Expand description
hacl-sys
Rust wrapper for hacl.
Platforms
Platform | Supported |
---|---|
MacOS | ✅ |
MacOS Arm64 | ✅ |
iOS | ✅ |
iOS Simulator x86_64 | ❌ |
Linux x64 | ✅ |
Linux x86 | ✅ |
Windows x64 | ❌ |
Arm64 Linux | ✅ |
Arm32 Linux | ✅ |
Building on Windows
Enabling builds on Windows is tracked in #78.
Structs
Constants
Functions
- Return the algorithm used in the AEAD state.
- Create the required AEAD state for the algorithm.
- Verify the authenticity of
ad
||cipher
and decryptcipher
intodst
. - WARNING: this function doesn’t perform any dynamic hardware check. You MUST make sure your hardware supports the implementation of AESGCM. Besides, this function was not designed for cross-compilation: if you compile it on a system which doesn’t support Vale, it will compile it to a function which makes the program exit.
- WARNING: this function doesn’t perform any dynamic hardware check. You MUST make sure your hardware supports the implementation of AESGCM. Besides, this function was not designed for cross-compilation: if you compile it on a system which doesn’t support Vale, it will compile it to a function which makes the program exit.
- Encrypt and authenticate a message (
plain
) with associated data (ad
). - WARNING: this function doesn’t perform any dynamic hardware check. You MUST make sure your hardware supports the implementation of AESGCM. Besides, this function was not designed for cross-compilation: if you compile it on a system which doesn’t support Vale, it will compile it to a function which makes the program exit.
- WARNING: this function doesn’t perform any dynamic hardware check. You MUST make sure your hardware supports the implementation of AESGCM. Besides, this function was not designed for cross-compilation: if you compile it on a system which doesn’t support Vale, it will compile it to a function which makes the program exit.
- Cleanup and free the AEAD state.
- Execute the diffie-hellmann key exchange.
- Compute the scalar multiple of a point.
- Calculate a public point from a secret/private key.
- Expand pseudorandom key to desired length.
- Extract a fixed-length pseudorandom key from input keying material.
- Perform a run-time test to determine which algorithm was chosen for the given piece of state.
- Allocate initial state for the agile hash. The argument
a
stands for the choice of algorithm (see Hacl_Spec.h). This API will automatically pick the most efficient implementation, provided you have called EverCrypt_AutoConfig2_init() before. The state is to be freed by callingfree
. - Write the resulting hash into
dst
, an array whose length is algorithm-specific. You can use the macros defined earlier in this file to allocate a destination buffer of the right length. The state remains valid after a call tofinish
, meaning the user may feed more data into the hash viaupdate
. (The finish function operates on an internal copy of the state and therefore does not invalidate the client-held state.) - Free a state previously allocated with
create_in
. - Hash
input
, of lenlen
, intodst
, an array whose length is determined by your choice of algorithma
(see Hacl_Spec.h). You can use the macros defined earlier in this file to allocate a destination buffer of the right length. This API will automatically pick the most efficient implementation, provided you have called EverCrypt_AutoConfig2_init() before. - Reset an existing state to the initial hash state with empty data.
- Feed an arbitrary amount of data into the hash. This function returns EverCrypt_Error_Success for success, or EverCrypt_Error_MaximumLengthExceeded if the combined length of all of the data passed to
update
(since the last call toinit
) exceeds 2^61-1 bytes or 2^64-1 bytes, depending on the choice of algorithm. Both limits are unlikely to be attained in practice. - Write
a + b mod 2 ^ (64 * len)
inres
. - Write
(a + b) mod n
inres
. - Serialize a bignum into big-endian memory.
- Serialize a bignum into little-endian memory.
- Returns 2^64 - 1 if a = b, otherwise returns 0.
- Returns 2^64 - 1 if a < b, otherwise returns 0.
- Write
a mod n
inres
. - Write
a ^ b mod n
inres
. - Write
a ^ b mod n
inres
. - Write
a ^ b mod n
inres
. - Write
a ^ b mod n
inres
. - Write
a ^ (-1) mod n
inres
. - Write
a ^ (-1) mod n
inres
. - Write
a mod n
inres
. - Deallocate the memory previously allocated by Hacl_Bignum64_mont_ctx_init.
- Heap-allocate and initialize a montgomery context.
- Write
a * b
inres
. - Load a bid-endian bignum from memory.
- Load a little-endian bignum from memory.
- Write
a * a
inres
. - Write
a - b mod 2 ^ (64 * len)
inres
. - Write
(a - b) mod n
inres
. - Write the BLAKE2b digest of message
d
using keyk
intooutput
. - Write the BLAKE2b digest of message
d
using keyk
intooutput
. - Write the BLAKE2s digest of message
d
using keyk
intooutput
. - Write the BLAKE2s digest of message
d
using keyk
intooutput
. - Decrypt a ciphertext
cipher
with keyk
. - Encrypt a message
m
with keyk
. - Decrypt a ciphertext
cipher
with keyk
. - Encrypt a message
m
with keyk
. - Decrypt a ciphertext
cipher
with keyk
. - Encrypt a message
m
with keyk
. - Execute the diffie-hellmann key exchange.
