[−][src]Struct yubihsm::client::Client
YubiHSM client: main API in this crate for accessing functions of the HSM hardware device.
Methods
impl Client
[src]
pub fn open<C>(
connector: C,
credentials: Credentials,
reconnect: bool
) -> Result<Self, ClientError> where
C: Into<Box<dyn Connector>>,
[src]
connector: C,
credentials: Credentials,
reconnect: bool
) -> Result<Self, ClientError> where
C: Into<Box<dyn Connector>>,
Open a connection via a Connector to a YubiHSM, returning a yubihsm::Client
.
Valid Connector
types are: HttpConnector, UsbConnector, and MockHsm.
pub fn create<C>(
connector: C,
credentials: Credentials
) -> Result<Self, ClientError> where
C: Into<Box<dyn Connector>>,
[src]
connector: C,
credentials: Credentials
) -> Result<Self, ClientError> where
C: Into<Box<dyn Connector>>,
Create a yubihsm::Client
, but defer connecting until connect()
is called.
pub fn connect(&mut self) -> Result<(), ClientError>
[src]
Connect to the HSM (idempotently, i.e. returns success if we have an open connection already)
pub fn is_connected(&self) -> bool
[src]
Are we currently connected to the HSM?
pub fn session_id(&self) -> Option<SessionId>
[src]
Get the current session ID (if we have an open session).
pub fn session(&mut self) -> Result<&mut Session, ClientError>
[src]
Get current Session
(either opening a new one or returning an already
open one).
pub fn ping(&mut self) -> Result<Duration, ClientError>
[src]
Ping the HSM, ensuring we have a live connection and returning the end-to-end latency.
pub fn blink_device(&mut self, num_seconds: u8) -> Result<(), ClientError>
[src]
Blink the HSM's LEDs (to identify it) for the given number of seconds.
https://developers.yubico.com/YubiHSM2/Commands/Blink_Device.html
pub fn delete_object(
&mut self,
object_id: ObjectId,
object_type: ObjectType
) -> Result<(), ClientError>
[src]
&mut self,
object_id: ObjectId,
object_type: ObjectType
) -> Result<(), ClientError>
Delete an object of the given ID and type.
https://developers.yubico.com/YubiHSM2/Commands/Delete_Object.html
pub fn device_info(&mut self) -> Result<DeviceInfoResponse, ClientError>
[src]
Get information about the HSM device.
https://developers.yubico.com/YubiHSM2/Commands/Device_Info.html
pub fn echo<M>(&mut self, msg: M) -> Result<Vec<u8>, ClientError> where
M: Into<Vec<u8>>,
[src]
M: Into<Vec<u8>>,
Echo a message sent to the HSM.
pub fn export_wrapped(
&mut self,
wrap_key_id: ObjectId,
object_type: ObjectType,
object_id: ObjectId
) -> Result<WrapMessage, ClientError>
[src]
&mut self,
wrap_key_id: ObjectId,
object_type: ObjectType,
object_id: ObjectId
) -> Result<WrapMessage, ClientError>
Export an encrypted object from the HSM using the given key-wrapping key.
https://developers.yubico.com/YubiHSM2/Commands/Export_Wrapped.html
pub fn generate_asymmetric_key(
&mut self,
key_id: ObjectId,
label: ObjectLabel,
domains: Domain,
capabilities: Capability,
algorithm: AsymmetricAlg
) -> Result<ObjectId, ClientError>
[src]
&mut self,
key_id: ObjectId,
label: ObjectLabel,
domains: Domain,
capabilities: Capability,
algorithm: AsymmetricAlg
) -> Result<ObjectId, ClientError>
Generate a new asymmetric key within the HSM.
https://developers.yubico.com/YubiHSM2/Commands/Generate_Asymmetric_Key.html
pub fn generate_hmac_key(
&mut self,
key_id: ObjectId,
label: ObjectLabel,
domains: Domain,
capabilities: Capability,
algorithm: HmacAlg
) -> Result<ObjectId, ClientError>
[src]
&mut self,
key_id: ObjectId,
label: ObjectLabel,
domains: Domain,
capabilities: Capability,
algorithm: HmacAlg
) -> Result<ObjectId, ClientError>
Generate a new HMAC key within the HSM.
https://developers.yubico.com/YubiHSM2/Commands/Generate_Hmac_Key.html
pub fn generate_wrap_key(
&mut self,
key_id: ObjectId,
label: ObjectLabel,
domains: Domain,
capabilities: Capability,
delegated_capabilities: Capability,
algorithm: WrapAlg
) -> Result<ObjectId, ClientError>
[src]
&mut self,
key_id: ObjectId,
label: ObjectLabel,
domains: Domain,
capabilities: Capability,
delegated_capabilities: Capability,
algorithm: WrapAlg
) -> Result<ObjectId, ClientError>
Generate a new wrap key within the HSM.
