Struct ethers::signers::yubihsm::client::Client [−][src]
pub struct Client { /* fields omitted */ }
Expand description
YubiHSM client: main API in this crate for accessing functions of the HSM hardware device.
Implementations
Open a connection via a Connector to a YubiHSM, returning a yubihsm::Client
.
Valid Connector
types are: HttpConnector, UsbConnector, and MockHsm.
Create a yubihsm::Client
, but defer connecting until connect()
is called.
Borrow this client’s YubiHSM connector (which is Clone
able)
Connect to the HSM (idempotently, i.e. returns success if we have an open connection already)
Get current Session
(either opening a new one or returning an already
open one).
Ping the HSM, ensuring we have a live connection and returning the end-to-end latency.
Blink the HSM’s LEDs (to identify it) for the given number of seconds.
https://developers.yubico.com/YubiHSM2/Commands/Blink_Device.html
Delete an object of the given ID and type.
https://developers.yubico.com/YubiHSM2/Commands/Delete_Object.html
Get information about the HSM device.
https://developers.yubico.com/YubiHSM2/Commands/Device_Info.html
Echo a message sent to the HSM.
Export an encrypted object from the HSM using the given key-wrapping key.
https://developers.yubico.com/YubiHSM2/Commands/Export_Wrapped.html
Generate a new asymmetric key within the HSM.
https://developers.yubico.com/YubiHSM2/Commands/Generate_Asymmetric_Key.html
Generate a new HMAC key within the HSM.
https://developers.yubico.com/YubiHSM2/Commands/Generate_Hmac_Key.html
pub fn generate_wrap_key(
&self,
key_id: u16,
label: Label,
domains: Domain,
capabilities: Capability,
delegated_capabilities: Capability,
algorithm: Algorithm
) -> Result<u16, Error<ErrorKind>>
pub fn generate_wrap_key(
&self,
key_id: u16,
label: Label,
domains: Domain,
capabilities: Capability,
delegated_capabilities: Capability,
algorithm: Algorithm
) -> Result<u16, Error<ErrorKind>>
Generate a new wrap key within the HSM.
Delegated capabilities are the set of Capability
bits that an object is allowed to have
when imported or exported using the wrap key.
https://developers.yubico.com/YubiHSM2/Commands/Generate_Wrap_Key.html
Get audit logs from the HSM device.
https://developers.yubico.com/YubiHSM2/Commands/Get_Log_Entries.html
Get information about an object.
https://developers.yubico.com/YubiHSM2/Commands/Get_Object_Info.html
Get an opaque object stored in the HSM.
https://developers.yubico.com/YubiHSM2/Commands/Get_Opaque.html
pub fn get_command_audit_option(
&self,
command: Code
) -> Result<AuditOption, Error<ErrorKind>>
pub fn get_command_audit_option(
&self,
command: Code
) -> Result<AuditOption, Error<ErrorKind>>
Get the audit policy setting for a particular command.
https://developers.yubico.com/YubiHSM2/Commands/Get_Option.html
pub fn get_commands_audit_options(
&self
) -> Result<Vec<AuditCommand, Global>, Error<ErrorKind>>
pub fn get_commands_audit_options(
&self
) -> Result<Vec<AuditCommand, Global>, Error<ErrorKind>>
Get the audit policy settings for all commands.
https://developers.yubico.com/YubiHSM2/Commands/Get_Option.html
Get the forced auditing global option: when enabled, the device will refuse operations if the [log store] becomes full.
https://developers.yubico.com/YubiHSM2/Commands/Get_Option.html [log store]: https://developers.yubico.com/YubiHSM2/Concepts/Logs.html
Get some number of bytes of pseudo random data generated on the device.
https://developers.yubico.com/YubiHSM2/Commands/Get_Pseudo_Random.html
Get the public key for an asymmetric key stored on the device.
https://developers.yubico.com/YubiHSM2/Commands/Get_Public_Key.html
Get storage info (i.e. currently free storage) from the HSM device.
https://developers.yubico.com/YubiHSM2/Commands/Get_Storage_Info.html
Get a certificate template (i.e. for SSH CA) stored in the HSM.
https://developers.yubico.com/YubiHSM2/Commands/Get_Template.html
Import an encrypted object from the HSM using the given key-wrapping key.
https://developers.yubico.com/YubiHSM2/Commands/Import_Wrapped.html
List objects visible from the current session.
