Return the algorithm used in the AEAD state.
Create the required AEAD state for the algorithm.
Verify the authenticity of ad || cipher and decrypt cipher into dst.
WARNING: this function doesn’t perform any dynamic
hardware check. You MUST make sure your hardware supports the
implementation of AESGCM. Besides, this function was not designed
for cross-compilation: if you compile it on a system which doesn’t
support Vale, it will compile it to a function which makes the
program exit.
WARNING: this function doesn’t perform any dynamic
hardware check. You MUST make sure your hardware supports the
implementation of AESGCM. Besides, this function was not designed
for cross-compilation: if you compile it on a system which doesn’t
support Vale, it will compile it to a function which makes the
program exit.
Encrypt and authenticate a message (plain) with associated data (ad).
WARNING: this function doesn’t perform any dynamic
hardware check. You MUST make sure your hardware supports the
implementation of AESGCM. Besides, this function was not designed
for cross-compilation: if you compile it on a system which doesn’t
support Vale, it will compile it to a function which makes the
program exit.
WARNING: this function doesn’t perform any dynamic
hardware check. You MUST make sure your hardware supports the
implementation of AESGCM. Besides, this function was not designed
for cross-compilation: if you compile it on a system which doesn’t
support Vale, it will compile it to a function which makes the
program exit.
Cleanup and free the AEAD state.
Execute the diffie-hellmann key exchange.
Compute the scalar multiple of a point.
Calculate a public point from a secret/private key.
Expand pseudorandom key to desired length.
Extract a fixed-length pseudorandom key from input keying material.
Perform a run-time test to determine which algorithm was chosen for the given piece of state.
Allocate initial state for the agile hash. The argument a stands for the
choice of algorithm (see Hacl_Spec.h). This API will automatically pick the most
efficient implementation, provided you have called EverCrypt_AutoConfig2_init()
before. The state is to be freed by calling free.
Write the resulting hash into dst, an array whose length is
algorithm-specific. You can use the macros defined earlier in this file to
allocate a destination buffer of the right length. The state remains valid after
a call to finish, meaning the user may feed more data into the hash via
update. (The finish function operates on an internal copy of the state and
therefore does not invalidate the client-held state.)
Free a state previously allocated with create_in.
Hash input, of len len, into dst, an array whose length is determined by
your choice of algorithm a (see Hacl_Spec.h). You can use the macros defined
earlier in this file to allocate a destination buffer of the right length. This
API will automatically pick the most efficient implementation, provided you have
called EverCrypt_AutoConfig2_init() before.
Reset an existing state to the initial hash state with empty data.
Feed an arbitrary amount of data into the hash. This function returns
EverCrypt_Error_Success for success, or EverCrypt_Error_MaximumLengthExceeded if
the combined length of all of the data passed to update (since the last call
to init) exceeds 2^61-1 bytes or 2^64-1 bytes, depending on the choice of
algorithm. Both limits are unlikely to be attained in practice.
Write a + b mod 2 ^ (64 * len) in res.
Write (a + b) mod n in res.
Serialize a bignum into big-endian memory.
Serialize a bignum into little-endian memory.
Returns 2^64 - 1 if a = b, otherwise returns 0.
Returns 2^64 - 1 if a < b, otherwise returns 0.
Write a mod n in res.
Write a ^ b mod n in res.
Write a ^ b mod n in res.
Write a ^ b mod n in res.
Write a ^ b mod n in res.
Write a ^ (-1) mod n in res.
Write a ^ (-1) mod n in res.
Write a mod n in res.
Deallocate the memory previously allocated by Hacl_Bignum64_mont_ctx_init.
Heap-allocate and initialize a montgomery context.
Write a * b in res.
Load a bid-endian bignum from memory.
Load a little-endian bignum from memory.
Write a * a in res.
Write a - b mod 2 ^ (64 * len) in res.
Write (a - b) mod n in res.
Write the BLAKE2b digest of message d using key k into output.
Write the BLAKE2b digest of message d using key k into output.
Write the BLAKE2s digest of message d using key k into output.
Write the BLAKE2s digest of message d using key k into output.
Decrypt a ciphertext cipher with key k.
Encrypt a message m with key k.
Decrypt a ciphertext cipher with key k.
Encrypt a message m with key k.
Decrypt a ciphertext cipher with key k.
Encrypt a message m with key k.
Execute the diffie-hellmann key exchange.
Compute the scalar multiple of a point.
Calculate a public point from a secret/private key.
Execute the diffie-hellmann key exchange.
Compute the scalar multiple of a point.
Calculate a public point from a secret/private key.
