Crate freebird_crypto 

Cryptographic primitives for Freebird

This module provides high-level APIs for VOPRF operations using the internal P-256 implementation in voprf/.

Memory Zeroization Security

Freebird implements comprehensive memory zeroization to protect cryptographic key material from memory dumps, cold boot attacks, and other extraction methods.

Automatic Zeroization

• Scalar values (blinding factors, secret keys): The Scalar type from RustCrypto’s elliptic-curve crate implements DefaultIsZeroes, ensuring automatic memory zeroization when dropped. This applies to:

  • VOPRF blinding factors (r in BlindState)
  • DLEQ proof ephemeral scalars (r in prove())
  • Secret keys in VOPRF operations

• Software provider secret keys: The SoftwareCryptoProvider explicitly zeroizes its secret key in the Drop implementation.

• PKCS11 provider MAC keys: The Pkcs11CryptoProvider zeroizes the mac_base_key derived from the HSM in its Drop implementation.

Explicit Zeroization (via Zeroizing wrapper)

• MAC keys: All MAC keys derived for token authentication are wrapped in Zeroizing<[u8; 32]> to ensure they are erased immediately after use:
  • Issuer token MAC computation
  • Verifier token MAC verification
  • Batch issuance MAC operations

Non-Secret Values (No Zeroization)

• Elliptic curve points (ProjectivePoint, AffinePoint): These are public values that do not require zeroization.
• Token data: Tokens are meant to be shared and do not contain secrets.
• Public keys: Public keys are intentionally shareable.

Verification

To verify zeroization is working correctly, use memory analysis tools or run the zeroization tests in the test suite.

Modules

provider

Cryptographic provider abstraction for software and HSM backends

voprf

Vendored VOPRF(P-256, SHA-256)-verifiable implementation built on RustCrypto.

Structs

BlindState

Client

Server

Verifier

Enums

Error

Constants

TOKEN_FORMAT_V1_MAC

Token format versions

TOKEN_FORMAT_V2_SIGNATURE

TOKEN_LEN_V1

Total token lengths including authentication

TOKEN_LEN_V2

TOKEN_MAC_LEN

Token MAC constants

TOKEN_SIGNATURE_LEN

Token signature constants (for public-key metadata authentication)

Functions

compute_token_mac

Compute HMAC-SHA256 over token and metadata to prevent tampering

compute_token_signature

Compute ECDSA signature over token metadata to prevent tampering

derive_mac_key

Derive MAC key from server secret key using HKDF (legacy, simple version)

derive_mac_key_v2

Derive MAC key from server secret key using HKDF with domain separation

nullifier_key

Deterministic nullifier seed for anti-double-spend.

sign_message

Sign an arbitrary message with an issuer’s secret key

verify_message_signature

Verify an arbitrary message signature with an issuer’s public key

verify_token_mac

Verify HMAC-SHA256 over token and metadata (constant-time)

verify_token_signature

Verify ECDSA signature over token metadata (constant-time)