signstar_yubihsm2/object/
capability.rs

1//! YubiHSM2 object capabilities.
2
3use std::{collections::HashSet, hash::Hash};
4
5#[cfg(feature = "serde")]
6use serde::{Deserialize, Serialize};
7
8/// A capability of an object stored on a YubiHSM2.
9#[derive(Clone, Copy, Debug, Eq, Hash, PartialEq)]
10#[cfg_attr(feature = "serde", derive(Deserialize, Serialize))]
11#[cfg_attr(feature = "serde", serde(rename_all = "kebab-case"))]
12pub enum Capability {
13    /// The key can sign data.
14    Sign,
15
16    /// The object can be exported under wrap (encrypted).
17    Exportable,
18
19    /// The key can be used to export other objects under wrap.
20    ///
21    /// Note that both the authentication key used for export *and* the wrapping key need to be
22    /// capable of export.
23    Export,
24
25    /// The key can be used to import other objects under wrap.
26    ///
27    /// Note that both the authentication key used for import *and* the wrapping key need to be
28    /// capable of import.
29    Import,
30}
31
32impl From<Capability> for yubihsm::Capability {
33    fn from(value: Capability) -> Self {
34        match value {
35            Capability::Sign => yubihsm::Capability::SIGN_EDDSA,
36            Capability::Exportable => yubihsm::Capability::EXPORTABLE_UNDER_WRAP,
37            Capability::Export => yubihsm::Capability::EXPORT_WRAPPED,
38            Capability::Import => yubihsm::Capability::IMPORT_WRAPPED,
39        }
40    }
41}
42
43/// A set of capabilities of an object on a YubiHSM2.
44#[derive(Clone, Debug, Eq, PartialEq)]
45#[cfg_attr(feature = "serde", derive(Deserialize, Serialize))]
46pub struct Capabilities(HashSet<Capability>);
47
48impl From<&Capabilities> for yubihsm::Capability {
49    fn from(value: &Capabilities) -> Self {
50        value
51            .0
52            .iter()
53            .map(|cap| yubihsm::Capability::from(*cap))
54            .fold(yubihsm::Capability::empty(), |acc, c| acc | c)
55    }
56}
signstar_yubihsm2/object/capability.rs

signstar_yubihsm2/object/
capability.rs
