Skip to content

[PM-20361] Expose signing key generation to mobile and wasm clients & add to key context #257

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. Weโ€™ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
wants to merge 128 commits into
base: km/cose-signatures
Choose a base branch
from
Draft

[PM-20361] Expose signing key generation to mobile and wasm clients & add to key context #257

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
128 commits
Select commit Hold shift + click to select a range
72bcf39
Add xchacha20poly1305 crypto primitives
quexten Mar 7, 2025
0e68201
Cargo fmt
quexten Mar 7, 2025
a58c53f
Cleanup
quexten Mar 7, 2025
ba2d199
Cleanup
quexten Mar 7, 2025
7647256
Remove poly1305 dependency
quexten Mar 7, 2025
6bab049
Move comment
quexten Mar 7, 2025
6b241ec
Adjust interface according to feedback
quexten Mar 7, 2025
ced7213
Remove comment
quexten Mar 7, 2025
44e5ffd
Fix clippy warning
quexten Mar 7, 2025
366d79f
Merge branch 'main' into km/pm-15096/xchacha20-poly1305
quexten Mar 24, 2025
77e0252
tmp
quexten Mar 24, 2025
27fb7cf
Cleanup
quexten Mar 24, 2025
94eed96
Merge branch 'km/pm-15096/xchacha20-poly1305' into km/cose
quexten Mar 24, 2025
eab453f
Fix build
quexten Mar 26, 2025
941748a
Merge branch 'main' into km/cose
quexten Mar 26, 2025
43b117c
Add keyids
quexten Mar 26, 2025
4c7c724
Remove blake3 dependency
quexten Mar 26, 2025
5455f17
Remove poly1305
quexten Mar 26, 2025
c9882c6
Remove hash parse error
quexten Mar 26, 2025
cac04d3
tmp
quexten Mar 26, 2025
df9327c
Rename encrypt/decrypt to encapsulate/decapsulate and remove asymmetrโ€ฆ
quexten Mar 26, 2025
d6ab6ca
Merge branch 'km/poc-update-asymmetric-interface' into km/cose
quexten Mar 27, 2025
8df3dff
Only allow symmetric keys for encapsulation
quexten Mar 27, 2025
16c1a84
Remove unused imports
quexten Mar 27, 2025
351394f
Cleanup
quexten Mar 27, 2025
e221150
Cargo fmt
quexten Mar 27, 2025
ccf04c3
Add comments
quexten Mar 27, 2025
cce0a95
Fix tests
quexten Mar 27, 2025
b075993
Cargo fmt
quexten Mar 27, 2025
20420e7
Rename key encapsulation function
quexten Mar 27, 2025
96094cf
Fix comment
quexten Mar 27, 2025
5270715
Merge branch 'main' into km/poc-update-asymmetric-interface
quexten Mar 27, 2025
4167ce0
Merge branch 'main' into km/poc-update-asymmetric-interface
quexten Mar 28, 2025
fbddd87
Fix build and cleanup
quexten Mar 28, 2025
7cbb3aa
Merge asymmetric interface changes
quexten Mar 28, 2025
7d753ff
Merge branch 'km/poc-update-asymmetric-interface' into km/cose
quexten Mar 28, 2025
d4dc234
Fix clippy
quexten Mar 28, 2025
d5ecbdb
Fix example
quexten Mar 28, 2025
b0f3bbc
Remove unused dep
quexten Mar 28, 2025
fd6ee38
Remove unused error
quexten Mar 28, 2025
e18b3df
Update comment
quexten Mar 28, 2025
c1c1dbb
Simplify test code
quexten Apr 2, 2025
d6a52d4
Rename
quexten Apr 3, 2025
cc32629
Cargo fmt
quexten Apr 3, 2025
9cd79c6
Initial signature keys
quexten Apr 4, 2025
dd3d23e
Cose
quexten Apr 5, 2025
951664b
Add comment to unpad_key
quexten Apr 8, 2025
e52e614
Add more docs to pad_key and unpad_key
quexten Apr 8, 2025
