Skip to main content

signstar_crypto/key/base/
nethsm.rs

1//! NetHSM specific integration for cryptographic keys.
2
3use nethsm_sdk_rs::models::SignMode;
4
5use crate::key::{
6    Error,
7    base::{DecryptMode, EncryptMode, KeyMechanism, KeyType, SignatureType},
8};
9
10impl TryFrom<KeyType> for nethsm_sdk_rs::models::KeyType {
11    type Error = crate::Error;
12
13    fn try_from(value: KeyType) -> Result<Self, Self::Error> {
14        Ok(match value {
15            KeyType::Curve25519 => Self::Curve25519,
16            KeyType::EcBp256 | KeyType::EcBp384 | KeyType::EcBp512 | KeyType::EcK256 => {
17                return Err(Error::UnsupportedKeyType(value).into());
18            }
19            KeyType::EcP224 => Self::EcP224,
20            KeyType::EcP256 => Self::EcP256,
21            KeyType::EcP384 => Self::EcP384,
22            KeyType::EcP521 => Self::EcP521,
23            KeyType::Generic => Self::Generic,
24            KeyType::Rsa => Self::Rsa,
25        })
26    }
27}
28
29impl TryFrom<nethsm_sdk_rs::models::KeyType> for KeyType {
30    type Error = crate::Error;
31
32    /// Creates a [`KeyType`] from a [`nethsm_sdk_rs::models::KeyType`].
33    ///
34    /// # Panics
35    ///
36    /// Panics if `value` is [`nethsm_sdk_rs::models::KeyType::EcP224`].
37    /// This variant is about to be removed from [`nethsm_sdk_rs::models::KeyType`] and [`KeyType`]
38    /// does not support it.
39    fn try_from(value: nethsm_sdk_rs::models::KeyType) -> Result<Self, Self::Error> {
40        Ok(match value {
41            nethsm_sdk_rs::models::KeyType::Curve25519 => Self::Curve25519,
42            nethsm_sdk_rs::models::KeyType::EcP224 => Self::EcP224,
43            nethsm_sdk_rs::models::KeyType::EcP256 => Self::EcP256,
44            nethsm_sdk_rs::models::KeyType::EcP384 => Self::EcP384,
45            nethsm_sdk_rs::models::KeyType::EcP521 => Self::EcP521,
46            nethsm_sdk_rs::models::KeyType::Generic => Self::Generic,
47            nethsm_sdk_rs::models::KeyType::Rsa => Self::Rsa,
48        })
49    }
50}
51
52impl TryFrom<&nethsm_sdk_rs::models::KeyMechanism> for KeyMechanism {
53    type Error = crate::Error;
54    fn try_from(value: &nethsm_sdk_rs::models::KeyMechanism) -> Result<Self, Self::Error> {
55        Ok(match value {
56            nethsm_sdk_rs::models::KeyMechanism::AesDecryptionCbc => Self::AesDecryptionCbc,
57            nethsm_sdk_rs::models::KeyMechanism::AesEncryptionCbc => Self::AesEncryptionCbc,
58            nethsm_sdk_rs::models::KeyMechanism::EcdsaSignature => Self::EcdsaSignature,
59            nethsm_sdk_rs::models::KeyMechanism::EdDsaSignature => Self::EdDsaSignature,
60            nethsm_sdk_rs::models::KeyMechanism::RsaDecryptionOaepMd5 => Self::RsaDecryptionOaepMd5,
61            nethsm_sdk_rs::models::KeyMechanism::RsaDecryptionOaepSha1 => {
62                Self::RsaDecryptionOaepSha1
63            }
64            nethsm_sdk_rs::models::KeyMechanism::RsaDecryptionOaepSha224 => {
65                Self::RsaDecryptionOaepSha224
66            }
67            nethsm_sdk_rs::models::KeyMechanism::RsaDecryptionOaepSha256 => {
68                Self::RsaDecryptionOaepSha256
69            }
70            nethsm_sdk_rs::models::KeyMechanism::RsaDecryptionOaepSha384 => {
71                Self::RsaDecryptionOaepSha384
72            }
73            nethsm_sdk_rs::models::KeyMechanism::RsaDecryptionOaepSha512 => {
74                Self::RsaDecryptionOaepSha512
75            }
76            nethsm_sdk_rs::models::KeyMechanism::RsaDecryptionPkcs1 => Self::RsaDecryptionPkcs1,
77            nethsm_sdk_rs::models::KeyMechanism::RsaDecryptionRaw => Self::RsaDecryptionRaw,
78            nethsm_sdk_rs::models::KeyMechanism::RsaSignaturePkcs1 => Self::RsaSignaturePkcs1,
79            nethsm_sdk_rs::models::KeyMechanism::RsaSignaturePssSha1 => Self::RsaSignaturePssSha1,
80            nethsm_sdk_rs::models::KeyMechanism::RsaSignaturePssSha224 => {
81                Self::RsaSignaturePssSha224
82            }
83            nethsm_sdk_rs::models::KeyMechanism::RsaSignaturePssSha256 => {
84                Self::RsaSignaturePssSha256
85            }
86            nethsm_sdk_rs::models::KeyMechanism::RsaSignaturePssSha384 => {
87                Self::RsaSignaturePssSha384
88            }
