aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel GarcĂ­a <[email protected]>2023-10-23 00:18:14 +0200
committerGitHub <[email protected]>2023-10-23 00:18:14 +0200
commitcb4b683dcd51eff4508bcf50e34d657b8d2225d4 (patch)
treee57f1041f6161eed11cc618a80849e1f06f32b3a
parent6eaf1319227158df7724d25f53bf03f7c1a52bc1 (diff)
downloadvaultwarden-cb4b683dcd51eff4508bcf50e34d657b8d2225d4.tar.gz
vaultwarden-cb4b683dcd51eff4508bcf50e34d657b8d2225d4.zip
Implement cipher key encryption (#3990)
-rw-r--r--migrations/mysql/2023-10-21-221242_add_cipher_key/down.sql0
-rw-r--r--migrations/mysql/2023-10-21-221242_add_cipher_key/up.sql2
-rw-r--r--migrations/postgresql/2023-10-21-221242_add_cipher_key/down.sql0
-rw-r--r--migrations/postgresql/2023-10-21-221242_add_cipher_key/up.sql2
-rw-r--r--migrations/sqlite/2023-10-21-221242_add_cipher_key/down.sql0
-rw-r--r--migrations/sqlite/2023-10-21-221242_add_cipher_key/up.sql2
-rw-r--r--src/api/core/ciphers.rs3
-rw-r--r--src/api/core/mod.rs13
-rw-r--r--src/db/models/cipher.rs5
-rw-r--r--src/db/schemas/mysql/schema.rs1
-rw-r--r--src/db/schemas/postgresql/schema.rs1
-rw-r--r--src/db/schemas/sqlite/schema.rs1
12 files changed, 29 insertions, 1 deletions
diff --git a/migrations/mysql/2023-10-21-221242_add_cipher_key/down.sql b/migrations/mysql/2023-10-21-221242_add_cipher_key/down.sql
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/migrations/mysql/2023-10-21-221242_add_cipher_key/down.sql
diff --git a/migrations/mysql/2023-10-21-221242_add_cipher_key/up.sql b/migrations/mysql/2023-10-21-221242_add_cipher_key/up.sql
new file mode 100644
index 00000000..717ff374
--- /dev/null
+++ b/migrations/mysql/2023-10-21-221242_add_cipher_key/up.sql
@@ -0,0 +1,2 @@
+ALTER TABLE ciphers
+ADD COLUMN "key" TEXT;
diff --git a/migrations/postgresql/2023-10-21-221242_add_cipher_key/down.sql b/migrations/postgresql/2023-10-21-221242_add_cipher_key/down.sql
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/migrations/postgresql/2023-10-21-221242_add_cipher_key/down.sql
diff --git a/migrations/postgresql/2023-10-21-221242_add_cipher_key/up.sql b/migrations/postgresql/2023-10-21-221242_add_cipher_key/up.sql
new file mode 100644
index 00000000..1b060b60
--- /dev/null
+++ b/migrations/postgresql/2023-10-21-221242_add_cipher_key/up.sql
@@ -0,0 +1,2 @@
+ALTER TABLE ciphers
+ADD COLUMN "key" TEXT;
diff --git a/migrations/sqlite/2023-10-21-221242_add_cipher_key/down.sql b/migrations/sqlite/2023-10-21-221242_add_cipher_key/down.sql
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/migrations/sqlite/2023-10-21-221242_add_cipher_key/down.sql
diff --git a/migrations/sqlite/2023-10-21-221242_add_cipher_key/up.sql b/migrations/sqlite/2023-10-21-221242_add_cipher_key/up.sql
new file mode 100644
index 00000000..1b060b60
--- /dev/null
+++ b/migrations/sqlite/2023-10-21-221242_add_cipher_key/up.sql
@@ -0,0 +1,2 @@
+ALTER TABLE ciphers
+ADD COLUMN "key" TEXT;
diff --git a/src/api/core/ciphers.rs b/src/api/core/ciphers.rs
index 43e007ab..b9f3ef63 100644
--- a/src/api/core/ciphers.rs
+++ b/src/api/core/ciphers.rs
@@ -206,6 +206,8 @@ pub struct CipherData {
// TODO: Some of these might appear all the time, no need for Option
OrganizationId: Option<String>,
+ Key: Option<String>,
+
/*
Login = 1,
SecureNote = 2,
@@ -483,6 +485,7 @@ pub async fn update_cipher_from_data(
