mirrors/bitwarden-android
1
0
Fork 0
mirror of https://github.com/bitwarden/android.git synced 2024-11-04 17:14:49 +03:00
Code Issues Projects Releases Packages Wiki Activity
bitwarden-android/src/App/Services/CryptoService.cs

257 lines
8.1 KiB
C#
Raw Normal View History

initial commit
2016-05-02 09:52:09 +03:00
using System;
background thread full/incremental sync operations. pool sqlconnection. sqlconnection to FullMutex mode for multithread environment. try/catch decryption errors.
2016-07-07 05:33:50 +03:00
using System.Diagnostics;
initial commit
2016-05-02 09:52:09 +03:00
using System.Text;
using Bit.App.Abstractions;
using Bit.App.Models;
Removed BouncyCastle in favor of PCLCrypto. Created KeyDerivationService for Android using BouncyCastle. Applied key derivation service to CryptoService. Create iOS Test project.
2016-08-02 03:23:46 +03:00
using PCLCrypto;
store previous key and userid so we can determine if stored crypto is usable before a sync
2016-08-06 04:59:25 +03:00
using System.Linq;
initial commit
2016-05-02 09:52:09 +03:00
namespace Bit.App.Services
{
public class CryptoService : ICryptoService
{
private const string KeyKey = "key";
store previous key and userid so we can determine if stored crypto is usable before a sync
2016-08-06 04:59:25 +03:00
private const string PreviousKeyKey = "previousKey";
initial commit
2016-05-02 09:52:09 +03:00
private const int InitializationVectorSize = 16;
private readonly ISecureStorageService _secureStorage;
Removed BouncyCastle in favor of PCLCrypto. Created KeyDerivationService for Android using BouncyCastle. Applied key derivation service to CryptoService. Create iOS Test project.
2016-08-02 03:23:46 +03:00
private readonly IKeyDerivationService _keyDerivationService;
refactor for enc type header and cryptokey
2017-04-20 06:16:09 +03:00
private CryptoKey _key;
private CryptoKey _legacyEtmKey;
private CryptoKey _previousKey;
initial commit
2016-05-02 09:52:09 +03:00
Removed BouncyCastle in favor of PCLCrypto. Created KeyDerivationService for Android using BouncyCastle. Applied key derivation service to CryptoService. Create iOS Test project.
2016-08-02 03:23:46 +03:00
public CryptoService(
ISecureStorageService secureStorage,
IKeyDerivationService keyDerivationService)
initial commit
2016-05-02 09:52:09 +03:00
{
_secureStorage = secureStorage;
Removed BouncyCastle in favor of PCLCrypto. Created KeyDerivationService for Android using BouncyCastle. Applied key derivation service to CryptoService. Create iOS Test project.
2016-08-02 03:23:46 +03:00
_keyDerivationService = keyDerivationService;
initial commit
2016-05-02 09:52:09 +03:00
}
refactor for enc type header and cryptokey
2017-04-20 06:16:09 +03:00
public CryptoKey Key
initial commit
2016-05-02 09:52:09 +03:00
{
get
{
Removed BouncyCastle in favor of PCLCrypto. Created KeyDerivationService for Android using BouncyCastle. Applied key derivation service to CryptoService. Create iOS Test project.
2016-08-02 03:23:46 +03:00
if(_key == null)
initial commit
2016-05-02 09:52:09 +03:00
{
refactor for enc type header and cryptokey
2017-04-20 06:16:09 +03:00
_key = new CryptoKey(_secureStorage.Retrieve(KeyKey));
initial commit
2016-05-02 09:52:09 +03:00
}
Removed BouncyCastle in favor of PCLCrypto. Created KeyDerivationService for Android using BouncyCastle. Applied key derivation service to CryptoService. Create iOS Test project.
