[POC|PM-28135] Add crypto tracing logs

Cargo.toml

@@ -76,6 +76,13 @@ serde-wasm-bindgen = ">=0.6.0, <0.7"
 subtle = ">=2.5.0, <3.0"
 syn = ">=2.0.87, <3"
 thiserror = ">=1.0.40, <3"
+tracing = { version = "0.1.41" }
+tracing-subscriber = { version = "0.3.20", features = [
+    "fmt",
+    "env-filter",
+    "tracing-log",
+    "time",
+] }
 tokio = { version = "1.36.0", features = ["macros"] }
 tsify = { version = ">=0.5.5, <0.6", features = [
     "js",

crates/bitwarden-core/Cargo.toml

@@ -59,6 +59,7 @@ serde_json = { workspace = true }
 serde_qs = { workspace = true }
 serde_repr = { workspace = true }
 thiserror = { workspace = true }
+tracing = { workspace = true }
 tsify = { workspace = true, optional = true }
 uniffi = { workspace = true, optional = true, features = ["tokio"] }
 uuid = { workspace = true }

crates/bitwarden-core/src/client/encryption_settings.rs

@@ -9,9 +9,9 @@ use bitwarden_crypto::{
 #[cfg(any(feature = "internal", feature = "secrets"))]
 use bitwarden_crypto::{KeyStore, SymmetricCryptoKey};
 use bitwarden_error::bitwarden_error;
-#[cfg(feature = "internal")]
-use log::warn;
 use thiserror::Error;
+#[cfg(feature = "internal")]
+use tracing::{info, instrument, warn};
 
 #[cfg(any(feature = "secrets", feature = "internal"))]
 use crate::OrganizationId;
@@ -108,11 +108,13 @@ impl EncryptionSettings {
     }
 
     #[cfg(feature = "internal")]
+    #[instrument(err, skip_all)]
     fn init_v1(
         user_key: Aes256CbcHmacKey,
         private_key: EncString,
         store: &KeyStore<KeyIds>,
     ) -> Result<(), EncryptionSettingsError> {
+        info!("Account has v1 encryption keys");
         let user_key = SymmetricCryptoKey::Aes256CbcHmacKey(user_key);
 
         let private_key = {
@@ -146,6 +148,7 @@ impl EncryptionSettings {
     }
 
     #[cfg(feature = "internal")]
+    #[instrument(err, skip_all)]
     fn init_v2(
         user_key: XChaCha20Poly1305Key,
         private_key: EncString,
@@ -154,6 +157,7 @@ impl EncryptionSettings {
         store: &KeyStore<KeyIds>,
         sdk_security_state: &RwLock<Option<SecurityState>>,
     ) -> Result<(), EncryptionSettingsError> {
+        info!("Account has v2 encryption keys");
         use crate::key_management::SecurityState;
 
         let user_key = SymmetricCryptoKey::XChaCha20Poly1305Key(user_key);
@@ -201,6 +205,7 @@ impl EncryptionSettings {
     }
 
     #[cfg(feature = "internal")]
+    #[instrument(err, skip(org_enc_keys, store))]
     pub(crate) fn set_org_keys(
         org_enc_keys: Vec<(OrganizationId, UnsignedSharedKey)>,
         store: &KeyStore<KeyIds>,

crates/bitwarden-core/src/client/internal.rs

@@ -304,6 +304,12 @@ impl InternalClient {
         user_key: SymmetricCryptoKey,
         key_state: UserKeyState,
     ) -> Result<(), EncryptionSettingsError> {
+        let span = tracing::info_span!(
+            "User Crypto Initialization",
+            user_id = ?self.get_user_id(),
+        );
+        let _enter = span.enter();
+
         match user_key {
             SymmetricCryptoKey::Aes256CbcHmacKey(ref user_key) => {
                 EncryptionSettings::new_decrypted_key(

crates/bitwarden-crypto/Cargo.toml

@@ -57,6 +57,7 @@ sha1 = ">=0.10.5, <0.11"
 sha2 = ">=0.10.6, <0.11"
 subtle = { workspace = true }
 thiserror = { workspace = true }
+tracing = { workspace = true }
 tsify = { workspace = true, optional = true }
 typenum = ">=1.18.0, <1.19.0"
 uniffi = { workspace = true, optional = true }

crates/bitwarden-crypto/src/enc_string/symmetric.rs

@@ -3,6 +3,7 @@ use std::{borrow::Cow, str::FromStr};
 use bitwarden_encoding::{B64, FromStrVisitor};
 use coset::{CborSerializable, iana::KeyOperation};
 use serde::Deserialize;
+use tracing::instrument;
 
 use super::{check_length, from_b64, from_b64_vec, split_enc_string};
 use crate::{
@@ -346,6 +347,7 @@ impl KeyEncryptable<SymmetricCryptoKey, EncString> for &str {
 }
 
 impl KeyDecryptable<SymmetricCryptoKey, String> for EncString {
+    #[instrument(err, skip_all)]
     fn decrypt_with_key(&self, key: &SymmetricCryptoKey) -> Result<String> {
         let dec: Vec<u8> = self.decrypt_with_key(key)?;
         String::from_utf8(dec).map_err(|_| CryptoError::InvalidUtf8String)

crates/bitwarden-crypto/src/traits/decryptable.rs

@@ -1,3 +1,5 @@
+use tracing::instrument;
+
 use crate::{CryptoError, EncString, KeyId, KeyIds, store::KeyStoreContext};
 
