Move rotation to dangerous_get and clean up types

quexten · quexten · commit 977a6b58c703 · 2025-06-25T14:09:14.000+02:00
diff --git a/crates/bitwarden-core/src/key_management/crypto.rs b/crates/bitwarden-core/src/key_management/crypto.rs
@@ -9,8 +9,9 @@ use std::collections::HashMap;
 use base64::{engine::general_purpose::STANDARD, Engine};
 use bitwarden_crypto::{
     AsymmetricCryptoKey, CoseSerializable, CryptoError, EncString, Kdf, KeyDecryptable,
-    KeyEncryptable, MasterKey, Pkcs8PrivateKeyBytes, PrimitiveEncryptable, SignatureAlgorithm,
-    SignedPublicKey, SigningKey, SymmetricCryptoKey, UnsignedSharedKey, UserKey,
+    KeyEncryptable, MasterKey, Pkcs8PrivateKeyBytes, PrimitiveEncryptable, RotatedUserKeys,
+    SignatureAlgorithm, SignedPublicKey, SigningKey, SymmetricCryptoKey, UnsignedSharedKey,
+    UserKey,
 };
 use bitwarden_error::bitwarden_error;
 use schemars::JsonSchema;
@@ -612,6 +613,36 @@ pub fn make_user_signing_keys_for_enrollment(
     })
 }
 
+/// A rotated set of account keys for a user
+#[derive(Serialize, Deserialize, Debug, JsonSchema)]
+#[serde(rename_all = "camelCase", deny_unknown_fields)]
+#[cfg_attr(feature = "uniffi", derive(uniffi::Record))]
+#[cfg_attr(feature = "wasm", derive(Tsify), tsify(into_wasm_abi, from_wasm_abi))]
+pub struct RotateUserKeysResponse {
+    /// The verifying key
+    pub verifying_key: String,
+    /// Signing key, encrypted with a symmetric key (user key, org key)
+    pub signing_key: EncString,
+    /// The user's public key, signed by the signing key
+    pub signed_public_key: String,
+    /// The user's public key, without signature
+    pub public_key: String,
+    /// The user's private key, encrypted with the user key
+    pub private_key: EncString,
+}
+
+impl From<RotatedUserKeys> for RotateUserKeysResponse {
+    fn from(rotated: RotatedUserKeys) -> Self {
+        RotateUserKeysResponse {
+            verifying_key: Base64String::from(rotated.verifying_key.to_vec()).into(),
+            signing_key: rotated.signing_key,
+            signed_public_key: Base64String::from(rotated.signed_public_key.to_vec()).into(),
+            public_key: Base64String::from(rotated.public_key.to_vec()).into(),
+            private_key: rotated.private_key,
+        }
+    }
+}
+
 /// Gets a set of new wrapped account keys for a user, given a new user key.
 ///
 /// In the current implementation, it just re-encrypts any existing keys. This function expects a
@@ -623,12 +654,12 @@ pub fn get_v2_rotated_account_keys(
     let key_store = client.internal.get_key_store();
     let ctx = key_store.context();
 
-    bitwarden_crypto::get_v2_rotated_account_keys(
+    ctx.dangerous_get_v2_rotated_account_keys(
         SymmetricCryptoKey::try_from(user_key)?,
         AsymmetricKeyId::UserPrivateKey,
         SigningKeyId::UserSigningKey,
-        &ctx,
     )
+    .map(|rotated| rotated.into())
 }
 
 #[cfg(test)]
diff --git a/crates/bitwarden-core/src/key_management/crypto_client.rs b/crates/bitwarden-core/src/key_management/crypto_client.rs
@@ -1,4 +1,4 @@
-use bitwarden_crypto::{CryptoError, RotateUserKeysResponse};
+use bitwarden_crypto::CryptoError;
 #[cfg(feature = "internal")]
 use bitwarden_crypto::{EncString, UnsignedSharedKey};
 #[cfg(feature = "wasm")]
@@ -18,7 +18,9 @@ use crate::key_management::crypto::{
 };
 use crate::{
     client::encryption_settings::EncryptionSettingsError,
-    key_management::crypto::{get_v2_rotated_account_keys, CryptoClientError},
+    key_management::crypto::{
+        get_v2_rotated_account_keys, CryptoClientError, RotateUserKeysResponse,
+    },
     Client,
 };
 
diff --git a/crates/bitwarden-core/src/types.rs b/crates/bitwarden-core/src/types.rs
@@ -20,6 +20,12 @@ impl TryInto<Vec<u8>> for Base64String {
     }
 }
 
