update assortment of leftover old crypto service calls

2025-12-16 16:23:44 +00:00 · 2023-06-08 17:04:24 -04:00
parent 3b7f57fd20
commit 7583c959eb
5 changed files with 29 additions and 20 deletions
--- a/apps/web/src/app/admin-console/organizations/users/enroll-master-password-reset.component.ts
+++ b/apps/web/src/app/admin-console/organizations/users/enroll-master-password-reset.component.ts
@@ -58,8 +58,8 @@ export class EnrollMasterPasswordReset {
        const publicKey = Utils.fromB64ToArray(orgKeys.publicKey);

        // RSA Encrypt user's encKey.key with organization public key
-        const encKey = await this.cryptoService.getEncKey();
-        const encryptedKey = await this.cryptoService.rsaEncrypt(encKey.key, publicKey.buffer);
+        const userKey = await this.cryptoService.getUserKeyFromMemory();
+        const encryptedKey = await this.cryptoService.rsaEncrypt(userKey.key, publicKey.buffer);
        keyString = encryptedKey.encryptedString;
        toastStringRef = "enrollPasswordResetSuccess";

--- a/apps/web/src/app/auth/accept-organization.component.ts
+++ b/apps/web/src/app/auth/accept-organization.component.ts
@@ -141,8 +141,8 @@ export class AcceptOrganizationComponent extends BaseAcceptComponent {
      const publicKey = Utils.fromB64ToArray(response.publicKey);

      // RSA Encrypt user's encKey.key with organization public key
-      const encKey = await this.cryptoService.getEncKey();
-      const encryptedKey = await this.cryptoService.rsaEncrypt(encKey.key, publicKey.buffer);
+      const userKey = await this.cryptoService.getUserKeyFromMemory();
+      const encryptedKey = await this.cryptoService.rsaEncrypt(userKey.key, publicKey.buffer);

      // Add reset password key to accept request
      request.resetPasswordKey = encryptedKey.encryptedString;
--- a/apps/web/src/app/settings/change-kdf/change-kdf-confirmation.component.ts
+++ b/apps/web/src/app/settings/change-kdf/change-kdf-confirmation.component.ts
@@ -77,15 +77,18 @@ export class ChangeKdfConfirmationComponent {
    request.kdfParallelism = this.kdfConfig.parallelism;
    request.masterPasswordHash = await this.cryptoService.hashPassword(masterPassword, null);
    const email = await this.stateService.getEmail();
-    const newKey = await this.cryptoService.makeKey(
+    const newMasterKey = await this.cryptoService.makeMasterKey(
      masterPassword,
      email,
      this.kdf,
      this.kdfConfig
    );
-    request.newMasterPasswordHash = await this.cryptoService.hashPassword(masterPassword, newKey);
-    const newEncKey = await this.cryptoService.remakeEncKey(newKey);
-    request.key = newEncKey[1].encryptedString;
+    request.newMasterPasswordHash = await this.cryptoService.hashPassword(
+      masterPassword,
+      newMasterKey
+    );
+    const newUserSymKey = await this.cryptoService.encryptUserSymKeyWithMasterKey(newMasterKey);
+    request.key = newUserSymKey[1].encryptedString;

    await this.apiService.postAccountKdf(request);
  }
--- a/apps/web/src/app/settings/update-key.component.ts
+++ b/apps/web/src/app/settings/update-key.component.ts
@@ -36,8 +36,8 @@ export class UpdateKeyComponent {
  ) {}

  async submit() {
-    const hasEncKey = await this.cryptoService.hasEncKey();
-    if (hasEncKey) {
+    const hasUserKey = await this.cryptoService.hasUserKey();
+    if (hasUserKey) {
      return;
    }

@@ -68,16 +68,16 @@ export class UpdateKeyComponent {
  }

  private async makeRequest(): Promise<UpdateKeyRequest> {
-    const key = await this.cryptoService.getKey();
-    const encKey = await this.cryptoService.makeEncKey(key);
+    const masterKey = await this.cryptoService.getMasterKey();
+    const newUserKey = await this.cryptoService.makeUserSymKey(masterKey);
    const privateKey = await this.cryptoService.getPrivateKey();
    let encPrivateKey: EncString = null;
    if (privateKey != null) {
-      encPrivateKey = await this.cryptoService.encrypt(privateKey, encKey[0]);
+      encPrivateKey = await this.cryptoService.encrypt(privateKey, newUserKey[0]);
    }
    const request = new UpdateKeyRequest();
    request.privateKey = encPrivateKey != null ? encPrivateKey.encryptedString : null;
-    request.key = encKey[1].encryptedString;
+    request.key = newUserKey[1].encryptedString;
    request.masterPasswordHash = await this.cryptoService.hashPassword(this.masterPassword, null);

    await this.syncService.fullSync(true);
@@ -87,7 +87,7 @@ export class UpdateKeyComponent {
      if (folders[i].id == null) {
        continue;
      }
-      const folder = await this.folderService.encrypt(folders[i], encKey[0]);
+      const folder = await this.folderService.encrypt(folders[i], newUserKey[0]);
      request.folders.push(new FolderWithIdRequest(folder));
    }

@@ -96,7 +96,7 @@ export class UpdateKeyComponent {
      if (ciphers[i].organizationId != null) {
        continue;
      }
-      const cipher = await this.cipherService.encrypt(ciphers[i], encKey[0]);
+      const cipher = await this.cipherService.encrypt(ciphers[i], newUserKey[0]);
      request.ciphers.push(new CipherWithIdRequest(cipher));
    }

--- a/libs/angular/src/auth/components/login-with-device.component.ts
+++ b/libs/angular/src/auth/components/login-with-device.component.ts
@@ -22,7 +22,10 @@ import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/pl
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
 import { ValidationService } from "@bitwarden/common/platform/abstractions/validation.service";
 import { Utils } from "@bitwarden/common/platform/misc/utils";
-import { SymmetricCryptoKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
+import {
+  MasterKey,
+  SymmetricCryptoKey,
+} from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
 import { PasswordGenerationServiceAbstraction } from "@bitwarden/common/tools/generator/password";

 import { CaptchaProtectedComponent } from "./captcha-protected.component";
@@ -193,19 +196,22 @@ export class LoginWithDeviceComponent
    requestId: string,
    response: AuthRequestResponse
  ): Promise<PasswordlessLogInCredentials> {
-    const decKey = await this.cryptoService.rsaDecrypt(response.key, this.authRequestKeyPair[1]);
+    const decMasterKeyArray = await this.cryptoService.rsaDecrypt(
+      response.key,
+      this.authRequestKeyPair[1]
+    );
    const decMasterPasswordHash = await this.cryptoService.rsaDecrypt(
      response.masterPasswordHash,
      this.authRequestKeyPair[1]
    );
-    const key = new SymmetricCryptoKey(decKey);
+    const decMasterKey = new SymmetricCryptoKey(decMasterKeyArray) as MasterKey;
    const localHashedPassword = Utils.fromBufferToUtf8(decMasterPasswordHash);

    return new PasswordlessLogInCredentials(
      this.email,
      this.passwordlessRequest.accessCode,
      requestId,
-      key,
+      decMasterKey,
      localHashedPassword
    );
  }