refactor: Added a StoredSalt to add a distinction between a Salt object and the stored Salt object.

Author: Skyost

lib/main.dart

@@ -10,7 +10,7 @@ import 'package:open_authenticator/i18n/translations.g.dart';
 import 'package:open_authenticator/model/app_links.dart';
 import 'package:open_authenticator/model/backend/authentication/providers/provider.dart';
 import 'package:open_authenticator/model/backend/authentication/session.dart';
-import 'package:open_authenticator/model/crypto.dart';
+import 'package:open_authenticator/model/crypto/store.dart';
 import 'package:open_authenticator/model/settings/show_intro.dart';
 import 'package:open_authenticator/model/settings/theme.dart';
 import 'package:open_authenticator/model/totp/limit.dart';

lib/model/app_unlock/methods/master_password.dart

@@ -30,7 +30,7 @@ class MasterPasswordAppUnlockMethod extends AppUnlockMethod<String> {
     }
 
     if (reason == .openApp) {
-      Salt? salt = await Salt.readFromLocalStorage();
+      Salt? salt = await _ref.read(saltProvider.future);
       _ref.read(cryptoStoreProvider.notifier).use(CryptoStore.fromPassword(result.value, salt!));
     }
 
@@ -62,7 +62,8 @@ class MasterPasswordAppUnlockMethod extends AppUnlockMethod<String> {
         return null;
       }
     }
-    if (!(await _ensureSaltAvailable())) {
+    Salt? salt = await _ref.read(saltProvider.future);
+    if (salt == null) {
       return MasterPasswordNoSalt();
     }
     List<PasswordVerificationMethod> passwordVerificationMethods = await _ref.read(passwordVerificationProvider.future);
@@ -72,28 +73,6 @@ class MasterPasswordAppUnlockMethod extends AppUnlockMethod<String> {
     return null;
   }
 
-  /// Ensures that the local salt exists, restoring it from the TOTP list when possible.
-  Future<bool> _ensureSaltAvailable() async {
-    if (await Salt.readFromLocalStorage() != null) {
-      return true;
-    }
-    try {
-      List<Totp> totps = await _ref.read(totpRepositoryProvider.future);
-      Salt? salt = totps.firstOrNull?.encryptedData.encryptionSalt;
-      if (salt == null) {
-        return false;
-      }
-      await salt.saveToLocalStorage();
-      _ref.invalidate(cryptoStoreProvider);
-      _ref.invalidate(cryptoStoreVerificationMethodProvider);
-      _ref.invalidate(passwordVerificationProvider);
-      return true;
-    } catch (ex, stackTrace) {
-      handleException(ex, stackTrace);
-      return false;
-    }
-  }
-
   /// Prompts master password for unlock.
   Future<Result<String>> _promptMasterPasswordForUnlock(BuildContext context, String? message) async {
     String? password = await MasterPasswordInputDialog.prompt(

lib/model/app_unlock/methods/method.dart

@@ -4,16 +4,15 @@ import 'package:local_auth/local_auth.dart' hide LocalAuthentication;
 import 'package:open_authenticator/i18n/localizable_exception.dart';
 import 'package:open_authenticator/i18n/translations.g.dart';
 import 'package:open_authenticator/model/app_unlock/reason.dart';
-import 'package:open_authenticator/model/crypto.dart';
-import 'package:open_authenticator/model/password_verification/methods/crypto_store.dart';
+import 'package:open_authenticator/model/crypto/salt.dart';
+import 'package:open_authenticator/model/crypto/store.dart';
 import 'package:open_authenticator/model/password_verification/methods/method.dart';
 import 'package:open_authenticator/model/password_verification/methods/password_signature.dart';
 import 'package:open_authenticator/model/password_verification/password_verification.dart';
 import 'package:open_authenticator/model/totp/repository.dart';
 import 'package:open_authenticator/model/totp/totp.dart';
 import 'package:open_authenticator/utils/local_authentication/local_authentication.dart';
 import 'package:open_authenticator/utils/result.dart';
-import 'package:open_authenticator/utils/utils.dart';
 import 'package:open_authenticator/widgets/dialog/text_input_dialog.dart';
 
 part 'local_auth.dart';

lib/model/backup.dart

@@ -8,7 +8,8 @@ import 'package:flutter_riverpod/misc.dart';
 import 'package:open_authenticator/app.dart';
 import 'package:open_authenticator/i18n/localizable_exception.dart';
 import 'package:open_authenticator/i18n/translations.g.dart';
-import 'package:open_authenticator/model/crypto.dart';
+import 'package:open_authenticator/model/crypto/salt.dart';
+import 'package:open_authenticator/model/crypto/store.dart';
 import 'package:open_authenticator/model/totp/decrypted.dart';
 import 'package:open_authenticator/model/totp/json.dart';
 import 'package:open_authenticator/model/totp/repository.dart';

