bitwarden/browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser synced 2025-12-17 08:43:33 +00:00
Code Issues Releases Wiki Activity

use user kdf settings for making PIN key

Browse Source
This commit is contained in:
Kyle Spearrin
2019-02-13 00:04:31 -05:00
parent 7a1e7b5474
commit 53260a5be8
3 changed files with 28 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/abstractions/crypto.service.ts
View File

@@ -32,7 +32,7 @@ export abstract class CryptoService {
makeKey: (password: string, salt: string, kdf: KdfType, kdfIterations: number) => Promise<SymmetricCryptoKey>; makeKey: (password: string, salt: string, kdf: KdfType, kdfIterations: number) => Promise<SymmetricCryptoKey>;
makeShareKey: () => Promise<[CipherString, SymmetricCryptoKey]>; makeShareKey: () => Promise<[CipherString, SymmetricCryptoKey]>;
makeKeyPair: (key?: SymmetricCryptoKey) => Promise<[string, CipherString]>; makeKeyPair: (key?: SymmetricCryptoKey) => Promise<[string, CipherString]>;
makePinKey: (pin: string, salt: string) => Promise<SymmetricCryptoKey>; makePinKey: (pin: string, salt: string, kdf: KdfType, kdfIterations: number) => Promise<SymmetricCryptoKey>;
hashPassword: (password: string, key: SymmetricCryptoKey) => Promise<string>; hashPassword: (password: string, key: SymmetricCryptoKey) => Promise<string>;
makeEncKey: (key: SymmetricCryptoKey) => Promise<[SymmetricCryptoKey, CipherString]>; makeEncKey: (key: SymmetricCryptoKey) => Promise<[SymmetricCryptoKey, CipherString]>;
remakeEncKey: (key: SymmetricCryptoKey) => Promise<[SymmetricCryptoKey, CipherString]>; remakeEncKey: (key: SymmetricCryptoKey) => Promise<[SymmetricCryptoKey, CipherString]>;

53
src/angular/components/lock.component.ts
View File

@@ -37,18 +37,25 @@ export class LockComponent implements OnInit {
} }
async submit() { async submit() {
// PIN if (this.pinLock && (this.pin == null || this.pin === '')) {
if (this.pinLock) { this.platformUtilsService.showToast('error', this.i18nService.t('errorOccurred'),
if (this.pin == null || this.pin === '') { this.i18nService.t('pinRequired'));
this.platformUtilsService.showToast('error', this.i18nService.t('errorOccurred'), return;
this.i18nService.t('pinRequired')); }
return; if (!this.pinLock && (this.masterPassword == null || this.masterPassword === '')) {
} this.platformUtilsService.showToast('error', this.i18nService.t('errorOccurred'),
this.i18nService.t('masterPassRequired'));
return;
}
const kdf = await this.userService.getKdf();
const kdfIterations = await this.userService.getKdfIterations();
if (this.pinLock) {
const pinProtectedKey = await this.storageService.get<string>(ConstantsService.pinProtectedKey); const pinProtectedKey = await this.storageService.get<string>(ConstantsService.pinProtectedKey);
try { try {
const protectedKeyCs = new CipherString(pinProtectedKey); const protectedKeyCs = new CipherString(pinProtectedKey);
const pinKey = await this.cryptoService.makePinKey(this.pin, this.email); const pinKey = await this.cryptoService.makePinKey(this.pin, this.email, kdf, kdfIterations);
const decKey = await this.cryptoService.decryptToBytes(protectedKeyCs, pinKey); const decKey = await this.cryptoService.decryptToBytes(protectedKeyCs, pinKey);
await this.setKeyAndContinue(new SymmetricCryptoKey(decKey)); await this.setKeyAndContinue(new SymmetricCryptoKey(decKey));
} catch { } catch {
@@ -60,27 +67,17 @@ export class LockComponent implements OnInit {
this.platformUtilsService.showToast('error', this.i18nService.t('errorOccurred'), this.platformUtilsService.showToast('error', this.i18nService.t('errorOccurred'),
this.i18nService.t('invalidPin')); this.i18nService.t('invalidPin'));
} }
return;
}
// Master Password
if (this.masterPassword == null || this.masterPassword === '') {
this.platformUtilsService.showToast('error', this.i18nService.t('errorOccurred'),
this.i18nService.t('masterPassRequired'));
return;
}
const kdf = await this.userService.getKdf();
const kdfIterations = await this.userService.getKdfIterations();
const key = await this.cryptoService.makeKey(this.masterPassword, this.email, kdf, kdfIterations);
const keyHash = await this.cryptoService.hashPassword(this.masterPassword, key);
const storedKeyHash = await this.cryptoService.getKeyHash();
if (storedKeyHash != null && keyHash != null && storedKeyHash === keyHash) {
this.setKeyAndContinue(key);
} else { } else {
this.platformUtilsService.showToast('error', this.i18nService.t('errorOccurred'), const key = await this.cryptoService.makeKey(this.masterPassword, this.email, kdf, kdfIterations);
this.i18nService.t('invalidMasterPassword')); const keyHash = await this.cryptoService.hashPassword(this.masterPassword, key);
const storedKeyHash = await this.cryptoService.getKeyHash();
if (storedKeyHash != null && keyHash != null && storedKeyHash === keyHash) {
this.setKeyAndContinue(key);
} else {
this.platformUtilsService.showToast('error', this.i18nService.t('errorOccurred'),
this.i18nService.t('invalidMasterPassword'));
}
} }
} }

4
src/services/crypto.service.ts
View File

@@ -324,8 +324,8 @@ export class CryptoService implements CryptoServiceAbstraction {
return [publicB64, privateEnc]; return [publicB64, privateEnc];
} }
async makePinKey(pin: string, salt: string): Promise<SymmetricCryptoKey> { async makePinKey(pin: string, salt: string, kdf: KdfType, kdfIterations: number): Promise<SymmetricCryptoKey> {
const pinKey = await this.makeKey(pin, salt, KdfType.PBKDF2_SHA256, 100000); const pinKey = await this.makeKey(pin, salt, kdf, kdfIterations);
return await this.stretchKey(pinKey); return await this.stretchKey(pinKey);
} }