Add CompositeEncryptable trait

Author: quexten

crates/bitwarden-core/src/mobile/crypto.rs

@@ -859,7 +859,7 @@ mod tests {
         let invalid_private_key = "bad_key"
             .to_string()
             .into_bytes()
-            .encrypt_with_key(&user_key.0, &bitwarden_crypto::ContentFormat::Utf8)
+            .encrypt_with_key(&user_key.0, bitwarden_crypto::ContentFormat::Utf8)
             .unwrap();
 
         let request = VerifyAsymmetricKeysRequest {

crates/bitwarden-crypto/src/cose.rs

@@ -31,9 +31,6 @@ pub enum ContentFormat {
     Pkcs8,
     CoseKey,
     OctetStream,
-    /// Domain object should never be serialized. It is used to indicate when we call an encrypt
-    /// operation on a complex object that consists of multiple, individually encrypted fields
-    DomainObject,
 }
 
 /// Encrypts a plaintext message using XChaCha20Poly1305 and returns a COSE Encrypt0 message
@@ -52,8 +49,6 @@ pub(crate) fn encrypt_xchacha20_poly1305(
         ContentFormat::OctetStream => {
             protected_header.content_format(CoapContentFormat::OctetStream)
         }
-        // This should panic, and should never be implemented to be reachable!
-        ContentFormat::DomainObject => unreachable!(),
     };
     let mut protected_header = protected_header.build();
     // This should be adjusted to use the builder pattern once implemented in coset.

crates/bitwarden-crypto/src/lib.rs

@@ -34,7 +34,7 @@ mod cose;
 mod traits;
 pub use cose::ContentFormat;
 mod xchacha20;
-pub use traits::{Decryptable, Encryptable, IdentifyKey, KeyId, KeyIds};
+pub use traits::{Decryptable, Encryptable, CompositeEncryptable, IdentifyKey, KeyId, KeyIds};
 pub use zeroizing_alloc::ZeroAlloc as ZeroizingAllocator;
 
 #[cfg(feature = "uniffi")]

crates/bitwarden-crypto/src/store/context.rs

@@ -53,8 +53,8 @@ use crate::{
 ///
 /// const LOCAL_KEY: SymmKeyId = SymmKeyId::Local("local_key_id");
 ///
-/// impl Encryptable<Ids, SymmKeyId, EncString> for Data {
-///     fn encrypt(&self, ctx: &mut KeyStoreContext<Ids>, key: SymmKeyId, content_format: ContentFormat) -> Result<EncString, CryptoError> {
+/// impl CompositeEncryptable<Ids, SymmKeyId, EncString> for Data {
+///     fn encrypt_composite(&self, ctx: &mut KeyStoreContext<Ids>, key: SymmKeyId) -> Result<EncString, CryptoError> {
 ///         let local_key_id = ctx.unwrap_symmetric_key(key, LOCAL_KEY, &self.key)?;
 ///         self.name.encrypt(ctx, local_key_id, content_format)
 ///     }
@@ -382,13 +382,10 @@ impl<Ids: KeyIds> KeyStoreContext<'_, Ids> {
 #[allow(deprecated)]
 mod tests {
     use crate::{
-        cose::ContentFormat,
-        store::{
+        cose::ContentFormat, store::{
             tests::{Data, DataView},
             KeyStore,
-        },
-        traits::tests::{TestIds, TestSymmKey},
-        Decryptable, Encryptable, SymmetricCryptoKey,
+        }, traits::tests::{TestIds, TestSymmKey}, CompositeEncryptable, Decryptable, Encryptable, SymmetricCryptoKey
     };
 
     #[test]
@@ -409,7 +406,7 @@ mod tests {
         // Encrypt some data with the key
         let data = DataView("Hello, World!".to_string(), key_a0_id);
         let _encrypted: Data = data
-            .encrypt(&mut store.context(), key_a0_id, ContentFormat::DomainObject)
+            .encrypt_composite(&mut store.context(), key_a0_id)
             .unwrap();
     }
 
