bitwarden_core/auth/
tde.rs1use base64::{engine::general_purpose::STANDARD, Engine};
2use bitwarden_crypto::{
3 AsymmetricPublicCryptoKey, DeviceKey, EncString, Kdf, SpkiPublicKeyBytes, SymmetricCryptoKey,
4 TrustDeviceResponse, UnsignedSharedKey, UserKey,
5};
6
7use crate::{
8 client::{encryption_settings::EncryptionSettingsError, internal::UserKeyState},
9 Client,
10};
11
12pub(super) fn make_register_tde_keys(
16 client: &Client,
17 email: String,
18 org_public_key: String,
19 remember_device: bool,
20) -> Result<RegisterTdeKeyResponse, EncryptionSettingsError> {
21 let public_key = AsymmetricPublicCryptoKey::from_der(&SpkiPublicKeyBytes::from(
22 STANDARD.decode(org_public_key)?,
23 ))?;
24
25 let user_key = UserKey::new(SymmetricCryptoKey::make_aes256_cbc_hmac_key());
26 let key_pair = user_key.make_key_pair()?;
27
28 let admin_reset = UnsignedSharedKey::encapsulate_key_unsigned(&user_key.0, &public_key)?;
29
30 let device_key = if remember_device {
31 Some(DeviceKey::trust_device(&user_key.0)?)
32 } else {
33 None
34 };
35
36 client
37 .internal
38 .set_login_method(crate::client::LoginMethod::User(
39 crate::client::UserLoginMethod::Username {
40 client_id: "".to_owned(),
41 email,
42 kdf: Kdf::default(),
43 },
44 ));
45 client.internal.initialize_user_crypto_decrypted_key(
46 user_key.0,
47 UserKeyState {
48 private_key: key_pair.private.clone(),
49 signing_key: None,
52 security_state: None,
53 },
54 )?;
55
56 Ok(RegisterTdeKeyResponse {
57 private_key: key_pair.private,
58 public_key: key_pair.public,
59
60 admin_reset,
61 device_key,
62 })
63}
64
65#[allow(missing_docs)]
66#[cfg_attr(feature = "uniffi", derive(uniffi::Record))]
67pub struct RegisterTdeKeyResponse {
68 pub private_key: EncString,
69 pub public_key: String,
70
71 pub admin_reset: UnsignedSharedKey,
72 pub device_key: Option<TrustDeviceResponse>,
73}