Crate yubihsm [−] [src]

yubihsm.rs: client for YubiHSM2 hardware security modules

Build Notes

This crate depends on the aesni crate, which uses the "stdsimd" API to invoke hardware AES instructions via core::arch.

To access these features, you will need both a relatively recent Rust nightly and to pass the following as RUSTFLAGS:

RUSTFLAGS=-Ctarget-feature=+aes

You can configure your ~/.cargo/config to always pass these flags:

[build]
rustflags = ["-Ctarget-feature=+aes"]

Getting Started

The main type you'll want to check out is Session. Here is an example of how to connect to yubihsm-connector and perform an Ed25519 signature:

use yubihsm::Session;

// Default host, port, auth key ID, and password for yubihsm-connector
let mut session = Session::create_from_password(
    "http://127.0.0.1:12345",
    1,
    "password",
    true
).unwrap();

// Note: You'll need to create this key first. Run the following from yubihsm-shell:
// `generate asymmetric 0 100 ed25519_test_key 1 asymmetric_sign_eddsa ed25519`
let response = session.sign_data_eddsa(100, "Hello, world!").unwrap();
println!("Ed25519 signature: {:?}", response.signature);

Re-exports

pub use algorithm::Algorithm;

pub use capabilities::Capabilities;

pub use connector::Connector;

pub use domains::Domains;

pub use object::Id as ObjectId;

pub use object::Label as ObjectLabel;

pub use object::Origin as ObjectOrigin;

pub use object::Type as ObjectType;

pub use object::SequenceId;

pub use session::AbstractSession;

pub use session::Session;

Modules

algorithm	Cryptographic algorithms supported by the `YubiHSM2`
capabilities	Object attributes specifying which operations are allowed to be performed
connector	Client for yubihsm-connector
domains	Logical partitions within the `YubiHSM2`, allowing several applications to share the device concurrently
mockhsm	Software simulation of the `YubiHSM2` for integration testing, implemented as a `yubihsm::Connector` (skipping HTTP transport)
object	Objects stored in the `YubiHSM2`
responses	Responses to commands sent from the HSM, intended as part of the public API of this crate.
session	`YubiHSM2` sessions: primary API for performing HSM operations

Structs

ReqwestConnector	reqwest-based yubihsm-connector client
SessionId	Session/Channel IDs

Enums

SessionError

Session-related errors