Struct optee_utee::crypto_op::DeriveKey

pub struct DeriveKey(_);

An operation for derive a shared key object.

Implementations

impl DeriveKey

pub fn derive(&self, params: &[Attribute], object: &mut TransientObject)

Take one of the Asymmetric Derivation Operation Algorithm that supports this operation as defined in AlgorithmId, and output a key object.

Parameters

1. params: For algorithm DhDeriveSharedSecret, DhPublicValue is required as the passed in attribute.
2. object: An uninitialized transient object to be filled with the derived key.

Example

let attr_prime = AttributeMemref::from_ref(AttributeId::DhPrime, &[23u8]);
let attr_base = AttributeMemref::from_ref(AttributeId::DhBase, &[5u8]);
let mut public_1 = [0u8; 32];
match TransientObject::allocate(TransientObjectType::DhKeypair, 256) {
    Ok(key_pair_1) => {
        key_pair_1.generate_key(256, &[attr_prime.into(), attr_base.into()])?;
        key_pair_1.ref_attribute(aTTRIBUTEiD::DhPublicValue, &mut public_1)?;
    }
    Err(e) => Err(e),
}

let attr_prime = AttributeMemref::from_ref(AttributeId::DhPrime, &[23u8]);
let attr_base = AttributeMemref::from_ref(AttributeId::DhBase, &[5u8]);
match TransientObject::allocate(TransientObjectType::DhKeypair, 256) {
    Ok(key_pair_2) => {
        key_pair_2.generate_key(256, &[attr_prime.into(), attr_base.into()])?;
        match DeriveKey::allocate(AlgorithmId::DhDeriveSharedSecret, 256) {
            Ok(operation) => {
                operation.set_key(&key_pair_2)?;
                match TransientObject::allocate(TransientObjectType::GenericSecret,
                256) {
                    // Derived key is saved as an transient object
                    Ok(derived_key) => {
                        let attr_public = AttributeMemref::from_ref(AttributeId::DhPublicValue, &public_1);
                        operation.derive(&[attr_public.into()], &mut derived_key);
                        // ...
                        Ok(())
                    }
                    Err(e) => Err(e),
                }
            }
            Err(e) => Err(e),
        }
    }
    Err(e) => Err(e),
}

Panics

1. If the algorithm is not a valid algorithm for DeriveKey.
2. If the object is too small for generated value.
3. If no key is programmed in the operation.
4. Hardware or cryptographic algorithm failure.
5. If the Implementation detects any other error.

pub fn null() -> Self

Create a DeriveKey operation without any specific algorithm or other data.

pub fn allocate(algo: AlgorithmId, max_key_size: usize) -> Result<Self>

Function usage is similar to Digest::allocate. Currently only supports DhDeriveSharedSecret as algo.

pub fn info(&self) -> OperationInfo

Function usage is similar to Digest::info.

pub fn info_multiple(
    &self,
    info_buf: &mut [u8]
) -> Result<OperationInfoMultiple>

Function usage is similar to Digest::info_multiple.

pub fn set_key<T: ObjHandle>(&self, object: &T) -> Result<()>

Function usage is similar to Cipher::set_key.

pub fn copy<T: OpHandle>(&mut self, src: &T)

Function usage is similar to Digest::copy.

Trait Implementations

impl OpHandle for DeriveKey

fn handle(&self) -> TEE_OperationHandle

Return the handle of an operation.