2016-08-02 03:23:46 +03:00
return _key;
initial commit
2016-05-02 09:52:09 +03:00
}
set
{
updates
2016-05-03 00:50:16 +03:00
if(value != null)
{
refactor for enc type header and cryptokey
2017-04-20 06:16:09 +03:00
_secureStorage.Store(KeyKey, value.Key);
updates
2016-05-03 00:50:16 +03:00
}
else
{
store previous key and userid so we can determine if stored crypto is usable before a sync
2016-08-06 04:59:25 +03:00
PreviousKey = _key;
updates
2016-05-03 00:50:16 +03:00
_secureStorage.Delete(KeyKey);
Removed BouncyCastle in favor of PCLCrypto. Created KeyDerivationService for Android using BouncyCastle. Applied key derivation service to CryptoService. Create iOS Test project.
2016-08-02 03:23:46 +03:00
_key = null;
refactor for enc type header and cryptokey
2017-04-20 06:16:09 +03:00
_legacyEtmKey = null;
updates
2016-05-03 00:50:16 +03:00
}
}
}
refactor for enc type header and cryptokey
2017-04-20 06:16:09 +03:00
public CryptoKey PreviousKey
store previous key and userid so we can determine if stored crypto is usable before a sync
2016-08-06 04:59:25 +03:00
{
get
{
if(_previousKey == null)
{
refactor for enc type header and cryptokey
2017-04-20 06:16:09 +03:00
_previousKey = new CryptoKey(_secureStorage.Retrieve(PreviousKeyKey));
store previous key and userid so we can determine if stored crypto is usable before a sync
2016-08-06 04:59:25 +03:00
}
return _previousKey;
}
private set
{
if(value != null)
{
refactor for enc type header and cryptokey
2017-04-20 06:16:09 +03:00
_secureStorage.Store(PreviousKeyKey, value.Key);
store previous key and userid so we can determine if stored crypto is usable before a sync
2016-08-06 04:59:25 +03:00
_previousKey = value;
}
}
}
Added "first load" check on site list to wait for sync to complete if key changed. Renamed "other" constants.
2016-08-06 06:58:31 +03:00
public bool KeyChanged
{
get
{
if(Key == null)
{
crash fixes
2017-02-10 06:06:39 +03:00
return false;
Added "first load" check on site list to wait for sync to complete if key changed. Renamed "other" constants.
2016-08-06 06:58:31 +03:00
}
if(PreviousKey == null)
{
return Key != null;
}
refactor for enc type header and cryptokey
2017-04-20 06:16:09 +03:00
return !PreviousKey.Key.SequenceEqual(Key.Key);
Added "first load" check on site list to wait for sync to complete if key changed. Renamed "other" constants.
2016-08-06 06:58:31 +03:00
}
}
store previous key and userid so we can determine if stored crypto is usable before a sync
2016-08-06 04:59:25 +03:00
refactor for enc type header and cryptokey
2017-04-20 06:16:09 +03:00
public CipherString Encrypt(string plaintextValue, CryptoKey key = null)
initial commit
2016-05-02 09:52:09 +03:00
{
refactor for enc type header and cryptokey
2017-04-20 06:16:09 +03:00
if(key == null)
initial commit
2016-05-02 09:52:09 +03:00
{
refactor for enc type header and cryptokey
2017-04-20 06:16:09 +03:00
key = Key;
}
if(key == null)
{
throw new ArgumentNullException(nameof(key));
initial commit
2016-05-02 09:52:09 +03:00
}
if(plaintextValue == null)
{
throw new ArgumentNullException(nameof(plaintextValue));
}
var plaintextBytes = Encoding.UTF8.GetBytes(plaintextValue);
Removed BouncyCastle in favor of PCLCrypto. Created KeyDerivationService for Android using BouncyCastle. Applied key derivation service to CryptoService. Create iOS Test project.
2016-08-02 03:23:46 +03:00
var provider = WinRTCrypto.SymmetricKeyAlgorithmProvider.OpenAlgorithm(SymmetricAlgorithm.AesCbcPkcs7);
refactor for enc type header and cryptokey
2017-04-20 06:16:09 +03:00
var cryptoKey = provider.CreateSymmetricKey(key.EncKey);
Removed BouncyCastle in favor of PCLCrypto. Created KeyDerivationService for Android using BouncyCastle. Applied key derivation service to CryptoService. Create iOS Test project.
