bitwarden-core 3.0.0

Internal crate for the bitwarden crate. Do not use.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73

use bitwarden_crypto::{
    DeviceKey, EncString, Kdf, PublicKey, SpkiPublicKeyBytes, SymmetricCryptoKey,
    TrustDeviceResponse, UnsignedSharedKey, UserKey,
};
use bitwarden_encoding::B64;

use crate::{
    Client, client::encryption_settings::EncryptionSettingsError,
    key_management::account_cryptographic_state::WrappedAccountCryptographicState,
};

/// This function generates a new user key and key pair, initializes the client's crypto with the
/// generated user key, and encrypts the user key with the organization public key for admin
/// password reset. If remember_device is true, it also generates a device key.
pub(super) async fn make_register_tde_keys(
    client: &Client,
    email: String,
    org_public_key: B64,
    remember_device: bool,
) -> Result<RegisterTdeKeyResponse, EncryptionSettingsError> {
    let public_key = PublicKey::from_der(&SpkiPublicKeyBytes::from(&org_public_key))?;

    let user_key = UserKey::new(SymmetricCryptoKey::make_aes256_cbc_hmac_key());
    let key_pair = user_key.make_key_pair()?;

    #[expect(deprecated)]
    let admin_reset = UnsignedSharedKey::encapsulate_key_unsigned(&user_key.0, &public_key)?;

    let device_key = if remember_device {
        Some(DeviceKey::trust_device(&user_key.0)?)
    } else {
        None
    };

    client.internal.initialize_user_crypto_decrypted_key(
        user_key.0,
        // TODO (https://bitwarden.atlassian.net/browse/PM-21771) Signing keys are not supported on registration yet. This needs to be changed as
        // soon as registration is supported.
        WrappedAccountCryptographicState::V1 {
            private_key: key_pair.private.clone(),
        },
        &None,
    )?;

    client
        .internal
        .set_login_method(crate::client::LoginMethod::User(
            crate::client::UserLoginMethod::Username {
                client_id: "".to_owned(),
                email,
                kdf: Kdf::default_pbkdf2(),
            },
        ))
        .await;

    Ok(RegisterTdeKeyResponse {
        private_key: key_pair.private,
        public_key: key_pair.public,

        admin_reset,
        device_key,
    })
}

#[allow(missing_docs)]
#[cfg_attr(feature = "uniffi", derive(uniffi::Record))]
pub struct RegisterTdeKeyResponse {
    pub private_key: EncString,
    pub public_key: B64,

    pub admin_reset: UnsignedSharedKey,
    pub device_key: Option<TrustDeviceResponse>,
}