Implement key rotation for signing keys

quexten · quexten · commit 4becfdd4656d · 2025-06-19T15:36:32.000+02:00
diff --git a/crates/bitwarden-core/src/key_management/crypto.rs b/crates/bitwarden-core/src/key_management/crypto.rs
@@ -9,8 +9,8 @@ use std::collections::HashMap;
 use base64::{engine::general_purpose::STANDARD, Engine};
 use bitwarden_crypto::{
     AsymmetricCryptoKey, CoseSerializable, CryptoError, EncString, Encryptable, Kdf,
-    KeyDecryptable, KeyEncryptable, MasterKey, SignatureAlgorithm, SignedPublicKey, SigningKey,
-    SymmetricCryptoKey, UnsignedSharedKey, UserKey,
+    KeyDecryptable, KeyEncryptable, MasterKey, RotateUserKeysResponse, SignatureAlgorithm,
+    SignedPublicKey, SigningKey, SymmetricCryptoKey, UnsignedSharedKey, UserKey,
 };
 use bitwarden_error::bitwarden_error;
 use schemars::JsonSchema;
@@ -611,6 +611,25 @@ pub fn make_user_signing_keys_for_enrollment(
     })
 }
 
+/// Gets a set of new wrapped account keys for a user, given a new user key.
+///
+/// In the current implementation, it just re-encrypts any existing keys. This function expects a
+/// user to be a v2 user; that is, they have a signing
+pub fn get_v2_rotated_account_keys(
+    client: &Client,
+    user_key: String,
+) -> Result<RotateUserKeysResponse, CryptoError> {
+    let key_store = client.internal.get_key_store();
+    let ctx = key_store.context();
+
+    bitwarden_crypto::get_v2_rotated_account_keys(
+        SymmetricCryptoKey::try_from(user_key)?,
+        AsymmetricKeyId::UserPrivateKey,
+        SigningKeyId::UserSigningKey,
+        &ctx,
+    )
+}
+
 #[cfg(test)]
 mod tests {
     use std::num::NonZeroU32;
diff --git a/crates/bitwarden-core/src/key_management/crypto_client.rs b/crates/bitwarden-core/src/key_management/crypto_client.rs
@@ -1,4 +1,4 @@
-use bitwarden_crypto::CryptoError;
+use bitwarden_crypto::{CryptoError, RotateUserKeysResponse};
 #[cfg(feature = "internal")]
 use bitwarden_crypto::{EncString, UnsignedSharedKey};
 #[cfg(feature = "wasm")]
@@ -18,7 +18,8 @@ use crate::key_management::crypto::{
 };
 use crate::{
     client::encryption_settings::EncryptionSettingsError,
-    key_management::crypto::CryptoClientError, Client,
+    key_management::crypto::{get_v2_rotated_account_keys, CryptoClientError},
+    Client,
 };
 
 /// A client for the crypto operations.
@@ -69,6 +70,14 @@ impl CryptoClient {
     ) -> Result<MakeUserSigningKeysResponse, CryptoError> {
         make_user_signing_keys_for_enrollment(&self.client)
     }
+
+    /// Creates a rotated set of account keys for the current state
+    pub fn get_v2_rotated_account_keys(
+        &self,
+        user_key: String,
+    ) -> Result<RotateUserKeysResponse, CryptoError> {
+        get_v2_rotated_account_keys(&self.client, user_key)
+    }
 }
 
