Struct yubihsm::capability::Capability

pub struct Capability { /* fields omitted */ }

Object attributes specifying which operations are allowed to be performed

https://developers.yubico.com/YubiHSM2/Concepts/Capability.html

Methods

impl Capability

pub const DERIVE_ECDH: Capability

derive-ecdh: perform ECDH operation

pub const DECRYPT_OAEP: Capability

decrypt-oaep: perform RSA-OAEP decryption

pub const DECRYPT_PKCS: Capability

decrypt-pkcs: perform RSA-PKCS1v1.5 decryption

pub const GENERATE_ASYMMETRIC_KEY: Capability

generate-asymmetric-key: generate asymmetric objects

pub const SIGN_ECDSA: Capability

sign-ecdsa: compute ECDSA digital signature

pub const SIGN_EDDSA: Capability

sign-eddsa: compute EdDSA (i.e. Ed25519) digital signature

pub const SIGN_PKCS: Capability

sign-pkcs: compute RSA-PKCS1v1.5 digital signature

pub const SIGN_PSS: Capability

sign-pss: compute RSA-PSS digital signature

pub const SIGN_ATTESTATION_CERTIFICATE: Capability

sign-attestation-certificate: create attestation (i.e. X.509 certificate) about an asymmetric object

pub const GET_LOG_ENTRIES: Capability

get-log-entries: read the log store

pub const DELETE_ASYMMETRIC_KEY: Capability

delete-asymmetric-key: delete asymmetric key objects

pub const DELETE_AUTHENTICATION_KEY: Capability

delete-authentication-key: delete authentication::Key objects

pub const DELETE_HMAC_KEY: Capability

delete-hmac-key: delete HMACKey objects

pub const DELETE_OPAQUE: Capability

delete-opaque: delete opaque objects

pub const DELETE_OTP_AEAD_KEY: Capability

delete-otp-aead-key: delete Yubic OTP AEAD key objects

pub const DELETE_TEMPLATE: Capability

delete-template: delete template objects

pub const DELETE_WRAP_KEY: Capability

delete-wrap-key: delete WrapKey objects

pub const EXPORTABLE_UNDER_WRAP: Capability

exportable-under-wrap: mark an object as exportable under keywrap

pub const EXPORT_WRAPPED: Capability

export-wrapped: export objects under keywrap

pub const GENERATE_OTP_AEAD_KEY: Capability

generate-otp-aead-key: generate Yubico OTP AEAD objects

pub const GENERATE_WRAP_KEY: Capability

generate-wrap-key: generate wrapkey objects

pub const GET_OPAQUE: Capability

get-opaque: read opaque objects

pub const GET_OPTION: Capability

get-option: read device-global options

pub const GET_PSEUDO_RANDOM: Capability

get-pseudo-random: extract random bytes

pub const GET_TEMPLATE: Capability

get-template: read SSH template objects

pub const GENERATE_HMAC_KEY: Capability

generate-hmac-key: generate HMAC key objects

pub const SIGN_HMAC: Capability

sign-hmac: compute HMAC for data

pub const VERIFY_HMAC: Capability

verify-hmac: verify HMAC for data

pub const IMPORT_WRAPPED: Capability

import-wrapped: import keywrapped objects

pub const CREATE_OTP_AEAD: Capability

create-otp-aead: create an OTP AEAD

pub const RANDOMIZE_OTP_AEAD: Capability

randomize-otp-aead: create an OTP AEAD from random data

pub const REWRAP_FROM_OTP_AEAD_KEY: Capability

rewrap-from-otp-aead-key: rewrap AEADs from an OTP AEAD key object to another

pub const REWRAP_TO_OTP_AEAD_KEY: Capability

rewrap-to-otp-aead-key: rewrap AEADs to an OTP AEAD key object from another

pub const DECRYPT_OTP: Capability

decrypt-otp: decrypt OTP

pub const PUT_ASYMMETRIC_KEY: Capability

put-asymmetric-key: write asymmetric objects

pub const PUT_AUTHENTICATION_KEY: Capability

put-authentication-key: write authentication key objects

