Expand description
In order to support a variety of cryptographically capable hardware we maintain loose coupling between our protocols and how a specific building block is invoked in a specific hardware. This is achieved using an abstract Vault trait.
A concrete implementation of the Vault trait is called an Ockam Vault. Over time, and with help from the Ockam open source community, we plan to add vaults for several TEEs, TPMs, HSMs, and Secure Enclaves.
This crate provides the Vault FFI bindings following the “C” calling convention, and generates static and dynamic C linkable libraries.
Macros§
- check_
buffer - Safety macro which ensures a buffer is not null and not empty.
Structs§
- FfiOckam
Error - Error type relating to FFI specific failures.
Enums§
- FfiError
- Represents the failures that can occur in an Ockam FFI Vault.
Functions§
- ockam_
vault_ aead_ aes_ gcm_ decrypt - Decrypt a payload using AES-GCM.
- ockam_
vault_ aead_ aes_ gcm_ encrypt - Encrypt a payload using AES-GCM.
- ockam_
vault_ default_ init - Create and return a default Ockam Vault.
- ockam_
vault_ deinit - De-initialize an Ockam Vault.
- ockam_
vault_ ecdh - Perform an ECDH operation on the supplied Ockam Vault
secret
andpeer_publickey
. The result is an Ockam Vault secret of unknown type. - ockam_
vault_ ⚠free_ error - Safety
- ockam_
vault_ hkdf_ sha256 - Perform an HMAC-SHA256 based key derivation function on the supplied salt and input key material.
- ockam_
vault_ secret_ attributes_ get - Retrieve the attributes for a specified secret.
- ockam_
vault_ secret_ destroy - Delete an ockam vault secret.
- ockam_
vault_ secret_ export - Export a secret key with the specific handle to the
output_buffer
. - ockam_
vault_ secret_ generate - Generate a secret key with the specific attributes. Returns a handle for the secret.
- ockam_
vault_ secret_ import - Import a secret key with the specific handle and attributes.
- ockam_
vault_ secret_ publickey_ get - Get the public key, given a secret key, and copy it to the output buffer.
- ockam_
vault_ sha256 - Compute the SHA-256 hash on
input
and put the result indigest
.digest
must be 32 bytes in length.