1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57

//! Verify HMAC tag for the given input data
//!
//! <https://developers.yubico.com/YubiHSM2/Commands/Verify_Hmac.html>

use super::hmac::HMACTag;
use super::{Command, Response};
use {Adapter, CommandType, ObjectId, Session, SessionError};

/// Verify an HMAC tag of the given data with the given key ID
pub fn verify_hmac<A, D, T>(
    session: &mut Session<A>,
    key_id: ObjectId,
    data: D,
    tag: T,
) -> Result<(), SessionError>
where
    A: Adapter,
    D: Into<Vec<u8>>,
    T: Into<HMACTag>,
{
    let result = session.send_command(VerifyHMACCommand {
        key_id,
        tag: tag.into(),
        data: data.into(),
    })?;

    if result.0 == 1 {
        Ok(())
    } else {
        Err(command_err!(ResponseError, "HMAC verification failure"))
    }
}

/// Request parameters for `commands::hmac`
#[derive(Serialize, Deserialize, Debug)]
pub(crate) struct VerifyHMACCommand {
    /// ID of the key to verify the HMAC tag with
    pub key_id: ObjectId,

    /// HMAC tag to be verified
    pub tag: HMACTag,

    /// Data to be authenticated
    pub data: Vec<u8>,
}

impl Command for VerifyHMACCommand {
    type ResponseType = VerifyHMACResponse;
}

/// HMAC tags
#[derive(Serialize, Deserialize, Debug)]
pub(crate) struct VerifyHMACResponse(pub(crate) u8);

impl Response for VerifyHMACResponse {
    const COMMAND_TYPE: CommandType = CommandType::VerifyHMAC;
}