diff --git a/crates/bitwarden-core/src/auth/auth_request.rs b/crates/bitwarden-core/src/auth/auth_request.rs index 2b309127e..dc9be1b90 100644 --- a/crates/bitwarden-core/src/auth/auth_request.rs +++ b/crates/bitwarden-core/src/auth/auth_request.rs @@ -6,7 +6,7 @@ use bitwarden_crypto::{ #[cfg(feature = "internal")] use bitwarden_crypto::{EncString, KeyDecryptable, SymmetricCryptoKey}; -use crate::{error::Error, Client, VaultLocked}; +use crate::{error::Error, Client}; #[cfg_attr(feature = "uniffi", derive(uniffi::Record))] pub struct AuthRequestResponse { @@ -82,7 +82,7 @@ pub(crate) fn approve_auth_request( let public_key = AsymmetricPublicCryptoKey::from_der(&STANDARD.decode(public_key)?)?; let enc = client.internal.get_encryption_settings()?; - let key = enc.get_key(&None).ok_or(VaultLocked)?; + let key = enc.get_key(&None)?; Ok(AsymmetricEncString::encrypt_rsa2048_oaep_sha1( &key.to_vec(), diff --git a/crates/bitwarden-core/src/auth/client_auth.rs b/crates/bitwarden-core/src/auth/client_auth.rs index fa48481e6..1afc39c8c 100644 --- a/crates/bitwarden-core/src/auth/client_auth.rs +++ b/crates/bitwarden-core/src/auth/client_auth.rs @@ -150,11 +150,9 @@ impl<'a> ClientAuth<'a> { #[cfg(feature = "internal")] fn trust_device(client: &Client) -> Result { - use crate::VaultLocked; - let enc = client.internal.get_encryption_settings()?; - let user_key = enc.get_key(&None).ok_or(VaultLocked)?; + let user_key = enc.get_key(&None)?; Ok(DeviceKey::trust_device(user_key)?) } diff --git a/crates/bitwarden-core/src/auth/password/validate.rs b/crates/bitwarden-core/src/auth/password/validate.rs index c5f8993d6..b5f9ccfd2 100644 --- a/crates/bitwarden-core/src/auth/password/validate.rs +++ b/crates/bitwarden-core/src/auth/password/validate.rs @@ -44,8 +44,6 @@ pub(crate) fn validate_password_user_key( password: String, encrypted_user_key: String, ) -> Result { - use crate::VaultLocked; - let login_method = client .internal .get_login_method() @@ -61,12 +59,9 @@ pub(crate) fn validate_password_user_key( .decrypt_user_key(encrypted_user_key.parse()?) .map_err(|_| "wrong password")?; - let enc = client - .internal - .get_encryption_settings() - .map_err(|_| VaultLocked)?; + let enc = client.internal.get_encryption_settings()?; - let existing_key = enc.get_key(&None).ok_or(VaultLocked)?; + let existing_key = enc.get_key(&None)?; if user_key.to_vec() != existing_key.to_vec() { return Err("wrong user key".into()); diff --git a/crates/bitwarden-core/src/auth/renew.rs b/crates/bitwarden-core/src/auth/renew.rs index d53534d58..b35d71d6e 100644 --- a/crates/bitwarden-core/src/auth/renew.rs +++ b/crates/bitwarden-core/src/auth/renew.rs @@ -73,7 +73,7 @@ pub(crate) async fn renew_token(client: &InternalClient) -> Result<()> { if let (IdentityTokenResponse::Payload(r), Some(state_file), Ok(enc_settings)) = (&result, state_file, client.get_encryption_settings()) { - if let Some(enc_key) = enc_settings.get_key(&None) { + if let Ok(enc_key) = enc_settings.get_key(&None) { let state = ClientState::new(r.access_token.clone(), enc_key.to_base64()); _ = state::set(state_file, access_token, state); diff --git a/crates/bitwarden-core/src/client/encryption_settings.rs b/crates/bitwarden-core/src/client/encryption_settings.rs index 138d1568e..828a97139 100644 --- a/crates/bitwarden-core/src/client/encryption_settings.rs +++ b/crates/bitwarden-core/src/client/encryption_settings.rs @@ -1,6 +1,6 @@ use std::collections::HashMap; -use bitwarden_crypto::{AsymmetricCryptoKey, KeyContainer, SymmetricCryptoKey}; +use bitwarden_crypto::{AsymmetricCryptoKey, CryptoError, KeyContainer, SymmetricCryptoKey}; #[cfg(feature = "internal")] use bitwarden_crypto::{AsymmetricEncString, EncString, MasterKey}; use uuid::Uuid; @@ -95,22 +95,25 @@ impl EncryptionSettings { Ok(self) } - pub fn get_key(&self, org_id: &Option) -> Option<&SymmetricCryptoKey> { + pub fn get_key(&self, org_id: &Option) -> Result<&SymmetricCryptoKey, CryptoError> { // If we don't have a private key set (to decode multiple org keys), we just use the main // user key if self.private_key.is_none() { - return Some(&self.user_key); + return Ok(&self.user_key); } match org_id { - Some(org_id) => self.org_keys.get(org_id), - None => Some(&self.user_key), + Some(org_id) => self + .org_keys + .get(org_id) + .ok_or(CryptoError::MissingKey(*org_id)), + None => Ok(&self.user_key), } } } impl KeyContainer for EncryptionSettings { - fn get_key(&self, org_id: &Option) -> Option<&SymmetricCryptoKey> { + fn get_key(&self, org_id: &Option) -> Result<&SymmetricCryptoKey, CryptoError> { EncryptionSettings::get_key(self, org_id) } } diff --git a/crates/bitwarden-core/src/mobile/crypto.rs b/crates/bitwarden-core/src/mobile/crypto.rs index 0fe9e8731..3f8bc562c 100644 --- a/crates/bitwarden-core/src/mobile/crypto.rs +++ b/crates/bitwarden-core/src/mobile/crypto.rs @@ -10,7 +10,7 @@ use serde::{Deserialize, Serialize}; use crate::client::{LoginMethod, UserLoginMethod}; use crate::{ error::{Error, Result}, - Client, VaultLocked, + Client, }; #[cfg(feature = "internal")] @@ -185,7 +185,7 @@ pub async fn initialize_org_crypto(client: &Client, req: InitOrgCryptoRequest) - #[cfg(feature = "internal")] pub async fn get_user_encryption_key(client: &Client) -> Result { let enc = client.internal.get_encryption_settings()?; - let user_key = enc.get_key(&None).ok_or(VaultLocked)?; + let user_key = enc.get_key(&None)?; Ok(user_key.to_base64()) } @@ -203,7 +203,7 @@ pub struct UpdatePasswordResponse { pub fn update_password(client: &Client, new_password: String) -> Result { let enc = client.internal.get_encryption_settings()?; - let user_key = enc.get_key(&None).ok_or(VaultLocked)?; + let user_key = enc.get_key(&None)?; let login_method = client .internal @@ -247,7 +247,7 @@ pub struct DerivePinKeyResponse { #[cfg(feature = "internal")] pub fn derive_pin_key(client: &Client, pin: String) -> Result { let enc = client.internal.get_encryption_settings()?; - let user_key = enc.get_key(&None).ok_or(VaultLocked)?; + let user_key = enc.get_key(&None)?; let login_method = client .internal @@ -265,7 +265,7 @@ pub fn derive_pin_key(client: &Client, pin: String) -> Result Result { let enc = client.internal.get_encryption_settings()?; - let user_key = enc.get_key(&None).ok_or(VaultLocked)?; + let user_key = enc.get_key(&None)?; let pin: String = encrypted_pin.decrypt_with_key(user_key)?; let login_method = client @@ -306,7 +306,7 @@ pub(super) fn enroll_admin_password_reset( let public_key = AsymmetricPublicCryptoKey::from_der(&STANDARD.decode(public_key)?)?; let enc = client.internal.get_encryption_settings()?; - let key = enc.get_key(&None).ok_or(VaultLocked)?; + let key = enc.get_key(&None)?; Ok(AsymmetricEncString::encrypt_rsa2048_oaep_sha1( &key.to_vec(), diff --git a/crates/bitwarden-crypto/src/error.rs b/crates/bitwarden-crypto/src/error.rs index 7cfb354d7..2f21975fc 100644 --- a/crates/bitwarden-crypto/src/error.rs +++ b/crates/bitwarden-crypto/src/error.rs @@ -1,6 +1,7 @@ use std::fmt::Debug; use thiserror::Error; +use uuid::Uuid; use crate::fingerprint::FingerprintError; @@ -16,8 +17,8 @@ pub enum CryptoError { InvalidKeyLen, #[error("The value is not a valid UTF8 String")] InvalidUtf8String, - #[error("Missing Key")] - MissingKey, + #[error("Missing