bitwarden · dani-garcia · Mar 11, 2025 · Mar 11, 2025 · Mar 11, 2025 · Mar 11, 2025
@@ -0,0 +1,127 @@
+name: Build Rust Cross Platform
+
+on:
+  workflow_call:
+
+jobs:
+  build_rust:
+    name: Build for ${{ matrix.settings.os }} ${{ matrix.settings.target }}
+    runs-on: ${{ matrix.settings.os }}
+    strategy:
+      fail-fast: false
+      matrix:
+        settings:
+          - os: macos-13
+            target: x86_64-apple-darwin
+            dotnet_rid: osx-x64
+          - os: macos-13
+            target: aarch64-apple-darwin
+            dotnet_rid: osx-arm64
+          - os: windows-2022
+            target: i686-pc-windows-msvc
+            dotnet_rid: win-x86
+          - os: windows-2022
+            target: x86_64-pc-windows-msvc
+            dotnet_rid: win-x64
+          - os: windows-2022
+            target: aarch64-pc-windows-msvc
+            dotnet_rid: win-arm64
+          # caution: updating the linux runner OS version for GNU
+          #   targets will likely break the library for older OS versions.
+          #   prefer using oldest supported runner for for these targets
+          - os: ubuntu-22.04
+            target: x86_64-unknown-linux-gnu
+            dotnet_rid: linux-x64
+          - os: ubuntu-22.04
+            target: aarch64-unknown-linux-gnu
+            dotnet_rid: linux-arm64
+            use_cross: true
+          - os: ubuntu-22.04
+            target: armv7-unknown-linux-gnueabihf
+            dotnet_rid: linux-arm
+            use_cross: true
+          - os: ubuntu-22.04
+            target: arm-unknown-linux-gnueabihf
+            dotnet_rid: linux-armv6
+            use_cross: true
+          - os: ubuntu-22.04
+            target: armv5te-unknown-linux-gnueabi
+            dotnet_rid: linux-armel
+            use_cross: true
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Install rust
+        uses: dtolnay/rust-toolchain@c5a29ddb4d9d194e7c84ec8c3fba61b1c31fee8c # stable
+        with:
+          toolchain: stable
+
+      - name: Cache cargo registry
+        uses: Swatinem/rust-cache@82a92a6e8fbeee089604da2575dc567ae9ddeaab # v2.7.5
+
+      - name: Install cross
+        if: ${{ startsWith(matrix.settings.os, 'ubuntu') && !startsWith(matrix.settings.target, 'x86_64') }}
+        run: cargo install cross --git https://github.com/cross-rs/cross --rev 36c0d7810ddde073f603c82d896c2a6c886ff7a4
+
+      - name: Add build architecture
+        run: rustup target add ${{ matrix.settings.target }}
+
+      # Build Rust natively
+      - name: Build Rust native for - ${{ matrix.settings.target }}
+        if: ${{ matrix.settings.use_cross != true }}
+        env:
+          RUSTFLAGS: "-D warnings"
+          MACOSX_DEPLOYMENT_TARGET: "10.14" # allows using new macos runner versions while still supporting older systems
+        run: cargo build --target ${{ matrix.settings.target }} --release
+        working-directory: extensions/Bitwarden.Opaque/rust
+
+      # Build Rust using cross
+      - name: Build Rust cross for - ${{ matrix.settings.target }}
+        if: ${{ matrix.settings.use_cross == true }}
+        env:
+          RUSTFLAGS: "-D warnings"
+        run: cross build --target ${{ matrix.settings.target }} --release
+        working-directory: extensions/Bitwarden.Opaque/rust
+
+      - name: Upload Artifact
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
+        with:
+          name: libopaque_ke_binding_files-${{ matrix.settings.dotnet_rid }}
+          # We only need these until the next step, so delete them as soon as possible
+          retention-days: 1
+          if-no-files-found: error
+          path: |
+            extensions/Bitwarden.Opaque/rust/target/${{ matrix.settings.target }}/release/opaque_ke_binding.dll
+            extensions/Bitwarden.Opaque/rust/target/${{ matrix.settings.target }}/release/libopaque_ke_binding.so
+            extensions/Bitwarden.Opaque/rust/target/${{ matrix.settings.target }}/release/libopaque_ke_binding.dylib
+
+  collect_artifacts:
+    name: Collect and Upload All Artifacts
+    runs-on: ubuntu-22.04
+    needs: build_rust
+    steps:
+      - name: Download all artifacts
+        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
+        with:
+          pattern: libopaque_ke_binding_files-*
+          path: downloaded_runtimes/
+
+      - name: Move files to the correct directory
+        run: |
+          for file in downloaded_runtimes/libopaque_ke_binding_files-*; do
+            echo "Processing $file"
+            platform="${file#downloaded_runtimes/libopaque_ke_binding_files-}"
+            echo "Platform: $platform"
+            mkdir -p runtimes/${platform}/native
+            mv $file/* runtimes/${platform}/native
+          done
+
+      - name: Upload Combined Artifact
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
+        with:
+          name: libopaque_ke_binding_all_files
+          if-no-files-found: error
+          path: |
+            runtimes/**/*
@@ -11,8 +11,14 @@ on:
         description: Token used to publish packages
 
