Typed encryptable

Author: quexten

bitwarden_license/bitwarden-sm/src/projects/create.rs

@@ -1,6 +1,6 @@
 use bitwarden_api_api::models::ProjectCreateRequestModel;
 use bitwarden_core::{key_management::SymmetricKeyId, Client};
-use bitwarden_crypto::{ContentFormat, Encryptable};
+use bitwarden_crypto::TypedEncryptable;
 use schemars::JsonSchema;
 use serde::{Deserialize, Serialize};
 use uuid::Uuid;
@@ -34,7 +34,7 @@ pub(crate) async fn create_project(
             .name
             .clone()
             .trim()
-            .encrypt(&mut key_store.context(), key, ContentFormat::Utf8)?
+            .encrypt(&mut key_store.context(), key)?
             .to_string(),
     });
 

bitwarden_license/bitwarden-sm/src/projects/update.rs

@@ -1,6 +1,6 @@
 use bitwarden_api_api::models::ProjectUpdateRequestModel;
 use bitwarden_core::{key_management::SymmetricKeyId, Client};
-use bitwarden_crypto::{ContentFormat, Encryptable};
+use bitwarden_crypto::{Encryptable, TypedEncryptable};
 use schemars::JsonSchema;
 use serde::{Deserialize, Serialize};
 use uuid::Uuid;
@@ -36,7 +36,7 @@ pub(crate) async fn update_project(
             .name
             .clone()
             .trim()
-            .encrypt(&mut key_store.context(), key, ContentFormat::Utf8)?
+            .encrypt(&mut key_store.context(), key)?
             .to_string(),
     });
 

bitwarden_license/bitwarden-sm/src/secrets/create.rs

@@ -1,6 +1,6 @@
 use bitwarden_api_api::models::SecretCreateRequestModel;
 use bitwarden_core::{key_management::SymmetricKeyId, Client};
-use bitwarden_crypto::{ContentFormat, Encryptable};
+use bitwarden_crypto::{Encryptable, TypedEncryptable};
 use schemars::JsonSchema;
 use serde::{Deserialize, Serialize};
 use uuid::Uuid;
@@ -44,18 +44,18 @@ pub(crate) async fn create_secret(
                 .key
                 .clone()
                 .trim()
-                .encrypt(&mut ctx, key, ContentFormat::Utf8)?
+                .encrypt(&mut ctx, key)?
                 .to_string(),
             value: input
                 .value
                 .clone()
-                .encrypt(&mut ctx, key, ContentFormat::Utf8)?
+                .encrypt(&mut ctx, key)?
                 .to_string(),
             note: input
                 .note
                 .clone()
                 .trim()
-                .encrypt(&mut ctx, key, ContentFormat::Utf8)?
+                .encrypt(&mut ctx, key)?
                 .to_string(),
             project_ids: input.project_ids.clone(),
             access_policies_requests: None,

bitwarden_license/bitwarden-sm/src/secrets/update.rs

@@ -1,6 +1,6 @@
 use bitwarden_api_api::models::SecretUpdateRequestModel;
 use bitwarden_core::{key_management::SymmetricKeyId, Client};
-use bitwarden_crypto::{ContentFormat, Encryptable};
+use bitwarden_crypto::{Encryptable, TypedEncryptable};
 use schemars::JsonSchema;
 use serde::{Deserialize, Serialize};
 use uuid::Uuid;
@@ -43,18 +43,18 @@ pub(crate) async fn update_secret(
                 .key
                 .clone()
                 .trim()
-                .encrypt(&mut ctx, key, ContentFormat::Utf8)?
+                .encrypt(&mut ctx, key)?
                 .to_string(),
             value: input
                 .value
                 .clone()
-                .encrypt(&mut ctx, key, ContentFormat::Utf8)?
+                .encrypt(&mut ctx, key)?
                 .to_string(),
             note: input
                 .note
                 .clone()
                 .trim()
-                .encrypt(&mut ctx, key, ContentFormat::Utf8)?
+                .encrypt(&mut ctx, key)?
                 .to_string(),
             project_ids: input.project_ids.clone(),
             access_policies_requests: None,

