Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[PM-7066] Make init_crypto take MasterKey #724

Merged
merged 2 commits into from
Apr 22, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 14 additions & 16 deletions crates/bitwarden/src/auth/auth_request.rs
Original file line number Diff line number Diff line change
Expand Up @@ -125,26 +125,25 @@ mod tests {
use bitwarden_crypto::Kdf;

use super::*;
use crate::{
client::{LoginMethod, UserLoginMethod},
mobile::crypto::{AuthRequestMethod, InitUserCryptoMethod, InitUserCryptoRequest},
};
use crate::mobile::crypto::{AuthRequestMethod, InitUserCryptoMethod, InitUserCryptoRequest};

#[test]
fn test_approve() {
let mut client = Client::new(None);
client.set_login_method(LoginMethod::User(UserLoginMethod::Username {
client_id: "7b821276-e27c-400b-9853-606393c87f18".to_owned(),
email: "[email protected]".to_owned(),
kdf: Kdf::PBKDF2 {

let master_key = bitwarden_crypto::MasterKey::derive(
"asdfasdfasdf".as_bytes(),
"[email protected]".as_bytes(),
&Kdf::PBKDF2 {
iterations: NonZeroU32::new(600_000).unwrap(),
},
}));
)
.unwrap();

let user_key = "2.Q/2PhzcC7GdeiMHhWguYAQ==|GpqzVdr0go0ug5cZh1n+uixeBC3oC90CIe0hd/HWA/pTRDZ8ane4fmsEIcuc8eMKUt55Y2q/fbNzsYu41YTZzzsJUSeqVjT8/iTQtgnNdpo=|dwI+uyvZ1h/iZ03VQ+/wrGEFYVewBUUl/syYgjsNMbE=".parse().unwrap();
let private_key ="2.yN7l00BOlUE0Sb0M//Q53w==|EwKG/BduQRQ33Izqc/ogoBROIoI5dmgrxSo82sgzgAMIBt3A2FZ9vPRMY+GWT85JiqytDitGR3TqwnFUBhKUpRRAq4x7rA6A1arHrFp5Tp1p21O3SfjtvB3quiOKbqWk6ZaU1Np9HwqwAecddFcB0YyBEiRX3VwF2pgpAdiPbSMuvo2qIgyob0CUoC/h4Bz1be7Qa7B0Xw9/fMKkB1LpOm925lzqosyMQM62YpMGkjMsbZz0uPopu32fxzDWSPr+kekNNyLt9InGhTpxLmq1go/pXR2uw5dfpXc5yuta7DB0EGBwnQ8Vl5HPdDooqOTD9I1jE0mRyuBpWTTI3FRnu3JUh3rIyGBJhUmHqGZvw2CKdqHCIrQeQkkEYqOeJRJVdBjhv5KGJifqT3BFRwX/YFJIChAQpebNQKXe/0kPivWokHWwXlDB7S7mBZzhaAPidZvnuIhalE2qmTypDwHy22FyqV58T8MGGMchcASDi/QXI6kcdpJzPXSeU9o+NC68QDlOIrMVxKFeE7w7PvVmAaxEo0YwmuAzzKy9QpdlK0aab/xEi8V4iXj4hGepqAvHkXIQd+r3FNeiLfllkb61p6WTjr5urcmDQMR94/wYoilpG5OlybHdbhsYHvIzYoLrC7fzl630gcO6t4nM24vdB6Ymg9BVpEgKRAxSbE62Tqacxqnz9AcmgItb48NiR/He3n3ydGjPYuKk/ihZMgEwAEZvSlNxYONSbYrIGDtOY+8Nbt6KiH3l06wjZW8tcmFeVlWv+tWotnTY9IqlAfvNVTjtsobqtQnvsiDjdEVtNy/s2ci5TH+NdZluca2OVEr91Wayxh70kpM6ib4UGbfdmGgCo74gtKvKSJU0rTHakQ5L9JlaSDD5FamBRyI0qfL43Ad9qOUZ8DaffDCyuaVyuqk7cz9HwmEmvWU3VQ+5t06n/5kRDXttcw8w+3qClEEdGo1KeENcnXCB32dQe3tDTFpuAIMLqwXs6FhpawfZ5kPYvLPczGWaqftIs/RXJ/EltGc0ugw2dmTLpoQhCqrcKEBDoYVk0LDZKsnzitOGdi9mOWse7Se8798ib1UsHFUjGzISEt6upestxOeupSTOh0v4+AjXbDzRUyogHww3V+Bqg71bkcMxtB+WM+pn1XNbVTyl9NR040nhP7KEf6e9ruXAtmrBC2ah5cFEpLIot77VFZ9ilLuitSz+7T8n1yAh1IEG6xxXxninAZIzi2qGbH69O5RSpOJuJTv17zTLJQIIc781JwQ2TTwTGnx5wZLbffhCasowJKd2EVcyMJyhz6ru0PvXWJ4hUdkARJs3Xu8dus9a86N8Xk6aAPzBDqzYb1vyFIfBxP0oO8xFHgd30Cgmz8UrSE3qeWRrF8ftrI6xQnFjHBGWD/JWSvd6YMcQED0aVuQkuNW9ST/DzQThPzRfPUoiL10yAmV7Ytu4fR3x2sF0Yfi87YhHFuCMpV/DsqxmUizyiJuD938eRcH8hzR/VO53Qo3UIsqOLcyXtTv6THjSlTopQ+JOLOnHm1w8dzYbLN44OG44rRsbihMUQp+wUZ6bsI8rrOnm9WErzkbQFbrfAINdoCiNa6cimYIjvvnMTaFWNymqY1vZxGztQiMiHiHYwTfwHTXrb9j0uPM=|09J28iXv9oWzYtzK2LBT6Yht4IT4MijEkk0fwFdrVQ4=".parse().unwrap();
client
.initialize_user_crypto("asdfasdfasdf", user_key, private_key)
.initialize_user_crypto_master_key(master_key, user_key, private_key)
.unwrap();

