@bitwarden/sdk-internal 0.2.0-main.200 → 0.2.0-main.202

package/node/bitwarden_wasm_internal.d.ts

@@ -117,6 +117,10 @@ export interface InitUserCryptoRequest {
    * The user\'s encrypted private key
    */
   privateKey: EncString;
+  /**
+   * The user\'s signing key
+   */
+  signingKey: EncString | undefined;
   /**
    * The initialization method to use
    */
@@ -157,6 +161,56 @@ export interface InitOrgCryptoRequest {
   organizationKeys: Map<Uuid, UnsignedSharedKey>;
 }
 
+/**
+ * Response from the `update_password` function
+ */
+export interface UpdatePasswordResponse {
+  /**
+   * Hash of the new password
+   */
+  passwordHash: string;
+  /**
+   * User key, encrypted with the new password
+   */
+  newKey: EncString;
+}
+
+/**
+ * Request for deriving a pin protected user key
+ */
+export interface DerivePinKeyResponse {
+  /**
+   * [UserKey] protected by PIN
+   */
+  pinProtectedUserKey: EncString;
+  /**
+   * PIN protected by [UserKey]
+   */
+  encryptedPin: EncString;
+}
+
+/**
+ * Request for migrating an account from password to key connector.
+ */
+export interface DeriveKeyConnectorRequest {
+  /**
+   * Encrypted user key, used to validate the master key
+   */
+  userKeyEncrypted: EncString;
+  /**
+   * The user\'s master password
+   */
+  password: string;
+  /**
+   * The KDF parameters used to derive the master key
+   */
+  kdf: Kdf;
+  /**
+   * The user\'s email address
+   */
+  email: string;
+}
+
 /**
  * Response from the `make_key_pair` function
  */
@@ -203,11 +257,50 @@ export interface VerifyAsymmetricKeysResponse {
   validPrivateKey: boolean;
 }
 
+/**
+ * A new signing key pair along with the signed public key
+ */
+export interface MakeUserSigningKeysResponse {
+  /**
+   * Base64 encoded verifying key
+   */
+  verifyingKey: string;
+  /**
+   * Signing key, encrypted with the user\'s symmetric key
+   */
+  signingKey: EncString;
+  /**
+   * The user\'s public key, signed by the signing key
+   */
+  signedPublicKey: SignedPublicKey;
+}
+
 /**
  * NewType wrapper for `OrganizationId`
  */
 export type OrganizationId = Tagged<Uuid, "OrganizationId">;
 
+export interface DeriveKeyConnectorError extends Error {
+  name: "DeriveKeyConnectorError";
+  variant: "WrongPassword" | "Crypto";
+}
+
+export function isDeriveKeyConnectorError(error: any): error is DeriveKeyConnectorError;
+
+export interface EnrollAdminPasswordResetError extends Error {
+  name: "EnrollAdminPasswordResetError";
+  variant: "VaultLocked" | "Crypto" | "InvalidBase64";
+}
+
+export function isEnrollAdminPasswordResetError(error: any): error is EnrollAdminPasswordResetError;
+
+export interface CryptoClientError extends Error {
+  name: "CryptoClientError";
+  variant: "NotAuthenticated" | "VaultLocked" | "Crypto";
+}
+
+export function isCryptoClientError(error: any): error is CryptoClientError;
+
 export interface EncryptionSettingsError extends Error {
   name: "EncryptionSettingsError";
   variant:
@@ -289,6 +382,13 @@ export type UnsignedSharedKey = string;
 
 export type EncString = string;
 
+export type SignedPublicKey = string;
+
+/**
+ * The type of key / signature scheme used for signing and verifying.
+ */
+export type SignatureAlgorithm = "ed25519";
+
 /**
  * Key Derivation Function for Bitwarden Account
  *
@@ -320,7 +420,10 @@ export interface CryptoError extends Error {
     | "ZeroNumber"
     | "OperationNotSupported"
     | "WrongKeyType"
-    | "InvalidNonceLength";
+    | "WrongCoseKeyId"
+    | "InvalidNonceLength"
+    | "SignatureError"
+    | "EncodingError";
 }
 
