Upstream/bitwarden-browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser.git synced 2025-01-20 21:01:29 +01:00
Code Issues Projects Releases Wiki Activity

memory stored pinProtectedKey

Browse Source
This commit is contained in:
Kyle Spearrin 2019-08-29 09:40:50 -04:00
parent 99d56d936f
commit b74ee7b3ee
6 changed files with 36 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/abstractions/crypto.service.ts
View File

@ -13,7 +13,7 @@ export abstract class CryptoService {
setOrgKeys: (orgs: ProfileOrganizationResponse[]) => Promise<{}>; setOrgKeys: (orgs: ProfileOrganizationResponse[]) => Promise<{}>;
getKey: () => Promise<SymmetricCryptoKey>; getKey: () => Promise<SymmetricCryptoKey>;
getKeyHash: () => Promise<string>; getKeyHash: () => Promise<string>;
getEncKey: () => Promise<SymmetricCryptoKey>; getEncKey: (key?: SymmetricCryptoKey) => Promise<SymmetricCryptoKey>;
getPublicKey: () => Promise<ArrayBuffer>; getPublicKey: () => Promise<ArrayBuffer>;
getPrivateKey: () => Promise<ArrayBuffer>; getPrivateKey: () => Promise<ArrayBuffer>;
getFingerprint: (userId: string, publicKey?: ArrayBuffer) => Promise<string[]>; getFingerprint: (userId: string, publicKey?: ArrayBuffer) => Promise<string[]>;
@ -30,7 +30,8 @@ export abstract class CryptoService {
clearKeys: () => Promise<any>; clearKeys: () => Promise<any>;
toggleKey: () => Promise<any>; toggleKey: () => Promise<any>;
makeKey: (password: string, salt: string, kdf: KdfType, kdfIterations: number) => Promise<SymmetricCryptoKey>; makeKey: (password: string, salt: string, kdf: KdfType, kdfIterations: number) => Promise<SymmetricCryptoKey>;
makeKeyFromPin: (pin: string, salt: string, kdf: KdfType, kdfIterations: number) => Promise<SymmetricCryptoKey>; makeKeyFromPin: (pin: string, salt: string, kdf: KdfType, kdfIterations: number,
protectedKeyCs?: CipherString) => Promise<SymmetricCryptoKey>;
makeShareKey: () => Promise<[CipherString, SymmetricCryptoKey]>; makeShareKey: () => Promise<[CipherString, SymmetricCryptoKey]>;
makeKeyPair: (key?: SymmetricCryptoKey) => Promise<[string, CipherString]>; makeKeyPair: (key?: SymmetricCryptoKey) => Promise<[string, CipherString]>;
makePinKey: (pin: string, salt: string, kdf: KdfType, kdfIterations: number) => Promise<SymmetricCryptoKey>; makePinKey: (pin: string, salt: string, kdf: KdfType, kdfIterations: number) => Promise<SymmetricCryptoKey>;

4
src/abstractions/lock.service.ts
View File

@ -1,5 +1,7 @@
import { CipherString } from '../models/domain/cipherString';
export abstract class LockService { export abstract class LockService {
pinLocked: boolean; pinProtectedKey: CipherString;
isLocked: () => Promise<boolean>; isLocked: () => Promise<boolean>;
checkLock: () => Promise<void>; checkLock: () => Promise<void>;
lock: (allowSoftLock?: boolean) => Promise<void>; lock: (allowSoftLock?: boolean) => Promise<void>;

18
src/angular/components/lock.component.ts
View File

@ -40,8 +40,7 @@ export class LockComponent implements OnInit {
async ngOnInit() { async ngOnInit() {
this.pinSet = await this.lockService.isPinLockSet(); this.pinSet = await this.lockService.isPinLockSet();
const hasKey = await this.cryptoService.hasKey(); this.pinLock = (this.pinSet[0] && this.lockService.pinProtectedKey != null) || this.pinSet[1];
this.pinLock = (this.pinSet[0] && hasKey) || this.pinSet[1];
this.email = await this.userService.getEmail(); this.email = await this.userService.getEmail();
let vaultUrl = this.environmentService.getWebVaultUrl(); let vaultUrl = this.environmentService.getWebVaultUrl();
if (vaultUrl == null) { if (vaultUrl == null) {
@ -69,12 +68,14 @@ export class LockComponent implements OnInit {
let failed = true; let failed = true;
try { try {
if (this.pinSet[0]) { if (this.pinSet[0]) {
const key = await this.cryptoService.makeKeyFromPin(this.pin, this.email, kdf, kdfIterations,
this.lockService.pinProtectedKey);
const encKey = await this.cryptoService.getEncKey(key);
const protectedPin = await this.storageService.get<string>(ConstantsService.protectedPin); const protectedPin = await this.storageService.get<string>(ConstantsService.protectedPin);
const decPin = await this.cryptoService.decryptToUtf8(new CipherString(protectedPin)); const decPin = await this.cryptoService.decryptToUtf8(new CipherString(protectedPin), encKey);
failed = decPin !== this.pin; failed = decPin !== this.pin;
this.lockService.pinLocked = failed;
if (!failed) { if (!failed) {
this.doContinue(); await this.setKeyAndContinue(key);
} }
} else { } else {
const key = await this.cryptoService.makeKeyFromPin(this.pin, this.email, kdf, kdfIterations); const key = await this.cryptoService.makeKeyFromPin(this.pin, this.email, kdf, kdfIterations);
@ -100,6 +101,13 @@ export class LockComponent implements OnInit {
const storedKeyHash = await this.cryptoService.getKeyHash(); const storedKeyHash = await this.cryptoService.getKeyHash();
if (storedKeyHash != null && keyHash != null && storedKeyHash === keyHash) { if (storedKeyHash != null && keyHash != null && storedKeyHash === keyHash) {
if (this.pinSet[0]) {
const protectedPin = await this.storageService.get<string>(ConstantsService.protectedPin);
const encKey = await this.cryptoService.getEncKey(key);
const decPin = await this.cryptoService.decryptToUtf8(new CipherString(protectedPin), encKey);
const pinKey = await this.cryptoService.makePinKey(decPin, this.email, kdf, kdfIterations);
this.lockService.pinProtectedKey = await this.cryptoService.encrypt(key.key, pinKey);
}
this.setKeyAndContinue(key); this.setKeyAndContinue(key);
} else { } else {
this.platformUtilsService.showToast('error', this.i18nService.t('errorOccurred'), this.platformUtilsService.showToast('error', this.i18nService.t('errorOccurred'),

