[PM-22861] Account security state

Cargo.toml

@@ -57,6 +57,7 @@ reqwest = { version = ">=0.12.5, <0.13", features = [
 ], default-features = false }
 schemars = { version = ">=0.8.9, <0.9", features = ["uuid1", "chrono"] }
 serde = { version = ">=1.0, <2.0", features = ["derive"] }
+serde_bytes = { version = ">=0.11.17, <0.12.0" }
 serde_json = ">=1.0.96, <2.0"
 serde_qs = ">=0.12.0, <0.16"
 serde_repr = ">=0.1.12, <0.2"

crates/bitwarden-core/Cargo.toml

@@ -45,6 +45,7 @@ rand = ">=0.8.5, <0.9"
 reqwest = { workspace = true }
 schemars = { workspace = true }
 serde = { workspace = true }
+serde_bytes = { workspace = true }
 serde_json = { workspace = true }
 serde_qs = { workspace = true }
 serde_repr = { workspace = true }

crates/bitwarden-core/src/auth/auth_request.rs

@@ -164,7 +164,7 @@ mod tests {
         let private_key ="2.yN7l00BOlUE0Sb0M//Q53w==|EwKG/BduQRQ33Izqc/ogoBROIoI5dmgrxSo82sgzgAMIBt3A2FZ9vPRMY+GWT85JiqytDitGR3TqwnFUBhKUpRRAq4x7rA6A1arHrFp5Tp1p21O3SfjtvB3quiOKbqWk6ZaU1Np9HwqwAecddFcB0YyBEiRX3VwF2pgpAdiPbSMuvo2qIgyob0CUoC/h4Bz1be7Qa7B0Xw9/fMKkB1LpOm925lzqosyMQM62YpMGkjMsbZz0uPopu32fxzDWSPr+kekNNyLt9InGhTpxLmq1go/pXR2uw5dfpXc5yuta7DB0EGBwnQ8Vl5HPdDooqOTD9I1jE0mRyuBpWTTI3FRnu3JUh3rIyGBJhUmHqGZvw2CKdqHCIrQeQkkEYqOeJRJVdBjhv5KGJifqT3BFRwX/YFJIChAQpebNQKXe/0kPivWokHWwXlDB7S7mBZzhaAPidZvnuIhalE2qmTypDwHy22FyqV58T8MGGMchcASDi/QXI6kcdpJzPXSeU9o+NC68QDlOIrMVxKFeE7w7PvVmAaxEo0YwmuAzzKy9QpdlK0aab/xEi8V4iXj4hGepqAvHkXIQd+r3FNeiLfllkb61p6WTjr5urcmDQMR94/wYoilpG5OlybHdbhsYHvIzYoLrC7fzl630gcO6t4nM24vdB6Ymg9BVpEgKRAxSbE62Tqacxqnz9AcmgItb48NiR/He3n3ydGjPYuKk/ihZMgEwAEZvSlNxYONSbYrIGDtOY+8Nbt6KiH3l06wjZW8tcmFeVlWv+tWotnTY9IqlAfvNVTjtsobqtQnvsiDjdEVtNy/s2ci5TH+NdZluca2OVEr91Wayxh70kpM6ib4UGbfdmGgCo74gtKvKSJU0rTHakQ5L9JlaSDD5FamBRyI0qfL43Ad9qOUZ8DaffDCyuaVyuqk7cz9HwmEmvWU3VQ+5t06n/5kRDXttcw8w+3qClEEdGo1KeENcnXCB32dQe3tDTFpuAIMLqwXs6FhpawfZ5kPYvLPczGWaqftIs/RXJ/EltGc0ugw2dmTLpoQhCqrcKEBDoYVk0LDZKsnzitOGdi9mOWse7Se8798ib1UsHFUjGzISEt6upestxOeupSTOh0v4+AjXbDzRUyogHww3V+Bqg71bkcMxtB+WM+pn1XNbVTyl9NR040nhP7KEf6e9ruXAtmrBC2ah5cFEpLIot77VFZ9ilLuitSz+7T8n1yAh1IEG6xxXxninAZIzi2qGbH69O5RSpOJuJTv17zTLJQIIc781JwQ2TTwTGnx5wZLbffhCasowJKd2EVcyMJyhz6ru0PvXWJ4hUdkARJs3Xu8dus9a86N8Xk6aAPzBDqzYb1vyFIfBxP0oO8xFHgd30Cgmz8UrSE3qeWRrF8ftrI6xQnFjHBGWD/JWSvd6YMcQED0aVuQkuNW9ST/DzQThPzRfPUoiL10yAmV7Ytu4fR3x2sF0Yfi87YhHFuCMpV/DsqxmUizyiJuD938eRcH8hzR/VO53Qo3UIsqOLcyXtTv6THjSlTopQ+JOLOnHm1w8dzYbLN44OG44rRsbihMUQp+wUZ6bsI8rrOnm9WErzkbQFbrfAINdoCiNa6cimYIjvvnMTaFWNymqY1vZxGztQiMiHiHYwTfwHTXrb9j0uPM=|09J28iXv9oWzYtzK2LBT6Yht4IT4MijEkk0fwFdrVQ4=".parse().unwrap();
         client
             .internal
-            .initialize_user_crypto_master_key(master_key, user_key, private_key, None)
+            .initialize_user_crypto_master_key(master_key, user_key, private_key, None, None)
             .unwrap();
 
