1pub const Spec_FFDHE_FFDHE2048: u32 = 0;
4pub const Spec_FFDHE_FFDHE3072: u32 = 1;
5pub const Spec_FFDHE_FFDHE4096: u32 = 2;
6pub const Spec_FFDHE_FFDHE6144: u32 = 3;
7pub const Spec_FFDHE_FFDHE8192: u32 = 4;
8pub const Spec_Agile_AEAD_AES128_GCM: u32 = 0;
9pub const Spec_Agile_AEAD_AES256_GCM: u32 = 1;
10pub const Spec_Agile_AEAD_CHACHA20_POLY1305: u32 = 2;
11pub const Spec_Agile_AEAD_AES128_CCM: u32 = 3;
12pub const Spec_Agile_AEAD_AES256_CCM: u32 = 4;
13pub const Spec_Agile_AEAD_AES128_CCM8: u32 = 5;
14pub const Spec_Agile_AEAD_AES256_CCM8: u32 = 6;
15pub const EverCrypt_Error_Success: u32 = 0;
16pub const EverCrypt_Error_UnsupportedAlgorithm: u32 = 1;
17pub const EverCrypt_Error_InvalidKey: u32 = 2;
18pub const EverCrypt_Error_AuthenticationFailure: u32 = 3;
19pub const EverCrypt_Error_InvalidIVLength: u32 = 4;
20pub const EverCrypt_Error_DecodeError: u32 = 5;
21pub const EverCrypt_Error_MaximumLengthExceeded: u32 = 6;
22pub const Spec_Hash_Definitions_SHA2_224: u32 = 0;
23pub const Spec_Hash_Definitions_SHA2_256: u32 = 1;
24pub const Spec_Hash_Definitions_SHA2_384: u32 = 2;
25pub const Spec_Hash_Definitions_SHA2_512: u32 = 3;
26pub const Spec_Hash_Definitions_SHA1: u32 = 4;
27pub const Spec_Hash_Definitions_MD5: u32 = 5;
28pub const Spec_Hash_Definitions_Blake2S: u32 = 6;
29pub const Spec_Hash_Definitions_Blake2B: u32 = 7;
30pub const Spec_Hash_Definitions_SHA3_256: u32 = 8;
31pub const Spec_Hash_Definitions_SHA3_224: u32 = 9;
32pub const Spec_Hash_Definitions_SHA3_384: u32 = 10;
33pub const Spec_Hash_Definitions_SHA3_512: u32 = 11;
34pub const Spec_Hash_Definitions_Shake128: u32 = 12;
35pub const Spec_Hash_Definitions_Shake256: u32 = 13;
36pub type Spec_FFDHE_ffdhe_alg = u8;
37pub type Spec_Agile_AEAD_alg = u8;
38pub type EverCrypt_Error_error_code = u8;
39extern "C" {
40 #[doc = "Encrypt a message `m` with key `k`.\n\nThe arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption.\nNote: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory.\n\n@param k Pointer to 32 bytes of memory where the AEAD key is read from.\n@param n Pointer to 12 bytes of memory where the AEAD nonce is read from.\n@param aadlen Length of the associated data.\n@param aad Pointer to `aadlen` bytes of memory where the associated data is read from.\n\n@param mlen Length of the message.\n@param m Pointer to `mlen` bytes of memory where the message is read from.\n@param cipher Pointer to `mlen` bytes of memory where the ciphertext is written to.\n@param mac Pointer to 16 bytes of memory where the mac is written to."]
41 pub fn Hacl_Chacha20Poly1305_32_aead_encrypt(
42 k: *mut u8,
43 n: *mut u8,
44 aadlen: u32,
45 aad: *mut u8,
46 mlen: u32,
47 m: *mut u8,
48 cipher: *mut u8,
49 mac: *mut u8,
50 );
51}
52extern "C" {
53 #[doc = "Decrypt a ciphertext `cipher` with key `k`.\n\nThe arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption.\nNote: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory.\n\nIf decryption succeeds, the resulting plaintext is stored in `m` and the function returns the success code 0.\nIf decryption fails, the array `m` remains unchanged and the function returns the error code 1.\n\n@param k Pointer to 32 bytes of memory where the AEAD key is read from.\n@param n Pointer to 12 bytes of memory where the AEAD nonce is read from.\n@param aadlen Length of the associated data.\n@param aad Pointer to `aadlen` bytes of memory where the associated data is read from.\n\n@param mlen Length of the ciphertext.\n@param m Pointer to `mlen` bytes of memory where the message is written to.\n@param cipher Pointer to `mlen` bytes of memory where the ciphertext is read from.\n@param mac Pointer to 16 bytes of memory where the mac is read from.\n\n@returns 0 on succeess; 1 on failure."]
54 pub fn Hacl_Chacha20Poly1305_32_aead_decrypt(
55 k: *mut u8,
56 n: *mut u8,
57 aadlen: u32,
58 aad: *mut u8,
59 mlen: u32,
60 m: *mut u8,
61 cipher: *mut u8,
62 mac: *mut u8,
63 ) -> u32;
64}
65pub type uint32x4_t = [u32; 4usize];
66pub type Lib_IntVector_Intrinsics_vec128 = uint32x4_t;
67extern "C" {
68 #[doc = "Encrypt a message `m` with key `k`.\n\nThe arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption.\nNote: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory.\n\n@param k Pointer to 32 bytes of memory where the AEAD key is read from.\n@param n Pointer to 12 bytes of memory where the AEAD nonce is read from.\n@param aadlen Length of the associated data.\n@param aad Pointer to `aadlen` bytes of memory where the associated data is read from.\n\n@param mlen Length of the message.\n@param m Pointer to `mlen` bytes of memory where the message is read from.\n@param cipher Pointer to `mlen` bytes of memory where the ciphertext is written to.\n@param mac Pointer to 16 bytes of memory where the mac is written to."]
69 pub fn Hacl_Chacha20Poly1305_256_aead_encrypt(
70 k: *mut u8,
71 n: *mut u8,
72 aadlen: u32,
73 aad: *mut u8,
74 mlen: u32,
75 m: *mut u8,
76 cipher: *mut u8,
77 mac: *mut u8,
78 );
79}
80extern "C" {
81 #[doc = "Decrypt a ciphertext `cipher` with key `k`.\n\nThe arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption.\nNote: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory.\n\nIf decryption succeeds, the resulting plaintext is stored in `m` and the function returns the success code 0.\nIf decryption fails, the array `m` remains unchanged and the function returns the error code 1.\n\n@param k Pointer to 32 bytes of memory where the AEAD key is read from.\n@param n Pointer to 12 bytes of memory where the AEAD nonce is read from.\n@param aadlen Length of the associated data.\n@param aad Pointer to `aadlen` bytes of memory where the associated data is read from.\n\n@param mlen Length of the ciphertext.\n@param m Pointer to `mlen` bytes of memory where the message is written to.\n@param cipher Pointer to `mlen` bytes of memory where the ciphertext is read from.\n@param mac Pointer to 16 bytes of memory where the mac is read from.\n\n@returns 0 on succeess; 1 on failure."]
82 pub fn Hacl_Chacha20Poly1305_256_aead_decrypt(
83 k: *mut u8,
84 n: *mut u8,
85 aadlen: u32,
86 aad: *mut u8,
87 mlen: u32,
88 m: *mut u8,
89 cipher: *mut u8,
90 mac: *mut u8,
91 ) -> u32;
92}
93extern "C" {
94 #[doc = "Encrypt a message `m` with key `k`.\n\nThe arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption.\nNote: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory.\n\n@param k Pointer to 32 bytes of memory where the AEAD key is read from.\n@param n Pointer to 12 bytes of memory where the AEAD nonce is read from.\n@param aadlen Length of the associated data.\n@param aad Pointer to `aadlen` bytes of memory where the associated data is read from.\n\n@param mlen Length of the message.\n@param m Pointer to `mlen` bytes of memory where the message is read from.\n@param cipher Pointer to `mlen` bytes of memory where the ciphertext is written to.\n@param mac Pointer to 16 bytes of memory where the mac is written to."]
95 pub fn Hacl_Chacha20Poly1305_128_aead_encrypt(
96 k: *mut u8,
97 n: *mut u8,
98 aadlen: u32,
99 aad: *mut u8,
100 mlen: u32,
101 m: *mut u8,
102 cipher: *mut u8,
103 mac: *mut u8,
104 );
105}
106extern "C" {
107 #[doc = "Decrypt a ciphertext `cipher` with key `k`.\n\nThe arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption.\nNote: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory.\n\nIf decryption succeeds, the resulting plaintext is stored in `m` and the function returns the success code 0.\nIf decryption fails, the array `m` remains unchanged and the function returns the error code 1.\n\n@param k Pointer to 32 bytes of memory where the AEAD key is read from.\n@param n Pointer to 12 bytes of memory where the AEAD nonce is read from.\n@param aadlen Length of the associated data.\n@param aad Pointer to `aadlen` bytes of memory where the associated data is read from.\n\n@param mlen Length of the ciphertext.\n@param m Pointer to `mlen` bytes of memory where the message is written to.\n@param cipher Pointer to `mlen` bytes of memory where the ciphertext is read from.\n@param mac Pointer to 16 bytes of memory where the mac is read from.\n\n@returns 0 on succeess; 1 on failure."]
108 pub fn Hacl_Chacha20Poly1305_128_aead_decrypt(
109 k: *mut u8,
110 n: *mut u8,
111 aadlen: u32,
112 aad: *mut u8,
113 mlen: u32,
114 m: *mut u8,
115 cipher: *mut u8,
116 mac: *mut u8,
117 ) -> u32;
118}
119extern "C" {
120 pub fn EverCrypt_AutoConfig2_has_shaext() -> bool;
121}
122extern "C" {
123 pub fn EverCrypt_AutoConfig2_has_aesni() -> bool;
124}
125extern "C" {
126 pub fn EverCrypt_AutoConfig2_has_pclmulqdq() -> bool;
127}
128extern "C" {
129 pub fn EverCrypt_AutoConfig2_has_avx2() -> bool;
130}
131extern "C" {
132 pub fn EverCrypt_AutoConfig2_has_avx() -> bool;
133}
134extern "C" {
135 pub fn EverCrypt_AutoConfig2_has_bmi2() -> bool;
136}
137extern "C" {
138 pub fn EverCrypt_AutoConfig2_has_adx() -> bool;
139}
140extern "C" {
141 pub fn EverCrypt_AutoConfig2_has_sse() -> bool;
142}
143extern "C" {
144 pub fn EverCrypt_AutoConfig2_has_movbe() -> bool;
145}
146extern "C" {
147 pub fn EverCrypt_AutoConfig2_has_rdrand() -> bool;
148}
149extern "C" {
150 pub fn EverCrypt_AutoConfig2_has_avx512() -> bool;
151}
152extern "C" {
153 pub fn EverCrypt_AutoConfig2_recall();
154}
155extern "C" {
156 pub fn EverCrypt_AutoConfig2_init();
157}
158extern "C" {
159 pub fn EverCrypt_AutoConfig2_disable_avx2();
160}
161extern "C" {
162 pub fn EverCrypt_AutoConfig2_disable_avx();
163}
164extern "C" {
165 pub fn EverCrypt_AutoConfig2_disable_bmi2();
166}
167extern "C" {
168 pub fn EverCrypt_AutoConfig2_disable_adx();
169}
170extern "C" {
171 pub fn EverCrypt_AutoConfig2_disable_shaext();
172}
173extern "C" {
174 pub fn EverCrypt_AutoConfig2_disable_aesni();
175}
176extern "C" {
177 pub fn EverCrypt_AutoConfig2_disable_pclmulqdq();
178}
179extern "C" {
180 pub fn EverCrypt_AutoConfig2_disable_sse();
181}
182extern "C" {
183 pub fn EverCrypt_AutoConfig2_disable_movbe();
184}
185extern "C" {
186 pub fn EverCrypt_AutoConfig2_disable_rdrand();
187}
188extern "C" {
189 pub fn EverCrypt_AutoConfig2_disable_avx512();
190}
191extern "C" {
192 pub fn EverCrypt_AutoConfig2_has_vec128() -> bool;
193}
194extern "C" {
195 pub fn EverCrypt_AutoConfig2_has_vec256() -> bool;
196}
197extern "C" {
198 pub fn EverCrypt_AEAD_uu___is_Ek(
199 a: Spec_Agile_AEAD_alg,
200 projectee: EverCrypt_AEAD_state_s,
201 ) -> bool;
202}
203extern "C" {
204 #[doc = "Return the algorithm used in the AEAD state.\n\n@param s State of the AEAD algorithm.\n\n@return Algorithm used in the AEAD state."]
205 pub fn EverCrypt_AEAD_alg_of_state(s: *mut EverCrypt_AEAD_state_s) -> Spec_Agile_AEAD_alg;
206}
207extern "C" {
208 #[doc = "Create the required AEAD state for the algorithm.\n\nNote: The caller must free the AEAD state by calling `EverCrypt_AEAD_free`.\n\n@param a The argument `a` must be either of:\n `Spec_Agile_AEAD_AES128_GCM` (KEY_LEN=16),\n `Spec_Agile_AEAD_AES256_GCM` (KEY_LEN=32), or\n `Spec_Agile_AEAD_CHACHA20_POLY1305` (KEY_LEN=32).\n@param dst Pointer to a pointer where the address of the allocated AEAD state will be written to.\n@param k Pointer to `KEY_LEN` bytes of memory where the key is read from. The size depends on the used algorithm, see above.\n\n@return The function returns `EverCrypt_Error_Success` on success or\n`EverCrypt_Error_UnsupportedAlgorithm` in case of a bad algorithm identifier.\n(See `EverCrypt_Error.h`.)"]
