Generate valid keys using rust

2025-12-15 15:53:59 +00:00 · 2025-07-31 10:20:53 +02:00
parent 072f9f2278
commit 75f11f68ac
7 changed files with 108 additions and 40 deletions
--- a/util/RustSdk/rust/Cargo.lock
+++ b/util/RustSdk/rust/Cargo.lock
@@ -184,7 +184,7 @@ dependencies = [
 "serde_json",
 "serde_qs",
 "serde_repr",
- "thiserror 1.0.69",
+ "thiserror 2.0.12",
 "uuid",
 "zeroize",
 ]
@@ -220,7 +220,7 @@ dependencies = [
 "sha1",
 "sha2",
 "subtle",
- "thiserror 1.0.69",
+ "thiserror 2.0.12",
 "typenum",
 "uuid",
 "zeroize",
@@ -252,7 +252,7 @@ version = "1.0.0"
 source = "git+https://github.com/bitwarden/sdk-internal.git?rev=b0c950dad701bc419c76e8a7d37bf5c17a6909d6#b0c950dad701bc419c76e8a7d37bf5c17a6909d6"
 dependencies = [
 "async-trait",
- "thiserror 1.0.69",
+ "thiserror 2.0.12",
 ]

 [[package]]
@@ -1802,7 +1802,7 @@ dependencies = [
 "security-framework",
 "security-framework-sys",
 "webpki-root-certs",
- "windows-sys 0.52.0",
+ "windows-sys 0.59.0",
 ]

 [[package]]
@@ -1897,6 +1897,8 @@ dependencies = [
 "bitwarden-core",
 "bitwarden-crypto",
 "csbindgen",
+ "serde",
+ "serde_json",
 ]

 [[package]]
@@ -1970,9 +1972,9 @@ dependencies = [

 [[package]]
 name = "serde_json"
-version = "1.0.140"
+version = "1.0.141"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "20068b6e96dc6c9bd23e01df8827e6c7e1f2fddd43c21810382803c136b99373"
+checksum = "30b9eff21ebe718216c6ec64e1d9ac57087aad11efc64e32002bce4a0d4c03d3"
 dependencies = [
 "itoa",
 "memchr",
--- a/util/RustSdk/rust/Cargo.toml
+++ b/util/RustSdk/rust/Cargo.toml
@@ -14,6 +14,8 @@ crate-type = ["cdylib"]
 [dependencies]
 bitwarden-core = { git = "https://github.com/bitwarden/sdk-internal.git", rev = "b0c950dad701bc419c76e8a7d37bf5c17a6909d6" }
 bitwarden-crypto = { git = "https://github.com/bitwarden/sdk-internal.git", rev = "b0c950dad701bc419c76e8a7d37bf5c17a6909d6" }
+serde = "=1.0.219"
+serde_json = "=1.0.141"

 [build-dependencies]
 csbindgen = "=1.9.3"
--- a/util/RustSdk/rust/src/lib.rs
+++ b/util/RustSdk/rust/src/lib.rs
@@ -1,3 +1,4 @@
+#![allow(clippy::missing_safety_doc)]
 use std::{
    ffi::{c_char, CStr, CString},
    num::NonZeroU32,
@@ -10,6 +11,39 @@ pub extern "C" fn my_add(x: i32, y: i32) -> i32 {
    x + y
 }

+#[no_mangle]
+pub unsafe extern "C" fn generate_user_keys(
+    email: *const c_char,
+    password: *const c_char,
+) -> *const c_char {
+    // TODO: We might want to make KDF configurable in the future.
+    let kdf = Kdf::PBKDF2 {
+        iterations: NonZeroU32::new(600_000).unwrap(),
+    };
+
+    let email = CStr::from_ptr(email).to_str().unwrap();
+    let password = CStr::from_ptr(password).to_str().unwrap();
+
+    let master_key = MasterKey::derive(password, email, &kdf).unwrap();
+    let master_password_hash = master_key
+        .derive_master_key_hash(password.as_bytes(), HashPurpose::ServerAuthorization)
+        .unwrap();
+    let (user_key, encrypted_user_key) = master_key.make_user_key().unwrap();
+    let keys = user_key.make_key_pair().unwrap();
+
+    let json = serde_json::json!({
+        "masterPasswordHash": master_password_hash,
+        "encryptedUserKey": encrypted_user_key.to_string(),
+        "publicKey": keys.public.to_string(),
+        "privateKey": keys.private.to_string(),
+    })
+    .to_string();
+
+    let result = CString::new(json).unwrap();
+
+    result.into_raw()
+}
+
 /// # Safety
 ///
 /// The `email` and `password` pointers must be valid null-terminated C strings.