[PM-3215][PM-3289] Create MasterKey from Password If Needed (#5931)

* Create MasterKey from Password - Check if the MasterKey is stored or not - Create it if it's not * Add getOrDeriveKey Helper * Use Helper In More Places
2025-02-17 01:31:25 +01:00 · 2023-08-04 11:33:18 -04:00 · 2023-08-04 11:33:18 -04:00 · 7af6aa93e5
commit 7af6aa93e5
parent c56e85687c
7 changed files with 33 additions and 12 deletions
--- a/apps/web/src/app/auth/settings/change-password.component.ts
+++ b/apps/web/src/app/auth/settings/change-password.component.ts
@ -190,10 +190,11 @@ export class ChangePasswordComponent extends BaseChangePasswordComponent {
    newMasterKey: MasterKey,
    newUserKey: [UserKey, EncString]
  ) {
+    const masterKey = await this.cryptoService.getOrDeriveMasterKey(this.currentMasterPassword);
    const request = new PasswordRequest();
    request.masterPasswordHash = await this.cryptoService.hashMasterKey(
      this.currentMasterPassword,
-      null
+      masterKey
    );
    request.masterPasswordHint = this.masterPasswordHint;
    request.newMasterPasswordHash = newMasterPasswordHash;
--- a/apps/web/src/app/settings/change-kdf/change-kdf-confirmation.component.ts
+++ b/apps/web/src/app/settings/change-kdf/change-kdf-confirmation.component.ts
@ -75,7 +75,8 @@ export class ChangeKdfConfirmationComponent {
    request.kdfIterations = this.kdfConfig.iterations;
    request.kdfMemory = this.kdfConfig.memory;
    request.kdfParallelism = this.kdfConfig.parallelism;
-    request.masterPasswordHash = await this.cryptoService.hashMasterKey(masterPassword, null);
+    const masterKey = await this.cryptoService.getOrDeriveMasterKey(masterPassword);
+    request.masterPasswordHash = await this.cryptoService.hashMasterKey(masterPassword, masterKey);
    const email = await this.stateService.getEmail();
    const newMasterKey = await this.cryptoService.makeMasterKey(
      masterPassword,
--- a/apps/web/src/app/settings/update-key.component.ts
+++ b/apps/web/src/app/settings/update-key.component.ts
@ -78,7 +78,10 @@ export class UpdateKeyComponent {
    const request = new UpdateKeyRequest();
    request.privateKey = encPrivateKey != null ? encPrivateKey.encryptedString : null;
    request.key = newUserKey[1].encryptedString;
-    request.masterPasswordHash = await this.cryptoService.hashMasterKey(this.masterPassword, null);
+    request.masterPasswordHash = await this.cryptoService.hashMasterKey(
+      this.masterPassword,
+      await this.cryptoService.getOrDeriveMasterKey(this.masterPassword)
+    );

    await this.syncService.fullSync(true);

--- a/libs/angular/src/auth/components/change-password.component.ts
+++ b/libs/angular/src/auth/components/change-password.component.ts
@ -110,9 +110,9 @@ export class ChangePasswordComponent implements OnInit, OnDestroy {
  }

  async performSubmitActions(
-    masterPasswordHash: string,
-    masterKey: MasterKey,
-    userKey: [UserKey, EncString]
+    newMasterKeyHash: string,
+    newMasterKey: MasterKey,
+    newUserKey: [UserKey, EncString]
  ) {
    // Override in sub-class
  }
--- a/libs/angular/src/auth/components/update-password.component.ts
+++ b/libs/angular/src/auth/components/update-password.component.ts
@ -95,19 +95,19 @@ export class UpdatePasswordComponent extends BaseChangePasswordComponent {
  }

  async performSubmitActions(
-    masterPasswordHash: string,
-    masterKey: MasterKey,
-    userKey: [UserKey, EncString]
+    newMasterKeyHash: string,
+    newMasterKey: MasterKey,
+    newUserKey: [UserKey, EncString]
  ) {
    try {
      // Create Request
      const request = new PasswordRequest();
      request.masterPasswordHash = await this.cryptoService.hashMasterKey(
        this.currentMasterPassword,
-        null
+        await this.cryptoService.getOrDeriveMasterKey(this.currentMasterPassword)
      );
-      request.newMasterPasswordHash = masterPasswordHash;
-      request.key = userKey[1].encryptedString;
+      request.newMasterPasswordHash = newMasterKeyHash;
+      request.key = newUserKey[1].encryptedString;

      // Update user's password
      this.apiService.postPassword(request);
--- a/libs/common/src/platform/abstractions/crypto.service.ts
+++ b/libs/common/src/platform/abstractions/crypto.service.ts
@ -102,6 +102,12 @@ export abstract class CryptoService {
   * @returns The user's master key
   */
  getMasterKey: (userId?: string) => Promise<MasterKey>;
+
+  /**
+   * @param password The user's master password that will be used to derive a master key if one isn't found
+   * @param userId The desired user
+   */
+  getOrDeriveMasterKey: (password: string, userId?: string) => Promise<MasterKey>;
  /**
   * Generates a master key from the provided password
   * @param password The user's master password
--- a/libs/common/src/platform/services/crypto.service.ts
+++ b/libs/common/src/platform/services/crypto.service.ts
@ -151,6 +151,16 @@ export class CryptoService implements CryptoServiceAbstraction {
    return masterKey;
  }

+  async getOrDeriveMasterKey(password: string, userId?: string) {
+    let masterKey = await this.getMasterKey(userId);
+    return (masterKey ||= await this.makeMasterKey(
+      password,
+      await this.stateService.getEmail({ userId: userId }),
+      await this.stateService.getKdfType({ userId: userId }),
+      await this.stateService.getKdfConfig({ userId: userId })
+    ));
+  }
+
  async makeMasterKey(
    password: string,
    email: string,