Struct psa_crypto::types::key::Attributes
source · pub struct Attributes {
pub lifetime: Lifetime,
pub key_type: Type,
pub bits: usize,
pub policy: Policy,
}
Expand description
Native definition of the attributes needed to fully describe a cryptographic key.
Fields§
§lifetime: Lifetime
Lifetime of the key
key_type: Type
Intrinsic category and type of the key
bits: usize
Size of the key in bits
policy: Policy
Policy restricting the permitted usage of the key
Implementations§
source§impl Attributes
impl Attributes
sourcepub fn is_exportable(self) -> bool
pub fn is_exportable(self) -> bool
Check if a key has permission to be exported
sourcepub fn can_export(self) -> Result<()>
pub fn can_export(self) -> Result<()>
Check export in a fallible way
Example
use psa_crypto::types::key::{Attributes, Type, Lifetime, Policy, UsageFlags};
use psa_crypto::types::algorithm::{Algorithm, AsymmetricSignature, Hash};
let mut usage_flags: UsageFlags = Default::default();
let mut attributes = Attributes {
key_type: Type::RsaKeyPair,
bits: 1024,
lifetime: Lifetime::Volatile,
policy: Policy {
usage_flags,
permitted_algorithms: Algorithm::AsymmetricSignature(AsymmetricSignature::RsaPkcs1v15Sign {
hash_alg: Hash::Sha256.into(),
}),
},
};
// Can not export because the export flag is set to false.
attributes.can_export().unwrap_err();
sourcepub fn is_hash_signable(self) -> bool
pub fn is_hash_signable(self) -> bool
Check if a key has permission to sign a message hash
sourcepub fn can_sign_hash(self) -> Result<()>
pub fn can_sign_hash(self) -> Result<()>
Check hash signing permission in a fallible way
sourcepub fn is_hash_verifiable(self) -> bool
pub fn is_hash_verifiable(self) -> bool
Check if a key has permission to verify a message hash
sourcepub fn can_verify_hash(self) -> Result<()>
pub fn can_verify_hash(self) -> Result<()>
Check hash verifying permission in a fallible way
sourcepub fn is_message_signable(self) -> bool
pub fn is_message_signable(self) -> bool
Check if a key has permission to sign a message
sourcepub fn can_sign_message(self) -> Result<()>
pub fn can_sign_message(self) -> Result<()>
Check message signing permission in a fallible way
sourcepub fn is_message_verifiable(self) -> bool
pub fn is_message_verifiable(self) -> bool
Check if a key has permission to verify a message
sourcepub fn can_verify_message(self) -> Result<()>
pub fn can_verify_message(self) -> Result<()>
Check message verifying permission in a fallible way
sourcepub fn is_encrypt_permitted(self) -> bool
pub fn is_encrypt_permitted(self) -> bool
Check if a key has permissions to encrypt a message
sourcepub fn can_encrypt_message(self) -> Result<()>
pub fn can_encrypt_message(self) -> Result<()>
Check encrypt permission in a fallible way
sourcepub fn is_decrypt_permitted(self) -> bool
pub fn is_decrypt_permitted(self) -> bool
Check if a key has permissions to decrypt a message
sourcepub fn can_decrypt_message(self) -> Result<()>
pub fn can_decrypt_message(self) -> Result<()>
Check decrypt permission in a fallible way
sourcepub fn is_derivable(self) -> bool
pub fn is_derivable(self) -> bool
Check if a key has permissions to be derived from
sourcepub fn can_derive_from(self) -> Result<()>
pub fn can_derive_from(self) -> Result<()>
Check derive permission of a fallible way
sourcepub fn can_convert_into_psa(self) -> Result<()>
pub fn can_convert_into_psa(self) -> Result<()>
Check if can be converted into psa_key_attributes_t
sourcepub fn is_alg_permitted(self, alg: Algorithm) -> bool
pub fn is_alg_permitted(self, alg: Algorithm) -> bool
Check if the alg given for a cryptographic operation is permitted to be used with the key
sourcepub fn permits_alg(self, alg: Algorithm) -> Result<()>
pub fn permits_alg(self, alg: Algorithm) -> Result<()>
Check if alg is permitted in a fallible way
sourcepub fn is_compatible_with_alg(self, alg: Algorithm) -> bool
pub fn is_compatible_with_alg(self, alg: Algorithm) -> bool
Check if the alg given for a cryptographic operation is compatible with the type of the key
Example
use psa_crypto::types::key::{Attributes, Type, Lifetime, Policy, UsageFlags};
use psa_crypto::types::algorithm::{Algorithm, AsymmetricSignature, Hash};
let permitted_alg = Algorithm::AsymmetricSignature(AsymmetricSignature::RsaPkcs1v15Sign {
hash_alg: Hash::Sha256.into(),
});
let alg = Algorithm::AsymmetricSignature(AsymmetricSignature::RsaPkcs1v15Sign {
hash_alg: Hash::Sha256.into(),
});
let mut usage_flags: UsageFlags = Default::default();
let mut attributes = Attributes {
key_type: Type::RsaKeyPair,
bits: 1024,
lifetime: Lifetime::Volatile,
policy: Policy {
usage_flags,
permitted_algorithms: permitted_alg,
},
};
assert!(attributes.is_compatible_with_alg(alg));
attributes.key_type = Type::RsaPublicKey;
assert!(attributes.is_compatible_with_alg(alg));
sourcepub fn compatible_with_alg(self, alg: Algorithm) -> Result<()>
pub fn compatible_with_alg(self, alg: Algorithm) -> Result<()>
Check if alg is compatible in a fallible way
sourcepub fn from_key_id(key_id: Id) -> Result<Self>
pub fn from_key_id(key_id: Id) -> Result<Self>
Gets the attributes for a given key ID
The Id
structure can be created with the from_persistent_key_id
constructor on Id
.