Delegated capabilities are the set of Capability
bits that an object is allowed to have
when imported or exported using the wrap key.
https://developers.yubico.com/YubiHSM2/Commands/Generate_Wrap_Key.html
pub fn get_log_entries(&mut self) -> Result<LogEntries, ClientError>
[src]
Get audit logs from the HSM device.
https://developers.yubico.com/YubiHSM2/Commands/Get_Log_Entries.html
pub fn get_object_info(
&mut self,
object_id: ObjectId,
object_type: ObjectType
) -> Result<ObjectInfo, ClientError>
[src]
&mut self,
object_id: ObjectId,
object_type: ObjectType
) -> Result<ObjectInfo, ClientError>
Get information about an object.
https://developers.yubico.com/YubiHSM2/Commands/Get_Object_Info.html
pub fn get_opaque(
&mut self,
object_id: ObjectId
) -> Result<Vec<u8>, ClientError>
[src]
&mut self,
object_id: ObjectId
) -> Result<Vec<u8>, ClientError>
Get an opaque object stored in the HSM.
https://developers.yubico.com/YubiHSM2/Commands/Get_Opaque.html
pub fn get_command_audit_option(
&mut self,
command: CommandCode
) -> Result<AuditOption, ClientError>
[src]
&mut self,
command: CommandCode
) -> Result<AuditOption, ClientError>
Get the audit policy setting for a particular command.
https://developers.yubico.com/YubiHSM2/Commands/Get_Option.html
pub fn get_commands_audit_options(
&mut self
) -> Result<Vec<AuditCommand>, ClientError>
[src]
&mut self
) -> Result<Vec<AuditCommand>, ClientError>
Get the audit policy settings for all commands.
https://developers.yubico.com/YubiHSM2/Commands/Get_Option.html
pub fn get_force_audit_option(&mut self) -> Result<AuditOption, ClientError>
[src]
Get the forced auditing global option: when enabled, the device will refuse operations if the [log store] becomes full.
https://developers.yubico.com/YubiHSM2/Commands/Get_Option.html [log store]: https://developers.yubico.com/YubiHSM2/Concepts/Logs.html
pub fn get_pseudo_random(
&mut self,
bytes: usize
) -> Result<Vec<u8>, ClientError>
[src]
&mut self,
bytes: usize
) -> Result<Vec<u8>, ClientError>
Get some number of bytes of pseudo random data generated on the device.
https://developers.yubico.com/YubiHSM2/Commands/Get_Pseudo_Random.html
pub fn get_public_key(
&mut self,
key_id: ObjectId
) -> Result<PublicKey, ClientError>
[src]
&mut self,
key_id: ObjectId
) -> Result<PublicKey, ClientError>
Get the public key for an asymmetric key stored on the device.
https://developers.yubico.com/YubiHSM2/Commands/Get_Public_Key.html
pub fn get_storage_info(
&mut self
) -> Result<GetStorageInfoResponse, ClientError>
[src]
&mut self
) -> Result<GetStorageInfoResponse, ClientError>
Get storage status (i.e. currently free storage) from the HSM device.
https://developers.yubico.com/YubiHSM2/Commands/Get_Storage_Info.html
pub fn import_wrapped<M>(
&mut self,
wrap_key_id: ObjectId,
wrap_message: M
) -> Result<ImportWrappedResponse, ClientError> where
M: Into<WrapMessage>,
[src]
&mut self,
wrap_key_id: ObjectId,
wrap_message: M
) -> Result<ImportWrappedResponse, ClientError> where
M: Into<WrapMessage>,
Import an encrypted object from the HSM using the given key-wrapping key.
https://developers.yubico.com/YubiHSM2/Commands/Import_Wrapped.html
pub fn list_objects(
&mut self,
filters: &[Filter]
) -> Result<Vec<ListObjectsEntry>, ClientError>
[src]
&mut self,
filters: &[Filter]
) -> Result<Vec<ListObjectsEntry>, ClientError>
List objects visible from the current session.
