From 6159f5e4eef73da3b874ff78c811307a6a71c64a Mon Sep 17 00:00:00 2001
From: Manav Rathi <manav@mrmr.io>
Date: Sat, 7 Sep 2024 10:11:44 +0530
Subject: [PATCH] cen

---
 .../new/photos/services/user-entity.ts        | 22 ++++++++++++-------
 1 file changed, 14 insertions(+), 8 deletions(-)

diff --git a/web/packages/new/photos/services/user-entity.ts b/web/packages/new/photos/services/user-entity.ts
index 9a2af8680d..c134f038a3 100644
--- a/web/packages/new/photos/services/user-entity.ts
+++ b/web/packages/new/photos/services/user-entity.ts
@@ -327,16 +327,19 @@ const userEntityDiff = async (
  * See also, [Note: User entity keys].
  */
 const getOrCreateEntityKeyB64 = async (type: EntityType) => {
+    // Get the user's master key (we need it to encrypt/decrypt the entity key).
+    const masterKey = await masterKeyFromSession();
+
     // See if we already have it locally.
     const saved = await savedRemoteUserEntityKey(type);
-    if (saved) return decryptEntityKey(saved);
+    if (saved) return decryptEntityKey(saved, masterKey);
 
     // See if remote already has it.
     const existing = await getUserEntityKey(type);
     if (existing) {
         // Only save it if we can decrypt it to avoid corrupting our local state
         // in unforeseen circumstances.
-        const result = await decryptEntityKey(existing);
+        const result = await decryptEntityKey(existing, masterKey);
         await saveRemoteUserEntityKey(type, existing);
         return result;
     }
@@ -346,8 +349,8 @@ const getOrCreateEntityKeyB64 = async (type: EntityType) => {
     // As a sanity check, genarate the key but immediately encrypt it as if it
     // were fetched from remote and then try to decrypt it before doing anything
     // with it.
-    const generated = await generateNewEncryptedEntityKey();
-    const result = decryptEntityKey(generated);
+    const generated = await generateNewEncryptedEntityKey(masterKey);
+    const result = decryptEntityKey(generated, masterKey);
     await postUserEntityKey(type, generated);
     await saveRemoteUserEntityKey(type, generated);
     return result;
@@ -378,10 +381,10 @@ const saveRemoteUserEntityKey = (
  * Generate a new entity key and return it in the shape of an
  * {@link RemoteUserEntityKey} after encrypting it using the user's master key.
  */
-const generateNewEncryptedEntityKey = async () => {
+const generateNewEncryptedEntityKey = async (masterKey: Uint8Array) => {
     const { encryptedData, nonce } = await encryptBoxB64(
         await generateNewBlobOrStreamKey(),
-        await masterKeyFromSession(),
+        masterKey,
     );
     // Remote calls it the header, but it really is the nonce.
     return { encryptedKey: encryptedData, header: nonce };
@@ -390,14 +393,17 @@ const generateNewEncryptedEntityKey = async () => {
 /**
  * Decrypt an encrypted entity key using the user's master key.
  */
-const decryptEntityKey = async (remote: RemoteUserEntityKey) =>
+const decryptEntityKey = async (
+    remote: RemoteUserEntityKey,
+    masterKey: Uint8Array,
+) =>
     decryptBoxB64(
         {
             encryptedData: remote.encryptedKey,
             // Remote calls it the header, but it really is the nonce.
             nonce: remote.header,
         },
-        await masterKeyFromSession(),
+        masterKey,
     );
 
 /**