Skip to content

[PM-20493] Add key wrapping / wrapped key facade for encstring & expose keywrap to purecrypto #221

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. Weโ€™ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
wants to merge 173 commits into
base: main
Choose a base branch
from
Draft

[PM-20493] Add key wrapping / wrapped key facade for encstring & expose keywrap to purecrypto #221

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
173 commits
Select commit Hold shift + click to select a range
72bcf39
Add xchacha20poly1305 crypto primitives
quexten Mar 7, 2025
0e68201
Cargo fmt
quexten Mar 7, 2025
a58c53f
Cleanup
quexten Mar 7, 2025
ba2d199
Cleanup
quexten Mar 7, 2025
7647256
Remove poly1305 dependency
quexten Mar 7, 2025
6bab049
Move comment
quexten Mar 7, 2025
6b241ec
Adjust interface according to feedback
quexten Mar 7, 2025
ced7213
Remove comment
quexten Mar 7, 2025
44e5ffd
Fix clippy warning
quexten Mar 7, 2025
366d79f
Merge branch 'main' into km/pm-15096/xchacha20-poly1305
quexten Mar 24, 2025
77e0252
tmp
quexten Mar 24, 2025
27fb7cf
Cleanup
quexten Mar 24, 2025
94eed96
Merge branch 'km/pm-15096/xchacha20-poly1305' into km/cose
quexten Mar 24, 2025
eab453f
Fix build
quexten Mar 26, 2025
941748a
Merge branch 'main' into km/cose
quexten Mar 26, 2025
43b117c
Add keyids
quexten Mar 26, 2025
4c7c724
Remove blake3 dependency
quexten Mar 26, 2025
5455f17
Remove poly1305
quexten Mar 26, 2025
c9882c6
Remove hash parse error
quexten Mar 26, 2025
cac04d3
tmp
quexten Mar 26, 2025
df9327c
Rename encrypt/decrypt to encapsulate/decapsulate and remove asymmetrโ€ฆ
quexten Mar 26, 2025
d6ab6ca
Merge branch 'km/poc-update-asymmetric-interface' into km/cose
quexten Mar 27, 2025
8df3dff
Only allow symmetric keys for encapsulation
quexten Mar 27, 2025
16c1a84
Remove unused imports
quexten Mar 27, 2025
351394f
Cleanup
quexten Mar 27, 2025
e221150
Cargo fmt
quexten Mar 27, 2025
ccf04c3
Add comments
quexten Mar 27, 2025
cce0a95
Fix tests
quexten Mar 27, 2025
b075993
Cargo fmt
quexten Mar 27, 2025
20420e7
Rename key encapsulation function
quexten Mar 27, 2025
96094cf
Fix comment
quexten Mar 27, 2025
5270715
Merge branch 'main' into km/poc-update-asymmetric-interface
quexten Mar 27, 2025
4167ce0
Merge branch 'main' into km/poc-update-asymmetric-interface
quexten Mar 28, 2025
fbddd87
Fix build and cleanup
quexten Mar 28, 2025
7cbb3aa
Merge asymmetric interface changes
quexten Mar 28, 2025
7d753ff
Merge branch 'km/poc-update-asymmetric-interface' into km/cose
quexten Mar 28, 2025
d4dc234
Fix clippy
quexten Mar 28, 2025
d5ecbdb
Fix example
quexten Mar 28, 2025
b0f3bbc
Remove unused dep
quexten Mar 28, 2025
fd6ee38
Remove unused error
quexten Mar 28, 2025
e18b3df
Update comment
quexten Mar 28, 2025
c1c1dbb
Simplify test code
quexten Apr 2, 2025
d6a52d4
Rename
quexten Apr 3, 2025
cc32629
Cargo fmt
quexten Apr 3, 2025
951664b
Add comment to unpad_key
quexten Apr 8, 2025
e52e614
Add more docs to pad_key and unpad_key
quexten Apr 8, 2025
f83641a
Fix capitalization
quexten Apr 8, 2025
ca2c1fa
Further improve docs
quexten Apr 8, 2025
dbc4713
Improve comment for to_encoded
quexten Apr 8, 2025
75899e2
Update crates/bitwarden-crypto/src/keys/key_id.rs
quexten Apr 8, 2025
38265a8
Delete param docs
quexten Apr 8, 2025
0871942
Merge branch 'km/cose' of github.com:bitwarden/sdk-internal into km/cose
quexten Apr 8, 2025
f7e75ac
Update cose encstring display impl
quexten Apr 8, 2025
665223a
Fix formatting
quexten Apr 8, 2025
8cd4d7b
Fix formatting when displaying unparseable cose
quexten Apr 8, 2025
0efa764
Update comment for decapsulate_key_unsigned
quexten Apr 14, 2025
2e2c3f5
Update naming to be consistent with sdk guidelines
quexten Apr 14, 2025
e156847
Split generate functions and fix namings
quexten Apr 14, 2025
c659247
Fix build
quexten Apr 14, 2025
9efe790
Change ciborium and coset versions to ranges
quexten Apr 14, 2025
4436cf9
Remove allow(unused)
quexten Apr 14, 2025
50af1a7
Remove unused error
quexten Apr 14, 2025
5bb8d7f
Undo change to rng in make_user_key
quexten Apr 14, 2025
eb13169
Clean up errors and pass through Cose error
quexten Apr 14, 2025
077f265
Cargo fmt
quexten Apr 14, 2025
fa305fe
Clean up constant time compare of symmetric crypto keys
quexten Apr 14, 2025
2ce0074
Add empty lines in match for readability
quexten Apr 14, 2025
b4e7ddb
Prevent unreachable code in encstring fmt function
quexten Apr 14, 2025
46301b1
Cleanup key conversion for xchacha20 encrypt/decrypt
quexten Apr 14, 2025
59e4e55
Cargo fmt
quexten Apr 14, 2025
77afef5
Rename to UnauthenticatedSharedKey
quexten Apr 17, 2025
9512d9d
Merge branch 'main' into km/poc-update-asymmetric-interface
quexten Apr 17, 2025
1b5d6d4
Add WrappedSymmetricCryptoKey
quexten Apr 18, 2025
3f84a20
Cleanup
quexten Apr 18, 2025
879e8c6
Merge branch 'main' into km/poc-update-asymmetric-interface
quexten Apr 21, 2025
0ff0e98
Update crates/bitwarden-crypto/src/enc_string/symmetric.rs
quexten Apr 21, 2025
d892b79
Update crates/bitwarden-crypto/src/enc_string/symmetric.rs
quexten Apr 21, 2025
a091992
Change xchacha keywrap to todo
quexten Apr 21, 2025
2bde54e
Make xchacha ciphertext struct members non-pub
quexten Apr 21, 2025
5ed9e20
Rename XChaCha20 encstring type to CoseEncrypt0
quexten Apr 21, 2025
b2f3044
Merge changes
quexten Apr 21, 2025
ccf286f
