[All] - [crypto_errno] - [keypair_encoding] - [publickey_encoding] - [secretkey_encoding] - [signature_encoding] - [algorithm_type] - [version] - [size] - [timestamp] - [u64] - [array_output] - [options] - [secrets_manager] - [keypair] - [signature_state] - [signature] - [publickey] - [secretkey] - [signature_verification_state] - [symmetric_state] - [symmetric_key] - [symmetric_tag] - [opt_options_u] - [opt_options] - [opt_symmetric_key_u] - [opt_symmetric_key]
[All] - [keypair_generate()] - [keypair_import()] - [keypair_generate_managed()] - [keypair_store_managed()] - [keypair_replace_managed()] - [keypair_id()] - [keypair_from_id()] - [keypair_from_pk_and_sk()] - [keypair_export()] - [keypair_publickey()] - [keypair_secretkey()] - [keypair_close()] - [publickey_import()] - [publickey_export()] - [publickey_verify()] - [publickey_from_secretkey()] - [publickey_close()] - [secretkey_import()] - [secretkey_export()] - [secretkey_close()]
Enumeration with tag type: u16, and the following members:
success:crypto_errnoguest_error:crypto_errnonot_implemented:crypto_errnounsupported_feature:crypto_errnoprohibited_operation:crypto_errnounsupported_encoding:crypto_errnounsupported_algorithm:crypto_errnounsupported_option:crypto_errnoinvalid_key:crypto_errnoinvalid_length:crypto_errnoverification_failed:crypto_errnorng_error:crypto_errnoalgorithm_failure:crypto_errnoinvalid_signature:crypto_errnoclosed:crypto_errnoinvalid_handle:crypto_errnooverflow:crypto_errnointernal_error:crypto_errnotoo_many_handles:crypto_errnokey_not_supported:crypto_errnokey_required:crypto_errnoinvalid_tag:crypto_errnoinvalid_operation:crypto_errnononce_required:crypto_errnoinvalid_nonce:crypto_errnooption_not_set:crypto_errnonot_found:crypto_errnoparameters_missing:crypto_errnoin_progress:crypto_errnoincompatible_keys:crypto_errnoexpired:crypto_errno
Error codes.
Enumeration with tag type: u16, and the following members:
raw:keypair_encodingpkcs8:keypair_encodingpem:keypair_encodingcompressed_pkcs8:keypair_encodingcompressed_pem:keypair_encodinglocal:keypair_encoding
Encoding to use for importing or exporting a key pair.
Enumeration with tag type: u16, and the following members:
raw:publickey_encodingpkcs8:publickey_encodingpem:publickey_encodingsec:publickey_encodingcompressed_sec:publickey_encodingcompressed_pkcs8:publickey_encodingcompressed_pem:publickey_encodinglocal:publickey_encoding
Encoding to use for importing or exporting a public key.
Enumeration with tag type: u16, and the following members:
raw:secretkey_encodingpkcs8:secretkey_encodingpem:secretkey_encodingsec:secretkey_encodinglocal:secretkey_encoding
Encoding to use for importing or exporting a secret key.
Enumeration with tag type: u16, and the following members:
raw:signature_encodingder:signature_encoding
Encoding to use for importing or exporting a signature.
Enumeration with tag type: u16, and the following members:
signatures:algorithm_typesymmetric:algorithm_typekey_exchange:algorithm_type
An algorithm category.
Alias for u64.
Version of a managed key.
A version can be an arbitrary
u64integer, with the expection of some reserved values.
Alias for usize.
Size of a value.
Alias for u64.
A UNIX timestamp, in seconds since 01/01/1970.
Alias for u64.
A 64-bit value
Alias for handle.
Handle for functions returning output whose size may be large or not known in advance.
An
array_outputobject contains a host-allocated byte array.A guest can get the size of that array after a function returns in order to then allocate a buffer of the correct size. In addition, the content of such an object can be consumed by a guest in a streaming fashion.
An
array_outputhandle is automatically closed after its full content has been consumed.
Alias for handle.
A set of options.
This type is used to set non-default parameters.
The exact set of allowed options depends on the algorithm being used.
Alias for handle.
A handle to the optional secrets management facilities offered by a host.
This is used to generate, retrieve and invalidate managed keys.
Alias for handle.
A key pair.
Alias for handle.
A state to absorb data to be signed.
