[PM-17905] Add Encrypt / Decrypt errors to vault crate (#137)

## 🎟️ Tracking

<!-- Paste the link to the Jira or GitHub issue or otherwise describe /
point to where this change is coming from. -->

https://bitwarden.atlassian.net/browse/PM-17905

## 📔 Objective

<!-- Describe what the purpose of this PR is, for example what bug
you're fixing or new feature you're adding. -->

We want to deprecate the core error enum.

## ⏰ Reminders before review

- Contributor guidelines followed
- All formatters and local linters executed and passed
- Written new unit and / or integration tests where applicable
- Protected functional changes with optionality (feature flags)
- Used internationalization (i18n) for all UI strings
- CI builds passed
- Communicated to DevOps any deployment requirements
- Updated any necessary documentation (Confluence, contributing docs) or
informed the documentation
  team

## 🦮 Reviewer guidelines

<!-- Suggested interactions but feel free to use (or not) as you desire!
-->

- 👍 (`:+1:`) or similar for great changes
- 📝 (`:memo:`) or ℹ️ (`:information_source:`) for notes or general info
- ❓ (`:question:`) for questions
- 🤔 (`:thinking:`) or 💭 (`:thought_balloon:`) for more open inquiry
that's not quite a confirmed
  issue and could potentially benefit from discussion
- 🎨 (`:art:`) for suggestions / improvements
- ❌ (`:x:`) or ⚠️ (`:warning:`) for more significant problems or
concerns needing attention
- 🌱 (`:seedling:`) or ♻️ (`:recycle:`) for future improvements or
indications of technical debt
- ⛏ (`:pick:`) for minor or nitpick changes

Author: Hinton

crates/bitwarden-fido/src/authenticator.rs

@@ -33,7 +33,7 @@ pub enum GetSelectedCredentialError {
     #[error(transparent)]
     VaultLocked(#[from] VaultLocked),
     #[error(transparent)]
-    CipherError(#[from] CipherError),
+    CryptoError(#[from] CryptoError),
 }
 
 #[derive(Debug, Error)]

crates/bitwarden-fido/src/types.rs

@@ -1,8 +1,8 @@
 use std::borrow::Cow;
 
 use base64::{engine::general_purpose::URL_SAFE_NO_PAD, Engine};
-use bitwarden_crypto::KeyContainer;
-use bitwarden_vault::{CipherError, CipherView};
+use bitwarden_crypto::{CryptoError, KeyContainer};
+use bitwarden_vault::CipherView;
 use passkey::types::webauthn::UserVerificationRequirement;
 use reqwest::Url;
 use schemars::JsonSchema;
@@ -56,7 +56,7 @@ pub enum Fido2CredentialAutofillViewError {
     InvalidGuid(#[from] InvalidGuid),
 
     #[error(transparent)]
-    CipherError(#[from] CipherError),
+    CryptoError(#[from] CryptoError),
 
     #[error(transparent)]
     Base64DecodeError(#[from] base64::DecodeError),

crates/bitwarden-uniffi/src/error.rs

@@ -59,6 +59,14 @@ pub enum Error {
     Cipher(#[from] bitwarden_vault::CipherError),
     #[error(transparent)]
     Totp(#[from] bitwarden_vault::TotpError),
+    #[error(transparent)]
+    Decrypt(#[from] bitwarden_vault::DecryptError),
+    #[error(transparent)]
+    DecryptFile(#[from] bitwarden_vault::DecryptFileError),
+    #[error(transparent)]
+    Encrypt(#[from] bitwarden_vault::EncryptError),
+    #[error(transparent)]
+    EncryptFile(#[from] bitwarden_vault::EncryptFileError),
 
     #[error(transparent)]
     Export(#[from] ExportError),

crates/bitwarden-uniffi/src/vault/attachments.rs

@@ -4,7 +4,7 @@ use bitwarden_vault::{
     Attachment, AttachmentEncryptResult, AttachmentView, Cipher, VaultClientExt,
 };
 
-use crate::{Client, Result};
+use crate::{error::Error, Client, Result};
 
 #[derive(uniffi::Object)]
 pub struct ClientAttachments(pub Arc<Client>);
@@ -23,7 +23,8 @@ impl ClientAttachments {
              .0
             .vault()
             .attachments()
-            .encrypt_buffer(cipher, attachment, &buffer)?)
+            .encrypt_buffer(cipher, attachment, &buffer)
+            .map_err(Error::Encrypt)?)
     }
 
