Skip to content

[PM-20361] Signature keys #207

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking โ€œSign up for GitHubโ€, you agree to our terms of service and privacy statement. Weโ€™ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 140 commits into
base: main
Choose a base branch
from
+2,459 โˆ’191
Open

[PM-20361] Signature keys #207

Changes from all commits
Commits
Show all changes
140 commits
Select commit Hold shift + click to select a range
c9b80df
Implement signing keys and signing
quexten May 6, 2025
2ad9f59
Remove unused code
quexten May 6, 2025
b0c3dae
Add test vector
quexten May 6, 2025
2e8bd92
Cargo fmt
quexten May 6, 2025
f7f1e2e
Make ed25519 dependency version a range
quexten May 7, 2025
6deb284
Add signed object
quexten May 12, 2025
f42f719
Merge branch 'main' into km/cose-signatures
quexten May 13, 2025
61496cc
Merge branch 'main' into km/cose-signatures
quexten May 19, 2025
8354476
Replace magic value
quexten May 19, 2025
04d5329
Clean up crate::error reference
quexten May 19, 2025
efd23cc
Add comments to signing and verifying key
quexten May 19, 2025
d6737cf
Move and clarify comment, drop optional verifying key from signing key
quexten May 19, 2025
d2b829b
Change comment into docs
quexten May 19, 2025
9484a64
Move signature errors to separate enum
quexten May 20, 2025
7e39e9c
Update test vectors
quexten May 20, 2025
a37f3e1
Format
quexten May 20, 2025
e1642b6
[PM-20361] Expose signing key generation to mobile and wasm clients &โ€ฆ
quexten May 21, 2025
6c725d2
Remove incorrect login response change
quexten May 21, 2025
fc895d8
Fix comment
quexten May 21, 2025
0e33fee
Cleanup
quexten May 21, 2025
6308cc5
Add comments
quexten May 21, 2025
971eb17
Cleanup
quexten May 21, 2025
12387f8
Remove unrelated change
quexten May 21, 2025
f3eb525
Cleanup
quexten May 21, 2025
d6bbae0
Fix init
quexten May 21, 2025
2ab6620
Cleanup
quexten May 21, 2025
17e0a07
Fix sorting of dependencies
quexten May 21, 2025
8c9f00f
Attempt to fix build
quexten May 21, 2025
06b26ba
Add more default nil values for signing key to fix ios build
quexten May 21, 2025
a2e95e7
Fix docs
quexten May 21, 2025
e6ab5ef
Fix build
quexten May 21, 2025
4842309
Fix doc
quexten May 21, 2025
0e3bcb6
Merge branch 'main' into km/cose-signatures
quexten May 21, 2025
d6e6e99
Add tests to purecrypto
quexten May 21, 2025
0578743
Remove code to make test vectors
quexten May 21, 2025
4182ad4
Merge branch 'km/cose-signatures' of github.com:bitwarden/sdk-internaโ€ฆ
quexten May 21, 2025
38ec3eb
Cleanup
quexten May 21, 2025
4467b0d
Fix docs
quexten May 21, 2025
e373638
Merge branch 'main' into km/cose-signatures
quexten May 21, 2025
d17399d
Split up and simplify
quexten May 28, 2025
26bf715
Undo renames
quexten May 28, 2025
5846dbc
Undo changes
quexten May 28, 2025
d466ec7
Add examples
quexten May 28, 2025
b27ddf4
Cargo fmt
quexten May 28, 2025
5733baa
Fix build
quexten May 28, 2025
beb1251
Add comment
quexten May 28, 2025
af72a87
Address formatting issue
quexten May 28, 2025
bf9bea2
Merge branch 'main' into km/cose-signatures
quexten May 28, 2025
f18512c
Fix build
quexten May 28, 2025
17f8d09
Add signed public key test
quexten May 28, 2025
a8c6fa5
Cleanup
quexten May 28, 2025
55ddd0b
Add comment
quexten May 28, 2025
053d894
Cargo fmt
quexten May 28, 2025
c520046
Cleanup
quexten May 28, 2025
740584a
Cleanup
quexten May 29, 2025
621374d
Move in deprecated annotation
quexten May 29, 2025
d9c224b
Remove allow
quexten May 29, 2025
7717633
Cleanup
quexten May 29, 2025
6d8db7c
Clean up comment
quexten May 29, 2025
1236426
Cargo fmt
quexten May 29, 2025
ec2b153
Remove zeroize and pin signing key
quexten May 29, 2025
b738834
Fix build and impl zeroizeOnDrop for signingkey
quexten May 29, 2025
863ba33
Remove unused error
quexten May 29, 2025
8e61453
Add comment with link to follow-up task
quexten May 29, 2025
0bd07ce
Remove unnecessary pub(self)
quexten May 29, 2025
6475c07
Merge branch 'main' into km/cose-signatures
quexten May 29, 2025
6775415
Remove empty line
quexten Jun 2, 2025
82c7090
Remove another newline
quexten Jun 2, 2025
e705d28
Replace OsRng with threadrng
quexten Jun 2, 2025
632f74e
Add match to signed public key
quexten Jun 2, 2025
3b567bc
Replace OsRng with threadrng
quexten Jun 2, 2025
7a0b358
