From 3735cbab64f4d424a9951467f7d4938d7ea41965 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Mon, 4 Sep 2023 14:25:37 +0200 Subject: [PATCH 01/17] wip for wasm support --- Cargo.toml | 3 +- build.rs | 28 ++-- src/lib.rs | 1 + sys/hacl/Cargo.toml | 3 +- sys/hacl/build.rs | 21 ++- sys/hacl/src/bindings.rs | 348 ++++++--------------------------------- 6 files changed, 90 insertions(+), 314 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index bdb2ed591..2949f3b03 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -20,6 +20,7 @@ libcrux_platform = { version = "=0.0.1", path = "sys/platform" } libcrux-hacl = { version = "=0.0.1", path = "sys/hacl" } libcrux_platform = { version = "=0.0.1", path = "sys/platform" } rand = { version = "0.8" } +getrandom = { version = "0.2", features = ["js"]} log = "0.4" [target.'cfg(all(not(target_os = "windows"), any(target_arch = "x86_64", target_arch = "x86")))'.dependencies] @@ -76,7 +77,7 @@ name = "drbg" harness = false [features] -hacspec = [] # TODO: #7 Use specs instead of efficient implementations +hacspec = [] # TODO: #7 Use specs instead of efficient implementations rand = [] # [patch.crates-io] diff --git a/build.rs b/build.rs index 770ebf0de..dc5572520 100644 --- a/build.rs +++ b/build.rs @@ -1,16 +1,16 @@ fn main() { - if libcrux_platform::simd128_support() { - println!("cargo:rustc-cfg=simd128"); - } - if libcrux_platform::simd256_support() { - println!("cargo:rustc-cfg=simd256"); - } - if libcrux_platform::bmi2_adx_support() { - println!("cargo:rustc-cfg=bmi2"); - println!("cargo:rustc-cfg=adx"); - } - #[cfg(any(target_arch = "x86", target_arch = "x86_64"))] - if libcrux_platform::aes_ni_support() { - println!("cargo:rustc-cfg=aes_ni"); - } + // if libcrux_platform::simd128_support() { + // println!("cargo:rustc-cfg=simd128"); + // } + // if libcrux_platform::simd256_support() { + // println!("cargo:rustc-cfg=simd256"); + // } + // if libcrux_platform::bmi2_adx_support() { + // println!("cargo:rustc-cfg=bmi2"); + // println!("cargo:rustc-cfg=adx"); + // } + // #[cfg(any(target_arch = "x86", target_arch = "x86_64"))] + // if libcrux_platform::aes_ni_support() { + // println!("cargo:rustc-cfg=aes_ni"); + // } } diff --git a/src/lib.rs b/src/lib.rs index 4983a6ead..148633bf6 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -16,6 +16,7 @@ pub(crate) mod hacl; // libcrux pub mod aead; +#[cfg(not(target_arch ="wasm32"))] pub mod bls12; pub mod digest; pub mod drbg; diff --git a/sys/hacl/Cargo.toml b/sys/hacl/Cargo.toml index 2e69439cf..539a05fb2 100644 --- a/sys/hacl/Cargo.toml +++ b/sys/hacl/Cargo.toml @@ -3,7 +3,8 @@ name = "libcrux-hacl" version = "0.0.1" edition = "2021" -# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html +[lib] +crate-type = ["cdylib", "rlib"] [dependencies] diff --git a/sys/hacl/build.rs b/sys/hacl/build.rs index b64d2f1dd..af03d419f 100644 --- a/sys/hacl/build.rs +++ b/sys/hacl/build.rs @@ -96,6 +96,9 @@ fn create_bindings(platform: Platform, home_dir: &Path) { // Header to wrap EverCrypt_AutoConfig2 .header("c/config/vale-aes.h"); } + clang_args.push( + "--sysroot=/Users/franziskus/repos/emsdk/upstream/emscripten/cache/sysroot".to_string(), + ); let generated_bindings = bindings // Set include paths for HACL headers @@ -171,6 +174,7 @@ fn compile_files( build.include(include); } build.opt_level(3); + // build.flag("--sysroot=/Users/franziskus/repos/emsdk/upstream/emscripten/cache/sysroot"); for arg in args { build.flag(arg); } @@ -359,7 +363,7 @@ fn build(platform: Platform, home_path: &Path) { compile_files("libhacl.a", &files, &[], home_path, &[], &defines); } -#[derive(Clone, Copy, Debug)] +#[derive(Clone, Copy, Debug, Default)] #[allow(dead_code)] struct Platform { simd128: bool, @@ -378,6 +382,21 @@ fn main() { let home_path = Path::new(&home_dir); let out_dir = env::var("OUT_DIR").unwrap(); let out_path = Path::new(&out_dir); + let prebuilt_hacl_path = env::var("HACL_STATIC_PATH"); + let prebuilt_hacl_name = env::var("HACL_STATIC_LIB"); + + // If we have a prebuilt binary, we don't do anything here. + // NOTE: the binary must match the bindings in this crate. + if let Ok(prebuilt_hacl_name) = prebuilt_hacl_name { + // Generate new bindings. + create_bindings(Platform::default(), home_path); + + println!("cargo:rustc-link-lib={}={}", "static", prebuilt_hacl_name); + if let Ok(prebuilt_hacl_path) = prebuilt_hacl_path { + println!("cargo:rustc-link-search=native={}", prebuilt_hacl_path); + } + return; + } // Check platform support let platform = Platform { diff --git a/sys/hacl/src/bindings.rs b/sys/hacl/src/bindings.rs index 2bdeabf31..f3b5f91ef 100644 --- a/sys/hacl/src/bindings.rs +++ b/sys/hacl/src/bindings.rs @@ -1,313 +1,67 @@ -/* automatically generated by rust-bindgen 0.63.0 */ +/* automatically generated by rust-bindgen 0.66.1 */ -pub type FStar_UInt128_uint128 = u128; -extern "C" { - #[doc = "Encrypt a message `m` with key `k`.\n\nThe arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption.\nNote: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory.\n\n@param k Pointer to 32 bytes of memory where the AEAD key is read from.\n@param n Pointer to 12 bytes of memory where the AEAD nonce is read from.\n@param aadlen Length of the associated data.\n@param aad Pointer to `aadlen` bytes of memory where the associated data is read from.\n\n@param mlen Length of the message.\n@param m Pointer to `mlen` bytes of memory where the message is read from.\n@param cipher Pointer to `mlen` bytes of memory where the ciphertext is written to.\n@param mac Pointer to 16 bytes of memory where the mac is written to."] - pub fn Hacl_Chacha20Poly1305_32_aead_encrypt( - k: *mut u8, - n: *mut u8, - aadlen: u32, - aad: *mut u8, - mlen: u32, - m: *mut u8, - cipher: *mut u8, - mac: *mut u8, - ); -} -extern "C" { - #[doc = "Decrypt a ciphertext `cipher` with key `k`.\n\nThe arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption.\nNote: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory.\n\nIf decryption succeeds, the resulting plaintext is stored in `m` and the function returns the success code 0.\nIf decryption fails, the array `m` remains unchanged and the function returns the error code 1.\n\n@param k Pointer to 32 bytes of memory where the AEAD key is read from.\n@param n Pointer to 12 bytes of memory where the AEAD nonce is read from.\n@param aadlen Length of the associated data.\n@param aad Pointer to `aadlen` bytes of memory where the associated data is read from.\n\n@param mlen Length of the ciphertext.\n@param m Pointer to `mlen` bytes of memory where the message is written to.\n@param cipher Pointer to `mlen` bytes of memory where the ciphertext is read from.\n@param mac Pointer to 16 bytes of memory where the mac is read from.\n\n@returns 0 on succeess; 1 on failure."] - pub fn Hacl_Chacha20Poly1305_32_aead_decrypt( - k: *mut u8, - n: *mut u8, - aadlen: u32, - aad: *mut u8, - mlen: u32, - m: *mut u8, - cipher: *mut u8, - mac: *mut u8, - ) -> u32; -} -extern "C" { - #[doc = "Compute the scalar multiple of a point.\n\n@param out Pointer to 32 bytes of memory, allocated by the caller, where the resulting point is written to.\n@param priv Pointer to 32 bytes of memory where the secret/private key is read from.\n@param pub Pointer to 32 bytes of memory where the public point is read from."] - pub fn Hacl_Curve25519_51_scalarmult(out: *mut u8, priv_: *mut u8, pub_: *mut u8); -} -extern "C" { - #[doc = "Calculate a public point from a secret/private key.\n\nThis computes a scalar multiplication of the secret/private key with the curve's basepoint.\n\n@param pub Pointer to 32 bytes of memory, allocated by the caller, where the resulting point is written to.\n@param priv Pointer to 32 bytes of memory where the secret/private key is read from."] - pub fn Hacl_Curve25519_51_secret_to_public(pub_: *mut u8, priv_: *mut u8); -} -extern "C" { - #[doc = "Execute the diffie-hellmann key exchange.\n\n@param out Pointer to 32 bytes of memory, allocated by the caller, where the resulting point is written to.\n@param priv Pointer to 32 bytes of memory where **our** secret/private key is read from.\n@param pub Pointer to 32 bytes of memory where **their** public point is read from."] - pub fn Hacl_Curve25519_51_ecdh(out: *mut u8, priv_: *mut u8, pub_: *mut u8) -> bool; -} -extern "C" { - pub fn Hacl_Hash_SHA2_update_multi_224(s: *mut u32, blocks: *mut u8, n_blocks: u32); -} -extern "C" { - pub fn Hacl_Hash_SHA2_update_multi_256(s: *mut u32, blocks: *mut u8, n_blocks: u32); -} -extern "C" { - pub fn Hacl_Hash_SHA2_update_last_224( - s: *mut u32, - prev_len: u64, - input: *mut u8, - input_len: u32, - ); -} -extern "C" { - pub fn Hacl_Hash_SHA2_update_last_256( - s: *mut u32, - prev_len: u64, - input: *mut u8, - input_len: u32, - ); -} -extern "C" { - pub fn Hacl_Hash_SHA2_hash_224(input: *mut u8, input_len: u32, dst: *mut u8); -} -extern "C" { - pub fn Hacl_Hash_SHA2_hash_256(input: *mut u8, input_len: u32, dst: *mut u8); -} -extern "C" { - pub fn Hacl_Hash_SHA2_hash_384(input: *mut u8, input_len: u32, dst: *mut u8); -} -extern "C" { - pub fn Hacl_Hash_SHA2_hash_512(input: *mut u8, input_len: u32, dst: *mut u8); -} +pub const Spec_Hash_Definitions_SHA2_224: u32 = 0; +pub const Spec_Hash_Definitions_SHA2_256: u32 = 1; +pub const Spec_Hash_Definitions_SHA2_384: u32 = 2; +pub const Spec_Hash_Definitions_SHA2_512: u32 = 3; +pub const Spec_Hash_Definitions_SHA1: u32 = 4; +pub const Spec_Hash_Definitions_MD5: u32 = 5; +pub const Spec_Hash_Definitions_Blake2S: u32 = 6; +pub const Spec_Hash_Definitions_Blake2B: u32 = 7; +pub const Spec_Hash_Definitions_SHA3_256: u32 = 8; +pub const Spec_Hash_Definitions_SHA3_224: u32 = 9; +pub const Spec_Hash_Definitions_SHA3_384: u32 = 10; +pub const Spec_Hash_Definitions_SHA3_512: u32 = 11; +pub const Spec_Hash_Definitions_Shake128: u32 = 12; +pub const Spec_Hash_Definitions_Shake256: u32 = 13; +pub const Hacl_Streaming_Types_Success: u32 = 0; +pub const Hacl_Streaming_Types_InvalidAlgorithm: u32 = 1; +pub const Hacl_Streaming_Types_InvalidLength: u32 = 2; +pub const Hacl_Streaming_Types_MaximumLengthExceeded: u32 = 3; +pub type Spec_Hash_Definitions_hash_alg = u8; +pub type Hacl_Streaming_Types_error_code = u8; #[repr(C)] #[derive(Debug, Copy, Clone)] -pub struct Hacl_Streaming_SHA2_state_sha2_224_s { +pub struct Hacl_Streaming_MD_state_32_s { pub block_state: *mut u32, pub buf: *mut u8, pub total_len: u64, } -pub type Hacl_Streaming_SHA2_state_sha2_224 = Hacl_Streaming_SHA2_state_sha2_224_s; -pub type Hacl_Streaming_SHA2_state_sha2_256 = Hacl_Streaming_SHA2_state_sha2_224; +pub type Hacl_Streaming_MD_state_32 = Hacl_Streaming_MD_state_32_s; #[repr(C)] #[derive(Debug, Copy, Clone)] -pub struct Hacl_Streaming_SHA2_state_sha2_384_s { +pub struct Hacl_Streaming_MD_state_64_s { pub block_state: *mut u64, pub buf: *mut u8, pub total_len: u64, } -pub type Hacl_Streaming_SHA2_state_sha2_384 = Hacl_Streaming_SHA2_state_sha2_384_s; -pub type Hacl_Streaming_SHA2_state_sha2_512 = Hacl_Streaming_SHA2_state_sha2_384; -extern "C" { - pub fn Hacl_Streaming_SHA2_create_in_224() -> *mut Hacl_Streaming_SHA2_state_sha2_224; -} -extern "C" { - pub fn Hacl_Streaming_SHA2_init_224(s: *mut Hacl_Streaming_SHA2_state_sha2_224); -} -extern "C" { - #[doc = "0 = success, 1 = max length exceeded"] - pub fn Hacl_Streaming_SHA2_update_224( - p: *mut Hacl_Streaming_SHA2_state_sha2_224, - data: *mut u8, - len: u32, - ) -> u32; -} -extern "C" { - pub fn Hacl_Streaming_SHA2_finish_224(p: *mut Hacl_Streaming_SHA2_state_sha2_224, dst: *mut u8); -} -extern "C" { - pub fn Hacl_Streaming_SHA2_free_224(s: *mut Hacl_Streaming_SHA2_state_sha2_224); -} -extern "C" { - pub fn Hacl_Streaming_SHA2_create_in_256() -> *mut Hacl_Streaming_SHA2_state_sha2_224; -} -extern "C" { - pub fn Hacl_Streaming_SHA2_init_256(s: *mut Hacl_Streaming_SHA2_state_sha2_224); -} -extern "C" { - #[doc = "0 = success, 1 = max length exceeded"] - pub fn Hacl_Streaming_SHA2_update_256( - p: *mut Hacl_Streaming_SHA2_state_sha2_224, - data: *mut u8, - len: u32, - ) -> u32; -} -extern "C" { - pub fn Hacl_Streaming_SHA2_finish_256(p: *mut Hacl_Streaming_SHA2_state_sha2_224, dst: *mut u8); -} -extern "C" { - pub fn Hacl_Streaming_SHA2_free_256(s: *mut Hacl_Streaming_SHA2_state_sha2_224); -} -extern "C" { - pub fn Hacl_Streaming_SHA2_create_in_384() -> *mut Hacl_Streaming_SHA2_state_sha2_384; -} -extern "C" { - pub fn Hacl_Streaming_SHA2_init_384(s: *mut Hacl_Streaming_SHA2_state_sha2_384); -} -extern "C" { - #[doc = "0 = success, 1 = max length exceeded"] - pub fn Hacl_Streaming_SHA2_update_384( - p: *mut Hacl_Streaming_SHA2_state_sha2_384, - data: *mut u8, - len: u32, - ) -> u32; -} -extern "C" { - pub fn Hacl_Streaming_SHA2_finish_384(p: *mut Hacl_Streaming_SHA2_state_sha2_384, dst: *mut u8); -} -extern "C" { - pub fn Hacl_Streaming_SHA2_free_384(s: *mut Hacl_Streaming_SHA2_state_sha2_384); -} -extern "C" { - pub fn Hacl_Streaming_SHA2_create_in_512() -> *mut Hacl_Streaming_SHA2_state_sha2_384; -} -extern "C" { - pub fn Hacl_Streaming_SHA2_init_512(s: *mut Hacl_Streaming_SHA2_state_sha2_384); -} -extern "C" { - #[doc = "0 = success, 1 = max length exceeded"] - pub fn Hacl_Streaming_SHA2_update_512( - p: *mut Hacl_Streaming_SHA2_state_sha2_384, - data: *mut u8, - len: u32, - ) -> u32; -} -extern "C" { - pub fn Hacl_Streaming_SHA2_finish_512(p: *mut Hacl_Streaming_SHA2_state_sha2_384, dst: *mut u8); -} -extern "C" { - pub fn Hacl_Streaming_SHA2_free_512(s: *mut Hacl_Streaming_SHA2_state_sha2_384); -} -extern "C" { - pub fn Hacl_SHA3_shake128_hacl( - inputByteLen: u32, - input: *mut u8, - outputByteLen: u32, - output: *mut u8, - ); -} -extern "C" { - pub fn Hacl_SHA3_shake256_hacl( - inputByteLen: u32, - input: *mut u8, - outputByteLen: u32, - output: *mut u8, - ); -} -extern "C" { - pub fn Hacl_SHA3_sha3_224(inputByteLen: u32, input: *mut u8, output: *mut u8); -} -extern "C" { - pub fn Hacl_SHA3_sha3_256(inputByteLen: u32, input: *mut u8, output: *mut u8); -} -extern "C" { - pub fn Hacl_SHA3_sha3_384(inputByteLen: u32, input: *mut u8, output: *mut u8); -} -extern "C" { - pub fn Hacl_SHA3_sha3_512(inputByteLen: u32, input: *mut u8, output: *mut u8); -} -extern "C" { - pub fn Hacl_Streaming_SHA3_create_in_256() -> *mut Hacl_Streaming_SHA2_state_sha2_384; -} -extern "C" { - pub fn Hacl_Streaming_SHA3_init_256(s: *mut Hacl_Streaming_SHA2_state_sha2_384); -} -extern "C" { - #[doc = "0 = success, 1 = max length exceeded. Due to internal limitations, there is currently an arbitrary limit of 2^64-1 bytes that can be hashed through this interface."] - pub fn Hacl_Streaming_SHA3_update_256( - p: *mut Hacl_Streaming_SHA2_state_sha2_384, - data: *mut u8, - len: u32, - ) -> u32; -} -extern "C" { - pub fn Hacl_Streaming_SHA3_finish_256(p: *mut Hacl_Streaming_SHA2_state_sha2_384, dst: *mut u8); -} -extern "C" { - pub fn Hacl_Streaming_SHA3_free_256(s: *mut Hacl_Streaming_SHA2_state_sha2_384); -} -extern "C" { - pub fn Hacl_Blake2b_32_blake2b_init(hash: *mut u64, kk: u32, nn: u32); -} -extern "C" { - pub fn Hacl_Blake2b_32_blake2b_update_key( - wv: *mut u64, - hash: *mut u64, - kk: u32, - k: *mut u8, - ll: u32, - ); -} -extern "C" { - pub fn Hacl_Blake2b_32_blake2b_update_multi( - len: u32, - wv: *mut u64, - hash: *mut u64, - prev: FStar_UInt128_uint128, - blocks: *mut u8, - nb: u32, - ); -} -extern "C" { - pub fn Hacl_Blake2b_32_blake2b_update_last( - len: u32, - wv: *mut u64, - hash: *mut u64, - prev: FStar_UInt128_uint128, - rem: u32, - d: *mut u8, - ); -} -extern "C" { - pub fn Hacl_Blake2b_32_blake2b_finish(nn: u32, output: *mut u8, hash: *mut u64); -} -extern "C" { - #[doc = "Write the BLAKE2b digest of message `d` using key `k` into `output`.\n\n@param nn Length of the to-be-generated digest with 1 <= `nn` <= 64.\n@param output Pointer to `nn` bytes of memory where the digest is written to.\n@param ll Length of the input message.\n@param d Pointer to `ll` bytes of memory where the input message is read from.\n@param kk Length of the key. Can be 0.\n@param k Pointer to `kk` bytes of memory where the key is read from."] - pub fn Hacl_Blake2b_32_blake2b( - nn: u32, - output: *mut u8, - ll: u32, - d: *mut u8, - kk: u32, - k: *mut u8, - ); -} -extern "C" { - pub fn Hacl_Blake2s_32_blake2s_init(hash: *mut u32, kk: u32, nn: u32); -} -extern "C" { - pub fn Hacl_Blake2s_32_blake2s_update_key( - wv: *mut u32, - hash: *mut u32, - kk: u32, - k: *mut u8, - ll: u32, - ); -} -extern "C" { - pub fn Hacl_Blake2s_32_blake2s_update_multi( - len: u32, - wv: *mut u32, - hash: *mut u32, - prev: u64, - blocks: *mut u8, - nb: u32, - ); -} -extern "C" { - pub fn Hacl_Blake2s_32_blake2s_update_last( - len: u32, - wv: *mut u32, - hash: *mut u32, - prev: u64, - rem: u32, - d: *mut u8, - ); +pub type Hacl_Streaming_MD_state_64 = Hacl_Streaming_MD_state_64_s; +pub type Hacl_Streaming_SHA1_state = Hacl_Streaming_MD_state_32; +pub type Hacl_Streaming_SHA2_state_sha2_224 = Hacl_Streaming_MD_state_32; +pub type Hacl_Streaming_SHA2_state_sha2_256 = Hacl_Streaming_MD_state_32; +pub type Hacl_Streaming_SHA2_state_sha2_384 = Hacl_Streaming_MD_state_64; +pub type Hacl_Streaming_SHA2_state_sha2_512 = Hacl_Streaming_MD_state_64; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct Hacl_Streaming_Keccak_hash_buf_s { + pub fst: Spec_Hash_Definitions_hash_alg, + pub snd: *mut u64, } -extern "C" { - pub fn Hacl_Blake2s_32_blake2s_finish(nn: u32, output: *mut u8, hash: *mut u32); +pub type Hacl_Streaming_Keccak_hash_buf = Hacl_Streaming_Keccak_hash_buf_s; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct Hacl_Streaming_Keccak_state_s { + pub block_state: Hacl_Streaming_Keccak_hash_buf, + pub buf: *mut u8, + pub total_len: u64, } -extern "C" { - #[doc = "Write the BLAKE2s digest of message `d` using key `k` into `output`.\n\n@param nn Length of to-be-generated digest with 1 <= `nn` <= 32.\n@param output Pointer to `nn` bytes of memory where the digest is written to.\n@param ll Length of the input message.\n@param d Pointer to `ll` bytes of memory where the input message is read from.\n@param kk Length of the key. Can be 0.\n@param k Pointer to `kk` bytes of memory where the key is read from."] - pub fn Hacl_Blake2s_32_blake2s( - nn: u32, - output: *mut u8, - ll: u32, - d: *mut u8, - kk: u32, - k: *mut u8, - ); +pub type Hacl_Streaming_Keccak_state = Hacl_Streaming_Keccak_state_s; +pub type Hacl_HMAC_DRBG_supported_alg = Spec_Hash_Definitions_hash_alg; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct Hacl_HMAC_DRBG_state_s { + pub k: *mut u8, + pub v: *mut u8, + pub reseed_counter: *mut u32, } +pub type Hacl_HMAC_DRBG_state = Hacl_HMAC_DRBG_state_s; From fb6226158047fd06b12c2bf9a87b4a023d942e8c Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Tue, 5 Sep 2023 08:57:49 +0200 Subject: [PATCH 02/17] towards something with wasm --- sys/hacl/Cargo.toml | 1 + sys/hacl/build.rs | 12 +- sys/hacl/src/bindings.rs | 769 +++++++++++++++++++++++++++++++++++++++ sys/hacl/src/lib.rs | 17 + 4 files changed, 793 insertions(+), 6 deletions(-) diff --git a/sys/hacl/Cargo.toml b/sys/hacl/Cargo.toml index 539a05fb2..46b866c3a 100644 --- a/sys/hacl/Cargo.toml +++ b/sys/hacl/Cargo.toml @@ -17,3 +17,4 @@ bindgen = "0.66" [dev-dependencies] hex = "0.4.3" +wasm-bindgen-test = "0.3" diff --git a/sys/hacl/build.rs b/sys/hacl/build.rs index af03d419f..e72d639a8 100644 --- a/sys/hacl/build.rs +++ b/sys/hacl/build.rs @@ -96,9 +96,12 @@ fn create_bindings(platform: Platform, home_dir: &Path) { // Header to wrap EverCrypt_AutoConfig2 .header("c/config/vale-aes.h"); } - clang_args.push( - "--sysroot=/Users/franziskus/repos/emsdk/upstream/emscripten/cache/sysroot".to_string(), - ); + // if cfg!(target_arch = "wasm32") { + clang_args.push( + // "--sysroot=/Users/franziskus/repos/emsdk/upstream/emscripten/cache/sysroot".to_string(), + "-I=/Users/franziskus/repos/emsdk/upstream/emscripten/cache/sysroot/include".to_string(), + ); + // } let generated_bindings = bindings // Set include paths for HACL headers @@ -388,9 +391,6 @@ fn main() { // If we have a prebuilt binary, we don't do anything here. // NOTE: the binary must match the bindings in this crate. if let Ok(prebuilt_hacl_name) = prebuilt_hacl_name { - // Generate new bindings. - create_bindings(Platform::default(), home_path); - println!("cargo:rustc-link-lib={}={}", "static", prebuilt_hacl_name); if let Ok(prebuilt_hacl_path) = prebuilt_hacl_path { println!("cargo:rustc-link-search=native={}", prebuilt_hacl_path); diff --git a/sys/hacl/src/bindings.rs b/sys/hacl/src/bindings.rs index f3b5f91ef..c371d388b 100644 --- a/sys/hacl/src/bindings.rs +++ b/sys/hacl/src/bindings.rs @@ -18,6 +18,45 @@ pub const Hacl_Streaming_Types_Success: u32 = 0; pub const Hacl_Streaming_Types_InvalidAlgorithm: u32 = 1; pub const Hacl_Streaming_Types_InvalidLength: u32 = 2; pub const Hacl_Streaming_Types_MaximumLengthExceeded: u32 = 3; +pub type FStar_UInt128_uint128 = u128; +extern "C" { + #[doc = "Encrypt a message `m` with key `k`.\n\nThe arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption.\nNote: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory.\n\n@param k Pointer to 32 bytes of memory where the AEAD key is read from.\n@param n Pointer to 12 bytes of memory where the AEAD nonce is read from.\n@param aadlen Length of the associated data.\n@param aad Pointer to `aadlen` bytes of memory where the associated data is read from.\n\n@param mlen Length of the message.\n@param m Pointer to `mlen` bytes of memory where the message is read from.\n@param cipher Pointer to `mlen` bytes of memory where the ciphertext is written to.\n@param mac Pointer to 16 bytes of memory where the mac is written to."] + pub fn Hacl_Chacha20Poly1305_32_aead_encrypt( + k: *mut u8, + n: *mut u8, + aadlen: u32, + aad: *mut u8, + mlen: u32, + m: *mut u8, + cipher: *mut u8, + mac: *mut u8, + ); +} +extern "C" { + #[doc = "Decrypt a ciphertext `cipher` with key `k`.\n\nThe arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption.\nNote: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory.\n\nIf decryption succeeds, the resulting plaintext is stored in `m` and the function returns the success code 0.\nIf decryption fails, the array `m` remains unchanged and the function returns the error code 1.\n\n@param k Pointer to 32 bytes of memory where the AEAD key is read from.\n@param n Pointer to 12 bytes of memory where the AEAD nonce is read from.\n@param aadlen Length of the associated data.\n@param aad Pointer to `aadlen` bytes of memory where the associated data is read from.\n\n@param mlen Length of the ciphertext.\n@param m Pointer to `mlen` bytes of memory where the message is written to.\n@param cipher Pointer to `mlen` bytes of memory where the ciphertext is read from.\n@param mac Pointer to 16 bytes of memory where the mac is read from.\n\n@returns 0 on succeess; 1 on failure."] + pub fn Hacl_Chacha20Poly1305_32_aead_decrypt( + k: *mut u8, + n: *mut u8, + aadlen: u32, + aad: *mut u8, + mlen: u32, + m: *mut u8, + cipher: *mut u8, + mac: *mut u8, + ) -> u32; +} +extern "C" { + #[doc = "Compute the scalar multiple of a point.\n\n@param out Pointer to 32 bytes of memory, allocated by the caller, where the resulting point is written to.\n@param priv Pointer to 32 bytes of memory where the secret/private key is read from.\n@param pub Pointer to 32 bytes of memory where the public point is read from."] + pub fn Hacl_Curve25519_51_scalarmult(out: *mut u8, priv_: *mut u8, pub_: *mut u8); +} +extern "C" { + #[doc = "Calculate a public point from a secret/private key.\n\nThis computes a scalar multiplication of the secret/private key with the curve's basepoint.\n\n@param pub Pointer to 32 bytes of memory, allocated by the caller, where the resulting point is written to.\n@param priv Pointer to 32 bytes of memory where the secret/private key is read from."] + pub fn Hacl_Curve25519_51_secret_to_public(pub_: *mut u8, priv_: *mut u8); +} +extern "C" { + #[doc = "Execute the diffie-hellmann key exchange.\n\n@param out Pointer to 32 bytes of memory, allocated by the caller, where the resulting point is written to.\n@param priv Pointer to 32 bytes of memory where **our** secret/private key is read from.\n@param pub Pointer to 32 bytes of memory where **their** public point is read from."] + pub fn Hacl_Curve25519_51_ecdh(out: *mut u8, priv_: *mut u8, pub_: *mut u8) -> bool; +} pub type Spec_Hash_Definitions_hash_alg = u8; pub type Hacl_Streaming_Types_error_code = u8; #[repr(C)] @@ -41,6 +80,120 @@ pub type Hacl_Streaming_SHA2_state_sha2_224 = Hacl_Streaming_MD_state_32; pub type Hacl_Streaming_SHA2_state_sha2_256 = Hacl_Streaming_MD_state_32; pub type Hacl_Streaming_SHA2_state_sha2_384 = Hacl_Streaming_MD_state_64; pub type Hacl_Streaming_SHA2_state_sha2_512 = Hacl_Streaming_MD_state_64; +extern "C" { + #[doc = "Allocate initial state for the SHA2_256 hash. The state is to be freed by\ncalling `free_256`."] + pub fn Hacl_Streaming_SHA2_create_in_256() -> *mut Hacl_Streaming_MD_state_32; +} +extern "C" { + #[doc = "Copies the state passed as argument into a newly allocated state (deep copy).\nThe state is to be freed by calling `free_256`. Cloning the state this way is\nuseful, for instance, if your control-flow diverges and you need to feed\nmore (different) data into the hash in each branch."] + pub fn Hacl_Streaming_SHA2_copy_256( + s0: *mut Hacl_Streaming_MD_state_32, + ) -> *mut Hacl_Streaming_MD_state_32; +} +extern "C" { + #[doc = "Reset an existing state to the initial hash state with empty data."] + pub fn Hacl_Streaming_SHA2_init_256(s: *mut Hacl_Streaming_MD_state_32); +} +extern "C" { + #[doc = "Feed an arbitrary amount of data into the hash. This function returns 0 for\nsuccess, or 1 if the combined length of all of the data passed to `update_256`\n(since the last call to `init_256`) exceeds 2^61-1 bytes.\n\nThis function is identical to the update function for SHA2_224."] + pub fn Hacl_Streaming_SHA2_update_256( + p: *mut Hacl_Streaming_MD_state_32, + input: *mut u8, + input_len: u32, + ) -> Hacl_Streaming_Types_error_code; +} +extern "C" { + #[doc = "Write the resulting hash into `dst`, an array of 32 bytes. The state remains\nvalid after a call to `finish_256`, meaning the user may feed more data into\nthe hash via `update_256`. (The finish_256 function operates on an internal copy of\nthe state and therefore does not invalidate the client-held state `p`.)"] + pub fn Hacl_Streaming_SHA2_finish_256(p: *mut Hacl_Streaming_MD_state_32, dst: *mut u8); +} +extern "C" { + #[doc = "Free a state allocated with `create_in_256`.\n\nThis function is identical to the free function for SHA2_224."] + pub fn Hacl_Streaming_SHA2_free_256(s: *mut Hacl_Streaming_MD_state_32); +} +extern "C" { + #[doc = "Hash `input`, of len `input_len`, into `dst`, an array of 32 bytes."] + pub fn Hacl_Streaming_SHA2_hash_256(input: *mut u8, input_len: u32, dst: *mut u8); +} +extern "C" { + pub fn Hacl_Streaming_SHA2_create_in_224() -> *mut Hacl_Streaming_MD_state_32; +} +extern "C" { + pub fn Hacl_Streaming_SHA2_init_224(s: *mut Hacl_Streaming_MD_state_32); +} +extern "C" { + pub fn Hacl_Streaming_SHA2_update_224( + p: *mut Hacl_Streaming_MD_state_32, + input: *mut u8, + input_len: u32, + ) -> Hacl_Streaming_Types_error_code; +} +extern "C" { + #[doc = "Write the resulting hash into `dst`, an array of 28 bytes. The state remains\nvalid after a call to `finish_224`, meaning the user may feed more data into\nthe hash via `update_224`."] + pub fn Hacl_Streaming_SHA2_finish_224(p: *mut Hacl_Streaming_MD_state_32, dst: *mut u8); +} +extern "C" { + pub fn Hacl_Streaming_SHA2_free_224(p: *mut Hacl_Streaming_MD_state_32); +} +extern "C" { + #[doc = "Hash `input`, of len `input_len`, into `dst`, an array of 28 bytes."] + pub fn Hacl_Streaming_SHA2_hash_224(input: *mut u8, input_len: u32, dst: *mut u8); +} +extern "C" { + pub fn Hacl_Streaming_SHA2_create_in_512() -> *mut Hacl_Streaming_MD_state_64; +} +extern "C" { + #[doc = "Copies the state passed as argument into a newly allocated state (deep copy).\nThe state is to be freed by calling `free_512`. Cloning the state this way is\nuseful, for instance, if your control-flow diverges and you need to feed\nmore (different) data into the hash in each branch."] + pub fn Hacl_Streaming_SHA2_copy_512( + s0: *mut Hacl_Streaming_MD_state_64, + ) -> *mut Hacl_Streaming_MD_state_64; +} +extern "C" { + pub fn Hacl_Streaming_SHA2_init_512(s: *mut Hacl_Streaming_MD_state_64); +} +extern "C" { + #[doc = "Feed an arbitrary amount of data into the hash. This function returns 0 for\nsuccess, or 1 if the combined length of all of the data passed to `update_512`\n(since the last call to `init_512`) exceeds 2^125-1 bytes.\n\nThis function is identical to the update function for SHA2_384."] + pub fn Hacl_Streaming_SHA2_update_512( + p: *mut Hacl_Streaming_MD_state_64, + input: *mut u8, + input_len: u32, + ) -> Hacl_Streaming_Types_error_code; +} +extern "C" { + #[doc = "Write the resulting hash into `dst`, an array of 64 bytes. The state remains\nvalid after a call to `finish_512`, meaning the user may feed more data into\nthe hash via `update_512`. (The finish_512 function operates on an internal copy of\nthe state and therefore does not invalidate the client-held state `p`.)"] + pub fn Hacl_Streaming_SHA2_finish_512(p: *mut Hacl_Streaming_MD_state_64, dst: *mut u8); +} +extern "C" { + #[doc = "Free a state allocated with `create_in_512`.\n\nThis function is identical to the free function for SHA2_384."] + pub fn Hacl_Streaming_SHA2_free_512(s: *mut Hacl_Streaming_MD_state_64); +} +extern "C" { + #[doc = "Hash `input`, of len `input_len`, into `dst`, an array of 64 bytes."] + pub fn Hacl_Streaming_SHA2_hash_512(input: *mut u8, input_len: u32, dst: *mut u8); +} +extern "C" { + pub fn Hacl_Streaming_SHA2_create_in_384() -> *mut Hacl_Streaming_MD_state_64; +} +extern "C" { + pub fn Hacl_Streaming_SHA2_init_384(s: *mut Hacl_Streaming_MD_state_64); +} +extern "C" { + pub fn Hacl_Streaming_SHA2_update_384( + p: *mut Hacl_Streaming_MD_state_64, + input: *mut u8, + input_len: u32, + ) -> Hacl_Streaming_Types_error_code; +} +extern "C" { + #[doc = "Write the resulting hash into `dst`, an array of 48 bytes. The state remains\nvalid after a call to `finish_384`, meaning the user may feed more data into\nthe hash via `update_384`."] + pub fn Hacl_Streaming_SHA2_finish_384(p: *mut Hacl_Streaming_MD_state_64, dst: *mut u8); +} +extern "C" { + pub fn Hacl_Streaming_SHA2_free_384(p: *mut Hacl_Streaming_MD_state_64); +} +extern "C" { + #[doc = "Hash `input`, of len `input_len`, into `dst`, an array of 48 bytes."] + pub fn Hacl_Streaming_SHA2_hash_384(input: *mut u8, input_len: u32, dst: *mut u8); +} #[repr(C)] #[derive(Debug, Copy, Clone)] pub struct Hacl_Streaming_Keccak_hash_buf_s { @@ -56,7 +209,227 @@ pub struct Hacl_Streaming_Keccak_state_s { pub total_len: u64, } pub type Hacl_Streaming_Keccak_state = Hacl_Streaming_Keccak_state_s; +extern "C" { + pub fn Hacl_Streaming_Keccak_get_alg( + s: *mut Hacl_Streaming_Keccak_state, + ) -> Spec_Hash_Definitions_hash_alg; +} +extern "C" { + pub fn Hacl_Streaming_Keccak_malloc( + a: Spec_Hash_Definitions_hash_alg, + ) -> *mut Hacl_Streaming_Keccak_state; +} +extern "C" { + pub fn Hacl_Streaming_Keccak_free(s: *mut Hacl_Streaming_Keccak_state); +} +extern "C" { + pub fn Hacl_Streaming_Keccak_copy( + s0: *mut Hacl_Streaming_Keccak_state, + ) -> *mut Hacl_Streaming_Keccak_state; +} +extern "C" { + pub fn Hacl_Streaming_Keccak_reset(s: *mut Hacl_Streaming_Keccak_state); +} +extern "C" { + pub fn Hacl_Streaming_Keccak_update( + p: *mut Hacl_Streaming_Keccak_state, + data: *mut u8, + len: u32, + ) -> Hacl_Streaming_Types_error_code; +} +extern "C" { + pub fn Hacl_Streaming_Keccak_finish( + s: *mut Hacl_Streaming_Keccak_state, + dst: *mut u8, + ) -> Hacl_Streaming_Types_error_code; +} +extern "C" { + pub fn Hacl_Streaming_Keccak_squeeze( + s: *mut Hacl_Streaming_Keccak_state, + dst: *mut u8, + l: u32, + ) -> Hacl_Streaming_Types_error_code; +} +extern "C" { + pub fn Hacl_Streaming_Keccak_block_len(s: *mut Hacl_Streaming_Keccak_state) -> u32; +} +extern "C" { + pub fn Hacl_Streaming_Keccak_hash_len(s: *mut Hacl_Streaming_Keccak_state) -> u32; +} +extern "C" { + pub fn Hacl_Streaming_Keccak_is_shake(s: *mut Hacl_Streaming_Keccak_state) -> bool; +} +extern "C" { + pub fn Hacl_SHA3_shake128_hacl( + inputByteLen: u32, + input: *mut u8, + outputByteLen: u32, + output: *mut u8, + ); +} +extern "C" { + pub fn Hacl_SHA3_shake256_hacl( + inputByteLen: u32, + input: *mut u8, + outputByteLen: u32, + output: *mut u8, + ); +} +extern "C" { + pub fn Hacl_SHA3_sha3_224(inputByteLen: u32, input: *mut u8, output: *mut u8); +} +extern "C" { + pub fn Hacl_SHA3_sha3_256(inputByteLen: u32, input: *mut u8, output: *mut u8); +} +extern "C" { + pub fn Hacl_SHA3_sha3_384(inputByteLen: u32, input: *mut u8, output: *mut u8); +} +extern "C" { + pub fn Hacl_SHA3_sha3_512(inputByteLen: u32, input: *mut u8, output: *mut u8); +} +extern "C" { + pub fn Hacl_Blake2b_32_blake2b_init(hash: *mut u64, kk: u32, nn: u32); +} +extern "C" { + pub fn Hacl_Blake2b_32_blake2b_update_key( + wv: *mut u64, + hash: *mut u64, + kk: u32, + k: *mut u8, + ll: u32, + ); +} +extern "C" { + pub fn Hacl_Blake2b_32_blake2b_finish(nn: u32, output: *mut u8, hash: *mut u64); +} +extern "C" { + #[doc = "Write the BLAKE2b digest of message `d` using key `k` into `output`.\n\n@param nn Length of the to-be-generated digest with 1 <= `nn` <= 64.\n@param output Pointer to `nn` bytes of memory where the digest is written to.\n@param ll Length of the input message.\n@param d Pointer to `ll` bytes of memory where the input message is read from.\n@param kk Length of the key. Can be 0.\n@param k Pointer to `kk` bytes of memory where the key is read from."] + pub fn Hacl_Blake2b_32_blake2b( + nn: u32, + output: *mut u8, + ll: u32, + d: *mut u8, + kk: u32, + k: *mut u8, + ); +} +extern "C" { + pub fn Hacl_Blake2b_32_blake2b_malloc() -> *mut u64; +} +extern "C" { + pub fn Hacl_Blake2s_32_blake2s_init(hash: *mut u32, kk: u32, nn: u32); +} +extern "C" { + pub fn Hacl_Blake2s_32_blake2s_update_key( + wv: *mut u32, + hash: *mut u32, + kk: u32, + k: *mut u8, + ll: u32, + ); +} +extern "C" { + pub fn Hacl_Blake2s_32_blake2s_update_multi( + len: u32, + wv: *mut u32, + hash: *mut u32, + prev: u64, + blocks: *mut u8, + nb: u32, + ); +} +extern "C" { + pub fn Hacl_Blake2s_32_blake2s_update_last( + len: u32, + wv: *mut u32, + hash: *mut u32, + prev: u64, + rem: u32, + d: *mut u8, + ); +} +extern "C" { + pub fn Hacl_Blake2s_32_blake2s_finish(nn: u32, output: *mut u8, hash: *mut u32); +} +extern "C" { + #[doc = "Write the BLAKE2s digest of message `d` using key `k` into `output`.\n\n@param nn Length of to-be-generated digest with 1 <= `nn` <= 32.\n@param output Pointer to `nn` bytes of memory where the digest is written to.\n@param ll Length of the input message.\n@param d Pointer to `ll` bytes of memory where the input message is read from.\n@param kk Length of the key. Can be 0.\n@param k Pointer to `kk` bytes of memory where the key is read from."] + pub fn Hacl_Blake2s_32_blake2s( + nn: u32, + output: *mut u8, + ll: u32, + d: *mut u8, + kk: u32, + k: *mut u8, + ); +} +extern "C" { + pub fn Hacl_Blake2s_32_blake2s_malloc() -> *mut u32; +} +extern "C" { + #[doc = "Write the HMAC-SHA-1 MAC of a message (`data`) by using a key (`key`) into `dst`.\n\nThe key can be any length and will be hashed if it is longer and padded if it is shorter than 64 byte.\n`dst` must point to 20 bytes of memory."] + pub fn Hacl_HMAC_legacy_compute_sha1( + dst: *mut u8, + key: *mut u8, + key_len: u32, + data: *mut u8, + data_len: u32, + ); +} +extern "C" { + #[doc = "Write the HMAC-SHA-2-256 MAC of a message (`data`) by using a key (`key`) into `dst`.\n\nThe key can be any length and will be hashed if it is longer and padded if it is shorter than 64 bytes.\n`dst` must point to 32 bytes of memory."] + pub fn Hacl_HMAC_compute_sha2_256( + dst: *mut u8, + key: *mut u8, + key_len: u32, + data: *mut u8, + data_len: u32, + ); +} +extern "C" { + #[doc = "Write the HMAC-SHA-2-384 MAC of a message (`data`) by using a key (`key`) into `dst`.\n\nThe key can be any length and will be hashed if it is longer and padded if it is shorter than 128 bytes.\n`dst` must point to 48 bytes of memory."] + pub fn Hacl_HMAC_compute_sha2_384( + dst: *mut u8, + key: *mut u8, + key_len: u32, + data: *mut u8, + data_len: u32, + ); +} +extern "C" { + #[doc = "Write the HMAC-SHA-2-512 MAC of a message (`data`) by using a key (`key`) into `dst`.\n\nThe key can be any length and will be hashed if it is longer and padded if it is shorter than 128 bytes.\n`dst` must point to 64 bytes of memory."] + pub fn Hacl_HMAC_compute_sha2_512( + dst: *mut u8, + key: *mut u8, + key_len: u32, + data: *mut u8, + data_len: u32, + ); +} +extern "C" { + #[doc = "Write the HMAC-BLAKE2s MAC of a message (`data`) by using a key (`key`) into `dst`.\n\nThe key can be any length and will be hashed if it is longer and padded if it is shorter than 64 bytes.\n`dst` must point to 32 bytes of memory."] + pub fn Hacl_HMAC_compute_blake2s_32( + dst: *mut u8, + key: *mut u8, + key_len: u32, + data: *mut u8, + data_len: u32, + ); +} +extern "C" { + #[doc = "Write the HMAC-BLAKE2b MAC of a message (`data`) by using a key (`key`) into `dst`.\n\nThe key can be any length and will be hashed if it is longer and padded if it is shorter than 128 bytes.\n`dst` must point to 64 bytes of memory."] + pub fn Hacl_HMAC_compute_blake2b_32( + dst: *mut u8, + key: *mut u8, + key_len: u32, + data: *mut u8, + data_len: u32, + ); +} pub type Hacl_HMAC_DRBG_supported_alg = Spec_Hash_Definitions_hash_alg; +extern "C" { + #[doc = "Return the minimal entropy input length of the desired hash function.\n\n@param a Hash algorithm to use."] + pub fn Hacl_HMAC_DRBG_min_length(a: Spec_Hash_Definitions_hash_alg) -> u32; +} #[repr(C)] #[derive(Debug, Copy, Clone)] pub struct Hacl_HMAC_DRBG_state_s { @@ -65,3 +438,399 @@ pub struct Hacl_HMAC_DRBG_state_s { pub reseed_counter: *mut u32, } pub type Hacl_HMAC_DRBG_state = Hacl_HMAC_DRBG_state_s; +extern "C" { + pub fn Hacl_HMAC_DRBG_uu___is_State( + a: Spec_Hash_Definitions_hash_alg, + projectee: Hacl_HMAC_DRBG_state, + ) -> bool; +} +extern "C" { + #[doc = "Create a DRBG state.\n\n@param a Hash algorithm to use. The possible instantiations are ...\n `Spec_Hash_Definitions_SHA2_256`,\n `Spec_Hash_Definitions_SHA2_384`,\n `Spec_Hash_Definitions_SHA2_512`, and\n `Spec_Hash_Definitions_SHA1`."] + pub fn Hacl_HMAC_DRBG_create_in(a: Spec_Hash_Definitions_hash_alg) -> Hacl_HMAC_DRBG_state; +} +extern "C" { + #[doc = "Instantiate the DRBG.\n\n@param a Hash algorithm to use. (Value must match the value used in `Hacl_HMAC_DRBG_create_in`.)\n@param st Pointer to DRBG state.\n@param entropy_input_len Length of entropy input.\n@param entropy_input Pointer to `entropy_input_len` bytes of memory where entropy input is read from.\n@param nonce_len Length of nonce.\n@param nonce Pointer to `nonce_len` bytes of memory where nonce is read from.\n@param personalization_string_len length of personalization string.\n@param personalization_string Pointer to `personalization_string_len` bytes of memory where personalization string is read from."] + pub fn Hacl_HMAC_DRBG_instantiate( + a: Spec_Hash_Definitions_hash_alg, + st: Hacl_HMAC_DRBG_state, + entropy_input_len: u32, + entropy_input: *mut u8, + nonce_len: u32, + nonce: *mut u8, + personalization_string_len: u32, + personalization_string: *mut u8, + ); +} +extern "C" { + #[doc = "Reseed the DRBG.\n\n@param a Hash algorithm to use. (Value must match the value used in `Hacl_HMAC_DRBG_create_in`.)\n@param st Pointer to DRBG state.\n@param entropy_input_len Length of entropy input.\n@param entropy_input Pointer to `entropy_input_len` bytes of memory where entropy input is read from.\n@param additional_input_input_len Length of additional input.\n@param additional_input_input Pointer to `additional_input_input_len` bytes of memory where additional input is read from."] + pub fn Hacl_HMAC_DRBG_reseed( + a: Spec_Hash_Definitions_hash_alg, + st: Hacl_HMAC_DRBG_state, + entropy_input_len: u32, + entropy_input: *mut u8, + additional_input_input_len: u32, + additional_input_input: *mut u8, + ); +} +extern "C" { + #[doc = "Generate output.\n\n@param a Hash algorithm to use. (Value must match the value used in `create_in`.)\n@param output Pointer to `n` bytes of memory where random output is written to.\n@param st Pointer to DRBG state.\n@param n Length of desired output.\n@param additional_input_input_len Length of additional input.\n@param additional_input_input Pointer to `additional_input_input_len` bytes of memory where additional input is read from."] + pub fn Hacl_HMAC_DRBG_generate( + a: Spec_Hash_Definitions_hash_alg, + output: *mut u8, + st: Hacl_HMAC_DRBG_state, + n: u32, + additional_input_len: u32, + additional_input: *mut u8, + ) -> bool; +} +extern "C" { + pub fn Hacl_HMAC_DRBG_free(uu___: Spec_Hash_Definitions_hash_alg, s: Hacl_HMAC_DRBG_state); +} +extern "C" { + #[doc = "Compute the public key from the private key.\n\nThe outparam `public_key` points to 32 bytes of valid memory, i.e., uint8_t[32].\nThe argument `private_key` points to 32 bytes of valid memory, i.e., uint8_t[32]."] + pub fn Hacl_Ed25519_secret_to_public(public_key: *mut u8, private_key: *mut u8); +} +extern "C" { + #[doc = "Compute the expanded keys for an Ed25519 signature.\n\nThe outparam `expanded_keys` points to 96 bytes of valid memory, i.e., uint8_t[96].\nThe argument `private_key` points to 32 bytes of valid memory, i.e., uint8_t[32].\n\nIf one needs to sign several messages under the same private key, it is more efficient\nto call `expand_keys` only once and `sign_expanded` multiple times, for each message."] + pub fn Hacl_Ed25519_expand_keys(expanded_keys: *mut u8, private_key: *mut u8); +} +extern "C" { + #[doc = "Create an Ed25519 signature with the (precomputed) expanded keys.\n\nThe outparam `signature` points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe argument `expanded_keys` points to 96 bytes of valid memory, i.e., uint8_t[96].\nThe argument `msg` points to `msg_len` bytes of valid memory, i.e., uint8_t[msg_len].\n\nThe argument `expanded_keys` is obtained through `expand_keys`.\n\nIf one needs to sign several messages under the same private key, it is more efficient\nto call `expand_keys` only once and `sign_expanded` multiple times, for each message."] + pub fn Hacl_Ed25519_sign_expanded( + signature: *mut u8, + expanded_keys: *mut u8, + msg_len: u32, + msg: *mut u8, + ); +} +extern "C" { + #[doc = "Create an Ed25519 signature.\n\nThe outparam `signature` points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe argument `private_key` points to 32 bytes of valid memory, i.e., uint8_t[32].\nThe argument `msg` points to `msg_len` bytes of valid memory, i.e., uint8_t[msg_len].\n\nThe function first calls `expand_keys` and then invokes `sign_expanded`.\n\nIf one needs to sign several messages under the same private key, it is more efficient\nto call `expand_keys` only once and `sign_expanded` multiple times, for each message."] + pub fn Hacl_Ed25519_sign(signature: *mut u8, private_key: *mut u8, msg_len: u32, msg: *mut u8); +} +extern "C" { + #[doc = "Verify an Ed25519 signature.\n\nThe function returns `true` if the signature is valid and `false` otherwise.\n\nThe argument `public_key` points to 32 bytes of valid memory, i.e., uint8_t[32].\nThe argument `msg` points to `msg_len` bytes of valid memory, i.e., uint8_t[msg_len].\nThe argument `signature` points to 64 bytes of valid memory, i.e., uint8_t[64]."] + pub fn Hacl_Ed25519_verify( + public_key: *mut u8, + msg_len: u32, + msg: *mut u8, + signature: *mut u8, + ) -> bool; +} +extern "C" { + #[doc = "Expand pseudorandom key to desired length.\n\n@param okm Pointer to `len` bytes of memory where output keying material is written to.\n@param prk Pointer to at least `HashLen` bytes of memory where pseudorandom key is read from. Usually, this points to the output from the extract step.\n@param prklen Length of pseudorandom key.\n@param info Pointer to `infolen` bytes of memory where context and application specific information is read from. Can be a zero-length string.\n@param infolen Length of context and application specific information.\n@param len Length of output keying material."] + pub fn Hacl_HKDF_expand_sha2_256( + okm: *mut u8, + prk: *mut u8, + prklen: u32, + info: *mut u8, + infolen: u32, + len: u32, + ); +} +extern "C" { + #[doc = "Extract a fixed-length pseudorandom key from input keying material.\n\n@param prk Pointer to `HashLen` bytes of memory where pseudorandom key is written to.\n@param salt Pointer to `saltlen` bytes of memory where salt value is read from.\n@param saltlen Length of salt value.\n@param ikm Pointer to `ikmlen` bytes of memory where input keying material is read from.\n@param ikmlen Length of input keying material."] + pub fn Hacl_HKDF_extract_sha2_256( + prk: *mut u8, + salt: *mut u8, + saltlen: u32, + ikm: *mut u8, + ikmlen: u32, + ); +} +extern "C" { + #[doc = "Expand pseudorandom key to desired length.\n\n@param okm Pointer to `len` bytes of memory where output keying material is written to.\n@param prk Pointer to at least `HashLen` bytes of memory where pseudorandom key is read from. Usually, this points to the output from the extract step.\n@param prklen Length of pseudorandom key.\n@param info Pointer to `infolen` bytes of memory where context and application specific information is read from. Can be a zero-length string.\n@param infolen Length of context and application specific information.\n@param len Length of output keying material."] + pub fn Hacl_HKDF_expand_sha2_384( + okm: *mut u8, + prk: *mut u8, + prklen: u32, + info: *mut u8, + infolen: u32, + len: u32, + ); +} +extern "C" { + #[doc = "Extract a fixed-length pseudorandom key from input keying material.\n\n@param prk Pointer to `HashLen` bytes of memory where pseudorandom key is written to.\n@param salt Pointer to `saltlen` bytes of memory where salt value is read from.\n@param saltlen Length of salt value.\n@param ikm Pointer to `ikmlen` bytes of memory where input keying material is read from.\n@param ikmlen Length of input keying material."] + pub fn Hacl_HKDF_extract_sha2_384( + prk: *mut u8, + salt: *mut u8, + saltlen: u32, + ikm: *mut u8, + ikmlen: u32, + ); +} +extern "C" { + #[doc = "Expand pseudorandom key to desired length.\n\n@param okm Pointer to `len` bytes of memory where output keying material is written to.\n@param prk Pointer to at least `HashLen` bytes of memory where pseudorandom key is read from. Usually, this points to the output from the extract step.\n@param prklen Length of pseudorandom key.\n@param info Pointer to `infolen` bytes of memory where context and application specific information is read from. Can be a zero-length string.\n@param infolen Length of context and application specific information.\n@param len Length of output keying material."] + pub fn Hacl_HKDF_expand_sha2_512( + okm: *mut u8, + prk: *mut u8, + prklen: u32, + info: *mut u8, + infolen: u32, + len: u32, + ); +} +extern "C" { + #[doc = "Extract a fixed-length pseudorandom key from input keying material.\n\n@param prk Pointer to `HashLen` bytes of memory where pseudorandom key is written to.\n@param salt Pointer to `saltlen` bytes of memory where salt value is read from.\n@param saltlen Length of salt value.\n@param ikm Pointer to `ikmlen` bytes of memory where input keying material is read from.\n@param ikmlen Length of input keying material."] + pub fn Hacl_HKDF_extract_sha2_512( + prk: *mut u8, + salt: *mut u8, + saltlen: u32, + ikm: *mut u8, + ikmlen: u32, + ); +} +extern "C" { + #[doc = "Expand pseudorandom key to desired length.\n\n@param okm Pointer to `len` bytes of memory where output keying material is written to.\n@param prk Pointer to at least `HashLen` bytes of memory where pseudorandom key is read from. Usually, this points to the output from the extract step.\n@param prklen Length of pseudorandom key.\n@param info Pointer to `infolen` bytes of memory where context and application specific information is read from. Can be a zero-length string.\n@param infolen Length of context and application specific information.\n@param len Length of output keying material."] + pub fn Hacl_HKDF_expand_blake2s_32( + okm: *mut u8, + prk: *mut u8, + prklen: u32, + info: *mut u8, + infolen: u32, + len: u32, + ); +} +extern "C" { + #[doc = "Extract a fixed-length pseudorandom key from input keying material.\n\n@param prk Pointer to `HashLen` bytes of memory where pseudorandom key is written to.\n@param salt Pointer to `saltlen` bytes of memory where salt value is read from.\n@param saltlen Length of salt value.\n@param ikm Pointer to `ikmlen` bytes of memory where input keying material is read from.\n@param ikmlen Length of input keying material."] + pub fn Hacl_HKDF_extract_blake2s_32( + prk: *mut u8, + salt: *mut u8, + saltlen: u32, + ikm: *mut u8, + ikmlen: u32, + ); +} +extern "C" { + #[doc = "Expand pseudorandom key to desired length.\n\n@param okm Pointer to `len` bytes of memory where output keying material is written to.\n@param prk Pointer to at least `HashLen` bytes of memory where pseudorandom key is read from. Usually, this points to the output from the extract step.\n@param prklen Length of pseudorandom key.\n@param info Pointer to `infolen` bytes of memory where context and application specific information is read from. Can be a zero-length string.\n@param infolen Length of context and application specific information.\n@param len Length of output keying material."] + pub fn Hacl_HKDF_expand_blake2b_32( + okm: *mut u8, + prk: *mut u8, + prklen: u32, + info: *mut u8, + infolen: u32, + len: u32, + ); +} +extern "C" { + #[doc = "Extract a fixed-length pseudorandom key from input keying material.\n\n@param prk Pointer to `HashLen` bytes of memory where pseudorandom key is written to.\n@param salt Pointer to `saltlen` bytes of memory where salt value is read from.\n@param saltlen Length of salt value.\n@param ikm Pointer to `ikmlen` bytes of memory where input keying material is read from.\n@param ikmlen Length of input keying material."] + pub fn Hacl_HKDF_extract_blake2b_32( + prk: *mut u8, + salt: *mut u8, + saltlen: u32, + ikm: *mut u8, + ikmlen: u32, + ); +} +extern "C" { + #[doc = "Create an ECDSA signature using SHA2-256.\n\nThe function returns `true` for successful creation of an ECDSA signature and `false` otherwise.\n\nThe outparam `signature` (R || S) points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe argument `msg` points to `msg_len` bytes of valid memory, i.e., uint8_t[msg_len].\nThe arguments `private_key` and `nonce` point to 32 bytes of valid memory, i.e., uint8_t[32].\n\nThe function also checks whether `private_key` and `nonce` are valid:\n• 0 < `private_key` < the order of the curve\n• 0 < `nonce` < the order of the curve"] + pub fn Hacl_P256_ecdsa_sign_p256_sha2( + signature: *mut u8, + msg_len: u32, + msg: *mut u8, + private_key: *mut u8, + nonce: *mut u8, + ) -> bool; +} +extern "C" { + #[doc = "Create an ECDSA signature using SHA2-384.\n\nThe function returns `true` for successful creation of an ECDSA signature and `false` otherwise.\n\nThe outparam `signature` (R || S) points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe argument `msg` points to `msg_len` bytes of valid memory, i.e., uint8_t[msg_len].\nThe arguments `private_key` and `nonce` point to 32 bytes of valid memory, i.e., uint8_t[32].\n\nThe function also checks whether `private_key` and `nonce` are valid:\n• 0 < `private_key` < the order of the curve\n• 0 < `nonce` < the order of the curve"] + pub fn Hacl_P256_ecdsa_sign_p256_sha384( + signature: *mut u8, + msg_len: u32, + msg: *mut u8, + private_key: *mut u8, + nonce: *mut u8, + ) -> bool; +} +extern "C" { + #[doc = "Create an ECDSA signature using SHA2-512.\n\nThe function returns `true` for successful creation of an ECDSA signature and `false` otherwise.\n\nThe outparam `signature` (R || S) points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe argument `msg` points to `msg_len` bytes of valid memory, i.e., uint8_t[msg_len].\nThe arguments `private_key` and `nonce` point to 32 bytes of valid memory, i.e., uint8_t[32].\n\nThe function also checks whether `private_key` and `nonce` are valid:\n• 0 < `private_key` < the order of the curve\n• 0 < `nonce` < the order of the curve"] + pub fn Hacl_P256_ecdsa_sign_p256_sha512( + signature: *mut u8, + msg_len: u32, + msg: *mut u8, + private_key: *mut u8, + nonce: *mut u8, + ) -> bool; +} +extern "C" { + #[doc = "Create an ECDSA signature WITHOUT hashing first.\n\nThis function is intended to receive a hash of the input.\nFor convenience, we recommend using one of the hash-and-sign combined functions above.\n\nThe argument `msg` MUST be at least 32 bytes (i.e. `msg_len >= 32`).\n\nNOTE: The equivalent functions in OpenSSL and Fiat-Crypto both accept inputs\nsmaller than 32 bytes. These libraries left-pad the input with enough zeroes to\nreach the minimum 32 byte size. Clients who need behavior identical to OpenSSL\nneed to perform the left-padding themselves.\n\nThe function returns `true` for successful creation of an ECDSA signature and `false` otherwise.\n\nThe outparam `signature` (R || S) points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe argument `msg` points to `msg_len` bytes of valid memory, i.e., uint8_t[msg_len].\nThe arguments `private_key` and `nonce` point to 32 bytes of valid memory, i.e., uint8_t[32].\n\nThe function also checks whether `private_key` and `nonce` are valid values:\n• 0 < `private_key` < the order of the curve\n• 0 < `nonce` < the order of the curve"] + pub fn Hacl_P256_ecdsa_sign_p256_without_hash( + signature: *mut u8, + msg_len: u32, + msg: *mut u8, + private_key: *mut u8, + nonce: *mut u8, + ) -> bool; +} +extern "C" { + #[doc = "Verify an ECDSA signature using SHA2-256.\n\nThe function returns `true` if the signature is valid and `false` otherwise.\n\nThe argument `msg` points to `msg_len` bytes of valid memory, i.e., uint8_t[msg_len].\nThe argument `public_key` (x || y) points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe arguments `signature_r` and `signature_s` point to 32 bytes of valid memory, i.e., uint8_t[32].\n\nThe function also checks whether `public_key` is valid"] + pub fn Hacl_P256_ecdsa_verif_p256_sha2( + msg_len: u32, + msg: *mut u8, + public_key: *mut u8, + signature_r: *mut u8, + signature_s: *mut u8, + ) -> bool; +} +extern "C" { + #[doc = "Verify an ECDSA signature using SHA2-384.\n\nThe function returns `true` if the signature is valid and `false` otherwise.\n\nThe argument `msg` points to `msg_len` bytes of valid memory, i.e., uint8_t[msg_len].\nThe argument `public_key` (x || y) points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe arguments `signature_r` and `signature_s` point to 32 bytes of valid memory, i.e., uint8_t[32].\n\nThe function also checks whether `public_key` is valid"] + pub fn Hacl_P256_ecdsa_verif_p256_sha384( + msg_len: u32, + msg: *mut u8, + public_key: *mut u8, + signature_r: *mut u8, + signature_s: *mut u8, + ) -> bool; +} +extern "C" { + #[doc = "Verify an ECDSA signature using SHA2-512.\n\nThe function returns `true` if the signature is valid and `false` otherwise.\n\nThe argument `msg` points to `msg_len` bytes of valid memory, i.e., uint8_t[msg_len].\nThe argument `public_key` (x || y) points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe arguments `signature_r` and `signature_s` point to 32 bytes of valid memory, i.e., uint8_t[32].\n\nThe function also checks whether `public_key` is valid"] + pub fn Hacl_P256_ecdsa_verif_p256_sha512( + msg_len: u32, + msg: *mut u8, + public_key: *mut u8, + signature_r: *mut u8, + signature_s: *mut u8, + ) -> bool; +} +extern "C" { + #[doc = "Verify an ECDSA signature WITHOUT hashing first.\n\nThis function is intended to receive a hash of the input.\nFor convenience, we recommend using one of the hash-and-verify combined functions above.\n\nThe argument `msg` MUST be at least 32 bytes (i.e. `msg_len >= 32`).\n\nThe function returns `true` if the signature is valid and `false` otherwise.\n\nThe argument `msg` points to `msg_len` bytes of valid memory, i.e., uint8_t[msg_len].\nThe argument `public_key` (x || y) points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe arguments `signature_r` and `signature_s` point to 32 bytes of valid memory, i.e., uint8_t[32].\n\nThe function also checks whether `public_key` is valid"] + pub fn Hacl_P256_ecdsa_verif_without_hash( + msg_len: u32, + msg: *mut u8, + public_key: *mut u8, + signature_r: *mut u8, + signature_s: *mut u8, + ) -> bool; +} +extern "C" { + #[doc = "Public key validation.\n\nThe function returns `true` if a public key is valid and `false` otherwise.\n\nThe argument `public_key` points to 64 bytes of valid memory, i.e., uint8_t[64].\n\nThe public key (x || y) is valid (with respect to SP 800-56A):\n• the public key is not the “point at infinity”, represented as O.\n• the affine x and y coordinates of the point represented by the public key are\nin the range [0, p – 1] where p is the prime defining the finite field.\n• y^2 = x^3 + ax + b where a and b are the coefficients of the curve equation.\nThe last extract is taken from: https://neilmadden.blog/2017/05/17/so-how-do-you-validate-nist-ecdh-public-keys/"] + pub fn Hacl_P256_validate_public_key(public_key: *mut u8) -> bool; +} +extern "C" { + #[doc = "Private key validation.\n\nThe function returns `true` if a private key is valid and `false` otherwise.\n\nThe argument `private_key` points to 32 bytes of valid memory, i.e., uint8_t[32].\n\nThe private key is valid:\n• 0 < `private_key` < the order of the curve"] + pub fn Hacl_P256_validate_private_key(private_key: *mut u8) -> bool; +} +extern "C" { + #[doc = "Convert a public key from uncompressed to its raw form.\n\nThe function returns `true` for successful conversion of a public key and `false` otherwise.\n\nThe outparam `pk_raw` points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe argument `pk` points to 65 bytes of valid memory, i.e., uint8_t[65].\n\nThe function DOESN'T check whether (x, y) is a valid point."] + pub fn Hacl_P256_uncompressed_to_raw(pk: *mut u8, pk_raw: *mut u8) -> bool; +} +extern "C" { + #[doc = "Convert a public key from compressed to its raw form.\n\nThe function returns `true` for successful conversion of a public key and `false` otherwise.\n\nThe outparam `pk_raw` points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe argument `pk` points to 33 bytes of valid memory, i.e., uint8_t[33].\n\nThe function also checks whether (x, y) is a valid point."] + pub fn Hacl_P256_compressed_to_raw(pk: *mut u8, pk_raw: *mut u8) -> bool; +} +extern "C" { + #[doc = "Convert a public key from raw to its uncompressed form.\n\nThe outparam `pk` points to 65 bytes of valid memory, i.e., uint8_t[65].\nThe argument `pk_raw` points to 64 bytes of valid memory, i.e., uint8_t[64].\n\nThe function DOESN'T check whether (x, y) is a valid point."] + pub fn Hacl_P256_raw_to_uncompressed(pk_raw: *mut u8, pk: *mut u8); +} +extern "C" { + #[doc = "Convert a public key from raw to its compressed form.\n\nThe outparam `pk` points to 33 bytes of valid memory, i.e., uint8_t[33].\nThe argument `pk_raw` points to 64 bytes of valid memory, i.e., uint8_t[64].\n\nThe function DOESN'T check whether (x, y) is a valid point."] + pub fn Hacl_P256_raw_to_compressed(pk_raw: *mut u8, pk: *mut u8); +} +extern "C" { + #[doc = "Compute the public key from the private key.\n\nThe function returns `true` if a private key is valid and `false` otherwise.\n\nThe outparam `public_key` points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe argument `private_key` points to 32 bytes of valid memory, i.e., uint8_t[32].\n\nThe private key is valid:\n• 0 < `private_key` < the order of the curve."] + pub fn Hacl_P256_dh_initiator(public_key: *mut u8, private_key: *mut u8) -> bool; +} +extern "C" { + #[doc = "Execute the diffie-hellmann key exchange.\n\nThe function returns `true` for successful creation of an ECDH shared secret and\n`false` otherwise.\n\nThe outparam `shared_secret` points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe argument `their_pubkey` points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe argument `private_key` points to 32 bytes of valid memory, i.e., uint8_t[32].\n\nThe function also checks whether `private_key` and `their_pubkey` are valid."] + pub fn Hacl_P256_dh_responder( + shared_secret: *mut u8, + their_pubkey: *mut u8, + private_key: *mut u8, + ) -> bool; +} +pub type uint32x4_t = [u32; 4usize]; +pub type Lib_IntVector_Intrinsics_vec128 = uint32x4_t; +extern "C" { + #[doc = "Encrypt a message `m` with key `k`.\n\nThe arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption.\nNote: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory.\n\n@param k Pointer to 32 bytes of memory where the AEAD key is read from.\n@param n Pointer to 12 bytes of memory where the AEAD nonce is read from.\n@param aadlen Length of the associated data.\n@param aad Pointer to `aadlen` bytes of memory where the associated data is read from.\n\n@param mlen Length of the message.\n@param m Pointer to `mlen` bytes of memory where the message is read from.\n@param cipher Pointer to `mlen` bytes of memory where the ciphertext is written to.\n@param mac Pointer to 16 bytes of memory where the mac is written to."] + pub fn Hacl_Chacha20Poly1305_128_aead_encrypt( + k: *mut u8, + n: *mut u8, + aadlen: u32, + aad: *mut u8, + mlen: u32, + m: *mut u8, + cipher: *mut u8, + mac: *mut u8, + ); +} +extern "C" { + #[doc = "Decrypt a ciphertext `cipher` with key `k`.\n\nThe arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption.\nNote: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory.\n\nIf decryption succeeds, the resulting plaintext is stored in `m` and the function returns the success code 0.\nIf decryption fails, the array `m` remains unchanged and the function returns the error code 1.\n\n@param k Pointer to 32 bytes of memory where the AEAD key is read from.\n@param n Pointer to 12 bytes of memory where the AEAD nonce is read from.\n@param aadlen Length of the associated data.\n@param aad Pointer to `aadlen` bytes of memory where the associated data is read from.\n\n@param mlen Length of the ciphertext.\n@param m Pointer to `mlen` bytes of memory where the message is written to.\n@param cipher Pointer to `mlen` bytes of memory where the ciphertext is read from.\n@param mac Pointer to 16 bytes of memory where the mac is read from.\n\n@returns 0 on succeess; 1 on failure."] + pub fn Hacl_Chacha20Poly1305_128_aead_decrypt( + k: *mut u8, + n: *mut u8, + aadlen: u32, + aad: *mut u8, + mlen: u32, + m: *mut u8, + cipher: *mut u8, + mac: *mut u8, + ) -> u32; +} +extern "C" { + pub fn Hacl_Blake2s_128_blake2s_init( + hash: *mut Lib_IntVector_Intrinsics_vec128, + kk: u32, + nn: u32, + ); +} +extern "C" { + pub fn Hacl_Blake2s_128_blake2s_update_key( + wv: *mut Lib_IntVector_Intrinsics_vec128, + hash: *mut Lib_IntVector_Intrinsics_vec128, + kk: u32, + k: *mut u8, + ll: u32, + ); +} +extern "C" { + pub fn Hacl_Blake2s_128_blake2s_update_multi( + len: u32, + wv: *mut Lib_IntVector_Intrinsics_vec128, + hash: *mut Lib_IntVector_Intrinsics_vec128, + prev: u64, + blocks: *mut u8, + nb: u32, + ); +} +extern "C" { + pub fn Hacl_Blake2s_128_blake2s_update_last( + len: u32, + wv: *mut Lib_IntVector_Intrinsics_vec128, + hash: *mut Lib_IntVector_Intrinsics_vec128, + prev: u64, + rem: u32, + d: *mut u8, + ); +} +extern "C" { + pub fn Hacl_Blake2s_128_blake2s_finish( + nn: u32, + output: *mut u8, + hash: *mut Lib_IntVector_Intrinsics_vec128, + ); +} +extern "C" { + #[doc = "Write the BLAKE2s digest of message `d` using key `k` into `output`.\n\n@param nn Length of to-be-generated digest with 1 <= `nn` <= 32.\n@param output Pointer to `nn` bytes of memory where the digest is written to.\n@param ll Length of the input message.\n@param d Pointer to `ll` bytes of memory where the input message is read from.\n@param kk Length of the key. Can be 0.\n@param k Pointer to `kk` bytes of memory where the key is read from."] + pub fn Hacl_Blake2s_128_blake2s( + nn: u32, + output: *mut u8, + ll: u32, + d: *mut u8, + kk: u32, + k: *mut u8, + ); +} +extern "C" { + pub fn Hacl_Blake2s_128_store_state128s_to_state32( + st32: *mut u32, + st: *mut Lib_IntVector_Intrinsics_vec128, + ); +} +extern "C" { + pub fn Hacl_Blake2s_128_load_state128s_from_state32( + st: *mut Lib_IntVector_Intrinsics_vec128, + st32: *mut u32, + ); +} +extern "C" { + pub fn Hacl_Blake2s_128_blake2s_malloc() -> *mut Lib_IntVector_Intrinsics_vec128; +} diff --git a/sys/hacl/src/lib.rs b/sys/hacl/src/lib.rs index 90bb9f802..cb706cc77 100644 --- a/sys/hacl/src/lib.rs +++ b/sys/hacl/src/lib.rs @@ -6,3 +6,20 @@ mod bindings; pub use bindings::*; + +#[cfg(test)] +mod test { + use crate::*; + + #[cfg_attr(target_arch = "wasm32", wasm_bindgen_test::wasm_bindgen_test)] + #[cfg_attr(not(target_arch = "wasm32"), test)] + fn poc() { + let mut digest = [0u8; 32]; + let msg = b"libcrux sha2 256 tests"; + unsafe { + Hacl_Streaming_SHA2_hash_256(msg.as_ptr() as _, msg.len() as u32, digest.as_mut_ptr()); + } + let expected = "8683520e19e5b33db33c8fb90918c0c96fcdfd9a17c695ce0f0ea2eaa0c95956"; + assert_eq!(hex::encode(digest), expected); + } +} From b2e2df39db64d1d513e5a90409911ef3682afcc4 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Wed, 6 Sep 2023 11:51:33 +0200 Subject: [PATCH 03/17] wip --- Cargo.toml | 7 +++-- src/hacl.rs | 1 + src/lib.rs | 5 +++ src/signature.rs | 4 +++ src/wasm.rs | 13 ++++++++ wasm-demo/index.html | 72 ++++++++++++++++++++++++++++++++++++++++++++ 6 files changed, 100 insertions(+), 2 deletions(-) create mode 100644 src/wasm.rs create mode 100644 wasm-demo/index.html diff --git a/Cargo.toml b/Cargo.toml index 2949f3b03..082c8e9e6 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -20,8 +20,10 @@ libcrux_platform = { version = "=0.0.1", path = "sys/platform" } libcrux-hacl = { version = "=0.0.1", path = "sys/hacl" } libcrux_platform = { version = "=0.0.1", path = "sys/platform" } rand = { version = "0.8" } -getrandom = { version = "0.2", features = ["js"]} +getrandom = { version = "0.2", features = ["js"] } log = "0.4" +# WASM API +wasm-bindgen = { version = "0.2.87", optional = true } [target.'cfg(all(not(target_os = "windows"), any(target_arch = "x86_64", target_arch = "x86")))'.dependencies] libjade-sys = { version = "0.0.1", path = "sys/libjade" } @@ -77,8 +79,9 @@ name = "drbg" harness = false [features] -hacspec = [] # TODO: #7 Use specs instead of efficient implementations +hacspec = [] # TODO: #7 Use specs instead of efficient implementations rand = [] +wasm = ["wasm-bindgen"] # [patch.crates-io] # hacl = { git = "https://github.com/cryspen/hacl-packages" } diff --git a/src/hacl.rs b/src/hacl.rs index 1282d7baa..5790216f1 100644 --- a/src/hacl.rs +++ b/src/hacl.rs @@ -13,6 +13,7 @@ pub(crate) mod aesgcm; pub(crate) mod blake2; pub(crate) mod chacha20_poly1305; pub(crate) mod curve25519; +#[cfg(not(target_arch ="wasm32"))] pub(crate) mod drbg; pub(crate) mod ed25519; pub(crate) mod hkdf; diff --git a/src/lib.rs b/src/lib.rs index 148633bf6..8432491b0 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -19,6 +19,8 @@ pub mod aead; #[cfg(not(target_arch ="wasm32"))] pub mod bls12; pub mod digest; +// XXX: Looks like the bindings are broken for drbg for some reason. +#[cfg(not(target_arch ="wasm32"))] pub mod drbg; pub mod ecdh; pub mod hkdf; @@ -26,3 +28,6 @@ pub mod hmac; pub mod hpke; pub mod kem; pub mod signature; + +#[cfg(all(target_arch ="wasm32", feature = "wasm"))] +pub mod wasm; diff --git a/src/signature.rs b/src/signature.rs index ffde97f09..5ba08e2c2 100644 --- a/src/signature.rs +++ b/src/signature.rs @@ -182,6 +182,9 @@ pub fn sign( )? } Algorithm::Ed25519 => { + log::debug!("Signing with ed25519"); + log::trace!(" payload: {payload:x?}"); + log::trace!(" private_key: {private_key:x?}"); let signature = ed25519::sign( payload, private_key.try_into().map_err(|_| Error::SigningError)?, @@ -262,6 +265,7 @@ pub fn key_gen( ecdh::key_gen(ecdh::Algorithm::P256, rng).map_err(|_| Error::KeyGenError) } Algorithm::Ed25519 => { + log::debug!("Generating ed25519 key"); const LIMIT: usize = 100; let mut sk = [0u8; 32]; for _ in 0..LIMIT { diff --git a/src/wasm.rs b/src/wasm.rs new file mode 100644 index 000000000..76240dd4f --- /dev/null +++ b/src/wasm.rs @@ -0,0 +1,13 @@ +//! # WASM API + +use wasm_bindgen::prelude::*; + +// #[wasm_bindgen] +// extern "C" { +// pub fn sha256(s: &str) -> String; +// } + +#[wasm_bindgen] +pub fn sha256(s: &[u8]) -> Vec { + crate::digest::sha2_256(s).to_vec() +} diff --git a/wasm-demo/index.html b/wasm-demo/index.html new file mode 100644 index 000000000..ff8c500b9 --- /dev/null +++ b/wasm-demo/index.html @@ -0,0 +1,72 @@ + + + + + + + + + + + +
+
+

