bitwarden/mobile
1
0
Fork 0
mirror of https://github.com/bitwarden/mobile synced 2025-12-05 23:53:33 +00:00
Code Issues Releases Wiki Activity

[PM-2713] more conversions to new crypto service api

Browse Source
This commit is contained in:
Jacob Fink
2023-07-18 21:56:33 -04:00
parent 7c664f58b3
commit 7fdc5597fc
5 changed files with 14 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
src/App/Pages/Accounts/SetPasswordPageViewModel.cs
View File

@@ -165,26 +165,18 @@ namespace Bit.App.Pages
var kdfConfig = new KdfConfig(KdfType.PBKDF2_SHA256, Constants.Pbkdf2Iterations, null, null); var kdfConfig = new KdfConfig(KdfType.PBKDF2_SHA256, Constants.Pbkdf2Iterations, null, null);
var email = await _stateService.GetEmailAsync(); var email = await _stateService.GetEmailAsync();
var masterKey = await _cryptoService.MakeMasterKeyAsync(MasterPassword, email, kdfConfig); var newMasterKey = await _cryptoService.MakeMasterKeyAsync(MasterPassword, email, kdfConfig);
var masterPasswordHash = await _cryptoService.HashPasswordAsync(MasterPassword, masterKey, HashPurpose.ServerAuthorization); var masterPasswordHash = await _cryptoService.HashPasswordAsync(MasterPassword, newMasterKey, HashPurpose.ServerAuthorization);
var localMasterPasswordHash = await _cryptoService.HashPasswordAsync(MasterPassword, masterKey, HashPurpose.LocalAuthorization); var localMasterPasswordHash = await _cryptoService.HashPasswordAsync(MasterPassword, newMasterKey, HashPurpose.LocalAuthorization);
Tuple<SymmetricCryptoKey, EncString> encKey; var (newUserKey, newProtectedUserKey) = await _cryptoService.EncryptUserKeyWithMasterKeyAsync(newMasterKey,
var existingEncKey = await _cryptoService.GetEncKeyAsync(); await _cryptoService.GetUserKeyAsync() ?? await _cryptoService.MakeUserKeyAsync());
if (existingEncKey == null)
{
encKey = await _cryptoService.MakeEncKeyAsync(masterKey);
}
else
{
encKey = await _cryptoService.RemakeEncKeyAsync(masterKey);
}
var keys = await _cryptoService.MakeKeyPairAsync(encKey.Item1); var keys = await _cryptoService.MakeKeyPairAsync(newUserKey);
var request = new SetPasswordRequest var request = new SetPasswordRequest
{ {
MasterPasswordHash = masterPasswordHash, MasterPasswordHash = masterPasswordHash,
Key = encKey.Item2.EncryptedString, Key = newProtectedUserKey.EncryptedString,
MasterPasswordHint = Hint, MasterPasswordHint = Hint,
Kdf = kdfConfig.Type.GetValueOrDefault(KdfType.PBKDF2_SHA256), Kdf = kdfConfig.Type.GetValueOrDefault(KdfType.PBKDF2_SHA256),
KdfIterations = kdfConfig.Iterations.GetValueOrDefault(Constants.Pbkdf2Iterations), KdfIterations = kdfConfig.Iterations.GetValueOrDefault(Constants.Pbkdf2Iterations),
@@ -204,9 +196,9 @@ namespace Bit.App.Pages
// Set Password and relevant information // Set Password and relevant information
await _apiService.SetPasswordAsync(request); await _apiService.SetPasswordAsync(request);
await _stateService.SetKdfConfigurationAsync(kdfConfig); await _stateService.SetKdfConfigurationAsync(kdfConfig);
await _cryptoService.SetMasterKeyAsync(masterKey); await _cryptoService.SetMasterKeyAsync(newMasterKey);
await _cryptoService.SetPasswordHashAsync(localMasterPasswordHash); await _cryptoService.SetPasswordHashAsync(localMasterPasswordHash);
await _cryptoService.SetEncKeyAsync(encKey.Item2.EncryptedString); await _cryptoService.SetMasterKeyEncryptedUserKeyAsync(newProtectedUserKey.EncryptedString);
await _cryptoService.SetPrivateKeyAsync(keys.Item2.EncryptedString); await _cryptoService.SetPrivateKeyAsync(keys.Item2.EncryptedString);
if (ResetPasswordAutoEnroll) if (ResetPasswordAutoEnroll)