Add finegrained encoding errors
quexten Jun 2, 2025
36df567
Apply clippy fixes
quexten Jun 2, 2025
d378933
Clean up error
quexten Jun 2, 2025
0c042be
Update crates/bitwarden-crypto/src/signing/verifying_key.rs
quexten Jun 3, 2025
37436d4
Update crates/bitwarden-crypto/src/signing/verifying_key.rs
quexten Jun 3, 2025
594f0f1
Update crates/bitwarden-crypto/src/keys/signed_public_key.rs
quexten Jun 3, 2025
67b9757
Add docs
quexten Jun 3, 2025
2344cc3
Merge branch 'km/cose-signatures' of github.com:bitwarden/sdk-internaโ€ฆ
quexten Jun 3, 2025
bf91eff
Move test message into test module
quexten Jun 3, 2025
a1a2975
Fix build
quexten Jun 3, 2025
cd84ab7
Cargo fmt
quexten Jun 3, 2025
4b26c43
Add documentation
quexten Jun 3, 2025
3f9e087
Update crates/bitwarden-crypto/src/signing/signed_object.rs
quexten Jun 3, 2025
9c008fd
Update crates/bitwarden-core/src/mobile/crypto.rs
quexten Jun 3, 2025
eb5e183
Update crates/bitwarden-crypto/src/signing/signature.rs
quexten Jun 3, 2025
fa8f8e6
Update crates/bitwarden-crypto/src/signing/signed_object.rs
quexten Jun 3, 2025
dd6ad41
Update crates/bitwarden-crypto/src/signing/namespace.rs
quexten Jun 3, 2025
2d7346b
Change signing key to encstring
quexten Jun 3, 2025
a0b58fb
Merge branch 'km/cose-signatures' of github.com:bitwarden/sdk-internaโ€ฆ
quexten Jun 3, 2025
6d9e067
Add docs
quexten Jun 3, 2025
29da0d8
Add docs
quexten Jun 3, 2025
7439bb1
Add docs
quexten Jun 3, 2025
f2c0991
Add docs
quexten Jun 3, 2025
8f6168b
Add docs
quexten Jun 3, 2025
0570982
Format
quexten Jun 3, 2025
351ccf4
Update crates/bitwarden-crypto/src/signing/signature.rs
quexten Jun 3, 2025
aaacfbc
Add docs
quexten Jun 3, 2025
21949fb
Merge branch 'km/cose-signatures' of github.com:bitwarden/sdk-internaโ€ฆ
quexten Jun 3, 2025
4f1c505
Add docs
quexten Jun 3, 2025
b1a1176
Add signed org memberships / emergency access
quexten Jun 3, 2025
88145cf
Add docs
quexten Jun 3, 2025
4635bc6
Apply suggestion to clean up from_cose
quexten Jun 3, 2025
ff59f80
Apply suggestion to rewrite from_cose in verifying_key
quexten Jun 3, 2025
16914c3
Merge branch 'main' into km/cose-signatures
quexten Jun 3, 2025
b726fb4
Fix build
quexten Jun 3, 2025
36cb017
Fix build
quexten Jun 3, 2025
f640374
Fix doc formatting
quexten Jun 3, 2025
d73818c
Fix typo
quexten Jun 3, 2025
626557f
Fix testvector
quexten Jun 3, 2025
e11ff9a
Fix clippy error
quexten Jun 3, 2025
ac72887
Update crates/bitwarden-crypto/src/signing/cose.rs
quexten Jun 3, 2025
91723f7
Cleanup and expose SignedPublicKey object publically
quexten Jun 3, 2025
b547183
Merge branch 'km/cose-signatures' of github.com:bitwarden/sdk-internaโ€ฆ
quexten Jun 3, 2025
893624f
Fix build
quexten Jun 3, 2025
ca2ab02
Fix build
quexten Jun 3, 2025
072bbf6
Expose signed public key publically
quexten Jun 3, 2025
68debad
Clippy cleanup
quexten Jun 3, 2025
830de67
Improve message.rs comment
quexten Jun 4, 2025
762057b
Merge branch 'main' into km/cose-signatures
quexten Jun 6, 2025
03a67ff
Rename to make_user_signing_keys_for_enrollment
quexten Jun 6, 2025
228c1c4
Merge branch 'km/cose-signatures' of github.com:bitwarden/sdk-internaโ€ฆ
quexten Jun 6, 2025
4f414fd
Impl try from i128
quexten Jun 6, 2025
6706109
Cleanup
quexten Jun 6, 2025
1bc09fb
Cargo fmt
quexten Jun 6, 2025
cedf2e4
Cleanup
quexten Jun 6, 2025
bbd247a
Update crates/bitwarden-crypto/src/signing/signed_object.rs
quexten Jun 10, 2025
88dadac
Update crates/bitwarden-crypto/src/signing/signed_object.rs
quexten Jun 10, 2025
a73516c
Update crates/bitwarden-crypto/src/signing/signature.rs
quexten Jun 10, 2025
04b1380
Delete unused method
quexten Jun 10, 2025
29cf679
Remove allow unused
quexten Jun 10, 2025
30252c3
Apply nit
quexten Jun 10, 2025
bb2bdae
Drop renames on signed public key format
quexten Jun 10, 2025
5e5ef60
Remove example namespaces
quexten Jun 10, 2025
277d76a
Re-add example namespaces for test modules
quexten Jun 10, 2025
4322f3d
Fix build
quexten Jun 10, 2025
439b254
Fix tests
quexten Jun 10, 2025
84342f6
Cargo fmt
quexten Jun 10, 2025
09a30b1
Merge branch 'main' into km/cose-signatures
quexten Jun 10, 2025
444eb77
Merge branch 'main' into km/cose-signatures
quexten Jun 12, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 17 additions & 0 deletions Cargo.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

