mirror of
https://github.com/bitwarden/mobile
synced 2025-12-15 07:43:37 +00:00
[PM-2713] PR feedback
This commit is contained in:
Jacob Fink
@@ -36,7 +36,7 @@ namespace Bit.Core.Abstractions
|
||||
Task<OrgKey> GetOrgKeyAsync(string orgId);
|
||||
Task<Dictionary<string, OrgKey>> GetOrgKeysAsync();
|
||||
Task ClearOrgKeysAsync(bool memoryOnly = false, string userId = null);
|
||||
Task<byte[]> GetPublicKeyAsync();
|
||||
Task<byte[]> GetUserPublicKeyAsync();
|
||||
Task SetUserPrivateKeyAsync(string encPrivateKey);
|
||||
Task<byte[]> GetUserPrivateKeyAsync();
|
||||
Task<List<string>> GetFingerprintAsync(string userId, byte[] publicKey = null);
|
||||
|
||||
@@ -56,7 +56,7 @@ namespace Bit.Core.Services
|
||||
// Refresh the Pin Key if the user has a Pin set
|
||||
if (await _stateService.GetProtectedPinAsync(userId) != null)
|
||||
{
|
||||
await StorePinKey(userKey, userId);
|
||||
await UpdateUserKeyPinAsync(userKey, userId);
|
||||
}
|
||||
else
|
||||
{
|
||||
@@ -174,7 +174,7 @@ namespace Bit.Core.Services
|
||||
}
|
||||
else
|
||||
{
|
||||
throw new Exception("Unsupported encKey type.");
|
||||
throw new Exception($"Unsupported encrypted user key type: {encUserKey.EncryptionType}");
|
||||
}
|
||||
|
||||
if (decUserKey == null)
|
||||
@@ -184,40 +184,45 @@ namespace Bit.Core.Services
|
||||
return new UserKey(decUserKey);
|
||||
}
|
||||
|
||||
public async Task<Tuple<SymmetricCryptoKey, EncString>> MakeDataEncKeyAsync(UserKey key)
|
||||
public async Task<Tuple<SymmetricCryptoKey, EncString>> MakeDataEncKeyAsync(UserKey userKey)
|
||||
{
|
||||
if (key == null)
|
||||
if (userKey is null)
|
||||
{
|
||||
throw new Exception("No user key provided");
|
||||
throw new ArgumentNullException(nameof(userKey));
|
||||
}
|
||||
|
||||
var newSymKey = await _cryptoFunctionService.RandomBytesAsync(64);
|
||||
return await BuildProtectedSymmetricKey(key, newSymKey, keyBytes => new SymmetricCryptoKey(keyBytes));
|
||||
return await BuildProtectedSymmetricKey(userKey, newSymKey, keyBytes => new SymmetricCryptoKey(keyBytes));
|
||||
}
|
||||
|
||||
public async Task<Tuple<SymmetricCryptoKey, EncString>> MakeDataEncKeyAsync(OrgKey key)
|
||||
public async Task<Tuple<SymmetricCryptoKey, EncString>> MakeDataEncKeyAsync(OrgKey orgKey)
|
||||
{
|
||||
if (key == null)
|
||||
if (orgKey is null)
|
||||
{
|
||||
throw new Exception("No org key provided");
|
||||
throw new ArgumentNullException(nameof(orgKey));
|
||||
}
|
||||
|
||||
var newSymKey = await _cryptoFunctionService.RandomBytesAsync(64);
|
||||
return await BuildProtectedSymmetricKey(key, newSymKey, keyBytes => new SymmetricCryptoKey(keyBytes));
|
||||
return await BuildProtectedSymmetricKey(orgKey, newSymKey, keyBytes => new SymmetricCryptoKey(keyBytes));
|
||||
}
|
||||
|
||||
public async Task<string> HashMasterKeyAsync(string password, MasterKey masterKey, HashPurpose hashPurpose = HashPurpose.ServerAuthorization)