2016-08-02 03:23:46 +03:00
var iv = WinRTCrypto.CryptographicBuffer.GenerateRandom(provider.BlockLength);
var encryptedBytes = WinRTCrypto.CryptographicEngine.Encrypt(cryptoKey, plaintextBytes, iv);
refactor for enc type header and cryptokey
2017-04-20 06:16:09 +03:00
var mac = key.MacKey != null ? ComputeMac(encryptedBytes, iv, key.MacKey) : null;
Support for encrypt-then-mac
2016-12-11 06:05:52 +03:00
refactor for enc type header and cryptokey
2017-04-20 06:16:09 +03:00
return new CipherString(key.EncryptionType, Convert.ToBase64String(iv), Convert.ToBase64String(encryptedBytes), mac);
initial commit
2016-05-02 09:52:09 +03:00
}
refactor for enc type header and cryptokey
2017-04-20 06:16:09 +03:00
public string Decrypt(CipherString encyptedValue, CryptoKey key = null)
initial commit
2016-05-02 09:52:09 +03:00
{
catch when key is null
2016-08-06 10:10:54 +03:00
try
initial commit
2016-05-02 09:52:09 +03:00
{
refactor for enc type header and cryptokey
2017-04-20 06:16:09 +03:00
if(key == null)
{
key = Key;
}
if(key == null)
catch when key is null
2016-08-06 10:10:54 +03:00
{
refactor for enc type header and cryptokey
2017-04-20 06:16:09 +03:00
throw new ArgumentNullException(nameof(key));
catch when key is null
2016-08-06 10:10:54 +03:00
}
if(encyptedValue == null)
{
throw new ArgumentNullException(nameof(encyptedValue));
}
initial commit
2016-05-02 09:52:09 +03:00
refactor for enc type header and cryptokey
2017-04-20 06:16:09 +03:00
if(encyptedValue.EncryptionType == Enums.EncryptionType.AesCbc128_HmacSha256_B64 &&
key.EncryptionType == Enums.EncryptionType.AesCbc256_B64)
{
// Old encrypt-then-mac scheme, swap out the key
if(_legacyEtmKey == null)
{
_legacyEtmKey = new CryptoKey(key.Key, Enums.EncryptionType.AesCbc128_HmacSha256_B64);
}
key = _legacyEtmKey;
}
if(encyptedValue.EncryptionType != key.EncryptionType)
{
throw new ArgumentException("encType unavailable.");
}
if(key.MacKey != null && !string.IsNullOrWhiteSpace(encyptedValue.Mac))
Support for encrypt-then-mac
2016-12-11 06:05:52 +03:00
{
refactor for enc type header and cryptokey
2017-04-20 06:16:09 +03:00
var computedMac = ComputeMac(encyptedValue.CipherTextBytes,
encyptedValue.InitializationVectorBytes, key.MacKey);
Support for encrypt-then-mac
2016-12-11 06:05:52 +03:00
if(computedMac != encyptedValue.Mac)
{
throw new InvalidOperationException("MAC failed.");
}
}
initial commit
2016-05-02 09:52:09 +03:00
Removed BouncyCastle in favor of PCLCrypto. Created KeyDerivationService for Android using BouncyCastle. Applied key derivation service to CryptoService. Create iOS Test project.
2016-08-02 03:23:46 +03:00
var provider = WinRTCrypto.SymmetricKeyAlgorithmProvider.OpenAlgorithm(SymmetricAlgorithm.AesCbcPkcs7);
refactor for enc type header and cryptokey
2017-04-20 06:16:09 +03:00
var cryptoKey = provider.CreateSymmetricKey(key.EncKey);
Removed BouncyCastle in favor of PCLCrypto. Created KeyDerivationService for Android using BouncyCastle. Applied key derivation service to CryptoService. Create iOS Test project.
2016-08-02 03:23:46 +03:00
var decryptedBytes = WinRTCrypto.CryptographicEngine.Decrypt(cryptoKey, encyptedValue.CipherTextBytes,
encyptedValue.InitializationVectorBytes);
return Encoding.UTF8.GetString(decryptedBytes, 0, decryptedBytes.Length).TrimEnd('\0');
background thread full/incremental sync operations. pool sqlconnection. sqlconnection to FullMutex mode for multithread environment. try/catch decryption errors.
