[PM-31115] Add ephemeral pin envelope state

crates/bitwarden-core/src/key_management/mod.rs

@@ -10,7 +10,9 @@
 //!   [CompositeEncryptable](bitwarden_crypto::CompositeEncryptable), and
 //!   [Decryptable](bitwarden_crypto::Decryptable).
 
-use bitwarden_crypto::{EncString, KeyStore, SymmetricCryptoKey, key_ids};
+use bitwarden_crypto::{
+    EncString, KeyStore, SymmetricCryptoKey, key_ids, safe::PasswordProtectedKeyEnvelope,
+};
 
 #[cfg(feature = "internal")]
 pub mod account_cryptographic_state;
@@ -79,6 +81,16 @@ pub struct LocalUserDataKeyState {
 
 bitwarden_state::register_repository_item!(UserId => LocalUserDataKeyState, "LocalUserDataKey");
 
+/// Represents the PIN envelope in memory, when ephemeral PIN unlock is used.
+#[derive(Serialize, Deserialize, Debug, Clone)]
+#[cfg_attr(feature = "wasm", derive(Tsify), tsify(into_wasm_abi, from_wasm_abi))]
+#[cfg_attr(feature = "uniffi", derive(uniffi::Record))]
+pub struct EphemeralPinEnvelopeState {
+    pin_envelope: PasswordProtectedKeyEnvelope,
+}
+
+bitwarden_state::register_repository_item!(String => EphemeralPinEnvelopeState, "EphemeralPinEnvelope");
+
 key_ids! {
     #[symmetric]
     pub enum SymmetricKeyId {

crates/bitwarden-core/tests/register.rs

@@ -12,7 +12,7 @@ async fn test_register_initialize_crypto() {
     use bitwarden_core::{
         Client, UserId,
         key_management::{
-            MasterPasswordUnlockData, UserKeyState,
+            EphemeralPinEnvelopeState, MasterPasswordUnlockData, UserKeyState,
             account_cryptographic_state::WrappedAccountCryptographicState,
             crypto::{InitUserCryptoMethod, InitUserCryptoRequest},
         },
@@ -34,6 +34,13 @@ async fn test_register_initialize_crypto() {
             MemoryRepository::<LocalUserDataKeyState>::default(),
         ));
 
+    client
+        .platform()
+        .state()
+        .register_client_managed(std::sync::Arc::new(MemoryRepository::<
+            EphemeralPinEnvelopeState,
+        >::default()));
+
     let email = "test@bitwarden.com";
     let password = "test123";
     let kdf = Kdf::PBKDF2 {

crates/bitwarden-crypto/src/safe/password_protected_key_envelope.rs

@@ -52,6 +52,7 @@ const ENVELOPE_ARGON2_OUTPUT_KEY_SIZE: usize = 32;
 /// be provided.
 ///
 /// Internally, Argon2 is used as the KDF and XChaCha20-Poly1305 is used to encrypt the key.
+#[derive(Clone)]
 pub struct PasswordProtectedKeyEnvelope {
     cose_encrypt: coset::CoseEncrypt,
 }

crates/bitwarden-pm/src/migrations.rs

@@ -35,6 +35,7 @@ macro_rules! create_client_managed_repositories {
             ::bitwarden_vault::Folder, Folder, folder, FolderRepository;
             ::bitwarden_core::key_management::UserKeyState, UserKeyState, user_key_state, UserKeyStateRepository;
             ::bitwarden_core::key_management::LocalUserDataKeyState, LocalUserDataKeyState, local_user_data_key_state, LocalUserDataKeyStateRepository;
+            ::bitwarden_core::key_management::EphemeralPinEnvelopeState, EphemeralPinEnvelopeState, ephemeral_pin_envelope_state, EphemeralPinEnvelopeStateRepository;
         }
     };
 }