 impl CryptoClient {
diff --git a/crates/bitwarden-crypto/src/key_rotation/mod.rs b/crates/bitwarden-crypto/src/key_rotation/mod.rs
@@ -0,0 +1,49 @@
+use base64::{engine::general_purpose::STANDARD, Engine};
+use schemars::JsonSchema;
+use serde::{Deserialize, Serialize};
+#[cfg(feature = "wasm")]
+use tsify_next::Tsify;
+
+use crate::{
+    CoseSerializable, CryptoError, EncString, KeyEncryptable, KeyStoreContext, SymmetricCryptoKey,
+};
+
+/// Rotated set of account keys
+#[derive(Serialize, Deserialize, Debug, JsonSchema)]
+#[serde(rename_all = "camelCase", deny_unknown_fields)]
+#[cfg_attr(feature = "uniffi", derive(uniffi::Record))]
+#[cfg_attr(feature = "wasm", derive(Tsify), tsify(into_wasm_abi, from_wasm_abi))]
+pub struct RotateUserKeysResponse {
+    /// The verifying key
+    verifying_key: String,
+    /// Signing key, encrypted with a symmetric key (user key, org key)
+    signing_key: EncString,
+    /// The user's public key, signed by the signing key
+    signed_public_key: String,
+    // The user's public key, without signature
+    public_key: String,
+    // The user's private key, encrypted with the user key
+    private_key: EncString,
+}
+
+/// Re-encrypts the user's keys with the provided symmetric key for a v2 user.
+pub fn get_v2_rotated_account_keys<Ids: crate::KeyIds>(
+    new_user_key: SymmetricCryptoKey,
+    current_user_private_key_id: Ids::Asymmetric,
+    current_user_signing_key_id: Ids::Signing,
+    ctx: &KeyStoreContext<Ids>,
+) -> Result<RotateUserKeysResponse, CryptoError> {
+    let signing_key = ctx.get_signing_key(current_user_signing_key_id)?;
+    let private_key = ctx.get_asymmetric_key(current_user_private_key_id)?;
+    let signed_public_key: Vec<u8> = ctx
+        .make_signed_public_key(current_user_private_key_id, current_user_signing_key_id)?
+        .into();
+
+    Ok(RotateUserKeysResponse {
+        verifying_key: STANDARD.encode(signing_key.to_verifying_key().to_cose()),
+        signing_key: signing_key.to_cose().encrypt_with_key(&new_user_key)?,
+        signed_public_key: STANDARD.encode(&signed_public_key),
+        public_key: STANDARD.encode(private_key.to_public_key().to_der()?),
+        private_key: private_key.to_der()?.encrypt_with_key(&new_user_key)?,
+    })
+}
diff --git a/crates/bitwarden-crypto/src/lib.rs b/crates/bitwarden-crypto/src/lib.rs
@@ -20,6 +20,8 @@ pub use error::CryptoError;
 pub(crate) use error::Result;
 mod fingerprint;
 pub use fingerprint::fingerprint;
+mod key_rotation;
+pub use key_rotation::*;
 mod keys;
 pub use keys::*;
 mod rsa;
diff --git a/crates/bitwarden-crypto/src/store/context.rs b/crates/bitwarden-crypto/src/store/context.rs
@@ -335,7 +335,10 @@ impl<Ids: KeyIds> KeyStoreContext<'_, Ids> {
         .ok_or_else(|| crate::CryptoError::MissingKeyId(format!("{key_id:?}")))
     }
 
-    fn get_asymmetric_key(&self, key_id: Ids::Asymmetric) -> Result<&AsymmetricCryptoKey> {
+    pub(crate) fn get_asymmetric_key(
+        &self,
+        key_id: Ids::Asymmetric,
+    ) -> Result<&AsymmetricCryptoKey> {
         if key_id.is_local() {
             self.local_asymmetric_keys.get(key_id)
         } else {
@@ -344,7 +347,7 @@ impl<Ids: KeyIds> KeyStoreContext<'_, Ids> {
         .ok_or_else(|| crate::CryptoError::MissingKeyId(format!("{key_id:?}")))
     }
 
-    fn get_signing_key(&self, key_id: Ids::Signing) -> Result<&SigningKey> {
+    pub(crate) fn get_signing_key(&self, key_id: Ids::Signing) -> Result<&SigningKey> {
         if key_id.is_local() {
             self.local_signing_keys.get(key_id)
         } else {
