split decls into separate modules in bearssl/abi (#27)

* split `decls.nim` into smaller modules - allows using parts of the ABI
without compiling all of `bearssl`
* deprecate functions with `Br` prefix - there are duplicate exports
both with and without `Br` for the same function and we use both in
consumers like `chronos` and `libp2p`
* fix several cases of incorrectly mapped types
* use `var` for certain arguments that can't be `nil`
* add script to regenerate ABI with `c2nim`
* consistently use `uint` for length (`int` was sometimes used)

The Split likely needs more cleanup work - this is a first cut to get
the idea in place.

In the new layout, `bearssl/abi/` contains "raw" nim mappings while
hand-written helpers are in `bearssl/`.

.gitignore

@@ -1,2 +1,3 @@
 nimcache/
 *.exe
+gen

README.md

@@ -7,15 +7,51 @@
 [![License: Apache](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
 ![Github action](https://github.com/status-im/nim-bearssl/workflows/CI/badge.svg)
 
-[BearSSL](https://bearssl.org/) wrapper.
+Simple [BearSSL](https://bearssl.org/) wrapper for Nim, fully integrated with the Nim build system.
+
+Applications using `nim-bearssl` are fully stand-alone, needing no additional DLL or shared library.
+
+## Usage
+
+The library is organised into two parts:
+
+* `bearssl/` (except for `abi`) exposes thin wrappers around the raw ABI making the functions more convenient to use in Nim
+* `bearssl/abi` exposes the raw C functions of bearssl
+
+For each `bearssl` header file, a corresponding Nim file exists - `bearssl_rand.h` ~ `bearssl/rand.nim`.
+
+```nim
+# You can import the whole library
+import bearssl
+
+# ... or simply parts thereof, which can save compilation time
+import bearssl/rand
+```
+
+In general, the mappings follow the conventions of the original BearSSL library closely. The following conventions exist:
+
+* the `br_` prefix has been dropped throughout
+* functions taking a `XxxContext*` use `var` and not `ptr`
+* `byte` replaces `unsigned char*` - this type is predominantly used for byte buffers
+* `uint` used instead of `csize_t` - these are the same type in Nim, but spelled more conveniently
+  * Canonical nim code will have to be careful when converting existing `int` lengths, looking out for out-of-range values
 
 ## Installation
 
-You can install the developement version of the library through nimble with the following command
+You can install the developement version of the library through nimble with the following command:
+
 ```
 nimble install bearssl
 ```
 
+`BearSSL` itself is compiled as part of your project - there is no need to install any third-party libraries.
+
+## Developer notes
+
+When updating the library, `c2nim` is used via `regenerate.sh` to update the RAW ABI files. Manual editing is then needed to make a few adjustments to the mapping, after which the files can be generated.
+
+When adding new convenience functions, these should be added to `bearssl/` instead of the generated files.
+
 ## License
 
 Licensed and distributed under either of

bearssl.nim

@@ -1,12 +1,32 @@
 ## Nim-BearSSL
-## Copyright (c) 2018 Status Research & Development GmbH
+## Copyright (c) 2018-2022 Status Research & Development GmbH
 ## Licensed under either of
 ##  * Apache License, version 2.0, ([LICENSE-APACHE](LICENSE-APACHE))
 ##  * MIT license ([LICENSE-MIT](LICENSE-MIT))
 ## at your option.
 ## This file may not be copied, modified, or distributed except according to
 ## those terms.
-import bearssl/[decls, errors]
-export decls, errors
+
+when defined(bearsslSplitAbi):
+  # This will become default in the future - we cannot use it now because there
+  # are duplicate symbols in `decls.nim` - the new ABI can already be accessed
+  # using the more specific imports (`import bearssl/ssl`)
+  import
+    ./bearssl/[
+      aead, blockx, brssl, ec, errors, hash, hmac, kdf, pem, prf, rand, rsa,
+      ssl, x509],
+    ./bearssl/abi/[cacert, config]
+
+  export
+    aead, blockx, brssl, ec, errors, hash, hmac, kdf, pem, prf, rand, rsa,
+    ssl, x509,
+    cacert, config
+
+else:
+  import
+    ./bearssl/[cacert, errors, decls] # Deprecated, will be removed in the future
+
+  export cacert, errors, decls
+
 
 when defined(nimHasUsed): {.used.}

bearssl.nimble

@@ -15,7 +15,7 @@ requires "nim >= 1.2.0",
 proc test(env, path: string) =
   # Compilation language is controlled by TEST_LANG
   exec "nim " & getEnv("TEST_LANG", "c") & " " & getEnv("NIMFLAGS") & " " & env &
-    " -rf --hints:off --skipParentCfg --styleCheck:usages --styleCheck:error " & path
+    " -d:bearsslSplitAbi -rf --hints:off --skipParentCfg --styleCheck:usages --styleCheck:error " & path
 
 task test, "Run tests":
   for path in listFiles(thisDir() / "tests"):

bearssl/abi/bearssl_aead.nim

@@ -0,0 +1,176 @@
+import
+  "."/[bearssl_block, bearssl_hash, csources]
+
+{.pragma: importcFunc, cdecl, gcsafe, noSideEffect, raises: [].}
+{.used.}
+
+const
+  bearAeadPath = bearSrcPath / "aead"
+
+{.compile: bearAeadPath / "ccm.c".}
+{.compile: bearAeadPath / "eax.c".}
+{.compile: bearAeadPath / "gcm.c".}
+
+type
+  AeadClass* {.importc: "br_aead_class", header: "bearssl_aead.h", bycopy.} = object
+    tagSize* {.importc: "tag_size".}: uint
+    reset* {.importc: "reset".}: proc (cc: ptr ptr AeadClass; iv: pointer; len: uint) {.
+        importcFunc.}
+    aadInject* {.importc: "aad_inject".}: proc (cc: ptr ptr AeadClass; data: pointer;
+        len: uint) {.importcFunc.}
+    flip* {.importc: "flip".}: proc (cc: ptr ptr AeadClass) {.importcFunc.}
+    run* {.importc: "run".}: proc (cc: ptr ptr AeadClass; encrypt: cint; data: pointer;
+                               len: uint) {.importcFunc.}
+    getTag* {.importc: "get_tag".}: proc (cc: ptr ptr AeadClass; tag: pointer) {.importcFunc.}
+    checkTag* {.importc: "check_tag".}: proc (cc: ptr ptr AeadClass; tag: pointer): uint32 {.
+        importcFunc.}
+    getTagTrunc* {.importc: "get_tag_trunc".}: proc (cc: ptr ptr AeadClass;
+        tag: pointer; len: uint) {.importcFunc.}
+    checkTagTrunc* {.importc: "check_tag_trunc".}: proc (cc: ptr ptr AeadClass;
+        tag: pointer; len: uint): uint32 {.importcFunc.}
+
+
+
+type
+  GcmContext* {.importc: "br_gcm_context", header: "bearssl_aead.h", bycopy.} = object
+    vtable* {.importc: "vtable".}: ptr AeadClass
+    bctx* {.importc: "bctx".}: ptr ptr BlockCtrClass
+    gh* {.importc: "gh".}: Ghash
+    h* {.importc: "h".}: array[16, byte]
+    j01* {.importc: "j0_1".}: array[12, byte]
+    buf* {.importc: "buf".}: array[16, byte]
+    y* {.importc: "y".}: array[16, byte]
+    j02* {.importc: "j0_2".}: uint32
+    jc* {.importc: "jc".}: uint32
+    countAad* {.importc: "count_aad".}: uint64
+    countCtr* {.importc: "count_ctr".}: uint64
+
+
+
+proc gcmInit*(ctx: var GcmContext; bctx: ptr ptr BlockCtrClass; gh: Ghash) {.importcFunc,
+    importc: "br_gcm_init", header: "bearssl_aead.h".}
+
+proc gcmReset*(ctx: var GcmContext; iv: pointer; len: uint) {.importcFunc,
+    importc: "br_gcm_reset", header: "bearssl_aead.h".}
+
+proc gcmAadInject*(ctx: var GcmContext; data: pointer; len: uint) {.importcFunc,
+    importc: "br_gcm_aad_inject", header: "bearssl_aead.h".}
+
+proc gcmFlip*(ctx: var GcmContext) {.importcFunc, importc: "br_gcm_flip",
+                                 header: "bearssl_aead.h".}
+
+proc gcmRun*(ctx: var GcmContext; encrypt: cint; data: pointer; len: uint) {.importcFunc,
+    importc: "br_gcm_run", header: "bearssl_aead.h".}
+
+proc gcmGetTag*(ctx: var GcmContext; tag: pointer) {.importcFunc, importc: "br_gcm_get_tag",
+    header: "bearssl_aead.h".}
+
+proc gcmCheckTag*(ctx: var GcmContext; tag: pointer): uint32 {.importcFunc,
+    importc: "br_gcm_check_tag", header: "bearssl_aead.h".}
+
+proc gcmGetTagTrunc*(ctx: var GcmContext; tag: pointer; len: uint) {.importcFunc,
+    importc: "br_gcm_get_tag_trunc", header: "bearssl_aead.h".}
+
+proc gcmCheckTagTrunc*(ctx: var GcmContext; tag: pointer; len: uint): uint32 {.importcFunc,
+    importc: "br_gcm_check_tag_trunc", header: "bearssl_aead.h".}
+
+var gcmVtable* {.importc: "br_gcm_vtable", header: "bearssl_aead.h".}: AeadClass
+
+
+type
+  EaxContext* {.importc: "br_eax_context", header: "bearssl_aead.h", bycopy.} = object
+    vtable* {.importc: "vtable".}: ptr AeadClass
+    bctx* {.importc: "bctx".}: ptr ptr BlockCtrcbcClass
+    l2* {.importc: "L2".}: array[16, byte]
+    l4* {.importc: "L4".}: array[16, byte]
+    nonce* {.importc: "nonce".}: array[16, byte]
+    head* {.importc: "head".}: array[16, byte]
+    ctr* {.importc: "ctr".}: array[16, byte]
+    cbcmac* {.importc: "cbcmac".}: array[16, byte]
+    buf* {.importc: "buf".}: array[16, byte]
+    `ptr`* {.importc: "ptr".}: uint
+
+
+
+type
+  EaxState* {.importc: "br_eax_state", header: "bearssl_aead.h", bycopy.} = object
+    st* {.importc: "st".}: array[3, array[16, byte]]
+
+
+
+proc eaxInit*(ctx: var EaxContext; bctx: ptr ptr BlockCtrcbcClass) {.importcFunc,
+    importc: "br_eax_init", header: "bearssl_aead.h".}
+
+proc eaxCapture*(ctx: var EaxContext; st: ptr EaxState) {.importcFunc,
+    importc: "br_eax_capture", header: "bearssl_aead.h".}
+
+proc eaxReset*(ctx: var EaxContext; nonce: pointer; len: uint) {.importcFunc,
+    importc: "br_eax_reset", header: "bearssl_aead.h".}
+
+proc eaxResetPreAad*(ctx: var EaxContext; st: ptr EaxState; nonce: pointer; len: uint) {.
+    importcFunc, importc: "br_eax_reset_pre_aad", header: "bearssl_aead.h".}
+
+proc eaxResetPostAad*(ctx: var EaxContext; st: ptr EaxState; nonce: pointer; len: uint) {.
+    importcFunc, importc: "br_eax_reset_post_aad", header: "bearssl_aead.h".}
+
+proc eaxAadInject*(ctx: var EaxContext; data: pointer; len: uint) {.importcFunc,
+    importc: "br_eax_aad_inject", header: "bearssl_aead.h".}
+
+proc eaxFlip*(ctx: var EaxContext) {.importcFunc, importc: "br_eax_flip",
+                                 header: "bearssl_aead.h".}
+
+proc eaxGetAadMac*(ctx: var EaxContext; st: ptr EaxState) {.inline.} =
+  copyMem(unsafeAddr st.st[1], unsafeAddr ctx.head, sizeof(ctx.head))
+
+
+proc eaxRun*(ctx: var EaxContext; encrypt: cint; data: pointer; len: uint) {.importcFunc,
+    importc: "br_eax_run", header: "bearssl_aead.h".}
+
+proc eaxGetTag*(ctx: var EaxContext; tag: pointer) {.importcFunc, importc: "br_eax_get_tag",
+    header: "bearssl_aead.h".}
+
+proc eaxCheckTag*(ctx: var EaxContext; tag: pointer): uint32 {.importcFunc,
+    importc: "br_eax_check_tag", header: "bearssl_aead.h".}
+
+proc eaxGetTagTrunc*(ctx: var EaxContext; tag: pointer; len: uint) {.importcFunc,
+    importc: "br_eax_get_tag_trunc", header: "bearssl_aead.h".}
+
+proc eaxCheckTagTrunc*(ctx: var EaxContext; tag: pointer; len: uint): uint32 {.importcFunc,
+    importc: "br_eax_check_tag_trunc", header: "bearssl_aead.h".}
+
+var eaxVtable* {.importc: "br_eax_vtable", header: "bearssl_aead.h".}: AeadClass
+
+
+type
+  CcmContext* {.importc: "br_ccm_context", header: "bearssl_aead.h", bycopy.} = object
+    bctx* {.importc: "bctx".}: ptr ptr BlockCtrcbcClass
+    ctr* {.importc: "ctr".}: array[16, byte]
+    cbcmac* {.importc: "cbcmac".}: array[16, byte]
+    tagmask* {.importc: "tagmask".}: array[16, byte]
+    buf* {.importc: "buf".}: array[16, byte]
+    `ptr`* {.importc: "ptr".}: uint
+    tagLen* {.importc: "tag_len".}: uint
+
+
+
+proc ccmInit*(ctx: var CcmContext; bctx: ptr ptr BlockCtrcbcClass) {.importcFunc,
+    importc: "br_ccm_init", header: "bearssl_aead.h".}
+
+proc ccmReset*(ctx: var CcmContext; nonce: pointer; nonceLen: uint; aadLen: uint64;
+              dataLen: uint64; tagLen: uint): cint {.importcFunc,
+    importc: "br_ccm_reset", header: "bearssl_aead.h".}
+
+proc ccmAadInject*(ctx: var CcmContext; data: pointer; len: uint) {.importcFunc,
+    importc: "br_ccm_aad_inject", header: "bearssl_aead.h".}
+
+proc ccmFlip*(ctx: var CcmContext) {.importcFunc, importc: "br_ccm_flip",
+                                 header: "bearssl_aead.h".}
+
+proc ccmRun*(ctx: var CcmContext; encrypt: cint; data: pointer; len: uint) {.importcFunc,
+    importc: "br_ccm_run", header: "bearssl_aead.h".}
+
+proc ccmGetTag*(ctx: var CcmContext; tag: pointer): uint {.importcFunc,
+    importc: "br_ccm_get_tag", header: "bearssl_aead.h".}
+
+proc ccmCheckTag*(ctx: var CcmContext; tag: pointer): uint32 {.importcFunc,
+    importc: "br_ccm_check_tag", header: "bearssl_aead.h".}

