Remove encrypt from EncryptionSettings

bitwarden · Oct 30, 2023 · 432a9ee · 432a9ee
1 parent a9d52f0
commit 432a9ee
Show file tree

Hide file tree

Showing 5 changed files with 45 additions and 32 deletions.
diff --git a/crates/bitwarden/src/client/encryption_settings.rs b/crates/bitwarden/src/client/encryption_settings.rs
@@ -9,7 +9,7 @@ use {
 };
 
 use crate::{
-    crypto::{encrypt_aes256_hmac, EncString, SymmetricCryptoKey},
+    crypto::{EncString, SymmetricCryptoKey},
     error::{CryptoError, Result},
 };
 
@@ -109,11 +109,4 @@ impl EncryptionSettings {
             None => Some(&self.user_key),
         }
     }
-
-    pub(crate) fn encrypt(&self, data: &[u8], org_id: &Option<Uuid>) -> Result<EncString> {
-        let key = self.get_key(org_id).ok_or(CryptoError::NoKeyForOrg)?;
-
-        let dec = encrypt_aes256_hmac(data, key.mac_key.ok_or(CryptoError::InvalidMac)?, key.key)?;
-        Ok(dec)
-    }
 }
diff --git a/crates/bitwarden/src/secrets_manager/projects/create.rs b/crates/bitwarden/src/secrets_manager/projects/create.rs
@@ -4,7 +4,11 @@ use serde::{Deserialize, Serialize};
 use uuid::Uuid;
 
 use super::ProjectResponse;
-use crate::{client::Client, error::Result};
+use crate::{
+    client::Client,
+    crypto::KeyEncryptable,
+    error::{Error, Result},
+};
 
 #[derive(Serialize, Deserialize, Debug, JsonSchema)]
 #[serde(rename_all = "camelCase", deny_unknown_fields)]
@@ -19,12 +23,13 @@ pub(crate) async fn create_project(
     client: &mut Client,
     input: &ProjectCreateRequest,
 ) -> Result<ProjectResponse> {
-    let enc = client.get_encryption_settings()?;
-
-    let org_id = Some(input.organization_id);
+    let key = client
+        .get_encryption_settings()?
+        .get_key(&Some(input.organization_id))
+        .ok_or(Error::VaultLocked)?;
 
     let project = Some(ProjectCreateRequestModel {
-        name: enc.encrypt(input.name.as_bytes(), &org_id)?.to_string(),
+        name: input.name.clone().encrypt_with_key(&key)?.to_string(),
     });
 
     let config = client.get_api_configurations().await;

diff --git a/crates/bitwarden/src/secrets_manager/projects/update.rs b/crates/bitwarden/src/secrets_manager/projects/update.rs
@@ -4,7 +4,11 @@ use serde::{Deserialize, Serialize};
 use uuid::Uuid;
 
 use super::ProjectResponse;
-use crate::{client::Client, error::Result};
+use crate::{
+    client::Client,
+    crypto::KeyEncryptable,
+    error::{Error, Result},
+};
 
 #[derive(Serialize, Deserialize, Debug, JsonSchema)]
 #[serde(rename_all = "camelCase", deny_unknown_fields)]
@@ -21,12 +25,13 @@ pub(crate) async fn update_project(
     client: &mut Client,
     input: &ProjectPutRequest,
 ) -> Result<ProjectResponse> {
-    let enc = client.get_encryption_settings()?;
-
-    let org_id = Some(input.organization_id);
+    let key = client
+        .get_encryption_settings()?
+        .get_key(&Some(input.organization_id))
+        .ok_or(Error::VaultLocked)?;
 
     let project = Some(ProjectUpdateRequestModel {
-        name: enc.encrypt(input.name.as_bytes(), &org_id)?.to_string(),
+        name: input.name.clone().encrypt_with_key(&key)?.to_string(),
     });
 
     let config = client.get_api_configurations().await;

diff --git a/crates/bitwarden/src/secrets_manager/secrets/create.rs b/crates/bitwarden/src/secrets_manager/secrets/create.rs
@@ -4,7 +4,11 @@ use serde::{Deserialize, Serialize};
 use uuid::Uuid;
 
 use super::SecretResponse;
-use crate::{error::Result, Client};
+use crate::{
+    crypto::KeyEncryptable,
+    error::{Error, Result},
+    Client,
+};
 
 #[derive(Serialize, Deserialize, Debug, JsonSchema)]
 #[serde(rename_all = "camelCase", deny_unknown_fields)]
@@ -24,14 +28,15 @@ pub(crate) async fn create_secret(
     client: &mut Client,
     input: &SecretCreateRequest,
 ) -> Result<SecretResponse> {
-    let enc = client.get_encryption_settings()?;
-
-    let org_id = Some(input.organization_id);
+    let key = client
+        .get_encryption_settings()?
+        .get_key(&Some(input.organization_id))
+        .ok_or(Error::VaultLocked)?;
 
     let secret = Some(SecretCreateRequestModel {
-        key: enc.encrypt(input.key.as_bytes(), &org_id)?.to_string(),
-        value: enc.encrypt(input.value.as_bytes(), &org_id)?.to_string(),
-        note: enc.encrypt(input.note.as_bytes(), &org_id)?.to_string(),
+        key: input.key.clone().encrypt_with_key(key)?.to_string(),
+        value: input.value.clone().encrypt_with_key(key)?.to_string(),
+        note: input.note.clone().encrypt_with_key(key)?.to_string(),
         project_ids: input.project_ids.clone(),
     });
 

diff --git a/crates/bitwarden/src/secrets_manager/secrets/update.rs b/crates/bitwarden/src/secrets_manager/secrets/update.rs
@@ -4,7 +4,11 @@ use serde::{Deserialize, Serialize};
 use uuid::Uuid;
 
 use super::SecretResponse;
-use crate::{client::Client, error::Result};
+use crate::{
+    client::Client,
+    crypto::KeyEncryptable,
+    error::{Error, Result},
+};
 
 #[derive(Serialize, Deserialize, Debug, JsonSchema)]
 #[serde(rename_all = "camelCase", deny_unknown_fields)]
@@ -24,14 +28,15 @@ pub(crate) async fn update_secret(
     client: &mut Client,
     input: &SecretPutRequest,
 ) -> Result<SecretResponse> {
-    let enc = client.get_encryption_settings()?;
-
-    let org_id = Some(input.organization_id);
+    let key = client
+        .get_encryption_settings()?
+        .get_key(&Some(input.organization_id))
+        .ok_or(Error::VaultLocked)?;
 
     let secret = Some(SecretUpdateRequestModel {
-        key: enc.encrypt(input.key.as_bytes(), &org_id)?.to_string(),
-        value: enc.encrypt(input.value.as_bytes(), &org_id)?.to_string(),
-        note: enc.encrypt(input.note.as_bytes(), &org_id)?.to_string(),
+        key: input.key.clone().encrypt_with_key(key)?.to_string(),
+        value: input.value.clone().encrypt_with_key(key)?.to_string(),
+        note: input.note.clone().encrypt_with_key(key)?.to_string(),
         project_ids: input.project_ids.clone(),
     });