Optionally apply a set of provided filters
which select objects
based on their attributes.
https://developers.yubico.com/YubiHSM2/Commands/List_Objects.html
pub fn put_asymmetric_key<K>(
&mut self,
key_id: ObjectId,
label: ObjectLabel,
domains: Domain,
capabilities: Capability,
algorithm: AsymmetricAlg,
key_bytes: K
) -> Result<ObjectId, ClientError> where
K: Into<Vec<u8>>,
[src]
&mut self,
key_id: ObjectId,
label: ObjectLabel,
domains: Domain,
capabilities: Capability,
algorithm: AsymmetricAlg,
key_bytes: K
) -> Result<ObjectId, ClientError> where
K: Into<Vec<u8>>,
Put an existing asymmetric key into the HSM.
https://developers.yubico.com/YubiHSM2/Commands/Put_Asymmetric.html
pub fn put_authentication_key<K>(
&mut self,
key_id: ObjectId,
label: ObjectLabel,
domains: Domain,
capabilities: Capability,
delegated_capabilities: Capability,
algorithm: AuthenticationAlg,
authentication_key: K
) -> Result<ObjectId, ClientError> where
K: Into<AuthenticationKey>,
[src]
&mut self,
key_id: ObjectId,
label: ObjectLabel,
domains: Domain,
capabilities: Capability,
delegated_capabilities: Capability,
algorithm: AuthenticationAlg,
authentication_key: K
) -> Result<ObjectId, ClientError> where
K: Into<AuthenticationKey>,
Put an existing AuthenticationKey
into the HSM.
https://developers.yubico.com/YubiHSM2/Commands/Put_Authentication_Key.html
pub fn put_hmac_key<K>(
&mut self,
key_id: ObjectId,
label: ObjectLabel,
domains: Domain,
capabilities: Capability,
algorithm: HmacAlg,
key_bytes: K
) -> Result<ObjectId, ClientError> where
K: Into<Vec<u8>>,
[src]
&mut self,
key_id: ObjectId,
label: ObjectLabel,
domains: Domain,
capabilities: Capability,
algorithm: HmacAlg,
key_bytes: K
) -> Result<ObjectId, ClientError> where
K: Into<Vec<u8>>,
Put an existing HMAC key into the HSM.
https://developers.yubico.com/YubiHSM2/Commands/Put_Hmac_Key.html
pub fn put_opaque<B>(
&mut self,
object_id: ObjectId,
label: ObjectLabel,
domains: Domain,
capabilities: Capability,
algorithm: OpaqueAlg,
opaque_data: B
) -> Result<ObjectId, ClientError> where
B: Into<Vec<u8>>,
[src]
&mut self,
object_id: ObjectId,
label: ObjectLabel,
domains: Domain,
capabilities: Capability,
algorithm: OpaqueAlg,
opaque_data: B
) -> Result<ObjectId, ClientError> where
B: Into<Vec<u8>>,
Put an opaque object (X.509 certificate or other bytestring) into the HSM.
https://developers.yubico.com/YubiHSM2/Commands/Put_Opaque.html
pub fn put_force_audit_option(
&mut self,
option: AuditOption
) -> Result<(), ClientError>
[src]
&mut self,
option: AuditOption
) -> Result<(), ClientError>
Put the forced auditing global option: when enabled, the device will refuse operations if the [log store] becomes full.
