~~NOTOC~~
{{wvds:title>API-Referenz}}
===== API-Referenz =====
Alle Funktionen sind im Header ''wvds_crypto.h'' deklariert.
----
==== Request Builder ====
=== wvds_build_aes_encrypt_request ===
int wvds_build_aes_encrypt_request(
uint8_t* buffer, // [out] Zielpuffer
size_t* buffer_len, // [in/out] Puffergroesse / tatsaechliche Laenge
uint32_t key_id, // Key-ID
const void* aad, // Additional Authenticated Data
size_t aad_len, // AAD Laenge
const void* plaintext, // Zu verschluesselnde Daten
size_t pt_len // Plaintext Laenge
);
| Return | Beschreibung |
| 0 | Erfolg |
| -1 | Puffer zu klein |
| -2 | Payload zu gross (> 64 KB) |
=== wvds_build_aes_decrypt_request ===
int wvds_build_aes_decrypt_request(
uint8_t* buffer,
size_t* buffer_len,
uint32_t key_id,
const uint8_t nonce[12],
const uint8_t tag[16],
const void* aad,
size_t aad_len,
const void* ciphertext,
size_t ct_len
);
=== wvds_build_mldsa_sign_request ===
int wvds_build_mldsa_sign_request(
uint8_t* buffer,
size_t* buffer_len,
uint32_t key_id, // Private Key ID
const void* message,
size_t msg_len
);
=== wvds_build_mldsa_verify_request ===
int wvds_build_mldsa_verify_request(
uint8_t* buffer,
size_t* buffer_len,
uint32_t key_id, // Public Key ID
const void* message,
size_t msg_len,
const void* signature,
size_t sig_len
);
=== wvds_build_mlkem_keygen_request ===
int wvds_build_mlkem_keygen_request(
uint8_t* buffer,
size_t* buffer_len,
uint32_t key_id // ID fuer neues Schluesselpaar
);
=== wvds_build_mlkem_encaps_request ===
int wvds_build_mlkem_encaps_request(
uint8_t* buffer,
size_t* buffer_len,
const void* public_key,
size_t pk_len
);
=== wvds_build_mlkem_decaps_request ===
int wvds_build_mlkem_decaps_request(
uint8_t* buffer,
size_t* buffer_len,
uint32_t key_id, // Private Key ID
const void* ciphertext,
size_t ct_len
);
----
==== Response Parser ====
=== wvds_parse_aes_encrypt_response ===
int wvds_parse_aes_encrypt_response(
const uint8_t* response,
size_t response_len,
uint8_t nonce[12], // [out] Generierte Nonce
uint8_t tag[16], // [out] Authentication Tag
uint8_t* ciphertext, // [out] Ciphertext
size_t* ct_len // [out] Ciphertext Laenge
);
| Return | Beschreibung |
| 0 | Erfolg |
| >0 | Status Code (siehe [[.:protokoll#status_codes|Protokoll]]) |
| -1 | Response ungueltig |
=== wvds_parse_aes_decrypt_response ===
int wvds_parse_aes_decrypt_response(
const uint8_t* response,
size_t response_len,
uint8_t* plaintext, // [out] Entschluesselter Klartext
size_t* pt_len // [out] Plaintext Laenge
);
**Return 6 = DECRYPTION_FAILED**
Die Daten wurden manipuliert oder der falsche Key/AAD verwendet!
=== wvds_parse_mldsa_sign_response ===
int wvds_parse_mldsa_sign_response(
const uint8_t* response,
size_t response_len,
uint8_t* signature, // [out] Signatur (mind. 4096 Bytes)
size_t* sig_len // [out] Signatur Laenge
);
=== wvds_parse_mldsa_verify_response ===
int wvds_parse_mldsa_verify_response(
const uint8_t* response,
size_t response_len,
int* valid // [out] 1 = gueltig, 0 = ungueltig
);
=== wvds_parse_mlkem_keygen_response ===
int wvds_parse_mlkem_keygen_response(
const uint8_t* response,
size_t response_len,
uint8_t* public_key, // [out] Public Key (mind. 2048 Bytes)
size_t* pk_len // [out] Public Key Laenge
);
=== wvds_parse_mlkem_encaps_response ===
int wvds_parse_mlkem_encaps_response(
const uint8_t* response,
size_t response_len,
uint8_t* ciphertext, // [out] Ciphertext (mind. 2048 Bytes)
size_t* ct_len, // [out] Ciphertext Laenge
uint8_t shared_secret[32] // [out] Shared Secret
);
=== wvds_parse_mlkem_decaps_response ===
int wvds_parse_mlkem_decaps_response(
const uint8_t* response,
size_t response_len,
uint8_t shared_secret[32] // [out] Shared Secret
);
----
==== Utility Funktionen ====
=== wvds_get_error_code ===
int wvds_get_error_code(
const uint8_t* response,
size_t response_len
);
Extrahiert den Status-Code aus einer beliebigen Response.
| Return | Beschreibung |
| 0 | Erfolg |
| 1-9 | Fehler-Code (siehe [[.:protokoll#status_codes|Protokoll]]) |
| -1 | Response ungueltig |
=== wvds_error_to_string ===
const char* wvds_error_to_string(int error_code);
| Code | String |
| 0 | "Success" |
| 1 | "Invalid header" |
| 2 | "Invalid request type" |
| 3 | "Invalid payload" |
| 4 | "Key not found" |
| 5 | "Crypto error" |
| 6 | "Decryption failed" |
| 7 | "Rate limited" |
| 8 | "Nonce reuse detected" |
| 9 | "Payload too large" |
----
==== Konstanten ====
// Request Types
#define WVDS_REQ_AES_ENCRYPT 0x01
#define WVDS_REQ_AES_DECRYPT 0x02
#define WVDS_REQ_MLDSA_SIGN 0x10
#define WVDS_REQ_MLDSA_VERIFY 0x11
#define WVDS_REQ_MLKEM_KEYGEN 0x20
#define WVDS_REQ_MLKEM_ENCAPS 0x21
#define WVDS_REQ_MLKEM_DECAPS 0x22
// Groessen
#define WVDS_AES_NONCE_SIZE 12
#define WVDS_AES_TAG_SIZE 16
#define WVDS_AES_KEY_SIZE 32
#define WVDS_MLDSA65_SIG_SIZE 3293
#define WVDS_MLDSA65_PK_SIZE 1952
#define WVDS_MLKEM768_PK_SIZE 1184
#define WVDS_MLKEM768_CT_SIZE 1088
#define WVDS_SHARED_SECRET_SIZE 32
// Limits
#define WVDS_MAX_PAYLOAD_SIZE 65536
#define WVDS_HEADER_SIZE 8
----
[[.:protokoll|< Protokoll]] | [[.:sicherheit|Weiter: Sicherheit >]]