[POC|PM-28135] Add crypto tracing logs

Cargo.toml

@@ -76,6 +76,13 @@ serde-wasm-bindgen = ">=0.6.0, <0.7"
 subtle = ">=2.5.0, <3.0"
 syn = ">=2.0.87, <3"
 thiserror = ">=1.0.40, <3"
+tracing = { version = "0.1.41", features = ["release_max_level_info"] }
+tracing-subscriber = { version = "0.3.20", features = [
+    "fmt",
+    "env-filter",
+    "tracing-log",
+    "time",
+] }
 tokio = { version = "1.36.0", features = ["macros"] }
 tsify = { version = ">=0.5.5, <0.6", features = [
     "js",

crates/bitwarden-core/Cargo.toml

@@ -59,6 +59,7 @@ serde_json = { workspace = true }
 serde_qs = { workspace = true }
 serde_repr = { workspace = true }
 thiserror = { workspace = true }
+tracing = { workspace = true }
 tsify = { workspace = true, optional = true }
 uniffi = { workspace = true, optional = true, features = ["tokio"] }
 uuid = { workspace = true }

crates/bitwarden-core/src/client/encryption_settings.rs

@@ -9,9 +9,9 @@ use bitwarden_crypto::{
 #[cfg(any(feature = "internal", feature = "secrets"))]
 use bitwarden_crypto::{KeyStore, SymmetricCryptoKey};
 use bitwarden_error::bitwarden_error;
-#[cfg(feature = "internal")]
-use log::warn;
 use thiserror::Error;
+#[cfg(feature = "internal")]
+use tracing::{info, instrument, warn};
 
 #[cfg(any(feature = "secrets", feature = "internal"))]
 use crate::OrganizationId;
@@ -108,11 +108,13 @@ impl EncryptionSettings {
     }
 
     #[cfg(feature = "internal")]
+    #[instrument(err, skip_all)]
     fn init_v1(
         user_key: Aes256CbcHmacKey,
         private_key: EncString,
         store: &KeyStore<KeyIds>,
     ) -> Result<(), EncryptionSettingsError> {
+        info!("Account has v1 encryption keys");
         let user_key = SymmetricCryptoKey::Aes256CbcHmacKey(user_key);
 
         let private_key = {
@@ -146,6 +148,7 @@ impl EncryptionSettings {
     }
 
     #[cfg(feature = "internal")]
+    #[instrument(err, skip_all)]
     fn init_v2(
         user_key: XChaCha20Poly1305Key,
         private_key: EncString,
@@ -154,6 +157,7 @@ impl EncryptionSettings {
         store: &KeyStore<KeyIds>,
         sdk_security_state: &RwLock<Option<SecurityState>>,
     ) -> Result<(), EncryptionSettingsError> {
+        info!("Account has v2 encryption keys");
         use crate::key_management::SecurityState;
 
         let user_key = SymmetricCryptoKey::XChaCha20Poly1305Key(user_key);
@@ -201,6 +205,7 @@ impl EncryptionSettings {
     }
 
     #[cfg(feature = "internal")]
+    #[instrument(err, skip_all)]
     pub(crate) fn set_org_keys(
         org_enc_keys: Vec<(OrganizationId, UnsignedSharedKey)>,
         store: &KeyStore<KeyIds>,

crates/bitwarden-core/src/client/internal.rs

@@ -11,6 +11,8 @@ use bitwarden_crypto::{
 #[cfg(feature = "internal")]
 use bitwarden_state::registry::StateRegistry;
 use chrono::Utc;
+#[cfg(feature = "internal")]
+use tracing::instrument;
 
 #[cfg(any(feature = "internal", feature = "secrets"))]
 use crate::client::encryption_settings::EncryptionSettings;
@@ -288,6 +290,7 @@ impl InternalClient {
     }
 
