Struct ockam::SoftwareVault

pub struct SoftwareVault { /* fields omitted */ }

Vault implementation that stores secrets in memory and uses software crypto.

Examples

use ockam_vault::SoftwareVault;
use ockam_core::Result;
use ockam_vault_core::{SecretAttributes, SecretType, SecretPersistence, CURVE25519_SECRET_LENGTH, SecretVault, Signer, Verifier};

async fn example() -> Result<()> {
    let mut vault = SoftwareVault::default();

    let mut attributes = SecretAttributes::new(
        SecretType::Curve25519,
        SecretPersistence::Ephemeral,
        CURVE25519_SECRET_LENGTH,
    );

    let secret = vault.secret_generate(attributes).await?;
    let public = vault.secret_public_key_get(&secret).await?;

    let data = "Very important stuff".as_bytes();

    let signature = vault.sign(&secret, data).await?;
    assert!(vault.verify(&signature, &public, data).await?);

    Ok(())
}

Implementations

impl SoftwareVault

pub fn check_secret(
    &mut self,
    secret: &[u8],
    attributes: &SecretAttributes
) -> Result<(), Error>

Validate secret key.

impl SoftwareVault

pub fn new() -> SoftwareVault

Create a new SoftwareVault

Trait Implementations

impl AsymmetricVault for SoftwareVault

pub fn ec_diffie_hellman<'life0, 'life1, 'life2, 'async_trait>(
    &'life0 mut self,
    context: &'life1 Secret,
    peer_public_key: &'life2 PublicKey
) -> Pin<Box<dyn Future<Output = Result<Secret, Error>> + Send + 'async_trait, Global>> where
    'life0: 'async_trait,
    'life1: 'async_trait,
    'life2: 'async_trait,
    SoftwareVault: 'async_trait, 

Compute Elliptic-Curve Diffie-Hellman using this secret key and the specified uncompressed public key

impl Debug for SoftwareVault

pub fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter.

impl Default for SoftwareVault

pub fn default() -> SoftwareVault

Returns the “default value” for a type.

impl Hasher for SoftwareVault

pub fn hkdf_sha256<'life0, 'life1, 'life2, 'life3, 'async_trait>(
    &'life0 mut self,
    salt: &'life1 Secret,
    info: &'life2 [u8],
    ikm: Option<&'life3 Secret>,
    output_attributes: Vec<SecretAttributes, Global>
) -> Pin<Box<dyn Future<Output = Result<Vec<Secret, Global>, Error>> + Send + 'async_trait, Global>> where
    'life0: 'async_trait,
    'life1: 'async_trait,
    'life2: 'async_trait,
    'life3: 'async_trait,
    SoftwareVault: 'async_trait, 

Compute sha256. Salt and Ikm should be of Buffer type. Output secrets should be only of type Buffer or AES

pub fn sha256<'life0, 'life1, 'async_trait>(
    &'life0 mut self,
    data: &'life1 [u8]
) -> Pin<Box<dyn Future<Output = Result<[u8; 32], Error>> + Send + 'async_trait, Global>> where
    'life0: 'async_trait,
    'life1: 'async_trait,
    SoftwareVault: 'async_trait, 

Compute the SHA-256 digest given input data

impl KeyIdVault for SoftwareVault

pub fn get_secret_by_key_id<'life0, 'life1, 'async_trait>(
    &'life0 mut self,
    key_id: &'life1 str
) -> Pin<Box<dyn Future<Output = Result<Secret, Error>> + Send + 'async_trait, Global>> where
    'life0: 'async_trait,
    'life1: 'async_trait,
    SoftwareVault: 'async_trait, 

Return Secret for given key id

pub fn compute_key_id_for_public_key<'life0, 'life1, 'async_trait>(
    &'life0 mut self,
    public_key: &'life1 PublicKey
) -> Pin<Box<dyn Future<Output = Result<String, Error>> + Send + 'async_trait, Global>> where
    'life0: 'async_trait,
    'life1: 'async_trait,
    SoftwareVault: 'async_trait, 

Return KeyId for given public key

impl SecretVault for SoftwareVault

pub fn secret_generate<'life0, 'async_trait>(
    &'life0 mut self,
    attributes: SecretAttributes
) -> Pin<Box<dyn Future<Output = Result<Secret, Error>> + Send + 'async_trait, Global>> where
    'life0: 'async_trait,
    SoftwareVault: 'async_trait, 