@@ -449,7 +446,7 @@ mod tests {
 
         let data = DataView("Hello, World!".to_string(), key_2_id);
         let encrypted = data
-            .encrypt(&mut ctx, key_2_id, ContentFormat::OctetStream)
+            .encrypt_composite(&mut ctx, key_2_id)
             .unwrap();
 
         let decrypted1 = encrypted.decrypt(&mut ctx, key_2_id).unwrap();

crates/bitwarden-crypto/src/store/mod.rs

@@ -26,7 +26,7 @@ use std::sync::{Arc, RwLock};
 
 use rayon::prelude::*;
 
-use crate::{cose::ContentFormat, Decryptable, Encryptable, IdentifyKey, KeyId, KeyIds};
+use crate::{CompositeEncryptable, Decryptable, IdentifyKey, KeyId, KeyIds};
 
 mod backend;
 mod context;
@@ -74,9 +74,9 @@ pub use context::KeyStoreContext;
 ///        SymmKeyId::User
 ///    }
 /// }
-/// impl Encryptable<Ids, SymmKeyId, EncString> for Data {
-///     fn encrypt(&self, ctx: &mut KeyStoreContext<Ids>, key: SymmKeyId, content_format: ContentFormat) -> Result<EncString, CryptoError> {
-///         self.0.encrypt(ctx, key, content_format)
+/// impl CompositeEncryptable<Ids, SymmKeyId, EncString> for Data {
+///     fn encrypt_composite(&self, ctx: &mut KeyStoreContext<Ids>, key: SymmKeyId) -> Result<EncString, CryptoError> {
+///         self.0.encrypt(ctx, key)
 ///     }
 /// }
 ///
@@ -209,12 +209,12 @@ impl<Ids: KeyIds> KeyStore<Ids> {
     /// already be present in the store, otherwise this will return an error.
     /// This method is not parallelized, and is meant for single item encryption.
     /// If you need to encrypt multiple items, use `encrypt_list` instead.
-    pub fn encrypt<Key: KeyId, Data: Encryptable<Ids, Key, Output> + IdentifyKey<Key>, Output>(
+    pub fn encrypt<Key: KeyId, Data: CompositeEncryptable<Ids, Key, Output> + IdentifyKey<Key>, Output>(
         &self,
         data: Data,
     ) -> Result<Output, crate::CryptoError> {
         let key = data.key_identifier();
-        data.encrypt(&mut self.context(), key, ContentFormat::OctetStream)
+        data.encrypt_composite(&mut self.context(), key)
     }
 
     /// Decrypt a list of items using this key store. The keys returned by
@@ -257,7 +257,7 @@ impl<Ids: KeyIds> KeyStore<Ids> {
     /// single item encryption.
     pub fn encrypt_list<
         Key: KeyId,
-        Data: Encryptable<Ids, Key, Output> + IdentifyKey<Key> + Send + Sync,
+        Data: CompositeEncryptable<Ids, Key, Output> + IdentifyKey<Key> + Send + Sync,
         Output: Send + Sync,
     >(
         &self,
@@ -272,7 +272,7 @@ impl<Ids: KeyIds> KeyStore<Ids> {
 
                 for item in chunk {
                     let key = item.key_identifier();
-                    result.push(item.encrypt(&mut ctx, key, ContentFormat::DomainObject));
+                    result.push(item.encrypt_composite(&mut ctx, key));
                     ctx.clear_local();
                 }
 
@@ -304,9 +304,7 @@ fn batch_chunk_size(len: usize) -> usize {
 #[cfg(test)]
 pub(crate) mod tests {
     use crate::{
-        store::{KeyStore, KeyStoreContext},
-        traits::tests::{TestIds, TestSymmKey},
-        EncString, SymmetricCryptoKey,
+        store::{KeyStore, KeyStoreContext}, traits::tests::{TestIds, TestSymmKey}, EncString, Encryptable, SymmetricCryptoKey
     };
 
     pub struct DataView(pub String, pub TestSymmKey);
@@ -324,14 +322,13 @@ pub(crate) mod tests {
         }
     }
 
