Merge 25e394eb5e into e16074a73e

2024-05-17 10:51:02 +00:00 · 2024-05-17 10:51:02 +00:00 · 7c460f405e
parent e16074a73e 25e394eb5e
commit 7c460f405e
4 changed files with 47 additions and 16 deletions
--- a/src/Core/Models/Domain/Attachment.cs
+++ b/src/Core/Models/Domain/Attachment.cs
@ -34,6 +34,7 @@ namespace Bit.Core.Models.Domain
        public string SizeName { get; set; }
        public EncString Key { get; set; }
        public EncString FileName { get; set; }
+        public EncString CipherKey { get; set; }

        public async Task<AttachmentView> DecryptAsync(string orgId, SymmetricCryptoKey key = null)
        {
--- a/src/Core/Models/Domain/Cipher.cs
+++ b/src/Core/Models/Domain/Cipher.cs
@ -134,14 +134,24 @@ namespace Bit.Core.Models.Domain
            {
                model.Attachments = new List<AttachmentView>();
                var tasks = new List<Task>();
-                async Task decryptAndAddAttachmentAsync(Attachment attachment)
+                async Task decryptAndAddAttachmentAsync(Attachment attachment, SymmetricCryptoKey decKey)
                {
-                    var decAttachment = await attachment.DecryptAsync(OrganizationId, model.Key);
+                    var decAttachment = await attachment.DecryptAsync(OrganizationId, model.Key ?? decKey);
                    model.Attachments.Add(decAttachment);
                }
+                var cryptoService = ServiceContainer.Resolve<ICryptoService>();
                foreach (var attachment in Attachments)
                {
-                    tasks.Add(decryptAndAddAttachmentAsync(attachment));
+                    SymmetricCryptoKey decKey = null;
+                    //If the cipher.key is null but the attachment.cipherKey has a value we will use it to decrypt the attachment
+                    if (Key == null && attachment.CipherKey != null)
+                    {
+                        var orgKey = await cryptoService.GetOrgKeyAsync(OrganizationId);
+
+                        var key = await cryptoService.DecryptToBytesAsync(attachment.CipherKey, orgKey);
+                        decKey = new CipherKey(key);
+                    }
+                    tasks.Add(decryptAndAddAttachmentAsync(attachment, decKey));
                }
                await Task.WhenAll(tasks);
            }
--- a/src/Core/Models/View/AttachmentView.cs
+++ b/src/Core/Models/View/AttachmentView.cs
@ -20,6 +20,7 @@ namespace Bit.Core.Models.View
        public string SizeName { get; set; }
        public string FileName { get; set; }
        public SymmetricCryptoKey Key { get; set; }
+        public CipherKey CipherKey { get; set; }

        public long FileSize
        {
--- a/src/Core/Services/CipherService.cs
+++ b/src/Core/Services/CipherService.cs
@ -571,25 +571,39 @@ namespace Bit.Core.Services
            await UpsertAsync(data);
        }