crates/bitwarden-crypto/src/lib.rs

@@ -34,7 +34,7 @@ mod cose;
 mod traits;
 pub use cose::ContentFormat;
 mod xchacha20;
-pub use traits::{Decryptable, Encryptable, CompositeEncryptable, IdentifyKey, KeyId, KeyIds};
+pub use traits::{Decryptable, Encryptable, CompositeEncryptable, TypedEncryptable, IdentifyKey, KeyId, KeyIds};
 pub use zeroizing_alloc::ZeroAlloc as ZeroizingAllocator;
 
 #[cfg(feature = "uniffi")]

crates/bitwarden-crypto/src/store/context.rs

@@ -382,10 +382,10 @@ impl<Ids: KeyIds> KeyStoreContext<'_, Ids> {
 #[allow(deprecated)]
 mod tests {
     use crate::{
-        cose::ContentFormat, store::{
+        store::{
             tests::{Data, DataView},
             KeyStore,
-        }, traits::tests::{TestIds, TestSymmKey}, CompositeEncryptable, Decryptable, Encryptable, SymmetricCryptoKey
+        }, traits::tests::{TestIds, TestSymmKey}, CompositeEncryptable, Decryptable, SymmetricCryptoKey
     };
 
     #[test]

crates/bitwarden-crypto/src/store/mod.rs

@@ -304,7 +304,7 @@ fn batch_chunk_size(len: usize) -> usize {
 #[cfg(test)]
 pub(crate) mod tests {
     use crate::{
-        store::{KeyStore, KeyStoreContext}, traits::tests::{TestIds, TestSymmKey}, EncString, Encryptable, SymmetricCryptoKey
+        store::{KeyStore, KeyStoreContext}, traits::tests::{TestIds, TestSymmKey}, EncString, Encryptable, SymmetricCryptoKey, TypedEncryptable
     };
 
     pub struct DataView(pub String, pub TestSymmKey);
@@ -328,7 +328,7 @@ pub(crate) mod tests {
             ctx: &mut KeyStoreContext<TestIds>,
             key: TestSymmKey,
         ) -> Result<Data, crate::CryptoError> {
-            Ok(Data(self.0.encrypt(ctx, key, crate::ContentFormat::Utf8)?, key))
+            Ok(Data(self.0.encrypt(ctx, key)?, key))
         }
     }
 

crates/bitwarden-crypto/src/traits/encryptable.rs

@@ -41,57 +41,81 @@ impl <Ids: KeyIds, Key: KeyId, T: CompositeEncryptable<Ids, Key, Output>, Output
     }
 }
 
-/// An encryption operation that takes the input value - a primitive such as `Vec<u8>`, `String` - and encrypts it into the output value.
-pub trait Encryptable<Ids: KeyIds, Key: KeyId, Output> {
+/// An encryption operation that takes the input value - a primitive such as `String` and encrypts it into the output value.
+/// The implementation decides the content format.
+pub trait TypedEncryptable<Ids: KeyIds, Key: KeyId, Output> {
     fn encrypt(
         &self,
         ctx: &mut KeyStoreContext<Ids>,
         key: Key,
-        content_format: ContentFormat,
     ) -> Result<Output, CryptoError>;
 }
 
