Report crypto error cause along with $errno

To represent specific error cause for the crypto operations, this
introduces the $crypto_erorr_cause type, which shall be reported along
with the normal $errno, so that the caller can still handle common
errnos e.g., $errno.nosys in a similar manner to the rest of WASI
hostcalls.

proposals/witx/typenames.witx

@@ -170,6 +170,21 @@
   )
 )
 
+(typename $crypto_error_cause
+  (enum u16
+    ;;; Uknown error cause.
+    $unknown
+    ;;; The specified algorithm is unsupported.
+    $unsupported_algorithm
+    ;;; Signature verification has failed.
+    $verification_failed
+    ;;; The key is invalid for the operation.
+    $invalid_key
+    ;;; The signature is in invalid format.
+    $invalid_signature
+  )
+)
+
 ;;; Handles for encryption and decryption operations.
 (typename $cipher_state_initial (handle))
 (typename $cipher_state_encrypting (handle))

proposals/witx/wasi_ephemeral_crypto.witx

@@ -14,6 +14,7 @@
     ;;; The key for this operation.
     (param $private_key $private_key)
     (result $error $errno)
+    (result $cause $crypto_error_cause)
     ;;; The cipher handle that has been opened.
     (result $new_state $cipher_state_initial)
   )
@@ -27,6 +28,7 @@
     (param $nonce (@witx const_pointer u8))
     (param $nonce_len $size)
     (result $error $errno)
+    (result $cause $crypto_error_cause)
   )
 
   ;;; Set the additional authentication data (AAD). This works only if
@@ -38,6 +40,7 @@
     (param $auth (@witx const_pointer u8))
     (param $auth_len $size)
     (result $error $errno)
+    (result $cause $crypto_error_cause)
   )
 
   ;;; Get the authentication tag generated by the last encryption
@@ -53,6 +56,7 @@
     (param $tag (@witx pointer u8))
     (param $tag_len $size)
     (result $error $errno)
+    (result $cause $crypto_error_cause)
   )
 
   ;;; Set the authentication tag for plaintext authentication. This
@@ -65,12 +69,14 @@
     (param $tag (@witx const_pointer u8))
     (param $tag_len $size)
     (result $error $errno)
+    (result $cause $crypto_error_cause)
   )
 
   ;;; Initiate a series of encryption operations.
   (@interface func (export "cipher_encrypt_begin")
     (param $state $cipher_state_initial)
     (result $error $errno)
+    (result $cause $crypto_error_cause)
     (result $new_state $cipher_state_encrypting)
   )
 
@@ -85,19 +91,22 @@
     (param $ciphertext (@witx pointer u8))
     (param $ciphertext_len $size)
     (result $error $errno)
+    (result $cause $crypto_error_cause)
   )
 
   ;;; Finalize a series of encryption operations.
   (@interface func (export "cipher_encrypt_end")
     (param $state $cipher_state_encrypting)
     (result $error $errno)
+    (result $cause $crypto_error_cause)
     (result $new_state $cipher_state_initial)
   )
 
   ;;; Initiate a series of decryption operations.
   (@interface func (export "cipher_decrypt_begin")
     (param $state $cipher_state_initial)
     (result $error $errno)
+    (result $cause $crypto_error_cause)
     (result $new_state $cipher_state_decrypting)
   )
 
@@ -112,12 +121,14 @@
     (param $plaintext (@witx pointer u8))
     (param $plaintext_len $size)
     (result $error $errno)
+    (result $cause $crypto_error_cause)
   )
 
   ;;; Finalize a series of decryption operations.
   (@interface func (export "cipher_decrypt_end")
     (param $state $cipher_state_decrypted)
     (result $error $errno)
+    (result $cause $crypto_error_cause)
     (result $new_state $cipher_state_initial)
   )
 
@@ -126,6 +137,7 @@
   (@interface func (export "cipher_close")
     (param $state $cipher_state_initial)
     (result $error $errno)
+    (result $cause $crypto_error_cause)
   )
 
   ;;; Create a handle for secure hashing operations.
@@ -136,6 +148,7 @@
     ;;; `SHA3-224`, `SHA3-256`, `SHA3-384`, and `SHA3-512`.
     (param $algorithm string)
     (result $error $errno)
+    (result $cause $crypto_error_cause)
     (result $new_state $hash_state_initial)
   )
 
@@ -147,6 +160,7 @@
     (param $data (@witx const_pointer u8))
     (param $data_len $size)
     (result $error $errno)
+    (result $cause $crypto_error_cause)
   )
 