209 pub fn EverCrypt_AEAD_create_in(
210 a: Spec_Agile_AEAD_alg,
211 dst: *mut *mut EverCrypt_AEAD_state_s,
212 k: *mut u8,
213 ) -> EverCrypt_Error_error_code;
214}
215extern "C" {
216 #[doc = "Encrypt and authenticate a message (`plain`) with associated data (`ad`).\n\n@param s Pointer to the The AEAD state created by `EverCrypt_AEAD_create_in`. It already contains the encryption key.\n@param iv Pointer to `iv_len` bytes of memory where the nonce is read from.\n@param iv_len Length of the nonce. Note: ChaCha20Poly1305 requires a 12 byte nonce.\n@param ad Pointer to `ad_len` bytes of memory where the associated data is read from.\n@param ad_len Length of the associated data.\n@param plain Pointer to `plain_len` bytes of memory where the to-be-encrypted plaintext is read from.\n@param plain_len Length of the to-be-encrypted plaintext.\n@param cipher Pointer to `plain_len` bytes of memory where the ciphertext is written to.\n@param tag Pointer to `TAG_LEN` bytes of memory where the tag is written to.\nThe length of the `tag` must be of a suitable length for the chosen algorithm:\n `Spec_Agile_AEAD_AES128_GCM` (TAG_LEN=16)\n `Spec_Agile_AEAD_AES256_GCM` (TAG_LEN=16)\n `Spec_Agile_AEAD_CHACHA20_POLY1305` (TAG_LEN=16)\n\n@return `EverCrypt_AEAD_encrypt` may return either `EverCrypt_Error_Success` or `EverCrypt_Error_InvalidKey` (`EverCrypt_error.h`). The latter is returned if and only if the `s` parameter is `NULL`."]
217 pub fn EverCrypt_AEAD_encrypt(
218 s: *mut EverCrypt_AEAD_state_s,
219 iv: *mut u8,
220 iv_len: u32,
221 ad: *mut u8,
222 ad_len: u32,
223 plain: *mut u8,
224 plain_len: u32,
225 cipher: *mut u8,
226 tag: *mut u8,
227 ) -> EverCrypt_Error_error_code;
228}
229extern "C" {
230 #[doc = "WARNING: this function doesn't perform any dynamic\nhardware check. You MUST make sure your hardware supports the\nimplementation of AESGCM. Besides, this function was not designed\nfor cross-compilation: if you compile it on a system which doesn't\nsupport Vale, it will compile it to a function which makes the\nprogram exit."]
231 pub fn EverCrypt_AEAD_encrypt_expand_aes128_gcm_no_check(
232 k: *mut u8,
233 iv: *mut u8,
234 iv_len: u32,
235 ad: *mut u8,
236 ad_len: u32,
237 plain: *mut u8,
238 plain_len: u32,
239 cipher: *mut u8,
240 tag: *mut u8,
241 ) -> EverCrypt_Error_error_code;
242}
243extern "C" {
244 #[doc = "WARNING: this function doesn't perform any dynamic\nhardware check. You MUST make sure your hardware supports the\nimplementation of AESGCM. Besides, this function was not designed\nfor cross-compilation: if you compile it on a system which doesn't\nsupport Vale, it will compile it to a function which makes the\nprogram exit."]
245 pub fn EverCrypt_AEAD_encrypt_expand_aes256_gcm_no_check(
246 k: *mut u8,
247 iv: *mut u8,
248 iv_len: u32,
249 ad: *mut u8,
250 ad_len: u32,
251 plain: *mut u8,
252 plain_len: u32,
253 cipher: *mut u8,
254 tag: *mut u8,
255 ) -> EverCrypt_Error_error_code;
256}
257extern "C" {
258 pub fn EverCrypt_AEAD_encrypt_expand_aes128_gcm(
259 k: *mut u8,
260 iv: *mut u8,
261 iv_len: u32,
262 ad: *mut u8,
263 ad_len: u32,
264 plain: *mut u8,
265 plain_len: u32,
266 cipher: *mut u8,
267 tag: *mut u8,
268 ) -> EverCrypt_Error_error_code;
269}
270extern "C" {
271 pub fn EverCrypt_AEAD_encrypt_expand_aes256_gcm(
272 k: *mut u8,
273 iv: *mut u8,
274 iv_len: u32,
275 ad: *mut u8,
276 ad_len: u32,
277 plain: *mut u8,
278 plain_len: u32,
279 cipher: *mut u8,
280 tag: *mut u8,
281 ) -> EverCrypt_Error_error_code;
282}
283extern "C" {
284 pub fn EverCrypt_AEAD_encrypt_expand_chacha20_poly1305(
285 k: *mut u8,
286 iv: *mut u8,
287 iv_len: u32,
288 ad: *mut u8,
289 ad_len: u32,
290 plain: *mut u8,
291 plain_len: u32,
292 cipher: *mut u8,
293 tag: *mut u8,
294 ) -> EverCrypt_Error_error_code;
295}
296extern "C" {
297 pub fn EverCrypt_AEAD_encrypt_expand(
298 a: Spec_Agile_AEAD_alg,
299 k: *mut u8,
300 iv: *mut u8,
301 iv_len: u32,
302 ad: *mut u8,
303 ad_len: u32,
304 plain: *mut u8,
305 plain_len: u32,
306 cipher: *mut u8,
307 tag: *mut u8,
308 ) -> EverCrypt_Error_error_code;
309}
310extern "C" {
311 #[doc = "Verify the authenticity of `ad` || `cipher` and decrypt `cipher` into `dst`.\n\n@param s Pointer to the The AEAD state created by `EverCrypt_AEAD_create_in`. It already contains the encryption key.\n@param iv Pointer to `iv_len` bytes of memory where the nonce is read from.\n@param iv_len Length of the nonce. Note: ChaCha20Poly1305 requires a 12 byte nonce.\n@param ad Pointer to `ad_len` bytes of memory where the associated data is read from.\n@param ad_len Length of the associated data.\n@param cipher Pointer to `cipher_len` bytes of memory where the ciphertext is read from.\n@param cipher_len Length of the ciphertext.\n@param tag Pointer to `TAG_LEN` bytes of memory where the tag is read from.\nThe length of the `tag` must be of a suitable length for the chosen algorithm:\n `Spec_Agile_AEAD_AES128_GCM` (TAG_LEN=16)\n `Spec_Agile_AEAD_AES256_GCM` (TAG_LEN=16)\n `Spec_Agile_AEAD_CHACHA20_POLY1305` (TAG_LEN=16)\n@param dst Pointer to `cipher_len` bytes of memory where the decrypted plaintext will be written to.\n\n@return `EverCrypt_AEAD_decrypt` returns ...\n\n `EverCrypt_Error_Success`\n\n... on success and either of ...\n\n `EverCrypt_Error_InvalidKey` (returned if and only if the `s` parameter is `NULL`),\n `EverCrypt_Error_InvalidIVLength` (see note about requirements on IV size above), or\n `EverCrypt_Error_AuthenticationFailure` (in case the ciphertext could not be authenticated, e.g., due to modifications)\n\n... on failure (`EverCrypt_error.h`).\n\nUpon success, the plaintext will be written into `dst`."]
312 pub fn EverCrypt_AEAD_decrypt(
313 s: *mut EverCrypt_AEAD_state_s,
314 iv: *mut u8,
315 iv_len: u32,
316 ad: *mut u8,
317 ad_len: u32,
318 cipher: *mut u8,
319 cipher_len: u32,
320 tag: *mut u8,
321 dst: *mut u8,
322 ) -> EverCrypt_Error_error_code;
323}
324extern "C" {
325 #[doc = "WARNING: this function doesn't perform any dynamic\nhardware check. You MUST make sure your hardware supports the\nimplementation of AESGCM. Besides, this function was not designed\nfor cross-compilation: if you compile it on a system which doesn't\nsupport Vale, it will compile it to a function which makes the\nprogram exit."]
326 pub fn EverCrypt_AEAD_decrypt_expand_aes128_gcm_no_check(
327 k: *mut u8,
328 iv: *mut u8,
329 iv_len: u32,
330 ad: *mut u8,
331 ad_len: u32,
332 cipher: *mut u8,
333 cipher_len: u32,
334 tag: *mut u8,
335 dst: *mut u8,
336 ) -> EverCrypt_Error_error_code;
337}
338extern "C" {
339 #[doc = "WARNING: this function doesn't perform any dynamic\nhardware check. You MUST make sure your hardware supports the\nimplementation of AESGCM. Besides, this function was not designed\nfor cross-compilation: if you compile it on a system which doesn't\nsupport Vale, it will compile it to a function which makes the\nprogram exit."]
340 pub fn EverCrypt_AEAD_decrypt_expand_aes256_gcm_no_check(
341 k: *mut u8,
342 iv: *mut u8,
343 iv_len: u32,
344 ad: *mut u8,
345 ad_len: u32,
346 cipher: *mut u8,
347 cipher_len: u32,
348 tag: *mut u8,
349 dst: *mut u8,
350 ) -> EverCrypt_Error_error_code;
351}
352extern "C" {
353 pub fn EverCrypt_AEAD_decrypt_expand_aes128_gcm(
354 k: *mut u8,
355 iv: *mut u8,
356 iv_len: u32,
357 ad: *mut u8,
358 ad_len: u32,
359 cipher: *mut u8,
360 cipher_len: u32,
361 tag: *mut u8,
362 dst: *mut u8,
363 ) -> EverCrypt_Error_error_code;
364}
365extern "C" {
366 pub fn EverCrypt_AEAD_decrypt_expand_aes256_gcm(
367 k: *mut u8,
368 iv: *mut u8,
369 iv_len: u32,
370 ad: *mut u8,
371 ad_len: u32,
372 cipher: *mut u8,
373 cipher_len: u32,
374 tag: *mut u8,
375 dst: *mut u8,
376 ) -> EverCrypt_Error_error_code;
377}
378extern "C" {
379 pub fn EverCrypt_AEAD_decrypt_expand_chacha20_poly1305(
380 k: *mut u8,
381 iv: *mut u8,
382 iv_len: u32,
383 ad: *mut u8,
384 ad_len: u32,
385 cipher: *mut u8,
386 cipher_len: u32,
387 tag: *mut u8,
388 dst: *mut u8,
389 ) -> EverCrypt_Error_error_code;
390}
391extern "C" {
392 pub fn EverCrypt_AEAD_decrypt_expand(
393 a: Spec_Agile_AEAD_alg,
394 k: *mut u8,
395 iv: *mut u8,
396 iv_len: u32,
397 ad: *mut u8,
398 ad_len: u32,
399 cipher: *mut u8,
400 cipher_len: u32,
401 tag: *mut u8,
402 dst: *mut u8,
403 ) -> EverCrypt_Error_error_code;
404}
405extern "C" {
406 #[doc = "Cleanup and free the AEAD state.\n\n@param s State of the AEAD algorithm."]
407 pub fn EverCrypt_AEAD_free(s: *mut EverCrypt_AEAD_state_s);
408}
409extern "C" {
410 #[doc = "Compute the scalar multiple of a point.\n\n@param out Pointer to 32 bytes of memory, allocated by the caller, where the resulting point is written to.\n@param priv Pointer to 32 bytes of memory where the secret/private key is read from.\n@param pub Pointer to 32 bytes of memory where the public point is read from."]
411 pub fn Hacl_Curve25519_64_scalarmult(out: *mut u8, priv_: *mut u8, pub_: *mut u8);
412}
413extern "C" {
414 #[doc = "Calculate a public point from a secret/private key.\n\nThis computes a scalar multiplication of the secret/private key with the curve's basepoint.\n\n@param pub Pointer to 32 bytes of memory, allocated by the caller, where the resulting point is written to.\n@param priv Pointer to 32 bytes of memory where the secret/private key is read from."]
415 pub fn Hacl_Curve25519_64_secret_to_public(pub_: *mut u8, priv_: *mut u8);
416}
417extern "C" {
418 #[doc = "Execute the diffie-hellmann key exchange.\n\n@param out Pointer to 32 bytes of memory, allocated by the caller, where the resulting point is written to.\n@param priv Pointer to 32 bytes of memory where **our** secret/private key is read from.\n@param pub Pointer to 32 bytes of memory where **their** public point is read from."]
419 pub fn Hacl_Curve25519_64_ecdh(out: *mut u8, priv_: *mut u8, pub_: *mut u8) -> bool;
420}
421extern "C" {
422 #[doc = "Compute the scalar multiple of a point.\n\n@param out Pointer to 32 bytes of memory, allocated by the caller, where the resulting point is written to.\n@param priv Pointer to 32 bytes of memory where the secret/private key is read from.\n@param pub Pointer to 32 bytes of memory where the public point is read from."]
