Add backwards compatability for new local hashing method (#407)

* Add backwards compatability for existing keyHash

* Minor changes for review comments

angular/src/components/export.component.ts

@@ -42,9 +42,8 @@ export class ExportComponent {
             return;
         }
 
-        const keyHash = await this.cryptoService.hashPassword(this.masterPassword, null, HashPurpose.LocalAuthorization);
+        const passwordValid = await this.cryptoService.compareAndUpdateKeyHash(this.masterPassword, null);
-        const storedKeyHash = await this.cryptoService.getKeyHash();
+        if (passwordValid) {
-        if (storedKeyHash != null && keyHash != null && storedKeyHash === keyHash) {
             try {
                 this.formPromise = this.getExportData();
                 const data = await this.formPromise;

angular/src/components/lock.component.ts

@@ -112,27 +112,25 @@ export class LockComponent implements OnInit {
             }
         } else {
             const key = await this.cryptoService.makeKey(this.masterPassword, this.email, kdf, kdfIterations);
-            const localKeyHash = await this.cryptoService.hashPassword(this.masterPassword, key,
+            const storedKeyHash = await this.cryptoService.getKeyHash();
-                HashPurpose.LocalAuthorization);
 
             let passwordValid = false;
 
-            if (localKeyHash != null) {
+            if (storedKeyHash != null) {
-                const storedKeyHash = await this.cryptoService.getKeyHash();
+                passwordValid = await this.cryptoService.compareAndUpdateKeyHash(this.masterPassword, key);
-                if (storedKeyHash != null) {
+            } else {
-                    passwordValid = storedKeyHash === localKeyHash;
+                const request = new PasswordVerificationRequest();
-                } else {
+                const serverKeyHash = await this.cryptoService.hashPassword(this.masterPassword, key,
-                    const request = new PasswordVerificationRequest();
+                    HashPurpose.ServerAuthorization);
-                    const serverKeyHash = await this.cryptoService.hashPassword(this.masterPassword, key,
+                request.masterPasswordHash = serverKeyHash;
-                        HashPurpose.ServerAuthorization);
+                try {
-                    request.masterPasswordHash = serverKeyHash;
+                    this.formPromise = this.apiService.postAccountVerifyPassword(request);
-                    try {
+                    await this.formPromise;
-                        this.formPromise = this.apiService.postAccountVerifyPassword(request);
+                    passwordValid = true;
-                        await this.formPromise;
+                    const localKeyHash = await this.cryptoService.hashPassword(this.masterPassword, key,
-                        passwordValid = true;
+                        HashPurpose.LocalAuthorization);
-                        await this.cryptoService.setKeyHash(localKeyHash);
+                    await this.cryptoService.setKeyHash(localKeyHash);
-                    } catch { }
+                } catch { }
-                }
             }
 
             if (passwordValid) {

common/src/abstractions/crypto.service.ts

@@ -17,6 +17,7 @@ export abstract class CryptoService {
     getKey: (keySuffix?: KeySuffixOptions) => Promise<SymmetricCryptoKey>;
     getKeyFromStorage: (keySuffix: KeySuffixOptions) => Promise<SymmetricCryptoKey>;
     getKeyHash: () => Promise<string>;
+    compareAndUpdateKeyHash: (masterPassword: string, key: SymmetricCryptoKey) => Promise<boolean>;
     getEncKey: (key?: SymmetricCryptoKey) => Promise<SymmetricCryptoKey>;
     getPublicKey: () => Promise<ArrayBuffer>;
     getPrivateKey: () => Promise<ArrayBuffer>;

common/src/services/crypto.service.ts

@@ -141,6 +141,25 @@ export class CryptoService implements CryptoServiceAbstraction {
         return keyHash == null ? null : this.keyHash;
     }
 
+    async compareAndUpdateKeyHash(masterPassword: string, key: SymmetricCryptoKey): Promise<boolean> {
+        const storedKeyHash = await this.getKeyHash();
+        if (masterPassword != null && storedKeyHash != null) {
+            const localKeyHash = await this.hashPassword(masterPassword, key, HashPurpose.LocalAuthorization);
+            if (localKeyHash != null && storedKeyHash === localKeyHash) {
+                return true;
+            }
+
+            // TODO: remove serverKeyHash check in 1-2 releases after everyone's keyHash has been updated
+            const serverKeyHash = await this.hashPassword(masterPassword, key, HashPurpose.ServerAuthorization);
+            if (serverKeyHash != null && storedKeyHash === serverKeyHash) {
+                await this.setKeyHash(localKeyHash);
+                return true;
+            }
+        }
+
+        return false;
+    }
+
     @sequentialize(() => 'getEncKey')
     async getEncKey(key: SymmetricCryptoKey = null): Promise<SymmetricCryptoKey> {
         if (this.encKey != null) {

common/src/services/passwordReprompt.service.ts

@@ -15,14 +15,8 @@ export class PasswordRepromptService implements PasswordRepromptServiceAbstracti
     }
 
     async showPasswordPrompt() {
-        const passwordValidator = async (value: string) => {
+        const passwordValidator = (value: string) => {
-            const keyHash = await this.cryptoService.hashPassword(value, null, HashPurpose.LocalAuthorization);
+            return this.cryptoService.compareAndUpdateKeyHash(value, null);
-            const storedKeyHash = await this.cryptoService.getKeyHash();
-
-            if (storedKeyHash == null || keyHash == null || storedKeyHash !== keyHash) {
-                return false;
-            }
-            return true;
         };
 
         return this.platformUtilService.showPasswordDialog(this.i18nService.t('passwordConfirmation'), this.i18nService.t('passwordConfirmationDesc'), passwordValidator);