cryspen · jschneider-bensch · Jul 23, 2024 · Jul 23, 2024 · Aug 1, 2024 · Aug 1, 2024
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/libcrux-ecdh/Cargo.toml b/libcrux-ecdh/Cargo.toml
@@ -15,10 +15,15 @@ path = "src/ecdh.rs"
 [dependencies]
 rand = { version = "0.8" }
 libcrux-hacl = { version = "=0.0.2-alpha.3", path = "../sys/hacl" }
+hacl-rs = { git = "https://github.com/hacl-star/hacl-star.git", branch = "afromher_rs", optional = true }
+
+[features]
+hacl-rs = ["dep:hacl-rs"]
 
 [dev-dependencies]
 rand_core = { version = "0.6" }
 hex = { version = "0.4.3", features = ["serde"] }
 serde_json = { version = "1.0" }
 serde = { version = "1.0", features = ["derive"] }
 pretty_env_logger = "0.5"
+
diff --git a/libcrux-ecdh/src/hacl/curve25519.rs b/libcrux-ecdh/src/hacl/curve25519.rs
@@ -1,3 +1,4 @@
+#[cfg(not(feature = "hacl-rs"))]
 use libcrux_hacl::{Hacl_Curve25519_51_ecdh, Hacl_Curve25519_51_secret_to_public};
 
 #[derive(Debug, PartialEq, Eq, Clone, Copy)]
@@ -14,13 +15,17 @@ pub fn ecdh(
     public_key: impl AsRef<[u8; 32]>,
 ) -> Result<[u8; 32], Error> {
     let mut shared = [0u8; 32];
+    #[cfg(not(feature = "hacl-rs"))]
     let ok = unsafe {
         Hacl_Curve25519_51_ecdh(
             shared.as_mut_ptr(),
             private_key.as_ref().as_ptr() as _,
             public_key.as_ref().as_ptr() as _,
         )
     };
+    #[cfg(feature = "hacl-rs")]
+    let ok =
+        hacl_rs::hacl::curve25519_51::ecdh(&mut shared, private_key.as_ref(), public_key.as_ref());
     if !ok {
         Err(Error::InvalidInput)
     } else {
@@ -32,13 +37,17 @@ pub fn ecdh(
 /// with the base point).
 ///
 /// Returns the 32 bytes shared key.
+
 #[must_use]
 #[inline(always)]
 pub fn secret_to_public(private_key: impl AsRef<[u8; 32]>) -> [u8; 32] {
     let mut public = [0u8; 32];
+    #[cfg(not(feature = "hacl-rs"))]
     unsafe {
         Hacl_Curve25519_51_secret_to_public(public.as_mut_ptr(), private_key.as_ref().as_ptr() as _)
     };
+    #[cfg(feature = "hacl-rs")]
+    hacl_rs::hacl::curve25519_51::secret_to_public(&mut public, private_key.as_ref());
     public
 }
 

