Swap custom b64 config to standard (#451)

Swap custom b64 config to standard
bitwarden · Jan 9, 2024 · fe7bce3 · fe7bce3
1 parent 54b6759
commit fe7bce3
Show file tree

Hide file tree

Showing 12 changed files with 31 additions and 53 deletions.
diff --git a/crates/bitwarden/src/auth/api/request/mod.rs b/crates/bitwarden/src/auth/api/request/mod.rs
@@ -9,7 +9,7 @@ mod renew_token_request;
 pub(crate) use access_token_request::*;
 #[cfg(feature = "internal")]
 pub(crate) use api_token_request::*;
-use base64::Engine;
+use base64::{engine::general_purpose::URL_SAFE_NO_PAD, Engine};
 #[cfg(feature = "internal")]
 pub(crate) use password_token_request::*;
 #[cfg(feature = "internal")]
@@ -19,7 +19,6 @@ use crate::{
     auth::api::response::{parse_identity_response, IdentityTokenResponse},
     client::ApiConfigurations,
     error::Result,
-    util::BASE64_ENGINE,
 };
 
 async fn send_identity_connect_request(
@@ -46,7 +45,7 @@ async fn send_identity_connect_request(
     }
 
     if let Some(email) = email {
-        request = request.header("Auth-Email", BASE64_ENGINE.encode(email.as_bytes()));
+        request = request.header("Auth-Email", URL_SAFE_NO_PAD.encode(email.as_bytes()));
     }
 
     let response = request

diff --git a/crates/bitwarden/src/auth/login/access_token.rs b/crates/bitwarden/src/auth/login/access_token.rs
@@ -1,6 +1,6 @@
 use std::path::{Path, PathBuf};
 
-use base64::Engine;
+use base64::{engine::general_purpose::STANDARD, Engine};
 use chrono::Utc;
 use schemars::JsonSchema;
 use serde::{Deserialize, Serialize};
@@ -16,7 +16,6 @@ use crate::{
     crypto::{EncString, KeyDecryptable, SymmetricCryptoKey},
     error::{Error, Result},
     secrets_manager::state::{self, ClientState},
-    util::BASE64_ENGINE,
     Client,
 };
 
@@ -64,7 +63,7 @@ pub(crate) async fn login_access_token(
         }
 
         let payload: Payload = serde_json::from_slice(&decrypted_payload)?;
-        let encryption_key = BASE64_ENGINE.decode(payload.encryption_key.clone())?;
+        let encryption_key = STANDARD.decode(payload.encryption_key.clone())?;
         let encryption_key = SymmetricCryptoKey::try_from(encryption_key.as_slice())?;
 
         let access_token_obj: JWTToken = r.access_token.parse()?;

diff --git a/crates/bitwarden/src/client/access_token.rs b/crates/bitwarden/src/client/access_token.rs
@@ -6,7 +6,7 @@ use uuid::Uuid;
 use crate::{
     crypto::{derive_shareable_key, SymmetricCryptoKey},
     error::AccessTokenInvalidError,
-    util::BASE64_ENGINE,
+    util::STANDARD_INDIFFERENT,
 };
 
 pub struct AccessToken {
@@ -45,7 +45,7 @@ impl FromStr for AccessToken {
             return Err(AccessTokenInvalidError::InvalidUuid.into());
         };
 
-        let encryption_key = BASE64_ENGINE
+        let encryption_key = STANDARD_INDIFFERENT
             .decode(encryption_key)
             .map_err(AccessTokenInvalidError::InvalidBase64)?;
         let encryption_key: [u8; 16] = encryption_key.try_into().map_err(|e: Vec<_>| {

diff --git a/crates/bitwarden/src/crypto/aes_ops.rs b/crates/bitwarden/src/crypto/aes_ops.rs
@@ -122,11 +122,9 @@ fn generate_mac(mac_key: &[u8], iv: &[u8], data: &[u8]) -> Result<[u8; 32]> {
 #[cfg(test)]
 mod tests {
     use aes::cipher::generic_array::sequence::GenericSequence;
-    use base64::Engine;
+    use base64::{engine::general_purpose::STANDARD, Engine};
     use rand::SeedableRng;
 
-    use crate::util::BASE64_ENGINE;
-
     use super::*;
 
     /// Helper function for generating a `GenericArray` of size 32 with each element being
@@ -175,7 +173,7 @@ mod tests {
         let iv = generate_vec(16, 0, 1);
         let iv: &[u8; 16] = iv.as_slice().try_into().unwrap();
         let key = generate_generic_array(0, 1);
-        let data = BASE64_ENGINE.decode("ByUF8vhyX4ddU9gcooznwA==").unwrap();
+        let data = STANDARD.decode("ByUF8vhyX4ddU9gcooznwA==").unwrap();
 
         let decrypted = decrypt_aes256(iv, data, key).unwrap();
 

diff --git a/crates/bitwarden/src/crypto/enc_string/asymmetric.rs b/crates/bitwarden/src/crypto/enc_string/asymmetric.rs
@@ -1,14 +1,11 @@
 use std::{fmt::Display, str::FromStr};
 
