Tezos: library with all the cryptographic primitives used by Tezos
Module type
Class type
Library tezos-crypto
Module Tezos_crypto . Hacl . Box
type combined

To increase performance, Box uses the precomputation interface, in which rather than passing the public and secret keys separately each time, it first computes a combined key thus avoiding to repeat this step for every call.

type _ key
val skbytes : int

Size of the secret key

val pkbytes : int

Size of the public key

val ckbytes : int

Size of the combined key

val tagbytes : int

Size of the message authentication tag

val equal : 'a key -> 'a key -> bool
val unsafe_to_bytes : _ key -> Bytes.t

unsafe_to_bytes k is the internal Bytes.t where the key is stored. DO NOT MODIFY.

val blit_to_bytes : _ key -> ?pos:int -> Bytes.t -> unit
val unsafe_sk_of_bytes : Bytes.t -> secret key
  • raises Invalid_argument

    if argument is not skbytes bytes long

val unsafe_pk_of_bytes : Bytes.t -> public key
  • raises Invalid_argument

    if argument is not pkbytes bytes long

val unsafe_ck_of_bytes : Bytes.t -> combined key
  • raises Invalid_argument

    if argument is not ckbytes bytes long

val of_seed : ?pos:int -> Bytes.t -> secret key
  • raises Invalid_argument

    if pos is outside the buffer or the buffer is less than skbytes bytes long

val neuterize : secret key -> public key

neuterize sk generates the corresponding public key of sk.

val keypair : unit -> public key * secret key

keypair generates both a secret key and its corresponding public key.

val dh : public key -> secret key -> combined key

dh pk sk computes the combined key from the sender's sk and the recipient's pk.

val box : k:combined key -> nonce:Bytes.t -> msg:Bytes.t -> cmsg:Bytes.t -> unit

box k nonce msg cmsg authenticates and encrypts msg and writes both the message authentication tag and the ciphertext in cmsg. For this reason, csmg needs to be tagbytes longer than msg.

val box_open : k:combined key -> nonce:Bytes.t -> cmsg:Bytes.t -> msg:Bytes.t -> bool

box_open key nonce cmsg msg attempts to verify and decrypt cmsg and if successful writes the plaintext in msg. As above, msg is expected to be tagbytes shorter than cmsg. Returns true if operation has succeeded, false otherwise.

val box_noalloc : k:combined key -> nonce:Bytes.t -> tag:Bytes.t -> buf:Bytes.t -> unit

box_noalloc k nonce tag buf authenticates and encrypts in-place the contents of buf using k and nonce and writes the message authentication tag in tag.

val box_open_noalloc : k:combined key -> nonce:Bytes.t -> tag:Bytes.t -> buf:Bytes.t -> bool

box_open_noalloc k nonce tag buf attempts to verify and decrypt the contents of buf in-place using k, nonce, and tag and returns true if successful.