-    impl crate::Encryptable<TestIds, TestSymmKey, Data> for DataView {
-        fn encrypt(
+    impl crate::CompositeEncryptable<TestIds, TestSymmKey, Data> for DataView {
+        fn encrypt_composite(
             &self,
             ctx: &mut KeyStoreContext<TestIds>,
             key: TestSymmKey,
-            _content_format: crate::cose::ContentFormat,
         ) -> Result<Data, crate::CryptoError> {
-            Ok(Data(self.0.encrypt(ctx, key, _content_format)?, key))
+            Ok(Data(self.0.encrypt(ctx, key, crate::ContentFormat::Utf8)?, key))
         }
     }
 

crates/bitwarden-crypto/src/traits/encryptable.rs

@@ -1,8 +1,47 @@
 use crate::{store::KeyStoreContext, ContentFormat, CryptoError, EncString, KeyId, KeyIds};
 
-/// An encryption operation that takes the input value and encrypts it into the output value.
+/// An encryption operation that takes the input value and encrypts the fields on it recursively.
 /// Implementations should generally consist of calling [Encryptable::encrypt] for all the fields of
 /// the type.
+pub trait CompositeEncryptable<Ids: KeyIds, Key: KeyId, Output> {
+    /// For a struct made up of many small encstrings, such as a cipher, this takes the struct
+    /// and recursively encrypts all the fields / sub-structs.
+    fn encrypt_composite(
+        &self,
+        ctx: &mut KeyStoreContext<Ids>,
+        key: Key,
+    ) -> Result<Output, CryptoError>;
+}
+
+impl<Ids: KeyIds, Key: KeyId, T: CompositeEncryptable<Ids, Key, Output>, Output>
+    CompositeEncryptable<Ids, Key, Option<Output>> for Option<T>
+{
+    fn encrypt_composite(
+        &self,
+        ctx: &mut KeyStoreContext<Ids>,
+        key: Key,
+    ) -> Result<Option<Output>, CryptoError> {
+        self.as_ref()
+            .map(|value| value.encrypt_composite(ctx, key))
+            .transpose()
+    }
+}
+
+impl <Ids: KeyIds, Key: KeyId, T: CompositeEncryptable<Ids, Key, Output>, Output>
+    CompositeEncryptable<Ids, Key, Vec<Output>> for Vec<T>
+{
+    fn encrypt_composite(
+        &self,
+        ctx: &mut KeyStoreContext<Ids>,
+        key: Key,
+    ) -> Result<Vec<Output>, CryptoError> {
+        self.iter()
+            .map(|value| value.encrypt_composite(ctx, key))
+            .collect()
+    }
+}
+
+/// An encryption operation that takes the input value - a primitive such as `Vec<u8>`, `String` - and encrypts it into the output value.
 pub trait Encryptable<Ids: KeyIds, Key: KeyId, Output> {
     fn encrypt(
         &self,
@@ -89,8 +128,7 @@ impl<Ids: KeyIds, Key: KeyId, T: Encryptable<Ids, Key, Output>, Output>
 #[cfg(test)]
 mod tests {
     use crate::{
-        cose::ContentFormat, traits::tests::*, AsymmetricCryptoKey, Decryptable, Encryptable,
-        KeyStore, SymmetricCryptoKey,
+        cose::ContentFormat, traits::tests::*, AsymmetricCryptoKey, Decryptable, Encryptable, KeyStore, SymmetricCryptoKey
     };
 
     fn test_store() -> KeyStore<TestIds> {

crates/bitwarden-crypto/src/traits/mod.rs

@@ -1,5 +1,5 @@
 mod encryptable;
-pub use encryptable::Encryptable;
+pub use encryptable::{CompositeEncryptable, Encryptable};
 mod decryptable;
 pub use decryptable::Decryptable;
 

