Standard Library: Crypto & Protocol Primitives
A library of cryptographic, TLS 1.3, and HTTP/2 primitives written in pure MIND— no C bindings, no vendored crypto library. Every primitive is verified against the published RFC or NIST known-answer test (KAT) vectors, in keeping with the compiler’s evidence-gated approach: a primitive ships only with its reference vectors passing.
Cryptographic primitives
- AES-128-GCM — authenticated encryption (NIST KAT-verified).
- SHA-256 and HKDF — hashing and key derivation (RFC test vectors).
- Keccak / SHA-3 + SHAKE — FIPS 202 sponge family.
- X25519 — elliptic-curve Diffie-Hellman key agreement (RFC 7748).
- RSA-PSS (SHA-256) — signature verification.
- ECDSA-P256 (SHA-256) — signature verification.
- ML-KEM-768 — post-quantum key encapsulation (FIPS 203).
- X.509 — DER certificate parsing + signature verification (single certificate; no chain-path validation yet).
TLS 1.3 primitives
- Key schedule — HKDF-Expand-Label / Derive-Secret.
- Record layer — AEAD record seal/open.
- Finished MAC + transcript hash.
- Handshake crypto orchestration — verified by replaying the RFC 8448 trace end-to-end.
HTTP primitives
- HPACK — header decompression (RFC 7541; decode-only today).
- HTTP/2 framing — binary frame layer (RFC 9113).
Verification approach
Each module carries its reference vectors as executable checks — AES-GCM against the NIST KATs, the TLS 1.3 handshake against the RFC 8448 keying-material trace, ML-KEM against the FIPS 203 vectors, and so on. The point is the same one the compiler makes elsewhere: a claim ships with the evidence that checks it.
// Shape of the verification harness (illustrative) // Every primitive module ships a kat_* entry point that // returns 0 on success and a nonzero vector index on the // first failing known-answer test. fn kat_aes128_gcm() -> i64; // NIST GCM vectors fn kat_tls13_rfc8448() -> i64; // RFC 8448 handshake replay fn kat_mlkem768() -> i64; // FIPS 203 vectors
Roadmap
- Socket-driven TLS 1.3 client (handshake state machine + I/O).
- Certificate-chain path validation.
- HPACK encoding; broader cipher/signature coverage (ChaCha20-Poly1305, AES-256-GCM, SHA-384/512, Ed25519, ML-DSA).
- Post-quantum hybrid key exchange (X25519MLKEM768).
See also std.io for the syscall surface these modules would pair with, and Determinism for the execution guarantees that apply to this integer-only code.