Merge branch 'km/cose' of github.com:bitwarden/sdk-internal into km/cose
quexten Apr 21, 2025
85b8438
Merge branch 'km/poc-update-asymmetric-interface' into km/cose
quexten Apr 21, 2025
08aa515
Fix build
quexten Apr 21, 2025
8441ad5
Fix remaining build errors
quexten Apr 21, 2025
59e644d
Fix clippy warnings
quexten Apr 21, 2025
4e0895f
Cargo fmt
quexten Apr 21, 2025
a8d073b
Fix documentation
quexten Apr 21, 2025
15b0f8e
Add non-null test values
quexten Apr 21, 2025
7703488
Merge branch 'km/poc-update-asymmetric-interface' of github.com:bitwaโ€ฆ
quexten Apr 21, 2025
239a297
Cargo fmt
quexten Apr 21, 2025
f63ad8b
Remove into()
quexten Apr 21, 2025
08ae2fd
Merge branch 'km/poc-update-asymmetric-interface' into km/cose
quexten Apr 21, 2025
7fb1a0a
Fix merge issue
quexten Apr 21, 2025
68b0ba2
Clean up key wrapping
quexten Apr 21, 2025
3e99550
Cargo fmt
quexten Apr 21, 2025
2107c96
Cleanup
quexten Apr 21, 2025
a98d014
Cleanup of generate key interfaces
quexten Apr 21, 2025
cddf006
Cargo fmt
quexten Apr 21, 2025
ae9a7da
Remove reference to pad_key
quexten Apr 21, 2025
3542d51
Cargo fmt
quexten Apr 22, 2025
df634d7
Migrate more code to use keywrap
quexten Apr 22, 2025
f2998a8
Expose to purecrypto and fix build issues
quexten Apr 22, 2025
16dc1e4
Cleanup
quexten Apr 22, 2025
e53ef35
Cargo fmt
quexten Apr 22, 2025
f416613
Fix clippy error
quexten Apr 22, 2025
69e8ce2
Fix docs
quexten Apr 22, 2025
aa064f1
Cleanup
quexten Apr 23, 2025
d148b6a
Add comment
quexten Apr 23, 2025
5b4b5a3
Fix build
quexten Apr 23, 2025
475ab53
Merge branch 'main' into km/wrapped-key
quexten Apr 23, 2025
849e4cb
Merge main
quexten Apr 23, 2025
0c39894
Merge branch 'main' into km/wrapped-key
quexten Apr 23, 2025
b04717e
Cargo fmt
quexten Apr 23, 2025
7dbd209
Merge branch 'km/wrapped-key' of github.com:bitwarden/sdk-internal inโ€ฆ
quexten Apr 23, 2025
df7b62e
Fix clippy warn
quexten Apr 23, 2025
2661f93
Cargo fmt
quexten Apr 23, 2025
3501b71
Cleanup
quexten Apr 23, 2025
d03ddd0
Cargo fmt
quexten Apr 23, 2025
7ab5b15
Tmp
quexten Apr 25, 2025
623587f
Cleanup naming
quexten Apr 25, 2025
bdbd6d3
Make inner conversion explicit
quexten Apr 25, 2025
f8a2053
Cleanup
quexten Apr 25, 2025
7c3511d
Cargo fmt
quexten Apr 25, 2025
e46b982
Cargo fmt
quexten Apr 25, 2025
d91477d
Fix docs
quexten Apr 25, 2025
db41105
Fix docs
quexten Apr 25, 2025
252a097
Add tests
quexten Apr 25, 2025
3d3d00a
Cargo fmt
quexten Apr 25, 2025
7278d09
Use cryptorng trait in make_user_key
quexten Apr 28, 2025
6214a50
Cleanup nonce in XChaChaPoly1305Ciphertext
quexten Apr 28, 2025
9da00d9
Cleanup SymmetricCryptoKey matching
quexten Apr 28, 2025
ef799b1
Cleanup SymmetricCryptoKey
quexten Apr 28, 2025
3e1b735
Remove unused From impl
quexten Apr 28, 2025
97401c5
Add cose to dictionary
quexten Apr 28, 2025
65a90a6
Add comment to XChaCha20Poly1305Key
quexten Apr 28, 2025
556ef55
Add comment explaining key wrap
quexten Apr 28, 2025
36a1b63
Cargo fmt
quexten Apr 28, 2025
bfa90d0
Fix clippy error
quexten Apr 28, 2025
c9a5c4a
Undo changes to rng
quexten Apr 28, 2025
1ed2549
Fix formatting
quexten Apr 28, 2025
19fef2f
Fix comment style
quexten Apr 28, 2025
00975bf
Add XChaCha to workspace spelling
quexten Apr 28, 2025
5175757
Clean up parse_cose_key match
quexten Apr 28, 2025
8477bb2
Remove EncString display impl and move to ToString / Debug
quexten Apr 28, 2025
515aa31
Fix clippy warning
quexten Apr 28, 2025
0f8298e
Fix debug format test
quexten Apr 28, 2025
17eceb1
Return result from unpad_key
quexten Apr 28, 2025
1c7cdcf
Move encrypt xchacha20 to cose module
quexten Apr 28, 2025
809a697
Move parse_cose_key to cose mod and make it a TryFrom impl
quexten Apr 28, 2025
6119a48
Move decrypt_xchacha20_poly1305 to cose module
quexten Apr 28, 2025
89a6a62
Add comments
quexten Apr 28, 2025
ffe306e
Add ciphertext to workspace settings
quexten Apr 28, 2025
6b5c288
Run cargo fmt
quexten Apr 28, 2025
a1a5a02
Remove unneeded ref
quexten Apr 28, 2025
b21df8b
Fix comment
quexten Apr 28, 2025
91b2465
Rename SymmetricCryptoKey::generate_* to ::make_*
quexten Apr 28, 2025
b22ad28
Merge branch 'km/cose' into km/wrapped-key
quexten Apr 29, 2025
7643a54
Use wrapped key in more places
quexten Apr 29, 2025
3b4e445
Wasm custom type for wrappedSymmetricKey
quexten Apr 29, 2025
1b7dd69
Cleanup
quexten Apr 30, 2025
64d2d50
Cargo fmt
quexten Apr 30, 2025
c40208c
Merge branch 'main' into km/wrapped-key
quexten May 6, 2025
efcc194
Cleanup
quexten May 6, 2025
3c20a6c
Cargo fmt
quexten May 6, 2025
f04fb2d
Fix formatting
quexten May 6, 2025
a2dd716
Cargo fmt
quexten May 6, 2025
28d1e6f
Add dummy record to force WrappedSymmetricCryptoKey to be emitted in โ€ฆ
quexten May 7, 2025
10904f3
Cargo fmt
quexten May 7, 2025
66c9ae6
Give Uniffi dummy record unique name
quexten May 7, 2025
6eb359d
Move keywrap out of context
quexten May 7, 2025
efa1310
Fix clippy warn
quexten May 7, 2025
34cf082
Cleanup
quexten May 7, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 4 additions & 5 deletions crates/bitwarden-core/src/auth/auth_client.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@
use bitwarden_crypto::WrappedSymmetricKey;
#[cfg(feature = "internal")]
use bitwarden_crypto::{
CryptoError, DeviceKey, EncString, Kdf, TrustDeviceResponse, UnsignedSharedKey,
};
use bitwarden_crypto::{CryptoError, DeviceKey, Kdf, TrustDeviceResponse, UnsignedSharedKey};

