Derives key material using Concat KDF (NIST SP 800-56A). Also called the single-step or one-step key derivation function.

Concat KDF is a single-step key derivation function that uses a hash function to derive key material from a shared secret and context-specific information.

Parameters

• algorithm: The hash algorithm to use (SHA-1, SHA-2, or SHA-3 family)
• secret: The shared secret from key agreement (e.g., ECDH)
• info: Context and application specific information
• length: Desired output length in bytes (max: 255 * hash_length)

Returns

• Ok(BitArray) - The derived key material of the requested length
• Error(Nil) - If the algorithm is not supported or length is invalid

Compares two BitArray in constant time.

Use this function when comparing secrets like MACs, password hashes, API tokens, or any other security-sensitive data.

Parameters

• a: The first bit array to compare
• b: The second bit array to compare

Returns

True if a and b are equal, False otherwise. The comparison takes the same amount of time regardless of where the arrays differ, preventing timing attacks.

Example

let expected_mac = compute_mac(message, key)
let received_mac = get_mac_from_request()

// Safe: constant-time comparison prevents timing attacks
case crypto.constant_time_equal(expected_mac, received_mac) {
  True -> accept_message()
  False -> reject_message()
}

Computes the hash digest of input data in one call.

Parameters

• algorithm: The hash algorithm to use
• data: The data to hash

Returns

• Ok(BitArray) - The computed hash digest
• Error(Nil) - If the hash algorithm is not supported by the runtime

Derives key material using HKDF (RFC 5869).

HKDF combines an extract-then-expand approach to derive cryptographically strong key material from input key material.

Parameters

• algorithm: The hash algorithm to use (must be HMAC-compatible)
• input: Input key material (IKM) - the source keying material
• salt: Optional salt value (None uses hash-length zeros per RFC 5869)
• info: Context and application specific information
• length: Desired output length in bytes (max: 255 * hash_length)

Returns

• Ok(BitArray) - The derived key material of the requested length
• Error(Nil) - If the algorithm is not supported or length exceeds maximum

Computes the HMAC of input data in one call.

Parameters

• algorithm: The hash algorithm to use for the HMAC
• key: The secret key for authentication
• data: The data to authenticate

Returns

• Ok(BitArray) - The computed message authentication code
• Error(Nil) - If the hash algorithm is not supported

Derives key material from a password using PBKDF2 (RFC 8018).

PBKDF2 applies a pseudorandom function (HMAC) to derive keys from passwords. It is designed to be computationally expensive to resist brute-force attacks.

Parameters

• algorithm: The hash algorithm to use for HMAC (must be HMAC-compatible). SHA-256 or stronger is recommended; MD5 and SHA-1 are weak for password hashing.
• password: The password to derive the key from
• salt: A random salt value (should be unique per password)
• iterations: Number of iterations (higher = slower but more secure)
• length: Desired output length in bytes

Returns

• Ok(BitArray) - The derived key material of the requested length
• Error(Nil) - If the algorithm is not supported, iterations <= 0, or length <= 0

Generates cryptographically secure random bytes using the platform’s cryptographically secure random number generator.

Parameters

• length: The number of random bytes to generate. If negative, returns an empty BitArray.

Returns

A BitArray containing the generated random bytes.

Generates a cryptographically secure random UUID v4.

Returns

A String containing a UUID v4.