LibAwsCal
Documentation for LibAwsCal.
LibAwsCal.AWS_AES_256_CIPHER_BLOCK_SIZELibAwsCal.AWS_AES_256_KEY_BIT_LENLibAwsCal.AWS_AES_256_KEY_BYTE_LENLibAwsCal.AWS_C_CAL_PACKAGE_IDLibAwsCal.AWS_MD5_LENLibAwsCal.AWS_SHA1_LENLibAwsCal.AWS_SHA256_HMAC_LENLibAwsCal.AWS_SHA256_LENLibAwsCal.__JL_Ctag_76LibAwsCal.aws_aes_cbc_256_new_fnLibAwsCal.aws_aes_ctr_256_new_fnLibAwsCal.aws_aes_gcm_256_new_fnLibAwsCal.aws_aes_keywrap_256_new_fnLibAwsCal.aws_cal_errorsLibAwsCal.aws_cal_log_subjectLibAwsCal.aws_ecc_curve_nameLibAwsCal.aws_ecc_key_pairLibAwsCal.aws_ecc_key_pair_derive_public_key_fnLibAwsCal.aws_ecc_key_pair_destroy_fnLibAwsCal.aws_ecc_key_pair_sign_message_fnLibAwsCal.aws_ecc_key_pair_signature_length_fnLibAwsCal.aws_ecc_key_pair_verify_signature_fnLibAwsCal.aws_ecc_key_pair_vtableLibAwsCal.aws_ed25519_key_export_formatLibAwsCal.aws_ed25519_key_pairLibAwsCal.aws_hashLibAwsCal.aws_hash_new_fnLibAwsCal.aws_hash_vtableLibAwsCal.aws_hmacLibAwsCal.aws_hmac_new_fnLibAwsCal.aws_hmac_vtableLibAwsCal.aws_rsa_encryption_algorithmLibAwsCal.aws_rsa_key_export_formatLibAwsCal.aws_rsa_key_pairLibAwsCal.aws_rsa_signature_algorithmLibAwsCal.aws_symmetric_cipherLibAwsCal.aws_symmetric_cipher_stateLibAwsCal.aws_aes_cbc_256_newLibAwsCal.aws_aes_ctr_256_newLibAwsCal.aws_aes_gcm_256_newLibAwsCal.aws_aes_keywrap_256_newLibAwsCal.aws_cal_library_clean_upLibAwsCal.aws_cal_library_initLibAwsCal.aws_cal_thread_clean_upLibAwsCal.aws_ecc_curve_name_from_oidLibAwsCal.aws_ecc_key_coordinate_byte_size_from_curve_nameLibAwsCal.aws_ecc_key_new_from_hex_coordinatesLibAwsCal.aws_ecc_key_pair_acquireLibAwsCal.aws_ecc_key_pair_derive_public_keyLibAwsCal.aws_ecc_key_pair_get_private_keyLibAwsCal.aws_ecc_key_pair_get_public_keyLibAwsCal.aws_ecc_key_pair_new_from_asn1LibAwsCal.aws_ecc_key_pair_new_from_private_keyLibAwsCal.aws_ecc_key_pair_new_from_public_keyLibAwsCal.aws_ecc_key_pair_new_generate_randomLibAwsCal.aws_ecc_key_pair_releaseLibAwsCal.aws_ecc_key_pair_sign_messageLibAwsCal.aws_ecc_key_pair_signature_lengthLibAwsCal.aws_ecc_key_pair_verify_signatureLibAwsCal.aws_ecc_oid_from_curve_nameLibAwsCal.aws_ed25519_key_pair_acquireLibAwsCal.aws_ed25519_key_pair_get_private_keyLibAwsCal.aws_ed25519_key_pair_get_private_key_sizeLibAwsCal.aws_ed25519_key_pair_get_public_keyLibAwsCal.aws_ed25519_key_pair_get_public_key_sizeLibAwsCal.aws_ed25519_key_pair_new_generateLibAwsCal.aws_ed25519_key_pair_releaseLibAwsCal.aws_hash_destroyLibAwsCal.aws_hash_finalizeLibAwsCal.aws_hash_updateLibAwsCal.aws_hmac_destroyLibAwsCal.aws_hmac_finalizeLibAwsCal.aws_hmac_updateLibAwsCal.aws_md5_computeLibAwsCal.aws_md5_newLibAwsCal.aws_rsa_key_pair_acquireLibAwsCal.aws_rsa_key_pair_block_lengthLibAwsCal.aws_rsa_key_pair_decryptLibAwsCal.aws_rsa_key_pair_encryptLibAwsCal.aws_rsa_key_pair_get_private_keyLibAwsCal.aws_rsa_key_pair_get_public_keyLibAwsCal.aws_rsa_key_pair_max_encrypt_plaintext_sizeLibAwsCal.aws_rsa_key_pair_new_from_private_key_pkcs1LibAwsCal.aws_rsa_key_pair_new_from_public_key_pkcs1LibAwsCal.aws_rsa_key_pair_releaseLibAwsCal.aws_rsa_key_pair_sign_messageLibAwsCal.aws_rsa_key_pair_signature_lengthLibAwsCal.aws_rsa_key_pair_verify_signatureLibAwsCal.aws_set_md5_new_fnLibAwsCal.aws_set_sha1_new_fnLibAwsCal.aws_set_sha256_hmac_new_fnLibAwsCal.aws_set_sha256_new_fnLibAwsCal.aws_sha1_computeLibAwsCal.aws_sha1_newLibAwsCal.aws_sha256_computeLibAwsCal.aws_sha256_hmac_computeLibAwsCal.aws_sha256_hmac_newLibAwsCal.aws_sha256_newLibAwsCal.aws_symmetric_cipher_decryptLibAwsCal.aws_symmetric_cipher_destroyLibAwsCal.aws_symmetric_cipher_encryptLibAwsCal.aws_symmetric_cipher_finalize_decryptionLibAwsCal.aws_symmetric_cipher_finalize_encryptionLibAwsCal.aws_symmetric_cipher_get_initialization_vectorLibAwsCal.aws_symmetric_cipher_get_keyLibAwsCal.aws_symmetric_cipher_get_stateLibAwsCal.aws_symmetric_cipher_get_tagLibAwsCal.aws_symmetric_cipher_is_goodLibAwsCal.aws_symmetric_cipher_resetLibAwsCal.aws_symmetric_cipher_set_tag
LibAwsCal.AWS_AES_256_CIPHER_BLOCK_SIZE — ConstantDocumentation not found.
