yubihsm 0.42.1

Pure Rust client for YubiHSM2 devices with support for HTTP and USB-based access to the device. Supports most HSM functionality including ECDSA, Ed25519, HMAC, and RSA.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55

//! Secure Shell (SSH) Certificate Authority Commands
//!
//! **WARNING**: This functionality has not been tested and has not yet been
//! confirmed to actually work! USE AT YOUR OWN RISK!
//!
//! You will need to enable the `untested` cargo feature to use it.

use crate::{
    algorithm::Algorithm,
    command::{self, Command},
    object,
    response::Response,
    ssh,
};
use serde::{Deserialize, Serialize};

/// Request parameters for `command::sign_ssh_certificate`
#[derive(Serialize, Deserialize, Debug)]
pub(crate) struct SignSshCertificateCommand {
    /// Object ID of the asymmetric key to perform the signature with
    pub key_id: object::Id,

    /// Object ID of the SSH certificate template
    pub template_id: object::Id,

    /// Algorithm
    pub algorithm: Algorithm,

    /// Timestamp
    pub timestamp: u32,

    /// Signature over the request and timestamp
    pub signature: [u8; 32],

    /// Data to be signed
    pub request: Vec<u8>,
}

impl Command for SignSshCertificateCommand {
    type ResponseType = SignSshCertificateResponse;
}

/// Signed SSH certificates
#[derive(Serialize, Deserialize, Debug)]
pub struct SignSshCertificateResponse(ssh::Certificate);

impl Response for SignSshCertificateResponse {
    const COMMAND_CODE: command::Code = command::Code::SignSshCertificate;
}

impl From<SignSshCertificateResponse> for ssh::Certificate {
    fn from(response: SignSshCertificateResponse) -> ssh::Certificate {
        response.0
    }
}