Merge branch 'main' into ps/uniffi-passkey-improvements

# Conflicts:
#	crates/bitwarden-crypto/src/uniffi_support.rs
#	crates/bitwarden-uniffi/src/uniffi_support.rs
#	crates/bitwarden/src/platform/fido2/authenticator.rs
#	crates/bitwarden/src/platform/fido2/client.rs
#	crates/bitwarden/src/uniffi_support.rs
#	crates/bitwarden/src/vault/cipher/login.rs

Author: dani-garcia

.github/renovate.json

@@ -2,7 +2,10 @@
   "$schema": "https://docs.renovatebot.com/renovate-schema.json",
   "extends": ["github>bitwarden/renovate-config:non-pinned"],
   "separateMajorMinor": true,
-  "enabledManagers": ["cargo", "dockerfile", "github-actions", "npm", "nuget"],
+  "enabledManagers": ["cargo", "dockerfile", "github-actions", "gomod", "npm", "nuget"],
+  "constraints": {
+    "go": "1.21"
+  },
   "packageRules": [
     {
       "matchManagers": ["cargo"],
@@ -19,6 +22,11 @@
       "groupName": "gh minor",
       "matchManagers": ["github-actions"],
       "matchUpdateTypes": ["minor", "patch"]
+    },
+    {
+      "groupName": "go minor",
+      "matchManagers": ["gomod"],
+      "matchUpdateTypes": ["minor", "patch"]
     }
   ],
   "ignoreDeps": ["dotnet-sdk"]

.github/workflows/build-cli.yml

@@ -140,10 +140,10 @@ jobs:
       fail-fast: false
       matrix:
         settings:
-          - os: macos-12
+          - os: macos-13
             target: x86_64-apple-darwin
 
-          - os: macos-12
+          - os: macos-13
             target: aarch64-apple-darwin
 
     steps:
@@ -300,7 +300,7 @@ jobs:
 
   macos-universal-binary:
     name: Generate universal macOS binary
-    runs-on: macos-12
+    runs-on: macos-13
     needs:
       - setup
       - build-macos

.github/workflows/build-cpp.yml

@@ -27,7 +27,7 @@ jobs:
       fail-fast: false
       matrix:
         settings:
-          - os: macos-12
+          - os: macos-13
             target: x86_64-apple-darwin
 
           # - os: windows-2022

.github/workflows/build-napi.yml

@@ -27,13 +27,13 @@ jobs:
       fail-fast: false
       matrix:
         settings:
-          - os: macos-12
+          - os: macos-13
             target: x86_64-apple-darwin
             build: |
               npm run build
               strip -x *.node
 
-          - os: macos-12
+          - os: macos-13
             target: aarch64-apple-darwin
             build: |
               npm run build-arm64

.github/workflows/build-python-wheels.yml

@@ -46,10 +46,10 @@ jobs:
       fail-fast: false
       matrix:
         settings:
-          - os: macos-12
+          - os: macos-13
             target: x86_64-apple-darwin
 
-          - os: macos-12
+          - os: macos-13
             target: aarch64-apple-darwin
 
           - os: windows-2022

.github/workflows/build-rust-cross-platform.yml

@@ -18,9 +18,9 @@ jobs:
       fail-fast: false
       matrix:
         settings:
-          - os: macos-12
+          - os: macos-13
             target: x86_64-apple-darwin
-          - os: macos-12
+          - os: macos-13
             target: aarch64-apple-darwin
           - os: windows-2022
             target: x86_64-pc-windows-msvc

.github/workflows/direct-minimal-versions.yml

@@ -22,10 +22,10 @@ jobs:
       fail-fast: false
       matrix:
         settings:
-          #- os: macos-12
+          #- os: macos-13
           #  target: x86_64-apple-darwin
 
-          #- os: macos-12
+          #- os: macos-13
           #  target: aarch64-apple-darwin
 
           - os: windows-2022

Cargo.lock

@@ -89,57 +89,6 @@ strive towards modifying the templates as little as possible to ease future upgr
 Note: If you don't have the nightly toolchain installed, the `build-api.sh` script will install it
 for you.
 
