diff --git a/src/Api/Auth/Controllers/OpaqueKeyExchangeController.cs b/src/Api/Auth/Controllers/OpaqueKeyExchangeController.cs index 6f592d6edd..5be9c3eb9a 100644 --- a/src/Api/Auth/Controllers/OpaqueKeyExchangeController.cs +++ b/src/Api/Auth/Controllers/OpaqueKeyExchangeController.cs @@ -13,7 +13,6 @@ public class OpaqueKeyExchangeController : Controller { private readonly IUserService _userService; private readonly BitwardenOpaqueServer _bitwardenOpaque; - private CipherConfiguration _cipherConfiguration = new CipherConfiguration(); public OpaqueKeyExchangeController( IUserService userService @@ -21,35 +20,32 @@ public class OpaqueKeyExchangeController : Controller { _userService = userService; _bitwardenOpaque = new BitwardenOpaqueServer(); - _cipherConfiguration.KeGroup = KeGroup.Ristretto255; - _cipherConfiguration.OprfCS = OprfCS.Ristretto255; - _cipherConfiguration.KeyExchange = KeyExchange.TripleDH; - _cipherConfiguration.KSF = new Argon2id(3, 256 * 1024, 4); } [HttpPost("~/opaque/start-registration")] - public async Task StartRegistration([FromBody] RegisterStartRequest request) + public async Task StartRegistration([FromBody] OpaqueRegistrationStartRequest request) { var user = await _userService.GetUserByPrincipalAsync(User); - var registrationRequest = _bitwardenOpaque.StartRegistration(_cipherConfiguration, null, System.Convert.FromBase64String(request.ClientRegistrationStartResult), user.Id.ToString()); + var registrationRequest = _bitwardenOpaque.StartRegistration(request.CipherConfiguration, null, System.Convert.FromBase64String(request.RegistrationRequest), user.Id.ToString()); var message = registrationRequest.registrationResponse; var serverSetup = registrationRequest.serverSetup; // persist server setup var sessionId = Guid.NewGuid(); - SessionStore.RegisterSessions.Add(sessionId, new RegisterSession() { SessionId = sessionId, ServerSetup = serverSetup, cipherConfiguration = _cipherConfiguration }); - return new RegisterStartResponse(sessionId, System.Convert.ToBase64String(message)); + SessionStore.RegisterSessions.Add(sessionId, new RegisterSession() { SessionId = sessionId, ServerSetup = serverSetup, cipherConfiguration = request.CipherConfiguration }); + return new OpaqueRegistrationStartResponse(sessionId, System.Convert.ToBase64String(message)); } [HttpPost("~/opaque/finish-registration")] - public async Task FinishRegistration([FromBody] RegisterFinishRequest request) + public async Task FinishRegistration([FromBody] OpaqueRegistrationFinishRequest request) { await Task.Run(() => { - var registrationFinish = _bitwardenOpaque.FinishRegistration(_cipherConfiguration, System.Convert.FromBase64String(request.ClientRegistrationFinishResult)); + var registerSession = SessionStore.RegisterSessions[request.SessionId]; + var registrationFinish = _bitwardenOpaque.FinishRegistration(registerSession.cipherConfiguration, System.Convert.FromBase64String(request.RegistrationUpload)); Console.WriteLine("Registration Finish: " + registrationFinish); }); - return "Registration Finish"; + return ""; } } diff --git a/src/Api/Auth/Models/Request/Opaque/OpaqueRegistrationFinishRequest.cs b/src/Api/Auth/Models/Request/Opaque/OpaqueRegistrationFinishRequest.cs new file mode 100644 index 0000000000..4a3c1fa36a --- /dev/null +++ b/src/Api/Auth/Models/Request/Opaque/OpaqueRegistrationFinishRequest.cs @@ -0,0 +1,23 @@ +using System.ComponentModel.DataAnnotations; + +namespace Bit.Api.Auth.Models.Request.Opaque; + +public