Implement security context

Author: quexten

crates/bitwarden-core/src/auth/auth_request.rs

@@ -164,7 +164,7 @@ mod tests {
         let private_key ="2.yN7l00BOlUE0Sb0M//Q53w==|EwKG/BduQRQ33Izqc/ogoBROIoI5dmgrxSo82sgzgAMIBt3A2FZ9vPRMY+GWT85JiqytDitGR3TqwnFUBhKUpRRAq4x7rA6A1arHrFp5Tp1p21O3SfjtvB3quiOKbqWk6ZaU1Np9HwqwAecddFcB0YyBEiRX3VwF2pgpAdiPbSMuvo2qIgyob0CUoC/h4Bz1be7Qa7B0Xw9/fMKkB1LpOm925lzqosyMQM62YpMGkjMsbZz0uPopu32fxzDWSPr+kekNNyLt9InGhTpxLmq1go/pXR2uw5dfpXc5yuta7DB0EGBwnQ8Vl5HPdDooqOTD9I1jE0mRyuBpWTTI3FRnu3JUh3rIyGBJhUmHqGZvw2CKdqHCIrQeQkkEYqOeJRJVdBjhv5KGJifqT3BFRwX/YFJIChAQpebNQKXe/0kPivWokHWwXlDB7S7mBZzhaAPidZvnuIhalE2qmTypDwHy22FyqV58T8MGGMchcASDi/QXI6kcdpJzPXSeU9o+NC68QDlOIrMVxKFeE7w7PvVmAaxEo0YwmuAzzKy9QpdlK0aab/xEi8V4iXj4hGepqAvHkXIQd+r3FNeiLfllkb61p6WTjr5urcmDQMR94/wYoilpG5OlybHdbhsYHvIzYoLrC7fzl630gcO6t4nM24vdB6Ymg9BVpEgKRAxSbE62Tqacxqnz9AcmgItb48NiR/He3n3ydGjPYuKk/ihZMgEwAEZvSlNxYONSbYrIGDtOY+8Nbt6KiH3l06wjZW8tcmFeVlWv+tWotnTY9IqlAfvNVTjtsobqtQnvsiDjdEVtNy/s2ci5TH+NdZluca2OVEr91Wayxh70kpM6ib4UGbfdmGgCo74gtKvKSJU0rTHakQ5L9JlaSDD5FamBRyI0qfL43Ad9qOUZ8DaffDCyuaVyuqk7cz9HwmEmvWU3VQ+5t06n/5kRDXttcw8w+3qClEEdGo1KeENcnXCB32dQe3tDTFpuAIMLqwXs6FhpawfZ5kPYvLPczGWaqftIs/RXJ/EltGc0ugw2dmTLpoQhCqrcKEBDoYVk0LDZKsnzitOGdi9mOWse7Se8798ib1UsHFUjGzISEt6upestxOeupSTOh0v4+AjXbDzRUyogHww3V+Bqg71bkcMxtB+WM+pn1XNbVTyl9NR040nhP7KEf6e9ruXAtmrBC2ah5cFEpLIot77VFZ9ilLuitSz+7T8n1yAh1IEG6xxXxninAZIzi2qGbH69O5RSpOJuJTv17zTLJQIIc781JwQ2TTwTGnx5wZLbffhCasowJKd2EVcyMJyhz6ru0PvXWJ4hUdkARJs3Xu8dus9a86N8Xk6aAPzBDqzYb1vyFIfBxP0oO8xFHgd30Cgmz8UrSE3qeWRrF8ftrI6xQnFjHBGWD/JWSvd6YMcQED0aVuQkuNW9ST/DzQThPzRfPUoiL10yAmV7Ytu4fR3x2sF0Yfi87YhHFuCMpV/DsqxmUizyiJuD938eRcH8hzR/VO53Qo3UIsqOLcyXtTv6THjSlTopQ+JOLOnHm1w8dzYbLN44OG44rRsbihMUQp+wUZ6bsI8rrOnm9WErzkbQFbrfAINdoCiNa6cimYIjvvnMTaFWNymqY1vZxGztQiMiHiHYwTfwHTXrb9j0uPM=|09J28iXv9oWzYtzK2LBT6Yht4IT4MijEkk0fwFdrVQ4=".parse().unwrap();
         client
             .internal
-            .initialize_user_crypto_master_key(master_key, user_key, private_key, None)
+            .initialize_user_crypto_master_key(master_key, user_key, private_key, None, None)
             .unwrap();
 