Hash Input

+
+ +
+ +
+
+

Sha256 Digest

+ +
+
+ + From 851eb51c4d4638b92372cfcfa0600106919abbf2 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Thu, 7 Sep 2023 12:01:43 +0200 Subject: [PATCH 04/17] specs gitignore --- specs/.gitignore | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 specs/.gitignore diff --git a/specs/.gitignore b/specs/.gitignore new file mode 100644 index 000000000..2c96eb1b6 --- /dev/null +++ b/specs/.gitignore @@ -0,0 +1,2 @@ +target/ +Cargo.lock From 10852a15bb915bb08434fa36a125ed44b40341d6 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Fri, 8 Sep 2023 12:57:09 +0200 Subject: [PATCH 05/17] some basic wasm build --- Cargo.toml | 11 +- src/hpke/hpke.rs | 91 ---- src/wasm.rs | 98 ++++- sys/hacl/Cargo.toml | 2 + sys/hacl/build.rs | 135 +++--- sys/hacl/src/lib.rs | 847 ++++++++++++++++++++++++++++++++++++ sys/hacl/wasm.sh | 40 ++ sys/platform/.gitignore | 2 + sys/pqclean/src/bindings.rs | 120 ----- tests/aesgcm.rs | 22 +- tests/bls12.rs | 633 +++++++++++++-------------- tests/chachapoly.rs | 20 +- tests/hpke_single_kat.rs | 4 + tests/p256.rs | 14 +- tests/sha2.rs | 24 +- tests/x25519.rs | 17 +- wasm-demo/hpke.html | 140 ++++++ wasm-demo/index.html | 56 +-- wasm-demo/sha256.html | 72 +++ 19 files changed, 1680 insertions(+), 668 deletions(-) create mode 100755 sys/hacl/wasm.sh create mode 100644 sys/platform/.gitignore create mode 100644 wasm-demo/hpke.html create mode 100644 wasm-demo/sha256.html diff --git a/Cargo.toml b/Cargo.toml index 082c8e9e6..c09af5383 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -33,7 +33,6 @@ libcrux = { path = ".", features = ["rand"] } pretty_env_logger = "0.5" rand = { version = "0.8" } rand_core = { version = "0.6" } -criterion = "0.5" quickcheck = "1" quickcheck_macros = "1" serde_json = { version = "1.0" } @@ -49,9 +48,15 @@ sha3 = "0.10" # Benchmarking "Ring" ring = "0.16" +[target.'cfg(target_arch = "wasm32")'.dev-dependencies] +wasm-bindgen-test = "0.3" + +[target.'cfg(not(target_arch = "wasm32"))'.dev-dependencies] +criterion = "0.5" + # Benchmarking "OpenSSL" -# XXX: We don't do this for Windows right now. -[target.'cfg(not(windows))'.dev-dependencies] +# XXX: We don't do this for Windows or wasm right now. +[target.'cfg(all(not(windows), not(target_arch = "wasm32")))'.dev-dependencies] openssl = "0.10" [[bench]] diff --git a/src/hpke/hpke.rs b/src/hpke/hpke.rs index 6b670fa36..c58b8209f 100644 --- a/src/hpke/hpke.rs +++ b/src/hpke/hpke.rs @@ -981,94 +981,3 @@ pub fn ReceiveExport( }?; Context_Export(config, &ctx, exporter_context, L) } - -// // === WASM API - NOT HACSPEC === // -// use wasm_bindgen::prelude::*; - -// /// ## WASM key gen API. -// /// -// /// This function exposes a simplified API to be called from WASM and panics on -// /// any error. -// /// -// /// It generates x25519 keys sk||pk. -// #[cfg(feature = "wasm")] -// #[wasm_bindgen] -// pub fn hpke_key_gen(randomness: &[u8]) -> Vec { -// let (sk, pk) = GenerateKeyPair( -// KEM::DHKEM_X25519_HKDF_SHA256, -// Bytes::from_public_slice(&randomness), -// ) -// .unwrap(); -// let mut out = sk.into_native(); -// out.append(&mut pk.into_native()); -// out -// } - -// /// ## WASM single-shot HPKE seal. -// /// -// /// This function exposes a simplified API to be called from WASM and panics on -// /// any error. -// /// -// /// It uses x25519 as KEM, SHA256 as hash function and Chacha20Poly1305 as AEAD. -// #[cfg(feature = "wasm")] -// #[wasm_bindgen] -// pub fn hpke_seal_base( -// pkR: &[u8], -// info: &[u8], -// aad: &[u8], -// pt: &[u8], -// randomness: &[u8], -// ) -> Vec { -// let HPKECiphertext(enc, ct) = HpkeSeal( -// HPKEConfig( -// Mode::mode_base, -// KEM::DHKEM_X25519_HKDF_SHA256, -// KDF::HKDF_SHA256, -// AEAD::ChaCha20Poly1305, -// ), -// &Bytes::from_public_slice(pkR), -// &Bytes::from_public_slice(info), -// &Bytes::from_public_slice(aad), -// &Bytes::from_public_slice(pt), -// None, -// None, -// None, -// Bytes::from_public_slice(&randomness), -// ) -// .unwrap(); -// let mut out = enc.into_native(); -// out.append(&mut ct.into_native()); -// out -// } - -// /// ## WASM single-shot HPKE open. -// /// -// /// This function exposes a simplified API to be called from WASM and panics on -// /// any error. -// /// -// /// It uses x25519 as KEM, SHA256 as hash function and Chacha20Poly1305 as AEAD. -// #[cfg(feature = "wasm")] -// #[wasm_bindgen] -// pub fn hpke_open_base(ctxt: &[u8], enc: &[u8], skR: &[u8], info: &[u8], aad: &[u8]) -> Vec { -// let ct = HPKECiphertext( -// Bytes::from_public_slice(enc), -// Bytes::from_public_slice(ctxt), -// ); -// let pt = HpkeOpen( -// HPKEConfig( -// Mode::mode_base, -// KEM::DHKEM_X25519_HKDF_SHA256, -// KDF::HKDF_SHA256, -// AEAD::ChaCha20Poly1305, -// ), -// &ct, -// &Bytes::from_public_slice(skR), -// &Bytes::from_public_slice(info), -// &Bytes::from_public_slice(aad), -// None, -// None, -// None, -// ) -// .unwrap(); -// pt.into_native() -// } diff --git a/src/wasm.rs b/src/wasm.rs index 76240dd4f..1de9ea765 100644 --- a/src/wasm.rs +++ b/src/wasm.rs @@ -2,12 +2,100 @@ use wasm_bindgen::prelude::*; -// #[wasm_bindgen] -// extern "C" { -// pub fn sha256(s: &str) -> String; -// } - #[wasm_bindgen] pub fn sha256(s: &[u8]) -> Vec { crate::digest::sha2_256(s).to_vec() } + +use crate::hpke::{aead::*, kdf::*, kem::*, *}; + +pub const X25519_SHA2_256_CHACHA: (Mode, KEM, KDF, AEAD) = ( + Mode::mode_base, + KEM::DHKEM_X25519_HKDF_SHA256, + KDF::HKDF_SHA256, + AEAD::ChaCha20Poly1305, +); + +pub const KYBER768_X25519_SHA2_256_CHACHA: (Mode, KEM, KDF, AEAD) = ( + Mode::mode_base, + KEM::DHKEM_X25519_HKDF_SHA256, + KDF::HKDF_SHA256, + AEAD::ChaCha20Poly1305, +); + +/// ## WASM key gen API. +/// +/// This function exposes a simplified API to be called from WASM and panics on +/// any error. +/// +/// It generates x25519 keys sk||pk. +#[wasm_bindgen] +pub fn hpke_key_gen(randomness: &[u8]) -> Vec { + let (mut sk, mut pk) = + GenerateKeyPair(KEM::DHKEM_X25519_HKDF_SHA256, randomness.to_vec()).unwrap(); + sk.append(&mut pk); + sk +} + +/// ## WASM single-shot HPKE seal. +/// +/// This function exposes a simplified API to be called from WASM and panics on +/// any error. +/// +/// It uses x25519 as KEM, SHA256 as hash function and Chacha20Poly1305 as AEAD. +#[wasm_bindgen] +pub fn hpke_seal_base( + pk_r: &[u8], + info: &[u8], + aad: &[u8], + pt: &[u8], + randomness: &[u8], +) -> Vec { + let HPKECiphertext(mut enc, mut ct) = HpkeSeal( + HPKEConfig( + Mode::mode_base, + KEM::DHKEM_X25519_HKDF_SHA256, + KDF::HKDF_SHA256, + AEAD::ChaCha20Poly1305, + ), + pk_r, + info, + aad, + pt, + None, + None, + None, + randomness.to_vec(), + ) + .unwrap(); + enc.append(&mut ct); + enc +} + +/// ## WASM single-shot HPKE open. +/// +/// This function exposes a simplified API to be called from WASM and panics on +/// any error. +/// +/// It uses x25519 as KEM, SHA256 as hash function and Chacha20Poly1305 as AEAD. +#[wasm_bindgen] +pub fn hpke_open_base(ctxt: &[u8], enc: &[u8], sk_r: &[u8], info: &[u8], aad: &[u8]) -> Vec { + let ct = HPKECiphertext(enc.to_vec(), ctxt.to_vec()); + let pt = HpkeOpen( + HPKEConfig( + Mode::mode_base, + KEM::DHKEM_X25519_HKDF_SHA256, + KDF::HKDF_SHA256, + AEAD::ChaCha20Poly1305, + ), + &ct, + sk_r, + info, + aad, + None, + None, + None, + ) + .unwrap(); + pt +} diff --git a/sys/hacl/Cargo.toml b/sys/hacl/Cargo.toml index 46b866c3a..221d73c6a 100644 --- a/sys/hacl/Cargo.toml +++ b/sys/hacl/Cargo.toml @@ -17,4 +17,6 @@ bindgen = "0.66" [dev-dependencies] hex = "0.4.3" + +[target.'cfg(target_arch = "wasm32")'.dev-dependencies] wasm-bindgen-test = "0.3" diff --git a/sys/hacl/build.rs b/sys/hacl/build.rs index e72d639a8..232c905d9 100644 --- a/sys/hacl/build.rs +++ b/sys/hacl/build.rs @@ -1,5 +1,12 @@ use std::{env, path::Path}; +const MODE: &str = "static"; +const LIB_NAME: &str = "hacl"; +const LIB_128_NAME: &str = "hacl_128"; +const LIB_256_NAME: &str = "hacl_256"; +const LIB_25519_NAME: &str = "hacl_curve25519"; +const LIB_VALE_AESGCM_NAME: &str = "vale_aesgcm"; + macro_rules! svec { ($($x:expr),*$(,)?) => (vec![$($x.to_string()),*]); } @@ -61,7 +68,7 @@ fn append_simd256_flags(flags: &mut Vec, is_bindgen: bool) { } } -fn create_bindings(platform: Platform, home_dir: &Path) { +fn create_bindings(platform: &Platform, home_dir: &Path) { let mut clang_args = includes(home_dir, "-I"); let mut bindings = bindgen::Builder::default(); @@ -96,12 +103,12 @@ fn create_bindings(platform: Platform, home_dir: &Path) { // Header to wrap EverCrypt_AutoConfig2 .header("c/config/vale-aes.h"); } - // if cfg!(target_arch = "wasm32") { + if cfg!(target_arch = "wasm32") { clang_args.push( - // "--sysroot=/Users/franziskus/repos/emsdk/upstream/emscripten/cache/sysroot".to_string(), - "-I=/Users/franziskus/repos/emsdk/upstream/emscripten/cache/sysroot/include".to_string(), + "--sysroot=/Users/franziskus/repos/emsdk/upstream/emscripten/cache/sysroot".to_string(), + // "-I=/Users/franziskus/repos/emsdk/upstream/emscripten/cache/sysroot/include".to_string(), ); - // } + } let generated_bindings = bindings // Set include paths for HACL headers @@ -148,6 +155,7 @@ fn create_bindings(platform: Platform, home_dir: &Path) { } fn compile_files( + platform: &Platform, library_name: &str, files: &[String], vale_files: &[String], @@ -155,7 +163,7 @@ fn compile_files( args: &[String], defines: &[(&str, &str)], ) { - let src_prefix = if cfg!(target_env = "msvc") { + let src_prefix = if platform.target_env == "msvc" { home_path.join("c").join("src").join("msvc") } else { home_path.join("c").join("src") @@ -177,7 +185,10 @@ fn compile_files( build.include(include); } build.opt_level(3); - // build.flag("--sysroot=/Users/franziskus/repos/emsdk/upstream/emscripten/cache/sysroot"); + // build.flag("--sysroot=/opt/homebrew/opt/llvm@12/Toolchains/LLVM12.0.1.xctoolchain/usr/"); + if let Some(target) = platform.target { + build.flag(&format!("--target={target}")); + } for arg in args { build.flag(arg); } @@ -188,7 +199,7 @@ fn compile_files( build.compile(library_name); } -fn build(platform: Platform, home_path: &Path) { +fn build(platform: &Platform, home_path: &Path) { let files = svec![ "Hacl_NaCl.c", "Hacl_Salsa20.c", @@ -251,7 +262,8 @@ fn build(platform: Platform, home_path: &Path) { let mut simd128_flags = vec![]; append_simd128_flags(&mut simd128_flags, false); compile_files( - "libhacl_128.a", + platform, + LIB_128_NAME, &files128, &[], home_path, @@ -276,7 +288,8 @@ fn build(platform: Platform, home_path: &Path) { let mut simd256_flags = vec![]; append_simd256_flags(&mut simd256_flags, false); compile_files( - "libhacl_256.a", + platform, + LIB_256_NAME, &files256, &[], home_path, @@ -310,7 +323,7 @@ fn build(platform: Platform, home_path: &Path) { } compile_files( - "libhacl_curve25519.a", + LIB_25519_NAME, &files_curve25519_64, &files_curve25519, home_path, @@ -354,7 +367,7 @@ fn build(platform: Platform, home_path: &Path) { append_simd256_flags(&mut aesgcm_flags, false); append_aesgcm_flags(&mut aesgcm_flags); compile_files( - "libhacl_aesgcm.a", + LIB_VALE_AESGCM_NAME, &files_evercrypt, &files_aesgcm, home_path, @@ -363,10 +376,10 @@ fn build(platform: Platform, home_path: &Path) { ); } - compile_files("libhacl.a", &files, &[], home_path, &[], &defines); + compile_files(platform, "libhacl.a", &files, &[], home_path, &[], &defines); } -#[derive(Clone, Copy, Debug, Default)] +#[derive(Clone, Debug, Default)] #[allow(dead_code)] struct Platform { simd128: bool, @@ -377,6 +390,10 @@ struct Platform { pmull: bool, adv_simd: bool, sha256: bool, + target: Option<&'static str>, + target_arch: String, + target_env: String, + target_os: String, } fn main() { @@ -387,6 +404,10 @@ fn main() { let out_path = Path::new(&out_dir); let prebuilt_hacl_path = env::var("HACL_STATIC_PATH"); let prebuilt_hacl_name = env::var("HACL_STATIC_LIB"); + let _host_arch = env::var("TARGET").unwrap(); + let target_arch = env::var("CARGO_CFG_TARGET_ARCH").unwrap(); + let target_env = env::var("CARGO_CFG_TARGET_ENV").unwrap(); + let target_os = env::var("CARGO_CFG_TARGET_OS").unwrap(); // If we have a prebuilt binary, we don't do anything here. // NOTE: the binary must match the bindings in this crate. @@ -399,60 +420,70 @@ fn main() { } // Check platform support - let platform = Platform { - simd128: libcrux_platform::simd128_support(), - simd256: libcrux_platform::simd256_support(), - aes_ni: libcrux_platform::aes_ni_support(), - x25519: libcrux_platform::x25519_support(), - bmi2_adx_support: libcrux_platform::bmi2_adx_support(), - pmull: libcrux_platform::pmull_support(), - adv_simd: libcrux_platform::adv_simd_support(), - sha256: libcrux_platform::sha256_support(), + let platform = if target_arch != "wasm32" { + Platform { + simd128: libcrux_platform::simd128_support(), + simd256: libcrux_platform::simd256_support(), + aes_ni: libcrux_platform::aes_ni_support(), + x25519: libcrux_platform::x25519_support(), + bmi2_adx_support: libcrux_platform::bmi2_adx_support(), + pmull: libcrux_platform::pmull_support(), + adv_simd: libcrux_platform::adv_simd_support(), + sha256: libcrux_platform::sha256_support(), + target: None, + target_arch: target_arch.clone(), + target_env: target_env.clone(), + target_os: target_os.clone(), + } + } else { + Platform { + target_arch: target_arch.clone(), + target_env: target_env.clone(), + target_os: target_os.clone(), + ..Default::default() + } }; // Set re-run trigger for all of c println!("cargo:rerun-if-changed=c"); // Build the C files - build(platform, home_path); - - // Set library name to look up - const LIB_NAME: &str = "hacl"; + build(&platform, home_path); // Generate new bindings. - create_bindings(platform, home_path); + if target_arch != "wasm32" { + create_bindings(&platform, home_path); + } // Link hacl library. - const MODE: &str = "static"; println!("cargo:rustc-link-lib={}={}", MODE, LIB_NAME); if platform.simd128 { - println!("cargo:rustc-link-lib={}={}", MODE, "hacl_128"); + println!("cargo:rustc-link-lib={}={}", MODE, LIB_128_NAME); } if platform.simd256 { - println!("cargo:rustc-link-lib={}={}", MODE, "hacl_256"); + println!("cargo:rustc-link-lib={}={}", MODE, LIB_256_NAME); } - #[cfg(all( - any(target_arch = "x86", target_arch = "x86_64"), - any( - target_env = "gnu", - target_os = "linux", - target_os = "macos", - all(target_os = "windows", target_env = "msvc") - ) - ))] - if platform.x25519 { - println!("cargo:rustc-link-lib={}={}", MODE, "hacl_curve25519"); + if platform.x25519 + && (target_arch == "x86" + || target_arch == "x86_64" + && (target_env == "gnu" + || target_os == "linux" + || target_os == "macos" + || (target_os == "windows" && target_env == "msvc"))) + { + println!("cargo:rustc-link-lib={}={}", MODE, LIB_25519_NAME); } - #[cfg(all( - any(target_arch = "x86", target_arch = "x86_64"), - any( - target_os = "linux", - target_os = "macos", - all(target_os = "windows", any(target_env = "msvc", target_env = "gnu")) - ) - ))] - if platform.simd128 && platform.simd256 && platform.aes_ni && platform.pmull { - println!("cargo:rustc-link-lib={}={}", MODE, "hacl_aesgcm"); + if platform.simd128 + && platform.simd256 + && platform.aes_ni + && platform.pmull + && (target_arch == "x86" + || target_arch == "x86_64" + && (target_os == "linux" + || target_os == "macos" + || (target_os == "windows" && (target_env == "msvc" || target_env == "gnu")))) + { + println!("cargo:rustc-link-lib={}={}", MODE, LIB_VALE_AESGCM_NAME); } println!("cargo:rustc-link-search=native={}", out_path.display()); println!("cargo:lib={}", out_path.display()); diff --git a/sys/hacl/src/lib.rs b/sys/hacl/src/lib.rs index cb706cc77..5b89a2053 100644 --- a/sys/hacl/src/lib.rs +++ b/sys/hacl/src/lib.rs @@ -4,7 +4,854 @@ #![allow(non_camel_case_types, non_snake_case, non_upper_case_globals)] +#[cfg(not(target_arch = "wasm32"))] mod bindings; + +#[cfg(target_arch = "wasm32")] +mod bindings { + /* automatically generated by rust-bindgen 0.66.1 */ + + pub const Spec_Hash_Definitions_SHA2_224: u32 = 0; + pub const Spec_Hash_Definitions_SHA2_256: u32 = 1; + pub const Spec_Hash_Definitions_SHA2_384: u32 = 2; + pub const Spec_Hash_Definitions_SHA2_512: u32 = 3; + pub const Spec_Hash_Definitions_SHA1: u32 = 4; + pub const Spec_Hash_Definitions_MD5: u32 = 5; + pub const Spec_Hash_Definitions_Blake2S: u32 = 6; + pub const Spec_Hash_Definitions_Blake2B: u32 = 7; + pub const Spec_Hash_Definitions_SHA3_256: u32 = 8; + pub const Spec_Hash_Definitions_SHA3_224: u32 = 9; + pub const Spec_Hash_Definitions_SHA3_384: u32 = 10; + pub const Spec_Hash_Definitions_SHA3_512: u32 = 11; + pub const Spec_Hash_Definitions_Shake128: u32 = 12; + pub const Spec_Hash_Definitions_Shake256: u32 = 13; + pub const Hacl_Streaming_Types_Success: u32 = 0; + pub const Hacl_Streaming_Types_InvalidAlgorithm: u32 = 1; + pub const Hacl_Streaming_Types_InvalidLength: u32 = 2; + pub const Hacl_Streaming_Types_MaximumLengthExceeded: u32 = 3; + pub type FStar_UInt128_uint128 = u128; + extern "C" { + #[doc = "Encrypt a message `m` with key `k`.\n\nThe arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption.\nNote: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory.\n\n@param k Pointer to 32 bytes of memory where the AEAD key is read from.\n@param n Pointer to 12 bytes of memory where the AEAD nonce is read from.\n@param aadlen Length of the associated data.\n@param aad Pointer to `aadlen` bytes of memory where the associated data is read from.\n\n@param mlen Length of the message.\n@param m Pointer to `mlen` bytes of memory where the message is read from.\n@param cipher Pointer to `mlen` bytes of memory where the ciphertext is written to.\n@param mac Pointer to 16 bytes of memory where the mac is written to."] + pub fn Hacl_Chacha20Poly1305_32_aead_encrypt( + k: *mut u8, + n: *mut u8, + aadlen: u32, + aad: *mut u8, + mlen: u32, + m: *mut u8, + cipher: *mut u8, + mac: *mut u8, + ); + } + extern "C" { + #[doc = "Decrypt a ciphertext `cipher` with key `k`.\n\nThe arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption.\nNote: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory.\n\nIf decryption succeeds, the resulting plaintext is stored in `m` and the function returns the success code 0.\nIf decryption fails, the array `m` remains unchanged and the function returns the error code 1.\n\n@param k Pointer to 32 bytes of memory where the AEAD key is read from.\n@param n Pointer to 12 bytes of memory where the AEAD nonce is read from.\n@param aadlen Length of the associated data.\n@param aad Pointer to `aadlen` bytes of memory where the associated data is read from.\n\n@param mlen Length of the ciphertext.\n@param m Pointer to `mlen` bytes of memory where the message is written to.\n@param cipher Pointer to `mlen` bytes of memory where the ciphertext is read from.\n@param mac Pointer to 16 bytes of memory where the mac is read from.\n\n@returns 0 on succeess; 1 on failure."] + pub fn Hacl_Chacha20Poly1305_32_aead_decrypt( + k: *mut u8, + n: *mut u8, + aadlen: u32, + aad: *mut u8, + mlen: u32, + m: *mut u8, + cipher: *mut u8, + mac: *mut u8, + ) -> u32; + } + extern "C" { + #[doc = "Compute the scalar multiple of a point.\n\n@param out Pointer to 32 bytes of memory, allocated by the caller, where the resulting point is written to.\n@param priv Pointer to 32 bytes of memory where the secret/private key is read from.\n@param pub Pointer to 32 bytes of memory where the public point is read from."] + pub fn Hacl_Curve25519_51_scalarmult(out: *mut u8, priv_: *mut u8, pub_: *mut u8); + } + extern "C" { + #[doc = "Calculate a public point from a secret/private key.\n\nThis computes a scalar multiplication of the secret/private key with the curve's basepoint.\n\n@param pub Pointer to 32 bytes of memory, allocated by the caller, where the resulting point is written to.\n@param priv Pointer to 32 bytes of memory where the secret/private key is read from."] + pub fn Hacl_Curve25519_51_secret_to_public(pub_: *mut u8, priv_: *mut u8); + } + extern "C" { + #[doc = "Execute the diffie-hellmann key exchange.\n\n@param out Pointer to 32 bytes of memory, allocated by the caller, where the resulting point is written to.\n@param priv Pointer to 32 bytes of memory where **our** secret/private key is read from.\n@param pub Pointer to 32 bytes of memory where **their** public point is read from."] + pub fn Hacl_Curve25519_51_ecdh(out: *mut u8, priv_: *mut u8, pub_: *mut u8) -> bool; + } + pub type Spec_Hash_Definitions_hash_alg = u8; + pub type Hacl_Streaming_Types_error_code = u8; + #[repr(C)] + #[derive(Debug, Copy, Clone)] + pub struct Hacl_Streaming_MD_state_32_s { + pub block_state: *mut u32, + pub buf: *mut u8, + pub total_len: u64, + } + pub type Hacl_Streaming_MD_state_32 = Hacl_Streaming_MD_state_32_s; + #[repr(C)] + #[derive(Debug, Copy, Clone)] + pub struct Hacl_Streaming_MD_state_64_s { + pub block_state: *mut u64, + pub buf: *mut u8, + pub total_len: u64, + } + pub type Hacl_Streaming_MD_state_64 = Hacl_Streaming_MD_state_64_s; + pub type Hacl_Streaming_SHA1_state = Hacl_Streaming_MD_state_32; + pub type Hacl_Streaming_SHA2_state_sha2_224 = Hacl_Streaming_MD_state_32; + pub type Hacl_Streaming_SHA2_state_sha2_256 = Hacl_Streaming_MD_state_32; + pub type Hacl_Streaming_SHA2_state_sha2_384 = Hacl_Streaming_MD_state_64; + pub type Hacl_Streaming_SHA2_state_sha2_512 = Hacl_Streaming_MD_state_64; + extern "C" { + #[doc = "Allocate initial state for the SHA2_256 hash. The state is to be freed by\ncalling `free_256`."] + pub fn Hacl_Streaming_SHA2_create_in_256() -> *mut Hacl_Streaming_MD_state_32; + } + extern "C" { + #[doc = "Copies the state passed as argument into a newly allocated state (deep copy).\nThe state is to be freed by calling `free_256`. Cloning the state this way is\nuseful, for instance, if your control-flow diverges and you need to feed\nmore (different) data into the hash in each branch."] + pub fn Hacl_Streaming_SHA2_copy_256( + s0: *mut Hacl_Streaming_MD_state_32, + ) -> *mut Hacl_Streaming_MD_state_32; + } + extern "C" { + #[doc = "Reset an existing state to the initial hash state with empty data."] + pub fn Hacl_Streaming_SHA2_init_256(s: *mut Hacl_Streaming_MD_state_32); + } + extern "C" { + #[doc = "Feed an arbitrary amount of data into the hash. This function returns 0 for\nsuccess, or 1 if the combined length of all of the data passed to `update_256`\n(since the last call to `init_256`) exceeds 2^61-1 bytes.\n\nThis function is identical to the update function for SHA2_224."] + pub fn Hacl_Streaming_SHA2_update_256( + p: *mut Hacl_Streaming_MD_state_32, + input: *mut u8, + input_len: u32, + ) -> Hacl_Streaming_Types_error_code; + } + extern "C" { + #[doc = "Write the resulting hash into `dst`, an array of 32 bytes. The state remains\nvalid after a call to `finish_256`, meaning the user may feed more data into\nthe hash via `update_256`. (The finish_256 function operates on an internal copy of\nthe state and therefore does not invalidate the client-held state `p`.)"] + pub fn Hacl_Streaming_SHA2_finish_256(p: *mut Hacl_Streaming_MD_state_32, dst: *mut u8); + } + extern "C" { + #[doc = "Free a state allocated with `create_in_256`.\n\nThis function is identical to the free function for SHA2_224."] + pub fn Hacl_Streaming_SHA2_free_256(s: *mut Hacl_Streaming_MD_state_32); + } + extern "C" { + #[doc = "Hash `input`, of len `input_len`, into `dst`, an array of 32 bytes."] + pub fn Hacl_Streaming_SHA2_hash_256(input: *mut u8, input_len: u32, dst: *mut u8); + } + extern "C" { + pub fn Hacl_Streaming_SHA2_create_in_224() -> *mut Hacl_Streaming_MD_state_32; + } + extern "C" { + pub fn Hacl_Streaming_SHA2_init_224(s: *mut Hacl_Streaming_MD_state_32); + } + extern "C" { + pub fn Hacl_Streaming_SHA2_update_224( + p: *mut Hacl_Streaming_MD_state_32, + input: *mut u8, + input_len: u32, + ) -> Hacl_Streaming_Types_error_code; + } + extern "C" { + #[doc = "Write the resulting hash into `dst`, an array of 28 bytes. The state remains\nvalid after a call to `finish_224`, meaning the user may feed more data into\nthe hash via `update_224`."] + pub fn Hacl_Streaming_SHA2_finish_224(p: *mut Hacl_Streaming_MD_state_32, dst: *mut u8); + } + extern "C" { + pub fn Hacl_Streaming_SHA2_free_224(p: *mut Hacl_Streaming_MD_state_32); + } + extern "C" { + #[doc = "Hash `input`, of len `input_len`, into `dst`, an array of 28 bytes."] + pub fn Hacl_Streaming_SHA2_hash_224(input: *mut u8, input_len: u32, dst: *mut u8); + } + extern "C" { + pub fn Hacl_Streaming_SHA2_create_in_512() -> *mut Hacl_Streaming_MD_state_64; + } + extern "C" { + #[doc = "Copies the state passed as argument into a newly allocated state (deep copy).\nThe state is to be freed by calling `free_512`. Cloning the state this way is\nuseful, for instance, if your control-flow diverges and you need to feed\nmore (different) data into the hash in each branch."] + pub fn Hacl_Streaming_SHA2_copy_512( + s0: *mut Hacl_Streaming_MD_state_64, + ) -> *mut Hacl_Streaming_MD_state_64; + } + extern "C" { + pub fn Hacl_Streaming_SHA2_init_512(s: *mut Hacl_Streaming_MD_state_64); + } + extern "C" { + #[doc = "Feed an arbitrary amount of data into the hash. This function returns 0 for\nsuccess, or 1 if the combined length of all of the data passed to `update_512`\n(since the last call to `init_512`) exceeds 2^125-1 bytes.\n\nThis function is identical to the update function for SHA2_384."] + pub fn Hacl_Streaming_SHA2_update_512( + p: *mut Hacl_Streaming_MD_state_64, + input: *mut u8, + input_len: u32, + ) -> Hacl_Streaming_Types_error_code; + } + extern "C" { + #[doc = "Write the resulting hash into `dst`, an array of 64 bytes. The state remains\nvalid after a call to `finish_512`, meaning the user may feed more data into\nthe hash via `update_512`. (The finish_512 function operates on an internal copy of\nthe state and therefore does not invalidate the client-held state `p`.)"] + pub fn Hacl_Streaming_SHA2_finish_512(p: *mut Hacl_Streaming_MD_state_64, dst: *mut u8); + } + extern "C" { + #[doc = "Free a state allocated with `create_in_512`.\n\nThis function is identical to the free function for SHA2_384."] + pub fn Hacl_Streaming_SHA2_free_512(s: *mut Hacl_Streaming_MD_state_64); + } + extern "C" { + #[doc = "Hash `input`, of len `input_len`, into `dst`, an array of 64 bytes."] + pub fn Hacl_Streaming_SHA2_hash_512(input: *mut u8, input_len: u32, dst: *mut u8); + } + extern "C" { + pub fn Hacl_Streaming_SHA2_create_in_384() -> *mut Hacl_Streaming_MD_state_64; + } + extern "C" { + pub fn Hacl_Streaming_SHA2_init_384(s: *mut Hacl_Streaming_MD_state_64); + } + extern "C" { + pub fn Hacl_Streaming_SHA2_update_384( + p: *mut Hacl_Streaming_MD_state_64, + input: *mut u8, + input_len: u32, + ) -> Hacl_Streaming_Types_error_code; + } + extern "C" { + #[doc = "Write the resulting hash into `dst`, an array of 48 bytes. The state remains\nvalid after a call to `finish_384`, meaning the user may feed more data into\nthe hash via `update_384`."] + pub fn Hacl_Streaming_SHA2_finish_384(p: *mut Hacl_Streaming_MD_state_64, dst: *mut u8); + } + extern "C" { + pub fn Hacl_Streaming_SHA2_free_384(p: *mut Hacl_Streaming_MD_state_64); + } + extern "C" { + #[doc = "Hash `input`, of len `input_len`, into `dst`, an array of 48 bytes."] + pub fn Hacl_Streaming_SHA2_hash_384(input: *mut u8, input_len: u32, dst: *mut u8); + } + #[repr(C)] + #[derive(Debug, Copy, Clone)] + pub struct Hacl_Streaming_Keccak_hash_buf_s { + pub fst: Spec_Hash_Definitions_hash_alg, + pub snd: *mut u64, + } + pub type Hacl_Streaming_Keccak_hash_buf = Hacl_Streaming_Keccak_hash_buf_s; + #[repr(C)] + #[derive(Debug, Copy, Clone)] + pub struct Hacl_Streaming_Keccak_state_s { + pub block_state: Hacl_Streaming_Keccak_hash_buf, + pub buf: *mut u8, + pub total_len: u64, + } + pub type Hacl_Streaming_Keccak_state = Hacl_Streaming_Keccak_state_s; + extern "C" { + pub fn Hacl_Streaming_Keccak_get_alg( + s: *mut Hacl_Streaming_Keccak_state, + ) -> Spec_Hash_Definitions_hash_alg; + } + extern "C" { + pub fn Hacl_Streaming_Keccak_malloc( + a: Spec_Hash_Definitions_hash_alg, + ) -> *mut Hacl_Streaming_Keccak_state; + } + extern "C" { + pub fn Hacl_Streaming_Keccak_free(s: *mut Hacl_Streaming_Keccak_state); + } + extern "C" { + pub fn Hacl_Streaming_Keccak_copy( + s0: *mut Hacl_Streaming_Keccak_state, + ) -> *mut Hacl_Streaming_Keccak_state; + } + extern "C" { + pub fn Hacl_Streaming_Keccak_reset(s: *mut Hacl_Streaming_Keccak_state); + } + extern "C" { + pub fn Hacl_Streaming_Keccak_update( + p: *mut Hacl_Streaming_Keccak_state, + data: *mut u8, + len: u32, + ) -> Hacl_Streaming_Types_error_code; + } + extern "C" { + pub fn Hacl_Streaming_Keccak_finish( + s: *mut Hacl_Streaming_Keccak_state, + dst: *mut u8, + ) -> Hacl_Streaming_Types_error_code; + } + extern "C" { + pub fn Hacl_Streaming_Keccak_squeeze( + s: *mut Hacl_Streaming_Keccak_state, + dst: *mut u8, + l: u32, + ) -> Hacl_Streaming_Types_error_code; + } + extern "C" { + pub fn Hacl_Streaming_Keccak_block_len(s: *mut Hacl_Streaming_Keccak_state) -> u32; + } + extern "C" { + pub fn Hacl_Streaming_Keccak_hash_len(s: *mut Hacl_Streaming_Keccak_state) -> u32; + } + extern "C" { + pub fn Hacl_Streaming_Keccak_is_shake(s: *mut Hacl_Streaming_Keccak_state) -> bool; + } + extern "C" { + pub fn Hacl_SHA3_shake128_hacl( + inputByteLen: u32, + input: *mut u8, + outputByteLen: u32, + output: *mut u8, + ); + } + extern "C" { + pub fn Hacl_SHA3_shake256_hacl( + inputByteLen: u32, + input: *mut u8, + outputByteLen: u32, + output: *mut u8, + ); + } + extern "C" { + pub fn Hacl_SHA3_sha3_224(inputByteLen: u32, input: *mut u8, output: *mut u8); + } + extern "C" { + pub fn Hacl_SHA3_sha3_256(inputByteLen: u32, input: *mut u8, output: *mut u8); + } + extern "C" { + pub fn Hacl_SHA3_sha3_384(inputByteLen: u32, input: *mut u8, output: *mut u8); + } + extern "C" { + pub fn Hacl_SHA3_sha3_512(inputByteLen: u32, input: *mut u8, output: *mut u8); + } + extern "C" { + pub fn Hacl_Blake2b_32_blake2b_init(hash: *mut u64, kk: u32, nn: u32); + } + extern "C" { + pub fn Hacl_Blake2b_32_blake2b_update_key( + wv: *mut u64, + hash: *mut u64, + kk: u32, + k: *mut u8, + ll: u32, + ); + } + extern "C" { + pub fn Hacl_Blake2b_32_blake2b_finish(nn: u32, output: *mut u8, hash: *mut u64); + } + extern "C" { + #[doc = "Write the BLAKE2b digest of message `d` using key `k` into `output`.\n\n@param nn Length of the to-be-generated digest with 1 <= `nn` <= 64.\n@param output Pointer to `nn` bytes of memory where the digest is written to.\n@param ll Length of the input message.\n@param d Pointer to `ll` bytes of memory where the input message is read from.\n@param kk Length of the key. Can be 0.\n@param k Pointer to `kk` bytes of memory where the key is read from."] + pub fn Hacl_Blake2b_32_blake2b( + nn: u32, + output: *mut u8, + ll: u32, + d: *mut u8, + kk: u32, + k: *mut u8, + ); + } + extern "C" { + pub fn Hacl_Blake2b_32_blake2b_malloc() -> *mut u64; + } + extern "C" { + pub fn Hacl_Blake2s_32_blake2s_init(hash: *mut u32, kk: u32, nn: u32); + } + extern "C" { + pub fn Hacl_Blake2s_32_blake2s_update_key( + wv: *mut u32, + hash: *mut u32, + kk: u32, + k: *mut u8, + ll: u32, + ); + } + extern "C" { + pub fn Hacl_Blake2s_32_blake2s_update_multi( + len: u32, + wv: *mut u32, + hash: *mut u32, + prev: u64, + blocks: *mut u8, + nb: u32, + ); + } + extern "C" { + pub fn Hacl_Blake2s_32_blake2s_update_last( + len: u32, + wv: *mut u32, + hash: *mut u32, + prev: u64, + rem: u32, + d: *mut u8, + ); + } + extern "C" { + pub fn Hacl_Blake2s_32_blake2s_finish(nn: u32, output: *mut u8, hash: *mut u32); + } + extern "C" { + #[doc = "Write the BLAKE2s digest of message `d` using key `k` into `output`.\n\n@param nn Length of to-be-generated digest with 1 <= `nn` <= 32.\n@param output Pointer to `nn` bytes of memory where the digest is written to.\n@param ll Length of the input message.\n@param d Pointer to `ll` bytes of memory where the input message is read from.\n@param kk Length of the key. Can be 0.\n@param k Pointer to `kk` bytes of memory where the key is read from."] + pub fn Hacl_Blake2s_32_blake2s( + nn: u32, + output: *mut u8, + ll: u32, + d: *mut u8, + kk: u32, + k: *mut u8, + ); + } + extern "C" { + pub fn Hacl_Blake2s_32_blake2s_malloc() -> *mut u32; + } + extern "C" { + #[doc = "Write the HMAC-SHA-1 MAC of a message (`data`) by using a key (`key`) into `dst`.\n\nThe key can be any length and will be hashed if it is longer and padded if it is shorter than 64 byte.\n`dst` must point to 20 bytes of memory."] + pub fn Hacl_HMAC_legacy_compute_sha1( + dst: *mut u8, + key: *mut u8, + key_len: u32, + data: *mut u8, + data_len: u32, + ); + } + extern "C" { + #[doc = "Write the HMAC-SHA-2-256 MAC of a message (`data`) by using a key (`key`) into `dst`.\n\nThe key can be any length and will be hashed if it is longer and padded if it is shorter than 64 bytes.\n`dst` must point to 32 bytes of memory."] + pub fn Hacl_HMAC_compute_sha2_256( + dst: *mut u8, + key: *mut u8, + key_len: u32, + data: *mut u8, + data_len: u32, + ); + } + extern "C" { + #[doc = "Write the HMAC-SHA-2-384 MAC of a message (`data`) by using a key (`key`) into `dst`.\n\nThe key can be any length and will be hashed if it is longer and padded if it is shorter than 128 bytes.\n`dst` must point to 48 bytes of memory."] + pub fn Hacl_HMAC_compute_sha2_384( + dst: *mut u8, + key: *mut u8, + key_len: u32, + data: *mut u8, + data_len: u32, + ); + } + extern "C" { + #[doc = "Write the HMAC-SHA-2-512 MAC of a message (`data`) by using a key (`key`) into `dst`.\n\nThe key can be any length and will be hashed if it is longer and padded if it is shorter than 128 bytes.\n`dst` must point to 64 bytes of memory."] + pub fn Hacl_HMAC_compute_sha2_512( + dst: *mut u8, + key: *mut u8, + key_len: u32, + data: *mut u8, + data_len: u32, + ); + } + extern "C" { + #[doc = "Write the HMAC-BLAKE2s MAC of a message (`data`) by using a key (`key`) into `dst`.\n\nThe key can be any length and will be hashed if it is longer and padded if it is shorter than 64 bytes.\n`dst` must point to 32 bytes of memory."] + pub fn Hacl_HMAC_compute_blake2s_32( + dst: *mut u8, + key: *mut u8, + key_len: u32, + data: *mut u8, + data_len: u32, + ); + } + extern "C" { + #[doc = "Write the HMAC-BLAKE2b MAC of a message (`data`) by using a key (`key`) into `dst`.\n\nThe key can be any length and will be hashed if it is longer and padded if it is shorter than 128 bytes.\n`dst` must point to 64 bytes of memory."] + pub fn Hacl_HMAC_compute_blake2b_32( + dst: *mut u8, + key: *mut u8, + key_len: u32, + data: *mut u8, + data_len: u32, + ); + } + pub type Hacl_HMAC_DRBG_supported_alg = Spec_Hash_Definitions_hash_alg; + extern "C" { + #[doc = "Return the minimal entropy input length of the desired hash function.\n\n@param a Hash algorithm to use."] + pub fn Hacl_HMAC_DRBG_min_length(a: Spec_Hash_Definitions_hash_alg) -> u32; + } + #[repr(C)] + #[derive(Debug, Copy, Clone)] + pub struct Hacl_HMAC_DRBG_state_s { + pub k: *mut u8, + pub v: *mut u8, + pub reseed_counter: *mut u32, + } + pub type Hacl_HMAC_DRBG_state = Hacl_HMAC_DRBG_state_s; + extern "C" { + pub fn Hacl_HMAC_DRBG_uu___is_State( + a: Spec_Hash_Definitions_hash_alg, + projectee: Hacl_HMAC_DRBG_state, + ) -> bool; + } + extern "C" { + #[doc = "Create a DRBG state.\n\n@param a Hash algorithm to use. The possible instantiations are ...\n `Spec_Hash_Definitions_SHA2_256`,\n `Spec_Hash_Definitions_SHA2_384`,\n `Spec_Hash_Definitions_SHA2_512`, and\n `Spec_Hash_Definitions_SHA1`."] + pub fn Hacl_HMAC_DRBG_create_in(a: Spec_Hash_Definitions_hash_alg) -> Hacl_HMAC_DRBG_state; + } + extern "C" { + #[doc = "Instantiate the DRBG.\n\n@param a Hash algorithm to use. (Value must match the value used in `Hacl_HMAC_DRBG_create_in`.)\n@param st Pointer to DRBG state.\n@param entropy_input_len Length of entropy input.\n@param entropy_input Pointer to `entropy_input_len` bytes of memory where entropy input is read from.\n@param nonce_len Length of nonce.\n@param nonce Pointer to `nonce_len` bytes of memory where nonce is read from.\n@param personalization_string_len length of personalization string.\n@param personalization_string Pointer to `personalization_string_len` bytes of memory where personalization string is read from."] + pub fn Hacl_HMAC_DRBG_instantiate( + a: Spec_Hash_Definitions_hash_alg, + st: Hacl_HMAC_DRBG_state, + entropy_input_len: u32, + entropy_input: *mut u8, + nonce_len: u32, + nonce: *mut u8, + personalization_string_len: u32, + personalization_string: *mut u8, + ); + } + extern "C" { + #[doc = "Reseed the DRBG.\n\n@param a Hash algorithm to use. (Value must match the value used in `Hacl_HMAC_DRBG_create_in`.)\n@param st Pointer to DRBG state.\n@param entropy_input_len Length of entropy input.\n@param entropy_input Pointer to `entropy_input_len` bytes of memory where entropy input is read from.\n@param additional_input_input_len Length of additional input.\n@param additional_input_input Pointer to `additional_input_input_len` bytes of memory where additional input is read from."] + pub fn Hacl_HMAC_DRBG_reseed( + a: Spec_Hash_Definitions_hash_alg, + st: Hacl_HMAC_DRBG_state, + entropy_input_len: u32, + entropy_input: *mut u8, + additional_input_input_len: u32, + additional_input_input: *mut u8, + ); + } + extern "C" { + #[doc = "Generate output.\n\n@param a Hash algorithm to use. (Value must match the value used in `create_in`.)\n@param output Pointer to `n` bytes of memory where random output is written to.\n@param st Pointer to DRBG state.\n@param n Length of desired output.\n@param additional_input_input_len Length of additional input.\n@param additional_input_input Pointer to `additional_input_input_len` bytes of memory where additional input is read from."] + pub fn Hacl_HMAC_DRBG_generate( + a: Spec_Hash_Definitions_hash_alg, + output: *mut u8, + st: Hacl_HMAC_DRBG_state, + n: u32, + additional_input_len: u32, + additional_input: *mut u8, + ) -> bool; + } + extern "C" { + pub fn Hacl_HMAC_DRBG_free(uu___: Spec_Hash_Definitions_hash_alg, s: Hacl_HMAC_DRBG_state); + } + extern "C" { + #[doc = "Compute the public key from the private key.\n\nThe outparam `public_key` points to 32 bytes of valid memory, i.e., uint8_t[32].\nThe argument `private_key` points to 32 bytes of valid memory, i.e., uint8_t[32]."] + pub fn Hacl_Ed25519_secret_to_public(public_key: *mut u8, private_key: *mut u8); + } + extern "C" { + #[doc = "Compute the expanded keys for an Ed25519 signature.\n\nThe outparam `expanded_keys` points to 96 bytes of valid memory, i.e., uint8_t[96].\nThe argument `private_key` points to 32 bytes of valid memory, i.e., uint8_t[32].\n\nIf one needs to sign several messages under the same private key, it is more efficient\nto call `expand_keys` only once and `sign_expanded` multiple times, for each message."] + pub fn Hacl_Ed25519_expand_keys(expanded_keys: *mut u8, private_key: *mut u8); + } + extern "C" { + #[doc = "Create an Ed25519 signature with the (precomputed) expanded keys.\n\nThe outparam `signature` points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe argument `expanded_keys` points to 96 bytes of valid memory, i.e., uint8_t[96].\nThe argument `msg` points to `msg_len` bytes of valid memory, i.e., uint8_t[msg_len].\n\nThe argument `expanded_keys` is obtained through `expand_keys`.\n\nIf one needs to sign several messages under the same private key, it is more efficient\nto call `expand_keys` only once and `sign_expanded` multiple times, for each message."] + pub fn Hacl_Ed25519_sign_expanded( + signature: *mut u8, + expanded_keys: *mut u8, + msg_len: u32, + msg: *mut u8, + ); + } + extern "C" { + #[doc = "Create an Ed25519 signature.\n\nThe outparam `signature` points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe argument `private_key` points to 32 bytes of valid memory, i.e., uint8_t[32].\nThe argument `msg` points to `msg_len` bytes of valid memory, i.e., uint8_t[msg_len].\n\nThe function first calls `expand_keys` and then invokes `sign_expanded`.\n\nIf one needs to sign several messages under the same private key, it is more efficient\nto call `expand_keys` only once and `sign_expanded` multiple times, for each message."] + pub fn Hacl_Ed25519_sign( + signature: *mut u8, + private_key: *mut u8, + msg_len: u32, + msg: *mut u8, + ); + } + extern "C" { + #[doc = "Verify an Ed25519 signature.\n\nThe function returns `true` if the signature is valid and `false` otherwise.\n\nThe argument `public_key` points to 32 bytes of valid memory, i.e., uint8_t[32].\nThe argument `msg` points to `msg_len` bytes of valid memory, i.e., uint8_t[msg_len].\nThe argument `signature` points to 64 bytes of valid memory, i.e., uint8_t[64]."] + pub fn Hacl_Ed25519_verify( + public_key: *mut u8, + msg_len: u32, + msg: *mut u8, + signature: *mut u8, + ) -> bool; + } + extern "C" { + #[doc = "Expand pseudorandom key to desired length.\n\n@param okm Pointer to `len` bytes of memory where output keying material is written to.\n@param prk Pointer to at least `HashLen` bytes of memory where pseudorandom key is read from. Usually, this points to the output from the extract step.\n@param prklen Length of pseudorandom key.\n@param info Pointer to `infolen` bytes of memory where context and application specific information is read from. Can be a zero-length string.\n@param infolen Length of context and application specific information.\n@param len Length of output keying material."] + pub fn Hacl_HKDF_expand_sha2_256( + okm: *mut u8, + prk: *mut u8, + prklen: u32, + info: *mut u8, + infolen: u32, + len: u32, + ); + } + extern "C" { + #[doc = "Extract a fixed-length pseudorandom key from input keying material.\n\n@param prk Pointer to `HashLen` bytes of memory where pseudorandom key is written to.\n@param salt Pointer to `saltlen` bytes of memory where salt value is read from.\n@param saltlen Length of salt value.\n@param ikm Pointer to `ikmlen` bytes of memory where input keying material is read from.\n@param ikmlen Length of input keying material."] + pub fn Hacl_HKDF_extract_sha2_256( + prk: *mut u8, + salt: *mut u8, + saltlen: u32, + ikm: *mut u8, + ikmlen: u32, + ); + } + extern "C" { + #[doc = "Expand pseudorandom key to desired length.\n\n@param okm Pointer to `len` bytes of memory where output keying material is written to.\n@param prk Pointer to at least `HashLen` bytes of memory where pseudorandom key is read from. Usually, this points to the output from the extract step.\n@param prklen Length of pseudorandom key.\n@param info Pointer to `infolen` bytes of memory where context and application specific information is read from. Can be a zero-length string.\n@param infolen Length of context and application specific information.\n@param len Length of output keying material."] + pub fn Hacl_HKDF_expand_sha2_384( + okm: *mut u8, + prk: *mut u8, + prklen: u32, + info: *mut u8, + infolen: u32, + len: u32, + ); + } + extern "C" { + #[doc = "Extract a fixed-length pseudorandom key from input keying material.\n\n@param prk Pointer to `HashLen` bytes of memory where pseudorandom key is written to.\n@param salt Pointer to `saltlen` bytes of memory where salt value is read from.\n@param saltlen Length of salt value.\n@param ikm Pointer to `ikmlen` bytes of memory where input keying material is read from.\n@param ikmlen Length of input keying material."] + pub fn Hacl_HKDF_extract_sha2_384( + prk: *mut u8, + salt: *mut u8, + saltlen: u32, + ikm: *mut u8, + ikmlen: u32, + ); + } + extern "C" { + #[doc = "Expand pseudorandom key to desired length.\n\n@param okm Pointer to `len` bytes of memory where output keying material is written to.\n@param prk Pointer to at least `HashLen` bytes of memory where pseudorandom key is read from. Usually, this points to the output from the extract step.