     /// Encrypt an attachment file located in the file system
@@ -34,12 +35,18 @@ impl ClientAttachments {
         decrypted_file_path: String,
         encrypted_file_path: String,
     ) -> Result<Attachment> {
-        Ok(self.0 .0.vault().attachments().encrypt_file(
-            cipher,
-            attachment,
-            Path::new(&decrypted_file_path),
-            Path::new(&encrypted_file_path),
-        )?)
+        Ok(self
+            .0
+             .0
+            .vault()
+            .attachments()
+            .encrypt_file(
+                cipher,
+                attachment,
+                Path::new(&decrypted_file_path),
+                Path::new(&encrypted_file_path),
+            )
+            .map_err(Error::EncryptFile)?)
     }
     /// Decrypt an attachment file in memory
     pub fn decrypt_buffer(
@@ -53,7 +60,8 @@ impl ClientAttachments {
              .0
             .vault()
             .attachments()
-            .decrypt_buffer(cipher, attachment, &buffer)?)
+            .decrypt_buffer(cipher, attachment, &buffer)
+            .map_err(Error::Decrypt)?)
     }
 
     /// Decrypt an attachment file located in the file system
@@ -64,11 +72,17 @@ impl ClientAttachments {
         encrypted_file_path: String,
         decrypted_file_path: String,
     ) -> Result<()> {
-        Ok(self.0 .0.vault().attachments().decrypt_file(
-            cipher,
-            attachment,
-            Path::new(&encrypted_file_path),
-            Path::new(&decrypted_file_path),
-        )?)
+        Ok(self
+            .0
+             .0
+            .vault()
+            .attachments()
+            .decrypt_file(
+                cipher,
+                attachment,
+                Path::new(&encrypted_file_path),
+                Path::new(&decrypted_file_path),
+            )
+            .map_err(Error::DecryptFile)?)
     }
 }

crates/bitwarden-uniffi/src/vault/ciphers.rs

@@ -12,17 +12,35 @@ pub struct ClientCiphers(pub Arc<Client>);
 impl ClientCiphers {
     /// Encrypt cipher
     pub fn encrypt(&self, cipher_view: CipherView) -> Result<Cipher> {
-        Ok(self.0 .0.vault().ciphers().encrypt(cipher_view)?)
+        Ok(self
+            .0
+             .0
+            .vault()
+            .ciphers()
+            .encrypt(cipher_view)
+            .map_err(Error::Encrypt)?)
     }
 
     /// Decrypt cipher
     pub fn decrypt(&self, cipher: Cipher) -> Result<CipherView> {
-        Ok(self.0 .0.vault().ciphers().decrypt(cipher)?)
+        Ok(self
+            .0
+             .0
+            .vault()
+            .ciphers()
+            .decrypt(cipher)
+            .map_err(Error::Decrypt)?)
     }
 
     /// Decrypt cipher list
     pub fn decrypt_list(&self, ciphers: Vec<Cipher>) -> Result<Vec<CipherListView>> {
-        Ok(self.0 .0.vault().ciphers().decrypt_list(ciphers)?)
+        Ok(self
+            .0
+             .0
+            .vault()
+            .ciphers()
+            .decrypt_list(ciphers)
+            .map_err(Error::Decrypt)?)
     }
 
     pub fn decrypt_fido2_credentials(
@@ -34,7 +52,8 @@ impl ClientCiphers {
              .0
             .vault()
             .ciphers()
-            .decrypt_fido2_credentials(cipher_view)?)
+            .decrypt_fido2_credentials(cipher_view)
+            .map_err(Error::Decrypt)?)
     }
 
     /// Move a cipher to an organization, reencrypting the cipher key if necessary

crates/bitwarden-uniffi/src/vault/collections.rs

@@ -2,7 +2,7 @@ use std::sync::Arc;
 
 use bitwarden_vault::{Collection, CollectionView, VaultClientExt};
 
-use crate::{Client, Result};
+use crate::{error::Error, Client, Result};
 
 #[derive(uniffi::Object)]
 pub struct ClientCollections(pub Arc<Client>);
@@ -11,11 +11,23 @@ pub struct ClientCollections(pub Arc<Client>);
 impl ClientCollections {
     /// Decrypt collection
     pub fn decrypt(&self, collection: Collection) -> Result<CollectionView> {
-        Ok(self.0 .0.vault().collections().decrypt(collection)?)
+        Ok(self
+            .0
+             .0
+            .vault()
+            .collections()
+            .decrypt(collection)
+            .map_err(Error::Decrypt)?)
     }
 
     /// Decrypt collection list
     pub fn decrypt_list(&self, collections: Vec<Collection>) -> Result<Vec<CollectionView>> {
-        Ok(self.0 .0.vault().collections().decrypt_list(collections)?)
+        Ok(self
+            .0
+             .0
+            .vault()
+            .collections()
+            .decrypt_list(collections)
+            .map_err(Error::Decrypt)?)
     }
 }

crates/bitwarden-uniffi/src/vault/folders.rs

@@ -2,7 +2,7 @@ use std::sync::Arc;
 
 use bitwarden_vault::{Folder, FolderView, VaultClientExt};
 
