfo.kp_eproc.e_ppid != 0 ? pidAndNameInfo.kp_eproc.e_ppid : nil
-        let procName = withUnsafeMutablePointer(to: &pidAndNameInfo.kp_proc.p_comm.0) { pointer in
+        let procName = unsafe withUnsafeMutablePointer(to: &pidAndNameInfo.kp_proc.p_comm.0) { pointer in
-            String(cString: pointer)
+            unsafe String(cString: pointer)
         }
 
         let pathPointer = UnsafeMutablePointer<UInt8>.allocate(capacity: Int(MAXPATHLEN))
-        _ = proc_pidpath(pid, pathPointer, UInt32(MAXPATHLEN))
+        _ = unsafe proc_pidpath(pid, pathPointer, UInt32(MAXPATHLEN))
-        let path = String(cString: pathPointer)
+        let path = unsafe String(cString: pathPointer)
         var secCode: Unmanaged<SecCode>!
         let flags: SecCSFlags = [.considerExpiration, .enforceRevocationChecks]
-        SecCodeCreateWithPID(pid, SecCSFlags(), &secCode)
+        unsafe SecCodeCreateWithPID(pid, SecCSFlags(), &secCode)
-        let valid = SecCodeCheckValidity(secCode.takeRetainedValue(), flags, nil) == errSecSuccess
+        let valid = unsafe SecCodeCheckValidity(secCode.takeRetainedValue(), flags, nil) == errSecSuccess
         return SigningRequestProvenance.Process(pid: pid, processName: procName, appName: appName(for: pid), iconURL: iconURL(for: pid), path: path, validSignature: valid, parentPID: ppid)
     }
 

Sources/Packages/Sources/SecretAgentKit/SocketController.swift

@@ -134,10 +134,10 @@ private extension SocketPort {
     convenience init(path: String) {
         var addr = sockaddr_un()
 
-        let length = withUnsafeMutablePointer(to: &addr.sun_path.0) { pointer in
+        let length = unsafe withUnsafeMutablePointer(to: &addr.sun_path.0) { pointer in
-            path.withCString { cstring in
+            unsafe path.withCString { cstring in
-                let len = strlen(cstring)
+                let len = unsafe strlen(cstring)
-                strncpy(pointer, cstring, len)
+                unsafe strncpy(pointer, cstring, len)
                 return len
             }
         }
@@ -147,10 +147,7 @@ private extension SocketPort {
         // This mirrors the SUN_LEN macro format.
         addr.sun_len = UInt8(MemoryLayout<sockaddr_un>.size - MemoryLayout.size(ofValue: addr.sun_path) + length)
 
-        let data = withUnsafePointer(to: &addr) { pointer in
+        let data = unsafe Data(bytes: &addr, count: MemoryLayout<sockaddr_un>.size)
-            Data(bytes: pointer, count: MemoryLayout<sockaddr_un>.size)
-        }
-
         self.init(protocolFamily: AF_UNIX, socketType: SOCK_STREAM, protocol: 0, address: data)!
     }
 

Sources/Packages/Sources/SecretKit/KeychainTypes.swift

@@ -36,12 +36,12 @@ public struct KeychainError: Error {
 /// A signing-related error.
 public struct SigningError: Error {
     /// The underlying error reported by the API, if one was returned.
-    public let error: SecurityError?
+    public let error: CFError?
 
     /// Initializes a SigningError with an optional SecurityError.
     /// - Parameter statusCode: The SecurityError, if one is applicable.
     public init(error: SecurityError?) {
-        self.error = error
+        self.error = unsafe error?.takeRetainedValue()
     }
 
 }

Sources/Packages/Sources/SecretKit/OpenSSH/LengthAndData.swift

@@ -7,7 +7,7 @@ extension Data {
     package var lengthAndData: Data {
         let rawLength = UInt32(count)
         var endian = rawLength.bigEndian
-        return Data(bytes: &endian, count: MemoryLayout<UInt32>.size) + self
+        return unsafe Data(bytes: &endian, count: MemoryLayout<UInt32>.size) + self
     }
 
 }

Sources/Packages/Sources/SecureEnclaveSecretKit/CryptoKitMigrator.swift

@@ -27,7 +27,7 @@ extension SecureEnclave {
                 kSecReturnAttributes: true
             ])
             var privateUntyped: CFTypeRef?
-            SecItemCopyMatching(privateAttributes, &privateUntyped)
+            unsafe SecItemCopyMatching(privateAttributes, &privateUntyped)
             guard let privateTyped = privateUntyped as? [[CFString: Any]] else { return }
             let migratedPublicKeys = Set(store.secrets.map(\.publicKey))
             var migratedAny = false
@@ -40,7 +40,7 @@ extension SecureEnclave {
                 }
                 let ref = key[kSecValueRef] as! SecKey
                 let attributes = SecKeyCopyAttributes(ref) as! [CFString: Any]
-                let tokenObjectID = attributes[Constants.tokenObjectID] as! Data
+                let tokenObjectID = unsafe attributes[Constants.tokenObjectID] as! Data
                 let accessControl = attributes[kSecAttrAccessControl] as! SecAccessControl
                 // Best guess.
                 let auth: AuthenticationRequirement = String(describing: accessControl)

