1
0
mirror of https://github.com/bitwarden/browser.git synced 2024-11-27 12:36:14 +01:00

Fix separate key storage for non desktop (#409)

* Handle non-desktop, non-split key storage

* Reset vaultTimeoutService on clear.

Fixes issues where unlock was required after login

* Specify electron as desktop client

* Use ElelectronCryptoService to handle desktop-specific tasks

* Linter fixes
This commit is contained in:
Matt Gibson 2021-06-15 09:55:57 -05:00 committed by GitHub
parent d63ee1858d
commit 1f83c3c1ba
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 86 additions and 50 deletions

View File

@ -25,7 +25,7 @@ import { sequentialize } from '../misc/sequentialize';
import { Utils } from '../misc/utils';
import { EEFLongWordList } from '../misc/wordlist';
const Keys = {
export const Keys = {
key: 'key', // Master Key
encOrgKeys: 'encOrgKeys',
encPrivateKey: 'encPrivateKey',
@ -42,25 +42,15 @@ export class CryptoService implements CryptoServiceAbstraction {
private privateKey: ArrayBuffer;
private orgKeys: Map<string, SymmetricCryptoKey>;
constructor(private storageService: StorageService, private secureStorageService: StorageService,
private cryptoFunctionService: CryptoFunctionService, private platformUtilService: PlatformUtilsService,
private logService: LogService) {
constructor(private storageService: StorageService, protected secureStorageService: StorageService,
private cryptoFunctionService: CryptoFunctionService, protected platformUtilService: PlatformUtilsService,
protected logService: LogService) {
}
async setKey(key: SymmetricCryptoKey): Promise<any> {
this.key = key;
if (await this.shouldStoreKey('auto')) {
await this.secureStorageService.save(Keys.key, key.keyB64, { keySuffix: 'auto' });
} else {
this.clearStoredKey('auto');
}
if (await this.shouldStoreKey('biometric')) {
await this.secureStorageService.save(Keys.key, key.keyB64, { keySuffix: 'biometric' });
} else {
this.clearStoredKey('biometric');
}
await this.storeKey(key);
}
setKeyHash(keyHash: string): Promise<{}> {
@ -288,9 +278,8 @@ export class CryptoService implements CryptoServiceAbstraction {
return this.key != null;
}
async hasKeyStored(keySuffix: KeySuffixOptions): Promise<boolean> {
await this.upgradeSecurelyStoredKey();
return await this.secureStorageService.has(Keys.key, { keySuffix: keySuffix });
hasKeyStored(keySuffix: KeySuffixOptions): Promise<boolean> {
return this.secureStorageService.has(Keys.key, { keySuffix: keySuffix });
}
async hasEncKey(): Promise<boolean> {
@ -651,7 +640,15 @@ export class CryptoService implements CryptoServiceAbstraction {
// Helpers
private async shouldStoreKey(keySuffix: KeySuffixOptions) {
protected async storeKey(key: SymmetricCryptoKey) {
if (await this.shouldStoreKey('auto') || await this.shouldStoreKey('biometric')) {
this.secureStorageService.save(Keys.key, key.keyB64);
} else {
this.secureStorageService.remove(Keys.key);
}
}
protected async shouldStoreKey(keySuffix: KeySuffixOptions) {
let shouldStoreKey = false;
if (keySuffix === 'auto') {
const vaultTimeout = await this.storageService.get<number>(ConstantsService.vaultTimeoutKey);
@ -663,37 +660,8 @@ export class CryptoService implements CryptoServiceAbstraction {
return shouldStoreKey;
}
private async retrieveKeyFromStorage(keySuffix: KeySuffixOptions) {
await this.upgradeSecurelyStoredKey();
return await this.secureStorageService.get<string>(Keys.key, { keySuffix: keySuffix });
}
/**
* @deprecated 4 Jun 2021 This is temporary upgrade method to move from a single shared stored key to
* multiple, unique stored keys for each use, e.g. never logout vs. biometric authentication.
*/
private async upgradeSecurelyStoredKey() {
// attempt key upgrade, but if we fail just delete it. Keys will be stored property upon unlock anyway.
const key = await this.secureStorageService.get<string>(Keys.key);
if (key == null) {
return;
}
try {
if (await this.shouldStoreKey('auto')) {
await this.secureStorageService.save(Keys.key, key, { keySuffix: 'auto' });
}
if (await this.shouldStoreKey('biometric')) {
await this.secureStorageService.save(Keys.key, key, { keySuffix: 'biometric' });
}
} catch (e) {
this.logService.error(`Encountered error while upgrading obsolete Bitwarden secure storage item:`);
this.logService.error(e);
}
await this.secureStorageService.remove(Keys.key);
protected retrieveKeyFromStorage(keySuffix: KeySuffixOptions) {
return this.secureStorageService.get<string>(Keys.key, { keySuffix: keySuffix });
}
private async aesEncrypt(data: ArrayBuffer, key: SymmetricCryptoKey): Promise<EncryptedObject> {

