1use bitwarden_api_api::models::CipherPassportModel;
2use bitwarden_core::key_management::{KeySlotIds, SymmetricKeySlotId};
3use bitwarden_crypto::{
4 CompositeEncryptable, CryptoError, Decryptable, EncString, KeyStoreContext,
5 PrimitiveEncryptable,
6};
7use serde::{Deserialize, Serialize};
8#[cfg(feature = "wasm")]
9use tsify::Tsify;
10
11use super::cipher::CipherKind;
12use crate::{Cipher, VaultParseError, cipher::cipher::CopyableCipherFields};
13
14#[derive(Serialize, Deserialize, Debug, Clone)]
15#[serde(rename_all = "camelCase")]
16#[cfg_attr(feature = "uniffi", derive(uniffi::Record))]
17#[cfg_attr(feature = "wasm", derive(Tsify), tsify(into_wasm_abi, from_wasm_abi))]
18pub struct Passport {
19 pub surname: Option<EncString>,
20 pub given_name: Option<EncString>,
21 pub date_of_birth: Option<EncString>,
22 pub sex: Option<EncString>,
23 pub birth_place: Option<EncString>,
24 pub nationality: Option<EncString>,
25 pub issuing_country: Option<EncString>,
26 pub passport_number: Option<EncString>,
27 pub passport_type: Option<EncString>,
28 pub national_identification_number: Option<EncString>,
29 pub issuing_authority: Option<EncString>,
30 pub issue_date: Option<EncString>,
31 pub expiration_date: Option<EncString>,
32}
33
34#[allow(missing_docs)]
35#[derive(Serialize, Deserialize, Debug, Clone, Default, PartialEq)]
36#[serde(rename_all = "camelCase", deny_unknown_fields)]
37#[cfg_attr(feature = "uniffi", derive(uniffi::Record))]
38#[cfg_attr(feature = "wasm", derive(Tsify), tsify(into_wasm_abi, from_wasm_abi))]
39pub struct PassportView {
40 pub surname: Option<String>,
41 pub given_name: Option<String>,
42 pub date_of_birth: Option<String>,
43 pub sex: Option<String>,
44 pub birth_place: Option<String>,
45 pub nationality: Option<String>,
46 pub issuing_country: Option<String>,
47 pub passport_number: Option<String>,
48 pub passport_type: Option<String>,
49 pub national_identification_number: Option<String>,
50 pub issuing_authority: Option<String>,
51 pub issue_date: Option<String>,
52 pub expiration_date: Option<String>,
53}
54
55impl CompositeEncryptable<KeySlotIds, SymmetricKeySlotId, Passport> for PassportView {
56 fn encrypt_composite(
57 &self,
58 ctx: &mut KeyStoreContext<KeySlotIds>,
59 key: SymmetricKeySlotId,
60 ) -> Result<Passport, CryptoError> {
61 Ok(Passport {
62 surname: self.surname.encrypt(ctx, key)?,
63 given_name: self.given_name.encrypt(ctx, key)?,
64 date_of_birth: self.date_of_birth.encrypt(ctx, key)?,
65 sex: self.sex.encrypt(ctx, key)?,
66 birth_place: self.birth_place.encrypt(ctx, key)?,
67 nationality: self.nationality.encrypt(ctx, key)?,
68 issuing_country: self.issuing_country.encrypt(ctx, key)?,
69 passport_number: self.passport_number.encrypt(ctx, key)?,
70 passport_type: self.passport_type.encrypt(ctx, key)?,
71 national_identification_number: self
72 .national_identification_number
73 .encrypt(ctx, key)?,
74 issuing_authority: self.issuing_authority.encrypt(ctx, key)?,
75 issue_date: self.issue_date.encrypt(ctx, key)?,
76 expiration_date: self.expiration_date.encrypt(ctx, key)?,
77 })
78 }
79}
80
81impl Decryptable<KeySlotIds, SymmetricKeySlotId, PassportView> for Passport {
82 fn decrypt(
83 &self,
84 ctx: &mut KeyStoreContext<KeySlotIds>,
85 key: SymmetricKeySlotId,
86 ) -> Result<PassportView, CryptoError> {
87 Ok(PassportView {
88 surname: self.surname.decrypt(ctx, key).ok().flatten(),
89 given_name: self.given_name.decrypt(ctx, key).ok().flatten(),
