Skip to main content

bitwarden_core/key_management/
mod.rs

1//! This module contains the definition for the key identifiers used by the rest of the crates.
2//! Any code that needs to interact with the [KeyStore] should use these types.
3//!
4//! - [SymmetricKeySlotId] is used to identify symmetric keys.
5//! - [PrivateKeySlotId] is used to identify private keys.
6//! - [KeySlotIds] is a helper type that combines both symmetric and private key identifiers. This
7//!   is usually used in the type bounds of [KeyStore],
8//!   [KeyStoreContext](bitwarden_crypto::KeyStoreContext),
9//!   [PrimitiveEncryptable](bitwarden_crypto::PrimitiveEncryptable),
10//!   [CompositeEncryptable](bitwarden_crypto::CompositeEncryptable), and
11//!   [Decryptable](bitwarden_crypto::Decryptable).
12
13use bitwarden_crypto::{
14    EncString, KeyStore, SymmetricCryptoKey, key_slot_ids, safe::PasswordProtectedKeyEnvelope,
15};
16
17#[cfg(feature = "internal")]
18pub mod account_cryptographic_state;
19#[cfg(feature = "internal")]
20pub mod crypto;
21#[cfg(feature = "internal")]
22mod crypto_client;
23use bitwarden_encoding::B64;
24#[cfg(feature = "internal")]
25pub use crypto_client::CryptoClient;
26
27#[cfg(feature = "internal")]
28mod master_password;
29#[cfg(feature = "internal")]
30pub use master_password::{
31    MasterPasswordAuthenticationData, MasterPasswordError, MasterPasswordUnlockData,
32};
33#[cfg(feature = "internal")]
34mod security_state;
35#[cfg(feature = "internal")]
36pub use security_state::{
37    BLOB_SECURITY_VERSION, MINIMUM_ENFORCE_ICON_URI_HASH_VERSION, SecurityState,
38    SignedSecurityState,
39};
40#[cfg(feature = "internal")]
41mod user_decryption;
42use serde::{Deserialize, Serialize};
43#[cfg(feature = "wasm")]
44use tsify::Tsify;
45#[cfg(feature = "internal")]
46pub use user_decryption::UserDecryptionData;
47#[cfg(feature = "internal")]
48mod v2_upgrade_token;
49#[cfg(feature = "internal")]
50pub use v2_upgrade_token::{V2UpgradeToken, V2UpgradeTokenError};
51
52#[cfg(all(feature = "internal", feature = "wasm"))]
53mod wasm_unlock_state;
54
55#[cfg(feature = "internal")]
56mod local_user_data_key;
57#[cfg(feature = "internal")]
58mod local_user_data_key_state;
59
60/// A temporary bridge to access KM-related state from within the SDK.
61#[cfg(feature = "internal")]
62pub mod state_bridge;
63
64use crate::{OrganizationId, UserId};
65
66/// Represents the decrypted symmetric user-key of a user. This is held in ephemeral state of the
67/// client.
68#[derive(Serialize, Deserialize, Debug, Clone)]
69#[repr(transparent)]
70#[cfg_attr(feature = "wasm", derive(Tsify), tsify(into_wasm_abi, from_wasm_abi))]
71#[cfg_attr(feature = "uniffi", derive(uniffi::Record))]
72pub struct UserKeyState {
73    decrypted_user_key: B64,
74}
75
76bitwarden_state::register_repository_item!(String => UserKeyState, "UserKey");
77
78/// Represents the local user data key, wrapped by user key.
79/// This key is used to encrypt local user data (e.g., password generator history).
80#[derive(Serialize, Deserialize, Debug, Clone)]
81#[cfg_attr(feature = "wasm", derive(Tsify), tsify(into_wasm_abi, from_wasm_abi))]
82#[cfg_attr(feature = "uniffi", derive(uniffi::Record))]
83pub struct LocalUserDataKeyState {
84    wrapped_key: EncString,
85}
86
87bitwarden_state::register_repository_item!(UserId => LocalUserDataKeyState, "LocalUserDataKey");
88
89/// Represents the PIN envelope in memory, when ephemeral PIN unlock is used.
90#[derive(Serialize, Deserialize, Debug, Clone)]
91#[cfg_attr(feature = "wasm", derive(Tsify), tsify(into_wasm_abi, from_wasm_abi))]
92#[cfg_attr(feature = "uniffi", derive(uniffi::Record))]
93pub struct EphemeralPinEnvelopeState {
94    pin_envelope: PasswordProtectedKeyEnvelope,
95}
96
97bitwarden_state::register_repository_item!(String => EphemeralPinEnvelopeState, "EphemeralPinEnvelope");
98
99key_slot_ids! {
100    #[symmetric]
101    pub enum SymmetricKeySlotId {
102        Master,
103        User,
104        Organization(OrganizationId),
105        LocalUserData,
106        #[local]
107        Local(LocalId),
108    }
109
110    #[private]
111    pub enum PrivateKeySlotId {
112        UserPrivateKey,
113        #[local]
114        Local(LocalId),
115    }
116
117    #[signing]
118    pub enum SigningKeySlotId {
119        UserSigningKey,
120        #[local]
121        Local(LocalId),
122    }
123
124    pub KeySlotIds => SymmetricKeySlotId, PrivateKeySlotId, SigningKeySlotId;
125}
126
127/// This is a helper function to create a test KeyStore with a single user key.
128/// While this function is not marked as #[cfg(test)], it should only be used for testing purposes.
129/// It's only public so that other crates can make use of it in their own tests.
130pub fn create_test_crypto_with_user_key(key: SymmetricCryptoKey) -> KeyStore<KeySlotIds> {
131    let store = KeyStore::default();
132
133    #[allow(deprecated)]
134    store
135        .context_mut()
136        .set_symmetric_key(SymmetricKeySlotId::User, key.clone())
137        .expect("Mutable context");
138
139    store
140}
141
142/// This is a helper function to create a test KeyStore with a single user key and an organization
143/// key using the provided organization uuid. While this function is not marked as #[cfg(test)], it
144/// should only be used for testing purposes. It's only public so that other crates can make use of
145/// it in their own tests.
146pub fn create_test_crypto_with_user_and_org_key(
147    key: SymmetricCryptoKey,
148    org_id: OrganizationId,
149    org_key: SymmetricCryptoKey,
150) -> KeyStore<KeySlotIds> {
151    let store = KeyStore::default();
152
153    #[allow(deprecated)]
154    store
155        .context_mut()
156        .set_symmetric_key(SymmetricKeySlotId::User, key.clone())
157        .expect("Mutable context");
158
159    #[allow(deprecated)]
160    store
161        .context_mut()
162        .set_symmetric_key(SymmetricKeySlotId::Organization(org_id), org_key.clone())
163        .expect("Mutable context");
164
165    store
166}