From fe7bce39c6ff7b0abe6f7212f6eb1ad29add0635 Mon Sep 17 00:00:00 2001 From: Oscar Hinton Date: Tue, 9 Jan 2024 16:48:10 +0100 Subject: [PATCH] Swap custom b64 config to standard (#451) Swap custom b64 config to standard --- crates/bitwarden/src/auth/api/request/mod.rs | 5 ++--- crates/bitwarden/src/auth/login/access_token.rs | 5 ++--- crates/bitwarden/src/client/access_token.rs | 4 ++-- crates/bitwarden/src/crypto/aes_ops.rs | 6 ++---- crates/bitwarden/src/crypto/enc_string/asymmetric.rs | 12 +++--------- crates/bitwarden/src/crypto/enc_string/mod.rs | 9 +++------ crates/bitwarden/src/crypto/enc_string/symmetric.rs | 8 ++------ crates/bitwarden/src/crypto/master_key.rs | 6 +++--- crates/bitwarden/src/crypto/rsa.rs | 5 ++--- crates/bitwarden/src/crypto/symmetric_crypto_key.rs | 9 +++------ .../bitwarden/src/platform/generate_fingerprint.rs | 6 +++--- crates/bitwarden/src/util.rs | 9 ++++----- 12 files changed, 31 insertions(+), 53 deletions(-) diff --git a/crates/bitwarden/src/auth/api/request/mod.rs b/crates/bitwarden/src/auth/api/request/mod.rs index 85b36a983..67796f2f3 100644 --- a/crates/bitwarden/src/auth/api/request/mod.rs +++ b/crates/bitwarden/src/auth/api/request/mod.rs @@ -9,7 +9,7 @@ mod renew_token_request; pub(crate) use access_token_request::*; #[cfg(feature = "internal")] pub(crate) use api_token_request::*; -use base64::Engine; +use base64::{engine::general_purpose::URL_SAFE_NO_PAD, Engine}; #[cfg(feature = "internal")] pub(crate) use password_token_request::*; #[cfg(feature = "internal")] @@ -19,7 +19,6 @@ use crate::{ auth::api::response::{parse_identity_response, IdentityTokenResponse}, client::ApiConfigurations, error::Result, - util::BASE64_ENGINE, }; async fn send_identity_connect_request( @@ -46,7 +45,7 @@ async fn send_identity_connect_request( } if let Some(email) = email { - request = request.header("Auth-Email", BASE64_ENGINE.encode(email.as_bytes())); + request = request.header("Auth-Email", URL_SAFE_NO_PAD.encode(email.as_bytes())); } let response = request diff --git a/crates/bitwarden/src/auth/login/access_token.rs b/crates/bitwarden/src/auth/login/access_token.rs index 2e11035c6..43418d5f1 100644 --- a/crates/bitwarden/src/auth/login/access_token.rs +++ b/crates/bitwarden/src/auth/login/access_token.rs @@ -1,6 +1,6 @@ use std::path::{Path, PathBuf}; -use base64::Engine; +use base64::{engine::general_purpose::STANDARD, Engine}; use chrono::Utc; use schemars::JsonSchema; use serde::{Deserialize, Serialize}; @@ -16,7 +16,6 @@ use crate::{ crypto::{EncString, KeyDecryptable, SymmetricCryptoKey}, error::{Error, Result}, secrets_manager::state::{self, ClientState}, - util::BASE64_ENGINE, Client, }; @@ -64,7 +63,7 @@ pub(crate) async fn login_access_token( } let payload: Payload = serde_json::from_slice(&decrypted_payload)?; - let encryption_key = BASE64_ENGINE.decode(payload.encryption_key.clone())?; + let encryption_key = STANDARD.decode(payload.encryption_key.clone())?; let encryption_key = SymmetricCryptoKey::try_from(encryption_key.as_slice())?; let access_token_obj: JWTToken = r.access_token.parse()?; diff --git a/crates/bitwarden/src/client/access_token.rs b/crates/bitwarden/src/client/access_token.rs index c3d6f2fea..854922c14 100644 --- a/crates/bitwarden/src/client/access_token.rs +++ b/crates/bitwarden/src/client/access_token.rs @@ -6,7 +6,7 @@ use uuid::Uuid; use crate::{ crypto::{derive_shareable_key, SymmetricCryptoKey}, error::AccessTokenInvalidError, - util::BASE64_ENGINE, + util::STANDARD_INDIFFERENT, }; pub struct AccessToken { @@ -45,7 +45,7 @@ impl FromStr for AccessToken { return Err(AccessTokenInvalidError::InvalidUuid.into()); }; - let encryption_key = BASE64_ENGINE + let encryption_key = STANDARD_INDIFFERENT .decode(encryption_key) .map_err(AccessTokenInvalidError::InvalidBase64)?; let encryption_key: [u8; 16] = encryption_key.try_into().map_err(|e: Vec<_>| { diff --git a/crates/bitwarden/src/crypto/aes_ops.rs b/crates/bitwarden/src/crypto/aes_ops.rs index 182986c3b..00e71a3fd 100644 --- a/crates/bitwarden/src/crypto/aes_ops.rs +++ b/crates/bitwarden/src/crypto/aes_ops.rs @@ -122,11 +122,9 @@ fn generate_mac(mac_key: &[u8], iv: &[u8], data: &[u8]) -> Result<[u8; 32]> { #[cfg(test)] mod tests { use aes::cipher::generic_array::sequence::GenericSequence; - use base64::Engine; + use base64::{engine::general_purpose::STANDARD, Engine}; use rand::SeedableRng; - use crate::util::BASE64_ENGINE; - use super::*; /// Helper function for generating a `GenericArray` of size 32 with each element being @@ -175,7 +173,7 @@ mod tests { let iv = generate_vec(16, 0, 1); let iv: &[u8; 16] = iv.as_slice().try_into().unwrap(); let key = generate_generic_array(0, 1); - let data = BASE64_ENGINE.decode("ByUF8vhyX4ddU9gcooznwA==").unwrap(); + let data = STANDARD.decode("ByUF8vhyX4ddU9gcooznwA==").unwrap(); let decrypted = decrypt_aes256(iv, data, key).unwrap(); diff --git a/crates/bitwarden/src/crypto/enc_string/asymmetric.rs b/crates/bitwarden/src/crypto/enc_string/asymmetric.rs index f90315afa..3c67c166a 100644 --- a/crates/bitwarden/src/crypto/enc_string/asymmetric.rs +++ b/crates/bitwarden/src/crypto/enc_string/asymmetric.rs @@ -1,14 +1,11 @@ use std::{fmt::Display, str::FromStr}; -use base64::Engine; +use base64::{engine::general_purpose::STANDARD, Engine}; #[cfg(feature = "internal")] use rsa::{Oaep, RsaPrivateKey}; use serde::Deserialize; -use crate::{ - error::{EncStringParseError, Error, Result}, - util::BASE64_ENGINE, -}; +use crate::error::{EncStringParseError, Error, Result}; #[cfg(feature = "internal")] use crate::error::CryptoError; @@ -135,10 +132,7 @@ impl Display for AsymmEncString { AsymmEncString::Rsa2048_OaepSha1_HmacSha256_B64 { data, mac } => vec![data, mac], }; - let encoded_parts: Vec = parts - .iter() - .map(|part| BASE64_ENGINE.encode(part)) - .collect(); + let encoded_parts: Vec = parts.iter().map(|part| STANDARD.encode(part)).collect(); write!(f, "{}.{}", self.enc_type(), encoded_parts.join("|"))?; diff --git a/crates/bitwarden/src/crypto/enc_string/mod.rs b/crates/bitwarden/src/crypto/enc_string/mod.rs index f8608638a..a998e6056 100644 --- a/crates/bitwarden/src/crypto/enc_string/mod.rs +++ b/crates/bitwarden/src/crypto/enc_string/mod.rs @@ -4,13 +4,10 @@ mod symmetric; use std::str::FromStr; pub use asymmetric::AsymmEncString; -use base64::Engine; +use base64::{engine::general_purpose::STANDARD, Engine}; pub use symmetric::EncString; -use crate::{ - error::{EncStringParseError, Result}, - util::BASE64_ENGINE, -}; +use