\n@param prklen Length of pseudorandom key.\n@param info Pointer to `infolen` bytes of memory where context and application specific information is read from. Can be a zero-length string.\n@param infolen Length of context and application specific information.\n@param len Length of output keying material."] + pub fn Hacl_HKDF_expand_sha2_512( + okm: *mut u8, + prk: *mut u8, + prklen: u32, + info: *mut u8, + infolen: u32, + len: u32, + ); + } + extern "C" { + #[doc = "Extract a fixed-length pseudorandom key from input keying material.\n\n@param prk Pointer to `HashLen` bytes of memory where pseudorandom key is written to.\n@param salt Pointer to `saltlen` bytes of memory where salt value is read from.\n@param saltlen Length of salt value.\n@param ikm Pointer to `ikmlen` bytes of memory where input keying material is read from.\n@param ikmlen Length of input keying material."] + pub fn Hacl_HKDF_extract_sha2_512( + prk: *mut u8, + salt: *mut u8, + saltlen: u32, + ikm: *mut u8, + ikmlen: u32, + ); + } + extern "C" { + #[doc = "Expand pseudorandom key to desired length.\n\n@param okm Pointer to `len` bytes of memory where output keying material is written to.\n@param prk Pointer to at least `HashLen` bytes of memory where pseudorandom key is read from. Usually, this points to the output from the extract step.\n@param prklen Length of pseudorandom key.\n@param info Pointer to `infolen` bytes of memory where context and application specific information is read from. Can be a zero-length string.\n@param infolen Length of context and application specific information.\n@param len Length of output keying material."] + pub fn Hacl_HKDF_expand_blake2s_32( + okm: *mut u8, + prk: *mut u8, + prklen: u32, + info: *mut u8, + infolen: u32, + len: u32, + ); + } + extern "C" { + #[doc = "Extract a fixed-length pseudorandom key from input keying material.\n\n@param prk Pointer to `HashLen` bytes of memory where pseudorandom key is written to.\n@param salt Pointer to `saltlen` bytes of memory where salt value is read from.\n@param saltlen Length of salt value.\n@param ikm Pointer to `ikmlen` bytes of memory where input keying material is read from.\n@param ikmlen Length of input keying material."] + pub fn Hacl_HKDF_extract_blake2s_32( + prk: *mut u8, + salt: *mut u8, + saltlen: u32, + ikm: *mut u8, + ikmlen: u32, + ); + } + extern "C" { + #[doc = "Expand pseudorandom key to desired length.\n\n@param okm Pointer to `len` bytes of memory where output keying material is written to.\n@param prk Pointer to at least `HashLen` bytes of memory where pseudorandom key is read from. Usually, this points to the output from the extract step.\n@param prklen Length of pseudorandom key.\n@param info Pointer to `infolen` bytes of memory where context and application specific information is read from. Can be a zero-length string.\n@param infolen Length of context and application specific information.\n@param len Length of output keying material."] + pub fn Hacl_HKDF_expand_blake2b_32( + okm: *mut u8, + prk: *mut u8, + prklen: u32, + info: *mut u8, + infolen: u32, + len: u32, + ); + } + extern "C" { + #[doc = "Extract a fixed-length pseudorandom key from input keying material.\n\n@param prk Pointer to `HashLen` bytes of memory where pseudorandom key is written to.\n@param salt Pointer to `saltlen` bytes of memory where salt value is read from.\n@param saltlen Length of salt value.\n@param ikm Pointer to `ikmlen` bytes of memory where input keying material is read from.\n@param ikmlen Length of input keying material."] + pub fn Hacl_HKDF_extract_blake2b_32( + prk: *mut u8, + salt: *mut u8, + saltlen: u32, + ikm: *mut u8, + ikmlen: u32, + ); + } + extern "C" { + #[doc = "Create an ECDSA signature using SHA2-256.\n\nThe function returns `true` for successful creation of an ECDSA signature and `false` otherwise.\n\nThe outparam `signature` (R || S) points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe argument `msg` points to `msg_len` bytes of valid memory, i.e., uint8_t[msg_len].\nThe arguments `private_key` and `nonce` point to 32 bytes of valid memory, i.e., uint8_t[32].\n\nThe function also checks whether `private_key` and `nonce` are valid:\n• 0 < `private_key` < the order of the curve\n• 0 < `nonce` < the order of the curve"] + pub fn Hacl_P256_ecdsa_sign_p256_sha2( + signature: *mut u8, + msg_len: u32, + msg: *mut u8, + private_key: *mut u8, + nonce: *mut u8, + ) -> bool; + } + extern "C" { + #[doc = "Create an ECDSA signature using SHA2-384.\n\nThe function returns `true` for successful creation of an ECDSA signature and `false` otherwise.\n\nThe outparam `signature` (R || S) points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe argument `msg` points to `msg_len` bytes of valid memory, i.e., uint8_t[msg_len].\nThe arguments `private_key` and `nonce` point to 32 bytes of valid memory, i.e., uint8_t[32].\n\nThe function also checks whether `private_key` and `nonce` are valid:\n• 0 < `private_key` < the order of the curve\n• 0 < `nonce` < the order of the curve"] + pub fn Hacl_P256_ecdsa_sign_p256_sha384( + signature: *mut u8, + msg_len: u32, + msg: *mut u8, + private_key: *mut u8, + nonce: *mut u8, + ) -> bool; + } + extern "C" { + #[doc = "Create an ECDSA signature using SHA2-512.\n\nThe function returns `true` for successful creation of an ECDSA signature and `false` otherwise.\n\nThe outparam `signature` (R || S) points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe argument `msg` points to `msg_len` bytes of valid memory, i.e., uint8_t[msg_len].\nThe arguments `private_key` and `nonce` point to 32 bytes of valid memory, i.e., uint8_t[32].\n\nThe function also checks whether `private_key` and `nonce` are valid:\n• 0 < `private_key` < the order of the curve\n• 0 < `nonce` < the order of the curve"] + pub fn Hacl_P256_ecdsa_sign_p256_sha512( + signature: *mut u8, + msg_len: u32, + msg: *mut u8, + private_key: *mut u8, + nonce: *mut u8, + ) -> bool; + } + extern "C" { + #[doc = "Create an ECDSA signature WITHOUT hashing first.\n\nThis function is intended to receive a hash of the input.\nFor convenience, we recommend using one of the hash-and-sign combined functions above.\n\nThe argument `msg` MUST be at least 32 bytes (i.e. `msg_len >= 32`).\n\nNOTE: The equivalent functions in OpenSSL and Fiat-Crypto both accept inputs\nsmaller than 32 bytes. These libraries left-pad the input with enough zeroes to\nreach the minimum 32 byte size. Clients who need behavior identical to OpenSSL\nneed to perform the left-padding themselves.\n\nThe function returns `true` for successful creation of an ECDSA signature and `false` otherwise.\n\nThe outparam `signature` (R || S) points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe argument `msg` points to `msg_len` bytes of valid memory, i.e., uint8_t[msg_len].\nThe arguments `private_key` and `nonce` point to 32 bytes of valid memory, i.e., uint8_t[32].\n\nThe function also checks whether `private_key` and `nonce` are valid values:\n• 0 < `private_key` < the order of the curve\n• 0 < `nonce` < the order of the curve"] + pub fn Hacl_P256_ecdsa_sign_p256_without_hash( + signature: *mut u8, + msg_len: u32, + msg: *mut u8, + private_key: *mut u8, + nonce: *mut u8, + ) -> bool; + } + extern "C" { + #[doc = "Verify an ECDSA signature using SHA2-256.\n\nThe function returns `true` if the signature is valid and `false` otherwise.\n\nThe argument `msg` points to `msg_len` bytes of valid memory, i.e., uint8_t[msg_len].\nThe argument `public_key` (x || y) points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe arguments `signature_r` and `signature_s` point to 32 bytes of valid memory, i.e., uint8_t[32].\n\nThe function also checks whether `public_key` is valid"] + pub fn Hacl_P256_ecdsa_verif_p256_sha2( + msg_len: u32, + msg: *mut u8, + public_key: *mut u8, + signature_r: *mut u8, + signature_s: *mut u8, + ) -> bool; + } + extern "C" { + #[doc = "Verify an ECDSA signature using SHA2-384.\n\nThe function returns `true` if the signature is valid and `false` otherwise.\n\nThe argument `msg` points to `msg_len` bytes of valid memory, i.e., uint8_t[msg_len].\nThe argument `public_key` (x || y) points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe arguments `signature_r` and `signature_s` point to 32 bytes of valid memory, i.e., uint8_t[32].\n\nThe function also checks whether `public_key` is valid"] + pub fn Hacl_P256_ecdsa_verif_p256_sha384( + msg_len: u32, + msg: *mut u8, + public_key: *mut u8, + signature_r: *mut u8, + signature_s: *mut u8, + ) -> bool; + } + extern "C" { + #[doc = "Verify an ECDSA signature using SHA2-512.\n\nThe function returns `true` if the signature is valid and `false` otherwise.\n\nThe argument `msg` points to `msg_len` bytes of valid memory, i.e., uint8_t[msg_len].\nThe argument `public_key` (x || y) points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe arguments `signature_r` and `signature_s` point to 32 bytes of valid memory, i.e., uint8_t[32].\n\nThe function also checks whether `public_key` is valid"] + pub fn Hacl_P256_ecdsa_verif_p256_sha512( + msg_len: u32, + msg: *mut u8, + public_key: *mut u8, + signature_r: *mut u8, + signature_s: *mut u8, + ) -> bool; + } + extern "C" { + #[doc = "Verify an ECDSA signature WITHOUT hashing first.\n\nThis function is intended to receive a hash of the input.\nFor convenience, we recommend using one of the hash-and-verify combined functions above.\n\nThe argument `msg` MUST be at least 32 bytes (i.e. `msg_len >= 32`).\n\nThe function returns `true` if the signature is valid and `false` otherwise.\n\nThe argument `msg` points to `msg_len` bytes of valid memory, i.e., uint8_t[msg_len].\nThe argument `public_key` (x || y) points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe arguments `signature_r` and `signature_s` point to 32 bytes of valid memory, i.e., uint8_t[32].\n\nThe function also checks whether `public_key` is valid"] + pub fn Hacl_P256_ecdsa_verif_without_hash( + msg_len: u32, + msg: *mut u8, + public_key: *mut u8, + signature_r: *mut u8, + signature_s: *mut u8, + ) -> bool; + } + extern "C" { + #[doc = "Public key validation.\n\nThe function returns `true` if a public key is valid and `false` otherwise.\n\nThe argument `public_key` points to 64 bytes of valid memory, i.e., uint8_t[64].\n\nThe public key (x || y) is valid (with respect to SP 800-56A):\n• the public key is not the “point at infinity”, represented as O.\n• the affine x and y coordinates of the point represented by the public key are\nin the range [0, p – 1] where p is the prime defining the finite field.\n• y^2 = x^3 + ax + b where a and b are the coefficients of the curve equation.\nThe last extract is taken from: https://neilmadden.blog/2017/05/17/so-how-do-you-validate-nist-ecdh-public-keys/"] + pub fn Hacl_P256_validate_public_key(public_key: *mut u8) -> bool; + } + extern "C" { + #[doc = "Private key validation.\n\nThe function returns `true` if a private key is valid and `false` otherwise.\n\nThe argument `private_key` points to 32 bytes of valid memory, i.e., uint8_t[32].\n\nThe private key is valid:\n• 0 < `private_key` < the order of the curve"] + pub fn Hacl_P256_validate_private_key(private_key: *mut u8) -> bool; + } + extern "C" { + #[doc = "Convert a public key from uncompressed to its raw form.\n\nThe function returns `true` for successful conversion of a public key and `false` otherwise.\n\nThe outparam `pk_raw` points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe argument `pk` points to 65 bytes of valid memory, i.e., uint8_t[65].\n\nThe function DOESN'T check whether (x, y) is a valid point."] + pub fn Hacl_P256_uncompressed_to_raw(pk: *mut u8, pk_raw: *mut u8) -> bool; + } + extern "C" { + #[doc = "Convert a public key from compressed to its raw form.\n\nThe function returns `true` for successful conversion of a public key and `false` otherwise.\n\nThe outparam `pk_raw` points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe argument `pk` points to 33 bytes of valid memory, i.e., uint8_t[33].\n\nThe function also checks whether (x, y) is a valid point."] + pub fn Hacl_P256_compressed_to_raw(pk: *mut u8, pk_raw: *mut u8) -> bool; + } + extern "C" { + #[doc = "Convert a public key from raw to its uncompressed form.\n\nThe outparam `pk` points to 65 bytes of valid memory, i.e., uint8_t[65].\nThe argument `pk_raw` points to 64 bytes of valid memory, i.e., uint8_t[64].\n\nThe function DOESN'T check whether (x, y) is a valid point."] + pub fn Hacl_P256_raw_to_uncompressed(pk_raw: *mut u8, pk: *mut u8); + } + extern "C" { + #[doc = "Convert a public key from raw to its compressed form.\n\nThe outparam `pk` points to 33 bytes of valid memory, i.e., uint8_t[33].\nThe argument `pk_raw` points to 64 bytes of valid memory, i.e., uint8_t[64].\n\nThe function DOESN'T check whether (x, y) is a valid point."] + pub fn Hacl_P256_raw_to_compressed(pk_raw: *mut u8, pk: *mut u8); + } + extern "C" { + #[doc = "Compute the public key from the private key.\n\nThe function returns `true` if a private key is valid and `false` otherwise.\n\nThe outparam `public_key` points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe argument `private_key` points to 32 bytes of valid memory, i.e., uint8_t[32].\n\nThe private key is valid:\n• 0 < `private_key` < the order of the curve."] + pub fn Hacl_P256_dh_initiator(public_key: *mut u8, private_key: *mut u8) -> bool; + } + extern "C" { + #[doc = "Execute the diffie-hellmann key exchange.\n\nThe function returns `true` for successful creation of an ECDH shared secret and\n`false` otherwise.\n\nThe outparam `shared_secret` points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe argument `their_pubkey` points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe argument `private_key` points to 32 bytes of valid memory, i.e., uint8_t[32].\n\nThe function also checks whether `private_key` and `their_pubkey` are valid."] + pub fn Hacl_P256_dh_responder( + shared_secret: *mut u8, + their_pubkey: *mut u8, + private_key: *mut u8, + ) -> bool; + } + pub type uint32x4_t = [u32; 4usize]; + pub type Lib_IntVector_Intrinsics_vec128 = uint32x4_t; + extern "C" { + #[doc = "Encrypt a message `m` with key `k`.\n\nThe arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption.\nNote: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory.\n\n@param k Pointer to 32 bytes of memory where the AEAD key is read from.\n@param n Pointer to 12 bytes of memory where the AEAD nonce is read from.\n@param aadlen Length of the associated data.\n@param aad Pointer to `aadlen` bytes of memory where the associated data is read from.\n\n@param mlen Length of the message.\n@param m Pointer to `mlen` bytes of memory where the message is read from.\n@param cipher Pointer to `mlen` bytes of memory where the ciphertext is written to.\n@param mac Pointer to 16 bytes of memory where the mac is written to."] + pub fn Hacl_Chacha20Poly1305_128_aead_encrypt( + k: *mut u8, + n: *mut u8, + aadlen: u32, + aad: *mut u8, + mlen: u32, + m: *mut u8, + cipher: *mut u8, + mac: *mut u8, + ); + } + extern "C" { + #[doc = "Decrypt a ciphertext `cipher` with key `k`.\n\nThe arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption.\nNote: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory.\n\nIf decryption succeeds, the resulting plaintext is stored in `m` and the function returns the success code 0.\nIf decryption fails, the array `m` remains unchanged and the function returns the error code 1.\n\n@param k Pointer to 32 bytes of memory where the AEAD key is read from.\n@param n Pointer to 12 bytes of memory where the AEAD nonce is read from.\n@param aadlen Length of the associated data.\n@param aad Pointer to `aadlen` bytes of memory where the associated data is read from.\n\n@param mlen Length of the ciphertext.\n@param m Pointer to `mlen` bytes of memory where the message is written to.\n@param cipher Pointer to `mlen` bytes of memory where the ciphertext is read from.\n@param mac Pointer to 16 bytes of memory where the mac is read from.\n\n@returns 0 on succeess; 1 on failure."] + pub fn Hacl_Chacha20Poly1305_128_aead_decrypt( + k: *mut u8, + n: *mut u8, + aadlen: u32, + aad: *mut u8, + mlen: u32, + m: *mut u8, + cipher: *mut u8, + mac: *mut u8, + ) -> u32; + } + extern "C" { + pub fn Hacl_Blake2s_128_blake2s_init( + hash: *mut Lib_IntVector_Intrinsics_vec128, + kk: u32, + nn: u32, + ); + } + extern "C" { + pub fn Hacl_Blake2s_128_blake2s_update_key( + wv: *mut Lib_IntVector_Intrinsics_vec128, + hash: *mut Lib_IntVector_Intrinsics_vec128, + kk: u32, + k: *mut u8, + ll: u32, + ); + } + extern "C" { + pub fn Hacl_Blake2s_128_blake2s_update_multi( + len: u32, + wv: *mut Lib_IntVector_Intrinsics_vec128, + hash: *mut Lib_IntVector_Intrinsics_vec128, + prev: u64, + blocks: *mut u8, + nb: u32, + ); + } + extern "C" { + pub fn Hacl_Blake2s_128_blake2s_update_last( + len: u32, + wv: *mut Lib_IntVector_Intrinsics_vec128, + hash: *mut Lib_IntVector_Intrinsics_vec128, + prev: u64, + rem: u32, + d: *mut u8, + ); + } + extern "C" { + pub fn Hacl_Blake2s_128_blake2s_finish( + nn: u32, + output: *mut u8, + hash: *mut Lib_IntVector_Intrinsics_vec128, + ); + } + extern "C" { + #[doc = "Write the BLAKE2s digest of message `d` using key `k` into `output`.\n\n@param nn Length of to-be-generated digest with 1 <= `nn` <= 32.\n@param output Pointer to `nn` bytes of memory where the digest is written to.\n@param ll Length of the input message.\n@param d Pointer to `ll` bytes of memory where the input message is read from.\n@param kk Length of the key. Can be 0.\n@param k Pointer to `kk` bytes of memory where the key is read from."] + pub fn Hacl_Blake2s_128_blake2s( + nn: u32, + output: *mut u8, + ll: u32, + d: *mut u8, + kk: u32, + k: *mut u8, + ); + } + extern "C" { + pub fn Hacl_Blake2s_128_store_state128s_to_state32( + st32: *mut u32, + st: *mut Lib_IntVector_Intrinsics_vec128, + ); + } + extern "C" { + pub fn Hacl_Blake2s_128_load_state128s_from_state32( + st: *mut Lib_IntVector_Intrinsics_vec128, + st32: *mut u32, + ); + } + extern "C" { + pub fn Hacl_Blake2s_128_blake2s_malloc() -> *mut Lib_IntVector_Intrinsics_vec128; + } +} + pub use bindings::*; #[cfg(test)] diff --git a/sys/hacl/wasm.sh b/sys/hacl/wasm.sh new file mode 100755 index 000000000..6c986f381 --- /dev/null +++ b/sys/hacl/wasm.sh @@ -0,0 +1,40 @@ +# A helper script to build the sys crate for wasm and run tests for wasm. +# Note that this requires an emscripten toolchain to be present and in the +# path https://emscripten.org/. + +#!/bin/bash + +show_help() { + echo " + WASM helper for the HACL sys crate. + The C code is built with emscripten to get a correct C ABI. + Note however that this intended to be used with a wasm32-unknown-unknown + target, not wasm32-unknown-emscripten. + + Usage: ./wasm.sh [--build|--test] + --build build for wasm + --test test with wasm for node +" +} + +all_args=("$@") +while [ $# -gt 0 ]; do + case "$1" in + --build) + CC=emcc AR=emar cargo build --target=wasm32-unknown-unknown + exit 0 + ;; + --test) + CC=emcc AR=emar wasm-pack test --node + exit 0 + ;; + *) + show_help + exit 2 + ;; + esac + shift +done + +show_help +exit 2 diff --git a/sys/platform/.gitignore b/sys/platform/.gitignore new file mode 100644 index 000000000..2c96eb1b6 --- /dev/null +++ b/sys/platform/.gitignore @@ -0,0 +1,2 @@ +target/ +Cargo.lock diff --git a/sys/pqclean/src/bindings.rs b/sys/pqclean/src/bindings.rs index 636875539..69f066c68 100644 --- a/sys/pqclean/src/bindings.rs +++ b/sys/pqclean/src/bindings.rs @@ -40,123 +40,3 @@ pub struct sha3_384incctx { pub struct sha3_512incctx { pub ctx: *mut u64, } -extern "C" { - pub fn shake128_absorb(state: *mut shake128ctx, input: *const u8, inlen: usize); -} -extern "C" { - pub fn shake128_squeezeblocks(output: *mut u8, nblocks: usize, state: *mut shake128ctx); -} -extern "C" { - pub fn shake128_ctx_release(state: *mut shake128ctx); -} -extern "C" { - pub fn shake128_ctx_clone(dest: *mut shake128ctx, src: *const shake128ctx); -} -extern "C" { - pub fn shake128_inc_init(state: *mut shake128incctx); -} -extern "C" { - pub fn shake128_inc_absorb(state: *mut shake128incctx, input: *const u8, inlen: usize); -} -extern "C" { - pub fn shake128_inc_finalize(state: *mut shake128incctx); -} -extern "C" { - pub fn shake128_inc_squeeze(output: *mut u8, outlen: usize, state: *mut shake128incctx); -} -extern "C" { - pub fn shake128_inc_ctx_clone(dest: *mut shake128incctx, src: *const shake128incctx); -} -extern "C" { - pub fn shake128_inc_ctx_release(state: *mut shake128incctx); -} -extern "C" { - pub fn shake256_absorb(state: *mut shake256ctx, input: *const u8, inlen: usize); -} -extern "C" { - pub fn shake256_squeezeblocks(output: *mut u8, nblocks: usize, state: *mut shake256ctx); -} -extern "C" { - pub fn shake256_ctx_release(state: *mut shake256ctx); -} -extern "C" { - pub fn shake256_ctx_clone(dest: *mut shake256ctx, src: *const shake256ctx); -} -extern "C" { - pub fn shake256_inc_init(state: *mut shake256incctx); -} -extern "C" { - pub fn shake256_inc_absorb(state: *mut shake256incctx, input: *const u8, inlen: usize); -} -extern "C" { - pub fn shake256_inc_finalize(state: *mut shake256incctx); -} -extern "C" { - pub fn shake256_inc_squeeze(output: *mut u8, outlen: usize, state: *mut shake256incctx); -} -extern "C" { - pub fn shake256_inc_ctx_clone(dest: *mut shake256incctx, src: *const shake256incctx); -} -extern "C" { - pub fn shake256_inc_ctx_release(state: *mut shake256incctx); -} -extern "C" { - pub fn shake128(output: *mut u8, outlen: usize, input: *const u8, inlen: usize); -} -extern "C" { - pub fn shake256(output: *mut u8, outlen: usize, input: *const u8, inlen: usize); -} -extern "C" { - pub fn sha3_256_inc_init(state: *mut sha3_256incctx); -} -extern "C" { - pub fn sha3_256_inc_absorb(state: *mut sha3_256incctx, input: *const u8, inlen: usize); -} -extern "C" { - pub fn sha3_256_inc_finalize(output: *mut u8, state: *mut sha3_256incctx); -} -extern "C" { - pub fn sha3_256_inc_ctx_clone(dest: *mut sha3_256incctx, src: *const sha3_256incctx); -} -extern "C" { - pub fn sha3_256_inc_ctx_release(state: *mut sha3_256incctx); -} -extern "C" { - pub fn sha3_256(output: *mut u8, input: *const u8, inlen: usize); -} -extern "C" { - pub fn sha3_384_inc_init(state: *mut sha3_384incctx); -} -extern "C" { - pub fn sha3_384_inc_absorb(state: *mut sha3_384incctx, input: *const u8, inlen: usize); -} -extern "C" { - pub fn sha3_384_inc_finalize(output: *mut u8, state: *mut sha3_384incctx); -} -extern "C" { - pub fn sha3_384_inc_ctx_clone(dest: *mut sha3_384incctx, src: *const sha3_384incctx); -} -extern "C" { - pub fn sha3_384_inc_ctx_release(state: *mut sha3_384incctx); -} -extern "C" { - pub fn sha3_384(output: *mut u8, input: *const u8, inlen: usize); -} -extern "C" { - pub fn sha3_512_inc_init(state: *mut sha3_512incctx); -} -extern "C" { - pub fn sha3_512_inc_absorb(state: *mut sha3_512incctx, input: *const u8, inlen: usize); -} -extern "C" { - pub fn sha3_512_inc_finalize(output: *mut u8, state: *mut sha3_512incctx); -} -extern "C" { - pub fn sha3_512_inc_ctx_clone(dest: *mut sha3_512incctx, src: *const sha3_512incctx); -} -extern "C" { - pub fn sha3_512_inc_ctx_release(state: *mut sha3_512incctx); -} -extern "C" { - pub fn sha3_512(output: *mut u8, input: *const u8, inlen: usize); -} diff --git a/tests/aesgcm.rs b/tests/aesgcm.rs index 17f674974..59c0b2dc3 100644 --- a/tests/aesgcm.rs +++ b/tests/aesgcm.rs @@ -1,11 +1,15 @@ +#[cfg(not(target_arch = "wasm32"))] +use libcrux::drbg; +#[cfg(target_arch = "wasm32")] +use rand_core::OsRng; + use libcrux::{ aead::{ decrypt, encrypt, Aes128Key, Aes256Key, Algorithm::{Aes128Gcm, Aes256Gcm}, Error, Iv, Key, }, - aes_ni_support, digest, - drbg::Drbg, + aes_ni_support, }; #[test] @@ -67,9 +71,13 @@ fn aesgcm_self_test_rand() { let mut msg = orig_msg.clone(); let aad = b"associated data" as &[u8]; - let mut drbg = Drbg::new(digest::Algorithm::Sha256).unwrap(); - let key = Key::generate(Aes256Gcm, &mut drbg); - let iv = Iv::generate(&mut drbg); + #[cfg(not(target_arch = "wasm32"))] + let mut rng = drbg::Drbg::new(libcrux::digest::Algorithm::Sha256).unwrap(); + #[cfg(target_arch = "wasm32")] + let mut rng = OsRng; + + let key = Key::generate(Aes256Gcm, &mut rng); + let iv = Iv::generate(&mut rng); let iv2 = Iv(iv.0); let tag = match encrypt(&key, &mut msg, iv, aad) { @@ -87,9 +95,9 @@ fn aesgcm_self_test_rand() { assert_eq!(orig_msg, &msg); - let iv = Iv::generate(&mut drbg); + let iv = Iv::generate(&mut rng); let iv2 = Iv(iv.0); - let key = Key::generate(Aes128Gcm, &mut drbg); + let key = Key::generate(Aes128Gcm, &mut rng); let tag = encrypt(&key, &mut msg, iv, aad).unwrap(); assert!(decrypt(&key, &mut msg, iv2, aad, &tag).is_ok()); diff --git a/tests/bls12.rs b/tests/bls12.rs index 92d34c9f5..faa4eddac 100644 --- a/tests/bls12.rs +++ b/tests/bls12.rs @@ -1,325 +1,328 @@ -use libcrux::bls12::{ - bls12_add, bls12_from_montgomery, bls12_mul, bls12_opp, bls12_square, bls12_sub, - bls12_to_montgomery, felem_as_words, Fp2_add, Fp2_sub, -}; +#[cfg(not(target_arch = "wasm32"))] +mod bls12_test { + use libcrux::bls12::{ + bls12_add, bls12_from_montgomery, bls12_mul, bls12_opp, bls12_square, bls12_sub, + bls12_to_montgomery, felem_as_words, Fp2_add, Fp2_sub, + }; -#[test] -fn addition() { - let mut a: felem_as_words = [ - 11671922859260663127, - 11050707557586042878, - 284884720401305268, - 17749945728364010941, - 8613774818643959860, - 145621051382923523, - ]; - let mut b: felem_as_words = [ - 9794203289623549276, - 7309342082925068282, - 1139538881605221074, - 15659550692327388916, - 16008355200866287827, - 582484205531694093, - ]; - let mut out: felem_as_words = [0, 0, 0, 0, 0, 0]; - bls12_add(&mut out, &mut a, &mut b); - assert_eq!( - out, - [ - 3019382075174660787, - 18360049640511111161, - 1424423602006526342, - 14962752346981848241, - 6175385945800696072, - 728105256914617617 - ] - ); -} + #[test] + fn addition() { + let mut a: felem_as_words = [ + 11671922859260663127, + 11050707557586042878, + 284884720401305268, + 17749945728364010941, + 8613774818643959860, + 145621051382923523, + ]; + let mut b: felem_as_words = [ + 9794203289623549276, + 7309342082925068282, + 1139538881605221074, + 15659550692327388916, + 16008355200866287827, + 582484205531694093, + ]; + let mut out: felem_as_words = [0, 0, 0, 0, 0, 0]; + bls12_add(&mut out, &mut a, &mut b); + assert_eq!( + out, + [ + 3019382075174660787, + 18360049640511111161, + 1424423602006526342, + 14962752346981848241, + 6175385945800696072, + 728105256914617617 + ] + ); + } -#[test] -fn sub() { - let mut a: felem_as_words = [ - 11671922859260663127, - 11050707557586042878, - 284884720401305268, - 17749945728364010941, - 8613774818643959860, - 145621051382923523, - ]; - let mut b: felem_as_words = [ - 9794203289623549276, - 7309342082925068282, - 1139538881605221074, - 15659550692327388916, - 16008355200866287827, - 582484205531694093, - ]; - let mut out: felem_as_words = [0, 0, 0, 0, 0, 0]; - bls12_sub(&mut out, &mut b, &mut a); - assert_eq!( - out, - [ - 16569024504072437765, - 14705378599048577019, - 854654161203915805, - 16356349037672929591, - 7394580382222327966, - 436863154148770570 - ] - ); -} + #[test] + fn sub() { + let mut a: felem_as_words = [ + 11671922859260663127, + 11050707557586042878, + 284884720401305268, + 17749945728364010941, + 8613774818643959860, + 145621051382923523, + ]; + let mut b: felem_as_words = [ + 9794203289623549276, + 7309342082925068282, + 1139538881605221074, + 15659550692327388916, + 16008355200866287827, + 582484205531694093, + ]; + let mut out: felem_as_words = [0, 0, 0, 0, 0, 0]; + bls12_sub(&mut out, &mut b, &mut a); + assert_eq!( + out, + [ + 16569024504072437765, + 14705378599048577019, + 854654161203915805, + 16356349037672929591, + 7394580382222327966, + 436863154148770570 + ] + ); + } -#[test] -fn mul() { - let mut a: felem_as_words = [ - 11671922859260663127, - 11050707557586042878, - 284884720401305268, - 17749945728364010941, - 8613774818643959860, - 145621051382923523, - ]; - let mut b: felem_as_words = [ - 9794203289623549276, - 7309342082925068282, - 1139538881605221074, - 15659550692327388916, - 16008355200866287827, - 582484205531694093, - ]; - let mut out: felem_as_words = [0, 0, 0, 0, 0, 0]; - bls12_mul(&mut out, &mut b, &mut a); - assert_eq!( - out, - [ - 8505329371266088957, - 17002214543764226050, - 6865905132761471162, - 8632934651105793861, - 6631298214892334189, - 1582556514881692819 - ] - ); -} + #[test] + fn mul() { + let mut a: felem_as_words = [ + 11671922859260663127, + 11050707557586042878, + 284884720401305268, + 17749945728364010941, + 8613774818643959860, + 145621051382923523, + ]; + let mut b: felem_as_words = [ + 9794203289623549276, + 7309342082925068282, + 1139538881605221074, + 15659550692327388916, + 16008355200866287827, + 582484205531694093, + ]; + let mut out: felem_as_words = [0, 0, 0, 0, 0, 0]; + bls12_mul(&mut out, &mut b, &mut a); + assert_eq!( + out, + [ + 8505329371266088957, + 17002214543764226050, + 6865905132761471162, + 8632934651105793861, + 6631298214892334189, + 1582556514881692819 + ] + ); + } -#[test] -fn square() { - let mut b: felem_as_words = [ - 9794203289623549276, - 7309342082925068282, - 1139538881605221074, - 15659550692327388916, - 16008355200866287827, - 582484205531694093, - ]; - let mut out: felem_as_words = [0, 0, 0, 0, 0, 0]; - bls12_square(&mut out, &mut b); - assert_eq!( - out, - [ - 12260768510540316659, - 6038201419376623626, - 5156596810353639551, - 12813724723179037911, - 10288881524157229871, - 708830206584151678 - ] - ); -} + #[test] + fn square() { + let mut b: felem_as_words = [ + 9794203289623549276, + 7309342082925068282, + 1139538881605221074, + 15659550692327388916, + 16008355200866287827, + 582484205531694093, + ]; + let mut out: felem_as_words = [0, 0, 0, 0, 0, 0]; + bls12_square(&mut out, &mut b); + assert_eq!( + out, + [ + 12260768510540316659, + 6038201419376623626, + 5156596810353639551, + 12813724723179037911, + 10288881524157229871, + 708830206584151678 + ] + ); + } -#[test] -fn opp() { - let mut b: felem_as_words = [ - 9794203289623549276, - 7309342082925068282, - 1139538881605221074, - 15659550692327388916, - 16008355200866287827, - 582484205531694093, - ]; - let mut out: felem_as_words = [0, 0, 0, 0, 0, 0]; - bls12_opp(&mut out, &mut b); - assert_eq!( - out, - [ - 3608227726454314319, - 13347543502301691909, - 6296135691958860625, - 10026531341796875211, - 7850492651313966083, - 1291314412115845772 - ] - ); -} + #[test] + fn opp() { + let mut b: felem_as_words = [ + 9794203289623549276, + 7309342082925068282, + 1139538881605221074, + 15659550692327388916, + 16008355200866287827, + 582484205531694093, + ]; + let mut out: felem_as_words = [0, 0, 0, 0, 0, 0]; + bls12_opp(&mut out, &mut b); + assert_eq!( + out, + [ + 3608227726454314319, + 13347543502301691909, + 6296135691958860625, + 10026531341796875211, + 7850492651313966083, + 1291314412115845772 + ] + ); + } -#[test] -fn to_montgomery() { - let mut b: felem_as_words = [ - 9794203289623549276, - 7309342082925068282, - 1139538881605221074, - 15659550692327388916, - 16008355200866287827, - 582484205531694093, - ]; - let mut out: felem_as_words = [0, 0, 0, 0, 0, 0]; - bls12_to_montgomery(&mut out, &mut b); - assert_eq!( - out, - [ - 9961893758399620810, - 2912195846164837915, - 12868779101874716318, - 17948961859856965117, - 7008958234625322835, - 1211754212739384799 - ] - ); -} + #[test] + fn to_montgomery() { + let mut b: felem_as_words = [ + 9794203289623549276, + 7309342082925068282, + 1139538881605221074, + 15659550692327388916, + 16008355200866287827, + 582484205531694093, + ]; + let mut out: felem_as_words = [0, 0, 0, 0, 0, 0]; + bls12_to_montgomery(&mut out, &mut b); + assert_eq!( + out, + [ + 9961893758399620810, + 2912195846164837915, + 12868779101874716318, + 17948961859856965117, + 7008958234625322835, + 1211754212739384799 + ] + ); + } -#[test] -fn from_montgomery() { - let mut b: felem_as_words = [ - 9794203289623549276, - 7309342082925068282, - 1139538881605221074, - 15659550692327388916, - 16008355200866287827, - 582484205531694093, - ]; - let mut out: felem_as_words = [0, 0, 0, 0, 0, 0]; - bls12_from_montgomery(&mut out, &mut b); - assert_eq!( - out, - [ - 13402431016077863593, - 2210141511517208575, - 7435674573564081700, - 7239337960414712511, - 5412103778470702295, - 1873798617647539866 - ] - ); -} + #[test] + fn from_montgomery() { + let mut b: felem_as_words = [ + 9794203289623549276, + 7309342082925068282, + 1139538881605221074, + 15659550692327388916, + 16008355200866287827, + 582484205531694093, + ]; + let mut out: felem_as_words = [0, 0, 0, 0, 0, 0]; + bls12_from_montgomery(&mut out, &mut b); + assert_eq!( + out, + [ + 13402431016077863593, + 2210141511517208575, + 7435674573564081700, + 7239337960414712511, + 5412103778470702295, + 1873798617647539866 + ] + ); + } -#[test] -fn fp2_add() { - let mut ar: felem_as_words = [ - 9000203289623549276, - 7000342082925068282, - 1000538881605221074, - 10009550692327388916, - 10008355200866287827, - 500084205531694093, - ]; - let mut ai: felem_as_words = [ - 9794203289623549276, - 7309342082925068282, - 1139538881605221074, - 15659550692327388916, - 16008355200866287827, - 582484205531694093, - ]; - let mut br: felem_as_words = [ - 11671922859260663127, - 11050707557586042878, - 284884720401305268, - 17749945728364010941, - 8613774818643959860, - 145621051382923523, - ]; - let mut bi: felem_as_words = [ - 10001922859260663127, - 10000707557586042878, - 200084720401305268, - 10009945728364010941, - 8000774818643959860, - 100021051382923523, - ]; - let mut outr: felem_as_words = [0, 0, 0, 0, 0, 0]; - let mut outi: felem_as_words = [0, 0, 0, 0, 0, 0]; - Fp2_add(&mut outr, &mut outi, &mut ar, &mut ai, &mut br, &mut bi); - assert_eq!( - outr, - [ - 2225382075174660787, - 18051049640511111161, - 1285423602006526342, - 9312752346981848241, - 175385945800696072, - 645705256914617617 - ] - ); - assert_eq!( - outi, - [ - 1349382075174660787, - 17310049640511111161, - 1339623602006526342, - 7222752346981848241, - 5562385945800696072, - 682505256914617617 - ] - ); -} + #[test] + fn fp2_add() { + let mut ar: felem_as_words = [ + 9000203289623549276, + 7000342082925068282, + 1000538881605221074, + 10009550692327388916, + 10008355200866287827, + 500084205531694093, + ]; + let mut ai: felem_as_words = [ + 9794203289623549276, + 7309342082925068282, + 1139538881605221074, + 15659550692327388916, + 16008355200866287827, + 582484205531694093, + ]; + let mut br: felem_as_words = [ + 11671922859260663127, + 11050707557586042878, + 284884720401305268, + 17749945728364010941, + 8613774818643959860, + 145621051382923523, + ]; + let mut bi: felem_as_words = [ + 10001922859260663127, + 10000707557586042878, + 200084720401305268, + 10009945728364010941, + 8000774818643959860, + 100021051382923523, + ]; + let mut outr: felem_as_words = [0, 0, 0, 0, 0, 0]; + let mut outi: felem_as_words = [0, 0, 0, 0, 0, 0]; + Fp2_add(&mut outr, &mut outi, &mut ar, &mut ai, &mut br, &mut bi); + assert_eq!( + outr, + [ + 2225382075174660787, + 18051049640511111161, + 1285423602006526342, + 9312752346981848241, + 175385945800696072, + 645705256914617617 + ] + ); + assert_eq!( + outi, + [ + 1349382075174660787, + 17310049640511111161, + 1339623602006526342, + 7222752346981848241, + 5562385945800696072, + 682505256914617617 + ] + ); + } -#[test] -fn fp2_sub() { - let mut ar: felem_as_words = [ - 9000203289623549276, - 7000342082925068282, - 1000538881605221074, - 10009550692327388916, - 10008355200866287827, - 500084205531694093, - ]; - let mut ai: felem_as_words = [ - 9794203289623549276, - 7309342082925068282, - 1139538881605221074, - 15659550692327388916, - 16008355200866287827, - 582484205531694093, - ]; - let mut br: felem_as_words = [ - 11671922859260663127, - 11050707557586042878, - 284884720401305268, - 17749945728364010941, - 8613774818643959860, - 145621051382923523, - ]; - let mut bi: felem_as_words = [ - 10001922859260663127, - 10000707557586042878, - 200084720401305268, - 10009945728364010941, - 8000774818643959860, - 100021051382923523, - ]; - let mut outr: felem_as_words = [0, 0, 0, 0, 0, 0]; - let mut outi: felem_as_words = [0, 0, 0, 0, 0, 0]; - Fp2_sub(&mut outr, &mut outi, &mut ar, &mut ai, &mut br, &mut bi); - assert_eq!( - outr, - [ - 15775024504072437765, - 14396378599048577019, - 715654161203915805, - 10706349037672929591, - 1394580382222327966, - 354463154148770570 - ] - ); - assert_eq!( - outi, - [ - 18239024504072437765, - 15755378599048577019, - 939454161203915805, - 5649604963963377975, - 8007580382222327967, - 482463154148770570 - ] - ); + #[test] + fn fp2_sub() { + let mut ar: felem_as_words = [ + 9000203289623549276, + 7000342082925068282, + 1000538881605221074, + 10009550692327388916, + 10008355200866287827, + 500084205531694093, + ]; + let mut ai: felem_as_words = [ + 9794203289623549276, + 7309342082925068282, + 1139538881605221074, + 15659550692327388916, + 16008355200866287827, + 582484205531694093, + ]; + let mut br: felem_as_words = [ + 11671922859260663127, + 11050707557586042878, + 284884720401305268, + 17749945728364010941, + 8613774818643959860, + 145621051382923523, + ]; + let mut bi: felem_as_words = [ + 10001922859260663127, + 10000707557586042878, + 200084720401305268, + 10009945728364010941, + 8000774818643959860, + 100021051382923523, + ]; + let mut outr: felem_as_words = [0, 0, 0, 0, 0, 0]; + let mut outi: felem_as_words = [0, 0, 0, 0, 0, 0]; + Fp2_sub(&mut outr, &mut outi, &mut ar, &mut ai, &mut br, &mut bi); + assert_eq!( + outr, + [ + 15775024504072437765, + 14396378599048577019, + 715654161203915805, + 10706349037672929591, + 1394580382222327966, + 354463154148770570 + ] + ); + assert_eq!( + outi, + [ + 18239024504072437765, + 15755378599048577019, + 939454161203915805, + 5649604963963377975, + 8007580382222327967, + 482463154148770570 + ] + ); + } } diff --git a/tests/chachapoly.rs b/tests/chachapoly.rs index fe5ef70c1..85c0e29fb 100644 --- a/tests/chachapoly.rs +++ b/tests/chachapoly.rs @@ -1,16 +1,21 @@ mod test_util; use test_util::*; +#[cfg(not(target_arch = "wasm32"))] +use libcrux::drbg; +#[cfg(target_arch = "wasm32")] +use rand_core::OsRng; + use libcrux::{ aead::{ self, decrypt, encrypt, Algorithm::{self, Chacha20Poly1305}, Chacha20Key, Error, Iv, Key, Tag, }, - aes_ni_support, digest, - drbg::Drbg, + aes_ni_support, }; +#[cfg_attr(target_arch = "wasm32", wasm_bindgen_test::wasm_bindgen_test)] #[test] fn chachapoly_self_test() { let _ = pretty_env_logger::try_init(); @@ -32,6 +37,7 @@ fn chachapoly_self_test() { assert_eq!(orig_msg, &msg); } +#[cfg_attr(target_arch = "wasm32", wasm_bindgen_test::wasm_bindgen_test)] #[test] fn chachapoly_self_test_rand() { let _ = pretty_env_logger::try_init(); @@ -40,9 +46,13 @@ fn chachapoly_self_test_rand() { let mut msg = orig_msg.clone(); let aad = b"associated data" as &[u8]; - let mut drbg = Drbg::new(digest::Algorithm::Sha256).unwrap(); - let key = Key::generate(Chacha20Poly1305, &mut drbg); - let iv = Iv::generate(&mut drbg); + #[cfg(not(target_arch = "wasm32"))] + let mut rng = drbg::Drbg::new(libcrux::digest::Algorithm::Sha256).unwrap(); + #[cfg(target_arch = "wasm32")] + let mut rng = OsRng; + + let key = Key::generate(Chacha20Poly1305, &mut rng); + let iv = Iv::generate(&mut rng); let iv2 = Iv(iv.0); let tag = encrypt(&key, &mut msg, iv, aad).unwrap(); diff --git a/tests/hpke_single_kat.rs b/tests/hpke_single_kat.rs index 80fec7992..da884f19b 100644 --- a/tests/hpke_single_kat.rs +++ b/tests/hpke_single_kat.rs @@ -6,6 +6,7 @@ use libcrux::hpke::kdf::KDF::*; use libcrux::hpke::kem::KEM::*; use libcrux::hpke::{Mode::*, *}; +#[cfg_attr(target_arch = "wasm32", wasm_bindgen_test::wasm_bindgen_test)] #[test] fn single_kat_base() { let _ = pretty_env_logger::try_init(); @@ -50,6 +51,7 @@ fn single_kat_base() { assert_eq!(ptxt, decrypted_ptxt); } +#[cfg_attr(target_arch = "wasm32", wasm_bindgen_test::wasm_bindgen_test)] #[test] fn single_kat_psk() { // A.2.2 @@ -104,6 +106,7 @@ fn single_kat_psk() { assert_eq!(ptxt, decrypted_ptxt); } +#[cfg_attr(target_arch = "wasm32", wasm_bindgen_test::wasm_bindgen_test)] #[test] fn single_kat_auth() { // A.2.3 @@ -158,6 +161,7 @@ fn single_kat_auth() { assert_eq!(ptxt, decrypted_ptxt); } +#[cfg_attr(target_arch = "wasm32", wasm_bindgen_test::wasm_bindgen_test)] #[test] fn single_kat_auth_psk() { // A.2.4 diff --git a/tests/p256.rs b/tests/p256.rs index a7149efb3..7cad2376d 100644 --- a/tests/p256.rs +++ b/tests/p256.rs @@ -1,11 +1,16 @@ -use libcrux::{ - drbg, - ecdh::{self, key_gen}, -}; +#[cfg(not(target_arch = "wasm32"))] +use libcrux::drbg; +#[cfg(target_arch = "wasm32")] +use rand_core::OsRng; +use libcrux::ecdh::{self, key_gen}; +#[cfg_attr(target_arch = "wasm32", wasm_bindgen_test::wasm_bindgen_test)] #[test] fn derive_rand() { + #[cfg(not(target_arch = "wasm32"))] let mut rng = drbg::Drbg::new(libcrux::digest::Algorithm::Sha256).unwrap(); + #[cfg(target_arch = "wasm32")] + let mut rng = OsRng; let (private_a, public_a) = key_gen(ecdh::Algorithm::P256, &mut rng).unwrap(); let (private_b, public_b) = key_gen(ecdh::Algorithm::P256, &mut rng).unwrap(); @@ -21,6 +26,7 @@ fn derive_rand() { assert_eq!(shared_a, shared_b); } +#[cfg_attr(target_arch = "wasm32", wasm_bindgen_test::wasm_bindgen_test)] #[test] fn derive() { let private_a = diff --git a/tests/sha2.rs b/tests/sha2.rs index 59b441d9e..02e5328d1 100644 --- a/tests/sha2.rs +++ b/tests/sha2.rs @@ -1,19 +1,21 @@ -use std::fmt::Write; - -fn bytes_to_hex(bytes: &[u8]) -> String { - let mut s = String::with_capacity(2 * bytes.len()); - for byte in bytes { - write!(s, "{:02x}", byte).unwrap(); - } - s -} +// XXX: The tests in here are failing in wasm for some reason. +// #[cfg_attr(target_arch = "wasm32", wasm_bindgen_test::wasm_bindgen_test)] #[test] -fn sha256_kat() { +fn sha256_kat_streaming() { let mut digest = libcrux::digest::Sha2_256::new(); digest.update(b"libcrux sha2 256 tests"); let d = digest.finish(); let expected = "8683520e19e5b33db33c8fb90918c0c96fcdfd9a17c695ce0f0ea2eaa0c95956"; - assert_eq!(bytes_to_hex(&d), expected); + assert_eq!(hex::encode(&d), expected); +} + +// #[cfg_attr(target_arch = "wasm32", wasm_bindgen_test::wasm_bindgen_test)] +#[test] +fn sha256_kat_oneshot() { + let d = libcrux::digest::sha2_256(b"libcrux sha2 256 tests"); + + let expected = "8683520e19e5b33db33c8fb90918c0c96fcdfd9a17c695ce0f0ea2eaa0c95956"; + assert_eq!(hex::encode(&d), expected); } diff --git a/tests/x25519.rs b/tests/x25519.rs index 1d152017c..36f5b857f 100644 --- a/tests/x25519.rs +++ b/tests/x25519.rs @@ -1,15 +1,22 @@ mod test_util; use test_util::*; -use libcrux::{ - drbg::Drbg, - ecdh::{self, key_gen, Algorithm, Error}, -}; +#[cfg(not(target_arch = "wasm32"))] +use libcrux::drbg; +#[cfg(target_arch = "wasm32")] +use rand_core::OsRng; +use libcrux::ecdh::{self, key_gen, Algorithm, Error}; + +#[cfg_attr(target_arch = "wasm32", wasm_bindgen_test::wasm_bindgen_test)] #[test] fn derive() { let _ = pretty_env_logger::try_init(); - let mut rng = Drbg::new(libcrux::digest::Algorithm::Sha256).unwrap(); + + #[cfg(not(target_arch = "wasm32"))] + let mut rng = drbg::Drbg::new(libcrux::digest::Algorithm::Sha256).unwrap(); + #[cfg(target_arch = "wasm32")] + let mut rng = OsRng; let (private_a, public_a) = key_gen(Algorithm::X25519, &mut rng).unwrap(); let (private_b, public_b) = key_gen(Algorithm::X25519, &mut rng).unwrap(); diff --git a/wasm-demo/hpke.html b/wasm-demo/hpke.html new file mode 100644 index 000000000..09a6973c6 --- /dev/null +++ b/wasm-demo/hpke.html @@ -0,0 +1,140 @@ + + + + + + + + + + + +
+
+

