Add test for rotation

quexten · quexten · commit 6357c3601710 · 2025-06-25T15:11:53.000+02:00
diff --git a/crates/bitwarden-crypto/src/keys/asymmetric_crypto_key.rs b/crates/bitwarden-crypto/src/keys/asymmetric_crypto_key.rs
@@ -17,14 +17,14 @@ pub enum PublicKeyEncryptionAlgorithm {
     RsaOaepSha1 = 0,
 }
 
-#[derive(Clone)]
+#[derive(Clone, PartialEq, Debug)]
 pub(crate) enum RawPublicKey {
     RsaOaepSha1(RsaPublicKey),
 }
 
 /// Public key of a key pair used in a public key encryption scheme. It is used for
 /// encrypting data.
-#[derive(Clone)]
+#[derive(Clone, PartialEq, Debug)]
 pub struct AsymmetricPublicCryptoKey {
     inner: RawPublicKey,
 }
diff --git a/crates/bitwarden-crypto/src/store/context.rs b/crates/bitwarden-crypto/src/store/context.rs
@@ -542,9 +542,11 @@ mod tests {
             tests::{Data, DataView},
             KeyStore,
         },
-        traits::tests::{TestIds, TestSigningKey, TestSymmKey},
-        CompositeEncryptable, CryptoError, Decryptable, SignatureAlgorithm, SigningKey,
-        SigningNamespace, SymmetricCryptoKey,
+        traits::tests::{TestAsymmKey, TestIds, TestSigningKey, TestSymmKey},
+        AsymmetricCryptoKey, AsymmetricPublicCryptoKey, CompositeEncryptable, CoseKeyBytes,
+        CoseSerializable, Decryptable, KeyDecryptable, Pkcs8PrivateKeyBytes,
+        PublicKeyEncryptionAlgorithm, SignatureAlgorithm, SignedPublicKey, SigningKey,
+        SigningNamespace, SpkiPublicKeyBytes, SymmetricCryptoKey,
     };
 
     #[test]
@@ -734,4 +736,83 @@ mod tests {
             &SigningNamespace::ExampleNamespace
         ))
     }
+
+    #[test]
+    fn test_account_key_rotation() {
+        let store: KeyStore<TestIds> = KeyStore::default();
+        let mut ctx = store.context_mut();
+
+        // Generate a new user key
+        let new_user_key = SymmetricCryptoKey::make_xchacha20_poly1305_key();
+        let current_user_private_key_id = TestAsymmKey::A(0);
+        let current_user_signing_key_id = TestSigningKey::A(0);
+
+        // Make the keys
+        ctx.generate_symmetric_key(TestSymmKey::A(0)).unwrap();
+        ctx.make_signing_key(current_user_signing_key_id).unwrap();
+        ctx.set_asymmetric_key(
+            current_user_private_key_id,
+            AsymmetricCryptoKey::make(PublicKeyEncryptionAlgorithm::RsaOaepSha1),
+        )
+        .unwrap();
+
+        // Get the rotated account keys
+        let rotated_keys = ctx
+            .dangerous_get_v2_rotated_account_keys(
+                new_user_key,
+                current_user_private_key_id,
+                current_user_signing_key_id,
+            )
+            .unwrap();
+
+        let user_key = ctx.get_symmetric_key(TestSymmKey::A(0)).unwrap();
+
+        // Public/Private key
+        assert_eq!(
+            AsymmetricPublicCryptoKey::from_der(&rotated_keys.public_key).unwrap(),
+            ctx.get_asymmetric_key(current_user_private_key_id)
+                .unwrap()
+                .to_public_key(),
+        );
+        let decrypted_private_key: Vec<u8> =
+            rotated_keys.private_key.decrypt_with_key(user_key).unwrap();
+        let private_key =
+            AsymmetricCryptoKey::from_der(&Pkcs8PrivateKeyBytes::from(decrypted_private_key))
+                .unwrap();
+        assert_eq!(
+            private_key.to_der().unwrap(),
+            ctx.get_asymmetric_key(current_user_private_key_id)
+                .unwrap()
+                .to_der()
+                .unwrap()
+        );
+
+        // Signing Key
+        let decrypted_signing_key: Vec<u8> =
+            rotated_keys.signing_key.decrypt_with_key(user_key).unwrap();
+        let signing_key =
+            SigningKey::from_cose(&CoseKeyBytes::from(decrypted_signing_key)).unwrap();
+        assert_eq!(
+            signing_key.to_cose(),
+            ctx.get_signing_key(current_user_signing_key_id)
+                .unwrap()
+                .to_cose(),
+        );
+
+        // Signed Public Key
+        let signed_public_key = SignedPublicKey::try_from(rotated_keys.signed_public_key).unwrap();
+        let unwrapped_key = signed_public_key
+            .verify_and_unwrap(
+                &ctx.get_signing_key(current_user_signing_key_id)
+                    .unwrap()
+                    .to_verifying_key(),
+            )
+            .unwrap();
+        assert_eq!(
+            unwrapped_key,
+            ctx.get_asymmetric_key(current_user_private_key_id)
+                .unwrap()
+                .to_public_key()
+        );
+    }
 }

Original file line number	Diff line number	Diff line change
`@@ -17,14 +17,14 @@ pub enum PublicKeyEncryptionAlgorithm {`
`17`	`17`	`RsaOaepSha1 = 0,`
`18`	`18`	`}`
`19`	`19`
`20`		`-#[derive(Clone)]`
	`20`	`+#[derive(Clone, PartialEq, Debug)]`
`21`	`21`	`pub(crate) enum RawPublicKey {`
`22`	`22`	`RsaOaepSha1(RsaPublicKey),`
`23`	`23`	`}`
`24`	`24`
`25`	`25`	`/// Public key of a key pair used in a public key encryption scheme. It is used for`
`26`	`26`	`/// encrypting data.`
`27`		`-#[derive(Clone)]`
	`27`	`+#[derive(Clone, PartialEq, Debug)]`
`28`	`28`	`pub struct AsymmetricPublicCryptoKey {`
`29`	`29`	`inner: RawPublicKey,`
`30`	`30`	`}`