~~NOTOC~~
{{wvds:title>Riferimento API}}
===== Riferimento API =====
Tutte le funzioni sono dichiarate nell'header ''wvds_crypto.h''.
----
==== Request Builder ====
=== wvds_build_aes_encrypt_request ===
int wvds_build_aes_encrypt_request(
uint8_t* buffer, // [out] Buffer destinazione
size_t* buffer_len, // [in/out] Dimensione buffer / lunghezza effettiva
uint32_t key_id, // Key-ID
const void* aad, // Additional Authenticated Data
size_t aad_len, // Lunghezza AAD
const void* plaintext, // Dati da cifrare
size_t pt_len // Lunghezza testo in chiaro
);
| Ritorno | Descrizione |
| 0 | Successo |
| -1 | Buffer troppo piccolo |
| -2 | Payload troppo grande (> 64 KB) |
=== wvds_build_aes_decrypt_request ===
int wvds_build_aes_decrypt_request(
uint8_t* buffer,
size_t* buffer_len,
uint32_t key_id,
const uint8_t nonce[12],
const uint8_t tag[16],
const void* aad,
size_t aad_len,
const void* ciphertext,
size_t ct_len
);
=== wvds_build_mldsa_sign_request ===
int wvds_build_mldsa_sign_request(
uint8_t* buffer,
size_t* buffer_len,
uint32_t key_id, // Private Key ID
const void* message,
size_t msg_len
);
=== wvds_build_mldsa_verify_request ===
int wvds_build_mldsa_verify_request(
uint8_t* buffer,
size_t* buffer_len,
uint32_t key_id, // Public Key ID
const void* message,
size_t msg_len,
const void* signature,
size_t sig_len
);
=== wvds_build_mlkem_keygen_request ===
int wvds_build_mlkem_keygen_request(
uint8_t* buffer,
size_t* buffer_len,
uint32_t key_id // ID per nuova coppia chiavi
);
=== wvds_build_mlkem_encaps_request ===
int wvds_build_mlkem_encaps_request(
uint8_t* buffer,
size_t* buffer_len,
const void* public_key,
size_t pk_len
);
=== wvds_build_mlkem_decaps_request ===
int wvds_build_mlkem_decaps_request(
uint8_t* buffer,
size_t* buffer_len,
uint32_t key_id, // Private Key ID
const void* ciphertext,
size_t ct_len
);
----
==== Response Parser ====
=== wvds_parse_aes_encrypt_response ===
int wvds_parse_aes_encrypt_response(
const uint8_t* response,
size_t response_len,
uint8_t nonce[12], // [out] Nonce generata
uint8_t tag[16], // [out] Authentication Tag
uint8_t* ciphertext, // [out] Testo cifrato
size_t* ct_len // [out] Lunghezza testo cifrato
);
| Ritorno | Descrizione |
| 0 | Successo |
| >0 | Codice stato (vedi [[.:protokoll#status_codes|Protocollo]]) |
| -1 | Risposta non valida |
=== wvds_parse_aes_decrypt_response ===
int wvds_parse_aes_decrypt_response(
const uint8_t* response,
size_t response_len,
uint8_t* plaintext, // [out] Testo in chiaro decifrato
size_t* pt_len // [out] Lunghezza testo in chiaro
);
**Ritorno 6 = DECRYPTION_FAILED**
I dati sono stati alterati o รจ stata usata la chiave/AAD errata!
=== wvds_parse_mldsa_sign_response ===
int wvds_parse_mldsa_sign_response(
const uint8_t* response,
size_t response_len,
uint8_t* signature, // [out] Firma (min 4096 byte)
size_t* sig_len // [out] Lunghezza firma
);
=== wvds_parse_mldsa_verify_response ===
int wvds_parse_mldsa_verify_response(
const uint8_t* response,
size_t response_len,
int* valid // [out] 1 = valida, 0 = non valida
);
=== wvds_parse_mlkem_keygen_response ===
int wvds_parse_mlkem_keygen_response(
const uint8_t* response,
size_t response_len,
uint8_t* public_key, // [out] Chiave pubblica (min 2048 byte)
size_t* pk_len // [out] Lunghezza chiave pubblica
);
=== wvds_parse_mlkem_encaps_response ===
int wvds_parse_mlkem_encaps_response(
const uint8_t* response,
size_t response_len,
uint8_t* ciphertext, // [out] Testo cifrato (min 2048 byte)
size_t* ct_len, // [out] Lunghezza testo cifrato
uint8_t shared_secret[32] // [out] Segreto condiviso
);
=== wvds_parse_mlkem_decaps_response ===
int wvds_parse_mlkem_decaps_response(
const uint8_t* response,
size_t response_len,
uint8_t shared_secret[32] // [out] Segreto condiviso
);
----
==== Funzioni Utility ====
=== wvds_get_error_code ===
int wvds_get_error_code(
const uint8_t* response,
size_t response_len
);
Estrae il codice di stato da qualsiasi risposta.
| Ritorno | Descrizione |
| 0 | Successo |
| 1-9 | Codice errore (vedi [[.:protokoll#status_codes|Protocollo]]) |
| -1 | Risposta non valida |
=== wvds_error_to_string ===
const char* wvds_error_to_string(int error_code);
| Codice | Stringa |
| 0 | "Success" |
| 1 | "Invalid header" |
| 2 | "Invalid request type" |
| 3 | "Invalid payload" |
| 4 | "Key not found" |
| 5 | "Crypto error" |
| 6 | "Decryption failed" |
| 7 | "Rate limited" |
| 8 | "Nonce reuse detected" |
| 9 | "Payload too large" |
----
==== Costanti ====
// Request Types
#define WVDS_REQ_AES_ENCRYPT 0x01
#define WVDS_REQ_AES_DECRYPT 0x02
#define WVDS_REQ_MLDSA_SIGN 0x10
#define WVDS_REQ_MLDSA_VERIFY 0x11
#define WVDS_REQ_MLKEM_KEYGEN 0x20
#define WVDS_REQ_MLKEM_ENCAPS 0x21
#define WVDS_REQ_MLKEM_DECAPS 0x22
// Dimensioni
#define WVDS_AES_NONCE_SIZE 12
#define WVDS_AES_TAG_SIZE 16
#define WVDS_AES_KEY_SIZE 32
#define WVDS_MLDSA65_SIG_SIZE 3293
#define WVDS_MLDSA65_PK_SIZE 1952
#define WVDS_MLKEM768_PK_SIZE 1184
#define WVDS_MLKEM768_CT_SIZE 1088
#define WVDS_SHARED_SECRET_SIZE 32
// Limiti
#define WVDS_MAX_PAYLOAD_SIZE 65536
#define WVDS_HEADER_SIZE 8
----
[[.:protokoll|< Protocollo]] | [[.:sicherheit|Continua: Sicurezza >]]