#[cfg(feature = "secrets")]
use crate::auth::login::{login_access_token, AccessTokenLoginRequest, AccessTokenLoginResponse};
Expand Down Expand Up @@ -135,15 +134,15 @@
pub fn validate_password_user_key(
&self,
password: String,
encrypted_user_key: String,
encrypted_user_key: WrappedSymmetricKey,

Check warning on line 137 in crates/bitwarden-core/src/auth/auth_client.rs

View check run for this annotation

Codecov / codecov/patch

crates/bitwarden-core/src/auth/auth_client.rs#L137 

Added line #L137 was not covered by tests
) -> Result<String, AuthValidateError> {
validate_password_user_key(&self.client, password, encrypted_user_key)
}

pub fn validate_pin(
&self,
pin: String,
pin_protected_user_key: EncString,
pin_protected_user_key: WrappedSymmetricKey,

Check warning on line 145 in crates/bitwarden-core/src/auth/auth_client.rs

View check run for this annotation

Codecov / codecov/patch

crates/bitwarden-core/src/auth/auth_client.rs#L145 

Added line #L145 was not covered by tests
) -> Result<bool, AuthValidateError> {
validate_pin(&self.client, pin, pin_protected_user_key)
}
Expand Down
18 changes: 11 additions & 7 deletions crates/bitwarden-core/src/auth/auth_request.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,7 @@ pub(crate) fn auth_request_decrypt_master_key(
let master_key: SymmetricCryptoKey = master_key.decapsulate_key_unsigned(&key)?;
let master_key = MasterKey::try_from(&master_key)?;

Ok(master_key.decrypt_user_key(user_key)?)
Ok(master_key.decrypt_user_key(user_key.into())?)
}

#[allow(missing_docs)]
Expand Down Expand Up @@ -137,7 +137,7 @@ fn test_auth_request() {
mod tests {
use std::num::NonZeroU32;

use bitwarden_crypto::{Kdf, MasterKey};
use bitwarden_crypto::{EncString, Kdf, MasterKey};

use super::*;
use crate::{
Expand All @@ -158,11 +158,11 @@ mod tests {
)
.unwrap();

