Struct core_crypto::CoreCrypto

source ·
pub struct CoreCrypto { /* private fields */ }
Expand description

Wrapper superstruct for both mls::MlsCentral and proteus::ProteusCentral As std::ops::Deref is implemented, this struct is automatically dereferred to mls::MlsCentral apart from proteus_* calls

Implementations§

source§

impl CoreCrypto

source

pub async fn proteus_init(&mut self) -> CryptoResult<()>

Initializes the proteus client

source

pub async fn proteus_reload_sessions(&mut self) -> CryptoResult<()>

Reloads the sessions from the key store

Warning: The Proteus client MUST be initialized with CoreCrypto::proteus_init first or it will do nothing

source

pub async fn proteus_session_from_prekey( &mut self, session_id: &str, prekey: &[u8], ) -> CryptoResult<Arc<RwLock<ProteusConversationSession>>>

Creates a proteus session from a prekey

Warning: The Proteus client MUST be initialized with CoreCrypto::proteus_init first or an error will be returned

source

pub async fn proteus_session_from_message( &mut self, session_id: &str, envelope: &[u8], ) -> CryptoResult<(Arc<RwLock<ProteusConversationSession>>, Vec<u8>)>

Creates a proteus session from a Proteus message envelope

Warning: The Proteus client MUST be initialized with CoreCrypto::proteus_init first or an error will be returned

source

pub async fn proteus_session_save( &mut self, session_id: &str, ) -> CryptoResult<()>

Saves a proteus session in the keystore

Warning: The Proteus client MUST be initialized with CoreCrypto::proteus_init first or an error will be returned

source

pub async fn proteus_session_delete( &mut self, session_id: &str, ) -> CryptoResult<()>

Deletes a proteus session from the keystore

Warning: The Proteus client MUST be initialized with CoreCrypto::proteus_init first or an error will be returned

source

pub async fn proteus_session( &mut self, session_id: &str, ) -> CryptoResult<Option<Arc<RwLock<ProteusConversationSession>>>>

Proteus session accessor

Warning: The Proteus client MUST be initialized with CoreCrypto::proteus_init first or an error will be returned

source

pub async fn proteus_session_exists( &mut self, session_id: &str, ) -> CryptoResult<bool>

Proteus session exists

Warning: The Proteus client MUST be initialized with CoreCrypto::proteus_init first or an error will be returned

source

pub async fn proteus_decrypt( &mut self, session_id: &str, ciphertext: &[u8], ) -> CryptoResult<Vec<u8>>

Decrypts a proteus message envelope

Warning: The Proteus client MUST be initialized with CoreCrypto::proteus_init first or an error will be returned

source

pub async fn proteus_encrypt( &mut self, session_id: &str, plaintext: &[u8], ) -> CryptoResult<Vec<u8>>

Encrypts proteus message for a given session ID

Warning: The Proteus client MUST be initialized with CoreCrypto::proteus_init first or an error will be returned

source

pub async fn proteus_encrypt_batched( &mut self, sessions: &[impl AsRef<str>], plaintext: &[u8], ) -> CryptoResult<HashMap<String, Vec<u8>>>

Encrypts a proteus message for several sessions ID. This is more efficient than other methods as the calls are batched. This also reduces the rountrips when crossing over the FFI

Warning: The Proteus client MUST be initialized with CoreCrypto::proteus_init first or an error will be returned

source

pub async fn proteus_new_prekey(&self, prekey_id: u16) -> CryptoResult<Vec<u8>>

Creates a new Proteus prekey and returns the CBOR-serialized version of the prekey bundle

Warning: The Proteus client MUST be initialized with CoreCrypto::proteus_init first or an error will be returned

source

pub async fn proteus_new_prekey_auto(&self) -> CryptoResult<(u16, Vec<u8>)>

Creates a new Proteus prekey with an automatically incremented ID and returns the CBOR-serialized version of the prekey bundle

Warning: The Proteus client MUST be initialized with CoreCrypto::proteus_init first or an error will be returned

source

pub async fn proteus_last_resort_prekey(&self) -> CryptoResult<Vec<u8>>

Returns the last resort prekey

source

pub fn proteus_last_resort_prekey_id() -> u16

Returns the proteus last resort prekey id (u16::MAX = 65535)

source

pub fn proteus_identity(&self) -> CryptoResult<&IdentityKeyPair>

Returns the proteus identity keypair

Warning: The Proteus client MUST be initialized with CoreCrypto::proteus_init first or an error will be returned

source

pub fn proteus_fingerprint(&self) -> CryptoResult<String>

Returns the proteus identity’s public key fingerprint

Warning: The Proteus client MUST be initialized with CoreCrypto::proteus_init first or an error will be returned

source

pub async fn proteus_fingerprint_local( &mut self, session_id: &str, ) -> CryptoResult<String>

