[PM-20614] Cose Content Type (#203)

## 🎟️ Tracking

https://bitwarden.atlassian.net/browse/PM-20614

## 📔 Objective

Encrypt type 7 (CoseEncrypt0 with currently Xchacha20poly1305) requires
specifying a content format. Since the encrypted content is just a byte
array, this alone is not enough to understand what format the data
contained has. In some cases, multiple formats may be OK.

These cases include:
- Private keys
  - PKCS8 DER / CoseKey
- Symmetric keys
- Bitwarden Custom Key Byte Serialization ("just key bytes concatenated
(and padding if it is a CoseKey)"), CoseKey
- Utf8 for most cipher fields
- Future:
  - Blob Cipher: Json/Cbor?

To distinguish between these, we need to introduce a content format that
is passed through until the encryption happens. For AES256-CBC-HMAC, it
gets ignored, for CoseEncrypt0/Xchacha20poly1305, it gets written as a
protected header onto the encstring/encrypt0 object. We do not add
validation on the decryption path in this PR.

For key wrapping, when wrapping cosekeys with cosekeys, the Bitwarden
Custom Key Byte Serialization with padding is not used, but the raw
CoseKey without padding is used; but can be distinguished from other
keys on unwrapping by inspecting the content format.

Further to ensure the content format is passed along, the encryptable
trait is split into 3 traits by this PR.
`CompositeEncryptable` is a trait that represents encryption of
composite objects. Composite objects here are objects that have
sub-encyrptables under the same key. For instance, a cipher is a
composite encryptable, since all fields are individually encrypted. It
also has some sub-composite encryptables (Uri). Composite encryptables
only defer encryption to one of the other traits, and do not themselves
encrypt directly, and thus also don't have a content type.

For the Utf8 content type specifically, for XChaCha20Poly1305
encryption, a padding scheme is added, in order to hide the direct
relationship of ciphertext length to plaintext length. The content type
written onto the encrypt0 object is a custom type to indicate this.

The since bytes `Vec<u8>`. alone are not enough to carry a content type,
a new generic struct `Bytes<ConstContentType>` is introduced and
returned in various places such as:
- DER private key
- DER public key
- Symmetric crypto key

The `ConstContentType` is sealed and not implementable by other crates,
and type aliases are provided for more convenient / less cognitive
overhead syntax.

For these, the EncryptableWithContentType trait(s) are implemented.

## ⏰ Reminders before review

- Contributor guidelines followed
- All formatters and local linters executed and passed
- Written new unit and / or integration tests where applicable
- Protected functional changes with optionality (feature flags)
- Used internationalization (i18n) for all UI strings
- CI builds passed
- Communicated to DevOps any deployment requirements
- Updated any necessary documentation (Confluence, contributing docs) or
informed the documentation
  team

## 🦮 Reviewer guidelines

<!-- Suggested interactions but feel free to use (or not) as you desire!
-->

- 👍 (`:+1:`) or similar for great changes
- 📝 (`:memo:`) or ℹ️ (`:information_source:`) for notes or general info
- ❓ (`:question:`) for questions
- 🤔 (`:thinking:`) or 💭 (`:thought_balloon:`) for more open inquiry
that's not quite a confirmed
  issue and could potentially benefit from discussion
- 🎨 (`:art:`) for suggestions / improvements
- ❌ (`:x:`) or ⚠️ (`:warning:`) for more significant problems or
concerns needing attention
- 🌱 (`:seedling:`) or ♻️ (`:recycle:`) for future improvements or
indications of technical debt
- ⛏ (`:pick:`) for minor or nitpick changes

---------

Co-authored-by: Matt Gibson <[email protected]>
Co-authored-by: Oscar Hinton <[email protected]>

