bitwarden · quexten · Mar 11, 2025 · Mar 11, 2025 · Mar 11, 2025 · Mar 11, 2025
@@ -1,4 +1,4 @@
-use bitwarden_crypto::CryptoError;
+use bitwarden_crypto::{opaque_ke::opaque::OpaqueImpl, CryptoError, SymmetricCryptoKey};
 #[cfg(feature = "internal")]
 use bitwarden_crypto::{AsymmetricEncString, EncString};
 
@@ -81,6 +81,72 @@
     ) -> Result<VerifyAsymmetricKeysResponse, CryptoError> {
         verify_asymmetric_keys(request)
     }
+
+    pub fn opaque_register_start(
+        &self,
+        password: &str,
+        config: &bitwarden_crypto::opaque_ke::types::CipherConfiguration,
+    ) -> Result<
+        bitwarden_crypto::opaque_ke::types::ClientRegistrationStartResult,
+        bitwarden_crypto::OpaqueError,
+    > {
+        config.start_client_registration(password)
+    }
+
+    pub fn opaque_register_finish(
+        &self,
+        password: &str,
+        config: &bitwarden_crypto::opaque_ke::types::CipherConfiguration,
+        registration_response: &[u8],
+        state: &[u8],
+    ) -> Result<
+        bitwarden_crypto::opaque_ke::types::ClientRegistrationFinishResult,
+        bitwarden_crypto::OpaqueError,
+    > {
+        config.finish_client_registration(state, registration_response, password)
+    }
+
+    pub fn opaque_login_start(
+        &self,
+        password: &str,
+        config: &bitwarden_crypto::opaque_ke::types::CipherConfiguration,
+    ) -> Result<
+        bitwarden_crypto::opaque_ke::types::ClientLoginStartResult,
+        bitwarden_crypto::OpaqueError,
+    > {
+        config.start_client_login(password)
+    }
+
+    pub fn opaque_login_finish(
+        &self,
+        password: &str,
+        config: &bitwarden_crypto::opaque_ke::types::CipherConfiguration,
+        login_response: &[u8],
+        state: &[u8],
+    ) -> Result<
+        bitwarden_crypto::opaque_ke::types::ClientLoginFinishResult,
+        bitwarden_crypto::OpaqueError,
+    > {
+        config.finish_client_login(state, login_response, password)
+    }
+
+    /// Create a new rotateable keyset from an export key and an encapsulated key
+    /// Note: The export key must be 32 bytes
+    pub fn create_rotateablekeyset_from_exportkey(
+        &self,
+        export_key: &mut [u8],
+        encapsulated_key: &SymmetricCryptoKey,
+    ) -> Result<bitwarden_crypto::rotateable_keyset::RotateableKeyset, CryptoError> {
+        bitwarden_crypto::rotateable_keyset::RotateableKeyset::new(export_key, encapsulated_key)
+    }
+
+    pub fn decapsulate_key_from_rotateablekeyset(
+        &self,
+        rotateable_keyset: bitwarden_crypto::rotateable_keyset::RotateableKeyset,
+        encapsulating_key: &[u8],
+    ) -> Result<SymmetricCryptoKey, CryptoError> {
+        rotateable_keyset.decapsulate_key(encapsulating_key)
+    }
 }
 
 impl<'a> Client {

@@ -35,12 +35,14 @@ hkdf = ">=0.12.3, <0.13"
 hmac = ">=0.12.1, <0.13"
 num-bigint = ">=0.4, <0.5"
 num-traits = ">=0.2.15, <0.3"
+opaque-ke = "3.0.0"
 pbkdf2 = { version = ">=0.12.1, <0.13", default-features = false }
 rand = ">=0.8.5, <0.9"
 rayon = ">=1.8.1, <2.0"
 rsa = ">=0.9.2, <0.10"
 schemars = { workspace = true }
 serde = { workspace = true }
+serde_bytes = "0.11.17"
 sha1 = ">=0.10.5, <0.11"
 sha2 = ">=0.10.6, <0.11"
 subtle = ">=2.5.0, <3.0"

@@ -8,7 +8,7 @@ use crate::{util::hkdf_expand, Result};
 /// Stretch the given key using HKDF.
 /// This can be either a kdf-derived key (PIN/Master password) or
 /// a random key from key connector
-pub(super) fn stretch_key(key: &Pin<Box<GenericArray<u8, U32>>>) -> Result<Aes256CbcHmacKey> {
+pub(crate) fn stretch_key(key: &Pin<Box<GenericArray<u8, U32>>>) -> Result<Aes256CbcHmacKey> {
     Ok(Aes256CbcHmacKey {
         enc_key: hkdf_expand(key, Some("enc"))?,
         mac_key: hkdf_expand(key, Some("mac"))?,

