build-trust · etorreborre · Feb 1, 2023 · Feb 1, 2023 · Feb 1, 2023
@@ -7,7 +7,7 @@ use minicbor::{Decoder, Encode};
 use models::*;
 use ockam_core::api::{Error, Id, Method, Request, Response, Status};
 use ockam_core::vault::{
-    AsymmetricVault, Hasher, KeyId, SecretVault, Signature, Signer, SymmetricVault, Verifier,
+    AsymmetricVault, Hasher, KeyId, KeyVault, Signature, Signer, SymmetricVault, Verifier,
 };
 use ockam_core::CowStr;
 use ockam_core::{Result, Routed, Worker};
@@ -114,13 +114,13 @@ impl VaultService {
 
                     match args.operation() {
                         GetSecretRequestOperation::GetAttributes => {
-                            let resp = self.vault.secret_attributes_get(&key_id).await?;
+                            let resp = self.vault.get_key_attributes(&key_id).await?;
                             let body = GetSecretAttributesResponse::new(resp);
 
                             Self::ok_response(req, Some(body), enc)
                         }
                         GetSecretRequestOperation::GetSecretBytes => {
-                            let resp = self.vault.secret_export(&key_id).await?;
+                            let resp = self.vault.export_key(&key_id).await?;
                             let body = ExportSecretResponse::new(resp);
 
                             Self::ok_response(req, Some(body), enc)
@@ -130,7 +130,7 @@ impl VaultService {
                 ["secrets", key_id, "public_key"] => {
                     let key_id: KeyId = key_id.to_string();
 
-                    let public_key = self.vault.secret_public_key_get(&key_id).await?;
+                    let public_key = self.vault.get_public_key(&key_id).await?;
                     let body = PublicKeyResponse::new(public_key);
 
                     Self::ok_response(req, Some(body), enc)
@@ -148,8 +148,8 @@ impl VaultService {
                     let attributes = *args.attributes();
 
                     let key_id = match args.into_secret() {
-                        Some(secret) => self.vault.secret_import(secret, attributes).await?,
-                        None => self.vault.secret_generate(attributes).await?,
+                        Some(secret) => self.vault.import_key(secret, attributes).await?,
+                        None => self.vault.generate_key(attributes).await?,
                     };
 
                     let body = CreateSecretResponse::new(key_id);
@@ -294,7 +294,7 @@ impl VaultService {
                 ["secrets", key_id] => {
                     let key_id: KeyId = key_id.to_string();
 
-                    self.vault.secret_destroy(key_id).await?;
+                    self.vault.destroy_key(key_id).await?;
 
                     #[allow(unused_qualifications)]
                     Self::ok_response(req, Option::<()>::None, enc)

@@ -1,7 +1,7 @@
 use minicbor::{Decode, Encode};
 use ockam_core::{CowBytes, CowStr};
 
-use ockam_core::vault::SecretAttributes;
+use ockam_core::vault::KeyAttributes;
 #[cfg(feature = "tag")]
 use ockam_core::TypeTag;
 
@@ -37,15 +37,15 @@ pub struct HkdfSha256Request<'a> {
     #[b(2)] info: CowBytes<'a>,
     #[b(3)] ikm: Option<CowStr<'a>>,
     // TODO: Can be tinyvec
-    #[n(4)] output_attributes: Vec<SecretAttributes>,
+    #[n(4)] output_attributes: Vec<KeyAttributes>,
 }
 
 impl<'a> HkdfSha256Request<'a> {
     pub fn new(
         salt: impl Into<CowStr<'a>>,
         info: impl Into<CowBytes<'a>>,
         ikm: Option<impl Into<CowStr<'a>>>,
-        output_attributes: impl Into<Vec<SecretAttributes>>,
+        output_attributes: impl Into<Vec<KeyAttributes>>,
     ) -> Self {
         Self {
             #[cfg(feature = "tag")]
@@ -65,7 +65,7 @@ impl<'a> HkdfSha256Request<'a> {
     pub fn ikm(&self) -> Option<&str> {
         self.ikm.as_deref()
     }
-    pub fn output_attributes(&self) -> &[SecretAttributes] {
+    pub fn output_attributes(&self) -> &[KeyAttributes] {
         &self.output_attributes
     }
 }
@@ -1,6 +1,6 @@
 use minicbor::{Decode, Encode};
-use ockam::vault::Secret;
-use ockam_core::vault::SecretAttributes;
+use ockam::vault::Key;
+use ockam_core::vault::KeyAttributes;
 