Author: 3 people

bitwarden_license/bitwarden-sm/src/projects/create.rs

@@ -1,6 +1,6 @@
 use bitwarden_api_api::models::ProjectCreateRequestModel;
 use bitwarden_core::{key_management::SymmetricKeyId, Client};
-use bitwarden_crypto::Encryptable;
+use bitwarden_crypto::PrimitiveEncryptable;
 use schemars::JsonSchema;
 use serde::{Deserialize, Serialize};
 use uuid::Uuid;

bitwarden_license/bitwarden-sm/src/projects/update.rs

@@ -1,6 +1,6 @@
 use bitwarden_api_api::models::ProjectUpdateRequestModel;
 use bitwarden_core::{key_management::SymmetricKeyId, Client};
-use bitwarden_crypto::Encryptable;
+use bitwarden_crypto::PrimitiveEncryptable;
 use schemars::JsonSchema;
 use serde::{Deserialize, Serialize};
 use uuid::Uuid;

bitwarden_license/bitwarden-sm/src/secrets/create.rs

@@ -1,6 +1,6 @@
 use bitwarden_api_api::models::SecretCreateRequestModel;
 use bitwarden_core::{key_management::SymmetricKeyId, Client};
-use bitwarden_crypto::Encryptable;
+use bitwarden_crypto::PrimitiveEncryptable;
 use schemars::JsonSchema;
 use serde::{Deserialize, Serialize};
 use uuid::Uuid;

bitwarden_license/bitwarden-sm/src/secrets/update.rs

@@ -1,6 +1,6 @@
 use bitwarden_api_api::models::SecretUpdateRequestModel;
 use bitwarden_core::{key_management::SymmetricKeyId, Client};
-use bitwarden_crypto::Encryptable;
+use bitwarden_crypto::PrimitiveEncryptable;
 use schemars::JsonSchema;
 use serde::{Deserialize, Serialize};
 use uuid::Uuid;

crates/bitwarden-core/src/auth/auth_request.rs

@@ -52,7 +52,7 @@ pub(crate) fn auth_request_decrypt_user_key(
     private_key: String,
     user_key: UnsignedSharedKey,
 ) -> Result<SymmetricCryptoKey, EncryptionSettingsError> {
-    let key = AsymmetricCryptoKey::from_der(&STANDARD.decode(private_key)?)?;
+    let key = AsymmetricCryptoKey::from_der(&STANDARD.decode(private_key)?.into())?;
     let key: SymmetricCryptoKey = user_key.decapsulate_key_unsigned(&key)?;
     Ok(key)
 }
@@ -66,7 +66,7 @@ pub(crate) fn auth_request_decrypt_master_key(
 ) -> Result<SymmetricCryptoKey, EncryptionSettingsError> {
     use bitwarden_crypto::MasterKey;
 
-    let key = AsymmetricCryptoKey::from_der(&STANDARD.decode(private_key)?)?;
+    let key = AsymmetricCryptoKey::from_der(&STANDARD.decode(private_key)?.into())?;
     let master_key: SymmetricCryptoKey = master_key.decapsulate_key_unsigned(&key)?;
     let master_key = MasterKey::try_from(&master_key)?;
 
@@ -106,43 +106,45 @@ pub(crate) fn approve_auth_request(
     )?)
 }
 
-#[test]
-fn test_auth_request() {
-    let request = new_auth_request("[email protected]").unwrap();
-
-    let secret = vec![
-        111, 32, 97, 169, 4, 241, 174, 74, 239, 206, 113, 86, 174, 68, 216, 238, 52, 85, 156, 27,
-        134, 149, 54, 55, 91, 147, 45, 130, 131, 237, 51, 31, 191, 106, 155, 14, 160, 82, 47, 40,
-        96, 31, 114, 127, 212, 187, 167, 110, 205, 116, 198, 243, 218, 72, 137, 53, 248, 43, 255,
-        67, 35, 61, 245, 93,
-    ];
-
-    let private_key =
-        AsymmetricCryptoKey::from_der(&STANDARD.decode(&request.private_key).unwrap()).unwrap();
-
-    let encrypted = UnsignedSharedKey::encapsulate_key_unsigned(
-        &SymmetricCryptoKey::try_from(secret.clone()).unwrap(),
-        &private_key.to_public_key(),
-    )
-    .unwrap();
-
-    let decrypted = auth_request_decrypt_user_key(request.private_key, encrypted).unwrap();
-
-    assert_eq!(decrypted.to_encoded(), secret);
-}
-
 #[cfg(test)]
 mod tests {
     use std::num::NonZeroU32;
 