90 date_of_birth: self.date_of_birth.decrypt(ctx, key).ok().flatten(),
91 sex: self.sex.decrypt(ctx, key).ok().flatten(),
92 birth_place: self.birth_place.decrypt(ctx, key).ok().flatten(),
93 nationality: self.nationality.decrypt(ctx, key).ok().flatten(),
94 issuing_country: self.issuing_country.decrypt(ctx, key).ok().flatten(),
95 passport_number: self.passport_number.decrypt(ctx, key).ok().flatten(),
96 passport_type: self.passport_type.decrypt(ctx, key).ok().flatten(),
97 national_identification_number: self
98 .national_identification_number
99 .decrypt(ctx, key)
100 .ok()
101 .flatten(),
102 issuing_authority: self.issuing_authority.decrypt(ctx, key).ok().flatten(),
103 issue_date: self.issue_date.decrypt(ctx, key).ok().flatten(),
104 expiration_date: self.expiration_date.decrypt(ctx, key).ok().flatten(),
105 })
106 }
107}
108
109impl CipherKind for Passport {
110 fn decrypt_subtitle(
111 &self,
112 ctx: &mut KeyStoreContext<KeySlotIds>,
113 key: SymmetricKeySlotId,
114 ) -> Result<String, CryptoError> {
115 let given_name: Option<String> = self
116 .given_name
117 .as_ref()
118 .map(|g| g.decrypt(ctx, key))
119 .transpose()?;
120 let surname: Option<String> = self
121 .surname
122 .as_ref()
123 .map(|s| s.decrypt(ctx, key))
124 .transpose()?;
125 let parts: Vec<String> = [given_name, surname]
126 .into_iter()
127 .flatten()
128 .filter(|s| !s.is_empty())
129 .collect();
130 Ok(parts.join(" "))
131 }
132
133 fn get_copyable_fields(&self, _: Option<&Cipher>) -> Vec<CopyableCipherFields> {
134 [
135 self.given_name
136 .as_ref()
137 .map(|_| CopyableCipherFields::PassportGivenName),
138 self.surname
139 .as_ref()
140 .map(|_| CopyableCipherFields::PassportSurname),
141 self.passport_number
142 .as_ref()
143 .map(|_| CopyableCipherFields::PassportPassportNumber),
144 self.national_identification_number
145 .as_ref()
146 .map(|_| CopyableCipherFields::PassportNationalIdentificationNumber),
147 ]
148 .into_iter()
149 .flatten()
150 .collect()
151 }
152}
153
154impl TryFrom<CipherPassportModel> for Passport {
155 type Error = VaultParseError;
156
157 fn try_from(passport: CipherPassportModel) -> Result<Self, Self::Error> {
158 Ok(Self {
159 surname: EncString::try_from_optional(passport.surname)?,
160 given_name: EncString::try_from_optional(passport.given_name)?,
161 date_of_birth: EncString::try_from_optional(passport.date_of_birth)?,
162 sex: EncString::try_from_optional(passport.sex)?,
163 birth_place: EncString::try_from_optional(passport.birth_place)?,
164 nationality: EncString::try_from_optional(passport.nationality)?,
165 issuing_country: EncString::try_from_optional(passport.issuing_country)?,
166 passport_number: EncString::try_from_optional(passport.passport_number)?,
167 passport_type: EncString::try_from_optional(passport.passport_type)?,
168 national_identification_number: EncString::try_from_optional(
169 passport.national_identification_number,
170 )?,
171 issuing_authority: EncString::try_from_optional(passport.issuing_authority)?,
172 issue_date: EncString::try_from_optional(passport.issue_date)?,
173 expiration_date: EncString::try_from_optional(passport.expiration_date)?,
174 })
175 }
176}
177
178impl From<Passport> for CipherPassportModel {
179 fn from(passport: Passport) -> Self {
180 Self {
181 surname: passport.surname.map(|n| n.to_string()),
182 given_name: passport.given_name.map(|n| n.to_string()),
183 date_of_birth: passport.date_of_birth.map(|n| n.to_string()),
