package hacl-star

  1. Overview
  2. Docs
package hacl-star
Legend:
Page
Library
Module
Module type
Parameter
Class
Class type
Source

Module Noalloc.DetachedSource

The detached interface uses 2 separate buffers for the ciphertext and the message authentication tag. This allows users to encrypt and decrypt data in-place, in buffer buf.

By default, these functions use the whole buf, but users can choose to only pass a portion of buf, by passing one or both of these optional arguments:

  • offset: start at position offset in buf (0 by default)
  • len: take only the first len bytes in buf, starting at offset (Note: As opposed to not passing len at all, passing len=0 will result in using an empty buffer.)

Buffers have the following size requirements:

  • tag: 16 bytes
  • pk, sk, ck: 32 bytes
  • n: 24 bytes
  • offset: positive, <= size of buf
  • len: positive, <= size of buf - offset

Box

One-shot interface

Sourceval box : buf:bytes -> tag:bytes -> ?offset:int -> ?len:int -> n:bytes -> pk:bytes -> sk:bytes -> unit -> bool

box buf tag n pk sk authenticates and encrypts in-place the plaintext in buf using public key pk, secret key sk, and nonce n and writes the message authentication tag in tag. Returns true if successful.

Sourceval box_open : buf:bytes -> tag:bytes -> ?offset:int -> ?len:int -> n:bytes -> pk:bytes -> sk:bytes -> unit -> bool

box_open buf tag n pk sk attempts to verify and decrypt in-place the ciphertext in ct and message authentication tag tag using public key pk, secret key sk, and nonce n. Returns true if successful.

Precomputation interface

The shared key ck is obtained using NaCl.box_beforenm or NaCl.Noalloc.box_beforenm.

Sourceval box_afternm : buf:bytes -> tag:bytes -> ?offset:int -> ?len:int -> n:bytes -> ck:bytes -> unit -> bool

box buf tag n pk sk authenticates and encrypts in-place the plaintext in buf using shared key ck and nonce n and writes the message authentication tag in tag. Returns true if successful.

Sourceval box_open_afternm : buf:bytes -> tag:bytes -> ?offset:int -> ?len:int -> n:bytes -> ck:bytes -> unit -> bool

box_open buf tag n pk sk attempts to verify and decrypt in-place the ciphertext in ct and message authentication tag tag using shared key ck and nonce n. Returns true if successful.

Secretbox

Sourceval secretbox : buf:bytes -> tag:bytes -> ?offset:int -> ?len:int -> n:bytes -> key:bytes -> unit -> bool

secretbox buf tag n key authenticates and encrypts in-place the plaintext in buf using secret key key and nonce n and writes the message authentication tag in tag. Returns true if successful.

Sourceval secretbox_open : buf:bytes -> tag:bytes -> ?offset:int -> ?len:int -> n:bytes -> key:bytes -> unit -> bool

secretbox_open buf tag n key attempts to verify and decrypt in-place the ciphertext in buf and message authentication tag tag using secret key key and nonce n. Returns true if successful.

OCaml

Innovation. Community. Security.

GitHub Discord Twitter Peertube RSS
About
Changelog Releases Industrial Users Academic Users Why OCaml
Ecosystem
Packages Community Events OCaml Planet Jobs
Resources
Install OCaml Get Started Platform Tools Language Manual Standard Library API Books Exercises Papers OCaml Playground Logo
Policies
Carbon Footprint Governance Privacy Code of Conduct