let public_key = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvyLRDUwXB4BfQ507D4meFPmwn5zwy3IqTPJO4plrrhnclWahXa240BzyFW9gHgYu+Jrgms5xBfRTBMcEsqqNm7+JpB6C1B6yvnik0DpJgWQw1rwvy4SUYidpR/AWbQi47n/hvnmzI/sQxGddVfvWu1iTKOlf5blbKYAXnUE5DZBGnrWfacNXwRRdtP06tFB0LwDgw+91CeLSJ9py6dm1qX5JIxoO8StJOQl65goLCdrTWlox+0Jh4xFUfCkb+s3px+OhSCzJbvG/hlrSRcUz5GnwlCEyF3v5lfUtV96MJD+78d8pmH6CfFAp2wxKRAbGdk+JccJYO6y6oIXd3Fm7twIDAQAB";
Expand Down Expand Up @@ -206,14 +205,13 @@ mod tests {

// Initialize an existing client which is unlocked
let mut existing_device = Client::new(None);
existing_device.set_login_method(LoginMethod::User(UserLoginMethod::Username {
client_id: "123".to_owned(),
email: email.to_owned(),
kdf: kdf.clone(),
}));

let master_key =
bitwarden_crypto::MasterKey::derive("asdfasdfasdf".as_bytes(), email.as_bytes(), &kdf)
.unwrap();

existing_device
.initialize_user_crypto("asdfasdfasdf", user_key, private_key.parse().unwrap())
.initialize_user_crypto_master_key(master_key, user_key, private_key.parse().unwrap())
.unwrap();

// Initialize a new device which will request to be logged in
Expand Down
7 changes: 5 additions & 2 deletions crates/bitwarden/src/auth/login/api_key.rs
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
use bitwarden_crypto::EncString;
use bitwarden_crypto::{EncString, MasterKey};
use schemars::JsonSchema;
use serde::{Deserialize, Serialize};

