Unify WASM crypto client with mobile (#226)

## 🎟️ Tracking

<!-- Paste the link to the Jira or GitHub issue or otherwise describe /
point to where this change is coming from. -->

## 📔 Objective

With the removal of the lifetimes of the clients, we can remove the
wasm-specific crypto client and instead use the one in bitwarden-core.

## ⏰ Reminders before review

- Contributor guidelines followed
- All formatters and local linters executed and passed
- Written new unit and / or integration tests where applicable
- Protected functional changes with optionality (feature flags)
- Used internationalization (i18n) for all UI strings
- CI builds passed
- Communicated to DevOps any deployment requirements
- Updated any necessary documentation (Confluence, contributing docs) or
informed the documentation
  team

## 🦮 Reviewer guidelines

<!-- Suggested interactions but feel free to use (or not) as you desire!
-->

- 👍 (`:+1:`) or similar for great changes
- 📝 (`:memo:`) or ℹ️ (`:information_source:`) for notes or general info
- ❓ (`:question:`) for questions
- 🤔 (`:thinking:`) or 💭 (`:thought_balloon:`) for more open inquiry
that's not quite a confirmed
  issue and could potentially benefit from discussion
- 🎨 (`:art:`) for suggestions / improvements
- ❌ (`:x:`) or ⚠️ (`:warning:`) for more significant problems or
concerns needing attention
- 🌱 (`:seedling:`) or ♻️ (`:recycle:`) for future improvements or
indications of technical debt
- ⛏ (`:pick:`) for minor or nitpick changes

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Oscar Hinton <[email protected]>

Author: 3 people

Cargo.lock

@@ -24,6 +24,7 @@ uniffi = ["bitwarden-crypto/uniffi", "dep:uniffi"] # Uniffi bindings
 wasm = [
     "bitwarden-error/wasm",
     "dep:wasm-bindgen",
+    "dep:wasm-bindgen-futures",
     "dep:tsify-next"
 ] # WASM support
 
@@ -50,6 +51,7 @@ tsify-next = { workspace = true, optional = true }
 uniffi = { workspace = true, optional = true, features = ["tokio"] }
 uuid = { workspace = true }
 wasm-bindgen = { workspace = true, optional = true }
+wasm-bindgen-futures = { workspace = true, optional = true }
 zeroize = { version = ">=1.7.0, <2.0", features = ["derive", "aarch64"] }
 zxcvbn = { version = ">=3.0.1, <4.0", optional = true }
 

crates/bitwarden-core/Cargo.toml

@@ -140,9 +140,9 @@ mod tests {
     use bitwarden_crypto::{Kdf, MasterKey};
 
     use super::*;
-    use crate::{
-        key_management::SymmetricKeyId,
-        mobile::crypto::{AuthRequestMethod, InitUserCryptoMethod, InitUserCryptoRequest},
+    use crate::key_management::{
+        crypto::{AuthRequestMethod, InitUserCryptoMethod, InitUserCryptoRequest},
+        SymmetricKeyId,
     };
 
     #[test]

crates/bitwarden-core/src/auth/auth_request.rs

@@ -12,7 +12,7 @@ use crate::{
         auth_request::new_auth_request,
     },
     client::{LoginMethod, UserLoginMethod},
-    mobile::crypto::{AuthRequestMethod, InitUserCryptoMethod, InitUserCryptoRequest},
+    key_management::crypto::{AuthRequestMethod, InitUserCryptoMethod, InitUserCryptoRequest},
     require, ApiError, Client,
 };
 

crates/bitwarden-core/src/auth/login/auth_request.rs

@@ -4,10 +4,7 @@ use std::collections::HashMap;
 use bitwarden_crypto::{EncString, Kdf};
 
 use crate::{
-    mobile::crypto::{
-        initialize_org_crypto, initialize_user_crypto, InitOrgCryptoRequest, InitUserCryptoMethod,
-        InitUserCryptoRequest,
-    },
+    key_management::crypto::{InitOrgCryptoRequest, InitUserCryptoMethod, InitUserCryptoRequest},
     Client,
 };
 
@@ -20,10 +17,14 @@ impl Client {
             true,
         )]));
 