Sources/Packages/Sources/SecureEnclaveSecretKit/PersistentAuthenticationHandler.swift

@@ -21,7 +21,7 @@ extension SecureEnclave {
         ///   - duration: The duration of the authorization context, in seconds.
         init(secret: Secret, context: LAContext, duration: TimeInterval) {
             self.secret = secret
-            self.context = context
+            unsafe self.context = context
             let durationInNanoSeconds = Measurement(value: duration, unit: UnitDuration.seconds).converted(to: .nanoseconds).value
             self.monotonicExpiration = clock_gettime_nsec_np(CLOCK_MONOTONIC) + UInt64(durationInNanoSeconds)
         }

Sources/Packages/Sources/SecureEnclaveSecretKit/SecureEnclaveStore.swift

@@ -2,7 +2,7 @@ import Foundation
 import Observation
 import Security
 import CryptoKit
-@preconcurrency import LocalAuthentication
+import LocalAuthentication
 import SecretKit
 import os
 
@@ -40,7 +40,7 @@ extension SecureEnclave {
         public func sign(data: Data, with secret: Secret, for provenance: SigningRequestProvenance) async throws -> Data {
             var context: LAContext
             if let existing = await persistentAuthenticationHandler.existingPersistedAuthenticationContext(secret: secret) {
-                context = existing.context
+                context = unsafe existing.context
             } else {
                 let newContext = LAContext()
                 newContext.localizedReason = String(localized: .authContextRequestSignatureDescription(appName: provenance.origin.displayName, secretName: secret.name))
@@ -57,7 +57,7 @@ extension SecureEnclave {
                 kSecReturnData: true,
             ])
             var untyped: CFTypeRef?
-            let status = SecItemCopyMatching(queryAttributes, &untyped)
+            let status = unsafe SecItemCopyMatching(queryAttributes, &untyped)
             if status != errSecSuccess {
                 throw KeychainError(statusCode: status)
             }
@@ -121,12 +121,12 @@ extension SecureEnclave {
                 fatalError()
             }
             let access =
-                SecAccessControlCreateWithFlags(kCFAllocatorDefault,
+            unsafe SecAccessControlCreateWithFlags(kCFAllocatorDefault,
                                                 kSecAttrAccessibleWhenUnlockedThisDeviceOnly,
                                                 flags,
                                                 &accessError)
-            if let error = accessError {
+            if let error = unsafe accessError {
-                throw error.takeRetainedValue() as Error
+                throw unsafe error.takeRetainedValue() as Error
             }
             let dataRep: Data
             let publicKey: Data
@@ -214,7 +214,7 @@ extension SecureEnclave.Store {
             kSecReturnAttributes: true
             ])
         var untyped: CFTypeRef?
-        SecItemCopyMatching(queryAttributes, &untyped)
+        unsafe SecItemCopyMatching(queryAttributes, &untyped)
         guard let typed = untyped as? [[CFString: Any]] else { return }
         let wrapped: [SecureEnclave.Secret] = typed.compactMap {
             do {

Sources/Packages/Sources/SmartCardSecretKit/SmartCardStore.swift

@@ -1,7 +1,7 @@
 import Foundation
 import Observation
 import Security
-@preconcurrency import CryptoTokenKit
+@unsafe @preconcurrency import CryptoTokenKit
 import LocalAuthentication
 import SecretKit
 
@@ -70,7 +70,7 @@ extension SmartCard {
                 kSecReturnRef: true
             ])
             var untyped: CFTypeRef?
-            let status = SecItemCopyMatching(attributes, &untyped)
+            let status = unsafe SecItemCopyMatching(attributes, &untyped)
             if status != errSecSuccess {
                 throw KeychainError(statusCode: status)
             }
@@ -80,8 +80,8 @@ extension SmartCard {
             let key = untypedSafe as! SecKey
             var signError: SecurityError?
             guard let algorithm = signatureAlgorithm(for: secret) else { throw UnsupportKeyType() }
-            guard let signature = SecKeyCreateSignature(key, algorithm, data as CFData, &signError) else {
+            guard let signature = unsafe SecKeyCreateSignature(key, algorithm, data as CFData, &signError) else {
-                throw SigningError(error: signError)
+                throw unsafe SigningError(error: signError)
             }
             return signature as Data
         }
@@ -152,7 +152,7 @@ extension SmartCard.Store {
             kSecReturnAttributes: true
         ])
         var untyped: CFTypeRef?
-        SecItemCopyMatching(attributes, &untyped)
+        unsafe SecItemCopyMatching(attributes, &untyped)
         guard let typed = untyped as? [[CFString: Any]] else { return }
         let wrapped: [SecretType] = typed.compactMap {
             let name = $0[kSecAttrLabel] as? String ?? String(localized: .unnamedSecret)