-use base64::Engine;
+use base64::{engine::general_purpose::STANDARD, Engine};
 #[cfg(feature = "internal")]
 use rsa::{Oaep, RsaPrivateKey};
 use serde::Deserialize;
 
-use crate::{
-    error::{EncStringParseError, Error, Result},
-    util::BASE64_ENGINE,
-};
+use crate::error::{EncStringParseError, Error, Result};
 
 #[cfg(feature = "internal")]
 use crate::error::CryptoError;
@@ -135,10 +132,7 @@ impl Display for AsymmEncString {
             AsymmEncString::Rsa2048_OaepSha1_HmacSha256_B64 { data, mac } => vec![data, mac],
         };
 
-        let encoded_parts: Vec<String> = parts
-            .iter()
-            .map(|part| BASE64_ENGINE.encode(part))
-            .collect();
+        let encoded_parts: Vec<String> = parts.iter().map(|part| STANDARD.encode(part)).collect();
 
         write!(f, "{}.{}", self.enc_type(), encoded_parts.join("|"))?;
 

diff --git a/crates/bitwarden/src/crypto/enc_string/mod.rs b/crates/bitwarden/src/crypto/enc_string/mod.rs
@@ -4,13 +4,10 @@ mod symmetric;
 use std::str::FromStr;
 
 pub use asymmetric::AsymmEncString;
-use base64::Engine;
+use base64::{engine::general_purpose::STANDARD, Engine};
 pub use symmetric::EncString;
 
-use crate::{
-    error::{EncStringParseError, Result},
-    util::BASE64_ENGINE,
-};
+use crate::error::{EncStringParseError, Result};
 
 #[cfg(feature = "mobile")]
 fn check_length(buf: &[u8], expected: usize) -> Result<()> {
@@ -25,7 +22,7 @@ fn check_length(buf: &[u8], expected: usize) -> Result<()> {
 }
 
 fn from_b64_vec(s: &str) -> Result<Vec<u8>> {
-    Ok(BASE64_ENGINE
+    Ok(STANDARD
         .decode(s)
         .map_err(EncStringParseError::InvalidBase64)?)
 }

diff --git a/crates/bitwarden/src/crypto/enc_string/symmetric.rs b/crates/bitwarden/src/crypto/enc_string/symmetric.rs
@@ -1,7 +1,7 @@
 use std::{fmt::Display, str::FromStr};
 
 use aes::cipher::{generic_array::GenericArray, typenum::U32};
-use base64::Engine;
+use base64::{engine::general_purpose::STANDARD, Engine};
 use serde::Deserialize;
 
 #[cfg(feature = "mobile")]
@@ -10,7 +10,6 @@ use super::{from_b64, from_b64_vec, split_enc_string};
 use crate::{
     crypto::{decrypt_aes256_hmac, KeyDecryptable, KeyEncryptable, LocateKey, SymmetricCryptoKey},
     error::{CryptoError, EncStringParseError, Error, Result},
-    util::BASE64_ENGINE,
 };
 
 /// # Encrypted string primitive
@@ -181,10 +180,7 @@ impl Display for EncString {
             EncString::AesCbc256_HmacSha256_B64 { iv, mac, data } => vec![iv, data, mac],
         };
 
-        let encoded_parts: Vec<String> = parts
-            .iter()
-            .map(|part| BASE64_ENGINE.encode(part))
-            .collect();
+        let encoded_parts: Vec<String> = parts.iter().map(|part| STANDARD.encode(part)).collect();
 
         write!(f, "{}.{}", self.enc_type(), encoded_parts.join("|"))?;
 

diff --git a/crates/bitwarden/src/crypto/master_key.rs b/crates/bitwarden/src/crypto/master_key.rs
@@ -1,5 +1,5 @@
 use aes::cipher::{generic_array::GenericArray, typenum::U32};
-use base64::Engine;
+use base64::{engine::general_purpose::STANDARD, Engine};
 use rand::Rng;
 use schemars::JsonSchema;
 use sha2::Digest;
@@ -8,7 +8,7 @@ use super::{
     hkdf_expand, EncString, KeyDecryptable, PbkdfSha256Hmac, SymmetricCryptoKey, UserKey,
     PBKDF_SHA256_HMAC_OUT_SIZE,
 };
-use crate::{client::kdf::Kdf, error::Result, util::BASE64_ENGINE};
+use crate::{client::kdf::Kdf, error::Result};
 
 #[derive(Copy, Clone, JsonSchema)]
 #[cfg_attr(feature = "mobile", derive(uniffi::Enum))]
@@ -39,7 +39,7 @@ impl MasterKey {
         )
         .expect("hash is a valid fixed size");
 
