[PM-24263] Pin protected key envelope unlock #372
Conversation
|
Great job! No new security vulnerabilities introduced in this pull request |
quexten
requested review from
dani-garcia,
mzieniukbw and
coroiu
and removed request for
a team and
dani-garcia
|
Looks like we had a deadlock on the keystore lock, caught by the CI / tests which should be fixed in the latest revision. |
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## km/beeep/safe-password-protected-key-envelope #372 +/- ##
=================================================================================
+ Coverage 74.36% 74.56% +0.19%
=================================================================================
Files 255 255
Lines 22352 22513 +161
=================================================================================
+ Hits 16622 16786 +164
+ Misses 5730 5727 -3 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
| /// Decrypts a `PasswordProtectedKeyEnvelope`, returning the user key, if successful. | ||
| /// This is a stop-gap solution, until initialization of the SDK is used. | ||
| #[cfg(feature = "wasm")] | ||
| pub fn unseal_password_protected_key_envelope( |
There was a problem hiding this comment.
💡 Shall we add some unit test coverage ?
There was a problem hiding this comment.
Added test for the enroll -> re-enroll with encrypted -> unseal flow.
|
|
||
| #[error("Wrong Pin")] | ||
| WrongPin, |
There was a problem hiding this comment.
question: What error do we return if you pass in the wrong password? It would seem reasonable that we return a similar error for both.
I suspect we derive the master key and then attempt to decrypt the user key which would fail and you'd get a decrypt error? Maybe it would be more elegant to handle that with a better error message in which case both wrong password and pin could use the same error?
There was a problem hiding this comment.
With master-key decryption you cannot know if:
- Your email is different to the one used on creation
- Your kdf settings are different to the one used on creation
- Your password is different "wrong" to the one used on creation
- (Your master-key-wrapped-user-key was tampered with)
and all of these would result in the same error. In most cases the true reason would be "wrong password" but there are reasonable cases such as the KDF settings being out of sync, that would lead to the same error path.
With the PasswordProtectedKeyEnvelope, it's only:
- Your password is different "wrong"
- (Your key envelope was tampered with)
so for me it feels more appropriate to use the "WrongPin" error.
(I'm OK changing both to return "WrongPassword", but then we should document that this could also mean that KDF/salt(email) can be wrong for masterkey encrypted items).
There was a problem hiding this comment.
Can we lift this into the previous PR or is there a good reason this is handled here?
There was a problem hiding this comment.
GitHub hid what this references, but I've lifted anything that I found to be non-pin-generic to the previous PR, which should make the diff a lot cleaner.
| use crate::key_management::SymmetricKeyId; | ||
| let ctx = &mut self.key_store.context_mut(); | ||
| let decrypted_user_key_id = pin_protected_user_key_envelope | ||
| .unseal(SymmetricKeyId::Local("tmp_unlock_pin"), &pin, ctx) |
There was a problem hiding this comment.
@dani-garcia did we have any convention for local IDs? Or is it just the wild west.
There was a problem hiding this comment.
I think the approach here is to push the other work dani proposed ( https://bitwarden.atlassian.net/browse/PM-18102), so that we don't have to deal with naming collisions..
crates/bitwarden-crypto/src/error.rs
Outdated
| @@ -69,6 +69,9 @@ pub enum CryptoError { | |||
|
|
|||
| #[error("Encoding error, {0}")] | |||
| EncodingError(#[from] EncodingError), | |||
|
|
|||
| #[error("Password protected key envelope error, {0}")] | |||
| PasswordProtectedKeyEnvelopeError(#[from] PasswordProtectedKeyEnvelopeError), | |||
There was a problem hiding this comment.
nit: We try and avoid having Error suffixes in the variant names.
| PasswordProtectedKeyEnvelopeError(#[from] PasswordProtectedKeyEnvelopeError), | |
| PasswordProtectedKeyEnvelope(#[from] PasswordProtectedKeyEnvelopeError), |
There was a problem hiding this comment.
Is this required to live in CryptoError or could we lift it up. I'm a bit concerned about the size of CryptoError since it's intended as a low level error.
There was a problem hiding this comment.
Would it be more acceptable to be a variant of CryptoClientError? In that case we can lift it up to there.
There was a problem hiding this comment.
question: What happens if we want to sent another generic of PasswordProtectedKeyEnvelope? We've reserved the name of the generic now.
There was a problem hiding this comment.
I think in this specific case it's OK. The reason is that the generic parameter is KeyIds, of which only one instance is ever supposed to exist as far as I'm aware - the one defined in core, describing all Bitwarden keys in the key hierarchy.
I would have preferred to not even make the key envelope generic in the first place, but had to do so in order to have the public interface take a KeyStoreContext and key ids instead of literal keys.
For cases where we have actually varying generic parameters, we should make the names of the non-generic wrappers such that they don't collide. I.e "CoseKeyBytes". "LegacyBitwardenKeyBytes", etc.
There was a problem hiding this comment.
Note: I've lifted this into the previous PR too, because it's not specific to pin unlock.
| user_key_encrypted_pin: EncString, | ||
| } | ||
|
|
||
| pub(super) fn enroll_pin( |
There was a problem hiding this comment.
❓ Does this need to be exposed to uniffi? I'm not seeing in the Swift bindings.
There was a problem hiding this comment.
Thanks for catching this! It seems we still separate out clients which is confusing, but it should be fixed in the latest revision of the PR, and I have verified this gets emitted to the swift bindings locally.
|
🎟️ Tracking
https://bitwarden.atlassian.net/browse/PM-24263
📔 Objective
Adds enrollment functionality for Password(PIN)Protected user key envelope. Both crypto initialization via the init request, and a function exposing the raw key material are provided. The latter is required since unlock is not yet done via the init methods on WASM/
clients.⏰ Reminders before review
team
🦮 Reviewer guidelines
:+1:) or similar for great changes:memo:) or ℹ️ (:information_source:) for notes or general info:question:) for questions:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmedissue and could potentially benefit from discussion
:art:) for suggestions / improvements:x:) or:warning:) for more significant problems or concerns needing attention:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt:pick:) for minor or nitpick changes