-## Tests
-
-Many of the SDK tests are based on encrypted data provided by the other Bitwarden clients. In order
-to provide a consistent method of retrieving the data we provide a test account with user keys.
-
-**Disclaimer:** The server typically encrypts and protects certain fields. In order to allow
-accounts to be used on other servers this protection was explicitly removed from these data dumps.
-
-### `[email protected]`
-
-- Email: `[email protected]`
-- Password: `asdfasdfasdf`
-- PBKDF2: `600_000` iterations
-
-```sql
-INSERT INTO vault_dev.dbo.[User] (
-  Id, Name, Email, EmailVerified, MasterPassword,
-  MasterPasswordHint, Culture, SecurityStamp,
-  TwoFactorProviders, TwoFactorRecoveryCode,
-  EquivalentDomains, ExcludedGlobalEquivalentDomains,
-  AccountRevisionDate, [Key], PublicKey,
-  PrivateKey, Premium, PremiumExpirationDate,
-  Storage, MaxStorageGb, Gateway, GatewayCustomerId,
-  GatewaySubscriptionId, LicenseKey,
-  CreationDate, RevisionDate, RenewalReminderDate,
-  Kdf, KdfIterations, ReferenceData,
-  ApiKey, ForcePasswordReset, UsesKeyConnector,
-  FailedLoginCount, LastFailedLoginDate,
-  AvatarColor, KdfMemory, KdfParallelism,
-  LastPasswordChangeDate, LastKdfChangeDate,
-  LastKeyRotationDate, LastEmailChangeDate
-)
-VALUES
-  (
-    N 'b1fd4bf2-9643-4787-87f3-b0f00189c33b',
-    N 'Test', N '[email protected]',
-    0, N 'AQAAAAEAAYagAAAAEJ3ky9F/Zt5sy3/UAHVvBarMR+tBXYOM5IGgXy4/mx82uptgHgItauyCN+UZTvAqiA==',
-    null, N 'en-US', N 'F3KL7SCJKEXO4LJFVLGZITPEHM7SAVSZ',
-    null, null, null, null, N '2024-01-07 23:56:48.2600000',
-    N '2.Q/2PhzcC7GdeiMHhWguYAQ==|GpqzVdr0go0ug5cZh1n+uixeBC3oC90CIe0hd/HWA/pTRDZ8ane4fmsEIcuc8eMKUt55Y2q/fbNzsYu41YTZzzsJUSeqVjT8/iTQtgnNdpo=|dwI+uyvZ1h/iZ03VQ+/wrGEFYVewBUUl/syYgjsNMbE=',
-    N 'MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Ww2chogqCpaAR7Uw448am4b7vDFXiM5kXjFlGfXBlrAdAqTTggEvTDlMNYqPlCo+mBM6iFmTTUY9rpZBvFskMnKvsvpJ47/fehAH2o2e3Ulv/5NFevaVCMCmpkBDtbMbO1A4a3btdRtCP8DsKWMefHauEpaoLxNTLWnOIZVfCMjsSgx2EvULHAZPTtbFwm4+UVKniM4ds4jvOsD85h4jn2aLs/jWJXFfxN8iVSqEqpC2TBvsPdyHb49xQoWWfF0Z6BiNqeNGKEU9Uos1pjL+kzhEzzSpH31PZT/ufJ/oo4+93wrUt57hb6f0jxiXhwd5yQ+9F6wVwpbfkq0IwhjOwIDAQAB',
