Skip to content

Commit

Permalink
Merge pull request #160 from maxlaverse/fix_some_issues_with_official…
Browse files Browse the repository at this point in the history
…_bitwarden_server

fix some issue with official Bitwarden servers
  • Loading branch information
maxlaverse authored Oct 1, 2024
2 parents a3a8e98 + 85a4160 commit 9b3cb01
Show file tree
Hide file tree
Showing 10 changed files with 730 additions and 82 deletions.
4 changes: 2 additions & 2 deletions internal/bitwarden/crypto/keybuilder/encryption_key.go
Original file line number Diff line number Diff line change
Expand Up @@ -15,10 +15,10 @@ func GenerateEncryptionKey(key symmetrickey.Key) (*symmetrickey.Key, string, err
return nil, "", fmt.Errorf("error generating random bytes: %w", err)
}

return buildEncryptionKey(key, encryptionKey)
return EncryptEncryptionKey(key, encryptionKey)
}

func buildEncryptionKey(key symmetrickey.Key, encryptionKey []byte) (newEncryptionKey *symmetrickey.Key, encryptedEncryptionKey string, err error) {
func EncryptEncryptionKey(key symmetrickey.Key, encryptionKey []byte) (newEncryptionKey *symmetrickey.Key, encryptedEncryptionKey string, err error) {
if len(key.Key) == 32 {
stretchedKey := key.StretchKey()
encryptedEncryptionKey, err = crypto.EncryptAsString(encryptionKey, stretchedKey)
Expand Down
6 changes: 5 additions & 1 deletion internal/bitwarden/crypto/keybuilder/key_pair.go
Original file line number Diff line number Diff line change
Expand Up @@ -11,12 +11,16 @@ import (
"github.com/maxlaverse/terraform-provider-bitwarden/internal/bitwarden/crypto/symmetrickey"
)

func GenerateKeyPair(key symmetrickey.Key) (string, string, error) {
func GenerateRSAKeyPair(key symmetrickey.Key) (string, string, error) {
privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
if err != nil {
return "", "", fmt.Errorf("error generating rsa key: %w", err)
}

return EncryptRSAKeyPair(key, privateKey)
}

func EncryptRSAKeyPair(key symmetrickey.Key, privateKey *rsa.PrivateKey) (string, string, error) {
publicKeyBytes, err := x509.MarshalPKIXPublicKey(&privateKey.PublicKey)
if err != nil {
return "", "", fmt.Errorf("error marshalling PKIX public key: %w", err)
Expand Down
47 changes: 45 additions & 2 deletions internal/bitwarden/embedded/vault_base_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,9 @@ package embedded

import (
"context"
"crypto/x509"
"encoding/pem"
"strings"
"testing"
"time"