     #[cfg(feature = "internal")]
+    #[instrument(err, skip_all)]
     pub(crate) fn initialize_user_crypto_master_key(
         &self,
         master_key: MasterKey,
@@ -299,6 +302,7 @@ impl InternalClient {
     }
 
     #[cfg(feature = "internal")]
+    #[instrument(err, skip_all, fields(user_id = ?self.get_user_id()))]
     pub(crate) fn initialize_user_crypto_decrypted_key(
         &self,
         user_key: SymmetricCryptoKey,
@@ -340,6 +344,7 @@ impl InternalClient {
     }
 
     #[cfg(feature = "internal")]
+    #[instrument(err, skip_all)]
     pub(crate) fn initialize_user_crypto_pin(
         &self,
         pin_key: PinKey,
@@ -351,6 +356,7 @@ impl InternalClient {
     }
 
     #[cfg(feature = "internal")]
+    #[instrument(err, skip_all)]
     pub(crate) fn initialize_user_crypto_pin_envelope(
         &self,
         pin: String,
@@ -393,6 +399,7 @@ impl InternalClient {
     }
 
     #[cfg(feature = "internal")]
+    #[instrument(err, skip_all)]
     pub(crate) fn initialize_user_crypto_master_password_unlock(
         &self,
         password: String,

crates/bitwarden-core/src/key_management/crypto.rs

@@ -17,6 +17,7 @@ use bitwarden_encoding::B64;
 use bitwarden_error::bitwarden_error;
 use schemars::JsonSchema;
 use serde::{Deserialize, Serialize};
+use tracing::info;
 #[cfg(feature = "wasm")]
 use {tsify::Tsify, wasm_bindgen::prelude::*};
 
@@ -167,6 +168,12 @@ pub(super) async fn initialize_user_crypto(
     }
 
     let key_state = (&req).into();
+    let _span_guard = tracing::info_span!(
+        "User Crypto Initialization",
+        user_id = ?client.internal.get_user_id(),
+        method = ?req.method
+    )
+    .entered();
 
     match req.method {
         InitUserCryptoMethod::Password { password, user_key } => {
@@ -261,6 +268,8 @@ pub(super) async fn initialize_user_crypto(
         }
     }
 
+    info!("User crypto initialized successfully");
+
     client
         .internal
         .set_login_method(LoginMethod::User(UserLoginMethod::Username {

crates/bitwarden-crypto/Cargo.toml

@@ -57,6 +57,7 @@ sha1 = ">=0.10.5, <0.11"
 sha2 = ">=0.10.6, <0.11"
 subtle = { workspace = true }
 thiserror = { workspace = true }
+tracing = { workspace = true }
 tsify = { workspace = true, optional = true }
 typenum = ">=1.18.0, <1.19.0"
 uniffi = { workspace = true, optional = true }

crates/bitwarden-crypto/src/cose.rs

@@ -9,6 +9,7 @@ use coset::{
 };
 use generic_array::GenericArray;
 use thiserror::Error;
+use tracing::instrument;
 use typenum::U32;
 
 use crate::{
@@ -135,6 +136,7 @@ const SYMMETRIC_KEY: Label = Label::Int(iana::SymmetricKeyParameter::K as i64);
 impl TryFrom<&coset::CoseKey> for SymmetricCryptoKey {
     type Error = CryptoError;
 
+    #[instrument(err, skip_all)]
     fn try_from(cose_key: &coset::CoseKey) -> Result<Self, Self::Error> {
         let key_bytes = cose_key
             .params

crates/bitwarden-crypto/src/enc_string/symmetric.rs

@@ -3,6 +3,7 @@ use std::{borrow::Cow, str::FromStr};
 use bitwarden_encoding::{B64, FromStrVisitor};
 use coset::{CborSerializable, iana::KeyOperation};
 use serde::Deserialize;
+use tracing::instrument;
 
 use super::{check_length, from_b64, from_b64_vec, split_enc_string};
 use crate::{
@@ -346,6 +347,7 @@ impl KeyEncryptable<SymmetricCryptoKey, EncString> for &str {
 }
 
