Rename variables for clarity

lib/services/collections_service.dart

@@ -484,7 +484,10 @@ class CollectionsService {
     final encryptedKey = CryptoUtil.base642bin(collection.encryptedKey);
     Uint8List? collectionKey;
     if (collection.owner?.id == _config.getUserID()) {
+      // If the collection is owned by the user, decrypt with the master key
       if (_config.getKey() == null) {
+        // Possible during AppStore account migration, where SecureStorage
+        // would become inaccessible to the new Developer Account
         throw Exception("key can not be null");
       }
       collectionKey = CryptoUtil.decryptSync(
@@ -493,6 +496,7 @@ class CollectionsService {
         CryptoUtil.base642bin(collection.keyDecryptionNonce!),
       );
     } else {
+      // If owned by a different user, decrypt with the public key
       collectionKey = CryptoUtil.openSealSync(
         encryptedKey,
         CryptoUtil.base642bin(_config.getKeyAttributes()!.publicKey),
@@ -693,11 +697,11 @@ class CollectionsService {
       for (final collectionData in c) {
         final collection = Collection.fromMap(collectionData);
         if (collectionData['magicMetadata'] != null) {
-          final decryptionKey =
+          final collectionKey =
               _getAndCacheDecryptedKey(collection, source: "fetchCollection");
           final utfEncodedMmd = await CryptoUtil.decryptChaCha(
             CryptoUtil.base642bin(collectionData['magicMetadata']['data']),
-            decryptionKey,
+            collectionKey,
             CryptoUtil.base642bin(collectionData['magicMetadata']['header']),
           );
           collection.mMdEncodedJson = utf8.decode(utfEncodedMmd);
@@ -722,10 +726,13 @@ class CollectionsService {
   }
 
   Future<Collection> createAlbum(String albumName) async {
-    final key = CryptoUtil.generateKey();
-    final encryptedKeyData = CryptoUtil.encryptSync(key, _config.getKey()!);
-    final encryptedName =
-        CryptoUtil.encryptSync(utf8.encode(albumName) as Uint8List, key);
+    final collectionKey = CryptoUtil.generateKey();
+    final encryptedKeyData =
+        CryptoUtil.encryptSync(collectionKey, _config.getKey()!);
+    final encryptedName = CryptoUtil.encryptSync(
+      utf8.encode(albumName) as Uint8List,
+      collectionKey,
+    );
     final collection = await createAndCacheCollection(
       CreateRequest(
         encryptedKey: CryptoUtil.bin2base64(encryptedKeyData.encryptedData!),
@@ -749,13 +756,13 @@ class CollectionsService {
       final collectionData = response.data["collection"];
       final collection = Collection.fromMap(collectionData);
       if (collectionData['magicMetadata'] != null) {
-        final decryptionKey = _getAndCacheDecryptedKey(
+        final collectionKey = _getAndCacheDecryptedKey(
           collection,
           source: "fetchCollectionByID",
         );
         final utfEncodedMmd = await CryptoUtil.decryptChaCha(
           CryptoUtil.base642bin(collectionData['magicMetadata']['data']),
-          decryptionKey,
+          collectionKey,
           CryptoUtil.base642bin(collectionData['magicMetadata']['header']),
         );
         collection.mMdEncodedJson = utf8.decode(utfEncodedMmd);
@@ -785,10 +792,11 @@ class CollectionsService {
         return cachedCollection;
       }
     }
-    final key = CryptoUtil.generateKey();
-    final encryptedKeyData = CryptoUtil.encryptSync(key, _config.getKey()!);
+    final collectionKey = CryptoUtil.generateKey();
+    final encryptedKeyData =
+        CryptoUtil.encryptSync(collectionKey, _config.getKey()!);
     final encryptedPath =
-        CryptoUtil.encryptSync(utf8.encode(path) as Uint8List, key);
+        CryptoUtil.encryptSync(utf8.encode(path) as Uint8List, collectionKey);
     final collection = await createAndCacheCollection(
       CreateRequest(
         encryptedKey: CryptoUtil.bin2base64(encryptedKeyData.encryptedData!),
@@ -831,14 +839,16 @@ class CollectionsService {
     for (final batch in batchedFiles) {
       params["files"] = [];
       for (final file in batch) {
-        final key = decryptFileKey(file);
+        final fileKey = getFileKey(file);
         file.generatedID =
             null; // So that a new entry is created in the FilesDB
         file.collectionID = collectionID;
         final encryptedKeyData =
-            CryptoUtil.encryptSync(key, getCollectionKey(collectionID));
-        file.encryptedKey = CryptoUtil.bin2base64(encryptedKeyData.encryptedData!);
-        file.keyDecryptionNonce = CryptoUtil.bin2base64(encryptedKeyData.nonce!);
+            CryptoUtil.encryptSync(fileKey, getCollectionKey(collectionID));
+        file.encryptedKey =
+            CryptoUtil.bin2base64(encryptedKeyData.encryptedData!);
+        file.keyDecryptionNonce =
+            CryptoUtil.bin2base64(encryptedKeyData.nonce!);
         params["files"].add(
           CollectionFileItem(
             file.uploadedFileID!,
@@ -872,7 +882,7 @@ class CollectionsService {
     final int uploadedFileID = existingUploadedFile.uploadedFileID!;
 