Expand Down Expand Up @@ -37,6 +37,9 @@
r.refresh_token.clone(),
r.expires_in,
);

let master_key = MasterKey::derive(input.password.as_bytes(), email.as_bytes(), &kdf)?;

Check warning on line 41 in crates/bitwarden/src/auth/login/api_key.rs

View check run for this annotation

Codecov / codecov/patch

crates/bitwarden/src/auth/login/api_key.rs#L41

Added line #L41 was not covered by tests

client.set_login_method(LoginMethod::User(UserLoginMethod::ApiKey {
client_id: input.client_id.to_owned(),
client_secret: input.client_secret.to_owned(),
Expand All @@ -47,7 +50,7 @@
let user_key: EncString = require!(r.key.as_deref()).parse()?;
let private_key: EncString = require!(r.private_key.as_deref()).parse()?;

client.initialize_user_crypto(&input.password, user_key, private_key)?;
client.initialize_user_crypto_master_key(master_key, user_key, private_key)?;

Check warning on line 53 in crates/bitwarden/src/auth/login/api_key.rs

View check run for this annotation

Codecov / codecov/patch

crates/bitwarden/src/auth/login/api_key.rs#L53

Added line #L53 was not covered by tests
}

ApiKeyLoginResponse::process_response(response)
Expand Down
19 changes: 10 additions & 9 deletions crates/bitwarden/src/auth/login/password.rs
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
#[cfg(feature = "internal")]
use log::{debug, info};
use log::info;
use schemars::JsonSchema;
use serde::{Deserialize, Serialize};

Expand All @@ -22,19 +22,20 @@
client: &mut Client,
input: &PasswordLoginRequest,
) -> Result<PasswordLoginResponse> {
use bitwarden_crypto::{EncString, HashPurpose};
use bitwarden_crypto::{EncString, HashPurpose, MasterKey};

Check warning on line 25 in crates/bitwarden/src/auth/login/password.rs

View check run for this annotation

Codecov / codecov/patch

crates/bitwarden/src/auth/login/password.rs#L25

Added line #L25 was not covered by tests

use crate::{auth::determine_password_hash, client::UserLoginMethod, error::require};
use crate::{client::UserLoginMethod, error::require};

Check warning on line 27 in crates/bitwarden/src/auth/login/password.rs

View check run for this annotation

Codecov / codecov/patch

crates/bitwarden/src/auth/login/password.rs#L27

Added line #L27 was not covered by tests

info!("password logging in");
debug!("{:#?}, {:#?}", client, input);

let password_hash = determine_password_hash(
&input.email,
let master_key = MasterKey::derive(
input.password.as_bytes(),
input.email.as_bytes(),

Check warning on line 33 in crates/bitwarden/src/auth/login/password.rs

View check run for this annotation

Codecov / codecov/patch

crates/bitwarden/src/auth/login/password.rs#L31-L33

Added lines #L31 - L33 were not covered by tests
&input.kdf,
&input.password,
HashPurpose::ServerAuthorization,
)?;
let password_hash = master_key
.derive_master_key_hash(input.password.as_bytes(), HashPurpose::ServerAuthorization)?;

Check warning on line 37 in crates/bitwarden/src/auth/login/password.rs

View check run for this annotation

Codecov / codecov/patch

crates/bitwarden/src/auth/login/password.rs#L36-L37

Added lines #L36 - L37 were not covered by tests

let response = request_identity_tokens(client, input, &password_hash).await?;

if let IdentityTokenResponse::Authenticated(r) = &response {
Expand All @@ -52,7 +53,7 @@
let user_key: EncString = require!(r.key.as_deref()).parse()?;
let private_key: EncString = require!(r.private_key.as_deref()).parse()?;

client.initialize_user_crypto(&input.password, user_key, private_key)?;
client.initialize_user_crypto_master_key(master_key, user_key, private_key)?;

