bitwarden · dereknance · Sep 9, 2025 · Sep 2, 2025 · Sep 2, 2025 · Sep 2, 2025
@@ -87,7 +87,7 @@ jobs:
         run: cargo sort --workspace --check
 
       - name: Install cargo-udeps
-        run: cargo install cargo-udeps --version 0.1.53 --locked
+        run: cargo install cargo-udeps --version 0.1.57 --locked
 
       - name: Cargo udeps
         run: cargo +"${{ steps.nightly-toolchain.outputs.RUST_NIGHTLY_TOOLCHAIN }}" udeps --workspace --all-features

@@ -76,11 +76,9 @@ pub struct AsymmetricCryptoKey {
 
 // Note that RsaPrivateKey already implements ZeroizeOnDrop, so we don't need to do anything
 // We add this assertion to make sure that this is still true in the future
-const _: () = {
+const _: fn() = || {
     fn assert_zeroize_on_drop<T: zeroize::ZeroizeOnDrop>() {}
-    fn assert_all() {
-        assert_zeroize_on_drop::<RsaPrivateKey>();
-    }
+    assert_zeroize_on_drop::<RsaPrivateKey>();
 };
 impl zeroize::ZeroizeOnDrop for AsymmetricCryptoKey {}
 impl CryptoKey for AsymmetricCryptoKey {}

@@ -38,11 +38,9 @@ pub struct SigningKey {
 // Note that `SigningKey` already implements ZeroizeOnDrop, so we don't need to do anything
 // We add this assertion to make sure that this is still true in the future
 // For any new keys, this needs to be checked
-const _: () = {
+const _: fn() = || {
     fn assert_zeroize_on_drop<T: zeroize::ZeroizeOnDrop>() {}
-    fn assert_all() {
-        assert_zeroize_on_drop::<ed25519_dalek::SigningKey>();
-    }
+    assert_zeroize_on_drop::<ed25519_dalek::SigningKey>();
 };
 impl zeroize::ZeroizeOnDrop for SigningKey {}
 impl CryptoKey for SigningKey {}

@@ -294,7 +294,7 @@ impl<'a> Fido2Authenticator<'a> {
     pub(super) fn get_authenticator(
         &self,
         create_credential: bool,
-    ) -> Authenticator<CredentialStoreImpl, UserValidationMethodImpl> {
+    ) -> Authenticator<CredentialStoreImpl<'_>, UserValidationMethodImpl<'_>> {
         Authenticator::new(
             AAGUID,
             CredentialStoreImpl {

@@ -24,6 +24,10 @@ pub struct Fido2CredentialAutofillView {
     pub rp_id: String,
     pub user_name_for_ui: Option<String>,
     pub user_handle: Vec<u8>,
+    /// Indicates if this credential uses a signature counter (legacy passkeys).
+    /// When true, mobile clients must sync before authentication to ensure
+    /// counter values are current. Modern passkeys (counter = 0) can work offline.
+    pub has_counter: bool,
 }
 
 trait NoneWhitespace {
@@ -96,6 +100,7 @@ impl Fido2CredentialAutofillView {
                                     .as_ref()
                                     .and_then(|l| l.username.none_whitespace()))
                                 .or(cipher.name.none_whitespace()),
+                            has_counter: Self::has_signature_counter(&c.counter),
                         })
                     })
             })
@@ -132,13 +137,19 @@ impl Fido2CredentialAutofillView {
                                     .or(c.user_display_name.none_whitespace())
                                     .or(username.none_whitespace())
                                     .or(cipher.name.none_whitespace()),
+                                has_counter: Self::has_signature_counter(&c.counter),
                             })
                         })
                 })
                 .collect(),
             _ => Ok(vec![]),
         }
     }
+
+    fn has_signature_counter(str: &String) -> bool {
+        str.none_whitespace()
+            .is_some_and(|counter_str| counter_str.parse::<u64>().is_ok_and(|counter| counter > 0))
+    }
 }
 
 #[allow(missing_docs)]

@@ -924,6 +924,7 @@ mod tests {
                         user_handle: None,
                         user_name: None,
                         user_display_name: None,
+                        counter: "123".to_string(),
                     }]),
                     has_fido2: true,
                     username: Some("test_username".to_string()),

@@ -114,6 +114,7 @@ pub struct Fido2CredentialListView {
     pub user_handle: Option<String>,
     pub user_name: Option<String>,
     pub user_display_name: Option<String>,
+    pub counter: String,
 }
 
 #[allow(missing_docs)]
@@ -478,6 +479,7 @@ impl Decryptable<KeyIds, SymmetricKeyId, Fido2CredentialListView> for Fido2Crede
             user_handle: self.user_handle.decrypt(ctx, key)?,
             user_name: self.user_name.decrypt(ctx, key)?,
             user_display_name: self.user_display_name.decrypt(ctx, key)?,
+            counter: self.counter.decrypt(ctx, key)?,
         })
     }
 }