LibAwsCal.AWS_AES_256_KEY_BIT_LEN — ConstantDocumentation not found.
LibAwsCal.AWS_AES_256_KEY_BYTE_LEN — ConstantDocumentation not found.
LibAwsCal.AWS_C_CAL_PACKAGE_ID — ConstantDocumentation not found.
LibAwsCal.AWS_MD5_LEN — ConstantDocumentation not found.
LibAwsCal.AWS_SHA1_LEN — ConstantDocumentation not found.
LibAwsCal.AWS_SHA256_HMAC_LEN — ConstantDocumentation not found.
LibAwsCal.AWS_SHA256_LEN — ConstantDocumentation not found.
LibAwsCal.__JL_Ctag_76 — Type__JL_Ctag_76Documentation not found.
LibAwsCal.aws_aes_cbc_256_new_fn — TypeDocumentation not found.
LibAwsCal.aws_aes_ctr_256_new_fn — TypeDocumentation not found.
LibAwsCal.aws_aes_gcm_256_new_fn — TypeDocumentation not found.
LibAwsCal.aws_aes_keywrap_256_new_fn — TypeDocumentation not found.
LibAwsCal.aws_cal_errors — Typeaws_cal_errorsDocumentation not found.
LibAwsCal.aws_cal_log_subject — Typeaws_cal_log_subjectDocumentation not found.
LibAwsCal.aws_ecc_curve_name — Typeaws_ecc_curve_nameDocumentation not found.
LibAwsCal.aws_ecc_key_pair — Typeaws_ecc_key_pairDocumentation not found.
LibAwsCal.aws_ecc_key_pair_derive_public_key_fn — TypeDocumentation not found.
LibAwsCal.aws_ecc_key_pair_destroy_fn — TypeDocumentation not found.
LibAwsCal.aws_ecc_key_pair_sign_message_fn — TypeDocumentation not found.
LibAwsCal.aws_ecc_key_pair_signature_length_fn — TypeDocumentation not found.
LibAwsCal.aws_ecc_key_pair_verify_signature_fn — TypeDocumentation not found.
LibAwsCal.aws_ecc_key_pair_vtable — Typeaws_ecc_key_pair_vtableDocumentation not found.
LibAwsCal.aws_ed25519_key_export_format — Typeaws_ed25519_key_export_formatDocumentation not found.
LibAwsCal.aws_ed25519_key_pair — TypeDocumentation not found.
LibAwsCal.aws_hash — Typeaws_hashDocumentation not found.
LibAwsCal.aws_hash_new_fn — TypeDocumentation not found.
LibAwsCal.aws_hash_vtable — Typeaws_hash_vtableDocumentation not found.
LibAwsCal.aws_hmac — Typeaws_hmacDocumentation not found.
LibAwsCal.aws_hmac_new_fn — TypeDocumentation not found.
LibAwsCal.aws_hmac_vtable — Typeaws_hmac_vtableDocumentation not found.
LibAwsCal.aws_rsa_encryption_algorithm — Typeaws_rsa_encryption_algorithmDocumentation not found.
LibAwsCal.aws_rsa_key_export_format — Typeaws_rsa_key_export_formatDocumentation not found.
LibAwsCal.aws_rsa_key_pair — TypeDocumentation not found.
LibAwsCal.aws_rsa_signature_algorithm — Typeaws_rsa_signature_algorithmDocumentation not found.
LibAwsCal.aws_symmetric_cipher — TypeDocumentation not found.
LibAwsCal.aws_symmetric_cipher_state — Typeaws_symmetric_cipher_stateDocumentation not found.
LibAwsCal.aws_aes_cbc_256_new — Methodaws_aes_cbc_256_new(allocator, key, iv)Creates an instance of AES CBC with 256-bit key. If key and iv are NULL, they will be generated internally. You can get the generated key and iv back by calling:
aws_symmetric_cipher_get_key() and aws_symmetric_cipher_get_initialization_vector()
respectively.
If they are set, that key and iv will be copied internally and used by the cipher.
Returns NULL on failure. You can check aws_last_error() to get the error code indicating the failure cause.
Prototype
struct aws_symmetric_cipher *aws_aes_cbc_256_new( struct aws_allocator *allocator, const struct aws_byte_cursor *key, const struct aws_byte_cursor *iv);LibAwsCal.aws_aes_ctr_256_new — Methodaws_aes_ctr_256_new(allocator, key, iv)Creates an instance of AES CTR with 256-bit key. If key and iv are NULL, they will be generated internally. You can get the generated key and iv back by calling:
aws_symmetric_cipher_get_key() and aws_symmetric_cipher_get_initialization_vector()
respectively.