 #[cfg(feature = "tag")]
 use ockam_core::TypeTag;
@@ -11,25 +11,25 @@ use ockam_core::TypeTag;
 pub struct CreateSecretRequest {
     #[cfg(feature = "tag")]
     #[n(0)] tag: TypeTag<8005583>,
-    #[n(1)] attributes: SecretAttributes,
-    #[n(2)] secret: Option<Secret>,
+    #[n(1)] attributes: KeyAttributes,
+    #[n(2)] secret: Option<Key>,
 }
 
 impl CreateSecretRequest {
     /// Path to the main storage file
-    pub fn attributes(&self) -> &SecretAttributes {
+    pub fn attributes(&self) -> &KeyAttributes {
         &self.attributes
     }
 
-    pub fn secret(&self) -> Option<&Secret> {
+    pub fn secret(&self) -> Option<&Key> {
         self.secret.as_ref()
     }
 
-    pub fn into_secret(self) -> Option<Secret> {
+    pub fn into_secret(self) -> Option<Key> {
         self.secret
     }
 
-    pub fn new_generate(attributes: SecretAttributes) -> Self {
+    pub fn new_generate(attributes: KeyAttributes) -> Self {
         Self {
             #[cfg(feature = "tag")]
             tag: TypeTag,
@@ -38,7 +38,7 @@ impl CreateSecretRequest {
         }
     }
 
-    pub fn new_import(attributes: SecretAttributes, secret: Secret) -> Self {
+    pub fn new_import(attributes: KeyAttributes, secret: Key) -> Self {
         Self {
             #[cfg(feature = "tag")]
             tag: TypeTag,

@@ -1,6 +1,6 @@
 use minicbor::{Decode, Encode};
-use ockam::vault::Secret;
-use ockam_core::vault::{PublicKey, SecretAttributes};
+use ockam::vault::Key;
+use ockam_core::vault::{KeyAttributes, PublicKey};
 use ockam_core::CowStr;
 
 #[cfg(feature = "tag")]
@@ -35,15 +35,15 @@ impl<'a> CreateSecretResponse<'a> {
 pub struct ExportSecretResponse {
     #[cfg(feature = "tag")]
     #[n(0)] tag: TypeTag<9094765>,
-    #[n(1)] secret: Secret
+    #[n(1)] secret: Key
 }
 
 impl ExportSecretResponse {
-    pub fn secret(&self) -> &Secret {
+    pub fn secret(&self) -> &Key {
         &self.secret
     }
 
-    pub fn new(secret: Secret) -> Self {
+    pub fn new(secret: Key) -> Self {
         Self {
             #[cfg(feature = "tag")]
             tag: TypeTag,
@@ -58,14 +58,14 @@ impl ExportSecretResponse {
 pub struct GetSecretAttributesResponse {
     #[cfg(feature = "tag")]
     #[n(0)] tag: TypeTag<9257276>,
-    #[b(1)] attributes: SecretAttributes,
+    #[b(1)] attributes: KeyAttributes,
 }
 
 impl GetSecretAttributesResponse {
-    pub fn attributes(&self) -> &SecretAttributes {
+    pub fn attributes(&self) -> &KeyAttributes {
         &self.attributes
     }
-    pub fn new(attributes: SecretAttributes) -> Self {
+    pub fn new(attributes: KeyAttributes) -> Self {
         Self {
             #[cfg(feature = "tag")]
             tag: TypeTag,

@@ -5,7 +5,7 @@ use ockam_api::vault::models::{
 };
 use ockam_api::vault::VaultService;
 use ockam_core::api::{Request, Response, Status};
-use ockam_core::vault::{SecretAttributes, SecretPersistence, SecretType};
+use ockam_core::vault::{KeyAttributes, KeyPersistence, KeyType};
 use ockam_core::{route, AllowAll, Result};
 use ockam_node::Context;
 use ockam_vault::Vault;
@@ -19,9 +19,9 @@ async fn full_flow(ctx: &mut Context) -> Result<()> {
         .await?;
 
     // Generate Ed25519 Key
-    let body = CreateSecretRequest::new_generate(SecretAttributes::new(
-        SecretType::Ed25519,
-        SecretPersistence::Ephemeral,
+    let body = CreateSecretRequest::new_generate(KeyAttributes::new(
+        KeyType::Ed25519,
+        KeyPersistence::Ephemeral,
         0,
     ));
 