423 pub fn Hacl_Curve25519_51_scalarmult(out: *mut u8, priv_: *mut u8, pub_: *mut u8);
424}
425extern "C" {
426 #[doc = "Calculate a public point from a secret/private key.\n\nThis computes a scalar multiplication of the secret/private key with the curve's basepoint.\n\n@param pub Pointer to 32 bytes of memory, allocated by the caller, where the resulting point is written to.\n@param priv Pointer to 32 bytes of memory where the secret/private key is read from."]
427 pub fn Hacl_Curve25519_51_secret_to_public(pub_: *mut u8, priv_: *mut u8);
428}
429extern "C" {
430 #[doc = "Execute the diffie-hellmann key exchange.\n\n@param out Pointer to 32 bytes of memory, allocated by the caller, where the resulting point is written to.\n@param priv Pointer to 32 bytes of memory where **our** secret/private key is read from.\n@param pub Pointer to 32 bytes of memory where **their** public point is read from."]
431 pub fn Hacl_Curve25519_51_ecdh(out: *mut u8, priv_: *mut u8, pub_: *mut u8) -> bool;
432}
433extern "C" {
434 #[doc = "Calculate a public point from a secret/private key.\n\nThis computes a scalar multiplication of the secret/private key with the curve's basepoint.\n\n@param pub Pointer to 32 bytes of memory where the resulting point is written to.\n@param priv Pointer to 32 bytes of memory where the secret/private key is read from."]
435 pub fn EverCrypt_Curve25519_secret_to_public(pub_: *mut u8, priv_: *mut u8);
436}
437extern "C" {
438 #[doc = "Compute the scalar multiple of a point.\n\n@param shared Pointer to 32 bytes of memory where the resulting point is written to.\n@param my_priv Pointer to 32 bytes of memory where the secret/private key is read from.\n@param their_pub Pointer to 32 bytes of memory where the public point is read from."]
439 pub fn EverCrypt_Curve25519_scalarmult(shared: *mut u8, my_priv: *mut u8, their_pub: *mut u8);
440}
441extern "C" {
442 #[doc = "Execute the diffie-hellmann key exchange.\n\n@param shared Pointer to 32 bytes of memory where the resulting point is written to.\n@param my_priv Pointer to 32 bytes of memory where **our** secret/private key is read from.\n@param their_pub Pointer to 32 bytes of memory where **their** public point is read from."]
443 pub fn EverCrypt_Curve25519_ecdh(shared: *mut u8, my_priv: *mut u8, their_pub: *mut u8)
444 -> bool;
445}
446pub type Spec_Hash_Definitions_hash_alg = u8;
447pub type Hacl_Streaming_Types_error_code = u8;
448#[repr(C)]
449#[derive(Debug, Copy, Clone)]
450pub struct Hacl_Streaming_MD_state_32_s {
451 pub block_state: *mut u32,
452 pub buf: *mut u8,
453 pub total_len: u64,
454}
455pub type Hacl_Streaming_MD_state_32 = Hacl_Streaming_MD_state_32_s;
456#[repr(C)]
457#[derive(Debug, Copy, Clone)]
458pub struct Hacl_Streaming_MD_state_64_s {
459 pub block_state: *mut u64,
460 pub buf: *mut u8,
461 pub total_len: u64,
462}
463pub type Hacl_Streaming_MD_state_64 = Hacl_Streaming_MD_state_64_s;
464pub type Hacl_Streaming_SHA2_state_sha2_224 = Hacl_Streaming_MD_state_32;
465pub type Hacl_Streaming_SHA2_state_sha2_256 = Hacl_Streaming_MD_state_32;
466pub type Hacl_Streaming_SHA2_state_sha2_384 = Hacl_Streaming_MD_state_64;
467pub type Hacl_Streaming_SHA2_state_sha2_512 = Hacl_Streaming_MD_state_64;
468extern "C" {
469 #[doc = "Allocate initial state for the SHA2_256 hash. The state is to be freed by\ncalling `free_256`."]
470 pub fn Hacl_Streaming_SHA2_create_in_256() -> *mut Hacl_Streaming_MD_state_32;
471}
472extern "C" {
473 #[doc = "Copies the state passed as argument into a newly allocated state (deep copy).\nThe state is to be freed by calling `free_256`. Cloning the state this way is\nuseful, for instance, if your control-flow diverges and you need to feed\nmore (different) data into the hash in each branch."]
474 pub fn Hacl_Streaming_SHA2_copy_256(
475 s0: *mut Hacl_Streaming_MD_state_32,
476 ) -> *mut Hacl_Streaming_MD_state_32;
477}
478extern "C" {
479 #[doc = "Reset an existing state to the initial hash state with empty data."]
480 pub fn Hacl_Streaming_SHA2_init_256(s: *mut Hacl_Streaming_MD_state_32);
481}
482extern "C" {
483 #[doc = "Feed an arbitrary amount of data into the hash. This function returns 0 for\nsuccess, or 1 if the combined length of all of the data passed to `update_256`\n(since the last call to `init_256`) exceeds 2^61-1 bytes.\n\nThis function is identical to the update function for SHA2_224."]
484 pub fn Hacl_Streaming_SHA2_update_256(
485 p: *mut Hacl_Streaming_MD_state_32,
486 input: *mut u8,
487 input_len: u32,
488 ) -> Hacl_Streaming_Types_error_code;
489}
490extern "C" {
491 #[doc = "Write the resulting hash into `dst`, an array of 32 bytes. The state remains\nvalid after a call to `finish_256`, meaning the user may feed more data into\nthe hash via `update_256`. (The finish_256 function operates on an internal copy of\nthe state and therefore does not invalidate the client-held state `p`.)"]
492 pub fn Hacl_Streaming_SHA2_finish_256(p: *mut Hacl_Streaming_MD_state_32, dst: *mut u8);
493}
494extern "C" {
495 #[doc = "Free a state allocated with `create_in_256`.\n\nThis function is identical to the free function for SHA2_224."]
496 pub fn Hacl_Streaming_SHA2_free_256(s: *mut Hacl_Streaming_MD_state_32);
497}
498extern "C" {
499 #[doc = "Hash `input`, of len `input_len`, into `dst`, an array of 32 bytes."]
500 pub fn Hacl_Streaming_SHA2_hash_256(input: *mut u8, input_len: u32, dst: *mut u8);
501}
502extern "C" {
503 pub fn Hacl_Streaming_SHA2_create_in_224() -> *mut Hacl_Streaming_MD_state_32;
504}
505extern "C" {
506 pub fn Hacl_Streaming_SHA2_init_224(s: *mut Hacl_Streaming_MD_state_32);
507}
508extern "C" {
509 pub fn Hacl_Streaming_SHA2_update_224(
510 p: *mut Hacl_Streaming_MD_state_32,
511 input: *mut u8,
512 input_len: u32,
513 ) -> Hacl_Streaming_Types_error_code;
514}
515extern "C" {
516 #[doc = "Write the resulting hash into `dst`, an array of 28 bytes. The state remains\nvalid after a call to `finish_224`, meaning the user may feed more data into\nthe hash via `update_224`."]
517 pub fn Hacl_Streaming_SHA2_finish_224(p: *mut Hacl_Streaming_MD_state_32, dst: *mut u8);
518}
519extern "C" {
520 pub fn Hacl_Streaming_SHA2_free_224(p: *mut Hacl_Streaming_MD_state_32);
521}
522extern "C" {
523 #[doc = "Hash `input`, of len `input_len`, into `dst`, an array of 28 bytes."]
524 pub fn Hacl_Streaming_SHA2_hash_224(input: *mut u8, input_len: u32, dst: *mut u8);
525}
526extern "C" {
527 pub fn Hacl_Streaming_SHA2_create_in_512() -> *mut Hacl_Streaming_MD_state_64;
528}
529extern "C" {
530 #[doc = "Copies the state passed as argument into a newly allocated state (deep copy).\nThe state is to be freed by calling `free_512`. Cloning the state this way is\nuseful, for instance, if your control-flow diverges and you need to feed\nmore (different) data into the hash in each branch."]
531 pub fn Hacl_Streaming_SHA2_copy_512(
532 s0: *mut Hacl_Streaming_MD_state_64,
533 ) -> *mut Hacl_Streaming_MD_state_64;
534}
535extern "C" {
536 pub fn Hacl_Streaming_SHA2_init_512(s: *mut Hacl_Streaming_MD_state_64);
537}
538extern "C" {
539 #[doc = "Feed an arbitrary amount of data into the hash. This function returns 0 for\nsuccess, or 1 if the combined length of all of the data passed to `update_512`\n(since the last call to `init_512`) exceeds 2^125-1 bytes.\n\nThis function is identical to the update function for SHA2_384."]
540 pub fn Hacl_Streaming_SHA2_update_512(
541 p: *mut Hacl_Streaming_MD_state_64,
542 input: *mut u8,
543 input_len: u32,
544 ) -> Hacl_Streaming_Types_error_code;
545}
546extern "C" {
547 #[doc = "Write the resulting hash into `dst`, an array of 64 bytes. The state remains\nvalid after a call to `finish_512`, meaning the user may feed more data into\nthe hash via `update_512`. (The finish_512 function operates on an internal copy of\nthe state and therefore does not invalidate the client-held state `p`.)"]
548 pub fn Hacl_Streaming_SHA2_finish_512(p: *mut Hacl_Streaming_MD_state_64, dst: *mut u8);
549}
550extern "C" {
551 #[doc = "Free a state allocated with `create_in_512`.\n\nThis function is identical to the free function for SHA2_384."]
552 pub fn Hacl_Streaming_SHA2_free_512(s: *mut Hacl_Streaming_MD_state_64);
553}
554extern "C" {
555 #[doc = "Hash `input`, of len `input_len`, into `dst`, an array of 64 bytes."]
556 pub fn Hacl_Streaming_SHA2_hash_512(input: *mut u8, input_len: u32, dst: *mut u8);
557}
558extern "C" {
559 pub fn Hacl_Streaming_SHA2_create_in_384() -> *mut Hacl_Streaming_MD_state_64;
560}
561extern "C" {
562 pub fn Hacl_Streaming_SHA2_init_384(s: *mut Hacl_Streaming_MD_state_64);
563}
564extern "C" {
565 pub fn Hacl_Streaming_SHA2_update_384(
566 p: *mut Hacl_Streaming_MD_state_64,
567 input: *mut u8,
568 input_len: u32,
569 ) -> Hacl_Streaming_Types_error_code;
570}
571extern "C" {
572 #[doc = "Write the resulting hash into `dst`, an array of 48 bytes. The state remains\nvalid after a call to `finish_384`, meaning the user may feed more data into\nthe hash via `update_384`."]
573 pub fn Hacl_Streaming_SHA2_finish_384(p: *mut Hacl_Streaming_MD_state_64, dst: *mut u8);
574}
575extern "C" {
576 pub fn Hacl_Streaming_SHA2_free_384(p: *mut Hacl_Streaming_MD_state_64);
577}
578extern "C" {
579 #[doc = "Hash `input`, of len `input_len`, into `dst`, an array of 48 bytes."]
580 pub fn Hacl_Streaming_SHA2_hash_384(input: *mut u8, input_len: u32, dst: *mut u8);
581}
582extern "C" {
583 #[doc = "Compute the public key from the private key.\n\nThe outparam `public_key` points to 32 bytes of valid memory, i.e., uint8_t[32].\nThe argument `private_key` points to 32 bytes of valid memory, i.e., uint8_t[32]."]
584 pub fn Hacl_Ed25519_secret_to_public(public_key: *mut u8, private_key: *mut u8);
585}
586extern "C" {
587 #[doc = "Compute the expanded keys for an Ed25519 signature.\n\nThe outparam `expanded_keys` points to 96 bytes of valid memory, i.e., uint8_t[96].\nThe argument `private_key` points to 32 bytes of valid memory, i.e., uint8_t[32].\n\nIf one needs to sign several messages under the same private key, it is more efficient\nto call `expand_keys` only once and `sign_expanded` multiple times, for each message."]
588 pub fn Hacl_Ed25519_expand_keys(expanded_keys: *mut u8, private_key: *mut u8);
589}
590extern "C" {
591 #[doc = "Create an Ed25519 signature with the (precomputed) expanded keys.\n\nThe outparam `signature` points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe argument `expanded_keys` points to 96 bytes of valid memory, i.e., uint8_t[96].\nThe argument `msg` points to `msg_len` bytes of valid memory, i.e., uint8_t[msg_len].\n\nThe argument `expanded_keys` is obtained through `expand_keys`.\n\nIf one needs to sign several messages under the same private key, it is more efficient\nto call `expand_keys` only once and `sign_expanded` multiple times, for each message."]
592 pub fn Hacl_Ed25519_sign_expanded(
593 signature: *mut u8,
594 expanded_keys: *mut u8,
595 msg_len: u32,
596 msg: *mut u8,
597 );
598}
599extern "C" {
600 #[doc = "Create an Ed25519 signature.\n\nThe outparam `signature` points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe argument `private_key` points to 32 bytes of valid memory, i.e., uint8_t[32].\nThe argument `msg` points to `msg_len` bytes of valid memory, i.e., uint8_t[msg_len].\n\nThe function first calls `expand_keys` and then invokes `sign_expanded`.\n\nIf one needs to sign several messages under the same private key, it is more efficient\nto call `expand_keys` only once and `sign_expanded` multiple times, for each message."]
