Struct psa_crypto::types::key::Attributes

pub struct Attributes {
    pub lifetime: Lifetime,
    pub key_type: Type,
    pub bits: usize,
    pub policy: Policy,
}

Native definition of the attributes needed to fully describe a cryptographic key.

Fields

lifetime: Lifetime

Lifetime of the key

key_type: Type

Intrinsic category and type of the key

bits: usize

Size of the key in bits

policy: Policy

Policy restricting the permitted usage of the key

Implementations

impl Attributes

pub fn is_exportable(self) -> bool

Check if a key has permission to be exported

pub fn can_export(self) -> Result<()>

Check export in a fallible way

Example

use psa_crypto::types::key::{Attributes, Type, Lifetime, Policy, UsageFlags};
use psa_crypto::types::algorithm::{Algorithm, AsymmetricSignature, Hash};

let mut usage_flags: UsageFlags = Default::default();
let mut attributes = Attributes {
    key_type: Type::RsaKeyPair,
    bits: 1024,
    lifetime: Lifetime::Volatile,
    policy: Policy {
        usage_flags,
        permitted_algorithms: Algorithm::AsymmetricSignature(AsymmetricSignature::RsaPkcs1v15Sign {
            hash_alg: Hash::Sha256.into(),
        }),
    },
};
// Can not export because the export flag is set to false.
attributes.can_export().unwrap_err();

pub fn is_hash_signable(self) -> bool

Check if a key has permission to sign a message hash

pub fn can_sign_hash(self) -> Result<()>

Check hash signing permission in a fallible way

pub fn is_hash_verifiable(self) -> bool

Check if a key has permission to verify a message hash

pub fn can_verify_hash(self) -> Result<()>

Check hash verifying permission in a fallible way

pub fn is_message_signable(self) -> bool

Check if a key has permission to sign a message

pub fn can_sign_message(self) -> Result<()>

Check message signing permission in a fallible way

pub fn is_message_verifiable(self) -> bool

Check if a key has permission to verify a message

pub fn can_verify_message(self) -> Result<()>

Check message verifying permission in a fallible way

pub fn is_encrypt_permitted(self) -> bool

Check if a key has permissions to encrypt a message

pub fn can_encrypt_message(self) -> Result<()>

Check encrypt permission in a fallible way

pub fn is_decrypt_permitted(self) -> bool

Check if a key has permissions to decrypt a message

pub fn can_decrypt_message(self) -> Result<()>

Check decrypt permission in a fallible way

pub fn is_derivable(self) -> bool

Check if a key has permissions to be derived from

pub fn can_derive_from(self) -> Result<()>

Check derive permission of a fallible way

pub fn can_convert_into_psa(self) -> Result<()>

Check if can be converted into psa_key_attributes_t

pub fn is_alg_permitted(self, alg: Algorithm) -> bool

Check if the alg given for a cryptographic operation is permitted to be used with the key

pub fn permits_alg(self, alg: Algorithm) -> Result<()>

Check if alg is permitted in a fallible way

pub fn is_compatible_with_alg(self, alg: Algorithm) -> bool

Check if the alg given for a cryptographic operation is compatible with the type of the key

Example

use psa_crypto::types::key::{Attributes, Type, Lifetime, Policy, UsageFlags};
use psa_crypto::types::algorithm::{Algorithm, AsymmetricSignature, Hash};

let permitted_alg = Algorithm::AsymmetricSignature(AsymmetricSignature::RsaPkcs1v15Sign {
    hash_alg: Hash::Sha256.into(),
});
let alg = Algorithm::AsymmetricSignature(AsymmetricSignature::RsaPkcs1v15Sign {
    hash_alg: Hash::Sha256.into(),
});
let mut usage_flags: UsageFlags = Default::default();
let mut attributes = Attributes {
    key_type: Type::RsaKeyPair,
    bits: 1024,
    lifetime: Lifetime::Volatile,
    policy: Policy {
        usage_flags,
        permitted_algorithms: permitted_alg,
    },
};
assert!(attributes.is_compatible_with_alg(alg));
attributes.key_type = Type::RsaPublicKey;
assert!(attributes.is_compatible_with_alg(alg));

pub fn compatible_with_alg(self, alg: Algorithm) -> Result<()>

Check if alg is compatible in a fallible way

pub fn from_key_id(key_id: Id) -> Result<Self>

Gets the attributes for a given key ID

The Id structure can be created with the from_persistent_key_id constructor on Id.

Example

psa_crypto::init().unwrap();
let my_key_id = key_management::generate(attributes, None).unwrap();
//...
let key_attributes = Attributes::from_key_id(my_key_id);

pub fn export_key_output_size(self) -> Result<usize>

Sufficient size for a buffer to export the key, if supported

pub fn export_public_key_output_size(self) -> Result<usize>

Sufficient size for a buffer to export the public key, if supported

pub fn sign_output_size(self, alg: AsymmetricSignature) -> Result<usize>

Sufficient buffer size for a signature using the given key, if the key is supported

pub fn asymmetric_encrypt_output_size( self, alg: AsymmetricEncryption ) -> Result<usize>

Sufficient buffer size for an encrypted message using the given asymmetric encryption algorithm

pub fn asymmetric_decrypt_output_size( self, alg: AsymmetricEncryption ) -> Result<usize>

Sufficient buffer size for a decrypted message using the given asymmetric encryption algorithm

pub fn mac_length(self, mac_alg: Mac) -> Result<usize>

Sufficient buffer size for the MAC of the specified algorithm, if compatible

pub fn aead_encrypt_output_size( self, alg: Aead, plaintext_len: usize ) -> Result<usize>

Sufficient buffer size for an encrypted message using the given aead algorithm

pub fn aead_decrypt_output_size( self, alg: Aead, ciphertext_len: usize ) -> Result<usize>

Sufficient buffer size for an encrypted message using the given aead algorithm

pub fn aead_tag_length(self, alg: Aead) -> Result<usize>

The length of a tag for an AEAD algorithm

pub fn raw_key_agreement_output_size( self, alg: RawKeyAgreement ) -> Result<usize>

Sufficient buffer size for the resulting shared secret from a raw key agreement

Trait Implementations

impl Clone for Attributes

fn clone(&self) -> Attributes

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for Attributes

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl<'de> Deserialize<'de> for Attributes

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>

where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer.

impl PartialEq for Attributes

fn eq(&self, other: &Attributes) -> bool

This method tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

This method tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl Serialize for Attributes

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>

where __S: Serializer,

Serialize this value into the given Serde serializer.

impl TryFrom<Attributes> for psa_key_attributes_t

type Error = Error

The type returned in the event of a conversion error.

fn try_from(attributes: Attributes) -> Result<Self>

Performs the conversion.

impl TryFrom<Attributes> for usize

type Error = Error

The type returned in the event of a conversion error.

fn try_from(attributes: Attributes) -> Result<Self>

Performs the conversion.

impl TryFrom<psa_key_attributes_s> for Attributes

type Error = Error

The type returned in the event of a conversion error.

fn try_from(attributes: psa_key_attributes_t) -> Result<Self>

Performs the conversion.

impl Zeroize for Attributes

fn zeroize(&mut self)

Zero out this object from memory using Rust intrinsics which ensure the zeroization operation is not “optimized away” by the compiler.

impl Copy for Attributes

impl Eq for Attributes

impl StructuralEq for Attributes

impl StructuralPartialEq for Attributes