let user_key = "2.Q/2PhzcC7GdeiMHhWguYAQ==|GpqzVdr0go0ug5cZh1n+uixeBC3oC90CIe0hd/HWA/pTRDZ8ane4fmsEIcuc8eMKUt55Y2q/fbNzsYu41YTZzzsJUSeqVjT8/iTQtgnNdpo=|dwI+uyvZ1h/iZ03VQ+/wrGEFYVewBUUl/syYgjsNMbE=".parse().unwrap();
let user_key: EncString = "2.Q/2PhzcC7GdeiMHhWguYAQ==|GpqzVdr0go0ug5cZh1n+uixeBC3oC90CIe0hd/HWA/pTRDZ8ane4fmsEIcuc8eMKUt55Y2q/fbNzsYu41YTZzzsJUSeqVjT8/iTQtgnNdpo=|dwI+uyvZ1h/iZ03VQ+/wrGEFYVewBUUl/syYgjsNMbE=".parse().unwrap();
let private_key ="2.yN7l00BOlUE0Sb0M//Q53w==|EwKG/BduQRQ33Izqc/ogoBROIoI5dmgrxSo82sgzgAMIBt3A2FZ9vPRMY+GWT85JiqytDitGR3TqwnFUBhKUpRRAq4x7rA6A1arHrFp5Tp1p21O3SfjtvB3quiOKbqWk6ZaU1Np9HwqwAecddFcB0YyBEiRX3VwF2pgpAdiPbSMuvo2qIgyob0CUoC/h4Bz1be7Qa7B0Xw9/fMKkB1LpOm925lzqosyMQM62YpMGkjMsbZz0uPopu32fxzDWSPr+kekNNyLt9InGhTpxLmq1go/pXR2uw5dfpXc5yuta7DB0EGBwnQ8Vl5HPdDooqOTD9I1jE0mRyuBpWTTI3FRnu3JUh3rIyGBJhUmHqGZvw2CKdqHCIrQeQkkEYqOeJRJVdBjhv5KGJifqT3BFRwX/YFJIChAQpebNQKXe/0kPivWokHWwXlDB7S7mBZzhaAPidZvnuIhalE2qmTypDwHy22FyqV58T8MGGMchcASDi/QXI6kcdpJzPXSeU9o+NC68QDlOIrMVxKFeE7w7PvVmAaxEo0YwmuAzzKy9QpdlK0aab/xEi8V4iXj4hGepqAvHkXIQd+r3FNeiLfllkb61p6WTjr5urcmDQMR94/wYoilpG5OlybHdbhsYHvIzYoLrC7fzl630gcO6t4nM24vdB6Ymg9BVpEgKRAxSbE62Tqacxqnz9AcmgItb48NiR/He3n3ydGjPYuKk/ihZMgEwAEZvSlNxYONSbYrIGDtOY+8Nbt6KiH3l06wjZW8tcmFeVlWv+tWotnTY9IqlAfvNVTjtsobqtQnvsiDjdEVtNy/s2ci5TH+NdZluca2OVEr91Wayxh70kpM6ib4UGbfdmGgCo74gtKvKSJU0rTHakQ5L9JlaSDD5FamBRyI0qfL43Ad9qOUZ8DaffDCyuaVyuqk7cz9HwmEmvWU3VQ+5t06n/5kRDXttcw8w+3qClEEdGo1KeENcnXCB32dQe3tDTFpuAIMLqwXs6FhpawfZ5kPYvLPczGWaqftIs/RXJ/EltGc0ugw2dmTLpoQhCqrcKEBDoYVk0LDZKsnzitOGdi9mOWse7Se8798ib1UsHFUjGzISEt6upestxOeupSTOh0v4+AjXbDzRUyogHww3V+Bqg71bkcMxtB+WM+pn1XNbVTyl9NR040nhP7KEf6e9ruXAtmrBC2ah5cFEpLIot77VFZ9ilLuitSz+7T8n1yAh1IEG6xxXxninAZIzi2qGbH69O5RSpOJuJTv17zTLJQIIc781JwQ2TTwTGnx5wZLbffhCasowJKd2EVcyMJyhz6ru0PvXWJ4hUdkARJs3Xu8dus9a86N8Xk6aAPzBDqzYb1vyFIfBxP0oO8xFHgd30Cgmz8UrSE3qeWRrF8ftrI6xQnFjHBGWD/JWSvd6YMcQED0aVuQkuNW9ST/DzQThPzRfPUoiL10yAmV7Ytu4fR3x2sF0Yfi87YhHFuCMpV/DsqxmUizyiJuD938eRcH8hzR/VO53Qo3UIsqOLcyXtTv6THjSlTopQ+JOLOnHm1w8dzYbLN44OG44rRsbihMUQp+wUZ6bsI8rrOnm9WErzkbQFbrfAINdoCiNa6cimYIjvvnMTaFWNymqY1vZxGztQiMiHiHYwTfwHTXrb9j0uPM=|09J28iXv9oWzYtzK2LBT6Yht4IT4MijEkk0fwFdrVQ4=".parse().unwrap();
client
.internal
.initialize_user_crypto_master_key(master_key, user_key, private_key)
.initialize_user_crypto_master_key(master_key, user_key.into(), private_key)
.unwrap();

let public_key = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvyLRDUwXB4BfQ507D4meFPmwn5zwy3IqTPJO4plrrhnclWahXa240BzyFW9gHgYu+Jrgms5xBfRTBMcEsqqNm7+JpB6C1B6yvnik0DpJgWQw1rwvy4SUYidpR/AWbQi47n/hvnmzI/sQxGddVfvWu1iTKOlf5blbKYAXnUE5DZBGnrWfacNXwRRdtP06tFB0LwDgw+91CeLSJ9py6dm1qX5JIxoO8StJOQl65goLCdrTWlox+0Jh4xFUfCkb+s3px+OhSCzJbvG/hlrSRcUz5GnwlCEyF3v5lfUtV96MJD+78d8pmH6CfFAp2wxKRAbGdk+JccJYO6y6oIXd3Fm7twIDAQAB";
Expand Down Expand Up @@ -196,7 +196,7 @@ mod tests {
let private_key = "MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCzLtEUdxfcLxDj84yaGFsVF5hZ8Hjlb08NMQDy1RnBma06I3ZESshLYzVz4r/gegMn9OOltfV/Yxlyvida8oW6qdlfJ7AVz6Oa8pV7BiL40C7b76+oqraQpyYw2HChANB1AhXL9SqWngKmLZwjA7qiCrmcc0kZHeOb4KnKtp9iVvPVs+8veFvKgYO4ba2AAOHKFdR0W55/agXfAy+fWUAkC8mc9ikyJdQWaPV6OZvC2XFkOseBQm9Rynudh3BQpoWiL6w620efe7t5k+02/EyOFJL9f/XEEjM/+Yo0t3LAfkuhHGeKiRST59Xc9hTEmyJTeVXROtz+0fjqOp3xkaObAgMBAAECggEACs4xhnO0HaZhh1/iH7zORMIRXKeyxP2LQiTR8xwN5JJ9wRWmGAR9VasS7EZFTDidIGVME2u/h4s5EqXnhxfO+0gGksVvgNXJ/qw87E8K2216g6ZNo6vSGA7H1GH2voWwejJ4/k/cJug6dz2S402rRAKh2Wong1arYHSkVlQp3diiMa5FHAOSE+Cy09O2ZsaF9IXQYUtlW6AVXFrBEPYH2kvkaPXchh8VETMijo6tbvoKLnUHe+wTaDMls7hy8exjtVyI59r3DNzjy1lNGaGb5QSnFMXR+eHhPZc844Wv02MxC15zKABADrl58gpJyjTl6XpDdHCYGsmGpVGH3X9TQQKBgQDz/9beFjzq59ve6rGwn+EtnQfSsyYT+jr7GN8lNEXb3YOFXBgPhfFIcHRh2R00Vm9w2ApfAx2cd8xm2I6HuvQ1Os7g26LWazvuWY0Qzb+KaCLQTEGH1RnTq6CCG+BTRq/a3J8M4t38GV5TWlzv8wr9U4dl6FR4efjb65HXs1GQ4QKBgQC7/uHfrOTEHrLeIeqEuSl0vWNqEotFKdKLV6xpOvNuxDGbgW4/r/zaxDqt0YBOXmRbQYSEhmO3oy9J6XfE1SUln0gbavZeW0HESCAmUIC88bDnspUwS9RxauqT5aF8ODKN/bNCWCnBM1xyonPOs1oT1nyparJVdQoG//Y7vkB3+wKBgBqLqPq8fKAp3XfhHLfUjREDVoiLyQa/YI9U42IOz9LdxKNLo6p8rgVthpvmnRDGnpUuS+KOWjhdqDVANjF6G3t3DG7WNl8Rh5Gk2H4NhFswfSkgQrjebFLlBy9gjQVCWXt8KSmjvPbiY6q52Aaa8IUjA0YJAregvXxfopxO+/7BAoGARicvEtDp7WWnSc1OPoj6N14VIxgYcI7SyrzE0d/1x3ffKzB5e7qomNpxKzvqrVP8DzG7ydh8jaKPmv1MfF8tpYRy3AhmN3/GYwCnPqT75YYrhcrWcVdax5gmQVqHkFtIQkRSCIftzPLlpMGKha/YBV8c1fvC4LD0NPh/Ynv0gtECgYEAyOZg95/kte0jpgUEgwuMrzkhY/AaUJULFuR5MkyvReEbtSBQwV5tx60+T95PHNiFooWWVXiLMsAgyI2IbkxVR1Pzdri3gWK5CTfqb7kLuaj/B7SGvBa2Sxo478KS5K8tBBBWkITqo+wLC0mn3uZi1dyMWO1zopTA+KtEGF2dtGQ=";

