1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40

use auth_key::AuthKey;
use object::ObjectId;

/// Default auth key ID slot
pub const DEFAULT_AUTH_KEY_ID: ObjectId = 1;

/// Credentials used to establish a session with the HSM
pub struct Credentials {
    /// Key ID to authenticate with
    pub auth_key_id: ObjectId,

    /// Auth key to authenticate with
    pub auth_key: AuthKey,
}

impl Credentials {
    /// Create new `Credentials` (auth key ID + `AuthKey`)
    pub fn new(auth_key_id: ObjectId, auth_key: AuthKey) -> Self {
        Self {
            auth_key_id,
            auth_key,
        }
    }

    /// Create a set of credentials from the given auth key and password
    /// Uses the same password-based key derivation method as yubihsm-shell
    /// (PBKDF2 + static salt), which is not particularly strong, so use
    /// of a long, random password is recommended.
    #[cfg(feature = "passwords")]
    pub fn from_password(auth_key_id: ObjectId, password: &[u8]) -> Self {
        Self::new(auth_key_id, AuthKey::derive_from_password(password))
    }
}

#[cfg(feature = "passwords")]
impl Default for Credentials {
    fn default() -> Self {
        Self::new(DEFAULT_AUTH_KEY_ID, AuthKey::default())
    }
}