use user kdf settings for making PIN key

2019-02-13 00:04:31 -05:00 · 2019-02-13 00:04:31 -05:00 · 53260a5be8
parent 7a1e7b5474
commit 53260a5be8
3 changed files with 28 additions and 31 deletions
--- a/src/abstractions/crypto.service.ts
+++ b/src/abstractions/crypto.service.ts
@ -32,7 +32,7 @@ export abstract class CryptoService {
    makeKey: (password: string, salt: string, kdf: KdfType, kdfIterations: number) => Promise<SymmetricCryptoKey>;
    makeShareKey: () => Promise<[CipherString, SymmetricCryptoKey]>;
    makeKeyPair: (key?: SymmetricCryptoKey) => Promise<[string, CipherString]>;
-    makePinKey: (pin: string, salt: string) => Promise<SymmetricCryptoKey>;
+    makePinKey: (pin: string, salt: string, kdf: KdfType, kdfIterations: number) => Promise<SymmetricCryptoKey>;
    hashPassword: (password: string, key: SymmetricCryptoKey) => Promise<string>;
    makeEncKey: (key: SymmetricCryptoKey) => Promise<[SymmetricCryptoKey, CipherString]>;
    remakeEncKey: (key: SymmetricCryptoKey) => Promise<[SymmetricCryptoKey, CipherString]>;
--- a/src/angular/components/lock.component.ts
+++ b/src/angular/components/lock.component.ts
@ -37,18 +37,25 @@ export class LockComponent implements OnInit {
    }

    async submit() {
-        // PIN
-        if (this.pinLock) {
-            if (this.pin == null || this.pin === '') {
-                this.platformUtilsService.showToast('error', this.i18nService.t('errorOccurred'),
-                    this.i18nService.t('pinRequired'));
-                return;
-            }
+        if (this.pinLock && (this.pin == null || this.pin === '')) {
+            this.platformUtilsService.showToast('error', this.i18nService.t('errorOccurred'),
+                this.i18nService.t('pinRequired'));
+            return;
+        }
+        if (!this.pinLock && (this.masterPassword == null || this.masterPassword === '')) {
+            this.platformUtilsService.showToast('error', this.i18nService.t('errorOccurred'),
+                this.i18nService.t('masterPassRequired'));
+            return;
+        }

+        const kdf = await this.userService.getKdf();
+        const kdfIterations = await this.userService.getKdfIterations();
+
+        if (this.pinLock) {
            const pinProtectedKey = await this.storageService.get<string>(ConstantsService.pinProtectedKey);
            try {
                const protectedKeyCs = new CipherString(pinProtectedKey);
-                const pinKey = await this.cryptoService.makePinKey(this.pin, this.email);
+                const pinKey = await this.cryptoService.makePinKey(this.pin, this.email, kdf, kdfIterations);
                const decKey = await this.cryptoService.decryptToBytes(protectedKeyCs, pinKey);
                await this.setKeyAndContinue(new SymmetricCryptoKey(decKey));
            } catch {
@ -60,27 +67,17 @@ export class LockComponent implements OnInit {
                this.platformUtilsService.showToast('error', this.i18nService.t('errorOccurred'),
                    this.i18nService.t('invalidPin'));
            }
-            return;
-        }
-
-        // Master Password
-        if (this.masterPassword == null || this.masterPassword === '') {
-            this.platformUtilsService.showToast('error', this.i18nService.t('errorOccurred'),
-                this.i18nService.t('masterPassRequired'));
-            return;
-        }
-
-        const kdf = await this.userService.getKdf();
-        const kdfIterations = await this.userService.getKdfIterations();
-        const key = await this.cryptoService.makeKey(this.masterPassword, this.email, kdf, kdfIterations);
-        const keyHash = await this.cryptoService.hashPassword(this.masterPassword, key);
-        const storedKeyHash = await this.cryptoService.getKeyHash();
-
-        if (storedKeyHash != null && keyHash != null && storedKeyHash === keyHash) {
-            this.setKeyAndContinue(key);
        } else {
-            this.platformUtilsService.showToast('error', this.i18nService.t('errorOccurred'),
-                this.i18nService.t('invalidMasterPassword'));
+            const key = await this.cryptoService.makeKey(this.masterPassword, this.email, kdf, kdfIterations);
+            const keyHash = await this.cryptoService.hashPassword(this.masterPassword, key);
+            const storedKeyHash = await this.cryptoService.getKeyHash();
+
+            if (storedKeyHash != null && keyHash != null && storedKeyHash === keyHash) {
+                this.setKeyAndContinue(key);
+            } else {
+                this.platformUtilsService.showToast('error', this.i18nService.t('errorOccurred'),
+                    this.i18nService.t('invalidMasterPassword'));
+            }
        }
    }

--- a/src/services/crypto.service.ts
+++ b/src/services/crypto.service.ts
@ -324,8 +324,8 @@ export class CryptoService implements CryptoServiceAbstraction {
        return [publicB64, privateEnc];
    }

-    async makePinKey(pin: string, salt: string): Promise<SymmetricCryptoKey> {
-        const pinKey = await this.makeKey(pin, salt, KdfType.PBKDF2_SHA256, 100000);
+    async makePinKey(pin: string, salt: string, kdf: KdfType, kdfIterations: number): Promise<SymmetricCryptoKey> {
+        const pinKey = await this.makeKey(pin, salt, kdf, kdfIterations);
        return await this.stretchKey(pinKey);
    }