1
0
mirror of https://github.com/bitwarden/browser.git synced 2024-11-27 12:36:14 +01:00

support for unlocking with PIN code

This commit is contained in:
Kyle Spearrin 2019-02-12 23:52:50 -05:00
parent 647b254a71
commit 7a1e7b5474
6 changed files with 72 additions and 8 deletions

View File

@ -26,11 +26,13 @@ export abstract class CryptoService {
clearEncKey: (memoryOnly?: boolean) => Promise<any>;
clearKeyPair: (memoryOnly?: boolean) => Promise<any>;
clearOrgKeys: (memoryOnly?: boolean) => Promise<any>;
clearPinProtectedKey: () => Promise<any>;
clearKeys: () => Promise<any>;
toggleKey: () => Promise<any>;
makeKey: (password: string, salt: string, kdf: KdfType, kdfIterations: number) => Promise<SymmetricCryptoKey>;
makeShareKey: () => Promise<[CipherString, SymmetricCryptoKey]>;
makeKeyPair: (key?: SymmetricCryptoKey) => Promise<[string, CipherString]>;
makePinKey: (pin: string, salt: string) => Promise<SymmetricCryptoKey>;
hashPassword: (password: string, key: SymmetricCryptoKey) => Promise<string>;
makeEncKey: (key: SymmetricCryptoKey) => Promise<[SymmetricCryptoKey, CipherString]>;
remakeEncKey: (key: SymmetricCryptoKey) => Promise<[SymmetricCryptoKey, CipherString]>;

View File

@ -2,4 +2,5 @@ export abstract class LockService {
checkLock: () => Promise<void>;
lock: () => Promise<void>;
setLockOption: (lockOption: number) => Promise<void>;
isPinLockSet: () => Promise<boolean>;
}

View File

@ -3,27 +3,67 @@ import { Router } from '@angular/router';
import { CryptoService } from '../../abstractions/crypto.service';
import { I18nService } from '../../abstractions/i18n.service';
import { LockService } from '../../abstractions/lock.service';
import { MessagingService } from '../../abstractions/messaging.service';
import { PlatformUtilsService } from '../../abstractions/platformUtils.service';
import { StorageService } from '../../abstractions/storage.service';
import { UserService } from '../../abstractions/user.service';
import { ConstantsService } from '../../services/constants.service';
import { CipherString } from '../../models/domain/cipherString';
import { SymmetricCryptoKey } from '../../models/domain/symmetricCryptoKey';
export class LockComponent implements OnInit {
masterPassword: string = '';
pin: string = '';
showPassword: boolean = false;
email: string;
pinLock: boolean = false;
protected successRoute: string = 'vault';
protected onSuccessfulSubmit: () => void;
private invalidPinAttempts = 0;
constructor(protected router: Router, protected i18nService: I18nService,
protected platformUtilsService: PlatformUtilsService, protected messagingService: MessagingService,
protected userService: UserService, protected cryptoService: CryptoService) { }
protected userService: UserService, protected cryptoService: CryptoService,
protected storageService: StorageService, protected lockService: LockService) { }
async ngOnInit() {
this.pinLock = await this.lockService.isPinLockSet();
this.email = await this.userService.getEmail();
}
async submit() {
// PIN
if (this.pinLock) {
if (this.pin == null || this.pin === '') {
this.platformUtilsService.showToast('error', this.i18nService.t('errorOccurred'),
this.i18nService.t('pinRequired'));
return;
}
const pinProtectedKey = await this.storageService.get<string>(ConstantsService.pinProtectedKey);
try {
const protectedKeyCs = new CipherString(pinProtectedKey);
const pinKey = await this.cryptoService.makePinKey(this.pin, this.email);
const decKey = await this.cryptoService.decryptToBytes(protectedKeyCs, pinKey);
await this.setKeyAndContinue(new SymmetricCryptoKey(decKey));
} catch {
this.invalidPinAttempts++;
if (this.invalidPinAttempts >= 5) {
this.messagingService.send('logout');
return;
}
this.platformUtilsService.showToast('error', this.i18nService.t('errorOccurred'),
this.i18nService.t('invalidPin'));
}
return;
}
// Master Password
if (this.masterPassword == null || this.masterPassword === '') {
this.platformUtilsService.showToast('error', this.i18nService.t('errorOccurred'),
this.i18nService.t('masterPassRequired'));
@ -37,13 +77,7 @@ export class LockComponent implements OnInit {
const storedKeyHash = await this.cryptoService.getKeyHash();
if (storedKeyHash != null && keyHash != null && storedKeyHash === keyHash) {
await this.cryptoService.setKey(key);
this.messagingService.send('unlocked');
if (this.onSuccessfulSubmit != null) {
this.onSuccessfulSubmit();
} else if (this.router != null) {
this.router.navigate([this.successRoute]);
}
this.setKeyAndContinue(key);
} else {
this.platformUtilsService.showToast('error', this.i18nService.t('errorOccurred'),
this.i18nService.t('invalidMasterPassword'));
@ -63,4 +97,14 @@ export class LockComponent implements OnInit {
this.showPassword = !this.showPassword;
document.getElementById('masterPassword').focus();
}
private async setKeyAndContinue(key: SymmetricCryptoKey) {
await this.cryptoService.setKey(key);
this.messagingService.send('unlocked');
if (this.onSuccessfulSubmit != null) {
this.onSuccessfulSubmit();
} else if (this.router != null) {
this.router.navigate([this.successRoute]);
}
}
}