601 pub fn Hacl_Ed25519_sign(signature: *mut u8, private_key: *mut u8, msg_len: u32, msg: *mut u8);
602}
603extern "C" {
604 #[doc = "Verify an Ed25519 signature.\n\nThe function returns `true` if the signature is valid and `false` otherwise.\n\nThe argument `public_key` points to 32 bytes of valid memory, i.e., uint8_t[32].\nThe argument `msg` points to `msg_len` bytes of valid memory, i.e., uint8_t[msg_len].\nThe argument `signature` points to 64 bytes of valid memory, i.e., uint8_t[64]."]
605 pub fn Hacl_Ed25519_verify(
606 public_key: *mut u8,
607 msg_len: u32,
608 msg: *mut u8,
609 signature: *mut u8,
610 ) -> bool;
611}
612extern "C" {
613 pub fn EverCrypt_Ed25519_secret_to_public(public_key: *mut u8, private_key: *mut u8);
614}
615extern "C" {
616 pub fn EverCrypt_Ed25519_expand_keys(expanded_keys: *mut u8, private_key: *mut u8);
617}
618extern "C" {
619 pub fn EverCrypt_Ed25519_sign_expanded(
620 signature: *mut u8,
621 expanded_keys: *mut u8,
622 msg_len: u32,
623 msg: *mut u8,
624 );
625}
626extern "C" {
627 pub fn EverCrypt_Ed25519_sign(
628 signature: *mut u8,
629 private_key: *mut u8,
630 msg_len: u32,
631 msg: *mut u8,
632 );
633}
634extern "C" {
635 pub fn EverCrypt_Ed25519_verify(
636 public_key: *mut u8,
637 msg_len: u32,
638 msg: *mut u8,
639 signature: *mut u8,
640 ) -> bool;
641}
642extern "C" {
643 #[doc = "Expand pseudorandom key to desired length.\n\n@param a Hash function to use. Usually, the same as used in `EverCrypt_HKDF_extract`.\n@param okm Pointer to `len` bytes of memory where output keying material is written to.\n@param prk Pointer to at least `HashLen` bytes of memory where pseudorandom key is read from. Usually, this points to the output from the extract step.\n@param prklen Length of pseudorandom key.\n@param info Pointer to `infolen` bytes of memory where context and application specific information is read from.\n@param infolen Length of context and application specific information. Can be 0.\n@param len Length of output keying material."]
644 pub fn EverCrypt_HKDF_expand(
645 a: Spec_Hash_Definitions_hash_alg,
646 okm: *mut u8,
647 prk: *mut u8,
648 prklen: u32,
649 info: *mut u8,
650 infolen: u32,
651 len: u32,
652 );
653}
654extern "C" {
655 #[doc = "Extract a fixed-length pseudorandom key from input keying material.\n\n@param a Hash function to use. The allowed values are:\n `Spec_Hash_Definitions_Blake2B` (`HashLen` = 64),\n `Spec_Hash_Definitions_Blake2S` (`HashLen` = 32),\n `Spec_Hash_Definitions_SHA2_256` (`HashLen` = 32),\n `Spec_Hash_Definitions_SHA2_384` (`HashLen` = 48),\n `Spec_Hash_Definitions_SHA2_512` (`HashLen` = 64), and\n `Spec_Hash_Definitions_SHA1` (`HashLen` = 20).\n@param prk Pointer to `HashLen` bytes of memory where pseudorandom key is written to.\n`HashLen` depends on the used algorithm `a`. See above.\n@param salt Pointer to `saltlen` bytes of memory where salt value is read from.\n@param saltlen Length of salt value.\n@param ikm Pointer to `ikmlen` bytes of memory where input keying material is read from.\n@param ikmlen Length of input keying material."]
656 pub fn EverCrypt_HKDF_extract(
657 a: Spec_Hash_Definitions_hash_alg,
658 prk: *mut u8,
659 salt: *mut u8,
660 saltlen: u32,
661 ikm: *mut u8,
662 ikmlen: u32,
663 );
664}
665extern "C" {
666 pub fn Hacl_Blake2b_32_blake2b_init(hash: *mut u64, kk: u32, nn: u32);
667}
668extern "C" {
669 pub fn Hacl_Blake2b_32_blake2b_update_key(
670 wv: *mut u64,
671 hash: *mut u64,
672 kk: u32,
673 k: *mut u8,
674 ll: u32,
675 );
676}
677extern "C" {
678 pub fn Hacl_Blake2b_32_blake2b_finish(nn: u32, output: *mut u8, hash: *mut u64);
679}
680extern "C" {
681 #[doc = "Write the BLAKE2b digest of message `d` using key `k` into `output`.\n\n@param nn Length of the to-be-generated digest with 1 <= `nn` <= 64.\n@param output Pointer to `nn` bytes of memory where the digest is written to.\n@param ll Length of the input message.\n@param d Pointer to `ll` bytes of memory where the input message is read from.\n@param kk Length of the key. Can be 0.\n@param k Pointer to `kk` bytes of memory where the key is read from."]
682 pub fn Hacl_Blake2b_32_blake2b(
683 nn: u32,
684 output: *mut u8,
685 ll: u32,
686 d: *mut u8,
687 kk: u32,
688 k: *mut u8,
689 );
690}
691extern "C" {
692 pub fn Hacl_Blake2b_32_blake2b_malloc() -> *mut u64;
693}
694extern "C" {
695 pub fn Hacl_Blake2s_32_blake2s_init(hash: *mut u32, kk: u32, nn: u32);
696}
697extern "C" {
698 pub fn Hacl_Blake2s_32_blake2s_update_key(
699 wv: *mut u32,
700 hash: *mut u32,
701 kk: u32,
702 k: *mut u8,
703 ll: u32,
704 );
705}
706extern "C" {
707 pub fn Hacl_Blake2s_32_blake2s_update_multi(
708 len: u32,
709 wv: *mut u32,
710 hash: *mut u32,
711 prev: u64,
712 blocks: *mut u8,
713 nb: u32,
714 );
715}
716extern "C" {
717 pub fn Hacl_Blake2s_32_blake2s_update_last(
718 len: u32,
719 wv: *mut u32,
720 hash: *mut u32,
721 prev: u64,
722 rem: u32,
723 d: *mut u8,
724 );
725}
726extern "C" {
727 pub fn Hacl_Blake2s_32_blake2s_finish(nn: u32, output: *mut u8, hash: *mut u32);
728}
729extern "C" {
730 #[doc = "Write the BLAKE2s digest of message `d` using key `k` into `output`.\n\n@param nn Length of to-be-generated digest with 1 <= `nn` <= 32.\n@param output Pointer to `nn` bytes of memory where the digest is written to.\n@param ll Length of the input message.\n@param d Pointer to `ll` bytes of memory where the input message is read from.\n@param kk Length of the key. Can be 0.\n@param k Pointer to `kk` bytes of memory where the key is read from."]
731 pub fn Hacl_Blake2s_32_blake2s(
732 nn: u32,
733 output: *mut u8,
734 ll: u32,
735 d: *mut u8,
736 kk: u32,
737 k: *mut u8,
738 );
739}
740extern "C" {
741 pub fn Hacl_Blake2s_32_blake2s_malloc() -> *mut u32;
742}
743extern "C" {
744 pub fn EverCrypt_HMAC_is_supported_alg(uu___: Spec_Hash_Definitions_hash_alg) -> bool;
745}
746extern "C" {
747 pub fn EverCrypt_HMAC_compute(
748 a: Spec_Hash_Definitions_hash_alg,
749 mac: *mut u8,
750 key: *mut u8,
751 keylen: u32,
752 data: *mut u8,
753 datalen: u32,
754 );
755}
756#[repr(C)]
757#[derive(Debug, Copy, Clone)]
758pub struct Hacl_Streaming_Keccak_hash_buf_s {
759 pub fst: Spec_Hash_Definitions_hash_alg,
760 pub snd: *mut u64,
761}
762pub type Hacl_Streaming_Keccak_hash_buf = Hacl_Streaming_Keccak_hash_buf_s;
763#[repr(C)]
764#[derive(Debug, Copy, Clone)]
765pub struct Hacl_Streaming_Keccak_state_s {
766 pub block_state: Hacl_Streaming_Keccak_hash_buf,
767 pub buf: *mut u8,
768 pub total_len: u64,
769}
770pub type Hacl_Streaming_Keccak_state = Hacl_Streaming_Keccak_state_s;
771extern "C" {
772 pub fn Hacl_Streaming_Keccak_get_alg(
773 s: *mut Hacl_Streaming_Keccak_state,
774 ) -> Spec_Hash_Definitions_hash_alg;
775}
776extern "C" {
777 pub fn Hacl_Streaming_Keccak_malloc(
778 a: Spec_Hash_Definitions_hash_alg,
779 ) -> *mut Hacl_Streaming_Keccak_state;
780}
781extern "C" {
782 pub fn Hacl_Streaming_Keccak_free(s: *mut Hacl_Streaming_Keccak_state);
783}
784extern "C" {
785 pub fn Hacl_Streaming_Keccak_copy(
786 s0: *mut Hacl_Streaming_Keccak_state,
787 ) -> *mut Hacl_Streaming_Keccak_state;
788}
789extern "C" {
790 pub fn Hacl_Streaming_Keccak_reset(s: *mut Hacl_Streaming_Keccak_state);
791}
792extern "C" {
793 pub fn Hacl_Streaming_Keccak_update(
794 p: *mut Hacl_Streaming_Keccak_state,
795 data: *mut u8,
796 len: u32,
797 ) -> Hacl_Streaming_Types_error_code;
798}
799extern "C" {
800 pub fn Hacl_Streaming_Keccak_finish(
801 s: *mut Hacl_Streaming_Keccak_state,
802 dst: *mut u8,
803 ) -> Hacl_Streaming_Types_error_code;
804}
805extern "C" {
806 pub fn Hacl_Streaming_Keccak_squeeze(
807 s: *mut Hacl_Streaming_Keccak_state,
808 dst: *mut u8,
809 l: u32,
810 ) -> Hacl_Streaming_Types_error_code;
811}
812extern "C" {
813 pub fn Hacl_Streaming_Keccak_block_len(s: *mut Hacl_Streaming_Keccak_state) -> u32;
814}
815extern "C" {
816 pub fn Hacl_Streaming_Keccak_hash_len(s: *mut Hacl_Streaming_Keccak_state) -> u32;
817}
818extern "C" {
819 pub fn Hacl_Streaming_Keccak_is_shake(s: *mut Hacl_Streaming_Keccak_state) -> bool;
820}
821extern "C" {
822 pub fn Hacl_SHA3_shake128_hacl(
823 inputByteLen: u32,
824 input: *mut u8,
825 outputByteLen: u32,
826 output: *mut u8,
827 );
828}
829extern "C" {
830 pub fn Hacl_SHA3_shake256_hacl(
831 inputByteLen: u32,
832 input: *mut u8,
833 outputByteLen: u32,
834 output: *mut u8,
835 );
836}
837extern "C" {
838 pub fn Hacl_SHA3_sha3_224(inputByteLen: u32, input: *mut u8, output: *mut u8);
839}
840extern "C" {
841 pub fn Hacl_SHA3_sha3_256(inputByteLen: u32, input: *mut u8, output: *mut u8);
842}
843extern "C" {
844 pub fn Hacl_SHA3_sha3_384(inputByteLen: u32, input: *mut u8, output: *mut u8);
845}
846extern "C" {
847 pub fn Hacl_SHA3_sha3_512(inputByteLen: u32, input: *mut u8, output: *mut u8);
848}
849extern "C" {
850 pub fn Hacl_Blake2s_128_blake2s_init(
851 hash: *mut Lib_IntVector_Intrinsics_vec128,
852 kk: u32,
853 nn: u32,
854 );
855}
856extern "C" {
857 pub fn Hacl_Blake2s_128_blake2s_update_key(
858 wv: *mut Lib_IntVector_Intrinsics_vec128,
859 hash: *mut Lib_IntVector_Intrinsics_vec128,
860 kk: u32,
861 k: *mut u8,
862 ll: u32,
863 );
864}
865extern "C" {
866 pub fn Hacl_Blake2s_128_blake2s_update_multi(
867 len: u32,
868 wv: *mut Lib_IntVector_Intrinsics_vec128,
869 hash: *mut Lib_IntVector_Intrinsics_vec128,
870 prev: u64,
871 blocks: *mut u8,
872 nb: u32,
873 );
874}
875extern "C" {
876 pub fn Hacl_Blake2s_128_blake2s_update_last(
877 len: u32,
878 wv: *mut Lib_IntVector_Intrinsics_vec128,
879 hash: *mut Lib_IntVector_Intrinsics_vec128,
880 prev: u64,
881 rem: u32,
882 d: *mut u8,
883 );
884}
885extern "C" {
886 pub fn Hacl_Blake2s_128_blake2s_finish(
887 nn: u32,
888 output: *mut u8,
889 hash: *mut Lib_IntVector_Intrinsics_vec128,
890 );
891}
892extern "C" {
893 #[doc = "Write the BLAKE2s digest of message `d` using key `k` into `output`.\n\n@param nn Length of to-be-generated digest with 1 <= `nn` <= 32.\n@param output Pointer to `nn` bytes of memory where the digest is written to.\n@param ll Length of the input message.\n@param d Pointer to `ll` bytes of memory where the input message is read from.\n@param kk Length of the key. Can be 0.\n@param k Pointer to `kk` bytes of memory where the key is read from."]
