kms_stateless/
sealing_keys.rs

1// Copyright 2025 The Fuchsia Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5use fidl_fuchsia_security_keymint::{
6    CreateError, DeleteError, SealError, UnsealError, UpgradeError,
7};
8use fuchsia_component::client;
9
10#[derive(Debug, thiserror::Error)]
11pub enum SealingKeysError {
12    #[error("Failed to connect to protocol: {0:?}")]
13    ConnectToProtocol(#[from] anyhow::Error),
14    #[error(transparent)]
15    Fidl(#[from] fidl::Error),
16    #[error("Failed to create {0:?}")]
17    Create(CreateError),
18    #[error("Failed to seal {0:?}")]
19    Seal(SealError),
20    #[error("Failed to unseal {0:?}")]
21    Unseal(UnsealError),
22    #[error("Failed to upgrade {0:?}")]
23    Upgrade(UpgradeError),
24    #[error("Failed to delete {0:?}")]
25    Delete(DeleteError),
26}
27
28impl From<CreateError> for SealingKeysError {
29    fn from(e: CreateError) -> Self {
30        Self::Create(e)
31    }
32}
33
34impl From<SealError> for SealingKeysError {
35    fn from(e: SealError) -> Self {
36        Self::Seal(e)
37    }
38}
39
40impl From<UnsealError> for SealingKeysError {
41    fn from(e: UnsealError) -> Self {
42        Self::Unseal(e)
43    }
44}
45
46impl From<UpgradeError> for SealingKeysError {
47    fn from(e: UpgradeError) -> Self {
48        Self::Upgrade(e)
49    }
50}
51
52impl From<DeleteError> for SealingKeysError {
53    fn from(e: DeleteError) -> Self {
54        Self::Delete(e)
55    }
56}
57
58/// Convenience wrapper around fuchsia.security.keymint/SealingKeys::CreateSealingKey()
59///
60/// See //sdk/fidl/fuchsia.security.keymint/sealing_keys.fidl for more details.
61///
62/// Requires the caller to have the capability fuchsia.security.keymint.SealingKeys
63pub async fn create_sealing_key(key_info: &[u8]) -> Result<Vec<u8>, SealingKeysError> {
64    client::connect_to_protocol::<fidl_fuchsia_security_keymint::SealingKeysMarker>()?
65        .create_sealing_key(key_info)
66        .await?
67        .map_err(Into::into)
68}
69
70/// Convenience wrapper around fuchsia.security.keymint/SealingKeys:Seal()
71///
72/// See //sdk/fidl/fuchsia.security.keymint/sealing_keys.fidl for more details.
73///
74/// Requires the caller to have the capability fuchsia.security.keymint.SealingKeys
75pub async fn seal(
76    key_info: &[u8],
77    key_blob: &[u8],
78    secret: &[u8],
79) -> Result<Vec<u8>, SealingKeysError> {
80    client::connect_to_protocol::<fidl_fuchsia_security_keymint::SealingKeysMarker>()?
81        .seal(key_info, key_blob, secret)
82        .await?
83        .map_err(Into::into)
84}
85
86/// Convenience wrapper around fuchsia.security.keymint/SealingKeys::Unseal()
87///
88/// See //sdk/fidl/fuchsia.security.keymint/sealing_keys.fidl for more details.
89///
90/// Requires the caller to have the capability fuchsia.security.keymint.SealingKeys
91pub async fn unseal(
92    key_info: &[u8],
93    key_blob: &[u8],
94    sealed_secret: &[u8],
95) -> Result<Vec<u8>, SealingKeysError> {
96    client::connect_to_protocol::<fidl_fuchsia_security_keymint::SealingKeysMarker>()?
97        .unseal(key_info, key_blob, sealed_secret)
98        .await?
99        .map_err(Into::into)
100}
101
102/// Convenience wrapper around fuchsia.security.keymint/SealingKeys::UpgradeSealingKey()
103///
104/// See //sdk/fidl/fuchsia.security.keymint/sealing_keys.fidl for more details.
105///
106/// Requires the caller to have the capability fuchsia.security.keymint.SealingKeys
107pub async fn upgrade_sealing_key(
108    key_info: &[u8],
109    key_blob: &[u8],
110) -> Result<Vec<u8>, SealingKeysError> {
111    client::connect_to_protocol::<fidl_fuchsia_security_keymint::SealingKeysMarker>()?
112        .upgrade_sealing_key(key_info, key_blob)
113        .await?
114        .map_err(Into::into)
115}
116
117/// Convenience wrapper around fuchsia.security.keymint/SealingKeys::DeleteSealingKey()
118///
119/// See //sdk/fidl/fuchsia.security.keymint/sealing_keys.fidl for more details.
120pub async fn delete_sealing_key(key_blob: &[u8]) -> Result<(), SealingKeysError> {
121    client::connect_to_protocol::<fidl_fuchsia_security_keymint::SealingKeysMarker>()?
122        .delete_sealing_key(key_blob)
123        .await?
124        .map_err(Into::into)
125}
126
127/// Convenience wrapper around fuchsia.security.keymint.Admin/DeleteAllKeys()
128///
129/// See //sdk/fidl/fuchsia.security.keymint/admin.fidl for more details.
130///
131/// Requires the caller to have the capability fuchsia.security.keymint.Admin
132pub async fn delete_all_keys() -> Result<(), SealingKeysError> {
133    client::connect_to_protocol::<fidl_fuchsia_security_keymint::AdminMarker>()?
134        .delete_all_keys()
135        .await?
136        .map_err(Into::into)
137}
kms_stateless/sealing_keys.rs

kms_stateless/
sealing_keys.rs
