macula_crypto_nif (macula v1.4.30)

View Source

Cryptographic operations for Macula mesh.

This module provides Ed25519 key generation, signing, and verification, BLAKE3 and SHA-256 hashing, and base64 encoding. It uses Rust NIFs when available, falling back to pure Erlang implementations otherwise.

NIF vs Erlang

The Rust NIFs provide significant performance improvements: - Key generation: ~10x faster - Signing: ~5x faster - Verification: ~8x faster - BLAKE3: ~20x faster - SHA-256: ~3x faster

The pure Erlang fallbacks ensure the module works even when NIFs cannot be loaded (e.g., different architecture, missing Rust toolchain).

Summary

Functions

base64_decode(Encoded)

Decode URL-safe base64 data. Returns {ok, Data} or {error, invalid_base64}.

base64_encode(Data)

Encode data as URL-safe base64 (no padding).

blake3(Data)

Compute BLAKE3 hash. Returns 32-byte hash binary.

blake3_hex(Data)

Compute BLAKE3 hash and return as hex string. Returns 64-character hex string.

blake3_streaming(Chunks)

Compute BLAKE3 hash of multiple chunks (streaming). Returns 32-byte hash binary.

blake3_verify(Data, ExpectedHash)

Verify data matches expected BLAKE3 hash.

generate_keypair()

Generate a new Ed25519 keypair. Returns {ok, {PublicKey, PrivateKey}} where both are 32-byte binaries.

is_nif_loaded()

Check if the NIF is loaded.

nif_base64_decode(Encoded)
nif_base64_encode(Data)
nif_blake3(Data)
nif_blake3_hex(Data)
nif_blake3_streaming(Chunks)
nif_blake3_verify(Data, ExpectedHash)
nif_generate_keypair()
nif_secure_compare(A, B)
nif_sha256(Data)
nif_sha256_base64(Data)
nif_sign(Message, PrivateKey)
nif_verify(Message, Signature, PublicKey)
secure_compare(A, B)

Constant-time comparison of two binaries. Important for security - prevents timing attacks.

sha256(Data)

Compute SHA-256 hash. Returns 32-byte hash binary.

sha256_base64(Data)

Compute SHA-256 hash and encode as URL-safe base64. Returns base64-encoded string (no padding).

sign(Message, PrivateKey)

Sign a message with an Ed25519 private key. Returns {ok, Signature} where Signature is a 64-byte binary, or {error, invalid_private_key}.

verify(Message, Signature, PublicKey)

Verify an Ed25519 signature. Returns true if valid, false otherwise.

Functions

base64_decode(Encoded)

-spec base64_decode(Encoded :: binary()) -> {ok, binary()} | {error, atom()}.

Decode URL-safe base64 data. Returns {ok, Data} or {error, invalid_base64}.

base64_encode(Data)

-spec base64_encode(Data :: binary()) -> Encoded :: binary().

Encode data as URL-safe base64 (no padding).

blake3(Data)

-spec blake3(Data :: binary()) -> Hash :: binary().

Compute BLAKE3 hash. Returns 32-byte hash binary.

blake3_hex(Data)

-spec blake3_hex(Data :: binary()) -> HexHash :: binary().

Compute BLAKE3 hash and return as hex string. Returns 64-character hex string.

blake3_streaming(Chunks)

-spec blake3_streaming(Chunks :: [binary()]) -> Hash :: binary().

Compute BLAKE3 hash of multiple chunks (streaming). Returns 32-byte hash binary.

blake3_verify(Data, ExpectedHash)

-spec blake3_verify(Data :: binary(), ExpectedHash :: binary()) -> boolean().

Verify data matches expected BLAKE3 hash.

generate_keypair()

-spec generate_keypair() -> {ok, {PubKey :: binary(), PrivKey :: binary()}}.

Generate a new Ed25519 keypair. Returns {ok, {PublicKey, PrivateKey}} where both are 32-byte binaries.

is_nif_loaded()

-spec is_nif_loaded() -> boolean().

Check if the NIF is loaded.

nif_base64_decode(Encoded)

nif_base64_encode(Data)

nif_blake3(Data)

nif_blake3_hex(Data)

nif_blake3_streaming(Chunks)

nif_blake3_verify(Data, ExpectedHash)

nif_generate_keypair()

nif_secure_compare(A, B)

nif_sha256(Data)

nif_sha256_base64(Data)

nif_sign(Message, PrivateKey)

nif_verify(Message, Signature, PublicKey)

secure_compare(A, B)

-spec secure_compare(A :: binary(), B :: binary()) -> boolean().

Constant-time comparison of two binaries. Important for security - prevents timing attacks.

sha256(Data)

-spec sha256(Data :: binary()) -> Hash :: binary().

Compute SHA-256 hash. Returns 32-byte hash binary.

sha256_base64(Data)

-spec sha256_base64(Data :: binary()) -> Base64Hash :: binary().

Compute SHA-256 hash and encode as URL-safe base64. Returns base64-encoded string (no padding).

sign(Message, PrivateKey)

-spec sign(Message :: binary(), PrivateKey :: binary()) ->
              {ok, Signature :: binary()} | {error, invalid_private_key}.

Sign a message with an Ed25519 private key. Returns {ok, Signature} where Signature is a 64-byte binary, or {error, invalid_private_key}.

verify(Message, Signature, PublicKey)

-spec verify(Message :: binary(), Signature :: binary(), PublicKey :: binary()) -> boolean().

Verify an Ed25519 signature. Returns true if valid, false otherwise.