Sender

+
+ + + + + + + +
+
+
+

Receiver

+
+ +
+ + + + +
+ + + +
+ +
+ + +
+
+
+ + diff --git a/wasm-demo/index.html b/wasm-demo/index.html index ff8c500b9..8caafe97d 100644 --- a/wasm-demo/index.html +++ b/wasm-demo/index.html @@ -15,58 +15,14 @@ padding: 20px; } - - - - -
-
-

Hash Input

-
- -
- -
-
-

Sha256 Digest

- -
+
+

Demos

+
diff --git a/wasm-demo/sha256.html b/wasm-demo/sha256.html new file mode 100644 index 000000000..ff8c500b9 --- /dev/null +++ b/wasm-demo/sha256.html @@ -0,0 +1,72 @@ + + + + + + + + + + + +
+
+

Hash Input

+
+ +
+ +
+
+

Sha256 Digest

+ +
+
+ + From 88e34a781f6a501e7521877895d0f46242ce4c01 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Fri, 8 Sep 2023 15:13:07 +0200 Subject: [PATCH 06/17] attempt on ci --- .github/workflows/rust.yml | 88 +++++++++++++++++++++++++++++--------- 1 file changed, 68 insertions(+), 20 deletions(-) diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index 8f17fb8a5..b47ee53b2 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -2,46 +2,94 @@ name: Build & Test on: push: - branches: [ "main" ] + branches: ["main", "dev"] pull_request: - branches: [ "main" ] + branches: ["main", "dev"] + workflow_dispatch: env: CARGO_TERM_COLOR: always +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + jobs: build: strategy: fail-fast: false matrix: + bits: [32, 64] os: - macos-latest - ubuntu-latest - windows-latest + exclude: + - bits: 32 + os: "macos-latest" runs-on: ${{ matrix.os }} + defaults: + run: + shell: bash steps: + - uses: actions/checkout@v4 + + - run: echo "RUST_TARGET_FLAG=" > $GITHUB_ENV + if: ${{ matrix.bits == 64 }} + + # Set up 32 bit systems + + - name: Config Windows x86 + run: echo "RUST_TARGET_FLAG=--target=i686-pc-windows-msvc" > $GITHUB_ENV + if: ${{ matrix.bits == 32 && matrix.os == 'windows-latest' }} + + - name: Config Linux x86 + run: | + echo "RUST_TARGET_FLAG=--target=i686-unknown-linux-gnu" > $GITHUB_ENV + if: ${{ matrix.bits == 32 && matrix.os == 'ubuntu-latest' }} + + # Set up windows + + - name: Setup Windows x86 + if: ${{ matrix.os == 'windows-latest' }} + shell: pwsh + run: | + echo "VCPKG_ROOT=$env:VCPKG_INSTALLATION_ROOT" | Out-File -FilePath $env:GITHUB_ENV -Append + vcpkg install openssl:x86-windows-static-md - - name: Setup Ubuntu - if: matrix.os == 'ubuntu-latest' - run: sudo apt-get install ninja-build - - name: Setup MacOS - if: matrix.os == 'macos-latest' - run: brew install ninja - - name: Setup Windows - if: matrix.os == 'windows-latest' - run: | - echo "VCPKG_ROOT=$env:VCPKG_INSTALLATION_ROOT" | Out-File -FilePath $env:GITHUB_ENV -Append - vcpkg install openssl:x64-windows-static-md + - name: Setup Windows x64 + if: ${{ matrix.os == 'windows-latest' }} + shell: pwsh + run: | + echo "VCPKG_ROOT=$env:VCPKG_INSTALLATION_ROOT" | Out-File -FilePath $env:GITHUB_ENV -Append + vcpkg install openssl:x64-windows-static-md - - uses: actions/checkout@v3 + # Build ... - - name: Build - run: cargo build --verbose + - name: Build + run: cargo build --verbose $RUST_TARGET_FLAG - - name: Run tests - run: cargo test --verbose + - name: Build Release + run: cargo build --verbose --release $RUST_TARGET_FLAG - - name: Build sys/hacl - run: cargo build --target-dir sys/hacl --verbose + # Test ... + + - name: Test + run: cargo test --verbose $RUST_TARGET_FLAG + + - name: Test Release + run: cargo test --verbose --release $RUST_TARGET_FLAG + + - name: Build sys/hacl + working-directory: sys/hacl + run: cargo build --verbose $RUST_TARGET_FLAG + + wasm: + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v4 + - uses: mymindstorm/setup-emsdk@v11 + - run: CC=emcc AR=emar wasm-pack test --node --features wasm From 499f233e1e23e00b663bd513fd816882a87d4a59 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Sun, 10 Sep 2023 10:07:56 +0200 Subject: [PATCH 07/17] ci deps --- .github/workflows/rust.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index b47ee53b2..3fd0c8c20 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -39,6 +39,10 @@ jobs: - run: echo "RUST_TARGET_FLAG=" > $GITHUB_ENV if: ${{ matrix.bits == 64 }} + - name: Setup Ubuntu + if: matrix.os == 'ubuntu-latest' + run: rustup target add i686-unknown-linux-gnu + # Set up 32 bit systems - name: Config Windows x86 @@ -92,4 +96,10 @@ jobs: steps: - uses: actions/checkout@v4 - uses: mymindstorm/setup-emsdk@v11 + + - name: Setup + run: | + rustup target add wasm32-unknown-unknown + cargo install wasm-pack + - run: CC=emcc AR=emar wasm-pack test --node --features wasm From d32973c0c8dbca3c7c2121e4f935fe6a3a13ac6c Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Sun, 10 Sep 2023 12:19:59 +0200 Subject: [PATCH 08/17] fixups --- build.rs | 31 ++++++------ src/lib.rs | 3 +- sys/hacl/build.rs | 10 ++-- sys/hacl/src/bindings.rs | 105 +++------------------------------------ sys/pqclean/build.rs | 2 +- tests/hpke_kat.rs | 5 -- 6 files changed, 33 insertions(+), 123 deletions(-) diff --git a/build.rs b/build.rs index dc5572520..15275ba53 100644 --- a/build.rs +++ b/build.rs @@ -1,16 +1,19 @@ +use std::env; + fn main() { - // if libcrux_platform::simd128_support() { - // println!("cargo:rustc-cfg=simd128"); - // } - // if libcrux_platform::simd256_support() { - // println!("cargo:rustc-cfg=simd256"); - // } - // if libcrux_platform::bmi2_adx_support() { - // println!("cargo:rustc-cfg=bmi2"); - // println!("cargo:rustc-cfg=adx"); - // } - // #[cfg(any(target_arch = "x86", target_arch = "x86_64"))] - // if libcrux_platform::aes_ni_support() { - // println!("cargo:rustc-cfg=aes_ni"); - // } + let target_arch = env::var("CARGO_CFG_TARGET_ARCH").unwrap(); + + if libcrux_platform::simd128_support() && target_arch == "x86_64" { + println!("cargo:rustc-cfg=simd128"); + } + if libcrux_platform::simd256_support() && target_arch == "x86_64" { + println!("cargo:rustc-cfg=simd256"); + } + if libcrux_platform::bmi2_adx_support() { + println!("cargo:rustc-cfg=bmi2"); + println!("cargo:rustc-cfg=adx"); + } + if libcrux_platform::aes_ni_support() && target_arch == "x86_64" { + println!("cargo:rustc-cfg=aes_ni"); + } } diff --git a/src/lib.rs b/src/lib.rs index 8432491b0..d31e83d58 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -16,7 +16,8 @@ pub(crate) mod hacl; // libcrux pub mod aead; -#[cfg(not(target_arch ="wasm32"))] +// The BLS code requires a 64 bit system. +#[cfg(all(not(target_arch = "wasm32"), not(target_arch = "x86")))] pub mod bls12; pub mod digest; // XXX: Looks like the bindings are broken for drbg for some reason. diff --git a/sys/hacl/build.rs b/sys/hacl/build.rs index 232c905d9..9f7bfc847 100644 --- a/sys/hacl/build.rs +++ b/sys/hacl/build.rs @@ -185,7 +185,6 @@ fn compile_files( build.include(include); } build.opt_level(3); - // build.flag("--sysroot=/opt/homebrew/opt/llvm@12/Toolchains/LLVM12.0.1.xctoolchain/usr/"); if let Some(target) = platform.target { build.flag(&format!("--target={target}")); } @@ -323,6 +322,7 @@ fn build(platform: &Platform, home_path: &Path) { } compile_files( + platform, LIB_25519_NAME, &files_curve25519_64, &files_curve25519, @@ -367,6 +367,7 @@ fn build(platform: &Platform, home_path: &Path) { append_simd256_flags(&mut aesgcm_flags, false); append_aesgcm_flags(&mut aesgcm_flags); compile_files( + platform, LIB_VALE_AESGCM_NAME, &files_evercrypt, &files_aesgcm, @@ -421,11 +422,12 @@ fn main() { // Check platform support let platform = if target_arch != "wasm32" { + let x86 = target_arch == "x86"; Platform { - simd128: libcrux_platform::simd128_support(), - simd256: libcrux_platform::simd256_support(), + simd128: !x86 && libcrux_platform::simd128_support(), + simd256: !x86 && libcrux_platform::simd256_support(), aes_ni: libcrux_platform::aes_ni_support(), - x25519: libcrux_platform::x25519_support(), + x25519: !x86 && libcrux_platform::x25519_support(), bmi2_adx_support: libcrux_platform::bmi2_adx_support(), pmull: libcrux_platform::pmull_support(), adv_simd: libcrux_platform::adv_simd_support(), diff --git a/sys/hacl/src/bindings.rs b/sys/hacl/src/bindings.rs index c371d388b..2fa35ce13 100644 --- a/sys/hacl/src/bindings.rs +++ b/sys/hacl/src/bindings.rs @@ -18,7 +18,13 @@ pub const Hacl_Streaming_Types_Success: u32 = 0; pub const Hacl_Streaming_Types_InvalidAlgorithm: u32 = 1; pub const Hacl_Streaming_Types_InvalidLength: u32 = 2; pub const Hacl_Streaming_Types_MaximumLengthExceeded: u32 = 3; -pub type FStar_UInt128_uint128 = u128; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct FStar_UInt128_uint128_s { + pub low: u64, + pub high: u64, +} +pub type FStar_UInt128_uint128 = FStar_UInt128_uint128_s; extern "C" { #[doc = "Encrypt a message `m` with key `k`.\n\nThe arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption.\nNote: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory.\n\n@param k Pointer to 32 bytes of memory where the AEAD key is read from.\n@param n Pointer to 12 bytes of memory where the AEAD nonce is read from.\n@param aadlen Length of the associated data.\n@param aad Pointer to `aadlen` bytes of memory where the associated data is read from.\n\n@param mlen Length of the message.\n@param m Pointer to `mlen` bytes of memory where the message is read from.\n@param cipher Pointer to `mlen` bytes of memory where the ciphertext is written to.\n@param mac Pointer to 16 bytes of memory where the mac is written to."] pub fn Hacl_Chacha20Poly1305_32_aead_encrypt( @@ -737,100 +743,3 @@ extern "C" { private_key: *mut u8, ) -> bool; } -pub type uint32x4_t = [u32; 4usize]; -pub type Lib_IntVector_Intrinsics_vec128 = uint32x4_t; -extern "C" { - #[doc = "Encrypt a message `m` with key `k`.\n\nThe arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption.\nNote: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory.\n\n@param k Pointer to 32 bytes of memory where the AEAD key is read from.\n@param n Pointer to 12 bytes of memory where the AEAD nonce is read from.\n@param aadlen Length of the associated data.\n@param aad Pointer to `aadlen` bytes of memory where the associated data is read from.\n\n@param mlen Length of the message.\n@param m Pointer to `mlen` bytes of memory where the message is read from.\n@param cipher Pointer to `mlen` bytes of memory where the ciphertext is written to.\n@param mac Pointer to 16 bytes of memory where the mac is written to."] - pub fn Hacl_Chacha20Poly1305_128_aead_encrypt( - k: *mut u8, - n: *mut u8, - aadlen: u32, - aad: *mut u8, - mlen: u32, - m: *mut u8, - cipher: *mut u8, - mac: *mut u8, - ); -} -extern "C" { - #[doc = "Decrypt a ciphertext `cipher` with key `k`.\n\nThe arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption.\nNote: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory.\n\nIf decryption succeeds, the resulting plaintext is stored in `m` and the function returns the success code 0.\nIf decryption fails, the array `m` remains unchanged and the function returns the error code 1.\n\n@param k Pointer to 32 bytes of memory where the AEAD key is read from.\n@param n Pointer to 12 bytes of memory where the AEAD nonce is read from.\n@param aadlen Length of the associated data.\n@param aad Pointer to `aadlen` bytes of memory where the associated data is read from.\n\n@param mlen Length of the ciphertext.\n@param m Pointer to `mlen` bytes of memory where the message is written to.\n@param cipher Pointer to `mlen` bytes of memory where the ciphertext is read from.\n@param mac Pointer to 16 bytes of memory where the mac is read from.\n\n@returns 0 on succeess; 1 on failure."] - pub fn Hacl_Chacha20Poly1305_128_aead_decrypt( - k: *mut u8, - n: *mut u8, - aadlen: u32, - aad: *mut u8, - mlen: u32, - m: *mut u8, - cipher: *mut u8, - mac: *mut u8, - ) -> u32; -} -extern "C" { - pub fn Hacl_Blake2s_128_blake2s_init( - hash: *mut Lib_IntVector_Intrinsics_vec128, - kk: u32, - nn: u32, - ); -} -extern "C" { - pub fn Hacl_Blake2s_128_blake2s_update_key( - wv: *mut Lib_IntVector_Intrinsics_vec128, - hash: *mut Lib_IntVector_Intrinsics_vec128, - kk: u32, - k: *mut u8, - ll: u32, - ); -} -extern "C" { - pub fn Hacl_Blake2s_128_blake2s_update_multi( - len: u32, - wv: *mut Lib_IntVector_Intrinsics_vec128, - hash: *mut Lib_IntVector_Intrinsics_vec128, - prev: u64, - blocks: *mut u8, - nb: u32, - ); -} -extern "C" { - pub fn Hacl_Blake2s_128_blake2s_update_last( - len: u32, - wv: *mut Lib_IntVector_Intrinsics_vec128, - hash: *mut Lib_IntVector_Intrinsics_vec128, - prev: u64, - rem: u32, - d: *mut u8, - ); -} -extern "C" { - pub fn Hacl_Blake2s_128_blake2s_finish( - nn: u32, - output: *mut u8, - hash: *mut Lib_IntVector_Intrinsics_vec128, - ); -} -extern "C" { - #[doc = "Write the BLAKE2s digest of message `d` using key `k` into `output`.\n\n@param nn Length of to-be-generated digest with 1 <= `nn` <= 32.\n@param output Pointer to `nn` bytes of memory where the digest is written to.\n@param ll Length of the input message.\n@param d Pointer to `ll` bytes of memory where the input message is read from.\n@param kk Length of the key. Can be 0.\n@param k Pointer to `kk` bytes of memory where the key is read from."] - pub fn Hacl_Blake2s_128_blake2s( - nn: u32, - output: *mut u8, - ll: u32, - d: *mut u8, - kk: u32, - k: *mut u8, - ); -} -extern "C" { - pub fn Hacl_Blake2s_128_store_state128s_to_state32( - st32: *mut u32, - st: *mut Lib_IntVector_Intrinsics_vec128, - ); -} -extern "C" { - pub fn Hacl_Blake2s_128_load_state128s_from_state32( - st: *mut Lib_IntVector_Intrinsics_vec128, - st32: *mut u32, - ); -} -extern "C" { - pub fn Hacl_Blake2s_128_blake2s_malloc() -> *mut Lib_IntVector_Intrinsics_vec128; -} diff --git a/sys/pqclean/build.rs b/sys/pqclean/build.rs index e2e5557d4..b9c14eb16 100644 --- a/sys/pqclean/build.rs +++ b/sys/pqclean/build.rs @@ -52,7 +52,7 @@ fn compile_files(library_name: &str, files: &[String], out_path: &Path, args: &[ .no_default_flags(true); build.include(c_dir.join("include")); - build.flag("-O3").flag("-c"); + build.opt_level(3); for arg in args { build.flag(arg); } diff --git a/tests/hpke_kat.rs b/tests/hpke_kat.rs index 06eaf19a6..4308d8ff0 100644 --- a/tests/hpke_kat.rs +++ b/tests/hpke_kat.rs @@ -193,11 +193,6 @@ fn kat(tests: Vec) { ); return; } - #[cfg(not(target_arch = "x86_64"))] - if aead_id == AEAD::AES_128_GCM { - // libcrux AES only works on x64 (and there only with the necessary extensions) - return; - } if !aes_ni_support() { // libcrux AES only works on x64 (and there only with the necessary extensions) eprintln!("skipping AES on x64 because we're missing features."); From a01f81624650b78fc51153fd70a53528a6617fc2 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Sun, 10 Sep 2023 13:37:48 +0200 Subject: [PATCH 09/17] fixup linux x86 --- .github/workflows/rust.yml | 9 +- Cargo.toml | 5 +- src/digest.rs | 10 +- src/lib.rs | 9 +- sys/hacl/src/bindings.rs | 503 +++++++++++++++++++++++++++++++++++- sys/libjade/build.rs | 12 +- sys/libjade/src/bindings.rs | 64 +++-- sys/pqclean/src/bindings.rs | 120 +++++++++ tests/bls12.rs | 2 +- tests/hpke_kat.rs | 4 +- 10 files changed, 667 insertions(+), 71 deletions(-) diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index 3fd0c8c20..dfc41ff1a 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -39,9 +39,12 @@ jobs: - run: echo "RUST_TARGET_FLAG=" > $GITHUB_ENV if: ${{ matrix.bits == 64 }} - - name: Setup Ubuntu - if: matrix.os == 'ubuntu-latest' - run: rustup target add i686-unknown-linux-gnu + - name: Setup Ubuntu x86 + if: ${{ matrix.bits == 32 && matrix.os == 'ubuntu-latest' }} + run: | + rustup target add i686-unknown-linux-gnu + apt update + apt install -y gcc-multilib g++-multilib # Set up 32 bit systems diff --git a/Cargo.toml b/Cargo.toml index c09af5383..7c7d08f73 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -25,7 +25,7 @@ log = "0.4" # WASM API wasm-bindgen = { version = "0.2.87", optional = true } -[target.'cfg(all(not(target_os = "windows"), any(target_arch = "x86_64", target_arch = "x86")))'.dependencies] +[target.'cfg(all(not(target_os = "windows"), target_arch = "x86_64"))'.dependencies] libjade-sys = { version = "0.0.1", path = "sys/libjade" } [dev-dependencies] @@ -56,7 +56,8 @@ criterion = "0.5" # Benchmarking "OpenSSL" # XXX: We don't do this for Windows or wasm right now. -[target.'cfg(all(not(windows), not(target_arch = "wasm32")))'.dev-dependencies] +# x86 is usally a cross compilation where this won't work either. +[target.'cfg(all(not(windows), not(target_arch = "wasm32"), not(target_arch = "x86")))'.dev-dependencies] openssl = "0.10" [[bench]] diff --git a/src/digest.rs b/src/digest.rs index b6654a8ca..4da8f2aa0 100644 --- a/src/digest.rs +++ b/src/digest.rs @@ -121,19 +121,13 @@ pub type Sha3_512Digest = [u8; digest_size(Algorithm::Sha3_512)]; macro_rules! sha3_impl { ($fun_name:ident, $output:ty, $jasmin_fun:expr, $hacl_fun:expr) => { - #[cfg(all( - any(target_arch = "x86", target_arch = "x86_64"), - any(target_os = "linux", target_os = "macos") - ))] + #[cfg(all(target_arch = "x86_64", any(target_os = "linux", target_os = "macos")))] pub fn $fun_name(payload: &[u8]) -> $output { // On x64 we use Jasmin for AVX2 and fallback. $jasmin_fun(payload) } - #[cfg(not(all( - any(target_arch = "x86", target_arch = "x86_64"), - any(target_os = "linux", target_os = "macos") - )))] + #[cfg(not(all(target_arch = "x86_64", any(target_os = "linux", target_os = "macos"))))] pub fn $fun_name(payload: &[u8]) -> $output { // On all other platforms we use HACL $hacl_fun(payload) diff --git a/src/lib.rs b/src/lib.rs index d31e83d58..1a2e3fe5b 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -5,10 +5,7 @@ pub use libcrux_platform::aes_ni_support; // Jasmin -#[cfg(all( - any(target_arch = "x86", target_arch = "x86_64"), - any(target_os = "linux", target_os = "macos") -))] +#[cfg(all(target_arch = "x86_64", any(target_os = "linux", target_os = "macos")))] pub(crate) mod jasmin; // HACL @@ -21,7 +18,7 @@ pub mod aead; pub mod bls12; pub mod digest; // XXX: Looks like the bindings are broken for drbg for some reason. -#[cfg(not(target_arch ="wasm32"))] +#[cfg(not(target_arch = "wasm32"))] pub mod drbg; pub mod ecdh; pub mod hkdf; @@ -30,5 +27,5 @@ pub mod hpke; pub mod kem; pub mod signature; -#[cfg(all(target_arch ="wasm32", feature = "wasm"))] +#[cfg(all(target_arch = "wasm32", feature = "wasm"))] pub mod wasm; diff --git a/sys/hacl/src/bindings.rs b/sys/hacl/src/bindings.rs index 2fa35ce13..676945045 100644 --- a/sys/hacl/src/bindings.rs +++ b/sys/hacl/src/bindings.rs @@ -18,13 +18,31 @@ pub const Hacl_Streaming_Types_Success: u32 = 0; pub const Hacl_Streaming_Types_InvalidAlgorithm: u32 = 1; pub const Hacl_Streaming_Types_InvalidLength: u32 = 2; pub const Hacl_Streaming_Types_MaximumLengthExceeded: u32 = 3; -#[repr(C)] -#[derive(Debug, Copy, Clone)] -pub struct FStar_UInt128_uint128_s { - pub low: u64, - pub high: u64, +pub const Spec_FFDHE_FFDHE2048: u32 = 0; +pub const Spec_FFDHE_FFDHE3072: u32 = 1; +pub const Spec_FFDHE_FFDHE4096: u32 = 2; +pub const Spec_FFDHE_FFDHE6144: u32 = 3; +pub const Spec_FFDHE_FFDHE8192: u32 = 4; +pub const Spec_Agile_AEAD_AES128_GCM: u32 = 0; +pub const Spec_Agile_AEAD_AES256_GCM: u32 = 1; +pub const Spec_Agile_AEAD_CHACHA20_POLY1305: u32 = 2; +pub const Spec_Agile_AEAD_AES128_CCM: u32 = 3; +pub const Spec_Agile_AEAD_AES256_CCM: u32 = 4; +pub const Spec_Agile_AEAD_AES128_CCM8: u32 = 5; +pub const Spec_Agile_AEAD_AES256_CCM8: u32 = 6; +pub type FStar_UInt128_uint128 = u128; +extern "C" { + #[doc = "Compute the scalar multiple of a point.\n\n@param out Pointer to 32 bytes of memory, allocated by the caller, where the resulting point is written to.\n@param priv Pointer to 32 bytes of memory where the secret/private key is read from.\n@param pub Pointer to 32 bytes of memory where the public point is read from."] + pub fn Hacl_Curve25519_64_scalarmult(out: *mut u8, priv_: *mut u8, pub_: *mut u8); +} +extern "C" { + #[doc = "Calculate a public point from a secret/private key.\n\nThis computes a scalar multiplication of the secret/private key with the curve's basepoint.\n\n@param pub Pointer to 32 bytes of memory, allocated by the caller, where the resulting point is written to.\n@param priv Pointer to 32 bytes of memory where the secret/private key is read from."] + pub fn Hacl_Curve25519_64_secret_to_public(pub_: *mut u8, priv_: *mut u8); +} +extern "C" { + #[doc = "Execute the diffie-hellmann key exchange.\n\n@param out Pointer to 32 bytes of memory, allocated by the caller, where the resulting point is written to.\n@param priv Pointer to 32 bytes of memory where **our** secret/private key is read from.\n@param pub Pointer to 32 bytes of memory where **their** public point is read from."] + pub fn Hacl_Curve25519_64_ecdh(out: *mut u8, priv_: *mut u8, pub_: *mut u8) -> bool; } -pub type FStar_UInt128_uint128 = FStar_UInt128_uint128_s; extern "C" { #[doc = "Encrypt a message `m` with key `k`.\n\nThe arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption.\nNote: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory.\n\n@param k Pointer to 32 bytes of memory where the AEAD key is read from.\n@param n Pointer to 12 bytes of memory where the AEAD nonce is read from.\n@param aadlen Length of the associated data.\n@param aad Pointer to `aadlen` bytes of memory where the associated data is read from.\n\n@param mlen Length of the message.\n@param m Pointer to `mlen` bytes of memory where the message is read from.\n@param cipher Pointer to `mlen` bytes of memory where the ciphertext is written to.\n@param mac Pointer to 16 bytes of memory where the mac is written to."] pub fn Hacl_Chacha20Poly1305_32_aead_encrypt( @@ -743,3 +761,476 @@ extern "C" { private_key: *mut u8, ) -> bool; } +pub type __m128i = [::core::ffi::c_longlong; 2usize]; +pub type Lib_IntVector_Intrinsics_vec128 = __m128i; +pub type __m256i = [::core::ffi::c_longlong; 4usize]; +pub type Lib_IntVector_Intrinsics_vec256 = __m256i; +extern "C" { + #[doc = "Encrypt a message `m` with key `k`.\n\nThe arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption.\nNote: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory.\n\n@param k Pointer to 32 bytes of memory where the AEAD key is read from.\n@param n Pointer to 12 bytes of memory where the AEAD nonce is read from.\n@param aadlen Length of the associated data.\n@param aad Pointer to `aadlen` bytes of memory where the associated data is read from.\n\n@param mlen Length of the message.\n@param m Pointer to `mlen` bytes of memory where the message is read from.\n@param cipher Pointer to `mlen` bytes of memory where the ciphertext is written to.\n@param mac Pointer to 16 bytes of memory where the mac is written to."] + pub fn Hacl_Chacha20Poly1305_128_aead_encrypt( + k: *mut u8, + n: *mut u8, + aadlen: u32, + aad: *mut u8, + mlen: u32, + m: *mut u8, + cipher: *mut u8, + mac: *mut u8, + ); +} +extern "C" { + #[doc = "Decrypt a ciphertext `cipher` with key `k`.\n\nThe arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption.\nNote: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory.\n\nIf decryption succeeds, the resulting plaintext is stored in `m` and the function returns the success code 0.\nIf decryption fails, the array `m` remains unchanged and the function returns the error code 1.\n\n@param k Pointer to 32 bytes of memory where the AEAD key is read from.\n@param n Pointer to 12 bytes of memory where the AEAD nonce is read from.\n@param aadlen Length of the associated data.\n@param aad Pointer to `aadlen` bytes of memory where the associated data is read from.\n\n@param mlen Length of the ciphertext.\n@param m Pointer to `mlen` bytes of memory where the message is written to.\n@param cipher Pointer to `mlen` bytes of memory where the ciphertext is read from.\n@param mac Pointer to 16 bytes of memory where the mac is read from.\n\n@returns 0 on succeess; 1 on failure."] + pub fn Hacl_Chacha20Poly1305_128_aead_decrypt( + k: *mut u8, + n: *mut u8, + aadlen: u32, + aad: *mut u8, + mlen: u32, + m: *mut u8, + cipher: *mut u8, + mac: *mut u8, + ) -> u32; +} +extern "C" { + pub fn Hacl_Blake2s_128_blake2s_init( + hash: *mut Lib_IntVector_Intrinsics_vec128, + kk: u32, + nn: u32, + ); +} +extern "C" { + pub fn Hacl_Blake2s_128_blake2s_update_key( + wv: *mut Lib_IntVector_Intrinsics_vec128, + hash: *mut Lib_IntVector_Intrinsics_vec128, + kk: u32, + k: *mut u8, + ll: u32, + ); +} +extern "C" { + pub fn Hacl_Blake2s_128_blake2s_update_multi( + len: u32, + wv: *mut Lib_IntVector_Intrinsics_vec128, + hash: *mut Lib_IntVector_Intrinsics_vec128, + prev: u64, + blocks: *mut u8, + nb: u32, + ); +} +extern "C" { + pub fn Hacl_Blake2s_128_blake2s_update_last( + len: u32, + wv: *mut Lib_IntVector_Intrinsics_vec128, + hash: *mut Lib_IntVector_Intrinsics_vec128, + prev: u64, + rem: u32, + d: *mut u8, + ); +} +extern "C" { + pub fn Hacl_Blake2s_128_blake2s_finish( + nn: u32, + output: *mut u8, + hash: *mut Lib_IntVector_Intrinsics_vec128, + ); +} +extern "C" { + #[doc = "Write the BLAKE2s digest of message `d` using key `k` into `output`.\n\n@param nn Length of to-be-generated digest with 1 <= `nn` <= 32.\n@param output Pointer to `nn` bytes of memory where the digest is written to.\n@param ll Length of the input message.\n@param d Pointer to `ll` bytes of memory where the input message is read from.\n@param kk Length of the key. Can be 0.\n@param k Pointer to `kk` bytes of memory where the key is read from."] + pub fn Hacl_Blake2s_128_blake2s( + nn: u32, + output: *mut u8, + ll: u32, + d: *mut u8, + kk: u32, + k: *mut u8, + ); +} +extern "C" { + pub fn Hacl_Blake2s_128_store_state128s_to_state32( + st32: *mut u32, + st: *mut Lib_IntVector_Intrinsics_vec128, + ); +} +extern "C" { + pub fn Hacl_Blake2s_128_load_state128s_from_state32( + st: *mut Lib_IntVector_Intrinsics_vec128, + st32: *mut u32, + ); +} +extern "C" { + pub fn Hacl_Blake2s_128_blake2s_malloc() -> *mut Lib_IntVector_Intrinsics_vec128; +} +extern "C" { + #[doc = "Encrypt a message `m` with key `k`.\n\nThe arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption.\nNote: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory.\n\n@param k Pointer to 32 bytes of memory where the AEAD key is read from.\n@param n Pointer to 12 bytes of memory where the AEAD nonce is read from.\n@param aadlen Length of the associated data.\n@param aad Pointer to `aadlen` bytes of memory where the associated data is read from.\n\n@param mlen Length of the message.\n@param m Pointer to `mlen` bytes of memory where the message is read from.\n@param cipher Pointer to `mlen` bytes of memory where the ciphertext is written to.\n@param mac Pointer to 16 bytes of memory where the mac is written to."] + pub fn Hacl_Chacha20Poly1305_256_aead_encrypt( + k: *mut u8, + n: *mut u8, + aadlen: u32, + aad: *mut u8, + mlen: u32, + m: *mut u8, + cipher: *mut u8, + mac: *mut u8, + ); +} +extern "C" { + #[doc = "Decrypt a ciphertext `cipher` with key `k`.\n\nThe arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption.\nNote: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory.\n\nIf decryption succeeds, the resulting plaintext is stored in `m` and the function returns the success code 0.\nIf decryption fails, the array `m` remains unchanged and the function returns the error code 1.\n\n@param k Pointer to 32 bytes of memory where the AEAD key is read from.\n@param n Pointer to 12 bytes of memory where the AEAD nonce is read from.\n@param aadlen Length of the associated data.\n@param aad Pointer to `aadlen` bytes of memory where the associated data is read from.\n\n@param mlen Length of the ciphertext.\n@param m Pointer to `mlen` bytes of memory where the message is written to.\n@param cipher Pointer to `mlen` bytes of memory where the ciphertext is read from.\n@param mac Pointer to 16 bytes of memory where the mac is read from.\n\n@returns 0 on succeess; 1 on failure."] + pub fn Hacl_Chacha20Poly1305_256_aead_decrypt( + k: *mut u8, + n: *mut u8, + aadlen: u32, + aad: *mut u8, + mlen: u32, + m: *mut u8, + cipher: *mut u8, + mac: *mut u8, + ) -> u32; +} +extern "C" { + pub fn Hacl_Blake2b_256_blake2b_init( + hash: *mut Lib_IntVector_Intrinsics_vec256, + kk: u32, + nn: u32, + ); +} +extern "C" { + pub fn Hacl_Blake2b_256_blake2b_update_key( + wv: *mut Lib_IntVector_Intrinsics_vec256, + hash: *mut Lib_IntVector_Intrinsics_vec256, + kk: u32, + k: *mut u8, + ll: u32, + ); +} +extern "C" { + pub fn Hacl_Blake2b_256_blake2b_finish( + nn: u32, + output: *mut u8, + hash: *mut Lib_IntVector_Intrinsics_vec256, + ); +} +extern "C" { + #[doc = "Write the BLAKE2b digest of message `d` using key `k` into `output`.\n\n@param nn Length of the to-be-generated digest with 1 <= `nn` <= 64.\n@param output Pointer to `nn` bytes of memory where the digest is written to.\n@param ll Length of the input message.\n@param d Pointer to `ll` bytes of memory where the input message is read from.\n@param kk Length of the key. Can be 0.\n@param k Pointer to `kk` bytes of memory where the key is read from."] + pub fn Hacl_Blake2b_256_blake2b( + nn: u32, + output: *mut u8, + ll: u32, + d: *mut u8, + kk: u32, + k: *mut u8, + ); +} +extern "C" { + pub fn Hacl_Blake2b_256_load_state256b_from_state32( + st: *mut Lib_IntVector_Intrinsics_vec256, + st32: *mut u64, + ); +} +extern "C" { + pub fn Hacl_Blake2b_256_store_state256b_to_state32( + st32: *mut u64, + st: *mut Lib_IntVector_Intrinsics_vec256, + ); +} +extern "C" { + pub fn Hacl_Blake2b_256_blake2b_malloc() -> *mut Lib_IntVector_Intrinsics_vec256; +} +extern "C" { + pub fn EverCrypt_AutoConfig2_has_shaext() -> bool; +} +extern "C" { + pub fn EverCrypt_AutoConfig2_has_aesni() -> bool; +} +extern "C" { + pub fn EverCrypt_AutoConfig2_has_pclmulqdq() -> bool; +} +extern "C" { + pub fn EverCrypt_AutoConfig2_has_avx2() -> bool; +} +extern "C" { + pub fn EverCrypt_AutoConfig2_has_avx() -> bool; +} +extern "C" { + pub fn EverCrypt_AutoConfig2_has_bmi2() -> bool; +} +extern "C" { + pub fn EverCrypt_AutoConfig2_has_adx() -> bool; +} +extern "C" { + pub fn EverCrypt_AutoConfig2_has_sse() -> bool; +} +extern "C" { + pub fn EverCrypt_AutoConfig2_has_movbe() -> bool; +} +extern "C" { + pub fn EverCrypt_AutoConfig2_has_rdrand() -> bool; +} +extern "C" { + pub fn EverCrypt_AutoConfig2_has_avx512() -> bool; +} +extern "C" { + pub fn EverCrypt_AutoConfig2_recall(); +} +extern "C" { + pub fn EverCrypt_AutoConfig2_init(); +} +extern "C" { + pub fn EverCrypt_AutoConfig2_disable_avx2(); +} +extern "C" { + pub fn EverCrypt_AutoConfig2_disable_avx(); +} +extern "C" { + pub fn EverCrypt_AutoConfig2_disable_bmi2(); +} +extern "C" { + pub fn EverCrypt_AutoConfig2_disable_adx(); +} +extern "C" { + pub fn EverCrypt_AutoConfig2_disable_shaext(); +} +extern "C" { + pub fn EverCrypt_AutoConfig2_disable_aesni(); +} +extern "C" { + pub fn EverCrypt_AutoConfig2_disable_pclmulqdq(); +} +extern "C" { + pub fn EverCrypt_AutoConfig2_disable_sse(); +} +extern "C" { + pub fn EverCrypt_AutoConfig2_disable_movbe(); +} +extern "C" { + pub fn EverCrypt_AutoConfig2_disable_rdrand(); +} +extern "C" { + pub fn EverCrypt_AutoConfig2_disable_avx512(); +} +extern "C" { + pub fn EverCrypt_AutoConfig2_has_vec128() -> bool; +} +extern "C" { + pub fn EverCrypt_AutoConfig2_has_vec256() -> bool; +} +pub type Spec_FFDHE_ffdhe_alg = u8; +pub type Spec_Agile_AEAD_alg = u8; +pub type EverCrypt_Error_error_code = u8; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct EverCrypt_AEAD_state_s_s { + _unused: [u8; 0], +} +pub type EverCrypt_AEAD_state_s = EverCrypt_AEAD_state_s_s; +extern "C" { + pub fn EverCrypt_AEAD_uu___is_Ek( + a: Spec_Agile_AEAD_alg, + projectee: EverCrypt_AEAD_state_s, + ) -> bool; +} +extern "C" { + #[doc = "Return the algorithm used in the AEAD state.\n\n@param s State of the AEAD algorithm.\n\n@return Algorithm used in the AEAD state."] + pub fn EverCrypt_AEAD_alg_of_state(s: *mut EverCrypt_AEAD_state_s) -> Spec_Agile_AEAD_alg; +} +extern "C" { + #[doc = "Create the required AEAD state for the algorithm.\n\nNote: The caller must free the AEAD state by calling `EverCrypt_AEAD_free`.\n\n@param a The argument `a` must be either of:\n `Spec_Agile_AEAD_AES128_GCM` (KEY_LEN=16),\n `Spec_Agile_AEAD_AES256_GCM` (KEY_LEN=32), or\n `Spec_Agile_AEAD_CHACHA20_POLY1305` (KEY_LEN=32).\n@param dst Pointer to a pointer where the address of the allocated AEAD state will be written to.\n@param k Pointer to `KEY_LEN` bytes of memory where the key is read from. The size depends on the used algorithm, see above.\n\n@return The function returns `EverCrypt_Error_Success` on success or\n`EverCrypt_Error_UnsupportedAlgorithm` in case of a bad algorithm identifier.\n(See `EverCrypt_Error.h`.)"] + pub fn EverCrypt_AEAD_create_in( + a: Spec_Agile_AEAD_alg, + dst: *mut *mut EverCrypt_AEAD_state_s, + k: *mut u8, + ) -> EverCrypt_Error_error_code; +} +extern "C" { + #[doc = "Encrypt and authenticate a message (`plain`) with associated data (`ad`).\n\n@param s Pointer to the The AEAD state created by `EverCrypt_AEAD_create_in`. It already contains the encryption key.\n@param iv Pointer to `iv_len` bytes of memory where the nonce is read from.\n@param iv_len Length of the nonce. Note: ChaCha20Poly1305 requires a 12 byte nonce.\n@param ad Pointer to `ad_len` bytes of memory where the associated data is read from.\n@param ad_len Length of the associated data.\n@param plain Pointer to `plain_len` bytes of memory where the to-be-encrypted plaintext is read from.\n@param plain_len Length of the to-be-encrypted plaintext.\n@param cipher Pointer to `plain_len` bytes of memory where the ciphertext is written to.\n@param tag Pointer to `TAG_LEN` bytes of memory where the tag is written to.\nThe length of the `tag` must be of a suitable length for the chosen algorithm:\n `Spec_Agile_AEAD_AES128_GCM` (TAG_LEN=16)\n `Spec_Agile_AEAD_AES256_GCM` (TAG_LEN=16)\n `Spec_Agile_AEAD_CHACHA20_POLY1305` (TAG_LEN=16)\n\n@return `EverCrypt_AEAD_encrypt` may return either `EverCrypt_Error_Success` or `EverCrypt_Error_InvalidKey` (`EverCrypt_error.h`). The latter is returned if and only if the `s` parameter is `NULL`."] + pub fn EverCrypt_AEAD_encrypt( + s: *mut EverCrypt_AEAD_state_s, + iv: *mut u8, + iv_len: u32, + ad: *mut u8, + ad_len: u32, + plain: *mut u8, + plain_len: u32, + cipher: *mut u8, + tag: *mut u8, + ) -> EverCrypt_Error_error_code; +} +extern "C" { + #[doc = "WARNING: this function doesn't perform any dynamic\nhardware check. You MUST make sure your hardware supports the\nimplementation of AESGCM. Besides, this function was not designed\nfor cross-compilation: if you compile it on a system which doesn't\nsupport Vale, it will compile it to a function which makes the\nprogram exit."] + pub fn EverCrypt_AEAD_encrypt_expand_aes128_gcm_no_check( + k: *mut u8, + iv: *mut u8, + iv_len: u32, + ad: *mut u8, + ad_len: u32, + plain: *mut u8, + plain_len: u32, + cipher: *mut u8, + tag: *mut u8, + ) -> EverCrypt_Error_error_code; +} +extern "C" { + #[doc = "WARNING: this function doesn't perform any dynamic\nhardware check. You MUST make sure your hardware supports the\nimplementation of AESGCM. Besides, this function was not designed\nfor cross-compilation: if you compile it on a system which doesn't\nsupport Vale, it will compile it to a function which makes the\nprogram exit."] + pub fn EverCrypt_AEAD_encrypt_expand_aes256_gcm_no_check( + k: *mut u8, + iv: *mut u8, + iv_len: u32, + ad: *mut u8, + ad_len: u32, + plain: *mut u8, + plain_len: u32, + cipher: *mut u8, + tag: *mut u8, + ) -> EverCrypt_Error_error_code; +} +extern "C" { + pub fn EverCrypt_AEAD_encrypt_expand_aes128_gcm( + k: *mut u8, + iv: *mut u8, + iv_len: u32, + ad: *mut u8, + ad_len: u32, + plain: *mut u8, + plain_len: u32, + cipher: *mut u8, + tag: *mut u8, + ) -> EverCrypt_Error_error_code; +} +extern "C" { + pub fn EverCrypt_AEAD_encrypt_expand_aes256_gcm( + k: *mut u8, + iv: *mut u8, + iv_len: u32, + ad: *mut u8, + ad_len: u32, + plain: *mut u8, + plain_len: u32, + cipher: *mut u8, + tag: *mut u8, + ) -> EverCrypt_Error_error_code; +} +extern "C" { + pub fn EverCrypt_AEAD_encrypt_expand_chacha20_poly1305( + k: *mut u8, + iv: *mut u8, + iv_len: u32, + ad: *mut u8, + ad_len: u32, + plain: *mut u8, + plain_len: u32, + cipher: *mut u8, + tag: *mut u8, + ) -> EverCrypt_Error_error_code; +} +extern "C" { + pub fn EverCrypt_AEAD_encrypt_expand( + a: Spec_Agile_AEAD_alg, + k: *mut u8, + iv: *mut u8, + iv_len: u32, + ad: *mut u8, + ad_len: u32, + plain: *mut u8, + plain_len: u32, + cipher: *mut u8, + tag: *mut u8, + ) -> EverCrypt_Error_error_code; +} +extern "C" { + #[doc = "Verify the authenticity of `ad` || `cipher` and decrypt `cipher` into `dst`.\n\n@param s Pointer to the The AEAD state created by `EverCrypt_AEAD_create_in`. It already contains the encryption key.\n@param iv Pointer to `iv_len` bytes of memory where the nonce is read from.\n@param iv_len Length of the nonce. Note: ChaCha20Poly1305 requires a 12 byte nonce.\n@param ad Pointer to `ad_len` bytes of memory where the associated data is read from.\n@param ad_len Length of the associated data.\n@param cipher Pointer to `cipher_len` bytes of memory where the ciphertext is read from.\n@param cipher_len Length of the ciphertext.\n@param tag Pointer to `TAG_LEN` bytes of memory where the tag is read from.\nThe length of the `tag` must be of a suitable length for the chosen algorithm:\n `Spec_Agile_AEAD_AES128_GCM` (TAG_LEN=16)\n `Spec_Agile_AEAD_AES256_GCM` (TAG_LEN=16)\n `Spec_Agile_AEAD_CHACHA20_POLY1305` (TAG_LEN=16)\n@param dst Pointer to `cipher_len` bytes of memory where the decrypted plaintext will be written to.\n\n@return `EverCrypt_AEAD_decrypt` returns ...\n\n `EverCrypt_Error_Success`\n\n... on success and either of ...\n\n `EverCrypt_Error_InvalidKey` (returned if and only if the `s` parameter is `NULL`),\n `EverCrypt_Error_InvalidIVLength` (see note about requirements on IV size above), or\n `EverCrypt_Error_AuthenticationFailure` (in case the ciphertext could not be authenticated, e.g., due to modifications)\n\n... on failure (`EverCrypt_error.h`).\n\nUpon success, the plaintext will be written into `dst`."] + pub fn EverCrypt_AEAD_decrypt( + s: *mut EverCrypt_AEAD_state_s, + iv: *mut u8, + iv_len: u32, + ad: *mut u8, + ad_len: u32, + cipher: *mut u8, + cipher_len: u32, + tag: *mut u8, + dst: *mut u8, + ) -> EverCrypt_Error_error_code; +} +extern "C" { + #[doc = "WARNING: this function doesn't perform any dynamic\nhardware check. You MUST make sure your hardware supports the\nimplementation of AESGCM. Besides, this function was not designed\nfor cross-compilation: if you compile it on a system which doesn't\nsupport Vale, it will compile it to a function which makes the\nprogram exit."] + pub fn EverCrypt_AEAD_decrypt_expand_aes128_gcm_no_check( + k: *mut u8, + iv: *mut u8, + iv_len: u32, + ad: *mut u8, + ad_len: u32, + cipher: *mut u8, + cipher_len: u32, + tag: *mut u8, + dst: *mut u8, + ) -> EverCrypt_Error_error_code; +} +extern "C" { + #[doc = "WARNING: this function doesn't perform any dynamic\nhardware check. You MUST make sure your hardware supports the\nimplementation of AESGCM. Besides, this function was not designed\nfor cross-compilation: if you compile it on a system which doesn't\nsupport Vale, it will compile it to a function which makes the\nprogram exit."] + pub fn EverCrypt_AEAD_decrypt_expand_aes256_gcm_no_check( + k: *mut u8, + iv: *mut u8, + iv_len: u32, + ad: *mut u8, + ad_len: u32, + cipher: *mut u8, + cipher_len: u32, + tag: *mut u8, + dst: *mut u8, + ) -> EverCrypt_Error_error_code; +} +extern "C" { + pub fn EverCrypt_AEAD_decrypt_expand_aes128_gcm( + k: *mut u8, + iv: *mut u8, + iv_len: u32, + ad: *mut u8, + ad_len: u32, + cipher: *mut u8, + cipher_len: u32, + tag: *mut u8, + dst: *mut u8, + ) -> EverCrypt_Error_error_code; +} +extern "C" { + pub fn EverCrypt_AEAD_decrypt_expand_aes256_gcm( + k: *mut u8, + iv: *mut u8, + iv_len: u32, + ad: *mut u8, + ad_len: u32, + cipher: *mut u8, + cipher_len: u32, + tag: *mut u8, + dst: *mut u8, + ) -> EverCrypt_Error_error_code; +} +extern "C" { + pub fn EverCrypt_AEAD_decrypt_expand_chacha20_poly1305( + k: *mut u8, + iv: *mut u8, + iv_len: u32, + ad: *mut u8, + ad_len: u32, + cipher: *mut u8, + cipher_len: u32, + tag: *mut u8, + dst: *mut u8, + ) -> EverCrypt_Error_error_code; +} +extern "C" { + pub fn EverCrypt_AEAD_decrypt_expand( + a: Spec_Agile_AEAD_alg, + k: *mut u8, + iv: *mut u8, + iv_len: u32, + ad: *mut u8, + ad_len: u32, + cipher: *mut u8, + cipher_len: u32, + tag: *mut u8, + dst: *mut u8, + ) -> EverCrypt_Error_error_code; +} +extern "C" { + #[doc = "Cleanup and free the AEAD state.\n\n@param s State of the AEAD algorithm."] + pub fn EverCrypt_AEAD_free(s: *mut EverCrypt_AEAD_state_s); +} diff --git a/sys/libjade/build.rs b/sys/libjade/build.rs index d3cbb0fff..4b9de9819 100644 --- a/sys/libjade/build.rs +++ b/sys/libjade/build.rs @@ -76,14 +76,8 @@ fn compile_files(library_name: &str, files: &[String], home_path: &Path, args: & build.compile(library_name); } -fn build(platform: Platform, home_path: &Path, cross_target: Option) { - let args = cross_target - .map(|s| match s.as_str() { - // We only support cross compilation here for now. - "x86_64-apple-darwin" => svec!["-target", "x86_64-apple-darwin"], - _ => panic!