1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48
//! Credentials used to authenticate to the HSM (key ID + `authentication::Key`).
use crate::{authentication, object};
/// Default auth key ID slot
pub const DEFAULT_AUTHENTICATION_KEY_ID: object::Id = 1;
/// Credentials used to establish a session with the HSM
#[derive(Clone, Debug)]
pub struct Credentials {
/// Key ID to authenticate with
pub authentication_key_id: object::Id,
/// Auth key to authenticate with
pub authentication_key: authentication::Key,
}
impl Credentials {
/// Create new `Credentials` (auth key ID + `authentication::Key`)
pub fn new(authentication_key_id: object::Id, authentication_key: authentication::Key) -> Self {
Self {
authentication_key_id,
authentication_key,
}
}
/// Create a set of credentials from the given auth key and password
/// Uses the same password-based key derivation method as yubihsm-shell
/// (PBKDF2 + static salt), which is not particularly strong, so use
/// of a long, random password is recommended.
#[cfg(feature = "passwords")]
pub fn from_password(authentication_key_id: object::Id, password: &[u8]) -> Self {
Self::new(
authentication_key_id,
authentication::Key::derive_from_password(password),
)
}
}
#[cfg(feature = "passwords")]
impl Default for Credentials {
fn default() -> Self {
Self::new(
DEFAULT_AUTHENTICATION_KEY_ID,
authentication::Key::default(),
)
}
}