bearssl/abi/bearssl_block.nim

@@ -0,0 +1,908 @@
+import
+  "."/[csources, intx]
+
+{.pragma: importcFunc, cdecl, gcsafe, noSideEffect, raises: [].}
+{.used.}
+
+const
+  bearSymcPath = bearSrcPath / "symcipher"
+
+{.compile: bearSymcPath / "aes_big_cbcdec.c".}
+{.compile: bearSymcPath / "aes_big_cbcenc.c".}
+{.compile: bearSymcPath / "aes_big_ctr.c".}
+{.compile: bearSymcPath / "aes_big_ctrcbc.c".}
+{.compile: bearSymcPath / "aes_big_dec.c".}
+{.compile: bearSymcPath / "aes_big_enc.c".}
+{.compile: bearSymcPath / "aes_common.c".}
+{.compile: bearSymcPath / "aes_ct.c".}
+{.compile: bearSymcPath / "aes_ct64.c".}
+{.compile: bearSymcPath / "aes_ct64_cbcdec.c".}
+{.compile: bearSymcPath / "aes_ct64_cbcenc.c".}
+{.compile: bearSymcPath / "aes_ct64_ctr.c".}
+{.compile: bearSymcPath / "aes_ct64_ctrcbc.c".}
+{.compile: bearSymcPath / "aes_ct64_dec.c".}
+{.compile: bearSymcPath / "aes_ct64_enc.c".}
+{.compile: bearSymcPath / "aes_ct_cbcdec.c".}
+{.compile: bearSymcPath / "aes_ct_cbcenc.c".}
+{.compile: bearSymcPath / "aes_ct_ctr.c".}
+{.compile: bearSymcPath / "aes_ct_ctrcbc.c".}
+{.compile: bearSymcPath / "aes_ct_dec.c".}
+{.compile: bearSymcPath / "aes_ct_enc.c".}
+{.compile: bearSymcPath / "aes_pwr8.c".}
+{.compile: bearSymcPath / "aes_pwr8_cbcdec.c".}
+{.compile: bearSymcPath / "aes_pwr8_cbcenc.c".}
+{.compile: bearSymcPath / "aes_pwr8_ctr.c".}
+{.compile: bearSymcPath / "aes_pwr8_ctrcbc.c".}
+{.compile: bearSymcPath / "aes_small_cbcdec.c".}
+{.compile: bearSymcPath / "aes_small_cbcenc.c".}
+{.compile: bearSymcPath / "aes_small_ctr.c".}
+{.compile: bearSymcPath / "aes_small_ctrcbc.c".}
+{.compile: bearSymcPath / "aes_small_dec.c".}
+{.compile: bearSymcPath / "aes_small_enc.c".}
+{.compile: bearSymcPath / "aes_x86ni.c".}
+{.compile: bearSymcPath / "aes_x86ni_cbcdec.c".}
+{.compile: bearSymcPath / "aes_x86ni_cbcenc.c".}
+{.compile: bearSymcPath / "aes_x86ni_ctr.c".}
+{.compile: bearSymcPath / "aes_x86ni_ctrcbc.c".}
+{.compile: bearSymcPath / "chacha20_ct.c".}
+{.compile: bearSymcPath / "chacha20_sse2.c".}
+{.compile: bearSymcPath / "des_ct.c".}
+{.compile: bearSymcPath / "des_ct_cbcdec.c".}
+{.compile: bearSymcPath / "des_ct_cbcenc.c".}
+{.compile: bearSymcPath / "des_support.c".}
+{.compile: bearSymcPath / "des_tab.c".}
+{.compile: bearSymcPath / "des_tab_cbcdec.c".}
+{.compile: bearSymcPath / "des_tab_cbcenc.c".}
+{.compile: bearSymcPath / "poly1305_ctmul.c".}
+{.compile: bearSymcPath / "poly1305_ctmul32.c".}
+{.compile: bearSymcPath / "poly1305_ctmulq.c".}
+{.compile: bearSymcPath / "poly1305_i15.c".}
+
+type
+  BlockCbcencClass* {.importc: "br_block_cbcenc_class", header: "bearssl_block.h",
+                     bycopy.} = object
+    contextSize* {.importc: "context_size".}: uint
+    blockSize* {.importc: "block_size".}: cuint
+    logBlockSize* {.importc: "log_block_size".}: cuint
+    init* {.importc: "init".}: proc (ctx: ptr ptr BlockCbcencClass; key: pointer;
+                                 keyLen: uint) {.importcFunc.}
+    run* {.importc: "run".}: proc (ctx: ptr ptr BlockCbcencClass; iv: pointer;
+                               data: pointer; len: uint) {.importcFunc.}
+
+
+
+type
+  BlockCbcdecClass* {.importc: "br_block_cbcdec_class", header: "bearssl_block.h",
+                     bycopy.} = object
+    contextSize* {.importc: "context_size".}: uint
+    blockSize* {.importc: "block_size".}: cuint
+    logBlockSize* {.importc: "log_block_size".}: cuint
+    init* {.importc: "init".}: proc (ctx: ptr ptr BlockCbcdecClass; key: pointer;
+                                 keyLen: uint) {.importcFunc.}
+    run* {.importc: "run".}: proc (ctx: ptr ptr BlockCbcdecClass; iv: pointer;
+                               data: pointer; len: uint) {.importcFunc.}
+
+
+
+type
+  BlockCtrClass* {.importc: "br_block_ctr_class", header: "bearssl_block.h", bycopy.} = object
+    contextSize* {.importc: "context_size".}: uint
+    blockSize* {.importc: "block_size".}: cuint
+    logBlockSize* {.importc: "log_block_size".}: cuint
+    init* {.importc: "init".}: proc (ctx: ptr ptr BlockCtrClass; key: pointer;
+                                 keyLen: uint) {.importcFunc.}
+    run* {.importc: "run".}: proc (ctx: ptr ptr BlockCtrClass; iv: pointer; cc: uint32;
+                               data: pointer; len: uint): uint32 {.importcFunc.}
+
+
+
+type
+  BlockCtrcbcClass* {.importc: "br_block_ctrcbc_class", header: "bearssl_block.h",
+                     bycopy.} = object
+    contextSize* {.importc: "context_size".}: uint
+    blockSize* {.importc: "block_size".}: cuint
+    logBlockSize* {.importc: "log_block_size".}: cuint
+    init* {.importc: "init".}: proc (ctx: ptr ptr BlockCtrcbcClass; key: pointer;
+                                 keyLen: uint) {.importcFunc.}
+    encrypt* {.importc: "encrypt".}: proc (ctx: ptr ptr BlockCtrcbcClass; ctr: pointer;
+                                       cbcmac: pointer; data: pointer; len: uint) {.
+        importcFunc.}
+    decrypt* {.importc: "decrypt".}: proc (ctx: ptr ptr BlockCtrcbcClass; ctr: pointer;
+                                       cbcmac: pointer; data: pointer; len: uint) {.
+        importcFunc.}
+    ctr* {.importc: "ctr".}: proc (ctx: ptr ptr BlockCtrcbcClass; ctr: pointer;
+                               data: pointer; len: uint) {.importcFunc.}
+    mac* {.importc: "mac".}: proc (ctx: ptr ptr BlockCtrcbcClass; cbcmac: pointer;
+                               data: pointer; len: uint) {.importcFunc.}
+
+
+
+const
+  aesBigBLOCK_SIZE* = 16
+
+
+type
+  AesBigCbcencKeys* {.importc: "br_aes_big_cbcenc_keys", header: "bearssl_block.h",
+                     bycopy.} = object
+    vtable* {.importc: "vtable".}: ptr BlockCbcencClass
+    skey* {.importc: "skey".}: array[60, uint32]
+    numRounds* {.importc: "num_rounds".}: cuint
+
+
+
+type
+  AesBigCbcdecKeys* {.importc: "br_aes_big_cbcdec_keys", header: "bearssl_block.h",
+                     bycopy.} = object
+    vtable* {.importc: "vtable".}: ptr BlockCbcdecClass
+    skey* {.importc: "skey".}: array[60, uint32]
+    numRounds* {.importc: "num_rounds".}: cuint
+
+
+
+type
+  AesBigCtrKeys* {.importc: "br_aes_big_ctr_keys", header: "bearssl_block.h", bycopy.} = object
+    vtable* {.importc: "vtable".}: ptr BlockCtrClass
+    skey* {.importc: "skey".}: array[60, uint32]
+    numRounds* {.importc: "num_rounds".}: cuint
+
+
+
+type
+  AesBigCtrcbcKeys* {.importc: "br_aes_big_ctrcbc_keys", header: "bearssl_block.h",
+                     bycopy.} = object
+    vtable* {.importc: "vtable".}: ptr BlockCtrcbcClass
+    skey* {.importc: "skey".}: array[60, uint32]
+    numRounds* {.importc: "num_rounds".}: cuint
+
+
+var aesBigCbcencVtable* {.importc: "br_aes_big_cbcenc_vtable", header: "bearssl_block.h".}: BlockCbcencClass
+
+
+var aesBigCbcdecVtable* {.importc: "br_aes_big_cbcdec_vtable", header: "bearssl_block.h".}: BlockCbcdecClass
+
+
+var aesBigCtrVtable* {.importc: "br_aes_big_ctr_vtable", header: "bearssl_block.h".}: BlockCtrClass
+
+
+var aesBigCtrcbcVtable* {.importc: "br_aes_big_ctrcbc_vtable", header: "bearssl_block.h".}: BlockCtrcbcClass
+
+
+proc aesBigCbcencInit*(ctx: var AesBigCbcencKeys; key: pointer; len: uint) {.importcFunc,
+    importc: "br_aes_big_cbcenc_init", header: "bearssl_block.h".}
+
+proc aesBigCbcdecInit*(ctx: var AesBigCbcdecKeys; key: pointer; len: uint) {.importcFunc,
+    importc: "br_aes_big_cbcdec_init", header: "bearssl_block.h".}
+
+proc aesBigCtrInit*(ctx: var AesBigCtrKeys; key: pointer; len: uint) {.importcFunc,
+    importc: "br_aes_big_ctr_init", header: "bearssl_block.h".}
+
+proc aesBigCtrcbcInit*(ctx: var AesBigCtrcbcKeys; key: pointer; len: uint) {.importcFunc,
+    importc: "br_aes_big_ctrcbc_init", header: "bearssl_block.h".}
+
+proc aesBigCbcencRun*(ctx: var AesBigCbcencKeys; iv: pointer; data: pointer;
+                     len: uint) {.importcFunc, importc: "br_aes_big_cbcenc_run",
+                                   header: "bearssl_block.h".}
+
+proc aesBigCbcdecRun*(ctx: var AesBigCbcdecKeys; iv: pointer; data: pointer;
+                     len: uint) {.importcFunc, importc: "br_aes_big_cbcdec_run",
+                                   header: "bearssl_block.h".}
+
+proc aesBigCtrRun*(ctx: var AesBigCtrKeys; iv: pointer; cc: uint32; data: pointer;
+                  len: uint): uint32 {.importcFunc, importc: "br_aes_big_ctr_run",
+                                        header: "bearssl_block.h".}
+
+proc aesBigCtrcbcEncrypt*(ctx: var AesBigCtrcbcKeys; ctr: pointer; cbcmac: pointer;
+                         data: pointer; len: uint) {.importcFunc,
+    importc: "br_aes_big_ctrcbc_encrypt", header: "bearssl_block.h".}
+
+proc aesBigCtrcbcDecrypt*(ctx: var AesBigCtrcbcKeys; ctr: pointer; cbcmac: pointer;
+                         data: pointer; len: uint) {.importcFunc,
+    importc: "br_aes_big_ctrcbc_decrypt", header: "bearssl_block.h".}
+
+proc aesBigCtrcbcCtr*(ctx: var AesBigCtrcbcKeys; ctr: pointer; data: pointer;
+                     len: uint) {.importcFunc, importc: "br_aes_big_ctrcbc_ctr",
+                                   header: "bearssl_block.h".}
+
+proc aesBigCtrcbcMac*(ctx: var AesBigCtrcbcKeys; cbcmac: pointer; data: pointer;
+                     len: uint) {.importcFunc, importc: "br_aes_big_ctrcbc_mac",
+                                   header: "bearssl_block.h".}
+
+const
+  aesSmallBLOCK_SIZE* = 16
+
+
+type
+  AesSmallCbcencKeys* {.importc: "br_aes_small_cbcenc_keys",
+                       header: "bearssl_block.h", bycopy.} = object
+    vtable* {.importc: "vtable".}: ptr BlockCbcencClass
+    skey* {.importc: "skey".}: array[60, uint32]
+    numRounds* {.importc: "num_rounds".}: cuint
+
+
+
+type
+  AesSmallCbcdecKeys* {.importc: "br_aes_small_cbcdec_keys",
+                       header: "bearssl_block.h", bycopy.} = object
+    vtable* {.importc: "vtable".}: ptr BlockCbcdecClass
+    skey* {.importc: "skey".}: array[60, uint32]
+    numRounds* {.importc: "num_rounds".}: cuint