Options are On
, Off
, or Fix
(i.e. fixed permanently on)
https://developers.yubico.com/YubiHSM2/Commands/Put_Option.html [log store]: https://developers.yubico.com/YubiHSM2/Concepts/Logs.html
pub fn put_otp_aead_key<K>(
&mut self,
key_id: ObjectId,
label: ObjectLabel,
domains: Domain,
capabilities: Capability,
algorithm: YubicoOtpAlg,
key_bytes: K
) -> Result<ObjectId, ClientError> where
K: Into<Vec<u8>>,
[src]
&mut self,
key_id: ObjectId,
label: ObjectLabel,
domains: Domain,
capabilities: Capability,
algorithm: YubicoOtpAlg,
key_bytes: K
) -> Result<ObjectId, ClientError> where
K: Into<Vec<u8>>,
Put an existing OTP AEAD key into the HSM.
https://developers.yubico.com/YubiHSM2/Commands/Put_Otp_Aead_Key.html
pub fn put_wrap_key<K>(
&mut self,
key_id: ObjectId,
label: ObjectLabel,
domains: Domain,
capabilities: Capability,
delegated_capabilities: Capability,
algorithm: WrapAlg,
key_bytes: K
) -> Result<ObjectId, ClientError> where
K: Into<Vec<u8>>,
[src]
&mut self,
key_id: ObjectId,
label: ObjectLabel,
domains: Domain,
capabilities: Capability,
delegated_capabilities: Capability,
algorithm: WrapAlg,
key_bytes: K
) -> Result<ObjectId, ClientError> where
K: Into<Vec<u8>>,
Put an existing wrap key into the HSM.
https://developers.yubico.com/YubiHSM2/Commands/Put_Wrap_Key.html
pub fn reset_device(&mut self) -> Result<(), ClientError>
[src]
Reset the HSM to a factory default state and reboot, clearing all stored objects and restoring the default auth key.
WARNING: This wipes all keys and other data from the HSM! Make absolutely sure you want to use this!
https://developers.yubico.com/YubiHSM2/Commands/Reset_Device.html
pub fn set_audit_option(
&mut self,
command: CommandCode,
audit_option: AuditOption
) -> Result<(), ClientError>
[src]
&mut self,
command: CommandCode,
audit_option: AuditOption
) -> Result<(), ClientError>
Configure the audit policy settings for a particular command, e.g. auditing
should be On
, Off
, or Fix
(i.e. fixed permanently on).
https://developers.yubico.com/YubiHSM2/Commands/Set_Option.html
pub fn set_log_index(&mut self, log_index: u16) -> Result<(), ClientError>
[src]
Set the index of the last consumed index of the HSM audit log.
https://developers.yubico.com/YubiHSM2/Commands/Set_Log_Index.html
pub fn sign_attestation_certificate(
&mut self,
key_id: ObjectId,
attestation_key_id: Option<ObjectId>
) -> Result<AttestationCertificate, ClientError>
[src]
&mut self,
key_id: ObjectId,
attestation_key_id: Option<ObjectId>
) -> Result<AttestationCertificate, ClientError>
Obtain an X.509 attestation certificate for a key within the HSM. This can be used to demonstrate that a given key was generated by and stored within a HSM in a non-exportable manner.
The key_id
is the subject key for which an attestation certificate
is created, and theattestation_key_id
will be used to sign the
attestation certificate.
If no attestation key is given, the device's default attestation key will be used, and can be verified against Yubico's certificate.
https://developers.yubico.com/YubiHSM2/Commands/Sign_Attestation_Certificate.html
pub fn sign_ecdsa<T>(
&mut self,
key_id: ObjectId,
digest: T
) -> Result<EcdsaSignature, ClientError> where
T: Into<Vec<u8>>,
[src]
&mut self,
key_id: ObjectId,
digest: T
) -> Result<EcdsaSignature, ClientError> where
T: Into<Vec<u8>>,
Compute an ECDSA signature of the given digest (i.e. a precomputed SHA-2 digest)
https://developers.yubico.com/YubiHSM2/Commands/Sign_Ecdsa.html
secp256k1 notes
The YubiHSM2 does not produce signatures in "low S" form, which is expected for most cryptocurrency applications (the typical use case for secp256k1).
If your application demands this (e.g. Bitcoin), you'll need to normalize
the signatures. One option for this is the secp256k1
crate's
Signature::normalize_s function.