         let public_key = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvyLRDUwXB4BfQ507D4meFPmwn5zwy3IqTPJO4plrrhnclWahXa240BzyFW9gHgYu+Jrgms5xBfRTBMcEsqqNm7+JpB6C1B6yvnik0DpJgWQw1rwvy4SUYidpR/AWbQi47n/hvnmzI/sQxGddVfvWu1iTKOlf5blbKYAXnUE5DZBGnrWfacNXwRRdtP06tFB0LwDgw+91CeLSJ9py6dm1qX5JIxoO8StJOQl65goLCdrTWlox+0Jh4xFUfCkb+s3px+OhSCzJbvG/hlrSRcUz5GnwlCEyF3v5lfUtV96MJD+78d8pmH6CfFAp2wxKRAbGdk+JccJYO6y6oIXd3Fm7twIDAQAB";
@@ -232,7 +232,13 @@ mod tests {
 
         existing_device
             .internal
-            .initialize_user_crypto_master_key(master_key, user_key, private_key.clone(), None)
+            .initialize_user_crypto_master_key(
+                master_key,
+                user_key,
+                private_key.clone(),
+                None,
+                None,
+            )
             .unwrap();
 
         // Initialize a new device which will request to be logged in
@@ -251,6 +257,7 @@ mod tests {
                 email: email.to_owned(),
                 private_key,
                 signing_key: None,
+                security_state: None,
                 method: InitUserCryptoMethod::AuthRequest {
                     request_private_key: auth_req.private_key,
                     method: AuthRequestMethod::UserKey {

crates/bitwarden-core/src/auth/login/api_key.rs

@@ -56,6 +56,7 @@
             user_key,
             private_key,
             None,
+            None,
         )?;
     }
 

crates/bitwarden-core/src/auth/login/auth_request.rs

@@ -121,6 +121,7 @@
                 email: auth_req.email,
                 private_key: require!(r.private_key).parse()?,
                 signing_key: None,
+                security_state: None,
                 method: InitUserCryptoMethod::AuthRequest {
                     request_private_key: auth_req.private_key,
                     method,

crates/bitwarden-core/src/auth/login/password.rs

@@ -55,6 +55,7 @@
             user_key,
             private_key,
             None,
+            None,
         )?;
     }
 

crates/bitwarden-core/src/auth/password/validate.rs

@@ -145,6 +145,7 @@ mod tests {
                 user_key.parse().unwrap(),
                 private_key,
                 None,
+                None,
             )
             .unwrap();
 
@@ -193,6 +194,7 @@ mod tests {
                 user_key.parse().unwrap(),
                 private_key,
                 None,
+                None,
             )
             .unwrap();
 

crates/bitwarden-core/src/auth/pin.rs

@@ -80,6 +80,7 @@ mod tests {
                 user_key.parse().unwrap(),
                 private_key,
                 None,
+                None,
             )
             .unwrap();
 

crates/bitwarden-core/src/auth/tde.rs

@@ -45,6 +45,7 @@
         // Note: Signing keys are not supported on registration yet. This needs to be changed as
         // soon as registration is supported.
         None,
+        None,
     )?;
 