If they are set, that key and iv will be copied internally and used by the cipher.
Returns NULL on failure. You can check aws_last_error() to get the error code indicating the failure cause.
Prototype
struct aws_symmetric_cipher *aws_aes_ctr_256_new( struct aws_allocator *allocator, const struct aws_byte_cursor *key, const struct aws_byte_cursor *iv);LibAwsCal.aws_aes_gcm_256_new — Methodaws_aes_gcm_256_new(allocator, key, iv, aad)Creates an instance of AES GCM with 256-bit key. If key, iv are NULL, they will be generated internally. You can get the generated key and iv back by calling:
aws_symmetric_cipher_get_key() and aws_symmetric_cipher_get_initialization_vector()
respectively.
If aad is set it will be copied and applied to the cipher.
If they are set, that key and iv will be copied internally and used by the cipher.
For decryption purposes tag can be provided via aws_symmetric_cipher_set_tag method. Note: for decrypt operations, tag must be provided before first decrypt is called. (this is a windows bcrypt limitations, but for consistency sake same limitation is extended to other platforms) Tag generated during encryption can be retrieved using aws_symmetric_cipher_get_tag method after finalize is called.
Returns NULL on failure. You can check aws_last_error() to get the error code indicating the failure cause.
Prototype
struct aws_symmetric_cipher *aws_aes_gcm_256_new( struct aws_allocator *allocator, const struct aws_byte_cursor *key, const struct aws_byte_cursor *iv, const struct aws_byte_cursor *aad);LibAwsCal.aws_aes_keywrap_256_new — Methodaws_aes_keywrap_256_new(allocator, key)Creates an instance of AES Keywrap with 256-bit key. If key is NULL, it will be generated internally. You can get the generated key back by calling:
aws_symmetric_cipher_get_key()
If key is set, that key will be copied internally and used by the cipher.
Returns NULL on failure. You can check aws_last_error() to get the error code indicating the failure cause.
Prototype
struct aws_symmetric_cipher *aws_aes_keywrap_256_new( struct aws_allocator *allocator, const struct aws_byte_cursor *key);LibAwsCal.aws_cal_library_clean_up — Methodaws_cal_library_clean_up()Documentation not found.
Prototype
void aws_cal_library_clean_up(void);LibAwsCal.aws_cal_library_init — Methodaws_cal_library_init(allocator)Documentation not found.
Prototype
void aws_cal_library_init(struct aws_allocator *allocator);LibAwsCal.aws_cal_thread_clean_up — Methodaws_cal_thread_clean_up()Documentation not found.
Prototype
void aws_cal_thread_clean_up(void);LibAwsCal.aws_ecc_curve_name_from_oid — Methodaws_ecc_curve_name_from_oid(oid, curve_name)Get the curve name from the oid. OID here is the payload of the DER encoded ASN.1 part (doesn't include type specifier or length. On success, the value of curve_name will be set.
Prototype
int aws_ecc_curve_name_from_oid(struct aws_byte_cursor *oid, enum aws_ecc_curve_name *curve_name);LibAwsCal.aws_ecc_key_coordinate_byte_size_from_curve_name — Methodaws_ecc_key_coordinate_byte_size_from_curve_name(curve_name)Documentation not found.
Prototype
size_t aws_ecc_key_coordinate_byte_size_from_curve_name(enum aws_ecc_curve_name curve_name);LibAwsCal.aws_ecc_key_new_from_hex_coordinates — Methodaws_ecc_key_new_from_hex_coordinates(allocator, curve_name, pub_x_hex_cursor, pub_y_hex_cursor)Creates an Elliptic curve public key from x and y coordinates encoded as hex strings Returns a new instance of aws_ecc_key_pair if the key was successfully built. Otherwise returns NULL.
Prototype
struct aws_ecc_key_pair *aws_ecc_key_new_from_hex_coordinates( struct aws_allocator *allocator, enum aws_ecc_curve_name curve_name, struct aws_byte_cursor pub_x_hex_cursor, struct aws_byte_cursor pub_y_hex_cursor);LibAwsCal.aws_ecc_key_pair_acquire — Methodaws_ecc_key_pair_acquire(key_pair)Adds one to an ecc key pair's ref count.
Prototype
void aws_ecc_key_pair_acquire(struct aws_ecc_key_pair *key_pair);LibAwsCal.aws_ecc_key_pair_derive_public_key — Methodaws_ecc_key_pair_derive_public_key(key_pair)Derives a public key from the private key if supported by this operating system (not supported on OSX). key_pair::pub_x and key_pair::pub_y will be set with the raw key buffers.
Prototype
int aws_ecc_key_pair_derive_public_key(struct aws_ecc_key_pair *key_pair);LibAwsCal.aws_ecc_key_pair_get_private_key — Methodaws_ecc_key_pair_get_private_key(key_pair, private_d)Documentation not found.
Prototype
void aws_ecc_key_pair_get_private_key( const struct aws_ecc_key_pair *key_pair, struct aws_byte_cursor *private_d);LibAwsCal.aws_ecc_key_pair_get_public_key — Methodaws_ecc_key_pair_get_public_key(key_pair, pub_x, pub_y)Documentation not found.
Prototype
void aws_ecc_key_pair_get_public_key( const struct aws_ecc_key_pair *key_pair, struct aws_byte_cursor *pub_x, struct aws_byte_cursor *pub_y);LibAwsCal.aws_ecc_key_pair_new_from_asn1 — Methodaws_ecc_key_pair_new_from_asn1(allocator, encoded_keys)Creates an Elliptic Curve public/private key pair from a DER encoded key pair. Returns a new instance of aws_ecc_key_pair if the key was successfully built. Otherwise returns NULL. Whether or not signing or verification can be perform depends on if encoded_keys is a public/private pair or a public key.