After a signature has been computed or verified, the state remains valid for further operations.
A subsequent signature would sign all the data accumulated since the creation of the state object.
Alias for handle.
A signature.
Alias for handle.
A public key, for key exchange and signature verification.
Alias for handle.
A secret key, for key exchange mechanisms.
Alias for handle.
A state to absorb signed data to be verified.
Alias for handle.
A state to perform symmetric operations.
The state is not reset nor invalidated after an option has been performed. Incremental updates and sessions are thus supported.
Alias for handle.
A symmetric key.
The key can be imported from raw bytes, or can be a reference to a managed key.
If it was imported, the host will wipe it from memory as soon as the handle is closed.
Alias for handle.
An authentication tag.
This is an object returned by functions computing authentication tags.
A tag can be compared against another tag (directly supplied as raw bytes) in constant time with the
symmetric_tag_verify()function.This object type can't be directly created from raw bytes. They are only returned by functions computing MACs.
The host is reponsible for securely wiping them from memory on close.
Enumeration with tag type: u8, and the following members:
some:opt_options_unone:opt_options_u
Options index, only required by the Interface Types translation layer.
Tagged union with tag type: u8 and the following possibilities:
some:optionsnone: (empty)
An optional options set.
This union simulates an
Option\<Options\>type to make theoptionsparameter of some functions optional.
Enumeration with tag type: u8, and the following members:
some:opt_symmetric_key_unone:opt_symmetric_key_u
Symmetric key index, only required by the Interface Types translation layer.
Tagged union with tag type: u8 and the following possibilities:
some:symmetric_keynone: (empty)
An optional symmetric key.
This union simulates an
Option\<SymmetricKey\>type to make thesymmetric_keyparameter of some functions optional.
Returned error type: crypto_errno
algorithm_type:algorithm_typealgorithm:stringoptions:opt_options
keypairmutable pointer
Generate a new key pair.
Internally, a key pair stores the supplied algorithm and optional parameters.
Trying to use that key pair with different parameters will throw an
invalid_keyerror.This function may return
$crypto_errno.unsupported_featureif key generation is not supported by the host for the chosen algorithm.The function may also return
unsupported_algorithmif the algorithm is not supported by the host.Finally, if generating that type of key pair is an expensive operation, the function may return
in_progress. In that case, the guest should retry with the same parameters until the function completes.Example usage:
let kp_handle = ctx.keypair_generate(AlgorithmType::Signatures, "RSA_PKCS1_2048_SHA256", None)?;
Returned error type: crypto_errno
algorithm_type:algorithm_typealgorithm:stringencoded:u8pointerencoded_len:sizeencoding:keypair_encoding
keypairmutable pointer
Import a key pair.
This function creates a
keypairobject from existing material.It may return
unsupported_algorithmif the encoding scheme is not supported, orinvalid_keyif the key cannot be decoded.The function may also return
unsupported_algorithmif the algorithm is not supported by the host.Example usage:
let kp_handle = ctx.keypair_import(AlgorithmType::Signatures, "RSA_PKCS1_2048_SHA256", KeypairEncoding::PKCS8)?;
Returned error type: crypto_errno
secrets_manager:secrets_manageralgorithm_type:algorithm_typealgorithm:stringoptions:opt_options
keypairmutable pointer
(optional) Generate a new managed key pair.
The key pair is generated and stored by the secrets management facilities.
It may be used through its identifier, but the host may not allow it to be exported.
The function returns the
unsupported_featureerror code if secrets management facilities are not supported by the host, orunsupported_algorithmif a key cannot be created for the chosen algorithm.The function may also return
unsupported_algorithmif the algorithm is not supported by the host.This is also an optional import, meaning that the function may not even exist.
Returned error type: crypto_errno
secrets_manager:secrets_managerkp:keypairkp_id:u8mutable pointerkp_id_max_len:size
This function has no output.
(optional) Store a key pair into the secrets manager.
On success, the function stores the key pair identifier into
$kp_id, into which up to$kp_id_max_lencan be written.The function returns
overflowif the supplied buffer is too small.
Returned error type: crypto_errno
secrets_manager:secrets_managerkp_old:keypairkp_new:keypair
versionmutable pointer
(optional) Replace a managed key pair.