Check warning on line 56 in crates/bitwarden/src/auth/login/password.rs

View check run for this annotation

Codecov / codecov/patch

crates/bitwarden/src/auth/login/password.rs#L56

Added line #L56 was not covered by tests
}

PasswordLoginResponse::process_response(response)
Expand Down
38 changes: 28 additions & 10 deletions crates/bitwarden/src/auth/password/validate.rs
Original file line number Diff line number Diff line change
Expand Up @@ -111,19 +111,28 @@ mod tests {
use crate::client::{Client, Kdf, LoginMethod, UserLoginMethod};

let mut client = Client::new(None);

let password = "asdfasdfasdf";
let email = "[email protected]";
let kdf = Kdf::PBKDF2 {
iterations: NonZeroU32::new(600_000).unwrap(),
};

client.set_login_method(LoginMethod::User(UserLoginMethod::Username {
email: "[email protected]".to_string(),
kdf: Kdf::PBKDF2 {
iterations: NonZeroU32::new(600_000).unwrap(),
},
email: email.to_string(),
kdf: kdf.clone(),
client_id: "1".to_string(),
}));

let master_key =
bitwarden_crypto::MasterKey::derive(password.as_bytes(), email.as_bytes(), &kdf)
.unwrap();

let user_key = "2.Q/2PhzcC7GdeiMHhWguYAQ==|GpqzVdr0go0ug5cZh1n+uixeBC3oC90CIe0hd/HWA/pTRDZ8ane4fmsEIcuc8eMKUt55Y2q/fbNzsYu41YTZzzsJUSeqVjT8/iTQtgnNdpo=|dwI+uyvZ1h/iZ03VQ+/wrGEFYVewBUUl/syYgjsNMbE=";
let private_key = "2.yN7l00BOlUE0Sb0M//Q53w==|EwKG/BduQRQ33Izqc/ogoBROIoI5dmgrxSo82sgzgAMIBt3A2FZ9vPRMY+GWT85JiqytDitGR3TqwnFUBhKUpRRAq4x7rA6A1arHrFp5Tp1p21O3SfjtvB3quiOKbqWk6ZaU1Np9HwqwAecddFcB0YyBEiRX3VwF2pgpAdiPbSMuvo2qIgyob0CUoC/h4Bz1be7Qa7B0Xw9/fMKkB1LpOm925lzqosyMQM62YpMGkjMsbZz0uPopu32fxzDWSPr+kekNNyLt9InGhTpxLmq1go/pXR2uw5dfpXc5yuta7DB0EGBwnQ8Vl5HPdDooqOTD9I1jE0mRyuBpWTTI3FRnu3JUh3rIyGBJhUmHqGZvw2CKdqHCIrQeQkkEYqOeJRJVdBjhv5KGJifqT3BFRwX/YFJIChAQpebNQKXe/0kPivWokHWwXlDB7S7mBZzhaAPidZvnuIhalE2qmTypDwHy22FyqV58T8MGGMchcASDi/QXI6kcdpJzPXSeU9o+NC68QDlOIrMVxKFeE7w7PvVmAaxEo0YwmuAzzKy9QpdlK0aab/xEi8V4iXj4hGepqAvHkXIQd+r3FNeiLfllkb61p6WTjr5urcmDQMR94/wYoilpG5OlybHdbhsYHvIzYoLrC7fzl630gcO6t4nM24vdB6Ymg9BVpEgKRAxSbE62Tqacxqnz9AcmgItb48NiR/He3n3ydGjPYuKk/ihZMgEwAEZvSlNxYONSbYrIGDtOY+8Nbt6KiH3l06wjZW8tcmFeVlWv+tWotnTY9IqlAfvNVTjtsobqtQnvsiDjdEVtNy/s2ci5TH+NdZluca2OVEr91Wayxh70kpM6ib4UGbfdmGgCo74gtKvKSJU0rTHakQ5L9JlaSDD5FamBRyI0qfL43Ad9qOUZ8DaffDCyuaVyuqk7cz9HwmEmvWU3VQ+5t06n/5kRDXttcw8w+3qClEEdGo1KeENcnXCB32dQe3tDTFpuAIMLqwXs6FhpawfZ5kPYvLPczGWaqftIs/RXJ/EltGc0ugw2dmTLpoQhCqrcKEBDoYVk0LDZKsnzitOGdi9mOWse7Se8798ib1UsHFUjGzISEt6upestxOeupSTOh0v4+AjXbDzRUyogHww3V+Bqg71bkcMxtB+WM+pn1XNbVTyl9NR040nhP7KEf6e9ruXAtmrBC2ah5cFEpLIot77VFZ9ilLuitSz+7T8n1yAh1IEG6xxXxninAZIzi2qGbH69O5RSpOJuJTv17zTLJQIIc781JwQ2TTwTGnx5wZLbffhCasowJKd2EVcyMJyhz6ru0PvXWJ4hUdkARJs3Xu8dus9a86N8Xk6aAPzBDqzYb1vyFIfBxP0oO8xFHgd30Cgmz8UrSE3qeWRrF8ftrI6xQnFjHBGWD/JWSvd6YMcQED0aVuQkuNW9ST/DzQThPzRfPUoiL10yAmV7Ytu4fR3x2sF0Yfi87YhHFuCMpV/DsqxmUizyiJuD938eRcH8hzR/VO53Qo3UIsqOLcyXtTv6THjSlTopQ+JOLOnHm1w8dzYbLN44OG44rRsbihMUQp+wUZ6bsI8rrOnm9WErzkbQFbrfAINdoCiNa6cimYIjvvnMTaFWNymqY1vZxGztQiMiHiHYwTfwHTXrb9j0uPM=|09J28iXv9oWzYtzK2LBT6Yht4IT4MijEkk0fwFdrVQ4=".parse().unwrap();