-    N '2.yN7l00BOlUE0Sb0M//Q53w==|EwKG/BduQRQ33Izqc/ogoBROIoI5dmgrxSo82sgzgAMIBt3A2FZ9vPRMY+GWT85JiqytDitGR3TqwnFUBhKUpRRAq4x7rA6A1arHrFp5Tp1p21O3SfjtvB3quiOKbqWk6ZaU1Np9HwqwAecddFcB0YyBEiRX3VwF2pgpAdiPbSMuvo2qIgyob0CUoC/h4Bz1be7Qa7B0Xw9/fMKkB1LpOm925lzqosyMQM62YpMGkjMsbZz0uPopu32fxzDWSPr+kekNNyLt9InGhTpxLmq1go/pXR2uw5dfpXc5yuta7DB0EGBwnQ8Vl5HPdDooqOTD9I1jE0mRyuBpWTTI3FRnu3JUh3rIyGBJhUmHqGZvw2CKdqHCIrQeQkkEYqOeJRJVdBjhv5KGJifqT3BFRwX/YFJIChAQpebNQKXe/0kPivWokHWwXlDB7S7mBZzhaAPidZvnuIhalE2qmTypDwHy22FyqV58T8MGGMchcASDi/QXI6kcdpJzPXSeU9o+NC68QDlOIrMVxKFeE7w7PvVmAaxEo0YwmuAzzKy9QpdlK0aab/xEi8V4iXj4hGepqAvHkXIQd+r3FNeiLfllkb61p6WTjr5urcmDQMR94/wYoilpG5OlybHdbhsYHvIzYoLrC7fzl630gcO6t4nM24vdB6Ymg9BVpEgKRAxSbE62Tqacxqnz9AcmgItb48NiR/He3n3ydGjPYuKk/ihZMgEwAEZvSlNxYONSbYrIGDtOY+8Nbt6KiH3l06wjZW8tcmFeVlWv+tWotnTY9IqlAfvNVTjtsobqtQnvsiDjdEVtNy/s2ci5TH+NdZluca2OVEr91Wayxh70kpM6ib4UGbfdmGgCo74gtKvKSJU0rTHakQ5L9JlaSDD5FamBRyI0qfL43Ad9qOUZ8DaffDCyuaVyuqk7cz9HwmEmvWU3VQ+5t06n/5kRDXttcw8w+3qClEEdGo1KeENcnXCB32dQe3tDTFpuAIMLqwXs6FhpawfZ5kPYvLPczGWaqftIs/RXJ/EltGc0ugw2dmTLpoQhCqrcKEBDoYVk0LDZKsnzitOGdi9mOWse7Se8798ib1UsHFUjGzISEt6upestxOeupSTOh0v4+AjXbDzRUyogHww3V+Bqg71bkcMxtB+WM+pn1XNbVTyl9NR040nhP7KEf6e9ruXAtmrBC2ah5cFEpLIot77VFZ9ilLuitSz+7T8n1yAh1IEG6xxXxninAZIzi2qGbH69O5RSpOJuJTv17zTLJQIIc781JwQ2TTwTGnx5wZLbffhCasowJKd2EVcyMJyhz6ru0PvXWJ4hUdkARJs3Xu8dus9a86N8Xk6aAPzBDqzYb1vyFIfBxP0oO8xFHgd30Cgmz8UrSE3qeWRrF8ftrI6xQnFjHBGWD/JWSvd6YMcQED0aVuQkuNW9ST/DzQThPzRfPUoiL10yAmV7Ytu4fR3x2sF0Yfi87YhHFuCMpV/DsqxmUizyiJuD938eRcH8hzR/VO53Qo3UIsqOLcyXtTv6THjSlTopQ+JOLOnHm1w8dzYbLN44OG44rRsbihMUQp+wUZ6bsI8rrOnm9WErzkbQFbrfAINdoCiNa6cimYIjvvnMTaFWNymqY1vZxGztQiMiHiHYwTfwHTXrb9j0uPM=|09J28iXv9oWzYtzK2LBT6Yht4IT4MijEkk0fwFdrVQ4=',
-    0, null, null, null, null, null, null,
-    null, N '2024-01-07 23:53:38.5900000',
-    N '2024-01-07 23:53:38.5900000',
-    null, 0, 600000, N '{"id":null}', N '7gp59kKHt9kMlks0BuNC4IjNXYkljR',
-    0, 0, 0, null, null, null, null, null,
-    null, null, null
-  );
-```
-
 ## Developer tools
 