("Unsupported cross compilation target {s}"), - }) - .unwrap_or_default(); +fn build(platform: Platform, home_path: &Path) { + let args = Vec::new(); let files = svec![ "sha256.s", @@ -164,7 +158,7 @@ pub fn main() -> Result<(), u8> { }; // Build the C/ASM files - build(platform, home_path, cross_target); + build(platform, home_path); // Set library name to look up const LIB_NAME: &str = "jade"; diff --git a/sys/libjade/src/bindings.rs b/sys/libjade/src/bindings.rs index cc659bf5f..e784d9931 100644 --- a/sys/libjade/src/bindings.rs +++ b/sys/libjade/src/bindings.rs @@ -54,61 +54,57 @@ extern "C" { out: *mut u8, in_: *mut u8, length: u64, - ) -> ::std::os::raw::c_int; + ) -> ::core::ffi::c_int; } extern "C" { pub fn jade_scalarmult_curve25519_amd64_ref5( r: *mut u8, k: *mut u8, u: *mut u8, - ) -> ::std::os::raw::c_int; + ) -> ::core::ffi::c_int; } extern "C" { - pub fn jade_scalarmult_curve25519_amd64_ref5_base( - r: *mut u8, - k: *mut u8, - ) -> ::std::os::raw::c_int; + pub fn jade_scalarmult_curve25519_amd64_ref5_base(r: *mut u8, k: *mut u8) + -> ::core::ffi::c_int; } extern "C" { pub fn jade_scalarmult_curve25519_amd64_mulx( r: *mut u8, k: *mut u8, u: *mut u8, - ) -> ::std::os::raw::c_int; + ) -> ::core::ffi::c_int; } extern "C" { - pub fn jade_scalarmult_curve25519_amd64_mulx_base( - r: *mut u8, - k: *mut u8, - ) -> ::std::os::raw::c_int; + pub fn jade_scalarmult_curve25519_amd64_mulx_base(r: *mut u8, k: *mut u8) + -> ::core::ffi::c_int; } extern "C" { pub fn jade_hash_sha3_224_amd64_ref( out: *mut u8, in_: *mut u8, length: u64, - ) -> ::std::os::raw::c_int; + ) -> ::core::ffi::c_int; } extern "C" { pub fn jade_hash_sha3_256_amd64_ref( out: *mut u8, in_: *mut u8, length: u64, - ) -> ::std::os::raw::c_int; + ) -> ::core::ffi::c_int; } extern "C" { pub fn jade_hash_sha3_384_amd64_ref( out: *mut u8, in_: *mut u8, length: u64, - ) -> ::std::os::raw::c_int; + ) -> ::core::ffi::c_int; } extern "C" { pub fn jade_hash_sha3_512_amd64_ref( out: *mut u8, in_: *mut u8, length: u64, - ) -> ::std::os::raw::c_int; + ) -> ::core::ffi::c_int; } extern "C" { pub fn jade_onetimeauth_poly1305_amd64_ref( @@ -116,7 +112,7 @@ extern "C" { in_: *mut u8, inlen: u64, key: *mut u8, - ) -> ::std::os::raw::c_int; + ) -> ::core::ffi::c_int; } extern "C" { pub fn jade_onetimeauth_poly1305_amd64_ref_verify( @@ -124,7 +120,7 @@ extern "C" { in_: *mut u8, inlen: u64, key: *mut u8, - ) -> ::std::os::raw::c_int; + ) -> ::core::ffi::c_int; } extern "C" { pub fn jade_stream_chacha_chacha20_ietf_amd64_ref_xor( @@ -133,7 +129,7 @@ extern "C" { length: u64, nonce: *mut u8, key: *mut u8, - ) -> ::std::os::raw::c_int; + ) -> ::core::ffi::c_int; } extern "C" { pub fn jade_stream_chacha_chacha20_ietf_amd64_ref( @@ -141,14 +137,14 @@ extern "C" { length: u64, nonce: *mut u8, key: *mut u8, - ) -> ::std::os::raw::c_int; + ) -> ::core::ffi::c_int; } extern "C" { pub fn jade_kem_kyber_kyber768_amd64_ref_keypair_derand( public_key: *mut u8, secret_key: *mut u8, coins: *const u8, - ) -> ::std::os::raw::c_int; + ) -> ::core::ffi::c_int; } extern "C" { pub fn jade_kem_kyber_kyber768_amd64_ref_enc_derand( @@ -156,42 +152,42 @@ extern "C" { shared_secret: *mut u8, public_key: *const u8, coins: *const u8, - ) -> ::std::os::raw::c_int; + ) -> ::core::ffi::c_int; } extern "C" { pub fn jade_kem_kyber_kyber768_amd64_ref_dec( shared_secret: *mut u8, ciphertext: *const u8, secret_key: *const u8, - ) -> ::std::os::raw::c_int; + ) -> ::core::ffi::c_int; } extern "C" { pub fn jade_hash_sha3_224_amd64_avx2( out: *mut u8, in_: *mut u8, length: u64, - ) -> ::std::os::raw::c_int; + ) -> ::core::ffi::c_int; } extern "C" { pub fn jade_hash_sha3_256_amd64_avx2( out: *mut u8, in_: *mut u8, length: u64, - ) -> ::std::os::raw::c_int; + ) -> ::core::ffi::c_int; } extern "C" { pub fn jade_hash_sha3_384_amd64_avx2( out: *mut u8, in_: *mut u8, length: u64, - ) -> ::std::os::raw::c_int; + ) -> ::core::ffi::c_int; } extern "C" { pub fn jade_hash_sha3_512_amd64_avx2( out: *mut u8, in_: *mut u8, length: u64, - ) -> ::std::os::raw::c_int; + ) -> ::core::ffi::c_int; } extern "C" { pub fn jade_onetimeauth_poly1305_amd64_avx2( @@ -199,7 +195,7 @@ extern "C" { in_: *mut u8, inlen: u64, key: *mut u8, - ) -> ::std::os::raw::c_int; + ) -> ::core::ffi::c_int; } extern "C" { pub fn jade_onetimeauth_poly1305_amd64_avx2_verify( @@ -207,7 +203,7 @@ extern "C" { in_: *mut u8, inlen: u64, key: *mut u8, - ) -> ::std::os::raw::c_int; + ) -> ::core::ffi::c_int; } extern "C" { pub fn jade_stream_chacha_chacha20_ietf_amd64_avx2_xor( @@ -216,7 +212,7 @@ extern "C" { length: u64, nonce: *mut u8, key: *mut u8, - ) -> ::std::os::raw::c_int; + ) -> ::core::ffi::c_int; } extern "C" { pub fn jade_stream_chacha_chacha20_ietf_amd64_avx2( @@ -224,7 +220,7 @@ extern "C" { length: u64, nonce: *mut u8, key: *mut u8, - ) -> ::std::os::raw::c_int; + ) -> ::core::ffi::c_int; } extern "C" { pub fn jade_onetimeauth_poly1305_amd64_avx( @@ -232,7 +228,7 @@ extern "C" { in_: *mut u8, inlen: u64, key: *mut u8, - ) -> ::std::os::raw::c_int; + ) -> ::core::ffi::c_int; } extern "C" { pub fn jade_onetimeauth_poly1305_amd64_avx_verify( @@ -240,7 +236,7 @@ extern "C" { in_: *mut u8, inlen: u64, key: *mut u8, - ) -> ::std::os::raw::c_int; + ) -> ::core::ffi::c_int; } extern "C" { pub fn jade_stream_chacha_chacha20_ietf_amd64_avx_xor( @@ -249,7 +245,7 @@ extern "C" { length: u64, nonce: *mut u8, key: *mut u8, - ) -> ::std::os::raw::c_int; + ) -> ::core::ffi::c_int; } extern "C" { pub fn jade_stream_chacha_chacha20_ietf_amd64_avx( @@ -257,5 +253,5 @@ extern "C" { length: u64, nonce: *mut u8, key: *mut u8, - ) -> ::std::os::raw::c_int; + ) -> ::core::ffi::c_int; } diff --git a/sys/pqclean/src/bindings.rs b/sys/pqclean/src/bindings.rs index 69f066c68..636875539 100644 --- a/sys/pqclean/src/bindings.rs +++ b/sys/pqclean/src/bindings.rs @@ -40,3 +40,123 @@ pub struct sha3_384incctx { pub struct sha3_512incctx { pub ctx: *mut u64, } +extern "C" { + pub fn shake128_absorb(state: *mut shake128ctx, input: *const u8, inlen: usize); +} +extern "C" { + pub fn shake128_squeezeblocks(output: *mut u8, nblocks: usize, state: *mut shake128ctx); +} +extern "C" { + pub fn shake128_ctx_release(state: *mut shake128ctx); +} +extern "C" { + pub fn shake128_ctx_clone(dest: *mut shake128ctx, src: *const shake128ctx); +} +extern "C" { + pub fn shake128_inc_init(state: *mut shake128incctx); +} +extern "C" { + pub fn shake128_inc_absorb(state: *mut shake128incctx, input: *const u8, inlen: usize); +} +extern "C" { + pub fn shake128_inc_finalize(state: *mut shake128incctx); +} +extern "C" { + pub fn shake128_inc_squeeze(output: *mut u8, outlen: usize, state: *mut shake128incctx); +} +extern "C" { + pub fn shake128_inc_ctx_clone(dest: *mut shake128incctx, src: *const shake128incctx); +} +extern "C" { + pub fn shake128_inc_ctx_release(state: *mut shake128incctx); +} +extern "C" { + pub fn shake256_absorb(state: *mut shake256ctx, input: *const u8, inlen: usize); +} +extern "C" { + pub fn shake256_squeezeblocks(output: *mut u8, nblocks: usize, state: *mut shake256ctx); +} +extern "C" { + pub fn shake256_ctx_release(state: *mut shake256ctx); +} +extern "C" { + pub fn shake256_ctx_clone(dest: *mut shake256ctx, src: *const shake256ctx); +} +extern "C" { + pub fn shake256_inc_init(state: *mut shake256incctx); +} +extern "C" { + pub fn shake256_inc_absorb(state: *mut shake256incctx, input: *const u8, inlen: usize); +} +extern "C" { + pub fn shake256_inc_finalize(state: *mut shake256incctx); +} +extern "C" { + pub fn shake256_inc_squeeze(output: *mut u8, outlen: usize, state: *mut shake256incctx); +} +extern "C" { + pub fn shake256_inc_ctx_clone(dest: *mut shake256incctx, src: *const shake256incctx); +} +extern "C" { + pub fn shake256_inc_ctx_release(state: *mut shake256incctx); +} +extern "C" { + pub fn shake128(output: *mut u8, outlen: usize, input: *const u8, inlen: usize); +} +extern "C" { + pub fn shake256(output: *mut u8, outlen: usize, input: *const u8, inlen: usize); +} +extern "C" { + pub fn sha3_256_inc_init(state: *mut sha3_256incctx); +} +extern "C" { + pub fn sha3_256_inc_absorb(state: *mut sha3_256incctx, input: *const u8, inlen: usize); +} +extern "C" { + pub fn sha3_256_inc_finalize(output: *mut u8, state: *mut sha3_256incctx); +} +extern "C" { + pub fn sha3_256_inc_ctx_clone(dest: *mut sha3_256incctx, src: *const sha3_256incctx); +} +extern "C" { + pub fn sha3_256_inc_ctx_release(state: *mut sha3_256incctx); +} +extern "C" { + pub fn sha3_256(output: *mut u8, input: *const u8, inlen: usize); +} +extern "C" { + pub fn sha3_384_inc_init(state: *mut sha3_384incctx); +} +extern "C" { + pub fn sha3_384_inc_absorb(state: *mut sha3_384incctx, input: *const u8, inlen: usize); +} +extern "C" { + pub fn sha3_384_inc_finalize(output: *mut u8, state: *mut sha3_384incctx); +} +extern "C" { + pub fn sha3_384_inc_ctx_clone(dest: *mut sha3_384incctx, src: *const sha3_384incctx); +} +extern "C" { + pub fn sha3_384_inc_ctx_release(state: *mut sha3_384incctx); +} +extern "C" { + pub fn sha3_384(output: *mut u8, input: *const u8, inlen: usize); +} +extern "C" { + pub fn sha3_512_inc_init(state: *mut sha3_512incctx); +} +extern "C" { + pub fn sha3_512_inc_absorb(state: *mut sha3_512incctx, input: *const u8, inlen: usize); +} +extern "C" { + pub fn sha3_512_inc_finalize(output: *mut u8, state: *mut sha3_512incctx); +} +extern "C" { + pub fn sha3_512_inc_ctx_clone(dest: *mut sha3_512incctx, src: *const sha3_512incctx); +} +extern "C" { + pub fn sha3_512_inc_ctx_release(state: *mut sha3_512incctx); +} +extern "C" { + pub fn sha3_512(output: *mut u8, input: *const u8, inlen: usize); +} diff --git a/tests/bls12.rs b/tests/bls12.rs index faa4eddac..345335689 100644 --- a/tests/bls12.rs +++ b/tests/bls12.rs @@ -1,4 +1,4 @@ -#[cfg(not(target_arch = "wasm32"))] +#[cfg(all(not(target_arch = "wasm32"), not(target_arch = "x86")))] mod bls12_test { use libcrux::bls12::{ bls12_add, bls12_from_montgomery, bls12_mul, bls12_opp, bls12_square, bls12_sub, diff --git a/tests/hpke_kat.rs b/tests/hpke_kat.rs index 4308d8ff0..94fc8a550 100644 --- a/tests/hpke_kat.rs +++ b/tests/hpke_kat.rs @@ -193,9 +193,9 @@ fn kat(tests: Vec) { ); return; } - if !aes_ni_support() { + if !aes_ni_support() || cfg!(target_arch = "x86") { // libcrux AES only works on x64 (and there only with the necessary extensions) - eprintln!("skipping AES on x64 because we're missing features."); + eprintln!("skipping AES because we're missing features."); return; } From f59f50ea170793a45f399d5b828710ca8c5f32d9 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Sun, 10 Sep 2023 13:53:15 +0200 Subject: [PATCH 10/17] linux ci fixup --- .github/workflows/rust.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index dfc41ff1a..50e9c2f80 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -43,8 +43,8 @@ jobs: if: ${{ matrix.bits == 32 && matrix.os == 'ubuntu-latest' }} run: | rustup target add i686-unknown-linux-gnu - apt update - apt install -y gcc-multilib g++-multilib + sudo apt-get update + sudo apt-get install -y gcc-multilib g++-multilib # Set up 32 bit systems From b952ed7d8906ca4fce3fc4bb4d47b90d9a52393b Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Sun, 10 Sep 2023 20:55:22 +0200 Subject: [PATCH 11/17] build fixups --- sys/hacl/build.rs | 53 +++----------------------------------------- sys/libjade/build.rs | 38 +++++-------------------------- sys/pqclean/build.rs | 17 +++----------- 3 files changed, 11 insertions(+), 97 deletions(-) diff --git a/sys/hacl/build.rs b/sys/hacl/build.rs index 9f7bfc847..1660950e9 100644 --- a/sys/hacl/build.rs +++ b/sys/hacl/build.rs @@ -1,6 +1,5 @@ use std::{env, path::Path}; -const MODE: &str = "static"; const LIB_NAME: &str = "hacl"; const LIB_128_NAME: &str = "hacl_128"; const LIB_256_NAME: &str = "hacl_256"; @@ -37,6 +36,7 @@ fn includes(home_dir: &Path, include_str: &str) -> Vec { ] } +// FIXME: drop all the host specific checks and move them to target. #[cfg(all( any(target_arch = "x86", target_arch = "x86_64"), any( @@ -185,6 +185,7 @@ fn compile_files( build.include(include); } build.opt_level(3); + build.static_crt(true); if let Some(target) = platform.target { build.flag(&format!("--target={target}")); } @@ -377,7 +378,7 @@ fn build(platform: &Platform, home_path: &Path) { ); } - compile_files(platform, "libhacl.a", &files, &[], home_path, &[], &defines); + compile_files(platform, LIB_NAME, &files, &[], home_path, &[], &defines); } #[derive(Clone, Debug, Default)] @@ -401,25 +402,10 @@ fn main() { // Get ENV variables let home_dir = env::var("CARGO_MANIFEST_DIR").unwrap(); let home_path = Path::new(&home_dir); - let out_dir = env::var("OUT_DIR").unwrap(); - let out_path = Path::new(&out_dir); - let prebuilt_hacl_path = env::var("HACL_STATIC_PATH"); - let prebuilt_hacl_name = env::var("HACL_STATIC_LIB"); - let _host_arch = env::var("TARGET").unwrap(); let target_arch = env::var("CARGO_CFG_TARGET_ARCH").unwrap(); let target_env = env::var("CARGO_CFG_TARGET_ENV").unwrap(); let target_os = env::var("CARGO_CFG_TARGET_OS").unwrap(); - // If we have a prebuilt binary, we don't do anything here. - // NOTE: the binary must match the bindings in this crate. - if let Ok(prebuilt_hacl_name) = prebuilt_hacl_name { - println!("cargo:rustc-link-lib={}={}", "static", prebuilt_hacl_name); - if let Ok(prebuilt_hacl_path) = prebuilt_hacl_path { - println!("cargo:rustc-link-search=native={}", prebuilt_hacl_path); - } - return; - } - // Check platform support let platform = if target_arch != "wasm32" { let x86 = target_arch == "x86"; @@ -456,37 +442,4 @@ fn main() { if target_arch != "wasm32" { create_bindings(&platform, home_path); } - - // Link hacl library. - println!("cargo:rustc-link-lib={}={}", MODE, LIB_NAME); - if platform.simd128 { - println!("cargo:rustc-link-lib={}={}", MODE, LIB_128_NAME); - } - if platform.simd256 { - println!("cargo:rustc-link-lib={}={}", MODE, LIB_256_NAME); - } - if platform.x25519 - && (target_arch == "x86" - || target_arch == "x86_64" - && (target_env == "gnu" - || target_os == "linux" - || target_os == "macos" - || (target_os == "windows" && target_env == "msvc"))) - { - println!("cargo:rustc-link-lib={}={}", MODE, LIB_25519_NAME); - } - if platform.simd128 - && platform.simd256 - && platform.aes_ni - && platform.pmull - && (target_arch == "x86" - || target_arch == "x86_64" - && (target_os == "linux" - || target_os == "macos" - || (target_os == "windows" && (target_env == "msvc" || target_env == "gnu")))) - { - println!("cargo:rustc-link-lib={}={}", MODE, LIB_VALE_AESGCM_NAME); - } - println!("cargo:rustc-link-search=native={}", out_path.display()); - println!("cargo:lib={}", out_path.display()); } diff --git a/sys/libjade/build.rs b/sys/libjade/build.rs index 4b9de9819..81142a388 100644 --- a/sys/libjade/build.rs +++ b/sys/libjade/build.rs @@ -91,7 +91,7 @@ fn build(platform: Platform, home_path: &Path) { "poly1305_ref.s", "kyber_kyber768_ref.s", ]; - compile_files("libjade.a", &files, home_path, &args); + compile_files("jade", &files, home_path, &args); if platform.simd256 { let files256 = svec![ @@ -105,7 +105,7 @@ fn build(platform: Platform, home_path: &Path) { let mut simd256_flags = args.clone(); append_simd256_flags(&mut simd256_flags); - compile_files("libjade_256.a", &files256, home_path, &simd256_flags); + compile_files("jade_256", &files256, home_path, &simd256_flags); } if platform.simd128 { @@ -113,7 +113,7 @@ fn build(platform: Platform, home_path: &Path) { let mut simd128_flags = args.clone(); append_simd128_flags(&mut simd128_flags); - compile_files("libjade_128.a", &files128, home_path, &simd128_flags); + compile_files("jade_128", &files128, home_path, &simd128_flags); } } @@ -123,29 +123,17 @@ struct Platform { simd256: bool, } -pub fn main() -> Result<(), u8> { +pub fn main() { // Get ENV variables let home_dir = env::var("CARGO_MANIFEST_DIR").unwrap(); let home_path = Path::new(&home_dir); let out_dir = env::var("OUT_DIR").unwrap(); let out_path = Path::new(&out_dir); let target = env::var("TARGET").unwrap(); - let target_arch = env::var("CARGO_CFG_TARGET_ARCH").unwrap(); let host = env::var("HOST").unwrap(); - if target_arch != "x86_64" && target_arch != "x86" { - eprintln!(" ! Only x86 and x64 CPUs are supported !"); - return Err(1); - } - - let cross_target = if target != host { - Some(target.clone()) - } else { - None - }; - // If cross compiling, we assume to have it all. - let platform = if cross_target.is_some() { + let platform = if target != host { Platform { simd128: true, simd256: true, @@ -168,20 +156,4 @@ pub fn main() -> Result<(), u8> { // Generate new bindings. create_bindings(platform, home_path); - - // Link hacl library. - const MODE: &str = "static"; - println!("cargo:rustc-link-lib={}={}", MODE, LIB_NAME); - if platform.simd128 { - println!("cargo:rustc-cfg=simd128"); - println!("cargo:rustc-link-lib={}={}", MODE, "jade_128"); - } - if platform.simd256 { - println!("cargo:rustc-cfg=simd256"); - println!("cargo:rustc-link-lib={}={}", MODE, "jade_256"); - } - println!("cargo:rustc-link-search=native={}", out_path.display()); - println!("cargo:lib={}", out_path.display()); - - Ok(()) } diff --git a/sys/pqclean/build.rs b/sys/pqclean/build.rs index b9c14eb16..404f1eac4 100644 --- a/sys/pqclean/build.rs +++ b/sys/pqclean/build.rs @@ -63,10 +63,10 @@ fn compile_files(library_name: &str, files: &[String], out_path: &Path, args: &[ fn build(out_path: &Path) { let files = vec!["fips202.c".to_string()]; let args = vec![]; - compile_files("libpqclean.a", &files, out_path, &args); + compile_files("pqclean", &files, out_path, &args); } -pub fn main() -> Result<(), u8> { +pub fn main() { // Get ENV variables let home_dir = env::var("CARGO_MANIFEST_DIR").unwrap(); let home_path = Path::new(&home_dir); @@ -79,20 +79,9 @@ pub fn main() -> Result<(), u8> { // Build the C/ASM files build(out_path); - // Set library name to look up - let library_name = "pqclean"; - // Set re-run trigger for all of s - println!("cargo:rerun-if-changed=cs"); + println!("cargo:rerun-if-changed=c"); // Generate new bindings. This is a no-op on Windows. create_bindings(home_path); - - // Link hacl library. - let mode = "static"; - println!("cargo:rustc-link-lib={}={}", mode, library_name); - println!("cargo:rustc-link-search=native={}", out_path.display()); - println!("cargo:lib={}", out_path.display()); - - Ok(()) } From 30334d091ec42aeb76cdf5eff1cb56f4a671f1cd Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Sun, 10 Sep 2023 21:06:32 +0200 Subject: [PATCH 12/17] more fixups --- .github/workflows/rust.yml | 4 +- sys/hacl/src/bindings.rs | 503 +----------------- sys/libjade/build.rs | 5 - sys/libjade/src/fallback_definitions.rs | 8 - .../src/fallback_definitions/simd128.rs | 33 -- .../src/fallback_definitions/simd256.rs | 67 --- sys/libjade/src/lib.rs | 4 - 7 files changed, 8 insertions(+), 616 deletions(-) delete mode 100644 sys/libjade/src/fallback_definitions.rs delete mode 100644 sys/libjade/src/fallback_definitions/simd128.rs delete mode 100644 sys/libjade/src/fallback_definitions/simd256.rs diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index 50e9c2f80..0a8cda190 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -60,14 +60,14 @@ jobs: # Set up windows - name: Setup Windows x86 - if: ${{ matrix.os == 'windows-latest' }} + if: ${{ matrix.bits == 32 && matrix.os == 'windows-latest' }} shell: pwsh run: | echo "VCPKG_ROOT=$env:VCPKG_INSTALLATION_ROOT" | Out-File -FilePath $env:GITHUB_ENV -Append vcpkg install openssl:x86-windows-static-md - name: Setup Windows x64 - if: ${{ matrix.os == 'windows-latest' }} + if: ${{ matrix.bits == 64 && matrix.os == 'windows-latest' }} shell: pwsh run: | echo "VCPKG_ROOT=$env:VCPKG_INSTALLATION_ROOT" | Out-File -FilePath $env:GITHUB_ENV -Append diff --git a/sys/hacl/src/bindings.rs b/sys/hacl/src/bindings.rs index 676945045..2fa35ce13 100644 --- a/sys/hacl/src/bindings.rs +++ b/sys/hacl/src/bindings.rs @@ -18,31 +18,13 @@ pub const Hacl_Streaming_Types_Success: u32 = 0; pub const Hacl_Streaming_Types_InvalidAlgorithm: u32 = 1; pub const Hacl_Streaming_Types_InvalidLength: u32 = 2; pub const Hacl_Streaming_Types_MaximumLengthExceeded: u32 = 3; -pub const Spec_FFDHE_FFDHE2048: u32 = 0; -pub const Spec_FFDHE_FFDHE3072: u32 = 1; -pub const Spec_FFDHE_FFDHE4096: u32 = 2; -pub const Spec_FFDHE_FFDHE6144: u32 = 3; -pub const Spec_FFDHE_FFDHE8192: u32 = 4; -pub const Spec_Agile_AEAD_AES128_GCM: u32 = 0; -pub const Spec_Agile_AEAD_AES256_GCM: u32 = 1; -pub const Spec_Agile_AEAD_CHACHA20_POLY1305: u32 = 2; -pub const Spec_Agile_AEAD_AES128_CCM: u32 = 3; -pub const Spec_Agile_AEAD_AES256_CCM: u32 = 4; -pub const Spec_Agile_AEAD_AES128_CCM8: u32 = 5; -pub const Spec_Agile_AEAD_AES256_CCM8: u32 = 6; -pub type FStar_UInt128_uint128 = u128; -extern "C" { - #[doc = "Compute the scalar multiple of a point.\n\n@param out Pointer to 32 bytes of memory, allocated by the caller, where the resulting point is written to.\n@param priv Pointer to 32 bytes of memory where the secret/private key is read from.\n@param pub Pointer to 32 bytes of memory where the public point is read from."] - pub fn Hacl_Curve25519_64_scalarmult(out: *mut u8, priv_: *mut u8, pub_: *mut u8); -} -extern "C" { - #[doc = "Calculate a public point from a secret/private key.\n\nThis computes a scalar multiplication of the secret/private key with the curve's basepoint.\n\n@param pub Pointer to 32 bytes of memory, allocated by the caller, where the resulting point is written to.\n@param priv Pointer to 32 bytes of memory where the secret/private key is read from."] - pub fn Hacl_Curve25519_64_secret_to_public(pub_: *mut u8, priv_: *mut u8); -} -extern "C" { - #[doc = "Execute the diffie-hellmann key exchange.\n\n@param out Pointer to 32 bytes of memory, allocated by the caller, where the resulting point is written to.\n@param priv Pointer to 32 bytes of memory where **our** secret/private key is read from.\n@param pub Pointer to 32 bytes of memory where **their** public point is read from."] - pub fn Hacl_Curve25519_64_ecdh(out: *mut u8, priv_: *mut u8, pub_: *mut u8) -> bool; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct FStar_UInt128_uint128_s { + pub low: u64, + pub high: u64, } +pub type FStar_UInt128_uint128 = FStar_UInt128_uint128_s; extern "C" { #[doc = "Encrypt a message `m` with key `k`.\n\nThe arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption.\nNote: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory.\n\n@param k Pointer to 32 bytes of memory where the AEAD key is read from.\n@param n Pointer to 12 bytes of memory where the AEAD nonce is read from.\n@param aadlen Length of the associated data.\n@param aad Pointer to `aadlen` bytes of memory where the associated data is read from.\n\n@param mlen Length of the message.\n@param m Pointer to `mlen` bytes of memory where the message is read from.\n@param cipher Pointer to `mlen` bytes of memory where the ciphertext is written to.\n@param mac Pointer to 16 bytes of memory where the mac is written to."] pub fn Hacl_Chacha20Poly1305_32_aead_encrypt( @@ -761,476 +743,3 @@ extern "C" { private_key: *mut u8, ) -> bool; } -pub type __m128i = [::core::ffi::c_longlong; 2usize]; -pub type Lib_IntVector_Intrinsics_vec128 = __m128i; -pub type __m256i = [::core::ffi::c_longlong; 4usize]; -pub type Lib_IntVector_Intrinsics_vec256 = __m256i; -extern "C" { - #[doc = "Encrypt a message `m` with key `k`.\n\nThe arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption.\nNote: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory.\n\n@param k Pointer to 32 bytes of memory where the AEAD key is read from.\n@param n Pointer to 12 bytes of memory where the AEAD nonce is read from.\n@param aadlen Length of the associated data.\n@param aad Pointer to `aadlen` bytes of memory where the associated data is read from.\n\n@param mlen Length of the message.\n@param m Pointer to `mlen` bytes of memory where the message is read from.\n@param cipher Pointer to `mlen` bytes of memory where the ciphertext is written to.\n@param mac Pointer to 16 bytes of memory where the mac is written to."] - pub fn Hacl_Chacha20Poly1305_128_aead_encrypt( - k: *mut u8, - n: *mut u8, - aadlen: u32, - aad: *mut u8, - mlen: u32, - m: *mut u8, - cipher: *mut u8, - mac: *mut u8, - ); -} -extern "C" { - #[doc = "Decrypt a ciphertext `cipher` with key `k`.\n\nThe arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption.\nNote: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory.\n\nIf decryption succeeds, the resulting plaintext is stored in `m` and the function returns the success code 0.\nIf decryption fails, the array `m` remains unchanged and the function returns the error code 1.\n\n@param k Pointer to 32 bytes of memory where the AEAD key is read from.\n@param n Pointer to 12 bytes of memory where the AEAD nonce is read from.\n@param aadlen Length of the associated data.\n@param aad Pointer to `aadlen` bytes of memory where the associated data is read from.\n\n@param mlen Length of the ciphertext.\n@param m Pointer to `mlen` bytes of memory where the message is written to.\n@param cipher Pointer to `mlen` bytes of memory where the ciphertext is read from.\n@param mac Pointer to 16 bytes of memory where the mac is read from.\n\n@returns 0 on succeess; 1 on failure."] - pub fn Hacl_Chacha20Poly1305_128_aead_decrypt( - k: *mut u8, - n: *mut u8, - aadlen: u32, - aad: *mut u8, - mlen: u32, - m: *mut u8, - cipher: *mut u8, - mac: *mut u8, - ) -> u32; -} -extern "C" { - pub fn Hacl_Blake2s_128_blake2s_init( - hash: *mut Lib_IntVector_Intrinsics_vec128, - kk: u32, - nn: u32, - ); -} -extern "C" { - pub fn Hacl_Blake2s_128_blake2s_update_key( - wv: *mut Lib_IntVector_Intrinsics_vec128, - hash: *mut Lib_IntVector_Intrinsics_vec128, - kk: u32, - k: *mut u8, - ll: u32, - ); -} -extern "C" { - pub fn Hacl_Blake2s_128_blake2s_update_multi( - len: u32, - wv: *mut Lib_IntVector_Intrinsics_vec128, - hash: *mut Lib_IntVector_Intrinsics_vec128, - prev: u64, - blocks: *mut u8, - nb: u32, - ); -} -extern "C" { - pub fn Hacl_Blake2s_128_blake2s_update_last( - len: u32, - wv: *mut Lib_IntVector_Intrinsics_vec128, - hash: *mut Lib_IntVector_Intrinsics_vec128, - prev: u64, - rem: u32, - d: *mut u8, - ); -} -extern "C" { - pub fn Hacl_Blake2s_128_blake2s_finish( - nn: u32, - output: *mut u8, - hash: *mut Lib_IntVector_Intrinsics_vec128, - ); -} -extern "C" { - #[doc = "Write the BLAKE2s digest of message `d` using key `k` into `output`.\n\n@param nn Length of to-be-generated digest with 1 <= `nn` <= 32.\n@param output Pointer to `nn` bytes of memory where the digest is written to.\n@param ll Length of the input message.\n@param d Pointer to `ll` bytes of memory where the input message is read from.\n@param kk Length of the key. Can be 0.\n@param k Pointer to `kk` bytes of memory where the key is read from."] - pub fn Hacl_Blake2s_128_blake2s( - nn: u32, - output: *mut u8, - ll: u32, - d: *mut u8, - kk: u32, - k: *mut u8, - ); -} -extern "C" { - pub fn Hacl_Blake2s_128_store_state128s_to_state32( - st32: *mut u32, - st: *mut Lib_IntVector_Intrinsics_vec128, - ); -} -extern "C" { - pub fn Hacl_Blake2s_128_load_state128s_from_state32( - st: *mut Lib_IntVector_Intrinsics_vec128, - st32: *mut u32, - ); -} -extern "C" { - pub fn Hacl_Blake2s_128_blake2s_malloc() -> *mut Lib_IntVector_Intrinsics_vec128; -} -extern "C" { - #[doc = "Encrypt a message `m` with key `k`.\n\nThe arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption.\nNote: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory.\n\n@param k Pointer to 32 bytes of memory where the AEAD key is read from.\n@param n Pointer to 12 bytes of memory where the AEAD nonce is read from.\n@param aadlen Length of the associated data.\n@param aad Pointer to `aadlen` bytes of memory where the associated data is read from.\n\n@param mlen Length of the message.\n@param m Pointer to `mlen` bytes of memory where the message is read from.\n@param cipher Pointer to `mlen` bytes of memory where the ciphertext is written to.\n@param mac Pointer to 16 bytes of memory where the mac is written to."] - pub fn Hacl_Chacha20Poly1305_256_aead_encrypt( - k: *mut u8, - n: *mut u8, - aadlen: u32, - aad: *mut u8, - mlen: u32, - m: *mut u8, - cipher: *mut u8, - mac: *mut u8, - ); -} -extern "C" { - #[doc = "Decrypt a ciphertext `cipher` with key `k`.\n\nThe arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption.\nNote: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory.\n\nIf decryption succeeds, the resulting plaintext is stored in `m` and the function returns the success code 0.\nIf decryption fails, the array `m` remains unchanged and the function returns the error code 1.\n\n@param k Pointer to 32 bytes of memory where the AEAD key is read from.\n@param n Pointer to 12 bytes of memory where the AEAD nonce is read from.\n@param aadlen Length of the associated data.\n@param aad Pointer to `aadlen` bytes of memory where the associated data is read from.\n\n@param mlen Length of the ciphertext.\n@param m Pointer to `mlen` bytes of memory where the message is written to.\n@param cipher Pointer to `mlen` bytes of memory where the ciphertext is read from.\n@param mac Pointer to 16 bytes of memory where the mac is read from.\n\n@returns 0 on succeess; 1 on failure."] - pub fn Hacl_Chacha20Poly1305_256_aead_decrypt( - k: *mut u8, - n: *mut u8, - aadlen: u32, - aad: *mut u8, - mlen: u32, - m: *mut u8, - cipher: *mut u8, - mac: *mut u8, - ) -> u32; -} -extern "C" { - pub fn Hacl_Blake2b_256_blake2b_init( - hash: *mut Lib_IntVector_Intrinsics_vec256, - kk: u32, - nn: u32, - ); -} -extern "C" { - pub fn Hacl_Blake2b_256_blake2b_update_key( - wv: *mut Lib_IntVector_Intrinsics_vec256, - hash: *mut Lib_IntVector_Intrinsics_vec256, - kk: u32, - k: *mut u8, - ll: u32, - ); -} -extern "C" { - pub fn Hacl_Blake2b_256_blake2b_finish( - nn: u32, - output: *mut u8, - hash: *mut Lib_IntVector_Intrinsics_vec256, - ); -} -extern "C" { - #[doc = "Write the BLAKE2b digest of message `d` using key `k` into `output`.\n\n@param nn Length of the to-be-generated digest with 1 <= `nn` <= 64.\n@param output Pointer to `nn` bytes of memory where the digest is written to.\n@param ll Length of the input message.\n@param d Pointer to `ll` bytes of memory where the input message is read from.\n@param kk Length of the key. Can be 0.\n@param k Pointer to `kk` bytes of memory where the key is read from."] - pub fn Hacl_Blake2b_256_blake2b( - nn: u32, - output: *mut u8, - ll: u32, - d: *mut u8, - kk: u32, - k: *mut u8, - ); -} -extern "C" { - pub fn Hacl_Blake2b_256_load_state256b_from_state32( - st: *mut Lib_IntVector_Intrinsics_vec256, - st32: *mut u64, - ); -} -extern "C" { - pub fn Hacl_Blake2b_256_store_state256b_to_state32( - st32: *mut u64, - st: *mut Lib_IntVector_Intrinsics_vec256, - ); -} -extern "C" { - pub fn Hacl_Blake2b_256_blake2b_malloc() -> *mut Lib_IntVector_Intrinsics_vec256; -} -extern "C" { - pub fn EverCrypt_AutoConfig2_has_shaext() -> bool; -} -extern "C" { - pub fn EverCrypt_AutoConfig2_has_aesni() -> bool; -} -extern "C" { - pub fn EverCrypt_AutoConfig2_has_pclmulqdq() -> bool; -} -extern "C" { - pub fn EverCrypt_AutoConfig2_has_avx2() -> bool; -} -extern "C" { - pub fn EverCrypt_AutoConfig2_has_avx() -> bool; -} -extern "C" { - pub fn EverCrypt_AutoConfig2_has_bmi2() -> bool; -} -extern "C" { - pub fn EverCrypt_AutoConfig2_has_adx() -> bool; -} -extern "C" { - pub fn EverCrypt_AutoConfig2_has_sse() -> bool; -} -extern "C" { - pub fn EverCrypt_AutoConfig2_has_movbe() -> bool; -} -extern "C" { - pub fn EverCrypt_AutoConfig2_has_rdrand() -> bool; -} -extern "C" { - pub fn EverCrypt_AutoConfig2_has_avx512() -> bool; -} -extern "C" { - pub fn EverCrypt_AutoConfig2_recall(); -} -extern "C" { - pub fn EverCrypt_AutoConfig2_init(); -} -extern "C" { - pub fn EverCrypt_AutoConfig2_disable_avx2(); -} -extern "C" { - pub fn EverCrypt_AutoConfig2_disable_avx(); -} -extern "C" { - pub fn EverCrypt_AutoConfig2_disable_bmi2(); -} -extern "C" { - pub fn EverCrypt_AutoConfig2_disable_adx(); -} -extern "C" { - pub fn EverCrypt_AutoConfig2_disable_shaext(); -} -extern "C" { - pub fn EverCrypt_AutoConfig2_disable_aesni(); -} -extern "C" { - pub fn EverCrypt_AutoConfig2_disable_pclmulqdq(); -} -extern "C" { - pub fn EverCrypt_AutoConfig2_disable_sse(); -} -extern "C" { - pub fn EverCrypt_AutoConfig2_disable_movbe(); -} -extern "C" { - pub fn EverCrypt_AutoConfig2_disable_rdrand(); -} -extern "C" { - pub fn EverCrypt_AutoConfig2_disable_avx512(); -} -extern "C" { - pub fn EverCrypt_AutoConfig2_has_vec128() -> bool; -} -extern "C" { - pub fn EverCrypt_AutoConfig2_has_vec256() -> bool; -} -pub type Spec_FFDHE_ffdhe_alg = u8; -pub type Spec_Agile_AEAD_alg = u8; -pub type EverCrypt_Error_error_code = u8; -#[repr(C)] -#[derive(Debug, Copy, Clone)] -pub struct EverCrypt_AEAD_state_s_s { - _unused: [u8; 0], -} -pub type EverCrypt_AEAD_state_s = EverCrypt_AEAD_state_s_s; -extern "C" { - pub fn EverCrypt_AEAD_uu___is_Ek( - a: Spec_Agile_AEAD_alg, - projectee: EverCrypt_AEAD_state_s, - ) -> bool; -} -extern "C" { - #[doc = "Return the algorithm used in the AEAD state.\n\n@param s State of the AEAD algorithm.\n\n@return Algorithm used in the AEAD state."] - pub fn EverCrypt_AEAD_alg_of_state(s: *mut EverCrypt_AEAD_state_s) -> Spec_Agile_AEAD_alg; -} -extern "C" { - #[doc = "Create the required AEAD state for the algorithm.\n\nNote: The caller must free the AEAD state by calling `EverCrypt_AEAD_free`.\n\n@param a The argument `a` must be either of:\n `Spec_Agile_AEAD_AES128_GCM` (KEY_LEN=16),\n `Spec_Agile_AEAD_AES256_GCM` (KEY_LEN=32), or\n `Spec_Agile_AEAD_CHACHA20_POLY1305` (KEY_LEN=32).\n@param dst Pointer to a pointer where the address of the allocated AEAD state will be written to.\n@param k Pointer to `KEY_LEN` bytes of memory where the key is read from. The size depends on the used algorithm, see above.\n\n@return The function returns `EverCrypt_Error_Success` on success or\n`EverCrypt_Error_UnsupportedAlgorithm` in case of a bad algorithm identifier.\n(See `EverCrypt_Error.h`.)"] - pub fn EverCrypt_AEAD_create_in( - a: Spec_Agile_AEAD_alg, - dst: *mut *mut EverCrypt_AEAD_state_s, - k: *mut u8, - ) -> EverCrypt_Error_error_code; -} -extern "C" { - #[doc = "Encrypt and authenticate a message (`plain`) with associated data (`ad`).\n\n@param s Pointer to the The AEAD state created by `EverCrypt_AEAD_create_in`. It already contains the encryption key.\n@param iv Pointer to `iv_len` bytes of memory where the nonce is read from.\n@param iv_len Length of the nonce. Note: ChaCha20Poly1305 requires a 12 byte nonce.\n@param ad Pointer to `ad_len` bytes of memory where the associated data is read from.\n@param ad_len Length of the associated data.\n@param plain Pointer to `plain_len` bytes of memory where the to-be-encrypted plaintext is read from.\n@param plain_len Length of the to-be-encrypted plaintext.\n@param cipher Pointer to `plain_len` bytes of memory where the ciphertext is written to.\n@param tag Pointer to `TAG_LEN` bytes of memory where the tag is written to.\nThe length of the `tag` must be of a suitable length for the chosen algorithm:\n `Spec_Agile_AEAD_AES128_GCM` (TAG_LEN=16)\n `Spec_Agile_AEAD_AES256_GCM` (TAG_LEN=16)\n `Spec_Agile_AEAD_CHACHA20_POLY1305` (TAG_LEN=16)\n\n@return `EverCrypt_AEAD_encrypt` may return either `EverCrypt_Error_Success` or `EverCrypt_Error_InvalidKey` (`EverCrypt_error.h`). The latter is returned if and only if the `s` parameter is `NULL`."] - pub fn EverCrypt_AEAD_encrypt( - s: *mut EverCrypt_AEAD_state_s, - iv: *mut u8, - iv_len: u32, - ad: *mut u8, - ad_len: u32, - plain: *mut u8, - plain_len: u32, - cipher: *mut u8, - tag: *mut u8, - ) -> EverCrypt_Error_error_code; -} -extern "C" { - #[doc = "WARNING: this function doesn't perform any dynamic\nhardware check. You MUST make sure your hardware supports the\nimplementation of AESGCM. Besides, this function was not designed\nfor cross-compilation: if you compile it on a system which doesn't\nsupport Vale, it will compile it to a function which makes the\nprogram exit."] - pub fn EverCrypt_AEAD_encrypt_expand_aes128_gcm_no_check( - k: *mut u8, - iv: *mut u8, - iv_len: u32, - ad: *mut u8, - ad_len: u32, - plain: *mut u8, - plain_len: u32, - cipher: *mut u8, - tag: *mut u8, - ) -> EverCrypt_Error_error_code; -} -extern "C" { - #[doc = "WARNING: this function doesn't perform any dynamic\nhardware check. You MUST make sure your hardware supports the\nimplementation of AESGCM. Besides, this function was not designed\nfor cross-compilation: if you compile it on a system which doesn't\nsupport Vale, it will compile it to a function which makes the\nprogram exit."] - pub fn EverCrypt_AEAD_encrypt_expand_aes256_gcm_no_check( - k: *mut u8, - iv: *mut u8, - iv_len: u32, - ad: *mut u8, - ad_len: u32, - plain: *mut u8, - plain_len: u32, - cipher: *mut u8, - tag: *mut u8, - ) -> EverCrypt_Error_error_code; -} -extern "C" { - pub fn EverCrypt_AEAD_encrypt_expand_aes128_gcm( - k: *mut u8, - iv: *mut u8, - iv_len: u32, - ad: *mut u8, - ad_len: u32, - plain: *mut u8, - plain_len: u32, - cipher: *mut u8, - tag: *mut u8, - ) -> EverCrypt_Error_error_code; -} -extern "C" { - pub fn EverCrypt_AEAD_encrypt_expand_aes256_gcm( - k: *mut u8, - iv: *mut u8, - iv_len: u32, - ad: *mut u8, - ad_len: u32, - plain: *mut u8, - plain_len: u32, - cipher: *mut u8, - tag: *mut u8, - ) -> EverCrypt_Error_error_code; -} -extern "C" { - pub fn EverCrypt_AEAD_encrypt_expand_chacha20_poly1305( - k: *mut u8, - iv: *mut u8, - iv_len: u32, - ad: *mut u8, - ad_len: u32, - plain: *mut u8, - plain_len: u32, - cipher: *mut u8, - tag: *mut u8, - ) -> EverCrypt_Error_error_code; -} -extern "C" { - pub fn EverCrypt_AEAD_encrypt_expand( - a: Spec_Agile_AEAD_alg, - k: *mut u8, - iv: *mut u8, - iv_len: u32, - ad: *mut u8, - ad_len: u32, - plain: *mut u8, - plain_len: u32, - cipher: *mut u8, - tag: *mut u8, - ) -> EverCrypt_Error_error_code; -} -extern "C" { - #[doc = "Verify the authenticity of `ad` || `cipher` and decrypt `cipher` into `dst`.\n\n@param s Pointer to the The AEAD state created by `EverCrypt_AEAD_create_in`. It already contains the encryption key.\n@param iv Pointer to `iv_len` bytes of memory where the nonce is read from.\n@param iv_len Length of the nonce. Note: ChaCha20Poly1305 requires a 12 byte nonce.\n@param ad Pointer to `ad_len` bytes of memory where the associated data is read from.\n@param ad_len Length of the associated data.\n@param cipher Pointer to `cipher_len` bytes of memory where the ciphertext is read from.\n@param cipher_len Length of the ciphertext.\n@param tag Pointer to `TAG_LEN` bytes of memory where the tag is read from.\nThe length of the `tag` must be of a suitable length for the chosen algorithm:\n `Spec_Agile_AEAD_AES128_GCM` (TAG_LEN=16)\n `Spec_Agile_AEAD_AES256_GCM` (TAG_LEN=16)\n `Spec_Agile_AEAD_CHACHA20_POLY1305` (TAG_LEN=16)\n@param dst Pointer to `cipher_len` bytes of memory where the decrypted plaintext will be written to.\n\n@return `EverCrypt_AEAD_decrypt` returns ...\n\n `EverCrypt_Error_Success`\n\n... on success and either of ...\n\n `EverCrypt_Error_InvalidKey` (returned if and only if the `s` parameter is `NULL`),\n `EverCrypt_Error_InvalidIVLength` (see note about requirements on IV size above), or\n `EverCrypt_Error_AuthenticationFailure` (in case the ciphertext could not be authenticated, e.g., due to modifications)\n\n... on failure (`EverCrypt_error.h`).\n\nUpon success, the plaintext will be written into `dst`."] - pub fn EverCrypt_AEAD_decrypt( - s: *mut EverCrypt_AEAD_state_s, - iv: *mut u8, - iv_len: u32, - ad: *mut u8, - ad_len: u32, - cipher: *mut u8, - cipher_len: u32, - tag: *mut u8, - dst: *mut u8, - ) -> EverCrypt_Error_error_code; -} -extern "C" { - #[doc = "WARNING: this function doesn't perform any dynamic\nhardware check. You MUST make sure your hardware supports the\nimplementation of AESGCM. Besides, this function was not designed\nfor cross-compilation: if you compile it on a system which doesn't\nsupport Vale, it will compile it to a function which makes the\nprogram exit."] - pub fn EverCrypt_AEAD_decrypt_expand_aes128_gcm_no_check( - k: *mut u8, - iv: *mut u8, - iv_len: u32, - ad: *mut u8, - ad_len: u32, - cipher: *mut u8, - cipher_len: u32, - tag: *mut u8, - dst: *mut u8, - ) -> EverCrypt_Error_error_code; -} -extern "C" { - #[doc = "WARNING: this function doesn't perform any dynamic\nhardware check. You MUST make sure your hardware supports the\nimplementation of AESGCM. Besides, this function was not designed\nfor cross-compilation: if you compile it on a system which doesn't\nsupport Vale, it will compile it to a function which makes the\nprogram exit."] - pub fn EverCrypt_AEAD_decrypt_expand_aes256_gcm_no_check( - k: *mut u8, - iv: *mut u8, - iv_len: u32, - ad: *mut u8, - ad_len: u32, - cipher: *mut u8, - cipher_len: u32, - tag: *mut u8, - dst: *mut u8, - ) -> EverCrypt_Error_error_code; -} -extern "C" { - pub fn EverCrypt_AEAD_decrypt_expand_aes128_gcm( - k: *mut u8, - iv: *mut u8, - iv_len: u32, - ad: *mut u8, - ad_len: u32, - cipher: *mut u8, - cipher_len: u32, - tag: *mut u8, - dst: *mut u8, - ) -> EverCrypt_Error_error_code; -} -extern "C" { - pub fn EverCrypt_AEAD_decrypt_expand_aes256_gcm( - k: *mut u8, - iv: *mut u8, - iv_len: u32, - ad: *mut u8, - ad_len: u32, - cipher: *mut u8, - cipher_len: u32, - tag: *mut u8, - dst: *mut u8, - ) -> EverCrypt_Error_error_code; -} -extern "C" { - pub fn EverCrypt_AEAD_decrypt_expand_chacha20_poly1305( - k: *mut u8, - iv: *mut u8, - iv_len: u32, - ad: *mut u8, - ad_len: u32, - cipher: *mut u8, - cipher_len: u32, - tag: *mut u8, - dst: *mut u8, - ) -> EverCrypt_Error_error_code; -} -extern "C" { - pub fn EverCrypt_AEAD_decrypt_expand( - a: Spec_Agile_AEAD_alg, - k: *mut u8, - iv: *mut u8, - iv_len: u32, - ad: *mut u8, - ad_len: u32, - cipher: *mut u8, - cipher_len: u32, - tag: *mut u8, - dst: *mut u8, - ) -> EverCrypt_Error_error_code; -} -extern "C" { - #[doc = "Cleanup and free the AEAD state.\n\n@param s State of the AEAD algorithm."] - pub fn EverCrypt_AEAD_free(s: *mut EverCrypt_AEAD_state_s); -} diff --git a/sys/libjade/build.rs b/sys/libjade/build.rs index 81142a388..2f96df759 100644 --- a/sys/libjade/build.rs +++ b/sys/libjade/build.rs @@ -127,8 +127,6 @@ pub fn main() { // Get ENV variables let home_dir = env::var("CARGO_MANIFEST_DIR").unwrap(); let home_path = Path::new(&home_dir); - let out_dir = env::var("OUT_DIR").unwrap(); - let out_path = Path::new(&out_dir); let target = env::var("TARGET").unwrap(); let host = env::var("HOST").unwrap(); @@ -148,9 +146,6 @@ pub fn main() { // Build the C/ASM files build(platform, home_path); - // Set library name to look up - const LIB_NAME: &str = "jade"; - // Set re-run trigger for all of s println!("cargo:rerun-if-changed=jazz"); diff --git a/sys/libjade/src/fallback_definitions.rs b/sys/libjade/src/fallback_definitions.rs deleted file mode 100644 index 2af2c68ea..000000000 --- a/sys/libjade/src/fallback_definitions.rs +++ /dev/null @@ -1,8 +0,0 @@ -#[cfg(not(simd128))] -pub mod simd128; -#[cfg(not(simd128))] -pub use simd128::*; -#[cfg(not(simd256))] -pub mod simd256; -#[cfg(not(simd256))] -pub use simd256::*; diff --git a/sys/libjade/src/fallback_definitions/simd128.rs b/sys/libjade/src/fallback_definitions/simd128.rs deleted file mode 100644 index 170612876..000000000 --- a/sys/libjade/src/fallback_definitions/simd128.rs +++ /dev/null @@ -1,33 +0,0 @@ -pub fn jade_onetimeauth_poly1305_amd64_avx( - _: *mut u8, - _: *mut u8, - _: u64, - _: *mut u8, -) -> ::std::os::raw::c_int { - panic!("No AVX support compiled. Use --cfg simd128 to enable it.") -} -pub fn jade_onetimeauth_poly1305_amd64_avx_verify( - _: *mut u8, - _: *mut u8, - _: u64, - _: *mut u8, -) -> ::std::os::raw::c_int { - panic!("No AVX support compiled. Use --cfg simd128 to enable it.") -} -pub fn jade_stream_chacha_chacha20_ietf_amd64_avx_xor( - _: *mut u8, - _: *mut u8, - _: u64, - _: *mut u8, - _: *mut u8, -) -> ::std::os::raw::c_int { - panic!("No AVX support compiled. Use --cfg simd128 to enable it.") -} -pub fn jade_stream_chacha_chacha20_ietf_amd64_avx( - _: *mut u8, - _: u64, - _: *mut u8, - _: *mut u8, -) -> ::std::os::raw::c_int { - panic!