15 changes: 7 additions & 8 deletions crates/bitwarden-core/src/auth/auth_request.rs
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
use base64::{engine::general_purpose::STANDARD, Engine};
use bitwarden_crypto::{
fingerprint, generate_random_alphanumeric, AsymmetricCryptoKey, AsymmetricPublicCryptoKey,
CryptoError, UnsignedSharedKey,
CryptoError, PublicKeyEncryptionAlgorithm, UnsignedSharedKey,
};
#[cfg(feature = "internal")]
use bitwarden_crypto::{EncString, SymmetricCryptoKey};
@@ -31,11 +31,9 @@ pub struct AuthRequestResponse {
/// to another device. Where the user confirms the validity by confirming the fingerprint. The user
/// key is then encrypted using the public key and returned to the initiating device.
pub(crate) fn new_auth_request(email: &str) -> Result<AuthRequestResponse, CryptoError> {
let mut rng = rand::thread_rng();
let key = AsymmetricCryptoKey::make(PublicKeyEncryptionAlgorithm::RsaOaepSha1);

let key = AsymmetricCryptoKey::generate(&mut rng);

let spki = key.to_public_der()?;
let spki = key.to_public_key().to_der()?;

let fingerprint = fingerprint(email, &spki)?;
let b64 = STANDARD.encode(&spki);
@@ -124,7 +122,7 @@ fn test_auth_request() {

let encrypted = UnsignedSharedKey::encapsulate_key_unsigned(
&SymmetricCryptoKey::try_from(secret.clone()).unwrap(),
&private_key,
&private_key.to_public_key(),
)
.unwrap();