+
+
+
+type
+  AesSmallCtrKeys* {.importc: "br_aes_small_ctr_keys", header: "bearssl_block.h",
+                    bycopy.} = object
+    vtable* {.importc: "vtable".}: ptr BlockCtrClass
+    skey* {.importc: "skey".}: array[60, uint32]
+    numRounds* {.importc: "num_rounds".}: cuint
+
+
+
+type
+  AesSmallCtrcbcKeys* {.importc: "br_aes_small_ctrcbc_keys",
+                       header: "bearssl_block.h", bycopy.} = object
+    vtable* {.importc: "vtable".}: ptr BlockCtrcbcClass
+    skey* {.importc: "skey".}: array[60, uint32]
+    numRounds* {.importc: "num_rounds".}: cuint
+
+
+var aesSmallCbcencVtable* {.importc: "br_aes_small_cbcenc_vtable", header: "bearssl_block.h".}: BlockCbcencClass
+
+
+var aesSmallCbcdecVtable* {.importc: "br_aes_small_cbcdec_vtable", header: "bearssl_block.h".}: BlockCbcdecClass
+
+
+var aesSmallCtrVtable* {.importc: "br_aes_small_ctr_vtable", header: "bearssl_block.h".}: BlockCtrClass
+
+
+var aesSmallCtrcbcVtable* {.importc: "br_aes_small_ctrcbc_vtable", header: "bearssl_block.h".}: BlockCtrcbcClass
+
+
+proc aesSmallCbcencInit*(ctx: var AesSmallCbcencKeys; key: pointer; len: uint) {.
+    importcFunc, importc: "br_aes_small_cbcenc_init", header: "bearssl_block.h".}
+
+proc aesSmallCbcdecInit*(ctx: var AesSmallCbcdecKeys; key: pointer; len: uint) {.
+    importcFunc, importc: "br_aes_small_cbcdec_init", header: "bearssl_block.h".}
+
+proc aesSmallCtrInit*(ctx: var AesSmallCtrKeys; key: pointer; len: uint) {.importcFunc,
+    importc: "br_aes_small_ctr_init", header: "bearssl_block.h".}
+
+proc aesSmallCtrcbcInit*(ctx: var AesSmallCtrcbcKeys; key: pointer; len: uint) {.
+    importcFunc, importc: "br_aes_small_ctrcbc_init", header: "bearssl_block.h".}
+
+proc aesSmallCbcencRun*(ctx: var AesSmallCbcencKeys; iv: pointer; data: pointer;
+                       len: uint) {.importcFunc, importc: "br_aes_small_cbcenc_run",
+                                     header: "bearssl_block.h".}
+
+proc aesSmallCbcdecRun*(ctx: var AesSmallCbcdecKeys; iv: pointer; data: pointer;
+                       len: uint) {.importcFunc, importc: "br_aes_small_cbcdec_run",
+                                     header: "bearssl_block.h".}
+
+proc aesSmallCtrRun*(ctx: var AesSmallCtrKeys; iv: pointer; cc: uint32; data: pointer;
+                    len: uint): uint32 {.importcFunc, importc: "br_aes_small_ctr_run",
+    header: "bearssl_block.h".}
+
+proc aesSmallCtrcbcEncrypt*(ctx: var AesSmallCtrcbcKeys; ctr: pointer;
+                           cbcmac: pointer; data: pointer; len: uint) {.importcFunc,
+    importc: "br_aes_small_ctrcbc_encrypt", header: "bearssl_block.h".}
+
+proc aesSmallCtrcbcDecrypt*(ctx: var AesSmallCtrcbcKeys; ctr: pointer;
+                           cbcmac: pointer; data: pointer; len: uint) {.importcFunc,
+    importc: "br_aes_small_ctrcbc_decrypt", header: "bearssl_block.h".}
+
+proc aesSmallCtrcbcCtr*(ctx: var AesSmallCtrcbcKeys; ctr: pointer; data: pointer;
+                       len: uint) {.importcFunc, importc: "br_aes_small_ctrcbc_ctr",
+                                     header: "bearssl_block.h".}
+
+proc aesSmallCtrcbcMac*(ctx: var AesSmallCtrcbcKeys; cbcmac: pointer; data: pointer;
+                       len: uint) {.importcFunc, importc: "br_aes_small_ctrcbc_mac",
+                                     header: "bearssl_block.h".}
+
+const
+  aesCtBLOCK_SIZE* = 16
+
+
+type
+  AesCtCbcencKeys* {.importc: "br_aes_ct_cbcenc_keys", header: "bearssl_block.h",
+                    bycopy.} = object
+    vtable* {.importc: "vtable".}: ptr BlockCbcencClass
+    skey* {.importc: "skey".}: array[60, uint32]
+    numRounds* {.importc: "num_rounds".}: cuint
+
+
+
+type
+  AesCtCbcdecKeys* {.importc: "br_aes_ct_cbcdec_keys", header: "bearssl_block.h",
+                    bycopy.} = object
+    vtable* {.importc: "vtable".}: ptr BlockCbcdecClass
+    skey* {.importc: "skey".}: array[60, uint32]
+    numRounds* {.importc: "num_rounds".}: cuint
+
+
+
+type
+  AesCtCtrKeys* {.importc: "br_aes_ct_ctr_keys", header: "bearssl_block.h", bycopy.} = object
+    vtable* {.importc: "vtable".}: ptr BlockCtrClass
+    skey* {.importc: "skey".}: array[60, uint32]
+    numRounds* {.importc: "num_rounds".}: cuint
+
+
+
+type
+  AesCtCtrcbcKeys* {.importc: "br_aes_ct_ctrcbc_keys", header: "bearssl_block.h",
+                    bycopy.} = object
+    vtable* {.importc: "vtable".}: ptr BlockCtrcbcClass
+    skey* {.importc: "skey".}: array[60, uint32]
+    numRounds* {.importc: "num_rounds".}: cuint
+
+
+var aesCtCbcencVtable* {.importc: "br_aes_ct_cbcenc_vtable", header: "bearssl_block.h".}: BlockCbcencClass
+
+
+var aesCtCbcdecVtable* {.importc: "br_aes_ct_cbcdec_vtable", header: "bearssl_block.h".}: BlockCbcdecClass
+
+
+var aesCtCtrVtable* {.importc: "br_aes_ct_ctr_vtable", header: "bearssl_block.h".}: BlockCtrClass
+
+
+var aesCtCtrcbcVtable* {.importc: "br_aes_ct_ctrcbc_vtable", header: "bearssl_block.h".}: BlockCtrcbcClass
+
+
+proc aesCtCbcencInit*(ctx: var AesCtCbcencKeys; key: pointer; len: uint) {.importcFunc,
+    importc: "br_aes_ct_cbcenc_init", header: "bearssl_block.h".}
+
+proc aesCtCbcdecInit*(ctx: var AesCtCbcdecKeys; key: pointer; len: uint) {.importcFunc,
+    importc: "br_aes_ct_cbcdec_init", header: "bearssl_block.h".}
+
+proc aesCtCtrInit*(ctx: var AesCtCtrKeys; key: pointer; len: uint) {.importcFunc,
+    importc: "br_aes_ct_ctr_init", header: "bearssl_block.h".}
+
+proc aesCtCtrcbcInit*(ctx: var AesCtCtrcbcKeys; key: pointer; len: uint) {.importcFunc,
+    importc: "br_aes_ct_ctrcbc_init", header: "bearssl_block.h".}
+
+proc aesCtCbcencRun*(ctx: var AesCtCbcencKeys; iv: pointer; data: pointer; len: uint) {.
+    importcFunc, importc: "br_aes_ct_cbcenc_run", header: "bearssl_block.h".}
+
+proc aesCtCbcdecRun*(ctx: var AesCtCbcdecKeys; iv: pointer; data: pointer; len: uint) {.
+    importcFunc, importc: "br_aes_ct_cbcdec_run", header: "bearssl_block.h".}
+
+proc aesCtCtrRun*(ctx: var AesCtCtrKeys; iv: pointer; cc: uint32; data: pointer;
+                 len: uint): uint32 {.importcFunc, importc: "br_aes_ct_ctr_run",
+                                       header: "bearssl_block.h".}
+
+proc aesCtCtrcbcEncrypt*(ctx: var AesCtCtrcbcKeys; ctr: pointer; cbcmac: pointer;
+                        data: pointer; len: uint) {.importcFunc,
+    importc: "br_aes_ct_ctrcbc_encrypt", header: "bearssl_block.h".}
+
+proc aesCtCtrcbcDecrypt*(ctx: var AesCtCtrcbcKeys; ctr: pointer; cbcmac: pointer;
+                        data: pointer; len: uint) {.importcFunc,
+    importc: "br_aes_ct_ctrcbc_decrypt", header: "bearssl_block.h".}
+
+proc aesCtCtrcbcCtr*(ctx: var AesCtCtrcbcKeys; ctr: pointer; data: pointer; len: uint) {.
+    importcFunc, importc: "br_aes_ct_ctrcbc_ctr", header: "bearssl_block.h".}
+
+proc aesCtCtrcbcMac*(ctx: var AesCtCtrcbcKeys; cbcmac: pointer; data: pointer;
+                    len: uint) {.importcFunc, importc: "br_aes_ct_ctrcbc_mac",
+                                  header: "bearssl_block.h".}
+
+const
+  aesCt64BLOCK_SIZE* = 16
+
+
+type
+  AesCt64CbcencKeys* {.importc: "br_aes_ct64_cbcenc_keys",
+                      header: "bearssl_block.h", bycopy.} = object
+    vtable* {.importc: "vtable".}: ptr BlockCbcencClass
+    skey* {.importc: "skey".}: array[30, uint64]
+    numRounds* {.importc: "num_rounds".}: cuint
+
+
+
+type
+  AesCt64CbcdecKeys* {.importc: "br_aes_ct64_cbcdec_keys",
+                      header: "bearssl_block.h", bycopy.} = object
+    vtable* {.importc: "vtable".}: ptr BlockCbcdecClass
+    skey* {.importc: "skey".}: array[30, uint64]
+    numRounds* {.importc: "num_rounds".}: cuint
+
+
+
+type
+  AesCt64CtrKeys* {.importc: "br_aes_ct64_ctr_keys", header: "bearssl_block.h",
+                   bycopy.} = object
+    vtable* {.importc: "vtable".}: ptr BlockCtrClass
+    skey* {.importc: "skey".}: array[30, uint64]
+    numRounds* {.importc: "num_rounds".}: cuint
+
+
+
+type
+  AesCt64CtrcbcKeys* {.importc: "br_aes_ct64_ctrcbc_keys",
+                      header: "bearssl_block.h", bycopy.} = object
+    vtable* {.importc: "vtable".}: ptr BlockCtrcbcClass
+    skey* {.importc: "skey".}: array[30, uint64]
+    numRounds* {.importc: "num_rounds".}: cuint
+
+
+var aesCt64CbcencVtable* {.importc: "br_aes_ct64_cbcenc_vtable", header: "bearssl_block.h".}: BlockCbcencClass
+
+
+var aesCt64CbcdecVtable* {.importc: "br_aes_ct64_cbcdec_vtable", header: "bearssl_block.h".}: BlockCbcdecClass
+
+
+var aesCt64CtrVtable* {.importc: "br_aes_ct64_ctr_vtable", header: "bearssl_block.h".}: BlockCtrClass
+
+
+var aesCt64CtrcbcVtable* {.importc: "br_aes_ct64_ctrcbc_vtable", header: "bearssl_block.h".}: BlockCtrcbcClass
+
+
+proc aesCt64CbcencInit*(ctx: var AesCt64CbcencKeys; key: pointer; len: uint) {.importcFunc,
+    importc: "br_aes_ct64_cbcenc_init", header: "bearssl_block.h".}
+
+proc aesCt64CbcdecInit*(ctx: var AesCt64CbcdecKeys; key: pointer; len: uint) {.importcFunc,
+    importc: "br_aes_ct64_cbcdec_init", header: "bearssl_block.h".}
+
+proc aesCt64CtrInit*(ctx: var AesCt64CtrKeys; key: pointer; len: uint) {.importcFunc,
+    importc: "br_aes_ct64_ctr_init", header: "bearssl_block.h".}
+
+proc aesCt64CtrcbcInit*(ctx: var AesCt64CtrcbcKeys; key: pointer; len: uint) {.importcFunc,
+    importc: "br_aes_ct64_ctrcbc_init", header: "bearssl_block.h".}
+
+proc aesCt64CbcencRun*(ctx: var AesCt64CbcencKeys; iv: pointer; data: pointer;
+                      len: uint) {.importcFunc, importc: "br_aes_ct64_cbcenc_run",
+                                    header: "bearssl_block.h".}
+
+proc aesCt64CbcdecRun*(ctx: var AesCt64CbcdecKeys; iv: pointer; data: pointer;
+                      len: uint) {.importcFunc, importc: "br_aes_ct64_cbcdec_run",
+                                    header: "bearssl_block.h".}
+
+proc aesCt64CtrRun*(ctx: var AesCt64CtrKeys; iv: pointer; cc: uint32; data: pointer;
+                   len: uint): uint32 {.importcFunc, importc: "br_aes_ct64_ctr_run",
