Skip to main content

bitwarden_uniffi/
crypto.rs

1use bitwarden_core::key_management::{
2    V2UpgradeToken,
3    crypto::{
4        DeriveKeyConnectorRequest, DerivePinKeyResponse, EnrollPinResponse, InitOrgCryptoRequest,
5        InitUserCryptoRequest, ReinitUserCryptoRequest, UpdateKdfResponse, UpdatePasswordResponse,
6    },
7};
8use bitwarden_crypto::{EncString, Kdf, RotateableKeySet, UnsignedSharedKey};
9use bitwarden_encoding::B64;
10
11use crate::error::Result;
12
13#[allow(missing_docs)]
14#[derive(uniffi::Object)]
15pub struct CryptoClient(pub(crate) bitwarden_core::key_management::CryptoClient);
16
17#[uniffi::export(async_runtime = "tokio")]
18impl CryptoClient {
19    /// Initialization method for the user crypto. Needs to be called before any other crypto
20    /// operations.
21    pub async fn initialize_user_crypto(&self, req: InitUserCryptoRequest) -> Result<()> {
22        Ok(self.0.initialize_user_crypto(req).await?)
23    }
24
25    /// Initialization method for the organization crypto. Needs to be called after
26    /// `initialize_user_crypto` but before any other crypto operations.
27    pub async fn initialize_org_crypto(&self, req: InitOrgCryptoRequest) -> Result<()> {
28        Ok(self.0.initialize_org_crypto(req).await?)
29    }
30
31    /// Re-initialize the user's cryptographic state during an unlock session for handling a synced
32    /// v2 upgrade token. Requires the SDK to be unlocked. See
33    /// [`bitwarden_core::key_management::CryptoClient::reinit_user_crypto`].
34    pub async fn reinit_user_crypto(&self, req: ReinitUserCryptoRequest) -> Result<()> {
35        Ok(self.0.reinit_user_crypto(req).await?)
36    }
37
38    /// Get the uses's decrypted encryption key. Note: It's very important
39    /// to keep this key safe, as it can be used to decrypt all of the user's data
40    pub async fn get_user_encryption_key(&self) -> Result<B64> {
41        Ok(self.0.get_user_encryption_key().await?)
42    }
43
44    /// Create the data necessary to update the user's password. The user's encryption key is
45    /// re-encrypted with the new password. This returns the new encrypted user key and the new
46    /// password hash but does not update sdk state.
47    pub async fn make_update_password(
48        &self,
49        new_password: String,
50    ) -> Result<UpdatePasswordResponse> {
51        Ok(self.0.make_update_password(new_password).await?)
52    }
53
54    /// Generates a PIN protected user key from the provided PIN. The result can be stored and later
55    /// used to initialize another client instance by using the PIN and the PIN key with
56    /// `initialize_user_crypto`.
57    pub async fn derive_pin_key(&self, pin: String) -> Result<DerivePinKeyResponse> {
58        Ok(self.0.derive_pin_key(pin).await?)
59    }
60
61    /// Derives the pin protected user key from encrypted pin. Used when pin requires master
62    /// password on first unlock.
63    pub async fn derive_pin_user_key(&self, encrypted_pin: EncString) -> Result<EncString> {
64        Ok(self.0.derive_pin_user_key(encrypted_pin).await?)
65    }
66
67    /// Protects the current user key with the provided PIN. The result can be stored and later
68    /// used to initialize another client instance by using the PIN and the PIN key with
69    /// `initialize_user_crypto`.
70    pub fn enroll_pin(&self, pin: String) -> Result<EnrollPinResponse> {
71        Ok(self.0.enroll_pin(pin)?)
72    }
73
74    /// Protects the current user key with the provided PIN. The result can be stored and later
75    /// used to initialize another client instance by using the PIN and the PIN key with
76    /// `initialize_user_crypto`. The provided pin is encrypted with the user key.
77    pub fn enroll_pin_with_encrypted_pin(
78        &self,
79        encrypted_pin: EncString,
80    ) -> Result<EnrollPinResponse> {
81        Ok(self
82            .0
83            .enroll_pin_with_encrypted_pin(encrypted_pin.to_string())?)
84    }
85
86    pub fn enroll_admin_password_reset(&self, public_key: B64) -> Result<UnsignedSharedKey> {
87        Ok(self.0.enroll_admin_password_reset(public_key)?)
88    }
89
90    /// Derive the master key for migrating to the key connector
91    pub fn derive_key_connector(&self, request: DeriveKeyConnectorRequest) -> Result<B64> {
92        Ok(self.0.derive_key_connector(request)?)
93    }
94
95    /// Creates the a new rotateable key set for the current user key protected
96    /// by a key derived from the given PRF.
97    pub fn make_prf_user_key_set(&self, prf: B64) -> Result<RotateableKeySet> {
98        Ok(self.0.make_prf_user_key_set(prf)?)
99    }
100
101    /// Create the data necessary to update the user's kdf settings. The user's encryption key is
102    /// re-encrypted for the password under the new kdf settings. This returns the new encrypted
103    /// user key and the new password hash but does not update sdk state.
104    pub async fn make_update_kdf(&self, password: String, kdf: Kdf) -> Result<UpdateKdfResponse> {
105        Ok(self.0.make_update_kdf(password, kdf).await?)
106    }
107
108    /// Gets the upgraded V2 user key using an upgrade token.
109    /// If the current key is already V2, returns it directly.
110    /// If the current key is V1 and a token is provided, extracts the V2 key.
111    pub fn get_upgraded_user_key(&self, upgrade_token: Option<V2UpgradeToken>) -> Result<B64> {
112        Ok(self.0.get_upgraded_user_key(upgrade_token)?)
113    }
114}