github-starred/android
2
0
Fork 0
mirror of https://github.com/bitwarden/android.git synced 2026-03-11 20:54:58 -05:00
Code Issues 144 Packages Projects Releases 116 Wiki Activity

[PR #5682] [MERGED] [PM-24577] Provision SDK with AccountKeys #5965

New Issue
Closed
opened 2025-11-27 00:17:50 -06:00 by GiteaMirror · 0 comments
GiteaMirror commented 2025-11-27 00:17:50 -06:00
Owner
Copy Link

📋 Pull Request Information

Original PR: https://github.com/bitwarden/android/pull/5682
Author: @SaintPatrck
Created: 8/12/2025
Status: Merged
Merged: 8/19/2025
Merged by: @SaintPatrck

Base: mainHead: PM-24577/provision-sdk-with-account-keys

📝 Commits (1)

  • b812c13 [PM-24577] Use AEAD key for vault unlock if available

📊 Changes

9 files changed (+786 additions, -185 deletions)

View changed files

📝 app/src/main/kotlin/com/x8bit/bitwarden/data/auth/repository/AuthRepositoryImpl.kt (+75 -10)
📝 app/src/main/kotlin/com/x8bit/bitwarden/data/platform/repository/AuthenticatorBridgeRepositoryImpl.kt (+14 -5)
📝 app/src/main/kotlin/com/x8bit/bitwarden/data/vault/manager/VaultLockManager.kt (+2 -0)
📝 app/src/main/kotlin/com/x8bit/bitwarden/data/vault/manager/VaultLockManagerImpl.kt (+11 -3)
📝 app/src/main/kotlin/com/x8bit/bitwarden/data/vault/repository/VaultRepositoryImpl.kt (+13 -1)
📝 app/src/test/kotlin/com/x8bit/bitwarden/data/auth/datasource/disk/util/FakeAuthDiskSource.kt (+8 -0)
📝 app/src/test/kotlin/com/x8bit/bitwarden/data/auth/repository/AuthRepositoryTest.kt (+578 -131)
📝 app/src/test/kotlin/com/x8bit/bitwarden/data/vault/manager/VaultLockManagerTest.kt (+34 -16)
📝 app/src/test/kotlin/com/x8bit/bitwarden/data/vault/repository/VaultRepositoryTest.kt (+51 -19)

📄 Description

🎟️ Tracking

PM-24577

📔 Objective

This commit refactors the vault unlocking logic to utilize AEAD (Authenticated Encryption with
Associated Data) keys if they are available and the EnrollAeadOnKeyRotation feature flag is
enabled.

Specifically, the following changes were made:

  • The VaultLockManager.unlockVault method and its implementations now accept optional signingKey
    and securityState parameters. These parameters are used to initialize a v2-encryption user. A v2 encryption user has an AEAD (xchacha20-poly1305) userkey, a signature keypair, and a signed security state.
  • The AuthRepositoryImpl and VaultRepositoryImpl were updated to retrieve the signingKey and
    securityState from AuthDiskSource when the EnrollAeadOnKeyRotation feature flag is active.
    These keys are then passed to the VaultLockManager during the vault unlocking process.
  • The AuthenticatorBridgeRepositoryImpl was also updated to use AEAD keys from AuthDiskSource
    when initializing crypto if the feature flag is enabled.
  • Corresponding tests were updated to reflect these changes, including mocking the
    FeatureFlagManager and providing the new parameters in unlockVault calls.
  • Dependency injection modules were updated to provide the FeatureFlagManager to the necessary
    repositories and managers.

Reminders before review

  • Contributor guidelines followed
  • All formatters and local linters executed and passed
  • Written new unit and / or integration tests where applicable
  • Protected functional changes with optionality (feature flags)
  • Used internationalization (i18n) for all UI strings
  • CI builds passed
  • Communicated to DevOps any deployment requirements
  • Updated any necessary documentation (Confluence, contributing docs) or informed the documentation
    team

🦮 Reviewer guidelines

  • 👍 (:+1:) or similar for great changes
  • 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
  • (:question:) for questions
  • 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed
    issue and could potentially benefit from discussion
  • 🎨 (:art:) for suggestions / improvements
  • (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
  • 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
  • ⛏ (:pick:) for minor or nitpick changes