+    header: "bearssl_block.h".}
+
+proc aesCt64CtrcbcEncrypt*(ctx: var AesCt64CtrcbcKeys; ctr: pointer; cbcmac: pointer;
+                          data: pointer; len: uint) {.importcFunc,
+    importc: "br_aes_ct64_ctrcbc_encrypt", header: "bearssl_block.h".}
+
+proc aesCt64CtrcbcDecrypt*(ctx: var AesCt64CtrcbcKeys; ctr: pointer; cbcmac: pointer;
+                          data: pointer; len: uint) {.importcFunc,
+    importc: "br_aes_ct64_ctrcbc_decrypt", header: "bearssl_block.h".}
+
+proc aesCt64CtrcbcCtr*(ctx: var AesCt64CtrcbcKeys; ctr: pointer; data: pointer;
+                      len: uint) {.importcFunc, importc: "br_aes_ct64_ctrcbc_ctr",
+                                    header: "bearssl_block.h".}
+
+proc aesCt64CtrcbcMac*(ctx: var AesCt64CtrcbcKeys; cbcmac: pointer; data: pointer;
+                      len: uint) {.importcFunc, importc: "br_aes_ct64_ctrcbc_mac",
+                                    header: "bearssl_block.h".}
+
+const
+  aesX86niBLOCK_SIZE* = 16
+
+
+type
+  INNER_C_UNION_bearssl_block_1* {.importc: "br_aes_x86ni_cbcenc_keys::no_name",
+                                  header: "bearssl_block.h", bycopy, union.} = object
+    skni* {.importc: "skni".}: array[16 * 15, byte]
+
+  AesX86niCbcencKeys* {.importc: "br_aes_x86ni_cbcenc_keys",
+                       header: "bearssl_block.h", bycopy.} = object
+    vtable* {.importc: "vtable".}: ptr BlockCbcencClass
+    skey* {.importc: "skey".}: INNER_C_UNION_bearssl_block_1
+    numRounds* {.importc: "num_rounds".}: cuint
+
+
+
+type
+  INNER_C_UNION_bearssl_block_3* {.importc: "br_aes_x86ni_cbcdec_keys::no_name",
+                                  header: "bearssl_block.h", bycopy, union.} = object
+    skni* {.importc: "skni".}: array[16 * 15, byte]
+
+  AesX86niCbcdecKeys* {.importc: "br_aes_x86ni_cbcdec_keys",
+                       header: "bearssl_block.h", bycopy.} = object
+    vtable* {.importc: "vtable".}: ptr BlockCbcdecClass
+    skey* {.importc: "skey".}: INNER_C_UNION_bearssl_block_3
+    numRounds* {.importc: "num_rounds".}: cuint
+
+
+
+type
+  INNER_C_UNION_bearssl_block_5* {.importc: "br_aes_x86ni_ctr_keys::no_name",
+                                  header: "bearssl_block.h", bycopy, union.} = object
+    skni* {.importc: "skni".}: array[16 * 15, byte]
+
+  AesX86niCtrKeys* {.importc: "br_aes_x86ni_ctr_keys", header: "bearssl_block.h",
+                    bycopy.} = object
+    vtable* {.importc: "vtable".}: ptr BlockCtrClass
+    skey* {.importc: "skey".}: INNER_C_UNION_bearssl_block_5
+    numRounds* {.importc: "num_rounds".}: cuint
+
+
+
+type
+  INNER_C_UNION_bearssl_block_7* {.importc: "br_aes_x86ni_ctrcbc_keys::no_name",
+                                  header: "bearssl_block.h", bycopy, union.} = object
+    skni* {.importc: "skni".}: array[16 * 15, byte]
+
+  AesX86niCtrcbcKeys* {.importc: "br_aes_x86ni_ctrcbc_keys",
+                       header: "bearssl_block.h", bycopy.} = object
+    vtable* {.importc: "vtable".}: ptr BlockCtrcbcClass
+    skey* {.importc: "skey".}: INNER_C_UNION_bearssl_block_7
+    numRounds* {.importc: "num_rounds".}: cuint
+
+
+var aesX86niCbcencVtable* {.importc: "br_aes_x86ni_cbcenc_vtable", header: "bearssl_block.h".}: BlockCbcencClass
+
+
+var aesX86niCbcdecVtable* {.importc: "br_aes_x86ni_cbcdec_vtable", header: "bearssl_block.h".}: BlockCbcdecClass
+
+
+var aesX86niCtrVtable* {.importc: "br_aes_x86ni_ctr_vtable", header: "bearssl_block.h".}: BlockCtrClass
+
+
+var aesX86niCtrcbcVtable* {.importc: "br_aes_x86ni_ctrcbc_vtable", header: "bearssl_block.h".}: BlockCtrcbcClass
+
+
+proc aesX86niCbcencInit*(ctx: var AesX86niCbcencKeys; key: pointer; len: uint) {.
+    importcFunc, importc: "br_aes_x86ni_cbcenc_init", header: "bearssl_block.h".}
+
+proc aesX86niCbcdecInit*(ctx: var AesX86niCbcdecKeys; key: pointer; len: uint) {.
+    importcFunc, importc: "br_aes_x86ni_cbcdec_init", header: "bearssl_block.h".}
+
+proc aesX86niCtrInit*(ctx: var AesX86niCtrKeys; key: pointer; len: uint) {.importcFunc,
+    importc: "br_aes_x86ni_ctr_init", header: "bearssl_block.h".}
+
+proc aesX86niCtrcbcInit*(ctx: var AesX86niCtrcbcKeys; key: pointer; len: uint) {.
+    importcFunc, importc: "br_aes_x86ni_ctrcbc_init", header: "bearssl_block.h".}
+
+proc aesX86niCbcencRun*(ctx: var AesX86niCbcencKeys; iv: pointer; data: pointer;
+                       len: uint) {.importcFunc, importc: "br_aes_x86ni_cbcenc_run",
+                                     header: "bearssl_block.h".}
+
+proc aesX86niCbcdecRun*(ctx: var AesX86niCbcdecKeys; iv: pointer; data: pointer;
+                       len: uint) {.importcFunc, importc: "br_aes_x86ni_cbcdec_run",
+                                     header: "bearssl_block.h".}
+
+proc aesX86niCtrRun*(ctx: var AesX86niCtrKeys; iv: pointer; cc: uint32; data: pointer;
+                    len: uint): uint32 {.importcFunc, importc: "br_aes_x86ni_ctr_run",
+    header: "bearssl_block.h".}
+
+proc aesX86niCtrcbcEncrypt*(ctx: var AesX86niCtrcbcKeys; ctr: pointer;
+                           cbcmac: pointer; data: pointer; len: uint) {.importcFunc,
+    importc: "br_aes_x86ni_ctrcbc_encrypt", header: "bearssl_block.h".}
+
+proc aesX86niCtrcbcDecrypt*(ctx: var AesX86niCtrcbcKeys; ctr: pointer;
+                           cbcmac: pointer; data: pointer; len: uint) {.importcFunc,
+    importc: "br_aes_x86ni_ctrcbc_decrypt", header: "bearssl_block.h".}
+
+proc aesX86niCtrcbcCtr*(ctx: var AesX86niCtrcbcKeys; ctr: pointer; data: pointer;
+                       len: uint) {.importcFunc, importc: "br_aes_x86ni_ctrcbc_ctr",
+                                     header: "bearssl_block.h".}
+
+proc aesX86niCtrcbcMac*(ctx: var AesX86niCtrcbcKeys; cbcmac: pointer; data: pointer;
+                       len: uint) {.importcFunc, importc: "br_aes_x86ni_ctrcbc_mac",
+                                     header: "bearssl_block.h".}
+
+proc aesX86niCbcencGetVtable*(): ptr BlockCbcencClass {.importcFunc,
+    importc: "br_aes_x86ni_cbcenc_get_vtable", header: "bearssl_block.h".}
+
+proc aesX86niCbcdecGetVtable*(): ptr BlockCbcdecClass {.importcFunc,
+    importc: "br_aes_x86ni_cbcdec_get_vtable", header: "bearssl_block.h".}
+
+proc aesX86niCtrGetVtable*(): ptr BlockCtrClass {.importcFunc,
+    importc: "br_aes_x86ni_ctr_get_vtable", header: "bearssl_block.h".}
+
+proc aesX86niCtrcbcGetVtable*(): ptr BlockCtrcbcClass {.importcFunc,
+    importc: "br_aes_x86ni_ctrcbc_get_vtable", header: "bearssl_block.h".}
+
+const
+  aesPwr8BLOCK_SIZE* = 16
+
+
+type
+  INNER_C_UNION_bearssl_block_9* {.importc: "br_aes_pwr8_cbcenc_keys::no_name",
+                                  header: "bearssl_block.h", bycopy, union.} = object
+    skni* {.importc: "skni".}: array[16 * 15, byte]
+
+  AesPwr8CbcencKeys* {.importc: "br_aes_pwr8_cbcenc_keys",
+                      header: "bearssl_block.h", bycopy.} = object
+    vtable* {.importc: "vtable".}: ptr BlockCbcencClass
+    skey* {.importc: "skey".}: INNER_C_UNION_bearssl_block_9
+    numRounds* {.importc: "num_rounds".}: cuint
+
+
+
+type
+  INNER_C_UNION_bearssl_block_11* {.importc: "br_aes_pwr8_cbcdec_keys::no_name",
+                                   header: "bearssl_block.h", bycopy, union.} = object
+    skni* {.importc: "skni".}: array[16 * 15, byte]
+
+  AesPwr8CbcdecKeys* {.importc: "br_aes_pwr8_cbcdec_keys",
+                      header: "bearssl_block.h", bycopy.} = object
+    vtable* {.importc: "vtable".}: ptr BlockCbcdecClass
+    skey* {.importc: "skey".}: INNER_C_UNION_bearssl_block_11
+    numRounds* {.importc: "num_rounds".}: cuint
+
+
+
+type
+  INNER_C_UNION_bearssl_block_13* {.importc: "br_aes_pwr8_ctr_keys::no_name",
+                                   header: "bearssl_block.h", bycopy, union.} = object
+    skni* {.importc: "skni".}: array[16 * 15, byte]
+
+  AesPwr8CtrKeys* {.importc: "br_aes_pwr8_ctr_keys", header: "bearssl_block.h",
+                   bycopy.} = object
+    vtable* {.importc: "vtable".}: ptr BlockCtrClass
+    skey* {.importc: "skey".}: INNER_C_UNION_bearssl_block_13
+    numRounds* {.importc: "num_rounds".}: cuint
+
+
+
+type
+  INNER_C_UNION_bearssl_block_15* {.importc: "br_aes_pwr8_ctrcbc_keys::no_name",
+                                   header: "bearssl_block.h", bycopy, union.} = object
+    skni* {.importc: "skni".}: array[16 * 15, byte]
+
+  AesPwr8CtrcbcKeys* {.importc: "br_aes_pwr8_ctrcbc_keys",
+                      header: "bearssl_block.h", bycopy.} = object
+    vtable* {.importc: "vtable".}: ptr BlockCtrcbcClass
+    skey* {.importc: "skey".}: INNER_C_UNION_bearssl_block_15
+    numRounds* {.importc: "num_rounds".}: cuint
+
+
+var aesPwr8CbcencVtable* {.importc: "br_aes_pwr8_cbcenc_vtable", header: "bearssl_block.h".}: BlockCbcencClass
+
+
+var aesPwr8CbcdecVtable* {.importc: "br_aes_pwr8_cbcdec_vtable", header: "bearssl_block.h".}: BlockCbcdecClass
+
+
+var aesPwr8CtrVtable* {.importc: "br_aes_pwr8_ctr_vtable", header: "bearssl_block.h".}: BlockCtrClass
+
+
+var aesPwr8CtrcbcVtable* {.importc: "br_aes_pwr8_ctrcbc_vtable", header: "bearssl_block.h".}: BlockCtrcbcClass
+
+
+proc aesPwr8CbcencInit*(ctx: var AesPwr8CbcencKeys; key: pointer; len: uint) {.importcFunc,
+    importc: "br_aes_pwr8_cbcenc_init", header: "bearssl_block.h".}
+
+proc aesPwr8CbcdecInit*(ctx: var AesPwr8CbcdecKeys; key: pointer; len: uint) {.importcFunc,
+    importc: "br_aes_pwr8_cbcdec_init", header: "bearssl_block.h".}
+
+proc aesPwr8CtrInit*(ctx: var AesPwr8CtrKeys; key: pointer; len: uint) {.importcFunc,
+    importc: "br_aes_pwr8_ctr_init", header: "bearssl_block.h".}
+
+proc aesPwr8CtrcbcInit*(ctx: var AesPwr8CtrcbcKeys; key: pointer; len: uint) {.importcFunc,
+    importc: "br_aes_pwr8_ctrcbc_init", header: "bearssl_block.h".}
+
+proc aesPwr8CbcencRun*(ctx: var AesPwr8CbcencKeys; iv: pointer; data: pointer;
+                      len: uint) {.importcFunc, importc: "br_aes_pwr8_cbcenc_run",
+                                    header: "bearssl_block.h".}
+
