Module crypto_wasi::raw

Low-level binding to wasi-crypto

Modules

• wasi_ephemeral_crypto_asymmetric_common
• wasi_ephemeral_crypto_common
• wasi_ephemeral_crypto_kx
• wasi_ephemeral_crypto_signatures
• wasi_ephemeral_crypto_symmetric

Structs

• AlgorithmType
• CryptoErrno
• KeypairEncoding
• OptOptions
• OptOptionsU
• OptSymmetricKey
• OptSymmetricKeyU
• PublickeyEncoding
• SecretkeyEncoding
• SignatureEncoding

Constants

• ALGORITHM_TYPE_KEY_EXCHANGE
• ALGORITHM_TYPE_SIGNATURES
• ALGORITHM_TYPE_SYMMETRIC
• CRYPTO_ERRNO_ALGORITHM_FAILURE
  An error was returned by the underlying cryptography library.
• CRYPTO_ERRNO_CLOSED
  An attempt was made to close a handle that was already closed.
• CRYPTO_ERRNO_EXPIRED
  A managed key or secret expired and cannot be used any more.
• CRYPTO_ERRNO_GUEST_ERROR
  An error occurred when trying to during a conversion from a host type to a guest type.
• CRYPTO_ERRNO_INCOMPATIBLE_KEYS
  Multiple keys have been provided, but they do not share the same type.
• CRYPTO_ERRNO_INTERNAL_ERROR
  An internal error occurred.
• CRYPTO_ERRNO_INVALID_HANDLE
  A function was called with an unassigned handle, a closed handle, or handle of an unexpected type.
• CRYPTO_ERRNO_INVALID_KEY
  An invalid or incompatible key was supplied.
• CRYPTO_ERRNO_INVALID_LENGTH
  The currently selected algorithm doesn’t support the requested output length.
• CRYPTO_ERRNO_INVALID_NONCE
  The provided nonce doesn’t have a correct size for the given cipher.
• CRYPTO_ERRNO_INVALID_OPERATION
  The requested operation is incompatible with the current scheme.
• CRYPTO_ERRNO_INVALID_SIGNATURE
  The supplied signature is invalid, or incompatible with the chosen algorithm.
• CRYPTO_ERRNO_INVALID_TAG
  The provided authentication tag is invalid or incompatible with the current algorithm.
• CRYPTO_ERRNO_IN_PROGRESS
  A requested computation is not done yet, and additional calls to the function are required.
• CRYPTO_ERRNO_KEY_NOT_SUPPORTED
  A key was provided, but the chosen algorithm doesn’t support keys.
• CRYPTO_ERRNO_KEY_REQUIRED
  A key is required for the chosen algorithm, but none was given.
• CRYPTO_ERRNO_NONCE_REQUIRED
  A nonce is required.
• CRYPTO_ERRNO_NOT_FOUND
  A key or key pair matching the requested identifier cannot be found using the supplied information.
• CRYPTO_ERRNO_NOT_IMPLEMENTED
  The requested operation is valid, but not implemented by the host.
• CRYPTO_ERRNO_OPTION_NOT_SET
  The named option was not set.
• CRYPTO_ERRNO_OVERFLOW
  The host needs to copy data to a guest-allocated buffer, but that buffer is too small.
• CRYPTO_ERRNO_PARAMETERS_MISSING
  The algorithm requires parameters that haven’t been set.
• CRYPTO_ERRNO_PROHIBITED_OPERATION
  The requested operation is valid, but was administratively prohibited.
• CRYPTO_ERRNO_RNG_ERROR
  A secure random numbers generator is not available.
• CRYPTO_ERRNO_SUCCESS
  Operation succeeded.
• CRYPTO_ERRNO_TOO_MANY_HANDLES
  Too many handles are currently open, and a new one cannot be created.
• CRYPTO_ERRNO_UNSUPPORTED_ALGORITHM
  The requested algorithm is not supported by the host.
• CRYPTO_ERRNO_UNSUPPORTED_ENCODING
  Unsupported encoding for an import or export operation.
• CRYPTO_ERRNO_UNSUPPORTED_FEATURE
  The requested feature is not supported by the chosen algorithm.
• CRYPTO_ERRNO_UNSUPPORTED_OPTION
  The requested option is not supported by the currently selected algorithm.
• CRYPTO_ERRNO_VERIFICATION_FAILED
  A signature or authentication tag verification failed.
• KEYPAIR_ENCODING_LOCAL
  Implementation-defined encoding.
• KEYPAIR_ENCODING_PEM
  PEM encoding.
• KEYPAIR_ENCODING_PKCS8
  PCSK8/DER encoding.
• KEYPAIR_ENCODING_RAW
  Raw bytes.
• OPT_OPTIONS_U_NONE
• OPT_OPTIONS_U_SOME
• OPT_SYMMETRIC_KEY_U_NONE
• OPT_SYMMETRIC_KEY_U_SOME
• PUBLICKEY_ENCODING_LOCAL
  Implementation-defined encoding.
• PUBLICKEY_ENCODING_PEM
  PEM encoding.
• PUBLICKEY_ENCODING_PKCS8
  PKCS8/DER encoding.
• PUBLICKEY_ENCODING_RAW
  Raw bytes.
• PUBLICKEY_ENCODING_SEC
  SEC-1 encoding.
• SECRETKEY_ENCODING_LOCAL
  Implementation-defined encoding.
• SECRETKEY_ENCODING_PEM
  PEM encoding.
• SECRETKEY_ENCODING_PKCS8
  PKCS8/DER encoding.
• SECRETKEY_ENCODING_RAW
  Raw bytes.
• SECRETKEY_ENCODING_SEC
  SEC-1 encoding.
• SIGNATURE_ENCODING_DER
  DER encoding.
• SIGNATURE_ENCODING_RAW
  Raw bytes.
• VERSION_ALL
• VERSION_LATEST
• VERSION_UNSPECIFIED