pub const PUT_HMAC_KEY: Capability

put-hmac-key: write HMAC key objects

pub const PUT_OPAQUE: Capability

put-opaque: Write Opaque Objects

pub const PUT_OPTION: Capability

set-option: write device-global options

pub const PUT_OTP_AEAD_KEY: Capability

put-otp-aead-key: write OTP AEAD key objects

pub const PUT_TEMPLATE: Capability

put-template: write template objects

pub const PUT_WRAP_KEY: Capability

put-wrap-key: write WrapKey objects

pub const RESET_DEVICE: Capability

reset-device: factory reset the device

pub const SIGN_SSH_CERTIFICATE: Capability

sign-ssh-certificate: sign SSH certificates

pub const UNWRAP_DATA: Capability

unwrap-data: unwrap user-provided data

pub const WRAP_DATA: Capability

wrap-data: wrap user-provided data

pub const CHANGE_AUTHENTICATION_KEY: Capability

change-authentication-key: overwrite existing authentication key with new one

pub const UNKNOWN_CAPABILITY_47: Capability

unknown capability: bit 47

pub const UNKNOWN_CAPABILITY_48: Capability

unknown capability: bit 48

pub const UNKNOWN_CAPABILITY_49: Capability

unknown capability: bit 49

pub const UNKNOWN_CAPABILITY_50: Capability

unknown capability: bit 50

pub const UNKNOWN_CAPABILITY_51: Capability

unknown capability: bit 51

pub const UNKNOWN_CAPABILITY_52: Capability

unknown capability: bit 52

pub const UNKNOWN_CAPABILITY_53: Capability

unknown capability: bit 53

pub const UNKNOWN_CAPABILITY_54: Capability

unknown capability: bit 54

pub const UNKNOWN_CAPABILITY_55: Capability

unknown capability: bit 55

pub const UNKNOWN_CAPABILITY_56: Capability

unknown capability: bit 56

pub const UNKNOWN_CAPABILITY_57: Capability

unknown capability: bit 57

pub const UNKNOWN_CAPABILITY_58: Capability

unknown capability: bit 58

pub const UNKNOWN_CAPABILITY_59: Capability

unknown capability: bit 59

pub const UNKNOWN_CAPABILITY_60: Capability

unknown capability: bit 60

pub const UNKNOWN_CAPABILITY_61: Capability

unknown capability: bit 61

pub const UNKNOWN_CAPABILITY_62: Capability

unknown capability: bit 62

pub const UNKNOWN_CAPABILITY_63: Capability

unknown capability: bit 63

pub fn empty() -> Capability

Returns an empty set of flags.

pub fn all() -> Capability

Returns the set containing all flags.

pub fn bits(&self) -> u64

Returns the raw value of the flags currently stored.

pub fn from_bits(bits: u64) -> Option<Capability>

Convert from underlying bit representation, unless that representation contains bits that do not correspond to a flag.

pub fn from_bits_truncate(bits: u64) -> Capability

Convert from underlying bit representation, dropping any bits that do not correspond to flags.

pub fn is_empty(&self) -> bool

Returns true if no flags are currently stored.

pub fn is_all(&self) -> bool

Returns true if all flags are currently set.

pub fn intersects(&self, other: Capability) -> bool

Returns true if there are flags common to both self and other.

pub fn contains(&self, other: Capability) -> bool

Returns true all of the flags in other are contained within self.

pub fn insert(&mut self, other: Capability)

Inserts the specified flags in-place.

pub fn remove(&mut self, other: Capability)

Removes the specified flags in-place.

pub fn toggle(&mut self, other: Capability)

Toggles the specified flags in-place.

pub fn set(&mut self, other: Capability, value: bool)

Inserts or removes the specified flags depending on the passed value.