 export function isCryptoError(error: any): error is CryptoError;
@@ -1069,6 +1172,9 @@ export class CiphersClient {
   move_to_organization(cipher_view: CipherView, organization_id: OrganizationId): CipherView;
   decrypt_fido2_private_key(cipher_view: CipherView): string;
 }
+/**
+ * A client for the crypto operations.
+ */
 export class CryptoClient {
   private constructor();
   free(): void;
@@ -1093,6 +1199,10 @@ export class CryptoClient {
    * Crypto initialization not required.
    */
   verify_asymmetric_keys(request: VerifyAsymmetricKeysRequest): VerifyAsymmetricKeysResponse;
+  /**
+   * Makes a new signing key pair and signs the public key for the user
+   */
+  make_user_signing_keys_for_enrollment(): MakeUserSigningKeysResponse;
 }
 export class ExporterClient {
   private constructor();
@@ -1337,6 +1447,25 @@ export class PureCrypto {
     encapsulated_key: string,
     decapsulation_key: Uint8Array,
   ): Uint8Array;
+  /**
+   * Given a wrapped signing key and the symmetric key it is wrapped with, this returns
+   * the corresponding verifying key.
+   */
+  static verifying_key_for_signing_key(signing_key: string, wrapping_key: Uint8Array): Uint8Array;
+  /**
+   * Returns the algorithm used for the given verifying key.
+   */
+  static key_algorithm_for_verifying_key(verifying_key: Uint8Array): SignatureAlgorithm;
+  /**
+   * For a given signing identity (verifying key), this function verifies that the signing
+   * identity claimed ownership of the public key. This is a one-sided claim and merely shows
+   * that the signing identity has the intent to receive messages encrypted to the public
+   * key.
+   */
+  static verify_and_unwrap_signed_public_key(
+    signed_public_key: Uint8Array,
+    verifying_key: Uint8Array,
+  ): Uint8Array;
 }
 export class TotpClient {
   private constructor();

package/node/bitwarden_wasm_internal.js

@@ -245,6 +245,45 @@ function addBorrowedObject(obj) {
   heap[--stack_pointer] = obj;
   return stack_pointer;
 }
+/**
+ * @param {any} error
+ * @returns {boolean}
+ */
+module.exports.isDeriveKeyConnectorError = function (error) {
+  try {
+    const ret = wasm.isDeriveKeyConnectorError(addBorrowedObject(error));
+    return ret !== 0;
+  } finally {
+    heap[stack_pointer++] = undefined;
+  }
+};
+
+/**
+ * @param {any} error
+ * @returns {boolean}
+ */
+module.exports.isEnrollAdminPasswordResetError = function (error) {
+  try {
+    const ret = wasm.isEnrollAdminPasswordResetError(addBorrowedObject(error));
+    return ret !== 0;
+  } finally {
+    heap[stack_pointer++] = undefined;
+  }
+};
+
+/**
+ * @param {any} error
+ * @returns {boolean}
+ */
+module.exports.isCryptoClientError = function (error) {
+  try {
+    const ret = wasm.isCryptoClientError(addBorrowedObject(error));
+    return ret !== 0;
+  } finally {
+    heap[stack_pointer++] = undefined;
+  }
+};
+
 /**
  * @param {any} error
  * @returns {boolean}
@@ -666,7 +705,7 @@ function __wbg_adapter_56(arg0, arg1, arg2) {
   );
 }
 
-function __wbg_adapter_253(arg0, arg1, arg2, arg3) {
+function __wbg_adapter_260(arg0, arg1, arg2, arg3) {
   wasm.wasm_bindgen__convert__closures__invoke2_mut__h334034c47a371f71(
     arg0,
     arg1,
@@ -1193,7 +1232,9 @@ const CryptoClientFinalization =
   typeof FinalizationRegistry === "undefined"
     ? { register: () => {}, unregister: () => {} }
     : new FinalizationRegistry((ptr) => wasm.__wbg_cryptoclient_free(ptr >>> 0, 1));
-
+/**
+ * A client for the crypto operations.
+ */
 class CryptoClient {
   static __wrap(ptr) {
     ptr = ptr >>> 0;
@@ -1279,6 +1320,25 @@ class CryptoClient {
       wasm.__wbindgen_add_to_stack_pointer(16);
     }
   }
+  /**
+   * Makes a new signing key pair and signs the public key for the user
+   * @returns {MakeUserSigningKeysResponse}
+   */
+  make_user_signing_keys_for_enrollment() {
+    try {
+      const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
+      wasm.cryptoclient_make_user_signing_keys_for_enrollment(retptr, this.__wbg_ptr);
+      var r0 = getDataViewMemory0().getInt32(retptr + 4 * 0, true);
+      var r1 = getDataViewMemory0().getInt32(retptr + 4 * 1, true);
+      var r2 = getDataViewMemory0().getInt32(retptr + 4 * 2, true);
+      if (r2) {
+        throw takeObject(r1);
+      }
+      return takeObject(r0);
+    } finally {
+      wasm.__wbindgen_add_to_stack_pointer(16);
+    }
+  }
 }
 module.exports.CryptoClient = CryptoClient;
 