Returns the proteus identity’s public key fingerprint

Warning: The Proteus client MUST be initialized with CoreCrypto::proteus_init first or an error will be returned

source

pub async fn proteus_fingerprint_remote( &mut self, session_id: &str, ) -> CryptoResult<String>

Returns the proteus identity’s public key fingerprint

Warning: The Proteus client MUST be initialized with CoreCrypto::proteus_init first or an error will be returned

source

pub async fn proteus_cryptobox_migrate(&self, path: &str) -> CryptoResult<()>

Migrates an existing Cryptobox data store (whether a folder or an IndexedDB database) located at path to the keystore.

The client can then be initialized with CoreCrypto::proteus_init

source§

impl CoreCrypto

source

pub fn take(self) -> MlsCentral

Allows to extract the MLS Client from the wrapper superstruct

Methods from Deref<Target = MlsCentral>§

source

pub async fn get_or_create_client_keypackages( &self, ciphersuite: MlsCiphersuite, credential_type: MlsCredentialType, amount_requested: usize, ) -> CryptoResult<Vec<KeyPackage>>

Returns amount_requested OpenMLS openmls::key_packages::KeyPackages. Will always return the requested amount as it will generate the necessary (lacking) amount on-the-fly

Note: Keypackage pruning is performed as a first step

§Arguments
  • amount_requested - number of KeyPackages to request and fill the KeyPackageBundle
§Return type

A vector of KeyPackageBundle

§Errors

Errors can happen when accessing the KeyStore

source

pub async fn client_valid_key_packages_count( &self, ciphersuite: MlsCiphersuite, credential_type: MlsCredentialType, ) -> CryptoResult<usize>

Returns the count of valid, non-expired, unclaimed keypackages in store for the given MlsCiphersuite and MlsCredentialType

source

pub async fn delete_keypackages( &mut self, refs: &[KeyPackageRef], ) -> CryptoResult<()>

Prunes local KeyPackages after making sure they also have been deleted on the backend side You should only use this after MlsCentral::e2ei_rotate_all

source

pub async fn add_members_to_conversation( &mut self, id: &ConversationId, key_packages: Vec<KeyPackageIn>, ) -> CryptoResult<MlsConversationCreationMessage>

Adds new members to the group/conversation

§Arguments
  • id - group/conversation id
  • members - members to be added to the group
§Return type

An optional struct containing a welcome and a message will be returned on successful call. The value will be None only if the group can’t be found locally (no error will be returned in this case).

§Errors

If the authorisation callback is set, an error can be caused when the authorization fails. Other errors are KeyStore and OpenMls errors:

source

pub async fn remove_members_from_conversation( &mut self, id: &ConversationId, clients: &[ClientId], ) -> CryptoResult<MlsCommitBundle>

Removes clients from the group/conversation.

§Arguments
  • id - group/conversation id
  • clients - list of client ids to be removed from the group
§Return type

An struct containing a welcome(optional, will be present only if there’s pending add proposals in the store), a message with the commit to fan out to other clients and the group info will be returned on successful call.

§Errors

If the authorisation callback is set, an error can be caused when the authorization fails. Other errors are KeyStore and OpenMls errors.

source

pub async fn update_keying_material( &mut self, id: &ConversationId, ) -> CryptoResult<MlsCommitBundle>

Self updates the KeyPackage and automatically commits. Pending proposals will be commited

§Arguments
  • conversation_id - the group/conversation id
§Return type

An struct containing a welcome(optional, will be present only if there’s pending add proposals in the store), a message with the commit to fan out to other clients and the group info will be returned on successful call.