-        initialize_user_crypto(&client, account.user).await.unwrap();
+        client
+            .crypto()
+            .initialize_user_crypto(account.user)
+            .await
+            .unwrap();
 
         if let Some(org) = account.org {
-            initialize_org_crypto(&client, org).await.unwrap();
+            client.crypto().initialize_org_crypto(org).await.unwrap();
         }
 
         client

crates/bitwarden-core/src/client/test_accounts.rs

@@ -11,6 +11,8 @@ use bitwarden_crypto::{
     AsymmetricCryptoKey, CryptoError, EncString, Kdf, KeyDecryptable, KeyEncryptable, MasterKey,
     SymmetricCryptoKey, UnsignedSharedKey, UserKey,
 };
+use bitwarden_error::bitwarden_error;
+use schemars::JsonSchema;
 use serde::{Deserialize, Serialize};
 #[cfg(feature = "wasm")]
 use {tsify_next::Tsify, wasm_bindgen::prelude::*};
@@ -23,8 +25,9 @@ use crate::{
 
 /// Catch all error for mobile crypto operations.
 #[allow(missing_docs)]
+#[bitwarden_error(flat)]
 #[derive(Debug, thiserror::Error)]
-pub enum MobileCryptoError {
+pub enum CryptoClientError {
     #[error(transparent)]
     NotAuthenticated(#[from] NotAuthenticatedError),
     #[error(transparent)]
@@ -123,7 +126,7 @@ pub enum AuthRequestMethod {
 }
 
 /// Initialize the user's cryptographic state.
-pub async fn initialize_user_crypto(
+pub(super) async fn initialize_user_crypto(
     client: &Client,
     req: InitUserCryptoRequest,
 ) -> Result<(), EncryptionSettingsError> {
@@ -236,7 +239,7 @@ pub struct InitOrgCryptoRequest {
 }
 
 /// Initialize the user's organizational cryptographic state.
-pub(crate) async fn initialize_org_crypto(
+pub(super) async fn initialize_org_crypto(
     client: &Client,
     req: InitOrgCryptoRequest,
 ) -> Result<(), EncryptionSettingsError> {
@@ -245,7 +248,7 @@ pub(crate) async fn initialize_org_crypto(
     Ok(())
 }
 
-pub(super) async fn get_user_encryption_key(client: &Client) -> Result<String, MobileCryptoError> {
+pub(super) async fn get_user_encryption_key(client: &Client) -> Result<String, CryptoClientError> {
     let key_store = client.internal.get_key_store();
     let ctx = key_store.context();
     // This is needed because the mobile clients need access to the user encryption key
@@ -259,6 +262,7 @@ pub(super) async fn get_user_encryption_key(client: &Client) -> Result<String, M
 #[derive(Serialize, Deserialize, Debug)]
 #[serde(rename_all = "camelCase", deny_unknown_fields)]
 #[cfg_attr(feature = "uniffi", derive(uniffi::Record))]
+#[cfg_attr(feature = "wasm", derive(Tsify), tsify(into_wasm_abi, from_wasm_abi))]
 pub struct UpdatePasswordResponse {
     /// Hash of the new password
     password_hash: String,
@@ -269,7 +273,7 @@ pub struct UpdatePasswordResponse {
 pub(super) fn update_password(
     client: &Client,
     new_password: String,
-) -> Result<UpdatePasswordResponse, MobileCryptoError> {
+) -> Result<UpdatePasswordResponse, CryptoClientError> {
     let key_store = client.internal.get_key_store();
     let ctx = key_store.context();
     // FIXME: [PM-18099] Once MasterKey deals with KeyIds, this should be updated
@@ -308,6 +312,7 @@ pub(super) fn update_password(
 #[derive(Serialize, Deserialize, Debug)]
 #[serde(rename_all = "camelCase", deny_unknown_fields)]
 #[cfg_attr(feature = "uniffi", derive(uniffi::Record))]
+#[cfg_attr(feature = "wasm", derive(Tsify), tsify(into_wasm_abi, from_wasm_abi))]
 pub struct DerivePinKeyResponse {
     /// [UserKey] protected by PIN
     pin_protected_user_key: EncString,
@@ -318,7 +323,7 @@ pub struct DerivePinKeyResponse {
 pub(super) fn derive_pin_key(
     client: &Client,
     pin: String,
-) -> Result<DerivePinKeyResponse, MobileCryptoError> {
+) -> Result<DerivePinKeyResponse, CryptoClientError> {
     let key_store = client.internal.get_key_store();
     let ctx = key_store.context();
     // FIXME: [PM-18099] Once PinKey deals with KeyIds, this should be updated
@@ -341,7 +346,7 @@ pub(super) fn derive_pin_key(
 pub(super) fn derive_pin_user_key(
     client: &Client,
     encrypted_pin: EncString,
-) -> Result<EncString, MobileCryptoError> {
+) -> Result<EncString, CryptoClientError> {
     let key_store = client.internal.get_key_store();
     let ctx = key_store.context();
     // FIXME: [PM-18099] Once PinKey deals with KeyIds, this should be updated
@@ -361,7 +366,7 @@ fn derive_pin_protected_user_key(
     pin: &str,
     login_method: &LoginMethod,
     user_key: &SymmetricCryptoKey,
-) -> Result<EncString, MobileCryptoError> {
+) -> Result<EncString, CryptoClientError> {
     use bitwarden_crypto::PinKey;
 