-impl<Ids: KeyIds> Encryptable<Ids, Ids::Symmetric, EncString> for &[u8] {
+impl<Ids: KeyIds, Key: KeyId, T: TypedEncryptable<Ids, Key, Output>, Output>
+    TypedEncryptable<Ids, Key, Option<Output>> for Option<T>
+{
+    fn encrypt(
+        &self,
+        ctx: &mut KeyStoreContext<Ids>,
+        key: Key,
+    ) -> Result<Option<Output>, CryptoError> {
+        self.as_ref()
+            .map(|value| value.encrypt(ctx, key))
+            .transpose()
+    }
+}
+
+impl<Ids: KeyIds> TypedEncryptable<Ids, Ids::Symmetric, EncString> for &str
+{
     fn encrypt(
         &self,
         ctx: &mut KeyStoreContext<Ids>,
         key: Ids::Symmetric,
-        content_format: ContentFormat,
     ) -> Result<EncString, CryptoError> {
-        ctx.encrypt_data_with_symmetric_key(key, self, content_format)
+        self.as_bytes().encrypt(ctx, key, ContentFormat::Utf8)
     }
 }
 
-impl<Ids: KeyIds> Encryptable<Ids, Ids::Symmetric, EncString> for Vec<u8> {
+impl<Ids: KeyIds> TypedEncryptable<Ids, Ids::Symmetric, EncString> for String
+{
     fn encrypt(
         &self,
         ctx: &mut KeyStoreContext<Ids>,
         key: Ids::Symmetric,
-        content_format: ContentFormat,
     ) -> Result<EncString, CryptoError> {
-        ctx.encrypt_data_with_symmetric_key(key, self, content_format)
+        self.as_bytes().encrypt(ctx, key, ContentFormat::Utf8)
     }
 }
 
-impl<Ids: KeyIds> Encryptable<Ids, Ids::Symmetric, EncString> for &str {
+/// An encryption operation that takes the input value - a primitive such as `Vec<u8>` - and encrypts it into the output value.
+pub trait Encryptable<Ids: KeyIds, Key: KeyId, Output> {
+    fn encrypt(
+        &self,
+        ctx: &mut KeyStoreContext<Ids>,
+        key: Key,
+        content_format: ContentFormat,
+    ) -> Result<Output, CryptoError>;
+}
+
+impl<Ids: KeyIds> Encryptable<Ids, Ids::Symmetric, EncString> for &[u8] {
     fn encrypt(
         &self,
         ctx: &mut KeyStoreContext<Ids>,
         key: Ids::Symmetric,
         content_format: ContentFormat,
     ) -> Result<EncString, CryptoError> {
-        self.as_bytes().encrypt(ctx, key, content_format)
+        ctx.encrypt_data_with_symmetric_key(key, self, content_format)
     }
 }
 
-impl<Ids: KeyIds> Encryptable<Ids, Ids::Symmetric, EncString> for String {
+impl<Ids: KeyIds> Encryptable<Ids, Ids::Symmetric, EncString> for Vec<u8> {
     fn encrypt(
         &self,
         ctx: &mut KeyStoreContext<Ids>,
         key: Ids::Symmetric,
-        content_format: crate::cose::ContentFormat,
+        content_format: ContentFormat,
     ) -> Result<EncString, CryptoError> {
-        self.as_bytes().encrypt(ctx, key, content_format)
+        ctx.encrypt_data_with_symmetric_key(key, self, content_format)
     }
 }
 
@@ -128,7 +152,7 @@ impl<Ids: KeyIds, Key: KeyId, T: Encryptable<Ids, Key, Output>, Output>
 #[cfg(test)]
 mod tests {
     use crate::{
-        cose::ContentFormat, traits::tests::*, AsymmetricCryptoKey, Decryptable, Encryptable, KeyStore, SymmetricCryptoKey
+        cose::ContentFormat, traits::tests::*, AsymmetricCryptoKey, Decryptable, Encryptable, KeyStore, SymmetricCryptoKey, TypedEncryptable
     };
 
     fn test_store() -> KeyStore<TestIds> {
@@ -184,10 +208,10 @@ mod tests {
         let str_data: &str = string_data.as_str();
 
         let string_encrypted = string_data
-            .encrypt(&mut ctx, key, ContentFormat::OctetStream)
+            .encrypt(&mut ctx, key)
             .unwrap();
         let str_encrypted = str_data
-            .encrypt(&mut ctx, key, ContentFormat::OctetStream)
+            .encrypt(&mut ctx, key)
             .unwrap();
 
