PM-2713 Fix auto-migrating EncKeyEncrypted into MasterKey encrypted UserKey when requesting DecryptUserKeyWithMasterKeyAsync is called

2026-01-07 19:13:19 +00:00 · 2023-08-04 18:39:16 -03:00
parent 903f099134
commit bf749d39de
4 changed files with 21 additions and 5 deletions
--- a/src/Core/Services/CryptoService.cs
+++ b/src/Core/Services/CryptoService.cs
@@ -157,10 +157,26 @@ namespace Bit.Core.Services
            if (encUserKey == null)
            {
                var userKeyMasterKey = await _stateService.GetMasterKeyEncryptedUserKeyAsync(userId);
-                if (userKeyMasterKey == null)
+
+                if (userKeyMasterKey is null)
                {
-                    throw new Exception("No encrypted user key found");
+                    // Migrate old key
+                    var oldEncUserKey = await _stateService.GetEncKeyEncryptedAsync(userId);
+
+                    if (oldEncUserKey is null)
+                    {
+                        throw new Exception("No encrypted user key nor old encKeyEncrypted found");
+                    }
+
+                    var userKey = await DecryptUserKeyWithMasterKeyAsync(
+                        masterKey,
+                        new EncString(oldEncUserKey),
+                        userId
+                    );
+                    await SetMasterKeyEncryptedUserKeyAsync(oldEncUserKey, userId);
+                    return userKey;
                }
+
                encUserKey = new EncString(userKeyMasterKey);
            }

--- a/src/Core/Utilities/ServiceContainer.cs
+++ b/src/Core/Utilities/ServiceContainer.cs
@@ -78,7 +78,7 @@ namespace Bit.Core.Utilities
            var passwordGenerationService = new PasswordGenerationService(cryptoService, stateService, cryptoFunctionService, policyService);
            var totpService = new TotpService(cryptoFunctionService);
            var authService = new AuthService(cryptoService, cryptoFunctionService, apiService, stateService,
-                tokenService, appIdService, i18nService, platformUtilsService, messagingService, vaultTimeoutService,
+                tokenService, appIdService, i18nService, platformUtilsService, messagingService,
                keyConnectorService, passwordGenerationService, policyService);
            var exportService = new ExportService(folderService, cipherService, cryptoService);
            var auditService = new AuditService(cryptoFunctionService, apiService);
--- a/src/iOS.Core/Controllers/BaseLockPasswordViewController.cs
+++ b/src/iOS.Core/Controllers/BaseLockPasswordViewController.cs
@@ -121,7 +121,7 @@ namespace Bit.iOS.Core.Controllers
                    && await _cryptoService.HasEncryptedUserKeyAsync();
                _biometricIntegrityValid =
                    await _platformUtilsService.IsBiometricIntegrityValidAsync(BiometricIntegritySourceKey);
-                _usesKeyConnector = await _keyConnectorService.GetUsesKeyConnector();
+                _usesKeyConnector = await _keyConnectorService.GetUsesKeyConnectorAsync();
                _biometricUnlockOnly = _usesKeyConnector && _biometricEnabled && !_pinEnabled;
            }

--- a/src/iOS.Core/Controllers/LockPasswordViewController.cs
+++ b/src/iOS.Core/Controllers/LockPasswordViewController.cs
@@ -113,7 +113,7 @@ namespace Bit.iOS.Core.Controllers
                    && await _cryptoService.HasEncryptedUserKeyAsync();
                _biometricIntegrityValid =
                    await _platformUtilsService.IsBiometricIntegrityValidAsync(BiometricIntegritySourceKey);
-                _usesKeyConnector = await _keyConnectorService.GetUsesKeyConnector();
+                _usesKeyConnector = await _keyConnectorService.GetUsesKeyConnectorAsync();
                _biometricUnlockOnly = _usesKeyConnector && _biometricEnabled && !_pinEnabled;
            }