lib/model/crypto/salt.dart

@@ -0,0 +1,80 @@
+import 'dart:async';
+import 'dart:convert';
+
+import 'package:cipherlib/random.dart';
+import 'package:flutter/foundation.dart';
+import 'package:flutter_riverpod/flutter_riverpod.dart';
+import 'package:open_authenticator/model/database/database.dart';
+import 'package:open_authenticator/model/totp/totp.dart';
+import 'package:simple_secure_storage/simple_secure_storage.dart';
+
+/// The salt provider instance.
+final saltProvider = AsyncNotifierProvider<StoredSalt, Salt?>(StoredSalt.new);
+
+/// Allows to get and set the salt.
+class StoredSalt extends AsyncNotifier<Salt?> {
+  /// The password derived key storage key.
+  static const String _kPasswordDerivedKeySaltKey = 'passwordDerivedKeySalt';
+
+  @override
+  Future<Salt?> build() async {
+    String? value = await SimpleSecureStorage.read(_kPasswordDerivedKeySaltKey);
+    if (value != null) {
+      return Salt.fromRawValue(
+        value: base64.decode(value),
+      );
+    }
+    return await _tryRecoverSaltFromDatabase();
+  }
+
+  /// Tries to recover the salt from the database.
+  Future<Salt?> _tryRecoverSaltFromDatabase() async {
+    List<Totp> totps = await ref.read(appDatabaseProvider).listTotps();
+    Salt? salt = totps.firstOrNull?.encryptedData.encryptionSalt;
+    if (salt != null) {
+      await _saveToLocalStorage(salt);
+    }
+    return salt;
+  }
+
+  /// Changes the current salt.
+  Future<void> changeSalt(Salt salt) async {
+    _saveToLocalStorage(salt);
+    if (ref.mounted) {
+      state = AsyncData(salt);
+    }
+  }
+
+  /// Saves the given [salt] to the local storage.
+  Future<void> _saveToLocalStorage(Salt salt) async => await SimpleSecureStorage.write(_kPasswordDerivedKeySaltKey, base64.encode(salt.value));
+
+  /// Deletes the current salt from the local storage and resets the current state.
+  Future<void> deleteFromLocalStorage() async {
+    await SimpleSecureStorage.delete(_kPasswordDerivedKeySaltKey);
+    if (ref.mounted) {
+      state = const AsyncData(null);
+    }
+  }
+}
+
+/// Represents a decoded salt.
+class Salt {
+  /// The salt length.
+  static const int _saltLength = 256 ~/ 8;
+
+  /// The salt value.
+  final Uint8List value;
+
+  /// Creates a new salt instance.
+  const Salt.fromRawValue({
+    required this.value,
+  });
+
+  /// Generates a random salt.
+  static Salt generate() => Salt.fromRawValue(
+    value: randomBytes(_saltLength),
+  );
+
+  @override
+  String toString() => base64.encode(value);
+}

lib/model/crypto.dart lib/model/crypto/store.dartlib/model/crypto.dart renamed to lib/model/crypto/store.dart

@@ -10,6 +10,7 @@ import 'package:open_authenticator/app.dart';
 import 'package:open_authenticator/i18n/localizable_exception.dart';
 import 'package:open_authenticator/i18n/translations.g.dart';
 import 'package:open_authenticator/model/app_unlock/methods/method.dart';
+import 'package:open_authenticator/model/crypto/salt.dart';
 import 'package:open_authenticator/model/password_verification/methods/password_signature.dart';
 import 'package:open_authenticator/model/settings/app_unlock_method.dart';
 import 'package:open_authenticator/utils/utils.dart';
@@ -25,7 +26,7 @@ class StoredCryptoStore extends AsyncNotifier<CryptoStore?> {
 
   @override
   FutureOr<CryptoStore?> build() async {
-    Salt? salt = await Salt.readFromLocalStorage();
+    Salt? salt = await ref.watch(saltProvider.future);
     if (salt == null) {
       return null;
     }
@@ -45,7 +46,7 @@ class StoredCryptoStore extends AsyncNotifier<CryptoStore?> {
   Future<void> deleteFromLocalStorage({bool deleteSalt = false}) async {
     await SimpleSecureStorage.delete(_kPasswordDerivedKeyKey);
     if (deleteSalt) {
-      await Salt.deleteFromLocalStorage();
+      await ref.read(saltProvider.notifier).deleteFromLocalStorage();
     }
   }
 