Sources/Secretive.xcodeproj/project.pbxproj

@@ -51,8 +51,8 @@
 		5066A6C82516FE6E004B5A36 /* CopyableView.swift in Sources */ = {isa = PBXBuildFile; fileRef = 5066A6C72516FE6E004B5A36 /* CopyableView.swift */; };
 		506772C72424784600034DED /* Credits.rtf in Resources */ = {isa = PBXBuildFile; fileRef = 506772C62424784600034DED /* Credits.rtf */; };
 		506772C92425BB8500034DED /* NoStoresView.swift in Sources */ = {isa = PBXBuildFile; fileRef = 506772C82425BB8500034DED /* NoStoresView.swift */; };
-		50692C5B2E6EB8D40043C7BB /* LaunchConstraints.coderequirement in Resources */ = {isa = PBXBuildFile; fileRef = 50692C5A2E6EB8D40043C7BB /* LaunchConstraints.coderequirement */; };
 		50692BA62E6D5CC90043C7BB /* InternetAccessPolicy.plist in Resources */ = {isa = PBXBuildFile; fileRef = 50692BA52E6D5CC90043C7BB /* InternetAccessPolicy.plist */; };
+		50692C5B2E6EB8D40043C7BB /* LaunchConstraints.coderequirement in Resources */ = {isa = PBXBuildFile; fileRef = 50692C5A2E6EB8D40043C7BB /* LaunchConstraints.coderequirement */; };
 		5079BA0F250F29BF00EA86F4 /* StoreListView.swift in Sources */ = {isa = PBXBuildFile; fileRef = 5079BA0E250F29BF00EA86F4 /* StoreListView.swift */; };
 		508A58AA241E06B40069DC07 /* PreviewUpdater.swift in Sources */ = {isa = PBXBuildFile; fileRef = 508A58A9241E06B40069DC07 /* PreviewUpdater.swift */; };
 		508A58B3241ED2180069DC07 /* AgentStatusChecker.swift in Sources */ = {isa = PBXBuildFile; fileRef = 508A58B2241ED2180069DC07 /* AgentStatusChecker.swift */; };
@@ -203,8 +203,8 @@
 		5066A6C72516FE6E004B5A36 /* CopyableView.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = CopyableView.swift; sourceTree = "<group>"; };
 		506772C62424784600034DED /* Credits.rtf */ = {isa = PBXFileReference; lastKnownFileType = text.rtf; path = Credits.rtf; sourceTree = "<group>"; };
 		506772C82425BB8500034DED /* NoStoresView.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = NoStoresView.swift; sourceTree = "<group>"; };
-		50692C5A2E6EB8D40043C7BB /* LaunchConstraints.coderequirement */ = {isa = PBXFileReference; lastKnownFileType = text.xml; path = LaunchConstraints.coderequirement; sourceTree = "<group>"; };
 		50692BA52E6D5CC90043C7BB /* InternetAccessPolicy.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = InternetAccessPolicy.plist; sourceTree = "<group>"; };
+		50692C5A2E6EB8D40043C7BB /* LaunchConstraints.coderequirement */ = {isa = PBXFileReference; lastKnownFileType = text.xml; path = LaunchConstraints.coderequirement; sourceTree = "<group>"; };
 		5079BA0E250F29BF00EA86F4 /* StoreListView.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = StoreListView.swift; sourceTree = "<group>"; };
 		508A58A9241E06B40069DC07 /* PreviewUpdater.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = PreviewUpdater.swift; sourceTree = "<group>"; };
 		508A58AB241E121B0069DC07 /* Config.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = Config.xcconfig; sourceTree = "<group>"; };
@@ -1065,6 +1065,8 @@
 				SWIFT_ACTIVE_COMPILATION_CONDITIONS = DEBUG;
 				SWIFT_EMIT_LOC_STRINGS = YES;
 				SWIFT_OPTIMIZATION_LEVEL = "-Onone";
+				SWIFT_STRICT_MEMORY_SAFETY = YES;
+				SWIFT_TREAT_WARNINGS_AS_ERRORS = YES;
 				SWIFT_VERSION = 6.0;
 			};
 			name = Debug;
@@ -1132,6 +1134,8 @@
 				SWIFT_COMPILATION_MODE = wholemodule;
 				SWIFT_EMIT_LOC_STRINGS = YES;
 				SWIFT_OPTIMIZATION_LEVEL = "-O";
+				SWIFT_STRICT_MEMORY_SAFETY = YES;
+				SWIFT_TREAT_WARNINGS_AS_ERRORS = YES;
 				SWIFT_VERSION = 6.0;
 			};
 			name = Release;
@@ -1288,6 +1292,8 @@
 				SWIFT_ACTIVE_COMPILATION_CONDITIONS = DEBUG;
 				SWIFT_EMIT_LOC_STRINGS = YES;
 				SWIFT_OPTIMIZATION_LEVEL = "-Onone";
+				SWIFT_STRICT_MEMORY_SAFETY = YES;
+				SWIFT_TREAT_WARNINGS_AS_ERRORS = YES;
 				SWIFT_VERSION = 6.0;
 			};
 			name = Test;