-use crate::{Client, Result};
+use crate::{error::Error, Client, Result};
 
 #[derive(uniffi::Object)]
 pub struct ClientFolders(pub Arc<Client>);
@@ -11,16 +11,34 @@ pub struct ClientFolders(pub Arc<Client>);
 impl ClientFolders {
     /// Encrypt folder
     pub fn encrypt(&self, folder: FolderView) -> Result<Folder> {
-        Ok(self.0 .0.vault().folders().encrypt(folder)?)
+        Ok(self
+            .0
+             .0
+            .vault()
+            .folders()
+            .encrypt(folder)
+            .map_err(Error::Encrypt)?)
     }
 
     /// Decrypt folder
     pub fn decrypt(&self, folder: Folder) -> Result<FolderView> {
-        Ok(self.0 .0.vault().folders().decrypt(folder)?)
+        Ok(self
+            .0
+             .0
+            .vault()
+            .folders()
+            .decrypt(folder)
+            .map_err(Error::Decrypt)?)
     }
 
     /// Decrypt folder list
     pub fn decrypt_list(&self, folders: Vec<Folder>) -> Result<Vec<FolderView>> {
-        Ok(self.0 .0.vault().folders().decrypt_list(folders)?)
+        Ok(self
+            .0
+             .0
+            .vault()
+            .folders()
+            .decrypt_list(folders)
+            .map_err(Error::Decrypt)?)
     }
 }

crates/bitwarden-uniffi/src/vault/password_history.rs

@@ -2,7 +2,7 @@ use std::sync::Arc;
 
 use bitwarden_vault::{PasswordHistory, PasswordHistoryView, VaultClientExt};
 
-use crate::{Client, Result};
+use crate::{error::Error, Client, Result};
 
 #[derive(uniffi::Object)]
 pub struct ClientPasswordHistory(pub Arc<Client>);
@@ -16,11 +16,18 @@ impl ClientPasswordHistory {
              .0
             .vault()
             .password_history()
-            .encrypt(password_history)?)
+            .encrypt(password_history)
+            .map_err(Error::Encrypt)?)
     }
 
     /// Decrypt password history
     pub fn decrypt_list(&self, list: Vec<PasswordHistory>) -> Result<Vec<PasswordHistoryView>> {
-        Ok(self.0 .0.vault().password_history().decrypt_list(list)?)
+        Ok(self
+            .0
+             .0
+            .vault()
+            .password_history()
+            .decrypt_list(list)
+            .map_err(Error::Decrypt)?)
     }
 }

crates/bitwarden-vault/src/cipher/cipher.rs

@@ -453,7 +453,7 @@ impl CipherView {
     pub fn decrypt_fido2_credentials(
         &self,
         enc: &dyn KeyContainer,
-    ) -> Result<Vec<Fido2CredentialView>, CipherError> {
+    ) -> Result<Vec<Fido2CredentialView>, CryptoError> {
         let key = self.locate_key(enc, &None)?;
         let cipher_key = Cipher::get_cipher_key(key, &self.key)?;
 

crates/bitwarden-vault/src/error.rs

@@ -1,5 +1,26 @@
+use bitwarden_error::bitwarden_error;
 use thiserror::Error;
 
+/// Generic error type for vault encryption errors.
+#[bitwarden_error(flat)]
+#[derive(Debug, Error)]
+pub enum EncryptError {
+    #[error(transparent)]
+    Crypto(#[from] bitwarden_crypto::CryptoError),
+    #[error(transparent)]
+    VaultLocked(#[from] bitwarden_core::VaultLocked),
+}
+
+/// Generic error type for decryption errors
+#[bitwarden_error(flat)]
+#[derive(Debug, Error)]
+pub enum DecryptError {
+    #[error(transparent)]
+    Crypto(#[from] bitwarden_crypto::CryptoError),
+    #[error(transparent)]
+    VaultLocked(#[from] bitwarden_core::VaultLocked),
+}
+
 #[derive(Debug, Error)]
 pub enum VaultParseError {
     #[error(transparent)]

crates/bitwarden-vault/src/lib.rs

@@ -18,10 +18,11 @@ pub use totp::{
     generate_totp, generate_totp_cipher_view, Totp, TotpAlgorithm, TotpError, TotpResponse,
 };
 mod error;
-pub use error::VaultParseError;
+pub use error::{DecryptError, EncryptError, VaultParseError};
 mod vault_client;
 pub use vault_client::{VaultClient, VaultClientExt};
 mod mobile;
+pub use mobile::attachment_client::{DecryptFileError, EncryptFileError};
 mod sync;
 mod totp_client;
 pub use sync::{SyncRequest, SyncResponse};