@@ -57,7 +58,11 @@ class StoredCryptoStore extends AsyncNotifier<CryptoStore?> {
   }
 
   /// Changes the current crypto store password, preserving the current salt if possible.
-  Future<CryptoStore> changeCryptoStore(String newPassword, {CryptoStore? newCryptoStore, bool checkSettings = true}) async {
+  Future<CryptoStore> changeCryptoStore(
+    String newPassword, {
+    CryptoStore? newCryptoStore,
+    bool checkSettings = true,
+  }) async {
     Salt? salt = newCryptoStore?.salt;
     if (salt == null) {
       CryptoStore? currentCryptoStore = await future;
@@ -71,7 +76,7 @@ class StoredCryptoStore extends AsyncNotifier<CryptoStore?> {
       }
     }
     Future<void> saveCryptoStoreOnLocalStorage() async => await SimpleSecureStorage.write(_kPasswordDerivedKeyKey, base64.encode(newCryptoStore!.key));
-    await salt.saveToLocalStorage();
+    await ref.read(saltProvider.notifier).changeSalt(salt);
     if (checkSettings) {
       String unlockMethod = await ref.read(appUnlockMethodSettingsEntryProvider.future);
       if (unlockMethod == MasterPasswordAppUnlockMethod.kMethodId) {
@@ -89,9 +94,6 @@ class StoredCryptoStore extends AsyncNotifier<CryptoStore?> {
 
 /// Allows to encrypt some data according to a key.
 class CryptoStore {
-  /// The key length.
-  static const int _keyLength = 256 ~/ 8;
-
   /// The initialization vector length.
   static const int _initializationVectorLength = 96 ~/ 8;
 
@@ -109,10 +111,11 @@ class CryptoStore {
   });
 
   /// Creates a [CryptoStoreWithPasswordSignature] from the given [password].
-  CryptoStore.fromPassword(String password, Salt salt) : this._(
-      key: _deriveKey(password, salt).bytes,
-      salt: salt,
-    );
+  CryptoStore.fromPassword(String password, Salt salt)
+    : this._(
+        key: _deriveKey(password, salt).bytes,
+        salt: salt,
+      );
 
   /// Generates a derived key from the given [password] and save it to the device secure storage.
   /// Also returns the salt that has been used.
@@ -164,48 +167,6 @@ class CryptoStore {
   MACHashBase get hmacSecretKey => sha256.hmac.by(key);
 }
 
-/// Represents a decoded salt.
-class Salt {
-  /// The salt length.
-  static const int _saltLength = CryptoStore._keyLength;
-
-  /// The password derived key storage key.
-  static const String _kPasswordDerivedKeySaltKey = 'passwordDerivedKeySalt';
-
-  /// The salt value.
-  final Uint8List value;
-
-  /// Creates a new salt instance.
-  const Salt.fromRawValue({
-    required this.value,
-  });
-
-  /// Reads the salt from local storage.
-  static Future<Salt?> readFromLocalStorage() async {
-    String? value = await SimpleSecureStorage.read(_kPasswordDerivedKeySaltKey);
-    if (value == null) {
-      return null;
-    }
-    return Salt.fromRawValue(
-      value: base64.decode(value),
-    );
-  }
-
-  /// Generates a random salt.
-  static Salt generate() => Salt.fromRawValue(
-    value: randomBytes(_saltLength),
-  );
-
-  /// Deletes the salt from local storage.
-  static Future<void> deleteFromLocalStorage() async => await SimpleSecureStorage.delete(_kPasswordDerivedKeySaltKey);
-
-  /// Writes the salt to the secure storage.
-  Future<void> saveToLocalStorage() async => await SimpleSecureStorage.write(_kPasswordDerivedKeySaltKey, base64.encode(value));
-
-  @override
-  String toString() => base64.encode(value);
-}
-
 /// Thrown when the password entered for a new crypto store is incorrect.
 class _PasswordMismatchException extends LocalizableException {
   /// Creates a new password mismatch exception instance.