         let string_decrypted: String = string_encrypted.decrypt(&mut ctx, key).unwrap();
@@ -206,7 +230,7 @@ mod tests {
         let string_data = Some("Hello, World!".to_string());
 
         let string_encrypted = string_data
-            .encrypt(&mut ctx, key, ContentFormat::OctetStream)
+            .encrypt(&mut ctx, key)
             .unwrap();
 
         let string_decrypted: Option<String> = string_encrypted.decrypt(&mut ctx, key).unwrap();
@@ -222,15 +246,15 @@ mod tests {
         let key = TestSymmKey::A(0);
         let none_data: Option<String> = None;
         let string_encrypted = none_data
-            .encrypt(&mut ctx, key, ContentFormat::OctetStream)
+            .encrypt(&mut ctx, key)
             .unwrap();
         assert_eq!(string_encrypted, None);
 
         // The None implementation will not do any decrypt operations, so it won't fail even if the
         // key doesn't exist
         let bad_key = TestSymmKey::B((0, 1));
         let string_encrypted_bad = none_data
-            .encrypt(&mut ctx, bad_key, ContentFormat::OctetStream)
+            .encrypt(&mut ctx, bad_key)
             .unwrap();
         assert_eq!(string_encrypted_bad, None);
     }

crates/bitwarden-crypto/src/traits/mod.rs

@@ -1,5 +1,5 @@
 mod encryptable;
-pub use encryptable::{CompositeEncryptable, Encryptable};
+pub use encryptable::{CompositeEncryptable, Encryptable, TypedEncryptable};
 mod decryptable;
 pub use decryptable::Decryptable;
 

crates/bitwarden-send/src/send.rs

@@ -8,7 +8,7 @@ use bitwarden_core::{
     require,
 };
 use bitwarden_crypto::{
-    generate_random_bytes, CompositeEncryptable, ContentFormat, CryptoError, Decryptable, EncString, Encryptable, IdentifyKey, KeyStoreContext
+    generate_random_bytes, CompositeEncryptable, ContentFormat, CryptoError, Decryptable, EncString, Encryptable, IdentifyKey, KeyStoreContext, TypedEncryptable
 };
 use chrono::{DateTime, Utc};
 use serde::{Deserialize, Serialize};
@@ -195,7 +195,7 @@ impl CompositeEncryptable<KeyIds, SymmetricKeyId, SendText> for SendTextView {
         key: SymmetricKeyId,
     ) -> Result<SendText, CryptoError> {
         Ok(SendText {
-            text: self.text.encrypt(ctx, key, ContentFormat::Utf8)?,
+            text: self.text.encrypt(ctx, key)?,
             hidden: self.hidden,
         })
     }
@@ -224,7 +224,7 @@ impl CompositeEncryptable<KeyIds, SymmetricKeyId, SendFile> for SendFileView {
     ) -> Result<SendFile, CryptoError> {
         Ok(SendFile {
             id: self.id.clone(),
-            file_name: self.file_name.encrypt(ctx, key, ContentFormat::Utf8)?,
+            file_name: self.file_name.encrypt(ctx, key)?,
             size: self.size.clone(),
             size_name: self.size_name.clone(),
         })
@@ -324,8 +324,8 @@ impl CompositeEncryptable<KeyIds, SymmetricKeyId, Send> for SendView {
             id: self.id,
             access_id: self.access_id.clone(),
 
-            name: self.name.encrypt(ctx, send_key, ContentFormat::Utf8)?,
-            notes: self.notes.encrypt(ctx, send_key, ContentFormat::Utf8)?,
+            name: self.name.encrypt(ctx, send_key)?,
+            notes: self.notes.encrypt(ctx, send_key)?,
             // In the future, this should support cose key content type
             key: k.encrypt(ctx, key, ContentFormat::OctetStream)?,
             password: self.new_password.as_ref().map(|password| {