|
||||
{
|
||||
if (masterKey == null)
|
||||
if (password is null)
|
||||
{
|
||||
throw new ArgumentNullException(nameof(password));
|
||||
}
|
||||
|
||||
if (masterKey is null)
|
||||
{
|
||||
masterKey = await GetMasterKeyAsync();
|
||||
}
|
||||
if (password == null || masterKey == null)
|
||||
|
||||
if (masterKey is null)
|
||||
{
|
||||
throw new Exception("Invalid parameters.");
|
||||
throw new ArgumentNullException(nameof(masterKey));
|
||||
}
|
||||
var iterations = hashPurpose == HashPurpose.LocalAuthorization ? 2 : 1;
|
||||
var hash = await _cryptoFunctionService.Pbkdf2Async(masterKey.Key, password, CryptoHashAlgorithm.Sha256, iterations);
|
||||
}
|
||||
var hash = await _cryptoFunctionService.Pbkdf2Async(masterKey.Key, password, CryptoHashAlgorithm.Sha256, (int)hashPurpose);
|
||||
return Convert.ToBase64String(hash);
|
||||
}
|
||||
|
||||
@@ -259,7 +264,7 @@ namespace Bit.Core.Services
|
||||
}
|
||||
|
||||
var serverPasswordHash = await HashMasterKeyAsync(masterPassword, key, HashPurpose.ServerAuthorization);
|
||||
if (serverPasswordHash != null & storedPasswordHash == serverPasswordHash)
|
||||
if (serverPasswordHash != null && storedPasswordHash == serverPasswordHash)
|
||||
{
|
||||
await SetMasterKeyHashAsync(localPasswordHash);
|
||||
return true;
|
||||
@@ -283,11 +288,11 @@ namespace Bit.Core.Services
|
||||
return null;
|
||||
}
|
||||
var orgKeys = await GetOrgKeysAsync();
|
||||
if (orgKeys == null || !orgKeys.ContainsKey(orgId))
|
||||
if (orgKeys?.TryGetValue(orgId, out var orgKey) == true)
|
||||
{
|
||||
return null;
|
||||
return orgKey;
|
||||
}
|
||||
return orgKeys[orgId];
|
||||
return null;
|
||||
}
|
||||
|
||||
public Task<Dictionary<string, OrgKey>> GetOrgKeysAsync()
|
||||
@@ -343,7 +348,7 @@ namespace Bit.Core.Services
|
||||
}
|
||||
}
|
||||
|
||||
public async Task<byte[]> GetPublicKeyAsync()
|
||||
public async Task<byte[]> GetUserPublicKeyAsync()
|
||||
{
|
||||
if (_publicKey != null)
|
||||
{
|
||||
@@ -387,7 +392,7 @@ namespace Bit.Core.Services
|
||||
{
|
||||
if (publicKey == null)
|
||||
{
|
||||
publicKey = await GetPublicKeyAsync();
|
||||
publicKey = await GetUserPublicKeyAsync();
|
||||
}
|
||||
if (publicKey == null)
|
||||
{
|
||||
@@ -427,7 +432,7 @@ namespace Bit.Core.Services
|
||||
_stateService.SetUserKeyPinAsync(null, userId),
|
||||
_stateService.SetUserKeyPinEphemeralAsync(null, userId),
|
||||
_stateService.SetProtectedPinAsync(null, userId),
|
||||
clearDeprecatedPinKeysAsync(userId));
|
||||
ClearDeprecatedPinKeysAsync(userId));
|
||||
}
|
||||
|
||||
public async Task<UserKey> DecryptUserKeyWithPinAsync(string pin, string salt, KdfConfig kdfConfig, EncString pinProtectedUserKey = null)
|
||||
@@ -439,8 +444,8 @@ namespace Bit.Core.Services
|
||||
throw new Exception("No PIN protected user key found.");