     // encrypt the fileKey with destination collection's key
-    final fileKey = decryptFileKey(existingUploadedFile);
+    final fileKey = getFileKey(existingUploadedFile);
     final encryptedKeyData =
         CryptoUtil.encryptSync(fileKey, getCollectionKey(destCollectionID));
 
@@ -914,7 +924,7 @@ class CollectionsService {
     for (final batch in batchedFiles) {
       params["files"] = [];
       for (final file in batch) {
-        final key = decryptFileKey(file);
+        final fileKey = getFileKey(file);
         file.generatedID =
             null; // So that a new entry is created in the FilesDB
         file.collectionID = toCollectionID;
@@ -923,9 +933,12 @@ class CollectionsService {
         if (file.localID != null && !existingLocalIDS.contains(file.localID)) {
           file.localID = null;
         }
-        final encryptedKeyData = CryptoUtil.encryptSync(key, toCollectionKey);
-        file.encryptedKey = CryptoUtil.bin2base64(encryptedKeyData.encryptedData!);
-        file.keyDecryptionNonce = CryptoUtil.bin2base64(encryptedKeyData.nonce!);
+        final encryptedKeyData =
+            CryptoUtil.encryptSync(fileKey, toCollectionKey);
+        file.encryptedKey =
+            CryptoUtil.bin2base64(encryptedKeyData.encryptedData!);
+        file.keyDecryptionNonce =
+            CryptoUtil.bin2base64(encryptedKeyData.nonce!);
         params["files"].add(
           CollectionFileItem(
             file.uploadedFileID!,
@@ -984,14 +997,16 @@ class CollectionsService {
     for (final batch in batchedFiles) {
       params["files"] = [];
       for (final file in batch) {
-        final fileKey = decryptFileKey(file);
+        final fileKey = getFileKey(file);
         file.generatedID =
             null; // So that a new entry is created in the FilesDB
         file.collectionID = toCollectionID;
         final encryptedKeyData =
             CryptoUtil.encryptSync(fileKey, getCollectionKey(toCollectionID));
-        file.encryptedKey = CryptoUtil.bin2base64(encryptedKeyData.encryptedData!);
-        file.keyDecryptionNonce = CryptoUtil.bin2base64(encryptedKeyData.nonce!);
+        file.encryptedKey =
+            CryptoUtil.bin2base64(encryptedKeyData.encryptedData!);
+        file.keyDecryptionNonce =
+            CryptoUtil.bin2base64(encryptedKeyData.nonce!);
         params["files"].add(
           CollectionFileItem(
             file.uploadedFileID!,
@@ -1087,11 +1102,11 @@ class CollectionsService {
       final collectionData = response.data["collection"];
       final collection = Collection.fromMap(collectionData);
       if (collectionData['magicMetadata'] != null) {
-        final decryptionKey =
+        final collectionKey =
             _getAndCacheDecryptedKey(collection, source: "create");
         final utfEncodedMmd = await CryptoUtil.decryptChaCha(
           CryptoUtil.base642bin(collectionData['magicMetadata']['data']),
-          decryptionKey,
+          collectionKey,
           CryptoUtil.base642bin(collectionData['magicMetadata']['header']),
         );
         collection.mMdEncodedJson = utf8.decode(utfEncodedMmd);

