Expand description
This module contains the definition for the key identifiers used by the rest of the crates. Any code that needs to interact with the [KeyStore] should use these types.
- SymmetricKeySlotId is used to identify symmetric keys.
- PrivateKeySlotId is used to identify private keys.
- KeySlotIds is a helper type that combines both symmetric and private key identifiers. This is usually used in the type bounds of [KeyStore], KeyStoreContext, PrimitiveEncryptable, CompositeEncryptable, and Decryptable.
Modules§
- account_
cryptographic_ state - User account cryptographic state
- crypto
- Mobile specific crypto operations
- crypto_
client 🔒 - local_
user_ 🔒data_ key - local_
user_ 🔒data_ key_ state - master_
password 🔒 - pin_
lock_ 🔒system - Pin-based unlock in Bitwarden works using a
PasswordProtectedKeyEnvelope, which is sealed with the PIN and contains the user-key. When unlocking with PIN, the envelope is unsealed with the PIN and the key is loaded into the key-store. - security_
state 🔒 - Security state is a signed object that attests to a user’s (or later an organization’s) security state. The security goal is to prevent downgrades of specific features within the user’s account by the server / a networked attacker with TLS introspection access.
- state_
bridge - A temporary bridge to access KM-related state from within the SDK. The state bridge is a temporary layer that allows quickly transitioning non-repository shaped state to be accessible from within the SDK.
- user_
decryption 🔒 - v2_
upgrade_ 🔒token - V2 Upgrade Token is created during V1→V2 key rotation and holds both user keys wrapped by each other. This allows V1 devices to retrieve the V2 key (to complete the upgrade), and V2 devices to retrieve the V1 key (e.g. to rotate local device unlock methods still encrypted with V1).
- wasm_
unlock_ 🔒state - The WASM sdk currently does not hold persistent SDK instances and instead re-createds SDK instances frequently. The unlock-state is lost, since the user-key is only held in the SDK. This file implements setting the user-key to WASM client-managed ephemeral state, so that SDK-re-creations have access to the user-key.
Structs§
- Crypto
Client - A client for the crypto operations.
- Ephemeral
PinEnvelope State - Represents the PIN envelope in memory, when ephemeral PIN unlock is used.
- KeySlot
Ids - Local
User Data KeyState - Represents the local user data key, wrapped by user key. This key is used to encrypt local user data (e.g., password generator history).
- Master
Password Authentication Data - Represents the data required to authenticate with the master password.
- Master
Password Unlock Data - Represents the data required to unlock with the master password.
- PinLock
System - Provides PIN-based unlock functionality. This includes enrolling into PIN-based unlock, unlocking using the PIN and handling necessary operations (PIN envelope refreshing when transitioning to after-first-unlock mode).
- Security
State - The security state is a signed object attesting to the security state of a user.
- Signed
Security State - A signed and serialized
SecurityStateobject. - User
Decryption Data - Represents data required to decrypt user’s vault. Currently, this is only used for master password unlock.
- User
KeyState - Represents the decrypted symmetric user-key of a user. This is held in ephemeral state of the client.
- V2Upgrade
Token - Holds both V1 and V2 user keys, each wrapped by the other.
Enums§
- Master
Password Error - Error for master password related operations.
- PinLock
Type - Pin unlock can be configured to use one of two modes. Before-first-unlock and after-first-unlock. In AFU mode, the PIN is available only after unlocking once with the master password or another unlock method. In BFU mode, PIN unlock is available right after app start. For this, the PIN-encrypted vault key is stored on disk.
- PinUnlock
Status - Current availability state for PIN-based unlock.
- Private
KeySlot Id - Signing
KeySlot Id - Symmetric
KeySlot Id - V2Upgrade
Token Error - Errors that can occur when working with V2UpgradeToken
Constants§
- BLOB_
SECURITY_ VERSION - Cipher blob encryption is enabled starting with this security state version.
- MINIMUM_
ENFORCE_ ICON_ URI_ HASH_ VERSION - Icon URI hashes are enforced starting with this security state version.
- UNIFFI_
META_ 🔒CONST_ BITWARDEN_ CORE_ RECORD_ EPHEMERALPINENVELOPESTATE - UNIFFI_
META_ 🔒CONST_ BITWARDEN_ CORE_ RECORD_ LOCALUSERDATAKEYSTATE - UNIFFI_
META_ 🔒CONST_ BITWARDEN_ CORE_ RECORD_ USERKEYSTATE
Functions§
- create_
test_ crypto_ with_ user_ and_ org_ key - This is a helper function to create a test KeyStore with a single user key and an organization key using the provided organization uuid. While this function is not marked as #[cfg(test)], it should only be used for testing purposes. It’s only public so that other crates can make use of it in their own tests.
- create_
test_ crypto_ with_ user_ key - This is a helper function to create a test KeyStore with a single user key. While this function is not marked as #[cfg(test)], it should only be used for testing purposes. It’s only public so that other crates can make use of it in their own tests.