@@ -162,7 +160,7 @@ mod tests {
let private_key ="2.yN7l00BOlUE0Sb0M//Q53w==|EwKG/BduQRQ33Izqc/ogoBROIoI5dmgrxSo82sgzgAMIBt3A2FZ9vPRMY+GWT85JiqytDitGR3TqwnFUBhKUpRRAq4x7rA6A1arHrFp5Tp1p21O3SfjtvB3quiOKbqWk6ZaU1Np9HwqwAecddFcB0YyBEiRX3VwF2pgpAdiPbSMuvo2qIgyob0CUoC/h4Bz1be7Qa7B0Xw9/fMKkB1LpOm925lzqosyMQM62YpMGkjMsbZz0uPopu32fxzDWSPr+kekNNyLt9InGhTpxLmq1go/pXR2uw5dfpXc5yuta7DB0EGBwnQ8Vl5HPdDooqOTD9I1jE0mRyuBpWTTI3FRnu3JUh3rIyGBJhUmHqGZvw2CKdqHCIrQeQkkEYqOeJRJVdBjhv5KGJifqT3BFRwX/YFJIChAQpebNQKXe/0kPivWokHWwXlDB7S7mBZzhaAPidZvnuIhalE2qmTypDwHy22FyqV58T8MGGMchcASDi/QXI6kcdpJzPXSeU9o+NC68QDlOIrMVxKFeE7w7PvVmAaxEo0YwmuAzzKy9QpdlK0aab/xEi8V4iXj4hGepqAvHkXIQd+r3FNeiLfllkb61p6WTjr5urcmDQMR94/wYoilpG5OlybHdbhsYHvIzYoLrC7fzl630gcO6t4nM24vdB6Ymg9BVpEgKRAxSbE62Tqacxqnz9AcmgItb48NiR/He3n3ydGjPYuKk/ihZMgEwAEZvSlNxYONSbYrIGDtOY+8Nbt6KiH3l06wjZW8tcmFeVlWv+tWotnTY9IqlAfvNVTjtsobqtQnvsiDjdEVtNy/s2ci5TH+NdZluca2OVEr91Wayxh70kpM6ib4UGbfdmGgCo74gtKvKSJU0rTHakQ5L9JlaSDD5FamBRyI0qfL43Ad9qOUZ8DaffDCyuaVyuqk7cz9HwmEmvWU3VQ+5t06n/5kRDXttcw8w+3qClEEdGo1KeENcnXCB32dQe3tDTFpuAIMLqwXs6FhpawfZ5kPYvLPczGWaqftIs/RXJ/EltGc0ugw2dmTLpoQhCqrcKEBDoYVk0LDZKsnzitOGdi9mOWse7Se8798ib1UsHFUjGzISEt6upestxOeupSTOh0v4+AjXbDzRUyogHww3V+Bqg71bkcMxtB+WM+pn1XNbVTyl9NR040nhP7KEf6e9ruXAtmrBC2ah5cFEpLIot77VFZ9ilLuitSz+7T8n1yAh1IEG6xxXxninAZIzi2qGbH69O5RSpOJuJTv17zTLJQIIc781JwQ2TTwTGnx5wZLbffhCasowJKd2EVcyMJyhz6ru0PvXWJ4hUdkARJs3Xu8dus9a86N8Xk6aAPzBDqzYb1vyFIfBxP0oO8xFHgd30Cgmz8UrSE3qeWRrF8ftrI6xQnFjHBGWD/JWSvd6YMcQED0aVuQkuNW9ST/DzQThPzRfPUoiL10yAmV7Ytu4fR3x2sF0Yfi87YhHFuCMpV/DsqxmUizyiJuD938eRcH8hzR/VO53Qo3UIsqOLcyXtTv6THjSlTopQ+JOLOnHm1w8dzYbLN44OG44rRsbihMUQp+wUZ6bsI8rrOnm9WErzkbQFbrfAINdoCiNa6cimYIjvvnMTaFWNymqY1vZxGztQiMiHiHYwTfwHTXrb9j0uPM=|09J28iXv9oWzYtzK2LBT6Yht4IT4MijEkk0fwFdrVQ4=".parse().unwrap();
client
.internal
.initialize_user_crypto_master_key(master_key, user_key, private_key)
.initialize_user_crypto_master_key(master_key, user_key, private_key, None)
.unwrap();

let public_key = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvyLRDUwXB4BfQ507D4meFPmwn5zwy3IqTPJO4plrrhnclWahXa240BzyFW9gHgYu+Jrgms5xBfRTBMcEsqqNm7+JpB6C1B6yvnik0DpJgWQw1rwvy4SUYidpR/AWbQi47n/hvnmzI/sQxGddVfvWu1iTKOlf5blbKYAXnUE5DZBGnrWfacNXwRRdtP06tFB0LwDgw+91CeLSJ9py6dm1qX5JIxoO8StJOQl65goLCdrTWlox+0Jh4xFUfCkb+s3px+OhSCzJbvG/hlrSRcUz5GnwlCEyF3v5lfUtV96MJD+78d8pmH6CfFAp2wxKRAbGdk+JccJYO6y6oIXd3Fm7twIDAQAB";
@@ -229,7 +227,7 @@ mod tests {

existing_device
.internal
.initialize_user_crypto_master_key(master_key, user_key, private_key.clone())
.initialize_user_crypto_master_key(master_key, user_key, private_key.clone(), None)
.unwrap();

// Initialize a new device which will request to be logged in
@@ -247,6 +245,7 @@ mod tests {
kdf_params: kdf,
email: email.to_owned(),
private_key,
signing_key: None,
method: InitUserCryptoMethod::AuthRequest {
request_private_key: auth_req.private_key,
method: AuthRequestMethod::UserKey {
9 changes: 6 additions & 3 deletions crates/bitwarden-core/src/auth/login/api_key.rs
View file
Original file line number Diff line number Diff line change
@@ -51,9 +51,12 @@
let user_key: EncString = require!(r.key.as_deref()).parse()?;
let private_key: EncString = require!(r.private_key.as_deref()).parse()?;

client
.internal
.initialize_user_crypto_master_key(master_key, user_key, private_key)?;
client.internal.initialize_user_crypto_master_key(
master_key,
user_key,
private_key,
None,
)?;

