mirror of
https://github.com/bitwarden/mobile
synced 2026-01-06 10:34:07 +00:00
[PM-2713] use new MakeMasterKey method
This commit is contained in:
Jacob Fink
@@ -356,7 +356,7 @@ namespace Bit.Core.Services
|
||||
throw;
|
||||
}
|
||||
}
|
||||
return await _cryptoService.MakeKeyAsync(masterPassword, email, kdfConfig);
|
||||
return await _cryptoService.MakeMasterKeyAsync(masterPassword, email, kdfConfig);
|
||||
}
|
||||
|
||||
private async Task<AuthResult> LogInHelperAsync(string email, string hashedPassword, string localHashedPassword,
|
||||
@@ -511,11 +511,11 @@ namespace Bit.Core.Services
|
||||
{
|
||||
// SSO Key Connector Onboarding
|
||||
var password = await _cryptoFunctionService.RandomBytesAsync(64);
|
||||
var k = await _cryptoService.MakeKeyAsync(Convert.ToBase64String(password), _tokenService.GetEmail(), tokenResponse.KdfConfig);
|
||||
var keyConnectorRequest = new KeyConnectorUserKeyRequest(k.EncKeyB64);
|
||||
await _cryptoService.SetKeyAsync(k);
|
||||
var masterKey = await _cryptoService.MakeMasterKeyAsync(Convert.ToBase64String(password), _tokenService.GetEmail(), tokenResponse.KdfConfig);
|
||||
var keyConnectorRequest = new KeyConnectorUserKeyRequest(masterKey.EncKeyB64);
|
||||
await _cryptoService.SetKeyAsync(masterKey);
|
||||
|
||||
var encKey = await _cryptoService.MakeEncKeyAsync(k);
|
||||
var encKey = await _cryptoService.MakeEncKeyAsync(masterKey);
|
||||
await _cryptoService.SetEncKeyAsync(encKey.Item2.EncryptedString);
|
||||
var keyPair = await _cryptoService.MakeKeyPairAsync();
|
||||
|
||||
|
||||
@@ -843,6 +843,54 @@ namespace Bit.Core.Services
|
||||
return new Tuple<T, EncString>(new SymmetricCryptoKey(encKey) as T, encKeyEnc);
|
||||
}
|
||||
|
||||
private async Task<SymmetricCryptoKey> MakeKeyAsync(string password, string salt, KdfConfig kdfConfig)
|
||||
{
|
||||
byte[] key = null;
|
||||
if (kdfConfig.Type == null || kdfConfig.Type == KdfType.PBKDF2_SHA256)
|
||||
{
|
||||
var iterations = kdfConfig.Iterations.GetValueOrDefault(5000);
|
||||
if (iterations < 5000)
|
||||
{
|
||||
throw new Exception("PBKDF2 iteration minimum is 5000.");
|
||||
}
|
||||
key = await _cryptoFunctionService.Pbkdf2Async(password, salt,
|
||||
CryptoHashAlgorithm.Sha256, iterations);
|
||||
}
|
||||
else if (kdfConfig.Type == KdfType.Argon2id)
|
||||
{
|
||||
var iterations = kdfConfig.Iterations.GetValueOrDefault(Constants.Argon2Iterations);
|
||||
var memory = kdfConfig.Memory.GetValueOrDefault(Constants.Argon2MemoryInMB) * 1024;
|
||||
var parallelism = kdfConfig.Parallelism.GetValueOrDefault(Constants.Argon2Parallelism);
|
||||
|
||||
if (kdfConfig.Iterations < 2)
|
||||
{
|
||||
throw new Exception("Argon2 iterations minimum is 2");
|
||||
}
|
||||
|
||||
if (kdfConfig.Memory < 16)
|
||||
{
|
||||
throw new Exception("Argon2 memory minimum is 16 MB");
|
||||
}
|
||||
else if (kdfConfig.Memory > 1024)
|
||||
{
|
||||
throw new Exception("Argon2 memory maximum is 1024 MB");
|
||||
}
|
||||
|
||||
if (kdfConfig.Parallelism < 1)
|
||||
{
|
||||
throw new Exception("Argon2 parallelism minimum is 1");
|
||||
}
|
||||
|
||||
var saltHash = await _cryptoFunctionService.HashAsync(salt, CryptoHashAlgorithm.Sha256);
|
||||
key = await _cryptoFunctionService.Argon2Async(password, saltHash, iterations, memory, parallelism);
|
||||
}
|
||||
else
|
||||
{
|
||||
throw new Exception("Unknown kdf.");
|
||||
}
|
||||
return new SymmetricCryptoKey(key);
|
||||
}
|
||||
|
||||
private class EncryptedObject
|
||||
{
|
||||
public byte[] Iv { get; set; }
|
||||
@@ -1049,53 +1097,6 @@ namespace Bit.Core.Services
|
||||
await SetKeyAsync(key);
|
||||
}
|
||||
|
||||
public async Task<SymmetricCryptoKey> MakeKeyAsync(string password, string salt, KdfConfig kdfConfig)
|
||||
{
|
||||
byte[] key = null;
|
||||
if (kdfConfig.Type == null || kdfConfig.Type == KdfType.PBKDF2_SHA256)
|
||||
{
|
||||
var iterations = kdfConfig.Iterations.GetValueOrDefault(5000);
|
||||
if (iterations < 5000)
|
||||
{
|
||||
throw new Exception("PBKDF2 iteration minimum is 5000.");
|
||||
}
|
||||
key = await _cryptoFunctionService.Pbkdf2Async(password, salt,
|
||||
CryptoHashAlgorithm.Sha256, iterations);
|
||||
}
|
||||
else if (kdfConfig.Type == KdfType.Argon2id)
|
||||
{
|
||||
var iterations = kdfConfig.Iterations.GetValueOrDefault(Constants.Argon2Iterations);
|
||||
var memory = kdfConfig.Memory.GetValueOrDefault(Constants.Argon2MemoryInMB) * 1024;
|
||||
var parallelism = kdfConfig.Parallelism.GetValueOrDefault(Constants.Argon2Parallelism);
|
||||
|
||||
if (kdfConfig.Iterations < 2)
|
||||
{
|
||||
throw new Exception("Argon2 iterations minimum is 2");
|
||||
}
|
||||
|
||||
if (kdfConfig.Memory < 16)
|
||||
{
|
||||
throw new Exception("Argon2 memory minimum is 16 MB");
|
||||
}
|
||||
else if (kdfConfig.Memory > 1024)
|
||||
{
|
||||
throw new Exception("Argon2 memory maximum is 1024 MB");
|
||||
}
|
||||
|
||||
if (kdfConfig.Parallelism < 1)
|
||||
{
|
||||
throw new Exception("Argon2 parallelism minimum is 1");
|
||||
}
|
||||
|
||||
var saltHash = await _cryptoFunctionService.HashAsync(salt, CryptoHashAlgorithm.Sha256);
|
||||
key = await _cryptoFunctionService.Argon2Async(password, saltHash, iterations, memory, parallelism);
|
||||
}
|
||||
else
|
||||
{
|
||||
throw new Exception("Unknown kdf.");
|
||||
}
|
||||
return new SymmetricCryptoKey(key);
|
||||
}
|
||||
|
||||
public async Task<SymmetricCryptoKey> MakeKeyFromPinAsync(string pin, string salt,
|
||||
KdfConfig config, EncString protectedKeyCs = null)
|
||||
|
||||
Reference in New Issue
Block a user