Prototype
struct aws_ecc_key_pair *aws_ecc_key_pair_new_from_asn1( struct aws_allocator *allocator, const struct aws_byte_cursor *encoded_keys);LibAwsCal.aws_ecc_key_pair_new_from_private_key — Methodaws_ecc_key_pair_new_from_private_key(allocator, curve_name, priv_key)Creates an Elliptic Curve private key that can be used for signing. Returns a new instance of aws_ecc_key_pair if the key was successfully built. Otherwise returns NULL. Note: priv_key::len must match the appropriate length for the selected curve_name.
Prototype
struct aws_ecc_key_pair *aws_ecc_key_pair_new_from_private_key( struct aws_allocator *allocator, enum aws_ecc_curve_name curve_name, const struct aws_byte_cursor *priv_key);LibAwsCal.aws_ecc_key_pair_new_from_public_key — Methodaws_ecc_key_pair_new_from_public_key(allocator, curve_name, public_key_x, public_key_y)Creates an Elliptic Curve public key that can be used for verifying. Returns a new instance of aws_ecc_key_pair if the key was successfully built. Otherwise returns NULL. Note: public_key_x::len and public_key_y::len must match the appropriate length for the selected curve_name.
Prototype
struct aws_ecc_key_pair *aws_ecc_key_pair_new_from_public_key( struct aws_allocator *allocator, enum aws_ecc_curve_name curve_name, const struct aws_byte_cursor *public_key_x, const struct aws_byte_cursor *public_key_y);LibAwsCal.aws_ecc_key_pair_new_generate_random — Methodaws_ecc_key_pair_new_generate_random(allocator, curve_name)Creates an Elliptic Curve public/private key pair that can be used for signing and verifying. Returns a new instance of aws_ecc_key_pair if the key was successfully built. Otherwise returns NULL. Note: On Apple platforms this function is only supported on MacOS. This is due to usage of SecItemExport, which is only available on MacOS 10.7+ (yes, MacOS only and no other Apple platforms). There are alternatives for ios and other platforms, but they are ugly to use. Hence for now it only supports this call on MacOS.
Prototype
struct aws_ecc_key_pair *aws_ecc_key_pair_new_generate_random( struct aws_allocator *allocator, enum aws_ecc_curve_name curve_name);LibAwsCal.aws_ecc_key_pair_release — Methodaws_ecc_key_pair_release(key_pair)Subtracts one from an ecc key pair's ref count. If ref count reaches zero, the key pair is destroyed.
Prototype
void aws_ecc_key_pair_release(struct aws_ecc_key_pair *key_pair);LibAwsCal.aws_ecc_key_pair_sign_message — Methodaws_ecc_key_pair_sign_message(key_pair, message, signature)Uses the key_pair's private key to sign message. The output will be in signature. Signature must be large enough to hold the signature. Check aws_ecc_key_pair_signature_length() for the appropriate size. Signature will be DER encoded.
It is the callers job to make sure message is the appropriate cryptographic digest for this operation. It's usually something like a SHA256.
Prototype
int aws_ecc_key_pair_sign_message( const struct aws_ecc_key_pair *key_pair, const struct aws_byte_cursor *message, struct aws_byte_buf *signature);LibAwsCal.aws_ecc_key_pair_signature_length — Methodaws_ecc_key_pair_signature_length(key_pair)Documentation not found.
Prototype
size_t aws_ecc_key_pair_signature_length(const struct aws_ecc_key_pair *key_pair);LibAwsCal.aws_ecc_key_pair_verify_signature — Methodaws_ecc_key_pair_verify_signature(key_pair, message, signature)Uses the key_pair's public key to verify signature of message. Signature should be DER encoded.
It is the callers job to make sure message is the appropriate cryptographic digest for this operation. It's usually something like a SHA256.
returns AWS_OP_SUCCESS if the signature is valid.
Prototype
int aws_ecc_key_pair_verify_signature( const struct aws_ecc_key_pair *key_pair, const struct aws_byte_cursor *message, const struct aws_byte_cursor *signature);LibAwsCal.aws_ecc_oid_from_curve_name — Methodaws_ecc_oid_from_curve_name(curve_name, oid)Get the DER encoded OID from the curve_name. The OID in this case will not contain the type or the length specifier.
Prototype
int aws_ecc_oid_from_curve_name(enum aws_ecc_curve_name curve_name, struct aws_byte_cursor *oid);LibAwsCal.aws_ed25519_key_pair_acquire — Methodaws_ed25519_key_pair_acquire(key_pair)Adds one to an Ed25519 key pair's ref count. Returns key_pair pointer.
Prototype
struct aws_ed25519_key_pair *aws_ed25519_key_pair_acquire(struct aws_ed25519_key_pair *key_pair);LibAwsCal.aws_ed25519_key_pair_get_private_key — Methodaws_ed25519_key_pair_get_private_key(key_pair, format, out)Documentation not found.
Prototype
int aws_ed25519_key_pair_get_private_key( const struct aws_ed25519_key_pair *key_pair, enum aws_ed25519_key_export_format format, struct aws_byte_buf *out);LibAwsCal.aws_ed25519_key_pair_get_private_key_size — Methodaws_ed25519_key_pair_get_private_key_size(format)Gets the size of the exported private key.