f83641a
Fix capitalization
quexten Apr 8, 2025
ca2c1fa
Further improve docs
quexten Apr 8, 2025
dbc4713
Improve comment for to_encoded
quexten Apr 8, 2025
75899e2
Update crates/bitwarden-crypto/src/keys/key_id.rs
quexten Apr 8, 2025
38265a8
Delete param docs
quexten Apr 8, 2025
0871942
Merge branch 'km/cose' of github.com:bitwarden/sdk-internal into km/cose
quexten Apr 8, 2025
f7e75ac
Update cose encstring display impl
quexten Apr 8, 2025
665223a
Fix formatting
quexten Apr 8, 2025
8cd4d7b
Fix formatting when displaying unparseable cose
quexten Apr 8, 2025
0efa764
Update comment for decapsulate_key_unsigned
quexten Apr 14, 2025
2e2c3f5
Update naming to be consistent with sdk guidelines
quexten Apr 14, 2025
e156847
Split generate functions and fix namings
quexten Apr 14, 2025
c659247
Fix build
quexten Apr 14, 2025
9efe790
Change ciborium and coset versions to ranges
quexten Apr 14, 2025
4436cf9
Remove allow(unused)
quexten Apr 14, 2025
50af1a7
Remove unused error
quexten Apr 14, 2025
5bb8d7f
Undo change to rng in make_user_key
quexten Apr 14, 2025
eb13169
Clean up errors and pass through Cose error
quexten Apr 14, 2025
077f265
Cargo fmt
quexten Apr 14, 2025
fa305fe
Clean up constant time compare of symmetric crypto keys
quexten Apr 14, 2025
2ce0074
Add empty lines in match for readability
quexten Apr 14, 2025
b4e7ddb
Prevent unreachable code in encstring fmt function
quexten Apr 14, 2025
46301b1
Cleanup key conversion for xchacha20 encrypt/decrypt
quexten Apr 14, 2025
59e4e55
Cargo fmt
quexten Apr 14, 2025
ba89a8c
Finish signing implementation
quexten Apr 17, 2025
e4585e5
Add tests
quexten Apr 17, 2025
77afef5
Rename to UnauthenticatedSharedKey
quexten Apr 17, 2025
9512d9d
Merge branch 'main' into km/poc-update-asymmetric-interface
quexten Apr 17, 2025
d58c75f
Cleanup
quexten Apr 17, 2025
70ad092
Cleanup
quexten Apr 17, 2025
f8a76c8
Remove wrong key_op
quexten Apr 17, 2025
ef54bce
Merge branch 'km/cose' into km/cose-signatures
quexten Apr 17, 2025
3affc17
Limit verify visibility
quexten Apr 17, 2025
2db9852
Fix build
quexten Apr 17, 2025
4c3f84e
Remove unused error from merge conflict
quexten Apr 17, 2025
9393bab
Cargo fmt
quexten Apr 17, 2025
1d60dbc
Cleanup
quexten Apr 17, 2025
a29c131
Cargo fmt
quexten Apr 17, 2025
b719c95
Cleanup
quexten Apr 17, 2025
a80c102
Simplify comment
quexten Apr 17, 2025
4f0b9b5
Fix formatting
quexten Apr 17, 2025
879e8c6
Merge branch 'main' into km/poc-update-asymmetric-interface
quexten Apr 21, 2025
0ff0e98
Update crates/bitwarden-crypto/src/enc_string/symmetric.rs
quexten Apr 21, 2025
d892b79
Update crates/bitwarden-crypto/src/enc_string/symmetric.rs
quexten Apr 21, 2025
a091992
Change xchacha keywrap to todo
quexten Apr 21, 2025
2bde54e
Make xchacha ciphertext struct members non-pub
quexten Apr 21, 2025
5ed9e20
Rename XChaCha20 encstring type to CoseEncrypt0
quexten Apr 21, 2025
b2f3044
Merge changes
quexten Apr 21, 2025
ccf286f
Merge branch 'km/cose' of github.com:bitwarden/sdk-internal into km/cose
quexten Apr 21, 2025
85b8438
Merge branch 'km/poc-update-asymmetric-interface' into km/cose
