Trait HsmSigner

Source

pub trait HsmSigner {
    // Required methods
    fn sign(&self, key: &HsmKeyPair, digest: &[u8]) -> HsmResult<Vec<u8>>;
    fn sign_with_mechanism(
        &self,
        key: &HsmKeyPair,
        digest: &[u8],
        mechanism: &Mechanism<'_>,
    ) -> HsmResult<Vec<u8>>;
    fn wrap_key_aes(
        &self,
        session: &Session,
        wrapping_key: ObjectHandle,
        key_to_wrap: ObjectHandle,
    ) -> HsmResult<Vec<u8>>;
    fn wrap_key_rsa_oaep(
        &self,
        session: &Session,
        wrapping_key: ObjectHandle,
        key_to_wrap: ObjectHandle,
    ) -> HsmResult<Vec<u8>>;
    fn ml_kem_encapsulate(
        &self,
        session: &Session,
        public_key: ObjectHandle,
        pqc_mechanisms: &PqcMechanismIds,
    ) -> HsmResult<(Vec<u8>, Vec<u8>)>;
    fn ml_kem_decapsulate(
        &self,
        session: &Session,
        private_key: ObjectHandle,
        ciphertext: &[u8],
        pqc_mechanisms: &PqcMechanismIds,
    ) -> HsmResult<Vec<u8>>;
}

Expand description

HSM signer trait.

Required Methods§

Source

fn sign(&self, key: &HsmKeyPair, digest: &[u8]) -> HsmResult<Vec<u8>>

Sign a message digest.

§Arguments

key - Key pair to sign with
digest - Pre-computed message digest

§Returns

The signature bytes.

Source

fn sign_with_mechanism( &self, key: &HsmKeyPair, digest: &[u8], mechanism: &Mechanism<'_>, ) -> HsmResult<Vec<u8>>

Sign a message digest with a specific mechanism.

Source

fn wrap_key_aes( &self, session: &Session, wrapping_key: ObjectHandle, key_to_wrap: ObjectHandle, ) -> HsmResult<Vec<u8>>

Wrap a key using AES Key Wrap (RFC 3394).

Used for wrapping ML-KEM private keys during /serverkeygen.

Source

fn wrap_key_rsa_oaep( &self, session: &Session, wrapping_key: ObjectHandle, key_to_wrap: ObjectHandle, ) -> HsmResult<Vec<u8>>

Wrap a key using RSAES-OAEP.

Source

fn ml_kem_encapsulate( &self, session: &Session, public_key: ObjectHandle, pqc_mechanisms: &PqcMechanismIds, ) -> HsmResult<(Vec<u8>, Vec<u8>)>

ML-KEM encapsulate operation.

§Arguments

session - PKCS#11 session
public_key - ML-KEM public key

§Returns

(ciphertext, shared_secret) tuple.

Source

fn ml_kem_decapsulate( &self, session: &Session, private_key: ObjectHandle, ciphertext: &[u8], pqc_mechanisms: &PqcMechanismIds, ) -> HsmResult<Vec<u8>>

ML-KEM decapsulate operation.

§Arguments

session - PKCS#11 session
private_key - ML-KEM private key
ciphertext - Ciphertext from encapsulate

§Returns

The shared secret.

Implementors§

Source §

HsmSigner

Trait HsmSigner Copy item path

Required Methods§

fn sign(&self, key: &HsmKeyPair, digest: &[u8]) -> HsmResult<Vec<u8>>

§Arguments

§Returns

fn sign_with_mechanism( &self, key: &HsmKeyPair, digest: &[u8], mechanism: &Mechanism<'_>, ) -> HsmResult<Vec<u8>>

fn wrap_key_aes( &self, session: &Session, wrapping_key: ObjectHandle, key_to_wrap: ObjectHandle, ) -> HsmResult<Vec<u8>>

fn wrap_key_rsa_oaep( &self, session: &Session, wrapping_key: ObjectHandle, key_to_wrap: ObjectHandle, ) -> HsmResult<Vec<u8>>

fn ml_kem_encapsulate( &self, session: &Session, public_key: ObjectHandle, pqc_mechanisms: &PqcMechanismIds, ) -> HsmResult<(Vec<u8>, Vec<u8>)>

§Arguments

§Returns

fn ml_kem_decapsulate( &self, session: &Session, private_key: ObjectHandle, ciphertext: &[u8], pqc_mechanisms: &PqcMechanismIds, ) -> HsmResult<Vec<u8>>

§Arguments

§Returns

Implementors§

impl HsmSigner for DefaultHsmSigner

Trait HsmSigner