bitwarden_uniffi/
crypto.rs

1use bitwarden_core::key_management::crypto::{
2    DeriveKeyConnectorRequest, DerivePinKeyResponse, EnrollPinResponse, InitOrgCryptoRequest,
3    InitUserCryptoRequest, UpdateKdfResponse, UpdatePasswordResponse,
4};
5use bitwarden_crypto::{EncString, Kdf, UnsignedSharedKey};
6use bitwarden_encoding::B64;
7
8use crate::error::Result;
9
10#[allow(missing_docs)]
11#[derive(uniffi::Object)]
12pub struct CryptoClient(pub(crate) bitwarden_core::key_management::CryptoClient);
13
14#[uniffi::export(async_runtime = "tokio")]
15impl CryptoClient {
16    /// Initialization method for the user crypto. Needs to be called before any other crypto
17    /// operations.
18    pub async fn initialize_user_crypto(&self, req: InitUserCryptoRequest) -> Result<()> {
19        Ok(self.0.initialize_user_crypto(req).await?)
20    }
21
22    /// Initialization method for the organization crypto. Needs to be called after
23    /// `initialize_user_crypto` but before any other crypto operations.
24    pub async fn initialize_org_crypto(&self, req: InitOrgCryptoRequest) -> Result<()> {
25        Ok(self.0.initialize_org_crypto(req).await?)
26    }
27
28    /// Get the uses's decrypted encryption key. Note: It's very important
29    /// to keep this key safe, as it can be used to decrypt all of the user's data
30    pub async fn get_user_encryption_key(&self) -> Result<B64> {
31        Ok(self.0.get_user_encryption_key().await?)
32    }
33
34    /// Create the data necessary to update the user's password. The user's encryption key is
35    /// re-encrypted with the new password. This returns the new encrypted user key and the new
36    /// password hash but does not update sdk state.
37    ///
38    /// Note: This is deprecated and `make_update_password` should be used instead
39    pub fn update_password(&self, new_password: String) -> Result<UpdatePasswordResponse> {
40        self.make_update_password(new_password)
41    }
42
43    /// Create the data necessary to update the user's password. The user's encryption key is
44    /// re-encrypted with the new password. This returns the new encrypted user key and the new
45    /// password hash but does not update sdk state.
46    pub fn make_update_password(&self, new_password: String) -> Result<UpdatePasswordResponse> {
47        Ok(self.0.make_update_password(new_password)?)
48    }
49
50    /// Generates a PIN protected user key from the provided PIN. The result can be stored and later
51    /// used to initialize another client instance by using the PIN and the PIN key with
52    /// `initialize_user_crypto`.
53    pub fn derive_pin_key(&self, pin: String) -> Result<DerivePinKeyResponse> {
54        Ok(self.0.derive_pin_key(pin)?)
55    }
56
57    /// Derives the pin protected user key from encrypted pin. Used when pin requires master
58    /// password on first unlock.
59    pub fn derive_pin_user_key(&self, encrypted_pin: EncString) -> Result<EncString> {
60        Ok(self.0.derive_pin_user_key(encrypted_pin)?)
61    }
62
63    /// Protects the current user key with the provided PIN. The result can be stored and later
64    /// used to initialize another client instance by using the PIN and the PIN key with
65    /// `initialize_user_crypto`.
66    pub fn enroll_pin(&self, pin: String) -> Result<EnrollPinResponse> {
67        Ok(self.0.enroll_pin(pin)?)
68    }
69
70    /// Protects the current user key with the provided PIN. The result can be stored and later
71    /// used to initialize another client instance by using the PIN and the PIN key with
72    /// `initialize_user_crypto`. The provided pin is encrypted with the user key.
73    pub fn enroll_pin_with_encrypted_pin(
74        &self,
75        encrypted_pin: EncString,
76    ) -> Result<EnrollPinResponse> {
77        Ok(self
78            .0
79            .enroll_pin_with_encrypted_pin(encrypted_pin.to_string())?)
80    }
81
82    pub fn enroll_admin_password_reset(&self, public_key: B64) -> Result<UnsignedSharedKey> {
83        Ok(self.0.enroll_admin_password_reset(public_key)?)
84    }
85
86    /// Derive the master key for migrating to the key connector
87    pub fn derive_key_connector(&self, request: DeriveKeyConnectorRequest) -> Result<B64> {
88        Ok(self.0.derive_key_connector(request)?)
89    }
90
91    /// Create the data necessary to update the user's kdf settings. The user's encryption key is
92    /// re-encrypted for the password under the new kdf settings. This returns the new encrypted
93    /// user key and the new password hash but does not update sdk state.
94    pub fn make_update_kdf(&self, password: String, kdf: Kdf) -> Result<UpdateKdfResponse> {
95        Ok(self.0.make_update_kdf(password, kdf)?)
96    }
97}