-        Ok(BASE64_ENGINE.encode(hash))
+        Ok(STANDARD.encode(hash))
     }
 
     pub(crate) fn make_user_key(&self) -> Result<(UserKey, EncString)> {

diff --git a/crates/bitwarden/src/crypto/rsa.rs b/crates/bitwarden/src/crypto/rsa.rs
@@ -1,4 +1,4 @@
-use base64::Engine;
+use base64::{engine::general_purpose::STANDARD, Engine};
 use rsa::{
     pkcs8::{EncodePrivateKey, EncodePublicKey},
     RsaPrivateKey, RsaPublicKey,
@@ -7,7 +7,6 @@ use rsa::{
 use crate::{
     crypto::{EncString, SymmetricCryptoKey},
     error::Result,
-    util::BASE64_ENGINE,
 };
 
 #[cfg_attr(feature = "mobile", derive(uniffi::Record))]
@@ -28,7 +27,7 @@ pub(super) fn make_key_pair(key: &SymmetricCryptoKey) -> Result<RsaKeyPair> {
         .to_public_key_der()
         .map_err(|_| "unable to create public key")?;
 
-    let b64 = BASE64_ENGINE.encode(spki.as_bytes());
+    let b64 = STANDARD.encode(spki.as_bytes());
     let pkcs = priv_key
         .to_pkcs8_der()
         .map_err(|_| "unable to create private key")?;

diff --git a/crates/bitwarden/src/crypto/symmetric_crypto_key.rs b/crates/bitwarden/src/crypto/symmetric_crypto_key.rs
@@ -1,12 +1,11 @@
 use std::str::FromStr;
 
 use aes::cipher::{generic_array::GenericArray, typenum::U32};
-use base64::Engine;
+use base64::{engine::general_purpose::STANDARD, Engine};
 
 use crate::{
     crypto::{derive_shareable_key, generate_random_bytes},
     error::{CryptoError, Error},
-    util::BASE64_ENGINE,
 };
 
 /// A symmetric encryption key. Used to encrypt and decrypt [`EncString`](crate::crypto::EncString)
@@ -32,7 +31,7 @@ impl SymmetricCryptoKey {
             buf.extend_from_slice(&mac);
         }
 
-        BASE64_ENGINE.encode(&buf)
+        STANDARD.encode(&buf)
     }
 
     #[cfg(feature = "internal")]
@@ -50,9 +49,7 @@ impl FromStr for SymmetricCryptoKey {
     type Err = Error;
 
     fn from_str(s: &str) -> Result<Self, Self::Err> {
-        let bytes = BASE64_ENGINE
-            .decode(s)
-            .map_err(|_| CryptoError::InvalidKey)?;
+        let bytes = STANDARD.decode(s).map_err(|_| CryptoError::InvalidKey)?;
         SymmetricCryptoKey::try_from(bytes.as_slice())
     }
 }

diff --git a/crates/bitwarden/src/platform/generate_fingerprint.rs b/crates/bitwarden/src/platform/generate_fingerprint.rs
@@ -1,10 +1,10 @@
-use base64::Engine;
+use base64::{engine::general_purpose::STANDARD, Engine};
 use log::info;
 use rsa::pkcs8::EncodePublicKey;
 use schemars::JsonSchema;
 use serde::{Deserialize, Serialize};
 
-use crate::{crypto::fingerprint, error::Result, util::BASE64_ENGINE};
+use crate::{crypto::fingerprint, error::Result};
 
 #[derive(Serialize, Deserialize, Debug, JsonSchema)]
 #[serde(rename_all = "camelCase", deny_unknown_fields)]
@@ -25,7 +25,7 @@ pub struct FingerprintResponse {
 pub(crate) fn generate_fingerprint(input: &FingerprintRequest) -> Result<FingerprintResponse> {
     info!("Generating fingerprint");
 
-    let key = BASE64_ENGINE.decode(&input.public_key)?;
+    let key = STANDARD.decode(&input.public_key)?;
 
     Ok(FingerprintResponse {
         fingerprint: fingerprint(&input.fingerprint_material, &key)?,

diff --git a/crates/bitwarden/src/util.rs b/crates/bitwarden/src/util.rs
@@ -21,12 +21,11 @@ pub fn default_argon2_parallelism() -> NonZeroU32 {
     NonZeroU32::new(4).unwrap()
 }
 
-const BASE64_ENGINE_CONFIG: GeneralPurposeConfig = GeneralPurposeConfig::new()
-    .with_encode_padding(true)
-    .with_decode_padding_mode(DecodePaddingMode::Indifferent);
+const INDIFFERENT: GeneralPurposeConfig =
+    GeneralPurposeConfig::new().with_decode_padding_mode(DecodePaddingMode::Indifferent);
 
-pub const BASE64_ENGINE: GeneralPurpose =
-    GeneralPurpose::new(&alphabet::STANDARD, BASE64_ENGINE_CONFIG);
+pub const STANDARD_INDIFFERENT: GeneralPurpose =
+    GeneralPurpose::new(&alphabet::STANDARD, INDIFFERENT);
 
 #[cfg(feature = "mobile")]
 pub(crate) fn capitalize_first_letter(s: &str) -> String {