pub const Spec_FFDHE_FFDHE2048: u32 = 0;
pub const Spec_FFDHE_FFDHE3072: u32 = 1;
pub const Spec_FFDHE_FFDHE4096: u32 = 2;
pub const Spec_FFDHE_FFDHE6144: u32 = 3;
pub const Spec_FFDHE_FFDHE8192: u32 = 4;
pub const Spec_Agile_AEAD_AES128_GCM: u32 = 0;
pub const Spec_Agile_AEAD_AES256_GCM: u32 = 1;
pub const Spec_Agile_AEAD_CHACHA20_POLY1305: u32 = 2;
pub const Spec_Agile_AEAD_AES128_CCM: u32 = 3;
pub const Spec_Agile_AEAD_AES256_CCM: u32 = 4;
pub const Spec_Agile_AEAD_AES128_CCM8: u32 = 5;
pub const Spec_Agile_AEAD_AES256_CCM8: u32 = 6;
pub const EverCrypt_Error_Success: u32 = 0;
pub const EverCrypt_Error_UnsupportedAlgorithm: u32 = 1;
pub const EverCrypt_Error_InvalidKey: u32 = 2;
pub const EverCrypt_Error_AuthenticationFailure: u32 = 3;
pub const EverCrypt_Error_InvalidIVLength: u32 = 4;
pub const EverCrypt_Error_DecodeError: u32 = 5;
pub const EverCrypt_Error_MaximumLengthExceeded: u32 = 6;
pub const Spec_Hash_Definitions_SHA2_224: u32 = 0;
pub const Spec_Hash_Definitions_SHA2_256: u32 = 1;
pub const Spec_Hash_Definitions_SHA2_384: u32 = 2;
pub const Spec_Hash_Definitions_SHA2_512: u32 = 3;
pub const Spec_Hash_Definitions_SHA1: u32 = 4;
pub const Spec_Hash_Definitions_MD5: u32 = 5;
pub const Spec_Hash_Definitions_Blake2S: u32 = 6;
pub const Spec_Hash_Definitions_Blake2B: u32 = 7;
pub const Spec_Hash_Definitions_SHA3_256: u32 = 8;
pub const Spec_Hash_Definitions_SHA3_224: u32 = 9;
pub const Spec_Hash_Definitions_SHA3_384: u32 = 10;
pub const Spec_Hash_Definitions_SHA3_512: u32 = 11;
pub const Spec_Hash_Definitions_Shake128: u32 = 12;
pub const Spec_Hash_Definitions_Shake256: u32 = 13;
pub type Spec_FFDHE_ffdhe_alg = u8;
pub type Spec_Agile_AEAD_alg = u8;
pub type EverCrypt_Error_error_code = u8;
extern "C" {
#[doc = "Encrypt a message `m` with key `k`.\n\nThe arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption.\nNote: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory.\n\n@param k Pointer to 32 bytes of memory where the AEAD key is read from.\n@param n Pointer to 12 bytes of memory where the AEAD nonce is read from.\n@param aadlen Length of the associated data.\n@param aad Pointer to `aadlen` bytes of memory where the associated data is read from.\n\n@param mlen Length of the message.\n@param m Pointer to `mlen` bytes of memory where the message is read from.\n@param cipher Pointer to `mlen` bytes of memory where the ciphertext is written to.\n@param mac Pointer to 16 bytes of memory where the mac is written to."]
pub fn Hacl_Chacha20Poly1305_32_aead_encrypt(
k: *mut u8,
n: *mut u8,
aadlen: u32,
aad: *mut u8,
mlen: u32,
m: *mut u8,
cipher: *mut u8,
mac: *mut u8,
);
}
extern "C" {
#[doc = "Decrypt a ciphertext `cipher` with key `k`.\n\nThe arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption.\nNote: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory.\n\nIf decryption succeeds, the resulting plaintext is stored in `m` and the function returns the success code 0.\nIf decryption fails, the array `m` remains unchanged and the function returns the error code 1.\n\n@param k Pointer to 32 bytes of memory where the AEAD key is read from.\n@param n Pointer to 12 bytes of memory where the AEAD nonce is read from.\n@param aadlen Length of the associated data.\n@param aad Pointer to `aadlen` bytes of memory where the associated data is read from.\n\n@param mlen Length of the ciphertext.\n@param m Pointer to `mlen` bytes of memory where the message is written to.\n@param cipher Pointer to `mlen` bytes of memory where the ciphertext is read from.\n@param mac Pointer to 16 bytes of memory where the mac is read from.\n\n@returns 0 on succeess; 1 on failure."]
pub fn Hacl_Chacha20Poly1305_32_aead_decrypt(
k: *mut u8,
n: *mut u8,
aadlen: u32,
aad: *mut u8,
mlen: u32,
m: *mut u8,
cipher: *mut u8,
mac: *mut u8,
) -> u32;
}
pub type __m128i = [::std::os::raw::c_longlong; 2usize];
pub type Lib_IntVector_Intrinsics_vec128 = __m128i;
pub type __m256i = [::std::os::raw::c_longlong; 4usize];
pub type Lib_IntVector_Intrinsics_vec256 = __m256i;
extern "C" {
#[doc = "Encrypt a message `m` with key `k`.\n\nThe arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption.\nNote: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory.\n\n@param k Pointer to 32 bytes of memory where the AEAD key is read from.\n@param n Pointer to 12 bytes of memory where the AEAD nonce is read from.\n@param aadlen Length of the associated data.\n@param aad Pointer to `aadlen` bytes of memory where the associated data is read from.\n\n@param mlen Length of the message.\n@param m Pointer to `mlen` bytes of memory where the message is read from.\n@param cipher Pointer to `mlen` bytes of memory where the ciphertext is written to.\n@param mac Pointer to 16 bytes of memory where the mac is written to."]
pub fn Hacl_Chacha20Poly1305_256_aead_encrypt(
k: *mut u8,
n: *mut u8,
aadlen: u32,
aad: *mut u8,
mlen: u32,
m: *mut u8,
cipher: *mut u8,
mac: *mut u8,
);
}
extern "C" {
#[doc = "Decrypt a ciphertext `cipher` with key `k`.\n\nThe arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption.\nNote: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory.\n\nIf decryption succeeds, the resulting plaintext is stored in `m` and the function returns the success code 0.\nIf decryption fails, the array `m` remains unchanged and the function returns the error code 1.\n\n@param k Pointer to 32 bytes of memory where the AEAD key is read from.\n@param n Pointer to 12 bytes of memory where the AEAD nonce is read from.\n@param aadlen Length of the associated data.\n@param aad Pointer to `aadlen` bytes of memory where the associated data is read from.\n\n@param mlen Length of the ciphertext.\n@param m Pointer to `mlen` bytes of memory where the message is written to.\n@param cipher Pointer to `mlen` bytes of memory where the ciphertext is read from.\n@param mac Pointer to 16 bytes of memory where the mac is read from.\n\n@returns 0 on succeess; 1 on failure."]
pub fn Hacl_Chacha20Poly1305_256_aead_decrypt(
k: *mut u8,
n: *mut u8,
aadlen: u32,
aad: *mut u8,
mlen: u32,
m: *mut u8,
cipher: *mut u8,
mac: *mut u8,
) -> u32;
}
extern "C" {
#[doc = "Encrypt a message `m` with key `k`.\n\nThe arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption.\nNote: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory.\n\n@param k Pointer to 32 bytes of memory where the AEAD key is read from.\n@param n Pointer to 12 bytes of memory where the AEAD nonce is read from.\n@param aadlen Length of the associated data.\n@param aad Pointer to `aadlen` bytes of memory where the associated data is read from.\n\n@param mlen Length of the message.\n@param m Pointer to `mlen` bytes of memory where the message is read from.\n@param cipher Pointer to `mlen` bytes of memory where the ciphertext is written to.\n@param mac Pointer to 16 bytes of memory where the mac is written to."]
pub fn Hacl_Chacha20Poly1305_128_aead_encrypt(
k: *mut u8,
n: *mut u8,
aadlen: u32,
aad: *mut u8,
mlen: u32,
m: *mut u8,
cipher: *mut u8,
mac: *mut u8,
);
}
extern "C" {
#[doc = "Decrypt a ciphertext `cipher` with key `k`.\n\nThe arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption.\nNote: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory.\n\nIf decryption succeeds, the resulting plaintext is stored in `m` and the function returns the success code 0.\nIf decryption fails, the array `m` remains unchanged and the function returns the error code 1.\n\n@param k Pointer to 32 bytes of memory where the AEAD key is read from.\n@param n Pointer to 12 bytes of memory where the AEAD nonce is read from.\n@param aadlen Length of the associated data.\n@param aad Pointer to `aadlen` bytes of memory where the associated data is read from.\n\n@param mlen Length of the ciphertext.\n@param m Pointer to `mlen` bytes of memory where the message is written to.\n@param cipher Pointer to `mlen` bytes of memory where the ciphertext is read from.\n@param mac Pointer to 16 bytes of memory where the mac is read from.\n\n@returns 0 on succeess; 1 on failure."]
pub fn Hacl_Chacha20Poly1305_128_aead_decrypt(
k: *mut u8,
n: *mut u8,
aadlen: u32,
aad: *mut u8,
mlen: u32,
m: *mut u8,
cipher: *mut u8,
mac: *mut u8,
) -> u32;
}
extern "C" {
pub fn EverCrypt_AutoConfig2_has_shaext() -> bool;
}
extern "C" {
pub fn EverCrypt_AutoConfig2_has_aesni() -> bool;
}
extern "C" {
pub fn EverCrypt_AutoConfig2_has_pclmulqdq() -> bool;
}
extern "C" {
pub fn EverCrypt_AutoConfig2_has_avx2() -> bool;
}
extern "C" {
pub fn EverCrypt_AutoConfig2_has_avx() -> bool;
}
extern "C" {
pub fn EverCrypt_AutoConfig2_has_bmi2() -> bool;
}
extern "C" {
pub fn EverCrypt_AutoConfig2_has_adx() -> bool;
}
extern "C" {
pub fn EverCrypt_AutoConfig2_has_sse() -> bool;
}
extern "C" {
pub fn EverCrypt_AutoConfig2_has_movbe() -> bool;
}
extern "C" {
pub fn EverCrypt_AutoConfig2_has_rdrand() -> bool;
}
extern "C" {
pub fn EverCrypt_AutoConfig2_has_avx512() -> bool;
}
extern "C" {
pub fn EverCrypt_AutoConfig2_recall();
}
extern "C" {
pub fn EverCrypt_AutoConfig2_init();
}
extern "C" {
pub fn EverCrypt_AutoConfig2_disable_avx2();
}
extern "C" {
pub fn EverCrypt_AutoConfig2_disable_avx();
}
extern "C" {
pub fn EverCrypt_AutoConfig2_disable_bmi2();
}
extern "C" {
pub fn EverCrypt_AutoConfig2_disable_adx();
}
extern "C" {
pub fn EverCrypt_AutoConfig2_disable_shaext();
}
extern "C" {
pub fn EverCrypt_AutoConfig2_disable_aesni();
}
extern "C" {
pub fn EverCrypt_AutoConfig2_disable_pclmulqdq();
}
extern "C" {
pub fn EverCrypt_AutoConfig2_disable_sse();
}
extern "C" {
pub fn EverCrypt_AutoConfig2_disable_movbe();
}
extern "C" {
pub fn EverCrypt_AutoConfig2_disable_rdrand();
}
extern "C" {
pub fn EverCrypt_AutoConfig2_disable_avx512();
}
extern "C" {
pub fn EverCrypt_AutoConfig2_has_vec128() -> bool;
}
extern "C" {
pub fn EverCrypt_AutoConfig2_has_vec256() -> bool;
}
extern "C" {
pub fn EverCrypt_AEAD_uu___is_Ek(
a: Spec_Agile_AEAD_alg,
projectee: EverCrypt_AEAD_state_s,
) -> bool;
}
extern "C" {
#[doc = "Return the algorithm used in the AEAD state.\n\n@param s State of the AEAD algorithm.\n\n@return Algorithm used in the AEAD state."]