+proc aesPwr8CbcdecRun*(ctx: var AesPwr8CbcdecKeys; iv: pointer; data: pointer;
+                      len: uint) {.importcFunc, importc: "br_aes_pwr8_cbcdec_run",
+                                    header: "bearssl_block.h".}
+
+proc aesPwr8CtrRun*(ctx: var AesPwr8CtrKeys; iv: pointer; cc: uint32; data: pointer;
+                   len: uint): uint32 {.importcFunc, importc: "br_aes_pwr8_ctr_run",
+    header: "bearssl_block.h".}
+
+proc aesPwr8CtrcbcEncrypt*(ctx: var AesPwr8CtrcbcKeys; ctr: pointer; cbcmac: pointer;
+                          data: pointer; len: uint) {.importcFunc,
+    importc: "br_aes_pwr8_ctrcbc_encrypt", header: "bearssl_block.h".}
+
+proc aesPwr8CtrcbcDecrypt*(ctx: var AesPwr8CtrcbcKeys; ctr: pointer; cbcmac: pointer;
+                          data: pointer; len: uint) {.importcFunc,
+    importc: "br_aes_pwr8_ctrcbc_decrypt", header: "bearssl_block.h".}
+
+proc aesPwr8CtrcbcCtr*(ctx: var AesPwr8CtrcbcKeys; ctr: pointer; data: pointer;
+                      len: uint) {.importcFunc, importc: "br_aes_pwr8_ctrcbc_ctr",
+                                    header: "bearssl_block.h".}
+
+proc aesPwr8CtrcbcMac*(ctx: var AesPwr8CtrcbcKeys; cbcmac: pointer; data: pointer;
+                      len: uint) {.importcFunc, importc: "br_aes_pwr8_ctrcbc_mac",
+                                    header: "bearssl_block.h".}
+
+proc aesPwr8CbcencGetVtable*(): ptr BlockCbcencClass {.importcFunc,
+    importc: "br_aes_pwr8_cbcenc_get_vtable", header: "bearssl_block.h".}
+
+proc aesPwr8CbcdecGetVtable*(): ptr BlockCbcdecClass {.importcFunc,
+    importc: "br_aes_pwr8_cbcdec_get_vtable", header: "bearssl_block.h".}
+
+proc aesPwr8CtrGetVtable*(): ptr BlockCtrClass {.importcFunc,
+    importc: "br_aes_pwr8_ctr_get_vtable", header: "bearssl_block.h".}
+
+proc aesPwr8CtrcbcGetVtable*(): ptr BlockCtrcbcClass {.importcFunc,
+    importc: "br_aes_pwr8_ctrcbc_get_vtable", header: "bearssl_block.h".}
+
+type
+  AesGenCbcencKeys* {.importc: "br_aes_gen_cbcenc_keys", header: "bearssl_block.h",
+                     bycopy, union.} = object
+    vtable* {.importc: "vtable".}: ptr BlockCbcencClass
+    cBig* {.importc: "c_big".}: AesBigCbcencKeys
+    cSmall* {.importc: "c_small".}: AesSmallCbcencKeys
+    cCt* {.importc: "c_ct".}: AesCtCbcencKeys
+    cCt64* {.importc: "c_ct64".}: AesCt64CbcencKeys
+    cX86ni* {.importc: "c_x86ni".}: AesX86niCbcencKeys
+    cPwr8* {.importc: "c_pwr8".}: AesPwr8CbcencKeys
+
+
+
+type
+  AesGenCbcdecKeys* {.importc: "br_aes_gen_cbcdec_keys", header: "bearssl_block.h",
+                     bycopy, union.} = object
+    vtable* {.importc: "vtable".}: ptr BlockCbcdecClass
+    cBig* {.importc: "c_big".}: AesBigCbcdecKeys
+    cSmall* {.importc: "c_small".}: AesSmallCbcdecKeys
+    cCt* {.importc: "c_ct".}: AesCtCbcdecKeys
+    cCt64* {.importc: "c_ct64".}: AesCt64CbcdecKeys
+    cX86ni* {.importc: "c_x86ni".}: AesX86niCbcdecKeys
+    cPwr8* {.importc: "c_pwr8".}: AesPwr8CbcdecKeys
+
+
+
+type
+  AesGenCtrKeys* {.importc: "br_aes_gen_ctr_keys", header: "bearssl_block.h", bycopy,
+                  union.} = object
+    vtable* {.importc: "vtable".}: ptr BlockCtrClass
+    cBig* {.importc: "c_big".}: AesBigCtrKeys
+    cSmall* {.importc: "c_small".}: AesSmallCtrKeys
+    cCt* {.importc: "c_ct".}: AesCtCtrKeys
+    cCt64* {.importc: "c_ct64".}: AesCt64CtrKeys
+    cX86ni* {.importc: "c_x86ni".}: AesX86niCtrKeys
+    cPwr8* {.importc: "c_pwr8".}: AesPwr8CtrKeys
+
+
+
+type
+  AesGenCtrcbcKeys* {.importc: "br_aes_gen_ctrcbc_keys", header: "bearssl_block.h",
+                     bycopy, union.} = object
+    vtable* {.importc: "vtable".}: ptr BlockCtrcbcClass
+    cBig* {.importc: "c_big".}: AesBigCtrcbcKeys
+    cSmall* {.importc: "c_small".}: AesSmallCtrcbcKeys
+    cCt* {.importc: "c_ct".}: AesCtCtrcbcKeys
+    cCt64* {.importc: "c_ct64".}: AesCt64CtrcbcKeys
+    cX86ni* {.importc: "c_x86ni".}: AesX86niCtrcbcKeys
+    cPwr8* {.importc: "c_pwr8".}: AesPwr8CtrcbcKeys
+
+
+
+const
+  desTabBLOCK_SIZE* = 8
+
+
+type
+  DesTabCbcencKeys* {.importc: "br_des_tab_cbcenc_keys", header: "bearssl_block.h",
+                     bycopy.} = object
+    vtable* {.importc: "vtable".}: ptr BlockCbcencClass
+    skey* {.importc: "skey".}: array[96, uint32]
+    numRounds* {.importc: "num_rounds".}: cuint
+
+
+
+type
+  DesTabCbcdecKeys* {.importc: "br_des_tab_cbcdec_keys", header: "bearssl_block.h",
+                     bycopy.} = object
+    vtable* {.importc: "vtable".}: ptr BlockCbcdecClass
+    skey* {.importc: "skey".}: array[96, uint32]
+    numRounds* {.importc: "num_rounds".}: cuint
+
+
+var desTabCbcencVtable* {.importc: "br_des_tab_cbcenc_vtable", header: "bearssl_block.h".}: BlockCbcencClass
+
+
+var desTabCbcdecVtable* {.importc: "br_des_tab_cbcdec_vtable", header: "bearssl_block.h".}: BlockCbcdecClass
+
+
+proc desTabCbcencInit*(ctx: var DesTabCbcencKeys; key: pointer; len: uint) {.importcFunc,
+    importc: "br_des_tab_cbcenc_init", header: "bearssl_block.h".}
+
+proc desTabCbcdecInit*(ctx: var DesTabCbcdecKeys; key: pointer; len: uint) {.importcFunc,
+    importc: "br_des_tab_cbcdec_init", header: "bearssl_block.h".}
+
+proc desTabCbcencRun*(ctx: var DesTabCbcencKeys; iv: pointer; data: pointer;
+                     len: uint) {.importcFunc, importc: "br_des_tab_cbcenc_run",
+                                   header: "bearssl_block.h".}
+
+proc desTabCbcdecRun*(ctx: var DesTabCbcdecKeys; iv: pointer; data: pointer;
+                     len: uint) {.importcFunc, importc: "br_des_tab_cbcdec_run",
+                                   header: "bearssl_block.h".}
+
+const
+  desCtBLOCK_SIZE* = 8
+
+
+type
+  DesCtCbcencKeys* {.importc: "br_des_ct_cbcenc_keys", header: "bearssl_block.h",
+                    bycopy.} = object
+    vtable* {.importc: "vtable".}: ptr BlockCbcencClass
+    skey* {.importc: "skey".}: array[96, uint32]
+    numRounds* {.importc: "num_rounds".}: cuint
+
+
+
+type
+  DesCtCbcdecKeys* {.importc: "br_des_ct_cbcdec_keys", header: "bearssl_block.h",
+                    bycopy.} = object
+    vtable* {.importc: "vtable".}: ptr BlockCbcdecClass
+    skey* {.importc: "skey".}: array[96, uint32]
+    numRounds* {.importc: "num_rounds".}: cuint
+
+
+var desCtCbcencVtable* {.importc: "br_des_ct_cbcenc_vtable", header: "bearssl_block.h".}: BlockCbcencClass
+
+
+var desCtCbcdecVtable* {.importc: "br_des_ct_cbcdec_vtable", header: "bearssl_block.h".}: BlockCbcdecClass
+
+
+proc desCtCbcencInit*(ctx: var DesCtCbcencKeys; key: pointer; len: uint) {.importcFunc,
+    importc: "br_des_ct_cbcenc_init", header: "bearssl_block.h".}
+
+proc desCtCbcdecInit*(ctx: var DesCtCbcdecKeys; key: pointer; len: uint) {.importcFunc,
+    importc: "br_des_ct_cbcdec_init", header: "bearssl_block.h".}
+
+proc desCtCbcencRun*(ctx: var DesCtCbcencKeys; iv: pointer; data: pointer; len: uint) {.
+    importcFunc, importc: "br_des_ct_cbcenc_run", header: "bearssl_block.h".}
+
+proc desCtCbcdecRun*(ctx: var DesCtCbcdecKeys; iv: pointer; data: pointer; len: uint) {.
+    importcFunc, importc: "br_des_ct_cbcdec_run", header: "bearssl_block.h".}
+
+type
+  DesGenCbcencKeys* {.importc: "br_des_gen_cbcenc_keys", header: "bearssl_block.h",
+                     bycopy, union.} = object
+    vtable* {.importc: "vtable".}: ptr BlockCbcencClass
+    tab* {.importc: "tab".}: DesTabCbcencKeys
+    ct* {.importc: "ct".}: DesCtCbcencKeys
+
+
+
+type
+  DesGenCbcdecKeys* {.importc: "br_des_gen_cbcdec_keys", header: "bearssl_block.h",
+                     bycopy, union.} = object
+    vtable* {.importc: "vtable".}: ptr BlockCbcdecClass
+    cTab* {.importc: "c_tab".}: DesTabCbcdecKeys
+    cCt* {.importc: "c_ct".}: DesCtCbcdecKeys
+
+
+
+type
+  Chacha20Run* {.importc: "br_chacha20_run".} = proc (key: pointer; iv: pointer; cc: uint32; data: pointer; len: uint): uint32 {.
+      importcFunc.}
+
+
+proc chacha20CtRun*(key: pointer; iv: pointer; cc: uint32; data: pointer; len: uint): uint32 {.
+    importcFunc, importc: "br_chacha20_ct_run", header: "bearssl_block.h".}
+
+proc chacha20Sse2Run*(key: pointer; iv: pointer; cc: uint32; data: pointer; len: uint): uint32 {.
+    importcFunc, importc: "br_chacha20_sse2_run", header: "bearssl_block.h".}
+
+proc chacha20Sse2Get*(): Chacha20Run {.importcFunc, importc: "br_chacha20_sse2_get",
+                                    header: "bearssl_block.h".}
+
+type
+  Poly1305Run* {.importc: "br_poly1305_run".} = proc (key: pointer; iv: pointer; data: pointer; len: uint;
+                    aad: pointer; aadLen: uint; tag: pointer; ichacha: Chacha20Run;
+                    encrypt: cint) {.importcFunc.}
+
+
+proc poly1305CtmulRun*(key: pointer; iv: pointer; data: pointer; len: uint;
+                      aad: pointer; aadLen: uint; tag: pointer;
+                      ichacha: Chacha20Run; encrypt: cint) {.importcFunc,
+    importc: "br_poly1305_ctmul_run", header: "bearssl_block.h".}
+
+proc poly1305Ctmul32Run*(key: pointer; iv: pointer; data: pointer; len: uint;
+                        aad: pointer; aadLen: uint; tag: pointer;
+                        ichacha: Chacha20Run; encrypt: cint) {.importcFunc,
+    importc: "br_poly1305_ctmul32_run", header: "bearssl_block.h".}
+
+proc poly1305I15Run*(key: pointer; iv: pointer; data: pointer; len: uint;
+                    aad: pointer; aadLen: uint; tag: pointer; ichacha: Chacha20Run;
+                    encrypt: cint) {.importcFunc, importc: "br_poly1305_i15_run",
+                                   header: "bearssl_block.h".}
+
+proc poly1305CtmulqRun*(key: pointer; iv: pointer; data: pointer; len: uint;
+                       aad: pointer; aadLen: uint; tag: pointer;
+                       ichacha: Chacha20Run; encrypt: cint) {.importcFunc,
+    importc: "br_poly1305_ctmulq_run", header: "bearssl_block.h".}
+
+proc poly1305CtmulqGet*(): Poly1305Run {.importcFunc, importc: "br_poly1305_ctmulq_get",
+                                      header: "bearssl_block.h".}

