Function sgx_tse::rsgx_get_key

pub fn rsgx_get_key(
    key_request: &sgx_key_request_t
) -> SgxResult<sgx_key_128bit_t>

The rsgx_get_key function generates a 128-bit secret key using the input information.

This function is a wrapper for the SGX EGETKEY instruction.

Description

The rsgx_get_key function generates a 128-bit secret key from the processor specific key hierarchy with the key_request information. If the function fails with an error code, the key buffer will be filled with random numbers. The key_request structure needs to be initialized properly to obtain the requested key type. See sgx_key_request_t for structure details.

Parameters

key_request

A pointer to a sgx_key_request_t object used for selecting the appropriate key and any additional parameters required in the derivation of that key. The pointer must be located within the enclave.

See details on the sgx_key_request_t to understand initializing this structure before calling this function.

Requirements

Library: libsgx_tservice.a

Return value

Cryptographic key

Errors

SGX_ERROR_INVALID_PARAMETER

Indicates an error that the input parameters are invalid.

SGX_ERROR_OUT_OF_MEMORY

Indicates an error that the enclave is out of memory.

SGX_ERROR_INVALID_ATTRIBUTE

Indicates the key_request requests a key for a KEYNAME which the enclave is not authorized.

SGX_ERROR_INVALID_CPUSVN

Indicates key_request->cpu_svn is beyond platform CPUSVN value

SGX_ERROR_INVALID_ISVSVN

Indicates key_request->isv_svn is greater than the enclave’s ISVSVN

SGX_ERROR_INVALID_KEYNAME

Indicates key_request->key_name is an unsupported value

SGX_ERROR_UNEXPECTED

Indicates an unexpected error occurs during the key generation process.