pub fn EverCrypt_AEAD_alg_of_state(s: *mut EverCrypt_AEAD_state_s) -> Spec_Agile_AEAD_alg;
}
extern "C" {
#[doc = "Create the required AEAD state for the algorithm.\n\nNote: The caller must free the AEAD state by calling `EverCrypt_AEAD_free`.\n\n@param a The argument `a` must be either of:\n `Spec_Agile_AEAD_AES128_GCM` (KEY_LEN=16),\n `Spec_Agile_AEAD_AES256_GCM` (KEY_LEN=32), or\n `Spec_Agile_AEAD_CHACHA20_POLY1305` (KEY_LEN=32).\n@param dst Pointer to a pointer where the address of the allocated AEAD state will be written to.\n@param k Pointer to `KEY_LEN` bytes of memory where the key is read from. The size depends on the used algorithm, see above.\n\n@return The function returns `EverCrypt_Error_Success` on success or\n`EverCrypt_Error_UnsupportedAlgorithm` in case of a bad algorithm identifier.\n(See `EverCrypt_Error.h`.)"]
pub fn EverCrypt_AEAD_create_in(
a: Spec_Agile_AEAD_alg,
dst: *mut *mut EverCrypt_AEAD_state_s,
k: *mut u8,
) -> EverCrypt_Error_error_code;
}
extern "C" {
#[doc = "Encrypt and authenticate a message (`plain`) with associated data (`ad`).\n\n@param s Pointer to the The AEAD state created by `EverCrypt_AEAD_create_in`. It already contains the encryption key.\n@param iv Pointer to `iv_len` bytes of memory where the nonce is read from.\n@param iv_len Length of the nonce. Note: ChaCha20Poly1305 requires a 12 byte nonce.\n@param ad Pointer to `ad_len` bytes of memory where the associated data is read from.\n@param ad_len Length of the associated data.\n@param plain Pointer to `plain_len` bytes of memory where the to-be-encrypted plaintext is read from.\n@param plain_len Length of the to-be-encrypted plaintext.\n@param cipher Pointer to `plain_len` bytes of memory where the ciphertext is written to.\n@param tag Pointer to `TAG_LEN` bytes of memory where the tag is written to.\nThe length of the `tag` must be of a suitable length for the chosen algorithm:\n `Spec_Agile_AEAD_AES128_GCM` (TAG_LEN=16)\n `Spec_Agile_AEAD_AES256_GCM` (TAG_LEN=16)\n `Spec_Agile_AEAD_CHACHA20_POLY1305` (TAG_LEN=16)\n\n@return `EverCrypt_AEAD_encrypt` may return either `EverCrypt_Error_Success` or `EverCrypt_Error_InvalidKey` (`EverCrypt_error.h`). The latter is returned if and only if the `s` parameter is `NULL`."]
pub fn EverCrypt_AEAD_encrypt(
s: *mut EverCrypt_AEAD_state_s,
iv: *mut u8,
iv_len: u32,
ad: *mut u8,
ad_len: u32,
plain: *mut u8,
plain_len: u32,
cipher: *mut u8,
tag: *mut u8,
) -> EverCrypt_Error_error_code;
}
extern "C" {
#[doc = "WARNING: this function doesn't perform any dynamic\nhardware check. You MUST make sure your hardware supports the\nimplementation of AESGCM. Besides, this function was not designed\nfor cross-compilation: if you compile it on a system which doesn't\nsupport Vale, it will compile it to a function which makes the\nprogram exit."]
pub fn EverCrypt_AEAD_encrypt_expand_aes128_gcm_no_check(
k: *mut u8,
iv: *mut u8,
iv_len: u32,
ad: *mut u8,
ad_len: u32,
plain: *mut u8,
plain_len: u32,
cipher: *mut u8,
tag: *mut u8,
) -> EverCrypt_Error_error_code;
}
extern "C" {
#[doc = "WARNING: this function doesn't perform any dynamic\nhardware check. You MUST make sure your hardware supports the\nimplementation of AESGCM. Besides, this function was not designed\nfor cross-compilation: if you compile it on a system which doesn't\nsupport Vale, it will compile it to a function which makes the\nprogram exit."]
pub fn EverCrypt_AEAD_encrypt_expand_aes256_gcm_no_check(
k: *mut u8,
iv: *mut u8,
iv_len: u32,
ad: *mut u8,
ad_len: u32,
plain: *mut u8,
plain_len: u32,
cipher: *mut u8,
tag: *mut u8,
) -> EverCrypt_Error_error_code;
}
extern "C" {
pub fn EverCrypt_AEAD_encrypt_expand_aes128_gcm(
k: *mut u8,
iv: *mut u8,
iv_len: u32,
ad: *mut u8,
ad_len: u32,
plain: *mut u8,
plain_len: u32,
cipher: *mut u8,
tag: *mut u8,
) -> EverCrypt_Error_error_code;
}
extern "C" {
pub fn EverCrypt_AEAD_encrypt_expand_aes256_gcm(
k: *mut u8,
iv: *mut u8,
iv_len: u32,
ad: *mut u8,
ad_len: u32,
plain: *mut u8,
plain_len: u32,
cipher: *mut u8,
tag: *mut u8,
) -> EverCrypt_Error_error_code;
}
extern "C" {
pub fn EverCrypt_AEAD_encrypt_expand_chacha20_poly1305(
k: *mut u8,
iv: *mut u8,
iv_len: u32,
ad: *mut u8,
ad_len: u32,
plain: *mut u8,
plain_len: u32,
cipher: *mut u8,
tag: *mut u8,
) -> EverCrypt_Error_error_code;
}
extern "C" {
pub fn EverCrypt_AEAD_encrypt_expand(
a: Spec_Agile_AEAD_alg,
k: *mut u8,
iv: *mut u8,
iv_len: u32,
ad: *mut u8,
ad_len: u32,
plain: *mut u8,
plain_len: u32,
cipher: *mut u8,
tag: *mut u8,
) -> EverCrypt_Error_error_code;
}
extern "C" {
#[doc = "Verify the authenticity of `ad` || `cipher` and decrypt `cipher` into `dst`.\n\n@param s Pointer to the The AEAD state created by `EverCrypt_AEAD_create_in`. It already contains the encryption key.\n@param iv Pointer to `iv_len` bytes of memory where the nonce is read from.\n@param iv_len Length of the nonce. Note: ChaCha20Poly1305 requires a 12 byte nonce.\n@param ad Pointer to `ad_len` bytes of memory where the associated data is read from.\n@param ad_len Length of the associated data.\n@param cipher Pointer to `cipher_len` bytes of memory where the ciphertext is read from.\n@param cipher_len Length of the ciphertext.\n@param tag Pointer to `TAG_LEN` bytes of memory where the tag is read from.\nThe length of the `tag` must be of a suitable length for the chosen algorithm:\n `Spec_Agile_AEAD_AES128_GCM` (TAG_LEN=16)\n `Spec_Agile_AEAD_AES256_GCM` (TAG_LEN=16)\n `Spec_Agile_AEAD_CHACHA20_POLY1305` (TAG_LEN=16)\n@param dst Pointer to `cipher_len` bytes of memory where the decrypted plaintext will be written to.\n\n@return `EverCrypt_AEAD_decrypt` returns ...\n\n `EverCrypt_Error_Success`\n\n... on success and either of ...\n\n `EverCrypt_Error_InvalidKey` (returned if and only if the `s` parameter is `NULL`),\n `EverCrypt_Error_InvalidIVLength` (see note about requirements on IV size above), or\n `EverCrypt_Error_AuthenticationFailure` (in case the ciphertext could not be authenticated, e.g., due to modifications)\n\n... on failure (`EverCrypt_error.h`).\n\nUpon success, the plaintext will be written into `dst`."]
pub fn EverCrypt_AEAD_decrypt(
s: *mut EverCrypt_AEAD_state_s,
iv: *mut u8,
iv_len: u32,
ad: *mut u8,
ad_len: u32,
cipher: *mut u8,
cipher_len: u32,
tag: *mut u8,
dst: *mut u8,
) -> EverCrypt_Error_error_code;
}
extern "C" {
#[doc = "WARNING: this function doesn't perform any dynamic\nhardware check. You MUST make sure your hardware supports the\nimplementation of AESGCM. Besides, this function was not designed\nfor cross-compilation: if you compile it on a system which doesn't\nsupport Vale, it will compile it to a function which makes the\nprogram exit."]
pub fn EverCrypt_AEAD_decrypt_expand_aes128_gcm_no_check(
k: *mut u8,
iv: *mut u8,
iv_len: u32,
ad: *mut u8,
ad_len: u32,
cipher: *mut u8,
cipher_len: u32,
tag: *mut u8,
dst: *mut u8,
) -> EverCrypt_Error_error_code;
}
extern "C" {
#[doc = "WARNING: this function doesn't perform any dynamic\nhardware check. You MUST make sure your hardware supports the\nimplementation of AESGCM. Besides, this function was not designed\nfor cross-compilation: if you compile it on a system which doesn't\nsupport Vale, it will compile it to a function which makes the\nprogram exit."]
pub fn EverCrypt_AEAD_decrypt_expand_aes256_gcm_no_check(
k: *mut u8,
iv: *mut u8,
iv_len: u32,
ad: *mut u8,
ad_len: u32,
cipher: *mut u8,
cipher_len: u32,
tag: *mut u8,
dst: *mut u8,
) -> EverCrypt_Error_error_code;
}
extern "C" {
pub fn EverCrypt_AEAD_decrypt_expand_aes128_gcm(
k: *mut u8,
iv: *mut u8,
iv_len: u32,
ad: *mut u8,
ad_len: u32,
cipher: *mut u8,
cipher_len: u32,
tag: *mut u8,
dst: *mut u8,
) -> EverCrypt_Error_error_code;
}
extern "C" {
pub fn EverCrypt_AEAD_decrypt_expand_aes256_gcm(
k: *mut u8,
iv: *mut u8,
iv_len: u32,
ad: *mut u8,
ad_len: u32,
cipher: *mut u8,
cipher_len: u32,
tag: *mut u8,
dst: *mut u8,
) -> EverCrypt_Error_error_code;
}
extern "C" {
pub fn EverCrypt_AEAD_decrypt_expand_chacha20_poly1305(
k: *mut u8,
iv: *mut u8,
iv_len: u32,
ad: *mut u8,
ad_len: u32,
cipher: *mut u8,
cipher_len: u32,
tag: *mut u8,
dst: *mut u8,
) -> EverCrypt_Error_error_code;
}
extern "C" {
pub fn EverCrypt_AEAD_decrypt_expand(
a: Spec_Agile_AEAD_alg,
k: *mut u8,
iv: *mut u8,
iv_len: u32,
ad: *mut u8,
ad_len: u32,
cipher: *mut u8,
cipher_len: u32,
tag: *mut u8,
dst: *mut u8,
) -> EverCrypt_Error_error_code;
}
extern "C" {
#[doc = "Cleanup and free the AEAD state.\n\n@param s State of the AEAD algorithm."]
pub fn EverCrypt_AEAD_free(s: *mut EverCrypt_AEAD_state_s);
}
extern "C" {
#[doc = "Compute the scalar multiple of a point.\n\n@param out Pointer to 32 bytes of memory, allocated by the caller, where the resulting point is written to.\n@param priv Pointer to 32 bytes of memory where the secret/private key is read from.\n@param pub Pointer to 32 bytes of memory where the public point is read from."]
pub fn Hacl_Curve25519_64_scalarmult(out: *mut u8, priv_: *mut u8, pub_: *mut u8);
}
extern "C" {
#[doc = "Calculate a public point from a secret/private key.\n\nThis computes a scalar multiplication of the secret/private key with the curve's basepoint.\n\n@param pub Pointer to 32 bytes of memory, allocated by the caller, where the resulting point is written to.\n@param priv Pointer to 32 bytes of memory where the secret/private key is read from."]
pub fn Hacl_Curve25519_64_secret_to_public(pub_: *mut u8, priv_: *mut u8);
}
extern "C" {
#[doc = "Execute the diffie-hellmann key exchange.\n\n@param out Pointer to 32 bytes of memory, allocated by the caller, where the resulting point is written to.\n@param priv Pointer to 32 bytes of memory where **our** secret/private key is read from.\n@param pub Pointer to 32 bytes of memory where **their** public point is read from."]
