bitwarden_uniffi/
crypto.rs

1use bitwarden_core::key_management::crypto::{
2    DeriveKeyConnectorRequest, DerivePinKeyResponse, InitOrgCryptoRequest, InitUserCryptoRequest,
3    UpdatePasswordResponse,
4};
5use bitwarden_crypto::{EncString, UnsignedSharedKey};
6
7use crate::error::{Error, Result};
8
9#[allow(missing_docs)]
10#[derive(uniffi::Object)]
11pub struct CryptoClient(pub(crate) bitwarden_core::key_management::CryptoClient);
12
13#[uniffi::export(async_runtime = "tokio")]
14impl CryptoClient {
15    /// Initialization method for the user crypto. Needs to be called before any other crypto
16    /// operations.
17    pub async fn initialize_user_crypto(&self, req: InitUserCryptoRequest) -> Result<()> {
18        Ok(self
19            .0
20            .initialize_user_crypto(req)
21            .await
22            .map_err(Error::EncryptionSettings)?)
23    }
24
25    /// Initialization method for the organization crypto. Needs to be called after
26    /// `initialize_user_crypto` but before any other crypto operations.
27    pub async fn initialize_org_crypto(&self, req: InitOrgCryptoRequest) -> Result<()> {
28        Ok(self
29            .0
30            .initialize_org_crypto(req)
31            .await
32            .map_err(Error::EncryptionSettings)?)
33    }
34
35    /// Get the uses's decrypted encryption key. Note: It's very important
36    /// to keep this key safe, as it can be used to decrypt all of the user's data
37    pub async fn get_user_encryption_key(&self) -> Result<String> {
38        Ok(self
39            .0
40            .get_user_encryption_key()
41            .await
42            .map_err(Error::MobileCrypto)?)
43    }
44
45    /// Update the user's password, which will re-encrypt the user's encryption key with the new
46    /// password. This returns the new encrypted user key and the new password hash.
47    pub fn update_password(&self, new_password: String) -> Result<UpdatePasswordResponse> {
48        Ok(self
49            .0
50            .update_password(new_password)
51            .map_err(Error::MobileCrypto)?)
52    }
53
54    /// Generates a PIN protected user key from the provided PIN. The result can be stored and later
55    /// used to initialize another client instance by using the PIN and the PIN key with
56    /// `initialize_user_crypto`.
57    pub fn derive_pin_key(&self, pin: String) -> Result<DerivePinKeyResponse> {
58        Ok(self.0.derive_pin_key(pin).map_err(Error::MobileCrypto)?)
59    }
60
61    /// Derives the pin protected user key from encrypted pin. Used when pin requires master
62    /// password on first unlock.
63    pub fn derive_pin_user_key(&self, encrypted_pin: EncString) -> Result<EncString> {
64        Ok(self
65            .0
66            .derive_pin_user_key(encrypted_pin)
67            .map_err(Error::MobileCrypto)?)
68    }
69
70    pub fn enroll_admin_password_reset(&self, public_key: String) -> Result<UnsignedSharedKey> {
71        Ok(self
72            .0
73            .enroll_admin_password_reset(public_key)
74            .map_err(Error::EnrollAdminPasswordReset)?)
75    }
76
77    /// Derive the master key for migrating to the key connector
78    pub fn derive_key_connector(&self, request: DeriveKeyConnectorRequest) -> Result<String> {
79        Ok(self
80            .0
81            .derive_key_connector(request)
82            .map_err(Error::DeriveKeyConnector)?)
83    }
84}