184 sex: passport.sex.map(|n| n.to_string()),
185 birth_place: passport.birth_place.map(|n| n.to_string()),
186 nationality: passport.nationality.map(|n| n.to_string()),
187 issuing_country: passport.issuing_country.map(|n| n.to_string()),
188 passport_number: passport.passport_number.map(|n| n.to_string()),
189 passport_type: passport.passport_type.map(|n| n.to_string()),
190 national_identification_number: passport
191 .national_identification_number
192 .map(|n| n.to_string()),
193 issuing_authority: passport.issuing_authority.map(|n| n.to_string()),
194 issue_date: passport.issue_date.map(|n| n.to_string()),
195 expiration_date: passport.expiration_date.map(|n| n.to_string()),
196 }
197 }
198}
199
200#[cfg(test)]
201mod tests {
202 use bitwarden_core::key_management::create_test_crypto_with_user_key;
203 use bitwarden_crypto::SymmetricCryptoKey;
204
205 use super::*;
206 use crate::cipher::cipher::CopyableCipherFields;
207
208 const TEST_VECTOR_PASSPORT_KEY: &str =
209 "eG6fDUuqSQFpX6ACdw2u65PkLKDiOk9aQfUgUC/BTU3+UFpAPP/CtE7b+ZdeK3SC2z5+rWvhm537jV3qIbzIBA==";
210 const TEST_VECTOR_PASSPORT_JSON: &str = r#"{"surname":"2.eQaSEApRodSjkXYijwVKog==|2gQz6ddMxUt3p400Axj43w==|XR6WmolSiIMD/DhF0SBZr7Qjb56fgSlQWyH8fb8LiL4=","givenName":"2.hS8vFkgoKxe31l8tOJT6vA==|DuciBPcIw4TgX7kobPc6dQ==|oRbxAqSJx5T5KBcPLhHhhJnQKjE5FjORIe9K41rXJKg=","dateOfBirth":"2.EQAdb/+PO6qGNTqYaufPYw==|dbUIcfU2w+zrtbxKcx1j2w==|F7AVClD4oXjS+1bqZtF8ociq/Gk8gPCi7cvtvjRNhF4=","sex":"2.pz3uUyCEKc5+1njtMm3lwg==|vB2Nyw9Dp/xKoTt/qPe30Q==|GuVXp0o6dxpV3iEdi2ifR5dTTd8XsiGE7LYFrpKVIIs=","birthPlace":"2.lGurnrRwJlAjugpdo9CdxQ==|kHdvvlXOsdgUNAMfUvIMoQ==|7pX2hZqP9S8srwEEzlZ2ZZCC2LUUzTiaHT/WBrPzb4A=","nationality":"2.0+Mjb6gfkirfw/cmHNIT8g==|GFLjpeEbID6jBS3a7/vvEA==|k0v1ArEI+iApsSj9UtucdsWD4hoM6vUjlHvRCI7bIz8=","issuingCountry":"2.PQhrBI1z8AJSzU9C07RkFA==|5OP/JHxFhEF/P8sKaTmwuA==|07Bfry57nZRyejesniXXt4xhgr4CN2JOSLVUHoDRL8Q=","passportNumber":"2.W+F0jcn8wY3W5d91zPwMTQ==|ny+5nUgNuiZ3SJR3Xbvsgg==|haWOAdcDbhs95hOsFknn5ABFbYm9B0Z7DoLN1hLaYEk=","passportType":"2.HO4v3tQ0QjZfazo5NxleZA==|fra59Rz9NKyrhoasK0UrEg==|n30Gb2pqLWtM8dzkfhsels76k9+7oWWqicK4kA10Hlw=","nationalIdentificationNumber":"2.+8kGWruSfQMZdXeB3X2s8Q==|KJp8B2lLNrmBFsCjN0u5dw==|zgW3uKX75k8/oFiEJEoXbcqeqiNI2jZZEeR8VQjF4jE=","issuingAuthority":"2.vDHido+bznW03M/CM9uY8g==|ryQ4ohHijQeEI8Fh3Rv1tA1eeCUqCsMuIGdGawJzSmo=|XbH99VX1LqpgVwzom6aHTsEUgoe5NekwRi0Fg7fKD8o=","issueDate":"2.rvY/6OVEEGxhLVMgFhT4gQ==|9/g9m7753eM2B3m6raLghw==|IsVUOXJ5r/J/P5M2kq5MJ7viDVZbkMP2opggVCiImmY=","expirationDate":"2.yIMuc7J5yxerSuZaYY0sbQ==|VIGDsMYFoUmJaVZ/ZR+gtg==|rMWvQHK24zUqZQnJgTNL58W71/ZJA/Dx3ernx4JRVVQ="}"#;
211
212 fn test_passport_view() -> PassportView {
213 PassportView {
214 surname: Some("Doe".to_string()),
215 given_name: Some("Jane".to_string()),
216 date_of_birth: Some("1990-01-01".to_string()),
217 sex: Some("F".to_string()),
218 birth_place: Some("New York".to_string()),
219 nationality: Some("American".to_string()),
220 issuing_country: Some("US".to_string()),
221 passport_number: Some("P12345678".to_string()),
222 passport_type: Some("P".to_string()),
223 national_identification_number: Some("123-45-6789".to_string()),
224 issuing_authority: Some("US State Department".to_string()),
225 issue_date: Some("2020-01-01".to_string()),
226 expiration_date: Some("2030-01-01".to_string()),
227 }
228 }
229
230 #[test]
231 #[ignore]
232 fn generate_test_vector() {
233 let key = SymmetricCryptoKey::make_aes256_cbc_hmac_key();
