Module crypto_wasi::raw
source · Expand description
Low-level binding to wasi-crypto
Modules§
Structs§
Constants§
- An error was returned by the underlying cryptography library.
- An attempt was made to close a handle that was already closed.
- A managed key or secret expired and cannot be used any more.
- An error occurred when trying to during a conversion from a host type to a guest type.
- Multiple keys have been provided, but they do not share the same type.
- An internal error occurred.
- A function was called with an unassigned handle, a closed handle, or handle of an unexpected type.
- An invalid or incompatible key was supplied.
- The currently selected algorithm doesn’t support the requested output length.
- The provided nonce doesn’t have a correct size for the given cipher.
- The requested operation is incompatible with the current scheme.
- The supplied signature is invalid, or incompatible with the chosen algorithm.
- The provided authentication tag is invalid or incompatible with the current algorithm.
- A requested computation is not done yet, and additional calls to the function are required.
- A key was provided, but the chosen algorithm doesn’t support keys.
- A key is required for the chosen algorithm, but none was given.
- A nonce is required.
- A key or key pair matching the requested identifier cannot be found using the supplied information.
- The requested operation is valid, but not implemented by the host.
- The named option was not set.
- The host needs to copy data to a guest-allocated buffer, but that buffer is too small.
- The algorithm requires parameters that haven’t been set.
- The requested operation is valid, but was administratively prohibited.
- A secure random numbers generator is not available.
- Operation succeeded.
- Too many handles are currently open, and a new one cannot be created.
- The requested algorithm is not supported by the host.
- Unsupported encoding for an import or export operation.
- The requested feature is not supported by the chosen algorithm.
- The requested option is not supported by the currently selected algorithm.
- A signature or authentication tag verification failed.
- Implementation-defined encoding.
- PEM encoding.
- PCSK8/DER encoding.
- Raw bytes.
- Implementation-defined encoding.
- PEM encoding.
- PKCS8/DER encoding.
- Raw bytes.
- SEC-1 encoding.
- Implementation-defined encoding.
- PEM encoding.
- PKCS8/DER encoding.
- Raw bytes.
- SEC-1 encoding.
- DER encoding.
- Raw bytes.
Functions§
- Return the length of an
array_output
object. - Copy the content of an
array_output
object into an application-allocated buffer. - Destroy a key pair.
- Export a key pair as the given encoding format.
- (optional) Return a managed key pair from a key identifier.
- Create a key pair from a public key and a secret key.
- Generate a new key pair.
- (optional) Generate a new managed key pair.
- (optional) Return the key pair identifier and version of a managed key pair.
- Import a key pair.
- Get the public key of a key pair.
- (optional) Replace a managed key pair.
- Get the secret key of a key pair.
- (optional) Store a key pair into the secrets manager.
- Decapsulate an encapsulated secret crated with
kx_encapsulate
- Perform a simple Diffie-Hellman key exchange.
- Create a shared secret and encrypt it for the given public key.
- Destroy an options object.
- Create a new object to set non-default options.
- Set or update an option.
- Set or update a guest-allocated memory that the host can use or return data into.
- Set or update an integer option.
- Destroy a public key.
- Export a public key as the given encoding format.
- Compute the public key for a secret key.
- Import a public key.
- Check that a public key is valid and in canonical form.
- Destroy a secret key.
- Export a secret key as the given encoding format.
- Import a secret key.
- (optional) Destroy a secrets manager context.
- (optional) Invalidate a managed key or key pair given an identifier and a version.
- (optional) Create a context to use a secrets manager.
- Destroy a signature.
- Export a signature.
- Create a signature object.
- Destroy a signature state.
- Create a new state to collect data to compute a signature on.
- Compute a signature for all the data collected up to that point.
- Absorb data into the signature state.
- Destroy a signature verification state.
- Create a new state to collect data to verify a signature on.
- Absorb data into the signature verification state.
- Check that the given signature is verifies for the data collected up to that point point.
- Destroy a symmetric key.
- Export a symmetric key as raw material.
- (optional) Return a managed symmetric key from a key identifier.
- Generate a new symmetric key for a given algorithm.
- (optional) Generate a new managed symmetric key.
- (optional) Return the key identifier and version of a managed symmetric key.
- Create a symmetric key from raw material.
- (optional) Replace a managed symmetric key.
- (optional) Store a symmetric key into the secrets manager.
- Absorb data into the state.
- Clone a symmetric state.
- Destroy a symmetric state.
- Stream cipher: adds the input to the stream cipher output.
out_len
anddata_len
can be equal, as no authentication tags will be added.AEAD: decryptsdata
intoout
. Additional data must have been previously absorbed usingsymmetric_state_absorb()
.SHOE, Xoodyak, Strobe: decrypts data, squeezes a tag and verify that it matches the one that was appended to the ciphertext. - Stream cipher: returns
invalid_operation
since stream ciphers do not include authentication tags.AEAD: decryptsdata
intoout
. Additional data must have been previously absorbed usingsymmetric_state_absorb()
.SHOE, Xoodyak, Strobe: decrypts data, squeezes a tag and verify that it matches the expected one. - Encrypt data with an attached tag.
- Encrypt data, with a detached tag.
- Return the maximum length of an authentication tag for the current algorithm.
- Create a new state to aborb and produce data using symmetric operations.
- Retrieve a parameter from the current state.
- Retrieve an integer parameter from the current state.
- Make it impossible to recover the previous state.
- Squeeze bytes from the state.
- Use the current state to produce a key for a target algorithm.
- Compute and return a tag for all the data injected into the state so far.
- Explicitly destroy an unused authentication tag.
- Return the length of an authentication tag.
- Copy an authentication tag into a guest-allocated buffer.
- Verify that a computed authentication tag matches the expected value, in constant-time.