bitwarden_uniffi/
crypto.rs

1use bitwarden_core::mobile::crypto::{
2    DeriveKeyConnectorRequest, DerivePinKeyResponse, InitOrgCryptoRequest, InitUserCryptoRequest,
3    UpdatePasswordResponse,
4};
5use bitwarden_crypto::{EncString, UnsignedSharedKey};
6
7use crate::error::{Error, Result};
8
9#[derive(uniffi::Object)]
10pub struct CryptoClient(pub(crate) bitwarden_core::mobile::CryptoClient);
11
12#[uniffi::export(async_runtime = "tokio")]
13impl CryptoClient {
14    /// Initialization method for the user crypto. Needs to be called before any other crypto
15    /// operations.
16    pub async fn initialize_user_crypto(&self, req: InitUserCryptoRequest) -> Result<()> {
17        Ok(self
18            .0
19            .initialize_user_crypto(req)
20            .await
21            .map_err(Error::EncryptionSettings)?)
22    }
23
24    /// Initialization method for the organization crypto. Needs to be called after
25    /// `initialize_user_crypto` but before any other crypto operations.
26    pub async fn initialize_org_crypto(&self, req: InitOrgCryptoRequest) -> Result<()> {
27        Ok(self
28            .0
29            .initialize_org_crypto(req)
30            .await
31            .map_err(Error::EncryptionSettings)?)
32    }
33
34    /// Get the uses's decrypted encryption key. Note: It's very important
35    /// to keep this key safe, as it can be used to decrypt all of the user's data
36    pub async fn get_user_encryption_key(&self) -> Result<String> {
37        Ok(self
38            .0
39            .get_user_encryption_key()
40            .await
41            .map_err(Error::MobileCrypto)?)
42    }
43
44    /// Update the user's password, which will re-encrypt the user's encryption key with the new
45    /// password. This returns the new encrypted user key and the new password hash.
46    pub fn update_password(&self, new_password: String) -> Result<UpdatePasswordResponse> {
47        Ok(self
48            .0
49            .update_password(new_password)
50            .map_err(Error::MobileCrypto)?)
51    }
52
53    /// Generates a PIN protected user key from the provided PIN. The result can be stored and later
54    /// used to initialize another client instance by using the PIN and the PIN key with
55    /// `initialize_user_crypto`.
56    pub fn derive_pin_key(&self, pin: String) -> Result<DerivePinKeyResponse> {
57        Ok(self.0.derive_pin_key(pin).map_err(Error::MobileCrypto)?)
58    }
59
60    /// Derives the pin protected user key from encrypted pin. Used when pin requires master
61    /// password on first unlock.
62    pub fn derive_pin_user_key(&self, encrypted_pin: EncString) -> Result<EncString> {
63        Ok(self
64            .0
65            .derive_pin_user_key(encrypted_pin)
66            .map_err(Error::MobileCrypto)?)
67    }
68
69    pub fn enroll_admin_password_reset(&self, public_key: String) -> Result<UnsignedSharedKey> {
70        Ok(self
71            .0
72            .enroll_admin_password_reset(public_key)
73            .map_err(Error::EnrollAdminPasswordReset)?)
74    }
75
76    /// Derive the master key for migrating to the key connector
77    pub fn derive_key_connector(&self, request: DeriveKeyConnectorRequest) -> Result<String> {
78        Ok(self
79            .0
80            .derive_key_connector(request)
81            .map_err(Error::DeriveKeyConnector)?)
82    }
83}