Skip to main content

bitwarden_uniffi/
crypto.rs

1use bitwarden_core::key_management::{
2    V2UpgradeToken,
3    crypto::{
4        DeriveKeyConnectorRequest, DerivePinKeyResponse, EnrollPinResponse, InitOrgCryptoRequest,
5        InitUserCryptoRequest, UpdateKdfResponse, UpdatePasswordResponse,
6    },
7};
8use bitwarden_crypto::{EncString, Kdf, RotateableKeySet, UnsignedSharedKey};
9use bitwarden_encoding::B64;
10
11use crate::error::Result;
12
13#[allow(missing_docs)]
14#[derive(uniffi::Object)]
15pub struct CryptoClient(pub(crate) bitwarden_core::key_management::CryptoClient);
16
17#[uniffi::export(async_runtime = "tokio")]
18impl CryptoClient {
19    /// Initialization method for the user crypto. Needs to be called before any other crypto
20    /// operations.
21    pub async fn initialize_user_crypto(&self, req: InitUserCryptoRequest) -> Result<()> {
22        Ok(self.0.initialize_user_crypto(req).await?)
23    }
24
25    /// Initialization method for the organization crypto. Needs to be called after
26    /// `initialize_user_crypto` but before any other crypto operations.
27    pub async fn initialize_org_crypto(&self, req: InitOrgCryptoRequest) -> Result<()> {
28        Ok(self.0.initialize_org_crypto(req).await?)
29    }
30
31    /// Get the uses's decrypted encryption key. Note: It's very important
32    /// to keep this key safe, as it can be used to decrypt all of the user's data
33    pub async fn get_user_encryption_key(&self) -> Result<B64> {
34        Ok(self.0.get_user_encryption_key().await?)
35    }
36
37    /// Create the data necessary to update the user's password. The user's encryption key is
38    /// re-encrypted with the new password. This returns the new encrypted user key and the new
39    /// password hash but does not update sdk state.
40    pub async fn make_update_password(
41        &self,
42        new_password: String,
43    ) -> Result<UpdatePasswordResponse> {
44        Ok(self.0.make_update_password(new_password).await?)
45    }
46
47    /// Generates a PIN protected user key from the provided PIN. The result can be stored and later
48    /// used to initialize another client instance by using the PIN and the PIN key with
49    /// `initialize_user_crypto`.
50    pub async fn derive_pin_key(&self, pin: String) -> Result<DerivePinKeyResponse> {
51        Ok(self.0.derive_pin_key(pin).await?)
52    }
53
54    /// Derives the pin protected user key from encrypted pin. Used when pin requires master
55    /// password on first unlock.
56    pub async fn derive_pin_user_key(&self, encrypted_pin: EncString) -> Result<EncString> {
57        Ok(self.0.derive_pin_user_key(encrypted_pin).await?)
58    }
59
60    /// Protects the current user key with the provided PIN. The result can be stored and later
61    /// used to initialize another client instance by using the PIN and the PIN key with
62    /// `initialize_user_crypto`.
63    pub fn enroll_pin(&self, pin: String) -> Result<EnrollPinResponse> {
64        Ok(self.0.enroll_pin(pin)?)
65    }
66
67    /// Protects the current user key with the provided PIN. The result can be stored and later
68    /// used to initialize another client instance by using the PIN and the PIN key with
69    /// `initialize_user_crypto`. The provided pin is encrypted with the user key.
70    pub fn enroll_pin_with_encrypted_pin(
71        &self,
72        encrypted_pin: EncString,
73    ) -> Result<EnrollPinResponse> {
74        Ok(self
75            .0
76            .enroll_pin_with_encrypted_pin(encrypted_pin.to_string())?)
77    }
78
79    pub fn enroll_admin_password_reset(&self, public_key: B64) -> Result<UnsignedSharedKey> {
80        Ok(self.0.enroll_admin_password_reset(public_key)?)
81    }
82
83    /// Derive the master key for migrating to the key connector
84    pub fn derive_key_connector(&self, request: DeriveKeyConnectorRequest) -> Result<B64> {
85        Ok(self.0.derive_key_connector(request)?)
86    }
87
88    /// Creates the a new rotateable key set for the current user key protected
89    /// by a key derived from the given PRF.
90    pub fn make_prf_user_key_set(&self, prf: B64) -> Result<RotateableKeySet> {
91        Ok(self.0.make_prf_user_key_set(prf)?)
92    }
93
94    /// Create the data necessary to update the user's kdf settings. The user's encryption key is
95    /// re-encrypted for the password under the new kdf settings. This returns the new encrypted
96    /// user key and the new password hash but does not update sdk state.
97    pub async fn make_update_kdf(&self, password: String, kdf: Kdf) -> Result<UpdateKdfResponse> {
98        Ok(self.0.make_update_kdf(password, kdf).await?)
99    }
100
101    /// Gets the upgraded V2 user key using an upgrade token.
102    /// If the current key is already V2, returns it directly.
103    /// If the current key is V1 and a token is provided, extracts the V2 key.
104    pub fn get_upgraded_user_key(&self, upgrade_token: Option<V2UpgradeToken>) -> Result<B64> {
105        Ok(self.0.get_upgraded_user_key(upgrade_token)?)
106    }
107}