 jobs:
+  build_rust:
+    name: Build Rust Cross Platform
+    uses: ./.github/workflows/build-rust-cross-platform.yml
+
   release:
     name: Release
+    needs:
+      - build_rust
     runs-on: ubuntu-22.04
     outputs:
       package: ${{ steps.parse-package.outputs.result }}
@@ -47,6 +53,12 @@ jobs:
 
             return refParts[3];
 
+      - name: Download cross compiled library files
+        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
+        with:
+          name: libopaque_ke_binding_all_files
+          path: extensions/Bitwarden.Opaque/rust/dist/
+
       - name: Pack
         run: dotnet pack -c Release -p:IsPreRelease=$IS_PRERELEASE
         working-directory: "./extensions/${{ steps.parse-package.outputs.result }}/src"

@@ -8,7 +8,7 @@ on:
 jobs:
   prerelease:
     name: Do prerelease
-    uses: bitwarden/dotnet-extensions/.github/workflows/pack-and-release.yml@main
+    uses: ./.github/workflows/pack-and-release.yml
     with:
       prerelease: true
     secrets:

@@ -11,6 +11,7 @@ on:
         options:
         - Bitwarden.Server.Sdk
         - Bitwarden.Server.Sdk.Features
+        - Bitwarden.Opaque
 
