clients [PM-21378] Switch encrypt service to use SDK functions

🎟️ Tracking

https://bitwarden.atlassian.net/browse/PM-21378

📔 Objective

Switches all non-deprecated encrypt service functions to use the sdk via PureCrypto.

📸 Screenshots

⏰ Reminders before review

Contributor guidelines followed
All formatters and local linters executed and passed
Written new unit and / or integration tests where applicable
Protected functional changes with optionality (feature flags)
Used internationalization (i18n) for all UI strings
CI builds passed
Communicated to DevOps any deployment requirements
Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team

🦮 Reviewer guidelines

👍 (:+1:) or similar for great changes
📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
❓ (:question:) for questions
🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
🎨 (:art:) for suggestions / improvements
❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
⛏ (:pick:) for minor or nitpick changes

Apr 29 '25 13:04 quexten

Codecov Report

Attention: Patch coverage is 62.65060% with 31 lines in your changes missing coverage. Please review.

Project coverage is 37.33%. Comparing base (8dc97ca) to head (df21017). Report is 1 commits behind head on main.

:white_check_mark: All tests successful. No failed tests found.

Files with missing lines	Patch %	Lines
.../crypto/services/encrypt.service.implementation.ts	80.32%	12 Missing :warning:
apps/desktop/src/services/main-sdk-load-service.ts	0.00%	5 Missing :warning:
...to/services/bulk-encrypt.service.implementation.ts	0.00%	4 Missing :warning:
apps/desktop/src/main.ts	0.00%	3 Missing :warning:
libs/key-management/src/key.service.ts	0.00%	3 Missing :warning:
...t/crypto/services/fallback-bulk-encrypt.service.ts	0.00%	2 Missing :warning:
...ices/multithread-encrypt.service.implementation.ts	0.00%	2 Missing :warning:

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #14538      +/-   ##
==========================================
- Coverage   37.48%   37.33%   -0.15%     
==========================================
  Files        3314     3315       +1     
  Lines       94426    94233     -193     
  Branches    14245    14201      -44     
==========================================
- Hits        35394    35184     -210     
- Misses      57554    57580      +26     
+ Partials     1478     1469       -9

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

:rocket: New features to boost your workflow:

:package: JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Apr 29 '25 13:04 codecov[bot]

Checkmarx One – Scan Summary & Details – e59ab219-32f0-4538-bda7-8c6909f135d3

Great job, no security vulnerabilities found in this Pull Request

Apr 29 '25 13:04 github-actions[bot]

There is some test coverage missing for the new == null cases - see codevov report for details.

@mzieniukbw Added additional tests, ~~but now the coverage CI is failing (showing 0%) again..~~

May 12 '25 13:05 quexten

@mzieniukbw Since you last reviewed I added no significant new code, aside from backporting await SdkLoadService.Ready;. to this. However, I have started dropping a fair bit of now unused code. A second PR will subsequently follow, dropping more code, the second PR will need other codeowners, this one does not.

Jun 11 '25 17:06 quexten

Follow-up PR is here for reference: https://github.com/bitwarden/clients/pull/15153

Jun 11 '25 17:06 quexten

Looks like there was a bug in early initalization where the session decryption on browser expected encrypt service to return "null", but the SDK version throws instead. Removing the feature flag caused that code to use the SDK version (where before it seemingly did not), leading to an ususable browser extension after process reload, so this requires a small change in platforms code.

Jul 03 '25 09:07 quexten

And looks like tools usage on sends accidentally relied on an incorrect behavior of encrypt service. encryptString(null, key) should not return null, but is unsupported, so I added FIXME's, and a temporary workaround for this behavior to catch other cases.

Jul 03 '25 14:07 quexten

Since this had a lot of changes after approving reviews, noting that this has now passed QA and should be good to merge/review once more!

Jul 21 '25 10:07 quexten

Note for platform: This adds SDK loading in electron main. This is needed for biometrics to work.

Jul 21 '25 10:07 quexten