[PM-22861] Account security state #322
Conversation
quexten
changed the base branch from
km/cose-signatures-rotate-account
to
km/cose-key-rotation
|
Great job, no security vulnerabilities found in this Pull Request |
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## km/cose-key-rotation #322 +/- ##
========================================================
+ Coverage 71.61% 71.92% +0.30%
========================================================
Files 225 226 +1
Lines 18426 18689 +263
========================================================
+ Hits 13196 13442 +246
- Misses 5230 5247 +17 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
quexten
changed the title
quexten
requested review from
dani-garcia and
Thomas-Avery
and removed request for
a team
|
Security state seems like it would fit better in the bitwarden-core crate than crypto, similar to EncryptionSettings. |
The reason it lives in That does make me wonder if namespace should really be a generic parameter, similar to how key context is done with the actual key ids being defined in core. |
|
|
This seems to only be enforced by convention though, there's nothing in the type system providing compiler level safety?
I think so, or leaving the code signing concepts in crypto but lifting out the application logic. Or splitting up the crypto crate into multiple more focused areas where some provide low level utilities but other mixing domain logic. |
Yeah, that is true, currently this relies on people reading the documentation. I think we can change this in the long term to:
This does not provide complete safety, but at least makes accidental misuse less likely. |
I think resorting the crypto crate is something we wanted to do anyways after "user crypto v2" is done; I recall we had a DM about this with you and Dani, for how this would look. I'd like to defer resorting the crate for after the bigger changes here are done however. Are we OK with putting this in |
|
I think I'd prefer to just put it in core right now and not have a link in the documentation. It's weird that we have crypto errors that are only thrown by other crates. We can always lift it in later if we think it fits better. |
🎟️ Tracking
https://bitwarden.atlassian.net/browse/PM-22861
📔 Objective
This adds the initial version of account security state to the sdk, on init of the sdk state, and for enrollment to v2 crypto.
Account security state is an attestation to a specific version and featureset that is enabled. The version is used to prevent cryptographic downgrades of the account state.
This will prevent downgrades in the following ways:
A security version then is used to lock down specific features. If a feature is to be disabled, then a migrator is needed. After migrating the account not to use the retired feature, the version is incremented and any subsequent syncs with that format included are rejected.
⏰ Reminders before review
team
🦮 Reviewer guidelines
:+1:) or similar for great changes:memo:) or ℹ️ (:information_source:) for notes or general info:question:) for questions:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmedissue and could potentially benefit from discussion
:art:) for suggestions / improvements:x:) or:warning:) for more significant problems or concerns needing attention:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt:pick:) for minor or nitpick changes