lib/services/favorites_service.dart

@@ -193,14 +193,17 @@ class FavoritesService {
     if (_cachedFavoritesCollectionID != null) {
       return _cachedFavoritesCollectionID!;
     }
-    final key = CryptoUtil.generateKey();
-    final encKey = CryptoUtil.encryptSync(key, _config.getKey()!);
-    final encName =
-        CryptoUtil.encryptSync(utf8.encode("Favorites") as Uint8List, key);
+    final favoriteCollectionKey = CryptoUtil.generateKey();
+    final encryptedKeyResult =
+        CryptoUtil.encryptSync(favoriteCollectionKey, _config.getKey()!);
+    final encName = CryptoUtil.encryptSync(
+      utf8.encode("Favorites") as Uint8List,
+      favoriteCollectionKey,
+    );
     final collection = await _collectionsService.createAndCacheCollection(
       CreateRequest(
-        encryptedKey: CryptoUtil.bin2base64(encKey.encryptedData!),
-        keyDecryptionNonce: CryptoUtil.bin2base64(encKey.nonce!),
+        encryptedKey: CryptoUtil.bin2base64(encryptedKeyResult.encryptedData!),
+        keyDecryptionNonce: CryptoUtil.bin2base64(encryptedKeyResult.nonce!),
         encryptedName: CryptoUtil.bin2base64(encName.encryptedData!),
         nameDecryptionNonce: CryptoUtil.bin2base64(encName.nonce!),
         type: CollectionType.favorites,

lib/services/file_magic_service.dart

@@ -92,7 +92,7 @@ class FileMagicService {
         file.pubMmdEncodedJson = jsonEncode(jsonToUpdate);
         file.pubMagicMetadata = PubMagicMetadata.fromJson(jsonToUpdate);
 
-        final fileKey = decryptFileKey(file);
+        final fileKey = getFileKey(file);
         final encryptedMMd = await CryptoUtil.encryptChaCha(
           utf8.encode(jsonEncode(jsonToUpdate)) as Uint8List,
           fileKey,
@@ -158,7 +158,7 @@ class FileMagicService {
           file.mMdEncodedJson = jsonEncode(jsonToUpdate);
           file.magicMetadata = MagicMetadata.fromJson(jsonToUpdate);
 
-          final fileKey = decryptFileKey(file);
+          final fileKey = getFileKey(file);
           final encryptedMMd = await CryptoUtil.encryptChaCha(
             utf8.encode(jsonEncode(jsonToUpdate)) as Uint8List,
             fileKey,

lib/services/hidden_service.dart

@@ -133,10 +133,13 @@ extension HiddenService on CollectionsService {
   }
 
   Future<Collection> _createUncategorizedCollection() async {
-    final key = CryptoUtil.generateKey();
-    final encKey = CryptoUtil.encryptSync(key, config.getKey()!);
-    final encName =
-        CryptoUtil.encryptSync(utf8.encode("Uncategorized") as Uint8List, key);
+    final uncategorizedCollectionKey = CryptoUtil.generateKey();
+    final encKey =
+        CryptoUtil.encryptSync(uncategorizedCollectionKey, config.getKey()!);
+    final encName = CryptoUtil.encryptSync(
+      utf8.encode("Uncategorized") as Uint8List,
+      uncategorizedCollectionKey,
+    );
     final collection = await createAndCacheCollection(
       CreateRequest(
         encryptedKey: CryptoUtil.bin2base64(encKey.encryptedData!),
@@ -156,11 +159,12 @@ extension HiddenService on CollectionsService {
     required int visibility,
     required int subType,
   }) async {
-    final key = CryptoUtil.generateKey();
-    final encryptedKeyData = CryptoUtil.encryptSync(key, config.getKey()!);
+    final collectionKey = CryptoUtil.generateKey();
+    final encryptedKeyData =
+        CryptoUtil.encryptSync(collectionKey, config.getKey()!);
     final encryptedName = CryptoUtil.encryptSync(
       utf8.encode(name) as Uint8List,
-      key,
+      collectionKey,
     );
     final jsonToUpdate = CollectionMagicMetadata(
       visibility: visibility,
@@ -169,7 +173,7 @@ extension HiddenService on CollectionsService {
     assert(jsonToUpdate.length == 2, "metadata should have two keys");
     final encryptedMMd = await CryptoUtil.encryptChaCha(
       utf8.encode(jsonEncode(jsonToUpdate)) as Uint8List,
-      key,
+      collectionKey,
     );
     final MetadataRequest metadataRequest = MetadataRequest(
       version: 1,