§Errors

If the conversation can’t be found, an error will be returned. Other errors are originating from OpenMls and the KeyStore

source

pub async fn commit_pending_proposals( &mut self, id: &ConversationId, ) -> CryptoResult<Option<MlsCommitBundle>>

Commits all pending proposals of the group

§Arguments
  • backend - the KeyStore to persist group changes
§Return type

A tuple containing the commit message and a possible welcome (in the case Add proposals were pending within the internal MLS Group)

§Errors

Errors can be originating from the KeyStore and OpenMls

source

pub fn set_raw_external_senders( &self, cfg: &mut MlsConversationConfiguration, external_senders: Vec<Vec<u8>>, ) -> CryptoResult<()>

Parses supplied key from Delivery Service in order to build back an [ExternalSender]

source

pub async fn decrypt_message( &mut self, id: &ConversationId, message: impl AsRef<[u8]>, ) -> CryptoResult<MlsConversationDecryptMessage>

Deserializes a TLS-serialized message, then deciphers it

§Arguments
  • conversation - the group/conversation id
  • message - the encrypted message as a byte array
§Return type

This method will return a tuple containing an optional message and an optional delay time for the callers to wait for committing. A message will be None in case the provided payload in case of a system message, such as Proposals and Commits. Otherwise it will return the message as a byte array. The delay will be Some when the message has a proposal

§Errors

If the conversation can’t be found, an error will be returned. Other errors are originating from OpenMls and the KeyStore

source

pub async fn encrypt_message( &mut self, conversation: &ConversationId, message: impl AsRef<[u8]>, ) -> CryptoResult<Vec<u8>>

Encrypts a raw payload then serializes it to the TLS wire format

§Arguments
  • conversation - the group/conversation id
  • message - the message as a byte array
§Return type

This method will return an encrypted TLS serialized message.

§Errors

If the conversation can’t be found, an error will be returned. Other errors are originating from OpenMls and the KeyStore

source

pub async fn export_secret_key( &mut self, conversation_id: &ConversationId, key_length: usize, ) -> CryptoResult<Vec<u8>>

Derives a new key from the one in the group, allowing it to be use elsewehere.

§Arguments
  • conversation_id - the group/conversation id
  • key_length - the length of the key to be derived. If the value is higher than the bounds of u16 or the context hash * 255, an error will be returned
§Errors

OpenMls secret generation error or conversation not found

source

pub async fn get_client_ids( &mut self, conversation_id: &ConversationId, ) -> CryptoResult<Vec<ClientId>>

Exports the clients from a conversation

§Arguments
  • conversation_id - the group/conversation id
§Errors

if the conversation can’t be found

source

pub async fn get_external_sender( &mut self, id: &ConversationId, ) -> CryptoResult<Vec<u8>>

Returns the raw public key of the single external sender present in this group. This should be used to initialize a subconversation

source

pub async fn commit_accepted( &mut self, id: &ConversationId, ) -> CryptoResult<Option<Vec<MlsBufferedConversationDecryptMessage>>>

The commit we created has been accepted by the Delivery Service. Hence it is guaranteed to be used for the new epoch. We can now safely “merge” it (effectively apply the commit to the group) and update it in the keystore. The previous can be discarded to respect Forward Secrecy.

source

pub async fn clear_pending_proposal( &mut self, conversation_id: &ConversationId, proposal_ref: MlsProposalRef, ) -> CryptoResult<()>

Allows to remove a pending (uncommitted) proposal. Use this when backend rejects the proposal you just sent e.g. if permissions have changed meanwhile.

CAUTION: only use this when you had an explicit response from the Delivery Service e.g. 403 or 409. Do not use otherwise e.g. 5xx responses, timeout etc..

§Arguments
  • conversation_id - the group/conversation id
  • proposal_ref - unique proposal identifier which is present in crate::prelude::MlsProposalBundle and returned from all operation creating a proposal
§Errors

When the conversation is not found or the proposal reference does not identify a proposal in the local pending proposal store

source

pub async fn clear_pending_commit( &mut self, conversation_id: &ConversationId, ) -> CryptoResult<()>

Allows to remove a pending commit. Use this when backend rejects the commit you just sent e.g. if permissions have changed meanwhile.

CAUTION: only use this when you had an explicit response from the Delivery Service e.g. 403. Do not use otherwise e.g. 5xx responses, timeout etc.. DO NOT use when Delivery Service responds 409, pending state will be renewed in MlsCentral::decrypt_message

§Arguments
  • conversation_id - the group/conversation id
§Errors

When the conversation is not found or there is no pending commit

source

pub async fn process_raw_welcome_message( &mut self, welcome: Vec<u8>, custom_cfg: MlsCustomConfiguration, ) -> CryptoResult<WelcomeBundle>

Create a conversation from a TLS serialized MLS Welcome message. The MlsConversationConfiguration used in this function will be the default implementation.