pub fn Hacl_Curve25519_64_ecdh(out: *mut u8, priv_: *mut u8, pub_: *mut u8) -> bool;
}
extern "C" {
#[doc = "Compute the scalar multiple of a point.\n\n@param out Pointer to 32 bytes of memory, allocated by the caller, where the resulting point is written to.\n@param priv Pointer to 32 bytes of memory where the secret/private key is read from.\n@param pub Pointer to 32 bytes of memory where the public point is read from."]
pub fn Hacl_Curve25519_51_scalarmult(out: *mut u8, priv_: *mut u8, pub_: *mut u8);
}
extern "C" {
#[doc = "Calculate a public point from a secret/private key.\n\nThis computes a scalar multiplication of the secret/private key with the curve's basepoint.\n\n@param pub Pointer to 32 bytes of memory, allocated by the caller, where the resulting point is written to.\n@param priv Pointer to 32 bytes of memory where the secret/private key is read from."]
pub fn Hacl_Curve25519_51_secret_to_public(pub_: *mut u8, priv_: *mut u8);
}
extern "C" {
#[doc = "Execute the diffie-hellmann key exchange.\n\n@param out Pointer to 32 bytes of memory, allocated by the caller, where the resulting point is written to.\n@param priv Pointer to 32 bytes of memory where **our** secret/private key is read from.\n@param pub Pointer to 32 bytes of memory where **their** public point is read from."]
pub fn Hacl_Curve25519_51_ecdh(out: *mut u8, priv_: *mut u8, pub_: *mut u8) -> bool;
}
extern "C" {
#[doc = "Calculate a public point from a secret/private key.\n\nThis computes a scalar multiplication of the secret/private key with the curve's basepoint.\n\n@param pub Pointer to 32 bytes of memory where the resulting point is written to.\n@param priv Pointer to 32 bytes of memory where the secret/private key is read from."]
pub fn EverCrypt_Curve25519_secret_to_public(pub_: *mut u8, priv_: *mut u8);
}
extern "C" {
#[doc = "Compute the scalar multiple of a point.\n\n@param shared Pointer to 32 bytes of memory where the resulting point is written to.\n@param my_priv Pointer to 32 bytes of memory where the secret/private key is read from.\n@param their_pub Pointer to 32 bytes of memory where the public point is read from."]
pub fn EverCrypt_Curve25519_scalarmult(shared: *mut u8, my_priv: *mut u8, their_pub: *mut u8);
}
extern "C" {
#[doc = "Execute the diffie-hellmann key exchange.\n\n@param shared Pointer to 32 bytes of memory where the resulting point is written to.\n@param my_priv Pointer to 32 bytes of memory where **our** secret/private key is read from.\n@param their_pub Pointer to 32 bytes of memory where **their** public point is read from."]
pub fn EverCrypt_Curve25519_ecdh(shared: *mut u8, my_priv: *mut u8, their_pub: *mut u8)
-> bool;
}
pub type Spec_Hash_Definitions_hash_alg = u8;
pub type Hacl_Streaming_Types_error_code = u8;
#[repr(C)]
#[derive(Debug, Copy, Clone)]
pub struct Hacl_Streaming_MD_state_32_s {
pub block_state: *mut u32,
pub buf: *mut u8,
pub total_len: u64,
}
pub type Hacl_Streaming_MD_state_32 = Hacl_Streaming_MD_state_32_s;
#[repr(C)]
#[derive(Debug, Copy, Clone)]
pub struct Hacl_Streaming_MD_state_64_s {
pub block_state: *mut u64,
pub buf: *mut u8,
pub total_len: u64,
}
pub type Hacl_Streaming_MD_state_64 = Hacl_Streaming_MD_state_64_s;
pub type Hacl_Streaming_SHA2_state_sha2_224 = Hacl_Streaming_MD_state_32;
pub type Hacl_Streaming_SHA2_state_sha2_256 = Hacl_Streaming_MD_state_32;
pub type Hacl_Streaming_SHA2_state_sha2_384 = Hacl_Streaming_MD_state_64;
pub type Hacl_Streaming_SHA2_state_sha2_512 = Hacl_Streaming_MD_state_64;
extern "C" {
#[doc = "Allocate initial state for the SHA2_256 hash. The state is to be freed by\ncalling `free_256`."]
pub fn Hacl_Streaming_SHA2_create_in_256() -> *mut Hacl_Streaming_MD_state_32;
}
extern "C" {
#[doc = "Copies the state passed as argument into a newly allocated state (deep copy).\nThe state is to be freed by calling `free_256`. Cloning the state this way is\nuseful, for instance, if your control-flow diverges and you need to feed\nmore (different) data into the hash in each branch."]
pub fn Hacl_Streaming_SHA2_copy_256(
s0: *mut Hacl_Streaming_MD_state_32,
) -> *mut Hacl_Streaming_MD_state_32;
}
extern "C" {
#[doc = "Reset an existing state to the initial hash state with empty data."]
pub fn Hacl_Streaming_SHA2_init_256(s: *mut Hacl_Streaming_MD_state_32);
}
extern "C" {
#[doc = "Feed an arbitrary amount of data into the hash. This function returns 0 for\nsuccess, or 1 if the combined length of all of the data passed to `update_256`\n(since the last call to `init_256`) exceeds 2^61-1 bytes.\n\nThis function is identical to the update function for SHA2_224."]
pub fn Hacl_Streaming_SHA2_update_256(
p: *mut Hacl_Streaming_MD_state_32,
input: *mut u8,
input_len: u32,
) -> Hacl_Streaming_Types_error_code;
}
extern "C" {
#[doc = "Write the resulting hash into `dst`, an array of 32 bytes. The state remains\nvalid after a call to `finish_256`, meaning the user may feed more data into\nthe hash via `update_256`. (The finish_256 function operates on an internal copy of\nthe state and therefore does not invalidate the client-held state `p`.)"]
pub fn Hacl_Streaming_SHA2_finish_256(p: *mut Hacl_Streaming_MD_state_32, dst: *mut u8);
}
extern "C" {
#[doc = "Free a state allocated with `create_in_256`.\n\nThis function is identical to the free function for SHA2_224."]
pub fn Hacl_Streaming_SHA2_free_256(s: *mut Hacl_Streaming_MD_state_32);
}
extern "C" {
#[doc = "Hash `input`, of len `input_len`, into `dst`, an array of 32 bytes."]
pub fn Hacl_Streaming_SHA2_hash_256(input: *mut u8, input_len: u32, dst: *mut u8);
}
extern "C" {
pub fn Hacl_Streaming_SHA2_create_in_224() -> *mut Hacl_Streaming_MD_state_32;
}
extern "C" {
pub fn Hacl_Streaming_SHA2_init_224(s: *mut Hacl_Streaming_MD_state_32);
}
extern "C" {
pub fn Hacl_Streaming_SHA2_update_224(
p: *mut Hacl_Streaming_MD_state_32,
input: *mut u8,
input_len: u32,
) -> Hacl_Streaming_Types_error_code;
}
extern "C" {
#[doc = "Write the resulting hash into `dst`, an array of 28 bytes. The state remains\nvalid after a call to `finish_224`, meaning the user may feed more data into\nthe hash via `update_224`."]
pub fn Hacl_Streaming_SHA2_finish_224(p: *mut Hacl_Streaming_MD_state_32, dst: *mut u8);
}
extern "C" {
pub fn Hacl_Streaming_SHA2_free_224(p: *mut Hacl_Streaming_MD_state_32);
}
extern "C" {
#[doc = "Hash `input`, of len `input_len`, into `dst`, an array of 28 bytes."]
pub fn Hacl_Streaming_SHA2_hash_224(input: *mut u8, input_len: u32, dst: *mut u8);
}
extern "C" {
pub fn Hacl_Streaming_SHA2_create_in_512() -> *mut Hacl_Streaming_MD_state_64;
}
extern "C" {
#[doc = "Copies the state passed as argument into a newly allocated state (deep copy).\nThe state is to be freed by calling `free_512`. Cloning the state this way is\nuseful, for instance, if your control-flow diverges and you need to feed\nmore (different) data into the hash in each branch."]
pub fn Hacl_Streaming_SHA2_copy_512(
s0: *mut Hacl_Streaming_MD_state_64,
) -> *mut Hacl_Streaming_MD_state_64;
}
extern "C" {
pub fn Hacl_Streaming_SHA2_init_512(s: *mut Hacl_Streaming_MD_state_64);
}
extern "C" {
#[doc = "Feed an arbitrary amount of data into the hash. This function returns 0 for\nsuccess, or 1 if the combined length of all of the data passed to `update_512`\n(since the last call to `init_512`) exceeds 2^125-1 bytes.\n\nThis function is identical to the update function for SHA2_384."]
pub fn Hacl_Streaming_SHA2_update_512(
p: *mut Hacl_Streaming_MD_state_64,
input: *mut u8,
input_len: u32,
) -> Hacl_Streaming_Types_error_code;
}
extern "C" {
#[doc = "Write the resulting hash into `dst`, an array of 64 bytes. The state remains\nvalid after a call to `finish_512`, meaning the user may feed more data into\nthe hash via `update_512`. (The finish_512 function operates on an internal copy of\nthe state and therefore does not invalidate the client-held state `p`.)"]
pub fn Hacl_Streaming_SHA2_finish_512(p: *mut Hacl_Streaming_MD_state_64, dst: *mut u8);
}
extern "C" {
#[doc = "Free a state allocated with `create_in_512`.\n\nThis function is identical to the free function for SHA2_384."]
pub fn Hacl_Streaming_SHA2_free_512(s: *mut Hacl_Streaming_MD_state_64);
}
extern "C" {
#[doc = "Hash `input`, of len `input_len`, into `dst`, an array of 64 bytes."]
pub fn Hacl_Streaming_SHA2_hash_512(input: *mut u8, input_len: u32, dst: *mut u8);
}
extern "C" {
pub fn Hacl_Streaming_SHA2_create_in_384() -> *mut Hacl_Streaming_MD_state_64;
}
extern "C" {
pub fn Hacl_Streaming_SHA2_init_384(s: *mut Hacl_Streaming_MD_state_64);
}
extern "C" {
pub fn Hacl_Streaming_SHA2_update_384(
p: *mut Hacl_Streaming_MD_state_64,
input: *mut u8,
input_len: u32,
) -> Hacl_Streaming_Types_error_code;
}
extern "C" {
#[doc = "Write the resulting hash into `dst`, an array of 48 bytes. The state remains\nvalid after a call to `finish_384`, meaning the user may feed more data into\nthe hash via `update_384`."]
pub fn Hacl_Streaming_SHA2_finish_384(p: *mut Hacl_Streaming_MD_state_64, dst: *mut u8);
}
extern "C" {
pub fn Hacl_Streaming_SHA2_free_384(p: *mut Hacl_Streaming_MD_state_64);
}
extern "C" {
#[doc = "Hash `input`, of len `input_len`, into `dst`, an array of 48 bytes."]
pub fn Hacl_Streaming_SHA2_hash_384(input: *mut u8, input_len: u32, dst: *mut u8);
}
extern "C" {
#[doc = "Compute the public key from the private key.\n\nThe outparam `public_key` points to 32 bytes of valid memory, i.e., uint8_t[32].\nThe argument `private_key` points to 32 bytes of valid memory, i.e., uint8_t[32]."]
pub fn Hacl_Ed25519_secret_to_public(public_key: *mut u8, private_key: *mut u8);
}
extern "C" {
#[doc = "Compute the expanded keys for an Ed25519 signature.\n\nThe outparam `expanded_keys` points to 96 bytes of valid memory, i.e., uint8_t[96].\nThe argument `private_key` points to 32 bytes of valid memory, i.e., uint8_t[32].\n\nIf one needs to sign several messages under the same private key, it is more efficient\nto call `expand_keys` only once and `sign_expanded` multiple times, for each message."]
pub fn Hacl_Ed25519_expand_keys(expanded_keys: *mut u8, private_key: *mut u8);
}
extern "C" {
#[doc = "Create an Ed25519 signature with the (precomputed) expanded keys.\n\nThe outparam `signature` points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe argument `expanded_keys` points to 96 bytes of valid memory, i.e., uint8_t[96].\nThe argument `msg` points to `msg_len` bytes of valid memory, i.e., uint8_t[msg_len].\n\nThe argument `expanded_keys` is obtained through `expand_keys`.\n\nIf one needs to sign several messages under the same private key, it is more efficient\nto call `expand_keys` only once and `sign_expanded` multiple times, for each message."]