Key for organization with ID {0}")] + MissingKey(Uuid), #[error("EncString error, {0}")] EncString(#[from] EncStringParseError), diff --git a/crates/bitwarden-crypto/src/keys/key_encryptable.rs b/crates/bitwarden-crypto/src/keys/key_encryptable.rs index f1a538d12..044be9fcb 100644 --- a/crates/bitwarden-crypto/src/keys/key_encryptable.rs +++ b/crates/bitwarden-crypto/src/keys/key_encryptable.rs @@ -3,14 +3,14 @@ use std::{collections::HashMap, hash::Hash, sync::Arc}; use rayon::prelude::*; use uuid::Uuid; -use crate::{error::Result, SymmetricCryptoKey}; +use crate::{error::Result, CryptoError, SymmetricCryptoKey}; pub trait KeyContainer: Send + Sync { - fn get_key(&self, org_id: &Option) -> Option<&SymmetricCryptoKey>; + fn get_key(&self, org_id: &Option) -> Result<&SymmetricCryptoKey, CryptoError>; } impl KeyContainer for Arc { - fn get_key(&self, org_id: &Option) -> Option<&SymmetricCryptoKey> { + fn get_key(&self, org_id: &Option) -> Result<&SymmetricCryptoKey, CryptoError> { self.as_ref().get_key(org_id) } } @@ -20,7 +20,7 @@ pub trait LocateKey { &self, enc: &'a dyn KeyContainer, org_id: &Option, - ) -> Option<&'a SymmetricCryptoKey> { + ) -> Result<&'a SymmetricCryptoKey, CryptoError> { enc.get_key(org_id) } } diff --git a/crates/bitwarden-exporters/src/export.rs b/crates/bitwarden-exporters/src/export.rs index 0721ae11f..7fa05413d 100644 --- a/crates/bitwarden-exporters/src/export.rs +++ b/crates/bitwarden-exporters/src/export.rs @@ -1,4 +1,4 @@ -use bitwarden_core::{Client, VaultLocked}; +use bitwarden_core::Client; use bitwarden_crypto::KeyDecryptable; use bitwarden_vault::{Cipher, CipherView, Collection, Folder, FolderView}; @@ -14,7 +14,7 @@ pub(crate) fn export_vault( format: ExportFormat, ) -> Result { let enc = client.internal.get_encryption_settings()?; - let key = enc.get_key(&None).ok_or(VaultLocked)?; + let key = enc.get_key(&None)?; let folders: Vec = folders.decrypt_with_key(key)?; let folders: Vec = folders.into_iter().flat_map(|f| f.try_into()).collect(); diff --git a/crates/bitwarden-fido/src/authenticator.rs b/crates/bitwarden-fido/src/authenticator.rs index 972415327..9d4371476 100644 --- a/crates/bitwarden-fido/src/authenticator.rs +++ b/crates/bitwarden-fido/src/authenticator.rs @@ -483,7 +483,7 @@ impl passkey::authenticator::CredentialStore for CredentialStoreImpl<'_> { .replace(selected.clone()); // Encrypt the updated cipher before sending it to the clients to be stored - let key = enc.get_key(&selected.organization_id).ok_or(VaultLocked)?; + let key = enc.get_key(&selected.organization_id)?; let encrypted = selected.encrypt_with_key(key)?; this.authenticator @@ -557,7 +557,7 @@ impl passkey::authenticator::CredentialStore for CredentialStoreImpl<'_> { .replace(selected.clone()); // Encrypt the updated cipher before sending it to the clients to be stored - let key = enc.get_key(&selected.organization_id).ok_or(VaultLocked)?; + let key = enc.get_key(&selected.organization_id)?; let encrypted = selected.encrypt_with_key(key)?; this.authenticator diff --git a/crates/bitwarden-send/src/client_sends.rs b/crates/bitwarden-send/src/client_sends.rs index da1c527f0..bf496e013 100644 --- a/crates/bitwarden-send/src/client_sends.rs +++ b/crates/bitwarden-send/src/client_sends.rs @@ -1,6 +1,6 @@ use std::path::Path; -use bitwarden_core::{Client, Error, VaultLocked}; +use bitwarden_core::{Client, Error}; use bitwarden_crypto::{EncString, KeyDecryptable, KeyEncryptable}; use crate::{Send, SendListView, SendView}; @@ -16,7 +16,7 @@ impl<'a> ClientSends<'a> { pub fn decrypt(&self, send: Send) -> Result { let enc = self.client.internal.get_encryption_settings()?; - let key = enc.get_key(&None).ok_or(VaultLocked)?; + let key = enc.get_key(&None)?; let send_view = send.decrypt_with_key(key)?; @@ -25,7 +25,7 @@ impl<'a> ClientSends<'a> { pub fn decrypt_list(&self, sends: Vec) -> Result, Error> { let enc = self.client.internal.get_encryption_settings()?; - let key = enc.get_key(&None).ok_or(VaultLocked)?; + let key = enc.get_key(&None)?; let send_views = sends.decrypt_with_key(key)?; @@ -46,7 +46,7 @@ impl<'a> ClientSends<'a> { pub fn decrypt_buffer(&self, send: Send, encrypted_buffer: &[u8]) -> Result, Error> { let enc = self.client.internal.get_encryption_settings()?; - let key = enc.get_key(&None).ok_or(VaultLocked)?; + let key = enc.get_key(&None)?; let key = Send::get_key(&send.key, key)?; let buf = EncString::from_buffer(encrypted_buffer)?; @@ -55,7 +55,7 @@ impl<'a> ClientSends<'a> { pub fn encrypt(&self, send_view: SendView) -> Result { let enc = self.client.internal.get_encryption_settings()?; - let key = enc.get_key(&None).ok_or(VaultLocked)?; + let key = enc.get_key(&None)?; let send = send_view.encrypt_with_key(key)?; @@ -76,7 +76,7 @@ impl<'a> ClientSends<'a> { pub fn encrypt_buffer(&self, send: Send, buffer: &[u8]) -> Result, Error> { let enc = self.client.internal.get_encryption_settings()?; - let key = enc.get_key(&None).ok_or(VaultLocked)?; + let key = enc.get_key(&None)?; let key = Send::get_key(&send.key, key)?; let encrypted = buffer.encrypt_with_key(&key)?; diff --git a/crates/bitwarden-send/src/send.rs b/crates/bitwarden-send/src/send.rs index 707fbd530..3222ec1cf 100644 --- a/crates/bitwarden-send/src/send.rs +++ b/crates/bitwarden-send/src/send.rs @@ -375,8 +375,13 @@ mod tests { } } impl KeyContainer for MockKeyContainer { - fn get_key<'a>(&'a self, org_id: &Option) -> Option<&'a SymmetricCryptoKey> { - self.0.get(org_id) + fn get_key<'a>( + &'a self, + org_id: &Option, + ) -> Result<&'a SymmetricCryptoKey, CryptoError> { + self.0 + .get(org_id) + .ok_or(CryptoError::MissingKey(org_id.unwrap_or_default())) } } diff --git a/crates/bitwarden-sm/src/projects/create.rs b/crates/bitwarden-sm/src/projects/create.rs index 7f1d6c545..bb377e23c 100644 --- a/crates/bitwarden-sm/src/projects/create.rs +++ b/crates/bitwarden-sm/src/projects/create.rs @@ -1,5 +1,5 @@ use bitwarden_api_api::models::ProjectCreateRequestModel; -use bitwarden_core::{validate_only_whitespaces, Client, Error, VaultLocked}; +use bitwarden_core::{validate_only_whitespaces, Client, Error}; use bitwarden_crypto::KeyEncryptable; use schemars::JsonSchema; use serde::{Deserialize, Serialize}; @@ -24,9 +24,7 @@ pub(crate) async fn create_project( input.validate()?; let enc = client.internal.get_encryption_settings()?; - let key = enc - .get_key(&Some(input.organization_id)) - .ok_or(VaultLocked)?; + let key = enc.get_key(&Some(input.organization_id))?; let project = Some(ProjectCreateRequestModel { name: input.name.clone().trim().encrypt_with_key(key)?.to_string(), diff --git a/crates/bitwarden-sm/src/projects/project_response.rs b/crates/bitwarden-sm/src/projects/project_response.rs index b0ad1728f..a70a3fd78 100644 --- a/crates/bitwarden-sm/src/projects/project_response.rs +++ b/crates/bitwarden-sm/src/projects/project_response.rs @@ -1,6 +1,6 @@ use bitwarden_api_api::models::ProjectResponseModel; use bitwarden_core::{client::encryption_settings::EncryptionSettings, require, Error}; -use bitwarden_crypto::{CryptoError, EncString, KeyDecryptable}; +use bitwarden_crypto::{EncString, KeyDecryptable}; use chrono::{DateTime, Utc}; use schemars::JsonSchema; use serde::{Deserialize, Serialize}; @@ -22,9 +22,7 @@ impl ProjectResponse { enc: &EncryptionSettings, ) -> Result { let organization_id = require!