Struct btlib::crypto::tpm::TpmCredStore
source · pub struct TpmCredStore { /* private fields */ }
Implementations§
source§impl TpmCredStore
impl TpmCredStore
sourcepub fn from_tabrmd(
tabrmd_cfg: &str,
state_path: PathBuf
) -> Result<TpmCredStore>
pub fn from_tabrmd( tabrmd_cfg: &str, state_path: PathBuf ) -> Result<TpmCredStore>
Connects to the TPM via the TPM Access Broker Resource Manager Daemon (TABRMD), as specified by the provided configuration string.
pub fn from_context( context: Context, state_path: PathBuf ) -> Result<TpmCredStore>
Trait Implementations§
source§impl CredStore for TpmCredStore
impl CredStore for TpmCredStore
§type CredHandle = TpmCreds
type CredHandle = TpmCreds
The type of the credential handle returned by this store.
§type ExportedCreds = ExportedCreds
type ExportedCreds = ExportedCreds
The type of the exported credentials returned by this store.
source§fn node_creds(&self) -> Result<TpmCreds>
fn node_creds(&self) -> Result<TpmCreds>
Returns the node credentials. If credentials haven’t been generated, they are generated
stored and returned.
source§fn root_creds(&self, password: &str) -> Result<Self::CredHandle>
fn root_creds(&self, password: &str) -> Result<Self::CredHandle>
Returns the root credentials. If no root credentials have been generated, or the provided
password is incorrect, then an error is returned.
source§fn storage_key(&self) -> Result<AsymKeyPub<Encrypt>>
fn storage_key(&self) -> Result<AsymKeyPub<Encrypt>>
Returns a public key which can be used to encrypt data intended only to be accessed by this
node. The returned key can be given as the
new_parent
parameter to the
CredStore::export_root_creds method.source§fn export_root_creds(
&self,
root_creds: &TpmCreds,
password: &str,
new_parent: &AsymKeyPub<Encrypt>
) -> Result<ExportedCreds>
fn export_root_creds( &self, root_creds: &TpmCreds, password: &str, new_parent: &AsymKeyPub<Encrypt> ) -> Result<ExportedCreds>
Exports the root credentials. These can be serialized and persisted external to the
application and later loaded and deserialized and passed to the
CredStoreMut::import_root_creds method.
The
password
argument must match the value provided when the CredStore::root_creds
method was called. The new_parent
argument is the public key of the node that is to import
the root key, which can be obtained using the CredStoreMut::gen_root_creds method on the
importing node.source§impl CredStoreMut for TpmCredStore
impl CredStoreMut for TpmCredStore
source§fn import_root_creds(
&self,
password: &str,
exported: ExportedCreds
) -> Result<TpmCreds>
fn import_root_creds( &self, password: &str, exported: ExportedCreds ) -> Result<TpmCreds>
Imports root credentials that were previously created with CredStore::export_root_creds.
The provided password must match the value that was given to that method.
source§fn gen_root_creds(&self, password: &str) -> Result<Self::CredHandle>
fn gen_root_creds(&self, password: &str) -> Result<Self::CredHandle>
Generates the root credentials and protects them using the given password. If the root
credentials have already been generated then an error is returned.
source§fn assign_node_writecap(
&self,
handle: &mut Self::CredHandle,
writecap: Writecap
) -> Result<()>
fn assign_node_writecap( &self, handle: &mut Self::CredHandle, writecap: Writecap ) -> Result<()>
source§fn assign_root_writecap(
&self,
handle: &mut Self::CredHandle,
writecap: Writecap
) -> Result<()>
fn assign_root_writecap( &self, handle: &mut Self::CredHandle, writecap: Writecap ) -> Result<()>
Assigns
writecap
to the root credentials referred to by handle
. This method
is responsible for committing the given Writecap to durable storage.source§fn provision_root(
&self,
password: &str,
expires: Epoch
) -> Result<Self::CredHandle>
fn provision_root( &self, password: &str, expires: Epoch ) -> Result<Self::CredHandle>
Generates new root credentials protected by
password
and issues them a self-signed
Writecap which expires after valid_for
. The newly generated root credentials are
returned.source§fn provision_node_start(&self) -> Result<Principal>
fn provision_node_start(&self) -> Result<Principal>
source§fn provision_node_finish(&self, writecap: Writecap) -> Result<Self::CredHandle>
fn provision_node_finish(&self, writecap: Writecap) -> Result<Self::CredHandle>
Assigns the given Writecap to the node credentials and commits it to durable storage.
A handle to the node credentials is returned.
Auto Trait Implementations§
impl RefUnwindSafe for TpmCredStore
impl Send for TpmCredStore
impl Sync for TpmCredStore
impl Unpin for TpmCredStore
impl UnwindSafe for TpmCredStore
Blanket Implementations§
source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere T: ?Sized,
source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Mutably borrows from an owned value. Read more