Version: Next

Crypto API: Hash, HMAC, HKDF

Hash and key-derivation helpers are provided by noxtls-crypto::hash and re-exported at crate root. This page highlights the functions typically used by TLS and device control planes.

Digest APIs

pub fn noxtls_sha1(data: &[u8]) -> [u8; 20]
pub fn noxtls_sha256(data: &[u8]) -> [u8; 32]
pub fn noxtls_sha384(data: &[u8]) -> [u8; 48]
pub fn noxtls_sha512(data: &[u8]) -> [u8; 64]

data: input bytes to hash.
Fixed-size return types make buffer sizing explicit in no_std code.

HMAC APIs

pub fn noxtls_hmac_sha256(key: &[u8], data: &[u8]) -> [u8; 32]

key: HMAC key bytes.
data: authenticated message bytes.
Returns 32-byte authentication tag.

HKDF APIs

pub fn noxtls_hkdf_extract_sha256(salt: &[u8], ikm: &[u8]) -> [u8; 32]
pub fn noxtls_hkdf_expand_sha256(prk: &[u8], info: &[u8], len: usize) -> Result<Vec<u8>>

salt: optional extract salt (empty salt is handled).
ikm: input key material.
prk: pseudorandom key from extract.
info: context string/domain separation.
len: output length (bounded by RFC HKDF limits).

TLS 1.2 helper APIs

pub fn noxtls_tls12_prf_sha256(secret: &[u8], label: &[u8], seed: &[u8], len: usize) -> Result<Vec<u8>>
pub fn noxtls_tls12_finished_verify_data_sha256(
    master_secret: &[u8],
    finished_label: &[u8],
    transcript: &[u8],
) -> Result<[u8; 12]>

noxtls_tls12_prf_sha256 computes RFC 5246 PRF output.
noxtls_tls12_finished_verify_data_sha256 computes the 12-byte Finished verify_data.

Guidance

Use noxtls_sha256 + noxtls_hmac_sha256 for constrained-device interoperability defaults.
Prefer HKDF functions over custom KDF composition in protocol code.
Keep labels/info constants protocol-specific to avoid cross-protocol key reuse.

Per-algorithm pages

Digest and PRF-focused pages: mdigest, SHA-256, SHA-512, SHA-3 / SHAKE256, SHA-1, and status pages for BLAKE2, MD4, MD5, RIPEMD-160. Full index: API index.

Digest APIs​

HMAC APIs​

HKDF APIs​

TLS 1.2 helper APIs​

Guidance​

Per-algorithm pages​