Prototype
size_t aws_ed25519_key_pair_get_private_key_size(enum aws_ed25519_key_export_format format);LibAwsCal.aws_ed25519_key_pair_get_public_key — Methodaws_ed25519_key_pair_get_public_key(key_pair, format, out)Documentation not found.
Prototype
int aws_ed25519_key_pair_get_public_key( const struct aws_ed25519_key_pair *key_pair, enum aws_ed25519_key_export_format format, struct aws_byte_buf *out);LibAwsCal.aws_ed25519_key_pair_get_public_key_size — Methodaws_ed25519_key_pair_get_public_key_size(format)Gets the size of the exported public key.
Prototype
size_t aws_ed25519_key_pair_get_public_key_size(enum aws_ed25519_key_export_format format);LibAwsCal.aws_ed25519_key_pair_new_generate — Methodaws_ed25519_key_pair_new_generate(allocator)Generate new Ed25519 key. Returns a new instance of aws_ed25519_key_pair if the key was successfully generated. Otherwise returns NULL. Note: keygen is not supported on all platforms and will return NULL for the key and raise AWS_ERROR_CAL_UNSUPPORTED_ALGORITHM. Examples of unsupported cases: - openssl pre 1.1.1 (Note: aws-lc and boringssl both expose the needed functions) - win/mac builds without special flag that forces linking to libcrypto to support this
Prototype
struct aws_ed25519_key_pair *aws_ed25519_key_pair_new_generate(struct aws_allocator *allocator);LibAwsCal.aws_ed25519_key_pair_release — Methodaws_ed25519_key_pair_release(key_pair)Subtracts one from an Ed25519 key pair's ref count. If ref count reaches zero, the key pair is destroyed. Always returns NULL.
Prototype
struct aws_ed25519_key_pair *aws_ed25519_key_pair_release(struct aws_ed25519_key_pair *key_pair);LibAwsCal.aws_hash_destroy — Methodaws_hash_destroy(hash)Cleans up and deallocates hash.
Prototype
void aws_hash_destroy(struct aws_hash *hash);LibAwsCal.aws_hash_finalize — Methodaws_hash_finalize(hash, output, truncate_to)Completes the hash computation and writes the final digest to output. Allocation of output is the caller's responsibility. If you specify truncate_to to something other than 0, the output will be truncated to that number of bytes. For example, if you want a SHA256 digest as the first 16 bytes, set truncate_to to 16. If you want the full digest size, just set this to 0.
Prototype
int aws_hash_finalize(struct aws_hash *hash, struct aws_byte_buf *output, size_t truncate_to);LibAwsCal.aws_hash_update — Methodaws_hash_update(hash, to_hash)Updates the running hash with to_hash. this can be called multiple times.
Prototype
int aws_hash_update(struct aws_hash *hash, const struct aws_byte_cursor *to_hash);LibAwsCal.aws_hmac_destroy — Methodaws_hmac_destroy(hmac)Cleans up and deallocates hmac.
Prototype
void aws_hmac_destroy(struct aws_hmac *hmac);LibAwsCal.aws_hmac_finalize — Methodaws_hmac_finalize(hmac, output, truncate_to)Completes the hmac computation and writes the final digest to output. Allocation of output is the caller's responsibility. If you specify truncate_to to something other than 0, the output will be truncated to that number of bytes. For example if you want a SHA256 digest as the first 16 bytes, set truncate_to to 16. If you want the full digest size, just set this to 0.
Prototype
int aws_hmac_finalize(struct aws_hmac *hmac, struct aws_byte_buf *output, size_t truncate_to);LibAwsCal.aws_hmac_update — Methodaws_hmac_update(hmac, to_hmac)Updates the running hmac with to_hash. this can be called multiple times.
Prototype
int aws_hmac_update(struct aws_hmac *hmac, const struct aws_byte_cursor *to_hmac);LibAwsCal.aws_md5_compute — Methodaws_md5_compute(allocator, input, output, truncate_to)Computes the md5 hash over input and writes the digest output to 'output'. Use this if you don't need to stream the data you're hashing and you can load the entire input to hash into memory.
Prototype
int aws_md5_compute( struct aws_allocator *allocator, const struct aws_byte_cursor *input, struct aws_byte_buf *output, size_t truncate_to);LibAwsCal.aws_md5_new — Methodaws_md5_new(allocator)Allocates and initializes an md5 hash instance.
Prototype
struct aws_hash *aws_md5_new(struct aws_allocator *allocator);LibAwsCal.aws_rsa_key_pair_acquire — Methodaws_rsa_key_pair_acquire(key_pair)Adds one to an RSA key pair's ref count. Returns key_pair pointer.
Prototype
struct aws_rsa_key_pair *aws_rsa_key_pair_acquire(struct aws_rsa_key_pair *key_pair);LibAwsCal.aws_rsa_key_pair_block_length — Methodaws_rsa_key_pair_block_length(key_pair)Documentation not found.
Prototype
size_t aws_rsa_key_pair_block_length(const struct aws_rsa_key_pair *key_pair);LibAwsCal.aws_rsa_key_pair_decrypt — Methodaws_rsa_key_pair_decrypt(key_pair, algorithm, ciphertext, out)Documentation not found.
Prototype
int aws_rsa_key_pair_decrypt( const struct aws_rsa_key_pair *key_pair, enum aws_rsa_encryption_algorithm algorithm, struct aws_byte_cursor ciphertext, struct aws_byte_buf *out);LibAwsCal.aws_rsa_key_pair_encrypt — Methodaws_rsa_key_pair_encrypt(key_pair, algorithm, plaintext, out)Documentation not found.
