Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[PM-10929] Support Key Connector #959

Merged
merged 8 commits into from
Aug 19, 2024
Merged

[PM-10929] Support Key Connector #959

merged 8 commits into from
Aug 19, 2024

Conversation

Hinton
Copy link
Member

@Hinton Hinton commented Aug 15, 2024
edited
Loading

🎟️ Tracking

https://bitwarden.atlassian.net/browse/PM-10929

📔 Objective

Add support for Key Connector.

  • Adds support for KeyConnector to initialize_user_crypto.
  • Support generating a random master key that can be sent to the key connector.
  • Support getting the current master key and sending it to the key connector.

⏰ Reminders before review

  • Contributor guidelines followed
  • All formatters and local linters executed and passed
  • Written new unit and / or integration tests where applicable
  • Protected functional changes with optionality (feature flags)
  • Used internationalization (i18n) for all UI strings
  • CI builds passed
  • Communicated to DevOps any deployment requirements
  • Updated any necessary documentation (Confluence, contributing docs) or informed the documentation
    team

🦮 Reviewer guidelines

  • 👍 (:+1:) or similar for great changes
  • 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
  • ❓ (:question:) for questions
  • 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed
    issue and could potentially benefit from discussion
  • 🎨 (:art:) for suggestions / improvements
  • ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
  • 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
  • ⛏ (:pick:) for minor or nitpick changes

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Aug 15, 2024
edited
Loading

Logo
Checkmarx One – Scan Summary & Details511eb665-949b-4992-95f5-d96080a9f4d8

No New Or Fixed Issues Found

@codecov Codecov
Copy link

codecov bot commented Aug 15, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 67.50000% with 26 lines in your changes missing coverage. Please review.

Project coverage is 58.44%. Comparing base (7472f9b) to head (9fe447a).
Report is 4 commits behind head on main.

Files Patch % Lines
crates/bitwarden-uniffi/src/auth/mod.rs 0.00% 8 Missing ⚠️
crates/bitwarden-core/src/mobile/crypto.rs 75.00% 7 Missing ⚠️
crates/bitwarden-core/src/auth/client_auth.rs 0.00% 4 Missing ⚠️
crates/bitwarden-core/src/mobile/client_crypto.rs 0.00% 3 Missing ⚠️
crates/bitwarden-uniffi/src/crypto.rs 0.00% 3 Missing ⚠️
crates/bitwarden-crypto/src/keys/master_key.rs 91.66% 1 Missing ⚠️
Additional details and impacted files 
@@           Coverage Diff           @@
##             main     #959   +/-   ##
=======================================
  Coverage   58.43%   58.44%           
=======================================
  Files         195      196    +1     
  Lines       13406    13483   +77     
=======================================
+ Hits         7834     7880   +46     
- Misses       5572     5603   +31

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@Hinton Hinton requested a review from jlf0dev August 15, 2024 14:30
@Hinton Hinton marked this pull request as ready for review August 15, 2024 14:56
@Hinton Hinton changed the title Support Key Connector [PM-10929] Support Key Connector Aug 15, 2024
@Hinton Hinton requested a review from MGibson1 August 15, 2024 15:56
Hinton
Hinton commented Aug 15, 2024
View reviewed changes
crates/bitwarden-core/src/auth/key_connector.rs
Comment on lines +13 to +21
let master_key = MasterKey::generate(&mut rng);
let (user_key, encrypted_user_key) = master_key.make_user_key()?;
let keys = user_key.make_key_pair()?;

Ok(KeyConnectorResponse {
master_key: master_key.to_base64(),
encrypted_user_key: encrypted_user_key.to_string(),
keys,
})
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is quite different compared to our current approach, but helps avoiding the weird steps in our ts project @jlf0dev.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Perhaps I don't understand the key connector flow, but I had thought the encrypting keys were generated by key connect -- are they just stored there?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Correct - just stored there.

MGibson1
MGibson1 reviewed Aug 16, 2024
View reviewed changes
Copy link
Member

@MGibson1 MGibson1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A few questions, but I'm not very familiar with key connector or the sdk these days

crates/bitwarden-core/src/auth/client_auth.rs
@@ -79,6 +81,11 @@ impl<'a> ClientAuth<'a> {
make_register_tde_keys(self.client, email, org_public_key, remember_device)
}

pub fn make_key_connector_keys(&self) -> Result<KeyConnectorResponse, CryptoError> {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why not return a Result? Equivalently, why does this method return a specific error type rather than the base error enum?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We're transitioning away from a single massive enum as that meshes badly with the new crate structure. And it's generally a better experience knowing what errors you get vs needing to validate all errors.

crates/bitwarden-core/src/auth/key_connector.rs
Comment on lines +13 to +21
let master_key = MasterKey::generate(&mut rng);
let (user_key, encrypted_user_key) = master_key.make_user_key()?;
let keys = user_key.make_key_pair()?;

Ok(KeyConnectorResponse {
master_key: master_key.to_base64(),
encrypted_user_key: encrypted_user_key.to_string(),
keys,
})
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Perhaps I don't understand the key connector flow, but I had thought the encrypting keys were generated by key connect -- are they just stored there?

crates/bitwarden-uniffi/src/auth/mod.rs
.0
.auth()
.make_key_connector_keys()
.map_err(Error::Crypto)?)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If changed to a base error response, this map should be unnecessary, too

@Hinton
Copy link
Member Author

Hinton commented Aug 16, 2024

Key connector just stores your keys. The client still generates them.

@Hinton Hinton merged commit de3b6e2 into main Aug 19, 2024
61 of 62 checks passed
@Hinton Hinton deleted the ps/key-connector branch August 19, 2024 12:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jlf0dev jlf0dev jlf0dev approved these changes

@MGibson1 MGibson1 MGibson1 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Hinton @MGibson1 @jlf0dev