From e3eeaddb3ee8e18d29bc317d3a6b4295689380f3 Mon Sep 17 00:00:00 2001 From: Kyle Spearrin Date: Fri, 9 Mar 2018 22:29:59 -0500 Subject: [PATCH] normalize passwords --- src/Android/Resources/Resource.Designer.cs | 33 ++++------------------ src/App/Services/CryptoService.cs | 16 +++++++++-- 2 files changed, 20 insertions(+), 29 deletions(-) diff --git a/src/Android/Resources/Resource.Designer.cs b/src/Android/Resources/Resource.Designer.cs index fa29b1228..6ed767882 100644 --- a/src/Android/Resources/Resource.Designer.cs +++ b/src/Android/Resources/Resource.Designer.cs @@ -6478,17 +6478,17 @@ namespace Bit.Android // aapt resource value: 0x7f090051 public const int ApplicationName = 2131296337; - // aapt resource value: 0x7f0900b2 - public const int AutoFillServiceDescription = 2131296434; + // aapt resource value: 0x7f0900ab + public const int AutoFillServiceDescription = 2131296427; - // aapt resource value: 0x7f0900b1 - public const int AutoFillServiceSummary = 2131296433; + // aapt resource value: 0x7f0900aa + public const int AutoFillServiceSummary = 2131296426; // aapt resource value: 0x7f090050 public const int Hello = 2131296336; - // aapt resource value: 0x7f0900b3 - public const int MyVault = 2131296435; + // aapt resource value: 0x7f0900ac + public const int MyVault = 2131296428; // aapt resource value: 0x7f090027 public const int abc_action_bar_home_description = 2131296295; @@ -6643,27 +6643,6 @@ namespace Bit.Android // aapt resource value: 0x7f09000f public const int common_signin_button_text_long = 2131296271; - // aapt resource value: 0x7f0900ac - public const int default_web_client_id = 2131296428; - - // aapt resource value: 0x7f0900ad - public const int firebase_database_url = 2131296429; - - // aapt resource value: 0x7f0900aa - public const int gcm_defaultSenderId = 2131296426; - - // aapt resource value: 0x7f0900ae - public const int google_api_key = 2131296430; - - // aapt resource value: 0x7f0900ab - public const int google_app_id = 2131296427; - - // aapt resource value: 0x7f0900af - public const int google_crash_reporting_api_key = 2131296431; - - // aapt resource value: 0x7f0900b0 - public const int google_storage_bucket = 2131296432; - // aapt resource value: 0x7f090052 public const int hockeyapp_crash_dialog_app_name_fallback = 2131296338; diff --git a/src/App/Services/CryptoService.cs b/src/App/Services/CryptoService.cs index 4d488a56c..8f90da048 100644 --- a/src/App/Services/CryptoService.cs +++ b/src/App/Services/CryptoService.cs @@ -424,7 +424,7 @@ namespace Bit.App.Services throw new ArgumentNullException(nameof(salt)); } - var passwordBytes = Encoding.UTF8.GetBytes(password); + var passwordBytes = Encoding.UTF8.GetBytes(NormalizePassword(password)); var saltBytes = Encoding.UTF8.GetBytes(salt); var keyBytes = _keyDerivationService.DeriveKey(passwordBytes, saltBytes, 5000); @@ -449,7 +449,7 @@ namespace Bit.App.Services throw new ArgumentNullException(nameof(password)); } - var passwordBytes = Encoding.UTF8.GetBytes(password); + var passwordBytes = Encoding.UTF8.GetBytes(NormalizePassword(password)); var hash = _keyDerivationService.DeriveKey(key.Key, passwordBytes, 1); return hash; } @@ -465,5 +465,17 @@ namespace Bit.App.Services var bytes = Crypto.RandomBytes(512 / 8); return Encrypt(bytes, key); } + + // Some users like to copy/paste passwords from external files. Sometimes this can lead to two different + // values on mobiles apps vs the web. For example, on Android an EditText will accept a new line character + // (\n), whereas whenever you paste a new line character on the web in a HTML input box it is converted + // to a space ( ). Normalize those values so that they are the same on all platforms. + private string NormalizePassword(string password) + { + return password + .Replace("\r\n", " ") // Windows-style new line => space + .Replace("\n", " ") // New line => space + .Replace(" ", " "); // No-break space (00A0) => space + } } }