quexten Apr 21, 2025
08aa515
Fix build
quexten Apr 21, 2025
8441ad5
Fix remaining build errors
quexten Apr 21, 2025
59e644d
Fix clippy warnings
quexten Apr 21, 2025
4e0895f
Cargo fmt
quexten Apr 21, 2025
a8d073b
Fix documentation
quexten Apr 21, 2025
4d38d5e
Merge branch 'km/cose' into km/cose-signatures
quexten Apr 21, 2025
15b0f8e
Add non-null test values
quexten Apr 21, 2025
7703488
Merge branch 'km/poc-update-asymmetric-interface' of github.com:bitwaโ€ฆ
quexten Apr 21, 2025
239a297
Cargo fmt
quexten Apr 21, 2025
f63ad8b
Remove into()
quexten Apr 21, 2025
08ae2fd
Merge branch 'km/poc-update-asymmetric-interface' into km/cose
quexten Apr 21, 2025
7fb1a0a
Fix merge issue
quexten Apr 21, 2025
68b0ba2
Clean up key wrapping
quexten Apr 21, 2025
3e99550
Cargo fmt
quexten Apr 21, 2025
2107c96
Cleanup
quexten Apr 21, 2025
a98d014
Cleanup of generate key interfaces
quexten Apr 21, 2025
cddf006
Cargo fmt
quexten Apr 21, 2025
ae9a7da
Remove reference to pad_key
quexten Apr 21, 2025
c551e7f
Merge branch 'km/cose' into km/cose-signatures
quexten Apr 22, 2025
d13e8fe
Expose signing key generation to mobile and wasm clients
quexten Apr 30, 2025
712dfea
Make signatures be a struct instead of vec
quexten Apr 30, 2025
f8044bd
Merge branch 'km/cose-signatures' of github.com:bitwarden/sdk-internaโ€ฆ
quexten Apr 30, 2025
be662d5
Merge branch 'km/cose-signatures' into km/expose-signing-functions
quexten Apr 30, 2025
7b7f507
Add signing values to key context
quexten Apr 30, 2025
ab7570b
Add signing keys to global keystore and make make signing key not retโ€ฆ
quexten Apr 30, 2025
0b0076a
Add signing keys to init code
quexten Apr 30, 2025
2c92b19
Fix comment
quexten Apr 30, 2025
d275e17
Cargo fmt
quexten Apr 30, 2025
17dfbd8
Fix documentation
quexten Apr 30, 2025
ac44769
Cargo fmt
quexten Apr 30, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions Cargo.lock
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 3 additions & 0 deletions crates/bitwarden-core/src/auth/api/response/identity_success_response.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,8 @@ pub struct IdentityTokenSuccessResponse {
pub(crate) private_key: Option<String>,
#[serde(alias = "Key")]
pub(crate) key: Option<String>,
#[serde(alias = "userKeyEncryptedSigningKey")]
pub(crate) user_key_encrypted_signing_key: Option<String>,
#[serde(rename = "twoFactorToken")]
two_factor_token: Option<String>,
#[serde(alias = "Kdf")]
Expand Down Expand Up @@ -53,6 +55,7 @@ mod test {
refresh_token: Default::default(),
token_type: Default::default(),
private_key: Default::default(),
user_key_encrypted_signing_key: Default::default(),
key: Default::default(),
two_factor_token: Default::default(),
kdf: KdfType::default(),
Expand Down
4 changes: 2 additions & 2 deletions crates/bitwarden-core/src/auth/auth_client.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
#[cfg(feature = "internal")]
use bitwarden_crypto::{
AsymmetricEncString, CryptoError, DeviceKey, EncString, Kdf, TrustDeviceResponse,
CryptoError, DeviceKey, EncString, Kdf, TrustDeviceResponse, UnauthenticatedSharedKey,
};