Optionally apply a set of provided filters
which select objects
based on their attributes.
https://developers.yubico.com/YubiHSM2/Commands/List_Objects.html
Put an existing asymmetric key into the HSM.
https://developers.yubico.com/YubiHSM2/Commands/Put_Asymmetric.html
pub fn put_authentication_key<K>(
&self,
key_id: u16,
label: Label,
domains: Domain,
capabilities: Capability,
delegated_capabilities: Capability,
algorithm: Algorithm,
authentication_key: K
) -> Result<u16, Error<ErrorKind>> where
K: Into<Key>,
pub fn put_authentication_key<K>(
&self,
key_id: u16,
label: Label,
domains: Domain,
capabilities: Capability,
delegated_capabilities: Capability,
algorithm: Algorithm,
authentication_key: K
) -> Result<u16, Error<ErrorKind>> where
K: Into<Key>,
Put an existing authentication::Key
into the HSM.
https://developers.yubico.com/YubiHSM2/Commands/Put_Authentication_Key.html
Put an existing HMAC key into the HSM.
https://developers.yubico.com/YubiHSM2/Commands/Put_Hmac_Key.html
Put an opaque object (X.509 certificate or other bytestring) into the HSM.
https://developers.yubico.com/YubiHSM2/Commands/Put_Opaque.html
Put an existing OTP AEAD key into the HSM.
https://developers.yubico.com/YubiHSM2/Commands/Put_Otp_Aead_Key.html
Put an existing wrap key into the HSM.
https://developers.yubico.com/YubiHSM2/Commands/Put_Wrap_Key.html
Put a template object (i.e. for SSH CA) into the HSM.
Use the yubihsm::ssh::Template
type for SSH CA templates.
https://developers.yubico.com/YubiHSM2/Commands/Put_Template.html
Reset the HSM to a factory default state and reboot, clearing all stored objects and restoring the default auth key.
WARNING: This wipes all keys and other data from the HSM! Make absolutely sure you want to use this!
https://developers.yubico.com/YubiHSM2/Commands/Reset_Device.html
Reset the HSM to a factory default state and reboot, clearing all stored objects and restoring the default auth key. This method further attempts to wait for the HSM to finish resetting and then attempts to reauthenticate with the default credentials.
Upon successfully resetting the device and autenticating using the
default administrator credentials in key slot 0x01, a new
yubihsm::Client
is returned.
WARNING: This wipes all keys and other data from the HSM! Make absolutely sure you want to use this!
https://developers.yubico.com/YubiHSM2/Commands/Reset_Device.html
pub fn set_command_audit_option(
&self,
command: Code,
audit_option: AuditOption
) -> Result<(), Error<ErrorKind>>
pub fn set_command_audit_option(
&self,
command: Code,
audit_option: AuditOption
) -> Result<(), Error<ErrorKind>>
Configure the audit policy settings for a particular command, e.g. auditing
should be On
, Off
, or Fix
(i.e. fixed permanently on).
https://developers.yubico.com/YubiHSM2/Commands/Set_Option.html
Put the forced auditing global option: when enabled, the device will refuse operations if the log store becomes full.
Options are On
, Off
, or Fix
(i.e. fixed permanently on)
https://developers.yubico.com/YubiHSM2/Commands/Put_Option.html
Set the index of the last consumed index of the HSM audit log.
https://developers.yubico.com/YubiHSM2/Commands/Set_Log_Index.html
pub fn sign_attestation_certificate(
&self,
key_id: u16,
attestation_key_id: Option<u16>
) -> Result<Certificate, Error<ErrorKind>>
pub fn sign_attestation_certificate(
&self,
key_id: u16,
attestation_key_id: Option<u16>
) -> Result<Certificate, Error<ErrorKind>>
Obtain an X.509 attestation certificate for a key within the HSM. This can be used to demonstrate that a given key was generated by and stored within a HSM in a non-exportable manner.
The key_id
is the subject key for which an attestation certificate
is created, and theattestation_key_id
will be used to sign the
attestation certificate.
If no attestation key is given, the device’s default attestation key will be used, and can be verified against Yubico’s certificate.
https://developers.yubico.com/YubiHSM2/Commands/Sign_Attestation_Certificate.html
Compute an ECDSA signature of the given digest (i.e. a precomputed SHA-2 digest)
https://developers.yubico.com/YubiHSM2/Commands/Sign_Ecdsa.html
Security Warning
This is a low-level ECDSA API, and if used incorrectly could potentially result in forgeable signatures.
We recommend using the [ecdsa::Signer
] type instead, which provides a
high-level, well-typed, misuse resistant API.
Compute an Ed25519 signature with the given key ID.
https://developers.yubico.com/YubiHSM2/Commands/Sign_Eddsa.html
Compute an HMAC tag of the given data with the given key ID.
https://developers.yubico.com/YubiHSM2/Commands/Sign_Hmac.html
Decrypt data which was encrypted (using AES-CCM) under a wrap key.
https://developers.yubico.com/YubiHSM2/Commands/Unwrap_Data.html
Verify an HMAC tag of the given data with the given key ID.
https://developers.yubico.com/YubiHSM2/Commands/Verify_Hmac.html
Trait Implementations
Auto Trait Implementations
impl !RefUnwindSafe for Client
impl !UnwindSafe for Client
Blanket Implementations
Mutably borrows from an owned value. Read more
Instruments this type with the provided Span
, returning an
Instrumented
wrapper. Read more
pub fn vzip(self) -> V
Attaches the provided Subscriber
to this type, returning a
WithDispatch
wrapper. Read more
Attaches the current default Subscriber
to this type, returning a
WithDispatch
wrapper. Read more