     Ok(RegisterTdeKeyResponse {

crates/bitwarden-core/src/client/client.rs

@@ -105,6 +105,8 @@ impl Client {
                 external_client,
                 key_store: KeyStore::default(),
                 #[cfg(feature = "internal")]
+                security_state: RwLock::new(None),
+                #[cfg(feature = "internal")]
                 repository_map: StateRegistry::new(),
             }),
         }

crates/bitwarden-core/src/client/encryption_settings.rs

@@ -1,12 +1,22 @@
 #[cfg(feature = "internal")]
-use bitwarden_crypto::{EncString, UnsignedSharedKey};
+use std::sync::RwLock;
+
+#[cfg(feature = "internal")]
+use bitwarden_crypto::{
+    Aes256CbcHmacKey, AsymmetricCryptoKey, CoseKeyBytes, CoseSerializable, EncString,
+    KeyDecryptable, Pkcs8PrivateKeyBytes, SigningKey, UnsignedSharedKey, XChaCha20Poly1305Key,
+};
 #[cfg(any(feature = "internal", feature = "secrets"))]
 use bitwarden_crypto::{KeyStore, SymmetricCryptoKey};
 use bitwarden_error::bitwarden_error;
+#[cfg(feature = "internal")]
+use log::warn;
 use thiserror::Error;
 #[cfg(any(feature = "internal", feature = "secrets"))]
 use uuid::Uuid;
 
+#[cfg(feature = "internal")]
+use crate::key_management::{AsymmetricKeyId, SecurityState, SignedSecurityState, SigningKeyId};
 #[cfg(any(feature = "internal", feature = "secrets"))]
 use crate::key_management::{KeyIds, SymmetricKeyId};
 use crate::{error::UserIdAlreadySetError, MissingPrivateKeyError, VaultLockedError};
@@ -30,13 +40,31 @@ pub enum EncryptionSettingsError {
     #[error("Invalid signing key")]
     InvalidSigningKey,
 
+    #[error("Invalid security state")]
+    InvalidSecurityState,
+
     #[error(transparent)]
     MissingPrivateKey(#[from] MissingPrivateKeyError),
 
     #[error(transparent)]
     UserIdAlreadySetError(#[from] UserIdAlreadySetError),
 }
 
+#[allow(clippy::large_enum_variant)]
+#[cfg(feature = "internal")]
+pub(crate) enum AccountEncryptionKeys {
+    V1 {
+        user_key: Aes256CbcHmacKey,
+        private_key: EncString,
+    },
+    V2 {
+        user_key: XChaCha20Poly1305Key,
+        private_key: EncString,
+        signing_key: EncString,
+        security_state: SignedSecurityState,
+    },
+}
+
 #[allow(missing_docs)]
 pub struct EncryptionSettings {}
 
@@ -47,21 +75,55 @@ impl EncryptionSettings {
     /// discouraged
     #[cfg(feature = "internal")]
     pub(crate) fn new_decrypted_key(
-        user_key: SymmetricCryptoKey,
-        private_key: EncString,
-        signing_key: Option<EncString>,
+        encryption_keys: AccountEncryptionKeys,
         store: &KeyStore<KeyIds>,
+        security_state_rwlock: &RwLock<Option<SecurityState>>,
     ) -> Result<(), EncryptionSettingsError> {
-        use bitwarden_crypto::{AsymmetricCryptoKey, CoseSerializable, KeyDecryptable, SigningKey};
-        use log::warn;
+        // This is an all-or-nothing check. The server cannot pretend a signing key or security
+        // state to be missing, because they are *always* present when the user key is an
+        // XChaCha20Poly1305Key. Thus, the server or network cannot lie about the presence of these,
+        // because otherwise the entire user account will fail to decrypt.
+        match encryption_keys {
+            AccountEncryptionKeys::V1 {
+                user_key,
+                private_key,
+            } => {
+                Self::init_v1(user_key, private_key, store)?;
+            }
+            AccountEncryptionKeys::V2 {
+                user_key,
+                private_key,
+                signing_key,
+                security_state,
+            } => {
+                Self::init_v2(
+                    user_key,
+                    private_key,
+                    signing_key,
+                    security_state,
+                    store,
+                    security_state_rwlock,
+                )?;
+            }
+        }
+
+        Ok(())
+    }
 
