ockam_vault/
lib.rs

1//! In order to support a variety of cryptographically capable hardware we maintain loose coupling between
2//! our protocols and how a specific building block is invoked in a specific hardware.
3//! This is achieved using an abstract Vault trait.
4//!
5//! A concrete implementation of the Vault trait is called an Ockam Vault.
6//! Over time, and with help from the Ockam open source community, we plan to add vaults for
7//! several TEEs, TPMs, HSMs, and Secure Enclaves.
8//!
9//! This crate provides a software-only Vault implementation that can be used when no cryptographic
10//! hardware is available. The primary Ockam crate uses this as the default Vault implementation.
11//!
12//! The main [Ockam][main-ockam-crate-link] has optional dependency on this crate.
13#![deny(unsafe_code)]
14#![warn(
15    missing_docs,
16    trivial_casts,
17    trivial_numeric_casts,
18    unused_import_braces,
19    unused_qualifications
20)]
21#![cfg_attr(not(feature = "std"), no_std)]
22
23#[cfg(all(not(feature = "std"), not(feature = "alloc")))]
24compile_error!(r#"The "no_std" feature currently requires the "alloc" feature"#);
25
26#[cfg(feature = "std")]
27extern crate core;
28
29#[cfg(feature = "alloc")]
30extern crate alloc;
31
32/// Storage
33pub mod storage;
34
35/// Errors
36mod error;
37
38/// Traits
39mod traits;
40
41/// Software implementation of Vault traits
42mod software;
43
44/// Main vault types: PublicKey, Secret, SecretAttributes etc...
45mod types;
46
47pub use error::*;
48pub use software::*;
49pub use traits::*;
50pub use types::*;
51
52/// Feature set compatibility checks
53
54#[cfg(all(
55    feature = "disable_default_noise_protocol",
56    not(feature = "OCKAM_XX_25519_AES256_GCM_SHA256"),
57    not(feature = "OCKAM_XX_25519_ChaChaPolyBLAKE2s"),
58    not(feature = "OCKAM_XX_25519_AES128_GCM_SHA256")
59))]
60compile_error! {"NOISE protocol name not selected, please enable one of the following features: \"OCKAM_XX_25519_ChaChaPolyBLAKE2s\", \"OCKAM_XX_25519_AES128_GCM_SHA256\", \"OCKAM_XX_25519_AES256_GCM_SHA256\""}
61
62#[cfg(all(
63    not(feature = "disable_default_noise_protocol"),
64    any(
65        feature = "OCKAM_XX_25519_AES256_GCM_SHA256",
66        feature = "OCKAM_XX_25519_ChaChaPolyBLAKE2s",
67        feature = "OCKAM_XX_25519_AES128_GCM_SHA256"
68    )
69))]
70compile_error! {"please enable disable_default_noise_protocol feature to customize Noise protocol"}
71
72#[cfg(all(
73    feature = "OCKAM_XX_25519_AES256_GCM_SHA256",
74    any(
75        feature = "OCKAM_XX_25519_ChaChaPolyBLAKE2s",
76        feature = "OCKAM_XX_25519_AES128_GCM_SHA256"
77    )
78))]
79compile_error! {"only one protocol can be selected"}
80
81#[cfg(all(
82    feature = "OCKAM_XX_25519_AES128_GCM_SHA256",
83    any(
84        feature = "OCKAM_XX_25519_ChaChaPolyBLAKE2s",
85        feature = "OCKAM_XX_25519_AES256_GCM_SHA256"
86    )
87))]
88compile_error! {"only one protocol can be selected"}
89
90#[cfg(all(
91    feature = "OCKAM_XX_25519_ChaChaPolyBLAKE2s",
92    any(
93        feature = "OCKAM_XX_25519_AES128_GCM_SHA256",
94        feature = "OCKAM_XX_25519_AES256_GCM_SHA256"
95    )
96))]
97compile_error! {"only one protocol can be selected"}
98
99#[cfg(feature = "OCKAM_XX_25519_ChaChaPolyBLAKE2s")]
100compile_error! {"OCKAM_XX_25519_ChaChaPolyBLAKE2s is not supported yet"}
101
102#[cfg(feature = "OCKAM_XX_25519_AES128_GCM_SHA256")]
103compile_error! {"OCKAM_XX_25519_AES128_GCM_SHA256 is not supported yet"}