Struct KeyStoreContext

pub struct KeyStoreContext<'a, Ids: KeyIds> {
    pub(super) global_keys: GlobalKeys<'a, Ids>,
    pub(super) local_symmetric_keys: Box<dyn StoreBackend<Ids::Symmetric>>,
    pub(super) local_asymmetric_keys: Box<dyn StoreBackend<Ids::Asymmetric>>,
    pub(super) _phantom: PhantomData<(Cell<()>, RwLockReadGuard<'static, ()>)>,
}

The context of a crypto operation using super::KeyStore

This will usually be accessed from an implementation of crate::Decryptable or crate::Encryptable, but can also be obtained through super::KeyStore::context

This context contains access to the user keys stored in the super::KeyStore (sometimes referred to as global keys) and it also contains it’s own individual secure backend for key storage. Keys stored in this individual backend are usually referred to as local keys, they will be cleared when this context goes out of scope and is dropped and they do not affect either the global super::KeyStore or other instances of contexts.

This context-local storage is recommended for ephemeral and temporary keys that are decrypted during the course of a decrypt/encrypt operation, but won’t be used after the operation itself is complete.

struct Data {
    key: EncString,
    name: String,
}

const LOCAL_KEY: SymmKeyId = SymmKeyId::Local("local_key_id");

impl Encryptable<Ids, SymmKeyId, EncString> for Data {
    fn encrypt(&self, ctx: &mut KeyStoreContext<Ids>, key: SymmKeyId) -> Result<EncString, CryptoError> {
        let local_key_id = ctx.decrypt_symmetric_key_with_symmetric_key(key, LOCAL_KEY, &self.key)?;
        self.name.encrypt(ctx, local_key_id)
    }
}

Fields

global_keys: GlobalKeys<'a, Ids>

local_symmetric_keys: Box<dyn StoreBackend<Ids::Symmetric>>

local_asymmetric_keys: Box<dyn StoreBackend<Ids::Asymmetric>>

_phantom: PhantomData<(Cell<()>, RwLockReadGuard<'static, ()>)>

Implementations

impl<Ids: KeyIds> KeyStoreContext<'_, Ids>

pub fn clear_local(&mut self)

Clears all the local keys stored in this context This will not affect the global keys even if this context has write access. To clear the global keys, you need to use super::KeyStore::clear instead.

pub fn retain_symmetric_keys(&mut self, f: fn(_: Ids::Symmetric) -> bool)

Remove all symmetric keys from the context for which the predicate returns false This will also remove the keys from the global store if this context has write access

pub fn retain_asymmetric_keys(&mut self, f: fn(_: Ids::Asymmetric) -> bool)

Remove all asymmetric keys from the context for which the predicate returns false This will also remove the keys from the global store if this context has write access

pub fn decrypt_symmetric_key_with_symmetric_key( &mut self, encryption_key: Ids::Symmetric, new_key_id: Ids::Symmetric, encrypted_key: &EncString, ) -> Result<Ids::Symmetric, CryptoError>

Decrypt a symmetric key into the context by using an already existing symmetric key

Arguments

• encryption_key - The key id used to decrypt the encrypted_key. It must already exist in the context
• new_key_id - The key id where the decrypted key will be stored. If it already exists, it will be overwritten
• encrypted_key - The key to decrypt

pub fn encrypt_symmetric_key_with_symmetric_key( &self, encryption_key: Ids::Symmetric, key_to_encrypt: Ids::Symmetric, ) -> Result<EncString, CryptoError>

Encrypt and return a symmetric key from the context by using an already existing symmetric key

Arguments

• encryption_key - The key id used to encrypt the key_to_encrypt. It must already exist in the context
• key_to_encrypt - The key id to encrypt. It must already exist in the context

pub fn decrypt_symmetric_key_with_asymmetric_key( &mut self, encryption_key: Ids::Asymmetric, new_key_id: Ids::Symmetric, encrypted_key: &AsymmetricEncString, ) -> Result<Ids::Symmetric, CryptoError>

Decrypt a symmetric key into the context by using an already existing asymmetric key

