Module: wasiephemeralcrypto_kx
September 1, 2023 ยท View on GitHub
Table of contents
Types list:
[All] - [crypto_errno] - [keypair_encoding] - [publickey_encoding] - [secretkey_encoding] - [signature_encoding] - [algorithm_type] - [version] - [size] - [timestamp] - [u64] - [array_output] - [options] - [secrets_manager] - [keypair] - [signature_state] - [signature] - [publickey] - [secretkey] - [signature_verification_state] - [symmetric_state] - [symmetric_key] - [symmetric_tag] - [opt_options_u] - [opt_options] - [opt_symmetric_key_u] - [opt_symmetric_key] - [kx_keypair] - [kx_publickey] - [kx_secretkey]
Functions list:
[All] - [kx_dh()] - [kx_encapsulate()] - [kx_decapsulate()]
Types
crypto_errno
Enumeration with tag type: u16, and the following members:
success:crypto_errnoguest_error:crypto_errnonot_implemented:crypto_errnounsupported_feature:crypto_errnoprohibited_operation:crypto_errnounsupported_encoding:crypto_errnounsupported_algorithm:crypto_errnounsupported_option:crypto_errnoinvalid_key:crypto_errnoinvalid_length:crypto_errnoverification_failed:crypto_errnorng_error:crypto_errnoalgorithm_failure:crypto_errnoinvalid_signature:crypto_errnoclosed:crypto_errnoinvalid_handle:crypto_errnooverflow:crypto_errnointernal_error:crypto_errnotoo_many_handles:crypto_errnokey_not_supported:crypto_errnokey_required:crypto_errnoinvalid_tag:crypto_errnoinvalid_operation:crypto_errnononce_required:crypto_errnoinvalid_nonce:crypto_errnooption_not_set:crypto_errnonot_found:crypto_errnoparameters_missing:crypto_errnoin_progress:crypto_errnoincompatible_keys:crypto_errnoexpired:crypto_errno
Error codes.
keypair_encoding
Enumeration with tag type: u16, and the following members:
raw:keypair_encodingpkcs8:keypair_encodingpem:keypair_encodinglocal:keypair_encoding
Encoding to use for importing or exporting a key pair.
publickey_encoding
Enumeration with tag type: u16, and the following members:
raw:publickey_encodingpkcs8:publickey_encodingpem:publickey_encodingsec:publickey_encodinglocal:publickey_encoding
Encoding to use for importing or exporting a public key.
secretkey_encoding
Enumeration with tag type: u16, and the following members:
raw:secretkey_encodingpkcs8:secretkey_encodingpem:secretkey_encodingsec:secretkey_encodinglocal:secretkey_encoding
Encoding to use for importing or exporting a secret key.
signature_encoding
Enumeration with tag type: u16, and the following members:
raw:signature_encodingder:signature_encoding
Encoding to use for importing or exporting a signature.
algorithm_type
Enumeration with tag type: u16, and the following members:
signatures:algorithm_typesymmetric:algorithm_typekey_exchange:algorithm_type
An algorithm category.
version
Alias for u64.
Version of a managed key.
A version can be an arbitrary
u64integer, with the expection of some reserved values.
size
Alias for usize.
Size of a value.
timestamp
Alias for u64.
A UNIX timestamp, in seconds since 01/01/1970.
u64
Alias for u64.
A 64-bit value
array_output
Alias for handle.
Handle for functions returning output whose size may be large or not known in advance.
An
array_outputobject contains a host-allocated byte array.A guest can get the size of that array after a function returns in order to then allocate a buffer of the correct size. In addition, the content of such an object can be consumed by a guest in a streaming fashion.
An
array_outputhandle is automatically closed after its full content has been consumed.
options
Alias for handle.
A set of options.
This type is used to set non-default parameters.
The exact set of allowed options depends on the algorithm being used.
secrets_manager
Alias for handle.
A handle to the optional secrets management facilities offered by a host.
This is used to generate, retrieve and invalidate managed keys.
keypair
Alias for handle.
A key pair.
signature_state
Alias for handle.
A state to absorb data to be signed.
After a signature has been computed or verified, the state remains valid for further operations.
A subsequent signature would sign all the data accumulated since the creation of the state object.
signature
Alias for handle.
A signature.
publickey
Alias for handle.
A public key, for key exchange and signature verification.
secretkey
Alias for handle.
A secret key, for key exchange mechanisms.
signature_verification_state
Alias for handle.
A state to absorb signed data to be verified.
symmetric_state
Alias for handle.
A state to perform symmetric operations.
The state is not reset nor invalidated after an option has been performed. Incremental updates and sessions are thus supported.
symmetric_key
Alias for handle.
A symmetric key.
The key can be imported from raw bytes, or can be a reference to a managed key.
If it was imported, the host will wipe it from memory as soon as the handle is closed.
symmetric_tag
Alias for handle.
An authentication tag.
This is an object returned by functions computing authentication tags.
A tag can be compared against another tag (directly supplied as raw bytes) in constant time with the
symmetric_tag_verify()function.This object type can't be directly created from raw bytes. They are only returned by functions computing MACs.
The host is reponsible for securely wiping them from memory on close.
opt_options_u
Enumeration with tag type: u8, and the following members:
some:opt_options_unone:opt_options_u
Options index, only required by the Interface Types translation layer.
opt_options
Tagged union with tag type: u8 and the following possibilities:
some:optionsnone: (empty)
An optional options set.
This union simulates an
Option\<Options\>type to make theoptionsparameter of some functions optional.
opt_symmetric_key_u
Enumeration with tag type: u8, and the following members:
some:opt_symmetric_key_unone:opt_symmetric_key_u
Symmetric key index, only required by the Interface Types translation layer.
opt_symmetric_key
Tagged union with tag type: u8 and the following possibilities:
some:symmetric_keynone: (empty)
An optional symmetric key.
This union simulates an
Option\<SymmetricKey\>type to make thesymmetric_keyparameter of some functions optional.
kx_keypair
Alias for handle.
$kx_keypairis just an alias for$keypairHowever, bindings may want to define a specialized type
kx_keypairas a super class ofkeypair.
kx_publickey
Alias for handle.
$kx_publickeyis just an alias for$publickeyHowever, bindings may want to define a specialized type
kx_publickeyas a super class ofpublickey, with additional methods such asdh.
kx_secretkey
Alias for handle.
$kx_secretkeyis just an alias for$secretkeyHowever, bindings may want to define a specialized type
kx_secretkeyas a super class ofsecretkeykey, with additional methods such asdh.
Functions
kx_dh()
Returned error type: crypto_errno
Input:
Output:
array_outputmutable pointer
Perform a simple Diffie-Hellman key exchange.
Both keys must be of the same type, or else the
$crypto_errno.incompatible_keyserror is returned. The algorithm also has to support this kind of key exchange. If this is not the case, the$crypto_errno.invalid_operationerror is returned.Otherwide, a raw shared key is returned, and can be imported as a symmetric key.
kx_encapsulate()
Returned error type: crypto_errno
Input:
pk:publickey
Output:
array_outputmutable pointerarray_outputmutable pointer
Create a shared secret and encrypt it for the given public key.
This operation is only compatible with specific algorithms. If a selected algorithm doesn't support it,
$crypto_errno.invalid_operationis returned.On success, both the shared secret and its encrypted version are returned.
kx_decapsulate()
Returned error type: crypto_errno
Input:
Output:
array_outputmutable pointer
Decapsulate an encapsulated secret crated with
kx_encapsulateReturn the secret, or
$crypto_errno.verification_failedon error.