bitwarden_core/mobile/
crypto_client.rs

1use bitwarden_crypto::CryptoError;
2#[cfg(feature = "internal")]
3use bitwarden_crypto::{EncString, UnsignedSharedKey};
4
5use super::crypto::{
6    derive_key_connector, make_key_pair, verify_asymmetric_keys, DeriveKeyConnectorError,
7    DeriveKeyConnectorRequest, EnrollAdminPasswordResetError, MakeKeyPairResponse,
8    MobileCryptoError, VerifyAsymmetricKeysRequest, VerifyAsymmetricKeysResponse,
9};
10#[cfg(feature = "internal")]
11use crate::mobile::crypto::{
12    derive_pin_key, derive_pin_user_key, enroll_admin_password_reset, get_user_encryption_key,
13    initialize_org_crypto, initialize_user_crypto, update_password, DerivePinKeyResponse,
14    InitOrgCryptoRequest, InitUserCryptoRequest, UpdatePasswordResponse,
15};
16use crate::{client::encryption_settings::EncryptionSettingsError, Client};
17
18/// A client for the crypto operations.
19pub struct CryptoClient {
20    pub(crate) client: crate::Client,
21}
22
23impl CryptoClient {
24    /// Initialization method for the user crypto. Needs to be called before any other crypto
25    /// operations.
26    pub async fn initialize_user_crypto(
27        &self,
28        req: InitUserCryptoRequest,
29    ) -> Result<(), EncryptionSettingsError> {
30        initialize_user_crypto(&self.client, req).await
31    }
32
33    /// Initialization method for the organization crypto. Needs to be called after
34    /// `initialize_user_crypto` but before any other crypto operations.
35    pub async fn initialize_org_crypto(
36        &self,
37        req: InitOrgCryptoRequest,
38    ) -> Result<(), EncryptionSettingsError> {
39        initialize_org_crypto(&self.client, req).await
40    }
41
42    /// Get the uses's decrypted encryption key. Note: It's very important
43    /// to keep this key safe, as it can be used to decrypt all of the user's data
44    pub async fn get_user_encryption_key(&self) -> Result<String, MobileCryptoError> {
45        get_user_encryption_key(&self.client).await
46    }
47
48    /// Update the user's password, which will re-encrypt the user's encryption key with the new
49    /// password. This returns the new encrypted user key and the new password hash.
50    pub fn update_password(
51        &self,
52        new_password: String,
53    ) -> Result<UpdatePasswordResponse, MobileCryptoError> {
54        update_password(&self.client, new_password)
55    }
56
57    /// Generates a PIN protected user key from the provided PIN. The result can be stored and later
58    /// used to initialize another client instance by using the PIN and the PIN key with
59    /// `initialize_user_crypto`.
60    pub fn derive_pin_key(&self, pin: String) -> Result<DerivePinKeyResponse, MobileCryptoError> {
61        derive_pin_key(&self.client, pin)
62    }
63
64    /// Derives the pin protected user key from encrypted pin. Used when pin requires master
65    /// password on first unlock.
66    pub fn derive_pin_user_key(
67        &self,
68        encrypted_pin: EncString,
69    ) -> Result<EncString, MobileCryptoError> {
70        derive_pin_user_key(&self.client, encrypted_pin)
71    }
72
73    /// Prepares the account for being enrolled in the admin password reset feature. This encrypts
74    /// the users [UserKey][bitwarden_crypto::UserKey] with the organization's public key.
75    pub fn enroll_admin_password_reset(
76        &self,
77        public_key: String,
78    ) -> Result<UnsignedSharedKey, EnrollAdminPasswordResetError> {
79        enroll_admin_password_reset(&self.client, public_key)
80    }
81
82    /// Derive the master key for migrating to the key connector
83    pub fn derive_key_connector(
84        &self,
85        request: DeriveKeyConnectorRequest,
86    ) -> Result<String, DeriveKeyConnectorError> {
87        derive_key_connector(request)
88    }
89
90    /// Generates a new key pair and encrypts the private key with the provided user key.
91    pub fn make_key_pair(&self, user_key: String) -> Result<MakeKeyPairResponse, CryptoError> {
92        make_key_pair(user_key)
93    }
94
95    /// Verifies a user's asymmetric keys by decrypting the private key with the provided user
96    /// key. Returns if the private key is decryptable and if it is a valid matching key.
97    /// Crypto initialization not required.
98    pub fn verify_asymmetric_keys(
99        &self,
100        request: VerifyAsymmetricKeysRequest,
101    ) -> Result<VerifyAsymmetricKeysResponse, CryptoError> {
102        verify_asymmetric_keys(request)
103    }
104}
105
106impl Client {
107    /// Access to crypto functionality.
108    pub fn crypto(&self) -> CryptoClient {
109        CryptoClient {
110            client: self.clone(),
111        }
112    }
113}