[All] - [crypto_errno
] - [keypair_encoding
] - [publickey_encoding
] - [secretkey_encoding
] - [signature_encoding
] - [algorithm_type
] - [version
] - [size
] - [timestamp
] - [u64
] - [array_output
] - [options
] - [secrets_manager
] - [keypair
] - [signature_state
] - [signature
] - [publickey
] - [secretkey
] - [signature_verification_state
] - [symmetric_state
] - [symmetric_key
] - [symmetric_tag
] - [opt_options_u
] - [opt_options
] - [opt_symmetric_key_u
] - [opt_symmetric_key
]
[All] - [keypair_generate()
] - [keypair_import()
] - [keypair_generate_managed()
] - [keypair_store_managed()
] - [keypair_replace_managed()
] - [keypair_id()
] - [keypair_from_id()
] - [keypair_from_pk_and_sk()
] - [keypair_export()
] - [keypair_publickey()
] - [keypair_secretkey()
] - [keypair_close()
] - [publickey_import()
] - [publickey_export()
] - [publickey_verify()
] - [publickey_from_secretkey()
] - [publickey_close()
] - [secretkey_import()
] - [secretkey_export()
] - [secretkey_close()
]
Enumeration with tag type: u16
, and the following members:
success
:crypto_errno
guest_error
:crypto_errno
not_implemented
:crypto_errno
unsupported_feature
:crypto_errno
prohibited_operation
:crypto_errno
unsupported_encoding
:crypto_errno
unsupported_algorithm
:crypto_errno
unsupported_option
:crypto_errno
invalid_key
:crypto_errno
invalid_length
:crypto_errno
verification_failed
:crypto_errno
rng_error
:crypto_errno
algorithm_failure
:crypto_errno
invalid_signature
:crypto_errno
closed
:crypto_errno
invalid_handle
:crypto_errno
overflow
:crypto_errno
internal_error
:crypto_errno
too_many_handles
:crypto_errno
key_not_supported
:crypto_errno
key_required
:crypto_errno
invalid_tag
:crypto_errno
invalid_operation
:crypto_errno
nonce_required
:crypto_errno
invalid_nonce
:crypto_errno
option_not_set
:crypto_errno
not_found
:crypto_errno
parameters_missing
:crypto_errno
in_progress
:crypto_errno
incompatible_keys
:crypto_errno
expired
:crypto_errno
Error codes.
Enumeration with tag type: u16
, and the following members:
raw
:keypair_encoding
pkcs8
:keypair_encoding
pem
:keypair_encoding
local
:keypair_encoding
Encoding to use for importing or exporting a key pair.
Enumeration with tag type: u16
, and the following members:
raw
:publickey_encoding
pkcs8
:publickey_encoding
pem
:publickey_encoding
sec
:publickey_encoding
local
:publickey_encoding
Encoding to use for importing or exporting a public key.
Enumeration with tag type: u16
, and the following members:
raw
:secretkey_encoding
pkcs8
:secretkey_encoding
pem
:secretkey_encoding
sec
:secretkey_encoding
local
:secretkey_encoding
Encoding to use for importing or exporting a secret key.
Enumeration with tag type: u16
, and the following members:
raw
:signature_encoding
der
:signature_encoding
Encoding to use for importing or exporting a signature.
Enumeration with tag type: u16
, and the following members:
signatures
:algorithm_type
symmetric
:algorithm_type
key_exchange
:algorithm_type
An algorithm category.
Alias for u64
.
Version of a managed key.
A version can be an arbitrary
u64
integer, with the expection of some reserved values.
Alias for usize
.
Size of a value.
Alias for u64
.
A UNIX timestamp, in seconds since 01/01/1970.
Alias for u64
.
A 64-bit value
Alias for handle
.
Handle for functions returning output whose size may be large or not known in advance.
An
array_output
object contains a host-allocated byte array.A guest can get the size of that array after a function returns in order to then allocate a buffer of the correct size. In addition, the content of such an object can be consumed by a guest in a streaming fashion.
An
array_output
handle is automatically closed after its full content has been consumed.
Alias for handle
.
A set of options.
This type is used to set non-default parameters.
The exact set of allowed options depends on the algorithm being used.
Alias for handle
.
A handle to the optional secrets management facilities offered by a host.
This is used to generate, retrieve and invalidate managed keys.
Alias for handle
.
A key pair.
Alias for handle
.
A state to absorb data to be signed.
After a signature has been computed or verified, the state remains valid for further operations.
