Feat: store pin hash (#2058)

* feat: store pin hash * feat: use salt --------- Co-authored-by: Nicole O'Brien <[email protected]>
bloomwalletio · Mar 5, 2024 · 8da63da · 8da63da
1 parent 574c0b3
commit 8da63da
Showing 1 changed file with 18 additions and 3 deletions.
diff --git a/packages/desktop/lib/electron/managers/pincode.manager.ts b/packages/desktop/lib/electron/managers/pincode.manager.ts
@@ -1,17 +1,32 @@
 import { ipcRenderer } from 'electron'
+import { createHash } from 'crypto'
 import type { IPincodeManager } from '@core/app'
 
 export default class PincodeManager implements IPincodeManager {
     public async set(key: string, pincode: string): Promise<void> {
-        return ipcRenderer.invoke('keychain-set', key, pincode)
+        const hash = this.hashValue(key, pincode)
+        return ipcRenderer.invoke('keychain-set', key, hash)
     }
 
     public async verify(key: string, pincode: string): Promise<boolean> {
-        const storedPincode = await ipcRenderer.invoke('keychain-get', key)
-        return storedPincode === pincode
+        const hashedPin = this.hashValue(key, pincode)
+        const storedHash = await ipcRenderer.invoke('keychain-get', key)
+        if (pincode === storedHash) {
+            // Set pincode as a hash if it is stored in clear text (legacy implementation)
+            void this.set(key, pincode)
+            return true
+        } else {
+            return hashedPin === storedHash
+        }
     }
 
     public async remove(key: string): Promise<void> {
         return ipcRenderer.invoke('keychain-remove', key)
     }
+
+    private hashValue(salt: string, value: string): string {
+        const hash = createHash('sha256')
+        const hashedValue = hash.update(`${salt}:${value}`).digest('base64')
+        return hashedValue
+    }
 }