Trusted Device Encryption

[Hinton]

Type of change

- [ ] Bug fix
- [x] New feature development
- [ ] Tech debt (refactoring, code cleanup, dependency upgrades, etc)
- [ ] Build/deploy pipeline (DevOps)
- [ ] Other

Objective

Implement trusted device encryption. Verified backwards compatibility with existing device keys from desktop.

Before you submit

• Please add unit tests where it makes sense to do so

[codecov]

Codecov Report

Attention: 9 lines in your changes are missing coverage. Please review.

Comparison is base (ae32c8d) 50.08% compared to head (5afc7fd) 50.68%.

Files	Patch %	Lines
crates/bitwarden/src/auth/client_auth.rs	12.50%	7 Missing ⚠️
crates/bitwarden-crypto/src/keys/device_key.rs	97.59%	2 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #497      +/-   ##
==========================================
+ Coverage   50.08%   50.68%   +0.60%     
==========================================
  Files         161      162       +1     
  Lines        7881     7998     +117     
==========================================
+ Hits         3947     4054     +107     
- Misses       3934     3944      +10     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[bitwarden-bot]

Checkmarx One – Scan Summary & Details – 6022a6c5-9de1-42c3-b351-f0fc162f0da2

Fixed Issues

Severity	Issue	Source File / Package
	Command_Injection	/languages/python/example.py: 66
	Command_Injection	/languages/python/example.py: 35
	Missing User Instruction	/Dockerfile: 23
	Reflected_XSS	/languages/kotlin/app/src/main/java/com/bitwarden/myapplication/MainActivity.kt: 379
	Apt Get Install Pin Version Not Defined	/Dockerfile: 9
	Privacy_Violation	/languages/java/Example.java: 12
	Privacy_Violation	/languages/java/src/main/java/com/bitwarden/sdk/SecretsClient.java: 40
	Privacy_Violation	/languages/java/Example.java: 13
	Unchecked_Input_for_Loop_Condition	/languages/kotlin/app/src/main/java/com/bitwarden/myapplication/MainActivity.kt: 379
	Unpinned Actions Full Length Commit SHA	/build-cli-docker.yml: 68
	Unpinned Actions Full Length Commit SHA	/release-cli.yml: 61
	Unpinned Actions Full Length Commit SHA	/release-napi.yml: 50
	Unpinned Actions Full Length Commit SHA	/release-napi.yml: 104
	Unpinned Actions Full Length Commit SHA	/build-cli-docker.yml: 151
	Unpinned Actions Full Length Commit SHA	/version-bump.yml: 52
	Unpinned Actions Full Length Commit SHA	/publish-rust-crates.yml: 134
	Unpinned Actions Full Length Commit SHA	/build-cli-docker.yml: 75
	Unpinned Actions Full Length Commit SHA	/release-cli.yml: 137
	Unpinned Actions Full Length Commit SHA	/release-cli.yml: 78
	Unpinned Actions Full Length Commit SHA	/release-napi.yml: 135
	Using Platform Flag with FROM Command	/Dockerfile: 4
	Healthcheck Instruction Missing	/Dockerfile: 23
	Missing_CSP_Header	/about.hbs: 48

[jlf0dev]

Looks good!

[jlf0dev]

nit: Not sure of the naming scheme here but at a glance this tells me these are the inputs needed to create a Device Key. Maybe this should be CreatedDeviceKey?

[Hinton]

Good point, I've renamed it to TrustDeviceResponse which is inline with other structs. We'll want to revisit this in the future.

[dani-garcia]

LGTM. Some minor formatting, not sure why rustfmt didn't catch that