 This project recommends the use of certain developer tools, and also includes configurations for

README.md

@@ -9,8 +9,7 @@ use super::{from_b64_vec, split_enc_string};
 use crate::{
     error::{CryptoError, EncStringParseError, Result},
     rsa::encrypt_rsa2048_oaep_sha1,
-    AsymmetricCryptoKey, AsymmetricEncryptable, DecryptedString, DecryptedVec, KeyDecryptable,
-    SensitiveVec,
+    AsymmetricCryptoKey, AsymmetricEncryptable, KeyDecryptable,
 };
 
 // This module is a workaround to avoid deprecated warnings that come from the ZeroizeOnDrop
@@ -147,10 +146,10 @@ impl serde::Serialize for AsymmetricEncString {
 impl AsymmetricEncString {
     /// Encrypt and produce a [AsymmetricEncString::Rsa2048_OaepSha1_B64] variant.
     pub fn encrypt_rsa2048_oaep_sha1(
-        data_dec: SensitiveVec,
+        data_dec: &[u8],
         key: &dyn AsymmetricEncryptable,
     ) -> Result<AsymmetricEncString> {
-        let enc = encrypt_rsa2048_oaep_sha1(key.to_public_key(), data_dec.expose())?;
+        let enc = encrypt_rsa2048_oaep_sha1(key.to_public_key(), data_dec)?;
         Ok(AsymmetricEncString::Rsa2048_OaepSha1_B64 { data: enc })
     }
 
@@ -167,8 +166,8 @@ impl AsymmetricEncString {
     }
 }
 
-impl KeyDecryptable<AsymmetricCryptoKey, DecryptedVec> for AsymmetricEncString {
-    fn decrypt_with_key(&self, key: &AsymmetricCryptoKey) -> Result<DecryptedVec> {
+impl KeyDecryptable<AsymmetricCryptoKey, Vec<u8>> for AsymmetricEncString {
+    fn decrypt_with_key(&self, key: &AsymmetricCryptoKey) -> Result<Vec<u8>> {
         use AsymmetricEncString::*;
         match self {
             Rsa2048_OaepSha256_B64 { data } => key.key.decrypt(Oaep::new::<sha2::Sha256>(), data),
@@ -182,15 +181,14 @@ impl KeyDecryptable<AsymmetricCryptoKey, DecryptedVec> for AsymmetricEncString {
                 key.key.decrypt(Oaep::new::<sha1::Sha1>(), data)
             }
         }
-        .map(|v| DecryptedVec::new(Box::new(v)))
         .map_err(|_| CryptoError::KeyDecrypt)
     }
 }
 
-impl KeyDecryptable<AsymmetricCryptoKey, DecryptedString> for AsymmetricEncString {
-    fn decrypt_with_key(&self, key: &AsymmetricCryptoKey) -> Result<DecryptedString> {
-        let dec: DecryptedVec = self.decrypt_with_key(key)?;
-        dec.try_into()
+impl KeyDecryptable<AsymmetricCryptoKey, String> for AsymmetricEncString {
+    fn decrypt_with_key(&self, key: &AsymmetricCryptoKey) -> Result<String> {
+        let dec: Vec<u8> = self.decrypt_with_key(key)?;
+        String::from_utf8(dec).map_err(|_| CryptoError::InvalidUtf8String)
     }
 }
 
@@ -211,11 +209,8 @@ mod tests {
     use schemars::schema_for;
 
     use super::{AsymmetricCryptoKey, AsymmetricEncString, KeyDecryptable};
-    use crate::{DecryptedString, SensitiveString};
 
-    fn rsa_private_key_string() -> SensitiveString {
-        SensitiveString::test(
-            "-----BEGIN PRIVATE KEY-----
+    const RSA_PRIVATE_KEY: &str = "-----BEGIN PRIVATE KEY-----
 MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCXRVrCX+2hfOQS
 8HzYUS2oc/jGVTZpv+/Ryuoh9d8ihYX9dd0cYh2tl6KWdFc88lPUH11Oxqy20Rk2
 e5r/RF6T9yM0Me3NPnaKt+hlhLtfoc0h86LnhD56A9FDUfuI0dVnPcrwNv0YJIo9
@@ -242,43 +237,41 @@ AoEZ18y6/KIjpSMpqC92Nnk/EBM9EYe6Cf4eA9ApAoGAeqEUg46UTlJySkBKURGp
 Is3v1kkf5I0X8DnOhwb+HPxNaiEdmO7ckm8+tPVgppLcG0+tMdLjigFQiDUQk2y3
 WjyxP5ZvXu7U96jaJRI8PFMoE06WeVYcdIzrID2HvqH+w0UQJFrLJ/0Mn4stFAEz
 XKZBokBGnjFnTnKcs7nv/O8=
------END PRIVATE KEY-----",
-        )
-    }
+-----END PRIVATE KEY-----";
 