234 let key_b64 = key.to_base64();
235 let key_store = create_test_crypto_with_user_key(key);
236 let key_slot = SymmetricKeySlotId::User;
237 let mut ctx = key_store.context();
238
239 let encrypted = test_passport_view()
240 .encrypt_composite(&mut ctx, key_slot)
241 .unwrap();
242 let json = serde_json::to_string(&encrypted).unwrap();
243
244 println!("const TEST_VECTOR_PASSPORT_KEY: &str = \"{key_b64}\";");
245 println!("const TEST_VECTOR_PASSPORT_JSON: &str = r#\"{json}\"#;");
246 }
247
248 #[test]
249 fn test_recorded_passport_test_vector() {
250 let key = SymmetricCryptoKey::try_from(TEST_VECTOR_PASSPORT_KEY.to_string())
251 .expect("valid test key");
252 let key_store = create_test_crypto_with_user_key(key);
253 let key_slot = SymmetricKeySlotId::User;
254 let mut ctx = key_store.context();
255
256 let encrypted: Passport =
257 serde_json::from_str(TEST_VECTOR_PASSPORT_JSON).expect("valid test vector JSON");
258 let decrypted: PassportView = encrypted
259 .decrypt(&mut ctx, key_slot)
260 .expect("Passport has changed in a backwards-incompatible way. Existing encrypted data must remain decryptable. If a new format is needed, create a new version instead of modifying the existing one.");
261
262 assert_eq!(decrypted, test_passport_view());
263 }
264
265 #[test]
266 fn test_subtitle_passport() {
267 let key = SymmetricCryptoKey::try_from("hvBMMb1t79YssFZkpetYsM3deyVuQv4r88Uj9gvYe0+G8EwxvW3v1iywVmSl61iwzd17JW5C/ivzxSP2C9h7Tw==".to_string()).unwrap();
268 let key_store = create_test_crypto_with_user_key(key);
269 let key = SymmetricKeySlotId::User;
270 let mut ctx = key_store.context();
271
272 let given_name_encrypted = "Jane".to_owned().encrypt(&mut ctx, key).unwrap();
273 let surname_encrypted = "Doe".to_owned().encrypt(&mut ctx, key).unwrap();
274
275 let passport = Passport {
276 surname: Some(surname_encrypted),
277 given_name: Some(given_name_encrypted),
278 date_of_birth: None,
279 sex: None,
280 birth_place: None,
281 nationality: None,
282 issuing_country: None,
283 passport_number: None,
284 passport_type: None,
285 national_identification_number: None,
286 issuing_authority: None,
287 issue_date: None,
288 expiration_date: None,
289 };
290
291 assert_eq!(
292 passport.decrypt_subtitle(&mut ctx, key).unwrap(),
293 "Jane Doe".to_string()
294 );
295 }
296
297 #[test]
298 fn test_get_copyable_fields_passport() {
299 let enc_str: EncString = "2.tMIugb6zQOL+EuOizna1wQ==|W5dDLoNJtajN68yeOjrr6w==|qS4hwJB0B0gNLI0o+jxn+sKMBmvtVgJCRYNEXBZoGeE=".parse().unwrap();
300
301 let passport = Passport {
302 surname: Some(enc_str.clone()),
303 given_name: Some(enc_str.clone()),
304 date_of_birth: Some(enc_str.clone()),
305 sex: Some(enc_str.clone()),
306 birth_place: Some(enc_str.clone()),
307 nationality: Some(enc_str.clone()),
308 issuing_country: Some(enc_str.clone()),
309 passport_number: Some(enc_str.clone()),
310 passport_type: Some(enc_str.clone()),
311 national_identification_number: Some(enc_str.clone()),
312 issuing_authority: Some(enc_str.clone()),
313 issue_date: Some(enc_str.clone()),
314 expiration_date: Some(enc_str),
315 };
316
317 let copyable_fields = passport.get_copyable_fields(None);
318 assert_eq!(
319 copyable_fields,
320 vec![
321 CopyableCipherFields::PassportGivenName,
322 CopyableCipherFields::PassportSurname,
323 CopyableCipherFields::PassportPassportNumber,
324 CopyableCipherFields::PassportNationalIdentificationNumber,
325 ]
326 );
327 }
328}