("No AVX support compiled. Use --cfg simd128 to enable it.") -} diff --git a/sys/libjade/src/fallback_definitions/simd256.rs b/sys/libjade/src/fallback_definitions/simd256.rs deleted file mode 100644 index a0f28318a..000000000 --- a/sys/libjade/src/fallback_definitions/simd256.rs +++ /dev/null @@ -1,67 +0,0 @@ -pub unsafe fn jade_hash_sha3_224_amd64_avx2( - _: *mut u8, - _: *mut u8, - _: u64, -) -> ::std::os::raw::c_int { - panic!("No AVX2 support compiled. Use --cfg simd256 to enable it.") -} - -pub unsafe fn jade_hash_sha3_256_amd64_avx2( - _: *mut u8, - _: *mut u8, - _: u64, -) -> ::std::os::raw::c_int { - panic!("No AVX2 support compiled. Use --cfg simd256 to enable it.") -} - -pub unsafe fn jade_hash_sha3_384_amd64_avx2( - _: *mut u8, - _: *mut u8, - _: u64, -) -> ::std::os::raw::c_int { - panic!("No AVX2 support compiled. Use --cfg simd256 to enable it.") -} - -pub unsafe fn jade_hash_sha3_512_amd64_avx2( - _: *mut u8, - _: *mut u8, - _: u64, -) -> ::std::os::raw::c_int { - panic!("No AVX2 support compiled. Use --cfg simd256 to enable it.") -} - -pub unsafe fn jade_stream_chacha_chacha20_ietf_amd64_avx2_xor( - _: *mut u8, - _: *mut u8, - _: u64, - _: *mut u8, - _: *mut u8, -) -> ::std::os::raw::c_int { - panic!("No AVX2 support compiled. Use --cfg simd256 to enable it.") -} - -pub unsafe fn jade_stream_chacha_chacha20_ietf_amd64_avx2( - _: *mut u8, - _: u64, - _: *mut u8, - _: *mut u8, -) -> ::std::os::raw::c_int { - panic!("No AVX2 support compiled. Use --cfg simd256 to enable it.") -} - -pub unsafe fn jade_onetimeauth_poly1305_amd64_avx2( - _: *mut u8, - _: *mut u8, - _: u64, - _: *mut u8, -) -> ::std::os::raw::c_int { - panic!("No AVX2 support compiled. Use --cfg simd256 to enable it.") -} -pub unsafe fn jade_onetimeauth_poly1305_amd64_avx2_verify( - _: *mut u8, - _: *mut u8, - _: u64, - _: *mut u8, -) -> ::std::os::raw::c_int { - panic!("No AVX2 support compiled. Use --cfg simd256 to enable it.") -} diff --git a/sys/libjade/src/lib.rs b/sys/libjade/src/lib.rs index e2d95b2c0..0af402e5f 100644 --- a/sys/libjade/src/lib.rs +++ b/sys/libjade/src/lib.rs @@ -2,7 +2,3 @@ mod bindings; pub use bindings::*; - -// Function definitions for things not compiled in certain configurations. -mod fallback_definitions; -pub use fallback_definitions::*; From 81bc16f1b29032c06b65585625b53466be208377 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Mon, 11 Sep 2023 10:05:13 +0200 Subject: [PATCH 13/17] fixup aarch and disable win x86 for now on ci --- .github/workflows/rust.yml | 3 +++ sys/hacl/build.rs | 2 ++ tests/hpke_kat.rs | 2 +- 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index 0a8cda190..6a0a74525 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -27,6 +27,9 @@ jobs: exclude: - bits: 32 os: "macos-latest" + # FIXME: Linking isn't working here yet for hacl #42 + - bits: 32 + os: "windows-latest" runs-on: ${{ matrix.os }} defaults: diff --git a/sys/hacl/build.rs b/sys/hacl/build.rs index 1660950e9..6709f60da 100644 --- a/sys/hacl/build.rs +++ b/sys/hacl/build.rs @@ -3,7 +3,9 @@ use std::{env, path::Path}; const LIB_NAME: &str = "hacl"; const LIB_128_NAME: &str = "hacl_128"; const LIB_256_NAME: &str = "hacl_256"; +#[allow(dead_code)] // FIXME: remove wrong cfg guards const LIB_25519_NAME: &str = "hacl_curve25519"; +#[allow(dead_code)] // FIXME: remove wrong cfg guards const LIB_VALE_AESGCM_NAME: &str = "vale_aesgcm"; macro_rules! svec { diff --git a/tests/hpke_kat.rs b/tests/hpke_kat.rs index 94fc8a550..851d8c4bc 100644 --- a/tests/hpke_kat.rs +++ b/tests/hpke_kat.rs @@ -193,7 +193,7 @@ fn kat(tests: Vec) { ); return; } - if !aes_ni_support() || cfg!(target_arch = "x86") { + if !aes_ni_support() || cfg!(not(target_arch = "x86_64")) { // libcrux AES only works on x64 (and there only with the necessary extensions) eprintln!("skipping AES because we're missing features."); return; From b2f2f8f8b4d94ccb786eb5ef92368b2ca6ac368f Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Thu, 14 Sep 2023 11:47:09 +0200 Subject: [PATCH 14/17] more target fixes in hacl --- sys/hacl/build.rs | 61 +++++++++++++++++++---------------------------- 1 file changed, 25 insertions(+), 36 deletions(-) diff --git a/sys/hacl/build.rs b/sys/hacl/build.rs index 6709f60da..c864288c1 100644 --- a/sys/hacl/build.rs +++ b/sys/hacl/build.rs @@ -12,10 +12,10 @@ macro_rules! svec { ($($x:expr),*$(,)?) => (vec![$($x.to_string()),*]); } -fn includes(home_dir: &Path, include_str: &str) -> Vec { +fn includes(platform: &Platform, home_dir: &Path, include_str: &str) -> Vec { let c_path = home_dir.join("c"); let mut include_path = c_path.join("include"); - if cfg!(target_env = "msvc") { + if platform.target_env == "msvc" { include_path = include_path.join("msvc"); } vec![ @@ -38,25 +38,18 @@ fn includes(home_dir: &Path, include_str: &str) -> Vec { ] } -// FIXME: drop all the host specific checks and move them to target. -#[cfg(all( - any(target_arch = "x86", target_arch = "x86_64"), - any( - target_os = "linux", - target_os = "macos", - all(target_os = "windows", any(target_env = "msvc", target_env = "gnu")) - ) -))] -fn append_aesgcm_flags(flags: &mut Vec) { - if cfg!(not(target_env = "msvc")) { +#[allow(dead_code)] +fn append_aesgcm_flags(platform: &Platform, flags: &mut Vec) { + if platform.target_env != "msvc" { flags.push("-maes".to_string()); flags.push("-mpclmul".to_string()); } } -fn append_simd128_flags(flags: &mut Vec, is_bindgen: bool) { - if cfg!(any(target_arch = "x86", target_arch = "x86_64")) - && (is_bindgen || cfg!(not(target_env = "msvc"))) +#[allow(dead_code)] +fn append_simd128_flags(platform: &Platform, flags: &mut Vec, is_bindgen: bool) { + if platform.target_arch == "x86" + || platform.target_arch == "x86_64" && (is_bindgen || platform.target_env != "msvc") { flags.push("-msse4.1".to_string()); flags.push("-msse4.2".to_string()); @@ -64,14 +57,15 @@ fn append_simd128_flags(flags: &mut Vec, is_bindgen: bool) { } } -fn append_simd256_flags(flags: &mut Vec, is_bindgen: bool) { - if is_bindgen || cfg!(not(target_env = "msvc")) { +#[allow(dead_code)] +fn append_simd256_flags(platform: &Platform, flags: &mut Vec, is_bindgen: bool) { + if is_bindgen || platform.target_env != "msvc" { flags.push("-mavx2".to_string()); } } fn create_bindings(platform: &Platform, home_dir: &Path) { - let mut clang_args = includes(home_dir, "-I"); + let mut clang_args = includes(platform, home_dir, "-I"); let mut bindings = bindgen::Builder::default(); @@ -79,14 +73,14 @@ fn create_bindings(platform: &Platform, home_dir: &Path) { // Header to wrap HACL headers .header("c/config/hacl.h"); if platform.simd128 { - append_simd128_flags(&mut clang_args, true); + append_simd128_flags(platform, &mut clang_args, true); clang_args.push("-DSIMD128".to_string()); bindings = bindings // Header to wrap HACL SIMD 128 headers .header("c/config/hacl128.h"); } if platform.simd256 { - append_simd256_flags(&mut clang_args, true); + append_simd256_flags(platform, &mut clang_args, true); clang_args.push("-DSIMD256".to_string()); bindings = bindings // Header to wrap HACL SIMD 256 headers @@ -105,12 +99,6 @@ fn create_bindings(platform: &Platform, home_dir: &Path) { // Header to wrap EverCrypt_AutoConfig2 .header("c/config/vale-aes.h"); } - if cfg!(target_arch = "wasm32") { - clang_args.push( - "--sysroot=/Users/franziskus/repos/emsdk/upstream/emscripten/cache/sysroot".to_string(), - // "-I=/Users/franziskus/repos/emsdk/upstream/emscripten/cache/sysroot/include".to_string(), - ); - } let generated_bindings = bindings // Set include paths for HACL headers @@ -183,14 +171,11 @@ fn compile_files( // XXX: There are too many warnings for now .warnings(false); - for include in includes(home_path, "") { + for include in includes(platform, home_path, "") { build.include(include); } build.opt_level(3); build.static_crt(true); - if let Some(target) = platform.target { - build.flag(&format!("--target={target}")); - } for arg in args { build.flag(arg); } @@ -262,7 +247,7 @@ fn build(platform: &Platform, home_path: &Path) { defines.append(&mut vec![("HACL_CAN_COMPILE_VEC128", "1")]); let mut simd128_flags = vec![]; - append_simd128_flags(&mut simd128_flags, false); + append_simd128_flags(platform, &mut simd128_flags, false); compile_files( platform, LIB_128_NAME, @@ -288,7 +273,7 @@ fn build(platform: &Platform, home_path: &Path) { defines.append(&mut vec![("HACL_CAN_COMPILE_VEC256", "1")]); let mut simd256_flags = vec![]; - append_simd256_flags(&mut simd256_flags, false); + append_simd256_flags(platform, &mut simd256_flags, false); compile_files( platform, LIB_256_NAME, @@ -299,6 +284,8 @@ fn build(platform: &Platform, home_path: &Path) { &defines, ); } + + // FIXME: this doesn't work on cross compilation. #[cfg(all( any(target_arch = "x86", target_arch = "x86_64"), any( @@ -334,6 +321,8 @@ fn build(platform: &Platform, home_path: &Path) { &defines, ); } + + // FIXME: this doesn't work on cross compilation. #[cfg(all( any(target_arch = "x86", target_arch = "x86_64"), any( @@ -366,9 +355,9 @@ fn build(platform: &Platform, home_path: &Path) { defines.append(&mut vec![("HACL_CAN_COMPILE_VALE", "1")]); let mut aesgcm_flags = vec![]; - append_simd128_flags(&mut aesgcm_flags, false); - append_simd256_flags(&mut aesgcm_flags, false); - append_aesgcm_flags(&mut aesgcm_flags); + append_simd128_flags(platform, &mut aesgcm_flags, false); + append_simd256_flags(platform, &mut aesgcm_flags, false); + append_aesgcm_flags(platform, &mut aesgcm_flags); compile_files( platform, LIB_VALE_AESGCM_NAME, From 7184143e4f56eb0a1b73643e86d655c219cb161f Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Sat, 16 Sep 2023 07:48:13 +0200 Subject: [PATCH 15/17] don't generate bindings for hacl every time --- sys/hacl/build.rs | 4 +- sys/hacl/src/bindings.rs | 503 ++++++++++++++++++++++- sys/hacl/src/lib.rs | 849 +-------------------------------------- 3 files changed, 505 insertions(+), 851 deletions(-) diff --git a/sys/hacl/build.rs b/sys/hacl/build.rs index c864288c1..ea1d4356f 100644 --- a/sys/hacl/build.rs +++ b/sys/hacl/build.rs @@ -396,6 +396,7 @@ fn main() { let target_arch = env::var("CARGO_CFG_TARGET_ARCH").unwrap(); let target_env = env::var("CARGO_CFG_TARGET_ENV").unwrap(); let target_os = env::var("CARGO_CFG_TARGET_OS").unwrap(); + let generate_bindings = env::var("LIBCRUX_GENERATE_BINDINGS"); // Check platform support let platform = if target_arch != "wasm32" { @@ -430,7 +431,8 @@ fn main() { build(&platform, home_path); // Generate new bindings. - if target_arch != "wasm32" { + // This is only done if the corresponding environment variable is set. + if generate_bindings.is_ok() && target_arch != "wasm32" { create_bindings(&platform, home_path); } } diff --git a/sys/hacl/src/bindings.rs b/sys/hacl/src/bindings.rs index 2fa35ce13..676945045 100644 --- a/sys/hacl/src/bindings.rs +++ b/sys/hacl/src/bindings.rs @@ -18,13 +18,31 @@ pub const Hacl_Streaming_Types_Success: u32 = 0; pub const Hacl_Streaming_Types_InvalidAlgorithm: u32 = 1; pub const Hacl_Streaming_Types_InvalidLength: u32 = 2; pub const Hacl_Streaming_Types_MaximumLengthExceeded: u32 = 3; -#[repr(C)] -#[derive(Debug, Copy, Clone)] -pub struct FStar_UInt128_uint128_s { - pub low: u64, - pub high: u64, +pub const Spec_FFDHE_FFDHE2048: u32 = 0; +pub const Spec_FFDHE_FFDHE3072: u32 = 1; +pub const Spec_FFDHE_FFDHE4096: u32 = 2; +pub const Spec_FFDHE_FFDHE6144: u32 = 3; +pub const Spec_FFDHE_FFDHE8192: u32 = 4; +pub const Spec_Agile_AEAD_AES128_GCM: u32 = 0; +pub const Spec_Agile_AEAD_AES256_GCM: u32 = 1; +pub const Spec_Agile_AEAD_CHACHA20_POLY1305: u32 = 2; +pub const Spec_Agile_AEAD_AES128_CCM: u32 = 3; +pub const Spec_Agile_AEAD_AES256_CCM: u32 = 4; +pub const Spec_Agile_AEAD_AES128_CCM8: u32 = 5; +pub const Spec_Agile_AEAD_AES256_CCM8: u32 = 6; +pub type FStar_UInt128_uint128 = u128; +extern "C" { + #[doc = "Compute the scalar multiple of a point.\n\n@param out Pointer to 32 bytes of memory, allocated by the caller, where the resulting point is written to.\n@param priv Pointer to 32 bytes of memory where the secret/private key is read from.\n@param pub Pointer to 32 bytes of memory where the public point is read from."] + pub fn Hacl_Curve25519_64_scalarmult(out: *mut u8, priv_: *mut u8, pub_: *mut u8); +} +extern "C" { + #[doc = "Calculate a public point from a secret/private key.\n\nThis computes a scalar multiplication of the secret/private key with the curve's basepoint.\n\n@param pub Pointer to 32 bytes of memory, allocated by the caller, where the resulting point is written to.\n@param priv Pointer to 32 bytes of memory where the secret/private key is read from."] + pub fn Hacl_Curve25519_64_secret_to_public(pub_: *mut u8, priv_: *mut u8); +} +extern "C" { + #[doc = "Execute the diffie-hellmann key exchange.\n\n@param out Pointer to 32 bytes of memory, allocated by the caller, where the resulting point is written to.\n@param priv Pointer to 32 bytes of memory where **our** secret/private key is read from.\n@param pub Pointer to 32 bytes of memory where **their** public point is read from."] + pub fn Hacl_Curve25519_64_ecdh(out: *mut u8, priv_: *mut u8, pub_: *mut u8) -> bool; } -pub type FStar_UInt128_uint128 = FStar_UInt128_uint128_s; extern "C" { #[doc = "Encrypt a message `m` with key `k`.\n\nThe arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption.\nNote: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory.\n\n@param k Pointer to 32 bytes of memory where the AEAD key is read from.\n@param n Pointer to 12 bytes of memory where the AEAD nonce is read from.\n@param aadlen Length of the associated data.\n@param aad Pointer to `aadlen` bytes of memory where the associated data is read from.\n\n@param mlen Length of the message.\n@param m Pointer to `mlen` bytes of memory where the message is read from.\n@param cipher Pointer to `mlen` bytes of memory where the ciphertext is written to.\n@param mac Pointer to 16 bytes of memory where the mac is written to."] pub fn Hacl_Chacha20Poly1305_32_aead_encrypt( @@ -743,3 +761,476 @@ extern "C" { private_key: *mut u8, ) -> bool; } +pub type __m128i = [::core::ffi::c_longlong; 2usize]; +pub type Lib_IntVector_Intrinsics_vec128 = __m128i; +pub type __m256i = [::core::ffi::c_longlong; 4usize]; +pub type Lib_IntVector_Intrinsics_vec256 = __m256i; +extern "C" { + #[doc = "Encrypt a message `m` with key `k`.\n\nThe arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption.\nNote: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory.\n\n@param k Pointer to 32 bytes of memory where the AEAD key is read from.\n@param n Pointer to 12 bytes of memory where the AEAD nonce is read from.\n@param aadlen Length of the associated data.\n@param aad Pointer to `aadlen` bytes of memory where the associated data is read from.\n\n@param mlen Length of the message.\n@param m Pointer to `mlen` bytes of memory where the message is read from.\n@param cipher Pointer to `mlen` bytes of memory where the ciphertext is written to.\n@param mac Pointer to 16 bytes of memory where the mac is written to."] + pub fn Hacl_Chacha20Poly1305_128_aead_encrypt( + k: *mut u8, + n: *mut u8, + aadlen: u32, + aad: *mut u8, + mlen: u32, + m: *mut u8, + cipher: *mut u8, + mac: *mut u8, + ); +} +extern "C" { + #[doc = "Decrypt a ciphertext `cipher` with key `k`.\n\nThe arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption.\nNote: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory.\n\nIf decryption succeeds, the resulting plaintext is stored in `m` and the function returns the success code 0.\nIf decryption fails, the array `m` remains unchanged and the function returns the error code 1.\n\n@param k Pointer to 32 bytes of memory where the AEAD key is read from.\n@param n Pointer to 12 bytes of memory where the AEAD nonce is read from.\n@param aadlen Length of the associated data.\n@param aad Pointer to `aadlen` bytes of memory where the associated data is read from.\n\n@param mlen Length of the ciphertext.\n@param m Pointer to `mlen` bytes of memory where the message is written to.\n@param cipher Pointer to `mlen` bytes of memory where the ciphertext is read from.\n@param mac Pointer to 16 bytes of memory where the mac is read from.\n\n@returns 0 on succeess; 1 on failure."] + pub fn Hacl_Chacha20Poly1305_128_aead_decrypt( + k: *mut u8, + n: *mut u8, + aadlen: u32, + aad: *mut u8, + mlen: u32, + m: *mut u8, + cipher: *mut u8, + mac: *mut u8, + ) -> u32; +} +extern "C" { + pub fn Hacl_Blake2s_128_blake2s_init( + hash: *mut Lib_IntVector_Intrinsics_vec128, + kk: u32, + nn: u32, + ); +} +extern "C" { + pub fn Hacl_Blake2s_128_blake2s_update_key( + wv: *mut Lib_IntVector_Intrinsics_vec128, + hash: *mut Lib_IntVector_Intrinsics_vec128, + kk: u32, + k: *mut u8, + ll: u32, + ); +} +extern "C" { + pub fn Hacl_Blake2s_128_blake2s_update_multi( + len: u32, + wv: *mut Lib_IntVector_Intrinsics_vec128, + hash: *mut Lib_IntVector_Intrinsics_vec128, + prev: u64, + blocks: *mut u8, + nb: u32, + ); +} +extern "C" { + pub fn Hacl_Blake2s_128_blake2s_update_last( + len: u32, + wv: *mut Lib_IntVector_Intrinsics_vec128, + hash: *mut Lib_IntVector_Intrinsics_vec128, + prev: u64, + rem: u32, + d: *mut u8, + ); +} +extern "C" { + pub fn Hacl_Blake2s_128_blake2s_finish( + nn: u32, + output: *mut u8, + hash: *mut Lib_IntVector_Intrinsics_vec128, + ); +} +extern "C" { + #[doc = "Write the BLAKE2s digest of message `d` using key `k` into `output`.\n\n@param nn Length of to-be-generated digest with 1 <= `nn` <= 32.\n@param output Pointer to `nn` bytes of memory where the digest is written to.\n@param ll Length of the input message.\n@param d Pointer to `ll` bytes of memory where the input message is read from.\n@param kk Length of the key. Can be 0.\n@param k Pointer to `kk` bytes of memory where the key is read from."] + pub fn Hacl_Blake2s_128_blake2s( + nn: u32, + output: *mut u8, + ll: u32, + d: *mut u8, + kk: u32, + k: *mut u8, + ); +} +extern "C" { + pub fn Hacl_Blake2s_128_store_state128s_to_state32( + st32: *mut u32, + st: *mut Lib_IntVector_Intrinsics_vec128, + ); +} +extern "C" { + pub fn Hacl_Blake2s_128_load_state128s_from_state32( + st: *mut Lib_IntVector_Intrinsics_vec128, + st32: *mut u32, + ); +} +extern "C" { + pub fn Hacl_Blake2s_128_blake2s_malloc() -> *mut Lib_IntVector_Intrinsics_vec128; +} +extern "C" { + #[doc = "Encrypt a message `m` with key `k`.\n\nThe arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption.\nNote: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory.\n\n@param k Pointer to 32 bytes of memory where the AEAD key is read from.\n@param n Pointer to 12 bytes of memory where the AEAD nonce is read from.\n@param aadlen Length of the associated data.\n@param aad Pointer to `aadlen` bytes of memory where the associated data is read from.\n\n@param mlen Length of the message.\n@param m Pointer to `mlen` bytes of memory where the message is read from.\n@param cipher Pointer to `mlen` bytes of memory where the ciphertext is written to.\n@param mac Pointer to 16 bytes of memory where the mac is written to."] + pub fn Hacl_Chacha20Poly1305_256_aead_encrypt( + k: *mut u8, + n: *mut u8, + aadlen: u32, + aad: *mut u8, + mlen: u32, + m: *mut u8, + cipher: *mut u8, + mac: *mut u8, + ); +} +extern "C" { + #[doc = "Decrypt a ciphertext `cipher` with key `k`.\n\nThe arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption.\nNote: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory.\n\nIf decryption succeeds, the resulting plaintext is stored in `m` and the function returns the success code 0.\nIf decryption fails, the array `m` remains unchanged and the function returns the error code 1.\n\n@param k Pointer to 32 bytes of memory where the AEAD key is read from.\n@param n Pointer to 12 bytes of memory where the AEAD nonce is read from.\n@param aadlen Length of the associated data.\n@param aad Pointer to `aadlen` bytes of memory where the associated data is read from.\n\n@param mlen Length of the ciphertext.\n@param m Pointer to `mlen` bytes of memory where the message is written to.\n@param cipher Pointer to `mlen` bytes of memory where the ciphertext is read from.\n@param mac Pointer to 16 bytes of memory where the mac is read from.\n\n@returns 0 on succeess; 1 on failure."] + pub fn Hacl_Chacha20Poly1305_256_aead_decrypt( + k: *mut u8, + n: *mut u8, + aadlen: u32, + aad: *mut u8, + mlen: u32, + m: *mut u8, + cipher: *mut u8, + mac: *mut u8, + ) -> u32; +} +extern "C" { + pub fn Hacl_Blake2b_256_blake2b_init( + hash: *mut Lib_IntVector_Intrinsics_vec256, + kk: u32, + nn: u32, + ); +} +extern "C" { + pub fn Hacl_Blake2b_256_blake2b_update_key( + wv: *mut Lib_IntVector_Intrinsics_vec256, + hash: *mut Lib_IntVector_Intrinsics_vec256, + kk: u32, + k: *mut u8, + ll: u32, + ); +} +extern "C" { + pub fn Hacl_Blake2b_256_blake2b_finish( + nn: u32, + output: *mut u8, + hash: *mut Lib_IntVector_Intrinsics_vec256, + ); +} +extern "C" { + #[doc = "Write the BLAKE2b digest of message `d` using key `k` into `output`.\n\n@param nn Length of the to-be-generated digest with 1 <= `nn` <= 64.\n@param output Pointer to `nn` bytes of memory where the digest is written to.\n@param ll Length of the input message.\n@param d Pointer to `ll` bytes of memory where the input message is read from.\n@param kk Length of the key. Can be 0.\n@param k Pointer to `kk` bytes of memory where the key is read from."] + pub fn Hacl_Blake2b_256_blake2b( + nn: u32, + output: *mut u8, + ll: u32, + d: *mut u8, + kk: u32, + k: *mut u8, + ); +} +extern "C" { + pub fn Hacl_Blake2b_256_load_state256b_from_state32( + st: *mut Lib_IntVector_Intrinsics_vec256, + st32: *mut u64, + ); +} +extern "C" { + pub fn Hacl_Blake2b_256_store_state256b_to_state32( + st32: *mut u64, + st: *mut Lib_IntVector_Intrinsics_vec256, + ); +} +extern "C" { + pub fn Hacl_Blake2b_256_blake2b_malloc() -> *mut Lib_IntVector_Intrinsics_vec256; +} +extern "C" { + pub fn EverCrypt_AutoConfig2_has_shaext() -> bool; +} +extern "C" { + pub fn EverCrypt_AutoConfig2_has_aesni() -> bool; +} +extern "C" { + pub fn EverCrypt_AutoConfig2_has_pclmulqdq() -> bool; +} +extern "C" { + pub fn EverCrypt_AutoConfig2_has_avx2() -> bool; +} +extern "C" { + pub fn EverCrypt_AutoConfig2_has_avx() -> bool; +} +extern "C" { + pub fn EverCrypt_AutoConfig2_has_bmi2() -> bool; +} +extern "C" { + pub fn EverCrypt_AutoConfig2_has_adx() -> bool; +} +extern "C" { + pub fn EverCrypt_AutoConfig2_has_sse() -> bool; +} +extern "C" { + pub fn EverCrypt_AutoConfig2_has_movbe() -> bool; +} +extern "C" { + pub fn EverCrypt_AutoConfig2_has_rdrand() -> bool; +} +extern "C" { + pub fn EverCrypt_AutoConfig2_has_avx512() -> bool; +} +extern "C" { + pub fn EverCrypt_AutoConfig2_recall(); +} +extern "C" { + pub fn EverCrypt_AutoConfig2_init(); +} +extern "C" { + pub fn EverCrypt_AutoConfig2_disable_avx2(); +} +extern "C" { + pub fn EverCrypt_AutoConfig2_disable_avx(); +} +extern "C" { + pub fn EverCrypt_AutoConfig2_disable_bmi2(); +} +extern "C" { + pub fn EverCrypt_AutoConfig2_disable_adx(); +} +extern "C" { + pub fn EverCrypt_AutoConfig2_disable_shaext(); +} +extern "C" { + pub fn EverCrypt_AutoConfig2_disable_aesni(); +} +extern "C" { + pub fn EverCrypt_AutoConfig2_disable_pclmulqdq(); +} +extern "C" { + pub fn EverCrypt_AutoConfig2_disable_sse(); +} +extern "C" { + pub fn EverCrypt_AutoConfig2_disable_movbe(); +} +extern "C" { + pub fn EverCrypt_AutoConfig2_disable_rdrand(); +} +extern "C" { + pub fn EverCrypt_AutoConfig2_disable_avx512(); +} +extern "C" { + pub fn EverCrypt_AutoConfig2_has_vec128() -> bool; +} +extern "C" { + pub fn EverCrypt_AutoConfig2_has_vec256() -> bool; +} +pub type Spec_FFDHE_ffdhe_alg = u8; +pub type Spec_Agile_AEAD_alg = u8; +pub type EverCrypt_Error_error_code = u8; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct EverCrypt_AEAD_state_s_s { + _unused: [u8; 0], +} +pub type EverCrypt_AEAD_state_s = EverCrypt_AEAD_state_s_s; +extern "C" { + pub fn EverCrypt_AEAD_uu___is_Ek( + a: Spec_Agile_AEAD_alg, + projectee: EverCrypt_AEAD_state_s, + ) -> bool; +} +extern "C" { + #[doc = "Return the algorithm used in the AEAD state.\n\n@param s State of the AEAD algorithm.\n\n@return Algorithm used in the AEAD state."] + pub fn EverCrypt_AEAD_alg_of_state(s: *mut EverCrypt_AEAD_state_s) -> Spec_Agile_AEAD_alg; +} +extern "C" { + #[doc = "Create the required AEAD state for the algorithm.\n\nNote: The caller must free the AEAD state by calling `EverCrypt_AEAD_free`.\n\n@param a The argument `a` must be either of:\n `Spec_Agile_AEAD_AES128_GCM` (KEY_LEN=16),\n `Spec_Agile_AEAD_AES256_GCM` (KEY_LEN=32), or\n `Spec_Agile_AEAD_CHACHA20_POLY1305` (KEY_LEN=32).\n@param dst Pointer to a pointer where the address of the allocated AEAD state will be written to.\n@param k Pointer to `KEY_LEN` bytes of memory where the key is read from. The size depends on the used algorithm, see above.\n\n@return The function returns `EverCrypt_Error_Success` on success or\n`EverCrypt_Error_UnsupportedAlgorithm` in case of a bad algorithm identifier.\n(See `EverCrypt_Error.h`.)"] + pub fn EverCrypt_AEAD_create_in( + a: Spec_Agile_AEAD_alg, + dst: *mut *mut EverCrypt_AEAD_state_s, + k: *mut u8, + ) -> EverCrypt_Error_error_code; +} +extern "C" { + #[doc = "Encrypt and authenticate a message (`plain`) with associated data (`ad`).\n\n@param s Pointer to the The AEAD state created by `EverCrypt_AEAD_create_in`. It already contains the encryption key.\n@param iv Pointer to `iv_len` bytes of memory where the nonce is read from.\n@param iv_len Length of the nonce. Note: ChaCha20Poly1305 requires a 12 byte nonce.\n@param ad Pointer to `ad_len` bytes of memory where the associated data is read from.\n@param ad_len Length of the associated data.\n@param plain Pointer to `plain_len` bytes of memory where the to-be-encrypted plaintext is read from.\n@param plain_len Length of the to-be-encrypted plaintext.\n@param cipher Pointer to `plain_len` bytes of memory where the ciphertext is written to.\n@param tag Pointer to `TAG_LEN` bytes of memory where the tag is written to.\nThe length of the `tag` must be of a suitable length for the chosen algorithm:\n `Spec_Agile_AEAD_AES128_GCM` (TAG_LEN=16)\n `Spec_Agile_AEAD_AES256_GCM` (TAG_LEN=16)\n `Spec_Agile_AEAD_CHACHA20_POLY1305` (TAG_LEN=16)\n\n@return `EverCrypt_AEAD_encrypt` may return either `EverCrypt_Error_Success` or `EverCrypt_Error_InvalidKey` (`EverCrypt_error.h`). The latter is returned if and only if the `s` parameter is `NULL`."] + pub fn EverCrypt_AEAD_encrypt( + s: *mut EverCrypt_AEAD_state_s, + iv: *mut u8, + iv_len: u32, + ad: *mut u8, + ad_len: u32, + plain: *mut u8, + plain_len: u32, + cipher: *mut u8, + tag: *mut u8, + ) -> EverCrypt_Error_error_code; +} +extern "C" { + #[doc = "WARNING: this function doesn't perform any dynamic\nhardware check. You MUST make sure your hardware supports the\nimplementation of AESGCM. Besides, this function was not designed\nfor cross-compilation: if you compile it on a system which doesn't\nsupport Vale, it will compile it to a function which makes the\nprogram exit."] + pub fn EverCrypt_AEAD_encrypt_expand_aes128_gcm_no_check( + k: *mut u8, + iv: *mut u8, + iv_len: u32, + ad: *mut u8, + ad_len: u32, + plain: *mut u8, + plain_len: u32, + cipher: *mut u8, + tag: *mut u8, + ) -> EverCrypt_Error_error_code; +} +extern "C" { + #[doc = "WARNING: this function doesn't perform any dynamic\nhardware check. You MUST make sure your hardware supports the\nimplementation of AESGCM. Besides, this function was not designed\nfor cross-compilation: if you compile it on a system which doesn't\nsupport Vale, it will compile it to a function which makes the\nprogram exit."] + pub fn EverCrypt_AEAD_encrypt_expand_aes256_gcm_no_check( + k: *mut u8, + iv: *mut u8, + iv_len: u32, + ad: *mut u8, + ad_len: u32, + plain: *mut u8, + plain_len: u32, + cipher: *mut u8, + tag: *mut u8, + ) -> EverCrypt_Error_error_code; +} +extern "C" { + pub fn EverCrypt_AEAD_encrypt_expand_aes128_gcm( + k: *mut u8, + iv: *mut u8, + iv_len: u32, + ad: *mut u8, + ad_len: u32, + plain: *mut u8, + plain_len: u32, + cipher: *mut u8, + tag: *mut u8, + ) -> EverCrypt_Error_error_code; +} +extern "C" { + pub fn EverCrypt_AEAD_encrypt_expand_aes256_gcm( + k: *mut u8, + iv: *mut u8, + iv_len: u32, + ad: *mut u8, + ad_len: u32, + plain: *mut u8, + plain_len: u32, + cipher: *mut u8, + tag: *mut u8, + ) -> EverCrypt_Error_error_code; +} +extern "C" { + pub fn EverCrypt_AEAD_encrypt_expand_chacha20_poly1305( + k: *mut u8, + iv: *mut u8, + iv_len: u32, + ad: *mut u8, + ad_len: u32, + plain: *mut u8, + plain_len: u32, + cipher: *mut u8, + tag: *mut u8, + ) -> EverCrypt_Error_error_code; +} +extern "C" { + pub fn EverCrypt_AEAD_encrypt_expand( + a: Spec_Agile_AEAD_alg, + k: *mut u8, + iv: *mut u8, + iv_len: u32, + ad: *mut u8, + ad_len: u32, + plain: *mut u8, + plain_len: u32, + cipher: *mut u8, + tag: *mut u8, + ) -> EverCrypt_Error_error_code; +} +extern "C" { + #[doc = "Verify the authenticity of `ad` || `cipher` and decrypt `cipher` into `dst`.\n\n@param s Pointer to the The AEAD state created by `EverCrypt_AEAD_create_in`. It already contains the encryption key.\n@param iv Pointer to `iv_len` bytes of memory where the nonce is read from.\n@param iv_len Length of the nonce. Note: ChaCha20Poly1305 requires a 12 byte nonce.\n@param ad Pointer to `ad_len` bytes of memory where the associated data is read from.\n@param ad_len Length of the associated data.\n@param cipher Pointer to `cipher_len` bytes of memory where the ciphertext is read from.\n@param cipher_len Length of the ciphertext.\n@param tag Pointer to `TAG_LEN` bytes of memory where the tag is read from.\nThe length of the `tag` must be of a suitable length for the chosen algorithm:\n `Spec_Agile_AEAD_AES128_GCM` (TAG_LEN=16)\n `Spec_Agile_AEAD_AES256_GCM` (TAG_LEN=16)\n `Spec_Agile_AEAD_CHACHA20_POLY1305` (TAG_LEN=16)\n@param dst Pointer to `cipher_len` bytes of memory where the decrypted plaintext will be written to.\n\n@return `EverCrypt_AEAD_decrypt` returns ...\n\n `EverCrypt_Error_Success`\n\n... on success and either of ...\n\n `EverCrypt_Error_InvalidKey` (returned if and only if the `s` parameter is `NULL`),\n `EverCrypt_Error_InvalidIVLength` (see note about requirements on IV size above), or\n `EverCrypt_Error_AuthenticationFailure` (in case the ciphertext could not be authenticated, e.g., due to modifications)\n\n... on failure (`EverCrypt_error.h`).\n\nUpon success, the plaintext will be written into `dst`."] + pub fn EverCrypt_AEAD_decrypt( + s: *mut EverCrypt_AEAD_state_s, + iv: *mut u8, + iv_len: u32, + ad: *mut u8, + ad_len: u32, + cipher: *mut u8, + cipher_len: u32, + tag: *mut u8, + dst: *mut u8, + ) -> EverCrypt_Error_error_code; +} +extern "C" { + #[doc = "WARNING: this function doesn't perform any dynamic\nhardware check. You MUST make sure your hardware supports the\nimplementation of AESGCM. Besides, this function was not designed\nfor cross-compilation: if you compile it on a system which doesn't\nsupport Vale, it will compile it to a function which makes the\nprogram exit."] + pub fn EverCrypt_AEAD_decrypt_expand_aes128_gcm_no_check( + k: *mut u8, + iv: *mut u8, + iv_len: u32, + ad: *mut u8, + ad_len: u32, + cipher: *mut u8, + cipher_len: u32, + tag: *mut u8, + dst: *mut u8, + ) -> EverCrypt_Error_error_code; +} +extern "C" { + #[doc = "WARNING: this function doesn't perform any dynamic\nhardware check. You MUST make sure your hardware supports the\nimplementation of AESGCM. Besides, this function was not designed\nfor cross-compilation: if you compile it on a system which doesn't\nsupport Vale, it will compile it to a function which makes the\nprogram exit."] + pub fn EverCrypt_AEAD_decrypt_expand_aes256_gcm_no_check( + k: *mut u8, + iv: *mut u8, + iv_len: u32, + ad: *mut u8, + ad_len: u32, + cipher: *mut u8, + cipher_len: u32, + tag: *mut u8, + dst: *mut u8, + ) -> EverCrypt_Error_error_code; +} +extern "C" { + pub fn EverCrypt_AEAD_decrypt_expand_aes128_gcm( + k: *mut u8, + iv: *mut u8, + iv_len: u32, + ad: *mut u8, + ad_len: u32, + cipher: *mut u8, + cipher_len: u32, + tag: *mut u8, + dst: *mut u8, + ) -> EverCrypt_Error_error_code; +} +extern "C" { + pub fn EverCrypt_AEAD_decrypt_expand_aes256_gcm( + k: *mut u8, + iv: *mut u8, + iv_len: u32, + ad: *mut u8, + ad_len: u32, + cipher: *mut u8, + cipher_len: u32, + tag: *mut u8, + dst: *mut u8, + ) -> EverCrypt_Error_error_code; +} +extern "C" { + pub fn EverCrypt_AEAD_decrypt_expand_chacha20_poly1305( + k: *mut u8, + iv: *mut u8, + iv_len: u32, + ad: *mut u8, + ad_len: u32, + cipher: *mut u8, + cipher_len: u32, + tag: *mut u8, + dst: *mut u8, + ) -> EverCrypt_Error_error_code; +} +extern "C" { + pub fn EverCrypt_AEAD_decrypt_expand( + a: Spec_Agile_AEAD_alg, + k: *mut u8, + iv: *mut u8, + iv_len: u32, + ad: *mut u8, + ad_len: u32, + cipher: *mut u8, + cipher_len: u32, + tag: *mut u8, + dst: *mut u8, + ) -> EverCrypt_Error_error_code; +} +extern "C" { + #[doc = "Cleanup and free the AEAD state.\n\n@param s State of the AEAD algorithm."] + pub fn EverCrypt_AEAD_free(s: *mut EverCrypt_AEAD_state_s); +} diff --git a/sys/hacl/src/lib.rs b/sys/hacl/src/lib.rs index 5b89a2053..8cc115794 100644 --- a/sys/hacl/src/lib.rs +++ b/sys/hacl/src/lib.rs @@ -6,853 +6,14 @@ #[cfg(not(target_arch = "wasm32"))] mod bindings; +#[cfg(not(target_arch = "wasm32"))] +pub use bindings::*; #[cfg(target_arch = "wasm32")] -mod bindings { - /* automatically generated by rust-bindgen 0.66.1 */ - - pub const Spec_Hash_Definitions_SHA2_224: u32 = 0; - pub const Spec_Hash_Definitions_SHA2_256: u32 = 1; - pub const Spec_Hash_Definitions_SHA2_384: u32 = 2; - pub const Spec_Hash_Definitions_SHA2_512: u32 = 3; - pub const Spec_Hash_Definitions_SHA1: u32 = 4; - pub const Spec_Hash_Definitions_MD5: u32 = 5; - pub const Spec_Hash_Definitions_Blake2S: u32 = 6; - pub const Spec_Hash_Definitions_Blake2B: u32 = 7; - pub const Spec_Hash_Definitions_SHA3_256: u32 = 8; - pub const Spec_Hash_Definitions_SHA3_224: u32 = 9; - pub const Spec_Hash_Definitions_SHA3_384: u32 = 10; - pub const Spec_Hash_Definitions_SHA3_512: u32 = 11; - pub const Spec_Hash_Definitions_Shake128: u32 = 12; - pub const Spec_Hash_Definitions_Shake256: u32 = 13; - pub const Hacl_Streaming_Types_Success: u32 = 0; - pub const Hacl_Streaming_Types_InvalidAlgorithm: u32 = 1; - pub const Hacl_Streaming_Types_InvalidLength: u32 = 2; - pub const Hacl_Streaming_Types_MaximumLengthExceeded: u32 = 3; - pub type FStar_UInt128_uint128 = u128; - extern "C" { - #[doc = "Encrypt a message `m` with key `k`.\n\nThe arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption.\nNote: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory.\n\n@param k Pointer to 32 bytes of memory where the AEAD key is read from.\n@param n Pointer to 12 bytes of memory where the AEAD nonce is read from.\n@param aadlen Length of the associated data.\n@param aad Pointer to `aadlen` bytes of memory where the associated data is read from.\n\n@param mlen Length of the message.\n@param m Pointer to `mlen` bytes of memory where the message is read from.\n@param cipher Pointer to `mlen` bytes of memory where the ciphertext is written to.\n@param mac Pointer to 16 bytes of memory where the mac is written to."] - pub fn Hacl_Chacha20Poly1305_32_aead_encrypt( - k: *mut u8, - n: *mut u8, - aadlen: u32, - aad: *mut u8, - mlen: u32, - m: *mut u8, - cipher: *mut u8, - mac: *mut u8, - ); - } - extern "C" { - #[doc = "Decrypt a ciphertext `cipher` with key `k`.\n\nThe arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption.\nNote: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory.\n\nIf decryption succeeds, the resulting plaintext is stored in `m` and the function returns the success code 0.\nIf decryption fails, the array `m` remains unchanged and the function returns the error code 1.\n\n@param k Pointer to 32 bytes of memory where the AEAD key is read from.\n@param n Pointer to 12 bytes of memory where the AEAD nonce is read from.\n@param aadlen Length of the associated data.\n@param aad Pointer to `aadlen` bytes of memory where the associated data is read from.\n\n@param mlen Length of the ciphertext.\n@param m Pointer to `mlen` bytes of memory where the message is written to.\n@param cipher Pointer to `mlen` bytes of memory where the ciphertext is read from.\n@param mac Pointer to 16 bytes of memory where the mac is read from.\n\n@returns 0 on succeess; 1 on failure."] - pub fn Hacl_Chacha20Poly1305_32_aead_decrypt( - k: *mut u8, - n: *mut u8, - aadlen: u32, - aad: *mut u8, - mlen: u32, - m: *mut u8, - cipher: *mut u8, - mac: *mut u8, - ) -> u32; - } - extern "C" { - #[doc = "Compute the scalar multiple of a point.\n\n@param out Pointer to 32 bytes of memory, allocated by the caller, where the resulting point is written to.\n@param priv Pointer to 32 bytes of memory where the secret/private key is read from.\n@param pub Pointer to 32 bytes of memory where the public point is read from."] - pub fn Hacl_Curve25519_51_scalarmult(out: *mut u8, priv_: *mut u8, pub_: *mut u8); - } - extern "C" { - #[doc = "Calculate a public point from a secret/private key.\n\nThis computes a scalar multiplication of the secret/private key with the curve's basepoint.\n\n@param pub Pointer to 32 bytes of memory, allocated by the caller, where the resulting point is written to.\n@param priv Pointer to 32 bytes of memory where the secret/private key is read from."] - pub fn Hacl_Curve25519_51_secret_to_public(pub_: *mut u8, priv_: *mut u8); - } - extern "C" { - #[doc = "Execute the diffie-hellmann key exchange.\n\n@param out Pointer to 32 bytes of memory, allocated by the caller, where the resulting point is written to.\n@param priv Pointer to 32 bytes of memory where **our** secret/private key is read from.\n@param pub Pointer to 32 bytes of memory where **their** public point is read from."] - pub fn Hacl_Curve25519_51_ecdh(out: *mut u8, priv_: *mut u8, pub_: *mut u8) -> bool; - } - pub type Spec_Hash_Definitions_hash_alg = u8; - pub type Hacl_Streaming_Types_error_code = u8; - #[repr(C)] - #[derive(Debug, Copy, Clone)] - pub struct Hacl_Streaming_MD_state_32_s { - pub block_state: *mut u32, - pub buf: *mut u8, - pub total_len: u64, - } - pub type Hacl_Streaming_MD_state_32 = Hacl_Streaming_MD_state_32_s; - #[repr(C)] - #[derive(Debug, Copy, Clone)] - pub struct Hacl_Streaming_MD_state_64_s { - pub block_state: *mut u64, - pub buf: *mut u8, - pub total_len: u64, - } - pub type Hacl_Streaming_MD_state_64 = Hacl_Streaming_MD_state_64_s; - pub type Hacl_Streaming_SHA1_state = Hacl_Streaming_MD_state_32; - pub type Hacl_Streaming_SHA2_state_sha2_224 = Hacl_Streaming_MD_state_32; - pub type Hacl_Streaming_SHA2_state_sha2_256 = Hacl_Streaming_MD_state_32; - pub type Hacl_Streaming_SHA2_state_sha2_384 = Hacl_Streaming_MD_state_64; - pub type Hacl_Streaming_SHA2_state_sha2_512 = Hacl_Streaming_MD_state_64; - extern "C" { - #[doc = "Allocate initial state for the SHA2_256 hash. The state is to be freed by\ncalling `free_256`."] - pub fn Hacl_Streaming_SHA2_create_in_256() -> *mut Hacl_Streaming_MD_state_32; - } - extern "C" { - #[doc = "Copies the state passed as argument into a newly allocated state (deep copy).\nThe state is to be freed by calling `free_256`. Cloning the state this way is\nuseful, for instance, if your control-flow diverges and you need to feed\nmore (different) data into the hash in each branch."] - pub fn Hacl_Streaming_SHA2_copy_256( - s0: *mut Hacl_Streaming_MD_state_32, - ) -> *mut Hacl_Streaming_MD_state_32; - } - extern "C" { - #[doc = "Reset an existing state to the initial hash state with empty data."] - pub fn Hacl_Streaming_SHA2_init_256(s: *mut Hacl_Streaming_MD_state_32); - } - extern "C" { - #[doc = "Feed an arbitrary amount of data into the hash. This function returns 0 for\nsuccess, or 1 if the combined length of all of the data passed to `update_256`\n(since the last call to `init_256`) exceeds 2^61-1 bytes.\n\nThis function is identical to the update function for SHA2_224."] - pub fn Hacl_Streaming_SHA2_update_256( - p: *mut Hacl_Streaming_MD_state_32, - input: *mut u8, - input_len: u32, - ) -> Hacl_Streaming_Types_error_code; - } - extern "C" { - #[doc = "Write the resulting hash into `dst`, an array of 32 bytes. The state remains\nvalid after a call to `finish_256`, meaning the user may feed more data into\nthe hash via `update_256`. (The finish_256 function operates on an internal copy of\nthe state and therefore does not invalidate the client-held state `p`.)"] - pub fn Hacl_Streaming_SHA2_finish_256(p: *mut Hacl_Streaming_MD_state_32, dst: *mut u8); - } - extern "C" { - #[doc = "Free a state allocated with `create_in_256`.\n\nThis function is identical to the free function for SHA2_224."] - pub fn Hacl_Streaming_SHA2_free_256(s: *mut Hacl_Streaming_MD_state_32); - } - extern "C" { - #[doc = "Hash `input`, of len `input_len`, into `dst`, an array of 32 bytes."] - pub fn Hacl_Streaming_SHA2_hash_256(input: *mut u8, input_len: u32, dst: *mut u8); - } - extern "C" { - pub fn Hacl_Streaming_SHA2_create_in_224() -> *mut Hacl_Streaming_MD_state_32; - } - extern "C" { - pub fn Hacl_Streaming_SHA2_init_224(s: *mut Hacl_Streaming_MD_state_32); - } - extern "C" { - pub fn Hacl_Streaming_SHA2_update_224( - p: *mut Hacl_Streaming_MD_state_32, - input: *mut u8, - input_len: u32, - ) -> Hacl_Streaming_Types_error_code; - } - extern "C" { - #[doc = "Write the resulting hash into `dst`, an array of 28 bytes. The state remains\nvalid after a call to `finish_224`, meaning the user may feed more data into\nthe hash via `update_224`."] - pub fn Hacl_Streaming_SHA2_finish_224(p: *mut Hacl_Streaming_MD_state_32, dst: *mut u8); - } - extern "C" { - pub fn Hacl_Streaming_SHA2_free_224(p: *mut Hacl_Streaming_MD_state_32); - } - extern "C" { - #[doc = "Hash `input`, of len `input_len`, into `dst`, an array of 28 bytes."] - pub fn Hacl_Streaming_SHA2_hash_224(input: *mut u8, input_len: u32, dst: *mut u8); - } - extern "C" { - pub fn Hacl_Streaming_SHA2_create_in_512() -> *mut Hacl_Streaming_MD_state_64; - } - extern "C" { - #[doc = "Copies the state passed as argument into a newly allocated state (deep copy).\nThe state is to be freed by calling `free_512`. Cloning the state this way is\nuseful, for instance, if your control-flow diverges and you need to feed\nmore (different) data into the hash in each branch."] - pub fn Hacl_Streaming_SHA2_copy_512( - s0: *mut Hacl_Streaming_MD_state_64, - ) -> *mut Hacl_Streaming_MD_state_64; - } - extern "C" { - pub fn Hacl_Streaming_SHA2_init_512(s: *mut Hacl_Streaming_MD_state_64); - } - extern "C" { - #[doc = "Feed an arbitrary amount of data into the hash. This function returns 0 for\nsuccess, or 1 if the combined length of all of the data passed to `update_512`\n(since the last call to `init_512`) exceeds 2^125-1 bytes.