From 044bdb48575994dcc47268e08ff5ba23d115687f Mon Sep 17 00:00:00 2001
From: Bernd Schoolmann <mail@quexten.com>
Date: Wed, 1 Jan 2025 16:35:15 +0100
Subject: [PATCH] Allow legacy ciphers for migration in bulkdecrypt service

---
 .../migrate-legacy-encryption.component.ts    |  4 ++++
 .../src/services/jslib-services.module.ts     |  2 +-
 .../abstractions/bulk-encrypt.service.ts      |  1 +
 .../bulk-encrypt.service.implementation.ts    | 22 ++++++++++++++++++-
 .../encrypt.service.implementation.ts         |  2 +-
 .../fallback-bulk-encrypt.service.ts          |  7 ++++++
 ...tithread-encrypt.service.implementation.ts |  4 ++++
 7 files changed, 39 insertions(+), 3 deletions(-)

diff --git a/apps/web/src/app/key-management/migrate-encryption/migrate-legacy-encryption.component.ts b/apps/web/src/app/key-management/migrate-encryption/migrate-legacy-encryption.component.ts
index 1bde2618521..49c4abe4dc1 100644
--- a/apps/web/src/app/key-management/migrate-encryption/migrate-legacy-encryption.component.ts
+++ b/apps/web/src/app/key-management/migrate-encryption/migrate-legacy-encryption.component.ts
@@ -5,6 +5,7 @@ import { FormControl, FormGroup, Validators } from "@angular/forms";
 import { firstValueFrom } from "rxjs";
 
 import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
+import { BulkEncryptService } from "@bitwarden/common/platform/abstractions/bulk-encrypt.service";
 import { EncryptService } from "@bitwarden/common/platform/abstractions/encrypt.service";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
@@ -42,6 +43,7 @@ export class MigrateFromLegacyEncryptionComponent {
     private dialogService: DialogService,
     private folderApiService: FolderApiServiceAbstraction,
     private encryptService: EncryptService,
+    private bulkEncryptService: BulkEncryptService,
   ) {}
 
   submit = async () => {
@@ -63,9 +65,11 @@ export class MigrateFromLegacyEncryptionComponent {
 
     try {
       this.encryptService.setLegacyCiphersEnabled(true);
+      this.bulkEncryptService.setLegacyCiphersEnabled(true);
       await this.syncService.fullSync(false, true);
       await this.keyRotationService.rotateUserKeyAndEncryptedData(masterPassword, activeUser);
       this.encryptService.setLegacyCiphersEnabled(false);
+      this.bulkEncryptService.setLegacyCiphersEnabled(false);
 
       this.toastService.showToast({
         variant: "success",
diff --git a/libs/angular/src/services/jslib-services.module.ts b/libs/angular/src/services/jslib-services.module.ts
index 688507099de..142fa730e05 100644
--- a/libs/angular/src/services/jslib-services.module.ts
+++ b/libs/angular/src/services/jslib-services.module.ts
@@ -893,7 +893,7 @@ const safeProviders: SafeProvider[] = [
   safeProvider({
     provide: BulkEncryptService,
     useClass: BulkEncryptServiceImplementation,
-    deps: [CryptoFunctionServiceAbstraction, LogService],
+    deps: [CryptoFunctionServiceAbstraction, LogService, EncryptService],
   }),
   safeProvider({
     provide: EventUploadServiceAbstraction,
diff --git a/libs/common/src/platform/abstractions/bulk-encrypt.service.ts b/libs/common/src/platform/abstractions/bulk-encrypt.service.ts
index 4cdff0c769a..21c05510b22 100644
--- a/libs/common/src/platform/abstractions/bulk-encrypt.service.ts
+++ b/libs/common/src/platform/abstractions/bulk-encrypt.service.ts
@@ -7,4 +7,5 @@ export abstract class BulkEncryptService {
     items: Decryptable<T>[],
     key: SymmetricCryptoKey,
   ): Promise<T[]>;
+  abstract setLegacyCiphersEnabled(enabled: boolean): void;
 }
diff --git a/libs/common/src/platform/services/cryptography/bulk-encrypt.service.implementation.ts b/libs/common/src/platform/services/cryptography/bulk-encrypt.service.implementation.ts
index 1320fbae0e0..3e2567552c1 100644
--- a/libs/common/src/platform/services/cryptography/bulk-encrypt.service.implementation.ts
+++ b/libs/common/src/platform/services/cryptography/bulk-encrypt.service.implementation.ts
@@ -5,12 +5,14 @@ import { Jsonify } from "type-fest";
 
 import { BulkEncryptService } from "../../abstractions/bulk-encrypt.service";
 import { CryptoFunctionService } from "../../abstractions/crypto-function.service";
+import { EncryptService } from "../../abstractions/encrypt.service";
 import { LogService } from "../../abstractions/log.service";
 import { Decryptable } from "../../interfaces/decryptable.interface";
 import { InitializerMetadata } from "../../interfaces/initializer-metadata.interface";
 import { Utils } from "../../misc/utils";
 import { SymmetricCryptoKey } from "../../models/domain/symmetric-crypto-key";
 
