bitwarden/mobile
1
0
Fork 0
mirror of https://github.com/bitwarden/mobile synced 2025-12-15 15:53:44 +00:00
Code Issues Releases Wiki Activity

Use 2 iterations for local password hashing (#1423)

Browse Source 
* Add HashPurpose parameter to HashPasswordAsync

* Use 2 iterations for local password hashing

* Force logout if user has old keyHash stored

* Revert "Force logout if user has old keyHash stored"

This reverts commit 497d4928fa.

* Add backwards compatability with existing keyHash
This commit is contained in:
Thomas Rittson
2021-06-14 14:39:34 -07:00
committed by GitHub
parent 0aed13a2cf
commit 79589b07fc
9 changed files with 76 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
src/Core/Services/CryptoService.cs
View File

@@ -281,6 +281,28 @@ namespace Bit.Core.Services
return orgKeys[orgId];
}
public async Task<bool> CompareAndUpdateKeyHashAsync(string masterPassword, SymmetricCryptoKey key)
{
var storedKeyHash = await GetKeyHashAsync();
if (masterPassword != null && storedKeyHash != null)
{
var localKeyHash = await HashPasswordAsync(masterPassword, key, HashPurpose.LocalAuthorization);
if (localKeyHash != null && storedKeyHash == localKeyHash)
{
return true;
}
var serverKeyHash = await HashPasswordAsync(masterPassword, key, HashPurpose.ServerAuthorization);
if (serverKeyHash != null & storedKeyHash == serverKeyHash)
{
await SetKeyHashAsync(localKeyHash);
return true;
}
}
return false;
}
public async Task<bool> HasKeyAsync()
{
var key = await GetKeyAsync();
@@ -433,7 +455,7 @@ namespace Bit.Core.Services
return new SymmetricCryptoKey(sendKey);
}
public async Task<string> HashPasswordAsync(string password, SymmetricCryptoKey key)
public async Task<string> HashPasswordAsync(string password, SymmetricCryptoKey key, HashPurpose hashPurpose = HashPurpose.ServerAuthorization)
{
if (key == null)
{
@@ -443,7 +465,8 @@ namespace Bit.Core.Services
{
throw new Exception("Invalid parameters.");
}
var hash = await _cryptoFunctionService.Pbkdf2Async(key.Key, password, CryptoHashAlgorithm.Sha256, 1);
var iterations = hashPurpose == HashPurpose.LocalAuthorization ? 2 : 1;
var hash = await _cryptoFunctionService.Pbkdf2Async(key.Key, password, CryptoHashAlgorithm.Sha256, iterations);
return Convert.ToBase64String(hash);
}