@@ -2796,6 +2856,88 @@ class PureCrypto {
       wasm.__wbindgen_add_to_stack_pointer(16);
     }
   }
+  /**
+   * Given a wrapped signing key and the symmetric key it is wrapped with, this returns
+   * the corresponding verifying key.
+   * @param {string} signing_key
+   * @param {Uint8Array} wrapping_key
+   * @returns {Uint8Array}
+   */
+  static verifying_key_for_signing_key(signing_key, wrapping_key) {
+    try {
+      const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
+      const ptr0 = passStringToWasm0(signing_key, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
+      const len0 = WASM_VECTOR_LEN;
+      const ptr1 = passArray8ToWasm0(wrapping_key, wasm.__wbindgen_malloc);
+      const len1 = WASM_VECTOR_LEN;
+      wasm.purecrypto_verifying_key_for_signing_key(retptr, ptr0, len0, ptr1, len1);
+      var r0 = getDataViewMemory0().getInt32(retptr + 4 * 0, true);
+      var r1 = getDataViewMemory0().getInt32(retptr + 4 * 1, true);
+      var r2 = getDataViewMemory0().getInt32(retptr + 4 * 2, true);
+      var r3 = getDataViewMemory0().getInt32(retptr + 4 * 3, true);
+      if (r3) {
+        throw takeObject(r2);
+      }
+      var v3 = getArrayU8FromWasm0(r0, r1).slice();
+      wasm.__wbindgen_free(r0, r1 * 1, 1);
+      return v3;
+    } finally {
+      wasm.__wbindgen_add_to_stack_pointer(16);
+    }
+  }
+  /**
+   * Returns the algorithm used for the given verifying key.
+   * @param {Uint8Array} verifying_key
+   * @returns {SignatureAlgorithm}
+   */
+  static key_algorithm_for_verifying_key(verifying_key) {
+    try {
+      const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
+      const ptr0 = passArray8ToWasm0(verifying_key, wasm.__wbindgen_malloc);
+      const len0 = WASM_VECTOR_LEN;
+      wasm.purecrypto_key_algorithm_for_verifying_key(retptr, ptr0, len0);
+      var r0 = getDataViewMemory0().getInt32(retptr + 4 * 0, true);
+      var r1 = getDataViewMemory0().getInt32(retptr + 4 * 1, true);
+      var r2 = getDataViewMemory0().getInt32(retptr + 4 * 2, true);
+      if (r2) {
+        throw takeObject(r1);
+      }
+      return takeObject(r0);
+    } finally {
+      wasm.__wbindgen_add_to_stack_pointer(16);
+    }
+  }
+  /**
+   * For a given signing identity (verifying key), this function verifies that the signing
+   * identity claimed ownership of the public key. This is a one-sided claim and merely shows
+   * that the signing identity has the intent to receive messages encrypted to the public
+   * key.
+   * @param {Uint8Array} signed_public_key
+   * @param {Uint8Array} verifying_key
+   * @returns {Uint8Array}
+   */
+  static verify_and_unwrap_signed_public_key(signed_public_key, verifying_key) {
+    try {
+      const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
+      const ptr0 = passArray8ToWasm0(signed_public_key, wasm.__wbindgen_malloc);
+      const len0 = WASM_VECTOR_LEN;
+      const ptr1 = passArray8ToWasm0(verifying_key, wasm.__wbindgen_malloc);
+      const len1 = WASM_VECTOR_LEN;
+      wasm.purecrypto_verify_and_unwrap_signed_public_key(retptr, ptr0, len0, ptr1, len1);
+      var r0 = getDataViewMemory0().getInt32(retptr + 4 * 0, true);
+      var r1 = getDataViewMemory0().getInt32(retptr + 4 * 1, true);
+      var r2 = getDataViewMemory0().getInt32(retptr + 4 * 2, true);
+      var r3 = getDataViewMemory0().getInt32(retptr + 4 * 3, true);
+      if (r3) {
+        throw takeObject(r2);
+      }
+      var v3 = getArrayU8FromWasm0(r0, r1).slice();
+      wasm.__wbindgen_free(r0, r1 * 1, 1);
+      return v3;
+    } finally {
+      wasm.__wbindgen_add_to_stack_pointer(16);
+    }
+  }
 }
 module.exports.PureCrypto = PureCrypto;
 
