1use bitwarden_api_api::models::CipherPassportModel;
2use bitwarden_core::key_management::{KeySlotIds, SymmetricKeySlotId};
3use bitwarden_crypto::{
4 CompositeEncryptable, CryptoError, Decryptable, EncString, KeyStoreContext,
5 PrimitiveEncryptable,
6};
7use serde::{Deserialize, Serialize};
8#[cfg(feature = "wasm")]
9use tsify::Tsify;
10
11use super::cipher::CipherKind;
12use crate::{Cipher, VaultParseError, cipher::cipher::CopyableCipherFields};
13
14#[derive(Serialize, Deserialize, Debug, Clone)]
15#[serde(rename_all = "camelCase")]
16#[cfg_attr(feature = "uniffi", derive(uniffi::Record))]
17#[cfg_attr(feature = "wasm", derive(Tsify), tsify(into_wasm_abi, from_wasm_abi))]
18pub struct Passport {
19 pub surname: Option<EncString>,
20 pub given_name: Option<EncString>,
21 pub date_of_birth: Option<EncString>,
22 pub sex: Option<EncString>,
23 pub birth_place: Option<EncString>,
24 pub nationality: Option<EncString>,
25 pub issuing_country: Option<EncString>,
26 pub passport_number: Option<EncString>,
27 pub passport_type: Option<EncString>,
28 pub national_identification_number: Option<EncString>,
29 pub issuing_authority: Option<EncString>,
30 pub issue_date: Option<EncString>,
31 pub expiration_date: Option<EncString>,
32}
33
34#[allow(missing_docs)]
35#[derive(Serialize, Deserialize, Debug, Clone, Default, PartialEq)]
36#[serde(rename_all = "camelCase", deny_unknown_fields)]
37#[cfg_attr(feature = "uniffi", derive(uniffi::Record))]
38#[cfg_attr(feature = "wasm", derive(Tsify), tsify(into_wasm_abi, from_wasm_abi))]
39pub struct PassportView {
40 pub surname: Option<String>,
41 pub given_name: Option<String>,
42 pub date_of_birth: Option<String>,
43 pub sex: Option<String>,
44 pub birth_place: Option<String>,
45 pub nationality: Option<String>,
46 pub issuing_country: Option<String>,
47 pub passport_number: Option<String>,
48 pub passport_type: Option<String>,
49 pub national_identification_number: Option<String>,
50 pub issuing_authority: Option<String>,
51 pub issue_date: Option<String>,
52 pub expiration_date: Option<String>,
53}
54
55impl CompositeEncryptable<KeySlotIds, SymmetricKeySlotId, Passport> for PassportView {
56 fn encrypt_composite(
57 &self,
58 ctx: &mut KeyStoreContext<KeySlotIds>,
59 key: SymmetricKeySlotId,
60 ) -> Result<Passport, CryptoError> {
61 Ok(Passport {
62 surname: self.surname.encrypt(ctx, key)?,
63 given_name: self.given_name.encrypt(ctx, key)?,
64 date_of_birth: self.date_of_birth.encrypt(ctx, key)?,
65 sex: self.sex.encrypt(ctx, key)?,
66 birth_place: self.birth_place.encrypt(ctx, key)?,
67 nationality: self.nationality.encrypt(ctx, key)?,
68 issuing_country: self.issuing_country.encrypt(ctx, key)?,
69 passport_number: self.passport_number.encrypt(ctx, key)?,
70 passport_type: self.passport_type.encrypt(ctx, key)?,
71 national_identification_number: self
72 .national_identification_number
73 .encrypt(ctx, key)?,
74 issuing_authority: self.issuing_authority.encrypt(ctx, key)?,
75 issue_date: self.issue_date.encrypt(ctx, key)?,
76 expiration_date: self.expiration_date.encrypt(ctx, key)?,
77 })
78 }
79}
80
81impl Decryptable<KeySlotIds, SymmetricKeySlotId, PassportView> for Passport {
82 fn decrypt(
83 &self,
84 ctx: &mut KeyStoreContext<KeySlotIds>,
85 key: SymmetricKeySlotId,
86 ) -> Result<PassportView, CryptoError> {
87 Ok(PassportView {
