diff --git a/src/Core/Abstractions/ICryptoService.cs b/src/Core/Abstractions/ICryptoService.cs index 564440bbe..040068b24 100644 --- a/src/Core/Abstractions/ICryptoService.cs +++ b/src/Core/Abstractions/ICryptoService.cs @@ -25,7 +25,7 @@ namespace Bit.Core.Abstractions Task ClearMasterKeyAsync(string userId = null); Task> EncryptUserKeyWithMasterKeyAsync(MasterKey masterKey); Task DecryptUserKeyWithMasterKeyAsync(MasterKey masterKey, EncString encUserKey = null, string userId = null); - Task> MakeDataEncKeyAsync(TKey key) where TKey : SymmetricCryptoKey; + Task> MakeDataEncKeyAsync(SymmetricCryptoKey key); Task HashMasterKeyAsync(string password, MasterKey key, HashPurpose hashPurpose = HashPurpose.ServerAuthorization); Task SetMasterKeyHashAsync(string keyHash); Task GetMasterKeyHashAsync(); diff --git a/src/Core/Abstractions/IStateService.cs b/src/Core/Abstractions/IStateService.cs index 2f9c11be5..add556dcf 100644 --- a/src/Core/Abstractions/IStateService.cs +++ b/src/Core/Abstractions/IStateService.cs @@ -49,14 +49,6 @@ namespace Bit.Core.Abstractions Task GetPinKeyEncryptedUserKeyEphemeralAsync(string userId = null); Task SetPinKeyEncryptedUserKeyEphemeralAsync(EncString value, string userId = null); Task SetProtectedPinAsync(string value, string userId = null); - [Obsolete("Use GetUserKeyPinAsync instead, left for migration purposes")] - Task GetPinProtectedAsync(string userId = null); - [Obsolete("Use SetUserKeyPinAsync instead")] - Task SetPinProtectedAsync(string value, string userId = null); - [Obsolete("Use GetUserKeyPinEphemeralAsync instead, left for migration purposes")] - Task GetPinProtectedKeyAsync(string userId = null); - [Obsolete("Use SetUserKeyPinEphemeralAsync instead")] - Task SetPinProtectedKeyAsync(EncString value, string userId = null); Task SetKdfConfigurationAsync(KdfConfig config, string userId = null); Task GetKeyHashAsync(string userId = null); Task SetKeyHashAsync(string value, string userId = null); @@ -184,17 +176,21 @@ namespace Bit.Core.Abstractions void SetLocale(string locale); ConfigResponse GetConfigs(); void SetConfigs(ConfigResponse value); - [Obsolete("Use GetUserKeyMasterKey instead")] + [Obsolete("Use GetPinKeyEncryptedUserKeyAsync instead, left for migration purposes")] + Task GetPinProtectedAsync(string userId = null); + [Obsolete("Use SetPinKeyEncryptedUserKeyAsync instead, left for migration purposes")] + Task SetPinProtectedAsync(string value, string userId = null); + [Obsolete("Use GetPinKeyEncryptedUserKeyEphemeralAsync instead, left for migration purposes")] + Task GetPinProtectedKeyAsync(string userId = null); + [Obsolete("Use SetPinKeyEncryptedUserKeyEphemeralAsync instead, left for migration purposes")] + Task SetPinProtectedKeyAsync(EncString value, string userId = null); + [Obsolete("Use GetMasterKeyEncryptedUserKeyAsync instead, left for migration purposes")] Task GetEncKeyEncryptedAsync(string userId = null); - [Obsolete("Use SetUserKeyMasterKey instead")] + [Obsolete("Use SetMasterKeyEncryptedUserKeyAsync instead, left for migration purposes")] Task SetEncKeyEncryptedAsync(string value, string userId = null); - [Obsolete] - Task GetKeyEncryptedAsync(string userId = null); - [Obsolete] + [Obsolete("Left for migration purposes")] Task SetKeyEncryptedAsync(string value, string userId = null); - [Obsolete("Use GetMasterKey instead")] + [Obsolete("Use GetMasterKeyAsync instead, left for migration purposes")] Task GetKeyDecryptedAsync(string userId = null); - [Obsolete("Use GetMasterKey instead")] - Task SetKeyDecryptedAsync(SymmetricCryptoKey value, string userId = null); } } diff --git a/src/Core/Services/CipherService.cs b/src/Core/Services/CipherService.cs index 5b424f1b5..d34b20e43 100644 --- a/src/Core/Services/CipherService.cs +++ b/src/Core/Services/CipherService.cs @@ -797,17 +797,10 @@ namespace Bit.Core.Services private async Task> MakeAttachmentKeyAsync(string organizationId) { - SymmetricCryptoKey attachmentKey; - EncString