#[cfg(feature = "secrets")]
Expand Down Expand Up @@ -152,7 +152,7 @@ impl AuthClient {
pub fn approve_auth_request(
&self,
public_key: String,
) -> Result<AsymmetricEncString, ApproveAuthRequestError> {
) -> Result<UnauthenticatedSharedKey, ApproveAuthRequestError> {
approve_auth_request(&self.client, public_key)
}

Expand Down
49 changes: 29 additions & 20 deletions crates/bitwarden-core/src/auth/auth_request.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
use base64::{engine::general_purpose::STANDARD, Engine};
use bitwarden_crypto::{
fingerprint, generate_random_alphanumeric, AsymmetricCryptoKey, AsymmetricEncString,
AsymmetricPublicCryptoKey, CryptoError,
fingerprint, generate_random_alphanumeric, AsymmetricCryptoKey, AsymmetricPublicCryptoKey,
CryptoError, UnauthenticatedSharedKey,
};
#[cfg(feature = "internal")]
use bitwarden_crypto::{EncString, KeyDecryptable, SymmetricCryptoKey};
use bitwarden_crypto::{EncString, SymmetricCryptoKey};
use thiserror::Error;

#[cfg(feature = "internal")]
Expand Down Expand Up @@ -52,26 +52,25 @@ pub(crate) fn new_auth_request(email: &str) -> Result<AuthRequestResponse, Crypt
#[cfg(feature = "internal")]
pub(crate) fn auth_request_decrypt_user_key(
private_key: String,
user_key: AsymmetricEncString,
user_key: UnauthenticatedSharedKey,
) -> Result<SymmetricCryptoKey, EncryptionSettingsError> {
let key = AsymmetricCryptoKey::from_der(&STANDARD.decode(private_key)?)?;
let mut key: Vec<u8> = user_key.decrypt_with_key(&key)?;

Ok(SymmetricCryptoKey::try_from(key.as_mut_slice())?)
let key: SymmetricCryptoKey = user_key.decapsulate_key_unsigned(&key)?;
Ok(key)
}

/// Decrypt the user key using the private key generated previously.
#[cfg(feature = "internal")]
pub(crate) fn auth_request_decrypt_master_key(
private_key: String,
master_key: AsymmetricEncString,
master_key: UnauthenticatedSharedKey,
user_key: EncString,
) -> Result<SymmetricCryptoKey, EncryptionSettingsError> {
use bitwarden_crypto::MasterKey;

let key = AsymmetricCryptoKey::from_der(&STANDARD.decode(private_key)?)?;
let mut master_key: Vec<u8> = master_key.decrypt_with_key(&key)?;
let master_key = MasterKey::try_from(master_key.as_mut_slice())?;
let master_key: SymmetricCryptoKey = master_key.decapsulate_key_unsigned(&key)?;
let master_key = MasterKey::try_from(&master_key)?;

Ok(master_key.decrypt_user_key(user_key)?)
}
Expand All @@ -93,7 +92,7 @@ pub enum ApproveAuthRequestError {
pub(crate) fn approve_auth_request(
client: &Client,
public_key: String,
) -> Result<AsymmetricEncString, ApproveAuthRequestError> {
) -> Result<UnauthenticatedSharedKey, ApproveAuthRequestError> {
let public_key = AsymmetricPublicCryptoKey::from_der(&STANDARD.decode(public_key)?)?;

let key_store = client.internal.get_key_store();
Expand All @@ -103,8 +102,8 @@ pub(crate) fn approve_auth_request(
#[allow(deprecated)]
let key = ctx.dangerous_get_symmetric_key(SymmetricKeyId::User)?;

Ok(AsymmetricEncString::encrypt_rsa2048_oaep_sha1(
&key.to_vec(),
Ok(UnauthenticatedSharedKey::encapsulate_key_unsigned(
key,
&public_key,
)?)
}
Expand All @@ -113,7 +112,7 @@ pub(crate) fn approve_auth_request(
fn test_auth_request() {
let request = new_auth_request("[email protected]").unwrap();

let secret: &[u8] = &[
let secret = vec![
111, 32, 97, 169, 4, 241, 174, 74, 239, 206, 113, 86, 174, 68, 216, 238, 52, 85, 156, 27,
134, 149, 54, 55, 91, 147, 45, 130, 131, 237, 51, 31, 191, 106, 155, 14, 160, 82, 47, 40,
96, 31, 114, 127, 212, 187, 167, 110, 205, 116, 198, 243, 218, 72, 137, 53, 248, 43, 255,
Expand All @@ -123,11 +122,15 @@ fn test_auth_request() {
let private_key =
AsymmetricCryptoKey::from_der(&STANDARD.decode(&request.private_key).unwrap()).unwrap();

let encrypted = AsymmetricEncString::encrypt_rsa2048_oaep_sha1(secret, &private_key).unwrap();
let encrypted = UnauthenticatedSharedKey::encapsulate_key_unsigned(
&SymmetricCryptoKey::try_from(secret.clone()).unwrap(),
&private_key,
)
.unwrap();

let decrypted = auth_request_decrypt_user_key(request.private_key, encrypted).unwrap();

assert_eq!(&decrypted.to_vec(), secret);
assert_eq!(decrypted.to_encoded(), secret);
}

#[cfg(test)]
Expand Down Expand Up @@ -159,7 +162,7 @@ mod tests {
let private_key ="2.yN7l00BOlUE0Sb0M//Q53w==|EwKG/BduQRQ33Izqc/ogoBROIoI5dmgrxSo82sgzgAMIBt3A2FZ9vPRMY+GWT85JiqytDitGR3TqwnFUBhKUpRRAq4x7rA6A1arHrFp5Tp1p21O3SfjtvB3quiOKbqWk6ZaU1Np9HwqwAecddFcB0YyBEiRX3VwF2pgpAdiPbSMuvo2qIgyob0CUoC/h4Bz1be7Qa7B0Xw9/fMKkB1LpOm925lzqosyMQM62YpMGkjMsbZz0uPopu32fxzDWSPr+kekNNyLt9InGhTpxLmq1go/pXR2uw5dfpXc5yuta7DB0EGBwnQ8Vl5HPdDooqOTD9I1jE0mRyuBpWTTI3FRnu3JUh3rIyGBJhUmHqGZvw2CKdqHCIrQeQkkEYqOeJRJVdBjhv5KGJifqT3BFRwX/YFJIChAQpebNQKXe/0kPivWokHWwXlDB7S7mBZzhaAPidZvnuIhalE2qmTypDwHy22FyqV58T8MGGMchcASDi/QXI6kcdpJzPXSeU9o+NC68QDlOIrMVxKFeE7w7PvVmAaxEo0YwmuAzzKy9QpdlK0aab/xEi8V4iXj4hGepqAvHkXIQd+r3FNeiLfllkb61p6WTjr5urcmDQMR94/wYoilpG5OlybHdbhsYHvIzYoLrC7fzl630gcO6t4nM24vdB6Ymg9BVpEgKRAxSbE62Tqacxqnz9AcmgItb48NiR/He3n3ydGjPYuKk/ihZMgEwAEZvSlNxYONSbYrIGDtOY+8Nbt6KiH3l06wjZW8tcmFeVlWv+tWotnTY9IqlAfvNVTjtsobqtQnvsiDjdEVtNy/s2ci5TH+NdZluca2OVEr91Wayxh70kpM6ib4UGbfdmGgCo74gtKvKSJU0rTHakQ5L9JlaSDD5FamBRyI0qfL43Ad9qOUZ8DaffDCyuaVyuqk7cz9HwmEmvWU3VQ+5t06n/5kRDXttcw8w+3qClEEdGo1KeENcnXCB32dQe3tDTFpuAIMLqwXs6FhpawfZ5kPYvLPczGWaqftIs/RXJ/EltGc0ugw2dmTLpoQhCqrcKEBDoYVk0LDZKsnzitOGdi9mOWse7Se8798ib1UsHFUjGzISEt6upestxOeupSTOh0v4+AjXbDzRUyogHww3V+Bqg71bkcMxtB+WM+pn1XNbVTyl9NR040nhP7KEf6e9ruXAtmrBC2ah5cFEpLIot77VFZ9ilLuitSz+7T8n1yAh1IEG6xxXxninAZIzi2qGbH69O5RSpOJuJTv17zTLJQIIc781JwQ2TTwTGnx5wZLbffhCasowJKd2EVcyMJyhz6ru0PvXWJ4hUdkARJs3Xu8dus9a86N8Xk6aAPzBDqzYb1vyFIfBxP0oO8xFHgd30Cgmz8UrSE3qeWRrF8ftrI6xQnFjHBGWD/JWSvd6YMcQED0aVuQkuNW9ST/DzQThPzRfPUoiL10yAmV7Ytu4fR3x2sF0Yfi87YhHFuCMpV/DsqxmUizyiJuD938eRcH8hzR/VO53Qo3UIsqOLcyXtTv6THjSlTopQ+JOLOnHm1w8dzYbLN44OG44rRsbihMUQp+wUZ6bsI8rrOnm9WErzkbQFbrfAINdoCiNa6cimYIjvvnMTaFWNymqY1vZxGztQiMiHiHYwTfwHTXrb9j0uPM=|09J28iXv9oWzYtzK2LBT6Yht4IT4MijEkk0fwFdrVQ4=".parse().unwrap();
client
.internal
.initialize_user_crypto_master_key(master_key, user_key, private_key)
.initialize_user_crypto_master_key(master_key, user_key, private_key, None)
.unwrap();