crate::error::{EncStringParseError, Result}; #[cfg(feature = "mobile")] fn check_length(buf: &[u8], expected: usize) -> Result<()> { @@ -25,7 +22,7 @@ fn check_length(buf: &[u8], expected: usize) -> Result<()> { } fn from_b64_vec(s: &str) -> Result> { - Ok(BASE64_ENGINE + Ok(STANDARD .decode(s) .map_err(EncStringParseError::InvalidBase64)?) } diff --git a/crates/bitwarden/src/crypto/enc_string/symmetric.rs b/crates/bitwarden/src/crypto/enc_string/symmetric.rs index eed7c09ad..798994a1c 100644 --- a/crates/bitwarden/src/crypto/enc_string/symmetric.rs +++ b/crates/bitwarden/src/crypto/enc_string/symmetric.rs @@ -1,7 +1,7 @@ use std::{fmt::Display, str::FromStr}; use aes::cipher::{generic_array::GenericArray, typenum::U32}; -use base64::Engine; +use base64::{engine::general_purpose::STANDARD, Engine}; use serde::Deserialize; #[cfg(feature = "mobile")] @@ -10,7 +10,6 @@ use super::{from_b64, from_b64_vec, split_enc_string}; use crate::{ crypto::{decrypt_aes256_hmac, KeyDecryptable, KeyEncryptable, LocateKey, SymmetricCryptoKey}, error::{CryptoError, EncStringParseError, Error, Result}, - util::BASE64_ENGINE, }; /// # Encrypted string primitive @@ -181,10 +180,7 @@ impl Display for EncString { EncString::AesCbc256_HmacSha256_B64 { iv, mac, data } => vec![iv, data, mac], }; - let encoded_parts: Vec = parts - .iter() - .map(|part| BASE64_ENGINE.encode(part)) - .collect(); + let encoded_parts: Vec = parts.iter().map(|part| STANDARD.encode(part)).collect(); write!(f, "{}.{}", self.enc_type(), encoded_parts.join("|"))?; diff --git a/crates/bitwarden/src/crypto/master_key.rs b/crates/bitwarden/src/crypto/master_key.rs index 9786da3c2..e259ec334 100644 --- a/crates/bitwarden/src/crypto/master_key.rs +++ b/crates/bitwarden/src/crypto/master_key.rs @@ -1,5 +1,5 @@ use aes::cipher::{generic_array::GenericArray, typenum::U32}; -use base64::Engine; +use base64::{engine::general_purpose::STANDARD, Engine}; use rand::Rng; use schemars::JsonSchema; use sha2::Digest; @@ -8,7 +8,7 @@ use super::{ hkdf_expand, EncString, KeyDecryptable, PbkdfSha256Hmac, SymmetricCryptoKey, UserKey, PBKDF_SHA256_HMAC_OUT_SIZE, }; -use crate::{client::kdf::Kdf, error::Result, util::BASE64_ENGINE}; +use crate::{client::kdf::Kdf, error::Result}; #[derive(Copy, Clone, JsonSchema)] #[cfg_attr(feature = "mobile", derive(uniffi::Enum))] @@ -39,7 +39,7 @@ impl MasterKey { ) .expect("hash is a valid fixed size"); - Ok(BASE64_ENGINE.encode(hash)) + Ok(STANDARD.encode(hash)) } pub(crate) fn make_user_key(&self) -> Result<(UserKey, EncString)> { diff --git a/crates/bitwarden/src/crypto/rsa.rs b/crates/bitwarden/src/crypto/rsa.rs index 6feb6ef47..9641237fc 100644 --- a/crates/bitwarden/src/crypto/rsa.rs +++ b/crates/bitwarden/src/crypto/rsa.rs @@ -1,4 +1,4 @@ -use base64::Engine; +use base64::{engine::general_purpose::STANDARD, Engine}; use rsa::{ pkcs8::{EncodePrivateKey, EncodePublicKey}, RsaPrivateKey, RsaPublicKey, @@ -7,7 +7,6 @@ use rsa::{ use crate::{ crypto::{EncString, SymmetricCryptoKey}, error::Result, - util::BASE64_ENGINE, }; #[cfg_attr(feature = "mobile", derive(uniffi::Record))] @@ -28,7 +27,7 @@ pub(super) fn make_key_pair(key: &SymmetricCryptoKey) -> Result { .to_public_key_der() .map_err(|_| "unable to create public key")?; - let b64 = BASE64_ENGINE.encode(spki.as_bytes()); + let b64 = STANDARD.encode(spki.as_bytes()); let pkcs = priv_key .to_pkcs8_der() .map_err(|_| "unable to create private key")?; diff --git a/crates/bitwarden/src/crypto/symmetric_crypto_key.rs b/crates/bitwarden/src/crypto/symmetric_crypto_key.rs index 741fe0559..f6eda5e48 100644 --- a/crates/bitwarden/src/crypto/symmetric_crypto_key.rs +++ b/crates/bitwarden/src/crypto/symmetric_crypto_key.rs @@ -1,12 +1,11 @@ use std::str::FromStr; use aes::cipher::{generic_array::GenericArray, typenum::U32}; -use base64::Engine; +use base64::{engine::general_purpose::STANDARD, Engine}; use crate::{ crypto::{derive_shareable_key, generate_random_bytes}, error::{CryptoError, Error}, - util::BASE64_ENGINE, }; /// A symmetric encryption key. Used to encrypt and decrypt [`EncString`](crate::crypto::EncString) @@ -32,7 +31,7 @@ impl SymmetricCryptoKey { buf.extend_from_slice(&mac); } - BASE64_ENGINE.encode(&buf) + STANDARD.encode(&buf) } #[cfg(feature = "internal")] @@ -50,9 +49,7 @@ impl FromStr for SymmetricCryptoKey { type Err = Error; fn from_str(s: &str) -> Result { - let bytes = BASE64_ENGINE - .decode(s) - .map_err(|_| CryptoError::InvalidKey)?; + let bytes = STANDARD.decode(s).map_err(|_| CryptoError::InvalidKey)?; SymmetricCryptoKey::try_from(bytes.as_slice()) } } diff --git a/crates/bitwarden/src/platform/generate_fingerprint.rs b/crates/bitwarden/src/platform/generate_fingerprint.rs index a8f45dd87..cd763b765 100644 --- a/crates/bitwarden/src/platform/generate_fingerprint.rs +++ b/crates/bitwarden/src/platform/generate_fingerprint.rs @@ -1,10 +1,10 @@ -use base64::Engine; +use base64::{engine::general_purpose::STANDARD, Engine}; use log::info; use rsa::pkcs8::EncodePublicKey; use schemars::JsonSchema; use serde::{Deserialize, Serialize}; -use crate::{crypto::fingerprint, error::Result, util::BASE64_ENGINE}; +use crate::{crypto::fingerprint, error::Result}; #[derive(Serialize, Deserialize, Debug, JsonSchema)] #[serde(rename_all = "camelCase", deny_unknown_fields)] @@ -25,7 +25,7 @@ pub struct FingerprintResponse { pub(crate) fn generate_fingerprint(input: &FingerprintRequest) -> Result { info!("Generating fingerprint"); - let key = BASE64_ENGINE.decode(&input.public_key)?; + let key = STANDARD.decode(&input.public_key)?; Ok(FingerprintResponse { fingerprint: fingerprint(&input.fingerprint_material, &key)?, diff --git a/crates/bitwarden/src/util.rs b/crates/bitwarden/src/util.rs index 4dbe21ca6..038c3d7ee 100644 --- a/crates/bitwarden/src/util.rs +++ b/crates/bitwarden/src/util.rs @@ -21,12 +21,11 @@ pub fn default_argon2_parallelism() -> NonZeroU32 { NonZeroU32::new(4).unwrap() } -const BASE64_ENGINE_CONFIG: GeneralPurposeConfig = GeneralPurposeConfig::new() - .with_encode_padding(true) - .with_decode_padding_mode(DecodePaddingMode::Indifferent); +const INDIFFERENT: GeneralPurposeConfig = + GeneralPurposeConfig::new().with_decode_padding_mode(DecodePaddingMode::Indifferent); -pub const BASE64_ENGINE: GeneralPurpose = - GeneralPurpose::new(&alphabet::STANDARD, BASE64_ENGINE_CONFIG); +pub const STANDARD_INDIFFERENT: GeneralPurpose = + GeneralPurpose::new(&alphabet::STANDARD, INDIFFERENT); #[cfg(feature = "mobile")] pub(crate) fn capitalize_first_letter(s: &str) -> String {