[PM-35105] Add SecretProtectedKeyEnvelope to bitwarden-crypto

[quexten]

🎟️ Tracking

https://bitwarden.atlassian.net/browse/PM-35105

📔 Objective

Stacked PR 4/4 (on top of #1203).

Adds SecretProtectedKeyEnvelope: seals a symmetric key with a high-entropy secret of arbitrary length using a cheap KDF (HKDF-SHA256) and AES-256-GCM, via the standardized COSE 'Direct Key with KDF' construction. Unlike the password-protected envelope, it assumes the secret is not brute-forceable, so no memory-hard KDF is needed.

Adds the envelope type, the COSE SecretProtectedKeyEnvelope namespace, the extract_single_recipient helper, the UniFFI binding, a usage example, and safe module README docs.

Base: km/safe-shared-helpers (#1203).

[github-actions]

🔍 SDK Breaking Change Detection

SDK Version: km/secret-protected-envelope-split (c9d7d39)

⚠️ If breaking changes are detected, a corresponding pull request addressing them must be ready for merge in the affected client repository.

Client	Status	Details
typescript	✅ No breaking changes detected	Compilation passed with new SDK version - View Details
android	✅ No breaking changes detected	Compilation passed with new SDK version - View Details

---

Breaking change detection uses the build of the SDK from this branch, including any incompatibities pre-existing on or merged into this branch. Check the workflow logs to confirm.
Results update as workflows complete.

[codecov]

Codecov Report

❌ Patch coverage is 77.84553% with 109 lines in your changes missing coverage. Please review.
✅ Project coverage is 85.11%. Comparing base (8d78925) to head (6c2c588).

Files with missing lines	Patch %	Lines
...n-crypto/src/safe/secret_protected_key_envelope.rs	77.84%	107 Missing ⚠️
crates/bitwarden-crypto/src/safe/mod.rs	85.71%	1 Missing ⚠️
crates/bitwarden-crypto/src/uniffi_support.rs	0.00%	1 Missing ⚠️

Additional details and impacted files

@@                    Coverage Diff                     @@
##           km/safe-shared-helpers    #1204      +/-   ##
==========================================================
- Coverage                   85.16%   85.11%   -0.06%     
==========================================================
  Files                         468      469       +1     
  Lines                       64295    64787     +492     
==========================================================
+ Hits                        54759    55142     +383     
- Misses                       9536     9645     +109     

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[github-actions]

🤖 Bitwarden Claude Code Review

Overall Assessment: APPROVE

Reviewed the new SecretProtectedKeyEnvelope (stacked PR 4/4), which seals a symmetric key with a high-entropy secret via the COSE "Direct Key with KDF" construction (HKDF-SHA256 + AES-256-GCM). Verified the cryptographic binding: the content-encryption algorithm is declared in the authenticated protected header and bound into the COSE_KDF_Context, the random salt and fresh per-message nonce eliminate nonce-reuse risk, and namespace domain separation, parsing, and wrong-secret handling match the established PasswordProtectedKeyEnvelope pattern. The COSE namespace registration, UniFFI binding, example, and test vectors (CoseKey + legacy key) are consistent and complete.

No findings at or above the confidence threshold for posting.

Code Review Details

No blocking issues identified.

Notes considered and dismissed during review:

• The unused KeyStore error variant mirrors PasswordProtectedKeyEnvelope; consistency is preferred over an isolated change.
• validate_safe_namespaces tolerates a missing namespace for backward compatibility, but the protected header is authenticated as AEAD associated data, so stripping it fails decryption — not exploitable.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
2.4% Duplication on New Code

See analysis details on SonarQube Cloud