let enc_master_key = "4.dxbd5OMwi/Avy7DQxvLV+Z7kDJgHBtg/jAbgYNO7QU0Zii4rLFNco2lS5aS9z42LTZHc2p5HYwn2ZwkZNfHsQ6//d5q40MDgGYJMKBXOZP62ZHhct1XsvYBmtcUtIOm5j2HSjt2pjEuGAc1LbyGIWRJJQ3Lp1ULbL2m71I+P23GF36JyOM8SUWvpvxE/3+qqVhRFPG2VqMCYa2kLLxwVfUmpV+KKjX1TXsrq6pfJIwHNwHw4h7MSfD8xTy2bx4MiBt638Z9Vt1pGsSQkh9RgPvCbnhuCpZQloUgJ8ByLVEcrlKx3yaaxiQXvte+ZhuOI7rGdjmoVoOzisooje4JgYw==".parse().unwrap();
let enc_user_key = "2.Q/2PhzcC7GdeiMHhWguYAQ==|GpqzVdr0go0ug5cZh1n+uixeBC3oC90CIe0hd/HWA/pTRDZ8ane4fmsEIcuc8eMKUt55Y2q/fbNzsYu41YTZzzsJUSeqVjT8/iTQtgnNdpo=|dwI+uyvZ1h/iZ03VQ+/wrGEFYVewBUUl/syYgjsNMbE=".parse().unwrap();
let enc_user_key: EncString = "2.Q/2PhzcC7GdeiMHhWguYAQ==|GpqzVdr0go0ug5cZh1n+uixeBC3oC90CIe0hd/HWA/pTRDZ8ane4fmsEIcuc8eMKUt55Y2q/fbNzsYu41YTZzzsJUSeqVjT8/iTQtgnNdpo=|dwI+uyvZ1h/iZ03VQ+/wrGEFYVewBUUl/syYgjsNMbE=".parse().unwrap();
let dec =
auth_request_decrypt_master_key(private_key.to_owned(), enc_master_key, enc_user_key)
.unwrap();
Expand All @@ -219,7 +219,7 @@ mod tests {
};
let email = "[email protected]";