 permissions:
   pull-requests: write

@@ -0,0 +1,3 @@
+{
+  "rust-analyzer.linkedProjects": ["extensions/Bitwarden.Opaque/rust/Cargo.toml"],
+}
@@ -45,6 +45,14 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "tests", "tests", "{4949B721
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Bitwarden.Server.Sdk.Features.Tests", "extensions\Bitwarden.Server.Sdk.Features\tests\Bitwarden.Server.Sdk.Features.Tests\Bitwarden.Server.Sdk.Features.Tests.csproj", "{1789F567-87B3-4313-80CF-E3CCFA1B6D5E}"
 EndProject
+Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Bitwarden.Opaque", "Bitwarden.Opaque", "{023418F1-43B7-4D56-AFA1-67D8FE9B7EC1}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Bitwarden.Opaque", "extensions\Bitwarden.Opaque\src\Bitwarden.Opaque.csproj", "{B49E33DF-A672-4361-BECA-C3DA423BD7A9}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Bitwarden.Opaque.Tests", "extensions\Bitwarden.Opaque\tests\Bitwarden.Opaque.Tests.csproj", "{DC9DAB81-5ED7-4756-BF20-D594D87D2865}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Bitwarden.Opaque.Benchmarks", "extensions\Bitwarden.Opaque\perf\Bitwarden.Opaque.Benchmarks.csproj", "{96631E35-695B-4BAF-B1E7-4446437A5FC8}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -102,6 +110,18 @@ Global
 		{1789F567-87B3-4313-80CF-E3CCFA1B6D5E}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{1789F567-87B3-4313-80CF-E3CCFA1B6D5E}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{1789F567-87B3-4313-80CF-E3CCFA1B6D5E}.Release|Any CPU.Build.0 = Release|Any CPU
+		{B49E33DF-A672-4361-BECA-C3DA423BD7A9}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{B49E33DF-A672-4361-BECA-C3DA423BD7A9}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{B49E33DF-A672-4361-BECA-C3DA423BD7A9}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{B49E33DF-A672-4361-BECA-C3DA423BD7A9}.Release|Any CPU.Build.0 = Release|Any CPU
+		{DC9DAB81-5ED7-4756-BF20-D594D87D2865}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{DC9DAB81-5ED7-4756-BF20-D594D87D2865}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{DC9DAB81-5ED7-4756-BF20-D594D87D2865}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{DC9DAB81-5ED7-4756-BF20-D594D87D2865}.Release|Any CPU.Build.0 = Release|Any CPU
+		{96631E35-695B-4BAF-B1E7-4446437A5FC8}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{96631E35-695B-4BAF-B1E7-4446437A5FC8}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{96631E35-695B-4BAF-B1E7-4446437A5FC8}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{96631E35-695B-4BAF-B1E7-4446437A5FC8}.Release|Any CPU.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(NestedProjects) = preSolution
 		{5EC8B943-2E9E-437D-9FFC-D18B5DB4D7D0} = {695C76EF-1102-4805-970F-7C995EE54930}
@@ -124,5 +144,9 @@ Global
 		{DF914CD1-F916-4A58-B749-625DB67FAAA7} = {026589E0-5AAA-44EB-B973-3CFFF5B54AFC}
 		{4949B721-5C7F-4D85-AB35-F57B54D7A6E6} = {026589E0-5AAA-44EB-B973-3CFFF5B54AFC}
 		{1789F567-87B3-4313-80CF-E3CCFA1B6D5E} = {4949B721-5C7F-4D85-AB35-F57B54D7A6E6}
+		{023418F1-43B7-4D56-AFA1-67D8FE9B7EC1} = {695C76EF-1102-4805-970F-7C995EE54930}
+		{B49E33DF-A672-4361-BECA-C3DA423BD7A9} = {023418F1-43B7-4D56-AFA1-67D8FE9B7EC1}
+		{DC9DAB81-5ED7-4756-BF20-D594D87D2865} = {023418F1-43B7-4D56-AFA1-67D8FE9B7EC1}
+		{96631E35-695B-4BAF-B1E7-4446437A5FC8} = {023418F1-43B7-4D56-AFA1-67D8FE9B7EC1}
 	EndGlobalSection
 EndGlobal
@@ -0,0 +1,19 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <OutputType>Exe</OutputType>
+    <TargetFramework>net8.0</TargetFramework>
+    <IsPackable>false</IsPackable>
+    <ImplicitUsings>enable</ImplicitUsings>
+    <Nullable>enable</Nullable>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <PackageReference Include="BenchmarkDotNet" Version="0.14.0" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="..\src\Bitwarden.Opaque.csproj" />
+  </ItemGroup>
+
+</Project>
@@ -0,0 +1,108 @@
+using BenchmarkDotNet.Attributes;
+
+namespace Bitwarden.Opaque.Benchmarks;
+
+// dotnet run --project extensions/Bitwarden.Opaque/perf/Bitwarden.Opaque.Benchmarks.csproj -c Release -p:BuildOpaqueLib=true
+
+[MemoryDiagnoser]
+public class OpaqueBench
+{
+    public BitwardenOpaqueServer server = new();