pub fn Hacl_Ed25519_sign_expanded(
signature: *mut u8,
expanded_keys: *mut u8,
msg_len: u32,
msg: *mut u8,
);
}
extern "C" {
#[doc = "Create an Ed25519 signature.\n\nThe outparam `signature` points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe argument `private_key` points to 32 bytes of valid memory, i.e., uint8_t[32].\nThe argument `msg` points to `msg_len` bytes of valid memory, i.e., uint8_t[msg_len].\n\nThe function first calls `expand_keys` and then invokes `sign_expanded`.\n\nIf one needs to sign several messages under the same private key, it is more efficient\nto call `expand_keys` only once and `sign_expanded` multiple times, for each message."]
pub fn Hacl_Ed25519_sign(signature: *mut u8, private_key: *mut u8, msg_len: u32, msg: *mut u8);
}
extern "C" {
#[doc = "Verify an Ed25519 signature.\n\nThe function returns `true` if the signature is valid and `false` otherwise.\n\nThe argument `public_key` points to 32 bytes of valid memory, i.e., uint8_t[32].\nThe argument `msg` points to `msg_len` bytes of valid memory, i.e., uint8_t[msg_len].\nThe argument `signature` points to 64 bytes of valid memory, i.e., uint8_t[64]."]
pub fn Hacl_Ed25519_verify(
public_key: *mut u8,
msg_len: u32,
msg: *mut u8,
signature: *mut u8,
) -> bool;
}
extern "C" {
pub fn EverCrypt_Ed25519_secret_to_public(public_key: *mut u8, private_key: *mut u8);
}
extern "C" {
pub fn EverCrypt_Ed25519_expand_keys(expanded_keys: *mut u8, private_key: *mut u8);
}
extern "C" {
pub fn EverCrypt_Ed25519_sign_expanded(
signature: *mut u8,
expanded_keys: *mut u8,
msg_len: u32,
msg: *mut u8,
);
}
extern "C" {
pub fn EverCrypt_Ed25519_sign(
signature: *mut u8,
private_key: *mut u8,
msg_len: u32,
msg: *mut u8,
);
}
extern "C" {
pub fn EverCrypt_Ed25519_verify(
public_key: *mut u8,
msg_len: u32,
msg: *mut u8,
signature: *mut u8,
) -> bool;
}
extern "C" {
#[doc = "Expand pseudorandom key to desired length.\n\n@param a Hash function to use. Usually, the same as used in `EverCrypt_HKDF_extract`.\n@param okm Pointer to `len` bytes of memory where output keying material is written to.\n@param prk Pointer to at least `HashLen` bytes of memory where pseudorandom key is read from. Usually, this points to the output from the extract step.\n@param prklen Length of pseudorandom key.\n@param info Pointer to `infolen` bytes of memory where context and application specific information is read from.\n@param infolen Length of context and application specific information. Can be 0.\n@param len Length of output keying material."]
pub fn EverCrypt_HKDF_expand(
a: Spec_Hash_Definitions_hash_alg,
okm: *mut u8,
prk: *mut u8,
prklen: u32,
info: *mut u8,
infolen: u32,
len: u32,
);
}
extern "C" {
#[doc = "Extract a fixed-length pseudorandom key from input keying material.\n\n@param a Hash function to use. The allowed values are:\n `Spec_Hash_Definitions_Blake2B` (`HashLen` = 64),\n `Spec_Hash_Definitions_Blake2S` (`HashLen` = 32),\n `Spec_Hash_Definitions_SHA2_256` (`HashLen` = 32),\n `Spec_Hash_Definitions_SHA2_384` (`HashLen` = 48),\n `Spec_Hash_Definitions_SHA2_512` (`HashLen` = 64), and\n `Spec_Hash_Definitions_SHA1` (`HashLen` = 20).\n@param prk Pointer to `HashLen` bytes of memory where pseudorandom key is written to.\n`HashLen` depends on the used algorithm `a`. See above.\n@param salt Pointer to `saltlen` bytes of memory where salt value is read from.\n@param saltlen Length of salt value.\n@param ikm Pointer to `ikmlen` bytes of memory where input keying material is read from.\n@param ikmlen Length of input keying material."]
pub fn EverCrypt_HKDF_extract(
a: Spec_Hash_Definitions_hash_alg,
prk: *mut u8,
salt: *mut u8,
saltlen: u32,
ikm: *mut u8,
ikmlen: u32,
);
}
extern "C" {
pub fn Hacl_Blake2b_32_blake2b_init(hash: *mut u64, kk: u32, nn: u32);
}
extern "C" {
pub fn Hacl_Blake2b_32_blake2b_update_key(
wv: *mut u64,
hash: *mut u64,
kk: u32,
k: *mut u8,
ll: u32,
);
}
extern "C" {
pub fn Hacl_Blake2b_32_blake2b_finish(nn: u32, output: *mut u8, hash: *mut u64);
}
extern "C" {
#[doc = "Write the BLAKE2b digest of message `d` using key `k` into `output`.\n\n@param nn Length of the to-be-generated digest with 1 <= `nn` <= 64.\n@param output Pointer to `nn` bytes of memory where the digest is written to.\n@param ll Length of the input message.\n@param d Pointer to `ll` bytes of memory where the input message is read from.\n@param kk Length of the key. Can be 0.\n@param k Pointer to `kk` bytes of memory where the key is read from."]
pub fn Hacl_Blake2b_32_blake2b(
nn: u32,
output: *mut u8,
ll: u32,
d: *mut u8,
kk: u32,
k: *mut u8,
);
}
extern "C" {
pub fn Hacl_Blake2b_32_blake2b_malloc() -> *mut u64;
}
extern "C" {
pub fn Hacl_Blake2s_32_blake2s_init(hash: *mut u32, kk: u32, nn: u32);
}
extern "C" {
pub fn Hacl_Blake2s_32_blake2s_update_key(
wv: *mut u32,
hash: *mut u32,
kk: u32,
k: *mut u8,
ll: u32,
);
}
extern "C" {
pub fn Hacl_Blake2s_32_blake2s_update_multi(
len: u32,
wv: *mut u32,
hash: *mut u32,
prev: u64,
blocks: *mut u8,
nb: u32,
);
}
extern "C" {
pub fn Hacl_Blake2s_32_blake2s_update_last(
len: u32,
wv: *mut u32,
hash: *mut u32,
prev: u64,
rem: u32,
d: *mut u8,
);
}
extern "C" {
pub fn Hacl_Blake2s_32_blake2s_finish(nn: u32, output: *mut u8, hash: *mut u32);
}
extern "C" {
#[doc = "Write the BLAKE2s digest of message `d` using key `k` into `output`.\n\n@param nn Length of to-be-generated digest with 1 <= `nn` <= 32.\n@param output Pointer to `nn` bytes of memory where the digest is written to.\n@param ll Length of the input message.\n@param d Pointer to `ll` bytes of memory where the input message is read from.\n@param kk Length of the key. Can be 0.\n@param k Pointer to `kk` bytes of memory where the key is read from."]
pub fn Hacl_Blake2s_32_blake2s(
nn: u32,
output: *mut u8,
ll: u32,
d: *mut u8,
kk: u32,
k: *mut u8,
);
}
extern "C" {
pub fn Hacl_Blake2s_32_blake2s_malloc() -> *mut u32;
}
extern "C" {
pub fn EverCrypt_HMAC_is_supported_alg(uu___: Spec_Hash_Definitions_hash_alg) -> bool;
}
extern "C" {
pub fn EverCrypt_HMAC_compute(
a: Spec_Hash_Definitions_hash_alg,
mac: *mut u8,
key: *mut u8,
keylen: u32,
data: *mut u8,
datalen: u32,
);
}
#[repr(C)]
#[derive(Debug, Copy, Clone)]
pub struct Hacl_Streaming_Keccak_hash_buf_s {
pub fst: Spec_Hash_Definitions_hash_alg,
pub snd: *mut u64,
}
pub type Hacl_Streaming_Keccak_hash_buf = Hacl_Streaming_Keccak_hash_buf_s;
#[repr(C)]
#[derive(Debug, Copy, Clone)]
pub struct Hacl_Streaming_Keccak_state_s {
pub block_state: Hacl_Streaming_Keccak_hash_buf,
pub buf: *mut u8,
pub total_len: u64,
}
pub type Hacl_Streaming_Keccak_state = Hacl_Streaming_Keccak_state_s;
extern "C" {
pub fn Hacl_Streaming_Keccak_get_alg(
s: *mut Hacl_Streaming_Keccak_state,
) -> Spec_Hash_Definitions_hash_alg;
}
extern "C" {
pub fn Hacl_Streaming_Keccak_malloc(
a: Spec_Hash_Definitions_hash_alg,
) -> *mut Hacl_Streaming_Keccak_state;
}
extern "C" {
pub fn Hacl_Streaming_Keccak_free(s: *mut Hacl_Streaming_Keccak_state);
}
extern "C" {
pub fn Hacl_Streaming_Keccak_copy(
s0: *mut Hacl_Streaming_Keccak_state,
) -> *mut Hacl_Streaming_Keccak_state;
}
extern "C" {
pub fn Hacl_Streaming_Keccak_reset(s: *mut Hacl_Streaming_Keccak_state);
}
extern "C" {
pub fn Hacl_Streaming_Keccak_update(
p: *mut Hacl_Streaming_Keccak_state,
data: *mut u8,
len: u32,
) -> Hacl_Streaming_Types_error_code;
}
extern "C" {
pub fn Hacl_Streaming_Keccak_finish(
s: *mut Hacl_Streaming_Keccak_state,
dst: *mut u8,
) -> Hacl_Streaming_Types_error_code;
}
extern "C" {
pub fn Hacl_Streaming_Keccak_squeeze(
s: *mut Hacl_Streaming_Keccak_state,
dst: *mut u8,
l: u32,
) -> Hacl_Streaming_Types_error_code;
}
extern "C" {
pub fn Hacl_Streaming_Keccak_block_len(s: *mut Hacl_Streaming_Keccak_state) -> u32;
}
extern "C" {
pub fn Hacl_Streaming_Keccak_hash_len(s: *mut Hacl_Streaming_Keccak_state) -> u32;
}
extern "C" {
pub fn Hacl_Streaming_Keccak_is_shake(s: *mut Hacl_Streaming_Keccak_state) -> bool;
}
extern "C" {
pub fn Hacl_SHA3_shake128_hacl(
inputByteLen: u32,
input: *mut u8,
outputByteLen: u32,
output: *mut u8,
);
}
extern "C" {
pub fn Hacl_SHA3_shake256_hacl(
inputByteLen: u32,
input: *mut u8,
outputByteLen: u32,
output: *mut u8,
);
}
extern "C" {
pub fn Hacl_SHA3_sha3_224(inputByteLen: u32, input: *mut u8, output: *mut u8);
}
extern "C" {
pub fn Hacl_SHA3_sha3_256(inputByteLen: u32, input: *mut u8, output: *mut u8);
}
extern "C" {
pub fn Hacl_SHA3_sha3_384(inputByteLen: u32, input: *mut u8, output: *mut u8);
}
extern "C" {
pub fn Hacl_SHA3_sha3_512(inputByteLen: u32, input: *mut u8, output: *mut u8);
}
extern "C" {
pub fn Hacl_Blake2s_128_blake2s_init(
hash: *mut Lib_IntVector_Intrinsics_vec128,
kk: u32,
nn: u32,
);
}
extern "C" {
pub fn Hacl_Blake2s_128_blake2s_update_key(
wv: *mut Lib_IntVector_Intrinsics_vec128,
hash: *mut Lib_IntVector_Intrinsics_vec128,
kk: u32,
k: *mut u8,
ll: u32,
);
}
extern "C" {
pub fn Hacl_Blake2s_128_blake2s_update_multi(
len: u32,
wv: *mut Lib_IntVector_Intrinsics_vec128,
hash: *mut Lib_IntVector_Intrinsics_vec128,
prev: u64,
blocks: *mut u8,
nb: u32,
);
}
extern "C" {
pub fn Hacl_Blake2s_128_blake2s_update_last(
len: u32,
wv: *mut Lib_IntVector_Intrinsics_vec128,
hash: *mut Lib_IntVector_Intrinsics_vec128,
prev: u64,
rem: u32,
d: *mut u8,
);
}
extern "C" {
pub fn Hacl_Blake2s_128_blake2s_finish(
nn: u32,
output: *mut u8,
hash: *mut Lib_IntVector_Intrinsics_vec128,
);
}
extern "C" {
#[doc = "Write the BLAKE2s digest of message `d` using key `k` into `output`.\n\n@param nn Length of to-be-generated digest with 1 <= `nn` <= 32.\n@param output Pointer to `nn` bytes of memory where the digest is written to.\n@param ll Length of the input message.\n@param d Pointer to `ll` bytes of memory where the input message is read from.\n@param kk Length of the key. Can be 0.\n@param k Pointer to `kk` bytes of memory where the key is read from."]