894 pub fn Hacl_Blake2s_128_blake2s(
895 nn: u32,
896 output: *mut u8,
897 ll: u32,
898 d: *mut u8,
899 kk: u32,
900 k: *mut u8,
901 );
902}
903extern "C" {
904 pub fn Hacl_Blake2s_128_store_state128s_to_state32(
905 st32: *mut u32,
906 st: *mut Lib_IntVector_Intrinsics_vec128,
907 );
908}
909extern "C" {
910 pub fn Hacl_Blake2s_128_load_state128s_from_state32(
911 st: *mut Lib_IntVector_Intrinsics_vec128,
912 st32: *mut u32,
913 );
914}
915extern "C" {
916 pub fn Hacl_Blake2s_128_blake2s_malloc() -> *mut Lib_IntVector_Intrinsics_vec128;
917}
918extern "C" {
919 pub fn Hacl_Blake2b_256_blake2b_init(hash: *mut *mut ::std::os::raw::c_void, kk: u32, nn: u32);
920}
921extern "C" {
922 pub fn Hacl_Blake2b_256_blake2b_update_key(
923 wv: *mut *mut ::std::os::raw::c_void,
924 hash: *mut *mut ::std::os::raw::c_void,
925 kk: u32,
926 k: *mut u8,
927 ll: u32,
928 );
929}
930extern "C" {
931 pub fn Hacl_Blake2b_256_blake2b_finish(
932 nn: u32,
933 output: *mut u8,
934 hash: *mut *mut ::std::os::raw::c_void,
935 );
936}
937extern "C" {
938 #[doc = "Write the BLAKE2b digest of message `d` using key `k` into `output`.\n\n@param nn Length of the to-be-generated digest with 1 <= `nn` <= 64.\n@param output Pointer to `nn` bytes of memory where the digest is written to.\n@param ll Length of the input message.\n@param d Pointer to `ll` bytes of memory where the input message is read from.\n@param kk Length of the key. Can be 0.\n@param k Pointer to `kk` bytes of memory where the key is read from."]
939 pub fn Hacl_Blake2b_256_blake2b(
940 nn: u32,
941 output: *mut u8,
942 ll: u32,
943 d: *mut u8,
944 kk: u32,
945 k: *mut u8,
946 );
947}
948extern "C" {
949 pub fn Hacl_Blake2b_256_load_state256b_from_state32(
950 st: *mut *mut ::std::os::raw::c_void,
951 st32: *mut u64,
952 );
953}
954extern "C" {
955 pub fn Hacl_Blake2b_256_store_state256b_to_state32(
956 st32: *mut u64,
957 st: *mut *mut ::std::os::raw::c_void,
958 );
959}
960extern "C" {
961 pub fn Hacl_Blake2b_256_blake2b_malloc() -> *mut *mut ::std::os::raw::c_void;
962}
963#[repr(C)]
964#[derive(Debug, Copy, Clone)]
965pub struct EverCrypt_Hash_state_s_s {
966 _unused: [u8; 0],
967}
968pub type EverCrypt_Hash_state_s = EverCrypt_Hash_state_s_s;
969extern "C" {
970 pub fn EverCrypt_Hash_Incremental_hash_len(a: Spec_Hash_Definitions_hash_alg) -> u32;
971}
972#[repr(C)]
973#[derive(Debug, Copy, Clone)]
974pub struct EverCrypt_Hash_Incremental_hash_state_s {
975 pub block_state: *mut EverCrypt_Hash_state_s,
976 pub buf: *mut u8,
977 pub total_len: u64,
978}
979pub type EverCrypt_Hash_Incremental_hash_state = EverCrypt_Hash_Incremental_hash_state_s;
980extern "C" {
981 #[doc = "Allocate initial state for the agile hash. The argument `a` stands for the\nchoice of algorithm (see Hacl_Spec.h). This API will automatically pick the most\nefficient implementation, provided you have called EverCrypt_AutoConfig2_init()\nbefore. The state is to be freed by calling `free`."]
982 pub fn EverCrypt_Hash_Incremental_create_in(
983 a: Spec_Hash_Definitions_hash_alg,
984 ) -> *mut EverCrypt_Hash_Incremental_hash_state;
985}
986extern "C" {
987 #[doc = "Reset an existing state to the initial hash state with empty data."]
988 pub fn EverCrypt_Hash_Incremental_init(s: *mut EverCrypt_Hash_Incremental_hash_state);
989}
990extern "C" {
991 #[doc = "Feed an arbitrary amount of data into the hash. This function returns\nEverCrypt_Error_Success for success, or EverCrypt_Error_MaximumLengthExceeded if\nthe combined length of all of the data passed to `update` (since the last call\nto `init`) exceeds 2^61-1 bytes or 2^64-1 bytes, depending on the choice of\nalgorithm. Both limits are unlikely to be attained in practice."]
992 pub fn EverCrypt_Hash_Incremental_update(
993 s: *mut EverCrypt_Hash_Incremental_hash_state,
994 data: *mut u8,
995 len: u32,
996 ) -> EverCrypt_Error_error_code;
997}
998extern "C" {
999 #[doc = "Perform a run-time test to determine which algorithm was chosen for the given piece of state."]
1000 pub fn EverCrypt_Hash_Incremental_alg_of_state(
1001 s: *mut EverCrypt_Hash_Incremental_hash_state,
1002 ) -> Spec_Hash_Definitions_hash_alg;
1003}
1004extern "C" {
1005 #[doc = "Write the resulting hash into `dst`, an array whose length is\nalgorithm-specific. You can use the macros defined earlier in this file to\nallocate a destination buffer of the right length. The state remains valid after\na call to `finish`, meaning the user may feed more data into the hash via\n`update`. (The finish function operates on an internal copy of the state and\ntherefore does not invalidate the client-held state.)"]
1006 pub fn EverCrypt_Hash_Incremental_finish(
1007 s: *mut EverCrypt_Hash_Incremental_hash_state,
1008 dst: *mut u8,
1009 );
1010}
1011extern "C" {
1012 #[doc = "Free a state previously allocated with `create_in`."]
1013 pub fn EverCrypt_Hash_Incremental_free(s: *mut EverCrypt_Hash_Incremental_hash_state);
1014}
1015extern "C" {
1016 #[doc = "Hash `input`, of len `len`, into `dst`, an array whose length is determined by\nyour choice of algorithm `a` (see Hacl_Spec.h). You can use the macros defined\nearlier in this file to allocate a destination buffer of the right length. This\nAPI will automatically pick the most efficient implementation, provided you have\ncalled EverCrypt_AutoConfig2_init() before."]
1017 pub fn EverCrypt_Hash_Incremental_hash(
1018 a: Spec_Hash_Definitions_hash_alg,
1019 dst: *mut u8,
1020 input: *mut u8,
1021 len: u32,
1022 );
1023}
1024#[repr(C)]
1025#[derive(Debug, Copy, Clone)]
1026pub struct Hacl_Bignum_MontArithmetic_bn_mont_ctx_u64_s {
1027 pub len: u32,
1028 pub n: *mut u64,
1029 pub mu: u64,
1030 pub r2: *mut u64,
1031}
1032pub type Hacl_Bignum_MontArithmetic_bn_mont_ctx_u64 = Hacl_Bignum_MontArithmetic_bn_mont_ctx_u64_s;
1033extern "C" {
1034 #[doc = "Write `a + b mod 2 ^ (64 * len)` in `res`.\n\nThis functions returns the carry.\n\nThe arguments a, b and the outparam res are meant to be `len` limbs in size, i.e. uint64_t[len]"]
1035 pub fn Hacl_Bignum64_add(len: u32, a: *mut u64, b: *mut u64, res: *mut u64) -> u64;
1036}
1037extern "C" {
1038 #[doc = "Write `a - b mod 2 ^ (64 * len)` in `res`.\n\nThis functions returns the carry.\n\nThe arguments a, b and the outparam res are meant to be `len` limbs in size, i.e. uint64_t[len]"]
1039 pub fn Hacl_Bignum64_sub(len: u32, a: *mut u64, b: *mut u64, res: *mut u64) -> u64;
1040}
1041extern "C" {
1042 #[doc = "Write `(a + b) mod n` in `res`.\n\nThe arguments a, b, n and the outparam res are meant to be `len` limbs in size, i.e. uint64_t[len].\n\nBefore calling this function, the caller will need to ensure that the following\npreconditions are observed.\n• a < n\n• b < n"]
1043 pub fn Hacl_Bignum64_add_mod(len: u32, n: *mut u64, a: *mut u64, b: *mut u64, res: *mut u64);
1044}
1045extern "C" {
1046 #[doc = "Write `(a - b) mod n` in `res`.\n\nThe arguments a, b, n and the outparam res are meant to be `len` limbs in size, i.e. uint64_t[len].\n\nBefore calling this function, the caller will need to ensure that the following\npreconditions are observed.\n• a < n\n• b < n"]
1047 pub fn Hacl_Bignum64_sub_mod(len: u32, n: *mut u64, a: *mut u64, b: *mut u64, res: *mut u64);
1048}
1049extern "C" {
1050 #[doc = "Write `a * b` in `res`.\n\nThe arguments a and b are meant to be `len` limbs in size, i.e. uint64_t[len].\nThe outparam res is meant to be `2*len` limbs in size, i.e. uint64_t[2*len]."]
1051 pub fn Hacl_Bignum64_mul(len: u32, a: *mut u64, b: *mut u64, res: *mut u64);
1052}
1053extern "C" {
1054 #[doc = "Write `a * a` in `res`.\n\nThe argument a is meant to be `len` limbs in size, i.e. uint64_t[len].\nThe outparam res is meant to be `2*len` limbs in size, i.e. uint64_t[2*len]."]
1055 pub fn Hacl_Bignum64_sqr(len: u32, a: *mut u64, res: *mut u64);
1056}
1057extern "C" {
1058 #[doc = "Write `a mod n` in `res`.\n\nThe argument a is meant to be `2*len` limbs in size, i.e. uint64_t[2*len].\nThe argument n and the outparam res are meant to be `len` limbs in size, i.e. uint64_t[len].\n\nThe function returns false if any of the following preconditions are violated,\ntrue otherwise.\n• 1 < n\n• n % 2 = 1"]
1059 pub fn Hacl_Bignum64_mod(len: u32, n: *mut u64, a: *mut u64, res: *mut u64) -> bool;
1060}
1061extern "C" {
1062 #[doc = "Write `a ^ b mod n` in `res`.\n\nThe arguments a, n and the outparam res are meant to be `len` limbs in size, i.e. uint64_t[len].\n\nThe argument b is a bignum of any size, and bBits is an upper bound on the\nnumber of significant bits of b. A tighter bound results in faster execution\ntime. When in doubt, the number of bits for the bignum size is always a safe\ndefault, e.g. if b is a 4096-bit bignum, bBits should be 4096.\n\nThe function is *NOT* constant-time on the argument b. See the\nmod_exp_consttime_* functions for constant-time variants.\n\nThe function returns false if any of the following preconditions are violated,\ntrue otherwise.\n• n % 2 = 1\n• 1 < n\n• b < pow2 bBits\n• a < n"]
1063 pub fn Hacl_Bignum64_mod_exp_vartime(
1064 len: u32,
1065 n: *mut u64,
1066 a: *mut u64,
1067 bBits: u32,
1068 b: *mut u64,
1069 res: *mut u64,
1070 ) -> bool;
1071}
1072extern "C" {
1073 #[doc = "Write `a ^ b mod n` in `res`.\n\nThe arguments a, n and the outparam res are meant to be `len` limbs in size, i.e. uint64_t[len].\n\nThe argument b is a bignum of any size, and bBits is an upper bound on the\nnumber of significant bits of b. A tighter bound results in faster execution\ntime. When in doubt, the number of bits for the bignum size is always a safe\ndefault, e.g. if b is a 4096-bit bignum, bBits should be 4096.\n\nThis function is constant-time over its argument b, at the cost of a slower\nexecution time than mod_exp_vartime.\n\nThe function returns false if any of the following preconditions are violated,\ntrue otherwise.\n• n % 2 = 1\n• 1 < n\n• b < pow2 bBits\n• a < n"]
1074 pub fn Hacl_Bignum64_mod_exp_consttime(
1075 len: u32,
1076 n: *mut u64,
1077 a: *mut u64,
1078 bBits: u32,
1079 b: *mut u64,
1080 res: *mut u64,
1081 ) -> bool;
1082}
1083extern "C" {
1084 #[doc = "Write `a ^ (-1) mod n` in `res`.\n\nThe arguments a, n and the outparam res are meant to be `len` limbs in size, i.e. uint64_t[len].\n\nBefore calling this function, the caller will need to ensure that the following\npreconditions are observed.\n• n is a prime\n\nThe function returns false if any of the following preconditions are violated,\ntrue otherwise.\n• n % 2 = 1\n• 1 < n\n• 0 < a\n• a < n"]
1085 pub fn Hacl_Bignum64_mod_inv_prime_vartime(
1086 len: u32,
1087 n: *mut u64,
1088 a: *mut u64,
1089 res: *mut u64,
1090 ) -> bool;
1091}
1092extern "C" {
1093 #[doc = "Heap-allocate and initialize a montgomery context.\n\nThe argument n is meant to be `len` limbs in size, i.e. uint64_t[len].\n\nBefore calling this function, the caller will need to ensure that the following\npreconditions are observed.\n• n % 2 = 1\n• 1 < n\n\nThe caller will need to call Hacl_Bignum64_mont_ctx_free on the return value\nto avoid memory leaks."]
