diff --git a/crates/bitwarden-uniffi/src/auth/mod.rs b/crates/bitwarden-uniffi/src/auth/mod.rs index 62b709045..c6aed44eb 100644 --- a/crates/bitwarden-uniffi/src/auth/mod.rs +++ b/crates/bitwarden-uniffi/src/auth/mod.rs @@ -82,16 +82,15 @@ impl ClientAuth { /// Generate keys needed for TDE process pub async fn make_register_tde_keys( &self, + email: String, org_public_key: String, remember_device: bool, ) -> Result { - Ok(self - .0 - .0 - .write() - .await - .auth() - .make_register_tde_keys(org_public_key, remember_device)?) + Ok(self.0 .0.write().await.auth().make_register_tde_keys( + email, + org_public_key, + remember_device, + )?) } /// Validate the user password diff --git a/crates/bitwarden/src/auth/client_auth.rs b/crates/bitwarden/src/auth/client_auth.rs index 5029d389b..b3afe133a 100644 --- a/crates/bitwarden/src/auth/client_auth.rs +++ b/crates/bitwarden/src/auth/client_auth.rs @@ -76,10 +76,11 @@ impl<'a> ClientAuth<'a> { pub fn make_register_tde_keys( &mut self, + email: String, org_public_key: String, remember_device: bool, ) -> Result { - make_register_tde_keys(self.client, org_public_key, remember_device) + make_register_tde_keys(self.client, email, org_public_key, remember_device) } pub async fn register(&mut self, input: &RegisterRequest) -> Result<()> { diff --git a/crates/bitwarden/src/auth/login/auth_request.rs b/crates/bitwarden/src/auth/login/auth_request.rs index 0e9cb6795..05f27a65d 100644 --- a/crates/bitwarden/src/auth/login/auth_request.rs +++ b/crates/bitwarden/src/auth/login/auth_request.rs @@ -1,10 +1,7 @@ -use std::num::NonZeroU32; - use bitwarden_api_api::{ apis::auth_requests_api::{auth_requests_id_response_get, auth_requests_post}, models::{AuthRequestCreateRequestModel, AuthRequestType}, }; -use bitwarden_crypto::Kdf; use uuid::Uuid; use crate::{ @@ -15,6 +12,7 @@ use crate::{ client::{LoginMethod, UserLoginMethod}, error::{require, Result}, mobile::crypto::{AuthRequestMethod, InitUserCryptoMethod, InitUserCryptoRequest}, + util::default_kdf, Client, }; @@ -86,9 +84,7 @@ pub(crate) async fn complete_auth_request( .await?; if let IdentityTokenResponse::Authenticated(r) = response { - let kdf = Kdf::PBKDF2 { - iterations: NonZeroU32::new(600_000).expect("Non-zero number"), - }; + let kdf = default_kdf(); client.set_tokens( r.access_token.clone(), diff --git a/crates/bitwarden/src/auth/register.rs b/crates/bitwarden/src/auth/register.rs index 31b69c515..9897a1f3a 100644 --- a/crates/bitwarden/src/auth/register.rs +++ b/crates/bitwarden/src/auth/register.rs @@ -6,7 +6,12 @@ use bitwarden_crypto::{HashPurpose, MasterKey, RsaKeyPair}; use schemars::JsonSchema; use serde::{Deserialize, Serialize}; -use crate::{client::Kdf, error::Result, util::default_pbkdf2_iterations, Client}; +use crate::{ + client::Kdf, + error::Result, + util::{default_kdf, default_pbkdf2_iterations}, + Client, +}; #[derive(Serialize, Deserialize, Debug, JsonSchema)] #[serde(rename_all = "camelCase", deny_unknown_fields)] @@ -21,9 +26,7 @@ pub struct RegisterRequest { pub(super) async fn register(client: &mut Client, req: &RegisterRequest) -> Result<()> { let config = client.get_api_configurations().await; - let kdf = Kdf::PBKDF2 { - iterations: default_pbkdf2_iterations(), - }; + let kdf = default_kdf(); let keys = make_register_keys(req.email.to_owned(), req.password.to_owned(), kdf)?; diff --git a/crates/bitwarden/src/auth/tde.rs b/crates/bitwarden/src/auth/tde.rs index 0bbbb904a..2abd584f3 100644 --- a/crates/bitwarden/src/auth/tde.rs +++ b/crates/bitwarden/src/auth/tde.rs @@ -1,16 +1,17 @@ use base64::{engine::general_purpose::STANDARD, Engine}; use bitwarden_crypto::{ - AsymmetricEncString, AsymmetricPublicCryptoKey, DeviceKey, EncString, SymmetricCryptoKey, + AsymmetricEncString, AsymmetricPublicCryptoKey, DeviceKey, EncString, Kdf, SymmetricCryptoKey, TrustDeviceResponse, UserKey, }; -use crate::{error::Result, Client}; +use crate::{error::Result, util::default_kdf, Client}; /// This function generates a new user key and key pair, initializes the client's crypto with the /// generated user key, and encrypts the user key with the organization public key for admin /// password reset. If remember_device is true, it also generates a device key. pub(super) fn make_register_tde_keys( client: &mut Client, + email: String, org_public_key: String, remember_device: bool, ) -> Result { @@ -30,6 +31,13 @@ pub(super) fn make_register_tde_keys( None }; + client.set_login_method(crate::client::LoginMethod::User( + crate::client::UserLoginMethod::Username { + client_id: "".to_owned(), + email, + kdf: default_kdf(), + }, + )); client.initialize_user_crypto_decrypted_key(user_key.0, key_pair.private.clone())?; Ok(RegisterTdeKeyResponse { diff --git a/crates/bitwarden/src/util.rs b/crates/bitwarden/src/util.rs index 5611b4077..7b6640fd5 100644 --- a/crates/bitwarden/src/util.rs +++ b/crates/bitwarden/src/util.rs @@ -4,7 +4,13 @@ use base64::{ alphabet, engine::{DecodePaddingMode, GeneralPurpose, GeneralPurposeConfig}, }; +use bitwarden_crypto::Kdf; +pub fn default_kdf() -> Kdf { + Kdf::PBKDF2 { + iterations: default_pbkdf2_iterations(), + } +} pub fn default_pbkdf2_iterations() -> NonZeroU32 { NonZeroU32::new(600_000).expect("Non-zero number") }