pub fn Hacl_Blake2s_128_blake2s(
nn: u32,
output: *mut u8,
ll: u32,
d: *mut u8,
kk: u32,
k: *mut u8,
);
}
extern "C" {
pub fn Hacl_Blake2s_128_store_state128s_to_state32(
st32: *mut u32,
st: *mut Lib_IntVector_Intrinsics_vec128,
);
}
extern "C" {
pub fn Hacl_Blake2s_128_load_state128s_from_state32(
st: *mut Lib_IntVector_Intrinsics_vec128,
st32: *mut u32,
);
}
extern "C" {
pub fn Hacl_Blake2s_128_blake2s_malloc() -> *mut Lib_IntVector_Intrinsics_vec128;
}
extern "C" {
pub fn Hacl_Blake2b_256_blake2b_init(
hash: *mut Lib_IntVector_Intrinsics_vec256,
kk: u32,
nn: u32,
);
}
extern "C" {
pub fn Hacl_Blake2b_256_blake2b_update_key(
wv: *mut Lib_IntVector_Intrinsics_vec256,
hash: *mut Lib_IntVector_Intrinsics_vec256,
kk: u32,
k: *mut u8,
ll: u32,
);
}
extern "C" {
pub fn Hacl_Blake2b_256_blake2b_finish(
nn: u32,
output: *mut u8,
hash: *mut Lib_IntVector_Intrinsics_vec256,
);
}
extern "C" {
#[doc = "Write the BLAKE2b digest of message `d` using key `k` into `output`.\n\n@param nn Length of the to-be-generated digest with 1 <= `nn` <= 64.\n@param output Pointer to `nn` bytes of memory where the digest is written to.\n@param ll Length of the input message.\n@param d Pointer to `ll` bytes of memory where the input message is read from.\n@param kk Length of the key. Can be 0.\n@param k Pointer to `kk` bytes of memory where the key is read from."]
pub fn Hacl_Blake2b_256_blake2b(
nn: u32,
output: *mut u8,
ll: u32,
d: *mut u8,
kk: u32,
k: *mut u8,
);
}
extern "C" {
pub fn Hacl_Blake2b_256_load_state256b_from_state32(
st: *mut Lib_IntVector_Intrinsics_vec256,
st32: *mut u64,
);
}
extern "C" {
pub fn Hacl_Blake2b_256_store_state256b_to_state32(
st32: *mut u64,
st: *mut Lib_IntVector_Intrinsics_vec256,
);
}
extern "C" {
pub fn Hacl_Blake2b_256_blake2b_malloc() -> *mut Lib_IntVector_Intrinsics_vec256;
}
#[repr(C)]
#[derive(Debug, Copy, Clone)]
pub struct EverCrypt_Hash_state_s_s {
_unused: [u8; 0],
}
pub type EverCrypt_Hash_state_s = EverCrypt_Hash_state_s_s;
extern "C" {
pub fn EverCrypt_Hash_Incremental_hash_len(a: Spec_Hash_Definitions_hash_alg) -> u32;
}
#[repr(C)]
#[derive(Debug, Copy, Clone)]
pub struct EverCrypt_Hash_Incremental_hash_state_s {
pub block_state: *mut EverCrypt_Hash_state_s,
pub buf: *mut u8,
pub total_len: u64,
}
pub type EverCrypt_Hash_Incremental_hash_state = EverCrypt_Hash_Incremental_hash_state_s;
extern "C" {
#[doc = "Allocate initial state for the agile hash. The argument `a` stands for the\nchoice of algorithm (see Hacl_Spec.h). This API will automatically pick the most\nefficient implementation, provided you have called EverCrypt_AutoConfig2_init()\nbefore. The state is to be freed by calling `free`."]
pub fn EverCrypt_Hash_Incremental_create_in(
a: Spec_Hash_Definitions_hash_alg,
) -> *mut EverCrypt_Hash_Incremental_hash_state;
}
extern "C" {
#[doc = "Reset an existing state to the initial hash state with empty data."]
pub fn EverCrypt_Hash_Incremental_init(s: *mut EverCrypt_Hash_Incremental_hash_state);
}
extern "C" {
#[doc = "Feed an arbitrary amount of data into the hash. This function returns\nEverCrypt_Error_Success for success, or EverCrypt_Error_MaximumLengthExceeded if\nthe combined length of all of the data passed to `update` (since the last call\nto `init`) exceeds 2^61-1 bytes or 2^64-1 bytes, depending on the choice of\nalgorithm. Both limits are unlikely to be attained in practice."]
pub fn EverCrypt_Hash_Incremental_update(
s: *mut EverCrypt_Hash_Incremental_hash_state,
data: *mut u8,
len: u32,
) -> EverCrypt_Error_error_code;
}
extern "C" {
#[doc = "Perform a run-time test to determine which algorithm was chosen for the given piece of state."]
pub fn EverCrypt_Hash_Incremental_alg_of_state(
s: *mut EverCrypt_Hash_Incremental_hash_state,
) -> Spec_Hash_Definitions_hash_alg;
}
extern "C" {
#[doc = "Write the resulting hash into `dst`, an array whose length is\nalgorithm-specific. You can use the macros defined earlier in this file to\nallocate a destination buffer of the right length. The state remains valid after\na call to `finish`, meaning the user may feed more data into the hash via\n`update`. (The finish function operates on an internal copy of the state and\ntherefore does not invalidate the client-held state.)"]
pub fn EverCrypt_Hash_Incremental_finish(
s: *mut EverCrypt_Hash_Incremental_hash_state,
dst: *mut u8,
);
}
extern "C" {
#[doc = "Free a state previously allocated with `create_in`."]
pub fn EverCrypt_Hash_Incremental_free(s: *mut EverCrypt_Hash_Incremental_hash_state);
}
extern "C" {
#[doc = "Hash `input`, of len `len`, into `dst`, an array whose length is determined by\nyour choice of algorithm `a` (see Hacl_Spec.h). You can use the macros defined\nearlier in this file to allocate a destination buffer of the right length. This\nAPI will automatically pick the most efficient implementation, provided you have\ncalled EverCrypt_AutoConfig2_init() before."]
pub fn EverCrypt_Hash_Incremental_hash(
a: Spec_Hash_Definitions_hash_alg,
dst: *mut u8,
input: *mut u8,
len: u32,
);
}
#[repr(C)]
#[derive(Debug, Copy, Clone)]
pub struct Hacl_Bignum_MontArithmetic_bn_mont_ctx_u64_s {
pub len: u32,
pub n: *mut u64,
pub mu: u64,
pub r2: *mut u64,
}
pub type Hacl_Bignum_MontArithmetic_bn_mont_ctx_u64 = Hacl_Bignum_MontArithmetic_bn_mont_ctx_u64_s;
extern "C" {
#[doc = "Write `a + b mod 2 ^ (64 * len)` in `res`.\n\nThis functions returns the carry.\n\nThe arguments a, b and the outparam res are meant to be `len` limbs in size, i.e. uint64_t[len]"]
pub fn Hacl_Bignum64_add(len: u32, a: *mut u64, b: *mut u64, res: *mut u64) -> u64;
}
extern "C" {
#[doc = "Write `a - b mod 2 ^ (64 * len)` in `res`.\n\nThis functions returns the carry.\n\nThe arguments a, b and the outparam res are meant to be `len` limbs in size, i.e. uint64_t[len]"]
pub fn Hacl_Bignum64_sub(len: u32, a: *mut u64, b: *mut u64, res: *mut u64) -> u64;
}
extern "C" {
#[doc = "Write `(a + b) mod n` in `res`.\n\nThe arguments a, b, n and the outparam res are meant to be `len` limbs in size, i.e. uint64_t[len].\n\nBefore calling this function, the caller will need to ensure that the following\npreconditions are observed.\n• a < n\n• b < n"]
pub fn Hacl_Bignum64_add_mod(len: u32, n: *mut u64, a: *mut u64, b: *mut u64, res: *mut u64);
}
extern "C" {
#[doc = "Write `(a - b) mod n` in `res`.\n\nThe arguments a, b, n and the outparam res are meant to be `len` limbs in size, i.e. uint64_t[len].\n\nBefore calling this function, the caller will need to ensure that the following\npreconditions are observed.\n• a < n\n• b < n"]
pub fn Hacl_Bignum64_sub_mod(len: u32, n: *mut u64, a: *mut u64, b: *mut u64, res: *mut u64);
}
extern "C" {
#[doc = "Write `a * b` in `res`.\n\nThe arguments a and b are meant to be `len` limbs in size, i.e. uint64_t[len].\nThe outparam res is meant to be `2*len` limbs in size, i.e. uint64_t[2*len]."]
pub fn Hacl_Bignum64_mul(len: u32, a: *mut u64, b: *mut u64, res: *mut u64);
}
extern "C" {
#[doc = "Write `a * a` in `res`.\n\nThe argument a is meant to be `len` limbs in size, i.e. uint64_t[len].\nThe outparam res is meant to be `2*len` limbs in size, i.e. uint64_t[2*len]."]
pub fn Hacl_Bignum64_sqr(len: u32, a: *mut u64, res: *mut u64);
}
extern "C" {
#[doc = "Write `a mod n` in `res`.\n\nThe argument a is meant to be `2*len` limbs in size, i.e. uint64_t[2*len].\nThe argument n and the outparam res are meant to be `len` limbs in size, i.e. uint64_t[len].\n\nThe function returns false if any of the following preconditions are violated,\ntrue otherwise.\n• 1 < n\n• n % 2 = 1"]
pub fn Hacl_Bignum64_mod(len: u32, n: *mut u64, a: *mut u64, res: *mut u64) -> bool;
}
extern "C" {
#[doc = "Write `a ^ b mod n` in `res`.\n\nThe arguments a, n and the outparam res are meant to be `len` limbs in size, i.e. uint64_t[len].\n\nThe argument b is a bignum of any size, and bBits is an upper bound on the\nnumber of significant bits of b. A tighter bound results in faster execution\ntime. When in doubt, the number of bits for the bignum size is always a safe\ndefault, e.g. if b is a 4096-bit bignum, bBits should be 4096.\n\nThe function is *NOT* constant-time on the argument b. See the\nmod_exp_consttime_* functions for constant-time variants.\n\nThe function returns false if any of the following preconditions are violated,\ntrue otherwise.\n• n % 2 = 1\n• 1 < n\n• b < pow2 bBits\n• a < n"]
pub fn Hacl_Bignum64_mod_exp_vartime(
len: u32,
n: *mut u64,
a: *mut u64,
bBits: u32,
b: *mut u64,
res: *mut u64,
) -> bool;
}
extern "C" {
#[doc = "Write `a ^ b mod n` in `res`.\n\nThe arguments a, n and the outparam res are meant to be `len` limbs in size, i.e. uint64_t[len].\n\nThe argument b is a bignum of any size, and bBits is an upper bound on the\nnumber of significant bits of b. A tighter bound results in faster execution\ntime. When in doubt, the number of bits for the bignum size is always a safe\ndefault, e.g. if b is a 4096-bit bignum, bBits should be 4096.\n\nThis function is constant-time over its argument b, at the cost of a slower\nexecution time than mod_exp_vartime.\n\nThe function returns false if any of the following preconditions are violated,\ntrue otherwise.\n• n % 2 = 1\n• 1 < n\n• b < pow2 bBits\n• a < n"]
pub fn Hacl_Bignum64_mod_exp_consttime(
len: u32,
n: *mut u64,
a: *mut u64,
bBits: u32,
b: *mut u64,
res: *mut u64,
) -> bool;
}
extern "C" {
#[doc = "Write `a ^ (-1) mod n` in `res`.\n\nThe arguments a, n and the outparam res are meant to be `len` limbs in size, i.e. uint64_t[len].\n\nBefore calling this function, the caller will need to ensure that the following\npreconditions are observed.\n• n is a prime\n\nThe function returns false if any of the following preconditions are violated,\ntrue otherwise.\n• n % 2 = 1\n• 1 < n\n• 0 < a\n• a < n"]
pub fn Hacl_Bignum64_mod_inv_prime_vartime(
len: u32,
n: *mut u64,
a: *mut u64,
res: *mut u64,
) -> bool;
}
extern "C" {
#[doc = "Heap-allocate and initialize a montgomery context.\n\nThe argument n is meant to be `len` limbs in size, i.e. uint64_t[len].\n\nBefore calling this function, the caller will need to ensure that the following\npreconditions are observed.\n• n % 2 = 1\n• 1 < n\n\nThe caller will need to call Hacl_Bignum64_mont_ctx_free on the return value\nto avoid memory leaks."]
