1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59

use ockam_core::compat::vec::Vec;

/// Implementation-specific arbitrary vector of bytes that allows a concrete Vault implementation
/// to address a specific secret that it stores.
#[derive(Debug, Clone, Ord, PartialOrd, Eq, PartialEq)]
pub struct HandleToSecret(Vec<u8>);

impl HandleToSecret {
    /// Constructor.
    pub fn new(value: Vec<u8>) -> Self {
        Self(value)
    }

    /// Get value.
    pub fn value(&self) -> &Vec<u8> {
        &self.0
    }

    /// Take value.
    pub fn take_value(self) -> Vec<u8> {
        self.0
    }
}

/// A handle to signing secret key inside a vault.
#[derive(Debug, Clone, Ord, PartialOrd, Eq, PartialEq)]
pub enum SigningSecretKeyHandle {
    /// Curve25519 key that is only used for EdDSA signatures.
    EdDSACurve25519(HandleToSecret),
    /// Curve P-256 key that is only used for ECDSA SHA256 signatures.
    ECDSASHA256CurveP256(HandleToSecret),
}

impl SigningSecretKeyHandle {
    /// [`HandleToSecret`]
    pub fn handle(&self) -> &HandleToSecret {
        match self {
            SigningSecretKeyHandle::EdDSACurve25519(handle) => handle,
            SigningSecretKeyHandle::ECDSASHA256CurveP256(handle) => handle,
        }
    }
}

/// Key type for Signing. See [`super::signatures::Signature`].
#[derive(Debug, Eq, PartialEq)]
pub enum SigningKeyType {
    /// See [`super::signatures::EdDSACurve25519Signature`]
    EdDSACurve25519,
    /// See [`super::signatures::ECDSASHA256CurveP256Signature`]
    ECDSASHA256CurveP256,
}

/// A handle to a X25519 Secret Key.
#[derive(Debug, Clone, Ord, PartialOrd, Eq, PartialEq)]
pub struct X25519SecretKeyHandle(pub HandleToSecret);

/// A handle to a secret Buffer (like an HKDF output).
#[derive(Debug, Clone, Ord, PartialOrd, Eq, PartialEq)]
pub struct SecretBufferHandle(pub HandleToSecret);