bitwarden-core 3.0.0

//! Fingerprint generation.
//!
//! This module contains the logic for generating fingerprints.

use bitwarden_crypto::{SpkiPublicKeyBytes, fingerprint};
use bitwarden_encoding::B64;
use serde::{Deserialize, Serialize};
use thiserror::Error;

use crate::{MissingPrivateKeyError, key_management::PrivateKeySlotId};

/// Request to generate a fingerprint.
#[derive(Serialize, Deserialize, Debug)]
#[serde(rename_all = "camelCase", deny_unknown_fields)]
#[cfg_attr(feature = "uniffi", derive(uniffi::Record))]
pub struct FingerprintRequest {
    /// The input material, used in the fingerprint generation process.
    pub fingerprint_material: String,
    /// The user's public key encoded with base64.
    pub public_key: B64,
}

/// Response containing a generated fingerprint.
///
/// TODO: We should attempt to remove this and just return a string.
#[derive(Serialize, Deserialize, Debug)]
#[serde(rename_all = "camelCase", deny_unknown_fields)]
pub struct FingerprintResponse {
    /// The generated fingerprint.
    pub fingerprint: String,
}

/// Errors that can occur when computing a fingerprint.
#[allow(missing_docs)]
#[derive(Debug, Error)]
#[cfg_attr(feature = "uniffi", derive(uniffi::Error))]
pub enum FingerprintError {
    #[error(transparent)]
    Crypto(#[from] bitwarden_crypto::CryptoError),
}

pub(crate) fn generate_fingerprint(input: &FingerprintRequest) -> Result<String, FingerprintError> {
    Ok(fingerprint(
        &input.fingerprint_material,
        &SpkiPublicKeyBytes::from(&input.public_key),
    )?)
}

/// Errors that can occur when computing a fingerprint.
#[allow(missing_docs)]
#[derive(Debug, Error)]
#[cfg_attr(feature = "uniffi", derive(uniffi::Error), uniffi(flat_error))]
pub enum UserFingerprintError {
    #[error(transparent)]
    Crypto(#[from] bitwarden_crypto::CryptoError),
    #[error(transparent)]
    MissingPrivateKey(#[from] MissingPrivateKeyError),
}

pub(crate) fn generate_user_fingerprint(
    client: &crate::Client,
    fingerprint_material: String,
) -> Result<String, UserFingerprintError> {
    let key_store = client.internal.get_key_store();
    let ctx = key_store.context();
    // FIXME: [PM-18110] This should be removed once the key store can handle public keys and
    // fingerprints
    #[allow(deprecated)]
    let private_key = ctx.dangerous_get_private_key(PrivateKeySlotId::UserPrivateKey)?;

    let public_key = private_key.to_public_key().to_der()?;
    let fingerprint = fingerprint(&fingerprint_material, &public_key)?;

    Ok(fingerprint)
}

#[cfg(test)]
mod tests {
    use std::num::NonZeroU32;

    use bitwarden_crypto::Kdf;

    use super::*;
    use crate::{
        Client,
        key_management::{
            MasterPasswordUnlockData, account_cryptographic_state::WrappedAccountCryptographicState,
        },
    };

