Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[PM-5791] Change decrypt to return Sensitive #536

Merged
merged 29 commits into from
Apr 25, 2024
Merged

[PM-5791] Change decrypt to return Sensitive #536

merged 29 commits into from
Apr 25, 2024

Conversation

Hinton
Copy link
Member

@Hinton Hinton commented Jan 25, 2024
edited
Loading

Type of change

- [ ] Bug fix
- [x] New feature development
- [ ] Tech debt (refactoring, code cleanup, dependency upgrades, etc)
- [ ] Build/deploy pipeline (DevOps)
- [ ] Other

Objective

Updates the decrypt methods to return a Sensitive value which implements zeroize and zeroize on drop to ensure the values are zeroed on drop within the rust ecosystem.

Before you submit

  • Please add unit tests where it makes sense to do so

@Hinton Hinton changed the title Introducing a Decrypted struct [PM-5791] Introducing a Decrypted struct Jan 25, 2024
@bitwarden-bot
Copy link

bitwarden-bot commented Jan 25, 2024
edited by github-actions bot
Loading

Logo
Checkmarx One – Scan Summary & Details579923c4-0baf-4a17-8736-6834ae7f3c3a

No New Or Fixed Issues Found

Hinton
Hinton commented Jan 25, 2024
View reviewed changes
crates/bitwarden-crypto/src/decrypted.rs Outdated
KeyEncryptable<Key, Output> for Decrypted<T>
{
fn encrypt_with_key(self, key: &Key) -> Result<Output, CryptoError> {
self.value.clone().encrypt_with_key(key)
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Todo: need to validate what happens with the string after encrypting it. If we consume it we should zero it.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, we should probably add the zeroize in the KeyEncryptable implementation of the EncStrings, which is where the String is consumed finally.

Also, we could avoid the extra clone here by doing

std::mem::take(&mut self.value).encrypt_with_key(key)

It would mean adding a Default bound to the impl, though

Hinton added 2 commits January 26, 2024 10:35
@Hinton
Use boxed value and fix tests
18cf0d6
@Hinton
Merge branch 'main' of github.com:bitwarden/sdk into ps/zeroize-decry…
3d247ad 
…pted

# Conflicts:
#	Cargo.lock
#	crates/bitwarden-crypto/Cargo.toml
#	crates/bitwarden-crypto/src/enc_string/symmetric.rs
#	crates/bitwarden-crypto/src/keys/device_key.rs
#	crates/bitwarden-crypto/src/keys/master_key.rs
#	crates/bitwarden/src/auth/login/access_token.rs
#	crates/bitwarden/src/client/encryption_settings.rs
#	crates/bitwarden/src/vault/cipher/attachment.rs
#	crates/bitwarden/src/vault/cipher/cipher.rs
@Hinton Hinton requested a review from dani-garcia January 26, 2024 10:21
@codecov Codecov
Copy link

codecov bot commented Jan 26, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 92.13052% with 41 lines in your changes are missing coverage. Please review.

Project coverage is 61.72%. Comparing base (dc4ad16) to head (7baa6f1).
Report is 5 commits behind head on main.

Files Patch % Lines
crates/bitwarden/src/vault/cipher/cipher.rs 83.33% 27 Missing ⚠️
crates/bitwarden/src/auth/tde.rs 0.00% 3 Missing ⚠️
crates/bitwarden/src/secrets_manager/state.rs 0.00% 3 Missing ⚠️
crates/bitwarden/src/client/encryption_settings.rs 50.00% 2 Missing ⚠️
crates/bitwarden/src/mobile/vault/client_sends.rs 0.00% 2 Missing ⚠️
...n/src/secrets_manager/projects/project_response.rs 0.00% 2 Missing ⚠️
...s/bitwarden/src/mobile/vault/client_attachments.rs 0.00% 1 Missing ⚠️
crates/bitwarden/src/vault/send.rs 95.65% 1 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #536      +/-   ##
==========================================
+ Coverage   60.90%   61.72%   +0.82%     
==========================================
  Files         173      173              
  Lines       10694    10905     +211     
==========================================
+ Hits         6513     6731     +218     
+ Misses       4181     4174       -7

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

dani-garcia
dani-garcia reviewed Jan 26, 2024
View reviewed changes
Copy link
Member

@dani-garcia dani-garcia left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks pretty good to me, just some small comments

crates/bitwarden-crypto/Cargo.toml Outdated Show resolved Hide resolved
crates/bitwarden-crypto/src/decrypted.rs Outdated Show resolved Hide resolved
crates/bitwarden-crypto/src/decrypted.rs Outdated Show resolved Hide resolved
crates/bitwarden-crypto/src/decrypted.rs Outdated Show resolved Hide resolved
crates/bitwarden-crypto/src/decrypted.rs Outdated
KeyEncryptable<Key, Output> for Decrypted<T>
{
fn encrypt_with_key(self, key: &Key) -> Result<Output, CryptoError> {
self.value.clone().encrypt_with_key(key)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, we should probably add the zeroize in the KeyEncryptable implementation of the EncStrings, which is where the String is consumed finally.

