prf::crypto::IKeyService class

#include <crypto/key_service.hpp>

Derived classes

class prf::control::test::FakeKeyService final

class KeyService final

Default key service implementation used by control interface.

Public types

using TrustedKeyVisitor = bool(*)(const TrustedKeyRecord&record, void*user_ctx)

Callback used to stream one trusted key record to caller.

Constructors, destructors, conversion operators

~IKeyService() defaulted virtual

Public functions

auto add_trusted_key(const Ed25519PublicKey& public_key, KeyFlags flags, KeyId* out_key_id) -> bool pure virtual

Adds one trusted public key with selected role flags.

auto device_identity(Ed25519PublicKey* out_public_key, KeyId* out_key_id) const -> bool pure virtual

Returns device public key and its deterministic key identifier.

auto for_each_trusted_key(TrustedKeyVisitor visitor, void* user_ctx, size_t* out_count = nullptr) const -> bool pure virtual

Iterates all trusted keys stored in keyring without intermediate list materialization.

auto has_admin_trusted_key() const -> bool pure virtual

Returns true when any stored key is both trusted and admin.

auto is_admin_key(std::span<const uint8_t> key_id) const -> bool pure virtual

Returns true when key id exists and has admin flag enabled.

auto remove_trusted_key(std::span<const uint8_t> key_id) -> bool pure virtual

Removes one trusted key selected by key id.

auto sign(std::span<const uint8_t> message, Ed25519Signature* out_signature) const -> bool pure virtual

Signs message bytes with device private key.

auto update_trusted_key_flags(std::span<const uint8_t> key_id, KeyFlags mask, KeyFlags values) -> bool pure virtual

Updates role flags for one trusted key.

auto verify(std::span<const uint8_t> message, const Ed25519Signature& signature, std::span<const uint8_t> key_id) const -> bool pure virtual

Verifies message signature against stored key selected by key id.

Typedef documentation

Function documentation