         let public_key = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvyLRDUwXB4BfQ507D4meFPmwn5zwy3IqTPJO4plrrhnclWahXa240BzyFW9gHgYu+Jrgms5xBfRTBMcEsqqNm7+JpB6C1B6yvnik0DpJgWQw1rwvy4SUYidpR/AWbQi47n/hvnmzI/sQxGddVfvWu1iTKOlf5blbKYAXnUE5DZBGnrWfacNXwRRdtP06tFB0LwDgw+91CeLSJ9py6dm1qX5JIxoO8StJOQl65goLCdrTWlox+0Jh4xFUfCkb+s3px+OhSCzJbvG/hlrSRcUz5GnwlCEyF3v5lfUtV96MJD+78d8pmH6CfFAp2wxKRAbGdk+JccJYO6y6oIXd3Fm7twIDAQAB";
@@ -175,15 +175,16 @@ mod tests {
         let fingerprint = fingerprint("[email protected]", &pubkey).unwrap();
         assert_eq!(fingerprint, "childless-unfair-prowler-dropbox-designate");
 
-        approve_auth_request(&client, public_key.to_owned()).unwrap();
+        approve_auth_request(&client, public_key.to_owned().into()).unwrap();
     }
 
     #[tokio::test]
     async fn test_decrypt_user_key() {
         let private_key = "MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCzLtEUdxfcLxDj84yaGFsVF5hZ8Hjlb08NMQDy1RnBma06I3ZESshLYzVz4r/gegMn9OOltfV/Yxlyvida8oW6qdlfJ7AVz6Oa8pV7BiL40C7b76+oqraQpyYw2HChANB1AhXL9SqWngKmLZwjA7qiCrmcc0kZHeOb4KnKtp9iVvPVs+8veFvKgYO4ba2AAOHKFdR0W55/agXfAy+fWUAkC8mc9ikyJdQWaPV6OZvC2XFkOseBQm9Rynudh3BQpoWiL6w620efe7t5k+02/EyOFJL9f/XEEjM/+Yo0t3LAfkuhHGeKiRST59Xc9hTEmyJTeVXROtz+0fjqOp3xkaObAgMBAAECggEACs4xhnO0HaZhh1/iH7zORMIRXKeyxP2LQiTR8xwN5JJ9wRWmGAR9VasS7EZFTDidIGVME2u/h4s5EqXnhxfO+0gGksVvgNXJ/qw87E8K2216g6ZNo6vSGA7H1GH2voWwejJ4/k/cJug6dz2S402rRAKh2Wong1arYHSkVlQp3diiMa5FHAOSE+Cy09O2ZsaF9IXQYUtlW6AVXFrBEPYH2kvkaPXchh8VETMijo6tbvoKLnUHe+wTaDMls7hy8exjtVyI59r3DNzjy1lNGaGb5QSnFMXR+eHhPZc844Wv02MxC15zKABADrl58gpJyjTl6XpDdHCYGsmGpVGH3X9TQQKBgQDz/9beFjzq59ve6rGwn+EtnQfSsyYT+jr7GN8lNEXb3YOFXBgPhfFIcHRh2R00Vm9w2ApfAx2cd8xm2I6HuvQ1Os7g26LWazvuWY0Qzb+KaCLQTEGH1RnTq6CCG+BTRq/a3J8M4t38GV5TWlzv8wr9U4dl6FR4efjb65HXs1GQ4QKBgQC7/uHfrOTEHrLeIeqEuSl0vWNqEotFKdKLV6xpOvNuxDGbgW4/r/zaxDqt0YBOXmRbQYSEhmO3oy9J6XfE1SUln0gbavZeW0HESCAmUIC88bDnspUwS9RxauqT5aF8ODKN/bNCWCnBM1xyonPOs1oT1nyparJVdQoG//Y7vkB3+wKBgBqLqPq8fKAp3XfhHLfUjREDVoiLyQa/YI9U42IOz9LdxKNLo6p8rgVthpvmnRDGnpUuS+KOWjhdqDVANjF6G3t3DG7WNl8Rh5Gk2H4NhFswfSkgQrjebFLlBy9gjQVCWXt8KSmjvPbiY6q52Aaa8IUjA0YJAregvXxfopxO+/7BAoGARicvEtDp7WWnSc1OPoj6N14VIxgYcI7SyrzE0d/1x3ffKzB5e7qomNpxKzvqrVP8DzG7ydh8jaKPmv1MfF8tpYRy3AhmN3/GYwCnPqT75YYrhcrWcVdax5gmQVqHkFtIQkRSCIftzPLlpMGKha/YBV8c1fvC4LD0NPh/Ynv0gtECgYEAyOZg95/kte0jpgUEgwuMrzkhY/AaUJULFuR5MkyvReEbtSBQwV5tx60+T95PHNiFooWWVXiLMsAgyI2IbkxVR1Pzdri3gWK5CTfqb7kLuaj/B7SGvBa2Sxo478KS5K8tBBBWkITqo+wLC0mn3uZi1dyMWO1zopTA+KtEGF2dtGQ=";
 
