[PM-22263] Integate Rust SDK to Seeder (#6150)

Adds a Rust SDK for performing seed related cryptograhic operations. It depends on internal portions of our Rust SDK. Primarily parts of the bitwarden-crypto crate.

Author: Hinton

.github/CODEOWNERS

@@ -96,6 +96,9 @@ src/Admin/Views/Tools @bitwarden/team-billing-dev
 # The PushType enum is expected to be editted by anyone without need for Platform review
 src/Core/Platform/Push/PushType.cs
 
+# SDK
+util/RustSdk @bitwarden/team-sdk-sme
+
 # Multiple owners - DO NOT REMOVE (BRE)
 **/packages.lock.json
 Directory.Build.props

.github/renovate.json5

@@ -2,13 +2,19 @@
   $schema: "https://docs.renovatebot.com/renovate-schema.json",
   extends: ["github>bitwarden/renovate-config"], // Extends our default configuration for pinned dependencies
   enabledManagers: [
+    "cargo",
     "dockerfile",
     "docker-compose",
     "github-actions",
     "npm",
     "nuget",
   ],
   packageRules: [
+    {
+      groupName: "cargo minor",
+      matchManagers: ["cargo"],
+      matchUpdateTypes: ["minor"],
+    },
     {
       groupName: "dockerfile minor",
       matchManagers: ["dockerfile"],

.github/workflows/test.yml

@@ -32,6 +32,14 @@ jobs:
       - name: Set up .NET
         uses: actions/setup-dotnet@d4c94342e560b34958eacfc5d055d21461ed1c5d # v5.0.0
 
+      - name: Install rust
+        uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b # stable
+        with:
+          toolchain: stable
+
+      - name: Cache cargo registry
+        uses: Swatinem/rust-cache@f0deed1e0edfc6a9be95417288c0e1099b1eeec3 # v2.7.7
+
       - name: Print environment
         run: |
           dotnet --info

.gitignore

@@ -216,6 +216,8 @@ bitwarden_license/src/Sso/wwwroot/assets
 .mono
 src/Core/MailTemplates/Mjml/out
 src/Core/MailTemplates/Mjml/out-hbs
+NativeMethods.g.cs
+util/RustSdk/rust/target
 
 src/Admin/Admin.zip
 src/Api/Api.zip

bitwarden-server.sln

@@ -133,6 +133,7 @@ Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Seeder", "util\Seeder\Seede
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "DbSeederUtility", "util\DbSeederUtility\DbSeederUtility.csproj", "{17A89266-260A-4A03-81AE-C0468C6EE06E}"
 EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "RustSdk", "util\RustSdk\RustSdk.csproj", "{D1513D90-E4F5-44A9-9121-5E46E3E4A3F7}"
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "SharedWeb.Test", "test\SharedWeb.Test\SharedWeb.Test.csproj", "{AD59537D-5259-4B7A-948F-0CF58E80B359}"
 EndProject
 Global
@@ -339,6 +340,10 @@ Global
 		{17A89266-260A-4A03-81AE-C0468C6EE06E}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{17A89266-260A-4A03-81AE-C0468C6EE06E}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{17A89266-260A-4A03-81AE-C0468C6EE06E}.Release|Any CPU.Build.0 = Release|Any CPU
+		{D1513D90-E4F5-44A9-9121-5E46E3E4A3F7}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{D1513D90-E4F5-44A9-9121-5E46E3E4A3F7}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{D1513D90-E4F5-44A9-9121-5E46E3E4A3F7}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{D1513D90-E4F5-44A9-9121-5E46E3E4A3F7}.Release|Any CPU.Build.0 = Release|Any CPU
 		{AD59537D-5259-4B7A-948F-0CF58E80B359}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{AD59537D-5259-4B7A-948F-0CF58E80B359}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{AD59537D-5259-4B7A-948F-0CF58E80B359}.Release|Any CPU.ActiveCfg = Release|Any CPU
@@ -397,6 +402,7 @@ Global
 		{3631BA42-6731-4118-A917-DAA43C5032B9} = {DD5BD056-4AAE-43EF-BBD2-0B569B8DA84F}
 		{9A612EBA-1C0E-42B8-982B-62F0EE81000A} = {DD5BD056-4AAE-43EF-BBD2-0B569B8DA84E}
 		{17A89266-260A-4A03-81AE-C0468C6EE06E} = {DD5BD056-4AAE-43EF-BBD2-0B569B8DA84E}
+		{D1513D90-E4F5-44A9-9121-5E46E3E4A3F7} = {DD5BD056-4AAE-43EF-BBD2-0B569B8DA84E}
 		{AD59537D-5259-4B7A-948F-0CF58E80B359} = {DD5BD056-4AAE-43EF-BBD2-0B569B8DA84F}
 	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution

util/RustSdk/NativeMethods.cs

@@ -0,0 +1,58 @@
+using System.Reflection;
+using System.Runtime.InteropServices;
+
+namespace Bit.RustSDK;
+
+public static partial class NativeMethods
+{
+    // https://docs.microsoft.com/en-us/dotnet/standard/native-interop/cross-platform
+    // Library path will search
+    // win => __DllName, __DllName.dll
+    // linux, osx => __DllName.so, __DllName.dylib
+
+    static NativeMethods()
+    {
+        NativeLibrary.SetDllImportResolver(typeof(NativeMethods).Assembly, DllImportResolver);
+    }
+
+    static IntPtr DllImportResolver(string libraryName, Assembly assembly, DllImportSearchPath? searchPath)
+    {
+        if (libraryName != __DllName) return IntPtr.Zero;
+
+        var path = "runtimes/";
+        var extension = "";
+
+        if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
+        {
+            path += "win-";
+            extension = ".dll";
+        }
+        else if (RuntimeInformation.IsOSPlatform(OSPlatform.OSX))
+        {
+            path += "osx-";
+            extension = ".dylib";
+        }
+        else
+        {
+            path += "linux-";
+            extension = ".so";
+        }
+
+        if (RuntimeInformation.ProcessArchitecture == Architecture.X86)
+        {
+            path += "x86";
+        }
+        else if (RuntimeInformation.ProcessArchitecture == Architecture.X64)
+        {
+            path += "x64";
+        }
+        else if (RuntimeInformation.ProcessArchitecture == Architecture.Arm64)
+        {
+            path += "arm64";
+        }
+
+        path += "/native/" + __DllName + extension;
+
+        return NativeLibrary.Load(Path.Combine(AppContext.BaseDirectory, path), assembly, searchPath);
+    }
+}

util/RustSdk/RustSdk.csproj

@@ -0,0 +1,41 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <TargetFramework>net8.0</TargetFramework>
+    <ImplicitUsings>enable</ImplicitUsings>
+    <Nullable>enable</Nullable>
+    <RootNamespace>Bit.RustSDK</RootNamespace>
+    <UserSecretsId>Bit.RustSDK</UserSecretsId>
+    <AllowUnsafeBlocks>true</AllowUnsafeBlocks>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <Content Include="rust/target/release/libsdk*.dylib">
+      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
+      <PackageCopyToOutput>true</PackageCopyToOutput>
+      <Link>runtimes/osx-arm64/native/libsdk.dylib</Link>
+    </Content>
+    <Content Include="./rust/target/release/libsdk*.so">
+      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
+      <PackageCopyToOutput>true</PackageCopyToOutput>
+      <Link>runtimes/linux-x64/native/libsdk.dylib</Link>
+    </Content>
+    <Content Include="./rust/target/release/libsdk*.dll">
+      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
+      <PackageCopyToOutput>true</PackageCopyToOutput>
+      <Link>runtimes/windows-x64/native/libsdk.dylib</Link>
+    </Content>
+
+    <!-- This is a work around because this file is compiled by the PreBuild event below, and won't
+    always be detected -->
+    <Compile Remove="NativeMethods.g.cs" />
+  </ItemGroup>
+
+  <Target Name="PreBuild" BeforeTargets="PreBuildEvent">
+    <Exec Command="cargo build --release" WorkingDirectory="$(ProjectDir)/rust" />
+    <ItemGroup>
+      <Compile Include="NativeMethods.g.cs" />
+    </ItemGroup>
+  </Target>
+
+</Project>