let user_key = "2.Q/2PhzcC7GdeiMHhWguYAQ==|GpqzVdr0go0ug5cZh1n+uixeBC3oC90CIe0hd/HWA/pTRDZ8ane4fmsEIcuc8eMKUt55Y2q/fbNzsYu41YTZzzsJUSeqVjT8/iTQtgnNdpo=|dwI+uyvZ1h/iZ03VQ+/wrGEFYVewBUUl/syYgjsNMbE=".parse().unwrap();
let user_key: EncString = "2.Q/2PhzcC7GdeiMHhWguYAQ==|GpqzVdr0go0ug5cZh1n+uixeBC3oC90CIe0hd/HWA/pTRDZ8ane4fmsEIcuc8eMKUt55Y2q/fbNzsYu41YTZzzsJUSeqVjT8/iTQtgnNdpo=|dwI+uyvZ1h/iZ03VQ+/wrGEFYVewBUUl/syYgjsNMbE=".parse().unwrap();
let private_key = "2.yN7l00BOlUE0Sb0M//Q53w==|EwKG/BduQRQ33Izqc/ogoBROIoI5dmgrxSo82sgzgAMIBt3A2FZ9vPRMY+GWT85JiqytDitGR3TqwnFUBhKUpRRAq4x7rA6A1arHrFp5Tp1p21O3SfjtvB3quiOKbqWk6ZaU1Np9HwqwAecddFcB0YyBEiRX3VwF2pgpAdiPbSMuvo2qIgyob0CUoC/h4Bz1be7Qa7B0Xw9/fMKkB1LpOm925lzqosyMQM62YpMGkjMsbZz0uPopu32fxzDWSPr+kekNNyLt9InGhTpxLmq1go/pXR2uw5dfpXc5yuta7DB0EGBwnQ8Vl5HPdDooqOTD9I1jE0mRyuBpWTTI3FRnu3JUh3rIyGBJhUmHqGZvw2CKdqHCIrQeQkkEYqOeJRJVdBjhv5KGJifqT3BFRwX/YFJIChAQpebNQKXe/0kPivWokHWwXlDB7S7mBZzhaAPidZvnuIhalE2qmTypDwHy22FyqV58T8MGGMchcASDi/QXI6kcdpJzPXSeU9o+NC68QDlOIrMVxKFeE7w7PvVmAaxEo0YwmuAzzKy9QpdlK0aab/xEi8V4iXj4hGepqAvHkXIQd+r3FNeiLfllkb61p6WTjr5urcmDQMR94/wYoilpG5OlybHdbhsYHvIzYoLrC7fzl630gcO6t4nM24vdB6Ymg9BVpEgKRAxSbE62Tqacxqnz9AcmgItb48NiR/He3n3ydGjPYuKk/ihZMgEwAEZvSlNxYONSbYrIGDtOY+8Nbt6KiH3l06wjZW8tcmFeVlWv+tWotnTY9IqlAfvNVTjtsobqtQnvsiDjdEVtNy/s2ci5TH+NdZluca2OVEr91Wayxh70kpM6ib4UGbfdmGgCo74gtKvKSJU0rTHakQ5L9JlaSDD5FamBRyI0qfL43Ad9qOUZ8DaffDCyuaVyuqk7cz9HwmEmvWU3VQ+5t06n/5kRDXttcw8w+3qClEEdGo1KeENcnXCB32dQe3tDTFpuAIMLqwXs6FhpawfZ5kPYvLPczGWaqftIs/RXJ/EltGc0ugw2dmTLpoQhCqrcKEBDoYVk0LDZKsnzitOGdi9mOWse7Se8798ib1UsHFUjGzISEt6upestxOeupSTOh0v4+AjXbDzRUyogHww3V+Bqg71bkcMxtB+WM+pn1XNbVTyl9NR040nhP7KEf6e9ruXAtmrBC2ah5cFEpLIot77VFZ9ilLuitSz+7T8n1yAh1IEG6xxXxninAZIzi2qGbH69O5RSpOJuJTv17zTLJQIIc781JwQ2TTwTGnx5wZLbffhCasowJKd2EVcyMJyhz6ru0PvXWJ4hUdkARJs3Xu8dus9a86N8Xk6aAPzBDqzYb1vyFIfBxP0oO8xFHgd30Cgmz8UrSE3qeWRrF8ftrI6xQnFjHBGWD/JWSvd6YMcQED0aVuQkuNW9ST/DzQThPzRfPUoiL10yAmV7Ytu4fR3x2sF0Yfi87YhHFuCMpV/DsqxmUizyiJuD938eRcH8hzR/VO53Qo3UIsqOLcyXtTv6THjSlTopQ+JOLOnHm1w8dzYbLN44OG44rRsbihMUQp+wUZ6bsI8rrOnm9WErzkbQFbrfAINdoCiNa6cimYIjvvnMTaFWNymqY1vZxGztQiMiHiHYwTfwHTXrb9j0uPM=|09J28iXv9oWzYtzK2LBT6Yht4IT4MijEkk0fwFdrVQ4=";

// Initialize an existing client which is unlocked
Expand All @@ -229,7 +229,11 @@ mod tests {

existing_device
.internal
.initialize_user_crypto_master_key(master_key, user_key, private_key.parse().unwrap())
.initialize_user_crypto_master_key(
master_key,
user_key.into(),
private_key.parse().unwrap(),
)
.unwrap();

// Initialize a new device which will request to be logged in
Expand Down
2 changes: 1 addition & 1 deletion crates/bitwarden-core/src/auth/key_connector.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ pub(super) fn make_key_connector_keys(

Ok(KeyConnectorResponse {
master_key: master_key.to_base64(),
encrypted_user_key: encrypted_user_key.to_string(),
encrypted_user_key: encrypted_user_key.into_inner().to_string(),
keys,
})
}
Expand Down
8 changes: 5 additions & 3 deletions crates/bitwarden-core/src/auth/login/api_key.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,9 +51,11 @@
let user_key: EncString = require!(r.key.as_deref()).parse()?;
let private_key: EncString = require!(r.private_key.as_deref()).parse()?;

client
.internal
.initialize_user_crypto_master_key(master_key, user_key, private_key)?;
client.internal.initialize_user_crypto_master_key(
master_key,
user_key.into(),
private_key,
)?;

Check warning on line 58 in crates/bitwarden-core/src/auth/login/api_key.rs

View check run for this annotation

Codecov / codecov/patch

crates/bitwarden-core/src/auth/login/api_key.rs#L54-L58 

Added lines #L54 - L58 were not covered by tests
}

Ok(ApiKeyLoginResponse::process_response(response))
Expand Down
8 changes: 5 additions & 3 deletions crates/bitwarden-core/src/auth/login/password.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,9 +53,11 @@
let user_key: EncString = require!(r.key.as_deref()).parse()?;
let private_key: EncString = require!(r.private_key.as_deref()).parse()?;

client
.internal
.initialize_user_crypto_master_key(master_key, user_key, private_key)?;
client.internal.initialize_user_crypto_master_key(
master_key,
user_key.into(),
private_key,
)?;

Check warning on line 60 in crates/bitwarden-core/src/auth/login/password.rs

View check run for this annotation

Codecov / codecov/patch

crates/bitwarden-core/src/auth/login/password.rs#L56-L60 

Added lines #L56 - L60 were not covered by tests
}

Ok(PasswordLoginResponse::process_response(response))
Expand Down
22 changes: 11 additions & 11 deletions crates/bitwarden-core/src/auth/password/validate.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
use bitwarden_crypto::{HashPurpose, MasterKey};
use bitwarden_crypto::{HashPurpose, MasterKey, WrappedSymmetricKey};

use crate::{
auth::{password::determine_password_hash, AuthValidateError},
Expand Down Expand Up @@ -40,7 +40,7 @@ pub(crate) fn validate_password(
pub(crate) fn validate_password_user_key(
client: &Client,
password: String,
encrypted_user_key: String,
encrypted_user_key: WrappedSymmetricKey,
) -> Result<String, AuthValidateError> {
use crate::key_management::SymmetricKeyId;

Expand All @@ -56,7 +56,7 @@ pub(crate) fn validate_password_user_key(
| UserLoginMethod::ApiKey { email, kdf, .. } => {
let master_key = MasterKey::derive(&password, email, kdf)?;
let user_key = master_key
.decrypt_user_key(encrypted_user_key.parse()?)
.decrypt_user_key(encrypted_user_key)
.map_err(|_| WrongPasswordError)?;

let key_store = client.internal.get_key_store();
Expand All @@ -80,7 +80,7 @@ pub(crate) fn validate_password_user_key(