         let enc_user_key = "4.dxbd5OMwi/Avy7DQxvLV+Z7kDJgHBtg/jAbgYNO7QU0Zii4rLFNco2lS5aS9z42LTZHc2p5HYwn2ZwkZNfHsQ6//d5q40MDgGYJMKBXOZP62ZHhct1XsvYBmtcUtIOm5j2HSjt2pjEuGAc1LbyGIWRJJQ3Lp1ULbL2m71I+P23GF36JyOM8SUWvpvxE/3+qqVhRFPG2VqMCYa2kLLxwVfUmpV+KKjX1TXsrq6pfJIwHNwHw4h7MSfD8xTy2bx4MiBt638Z9Vt1pGsSQkh9RgPvCbnhuCpZQloUgJ8ByLVEcrlKx3yaaxiQXvte+ZhuOI7rGdjmoVoOzisooje4JgYw==".parse().unwrap();
-        let dec = auth_request_decrypt_user_key(private_key.to_owned(), enc_user_key).unwrap();
+        let dec =
+            auth_request_decrypt_user_key(private_key.to_owned().into(), enc_user_key).unwrap();
 
         assert_eq!(
             &dec.to_encoded().to_vec(),
@@ -200,9 +201,12 @@ mod tests {
 
         let enc_master_key = "4.dxbd5OMwi/Avy7DQxvLV+Z7kDJgHBtg/jAbgYNO7QU0Zii4rLFNco2lS5aS9z42LTZHc2p5HYwn2ZwkZNfHsQ6//d5q40MDgGYJMKBXOZP62ZHhct1XsvYBmtcUtIOm5j2HSjt2pjEuGAc1LbyGIWRJJQ3Lp1ULbL2m71I+P23GF36JyOM8SUWvpvxE/3+qqVhRFPG2VqMCYa2kLLxwVfUmpV+KKjX1TXsrq6pfJIwHNwHw4h7MSfD8xTy2bx4MiBt638Z9Vt1pGsSQkh9RgPvCbnhuCpZQloUgJ8ByLVEcrlKx3yaaxiQXvte+ZhuOI7rGdjmoVoOzisooje4JgYw==".parse().unwrap();
         let enc_user_key = "2.Q/2PhzcC7GdeiMHhWguYAQ==|GpqzVdr0go0ug5cZh1n+uixeBC3oC90CIe0hd/HWA/pTRDZ8ane4fmsEIcuc8eMKUt55Y2q/fbNzsYu41YTZzzsJUSeqVjT8/iTQtgnNdpo=|dwI+uyvZ1h/iZ03VQ+/wrGEFYVewBUUl/syYgjsNMbE=".parse().unwrap();
-        let dec =
-            auth_request_decrypt_master_key(private_key.to_owned(), enc_master_key, enc_user_key)
-                .unwrap();
+        let dec = auth_request_decrypt_master_key(
+            private_key.to_owned().into(),
+            enc_master_key,
+            enc_user_key,
+        )
+        .unwrap();
 
         assert_eq!(
             &dec.to_encoded().to_vec(),
@@ -232,15 +236,22 @@ mod tests {
 
         existing_device
             .internal
-            .initialize_user_crypto_master_key(master_key, user_key, private_key.clone(), None)
+            .initialize_user_crypto_master_key(
+                master_key,
+                user_key,
+                private_key.clone(),
+                None,
+                None,
+            )
             .unwrap();
 