     let derived_key = match login_method {
@@ -377,6 +382,7 @@ fn derive_pin_protected_user_key(
 }
 
 #[allow(missing_docs)]
+#[bitwarden_error(flat)]
 #[derive(Debug, thiserror::Error)]
 pub enum EnrollAdminPasswordResetError {
     #[error(transparent)]
@@ -408,7 +414,10 @@ pub(super) fn enroll_admin_password_reset(
 }
 
 /// Request for migrating an account from password to key connector.
+#[derive(Serialize, Deserialize, Debug, JsonSchema)]
+#[serde(rename_all = "camelCase", deny_unknown_fields)]
 #[cfg_attr(feature = "uniffi", derive(uniffi::Record))]
+#[cfg_attr(feature = "wasm", derive(Tsify), tsify(into_wasm_abi, from_wasm_abi))]
 pub struct DeriveKeyConnectorRequest {
     /// Encrypted user key, used to validate the master key
     pub user_key_encrypted: EncString,
@@ -421,6 +430,7 @@ pub struct DeriveKeyConnectorRequest {
 }
 
 #[allow(missing_docs)]
+#[bitwarden_error(flat)]
 #[derive(Debug, thiserror::Error)]
 pub enum DeriveKeyConnectorError {
     #[error(transparent)]

crates/bitwarden-core/src/mobile/crypto.rs renamed to crates/bitwarden-core/src/key_management/crypto.rs

@@ -1,25 +1,29 @@
 use bitwarden_crypto::CryptoError;
 #[cfg(feature = "internal")]
 use bitwarden_crypto::{EncString, UnsignedSharedKey};
+#[cfg(feature = "wasm")]
+use wasm_bindgen::prelude::*;
 
 use super::crypto::{
-    derive_key_connector, make_key_pair, verify_asymmetric_keys, DeriveKeyConnectorError,
-    DeriveKeyConnectorRequest, EnrollAdminPasswordResetError, MakeKeyPairResponse,
-    MobileCryptoError, VerifyAsymmetricKeysRequest, VerifyAsymmetricKeysResponse,
+    derive_key_connector, make_key_pair, verify_asymmetric_keys, CryptoClientError,
+    DeriveKeyConnectorError, DeriveKeyConnectorRequest, EnrollAdminPasswordResetError,
+    MakeKeyPairResponse, VerifyAsymmetricKeysRequest, VerifyAsymmetricKeysResponse,
 };
 #[cfg(feature = "internal")]
-use crate::mobile::crypto::{
+use crate::key_management::crypto::{
     derive_pin_key, derive_pin_user_key, enroll_admin_password_reset, get_user_encryption_key,
     initialize_org_crypto, initialize_user_crypto, update_password, DerivePinKeyResponse,
     InitOrgCryptoRequest, InitUserCryptoRequest, UpdatePasswordResponse,
 };
 use crate::{client::encryption_settings::EncryptionSettingsError, Client};
 
 /// A client for the crypto operations.
+#[cfg_attr(feature = "wasm", wasm_bindgen)]
 pub struct CryptoClient {
     pub(crate) client: crate::Client,
 }
 
+#[cfg_attr(feature = "wasm", wasm_bindgen)]
 impl CryptoClient {
     /// Initialization method for the user crypto. Needs to be called before any other crypto
     /// operations.
@@ -39,9 +43,27 @@ impl CryptoClient {
         initialize_org_crypto(&self.client, req).await
     }
 