crates/bitwarden-exporters/src/export.rs

@@ -1,5 +1,5 @@
 use bitwarden_core::{key_management::KeyIds, Client};
-use bitwarden_crypto::{Encryptable, IdentifyKey, KeyStoreContext};
+use bitwarden_crypto::{CompositeEncryptable, IdentifyKey, KeyStoreContext};
 use bitwarden_vault::{Cipher, CipherView, Collection, Folder, FolderView};
 
 use crate::{
@@ -80,10 +80,9 @@ fn encrypt_import(
         view.set_new_fido2_credentials(ctx, passkeys)?;
     }
 
-    let new_cipher = view.encrypt(
+    let new_cipher = view.encrypt_composite(
         ctx,
         view.key_identifier(),
-        bitwarden_crypto::ContentFormat::DomainObject,
     )?;
 
     Ok(new_cipher)

crates/bitwarden-send/src/send.rs

@@ -8,8 +8,7 @@ use bitwarden_core::{
     require,
 };
 use bitwarden_crypto::{
-    generate_random_bytes, ContentFormat, CryptoError, Decryptable, EncString, Encryptable,
-    IdentifyKey, KeyStoreContext,
+    generate_random_bytes, CompositeEncryptable, ContentFormat, CryptoError, Decryptable, EncString, Encryptable, IdentifyKey, KeyStoreContext
 };
 use chrono::{DateTime, Utc};
 use serde::{Deserialize, Serialize};
@@ -189,12 +188,11 @@ impl Decryptable<KeyIds, SymmetricKeyId, SendTextView> for SendText {
     }
 }
 
-impl Encryptable<KeyIds, SymmetricKeyId, SendText> for SendTextView {
-    fn encrypt(
+impl CompositeEncryptable<KeyIds, SymmetricKeyId, SendText> for SendTextView {
+    fn encrypt_composite(
         &self,
         ctx: &mut KeyStoreContext<KeyIds>,
         key: SymmetricKeyId,
-        _content_format: ContentFormat,
     ) -> Result<SendText, CryptoError> {
         Ok(SendText {
             text: self.text.encrypt(ctx, key, ContentFormat::Utf8)?,
@@ -218,12 +216,11 @@ impl Decryptable<KeyIds, SymmetricKeyId, SendFileView> for SendFile {
     }
 }
 
-impl Encryptable<KeyIds, SymmetricKeyId, SendFile> for SendFileView {
-    fn encrypt(
+impl CompositeEncryptable<KeyIds, SymmetricKeyId, SendFile> for SendFileView {
+    fn encrypt_composite(
         &self,
         ctx: &mut KeyStoreContext<KeyIds>,
         key: SymmetricKeyId,
-        _content_format: ContentFormat,
     ) -> Result<SendFile, CryptoError> {
         Ok(SendFile {
             id: self.id.clone(),
@@ -299,12 +296,11 @@ impl Decryptable<KeyIds, SymmetricKeyId, SendListView> for Send {
     }
 }
 
-impl Encryptable<KeyIds, SymmetricKeyId, Send> for SendView {
-    fn encrypt(
+impl CompositeEncryptable<KeyIds, SymmetricKeyId, Send> for SendView {
+    fn encrypt_composite(
         &self,
         ctx: &mut KeyStoreContext<KeyIds>,
         key: SymmetricKeyId,
-        _content_format: ContentFormat,
     ) -> Result<Send, CryptoError> {
         // For sends, we first decrypt the send key with the user key, and stretch it to it's full
         // size For the rest of the fields, we ignore the provided SymmetricCryptoKey and
@@ -338,8 +334,8 @@ impl Encryptable<KeyIds, SymmetricKeyId, Send> for SendView {
             }),
 
             r#type: self.r#type,
-            file: self.file.encrypt(ctx, send_key, ContentFormat::Utf8)?,
-            text: self.text.encrypt(ctx, send_key, ContentFormat::Utf8)?,
+            file: self.file.encrypt_composite(ctx, send_key)?,
+            text: self.text.encrypt_composite(ctx, send_key)?,
 