Check warning on line 59 in crates/bitwarden-core/src/auth/login/api_key.rs

Codecov / codecov/patch

crates/bitwarden-core/src/auth/login/api_key.rs#L54-L59 

Added lines #L54 - L59 were not covered by tests
}

Ok(ApiKeyLoginResponse::process_response(response))
1 change: 1 addition & 0 deletions crates/bitwarden-core/src/auth/login/auth_request.rs
View file
Original file line number Diff line number Diff line change
@@ -120,6 +120,7 @@
kdf_params: kdf,
email: auth_req.email,
private_key: require!(r.private_key).parse()?,
signing_key: None,

Check warning on line 123 in crates/bitwarden-core/src/auth/login/auth_request.rs

Codecov / codecov/patch

crates/bitwarden-core/src/auth/login/auth_request.rs#L123 

Added line #L123 was not covered by tests
method: InitUserCryptoMethod::AuthRequest {
request_private_key: auth_req.private_key,
method,
9 changes: 6 additions & 3 deletions crates/bitwarden-core/src/auth/login/password.rs
View file
Original file line number Diff line number Diff line change
@@ -50,9 +50,12 @@
let user_key: EncString = require!(r.key.as_deref()).parse()?;
let private_key: EncString = require!(r.private_key.as_deref()).parse()?;

client
.internal
.initialize_user_crypto_master_key(master_key, user_key, private_key)?;
client.internal.initialize_user_crypto_master_key(
master_key,
user_key,
private_key,
None,
)?;

Check warning on line 58 in crates/bitwarden-core/src/auth/login/password.rs

Codecov / codecov/patch

crates/bitwarden-core/src/auth/login/password.rs#L53-L58 

Added lines #L53 - L58 were not covered by tests
}

Ok(PasswordLoginResponse::process_response(response))
14 changes: 12 additions & 2 deletions crates/bitwarden-core/src/auth/password/validate.rs
View file
Original file line number Diff line number Diff line change
@@ -140,7 +140,12 @@ mod tests {

client
.internal
.initialize_user_crypto_master_key(master_key, user_key.parse().unwrap(), private_key)
.initialize_user_crypto_master_key(
master_key,
user_key.parse().unwrap(),
private_key,
None,
)
.unwrap();

let result =
@@ -183,7 +188,12 @@ mod tests {

client
.internal
.initialize_user_crypto_master_key(master_key, user_key.parse().unwrap(), private_key)
.initialize_user_crypto_master_key(
master_key,
user_key.parse().unwrap(),
private_key,
None,
)
.unwrap();

let result =
7 changes: 6 additions & 1 deletion crates/bitwarden-core/src/auth/pin.rs
View file
Original file line number Diff line number Diff line change
@@ -75,7 +75,12 @@ mod tests {

client
.internal
.initialize_user_crypto_master_key(master_key, user_key.parse().unwrap(), private_key)
.initialize_user_crypto_master_key(
master_key,
user_key.parse().unwrap(),
private_key,
None,
)
.unwrap();

client
10 changes: 7 additions & 3 deletions crates/bitwarden-core/src/auth/tde.rs
View file
Original file line number Diff line number Diff line change
@@ -37,9 +37,13 @@
kdf: Kdf::default(),
},
));
client
.internal
.initialize_user_crypto_decrypted_key(user_key.0, key_pair.private.clone())?;
client.internal.initialize_user_crypto_decrypted_key(
user_key.0,
key_pair.private.clone(),
// Note: Signing keys are not supported on registration yet. This needs to be changed as
// soon as registration is supported.
None,
)?;

Check warning on line 46 in crates/bitwarden-core/src/auth/tde.rs

Codecov / codecov/patch

crates/bitwarden-core/src/auth/tde.rs#L40-L46 

Added lines #L40 - L46 were not covered by tests

Ok(RegisterTdeKeyResponse {
private_key: key_pair.private,
23 changes: 18 additions & 5 deletions crates/bitwarden-core/src/client/encryption_settings.rs
View file
Original file line number Diff line number Diff line change
@@ -1,14 +1,12 @@
#[cfg(feature = "internal")]
use bitwarden_crypto::{AsymmetricCryptoKey, EncString, UnsignedSharedKey};
use bitwarden_crypto::{EncString, UnsignedSharedKey};
#[cfg(any(feature = "internal", feature = "secrets"))]
use bitwarden_crypto::{KeyStore, SymmetricCryptoKey};
use bitwarden_error::bitwarden_error;
use thiserror::Error;
#[cfg(any(feature = "internal", feature = "secrets"))]
use uuid::Uuid;

