Upstream/bitwarden-browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser.git synced 2025-01-03 18:28:13 +01:00
Code Issues Projects Releases Wiki Activity

memory stored pinProtectedKey

Browse Source
This commit is contained in:
Kyle Spearrin 2019-08-29 09:40:50 -04:00
parent 99d56d936f
commit b74ee7b3ee
6 changed files with 36 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/abstractions/crypto.service.ts
View File

@ -13,7 +13,7 @@ export abstract class CryptoService {
setOrgKeys: (orgs: ProfileOrganizationResponse[]) => Promise<{}>;
getKey: () => Promise<SymmetricCryptoKey>;
getKeyHash: () => Promise<string>;
getEncKey: () => Promise<SymmetricCryptoKey>;
getEncKey: (key?: SymmetricCryptoKey) => Promise<SymmetricCryptoKey>;
getPublicKey: () => Promise<ArrayBuffer>;
getPrivateKey: () => Promise<ArrayBuffer>;
getFingerprint: (userId: string, publicKey?: ArrayBuffer) => Promise<string[]>;
@ -30,7 +30,8 @@ export abstract class CryptoService {
clearKeys: () => Promise<any>;
toggleKey: () => Promise<any>;
makeKey: (password: string, salt: string, kdf: KdfType, kdfIterations: number) => Promise<SymmetricCryptoKey>;
makeKeyFromPin: (pin: string, salt: string, kdf: KdfType, kdfIterations: number) => Promise<SymmetricCryptoKey>;
makeKeyFromPin: (pin: string, salt: string, kdf: KdfType, kdfIterations: number,
protectedKeyCs?: CipherString) => Promise<SymmetricCryptoKey>;
makeShareKey: () => Promise<[CipherString, SymmetricCryptoKey]>;
makeKeyPair: (key?: SymmetricCryptoKey) => Promise<[string, CipherString]>;
makePinKey: (pin: string, salt: string, kdf: KdfType, kdfIterations: number) => Promise<SymmetricCryptoKey>;

4
src/abstractions/lock.service.ts
View File

@ -1,5 +1,7 @@
import { CipherString } from '../models/domain/cipherString';
export abstract class LockService {
pinLocked: boolean;
pinProtectedKey: CipherString;
isLocked: () => Promise<boolean>;
checkLock: () => Promise<void>;
lock: (allowSoftLock?: boolean) => Promise<void>;

18
src/angular/components/lock.component.ts
View File

@ -40,8 +40,7 @@ export class LockComponent implements OnInit {
async ngOnInit() {
this.pinSet = await this.lockService.isPinLockSet();
const hasKey = await this.cryptoService.hasKey();
this.pinLock = (this.pinSet[0] && hasKey) || this.pinSet[1];
this.pinLock = (this.pinSet[0] && this.lockService.pinProtectedKey != null) || this.pinSet[1];
this.email = await this.userService.getEmail();
let vaultUrl = this.environmentService.getWebVaultUrl();
if (vaultUrl == null) {
@ -69,12 +68,14 @@ export class LockComponent implements OnInit {
let failed = true;
try {
if (this.pinSet[0]) {
const key = await this.cryptoService.makeKeyFromPin(this.pin, this.email, kdf, kdfIterations,
this.lockService.pinProtectedKey);
const encKey = await this.cryptoService.getEncKey(key);
const protectedPin = await this.storageService.get<string>(ConstantsService.protectedPin);
const decPin = await this.cryptoService.decryptToUtf8(new CipherString(protectedPin));
const decPin = await this.cryptoService.decryptToUtf8(new CipherString(protectedPin), encKey);
failed = decPin !== this.pin;
this.lockService.pinLocked = failed;
if (!failed) {
this.doContinue();
await this.setKeyAndContinue(key);
}
} else {
const key = await this.cryptoService.makeKeyFromPin(this.pin, this.email, kdf, kdfIterations);
@ -100,6 +101,13 @@ export class LockComponent implements OnInit {
const storedKeyHash = await this.cryptoService.getKeyHash();
if (storedKeyHash != null && keyHash != null && storedKeyHash === keyHash) {
if (this.pinSet[0]) {
const protectedPin = await this.storageService.get<string>(ConstantsService.protectedPin);
const encKey = await this.cryptoService.getEncKey(key);
const decPin = await this.cryptoService.decryptToUtf8(new CipherString(protectedPin), encKey);
const pinKey = await this.cryptoService.makePinKey(decPin, this.email, kdf, kdfIterations);
this.lockService.pinProtectedKey = await this.cryptoService.encrypt(key.key, pinKey);
}
this.setKeyAndContinue(key);
} else {
this.platformUtilsService.showToast('error', this.i18nService.t('errorOccurred'),