88 surname: self.surname.decrypt(ctx, key).ok().flatten(),
89 given_name: self.given_name.decrypt(ctx, key).ok().flatten(),
90 date_of_birth: self.date_of_birth.decrypt(ctx, key).ok().flatten(),
91 sex: self.sex.decrypt(ctx, key).ok().flatten(),
92 birth_place: self.birth_place.decrypt(ctx, key).ok().flatten(),
93 nationality: self.nationality.decrypt(ctx, key).ok().flatten(),
94 issuing_country: self.issuing_country.decrypt(ctx, key).ok().flatten(),
95 passport_number: self.passport_number.decrypt(ctx, key).ok().flatten(),
96 passport_type: self.passport_type.decrypt(ctx, key).ok().flatten(),
97 national_identification_number: self
98 .national_identification_number
99 .decrypt(ctx, key)
100 .ok()
101 .flatten(),
102 issuing_authority: self.issuing_authority.decrypt(ctx, key).ok().flatten(),
103 issue_date: self.issue_date.decrypt(ctx, key).ok().flatten(),
104 expiration_date: self.expiration_date.decrypt(ctx, key).ok().flatten(),
105 })
106 }
107}
108
109impl CipherKind for Passport {
110 fn decrypt_subtitle(
111 &self,
112 ctx: &mut KeyStoreContext<KeySlotIds>,
113 key: SymmetricKeySlotId,
114 ) -> Result<String, CryptoError> {
115 let given_name: Option<String> = self
116 .given_name
117 .as_ref()
118 .map(|g| g.decrypt(ctx, key))
119 .transpose()?;
120 let surname: Option<String> = self
121 .surname
122 .as_ref()
123 .map(|s| s.decrypt(ctx, key))
124 .transpose()?;
125 let parts: Vec<String> = [given_name, surname]
126 .into_iter()
127 .flatten()
128 .filter(|s| !s.is_empty())
129 .collect();
130 Ok(parts.join(" "))
131 }
132
133 fn get_copyable_fields(&self, _: Option<&Cipher>) -> Vec<CopyableCipherFields> {
134 [self
135 .passport_number
136 .as_ref()
137 .map(|_| CopyableCipherFields::PassportPassportNumber)]
138 .into_iter()
139 .flatten()
140 .collect()
141 }
142}
143
144impl TryFrom<CipherPassportModel> for Passport {
145 type Error = VaultParseError;
146
147 fn try_from(passport: CipherPassportModel) -> Result<Self, Self::Error> {
148 Ok(Self {
149 surname: EncString::try_from_optional(passport.surname)?,
150 given_name: EncString::try_from_optional(passport.given_name)?,
151 date_of_birth: EncString::try_from_optional(passport.date_of_birth)?,
152 sex: EncString::try_from_optional(passport.sex)?,
153 birth_place: EncString::try_from_optional(passport.birth_place)?,
154 nationality: EncString::try_from_optional(passport.nationality)?,
155 issuing_country: EncString::try_from_optional(passport.issuing_country)?,
156 passport_number: EncString::try_from_optional(passport.passport_number)?,
157 passport_type: EncString::try_from_optional(passport.passport_type)?,
158 national_identification_number: EncString::try_from_optional(
159 passport.national_identification_number,
160 )?,
161 issuing_authority: EncString::try_from_optional(passport.issuing_authority)?,
162 issue_date: EncString::try_from_optional(passport.issue_date)?,
163 expiration_date: EncString::try_from_optional(passport.expiration_date)?,
164 })
165 }
166}
167
168impl From<Passport> for CipherPassportModel {
169 fn from(passport: Passport) -> Self {
170 Self {
171 surname: passport.surname.map(|n| n.to_string()),
172 given_name: passport.given_name.map(|n| n.to_string()),
173 date_of_birth: passport.date_of_birth.map(|n| n.to_string()),
174 sex: passport.sex.map(|n| n.to_string()),