1094 pub fn Hacl_Bignum64_mont_ctx_init(
1095 len: u32,
1096 n: *mut u64,
1097 ) -> *mut Hacl_Bignum_MontArithmetic_bn_mont_ctx_u64;
1098}
1099extern "C" {
1100 #[doc = "Deallocate the memory previously allocated by Hacl_Bignum64_mont_ctx_init.\n\nThe argument k is a montgomery context obtained through Hacl_Bignum64_mont_ctx_init."]
1101 pub fn Hacl_Bignum64_mont_ctx_free(k: *mut Hacl_Bignum_MontArithmetic_bn_mont_ctx_u64);
1102}
1103extern "C" {
1104 #[doc = "Write `a mod n` in `res`.\n\nThe argument a is meant to be `2*len` limbs in size, i.e. uint64_t[2*len].\nThe outparam res is meant to be `len` limbs in size, i.e. uint64_t[len].\nThe argument k is a montgomery context obtained through Hacl_Bignum64_mont_ctx_init."]
1105 pub fn Hacl_Bignum64_mod_precomp(
1106 k: *mut Hacl_Bignum_MontArithmetic_bn_mont_ctx_u64,
1107 a: *mut u64,
1108 res: *mut u64,
1109 );
1110}
1111extern "C" {
1112 #[doc = "Write `a ^ b mod n` in `res`.\n\nThe arguments a and the outparam res are meant to be `len` limbs in size, i.e. uint64_t[len].\nThe argument k is a montgomery context obtained through Hacl_Bignum64_mont_ctx_init.\n\nThe argument b is a bignum of any size, and bBits is an upper bound on the\nnumber of significant bits of b. A tighter bound results in faster execution\ntime. When in doubt, the number of bits for the bignum size is always a safe\ndefault, e.g. if b is a 4096-bit bignum, bBits should be 4096.\n\nThe function is *NOT* constant-time on the argument b. See the\nmod_exp_consttime_* functions for constant-time variants.\n\nBefore calling this function, the caller will need to ensure that the following\npreconditions are observed.\n• b < pow2 bBits\n• a < n"]
1113 pub fn Hacl_Bignum64_mod_exp_vartime_precomp(
1114 k: *mut Hacl_Bignum_MontArithmetic_bn_mont_ctx_u64,
1115 a: *mut u64,
1116 bBits: u32,
1117 b: *mut u64,
1118 res: *mut u64,
1119 );
1120}
1121extern "C" {
1122 #[doc = "Write `a ^ b mod n` in `res`.\n\nThe arguments a and the outparam res are meant to be `len` limbs in size, i.e. uint64_t[len].\nThe argument k is a montgomery context obtained through Hacl_Bignum64_mont_ctx_init.\n\nThe argument b is a bignum of any size, and bBits is an upper bound on the\nnumber of significant bits of b. A tighter bound results in faster execution\ntime. When in doubt, the number of bits for the bignum size is always a safe\ndefault, e.g. if b is a 4096-bit bignum, bBits should be 4096.\n\nThis function is constant-time over its argument b, at the cost of a slower\nexecution time than mod_exp_vartime_*.\n\nBefore calling this function, the caller will need to ensure that the following\npreconditions are observed.\n• b < pow2 bBits\n• a < n"]
1123 pub fn Hacl_Bignum64_mod_exp_consttime_precomp(
1124 k: *mut Hacl_Bignum_MontArithmetic_bn_mont_ctx_u64,
1125 a: *mut u64,
1126 bBits: u32,
1127 b: *mut u64,
1128 res: *mut u64,
1129 );
1130}
1131extern "C" {
1132 #[doc = "Write `a ^ (-1) mod n` in `res`.\n\nThe argument a and the outparam res are meant to be `len` limbs in size, i.e. uint64_t[len].\nThe argument k is a montgomery context obtained through Hacl_Bignum64_mont_ctx_init.\n\nBefore calling this function, the caller will need to ensure that the following\npreconditions are observed.\n• n is a prime\n• 0 < a\n• a < n"]
1133 pub fn Hacl_Bignum64_mod_inv_prime_vartime_precomp(
1134 k: *mut Hacl_Bignum_MontArithmetic_bn_mont_ctx_u64,
1135 a: *mut u64,
1136 res: *mut u64,
1137 );
1138}
1139extern "C" {
1140 #[doc = "Load a bid-endian bignum from memory.\n\nThe argument b points to `len` bytes of valid memory.\nThe function returns a heap-allocated bignum of size sufficient to hold the\nresult of loading b, or NULL if either the allocation failed, or the amount of\nrequired memory would exceed 4GB.\n\nIf the return value is non-null, clients must eventually call free(3) on it to\navoid memory leaks."]
1141 pub fn Hacl_Bignum64_new_bn_from_bytes_be(len: u32, b: *mut u8) -> *mut u64;
1142}
1143extern "C" {
1144 #[doc = "Load a little-endian bignum from memory.\n\nThe argument b points to `len` bytes of valid memory.\nThe function returns a heap-allocated bignum of size sufficient to hold the\nresult of loading b, or NULL if either the allocation failed, or the amount of\nrequired memory would exceed 4GB.\n\nIf the return value is non-null, clients must eventually call free(3) on it to\navoid memory leaks."]
1145 pub fn Hacl_Bignum64_new_bn_from_bytes_le(len: u32, b: *mut u8) -> *mut u64;
1146}
1147extern "C" {
1148 #[doc = "Serialize a bignum into big-endian memory.\n\nThe argument b points to a bignum of ⌈len / 8⌉ size.\nThe outparam res points to `len` bytes of valid memory."]
1149 pub fn Hacl_Bignum64_bn_to_bytes_be(len: u32, b: *mut u64, res: *mut u8);
1150}
1151extern "C" {
1152 #[doc = "Serialize a bignum into little-endian memory.\n\nThe argument b points to a bignum of ⌈len / 8⌉ size.\nThe outparam res points to `len` bytes of valid memory."]
1153 pub fn Hacl_Bignum64_bn_to_bytes_le(len: u32, b: *mut u64, res: *mut u8);
1154}
1155extern "C" {
1156 #[doc = "Returns 2^64 - 1 if a < b, otherwise returns 0.\n\nThe arguments a and b are meant to be `len` limbs in size, i.e. uint64_t[len]."]
1157 pub fn Hacl_Bignum64_lt_mask(len: u32, a: *mut u64, b: *mut u64) -> u64;
1158}
1159extern "C" {
1160 #[doc = "Returns 2^64 - 1 if a = b, otherwise returns 0.\n\nThe arguments a and b are meant to be `len` limbs in size, i.e. uint64_t[len]."]
1161 pub fn Hacl_Bignum64_eq_mask(len: u32, a: *mut u64, b: *mut u64) -> u64;
1162}
1163extern "C" {
1164 #[doc = "Write the HMAC-SHA-1 MAC of a message (`data`) by using a key (`key`) into `dst`.\n\nThe key can be any length and will be hashed if it is longer and padded if it is shorter than 64 byte.\n`dst` must point to 20 bytes of memory."]
1165 pub fn Hacl_HMAC_legacy_compute_sha1(
1166 dst: *mut u8,
1167 key: *mut u8,
1168 key_len: u32,
1169 data: *mut u8,
1170 data_len: u32,
1171 );
1172}
1173extern "C" {
1174 #[doc = "Write the HMAC-SHA-2-256 MAC of a message (`data`) by using a key (`key`) into `dst`.\n\nThe key can be any length and will be hashed if it is longer and padded if it is shorter than 64 bytes.\n`dst` must point to 32 bytes of memory."]
1175 pub fn Hacl_HMAC_compute_sha2_256(
1176 dst: *mut u8,
1177 key: *mut u8,
1178 key_len: u32,
1179 data: *mut u8,
1180 data_len: u32,
1181 );
1182}
1183extern "C" {
1184 #[doc = "Write the HMAC-SHA-2-384 MAC of a message (`data`) by using a key (`key`) into `dst`.\n\nThe key can be any length and will be hashed if it is longer and padded if it is shorter than 128 bytes.\n`dst` must point to 48 bytes of memory."]
1185 pub fn Hacl_HMAC_compute_sha2_384(
1186 dst: *mut u8,
1187 key: *mut u8,
1188 key_len: u32,
1189 data: *mut u8,
1190 data_len: u32,
1191 );
1192}
1193extern "C" {
1194 #[doc = "Write the HMAC-SHA-2-512 MAC of a message (`data`) by using a key (`key`) into `dst`.\n\nThe key can be any length and will be hashed if it is longer and padded if it is shorter than 128 bytes.\n`dst` must point to 64 bytes of memory."]
1195 pub fn Hacl_HMAC_compute_sha2_512(
1196 dst: *mut u8,
1197 key: *mut u8,
1198 key_len: u32,
1199 data: *mut u8,
1200 data_len: u32,
1201 );
1202}
1203extern "C" {
1204 #[doc = "Write the HMAC-BLAKE2s MAC of a message (`data`) by using a key (`key`) into `dst`.\n\nThe key can be any length and will be hashed if it is longer and padded if it is shorter than 64 bytes.\n`dst` must point to 32 bytes of memory."]
1205 pub fn Hacl_HMAC_compute_blake2s_32(
1206 dst: *mut u8,
1207 key: *mut u8,
1208 key_len: u32,
1209 data: *mut u8,
1210 data_len: u32,
1211 );
1212}
1213extern "C" {
1214 #[doc = "Write the HMAC-BLAKE2b MAC of a message (`data`) by using a key (`key`) into `dst`.\n\nThe key can be any length and will be hashed if it is longer and padded if it is shorter than 128 bytes.\n`dst` must point to 64 bytes of memory."]
1215 pub fn Hacl_HMAC_compute_blake2b_32(
1216 dst: *mut u8,
1217 key: *mut u8,
1218 key_len: u32,
1219 data: *mut u8,
1220 data_len: u32,
1221 );
1222}
1223extern "C" {
1224 #[doc = "Expand pseudorandom key to desired length.\n\n@param okm Pointer to `len` bytes of memory where output keying material is written to.\n@param prk Pointer to at least `HashLen` bytes of memory where pseudorandom key is read from. Usually, this points to the output from the extract step.\n@param prklen Length of pseudorandom key.\n@param info Pointer to `infolen` bytes of memory where context and application specific information is read from. Can be a zero-length string.\n@param infolen Length of context and application specific information.\n@param len Length of output keying material."]
1225 pub fn Hacl_HKDF_expand_sha2_256(
1226 okm: *mut u8,
1227 prk: *mut u8,
1228 prklen: u32,
1229 info: *mut u8,
1230 infolen: u32,
1231 len: u32,
1232 );
1233}
1234extern "C" {
1235 #[doc = "Extract a fixed-length pseudorandom key from input keying material.\n\n@param prk Pointer to `HashLen` bytes of memory where pseudorandom key is written to.\n@param salt Pointer to `saltlen` bytes of memory where salt value is read from.\n@param saltlen Length of salt value.\n@param ikm Pointer to `ikmlen` bytes of memory where input keying material is read from.\n@param ikmlen Length of input keying material."]
1236 pub fn Hacl_HKDF_extract_sha2_256(
1237 prk: *mut u8,
1238 salt: *mut u8,
1239 saltlen: u32,
1240 ikm: *mut u8,
1241 ikmlen: u32,
1242 );
1243}
1244extern "C" {
1245 #[doc = "Expand pseudorandom key to desired length.\n\n@param okm Pointer to `len` bytes of memory where output keying material is written to.\n@param prk Pointer to at least `HashLen` bytes of memory where pseudorandom key is read from. Usually, this points to the output from the extract step.\n@param prklen Length of pseudorandom key.\n@param info Pointer to `infolen` bytes of memory where context and application specific information is read from. Can be a zero-length string.\n@param infolen Length of context and application specific information.\n@param len Length of output keying material."]
1246 pub fn Hacl_HKDF_expand_sha2_384(
1247 okm: *mut u8,
1248 prk: *mut u8,
1249 prklen: u32,
1250 info: *mut u8,
1251 infolen: u32,
1252 len: u32,
1253 );
1254}
1255extern "C" {
1256 #[doc = "Extract a fixed-length pseudorandom key from input keying material.\n\n@param prk Pointer to `HashLen` bytes of memory where pseudorandom key is written to.\n@param salt Pointer to `saltlen` bytes of memory where salt value is read from.\n@param saltlen Length of salt value.\n@param ikm Pointer to `ikmlen` bytes of memory where input keying material is read from.\n@param ikmlen Length of input keying material."]
1257 pub fn Hacl_HKDF_extract_sha2_384(
1258 prk: *mut u8,
1259 salt: *mut u8,
1260 saltlen: u32,
1261 ikm: *mut u8,
1262 ikmlen: u32,
1263 );
1264}
1265extern "C" {
1266 #[doc = "Expand pseudorandom key to desired length.\n\n@param okm Pointer to `len` bytes of memory where output keying material is written to.\n@param prk Pointer to at least `HashLen` bytes of memory where pseudorandom key is read from. Usually, this points to the output from the extract step.\n@param prklen Length of pseudorandom key.\n@param info Pointer to `infolen` bytes of memory where context and application specific information is read from. Can be a zero-length string.\n@param infolen Length of context and application specific information.\n@param len Length of output keying material."]
