Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. Weโ€™ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[PM-5693] CryptoService using memfd_secret on Linux #979

Closed
wants to merge 41 commits into from
Closed
Show file tree
Hide file tree
Changes from 24 commits
Commits
Show all changes
41 commits
Select commit Hold shift + click to select a range
d7c7c3e
Initial CryptoService impl
dani-garcia Jul 26, 2024
6068e84
More work
dani-garcia Aug 23, 2024
50dc1b4
Refactor keystore to also handle resizes
dani-garcia Aug 23, 2024
216eb25
Merge branch 'main' into ps/secure-crypto-service
dani-garcia Aug 23, 2024
4b846ed
Fix
dani-garcia Aug 23, 2024
7a01168
Paralelization plus alternative to locatekey
dani-garcia Aug 23, 2024
c649bf0
WASM support
dani-garcia Aug 23, 2024
b901ef7
Merge branch 'main' into ps/secure-crypto-service
dani-garcia Sep 20, 2024
e2129ad
Remove unnecessary trait
dani-garcia Sep 23, 2024
f708fcc
Inline cryptoengine
dani-garcia Sep 23, 2024
30854f7
Impl KeyStore in Slice struct directly
dani-garcia Sep 23, 2024
bed894a
Reset the values to None after munlock has zeroized them
dani-garcia Sep 23, 2024
709dfce
Merge branch 'main' into ps/secure-crypto-service
dani-garcia Sep 23, 2024
f7eda88
Fmt
dani-garcia Sep 23, 2024
ce2343e
Add benchmark
dani-garcia Sep 24, 2024
bcd712f
Respect no-memory-hardening flag
dani-garcia Sep 24, 2024
38343d2
Fix cfg flags, silence warnings
dani-garcia Sep 24, 2024
f34ce02
Export memfd correctly
dani-garcia Sep 24, 2024
cc27320
Fix memtest
dani-garcia Sep 24, 2024
281619d
Merge branch 'main' into ps/secure-crypto-service
dani-garcia Sep 24, 2024
32d298f
Try fat LTO to fix windows
dani-garcia Sep 24, 2024
c43aa08
Disable memsec on windows to fix it
dani-garcia Sep 24, 2024
dd37d1d
Incorrect optional dep
dani-garcia Sep 24, 2024
45f3d32
Try updating windows in memsec
dani-garcia Sep 24, 2024
1f70169
Remove unnecessary bound
dani-garcia Sep 25, 2024
22a8b17
Move store impl around a bit
dani-garcia Sep 25, 2024
c63f656
Make KeyStore pub
dani-garcia Sep 25, 2024
db3f8d4
Merge branch 'main' into ps/secure-crypto-service-impl
dani-garcia Oct 2, 2024
eb81684
Some renames/simplifications
dani-garcia Oct 2, 2024
d279626
Add some missing implementations
dani-garcia Oct 2, 2024
d5f1ede
Rename
dani-garcia Oct 3, 2024
8652d79
Introduce mutable context
dani-garcia Oct 3, 2024
fdb0263
Refactor keyref/encryptable locations
dani-garcia Oct 4, 2024
6ea6267
Some additions needed to migrate the code
dani-garcia Oct 7, 2024
32088c7
Merge branch 'main' into ps/secure-crypto-service
dani-garcia Oct 7, 2024
f882fb2
Remove bench
dani-garcia Oct 7, 2024
bec4786
Remove using
dani-garcia Oct 7, 2024
c2ffea6
Fix TODO
dani-garcia Oct 8, 2024
c0d2b63
Comment
dani-garcia Oct 8, 2024
cacf4db
Merge branch 'main' into ps/secure-crypto-service
dani-garcia Oct 8, 2024
f4ca816
Fmt
dani-garcia Oct 8, 2024
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 11 additions & 0 deletions Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

139 changes: 139 additions & 0 deletions crates/bitwarden-core/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -19,3 +19,142 @@

pub use bitwarden_crypto::ZeroizingAllocator;
pub use client::{Client, ClientSettings, DeviceType};