#[cfg(feature = "internal")]
use crate::key_management::AsymmetricKeyId;
#[cfg(any(feature = "internal", feature = "secrets"))]
use crate::key_management::{KeyIds, SymmetricKeyId};
use crate::{error::UserIdAlreadySetError, MissingPrivateKeyError, VaultLockedError};
@@ -48,12 +46,15 @@
pub(crate) fn new_decrypted_key(
user_key: SymmetricCryptoKey,
private_key: EncString,
signing_key: Option<EncString>,
store: &KeyStore<KeyIds>,
) -> Result<(), EncryptionSettingsError> {
use bitwarden_crypto::KeyDecryptable;
use bitwarden_crypto::{
AsymmetricCryptoKey, CoseSerializable, CryptoError, KeyDecryptable, SigningKey,
};
use log::warn;

use crate::key_management::{AsymmetricKeyId, SymmetricKeyId};
use crate::key_management::{AsymmetricKeyId, SigningKeyId, SymmetricKeyId};

let private_key = {
let dec: Vec<u8> = private_key.decrypt_with_key(&user_key)?;
@@ -71,6 +72,12 @@
// .map_err(|_| EncryptionSettingsError::InvalidPrivateKey)?,
// )
};
let signing_key = signing_key
.map(|key| {
let dec: Vec<u8> = key.decrypt_with_key(&user_key)?;
SigningKey::from_cose(dec.as_slice()).map_err(Into::<CryptoError>::into)

Check warning on line 78 in crates/bitwarden-core/src/client/encryption_settings.rs

Codecov / codecov/patch

crates/bitwarden-core/src/client/encryption_settings.rs#L77-L78 

Added lines #L77 - L78 were not covered by tests
})
.transpose()?;

// FIXME: [PM-18098] When this is part of crypto we won't need to use deprecated methods
#[allow(deprecated)]
@@ -80,6 +87,10 @@
if let Some(private_key) = private_key {
ctx.set_asymmetric_key(AsymmetricKeyId::UserPrivateKey, private_key)?;
}

if let Some(signing_key) = signing_key {
ctx.set_signing_key(SigningKeyId::UserSigningKey, signing_key)?;

Check warning on line 92 in crates/bitwarden-core/src/client/encryption_settings.rs

Codecov / codecov/patch

crates/bitwarden-core/src/client/encryption_settings.rs#L92 

Added line #L92 was not covered by tests
}
}

Ok(())
@@ -106,6 +117,8 @@
org_enc_keys: Vec<(Uuid, UnsignedSharedKey)>,
store: &KeyStore<KeyIds>,
) -> Result<(), EncryptionSettingsError> {
use crate::key_management::AsymmetricKeyId;

let mut ctx = store.context_mut();

// FIXME: [PM-11690] - Early abort to handle private key being corrupt
12 changes: 7 additions & 5 deletions crates/bitwarden-core/src/client/internal.rs
View file
Original file line number Diff line number Diff line change
@@ -8,10 +8,9 @@ use bitwarden_crypto::{EncString, Kdf, MasterKey, PinKey, UnsignedSharedKey};
use chrono::Utc;
use uuid::Uuid;

use super::encryption_settings::EncryptionSettings;
#[cfg(feature = "secrets")]
use super::login_method::ServiceAccountLoginMethod;
#[cfg(any(feature = "internal", feature = "secrets"))]
use crate::client::encryption_settings::EncryptionSettings;
use crate::{
auth::renew::renew_token, client::login_method::LoginMethod, error::UserIdAlreadySetError,
key_management::KeyIds, DeviceType,
@@ -199,9 +198,10 @@ impl InternalClient {
master_key: MasterKey,
user_key: EncString,
private_key: EncString,
signing_key: Option<EncString>,
) -> Result<(), EncryptionSettingsError> {
let user_key = master_key.decrypt_user_key(user_key)?;
EncryptionSettings::new_decrypted_key(user_key, private_key, &self.key_store)?;
EncryptionSettings::new_decrypted_key(user_key, private_key, signing_key, &self.key_store)?;

Ok(())
}
@@ -211,8 +211,9 @@ impl InternalClient {
&self,
user_key: SymmetricCryptoKey,
private_key: EncString,
signing_key: Option<EncString>,
) -> Result<(), EncryptionSettingsError> {
EncryptionSettings::new_decrypted_key(user_key, private_key, &self.key_store)?;
EncryptionSettings::new_decrypted_key(user_key, private_key, signing_key, &self.key_store)?;

Ok(())
}
@@ -223,9 +224,10 @@ impl InternalClient {
pin_key: PinKey,
pin_protected_user_key: EncString,
private_key: EncString,
signing_key: Option<EncString>,
) -> Result<(), EncryptionSettingsError> {
let decrypted_user_key = pin_key.decrypt_user_key(pin_protected_user_key)?;
self.initialize_user_crypto_decrypted_key(decrypted_user_key, private_key)
self.initialize_user_crypto_decrypted_key(decrypted_user_key, private_key, signing_key)
}

