Sie befinden sich hier: start » it » Documentazione interna » L4Re Crypto Service » Riferimento API

Riferimento API

Tutte le funzioni sono dichiarate nell'header wvds_crypto.h.

Request Builder

wvds_build_aes_encrypt_request

int wvds_build_aes_encrypt_request(
    uint8_t* buffer,        // [out] Buffer destinazione
    size_t* buffer_len,     // [in/out] Dimensione buffer / lunghezza effettiva
    uint32_t key_id,        // Key-ID
    const void* aad,        // Additional Authenticated Data
    size_t aad_len,         // Lunghezza AAD
    const void* plaintext,  // Dati da cifrare
    size_t pt_len           // Lunghezza testo in chiaro
);
Ritorno Descrizione
0 Successo
-1 Buffer troppo piccolo
-2 Payload troppo grande (> 64 KB)

wvds_build_aes_decrypt_request

int wvds_build_aes_decrypt_request(
    uint8_t* buffer,
    size_t* buffer_len,
    uint32_t key_id,
    const uint8_t nonce[12],
    const uint8_t tag[16],
    const void* aad,
    size_t aad_len,
    const void* ciphertext,
    size_t ct_len
);

wvds_build_mldsa_sign_request

int wvds_build_mldsa_sign_request(
    uint8_t* buffer,
    size_t* buffer_len,
    uint32_t key_id,        // Private Key ID
    const void* message,
    size_t msg_len
);

wvds_build_mldsa_verify_request

int wvds_build_mldsa_verify_request(
    uint8_t* buffer,
    size_t* buffer_len,
    uint32_t key_id,        // Public Key ID
    const void* message,
    size_t msg_len,
    const void* signature,
    size_t sig_len
);

wvds_build_mlkem_keygen_request

int wvds_build_mlkem_keygen_request(
    uint8_t* buffer,
    size_t* buffer_len,
    uint32_t key_id         // ID per nuova coppia chiavi
);

wvds_build_mlkem_encaps_request

int wvds_build_mlkem_encaps_request(
    uint8_t* buffer,
    size_t* buffer_len,
    const void* public_key,
    size_t pk_len
);

wvds_build_mlkem_decaps_request

int wvds_build_mlkem_decaps_request(
    uint8_t* buffer,
    size_t* buffer_len,
    uint32_t key_id,        // Private Key ID
    const void* ciphertext,
    size_t ct_len
);

Response Parser

wvds_parse_aes_encrypt_response

int wvds_parse_aes_encrypt_response(
    const uint8_t* response,
    size_t response_len,
    uint8_t nonce[12],      // [out] Nonce generata
    uint8_t tag[16],        // [out] Authentication Tag
    uint8_t* ciphertext,    // [out] Testo cifrato
    size_t* ct_len          // [out] Lunghezza testo cifrato
);
Ritorno Descrizione
0 Successo
>0 Codice stato (vedi Protocollo)
-1 Risposta non valida

wvds_parse_aes_decrypt_response

int wvds_parse_aes_decrypt_response(
    const uint8_t* response,
    size_t response_len,
    uint8_t* plaintext,     // [out] Testo in chiaro decifrato
    size_t* pt_len          // [out] Lunghezza testo in chiaro
);

Ritorno 6 = DECRYPTION_FAILED

I dati sono stati alterati o è stata usata la chiave/AAD errata!

wvds_parse_mldsa_sign_response

int wvds_parse_mldsa_sign_response(
    const uint8_t* response,
    size_t response_len,
    uint8_t* signature,     // [out] Firma (min 4096 byte)
    size_t* sig_len         // [out] Lunghezza firma
);

wvds_parse_mldsa_verify_response

int wvds_parse_mldsa_verify_response(
    const uint8_t* response,
    size_t response_len,
    int* valid              // [out] 1 = valida, 0 = non valida
);

wvds_parse_mlkem_keygen_response

int wvds_parse_mlkem_keygen_response(
    const uint8_t* response,
    size_t response_len,
    uint8_t* public_key,    // [out] Chiave pubblica (min 2048 byte)
    size_t* pk_len          // [out] Lunghezza chiave pubblica
);

wvds_parse_mlkem_encaps_response

int wvds_parse_mlkem_encaps_response(
    const uint8_t* response,
    size_t response_len,
    uint8_t* ciphertext,    // [out] Testo cifrato (min 2048 byte)
    size_t* ct_len,         // [out] Lunghezza testo cifrato
    uint8_t shared_secret[32] // [out] Segreto condiviso
);

wvds_parse_mlkem_decaps_response

int wvds_parse_mlkem_decaps_response(
    const uint8_t* response,
    size_t response_len,
    uint8_t shared_secret[32] // [out] Segreto condiviso
);

Funzioni Utility

wvds_get_error_code

int wvds_get_error_code(
    const uint8_t* response,
    size_t response_len
);

Estrae il codice di stato da qualsiasi risposta.

Ritorno Descrizione
0 Successo
1-9 Codice errore (vedi Protocollo)
-1 Risposta non valida

wvds_error_to_string

const char* wvds_error_to_string(int error_code);
Codice Stringa
0 „Success“
1 „Invalid header“
2 „Invalid request type“
3 „Invalid payload“
4 „Key not found“
5 „Crypto error“
6 „Decryption failed“
7 „Rate limited“
8 „Nonce reuse detected“
9 „Payload too large“

Costanti

// Request Types
#define WVDS_REQ_AES_ENCRYPT    0x01
#define WVDS_REQ_AES_DECRYPT    0x02
#define WVDS_REQ_MLDSA_SIGN     0x10
#define WVDS_REQ_MLDSA_VERIFY   0x11
#define WVDS_REQ_MLKEM_KEYGEN   0x20
#define WVDS_REQ_MLKEM_ENCAPS   0x21
#define WVDS_REQ_MLKEM_DECAPS   0x22
 
// Dimensioni
#define WVDS_AES_NONCE_SIZE     12
#define WVDS_AES_TAG_SIZE       16
#define WVDS_AES_KEY_SIZE       32
#define WVDS_MLDSA65_SIG_SIZE   3293
#define WVDS_MLDSA65_PK_SIZE    1952
#define WVDS_MLKEM768_PK_SIZE   1184
#define WVDS_MLKEM768_CT_SIZE   1088
#define WVDS_SHARED_SECRET_SIZE 32
 
// Limiti
#define WVDS_MAX_PAYLOAD_SIZE   65536
#define WVDS_HEADER_SIZE        8

< Protocollo | Continua: Sicurezza >

Zuletzt geändert: il 29/01/2026 alle 22:00

Seiten-Werkzeuge