Exposed temporary function to decrypt Key (#212)

## 🎟️ Tracking

<!-- Paste the link to the Jira or GitHub issue or otherwise describe /
point to where this change is coming from. -->

## 📔 Objective
`decrypt_fido2_private_key` is exposed temporarily because the
typescript clients still use the internal Fido2 authentication logic. As
a result, we need the `keyValue` on the Fido2CredentialsView to remain
in the decrypted state. This workaround will be removed once the
migration to the SDK-based Fido2 Authentication is done.
<!-- Describe what the purpose of this PR is, for example what bug
you're fixing or new feature you're adding. -->

## ⏰ Reminders before review

- Contributor guidelines followed
- All formatters and local linters executed and passed
- Written new unit and / or integration tests where applicable
- Protected functional changes with optionality (feature flags)
- Used internationalization (i18n) for all UI strings
- CI builds passed
- Communicated to DevOps any deployment requirements
- Updated any necessary documentation (Confluence, contributing docs) or
informed the documentation
  team

## 🦮 Reviewer guidelines

<!-- Suggested interactions but feel free to use (or not) as you desire!
-->

- 👍 (`:+1:`) or similar for great changes
- 📝 (`:memo:`) or ℹ️ (`:information_source:`) for notes or general info
- ❓ (`:question:`) for questions
- 🤔 (`:thinking:`) or 💭 (`:thought_balloon:`) for more open inquiry
that's not quite a confirmed
  issue and could potentially benefit from discussion
- 🎨 (`:art:`) for suggestions / improvements
- ❌ (`:x:`) or ⚠️ (`:warning:`) for more significant problems or
concerns needing attention
- 🌱 (`:seedling:`) or ♻️ (`:recycle:`) for future improvements or
indications of technical debt
- ⛏ (`:pick:`) for minor or nitpick changes

Author: gbubemismith

crates/bitwarden-vault/src/cipher/cipher.rs

@@ -6,6 +6,7 @@ use bitwarden_core::{
 use bitwarden_crypto::{
     CryptoError, Decryptable, EncString, Encryptable, IdentifyKey, KeyStoreContext,
 };
+use bitwarden_error::bitwarden_error;
 use chrono::{DateTime, Utc};
 use schemars::JsonSchema;
 use serde::{Deserialize, Serialize};
@@ -30,6 +31,7 @@ use crate::{
     VaultParseError,
 };
 
+#[bitwarden_error(flat)]
 #[derive(Debug, Error)]
 pub enum CipherError {
     #[error(transparent)]
@@ -584,6 +586,15 @@ impl CipherView {
         let res = creds.decrypt(ctx, ciphers_key)?;
         Ok(res)
     }
+
+    pub fn decrypt_fido2_private_key(
+        &self,
+        ctx: &mut KeyStoreContext<KeyIds>,
+    ) -> Result<String, CipherError> {
+        let fido2_credential = self.get_fido2_credentials(ctx)?;
+
+        Ok(fido2_credential[0].key_value.clone())
+    }
 }
 
 impl Decryptable<KeyIds, SymmetricKeyId, CipherListView> for Cipher {
@@ -1326,4 +1337,27 @@ mod tests {
             .unwrap();
         assert_eq!(subtitle, original_subtitle);
     }
+
+    #[test]
+    fn test_decrypt_fido2_private_key() {
+        let key_store =
+            create_test_crypto_with_user_key(SymmetricCryptoKey::generate(rand::thread_rng()));
+        let mut ctx = key_store.context();
+
+        let mut cipher_view = generate_cipher();
+        cipher_view
+            .generate_cipher_key(&mut ctx, cipher_view.key_identifier())
+            .unwrap();
+
+        let key_id = cipher_view.key_identifier();
+        let ciphers_key = Cipher::decrypt_cipher_key(&mut ctx, key_id, &cipher_view.key).unwrap();
+
+        let fido2_credential = generate_fido2(&mut ctx, ciphers_key);
+
+        cipher_view.login.as_mut().unwrap().fido2_credentials =
+            Some(vec![fido2_credential.clone()]);
+
+        let decrypted_key_value = cipher_view.decrypt_fido2_private_key(&mut ctx).unwrap();
+        assert_eq!(decrypted_key_value, "123");
+    }
 }

crates/bitwarden-vault/src/mobile/cipher_client.rs

@@ -61,6 +61,15 @@ impl ClientCiphers<'_> {
         cipher_view.move_to_organization(&mut key_store.context(), organization_id)?;
         Ok(cipher_view)
     }
+
+    pub fn decrypt_fido2_private_key(
+        &self,
+        cipher_view: CipherView,
+    ) -> Result<String, CipherError> {
+        let key_store = self.client.internal.get_key_store();
+        let decrypted_key = cipher_view.decrypt_fido2_private_key(&mut key_store.context())?;
+        Ok(decrypted_key)
+    }
 }
 
 impl<'a> VaultClient<'a> {

crates/bitwarden-wasm-internal/src/vault/ciphers.rs

@@ -2,8 +2,8 @@ use std::rc::Rc;
 
 use bitwarden_core::Client;
 use bitwarden_vault::{
-    Cipher, CipherListView, CipherView, DecryptError, EncryptError, Fido2CredentialView,
-    VaultClientExt,
+    Cipher, CipherError, CipherListView, CipherView, DecryptError, EncryptError,
+    Fido2CredentialView, VaultClientExt,
 };
 use wasm_bindgen::prelude::wasm_bindgen;
 
@@ -71,4 +71,25 @@ impl ClientCiphers {
             .ciphers()
             .decrypt_fido2_credentials(cipher_view)
     }
+
+    /// Decrypt key
+    ///
+    /// This method is a temporary solution to allow typescript client access to decrypted key
+    /// values, particularly for FIDO2 credentials.
+    ///
+    /// # Arguments
+    /// - `cipher_view` - Decrypted cipher containing the key
+    ///
+    /// # Returns
+    /// - `Ok(String)` containing the decrypted key
+    /// - `Err(CipherError)`
+    pub fn decrypt_fido2_private_key(
+        &self,
+        cipher_view: CipherView,
+    ) -> Result<String, CipherError> {
+        self.0
+            .vault()
+            .ciphers()
+            .decrypt_fido2_private_key(cipher_view)
+    }
 }