From 7fdc5597fcb7d717e05477248611b533592ddb6e Mon Sep 17 00:00:00 2001
From: Jacob Fink <jfink@bitwarden.com>
Date: Tue, 18 Jul 2023 21:56:33 -0400
Subject: [PATCH] [PM-2713] more conversions to new crypto service api

---
 .../Accounts/SetPasswordPageViewModel.cs      | 26 ++++++-----------
 .../UpdateTempPasswordPageViewModel.cs        |  8 +++---
 src/Core/Abstractions/ICryptoService.cs       |  2 --
 src/Core/Services/CryptoService.cs            | 28 -------------------
 src/Core/Services/SyncService.cs              |  2 +-
 5 files changed, 14 insertions(+), 52 deletions(-)

diff --git a/src/App/Pages/Accounts/SetPasswordPageViewModel.cs b/src/App/Pages/Accounts/SetPasswordPageViewModel.cs
index 7df29a1ab..ad477338f 100644
--- a/src/App/Pages/Accounts/SetPasswordPageViewModel.cs
+++ b/src/App/Pages/Accounts/SetPasswordPageViewModel.cs
@@ -165,26 +165,18 @@ namespace Bit.App.Pages
 
             var kdfConfig = new KdfConfig(KdfType.PBKDF2_SHA256, Constants.Pbkdf2Iterations, null, null);
             var email = await _stateService.GetEmailAsync();
-            var masterKey = await _cryptoService.MakeMasterKeyAsync(MasterPassword, email, kdfConfig);
-            var masterPasswordHash = await _cryptoService.HashPasswordAsync(MasterPassword, masterKey, HashPurpose.ServerAuthorization);
-            var localMasterPasswordHash = await _cryptoService.HashPasswordAsync(MasterPassword, masterKey, HashPurpose.LocalAuthorization);
+            var newMasterKey = await _cryptoService.MakeMasterKeyAsync(MasterPassword, email, kdfConfig);
+            var masterPasswordHash = await _cryptoService.HashPasswordAsync(MasterPassword, newMasterKey, HashPurpose.ServerAuthorization);
+            var localMasterPasswordHash = await _cryptoService.HashPasswordAsync(MasterPassword, newMasterKey, HashPurpose.LocalAuthorization);
 
-            Tuple<SymmetricCryptoKey, EncString> encKey;
-            var existingEncKey = await _cryptoService.GetEncKeyAsync();
-            if (existingEncKey == null)
-            {
-                encKey = await _cryptoService.MakeEncKeyAsync(masterKey);
-            }
-            else
-            {
-                encKey = await _cryptoService.RemakeEncKeyAsync(masterKey);
-            }
+            var (newUserKey, newProtectedUserKey) = await _cryptoService.EncryptUserKeyWithMasterKeyAsync(newMasterKey,
+                await _cryptoService.GetUserKeyAsync() ?? await _cryptoService.MakeUserKeyAsync());
 
-            var keys = await _cryptoService.MakeKeyPairAsync(encKey.Item1);
+            var keys = await _cryptoService.MakeKeyPairAsync(newUserKey);
             var request = new SetPasswordRequest
             {
                 MasterPasswordHash = masterPasswordHash,
-                Key = encKey.Item2.EncryptedString,
+                Key = newProtectedUserKey.EncryptedString,
                 MasterPasswordHint = Hint,
                 Kdf = kdfConfig.Type.GetValueOrDefault(KdfType.PBKDF2_SHA256),
                 KdfIterations = kdfConfig.Iterations.GetValueOrDefault(Constants.Pbkdf2Iterations),
@@ -204,9 +196,9 @@ namespace Bit.App.Pages
                 // Set Password and relevant information
                 await _apiService.SetPasswordAsync(request);
                 await _stateService.SetKdfConfigurationAsync(kdfConfig);
-                await _cryptoService.SetMasterKeyAsync(masterKey);
+                await _cryptoService.SetMasterKeyAsync(newMasterKey);
                 await _cryptoService.SetPasswordHashAsync(localMasterPasswordHash);
-                await _cryptoService.SetEncKeyAsync(encKey.Item2.EncryptedString);
+                await _cryptoService.SetMasterKeyEncryptedUserKeyAsync(newProtectedUserKey.EncryptedString);
                 await _cryptoService.SetPrivateKeyAsync(keys.Item2.EncryptedString);
 
                 if (ResetPasswordAutoEnroll)
diff --git a/src/App/Pages/Accounts/UpdateTempPasswordPageViewModel.cs b/src/App/Pages/Accounts/UpdateTempPasswordPageViewModel.cs
index a6de632ca..7d8ec85f0 100644
--- a/src/App/Pages/Accounts/UpdateTempPasswordPageViewModel.cs
+++ b/src/App/Pages/Accounts/UpdateTempPasswordPageViewModel.cs
@@ -97,8 +97,8 @@ namespace Bit.App.Pages
             var masterKey = await _cryptoService.MakeMasterKeyAsync(MasterPassword, email, kdfConfig);
             var masterPasswordHash = await _cryptoService.HashPasswordAsync(MasterPassword, masterKey);
 