#[cfg(feature = "secrets")]
3 changes: 3 additions & 0 deletions crates/bitwarden-core/src/client/test_accounts.rs
View file
Original file line number Diff line number Diff line change
@@ -125,6 +125,8 @@
email: "test@bitwarden.com".to_owned(),
private_key: "2.yN7l00BOlUE0Sb0M//Q53w==|EwKG/BduQRQ33Izqc/ogoBROIoI5dmgrxSo82sgzgAMIBt3A2FZ9vPRMY+GWT85JiqytDitGR3TqwnFUBhKUpRRAq4x7rA6A1arHrFp5Tp1p21O3SfjtvB3quiOKbqWk6ZaU1Np9HwqwAecddFcB0YyBEiRX3VwF2pgpAdiPbSMuvo2qIgyob0CUoC/h4Bz1be7Qa7B0Xw9/fMKkB1LpOm925lzqosyMQM62YpMGkjMsbZz0uPopu32fxzDWSPr+kekNNyLt9InGhTpxLmq1go/pXR2uw5dfpXc5yuta7DB0EGBwnQ8Vl5HPdDooqOTD9I1jE0mRyuBpWTTI3FRnu3JUh3rIyGBJhUmHqGZvw2CKdqHCIrQeQkkEYqOeJRJVdBjhv5KGJifqT3BFRwX/YFJIChAQpebNQKXe/0kPivWokHWwXlDB7S7mBZzhaAPidZvnuIhalE2qmTypDwHy22FyqV58T8MGGMchcASDi/QXI6kcdpJzPXSeU9o+NC68QDlOIrMVxKFeE7w7PvVmAaxEo0YwmuAzzKy9QpdlK0aab/xEi8V4iXj4hGepqAvHkXIQd+r3FNeiLfllkb61p6WTjr5urcmDQMR94/wYoilpG5OlybHdbhsYHvIzYoLrC7fzl630gcO6t4nM24vdB6Ymg9BVpEgKRAxSbE62Tqacxqnz9AcmgItb48NiR/He3n3ydGjPYuKk/ihZMgEwAEZvSlNxYONSbYrIGDtOY+8Nbt6KiH3l06wjZW8tcmFeVlWv+tWotnTY9IqlAfvNVTjtsobqtQnvsiDjdEVtNy/s2ci5TH+NdZluca2OVEr91Wayxh70kpM6ib4UGbfdmGgCo74gtKvKSJU0rTHakQ5L9JlaSDD5FamBRyI0qfL43Ad9qOUZ8DaffDCyuaVyuqk7cz9HwmEmvWU3VQ+5t06n/5kRDXttcw8w+3qClEEdGo1KeENcnXCB32dQe3tDTFpuAIMLqwXs6FhpawfZ5kPYvLPczGWaqftIs/RXJ/EltGc0ugw2dmTLpoQhCqrcKEBDoYVk0LDZKsnzitOGdi9mOWse7Se8798ib1UsHFUjGzISEt6upestxOeupSTOh0v4+AjXbDzRUyogHww3V+Bqg71bkcMxtB+WM+pn1XNbVTyl9NR040nhP7KEf6e9ruXAtmrBC2ah5cFEpLIot77VFZ9ilLuitSz+7T8n1yAh1IEG6xxXxninAZIzi2qGbH69O5RSpOJuJTv17zTLJQIIc781JwQ2TTwTGnx5wZLbffhCasowJKd2EVcyMJyhz6ru0PvXWJ4hUdkARJs3Xu8dus9a86N8Xk6aAPzBDqzYb1vyFIfBxP0oO8xFHgd30Cgmz8UrSE3qeWRrF8ftrI6xQnFjHBGWD/JWSvd6YMcQED0aVuQkuNW9ST/DzQThPzRfPUoiL10yAmV7Ytu4fR3x2sF0Yfi87YhHFuCMpV/DsqxmUizyiJuD938eRcH8hzR/VO53Qo3UIsqOLcyXtTv6THjSlTopQ+JOLOnHm1w8dzYbLN44OG44rRsbihMUQp+wUZ6bsI8rrOnm9WErzkbQFbrfAINdoCiNa6cimYIjvvnMTaFWNymqY1vZxGztQiMiHiHYwTfwHTXrb9j0uPM=|09J28iXv9oWzYtzK2LBT6Yht4IT4MijEkk0fwFdrVQ4=".parse::<EncString>().unwrap().to_owned(),