Functions

• array_output_len^⚠
  Return the length of an array_output object.
• array_output_pull^⚠
  Copy the content of an array_output object into an application-allocated buffer.
• keypair_close^⚠
  Destroy a key pair.
• keypair_export^⚠
  Export a key pair as the given encoding format.
• keypair_from_id^⚠
  (optional) Return a managed key pair from a key identifier.
• keypair_from_pk_and_sk^⚠
  Create a key pair from a public key and a secret key.
• keypair_generate^⚠
  Generate a new key pair.
• keypair_generate_managed^⚠
  (optional) Generate a new managed key pair.
• keypair_id^⚠
  (optional) Return the key pair identifier and version of a managed key pair.
• keypair_import^⚠
  Import a key pair.
• keypair_publickey^⚠
  Get the public key of a key pair.
• keypair_replace_managed^⚠
  (optional) Replace a managed key pair.
• keypair_secretkey^⚠
  Get the secret key of a key pair.
• keypair_store_managed^⚠
  (optional) Store a key pair into the secrets manager.
• kx_decapsulate^⚠
  Decapsulate an encapsulated secret crated with kx_encapsulate
• kx_dh^⚠
  Perform a simple Diffie-Hellman key exchange.
• kx_encapsulate^⚠
  Create a shared secret and encrypt it for the given public key.
• options_close^⚠
  Destroy an options object.
• options_open^⚠
  Create a new object to set non-default options.
• options_set^⚠
  Set or update an option.
• options_set_guest_buffer^⚠
  Set or update a guest-allocated memory that the host can use or return data into.
• options_set_u64^⚠
  Set or update an integer option.
• publickey_close^⚠
  Destroy a public key.
• publickey_export^⚠
  Export a public key as the given encoding format.
• publickey_from_secretkey^⚠
  Compute the public key for a secret key.
• publickey_import^⚠
  Import a public key.
• publickey_verify^⚠
  Check that a public key is valid and in canonical form.
• secretkey_close^⚠
  Destroy a secret key.
• secretkey_export^⚠
  Export a secret key as the given encoding format.
• secretkey_import^⚠
  Import a secret key.
• secrets_manager_close^⚠
  (optional) Destroy a secrets manager context.
• secrets_manager_invalidate^⚠
  (optional) Invalidate a managed key or key pair given an identifier and a version.
• secrets_manager_open^⚠
  (optional) Create a context to use a secrets manager.
• signature_close^⚠
  Destroy a signature.
• signature_export^⚠
  Export a signature.
• signature_import^⚠
  Create a signature object.
• signature_state_close^⚠
  Destroy a signature state.
• signature_state_open^⚠
  Create a new state to collect data to compute a signature on.
• signature_state_sign^⚠
  Compute a signature for all the data collected up to that point.
• signature_state_update^⚠
  Absorb data into the signature state.
• signature_verification_state_close^⚠
  Destroy a signature verification state.
• signature_verification_state_open^⚠
  Create a new state to collect data to verify a signature on.
• signature_verification_state_update^⚠
  Absorb data into the signature verification state.
• signature_verification_state_verify^⚠
  Check that the given signature is verifies for the data collected up to that point point.
• symmetric_key_close^⚠
  Destroy a symmetric key.