|
||||
}
|
||||
var pinKey = await MakePinKeyAsync(pin, salt, kdfConfig);
|
||||
var userKey = await DecryptToBytesAsync(pinProtectedUserKey, pinKey);
|
||||
return new UserKey(userKey);
|
||||
var userKeyBytes = await DecryptToBytesAsync(pinProtectedUserKey, pinKey);
|
||||
return new UserKey(userKeyBytes);
|
||||
}
|
||||
|
||||
// Only for migration purposes
|
||||
@@ -474,7 +479,7 @@ namespace Bit.Core.Services
|
||||
{
|
||||
if (publicKey == null)
|
||||
{
|
||||
publicKey = await GetPublicKeyAsync();
|
||||
publicKey = await GetUserPublicKeyAsync();
|
||||
}
|
||||
if (publicKey == null)
|
||||
{
|
||||
@@ -668,7 +673,7 @@ namespace Bit.Core.Services
|
||||
|
||||
// --HELPER METHODS--
|
||||
|
||||
private async Task StorePinKey(UserKey userKey, string userId = null)
|
||||
private async Task UpdateUserKeyPinAsync(UserKey userKey, string userId = null)
|
||||
{
|
||||
var pin = await DecryptToUtf8Async(new EncString(await _stateService.GetProtectedPinAsync(userId)));
|
||||
var pinKey = await MakePinKeyAsync(
|
||||
@@ -974,7 +979,7 @@ namespace Bit.Core.Services
|
||||
return userKey;
|
||||
}
|
||||
|
||||
public Task clearDeprecatedPinKeysAsync(string userId = null)
|
||||
public Task ClearDeprecatedPinKeysAsync(string userId = null)
|
||||
{
|
||||
return Task.WhenAll(
|
||||
_stateService.SetPinProtectedAsync(null, userId),
|
||||
|
||||
@@ -229,23 +229,20 @@ namespace Bit.Core.Services
|
||||
{
|
||||
// we can't depend on only the protected pin being set because old
|
||||
// versions only used it for MP on Restart
|
||||
var pinIsEnabled = await _stateService.GetProtectedPinAsync(userId);
|
||||
var userKeyPin = await _stateService.GetUserKeyPinAsync(userId);
|
||||
var oldUserKeyPin = await _stateService.GetPinProtectedAsync(userId);
|
||||
var isPinEnabled = await _stateService.GetProtectedPinAsync(userId) != null;
|
||||
var hasUserKeyPin = await _stateService.GetUserKeyPinAsync(userId) != null;
|
||||
var hasOldUserKeyPin = await _stateService.GetPinProtectedAsync(userId) != null;
|
||||
|
||||
if (userKeyPin != null || oldUserKeyPin != null)
|
||||
if (hasUserKeyPin || hasOldUserKeyPin)
|
||||
{
|
||||
return PinLockType.Persistent;
|
||||
}
|
||||
else if (pinIsEnabled != null && userKeyPin == null && oldUserKeyPin == null)
|
||||
else if (isPinEnabled && !hasUserKeyPin && !hasOldUserKeyPin)
|
||||
{
|
||||
return PinLockType.Transient;
|
||||
}
|
||||
else
|
||||
{
|
||||
return PinLockType.Disabled;
|
||||
}
|
||||
}
|
||||
|
||||
public async Task<bool> IsBiometricLockSetAsync(string userId = null)
|
||||
{
|
||||
|
||||
@@ -30,7 +30,7 @@ namespace Bit.iOS.Core.Controllers
|
||||
private IBiometricService _biometricService;
|
||||
private IKeyConnectorService _keyConnectorService;
|
||||
private IAccountsManager _accountManager;
|
||||
private PinLockEnum _pinStatus;