Compute the expanded keys for an Ed25519 signature.
Compute the public key from the private key.
Create an Ed25519 signature.
Create an Ed25519 signature with the (precomputed) expanded keys.
Verify an Ed25519 signature.
Expand pseudorandom key to desired length.
Expand pseudorandom key to desired length.
Expand pseudorandom key to desired length.
Expand pseudorandom key to desired length.
Expand pseudorandom key to desired length.
Extract a fixed-length pseudorandom key from input keying material.
Extract a fixed-length pseudorandom key from input keying material.
Extract a fixed-length pseudorandom key from input keying material.
Extract a fixed-length pseudorandom key from input keying material.
Extract a fixed-length pseudorandom key from input keying material.
Create a DRBG state.
Generate output.
Instantiate the DRBG.
Return the minimal entropy input length of the desired hash function.
Reseed the DRBG.
Write the HMAC-BLAKE2b MAC of a message (data) by using a key (key) into dst.
Write the HMAC-BLAKE2s MAC of a message (data) by using a key (key) into dst.
Write the HMAC-SHA-2-256 MAC of a message (data) by using a key (key) into dst.
Write the HMAC-SHA-2-384 MAC of a message (data) by using a key (key) into dst.
Write the HMAC-SHA-2-512 MAC of a message (data) by using a key (key) into dst.
Write the HMAC-SHA-1 MAC of a message (data) by using a key (key) into dst.
Convert a public key from compressed to its raw form.
Compute the public key from the private key.
Execute the diffie-hellmann key exchange.
Create an ECDSA signature using SHA2-256.
Create an ECDSA signature using SHA2-384.
Create an ECDSA signature using SHA2-512.
Create an ECDSA signature WITHOUT hashing first.
Verify an ECDSA signature using SHA2-256.
Verify an ECDSA signature using SHA2-384.
Verify an ECDSA signature using SHA2-512.
Verify an ECDSA signature WITHOUT hashing first.
Convert a public key from raw to its compressed form.
Convert a public key from raw to its uncompressed form.
Convert a public key from uncompressed to its raw form.
Private key validation.
Public key validation.
The mask generation function defined in the Public Key Cryptography Standard #1
(https://www.ietf.org/rfc/rfc2437.txt Section 10.2.1)
Load a public key from key parts.
Load a secret key from key parts.
Verify the signature sgnt of a message msg.
Sign a message msg and write the signature to sgnt.
Sign a message msg and write the signature to sgnt.
Verify the signature sgnt of a message msg.
Copies the state passed as argument into a newly allocated state (deep copy).
The state is to be freed by calling free_256. Cloning the state this way is
useful, for instance, if your control-flow diverges and you need to feed
more (different) data into the hash in each branch.
Copies the state passed as argument into a newly allocated state (deep copy).
The state is to be freed by calling free_512. Cloning the state this way is
useful, for instance, if your control-flow diverges and you need to feed
more (different) data into the hash in each branch.
Allocate initial state for the SHA2_256 hash. The state is to be freed by
calling free_256.
Write the resulting hash into dst, an array of 28 bytes. The state remains
valid after a call to finish_224, meaning the user may feed more data into
the hash via update_224.
Write the resulting hash into dst, an array of 32 bytes. The state remains
valid after a call to finish_256, meaning the user may feed more data into
the hash via update_256. (The finish_256 function operates on an internal copy of
the state and therefore does not invalidate the client-held state p.)
Write the resulting hash into dst, an array of 48 bytes. The state remains
valid after a call to finish_384, meaning the user may feed more data into
the hash via update_384.
Write the resulting hash into dst, an array of 64 bytes. The state remains
valid after a call to finish_512, meaning the user may feed more data into
the hash via update_512. (The finish_512 function operates on an internal copy of
the state and therefore does not invalidate the client-held state p.)
Free a state allocated with create_in_256.
Free a state allocated with create_in_512.
Hash input, of len input_len, into dst, an array of 28 bytes.
Hash input, of len input_len, into dst, an array of 32 bytes.
Hash input, of len input_len, into dst, an array of 48 bytes.
Hash input, of len input_len, into dst, an array of 64 bytes.
Reset an existing state to the initial hash state with empty data.
Feed an arbitrary amount of data into the hash. This function returns 0 for
success, or 1 if the combined length of all of the data passed to update_256
(since the last call to init_256) exceeds 2^61-1 bytes.
Feed an arbitrary amount of data into the hash. This function returns 0 for
success, or 1 if the combined length of all of the data passed to update_512
(since the last call to init_512) exceeds 2^125-1 bytes.
Free a raw C pointer.