bearssl/abi/bearssl_ec.nim

@@ -0,0 +1,334 @@
+import
+  "."/[bearssl_hash, bearssl_rand, csources, intx]
+
+{.pragma: importcFunc, cdecl, gcsafe, noSideEffect, raises: [].}
+{.used.}
+
+const
+  bearEcPath = bearSrcPath / "ec"
+
+{.compile: bearEcPath / "ecdsa_atr.c".}
+{.compile: bearEcPath / "ecdsa_default_sign_asn1.c".}
+{.compile: bearEcPath / "ecdsa_default_sign_raw.c".}
+{.compile: bearEcPath / "ecdsa_default_vrfy_asn1.c".}
+{.compile: bearEcPath / "ecdsa_default_vrfy_raw.c".}
+{.compile: bearEcPath / "ecdsa_i15_bits.c".}
+{.compile: bearEcPath / "ecdsa_i15_sign_asn1.c".}
+{.compile: bearEcPath / "ecdsa_i15_sign_raw.c".}
+{.compile: bearEcPath / "ecdsa_i15_vrfy_asn1.c".}
+{.compile: bearEcPath / "ecdsa_i15_vrfy_raw.c".}
+{.compile: bearEcPath / "ecdsa_i31_bits.c".}
+{.compile: bearEcPath / "ecdsa_i31_sign_asn1.c".}
+{.compile: bearEcPath / "ecdsa_i31_sign_raw.c".}
+{.compile: bearEcPath / "ecdsa_i31_vrfy_asn1.c".}
+{.compile: bearEcPath / "ecdsa_i31_vrfy_raw.c".}
+{.compile: bearEcPath / "ecdsa_rta.c".}
+{.compile: bearEcPath / "ec_all_m15.c".}
+{.compile: bearEcPath / "ec_all_m31.c".}
+{.compile: bearEcPath / "ec_c25519_i15.c".}
+{.compile: bearEcPath / "ec_c25519_i31.c".}
+{.compile: bearEcPath / "ec_c25519_m15.c".}
+{.compile: bearEcPath / "ec_c25519_m31.c".}
+{.compile: bearEcPath / "ec_c25519_m62.c".}
+{.compile: bearEcPath / "ec_c25519_m64.c".}
+{.compile: bearEcPath / "ec_curve25519.c".}
+{.compile: bearEcPath / "ec_default.c".}
+{.compile: bearEcPath / "ec_keygen.c".}
+{.compile: bearEcPath / "ec_p256_m15.c".}
+{.compile: bearEcPath / "ec_p256_m31.c".}
+{.compile: bearEcPath / "ec_p256_m62.c".}
+{.compile: bearEcPath / "ec_p256_m64.c".}
+{.compile: bearEcPath / "ec_prime_i15.c".}
+{.compile: bearEcPath / "ec_prime_i31.c".}
+{.compile: bearEcPath / "ec_pubkey.c".}
+{.compile: bearEcPath / "ec_secp256r1.c".}
+{.compile: bearEcPath / "ec_secp384r1.c".}
+{.compile: bearEcPath / "ec_secp521r1.c".}
+
+
+const
+  EC_sect163k1* = 1
+
+
+const
+  EC_sect163r1* = 2
+
+
+const
+  EC_sect163r2* = 3
+
+
+const
+  EC_sect193r1* = 4
+
+
+const
+  EC_sect193r2* = 5
+
+
+const
+  EC_sect233k1* = 6
+
+
+const
+  EC_sect233r1* = 7
+
+
+const
+  EC_sect239k1* = 8
+
+
+const
+  EC_sect283k1* = 9
+
+
+const
+  EC_sect283r1* = 10
+
+
+const
+  EC_sect409k1* = 11
+
+
+const
+  EC_sect409r1* = 12
+
+
+const
+  EC_sect571k1* = 13
+
+
+const
+  EC_sect571r1* = 14
+
+
+const
+  EC_secp160k1* = 15
+
+
+const
+  EC_secp160r1* = 16
+
+
+const
+  EC_secp160r2* = 17
+
+
+const
+  EC_secp192k1* = 18
+
+
+const
+  EC_secp192r1* = 19
+
+
+const
+  EC_secp224k1* = 20
+
+
+const
+  EC_secp224r1* = 21
+
+
+const
+  EC_secp256k1* = 22
+
+
+const
+  EC_secp256r1* = 23
+
+
+const
+  EC_secp384r1* = 24
+
+
+const
+  EC_secp521r1* = 25
+
+
+const
+  EC_brainpoolP256r1* = 26
+
+
+const
+  EC_brainpoolP384r1* = 27
+
+
+const
+  EC_brainpoolP512r1* = 28
+
+
+const
+  EC_curve25519* = 29
+
+
+const
+  EC_curve448* = 30
+
+
+type
+  EcPublicKey* {.importc: "br_ec_public_key", header: "bearssl_ec.h", bycopy.} = object
+    curve* {.importc: "curve".}: cint
+    q* {.importc: "q".}: ptr byte
+    qlen* {.importc: "qlen".}: uint
+
+
+
+type
+  EcPrivateKey* {.importc: "br_ec_private_key", header: "bearssl_ec.h", bycopy.} = object
+    curve* {.importc: "curve".}: cint
+    x* {.importc: "x".}: ptr byte
+    xlen* {.importc: "xlen".}: uint
+
+
+
+type
+  EcImpl* {.importc: "br_ec_impl", header: "bearssl_ec.h", bycopy.} = object
+    supportedCurves* {.importc: "supported_curves".}: uint32
+    generator* {.importc: "generator".}: proc (curve: cint; len: var uint): ptr byte {.
+        importcFunc.}
+    order* {.importc: "order".}: proc (curve: cint; len: var uint): ptr byte {.importcFunc.}
+    xoff* {.importc: "xoff".}: proc (curve: cint; len: var uint): uint {.importcFunc.}
+    mul* {.importc: "mul".}: proc (g: ptr byte; glen: uint; x: ptr byte;
+                               xlen: uint; curve: cint): uint32 {.importcFunc.}
+    mulgen* {.importc: "mulgen".}: proc (r: ptr byte; x: ptr byte; xlen: uint;
+                                     curve: cint): uint {.importcFunc.}
+    muladd* {.importc: "muladd".}: proc (a: ptr byte; b: ptr byte; len: uint;
+                                     x: ptr byte; xlen: uint; y: ptr byte;
+                                     ylen: uint; curve: cint): uint32 {.importcFunc.}
+
+
+var ecPrimeI31* {.importc: "br_ec_prime_i31", header: "bearssl_ec.h".}: EcImpl
+
+
+var ecPrimeI15* {.importc: "br_ec_prime_i15", header: "bearssl_ec.h".}: EcImpl
+
+
+var ecP256M15* {.importc: "br_ec_p256_m15", header: "bearssl_ec.h".}: EcImpl
+
+
+var ecP256M31* {.importc: "br_ec_p256_m31", header: "bearssl_ec.h".}: EcImpl
+
+
+var ecP256M62* {.importc: "br_ec_p256_m62", header: "bearssl_ec.h".}: EcImpl
+
+
+proc ecP256M62Get*(): ptr EcImpl {.importcFunc, importc: "br_ec_p256_m62_get",
+                               header: "bearssl_ec.h".}
+
+var ecP256M64* {.importc: "br_ec_p256_m64", header: "bearssl_ec.h".}: EcImpl
+
+
+proc ecP256M64Get*(): ptr EcImpl {.importcFunc, importc: "br_ec_p256_m64_get",
+                               header: "bearssl_ec.h".}
+
+
+var ecC25519I15* {.importc: "br_ec_c25519_i15", header: "bearssl_ec.h".}: EcImpl
+
+
+var ecC25519I31* {.importc: "br_ec_c25519_i31", header: "bearssl_ec.h".}: EcImpl
+
+
+var ecC25519M15* {.importc: "br_ec_c25519_m15", header: "bearssl_ec.h".}: EcImpl
+
+
+var ecC25519M31* {.importc: "br_ec_c25519_m31", header: "bearssl_ec.h".}: EcImpl
+
+
+var ecC25519M62* {.importc: "br_ec_c25519_m62", header: "bearssl_ec.h".}: EcImpl
+
+
+proc ecC25519M62Get*(): ptr EcImpl {.importcFunc, importc: "br_ec_c25519_m62_get",
+                                 header: "bearssl_ec.h".}
+
+var ecC25519M64* {.importc: "br_ec_c25519_m64", header: "bearssl_ec.h".}: EcImpl
+
+
+proc ecC25519M64Get*(): ptr EcImpl {.importcFunc, importc: "br_ec_c25519_m64_get",
+                                 header: "bearssl_ec.h".}
+
+
+var ecAllM15* {.importc: "br_ec_all_m15", header: "bearssl_ec.h".}: EcImpl
+
+
+var ecAllM31* {.importc: "br_ec_all_m31", header: "bearssl_ec.h".}: EcImpl
+
+
+proc ecGetDefault*(): ptr EcImpl {.importcFunc, importc: "br_ec_get_default",
+                               header: "bearssl_ec.h".}
+
+proc ecdsaRawToAsn1*(sig: pointer; sigLen: uint): uint {.importcFunc,
+    importc: "br_ecdsa_raw_to_asn1", header: "bearssl_ec.h".}
+
+proc ecdsaAsn1ToRaw*(sig: pointer; sigLen: uint): uint {.importcFunc,
+    importc: "br_ecdsa_asn1_to_raw", header: "bearssl_ec.h".}
+
+type
+  EcdsaSign* {.importc: "br_ecdsa_sign".} = proc (impl: ptr EcImpl; hf: ptr HashClass; hashValue: pointer;
+                  sk: ptr EcPrivateKey; sig: pointer): uint {.importcFunc.}
+
+
+type
+  EcdsaVrfy* {.importc: "br_ecdsa_vrfy".} = proc (impl: ptr EcImpl; hash: pointer; hashLen: uint;
+                  pk: ptr EcPublicKey; sig: pointer; sigLen: uint): uint32 {.importcFunc.}
+
+
+proc ecdsaI31SignAsn1*(impl: ptr EcImpl; hf: ptr HashClass; hashValue: pointer;
+                      sk: ptr EcPrivateKey; sig: pointer): uint {.importcFunc,
+    importc: "br_ecdsa_i31_sign_asn1", header: "bearssl_ec.h".}
+
+proc ecdsaI31SignRaw*(impl: ptr EcImpl; hf: ptr HashClass; hashValue: pointer;
+                     sk: ptr EcPrivateKey; sig: pointer): uint {.importcFunc,
+    importc: "br_ecdsa_i31_sign_raw", header: "bearssl_ec.h".}
+
+proc ecdsaI31VrfyAsn1*(impl: ptr EcImpl; hash: pointer; hashLen: uint;
+                      pk: ptr EcPublicKey; sig: pointer; sigLen: uint): uint32 {.
+    importcFunc, importc: "br_ecdsa_i31_vrfy_asn1", header: "bearssl_ec.h".}
+
+proc ecdsaI31VrfyRaw*(impl: ptr EcImpl; hash: pointer; hashLen: uint;
+                     pk: ptr EcPublicKey; sig: pointer; sigLen: uint): uint32 {.
+    importcFunc, importc: "br_ecdsa_i31_vrfy_raw", header: "bearssl_ec.h".}
+
+proc ecdsaI15SignAsn1*(impl: ptr EcImpl; hf: ptr HashClass; hashValue: pointer;
+                      sk: ptr EcPrivateKey; sig: pointer): uint {.importcFunc,
+    importc: "br_ecdsa_i15_sign_asn1", header: "bearssl_ec.h".}
+
+proc ecdsaI15SignRaw*(impl: ptr EcImpl; hf: ptr HashClass; hashValue: pointer;
+                     sk: ptr EcPrivateKey; sig: pointer): uint {.importcFunc,
+    importc: "br_ecdsa_i15_sign_raw", header: "bearssl_ec.h".}
+
+proc ecdsaI15VrfyAsn1*(impl: ptr EcImpl; hash: pointer; hashLen: uint;
+                      pk: ptr EcPublicKey; sig: pointer; sigLen: uint): uint32 {.
+    importcFunc, importc: "br_ecdsa_i15_vrfy_asn1", header: "bearssl_ec.h".}
+
+proc ecdsaI15VrfyRaw*(impl: ptr EcImpl; hash: pointer; hashLen: uint;
+                     pk: ptr EcPublicKey; sig: pointer; sigLen: uint): uint32 {.
+    importcFunc, importc: "br_ecdsa_i15_vrfy_raw", header: "bearssl_ec.h".}
+
+proc ecdsaSignAsn1GetDefault*(): EcdsaSign {.importcFunc,
+    importc: "br_ecdsa_sign_asn1_get_default", header: "bearssl_ec.h".}
+
+proc ecdsaSignRawGetDefault*(): EcdsaSign {.importcFunc,
+    importc: "br_ecdsa_sign_raw_get_default", header: "bearssl_ec.h".}
+
+proc ecdsaVrfyAsn1GetDefault*(): EcdsaVrfy {.importcFunc,
+    importc: "br_ecdsa_vrfy_asn1_get_default", header: "bearssl_ec.h".}
+
+proc ecdsaVrfyRawGetDefault*(): EcdsaVrfy {.importcFunc,
+    importc: "br_ecdsa_vrfy_raw_get_default", header: "bearssl_ec.h".}
+
+const
+  EC_KBUF_PRIV_MAX_SIZE* = 72
+
+
+const
+  EC_KBUF_PUB_MAX_SIZE* = 145
+
+
+proc ecKeygen*(rngCtx: ptr ptr PrngClass; impl: ptr EcImpl; sk: ptr EcPrivateKey;
+              kbuf: pointer; curve: cint): uint {.importcFunc, importc: "br_ec_keygen",
+    header: "bearssl_ec.h".}
+
+proc ecComputePub*(impl: ptr EcImpl; pk: ptr EcPublicKey; kbuf: pointer;
+                  sk: ptr EcPrivateKey): uint {.importcFunc,
+    importc: "br_ec_compute_pub", header: "bearssl_ec.h".}

