diff --git a/apps/browser/src/background/main.background.ts b/apps/browser/src/background/main.background.ts index 7ec277309c6..3ddad63fc0f 100644 --- a/apps/browser/src/background/main.background.ts +++ b/apps/browser/src/background/main.background.ts @@ -466,7 +466,8 @@ export default class MainBackground { this.cipherService, this.apiService, this.cryptoService, - this.cryptoFunctionService + this.cryptoFunctionService, + this.stateService ); this.notificationsService = new NotificationsService( this.syncService, diff --git a/apps/cli/src/bw.ts b/apps/cli/src/bw.ts index 432d8ea6dd7..489210815c6 100644 --- a/apps/cli/src/bw.ts +++ b/apps/cli/src/bw.ts @@ -378,7 +378,8 @@ export class Main { this.cipherService, this.apiService, this.cryptoService, - this.cryptoFunctionService + this.cryptoFunctionService, + this.stateService ); this.auditService = new AuditService(this.cryptoFunctionService, this.apiService); diff --git a/libs/angular/src/services/jslib-services.module.ts b/libs/angular/src/services/jslib-services.module.ts index 46ce0353397..5fa205d3acd 100644 --- a/libs/angular/src/services/jslib-services.module.ts +++ b/libs/angular/src/services/jslib-services.module.ts @@ -472,6 +472,7 @@ import { AbstractThemingService } from "./theming/theming.service.abstraction"; ApiServiceAbstraction, CryptoServiceAbstraction, CryptoFunctionServiceAbstraction, + StateServiceAbstraction, ], }, { diff --git a/libs/common/spec/services/export.service.spec.ts b/libs/common/spec/services/export.service.spec.ts index 330d4a9cfbe..076b274c789 100644 --- a/libs/common/spec/services/export.service.spec.ts +++ b/libs/common/spec/services/export.service.spec.ts @@ -9,6 +9,7 @@ import { Utils } from "@bitwarden/common/misc/utils"; import { EncString } from "@bitwarden/common/models/domain/enc-string"; import { CipherWithIdExport as CipherExport } from "@bitwarden/common/models/export/cipher-with-ids.export"; import { ExportService } from "@bitwarden/common/services/export.service"; +import { StateService } from "@bitwarden/common/services/state.service"; import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service"; import { FolderService } from "@bitwarden/common/vault/abstractions/folder/folder.service.abstraction"; import { CipherType } from "@bitwarden/common/vault/enums/cipher-type"; @@ -144,6 +145,7 @@ describe("ExportService", () => { let cipherService: SubstituteOf; let folderService: SubstituteOf; let cryptoService: SubstituteOf; + let stateService: SubstituteOf; beforeEach(() => { apiService = Substitute.for(); @@ -160,7 +162,8 @@ describe("ExportService", () => { cipherService, apiService, cryptoService, - cryptoFunctionService + cryptoFunctionService, + stateService ); }); diff --git a/libs/common/src/services/export.service.ts b/libs/common/src/services/export.service.ts index 10764599ec0..0367dc945cf 100644 --- a/libs/common/src/services/export.service.ts +++ b/libs/common/src/services/export.service.ts @@ -1,5 +1,7 @@ import * as papa from "papaparse"; +import { BitwardenPasswordProtectedFileFormat } from "@bitwarden/importer/src/importers/bitwarden/bitwarden-password-protected-types"; + import { ApiService } from "../abstractions/api.service"; import { CryptoService } from "../abstractions/crypto.service"; import { CryptoFunctionService } from "../abstractions/cryptoFunction.service"; @@ -7,12 +9,13 @@ import { ExportFormat, ExportService as ExportServiceAbstraction, } from "../abstractions/export.service"; +import { StateService } from "../abstractions/state.service"; import { CollectionData } from "../admin-console/models/data/collection.data"; import { Collection } from "../admin-console/models/domain/collection"; import { CollectionDetailsResponse } from "../admin-console/models/response/collection.response"; import { CollectionView } from "../admin-console/models/view/collection.view"; import { KdfConfig } from "../auth/models/domain/kdf-config"; -import { DEFAULT_PBKDF2_ITERATIONS, KdfType } from "../enums/kdfType"; +import { KdfType } from "../enums/kdfType"; import { Utils } from "../misc/utils"; import { CipherWithIdExport as CipherExport } from "../models/export/cipher-with-ids.export"; import { CollectionWithIdExport as CollectionExport } from "../models/export/collection-with-id.export"; @@ -34,7 +37,8 @@ export class ExportService implements ExportServiceAbstraction { private cipherService: CipherService, private apiService: ApiService, private cryptoService: CryptoService, - private cryptoFunctionService: CryptoFunctionService + private cryptoFunctionService: CryptoFunctionService, + private stateService: StateService ) {} async getExport(format: ExportFormat = "csv", organizationId?: string): Promise { @@ -54,24 +58,23 @@ export class ExportService implements ExportServiceAbstraction { ? await this.getOrganizationExport(organizationId, "json") : await this.getExport("json"); + const kdfType: KdfType = await this.stateService.getKdfType(); + const kdfConfig: KdfConfig = await this.stateService.getKdfConfig(); + const salt = Utils.fromBufferToB64(await this.cryptoFunctionService.randomBytes(16)); - const kdfConfig = new KdfConfig(DEFAULT_PBKDF2_ITERATIONS); - const key = await this.cryptoService.makePinKey( - password, - salt, - KdfType.PBKDF2_SHA256, - kdfConfig - ); + const key = await this.cryptoService.makePinKey(password, salt, kdfType, kdfConfig); const encKeyValidation = await this.cryptoService.encrypt(Utils.newGuid(), key); const encText = await this.cryptoService.encrypt(clearText, key); - const jsonDoc: any = { + const jsonDoc: BitwardenPasswordProtectedFileFormat = { encrypted: true, passwordProtected: true, salt: salt, + kdfType: kdfType, kdfIterations: kdfConfig.iterations, - kdfType: KdfType.PBKDF2_SHA256, + kdfMemory: kdfConfig.memory, + kdfParallelism: kdfConfig.parallelism, encKeyValidation_DO_NOT_EDIT: encKeyValidation.encryptedString, data: encText.encryptedString, }; diff --git a/libs/importer/src/importers/bitwarden/bitwarden-password-protected-importer.ts b/libs/importer/src/importers/bitwarden/bitwarden-password-protected-importer.ts index 183a08f3e4c..61211ed6935 100644 --- a/libs/importer/src/importers/bitwarden/bitwarden-password-protected-importer.ts +++ b/libs/importer/src/importers/bitwarden/bitwarden-password-protected-importer.ts @@ -9,17 +9,7 @@ import { ImportResult } from "../../models/import-result"; import { Importer } from "../importer"; import { BitwardenJsonImporter } from "./bitwarden-json-importer"; - -interface BitwardenPasswordProtectedFileFormat { - encrypted: boolean; - passwordProtected: boolean; - salt: string; - kdfIterations: number; - kdfType: number; - encKeyValidation_DO_NOT_EDIT: string; - data: string; -} - +import { BitwardenPasswordProtectedFileFormat } from "./bitwarden-password-protected-types"; export class BitwardenPasswordProtectedImporter extends BitwardenJsonImporter implements Importer { private key: SymmetricCryptoKey; @@ -50,8 +40,8 @@ export class BitwardenPasswordProtectedImporter extends BitwardenJsonImporter im this.key = await this.cryptoService.makePinKey( this.password, jdoc.salt, - KdfType.PBKDF2_SHA256, - new KdfConfig(jdoc.kdfIterations) + jdoc.kdfType, + new KdfConfig(jdoc.kdfIterations, jdoc.kdfMemory, jdoc.kdfParallelism) ); const encKeyValidation = new EncString(jdoc.encKeyValidation_DO_NOT_EDIT); diff --git a/libs/importer/src/importers/bitwarden/bitwarden-password-protected-types.ts b/libs/importer/src/importers/bitwarden/bitwarden-password-protected-types.ts new file mode 100644 index 00000000000..01671c16804 --- /dev/null +++ b/libs/importer/src/importers/bitwarden/bitwarden-password-protected-types.ts @@ -0,0 +1,11 @@ +export interface BitwardenPasswordProtectedFileFormat { + encrypted: boolean; + passwordProtected: boolean; + salt: string; + kdfIterations: number; + kdfMemory?: number; + kdfParallelism?: number; + kdfType: number; + encKeyValidation_DO_NOT_EDIT: string; + data: string; +}