         // Initialize a new device which will request to be logged in
         let new_device = Client::new(None);
 
         // Initialize an auth request, and approve it on the existing device
         let auth_req = new_auth_request(email).unwrap();
-        let approved_req = approve_auth_request(&existing_device, auth_req.public_key).unwrap();
+        let approved_req =
+            approve_auth_request(&existing_device, auth_req.public_key.into()).unwrap();
 
         // Unlock the vault using the approved request
         new_device
@@ -251,6 +262,7 @@ mod tests {
                 email: email.to_owned(),
                 private_key,
                 signing_key: None,
+                security_state: None,
                 method: InitUserCryptoMethod::AuthRequest {
                     request_private_key: auth_req.private_key,
                     method: AuthRequestMethod::UserKey {

crates/bitwarden-core/src/auth/login/api_key.rs

@@ -56,6 +56,7 @@ pub(crate) async fn login_api_key(
             user_key,
             private_key,
             None,
+            None,
         )?;
     }
 

crates/bitwarden-core/src/auth/login/auth_request.rs

@@ -121,6 +121,7 @@ pub(crate) async fn complete_auth_request(
                 email: auth_req.email,
                 private_key: require!(r.private_key).parse()?,
                 signing_key: None,
+                security_state: None,
                 method: InitUserCryptoMethod::AuthRequest {
                     request_private_key: auth_req.private_key,
                     method,

crates/bitwarden-core/src/auth/login/password.rs

@@ -55,6 +55,7 @@ pub(crate) async fn login_password(
             user_key,
             private_key,
             None,
+            None,
         )?;
     }
 

crates/bitwarden-core/src/auth/password/validate.rs

@@ -145,6 +145,7 @@ mod tests {
                 user_key.parse().unwrap(),
                 private_key,
                 None,
+                None,
             )
             .unwrap();
 
@@ -193,6 +194,7 @@ mod tests {
                 user_key.parse().unwrap(),
                 private_key,
                 None,
+                None,
             )
             .unwrap();
 

crates/bitwarden-core/src/auth/pin.rs

@@ -80,6 +80,7 @@ mod tests {
                 user_key.parse().unwrap(),
                 private_key,
                 None,
+                None,
             )
             .unwrap();
 

crates/bitwarden-core/src/auth/tde.rs

@@ -1,9 +1,10 @@
-use base64::{engine::general_purpose::STANDARD, Engine};
 use bitwarden_crypto::{
     AsymmetricPublicCryptoKey, DeviceKey, EncString, Kdf, SpkiPublicKeyBytes, SymmetricCryptoKey,
     TrustDeviceResponse, UnsignedSharedKey, UserKey,
 };
 
+use base64::{engine::general_purpose::STANDARD, Engine};
+
 use crate::{client::encryption_settings::EncryptionSettingsError, Client};
 
 /// This function generates a new user key and key pair, initializes the client's crypto with the
@@ -45,6 +46,7 @@ pub(super) fn make_register_tde_keys(
         // Note: Signing keys are not supported on registration yet. This needs to be changed as
         // soon as registration is supported.
         None,
+        None,
     )?;
 
     Ok(RegisterTdeKeyResponse {

crates/bitwarden-core/src/client/encryption_settings.rs

@@ -1,5 +1,6 @@
 #[cfg(feature = "internal")]
-use bitwarden_crypto::{EncString, UnsignedSharedKey};
+use bitwarden_crypto::{security_state::SignedSecurityState, EncString, UnsignedSharedKey};
+use bitwarden_crypto::{CryptoError, Pkcs8PrivateKeyBytes};
 #[cfg(any(feature = "internal", feature = "secrets"))]
 use bitwarden_crypto::{KeyStore, SymmetricCryptoKey};
 use bitwarden_error::bitwarden_error;
@@ -30,6 +31,9 @@ pub enum EncryptionSettingsError {
     #[error("Invalid signing key")]
     InvalidSigningKey,
 