\n\nThis function is identical to the update function for SHA2_384."] - pub fn Hacl_Streaming_SHA2_update_512( - p: *mut Hacl_Streaming_MD_state_64, - input: *mut u8, - input_len: u32, - ) -> Hacl_Streaming_Types_error_code; - } - extern "C" { - #[doc = "Write the resulting hash into `dst`, an array of 64 bytes. The state remains\nvalid after a call to `finish_512`, meaning the user may feed more data into\nthe hash via `update_512`. (The finish_512 function operates on an internal copy of\nthe state and therefore does not invalidate the client-held state `p`.)"] - pub fn Hacl_Streaming_SHA2_finish_512(p: *mut Hacl_Streaming_MD_state_64, dst: *mut u8); - } - extern "C" { - #[doc = "Free a state allocated with `create_in_512`.\n\nThis function is identical to the free function for SHA2_384."] - pub fn Hacl_Streaming_SHA2_free_512(s: *mut Hacl_Streaming_MD_state_64); - } - extern "C" { - #[doc = "Hash `input`, of len `input_len`, into `dst`, an array of 64 bytes."] - pub fn Hacl_Streaming_SHA2_hash_512(input: *mut u8, input_len: u32, dst: *mut u8); - } - extern "C" { - pub fn Hacl_Streaming_SHA2_create_in_384() -> *mut Hacl_Streaming_MD_state_64; - } - extern "C" { - pub fn Hacl_Streaming_SHA2_init_384(s: *mut Hacl_Streaming_MD_state_64); - } - extern "C" { - pub fn Hacl_Streaming_SHA2_update_384( - p: *mut Hacl_Streaming_MD_state_64, - input: *mut u8, - input_len: u32, - ) -> Hacl_Streaming_Types_error_code; - } - extern "C" { - #[doc = "Write the resulting hash into `dst`, an array of 48 bytes. The state remains\nvalid after a call to `finish_384`, meaning the user may feed more data into\nthe hash via `update_384`."] - pub fn Hacl_Streaming_SHA2_finish_384(p: *mut Hacl_Streaming_MD_state_64, dst: *mut u8); - } - extern "C" { - pub fn Hacl_Streaming_SHA2_free_384(p: *mut Hacl_Streaming_MD_state_64); - } - extern "C" { - #[doc = "Hash `input`, of len `input_len`, into `dst`, an array of 48 bytes."] - pub fn Hacl_Streaming_SHA2_hash_384(input: *mut u8, input_len: u32, dst: *mut u8); - } - #[repr(C)] - #[derive(Debug, Copy, Clone)] - pub struct Hacl_Streaming_Keccak_hash_buf_s { - pub fst: Spec_Hash_Definitions_hash_alg, - pub snd: *mut u64, - } - pub type Hacl_Streaming_Keccak_hash_buf = Hacl_Streaming_Keccak_hash_buf_s; - #[repr(C)] - #[derive(Debug, Copy, Clone)] - pub struct Hacl_Streaming_Keccak_state_s { - pub block_state: Hacl_Streaming_Keccak_hash_buf, - pub buf: *mut u8, - pub total_len: u64, - } - pub type Hacl_Streaming_Keccak_state = Hacl_Streaming_Keccak_state_s; - extern "C" { - pub fn Hacl_Streaming_Keccak_get_alg( - s: *mut Hacl_Streaming_Keccak_state, - ) -> Spec_Hash_Definitions_hash_alg; - } - extern "C" { - pub fn Hacl_Streaming_Keccak_malloc( - a: Spec_Hash_Definitions_hash_alg, - ) -> *mut Hacl_Streaming_Keccak_state; - } - extern "C" { - pub fn Hacl_Streaming_Keccak_free(s: *mut Hacl_Streaming_Keccak_state); - } - extern "C" { - pub fn Hacl_Streaming_Keccak_copy( - s0: *mut Hacl_Streaming_Keccak_state, - ) -> *mut Hacl_Streaming_Keccak_state; - } - extern "C" { - pub fn Hacl_Streaming_Keccak_reset(s: *mut Hacl_Streaming_Keccak_state); - } - extern "C" { - pub fn Hacl_Streaming_Keccak_update( - p: *mut Hacl_Streaming_Keccak_state, - data: *mut u8, - len: u32, - ) -> Hacl_Streaming_Types_error_code; - } - extern "C" { - pub fn Hacl_Streaming_Keccak_finish( - s: *mut Hacl_Streaming_Keccak_state, - dst: *mut u8, - ) -> Hacl_Streaming_Types_error_code; - } - extern "C" { - pub fn Hacl_Streaming_Keccak_squeeze( - s: *mut Hacl_Streaming_Keccak_state, - dst: *mut u8, - l: u32, - ) -> Hacl_Streaming_Types_error_code; - } - extern "C" { - pub fn Hacl_Streaming_Keccak_block_len(s: *mut Hacl_Streaming_Keccak_state) -> u32; - } - extern "C" { - pub fn Hacl_Streaming_Keccak_hash_len(s: *mut Hacl_Streaming_Keccak_state) -> u32; - } - extern "C" { - pub fn Hacl_Streaming_Keccak_is_shake(s: *mut Hacl_Streaming_Keccak_state) -> bool; - } - extern "C" { - pub fn Hacl_SHA3_shake128_hacl( - inputByteLen: u32, - input: *mut u8, - outputByteLen: u32, - output: *mut u8, - ); - } - extern "C" { - pub fn Hacl_SHA3_shake256_hacl( - inputByteLen: u32, - input: *mut u8, - outputByteLen: u32, - output: *mut u8, - ); - } - extern "C" { - pub fn Hacl_SHA3_sha3_224(inputByteLen: u32, input: *mut u8, output: *mut u8); - } - extern "C" { - pub fn Hacl_SHA3_sha3_256(inputByteLen: u32, input: *mut u8, output: *mut u8); - } - extern "C" { - pub fn Hacl_SHA3_sha3_384(inputByteLen: u32, input: *mut u8, output: *mut u8); - } - extern "C" { - pub fn Hacl_SHA3_sha3_512(inputByteLen: u32, input: *mut u8, output: *mut u8); - } - extern "C" { - pub fn Hacl_Blake2b_32_blake2b_init(hash: *mut u64, kk: u32, nn: u32); - } - extern "C" { - pub fn Hacl_Blake2b_32_blake2b_update_key( - wv: *mut u64, - hash: *mut u64, - kk: u32, - k: *mut u8, - ll: u32, - ); - } - extern "C" { - pub fn Hacl_Blake2b_32_blake2b_finish(nn: u32, output: *mut u8, hash: *mut u64); - } - extern "C" { - #[doc = "Write the BLAKE2b digest of message `d` using key `k` into `output`.\n\n@param nn Length of the to-be-generated digest with 1 <= `nn` <= 64.\n@param output Pointer to `nn` bytes of memory where the digest is written to.\n@param ll Length of the input message.\n@param d Pointer to `ll` bytes of memory where the input message is read from.\n@param kk Length of the key. Can be 0.\n@param k Pointer to `kk` bytes of memory where the key is read from."] - pub fn Hacl_Blake2b_32_blake2b( - nn: u32, - output: *mut u8, - ll: u32, - d: *mut u8, - kk: u32, - k: *mut u8, - ); - } - extern "C" { - pub fn Hacl_Blake2b_32_blake2b_malloc() -> *mut u64; - } - extern "C" { - pub fn Hacl_Blake2s_32_blake2s_init(hash: *mut u32, kk: u32, nn: u32); - } - extern "C" { - pub fn Hacl_Blake2s_32_blake2s_update_key( - wv: *mut u32, - hash: *mut u32, - kk: u32, - k: *mut u8, - ll: u32, - ); - } - extern "C" { - pub fn Hacl_Blake2s_32_blake2s_update_multi( - len: u32, - wv: *mut u32, - hash: *mut u32, - prev: u64, - blocks: *mut u8, - nb: u32, - ); - } - extern "C" { - pub fn Hacl_Blake2s_32_blake2s_update_last( - len: u32, - wv: *mut u32, - hash: *mut u32, - prev: u64, - rem: u32, - d: *mut u8, - ); - } - extern "C" { - pub fn Hacl_Blake2s_32_blake2s_finish(nn: u32, output: *mut u8, hash: *mut u32); - } - extern "C" { - #[doc = "Write the BLAKE2s digest of message `d` using key `k` into `output`.\n\n@param nn Length of to-be-generated digest with 1 <= `nn` <= 32.\n@param output Pointer to `nn` bytes of memory where the digest is written to.\n@param ll Length of the input message.\n@param d Pointer to `ll` bytes of memory where the input message is read from.\n@param kk Length of the key. Can be 0.\n@param k Pointer to `kk` bytes of memory where the key is read from."] - pub fn Hacl_Blake2s_32_blake2s( - nn: u32, - output: *mut u8, - ll: u32, - d: *mut u8, - kk: u32, - k: *mut u8, - ); - } - extern "C" { - pub fn Hacl_Blake2s_32_blake2s_malloc() -> *mut u32; - } - extern "C" { - #[doc = "Write the HMAC-SHA-1 MAC of a message (`data`) by using a key (`key`) into `dst`.\n\nThe key can be any length and will be hashed if it is longer and padded if it is shorter than 64 byte.\n`dst` must point to 20 bytes of memory."] - pub fn Hacl_HMAC_legacy_compute_sha1( - dst: *mut u8, - key: *mut u8, - key_len: u32, - data: *mut u8, - data_len: u32, - ); - } - extern "C" { - #[doc = "Write the HMAC-SHA-2-256 MAC of a message (`data`) by using a key (`key`) into `dst`.\n\nThe key can be any length and will be hashed if it is longer and padded if it is shorter than 64 bytes.\n`dst` must point to 32 bytes of memory."] - pub fn Hacl_HMAC_compute_sha2_256( - dst: *mut u8, - key: *mut u8, - key_len: u32, - data: *mut u8, - data_len: u32, - ); - } - extern "C" { - #[doc = "Write the HMAC-SHA-2-384 MAC of a message (`data`) by using a key (`key`) into `dst`.\n\nThe key can be any length and will be hashed if it is longer and padded if it is shorter than 128 bytes.\n`dst` must point to 48 bytes of memory."] - pub fn Hacl_HMAC_compute_sha2_384( - dst: *mut u8, - key: *mut u8, - key_len: u32, - data: *mut u8, - data_len: u32, - ); - } - extern "C" { - #[doc = "Write the HMAC-SHA-2-512 MAC of a message (`data`) by using a key (`key`) into `dst`.\n\nThe key can be any length and will be hashed if it is longer and padded if it is shorter than 128 bytes.\n`dst` must point to 64 bytes of memory."] - pub fn Hacl_HMAC_compute_sha2_512( - dst: *mut u8, - key: *mut u8, - key_len: u32, - data: *mut u8, - data_len: u32, - ); - } - extern "C" { - #[doc = "Write the HMAC-BLAKE2s MAC of a message (`data`) by using a key (`key`) into `dst`.\n\nThe key can be any length and will be hashed if it is longer and padded if it is shorter than 64 bytes.\n`dst` must point to 32 bytes of memory."] - pub fn Hacl_HMAC_compute_blake2s_32( - dst: *mut u8, - key: *mut u8, - key_len: u32, - data: *mut u8, - data_len: u32, - ); - } - extern "C" { - #[doc = "Write the HMAC-BLAKE2b MAC of a message (`data`) by using a key (`key`) into `dst`.\n\nThe key can be any length and will be hashed if it is longer and padded if it is shorter than 128 bytes.\n`dst` must point to 64 bytes of memory."] - pub fn Hacl_HMAC_compute_blake2b_32( - dst: *mut u8, - key: *mut u8, - key_len: u32, - data: *mut u8, - data_len: u32, - ); - } - pub type Hacl_HMAC_DRBG_supported_alg = Spec_Hash_Definitions_hash_alg; - extern "C" { - #[doc = "Return the minimal entropy input length of the desired hash function.\n\n@param a Hash algorithm to use."] - pub fn Hacl_HMAC_DRBG_min_length(a: Spec_Hash_Definitions_hash_alg) -> u32; - } - #[repr(C)] - #[derive(Debug, Copy, Clone)] - pub struct Hacl_HMAC_DRBG_state_s { - pub k: *mut u8, - pub v: *mut u8, - pub reseed_counter: *mut u32, - } - pub type Hacl_HMAC_DRBG_state = Hacl_HMAC_DRBG_state_s; - extern "C" { - pub fn Hacl_HMAC_DRBG_uu___is_State( - a: Spec_Hash_Definitions_hash_alg, - projectee: Hacl_HMAC_DRBG_state, - ) -> bool; - } - extern "C" { - #[doc = "Create a DRBG state.\n\n@param a Hash algorithm to use. The possible instantiations are ...\n `Spec_Hash_Definitions_SHA2_256`,\n `Spec_Hash_Definitions_SHA2_384`,\n `Spec_Hash_Definitions_SHA2_512`, and\n `Spec_Hash_Definitions_SHA1`."] - pub fn Hacl_HMAC_DRBG_create_in(a: Spec_Hash_Definitions_hash_alg) -> Hacl_HMAC_DRBG_state; - } - extern "C" { - #[doc = "Instantiate the DRBG.\n\n@param a Hash algorithm to use. (Value must match the value used in `Hacl_HMAC_DRBG_create_in`.)\n@param st Pointer to DRBG state.\n@param entropy_input_len Length of entropy input.\n@param entropy_input Pointer to `entropy_input_len` bytes of memory where entropy input is read from.\n@param nonce_len Length of nonce.\n@param nonce Pointer to `nonce_len` bytes of memory where nonce is read from.\n@param personalization_string_len length of personalization string.\n@param personalization_string Pointer to `personalization_string_len` bytes of memory where personalization string is read from."] - pub fn Hacl_HMAC_DRBG_instantiate( - a: Spec_Hash_Definitions_hash_alg, - st: Hacl_HMAC_DRBG_state, - entropy_input_len: u32, - entropy_input: *mut u8, - nonce_len: u32, - nonce: *mut u8, - personalization_string_len: u32, - personalization_string: *mut u8, - ); - } - extern "C" { - #[doc = "Reseed the DRBG.\n\n@param a Hash algorithm to use. (Value must match the value used in `Hacl_HMAC_DRBG_create_in`.)\n@param st Pointer to DRBG state.\n@param entropy_input_len Length of entropy input.\n@param entropy_input Pointer to `entropy_input_len` bytes of memory where entropy input is read from.\n@param additional_input_input_len Length of additional input.\n@param additional_input_input Pointer to `additional_input_input_len` bytes of memory where additional input is read from."] - pub fn Hacl_HMAC_DRBG_reseed( - a: Spec_Hash_Definitions_hash_alg, - st: Hacl_HMAC_DRBG_state, - entropy_input_len: u32, - entropy_input: *mut u8, - additional_input_input_len: u32, - additional_input_input: *mut u8, - ); - } - extern "C" { - #[doc = "Generate output.\n\n@param a Hash algorithm to use. (Value must match the value used in `create_in`.)\n@param output Pointer to `n` bytes of memory where random output is written to.\n@param st Pointer to DRBG state.\n@param n Length of desired output.\n@param additional_input_input_len Length of additional input.\n@param additional_input_input Pointer to `additional_input_input_len` bytes of memory where additional input is read from."] - pub fn Hacl_HMAC_DRBG_generate( - a: Spec_Hash_Definitions_hash_alg, - output: *mut u8, - st: Hacl_HMAC_DRBG_state, - n: u32, - additional_input_len: u32, - additional_input: *mut u8, - ) -> bool; - } - extern "C" { - pub fn Hacl_HMAC_DRBG_free(uu___: Spec_Hash_Definitions_hash_alg, s: Hacl_HMAC_DRBG_state); - } - extern "C" { - #[doc = "Compute the public key from the private key.\n\nThe outparam `public_key` points to 32 bytes of valid memory, i.e., uint8_t[32].\nThe argument `private_key` points to 32 bytes of valid memory, i.e., uint8_t[32]."] - pub fn Hacl_Ed25519_secret_to_public(public_key: *mut u8, private_key: *mut u8); - } - extern "C" { - #[doc = "Compute the expanded keys for an Ed25519 signature.\n\nThe outparam `expanded_keys` points to 96 bytes of valid memory, i.e., uint8_t[96].\nThe argument `private_key` points to 32 bytes of valid memory, i.e., uint8_t[32].\n\nIf one needs to sign several messages under the same private key, it is more efficient\nto call `expand_keys` only once and `sign_expanded` multiple times, for each message."] - pub fn Hacl_Ed25519_expand_keys(expanded_keys: *mut u8, private_key: *mut u8); - } - extern "C" { - #[doc = "Create an Ed25519 signature with the (precomputed) expanded keys.\n\nThe outparam `signature` points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe argument `expanded_keys` points to 96 bytes of valid memory, i.e., uint8_t[96].\nThe argument `msg` points to `msg_len` bytes of valid memory, i.e., uint8_t[msg_len].\n\nThe argument `expanded_keys` is obtained through `expand_keys`.\n\nIf one needs to sign several messages under the same private key, it is more efficient\nto call `expand_keys` only once and `sign_expanded` multiple times, for each message."] - pub fn Hacl_Ed25519_sign_expanded( - signature: *mut u8, - expanded_keys: *mut u8, - msg_len: u32, - msg: *mut u8, - ); - } - extern "C" { - #[doc = "Create an Ed25519 signature.\n\nThe outparam `signature` points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe argument `private_key` points to 32 bytes of valid memory, i.e., uint8_t[32].\nThe argument `msg` points to `msg_len` bytes of valid memory, i.e., uint8_t[msg_len].\n\nThe function first calls `expand_keys` and then invokes `sign_expanded`.\n\nIf one needs to sign several messages under the same private key, it is more efficient\nto call `expand_keys` only once and `sign_expanded` multiple times, for each message."] - pub fn Hacl_Ed25519_sign( - signature: *mut u8, - private_key: *mut u8, - msg_len: u32, - msg: *mut u8, - ); - } - extern "C" { - #[doc = "Verify an Ed25519 signature.\n\nThe function returns `true` if the signature is valid and `false` otherwise.\n\nThe argument `public_key` points to 32 bytes of valid memory, i.e., uint8_t[32].\nThe argument `msg` points to `msg_len` bytes of valid memory, i.e., uint8_t[msg_len].\nThe argument `signature` points to 64 bytes of valid memory, i.e., uint8_t[64]."] - pub fn Hacl_Ed25519_verify( - public_key: *mut u8, - msg_len: u32, - msg: *mut u8, - signature: *mut u8, - ) -> bool; - } - extern "C" { - #[doc = "Expand pseudorandom key to desired length.\n\n@param okm Pointer to `len` bytes of memory where output keying material is written to.\n@param prk Pointer to at least `HashLen` bytes of memory where pseudorandom key is read from. Usually, this points to the output from the extract step.\n@param prklen Length of pseudorandom key.\n@param info Pointer to `infolen` bytes of memory where context and application specific information is read from. Can be a zero-length string.\n@param infolen Length of context and application specific information.\n@param len Length of output keying material."] - pub fn Hacl_HKDF_expand_sha2_256( - okm: *mut u8, - prk: *mut u8, - prklen: u32, - info: *mut u8, - infolen: u32, - len: u32, - ); - } - extern "C" { - #[doc = "Extract a fixed-length pseudorandom key from input keying material.\n\n@param prk Pointer to `HashLen` bytes of memory where pseudorandom key is written to.\n@param salt Pointer to `saltlen` bytes of memory where salt value is read from.\n@param saltlen Length of salt value.\n@param ikm Pointer to `ikmlen` bytes of memory where input keying material is read from.\n@param ikmlen Length of input keying material."] - pub fn Hacl_HKDF_extract_sha2_256( - prk: *mut u8, - salt: *mut u8, - saltlen: u32, - ikm: *mut u8, - ikmlen: u32, - ); - } - extern "C" { - #[doc = "Expand pseudorandom key to desired length.\n\n@param okm Pointer to `len` bytes of memory where output keying material is written to.\n@param prk Pointer to at least `HashLen` bytes of memory where pseudorandom key is read from. Usually, this points to the output from the extract step.\n@param prklen Length of pseudorandom key.\n@param info Pointer to `infolen` bytes of memory where context and application specific information is read from. Can be a zero-length string.\n@param infolen Length of context and application specific information.\n@param len Length of output keying material."] - pub fn Hacl_HKDF_expand_sha2_384( - okm: *mut u8, - prk: *mut u8, - prklen: u32, - info: *mut u8, - infolen: u32, - len: u32, - ); - } - extern "C" { - #[doc = "Extract a fixed-length pseudorandom key from input keying material.\n\n@param prk Pointer to `HashLen` bytes of memory where pseudorandom key is written to.\n@param salt Pointer to `saltlen` bytes of memory where salt value is read from.\n@param saltlen Length of salt value.\n@param ikm Pointer to `ikmlen` bytes of memory where input keying material is read from.\n@param ikmlen Length of input keying material."] - pub fn Hacl_HKDF_extract_sha2_384( - prk: *mut u8, - salt: *mut u8, - saltlen: u32, - ikm: *mut u8, - ikmlen: u32, - ); - } - extern "C" { - #[doc = "Expand pseudorandom key to desired length.\n\n@param okm Pointer to `len` bytes of memory where output keying material is written to.\n@param prk Pointer to at least `HashLen` bytes of memory where pseudorandom key is read from. Usually, this points to the output from the extract step.\n@param prklen Length of pseudorandom key.\n@param info Pointer to `infolen` bytes of memory where context and application specific information is read from. Can be a zero-length string.\n@param infolen Length of context and application specific information.\n@param len Length of output keying material."] - pub fn Hacl_HKDF_expand_sha2_512( - okm: *mut u8, - prk: *mut u8, - prklen: u32, - info: *mut u8, - infolen: u32, - len: u32, - ); - } - extern "C" { - #[doc = "Extract a fixed-length pseudorandom key from input keying material.\n\n@param prk Pointer to `HashLen` bytes of memory where pseudorandom key is written to.\n@param salt Pointer to `saltlen` bytes of memory where salt value is read from.\n@param saltlen Length of salt value.\n@param ikm Pointer to `ikmlen` bytes of memory where input keying material is read from.\n@param ikmlen Length of input keying material."] - pub fn Hacl_HKDF_extract_sha2_512( - prk: *mut u8, - salt: *mut u8, - saltlen: u32, - ikm: *mut u8, - ikmlen: u32, - ); - } - extern "C" { - #[doc = "Expand pseudorandom key to desired length.\n\n@param okm Pointer to `len` bytes of memory where output keying material is written to.\n@param prk Pointer to at least `HashLen` bytes of memory where pseudorandom key is read from. Usually, this points to the output from the extract step.\n@param prklen Length of pseudorandom key.\n@param info Pointer to `infolen` bytes of memory where context and application specific information is read from. Can be a zero-length string.\n@param infolen Length of context and application specific information.\n@param len Length of output keying material."] - pub fn Hacl_HKDF_expand_blake2s_32( - okm: *mut u8, - prk: *mut u8, - prklen: u32, - info: *mut u8, - infolen: u32, - len: u32, - ); - } - extern "C" { - #[doc = "Extract a fixed-length pseudorandom key from input keying material.\n\n@param prk Pointer to `HashLen` bytes of memory where pseudorandom key is written to.\n@param salt Pointer to `saltlen` bytes of memory where salt value is read from.\n@param saltlen Length of salt value.\n@param ikm Pointer to `ikmlen` bytes of memory where input keying material is read from.\n@param ikmlen Length of input keying material."] - pub fn Hacl_HKDF_extract_blake2s_32( - prk: *mut u8, - salt: *mut u8, - saltlen: u32, - ikm: *mut u8, - ikmlen: u32, - ); - } - extern "C" { - #[doc = "Expand pseudorandom key to desired length.\n\n@param okm Pointer to `len` bytes of memory where output keying material is written to.\n@param prk Pointer to at least `HashLen` bytes of memory where pseudorandom key is read from. Usually, this points to the output from the extract step.\n@param prklen Length of pseudorandom key.\n@param info Pointer to `infolen` bytes of memory where context and application specific information is read from. Can be a zero-length string.\n@param infolen Length of context and application specific information.\n@param len Length of output keying material."] - pub fn Hacl_HKDF_expand_blake2b_32( - okm: *mut u8, - prk: *mut u8, - prklen: u32, - info: *mut u8, - infolen: u32, - len: u32, - ); - } - extern "C" { - #[doc = "Extract a fixed-length pseudorandom key from input keying material.\n\n@param prk Pointer to `HashLen` bytes of memory where pseudorandom key is written to.\n@param salt Pointer to `saltlen` bytes of memory where salt value is read from.\n@param saltlen Length of salt value.\n@param ikm Pointer to `ikmlen` bytes of memory where input keying material is read from.\n@param ikmlen Length of input keying material."] - pub fn Hacl_HKDF_extract_blake2b_32( - prk: *mut u8, - salt: *mut u8, - saltlen: u32, - ikm: *mut u8, - ikmlen: u32, - ); - } - extern "C" { - #[doc = "Create an ECDSA signature using SHA2-256.\n\nThe function returns `true` for successful creation of an ECDSA signature and `false` otherwise.\n\nThe outparam `signature` (R || S) points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe argument `msg` points to `msg_len` bytes of valid memory, i.e., uint8_t[msg_len].\nThe arguments `private_key` and `nonce` point to 32 bytes of valid memory, i.e., uint8_t[32].\n\nThe function also checks whether `private_key` and `nonce` are valid:\n• 0 < `private_key` < the order of the curve\n• 0 < `nonce` < the order of the curve"] - pub fn Hacl_P256_ecdsa_sign_p256_sha2( - signature: *mut u8, - msg_len: u32, - msg: *mut u8, - private_key: *mut u8, - nonce: *mut u8, - ) -> bool; - } - extern "C" { - #[doc = "Create an ECDSA signature using SHA2-384.\n\nThe function returns `true` for successful creation of an ECDSA signature and `false` otherwise.\n\nThe outparam `signature` (R || S) points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe argument `msg` points to `msg_len` bytes of valid memory, i.e., uint8_t[msg_len].\nThe arguments `private_key` and `nonce` point to 32 bytes of valid memory, i.e., uint8_t[32].\n\nThe function also checks whether `private_key` and `nonce` are valid:\n• 0 < `private_key` < the order of the curve\n• 0 < `nonce` < the order of the curve"] - pub fn Hacl_P256_ecdsa_sign_p256_sha384( - signature: *mut u8, - msg_len: u32, - msg: *mut u8, - private_key: *mut u8, - nonce: *mut u8, - ) -> bool; - } - extern "C" { - #[doc = "Create an ECDSA signature using SHA2-512.\n\nThe function returns `true` for successful creation of an ECDSA signature and `false` otherwise.\n\nThe outparam `signature` (R || S) points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe argument `msg` points to `msg_len` bytes of valid memory, i.e., uint8_t[msg_len].\nThe arguments `private_key` and `nonce` point to 32 bytes of valid memory, i.e., uint8_t[32].\n\nThe function also checks whether `private_key` and `nonce` are valid:\n• 0 < `private_key` < the order of the curve\n• 0 < `nonce` < the order of the curve"] - pub fn Hacl_P256_ecdsa_sign_p256_sha512( - signature: *mut u8, - msg_len: u32, - msg: *mut u8, - private_key: *mut u8, - nonce: *mut u8, - ) -> bool; - } - extern "C" { - #[doc = "Create an ECDSA signature WITHOUT hashing first.\n\nThis function is intended to receive a hash of the input.\nFor convenience, we recommend using one of the hash-and-sign combined functions above.\n\nThe argument `msg` MUST be at least 32 bytes (i.e. `msg_len >= 32`).\n\nNOTE: The equivalent functions in OpenSSL and Fiat-Crypto both accept inputs\nsmaller than 32 bytes. These libraries left-pad the input with enough zeroes to\nreach the minimum 32 byte size. Clients who need behavior identical to OpenSSL\nneed to perform the left-padding themselves.\n\nThe function returns `true` for successful creation of an ECDSA signature and `false` otherwise.\n\nThe outparam `signature` (R || S) points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe argument `msg` points to `msg_len` bytes of valid memory, i.e., uint8_t[msg_len].\nThe arguments `private_key` and `nonce` point to 32 bytes of valid memory, i.e., uint8_t[32].\n\nThe function also checks whether `private_key` and `nonce` are valid values:\n• 0 < `private_key` < the order of the curve\n• 0 < `nonce` < the order of the curve"] - pub fn Hacl_P256_ecdsa_sign_p256_without_hash( - signature: *mut u8, - msg_len: u32, - msg: *mut u8, - private_key: *mut u8, - nonce: *mut u8, - ) -> bool; - } - extern "C" { - #[doc = "Verify an ECDSA signature using SHA2-256.\n\nThe function returns `true` if the signature is valid and `false` otherwise.\n\nThe argument `msg` points to `msg_len` bytes of valid memory, i.e., uint8_t[msg_len].\nThe argument `public_key` (x || y) points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe arguments `signature_r` and `signature_s` point to 32 bytes of valid memory, i.e., uint8_t[32].\n\nThe function also checks whether `public_key` is valid"] - pub fn Hacl_P256_ecdsa_verif_p256_sha2( - msg_len: u32, - msg: *mut u8, - public_key: *mut u8, - signature_r: *mut u8, - signature_s: *mut u8, - ) -> bool; - } - extern "C" { - #[doc = "Verify an ECDSA signature using SHA2-384.\n\nThe function returns `true` if the signature is valid and `false` otherwise.\n\nThe argument `msg` points to `msg_len` bytes of valid memory, i.e., uint8_t[msg_len].\nThe argument `public_key` (x || y) points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe arguments `signature_r` and `signature_s` point to 32 bytes of valid memory, i.e., uint8_t[32].\n\nThe function also checks whether `public_key` is valid"] - pub fn Hacl_P256_ecdsa_verif_p256_sha384( - msg_len: u32, - msg: *mut u8, - public_key: *mut u8, - signature_r: *mut u8, - signature_s: *mut u8, - ) -> bool; - } - extern "C" { - #[doc = "Verify an ECDSA signature using SHA2-512.\n\nThe function returns `true` if the signature is valid and `false` otherwise.\n\nThe argument `msg` points to `msg_len` bytes of valid memory, i.e., uint8_t[msg_len].\nThe argument `public_key` (x || y) points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe arguments `signature_r` and `signature_s` point to 32 bytes of valid memory, i.e., uint8_t[32].\n\nThe function also checks whether `public_key` is valid"] - pub fn Hacl_P256_ecdsa_verif_p256_sha512( - msg_len: u32, - msg: *mut u8, - public_key: *mut u8, - signature_r: *mut u8, - signature_s: *mut u8, - ) -> bool; - } - extern "C" { - #[doc = "Verify an ECDSA signature WITHOUT hashing first.\n\nThis function is intended to receive a hash of the input.\nFor convenience, we recommend using one of the hash-and-verify combined functions above.\n\nThe argument `msg` MUST be at least 32 bytes (i.e. `msg_len >= 32`).\n\nThe function returns `true` if the signature is valid and `false` otherwise.\n\nThe argument `msg` points to `msg_len` bytes of valid memory, i.e., uint8_t[msg_len].\nThe argument `public_key` (x || y) points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe arguments `signature_r` and `signature_s` point to 32 bytes of valid memory, i.e., uint8_t[32].\n\nThe function also checks whether `public_key` is valid"] - pub fn Hacl_P256_ecdsa_verif_without_hash( - msg_len: u32, - msg: *mut u8, - public_key: *mut u8, - signature_r: *mut u8, - signature_s: *mut u8, - ) -> bool; - } - extern "C" { - #[doc = "Public key validation.\n\nThe function returns `true` if a public key is valid and `false` otherwise.\n\nThe argument `public_key` points to 64 bytes of valid memory, i.e., uint8_t[64].\n\nThe public key (x || y) is valid (with respect to SP 800-56A):\n• the public key is not the “point at infinity”, represented as O.\n• the affine x and y coordinates of the point represented by the public key are\nin the range [0, p – 1] where p is the prime defining the finite field.\n• y^2 = x^3 + ax + b where a and b are the coefficients of the curve equation.\nThe last extract is taken from: https://neilmadden.blog/2017/05/17/so-how-do-you-validate-nist-ecdh-public-keys/"] - pub fn Hacl_P256_validate_public_key(public_key: *mut u8) -> bool; - } - extern "C" { - #[doc = "Private key validation.\n\nThe function returns `true` if a private key is valid and `false` otherwise.\n\nThe argument `private_key` points to 32 bytes of valid memory, i.e., uint8_t[32].\n\nThe private key is valid:\n• 0 < `private_key` < the order of the curve"] - pub fn Hacl_P256_validate_private_key(private_key: *mut u8) -> bool; - } - extern "C" { - #[doc = "Convert a public key from uncompressed to its raw form.\n\nThe function returns `true` for successful conversion of a public key and `false` otherwise.\n\nThe outparam `pk_raw` points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe argument `pk` points to 65 bytes of valid memory, i.e., uint8_t[65].\n\nThe function DOESN'T check whether (x, y) is a valid point."] - pub fn Hacl_P256_uncompressed_to_raw(pk: *mut u8, pk_raw: *mut u8) -> bool; - } - extern "C" { - #[doc = "Convert a public key from compressed to its raw form.\n\nThe function returns `true` for successful conversion of a public key and `false` otherwise.\n\nThe outparam `pk_raw` points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe argument `pk` points to 33 bytes of valid memory, i.e., uint8_t[33].\n\nThe function also checks whether (x, y) is a valid point."] - pub fn Hacl_P256_compressed_to_raw(pk: *mut u8, pk_raw: *mut u8) -> bool; - } - extern "C" { - #[doc = "Convert a public key from raw to its uncompressed form.\n\nThe outparam `pk` points to 65 bytes of valid memory, i.e., uint8_t[65].\nThe argument `pk_raw` points to 64 bytes of valid memory, i.e., uint8_t[64].\n\nThe function DOESN'T check whether (x, y) is a valid point."] - pub fn Hacl_P256_raw_to_uncompressed(pk_raw: *mut u8, pk: *mut u8); - } - extern "C" { - #[doc = "Convert a public key from raw to its compressed form.\n\nThe outparam `pk` points to 33 bytes of valid memory, i.e., uint8_t[33].\nThe argument `pk_raw` points to 64 bytes of valid memory, i.e., uint8_t[64].\n\nThe function DOESN'T check whether (x, y) is a valid point."] - pub fn Hacl_P256_raw_to_compressed(pk_raw: *mut u8, pk: *mut u8); - } - extern "C" { - #[doc = "Compute the public key from the private key.\n\nThe function returns `true` if a private key is valid and `false` otherwise.\n\nThe outparam `public_key` points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe argument `private_key` points to 32 bytes of valid memory, i.e., uint8_t[32].\n\nThe private key is valid:\n• 0 < `private_key` < the order of the curve."] - pub fn Hacl_P256_dh_initiator(public_key: *mut u8, private_key: *mut u8) -> bool; - } - extern "C" { - #[doc = "Execute the diffie-hellmann key exchange.\n\nThe function returns `true` for successful creation of an ECDH shared secret and\n`false` otherwise.\n\nThe outparam `shared_secret` points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe argument `their_pubkey` points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe argument `private_key` points to 32 bytes of valid memory, i.e., uint8_t[32].\n\nThe function also checks whether `private_key` and `their_pubkey` are valid."] - pub fn Hacl_P256_dh_responder( - shared_secret: *mut u8, - their_pubkey: *mut u8, - private_key: *mut u8, - ) -> bool; - } - pub type uint32x4_t = [u32; 4usize]; - pub type Lib_IntVector_Intrinsics_vec128 = uint32x4_t; - extern "C" { - #[doc = "Encrypt a message `m` with key `k`.\n\nThe arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption.\nNote: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory.\n\n@param k Pointer to 32 bytes of memory where the AEAD key is read from.\n@param n Pointer to 12 bytes of memory where the AEAD nonce is read from.\n@param aadlen Length of the associated data.\n@param aad Pointer to `aadlen` bytes of memory where the associated data is read from.\n\n@param mlen Length of the message.\n@param m Pointer to `mlen` bytes of memory where the message is read from.\n@param cipher Pointer to `mlen` bytes of memory where the ciphertext is written to.\n@param mac Pointer to 16 bytes of memory where the mac is written to."] - pub fn Hacl_Chacha20Poly1305_128_aead_encrypt( - k: *mut u8, - n: *mut u8, - aadlen: u32, - aad: *mut u8, - mlen: u32, - m: *mut u8, - cipher: *mut u8, - mac: *mut u8, - ); - } - extern "C" { - #[doc = "Decrypt a ciphertext `cipher` with key `k`.\n\nThe arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption.\nNote: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory.\n\nIf decryption succeeds, the resulting plaintext is stored in `m` and the function returns the success code 0.\nIf decryption fails, the array `m` remains unchanged and the function returns the error code 1.\n\n@param k Pointer to 32 bytes of memory where the AEAD key is read from.\n@param n Pointer to 12 bytes of memory where the AEAD nonce is read from.\n@param aadlen Length of the associated data.\n@param aad Pointer to `aadlen` bytes of memory where the associated data is read from.\n\n@param mlen Length of the ciphertext.\n@param m Pointer to `mlen` bytes of memory where the message is written to.\n@param cipher Pointer to `mlen` bytes of memory where the ciphertext is read from.\n@param mac Pointer to 16 bytes of memory where the mac is read from.\n\n@returns 0 on succeess; 1 on failure."] - pub fn Hacl_Chacha20Poly1305_128_aead_decrypt( - k: *mut u8, - n: *mut u8, - aadlen: u32, - aad: *mut u8, - mlen: u32, - m: *mut u8, - cipher: *mut u8, - mac: *mut u8, - ) -> u32; - } - extern "C" { - pub fn Hacl_Blake2s_128_blake2s_init( - hash: *mut Lib_IntVector_Intrinsics_vec128, - kk: u32, - nn: u32, - ); - } - extern "C" { - pub fn Hacl_Blake2s_128_blake2s_update_key( - wv: *mut Lib_IntVector_Intrinsics_vec128, - hash: *mut Lib_IntVector_Intrinsics_vec128, - kk: u32, - k: *mut u8, - ll: u32, - ); - } - extern "C" { - pub fn Hacl_Blake2s_128_blake2s_update_multi( - len: u32, - wv: *mut Lib_IntVector_Intrinsics_vec128, - hash: *mut Lib_IntVector_Intrinsics_vec128, - prev: u64, - blocks: *mut u8, - nb: u32, - ); - } - extern "C" { - pub fn Hacl_Blake2s_128_blake2s_update_last( - len: u32, - wv: *mut Lib_IntVector_Intrinsics_vec128, - hash: *mut Lib_IntVector_Intrinsics_vec128, - prev: u64, - rem: u32, - d: *mut u8, - ); - } - extern "C" { - pub fn Hacl_Blake2s_128_blake2s_finish( - nn: u32, - output: *mut u8, - hash: *mut Lib_IntVector_Intrinsics_vec128, - ); - } - extern "C" { - #[doc = "Write the BLAKE2s digest of message `d` using key `k` into `output`.\n\n@param nn Length of to-be-generated digest with 1 <= `nn` <= 32.\n@param output Pointer to `nn` bytes of memory where the digest is written to.\n@param ll Length of the input message.\n@param d Pointer to `ll` bytes of memory where the input message is read from.\n@param kk Length of the key. Can be 0.\n@param k Pointer to `kk` bytes of memory where the key is read from."] - pub fn Hacl_Blake2s_128_blake2s( - nn: u32, - output: *mut u8, - ll: u32, - d: *mut u8, - kk: u32, - k: *mut u8, - ); - } - extern "C" { - pub fn Hacl_Blake2s_128_store_state128s_to_state32( - st32: *mut u32, - st: *mut Lib_IntVector_Intrinsics_vec128, - ); - } - extern "C" { - pub fn Hacl_Blake2s_128_load_state128s_from_state32( - st: *mut Lib_IntVector_Intrinsics_vec128, - st32: *mut u32, - ); - } - extern "C" { - pub fn Hacl_Blake2s_128_blake2s_malloc() -> *mut Lib_IntVector_Intrinsics_vec128; - } -} +mod wasm32_bindings; +#[cfg(target_arch = "wasm32")] +pub use wasm32_bindings::*; -pub use bindings::*; #[cfg(test)] mod test { From 7b3ec56bc90765980eaaf4f027c4f301d1b0795a Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Sat, 16 Sep 2023 09:24:05 +0200 Subject: [PATCH 16/17] forgot wasm32_bindings.rs --- sys/hacl/src/wasm32_bindings.rs | 836 ++++++++++++++++++++++++++++++++ 1 file changed, 836 insertions(+) create mode 100644 sys/hacl/src/wasm32_bindings.rs diff --git a/sys/hacl/src/wasm32_bindings.rs b/sys/hacl/src/wasm32_bindings.rs new file mode 100644 index 000000000..c371d388b --- /dev/null +++ b/sys/hacl/src/wasm32_bindings.rs @@ -0,0 +1,836 @@ +/* automatically generated by rust-bindgen 0.66.1 */ + +pub const Spec_Hash_Definitions_SHA2_224: u32 = 0; +pub const Spec_Hash_Definitions_SHA2_256: u32 = 1; +pub const Spec_Hash_Definitions_SHA2_384: u32 = 2; +pub const Spec_Hash_Definitions_SHA2_512: u32 = 3; +pub const Spec_Hash_Definitions_SHA1: u32 = 4; +pub const Spec_Hash_Definitions_MD5: u32 = 5; +pub const Spec_Hash_Definitions_Blake2S: u32 = 6; +pub const Spec_Hash_Definitions_Blake2B: u32 = 7; +pub const Spec_Hash_Definitions_SHA3_256: u32 = 8; +pub const Spec_Hash_Definitions_SHA3_224: u32 = 9; +pub const Spec_Hash_Definitions_SHA3_384: u32 = 10; +pub const Spec_Hash_Definitions_SHA3_512: u32 = 11; +pub const Spec_Hash_Definitions_Shake128: u32 = 12; +pub const Spec_Hash_Definitions_Shake256: u32 = 13; +pub const Hacl_Streaming_Types_Success: u32 = 0; +pub const Hacl_Streaming_Types_InvalidAlgorithm: u32 = 1; +pub const Hacl_Streaming_Types_InvalidLength: u32 = 2; +pub const Hacl_Streaming_Types_MaximumLengthExceeded: u32 = 3; +pub type FStar_UInt128_uint128 = u128; +extern "C" { + #[doc = "Encrypt a message `m` with key `k`.\n\nThe arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption.\nNote: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory.\n\n@param k Pointer to 32 bytes of memory where the AEAD key is read from.\n@param n Pointer to 12 bytes of memory where the AEAD nonce is read from.\n@param aadlen Length of the associated data.\n@param aad Pointer to `aadlen` bytes of memory where the associated data is read from.\n\n@param mlen Length of the message.\n@param m Pointer to `mlen` bytes of memory where the message is read from.\n@param cipher Pointer to `mlen` bytes of memory where the ciphertext is written to.\n@param mac Pointer to 16 bytes of memory where the mac is written to."] + pub fn Hacl_Chacha20Poly1305_32_aead_encrypt( + k: *mut u8, + n: *mut u8, + aadlen: u32, + aad: *mut u8, + mlen: u32, + m: *mut u8, + cipher: *mut u8, + mac: *mut u8, + ); +} +extern "C" { + #[doc = "Decrypt a ciphertext `cipher` with key `k`.\n\nThe arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption.\nNote: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory.\n\nIf decryption succeeds, the resulting plaintext is stored in `m` and the function returns the success code 0.\nIf decryption fails, the array `m` remains unchanged and the function returns the error code 1.\n\n@param k Pointer to 32 bytes of memory where the AEAD key is read from.\n@param n Pointer to 12 bytes of memory where the AEAD nonce is read from.\n@param aadlen Length of the associated data.\n@param aad Pointer to `aadlen` bytes of memory where the associated data is read from.\n\n@param mlen Length of the ciphertext.\n@param m Pointer to `mlen` bytes of memory where the message is written to.\n@param cipher Pointer to `mlen` bytes of memory where the ciphertext is read from.\n@param mac Pointer to 16 bytes of memory where the mac is read from.\n\n@returns 0 on succeess; 1 on failure."] + pub fn Hacl_Chacha20Poly1305_32_aead_decrypt( + k: *mut u8, + n: *mut u8, + aadlen: u32, + aad: *mut u8, + mlen: u32, + m: *mut u8, + cipher: *mut u8, + mac: *mut u8, + ) -> u32; +} +extern "C" { + #[doc = "Compute the scalar multiple of a point.\n\n@param out Pointer to 32 bytes of memory, allocated by the caller, where the resulting point is written to.\n@param priv Pointer to 32 bytes of memory where the secret/private key is read from.\n@param pub Pointer to 32 bytes of memory where the public point is read from."] + pub fn Hacl_Curve25519_51_scalarmult(out: *mut u8, priv_: *mut u8, pub_: *mut u8); +} +extern "C" { + #[doc = "Calculate a public point from a secret/private key.\n\nThis computes a scalar multiplication of the secret/private key with the curve's basepoint.\n\n@param pub Pointer to 32 bytes of memory, allocated by the caller, where the resulting point is written to.\n@param priv Pointer to 32 bytes of memory where the secret/private key is read from."] + pub fn Hacl_Curve25519_51_secret_to_public(pub_: *mut u8, priv_: *mut u8); +} +extern "C" { + #[doc = "Execute the diffie-hellmann key exchange.\n\n@param out Pointer to 32 bytes of memory, allocated by the caller, where the resulting point is written to.\n@param priv Pointer to 32 bytes of memory where **our** secret/private key is read from.\n@param pub Pointer to 32 bytes of memory where **their** public point is read from."] + pub fn Hacl_Curve25519_51_ecdh(out: *mut u8, priv_: *mut u8, pub_: *mut u8) -> bool; +} +pub type Spec_Hash_Definitions_hash_alg = u8; +pub type Hacl_Streaming_Types_error_code = u8; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct Hacl_Streaming_MD_state_32_s { + pub block_state: *mut u32, + pub buf: *mut u8, + pub total_len: u64, +} +pub type Hacl_Streaming_MD_state_32 = Hacl_Streaming_MD_state_32_s; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct Hacl_Streaming_MD_state_64_s { + pub block_state: *mut u64, + pub buf: *mut u8, + pub total_len: u64, +} +pub type Hacl_Streaming_MD_state_64 = Hacl_Streaming_MD_state_64_s; +pub type Hacl_Streaming_SHA1_state = Hacl_Streaming_MD_state_32; +pub type Hacl_Streaming_SHA2_state_sha2_224 = Hacl_Streaming_MD_state_32; +pub type Hacl_Streaming_SHA2_state_sha2_256 = Hacl_Streaming_MD_state_32; +pub type Hacl_Streaming_SHA2_state_sha2_384 = Hacl_Streaming_MD_state_64; +pub type Hacl_Streaming_SHA2_state_sha2_512 = Hacl_Streaming_MD_state_64; +extern "C" { + #[doc = "Allocate initial state for the SHA2_256 hash. The state is to be freed by\ncalling `free_256`."] + pub fn Hacl_Streaming_SHA2_create_in_256() -> *mut Hacl_Streaming_MD_state_32; +} +extern "C" { + #[doc = "Copies the state passed as argument into a newly allocated state (deep copy).