+import { EncryptServiceImplementation } from "./encrypt.service.implementation";
 import { getClassInitializer } from "./get-class-initializer";
 
 // TTL (time to live) is not strictly required but avoids tying up memory resources if inactive
@@ -24,10 +26,19 @@ export class BulkEncryptServiceImplementation implements BulkEncryptService {
 
   private clear$ = new Subject<void>();
 
+  private isLegacyCiphersEnabled = false;
+  private encryptService: EncryptService;
+
   constructor(
     protected cryptoFunctionService: CryptoFunctionService,
     protected logService: LogService,
-  ) {}
+  ) {
+    this.encryptService = new EncryptServiceImplementation(
+      cryptoFunctionService,
+      logService,
+      false,
+    );
+  }
 
   /**
    * Decrypts items using a web worker if the environment supports it.
@@ -37,6 +48,10 @@ export class BulkEncryptServiceImplementation implements BulkEncryptService {
     items: Decryptable<T>[],
     key: SymmetricCryptoKey,
   ): Promise<T[]> {
+    if (this.isLegacyCiphersEnabled) {
+      return await this.encryptService.decryptItems(items, key);
+    }
+
     if (key == null) {
       throw new Error("No encryption key provided.");
     }
@@ -163,4 +178,9 @@ export class BulkEncryptServiceImplementation implements BulkEncryptService {
       clearTimeout(this.timeout);
     }
   }
+
+  setLegacyCiphersEnabled(enabled: boolean): void {
+    this.isLegacyCiphersEnabled = enabled;
+    this.encryptService.setLegacyCiphersEnabled(enabled);
+  }
 }
diff --git a/libs/common/src/platform/services/cryptography/encrypt.service.implementation.ts b/libs/common/src/platform/services/cryptography/encrypt.service.implementation.ts
index 6525ab63e00..35dda4670bb 100644
--- a/libs/common/src/platform/services/cryptography/encrypt.service.implementation.ts
+++ b/libs/common/src/platform/services/cryptography/encrypt.service.implementation.ts
@@ -14,7 +14,7 @@ import { EncryptedObject } from "../../models/domain/encrypted-object";
 import { SymmetricCryptoKey } from "../../models/domain/symmetric-crypto-key";
 
 export class EncryptServiceImplementation implements EncryptService {
-  private legacyCiphersEnabled: boolean = false;
+  protected legacyCiphersEnabled: boolean = false;
 
   constructor(
     protected cryptoFunctionService: CryptoFunctionService,
diff --git a/libs/common/src/platform/services/cryptography/fallback-bulk-encrypt.service.ts b/libs/common/src/platform/services/cryptography/fallback-bulk-encrypt.service.ts
index 7a4fd8f3c1d..e3596f93cea 100644
--- a/libs/common/src/platform/services/cryptography/fallback-bulk-encrypt.service.ts
+++ b/libs/common/src/platform/services/cryptography/fallback-bulk-encrypt.service.ts
@@ -32,4 +32,11 @@ export class FallbackBulkEncryptService implements BulkEncryptService {
   async setFeatureFlagEncryptService(featureFlagEncryptService: BulkEncryptService) {
     this.featureFlagEncryptService = featureFlagEncryptService;
   }
+
+  setLegacyCiphersEnabled(enabled: boolean): void {
+    if (this.featureFlagEncryptService != null) {
+      this.featureFlagEncryptService.setLegacyCiphersEnabled(enabled);
+    }
+    this.encryptService.setLegacyCiphersEnabled(enabled);
+  }
 }
diff --git a/libs/common/src/platform/services/cryptography/multithread-encrypt.service.implementation.ts b/libs/common/src/platform/services/cryptography/multithread-encrypt.service.implementation.ts
index 100dcf152e6..7760c8445fc 100644
--- a/libs/common/src/platform/services/cryptography/multithread-encrypt.service.implementation.ts
+++ b/libs/common/src/platform/services/cryptography/multithread-encrypt.service.implementation.ts
@@ -31,6 +31,10 @@ export class MultithreadEncryptServiceImplementation extends EncryptServiceImple
     items: Decryptable<T>[],
     key: SymmetricCryptoKey,
   ): Promise<T[]> {
+    if (this.legacyCiphersEnabled) {
+      return super.decryptItems(items, key);
+    }
+
     if (items == null || items.length < 1) {
       return [];
     }