@@ -78,6 +78,7 @@ pub use enc_string::{AsymmetricEncString, EncString};
 mod error;
 pub use error::CryptoError;
 pub(crate) use error::Result;
+pub use opaque_ke::error::OpaqueError;
 mod fingerprint;
 pub use fingerprint::fingerprint;
 mod keys;
@@ -94,6 +95,8 @@ mod traits;
 mod xchacha20;
 pub use traits::{Decryptable, Encryptable, IdentifyKey, KeyId, KeyIds};
 pub use zeroizing_alloc::ZeroAlloc as ZeroizingAllocator;
+pub mod opaque_ke;
+pub mod rotateable_keyset;
 
 #[cfg(feature = "uniffi")]
 uniffi::setup_scaffolding!();

@@ -0,0 +1,23 @@
+use serde::{Deserialize, Serialize};
+use thiserror::Error;
+#[cfg(feature = "wasm")]
+use tsify_next::Tsify;
+
+#[derive(Debug, Error, Deserialize, Serialize)]
+#[cfg_attr(feature = "wasm", derive(Tsify), tsify(into_wasm_abi, from_wasm_abi))]
+pub enum OpaqueError {
+    #[error("Error creating message {0}")]
+    Message(String),
+    #[error("Error deserializing message")]
+    Deserialize,
+    #[error("Invalid input: {0}")]
+    InvalidInput(String),
+    #[error("Opaque protocol error {0}")]
+    Protocol(String),
+}
+
+impl From<opaque_ke::errors::ProtocolError> for OpaqueError {
+    fn from(error: opaque_ke::errors::ProtocolError) -> Self {
+        Self::Protocol(error.to_string())
+    }
+}
@@ -0,0 +1,92 @@
+use std::collections::HashMap;
+
+use opaque_ke::ServerSetup;
+
+use super::{
+    opaque::OpaqueImpl,
+    types::{CipherConfiguration, RistrettoTripleDhArgonSuite},
+};
+use crate::OpaqueError;
+
+/// Mock opaque server implementation for testing purposes.
+/// Stores server state and registrations in-memory
+pub(crate) struct MockServer {
+    server_setups: HashMap<u8, Vec<u8>>,
+    password_files: HashMap<u8, Vec<u8>>,
+    server_login_state: HashMap<u8, Vec<u8>>,
+    id_counter: u8,
+}
+
+impl MockServer {
+    pub(crate) fn new() -> Self {
+        MockServer {
+            server_setups: HashMap::new(),
+            password_files: HashMap::new(),
+            server_login_state: HashMap::new(),
+            id_counter: 0,
+        }
+    }
+
+    pub(crate) fn register_start(
+        &mut self,
+        register_start_message: &[u8],
+        config: CipherConfiguration,
+    ) -> Result<(Vec<u8>, u8), OpaqueError> {
+        let id = self.id_counter;
+        self.id_counter += 1;
+
+        let server_setup = ServerSetup::<RistrettoTripleDhArgonSuite>::new(&mut rand::thread_rng())
+            .serialize()
+            .to_vec();
+        let result = config
+            .start_server_registration(Some(&server_setup), register_start_message, "username")
+            .unwrap();
+        self.server_setups.insert(id, server_setup);
+        Ok((result.registration_response, id))
+    }
+
+    pub(crate) fn register_finish(
+        &mut self,
+        register_finish_message: &[u8],
+        id: u8,
+        config: CipherConfiguration,
+    ) {
+        let result = config
+            .finish_server_registration(register_finish_message)
+            .unwrap();
+        self.password_files.insert(id, result.server_registration);
+    }
+
+    pub(crate) fn login_start(
+        &mut self,
+        login_start_message: &[u8],
+        id: u8,
+        config: CipherConfiguration,
+    ) -> Vec<u8> {
+        let login_state = config
+            .start_server_login(
+                self.server_setups.get(&id).unwrap(),
+                self.password_files.get(&id).unwrap(),
+                login_start_message,
+                "username",
+            )
+            .unwrap();
+        self.server_login_state.insert(id, login_state.state);
+        login_state.credential_response
+    }
+
+    pub(crate) fn login_finish(
+        &self,
+        login_finish_message: &[u8],
+        id: u8,
+        config: CipherConfiguration,
+    ) -> Vec<u8> {
+        config
+            .finish_server_login(
+                self.server_login_state.get(&id).unwrap(),
+                login_finish_message,
+            )
+            .unwrap()
+            .session_key
+    }
+}
@@ -0,0 +1,5 @@
+pub mod error;
+#[cfg(test)]
+mod mock_server;
+pub mod opaque;
+pub mod types;