tss_esapi/attributes/
object.rs

1use crate::{tss2_esys::TPMA_OBJECT, Result};
2use bitfield::bitfield;
3
4bitfield! {
5    /// Bitfield representing the object attributes.
6    #[derive(Copy, Clone, Eq, PartialEq)]
7    pub struct ObjectAttributes(TPMA_OBJECT);
8    impl Debug;
9    // Object attribute flags
10    pub fixed_tpm, _: 1;
11    _, set_fixed_tpm: 1;
12    pub st_clear, _: 2;
13    _, set_st_clear: 2;
14    pub fixed_parent, _: 4;
15    _, set_fixed_parent: 4;
16    pub sensitive_data_origin, _: 5;
17    _, set_sensitive_data_origin: 5;
18    pub user_with_auth, _: 6;
19    _, set_user_with_auth: 6;
20    pub admin_with_policy, _: 7;
21    _, set_admin_with_policy: 7;
22    pub no_da, _: 10;
23    _, set_no_da: 10;
24    pub encrypted_duplication, _: 11;
25    _, set_encrypted_duplication: 11;
26    pub restricted, _: 16;
27    _, set_restricted: 16;
28    pub decrypt, _: 17;
29    _, set_decrypt: 17;
30    pub sign_encrypt, _: 18;
31    _, set_sign_encrypt: 18;
32    pub x509_sign, _: 19;
33    _, set_x509_sign: 19;
34}
35
36impl ObjectAttributes {
37    /// Function for creating attributes for a
38    /// fixed parent key object.
39    pub fn new_fixed_parent_key() -> Self {
40        let mut attrs = ObjectAttributes(0);
41        attrs.set_fixed_tpm(true);
42        attrs.set_fixed_parent(true);
43        attrs.set_sensitive_data_origin(true);
44        attrs.set_user_with_auth(true);
45        attrs.set_decrypt(true);
46        attrs.set_restricted(true);
47        attrs
48    }
49
50    /// Function for creating attributes for
51    /// a fixed signing key object.
52    pub fn new_fixed_signing_key() -> Self {
53        let mut attrs = ObjectAttributes(0);
54        attrs.set_fixed_tpm(true);
55        attrs.set_fixed_parent(true);
56        attrs.set_sensitive_data_origin(true);
57        attrs.set_user_with_auth(true);
58        attrs.set_sign_encrypt(true);
59        attrs
60    }
61
62    /// Get a builder for the structure
63    pub const fn builder() -> ObjectAttributesBuilder {
64        ObjectAttributesBuilder::new()
65    }
66}
67
68impl From<ObjectAttributes> for TPMA_OBJECT {
69    fn from(object_attributes: ObjectAttributes) -> Self {
70        object_attributes.0
71    }
72}
73
74impl From<TPMA_OBJECT> for ObjectAttributes {
75    fn from(tpma_object: TPMA_OBJECT) -> Self {
76        ObjectAttributes(tpma_object)
77    }
78}
79
80/// A builder for [ObjectAttributes]
81#[derive(Debug, Copy, Clone, Eq, PartialEq)]
82pub struct ObjectAttributesBuilder {
83    object_attributes: ObjectAttributes,
84}
85
86impl ObjectAttributesBuilder {
87    /// Creates an new [ObjectAttributes] builder.
88    pub const fn new() -> Self {
89        ObjectAttributesBuilder {
90            object_attributes: ObjectAttributes(0),
91        }
92    }
93
94    /// Controls the `fixed tpm` attribute
95    ///
96    /// # Arguments
97    /// * `set` - `true` indicates that the attribute should have the value SET.
98    ///           `false`indicates that the attribute should have the value CLEAR.
99    pub fn with_fixed_tpm(mut self, set: bool) -> Self {
100        self.object_attributes.set_fixed_tpm(set);
101        self
102    }
103
104    /// Controls the `st clear` attribute
105    ///
106    /// # Arguments
107    /// * `set` - `true` indicates that the attribute should have the value SET.
108    ///           `false`indicates that the attribute should have the value CLEAR.
109    pub fn with_st_clear(mut self, set: bool) -> Self {
110        self.object_attributes.set_st_clear(set);
111        self
112    }
113
114    /// Controls the `fixed parent` attribute
115    ///
116    /// # Arguments
117    /// * `set` - `true` indicates that the attribute should have the value SET.