pub fn Hacl_Bignum64_mont_ctx_init(
len: u32,
n: *mut u64,
) -> *mut Hacl_Bignum_MontArithmetic_bn_mont_ctx_u64;
}
extern "C" {
#[doc = "Deallocate the memory previously allocated by Hacl_Bignum64_mont_ctx_init.\n\nThe argument k is a montgomery context obtained through Hacl_Bignum64_mont_ctx_init."]
pub fn Hacl_Bignum64_mont_ctx_free(k: *mut Hacl_Bignum_MontArithmetic_bn_mont_ctx_u64);
}
extern "C" {
#[doc = "Write `a mod n` in `res`.\n\nThe argument a is meant to be `2*len` limbs in size, i.e. uint64_t[2*len].\nThe outparam res is meant to be `len` limbs in size, i.e. uint64_t[len].\nThe argument k is a montgomery context obtained through Hacl_Bignum64_mont_ctx_init."]
pub fn Hacl_Bignum64_mod_precomp(
k: *mut Hacl_Bignum_MontArithmetic_bn_mont_ctx_u64,
a: *mut u64,
res: *mut u64,
);
}
extern "C" {
#[doc = "Write `a ^ b mod n` in `res`.\n\nThe arguments a and the outparam res are meant to be `len` limbs in size, i.e. uint64_t[len].\nThe argument k is a montgomery context obtained through Hacl_Bignum64_mont_ctx_init.\n\nThe argument b is a bignum of any size, and bBits is an upper bound on the\nnumber of significant bits of b. A tighter bound results in faster execution\ntime. When in doubt, the number of bits for the bignum size is always a safe\ndefault, e.g. if b is a 4096-bit bignum, bBits should be 4096.\n\nThe function is *NOT* constant-time on the argument b. See the\nmod_exp_consttime_* functions for constant-time variants.\n\nBefore calling this function, the caller will need to ensure that the following\npreconditions are observed.\n• b < pow2 bBits\n• a < n"]
pub fn Hacl_Bignum64_mod_exp_vartime_precomp(
k: *mut Hacl_Bignum_MontArithmetic_bn_mont_ctx_u64,
a: *mut u64,
bBits: u32,
b: *mut u64,
res: *mut u64,
);
}
extern "C" {
#[doc = "Write `a ^ b mod n` in `res`.\n\nThe arguments a and the outparam res are meant to be `len` limbs in size, i.e. uint64_t[len].\nThe argument k is a montgomery context obtained through Hacl_Bignum64_mont_ctx_init.\n\nThe argument b is a bignum of any size, and bBits is an upper bound on the\nnumber of significant bits of b. A tighter bound results in faster execution\ntime. When in doubt, the number of bits for the bignum size is always a safe\ndefault, e.g. if b is a 4096-bit bignum, bBits should be 4096.\n\nThis function is constant-time over its argument b, at the cost of a slower\nexecution time than mod_exp_vartime_*.\n\nBefore calling this function, the caller will need to ensure that the following\npreconditions are observed.\n• b < pow2 bBits\n• a < n"]
pub fn Hacl_Bignum64_mod_exp_consttime_precomp(
k: *mut Hacl_Bignum_MontArithmetic_bn_mont_ctx_u64,
a: *mut u64,
bBits: u32,
b: *mut u64,
res: *mut u64,
);
}
extern "C" {
#[doc = "Write `a ^ (-1) mod n` in `res`.\n\nThe argument a and the outparam res are meant to be `len` limbs in size, i.e. uint64_t[len].\nThe argument k is a montgomery context obtained through Hacl_Bignum64_mont_ctx_init.\n\nBefore calling this function, the caller will need to ensure that the following\npreconditions are observed.\n• n is a prime\n• 0 < a\n• a < n"]
pub fn Hacl_Bignum64_mod_inv_prime_vartime_precomp(
k: *mut Hacl_Bignum_MontArithmetic_bn_mont_ctx_u64,
a: *mut u64,
res: *mut u64,
);
}
extern "C" {
#[doc = "Load a bid-endian bignum from memory.\n\nThe argument b points to `len` bytes of valid memory.\nThe function returns a heap-allocated bignum of size sufficient to hold the\nresult of loading b, or NULL if either the allocation failed, or the amount of\nrequired memory would exceed 4GB.\n\nIf the return value is non-null, clients must eventually call free(3) on it to\navoid memory leaks."]
pub fn Hacl_Bignum64_new_bn_from_bytes_be(len: u32, b: *mut u8) -> *mut u64;
}
extern "C" {
#[doc = "Load a little-endian bignum from memory.\n\nThe argument b points to `len` bytes of valid memory.\nThe function returns a heap-allocated bignum of size sufficient to hold the\nresult of loading b, or NULL if either the allocation failed, or the amount of\nrequired memory would exceed 4GB.\n\nIf the return value is non-null, clients must eventually call free(3) on it to\navoid memory leaks."]
pub fn Hacl_Bignum64_new_bn_from_bytes_le(len: u32, b: *mut u8) -> *mut u64;
}
extern "C" {
#[doc = "Serialize a bignum into big-endian memory.\n\nThe argument b points to a bignum of ⌈len / 8⌉ size.\nThe outparam res points to `len` bytes of valid memory."]
pub fn Hacl_Bignum64_bn_to_bytes_be(len: u32, b: *mut u64, res: *mut u8);
}
extern "C" {
#[doc = "Serialize a bignum into little-endian memory.\n\nThe argument b points to a bignum of ⌈len / 8⌉ size.\nThe outparam res points to `len` bytes of valid memory."]
pub fn Hacl_Bignum64_bn_to_bytes_le(len: u32, b: *mut u64, res: *mut u8);
}
extern "C" {
#[doc = "Returns 2^64 - 1 if a < b, otherwise returns 0.\n\nThe arguments a and b are meant to be `len` limbs in size, i.e. uint64_t[len]."]
pub fn Hacl_Bignum64_lt_mask(len: u32, a: *mut u64, b: *mut u64) -> u64;
}
extern "C" {
#[doc = "Returns 2^64 - 1 if a = b, otherwise returns 0.\n\nThe arguments a and b are meant to be `len` limbs in size, i.e. uint64_t[len]."]
pub fn Hacl_Bignum64_eq_mask(len: u32, a: *mut u64, b: *mut u64) -> u64;
}
extern "C" {
#[doc = "Write the HMAC-SHA-1 MAC of a message (`data`) by using a key (`key`) into `dst`.\n\nThe key can be any length and will be hashed if it is longer and padded if it is shorter than 64 byte.\n`dst` must point to 20 bytes of memory."]
pub fn Hacl_HMAC_legacy_compute_sha1(
dst: *mut u8,
key: *mut u8,
key_len: u32,
data: *mut u8,
data_len: u32,
);
}
extern "C" {
#[doc = "Write the HMAC-SHA-2-256 MAC of a message (`data`) by using a key (`key`) into `dst`.\n\nThe key can be any length and will be hashed if it is longer and padded if it is shorter than 64 bytes.\n`dst` must point to 32 bytes of memory."]
pub fn Hacl_HMAC_compute_sha2_256(
dst: *mut u8,
key: *mut u8,
key_len: u32,
data: *mut u8,
data_len: u32,
);
}
extern "C" {
#[doc = "Write the HMAC-SHA-2-384 MAC of a message (`data`) by using a key (`key`) into `dst`.\n\nThe key can be any length and will be hashed if it is longer and padded if it is shorter than 128 bytes.\n`dst` must point to 48 bytes of memory."]
pub fn Hacl_HMAC_compute_sha2_384(
dst: *mut u8,
key: *mut u8,
key_len: u32,
data: *mut u8,
data_len: u32,
);
}
extern "C" {
#[doc = "Write the HMAC-SHA-2-512 MAC of a message (`data`) by using a key (`key`) into `dst`.\n\nThe key can be any length and will be hashed if it is longer and padded if it is shorter than 128 bytes.\n`dst` must point to 64 bytes of memory."]
pub fn Hacl_HMAC_compute_sha2_512(
dst: *mut u8,
key: *mut u8,
key_len: u32,
data: *mut u8,
data_len: u32,
);
}
extern "C" {
#[doc = "Write the HMAC-BLAKE2s MAC of a message (`data`) by using a key (`key`) into `dst`.\n\nThe key can be any length and will be hashed if it is longer and padded if it is shorter than 64 bytes.\n`dst` must point to 32 bytes of memory."]
pub fn Hacl_HMAC_compute_blake2s_32(
dst: *mut u8,
key: *mut u8,
key_len: u32,
data: *mut u8,
data_len: u32,
);
}
extern "C" {
#[doc = "Write the HMAC-BLAKE2b MAC of a message (`data`) by using a key (`key`) into `dst`.\n\nThe key can be any length and will be hashed if it is longer and padded if it is shorter than 128 bytes.\n`dst` must point to 64 bytes of memory."]
pub fn Hacl_HMAC_compute_blake2b_32(
dst: *mut u8,
key: *mut u8,
key_len: u32,
data: *mut u8,
data_len: u32,
);
}
extern "C" {
#[doc = "Expand pseudorandom key to desired length.\n\n@param okm Pointer to `len` bytes of memory where output keying material is written to.\n@param prk Pointer to at least `HashLen` bytes of memory where pseudorandom key is read from. Usually, this points to the output from the extract step.\n@param prklen Length of pseudorandom key.\n@param info Pointer to `infolen` bytes of memory where context and application specific information is read from. Can be a zero-length string.\n@param infolen Length of context and application specific information.\n@param len Length of output keying material."]
pub fn Hacl_HKDF_expand_sha2_256(
okm: *mut u8,
prk: *mut u8,
prklen: u32,
info: *mut u8,
infolen: u32,
len: u32,
);
}
extern "C" {
#[doc = "Extract a fixed-length pseudorandom key from input keying material.\n\n@param prk Pointer to `HashLen` bytes of memory where pseudorandom key is written to.\n@param salt Pointer to `saltlen` bytes of memory where salt value is read from.\n@param saltlen Length of salt value.\n@param ikm Pointer to `ikmlen` bytes of memory where input keying material is read from.\n@param ikmlen Length of input keying material."]
pub fn Hacl_HKDF_extract_sha2_256(
prk: *mut u8,
salt: *mut u8,
saltlen: u32,
ikm: *mut u8,
ikmlen: u32,
);
}
extern "C" {
#[doc = "Expand pseudorandom key to desired length.\n\n@param okm Pointer to `len` bytes of memory where output keying material is written to.\n@param prk Pointer to at least `HashLen` bytes of memory where pseudorandom key is read from. Usually, this points to the output from the extract step.\n@param prklen Length of pseudorandom key.\n@param info Pointer to `infolen` bytes of memory where context and application specific information is read from. Can be a zero-length string.\n@param infolen Length of context and application specific information.\n@param len Length of output keying material."]
pub fn Hacl_HKDF_expand_sha2_384(
okm: *mut u8,
prk: *mut u8,
prklen: u32,
info: *mut u8,
infolen: u32,
len: u32,
);
}
extern "C" {
#[doc = "Extract a fixed-length pseudorandom key from input keying material.\n\n@param prk Pointer to `HashLen` bytes of memory where pseudorandom key is written to.\n@param salt Pointer to `saltlen` bytes of memory where salt value is read from.\n@param saltlen Length of salt value.\n@param ikm Pointer to `ikmlen` bytes of memory where input keying material is read from.\n@param ikmlen Length of input keying material."]
