[PM-4270] Individual cipher key encryption

bitwarden · Oct 11, 2023 · 96cb9a4 · 96cb9a4
1 parent 1339bc0
commit 96cb9a4
Showing 1 changed file with 33 additions and 1 deletion.
diff --git a/crates/bitwarden/src/vault/cipher/cipher.rs b/crates/bitwarden/src/vault/cipher/cipher.rs
@@ -11,7 +11,7 @@ use super::{
 };
 use crate::{
     client::encryption_settings::EncryptionSettings,
-    crypto::{Decryptable, EncString, Encryptable},
+    crypto::{Decryptable, EncString, Encryptable, SymmetricCryptoKey},
     error::Result,
     vault::password_history,
 };
@@ -43,6 +43,8 @@ pub struct Cipher {
     pub folder_id: Option<Uuid>,
     pub collection_ids: Vec<Uuid>,
 
+    pub key: Option<EncString>,
+
     pub name: EncString,
     pub notes: Option<EncString>,
 
@@ -77,6 +79,8 @@ pub struct CipherView {
     pub folder_id: Option<Uuid>,
     pub collection_ids: Vec<Uuid>,
 
+    pub key: Option<EncString>,
+
     pub name: String,
     pub notes: Option<String>,
 
@@ -132,11 +136,16 @@ pub struct CipherListView {
 impl Encryptable<Cipher> for CipherView {
     fn encrypt(self, enc: &EncryptionSettings, _: &Option<Uuid>) -> Result<Cipher> {
         let org_id = &self.organization_id;
+
+        let enc_owned = Cipher::get_cipher_key_enc_settings(enc, &self.key, org_id)?;
+        let enc = enc_owned.as_ref().unwrap_or(enc);
+
         Ok(Cipher {
             id: self.id,
             organization_id: self.organization_id,
             folder_id: self.folder_id,
             collection_ids: self.collection_ids,
+            key: self.key,
             name: self.name.encrypt(enc, org_id)?,
             notes: self.notes.encrypt(enc, org_id)?,
             r#type: self.r#type,
@@ -163,11 +172,16 @@ impl Encryptable<Cipher> for CipherView {
 impl Decryptable<CipherView> for Cipher {
     fn decrypt(&self, enc: &EncryptionSettings, _: &Option<Uuid>) -> Result<CipherView> {
         let org_id = &self.organization_id;
+
+        let enc_owned = Cipher::get_cipher_key_enc_settings(enc, &self.key, org_id)?;
+        let enc = enc_owned.as_ref().unwrap_or(enc);
+
         Ok(CipherView {
             id: self.id,
             organization_id: self.organization_id,
             folder_id: self.folder_id,
             collection_ids: self.collection_ids.clone(),
+            key: self.key.clone(),
             name: self.name.decrypt(enc, org_id)?,
             notes: self.notes.decrypt(enc, org_id)?,
             r#type: self.r#type,
@@ -192,6 +206,20 @@ impl Decryptable<CipherView> for Cipher {
 }
 
 impl Cipher {
+    fn get_cipher_key_enc_settings(
+        enc: &EncryptionSettings,
+        key: &Option<EncString>,
+        org_id: &Option<Uuid>,
+    ) -> Result<Option<EncryptionSettings>> {
+        key.as_ref()
+            .map(|key| -> Result<_> {
+                let key = enc.decrypt_bytes(key, org_id)?;
+                let key = SymmetricCryptoKey::try_from(key.as_slice())?;
+                Ok(EncryptionSettings::new_single_key(key))
+            })
+            .transpose()
+    }
+
     fn get_decrypted_subtitle(
         &self,
         enc: &EncryptionSettings,
@@ -261,6 +289,10 @@ impl Cipher {
 impl Decryptable<CipherListView> for Cipher {
     fn decrypt(&self, enc: &EncryptionSettings, _: &Option<Uuid>) -> Result<CipherListView> {
         let org_id = &self.organization_id;
+
+        let enc_owned = Cipher::get_cipher_key_enc_settings(enc, &self.key, org_id)?;
+        let enc = enc_owned.as_ref().unwrap_or(enc);
+
         Ok(CipherListView {
             id: self.id,
             organization_id: self.organization_id,