19
src/services/crypto.service.ts
View File

@ -110,7 +110,7 @@ export class CryptoService implements CryptoServiceAbstraction {
}
@sequentialize(() => 'getEncKey')
async getEncKey(): Promise<SymmetricCryptoKey> {
async getEncKey(key: SymmetricCryptoKey = null): Promise<SymmetricCryptoKey> {
if (this.encKey != null) {
return this.encKey;
}
@ -120,7 +120,9 @@ export class CryptoService implements CryptoServiceAbstraction {
return null;
}
const key = await this.getKey();
if (key == null) {
key = await this.getKey();
}
if (key == null) {
return null;
}
@ -315,13 +317,16 @@ export class CryptoService implements CryptoServiceAbstraction {
return new SymmetricCryptoKey(key);
}
async makeKeyFromPin(pin: string, salt: string, kdf: KdfType, kdfIterations: number):
async makeKeyFromPin(pin: string, salt: string, kdf: KdfType, kdfIterations: number,
protectedKeyCs: CipherString = null):
Promise<SymmetricCryptoKey> {
const pinProtectedKey = await this.storageService.get<string>(ConstantsService.pinProtectedKey);
if (pinProtectedKey == null) {
throw new Error('No PIN protected key found.');
if (protectedKeyCs == null) {
const pinProtectedKey = await this.storageService.get<string>(ConstantsService.pinProtectedKey);
if (pinProtectedKey == null) {
throw new Error('No PIN protected key found.');
}
protectedKeyCs = new CipherString(pinProtectedKey);
}
const protectedKeyCs = new CipherString(pinProtectedKey);
const pinKey = await this.makePinKey(pin, salt, kdf, kdfIterations);
const decKey = await this.decryptToBytes(protectedKeyCs, pinKey);
return new SymmetricCryptoKey(decKey);

20
src/services/lock.service.ts
View File

@ -11,8 +11,10 @@ import { SearchService } from '../abstractions/search.service';
import { StorageService } from '../abstractions/storage.service';
import { UserService } from '../abstractions/user.service';
import { CipherString } from '../models/domain/cipherString';
export class LockService implements LockServiceAbstraction {
pinLocked = false;
pinProtectedKey: CipherString = null;
private inited = false;
@ -37,9 +39,6 @@ export class LockService implements LockServiceAbstraction {
async isLocked(): Promise<boolean> {
const hasKey = await this.cryptoService.hasKey();
if (hasKey && this.pinLocked) {
return true;
}
return !hasKey;
}
@ -85,18 +84,6 @@ export class LockService implements LockServiceAbstraction {
return;
}
if (allowSoftLock) {
const pinSet = await this.isPinLockSet();
if (pinSet[0]) {
this.pinLocked = true;
this.messagingService.send('locked');
if (this.lockedCallback != null) {
await this.lockedCallback();
}
return;
}
}
await Promise.all([
this.cryptoService.clearKey(),
this.cryptoService.clearOrgKeys(true),
@ -126,6 +113,7 @@ export class LockService implements LockServiceAbstraction {
}
clear(): Promise<any> {
this.pinProtectedKey = null;
return this.storageService.remove(ConstantsService.protectedPin);
}
}

2
src/services/system.service.ts
View File

@ -19,7 +19,7 @@ export class SystemService implements SystemServiceAbstraction {
}
startProcessReload(): void {
if (this.lockService.pinLocked || this.reloadInterval != null) {
if (this.lockService.pinProtectedKey != null || this.reloadInterval != null) {
return;
}
this.cancelProcessReload();