@@ -3198,7 +3340,7 @@ module.exports.__wbg_new_23a2665fac83c611 = function (arg0, arg1) {
       const a = state0.a;
       state0.a = 0;
       try {
-        return __wbg_adapter_253(a, state0.b, arg0, arg1);
+        return __wbg_adapter_260(a, state0.b, arg0, arg1);
       } finally {
         state0.a = a;
       }
@@ -3555,18 +3697,18 @@ module.exports.__wbindgen_cb_drop = function (arg0) {
   return ret;
 };
 
-module.exports.__wbindgen_closure_wrapper2349 = function (arg0, arg1, arg2) {
-  const ret = makeMutClosure(arg0, arg1, 674, __wbg_adapter_50);
+module.exports.__wbindgen_closure_wrapper2472 = function (arg0, arg1, arg2) {
+  const ret = makeMutClosure(arg0, arg1, 709, __wbg_adapter_50);
   return addHeapObject(ret);
 };
 
-module.exports.__wbindgen_closure_wrapper3188 = function (arg0, arg1, arg2) {
-  const ret = makeMutClosure(arg0, arg1, 758, __wbg_adapter_53);
+module.exports.__wbindgen_closure_wrapper3311 = function (arg0, arg1, arg2) {
+  const ret = makeMutClosure(arg0, arg1, 793, __wbg_adapter_53);
   return addHeapObject(ret);
 };
 
-module.exports.__wbindgen_closure_wrapper3598 = function (arg0, arg1, arg2) {
-  const ret = makeMutClosure(arg0, arg1, 880, __wbg_adapter_56);
+module.exports.__wbindgen_closure_wrapper3724 = function (arg0, arg1, arg2) {
+  const ret = makeMutClosure(arg0, arg1, 916, __wbg_adapter_56);
   return addHeapObject(ret);
 };
 

package/node/bitwarden_wasm_internal_bg.wasm.d.ts

@@ -1,6 +1,15 @@
 /* tslint:disable */
 /* eslint-disable */
 export const memory: WebAssembly.Memory;
+export const __wbg_cryptoclient_free: (a: number, b: number) => void;
+export const cryptoclient_initialize_user_crypto: (a: number, b: number) => number;
+export const cryptoclient_initialize_org_crypto: (a: number, b: number) => number;
+export const cryptoclient_make_key_pair: (a: number, b: number, c: number, d: number) => void;
+export const cryptoclient_verify_asymmetric_keys: (a: number, b: number, c: number) => void;
+export const cryptoclient_make_user_signing_keys_for_enrollment: (a: number, b: number) => void;
+export const isDeriveKeyConnectorError: (a: number) => number;
+export const isEnrollAdminPasswordResetError: (a: number) => number;
+export const isCryptoClientError: (a: number) => number;
 export const isEncryptionSettingsError: (a: number) => number;
 export const isCryptoError: (a: number) => number;
 export const __wbg_exporterclient_free: (a: number, b: number) => void;
@@ -142,11 +151,6 @@ export const bitwardenclient_version: (a: number, b: number) => void;
 export const bitwardenclient_throw: (a: number, b: number, c: number, d: number) => void;
 export const bitwardenclient_http_get: (a: number, b: number, c: number) => number;
 export const bitwardenclient_crypto: (a: number) => number;
-export const __wbg_cryptoclient_free: (a: number, b: number) => void;
-export const cryptoclient_initialize_user_crypto: (a: number, b: number) => number;
-export const cryptoclient_initialize_org_crypto: (a: number, b: number) => number;
-export const cryptoclient_make_key_pair: (a: number, b: number, c: number, d: number) => void;
-export const cryptoclient_verify_asymmetric_keys: (a: number, b: number, c: number) => void;
 export const set_log_level: (a: number) => void;
 export const init_sdk: (a: number) => void;
 export const __wbg_purecrypto_free: (a: number, b: number) => void;
@@ -270,6 +274,21 @@ export const purecrypto_decapsulate_key_unsigned: (
   d: number,
   e: number,
 ) => void;
+export const purecrypto_verifying_key_for_signing_key: (
+  a: number,
+  b: number,
+  c: number,
+  d: number,
+  e: number,
+) => void;
+export const purecrypto_key_algorithm_for_verifying_key: (a: number, b: number, c: number) => void;
+export const purecrypto_verify_and_unwrap_signed_public_key: (
+  a: number,
+  b: number,
+  c: number,
+  d: number,
+  e: number,
+) => void;
 export const generate_ssh_key: (a: number, b: number) => void;
 export const import_ssh_key: (a: number, b: number, c: number, d: number, e: number) => void;
 export const isTestError: (a: number) => number;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bitwarden/sdk-internal",
-  "version": "0.2.0-main.200",
+  "version": "0.2.0-main.202",
   "license": "GPL-3.0",
   "files": [
     "bitwarden_wasm_internal_bg.js",