bitwarden_uniffi/crypto.rs
1use bitwarden_core::key_management::crypto::{
2 DeriveKeyConnectorRequest, DerivePinKeyResponse, EnrollPinResponse, InitOrgCryptoRequest,
3 InitUserCryptoRequest, UpdateKdfResponse, UpdatePasswordResponse,
4};
5use bitwarden_crypto::{EncString, Kdf, UnsignedSharedKey};
6use bitwarden_encoding::B64;
7
8use crate::error::Result;
9
10#[allow(missing_docs)]
11#[derive(uniffi::Object)]
12pub struct CryptoClient(pub(crate) bitwarden_core::key_management::CryptoClient);
13
14#[uniffi::export(async_runtime = "tokio")]
15impl CryptoClient {
16 /// Initialization method for the user crypto. Needs to be called before any other crypto
17 /// operations.
18 pub async fn initialize_user_crypto(&self, req: InitUserCryptoRequest) -> Result<()> {
19 Ok(self.0.initialize_user_crypto(req).await?)
20 }
21
22 /// Initialization method for the organization crypto. Needs to be called after
23 /// `initialize_user_crypto` but before any other crypto operations.
24 pub async fn initialize_org_crypto(&self, req: InitOrgCryptoRequest) -> Result<()> {
25 Ok(self.0.initialize_org_crypto(req).await?)
26 }
27
28 /// Get the uses's decrypted encryption key. Note: It's very important
29 /// to keep this key safe, as it can be used to decrypt all of the user's data
30 pub async fn get_user_encryption_key(&self) -> Result<B64> {
31 Ok(self.0.get_user_encryption_key().await?)
32 }
33
34 /// Create the data necessary to update the user's password. The user's encryption key is
35 /// re-encrypted with the new password. This returns the new encrypted user key and the new
36 /// password hash but does not update sdk state.
37 ///
38 /// Note: This is deprecated and `make_update_password` should be used instead
39 pub fn update_password(&self, new_password: String) -> Result<UpdatePasswordResponse> {
40 self.make_update_password(new_password)
41 }
42
43 /// Create the data necessary to update the user's password. The user's encryption key is
44 /// re-encrypted with the new password. This returns the new encrypted user key and the new
45 /// password hash but does not update sdk state.
46 pub fn make_update_password(&self, new_password: String) -> Result<UpdatePasswordResponse> {
47 Ok(self.0.make_update_password(new_password)?)
48 }
49
50 /// Generates a PIN protected user key from the provided PIN. The result can be stored and later
51 /// used to initialize another client instance by using the PIN and the PIN key with
52 /// `initialize_user_crypto`.
53 pub fn derive_pin_key(&self, pin: String) -> Result<DerivePinKeyResponse> {
54 Ok(self.0.derive_pin_key(pin)?)
55 }
56
57 /// Derives the pin protected user key from encrypted pin. Used when pin requires master
58 /// password on first unlock.
59 pub fn derive_pin_user_key(&self, encrypted_pin: EncString) -> Result<EncString> {
60 Ok(self.0.derive_pin_user_key(encrypted_pin)?)
61 }
62
63 /// Protects the current user key with the provided PIN. The result can be stored and later
64 /// used to initialize another client instance by using the PIN and the PIN key with
65 /// `initialize_user_crypto`.
66 pub fn enroll_pin(&self, pin: String) -> Result<EnrollPinResponse> {
67 Ok(self.0.enroll_pin(pin)?)
68 }
69
70 /// Protects the current user key with the provided PIN. The result can be stored and later
71 /// used to initialize another client instance by using the PIN and the PIN key with
72 /// `initialize_user_crypto`. The provided pin is encrypted with the user key.
73 pub fn enroll_pin_with_encrypted_pin(
74 &self,
75 encrypted_pin: EncString,
76 ) -> Result<EnrollPinResponse> {
77 Ok(self
78 .0
79 .enroll_pin_with_encrypted_pin(encrypted_pin.to_string())?)
80 }
81
82 pub fn enroll_admin_password_reset(&self, public_key: B64) -> Result<UnsignedSharedKey> {
83 Ok(self.0.enroll_admin_password_reset(public_key)?)
84 }
85
86 /// Derive the master key for migrating to the key connector
87 pub fn derive_key_connector(&self, request: DeriveKeyConnectorRequest) -> Result<B64> {
88 Ok(self.0.derive_key_connector(request)?)
89 }
90
91 /// Create the data necessary to update the user's kdf settings. The user's encryption key is
92 /// re-encrypted for the password under the new kdf settings. This returns the new encrypted
93 /// user key and the new password hash but does not update sdk state.
94 pub fn make_update_kdf(&self, password: String, kdf: Kdf) -> Result<UpdateKdfResponse> {
95 Ok(self.0.make_update_kdf(password, kdf)?)
96 }
97}