+    #[error("Invalid security state")]
+    InvalidSecurityState,
+
     #[error(transparent)]
     MissingPrivateKey(#[from] MissingPrivateKeyError),
 
@@ -50,49 +54,85 @@ impl EncryptionSettings {
         user_key: SymmetricCryptoKey,
         private_key: EncString,
         signing_key: Option<EncString>,
+        security_state: Option<SignedSecurityState>,
         store: &KeyStore<KeyIds>,
     ) -> Result<(), EncryptionSettingsError> {
-        use bitwarden_crypto::{AsymmetricCryptoKey, CoseSerializable, KeyDecryptable, SigningKey};
+        use bitwarden_crypto::{AsymmetricCryptoKey, KeyDecryptable};
         use log::warn;
 
-        use crate::key_management::{AsymmetricKeyId, SigningKeyId, SymmetricKeyId};
-
-        let private_key = {
-            let dec: Vec<u8> = private_key.decrypt_with_key(&user_key)?;
-            // FIXME: [PM-11690] - Temporarily ignore invalid private keys until we have a recovery
-            // process in place.
-            AsymmetricCryptoKey::from_der(&dec.into())
-                .map_err(|_| {
-                    warn!("Invalid private key");
-                })
-                .ok()
-
-            // Some(
-            //     AsymmetricCryptoKey::from_der(&dec)
-            //         .map_err(|_| EncryptionSettingsError::InvalidPrivateKey)?,
-            // )
-        };
-        let signing_key = signing_key
-            .map(|key| {
-                use bitwarden_crypto::CryptoError;
-
-                let dec: Vec<u8> = key.decrypt_with_key(&user_key)?;
-                SigningKey::from_cose(&dec.into()).map_err(Into::<CryptoError>::into)
-            })
-            .transpose()?;
-
-        // FIXME: [PM-18098] When this is part of crypto we won't need to use deprecated methods
-        #[allow(deprecated)]
-        {
-            let mut ctx = store.context_mut();
-            ctx.set_symmetric_key(SymmetricKeyId::User, user_key)?;
-            if let Some(private_key) = private_key {
+        use crate::key_management::{AsymmetricKeyId, SymmetricKeyId};
+
+        // This is an all-or-nothing check. The server cannot pretend a signing key or security
+        // state to be missing, because they are *always* present when the user key is an
+        // XChaCha20Poly1305Key. Thus, the server or network cannot lie about the presence of these,
+        // because otherwise the entire user account will fail to decrypt.
+        let is_v2_user = matches!(user_key, SymmetricCryptoKey::XChaCha20Poly1305Key(_));
+        if is_v2_user {
+            // For v2 users, we mandate the signing key and security state to be present
+            // The private key must also be valid.
+
+            use bitwarden_crypto::{
+                security_state::SecurityState, CoseKeyBytes, CoseSerializable, SigningKey,
+            };
+
+            // Both of these are required for v2 users
+            let signing_key = signing_key.ok_or(EncryptionSettingsError::Crypto(
+                CryptoError::SecurityDowngrade("Signing key is required for v2 users".to_string()),
+            ))?;
+            let security_state = security_state.ok_or(EncryptionSettingsError::Crypto(
+                CryptoError::SecurityDowngrade(
+                    "Security state is required for v2 users".to_string(),
+                ),
+            ))?;
+
+            // Everything MUST decrypt.
+            let signing_key: Vec<u8> = signing_key.decrypt_with_key(&user_key)?;
+            let signing_key = SigningKey::from_cose(&CoseKeyBytes::from(signing_key))
+                .map_err(|_| EncryptionSettingsError::InvalidSigningKey)?;
+            let private_key: Vec<u8> = private_key.decrypt_with_key(&user_key)?;
+            let private_key =
+                AsymmetricCryptoKey::from_der(&Pkcs8PrivateKeyBytes::from(private_key))
+                    .map_err(|_| EncryptionSettingsError::InvalidPrivateKey)?;
+            let _security_state: SecurityState = security_state
+                .verify_and_unwrap(&signing_key.to_verifying_key())
+                .map_err(|_| EncryptionSettingsError::InvalidSecurityState)?;
+
+            #[allow(deprecated)]
+            {
+                use crate::key_management::SigningKeyId;
+
+                let mut ctx = store.context_mut();
+                ctx.set_symmetric_key(SymmetricKeyId::User, user_key)?;
                 ctx.set_asymmetric_key(AsymmetricKeyId::UserPrivateKey, private_key)?;
-            }
-
-            if let Some(signing_key) = signing_key {
                 ctx.set_signing_key(SigningKeyId::UserSigningKey, signing_key)?;
             }
+        } else {
+            let private_key = {
+                let dec: Vec<u8> = private_key.decrypt_with_key(&user_key)?;
+
+                // FIXME: [PM-11690] - Temporarily ignore invalid private keys until we have a
+                // recovery process in place.
+                AsymmetricCryptoKey::from_der(&Pkcs8PrivateKeyBytes::from(dec))
+                    .map_err(|_| {
+                        warn!("Invalid private key");
+                    })
+                    .ok()
+
+                // Some(
+                //     AsymmetricCryptoKey::from_der(&dec)
+                //         .map_err(|_| EncryptionSettingsError::InvalidPrivateKey)?,
+                // )
+            };
+
+            // FIXME: [PM-18098] When this is part of crypto we won't need to use deprecated methods
+            #[allow(deprecated)]
+            {
+                let mut ctx = store.context_mut();
+                ctx.set_symmetric_key(SymmetricKeyId::User, user_key)?;
+                if let Some(private_key) = private_key {
+                    ctx.set_asymmetric_key(AsymmetricKeyId::UserPrivateKey, private_key)?;
+                }
+            }
         }
 