+    public BitwardenOpaqueClient client = new();
+    public CipherConfiguration config = CipherConfiguration.Default;
+
+    public string username = "demo_username";
+    public string password = "demo_password";
+
+    public byte[] serverSetup = null!;
+    public byte[] serverRegistration = null!;
+
+    public byte[] clientRegistrationRequest = null!;
+    public byte[] clientRegistrationUpload = null!;
+
+    public byte[] clientLoginCredentialRequest = null!;
+    public byte[] serverLoginState = null!;
+    public byte[] clientLoginCredentialFinalization = null!;
+
+    [GlobalSetup]
+    public void Setup()
+    {
+        // Use the complete benchmarks to extract the data for the partial benchmarks
+        var registration = CompleteRegistration();
+        serverSetup = registration.Item1;
+        serverRegistration = registration.Item2;
+        clientRegistrationRequest = registration.Item3;
+        clientRegistrationUpload = registration.Item4;
+
+        var login = CompleteLogin();
+        clientLoginCredentialRequest = login.Item1;
+        serverLoginState = login.Item2;
+        clientLoginCredentialFinalization = login.Item3;
+    }
+
+    [Benchmark]
+    public (byte[], byte[]) SeededFakeRegistration()
+    {
+        var seed = new byte[32];
+        return server.SeededFakeRegistration(seed);
+    }
+
+    [Benchmark]
+    public (byte[], byte[], byte[], byte[]) CompleteRegistration()
+    {
+        var clientRegisterStartResult = client.StartRegistration(config, password);
+        var serverRegisterStartResult = server.StartRegistration(config, null, clientRegisterStartResult.registrationRequest, username);
+        var clientRegisterFinishResult = client.FinishRegistration(config, clientRegisterStartResult.state, serverRegisterStartResult.registrationResponse, password);
+        var serverRegisterFinishResult = server.FinishRegistration(config, clientRegisterFinishResult.registrationUpload);
+        return (
+            serverRegisterStartResult.serverSetup,
+            serverRegisterFinishResult.serverRegistration,
+            clientRegisterStartResult.registrationRequest,
+            clientRegisterFinishResult.registrationUpload
+        );
+    }
+
+    [Benchmark]
+    public (byte[], byte[], byte[], byte[]) CompleteLogin()
+    {
+        var clientLoginStartResult = client.StartLogin(config, password);
+        var serverLoginStartResult = server.StartLogin(config, serverSetup, serverRegistration, clientLoginStartResult.credentialRequest, username);
+        var clientLoginFinishResult = client.FinishLogin(config, clientLoginStartResult.state, serverLoginStartResult.credentialResponse, password);
+        var serverLoginFinishResult = server.FinishLogin(config, serverLoginStartResult.state, clientLoginFinishResult.credentialFinalization);
+        return (
+            clientLoginStartResult.credentialRequest,
+            serverLoginStartResult.state,
+            clientLoginFinishResult.credentialFinalization,
+            serverLoginFinishResult.sessionKey
+        );
+    }
+
+    [Benchmark]
+    public (byte[], byte[]) StartServerRegistration()
+    {
+        var result = server.StartRegistration(config, null, clientRegistrationRequest, username);
+        return (result.registrationResponse, result.serverSetup);
+    }
+
+    [Benchmark]
+    public byte[] FinishServerRegistration()
+    {
+        var result = server.FinishRegistration(config, clientRegistrationUpload);
+        return result.serverRegistration;
+    }
+
+
+    [Benchmark]
+    public (byte[], byte[]) StartServerLogin()
+    {
+        var result = server.StartLogin(config, serverSetup, serverRegistration, clientLoginCredentialRequest, username);
+        return (result.credentialResponse, result.state);
+    }
+
+    [Benchmark]
+    public byte[] FinishServerLogin()
+    {
+        var result = server.FinishLogin(config, serverLoginState, clientLoginCredentialFinalization);
+        return result.sessionKey;
+    }
+}
@@ -0,0 +1,4 @@
+using System.Reflection;
+using BenchmarkDotNet.Running;
+
+BenchmarkRunner.Run(Assembly.GetExecutingAssembly());
@@ -0,0 +1,2 @@
+target
+dist