lib/model/database/database.dart

@@ -8,7 +8,7 @@ import 'package:flutter_riverpod/flutter_riverpod.dart';
 import 'package:open_authenticator/model/backend/request/response.dart';
 import 'package:open_authenticator/model/backend/synchronization/push/operation.dart';
 import 'package:open_authenticator/model/backend/synchronization/push/result.dart';
-import 'package:open_authenticator/model/crypto.dart';
+import 'package:open_authenticator/model/crypto/salt.dart';
 import 'package:open_authenticator/model/database/database.steps.dart';
 import 'package:open_authenticator/model/totp/algorithm.dart';
 import 'package:open_authenticator/model/totp/json.dart';

lib/model/password_verification/methods/crypto_store.dart

@@ -1,7 +1,7 @@
 import 'dart:async';
 
 import 'package:flutter_riverpod/flutter_riverpod.dart';
-import 'package:open_authenticator/model/crypto.dart';
+import 'package:open_authenticator/model/crypto/store.dart';
 import 'package:open_authenticator/model/password_verification/methods/method.dart';
 
 /// The provider instance.

lib/model/password_verification/methods/password_signature.dart

@@ -2,7 +2,8 @@ import 'dart:async';
 import 'dart:convert';
 
 import 'package:flutter_riverpod/flutter_riverpod.dart';
-import 'package:open_authenticator/model/crypto.dart';
+import 'package:open_authenticator/model/crypto/salt.dart';
+import 'package:open_authenticator/model/crypto/store.dart';
 import 'package:open_authenticator/model/password_verification/methods/method.dart';
 import 'package:simple_secure_storage/simple_secure_storage.dart';
 
@@ -19,18 +20,27 @@ class PasswordSignatureVerificationMethodNotifier extends AsyncNotifier<Password
   @override
   FutureOr<PasswordSignatureVerificationMethod> build() async => PasswordSignatureVerificationMethod(
     passwordSignature: await SimpleSecureStorage.read(_kPasswordSignatureKey),
+    salt: await ref.watch(saltProvider.future),
   );
 
   /// Enables the password signature verification method.
   Future<bool> enable(String? password) async {
-    Salt? salt = await Salt.readFromLocalStorage();
-    if (password == null || salt == null) {
+    if (password == null) {
+      return false;
+    }
+    Salt? salt = await ref.read(saltProvider.future);
+    if (salt == null) {
       return false;
     }
     String passwordSignature = await _generatePasswordSignature(password, salt);
     await SimpleSecureStorage.write(_kPasswordSignatureKey, passwordSignature);
     if (ref.mounted) {
-      state = AsyncData(PasswordSignatureVerificationMethod(passwordSignature: passwordSignature));
+      state = AsyncData(
+        PasswordSignatureVerificationMethod(
+          passwordSignature: passwordSignature,
+          salt: salt,
+        ),
+      );
     }
     return true;
   }
@@ -39,7 +49,7 @@ class PasswordSignatureVerificationMethodNotifier extends AsyncNotifier<Password
   Future<void> disable() async {
     await SimpleSecureStorage.delete(_kPasswordSignatureKey);
     if (ref.mounted) {
-      state = const AsyncData(PasswordSignatureVerificationMethod(passwordSignature: null));
+      state = const AsyncData(PasswordSignatureVerificationMethod());
     }
   }
 
@@ -56,24 +66,24 @@ class PasswordSignatureVerificationMethod with PasswordVerificationMethod {
   /// The password signature.
   final String? passwordSignature;
 
+  /// The salt instance.
+  final Salt? salt;
+
   /// Creates a new password signature verification method instance.
   const PasswordSignatureVerificationMethod({
     this.passwordSignature,
+    this.salt,
   });
 
   @override
-  bool get enabled => passwordSignature != null;
+  bool get enabled => passwordSignature != null && salt != null;
 
   @override
   Future<bool> verify(String password) async {
     if (!(await super.verify(password))) {
       return false;
     }
-    Salt? salt = await Salt.readFromLocalStorage();
-    if (salt == null) {
-      return false;
-    }
-    CryptoStore cryptoStore = CryptoStore.fromPassword(password, salt);
+    CryptoStore cryptoStore = CryptoStore.fromPassword(password, salt!);
     return cryptoStore.hmacSecretKey.verify(base64.decode(passwordSignature!), utf8.encode(password));
   }
 }

lib/model/settings/storage_type.dart

@@ -8,7 +8,7 @@ import 'package:open_authenticator/model/backend/request/response.dart';
 import 'package:open_authenticator/model/backend/synchronization/push/operation.dart';
 import 'package:open_authenticator/model/backend/synchronization/queue.dart';
 import 'package:open_authenticator/model/backup.dart';
-import 'package:open_authenticator/model/crypto.dart';
+import 'package:open_authenticator/model/crypto/store.dart';
 import 'package:open_authenticator/model/database/database.dart';
 import 'package:open_authenticator/model/password_verification/password_verification.dart';
 import 'package:open_authenticator/model/settings/entry.dart';