+impl Into<String> for Base64String {
+    fn into(self) -> String {
+        self.0
+    }
+}
+
 impl From<Vec<u8>> for Base64String {
     fn from(val: Vec<u8>) -> Self {
         Base64String(STANDARD.encode(val))
diff --git a/crates/bitwarden-crypto/src/key_rotation/mod.rs b/crates/bitwarden-crypto/src/key_rotation/mod.rs
@@ -1,49 +1,39 @@
-use base64::{engine::general_purpose::STANDARD, Engine};
-use schemars::JsonSchema;
-use serde::{Deserialize, Serialize};
-#[cfg(feature = "wasm")]
-use tsify_next::Tsify;
-
 use crate::{
-    CoseSerializable, CryptoError, EncString, KeyEncryptable, KeyStoreContext, SymmetricCryptoKey,
+    CoseKeyBytes, CoseSerializable, CoseSign1Bytes, CryptoError, EncString, KeyEncryptable,
+    KeyStoreContext, SpkiPublicKeyBytes, SymmetricCryptoKey,
 };
 
 /// Rotated set of account keys
-#[derive(Serialize, Deserialize, Debug, JsonSchema)]
-#[serde(rename_all = "camelCase", deny_unknown_fields)]
-#[cfg_attr(feature = "uniffi", derive(uniffi::Record))]
-#[cfg_attr(feature = "wasm", derive(Tsify), tsify(into_wasm_abi, from_wasm_abi))]
-pub struct RotateUserKeysResponse {
+pub struct RotatedUserKeys {
     /// The verifying key
-    verifying_key: String,
+    pub verifying_key: CoseKeyBytes,
     /// Signing key, encrypted with a symmetric key (user key, org key)
-    signing_key: EncString,
+    pub signing_key: EncString,
     /// The user's public key, signed by the signing key
-    signed_public_key: String,
-    // The user's public key, without signature
-    public_key: String,
-    // The user's private key, encrypted with the user key
-    private_key: EncString,
+    pub signed_public_key: CoseSign1Bytes,
+    /// The user's public key, without signature
+    pub public_key: SpkiPublicKeyBytes,
+    /// The user's private key, encrypted with the user key
+    pub private_key: EncString,
 }
 
 /// Re-encrypts the user's keys with the provided symmetric key for a v2 user.
-pub fn get_v2_rotated_account_keys<Ids: crate::KeyIds>(
+pub(crate) fn get_v2_rotated_account_keys<Ids: crate::KeyIds>(
     new_user_key: SymmetricCryptoKey,
     current_user_private_key_id: Ids::Asymmetric,
     current_user_signing_key_id: Ids::Signing,
     ctx: &KeyStoreContext<Ids>,
-) -> Result<RotateUserKeysResponse, CryptoError> {
+) -> Result<RotatedUserKeys, CryptoError> {
     let signing_key = ctx.get_signing_key(current_user_signing_key_id)?;
     let private_key = ctx.get_asymmetric_key(current_user_private_key_id)?;
-    let signed_public_key: Vec<u8> = ctx
-        .make_signed_public_key(current_user_private_key_id, current_user_signing_key_id)?
-        .into();
+    let signed_public_key =
+        ctx.make_signed_public_key(current_user_private_key_id, current_user_signing_key_id)?;
 
-    Ok(RotateUserKeysResponse {
-        verifying_key: STANDARD.encode(signing_key.to_verifying_key().to_cose()),
+    Ok(RotatedUserKeys {
+        verifying_key: signing_key.to_verifying_key().to_cose(),
         signing_key: signing_key.to_cose().encrypt_with_key(&new_user_key)?,
-        signed_public_key: STANDARD.encode(&signed_public_key),
-        public_key: STANDARD.encode(private_key.to_public_key().to_der()?),
+        signed_public_key: signed_public_key.into(),
+        public_key: private_key.to_public_key().to_der()?,
         private_key: private_key.to_der()?.encrypt_with_key(&new_user_key)?,
     })
 }
diff --git a/crates/bitwarden-crypto/src/keys/signed_public_key.rs b/crates/bitwarden-crypto/src/keys/signed_public_key.rs
@@ -77,25 +77,23 @@ impl SignedPublicKeyMessage {
 #[derive(Clone, Debug)]
 pub struct SignedPublicKey(pub(crate) SignedObject);
 
