[PM-2713] more conversions to new crypto service api

2025-12-05 23:53:33 +00:00 · 2023-07-18 21:56:33 -04:00
parent 7c664f58b3
commit 7fdc5597fc
5 changed files with 14 additions and 52 deletions
--- a/src/App/Pages/Accounts/SetPasswordPageViewModel.cs
+++ b/src/App/Pages/Accounts/SetPasswordPageViewModel.cs
@@ -165,26 +165,18 @@ namespace Bit.App.Pages

            var kdfConfig = new KdfConfig(KdfType.PBKDF2_SHA256, Constants.Pbkdf2Iterations, null, null);
            var email = await _stateService.GetEmailAsync();
-            var masterKey = await _cryptoService.MakeMasterKeyAsync(MasterPassword, email, kdfConfig);
-            var masterPasswordHash = await _cryptoService.HashPasswordAsync(MasterPassword, masterKey, HashPurpose.ServerAuthorization);
-            var localMasterPasswordHash = await _cryptoService.HashPasswordAsync(MasterPassword, masterKey, HashPurpose.LocalAuthorization);
+            var newMasterKey = await _cryptoService.MakeMasterKeyAsync(MasterPassword, email, kdfConfig);
+            var masterPasswordHash = await _cryptoService.HashPasswordAsync(MasterPassword, newMasterKey, HashPurpose.ServerAuthorization);
+            var localMasterPasswordHash = await _cryptoService.HashPasswordAsync(MasterPassword, newMasterKey, HashPurpose.LocalAuthorization);

-            Tuple<SymmetricCryptoKey, EncString> encKey;
-            var existingEncKey = await _cryptoService.GetEncKeyAsync();
-            if (existingEncKey == null)
-            {
-                encKey = await _cryptoService.MakeEncKeyAsync(masterKey);
-            }
-            else
-            {
-                encKey = await _cryptoService.RemakeEncKeyAsync(masterKey);
-            }
+            var (newUserKey, newProtectedUserKey) = await _cryptoService.EncryptUserKeyWithMasterKeyAsync(newMasterKey,
+                await _cryptoService.GetUserKeyAsync() ?? await _cryptoService.MakeUserKeyAsync());

-            var keys = await _cryptoService.MakeKeyPairAsync(encKey.Item1);
+            var keys = await _cryptoService.MakeKeyPairAsync(newUserKey);
            var request = new SetPasswordRequest
            {
                MasterPasswordHash = masterPasswordHash,
-                Key = encKey.Item2.EncryptedString,
+                Key = newProtectedUserKey.EncryptedString,
                MasterPasswordHint = Hint,
                Kdf = kdfConfig.Type.GetValueOrDefault(KdfType.PBKDF2_SHA256),
                KdfIterations = kdfConfig.Iterations.GetValueOrDefault(Constants.Pbkdf2Iterations),
@@ -204,9 +196,9 @@ namespace Bit.App.Pages
                // Set Password and relevant information
                await _apiService.SetPasswordAsync(request);
                await _stateService.SetKdfConfigurationAsync(kdfConfig);
-                await _cryptoService.SetMasterKeyAsync(masterKey);
+                await _cryptoService.SetMasterKeyAsync(newMasterKey);
                await _cryptoService.SetPasswordHashAsync(localMasterPasswordHash);
-                await _cryptoService.SetEncKeyAsync(encKey.Item2.EncryptedString);
+                await _cryptoService.SetMasterKeyEncryptedUserKeyAsync(newProtectedUserKey.EncryptedString);
                await _cryptoService.SetPrivateKeyAsync(keys.Item2.EncryptedString);

                if (ResetPasswordAutoEnroll)
--- a/src/App/Pages/Accounts/UpdateTempPasswordPageViewModel.cs
+++ b/src/App/Pages/Accounts/UpdateTempPasswordPageViewModel.cs
@@ -97,8 +97,8 @@ namespace Bit.App.Pages
            var masterKey = await _cryptoService.MakeMasterKeyAsync(MasterPassword, email, kdfConfig);
            var masterPasswordHash = await _cryptoService.HashPasswordAsync(MasterPassword, masterKey);

