yubihsm 0.26.0

Pure Rust client for YubiHSM2 devices with support for HTTP and USB-based access to the device. Supports most HSM functionality including ECDSA, Ed25519, HMAC, and RSA.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95

//! Asymmetric algorithm support

use crate::algorithm;

/// Asymmetric algorithms (RSA or ECC)
#[derive(Copy, Clone, Debug, Eq, PartialEq)]
#[allow(non_camel_case_types)]
#[repr(u8)]
pub enum Algorithm {
    /// 2048-bit RSA
    RSA_2048 = 0x09,

    /// 3072-bit RSA
    RSA_3072 = 0x0a,

    /// 4096-bit RSA
    RSA_4096 = 0x0b,

    /// Ed25519
    Ed25519 = 0x2e,

    /// NIST P-224 (secp224r1)
    EC_P224 = 0x2f,

    /// NIST P-256 (secp256r1, prime256v1)
    EC_P256 = 0x0c,

    /// NIST P-384 (secp384r1)
    EC_P384 = 0x0d,

    /// P-521 (secp521r1)
    EC_P521 = 0x0e,

    /// secp256k1
    EC_K256 = 0x0f,

    /// brainpool256r1
    EC_BP256 = 0x10,

    /// brainpool384r1
    EC_BP384 = 0x11,

    /// brainpool512r1
    EC_BP512 = 0x12,
}

impl Algorithm {
    /// Convert an unsigned byte tag into an `Algorithmorithm` (if valid)
    pub fn from_u8(tag: u8) -> Result<Self, algorithm::Error> {
        Ok(match tag {
            0x09 => Algorithm::RSA_2048,
            0x0a => Algorithm::RSA_3072,
            0x0b => Algorithm::RSA_4096,
            0x0c => Algorithm::EC_P256,
            0x0d => Algorithm::EC_P384,
            0x0e => Algorithm::EC_P521,
            0x0f => Algorithm::EC_K256,
            0x10 => Algorithm::EC_BP256,
            0x11 => Algorithm::EC_BP384,
            0x12 => Algorithm::EC_BP512,
            0x2e => Algorithm::Ed25519,
            0x2f => Algorithm::EC_P224,
            _ => fail!(
                algorithm::ErrorKind::TagInvalid,
                "unknown asymmetric algorithm ID: 0x{:02x}",
                tag
            ),
        })
    }

    /// Serialize algorithm ID as a byte
    pub fn to_u8(self) -> u8 {
        self as u8
    }

    /// Return the size of the given key (as expected by the `YubiHSM 2`) in bytes
    pub fn key_len(self) -> usize {
        match self {
            Algorithm::RSA_2048 => 256,
            Algorithm::RSA_3072 => 384,
            Algorithm::RSA_4096 => 512,
            Algorithm::Ed25519 => 32,
            Algorithm::EC_P224 => 28,
            Algorithm::EC_P256 => 32,
            Algorithm::EC_K256 => 32,
            Algorithm::EC_P384 => 48,
            Algorithm::EC_P521 => 66,
            Algorithm::EC_BP256 => 32,
            Algorithm::EC_BP384 => 48,
            Algorithm::EC_BP512 => 64,
        }
    }
}

impl_algorithm_serializers!(Algorithm);