From aff8227989106485c1c28972269499a4099bf1e2 Mon Sep 17 00:00:00 2001
From: Thomas Rittson <trittson@bitwarden.com>
Date: Thu, 10 Jun 2021 08:18:56 +1000
Subject: [PATCH] Add HashPurpose parameter to HashPasswordAsync

---
 src/Core/Abstractions/ICryptoService.cs | 2 +-
 src/Core/Enums/HashPurpose.cs           | 8 ++++++++
 src/Core/Services/CryptoService.cs      | 5 +++--
 3 files changed, 12 insertions(+), 3 deletions(-)
 create mode 100644 src/Core/Enums/HashPurpose.cs

diff --git a/src/Core/Abstractions/ICryptoService.cs b/src/Core/Abstractions/ICryptoService.cs
index f1dc19692..2c605f034 100644
--- a/src/Core/Abstractions/ICryptoService.cs
+++ b/src/Core/Abstractions/ICryptoService.cs
@@ -31,7 +31,7 @@ namespace Bit.Core.Abstractions
         Task<byte[]> GetPrivateKeyAsync();
         Task<byte[]> GetPublicKeyAsync();
         Task<bool> HasEncKeyAsync();
-        Task<string> HashPasswordAsync(string password, SymmetricCryptoKey key);
+        Task<string> HashPasswordAsync(string password, SymmetricCryptoKey key, HashPurpose? hashPurpose);
         Task<bool> HasKeyAsync();
         Task<Tuple<SymmetricCryptoKey, EncString>> MakeEncKeyAsync(SymmetricCryptoKey key);
         Task<SymmetricCryptoKey> MakeKeyAsync(string password, string salt, KdfType? kdf, int? kdfIterations);
diff --git a/src/Core/Enums/HashPurpose.cs b/src/Core/Enums/HashPurpose.cs
new file mode 100644
index 000000000..c37779d14
--- /dev/null
+++ b/src/Core/Enums/HashPurpose.cs
@@ -0,0 +1,8 @@
+namespace Bit.Core.Enums
+{
+    public enum HashPurpose : byte
+    {
+        ServerAuthorization = 1,
+        LocalAuthorization = 2,
+    }
+}
diff --git a/src/Core/Services/CryptoService.cs b/src/Core/Services/CryptoService.cs
index 3c21925cc..374f66132 100644
--- a/src/Core/Services/CryptoService.cs
+++ b/src/Core/Services/CryptoService.cs
@@ -433,7 +433,7 @@ namespace Bit.Core.Services
             return new SymmetricCryptoKey(sendKey);
         }
 
-        public async Task<string> HashPasswordAsync(string password, SymmetricCryptoKey key)
+        public async Task<string> HashPasswordAsync(string password, SymmetricCryptoKey key, HashPurpose? hashPurpose)
         {
             if (key == null)
             {
@@ -443,7 +443,8 @@ namespace Bit.Core.Services
             {
                 throw new Exception("Invalid parameters.");
             }
-            var hash = await _cryptoFunctionService.Pbkdf2Async(key.Key, password, CryptoHashAlgorithm.Sha256, 1);
+            var iterations = hashPurpose == HashPurpose.LocalAuthorization ? 2 : 1;
+            var hash = await _cryptoFunctionService.Pbkdf2Async(key.Key, password, CryptoHashAlgorithm.Sha256, iterations);
             return Convert.ToBase64String(hash);
         }