let public_key = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvyLRDUwXB4BfQ507D4meFPmwn5zwy3IqTPJO4plrrhnclWahXa240BzyFW9gHgYu+Jrgms5xBfRTBMcEsqqNm7+JpB6C1B6yvnik0DpJgWQw1rwvy4SUYidpR/AWbQi47n/hvnmzI/sQxGddVfvWu1iTKOlf5blbKYAXnUE5DZBGnrWfacNXwRRdtP06tFB0LwDgw+91CeLSJ9py6dm1qX5JIxoO8StJOQl65goLCdrTWlox+0Jh4xFUfCkb+s3px+OhSCzJbvG/hlrSRcUz5GnwlCEyF3v5lfUtV96MJD+78d8pmH6CfFAp2wxKRAbGdk+JccJYO6y6oIXd3Fm7twIDAQAB";
Expand All @@ -180,7 +183,7 @@ mod tests {
let dec = auth_request_decrypt_user_key(private_key.to_owned(), enc_user_key).unwrap();

assert_eq!(
&dec.to_vec(),
&dec.to_encoded(),
&[
201, 37, 234, 213, 21, 75, 40, 70, 149, 213, 234, 16, 19, 251, 162, 245, 161, 74,
34, 245, 211, 151, 211, 192, 95, 10, 117, 50, 88, 223, 23, 157
Expand All @@ -199,7 +202,7 @@ mod tests {
.unwrap();

assert_eq!(
&dec.to_vec(),
&dec.to_encoded(),
&[
109, 128, 172, 147, 206, 123, 134, 95, 16, 36, 155, 113, 201, 18, 186, 230, 216,
212, 173, 188, 74, 11, 134, 131, 137, 242, 105, 178, 105, 126, 52, 139, 248, 91,
Expand All @@ -226,7 +229,12 @@ mod tests {

existing_device
.internal
.initialize_user_crypto_master_key(master_key, user_key, private_key.parse().unwrap())
.initialize_user_crypto_master_key(
master_key,
user_key,
private_key.parse().unwrap(),
None,
)
.unwrap();

// Initialize a new device which will request to be logged in
Expand All @@ -243,6 +251,7 @@ mod tests {
kdf_params: kdf,
email: email.to_owned(),
private_key: private_key.to_owned(),
signing_key: None,
method: InitUserCryptoMethod::AuthRequest {
request_private_key: auth_req.private_key,
method: AuthRequestMethod::UserKey {
Expand Down
9 changes: 6 additions & 3 deletions crates/bitwarden-core/src/auth/login/api_key.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,9 +51,12 @@
let user_key: EncString = require!(r.key.as_deref()).parse()?;
let private_key: EncString = require!(r.private_key.as_deref()).parse()?;

client
.internal
.initialize_user_crypto_master_key(master_key, user_key, private_key)?;
client.internal.initialize_user_crypto_master_key(
master_key,
user_key,
private_key,
None,
)?;

Check warning on line 59 in crates/bitwarden-core/src/auth/login/api_key.rs

View check run for this annotation

Codecov / codecov/patch

crates/bitwarden-core/src/auth/login/api_key.rs#L54-L59 

Added lines #L54 - L59 were not covered by tests
}

Ok(ApiKeyLoginResponse::process_response(response))
Expand Down
1 change: 1 addition & 0 deletions crates/bitwarden-core/src/auth/login/auth_request.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -118,6 +118,7 @@
kdf_params: kdf,
email: auth_req.email,
private_key: require!(r.private_key),
signing_key: None,

Check warning on line 121 in crates/bitwarden-core/src/auth/login/auth_request.rs

View check run for this annotation

Codecov / codecov/patch

crates/bitwarden-core/src/auth/login/auth_request.rs#L121 

Added line #L121 was not covered by tests
method: InitUserCryptoMethod::AuthRequest {
request_private_key: auth_req.private_key,
method,
Expand Down
14 changes: 11 additions & 3 deletions crates/bitwarden-core/src/auth/login/password.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,10 +52,18 @@

let user_key: EncString = require!(r.key.as_deref()).parse()?;
let private_key: EncString = require!(r.private_key.as_deref()).parse()?;
let signing_key = r
.user_key_encrypted_signing_key
.clone()
.map(|s| s.parse())
.transpose()?;

Check warning on line 59 in crates/bitwarden-core/src/auth/login/password.rs

View check run for this annotation

Codecov / codecov/patch

crates/bitwarden-core/src/auth/login/password.rs#L55-L59 

Added lines #L55 - L59 were not covered by tests

client
.internal
.initialize_user_crypto_master_key(master_key, user_key, private_key)?;
client.internal.initialize_user_crypto_master_key(
master_key,
user_key,
private_key,
signing_key,
)?;

