Struct tss_esapi::abstraction::transient::TransientKeyContext [−][src]
pub struct TransientKeyContext { /* fields omitted */ }
Expand description
Structure offering an abstracted programming experience.
The TransientKeyContext
makes use of a root key from which the other, client-controlled
keyes are derived.
Currently, only functionality necessary for RSA key creation and usage (for signing, verifying signatures, encryption and decryption) is implemented. The RSA SSA asymmetric scheme with SHA256 is used for all created and imported signing keys. The RSA OAEP asymmetric scheme with SHA256 is used for all created and imported signing/encryption/decryption keys.
Implementations
pub fn create_key(
&mut self,
key_params: KeyParams,
auth_size: usize
) -> Result<(KeyMaterial, Option<Auth>)>
pub fn create_key(
&mut self,
key_params: KeyParams,
auth_size: usize
) -> Result<(KeyMaterial, Option<Auth>)>
Create a new key.
A key is created as a descendant of the context root key, with the given parameters.
If successful, the result contains the KeyMaterial of the key and a vector of bytes forming the authentication value for said key.
Constraints
auth_size
must be at most 32
Errors
- if the authentication size is larger than 32 a
WrongParamSize
wrapper error is returned
Load a previously generated RSA public key.
Returns the key context.
Constraints
public_key
must be 128, 256, 384 or 512 bytes (i.e. slice elements) long, corresponding to 1024, 2048, 3072 or 4096 bits
Errors
- if the public key length is different than 128, 256, 384 or 512 bytes, a
WrongParamSize
wrapper error is returned
pub fn rsa_encrypt(
&mut self,
key_material: KeyMaterial,
key_params: KeyParams,
key_auth: Option<Auth>,
message: PublicKeyRsa,
label: Option<Data>
) -> Result<PublicKeyRsa>
pub fn rsa_encrypt(
&mut self,
key_material: KeyMaterial,
key_params: KeyParams,
key_auth: Option<Auth>,
message: PublicKeyRsa,
label: Option<Data>
) -> Result<PublicKeyRsa>
Encrypt a message with an existing key.
Takes the key as a parameter, encrypts the message and returns the ciphertext. A label (i.e. nonce) can also be provided.
pub fn rsa_decrypt(
&mut self,
key_material: KeyMaterial,
key_params: KeyParams,
key_auth: Option<Auth>,
ciphertext: PublicKeyRsa,
label: Option<Data>
) -> Result<PublicKeyRsa>
pub fn rsa_decrypt(
&mut self,
key_material: KeyMaterial,
key_params: KeyParams,
key_auth: Option<Auth>,
ciphertext: PublicKeyRsa,
label: Option<Data>
) -> Result<PublicKeyRsa>
Decrypt ciphertext with an existing key.
Takes the key as a parameter, decrypts the ciphertext and returns the plaintext. A label (i.e. nonce) can also be provided.
Sign a digest with an existing key.
Takes the key as a parameter, signs and returns the signature.
pub fn verify_signature(
&mut self,
key_material: KeyMaterial,
key_params: KeyParams,
digest: Digest,
signature: Signature
) -> Result<VerifiedTicket>
pub fn verify_signature(
&mut self,
key_material: KeyMaterial,
key_params: KeyParams,
digest: Digest,
signature: Signature
) -> Result<VerifiedTicket>
Verify a signature against a digest.
Given a digest, a key and a signature, this method returns a Verified
ticket if the
verification was successful.
Errors
- if the verification fails (i.e. the signature is invalid), a TPM error is returned
pub fn migrate_key_from_ctx(
&mut self,
context: TpmsContext,
auth: Option<Auth>
) -> Result<KeyMaterial>
pub fn migrate_key_from_ctx(
&mut self,
context: TpmsContext,
auth: Option<Auth>
) -> Result<KeyMaterial>
Perform a migration from the previous version of the TransientKeyContext.
The original version of the TransientKeyContext used contexts of keys for persistence. This method allows a key persisted in this way to be migrated to the new format.
The method determines on its own whether the loaded key was a keypair or just a public key.