protectedAttachmentKey; - var orgKey = await _cryptoService.GetOrgKeyAsync(organizationId); - if (orgKey != null) - { - (attachmentKey, protectedAttachmentKey) = await _cryptoService.MakeDataEncKeyAsync(orgKey); - return new Tuple(attachmentKey, protectedAttachmentKey, orgKey); - } - var userKey = await _cryptoService.GetUserKeyWithLegacySupportAsync(); - (attachmentKey, protectedAttachmentKey) = await _cryptoService.MakeDataEncKeyAsync(userKey); - return new Tuple(attachmentKey, protectedAttachmentKey, userKey); + var encryptionKey = await _cryptoService.GetOrgKeyAsync(organizationId) + ?? (SymmetricCryptoKey)await _cryptoService.GetUserKeyWithLegacySupportAsync(); + var (attachmentKey, protectedAttachmentKey) = await _cryptoService.MakeDataEncKeyAsync(encryptionKey); + return new Tuple(attachmentKey, protectedAttachmentKey, encryptionKey); } private async Task ShareAttachmentWithServerAsync(AttachmentView attachmentView, string cipherId, diff --git a/src/Core/Services/CryptoService.cs b/src/Core/Services/CryptoService.cs index e381423d6..5786cb19c 100644 --- a/src/Core/Services/CryptoService.cs +++ b/src/Core/Services/CryptoService.cs @@ -184,16 +184,15 @@ namespace Bit.Core.Services return new UserKey(decUserKey); } - public async Task> MakeDataEncKeyAsync(TKey key) - where TKey : SymmetricCryptoKey + public async Task> MakeDataEncKeyAsync(SymmetricCryptoKey key) { if (key is null) { throw new ArgumentNullException(nameof(key)); } - if (typeof(TKey) != typeof(UserKey) && typeof(TKey) != typeof(OrgKey)) + if (!(key is UserKey) && !(key is OrgKey)) { - throw new ArgumentException($"Data encryption keys must be of type UserKey or OrgKey. {typeof(TKey)} unsupported."); + throw new ArgumentException($"Data encryption keys must be of type UserKey or OrgKey. {key.GetType().FullName} unsupported."); } var newSymKey = await _cryptoFunctionService.RandomBytesAsync(64); @@ -970,6 +969,8 @@ namespace Bit.Core.Services var encPin = await EncryptAsync(pin, userKey); await _stateService.SetProtectedPinAsync(encPin.EncryptedString); } + // Clear old key + await _stateService.SetEncKeyEncryptedAsync(null); return userKey; } diff --git a/src/Core/Services/StateService.cs b/src/Core/Services/StateService.cs index 2caa36144..27349421c 100644 --- a/src/Core/Services/StateService.cs +++ b/src/Core/Services/StateService.cs @@ -422,39 +422,6 @@ namespace Bit.Core.Services await SaveAccountAsync(account, reconciledOptions); } - [Obsolete("Use GetPinKeyEncryptedUserKeyAsync instead, left for migration purposes")] - public async Task GetPinProtectedAsync(string userId = null) - { - var reconciledOptions = ReconcileOptions(new StorageOptions { UserId = userId }, - await GetDefaultStorageOptionsAsync()); - return await GetValueAsync(Constants.PinProtectedKey(reconciledOptions.UserId), reconciledOptions); - } - - [Obsolete("Use SetPinKeyEncryptedUserKeyAsync instead")] - public async Task SetPinProtectedAsync(string value, string userId = null) - { - var reconciledOptions = ReconcileOptions(new StorageOptions { UserId = userId }, - await GetDefaultStorageOptionsAsync()); - await SetValueAsync(Constants.PinProtectedKey(reconciledOptions.UserId), value, reconciledOptions); - } - - [Obsolete("Use GetPinKeyEncryptedUserKeyEphemeralAsync instead, left for migration purposes")] - public async Task GetPinProtectedKeyAsync(string userId = null) - { - return (await GetAccountAsync( - ReconcileOptions(new StorageOptions { UserId = userId }, await GetDefaultInMemoryOptionsAsync()) - ))?.VolatileData?.PinProtectedKey; - } - - [Obsolete("Use SetPinKeyEncryptedUserKeyEphemeralAsync instead")] - public async Task SetPinProtectedKeyAsync(EncString value, string userId = null) - { - var reconciledOptions = ReconcileOptions(new StorageOptions { UserId = userId }, - await GetDefaultInMemoryOptionsAsync()); - var account = await GetAccountAsync(reconciledOptions); - account.VolatileData.PinProtectedKey = value; - await