(response.organization_id); - let enc_key = enc - .get_key(&Some(organization_id)) - .ok_or(CryptoError::MissingKey)?; + let enc_key = enc.get_key(&Some(organization_id))?; let name = require!(response.name) .parse::()? diff --git a/crates/bitwarden-sm/src/projects/update.rs b/crates/bitwarden-sm/src/projects/update.rs index 329e34a61..359b66945 100644 --- a/crates/bitwarden-sm/src/projects/update.rs +++ b/crates/bitwarden-sm/src/projects/update.rs @@ -1,5 +1,5 @@ use bitwarden_api_api::models::ProjectUpdateRequestModel; -use bitwarden_core::{validate_only_whitespaces, Client, Error, VaultLocked}; +use bitwarden_core::{validate_only_whitespaces, Client, Error}; use bitwarden_crypto::KeyEncryptable; use schemars::JsonSchema; use serde::{Deserialize, Serialize}; @@ -26,9 +26,7 @@ pub(crate) async fn update_project( input.validate()?; let enc = client.internal.get_encryption_settings()?; - let key = enc - .get_key(&Some(input.organization_id)) - .ok_or(VaultLocked)?; + let key = enc.get_key(&Some(input.organization_id))?; let project = Some(ProjectUpdateRequestModel { name: input.name.clone().trim().encrypt_with_key(key)?.to_string(), diff --git a/crates/bitwarden-sm/src/secrets/create.rs b/crates/bitwarden-sm/src/secrets/create.rs index bfece0e5a..dedd6c57f 100644 --- a/crates/bitwarden-sm/src/secrets/create.rs +++ b/crates/bitwarden-sm/src/secrets/create.rs @@ -1,5 +1,5 @@ use bitwarden_api_api::models::SecretCreateRequestModel; -use bitwarden_core::{validate_only_whitespaces, Client, Error, VaultLocked}; +use bitwarden_core::{validate_only_whitespaces, Client, Error}; use bitwarden_crypto::KeyEncryptable; use schemars::JsonSchema; use serde::{Deserialize, Serialize}; @@ -32,9 +32,7 @@ pub(crate) async fn create_secret( input.validate()?; let enc = client.internal.get_encryption_settings()?; - let key = enc - .get_key(&Some(input.organization_id)) - .ok_or(VaultLocked)?; + let key = enc.get_key(&Some(input.organization_id))?; let secret = Some(SecretCreateRequestModel { key: input.key.clone().trim().encrypt_with_key(key)?.to_string(), diff --git a/crates/bitwarden-sm/src/secrets/list.rs b/crates/bitwarden-sm/src/secrets/list.rs index 9de4b9a47..60a5c9727 100644 --- a/crates/bitwarden-sm/src/secrets/list.rs +++ b/crates/bitwarden-sm/src/secrets/list.rs @@ -5,7 +5,7 @@ use bitwarden_core::{ client::{encryption_settings::EncryptionSettings, Client}, require, Error, }; -use bitwarden_crypto::{CryptoError, EncString, KeyDecryptable}; +use bitwarden_crypto::{EncString, KeyDecryptable}; use schemars::JsonSchema; use serde::{Deserialize, Serialize}; use uuid::Uuid; @@ -93,9 +93,7 @@ impl SecretIdentifierResponse { enc: &EncryptionSettings, ) -> Result { let organization_id = require!(response.organization_id); - let enc_key = enc - .get_key(&Some(organization_id)) - .ok_or(CryptoError::MissingKey)?; + let enc_key = enc.get_key(&Some(organization_id))?; let key = require!(response.key) .parse::()? diff --git a/crates/bitwarden-sm/src/secrets/secret_response.rs b/crates/bitwarden-sm/src/secrets/secret_response.rs index 138279b11..e480ac3fc 100644 --- a/crates/bitwarden-sm/src/secrets/secret_response.rs +++ b/crates/bitwarden-sm/src/secrets/secret_response.rs @@ -2,7 +2,7 @@ use bitwarden_api_api::models::{ BaseSecretResponseModel, BaseSecretResponseModelListResponseModel, SecretResponseModel, }; use bitwarden_core::{client::encryption_settings::EncryptionSettings, require, Error}; -use bitwarden_crypto::{CryptoError, EncString, KeyDecryptable}; +use bitwarden_crypto::{EncString, KeyDecryptable}; use chrono::{DateTime, Utc}; use schemars::JsonSchema; use serde::{Deserialize, Serialize}; @@ -46,7 +46,7 @@ impl SecretResponse { enc: &EncryptionSettings, ) -> Result { let org_id = response.organization_id; - let enc_key = enc.get_key(&org_id).ok_or(CryptoError::MissingKey)?; + let enc_key = enc.get_key(&org_id)?; let key = require!