- Compute the scalar multiple of a point.
- Calculate a public point from a secret/private key.
- Execute the diffie-hellmann key exchange.
- Compute the scalar multiple of a point.
- Calculate a public point from a secret/private key.
- Compute the expanded keys for an Ed25519 signature.
- Compute the public key from the private key.
- Create an Ed25519 signature.
- Create an Ed25519 signature with the (precomputed) expanded keys.
- Verify an Ed25519 signature.
- Expand pseudorandom key to desired length.
- Expand pseudorandom key to desired length.
- Expand pseudorandom key to desired length.
- Expand pseudorandom key to desired length.
- Expand pseudorandom key to desired length.
- Extract a fixed-length pseudorandom key from input keying material.
- Extract a fixed-length pseudorandom key from input keying material.
- Extract a fixed-length pseudorandom key from input keying material.
- Extract a fixed-length pseudorandom key from input keying material.
- Extract a fixed-length pseudorandom key from input keying material.
- Create a DRBG state.
- Generate output.
- Instantiate the DRBG.
- Return the minimal entropy input length of the desired hash function.
- Reseed the DRBG.
- Write the HMAC-BLAKE2b MAC of a message (
data
) by using a key (key
) intodst
. - Write the HMAC-BLAKE2s MAC of a message (
data
) by using a key (key
) intodst
. - Write the HMAC-SHA-2-256 MAC of a message (
data
) by using a key (key
) intodst
. - Write the HMAC-SHA-2-384 MAC of a message (
data
) by using a key (key
) intodst
. - Write the HMAC-SHA-2-512 MAC of a message (
data
) by using a key (key
) intodst
. - Write the HMAC-SHA-1 MAC of a message (
data
) by using a key (key
) intodst
. - Convert a public key from compressed to its raw form.
- Compute the public key from the private key.
- Execute the diffie-hellmann key exchange.
- Create an ECDSA signature using SHA2-256.
- Create an ECDSA signature using SHA2-384.
- Create an ECDSA signature using SHA2-512.
- Create an ECDSA signature WITHOUT hashing first.
- Verify an ECDSA signature using SHA2-256.
- Verify an ECDSA signature using SHA2-384.
- Verify an ECDSA signature using SHA2-512.
- Verify an ECDSA signature WITHOUT hashing first.
- Convert a public key from raw to its compressed form.
- Convert a public key from raw to its uncompressed form.
- Convert a public key from uncompressed to its raw form.
- Private key validation.
- Public key validation.
- The mask generation function defined in the Public Key Cryptography Standard #1 (https://www.ietf.org/rfc/rfc2437.txt Section 10.2.1)
- Load a public key from key parts.
- Load a secret key from key parts.
- Verify the signature
sgnt
of a messagemsg
. - Sign a message
msg
and write the signature tosgnt
. - Sign a message
msg
and write the signature tosgnt
. - Verify the signature
sgnt
of a messagemsg
. - Copies the state passed as argument into a newly allocated state (deep copy). The state is to be freed by calling
free_256
. Cloning the state this way is useful, for instance, if your control-flow diverges and you need to feed more (different) data into the hash in each branch. - Copies the state passed as argument into a newly allocated state (deep copy). The state is to be freed by calling
free_512
. Cloning the state this way is useful, for instance, if your control-flow diverges and you need to feed more (different) data into the hash in each branch. - Allocate initial state for the SHA2_256 hash. The state is to be freed by calling
free_256
. - Write the resulting hash into
dst
, an array of 28 bytes. The state remains valid after a call tofinish_224
, meaning the user may feed more data into the hash viaupdate_224
. - Write the resulting hash into
dst
, an array of 32 bytes. The state remains valid after a call tofinish_256
, meaning the user may feed more data into the hash viaupdate_256
. (The finish_256 function operates on an internal copy of the state and therefore does not invalidate the client-held statep
.) - Write the resulting hash into
dst
, an array of 48 bytes. The state remains valid after a call tofinish_384
, meaning the user may feed more data into the hash viaupdate_384
. - Write the resulting hash into
dst
, an array of 64 bytes. The state remains valid after a call tofinish_512
, meaning the user may feed more data into the hash viaupdate_512
. (The finish_512 function operates on an internal copy of the state and therefore does not invalidate the client-held statep
.) - Free a state allocated with
create_in_256
. - Free a state allocated with
create_in_512
. - Hash
input
, of leninput_len
, intodst
, an array of 28 bytes. - Hash
input
, of leninput_len
, intodst
, an array of 32 bytes. - Hash
input
, of leninput_len
, intodst
, an array of 48 bytes. - Hash
input
, of leninput_len
, intodst
, an array of 64 bytes. - Reset an existing state to the initial hash state with empty data.
- Feed an arbitrary amount of data into the hash. This function returns 0 for success, or 1 if the combined length of all of the data passed to
update_256
(since the last call toinit_256
) exceeds 2^61-1 bytes. - Feed an arbitrary amount of data into the hash. This function returns 0 for success, or 1 if the combined length of all of the data passed to
update_512
(since the last call toinit_512
) exceeds 2^125-1 bytes.