[PM-32439] Consolidate safe module cryptographic namespacing strategy#770
Draft
[PM-32439] Consolidate safe module cryptographic namespacing strategy#770
Conversation
Contributor
|
Great job! No new security vulnerabilities introduced in this pull request |
Contributor
🔍 SDK Breaking Change Detection ResultsSDK Version:
Breaking change detection completed. View SDK workflow |
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## main #770 +/- ##
==========================================
+ Coverage 82.05% 82.07% +0.02%
==========================================
Files 331 332 +1
Lines 38348 38514 +166
==========================================
+ Hits 31466 31610 +144
- Misses 6882 6904 +22 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
quexten
force-pushed
the
km/consolidate-values
branch
from
96c814a to
9f988f2
Compare
quexten
changed the title
quexten
changed the title
quexten
changed the title
quexten
force-pushed
the
km/consolidate-values
branch
from
a267c1d to
db20456
Compare
quexten
commented
Feb 18, 2026
crates/bitwarden-crypto/src/cose.rs
Outdated
| /// The label used for the namespace ensuring strong domain separation when using data envelopes. | ||
| pub(crate) const DATA_ENVELOPE_NAMESPACE: i64 = -80001; | ||
| // The label used for defining the namespace of a signed object | ||
| pub(crate) const SIGNING_NAMESPACE: i64 = 80000; |
Contributor
Author
There was a problem hiding this comment.
Keeping signing namespace a separate layer. It spans a separate namespace that does not just include safe objects.
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
🎟️ Tracking
https://bitwarden.atlassian.net/browse/PM-32439
📔 Objective
Expands the cryptographic namespace separation to follow a clearer strategy. Specifically, there are now two layers of namespace separation, the object layer and the content layer. On the object layer we partition the cryptographic primitives (Encrypt0, Sign1) into safe primitives (DataEnvelope, PasswordProtectedKeyEnvelope, etc). On the content layer, we partition each of the above subsets further, by use-case. For example, a valid partitioning for PasswordProtectedKeyEnvelope would be {MasterPassword, Pin}.
This prevents a class of attacks where the server switches cryptographic objects, signed/encrypted under the same key. This eliminates any kind of cryptographic analysis that would be needed to prevent the above attacks / limits security analysis to each sub-namespace spanned by the combination of the object and content namespace layer.
🚨 Breaking Changes