View File

@ -18,6 +18,7 @@ export class ConstantsService {
static readonly dontShowCardsCurrentTab: string = 'dontShowCardsCurrentTab';
static readonly dontShowIdentitiesCurrentTab: string = 'dontShowIdentitiesCurrentTab';
static readonly defaultUriMatch: string = 'defaultUriMatch';
static readonly pinProtectedKey: string = 'pinProtectedKey';
readonly environmentUrlsKey: string = ConstantsService.environmentUrlsKey;
readonly disableGaKey: string = ConstantsService.disableGaKey;
@ -37,4 +38,5 @@ export class ConstantsService {
readonly dontShowCardsCurrentTab: string = ConstantsService.dontShowCardsCurrentTab;
readonly dontShowIdentitiesCurrentTab: string = ConstantsService.dontShowIdentitiesCurrentTab;
readonly defaultUriMatch: string = ConstantsService.defaultUriMatch;
readonly pinProtectedKey: string = ConstantsService.pinProtectedKey;
}

View File

@ -266,6 +266,10 @@ export class CryptoService implements CryptoServiceAbstraction {
return this.storageService.remove(Keys.encOrgKeys);
}
clearPinProtectedKey(): Promise<any> {
return this.storageService.remove(ConstantsService.pinProtectedKey);
}
clearKeys(): Promise<any> {
return Promise.all([
this.clearKey(),
@ -273,6 +277,7 @@ export class CryptoService implements CryptoServiceAbstraction {
this.clearOrgKeys(),
this.clearEncKey(),
this.clearKeyPair(),
this.clearPinProtectedKey(),
]);
}
@ -319,6 +324,11 @@ export class CryptoService implements CryptoServiceAbstraction {
return [publicB64, privateEnc];
}
async makePinKey(pin: string, salt: string): Promise<SymmetricCryptoKey> {
const pinKey = await this.makeKey(pin, salt, KdfType.PBKDF2_SHA256, 100000);
return await this.stretchKey(pinKey);
}
async hashPassword(password: string, key: SymmetricCryptoKey): Promise<string> {
if (key == null) {
key = await this.getKey();

View File

@ -87,4 +87,9 @@ export class LockService implements LockServiceAbstraction {
await this.storageService.save(ConstantsService.lockOptionKey, lockOption);
await this.cryptoService.toggleKey();
}
async isPinLockSet(): Promise<boolean> {
const pinProtectedKey = await this.storageService.get<string>(ConstantsService.pinProtectedKey);
return pinProtectedKey != null;
}
}