Struct tss_esapi::abstraction::transient::TransientKeyContext

source · 
pub struct TransientKeyContext { /* private fields */ }
Expand description

Structure offering an abstracted programming experience.

The TransientKeyContext makes use of a root key from which the other, client-controlled keys are derived.

This abstraction makes public key cryptography more accessible, focusing on asymmetric encryption and signatures in particular, by allowing users to offload object and session management.

Implementations§

source§

impl TransientKeyContext

source

pub fn get_make_cred_params(
&mut self,
object: ObjectWrapper,
key: Option<ObjectWrapper>
) -> Result<MakeCredParams>

Get the data required to perform a MakeCredential

Parameters
  • object - the object whose TPM name will be included in the credential
  • key - the key to be used to encrypt the secret that wraps the credential

Note: If no key is given, the default Endorsement Key will be used.

source

pub fn activate_credential(
&mut self,
object: ObjectWrapper,
key: Option<ObjectWrapper>,
credential_blob: Vec<u8>,
secret: Vec<u8>
) -> Result<Vec<u8>>

Perform an ActivateCredential operation for the given object

Parameters
  • object - the object whose TPM name is included in the credential
  • key - the key used to encrypt the secret that wraps the credential
  • credential_blob - encrypted credential that will be returned by the TPM
  • secret - encrypted secret that was used to encrypt the credential

Note: if no key is given, the default Endorsement Key will be used. You can find more information about the default Endorsement Key in the ek module.

source§

impl TransientKeyContext

source

pub fn create_key(
&mut self,
key_params: KeyParams,
auth_size: usize
) -> Result<(KeyMaterial, Option<Auth>)>

Create a new key.

A key is created as a descendant of the context root key, with the given parameters.

If successful, the result contains the KeyMaterial of the key and a vector of bytes forming the authentication value for said key.

The following key attributes are always set: fixed_tpm, fixed_parent, sensitive_data_origin, user_with_auth. The restricted attribute is not set. See section 8.3 in the Structures spec for a detailed description of these attributes.

Constraints
  • auth_size must be at most 32
Errors
  • if the authentication size is larger than 32 a WrongParamSize wrapper error is returned
source

pub fn load_external_public_key(
&mut self,
public_key: PublicKey,
params: KeyParams
) -> Result<KeyMaterial>

Load the public part of a key.

Returns the appropriate key material after verifying that the key can be loaded.

source

pub fn rsa_encrypt(
&mut self,
key_material: KeyMaterial,
key_params: KeyParams,
key_auth: Option<Auth>,
message: PublicKeyRsa,
label: Option<Data>
) -> Result<PublicKeyRsa>

Encrypt a message with an existing key.

Takes the key as a set of parameters (key_material, key_params, key_auth), encrypts the message and returns the ciphertext. A label can also be provided which will be associated with the ciphertext.

Note: the data passed as label MUST end in a 0x00 byte.

source

pub fn rsa_decrypt(
&mut self,
key_material: KeyMaterial,
key_params: KeyParams,
key_auth: Option<Auth>,
ciphertext: PublicKeyRsa,
label: Option<Data>
) -> Result<PublicKeyRsa>

Decrypt ciphertext with an existing key.

Takes the key as a set of parameters (key_material, key_params, key_auth), decrypts the ciphertext and returns the plaintext. A label which was associated with the ciphertext can also be provided.

Note: the data passed as label MUST end in a 0x00 byte.

source

pub fn sign(
&mut self,
key_material: KeyMaterial,
key_params: KeyParams,
key_auth: Option<Auth>,
digest: Digest
) -> Result<Signature>

Sign a digest with an existing key.

Takes the key as a set of parameters (key_material, key_params, key_auth), signs and returns the signature.

source

pub fn verify_signature(
&mut self,
key_material: KeyMaterial,
key_params: KeyParams,
digest: Digest,
signature: Signature
) -> Result<VerifiedTicket>

Verify a signature against a digest.

Given a digest, a key and a signature, this method returns a Verified ticket if the verification was successful.

Errors
  • if the verification fails (i.e. the signature is invalid), a TPM error is returned
source

pub fn migrate_key_from_ctx(
&mut self,
context: TpmsContext,
auth: Option<Auth>
) -> Result<KeyMaterial>

Perform a migration from the previous version of the TransientKeyContext.

The original version of the TransientKeyContext used contexts of keys for persistence. This method allows a key persisted in this way to be migrated to the new format.

The method determines on its own whether the loaded key was a keypair or just a public key.

source

pub fn builder() -> TransientKeyContextBuilder

Get a builder for the structure

Trait Implementations§

source§

impl AsMut<Context> for TransientKeyContext

source§

fn as_mut(&mut self) -> &mut Context

Converts this type into a mutable reference of the (usually inferred) input type.
source§

impl AsRef<Context> for TransientKeyContext

source§

fn as_ref(&self) -> &Context

Converts this type into a shared reference of the (usually inferred) input type.
source§

impl Debug for TransientKeyContext

source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

Auto Trait Implementations§

Blanket Implementations§

source§

impl<T> Any for Twhere
T: 'static + ?Sized,

source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
source§

impl<T> Borrow<T> for Twhere
T: ?Sized,

const: unstable · source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
source§

impl<T> BorrowMut<T> for Twhere
T: ?Sized,

const: unstable · source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
source§

impl<T> Free for T

source§

unsafe default fn free(ptr_ref: NonNull<T>)

Drops the content pointed by this pointer and frees it. Read more
source§

impl<T> From<T> for T

const: unstable · source§

fn from(t: T) -> T

Returns the argument unchanged.

source§

impl<T, U> Into<U> for Twhere
U: From<T>,

const: unstable · source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

source§

impl<T, U> TryFrom<U> for Twhere
U: Into<T>,

§

type Error = Infallible

The type returned in the event of a conversion error.
const: unstable · source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
source§

impl<T, U> TryInto<U> for Twhere
U: TryFrom<T>,

§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
const: unstable · source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.