#[allow(warnings)]
#[cfg(test)]
mod testcrypto {

// TEST IMPL OF THE NEW ENCRYPTABLE/DECRYPTABLE TRAITS
// Note that these never touch the keys at all, they just use the context and key references to
// encrypt/decrypt

use bitwarden_crypto::{
key_refs, service::*, AsymmetricCryptoKey, CryptoError, EncString, KeyEncryptable,
SymmetricCryptoKey,
};

key_refs! {
#[symmetric]
pub enum MySymmKeyRef {
User,
Organization(uuid::Uuid),
#[local]
Local(&'static str),
}

#[asymmetric]
pub enum MyAsymmKeyRef {
UserPrivateKey,
#[local]
Local(&'static str),
}
}

#[derive(Clone)]
struct Cipher {
key: Option<EncString>,
name: EncString,
}

#[derive(Clone)]
struct CipherView {
key: Option<EncString>,
name: String,
}

impl UsesKey<MySymmKeyRef> for Cipher {
fn uses_key(&self) -> MySymmKeyRef {
MySymmKeyRef::User
}
}
impl UsesKey<MySymmKeyRef> for CipherView {
fn uses_key(&self) -> MySymmKeyRef {
MySymmKeyRef::User
}
}

const CIPHER_KEY: MySymmKeyRef = MySymmKeyRef::Local("cipher_key");

impl Encryptable<MySymmKeyRef, MyAsymmKeyRef, MySymmKeyRef, Cipher> for CipherView {
fn encrypt(
&self,
ctx: &mut CryptoServiceContext<MySymmKeyRef, MyAsymmKeyRef>,
key: MySymmKeyRef,
) -> Result<Cipher, bitwarden_crypto::CryptoError> {
let cipher_key = match &self.key {
Some(cipher_key) => {
ctx.decrypt_and_store_symmetric_key(key, CIPHER_KEY, cipher_key)?
}
None => key,

Check warning on line 88 in crates/bitwarden-core/src/lib.rs

View check run for this annotation

Codecov / codecov/patch

crates/bitwarden-core/src/lib.rs#L88

Added line #L88 was not covered by tests
};

Ok(Cipher {
key: self.key.clone(),
name: self.name.as_str().encrypt(ctx, cipher_key)?,
})
}
}

impl Decryptable<MySymmKeyRef, MyAsymmKeyRef, MySymmKeyRef, CipherView> for Cipher {
fn decrypt(
&self,
ctx: &mut CryptoServiceContext<MySymmKeyRef, MyAsymmKeyRef>,
key: MySymmKeyRef,
) -> Result<CipherView, CryptoError> {
let cipher_key = match &self.key {
Some(cipher_key) => {
ctx.decrypt_and_store_symmetric_key(key, CIPHER_KEY, cipher_key)?
}
None => key,

Check warning on line 108 in crates/bitwarden-core/src/lib.rs

View check run for this annotation

Codecov / codecov/patch

crates/bitwarden-core/src/lib.rs#L108

Added line #L108 was not covered by tests
};

Ok(CipherView {
key: self.key.clone(),
name: self.name.decrypt(ctx, cipher_key)?,
})
}
}

#[test]
fn test_cipher() {
let user_key = SymmetricCryptoKey::generate(rand::thread_rng());

let org_id = uuid::Uuid::parse_str("91b000b6-81ce-47f4-9802-3390e0b895ed").unwrap();
let org_key = SymmetricCryptoKey::generate(rand::thread_rng());

let cipher_key = SymmetricCryptoKey::generate(rand::thread_rng());
let cipher_key_user_enc = cipher_key.to_vec().encrypt_with_key(&user_key).unwrap();
let cipher_view = CipherView {
key: Some(cipher_key_user_enc.clone()),
name: "test".to_string(),
};

let service: CryptoService<MySymmKeyRef, MyAsymmKeyRef> = CryptoService::new();
// Ideally we'd decrypt the keys directly into the service, but that's not implemented yet
#[allow(deprecated)]
{
service.insert_symmetric_key(MySymmKeyRef::User, user_key);
service.insert_symmetric_key(MySymmKeyRef::Organization(org_id), org_key);
}

let cipher_enc2 = service.encrypt(cipher_view.clone()).unwrap();

let cipher_view2 = service.decrypt(&cipher_enc2).unwrap();

assert_eq!(cipher_view.name, cipher_view2.name);