         Ok(())

crates/bitwarden-core/src/client/internal.rs

@@ -4,7 +4,9 @@ use bitwarden_crypto::KeyStore;
 #[cfg(any(feature = "internal", feature = "secrets"))]
 use bitwarden_crypto::SymmetricCryptoKey;
 #[cfg(feature = "internal")]
-use bitwarden_crypto::{EncString, Kdf, MasterKey, PinKey, UnsignedSharedKey};
+use bitwarden_crypto::{
+    security_state::SignedSecurityState, EncString, Kdf, MasterKey, PinKey, UnsignedSharedKey,
+};
 #[cfg(feature = "internal")]
 use bitwarden_state::registry::StateRegistry;
 use chrono::Utc;
@@ -217,9 +219,16 @@ impl InternalClient {
         user_key: EncString,
         private_key: EncString,
         signing_key: Option<EncString>,
+        security_state: Option<SignedSecurityState>,
     ) -> Result<(), EncryptionSettingsError> {
         let user_key = master_key.decrypt_user_key(user_key)?;
-        EncryptionSettings::new_decrypted_key(user_key, private_key, signing_key, &self.key_store)?;
+        EncryptionSettings::new_decrypted_key(
+            user_key,
+            private_key,
+            signing_key,
+            security_state,
+            &self.key_store,
+        )?;
 
         Ok(())
     }
@@ -230,8 +239,15 @@ impl InternalClient {
         user_key: SymmetricCryptoKey,
         private_key: EncString,
         signing_key: Option<EncString>,
+        security_state: Option<SignedSecurityState>,
     ) -> Result<(), EncryptionSettingsError> {
-        EncryptionSettings::new_decrypted_key(user_key, private_key, signing_key, &self.key_store)?;
+        EncryptionSettings::new_decrypted_key(
+            user_key,
+            private_key,
+            signing_key,
+            security_state,
+            &self.key_store,
+        )?;
 
         Ok(())
     }
@@ -243,9 +259,15 @@ impl InternalClient {
         pin_protected_user_key: EncString,
         private_key: EncString,
         signing_key: Option<EncString>,
+        security_state: Option<SignedSecurityState>,
     ) -> Result<(), EncryptionSettingsError> {
         let decrypted_user_key = pin_key.decrypt_user_key(pin_protected_user_key)?;
-        self.initialize_user_crypto_decrypted_key(decrypted_user_key, private_key, signing_key)
+        self.initialize_user_crypto_decrypted_key(
+            decrypted_user_key,
+            private_key,
+            signing_key,
+            security_state,
+        )
     }
 
     #[cfg(feature = "secrets")]