-    use bitwarden_crypto::{Kdf, MasterKey};
+    use bitwarden_crypto::{BitwardenLegacyKeyBytes, Kdf, MasterKey, SpkiPublicKeyBytes};
 
     use super::*;
     use crate::key_management::{
         crypto::{AuthRequestMethod, InitUserCryptoMethod, InitUserCryptoRequest},
         SymmetricKeyId,
     };
 
+    #[test]
+    fn test_auth_request() {
+        let request = new_auth_request("[email protected]").unwrap();
+
+        let secret = vec![
+            111, 32, 97, 169, 4, 241, 174, 74, 239, 206, 113, 86, 174, 68, 216, 238, 52, 85, 156,
+            27, 134, 149, 54, 55, 91, 147, 45, 130, 131, 237, 51, 31, 191, 106, 155, 14, 160, 82,
+            47, 40, 96, 31, 114, 127, 212, 187, 167, 110, 205, 116, 198, 243, 218, 72, 137, 53,
+            248, 43, 255, 67, 35, 61, 245, 93,
+        ];
+
+        let private_key =
+            AsymmetricCryptoKey::from_der(&STANDARD.decode(&request.private_key).unwrap().into())
+                .unwrap();
+
+        let secret = BitwardenLegacyKeyBytes::from(secret);
+        let encrypted = UnsignedSharedKey::encapsulate_key_unsigned(
+            &SymmetricCryptoKey::try_from(&secret).unwrap(),
+            &private_key.to_public_key(),
+        )
+        .unwrap();
+
+        let decrypted = auth_request_decrypt_user_key(request.private_key, encrypted).unwrap();
+
+        assert_eq!(decrypted.to_encoded().to_vec(), secret.to_vec());
+    }
+
     #[test]
     fn test_approve() {
         let client = Client::new(None);
@@ -166,8 +168,9 @@ mod tests {
         let public_key = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvyLRDUwXB4BfQ507D4meFPmwn5zwy3IqTPJO4plrrhnclWahXa240BzyFW9gHgYu+Jrgms5xBfRTBMcEsqqNm7+JpB6C1B6yvnik0DpJgWQw1rwvy4SUYidpR/AWbQi47n/hvnmzI/sQxGddVfvWu1iTKOlf5blbKYAXnUE5DZBGnrWfacNXwRRdtP06tFB0LwDgw+91CeLSJ9py6dm1qX5JIxoO8StJOQl65goLCdrTWlox+0Jh4xFUfCkb+s3px+OhSCzJbvG/hlrSRcUz5GnwlCEyF3v5lfUtV96MJD+78d8pmH6CfFAp2wxKRAbGdk+JccJYO6y6oIXd3Fm7twIDAQAB";
 
         // Verify fingerprint
-        let pbkey = STANDARD.decode(public_key).unwrap();
-        let fingerprint = fingerprint("[email protected]", &pbkey).unwrap();
+        let pubkey = STANDARD.decode(public_key).unwrap();
+        let pubkey = SpkiPublicKeyBytes::from(pubkey.clone());
+        let fingerprint = fingerprint("[email protected]", &pubkey).unwrap();
         assert_eq!(fingerprint, "childless-unfair-prowler-dropbox-designate");
 
         approve_auth_request(&client, public_key.to_owned()).unwrap();
@@ -181,7 +184,7 @@ mod tests {
         let dec = auth_request_decrypt_user_key(private_key.to_owned(), enc_user_key).unwrap();
 
         assert_eq!(
-            &dec.to_encoded(),
+            &dec.to_encoded().to_vec(),
             &[
                 201, 37, 234, 213, 21, 75, 40, 70, 149, 213, 234, 16, 19, 251, 162, 245, 161, 74,
                 34, 245, 211, 151, 211, 192, 95, 10, 117, 50, 88, 223, 23, 157
@@ -200,7 +203,7 @@ mod tests {
                 .unwrap();
 
