[PM-20493] Add key wrapping / wrapped key facade for encstring & expose keywrap to purecrypto #221
+366
−152
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…ic keyencryptable trait impl
quexten
commented
May 7, 2025
| @@ -43,3 +59,11 @@ impl UniffiCustomTypeConverter for UnsignedSharedKey { | |||
| obj.to_string() | |||
| } | |||
| } | |||
|
|
|||
| // Uniffi doesn't emit unused types, this is a dummy record to ensure that the custom type | |||
| // converters are emitted | |||
There was a problem hiding this comment.
Can be removed when #221 is merged.
|
quexten
added a commit
that referenced
this pull request
May 9, 2025
## 🎟️ Tracking https://bitwarden.atlassian.net/browse/PM-21377 ## 📔 Objective Add remaining missing functions needed to port encrypt service to sdk. Ref: https://github.com/bitwarden/clients/blob/87a1f4e8ac928edfb05a283372550d0792c71827/libs/common/src/key-management/crypto/abstractions/encrypt.service.ts#L105-L188 Note: The way that this uses the key context is not ideal, but this should not be handled in this PR. This PR is to make the public interface available to unblock clients changes. Follow-up work (such as #221) can expose better apis from bitwarden-crypto and move PureCrypto to it. ## ⏰ Reminders before review - Contributor guidelines followed - All formatters and local linters executed and passed - Written new unit and / or integration tests where applicable - Protected functional changes with optionality (feature flags) - Used internationalization (i18n) for all UI strings - CI builds passed - Communicated to DevOps any deployment requirements - Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team ## 🦮 Reviewer guidelines <!-- Suggested interactions but feel free to use (or not) as you desire! --> - 👍 (`:+1:`) or similar for great changes - 📝 (`:memo:`) or ℹ️ (`:information_source:`) for notes or general info - ❓ (`:question:`) for questions - 🤔 (`:thinking:`) or 💭 (`:thought_balloon:`) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion - 🎨 (`:art:`) for suggestions / improvements - ❌ (`:x:`) or⚠️ (`:warning:`) for more significant problems or concerns needing attention - 🌱 (`:seedling:`) or ♻️ (`:recycle:`) for future improvements or indications of technical debt - ⛏ (`:pick:`) for minor or nitpick changes
dani-garcia
reviewed
May 12, 2025
| /// key_to_wrap. | ||
| /// | ||
| /// Wrapped keys such as cipher keys, or attachment keys, are used to create a layer of indirection, | ||
| /// so that keys can be shared mor granularly, and so that data can be rotated more easily. |
There was a problem hiding this comment.
Suggested change
| /// so that keys can be shared mor granularly, and so that data can be rotated more easily. | |
| /// so that keys can be shared more granularly, and so that data can be rotated more easily. |
Comment on lines
+48
to
+54
| impl std::fmt::Debug for WrappedSymmetricKey { | ||
| fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { | ||
| f.debug_struct("WrappedSymmetricKey") | ||
| .field("inner_enc_string", &self.as_inner()) | ||
| .finish() | ||
| } | ||
| } |
There was a problem hiding this comment.
In this case we can probably just tag WrappedSymmetricKey with #[derive(Debug)] directly instead of implementing it by hand.
| /// * `new_key_id` - The key id where the decrypted key will be stored. If it already exists, it | ||
| /// will be overwritten | ||
| /// * `encrypted_key` - The key to decrypt | ||
| /// * `key_to_unwrap` - The key to decrypt |
There was a problem hiding this comment.
There's still a reference to decryption instead of unwrapping (The key to decrypt -> The key to unwrap). To avoid the repetition with the comment, we could also rename the parameter to more closely resemble it's type too:
Suggested change
| /// * `key_to_unwrap` - The key to decrypt | |
| /// * `wrapped_key` - The key to unwrap |
| make_user_key(rand::thread_rng(), self) | ||
| } | ||
|
|
||
| /// Encrypt the users user key | ||
| pub fn encrypt_user_key(&self, user_key: &SymmetricCryptoKey) -> Result<EncString> { | ||
| pub fn encrypt_user_key(&self, user_key: &SymmetricCryptoKey) -> Result<WrappedSymmetricKey> { |
There was a problem hiding this comment.
Question: Will we want to rename these to also use the wrap/unwrap naming?
| @@ -70,12 +70,12 @@ mod tests { | |||
|
|
|||
| let master_key = MasterKey::derive(password, email, &kdf).unwrap(); | |||
|
|
|||
| let user_key = "2.Q/2PhzcC7GdeiMHhWguYAQ==|GpqzVdr0go0ug5cZh1n+uixeBC3oC90CIe0hd/HWA/pTRDZ8ane4fmsEIcuc8eMKUt55Y2q/fbNzsYu41YTZzzsJUSeqVjT8/iTQtgnNdpo=|dwI+uyvZ1h/iZ03VQ+/wrGEFYVewBUUl/syYgjsNMbE="; | |||
| let user_key: EncString = "2.Q/2PhzcC7GdeiMHhWguYAQ==|GpqzVdr0go0ug5cZh1n+uixeBC3oC90CIe0hd/HWA/pTRDZ8ane4fmsEIcuc8eMKUt55Y2q/fbNzsYu41YTZzzsJUSeqVjT8/iTQtgnNdpo=|dwI+uyvZ1h/iZ03VQ+/wrGEFYVewBUUl/syYgjsNMbE=".parse().unwrap(); | |||
There was a problem hiding this comment.