None => err!("Data missing"),
};
+ cipher.key = data.Key;
cipher.name = data.Name;
cipher.notes = data.Notes;
cipher.fields = data.Fields.map(|f| _clean_cipher_data(f).to_string());
diff --git a/src/api/core/mod.rs b/src/api/core/mod.rs
index f1424688..62a60197 100644
--- a/src/api/core/mod.rs
+++ b/src/api/core/mod.rs
@@ -194,7 +194,12 @@ fn version() -> Json<&'static str> {
fn config() -> Json<Value> {
let domain = crate::CONFIG.domain();
Json(json!({
- "version": crate::VERSION,
+ // Note: The clients use this version to handle backwards compatibility concerns
+ // This means they expect a version that closely matches the Bitwarden server version
+ // We should make sure that we keep this updated when we support the new server features
+ // Version history:
+ // - Individual cipher key encryption: 2023.9.1
+ "version": "2023.9.1",
"gitHash": option_env!("GIT_REV"),
"server": {
"name": "Vaultwarden",
@@ -207,6 +212,12 @@ fn config() -> Json<Value> {
"notifications": format!("{domain}/notifications"),
"sso": "",
},
+ "featureStates": {
+ // Any feature flags that we want the clients to use
+ // Can check the enabled ones at:
+ // https://vault.bitwarden.com/api/config
+ "autofill-v2": true
+ },
"object": "config",
}))
}
diff --git a/src/db/models/cipher.rs b/src/db/models/cipher.rs
index f76490b4..6bc98b90 100644
--- a/src/db/models/cipher.rs
+++ b/src/db/models/cipher.rs
@@ -23,6 +23,8 @@ db_object! {
pub user_uuid: Option<String>,
pub organization_uuid: Option<String>,
+ pub key: Option<String>,
+
/*
Login = 1,
SecureNote = 2,
@@ -62,6 +64,8 @@ impl Cipher {
user_uuid: None,
organization_uuid: None,
+ key: None,
+
atype,
name,
@@ -203,6 +207,7 @@ impl Cipher {
"DeletedDate": self.deleted_at.map_or(Value::Null, |d| Value::String(format_date(&d))),
"Reprompt": self.reprompt.unwrap_or(RepromptType::None as i32),
"OrganizationId": self.organization_uuid,
+ "Key": self.key,
"Attachments": attachments_json,
// We have UseTotp set to true by default within the Organization model.
// This variable together with UsersGetPremium is used to show or hide the TOTP counter.
diff --git a/src/db/schemas/mysql/schema.rs b/src/db/schemas/mysql/schema.rs
index f1a001fd..d10c9fcf 100644
--- a/src/db/schemas/mysql/schema.rs
+++ b/src/db/schemas/mysql/schema.rs
@@ -15,6 +15,7 @@ table! {
updated_at -> Datetime,
user_uuid -> Nullable<Text>,
organization_uuid -> Nullable<Text>,
+ key -> Nullable<Text>,
atype -> Integer,
name -> Text,
notes -> Nullable<Text>,
diff --git a/src/db/schemas/postgresql/schema.rs b/src/db/schemas/postgresql/schema.rs
index 64786fb9..518a7c03 100644
--- a/src/db/schemas/postgresql/schema.rs
+++ b/src/db/schemas/postgresql/schema.rs
@@ -15,6 +15,7 @@ table! {
updated_at -> Timestamp,
user_uuid -> Nullable<Text>,
organization_uuid -> Nullable<Text>,
+ key -> Nullable<Text>,
atype -> Integer,
name -> Text,
notes -> Nullable<Text>,
diff --git a/src/db/schemas/sqlite/schema.rs b/src/db/schemas/sqlite/schema.rs
index 64786fb9..518a7c03 100644
--- a/src/db/schemas/sqlite/schema.rs
+++ b/src/db/schemas/sqlite/schema.rs
@@ -15,6 +15,7 @@ table! {
updated_at -> Timestamp,
user_uuid -> Nullable<Text>,
organization_uuid -> Nullable<Text>,
+ key -> Nullable<Text>,
atype -> Integer,
name -> Text,
notes -> Nullable<Text>,