This function crates a new version of a managed key pair, by replacing
$kp_oldwith$kp_new.It does several things:
- The key identifier for
$kp_newis set to the one of$kp_old.- A new, unique version identifier is assigned to
$kp_new. This version will be equivalent to using$version_latestuntil the key is replaced.- The
$kp_oldhandle is closed.Both keys must share the same algorithm and have compatible parameters. If this is not the case,
incompatible_keysis returned.The function may also return the
unsupported_featureerror code if secrets management facilities are not supported by the host, or if keys cannot be rotated.Finally,
prohibited_operationcan be returned if$kp_newwasn't created by the secrets manager, and the secrets manager prohibits imported keys.If the operation succeeded, the new version is returned.
This is an optional import, meaning that the function may not even exist.
Returned error type: crypto_errno
(optional) Return the key pair identifier and version of a managed key pair.
If the key pair is not managed,
unsupported_featureis returned instead.This is an optional import, meaning that the function may not even exist.
Returned error type: crypto_errno
secrets_manager:secrets_managerkp_id:u8pointerkp_id_len:sizekp_version:version
keypairmutable pointer
(optional) Return a managed key pair from a key identifier.
kp_versioncan be set toversion_latestto retrieve the most recent version of a key pair.If no key pair matching the provided information is found,
not_foundis returned instead.This is an optional import, meaning that the function may not even exist.
Returned error type: crypto_errno
keypairmutable pointer
Create a key pair from a public key and a secret key.
Returned error type: crypto_errno
kp:keypairencoding:keypair_encoding
array_outputmutable pointer
Export a key pair as the given encoding format.
May return
prohibited_operationif this operation is denied orunsupported_encodingif the encoding is not supported.
Returned error type: crypto_errno
kp:keypair
publickeymutable pointer
Get the public key of a key pair.
Returned error type: crypto_errno
kp:keypair
secretkeymutable pointer
Get the secret key of a key pair.
Returned error type: crypto_errno
kp:keypair
This function has no output.
Destroy a key pair.
The host will automatically wipe traces of the secret key from memory.
If this is a managed key, the key will not be removed from persistent storage, and can be reconstructed later using the key identifier.
Returned error type: crypto_errno
algorithm_type:algorithm_typealgorithm:stringencoded:u8pointerencoded_len:sizeencoding:publickey_encoding
publickeymutable pointer
Import a public key.
The function may return
unsupported_encodingif importing from the given format is not implemented or incompatible with the key type.It may also return
invalid_keyif the key doesn't appear to match the supplied algorithm.Finally, the function may return
unsupported_algorithmif the algorithm is not supported by the host.Example usage:
let pk_handle = ctx.publickey_import(AlgorithmType::Signatures, encoded, PublicKeyEncoding::Sec)?;
Returned error type: crypto_errno
pk:publickeyencoding:publickey_encoding
array_outputmutable pointer
Export a public key as the given encoding format.
May return
unsupported_encodingif the encoding is not supported.
Returned error type: crypto_errno
pk:publickey
This function has no output.
Check that a public key is valid and in canonical form.
This function may perform stricter checks than those made during importation at the expense of additional CPU cycles.
The function returns
invalid_keyif the public key didn't pass the checks.
Returned error type: crypto_errno
sk:secretkey
publickeymutable pointer
Compute the public key for a secret key.
Returned error type: crypto_errno
pk:publickey
This function has no output.
Destroy a public key.
Objects are reference counted. It is safe to close an object immediately after the last function needing it is called.
Returned error type: crypto_errno
algorithm_type:algorithm_typealgorithm:stringencoded:u8pointerencoded_len:sizeencoding:secretkey_encoding
secretkeymutable pointer
Import a secret key.
The function may return
unsupported_encodingif importing from the given format is not implemented or incompatible with the key type.It may also return
invalid_keyif the key doesn't appear to match the supplied algorithm.Finally, the function may return
unsupported_algorithmif the algorithm is not supported by the host.Example usage:
let pk_handle = ctx.secretkey_import(AlgorithmType::KX, encoded, SecretKeyEncoding::Raw)?;
Returned error type: crypto_errno
sk:secretkeyencoding:secretkey_encoding
array_outputmutable pointer
Export a secret key as the given encoding format.
May return
unsupported_encodingif the encoding is not supported.
Returned error type: crypto_errno
sk:secretkey
This function has no output.
Destroy a secret key.
Objects are reference counted. It is safe to close an object immediately after the last function needing it is called.