Add constant time eq tests and comment

quexten · quexten · commit f7d5b361f46f · 2025-05-01T14:58:41.000+02:00
diff --git a/crates/bitwarden-crypto/src/keys/symmetric_crypto_key.rs b/crates/bitwarden-crypto/src/keys/symmetric_crypto_key.rs
@@ -76,7 +76,7 @@ pub struct XChaCha20Poly1305Key {
 
 impl ConstantTimeEq for XChaCha20Poly1305Key {
     fn ct_eq(&self, other: &Self) -> Choice {
-        self.enc_key.ct_eq(&other.enc_key)
+        self.enc_key.ct_eq(&other.enc_key) & self.key_id.ct_eq(&other.key_id)
     }
 }
 
@@ -215,6 +215,9 @@ impl SymmetricCryptoKey {
 }
 
 impl ConstantTimeEq for SymmetricCryptoKey {
+    /// Note: This is constant time with respect to comparing two keys of the same type, but not
+    /// constant type with respect to the fact that different keys are compared. If two types of
+    /// different keys are compared, then this does have different timing.
     fn ct_eq(&self, other: &SymmetricCryptoKey) -> Choice {
         use SymmetricCryptoKey::*;
         match (self, other) {
@@ -353,9 +356,14 @@ pub fn derive_symmetric_key(name: &str) -> Aes256CbcHmacKey {
 #[cfg(test)]
 mod tests {
     use base64::{engine::general_purpose::STANDARD, Engine};
+    use generic_array::GenericArray;
+    use typenum::U32;
 
     use super::{derive_symmetric_key, SymmetricCryptoKey};
-    use crate::keys::symmetric_crypto_key::{pad_key, unpad_key};
+    use crate::{
+        keys::symmetric_crypto_key::{pad_key, unpad_key},
+        Aes256CbcKey, XChaCha20Poly1305Key,
+    };
 
     #[test]
     fn test_symmetric_crypto_key() {
@@ -431,4 +439,56 @@ mod tests {
         let unpadded_key = unpad_key(&key_bytes).unwrap();
         assert_eq!(original_key, unpadded_key);
     }
+
+    #[test]
+    fn test_eq_aes_cbc_hmac() {
+        let key1 = SymmetricCryptoKey::make_aes256_cbc_hmac_key();
+        let key2 = SymmetricCryptoKey::make_aes256_cbc_hmac_key();
+        assert_ne!(key1, key2);
+        let key3 = SymmetricCryptoKey::try_from(key1.to_base64()).unwrap();
+        assert_eq!(key1, key3);
+    }
+
+    #[test]
+    fn test_eq_aes_cbc() {
+        let key1 = SymmetricCryptoKey::try_from(vec![1u8; 32]).unwrap();
+        let key2 = SymmetricCryptoKey::try_from(vec![2u8; 32]).unwrap();
+        assert_ne!(key1, key2);
+        let key3 = SymmetricCryptoKey::try_from(key1.to_base64()).unwrap();
+        assert_eq!(key1, key3);
+    }
+
+    #[test]
+    fn test_eq_xchacha20_poly1305() {
+        let key1 = SymmetricCryptoKey::make_xchacha20_poly1305_key();
+        let key2 = SymmetricCryptoKey::make_xchacha20_poly1305_key();
+        assert_ne!(key1, key2);
+        let key3 = SymmetricCryptoKey::try_from(key1.to_base64()).unwrap();
+        assert_eq!(key1, key3);
+    }
+
+    #[test]
+    fn test_neq_different_key_types() {
+        let key1 = SymmetricCryptoKey::Aes256CbcKey(Aes256CbcKey {
+            enc_key: Box::pin(GenericArray::<u8, U32>::default()),
+        });
+        let key2 = SymmetricCryptoKey::XChaCha20Poly1305Key(XChaCha20Poly1305Key {
+            enc_key: Box::pin(GenericArray::<u8, U32>::default()),
+            key_id: [0; 16],
+        });
+        assert_ne!(key1, key2);
+    }
+
+    #[test]
+    fn test_neq_different_key_id() {
+        let key1 = SymmetricCryptoKey::XChaCha20Poly1305Key(XChaCha20Poly1305Key {
+            enc_key: Box::pin(GenericArray::<u8, U32>::default()),
+            key_id: [0; 16],
+        });
+        let key2 = SymmetricCryptoKey::XChaCha20Poly1305Key(XChaCha20Poly1305Key {
+            enc_key: Box::pin(GenericArray::<u8, U32>::default()),
+            key_id: [1; 16],
+        });
+        assert_ne!(key1, key2);
+    }
 }