bearssl/abi/bearssl_hash.nim

@@ -0,0 +1,368 @@
+import
+  "."/[csources, inner]
+
+{.pragma: importcFunc, cdecl, gcsafe, noSideEffect, raises: [].}
+{.used.}
+
+const
+  bearHashPath = bearSrcPath / "hash"
+
+{.compile: bearHashPath / "dig_oid.c".}
+{.compile: bearHashPath / "dig_size.c".}
+{.compile: bearHashPath / "ghash_ctmul.c".}
+{.compile: bearHashPath / "ghash_ctmul32.c".}
+{.compile: bearHashPath / "ghash_ctmul64.c".}
+{.compile: bearHashPath / "ghash_pclmul.c".}
+{.compile: bearHashPath / "ghash_pwr8.c".}
+{.compile: bearHashPath / "md5.c".}
+{.compile: bearHashPath / "md5sha1.c".}
+{.compile: bearHashPath / "mgf1.c".}
+{.compile: bearHashPath / "multihash.c".}
+{.compile: bearHashPath / "sha1.c".}
+{.compile: bearHashPath / "sha2big.c".}
+{.compile: bearHashPath / "sha2small.c".}
+
+type
+  HashClass* {.importc: "br_hash_class", header: "bearssl_hash.h", bycopy.} = object
+    contextSize* {.importc: "context_size".}: uint
+    desc* {.importc: "desc".}: uint32
+    init* {.importc: "init".}: proc (ctx: ptr ptr HashClass) {.importcFunc.}
+    update* {.importc: "update".}: proc (ctx: ptr ptr HashClass; data: pointer;
+                                     len: uint) {.importcFunc.}
+    `out`* {.importc: "out".}: proc (ctx: ptr ptr HashClass; dst: pointer) {.importcFunc.}
+    state* {.importc: "state".}: proc (ctx: ptr ptr HashClass; dst: pointer): uint64 {.
+        importcFunc.}
+    setState* {.importc: "set_state".}: proc (ctx: ptr ptr HashClass; stb: pointer;
+        count: uint64) {.importcFunc.}
+
+
+template hashdesc_Id*(id: untyped): untyped =
+  ((uint32)(id) shl hashdesc_Id_Off)
+
+const
+  HASHDESC_ID_OFF* = 0
+  HASHDESC_ID_MASK* = 0xFF
+
+template hashdesc_Out*(size: untyped): untyped =
+  ((uint32)(size) shl hashdesc_Out_Off)
+
+const
+  HASHDESC_OUT_OFF* = 8
+  HASHDESC_OUT_MASK* = 0x7F
+
+template hashdesc_State*(size: untyped): untyped =
+  ((uint32)(size) shl hashdesc_State_Off)
+
+const
+  HASHDESC_STATE_OFF* = 15
+  HASHDESC_STATE_MASK* = 0xFF
+
+template hashdesc_Lblen*(ls: untyped): untyped =
+  ((uint32)(ls) shl hashdesc_Lblen_Off)
+
+const
+  HASHDESC_LBLEN_OFF* = 23
+  HASHDESC_LBLEN_MASK* = 0x0F
+  HASHDESC_MD_PADDING* = (1'u32 shl 28)
+  HASHDESC_MD_PADDING_128* = (1'u32 shl 29)
+  HASHDESC_MD_PADDING_BE* = (1'u32 shl 30)
+
+
+const
+  md5ID* = 1
+
+
+const
+  md5SIZE* = 16
+
+
+var md5Vtable* {.importc: "br_md5_vtable", header: "bearssl_hash.h".}: HashClass
+
+
+type
+  Md5Context* {.importc: "br_md5_context", header: "bearssl_hash.h", bycopy.} = object
+    vtable* {.importc: "vtable".}: ptr HashClass
+    buf* {.importc: "buf".}: array[64, byte]
+    count* {.importc: "count".}: uint64
+    val* {.importc: "val".}: array[4, uint32]
+
+
+
+proc md5Init*(ctx: var Md5Context) {.importcFunc, importc: "br_md5_init",
+                                 header: "bearssl_hash.h".}
+
+proc md5Update*(ctx: var Md5Context; data: pointer; len: uint) {.importcFunc,
+    importc: "br_md5_update", header: "bearssl_hash.h".}
+
+proc md5Out*(ctx: var Md5Context; `out`: pointer) {.importcFunc, importc: "br_md5_out",
+    header: "bearssl_hash.h".}
+
+proc md5State*(ctx: var Md5Context; `out`: pointer): uint64 {.importcFunc,
+    importc: "br_md5_state", header: "bearssl_hash.h".}
+
+proc md5SetState*(ctx: var Md5Context; stb: pointer; count: uint64) {.importcFunc,
+    importc: "br_md5_set_state", header: "bearssl_hash.h".}
+
+const
+  sha1ID* = 2
+
+
+const
+  sha1SIZE* = 20
+
+
+var sha1Vtable* {.importc: "br_sha1_vtable", header: "bearssl_hash.h".}: HashClass
+
+
+type
+  Sha1Context* {.importc: "br_sha1_context", header: "bearssl_hash.h", bycopy.} = object
+    vtable* {.importc: "vtable".}: ptr HashClass
+    buf* {.importc: "buf".}: array[64, byte]
+    count* {.importc: "count".}: uint64
+    val* {.importc: "val".}: array[5, uint32]
+
+
+
+proc sha1Init*(ctx: var Sha1Context) {.importcFunc, importc: "br_sha1_init",
+                                   header: "bearssl_hash.h".}
+
+proc sha1Update*(ctx: var Sha1Context; data: pointer; len: uint) {.importcFunc,
+    importc: "br_sha1_update", header: "bearssl_hash.h".}
+
+proc sha1Out*(ctx: var Sha1Context; `out`: pointer) {.importcFunc, importc: "br_sha1_out",
+    header: "bearssl_hash.h".}
+
+proc sha1State*(ctx: var Sha1Context; `out`: pointer): uint64 {.importcFunc,
+    importc: "br_sha1_state", header: "bearssl_hash.h".}
+
+proc sha1SetState*(ctx: var Sha1Context; stb: pointer; count: uint64) {.importcFunc,
+    importc: "br_sha1_set_state", header: "bearssl_hash.h".}
+
+const
+  sha224ID* = 3
+
+
+const
+  sha224SIZE* = 28
+
+
+var sha224Vtable* {.importc: "br_sha224_vtable", header: "bearssl_hash.h".}: HashClass
+
+
+type
+  Sha224Context* {.importc: "br_sha224_context", header: "bearssl_hash.h", bycopy.} = object
+    vtable* {.importc: "vtable".}: ptr HashClass
+    buf* {.importc: "buf".}: array[64, byte]
+    count* {.importc: "count".}: uint64
+    val* {.importc: "val".}: array[8, uint32]
+
+
+
+proc sha224Init*(ctx: var Sha224Context) {.importcFunc, importc: "br_sha224_init",
+                                       header: "bearssl_hash.h".}
+
+proc sha224Update*(ctx: var Sha224Context; data: pointer; len: uint) {.importcFunc,
+    importc: "br_sha224_update", header: "bearssl_hash.h".}
+
+proc sha224Out*(ctx: var Sha224Context; `out`: pointer) {.importcFunc,
+    importc: "br_sha224_out", header: "bearssl_hash.h".}
+
+proc sha224State*(ctx: var Sha224Context; `out`: pointer): uint64 {.importcFunc,
+    importc: "br_sha224_state", header: "bearssl_hash.h".}
+
+proc sha224SetState*(ctx: var Sha224Context; stb: pointer; count: uint64) {.importcFunc,
+    importc: "br_sha224_set_state", header: "bearssl_hash.h".}
+
+const
+  sha256ID* = 4
+
+
+const
+  sha256SIZE* = 32
+
+
+var sha256Vtable* {.importc: "br_sha256_vtable", header: "bearssl_hash.h".}: HashClass
+
+type
+  Sha256Context* = Sha224Context
+
+
+proc sha256Init*(ctx: var Sha256Context) {.importcFunc, importc: "br_sha256_init",
+                                       header: "bearssl_hash.h".}
+
+template sha256Update*(ctx: var Sha256Context; data: pointer; len: int) =
+  sha224Update(ctx, data, len)
+
+proc sha256Out*(ctx: var Sha256Context; `out`: pointer) {.importcFunc,
+    importc: "br_sha256_out", header: "bearssl_hash.h".}
+
+template sha256State*(ctx: var Sha256Context; `out`: pointer): uint64 =
+  sha224State(ctx, `out`)
+
+template sha256SetState*(ctx: var Sha256Context; stb: pointer; count: uint64) =
+  sha224SetState(ctx, stb, count)
+
+const
+  sha384ID* = 5
+
+
+const
+  sha384SIZE* = 48
+
+
+var sha384Vtable* {.importc: "br_sha384_vtable", header: "bearssl_hash.h".}: HashClass
+
+
+type
+  Sha384Context* {.importc: "br_sha384_context", header: "bearssl_hash.h", bycopy.} = object
+    vtable* {.importc: "vtable".}: ptr HashClass
+    buf* {.importc: "buf".}: array[128, byte]
+    count* {.importc: "count".}: uint64
+    val* {.importc: "val".}: array[8, uint64]
+
+
+
+proc sha384Init*(ctx: var Sha384Context) {.importcFunc, importc: "br_sha384_init",
+                                       header: "bearssl_hash.h".}
+
+proc sha384Update*(ctx: var Sha384Context; data: pointer; len: uint) {.importcFunc,
+    importc: "br_sha384_update", header: "bearssl_hash.h".}
+
+proc sha384Out*(ctx: var Sha384Context; `out`: pointer) {.importcFunc,
+    importc: "br_sha384_out", header: "bearssl_hash.h".}
+
+proc sha384State*(ctx: var Sha384Context; `out`: pointer): uint64 {.importcFunc,
+    importc: "br_sha384_state", header: "bearssl_hash.h".}
+
+proc sha384SetState*(ctx: var Sha384Context; stb: pointer; count: uint64) {.importcFunc,
+    importc: "br_sha384_set_state", header: "bearssl_hash.h".}
+
+const
+  sha512ID* = 6
+
+
+const
+  sha512SIZE* = 64
+
+
+var sha512Vtable* {.importc: "br_sha512_vtable", header: "bearssl_hash.h".}: HashClass
+
+type
+  Sha512Context* = Sha384Context
+
+
+proc sha512Init*(ctx: var Sha512Context) {.importcFunc, importc: "br_sha512_init",
+                                       header: "bearssl_hash.h".}
+const
+  sha512Update* = sha384Update
+
+
+proc sha512Out*(ctx: var Sha512Context; `out`: pointer) {.importcFunc,
+    importc: "br_sha512_out", header: "bearssl_hash.h".}
+
+const
+  md5sha1ID* = 0
+
+
+const
+  md5sha1SIZE* = 36
+
+
+var md5sha1Vtable* {.importc: "br_md5sha1_vtable", header: "bearssl_hash.h".}: HashClass
+
+
+type
+  Md5sha1Context* {.importc: "br_md5sha1_context", header: "bearssl_hash.h", bycopy.} = object
+    vtable* {.importc: "vtable".}: ptr HashClass
+    buf* {.importc: "buf".}: array[64, byte]
+    count* {.importc: "count".}: uint64
+    valMd5* {.importc: "val_md5".}: array[4, uint32]
+    valSha1* {.importc: "val_sha1".}: array[5, uint32]
+
+
+
+proc md5sha1Init*(ctx: var Md5sha1Context) {.importcFunc, importc: "br_md5sha1_init",
+    header: "bearssl_hash.h".}
+
+proc md5sha1Update*(ctx: var Md5sha1Context; data: pointer; len: uint) {.importcFunc,
+    importc: "br_md5sha1_update", header: "bearssl_hash.h".}
+
+proc md5sha1Out*(ctx: var Md5sha1Context; `out`: pointer) {.importcFunc,
+    importc: "br_md5sha1_out", header: "bearssl_hash.h".}
+
+proc md5sha1State*(ctx: var Md5sha1Context; `out`: pointer): uint64 {.importcFunc,
+    importc: "br_md5sha1_state", header: "bearssl_hash.h".}
+
+proc md5sha1SetState*(ctx: var Md5sha1Context; stb: pointer; count: uint64) {.importcFunc,
+    importc: "br_md5sha1_set_state", header: "bearssl_hash.h".}
+
+type
+  HashCompatContext* {.importc: "br_hash_compat_context", header: "bearssl_hash.h",
+                      bycopy, union.} = object
+    vtable* {.importc: "vtable".}: ptr HashClass
+    md5* {.importc: "md5".}: Md5Context
+    sha1* {.importc: "sha1".}: Sha1Context
+    sha224* {.importc: "sha224".}: Sha224Context
+    sha256* {.importc: "sha256".}: Sha256Context
+    sha384* {.importc: "sha384".}: Sha384Context
+    sha512* {.importc: "sha512".}: Sha512Context
+    md5sha1* {.importc: "md5sha1".}: Md5sha1Context
+
+
+
+type
+  MultihashContext* {.importc: "br_multihash_context", header: "bearssl_hash.h",
+                     bycopy.} = object
+    buf* {.importc: "buf".}: array[128, byte]
+    count* {.importc: "count".}: uint64
+    val32* {.importc: "val_32".}: array[25, uint32]
+    val64* {.importc: "val_64".}: array[16, uint64]
+    impl* {.importc: "impl".}: array[6, ptr HashClass]
+
+
+
+proc multihashZero*(ctx: var MultihashContext) {.importcFunc, importc: "br_multihash_zero",
+    header: "bearssl_hash.h".}
+
+proc multihashSetimpl*(ctx: var MultihashContext; id: cint; impl: ptr HashClass) {.
+    inline.} =
+  ctx.impl[id - 1] = impl
+
+
+proc multihashGetimpl*(ctx: var MultihashContext; id: cint): ptr HashClass {.inline.} =
+  return ctx.impl[id - 1]
+
+
+proc multihashInit*(ctx: var MultihashContext) {.importcFunc, importc: "br_multihash_init",
+    header: "bearssl_hash.h".}
+
+proc multihashUpdate*(ctx: var MultihashContext; data: pointer; len: uint) {.importcFunc,
+    importc: "br_multihash_update", header: "bearssl_hash.h".}
+
+proc multihashOut*(ctx: var MultihashContext; id: cint; dst: pointer): uint {.importcFunc,
+    importc: "br_multihash_out", header: "bearssl_hash.h".}
+
+type
+  Ghash* {.importc: "br_ghash".} = proc (y: pointer; h: pointer; data: pointer; len: uint) {.importcFunc.}
+
+
+proc ghashCtmul*(y: pointer; h: pointer; data: pointer; len: uint) {.importcFunc,
+    importc: "br_ghash_ctmul", header: "bearssl_hash.h".}
+
+proc ghashCtmul32*(y: pointer; h: pointer; data: pointer; len: uint) {.importcFunc,
+    importc: "br_ghash_ctmul32", header: "bearssl_hash.h".}
+
+proc ghashCtmul64*(y: pointer; h: pointer; data: pointer; len: uint) {.importcFunc,
+    importc: "br_ghash_ctmul64", header: "bearssl_hash.h".}
+
+proc ghashPclmul*(y: pointer; h: pointer; data: pointer; len: uint) {.importcFunc,
+    importc: "br_ghash_pclmul", header: "bearssl_hash.h".}
+
+proc ghashPclmulGet*(): Ghash {.importcFunc, importc: "br_ghash_pclmul_get",
+                             header: "bearssl_hash.h".}
+
+proc ghashPwr8*(y: pointer; h: pointer; data: pointer; len: uint) {.importcFunc,
+    importc: "br_ghash_pwr8", header: "bearssl_hash.h".}
+
+proc ghashPwr8Get*(): Ghash {.importcFunc, importc: "br_ghash_pwr8_get",
+                           header: "bearssl_hash.h".}

bearssl/abi/bearssl_hmac.nim

@@ -0,0 +1,56 @@
+import
+  "."/[bearssl_hash, csources, inner]
+
+{.pragma: importcFunc, cdecl, gcsafe, noSideEffect, raises: [].}
+{.used.}
+
+const
+  bearMacPath = bearSrcPath / "mac"
+
+{.compile: bearMacPath / "hmac.c".}
+{.compile: bearMacPath / "hmac_ct.c".}
+
+type
+  HmacKeyContext* {.importc: "br_hmac_key_context", header: "bearssl_hmac.h", bycopy.} = object
+    digVtable* {.importc: "dig_vtable".}: ptr HashClass
+    ksi* {.importc: "ksi".}: array[64, byte]
+    kso* {.importc: "kso".}: array[64, byte]
+
+
+
+proc hmacKeyInit*(kc: var HmacKeyContext; digestVtable: ptr HashClass; key: pointer;
+                 keyLen: uint) {.importcFunc, importc: "br_hmac_key_init",
+                                  header: "bearssl_hmac.h".}
+
+proc hmacKeyGetDigest*(kc: var HmacKeyContext): ptr HashClass {.inline.} =
+  return kc.digVtable
+
+
+type
+  HmacContext* {.importc: "br_hmac_context", header: "bearssl_hmac.h", bycopy.} = object
+    dig* {.importc: "dig".}: HashCompatContext
+    kso* {.importc: "kso".}: array[64, byte]
+    outLen* {.importc: "out_len".}: uint
+
+
+
+proc hmacInit*(ctx: var HmacContext; kc: var HmacKeyContext; outLen: uint) {.importcFunc,
+    importc: "br_hmac_init", header: "bearssl_hmac.h".}
+
+proc hmacSize*(ctx: var HmacContext): uint {.inline, importcFunc, importc: "br_hmac_size".} =
+  return ctx.outLen
+
+
+proc hmacGetDigest*(hc: var HmacContext): ptr HashClass {.inline.} =
+  return hc.dig.vtable
+
+
+proc hmacUpdate*(ctx: var HmacContext; data: pointer; len: uint) {.importcFunc,
+    importc: "br_hmac_update", header: "bearssl_hmac.h".}
+
+proc hmacOut*(ctx: var HmacContext; `out`: pointer): uint {.importcFunc,
+    importc: "br_hmac_out", header: "bearssl_hmac.h".}
+
+proc hmacOutCT*(ctx: var HmacContext; data: pointer; len: uint; minLen: uint;
+               maxLen: uint; `out`: pointer): uint {.importcFunc,
+    importc: "br_hmac_outCT", header: "bearssl_hmac.h".}

