bitwarden/mobile
1
0
Fork 0
mirror of https://github.com/bitwarden/mobile synced 2025-12-05 23:53:33 +00:00
Code Issues Releases Wiki Activity

[PM-2713] add toggle method to crypto service for keys

Browse Source
This commit is contained in:
Jacob Fink
2023-07-18 14:02:54 -04:00
parent cd4f44e6f6
commit 5ed567ab90
4 changed files with 48 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/App/Pages/Settings/SettingsPage/SettingsPageViewModel.cs
View File

@@ -491,7 +491,7 @@ namespace Bit.App.Pages
await _stateService.SetBiometricUnlockAsync(null);
}
await _stateService.SetBiometricLockedAsync(false);
await _cryptoService.ToggleKeyAsync();
await _cryptoService.ToggleKeysAsync();
BuildList();
}

4
src/Core/Abstractions/ICryptoService.cs
View File

@@ -9,6 +9,7 @@ namespace Bit.Core.Abstractions
{
public interface ICryptoService
{
Task ToggleKeysAsync();
Task SetUserKeyAsync(UserKey userKey, string userId = null);
Task<UserKey> GetUserKeyAsync(string userId = null);
Task<bool> HasUserKeyAsync(string userId = null);
@@ -25,7 +26,7 @@ namespace Bit.Core.Abstractions
Task SetPasswordHashAsync(string keyHash);
Task<string> GetPasswordHashAsync();
Task ClearPasswordHashAsync(string userId = null);
Task<bool> CompareAndUpdatePasswordHashAsync(string masterPassword, SymmetricCryptoKey key);
Task<bool> CompareAndUpdatePasswordHashAsync(string masterPassword, MasterKey key);
Task SetOrgKeysAsync(IEnumerable<ProfileOrganizationResponse> orgs);
Task<OrgKey> GetOrgKeyAsync(string orgId);
Task<Dictionary<string, OrgKey>> GetOrgKeysAsync();
@@ -75,6 +76,5 @@ namespace Bit.Core.Abstractions
Task<Tuple<SymmetricCryptoKey, EncString>> RemakeEncKeyAsync(SymmetricCryptoKey key);
Task SetEncKeyAsync(string encKey);
Task SetKeyAsync(SymmetricCryptoKey key);
Task ToggleKeyAsync();
}
}

61
src/Core/Services/CryptoService.cs
View File

@@ -36,6 +36,17 @@ namespace Bit.Core.Services
_cryptoFunctionService = cryptoFunctionService;
}
public async Task ToggleKeysAsync()
{
// refresh or clear the pin key
await SetUserKeyAsync(await GetUserKeyAsync());
// refresh or clear the encrypted user key
var encUserKey = await _stateService.GetUserKeyMasterKeyAsync();
await _stateService.SetUserKeyMasterKeyAsync(null);
await _stateService.SetUserKeyMasterKeyAsync(encUserKey);
}
public async Task SetUserKeyAsync(UserKey userKey, string userId = null)
{
await _stateService.SetUserKeyAsync(userKey, userId);
@@ -45,6 +56,11 @@ namespace Bit.Core.Services
{
await StorePinKey(userKey, userId);
}
else
{
await _stateService.SetUserKeyPinAsync(null, userId);
await _stateService.SetUserKeyPinEphemeralAsync(null, userId);
}
}
public async Task<UserKey> GetUserKeyAsync(string userId = null)
@@ -69,12 +85,21 @@ namespace Bit.Core.Services
public async Task SetMasterKeyEncryptedUserKeyAsync(string value, string userId = null)
{
var option = await _stateService.GetVaultTimeoutAsync();
var biometric = await _stateService.GetBiometricUnlockAsync();
if (option.HasValue && !biometric.GetValueOrDefault())
{
// we only store the encrypted user key if the user has a vault timeout set
// with no biometric. Otherwise, we need it for auto unlock or biometric unlock
return;
}
await _stateService.SetUserKeyMasterKeyAsync(value, userId);
}
public async Task SetMasterKeyAsync(MasterKey masterKey, string userId = null)
{
await _stateService.SetMasterKeyAsync(masterKey, userId);
}
public async Task<MasterKey> GetMasterKeyAsync(string userId = null)
@@ -211,7 +236,7 @@ namespace Bit.Core.Services
}
// TODO(Jake): Uses Master Key
public async Task<bool> CompareAndUpdatePasswordHashAsync(string masterPassword, SymmetricCryptoKey key)
public async Task<bool> CompareAndUpdatePasswordHashAsync(string masterPassword, MasterKey key)
{
var storedPasswordHash = await GetPasswordHashAsync();
if (masterPassword != null && storedPasswordHash != null)
@@ -385,6 +410,14 @@ namespace Bit.Core.Services
return await StretchKeyAsync(pinKey) as PinKey;
}
public async Task ClearPinKeys(string userId = null)
{
await _stateService.SetUserKeyPinAsync(null, userId);
await _stateService.SetUserKeyPinEphemeralAsync(null, userId);
await _stateService.SetProtectedPinAsync(null, userId);
await clearDeprecatedPinKeysAsync(userId);
}
// public async Task<UserKey> DecryptUserKeyWithPin(string pin, string salt, KdfConfig kdfConfig, EncString pinProtectedUserKey = null)
// {
// pinProtectedUserKey ??= await _stateService.GetUserKeyPinAsync();
@@ -614,7 +647,7 @@ namespace Bit.Core.Services
return new EncByteArray(encBytes);
}
// Helpers
// --HELPER METHODS--
private async Task StorePinKey(UserKey userKey, string userId = null)
{
@@ -899,6 +932,15 @@ namespace Bit.Core.Services
public SymmetricCryptoKey Key { get; set; }
}
// --LEGACY METHODS--
// We previously used the master key for additional keys, but now we use the user key.
// These methods support migrating the old keys to the new ones.
public async Task clearDeprecatedPinKeysAsync(string userId = null)
{
await _stateService.SetPinProtectedAsync(null);
await _stateService.SetPinProtectedKeyAsync(null);
}
@@ -1083,21 +1125,6 @@ namespace Bit.Core.Services
}
public async Task ToggleKeyAsync()
{
var key = await GetKeyAsync();
var option = await _stateService.GetVaultTimeoutAsync();
var biometric = await _stateService.GetBiometricUnlockAsync();
if (!biometric.GetValueOrDefault() && (option != null || option == 0))
{
await ClearKeyAsync();
await _stateService.SetKeyDecryptedAsync(key);
return;
}
await SetKeyAsync(key);
}
public async Task<SymmetricCryptoKey> MakeKeyFromPinAsync(string pin, string salt,
KdfConfig config, EncString protectedKeyCs = null)
{

2
src/Core/Services/VaultTimeoutService.cs
View File

@@ -214,7 +214,7 @@ namespace Bit.Core.Services
{
await _stateService.SetVaultTimeoutAsync(timeout);
await _stateService.SetVaultTimeoutActionAsync(action);
await _cryptoService.ToggleKeyAsync();
await _cryptoService.ToggleKeysAsync();
await _tokenService.ToggleTokensAsync();
}