lib/utils/diff_fetcher.dart

@@ -65,10 +65,10 @@ class DiffFetcher {
           file.fileSize = item["info"]["fileSize"];
         }
 
-        final fileDecryptionKey = decryptFileKey(file);
+        final fileKey = getFileKey(file);
         final encodedMetadata = await CryptoUtil.decryptChaCha(
           CryptoUtil.base642bin(item["metadata"]["encryptedData"]),
-          fileDecryptionKey,
+          fileKey,
           CryptoUtil.base642bin(file.metadataDecryptionHeader!),
         );
         final Map<String, dynamic> metadata =
@@ -77,7 +77,7 @@ class DiffFetcher {
         if (item['magicMetadata'] != null) {
           final utfEncodedMmd = await CryptoUtil.decryptChaCha(
             CryptoUtil.base642bin(item['magicMetadata']['data']),
-            fileDecryptionKey,
+            fileKey,
             CryptoUtil.base642bin(item['magicMetadata']['header']),
           );
           file.mMdEncodedJson = utf8.decode(utfEncodedMmd);
@@ -88,7 +88,7 @@ class DiffFetcher {
         if (item['pubMagicMetadata'] != null) {
           final utfEncodedMmd = await CryptoUtil.decryptChaCha(
             CryptoUtil.base642bin(item['pubMagicMetadata']['data']),
-            fileDecryptionKey,
+            fileKey,
             CryptoUtil.base642bin(item['pubMagicMetadata']['header']),
           );
           file.pubMmdEncodedJson = utf8.decode(utfEncodedMmd);

lib/utils/file_download_util.dart

@@ -55,7 +55,7 @@ Future<io.File?> downloadAndDecrypt(
       encryptedFilePath,
       decryptedFilePath,
       CryptoUtil.base642bin(file.fileDecryptionHeader!),
-      decryptFileKey(file),
+      getFileKey(file),
     );
     _logger.info("File decrypted: " + file.uploadedFileID.toString());
     await encryptedFile.delete();
@@ -63,7 +63,7 @@ Future<io.File?> downloadAndDecrypt(
   });
 }
 
-Uint8List decryptFileKey(ente.File file) {
+Uint8List getFileKey(ente.File file) {
   final encryptedKey = CryptoUtil.base642bin(file.encryptedKey!);
   final nonce = CryptoUtil.base642bin(file.keyDecryptionNonce!);
   final collectionKey =

lib/utils/file_uploader.dart

@@ -356,7 +356,7 @@ class FileUploader {
           file.uploadedFileID != null && file.updationTime == -1;
       if (isUpdatedFile) {
         _logger.info("File was updated " + file.toString());
-        key = decryptFileKey(file);
+        key = getFileKey(file);
       } else {
         key = null;
         // check if the file is already uploaded and can be mapped to existing
@@ -389,15 +389,15 @@ class FileUploader {
       final thumbnailData = mediaUploadData.thumbnail;
 
       final encryptedThumbnailData = await CryptoUtil.encryptChaCha(
-        thumbnailData as Uint8List,
-        fileAttributes.key as Uint8List,
+        thumbnailData!,
+        fileAttributes.key!,
       );
       if (io.File(encryptedThumbnailPath).existsSync()) {
         await io.File(encryptedThumbnailPath).delete();
       }
       final encryptedThumbnailFile = io.File(encryptedThumbnailPath);
       await encryptedThumbnailFile
-          .writeAsBytes(encryptedThumbnailData.encryptedData as Uint8List);
+          .writeAsBytes(encryptedThumbnailData.encryptedData!);
 