118    ///           `false`indicates that the attribute should have the value CLEAR.
119    pub fn with_fixed_parent(mut self, set: bool) -> Self {
120        self.object_attributes.set_fixed_parent(set);
121        self
122    }
123
124    /// Controls the `sensitive data origin` attribute
125    ///
126    /// # Arguments
127    /// * `set` - `true` indicates that the attribute should have the value SET.
128    ///           `false`indicates that the attribute should have the value CLEAR.
129    pub fn with_sensitive_data_origin(mut self, set: bool) -> Self {
130        self.object_attributes.set_sensitive_data_origin(set);
131        self
132    }
133
134    /// Controls the `user with auth` attribute
135    ///
136    /// # Arguments
137    /// * `set` - `true` indicates that the attribute should have the value SET.
138    ///           `false`indicates that the attribute should have the value CLEAR.
139    pub fn with_user_with_auth(mut self, set: bool) -> Self {
140        self.object_attributes.set_user_with_auth(set);
141        self
142    }
143
144    /// Controls the `admin with policy` attribute
145    ///
146    /// # Arguments
147    /// * `set` - `true` indicates that the attribute should have the value SET.
148    ///           `false`indicates that the attribute should have the value CLEAR.
149    pub fn with_admin_with_policy(mut self, set: bool) -> Self {
150        self.object_attributes.set_admin_with_policy(set);
151        self
152    }
153
154    /// Controls the `no da` attribute
155    ///
156    /// # Arguments
157    /// * `set` - `true` indicates that the attribute should have the value SET.
158    ///           `false`indicates that the attribute should have the value CLEAR.
159    pub fn with_no_da(mut self, set: bool) -> Self {
160        self.object_attributes.set_no_da(set);
161        self
162    }
163
164    /// Controls the `encrypted duplication` attribute
165    ///
166    /// # Arguments
167    /// * `set` - `true` indicates that the attribute should have the value SET.
168    ///           `false`indicates that the attribute should have the value CLEAR.
169    pub fn with_encrypted_duplication(mut self, set: bool) -> Self {
170        self.object_attributes.set_encrypted_duplication(set);
171        self
172    }
173
174    /// Controls the `restricted` attribute
175    ///
176    /// # Arguments
177    /// * `set` - `true` indicates that the attribute should have the value SET.
178    ///           `false`indicates that the attribute should have the value CLEAR.
179    pub fn with_restricted(mut self, set: bool) -> Self {
180        self.object_attributes.set_restricted(set);
181        self
182    }
183
184    /// Controls the `decrypt` attribute
185    ///
186    /// # Arguments
187    /// * `set` - `true` indicates that the attribute should have the value SET.
188    ///           `false`indicates that the attribute should have the value CLEAR.
189    pub fn with_decrypt(mut self, set: bool) -> Self {
190        self.object_attributes.set_decrypt(set);
191        self
192    }
193
194    /// Controls the `sign/encrypt` attribute
195    ///
196    /// # Arguments
197    /// * `set` - `true` indicates that the attribute should have the value SET.
198    ///           `false`indicates that the attribute should have the value CLEAR.
199    pub fn with_sign_encrypt(mut self, set: bool) -> Self {
200        self.object_attributes.set_sign_encrypt(set);
201        self
202    }
203
204    /// Controls the `X509 sign` attribute
205    ///
206    /// # Arguments
207    /// * `set` - `true` indicates that the attribute should have the value SET.
208    ///           `false`indicates that the attribute should have the value CLEAR.
209    pub fn with_x509_sign(mut self, set: bool) -> Self {
210        self.object_attributes.set_x509_sign(set);
211        self
212    }
213
214    /// Builds the nv index attributes.
215    ///
216    /// # Errors
217    /// Returns an error if some attributes are missing
218    /// or are in conflict with each other.
219    pub fn build(self) -> Result<ObjectAttributes> {
220        Ok(self.object_attributes)
221    }
222}
223
224impl Default for ObjectAttributesBuilder {
225    fn default() -> Self {
226        ObjectAttributesBuilder::new()
227    }
228}