Struct ockam_vault::SoftwareVault

pub struct SoftwareVault { /* fields omitted */ }

Vault implementation that stores secrets in memory and uses software crypto.

Examples

use ockam_vault::SoftwareVault;
use ockam_vault_core::{SecretAttributes, SecretType, SecretPersistence, CURVE25519_SECRET_LENGTH, SecretVault, Signer, Verifier};

fn example() -> ockam_core::Result<()> {
    let mut vault = SoftwareVault::default();

    let mut attributes = SecretAttributes::new(
        SecretType::Curve25519,
        SecretPersistence::Ephemeral,
        CURVE25519_SECRET_LENGTH,
    );

    let secret = vault.secret_generate(attributes)?;
    let public = vault.secret_public_key_get(&secret)?;

    let data = "Very important stuff".as_bytes();

    let signature = vault.sign(&secret, data)?;
    assert!(vault.verify(&signature, &public, data)?);

    Ok(())
}

Implementations

impl SoftwareVault

pub fn error_domain_static() -> &'static str

Return the error domain for this Vault

impl SoftwareVault

pub fn new() -> Self

Create a new SoftwareVault

Trait Implementations

impl AsymmetricVault for SoftwareVault

fn ec_diffie_hellman(
    &mut self,
    context: &Secret,
    peer_public_key: &PublicKey
) -> Result<Secret>

Compute Elliptic-Curve Diffie-Hellman using this secret key and the specified uncompressed public key

impl Debug for SoftwareVault

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Default for SoftwareVault

fn default() -> Self

Returns the “default value” for a type.

impl Drop for SoftwareVault

fn drop(&mut self)

Executes the destructor for this type.

impl ErrorVault for SoftwareVault

fn error_domain(&self) -> &'static str

Returns the appropriate error domain of this vault.

impl Hasher for SoftwareVault

fn sha256(&mut self, data: &[u8]) -> Result<[u8; 32]>

Compute the SHA-256 digest given input data

fn hkdf_sha256(
    &mut self,
    salt: &Secret,
    info: &[u8],
    ikm: Option<&Secret>,
    output_attributes: Vec<SecretAttributes>
) -> Result<Vec<Secret>>

Compute sha256. Salt and Ikm should be of Buffer type. Output secrets should be only of type Buffer or AES

impl KeyIdVault for SoftwareVault

fn get_secret_by_key_id(&mut self, key_id: &str) -> Result<Secret>

Return Secret for given key id

fn compute_key_id_for_public_key(
    &mut self,
    public_key: &PublicKey
) -> Result<KeyId>

Return KeyId for given public key

impl SecretVault for SoftwareVault

fn secret_generate(&mut self, attributes: SecretAttributes) -> Result<Secret>

Generate fresh secret. Only Curve25519 and Buffer types are supported

fn secret_import(
    &mut self,
    secret: &[u8],
    attributes: SecretAttributes
) -> Result<Secret>

Import a secret with given attributes from binary form into the vault

fn secret_export(&mut self, context: &Secret) -> Result<SecretKey>

Export a secret key to the binary form represented as SecretKey

fn secret_attributes_get(
    &mut self,
    context: &Secret
) -> Result<SecretAttributes>

Get the attributes for a secret

fn secret_public_key_get(&mut self, context: &Secret) -> Result<PublicKey>

Extract public key from secret. Only Curve25519 type is supported

fn secret_destroy(&mut self, context: Secret) -> Result<()>

Remove secret from memory

impl Signer for SoftwareVault

fn sign(&mut self, secret_key: &Secret, data: &[u8]) -> Result<[u8; 64]>

Sign data with xeddsa algorithm. Only curve25519 is supported.

impl SymmetricVault for SoftwareVault

fn aead_aes_gcm_encrypt(
    &mut self,
    context: &Secret,
    plaintext: &[u8],
    nonce: &[u8],
    aad: &[u8]
) -> Result<Buffer<u8>>

Encrypt a payload using AES-GCM

fn aead_aes_gcm_decrypt(
    &mut self,
    context: &Secret,
    cipher_text: &[u8],
    nonce: &[u8],
    aad: &[u8]
) -> Result<Buffer<u8>>

Decrypt a payload using AES-GCM

impl Verifier for SoftwareVault

fn verify(
    &mut self,
    signature: &[u8; 64],
    public_key: &PublicKey,
    data: &[u8]
) -> Result<bool>

Verify signature with xeddsa algorithm. Only curve25519 is supported.

impl Zeroize for SoftwareVault

fn zeroize(&mut self)

Zero out this object from memory using Rust intrinsics which ensure the zeroization operation is not “optimized away” by the compiler.