[PM-5693] KeyStore implementation (#7)

## 🎟️ Tracking

https://bitwarden.atlassian.net/browse/PM-5693

## 📔 Objective

Migrated from bitwarden/sdk-sm#979

I've been looking into using `memfd_secret` to protect keys in memory on
Linux.

The `memfd_secret` API is similar to malloc in that we get some memory
range allocated for us, but this memory is only visible to the process
that has access to the file descriptor, which should protect us from any
memory dumping from anything other than a kernel driver.

https://man.archlinux.org/man/memfd_secret.2.en

Using this requires changing how we store keys, so this is the perfect
moment to go through removing the raw keys from the API surface.

## Changes
- Added a `KeyRef` trait and `SymmetricKeyRef`/`AsymmetricKeyRef`
subtraits to represent the key types. Also a small macro to quickly
implement them. `KeyRef` implementations are user defined types that
implements `Eq+Hash+Copy`, and don't contain any key material
- `KeyEncryptable/KeyDecryptable` are now `Decryptable/Encryptable`, and
instead of taking the key as parameter, they take a
`CryptoServiceContext` and a `KeyRef`. This way keys are never exposed
to the clients.
- `KeyLocator` trait is replaced by `UsesKey`. This trait only returns
the `KeyRef` of the key required to decrypt it, instead of fetching the
key itself.
- Created a `KeyStore` trait, with some simple CRUD methods. We have two
implementations, one based on `memfd_secret` for Linux, and another one
based on a Rust boxed slice, that also applies `mlock` if possible.
- Because both `mlock` and `memfd_secret` apply their protection over a
specified memory area, we need a Rust data structure that is laid out
linearly and also doesn't reallocate by itself. Also because
`memfd_secret` allocates the memory for us, we can't use a std type like
Vec (reason is the Vec must be allocated by the Rust allocator
[[ref](https://doc.rust-lang.org/std/vec/struct.Vec.html#method.from_raw_parts)]).
This basically only leaves us with a Rust slice, on top of which we'd
need to implement insert/get/delete. To allow for reuse and easier
testing I've created `SliceKeyStore`, which implements the CRUD methods
from the `KeyStore` trait on top of a plain slice. Then the actual
`mlock` and `memfd_secret` implementations just need to implement a
trait casting their data to a slice. The data is stored as a slice of
`Option<(KeyRef, KeyMaterial)>`, and the keys are unique and sorted in
the slice for easier lookups.
- Created `CryptoService`, which contains the `KeyStore`s and some
encrypt/decrypt utility functions. From a `CryptoService` you can also
initialize a `CryptoServiceContext`
- A `CryptoServiceContext` contains a read only view of the keys inside
the `CryptoService`, plus a read-write ephemeral key store, for use by
`Decryptable/Encryptable` implementations when they need to temporarily
store some keys (Cipher keys, attachment keys, send keys...).


Migrated the codebase to use these changes in a separate PR:
bitwarden/sdk-sm#1117

## 📸 Screenshots

<!-- Required for any UI changes; delete if not applicable. Use fixed
width images for better display. -->

## ⏰ Reminders before review

- Contributor guidelines followed
- All formatters and local linters executed and passed
- Written new unit and / or integration tests where applicable
- Protected functional changes with optionality (feature flags)
- Used internationalization (i18n) for all UI strings
- CI builds passed
- Communicated to DevOps any deployment requirements
- Updated any necessary documentation (Confluence, contributing docs) or
informed the documentation
  team

## 🦮 Reviewer guidelines

<!-- Suggested interactions but feel free to use (or not) as you desire!
-->

- 👍 (`:+1:`) or similar for great changes
- 📝 (`:memo:`) or ℹ️ (`:information_source:`) for notes or general info
- ❓ (`:question:`) for questions
- 🤔 (`:thinking:`) or 💭 (`:thought_balloon:`) for more open inquiry
that's not quite a confirmed
  issue and could potentially benefit from discussion
- 🎨 (`:art:`) for suggestions / improvements
- ❌ (`:x:`) or ⚠️ (`:warning:`) for more significant problems or
concerns needing attention
- 🌱 (`:seedling:`) or ♻️ (`:recycle:`) for future improvements or
indications of technical debt
- ⛏ (`:pick:`) for minor or nitpick changes

Author: dani-garcia

crates/bitwarden-crypto/src/error.rs

@@ -23,6 +23,10 @@ pub enum CryptoError {
     MissingKey(Uuid),
     #[error("The item was missing a required field: {0}")]
     MissingField(&'static str),
+    #[error("Missing Key for Id: {0}")]
+    MissingKeyId(String),
+    #[error("Crypto store is read-only")]
+    ReadOnlyKeyStore,
 