-        public async Task ShareWithServerAsync(CipherView cipher, string organizationId, HashSet<string> collectionIds)
+        public async Task ShareWithServerAsync(CipherView cipherView, string organizationId, HashSet<string> collectionIds)
        {
            var attachmentTasks = new List<Task>();
-            if (cipher.Attachments != null)
+            Cipher cipher = null;
+            //If the cipher doesn't have a key, we update it 
+            if(cipherView.Key == null)
            {
-                foreach (var attachment in cipher.Attachments)
+                cipher = await EncryptAsync(cipherView);
+                var putCipherRequest = new CipherRequest(cipher);
+                var putCipherResponse = await _apiService.PutCipherAsync(cipherView.Id, putCipherRequest);
+                var cipherData = new CipherData(putCipherResponse, await _stateService.GetActiveUserIdAsync());
+                await UpsertAsync(cipherData);
+                cipher = await GetAsync(cipherView.Id);
+                cipherView = await cipher.DecryptAsync();
+            }
+
+            if (cipherView.Attachments != null)
+            {
+                foreach (var attachment in cipherView.Attachments)
                {
                    if (attachment.Key == null)
                    {
-                        attachmentTasks.Add(ShareAttachmentWithServerAsync(attachment, cipher.Id, organizationId));
+                        attachmentTasks.Add(ShareAttachmentWithServerAsync(attachment, cipherView.Id, organizationId, cipherView.Key, cipher?.Key));
+                        attachment.CipherKey = cipherView.Key;
                    }
                }
            }
            await Task.WhenAll(attachmentTasks);
-            cipher.OrganizationId = organizationId;
-            cipher.CollectionIds = collectionIds;
-            var encCipher = await EncryptAsync(cipher);
+            cipherView.OrganizationId = organizationId;
+            cipherView.CollectionIds = collectionIds;
+            var encCipher = await EncryptAsync(cipherView);
            var request = new CipherShareRequest(encCipher);
-            var response = await _apiService.PutShareCipherAsync(cipher.Id, request);
+            var response = await _apiService.PutShareCipherAsync(cipherView.Id, request);
            var userId = await _stateService.GetActiveUserIdAsync();
            var data = new CipherData(response, userId, collectionIds);
            await UpsertAsync(data);
@ -855,12 +869,13 @@ namespace Bit.Core.Services

        // Helpers

-        private async Task<Tuple<SymmetricCryptoKey, EncString, SymmetricCryptoKey>> MakeAttachmentKeyAsync(string organizationId, Cipher cipher = null, CipherView cipherView = null)
+        private async Task<Tuple<SymmetricCryptoKey, EncString, SymmetricCryptoKey>> MakeAttachmentKeyAsync(string organizationId, Cipher cipher = null, CipherView cipherView = null, SymmetricCryptoKey cipherKey = null)
        {
            var orgKey = await _cryptoService.GetOrgKeyAsync(organizationId);

-            SymmetricCryptoKey encryptionKey = orgKey;
-            if (cipher != null && cipherView != null)
+            //We give priority to the use of cipher.key if it exists
+            SymmetricCryptoKey encryptionKey = cipherKey ?? orgKey;
+            if (cipher != null && cipherView != null && cipher.Key == null)
            {
                encryptionKey = await UpdateCipherAndGetCipherKeyAsync(cipher, cipherView, orgKey, false);
            }
@ -872,7 +887,7 @@ namespace Bit.Core.Services
        }

        private async Task ShareAttachmentWithServerAsync(AttachmentView attachmentView, string cipherId,
-            string organizationId)
+            string organizationId, SymmetricCryptoKey cipherKey = null, EncString cipherKeyProtected = null)
        {
            var attachmentResponse = await _httpClient.GetAsync(attachmentView.Url);
            if (!attachmentResponse.IsSuccessStatusCode)
@ -883,7 +898,7 @@ namespace Bit.Core.Services
            var bytes = await attachmentResponse.Content.ReadAsByteArrayAsync();
            var decBytes = await _cryptoService.DecryptFromBytesAsync(bytes, null);

-            var (attachmentKey, protectedAttachmentKey, encKey) = await MakeAttachmentKeyAsync(organizationId);
+            var (attachmentKey, protectedAttachmentKey, encKey) = await MakeAttachmentKeyAsync(organizationId, cipherKey:cipherKey);

            var encFileName = await _cryptoService.EncryptAsync(attachmentView.FileName, encKey);
            var encFileData = await _cryptoService.EncryptToBytesAsync(decBytes, attachmentKey);
@ -892,6 +907,10 @@ namespace Bit.Core.Services
            var fd = new MultipartFormDataContent(boundary);
            fd.Add(new StringContent(protectedAttachmentKey.EncryptedString), "key");
            fd.Add(new StreamContent(new MemoryStream(encFileData.Buffer)), "data", encFileName.EncryptedString);
+            if(cipherKey != null && cipherKeyProtected != null)
+            {
+                fd.Add(new StringContent(cipherKeyProtected.EncryptedString), "cipherKey");
+            }
            await _apiService.PostShareCipherAttachmentAsync(cipherId, attachmentView.Id, fd, organizationId);
        }