Struct tss_esapi::abstraction::transient::TransientKeyContextBuilder

pub struct TransientKeyContextBuilder { /* private fields */ }

Build a new TransientKeyContext.

Default values

• TCTI: Device TCTI
• Hierarchy: Owner hierarchy
• Root key size: 2048 bits
• Root key authentication size: 32 bytes
• Hierarchy authentication value: Empty array of bytes
• Session encryption cipher: 256 bit AES in CFB mode
• Session hash algorithm: SHA256

Implementations

impl TransientKeyContextBuilder

pub fn new() -> Self

Create a new builder.

pub fn with_tcti(self, tcti_name_conf: TctiNameConf) -> Self

Define the TCTI name configuration to be used by the client.

pub fn with_hierarchy_auth(self, hierarchy: Hierarchy, auth: Vec<u8>) -> Self

Set the auth values for any hierarchies that will be used

pub fn with_root_hierarchy(self, hierarchy: Hierarchy) -> Self

Define which hierarchy will be used for the keys being managed.

pub fn with_root_key_size(self, root_key_size: u16) -> Self

Choose length in bits of primary key that will serve as parent to all user keys.

pub fn with_root_key_auth_size(self, root_key_auth_size: usize) -> Self

Choose authentication value length (in bytes) for primary key.

pub fn with_default_context_cipher( self, default_context_cipher: SymmetricDefinitionObject ) -> Self

Define the cipher to be used within this context as a default.

Currently this default is used for:

• securing command parameters using session-based encryption
• encrypting all user keys using the primary key

pub fn with_session_hash_alg(self, session_hash_alg: HashingAlgorithm) -> Self

Define the cipher to be used by sessions for hashing commands.

pub fn build(self) -> Result<TransientKeyContext>

Bootstrap the TransientKeyContext.

The root key is created as a primary key in the provided hierarchy and thus authentication is needed for said hierarchy. The authentication value for the key is generated locally in the machine, with a configurable length, and never exposed outside the context.

Warning

It is the responsibility of the client to ensure that the context can be initialized safely, threading-wise by choosing the correct TCTI. See the Warning notice of the Context structure for more information.

Constraints

• root_key_size must be 1024, 2048, 3072 or 4096
• root_key_auth_size must be at most 32

Errors

• errors are returned if any method calls return an error: Context::start_auth_session Context::create_primary, Context::flush_context, Context::set_handle_auth or if an internal error occurs when getting random numbers from the local machine
• if the root key authentication size is given greater than 32 or if the root key size is not 1024, 2048, 3072 or 4096, a InvalidParam wrapper error is returned

Trait Implementations

impl Debug for TransientKeyContextBuilder

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Default for TransientKeyContextBuilder

fn default() -> Self

Returns the “default value” for a type.