Example
psa_crypto::init().unwrap();
let my_key_id = key_management::generate(attributes, None).unwrap();
//...
let key_attributes = Attributes::from_key_id(my_key_id);
sourcepub fn export_key_output_size(self) -> Result<usize>
pub fn export_key_output_size(self) -> Result<usize>
Sufficient size for a buffer to export the key, if supported
sourcepub fn export_public_key_output_size(self) -> Result<usize>
pub fn export_public_key_output_size(self) -> Result<usize>
Sufficient size for a buffer to export the public key, if supported
sourcepub fn sign_output_size(self, alg: AsymmetricSignature) -> Result<usize>
pub fn sign_output_size(self, alg: AsymmetricSignature) -> Result<usize>
Sufficient buffer size for a signature using the given key, if the key is supported
sourcepub fn asymmetric_encrypt_output_size(
self,
alg: AsymmetricEncryption
) -> Result<usize>
pub fn asymmetric_encrypt_output_size( self, alg: AsymmetricEncryption ) -> Result<usize>
Sufficient buffer size for an encrypted message using the given asymmetric encryption algorithm
sourcepub fn asymmetric_decrypt_output_size(
self,
alg: AsymmetricEncryption
) -> Result<usize>
pub fn asymmetric_decrypt_output_size( self, alg: AsymmetricEncryption ) -> Result<usize>
Sufficient buffer size for a decrypted message using the given asymmetric encryption algorithm
sourcepub fn mac_length(self, mac_alg: Mac) -> Result<usize>
pub fn mac_length(self, mac_alg: Mac) -> Result<usize>
Sufficient buffer size for the MAC of the specified algorithm, if compatible
sourcepub fn aead_encrypt_output_size(
self,
alg: Aead,
plaintext_len: usize
) -> Result<usize>
pub fn aead_encrypt_output_size( self, alg: Aead, plaintext_len: usize ) -> Result<usize>
Sufficient buffer size for an encrypted message using the given aead algorithm
sourcepub fn aead_decrypt_output_size(
self,
alg: Aead,
ciphertext_len: usize
) -> Result<usize>
pub fn aead_decrypt_output_size( self, alg: Aead, ciphertext_len: usize ) -> Result<usize>
Sufficient buffer size for an encrypted message using the given aead algorithm
sourcepub fn aead_tag_length(self, alg: Aead) -> Result<usize>
pub fn aead_tag_length(self, alg: Aead) -> Result<usize>
The length of a tag for an AEAD algorithm
sourcepub fn raw_key_agreement_output_size(
self,
alg: RawKeyAgreement
) -> Result<usize>
pub fn raw_key_agreement_output_size( self, alg: RawKeyAgreement ) -> Result<usize>
Sufficient buffer size for the resulting shared secret from a raw key agreement
Trait Implementations§
source§impl Clone for Attributes
impl Clone for Attributes
source§fn clone(&self) -> Attributes
fn clone(&self) -> Attributes
1.0.0 · source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
source
. Read moresource§impl Debug for Attributes
impl Debug for Attributes
source§impl<'de> Deserialize<'de> for Attributes
impl<'de> Deserialize<'de> for Attributes
source§fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>where
__D: Deserializer<'de>,
fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>where
__D: Deserializer<'de>,
source§impl PartialEq for Attributes
impl PartialEq for Attributes
source§fn eq(&self, other: &Attributes) -> bool
fn eq(&self, other: &Attributes) -> bool
self
and other
values to be equal, and is used
by ==
.