         assert_eq!(
-            &dec.to_encoded(),
+            &dec.to_encoded().to_vec(),
             &[
                 109, 128, 172, 147, 206, 123, 134, 95, 16, 36, 155, 113, 201, 18, 186, 230, 216,
                 212, 173, 188, 74, 11, 134, 131, 137, 242, 105, 178, 105, 126, 52, 139, 248, 91,

crates/bitwarden-core/src/auth/login/access_token.rs

@@ -1,7 +1,7 @@
 use std::path::{Path, PathBuf};
 
 use base64::{engine::general_purpose::STANDARD, Engine};
-use bitwarden_crypto::{EncString, KeyDecryptable, SymmetricCryptoKey};
+use bitwarden_crypto::{BitwardenLegacyKeyBytes, EncString, KeyDecryptable, SymmetricCryptoKey};
 use chrono::Utc;
 use schemars::JsonSchema;
 use serde::{Deserialize, Serialize};
@@ -67,7 +67,8 @@ pub(crate) async fn login_access_token(
 
         let payload: Payload = serde_json::from_slice(&decrypted_payload)?;
         let encryption_key = STANDARD.decode(&payload.encryption_key)?;
-        let encryption_key = SymmetricCryptoKey::try_from(encryption_key)?;
+        let encryption_key = BitwardenLegacyKeyBytes::from(encryption_key);
+        let encryption_key = SymmetricCryptoKey::try_from(&encryption_key)?;
 
         let access_token_obj: JwtToken = r.access_token.parse()?;
 

crates/bitwarden-core/src/client/encryption_settings.rs

@@ -27,6 +27,9 @@ pub enum EncryptionSettingsError {
     #[error("Invalid private key")]
     InvalidPrivateKey,
 
+    #[error("Invalid signing key")]
+    InvalidSigningKey,
+
     #[error(transparent)]
     MissingPrivateKey(#[from] MissingPrivateKeyError),
 
@@ -49,19 +52,16 @@ impl EncryptionSettings {
         signing_key: Option<EncString>,
         store: &KeyStore<KeyIds>,
     ) -> Result<(), EncryptionSettingsError> {
-        use bitwarden_crypto::{
-            AsymmetricCryptoKey, CoseSerializable, CryptoError, KeyDecryptable, SigningKey,
-        };
+        use bitwarden_crypto::{AsymmetricCryptoKey, CoseSerializable, KeyDecryptable, SigningKey};
         use log::warn;
 
         use crate::key_management::{AsymmetricKeyId, SigningKeyId, SymmetricKeyId};
 
         let private_key = {
             let dec: Vec<u8> = private_key.decrypt_with_key(&user_key)?;
-
             // FIXME: [PM-11690] - Temporarily ignore invalid private keys until we have a recovery
             // process in place.
-            AsymmetricCryptoKey::from_der(&dec)
+            AsymmetricCryptoKey::from_der(&dec.into())
                 .map_err(|_| {
                     warn!("Invalid private key");
                 })
@@ -74,8 +74,10 @@ impl EncryptionSettings {
         };
         let signing_key = signing_key
             .map(|key| {
+                use bitwarden_crypto::CryptoError;
+
                 let dec: Vec<u8> = key.decrypt_with_key(&user_key)?;
-                SigningKey::from_cose(dec.as_slice()).map_err(Into::<CryptoError>::into)
+                SigningKey::from_cose(&dec.into()).map_err(Into::<CryptoError>::into)
             })
             .transpose()?;
 

crates/bitwarden-core/src/key_management/crypto.rs

@@ -8,9 +8,9 @@ use std::collections::HashMap;
 