signing_key: None,

method: InitUserCryptoMethod::Password {
password: "asdfasdfasdf".to_owned(),
user_key: "2.Q/2PhzcC7GdeiMHhWguYAQ==|GpqzVdr0go0ug5cZh1n+uixeBC3oC90CIe0hd/HWA/pTRDZ8ane4fmsEIcuc8eMKUt55Y2q/fbNzsYu41YTZzzsJUSeqVjT8/iTQtgnNdpo=|dwI+uyvZ1h/iZ03VQ+/wrGEFYVewBUUl/syYgjsNMbE=".parse().unwrap(),
@@ -182,6 +184,7 @@
},
email: "legacy@bitwarden.com".to_owned(),
private_key: "2.leBIE5u0aQUeXi++JzAnrA==|P8x+hs00RJx7epw+49qVtBhLJxE/JTL5dEHg6kq5pbZLdUY8ZvWK49v0EqgHbv1r298N9+msoO9hmdSIVIAZyycemYDSoc1rX4S1KpS/ZMA/Vd3VLFb+o13Ts62GFQ5ygHKgQZfzjU6jO5P/B/0igzFoxyJDomhW5NBC1P9+e/5qNRZN8loKvAaWc/7XtpRayPQqWx+AgYc2ntb1GF5hRVrW4M47bG5ZKllbJWtQKg2sXIy2lDBbKLRFWF4RFzNVcXQGMoPdWLY0f3uTwUH01dyGmFFMbOvfBEuYqmZyPdd93ve8zuFOEqkj46Ulpq2CVG8NvZARTwsdKl6XB0wGuHFoTsDJT2SJGl67pBBKsVRGxy059QW+9hAIB+emIV0T/7+0rvdeSXZ4AbG+oXGEXFTkHefwJKfeT0MBTAjYKr7ZRLgqvf7n39+nCEJU4l22kp8FmjcWIU7AgNipdGHC+UT2yfOcYlvgBgWDcMXcbVDMyus9105RgcW6PHozUj7yjbohI/A3XWmAFufP6BSnmEFCKoik78X/ry09xwiH2rN4KVXe/k9LpRNB2QBGIVsfgCrkxjeE8r0nA59Rvwrhny1z5BkvMW/N1KrGuafg/IYgegx72gJNuZPZlFu1Vs7HxySHmzYvm3DPV7bzCaAxxNtvZmQquNIEnsDQfjJO76iL1JCtDqNJVzGLHTMTr7S5hkOcydcH3kfKwZdA1ULVd2qu0SwOUEP/ECjU/cS5INy6WPYzNMAe/g2DISpQjNwBb5K17PIiGOR7/Q/A6E8pVnkHiAXuUFr9aLOYN9BWSu5Z+BPHH65na2FDmssix5WV09I2sUBfvdNCjkrUGdYgo8E+vOTn35x9GJHF45uhmgC1yAn/+/RSpORlrSVJ7NNP11dn3htUpSsIy/b7ituAu8Ry5mhicFU8CXJL4NeMlXThUt8P++wxs4wMkBvJ8J9NJAVKbAOA2o+GOdjbh6Ww3IRegkurWh4oL/dFSx0LpaXJuw6HFT/LzticPlSwHtUP11hZ81seMsXmkSZd8IugRFfwpPl7N6PVRWDOKxLf4gPqcnJ11TvfasXy1uolV2vZCPbrbbVzQMPdVwL/OzwfhqsIgQZI8rsDMK5D2EX8MaT8MDfGcsYcVTL9PmuZYLpOUnnHX0A1opAAa9iPw3d+eWB/GAyLvKPnMTUqVNos8HcCktXckCshihA8QuBJOwg3m0j2LPSZ5Jvf8gbXauBmt9I4IlJq0xfpgquYY1WNnO8IcWE4N9W+ASvOr9gnduA6CkDeAlyMUFmdpkeCjGMcsV741bTCPApSQlL3/TOT1cjK3iejWpz0OaVHXyg02hW2fNkOfYfr81GvnLvlHxIg4Prw89gKuWU+kQk82lFQo6QQpqbCbJC2FleurD8tYoSY0srhuioVInffvTxw2NMF7FQEqUcsK9AMKSEiDqzBi35Um/fiE3JL4XZBFw8Xzl7X3ab5nlg8X+xD5uSZY+oxD3sDVXjLaQ5JUoys+MCm0FkUj85l0zT6rvM4QLhU1RDK1U51T9HJhh8hsFJsqL4abRzwEWG7PSi859zN4UsgyuQfmBJv/n7QAFCbrJhVBlGB1TKLZRzvgmKoxTYTG3cJFkjetLcUTwrwC9naxAQRfF4=|ufHf73IzJ707dx44w4fjkuD7tDa50OwmmkxcypAT9uQ=".parse::<EncString>().unwrap().to_owned(),
signing_key: None,

Check warning on line 187 in crates/bitwarden-core/src/client/test_accounts.rs

Codecov / codecov/patch

crates/bitwarden-core/src/client/test_accounts.rs#L187 

Added line #L187 was not covered by tests
method: InitUserCryptoMethod::Password {
password: "asdfasdfasdf".to_owned(),
user_key: "0.8UClLa8IPE1iZT7chy5wzQ==|6PVfHnVk5S3XqEtQemnM5yb4JodxmPkkWzmDRdfyHtjORmvxqlLX40tBJZ+CKxQWmS8tpEB5w39rbgHg/gqs0haGdZG4cPbywsgGzxZ7uNI=".parse().unwrap(),
Loading