Undo use of macro (#544)

## 🎟️ Tracking

<!-- Paste the link to the Jira or GitHub issue or otherwise describe /
point to where this change is coming from. -->

## 📔 Objective

By consensus the macro did not improve readability, and so we are
undoing it.

## ⏰ Reminders before review

- Contributor guidelines followed
- All formatters and local linters executed and passed
- Written new unit and / or integration tests where applicable
- Protected functional changes with optionality (feature flags)
- Used internationalization (i18n) for all UI strings
- CI builds passed
- Communicated to DevOps any deployment requirements
- Updated any necessary documentation (Confluence, contributing docs) or
informed the documentation
  team

## 🦮 Reviewer guidelines

<!-- Suggested interactions but feel free to use (or not) as you desire!
-->

- 👍 (`:+1:`) or similar for great changes
- 📝 (`:memo:`) or ℹ️ (`:information_source:`) for notes or general info
- ❓ (`:question:`) for questions
- 🤔 (`:thinking:`) or 💭 (`:thought_balloon:`) for more open inquiry
that's not quite a confirmed
  issue and could potentially benefit from discussion
- 🎨 (`:art:`) for suggestions / improvements
- ❌ (`:x:`) or ⚠️ (`:warning:`) for more significant problems or
concerns needing attention
- 🌱 (`:seedling:`) or ♻️ (`:recycle:`) for future improvements or
indications of technical debt
- ⛏ (`:pick:`) for minor or nitpick changes

Author: quexten

crates/bitwarden-crypto/src/enc_string/symmetric.rs

@@ -7,7 +7,7 @@ use serde::Deserialize;
 use super::{check_length, from_b64, from_b64_vec, split_enc_string};
 use crate::{
     Aes256CbcHmacKey, ContentFormat, CoseEncrypt0Bytes, KeyDecryptable, KeyEncryptable,
-    KeyEncryptableWithContentType, SymmetricCryptoKey, Utf8Bytes, XChaCha20Poly1305Key, ensure,
+    KeyEncryptableWithContentType, SymmetricCryptoKey, Utf8Bytes, XChaCha20Poly1305Key,
     error::{CryptoError, EncStringParseError, Result, UnsupportedOperationError},
 };
 
@@ -293,12 +293,12 @@ impl KeyEncryptableWithContentType<SymmetricCryptoKey, EncString> for &[u8] {
         match key {
             SymmetricCryptoKey::Aes256CbcHmacKey(key) => EncString::encrypt_aes256_hmac(self, key),
             SymmetricCryptoKey::XChaCha20Poly1305Key(inner_key) => {
-                ensure!(
-                    inner_key
-                        .supported_operations
-                        .contains(&KeyOperation::Encrypt) =>
-                    CryptoError::KeyOperationNotSupported(KeyOperation::Encrypt)
-                );
+                if !inner_key
+                    .supported_operations
+                    .contains(&KeyOperation::Encrypt)
+                {
+                    return Err(CryptoError::KeyOperationNotSupported(KeyOperation::Encrypt));
+                }
                 EncString::encrypt_xchacha20_poly1305(self, inner_key, content_format)
             }
             SymmetricCryptoKey::Aes256CbcKey(_) => Err(CryptoError::OperationNotSupported(

crates/bitwarden-crypto/src/ensure.rs

@@ -35,7 +35,6 @@ pub use store::{
     KeyStore, KeyStoreContext, RotatedUserKeys, dangerous_get_v2_rotated_account_keys,
 };
 mod cose;
-mod ensure;
 pub(crate) use cose::CONTENT_TYPE_PADDED_CBOR;
 pub use cose::CoseSerializable;
 pub mod safe;

