[PM-20493] Add key wrapping / wrapped key facade for encstring & expose keywrap to purecrypto #221
Conversation
|
Great job, no security vulnerabilities found in this Pull Request |
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #221 +/- ##
==========================================
- Coverage 67.05% 66.86% -0.19%
==========================================
Files 212 213 +1
Lines 15989 15993 +4
==========================================
- Hits 10721 10694 -27
- Misses 5268 5299 +31 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
quexten
changed the title
…to km/wrapped-key
| @@ -456,7 +460,8 @@ impl CipherView { | |||
| ctx: &mut KeyStoreContext<KeyIds>, | |||
| key: SymmetricKeyId, | |||
| ) -> Result<(), CryptoError> { | |||
| let old_ciphers_key = Cipher::decrypt_cipher_key(ctx, key, &self.key)?; | |||
| let old_ciphers_key = | |||
| Cipher::decrypt_cipher_key(ctx, key, &self.key.clone().map(|k| k.into()))?; | |||
There was a problem hiding this comment.
Is there a representation that allows us to do this better, especially without the clone? (Could use some advice from someone with more Rust experience here)
There was a problem hiding this comment.
In this specific case, because we're setting the key immediately after and we take the cipher view by mutable reference, you can change clone() by take(), this will take the option by value leaving a None behind, which avoids the clone:
| Cipher::decrypt_cipher_key(ctx, key, &self.key.clone().map(|k| k.into()))?; | |
| Cipher::decrypt_cipher_key(ctx, key, &self.key.take().map(Into::into))?; |
This won't work for the general case where we don't want to mutate the Option though.
If this is the pattern we want to go with, I feel like what we want to do is change the key field in Cipher from an EncString to a WrappedSymmetricKey, which would save us from doing the conversion in the first place.
There was a problem hiding this comment.
If this is the pattern we want to go with, I feel like what we want to do is change the key field in Cipher from an EncString to a WrappedSymmetricKey, which would save us from doing the conversion in the first place.
Do we need to consider the uniffi bindings / wasm bindings here? I see they are exposed, so would this be a breaking change?
There was a problem hiding this comment.
I think for Uniffi and WASM EncString is basically a type alias to string, so assuming we do the same thing with WrappedSymmetricKey (implement Serialize/Deserialize and do the uniffi type conversion), it should basically work.
| impl AsRef<EncString> for WrappedSymmetricKey { | ||
| fn as_ref(&self) -> &EncString { | ||
| &self.0 | ||
| } | ||
| } | ||
|
|
||
| impl From<WrappedSymmetricKey> for EncString { | ||
| fn from(wrapped: WrappedSymmetricKey) -> Self { | ||
| wrapped.0 | ||
| } | ||
| } |
There was a problem hiding this comment.
I feel like having these two conversions kind of defeats the point of the facade, as they allow you to extract the inner EncString accidentally quite easily.
It might be better to have some explicit functions for access to the inner value (maybe even crate-internal if possible):
pub fn into_inner(self) -> EncString {
self.0
}
pub fn as_inner(&self) -> &EncString {
&self.0
}There was a problem hiding this comment.
Agreed. I mostly want to make it so that the user has to explicitly think about and choose to convert them, I don't think banning conversion outside of the crate is possible (yet?).
| @@ -167,9 +164,10 @@ impl<Ids: KeyIds> KeyStoreContext<'_, Ids> { | |||
| &self, | |||
There was a problem hiding this comment.
We should probably consider renaming the function wrap_symmetric_key or something like that as well
|
🎟️ Tracking
https://bitwarden.atlassian.net/browse/PM-20493
📔 Objective
Refactors how wrapped keys are represented in the SDK. We now add a facade around them, that only exposes the unwrap method. Additionally, this exposes key-wrapping to wasm via PureCrypto, in order to act as a backwards compatibility layer for all clients code that has not been migrated to use the SDK entirely yet.
Note: This adds a new module - "safe" to the bitwarden-crypto crate. Any of the methods or structs exposed here should be used first and foremost before anything else within the crypto crate.
🦖 System evolution - "Safe module"
The safe module is meant to serve as a repository for developers to draw from first and foremost. We may want to re-consider moving all other unsafer methods (RSA encrypt, direct encrypt of data, pin-key, masterkey) into a module - hazmat - later on and moving safe to the top level, once the safe crate contains sufficient good abstractions.
The abstractions contained here should be simple to understand, easy to reason about, easy to use in combination and very hard to mis-use.
For instance, master-password unlock, and pin unlock could be represented as:
which completely eliminates the need for developers to care about synchronizing kdf settings and salts, or even caring about things like a masterkey existing.
⏰ Reminders before review
team
🦮 Reviewer guidelines
:+1:) or similar for great changes:memo:) or ℹ️ (:information_source:) for notes or general info:question:) for questions:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmedissue and could potentially benefit from discussion
:art:) for suggestions / improvements:x:) or:warning:) for more significant problems or concerns needing attention:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt:pick:) for minor or nitpick changes