sodium

Outdated egg!

This is an egg for CHICKEN 4, the unsupported old release. You're almost certainly looking for the CHICKEN 5 version of this egg, if it exists.

If it does not exist, there may be equivalent functionality provided by another egg; have a look at the egg index. Otherwise, please consider porting this egg to the current version of CHICKEN.

Description

Bindings to the libsodium crypto library, a "portable, cross-compilable, installable, packageable fork of NaCl, with a compatible API, and an extended API to improve usability even further".

API

Sodium

sodium-version-stringprocedure: Returns a string representing the current libsodium version.

sodium-initprocedure: Initializes the library and should be called before any other function provided by Sodium. The function can be called more than once, and can be called simultaneously from multiple threads since libsodium version 1.0.11.

Helpers

constant-time-blob=? a b lenprocedure: Compares two blobs in constant time. Important when a comparison involves secret data (e.g. key, authentication tag), in order to mitigate side-channel attacks.

bin->hex binprocedure: Returns a string containing a hex representation of the binary data in the blob 'bin'.

hex->bin hex #!optional ignoreprocedure: Returns a blob of the binary data represented by the hex string 'hex'. Ignore is a string of characters to skip. For example, the string ": " allows columns and spaces to be present at any locations in the hexadecimal string. These characters will just be ignored. As a result, "69:FC", "69 FC", "69 : FC" and "69FC" will be valid inputs, and will produce the same output.

Hashing

generic-hash-bytesconstant: The minimum *recommended* output size of a generic-hash.

generic-hash-bytes-minconstant: The actual minimum size of a generic-hash.

generic-hash-bytes-maxconstant: The maximum size of a generic-hash.

generic-hash-key-bytesconstant: The recommended size of a generic-hash key.

generic-hash-key-bytes-minconstant: The minimum size of a generic-hash key.

generic-hash-key-bytes-maxconstant: The maximum size of a generic-hash key.

generic-hash data #!key (size generic-hash-bytes) keyprocedure: Returns a fingerprint of 'data' using the BLAKE2b hashing algorithm. Returns a blob of size 'size', which should be between generich-hash-bytes-min and generic-hash-bytes-max. A key can also be specified. A message will always have the same fingerprint for a given key, but different keys used to hash the same message are very likely to produce distinct fingerprints.

generic-hash-init #!key (size generic-hash-bytes) keyprocedure: The streaming API alternative to generic-hash. This function returns a hash state object, which can be updated using generic-hash-update, then the final hash can be obtained using generic-hash-final.

generic-hash-update state dataprocedure: Updates the hash state (returned from a generic-hash-init call) with new data.

generic-hash-final stateprocedure: Returns the current hash value for 'state' (as returned from generic-hash-init) as a blob.

Public-key signatures

sign-public-key-bytesconstant: Size of a ed25519 signing public key in bytes.

sign-secret-key-bytesconstant: Size of a ed25519 signing secret key in bytes.

sign-keypairprocedure: Generates a new ed25519 signing key pair and returns two values the public-key and the secret-key.

sign-ed25519-secret-key->public-key secret-keyprocedure: Extracts the public ed25519 signing key from the secret key.

sign-bytesconstant: Size of an ed25519 signature in bytes.

sign-detached data secret-keyprocedure: Returns a separate ed25519 signature of 'data' as a blob.

sign-verify-detached signature data public-keyprocedure: Verifies a detached signature against 'data' and 'public-key'. Returns #t if verified, #f otherwise.

scalarmult-curve25519-bytesconstant: Size of curve25519 key in bytes.

sign-ed25519-public-key->curve25519procedure

Converts an ed25519 public key to a curve25519 public key.

Note: if you can afford it, using distinct keys for signing and for encryption is still highly recommended.

sign-ed25519-secret-key->curve2551procedure

Converts an ed25519 secret key to a curve25519 secret key.