signstar_yubihsm2/object/
capability.rs

1//! YubiHSM2 object capabilities.
2
3use std::{collections::HashSet, hash::Hash};
4
5use serde::{Deserialize, Serialize};
6
7/// A capability of an object stored on a YubiHSM2.
8#[derive(Clone, Copy, Debug, Deserialize, Eq, Hash, PartialEq, Serialize)]
9#[serde(rename_all = "kebab-case")]
10pub enum Capability {
11    /// The key can sign data.
12    Sign,
13
14    /// The object can be exported under wrap (encrypted).
15    Exportable,
16
17    /// The key can be used to export other objects under wrap.
18    ///
19    /// Note that both the authentication key used for export *and* the wrapping key need to be
20    /// capable of export.
21    Export,
22
23    /// The key can be used to import other objects under wrap.
24    ///
25    /// Note that both the authentication key used for import *and* the wrapping key need to be
26    /// capable of import.
27    Import,
28}
29
30impl From<Capability> for yubihsm::Capability {
31    fn from(value: Capability) -> Self {
32        match value {
33            Capability::Sign => yubihsm::Capability::SIGN_EDDSA,
34            Capability::Exportable => yubihsm::Capability::EXPORTABLE_UNDER_WRAP,
35            Capability::Export => yubihsm::Capability::EXPORT_WRAPPED,
36            Capability::Import => yubihsm::Capability::IMPORT_WRAPPED,
37        }
38    }
39}
40
41/// A set of capabilities of an object on a YubiHSM2.
42#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
43pub struct Capabilities(HashSet<Capability>);
44
45impl From<&Capabilities> for yubihsm::Capability {
46    fn from(value: &Capabilities) -> Self {
47        value
48            .0
49            .iter()
50            .map(|cap| yubihsm::Capability::from(*cap))
51            .fold(yubihsm::Capability::empty(), |acc, c| acc | c)
52    }
53}
signstar_yubihsm2/object/capability.rs

signstar_yubihsm2/object/
capability.rs
