Struct SealingKeysSynchronousProxy

pub struct SealingKeysSynchronousProxy { /* private fields */ }

Implementations

impl SealingKeysSynchronousProxy

pub fn new(channel: Channel) -> Self

pub fn into_channel(self) -> Channel

pub fn wait_for_event( &self, deadline: MonotonicInstant, ) -> Result<SealingKeysEvent, Error>

Waits until an event arrives and returns it. It is safe for other threads to make concurrent requests while waiting for an event.

pub fn create_sealing_key( &self, key_info: &[u8], ___deadline: MonotonicInstant, ) -> Result<SealingKeysCreateSealingKeyResult, Error>

Generates a new sealing key to seal and unseal secrets.

|key_info| is information to be cryptographically bound to the returned key.

• The client will have to supply it in all uses (other than key deletion) of the returned key.
• It serves two purposes: (1) internally by the key manager to identify the key owner and (2) as a password to mitigate potential attacks from the key manager and as well as other clients.
• It is recommended to include sufficient entropy in it (using it as a password) to mitigage potential attacks from the secure world (the key manager’s execution environment) or from other clients.
• It is acceptible to pass a constant if deriving and persisting a password is too cumbersome and the client fully trust the secure world and there are not many other clients.

The client is responsible for persisting both |key_info| and the returned |key_blob|. The key blob is encrypted with a TEE-private key. It is guaranteed to be unique for each call (even with the same key info). It can be stored in unsecure storage.

Returns:

• The sealing key if everything worked.
• FAILED_CREATE if the key creation failed, e.g., the |key_info| was empty.

pub fn seal( &self, key_info: &[u8], key_blob: &[u8], secret: &[u8], ___deadline: MonotonicInstant, ) -> Result<SealingKeysSealResult, Error>

Seals a secret using a sealing key identified by its info and blob:

• The key info has to match the one supplied when generating the sealing key.

Note that the secret may be a key itself. It has no bearing on the seal operation.

Returns:

• The sealed secret if everything worked.
• FAILED_SEAL if the sealing failed, e.g., sealing key info or blob mismatch.

pub fn unseal( &self, key_info: &[u8], key_blob: &[u8], sealed_secret: &[u8], ___deadline: MonotonicInstant, ) -> Result<SealingKeysUnsealResult, Error>

Unseals a sealed secret using a sealing key identified by its info and blob:

• The key info has to match the one supplied when generating the sealing key.
• The key blob has to match the one used to seal the secret.

Note that the secret may be a key itself. It has no bearing on the unseal operation.

Returns:

• The unsealed secret if everything worked.
• FAILED_UNSEAL if the unsealing failed, e.g., sealing key info or blob mismatch.

Trait Implementations

impl Debug for SealingKeysSynchronousProxy

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl From<Channel> for SealingKeysSynchronousProxy

fn from(value: Channel) -> Self

Converts to this type from the input type.

impl From<SealingKeysSynchronousProxy> for Handle

fn from(value: SealingKeysSynchronousProxy) -> Self

Converts to this type from the input type.

impl FromClient for SealingKeysSynchronousProxy

type Protocol = SealingKeysMarker

The protocol.

fn from_client(value: ClientEnd<SealingKeysMarker>) -> Self

Converts from a client.

impl SynchronousProxy for SealingKeysSynchronousProxy

type Proxy = SealingKeysProxy

The async proxy for the same protocol.

type Protocol = SealingKeysMarker

The protocol which this Proxy controls.

fn from_channel(inner: Channel) -> Self

Create a proxy over the given channel.

fn into_channel(self) -> Channel

Convert the proxy back into a channel.

fn as_channel(&self) -> &Channel

Get a reference to the proxy’s underlying channel.

fn is_closed(&self) -> Result<bool, Status>

Returns true if the proxy has received the PEER_CLOSED signal.