From 53260a5be8456f5d45fe68dfcac59dc28ab4e8c2 Mon Sep 17 00:00:00 2001
From: Kyle Spearrin <kyle.spearrin@gmail.com>
Date: Wed, 13 Feb 2019 00:04:31 -0500
Subject: [PATCH] use user kdf settings for making PIN key

---
 src/abstractions/crypto.service.ts       |  2 +-
 src/angular/components/lock.component.ts | 53 +++++++++++-------------
 src/services/crypto.service.ts           |  4 +-
 3 files changed, 28 insertions(+), 31 deletions(-)

diff --git a/src/abstractions/crypto.service.ts b/src/abstractions/crypto.service.ts
index 11eb21fcf1..889500c40f 100644
--- a/src/abstractions/crypto.service.ts
+++ b/src/abstractions/crypto.service.ts
@@ -32,7 +32,7 @@ export abstract class CryptoService {
     makeKey: (password: string, salt: string, kdf: KdfType, kdfIterations: number) => Promise<SymmetricCryptoKey>;
     makeShareKey: () => Promise<[CipherString, SymmetricCryptoKey]>;
     makeKeyPair: (key?: SymmetricCryptoKey) => Promise<[string, CipherString]>;
-    makePinKey: (pin: string, salt: string) => Promise<SymmetricCryptoKey>;
+    makePinKey: (pin: string, salt: string, kdf: KdfType, kdfIterations: number) => Promise<SymmetricCryptoKey>;
     hashPassword: (password: string, key: SymmetricCryptoKey) => Promise<string>;
     makeEncKey: (key: SymmetricCryptoKey) => Promise<[SymmetricCryptoKey, CipherString]>;
     remakeEncKey: (key: SymmetricCryptoKey) => Promise<[SymmetricCryptoKey, CipherString]>;
diff --git a/src/angular/components/lock.component.ts b/src/angular/components/lock.component.ts
index 5dac6ea04a..26d1cb9f5d 100644
--- a/src/angular/components/lock.component.ts
+++ b/src/angular/components/lock.component.ts
@@ -37,18 +37,25 @@ export class LockComponent implements OnInit {
     }
 
     async submit() {
-        // PIN
-        if (this.pinLock) {
-            if (this.pin == null || this.pin === '') {
-                this.platformUtilsService.showToast('error', this.i18nService.t('errorOccurred'),
-                    this.i18nService.t('pinRequired'));
-                return;
-            }
+        if (this.pinLock && (this.pin == null || this.pin === '')) {
+            this.platformUtilsService.showToast('error', this.i18nService.t('errorOccurred'),
+                this.i18nService.t('pinRequired'));
+            return;
+        }
+        if (!this.pinLock && (this.masterPassword == null || this.masterPassword === '')) {
+            this.platformUtilsService.showToast('error', this.i18nService.t('errorOccurred'),
+                this.i18nService.t('masterPassRequired'));
+            return;
+        }
 
+        const kdf = await this.userService.getKdf();
+        const kdfIterations = await this.userService.getKdfIterations();
+
+        if (this.pinLock) {
             const pinProtectedKey = await this.storageService.get<string>(ConstantsService.pinProtectedKey);
             try {
                 const protectedKeyCs = new CipherString(pinProtectedKey);
-                const pinKey = await this.cryptoService.makePinKey(this.pin, this.email);
+                const pinKey = await this.cryptoService.makePinKey(this.pin, this.email, kdf, kdfIterations);
                 const decKey = await this.cryptoService.decryptToBytes(protectedKeyCs, pinKey);
                 await this.setKeyAndContinue(new SymmetricCryptoKey(decKey));
             } catch {
@@ -60,27 +67,17 @@ export class LockComponent implements OnInit {
                 this.platformUtilsService.showToast('error', this.i18nService.t('errorOccurred'),
                     this.i18nService.t('invalidPin'));
             }
-            return;
-        }
-
-        // Master Password
-        if (this.masterPassword == null || this.masterPassword === '') {
-            this.platformUtilsService.showToast('error', this.i18nService.t('errorOccurred'),
-                this.i18nService.t('masterPassRequired'));
-            return;
-        }
-
-        const kdf = await this.userService.getKdf();
-        const kdfIterations = await this.userService.getKdfIterations();
-        const key = await this.cryptoService.makeKey(this.masterPassword, this.email, kdf, kdfIterations);
-        const keyHash = await this.cryptoService.hashPassword(this.masterPassword, key);
-        const storedKeyHash = await this.cryptoService.getKeyHash();
-
-        if (storedKeyHash != null && keyHash != null && storedKeyHash === keyHash) {
-            this.setKeyAndContinue(key);
         } else {
-            this.platformUtilsService.showToast('error', this.i18nService.t('errorOccurred'),
-                this.i18nService.t('invalidMasterPassword'));
+            const key = await this.cryptoService.makeKey(this.masterPassword, this.email, kdf, kdfIterations);
+            const keyHash = await this.cryptoService.hashPassword(this.masterPassword, key);
+            const storedKeyHash = await this.cryptoService.getKeyHash();
+
+            if (storedKeyHash != null && keyHash != null && storedKeyHash === keyHash) {
+                this.setKeyAndContinue(key);
+            } else {
+                this.platformUtilsService.showToast('error', this.i18nService.t('errorOccurred'),
+                    this.i18nService.t('invalidMasterPassword'));
+            }
         }
     }
 
diff --git a/src/services/crypto.service.ts b/src/services/crypto.service.ts
index c9979e1d84..865ec3bfc1 100644
--- a/src/services/crypto.service.ts
+++ b/src/services/crypto.service.ts
@@ -324,8 +324,8 @@ export class CryptoService implements CryptoServiceAbstraction {
         return [publicB64, privateEnc];
     }
 
-    async makePinKey(pin: string, salt: string): Promise<SymmetricCryptoKey> {
-        const pinKey = await this.makeKey(pin, salt, KdfType.PBKDF2_SHA256, 100000);
+    async makePinKey(pin: string, salt: string, kdf: KdfType, kdfIterations: number): Promise<SymmetricCryptoKey> {
+        const pinKey = await this.makeKey(pin, salt, kdf, kdfIterations);
         return await this.stretchKey(pinKey);
     }