[PM-17900] Add cose / xchacha20poly1305 migration on userkey rotation (#14539)

* Add new encrypt service functions

* Undo changes

* Cleanup

* Fix build

* Fix comments

* Switch encrypt service to use SDK functions

* Add cose migration on userkey rotation

* Update sdk

* Set featureflag to default disabled

* Add tests

* Update sdk to build 168

* Make changes according to feedback

libs/common/src/enums/feature-flag.enum.ts

@@ -48,6 +48,7 @@ export enum FeatureFlag {
   PM4154_BulkEncryptionService = "PM-4154-bulk-encryption-service",
   UseSDKForDecryption = "use-sdk-for-decryption",
   PM17987_BlockType0 = "pm-17987-block-type-0",
+  EnrollAeadOnKeyRotation = "enroll-aead-on-key-rotation",
 
   /* Tools */
   ItemShare = "item-share",
@@ -131,6 +132,7 @@ export const DefaultFeatureFlagValue = {
   [FeatureFlag.PM4154_BulkEncryptionService]: FALSE,
   [FeatureFlag.UseSDKForDecryption]: FALSE,
   [FeatureFlag.PM17987_BlockType0]: FALSE,
+  [FeatureFlag.EnrollAeadOnKeyRotation]: FALSE,
 
   /* Platform */
   [FeatureFlag.IpcChannelFramework]: FALSE,

libs/common/src/platform/enums/encryption-type.enum.ts

@@ -1,9 +1,16 @@
 // FIXME: update to use a const object instead of a typescript enum
 // eslint-disable-next-line @bitwarden/platform/no-enums
 export enum EncryptionType {
+  // Symmetric encryption types
   AesCbc256_B64 = 0,
   // Type 1 was the unused and removed AesCbc128_HmacSha256_B64
   AesCbc256_HmacSha256_B64 = 2,
+  // Cose is the encoding for the key used, but contained can be:
+  // - XChaCha20Poly1305
+  CoseEncrypt0 = 7,
+
+  // Asymmetric encryption types. These never occur in the same places that the symmetric ones would
+  // and can be split out into a separate enum.
   Rsa2048_OaepSha256_B64 = 3,
   Rsa2048_OaepSha1_B64 = 4,
   Rsa2048_OaepSha256_HmacSha256_B64 = 5,
@@ -38,4 +45,5 @@ export const EXPECTED_NUM_PARTS_BY_ENCRYPTION_TYPE = {
   [EncryptionType.Rsa2048_OaepSha1_B64]: 1,
   [EncryptionType.Rsa2048_OaepSha256_HmacSha256_B64]: 2,
   [EncryptionType.Rsa2048_OaepSha1_HmacSha256_B64]: 2,
+  [EncryptionType.CoseEncrypt0]: 1,
 };

libs/common/src/platform/models/domain/symmetric-crypto-key.ts

@@ -16,13 +16,19 @@ export type Aes256CbcKey = {
   encryptionKey: Uint8Array;
 };
 
+export type CoseKey = {
+  type: EncryptionType.CoseEncrypt0;
+  // Encryption key here refers to the cose-encoded and padded key. This MAY later be refactored to contain the actual key bytes, as is the case in the SDK
+  encryptionKey: Uint8Array;
+};
+
 /**
  *  A symmetric crypto key represents a symmetric key usable for symmetric encryption and decryption operations.
  *  The specific algorithm used is private to the key, and should only be exposed to encrypt service implementations.
  *  This can be done via `inner()`.
  */
 export class SymmetricCryptoKey {
-  private innerKey: Aes256CbcHmacKey | Aes256CbcKey;
+  private innerKey: Aes256CbcHmacKey | Aes256CbcKey | CoseKey;
 
   keyB64: string;
 
@@ -47,6 +53,12 @@ export class SymmetricCryptoKey {
         authenticationKey: key.slice(32),
       };
       this.keyB64 = this.toBase64();
+    } else if (key.byteLength > 64) {
+      this.innerKey = {
+        type: EncryptionType.CoseEncrypt0,
+        encryptionKey: key,
+      };
+      this.keyB64 = this.toBase64();
     } else {
       throw new Error(`Unsupported encType/key length ${key.byteLength}`);
     }
@@ -63,7 +75,7 @@ export class SymmetricCryptoKey {
    *
    * @returns The inner key instance that can be directly used for encryption primitives
    */
-  inner(): Aes256CbcHmacKey | Aes256CbcKey {
+  inner(): Aes256CbcHmacKey | Aes256CbcKey | CoseKey {
     return this.innerKey;
   }
 
@@ -90,6 +102,8 @@ export class SymmetricCryptoKey {
       encodedKey.set(this.innerKey.encryptionKey, 0);
       encodedKey.set(this.innerKey.authenticationKey, 32);
       return encodedKey;
+    } else if (this.innerKey.type === EncryptionType.CoseEncrypt0) {
+      return this.innerKey.encryptionKey;
     } else {
       throw new Error("Unsupported encryption type.");
     }