1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193

//! yubihsm.rs: pure Rust client for YubiHSM2 hardware security modules
//!
//! ## Prerequisites
//!
//! This crate builds on Rust 1.27+ and by default uses SIMD features
//! which require the following `RUSTFLAGS`:
//!
//! `RUSTFLAGS=-Ctarget-feature=+aes`
//!
//! You can configure your `~/.cargo/config` to always pass these flags:
//!
//! ```toml
//! [build]
//! rustflags = ["-Ctarget-feature=+aes"]
//! ```
//!
//! # Getting Started
//!
//! The following documentation describes the most important parts of this crate's API:
//!
//! * [Session]: end-to-end encrypted connection with the YubiHSM. You'll need an active one to do anything.
//! * [commands]: commands supported by the YubiHSM2 (i.e. main functionality)
//!
//! [Session]: https://docs.rs/yubihsm/latest/yubihsm/session/struct.Session.html
//! [commands]: https://docs.rs/yubihsm/latest/yubihsm/commands/index.html
//!
//! The following is an example of how to create a `Session` by connecting to a
//! [yubihsm-connector] process, and then performing an Ed25519 signature:
//!
//! [yubihsm-connector]: https://developers.yubico.com/YubiHSM2/Component_Reference/yubihsm-connector/
//!
//! ```no_run
//! extern crate yubihsm;
//! use yubihsm::HttpSession;
//!
//! // Default yubihsm-connector URI, auth key ID, and password for yubihsm-connector
//! // NOTE: DON'T USE THIS IN PRODUCTION!
//! let mut session =
//!     HttpSession::create(Default::default(), Default::default(), true).unwrap();
//!
//! // Note: You'll need to create this key first. Run the following from yubihsm-shell:
//! // `generate asymmetric 0 100 ed25519_test_key 1 asymmetric_sign_eddsa ed25519`
//! let signature = yubihsm::sign_ed25519(&mut session, 100, "Hello, world!").unwrap();
//! println!("Ed25519 signature: {:?}", signature);
//! ```

#![crate_name = "yubihsm"]
#![crate_type = "rlib"]
#![cfg_attr(clippy, feature(tool_lints))]
#![deny(warnings, missing_docs, trivial_casts, trivial_numeric_casts)]
#![deny(unsafe_code, unused_import_braces, unused_qualifications)]
#![doc(
    html_logo_url = "https://raw.githubusercontent.com/tendermint/yubihsm-rs/master/img/logo.png",
    html_root_url = "https://docs.rs/yubihsm/0.16.0"
)]

extern crate aes;
#[macro_use]
extern crate bitflags;
extern crate block_modes;
extern crate byteorder;
extern crate clear_on_drop;
extern crate cmac;
#[macro_use]
extern crate failure;
#[macro_use]
extern crate failure_derive;
#[cfg(feature = "hmac")]
extern crate hmac;
#[cfg(feature = "usb")]
#[macro_use]
extern crate lazy_static;
#[cfg(feature = "usb")]
extern crate libusb;
#[macro_use]
extern crate log;
#[cfg(feature = "pbkdf2")]
extern crate pbkdf2;
extern crate rand;
#[cfg(feature = "mockhsm")]
extern crate ring;
extern crate serde;
#[macro_use]
extern crate serde_derive;
#[cfg(feature = "sha2")]
extern crate sha2;
extern crate subtle;
#[cfg(feature = "mockhsm")]
extern crate untrusted;
extern crate uuid;

/// Error types
#[macro_use]
pub mod error;

/// Serde-powered serializers for the HSM wire format
#[macro_use]
mod serializers;

/// Adapters for connecting to the HSM
pub mod adapters;

/// Cryptographic algorithms supported by the HSM
pub mod algorithm;

/// Auditing options (for use with the `get_option` and `put_option` commands)
pub(crate) mod audit;

/// Authentication keys used to establish encrypted sessions with the HSM
pub mod auth_key;

/// Object attributes specifying which operations are allowed to be performed
pub mod capabilities;

/// Commands supported by the HSM
///
/// Functions defined in the `yubihsm::commands` module are reimported
/// and available from the toplevel `yubihsm` module as well.
///
/// For more information, see:
/// <https://developers.yubico.com/YubiHSM2/Commands/>
pub mod commands;

/// Credentials used to authenticate to the HSM (key ID + `AuthKey`)
pub mod credentials;

/// Logical partitions within the HSM, allowing several applications to share the device
pub mod domains;

#[cfg(feature = "mockhsm")]
/// Software simulation of the HSM for integration testing
pub mod mockhsm;

/// Objects stored in the HSM
///
/// For more information, see:
/// <https://developers.yubico.com/YubiHSM2/Concepts/Object.html>
pub mod object;

/// Responses to commands sent from the HSM
pub mod response;

/// Encrypted communication channel to the HSM hardware
mod securechannel;

/// HSM serial numbers
mod serial_number;

/// Encrypted sessions with the HSM
///
/// See <https://developers.yubico.com/YubiHSM2/Concepts/Session.html>
pub mod session;

/// Object wrapping support, i.e. encrypt objects from one HSM to another
pub mod wrap;

#[cfg(feature = "http")]
pub use adapters::http::{HttpAdapter, HttpConfig};
#[cfg(feature = "usb")]
pub use adapters::usb::{UsbAdapter, UsbDevices, UsbTimeout};
pub use adapters::Adapter;
pub use algorithm::*;
pub use audit::AuditOption;
pub use auth_key::{AuthKey, AUTH_KEY_SIZE};
pub use capabilities::Capability;
// Import command functions from all submodules
pub use commands::{
    attest_asymmetric::*, blink::*, delete_object::*, device_info::*, echo::*, export_wrapped::*,
    generate_asymmetric_key::*, generate_hmac_key::*, generate_wrap_key::*, get_logs::*,
    get_object_info::*, get_opaque::*, get_option::*, get_pseudo_random::*, get_pubkey::*, hmac::*,
    import_wrapped::*, list_objects::*, put_asymmetric_key::*, put_auth_key::*, put_hmac_key::*,
    put_opaque::*, put_option::*, put_otp_aead_key::*, put_wrap_key::*, reset::*, set_log_index::*,
    sign_ecdsa::*, sign_eddsa::*, storage_status::*, unwrap_data::*, verify_hmac::*, wrap_data::*,
    CommandType,
};
#[cfg(feature = "rsa")]
pub use commands::{sign_rsa_pkcs1v15::*, sign_rsa_pss::*};
pub use credentials::Credentials;
pub use domains::Domain;
pub use error::*;
#[cfg(feature = "mockhsm")]
pub use mockhsm::{MockAdapter, MockSession};
pub use object::*;
pub use response::ResponseCode;
pub use securechannel::SessionId;
pub use serial_number::SerialNumber;
#[cfg(feature = "http")]
pub use session::HttpSession;
#[cfg(feature = "usb")]
pub use session::UsbSession;
pub use session::{Session, SessionError};
pub use uuid::Uuid;
pub use wrap::{WrapMessage, WrapNonce};