// We can also decrypt a value by tagging it with the key
let text = String::from("test!");

let text_enc = service
.encrypt(text.as_str().using_key(MySymmKeyRef::User))
.unwrap();

// And decrypt values in parallel
let mut data = Vec::with_capacity(250);
for _ in 0..data.capacity() {
data.push("hello world, this is an encryption test!".using_key(MySymmKeyRef::User));
}
service.encrypt_list(&data).unwrap();
}
}
11 changes: 10 additions & 1 deletion crates/bitwarden-crypto/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -46,8 +46,13 @@ uniffi = { version = "=0.28.1", optional = true }
uuid = { version = ">=1.3.3, <2.0", features = ["serde"] }
zeroize = { version = ">=1.7.0, <2.0", features = ["derive", "aarch64"] }

[target.'cfg(not(target_arch = "wasm32"))'.dependencies]
memsec = { version = "0.7.0", features = [
"alloc_ext",
], git = "https://github.com/dani-garcia/memsec", rev = "3d2e272d284442637bac0a7d94f76883960db7e2" }
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

memsec is using windows-sys 0.45, which was causing build errors similar to the ones fixed by #1053.

Using the latest windows-sys 0.59 seems to solve the problem for me. TODO: Open a PR upstream?


[dev-dependencies]
criterion = "0.5.1"
criterion = { version = "0.5.1", features = ["html_reports"] }
rand_chacha = "0.3.1"
serde_json = ">=1.0.96, <2.0"

Expand All @@ -61,5 +66,9 @@ name = "zeroizing_allocator"
harness = false
required-features = ["no-memory-hardening"]

[[bench]]
name = "new_encryptable"
harness = false

[lints]
workspace = true
180 changes: 180 additions & 0 deletions crates/bitwarden-crypto/benches/new_encryptable.rs
Original file line number Diff line number Diff line change
@@ -0,0 +1,180 @@
use criterion::{black_box, criterion_group, criterion_main, BenchmarkId, Criterion, Throughput};

pub fn criterion_benchmark(c: &mut Criterion) {
let user_key = SymmetricCryptoKey::generate(rand::thread_rng());

let org_id = uuid::Uuid::parse_str("91b000b6-81ce-47f4-9802-3390e0b895ed").expect("");
let org_key = SymmetricCryptoKey::generate(rand::thread_rng());

let cipher_key = SymmetricCryptoKey::generate(rand::thread_rng());
let cipher_key_user_enc = cipher_key.to_vec().encrypt_with_key(&user_key).expect("");
let cipher_view = CipherView {
key: Some(cipher_key_user_enc.clone()),
name: "test".to_string(),
};

let service: CryptoService<MySymmKeyRef, MyAsymmKeyRef> = CryptoService::new();
#[allow(deprecated)]
{
service.insert_symmetric_key(MySymmKeyRef::User, user_key.clone());
service.insert_symmetric_key(MySymmKeyRef::Organization(org_id), org_key.clone());
}

let cipher_views = vec![cipher_view.clone(); 10_000];

{
let mut group = c.benchmark_group("New encryptable");

for size in [1, 10, 100, 1_000, 10_000].iter() {
group.throughput(Throughput::Elements(*size as u64));

group.bench_with_input(
BenchmarkId::new("encrypt X ciphers individually", size),
size,
|b, &size| {
b.iter(|| {
for c in cipher_views.iter().take(size).cloned() {
service.encrypt(black_box(c)).expect("");
}
});
},
);

group.bench_with_input(
BenchmarkId::new("encrypt X ciphers batch", size),
size,
|b, &size| {
b.iter(|| service.encrypt_list(black_box(&cipher_views[..size])));
},
);
}

group.finish();
}

{
let mut group = c.benchmark_group("Old encryptable");

