Set login_method when registering for tde

bitwarden · Apr 12, 2024 · 94cff77 · 94cff77
1 parent b611974
commit 94cff77
Show file tree

Hide file tree

Showing 6 changed files with 33 additions and 20 deletions.
diff --git a/crates/bitwarden-uniffi/src/auth/mod.rs b/crates/bitwarden-uniffi/src/auth/mod.rs
@@ -82,16 +82,15 @@ impl ClientAuth {
     /// Generate keys needed for TDE process
     pub async fn make_register_tde_keys(
         &self,
+        email: String,
         org_public_key: String,
         remember_device: bool,
     ) -> Result<RegisterTdeKeyResponse> {
-        Ok(self
-            .0
-             .0
-            .write()
-            .await
-            .auth()
-            .make_register_tde_keys(org_public_key, remember_device)?)
+        Ok(self.0 .0.write().await.auth().make_register_tde_keys(
+            email,
+            org_public_key,
+            remember_device,
+        )?)
     }
 
     /// Validate the user password

diff --git a/crates/bitwarden/src/auth/client_auth.rs b/crates/bitwarden/src/auth/client_auth.rs
@@ -76,10 +76,11 @@ impl<'a> ClientAuth<'a> {
 
     pub fn make_register_tde_keys(
         &mut self,
+        email: String,
         org_public_key: String,
         remember_device: bool,
     ) -> Result<RegisterTdeKeyResponse> {
-        make_register_tde_keys(self.client, org_public_key, remember_device)
+        make_register_tde_keys(self.client, email, org_public_key, remember_device)
     }
 
     pub async fn register(&mut self, input: &RegisterRequest) -> Result<()> {

diff --git a/crates/bitwarden/src/auth/login/auth_request.rs b/crates/bitwarden/src/auth/login/auth_request.rs
@@ -1,10 +1,7 @@
-use std::num::NonZeroU32;
-
 use bitwarden_api_api::{
     apis::auth_requests_api::{auth_requests_id_response_get, auth_requests_post},
     models::{AuthRequestCreateRequestModel, AuthRequestType},
 };
-use bitwarden_crypto::Kdf;
 use uuid::Uuid;
 
 use crate::{
@@ -15,6 +12,7 @@ use crate::{
     client::{LoginMethod, UserLoginMethod},
     error::{require, Result},
     mobile::crypto::{AuthRequestMethod, InitUserCryptoMethod, InitUserCryptoRequest},
+    util::default_kdf,
     Client,
 };
 
@@ -86,9 +84,7 @@ pub(crate) async fn complete_auth_request(
     .await?;
 
     if let IdentityTokenResponse::Authenticated(r) = response {
-        let kdf = Kdf::PBKDF2 {
-            iterations: NonZeroU32::new(600_000).expect("Non-zero number"),
-        };
+        let kdf = default_kdf();
 
         client.set_tokens(
             r.access_token.clone(),

diff --git a/crates/bitwarden/src/auth/register.rs b/crates/bitwarden/src/auth/register.rs
@@ -6,7 +6,12 @@ use bitwarden_crypto::{HashPurpose, MasterKey, RsaKeyPair};
 use schemars::JsonSchema;
 use serde::{Deserialize, Serialize};
 
-use crate::{client::Kdf, error::Result, util::default_pbkdf2_iterations, Client};
+use crate::{
+    client::Kdf,
+    error::Result,
+    util::{default_kdf, default_pbkdf2_iterations},
+    Client,
+};
 
 #[derive(Serialize, Deserialize, Debug, JsonSchema)]
 #[serde(rename_all = "camelCase", deny_unknown_fields)]
@@ -21,9 +26,7 @@ pub struct RegisterRequest {
 pub(super) async fn register(client: &mut Client, req: &RegisterRequest) -> Result<()> {
     let config = client.get_api_configurations().await;
 
-    let kdf = Kdf::PBKDF2 {
-        iterations: default_pbkdf2_iterations(),
-    };
+    let kdf = default_kdf();
 
     let keys = make_register_keys(req.email.to_owned(), req.password.to_owned(), kdf)?;
 

diff --git a/crates/bitwarden/src/auth/tde.rs b/crates/bitwarden/src/auth/tde.rs
@@ -1,16 +1,17 @@
 use base64::{engine::general_purpose::STANDARD, Engine};
 use bitwarden_crypto::{
-    AsymmetricEncString, AsymmetricPublicCryptoKey, DeviceKey, EncString, SymmetricCryptoKey,
+    AsymmetricEncString, AsymmetricPublicCryptoKey, DeviceKey, EncString, Kdf, SymmetricCryptoKey,
     TrustDeviceResponse, UserKey,
 };
 
-use crate::{error::Result, Client};
+use crate::{error::Result, util::default_kdf, Client};
 
 /// This function generates a new user key and key pair, initializes the client's crypto with the
 /// generated user key, and encrypts the user key with the organization public key for admin
 /// password reset. If remember_device is true, it also generates a device key.
 pub(super) fn make_register_tde_keys(
     client: &mut Client,
+    email: String,
     org_public_key: String,
     remember_device: bool,
 ) -> Result<RegisterTdeKeyResponse> {
@@ -30,6 +31,13 @@ pub(super) fn make_register_tde_keys(
         None
     };
 
+    client.set_login_method(crate::client::LoginMethod::User(
+        crate::client::UserLoginMethod::Username {
+            client_id: "".to_owned(),
+            email,
+            kdf: default_kdf(),
+        },
+    ));
     client.initialize_user_crypto_decrypted_key(user_key.0, key_pair.private.clone())?;
 
     Ok(RegisterTdeKeyResponse {

diff --git a/crates/bitwarden/src/util.rs b/crates/bitwarden/src/util.rs
@@ -4,7 +4,13 @@ use base64::{
     alphabet,
     engine::{DecodePaddingMode, GeneralPurpose, GeneralPurposeConfig},
 };
+use bitwarden_crypto::Kdf;
 
+pub fn default_kdf() -> Kdf {
+    Kdf::PBKDF2 {
+        iterations: default_pbkdf2_iterations(),
+    }
+}
 pub fn default_pbkdf2_iterations() -> NonZeroU32 {
     NonZeroU32::new(600_000).expect("Non-zero number")
 }