User:Fbraun/Gaia/PasscodeHelper

From MozillaWiki
Jump to navigation Jump to search

PasscodeHelper

Source: https://github.com/mozilla-b2g/gaia/blob/master/shared/js/passcode_helper.js

Why?

Rewriting everything into this helper allowed us to store the passcode as a hash, instead of clear text. See the 'internals' subsection for more details. Changing the code that interacts with the passcode is non-trivial, especially when you have different Apps dealing with it. If you want to improve the security or change the behavior, it's easier to have one layer of abstraction that guards the passcode.


Previously

To change and use the passcode, you had to modify the lockscreen.passcode-lock.code setting. This setting would be observed by other apps.


The new API

Usage

 PasscodeHelper.check(oldPin) // returns a promise
 PasscodeHelper.set(newPin) // returns a promise

Example

 require('/shared/js/passcode_helper.js')
 function setNewPin(oldPin, newPin) {
   // returns promise or throws.
   var promise = PasscodeHelper.check(oldPin).then((result) => {
     if (result === true) {
       return PasscodeHelper.set(newPin);
     }
     else {
       throw new Error("Old PIN was incorrect!);
     }
   });}
 }

The Internals

The new settings keys (that you should *never* interact with) are the following: 

 const SET_DIGEST_VALUE = 'lockscreen.passcode-lock.digest.value';
 const SET_DIGEST_SALT = 'lockscreen.passcode-lock.digest.salt';
 const SET_DIGEST_ITERATIONS = 'lockscreen.passcode-lock.digest.iterations';
 const SET_DIGEST_ALGORITHM = 'lockscreen.passcode-lock.digest.algorithm';

They store the input for PBKDF2 (salt, iteration count and internal algorithm) and its output (digest).

Security wins

  • The lockscreen PIN is now deterministic. If everyone had the PIN of "1111" they'd still have a different digest. This is because we always generate a new and random salt.
  • You can't just read the PIN off of a device you have physical access to.
  • We can improve the security over time:
    • As device become more powerful, we can easily change the security parameters (e.g. iterations)
    • As the platform matures, we can use stronger algorithms bug 554827
Retrieved from "https://wiki.mozilla.org/index.php?title=User:Fbraun/Gaia/PasscodeHelper&oldid=1068781"