Merge branch 'master' into ps/more-encstring-ciphers

bitwarden · Sep 4, 2023 · 56950bc · 56950bc
2 parents ac8e863 + 1d3bae3
commit 56950bc
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 21 deletions.
diff --git a/crates/bitwarden/src/crypto/aes_ops.rs b/crates/bitwarden/src/crypto/aes_ops.rs
@@ -10,24 +10,7 @@ use crate::{
     error::{CryptoError, Result},
 };
 
-pub fn decrypt_aes256(
-    iv: &[u8; 16],
-    mac: &[u8; 32],
-    data: Vec<u8>,
-    mac_key: Option<GenericArray<u8, U32>>,
-    key: GenericArray<u8, U32>,
-) -> Result<Vec<u8>> {
-    let mac_key = match mac_key {
-        Some(k) => k,
-        None => return Err(CryptoError::InvalidMac.into()),
-    };
-
-    // Validate HMAC
-    let res = validate_mac(&mac_key, iv, &data)?;
-    if res != *mac {
-        return Err(CryptoError::InvalidMac.into());
-    }
-
+pub fn decrypt_aes256(iv: &[u8; 16], data: Vec<u8>, key: GenericArray<u8, U32>) -> Result<Vec<u8>> {
     // Decrypt data
     let iv = GenericArray::from_slice(iv);
     let mut data = data;
@@ -42,6 +25,20 @@ pub fn decrypt_aes256(
     Ok(data)
 }
 
+pub fn decrypt_aes256_hmac(
+    iv: &[u8; 16],
+    mac: &[u8; 32],
+    data: Vec<u8>,
+    mac_key: GenericArray<u8, U32>,
+    key: GenericArray<u8, U32>,
+) -> Result<Vec<u8>> {
+    let res = validate_mac(&mac_key, iv, &data)?;
+    if res != *mac {
+        return Err(CryptoError::InvalidMac.into());
+    }
+    decrypt_aes256(iv, data, key)
+}
+
 pub fn encrypt_aes256(
     data_dec: &[u8],
     mac_key: Option<GenericArray<u8, U32>>,

diff --git a/crates/bitwarden/src/crypto/enc_string.rs b/crates/bitwarden/src/crypto/enc_string.rs
@@ -6,7 +6,7 @@ use uuid::Uuid;
 
 use crate::{
     client::encryption_settings::EncryptionSettings,
-    crypto::{decrypt_aes256, Decryptable, Encryptable, SymmetricCryptoKey},
+    crypto::{decrypt_aes256_hmac, Decryptable, Encryptable, SymmetricCryptoKey},
     error::{CryptoError, EncStringParseError, Error, Result},
     util::BASE64_ENGINE,
 };
@@ -307,7 +307,8 @@ impl EncString {
     pub fn decrypt_with_key(&self, key: &SymmetricCryptoKey) -> Result<Vec<u8>> {
         match self {
             EncString::AesCbc256_HmacSha256_B64 { iv, mac, data } => {
-                let dec = decrypt_aes256(iv, mac, data.clone(), key.mac_key, key.key)?;
+                let mac_key = key.mac_key.ok_or(CryptoError::InvalidMac)?;
+                let dec = decrypt_aes256_hmac(iv, mac, data.clone(), mac_key, key.key)?;
                 Ok(dec)
             }
             _ => Err(CryptoError::InvalidKey.into()),

diff --git a/crates/bitwarden/src/crypto/mod.rs b/crates/bitwarden/src/crypto/mod.rs
@@ -30,7 +30,7 @@ pub use enc_string::EncString;
 mod encryptable;
 pub use encryptable::{Decryptable, Encryptable};
 mod aes_ops;
-pub use aes_ops::{decrypt_aes256, encrypt_aes256};
+pub use aes_ops::{decrypt_aes256, decrypt_aes256_hmac, encrypt_aes256};
 mod symmetric_crypto_key;
 pub use symmetric_crypto_key::SymmetricCryptoKey;
 mod shareable_key;