Prototype
int aws_rsa_key_pair_encrypt( const struct aws_rsa_key_pair *key_pair, enum aws_rsa_encryption_algorithm algorithm, struct aws_byte_cursor plaintext, struct aws_byte_buf *out);LibAwsCal.aws_rsa_key_pair_get_private_key — Methodaws_rsa_key_pair_get_private_key(key_pair, format, out)Documentation not found.
Prototype
int aws_rsa_key_pair_get_private_key( const struct aws_rsa_key_pair *key_pair, enum aws_rsa_key_export_format format, struct aws_byte_buf *out);LibAwsCal.aws_rsa_key_pair_get_public_key — Methodaws_rsa_key_pair_get_public_key(key_pair, format, out)Documentation not found.
Prototype
int aws_rsa_key_pair_get_public_key( const struct aws_rsa_key_pair *key_pair, enum aws_rsa_key_export_format format, struct aws_byte_buf *out);LibAwsCal.aws_rsa_key_pair_max_encrypt_plaintext_size — Methodaws_rsa_key_pair_max_encrypt_plaintext_size(key_pair, algorithm)Max plaintext size that can be encrypted by the key (i.e. max data size supported by the key - bytes needed for padding).
Prototype
size_t aws_rsa_key_pair_max_encrypt_plaintext_size( const struct aws_rsa_key_pair *key_pair, enum aws_rsa_encryption_algorithm algorithm);LibAwsCal.aws_rsa_key_pair_new_from_private_key_pkcs1 — Methodaws_rsa_key_pair_new_from_private_key_pkcs1(allocator, key)Creates an RSA private key from RSAPrivateKey as defined in rfc 8017 (aka PKCS1). Returns a new instance of aws_rsa_key_pair if the key was successfully built. Otherwise returns NULL.
Prototype
struct aws_rsa_key_pair *aws_rsa_key_pair_new_from_private_key_pkcs1( struct aws_allocator *allocator, struct aws_byte_cursor key);LibAwsCal.aws_rsa_key_pair_new_from_public_key_pkcs1 — Methodaws_rsa_key_pair_new_from_public_key_pkcs1(allocator, key)Creates an RSA public key from RSAPublicKey as defined in rfc 8017 (aka PKCS1). Returns a new instance of aws_rsa_key_pair if the key was successfully built. Otherwise returns NULL.
Prototype
struct aws_rsa_key_pair *aws_rsa_key_pair_new_from_public_key_pkcs1( struct aws_allocator *allocator, struct aws_byte_cursor key);LibAwsCal.aws_rsa_key_pair_release — Methodaws_rsa_key_pair_release(key_pair)Subtracts one from an RSA key pair's ref count. If ref count reaches zero, the key pair is destroyed. Always returns NULL.
Prototype
struct aws_rsa_key_pair *aws_rsa_key_pair_release(struct aws_rsa_key_pair *key_pair);LibAwsCal.aws_rsa_key_pair_sign_message — Methodaws_rsa_key_pair_sign_message(key_pair, algorithm, digest, out)Uses the key_pair's private key to sign message. The output will be in out. out must be large enough to hold the signature. Check aws_rsa_key_pair_signature_length() for the appropriate size.
It is the callers job to make sure message is the appropriate cryptographic digest for this operation. It's usually something like a SHA256.
Prototype
int aws_rsa_key_pair_sign_message( const struct aws_rsa_key_pair *key_pair, enum aws_rsa_signature_algorithm algorithm, struct aws_byte_cursor digest, struct aws_byte_buf *out);LibAwsCal.aws_rsa_key_pair_signature_length — Methodaws_rsa_key_pair_signature_length(key_pair)Documentation not found.
Prototype
size_t aws_rsa_key_pair_signature_length(const struct aws_rsa_key_pair *key_pair);LibAwsCal.aws_rsa_key_pair_verify_signature — Methodaws_rsa_key_pair_verify_signature(key_pair, algorithm, digest, signature)Uses the key_pair's public key to verify signature of message.
It is the callers job to make sure message is the appropriate cryptographic digest for this operation. It's usually something like a SHA256.
returns AWS_OP_SUCCESS if the signature is valid. raises AWS_ERROR_CAL_SIGNATURE_VALIDATION_FAILED if signature validation failed
Prototype
int aws_rsa_key_pair_verify_signature( const struct aws_rsa_key_pair *key_pair, enum aws_rsa_signature_algorithm algorithm, struct aws_byte_cursor digest, struct aws_byte_cursor signature);LibAwsCal.aws_set_md5_new_fn — Methodaws_set_md5_new_fn(fn)Set the implementation of md5 to use. If you compiled without BYO_CRYPTO, you do not need to call this. However, if use this, we will honor it, regardless of compile options. This may be useful for testing purposes. If you did set BYO_CRYPTO, and you do not call this function you will segfault.
Prototype
void aws_set_md5_new_fn(aws_hash_new_fn *fn);LibAwsCal.aws_set_sha1_new_fn — Methodaws_set_sha1_new_fn(fn)Set the implementation of sha1 to use. If you compiled without BYO_CRYPTO, you do not need to call this. However, if use this, we will honor it, regardless of compile options. This may be useful for testing purposes. If you did set BYO_CRYPTO, and you do not call this function you will segfault.