Expand All @@ -19,15 +22,55 @@ var (
ProtectedSymmetricKey: "2.lkAJiJtCKPHFPrZ96+j2Xg==|5XJtrKUndcGy28thFukrmgMcLp+BOVdkF+KcuOnfshq9AN1PFhna9Es96CVARCnjTcWuHuqvgnGmcOHTrf8fyfLv63VBsjLgLZk8rCXJoKE=|9dwgx4/13AD+elE2vE7vlSQoe8LbCGGlui345YrKvXY=",
ProtectedRSAPrivateKey: "2.D2aLa8ne/DAkeSzctQISVw==|/xoGM5i5JGJTH/vohUuwTFrTx3hd/gt3kBD/FQdeLMtYjl1u96sh0ECmoERqGHeSfXj+iAb9kpTIOKG8LwmkZGUJBI90Mw0M7ODmf7E8eQ+aGF+bGqTSMQ1wtpunEyFVodlg92YN8Ddlb2V9J4uN8ykpHYNDmQiYLZ8bl6vCODRGPyzLvx5M8DbITVL5PhsjKDLLrVV8lFCgCcAL5YLfkghYhFELyX15zXA/KYEnwggDka3hG5+HHFOVZSeyk7Gi6M4TX2wADbTXz1/Wsho8oxFUrtNiOB3ZiY2cx9UWttpzMXoGfi2gJcP1db/nTfWenOLlzw6Od4VyRzsXsfyGwbqBqDnNFkjLvhjVw4JO+psF//xAMDs14101Tf2wFkB6toQ+zdnDphXUeKmiVPQ7gMnQlOWN5tWvjjmYOO4Y63sGpP24cDOdEScIdebZRSA8uOhTzadfKfOiH5zVYZzXs33FQ0li4nBrsj5xYa6PP4D1P7gqjxClPdguwkdLoZ7JvgIlyRIwEcORi5Ich8RWF/kqRBwk0QSzK1mTlHHU5xtSgi4MLNVx4qTYNaJVBtwL9d2MD9LeNn4Z2PL4A7qnszHqsERiQQDxNEgMxMBHDgSXqQbtQxRvsI6oY+yNbN7uVWw4o8AC3f5GBdxzIqcN1mgEM5ix5aDt15w3MhP2FHtf2neKI68TnL8WnT1fT8BVlbECIiUqK0tfq5aTjdSh3gCS15jvZ1H60h+K8+O/nDfquzVjY7UsTGwA+UtS8/JGiaUhc0VhxJo8P1V2VSCiu51d5q3De1vDg5R2VEgBmTchZyTIodC+3+7ACTOwkNCCdIJN7xKOcIGFA7QOuyJtBeXT4Rd9UGMHSL054IB/315WVDiwrP9W1aP0nHzFs+qAXbH5o1E+AmfMDyoHopjGgbUw22r837kHzf5Qe8QhRYPzQvDowfCPhdoy23cbN1VsNavNwTC9hcG5oYMwkK66xP3MEM9UfGD22pwxe7M8U4BRdLCCHbi95eklXE6Mg6DpWsAdMgokQbOvnlwgKfrlbltqXUE/vUQI8TB3AE1Nkt0ST4quTriMuuyiHdeeZV4UkV9jWt/5bTCfdrCYuGZP7g4shbfNcP7u1Zrdxv+EuUwGIOOTrNV5awmBnL3iHE5ya2MnqmRyfWiPIT5majZCk06yxj4XzyIPOpjYKFt0MOgLvG1GllmdtRqg7tMVvc5ZFo5KWIxLsIJD12UjA1GYYoFdX4+wsNbPjfnlE6D2PrtWUICnBFJzYpfyrKTe01k8G8hyyz+tVzBRfz8EA2ew1+hlVcAgSPCcBzhDgqPe+RSPi7ZSd66be1gDhGAftWFM8Z0MrMklXi2DyjjaKBNsZZD8qTcLcobm8nqHUQtnr5JCbmgP3rau8NY/fxeFHsvSiZQoB1aI/y+Sz/R4r+T9cg8hjmS/FUHDO+m6a6nuWNFwz8wIluM557oOTl+A9UGFF50Gpzmf97VdQjM3ZREazQ7la6AobzS3BHI6FNdxN9LTyMpYo+WODv52/VwU3ODH7wf5bz2OHZhk2NG5R7pSH7qg8jM+/MtJkFumENV0qMecozIkP6e4CyI9ua4YwI9n7G5OgKYMG1aj2PRSny2JSLS8aHF1TkRL8SD0nZFCox0=|muEtiwIuZxhuuLv0nouEdxHU2CO+I7JXKZuYHWiv/OE=",
}
testPassword = "test12341234"

