finish migrate auto key if needed

- migrate whenever retrieved from storage
- add back the user symmetric key toggle

libs/common/src/platform/abstractions/crypto.service.ts

@@ -17,6 +17,11 @@ export abstract class CryptoService {
   getKeyForUserEncryption: (key?: SymmetricCryptoKey) => Promise<SymmetricCryptoKey>;
 
   setUserKey: (key: UserSymKey) => Promise<void>;
+  /**
+   * Gets the user key from memory and sets it again,
+   * kicking off a refresh of any additional keys that are needed.
+   */
+  toggleKey: () => Promise<void>;
   getUserKeyFromMemory: (userId?: string) => Promise<UserSymKey>;
   getUserKeyFromStorage: (
     keySuffix: KeySuffixOptions.Auto | KeySuffixOptions.Biometric,
@@ -117,5 +122,4 @@ export abstract class CryptoService {
   setEncKey: (encKey: string) => Promise<void>;
   hasEncKey: () => Promise<boolean>;
   clearEncKey: (memoryOnly?: boolean, userId?: string) => Promise<any>;
-  toggleKey: () => Promise<any>;
 }

libs/common/src/platform/services/crypto.service.ts

@@ -69,6 +69,11 @@ export class CryptoService implements CryptoServiceAbstraction {
     await this.storeAdditionalKeys(key, userId);
   }
 
+  async toggleKey(): Promise<void> {
+    const key = await this.getUserKeyFromMemory();
+    await this.setUserKey(key);
+  }
+
   /**
    * Retrieves the user's symmetric key
    * @param keySuffix The desired version of the user's key to retrieve
@@ -948,15 +953,8 @@ export class CryptoService implements CryptoServiceAbstraction {
     let userKey: string;
     switch (keySuffix) {
       case KeySuffixOptions.Auto: {
-        // migrate if needed
+        await this.migrateAutoKeyIfNeeded(userId);
-        const oldAutoKey = await this.stateService.getCryptoMasterKeyAuto({ userId: userId });
+        userKey = await this.stateService.getUserSymKeyAuto({ userId: userId });
-        if (oldAutoKey) {
-          await this.stateService.setUserSymKeyAuto(oldAutoKey, { userId: userId });
-          await this.stateService.setCryptoMasterKeyAuto(null, { userId: userId });
-          userKey = oldAutoKey;
-        } else {
-          userKey = await this.stateService.getUserSymKeyAuto({ userId: userId });
-        }
         break;
       }
       case KeySuffixOptions.Biometric: {
@@ -967,6 +965,23 @@ export class CryptoService implements CryptoServiceAbstraction {
     return new SymmetricCryptoKey(Utils.fromB64ToArray(userKey).buffer) as UserSymKey;
   }
 
+  private async migrateAutoKeyIfNeeded(userId?: string) {
+    const oldAutoKey = await this.stateService.getCryptoMasterKeyAuto({ userId: userId });
+    if (oldAutoKey) {
+      // decrypt
+      const masterKey = new SymmetricCryptoKey(
+        Utils.fromB64ToArray(oldAutoKey).buffer
+      ) as MasterKey;
+      const userSymKey = await this.decryptUserSymKeyWithMasterKey(
+        masterKey,
+        new EncString(await this.stateService.getEncryptedCryptoSymmetricKey())
+      );
+      // migrate
+      await this.stateService.setUserSymKeyAuto(userSymKey.keyB64, { userId: userId });
+      await this.stateService.setCryptoMasterKeyAuto(null, { userId: userId });
+    }
+  }
+
   private async stretchKey(key: SymmetricCryptoKey): Promise<SymmetricCryptoKey> {
     const newKey = new Uint8Array(64);
     const encKey = await this.cryptoFunctionService.hkdfExpand(key.key, "enc", 32, "sha256");
@@ -1192,12 +1207,4 @@ export class CryptoService implements CryptoServiceAbstraction {
       await this.stateService.setEncryptedCryptoSymmetricKey(null, { userId: userId });
     }
   }
-
-  /**
-   * @deprecated we wouldn't be saving encrypted/decrypted versions of the user symmetric key
-   */
-  async toggleKey(): Promise<any> {
-    // const key = await this.getKey();
-    // await this.setKey(key);
-  }
 }