Also, we could avoid the extra clone here by doing

std::mem::take(&mut self.value).encrypt_with_key(key)

It would mean adding a Default bound to the impl, though

crates/bitwarden/src/vault/send.rs Outdated Show resolved Hide resolved
@Hinton Hinton changed the title [PM-5791] Introducing a Decrypted struct [PM-5791] Introducing a Sensitive type Jan 29, 2024
Hinton and others added 3 commits January 29, 2024 14:11
@Hinton
Format
d7eedaa
@dani-garcia
Merge branch 'main' into ps/zeroize-decrypted
cb5f43a 
# Conflicts:
#	crates/bitwarden-crypto/src/enc_string/symmetric.rs
#	crates/bitwarden-crypto/src/keys/device_key.rs
#	crates/bitwarden-crypto/src/keys/master_key.rs
#	crates/bitwarden/src/auth/auth_request.rs
#	crates/bitwarden/src/vault/cipher/field.rs
#	crates/bitwarden/src/vault/folder.rs
@dani-garcia
Update exporters to use Sensitive
ba14e8c
@dani-garcia dani-garcia mentioned this pull request Mar 20, 2024
Merged
dani-garcia added a commit that referenced this pull request Apr 1, 2024
@dani-garcia
Add sensitive types to SymmetricCryptoKey (#672)
538b9f2 
## Type of change
```
- [ ] Bug fix
- [ ] New feature development
- [x] Tech debt (refactoring, code cleanup, dependency upgrades, etc)
- [ ] Build/deploy pipeline (DevOps)
- [ ] Other
```

## Objective
This is a small subset of #536, which only contains the minimum code to
protect the import/export functions on SymmetricCryptoKey. It also
enables the from_base64 test on SymmetricCryptoKey as that passes now.

After this PR is merged I'll be expanding the use of Sensitive to other
parts of the codebase while adding some extra memory testing checks to
validate that it works for them.
Hinton added 3 commits April 22, 2024 15:12
@Hinton
Merge branch 'main' of github.com:bitwarden/sdk into ps/zeroize-decry…
621cf72 
…pted

# Conflicts:
#	crates/bitwarden-crypto/src/enc_string/symmetric.rs
#	crates/bitwarden-crypto/src/keys/device_key.rs
#	crates/bitwarden-crypto/src/keys/master_key.rs
#	crates/bitwarden-crypto/src/sensitive/sensitive.rs
#	crates/bitwarden/src/auth/login/access_token.rs
#	crates/bitwarden/src/mobile/crypto.rs
#	crates/bitwarden/src/secrets_manager/projects/project_response.rs
#	crates/bitwarden/src/secrets_manager/secrets/list.rs
#	crates/bitwarden/src/secrets_manager/secrets/secret_response.rs
#	crates/bitwarden/src/secrets_manager/state.rs
#	crates/bitwarden/src/uniffi_support.rs
#	crates/bitwarden/src/vault/cipher/attachment.rs
#	crates/bitwarden/src/vault/cipher/cipher.rs
#	crates/bitwarden/src/vault/send.rs
@Hinton
Use ::test in tests
b87bd95
@Hinton
Mark send key as sensitive
37b18ad
@Hinton
Merge branch 'main' of github.com:bitwarden/sdk into ps/zeroize-decry…
b2c3ff3 
…pted

# Conflicts:
#	crates/bitwarden/src/vault/send.rs
@Hinton Hinton changed the title [PM-5791] Introducing a Sensitive type [PM-5791] Change decrypt to return Sensitive Apr 22, 2024
Hinton
Hinton commented Apr 22, 2024
View reviewed changes
Copy link
Member Author

@Hinton Hinton left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reminders for myself.

crates/bitwarden/src/vault/send.rs Show resolved Hide resolved
crates/bitwarden/src/vault/send.rs Outdated Show resolved Hide resolved
crates/bitwarden/src/vault/cipher/login.rs Outdated Show resolved Hide resolved
crates/bitwarden/src/auth/auth_request.rs Show resolved Hide resolved
crates/bitwarden/src/auth/login/access_token.rs Outdated Show resolved Hide resolved
crates/bitwarden/src/mobile/vault/client_sends.rs Show resolved Hide resolved
crates/bitwarden/src/vault/cipher/cipher.rs Outdated Show resolved Hide resolved
@Hinton
Copy link
Member Author

Hinton commented Apr 23, 2024

I think the remaining tasks are large enough to be separate tasks. @dani-garcia let me know if you disagree. I'll write up tickets for them.

@Hinton Hinton marked this pull request as ready for review April 23, 2024 16:43
@Hinton Hinton requested a review from dani-garcia April 23, 2024 16:43
dani-garcia
dani-garcia reviewed Apr 24, 2024
View reviewed changes
Copy link
Member

@dani-garcia dani-garcia left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Mostly LGTM, just a couple of comments.

Let's go ahead and open tickets for the other unresolved tasks, plus the SensitiveString improvements we've mentioned.

crates/bitwarden-crypto/src/sensitive/sensitive.rs Show resolved Hide resolved
crates/bitwarden/src/auth/tde.rs Outdated Show resolved Hide resolved
crates/bitwarden/src/uniffi_support.rs Outdated Show resolved Hide resolved
@Hinton Hinton merged commit 51db07e into main Apr 25, 2024
77 checks passed
@Hinton Hinton deleted the ps/zeroize-decrypted branch April 25, 2024 09:20
Hinton added a commit that referenced this pull request May 17, 2024
@Hinton
Revert "[PM-5791] Change decrypt to return Sensitive (#536)"
7eea301
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dani-garcia dani-garcia dani-garcia approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Hinton @bitwarden-bot @dani-garcia