A subsequent signature would sign all the data accumulated since the creation of the state object.
Alias for handle
.
A signature.
Alias for handle
.
A public key, for key exchange and signature verification.
Alias for handle
.
A secret key, for key exchange mechanisms.
Alias for handle
.
A state to absorb signed data to be verified.
Alias for handle
.
A state to perform symmetric operations.
The state is not reset nor invalidated after an option has been performed. Incremental updates and sessions are thus supported.
Alias for handle
.
A symmetric key.
The key can be imported from raw bytes, or can be a reference to a managed key.
If it was imported, the host will wipe it from memory as soon as the handle is closed.
Alias for handle
.
An authentication tag.
This is an object returned by functions computing authentication tags.
A tag can be compared against another tag (directly supplied as raw bytes) in constant time with the
symmetric_tag_verify()
function.This object type can't be directly created from raw bytes. They are only returned by functions computing MACs.
The host is reponsible for securely wiping them from memory on close.
Enumeration with tag type: u8
, and the following members:
some
:opt_options_u
none
:opt_options_u
Options index, only required by the Interface Types translation layer.
Tagged union with tag type: u8
and the following possibilities:
some
:options
none
: (empty)
An optional options set.
This union simulates an
Option\<Options\>
type to make theoptions
parameter of some functions optional.
Enumeration with tag type: u8
, and the following members:
some
:opt_symmetric_key_u
none
:opt_symmetric_key_u
Symmetric key index, only required by the Interface Types translation layer.
Tagged union with tag type: u8
and the following possibilities:
some
:symmetric_key
none
: (empty)
An optional symmetric key.
This union simulates an
Option\<SymmetricKey\>
type to make thesymmetric_key
parameter of some functions optional.
Returned error type: crypto_errno
algorithm_type
:algorithm_type
algorithm
:string
options
:opt_options
keypair
mutable pointer
Generate a new key pair.
Internally, a key pair stores the supplied algorithm and optional parameters.
Trying to use that key pair with different parameters will throw an
invalid_key
error.This function may return
$crypto_errno.unsupported_feature
if key generation is not supported by the host for the chosen algorithm.The function may also return
unsupported_algorithm
if the algorithm is not supported by the host.Finally, if generating that type of key pair is an expensive operation, the function may return
in_progress
. In that case, the guest should retry with the same parameters until the function completes.Example usage:
let kp_handle = ctx.keypair_generate(AlgorithmType::Signatures, "RSA_PKCS1_2048_SHA256", None)?;
Returned error type: crypto_errno
algorithm_type
:algorithm_type
algorithm
:string
encoded
:u8
pointerencoded_len
:size
encoding
:keypair_encoding
keypair
mutable pointer
Import a key pair.
This function creates a
keypair
object from existing material.It may return
unsupported_algorithm
if the encoding scheme is not supported, orinvalid_key
if the key cannot be decoded.The function may also return
unsupported_algorithm
if the algorithm is not supported by the host.Example usage:
let kp_handle = ctx.keypair_import(AlgorithmType::Signatures, "RSA_PKCS1_2048_SHA256", KeypairEncoding::PKCS8)?;
Returned error type: crypto_errno
secrets_manager
:secrets_manager
algorithm_type
:algorithm_type
algorithm
:string
options
:opt_options
keypair
mutable pointer
(optional) Generate a new managed key pair.
The key pair is generated and stored by the secrets management facilities.
It may be used through its identifier, but the host may not allow it to be exported.
The function returns the
unsupported_feature
error code if secrets management facilities are not supported by the host, orunsupported_algorithm
if a key cannot be created for the chosen algorithm.The function may also return
unsupported_algorithm
if the algorithm is not supported by the host.This is also an optional import, meaning that the function may not even exist.
Returned error type: crypto_errno
secrets_manager
:secrets_manager
kp
:keypair
kp_id
:u8
mutable pointerkp_id_max_len
:size
This function has no output.
(optional) Store a key pair into the secrets manager.
On success, the function stores the key pair identifier into
$kp_id
, into which up to$kp_id_max_len
can be written.The function returns
overflow
if the supplied buffer is too small.
Returned error type: crypto_errno
secrets_manager
:secrets_manager
kp_old
:keypair
kp_new
:keypair
version
mutable pointer
(optional) Replace a managed key pair.