1267 pub fn Hacl_HKDF_expand_sha2_512(
1268 okm: *mut u8,
1269 prk: *mut u8,
1270 prklen: u32,
1271 info: *mut u8,
1272 infolen: u32,
1273 len: u32,
1274 );
1275}
1276extern "C" {
1277 #[doc = "Extract a fixed-length pseudorandom key from input keying material.\n\n@param prk Pointer to `HashLen` bytes of memory where pseudorandom key is written to.\n@param salt Pointer to `saltlen` bytes of memory where salt value is read from.\n@param saltlen Length of salt value.\n@param ikm Pointer to `ikmlen` bytes of memory where input keying material is read from.\n@param ikmlen Length of input keying material."]
1278 pub fn Hacl_HKDF_extract_sha2_512(
1279 prk: *mut u8,
1280 salt: *mut u8,
1281 saltlen: u32,
1282 ikm: *mut u8,
1283 ikmlen: u32,
1284 );
1285}
1286extern "C" {
1287 #[doc = "Expand pseudorandom key to desired length.\n\n@param okm Pointer to `len` bytes of memory where output keying material is written to.\n@param prk Pointer to at least `HashLen` bytes of memory where pseudorandom key is read from. Usually, this points to the output from the extract step.\n@param prklen Length of pseudorandom key.\n@param info Pointer to `infolen` bytes of memory where context and application specific information is read from. Can be a zero-length string.\n@param infolen Length of context and application specific information.\n@param len Length of output keying material."]
1288 pub fn Hacl_HKDF_expand_blake2s_32(
1289 okm: *mut u8,
1290 prk: *mut u8,
1291 prklen: u32,
1292 info: *mut u8,
1293 infolen: u32,
1294 len: u32,
1295 );
1296}
1297extern "C" {
1298 #[doc = "Extract a fixed-length pseudorandom key from input keying material.\n\n@param prk Pointer to `HashLen` bytes of memory where pseudorandom key is written to.\n@param salt Pointer to `saltlen` bytes of memory where salt value is read from.\n@param saltlen Length of salt value.\n@param ikm Pointer to `ikmlen` bytes of memory where input keying material is read from.\n@param ikmlen Length of input keying material."]
1299 pub fn Hacl_HKDF_extract_blake2s_32(
1300 prk: *mut u8,
1301 salt: *mut u8,
1302 saltlen: u32,
1303 ikm: *mut u8,
1304 ikmlen: u32,
1305 );
1306}
1307extern "C" {
1308 #[doc = "Expand pseudorandom key to desired length.\n\n@param okm Pointer to `len` bytes of memory where output keying material is written to.\n@param prk Pointer to at least `HashLen` bytes of memory where pseudorandom key is read from. Usually, this points to the output from the extract step.\n@param prklen Length of pseudorandom key.\n@param info Pointer to `infolen` bytes of memory where context and application specific information is read from. Can be a zero-length string.\n@param infolen Length of context and application specific information.\n@param len Length of output keying material."]
1309 pub fn Hacl_HKDF_expand_blake2b_32(
1310 okm: *mut u8,
1311 prk: *mut u8,
1312 prklen: u32,
1313 info: *mut u8,
1314 infolen: u32,
1315 len: u32,
1316 );
1317}
1318extern "C" {
1319 #[doc = "Extract a fixed-length pseudorandom key from input keying material.\n\n@param prk Pointer to `HashLen` bytes of memory where pseudorandom key is written to.\n@param salt Pointer to `saltlen` bytes of memory where salt value is read from.\n@param saltlen Length of salt value.\n@param ikm Pointer to `ikmlen` bytes of memory where input keying material is read from.\n@param ikmlen Length of input keying material."]
1320 pub fn Hacl_HKDF_extract_blake2b_32(
1321 prk: *mut u8,
1322 salt: *mut u8,
1323 saltlen: u32,
1324 ikm: *mut u8,
1325 ikmlen: u32,
1326 );
1327}
1328pub type Hacl_HMAC_DRBG_supported_alg = Spec_Hash_Definitions_hash_alg;
1329extern "C" {
1330 #[doc = "Return the minimal entropy input length of the desired hash function.\n\n@param a Hash algorithm to use."]
1331 pub fn Hacl_HMAC_DRBG_min_length(a: Spec_Hash_Definitions_hash_alg) -> u32;
1332}
1333#[repr(C)]
1334#[derive(Debug, Copy, Clone)]
1335pub struct Hacl_HMAC_DRBG_state_s {
1336 pub k: *mut u8,
1337 pub v: *mut u8,
1338 pub reseed_counter: *mut u32,
1339}
1340pub type Hacl_HMAC_DRBG_state = Hacl_HMAC_DRBG_state_s;
1341extern "C" {
1342 pub fn Hacl_HMAC_DRBG_uu___is_State(
1343 a: Spec_Hash_Definitions_hash_alg,
1344 projectee: Hacl_HMAC_DRBG_state,
1345 ) -> bool;
1346}
1347extern "C" {
1348 #[doc = "Create a DRBG state.\n\n@param a Hash algorithm to use. The possible instantiations are ...\n `Spec_Hash_Definitions_SHA2_256`,\n `Spec_Hash_Definitions_SHA2_384`,\n `Spec_Hash_Definitions_SHA2_512`, and\n `Spec_Hash_Definitions_SHA1`."]
1349 pub fn Hacl_HMAC_DRBG_create_in(a: Spec_Hash_Definitions_hash_alg) -> Hacl_HMAC_DRBG_state;
1350}
1351extern "C" {
1352 #[doc = "Instantiate the DRBG.\n\n@param a Hash algorithm to use. (Value must match the value used in `Hacl_HMAC_DRBG_create_in`.)\n@param st Pointer to DRBG state.\n@param entropy_input_len Length of entropy input.\n@param entropy_input Pointer to `entropy_input_len` bytes of memory where entropy input is read from.\n@param nonce_len Length of nonce.\n@param nonce Pointer to `nonce_len` bytes of memory where nonce is read from.\n@param personalization_string_len length of personalization string.\n@param personalization_string Pointer to `personalization_string_len` bytes of memory where personalization string is read from."]
1353 pub fn Hacl_HMAC_DRBG_instantiate(
1354 a: Spec_Hash_Definitions_hash_alg,
1355 st: Hacl_HMAC_DRBG_state,
1356 entropy_input_len: u32,
1357 entropy_input: *mut u8,
1358 nonce_len: u32,
1359 nonce: *mut u8,
1360 personalization_string_len: u32,
1361 personalization_string: *mut u8,
1362 );
1363}
1364extern "C" {
1365 #[doc = "Reseed the DRBG.\n\n@param a Hash algorithm to use. (Value must match the value used in `Hacl_HMAC_DRBG_create_in`.)\n@param st Pointer to DRBG state.\n@param entropy_input_len Length of entropy input.\n@param entropy_input Pointer to `entropy_input_len` bytes of memory where entropy input is read from.\n@param additional_input_input_len Length of additional input.\n@param additional_input_input Pointer to `additional_input_input_len` bytes of memory where additional input is read from."]
1366 pub fn Hacl_HMAC_DRBG_reseed(
1367 a: Spec_Hash_Definitions_hash_alg,
1368 st: Hacl_HMAC_DRBG_state,
1369 entropy_input_len: u32,
1370 entropy_input: *mut u8,
1371 additional_input_input_len: u32,
1372 additional_input_input: *mut u8,
1373 );
1374}
1375extern "C" {
1376 #[doc = "Generate output.\n\n@param a Hash algorithm to use. (Value must match the value used in `create_in`.)\n@param output Pointer to `n` bytes of memory where random output is written to.\n@param st Pointer to DRBG state.\n@param n Length of desired output.\n@param additional_input_input_len Length of additional input.\n@param additional_input_input Pointer to `additional_input_input_len` bytes of memory where additional input is read from."]
1377 pub fn Hacl_HMAC_DRBG_generate(
1378 a: Spec_Hash_Definitions_hash_alg,
1379 output: *mut u8,
1380 st: Hacl_HMAC_DRBG_state,
1381 n: u32,
1382 additional_input_len: u32,
1383 additional_input: *mut u8,
1384 ) -> bool;
1385}
1386extern "C" {
1387 pub fn Hacl_HMAC_DRBG_free(uu___: Spec_Hash_Definitions_hash_alg, s: Hacl_HMAC_DRBG_state);
1388}
1389extern "C" {
1390 #[doc = "Create an ECDSA signature using SHA2-256.\n\nThe function returns `true` for successful creation of an ECDSA signature and `false` otherwise.\n\nThe outparam `signature` (R || S) points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe argument `msg` points to `msg_len` bytes of valid memory, i.e., uint8_t[msg_len].\nThe arguments `private_key` and `nonce` point to 32 bytes of valid memory, i.e., uint8_t[32].\n\nThe function also checks whether `private_key` and `nonce` are valid:\n• 0 < `private_key` < the order of the curve\n• 0 < `nonce` < the order of the curve"]
1391 pub fn Hacl_P256_ecdsa_sign_p256_sha2(
1392 signature: *mut u8,
1393 msg_len: u32,
1394 msg: *mut u8,
1395 private_key: *mut u8,
1396 nonce: *mut u8,
1397 ) -> bool;
1398}
1399extern "C" {
1400 #[doc = "Create an ECDSA signature using SHA2-384.\n\nThe function returns `true` for successful creation of an ECDSA signature and `false` otherwise.\n\nThe outparam `signature` (R || S) points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe argument `msg` points to `msg_len` bytes of valid memory, i.e., uint8_t[msg_len].\nThe arguments `private_key` and `nonce` point to 32 bytes of valid memory, i.e., uint8_t[32].\n\nThe function also checks whether `private_key` and `nonce` are valid:\n• 0 < `private_key` < the order of the curve\n• 0 < `nonce` < the order of the curve"]
1401 pub fn Hacl_P256_ecdsa_sign_p256_sha384(
1402 signature: *mut u8,
1403 msg_len: u32,
1404 msg: *mut u8,
1405 private_key: *mut u8,
1406 nonce: *mut u8,
1407 ) -> bool;
1408}
1409extern "C" {
1410 #[doc = "Create an ECDSA signature using SHA2-512.\n\nThe function returns `true` for successful creation of an ECDSA signature and `false` otherwise.\n\nThe outparam `signature` (R || S) points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe argument `msg` points to `msg_len` bytes of valid memory, i.e., uint8_t[msg_len].\nThe arguments `private_key` and `nonce` point to 32 bytes of valid memory, i.e., uint8_t[32].\n\nThe function also checks whether `private_key` and `nonce` are valid:\n• 0 < `private_key` < the order of the curve\n• 0 < `nonce` < the order of the curve"]
1411 pub fn Hacl_P256_ecdsa_sign_p256_sha512(
1412 signature: *mut u8,
1413 msg_len: u32,
1414 msg: *mut u8,
1415 private_key: *mut u8,
1416 nonce: *mut u8,
1417 ) -> bool;
1418}
1419extern "C" {
1420 #[doc = "Create an ECDSA signature WITHOUT hashing first.\n\nThis function is intended to receive a hash of the input.\nFor convenience, we recommend using one of the hash-and-sign combined functions above.\n\nThe argument `msg` MUST be at least 32 bytes (i.e. `msg_len >= 32`).\n\nNOTE: The equivalent functions in OpenSSL and Fiat-Crypto both accept inputs\nsmaller than 32 bytes. These libraries left-pad the input with enough zeroes to\nreach the minimum 32 byte size. Clients who need behavior identical to OpenSSL\nneed to perform the left-padding themselves.\n\nThe function returns `true` for successful creation of an ECDSA signature and `false` otherwise.\n\nThe outparam `signature` (R || S) points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe argument `msg` points to `msg_len` bytes of valid memory, i.e., uint8_t[msg_len].\nThe arguments `private_key` and `nonce` point to 32 bytes of valid memory, i.e., uint8_t[32].\n\nThe function also checks whether `private_key` and `nonce` are valid values:\n• 0 < `private_key` < the order of the curve\n• 0 < `nonce` < the order of the curve"]
1421 pub fn Hacl_P256_ecdsa_sign_p256_without_hash(
1422 signature: *mut u8,
1423 msg_len: u32,
1424 msg: *mut u8,
1425 private_key: *mut u8,
1426 nonce: *mut u8,
1427 ) -> bool;
1428}
1429extern "C" {
1430 #[doc = "Verify an ECDSA signature using SHA2-256.\n\nThe function returns `true` if the signature is valid and `false` otherwise.\n\nThe argument `msg` points to `msg_len` bytes of valid memory, i.e., uint8_t[msg_len].\nThe argument `public_key` (x || y) points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe arguments `signature_r` and `signature_s` point to 32 bytes of valid memory, i.e., uint8_t[32].\n\nThe function also checks whether `public_key` is valid"]
1431 pub fn Hacl_P256_ecdsa_verif_p256_sha2(
1432 msg_len: u32,
1433 msg: *mut u8,
1434 public_key: *mut u8,
1435 signature_r: *mut u8,
1436 signature_s: *mut u8,
1437 ) -> bool;
1438}
1439extern "C" {