§Arguments
  • welcome - a TLS serialized welcome message
  • configuration - configuration of the MLS conversation fetched from the Delivery Service
§Return type

This function will return the conversation/group id

§Errors

see MlsCentral::process_welcome_message

source

pub async fn process_welcome_message( &mut self, welcome: MlsMessageIn, custom_cfg: MlsCustomConfiguration, ) -> CryptoResult<WelcomeBundle>

Create a conversation from a received MLS Welcome message

§Arguments
  • welcome - a Welcome message received as a result of a commit adding new members to a group
  • configuration - configuration of the group/conversation
§Return type

This function will return the conversation/group id

§Errors

Errors can be originating from the KeyStore of from OpenMls:

source

pub async fn wipe_conversation( &mut self, id: &ConversationId, ) -> CryptoResult<()>

Destroys a group locally

§Errors

KeyStore errors, such as IO

source

pub async fn mark_conversation_as_child_of( &mut self, child_id: &ConversationId, parent_id: &ConversationId, ) -> CryptoResult<()>

Mark a conversation as child of another one This will affect the behavior of callbacks in particular

source

pub async fn join_by_external_commit( &mut self, group_info: VerifiableGroupInfo, custom_cfg: MlsCustomConfiguration, credential_type: MlsCredentialType, ) -> CryptoResult<MlsConversationInitBundle>

Issues an external commit and stores the group in a temporary table. This method is intended for example when a new client wants to join the user’s existing groups. On success this function will return the group id and a message to be fanned out to other clients.

If the Delivery Service accepts the external commit, you have to MlsCentral::merge_pending_group_from_external_commit in order to get back a functional MLS group. On the opposite, if it rejects it, you can either retry by just calling again MlsCentral::join_by_external_commit, no need to MlsCentral::clear_pending_group_from_external_commit. If you want to abort the operation (too many retries or the user decided to abort), you can use MlsCentral::clear_pending_group_from_external_commit in order not to bloat the user’s storage but nothing bad can happen if you forget to except some storage space wasted.

§Arguments
  • group_info - a GroupInfo wrapped in a MLS message. it can be obtained by deserializing a TLS serialized GroupInfo object
  • custom_cfg - configuration of the MLS conversation fetched from the Delivery Service
  • credential_type - kind of openmls::prelude::Credential to use for joining this group. If MlsCredentialType::Basic is chosen and no Credential has been created yet for it, a new one will be generated. When MlsCredentialType::X509 is chosen, it fails when no openmls::prelude::Credential has been created for the given Ciphersuite.
§Return type

It will return a tuple with the group/conversation id and the message containing the commit that was generated by this call

§Errors

Errors resulting from OpenMls, the KeyStore calls and serialization

source

pub async fn merge_pending_group_from_external_commit( &mut self, id: &ConversationId, ) -> CryptoResult<Option<Vec<MlsBufferedConversationDecryptMessage>>>

This merges the commit generated by MlsCentral::join_by_external_commit, persists the group permanently and deletes the temporary one. After merging, the group should be fully functional.

§Arguments
  • id - the conversation id
§Errors

Errors resulting from OpenMls, the KeyStore calls and deserialization

source

pub async fn clear_pending_group_from_external_commit( &mut self, id: &ConversationId, ) -> CryptoResult<()>

In case the external commit generated by MlsCentral::join_by_external_commit is rejected by the Delivery Service and we want to abort this external commit once for all, we can wipe out the pending group from the keystore in order not to waste space

§Arguments
  • id - the conversation id
§Errors

Errors resulting from the KeyStore calls

source

pub async fn new_external_add_proposal( &mut self, conversation_id: ConversationId, epoch: GroupEpoch, ciphersuite: MlsCiphersuite, credential_type: MlsCredentialType, ) -> CryptoResult<MlsMessageOut>

Crafts a new external Add proposal. Enables a client outside a group to request addition to this group. For Wire only, the client must belong to an user already in the group

§Arguments
§Return type

Returns a message with the proposal to be add a new client

§Errors

Errors resulting from the creation of the proposal within OpenMls. Fails when credential_type is MlsCredentialType::X509 and no Credential has been created for it beforehand with MlsCentral::e2ei_mls_init_only or variants.

