Skip to main content

Crate rialo_tee_secret_sharing

Crate rialo_tee_secret_sharing 

Source
Expand description

Secret sharing key management and wrapping for TEEs

This crate provides secure key management and secret sharing capabilities for TEEs. It includes key generation, cryptographic operations, and wrapping mechanisms for secure communication.

Re-exports§

pub use self::constants::SECRET_SHARING_HPKE_INFO;
pub use self::constants::USER_SECRET_AAD;
pub use self::hw_rng::HwRng;
pub use self::hw_rng::HwRngError;
pub use self::key::SecretSharingKey;
pub use self::traits::SecretSharingEngine;
pub use self::types::Aad;
pub use self::types::KeyId;
pub use self::types::WrappedKeyEnvelope;
pub use self::wrapping::aad_for_dkg;
pub use self::wrapping::unwrap_scalar;
pub use self::wrapping::wrap_scalar_for_recipient;
pub use self::wrapping::HpkeX25519ChaChaEngine;

Modules§

constants
hw_rng
Hardware RNG for x86_64 TEEs.
key
Secret sharing key management for TEEs
traits
Traits for secret sharing operations.
types
Type definitions for secret sharing operations
wrapping
HPKE-based wrapping of the global SecretSharing private key (SK_priv) for delivery to recipient TEEs.

Structs§

PublicKey
Strongly typed X25519 public key wrapper used throughout the TEE crates.

Enums§

SecretSharingError
Errors surfaced by the secret-sharing engine and helpers.

Functions§

decrypt_user_ciphertext
Common helper function to decrypt user ciphertext using HPKE. This function uses the stored secret sharing key to perform HPKE decryption with the user provided AAD for authenticated encryption.
decrypt_user_message
Decrypt a user-submitted encrypted message using the stored SecretSharingKey.
encrypt_user_payload
Client-side HPKE encryption function for user payloads. This is a convenience wrapper around the engine’s encrypt function that:
has_secret_key
Returns true if a secret key has been initialized in this TEE instance.
initialize_secret_key
Initialize the secret sharing key for this TEE instance. This should be called once during TEE startup after key generation or distribution. The key remains isolated within this module for security.

Type Aliases§

DefaultEngine
Default engine = HPKE X25519 + HKDF-SHA256 + ChaCha20-Poly1305