\nThe state is to be freed by calling `free_256`. Cloning the state this way is\nuseful, for instance, if your control-flow diverges and you need to feed\nmore (different) data into the hash in each branch."] + pub fn Hacl_Streaming_SHA2_copy_256( + s0: *mut Hacl_Streaming_MD_state_32, + ) -> *mut Hacl_Streaming_MD_state_32; +} +extern "C" { + #[doc = "Reset an existing state to the initial hash state with empty data."] + pub fn Hacl_Streaming_SHA2_init_256(s: *mut Hacl_Streaming_MD_state_32); +} +extern "C" { + #[doc = "Feed an arbitrary amount of data into the hash. This function returns 0 for\nsuccess, or 1 if the combined length of all of the data passed to `update_256`\n(since the last call to `init_256`) exceeds 2^61-1 bytes.\n\nThis function is identical to the update function for SHA2_224."] + pub fn Hacl_Streaming_SHA2_update_256( + p: *mut Hacl_Streaming_MD_state_32, + input: *mut u8, + input_len: u32, + ) -> Hacl_Streaming_Types_error_code; +} +extern "C" { + #[doc = "Write the resulting hash into `dst`, an array of 32 bytes. The state remains\nvalid after a call to `finish_256`, meaning the user may feed more data into\nthe hash via `update_256`. (The finish_256 function operates on an internal copy of\nthe state and therefore does not invalidate the client-held state `p`.)"] + pub fn Hacl_Streaming_SHA2_finish_256(p: *mut Hacl_Streaming_MD_state_32, dst: *mut u8); +} +extern "C" { + #[doc = "Free a state allocated with `create_in_256`.\n\nThis function is identical to the free function for SHA2_224."] + pub fn Hacl_Streaming_SHA2_free_256(s: *mut Hacl_Streaming_MD_state_32); +} +extern "C" { + #[doc = "Hash `input`, of len `input_len`, into `dst`, an array of 32 bytes."] + pub fn Hacl_Streaming_SHA2_hash_256(input: *mut u8, input_len: u32, dst: *mut u8); +} +extern "C" { + pub fn Hacl_Streaming_SHA2_create_in_224() -> *mut Hacl_Streaming_MD_state_32; +} +extern "C" { + pub fn Hacl_Streaming_SHA2_init_224(s: *mut Hacl_Streaming_MD_state_32); +} +extern "C" { + pub fn Hacl_Streaming_SHA2_update_224( + p: *mut Hacl_Streaming_MD_state_32, + input: *mut u8, + input_len: u32, + ) -> Hacl_Streaming_Types_error_code; +} +extern "C" { + #[doc = "Write the resulting hash into `dst`, an array of 28 bytes. The state remains\nvalid after a call to `finish_224`, meaning the user may feed more data into\nthe hash via `update_224`."] + pub fn Hacl_Streaming_SHA2_finish_224(p: *mut Hacl_Streaming_MD_state_32, dst: *mut u8); +} +extern "C" { + pub fn Hacl_Streaming_SHA2_free_224(p: *mut Hacl_Streaming_MD_state_32); +} +extern "C" { + #[doc = "Hash `input`, of len `input_len`, into `dst`, an array of 28 bytes."] + pub fn Hacl_Streaming_SHA2_hash_224(input: *mut u8, input_len: u32, dst: *mut u8); +} +extern "C" { + pub fn Hacl_Streaming_SHA2_create_in_512() -> *mut Hacl_Streaming_MD_state_64; +} +extern "C" { + #[doc = "Copies the state passed as argument into a newly allocated state (deep copy).\nThe state is to be freed by calling `free_512`. Cloning the state this way is\nuseful, for instance, if your control-flow diverges and you need to feed\nmore (different) data into the hash in each branch."] + pub fn Hacl_Streaming_SHA2_copy_512( + s0: *mut Hacl_Streaming_MD_state_64, + ) -> *mut Hacl_Streaming_MD_state_64; +} +extern "C" { + pub fn Hacl_Streaming_SHA2_init_512(s: *mut Hacl_Streaming_MD_state_64); +} +extern "C" { + #[doc = "Feed an arbitrary amount of data into the hash. This function returns 0 for\nsuccess, or 1 if the combined length of all of the data passed to `update_512`\n(since the last call to `init_512`) exceeds 2^125-1 bytes.\n\nThis function is identical to the update function for SHA2_384."] + pub fn Hacl_Streaming_SHA2_update_512( + p: *mut Hacl_Streaming_MD_state_64, + input: *mut u8, + input_len: u32, + ) -> Hacl_Streaming_Types_error_code; +} +extern "C" { + #[doc = "Write the resulting hash into `dst`, an array of 64 bytes. The state remains\nvalid after a call to `finish_512`, meaning the user may feed more data into\nthe hash via `update_512`. (The finish_512 function operates on an internal copy of\nthe state and therefore does not invalidate the client-held state `p`.)"] + pub fn Hacl_Streaming_SHA2_finish_512(p: *mut Hacl_Streaming_MD_state_64, dst: *mut u8); +} +extern "C" { + #[doc = "Free a state allocated with `create_in_512`.\n\nThis function is identical to the free function for SHA2_384."] + pub fn Hacl_Streaming_SHA2_free_512(s: *mut Hacl_Streaming_MD_state_64); +} +extern "C" { + #[doc = "Hash `input`, of len `input_len`, into `dst`, an array of 64 bytes."] + pub fn Hacl_Streaming_SHA2_hash_512(input: *mut u8, input_len: u32, dst: *mut u8); +} +extern "C" { + pub fn Hacl_Streaming_SHA2_create_in_384() -> *mut Hacl_Streaming_MD_state_64; +} +extern "C" { + pub fn Hacl_Streaming_SHA2_init_384(s: *mut Hacl_Streaming_MD_state_64); +} +extern "C" { + pub fn Hacl_Streaming_SHA2_update_384( + p: *mut Hacl_Streaming_MD_state_64, + input: *mut u8, + input_len: u32, + ) -> Hacl_Streaming_Types_error_code; +} +extern "C" { + #[doc = "Write the resulting hash into `dst`, an array of 48 bytes. The state remains\nvalid after a call to `finish_384`, meaning the user may feed more data into\nthe hash via `update_384`."] + pub fn Hacl_Streaming_SHA2_finish_384(p: *mut Hacl_Streaming_MD_state_64, dst: *mut u8); +} +extern "C" { + pub fn Hacl_Streaming_SHA2_free_384(p: *mut Hacl_Streaming_MD_state_64); +} +extern "C" { + #[doc = "Hash `input`, of len `input_len`, into `dst`, an array of 48 bytes."] + pub fn Hacl_Streaming_SHA2_hash_384(input: *mut u8, input_len: u32, dst: *mut u8); +} +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct Hacl_Streaming_Keccak_hash_buf_s { + pub fst: Spec_Hash_Definitions_hash_alg, + pub snd: *mut u64, +} +pub type Hacl_Streaming_Keccak_hash_buf = Hacl_Streaming_Keccak_hash_buf_s; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct Hacl_Streaming_Keccak_state_s { + pub block_state: Hacl_Streaming_Keccak_hash_buf, + pub buf: *mut u8, + pub total_len: u64, +} +pub type Hacl_Streaming_Keccak_state = Hacl_Streaming_Keccak_state_s; +extern "C" { + pub fn Hacl_Streaming_Keccak_get_alg( + s: *mut Hacl_Streaming_Keccak_state, + ) -> Spec_Hash_Definitions_hash_alg; +} +extern "C" { + pub fn Hacl_Streaming_Keccak_malloc( + a: Spec_Hash_Definitions_hash_alg, + ) -> *mut Hacl_Streaming_Keccak_state; +} +extern "C" { + pub fn Hacl_Streaming_Keccak_free(s: *mut Hacl_Streaming_Keccak_state); +} +extern "C" { + pub fn Hacl_Streaming_Keccak_copy( + s0: *mut Hacl_Streaming_Keccak_state, + ) -> *mut Hacl_Streaming_Keccak_state; +} +extern "C" { + pub fn Hacl_Streaming_Keccak_reset(s: *mut Hacl_Streaming_Keccak_state); +} +extern "C" { + pub fn Hacl_Streaming_Keccak_update( + p: *mut Hacl_Streaming_Keccak_state, + data: *mut u8, + len: u32, + ) -> Hacl_Streaming_Types_error_code; +} +extern "C" { + pub fn Hacl_Streaming_Keccak_finish( + s: *mut Hacl_Streaming_Keccak_state, + dst: *mut u8, + ) -> Hacl_Streaming_Types_error_code; +} +extern "C" { + pub fn Hacl_Streaming_Keccak_squeeze( + s: *mut Hacl_Streaming_Keccak_state, + dst: *mut u8, + l: u32, + ) -> Hacl_Streaming_Types_error_code; +} +extern "C" { + pub fn Hacl_Streaming_Keccak_block_len(s: *mut Hacl_Streaming_Keccak_state) -> u32; +} +extern "C" { + pub fn Hacl_Streaming_Keccak_hash_len(s: *mut Hacl_Streaming_Keccak_state) -> u32; +} +extern "C" { + pub fn Hacl_Streaming_Keccak_is_shake(s: *mut Hacl_Streaming_Keccak_state) -> bool; +} +extern "C" { + pub fn Hacl_SHA3_shake128_hacl( + inputByteLen: u32, + input: *mut u8, + outputByteLen: u32, + output: *mut u8, + ); +} +extern "C" { + pub fn Hacl_SHA3_shake256_hacl( + inputByteLen: u32, + input: *mut u8, + outputByteLen: u32, + output: *mut u8, + ); +} +extern "C" { + pub fn Hacl_SHA3_sha3_224(inputByteLen: u32, input: *mut u8, output: *mut u8); +} +extern "C" { + pub fn Hacl_SHA3_sha3_256(inputByteLen: u32, input: *mut u8, output: *mut u8); +} +extern "C" { + pub fn Hacl_SHA3_sha3_384(inputByteLen: u32, input: *mut u8, output: *mut u8); +} +extern "C" { + pub fn Hacl_SHA3_sha3_512(inputByteLen: u32, input: *mut u8, output: *mut u8); +} +extern "C" { + pub fn Hacl_Blake2b_32_blake2b_init(hash: *mut u64, kk: u32, nn: u32); +} +extern "C" { + pub fn Hacl_Blake2b_32_blake2b_update_key( + wv: *mut u64, + hash: *mut u64, + kk: u32, + k: *mut u8, + ll: u32, + ); +} +extern "C" { + pub fn Hacl_Blake2b_32_blake2b_finish(nn: u32, output: *mut u8, hash: *mut u64); +} +extern "C" { + #[doc = "Write the BLAKE2b digest of message `d` using key `k` into `output`.\n\n@param nn Length of the to-be-generated digest with 1 <= `nn` <= 64.\n@param output Pointer to `nn` bytes of memory where the digest is written to.\n@param ll Length of the input message.\n@param d Pointer to `ll` bytes of memory where the input message is read from.\n@param kk Length of the key. Can be 0.\n@param k Pointer to `kk` bytes of memory where the key is read from."] + pub fn Hacl_Blake2b_32_blake2b( + nn: u32, + output: *mut u8, + ll: u32, + d: *mut u8, + kk: u32, + k: *mut u8, + ); +} +extern "C" { + pub fn Hacl_Blake2b_32_blake2b_malloc() -> *mut u64; +} +extern "C" { + pub fn Hacl_Blake2s_32_blake2s_init(hash: *mut u32, kk: u32, nn: u32); +} +extern "C" { + pub fn Hacl_Blake2s_32_blake2s_update_key( + wv: *mut u32, + hash: *mut u32, + kk: u32, + k: *mut u8, + ll: u32, + ); +} +extern "C" { + pub fn Hacl_Blake2s_32_blake2s_update_multi( + len: u32, + wv: *mut u32, + hash: *mut u32, + prev: u64, + blocks: *mut u8, + nb: u32, + ); +} +extern "C" { + pub fn Hacl_Blake2s_32_blake2s_update_last( + len: u32, + wv: *mut u32, + hash: *mut u32, + prev: u64, + rem: u32, + d: *mut u8, + ); +} +extern "C" { + pub fn Hacl_Blake2s_32_blake2s_finish(nn: u32, output: *mut u8, hash: *mut u32); +} +extern "C" { + #[doc = "Write the BLAKE2s digest of message `d` using key `k` into `output`.\n\n@param nn Length of to-be-generated digest with 1 <= `nn` <= 32.\n@param output Pointer to `nn` bytes of memory where the digest is written to.\n@param ll Length of the input message.\n@param d Pointer to `ll` bytes of memory where the input message is read from.\n@param kk Length of the key. Can be 0.\n@param k Pointer to `kk` bytes of memory where the key is read from."] + pub fn Hacl_Blake2s_32_blake2s( + nn: u32, + output: *mut u8, + ll: u32, + d: *mut u8, + kk: u32, + k: *mut u8, + ); +} +extern "C" { + pub fn Hacl_Blake2s_32_blake2s_malloc() -> *mut u32; +} +extern "C" { + #[doc = "Write the HMAC-SHA-1 MAC of a message (`data`) by using a key (`key`) into `dst`.\n\nThe key can be any length and will be hashed if it is longer and padded if it is shorter than 64 byte.\n`dst` must point to 20 bytes of memory."] + pub fn Hacl_HMAC_legacy_compute_sha1( + dst: *mut u8, + key: *mut u8, + key_len: u32, + data: *mut u8, + data_len: u32, + ); +} +extern "C" { + #[doc = "Write the HMAC-SHA-2-256 MAC of a message (`data`) by using a key (`key`) into `dst`.\n\nThe key can be any length and will be hashed if it is longer and padded if it is shorter than 64 bytes.\n`dst` must point to 32 bytes of memory."] + pub fn Hacl_HMAC_compute_sha2_256( + dst: *mut u8, + key: *mut u8, + key_len: u32, + data: *mut u8, + data_len: u32, + ); +} +extern "C" { + #[doc = "Write the HMAC-SHA-2-384 MAC of a message (`data`) by using a key (`key`) into `dst`.\n\nThe key can be any length and will be hashed if it is longer and padded if it is shorter than 128 bytes.\n`dst` must point to 48 bytes of memory."] + pub fn Hacl_HMAC_compute_sha2_384( + dst: *mut u8, + key: *mut u8, + key_len: u32, + data: *mut u8, + data_len: u32, + ); +} +extern "C" { + #[doc = "Write the HMAC-SHA-2-512 MAC of a message (`data`) by using a key (`key`) into `dst`.\n\nThe key can be any length and will be hashed if it is longer and padded if it is shorter than 128 bytes.\n`dst` must point to 64 bytes of memory."] + pub fn Hacl_HMAC_compute_sha2_512( + dst: *mut u8, + key: *mut u8, + key_len: u32, + data: *mut u8, + data_len: u32, + ); +} +extern "C" { + #[doc = "Write the HMAC-BLAKE2s MAC of a message (`data`) by using a key (`key`) into `dst`.\n\nThe key can be any length and will be hashed if it is longer and padded if it is shorter than 64 bytes.\n`dst` must point to 32 bytes of memory."] + pub fn Hacl_HMAC_compute_blake2s_32( + dst: *mut u8, + key: *mut u8, + key_len: u32, + data: *mut u8, + data_len: u32, + ); +} +extern "C" { + #[doc = "Write the HMAC-BLAKE2b MAC of a message (`data`) by using a key (`key`) into `dst`.\n\nThe key can be any length and will be hashed if it is longer and padded if it is shorter than 128 bytes.\n`dst` must point to 64 bytes of memory."] + pub fn Hacl_HMAC_compute_blake2b_32( + dst: *mut u8, + key: *mut u8, + key_len: u32, + data: *mut u8, + data_len: u32, + ); +} +pub type Hacl_HMAC_DRBG_supported_alg = Spec_Hash_Definitions_hash_alg; +extern "C" { + #[doc = "Return the minimal entropy input length of the desired hash function.\n\n@param a Hash algorithm to use."] + pub fn Hacl_HMAC_DRBG_min_length(a: Spec_Hash_Definitions_hash_alg) -> u32; +} +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct Hacl_HMAC_DRBG_state_s { + pub k: *mut u8, + pub v: *mut u8, + pub reseed_counter: *mut u32, +} +pub type Hacl_HMAC_DRBG_state = Hacl_HMAC_DRBG_state_s; +extern "C" { + pub fn Hacl_HMAC_DRBG_uu___is_State( + a: Spec_Hash_Definitions_hash_alg, + projectee: Hacl_HMAC_DRBG_state, + ) -> bool; +} +extern "C" { + #[doc = "Create a DRBG state.\n\n@param a Hash algorithm to use. The possible instantiations are ...\n `Spec_Hash_Definitions_SHA2_256`,\n `Spec_Hash_Definitions_SHA2_384`,\n `Spec_Hash_Definitions_SHA2_512`, and\n `Spec_Hash_Definitions_SHA1`."] + pub fn Hacl_HMAC_DRBG_create_in(a: Spec_Hash_Definitions_hash_alg) -> Hacl_HMAC_DRBG_state; +} +extern "C" { + #[doc = "Instantiate the DRBG.\n\n@param a Hash algorithm to use. (Value must match the value used in `Hacl_HMAC_DRBG_create_in`.)\n@param st Pointer to DRBG state.\n@param entropy_input_len Length of entropy input.\n@param entropy_input Pointer to `entropy_input_len` bytes of memory where entropy input is read from.\n@param nonce_len Length of nonce.\n@param nonce Pointer to `nonce_len` bytes of memory where nonce is read from.\n@param personalization_string_len length of personalization string.\n@param personalization_string Pointer to `personalization_string_len` bytes of memory where personalization string is read from."] + pub fn Hacl_HMAC_DRBG_instantiate( + a: Spec_Hash_Definitions_hash_alg, + st: Hacl_HMAC_DRBG_state, + entropy_input_len: u32, + entropy_input: *mut u8, + nonce_len: u32, + nonce: *mut u8, + personalization_string_len: u32, + personalization_string: *mut u8, + ); +} +extern "C" { + #[doc = "Reseed the DRBG.\n\n@param a Hash algorithm to use. (Value must match the value used in `Hacl_HMAC_DRBG_create_in`.)\n@param st Pointer to DRBG state.\n@param entropy_input_len Length of entropy input.\n@param entropy_input Pointer to `entropy_input_len` bytes of memory where entropy input is read from.\n@param additional_input_input_len Length of additional input.\n@param additional_input_input Pointer to `additional_input_input_len` bytes of memory where additional input is read from."] + pub fn Hacl_HMAC_DRBG_reseed( + a: Spec_Hash_Definitions_hash_alg, + st: Hacl_HMAC_DRBG_state, + entropy_input_len: u32, + entropy_input: *mut u8, + additional_input_input_len: u32, + additional_input_input: *mut u8, + ); +} +extern "C" { + #[doc = "Generate output.\n\n@param a Hash algorithm to use. (Value must match the value used in `create_in`.)\n@param output Pointer to `n` bytes of memory where random output is written to.\n@param st Pointer to DRBG state.\n@param n Length of desired output.\n@param additional_input_input_len Length of additional input.\n@param additional_input_input Pointer to `additional_input_input_len` bytes of memory where additional input is read from."] + pub fn Hacl_HMAC_DRBG_generate( + a: Spec_Hash_Definitions_hash_alg, + output: *mut u8, + st: Hacl_HMAC_DRBG_state, + n: u32, + additional_input_len: u32, + additional_input: *mut u8, + ) -> bool; +} +extern "C" { + pub fn Hacl_HMAC_DRBG_free(uu___: Spec_Hash_Definitions_hash_alg, s: Hacl_HMAC_DRBG_state); +} +extern "C" { + #[doc = "Compute the public key from the private key.\n\nThe outparam `public_key` points to 32 bytes of valid memory, i.e., uint8_t[32].\nThe argument `private_key` points to 32 bytes of valid memory, i.e., uint8_t[32]."] + pub fn Hacl_Ed25519_secret_to_public(public_key: *mut u8, private_key: *mut u8); +} +extern "C" { + #[doc = "Compute the expanded keys for an Ed25519 signature.\n\nThe outparam `expanded_keys` points to 96 bytes of valid memory, i.e., uint8_t[96].\nThe argument `private_key` points to 32 bytes of valid memory, i.e., uint8_t[32].\n\nIf one needs to sign several messages under the same private key, it is more efficient\nto call `expand_keys` only once and `sign_expanded` multiple times, for each message."] + pub fn Hacl_Ed25519_expand_keys(expanded_keys: *mut u8, private_key: *mut u8); +} +extern "C" { + #[doc = "Create an Ed25519 signature with the (precomputed) expanded keys.\n\nThe outparam `signature` points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe argument `expanded_keys` points to 96 bytes of valid memory, i.e., uint8_t[96].\nThe argument `msg` points to `msg_len` bytes of valid memory, i.e., uint8_t[msg_len].\n\nThe argument `expanded_keys` is obtained through `expand_keys`.\n\nIf one needs to sign several messages under the same private key, it is more efficient\nto call `expand_keys` only once and `sign_expanded` multiple times, for each message."] + pub fn Hacl_Ed25519_sign_expanded( + signature: *mut u8, + expanded_keys: *mut u8, + msg_len: u32, + msg: *mut u8, + ); +} +extern "C" { + #[doc = "Create an Ed25519 signature.\n\nThe outparam `signature` points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe argument `private_key` points to 32 bytes of valid memory, i.e., uint8_t[32].\nThe argument `msg` points to `msg_len` bytes of valid memory, i.e., uint8_t[msg_len].\n\nThe function first calls `expand_keys` and then invokes `sign_expanded`.\n\nIf one needs to sign several messages under the same private key, it is more efficient\nto call `expand_keys` only once and `sign_expanded` multiple times, for each message."] + pub fn Hacl_Ed25519_sign(signature: *mut u8, private_key: *mut u8, msg_len: u32, msg: *mut u8); +} +extern "C" { + #[doc = "Verify an Ed25519 signature.\n\nThe function returns `true` if the signature is valid and `false` otherwise.\n\nThe argument `public_key` points to 32 bytes of valid memory, i.e., uint8_t[32].\nThe argument `msg` points to `msg_len` bytes of valid memory, i.e., uint8_t[msg_len].\nThe argument `signature` points to 64 bytes of valid memory, i.e., uint8_t[64]."] + pub fn Hacl_Ed25519_verify( + public_key: *mut u8, + msg_len: u32, + msg: *mut u8, + signature: *mut u8, + ) -> bool; +} +extern "C" { + #[doc = "Expand pseudorandom key to desired length.\n\n@param okm Pointer to `len` bytes of memory where output keying material is written to.\n@param prk Pointer to at least `HashLen` bytes of memory where pseudorandom key is read from. Usually, this points to the output from the extract step.\n@param prklen Length of pseudorandom key.\n@param info Pointer to `infolen` bytes of memory where context and application specific information is read from. Can be a zero-length string.\n@param infolen Length of context and application specific information.\n@param len Length of output keying material."] + pub fn Hacl_HKDF_expand_sha2_256( + okm: *mut u8, + prk: *mut u8, + prklen: u32, + info: *mut u8, + infolen: u32, + len: u32, + ); +} +extern "C" { + #[doc = "Extract a fixed-length pseudorandom key from input keying material.\n\n@param prk Pointer to `HashLen` bytes of memory where pseudorandom key is written to.\n@param salt Pointer to `saltlen` bytes of memory where salt value is read from.\n@param saltlen Length of salt value.\n@param ikm Pointer to `ikmlen` bytes of memory where input keying material is read from.\n@param ikmlen Length of input keying material."] + pub fn Hacl_HKDF_extract_sha2_256( + prk: *mut u8, + salt: *mut u8, + saltlen: u32, + ikm: *mut u8, + ikmlen: u32, + ); +} +extern "C" { + #[doc = "Expand pseudorandom key to desired length.\n\n@param okm Pointer to `len` bytes of memory where output keying material is written to.\n@param prk Pointer to at least `HashLen` bytes of memory where pseudorandom key is read from. Usually, this points to the output from the extract step.\n@param prklen Length of pseudorandom key.\n@param info Pointer to `infolen` bytes of memory where context and application specific information is read from. Can be a zero-length string.\n@param infolen Length of context and application specific information.\n@param len Length of output keying material."] + pub fn Hacl_HKDF_expand_sha2_384( + okm: *mut u8, + prk: *mut u8, + prklen: u32, + info: *mut u8, + infolen: u32, + len: u32, + ); +} +extern "C" { + #[doc = "Extract a fixed-length pseudorandom key from input keying material.\n\n@param prk Pointer to `HashLen` bytes of memory where pseudorandom key is written to.\n@param salt Pointer to `saltlen` bytes of memory where salt value is read from.\n@param saltlen Length of salt value.\n@param ikm Pointer to `ikmlen` bytes of memory where input keying material is read from.\n@param ikmlen Length of input keying material."] + pub fn Hacl_HKDF_extract_sha2_384( + prk: *mut u8, + salt: *mut u8, + saltlen: u32, + ikm: *mut u8, + ikmlen: u32, + ); +} +extern "C" { + #[doc = "Expand pseudorandom key to desired length.\n\n@param okm Pointer to `len` bytes of memory where output keying material is written to.\n@param prk Pointer to at least `HashLen` bytes of memory where pseudorandom key is read from. Usually, this points to the output from the extract step.\n@param prklen Length of pseudorandom key.\n@param info Pointer to `infolen` bytes of memory where context and application specific information is read from. Can be a zero-length string.\n@param infolen Length of context and application specific information.\n@param len Length of output keying material."] + pub fn Hacl_HKDF_expand_sha2_512( + okm: *mut u8, + prk: *mut u8, + prklen: u32, + info: *mut u8, + infolen: u32, + len: u32, + ); +} +extern "C" { + #[doc = "Extract a fixed-length pseudorandom key from input keying material.\n\n@param prk Pointer to `HashLen` bytes of memory where pseudorandom key is written to.\n@param salt Pointer to `saltlen` bytes of memory where salt value is read from.\n@param saltlen Length of salt value.\n@param ikm Pointer to `ikmlen` bytes of memory where input keying material is read from.\n@param ikmlen Length of input keying material."] + pub fn Hacl_HKDF_extract_sha2_512( + prk: *mut u8, + salt: *mut u8, + saltlen: u32, + ikm: *mut u8, + ikmlen: u32, + ); +} +extern "C" { + #[doc = "Expand pseudorandom key to desired length.\n\n@param okm Pointer to `len` bytes of memory where output keying material is written to.\n@param prk Pointer to at least `HashLen` bytes of memory where pseudorandom key is read from. Usually, this points to the output from the extract step.\n@param prklen Length of pseudorandom key.\n@param info Pointer to `infolen` bytes of memory where context and application specific information is read from. Can be a zero-length string.\n@param infolen Length of context and application specific information.\n@param len Length of output keying material."] + pub fn Hacl_HKDF_expand_blake2s_32( + okm: *mut u8, + prk: *mut u8, + prklen: u32, + info: *mut u8, + infolen: u32, + len: u32, + ); +} +extern "C" { + #[doc = "Extract a fixed-length pseudorandom key from input keying material.\n\n@param prk Pointer to `HashLen` bytes of memory where pseudorandom key is written to.\n@param salt Pointer to `saltlen` bytes of memory where salt value is read from.\n@param saltlen Length of salt value.\n@param ikm Pointer to `ikmlen` bytes of memory where input keying material is read from.\n@param ikmlen Length of input keying material."] + pub fn Hacl_HKDF_extract_blake2s_32( + prk: *mut u8, + salt: *mut u8, + saltlen: u32, + ikm: *mut u8, + ikmlen: u32, + ); +} +extern "C" { + #[doc = "Expand pseudorandom key to desired length.\n\n@param okm Pointer to `len` bytes of memory where output keying material is written to.\n@param prk Pointer to at least `HashLen` bytes of memory where pseudorandom key is read from. Usually, this points to the output from the extract step.\n@param prklen Length of pseudorandom key.\n@param info Pointer to `infolen` bytes of memory where context and application specific information is read from. Can be a zero-length string.\n@param infolen Length of context and application specific information.\n@param len Length of output keying material."] + pub fn Hacl_HKDF_expand_blake2b_32( + okm: *mut u8, + prk: *mut u8, + prklen: u32, + info: *mut u8, + infolen: u32, + len: u32, + ); +} +extern "C" { + #[doc = "Extract a fixed-length pseudorandom key from input keying material.\n\n@param prk Pointer to `HashLen` bytes of memory where pseudorandom key is written to.\n@param salt Pointer to `saltlen` bytes of memory where salt value is read from.\n@param saltlen Length of salt value.\n@param ikm Pointer to `ikmlen` bytes of memory where input keying material is read from.\n@param ikmlen Length of input keying material."] + pub fn Hacl_HKDF_extract_blake2b_32( + prk: *mut u8, + salt: *mut u8, + saltlen: u32, + ikm: *mut u8, + ikmlen: u32, + ); +} +extern "C" { + #[doc = "Create an ECDSA signature using SHA2-256.\n\nThe function returns `true` for successful creation of an ECDSA signature and `false` otherwise.\n\nThe outparam `signature` (R || S) points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe argument `msg` points to `msg_len` bytes of valid memory, i.e., uint8_t[msg_len].\nThe arguments `private_key` and `nonce` point to 32 bytes of valid memory, i.e., uint8_t[32].\n\nThe function also checks whether `private_key` and `nonce` are valid:\n• 0 < `private_key` < the order of the curve\n• 0 < `nonce` < the order of the curve"] + pub fn Hacl_P256_ecdsa_sign_p256_sha2( + signature: *mut u8, + msg_len: u32, + msg: *mut u8, + private_key: *mut u8, + nonce: *mut u8, + ) -> bool; +} +extern "C" { + #[doc = "Create an ECDSA signature using SHA2-384.\n\nThe function returns `true` for successful creation of an ECDSA signature and `false` otherwise.\n\nThe outparam `signature` (R || S) points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe argument `msg` points to `msg_len` bytes of valid memory, i.e., uint8_t[msg_len].\nThe arguments `private_key` and `nonce` point to 32 bytes of valid memory, i.e., uint8_t[32].\n\nThe function also checks whether `private_key` and `nonce` are valid:\n• 0 < `private_key` < the order of the curve\n• 0 < `nonce` < the order of the curve"] + pub fn Hacl_P256_ecdsa_sign_p256_sha384( + signature: *mut u8, + msg_len: u32, + msg: *mut u8, + private_key: *mut u8, + nonce: *mut u8, + ) -> bool; +} +extern "C" { + #[doc = "Create an ECDSA signature using SHA2-512.\n\nThe function returns `true` for successful creation of an ECDSA signature and `false` otherwise.\n\nThe outparam `signature` (R || S) points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe argument `msg` points to `msg_len` bytes of valid memory, i.e., uint8_t[msg_len].\nThe arguments `private_key` and `nonce` point to 32 bytes of valid memory, i.e., uint8_t[32].\n\nThe function also checks whether `private_key` and `nonce` are valid:\n• 0 < `private_key` < the order of the curve\n• 0 < `nonce` < the order of the curve"] + pub fn Hacl_P256_ecdsa_sign_p256_sha512( + signature: *mut u8, + msg_len: u32, + msg: *mut u8, + private_key: *mut u8, + nonce: *mut u8, + ) -> bool; +} +extern "C" { + #[doc = "Create an ECDSA signature WITHOUT hashing first.\n\nThis function is intended to receive a hash of the input.\nFor convenience, we recommend using one of the hash-and-sign combined functions above.\n\nThe argument `msg` MUST be at least 32 bytes (i.e. `msg_len >= 32`).\n\nNOTE: The equivalent functions in OpenSSL and Fiat-Crypto both accept inputs\nsmaller than 32 bytes. These libraries left-pad the input with enough zeroes to\nreach the minimum 32 byte size. Clients who need behavior identical to OpenSSL\nneed to perform the left-padding themselves.\n\nThe function returns `true` for successful creation of an ECDSA signature and `false` otherwise.\n\nThe outparam `signature` (R || S) points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe argument `msg` points to `msg_len` bytes of valid memory, i.e., uint8_t[msg_len].\nThe arguments `private_key` and `nonce` point to 32 bytes of valid memory, i.e., uint8_t[32].\n\nThe function also checks whether `private_key` and `nonce` are valid values:\n• 0 < `private_key` < the order of the curve\n• 0 < `nonce` < the order of the curve"] + pub fn Hacl_P256_ecdsa_sign_p256_without_hash( + signature: *mut u8, + msg_len: u32, + msg: *mut u8, + private_key: *mut u8, + nonce: *mut u8, + ) -> bool; +} +extern "C" { + #[doc = "Verify an ECDSA signature using SHA2-256.\n\nThe function returns `true` if the signature is valid and `false` otherwise.\n\nThe argument `msg` points to `msg_len` bytes of valid memory, i.e., uint8_t[msg_len].\nThe argument `public_key` (x || y) points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe arguments `signature_r` and `signature_s` point to 32 bytes of valid memory, i.e., uint8_t[32].\n\nThe function also checks whether `public_key` is valid"] + pub fn Hacl_P256_ecdsa_verif_p256_sha2( + msg_len: u32, + msg: *mut u8, + public_key: *mut u8, + signature_r: *mut u8, + signature_s: *mut u8, + ) -> bool; +} +extern "C" { + #[doc = "Verify an ECDSA signature using SHA2-384.\n\nThe function returns `true` if the signature is valid and `false` otherwise.\n\nThe argument `msg` points to `msg_len` bytes of valid memory, i.e., uint8_t[msg_len].\nThe argument `public_key` (x || y) points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe arguments `signature_r` and `signature_s` point to 32 bytes of valid memory, i.e., uint8_t[32].\n\nThe function also checks whether `public_key` is valid"] + pub fn Hacl_P256_ecdsa_verif_p256_sha384( + msg_len: u32, + msg: *mut u8, + public_key: *mut u8, + signature_r: *mut u8, + signature_s: *mut u8, + ) -> bool; +} +extern "C" { + #[doc = "Verify an ECDSA signature using SHA2-512.\n\nThe function returns `true` if the signature is valid and `false` otherwise.\n\nThe argument `msg` points to `msg_len` bytes of valid memory, i.e., uint8_t[msg_len].\nThe argument `public_key` (x || y) points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe arguments `signature_r` and `signature_s` point to 32 bytes of valid memory, i.e., uint8_t[32].\n\nThe function also checks whether `public_key` is valid"] + pub fn Hacl_P256_ecdsa_verif_p256_sha512( + msg_len: u32, + msg: *mut u8, + public_key: *mut u8, + signature_r: *mut u8, + signature_s: *mut u8, + ) -> bool; +} +extern "C" { + #[doc = "Verify an ECDSA signature WITHOUT hashing first.\n\nThis function is intended to receive a hash of the input.\nFor convenience, we recommend using one of the hash-and-verify combined functions above.\n\nThe argument `msg` MUST be at least 32 bytes (i.e. `msg_len >= 32`).\n\nThe function returns `true` if the signature is valid and `false` otherwise.\n\nThe argument `msg` points to `msg_len` bytes of valid memory, i.e., uint8_t[msg_len].\nThe argument `public_key` (x || y) points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe arguments `signature_r` and `signature_s` point to 32 bytes of valid memory, i.e., uint8_t[32].\n\nThe function also checks whether `public_key` is valid"] + pub fn Hacl_P256_ecdsa_verif_without_hash( + msg_len: u32, + msg: *mut u8, + public_key: *mut u8, + signature_r: *mut u8, + signature_s: *mut u8, + ) -> bool; +} +extern "C" { + #[doc = "Public key validation.\n\nThe function returns `true` if a public key is valid and `false` otherwise.\n\nThe argument `public_key` points to 64 bytes of valid memory, i.e., uint8_t[64].\n\nThe public key (x || y) is valid (with respect to SP 800-56A):\n• the public key is not the “point at infinity”, represented as O.\n• the affine x and y coordinates of the point represented by the public key are\nin the range [0, p – 1] where p is the prime defining the finite field.\n• y^2 = x^3 + ax + b where a and b are the coefficients of the curve equation.\nThe last extract is taken from: https://neilmadden.blog/2017/05/17/so-how-do-you-validate-nist-ecdh-public-keys/"] + pub fn Hacl_P256_validate_public_key(public_key: *mut u8) -> bool; +} +extern "C" { + #[doc = "Private key validation.\n\nThe function returns `true` if a private key is valid and `false` otherwise.\n\nThe argument `private_key` points to 32 bytes of valid memory, i.e., uint8_t[32].\n\nThe private key is valid:\n• 0 < `private_key` < the order of the curve"] + pub fn Hacl_P256_validate_private_key(private_key: *mut u8) -> bool; +} +extern "C" { + #[doc = "Convert a public key from uncompressed to its raw form.\n\nThe function returns `true` for successful conversion of a public key and `false` otherwise.\n\nThe outparam `pk_raw` points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe argument `pk` points to 65 bytes of valid memory, i.e., uint8_t[65].\n\nThe function DOESN'T check whether (x, y) is a valid point."] + pub fn Hacl_P256_uncompressed_to_raw(pk: *mut u8, pk_raw: *mut u8) -> bool; +} +extern "C" { + #[doc = "Convert a public key from compressed to its raw form.\n\nThe function returns `true` for successful conversion of a public key and `false` otherwise.\n\nThe outparam `pk_raw` points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe argument `pk` points to 33 bytes of valid memory, i.e., uint8_t[33].\n\nThe function also checks whether (x, y) is a valid point."] + pub fn Hacl_P256_compressed_to_raw(pk: *mut u8, pk_raw: *mut u8) -> bool; +} +extern "C" { + #[doc = "Convert a public key from raw to its uncompressed form.\n\nThe outparam `pk` points to 65 bytes of valid memory, i.e., uint8_t[65].\nThe argument `pk_raw` points to 64 bytes of valid memory, i.e., uint8_t[64].\n\nThe function DOESN'T check whether (x, y) is a valid point."] + pub fn Hacl_P256_raw_to_uncompressed(pk_raw: *mut u8, pk: *mut u8); +} +extern "C" { + #[doc = "Convert a public key from raw to its compressed form.\n\nThe outparam `pk` points to 33 bytes of valid memory, i.e., uint8_t[33].\nThe argument `pk_raw` points to 64 bytes of valid memory, i.e., uint8_t[64].\n\nThe function DOESN'T check whether (x, y) is a valid point."] + pub fn Hacl_P256_raw_to_compressed(pk_raw: *mut u8, pk: *mut u8); +} +extern "C" { + #[doc = "Compute the public key from the private key.\n\nThe function returns `true` if a private key is valid and `false` otherwise.\n\nThe outparam `public_key` points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe argument `private_key` points to 32 bytes of valid memory, i.e., uint8_t[32].\n\nThe private key is valid:\n• 0 < `private_key` < the order of the curve."] + pub fn Hacl_P256_dh_initiator(public_key: *mut u8, private_key: *mut u8) -> bool; +} +extern "C" { + #[doc = "Execute the diffie-hellmann key exchange.\n\nThe function returns `true` for successful creation of an ECDH shared secret and\n`false` otherwise.\n\nThe outparam `shared_secret` points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe argument `their_pubkey` points to 64 bytes of valid memory, i.e., uint8_t[64].\nThe argument `private_key` points to 32 bytes of valid memory, i.e., uint8_t[32].\n\nThe function also checks whether `private_key` and `their_pubkey` are valid."] + pub fn Hacl_P256_dh_responder( + shared_secret: *mut u8, + their_pubkey: *mut u8, + private_key: *mut u8, + ) -> bool; +} +pub type uint32x4_t = [u32; 4usize]; +pub type Lib_IntVector_Intrinsics_vec128 = uint32x4_t; +extern "C" { + #[doc = "Encrypt a message `m` with key `k`.\n\nThe arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption.\nNote: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory.\n\n@param k Pointer to 32 bytes of memory where the AEAD key is read from.\n@param n Pointer to 12 bytes of memory where the AEAD nonce is read from.\n@param aadlen Length of the associated data.\n@param aad Pointer to `aadlen` bytes of memory where the associated data is read from.\n\n@param mlen Length of the message.\n@param m Pointer to `mlen` bytes of memory where the message is read from.\n@param cipher Pointer to `mlen` bytes of memory where the ciphertext is written to.\n@param mac Pointer to 16 bytes of memory where the mac is written to."] + pub fn Hacl_Chacha20Poly1305_128_aead_encrypt( + k: *mut u8, + n: *mut u8, + aadlen: u32, + aad: *mut u8, + mlen: u32, + m: *mut u8, + cipher: *mut u8, + mac: *mut u8, + ); +} +extern "C" { + #[doc = "Decrypt a ciphertext `cipher` with key `k`.\n\nThe arguments `k`, `n`, `aadlen`, and `aad` are same in encryption/decryption.\nNote: Encryption and decryption can be executed in-place, i.e., `m` and `cipher` can point to the same memory.\n\nIf decryption succeeds, the resulting plaintext is stored in `m` and the function returns the success code 0.\nIf decryption fails, the array `m` remains unchanged and the function returns the error code 1.\n\n@param k Pointer to 32 bytes of memory where the AEAD key is read from.\n@param n Pointer to 12 bytes of memory where the AEAD nonce is read from.\n@param aadlen Length of the associated data.\n@param aad Pointer to `aadlen` bytes of memory where the associated data is read from.\n\n@param mlen Length of the ciphertext.\n@param m Pointer to `mlen` bytes of memory where the message is written to.\n@param cipher Pointer to `mlen` bytes of memory where the ciphertext is read from.\n@param mac Pointer to 16 bytes of memory where the mac is read from.\n\n@returns 0 on succeess; 1 on failure."] + pub fn Hacl_Chacha20Poly1305_128_aead_decrypt( + k: *mut u8, + n: *mut u8, + aadlen: u32, + aad: *mut u8, + mlen: u32, + m: *mut u8, + cipher: *mut u8, + mac: *mut u8, + ) -> u32; +} +extern "C" { + pub fn Hacl_Blake2s_128_blake2s_init( + hash: *mut Lib_IntVector_Intrinsics_vec128, + kk: u32, + nn: u32, + ); +} +extern "C" { + pub fn Hacl_Blake2s_128_blake2s_update_key( + wv: *mut Lib_IntVector_Intrinsics_vec128, + hash: *mut Lib_IntVector_Intrinsics_vec128, + kk: u32, + k: *mut u8, + ll: u32, + ); +} +extern "C" { + pub fn Hacl_Blake2s_128_blake2s_update_multi( + len: u32, + wv: *mut Lib_IntVector_Intrinsics_vec128, + hash: *mut Lib_IntVector_Intrinsics_vec128, + prev: u64, + blocks: *mut u8, + nb: u32, + ); +} +extern "C" { + pub fn Hacl_Blake2s_128_blake2s_update_last( + len: u32, + wv: *mut Lib_IntVector_Intrinsics_vec128, + hash: *mut Lib_IntVector_Intrinsics_vec128, + prev: u64, + rem: u32, + d: *mut u8, + ); +} +extern "C" { + pub fn Hacl_Blake2s_128_blake2s_finish( + nn: u32, + output: *mut u8, + hash: *mut Lib_IntVector_Intrinsics_vec128, + ); +} +extern "C" { + #[doc = "Write the BLAKE2s digest of message `d` using key `k` into `output`.\n\n@param nn Length of to-be-generated digest with 1 <= `nn` <= 32.\n@param output Pointer to `nn` bytes of memory where the digest is written to.\n@param ll Length of the input message.\n@param d Pointer to `ll` bytes of memory where the input message is read from.\n@param kk Length of the key. Can be 0.\n@param k Pointer to `kk` bytes of memory where the key is read from."] + pub fn Hacl_Blake2s_128_blake2s( + nn: u32, + output: *mut u8, + ll: u32, + d: *mut u8, + kk: u32, + k: *mut u8, + ); +} +extern "C" { + pub fn Hacl_Blake2s_128_store_state128s_to_state32( + st32: *mut u32, + st: *mut Lib_IntVector_Intrinsics_vec128, + ); +} +extern "C" { + pub fn Hacl_Blake2s_128_load_state128s_from_state32( + st: *mut Lib_IntVector_Intrinsics_vec128, + st32: *mut u32, + ); +} +extern "C" { + pub fn Hacl_Blake2s_128_blake2s_malloc() -> *mut Lib_IntVector_Intrinsics_vec128; +} From 43fe8240b3bc75092b8c7e4ddd36f4e3e3e839c6 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Mon, 18 Sep 2023 09:41:44 +0200 Subject: [PATCH 17/17] skip pqclean for wasm --- Cargo.toml | 2 +- benches/sha3.rs | 1 + sys/hacl/build.rs | 4 ++-- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 7c7d08f73..c1be4ee73 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -38,7 +38,6 @@ quickcheck_macros = "1" serde_json = { version = "1.0" } serde = { version = "1.0", features = ["derive"] } hex = "0.4" -libcrux-pqclean = { version = "*", path = "sys/pqclean" } # Benchmarking "RustCrypto" chacha20poly1305 = "0.10" @@ -53,6 +52,7 @@ wasm-bindgen-test = "0.3" [target.'cfg(not(target_arch = "wasm32"))'.dev-dependencies] criterion = "0.5" +libcrux-pqclean = { version = "*", path = "sys/pqclean" } # Benchmarking "OpenSSL" # XXX: We don't do this for Windows or wasm right now. diff --git a/benches/sha3.rs b/benches/sha3.rs index 65b50502b..516001c5d 100644 --- a/benches/sha3.rs +++ b/benches/sha3.rs @@ -66,6 +66,7 @@ macro_rules! impl_comp { }, ); + #[cfg(not(target_arch = "wasm32"))] if stringify!($fun) != "Sha3_224" { group.bench_with_input( BenchmarkId::new("PQClean", fmt(*payload_size)), diff --git a/sys/hacl/build.rs b/sys/hacl/build.rs index ea1d4356f..480a451f8 100644 --- a/sys/hacl/build.rs +++ b/sys/hacl/build.rs @@ -48,8 +48,8 @@ fn append_aesgcm_flags(platform: &Platform, flags: &mut Vec) { #[allow(dead_code)] fn append_simd128_flags(platform: &Platform, flags: &mut Vec, is_bindgen: bool) { - if platform.target_arch == "x86" - || platform.target_arch == "x86_64" && (is_bindgen || platform.target_env != "msvc") + if (platform.target_arch == "x86" || platform.target_arch == "x86_64") + && (is_bindgen || platform.target_env != "msvc") { flags.push("-msse4.1".to_string()); flags.push("-msse4.2".to_string());