     #[error("Insufficient KDF parameters")]
     InsufficientKdfParameters,

crates/bitwarden-crypto/src/lib.rs

@@ -80,6 +80,10 @@ mod util;
 pub use util::{generate_random_alphanumeric, generate_random_bytes, pbkdf2};
 mod wordlist;
 pub use wordlist::EFF_LONG_WORD_LIST;
+mod store;
+pub use store::{KeyStore, KeyStoreContext};
+mod traits;
+pub use traits::{Decryptable, Encryptable, IdentifyKey, KeyId, KeyIds};
 pub use zeroizing_alloc::ZeroAlloc as ZeroizingAllocator;
 
 #[cfg(feature = "uniffi")]

crates/bitwarden-crypto/src/store/backend/implementation/basic.rs

@@ -0,0 +1,49 @@
+use zeroize::ZeroizeOnDrop;
+
+use crate::{store::backend::StoreBackend, KeyId};
+
+/// This is a basic key store backend that stores keys in a HashMap memory.
+/// No protections are provided for the keys stored in this backend, beyond enforcing
+/// zeroization on drop.
+pub(crate) struct BasicBackend<Key: KeyId> {
+    keys: std::collections::HashMap<Key, Key::KeyValue>,
+}
+
+impl<Key: KeyId> BasicBackend<Key> {
+    pub fn new() -> Self {
+        Self {
+            keys: std::collections::HashMap::new(),
+        }
+    }
+}
+
+impl<Key: KeyId> StoreBackend<Key> for BasicBackend<Key> {
+    fn upsert(&mut self, key_id: Key, key: <Key as KeyId>::KeyValue) {
+        self.keys.insert(key_id, key);
+    }
+
+    fn get(&self, key_id: Key) -> Option<&<Key as KeyId>::KeyValue> {
+        self.keys.get(&key_id)
+    }
+
+    fn remove(&mut self, key_id: Key) {
+        self.keys.remove(&key_id);
+    }
+
+    fn clear(&mut self) {
+        self.keys.clear();
+    }
+
+    fn retain(&mut self, f: fn(Key) -> bool) {
+        self.keys.retain(|k, _| f(*k));
+    }
+}
+
+/// [KeyId::KeyValue] already implements [ZeroizeOnDrop],
+/// so we only need to ensure the map is cleared on drop.
+impl<Key: KeyId> ZeroizeOnDrop for BasicBackend<Key> {}
+impl<Key: KeyId> Drop for BasicBackend<Key> {
+    fn drop(&mut self) {
+        self.clear();
+    }
+}

crates/bitwarden-crypto/src/store/backend/implementation/mod.rs

@@ -0,0 +1,28 @@
+use super::StoreBackend;
+use crate::store::KeyId;
+
+mod basic;
+
+/// Initializes a key store backend with the best available implementation for the current platform
+pub fn create_store<Key: KeyId>() -> Box<dyn StoreBackend<Key>> {
+    Box::new(basic::BasicBackend::<Key>::new())
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use crate::{traits::tests::TestSymmKey, SymmetricCryptoKey};
+
+    #[test]
+    fn test_creates_a_valid_store() {
+        let mut store = create_store::<TestSymmKey>();
+
+        let key = SymmetricCryptoKey::generate(rand::thread_rng());
+        store.upsert(TestSymmKey::A(0), key.clone());
+
+        assert_eq!(
+            store.get(TestSymmKey::A(0)).unwrap().to_base64(),
+            key.to_base64()
+        );
+    }
+}

crates/bitwarden-crypto/src/store/backend/mod.rs

@@ -0,0 +1,38 @@
+use zeroize::ZeroizeOnDrop;
+
+use crate::store::KeyId;
+
+mod implementation;
+
+pub use implementation::create_store;
+
+/// This trait represents a platform that can store and return keys. If possible,
+/// it will try to enable as many security protections on the keys as it can.
+/// The keys themselves implement [ZeroizeOnDrop], so the store will only need to make sure
+/// that the keys are dropped when they are no longer needed.
+///
+/// The default implementation is a basic in-memory store that does not provide any security
+/// guarantees.
+///
+/// We have other implementations in testing using `mlock` and `memfd_secret` for protecting keys in
+/// memory.
+///
+/// Other implementations could use secure enclaves, HSMs or OS provided keychains.
+pub trait StoreBackend<Key: KeyId>: ZeroizeOnDrop + Send + Sync {
+    /// Inserts a key into the store. If the key already exists, it will be replaced.
+    fn upsert(&mut self, key_id: Key, key: Key::KeyValue);
+
+    /// Retrieves a key from the store.
+    fn get(&self, key_id: Key) -> Option<&Key::KeyValue>;
+
+    #[allow(unused)]
+    /// Removes a key from the store.
+    fn remove(&mut self, key_id: Key);
+
+    /// Removes all keys from the store.
+    fn clear(&mut self);
+
+    /// Retains only the elements specified by the predicate.
+    /// In other words, remove all keys for which `f` returns false.
+    fn retain(&mut self, f: fn(Key) -> bool);
+}