client
.initialize_user_crypto("asdfasdfasdf", user_key.parse().unwrap(), private_key)
.initialize_user_crypto_master_key(master_key, user_key.parse().unwrap(), private_key)
.unwrap();

let result =
Expand All @@ -142,19 +151,28 @@ mod tests {
use crate::client::{Client, Kdf, LoginMethod, UserLoginMethod};

let mut client = Client::new(None);

let password = "asdfasdfasdf";
let email = "[email protected]";
let kdf = Kdf::PBKDF2 {
iterations: NonZeroU32::new(600_000).unwrap(),
};

client.set_login_method(LoginMethod::User(UserLoginMethod::Username {
email: "[email protected]".to_string(),
kdf: Kdf::PBKDF2 {
iterations: NonZeroU32::new(600_000).unwrap(),
},
email: email.to_string(),
kdf: kdf.clone(),
client_id: "1".to_string(),
}));

let master_key =
bitwarden_crypto::MasterKey::derive(password.as_bytes(), email.as_bytes(), &kdf)
.unwrap();

let user_key = "2.Q/2PhzcC7GdeiMHhWguYAQ==|GpqzVdr0go0ug5cZh1n+uixeBC3oC90CIe0hd/HWA/pTRDZ8ane4fmsEIcuc8eMKUt55Y2q/fbNzsYu41YTZzzsJUSeqVjT8/iTQtgnNdpo=|dwI+uyvZ1h/iZ03VQ+/wrGEFYVewBUUl/syYgjsNMbE=";
let private_key = "2.yN7l00BOlUE0Sb0M//Q53w==|EwKG/BduQRQ33Izqc/ogoBROIoI5dmgrxSo82sgzgAMIBt3A2FZ9vPRMY+GWT85JiqytDitGR3TqwnFUBhKUpRRAq4x7rA6A1arHrFp5Tp1p21O3SfjtvB3quiOKbqWk6ZaU1Np9HwqwAecddFcB0YyBEiRX3VwF2pgpAdiPbSMuvo2qIgyob0CUoC/h4Bz1be7Qa7B0Xw9/fMKkB1LpOm925lzqosyMQM62YpMGkjMsbZz0uPopu32fxzDWSPr+kekNNyLt9InGhTpxLmq1go/pXR2uw5dfpXc5yuta7DB0EGBwnQ8Vl5HPdDooqOTD9I1jE0mRyuBpWTTI3FRnu3JUh3rIyGBJhUmHqGZvw2CKdqHCIrQeQkkEYqOeJRJVdBjhv5KGJifqT3BFRwX/YFJIChAQpebNQKXe/0kPivWokHWwXlDB7S7mBZzhaAPidZvnuIhalE2qmTypDwHy22FyqV58T8MGGMchcASDi/QXI6kcdpJzPXSeU9o+NC68QDlOIrMVxKFeE7w7PvVmAaxEo0YwmuAzzKy9QpdlK0aab/xEi8V4iXj4hGepqAvHkXIQd+r3FNeiLfllkb61p6WTjr5urcmDQMR94/wYoilpG5OlybHdbhsYHvIzYoLrC7fzl630gcO6t4nM24vdB6Ymg9BVpEgKRAxSbE62Tqacxqnz9AcmgItb48NiR/He3n3ydGjPYuKk/ihZMgEwAEZvSlNxYONSbYrIGDtOY+8Nbt6KiH3l06wjZW8tcmFeVlWv+tWotnTY9IqlAfvNVTjtsobqtQnvsiDjdEVtNy/s2ci5TH+NdZluca2OVEr91Wayxh70kpM6ib4UGbfdmGgCo74gtKvKSJU0rTHakQ5L9JlaSDD5FamBRyI0qfL43Ad9qOUZ8DaffDCyuaVyuqk7cz9HwmEmvWU3VQ+5t06n/5kRDXttcw8w+3qClEEdGo1KeENcnXCB32dQe3tDTFpuAIMLqwXs6FhpawfZ5kPYvLPczGWaqftIs/RXJ/EltGc0ugw2dmTLpoQhCqrcKEBDoYVk0LDZKsnzitOGdi9mOWse7Se8798ib1UsHFUjGzISEt6upestxOeupSTOh0v4+AjXbDzRUyogHww3V+Bqg71bkcMxtB+WM+pn1XNbVTyl9NR040nhP7KEf6e9ruXAtmrBC2ah5cFEpLIot77VFZ9ilLuitSz+7T8n1yAh1IEG6xxXxninAZIzi2qGbH69O5RSpOJuJTv17zTLJQIIc781JwQ2TTwTGnx5wZLbffhCasowJKd2EVcyMJyhz6ru0PvXWJ4hUdkARJs3Xu8dus9a86N8Xk6aAPzBDqzYb1vyFIfBxP0oO8xFHgd30Cgmz8UrSE3qeWRrF8ftrI6xQnFjHBGWD/JWSvd6YMcQED0aVuQkuNW9ST/DzQThPzRfPUoiL10yAmV7Ytu4fR3x2sF0Yfi87YhHFuCMpV/DsqxmUizyiJuD938eRcH8hzR/VO53Qo3UIsqOLcyXtTv6THjSlTopQ+JOLOnHm1w8dzYbLN44OG44rRsbihMUQp+wUZ6bsI8rrOnm9WErzkbQFbrfAINdoCiNa6cimYIjvvnMTaFWNymqY1vZxGztQiMiHiHYwTfwHTXrb9j0uPM=|09J28iXv9oWzYtzK2LBT6Yht4IT4MijEkk0fwFdrVQ4=".parse().unwrap();

client
.initialize_user_crypto("asdfasdfasdf", user_key.parse().unwrap(), private_key)
.initialize_user_crypto_master_key(master_key, user_key.parse().unwrap(), private_key)
.unwrap();

let result = validate_password_user_key(&client, "abc".to_string(), user_key.to_string())
Expand Down
31 changes: 6 additions & 25 deletions crates/bitwarden/src/client/client.rs
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ use std::path::PathBuf;
pub use bitwarden_crypto::Kdf;
use bitwarden_crypto::SymmetricCryptoKey;
#[cfg(feature = "internal")]
use bitwarden_crypto::{AsymmetricEncString, EncString};
use bitwarden_crypto::{AsymmetricEncString, EncString, MasterKey};
use chrono::Utc;
use reqwest::header::{self, HeaderValue};
use uuid::Uuid;
Expand Down Expand Up @@ -247,23 +247,14 @@ impl Client {
}