#[cfg(test)]
mod tests {
use bitwarden_crypto::Kdf;
use bitwarden_crypto::{EncString, Kdf};

use crate::auth::password::{validate::validate_password_user_key, validate_password};

Expand Down Expand Up @@ -135,16 +135,16 @@ mod tests {

let master_key = MasterKey::derive(password, email, &kdf).unwrap();

let user_key = "2.Q/2PhzcC7GdeiMHhWguYAQ==|GpqzVdr0go0ug5cZh1n+uixeBC3oC90CIe0hd/HWA/pTRDZ8ane4fmsEIcuc8eMKUt55Y2q/fbNzsYu41YTZzzsJUSeqVjT8/iTQtgnNdpo=|dwI+uyvZ1h/iZ03VQ+/wrGEFYVewBUUl/syYgjsNMbE=";
let user_key: EncString = "2.Q/2PhzcC7GdeiMHhWguYAQ==|GpqzVdr0go0ug5cZh1n+uixeBC3oC90CIe0hd/HWA/pTRDZ8ane4fmsEIcuc8eMKUt55Y2q/fbNzsYu41YTZzzsJUSeqVjT8/iTQtgnNdpo=|dwI+uyvZ1h/iZ03VQ+/wrGEFYVewBUUl/syYgjsNMbE=".parse().unwrap();
let private_key = "2.yN7l00BOlUE0Sb0M//Q53w==|EwKG/BduQRQ33Izqc/ogoBROIoI5dmgrxSo82sgzgAMIBt3A2FZ9vPRMY+GWT85JiqytDitGR3TqwnFUBhKUpRRAq4x7rA6A1arHrFp5Tp1p21O3SfjtvB3quiOKbqWk6ZaU1Np9HwqwAecddFcB0YyBEiRX3VwF2pgpAdiPbSMuvo2qIgyob0CUoC/h4Bz1be7Qa7B0Xw9/fMKkB1LpOm925lzqosyMQM62YpMGkjMsbZz0uPopu32fxzDWSPr+kekNNyLt9InGhTpxLmq1go/pXR2uw5dfpXc5yuta7DB0EGBwnQ8Vl5HPdDooqOTD9I1jE0mRyuBpWTTI3FRnu3JUh3rIyGBJhUmHqGZvw2CKdqHCIrQeQkkEYqOeJRJVdBjhv5KGJifqT3BFRwX/YFJIChAQpebNQKXe/0kPivWokHWwXlDB7S7mBZzhaAPidZvnuIhalE2qmTypDwHy22FyqV58T8MGGMchcASDi/QXI6kcdpJzPXSeU9o+NC68QDlOIrMVxKFeE7w7PvVmAaxEo0YwmuAzzKy9QpdlK0aab/xEi8V4iXj4hGepqAvHkXIQd+r3FNeiLfllkb61p6WTjr5urcmDQMR94/wYoilpG5OlybHdbhsYHvIzYoLrC7fzl630gcO6t4nM24vdB6Ymg9BVpEgKRAxSbE62Tqacxqnz9AcmgItb48NiR/He3n3ydGjPYuKk/ihZMgEwAEZvSlNxYONSbYrIGDtOY+8Nbt6KiH3l06wjZW8tcmFeVlWv+tWotnTY9IqlAfvNVTjtsobqtQnvsiDjdEVtNy/s2ci5TH+NdZluca2OVEr91Wayxh70kpM6ib4UGbfdmGgCo74gtKvKSJU0rTHakQ5L9JlaSDD5FamBRyI0qfL43Ad9qOUZ8DaffDCyuaVyuqk7cz9HwmEmvWU3VQ+5t06n/5kRDXttcw8w+3qClEEdGo1KeENcnXCB32dQe3tDTFpuAIMLqwXs6FhpawfZ5kPYvLPczGWaqftIs/RXJ/EltGc0ugw2dmTLpoQhCqrcKEBDoYVk0LDZKsnzitOGdi9mOWse7Se8798ib1UsHFUjGzISEt6upestxOeupSTOh0v4+AjXbDzRUyogHww3V+Bqg71bkcMxtB+WM+pn1XNbVTyl9NR040nhP7KEf6e9ruXAtmrBC2ah5cFEpLIot77VFZ9ilLuitSz+7T8n1yAh1IEG6xxXxninAZIzi2qGbH69O5RSpOJuJTv17zTLJQIIc781JwQ2TTwTGnx5wZLbffhCasowJKd2EVcyMJyhz6ru0PvXWJ4hUdkARJs3Xu8dus9a86N8Xk6aAPzBDqzYb1vyFIfBxP0oO8xFHgd30Cgmz8UrSE3qeWRrF8ftrI6xQnFjHBGWD/JWSvd6YMcQED0aVuQkuNW9ST/DzQThPzRfPUoiL10yAmV7Ytu4fR3x2sF0Yfi87YhHFuCMpV/DsqxmUizyiJuD938eRcH8hzR/VO53Qo3UIsqOLcyXtTv6THjSlTopQ+JOLOnHm1w8dzYbLN44OG44rRsbihMUQp+wUZ6bsI8rrOnm9WErzkbQFbrfAINdoCiNa6cimYIjvvnMTaFWNymqY1vZxGztQiMiHiHYwTfwHTXrb9j0uPM=|09J28iXv9oWzYtzK2LBT6Yht4IT4MijEkk0fwFdrVQ4=".parse().unwrap();

client
.internal
.initialize_user_crypto_master_key(master_key, user_key.parse().unwrap(), private_key)
.initialize_user_crypto_master_key(master_key, user_key.clone().into(), private_key)
.unwrap();

let result =
validate_password_user_key(&client, "asdfasdfasdf".to_owned(), user_key.to_string())
validate_password_user_key(&client, "asdfasdfasdf".to_owned(), user_key.into())
.unwrap();

assert_eq!(result, "aOvkBXFhSdgrBWR3hZCMRoML9+h5yRblU3lFphCdkeA=");
Expand All @@ -156,7 +156,7 @@ mod tests {
fn test_validate_password_user_key_wrong_password() {
use std::num::NonZeroU32;

use bitwarden_crypto::{Kdf, MasterKey};
use bitwarden_crypto::{EncString, Kdf, MasterKey};

use crate::client::{Client, LoginMethod, UserLoginMethod};