The signatory-yubihsm crate automatically normalizes secp256k1 ECDSA signatures to "low S" form. Consider using that if you'd like a ready-made solution for cryptocurrency applications.
pub fn sign_ed25519<T>(
&mut self,
key_id: ObjectId,
data: T
) -> Result<Ed25519Signature, ClientError> where
T: Into<Vec<u8>>,
[src]
&mut self,
key_id: ObjectId,
data: T
) -> Result<Ed25519Signature, ClientError> where
T: Into<Vec<u8>>,
Compute an Ed25519 signature with the given key ID.
https://developers.yubico.com/YubiHSM2/Commands/Sign_Eddsa.html
pub fn sign_hmac<M>(
&mut self,
key_id: ObjectId,
msg: M
) -> Result<HmacTag, ClientError> where
M: Into<Vec<u8>>,
[src]
&mut self,
key_id: ObjectId,
msg: M
) -> Result<HmacTag, ClientError> where
M: Into<Vec<u8>>,
Compute an HMAC tag of the given data with the given key ID.
https://developers.yubico.com/YubiHSM2/Commands/Sign_Hmac.html
pub fn sign_rsa_pkcs1v15_sha256(
&mut self,
key_id: ObjectId,
data: &[u8]
) -> Result<RsaPkcs1Signature, ClientError>
[src]
&mut self,
key_id: ObjectId,
data: &[u8]
) -> Result<RsaPkcs1Signature, ClientError>
Compute an RSASSA-PKCS#1v1.5 signature of the SHA-256 hash of the given data.
WARNING: This method has not been tested and is not confirmed to actually work! Use at your own risk!
https://developers.yubico.com/YubiHSM2/Commands/Sign_Pkcs1.html
pub fn sign_rsa_pss_sha256(
&mut self,
key_id: ObjectId,
data: &[u8]
) -> Result<RsaPssSignature, ClientError>
[src]
&mut self,
key_id: ObjectId,
data: &[u8]
) -> Result<RsaPssSignature, ClientError>
Compute an RSASSA-PSS signature of the SHA-256 hash of the given data with the given key ID.
WARNING: This method has not been tested and is not confirmed to actually work! Use at your own risk!
https://developers.yubico.com/YubiHSM2/Commands/Sign_Pss.html
pub fn unwrap_data<M>(
&mut self,
wrap_key_id: ObjectId,
wrap_message: M
) -> Result<Vec<u8>, ClientError> where
M: Into<WrapMessage>,
[src]
&mut self,
wrap_key_id: ObjectId,
wrap_message: M
) -> Result<Vec<u8>, ClientError> where
M: Into<WrapMessage>,
Decrypt data which was encrypted (using AES-CCM) under a wrap key.
https://developers.yubico.com/YubiHSM2/Commands/Unwrap_Data.html
pub fn verify_hmac<M, T>(
&mut self,
key_id: ObjectId,
msg: M,
tag: T
) -> Result<(), ClientError> where
M: Into<Vec<u8>>,
T: Into<HmacTag>,
[src]
&mut self,
key_id: ObjectId,
msg: M,
tag: T
) -> Result<(), ClientError> where
M: Into<Vec<u8>>,
T: Into<HmacTag>,
Verify an HMAC tag of the given data with the given key ID.
https://developers.yubico.com/YubiHSM2/Commands/Verify_Hmac.html
pub fn wrap_data(
&mut self,
wrap_key_id: ObjectId,
plaintext: Vec<u8>
) -> Result<WrapMessage, ClientError>
[src]
&mut self,
wrap_key_id: ObjectId,
plaintext: Vec<u8>
) -> Result<WrapMessage, ClientError>
Encrypt data (with AES-CCM) using the given wrap key.
https://developers.yubico.com/YubiHSM2/Commands/Wrap_Data.html
Auto Trait Implementations
Blanket Implementations
impl<T, U> Into for T where
U: From<T>,
[src]
U: From<T>,
impl<T> From for T
[src]
impl<T, U> TryFrom for T where
U: Into<T>,
[src]
U: Into<T>,
type Error = !
try_from
)The type returned in the event of a conversion error.
fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>
[src]
impl<T> Borrow for T where
T: ?Sized,
[src]
T: ?Sized,
impl<T, U> TryInto for T where
U: TryFrom<T>,
[src]
U: TryFrom<T>,
type Error = <U as TryFrom<T>>::Error
try_from
)The type returned in the event of a conversion error.
fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>
[src]
impl<T> Any for T where
T: 'static + ?Sized,
[src]
T: 'static + ?Sized,
impl<T> BorrowMut for T where
T: ?Sized,
[src]
T: ?Sized,
fn borrow_mut(&mut self) -> &mut T
[src]
impl<T> Same for T
type Output = T
Should always be Self