Add sensitive types to SymmetricCryptoKey #672
Conversation
| pub fn decode_base64<T: base64::Engine>(self, engine: T) -> Result<SensitiveVec, CryptoError> { | ||
| // Preallocate a Vec with the necessary capacity | ||
| let len = base64::decoded_len_estimate(self.value.len()); | ||
| let mut value = SensitiveVec::new(Box::new(Vec::with_capacity(len))); |
There was a problem hiding this comment.
Do we know what happens when a vector grows, will it make a copy of the data or have pointers to the new locations.
We should probably provide warnings for this behaviour.
There was a problem hiding this comment.
When the Vec grows over capacity, it's going to make a new allocation that is bigger than the current one, copy the data over and then dealloc the old allocation. Note that the deallocation of the older data won't call the Vec's zeroize so it's definitely problematic. The same will happen with Strings as they are Vecs under the hood, but I think it's more unlikely for a string to be appended to.
I think adding warnings to those types sounds like a good idea yeah!
| // IMPORTANT: This should not be used outside of test code | ||
| // Note that we can't just mark it with #[cfg(test)] because that only applies | ||
| // when testing this crate, not when testing other crates that depend on it. | ||
| // By at least limiting it to &'static str we should be able to avoid accidental usages |
There was a problem hiding this comment.
Would exposing a specific feature and only using that feature in tests work?
There was a problem hiding this comment.
Hmm I think it might, we could even enable the feature in dev-dependencies too to avoid requiring it when calling cargo test. I'll give it a try!
|
No New Or Fixed Issues Found |
| /// Uniffi doesn't seem to be generating the SensitiveString unless it's being used by | ||
| /// a record somewhere. This is a workaround to make sure the type is generated. | ||
| #[derive(uniffi::Record)] | ||
| struct SupportSensitiveString { | ||
| sensitive_string: SensitiveString, | ||
| } |
| attachment.key = Some( | ||
| attachment_key | ||
| .to_vec() | ||
| .expose() |
There was a problem hiding this comment.
Exposing a sensitive value for encrypting seems silly. Could we implement encrypt for sensitive values?
There was a problem hiding this comment.
We currently implement encrypt for sensitive values, the problem is for Vecs we implement encrypt on &[u8] and rely on rust auto deref to coerce the Vec to a slice, but that will not happen for Sensitive.
This is going to require either updating all the Encrypt impls to work only on Vec or SensitiveVec, or adding a specific impl only for Sensitive, which might have to be done carefully to avoid conflicts with the current blanket impl.
I think this is best left for a separate PR to avoid bloating this one, though.
| @@ -67,7 +67,7 @@ impl MasterKey { | |||
| let stretched_key = stretch_kdf_key(&self.0)?; | |||
|
|
|||
| EncString::encrypt_aes256_hmac( | |||
| user_key.to_vec().as_slice(), | |||
| user_key.to_vec().expose(), | |||
There was a problem hiding this comment.
Should we look into if the encrypt methods should accept sensitive values?
There was a problem hiding this comment.
Definitely, but it needs to be updated at the same time as the KeyEncryptable impls, as they use this function and we don't want to be boxing/unboxing all the time.
| pub fn to_vec(&self) -> Zeroizing<Vec<u8>> { | ||
| let mut buf = Vec::with_capacity(self.total_len()); | ||
| pub fn to_vec(&self) -> SensitiveVec { | ||
| let mut buf = SensitiveVec::new(Box::new(Vec::with_capacity(self.total_len()))); |
There was a problem hiding this comment.
Maybe add a comment why it's important to allocate the full length. It could be seen as an optimization method otherwise.
| let mut buf = SensitiveVec::new(Box::new(Vec::with_capacity(self.total_len()))); | |
| // Prevent accidental copies by allocating the full size | |
| let mut buf = SensitiveVec::new(Box::new(Vec::with_capacity(self.total_len()))); |
crates/bitwarden/src/auth/renew.rs
Outdated
| @@ -63,8 +63,10 @@ pub(crate) async fn renew_token(client: &mut Client) -> Result<()> { | |||
| ) = (&result, state_file, client.get_encryption_settings()) | |||
| { | |||
| if let Some(enc_key) = enc_settings.get_key(&None) { | |||
| let state = | |||
| ClientState::new(r.access_token.clone(), enc_key.to_base64()); | |||
| let state = ClientState::new( | |||
There was a problem hiding this comment.
Should state expect sensitive values directly?
There was a problem hiding this comment.
Just checked and it's not too big a diff, changed it
# Conflicts: # crates/bitwarden-crypto/src/keys/master_key.rs
| @@ -15,11 +15,11 @@ const STATE_VERSION: u32 = 1; | |||
| pub struct ClientState { | |||
| pub(crate) version: u32, | |||
| pub(crate) token: String, | |||
| pub(crate) encryption_key: String, | |||
| pub(crate) encryption_key: SensitiveString, | |||
There was a problem hiding this comment.
Any concerns with backwards compatibility here?
There was a problem hiding this comment.
I gave it a test to be sure now and it works yeah. The struct is only used for serialization/deserialization and the sensitive type works the same way as a plain string there.
Type of change
Objective
This is a small subset of #536, which only contains the minimum code to protect the import/export functions on SymmetricCryptoKey. It also enables the from_base64 test on SymmetricCryptoKey as that passes now.
After this PR is merged I'll be expanding the use of Sensitive to other parts of the codebase while adding some extra memory testing checks to validate that it works for them.