fidl_fuchsia_security_keymint

Struct SealingKeysProxy

Source 
pub struct SealingKeysProxy { /* private fields */ }

Implementations§

Source§

impl SealingKeysProxy

Source

pub fn new(channel: AsyncChannel) -> Self

Create a new Proxy for fuchsia.security.keymint/SealingKeys.

Source

pub fn take_event_stream(&self) -> SealingKeysEventStream

Get a Stream of events from the remote end of the protocol.

§Panics

Panics if the event stream was already taken.

Source

pub fn create_sealing_key( &self, key_info: &[u8], ) -> QueryResponseFut<SealingKeysCreateSealingKeyResult, DefaultFuchsiaResourceDialect>

Generates a new sealing key to seal and unseal secrets.

|key_info| is information to be cryptographically bound to the returned key.

  • The client will have to supply it in all uses (other than key deletion) of the returned key.
  • It serves two purposes: (1) internally by the key manager to identify the key owner and (2) as a password to mitigate potential attacks from the key manager and as well as other clients.
  • It is recommended to include sufficient entropy in it (using it as a password) to mitigage potential attacks from the secure world (the key manager’s execution environment) or from other clients.
  • It is acceptible to pass a constant if deriving and persisting a password is too cumbersome and the client fully trust the secure world and there are not many other clients.

The client is responsible for persisting both |key_info| and the returned |key_blob|. The key blob is encrypted with a TEE-private key. It is guaranteed to be unique for each call (even with the same key info). It can be stored in unsecure storage.

Returns:

  • The sealing key if everything worked.
  • FAILED_CREATE if the key creation failed, e.g., the |key_info| was empty.
Source

pub fn seal( &self, key_info: &[u8], key_blob: &[u8], secret: &[u8], ) -> QueryResponseFut<SealingKeysSealResult, DefaultFuchsiaResourceDialect>

Seals a secret using a sealing key identified by its info and blob:

  • The key info has to match the one supplied when generating the sealing key.

Note that the secret may be a key itself. It has no bearing on the seal operation.

Returns:

  • The sealed secret if everything worked.
  • FAILED_SEAL if the sealing failed, e.g., sealing key info or blob mismatch.
Source

pub fn unseal( &self, key_info: &[u8], key_blob: &[u8], sealed_secret: &[u8], ) -> QueryResponseFut<SealingKeysUnsealResult, DefaultFuchsiaResourceDialect>

Unseals a sealed secret using a sealing key identified by its info and blob:

  • The key info has to match the one supplied when generating the sealing key.
  • The key blob has to match the one used to seal the secret.

Note that the secret may be a key itself. It has no bearing on the unseal operation.

Returns:

  • The unsealed secret if everything worked.
  • FAILED_UNSEAL if the unsealing failed, e.g., sealing key info or blob mismatch.

Trait Implementations§

Source§

impl Clone for SealingKeysProxy

Source§

fn clone(&self) -> SealingKeysProxy

Returns a copy of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for SealingKeysProxy

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Proxy for SealingKeysProxy

Source§

type Protocol = SealingKeysMarker

The protocol which this Proxy controls.
Source§

fn from_channel(inner: AsyncChannel) -> Self

Create a proxy over the given channel.
Source§

fn into_channel(self) -> Result<AsyncChannel, Self>

Attempt to convert the proxy back into a channel. Read more
Source§

fn as_channel(&self) -> &AsyncChannel

Get a reference to the proxy’s underlying channel. Read more
§

fn into_client_end(self) -> Result<ClientEnd<Self::Protocol>, Self>

Attempt to convert the proxy back into a client end. Read more
§

fn is_closed(&self) -> bool

Returns true if the proxy has received the PEER_CLOSED signal.
§

fn on_closed(&self) -> OnSignals<'_, Unowned<'_, Handle>>

Returns a future that completes when the proxy receives the PEER_CLOSED signal.
Source§

impl SealingKeysProxyInterface for SealingKeysProxy

Source§

type CreateSealingKeyResponseFut = QueryResponseFut<Result<Vec<u8>, CreateError>>

Source§

type SealResponseFut = QueryResponseFut<Result<Vec<u8>, SealError>>

Source§

type UnsealResponseFut = QueryResponseFut<Result<Vec<u8>, UnsealError>>

Source§

fn create_sealing_key( &self, key_info: &[u8], ) -> Self::CreateSealingKeyResponseFut

Source§

fn seal( &self, key_info: &[u8], key_blob: &[u8], secret: &[u8], ) -> Self::SealResponseFut

Source§

fn unseal( &self, key_info: &[u8], key_blob: &[u8], sealed_secret: &[u8], ) -> Self::UnsealResponseFut

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
§

impl<T, D> Encode<Ambiguous1, D> for T
where D: ResourceDialect,

§

unsafe fn encode( self, _encoder: &mut Encoder<'_, D>, _offset: usize, _depth: Depth, ) -> Result<(), Error>

Encodes the object into the encoder’s buffers. Any handles stored in the object are swapped for Handle::INVALID. Read more
§

impl<T, D> Encode<Ambiguous2, D> for T
where D: ResourceDialect,

§

unsafe fn encode( self, _encoder: &mut Encoder<'_, D>, _offset: usize, _depth: Depth, ) -> Result<(), Error>

Encodes the object into the encoder’s buffers. Any handles stored in the object are swapped for Handle::INVALID. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

§

impl<T> FromClient for T
where T: Proxy,

§

type Protocol = <T as Proxy>::Protocol

The protocol.
§

fn from_client(value: ClientEnd<<T as FromClient>::Protocol>) -> T

Converts from a client.
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

§

impl<T> Pointable for T

§

const ALIGN: usize

The alignment of pointer.
§

type Init = T

The type for initializers.
§

unsafe fn init(init: <T as Pointable>::Init) -> usize

Initializes a with the given initializer. Read more
§

unsafe fn deref<'a>(ptr: usize) -> &'a T

Dereferences the given pointer. Read more
§

unsafe fn deref_mut<'a>(ptr: usize) -> &'a mut T

Mutably dereferences the given pointer. Read more
§

unsafe fn drop(ptr: usize)

Drops the object pointed to by the given pointer. Read more
§

impl<T> ProxyHasDomain for T
where T: Proxy,

§

fn domain(&self) -> ZirconClient

Get a “client” for this proxy. This is just an object which has methods for a few common handle creation operations.
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.