SaveAccountAsync(account, reconciledOptions); - } public async Task SetKdfConfigurationAsync(KdfConfig config, string userId = null) { @@ -1688,7 +1655,41 @@ namespace Bit.Core.Services shouldConnect ?? await GetShouldConnectToWatchAsync(), await GetDefaultStorageOptionsAsync()); } - [Obsolete] + [Obsolete("Use GetPinKeyEncryptedUserKeyAsync instead, left for migration purposes")] + public async Task GetPinProtectedAsync(string userId = null) + { + var reconciledOptions = ReconcileOptions(new StorageOptions { UserId = userId }, + await GetDefaultStorageOptionsAsync()); + return await GetValueAsync(Constants.PinProtectedKey(reconciledOptions.UserId), reconciledOptions); + } + + [Obsolete("Use SetPinKeyEncryptedUserKeyAsync instead")] + public async Task SetPinProtectedAsync(string value, string userId = null) + { + var reconciledOptions = ReconcileOptions(new StorageOptions { UserId = userId }, + await GetDefaultStorageOptionsAsync()); + await SetValueAsync(Constants.PinProtectedKey(reconciledOptions.UserId), value, reconciledOptions); + } + + [Obsolete("Use GetPinKeyEncryptedUserKeyEphemeralAsync instead, left for migration purposes")] + public async Task GetPinProtectedKeyAsync(string userId = null) + { + return (await GetAccountAsync( + ReconcileOptions(new StorageOptions { UserId = userId }, await GetDefaultInMemoryOptionsAsync()) + ))?.VolatileData?.PinProtectedKey; + } + + [Obsolete("Use SetPinKeyEncryptedUserKeyEphemeralAsync instead")] + public async Task SetPinProtectedKeyAsync(EncString value, string userId = null) + { + var reconciledOptions = ReconcileOptions(new StorageOptions { UserId = userId }, + await GetDefaultInMemoryOptionsAsync()); + var account = await GetAccountAsync(reconciledOptions); + account.VolatileData.PinProtectedKey = value; + await SaveAccountAsync(account, reconciledOptions); + } + + [Obsolete("Use GetMasterKeyEncryptedUserKeyAsync instead, left for migration purposes")] public async Task GetEncKeyEncryptedAsync(string userId = null) { var reconciledOptions = ReconcileOptions(new StorageOptions { UserId = userId }, @@ -1696,7 +1697,7 @@ namespace Bit.Core.Services return await GetValueAsync(Constants.EncKeyKey(reconciledOptions.UserId), reconciledOptions); } - [Obsolete] + [Obsolete("Use SetMasterKeyEncryptedUserKeyAsync instead, left for migration purposes")] public async Task SetEncKeyEncryptedAsync(string value, string userId) { var reconciledOptions = ReconcileOptions(new StorageOptions { UserId = userId }, @@ -1704,15 +1705,7 @@ namespace Bit.Core.Services await SetValueAsync(Constants.EncKeyKey(reconciledOptions.UserId), value, reconciledOptions); } - [Obsolete] - public async Task GetKeyEncryptedAsync(string userId = null) - { - var reconciledOptions = ReconcileOptions(new StorageOptions { UserId = userId }, - await GetDefaultSecureStorageOptionsAsync()); - return await GetValueAsync(Constants.KeyKey(reconciledOptions.UserId), reconciledOptions); - } - - [Obsolete] + [Obsolete("Left for migration purposes")] public async Task SetKeyEncryptedAsync(string value, string userId) { var reconciledOptions = ReconcileOptions(new StorageOptions { UserId = userId }, @@ -1720,22 +1713,12 @@ namespace Bit.Core.Services await SetValueAsync(Constants.KeyKey(reconciledOptions.UserId), value, reconciledOptions); } - [Obsolete] + [Obsolete("Use GetMasterKeyAsync instead, left for migration purposes")] public async Task GetKeyDecryptedAsync(string userId = null) { return (await GetAccountAsync( ReconcileOptions(new StorageOptions { UserId = userId }, await GetDefaultInMemoryOptionsAsync()) ))?.VolatileData?.Key; } - - [Obsolete] - public async Task SetKeyDecryptedAsync(SymmetricCryptoKey value, string userId = null) - { - var reconciledOptions = ReconcileOptions(new StorageOptions { UserId = userId }, - await GetDefaultInMemoryOptionsAsync()); - var account = await GetAccountAsync(reconciledOptions); - account.VolatileData.Key = value; - await SaveAccountAsync(account, reconciledOptions); - } } }