 use base64::{engine::general_purpose::STANDARD, Engine};
 use bitwarden_crypto::{
-    AsymmetricCryptoKey, CoseSerializable, CryptoError, EncString, Encryptable, Kdf,
-    KeyDecryptable, KeyEncryptable, MasterKey, SignatureAlgorithm, SignedPublicKey, SigningKey,
-    SymmetricCryptoKey, UnsignedSharedKey, UserKey,
+    AsymmetricCryptoKey, CoseSerializable, CryptoError, EncString, Kdf, KeyDecryptable,
+    KeyEncryptable, MasterKey, Pkcs8PrivateKeyBytes, PrimitiveEncryptable, SignatureAlgorithm,
+    SignedPublicKey, SigningKey, SymmetricCryptoKey, UnsignedSharedKey, UserKey,
 };
 use bitwarden_error::bitwarden_error;
 use schemars::JsonSchema;
@@ -536,6 +536,7 @@ pub(super) fn verify_asymmetric_keys(
             .decrypt_with_key(user_key)
             .map_err(VerifyError::DecryptFailed)?;
 
+        let decrypted_private_key = Pkcs8PrivateKeyBytes::from(decrypted_private_key);
         let private_key = AsymmetricCryptoKey::from_der(&decrypted_private_key)
             .map_err(VerifyError::ParseFailed)?;
 
@@ -605,8 +606,6 @@ pub fn make_user_signing_keys_for_enrollment(
 
     Ok(MakeUserSigningKeysResponse {
         verifying_key: STANDARD.encode(signature_keypair.to_verifying_key().to_cose()),
-        // This needs to be changed to use the correct COSE content format before rolling out to
-        // users: https://bitwarden.atlassian.net/browse/PM-22189
         signing_key: signature_keypair
             .to_cose()
             .encrypt(&mut ctx, SymmetricKeyId::User)?,
@@ -845,8 +844,9 @@ mod tests {
         let encrypted = enroll_admin_password_reset(&client, public_key.to_owned()).unwrap();
 
         let private_key = "MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCzLtEUdxfcLxDj84yaGFsVF5hZ8Hjlb08NMQDy1RnBma06I3ZESshLYzVz4r/gegMn9OOltfV/Yxlyvida8oW6qdlfJ7AVz6Oa8pV7BiL40C7b76+oqraQpyYw2HChANB1AhXL9SqWngKmLZwjA7qiCrmcc0kZHeOb4KnKtp9iVvPVs+8veFvKgYO4ba2AAOHKFdR0W55/agXfAy+fWUAkC8mc9ikyJdQWaPV6OZvC2XFkOseBQm9Rynudh3BQpoWiL6w620efe7t5k+02/EyOFJL9f/XEEjM/+Yo0t3LAfkuhHGeKiRST59Xc9hTEmyJTeVXROtz+0fjqOp3xkaObAgMBAAECggEACs4xhnO0HaZhh1/iH7zORMIRXKeyxP2LQiTR8xwN5JJ9wRWmGAR9VasS7EZFTDidIGVME2u/h4s5EqXnhxfO+0gGksVvgNXJ/qw87E8K2216g6ZNo6vSGA7H1GH2voWwejJ4/k/cJug6dz2S402rRAKh2Wong1arYHSkVlQp3diiMa5FHAOSE+Cy09O2ZsaF9IXQYUtlW6AVXFrBEPYH2kvkaPXchh8VETMijo6tbvoKLnUHe+wTaDMls7hy8exjtVyI59r3DNzjy1lNGaGb5QSnFMXR+eHhPZc844Wv02MxC15zKABADrl58gpJyjTl6XpDdHCYGsmGpVGH3X9TQQKBgQDz/9beFjzq59ve6rGwn+EtnQfSsyYT+jr7GN8lNEXb3YOFXBgPhfFIcHRh2R00Vm9w2ApfAx2cd8xm2I6HuvQ1Os7g26LWazvuWY0Qzb+KaCLQTEGH1RnTq6CCG+BTRq/a3J8M4t38GV5TWlzv8wr9U4dl6FR4efjb65HXs1GQ4QKBgQC7/uHfrOTEHrLeIeqEuSl0vWNqEotFKdKLV6xpOvNuxDGbgW4/r/zaxDqt0YBOXmRbQYSEhmO3oy9J6XfE1SUln0gbavZeW0HESCAmUIC88bDnspUwS9RxauqT5aF8ODKN/bNCWCnBM1xyonPOs1oT1nyparJVdQoG//Y7vkB3+wKBgBqLqPq8fKAp3XfhHLfUjREDVoiLyQa/YI9U42IOz9LdxKNLo6p8rgVthpvmnRDGnpUuS+KOWjhdqDVANjF6G3t3DG7WNl8Rh5Gk2H4NhFswfSkgQrjebFLlBy9gjQVCWXt8KSmjvPbiY6q52Aaa8IUjA0YJAregvXxfopxO+/7BAoGARicvEtDp7WWnSc1OPoj6N14VIxgYcI7SyrzE0d/1x3ffKzB5e7qomNpxKzvqrVP8DzG7ydh8jaKPmv1MfF8tpYRy3AhmN3/GYwCnPqT75YYrhcrWcVdax5gmQVqHkFtIQkRSCIftzPLlpMGKha/YBV8c1fvC4LD0NPh/Ynv0gtECgYEAyOZg95/kte0jpgUEgwuMrzkhY/AaUJULFuR5MkyvReEbtSBQwV5tx60+T95PHNiFooWWVXiLMsAgyI2IbkxVR1Pzdri3gWK5CTfqb7kLuaj/B7SGvBa2Sxo478KS5K8tBBBWkITqo+wLC0mn3uZi1dyMWO1zopTA+KtEGF2dtGQ=";
-        let private_key =
-            AsymmetricCryptoKey::from_der(&STANDARD.decode(private_key).unwrap()).unwrap();
+        let private_key = STANDARD.decode(private_key).unwrap();
+        let private_key = Pkcs8PrivateKeyBytes::from(private_key);
+        let private_key = AsymmetricCryptoKey::from_der(&private_key).unwrap();
         let decrypted: SymmetricCryptoKey =
             encrypted.decapsulate_key_unsigned(&private_key).unwrap();
 
