[PM-30144] Implement unlock-data re-encryption for key-rotation#685
[PM-30144] Implement unlock-data re-encryption for key-rotation#685
Conversation
quexten
changed the title
quexten
changed the title
|
Great job! No new security vulnerabilities introduced in this pull request |
🔍 SDK Breaking Change Detection ResultsSDK Version:
Breaking change detection completed. View SDK workflow |
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #685 +/- ##
==========================================
+ Coverage 80.02% 80.30% +0.28%
==========================================
Files 312 314 +2
Lines 34516 35052 +536
==========================================
+ Hits 27621 28150 +529
- Misses 6895 6902 +7 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
quexten
changed the base branch from
km/key-rotation-11
to
km/key-rotation-tmp
| debug_span!("reencrypt_emergency_access_key", grantee_id = ?ea.id).entered(); | ||
| match UnsignedSharedKey::encapsulate(new_user_key_id, &ea.public_key, ctx) { | ||
| Ok(reencrypted_key) => Ok(EmergencyAccessWithIdRequestModel { | ||
| r#type: models::EmergencyAccessType::Takeover, |
There was a problem hiding this comment.
Please note: We should update the request model here. The data here is fully unused on the server-side except for the key.
| salt: String, | ||
| }, | ||
| /// The key-connector based unlock method. | ||
| KeyConnector, |
There was a problem hiding this comment.
For the follow-up ticket, this should probably contain a key-connector key. The implementation is not done / tested here, but it is left as an example of how this is intended to be used.
| } | ||
| } | ||
|
|
||
| fn assert_symmetric_keys_equal( |
There was a problem hiding this comment.
May want to move this into keystore at some point, behind a compile-time debug flag.
quexten
requested review from
a team and
mzieniukbw
and removed request for
a team and
mzieniukbw
quexten
force-pushed
the
km/key-rotation-9
branch
from
4cc5335 to
12cf92b
Compare
Thomas-Avery
left a comment
Thomas-Avery
left a comment
There was a problem hiding this comment.
Looking good, one question from my side.
crates/bitwarden-user-crypto-management/src/key_rotation/unlock.rs
Outdated
Show resolved
Hide resolved
crates/bitwarden-user-crypto-management/src/key_rotation/unlock.rs
Outdated
Show resolved
Hide resolved
|
2 participants
🎟️ Tracking
https://bitwarden.atlassian.net/browse/PM-30144
📔 Objective
Implements unlock-method rotation for user-keys in the SDK. Note: This adds the key-connector enum variant and the none enum variant, but both are unsupported as of now and have comments indicating this.
🚨 Breaking Changes
⏰ Reminders before review
team
🦮 Reviewer guidelines
:+1:) or similar for great changes:memo:) or ℹ️ (:information_source:) for notes or general info:question:) for questions:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmedissue and could potentially benefit from discussion
:art:) for suggestions / improvements:x:) or:warning:) for more significant problems or concerns needing attention:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt:pick:) for minor or nitpick changes