Prototype
void aws_set_sha1_new_fn(aws_hash_new_fn *fn);LibAwsCal.aws_set_sha256_hmac_new_fn — Methodaws_set_sha256_hmac_new_fn(fn)Set the implementation of sha256 hmac to use. If you compiled without BYO_CRYPTO, you do not need to call this. However, if use this, we will honor it, regardless of compile options. This may be useful for testing purposes. If you did set BYO_CRYPTO, and you do not call this function you will segfault.
Prototype
void aws_set_sha256_hmac_new_fn(aws_hmac_new_fn *fn);LibAwsCal.aws_set_sha256_new_fn — Methodaws_set_sha256_new_fn(fn)Set the implementation of sha256 to use. If you compiled without BYO_CRYPTO, you do not need to call this. However, if use this, we will honor it, regardless of compile options. This may be useful for testing purposes. If you did set BYO_CRYPTO, and you do not call this function you will segfault.
Prototype
void aws_set_sha256_new_fn(aws_hash_new_fn *fn);LibAwsCal.aws_sha1_compute — Methodaws_sha1_compute(allocator, input, output, truncate_to)Computes the sha1 hash over input and writes the digest output to 'output'. Use this if you don't need to stream the data you're hashing and you can load the entire input to hash into memory. If you specify truncate_to to something other than 0, the output will be truncated to that number of bytes. For example, if you want a SHA1 digest as the first 16 bytes, set truncate_to to 16. If you want the full digest size, just set this to 0.
Prototype
int aws_sha1_compute( struct aws_allocator *allocator, const struct aws_byte_cursor *input, struct aws_byte_buf *output, size_t truncate_to);LibAwsCal.aws_sha1_new — Methodaws_sha1_new(allocator)Allocates and initializes a sha1 hash instance.
Prototype
struct aws_hash *aws_sha1_new(struct aws_allocator *allocator);LibAwsCal.aws_sha256_compute — Methodaws_sha256_compute(allocator, input, output, truncate_to)Computes the sha256 hash over input and writes the digest output to 'output'. Use this if you don't need to stream the data you're hashing and you can load the entire input to hash into memory. If you specify truncate_to to something other than 0, the output will be truncated to that number of bytes. For example, if you want a SHA256 digest as the first 16 bytes, set truncate_to to 16. If you want the full digest size, just set this to 0.
Prototype
int aws_sha256_compute( struct aws_allocator *allocator, const struct aws_byte_cursor *input, struct aws_byte_buf *output, size_t truncate_to);LibAwsCal.aws_sha256_hmac_compute — Methodaws_sha256_hmac_compute(allocator, secret, to_hmac, output, truncate_to)Computes the sha256 hmac over input and writes the digest output to 'output'. Use this if you don't need to stream the data you're hashing and you can load the entire input to hash into memory. If you specify truncate_to to something other than 0, the output will be truncated to that number of bytes. For example if you want a SHA256 HMAC digest as the first 16 bytes, set truncate_to to 16. If you want the full digest size, just set this to 0.
Prototype
int aws_sha256_hmac_compute( struct aws_allocator *allocator, const struct aws_byte_cursor *secret, const struct aws_byte_cursor *to_hmac, struct aws_byte_buf *output, size_t truncate_to);LibAwsCal.aws_sha256_hmac_new — Methodaws_sha256_hmac_new(allocator, secret)Allocates and initializes a sha256 hmac instance. Secret is the key to be used for the hmac process.
Prototype
struct aws_hmac *aws_sha256_hmac_new(struct aws_allocator *allocator, const struct aws_byte_cursor *secret);LibAwsCal.aws_sha256_new — Methodaws_sha256_new(allocator)Allocates and initializes a sha256 hash instance.
Prototype
struct aws_hash *aws_sha256_new(struct aws_allocator *allocator);LibAwsCal.aws_symmetric_cipher_decrypt — Methodaws_symmetric_cipher_decrypt(cipher, to_decrypt, out)Decrypts the value in to_decrypt and writes the decrypted data into out. If out is dynamic it will be expanded. If it is not, and out is not large enough to handle the decrypted output, the call will fail. If you're trying to optimize to use a stack based array or something, make sure it's at least as large as the size of to_decrypt + an extra BLOCK to account for padding etc...
returns AWS_OP_SUCCESS on success. Call aws_last_error() to determine the failure cause if it returns AWS_OP_ERR;
Prototype
int aws_symmetric_cipher_decrypt( struct aws_symmetric_cipher *cipher, struct aws_byte_cursor to_decrypt, struct aws_byte_buf *out);LibAwsCal.aws_symmetric_cipher_destroy — Methodaws_symmetric_cipher_destroy(cipher)Cleans up internal resources and state for cipher and then deallocates it.
Prototype
void aws_symmetric_cipher_destroy(struct aws_symmetric_cipher *cipher);LibAwsCal.aws_symmetric_cipher_encrypt — Methodaws_symmetric_cipher_encrypt(cipher, to_encrypt, out)Encrypts the value in to_encrypt and writes the encrypted data into out. If out is dynamic it will be expanded. If it is not, and out is not large enough to handle the encrypted output, the call will fail. If you're trying to optimize to use a stack based array or something, make sure it's at least as large as the size of to_encrypt + an extra BLOCK to account for padding etc...
returns AWS_OP_SUCCESS on success. Call aws_last_error() to determine the failure cause if it returns AWS_OP_ERR;
Prototype
int aws_symmetric_cipher_encrypt( struct aws_symmetric_cipher *cipher, struct aws_byte_cursor to_encrypt, struct aws_byte_buf *out);LibAwsCal.aws_symmetric_cipher_finalize_decryption — Methodaws_symmetric_cipher_finalize_decryption(cipher, out)Decrypts any remaining data that was reserved for final padding, loads GMACs etc... and if there is any writes any remaining decrypted data to out. If out is dynamic it will be expanded. If it is not, and out is not large enough to handle the decrypted output, the call will fail. If you're trying to optimize to use a stack based array or something, make sure it's at least as large as the size of 2 BLOCKs to account for padding etc...