source

pub async fn new_add_proposal( &mut self, id: &ConversationId, key_package: KeyPackage, ) -> CryptoResult<MlsProposalBundle>

Creates a new Add proposal

source

pub async fn new_remove_proposal( &mut self, id: &ConversationId, client_id: ClientId, ) -> CryptoResult<MlsProposalBundle>

Creates a new Add proposal

source

pub async fn new_update_proposal( &mut self, id: &ConversationId, ) -> CryptoResult<MlsProposalBundle>

Creates a new Add proposal

source

pub async fn restore_from_disk(&mut self) -> CryptoResult<()>

MlsCentral is supposed to be a singleton. Knowing that, it does some optimizations by keeping MLS groups in memory. Sometimes, especially on iOS, it is required to use extensions to perform tasks in the background. Extensions are executed in another process so another MlsCentral instance has to be used. This method has to be used to synchronize instances. It simply fetches the MLS group from keystore in memory.

source

pub async fn mls_init( &mut self, identifier: ClientIdentifier, ciphersuites: Vec<MlsCiphersuite>, nb_init_key_packages: Option<usize>, ) -> CryptoResult<()>

Initializes the MLS client if super::CoreCrypto has previously been initialized with CoreCrypto::deferred_init instead of CoreCrypto::new. This should stay as long as proteus is supported. Then it should be removed.

source

pub async fn mls_generate_keypairs( &self, ciphersuites: Vec<MlsCiphersuite>, ) -> CryptoResult<Vec<ClientId>>

Generates MLS KeyPairs/CredentialBundle with a temporary, random client ID. This method is designed to be used in conjunction with MlsCentral::mls_init_with_client_id and represents the first step in this process.

This returns the TLS-serialized identity keys (i.e. the signature keypair’s public key)

source

pub async fn mls_init_with_client_id( &mut self, client_id: ClientId, tmp_client_ids: Vec<ClientId>, ciphersuites: Vec<MlsCiphersuite>, ) -> CryptoResult<()>

Updates the current temporary Client ID with the newly provided one. This is the second step in the externally-generated clients process

Important: This is designed to be called after MlsCentral::mls_generate_keypairs

source

pub fn callbacks(&mut self, callbacks: Arc<dyn CoreCryptoCallbacks>)

Sets the consumer callbacks (i.e authorization callbacks for CoreCrypto to perform authorization calls when needed)

§Arguments
  • callbacks - a callback to be called to perform authorization
source

pub fn client_public_key( &self, ciphersuite: MlsCiphersuite, credential_type: MlsCredentialType, ) -> CryptoResult<Vec<u8>>

Returns the client’s most recent public signature key as a buffer. Used to upload a public key to the server in order to verify client’s messages signature.

§Arguments
  • ciphersuite - a callback to be called to perform authorization
  • credential_type - of the credential to look for
source

pub fn client_id(&self) -> CryptoResult<ClientId>

Returns the client’s id as a buffer

source

pub async fn new_conversation( &mut self, id: &ConversationId, creator_credential_type: MlsCredentialType, config: MlsConversationConfiguration, ) -> CryptoResult<()>

Create a new empty conversation

§Arguments
  • id - identifier of the group/conversation (must be unique otherwise the existing group will be overridden)
  • creator_credential_type - kind of credential the creator wants to create the group with
  • config - configuration of the group/conversation
§Errors

Errors can happen from the KeyStore or from OpenMls for ex if no openmls::key_packages::KeyPackage can be found in the KeyStore

source

pub async fn conversation_exists(&mut self, id: &ConversationId) -> bool

Checks if a given conversation id exists locally

source

pub async fn conversation_epoch( &mut self, id: &ConversationId, ) -> CryptoResult<u64>

Returns the epoch of a given conversation

§Errors

If the conversation can’t be found

source

pub async fn conversation_ciphersuite( &mut self, id: &ConversationId, ) -> CryptoResult<MlsCiphersuite>

Returns the ciphersuite of a given conversation

§Errors

If the conversation can’t be found

source

pub fn random_bytes(&self, len: usize) -> CryptoResult<Vec<u8>>

Generates a random byte array of the specified size

source

pub fn provider(&self) -> &MlsCryptoProvider

Returns a reference for the internal Crypto Provider

source

pub fn provider_mut(&mut self) -> &mut MlsCryptoProvider

Returns a mutable reference for the internal Crypto Provider

source

pub async fn e2ei_conversation_state( &mut self, id: &ConversationId, ) -> CryptoResult<E2eiConversationState>