175 birth_place: passport.birth_place.map(|n| n.to_string()),
176 nationality: passport.nationality.map(|n| n.to_string()),
177 issuing_country: passport.issuing_country.map(|n| n.to_string()),
178 passport_number: passport.passport_number.map(|n| n.to_string()),
179 passport_type: passport.passport_type.map(|n| n.to_string()),
180 national_identification_number: passport
181 .national_identification_number
182 .map(|n| n.to_string()),
183 issuing_authority: passport.issuing_authority.map(|n| n.to_string()),
184 issue_date: passport.issue_date.map(|n| n.to_string()),
185 expiration_date: passport.expiration_date.map(|n| n.to_string()),
186 }
187 }
188}
189
190#[cfg(test)]
191mod tests {
192 use bitwarden_core::key_management::create_test_crypto_with_user_key;
193 use bitwarden_crypto::SymmetricCryptoKey;
194
195 use super::*;
196 use crate::cipher::cipher::CopyableCipherFields;
197
198 const TEST_VECTOR_PASSPORT_KEY: &str =
199 "eG6fDUuqSQFpX6ACdw2u65PkLKDiOk9aQfUgUC/BTU3+UFpAPP/CtE7b+ZdeK3SC2z5+rWvhm537jV3qIbzIBA==";
200 const TEST_VECTOR_PASSPORT_JSON: &str = r#"{"surname":"2.eQaSEApRodSjkXYijwVKog==|2gQz6ddMxUt3p400Axj43w==|XR6WmolSiIMD/DhF0SBZr7Qjb56fgSlQWyH8fb8LiL4=","givenName":"2.hS8vFkgoKxe31l8tOJT6vA==|DuciBPcIw4TgX7kobPc6dQ==|oRbxAqSJx5T5KBcPLhHhhJnQKjE5FjORIe9K41rXJKg=","dateOfBirth":"2.EQAdb/+PO6qGNTqYaufPYw==|dbUIcfU2w+zrtbxKcx1j2w==|F7AVClD4oXjS+1bqZtF8ociq/Gk8gPCi7cvtvjRNhF4=","sex":"2.pz3uUyCEKc5+1njtMm3lwg==|vB2Nyw9Dp/xKoTt/qPe30Q==|GuVXp0o6dxpV3iEdi2ifR5dTTd8XsiGE7LYFrpKVIIs=","birthPlace":"2.lGurnrRwJlAjugpdo9CdxQ==|kHdvvlXOsdgUNAMfUvIMoQ==|7pX2hZqP9S8srwEEzlZ2ZZCC2LUUzTiaHT/WBrPzb4A=","nationality":"2.0+Mjb6gfkirfw/cmHNIT8g==|GFLjpeEbID6jBS3a7/vvEA==|k0v1ArEI+iApsSj9UtucdsWD4hoM6vUjlHvRCI7bIz8=","issuingCountry":"2.PQhrBI1z8AJSzU9C07RkFA==|5OP/JHxFhEF/P8sKaTmwuA==|07Bfry57nZRyejesniXXt4xhgr4CN2JOSLVUHoDRL8Q=","passportNumber":"2.W+F0jcn8wY3W5d91zPwMTQ==|ny+5nUgNuiZ3SJR3Xbvsgg==|haWOAdcDbhs95hOsFknn5ABFbYm9B0Z7DoLN1hLaYEk=","passportType":"2.HO4v3tQ0QjZfazo5NxleZA==|fra59Rz9NKyrhoasK0UrEg==|n30Gb2pqLWtM8dzkfhsels76k9+7oWWqicK4kA10Hlw=","nationalIdentificationNumber":"2.+8kGWruSfQMZdXeB3X2s8Q==|KJp8B2lLNrmBFsCjN0u5dw==|zgW3uKX75k8/oFiEJEoXbcqeqiNI2jZZEeR8VQjF4jE=","issuingAuthority":"2.vDHido+bznW03M/CM9uY8g==|ryQ4ohHijQeEI8Fh3Rv1tA1eeCUqCsMuIGdGawJzSmo=|XbH99VX1LqpgVwzom6aHTsEUgoe5NekwRi0Fg7fKD8o=","issueDate":"2.rvY/6OVEEGxhLVMgFhT4gQ==|9/g9m7753eM2B3m6raLghw==|IsVUOXJ5r/J/P5M2kq5MJ7viDVZbkMP2opggVCiImmY=","expirationDate":"2.yIMuc7J5yxerSuZaYY0sbQ==|VIGDsMYFoUmJaVZ/ZR+gtg==|rMWvQHK24zUqZQnJgTNL58W71/ZJA/Dx3ernx4JRVVQ="}"#;
201
202 fn test_passport_view() -> PassportView {
203 PassportView {
204 surname: Some("Doe".to_string()),
205 given_name: Some("Jane".to_string()),
206 date_of_birth: Some("1990-01-01".to_string()),
207 sex: Some("F".to_string()),
208 birth_place: Some("New York".to_string()),
209 nationality: Some("American".to_string()),
210 issuing_country: Some("US".to_string()),
211 passport_number: Some("P12345678".to_string()),
212 passport_type: Some("P".to_string()),
213 national_identification_number: Some("123-45-6789".to_string()),
214 issuing_authority: Some("US State Department".to_string()),
215 issue_date: Some("2020-01-01".to_string()),
216 expiration_date: Some("2030-01-01".to_string()),
217 }
218 }
219
220 #[test]
221 #[ignore]
222 fn generate_test_vector() {