             max_access_count: self.max_access_count,
             access_count: self.access_count,

crates/bitwarden-vault/src/cipher/attachment.rs

@@ -1,6 +1,6 @@
 use bitwarden_core::key_management::{KeyIds, SymmetricKeyId};
 use bitwarden_crypto::{
-    ContentFormat, CryptoError, Decryptable, EncString, Encryptable, IdentifyKey, KeyStoreContext,
+    CompositeEncryptable, ContentFormat, CryptoError, Decryptable, EncString, Encryptable, IdentifyKey, KeyStoreContext
 };
 use serde::{Deserialize, Serialize};
 #[cfg(feature = "wasm")]
@@ -73,12 +73,11 @@ impl IdentifyKey<SymmetricKeyId> for AttachmentFile {
     }
 }
 
-impl Encryptable<KeyIds, SymmetricKeyId, AttachmentEncryptResult> for AttachmentFileView<'_> {
-    fn encrypt(
+impl CompositeEncryptable<KeyIds, SymmetricKeyId, AttachmentEncryptResult> for AttachmentFileView<'_> {
+    fn encrypt_composite(
         &self,
         ctx: &mut KeyStoreContext<KeyIds>,
         key: SymmetricKeyId,
-        _content_format: ContentFormat,
     ) -> Result<AttachmentEncryptResult, CryptoError> {
         let ciphers_key = Cipher::decrypt_cipher_key(ctx, key, &self.cipher.key)?;
 
@@ -99,7 +98,7 @@ impl Encryptable<KeyIds, SymmetricKeyId, AttachmentEncryptResult> for Attachment
         attachment.size_name = Some(size_name(contents.len()));
 
         Ok(AttachmentEncryptResult {
-            attachment: attachment.encrypt(ctx, ciphers_key, ContentFormat::DomainObject)?,
+            attachment: attachment.encrypt_composite(ctx, ciphers_key)?,
             contents,
         })
     }
@@ -135,12 +134,11 @@ impl Decryptable<KeyIds, SymmetricKeyId, Vec<u8>> for AttachmentFile {
     }
 }
 
-impl Encryptable<KeyIds, SymmetricKeyId, Attachment> for AttachmentView {
-    fn encrypt(
+impl CompositeEncryptable<KeyIds, SymmetricKeyId, Attachment> for AttachmentView {
+    fn encrypt_composite(
         &self,
         ctx: &mut KeyStoreContext<KeyIds>,
         key: SymmetricKeyId,
-        _content_format: ContentFormat,
     ) -> Result<Attachment, CryptoError> {
         Ok(Attachment {
             id: self.id.clone(),

crates/bitwarden-vault/src/cipher/card.rs

@@ -1,7 +1,7 @@
 use bitwarden_api_api::models::CipherCardModel;
 use bitwarden_core::key_management::{KeyIds, SymmetricKeyId};
 use bitwarden_crypto::{
-    ContentFormat, CryptoError, Decryptable, EncString, Encryptable, KeyStoreContext,
+    CompositeEncryptable, ContentFormat, CryptoError, Decryptable, EncString, Encryptable, KeyStoreContext
 };
 use serde::{Deserialize, Serialize};
 #[cfg(feature = "wasm")]
@@ -52,12 +52,11 @@ pub enum CardBrand {
     Other,
 }
 
-impl Encryptable<KeyIds, SymmetricKeyId, Card> for CardView {
-    fn encrypt(
+impl CompositeEncryptable<KeyIds, SymmetricKeyId, Card> for CardView {
+    fn encrypt_composite(
         &self,
         ctx: &mut KeyStoreContext<KeyIds>,
         key: SymmetricKeyId,
-        _content_format: ContentFormat,
     ) -> Result<Card, CryptoError> {
         Ok(Card {
             cardholder_name: self