 /// A decryption operation that takes the input value and decrypts it into the output value.
@@ -9,6 +11,7 @@ pub trait Decryptable<Ids: KeyIds, Key: KeyId, Output> {
 }
 
 impl<Ids: KeyIds> Decryptable<Ids, Ids::Symmetric, Vec<u8>> for EncString {
+    #[instrument(err, skip_all)]
     fn decrypt(
         &self,
         ctx: &mut KeyStoreContext<Ids>,
@@ -19,6 +22,7 @@ impl<Ids: KeyIds> Decryptable<Ids, Ids::Symmetric, Vec<u8>> for EncString {
 }
 
 impl<Ids: KeyIds> Decryptable<Ids, Ids::Symmetric, String> for EncString {
+    #[instrument(err, skip_all)]
     fn decrypt(
         &self,
         ctx: &mut KeyStoreContext<Ids>,

crates/bitwarden-vault/Cargo.toml

@@ -52,6 +52,7 @@ sha1 = ">=0.10.5, <0.11"
 sha2 = ">=0.10.6, <0.11"
 subtle = { workspace = true }
 thiserror = { workspace = true }
+tracing = { workspace = true }
 tsify = { workspace = true, optional = true }
 uniffi = { workspace = true, optional = true }
 uuid = { workspace = true }

crates/bitwarden-vault/src/cipher/cipher.rs

@@ -22,6 +22,7 @@ use chrono::{DateTime, SecondsFormat, Utc};
 use serde::{Deserialize, Serialize};
 use serde_repr::{Deserialize_repr, Serialize_repr};
 use thiserror::Error;
+use tracing::instrument;
 #[cfg(feature = "wasm")]
 use tsify::Tsify;
 #[cfg(feature = "wasm")]
@@ -512,6 +513,7 @@ impl CompositeEncryptable<KeyIds, SymmetricKeyId, Cipher> for CipherView {
 }
 
 impl Decryptable<KeyIds, SymmetricKeyId, CipherView> for Cipher {
+    #[instrument(err, skip(self, ctx, key), fields(cipher_id = ?self.id, org_id = ?self.organization_id, kind = ?self.r#type))]
     fn decrypt(
         &self,
         ctx: &mut KeyStoreContext<KeyIds>,
@@ -576,6 +578,7 @@ impl Cipher {
     /// * `key` - The key to use to decrypt the cipher key, this should be the user or organization
     ///   key
     /// * `ciphers_key` - The encrypted cipher key
+    #[instrument(err, skip_all)]
     pub(super) fn decrypt_cipher_key(
         ctx: &mut KeyStoreContext<KeyIds>,
         key: SymmetricKeyId,

crates/bitwarden-wasm-internal/Cargo.toml

@@ -36,6 +36,9 @@ console_error_panic_hook = "0.1.7"
 console_log = { version = "1.0.0", features = ["color"] }
 log = "0.4.20"
 serde = { workspace = true }
+tracing = { workspace = true }
+tracing-subscriber = { workspace = true }
+tracing-web = { version = "0.1.3" }
 tsify = { workspace = true }
 # When upgrading wasm-bindgen, make sure to update the version in the workflows!
 wasm-bindgen = { version = "=0.2.105", features = ["serde-serialize"] }

crates/bitwarden-wasm-internal/src/init.rs

@@ -1,4 +1,6 @@
 use log::{Level, set_max_level};
+use tracing_subscriber::prelude::*;
+use tracing_web::MakeWebConsoleWriter;
 use wasm_bindgen::prelude::*;
 
 #[wasm_bindgen]
@@ -9,7 +11,6 @@ pub enum LogLevel {
     Warn,
     Error,
 }
-
 fn convert_level(level: LogLevel) -> Level {
     match level {
         LogLevel::Trace => Level::Trace,
@@ -30,6 +31,13 @@ pub fn set_log_level(level: LogLevel) {
 #[wasm_bindgen]
 pub fn init_sdk(log_level: Option<LogLevel>) {
     console_error_panic_hook::set_once();
+    let fmt_layer = tracing_subscriber::fmt::layer()
+        .with_ansi(false) // Only partially supported across browsers
+        .without_time() // Time is not supported in wasm
+        .with_writer(MakeWebConsoleWriter::new());
+    tracing_subscriber::registry().with(fmt_layer).init();
+    tracing::info!("Initialized tracing");
+
     let log_level = convert_level(log_level.unwrap_or(LogLevel::Info));
     if let Err(_e) = console_log::init_with_level(log_level) {
         set_max_level(log_level.to_level_filter())