From 59053541d2b6a96cede6b9fe7939bbe1aaf743ec Mon Sep 17 00:00:00 2001 From: Bernd Schoolmann Date: Wed, 30 Oct 2024 11:15:06 +0100 Subject: [PATCH] Make ssh key fields non-optional (#13) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ## ๐ŸŽŸ๏ธ Tracking - ## ๐Ÿ“” Objective SSH key item fields should never be optional and are always present. All of these are set on creation / update. ## โฐ Reminders before review - Contributor guidelines followed - All formatters and local linters executed and passed - Written new unit and / or integration tests where applicable - Protected functional changes with optionality (feature flags) - Used internationalization (i18n) for all UI strings - CI builds passed - Communicated to DevOps any deployment requirements - Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team ## ๐Ÿฆฎ Reviewer guidelines - ๐Ÿ‘ (`:+1:`) or similar for great changes - ๐Ÿ“ (`:memo:`) or โ„น๏ธ (`:information_source:`) for notes or general info - โ“ (`:question:`) for questions - ๐Ÿค” (`:thinking:`) or ๐Ÿ’ญ (`:thought_balloon:`) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion - ๐ŸŽจ (`:art:`) for suggestions / improvements - โŒ (`:x:`) or โš ๏ธ (`:warning:`) for more significant problems or concerns needing attention - ๐ŸŒฑ (`:seedling:`) or โ™ป๏ธ (`:recycle:`) for future improvements or indications of technical debt - โ› (`:pick:`) for minor or nitpick changes --------- Co-authored-by: Daniel Garcรญa --- crates/bitwarden-exporters/src/json.rs | 18 +++++++++--------- crates/bitwarden-exporters/src/lib.rs | 6 +++--- crates/bitwarden-vault/src/cipher/cipher.rs | 11 ++++++----- crates/bitwarden-vault/src/cipher/ssh_key.rs | 18 +++++++++--------- 4 files changed, 27 insertions(+), 26 deletions(-) diff --git a/crates/bitwarden-exporters/src/json.rs b/crates/bitwarden-exporters/src/json.rs index 7ed85d45..58895914 100644 --- a/crates/bitwarden-exporters/src/json.rs +++ b/crates/bitwarden-exporters/src/json.rs @@ -213,9 +213,9 @@ impl From for JsonIdentity { #[derive(serde::Serialize)] #[serde(rename_all = "camelCase")] struct JsonSshKey { - private_key: Option, - public_key: Option, - fingerprint: Option, + private_key: String, + public_key: String, + fingerprint: String, } impl From for JsonSshKey { @@ -629,9 +629,9 @@ mod tests { notes: None, r#type: CipherType::SshKey(Box::new(SshKey { - private_key: Some("private".to_string()), - public_key: Some("public".to_string()), - fingerprint: Some("fingerprint".to_string()), + private_key: "private".to_string(), + public_key: "public".to_string(), + fingerprint: "fingerprint".to_string(), })), favorite: false, @@ -837,9 +837,9 @@ mod tests { notes: None, r#type: CipherType::SshKey(Box::new(SshKey { - private_key: Some("-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW\nQyNTUxOQAAACBinNE5chMtCHh3BV0H1+CpPlEQBwR5cD+Xb9i8MaHGiwAAAKAy48fwMuPH\n8AAAAAtzc2gtZWQyNTUxOQAAACBinNE5chMtCHh3BV0H1+CpPlEQBwR5cD+Xb9i8MaHGiw\nAAAEAYUCIdfLI14K3XIy9V0FDZLQoZ9gcjOnvFjb4uA335HmKc0TlyEy0IeHcFXQfX4Kk+\nURAHBHlwP5dv2LwxocaLAAAAHHF1ZXh0ZW5ATWFjQm9vay1Qcm8tMTYubG9jYWwB\n-----END OPENSSH PRIVATE KEY-----".to_string()), - public_key: Some("ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGKc0TlyEy0IeHcFXQfX4Kk+URAHBHlwP5dv2LwxocaL".to_string()), - fingerprint: Some("SHA256:1JjFjvPRkj1Gbf2qRP1dgHiIzEuNAEvp+92x99jw3K0".to_string()), + private_key: "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW\nQyNTUxOQAAACBinNE5chMtCHh3BV0H1+CpPlEQBwR5cD+Xb9i8MaHGiwAAAKAy48fwMuPH\n8AAAAAtzc2gtZWQyNTUxOQAAACBinNE5chMtCHh3BV0H1+CpPlEQBwR5cD+Xb9i8MaHGiw\nAAAEAYUCIdfLI14K3XIy9V0FDZLQoZ9gcjOnvFjb4uA335HmKc0TlyEy0IeHcFXQfX4Kk+\nURAHBHlwP5dv2LwxocaLAAAAHHF1ZXh0ZW5ATWFjQm9vay1Qcm8tMTYubG9jYWwB\n-----END OPENSSH PRIVATE KEY-----".to_string(), + public_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGKc0TlyEy0IeHcFXQfX4Kk+URAHBHlwP5dv2LwxocaL".to_string(), + fingerprint: "SHA256:1JjFjvPRkj1Gbf2qRP1dgHiIzEuNAEvp+92x99jw3K0".to_string(), })), favorite: false, diff --git a/crates/bitwarden-exporters/src/lib.rs b/crates/bitwarden-exporters/src/lib.rs index f6bb8dbf..c11e4d96 100644 --- a/crates/bitwarden-exporters/src/lib.rs +++ b/crates/bitwarden-exporters/src/lib.rs @@ -137,9 +137,9 @@ pub struct Identity { pub struct SshKey { /// [OpenSSH private key](https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.key), in PEM encoding. - pub private_key: Option, + pub private_key: String, /// Ssh public key (ed25519/rsa) according to [RFC4253](https://datatracker.ietf.org/doc/html/rfc4253#section-6.6) - pub public_key: Option, + pub public_key: String, /// SSH fingerprint using SHA256 in the format: `SHA256:BASE64_ENCODED_FINGERPRINT` - pub fingerprint: Option, + pub fingerprint: String, } diff --git a/crates/bitwarden-vault/src/cipher/cipher.rs b/crates/bitwarden-vault/src/cipher/cipher.rs index 846d332c..aa612210 100644 --- a/crates/bitwarden-vault/src/cipher/cipher.rs +++ b/crates/bitwarden-vault/src/cipher/cipher.rs @@ -340,8 +340,7 @@ impl Cipher { return Ok(String::new()); }; - ssh_key - .fingerprint + Some(ssh_key.fingerprint.clone()) .as_ref() .map(|c| c.decrypt_with_key(key)) .transpose()? @@ -1191,6 +1190,8 @@ mod tests { let key = SymmetricCryptoKey::try_from(key).unwrap(); let original_subtitle = "SHA256:1JjFjvPRkj1Gbf2qRP1dgHiIzEuNAEvp+92x99jw3K0".to_string(); let fingerprint_encrypted = original_subtitle.to_owned().encrypt_with_key(&key).unwrap(); + let private_key_encrypted = "".to_string().encrypt_with_key(&key).unwrap(); + let public_key_encrypted = "".to_string().encrypt_with_key(&key).unwrap(); let ssh_key_cipher = Cipher { id: Some("090c19ea-a61a-4df6-8963-262b97bc6266".parse().unwrap()), organization_id: None, @@ -1208,9 +1209,9 @@ mod tests { card: None, secure_note: None, ssh_key: Some(SshKey { - private_key: None, - public_key: None, - fingerprint: Some(fingerprint_encrypted), + private_key: private_key_encrypted, + public_key: public_key_encrypted, + fingerprint: fingerprint_encrypted, }), favorite: false, reprompt: CipherRepromptType::None, diff --git a/crates/bitwarden-vault/src/cipher/ssh_key.rs b/crates/bitwarden-vault/src/cipher/ssh_key.rs index 6d4977c8..5f5464a6 100644 --- a/crates/bitwarden-vault/src/cipher/ssh_key.rs +++ b/crates/bitwarden-vault/src/cipher/ssh_key.rs @@ -9,11 +9,11 @@ use serde::{Deserialize, Serialize}; #[cfg_attr(feature = "uniffi", derive(uniffi::Record))] pub struct SshKey { /// SSH private key (ed25519/rsa) in unencrypted openssh private key format [OpenSSH private key](https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.key) - pub private_key: Option, + pub private_key: EncString, /// SSH public key (ed25519/rsa) according to [RFC4253](https://datatracker.ietf.org/doc/html/rfc4253#section-6.6) - pub public_key: Option, + pub public_key: EncString, /// SSH fingerprint using SHA256 in the format: `SHA256:BASE64_ENCODED_FINGERPRINT` - pub fingerprint: Option, + pub fingerprint: EncString, } #[derive(Serialize, Deserialize, Debug, JsonSchema, Clone)] @@ -21,11 +21,11 @@ pub struct SshKey { #[cfg_attr(feature = "uniffi", derive(uniffi::Record))] pub struct SshKeyView { /// SSH private key (ed25519/rsa) in unencrypted openssh private key format [OpenSSH private key](https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.key) - pub private_key: Option, + pub private_key: String, /// SSH public key (ed25519/rsa) according to [RFC4253](https://datatracker.ietf.org/doc/html/rfc4253#section-6.6) - pub public_key: Option, + pub public_key: String, /// SSH fingerprint using SHA256 in the format: `SHA256:BASE64_ENCODED_FINGERPRINT` - pub fingerprint: Option, + pub fingerprint: String, } impl KeyEncryptable for SshKeyView { @@ -41,9 +41,9 @@ impl KeyEncryptable for SshKeyView { impl KeyDecryptable for SshKey { fn decrypt_with_key(&self, key: &SymmetricCryptoKey) -> Result { Ok(SshKeyView { - private_key: self.private_key.decrypt_with_key(key).ok().flatten(), - public_key: self.public_key.decrypt_with_key(key).ok().flatten(), - fingerprint: self.fingerprint.decrypt_with_key(key).ok().flatten(), + private_key: self.private_key.decrypt_with_key(key)?, + public_key: self.public_key.decrypt_with_key(key)?, + fingerprint: self.fingerprint.decrypt_with_key(key)?, }) } }