 impl KeyDecryptable<SymmetricCryptoKey, String> for EncString {
+    #[instrument(err, skip_all)]
     fn decrypt_with_key(&self, key: &SymmetricCryptoKey) -> Result<String> {
         let dec: Vec<u8> = self.decrypt_with_key(key)?;
         String::from_utf8(dec).map_err(|_| CryptoError::InvalidUtf8String)

crates/bitwarden-crypto/src/traits/decryptable.rs

@@ -1,3 +1,5 @@
+use tracing::instrument;
+
 use crate::{CryptoError, EncString, KeyId, KeyIds, store::KeyStoreContext};
 
 /// A decryption operation that takes the input value and decrypts it into the output value.
@@ -9,6 +11,7 @@ pub trait Decryptable<Ids: KeyIds, Key: KeyId, Output> {
 }
 
 impl<Ids: KeyIds> Decryptable<Ids, Ids::Symmetric, Vec<u8>> for EncString {
+    #[instrument(err, skip_all)]
     fn decrypt(
         &self,
         ctx: &mut KeyStoreContext<Ids>,
@@ -19,6 +22,7 @@ impl<Ids: KeyIds> Decryptable<Ids, Ids::Symmetric, Vec<u8>> for EncString {
 }
 
 impl<Ids: KeyIds> Decryptable<Ids, Ids::Symmetric, String> for EncString {
+    #[instrument(err, skip_all)]
     fn decrypt(
         &self,
         ctx: &mut KeyStoreContext<Ids>,

crates/bitwarden-vault/Cargo.toml

@@ -52,6 +52,7 @@ sha1 = ">=0.10.5, <0.11"
 sha2 = ">=0.10.6, <0.11"
 subtle = { workspace = true }
 thiserror = { workspace = true }
+tracing = { workspace = true }
 tsify = { workspace = true, optional = true }
 uniffi = { workspace = true, optional = true }
 uuid = { workspace = true }

crates/bitwarden-vault/src/cipher/cipher.rs

@@ -22,6 +22,7 @@ use chrono::{DateTime, SecondsFormat, Utc};
 use serde::{Deserialize, Serialize};
 use serde_repr::{Deserialize_repr, Serialize_repr};
 use thiserror::Error;
+use tracing::instrument;
 #[cfg(feature = "wasm")]
 use tsify::Tsify;
 #[cfg(feature = "wasm")]
@@ -512,6 +513,7 @@ impl CompositeEncryptable<KeyIds, SymmetricKeyId, Cipher> for CipherView {
 }
 
 impl Decryptable<KeyIds, SymmetricKeyId, CipherView> for Cipher {
+    #[instrument(err, skip_all, fields(cipher_id = ?self.id, org_id = ?self.organization_id, kind = ?self.r#type))]
     fn decrypt(
         &self,
         ctx: &mut KeyStoreContext<KeyIds>,
@@ -576,6 +578,7 @@ impl Cipher {
     /// * `key` - The key to use to decrypt the cipher key, this should be the user or organization
     ///   key
     /// * `ciphers_key` - The encrypted cipher key
+    #[instrument(err, skip_all)]
     pub(super) fn decrypt_cipher_key(
         ctx: &mut KeyStoreContext<KeyIds>,
         key: SymmetricKeyId,

crates/bitwarden-wasm-internal/Cargo.toml

@@ -36,6 +36,9 @@ console_error_panic_hook = "0.1.7"
 console_log = { version = "1.0.0", features = ["color"] }
 log = "0.4.20"
 serde = { workspace = true }
+tracing = { workspace = true }
+tracing-subscriber = { workspace = true }
+tracing-web = { version = "0.1.3" }
 tsify = { workspace = true }
 # When upgrading wasm-bindgen, make sure to update the version in the workflows!
 wasm-bindgen = { version = "=0.2.105", features = ["serde-serialize"] }