@@ -4,8 +4,8 @@ use anyhow::anyhow;
 use clap::{Args, Subcommand};
 use ockam::Context;
 use ockam_api::cli_state;
-use ockam_core::vault::{Secret, SecretAttributes, SecretPersistence, SecretType, SecretVault};
-use ockam_identity::{Identity, IdentityStateConst, KeyAttributes};
+use ockam_core::vault::{Key, KeyAttributes, KeyPersistence, KeyType, KeyVault};
+use ockam_identity::{Identity, IdentityStateConst};
 use rand::prelude::random;
 use std::path::PathBuf;
 
@@ -91,15 +91,14 @@ async fn run_impl(ctx: Context, (opts, cmd): (CommandGlobalOpts, VaultCommand))
             }
             let v = v_config.get().await?;
             let idt = {
-                let attrs =
-                    SecretAttributes::new(SecretType::NistP256, SecretPersistence::Persistent, 32);
-                let kid = v.secret_import(Secret::Aws(key_id), attrs).await?;
-                let attrs = KeyAttributes::new(IdentityStateConst::ROOT_LABEL.to_string(), attrs);
+                let attrs = KeyAttributes::new(KeyType::NistP256, KeyPersistence::Persistent, 32);
+                let kid = v.import_key(Key::Aws(key_id), attrs).await?;
                 Identity::create_with_external_key_ext(
                     &ctx,
                     &opts.state.identities.authenticated_storage().await?,
                     &v,
                     &kid,
+                    IdentityStateConst::ROOT_LABEL.to_string(),
                     attrs,
                 )
                 .await?

@@ -1,4 +1,4 @@
-use crate::vault::{KeyId, SecretAttributes, SmallBuffer};
+use crate::vault::{KeyAttributes, KeyId, SmallBuffer};
 use crate::Result;
 use crate::{async_trait, compat::boxed::Box};
 
@@ -15,6 +15,6 @@ pub trait Hasher {
         salt: &KeyId,
         info: &[u8],
         ikm: Option<&KeyId>,
-        output_attributes: SmallBuffer<SecretAttributes>,
+        output_attributes: SmallBuffer<KeyAttributes>,
     ) -> Result<SmallBuffer<KeyId>>;
 }
@@ -1,27 +1,27 @@
-use crate::vault::{KeyId, PublicKey, SecretAttributes};
+use crate::vault::{KeyAttributes, KeyId, PublicKey};
 use crate::Result;
 use crate::{async_trait, compat::boxed::Box};
 
-use super::Secret;
+use super::Key;
 
 /// Defines the `Secret` management interface for Ockam Vaults.
 ///
 /// # Examples
 ///
-/// See `ockam_vault::SoftwareVault` for a usage example.
+/// See `ockam_vault::Vault` for a usage example.
 ///
 #[async_trait]
-pub trait SecretVault {
-    /// Generate a fresh secret with the given attributes.
-    async fn secret_generate(&self, attributes: SecretAttributes) -> Result<KeyId>;
-    /// Import a secret with the given attributes from binary form into the vault.
-    async fn secret_import(&self, secret: Secret, attributes: SecretAttributes) -> Result<KeyId>;
-    /// Export a secret key to the binary form represented as [`SecretKey`].
-    async fn secret_export(&self, key_id: &KeyId) -> Result<Secret>;
-    /// Return the attributes for a secret.
-    async fn secret_attributes_get(&self, key_id: &KeyId) -> Result<SecretAttributes>;
+pub trait KeyVault {
+    /// Generate a fresh key with the given attributes.
+    async fn generate_key(&self, attributes: KeyAttributes) -> Result<KeyId>;
+    /// Import a key with the given attributes from binary form into the vault.
+    async fn import_key(&self, secret: Key, attributes: KeyAttributes) -> Result<KeyId>;
+    /// Export a key to the binary form represented as [`SecretKey`].
+    async fn export_key(&self, key_id: &KeyId) -> Result<Key>;
+    /// Return the attributes for a key.
+    async fn get_key_attributes(&self, key_id: &KeyId) -> Result<KeyAttributes>;
     /// Return the associated public key given the secret key.
-    async fn secret_public_key_get(&self, key_id: &KeyId) -> Result<PublicKey>;
-    /// Remove a secret from the vault.
-    async fn secret_destroy(&self, key_id: KeyId) -> Result<()>;
+    async fn get_public_key(&self, key_id: &KeyId) -> Result<PublicKey>;
+    /// Remove a key from the vault.
+    async fn destroy_key(&self, key_id: KeyId) -> Result<()>;
 }
@@ -1,18 +1,17 @@
 use crate::vault::{
-    AsymmetricVault, SecretAttributes, SecretPersistence, SecretType, SecretVault,
-    CURVE25519_SECRET_LENGTH_U32,
+    AsymmetricVault, KeyAttributes, KeyPersistence, KeyType, KeyVault, CURVE25519_SECRET_LENGTH_U32,
 };
 
