yubihsm 0.17.3

Pure Rust client for YubiHSM2 devices
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74

//! Put an existing HMAC key into the `YubiHSM2`
//!
//! <https://developers.yubico.com/YubiHSM2/Commands/Put_Hmac_Key.html>

use super::put_object::PutObjectParams;
use super::{Command, Response};
use session::SessionErrorKind::ProtocolError;
use {
    Adapter, Capability, CommandType, Domain, HmacAlg, ObjectId, ObjectLabel, Session, SessionError,
};

/// Minimum allowed size of an HMAC key (64-bits)
pub const HMAC_MIN_KEY_SIZE: usize = 8;

/// Put an existing auth key into the `YubiHSM2`
pub fn put_hmac_key<A: Adapter, T: Into<Vec<u8>>>(
    session: &mut Session<A>,
    key_id: ObjectId,
    label: ObjectLabel,
    domains: Domain,
    capabilities: Capability,
    algorithm: HmacAlg,
    key_bytes: T,
) -> Result<ObjectId, SessionError> {
    let hmac_key = key_bytes.into();

    if hmac_key.len() < HMAC_MIN_KEY_SIZE || hmac_key.len() > algorithm.max_key_len() {
        fail!(
            ProtocolError,
            "invalid key length for {:?}: {} (min {}, max {})",
            algorithm,
            hmac_key.len(),
            HMAC_MIN_KEY_SIZE,
            algorithm.max_key_len()
        );
    }

    session
        .send_command(PutHMACKeyCommand {
            params: PutObjectParams {
                id: key_id,
                label,
                domains,
                capabilities,
                algorithm: algorithm.into(),
            },
            hmac_key,
        }).map(|response| response.key_id)
}

/// Request parameters for `command::put_hmac_key`
#[derive(Serialize, Deserialize, Debug)]
pub(crate) struct PutHMACKeyCommand {
    /// Common parameters to all put object commands
    pub params: PutObjectParams,

    /// Serialized object
    pub hmac_key: Vec<u8>,
}

impl Command for PutHMACKeyCommand {
    type ResponseType = PutHMACKeyResponse;
}

/// Response from `command::put_hmac_key`
#[derive(Serialize, Deserialize, Debug)]
pub(crate) struct PutHMACKeyResponse {
    /// ID of the key
    pub key_id: ObjectId,
}

impl Response for PutHMACKeyResponse {
    const COMMAND_TYPE: CommandType = CommandType::PutHMACKey;
}