Merge branch 'main' into sm/SM-1130/host-a-generic-install-script

bitwarden · Jun 11, 2024 · c0e67ba · c0e67ba
2 parents 4aa9bc2 + 3f56e58
commit c0e67ba
Show file tree

Hide file tree

Showing 80 changed files with 1,455 additions and 677 deletions.
diff --git a/.github/workflows/publish-rust-crates.yml b/.github/workflows/publish-rust-crates.yml
@@ -29,6 +29,11 @@ on:
         required: true
         default: true
         type: boolean
+      publish_bitwarden-core:
+        description: "Publish bitwarden-core crate"
+        required: true
+        default: true
+        type: boolean
       publish_bitwarden-crypto:
         description: "Publish bitwarden-crypto crate"
         required: true
@@ -49,6 +54,11 @@ on:
         required: true
         default: true
         type: boolean
+      publish_bitwarden-vault:
+        description: "Publish bitwarden-valt crate"
+        required: true
+        default: true
+        type: boolean
 
 defaults:
   run:
@@ -81,10 +91,12 @@ jobs:
           PUBLISH_BITWARDEN: ${{ github.event.inputs.publish_bitwarden }}
           PUBLISH_BITWARDEN_API_API: ${{ github.event.inputs.publish_bitwarden-api-api }}
           PUBLISH_BITWARDEN_API_IDENTITY: ${{ github.event.inputs.publish_bitwarden-api-identity }}
+          PUBLISH_BITWARDEN_CORE: ${{ github.event.inputs.publish_bitwarden-core }}
           PUBLISH_BITWARDEN_CRYPTO: ${{ github.event.inputs.publish_bitwarden-crypto }}
           PUBLISH_BITWARDEN_CLI: ${{ github.event.inputs.publish_bitwarden-cli }}
           PUBLISH_BITWARDEN_GENERATORS: ${{ github.event.inputs.publish_bitwarden-generators }}
           PUBLISH_BITWARDEN_EXPORTERS: ${{ github.event.inputs.publish_bitwarden-exporters }}
+          PUBLISH_BITWARDEN_VAULT: ${{ github.event.inputs.publish_bitwarden-vault }}
         run: |
           if [[ "$PUBLISH_BITWARDEN" == "false" ]] && [[ "$PUBLISH_BITWARDEN_API_API" == "false" ]] && [[ "$PUBLISH_BITWARDEN_API_IDENTITY" == "false" ]]; then
             echo "==================================="
@@ -111,6 +123,11 @@ jobs:
             PACKAGES_LIST="$PACKAGES_LIST bitwarden-api-identity"
           fi
 
+          if [[ "$PUBLISH_BITWARDEN_CORE" == "true" ]]; then
+            PACKAGES_COMMAND="$PACKAGES_COMMAND -p bitwarden-core"
+            PACKAGES_LIST="$PACKAGES_LIST bitwarden-core"
+          fi
+
           if [[ "$PUBLISH_BITWARDEN_CRYPTO" == "true" ]]; then
             PACKAGES_COMMAND="$PACKAGES_COMMAND -p bitwarden-crypto"
             PACKAGES_LIST="$PACKAGES_LIST bitwarden-crypto"
@@ -131,6 +148,11 @@ jobs:
             PACKAGES_LIST="$PACKAGES_LIST bitwarden-exporters"
           fi
 
+          if [[ "$PUBLISH_BITWARDEN_VAULT" == "true" ]]; then
+            PACKAGES_COMMAND="$PACKAGES_COMMAND -p bitwarden-vault"
+            PACKAGES_LIST="$PACKAGES_LIST bitwarden-vault"
+          fi
+
           echo "Packages command: " $PACKAGES_COMMAND
           echo "Packages list: " $PACKAGES_LIST
 

diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -21,9 +21,11 @@ bitwarden = { path = "crates/bitwarden", version = "=0.5.0" }
 bitwarden-api-api = { path = "crates/bitwarden-api-api", version = "=0.5.0" }
 bitwarden-api-identity = { path = "crates/bitwarden-api-identity", version = "=0.5.0" }
 bitwarden-cli = { path = "crates/bitwarden-cli", version = "=0.5.0" }
+bitwarden-core = { path = "crates/bitwarden-core", version = "=0.5.0" }
 bitwarden-crypto = { path = "crates/bitwarden-crypto", version = "=0.5.0" }
 bitwarden-exporters = { path = "crates/bitwarden-exporters", version = "=0.5.0" }
 bitwarden-generators = { path = "crates/bitwarden-generators", version = "=0.5.0" }
+bitwarden-vault = { path = "crates/bitwarden-vault", version = "=0.5.0" }
 
 [workspace.lints.clippy]
 unwrap_used = "deny"