-            // Create new encKey for the User
-            var newEncKey = await _cryptoService.RemakeEncKeyAsync(masterKey);
+            // Encrypt user key with new master key
+            var (userKey, newProtectedUserKey) = await _cryptoService.EncryptUserKeyWithMasterKeyAsync(masterKey);
 
             // Initiate API action
             try
@@ -108,10 +108,10 @@ namespace Bit.App.Pages
                 switch (_reason)
                 {
                     case ForcePasswordResetReason.AdminForcePasswordReset:
-                        await UpdateTempPasswordAsync(masterPasswordHash, newEncKey.Item2.EncryptedString);
+                        await UpdateTempPasswordAsync(masterPasswordHash, newProtectedUserKey.EncryptedString);
                         break;
                     case ForcePasswordResetReason.WeakMasterPasswordOnLogin:
-                        await UpdatePasswordAsync(masterPasswordHash, newEncKey.Item2.EncryptedString);
+                        await UpdatePasswordAsync(masterPasswordHash, newProtectedUserKey.EncryptedString);
                         break;
                     default:
                         throw new ArgumentOutOfRangeException();
diff --git a/src/Core/Abstractions/ICryptoService.cs b/src/Core/Abstractions/ICryptoService.cs
index 6b10b8ce1..a576637d1 100644
--- a/src/Core/Abstractions/ICryptoService.cs
+++ b/src/Core/Abstractions/ICryptoService.cs
@@ -73,10 +73,8 @@ namespace Bit.Core.Abstractions
         Task<bool> HasEncKeyAsync();
         Task<bool> HasKeyAsync(string userId = null);
         Task<Tuple<SymmetricCryptoKey, EncString>> MakeEncKeyAsync(SymmetricCryptoKey key);
-        Task<SymmetricCryptoKey> MakeKeyFromPinAsync(string pin, string salt, KdfConfig config, EncString protectedKeyEs = null);
         // TODO(Jake): This isn't used, delete
         Task<Tuple<EncString, SymmetricCryptoKey>> MakeShareKeyAsync();
-        Task<Tuple<SymmetricCryptoKey, EncString>> RemakeEncKeyAsync(SymmetricCryptoKey key);
         Task SetEncKeyAsync(string encKey);
         Task SetKeyAsync(SymmetricCryptoKey key);
     }
diff --git a/src/Core/Services/CryptoService.cs b/src/Core/Services/CryptoService.cs
index d5ed33e04..1aa5412c2 100644
--- a/src/Core/Services/CryptoService.cs
+++ b/src/Core/Services/CryptoService.cs
@@ -1193,23 +1193,6 @@ namespace Bit.Core.Services
         }
 
 
-        public async Task<SymmetricCryptoKey> MakeKeyFromPinAsync(string pin, string salt,
-            KdfConfig config, EncString protectedKeyCs = null)
-        {
-            if (protectedKeyCs == null)
-            {
-                var pinProtectedKey = await _stateService.GetPinProtectedAsync();
-                if (pinProtectedKey == null)
-                {
-                    throw new Exception("No PIN protected key found.");
-                }
-                protectedKeyCs = new EncString(pinProtectedKey);
-            }
-            var pinKey = await MakePinKeyAsync(pin, salt, config);
-            var decKey = await DecryptToBytesAsync(protectedKeyCs, pinKey);
-            return new SymmetricCryptoKey(decKey);
-        }
-
         // TODO(Jake): This isn't used, delete
         public async Task<Tuple<EncString, SymmetricCryptoKey>> MakeShareKeyAsync()
         {
@@ -1230,16 +1213,5 @@ namespace Bit.Core.Services
             return await BuildProtectedSymmetricKey<SymmetricCryptoKey>(theKey, encKey);
         }
 
-        public async Task<Tuple<SymmetricCryptoKey, EncString>> RemakeEncKeyAsync(SymmetricCryptoKey key)
-        {
-            var encKey = await GetEncKeyAsync();
-            return await BuildProtectedSymmetricKey<SymmetricCryptoKey>(key, encKey.Key);
-        }
-
-
-
-
-
-
     }
 }
diff --git a/src/Core/Services/SyncService.cs b/src/Core/Services/SyncService.cs
index 291292453..2763a8e0d 100644
--- a/src/Core/Services/SyncService.cs
+++ b/src/Core/Services/SyncService.cs
@@ -327,7 +327,7 @@ namespace Bit.Core.Services
                 }
                 return;
             }
-            await _cryptoService.SetEncKeyAsync(response.Key);
+            await _cryptoService.SetMasterKeyEncryptedUserKeyAsync(response.Key);
             await _cryptoService.SetPrivateKeyAsync(response.PrivateKey);
             await _cryptoService.SetOrgKeysAsync(response.Organizations);
             await _stateService.SetSecurityStampAsync(response.SecurityStamp);