#[cfg(feature = "internal")]
pub(crate) fn initialize_user_crypto(
pub(crate) fn initialize_user_crypto_master_key(
&mut self,
password: &str,
master_key: MasterKey,
user_key: EncString,
private_key: EncString,
) -> Result<&EncryptionSettings> {
let login_method = match &self.login_method {
Some(LoginMethod::User(u)) => u,
_ => return Err(Error::NotAuthenticated),
};

self.encryption_settings = Some(EncryptionSettings::new(
login_method,
password,
user_key,
private_key,
)?);
self.encryption_settings =
Some(EncryptionSettings::new(master_key, user_key, private_key)?);
Ok(self
.encryption_settings
.as_ref()
Expand All @@ -289,20 +280,10 @@ impl Client {
#[cfg(feature = "mobile")]
pub(crate) fn initialize_user_crypto_pin(
&mut self,
pin: &str,
pin_key: MasterKey,
pin_protected_user_key: EncString,
private_key: EncString,
) -> Result<&EncryptionSettings> {
use bitwarden_crypto::MasterKey;

let pin_key = match &self.login_method {
Some(LoginMethod::User(
UserLoginMethod::Username { email, kdf, .. }
| UserLoginMethod::ApiKey { email, kdf, .. },
)) => MasterKey::derive(pin.as_bytes(), email.as_bytes(), kdf)?,
_ => return Err(Error::NotAuthenticated),
};

let decrypted_user_key = pin_key.decrypt_user_key(pin_protected_user_key)?;
self.initialize_user_crypto_decrypted_key(decrypted_user_key, private_key)
}
Expand Down
26 changes: 7 additions & 19 deletions crates/bitwarden/src/client/encryption_settings.rs
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,11 @@ use std::collections::HashMap;

use bitwarden_crypto::{AsymmetricCryptoKey, KeyContainer, SymmetricCryptoKey};
#[cfg(feature = "internal")]
use bitwarden_crypto::{AsymmetricEncString, EncString};
use bitwarden_crypto::{AsymmetricEncString, EncString, MasterKey};
use uuid::Uuid;

#[cfg(feature = "internal")]
use crate::{client::UserLoginMethod, error::Result};
use crate::error::Result;

pub struct EncryptionSettings {
user_key: SymmetricCryptoKey,
Expand All @@ -21,28 +21,16 @@ impl std::fmt::Debug for EncryptionSettings {
}

impl EncryptionSettings {
/// Initialize the encryption settings with the user password and their encrypted keys
/// Initialize the encryption settings with the master key and the encrypted user keys
#[cfg(feature = "internal")]
pub(crate) fn new(
login_method: &UserLoginMethod,
password: &str,
master_key: MasterKey,
user_key: EncString,
private_key: EncString,
) -> Result<Self> {
use bitwarden_crypto::MasterKey;

match login_method {
UserLoginMethod::Username { email, kdf, .. }
| UserLoginMethod::ApiKey { email, kdf, .. } => {
// Derive master key from password
let master_key = MasterKey::derive(password.as_bytes(), email.as_bytes(), kdf)?;

// Decrypt the user key
let user_key = master_key.decrypt_user_key(user_key)?;

Self::new_decrypted_key(user_key, private_key)
}
}
// Decrypt the user key
let user_key = master_key.decrypt_user_key(user_key)?;
Self::new_decrypted_key(user_key, private_key)
}

/// Initialize the encryption settings with the decrypted user key and the encrypted user
Expand Down
Loading
Loading