Crate crypto_wasi 

crypto-wasi is subset of apis of nodejs’s crypto module for wasm32-wasi, implemented in rust, powered by WASI Cryptography APIs. This library is developed and tested over WasmEdge runtime

Note: The api of this library is not completely consistent with the api of nodejs.

Currently Subset Implemented

• [Hash] (sha256, sha512, sha512-256)
• Hmac (sha256, sha512)
• hkdf (sha256, sha512)
• pbkdf2 (sha256, sha512)
• scrypt
• Cipheriv & Decipheriv (aes-128-gcm, aes-256-gcm, chacha20-poly1305)
• generate_key_pair (rsa-[2048, 3072, 4096], rsa-pss-[2048, 3072, 4096], ecdsa-[prime256v1, secp256k1, secp384r1], ed25519, x25519)
• KeyObject (PublicKey & PrivateKey)
• sign & verify
• diffie_hellman

Working In Process

• create_public_key & create_private_key
• ECDH (you can use generate_key_pair and diffie_hellman as alternatives)

Not Implemented

• createCipher & createDecipher: This function is semantically insecure for all supported ciphers and fatally flawed for ciphers in counter mode (such as CTR, GCM, or CCM).
• generateKey & createSecretKey: In nodejs, SecretKey is just store the raw key data. In wasi-crypto, SymmetricKey is equivalent to SecretKey, which is also just store the raw key data in WasmEdge’s implementation. But in wasi-crypto, each key is required to be bound to a kind of algorithms, which cause some complications when managing keys and reusing keys. So we’re not going to implement SecretKey.

Known Issues:

• ECDSA_P384_SHA384 key export as Jwk: elliptic curve routines:ec_GFp_simple_point2oct:buffer too small
• ECDSA_P384_SHA384 in sign & verify use sha256 as digest actually

Modules

raw

Low-level binding to wasi-crypto

utils

Some helpful tools and simpified api

Structs

Cipheriv

Equivalent to crypto.Cipheriv

Decipheriv

Equivalent to crypto.Decipheriv

Hash

Equivalent to crypto.Hash

Hmac

Equivalent to crypto.Hmac

PrivateKey

crypto.KeyObject for private (asymmetric) keys

PublicKey

crypto.KeyObject for public (asymmetric) keys

Enums

KeyEncodingFormat

Setting encoding format for export PublicKey and PrivateKey

PrivateKeyEncodingType

Setting encoding type for export PrivateKey

PublicKeyEncodingType

Setting encoding type for export PublicKey

Functions

create_hash

Creates and returns a Hash object that can be used to generate hash digests using the given algorithm.

create_hmac

Creates and returns an Hmac object that uses the given algorithm and key.

diffie_hellman

generate_key_pair

Generates a new asymmetric key pair of the given algorithm

hkdf

HKDF is a simple key derivation function defined in RFC 5869.

hkdf_hmac

As same as hkdf, but use hmac to manual expand

pbkdf2

Password-Based Key Derivation Function 2 (PBKDF2) implementation.

scrypt

Provides a synchronous scrypt implementation.

sign

verify

Type Aliases

CryptoErrno