Struct tss_esapi::abstraction::transient::TransientKeyContext
source · [−]pub struct TransientKeyContext { /* private fields */ }Expand description
Structure offering an abstracted programming experience.
The TransientKeyContext makes use of a root key from which the other, client-controlled
keyes are derived.
Currently, only functionality necessary for RSA key creation and usage (for signing, verifying signatures, encryption and decryption) is implemented. The RSA SSA asymmetric scheme with SHA256 is used for all created and imported signing keys. The RSA OAEP asymmetric scheme with SHA256 is used for all created and imported signing/encryption/decryption keys.
Implementations
sourceimpl TransientKeyContext
impl TransientKeyContext
sourcepub fn get_make_cred_params(
&mut self,
object: ObjectWrapper,
key: Option<ObjectWrapper>
) -> Result<MakeCredParams>
pub fn get_make_cred_params(
&mut self,
object: ObjectWrapper,
key: Option<ObjectWrapper>
) -> Result<MakeCredParams>
Get the data required to perform a MakeCredential
Parameters
object- the object whose TPM name will be included in the credentialkey- the key to be used to encrypt the secret that wraps the credential
Note: If no key is given, the default Endorsement Key
will be used.
sourcepub fn activate_credential(
&mut self,
object: ObjectWrapper,
key: Option<ObjectWrapper>,
credential_blob: Vec<u8>,
secret: Vec<u8>
) -> Result<Vec<u8>>
pub fn activate_credential(
&mut self,
object: ObjectWrapper,
key: Option<ObjectWrapper>,
credential_blob: Vec<u8>,
secret: Vec<u8>
) -> Result<Vec<u8>>
Perform an ActivateCredential operation for the given object
Parameters
object- the object whose TPM name is included in the credentialkey- the key used to encrypt the secret that wraps the credentialcredential_blob- encrypted credential that will be returned by the TPMsecret- encrypted secret that was used to encrypt the credential
Note: if no key is given, the default Endorsement Key
will be used. You can find more information about the default Endorsement
Key in the ek module.
sourceimpl TransientKeyContext
impl TransientKeyContext
sourcepub fn create_key(
&mut self,
key_params: KeyParams,
auth_size: usize
) -> Result<(KeyMaterial, Option<Auth>)>
pub fn create_key(
&mut self,
key_params: KeyParams,
auth_size: usize
) -> Result<(KeyMaterial, Option<Auth>)>
Create a new key.
A key is created as a descendant of the context root key, with the given parameters.
If successful, the result contains the KeyMaterial of the key and a vector of bytes forming the authentication value for said key.
Constraints
auth_sizemust be at most 32
Errors
- if the authentication size is larger than 32 a
WrongParamSizewrapper error is returned
sourcepub fn load_external_public_key(
&mut self,
public_key: PublicKey,
params: KeyParams
) -> Result<KeyMaterial>
pub fn load_external_public_key(
&mut self,
public_key: PublicKey,
params: KeyParams
) -> Result<KeyMaterial>
Load the public part of a key.
Returns the key context.
sourcepub fn rsa_encrypt(
&mut self,
key_material: KeyMaterial,
key_params: KeyParams,
key_auth: Option<Auth>,
message: PublicKeyRsa,
label: Option<Data>
) -> Result<PublicKeyRsa>
pub fn rsa_encrypt(
&mut self,
key_material: KeyMaterial,
key_params: KeyParams,
key_auth: Option<Auth>,
message: PublicKeyRsa,
label: Option<Data>
) -> Result<PublicKeyRsa>
Encrypt a message with an existing key.
Takes the key as a parameter, encrypts the message and returns the ciphertext. A label (i.e. nonce) can also be provided.
sourcepub fn rsa_decrypt(
&mut self,
key_material: KeyMaterial,
key_params: KeyParams,
key_auth: Option<Auth>,
ciphertext: PublicKeyRsa,
label: Option<Data>
) -> Result<PublicKeyRsa>
pub fn rsa_decrypt(
&mut self,
key_material: KeyMaterial,
key_params: KeyParams,
key_auth: Option<Auth>,
ciphertext: PublicKeyRsa,
label: Option<Data>
) -> Result<PublicKeyRsa>
Decrypt ciphertext with an existing key.
Takes the key as a parameter, decrypts the ciphertext and returns the plaintext. A label (i.e. nonce) can also be provided.
sourcepub fn sign(
&mut self,
key_material: KeyMaterial,
key_params: KeyParams,
key_auth: Option<Auth>,
digest: Digest
) -> Result<Signature>
pub fn sign(
&mut self,
key_material: KeyMaterial,
key_params: KeyParams,
key_auth: Option<Auth>,
digest: Digest
) -> Result<Signature>
Sign a digest with an existing key.
Takes the key as a parameter, signs and returns the signature.
sourcepub fn verify_signature(
&mut self,
key_material: KeyMaterial,
key_params: KeyParams,
digest: Digest,
signature: Signature
) -> Result<VerifiedTicket>
pub fn verify_signature(
&mut self,
key_material: KeyMaterial,
key_params: KeyParams,
digest: Digest,
signature: Signature
) -> Result<VerifiedTicket>
Verify a signature against a digest.
Given a digest, a key and a signature, this method returns a Verified ticket if the
verification was successful.
Errors
- if the verification fails (i.e. the signature is invalid), a TPM error is returned
sourcepub fn migrate_key_from_ctx(
&mut self,
context: TpmsContext,
auth: Option<Auth>
) -> Result<KeyMaterial>
pub fn migrate_key_from_ctx(
&mut self,
context: TpmsContext,
auth: Option<Auth>
) -> Result<KeyMaterial>
Perform a migration from the previous version of the TransientKeyContext.
The original version of the TransientKeyContext used contexts of keys for persistence. This method allows a key persisted in this way to be migrated to the new format.
The method determines on its own whether the loaded key was a keypair or just a public key.
sourcepub fn builder() -> TransientKeyContextBuilder
pub fn builder() -> TransientKeyContextBuilder
Get a builder for the structure
Trait Implementations
Auto Trait Implementations
impl RefUnwindSafe for TransientKeyContext
impl Send for TransientKeyContext
impl Sync for TransientKeyContext
impl Unpin for TransientKeyContext
impl UnwindSafe for TransientKeyContext
Blanket Implementations
sourceimpl<T> BorrowMut<T> for T where
T: ?Sized,
impl<T> BorrowMut<T> for T where
T: ?Sized,
const: unstable · sourcepub fn borrow_mut(&mut self) -> &mut T
pub fn borrow_mut(&mut self) -> &mut T
Mutably borrows from an owned value. Read more