-impl From<SignedPublicKey> for Vec<u8> {
+impl From<SignedPublicKey> for CoseSign1Bytes {
     fn from(val: SignedPublicKey) -> Self {
-        val.0.to_cose().to_vec()
+        val.0.to_cose()
     }
 }
 
-impl TryFrom<Vec<u8>> for SignedPublicKey {
-    type Error = EncodingError;
-    fn try_from(bytes: Vec<u8>) -> Result<Self, EncodingError> {
-        Ok(SignedPublicKey(SignedObject::from_cose(
-            &CoseSign1Bytes::from(bytes),
-        )?))
+impl From<SignedPublicKey> for String {
+    fn from(val: SignedPublicKey) -> Self {
+        let bytes: CoseSign1Bytes = val.into();
+        STANDARD.encode(bytes.as_ref())
     }
 }
 
-impl From<SignedPublicKey> for String {
-    fn from(val: SignedPublicKey) -> Self {
-        let bytes: Vec<u8> = val.into();
-        STANDARD.encode(&bytes)
+impl TryFrom<CoseSign1Bytes> for SignedPublicKey {
+    type Error = EncodingError;
+    fn try_from(bytes: CoseSign1Bytes) -> Result<Self, EncodingError> {
+        Ok(SignedPublicKey(SignedObject::from_cose(&bytes)?))
     }
 }
 
@@ -130,7 +128,7 @@ impl FromStr for SignedPublicKey {
         let bytes = STANDARD
             .decode(s)
             .map_err(|_| EncodingError::InvalidCborSerialization)?;
-        Self::try_from(bytes)
+        Self::try_from(CoseSign1Bytes::from(bytes))
     }
 }
 
diff --git a/crates/bitwarden-crypto/src/store/context.rs b/crates/bitwarden-crypto/src/store/context.rs
@@ -10,7 +10,7 @@ use super::KeyStoreInner;
 use crate::{
     derive_shareable_key, error::UnsupportedOperation, signing, store::backend::StoreBackend,
     AsymmetricCryptoKey, BitwardenLegacyKeyBytes, ContentFormat, CryptoError, EncString, KeyId,
-    KeyIds, Result, Signature, SignatureAlgorithm, SignedObject, SignedPublicKey,
+    KeyIds, Result, RotatedUserKeys, Signature, SignatureAlgorithm, SignedObject, SignedPublicKey,
     SignedPublicKeyMessage, SigningKey, SymmetricCryptoKey, UnsignedSharedKey,
 };
 
@@ -515,6 +515,21 @@ impl<Ids: KeyIds> KeyStoreContext<'_, Ids> {
     ) -> Result<(Signature, signing::SerializedMessage)> {
         self.get_signing_key(key)?.sign_detached(message, namespace)
     }
+
+    /// Re-encrypts the user's keys with the provided symmetric key for a v2 user.
+    pub fn dangerous_get_v2_rotated_account_keys(
+        &self,
+        new_user_key: SymmetricCryptoKey,
+        current_user_private_key_id: Ids::Asymmetric,
+        current_user_signing_key_id: Ids::Signing,
+    ) -> Result<RotatedUserKeys> {
+        crate::get_v2_rotated_account_keys(
+            new_user_key,
+            current_user_private_key_id,
+            current_user_signing_key_id,
+            self,
+        )
+    }
 }
 
 #[cfg(test)]
diff --git a/crates/bitwarden-wasm-internal/src/pure_crypto.rs b/crates/bitwarden-wasm-internal/src/pure_crypto.rs
@@ -3,10 +3,10 @@ use std::str::FromStr;
 use bitwarden_core::key_management::{KeyIds, SymmetricKeyId};
 use bitwarden_crypto::{
     AsymmetricCryptoKey, AsymmetricPublicCryptoKey, BitwardenLegacyKeyBytes, CoseKeyBytes,
-    CoseSerializable, CryptoError, Decryptable, EncString, Kdf, KeyDecryptable, KeyEncryptable,
-    KeyStore, MasterKey, OctetStreamBytes, Pkcs8PrivateKeyBytes, PrimitiveEncryptable,
-    SignatureAlgorithm, SignedPublicKey, SigningKey, SpkiPublicKeyBytes, SymmetricCryptoKey,
-    UnsignedSharedKey, VerifyingKey,
+    CoseSerializable, CoseSign1Bytes, CryptoError, Decryptable, EncString, Kdf, KeyDecryptable,
+    KeyEncryptable, KeyStore, MasterKey, OctetStreamBytes, Pkcs8PrivateKeyBytes,
+    PrimitiveEncryptable, SignatureAlgorithm, SignedPublicKey, SigningKey, SpkiPublicKeyBytes,
+    SymmetricCryptoKey, UnsignedSharedKey, VerifyingKey,
 };
 use wasm_bindgen::prelude::*;
 