|
||||
private PinLockType _pinStatus;
|
||||
private bool _pinEnabled;
|
||||
private bool _biometricEnabled;
|
||||
private bool _biometricIntegrityValid = true;
|
||||
@@ -104,7 +104,7 @@ namespace Bit.iOS.Core.Controllers
|
||||
if (autofillExtension && await _stateService.GetPasswordRepromptAutofillAsync())
|
||||
{
|
||||
_passwordReprompt = true;
|
||||
_pinStatus = PinLockEnum.Disabled;
|
||||
_pinStatus = PinLockType.Disabled;
|
||||
_pinEnabled = false;
|
||||
_biometricEnabled = false;
|
||||
}
|
||||
@@ -114,8 +114,8 @@ namespace Bit.iOS.Core.Controllers
|
||||
|
||||
var ephemeralPinSet = await _stateService.GetUserKeyPinEphemeralAsync()
|
||||
?? await _stateService.GetPinProtectedKeyAsync();
|
||||
_pinEnabled = (_pinStatus == PinLockEnum.Transient && ephemeralPinSet != null) ||
|
||||
_pinStatus == PinLockEnum.Persistent;
|
||||
_pinEnabled = (_pinStatus == PinLockType.Transient && ephemeralPinSet != null) ||
|
||||
_pinStatus == PinLockType.Persistent;
|
||||
|
||||
_biometricEnabled = await _vaultTimeoutService.IsBiometricLockSetAsync()
|
||||
&& await _cryptoService.HasEncryptedUserKeyAsync();
|
||||
@@ -257,13 +257,13 @@ namespace Bit.iOS.Core.Controllers
|
||||
{
|
||||
EncString userKeyPin = null;
|
||||
EncString oldPinProtected = null;
|
||||
if (_pinStatus == PinLockEnum.Persistent)
|
||||
if (_pinStatus == PinLockType.Persistent)
|
||||
{
|
||||
userKeyPin = await _stateService.GetUserKeyPinAsync();
|
||||
var oldEncryptedKey = await _stateService.GetPinProtectedAsync();
|
||||
oldPinProtected = oldEncryptedKey != null ? new EncString(oldEncryptedKey) : null;
|
||||
}
|
||||
else if (_pinStatus == PinLockEnum.Transient)
|
||||
else if (_pinStatus == PinLockType.Transient)
|
||||
{
|
||||
userKeyPin = await _stateService.GetUserKeyPinEphemeralAsync();
|
||||
oldPinProtected = await _stateService.GetPinProtectedKeyAsync();
|
||||
@@ -273,7 +273,7 @@ namespace Bit.iOS.Core.Controllers
|
||||
if (oldPinProtected != null)
|
||||
{
|
||||
userKey = await _cryptoService.DecryptAndMigrateOldPinKeyAsync(
|
||||
_pinStatus == PinLockEnum.Transient,
|
||||
_pinStatus == PinLockType.Transient,
|
||||
inputtedValue,
|
||||
email,
|
||||
kdfConfig,
|
||||
|
||||
@@ -1,20 +1,20 @@
|
||||
using System;
|
||||
using UIKit;
|
||||
using Foundation;
|
||||
using Bit.iOS.Core.Views;
|
||||
using Bit.App.Resources;
|
||||
using Bit.iOS.Core.Utilities;
|
||||
using Bit.App.Abstractions;
|
||||
using Bit.Core.Abstractions;
|
||||
using Bit.Core.Utilities;
|
||||
using System.Threading.Tasks;
|
||||
using Bit.App.Utilities;
|
||||
using Bit.Core.Models.Domain;
|
||||
using Bit.Core.Enums;
|
||||
using Bit.App.Pages;
|
||||
using Bit.App.Abstractions;
|
||||
using Bit.App.Models;
|
||||
using Xamarin.Forms;
|
||||
using Bit.App.Pages;
|
||||
using Bit.App.Resources;
|
||||
using Bit.App.Utilities;
|
||||