util/RustSdk/RustSdkException.cs

@@ -0,0 +1,19 @@
+namespace Bit.RustSDK;
+
+/// <summary>
+/// Exception thrown when the Rust SDK operations fail
+/// </summary>
+public class RustSdkException : Exception
+{
+    public RustSdkException() : base("An error occurred in the Rust SDK operation")
+    {
+    }
+
+    public RustSdkException(string message) : base(message)
+    {
+    }
+
+    public RustSdkException(string message, Exception innerException) : base(message, innerException)
+    {
+    }
+}

util/RustSdk/RustSdkService.cs

@@ -0,0 +1,104 @@
+using System.Runtime.InteropServices;
+using System.Text;
+using System.Text.Json;
+
+namespace Bit.RustSDK;
+
+public class UserKeys
+{
+    public required string MasterPasswordHash { get; set; }
+    /// <summary>
+    /// Base64 encoded UserKey
+    /// </summary>
+    public required string Key { get; set; }
+    public required string EncryptedUserKey { get; set; }
+    public required string PublicKey { get; set; }
+    public required string PrivateKey { get; set; }
+}
+
+public class OrganizationKeys
+{
+    /// <summary>
+    /// Base64 encoded SymmetricCryptoKey
+    /// </summary>
+    public required string Key { get; set; }
+
+    public required string PublicKey { get; set; }
+    public required string PrivateKey { get; set; }
+}
+
+/// <summary>
+/// Service implementation that provides a C# friendly interface to the Rust SDK
+/// </summary>
+public class RustSdkService
+{
+    private static readonly JsonSerializerOptions CaseInsensitiveOptions = new()
+    {
+        PropertyNameCaseInsensitive = true
+    };
+
+    public unsafe UserKeys GenerateUserKeys(string email, string password)
+    {
+        var emailBytes = StringToRustString(email);
+        var passwordBytes = StringToRustString(password);
+
+        fixed (byte* emailPtr = emailBytes)
+        fixed (byte* passwordPtr = passwordBytes)
+        {
+            var resultPtr = NativeMethods.generate_user_keys(emailPtr, passwordPtr);
+
+            var result = TakeAndDestroyRustString(resultPtr);
+
+            return JsonSerializer.Deserialize<UserKeys>(result, CaseInsensitiveOptions)!;
+        }
+    }
+
+    public unsafe OrganizationKeys GenerateOrganizationKeys()
+    {
+        var resultPtr = NativeMethods.generate_organization_keys();
+
+        var result = TakeAndDestroyRustString(resultPtr);
+
+        return JsonSerializer.Deserialize<OrganizationKeys>(result, CaseInsensitiveOptions)!;
+    }
+
+    public unsafe string GenerateUserOrganizationKey(string userKey, string orgKey)
+    {
+        var userKeyBytes = StringToRustString(userKey);
+        var orgKeyBytes = StringToRustString(orgKey);
+
+        fixed (byte* userKeyPtr = userKeyBytes)
+        fixed (byte* orgKeyPtr = orgKeyBytes)
+        {
+            var resultPtr = NativeMethods.generate_user_organization_key(userKeyPtr, orgKeyPtr);
+
+            var result = TakeAndDestroyRustString(resultPtr);
+
+            return result;
+        }
+    }
+
+
+    private static byte[] StringToRustString(string str)
+    {
+        return Encoding.UTF8.GetBytes(str + '\0');
+    }
+
+    private static unsafe string TakeAndDestroyRustString(byte* ptr)
+    {
+        if (ptr == null)
+        {
+            throw new RustSdkException("Pointer is null");
+        }
+
+        var result = Marshal.PtrToStringUTF8((IntPtr)ptr);
+        NativeMethods.free_c_string(ptr);
+
+        if (result == null)
+        {
+            throw new RustSdkException("Failed to convert native result to string");
+        }
+
+        return result;
+    }
+}

util/RustSdk/RustSdkServiceFactory.cs

@@ -0,0 +1,21 @@
+namespace Bit.RustSDK;
+
+/// <summary>
+/// Factory for creating Rust SDK service instances
+/// </summary>
+public static class RustSdkServiceFactory
+{
+    /// <summary>
+    /// Creates a singleton instance of the Rust SDK service (thread-safe)
+    /// </summary>
+    /// <returns>A singleton IRustSdkService instance</returns>
+    public static RustSdkService CreateSingleton()
+    {
+        return SingletonHolder.Instance;
+    }
+
+    private static class SingletonHolder
+    {
+        internal static readonly RustSdkService Instance = new();
+    }
+}