Set login_method when registering for tde (#711)

We should set login_method when registering TDE keys

crates/bitwarden-crypto/src/keys/master_key.rs

@@ -21,6 +21,27 @@ pub enum Kdf {
     },
 }
 
+impl Default for Kdf {
+    fn default() -> Self {
+        Kdf::PBKDF2 {
+            iterations: default_pbkdf2_iterations(),
+        }
+    }
+}
+
+pub fn default_pbkdf2_iterations() -> NonZeroU32 {
+    NonZeroU32::new(600_000).expect("Non-zero number")
+}
+pub fn default_argon2_iterations() -> NonZeroU32 {
+    NonZeroU32::new(3).expect("Non-zero number")
+}
+pub fn default_argon2_memory() -> NonZeroU32 {
+    NonZeroU32::new(64).expect("Non-zero number")
+}
+pub fn default_argon2_parallelism() -> NonZeroU32 {
+    NonZeroU32::new(4).expect("Non-zero number")
+}
+
 #[derive(Copy, Clone, JsonSchema)]
 #[cfg_attr(feature = "mobile", derive(uniffi::Enum))]
 pub enum HashPurpose {

crates/bitwarden-crypto/src/keys/mod.rs

@@ -1,7 +1,10 @@
 mod key_encryptable;
 pub use key_encryptable::{CryptoKey, KeyDecryptable, KeyEncryptable};
 mod master_key;
-pub use master_key::{HashPurpose, Kdf, MasterKey};
+pub use master_key::{
+    default_argon2_iterations, default_argon2_memory, default_argon2_parallelism,
+    default_pbkdf2_iterations, HashPurpose, Kdf, MasterKey,
+};
 mod shareable_key;
 pub use shareable_key::derive_shareable_key;
 mod symmetric_crypto_key;

crates/bitwarden-uniffi/src/auth/mod.rs

@@ -82,16 +82,15 @@ impl ClientAuth {
     /// Generate keys needed for TDE process
     pub async fn make_register_tde_keys(
         &self,
+        email: String,
         org_public_key: String,
         remember_device: bool,
     ) -> Result<RegisterTdeKeyResponse> {
-        Ok(self
-            .0
-             .0
-            .write()
-            .await
-            .auth()
-            .make_register_tde_keys(org_public_key, remember_device)?)
+        Ok(self.0 .0.write().await.auth().make_register_tde_keys(
+            email,
+            org_public_key,
+            remember_device,
+        )?)
     }
 
     /// Validate the user password

crates/bitwarden/src/auth/api/response/identity_success_response.rs

@@ -22,7 +22,7 @@ pub struct IdentityTokenSuccessResponse {
     #[serde(
         rename = "kdfIterations",
         alias = "KdfIterations",
-        default = "crate::util::default_pbkdf2_iterations"
+        default = "bitwarden_crypto::default_pbkdf2_iterations"
     )]
     kdf_iterations: NonZeroU32,
 
@@ -41,6 +41,8 @@ pub struct IdentityTokenSuccessResponse {
 
 #[cfg(test)]
 mod test {
+    use bitwarden_crypto::default_pbkdf2_iterations;
+
     use super::*;
 
     impl Default for IdentityTokenSuccessResponse {
@@ -54,7 +56,7 @@ mod test {
                 key: Default::default(),
                 two_factor_token: Default::default(),
                 kdf: KdfType::default(),
-                kdf_iterations: crate::util::default_pbkdf2_iterations(),
+                kdf_iterations: default_pbkdf2_iterations(),
                 reset_master_password: Default::default(),
                 force_password_reset: Default::default(),
                 api_use_key_connector: Default::default(),

crates/bitwarden/src/auth/client_auth.rs

@@ -76,10 +76,11 @@ impl<'a> ClientAuth<'a> {
 
     pub fn make_register_tde_keys(
         &mut self,
+        email: String,
         org_public_key: String,
         remember_device: bool,
     ) -> Result<RegisterTdeKeyResponse> {
-        make_register_tde_keys(self.client, org_public_key, remember_device)
+        make_register_tde_keys(self.client, email, org_public_key, remember_device)
     }
 
     pub async fn register(&mut self, input: &RegisterRequest) -> Result<()> {

crates/bitwarden/src/auth/login/auth_request.rs

@@ -1,5 +1,3 @@
-use std::num::NonZeroU32;
-
 use bitwarden_api_api::{
     apis::auth_requests_api::{auth_requests_id_response_get, auth_requests_post},
     models::{AuthRequestCreateRequestModel, AuthRequestType},
@@ -86,9 +84,7 @@ pub(crate) async fn complete_auth_request(
     .await?;
 