       final thumbnailUploadURL = await _getUploadURL();
       final String thumbnailObjectKey =
@@ -407,18 +407,19 @@ class FileUploader {
       final String fileObjectKey = await _putFile(fileUploadURL, encryptedFile);
 
       final metadata = await file.getMetadataForUpload(mediaUploadData);
-      final encryptedMetadataData = await CryptoUtil.encryptChaCha(
+      final encryptedMetadataResult = await CryptoUtil.encryptChaCha(
         utf8.encode(jsonEncode(metadata)) as Uint8List,
-        fileAttributes.key as Uint8List,
+        fileAttributes.key!,
       );
       final fileDecryptionHeader =
-          CryptoUtil.bin2base64(fileAttributes.header as Uint8List);
+          CryptoUtil.bin2base64(fileAttributes.header!);
       final thumbnailDecryptionHeader =
-          CryptoUtil.bin2base64(encryptedThumbnailData.header as Uint8List);
-      final encryptedMetadata =
-          CryptoUtil.bin2base64(encryptedMetadataData.encryptedData as Uint8List);
+          CryptoUtil.bin2base64(encryptedThumbnailData.header!);
+      final encryptedMetadata = CryptoUtil.bin2base64(
+        encryptedMetadataResult.encryptedData!,
+      );
       final metadataDecryptionHeader =
-          CryptoUtil.bin2base64(encryptedMetadataData.header as Uint8List);
+          CryptoUtil.bin2base64(encryptedMetadataResult.header!);
       if (SyncService.instance.shouldStopSync()) {
         throw SyncStopRequestedError();
       }
@@ -439,13 +440,13 @@ class FileUploader {
         await FilesDB.instance.updateUploadedFileAcrossCollections(remoteFile);
       } else {
         final encryptedFileKeyData = CryptoUtil.encryptSync(
-          fileAttributes.key as Uint8List,
+          fileAttributes.key!,
           CollectionsService.instance.getCollectionKey(collectionID),
         );
         final encryptedKey =
-            CryptoUtil.bin2base64(encryptedFileKeyData.encryptedData as Uint8List);
+            CryptoUtil.bin2base64(encryptedFileKeyData.encryptedData!);
         final keyDecryptionNonce =
-            CryptoUtil.bin2base64(encryptedFileKeyData.nonce as Uint8List);
+            CryptoUtil.bin2base64(encryptedFileKeyData.nonce!);
         remoteFile = await _uploadFile(
           file,
           collectionID,

lib/utils/thumbnail_util.dart

@@ -157,7 +157,7 @@ Future<void> _downloadAndDecryptThumbnail(FileDownloadItem item) async {
   if (!_uploadIDToDownloadItem.containsKey(file.uploadedFileID)) {
     return;
   }
-  final thumbnailDecryptionKey = decryptFileKey(file);
+  final thumbnailDecryptionKey = getFileKey(file);
   var data = await CryptoUtil.decryptChaCha(
     encryptedThumbnail,
     thumbnailDecryptionKey,

lib/utils/trash_diff_fetcher.dart

@@ -50,7 +50,7 @@ class TrashDiffFetcher {
             item["file"]["thumbnail"]["decryptionHeader"];
         trash.metadataDecryptionHeader =
             item["file"]["metadata"]["decryptionHeader"];
-        final fileDecryptionKey = decryptFileKey(trash);
+        final fileDecryptionKey = getFileKey(trash);
         final encodedMetadata = await CryptoUtil.decryptChaCha(
           CryptoUtil.base642bin(item["file"]["metadata"]["encryptedData"]),
           fileDecryptionKey,

lib/utils/validator_util.dart

@@ -37,7 +37,7 @@ void validatePreVerificationStateCheck(
     try {
       utf8.decode(passwordL);
     } catch (e) {
-      _logger.severe("CRITICAL: password decode failed", e);
+      _logger.severe("CRITICAL: password decode failed");
       rethrow;
     }
   } catch (e) {