-        use crate::key_management::{AsymmetricKeyId, SigningKeyId, SymmetricKeyId};
+    #[cfg(feature = "internal")]
+    fn init_v1(
+        user_key: Aes256CbcHmacKey,
+        private_key: EncString,
+        store: &KeyStore<KeyIds>,
+    ) -> Result<(), EncryptionSettingsError> {
+        let user_key = SymmetricCryptoKey::Aes256CbcHmacKey(user_key);
 
         let private_key = {
             let dec: Vec<u8> = private_key.decrypt_with_key(&user_key)?;
-            // FIXME: [PM-11690] - Temporarily ignore invalid private keys until we have a recovery
-            // process in place.
-            AsymmetricCryptoKey::from_der(&dec.into())
+
+            // FIXME: [PM-11690] - Temporarily ignore invalid private keys until we have a
+            // recovery process in place.
+            AsymmetricCryptoKey::from_der(&Pkcs8PrivateKeyBytes::from(dec))
                 .map_err(|_| {
                     warn!("Invalid private key");
                 })
@@ -72,14 +134,6 @@ impl EncryptionSettings {
             //         .map_err(|_| EncryptionSettingsError::InvalidPrivateKey)?,
             // )
         };
-        let signing_key = signing_key
-            .map(|key| {
-                use bitwarden_crypto::CryptoError;
-
-                let dec: Vec<u8> = key.decrypt_with_key(&user_key)?;
-                SigningKey::from_cose(&dec.into()).map_err(Into::<CryptoError>::into)
-            })
-            .transpose()?;
 
         // FIXME: [PM-18098] When this is part of crypto we won't need to use deprecated methods
         #[allow(deprecated)]
@@ -89,10 +143,44 @@ impl EncryptionSettings {
             if let Some(private_key) = private_key {
                 ctx.set_asymmetric_key(AsymmetricKeyId::UserPrivateKey, private_key)?;
             }
+        }
 
-            if let Some(signing_key) = signing_key {
-                ctx.set_signing_key(SigningKeyId::UserSigningKey, signing_key)?;
-            }
+        Ok(())
+    }
+
+    #[cfg(feature = "internal")]
+    fn init_v2(
+        user_key: XChaCha20Poly1305Key,
+        private_key: EncString,
+        signing_key: EncString,
+        security_state: SignedSecurityState,
+        store: &KeyStore<KeyIds>,
+        sdk_security_state: &RwLock<Option<SecurityState>>,
+    ) -> Result<(), EncryptionSettingsError> {
+        use crate::key_management::SecurityState;
+
+        let user_key = SymmetricCryptoKey::XChaCha20Poly1305Key(user_key);
+
+        // For v2 users, we mandate the signing key and security state and the private key to be
+        // present and valid Everything MUST decrypt.
+        let signing_key: Vec<u8> = signing_key.decrypt_with_key(&user_key)?;
+        let signing_key = SigningKey::from_cose(&CoseKeyBytes::from(signing_key))
+            .map_err(|_| EncryptionSettingsError::InvalidSigningKey)?;
+        let private_key: Vec<u8> = private_key.decrypt_with_key(&user_key)?;
+        let private_key = AsymmetricCryptoKey::from_der(&Pkcs8PrivateKeyBytes::from(private_key))
+            .map_err(|_| EncryptionSettingsError::InvalidPrivateKey)?;
+
+        let security_state: SecurityState = security_state
+            .verify_and_unwrap(&signing_key.to_verifying_key())
+            .map_err(|_| EncryptionSettingsError::InvalidSecurityState)?;
+        *sdk_security_state.write().expect("RwLock not poisoned") = Some(security_state);
+
+        #[allow(deprecated)]
+        {
+            let mut ctx = store.context_mut();
+            ctx.set_symmetric_key(SymmetricKeyId::User, user_key)?;
+            ctx.set_asymmetric_key(AsymmetricKeyId::UserPrivateKey, private_key)?;
+            ctx.set_signing_key(SigningKeyId::UserSigningKey, signing_key)?;
         }
 
         Ok(())