     if let IdentityTokenResponse::Authenticated(r) = response {
-        let kdf = Kdf::PBKDF2 {
-            iterations: NonZeroU32::new(600_000).expect("Non-zero number"),
-        };
+        let kdf = Kdf::default();
 
         client.set_tokens(
             r.access_token.clone(),

crates/bitwarden/src/auth/login/mod.rs

@@ -58,8 +58,7 @@ pub(crate) fn parse_prelogin(response: PreloginResponseModel) -> Result<Kdf> {
     use std::num::NonZeroU32;
 
     use bitwarden_api_identity::models::KdfType;
-
-    use crate::util::{
+    use bitwarden_crypto::{
         default_argon2_iterations, default_argon2_memory, default_argon2_parallelism,
         default_pbkdf2_iterations,
     };

crates/bitwarden/src/auth/register.rs

@@ -2,11 +2,11 @@ use bitwarden_api_identity::{
     apis::accounts_api::accounts_register_post,
     models::{KeysRequestModel, RegisterRequestModel},
 };
-use bitwarden_crypto::{HashPurpose, MasterKey, RsaKeyPair};
+use bitwarden_crypto::{default_pbkdf2_iterations, HashPurpose, MasterKey, RsaKeyPair};
 use schemars::JsonSchema;
 use serde::{Deserialize, Serialize};
 
-use crate::{client::Kdf, error::Result, util::default_pbkdf2_iterations, Client};
+use crate::{client::Kdf, error::Result, Client};
 
 #[derive(Serialize, Deserialize, Debug, JsonSchema)]
 #[serde(rename_all = "camelCase", deny_unknown_fields)]
@@ -21,9 +21,7 @@ pub struct RegisterRequest {
 pub(super) async fn register(client: &mut Client, req: &RegisterRequest) -> Result<()> {
     let config = client.get_api_configurations().await;
 
-    let kdf = Kdf::PBKDF2 {
-        iterations: default_pbkdf2_iterations(),
-    };
+    let kdf = Kdf::default();
 
     let keys = make_register_keys(req.email.to_owned(), req.password.to_owned(), kdf)?;
 

crates/bitwarden/src/auth/tde.rs

@@ -1,6 +1,6 @@
 use base64::{engine::general_purpose::STANDARD, Engine};
 use bitwarden_crypto::{
-    AsymmetricEncString, AsymmetricPublicCryptoKey, DeviceKey, EncString, SymmetricCryptoKey,
+    AsymmetricEncString, AsymmetricPublicCryptoKey, DeviceKey, EncString, Kdf, SymmetricCryptoKey,
     TrustDeviceResponse, UserKey,
 };
 
@@ -11,6 +11,7 @@ use crate::{error::Result, Client};
 /// password reset. If remember_device is true, it also generates a device key.
 pub(super) fn make_register_tde_keys(
     client: &mut Client,
+    email: String,
     org_public_key: String,
     remember_device: bool,
 ) -> Result<RegisterTdeKeyResponse> {
@@ -30,6 +31,13 @@ pub(super) fn make_register_tde_keys(
         None
     };
 
+    client.set_login_method(crate::client::LoginMethod::User(
+        crate::client::UserLoginMethod::Username {
+            client_id: "".to_owned(),
+            email,
+            kdf: Kdf::default(),
+        },
+    ));
     client.initialize_user_crypto_decrypted_key(user_key.0, key_pair.private.clone())?;
 
     Ok(RegisterTdeKeyResponse {

crates/bitwarden/src/util.rs

@@ -1,26 +1,8 @@
-use std::num::NonZeroU32;
-
 use base64::{
     alphabet,
     engine::{DecodePaddingMode, GeneralPurpose, GeneralPurposeConfig},
 };
 
-pub fn default_pbkdf2_iterations() -> NonZeroU32 {
-    NonZeroU32::new(600_000).expect("Non-zero number")
-}
-#[cfg(feature = "internal")]
-pub fn default_argon2_iterations() -> NonZeroU32 {
-    NonZeroU32::new(3).expect("Non-zero number")
-}
-#[cfg(feature = "internal")]
-pub fn default_argon2_memory() -> NonZeroU32 {
-    NonZeroU32::new(64).expect("Non-zero number")
-}
-#[cfg(feature = "internal")]
-pub fn default_argon2_parallelism() -> NonZeroU32 {
-    NonZeroU32::new(4).expect("Non-zero number")
-}
-
 const INDIFFERENT: GeneralPurposeConfig =
     GeneralPurposeConfig::new().with_decode_padding_mode(DecodePaddingMode::Indifferent);