@@ -938,11 +938,7 @@ mod tests {
     fn test_verify_asymmetric_keys_parse_failed() {
         let (user_key, key_pair) = setup_asymmetric_keys_test();
 
-        let invalid_private_key = "bad_key"
-            .to_string()
-            .into_bytes()
-            .encrypt_with_key(&user_key.0)
-            .unwrap();
+        let invalid_private_key = "bad_key".to_string().encrypt_with_key(&user_key.0).unwrap();
 
         let request = VerifyAsymmetricKeysRequest {
             user_key: user_key.0.to_base64(),

crates/bitwarden-core/src/key_management/mod.rs

@@ -6,7 +6,9 @@
 //! - [KeyIds] is a helper type that combines both symmetric and asymmetric key identifiers. This is
 //!   usually used in the type bounds of [KeyStore],
 //!   [KeyStoreContext](bitwarden_crypto::KeyStoreContext),
-//!   [Encryptable](bitwarden_crypto::Encryptable) and [Decryptable](bitwarden_crypto::Encryptable).
+//!   [PrimitiveEncryptable](bitwarden_crypto::PrimitiveEncryptable),
+//!   [CompositeEncryptable](bitwarden_crypto::CompositeEncryptable), and
+//!   [Decryptable](bitwarden_crypto::Decryptable).
 use bitwarden_crypto::{key_ids, KeyStore, SymmetricCryptoKey};
 
 #[cfg(feature = "internal")]

crates/bitwarden-core/src/platform/generate_fingerprint.rs

@@ -42,8 +42,7 @@ pub enum FingerprintError {
 
 pub(crate) fn generate_fingerprint(input: &FingerprintRequest) -> Result<String, FingerprintError> {
     let key = STANDARD.decode(&input.public_key)?;
-
-    Ok(fingerprint(&input.fingerprint_material, &key)?)
+    Ok(fingerprint(&input.fingerprint_material, &key.into())?)
 }
 
 /// Errors that can occur when computing a fingerprint.