Expand All @@ -178,16 +178,16 @@ mod tests {

let master_key = MasterKey::derive(password, email, &kdf).unwrap();

let user_key = "2.Q/2PhzcC7GdeiMHhWguYAQ==|GpqzVdr0go0ug5cZh1n+uixeBC3oC90CIe0hd/HWA/pTRDZ8ane4fmsEIcuc8eMKUt55Y2q/fbNzsYu41YTZzzsJUSeqVjT8/iTQtgnNdpo=|dwI+uyvZ1h/iZ03VQ+/wrGEFYVewBUUl/syYgjsNMbE=";
let user_key: EncString = "2.Q/2PhzcC7GdeiMHhWguYAQ==|GpqzVdr0go0ug5cZh1n+uixeBC3oC90CIe0hd/HWA/pTRDZ8ane4fmsEIcuc8eMKUt55Y2q/fbNzsYu41YTZzzsJUSeqVjT8/iTQtgnNdpo=|dwI+uyvZ1h/iZ03VQ+/wrGEFYVewBUUl/syYgjsNMbE=".parse().unwrap();
let private_key = "2.yN7l00BOlUE0Sb0M//Q53w==|EwKG/BduQRQ33Izqc/ogoBROIoI5dmgrxSo82sgzgAMIBt3A2FZ9vPRMY+GWT85JiqytDitGR3TqwnFUBhKUpRRAq4x7rA6A1arHrFp5Tp1p21O3SfjtvB3quiOKbqWk6ZaU1Np9HwqwAecddFcB0YyBEiRX3VwF2pgpAdiPbSMuvo2qIgyob0CUoC/h4Bz1be7Qa7B0Xw9/fMKkB1LpOm925lzqosyMQM62YpMGkjMsbZz0uPopu32fxzDWSPr+kekNNyLt9InGhTpxLmq1go/pXR2uw5dfpXc5yuta7DB0EGBwnQ8Vl5HPdDooqOTD9I1jE0mRyuBpWTTI3FRnu3JUh3rIyGBJhUmHqGZvw2CKdqHCIrQeQkkEYqOeJRJVdBjhv5KGJifqT3BFRwX/YFJIChAQpebNQKXe/0kPivWokHWwXlDB7S7mBZzhaAPidZvnuIhalE2qmTypDwHy22FyqV58T8MGGMchcASDi/QXI6kcdpJzPXSeU9o+NC68QDlOIrMVxKFeE7w7PvVmAaxEo0YwmuAzzKy9QpdlK0aab/xEi8V4iXj4hGepqAvHkXIQd+r3FNeiLfllkb61p6WTjr5urcmDQMR94/wYoilpG5OlybHdbhsYHvIzYoLrC7fzl630gcO6t4nM24vdB6Ymg9BVpEgKRAxSbE62Tqacxqnz9AcmgItb48NiR/He3n3ydGjPYuKk/ihZMgEwAEZvSlNxYONSbYrIGDtOY+8Nbt6KiH3l06wjZW8tcmFeVlWv+tWotnTY9IqlAfvNVTjtsobqtQnvsiDjdEVtNy/s2ci5TH+NdZluca2OVEr91Wayxh70kpM6ib4UGbfdmGgCo74gtKvKSJU0rTHakQ5L9JlaSDD5FamBRyI0qfL43Ad9qOUZ8DaffDCyuaVyuqk7cz9HwmEmvWU3VQ+5t06n/5kRDXttcw8w+3qClEEdGo1KeENcnXCB32dQe3tDTFpuAIMLqwXs6FhpawfZ5kPYvLPczGWaqftIs/RXJ/EltGc0ugw2dmTLpoQhCqrcKEBDoYVk0LDZKsnzitOGdi9mOWse7Se8798ib1UsHFUjGzISEt6upestxOeupSTOh0v4+AjXbDzRUyogHww3V+Bqg71bkcMxtB+WM+pn1XNbVTyl9NR040nhP7KEf6e9ruXAtmrBC2ah5cFEpLIot77VFZ9ilLuitSz+7T8n1yAh1IEG6xxXxninAZIzi2qGbH69O5RSpOJuJTv17zTLJQIIc781JwQ2TTwTGnx5wZLbffhCasowJKd2EVcyMJyhz6ru0PvXWJ4hUdkARJs3Xu8dus9a86N8Xk6aAPzBDqzYb1vyFIfBxP0oO8xFHgd30Cgmz8UrSE3qeWRrF8ftrI6xQnFjHBGWD/JWSvd6YMcQED0aVuQkuNW9ST/DzQThPzRfPUoiL10yAmV7Ytu4fR3x2sF0Yfi87YhHFuCMpV/DsqxmUizyiJuD938eRcH8hzR/VO53Qo3UIsqOLcyXtTv6THjSlTopQ+JOLOnHm1w8dzYbLN44OG44rRsbihMUQp+wUZ6bsI8rrOnm9WErzkbQFbrfAINdoCiNa6cimYIjvvnMTaFWNymqY1vZxGztQiMiHiHYwTfwHTXrb9j0uPM=|09J28iXv9oWzYtzK2LBT6Yht4IT4MijEkk0fwFdrVQ4=".parse().unwrap();

client
.internal
.initialize_user_crypto_master_key(master_key, user_key.parse().unwrap(), private_key)
.initialize_user_crypto_master_key(master_key, user_key.clone().into(), private_key)
.unwrap();

let result =
validate_password_user_key(&client, "asdfasdfasdf".to_string(), user_key.to_string())
validate_password_user_key(&client, "asdfasdfasdf".to_string(), user_key.into())
.unwrap();

assert_eq!(result, "aOvkBXFhSdgrBWR3hZCMRoML9+h5yRblU3lFphCdkeA=");
Expand Down
Loading