[PM-27230] Introduce Account Cryptographic State

[quexten]

🎟️ Tracking

https://bitwarden.atlassian.net/browse/PM-27230
https://bitwarden.atlassian.net/browse/PM-27313

Client PR, fixing breaking changes: bitwarden/clients#17488

📔 Objective

Account cryptographic state describes the core cryptographic objects making up a user. For a V1 encryption user these are: The RSA Keypair. For a V2 user these are:

• The Public-key Encryption Keypair
• The Signature Keypair
• The Signed public key (used to bind a public-key encryption key pair to signing keypair)
• The Signed security state (used for a safe upgrade path that prevents insecure features)

Not included are:

• Keys shared to the user via an organization memebership or emergency access
• Cipher keys
  which are not part of the user's cryptography, but do interact with it.

Provided is a function to generate such a cryptographic state for v2 users, and conversion to API request models. Further, this changes SDK initialization to be based on the account cryptographic state.

🚨 Breaking Changes

Please note that the public API for initializing the user's account cryptography is updated to instead take an enum. The variants for the enum contain the private key for V1 users, and the private key, signing key, signed public key, signed security state for V2 users.

Aside from re-packaging into an enum variant, no other changes should be needed on the consuming side.

This both helps prevent inconsistent states from being passed in by enforcing consistent state via type safetey, but also cleans up the primitive obsession anti-pattern (https://contributing.bitwarden.com/architecture/server/#avoid-primitive-obsession) that the crypto initialization was facing and will make future changes much easier.

Note that since so far clients did not store the signed public key, it is optional for now, but will be made mandatory later after clients save it for a sufficient time.

To migrate, simply repack the existing values into the corresponding enum. Note that previously the signed public key was not passed in, now it is passed in (optional for now, but required later on). Please ensure it is saved to state on sync / login.

⏰ Reminders before review

• Contributor guidelines followed
• All formatters and local linters executed and passed
• Written new unit and / or integration tests where applicable
• Protected functional changes with optionality (feature flags)
• Used internationalization (i18n) for all UI strings
• CI builds passed
• Communicated to DevOps any deployment requirements
• Updated any necessary documentation (Confluence, contributing docs) or informed the documentation
  team

🦮 Reviewer guidelines

• 👍 (:+1:) or similar for great changes
• 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
• ❓ (:question:) for questions
• 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed
  issue and could potentially benefit from discussion
• 🎨 (:art:) for suggestions / improvements
• ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
• 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
• ⛏ (:pick:) for minor or nitpick changes

[github-actions]

Checkmarx One – Scan Summary & Details – 76d7278d-8a67-4809-bf07-c33b838af5fe

Great job! No new security vulnerabilities introduced in this pull request

[github-actions]

🔍 SDK Breaking Change Detection Results

SDK Version: km/account-cryptographic-state (f031cab)
Completed: 2025-11-21 14:18:20 UTC
Total Time: 217s

Client	Status	Details
typescript	❌ Breaking changes detected	TypeScript compilation failed with new SDK version - View Details

---

Breaking change detection completed. View SDK workflow

[codecov]

Codecov Report

❌ Patch coverage is 93.91304% with 35 lines in your changes missing coverage. Please review.
✅ Project coverage is 79.86%. Comparing base (32a8d8a) to head (adfc0b7).
⚠️ Report is 7 commits behind head on main.

Files with missing lines	Patch %	Lines
.../src/key_management/account_cryptographic_state.rs	94.76%	17 Missing ⚠️
crates/bitwarden-crypto/src/store/context.rs	93.79%	9 Missing ⚠️
crates/bitwarden-core/src/auth/tde.rs	0.00%	3 Missing ⚠️
crates/bitwarden-core/src/client/test_accounts.rs	50.00%	3 Missing ⚠️
crates/bitwarden-core/src/auth/login/api_key.rs	0.00%	1 Missing ⚠️
...ates/bitwarden-core/src/auth/login/auth_request.rs	0.00%	1 Missing ⚠️
crates/bitwarden-core/src/auth/login/password.rs	0.00%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #563      +/-   ##
==========================================
+ Coverage   79.71%   79.86%   +0.15%     
==========================================
  Files         300      303       +3     
  Lines       32238    32543     +305     
==========================================
+ Hits        25697    25990     +293     
- Misses       6541     6553      +12     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[quexten]

(Not for this PR)

@dani-garcia Any thoughts on moving these functions out to the domain objects? I.e something like:

let private_key = PrivateKey::make(PublicKeyEncryptionAlgorithm::RsaOaepSha1, &mut ctx)?;

similarly, the operations such as wrap would be moved to the respective structs.

so that we only have:

• Delete
• Move
  left on the context?

[dani-garcia]

That sounds reasonable, should also help reduce the amount of functions we expose in a context too