class Server

Programs the ephemerally wrapped `wrapped_key` into the inline encryption hardware in the

next available `slot`. All slots programmed via the connection this method is called on

will be evicted once the connection is dropped. It is not possible to evict individual keys

(not for any technical reasons; a need for this has not yet arisen). `wrapped_key` must be

a key wrapped by the inline encryption hardware (in the same session/boot) via a separate

mechanism to this protocol.

Returns

- ZX_ERR_NO_RESOURCES if there are no available key slots.

- ZX_ERR_INVALID_ARGS if `wrapped_key` is not the expected size or if the `wrapped_key`

fails authentication (e.g. wrapped_key is from a previous boot).

- ZX_ERR_TIMED_OUT if the operation times out.

- ZX_ERR_INTERNAL if the operation failed for any other reason.

Derives a raw software secret from the ephemerally wrapped `wrapped_key`. `wrapped_key`

must be a key wrapped by the inline encryption hardware (in the same session/boot) via a

separate mechanism to this protocol. The returned secret can be used for non-inline

cryptographic operations e.g. it can be used for encrypting filesystem metadata not covered

by inline encryption.

Returns

- ZX_ERR_INVALID_ARGS if `wrapped_key` is not the expected size or if the `wrapped_key`

fails authentication (e.g. wrapped_key is from a previous boot).

- ZX_ERR_TIMED_OUT if the operation times out.

- ZX_ERR_INTERNAL if the operation failed for any other reason.

|bind_handler| returns a handler that binds incoming connections to this

server implementation.

The returned handler borrows the server instance.

The server must outlive the provided |dispatcher|. Only after

the dispatcher is shutdown will it be safe to destroy the servers.

The server should not be moved.