Revision control
Copy as Markdown
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
//! Support for "encrypted bso"s, as received by the storage servers.
//! This module decrypts them into IncomingBso's suitable for use by the
//! engines.
use super::{IncomingBso, IncomingEnvelope, OutgoingBso, OutgoingEnvelope};
use crate::error;
use crate::key_bundle::KeyBundle;
use crate::EncryptedPayload;
use serde::{de::DeserializeOwned, Deserialize, Serialize};
// The BSO implementation we use for encrypted payloads.
// Note that this is almost identical to the IncomingBso implementations, except
// instead of a String payload we use an EncryptedPayload. Obviously we *could*
// just use a String payload and transform it into an EncryptedPayload - any maybe we
// should - but this is marginally optimal in terms of deserialization.
#[derive(Deserialize, Debug)]
pub struct IncomingEncryptedBso {
pub envelope: IncomingEnvelope,
with = "as_json",
bound(deserialize = "EncryptedPayload: DeserializeOwned")
pub(crate) payload: EncryptedPayload,
impl IncomingEncryptedBso {
pub fn new(envelope: IncomingEnvelope, payload: EncryptedPayload) -> Self {
Self { envelope, payload }
/// Decrypt a BSO, consuming it into a clear-text version.
pub fn into_decrypted(self, key: &KeyBundle) -> error::Result<IncomingBso> {
Ok(IncomingBso::new(self.envelope, self.payload.decrypt(key)?))
#[derive(Serialize, Debug)]
pub struct OutgoingEncryptedBso {
pub envelope: OutgoingEnvelope,
#[serde(with = "as_json", bound(serialize = "EncryptedPayload: Serialize"))]
payload: EncryptedPayload,
impl OutgoingEncryptedBso {
pub fn new(envelope: OutgoingEnvelope, payload: EncryptedPayload) -> Self {
Self { envelope, payload }
pub fn serialized_payload_len(&self) -> usize {
impl OutgoingBso {
pub fn into_encrypted(self, key: &KeyBundle) -> error::Result<OutgoingEncryptedBso> {
Ok(OutgoingEncryptedBso {
envelope: self.envelope,
payload: EncryptedPayload::from_cleartext(key, self.payload)?,
// The BSOs we write to the servers expect a "payload" attribute which is a JSON serialized
// string, rather than the JSON representation of the object.
// ie, the serialized object is expected to look like:
// `{"id": "some-guid", "payload": "{\"IV\": ... }"}` <-- payload is a string.
// However, if we just serialize it directly, we end up with:
// `{"id": "some-guid", "payload": {"IV": ... }}` <-- payload is an object.
// The magic here means we can serialize and deserialize directly into/from the object, correctly
// working with the payload as a string, instead of needing to explicitly stringify/parse the
// payload as an extra step.
// This would work for any <T>, but we only use it for EncryptedPayload - the way our cleartext
// BSOs work mean it's not necessary there as they define the payload as a String - ie, they do
// explicitly end up doing 2 JSON operations as an ergonomic design choice.
mod as_json {
use serde::de::{self, Deserialize, DeserializeOwned, Deserializer};
use serde::ser::{self, Serialize, Serializer};
pub fn serialize<T, S>(t: &T, serializer: S) -> Result<S::Ok, S::Error>
T: Serialize,
S: Serializer,
let j = serde_json::to_string(t).map_err(ser::Error::custom)?;
pub fn deserialize<'de, T, D>(deserializer: D) -> Result<T, D::Error>
T: DeserializeOwned,
D: Deserializer<'de>,
let j = String::deserialize(deserializer)?;
// Lots of stuff for testing the sizes of encrypted records, because the servers have
// certain limits in terms of max-POST sizes, forcing us to chunk uploads, but
// we need to calculate based on encrypted record size rather than the raw <T> size.
// This is a little cludgey but I couldn't think of another way to have easy deserialization
// without a bunch of wrapper types, while still only serializing a single time in the
// postqueue.
impl OutgoingEncryptedBso {
/// Return the length of the serialized payload.
pub fn payload_serialized_len(&self) -> usize {
// self.payload is private, but tests want to create funky things.
// XXX - test only, but test in another crate :(
pub fn make_test_bso(ciphertext: String) -> Self {
Self {
envelope: OutgoingEnvelope {
id: "".into(),
sortindex: None,
ttl: None,
payload: EncryptedPayload {
iv: "".into(),
hmac: "".into(),
mod tests {
use super::*;
use crate::bso::OutgoingEnvelope;
fn test_deserialize_enc() {
let serialized = r#"{
"id": "1234",
"collection": "passwords",
"modified": 12344321.0,
"payload": "{\"IV\": \"aaaaa\", \"hmac\": \"bbbbb\", \"ciphertext\": \"ccccc\"}"
let record: IncomingEncryptedBso = serde_json::from_str(serialized).unwrap();
assert_eq!(&, "1234");
assert_eq!((record.envelope.modified.0 - 12_344_321_000).abs(), 0);
assert_eq!(record.envelope.sortindex, None);
assert_eq!(&record.payload.iv, "aaaaa");
assert_eq!(&record.payload.hmac, "bbbbb");
assert_eq!(&record.payload.ciphertext, "ccccc");
fn test_deserialize_autofields() {
let serialized = r#"{
"id": "1234",
"collection": "passwords",
"modified": 12344321.0,
"sortindex": 100,
"ttl": 99,
"payload": "{\"IV\": \"aaaaa\", \"hmac\": \"bbbbb\", \"ciphertext\": \"ccccc\"}"
let record: IncomingEncryptedBso = serde_json::from_str(serialized).unwrap();
assert_eq!(record.envelope.sortindex, Some(100));
assert_eq!(record.envelope.ttl, Some(99));
fn test_serialize_enc() {
let goal = r#"{"id":"1234","payload":"{\"IV\":\"aaaaa\",\"hmac\":\"bbbbb\",\"ciphertext\":\"ccccc\"}"}"#;
let record = OutgoingEncryptedBso {
envelope: OutgoingEnvelope {
id: "1234".into(),
payload: EncryptedPayload {
iv: "aaaaa".into(),
hmac: "bbbbb".into(),
ciphertext: "ccccc".into(),
let actual = serde_json::to_string(&record).unwrap();
assert_eq!(actual, goal);
let val_str_payload: serde_json::Value = serde_json::from_str(goal).unwrap();