Struct btlib::crypto::tpm::TpmCredStore

source ·

pub struct TpmCredStore { /* private fields */ }

Implementations§

source §

impl TpmCredStore

source

pub fn from_tabrmd( tabrmd_cfg: &str, state_path: PathBuf ) -> Result<TpmCredStore>

Connects to the TPM via the TPM Access Broker Resource Manager Daemon (TABRMD), as specified by the provided configuration string.

source

pub fn from_context( context: Context, state_path: PathBuf ) -> Result<TpmCredStore>

Trait Implementations§

source §

impl CredStore for TpmCredStore

§

type CredHandle = TpmCreds

The type of the credential handle returned by this store.

§

type ExportedCreds = ExportedCreds

The type of the exported credentials returned by this store.

source §

fn node_creds(&self) -> Result<TpmCreds>

Returns the node credentials. If credentials haven’t been generated, they are generated stored and returned.

source §

fn root_creds(&self, password: &str) -> Result<Self::CredHandle>

Returns the root credentials. If no root credentials have been generated, or the provided password is incorrect, then an error is returned.

source §

fn storage_key(&self) -> Result<AsymKeyPub<Encrypt>>

Returns a public key which can be used to encrypt data intended only to be accessed by this node. The returned key can be given as the new_parent parameter to the CredStore::export_root_creds method.

source §

fn export_root_creds( &self, root_creds: &TpmCreds, password: &str, new_parent: &AsymKeyPub<Encrypt> ) -> Result<ExportedCreds>

Exports the root credentials. These can be serialized and persisted external to the application and later loaded and deserialized and passed to the CredStoreMut::import_root_creds method. The password argument must match the value provided when the CredStore::root_creds method was called. The new_parent argument is the public key of the node that is to import the root key, which can be obtained using the CredStoreMut::gen_root_creds method on the importing node.

source §

impl CredStoreMut for TpmCredStore

source §

fn import_root_creds( &self, password: &str, exported: ExportedCreds ) -> Result<TpmCreds>

Imports root credentials that were previously created with CredStore::export_root_creds. The provided password must match the value that was given to that method.

source §

fn gen_root_creds(&self, password: &str) -> Result<Self::CredHandle>

Generates the root credentials and protects them using the given password. If the root credentials have already been generated then an error is returned.

source §

fn assign_node_writecap( &self, handle: &mut Self::CredHandle, writecap: Writecap ) -> Result<()>

Assigns the given Writecap to the node credentials referred to by the given handle. This method is responsible for committing the given Writecap to durable storage.

source §

fn assign_root_writecap( &self, handle: &mut Self::CredHandle, writecap: Writecap ) -> Result<()>

Assigns writecap to the root credentials referred to by handle. This method is responsible for committing the given Writecap to durable storage.

source §

fn provision_root( &self, password: &str, expires: Epoch ) -> Result<Self::CredHandle>

Generates new root credentials protected by password and issues them a self-signed Writecap which expires after valid_for. The newly generated root credentials are returned.

source §

fn provision_node_start(&self) -> Result<Principal>

Begin the provisioning process for a node by generating a new set of node credentials. The Principal of the newly generated credentials is returned. This Principal may then be transmitted to a root node which can use it to issue a Writecap to this node.

source §