This function crates a new version of a managed key pair, by replacing
$kp_old
with$kp_new
.It does several things:
- The key identifier for
$kp_new
is set to the one of$kp_old
.- A new, unique version identifier is assigned to
$kp_new
. This version will be equivalent to using$version_latest
until the key is replaced.- The
$kp_old
handle is closed.Both keys must share the same algorithm and have compatible parameters. If this is not the case,
incompatible_keys
is returned.The function may also return the
unsupported_feature
error code if secrets management facilities are not supported by the host, or if keys cannot be rotated.Finally,
prohibited_operation
can be returned if$kp_new
wasn't created by the secrets manager, and the secrets manager prohibits imported keys.If the operation succeeded, the new version is returned.
This is an optional import, meaning that the function may not even exist.
Returned error type: crypto_errno
(optional) Return the key pair identifier and version of a managed key pair.
If the key pair is not managed,
unsupported_feature
is returned instead.This is an optional import, meaning that the function may not even exist.
Returned error type: crypto_errno
secrets_manager
:secrets_manager
kp_id
:u8
pointerkp_id_len
:size
kp_version
:version
keypair
mutable pointer
(optional) Return a managed key pair from a key identifier.
kp_version
can be set toversion_latest
to retrieve the most recent version of a key pair.If no key pair matching the provided information is found,
not_found
is returned instead.This is an optional import, meaning that the function may not even exist.
Returned error type: crypto_errno
keypair
mutable pointer
Create a key pair from a public key and a secret key.
Returned error type: crypto_errno
kp
:keypair
encoding
:keypair_encoding
array_output
mutable pointer
Export a key pair as the given encoding format.
May return
prohibited_operation
if this operation is denied orunsupported_encoding
if the encoding is not supported.
Returned error type: crypto_errno
kp
:keypair
publickey
mutable pointer
Get the public key of a key pair.
Returned error type: crypto_errno
kp
:keypair
secretkey
mutable pointer
Get the secret key of a key pair.
Returned error type: crypto_errno
kp
:keypair
This function has no output.
Destroy a key pair.
The host will automatically wipe traces of the secret key from memory.
If this is a managed key, the key will not be removed from persistent storage, and can be reconstructed later using the key identifier.
Returned error type: crypto_errno
algorithm_type
:algorithm_type
algorithm
:string
encoded
:u8
pointerencoded_len
:size
encoding
:publickey_encoding
publickey
mutable pointer
Import a public key.
The function may return
unsupported_encoding
if importing from the given format is not implemented or incompatible with the key type.It may also return
invalid_key
if the key doesn't appear to match the supplied algorithm.Finally, the function may return
unsupported_algorithm
if the algorithm is not supported by the host.Example usage:
let pk_handle = ctx.publickey_import(AlgorithmType::Signatures, encoded, PublicKeyEncoding::Sec)?;
Returned error type: crypto_errno
pk
:publickey
encoding
:publickey_encoding
array_output
mutable pointer
Export a public key as the given encoding format.
May return
unsupported_encoding
if the encoding is not supported.
Returned error type: crypto_errno
pk
:publickey
This function has no output.
Check that a public key is valid and in canonical form.
This function may perform stricter checks than those made during importation at the expense of additional CPU cycles.
The function returns
invalid_key
if the public key didn't pass the checks.
Returned error type: crypto_errno
sk
:secretkey
publickey
mutable pointer
Compute the public key for a secret key.
Returned error type: crypto_errno
pk
:publickey
This function has no output.
Destroy a public key.
Objects are reference counted. It is safe to close an object immediately after the last function needing it is called.
Returned error type: crypto_errno
algorithm_type
:algorithm_type
algorithm
:string
encoded
:u8
pointerencoded_len
:size
encoding
:secretkey_encoding
secretkey
mutable pointer
Import a secret key.
The function may return
unsupported_encoding
if importing from the given format is not implemented or incompatible with the key type.It may also return
invalid_key
if the key doesn't appear to match the supplied algorithm.Finally, the function may return
unsupported_algorithm
if the algorithm is not supported by the host.Example usage:
let pk_handle = ctx.secretkey_import(AlgorithmType::KX, encoded, SecretKeyEncoding::Raw)?;
Returned error type: crypto_errno
sk
:secretkey
encoding
:secretkey_encoding
array_output
mutable pointer
Export a secret key as the given encoding format.
May return
unsupported_encoding
if the encoding is not supported.
Returned error type: crypto_errno
sk
:secretkey
This function has no output.
Destroy a secret key.
Objects are reference counted. It is safe to close an object immediately after the last function needing it is called.