2016-07-07 05:33:50 +03:00
}
catch(Exception e)
{
Debug.WriteLine("Could not decrypt '{0}'. {1}", encyptedValue, e.Message);
return "[error: cannot decrypt]";
}
initial commit
2016-05-02 09:52:09 +03:00
}
refactor for enc type header and cryptokey
2017-04-20 06:16:09 +03:00
private string ComputeMac(byte[] ctBytes, byte[] ivBytes, byte[] macKey)
Support for encrypt-then-mac
2016-12-11 06:05:52 +03:00
{
refactor for enc type header and cryptokey
2017-04-20 06:16:09 +03:00
if(macKey == null)
Support for encrypt-then-mac
2016-12-11 06:05:52 +03:00
{
refactor for enc type header and cryptokey
2017-04-20 06:16:09 +03:00
throw new ArgumentNullException(nameof(macKey));
Support for encrypt-then-mac
2016-12-11 06:05:52 +03:00
}
if(ctBytes == null)
{
throw new ArgumentNullException(nameof(ctBytes));
}
if(ivBytes == null)
{
throw new ArgumentNullException(nameof(ivBytes));
}
var algorithm = WinRTCrypto.MacAlgorithmProvider.OpenAlgorithm(MacAlgorithm.HmacSha256);
refactor for enc type header and cryptokey
2017-04-20 06:16:09 +03:00
var hasher = algorithm.CreateHash(macKey);
Support for encrypt-then-mac
2016-12-11 06:05:52 +03:00
hasher.Append(ivBytes.Concat(ctBytes).ToArray());
var mac = hasher.GetValueAndReset();
return Convert.ToBase64String(mac);
}
refactor for enc type header and cryptokey
2017-04-20 06:16:09 +03:00
public CryptoKey MakeKeyFromPassword(string password, string salt)
initial commit
2016-05-02 09:52:09 +03:00
{
if(password == null)
{
throw new ArgumentNullException(nameof(password));
}
if(salt == null)
{
throw new ArgumentNullException(nameof(salt));
}
var passwordBytes = Encoding.UTF8.GetBytes(password);
var saltBytes = Encoding.UTF8.GetBytes(salt);
refactor for enc type header and cryptokey
2017-04-20 06:16:09 +03:00
var keyBytes = _keyDerivationService.DeriveKey(passwordBytes, saltBytes, 5000);
return new CryptoKey(keyBytes);
initial commit
2016-05-02 09:52:09 +03:00
}
public string MakeKeyFromPasswordBase64(string password, string salt)
{
var key = MakeKeyFromPassword(password, salt);
refactor for enc type header and cryptokey
2017-04-20 06:16:09 +03:00
return Convert.ToBase64String(key.Key);
initial commit
2016-05-02 09:52:09 +03:00
}
refactor for enc type header and cryptokey
2017-04-20 06:16:09 +03:00
public byte[] HashPassword(CryptoKey key, string password)
initial commit
2016-05-02 09:52:09 +03:00
{
if(key == null)
{
throw new ArgumentNullException(nameof(Key));
}
if(password == null)
{
throw new ArgumentNullException(nameof(password));
}
var passwordBytes = Encoding.UTF8.GetBytes(password);
refactor for enc type header and cryptokey
2017-04-20 06:16:09 +03:00
var hash = _keyDerivationService.DeriveKey(key.Key, passwordBytes, 1);
Removed BouncyCastle in favor of PCLCrypto. Created KeyDerivationService for Android using BouncyCastle. Applied key derivation service to CryptoService. Create iOS Test project.
2016-08-02 03:23:46 +03:00
return hash;
initial commit
2016-05-02 09:52:09 +03:00
}
refactor for enc type header and cryptokey
2017-04-20 06:16:09 +03:00
public string HashPasswordBase64(CryptoKey key, string password)
initial commit
2016-05-02 09:52:09 +03:00
{
var hash = HashPassword(key, password);
return Convert.ToBase64String(hash);
}
}
}
Reference in a new issue Copy permalink