19
src/services/crypto.service.ts
View File

@ -110,7 +110,7 @@ export class CryptoService implements CryptoServiceAbstraction {
} }
@sequentialize(() => 'getEncKey') @sequentialize(() => 'getEncKey')
async getEncKey(): Promise<SymmetricCryptoKey> { async getEncKey(key: SymmetricCryptoKey = null): Promise<SymmetricCryptoKey> {
if (this.encKey != null) { if (this.encKey != null) {
return this.encKey; return this.encKey;
} }
@ -120,7 +120,9 @@ export class CryptoService implements CryptoServiceAbstraction {
return null; return null;
} }
const key = await this.getKey(); if (key == null) {
key = await this.getKey();
}
if (key == null) { if (key == null) {
return null; return null;
} }
@ -315,13 +317,16 @@ export class CryptoService implements CryptoServiceAbstraction {
return new SymmetricCryptoKey(key); return new SymmetricCryptoKey(key);
} }
async makeKeyFromPin(pin: string, salt: string, kdf: KdfType, kdfIterations: number): async makeKeyFromPin(pin: string, salt: string, kdf: KdfType, kdfIterations: number,
protectedKeyCs: CipherString = null):
Promise<SymmetricCryptoKey> { Promise<SymmetricCryptoKey> {
const pinProtectedKey = await this.storageService.get<string>(ConstantsService.pinProtectedKey); if (protectedKeyCs == null) {
if (pinProtectedKey == null) { const pinProtectedKey = await this.storageService.get<string>(ConstantsService.pinProtectedKey);
throw new Error('No PIN protected key found.'); if (pinProtectedKey == null) {
throw new Error('No PIN protected key found.');
}
protectedKeyCs = new CipherString(pinProtectedKey);
} }
const protectedKeyCs = new CipherString(pinProtectedKey);
const pinKey = await this.makePinKey(pin, salt, kdf, kdfIterations); const pinKey = await this.makePinKey(pin, salt, kdf, kdfIterations);
const decKey = await this.decryptToBytes(protectedKeyCs, pinKey); const decKey = await this.decryptToBytes(protectedKeyCs, pinKey);
return new SymmetricCryptoKey(decKey); return new SymmetricCryptoKey(decKey);

20
src/services/lock.service.ts
View File

@ -11,8 +11,10 @@ import { SearchService } from '../abstractions/search.service';
import { StorageService } from '../abstractions/storage.service'; import { StorageService } from '../abstractions/storage.service';
import { UserService } from '../abstractions/user.service'; import { UserService } from '../abstractions/user.service';
import { CipherString } from '../models/domain/cipherString';
export class LockService implements LockServiceAbstraction { export class LockService implements LockServiceAbstraction {
pinLocked = false; pinProtectedKey: CipherString = null;
private inited = false; private inited = false;
@ -37,9 +39,6 @@ export class LockService implements LockServiceAbstraction {
async isLocked(): Promise<boolean> { async isLocked(): Promise<boolean> {
const hasKey = await this.cryptoService.hasKey(); const hasKey = await this.cryptoService.hasKey();
if (hasKey && this.pinLocked) {
return true;
}
return !hasKey; return !hasKey;
} }
@ -85,18 +84,6 @@ export class LockService implements LockServiceAbstraction {
return; return;
} }
if (allowSoftLock) {
const pinSet = await this.isPinLockSet();
if (pinSet[0]) {
this.pinLocked = true;
this.messagingService.send('locked');
if (this.lockedCallback != null) {
await this.lockedCallback();
}
return;
}
}
await Promise.all([ await Promise.all([
this.cryptoService.clearKey(), this.cryptoService.clearKey(),
this.cryptoService.clearOrgKeys(true), this.cryptoService.clearOrgKeys(true),
@ -126,6 +113,7 @@ export class LockService implements LockServiceAbstraction {
} }
clear(): Promise<any> { clear(): Promise<any> {
this.pinProtectedKey = null;
return this.storageService.remove(ConstantsService.protectedPin); return this.storageService.remove(ConstantsService.protectedPin);
} }
} }

2
src/services/system.service.ts
View File

@ -19,7 +19,7 @@ export class SystemService implements SystemServiceAbstraction {
} }
startProcessReload(): void { startProcessReload(): void {
if (this.lockService.pinLocked || this.reloadInterval != null) { if (this.lockService.pinProtectedKey != null || this.reloadInterval != null) {
return; return;
} }
this.cancelProcessReload(); this.cancelProcessReload();