diff --git a/libcrux-ecdh/src/hacl/p256.rs b/libcrux-ecdh/src/hacl/p256.rs
@@ -1,3 +1,4 @@
+#[cfg(not(feature = "hacl-rs"))]
 use libcrux_hacl::{
     Hacl_P256_compressed_to_raw, Hacl_P256_dh_initiator, Hacl_P256_dh_responder,
     Hacl_P256_uncompressed_to_raw, Hacl_P256_validate_private_key, Hacl_P256_validate_public_key,
@@ -19,9 +20,13 @@ pub enum Error {
 pub fn uncompressed_to_coordinates(point: &[u8]) -> Result<[u8; 64], Error> {
     let mut concat_point = [0u8; 64];
     if point.len() >= 65 {
+        #[cfg(not(feature = "hacl-rs"))]
         let ok = unsafe {
             Hacl_P256_uncompressed_to_raw(point.as_ptr() as _, concat_point.as_mut_ptr())
         };
+
+        #[cfg(feature = "hacl-rs")]
+        let ok = hacl_rs::hacl::p256::uncompressed_to_raw(point, &mut concat_point);
         if ok {
             Ok(concat_point)
         } else {
@@ -37,8 +42,11 @@ pub fn uncompressed_to_coordinates(point: &[u8]) -> Result<[u8; 64], Error> {
 pub fn compressed_to_coordinates(point: &[u8]) -> Result<[u8; 64], Error> {
     let mut concat_point = [0u8; 64];
     if point.len() >= 33 {
+        #[cfg(not(feature = "hacl-rs"))]
         let ok =
             unsafe { Hacl_P256_compressed_to_raw(point.as_ptr() as _, concat_point.as_mut_ptr()) };
+        #[cfg(feature = "hacl-rs")]
+        let ok = hacl_rs::hacl::p256::compressed_to_raw(point, &mut concat_point);
         if ok {
             Ok(concat_point)
         } else {
@@ -54,7 +62,12 @@ pub fn compressed_to_coordinates(point: &[u8]) -> Result<[u8; 64], Error> {
 ///
 /// Returns [`Error::InvalidPoint`] if the `point` is not valid.
 pub fn validate_point(point: impl AsRef<[u8; 64]>) -> Result<(), Error> {
-    if unsafe { Hacl_P256_validate_public_key(point.as_ref().as_ptr() as _) } {
+    #[cfg(not(feature = "hacl-rs"))]
+    let valid_point = unsafe { Hacl_P256_validate_public_key(point.as_ref().as_ptr() as _) };
+    #[cfg(feature = "hacl-rs")]
+    let valid_point = hacl_rs::hacl::p256::validate_public_key(point.as_ref());
+
+    if valid_point {
         Ok(())
     } else {
         Err(Error::InvalidPoint)
@@ -75,9 +88,12 @@ pub fn validate_scalar_(scalar: &[u8; 32]) -> Result<(), Error> {
     if scalar.as_ref().iter().all(|b| *b == 0) {
         return Err(Error::InvalidScalar);
     }
-
+    #[cfg(not(feature = "hacl-rs"))]
+    let valid_scalar = unsafe { Hacl_P256_validate_private_key(scalar.as_ref().as_ptr() as _) };
+    #[cfg(feature = "hacl-rs")]
+    let valid_scalar = hacl_rs::hacl::p256::validate_private_key(scalar);
     // Ensure that the key is in range  [1, p-1]
-    if unsafe { Hacl_P256_validate_private_key(scalar.as_ref().as_ptr() as _) } {
+    if valid_scalar {
         Ok(())
     } else {
         Err(Error::InvalidScalar)
@@ -108,13 +124,18 @@ pub fn ecdh(
     public_key: impl AsRef<[u8; 64]>,
 ) -> Result<[u8; 64], Error> {
     let mut shared = [0u8; 64];
+    #[cfg(not(feature = "hacl-rs"))]
     let ok = unsafe {
         Hacl_P256_dh_responder(
             shared.as_mut_ptr(),
             public_key.as_ref().as_ptr() as _,
             private_key.as_ref().as_ptr() as _,
         )
     };
+    #[cfg(feature = "hacl-rs")]
+    let ok =
+        hacl_rs::hacl::p256::dh_responder(&mut shared, public_key.as_ref(), private_key.as_ref());
+
     if !ok {
         Err(Error::InvalidInput)
     } else {
@@ -129,7 +150,11 @@ pub fn secret_to_public(s: impl AsRef<[u8; 32]>) -> Result<[u8; 64], Error> {
     validate_scalar(&s)?;
 
     let mut out = [0u8; 64];
-    if unsafe { Hacl_P256_dh_initiator(out.as_mut_ptr(), s.as_ref().as_ptr() as _) } {
+    #[cfg(not(feature = "hacl-rs"))]
+    let ok = unsafe { Hacl_P256_dh_initiator(out.as_mut_ptr(), s.as_ref().as_ptr() as _) };
+    #[cfg(feature = "hacl-rs")]
+    let ok = hacl_rs::hacl::p256::dh_initiator(&mut out, s.as_ref());
+    if ok {
         Ok(out)
     } else {
         Err(Error::InvalidScalar)