Indicates when to mark a conversation as not verified i.e. when not all its members have a X509 Credential generated by Wire’s end-to-end identity enrollment

source

pub async fn e2ei_verify_group_state( &self, group_info: VerifiableGroupInfo, ) -> CryptoResult<E2eiConversationState>

Verifies a Group state before joining it

source

pub async fn get_credential_in_use( &self, group_info: VerifiableGroupInfo, credential_type: MlsCredentialType, ) -> CryptoResult<E2eiConversationState>

Gets the e2ei conversation state from a GroupInfo. Useful to check if the group has e2ei turned on or not before joining it.

source

pub fn e2ei_is_enabled( &self, signature_scheme: SignatureScheme, ) -> CryptoResult<bool>

Returns true when end-to-end-identity is enabled for the given SignatureScheme

source

pub async fn get_device_identities( &mut self, conversation_id: &ConversationId, client_ids: &[ClientId], ) -> CryptoResult<Vec<WireIdentity>>

From a given conversation, get the identity of the members supplied. Identity is only present for members with a Certificate Credential (after turning on end-to-end identity). If no member has a x509 certificate, it will return an empty Vec

source

pub async fn get_user_identities( &mut self, conversation_id: &ConversationId, user_ids: &[String], ) -> CryptoResult<HashMap<String, Vec<WireIdentity>>>

From a given conversation, get the identity of the users (device holders) supplied. Identity is only present for devices with a Certificate Credential (after turning on end-to-end identity). If no member has a x509 certificate, it will return an empty Vec.

Returns a Map with all the identities for a given users. Consumers are then recommended to reduce those identities to determine the actual status of a user.

source

pub async fn e2ei_is_pki_env_setup(&self) -> bool

Returns whether the E2EI PKI environment is setup (i.e. Root CA, Intermediates, CRLs)

source

pub async fn e2ei_dump_pki_env(&self) -> CryptoResult<Option<E2eiDumpedPkiEnv>>

Dumps the PKI environment as PEM

source

pub async fn e2ei_register_acme_ca( &self, trust_anchor_pem: String, ) -> CryptoResult<()>

Registers a Root Trust Anchor CA for the use in E2EI processing.

Please note that without a Root Trust Anchor, all validations will fail; So this is the first step to perform after initializing your E2EI client

§Parameters
  • trust_anchor_pem - PEM certificate to anchor as a Trust Root
source

pub async fn e2ei_register_intermediate_ca_pem( &self, cert_pem: String, ) -> CryptoResult<NewCrlDistributionPoint>

Registers an Intermediate CA for the use in E2EI processing.

Please note that a Root Trust Anchor CA is needed to validate Intermediate CAs; You need to have a Root CA registered before calling this

§Parameters
  • cert_pem - PEM certificate to register as an Intermediate CA
source

pub async fn e2ei_register_crl( &self, crl_dp: String, crl_der: Vec<u8>, ) -> CryptoResult<CrlRegistration>

Registers a CRL for the use in E2EI processing.

Please note that a Root Trust Anchor CA is needed to validate CRLs; You need to have a Root CA registered before calling this

§Parameters
  • crl_dp - CRL Distribution Point; Basically the URL you fetched it from
  • crl_der - DER representation of the CRL
§Returns

A CrlRegistration with the dirty state of the new CRL (see struct) and its expiration timestamp

source

pub fn e2ei_new_activation_enrollment( &self, display_name: String, handle: String, team: Option<String>, expiry_sec: u32, ciphersuite: MlsCiphersuite, ) -> CryptoResult<E2eiEnrollment>

Generates an E2EI enrollment instance for a “regular” client (with a Basic credential) willing to migrate to E2EI. As a consequence, this method does not support changing the ClientId which should remain the same as the Basic one. Once the enrollment is finished, use the instance in MlsCentral::e2ei_rotate_all to do the rotation.

source

pub async fn e2ei_new_rotate_enrollment( &self, display_name: Option<String>, handle: Option<String>, team: Option<String>, expiry_sec: u32, ciphersuite: MlsCiphersuite, ) -> CryptoResult<E2eiEnrollment>

Generates an E2EI enrollment instance for a E2EI client (with a X509 certificate credential) having to change/rotate their credential, either because the former one is expired or it has been revoked. As a consequence, this method does not support changing neither ClientId which should remain the same as the previous one. It lets you change the DisplayName or the handle if you need to. Once the enrollment is finished, use the instance in MlsCentral::e2ei_rotate_all to do the rotation.