class OpaqueRegistrationFinishRequest +{ + [Required] + public String RegistrationUpload { get; set; } + [Required] + public Guid SessionId { get; set; } + + public RotateableKeyset KeySet { get; set; } +} + +public class RotateableKeyset +{ + [Required] + public String EncryptedUserKey { get; set; } + [Required] + public String EncryptedPublicKey { get; set; } + [Required] + public String EncryptedPrivateKey { get; set; } +} diff --git a/src/Api/Auth/Models/Request/Opaque/RegisterStartRequest.cs b/src/Api/Auth/Models/Request/Opaque/OpaqueRegistrationStartRequest.cs similarity index 69% rename from src/Api/Auth/Models/Request/Opaque/RegisterStartRequest.cs rename to src/Api/Auth/Models/Request/Opaque/OpaqueRegistrationStartRequest.cs index 6b9da77220..b6995090c7 100644 --- a/src/Api/Auth/Models/Request/Opaque/RegisterStartRequest.cs +++ b/src/Api/Auth/Models/Request/Opaque/OpaqueRegistrationStartRequest.cs @@ -3,10 +3,10 @@ using Bitwarden.OPAQUE; namespace Bit.Api.Auth.Models.Request.Opaque; -public class RegisterStartRequest +public class OpaqueRegistrationStartRequest { [Required] - public String ClientRegistrationStartResult { get; set; } + public String RegistrationRequest { get; set; } [Required] public CipherConfiguration CipherConfiguration { get; set; } } diff --git a/src/Api/Auth/Models/Request/Opaque/RegisterFinishRequest.cs b/src/Api/Auth/Models/Request/Opaque/RegisterFinishRequest.cs deleted file mode 100644 index def25c7fc0..0000000000 --- a/src/Api/Auth/Models/Request/Opaque/RegisterFinishRequest.cs +++ /dev/null @@ -1,14 +0,0 @@ -namespace Bit.Api.Auth.Models.Request.Opaque; - -public class RegisterFinishRequest -{ - public String ClientRegistrationFinishResult { get; set; } - public Guid SessionId { get; set; } -} - -public class RotateableKeyset -{ - public String EncryptedUserKey { get; set; } - public String EncryptedPublicKey { get; set; } - public String EncryptedPrivateKey { get; set; } -} diff --git a/src/Api/Auth/Models/Response/Opaque/OpaqueRegistrationStartResponse.cs b/src/Api/Auth/Models/Response/Opaque/OpaqueRegistrationStartResponse.cs new file mode 100644 index 0000000000..0560d4440e --- /dev/null +++ b/src/Api/Auth/Models/Response/Opaque/OpaqueRegistrationStartResponse.cs @@ -0,0 +1,17 @@ +using Bit.Core.Models.Api; + +namespace Bit.Api.Auth.Models.Response.Opaque; + +public class OpaqueRegistrationStartResponse : ResponseModel +{ + public OpaqueRegistrationStartResponse(Guid sessionId, string registrationResponse, string obj = "register-start-response") + : base(obj) + { + RegistrationResponse = registrationResponse; + SessionId = sessionId; + } + + public String RegistrationResponse { get; set; } + public Guid SessionId { get; set; } +} + diff --git a/src/Api/Auth/Models/Response/Opaque/RegisterStartResponse.cs b/src/Api/Auth/Models/Response/Opaque/RegisterStartResponse.cs deleted file mode 100644 index 11f05b8965..0000000000 --- a/src/Api/Auth/Models/Response/Opaque/RegisterStartResponse.cs +++ /dev/null @@ -1,17 +0,0 @@ -using Bit.Core.Models.Api; - -namespace Bit.Api.Auth.Models.Response.Opaque; - -public class RegisterStartResponse : ResponseModel -{ - public RegisterStartResponse(Guid sessionId, string serverRegistrationStartResult, string obj = "register-start-response") - : base(obj) - { - ServerRegistrationStartResult = serverRegistrationStartResult; - SessionId = sessionId; - } - - public String ServerRegistrationStartResult { get; set; } - public Guid SessionId { get; set; } -} -