Trait Implementations

impl PartialEq<Capability> for Capability

fn eq(&self, other: &Capability) -> bool

This method tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Capability) -> bool

This method tests for !=.

impl Default for Capability

fn default() -> Self

Returns the "default value" for a type.

impl Ord for Capability

fn cmp(&self, other: &Capability) -> Ordering

This method returns an Ordering between self and other.

fn max(self, other: Self) -> Self

Compares and returns the maximum of two values.

fn min(self, other: Self) -> Self

Compares and returns the minimum of two values.

impl Clone for Capability

fn clone(&self) -> Capability

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Extend<Capability> for Capability

fn extend<T: IntoIterator<Item = Capability>>(&mut self, iterator: T)

Extends a collection with the contents of an iterator.

impl Eq for Capability

impl Copy for Capability

impl PartialOrd<Capability> for Capability

fn partial_cmp(&self, other: &Capability) -> Option<Ordering>

This method returns an ordering between self and other values if one exists.

fn lt(&self, other: &Capability) -> bool

This method tests less than (for self and other) and is used by the < operator.

fn le(&self, other: &Capability) -> bool

This method tests less than or equal to (for self and other) and is used by the <= operator.

fn gt(&self, other: &Capability) -> bool

This method tests greater than (for self and other) and is used by the > operator.

fn ge(&self, other: &Capability) -> bool

This method tests greater than or equal to (for self and other) and is used by the >= operator.

impl Display for Capability

fn fmt(&self, f: &mut Formatter) -> Result

Formats the value using the given formatter.

impl Hash for Capability

fn hash<__H: Hasher>(&self, state: &mut __H)

Feeds this value into the given [Hasher].

fn hash_slice<H>(data: &[Self], state: &mut H) where
    H: Hasher, 

Feeds a slice of this type into the given [Hasher].

impl Sub<Capability> for Capability

type Output = Capability

The resulting type after applying the - operator.

fn sub(self, other: Capability) -> Capability

Returns the set difference of the two sets of flags.

impl SubAssign<Capability> for Capability

fn sub_assign(&mut self, other: Capability)

Disables all flags enabled in the set.

impl Not for Capability

type Output = Capability

The resulting type after applying the ! operator.

fn not(self) -> Capability

Returns the complement of this set of flags.

impl BitAnd<Capability> for Capability

type Output = Capability

The resulting type after applying the & operator.

fn bitand(self, other: Capability) -> Capability

Returns the intersection between the two sets of flags.

impl BitOr<Capability> for Capability

type Output = Capability

The resulting type after applying the | operator.

fn bitor(self, other: Capability) -> Capability

Returns the union of the two sets of flags.

impl BitXor<Capability> for Capability

type Output = Capability

The resulting type after applying the ^ operator.

fn bitxor(self, other: Capability) -> Capability

Returns the left flags, but with all the right flags toggled.

impl BitAndAssign<Capability> for Capability

fn bitand_assign(&mut self, other: Capability)

Disables all flags disabled in the set.

impl BitOrAssign<Capability> for Capability

fn bitor_assign(&mut self, other: Capability)

Adds the set of flags.

impl BitXorAssign<Capability> for Capability

fn bitxor_assign(&mut self, other: Capability)

Toggles the set of flags.

impl FromIterator<Capability> for Capability

fn from_iter<T: IntoIterator<Item = Capability>>(iterator: T) -> Capability

Creates a value from an iterator.

impl Debug for Capability

fn fmt(&self, f: &mut Formatter) -> Result

Formats the value using the given formatter.

impl FromStr for Capability

type Err = ()

The associated error which can be returned from parsing.

fn from_str(s: &str) -> Result<Capability, ()>

Parses a string s to return a value of this type.

impl Octal for Capability

fn fmt(&self, f: &mut Formatter) -> Result

Formats the value using the given formatter.

impl Binary for Capability

fn fmt(&self, f: &mut Formatter) -> Result

Formats the value using the given formatter.

impl LowerHex for Capability

fn fmt(&self, f: &mut Formatter) -> Result

Formats the value using the given formatter.

impl UpperHex for Capability

fn fmt(&self, f: &mut Formatter) -> Result

Formats the value using the given formatter.

impl Serialize for Capability

fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error> where
    S: Serializer, 

Serialize this value into the given Serde serializer.

impl<'de> Deserialize<'de> for Capability

fn deserialize<D>(deserializer: D) -> Result<Capability, D::Error> where
    D: Deserializer<'de>, 

Deserialize this value from the given Serde deserializer.