pub fn Hacl_HKDF_extract_sha2_384(
prk: *mut u8,
salt: *mut u8,
saltlen: u32,
ikm: *mut u8,
ikmlen: u32,
);
}
extern "C" {
#[doc = "Expand pseudorandom key to desired length.\n\n@param okm Pointer to `len` bytes of memory where output keying material is written to.\n@param prk Pointer to at least `HashLen` bytes of memory where pseudorandom key is read from. Usually, this points to the output from the extract step.\n@param prklen Length of pseudorandom key.\n@param info Pointer to `infolen` bytes of memory where context and application specific information is read from. Can be a zero-length string.\n@param infolen Length of context and application specific information.\n@param len Length of output keying material."]
pub fn Hacl_HKDF_expand_sha2_512(
okm: *mut u8,
prk: *mut u8,
prklen: u32,
info: *mut u8,
infolen: u32,
len: u32,
);
}
extern "C" {
#[doc = "Extract a fixed-length pseudorandom key from input keying material.\n\n@param prk Pointer to `HashLen` bytes of memory where pseudorandom key is written to.\n@param salt Pointer to `saltlen` bytes of memory where salt value is read from.\n@param saltlen Length of salt value.\n@param ikm Pointer to `ikmlen` bytes of memory where input keying material is read from.\n@param ikmlen Length of input keying material."]
pub fn Hacl_HKDF_extract_sha2_512(
prk: *mut u8,
salt: *mut u8,
saltlen: u32,
ikm: *mut u8,
ikmlen: u32,
);
}
extern "C" {
#[doc = "Expand pseudorandom key to desired length.\n\n@param okm Pointer to `len` bytes of memory where output keying material is written to.\n@param prk Pointer to at least `HashLen` bytes of memory where pseudorandom key is read from. Usually, this points to the output from the extract step.\n@param prklen Length of pseudorandom key.\n@param info Pointer to `infolen` bytes of memory where context and application specific information is read from. Can be a zero-length string.\n@param infolen Length of context and application specific information.\n@param len Length of output keying material."]
pub fn Hacl_HKDF_expand_blake2s_32(
okm: *mut u8,
prk: *mut u8,
prklen: u32,
info: *mut u8,
infolen: u32,
len: u32,
);
}
extern "C" {
#[doc = "Extract a fixed-length pseudorandom key from input keying material.\n\n@param prk Pointer to `HashLen` bytes of memory where pseudorandom key is written to.\n@param salt Pointer to `saltlen` bytes of memory where salt value is read from.\n@param saltlen Length of salt value.\n@param ikm Pointer to `ikmlen` bytes of memory where input keying material is read from.\n@param ikmlen Length of input keying material."]
pub fn Hacl_HKDF_extract_blake2s_32(
prk: *mut u8,
salt: *mut u8,
saltlen: u32,
ikm: *mut u8,
ikmlen: u32,
);
}
extern "C" {
#[doc = "Expand pseudorandom key to desired length.\n\n@param okm Pointer to `len` bytes of memory where output keying material is written to.\n@param prk Pointer to at least `HashLen` bytes of memory where pseudorandom key is read from. Usually, this points to the output from the extract step.\n@param prklen Length of pseudorandom key.\n@param info Pointer to `infolen` bytes of memory where context and application specific information is read from. Can be a zero-length string.\n@param infolen Length of context and application specific information.\n@param len Length of output keying material."]
pub fn Hacl_HKDF_expand_blake2b_32(
okm: *mut u8,
prk: *mut u8,
prklen: u32,
info: *mut u8,
infolen: u32,
len: u32,
);
}
extern "C" {
#[doc = "Extract a fixed-length pseudorandom key from input keying material.\n\n@param prk Pointer to `HashLen` bytes of memory where pseudorandom key is written to.\n@param salt Pointer to `saltlen` bytes of memory where salt value is read from.\n@param saltlen Length of salt value.\n@param ikm Pointer to `ikmlen` bytes of memory where input keying material is read from.\n@param ikmlen Length of input keying material."]
pub fn Hacl_HKDF_extract_blake2b_32(
prk: *mut u8,
salt: *mut u8,
saltlen: u32,
ikm: *mut u8,
ikmlen: u32,
);
}
pub type Hacl_HMAC_DRBG_supported_alg = Spec_Hash_Definitions_hash_alg;
extern "C" {
#[doc = "Return the minimal entropy input length of the desired hash function.\n\n@param a Hash algorithm to use."]
pub fn Hacl_HMAC_DRBG_min_length(a: Spec_Hash_Definitions_hash_alg) -> u32;
}
#[repr(C)]
#[derive(Debug, Copy, Clone)]
pub struct Hacl_HMAC_DRBG_state_s {
pub k: *mut u8,
pub v: *mut u8,
pub reseed_counter: *mut u32,
}
pub type Hacl_HMAC_DRBG_state = Hacl_HMAC_DRBG_state_s;
extern "C" {
pub fn Hacl_HMAC_DRBG_uu___is_State(
a: Spec_Hash_Definitions_hash_alg,
projectee: Hacl_HMAC_DRBG_state,
) -> bool;
}
extern "C" {
#[doc = "Create a DRBG state.\n\n@param a Hash algorithm to use. The possible instantiations are ...\n `Spec_Hash_Definitions_SHA2_256`,\n `Spec_Hash_Definitions_SHA2_384`,\n `Spec_Hash_Definitions_SHA2_512`, and\n `Spec_Hash_Definitions_SHA1`."]
pub fn Hacl_HMAC_DRBG_create_in(a: Spec_Hash_Definitions_hash_alg) -> Hacl_HMAC_DRBG_state;
}
extern "C" {
#[doc = "Instantiate the DRBG.\n\n@param a Hash algorithm to use. (Value must match the value used in `Hacl_HMAC_DRBG_create_in`.)\n@param st Pointer to DRBG state.\n@param entropy_input_len Length of entropy input.\n@param entropy_input Pointer to `entropy_input_len` bytes of memory where entropy input is read from.\n@param nonce_len Length of nonce.\n@param nonce Pointer to `nonce_len` bytes of memory where nonce is read from.\n@param personalization_string_len length of personalization string.\n@param personalization_string Pointer to `personalization_string_len` bytes of memory where personalization string is read from."]
pub fn Hacl_HMAC_DRBG_instantiate(
a: Spec_Hash_Definitions_hash_alg,
st: Hacl_HMAC_DRBG_state,
entropy_input_len: u32,
entropy_input: *mut u8,
nonce_len: u32,
nonce: *mut u8,
personalization_string_len: u32,
personalization_string: *mut u8,
);
}
extern "C" {
#[doc = "Reseed the DRBG.\n\n@param a Hash algorithm to use. (Value must match the value used in `Hacl_HMAC_DRBG_create_in`.)\n@param st Pointer to DRBG state.\n@param entropy_input_len Length of entropy input.\n@param entropy_input Pointer to `entropy_input_len` bytes of memory where entropy input is read from.\n@param additional_input_input_len Length of additional input.\n@param additional_input_input Pointer to `additional_input_input_len` bytes of memory where additional input is read from."]
pub fn Hacl_HMAC_DRBG_reseed(
a: Spec_Hash_Definitions_hash_alg,
st: Hacl_HMAC_DRBG_state,
entropy_input_len: u32,
entropy_input: *mut u8,
additional_input_input_len: u32,
additional_input_input: *mut u8,
);
}
extern "C" {
#[doc = "Generate output.\n\n@param a Hash algorithm to use. (Value must match the value used in `create_in`.)\n@param output Pointer to `n` bytes of memory where random output is written to.\n@param st Pointer to DRBG state.\n@param n Length of desired output.\n@param additional_input_input_len Length of additional input.\n@param additional_input_input Pointer to `additional_input_input_len` bytes of memory where additional input is read from."]
pub fn Hacl_HMAC_DRBG_generate(
a: Spec_Hash_Definitions_hash_alg,
output: *mut u8,
st: Hacl_HMAC_DRBG_state,
n: u32,
additional_input_len: u32,
additional_input: *mut u8,
) -> bool;
}
extern "C" {
pub fn Hacl_HMAC_DRBG_free(uu___: Spec_Hash_Definitions_hash_alg, s: Hacl_HMAC_DRBG_state);
}
extern "C" {
#[doc = "Create an ECDSA signature using SHA2-256.\n\nThe function returns `true` for successful creation of an ECDSA signature and `false` otherwise.\n\nThe outparam `signature` (R || S) points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe argument `msg` points to `msg_len` bytes of valid memory, i.e., uint8_t[msg_len].\nThe arguments `private_key` and `nonce` point to 32 bytes of valid memory, i.e., uint8_t[32].\n\nThe function also checks whether `private_key` and `nonce` are valid:\n• 0 < `private_key` < the order of the curve\n• 0 < `nonce` < the order of the curve"]
pub fn Hacl_P256_ecdsa_sign_p256_sha2(
signature: *mut u8,
msg_len: u32,
msg: *mut u8,
private_key: *mut u8,
nonce: *mut u8,
) -> bool;
}
extern "C" {
#[doc = "Create an ECDSA signature using SHA2-384.\n\nThe function returns `true` for successful creation of an ECDSA signature and `false` otherwise.\n\nThe outparam `signature` (R || S) points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe argument `msg` points to `msg_len` bytes of valid memory, i.e., uint8_t[msg_len].\nThe arguments `private_key` and `nonce` point to 32 bytes of valid memory, i.e., uint8_t[32].\n\nThe function also checks whether `private_key` and `nonce` are valid:\n• 0 < `private_key` < the order of the curve\n• 0 < `nonce` < the order of the curve"]
pub fn Hacl_P256_ecdsa_sign_p256_sha384(
signature: *mut u8,
msg_len: u32,
msg: *mut u8,
private_key: *mut u8,
nonce: *mut u8,
) -> bool;
}
extern "C" {
#[doc = "Create an ECDSA signature using SHA2-512.\n\nThe function returns `true` for successful creation of an ECDSA signature and `false` otherwise.\n\nThe outparam `signature` (R || S) points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe argument `msg` points to `msg_len` bytes of valid memory, i.e., uint8_t[msg_len].\nThe arguments `private_key` and `nonce` point to 32 bytes of valid memory, i.e., uint8_t[32].\n\nThe function also checks whether `private_key` and `nonce` are valid:\n• 0 < `private_key` < the order of the curve\n• 0 < `nonce` < the order of the curve"]
pub fn Hacl_P256_ecdsa_sign_p256_sha512(
signature: *mut u8,
msg_len: u32,
msg: *mut u8,
private_key: *mut u8,
nonce: *mut u8,
) -> bool;
}
extern "C" {
#[doc = "Create an ECDSA signature WITHOUT hashing first.\n\nThis function is intended to receive a hash of the input.\nFor convenience, we recommend using one of the hash-and-sign combined functions above.\n\nThe argument `msg` MUST be at least 32 bytes (i.e. `msg_len >= 32`).\n\nNOTE: The equivalent functions in OpenSSL and Fiat-Crypto both accept inputs\nsmaller than 32 bytes. These libraries left-pad the input with enough zeroes to\nreach the minimum 32 byte size. Clients who need behavior identical to OpenSSL\nneed to perform the left-padding themselves.\n\nThe function returns `true` for successful creation of an ECDSA signature and `false` otherwise.\n\nThe outparam `signature` (R || S) points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe argument `msg` points to `msg_len` bytes of valid memory, i.e., uint8_t[msg_len].\nThe arguments `private_key` and `nonce` point to 32 bytes of valid memory, i.e., uint8_t[32].\n\nThe function also checks whether `private_key` and `nonce` are valid values:\n• 0 < `private_key` < the order of the curve\n• 0 < `nonce` < the order of the curve"]
pub fn Hacl_P256_ecdsa_sign_p256_without_hash(
signature: *mut u8,
msg_len: u32,
msg: *mut u8,
private_key: *mut u8,
nonce: *mut u8,
) -> bool;
}
extern "C" {
#[doc = "Verify an ECDSA signature using SHA2-256.\n\nThe function returns `true` if the signature is valid and `false` otherwise.\n\nThe argument `msg` points to `msg_len` bytes of valid memory, i.e., uint8_t[msg_len].\nThe argument `public_key` (x || y) points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe arguments `signature_r` and `signature_s` point to 32 bytes of valid memory, i.e., uint8_t[32].\n\nThe function also checks whether `public_key` is valid"]
pub fn Hacl_P256_ecdsa_verif_p256_sha2(
