Skip to main content

neuron_crypto_hardware/
lib.rs

1#![deny(missing_docs)]
2//! Stub crypto provider for PKCS#11 / YubiKey PIV hardware tokens.
3//!
4//! This crate provides the correct trait impl shape for a hardware crypto provider.
5//! The actual PKCS#11/YubiKey integration is not implemented — all operations return
6//! `CryptoError::UnsupportedOperation`.
7
8use async_trait::async_trait;
9use neuron_crypto::{CryptoError, CryptoProvider};
10
11/// Stub for PKCS#11 / YubiKey PIV hardware tokens.
12pub struct HardwareProvider {
13    _slot: String,
14}
15
16impl HardwareProvider {
17    /// Create a new hardware provider (stub).
18    pub fn new(slot: impl Into<String>) -> Self {
19        Self { _slot: slot.into() }
20    }
21}
22
23#[async_trait]
24impl CryptoProvider for HardwareProvider {
25    async fn sign(
26        &self,
27        _key_ref: &str,
28        _algorithm: &str,
29        _data: &[u8],
30    ) -> Result<Vec<u8>, CryptoError> {
31        Err(CryptoError::UnsupportedOperation(
32            "HardwareProvider is a stub".into(),
33        ))
34    }
35
36    async fn verify(
37        &self,
38        _key_ref: &str,
39        _algorithm: &str,
40        _data: &[u8],
41        _signature: &[u8],
42    ) -> Result<bool, CryptoError> {
43        Err(CryptoError::UnsupportedOperation(
44            "HardwareProvider is a stub".into(),
45        ))
46    }
47
48    async fn encrypt(&self, _key_ref: &str, _plaintext: &[u8]) -> Result<Vec<u8>, CryptoError> {
49        Err(CryptoError::UnsupportedOperation(
50            "HardwareProvider is a stub".into(),
51        ))
52    }
53
54    async fn decrypt(&self, _key_ref: &str, _ciphertext: &[u8]) -> Result<Vec<u8>, CryptoError> {
55        Err(CryptoError::UnsupportedOperation(
56            "HardwareProvider is a stub".into(),
57        ))
58    }
59}
60
61#[cfg(test)]
62mod tests {
63    use super::*;
64    use std::sync::Arc;
65
66    fn _assert_send_sync<T: Send + Sync>() {}
67
68    #[test]
69    fn object_safety() {
70        _assert_send_sync::<Box<dyn CryptoProvider>>();
71        _assert_send_sync::<Arc<dyn CryptoProvider>>();
72        let _: Arc<dyn CryptoProvider> = Arc::new(HardwareProvider::new("9a"));
73    }
74
75    #[tokio::test]
76    async fn sign_returns_stub_error() {
77        let provider = HardwareProvider::new("9a");
78        let err = provider
79            .sign("key-1", "ed25519", b"data")
80            .await
81            .unwrap_err();
82        assert!(matches!(err, CryptoError::UnsupportedOperation(_)));
83        assert!(err.to_string().contains("stub"));
84    }
85
86    #[tokio::test]
87    async fn verify_returns_stub_error() {
88        let provider = HardwareProvider::new("9a");
89        let err = provider
90            .verify("key-1", "ed25519", b"data", b"sig")
91            .await
92            .unwrap_err();
93        assert!(matches!(err, CryptoError::UnsupportedOperation(_)));
94    }
95
96    #[tokio::test]
97    async fn encrypt_returns_stub_error() {
98        let provider = HardwareProvider::new("9a");
99        let err = provider.encrypt("key-1", b"plaintext").await.unwrap_err();
100        assert!(matches!(err, CryptoError::UnsupportedOperation(_)));
101    }
102
103    #[tokio::test]
104    async fn decrypt_returns_stub_error() {
105        let provider = HardwareProvider::new("9a");
106        let err = provider.decrypt("key-1", b"ciphertext").await.unwrap_err();
107        assert!(matches!(err, CryptoError::UnsupportedOperation(_)));
108    }
109}