From bf749d39de5f33dcf3c9870e6619029279538846 Mon Sep 17 00:00:00 2001 From: Federico Maccaroni Date: Fri, 4 Aug 2023 18:39:16 -0300 Subject: [PATCH] PM-2713 Fix auto-migrating EncKeyEncrypted into MasterKey encrypted UserKey when requesting DecryptUserKeyWithMasterKeyAsync is called --- src/Core/Services/CryptoService.cs | 20 +++++++++++++++++-- src/Core/Utilities/ServiceContainer.cs | 2 +- .../BaseLockPasswordViewController.cs | 2 +- .../Controllers/LockPasswordViewController.cs | 2 +- 4 files changed, 21 insertions(+), 5 deletions(-) diff --git a/src/Core/Services/CryptoService.cs b/src/Core/Services/CryptoService.cs index dbfe99b74..1edabae3a 100644 --- a/src/Core/Services/CryptoService.cs +++ b/src/Core/Services/CryptoService.cs @@ -157,10 +157,26 @@ namespace Bit.Core.Services if (encUserKey == null) { var userKeyMasterKey = await _stateService.GetMasterKeyEncryptedUserKeyAsync(userId); - if (userKeyMasterKey == null) + + if (userKeyMasterKey is null) { - throw new Exception("No encrypted user key found"); + // Migrate old key + var oldEncUserKey = await _stateService.GetEncKeyEncryptedAsync(userId); + + if (oldEncUserKey is null) + { + throw new Exception("No encrypted user key nor old encKeyEncrypted found"); + } + + var userKey = await DecryptUserKeyWithMasterKeyAsync( + masterKey, + new EncString(oldEncUserKey), + userId + ); + await SetMasterKeyEncryptedUserKeyAsync(oldEncUserKey, userId); + return userKey; } + encUserKey = new EncString(userKeyMasterKey); } diff --git a/src/Core/Utilities/ServiceContainer.cs b/src/Core/Utilities/ServiceContainer.cs index 8cab68547..9c8b7909f 100644 --- a/src/Core/Utilities/ServiceContainer.cs +++ b/src/Core/Utilities/ServiceContainer.cs @@ -78,7 +78,7 @@ namespace Bit.Core.Utilities var passwordGenerationService = new PasswordGenerationService(cryptoService, stateService, cryptoFunctionService, policyService); var totpService = new TotpService(cryptoFunctionService); var authService = new AuthService(cryptoService, cryptoFunctionService, apiService, stateService, - tokenService, appIdService, i18nService, platformUtilsService, messagingService, vaultTimeoutService, + tokenService, appIdService, i18nService, platformUtilsService, messagingService, keyConnectorService, passwordGenerationService, policyService); var exportService = new ExportService(folderService, cipherService, cryptoService); var auditService = new AuditService(cryptoFunctionService, apiService); diff --git a/src/iOS.Core/Controllers/BaseLockPasswordViewController.cs b/src/iOS.Core/Controllers/BaseLockPasswordViewController.cs index db5ce6f67..87a880676 100644 --- a/src/iOS.Core/Controllers/BaseLockPasswordViewController.cs +++ b/src/iOS.Core/Controllers/BaseLockPasswordViewController.cs @@ -121,7 +121,7 @@ namespace Bit.iOS.Core.Controllers && await _cryptoService.HasEncryptedUserKeyAsync(); _biometricIntegrityValid = await _platformUtilsService.IsBiometricIntegrityValidAsync(BiometricIntegritySourceKey); - _usesKeyConnector = await _keyConnectorService.GetUsesKeyConnector(); + _usesKeyConnector = await _keyConnectorService.GetUsesKeyConnectorAsync(); _biometricUnlockOnly = _usesKeyConnector && _biometricEnabled && !_pinEnabled; } diff --git a/src/iOS.Core/Controllers/LockPasswordViewController.cs b/src/iOS.Core/Controllers/LockPasswordViewController.cs index eff86b50e..0951b86f0 100644 --- a/src/iOS.Core/Controllers/LockPasswordViewController.cs +++ b/src/iOS.Core/Controllers/LockPasswordViewController.cs @@ -113,7 +113,7 @@ namespace Bit.iOS.Core.Controllers && await _cryptoService.HasEncryptedUserKeyAsync(); _biometricIntegrityValid = await _platformUtilsService.IsBiometricIntegrityValidAsync(BiometricIntegritySourceKey); - _usesKeyConnector = await _keyConnectorService.GetUsesKeyConnector(); + _usesKeyConnector = await _keyConnectorService.GetUsesKeyConnectorAsync(); _biometricUnlockOnly = _usesKeyConnector && _biometricEnabled && !_pinEnabled; }