msg_len: u32,
msg: *mut u8,
public_key: *mut u8,
signature_r: *mut u8,
signature_s: *mut u8,
) -> bool;
}
extern "C" {
#[doc = "Verify an ECDSA signature using SHA2-384.\n\nThe function returns `true` if the signature is valid and `false` otherwise.\n\nThe argument `msg` points to `msg_len` bytes of valid memory, i.e., uint8_t[msg_len].\nThe argument `public_key` (x || y) points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe arguments `signature_r` and `signature_s` point to 32 bytes of valid memory, i.e., uint8_t[32].\n\nThe function also checks whether `public_key` is valid"]
pub fn Hacl_P256_ecdsa_verif_p256_sha384(
msg_len: u32,
msg: *mut u8,
public_key: *mut u8,
signature_r: *mut u8,
signature_s: *mut u8,
) -> bool;
}
extern "C" {
#[doc = "Verify an ECDSA signature using SHA2-512.\n\nThe function returns `true` if the signature is valid and `false` otherwise.\n\nThe argument `msg` points to `msg_len` bytes of valid memory, i.e., uint8_t[msg_len].\nThe argument `public_key` (x || y) points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe arguments `signature_r` and `signature_s` point to 32 bytes of valid memory, i.e., uint8_t[32].\n\nThe function also checks whether `public_key` is valid"]
pub fn Hacl_P256_ecdsa_verif_p256_sha512(
msg_len: u32,
msg: *mut u8,
public_key: *mut u8,
signature_r: *mut u8,
signature_s: *mut u8,
) -> bool;
}
extern "C" {
#[doc = "Verify an ECDSA signature WITHOUT hashing first.\n\nThis function is intended to receive a hash of the input.\nFor convenience, we recommend using one of the hash-and-verify combined functions above.\n\nThe argument `msg` MUST be at least 32 bytes (i.e. `msg_len >= 32`).\n\nThe function returns `true` if the signature is valid and `false` otherwise.\n\nThe argument `msg` points to `msg_len` bytes of valid memory, i.e., uint8_t[msg_len].\nThe argument `public_key` (x || y) points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe arguments `signature_r` and `signature_s` point to 32 bytes of valid memory, i.e., uint8_t[32].\n\nThe function also checks whether `public_key` is valid"]
pub fn Hacl_P256_ecdsa_verif_without_hash(
msg_len: u32,
msg: *mut u8,
public_key: *mut u8,
signature_r: *mut u8,
signature_s: *mut u8,
) -> bool;
}
extern "C" {
#[doc = "Public key validation.\n\nThe function returns `true` if a public key is valid and `false` otherwise.\n\nThe argument `public_key` points to 64 bytes of valid memory, i.e., uint8_t[64].\n\nThe public key (x || y) is valid (with respect to SP 800-56A):\n• the public key is not the “point at infinity”, represented as O.\n• the affine x and y coordinates of the point represented by the public key are\nin the range [0, p – 1] where p is the prime defining the finite field.\n• y^2 = x^3 + ax + b where a and b are the coefficients of the curve equation.\nThe last extract is taken from: https://neilmadden.blog/2017/05/17/so-how-do-you-validate-nist-ecdh-public-keys/"]
pub fn Hacl_P256_validate_public_key(public_key: *mut u8) -> bool;
}
extern "C" {
#[doc = "Private key validation.\n\nThe function returns `true` if a private key is valid and `false` otherwise.\n\nThe argument `private_key` points to 32 bytes of valid memory, i.e., uint8_t[32].\n\nThe private key is valid:\n• 0 < `private_key` < the order of the curve"]
pub fn Hacl_P256_validate_private_key(private_key: *mut u8) -> bool;
}
extern "C" {
#[doc = "Convert a public key from uncompressed to its raw form.\n\nThe function returns `true` for successful conversion of a public key and `false` otherwise.\n\nThe outparam `pk_raw` points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe argument `pk` points to 65 bytes of valid memory, i.e., uint8_t[65].\n\nThe function DOESN'T check whether (x, y) is a valid point."]
pub fn Hacl_P256_uncompressed_to_raw(pk: *mut u8, pk_raw: *mut u8) -> bool;
}
extern "C" {
#[doc = "Convert a public key from compressed to its raw form.\n\nThe function returns `true` for successful conversion of a public key and `false` otherwise.\n\nThe outparam `pk_raw` points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe argument `pk` points to 33 bytes of valid memory, i.e., uint8_t[33].\n\nThe function also checks whether (x, y) is a valid point."]
pub fn Hacl_P256_compressed_to_raw(pk: *mut u8, pk_raw: *mut u8) -> bool;
}
extern "C" {
#[doc = "Convert a public key from raw to its uncompressed form.\n\nThe outparam `pk` points to 65 bytes of valid memory, i.e., uint8_t[65].\nThe argument `pk_raw` points to 64 bytes of valid memory, i.e., uint8_t[64].\n\nThe function DOESN'T check whether (x, y) is a valid point."]
pub fn Hacl_P256_raw_to_uncompressed(pk_raw: *mut u8, pk: *mut u8);
}
extern "C" {
#[doc = "Convert a public key from raw to its compressed form.\n\nThe outparam `pk` points to 33 bytes of valid memory, i.e., uint8_t[33].\nThe argument `pk_raw` points to 64 bytes of valid memory, i.e., uint8_t[64].\n\nThe function DOESN'T check whether (x, y) is a valid point."]
pub fn Hacl_P256_raw_to_compressed(pk_raw: *mut u8, pk: *mut u8);
}
extern "C" {
#[doc = "Compute the public key from the private key.\n\nThe function returns `true` if a private key is valid and `false` otherwise.\n\nThe outparam `public_key` points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe argument `private_key` points to 32 bytes of valid memory, i.e., uint8_t[32].\n\nThe private key is valid:\n• 0 < `private_key` < the order of the curve."]
pub fn Hacl_P256_dh_initiator(public_key: *mut u8, private_key: *mut u8) -> bool;
}
extern "C" {
#[doc = "Execute the diffie-hellmann key exchange.\n\nThe function returns `true` for successful creation of an ECDH shared secret and\n`false` otherwise.\n\nThe outparam `shared_secret` points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe argument `their_pubkey` points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe argument `private_key` points to 32 bytes of valid memory, i.e., uint8_t[32].\n\nThe function also checks whether `private_key` and `their_pubkey` are valid."]
pub fn Hacl_P256_dh_responder(
shared_secret: *mut u8,
their_pubkey: *mut u8,
private_key: *mut u8,
) -> bool;
}
extern "C" {
#[doc = "Sign a message `msg` and write the signature to `sgnt`.\n\n@param a Hash algorithm to use. Allowed values for `a` are ...\n Spec_Hash_Definitions_SHA2_256,\n Spec_Hash_Definitions_SHA2_384, and\n Spec_Hash_Definitions_SHA2_512.\n@param modBits Count of bits in the modulus (`n`).\n@param eBits Count of bits in `e` value.\n@param dBits Count of bits in `d` value.\n@param skey Pointer to secret key created by `Hacl_RSAPSS_new_rsapss_load_skey`.\n@param saltLen Length of salt.\n@param salt Pointer to `saltLen` bytes where the salt is read from.\n@param msgLen Length of message.\n@param msg Pointer to `msgLen` bytes where the message is read from.\n@param sgnt Pointer to `ceil(modBits / 8)` bytes where the signature is written to.\n\n@return Returns true if and only if signing was successful."]
pub fn Hacl_RSAPSS_rsapss_sign(
a: Spec_Hash_Definitions_hash_alg,
modBits: u32,
eBits: u32,
dBits: u32,
skey: *mut u64,
saltLen: u32,
salt: *mut u8,
msgLen: u32,
msg: *mut u8,
sgnt: *mut u8,
) -> bool;
}
extern "C" {
#[doc = "Verify the signature `sgnt` of a message `msg`.\n\n@param a Hash algorithm to use.\n@param modBits Count of bits in the modulus (`n`).\n@param eBits Count of bits in `e` value.\n@param pkey Pointer to public key created by `Hacl_RSAPSS_new_rsapss_load_pkey`.\n@param saltLen Length of salt.\n@param sgntLen Length of signature.\n@param sgnt Pointer to `sgntLen` bytes where the signature is read from.\n@param msgLen Length of message.\n@param msg Pointer to `msgLen` bytes where the message is read from.\n\n@return Returns true if and only if the signature is valid."]
pub fn Hacl_RSAPSS_rsapss_verify(
a: Spec_Hash_Definitions_hash_alg,
modBits: u32,
eBits: u32,
pkey: *mut u64,
saltLen: u32,
sgntLen: u32,
sgnt: *mut u8,
msgLen: u32,
msg: *mut u8,
) -> bool;
}
extern "C" {
#[doc = "Load a public key from key parts.\n\n@param modBits Count of bits in modulus (`n`).\n@param eBits Count of bits in `e` value.\n@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`) is read from.\n@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value is read from.\n\n@return Returns an allocated public key. Note: caller must take care to `free()` the created key."]
pub fn Hacl_RSAPSS_new_rsapss_load_pkey(
modBits: u32,
eBits: u32,
nb: *mut u8,
eb: *mut u8,
) -> *mut u64;
}
extern "C" {
#[doc = "Load a secret key from key parts.\n\n@param modBits Count of bits in modulus (`n`).\n@param eBits Count of bits in `e` value.\n@param dBits Count of bits in `d` value.\n@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`) is read from.\n@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value is read from.\n@param db Pointer to `ceil(modBits / 8)` bytes where the `d` value is read from.\n\n@return Returns an allocated secret key. Note: caller must take care to `free()` the created key."]
pub fn Hacl_RSAPSS_new_rsapss_load_skey(
modBits: u32,
eBits: u32,
dBits: u32,
nb: *mut u8,
eb: *mut u8,
db: *mut u8,
) -> *mut u64;
}
extern "C" {
#[doc = "Sign a message `msg` and write the signature to `sgnt`.\n\n@param a Hash algorithm to use.\n@param modBits Count of bits in the modulus (`n`).\n@param eBits Count of bits in `e` value.\n@param dBits Count of bits in `d` value.\n@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`) is read from.\n@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value is read from.\n@param db Pointer to `ceil(modBits / 8)` bytes where the `d` value is read from.\n@param saltLen Length of salt.\n@param salt Pointer to `saltLen` bytes where the salt is read from.\n@param msgLen Length of message.\n@param msg Pointer to `msgLen` bytes where the message is read from.\n@param sgnt Pointer to `ceil(modBits / 8)` bytes where the signature is written to.\n\n@return Returns true if and only if signing was successful."]
pub fn Hacl_RSAPSS_rsapss_skey_sign(
a: Spec_Hash_Definitions_hash_alg,
modBits: u32,
eBits: u32,
dBits: u32,
nb: *mut u8,
eb: *mut u8,
db: *mut u8,
saltLen: u32,
salt: *mut u8,
msgLen: u32,
msg: *mut u8,
sgnt: *mut u8,
) -> bool;
}
extern "C" {
#[doc = "Verify the signature `sgnt` of a message `msg`.\n\n@param a Hash algorithm to use.\n@param modBits Count of bits in the modulus (`n`).\n@param eBits Count of bits in `e` value.\n@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`) is read from.\n@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value is read from.\n@param saltLen Length of salt.\n@param sgntLen Length of signature.\n@param sgnt Pointer to `sgntLen` bytes where the signature is read from.\n@param msgLen Length of message.\n@param msg Pointer to `msgLen` bytes where the message is read from.\n\n@return Returns true if and only if the signature is valid."]
pub fn Hacl_RSAPSS_rsapss_pkey_verify(
a: Spec_Hash_Definitions_hash_alg,
modBits: u32,
eBits: u32,
nb: *mut u8,
eb: *mut u8,
saltLen: u32,
sgntLen: u32,
sgnt: *mut u8,
msgLen: u32,
msg: *mut u8,
) -> bool;
}
extern "C" {
#[doc = "The mask generation function defined in the Public Key Cryptography Standard #1\n(https://www.ietf.org/rfc/rfc2437.txt Section 10.2.1)"]
pub fn Hacl_RSAPSS_mgf_hash(
a: Spec_Hash_Definitions_hash_alg,
len: u32,
mgfseed: *mut u8,
maskLen: u32,
res: *mut u8,
);
}