Check warning on line 66 in crates/bitwarden-core/src/auth/login/password.rs

View check run for this annotation

Codecov / codecov/patch

crates/bitwarden-core/src/auth/login/password.rs#L61-L66 

Added lines #L61 - L66 were not covered by tests
}

Ok(PasswordLoginResponse::process_response(response))
Expand Down
16 changes: 13 additions & 3 deletions crates/bitwarden-core/src/auth/password/validate.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,7 @@ pub(crate) fn validate_password_user_key(
#[allow(deprecated)]
let existing_key = ctx.dangerous_get_symmetric_key(SymmetricKeyId::User)?;

if user_key.to_vec() != existing_key.to_vec() {
if user_key != *existing_key {
return Err(AuthValidateError::WrongUserKey);
}

Expand Down Expand Up @@ -140,7 +140,12 @@ mod tests {

client
.internal
.initialize_user_crypto_master_key(master_key, user_key.parse().unwrap(), private_key)
.initialize_user_crypto_master_key(
master_key,
user_key.parse().unwrap(),
private_key,
None,
)
.unwrap();

let result =
Expand Down Expand Up @@ -183,7 +188,12 @@ mod tests {

client
.internal
.initialize_user_crypto_master_key(master_key, user_key.parse().unwrap(), private_key)
.initialize_user_crypto_master_key(
master_key,
user_key.parse().unwrap(),
private_key,
None,
)
.unwrap();

let result =
Expand Down
9 changes: 7 additions & 2 deletions crates/bitwarden-core/src/auth/pin.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ pub(crate) fn validate_pin(
return Ok(false);
};

Ok(user_key.to_vec() == decrypted_key.to_vec())
Ok(*user_key == decrypted_key)
}
}
}
Expand Down Expand Up @@ -75,7 +75,12 @@ mod tests {

client
.internal
.initialize_user_crypto_master_key(master_key, user_key.parse().unwrap(), private_key)
.initialize_user_crypto_master_key(
master_key,
user_key.parse().unwrap(),
private_key,
None,
)
.unwrap();

client
Expand Down
21 changes: 10 additions & 11 deletions crates/bitwarden-core/src/auth/tde.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
use base64::{engine::general_purpose::STANDARD, Engine};
use bitwarden_crypto::{
AsymmetricEncString, AsymmetricPublicCryptoKey, DeviceKey, EncString, Kdf, SymmetricCryptoKey,
TrustDeviceResponse, UserKey,
AsymmetricPublicCryptoKey, DeviceKey, EncString, Kdf, SymmetricCryptoKey, TrustDeviceResponse,
UnauthenticatedSharedKey, UserKey,
};

use crate::{client::encryption_settings::EncryptionSettingsError, Client};
Expand All @@ -17,13 +17,10 @@
) -> Result<RegisterTdeKeyResponse, EncryptionSettingsError> {
let public_key = AsymmetricPublicCryptoKey::from_der(&STANDARD.decode(org_public_key)?)?;

let mut rng = rand::thread_rng();

let user_key = UserKey::new(SymmetricCryptoKey::generate(&mut rng));
let user_key = UserKey::new(SymmetricCryptoKey::generate_aes256_cbc_hmac());
let key_pair = user_key.make_key_pair()?;

let admin_reset =
AsymmetricEncString::encrypt_rsa2048_oaep_sha1(&user_key.0.to_vec(), &public_key)?;
let admin_reset = UnauthenticatedSharedKey::encapsulate_key_unsigned(&user_key.0, &public_key)?;

let device_key = if remember_device {
Some(DeviceKey::trust_device(&user_key.0)?)
Expand All @@ -40,9 +37,11 @@
kdf: Kdf::default(),
},
));
client
.internal
.initialize_user_crypto_decrypted_key(user_key.0, key_pair.private.clone())?;
client.internal.initialize_user_crypto_decrypted_key(
user_key.0,
key_pair.private.clone(),
None,
)?;

Check warning on line 44 in crates/bitwarden-core/src/auth/tde.rs

View check run for this annotation

Codecov / codecov/patch

crates/bitwarden-core/src/auth/tde.rs#L40-L44 

Added lines #L40 - L44 were not covered by tests

Ok(RegisterTdeKeyResponse {
private_key: key_pair.private,
Expand All @@ -58,6 +57,6 @@
pub private_key: EncString,
pub public_key: String,

pub admin_reset: AsymmetricEncString,
pub admin_reset: UnauthenticatedSharedKey,
pub device_key: Option<TrustDeviceResponse>,
}
Loading
Loading