We implement FromStr for WrappedSymmetricKey as well, so if you remove the .into() below you can skip the type here and rust will infer it correctly as a WrappedSymmetricKey:
Suggested change
| let user_key: EncString = "2.Q/2PhzcC7GdeiMHhWguYAQ==|GpqzVdr0go0ug5cZh1n+uixeBC3oC90CIe0hd/HWA/pTRDZ8ane4fmsEIcuc8eMKUt55Y2q/fbNzsYu41YTZzzsJUSeqVjT8/iTQtgnNdpo=|dwI+uyvZ1h/iZ03VQ+/wrGEFYVewBUUl/syYgjsNMbE=".parse().unwrap(); | |
| let user_key = "2.Q/2PhzcC7GdeiMHhWguYAQ==|GpqzVdr0go0ug5cZh1n+uixeBC3oC90CIe0hd/HWA/pTRDZ8ane4fmsEIcuc8eMKUt55Y2q/fbNzsYu41YTZzzsJUSeqVjT8/iTQtgnNdpo=|dwI+uyvZ1h/iZ03VQ+/wrGEFYVewBUUl/syYgjsNMbE=".parse().unwrap(); |
This also probably applies to the other test cases that were updated in this PR
| @@ -110,10 +110,13 @@ impl AuthClient { | |||
| password: String, | |||
| encrypted_user_key: String, | |||
| ) -> Result<String> { | |||
| let encrypted_user_key = encrypted_user_key | |||
| .parse::<EncString>() | |||
There was a problem hiding this comment.
We can also parse into WrappedSymmetricKey here and remove the .into()
Suggested change
| .parse::<EncString>() | |
| .parse::<WrappedSymmetricKey>() |
| wrapped_key: String, | ||
| wrapping_key: Vec<u8>, | ||
| ) -> Result<Vec<u8>, CryptoError> { | ||
| let wrapped_key: WrappedSymmetricKey = EncString::from_str(&wrapped_key)?.into(); |
There was a problem hiding this comment.
Suggested change
| let wrapped_key: WrappedSymmetricKey = EncString::from_str(&wrapped_key)?.into(); | |
| let wrapped_key = WrappedSymmetricKey::from_str(&wrapped_key)?; |
| @@ -453,7 +454,7 @@ impl CipherView { | |||
| ctx: &mut KeyStoreContext<KeyIds>, | |||
| key: SymmetricKeyId, | |||
| ) -> Result<(), CryptoError> { | |||
| let old_ciphers_key = Cipher::decrypt_cipher_key(ctx, key, &self.key)?; | |||
| let old_ciphers_key = Cipher::decrypt_cipher_key(ctx, key, &self.key.take())?; | |||
There was a problem hiding this comment.
Now that the keys are wrapped, the take here can be removed.
| *attachment_key = dec_attachment_key.encrypt(ctx, new_key)?; | ||
| let tmp_attachment_key_id = SymmetricKeyId::Local("attachment_key"); | ||
| ctx.unwrap_symmetric_key(old_key, tmp_attachment_key_id, attachment_key)?; | ||
| *attachment_key = ctx.wrap_symmetric_key(new_key, tmp_attachment_key_id)?; |
There was a problem hiding this comment.
I'm wondering if we should offer a function in the context to do the unwrap/wrap for you, as we're already using it a couple of times here.
| @@ -489,8 +490,9 @@ impl CipherView { | |||
| if let Some(attachments) = &mut self.attachments { | |||
| for attachment in attachments { | |||
| if let Some(attachment_key) = &mut attachment.key { | |||
| let dec_attachment_key: Vec<u8> = attachment_key.decrypt(ctx, old_key)?; | |||
| *attachment_key = dec_attachment_key.encrypt(ctx, new_key)?; | |||
| let tmp_attachment_key_id = SymmetricKeyId::Local("attachment_key"); | |||
There was a problem hiding this comment.
Usually we declare these ids as const, we should probably do the same for consistency.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
🎟️ Tracking
https://bitwarden.atlassian.net/browse/PM-20493
📔 Objective
Refactors how wrapped keys are represented in the SDK. We now add a facade around them, that only exposes the unwrap method. Additionally, this exposes key-wrapping to wasm via PureCrypto, in order to act as a backwards compatibility layer for all clients code that has not been migrated to use the SDK entirely yet.
Note: This adds a new module - "safe" to the bitwarden-crypto crate. Any of the methods or structs exposed here should be used first and foremost before anything else within the crypto crate.
🦖 System evolution - "Safe module"
The safe module is meant to serve as a repository for developers to draw from first and foremost. We may want to re-consider moving all other unsafer methods (RSA encrypt, direct encrypt of data, pin-key, masterkey) into a module - hazmat - later on and moving safe to the top level, once the safe crate contains sufficient good abstractions.
The abstractions contained here should be simple to understand, easy to reason about, easy to use in combination and very hard to mis-use.
For instance, master-password unlock, and pin unlock could be represented as:
which completely eliminates the need for developers to care about synchronizing kdf settings and salts, or even caring about things like a masterkey existing.
⏰ Reminders before review
team
🦮 Reviewer guidelines
:+1:) or similar for great changes:memo:) or ℹ️ (:information_source:) for notes or general info:question:) for questions:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmedissue and could potentially benefit from discussion
:art:) for suggestions / improvements:x:) or:warning:) for more significant problems or concerns needing attention:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt:pick:) for minor or nitpick changes