fidl_fuchsia_security_keymint

Enum SealingKeysRequest

pub enum SealingKeysRequest {
    CreateSealingKey {
        key_info: Vec<u8>,
        responder: SealingKeysCreateSealingKeyResponder,
    },
    Seal {
        key_info: Vec<u8>,
        key_blob: Vec<u8>,
        secret: Vec<u8>,
        responder: SealingKeysSealResponder,
    },
    Unseal {
        key_info: Vec<u8>,
        key_blob: Vec<u8>,
        sealed_secret: Vec<u8>,
        responder: SealingKeysUnsealResponder,
    },
}

Expand description

Allows a client to generate sealing keys and then use these keys to seal and unseal secrets. Sealed secrets are safe for offline storage.

Note that (un)seal is synonymous with (un)wrap, e.g., wrapping an encryption key is the same as sealing an encryption key.

Variants§

CreateSealingKey

Generates a new sealing key to seal and unseal secrets.

|key_info| is information to be cryptographically bound to the returned key.

The client will have to supply it in all uses (other than key deletion) of the returned key.
It serves two purposes: (1) internally by the key manager to identify the key owner and (2) as a password to mitigate potential attacks from the key manager and as well as other clients.
It is recommended to include sufficient entropy in it (using it as a password) to mitigage potential attacks from the secure world (the key manager’s execution environment) or from other clients.
It is acceptible to pass a constant if deriving and persisting a password is too cumbersome and the client fully trust the secure world and there are not many other clients.

The client is responsible for persisting both |key_info| and the returned |key_blob|. The key blob is encrypted with a TEE-private key. It is guaranteed to be unique for each call (even with the same key info). It can be stored in unsecure storage.

Returns:

The sealing key if everything worked.
FAILED_CREATE if the key creation failed, e.g., the |key_info| was empty.

Fields

§key_info: Vec<u8>

§responder: SealingKeysCreateSealingKeyResponder

Seal

Seals a secret using a sealing key identified by its info and blob:

The key info has to match the one supplied when generating the sealing key.

Note that the secret may be a key itself. It has no bearing on the seal operation.

Returns:

The sealed secret if everything worked.
FAILED_SEAL if the sealing failed, e.g., sealing key info or blob mismatch.

Fields

§key_info: Vec<u8>

§key_blob: Vec<u8>

§secret: Vec<u8>

§responder: SealingKeysSealResponder

Unseal

Unseals a sealed secret using a sealing key identified by its info and blob:

The key info has to match the one supplied when generating the sealing key.
The key blob has to match the one used to seal the secret.

Note that the secret may be a key itself. It has no bearing on the unseal operation.

Returns:

The unsealed secret if everything worked.
FAILED_UNSEAL if the unsealing failed, e.g., sealing key info or blob mismatch.

Fields

§key_info: Vec<u8>

§key_blob: Vec<u8>

§sealed_secret: Vec<u8>

§responder: SealingKeysUnsealResponder

Implementations§

impl SealingKeysRequest

pub fn into_create_sealing_key( self, ) -> Option<(Vec<u8>, SealingKeysCreateSealingKeyResponder)>

pub fn into_seal( self, ) -> Option<(Vec<u8>, Vec<u8>, Vec<u8>, SealingKeysSealResponder)>

pub fn into_unseal( self, ) -> Option<(Vec<u8>, Vec<u8>, Vec<u8>, SealingKeysUnsealResponder)>

pub fn method_name(&self) -> &'static str

Name of the method defined in FIDL

Trait Implementations§

impl Debug for SealingKeysRequest

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

Auto Trait Implementations§

impl Freeze for SealingKeysRequest

impl !RefUnwindSafe for SealingKeysRequest

impl Send for SealingKeysRequest

impl Sync for SealingKeysRequest

impl Unpin for SealingKeysRequest

impl !UnwindSafe for SealingKeysRequest

Blanket Implementations§

impl<T> Any for T
where T: 'static + ?Sized,

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more

impl<T> Borrow<T> for T
where T: ?Sized,

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more

impl<T> BorrowMut<T> for T
where T: ?Sized,

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more

impl<T, D> Encode<Ambiguous1, D> for T
where D: ResourceDialect,

unsafe fn encode( self, _encoder: &mut Encoder<'_, D>, _offset: usize, _depth: Depth, ) -> Result<(), Error>

Encodes the object into the encoder’s buffers. Any handles stored in the object are swapped for Handle::INVALID. Read more

impl<T, D> Encode<Ambiguous2, D> for T
where D: ResourceDialect,

unsafe fn encode( self, _encoder: &mut Encoder<'_, D>, _offset: usize, _depth: Depth, ) -> Result<(), Error>

Encodes the object into the encoder’s buffers. Any handles stored in the object are swapped for Handle::INVALID. Read more

impl<T> From<T> for T

fn from(t: T) -> T

Returns the argument unchanged.

impl<T, U> Into<U> for T
where U: From<T>,

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

impl<T> Pointable for T

const ALIGN: usize

The alignment of pointer.

type Init = T

The type for initializers.

unsafe fn init(init: <T as Pointable>::Init) -> usize

Initializes a with the given initializer. Read more

unsafe fn deref<'a>(ptr: usize) -> &'a T

Dereferences the given pointer. Read more

unsafe fn deref_mut<'a>(ptr: usize) -> &'a mut T

Mutably dereferences the given pointer. Read more

unsafe fn drop(ptr: usize)

Drops the object pointed to by the given pointer. Read more

impl<T, U> TryFrom<U> for T
where U: Into<T>,

type Error = Infallible

The type returned in the event of a conversion error.

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.