Skip to content

File SolidSyslogKeyFunction.h

FileList > Core > Interface > SolidSyslogKeyFunction.h

Go to the source code of this file

The on-demand secret-key callback typedef the integrator supplies to a keyed SecurityPolicy, so the key never lives on the policy instance.

  • #include "ExternC.h"
  • #include <stdbool.h>
  • #include <stddef.h>
  • #include <stdint.h>

Public Attributes

Type Name
EXTERN_C_BEGIN typedef bool(* SolidSyslogKeyFunction
Fetches a secret key on demand.

Public Attributes Documentation

variable SolidSyslogKeyFunction

Fetches a secret key on demand.

EXTERN_C_BEGIN typedef bool(* SolidSyslogKeyFunction) (void *context, uint8_t *keyOut, size_t capacity, size_t *keyLengthOut);

A keyed SecurityPolicy calls this at seal / verify time, copies the key into a transient buffer, uses it, and wipes the buffer, so the key is never stored on the policy instance. The integrator decides where the key actually lives (secure element, KDF, encrypted NVM, ...).

Writes up to capacity bytes into keyOut, sets keyLengthOut to the number of bytes written, and returns true on success. Returns false if the key is unavailable or does not fit, which fails the seal / verify operation closed.

Each keyed policy imposes its own length requirement on the reported key and fails closed if it is not met: AES-GCM requires exactly 32 bytes; the HMAC-SHA256 policies require at least 32 bytes (the SHA-256 output size, per RFC 2104 / NIST SP 800-107). context is passed through unchanged from the policy config the callback was registered in.



The documentation for this class was generated from the following file Core/Interface/SolidSyslogKeyFunction.h