Move decrypt logic into EncString

bitwarden · Dec 15, 2023 · 40c8464 · 40c8464
1 parent dad8af4
commit 40c8464
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 19 deletions.
diff --git a/crates/bitwarden/src/client/encryption_settings.rs b/crates/bitwarden/src/client/encryption_settings.rs
@@ -9,7 +9,7 @@ use {
         crypto::{EncString, KeyDecryptable},
         error::{CryptoError, Result},
     },
-    rsa::{pkcs8::DecodePrivateKey, Oaep},
+    rsa::pkcs8::DecodePrivateKey,
 };
 
 use crate::crypto::SymmetricCryptoKey;
@@ -96,24 +96,7 @@ impl EncryptionSettings {
 
         // Decrypt the org keys with the private key
         for (org_id, org_enc_key) in org_enc_keys {
-            let dec = match org_enc_key {
-                EncString::Rsa2048_OaepSha256_B64 { data } => {
-                    private_key.decrypt(Oaep::new::<sha2::Sha256>(), &data)
-                }
-                EncString::Rsa2048_OaepSha1_B64 { data } => {
-                    private_key.decrypt(Oaep::new::<sha1::Sha1>(), &data)
-                }
-                #[allow(deprecated)]
-                EncString::Rsa2048_OaepSha256_HmacSha256_B64 { data } => {
-                    private_key.decrypt(Oaep::new::<sha2::Sha256>(), &data)
-                }
-                #[allow(deprecated)]
-                EncString::Rsa2048_OaepSha1_HmacSha256_B64 { data } => {
-                    private_key.decrypt(Oaep::new::<sha1::Sha1>(), &data)
-                }
-                _ => return Err(CryptoError::InvalidKey.into()),
-            }
-            .map_err(|_| CryptoError::KeyDecrypt)?;
+            let dec = org_enc_key.decrypt_with_private_key(private_key)?;
 
             let org_key = SymmetricCryptoKey::try_from(dec.as_slice())?;
 

diff --git a/crates/bitwarden/src/crypto/enc_string.rs b/crates/bitwarden/src/crypto/enc_string.rs
@@ -2,6 +2,8 @@ use std::{fmt::Display, str::FromStr};
 
 use aes::cipher::{generic_array::GenericArray, typenum::U32};
 use base64::Engine;
+#[cfg(feature = "internal")]
+use rsa::{Oaep, RsaPrivateKey};
 use serde::{de::Visitor, Deserialize};
 
 use super::{KeyDecryptable, KeyEncryptable, LocateKey};
@@ -170,6 +172,29 @@ impl EncString {
         s.map(|s| s.parse()).transpose()
     }
 
+    /// TODO: Convert this to a trait method
+    #[cfg(feature = "internal")]
+    pub(crate) fn decrypt_with_private_key(&self, key: &RsaPrivateKey) -> Result<Vec<u8>> {
+        Ok(match self {
+            EncString::Rsa2048_OaepSha256_B64 { data } => {
+                key.decrypt(Oaep::new::<sha2::Sha256>(), data)
+            }
+            EncString::Rsa2048_OaepSha1_B64 { data } => {
+                key.decrypt(Oaep::new::<sha1::Sha1>(), data)
+            }
+            #[allow(deprecated)]
+            EncString::Rsa2048_OaepSha256_HmacSha256_B64 { data } => {
+                key.decrypt(Oaep::new::<sha2::Sha256>(), data)
+            }
+            #[allow(deprecated)]
+            EncString::Rsa2048_OaepSha1_HmacSha256_B64 { data } => {
+                key.decrypt(Oaep::new::<sha1::Sha1>(), data)
+            }
+            _ => return Err(CryptoError::InvalidKey.into()),
+        }
+        .map_err(|_| CryptoError::KeyDecrypt)?)
+    }
+
     #[cfg(feature = "mobile")]
     pub(crate) fn from_buffer(buf: &[u8]) -> Result<Self> {
         if buf.is_empty() {