(response.key) .parse::()? diff --git a/crates/bitwarden-sm/src/secrets/update.rs b/crates/bitwarden-sm/src/secrets/update.rs index ee3f78039..f2ab7dd12 100644 --- a/crates/bitwarden-sm/src/secrets/update.rs +++ b/crates/bitwarden-sm/src/secrets/update.rs @@ -1,5 +1,5 @@ use bitwarden_api_api::models::SecretUpdateRequestModel; -use bitwarden_core::{validate_only_whitespaces, Client, Error, VaultLocked}; +use bitwarden_core::{validate_only_whitespaces, Client, Error}; use bitwarden_crypto::KeyEncryptable; use schemars::JsonSchema; use serde::{Deserialize, Serialize}; @@ -31,9 +31,7 @@ pub(crate) async fn update_secret( input.validate()?; let enc = client.internal.get_encryption_settings()?; - let key = enc - .get_key(&Some(input.organization_id)) - .ok_or(VaultLocked)?; + let key = enc.get_key(&Some(input.organization_id))?; let secret = Some(SecretUpdateRequestModel { key: input.key.clone().trim().encrypt_with_key(key)?.to_string(), diff --git a/crates/bitwarden-vault/src/cipher/cipher.rs b/crates/bitwarden-vault/src/cipher/cipher.rs index c1e84638c..5d348bc3b 100644 --- a/crates/bitwarden-vault/src/cipher/cipher.rs +++ b/crates/bitwarden-vault/src/cipher/cipher.rs @@ -401,7 +401,7 @@ impl CipherView { &self, enc: &dyn KeyContainer, ) -> Result, CipherError> { - let key = self.locate_key(enc, &None).ok_or(VaultLocked)?; + let key = self.locate_key(enc, &None)?; let cipher_key = Cipher::get_cipher_key(key, &self.key)?; let key = cipher_key.as_ref().unwrap_or(key); @@ -435,9 +435,9 @@ impl CipherView { enc: &dyn KeyContainer, organization_id: Uuid, ) -> Result<(), CipherError> { - let old_key = enc.get_key(&self.organization_id).ok_or(VaultLocked)?; + let old_key = enc.get_key(&self.organization_id)?; - let new_key = enc.get_key(&Some(organization_id)).ok_or(VaultLocked)?; + let new_key = enc.get_key(&Some(organization_id))?; // If any attachment is missing a key we can't reencrypt the attachment keys if self.attachments.iter().flatten().any(|a| a.key.is_none()) { @@ -463,7 +463,7 @@ impl CipherView { enc: &dyn KeyContainer, creds: Vec, ) -> Result<(), CipherError> { - let key = enc.get_key(&self.organization_id).ok_or(VaultLocked)?; + let key = enc.get_key(&self.organization_id)?; let ciphers_key = Cipher::get_cipher_key(key, &self.key)?; let ciphers_key = ciphers_key.as_ref().unwrap_or(key); @@ -478,7 +478,7 @@ impl CipherView { &self, enc: &dyn KeyContainer, ) -> Result, CipherError> { - let key = enc.get_key(&self.organization_id).ok_or(VaultLocked)?; + let key = enc.get_key(&self.organization_id)?; let ciphers_key = Cipher::get_cipher_key(key, &self.key)?; let ciphers_key = ciphers_key.as_ref().unwrap_or(key); @@ -524,7 +524,7 @@ impl LocateKey for Cipher { &self, enc: &'a dyn KeyContainer, _: &Option, - ) -> Option<&'a SymmetricCryptoKey> { + ) -> Result<&'a SymmetricCryptoKey, CryptoError> { enc.get_key(&self.organization_id) } } @@ -533,7 +533,7 @@ impl LocateKey for CipherView { &self, enc: &'a dyn KeyContainer, _: &Option, - ) -> Option<&'a SymmetricCryptoKey> { + ) -> Result<&'a SymmetricCryptoKey, CryptoError> { enc.get_key(&self.organization_id) } } @@ -728,8 +728,13 @@ mod tests { struct MockKeyContainer(HashMap, SymmetricCryptoKey>); impl KeyContainer for MockKeyContainer { - fn get_key<'a>(&'a self, org_id: &Option) -> Option<&'a SymmetricCryptoKey> { - self.0.get(org_id) + fn get_key<'a>( + &'a self, + org_id: &Option, + ) -> Result<&'a SymmetricCryptoKey, CryptoError> { + self.0 + .get(org_id) + .ok_or(CryptoError::MissingKey(org_id.unwrap_or_default())) } } diff --git a/crates/bitwarden-vault/src/collection.rs b/crates/bitwarden-vault/src/collection.rs index f1b58cc28..5e0fcbdc5 100644 --- a/crates/bitwarden-vault/src/collection.rs +++ b/crates/bitwarden-vault/src/collection.rs @@ -42,7 +42,7 @@ impl LocateKey for Collection { &self, enc: &'a dyn KeyContainer, _: &Option, - ) -> Option<&'a SymmetricCryptoKey> { + ) -> Result<&'a SymmetricCryptoKey, CryptoError> { enc.get_key(&Some(self.organization_id)) } } diff --git a/crates/bitwarden-vault/src/mobile/client_attachments.rs b/crates/bitwarden-vault/src/mobile/client_attachments.rs index f382075ec..a98a7d1e7 100644 --- a/crates/bitwarden-vault/src/mobile/client_attachments.rs +++ b/crates/bitwarden-vault/src/mobile/client_attachments.rs @@ -1,6 +1,6 @@ use std::path::Path; -use bitwarden_core::{Client, Error, VaultLocked}; +use bitwarden_core::{Client, Error}; use bitwarden_crypto::{EncString, KeyDecryptable, KeyEncryptable, LocateKey}; use crate::{ @@ -20,7 +20,7 @@ impl<'a> ClientAttachments<'a> { buffer: &[u8], ) -> Result { let enc = self.client.internal.get_encryption_settings()?; - let key = cipher.locate_key(&enc, &None).ok_or(VaultLocked)?; + let key = cipher.locate_key(&enc, &None)?; Ok(AttachmentFileView { cipher, @@ -52,7 +52,7 @@ impl<'a> ClientAttachments<'a> { encrypted_buffer: &[u8], ) -> Result, Error> { let enc = self.client.internal.get_encryption_settings()?; - let key = cipher.locate_key(&enc, &None).ok_or(VaultLocked)?; + let key = cipher.locate_key(&enc, &None)?; AttachmentFile { cipher, diff --git a/crates/bitwarden-vault/src/mobile/client_ciphers.rs b/crates/bitwarden-vault/src/mobile/client_ciphers.rs index 864af8b94..345f04df1 100644 --- a/crates/bitwarden-vault/src/mobile/client_ciphers.rs +++ b/crates/bitwarden-vault/src/mobile/client_ciphers.rs @@ -1,5 +1,5 @@ -use bitwarden_core::{Client, Error, VaultLocked}; -use bitwarden_crypto::{CryptoError, KeyDecryptable, KeyEncryptable, LocateKey}; +use bitwarden_core::{Client, Error}; +use bitwarden_crypto::{KeyDecryptable, KeyEncryptable, LocateKey}; use uuid::Uuid; use crate::{Cipher, CipherError, CipherListView, CipherView, ClientVault}; @@ -21,11 +21,11 @@ impl<'a> ClientCiphers<'a> { .get_flags() .enable_cipher_key_encryption { - let key = cipher_view.locate_key(&enc, &None).ok_or(VaultLocked)?; + let key = cipher_view.locate_key(&enc, &None)?; cipher_view.generate_cipher_key(key)?; } - let key = cipher_view.locate_key(&enc, &None).ok_or(VaultLocked)?; + let key = cipher_view.locate_key(&enc, &None)?; let cipher = cipher_view.encrypt_with_key(key)?; Ok(cipher) @@ -33,9 +33,7 @@ impl<'a> ClientCiphers<'a> { pub fn decrypt(&self, cipher: Cipher) -> Result { let enc = self.client.internal.get_encryption_settings()?; - let key = cipher - .locate_key(&enc, &None) - .ok_or(CryptoError::MissingKey)?; + let key = cipher.locate_key(&enc, &None)?; let cipher_view = cipher.decrypt_with_key(key)?; @@ -48,7 +46,7 @@ impl<'a> ClientCiphers<'a> { let cipher_views: Result, _> = ciphers .iter() .map(|c| -> Result { - let key = c.locate_key(&enc, &None).ok_or(CryptoError::MissingKey)?; + let key = c.locate_key(&enc, &None)?; Ok(c.decrypt_with_key(key)?) }) .collect(); diff --git a/crates/bitwarden-vault/src/mobile/client_collection.rs b/crates/bitwarden-vault/src/mobile/client_collection.rs index 42cda4bc5..a3d6ee612 100644 --- a/crates/bitwarden-vault/src/mobile/client_collection.rs +++ b/crates/bitwarden-vault/src/mobile/client_collection.rs @@ -1,5 +1,5 @@ use bitwarden_core::{Client, Error}; -use bitwarden_crypto::{CryptoError, KeyDecryptable, LocateKey}; +use bitwarden_crypto::{KeyDecryptable, LocateKey}; use crate::{ClientVault, Collection, CollectionView}; @@ -10,9 +10,7 @@ pub struct ClientCollections<'a> { impl<'a> ClientCollections<'a> { pub fn decrypt(&self, collection: Collection) -> Result { let enc = self.client.internal.get_encryption_settings()?; - let key = collection - .locate_key(&enc, &None) - .ok_or(CryptoError::MissingKey)?; + let key = collection.locate_key(&enc, &None)?; let view = collection.decrypt_with_key(key)?; @@ -25,7 +23,7 @@ impl<'a> ClientCollections<'a> { let views: Result, _> = collections .iter() .map(|c| -> Result { - let key = c.locate_key(&enc, &None).ok_or(CryptoError::MissingKey)?; + let key = c.locate_key(&enc, &None)?; Ok(c.decrypt_with_key(key)?) }) .collect(); diff --git a/crates/bitwarden-vault/src/mobile/client_folders.rs b/crates/bitwarden-vault/src/mobile/client_folders.rs index 93d89c4d6..d8ebb76ed 100644 --- a/crates/bitwarden-vault/src/mobile/client_folders.rs +++ b/crates/bitwarden-vault/src/mobile/client_folders.rs @@ -1,5 +1,5 @@ use bitwarden_core::{Client, Error}; -use bitwarden_crypto::{CryptoError, KeyDecryptable, KeyEncryptable}; +use bitwarden_crypto::{KeyDecryptable, KeyEncryptable}; use crate::{ClientVault, Folder, FolderView}; @@ -10,7 +10,7 @@ pub struct ClientFolders<'a> { impl<'a> ClientFolders<'a> { pub fn encrypt(&self, folder_view: FolderView) -> Result { let enc = self.client.internal.get_encryption_settings()?; - let key = enc.get_key(&None).ok_or(CryptoError::MissingKey)?; + let key = enc.get_key(&None)?; let folder = folder_view.encrypt_with_key(key)?; @@ -19,7 +19,7 @@ impl<'a> ClientFolders<'a> { pub fn decrypt(&self, folder: Folder) -> Result { let enc = self.client.internal.get_encryption_settings()?; - let key = enc.get_key(&None).ok_or(CryptoError::MissingKey)?; + let key = enc.get_key(&None)?; let folder_view = folder.decrypt_with_key(key)?; @@ -28,7 +28,7 @@ impl<'a> ClientFolders<'a> { pub fn decrypt_list(&self, folders: Vec) -> Result, Error> { let enc = self.client.internal.get_encryption_settings()?; - let key = enc.get_key(&None).ok_or(CryptoError::MissingKey)?; + let key = enc.get_key(&None)?; let views = folders.decrypt_with_key(key)?; diff --git a/crates/bitwarden-vault/src/mobile/client_password_history.rs b/crates/bitwarden-vault/src/mobile/client_password_history.rs index 8af07a120..98d989dbd 100644 --- a/crates/bitwarden-vault/src/mobile/client_password_history.rs +++ b/crates/bitwarden-vault/src/mobile/client_password_history.rs @@ -1,5 +1,5 @@ use bitwarden_core::{Client, Error}; -use bitwarden_crypto::{CryptoError, KeyDecryptable, KeyEncryptable}; +use bitwarden_crypto::{KeyDecryptable, KeyEncryptable}; use crate::{ClientVault, PasswordHistory, PasswordHistoryView}; @@ -10,7 +10,7 @@ pub struct ClientPasswordHistory<'a> { impl<'a> ClientPasswordHistory<'a> { pub fn encrypt(&self, history_view: PasswordHistoryView) -> Result { let enc = self.client.internal.get_encryption_settings()?; - let key = enc.get_key(&None).ok_or(CryptoError::MissingKey)?; + let key = enc.get_key(&None)?; let history = history_view.encrypt_with_key(key)?; @@ -22,7 +22,7 @@ impl<'a> ClientPasswordHistory<'a> { history: Vec, ) -> Result, Error> { let enc = self.client.internal.get_encryption_settings()?; - let key = enc.get_key(&None).ok_or(CryptoError::MissingKey)?; + let key = enc.get_key(&None)?; let history_view = history.decrypt_with_key(key)?;