   ;;; Extract the hash value. This function can be called as many
@@ -164,13 +178,15 @@
     (param $digest (@witx pointer u8))
     (param $digest_len $size)
     (result $error $errno)
+    (result $cause $crypto_error_cause)
   )
 
   ;;; Close a handle for secure hashing operations. The closed handle
   ;;; cannot be used afterwards.
   (@interface func (export "hash_close")
     (param $state $hash_state_initial)
     (result $error $errno)
+    (result $cause $crypto_error_cause)
   )
 
   ;;; Create a handle of signing operation. The operation can be
@@ -184,6 +200,7 @@
     ;;; The key for this operation.
     (param $private_key $private_key)
     (result $error $errno)
+    (result $cause $crypto_error_cause)
     (result $new_state $sign_state_initial)
   )
 
@@ -196,12 +213,14 @@
     (param $nonce (@witx const_pointer u8))
     (param $nonce_len $size)
     (result $error $errno)
+    (result $cause $crypto_error_cause)
   )
 
   ;;; Initiate a series of signing operations.
   (@interface func (export "sign_begin")
     (param $state $sign_state_initial)
     (result $error $errno)
+    (result $cause $crypto_error_cause)
     (result $new_state $sign_state_signing)
   )
 
@@ -213,6 +232,7 @@
     (param $data (@witx const_pointer u8))
     (param $data_len $size)
     (result $error $errno)
+    (result $cause $crypto_error_cause)
   )
 
   ;;; Extract the signature. This function can be called as many times
@@ -228,19 +248,22 @@
     (param $digest (@witx pointer u8))
     (param $digest_len $size)
     (result $error $errno)
+    (result $cause $crypto_error_cause)
   )
 
   ;;; Complete a series of signing operations.
   (@interface func (export "sign_end")
     (param $state $sign_state_signing)
     (result $error $errno)
+    (result $cause $crypto_error_cause)
     (result $new_state $sign_state_initial)
   )
 
   ;;; Close a handle for signing operations.
   (@interface func (export "sign_close")
     (param $state $sign_state_initial)
     (result $error $errno)
+    (result $cause $crypto_error_cause)
   )
 
   ;;; Prepare a handle for private key generation for an
@@ -254,6 +277,7 @@
     ;;; implementation.
     (param $algorithm string)
     (result $error $errno)
+    (result $cause $crypto_error_cause)
     (result $new_state $generate_key_state_initial)
   )
 
@@ -265,6 +289,7 @@
     (param $nonce (@witx const_pointer u8))
     (param $nonce_len $size)
     (result $error $errno)
+    (result $cause $crypto_error_cause)
   )
 
   ;;; Set the input keying material shall be used as a base of the
@@ -274,13 +299,15 @@
     (param $input (@witx const_pointer u8))
     (param $input_len $size)
     (result $error $errno)
+    (result $cause $crypto_error_cause)
   )
 
   ;;; Set the hash algorithm used for the private key generation.
   (@interface func (export "generate_key_set_hash")
     (param $state $generate_key_state_initial)
     (param $hash_state $hash_state_initial)
     (result $error $errno)
+    (result $cause $crypto_error_cause)
   )
 
   ;;; Generate a private key and close the handle for the private key
@@ -289,6 +316,7 @@
   (@interface func (export "generate_key")
     (param $state $generate_key_state_initial)
     (result $error $errno)
+    (result $cause $crypto_error_cause)
     (result $private_key $private_key)
   )
 
@@ -299,6 +327,7 @@
     (param $algorithm string)
     (param $private_key $private_key)
     (result $error $errno)
+    (result $cause $crypto_error_cause)
     (result $new_state $derive_key_state_initial)
   )
 
@@ -311,13 +340,15 @@
     (param $nonce (@witx const_pointer u8))
     (param $nonce_len $size)
     (result $error $errno)
+    (result $cause $crypto_error_cause)
   )
 
   ;;; Set hash algorithm for the key derivation operation.
   (@interface func (export "derive_key_set_hash")
     (param $state $derive_key_state_initial)
     (param $hash_state $hash_state_initial)
     (result $error $errno)
+    (result $cause $crypto_error_cause)
   )
 
   ;;; Derive a secret and close the handle for the key derivation
@@ -331,5 +362,6 @@
     (param $output (@witx pointer u8))
     (param $output_len $size)
     (result $error $errno)
+    (result $cause $crypto_error_cause)
   )
 )