• symmetric_key_export^⚠
  Export a symmetric key as raw material.
• symmetric_key_from_id^⚠
  (optional) Return a managed symmetric key from a key identifier.
• symmetric_key_generate^⚠
  Generate a new symmetric key for a given algorithm.
• symmetric_key_generate_managed^⚠
  (optional) Generate a new managed symmetric key.
• symmetric_key_id^⚠
  (optional) Return the key identifier and version of a managed symmetric key.
• symmetric_key_import^⚠
  Create a symmetric key from raw material.
• symmetric_key_replace_managed^⚠
  (optional) Replace a managed symmetric key.
• symmetric_key_store_managed^⚠
  (optional) Store a symmetric key into the secrets manager.
• symmetric_state_absorb^⚠
  Absorb data into the state.
• symmetric_state_clone^⚠
  Clone a symmetric state.
• symmetric_state_close^⚠
  Destroy a symmetric state.
• symmetric_state_decrypt^⚠
  Stream cipher: adds the input to the stream cipher output. out_len and data_len can be equal, as no authentication tags will be added.AEAD: decrypts data into out. Additional data must have been previously absorbed using symmetric_state_absorb().SHOE, Xoodyak, Strobe: decrypts data, squeezes a tag and verify that it matches the one that was appended to the ciphertext.
• symmetric_state_decrypt_detached^⚠
  Stream cipher: returns invalid_operation since stream ciphers do not include authentication tags.AEAD: decrypts data into out. Additional data must have been previously absorbed using symmetric_state_absorb().SHOE, Xoodyak, Strobe: decrypts data, squeezes a tag and verify that it matches the expected one.
• symmetric_state_encrypt^⚠
  Encrypt data with an attached tag.
• symmetric_state_encrypt_detached^⚠
  Encrypt data, with a detached tag.
• symmetric_state_max_tag_len^⚠
  Return the maximum length of an authentication tag for the current algorithm.
• symmetric_state_open^⚠
  Create a new state to aborb and produce data using symmetric operations.
• symmetric_state_options_get^⚠
  Retrieve a parameter from the current state.
• symmetric_state_options_get_u64^⚠
  Retrieve an integer parameter from the current state.
• symmetric_state_ratchet^⚠
  Make it impossible to recover the previous state.
• symmetric_state_squeeze^⚠
  Squeeze bytes from the state.
• symmetric_state_squeeze_key^⚠
  Use the current state to produce a key for a target algorithm.
• symmetric_state_squeeze_tag^⚠
  Compute and return a tag for all the data injected into the state so far.
• symmetric_tag_close^⚠
  Explicitly destroy an unused authentication tag.
• symmetric_tag_len^⚠
  Return the length of an authentication tag.
• symmetric_tag_pull^⚠
  Copy an authentication tag into a guest-allocated buffer.
• symmetric_tag_verify^⚠
  Verify that a computed authentication tag matches the expected value, in constant-time.

Type Aliases

• ArrayOutput
• Keypair
• KxKeypair
• KxPublickey
• KxSecretkey
• Options
• Publickey
• Secretkey
• SecretsManager
• Signature
• SignatureKeypair
• SignaturePublickey
• SignatureSecretkey
• SignatureState
• SignatureVerificationState
• Size
• SymmetricKey
• SymmetricState
• SymmetricTag
• Timestamp
• U64
• Version

Unions

• OptOptionsUnion
• OptSymmetricKeyUnion