Skip to main content

bitwarden_uniffi/
crypto.rs

1use bitwarden_core::key_management::{
2    V2UpgradeToken,
3    crypto::{
4        DeriveKeyConnectorRequest, DerivePinKeyResponse, EnrollPinResponse, InitOrgCryptoRequest,
5        InitUserCryptoRequest, UpdateKdfResponse, UpdatePasswordResponse,
6    },
7};
8use bitwarden_crypto::{EncString, Kdf, RotateableKeySet, UnsignedSharedKey};
9use bitwarden_encoding::B64;
10
11use crate::error::Result;
12
13#[allow(missing_docs)]
14#[derive(uniffi::Object)]
15pub struct CryptoClient(pub(crate) bitwarden_core::key_management::CryptoClient);
16
17#[uniffi::export(async_runtime = "tokio")]
18impl CryptoClient {
19    /// Initialization method for the user crypto. Needs to be called before any other crypto
20    /// operations.
21    pub async fn initialize_user_crypto(&self, req: InitUserCryptoRequest) -> Result<()> {
22        Ok(self.0.initialize_user_crypto(req).await?)
23    }
24
25    /// Initialization method for the organization crypto. Needs to be called after
26    /// `initialize_user_crypto` but before any other crypto operations.
27    pub async fn initialize_org_crypto(&self, req: InitOrgCryptoRequest) -> Result<()> {
28        Ok(self.0.initialize_org_crypto(req).await?)
29    }
30
31    /// Get the uses's decrypted encryption key. Note: It's very important
32    /// to keep this key safe, as it can be used to decrypt all of the user's data
33    pub async fn get_user_encryption_key(&self) -> Result<B64> {
34        Ok(self.0.get_user_encryption_key().await?)
35    }
36
37    /// Create the data necessary to update the user's password. The user's encryption key is
38    /// re-encrypted with the new password. This returns the new encrypted user key and the new
39    /// password hash but does not update sdk state.
40    pub fn make_update_password(&self, new_password: String) -> Result<UpdatePasswordResponse> {
41        Ok(self.0.make_update_password(new_password)?)
42    }
43
44    /// Generates a PIN protected user key from the provided PIN. The result can be stored and later
45    /// used to initialize another client instance by using the PIN and the PIN key with
46    /// `initialize_user_crypto`.
47    pub fn derive_pin_key(&self, pin: String) -> Result<DerivePinKeyResponse> {
48        Ok(self.0.derive_pin_key(pin)?)
49    }
50
51    /// Derives the pin protected user key from encrypted pin. Used when pin requires master
52    /// password on first unlock.
53    pub fn derive_pin_user_key(&self, encrypted_pin: EncString) -> Result<EncString> {
54        Ok(self.0.derive_pin_user_key(encrypted_pin)?)
55    }
56
57    /// Protects the current user key with the provided PIN. The result can be stored and later
58    /// used to initialize another client instance by using the PIN and the PIN key with
59    /// `initialize_user_crypto`.
60    pub fn enroll_pin(&self, pin: String) -> Result<EnrollPinResponse> {
61        Ok(self.0.enroll_pin(pin)?)
62    }
63
64    /// Protects the current user key with the provided PIN. The result can be stored and later
65    /// used to initialize another client instance by using the PIN and the PIN key with
66    /// `initialize_user_crypto`. The provided pin is encrypted with the user key.
67    pub fn enroll_pin_with_encrypted_pin(
68        &self,
69        encrypted_pin: EncString,
70    ) -> Result<EnrollPinResponse> {
71        Ok(self
72            .0
73            .enroll_pin_with_encrypted_pin(encrypted_pin.to_string())?)
74    }
75
76    pub fn enroll_admin_password_reset(&self, public_key: B64) -> Result<UnsignedSharedKey> {
77        Ok(self.0.enroll_admin_password_reset(public_key)?)
78    }
79
80    /// Derive the master key for migrating to the key connector
81    pub fn derive_key_connector(&self, request: DeriveKeyConnectorRequest) -> Result<B64> {
82        Ok(self.0.derive_key_connector(request)?)
83    }
84
85    /// Creates the a new rotateable key set for the current user key protected
86    /// by a key derived from the given PRF.
87    pub fn make_prf_user_key_set(&self, prf: B64) -> Result<RotateableKeySet> {
88        Ok(self.0.make_prf_user_key_set(prf)?)
89    }
90
91    /// Create the data necessary to update the user's kdf settings. The user's encryption key is
92    /// re-encrypted for the password under the new kdf settings. This returns the new encrypted
93    /// user key and the new password hash but does not update sdk state.
94    pub fn make_update_kdf(&self, password: String, kdf: Kdf) -> Result<UpdateKdfResponse> {
95        Ok(self.0.make_update_kdf(password, kdf)?)
96    }
97
98    /// Gets the upgraded V2 user key using an upgrade token.
99    /// If the current key is already V2, returns it directly.
100    /// If the current key is V1 and a token is provided, extracts the V2 key.
101    pub fn get_upgraded_user_key(&self, upgrade_token: Option<V2UpgradeToken>) -> Result<B64> {
102        Ok(self.0.get_upgraded_user_key(upgrade_token)?)
103    }
104}