    #[test]
    fn test_generate_user_fingerprint() {
        let user_key = "2.oZg5RYpU2HjUAKI1DUQCkg==|PyRzI9kZpt66P2OedH8CHOeU0/lgKLkhIJiKDijdyFqIemBSIBoslhfQh/P1TK9xgZp0smgD6+5+yNbZfOpBaCVrsT3WWAO78xOWizduRe4=|xfDLDZSJ+yZAdh388flVg7SMDBJuMs0+CHTjutKs4uQ=";
        let private_key = "2.tY6WsWKUbBwNU8wROuipiQ==|DNFL1d19xVojUKTTy2gxT+9J1VXbMQLcbMnx1HSeA6U3yZhsLR6DPaGibb3Bp8doIHtrsxzL/JeLb4gLDZ8RnDhFfE4iLRaPakX14kbBXrKH9/uW/zc7TqIVciWhI1PaeFlu8wnVuGt3e5Ysx6Y7Uw7RS8pRT5aE3sX3aDPGZTAdTutLn1VUfkShS5OK5HJl9CdiwV2wOcrf4w/WqtaNUUqGdsJ8C4ELlpBzHxqs+lEm+8pGPYmuGQIjVc0eOR9Tza9GTk3ih1XGc1znOCoKUZbtA29RfbwfmJy/yGi/3RLWZFQGCCij4cLC5OpldiX4JWL5Dhox44p/5IVF3rfxTVz3GCyDOoHevRG/06sUBq6nhbdCQf3lJvxwcQJhoQg4rsapM3rgol+u+TbXRiwWPbfswuLkRlvGFKtKUWMa4S57gj0CFYgSBPdTyhZTB44D7JQ2bd901Ur1dYWcDe4Kn3ZawpxL0cX2ZPlE3v8FXFJf2s8DJytL8yu73GasDzVmaGHxueWWVz7EHjh+pmB4oaAHARcY8d3LActAyl/+bcFRPYQJ68ae6DJhYYJGHIBWMImf2BifGgUX8vUFfUAYjne3D82lRyZQHs3xbl+ZxEPgWiPYRWUtxGXLLP4f9mbl+LeJdehtHNjC8kOduBL0CsP4gmugzNNUXI+Izc/9svno6kFr6SU0LA3MGrOU8ao7UCQbf/Pj/RKnG1gRmBDQqf7IMm6jOyTwdde9NpfQb32iH11PkuAKBvEtUuq9BeAKWjoZku+ycsN2jZH0hzd/QrU2c+E4+yHwX3wSxxorNOXt5EZkJbEDBlpRyE1zWoyy0wIYfcChYLvFN8QFHchlw5wmHxL+OOgdgndAtV/2DCx+NB6caY31qLictME+1GPPlQ7QvicMLgmpSWq83rs4ex/My6p3hCRSrJJiLvjEDZLYWKHHLd5tsPRAjX8ADNWB1VeIeiJrj1wpOCc1PbWpbljbbTsBmVPo6iKm/UDGAHBdQ//0j3FQg8f5w/j+McsoaMpDNHNTiLvjWERR+RBmsEA0lEL00wZz/DHlzOAYHLYYqFMT7GBCQD+Wk/l1TL+X2agUy7Irlk7QbZ4ivfdNIpSW8Ct9MGE6o4wV+nIpXURojgBBTcP85RTBLXXGrIprnK1G/VE8ONag3+nkqIyChjYyk5QMsxqOqSHsbiOxhCdXypbCbY4g9yKJtBJ/ADjxmELj0X7pqsTFqC0eRT7rk9qTBcYBBu6rwlAfq8AKjDB7WjNjzLaMi6lBoe4petBn1xcLkXD5hHra0TULxcYrq8MIb+Vk4CBZZdwwyVm/28SwSjHBIBpRysPAonDDsp3KlahwXEFvRDQR/oFww172GI7cx8SoPn93Qh0JfpTAAowsO3meR8bzUSyd7v3rmtaBPsWHE9zUXye/6nloMU5joEcD6uJaxd0kdaWWIoKLH++zHW1R776wJrS6u+TIWZgHqiIJoCd9fV25BnQcbZRKd6mnfNQkchJ6c6ozXKrFaa8DLdERdfh84+isw5mzW2zMJwHEwtKt6LUTyieC2exzPAwPxJT1+IMjuzuwiLnvGKOq+kwE/LWBSB0ZfGuCP/3jMM8OCfe7Hbpt1TfXcUxUzj6sSjkjQB6qBt+TINRdOFA=|fppguME86utsAOKrBYn6XU95q7daVbZ+3dD9OVkQlAw=";
        let fingerprint_material = "a09726a0-9590-49d1-a5f5-afe300b6a515";

        let client = Client::new(None);

        client
            .internal
            .initialize_user_crypto_master_password_unlock(
                "asdfasdfasdf".to_string(),
                MasterPasswordUnlockData {
                    kdf: Kdf::PBKDF2 {
                        iterations: NonZeroU32::new(600_000).unwrap(),
                    },
                    master_key_wrapped_user_key: user_key.parse().unwrap(),
                    salt: "robb@stark.com".to_string(),
                },
                WrappedAccountCryptographicState::V1 {
                    private_key: private_key.parse().unwrap(),
                },
                &None,
            )
            .unwrap();

        let fingerprint =
            generate_user_fingerprint(&client, fingerprint_material.to_string()).unwrap();

        assert_eq!(fingerprint, "turban-deftly-anime-chatroom-unselfish");
    }
}