8
src/App/Pages/Accounts/UpdateTempPasswordPageViewModel.cs
View File

@@ -97,8 +97,8 @@ namespace Bit.App.Pages
var masterKey = await _cryptoService.MakeMasterKeyAsync(MasterPassword, email, kdfConfig); var masterKey = await _cryptoService.MakeMasterKeyAsync(MasterPassword, email, kdfConfig);
var masterPasswordHash = await _cryptoService.HashPasswordAsync(MasterPassword, masterKey); var masterPasswordHash = await _cryptoService.HashPasswordAsync(MasterPassword, masterKey);
// Create new encKey for the User // Encrypt user key with new master key
var newEncKey = await _cryptoService.RemakeEncKeyAsync(masterKey); var (userKey, newProtectedUserKey) = await _cryptoService.EncryptUserKeyWithMasterKeyAsync(masterKey);
// Initiate API action // Initiate API action
try try
@@ -108,10 +108,10 @@ namespace Bit.App.Pages
switch (_reason) switch (_reason)
{ {
case ForcePasswordResetReason.AdminForcePasswordReset: case ForcePasswordResetReason.AdminForcePasswordReset:
await UpdateTempPasswordAsync(masterPasswordHash, newEncKey.Item2.EncryptedString); await UpdateTempPasswordAsync(masterPasswordHash, newProtectedUserKey.EncryptedString);
break; break;
case ForcePasswordResetReason.WeakMasterPasswordOnLogin: case ForcePasswordResetReason.WeakMasterPasswordOnLogin:
await UpdatePasswordAsync(masterPasswordHash, newEncKey.Item2.EncryptedString); await UpdatePasswordAsync(masterPasswordHash, newProtectedUserKey.EncryptedString);
break; break;
default: default:
throw new ArgumentOutOfRangeException(); throw new ArgumentOutOfRangeException();

2
src/Core/Abstractions/ICryptoService.cs
View File

@@ -73,10 +73,8 @@ namespace Bit.Core.Abstractions
Task<bool> HasEncKeyAsync(); Task<bool> HasEncKeyAsync();
Task<bool> HasKeyAsync(string userId = null); Task<bool> HasKeyAsync(string userId = null);
Task<Tuple<SymmetricCryptoKey, EncString>> MakeEncKeyAsync(SymmetricCryptoKey key); Task<Tuple<SymmetricCryptoKey, EncString>> MakeEncKeyAsync(SymmetricCryptoKey key);
Task<SymmetricCryptoKey> MakeKeyFromPinAsync(string pin, string salt, KdfConfig config, EncString protectedKeyEs = null);
// TODO(Jake): This isn't used, delete // TODO(Jake): This isn't used, delete
Task<Tuple<EncString, SymmetricCryptoKey>> MakeShareKeyAsync(); Task<Tuple<EncString, SymmetricCryptoKey>> MakeShareKeyAsync();
Task<Tuple<SymmetricCryptoKey, EncString>> RemakeEncKeyAsync(SymmetricCryptoKey key);
Task SetEncKeyAsync(string encKey); Task SetEncKeyAsync(string encKey);
Task SetKeyAsync(SymmetricCryptoKey key); Task SetKeyAsync(SymmetricCryptoKey key);
} }

28
src/Core/Services/CryptoService.cs
View File

@@ -1193,23 +1193,6 @@ namespace Bit.Core.Services
} }
public async Task<SymmetricCryptoKey> MakeKeyFromPinAsync(string pin, string salt,
KdfConfig config, EncString protectedKeyCs = null)
{
if (protectedKeyCs == null)
{
var pinProtectedKey = await _stateService.GetPinProtectedAsync();
if (pinProtectedKey == null)
{
throw new Exception("No PIN protected key found.");
}
protectedKeyCs = new EncString(pinProtectedKey);
}
var pinKey = await MakePinKeyAsync(pin, salt, config);
var decKey = await DecryptToBytesAsync(protectedKeyCs, pinKey);
return new SymmetricCryptoKey(decKey);
}
// TODO(Jake): This isn't used, delete // TODO(Jake): This isn't used, delete
public async Task<Tuple<EncString, SymmetricCryptoKey>> MakeShareKeyAsync() public async Task<Tuple<EncString, SymmetricCryptoKey>> MakeShareKeyAsync()
{ {
@@ -1230,16 +1213,5 @@ namespace Bit.Core.Services
return await BuildProtectedSymmetricKey<SymmetricCryptoKey>(theKey, encKey); return await BuildProtectedSymmetricKey<SymmetricCryptoKey>(theKey, encKey);
} }
public async Task<Tuple<SymmetricCryptoKey, EncString>> RemakeEncKeyAsync(SymmetricCryptoKey key)
{
var encKey = await GetEncKeyAsync();
return await BuildProtectedSymmetricKey<SymmetricCryptoKey>(key, encKey.Key);
}
} }
} }

2
src/Core/Services/SyncService.cs
View File

@@ -327,7 +327,7 @@ namespace Bit.Core.Services
} }
return; return;
} }
await _cryptoService.SetEncKeyAsync(response.Key); await _cryptoService.SetMasterKeyEncryptedUserKeyAsync(response.Key);
await _cryptoService.SetPrivateKeyAsync(response.PrivateKey); await _cryptoService.SetPrivateKeyAsync(response.PrivateKey);
await _cryptoService.SetOrgKeysAsync(response.Organizations); await _cryptoService.SetOrgKeysAsync(response.Organizations);
await _stateService.SetSecurityStampAsync(response.SecurityStamp); await _stateService.SetSecurityStampAsync(response.SecurityStamp);