1
0
Fork
You've already forked sigil-crypto
0
forked from sigil/sigil-crypto
Cryptographic functions for Sigil (SHA, HMAC, base64, random).
  • C 100%
Find a file
David Wilson 7abcd4fcbf v0.15.1: add ECDSA P-256, ECDH P-256, AES-128-GCM, HKDF, base64url
New native bindings (mbedTLS-backed; all primitives already enabled
in sigil_mbedtls_config.h, just unexposed):
- ecdsa-p256-generate-keypair: returns (cons priv-32 pub-65)
- ecdsa-p256-sign: SHA-256 + ECDSA, JOSE format (r||s, 64 bytes)
- ecdsa-p256-verify: JOSE format, with on-curve pubkey validation
- ecdh-p256-shared-secret: 32-byte X coord, on-curve validation
- aes-128-gcm-encrypt: 12-byte IV, 16-byte tag, returns (ct . tag)
- aes-128-gcm-decrypt: returns plaintext or #f on auth fail
Pure-Sigil additions:
- base64url-encode / base64url-decode (RFC 4648 § 5)
- hkdf-sha256-extract / hkdf-sha256-expand / hkdf-sha256 (RFC 5869)
These are the primitives required for IRCv3 WEBPUSH per RFC 8291
(Web Push payload encryption) and RFC 8292 (VAPID).
Tests use known-answer vectors:
- HKDF-SHA256: RFC 5869 §A.2 + §A.3
- ECDH P-256: RFC 5903 §8.1 (initiator + responder views)
- AES-128-GCM: NIST SP 800-38D KAT (zero/zero, zero-PT)
- ECDSA P-256: round-trip + tampered-sig/msg/pub fail tests
 (RFC 6979 deterministic-k vectors not used: MBEDTLS_ECDSA_DETERMINISTIC
 not enabled in our mbedtls config; sign uses random k via CTR-DRBG)
- RFC 8291 § 5 end-to-end: ECDH → HKDF → AES-128-GCM round-trip
Validation invariants enforced:
- Pubkey-on-curve via mbedtls_ecp_check_pubkey before any DH/verify
- Privkey scalar in [1, n-1] before any sign/DH
- Stack copies of private material wiped before unwind
2026年04月30日 16:58:07 +03:00
native v0.15.1: add ECDSA P-256, ECDH P-256, AES-128-GCM, HKDF, base64url 2026年04月30日 16:58:07 +03:00
src/sigil v0.15.1: add ECDSA P-256, ECDH P-256, AES-128-GCM, HKDF, base64url 2026年04月30日 16:58:07 +03:00
test v0.15.1: add ECDSA P-256, ECDH P-256, AES-128-GCM, HKDF, base64url 2026年04月30日 16:58:07 +03:00
vendor/mbedtls feat: Add HMAC-SHA1, PBKDF2-SHA1, and make-bytevector fill parameter 2026年02月20日 18:05:56 +02:00
.gitignore Extract sigil-crypto from sigil monorepo 2026年04月24日 18:02:36 +03:00
.woodpecker.yml Bump CI pin to sigil v0.14.3 2026年04月26日 20:07:32 +03:00
dev-redirects.sgl Extract sigil-crypto from sigil monorepo 2026年04月24日 18:02:36 +03:00
manifest.scm Extract sigil-crypto from sigil monorepo 2026年04月24日 18:02:36 +03:00
package.sgl v0.15.1: add ECDSA P-256, ECDH P-256, AES-128-GCM, HKDF, base64url 2026年04月30日 16:58:07 +03:00
README.md Extract sigil-crypto from sigil monorepo 2026年04月24日 18:02:36 +03:00
sigil.lock Add Woodpecker CI; drop CHANGELOG.md 2026年04月26日 15:01:23 +03:00

sigil-crypto

Cryptographic primitives for Sigil.

Hashing, message authentication, key derivation, base64 encoding, and cryptographically secure random bytes. Built on a vendored mbedTLS and usable independently of TLS.

Modules

Module Purpose
(sigil crypto) SHA/HMAC/PBKDF2 hashes, base64, random bytes

API summary

Procedure Purpose
sha1 SHA-1 hex digest of a string or bytevector
sha256 SHA-256 hex digest of a string or bytevector
sha256-bytes SHA-256 digest as a bytevector
hmac-sha256 HMAC-SHA256 hex digest (key + message)
hmac-sha1 HMAC-SHA1 hex digest (key + message)
pbkdf2-sha1 PBKDF2-SHA1 key derivation (hex digest)
base64-encode Base64 encoding of a string or bytevector
base64-decode Base64 decoding to a string
random-bytes Cryptographically secure random bytevector
timing-safe-equal? Constant-time string comparison

System prerequisites

None beyond a working C toolchain. mbedTLS is vendored under vendor/mbedtls/ and compiled in-tree with a minimal sigil_mbedtls_config.h (TLS 1.2 primitives only — TLS 1.3 and the PSA crypto machinery are compiled out).

Dependencies

  • sigil-stdlib

Build

sigil deps install
sigil build
sigil test --report

The first build compiles ~108 mbedTLS translation units plus native/crypto.c. Subsequent builds hit the cache.

Usage

(import (sigil crypto))
(sha256 "hello") ; => hex string
(sha256-bytes "hello") ; => 32-byte bytevector
(hmac-sha256 "secret-key" "message") ; => hex string
(pbkdf2-sha1 "password" "salt" 4096 20) ; => hex string
(base64-encode "hello") ; => "aGVsbG8="
(base64-decode "aGVsbG8=") ; => "hello"
(random-bytes 16) ; => #u8(...)
(timing-safe-equal? "abc" "abc") ; => #t

License

BSD-3-Clause.

Vendored mbedTLS (under vendor/mbedtls/) is distributed under Apache-2.0 OR GPL-2.0-or-later. sigil-crypto's own sources are BSD-3-Clause. See vendor/mbedtls/LICENSE for the mbedTLS terms.