89            nethsm_sdk_rs::models::KeyMechanism::RsaSignaturePssSha512 => {
90                Self::RsaSignaturePssSha512
91            }
92            nethsm_sdk_rs::models::KeyMechanism::RsaSignaturePssMd5 => {
93                return Err(Error::UnsupportedNetHsmKeyMechanism(*value).into());
94            }
95        })
96    }
97}
98
99impl From<KeyMechanism> for nethsm_sdk_rs::models::KeyMechanism {
100    fn from(value: KeyMechanism) -> Self {
101        match value {
102            KeyMechanism::AesDecryptionCbc => Self::AesDecryptionCbc,
103            KeyMechanism::AesEncryptionCbc => Self::AesEncryptionCbc,
104            KeyMechanism::EcdsaSignature => Self::EcdsaSignature,
105            KeyMechanism::EdDsaSignature => Self::EdDsaSignature,
106            KeyMechanism::RsaDecryptionOaepMd5 => Self::RsaDecryptionOaepMd5,
107            KeyMechanism::RsaDecryptionOaepSha1 => Self::RsaDecryptionOaepSha1,
108            KeyMechanism::RsaDecryptionOaepSha224 => Self::RsaDecryptionOaepSha224,
109            KeyMechanism::RsaDecryptionOaepSha256 => Self::RsaDecryptionOaepSha256,
110            KeyMechanism::RsaDecryptionOaepSha384 => Self::RsaDecryptionOaepSha384,
111            KeyMechanism::RsaDecryptionOaepSha512 => Self::RsaDecryptionOaepSha512,
112            KeyMechanism::RsaDecryptionPkcs1 => Self::RsaDecryptionPkcs1,
113            KeyMechanism::RsaDecryptionRaw => Self::RsaDecryptionRaw,
114            KeyMechanism::RsaSignaturePkcs1 => Self::RsaSignaturePkcs1,
115            KeyMechanism::RsaSignaturePssSha1 => Self::RsaSignaturePssSha1,
116            KeyMechanism::RsaSignaturePssSha224 => Self::RsaSignaturePssSha224,
117            KeyMechanism::RsaSignaturePssSha256 => Self::RsaSignaturePssSha256,
118            KeyMechanism::RsaSignaturePssSha384 => Self::RsaSignaturePssSha384,
119            KeyMechanism::RsaSignaturePssSha512 => Self::RsaSignaturePssSha512,
120        }
121    }
122}
123
124impl TryFrom<SignatureType> for SignMode {
125    type Error = crate::Error;
126
127    /// Creates a [`SignMode`] from a [`SignatureType`].
128    ///
129    /// # Note
130    ///
131    /// The more specific [`SignatureType::EcdsaP256`], [`SignatureType::EcdsaP384`] and
132    /// [`SignatureType::EcdsaP521`] are returned as [`SignMode::Ecdsa`].
133    ///
134    /// # Errors
135    ///
136    /// Returns an error if an unsupported SignatureType is encountered
137    fn try_from(value: SignatureType) -> Result<Self, Self::Error> {
138        Ok(match value {
139            SignatureType::Pkcs1 => SignMode::Pkcs1,
140            SignatureType::PssSha1 => SignMode::PssSha1,
141            SignatureType::PssSha224 => SignMode::PssSha224,
142            SignatureType::PssSha256 => SignMode::PssSha256,
143            SignatureType::PssSha384 => SignMode::PssSha384,
144            SignatureType::PssSha512 => SignMode::PssSha512,
145            SignatureType::EdDsa => SignMode::EdDsa,
146            SignatureType::EcdsaP224
147            | SignatureType::EcdsaP256
148            | SignatureType::EcdsaP384
149            | SignatureType::EcdsaP521 => SignMode::Ecdsa,
150            SignatureType::EcdsaK256 => {
151                return Err(Error::UnsupportedSignatureType {
152                    signature_type: SignatureType::EcdsaK256,
153                    context: "the NetHSM backend does not support it",
154                }
155                .into());
156            }
157        })
158    }
159}
160
161impl From<EncryptMode> for nethsm_sdk_rs::models::EncryptMode {
162    fn from(value: EncryptMode) -> Self {
163        match value {
164            EncryptMode::AesCbc => Self::AesCbc,
165        }
166    }
167}
168
169impl From<DecryptMode> for nethsm_sdk_rs::models::DecryptMode {
170    fn from(value: DecryptMode) -> Self {
171        match value {
172            DecryptMode::AesCbc => Self::AesCbc,
173            DecryptMode::OaepMd5 => Self::OaepMd5,
174            DecryptMode::OaepSha1 => Self::OaepSha1,
175            DecryptMode::OaepSha224 => Self::OaepSha224,
176            DecryptMode::OaepSha256 => Self::OaepSha256,
177            DecryptMode::OaepSha384 => Self::OaepSha384,
178            DecryptMode::OaepSha512 => Self::OaepSha512,
179            DecryptMode::Pkcs1 => Self::Pkcs1,
180            DecryptMode::Raw => Self::Raw,
181        }
182    }
183}