223 let key = SymmetricCryptoKey::make_aes256_cbc_hmac_key();
224 let key_b64 = key.to_base64();
225 let key_store = create_test_crypto_with_user_key(key);
226 let key_slot = SymmetricKeySlotId::User;
227 let mut ctx = key_store.context();
228
229 let encrypted = test_passport_view()
230 .encrypt_composite(&mut ctx, key_slot)
231 .unwrap();
232 let json = serde_json::to_string(&encrypted).unwrap();
233
234 println!("const TEST_VECTOR_PASSPORT_KEY: &str = \"{key_b64}\";");
235 println!("const TEST_VECTOR_PASSPORT_JSON: &str = r#\"{json}\"#;");
236 }
237
238 #[test]
239 fn test_recorded_passport_test_vector() {
240 let key = SymmetricCryptoKey::try_from(TEST_VECTOR_PASSPORT_KEY.to_string())
241 .expect("valid test key");
242 let key_store = create_test_crypto_with_user_key(key);
243 let key_slot = SymmetricKeySlotId::User;
244 let mut ctx = key_store.context();
245
246 let encrypted: Passport =
247 serde_json::from_str(TEST_VECTOR_PASSPORT_JSON).expect("valid test vector JSON");
248 let decrypted: PassportView = encrypted
249 .decrypt(&mut ctx, key_slot)
250 .expect("Passport has changed in a backwards-incompatible way. Existing encrypted data must remain decryptable. If a new format is needed, create a new version instead of modifying the existing one.");
251
252 assert_eq!(decrypted, test_passport_view());
253 }
254
255 #[test]
256 fn test_subtitle_passport() {
257 let key = SymmetricCryptoKey::try_from("hvBMMb1t79YssFZkpetYsM3deyVuQv4r88Uj9gvYe0+G8EwxvW3v1iywVmSl61iwzd17JW5C/ivzxSP2C9h7Tw==".to_string()).unwrap();
258 let key_store = create_test_crypto_with_user_key(key);
259 let key = SymmetricKeySlotId::User;
260 let mut ctx = key_store.context();
261
262 let given_name_encrypted = "Jane".to_owned().encrypt(&mut ctx, key).unwrap();
263 let surname_encrypted = "Doe".to_owned().encrypt(&mut ctx, key).unwrap();
264
265 let passport = Passport {
266 surname: Some(surname_encrypted),
267 given_name: Some(given_name_encrypted),
268 date_of_birth: None,
269 sex: None,
270 birth_place: None,
271 nationality: None,
272 issuing_country: None,
273 passport_number: None,
274 passport_type: None,
275 national_identification_number: None,
276 issuing_authority: None,
277 issue_date: None,
278 expiration_date: None,
279 };
280
281 assert_eq!(
282 passport.decrypt_subtitle(&mut ctx, key).unwrap(),
283 "Jane Doe".to_string()
284 );
285 }
286
287 #[test]
288 fn test_get_copyable_fields_passport() {
289 let enc_str: EncString = "2.tMIugb6zQOL+EuOizna1wQ==|W5dDLoNJtajN68yeOjrr6w==|qS4hwJB0B0gNLI0o+jxn+sKMBmvtVgJCRYNEXBZoGeE=".parse().unwrap();
290
291 let passport = Passport {
292 surname: Some(enc_str.clone()),
293 given_name: Some(enc_str.clone()),
294 date_of_birth: Some(enc_str.clone()),
295 sex: Some(enc_str.clone()),
296 birth_place: Some(enc_str.clone()),
297 nationality: Some(enc_str.clone()),
298 issuing_country: Some(enc_str.clone()),
299 passport_number: Some(enc_str.clone()),
300 passport_type: Some(enc_str.clone()),
301 national_identification_number: Some(enc_str.clone()),
302 issuing_authority: Some(enc_str.clone()),
303 issue_date: Some(enc_str.clone()),
304 expiration_date: Some(enc_str),
305 };
306
307 let copyable_fields = passport.get_copyable_fields(None);
308 assert_eq!(
309 copyable_fields,
310 vec![CopyableCipherFields::PassportPassportNumber,]
311 );
312 }
313}