View File

@ -148,6 +148,8 @@ export class VaultTimeoutService implements VaultTimeoutServiceAbstraction {
}
clear(): Promise<any> {
this.everBeenUnlocked = false;
this.manuallyOrTimerLocked = false;
this.pinProtectedKey = null;
return this.storageService.remove(ConstantsService.protectedPin);
}

View File

@ -0,0 +1,66 @@
import { CryptoFunctionService } from 'jslib-common/abstractions/cryptoFunction.service';
import { LogService } from 'jslib-common/abstractions/log.service';
import { PlatformUtilsService } from 'jslib-common/abstractions/platformUtils.service';
import { KeySuffixOptions, StorageService } from 'jslib-common/abstractions/storage.service';
import { SymmetricCryptoKey } from 'jslib-common/models/domain/symmetricCryptoKey';
import { CryptoService, Keys } from 'jslib-common/services/crypto.service';
export class ElectronCryptoService extends CryptoService {
constructor(storageService: StorageService, secureStorageService: StorageService,
cryptoFunctionService: CryptoFunctionService, platformUtilService: PlatformUtilsService,
logService: LogService) {
super(storageService, secureStorageService, cryptoFunctionService, platformUtilService, logService);
}
async hasKeyStored(keySuffix: KeySuffixOptions): Promise<boolean> {
await this.upgradeSecurelyStoredKey();
return super.hasKeyStored(keySuffix);
}
protected async storeKey(key: SymmetricCryptoKey) {
if (await this.shouldStoreKey('auto')) {
await this.secureStorageService.save(Keys.key, key.keyB64, { keySuffix: 'auto' });
} else {
this.clearStoredKey('auto');
}
if (await this.shouldStoreKey('biometric')) {
await this.secureStorageService.save(Keys.key, key.keyB64, { keySuffix: 'biometric' });
} else {
this.clearStoredKey('biometric');
}
}
protected async retrieveKeyFromStorage(keySuffix: KeySuffixOptions) {
await this.upgradeSecurelyStoredKey();
return super.retrieveKeyFromStorage(keySuffix);
}
/**
* @deprecated 4 Jun 2021 This is temporary upgrade method to move from a single shared stored key to
* multiple, unique stored keys for each use, e.g. never logout vs. biometric authentication.
*/
private async upgradeSecurelyStoredKey() {
// attempt key upgrade, but if we fail just delete it. Keys will be stored property upon unlock anyway.
const key = await this.secureStorageService.get<string>(Keys.key);
if (key == null) {
return;
}
try {
if (await this.shouldStoreKey('auto')) {
await this.secureStorageService.save(Keys.key, key, { keySuffix: 'auto' });
}
if (await this.shouldStoreKey('biometric')) {
await this.secureStorageService.save(Keys.key, key, { keySuffix: 'biometric' });
}
} catch (e) {
this.logService.error(`Encountered error while upgrading obsolete Bitwarden secure storage item:`);
this.logService.error(e);
}
await this.secureStorageService.remove(Keys.key);
}
}