diff --git a/crates/bitwarden-core/Cargo.toml b/crates/bitwarden-core/Cargo.toml
@@ -0,0 +1,26 @@
+[package]
+name = "bitwarden-core"
+description = """
+Internal crate for the bitwarden crate. Do not use.
+"""
+
+version.workspace = true
+authors.workspace = true
+edition.workspace = true
+rust-version.workspace = true
+homepage.workspace = true
+repository.workspace = true
+license-file.workspace = true
+keywords.workspace = true
+
+[features]
+uniffi = ["dep:uniffi"]
+
+[dependencies]
+chrono = { version = ">=0.4.26, <0.5", default-features = false }
+uniffi = { version = "=0.27.2", optional = true }
+uuid = { version = ">=1.3.3, <2.0", features = ["serde"] }
+thiserror = ">=1.0.40, <2.0"
+
+[lints]
+workspace = true
diff --git a/crates/bitwarden-core/src/error.rs b/crates/bitwarden-core/src/error.rs
@@ -0,0 +1,23 @@
+use thiserror::Error;
+
+#[derive(Debug, Error)]
+#[error("The response received was missing a required field: {0}")]
+pub struct MissingFieldError(pub &'static str);
+
+#[derive(Debug, Error)]
+#[error("The client vault is locked and needs to be unlocked before use")]
+pub struct VaultLocked;
+
+/// This macro is used to require that a value is present or return an error otherwise.
+/// It is equivalent to using `val.ok_or(Error::MissingFields)?`, but easier to use and
+/// with a more descriptive error message.
+/// Note that this macro will return early from the function if the value is not present.
+#[macro_export]
+macro_rules! require {
+    ($val:expr) => {
+        match $val {
+            Some(val) => val,
+            None => return Err($crate::MissingFieldError(stringify!($val)).into()),
+        }
+    };
+}
diff --git a/crates/bitwarden-core/src/lib.rs b/crates/bitwarden-core/src/lib.rs
@@ -0,0 +1,7 @@
+#[cfg(feature = "uniffi")]
+uniffi::setup_scaffolding!();
+#[cfg(feature = "uniffi")]
+mod uniffi_support;
+
+mod error;
+pub use error::{MissingFieldError, VaultLocked};
diff --git a/crates/bitwarden-core/src/uniffi_support.rs b/crates/bitwarden-core/src/uniffi_support.rs
@@ -0,0 +1,41 @@
+use uuid::Uuid;
+
+use crate::UniffiCustomTypeConverter;
+
+type DateTime = chrono::DateTime<chrono::Utc>;
+uniffi::custom_type!(DateTime, std::time::SystemTime);
+
+impl UniffiCustomTypeConverter for chrono::DateTime<chrono::Utc> {
+    type Builtin = std::time::SystemTime;
+
+    fn into_custom(val: Self::Builtin) -> uniffi::Result<Self> {
+        Ok(Self::from(val))
+    }
+
+    fn from_custom(obj: Self) -> Self::Builtin {
+        obj.into()
+    }
+}
+
+uniffi::custom_type!(Uuid, String);
+
+impl UniffiCustomTypeConverter for Uuid {
+    type Builtin = String;
+
+    fn into_custom(val: Self::Builtin) -> uniffi::Result<Self> {
+        Uuid::parse_str(val.as_str()).map_err(|e| e.into())
+    }
+
+    fn from_custom(obj: Self) -> Self::Builtin {
+        obj.to_string()
+    }
+}
+
+// Uniffi doesn't emit unused types, this is a dummy record to ensure that the custom type
+// converters are emitted
+#[allow(dead_code)]
+#[derive(uniffi::Record)]
+struct UniffiConverterDummyRecord {
+    uuid: Uuid,
+    date: DateTime,
+}
diff --git a/crates/bitwarden-core/uniffi.toml b/crates/bitwarden-core/uniffi.toml
@@ -0,0 +1,9 @@
+[bindings.kotlin]
+package_name = "com.bitwarden.core"
+generate_immutable_records = true
+android = true
+
+[bindings.swift]
+ffi_module_name = "BitwardenCoreFFI"
+module_name = "BitwardenCore"
+generate_immutable_records = true
diff --git a/crates/bitwarden-crypto/Cargo.toml b/crates/bitwarden-crypto/Cargo.toml
@@ -18,7 +18,6 @@ default = []
 
 uniffi = ["dep:uniffi"]  # Uniffi bindings
 no-memory-hardening = [] # Disable memory hardening features
-test = []                # Test methods
 
 [dependencies]
 aes = { version = ">=0.8.2, <0.9", features = ["zeroize"] }

diff --git a/crates/bitwarden-crypto/src/keys/utils.rs b/crates/bitwarden-crypto/src/keys/utils.rs
@@ -32,6 +32,15 @@ pub(super) fn derive_kdf_key(secret: &[u8], salt: &[u8], kdf: &Kdf) -> Result<Sy
 
             let mut hash = [0u8; 32];
             argon.hash_password_into(secret, &salt_sha, &mut hash)?;
+
+            // Argon2 is using some stack memory that is not zeroed. Eventually some function will
+            // overwrite the stack, but we use this trick to force the used stack to be zeroed.
+            #[inline(never)]
+            fn clear_stack() {
+                std::hint::black_box([0u8; 4096]);
+            }
+            clear_stack();
+
             hash
         }
     };

diff --git a/crates/bitwarden-exporters/Cargo.toml b/crates/bitwarden-exporters/Cargo.toml
@@ -16,7 +16,9 @@ keywords.workspace = true
 
 [dependencies]
 base64 = ">=0.21.2, <0.23"
+bitwarden-core = { workspace = true }
 bitwarden-crypto = { workspace = true }
+bitwarden-vault = { workspace = true }
 chrono = { version = ">=0.4.26, <0.5", features = [
     "clock",
     "serde",
@@ -28,8 +30,5 @@ serde_json = ">=1.0.96, <2.0"
 thiserror = ">=1.0.40, <2.0"
 uuid = { version = ">=1.3.3, <2.0", features = ["serde", "v4"] }
 
-[dev-dependencies]
-bitwarden-crypto = { workspace = true, features = ["test"] }
-
 [lints]
 workspace = true
diff --git a/crates/bitwarden-exporters/src/lib.rs b/crates/bitwarden-exporters/src/lib.rs
@@ -10,8 +10,8 @@ use crate::csv::export_csv;
 mod json;
 use json::export_json;
 mod encrypted_json;
-
 use encrypted_json::export_encrypted_json;
+mod models;
 
 pub enum Format {
     Csv,