crates/bitwarden-crypto/src/lib.rs

@@ -13,7 +13,6 @@ use crate::{
     CONTENT_TYPE_PADDED_CBOR, CoseEncrypt0Bytes, CryptoError, EncString, EncodingError, KeyIds,
     SerializedMessage, SymmetricCryptoKey, XChaCha20Poly1305Key,
     cose::{DATA_ENVELOPE_NAMESPACE, XCHACHA20_POLY1305},
-    ensure_equal, ensure_matches,
     safe::DataEnvelopeNamespace,
     utils::pad_bytes,
     xchacha20,
@@ -109,7 +108,10 @@ impl DataEnvelope {
         // Serialize the message
         let serialized_message =
             SerializedMessage::encode(&data).map_err(|_| DataEnvelopeError::EncodingError)?;
-        ensure_equal!(serialized_message.content_type(), coset::iana::CoapContentFormat::Cbor => DataEnvelopeError::UnsupportedContentFormat);
+        if serialized_message.content_type() != coset::iana::CoapContentFormat::Cbor {
+            return Err(DataEnvelopeError::UnsupportedContentFormat);
+        }
+
         let serialized_and_padded_message = pad_cbor(serialized_message.as_bytes())
             .map_err(|_| DataEnvelopeError::EncodingError)?;
 
@@ -204,10 +206,21 @@ impl DataEnvelope {
             content_format(&msg.protected).map_err(|_| DataEnvelopeError::DecodingError)?;
 
         // Validate the message
-        ensure_matches!(msg.protected.header.alg, Some(coset::Algorithm::PrivateUse(XCHACHA20_POLY1305)) => DataEnvelopeError::DecryptionError);
-        ensure_equal!(msg.protected.header.key_id, cek.key_id => DataEnvelopeError::WrongKey);
-        ensure_equal!(envelope_namespace, *namespace => DataEnvelopeError::InvalidNamespace);
-        ensure_equal!(content_format, CONTENT_TYPE_PADDED_CBOR => DataEnvelopeError::UnsupportedContentFormat);
+        if !matches!(
+            msg.protected.header.alg,
+            Some(coset::Algorithm::PrivateUse(XCHACHA20_POLY1305)),
+        ) {
+            return Err(DataEnvelopeError::DecryptionError);
+        }
+        if msg.protected.header.key_id != cek.key_id {
+            return Err(DataEnvelopeError::WrongKey);
+        }
+        if envelope_namespace != *namespace {
+            return Err(DataEnvelopeError::InvalidNamespace);
+        }
+        if content_format != CONTENT_TYPE_PADDED_CBOR {
+            return Err(DataEnvelopeError::UnsupportedContentFormat);
+        }
 
         // Decrypt the message
         let decrypted_message = msg

crates/bitwarden-crypto/src/safe/data_envelope.rs

@@ -12,7 +12,7 @@ use crate::{
     AsymmetricCryptoKey, BitwardenLegacyKeyBytes, ContentFormat, CoseEncrypt0Bytes, CryptoError,
     EncString, KeyId, KeyIds, LocalId, PublicKeyEncryptionAlgorithm, Result, RotatedUserKeys,
     Signature, SignatureAlgorithm, SignedObject, SignedPublicKey, SignedPublicKeyMessage,
-    SigningKey, SymmetricCryptoKey, UnsignedSharedKey, derive_shareable_key, ensure,
+    SigningKey, SymmetricCryptoKey, UnsignedSharedKey, derive_shareable_key,
     error::UnsupportedOperationError, signing, store::backend::StoreBackend,
 };
 
@@ -542,9 +542,9 @@ impl<Ids: KeyIds> KeyStoreContext<'_, Ids> {
             )),
             SymmetricCryptoKey::Aes256CbcHmacKey(key) => EncString::encrypt_aes256_hmac(data, key),
             SymmetricCryptoKey::XChaCha20Poly1305Key(key) => {
-                ensure!(
-                    key.supported_operations.contains(&KeyOperation::Encrypt) => CryptoError::KeyOperationNotSupported(KeyOperation::Encrypt)
-                );
+                if !key.supported_operations.contains(&KeyOperation::Encrypt) {
+                    return Err(CryptoError::KeyOperationNotSupported(KeyOperation::Encrypt));
+                }
                 EncString::encrypt_xchacha20_poly1305(data, key, content_format)
             }
         }