bitwarden/mobile
1
0
Fork 0
mirror of https://github.com/bitwarden/mobile synced 2025-12-17 16:53:26 +00:00
Code Issues Releases Wiki Activity

[PM-2713] set decrypt and set user key in login helper

Browse Source
This commit is contained in:
Jacob Fink
2023-07-19 21:19:16 -04:00
parent bedbca841d
commit a3183857b9
3 changed files with 21 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/Core/Services/AuthService.cs
View File

@@ -470,10 +470,6 @@ namespace Bit.Core.Services
_messagingService.Send("accountAdded"); _messagingService.Send("accountAdded");
if (_setCryptoKeys) if (_setCryptoKeys)
{ {
if (masterKey != null)
{
await _cryptoService.SetMasterKeyAsync(masterKey);
}
if (localHashedPassword != null) if (localHashedPassword != null)
{ {
@@ -489,6 +485,13 @@ namespace Bit.Core.Services
await _cryptoService.SetMasterKeyEncryptedUserKeyAsync(tokenResponse.Key); await _cryptoService.SetMasterKeyEncryptedUserKeyAsync(tokenResponse.Key);
if (masterKey != null)
{
await _cryptoService.SetMasterKeyAsync(masterKey);
var userKey = await _cryptoService.DecryptUserKeyWithMasterKeyAsync(masterKey);
await _cryptoService.SetUserKeyAsync(userKey);
}
// User doesn't have a key pair yet (old account), let's generate one for them. // User doesn't have a key pair yet (old account), let's generate one for them.
if (tokenResponse.PrivateKey == null) if (tokenResponse.PrivateKey == null)
{ {

26
src/Core/Services/CryptoService.cs
View File

@@ -110,14 +110,6 @@ namespace Bit.Core.Services
public async Task SetMasterKeyEncryptedUserKeyAsync(string value, string userId = null) public async Task SetMasterKeyEncryptedUserKeyAsync(string value, string userId = null)
{ {
var option = await _stateService.GetVaultTimeoutAsync();
var biometric = await _stateService.GetBiometricUnlockAsync();
if (option.HasValue && !biometric.GetValueOrDefault())
{
// we only store the encrypted user key if the user has a vault timeout set
// with no biometric. Otherwise, we need it for auto unlock or biometric unlock
return;
}
await _stateService.SetUserKeyMasterKeyAsync(value, userId); await _stateService.SetUserKeyMasterKeyAsync(value, userId);
} }
@@ -133,16 +125,18 @@ namespace Bit.Core.Services
if (masterKey == null) if (masterKey == null)
{ {
// Migration support // Migration support
var encMasterKey = await _stateService.GetKeyEncryptedAsync(userId); masterKey = await _stateService.GetKeyDecryptedAsync(userId) as MasterKey;
masterKey = new MasterKey(Convert.FromBase64String(encMasterKey)); if (masterKey != null)
await this.SetMasterKeyAsync(masterKey, userId); {
await SetMasterKeyAsync(masterKey, userId);
}
} }
return masterKey; return masterKey;
} }
public async Task<MasterKey> MakeMasterKeyAsync(string password, string email, KdfConfig kdfConfig) public async Task<MasterKey> MakeMasterKeyAsync(string password, string email, KdfConfig kdfConfig)
{ {
return await MakeKeyAsync(password, email, kdfConfig) as MasterKey; return await MakeKeyAsync(password, email, kdfConfig, keyBytes => new MasterKey(keyBytes));
} }
public async Task ClearMasterKeyAsync(string userId = null) public async Task ClearMasterKeyAsync(string userId = null)
@@ -431,7 +425,7 @@ namespace Bit.Core.Services
public async Task<PinKey> MakePinKeyAsync(string pin, string salt, KdfConfig config) public async Task<PinKey> MakePinKeyAsync(string pin, string salt, KdfConfig config)
{ {
var pinKey = await MakeKeyAsync(pin, salt, config); var pinKey = await MakeKeyAsync(pin, salt, config, keyBytes => new PinKey(keyBytes));
return await StretchKeyAsync(pinKey) as PinKey; return await StretchKeyAsync(pinKey) as PinKey;
} }
@@ -881,7 +875,9 @@ namespace Bit.Core.Services
return new Tuple<T, EncString>(new SymmetricCryptoKey(encKey) as T, encKeyEnc); return new Tuple<T, EncString>(new SymmetricCryptoKey(encKey) as T, encKeyEnc);
} }
private async Task<SymmetricCryptoKey> MakeKeyAsync(string password, string salt, KdfConfig kdfConfig) // TODO: This intantiator needs to be moved into each key type in order to get rid of the keyCreator hack
private async Task<TKey> MakeKeyAsync<TKey>(string password, string salt, KdfConfig kdfConfig, Func<byte[], TKey> keyCreator)
where TKey : SymmetricCryptoKey
{ {
byte[] key = null; byte[] key = null;
if (kdfConfig.Type == null || kdfConfig.Type == KdfType.PBKDF2_SHA256) if (kdfConfig.Type == null || kdfConfig.Type == KdfType.PBKDF2_SHA256)
@@ -926,7 +922,7 @@ namespace Bit.Core.Services
{ {
throw new Exception("Unknown kdf."); throw new Exception("Unknown kdf.");
} }
return new SymmetricCryptoKey(key); return keyCreator(key);
} }
private class EncryptedObject private class EncryptedObject

7
src/Core/Services/StateService.cs
View File

@@ -395,16 +395,15 @@ namespace Bit.Core.Services
await SetValueAsync(Constants.ProtectedPinKey(reconciledOptions.UserId), value, reconciledOptions); await SetValueAsync(Constants.ProtectedPinKey(reconciledOptions.UserId), value, reconciledOptions);
} }
// TODO(Jake): Does this need to be secure storage?
public async Task<EncString> GetUserKeyPinAsync(string userId = null) public async Task<EncString> GetUserKeyPinAsync(string userId = null)
{ {
return new EncString(await _storageMediatorService.GetAsync<string>(Constants.UserKeyPinKey(userId), false)); var key = await _storageMediatorService.GetAsync<string>(Constants.UserKeyPinKey(userId), false);
return key != null ? new EncString(key) : null;
} }
// TODO(Jake): Does this need to be secure storage?
public async Task SetUserKeyPinAsync(EncString value, string userId = null) public async Task SetUserKeyPinAsync(EncString value, string userId = null)
{ {
await _storageMediatorService.SaveAsync(Constants.UserKeyPinKey(userId), value.EncryptedString, false); await _storageMediatorService.SaveAsync(Constants.UserKeyPinKey(userId), value?.EncryptedString, false);
} }
public async Task<EncString> GetUserKeyPinEphemeralAsync(string userId = null) public async Task<EncString> GetUserKeyPinEphemeralAsync(string userId = null)