source

pub async fn e2ei_rotate_all( &mut self, enrollment: &mut E2eiEnrollment, certificate_chain: String, new_key_packages_count: usize, ) -> CryptoResult<MlsRotateBundle>

Creates a commit in all local conversations for changing the credential. Requires first having enrolled a new X509 certificate with either MlsCentral::e2ei_new_activation_enrollment or MlsCentral::e2ei_new_rotate_enrollment

source

pub async fn e2ei_rotate( &mut self, id: &ConversationId, cb: Option<&CredentialBundle>, ) -> CryptoResult<MlsCommitBundle>

Creates a commit in a conversation for changing the credential. Requires first having enrolled a new X509 certificate with either MlsCentral::e2ei_new_activation_enrollment or MlsCentral::e2ei_new_rotate_enrollment

source

pub async fn e2ei_enrollment_stash( &self, enrollment: E2eiEnrollment, ) -> CryptoResult<Vec<u8>>

Allows persisting an active enrollment (for example while redirecting the user during OAuth) in order to resume it later with MlsCentral::e2ei_enrollment_stash_pop

§Arguments
  • enrollment - the enrollment instance to persist
§Returns

A handle for retrieving the enrollment later on

source

pub async fn e2ei_enrollment_stash_pop( &self, handle: Vec<u8>, ) -> CryptoResult<E2eiEnrollment>

Fetches the persisted enrollment and deletes it from the keystore

§Arguments
source

pub fn e2ei_new_enrollment( &self, client_id: ClientId, display_name: String, handle: String, team: Option<String>, expiry_sec: u32, ciphersuite: MlsCiphersuite, ) -> CryptoResult<E2eiEnrollment>

Creates an enrollment instance with private key material you can use in order to fetch a new x509 certificate from the acme server.

§Parameters
  • client_id - client identifier e.g. b7ac11a4-8f01-4527-af88-1c30885a7931:6add501bacd1d90e@example.com
  • display_name - human readable name displayed in the application e.g. Smith, Alice M (QA)
  • handle - user handle e.g. alice.smith.qa@example.com
  • expiry_sec - generated x509 certificate expiry in seconds
source

pub async fn e2ei_mls_init_only( &mut self, enrollment: &mut E2eiEnrollment, certificate_chain: String, nb_init_key_packages: Option<usize>, ) -> CryptoResult<NewCrlDistributionPoint>

Parses the ACME server response from the endpoint fetching x509 certificates and uses it to initialize the MLS client with a certificate

Trait Implementations§

source§

impl Debug for CoreCrypto

source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
source§

impl Deref for CoreCrypto

source§

type Target = MlsCentral

The resulting type after dereferencing.
source§

fn deref(&self) -> &Self::Target

Dereferences the value.
source§

impl DerefMut for CoreCrypto

source§

fn deref_mut(&mut self) -> &mut Self::Target

Mutably dereferences the value.
source§

impl From<MlsCentral> for CoreCrypto

source§

fn from(mls: MlsCentral) -> Self

Converts to this type from the input type.

Auto Trait Implementations§

Blanket Implementations§

source§

impl<T> Any for T
where T: 'static + ?Sized,

source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
source§

impl<T> Borrow<T> for T
where T: ?Sized,

source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
source§

impl<T> From<T> for T

source§

fn from(t: T) -> T

Returns the argument unchanged.

§

impl<T, UT> HandleAlloc<UT> for T
where T: Send + Sync,

§

fn new_handle(value: Arc<T>) -> Handle

Create a new handle for an Arc value Read more
§

unsafe fn clone_handle(handle: Handle) -> Handle

Clone a handle Read more
§

unsafe fn consume_handle(handle: Handle) -> Arc<T>

Consume a handle, getting back the initial Arc<> Read more
§

unsafe fn get_arc(handle: Handle) -> Arc<Self>

Get a clone of the Arc<> using a “borrowed” handle. Read more
source§

impl<T, U> Into<U> for T
where U: From<T>,

source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

source§

impl<T> IntoEither for T

source§

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
source§

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
source§

impl<T> Same for T

source§

type Output = T

Should always be Self
source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

source§

type Error = Infallible

The type returned in the event of a conversion error.
source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

§

fn vzip(self) -> V