Arguments

• encryption_key - The key id used to decrypt the encrypted_key. It must already exist in the context
• new_key_id - The key id where the decrypted key will be stored. If it already exists, it will be overwritten
• encrypted_key - The key to decrypt

pub fn encrypt_symmetric_key_with_asymmetric_key( &self, encryption_key: Ids::Asymmetric, key_to_encrypt: Ids::Symmetric, ) -> Result<AsymmetricEncString, CryptoError>

Encrypt and return a symmetric key from the context by using an already existing asymmetric key

Arguments

• encryption_key - The key id used to encrypt the key_to_encrypt. It must already exist in the context
• key_to_encrypt - The key id to encrypt. It must already exist in the context

pub fn decrypt_asymmetric_key_with_asymmetric_key( &mut self, encryption_key: Ids::Asymmetric, new_key_id: Ids::Asymmetric, encrypted_key: &AsymmetricEncString, ) -> Result<Ids::Asymmetric, CryptoError>

Decrypt an asymmetric key into the context by using an already existing asymmetric key

Arguments

• encryption_key - The key id used to decrypt the encrypted_key. It must already exist in the context
• new_key_id - The key id where the decrypted key will be stored. If it already exists, it will be overwritten
• encrypted_key - The key to decrypt

pub fn encrypt_asymmetric_key_with_asymmetric_key( &self, encryption_key: Ids::Asymmetric, key_to_encrypt: Ids::Asymmetric, ) -> Result<AsymmetricEncString, CryptoError>

Encrypt and return an asymmetric key from the context by using an already existing asymmetric key

Arguments

• encryption_key - The key id used to encrypt the key_to_encrypt. It must already exist in the context
• key_to_encrypt - The key id to encrypt. It must already exist in the context

pub fn has_symmetric_key(&self, key_id: Ids::Symmetric) -> bool

Returns true if the context has a symmetric key with the given identifier

pub fn has_asymmetric_key(&self, key_id: Ids::Asymmetric) -> bool

Returns true if the context has an asymmetric key with the given identifier

pub fn generate_symmetric_key( &mut self, key_id: Ids::Symmetric, ) -> Result<Ids::Symmetric, CryptoError>

Generate a new random symmetric key and store it in the context

pub fn derive_shareable_key( &mut self, key_id: Ids::Symmetric, secret: Zeroizing<[u8; 16]>, name: &str, info: Option<&str>, ) -> Result<Ids::Symmetric, CryptoError>

Derive a shareable key using hkdf from secret and name and store it in the context.

A specialized variant of this function was called CryptoService.makeSendKey in the Bitwarden clients repository.

pub fn dangerous_get_symmetric_key( &self, key_id: Ids::Symmetric, ) -> Result<&SymmetricCryptoKey, CryptoError>

👎Deprecated: This function should ideally never be used outside this crate

pub fn dangerous_get_asymmetric_key( &self, key_id: Ids::Asymmetric, ) -> Result<&AsymmetricCryptoKey, CryptoError>

👎Deprecated: This function should ideally never be used outside this crate

fn get_symmetric_key( &self, key_id: Ids::Symmetric, ) -> Result<&SymmetricCryptoKey, CryptoError>

fn get_asymmetric_key( &self, key_id: Ids::Asymmetric, ) -> Result<&AsymmetricCryptoKey, CryptoError>

pub fn set_symmetric_key( &mut self, key_id: Ids::Symmetric, key: SymmetricCryptoKey, ) -> Result<(), CryptoError>

👎Deprecated: This function should ideally never be used outside this crate

pub fn set_asymmetric_key( &mut self, key_id: Ids::Asymmetric, key: AsymmetricCryptoKey, ) -> Result<(), CryptoError>

👎Deprecated: This function should ideally never be used outside this crate

pub(crate) fn decrypt_data_with_symmetric_key( &self, key: Ids::Symmetric, data: &EncString, ) -> Result<Vec<u8>, CryptoError>

pub(crate) fn encrypt_data_with_symmetric_key( &self, key: Ids::Symmetric, data: &[u8], ) -> Result<EncString, CryptoError>

pub(crate) fn decrypt_data_with_asymmetric_key( &self, key: Ids::Asymmetric, data: &AsymmetricEncString, ) -> Result<Vec<u8>, CryptoError>

pub(crate) fn encrypt_data_with_asymmetric_key( &self, key: Ids::Asymmetric, data: &[u8], ) -> Result<AsymmetricEncString, CryptoError>