orgKey = "4.JW3mktbL7vpTVRweZdQBAirJuAEhSRn37zcXZjDjI47weFKkeZkvPxZWCqFYC/P5qCJwEYMbv7lTETkWDg6paevVfhJ35buGcTQdEbQxAJebzPahEcUstj11l4Y9T5RaDiAJR8+drrGJ3fKV3v3hymKz2o9fUfK1epuLFll2nnWSOjCcuRe/+zz5VwIVx4WJAPJHmiS6eofbj/DTIQCzG4JkR0UzT66ouLcgmPL1nGOqVI7KxRpL5yVj75UkjniHkWAcB7lfAxWXw2GhDJ/2L685uA3820ItTbxjCwLQOvjBttgrbURmkeP9BD+KkO4V6vb8bbTWNSvggXKk2h1CMw=="
rsaPrivateKey = `-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAlRbtt5Vyku3dUIkPR0Y3v94qvZReuwAijIwHQGQOuKw6lKVV
HL29rZ93TwCG2P5a+GKH2+2fIbT/wTMTK4K1ElxQZ/2yLN9Hfu2d/ITNTsfTzPXv
F3fao3Q0JmD7DNJS2bJqng3so28aFddOZ03H55m9T6+0ZJqrMdgE5Z1V/4I7LFF6
JxGGZ4mg99OvfQ5K8GOBM6SCI6h5eMXM5EkSM9vol9sRxvVLZmvNKH3UP9riyQwt
dcD5IxmY1y34Bg4b+a8tYaP7v90xF73uKs+287yNPLhWE9i+/gXwvApVxENG9SCP
lSrAEHd1NZPfsZhHoG+LXhyCZu2COttZess44QIDAQABAoIBAAIXgN54+qMpJ+2M
yGsdvGj3vCy9+vSyWi8Tr3icdXMrKfTVgMUlvEurcOI/Mcp+v55MF3JF0kwylh3N
pSwbV3DBHN5Hp5xu8HmtahsoWRnXo98Z4oOB7U5gAj5kBmkMtKhB/fJW+UzF/C/b
I2906Tw59Uy2XIsROzvjMeGPnddh1LbvXUb9nAmhi7napdwCUbeqvatu56GyiXxV
03DTwhbfuU+nMi/M556WPEkPbJoG4bF82WqQ+6+a1NfE2wg//cc5CzXQehC6jGx6
Pi+uNUtPhMSyTnJgpvg+Ob2r/LTiL0zic00ka29xUsi7EwXKUR2ih8JTkSPaTR06
3ezrg3ECgYEAzi/MnXfWp49jRgb4bHE9Cy63hehgaBvIcEyhFKOz5OD6nI4Lg/3z
SNDQo9YhwMqschqQLHVEtjxDT0V/RHdX4icTF+zSCl/T79EtM/R1nMT0MSIXV7IE
NtPbnqXOjrbe3vgjLvBst/cWpGHiML+znCqukHOevSn7yUlg4b1aMVECgYEAuRvL
YnbNlps/nql1EW9DUKOEV7kBvehwGzYpFfZ7pRscl6RyISTipGMOzJmOSfscYwqR
HrFpTNMNxjnyXOuv4OTC7bCIUJc6N8AZ4jm4452ibxpzktlO8Im+TbsD6mZDT8zB
d+8o/8ST9j1zy43Sb+f5vxfB6fC9vUXpBW0+KpECgYEAzQKT9cJxSVv1/mvx2Ilj
g9nompmqOfnd+2MGCuqWdS4JoV5PLudzXeRaf3zrRLGAc1fcIIhdUMFsv8Y/O8la
NcBaaMCNO8l6hoo64tzfkIf4sV3PTd/v9sACL6V3U0mbIqIhAYwG3YguGDZHW+dQ
ZCfAOFrt6/Jxqvtt/CZ1JnECgYBOxmdNZeWj/Dmc2dy6KLFq9ctyUYdOPEbJLcla
UWTZJKqMVi1DsaDJ+GXp6EdHcJfqBisv9qwrR34LJ8nehWZ5vKC/6mp4cYMTCqt5
PLtUEld4FLeufNA9SUE1bysBa7ellCuZUKwP/KZDGm/W5mnxubTs/71EQ3FbxQ6f
gpf8IQKBgGHK8j8rvxtszoQKUY+XpWFrP0x5pDLiAkmQ0bmF2KRIahq3anla6n3i
/LL5BrUdMjEnvAb+RASq+41rceq4rLcz0pA2yOWNjhbCAPFdU5MQMkJ4/zqHtzvd
GqwE00g9gizQ6CmsaNNJh7y6gNg0TBU2EGqTaQMz37fheAEt3NSt
-----END RSA PRIVATE KEY-----
`

encryptionKey = "Vr+KA/il3QX4z7EqFnhQ3U8TtETlQPKkXHCE2PiR75wwzDVRutR4rib/jMtgZ1S/gPyOEXbwKFju2oJq3njVLg=="
orgKey = "4.JW3mktbL7vpTVRweZdQBAirJuAEhSRn37zcXZjDjI47weFKkeZkvPxZWCqFYC/P5qCJwEYMbv7lTETkWDg6paevVfhJ35buGcTQdEbQxAJebzPahEcUstj11l4Y9T5RaDiAJR8+drrGJ3fKV3v3hymKz2o9fUfK1epuLFll2nnWSOjCcuRe/+zz5VwIVx4WJAPJHmiS6eofbj/DTIQCzG4JkR0UzT66ouLcgmPL1nGOqVI7KxRpL5yVj75UkjniHkWAcB7lfAxWXw2GhDJ/2L685uA3820ItTbxjCwLQOvjBttgrbURmkeP9BD+KkO4V6vb8bbTWNSvggXKk2h1CMw=="
testPassword = "test12341234"
)

func TestDecryptAccountSecret(t *testing.T) {
accountSecrets, err := decryptAccountSecrets(testAccount, testPassword)
assert.NoError(t, err)
assert.Equal(t, "qOOJSiS6KGqePb+ZxBPD9G37cZjFfViArWiHCd0koK4=", accountSecrets.MasterPasswordHash)

pemdata := pem.EncodeToMemory(
&pem.Block{
Type: "RSA PRIVATE KEY",
Bytes: x509.MarshalPKCS1PrivateKey(accountSecrets.RSAPrivateKey),
},
)

assert.Equal(t, rsaPrivateKey, strings.Replace(string(pemdata), "\\n", "\n", -1))
assert.Contains(t, accountSecrets.MainKey.Summary(), encryptionKey)
}

func TestDecryptAccountSecretWrongPassword(t *testing.T) {
Expand Down
Loading

0 comments on commit 9b3cb01

Please sign in to comment.