yubihsm 0.20.0

Pure Rust client for YubiHSM2 devices with support for HTTP and USB-based access to the device. Supports most HSM functionality including ECDSA, Ed25519, HMAC, and RSA.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43

use crate::authentication_key::AuthenticationKey;
use crate::object::ObjectId;

/// Default auth key ID slot
pub const DEFAULT_AUTHENTICATION_KEY_ID: ObjectId = 1;

/// Credentials used to establish a session with the HSM
pub struct Credentials {
    /// Key ID to authenticate with
    pub authentication_key_id: ObjectId,

    /// Auth key to authenticate with
    pub authentication_key: AuthenticationKey,
}

impl Credentials {
    /// Create new `Credentials` (auth key ID + `AuthenticationKey`)
    pub fn new(authentication_key_id: ObjectId, authentication_key: AuthenticationKey) -> Self {
        Self {
            authentication_key_id,
            authentication_key,
        }
    }

    /// Create a set of credentials from the given auth key and password
    /// Uses the same password-based key derivation method as yubihsm-shell
    /// (PBKDF2 + static salt), which is not particularly strong, so use
    /// of a long, random password is recommended.
    #[cfg(feature = "passwords")]
    pub fn from_password(authentication_key_id: ObjectId, password: &[u8]) -> Self {
        Self::new(
            authentication_key_id,
            AuthenticationKey::derive_from_password(password),
        )
    }
}

#[cfg(feature = "passwords")]
impl Default for Credentials {
    fn default() -> Self {
        Self::new(DEFAULT_AUTHENTICATION_KEY_ID, AuthenticationKey::default())
    }
}