Cleanup

Author: quexten

crates/bitwarden-core/src/client/encryption_settings.rs

@@ -1,6 +1,4 @@
-use bitwarden_crypto::{
-    security_state::SignedSecurityState, CoseKeyBytes, CryptoError, Pkcs8PrivateKeyBytes,
-};
+use bitwarden_crypto::{security_state::SignedSecurityState, CryptoError, Pkcs8PrivateKeyBytes};
 #[cfg(feature = "internal")]
 use bitwarden_crypto::{EncString, UnsignedSharedKey};
 #[cfg(any(feature = "internal", feature = "secrets"))]
@@ -73,7 +71,9 @@ impl EncryptionSettings {
             // For v2 users, we mandate the signing key and security state to be present
             // The private key must also be valid.
 
-            use bitwarden_crypto::{security_state::SecurityState, CoseSerializable, SigningKey};
+            use bitwarden_crypto::{
+                security_state::SecurityState, CoseKeyBytes, CoseSerializable, SigningKey,
+            };
 
             // Both of these are required for v2 users
             let signing_key = signing_key.ok_or(EncryptionSettingsError::Crypto(
@@ -87,11 +87,12 @@ impl EncryptionSettings {
 
             // Everything MUST decrypt.
             let signing_key: Vec<u8> = signing_key.decrypt_with_key(&user_key)?;
-            let signing_key = SigningKey::from_cose(&signing_key)
+            let signing_key = SigningKey::from_cose(&CoseKeyBytes::from(signing_key))
                 .map_err(|_| EncryptionSettingsError::InvalidSigningKey)?;
             let private_key: Vec<u8> = private_key.decrypt_with_key(&user_key)?;
-            let private_key = AsymmetricCryptoKey::from_der(&private_key)
-                .map_err(|_| EncryptionSettingsError::InvalidPrivateKey)?;
+            let private_key =
+                AsymmetricCryptoKey::from_der(&Pkcs8PrivateKeyBytes::from(private_key))
+                    .map_err(|_| EncryptionSettingsError::InvalidPrivateKey)?;
             let _security_state: SecurityState = security_state
                 .verify_and_unwrap(&signing_key.to_verifying_key())
                 .map_err(|_| EncryptionSettingsError::InvalidSecurityState)?;
@@ -111,7 +112,7 @@ impl EncryptionSettings {
 
                 // FIXME: [PM-11690] - Temporarily ignore invalid private keys until we have a
                 // recovery process in place.
-                AsymmetricCryptoKey::from_der(&dec)
+                AsymmetricCryptoKey::from_der(&Pkcs8PrivateKeyBytes::from(dec))
                     .map_err(|_| {
                         warn!("Invalid private key");
                     })

crates/bitwarden-core/src/key_management/crypto.rs

@@ -9,9 +9,9 @@ use std::collections::HashMap;
 use base64::{engine::general_purpose::STANDARD, Engine};
 use bitwarden_crypto::{
     security_state::SignedSecurityState, AsymmetricCryptoKey, CoseSerializable, CryptoError,
-    EncString, Encryptable, Kdf, KeyDecryptable, KeyEncryptable, MasterKey, RotateUserKeysResponse,
-    SignatureAlgorithm, SignedPublicKey, SigningKey, SymmetricCryptoKey, UnsignedSharedKey,
-    UserKey,
+    EncString, Kdf, KeyDecryptable, KeyEncryptable, MasterKey, Pkcs8PrivateKeyBytes,
+    PrimitiveEncryptable, RotatedUserKeys, SignatureAlgorithm, SignedPublicKey, SigningKey,
+    SymmetricCryptoKey, UnsignedSharedKey, UserKey,
 };
 use bitwarden_error::bitwarden_error;
 use schemars::JsonSchema;
@@ -544,9 +544,9 @@ pub(super) fn verify_asymmetric_keys(
             .decrypt_with_key(user_key)
             .map_err(VerifyError::DecryptFailed)?;
 
-        let decrypted_private_key = Pkcs8PrivateKeyBytes::from(decrypted_private_key);
-        let private_key = AsymmetricCryptoKey::from_der(&decrypted_private_key)
-            .map_err(VerifyError::ParseFailed)?;
+        let private_key =
+            AsymmetricCryptoKey::from_der(&Pkcs8PrivateKeyBytes::from(decrypted_private_key))
+                .map_err(VerifyError::ParseFailed)?;
 
         let derived_public_key_vec = private_key
             .to_public_key()
@@ -698,10 +698,10 @@ pub struct RotateUserKeysResponse {
 impl From<RotatedUserKeys> for RotateUserKeysResponse {
     fn from(rotated: RotatedUserKeys) -> Self {
         RotateUserKeysResponse {
-            verifying_key: Base64String::from(rotated.verifying_key.to_vec()).into(),
+            verifying_key: Base64String::from(rotated.verifying_key).into(),
             signing_key: rotated.signing_key,
-            signed_public_key: Base64String::from(rotated.signed_public_key.to_vec()).into(),
-            public_key: Base64String::from(rotated.public_key.to_vec()).into(),
+            signed_public_key: Base64String::from(rotated.signed_public_key).into(),
+            public_key: Base64String::from(rotated.public_key).into(),
             private_key: rotated.private_key,
         }
     }

crates/bitwarden-core/src/key_management/crypto_client.rs

@@ -18,7 +18,8 @@ use crate::key_management::crypto::{
 use crate::{
     client::encryption_settings::EncryptionSettingsError,
     key_management::crypto::{
-        make_keys_for_user_crypto_v2, CryptoClientError, RotateUserKeysResponse,
+        get_v2_rotated_account_keys, make_keys_for_user_crypto_v2, CryptoClientError,
+        RotateUserKeysResponse,
     },
     Client,
 };

crates/bitwarden-core/src/types.rs

@@ -1,11 +1,17 @@
 use base64::{engine::general_purpose::STANDARD, Engine};
-use bitwarden_crypto::{Pkcs8PrivateKeyBytes, SpkiPublicKeyBytes};
+use bitwarden_crypto::{CoseKeyBytes, CoseSign1Bytes, Pkcs8PrivateKeyBytes, SpkiPublicKeyBytes};
 
 /// A wrapper around a Base64-encoded string that can be used to decode it into a byte vector.
 /// This is useful for handling Base64-encoded strings in a type-safe manner,
 /// ensuring that the string is always treated as Base64 data.
 pub struct Base64String(String);
 
+impl Base64String {
+    fn from_vec(val: Vec<u8>) -> Self {
+        Base64String(STANDARD.encode(val))
+    }
+}
+
 impl From<String> for Base64String {
     fn from(val: String) -> Self {
         Base64String(val)
@@ -49,3 +55,27 @@ impl TryInto<Pkcs8PrivateKeyBytes> for Base64String {
         Ok(Pkcs8PrivateKeyBytes::from(bytes))
     }
 }
+
+impl From<Pkcs8PrivateKeyBytes> for Base64String {
+    fn from(val: Pkcs8PrivateKeyBytes) -> Self {
+        Self::from_vec(val.to_vec())
+    }
+}
+
+impl From<CoseKeyBytes> for Base64String {
+    fn from(val: CoseKeyBytes) -> Self {
+        Self::from_vec(val.to_vec())
+    }
+}
+
+impl From<SpkiPublicKeyBytes> for Base64String {
+    fn from(val: SpkiPublicKeyBytes) -> Self {
+        Self::from_vec(val.to_vec())
+    }
+}
+
+impl From<CoseSign1Bytes> for Base64String {
+    fn from(val: CoseSign1Bytes) -> Self {
+        Self::from_vec(val.to_vec())
+    }
+}