for size in [1, 10, 100, 1_000, 10_000].iter() {
group.throughput(Throughput::Elements(*size as u64));

group.bench_with_input(
BenchmarkId::new("encrypt X ciphers individually", size),
size,
|b, &size| {
b.iter(|| {
for c in cipher_views.iter().take(size).cloned() {
black_box(c).encrypt_with_key(&user_key).expect("");
}
});
},
);

group.bench_with_input(
BenchmarkId::new("encrypt X ciphers batch", size),
size,
|b, &size| {
b.iter(|| {
black_box(cipher_views[0..size].to_vec())
.encrypt_with_key(&user_key)
.expect("");
});
},
);
}

group.finish();
}
}

criterion_group!(benches, criterion_benchmark);
criterion_main!(benches);

use bitwarden_crypto::{
key_refs, service::*, CryptoError, EncString, KeyDecryptable, KeyEncryptable,
SymmetricCryptoKey,
};

key_refs! {
#[symmetric]
pub enum MySymmKeyRef {
User,
Organization(uuid::Uuid),
#[local]
Local(&'static str),
}

#[asymmetric]
pub enum MyAsymmKeyRef {
UserPrivateKey,
#[local]
Local(&'static str),
}
}

#[allow(unused)]
struct Cipher {
key: Option<EncString>,
name: EncString,
}

#[derive(Clone)]
struct CipherView {
key: Option<EncString>,
name: String,
}

impl UsesKey<MySymmKeyRef> for Cipher {
fn uses_key(&self) -> MySymmKeyRef {
MySymmKeyRef::User
}
}
impl UsesKey<MySymmKeyRef> for CipherView {
fn uses_key(&self) -> MySymmKeyRef {
MySymmKeyRef::User
}
}

const CIPHER_KEY: MySymmKeyRef = MySymmKeyRef::Local("cipher_key");

// New encryptable implementations

impl Encryptable<MySymmKeyRef, MyAsymmKeyRef, MySymmKeyRef, Cipher> for CipherView {
fn encrypt(
&self,
ctx: &mut CryptoServiceContext<MySymmKeyRef, MyAsymmKeyRef>,
key: MySymmKeyRef,
) -> Result<Cipher, bitwarden_crypto::CryptoError> {
let cipher_key = match &self.key {
Some(cipher_key) => ctx.decrypt_and_store_symmetric_key(key, CIPHER_KEY, cipher_key)?,
None => key,
};

Ok(Cipher {
key: self.key.clone(),
name: self.name.as_str().encrypt(ctx, cipher_key)?,
})
}
}

// Old encryptable implementations

impl KeyEncryptable<SymmetricCryptoKey, Cipher> for CipherView {
fn encrypt_with_key(self, key: &SymmetricCryptoKey) -> Result<Cipher, CryptoError> {
let cipher_key = self
.key
.as_ref()
.map(|k| {
let mut kk: Vec<u8> = k.decrypt_with_key(key)?;
SymmetricCryptoKey::try_from(kk.as_mut_slice())
})
.transpose()?;

let key = cipher_key.as_ref().unwrap_or(key);

Ok(Cipher {
key: self.key.clone(),
name: self.name.encrypt_with_key(key)?,
})
}
}
2 changes: 2 additions & 0 deletions crates/bitwarden-crypto/src/error.rs
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,8 @@ pub enum CryptoError {
MissingKey(Uuid),
#[error("The item was missing a required field: {0}")]
MissingField(&'static str),
#[error("Missing Key for Ref. {0}")]
MissingKey2(String),
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I can't change the MissingKey variant without breaking the code, so for now I'll do this and rename it on the second PR.


#[error("EncString error, {0}")]
EncString(#[from] EncStringParseError),
Expand Down
1 change: 1 addition & 0 deletions crates/bitwarden-crypto/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -82,6 +82,7 @@ mod wordlist;
pub use wordlist::EFF_LONG_WORD_LIST;
mod allocator;
pub use allocator::ZeroizingAllocator;
pub mod service;

#[cfg(feature = "uniffi")]
uniffi::setup_scaffolding!();
Expand Down
Loading
Loading