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/bitwarden/android/pull/5682 **Author:** [@SaintPatrck](https://github.com/SaintPatrck) **Created:** 8/12/2025 **Status:** ✅ Merged **Merged:** 8/19/2025 **Merged by:** [@SaintPatrck](https://github.com/SaintPatrck) **Base:** `main` ← **Head:** `PM-24577/provision-sdk-with-account-keys` --- ### 📝 Commits (1) - [`b812c13`](https://github.com/bitwarden/android/commit/b812c1357f73288f40f9712320d03dbb156ed295) [PM-24577] Use AEAD key for vault unlock if available ### 📊 Changes **9 files changed** (+786 additions, -185 deletions) <details> <summary>View changed files</summary> 📝 `app/src/main/kotlin/com/x8bit/bitwarden/data/auth/repository/AuthRepositoryImpl.kt` (+75 -10) 📝 `app/src/main/kotlin/com/x8bit/bitwarden/data/platform/repository/AuthenticatorBridgeRepositoryImpl.kt` (+14 -5) 📝 `app/src/main/kotlin/com/x8bit/bitwarden/data/vault/manager/VaultLockManager.kt` (+2 -0) 📝 `app/src/main/kotlin/com/x8bit/bitwarden/data/vault/manager/VaultLockManagerImpl.kt` (+11 -3) 📝 `app/src/main/kotlin/com/x8bit/bitwarden/data/vault/repository/VaultRepositoryImpl.kt` (+13 -1) 📝 `app/src/test/kotlin/com/x8bit/bitwarden/data/auth/datasource/disk/util/FakeAuthDiskSource.kt` (+8 -0) 📝 `app/src/test/kotlin/com/x8bit/bitwarden/data/auth/repository/AuthRepositoryTest.kt` (+578 -131) 📝 `app/src/test/kotlin/com/x8bit/bitwarden/data/vault/manager/VaultLockManagerTest.kt` (+34 -16) 📝 `app/src/test/kotlin/com/x8bit/bitwarden/data/vault/repository/VaultRepositoryTest.kt` (+51 -19) </details> ### 📄 Description ## 🎟️ Tracking PM-24577 ## 📔 Objective This commit refactors the vault unlocking logic to utilize AEAD (Authenticated Encryption with Associated Data) keys if they are available and the `EnrollAeadOnKeyRotation` feature flag is enabled. Specifically, the following changes were made: - The `VaultLockManager.unlockVault` method and its implementations now accept optional signingKey and securityState parameters. These parameters are used to initialize a v2-encryption user. A v2 encryption user has an AEAD (xchacha20-poly1305) userkey, a signature keypair, and a signed security state. - The `AuthRepositoryImpl` and `VaultRepositoryImpl` were updated to retrieve the `signingKey` and `securityState` from `AuthDiskSource` when the `EnrollAeadOnKeyRotation` feature flag is active. These keys are then passed to the `VaultLockManager` during the vault unlocking process. - The `AuthenticatorBridgeRepositoryImpl` was also updated to use AEAD keys from `AuthDiskSource` when initializing crypto if the feature flag is enabled. - Corresponding tests were updated to reflect these changes, including mocking the `FeatureFlagManager` and providing the new parameters in `unlockVault` calls. - Dependency injection modules were updated to provide the `FeatureFlagManager` to the necessary repositories and managers. ## ⏰ Reminders before review - Contributor guidelines followed - All formatters and local linters executed and passed - Written new unit and / or integration tests where applicable - Protected functional changes with optionality (feature flags) - Used internationalization (i18n) for all UI strings - CI builds passed - Communicated to DevOps any deployment requirements - Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team ## 🦮 Reviewer guidelines <!-- Suggested interactions but feel free to use (or not) as you desire! --> - 👍 (`:+1:`) or similar for great changes - 📝 (`:memo:`) or ℹ️ (`:information_source:`) for notes or general info - ❓ (`:question:`) for questions - 🤔 (`:thinking:`) or 💭 (`:thought_balloon:`) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion - 🎨 (`:art:`) for suggestions / improvements - ❌ (`:x:`) or ⚠️ (`:warning:`) for more significant problems or concerns needing attention - 🌱 (`:seedling:`) or ♻️ (`:recycle:`) for future improvements or indications of technical debt - ⛏ (`:pick:`) for minor or nitpick changes --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
GiteaMirror added the pull-request label 2025-11-27 00:17:50 -06:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
app:authenticator
app:password-manager
bug
bug-passkey
customer-support
duplicate
enhancement
good first issue
help wanted
needs-reply
needs-response
pull-request
Mirrored from GitHub Pull Request
 question
No Label pull-request
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/android#5965
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?