-pub async fn ec_diffie_hellman_curve25519(vault: &mut (impl AsymmetricVault + SecretVault)) {
-    let attributes = SecretAttributes::new(
-        SecretType::X25519,
-        SecretPersistence::Ephemeral,
+pub async fn ec_diffie_hellman_curve25519(vault: &mut (impl AsymmetricVault + KeyVault)) {
+    let attributes = KeyAttributes::new(
+        KeyType::X25519,
+        KeyPersistence::Ephemeral,
         CURVE25519_SECRET_LENGTH_U32,
     );
-    let sk_ctx_1 = vault.secret_generate(attributes).await.unwrap();
-    let sk_ctx_2 = vault.secret_generate(attributes).await.unwrap();
-    let pk_1 = vault.secret_public_key_get(&sk_ctx_1).await.unwrap();
-    let pk_2 = vault.secret_public_key_get(&sk_ctx_2).await.unwrap();
+    let sk_ctx_1 = vault.generate_key(attributes).await.unwrap();
+    let sk_ctx_2 = vault.generate_key(attributes).await.unwrap();
+    let pk_1 = vault.get_public_key(&sk_ctx_1).await.unwrap();
+    let pk_2 = vault.get_public_key(&sk_ctx_2).await.unwrap();
 
     let res1 = vault.ec_diffie_hellman(&sk_ctx_1, &pk_2).await;
     assert!(res1.is_ok());

@@ -1,6 +1,4 @@
-use crate::vault::{
-    Hasher, Secret, SecretAttributes, SecretKey, SecretPersistence, SecretType, SecretVault,
-};
+use crate::vault::{Hasher, Key, KeyAttributes, KeyPersistence, KeyType, KeyVault, PrivateKey};
 use hex::encode;
 
 pub async fn sha256(vault: &mut impl Hasher) {
@@ -13,38 +11,38 @@ pub async fn sha256(vault: &mut impl Hasher) {
     );
 }
 
-pub async fn hkdf(vault: &mut (impl Hasher + SecretVault)) {
+pub async fn hkdf(vault: &mut (impl Hasher + KeyVault)) {
     let salt_value = b"hkdf_test";
-    let attributes = SecretAttributes::new(
-        SecretType::Buffer,
-        crate::vault::SecretPersistence::Ephemeral,
+    let attributes = KeyAttributes::new(
+        KeyType::Buffer,
+        crate::vault::KeyPersistence::Ephemeral,
         salt_value.len() as u32,
     );
     let salt = vault
-        .secret_import(Secret::Key(SecretKey::new(salt_value.to_vec())), attributes)
+        .import_key(Key::Key(PrivateKey::new(salt_value.to_vec())), attributes)
         .await
         .unwrap();
 
     let ikm_value = b"a";
-    let attributes = SecretAttributes::new(
-        SecretType::Buffer,
-        SecretPersistence::Ephemeral,
+    let attributes = KeyAttributes::new(
+        KeyType::Buffer,
+        KeyPersistence::Ephemeral,
         ikm_value.len() as u32,
     );
     let ikm = vault
-        .secret_import(Secret::Key(SecretKey::new(ikm_value.to_vec())), attributes)
+        .import_key(Key::Key(PrivateKey::new(ikm_value.to_vec())), attributes)
         .await
         .unwrap();
 
-    let attributes = SecretAttributes::new(SecretType::Buffer, SecretPersistence::Ephemeral, 24u32);
+    let attributes = KeyAttributes::new(KeyType::Buffer, KeyPersistence::Ephemeral, 24u32);
 
     let res = vault
         .hkdf_sha256(&salt, b"", Some(&ikm), vec![attributes])
         .await;
     assert!(res.is_ok());
     let digest = res.unwrap();
     assert_eq!(digest.len(), 1);
-    let digest = vault.secret_export(&digest[0]).await.unwrap();
+    let digest = vault.export_key(&digest[0]).await.unwrap();
     assert_eq!(
         encode(digest.cast_as_key().as_ref()),
         "921ab9f260544b71941dbac2ca2d42c417aa07b53e055a8f"