@@ -304,7 +304,7 @@ impl PureCrypto {
         signed_public_key: Vec<u8>,
         verifying_key: Vec<u8>,
     ) -> Result<Vec<u8>, CryptoError> {
-        let signed_public_key = SignedPublicKey::try_from(signed_public_key)?;
+        let signed_public_key = SignedPublicKey::try_from(CoseSign1Bytes::from(signed_public_key))?;
         let verifying_key = VerifyingKey::from_cose(&CoseKeyBytes::from(verifying_key))?;
         signed_public_key
             .verify_and_unwrap(&verifying_key)

Original file line number	Diff line number	Diff line change
`@@ -20,6 +20,12 @@ impl TryInto<Vec<u8>> for Base64String {`
`20`	`20`	`}`
`21`	`21`	`}`
`22`	`22`
	`23`	`+impl Into<String> for Base64String {`
	`24`	`+ fn into(self) -> String {`
	`25`	`+ self.0`
	`26`	`+ }`
	`27`	`+}`
	`28`	`+`
`23`	`29`	`impl From<Vec<u8>> for Base64String {`
`24`	`30`	`fn from(val: Vec<u8>) -> Self {`
`25`	`31`	`Base64String(STANDARD.encode(val))`
Original file line number	Diff line number	Diff line change
`@@ -77,25 +77,23 @@ impl SignedPublicKeyMessage {`
`77`	`77`	`#[derive(Clone, Debug)]`
`78`	`78`	`pub struct SignedPublicKey(pub(crate) SignedObject);`
`79`	`79`
`80`		`-impl From<SignedPublicKey> for Vec<u8> {`
	`80`	`+impl From<SignedPublicKey> for CoseSign1Bytes {`
`81`	`81`	`fn from(val: SignedPublicKey) -> Self {`
`82`		`- val.0.to_cose().to_vec()`
	`82`	`+ val.0.to_cose()`
`83`	`83`	`}`
`84`	`84`	`}`
`85`	`85`
`86`		`-impl TryFrom<Vec<u8>> for SignedPublicKey {`
`87`		`- type Error = EncodingError;`
`88`		`- fn try_from(bytes: Vec<u8>) -> Result<Self, EncodingError> {`
`89`		`- Ok(SignedPublicKey(SignedObject::from_cose(`
`90`		`- &CoseSign1Bytes::from(bytes),`
`91`		`- )?))`
	`86`	`+impl From<SignedPublicKey> for String {`
	`87`	`+ fn from(val: SignedPublicKey) -> Self {`
	`88`	`+ let bytes: CoseSign1Bytes = val.into();`
	`89`	`+ STANDARD.encode(bytes.as_ref())`
`92`	`90`	`}`
`93`	`91`	`}`
`94`	`92`
`95`		`-impl From<SignedPublicKey> for String {`
`96`		`- fn from(val: SignedPublicKey) -> Self {`
`97`		`- let bytes: Vec<u8> = val.into();`
`98`		`- STANDARD.encode(&bytes)`
	`93`	`+impl TryFrom<CoseSign1Bytes> for SignedPublicKey {`
	`94`	`+ type Error = EncodingError;`
	`95`	`+ fn try_from(bytes: CoseSign1Bytes) -> Result<Self, EncodingError> {`
	`96`	`+ Ok(SignedPublicKey(SignedObject::from_cose(&bytes)?))`
`99`	`97`	`}`
`100`	`98`	`}`
`101`	`99`
`@@ -130,7 +128,7 @@ impl FromStr for SignedPublicKey {`
`130`	`128`	`let bytes = STANDARD`
`131`	`129`	`.decode(s)`
`132`	`130`	`.map_err(\|_\| EncodingError::InvalidCborSerialization)?;`
`133`		`- Self::try_from(bytes)`
	`131`	`+ Self::try_from(CoseSign1Bytes::from(bytes))`
`134`	`132`	`}`
`135`	`133`	`}`
`136`	`134`