Crate ockam_ffi

Source
Expand description

In order to support a variety of cryptographically capable hardware we maintain loose coupling between our protocols and how a specific building block is invoked in a specific hardware. This is achieved using an abstract Vault trait.

A concrete implementation of the Vault trait is called an Ockam Vault. Over time, and with help from the Ockam open source community, we plan to add vaults for several TEEs, TPMs, HSMs, and Secure Enclaves.

This crate provides the Vault FFI bindings following the “C” calling convention, and generates static and dynamic C linkable libraries.

Macros§

check_buffer
Safety macro which ensures a buffer is not null and not empty.

Structs§

FfiOckamError
Error type relating to FFI specific failures.

Enums§

FfiError
Represents the failures that can occur in an Ockam FFI Vault.

Functions§

ockam_vault_aead_aes_gcm_decrypt
Decrypt a payload using AES-GCM.
ockam_vault_aead_aes_gcm_encrypt
Encrypt a payload using AES-GCM.
ockam_vault_default_init
Create and return a default Ockam Vault.
ockam_vault_deinit
De-initialize an Ockam Vault.
ockam_vault_ecdh
Perform an ECDH operation on the supplied Ockam Vault secret and peer_publickey. The result is an Ockam Vault secret of unknown type.
ockam_vault_free_error
Safety
ockam_vault_hkdf_sha256
Perform an HMAC-SHA256 based key derivation function on the supplied salt and input key material.
ockam_vault_secret_attributes_get
Retrieve the attributes for a specified secret.
ockam_vault_secret_destroy
Delete an ockam vault secret.
ockam_vault_secret_export
Export a secret key with the specific handle to the output_buffer.
ockam_vault_secret_generate
Generate a secret key with the specific attributes. Returns a handle for the secret.
ockam_vault_secret_import
Import a secret key with the specific handle and attributes.
ockam_vault_secret_publickey_get
Get the public key, given a secret key, and copy it to the output buffer.
ockam_vault_sha256
Compute the SHA-256 hash on input and put the result in digest. digest must be 32 bytes in length.