-            // Create new encKey for the User
-            var newEncKey = await _cryptoService.RemakeEncKeyAsync(masterKey);
+            // Encrypt user key with new master key
+            var (userKey, newProtectedUserKey) = await _cryptoService.EncryptUserKeyWithMasterKeyAsync(masterKey);

            // Initiate API action
            try
@@ -108,10 +108,10 @@ namespace Bit.App.Pages
                switch (_reason)
                {
                    case ForcePasswordResetReason.AdminForcePasswordReset:
-                        await UpdateTempPasswordAsync(masterPasswordHash, newEncKey.Item2.EncryptedString);
+                        await UpdateTempPasswordAsync(masterPasswordHash, newProtectedUserKey.EncryptedString);
                        break;
                    case ForcePasswordResetReason.WeakMasterPasswordOnLogin:
-                        await UpdatePasswordAsync(masterPasswordHash, newEncKey.Item2.EncryptedString);
+                        await UpdatePasswordAsync(masterPasswordHash, newProtectedUserKey.EncryptedString);
                        break;
                    default:
                        throw new ArgumentOutOfRangeException();
--- a/src/Core/Abstractions/ICryptoService.cs
+++ b/src/Core/Abstractions/ICryptoService.cs
@@ -73,10 +73,8 @@ namespace Bit.Core.Abstractions
        Task<bool> HasEncKeyAsync();
        Task<bool> HasKeyAsync(string userId = null);
        Task<Tuple<SymmetricCryptoKey, EncString>> MakeEncKeyAsync(SymmetricCryptoKey key);
-        Task<SymmetricCryptoKey> MakeKeyFromPinAsync(string pin, string salt, KdfConfig config, EncString protectedKeyEs = null);
        // TODO(Jake): This isn't used, delete
        Task<Tuple<EncString, SymmetricCryptoKey>> MakeShareKeyAsync();
-        Task<Tuple<SymmetricCryptoKey, EncString>> RemakeEncKeyAsync(SymmetricCryptoKey key);
        Task SetEncKeyAsync(string encKey);
        Task SetKeyAsync(SymmetricCryptoKey key);
    }
--- a/src/Core/Services/CryptoService.cs
+++ b/src/Core/Services/CryptoService.cs
@@ -1193,23 +1193,6 @@ namespace Bit.Core.Services
        }


-        public async Task<SymmetricCryptoKey> MakeKeyFromPinAsync(string pin, string salt,
-            KdfConfig config, EncString protectedKeyCs = null)
-        {
-            if (protectedKeyCs == null)
-            {
-                var pinProtectedKey = await _stateService.GetPinProtectedAsync();
-                if (pinProtectedKey == null)
-                {
-                    throw new Exception("No PIN protected key found.");
-                }
-                protectedKeyCs = new EncString(pinProtectedKey);
-            }
-            var pinKey = await MakePinKeyAsync(pin, salt, config);
-            var decKey = await DecryptToBytesAsync(protectedKeyCs, pinKey);
-            return new SymmetricCryptoKey(decKey);
-        }
-
        // TODO(Jake): This isn't used, delete
        public async Task<Tuple<EncString, SymmetricCryptoKey>> MakeShareKeyAsync()
        {
@@ -1230,16 +1213,5 @@ namespace Bit.Core.Services
            return await BuildProtectedSymmetricKey<SymmetricCryptoKey>(theKey, encKey);
        }

-        public async Task<Tuple<SymmetricCryptoKey, EncString>> RemakeEncKeyAsync(SymmetricCryptoKey key)
-        {
-            var encKey = await GetEncKeyAsync();
-            return await BuildProtectedSymmetricKey<SymmetricCryptoKey>(key, encKey.Key);
-        }
-
-
-
-
-
-
    }
 }
--- a/src/Core/Services/SyncService.cs
+++ b/src/Core/Services/SyncService.cs
@@ -327,7 +327,7 @@ namespace Bit.Core.Services
                }
                return;
            }
-            await _cryptoService.SetEncKeyAsync(response.Key);
+            await _cryptoService.SetMasterKeyEncryptedUserKeyAsync(response.Key);
            await _cryptoService.SetPrivateKeyAsync(response.PrivateKey);
            await _cryptoService.SetOrgKeysAsync(response.Organizations);
            await _stateService.SetSecurityStampAsync(response.SecurityStamp);