1440 #[doc = "Verify an ECDSA signature using SHA2-384.\n\nThe function returns `true` if the signature is valid and `false` otherwise.\n\nThe argument `msg` points to `msg_len` bytes of valid memory, i.e., uint8_t[msg_len].\nThe argument `public_key` (x || y) points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe arguments `signature_r` and `signature_s` point to 32 bytes of valid memory, i.e., uint8_t[32].\n\nThe function also checks whether `public_key` is valid"]
1441 pub fn Hacl_P256_ecdsa_verif_p256_sha384(
1442 msg_len: u32,
1443 msg: *mut u8,
1444 public_key: *mut u8,
1445 signature_r: *mut u8,
1446 signature_s: *mut u8,
1447 ) -> bool;
1448}
1449extern "C" {
1450 #[doc = "Verify an ECDSA signature using SHA2-512.\n\nThe function returns `true` if the signature is valid and `false` otherwise.\n\nThe argument `msg` points to `msg_len` bytes of valid memory, i.e., uint8_t[msg_len].\nThe argument `public_key` (x || y) points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe arguments `signature_r` and `signature_s` point to 32 bytes of valid memory, i.e., uint8_t[32].\n\nThe function also checks whether `public_key` is valid"]
1451 pub fn Hacl_P256_ecdsa_verif_p256_sha512(
1452 msg_len: u32,
1453 msg: *mut u8,
1454 public_key: *mut u8,
1455 signature_r: *mut u8,
1456 signature_s: *mut u8,
1457 ) -> bool;
1458}
1459extern "C" {
1460 #[doc = "Verify an ECDSA signature WITHOUT hashing first.\n\nThis function is intended to receive a hash of the input.\nFor convenience, we recommend using one of the hash-and-verify combined functions above.\n\nThe argument `msg` MUST be at least 32 bytes (i.e. `msg_len >= 32`).\n\nThe function returns `true` if the signature is valid and `false` otherwise.\n\nThe argument `msg` points to `msg_len` bytes of valid memory, i.e., uint8_t[msg_len].\nThe argument `public_key` (x || y) points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe arguments `signature_r` and `signature_s` point to 32 bytes of valid memory, i.e., uint8_t[32].\n\nThe function also checks whether `public_key` is valid"]
1461 pub fn Hacl_P256_ecdsa_verif_without_hash(
1462 msg_len: u32,
1463 msg: *mut u8,
1464 public_key: *mut u8,
1465 signature_r: *mut u8,
1466 signature_s: *mut u8,
1467 ) -> bool;
1468}
1469extern "C" {
1470 #[doc = "Public key validation.\n\nThe function returns `true` if a public key is valid and `false` otherwise.\n\nThe argument `public_key` points to 64 bytes of valid memory, i.e., uint8_t[64].\n\nThe public key (x || y) is valid (with respect to SP 800-56A):\n• the public key is not the “point at infinity”, represented as O.\n• the affine x and y coordinates of the point represented by the public key are\nin the range [0, p – 1] where p is the prime defining the finite field.\n• y^2 = x^3 + ax + b where a and b are the coefficients of the curve equation.\nThe last extract is taken from: https://neilmadden.blog/2017/05/17/so-how-do-you-validate-nist-ecdh-public-keys/"]
1471 pub fn Hacl_P256_validate_public_key(public_key: *mut u8) -> bool;
1472}
1473extern "C" {
1474 #[doc = "Private key validation.\n\nThe function returns `true` if a private key is valid and `false` otherwise.\n\nThe argument `private_key` points to 32 bytes of valid memory, i.e., uint8_t[32].\n\nThe private key is valid:\n• 0 < `private_key` < the order of the curve"]
1475 pub fn Hacl_P256_validate_private_key(private_key: *mut u8) -> bool;
1476}
1477extern "C" {
1478 #[doc = "Convert a public key from uncompressed to its raw form.\n\nThe function returns `true` for successful conversion of a public key and `false` otherwise.\n\nThe outparam `pk_raw` points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe argument `pk` points to 65 bytes of valid memory, i.e., uint8_t[65].\n\nThe function DOESN'T check whether (x, y) is a valid point."]
1479 pub fn Hacl_P256_uncompressed_to_raw(pk: *mut u8, pk_raw: *mut u8) -> bool;
1480}
1481extern "C" {
1482 #[doc = "Convert a public key from compressed to its raw form.\n\nThe function returns `true` for successful conversion of a public key and `false` otherwise.\n\nThe outparam `pk_raw` points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe argument `pk` points to 33 bytes of valid memory, i.e., uint8_t[33].\n\nThe function also checks whether (x, y) is a valid point."]
1483 pub fn Hacl_P256_compressed_to_raw(pk: *mut u8, pk_raw: *mut u8) -> bool;
1484}
1485extern "C" {
1486 #[doc = "Convert a public key from raw to its uncompressed form.\n\nThe outparam `pk` points to 65 bytes of valid memory, i.e., uint8_t[65].\nThe argument `pk_raw` points to 64 bytes of valid memory, i.e., uint8_t[64].\n\nThe function DOESN'T check whether (x, y) is a valid point."]
1487 pub fn Hacl_P256_raw_to_uncompressed(pk_raw: *mut u8, pk: *mut u8);
1488}
1489extern "C" {
1490 #[doc = "Convert a public key from raw to its compressed form.\n\nThe outparam `pk` points to 33 bytes of valid memory, i.e., uint8_t[33].\nThe argument `pk_raw` points to 64 bytes of valid memory, i.e., uint8_t[64].\n\nThe function DOESN'T check whether (x, y) is a valid point."]
1491 pub fn Hacl_P256_raw_to_compressed(pk_raw: *mut u8, pk: *mut u8);
1492}
1493extern "C" {
1494 #[doc = "Compute the public key from the private key.\n\nThe function returns `true` if a private key is valid and `false` otherwise.\n\nThe outparam `public_key` points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe argument `private_key` points to 32 bytes of valid memory, i.e., uint8_t[32].\n\nThe private key is valid:\n• 0 < `private_key` < the order of the curve."]
1495 pub fn Hacl_P256_dh_initiator(public_key: *mut u8, private_key: *mut u8) -> bool;
1496}
1497extern "C" {
1498 #[doc = "Execute the diffie-hellmann key exchange.\n\nThe function returns `true` for successful creation of an ECDH shared secret and\n`false` otherwise.\n\nThe outparam `shared_secret` points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe argument `their_pubkey` points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe argument `private_key` points to 32 bytes of valid memory, i.e., uint8_t[32].\n\nThe function also checks whether `private_key` and `their_pubkey` are valid."]
1499 pub fn Hacl_P256_dh_responder(
1500 shared_secret: *mut u8,
1501 their_pubkey: *mut u8,
1502 private_key: *mut u8,
1503 ) -> bool;
1504}
1505extern "C" {
1506 #[doc = "Sign a message `msg` and write the signature to `sgnt`.\n\n@param a Hash algorithm to use. Allowed values for `a` are ...\n Spec_Hash_Definitions_SHA2_256,\n Spec_Hash_Definitions_SHA2_384, and\n Spec_Hash_Definitions_SHA2_512.\n@param modBits Count of bits in the modulus (`n`).\n@param eBits Count of bits in `e` value.\n@param dBits Count of bits in `d` value.\n@param skey Pointer to secret key created by `Hacl_RSAPSS_new_rsapss_load_skey`.\n@param saltLen Length of salt.\n@param salt Pointer to `saltLen` bytes where the salt is read from.\n@param msgLen Length of message.\n@param msg Pointer to `msgLen` bytes where the message is read from.\n@param sgnt Pointer to `ceil(modBits / 8)` bytes where the signature is written to.\n\n@return Returns true if and only if signing was successful."]
1507 pub fn Hacl_RSAPSS_rsapss_sign(
1508 a: Spec_Hash_Definitions_hash_alg,
1509 modBits: u32,
1510 eBits: u32,
1511 dBits: u32,
1512 skey: *mut u64,
1513 saltLen: u32,
1514 salt: *mut u8,
1515 msgLen: u32,
1516 msg: *mut u8,
1517 sgnt: *mut u8,
1518 ) -> bool;
1519}
1520extern "C" {
1521 #[doc = "Verify the signature `sgnt` of a message `msg`.\n\n@param a Hash algorithm to use.\n@param modBits Count of bits in the modulus (`n`).\n@param eBits Count of bits in `e` value.\n@param pkey Pointer to public key created by `Hacl_RSAPSS_new_rsapss_load_pkey`.\n@param saltLen Length of salt.\n@param sgntLen Length of signature.\n@param sgnt Pointer to `sgntLen` bytes where the signature is read from.\n@param msgLen Length of message.\n@param msg Pointer to `msgLen` bytes where the message is read from.\n\n@return Returns true if and only if the signature is valid."]
1522 pub fn Hacl_RSAPSS_rsapss_verify(
1523 a: Spec_Hash_Definitions_hash_alg,
1524 modBits: u32,
1525 eBits: u32,
1526 pkey: *mut u64,
1527 saltLen: u32,
1528 sgntLen: u32,
1529 sgnt: *mut u8,
1530 msgLen: u32,
1531 msg: *mut u8,
1532 ) -> bool;
1533}
1534extern "C" {
1535 #[doc = "Load a public key from key parts.\n\n@param modBits Count of bits in modulus (`n`).\n@param eBits Count of bits in `e` value.\n@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`) is read from.\n@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value is read from.\n\n@return Returns an allocated public key. Note: caller must take care to `free()` the created key."]
1536 pub fn Hacl_RSAPSS_new_rsapss_load_pkey(
1537 modBits: u32,
1538 eBits: u32,
1539 nb: *mut u8,
1540 eb: *mut u8,
1541 ) -> *mut u64;
1542}
1543extern "C" {
1544 #[doc = "Load a secret key from key parts.\n\n@param modBits Count of bits in modulus (`n`).\n@param eBits Count of bits in `e` value.\n@param dBits Count of bits in `d` value.\n@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`) is read from.\n@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value is read from.\n@param db Pointer to `ceil(modBits / 8)` bytes where the `d` value is read from.\n\n@return Returns an allocated secret key. Note: caller must take care to `free()` the created key."]
1545 pub fn Hacl_RSAPSS_new_rsapss_load_skey(
1546 modBits: u32,
1547 eBits: u32,
1548 dBits: u32,
1549 nb: *mut u8,
1550 eb: *mut u8,
1551 db: *mut u8,
1552 ) -> *mut u64;
1553}
1554extern "C" {
1555 #[doc = "Sign a message `msg` and write the signature to `sgnt`.\n\n@param a Hash algorithm to use.\n@param modBits Count of bits in the modulus (`n`).\n@param eBits Count of bits in `e` value.\n@param dBits Count of bits in `d` value.\n@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`) is read from.\n@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value is read from.\n@param db Pointer to `ceil(modBits / 8)` bytes where the `d` value is read from.\n@param saltLen Length of salt.\n@param salt Pointer to `saltLen` bytes where the salt is read from.\n@param msgLen Length of message.\n@param msg Pointer to `msgLen` bytes where the message is read from.\n@param sgnt Pointer to `ceil(modBits / 8)` bytes where the signature is written to.\n\n@return Returns true if and only if signing was successful."]
1556 pub fn Hacl_RSAPSS_rsapss_skey_sign(
1557 a: Spec_Hash_Definitions_hash_alg,
1558 modBits: u32,
1559 eBits: u32,
1560 dBits: u32,
1561 nb: *mut u8,
1562 eb: *mut u8,
1563 db: *mut u8,
1564 saltLen: u32,
1565 salt: *mut u8,
1566 msgLen: u32,
1567 msg: *mut u8,
1568 sgnt: *mut u8,
1569 ) -> bool;
1570}
1571extern "C" {
1572 #[doc = "Verify the signature `sgnt` of a message `msg`.\n\n@param a Hash algorithm to use.\n@param modBits Count of bits in the modulus (`n`).\n@param eBits Count of bits in `e` value.\n@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`) is read from.\n@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value is read from.\n@param saltLen Length of salt.\n@param sgntLen Length of signature.\n@param sgnt Pointer to `sgntLen` bytes where the signature is read from.\n@param msgLen Length of message.\n@param msg Pointer to `msgLen` bytes where the message is read from.\n\n@return Returns true if and only if the signature is valid."]
1573 pub fn Hacl_RSAPSS_rsapss_pkey_verify(
1574 a: Spec_Hash_Definitions_hash_alg,
1575 modBits: u32,
1576 eBits: u32,
1577 nb: *mut u8,
1578 eb: *mut u8,
1579 saltLen: u32,
1580 sgntLen: u32,
1581 sgnt: *mut u8,
1582 msgLen: u32,
1583 msg: *mut u8,
1584 ) -> bool;
1585}
1586extern "C" {
1587 #[doc = "The mask generation function defined in the Public Key Cryptography Standard #1\n(https://www.ietf.org/rfc/rfc2437.txt Section 10.2.1)"]
1588 pub fn Hacl_RSAPSS_mgf_hash(
1589 a: Spec_Hash_Definitions_hash_alg,
1590 len: u32,
1591 mgfseed: *mut u8,
1592 maskLen: u32,
1593 res: *mut u8,
1594 );
1595}