Struct tss_esapi::abstraction::transient::TransientKeyContext
source · [−]pub struct TransientKeyContext { /* private fields */ }
Expand description
Structure offering an abstracted programming experience.
The TransientKeyContext
makes use of a root key from which the other, client-controlled
keyes are derived.
Currently, only functionality necessary for RSA key creation and usage (for signing, verifying signatures, encryption and decryption) is implemented. The RSA SSA asymmetric scheme with SHA256 is used for all created and imported signing keys. The RSA OAEP asymmetric scheme with SHA256 is used for all created and imported signing/encryption/decryption keys.
Implementations
sourceimpl TransientKeyContext
impl TransientKeyContext
sourcepub fn create_key(
&mut self,
key_params: KeyParams,
auth_size: usize
) -> Result<(TpmsContext, Option<Auth>)>
pub fn create_key(
&mut self,
key_params: KeyParams,
auth_size: usize
) -> Result<(TpmsContext, Option<Auth>)>
Create a new key.
A key is created as a descendant of the context root key, with the given parameters.
If successful, the result contains the saved context of the key and a vector of bytes forming the authentication value for said key.
Constraints
auth_size
must be at most 32
Errors
- if the authentication size is larger than 32 a
WrongParamSize
wrapper error is returned - for RSA keys, if the specified key size is not one of 1024, 2048, 3072 or 4096,
WrongParamSize
is returned - if the key_params is not for an RSA key,
InvalidParam
is returned - if the key_params does not have an
AnySig
scheme,InvalidParam
is returned - errors are returned if any method calls return an error:
Context::get_random
,TransientKeyContext::set_session_attrs
,Context::create
,Context::load
,Context::context_save
,Context::context_flush
sourcepub fn load_external_rsa_public_key(
&mut self,
public_key: &[u8]
) -> Result<TpmsContext>
pub fn load_external_rsa_public_key(
&mut self,
public_key: &[u8]
) -> Result<TpmsContext>
Load a previously generated RSA public key.
Returns the key context.
Constraints
public_key
must be 128, 256, 384 or 512 bytes (i.e. slice elements) long, corresponding to 1024, 2048, 3072 or 4096 bits
Errors
- if the public key length is different than 128, 256, 384 or 512 bytes, a
WrongParamSize
wrapper error is returned - errors are returned if any method calls return an error:
TransientKeyContext::
set_session_attrs,
Context::load_external_public,
Context::context_save,
Context::flush_context`
sourcepub fn load_external_rsa(
&mut self,
key_prime: &[u8],
public_modulus: &[u8],
public_exponent: RsaExponent
) -> Result<TpmsContext>
pub fn load_external_rsa(
&mut self,
key_prime: &[u8],
public_modulus: &[u8],
public_exponent: RsaExponent
) -> Result<TpmsContext>
Load a previously generated RSA keypair. Currently only supports signing keys for RSA PKCS 1v5 with SHA256.
Returns the key context.
Constraints
public_modulus
must be 128, 256, 384 or 512 bytes (i.e. slice elements) long, corresponding to 1024, 2048, 3072 or 4096 bitskey_prime
’s length must coincide with that of the public key. Namely,key_prime
should be 64, 128, 192, or 256 bytes (i.e. slice elements) long for public keys of length 128, 256, 384 or 512 respectively (which in turn correspond to 512/1024/1536/2048 bits forkey_prime
).
Errors
- errors are returned if any method calls return an error.
TransientKeyContext::
set_session_attrs,
Context::load_external,
Context::context_save,
Context::flush_context`
sourcepub fn read_public_key(&mut self, key_context: TpmsContext) -> Result<PublicKey>
pub fn read_public_key(&mut self, key_context: TpmsContext) -> Result<PublicKey>
Read the public part from a previously generated key.
The method takes the key as a parameter and returns its public part.
Errors
- errors are returned if any method calls return an error:
Context::context_load
,Context::read_public
,Context::flush_context
,TransientKeyContext::set_session_attrs
sourcepub fn rsa_encrypt(
&mut self,
key_context: TpmsContext,
key_auth: Option<Auth>,
message: PublicKeyRSA,
scheme: AsymSchemeUnion,
label: Option<Data>
) -> Result<PublicKeyRSA>
pub fn rsa_encrypt(
&mut self,
key_context: TpmsContext,
key_auth: Option<Auth>,
message: PublicKeyRSA,
scheme: AsymSchemeUnion,
label: Option<Data>
) -> Result<PublicKeyRSA>
Encrypt a message with an existing key.
Takes the key as a parameter, encrypts the message and returns the ciphertext. A label (i.e. nonce) can also be provided.
Errors
- errors are returned if any method calls return an error:
Context::context_load
,Context::rsa_encrypt
,Context::flush_context
,TransientKeyContext::set_session_attrs
Context::set_handle_auth
sourcepub fn rsa_decrypt(
&mut self,
key_context: TpmsContext,
key_auth: Option<Auth>,
ciphertext: PublicKeyRSA,
scheme: AsymSchemeUnion,
label: Option<Data>
) -> Result<PublicKeyRSA>
pub fn rsa_decrypt(
&mut self,
key_context: TpmsContext,
key_auth: Option<Auth>,
ciphertext: PublicKeyRSA,
scheme: AsymSchemeUnion,
label: Option<Data>
) -> Result<PublicKeyRSA>
Decrypt ciphertext with an existing key.
Takes the key as a parameter, decrypts the ciphertext and returns the plaintext. A label (i.e. nonce) can also be provided.
Errors
- errors are returned if any method calls return an error:
Context::context_load
,Context::rsa_decrypt
,Context::flush_context
,TransientKeyContext::set_session_attrs
Context::set_handle_auth
sourcepub fn sign(
&mut self,
key_context: TpmsContext,
key_auth: Option<Auth>,
digest: Digest
) -> Result<Signature>
pub fn sign(
&mut self,
key_context: TpmsContext,
key_auth: Option<Auth>,
digest: Digest
) -> Result<Signature>
Sign a digest with an existing key.
Takes the key as a parameter, signs and returns the signature.
Errors
- errors are returned if any method calls return an error:
Context::context_load
,Context::sign
,Context::flush_context
,TransientKeyContext::set_session_attrs
Context::set_handle_auth
sourcepub fn verify_signature(
&mut self,
key_context: TpmsContext,
digest: Digest,
signature: Signature
) -> Result<VerifiedTicket>
pub fn verify_signature(
&mut self,
key_context: TpmsContext,
digest: Digest,
signature: Signature
) -> Result<VerifiedTicket>
Verify a signature against a digest.
Given a digest, a key and a signature, this method returns a Verified
ticket if the
verification was successful.
Errors
- if the verification fails (i.e. the signature is invalid), a TPM error is returned
- errors are returned if any method calls return an error:
Context::context_load
,Context::verify_signature
,Context::flush_context
,TransientKeyContext::set_session_attrs
Trait Implementations
Auto Trait Implementations
impl RefUnwindSafe for TransientKeyContext
impl Send for TransientKeyContext
impl Sync for TransientKeyContext
impl Unpin for TransientKeyContext
impl UnwindSafe for TransientKeyContext
Blanket Implementations
sourceimpl<T> BorrowMut<T> for T where
T: ?Sized,
impl<T> BorrowMut<T> for T where
T: ?Sized,
const: unstable · sourcefn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Mutably borrows from an owned value. Read more