After invoking this function, you MUST call aws_symmetric_cipher_reset() before invoking any encrypt/decrypt operations on this cipher again.
returns AWS_OP_SUCCESS on success. Call aws_last_error() to determine the failure cause if it returns AWS_OP_ERR;
Prototype
int aws_symmetric_cipher_finalize_decryption(struct aws_symmetric_cipher *cipher, struct aws_byte_buf *out);LibAwsCal.aws_symmetric_cipher_finalize_encryption — Methodaws_symmetric_cipher_finalize_encryption(cipher, out)Encrypts any remaining data that was reserved for final padding, loads GMACs etc... and if there is any writes any remaining encrypted data to out. If out is dynamic it will be expanded. If it is not, and out is not large enough to handle the decrypted output, the call will fail. If you're trying to optimize to use a stack based array or something, make sure it's at least as large as the size of 2 BLOCKs to account for padding etc...
After invoking this function, you MUST call aws_symmetric_cipher_reset() before invoking any encrypt/decrypt operations on this cipher again.
returns AWS_OP_SUCCESS on success. Call aws_last_error() to determine the failure cause if it returns AWS_OP_ERR;
Prototype
int aws_symmetric_cipher_finalize_encryption(struct aws_symmetric_cipher *cipher, struct aws_byte_buf *out);LibAwsCal.aws_symmetric_cipher_get_initialization_vector — Methodaws_symmetric_cipher_get_initialization_vector(cipher)Gets the original initialization vector as a cursor. The memory in this cursor is unsafe as it refers to the internal buffer. This was done because the use case doesn't require fetching these during an encryption or decryption operation and it dramatically simplifies the API.
Unlike some other fields, this value does not change after the inital construction of the cipher.
For some algorithms, such as AES Keywrap, this will return an empty cursor.
Prototype
struct aws_byte_cursor aws_symmetric_cipher_get_initialization_vector( const struct aws_symmetric_cipher *cipher);LibAwsCal.aws_symmetric_cipher_get_key — Methodaws_symmetric_cipher_get_key(cipher)Gets the original key.
The memory in this cursor is unsafe as it refers to the internal buffer. This was done because the use case doesn't require fetching these during an encryption or decryption operation and it dramatically simplifies the API.
Unlike some other fields, this value does not change after the inital construction of the cipher.
Prototype
struct aws_byte_cursor aws_symmetric_cipher_get_key(const struct aws_symmetric_cipher *cipher);LibAwsCal.aws_symmetric_cipher_get_state — Methodaws_symmetric_cipher_get_state(cipher)Retuns the current state of the cipher. Ther state of the cipher can be ready for use, finalized, or has encountered an error. if the cipher is in a finished or error state, it must be reset before further use.
Prototype
enum aws_symmetric_cipher_state aws_symmetric_cipher_get_state(const struct aws_symmetric_cipher *cipher);LibAwsCal.aws_symmetric_cipher_get_tag — Methodaws_symmetric_cipher_get_tag(cipher)Gets the current GMAC tag. If not AES GCM, this function will just return an empty cursor. The memory in this cursor is unsafe as it refers to the internal buffer. This was done because the use case doesn't require fetching these during an encryption or decryption operation and it dramatically simplifies the API. Only use this function between other calls to this API as any function call can alter the value of this tag.
If you need to access it in a different pattern, copy the values to your own buffer first.
Prototype
struct aws_byte_cursor aws_symmetric_cipher_get_tag(const struct aws_symmetric_cipher *cipher);LibAwsCal.aws_symmetric_cipher_is_good — Methodaws_symmetric_cipher_is_good(cipher)Returns true if the state of the cipher is good, and otherwise returns false. Most operations, other than aws_symmetric_cipher_reset() will fail if this function is returning false. aws_symmetric_cipher_reset() will reset the state to a good state if possible.
Prototype
bool aws_symmetric_cipher_is_good(const struct aws_symmetric_cipher *cipher);LibAwsCal.aws_symmetric_cipher_reset — Methodaws_symmetric_cipher_reset(cipher)Resets the cipher state for starting a new encrypt or decrypt operation. Note encrypt/decrypt cannot be mixed on the same cipher without a call to reset in between them. However, this leaves the key, iv etc... materials setup for immediate reuse. Note: GCM tag is not preserved between operations. If you intend to do encrypt followed directly by decrypt, make sure to make a copy of tag before reseting the cipher and pass that copy for decryption.
Warning: In most cases it's a really bad idea to reset a cipher and perform another operation using that cipher. Key and IV should not be reused for different operations. Instead of reseting the cipher, destroy the cipher and create new one with a new key/iv pair. Use reset at your own risk, and only after careful consideration.
returns AWS_OP_SUCCESS on success. Call aws_last_error() to determine the failure cause if it returns AWS_OP_ERR;
Prototype
int aws_symmetric_cipher_reset(struct aws_symmetric_cipher *cipher);LibAwsCal.aws_symmetric_cipher_set_tag — Methodaws_symmetric_cipher_set_tag(cipher, tag)Sets the GMAC tag on the cipher. Does nothing for ciphers that do not support tag.
Prototype
void aws_symmetric_cipher_set_tag(struct aws_symmetric_cipher *cipher, struct aws_byte_cursor tag);