Generate fresh secret. Only Curve25519 and Buffer types are supported

pub fn secret_public_key_get<'life0, 'life1, 'async_trait>(
    &'life0 mut self,
    context: &'life1 Secret
) -> Pin<Box<dyn Future<Output = Result<PublicKey, Error>> + Send + 'async_trait, Global>> where
    'life0: 'async_trait,
    'life1: 'async_trait,
    SoftwareVault: 'async_trait, 

Extract public key from secret. Only Curve25519 type is supported

pub fn secret_destroy<'life0, 'async_trait>(
    &'life0 mut self,
    context: Secret
) -> Pin<Box<dyn Future<Output = Result<(), Error>> + Send + 'async_trait, Global>> where
    'life0: 'async_trait,
    SoftwareVault: 'async_trait, 

Remove secret from memory

pub fn secret_import<'life0, 'life1, 'async_trait>(
    &'life0 mut self,
    secret: &'life1 [u8],
    attributes: SecretAttributes
) -> Pin<Box<dyn Future<Output = Result<Secret, Error>> + Send + 'async_trait, Global>> where
    'life0: 'async_trait,
    'life1: 'async_trait,
    SoftwareVault: 'async_trait, 

Import a secret with given attributes from binary form into the vault

pub fn secret_export<'life0, 'life1, 'async_trait>(
    &'life0 mut self,
    context: &'life1 Secret
) -> Pin<Box<dyn Future<Output = Result<SecretKey, Error>> + Send + 'async_trait, Global>> where
    'life0: 'async_trait,
    'life1: 'async_trait,
    SoftwareVault: 'async_trait, 

Export a secret key to the binary form represented as SecretKey

pub fn secret_attributes_get<'life0, 'life1, 'async_trait>(
    &'life0 mut self,
    context: &'life1 Secret
) -> Pin<Box<dyn Future<Output = Result<SecretAttributes, Error>> + Send + 'async_trait, Global>> where
    'life0: 'async_trait,
    'life1: 'async_trait,
    SoftwareVault: 'async_trait, 

Get the attributes for a secret

impl Signer for SoftwareVault

pub fn sign<'life0, 'life1, 'life2, 'async_trait>(
    &'life0 mut self,
    secret_key: &'life1 Secret,
    data: &'life2 [u8]
) -> Pin<Box<dyn Future<Output = Result<Signature, Error>> + Send + 'async_trait, Global>> where
    'life0: 'async_trait,
    'life1: 'async_trait,
    'life2: 'async_trait,
    SoftwareVault: 'async_trait, 

Sign data with xeddsa algorithm. Only curve25519 is supported.

impl SymmetricVault for SoftwareVault

pub fn aead_aes_gcm_encrypt<'life0, 'life1, 'life2, 'life3, 'life4, 'async_trait>(
    &'life0 mut self,
    context: &'life1 Secret,
    plaintext: &'life2 [u8],
    nonce: &'life3 [u8],
    aad: &'life4 [u8]
) -> Pin<Box<dyn Future<Output = Result<Vec<u8, Global>, Error>> + Send + 'async_trait, Global>> where
    'life0: 'async_trait,
    'life1: 'async_trait,
    'life2: 'async_trait,
    'life3: 'async_trait,
    'life4: 'async_trait,
    SoftwareVault: 'async_trait, 

Encrypt a payload using AES-GCM

pub fn aead_aes_gcm_decrypt<'life0, 'life1, 'life2, 'life3, 'life4, 'async_trait>(
    &'life0 mut self,
    context: &'life1 Secret,
    cipher_text: &'life2 [u8],
    nonce: &'life3 [u8],
    aad: &'life4 [u8]
) -> Pin<Box<dyn Future<Output = Result<Vec<u8, Global>, Error>> + Send + 'async_trait, Global>> where
    'life0: 'async_trait,
    'life1: 'async_trait,
    'life2: 'async_trait,
    'life3: 'async_trait,
    'life4: 'async_trait,
    SoftwareVault: 'async_trait, 

Decrypt a payload using AES-GCM

impl Verifier for SoftwareVault

pub fn verify<'life0, 'life1, 'life2, 'life3, 'async_trait>(
    &'life0 mut self,
    signature: &'life1 Signature,
    public_key: &'life2 PublicKey,
    data: &'life3 [u8]
) -> Pin<Box<dyn Future<Output = Result<bool, Error>> + Send + 'async_trait, Global>> where
    'life0: 'async_trait,
    'life1: 'async_trait,
    'life2: 'async_trait,
    'life3: 'async_trait,
    SoftwareVault: 'async_trait, 

Verify signature with xeddsa algorithm. Only curve25519 is supported.