using Bit.Core.Abstractions;
|
||||
using Bit.Core.Enums;
|
||||
using Bit.Core.Models.Domain;
|
||||
using Bit.Core.Services;
|
||||
using Bit.Core.Utilities;
|
||||
using Bit.iOS.Core.Utilities;
|
||||
using Bit.iOS.Core.Views;
|
||||
using Foundation;
|
||||
using UIKit;
|
||||
using Xamarin.Forms;
|
||||
|
||||
namespace Bit.iOS.Core.Controllers
|
||||
{
|
||||
@@ -30,7 +30,7 @@ namespace Bit.iOS.Core.Controllers
|
||||
private IPlatformUtilsService _platformUtilsService;
|
||||
private IBiometricService _biometricService;
|
||||
private IKeyConnectorService _keyConnectorService;
|
||||
private PinLockEnum _pinStatus;
|
||||
private PinLockType _pinStatus;
|
||||
private bool _pinEnabled;
|
||||
private bool _biometricEnabled;
|
||||
private bool _biometricIntegrityValid = true;
|
||||
@@ -96,7 +96,7 @@ namespace Bit.iOS.Core.Controllers
|
||||
if (autofillExtension && await _stateService.GetPasswordRepromptAutofillAsync())
|
||||
{
|
||||
_passwordReprompt = true;
|
||||
_pinStatus = PinLockEnum.Disabled;
|
||||
_pinStatus = PinLockType.Disabled;
|
||||
_pinEnabled = false;
|
||||
_biometricEnabled = false;
|
||||
}
|
||||
@@ -106,8 +106,8 @@ namespace Bit.iOS.Core.Controllers
|
||||
|
||||
var ephemeralPinSet = await _stateService.GetUserKeyPinEphemeralAsync()
|
||||
?? await _stateService.GetPinProtectedKeyAsync();
|
||||
_pinEnabled = (_pinStatus == PinLockEnum.Transient && ephemeralPinSet != null) ||
|
||||
_pinStatus == PinLockEnum.Persistent;
|
||||
_pinEnabled = (_pinStatus == PinLockType.Transient && ephemeralPinSet != null) ||
|
||||
_pinStatus == PinLockType.Persistent;
|
||||
|
||||
_biometricEnabled = await _vaultTimeoutService.IsBiometricLockSetAsync()
|
||||
&& await _cryptoService.HasEncryptedUserKeyAsync();
|
||||
@@ -224,13 +224,13 @@ namespace Bit.iOS.Core.Controllers
|
||||
{
|
||||
EncString userKeyPin = null;
|
||||
EncString oldPinProtected = null;
|
||||
if (_pinStatus == PinLockEnum.Persistent)
|
||||
if (_pinStatus == PinLockType.Persistent)
|
||||
{
|
||||
userKeyPin = await _stateService.GetUserKeyPinAsync();
|
||||
var oldEncryptedKey = await _stateService.GetPinProtectedAsync();
|
||||
oldPinProtected = oldEncryptedKey != null ? new EncString(oldEncryptedKey) : null;
|
||||
}
|
||||
else if (_pinStatus == PinLockEnum.Transient)
|
||||
else if (_pinStatus == PinLockType.Transient)
|
||||
{
|
||||
userKeyPin = await _stateService.GetUserKeyPinEphemeralAsync();
|
||||
oldPinProtected = await _stateService.GetPinProtectedKeyAsync();
|
||||
@@ -240,7 +240,7 @@ namespace Bit.iOS.Core.Controllers
|
||||
if (oldPinProtected != null)
|
||||
{
|
||||
userKey = await _cryptoService.DecryptAndMigrateOldPinKeyAsync(
|
||||
_pinStatus == PinLockEnum.Transient,
|
||||
_pinStatus == PinLockType.Transient,
|
||||
inputtedValue,
|
||||
email,
|
||||
kdfConfig,
|
||||
|
||||
Reference in New Issue
Block a user