From 041e7743f858bcdb3b2fb10f2e29d7f61cb967e0 Mon Sep 17 00:00:00 2001
From: Bernd Schoolmann <mail@quexten.com>
Date: Thu, 6 Mar 2025 19:25:09 +0100
Subject: [PATCH] Fix private key encryption

---
 .../key-rotation/user-key-rotation.service.ts |  2 +-
 .../src/services/jslib-services.module.ts     |  3 +++
 .../encrypt.service.implementation.ts         | 20 +++++++------------
 3 files changed, 11 insertions(+), 14 deletions(-)

diff --git a/apps/web/src/app/key-management/key-rotation/user-key-rotation.service.ts b/apps/web/src/app/key-management/key-rotation/user-key-rotation.service.ts
index d7ee258dd84..85c5dee0389 100644
--- a/apps/web/src/app/key-management/key-rotation/user-key-rotation.service.ts
+++ b/apps/web/src/app/key-management/key-rotation/user-key-rotation.service.ts
@@ -98,7 +98,7 @@ export class UserKeyRotationService {
 
     const newMasterKey = await this.keyService.makeMasterKey(newMasterPassword, email, kdfConfig);
 
-    const userkey = PureCrypto.generate_userkey(false);
+    const userkey = PureCrypto.generate_userkey(true);
     const newUnencryptedUserKey = new SymmetricCryptoKey(userkey) as UserKey;
     let kdf: Kdf = { pBKDF2: { iterations: 1 } };
     if (kdfConfig.kdfType === KdfType.PBKDF2_SHA256) {
diff --git a/libs/angular/src/services/jslib-services.module.ts b/libs/angular/src/services/jslib-services.module.ts
index d5833dd0479..8a2b66b6c99 100644
--- a/libs/angular/src/services/jslib-services.module.ts
+++ b/libs/angular/src/services/jslib-services.module.ts
@@ -499,6 +499,7 @@ const safeProviders: SafeProvider[] = [
       configService: ConfigService,
       stateProvider: StateProvider,
       accountService: AccountServiceAbstraction,
+      logService: LogService,
     ) =>
       new CipherService(
         keyService,
@@ -514,6 +515,7 @@ const safeProviders: SafeProvider[] = [
         configService,
         stateProvider,
         accountService,
+        logService,
       ),
     deps: [
       KeyService,
@@ -529,6 +531,7 @@ const safeProviders: SafeProvider[] = [
       ConfigService,
       StateProvider,
       AccountServiceAbstraction,
+      LogService,
     ],
   }),
   safeProvider({
diff --git a/libs/common/src/key-management/crypto/services/encrypt.service.implementation.ts b/libs/common/src/key-management/crypto/services/encrypt.service.implementation.ts
index 4732c919335..78674328997 100644
--- a/libs/common/src/key-management/crypto/services/encrypt.service.implementation.ts
+++ b/libs/common/src/key-management/crypto/services/encrypt.service.implementation.ts
@@ -67,10 +67,7 @@ export class EncryptServiceImplementation implements EncryptService {
       const mac = Utils.fromBufferToB64(encObj.mac);
       return new EncString(innerKey.type, data, iv, mac);
     } else if (innerKey.type === EncryptionType.XChaCha20Poly1305_B64) {
-      const encrypted = PureCrypto.symmetric_encrypt(
-        Utils.fromBufferToByteString(plainBuf),
-        Utils.fromBufferToB64(innerKey.coseKey),
-      );
+      const encrypted = PureCrypto.symmetric_encrypt(plainBuf, innerKey.coseKey);
       return new EncString(encrypted);
     } else {
       throw new Error(`Encrypt is not supported for keys of type ${innerKey.type}`);
@@ -102,10 +99,7 @@ export class EncryptServiceImplementation implements EncryptService {
       encBytes.set(new Uint8Array(encValue.data), 1 + encValue.iv.byteLength);
       return new EncArrayBuffer(encBytes);
     } else if (innerKey.type === EncryptionType.XChaCha20Poly1305_B64) {
-      const encrypted = PureCrypto.symmetric_decrypt_array_buffer(
-        plainValue,
-        Utils.fromBufferToB64(innerKey.coseKey),
-      );
+      const encrypted = PureCrypto.symmetric_decrypt_array_buffer(plainValue, innerKey.coseKey);
       return new EncArrayBuffer(encrypted);
     }
   }
@@ -121,7 +115,7 @@ export class EncryptServiceImplementation implements EncryptService {
         throw new Error("encString is null or undefined");
       }
       try {
-        return PureCrypto.symmetric_decrypt(encString.encryptedString, key.keyB64);
+        return PureCrypto.symmetric_decrypt(encString.encryptedString, key.key);
       } catch (e) {
         this.logService.error("Error decrypting with SDK", e);
         return null;
@@ -193,7 +187,7 @@ export class EncryptServiceImplementation implements EncryptService {
         parameters: fastParams,
       });
     } else if (innerKey.type === EncryptionType.XChaCha20Poly1305_B64) {
-      return PureCrypto.symmetric_decrypt(encString.encryptedString, key.keyB64);
+      return PureCrypto.symmetric_decrypt(encString.encryptedString, key.key);
     } else {
       throw new Error(`Unsupported encryption type`);
     }
@@ -210,7 +204,7 @@ export class EncryptServiceImplementation implements EncryptService {
         const buffer = new Uint8Array(encThing.dataBytes.length + 1);
         buffer[0] = encThing.encryptionType;
         buffer.set(encThing.dataBytes, 1);
-        return PureCrypto.symmetric_decrypt_array_buffer(buffer, key.keyB64);
+        return PureCrypto.symmetric_decrypt_array_buffer(buffer, key.key);
       }
 
       if (
@@ -227,7 +221,7 @@ export class EncryptServiceImplementation implements EncryptService {
         encThing.macBytes,
       ).buffer;
 
-      return PureCrypto.symmetric_decrypt_array_buffer(buffer, key.keyB64);
+      return PureCrypto.symmetric_decrypt_array_buffer(buffer, key.key);
     }
     this.logService.debug("decrypting bytes with javascript");
 
@@ -303,7 +297,7 @@ export class EncryptServiceImplementation implements EncryptService {
         encThing.dataBytes,
         encThing.macBytes,
       ).buffer;
-      return PureCrypto.symmetric_decrypt_array_buffer(buffer, key.keyB64);
+      return PureCrypto.symmetric_decrypt_array_buffer(buffer, key.key);
     }
   }