mirror of
https://github.com/bitwarden/android.git
synced 2025-01-12 19:27:37 +03:00
add pbkdf2 key stretching
This commit is contained in:
parent
a607a7f3ef
commit
7cac07c185
2 changed files with 61 additions and 4 deletions
|
@ -82,8 +82,25 @@ namespace Bit.App.Services
|
||||||
var encKeyCs = new CipherString(encKey);
|
var encKeyCs = new CipherString(encKey);
|
||||||
try
|
try
|
||||||
{
|
{
|
||||||
var decBytes = DecryptToBytes(encKeyCs, Key);
|
byte[] decEncKey = null;
|
||||||
_encKey = new SymmetricCryptoKey(decBytes);
|
if(encKeyCs.EncryptionType == EncryptionType.AesCbc256_B64)
|
||||||
|
{
|
||||||
|
decEncKey = DecryptToBytes(encKeyCs, Key);
|
||||||
|
}
|
||||||
|
else if(encKeyCs.EncryptionType == EncryptionType.AesCbc256_HmacSha256_B64)
|
||||||
|
{
|
||||||
|
var newKey = StretchKey(Key);
|
||||||
|
decEncKey = DecryptToBytes(encKeyCs, newKey);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
throw new Exception("Unsupported EncKey type");
|
||||||
|
}
|
||||||
|
|
||||||
|
if(decEncKey != null)
|
||||||
|
{
|
||||||
|
_encKey = new SymmetricCryptoKey(decEncKey);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
catch
|
catch
|
||||||
{
|
{
|
||||||
|
@ -462,8 +479,19 @@ namespace Bit.App.Services
|
||||||
|
|
||||||
public CipherString MakeEncKey(SymmetricCryptoKey key)
|
public CipherString MakeEncKey(SymmetricCryptoKey key)
|
||||||
{
|
{
|
||||||
var bytes = Crypto.RandomBytes(512 / 8);
|
var encKey = Crypto.RandomBytes(64);
|
||||||
return Encrypt(bytes, key);
|
// TODO: Remove hardcoded true/false when we're ready to enable key stretching
|
||||||
|
if(false && key.Key.Length == 32)
|
||||||
|
{
|
||||||
|
var newKey = StretchKey(key);
|
||||||
|
return Encrypt(encKey, newKey);
|
||||||
|
}
|
||||||
|
else if(true || key.Key.Length == 64)
|
||||||
|
{
|
||||||
|
return Encrypt(encKey, key);
|
||||||
|
}
|
||||||
|
|
||||||
|
throw new Exception("Invalid key size.");
|
||||||
}
|
}
|
||||||
|
|
||||||
// Some users like to copy/paste passwords from external files. Sometimes this can lead to two different
|
// Some users like to copy/paste passwords from external files. Sometimes this can lead to two different
|
||||||
|
@ -477,5 +505,15 @@ namespace Bit.App.Services
|
||||||
.Replace("\n", " ") // New line => space
|
.Replace("\n", " ") // New line => space
|
||||||
.Replace(" ", " "); // No-break space (00A0) => space
|
.Replace(" ", " "); // No-break space (00A0) => space
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private SymmetricCryptoKey StretchKey(SymmetricCryptoKey key)
|
||||||
|
{
|
||||||
|
var newKey = new byte[64];
|
||||||
|
var encKey = Crypto.HkdfExpand(key.Key, Encoding.UTF8.GetBytes("enc"), 32);
|
||||||
|
var macKey = Crypto.HkdfExpand(key.Key, Encoding.UTF8.GetBytes("mac"), 32);
|
||||||
|
encKey.CopyTo(newKey, 0);
|
||||||
|
macKey.CopyTo(newKey, 32);
|
||||||
|
return new SymmetricCryptoKey(newKey);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -206,5 +206,24 @@ namespace Bit.App.Utilities
|
||||||
|
|
||||||
return code.ToString().PadLeft(6, '0');
|
return code.ToString().PadLeft(6, '0');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// ref: https://tools.ietf.org/html/rfc5869
|
||||||
|
public static byte[] HkdfExpand(byte[] prk, byte[] info, int size)
|
||||||
|
{
|
||||||
|
var hashLen = 32; // sha256
|
||||||
|
var okm = new byte[size];
|
||||||
|
var previousT = new byte[0];
|
||||||
|
var n = (int)Math.Ceiling((double)size / hashLen);
|
||||||
|
for(int i = 0; i < n; i++)
|
||||||
|
{
|
||||||
|
var t = new byte[previousT.Length + info.Length + 1];
|
||||||
|
previousT.CopyTo(t, 0);
|
||||||
|
info.CopyTo(t, previousT.Length);
|
||||||
|
t[t.Length - 1] = (byte)(i + 1);
|
||||||
|
previousT = ComputeMac(t, prk);
|
||||||
|
previousT.CopyTo(okm, i * hashLen);
|
||||||
|
}
|
||||||
|
return okm;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue