bitwarden_uniffi/
crypto.rs

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
use std::sync::Arc;

use bitwarden_core::mobile::crypto::{
    DeriveKeyConnectorRequest, DerivePinKeyResponse, InitOrgCryptoRequest, InitUserCryptoRequest,
    UpdatePasswordResponse,
};
use bitwarden_crypto::{AsymmetricEncString, EncString};

use crate::{
    error::{Error, Result},
    Client,
};

#[derive(uniffi::Object)]
pub struct CryptoClient(pub(crate) Arc<Client>);

#[uniffi::export(async_runtime = "tokio")]
impl CryptoClient {
    /// Initialization method for the user crypto. Needs to be called before any other crypto
    /// operations.
    pub async fn initialize_user_crypto(&self, req: InitUserCryptoRequest) -> Result<()> {
        Ok(self
            .0
             .0
            .crypto()
            .initialize_user_crypto(req)
            .await
            .map_err(Error::EncryptionSettings)?)
    }

    /// Initialization method for the organization crypto. Needs to be called after
    /// `initialize_user_crypto` but before any other crypto operations.
    pub async fn initialize_org_crypto(&self, req: InitOrgCryptoRequest) -> Result<()> {
        Ok(self
            .0
             .0
            .crypto()
            .initialize_org_crypto(req)
            .await
            .map_err(Error::EncryptionSettings)?)
    }

    /// Get the uses's decrypted encryption key. Note: It's very important
    /// to keep this key safe, as it can be used to decrypt all of the user's data
    pub async fn get_user_encryption_key(&self) -> Result<String> {
        Ok(self
            .0
             .0
            .crypto()
            .get_user_encryption_key()
            .await
            .map_err(Error::MobileCrypto)?)
    }

    /// Update the user's password, which will re-encrypt the user's encryption key with the new
    /// password. This returns the new encrypted user key and the new password hash.
    pub fn update_password(&self, new_password: String) -> Result<UpdatePasswordResponse> {
        Ok(self
            .0
             .0
            .crypto()
            .update_password(new_password)
            .map_err(Error::MobileCrypto)?)
    }

    /// Generates a PIN protected user key from the provided PIN. The result can be stored and later
    /// used to initialize another client instance by using the PIN and the PIN key with
    /// `initialize_user_crypto`.
    pub fn derive_pin_key(&self, pin: String) -> Result<DerivePinKeyResponse> {
        Ok(self
            .0
             .0
            .crypto()
            .derive_pin_key(pin)
            .map_err(Error::MobileCrypto)?)
    }

    /// Derives the pin protected user key from encrypted pin. Used when pin requires master
    /// password on first unlock.
    pub fn derive_pin_user_key(&self, encrypted_pin: EncString) -> Result<EncString> {
        Ok(self
            .0
             .0
            .crypto()
            .derive_pin_user_key(encrypted_pin)
            .map_err(Error::MobileCrypto)?)
    }

    pub fn enroll_admin_password_reset(&self, public_key: String) -> Result<AsymmetricEncString> {
        Ok(self
            .0
             .0
            .crypto()
            .enroll_admin_password_reset(public_key)
            .map_err(Error::EnrollAdminPasswordReset)?)
    }

    /// Derive the master key for migrating to the key connector
    pub fn derive_key_connector(&self, request: DeriveKeyConnectorRequest) -> Result<String> {
        Ok(self
            .0
             .0
            .crypto()
            .derive_key_connector(request)
            .map_err(Error::DeriveKeyConnector)?)
    }
}