Allow legacy ciphers for migration in bulkdecrypt service

apps/web/src/app/key-management/migrate-encryption/migrate-legacy-encryption.component.ts

@@ -5,6 +5,7 @@ import { FormControl, FormGroup, Validators } from "@angular/forms";
 import { firstValueFrom } from "rxjs";
 
 import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
+import { BulkEncryptService } from "@bitwarden/common/platform/abstractions/bulk-encrypt.service";
 import { EncryptService } from "@bitwarden/common/platform/abstractions/encrypt.service";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
@@ -42,6 +43,7 @@ export class MigrateFromLegacyEncryptionComponent {
     private dialogService: DialogService,
     private folderApiService: FolderApiServiceAbstraction,
     private encryptService: EncryptService,
+    private bulkEncryptService: BulkEncryptService,
   ) {}
 
   submit = async () => {
@@ -63,9 +65,11 @@ export class MigrateFromLegacyEncryptionComponent {
 
     try {
       this.encryptService.setLegacyCiphersEnabled(true);
+      this.bulkEncryptService.setLegacyCiphersEnabled(true);
       await this.syncService.fullSync(false, true);
       await this.keyRotationService.rotateUserKeyAndEncryptedData(masterPassword, activeUser);
       this.encryptService.setLegacyCiphersEnabled(false);
+      this.bulkEncryptService.setLegacyCiphersEnabled(false);
 
       this.toastService.showToast({
         variant: "success",

libs/angular/src/services/jslib-services.module.ts

@@ -893,7 +893,7 @@ const safeProviders: SafeProvider[] = [
   safeProvider({
     provide: BulkEncryptService,
     useClass: BulkEncryptServiceImplementation,
-    deps: [CryptoFunctionServiceAbstraction, LogService],
+    deps: [CryptoFunctionServiceAbstraction, LogService, EncryptService],
   }),
   safeProvider({
     provide: EventUploadServiceAbstraction,

libs/common/src/platform/abstractions/bulk-encrypt.service.ts

@@ -7,4 +7,5 @@ export abstract class BulkEncryptService {
     items: Decryptable<T>[],
     key: SymmetricCryptoKey,
   ): Promise<T[]>;
+  abstract setLegacyCiphersEnabled(enabled: boolean): void;
 }

libs/common/src/platform/services/cryptography/bulk-encrypt.service.implementation.ts

@@ -5,12 +5,14 @@ import { Jsonify } from "type-fest";
 
 import { BulkEncryptService } from "../../abstractions/bulk-encrypt.service";
 import { CryptoFunctionService } from "../../abstractions/crypto-function.service";
+import { EncryptService } from "../../abstractions/encrypt.service";
 import { LogService } from "../../abstractions/log.service";
 import { Decryptable } from "../../interfaces/decryptable.interface";
 import { InitializerMetadata } from "../../interfaces/initializer-metadata.interface";
 import { Utils } from "../../misc/utils";
 import { SymmetricCryptoKey } from "../../models/domain/symmetric-crypto-key";
 
+import { EncryptServiceImplementation } from "./encrypt.service.implementation";
 import { getClassInitializer } from "./get-class-initializer";
 
 // TTL (time to live) is not strictly required but avoids tying up memory resources if inactive
@@ -24,10 +26,19 @@ export class BulkEncryptServiceImplementation implements BulkEncryptService {
 
   private clear$ = new Subject<void>();
 
+  private isLegacyCiphersEnabled = false;
+  private encryptService: EncryptService;
+
   constructor(
     protected cryptoFunctionService: CryptoFunctionService,
     protected logService: LogService,
-  ) {}
+  ) {
+    this.encryptService = new EncryptServiceImplementation(
+      cryptoFunctionService,
+      logService,
+      false,
+    );
+  }
 
   /**
    * Decrypts items using a web worker if the environment supports it.
@@ -37,6 +48,10 @@ export class BulkEncryptServiceImplementation implements BulkEncryptService {
     items: Decryptable<T>[],
     key: SymmetricCryptoKey,
   ): Promise<T[]> {
+    if (this.isLegacyCiphersEnabled) {
+      return await this.encryptService.decryptItems(items, key);
+    }
+
     if (key == null) {
       throw new Error("No encryption key provided.");
     }
@@ -163,4 +178,9 @@ export class BulkEncryptServiceImplementation implements BulkEncryptService {
       clearTimeout(this.timeout);
     }
   }
+
+  setLegacyCiphersEnabled(enabled: boolean): void {
+    this.isLegacyCiphersEnabled = enabled;
+    this.encryptService.setLegacyCiphersEnabled(enabled);
+  }
 }

libs/common/src/platform/services/cryptography/encrypt.service.implementation.ts

@@ -14,7 +14,7 @@ import { EncryptedObject } from "../../models/domain/encrypted-object";
 import { SymmetricCryptoKey } from "../../models/domain/symmetric-crypto-key";
 
 export class EncryptServiceImplementation implements EncryptService {
-  private legacyCiphersEnabled: boolean = false;
+  protected legacyCiphersEnabled: boolean = false;
 
   constructor(
     protected cryptoFunctionService: CryptoFunctionService,

libs/common/src/platform/services/cryptography/fallback-bulk-encrypt.service.ts

@@ -32,4 +32,11 @@ export class FallbackBulkEncryptService implements BulkEncryptService {
   async setFeatureFlagEncryptService(featureFlagEncryptService: BulkEncryptService) {
     this.featureFlagEncryptService = featureFlagEncryptService;
   }
+
+  setLegacyCiphersEnabled(enabled: boolean): void {
+    if (this.featureFlagEncryptService != null) {
+      this.featureFlagEncryptService.setLegacyCiphersEnabled(enabled);
+    }
+    this.encryptService.setLegacyCiphersEnabled(enabled);
+  }
 }

libs/common/src/platform/services/cryptography/multithread-encrypt.service.implementation.ts

@@ -31,6 +31,10 @@ export class MultithreadEncryptServiceImplementation extends EncryptServiceImple
     items: Decryptable<T>[],
     key: SymmetricCryptoKey,
   ): Promise<T[]> {
+    if (this.legacyCiphersEnabled) {
+      return super.decryptItems(items, key);
+    }
+
     if (items == null || items.length < 1) {
       return [];
     }