+    /// Generates a new key pair and encrypts the private key with the provided user key.
+    /// Crypto initialization not required.
+    pub fn make_key_pair(&self, user_key: String) -> Result<MakeKeyPairResponse, CryptoError> {
+        make_key_pair(user_key)
+    }
+
+    /// Verifies a user's asymmetric keys by decrypting the private key with the provided user
+    /// key. Returns if the private key is decryptable and if it is a valid matching key.
+    /// Crypto initialization not required.
+    pub fn verify_asymmetric_keys(
+        &self,
+        request: VerifyAsymmetricKeysRequest,
+    ) -> Result<VerifyAsymmetricKeysResponse, CryptoError> {
+        verify_asymmetric_keys(request)
+    }
+}
+
+impl CryptoClient {
     /// Get the uses's decrypted encryption key. Note: It's very important
     /// to keep this key safe, as it can be used to decrypt all of the user's data
-    pub async fn get_user_encryption_key(&self) -> Result<String, MobileCryptoError> {
+    pub async fn get_user_encryption_key(&self) -> Result<String, CryptoClientError> {
         get_user_encryption_key(&self.client).await
     }
 
@@ -50,14 +72,14 @@ impl CryptoClient {
     pub fn update_password(
         &self,
         new_password: String,
-    ) -> Result<UpdatePasswordResponse, MobileCryptoError> {
+    ) -> Result<UpdatePasswordResponse, CryptoClientError> {
         update_password(&self.client, new_password)
     }
 
     /// Generates a PIN protected user key from the provided PIN. The result can be stored and later
     /// used to initialize another client instance by using the PIN and the PIN key with
     /// `initialize_user_crypto`.
-    pub fn derive_pin_key(&self, pin: String) -> Result<DerivePinKeyResponse, MobileCryptoError> {
+    pub fn derive_pin_key(&self, pin: String) -> Result<DerivePinKeyResponse, CryptoClientError> {
         derive_pin_key(&self.client, pin)
     }
 
@@ -66,7 +88,7 @@ impl CryptoClient {
     pub fn derive_pin_user_key(
         &self,
         encrypted_pin: EncString,
-    ) -> Result<EncString, MobileCryptoError> {
+    ) -> Result<EncString, CryptoClientError> {
         derive_pin_user_key(&self.client, encrypted_pin)
     }
 
@@ -86,21 +108,6 @@ impl CryptoClient {
     ) -> Result<String, DeriveKeyConnectorError> {
         derive_key_connector(request)
     }
-
-    /// Generates a new key pair and encrypts the private key with the provided user key.
-    pub fn make_key_pair(&self, user_key: String) -> Result<MakeKeyPairResponse, CryptoError> {
-        make_key_pair(user_key)
-    }
-
-    /// Verifies a user's asymmetric keys by decrypting the private key with the provided user
-    /// key. Returns if the private key is decryptable and if it is a valid matching key.
-    /// Crypto initialization not required.
-    pub fn verify_asymmetric_keys(
-        &self,
-        request: VerifyAsymmetricKeysRequest,
-    ) -> Result<VerifyAsymmetricKeysResponse, CryptoError> {
-        verify_asymmetric_keys(request)
-    }
 }
 
 impl Client {

crates/bitwarden-core/src/mobile/crypto_client.rs renamed to crates/bitwarden-core/src/key_management/crypto_client.rs

@@ -9,6 +9,11 @@
 //!   [Encryptable](bitwarden_crypto::Encryptable) and [Decryptable](bitwarden_crypto::Encryptable).
 use bitwarden_crypto::{key_ids, KeyStore, SymmetricCryptoKey};
 
+pub mod crypto;
+mod crypto_client;
+
+pub use crypto_client::CryptoClient;
+
 key_ids! {
     #[symmetric]
     pub enum SymmetricKeyId {

crates/bitwarden-core/src/key_management/mod.rs

@@ -3,11 +3,8 @@
 //! This module consists of stop-gap functionality for the mobile clients until the SDK owns it's
 //! own state.
 
-pub mod crypto;
 mod kdf;
 
 mod client_kdf;
-mod crypto_client;
 
 pub use client_kdf::KdfClient;
-pub use crypto_client::CryptoClient;

crates/bitwarden-core/src/mobile/mod.rs

@@ -7,7 +7,7 @@ async fn test_register_initialize_crypto() {
     use std::num::NonZeroU32;
 
     use bitwarden_core::{
-        mobile::crypto::{InitUserCryptoMethod, InitUserCryptoRequest},
+        key_management::crypto::{InitUserCryptoMethod, InitUserCryptoRequest},
         Client,
     };
     use bitwarden_crypto::Kdf;