bitwarden/browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser synced 2025-12-16 16:23:44 +00:00
Code Issues Releases Wiki Activity

set user symmetric key on lock component

Browse Source 
- add missed key suffix types to crypto service methods
This commit is contained in:
Jacob Fink
2023-06-07 10:28:13 -04:00
parent 6fc7c406a4
commit 9ce3b4976b
3 changed files with 37 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
libs/angular/src/auth/components/lock.component.ts
View File

@@ -222,18 +222,28 @@ export class LockComponent implements OnInit, OnDestroy {
const kdf = await this.stateService.getKdfType(); const kdf = await this.stateService.getKdfType();
const kdfConfig = await this.stateService.getKdfConfig(); const kdfConfig = await this.stateService.getKdfConfig();
const key = await this.cryptoService.makeKey(this.masterPassword, this.email, kdf, kdfConfig); const masterKey = await this.cryptoService.makeMasterKey(
this.masterPassword,
this.email,
kdf,
kdfConfig
);
const storedKeyHash = await this.cryptoService.getKeyHash(); const storedKeyHash = await this.cryptoService.getKeyHash();
let passwordValid = false; let passwordValid = false;
if (storedKeyHash != null) { if (storedKeyHash != null) {
passwordValid = await this.cryptoService.compareAndUpdateKeyHash(this.masterPassword, key); // Offline unlock possible
passwordValid = await this.cryptoService.compareAndUpdateKeyHash(
this.masterPassword,
masterKey
);
} else { } else {
// Online only
const request = new SecretVerificationRequest(); const request = new SecretVerificationRequest();
const serverKeyHash = await this.cryptoService.hashPassword( const serverKeyHash = await this.cryptoService.hashPassword(
this.masterPassword, this.masterPassword,
key, masterKey,
HashPurpose.ServerAuthorization HashPurpose.ServerAuthorization
); );
request.masterPasswordHash = serverKeyHash; request.masterPasswordHash = serverKeyHash;
@@ -244,12 +254,14 @@ export class LockComponent implements OnInit, OnDestroy {
passwordValid = true; passwordValid = true;
const localKeyHash = await this.cryptoService.hashPassword( const localKeyHash = await this.cryptoService.hashPassword(
this.masterPassword, this.masterPassword,
key, masterKey,
HashPurpose.LocalAuthorization HashPurpose.LocalAuthorization
); );
await this.cryptoService.setKeyHash(localKeyHash); await this.cryptoService.setKeyHash(localKeyHash);
} catch (e) { } catch (e) {
this.logService.error(e); this.logService.error(e);
} finally {
this.formPromise = null;
} }
} }
@@ -262,16 +274,19 @@ export class LockComponent implements OnInit, OnDestroy {
return; return;
} }
const userKey = await this.cryptoService.decryptUserSymKeyWithMasterKey(masterKey);
// if MP on restart is enabled, use it to get the PIN and store the ephemeral
// pin protected user symmetric key
if (this.pinSet[0]) { if (this.pinSet[0]) {
const protectedPin = await this.stateService.getProtectedPin(); const protectedPin = await this.stateService.getProtectedPin();
const encKey = await this.cryptoService.getEncKey(key); const pin = await this.cryptoService.decryptToUtf8(new EncString(protectedPin), userKey);
const decPin = await this.cryptoService.decryptToUtf8(new EncString(protectedPin), encKey); const pinKey = await this.cryptoService.makePinKey(pin, this.email, kdf, kdfConfig);
const pinKey = await this.cryptoService.makePinKey(decPin, this.email, kdf, kdfConfig); await this.stateService.setUserSymKeyPinEphemeral(
await this.stateService.setDecryptedPinProtected( await this.cryptoService.encrypt(userKey.key, pinKey)
await this.cryptoService.encrypt(key.key, pinKey)
); );
} }
await this.setKeyAndContinue(key, true); await this.setKeyAndContinue(userKey, true);
} }
private async setKeyAndContinue(key: UserSymKey, evaluatePasswordAfterUnlock = false) { private async setKeyAndContinue(key: UserSymKey, evaluatePasswordAfterUnlock = false) {

10
libs/common/src/platform/abstractions/crypto.service.ts
View File

@@ -18,10 +18,16 @@ export abstract class CryptoService {
setUserKey: (key: UserSymKey) => Promise<void>; setUserKey: (key: UserSymKey) => Promise<void>;
getUserKeyFromMemory: (userId?: string) => Promise<UserSymKey>; getUserKeyFromMemory: (userId?: string) => Promise<UserSymKey>;
getUserKeyFromStorage: (keySuffix: KeySuffixOptions, userId?: string) => Promise<UserSymKey>; getUserKeyFromStorage: (
keySuffix: KeySuffixOptions.Auto | KeySuffixOptions.Biometric,
userId?: string
) => Promise<UserSymKey>;
hasUserKey: () => Promise<boolean>; hasUserKey: () => Promise<boolean>;
hasUserKeyInMemory: (userId?: string) => Promise<boolean>; hasUserKeyInMemory: (userId?: string) => Promise<boolean>;
hasUserKeyStored: (keySuffix?: KeySuffixOptions, userId?: string) => Promise<boolean>; hasUserKeyStored: (
keySuffix?: KeySuffixOptions.Auto | KeySuffixOptions.Biometric,
userId?: string
) => Promise<boolean>;
makeUserSymKey: (key: SymmetricCryptoKey) => Promise<[UserSymKey, EncString]>; makeUserSymKey: (key: SymmetricCryptoKey) => Promise<[UserSymKey, EncString]>;
clearUserKey: (clearSecretStorage?: boolean, userId?: string) => Promise<void>; clearUserKey: (clearSecretStorage?: boolean, userId?: string) => Promise<void>;
setUserSymKeyMasterKey: (UserSymKeyMasterKey: string, userId?: string) => Promise<void>; setUserSymKeyMasterKey: (UserSymKeyMasterKey: string, userId?: string) => Promise<void>;

5
libs/common/src/platform/services/crypto.service.ts
View File

@@ -127,7 +127,10 @@ export class CryptoService implements CryptoServiceAbstraction {
* @param userId The desired user * @param userId The desired user
* @returns True if the provided version of the user symmetric key is stored * @returns True if the provided version of the user symmetric key is stored
*/ */
async hasUserKeyStored(keySuffix: KeySuffixOptions, userId?: string): Promise<boolean> { async hasUserKeyStored(
keySuffix: KeySuffixOptions.Auto | KeySuffixOptions.Biometric,
userId?: string
): Promise<boolean> {
switch (keySuffix) { switch (keySuffix) {
case KeySuffixOptions.Auto: case KeySuffixOptions.Auto:
return (await this.stateService.getUserSymKeyAuto({ userId: userId })) != null; return (await this.stateService.getUserSymKeyAuto({ userId: userId })) != null;