     #[test]
     fn test_enc_string_rsa2048_oaep_sha256_b64() {
-        let private_key = AsymmetricCryptoKey::from_pem(rsa_private_key_string()).unwrap();
+        let private_key = AsymmetricCryptoKey::from_pem(RSA_PRIVATE_KEY).unwrap();
         let enc_str: &str = "3.YFqzW9LL/uLjCnl0RRLtndzGJ1FV27mcwQwGjfJPOVrgCX9nJSUYCCDd0iTIyOZ/zRxG47b6L1Z3qgkEfcxjmrSBq60gijc3E2TBMAg7OCLVcjORZ+i1sOVOudmOPWro6uA8refMrg4lqbieDlbLMzjVEwxfi5WpcL876cD0vYyRwvLO3bzFrsE7x33HHHtZeOPW79RqMn5efsB5Dj9wVheC9Ix9AYDjbo+rjg9qR6guwKmS7k2MSaIQlrDR7yu8LP+ePtiSjx+gszJV5jQGfcx60dtiLQzLS/mUD+RmU7B950Bpx0H7x56lT5yXZbWK5YkoP6qd8B8D2aKbP68Ywg==";
         let enc_string: AsymmetricEncString = enc_str.parse().unwrap();
 
         assert_eq!(enc_string.enc_type(), 3);
 
-        let res: DecryptedString = enc_string.decrypt_with_key(&private_key).unwrap();
+        let res: String = enc_string.decrypt_with_key(&private_key).unwrap();
         assert_eq!(res, "EncryptMe!");
     }
 
     #[test]
     fn test_enc_string_rsa2048_oaep_sha1_b64() {
-        let private_key = AsymmetricCryptoKey::from_pem(rsa_private_key_string()).unwrap();
+        let private_key = AsymmetricCryptoKey::from_pem(RSA_PRIVATE_KEY).unwrap();
         let enc_str: &str = "4.ZheRb3PCfAunyFdQYPfyrFqpuvmln9H9w5nDjt88i5A7ug1XE0LJdQHCIYJl0YOZ1gCOGkhFu/CRY2StiLmT3iRKrrVBbC1+qRMjNNyDvRcFi91LWsmRXhONVSPjywzrJJXglsztDqGkLO93dKXNhuKpcmtBLsvgkphk/aFvxbaOvJ/FHdK/iV0dMGNhc/9tbys8laTdwBlI5xIChpRcrfH+XpSFM88+Bu03uK67N9G6eU1UmET+pISJwJvMuIDMqH+qkT7OOzgL3t6I0H2LDj+CnsumnQmDsvQzDiNfTR0IgjpoE9YH2LvPXVP2wVUkiTwXD9cG/E7XeoiduHyHjw==";
         let enc_string: AsymmetricEncString = enc_str.parse().unwrap();
 
         assert_eq!(enc_string.enc_type(), 4);
 
-        let res: DecryptedString = enc_string.decrypt_with_key(&private_key).unwrap();
+        let res: String = enc_string.decrypt_with_key(&private_key).unwrap();
         assert_eq!(res, "EncryptMe!");
     }
 
     #[test]
     fn test_enc_string_rsa2048_oaep_sha1_hmac_sha256_b64() {
-        let private_key = AsymmetricCryptoKey::from_pem(rsa_private_key_string()).unwrap();
+        let private_key = AsymmetricCryptoKey::from_pem(RSA_PRIVATE_KEY).unwrap();
         let enc_str: &str = "6.ThnNc67nNr7GELyuhGGfsXNP2zJnNqhrIsjntEQ27r2qmn8vwdHbTbfO0cwt6YgSibDN0PjiCZ1O3Wb/IFq+vwvyRwFqF9145wBF8CQCbkhV+M0XvO99kh0daovtt120Nve/5ETI5PbPag9VdalKRQWZypJaqQHm5TAQVf4F5wtLlCLMBkzqTk+wkFe7BPMTGn07T+O3eJbTxXvyMZewQ7icJF0MZVA7VyWX9qElmZ89FCKowbf1BMr5pbcQ+0KdXcSVW3to43VkTp7k7COwsuH3M/i1AuVP5YN8ixjyRpvaeGqX/ap2nCHK2Wj5VxgCGT7XEls6ZknnAp9nB9qVjQ==|s3ntw5H/KKD/qsS0lUghTHl5Sm9j6m7YEdNHf0OeAFQ=";
         let enc_string: AsymmetricEncString = enc_str.parse().unwrap();
 
         assert_eq!(enc_string.enc_type(), 6);
 
-        let res: DecryptedString = enc_string.decrypt_with_key(&private_key).unwrap();
+        let res: String = enc_string.decrypt_with_key(&private_key).unwrap();
         assert_eq!(res, "EncryptMe!");
     }