bearssl/abi/bearssl_kdf.nim

@@ -0,0 +1,65 @@
+import
+  "."/[bearssl_hash, bearssl_hmac, csources]
+
+{.pragma: importcFunc, cdecl, gcsafe, noSideEffect, raises: [].}
+{.used.}
+
+const
+  bearKdfPath = bearSrcPath / "kdf"
+
+{.compile: bearKdfPath / "hkdf.c".}
+{.compile: bearKdfPath / "shake.c".}
+
+type
+  INNER_C_UNION_bearssl_kdf_1* {.importc: "br_hkdf_context::no_name",
+                                header: "bearssl_kdf.h", bycopy, union.} = object
+    hmacCtx* {.importc: "hmac_ctx".}: HmacContext
+    prkCtx* {.importc: "prk_ctx".}: HmacKeyContext
+
+  HkdfContext* {.importc: "br_hkdf_context", header: "bearssl_kdf.h", bycopy.} = object
+    u* {.importc: "u".}: INNER_C_UNION_bearssl_kdf_1
+    buf* {.importc: "buf".}: array[64, byte]
+    `ptr`* {.importc: "ptr".}: uint
+    digLen* {.importc: "dig_len".}: uint
+    chunkNum* {.importc: "chunk_num".}: cuint
+
+
+
+proc hkdfInit*(hc: var HkdfContext; digestVtable: ptr HashClass; salt: pointer;
+              saltLen: uint) {.importcFunc, importc: "br_hkdf_init",
+                                header: "bearssl_kdf.h".}
+
+
+var hkdfNoSalt* {.importc: "br_hkdf_no_salt", header: "bearssl_kdf.h".}: byte
+
+
+proc hkdfInject*(hc: var HkdfContext; ikm: pointer; ikmLen: uint) {.importcFunc,
+    importc: "br_hkdf_inject", header: "bearssl_kdf.h".}
+
+proc hkdfFlip*(hc: var HkdfContext) {.importcFunc, importc: "br_hkdf_flip",
+                                  header: "bearssl_kdf.h".}
+
+proc hkdfProduce*(hc: var HkdfContext; info: pointer; infoLen: uint; `out`: pointer;
+                 outLen: uint): uint {.importcFunc, importc: "br_hkdf_produce",
+    header: "bearssl_kdf.h".}
+
+type
+  ShakeContext* {.importc: "br_shake_context", header: "bearssl_kdf.h", bycopy.} = object
+    dbuf* {.importc: "dbuf".}: array[200, byte]
+    dptr* {.importc: "dptr".}: uint
+    rate* {.importc: "rate".}: uint
+    a* {.importc: "A".}: array[25, uint64]
+
+
+
+proc shakeInit*(sc: var ShakeContext; securityLevel: cint) {.importcFunc,
+    importc: "br_shake_init", header: "bearssl_kdf.h".}
+
+proc shakeInject*(sc: var ShakeContext; data: pointer; len: uint) {.importcFunc,
+    importc: "br_shake_inject", header: "bearssl_kdf.h".}
+
+proc shakeFlip*(hc: var ShakeContext) {.importcFunc, importc: "br_shake_flip",
+                                    header: "bearssl_kdf.h".}
+
+proc shakeProduce*(sc: var ShakeContext; `out`: pointer; len: uint) {.importcFunc,
+    importc: "br_shake_produce", header: "bearssl_kdf.h".}

bearssl/abi/bearssl_pem.nim

@@ -0,0 +1,76 @@
+import
+  "."/[csources]
+
+{.pragma: importcFunc, cdecl, gcsafe, noSideEffect, raises: [].}
+{.used.}
+
+const
+  bearCodecPath = bearSrcPath & "/" & "codec" & "/"
+
+{.compile: bearCodecPath / "pemdec.c".}
+{.compile: bearCodecPath / "pemenc.c".}
+
+type
+  INNER_C_STRUCT_bearssl_pem_1* {.importc: "br_pem_decoder_context::no_name",
+                                 header: "bearssl_pem.h", bycopy.} = object
+    dp* {.importc: "dp".}: ptr uint32
+    rp* {.importc: "rp".}: ptr uint32
+    ip* {.importc: "ip".}: ptr byte
+
+  PemDecoderContext* {.importc: "br_pem_decoder_context", header: "bearssl_pem.h",
+                      bycopy.} = object
+    cpu* {.importc: "cpu".}: INNER_C_STRUCT_bearssl_pem_1
+    dpStack* {.importc: "dp_stack".}: array[32, uint32]
+    rpStack* {.importc: "rp_stack".}: array[32, uint32]
+    err* {.importc: "err".}: cint
+    hbuf* {.importc: "hbuf".}: ptr byte
+    hlen* {.importc: "hlen".}: uint
+    dest* {.importc: "dest".}: proc (destCtx: pointer; src: pointer; len: uint) {.importcFunc.}
+    destCtx* {.importc: "dest_ctx".}: pointer
+    event* {.importc: "event".}: byte
+    name* {.importc: "name".}: array[128, char]
+    buf* {.importc: "buf".}: array[255, byte]
+    `ptr`* {.importc: "ptr".}: uint
+
+
+
+proc pemDecoderInit*(ctx: var PemDecoderContext) {.importcFunc,
+    importc: "br_pem_decoder_init", header: "bearssl_pem.h".}
+
+proc pemDecoderPush*(ctx: var PemDecoderContext; data: pointer; len: uint): uint {.
+    importcFunc, importc: "br_pem_decoder_push", header: "bearssl_pem.h".}
+
+proc pemDecoderSetdest*(ctx: var PemDecoderContext; dest: proc (destCtx: pointer;
+    src: pointer; len: uint) {.importcFunc.}; destCtx: pointer) {.inline.} =
+  ctx.dest = dest
+  ctx.destCtx = destCtx
+
+
+proc pemDecoderEvent*(ctx: var PemDecoderContext): cint {.importcFunc,
+    importc: "br_pem_decoder_event", header: "bearssl_pem.h".}
+
+const
+  PEM_BEGIN_OBJ* = 1
+
+
+const
+  PEM_END_OBJ* = 2
+
+
+const
+  PEM_ERROR* = 3
+
+
+proc pemDecoderName*(ctx: var PemDecoderContext): cstring {.inline.} =
+  return addr ctx.name
+
+
+proc pemEncode*(dest: pointer; data: pointer; len: uint; banner: cstring; flags: cuint): uint {.
+    importcFunc, importc: "br_pem_encode", header: "bearssl_pem.h".}
+
+const
+  PEM_LINE64* = 0x0001
+
+
+const
+  PEM_CRLF* = 0x0002

bearssl/abi/bearssl_prf.nim

@@ -0,0 +1,37 @@
+import
+  "."/[csources]
+
+{.pragma: importcFunc, cdecl, gcsafe, noSideEffect, raises: [].}
+{.used.}
+
+const
+  bearSslPath = bearSrcPath / "ssl"
+
+{.compile: bearSslPath / "prf.c".}
+{.compile: bearSslPath / "prf_md5sha1.c".}
+{.compile: bearSslPath / "prf_sha256.c".}
+{.compile: bearSslPath / "prf_sha384.c".}
+
+type
+  TlsPrfSeedChunk* {.importc: "br_tls_prf_seed_chunk", header: "bearssl_prf.h",
+                    bycopy.} = object
+    data* {.importc: "data".}: pointer
+    len* {.importc: "len".}: uint
+
+
+
+proc tls10Prf*(dst: pointer; len: uint; secret: pointer; secretLen: uint;
+              label: cstring; seedNum: uint; seed: ptr TlsPrfSeedChunk) {.importcFunc,
+    importc: "br_tls10_prf", header: "bearssl_prf.h".}
+
+proc tls12Sha256Prf*(dst: pointer; len: uint; secret: pointer; secretLen: uint;
+                    label: cstring; seedNum: uint; seed: ptr TlsPrfSeedChunk) {.
+    importcFunc, importc: "br_tls12_sha256_prf", header: "bearssl_prf.h".}
+
+proc tls12Sha384Prf*(dst: pointer; len: uint; secret: pointer; secretLen: uint;
+                    label: cstring; seedNum: uint; seed: ptr TlsPrfSeedChunk) {.
+    importcFunc, importc: "br_tls12_sha384_prf", header: "bearssl_prf.h".}
+
+type
+  TlsPrfImpl* {.importc: "br_tls_prf_impl".} = proc (dst: pointer; len: uint; secret: pointer; secretLen: uint;
+                   label: cstring; seedNum: uint; seed: ptr TlsPrfSeedChunk) {.importcFunc.}

bearssl/abi/bearssl_rand.nim

@@ -0,0 +1,80 @@
+import
+  "."/[bearssl_hash, bearssl_hmac, csources]
+
+{.pragma: importcFunc, cdecl, gcsafe, noSideEffect, raises: [].}
+{.used.}
+
+const
+  bearRandPath = bearSrcPath / "rand"
+
+# {.compile: bearRandPath / "aesctr_drbg.c".}
+{.compile: bearRandPath / "hmac_drbg.c".}
+{.compile: bearRandPath / "sysrng.c".}
+
+type
+  PrngClass* {.importc: "br_prng_class", header: "bearssl_rand.h", bycopy.} = object
+    contextSize* {.importc: "context_size".}: uint
+    init* {.importc: "init".}: proc (ctx: ptr ptr PrngClass; params: pointer;
+                                 seed: pointer; seedLen: uint) {.importcFunc.}
+    generate* {.importc: "generate".}: proc (ctx: ptr ptr PrngClass; `out`: pointer;
+        len: uint) {.importcFunc.}
+    update* {.importc: "update".}: proc (ctx: ptr ptr PrngClass; seed: pointer;
+                                     seedLen: uint) {.importcFunc.}
+
+
+
+type
+  HmacDrbgContext* {.importc: "br_hmac_drbg_context", header: "bearssl_rand.h",
+                    bycopy.} = object
+    vtable* {.importc: "vtable".}: ptr PrngClass
+    k* {.importc: "K".}: array[64, byte]
+    v* {.importc: "V".}: array[64, byte]
+    digestClass* {.importc: "digest_class".}: ptr HashClass
+
+
+
+var hmacDrbgVtable* {.importc: "br_hmac_drbg_vtable", header: "bearssl_rand.h".}: PrngClass
+
+
+proc hmacDrbgInit*(ctx: var HmacDrbgContext; digestClass: ptr HashClass; seed: pointer;
+                  seedLen: uint) {.importcFunc, importc: "br_hmac_drbg_init",
+                                    header: "bearssl_rand.h".}
+
+proc hmacDrbgGenerate*(ctx: var HmacDrbgContext; `out`: pointer; len: uint) {.importcFunc,
+    importc: "br_hmac_drbg_generate", header: "bearssl_rand.h".}
+
+proc hmacDrbgUpdate*(ctx: var HmacDrbgContext; seed: pointer; seedLen: uint) {.importcFunc,
+    importc: "br_hmac_drbg_update", header: "bearssl_rand.h".}
+
+proc hmacDrbgGetHash*(ctx: var HmacDrbgContext): ptr HashClass {.inline.} =
+  return ctx.digestClass
+
+
+type
+  PrngSeeder* {.importc: "br_prng_seeder".} = proc (ctx: ptr ptr PrngClass): cint {.importcFunc.}
+
+
+proc prngSeederSystem*(name: cstringArray): PrngSeeder {.importcFunc,
+    importc: "br_prng_seeder_system", header: "bearssl_rand.h".}
+
+# type
+#   AesctrDrbgContext* {.importc: "br_aesctr_drbg_context", header: "bearssl_rand.h",
+#                       bycopy.} = object
+#     vtable* {.importc: "vtable".}: ptr PrngClass
+#     sk* {.importc: "sk".}: AesGenCtrKeys
+#     cc* {.importc: "cc".}: uint32
+
+
+
+# var aesctrDrbgVtable* {.importc: "br_aesctr_drbg_vtable", header: "bearssl_rand.h".}: PrngClass
+
+
+# proc aesctrDrbgInit*(ctx: var AesctrDrbgContext; aesctr: ptr BlockCtrClass;
+#                     seed: pointer; seedLen: uint) {.importcFunc,
+#     importc: "br_aesctr_drbg_init", header: "bearssl_rand.h".}
+
+# proc aesctrDrbgGenerate*(ctx: var AesctrDrbgContext; `out`: pointer; len: uint) {.
+#     importcFunc, importc: "br_aesctr_drbg_generate", header: "bearssl_rand.h".}
+
+# proc aesctrDrbgUpdate*(ctx: var AesctrDrbgContext; seed: pointer; seedLen: uint) {.
+#     importcFunc, importc: "br_aesctr_drbg_update", header: "bearssl_rand.h".}

bearssl/abi/bearssl_rsa.nim

@@ -0,0 +1,422 @@
+import
+  "."/[bearssl_hash, bearssl_rand, csources]
+
+{.pragma: importcFunc, cdecl, gcsafe, noSideEffect, raises: [].}
+{.used.}
+
+const
+  bearRsaPath = bearSrcPath / "rsa"
+
+{.compile: bearRsaPath / "rsa_default_keygen.c".}
+{.compile: bearRsaPath / "rsa_default_modulus.c".}
+{.compile: bearRsaPath / "rsa_default_oaep_decrypt.c".}
+{.compile: bearRsaPath / "rsa_default_oaep_encrypt.c".}
+{.compile: bearRsaPath / "rsa_default_pkcs1_sign.c".}
+{.compile: bearRsaPath / "rsa_default_pkcs1_vrfy.c".}
+{.compile: bearRsaPath / "rsa_default_priv.c".}
+{.compile: bearRsaPath / "rsa_default_privexp.c".}
+{.compile: bearRsaPath / "rsa_default_pss_sign.c".}
+{.compile: bearRsaPath / "rsa_default_pss_vrfy.c".}
+{.compile: bearRsaPath / "rsa_default_pub.c".}
+{.compile: bearRsaPath / "rsa_default_pubexp.c".}
+{.compile: bearRsaPath / "rsa_i15_keygen.c".}
+{.compile: bearRsaPath / "rsa_i15_modulus.c".}
+{.compile: bearRsaPath / "rsa_i15_oaep_decrypt.c".}
+{.compile: bearRsaPath / "rsa_i15_oaep_encrypt.c".}
+{.compile: bearRsaPath / "rsa_i15_pkcs1_sign.c".}
+{.compile: bearRsaPath / "rsa_i15_pkcs1_vrfy.c".}
+{.compile: bearRsaPath / "rsa_i15_priv.c".}
+{.compile: bearRsaPath / "rsa_i15_privexp.c".}
+{.compile: bearRsaPath / "rsa_i15_pss_sign.c".}
+{.compile: bearRsaPath / "rsa_i15_pss_vrfy.c".}
+{.compile: bearRsaPath / "rsa_i15_pub.c".}
+{.compile: bearRsaPath / "rsa_i15_pubexp.c".}
+{.compile: bearRsaPath / "rsa_i31_keygen.c".}
+{.compile: bearRsaPath / "rsa_i31_keygen_inner.c".}
+{.compile: bearRsaPath / "rsa_i31_modulus.c".}
+{.compile: bearRsaPath / "rsa_i31_oaep_decrypt.c".}
+{.compile: bearRsaPath / "rsa_i31_oaep_encrypt.c".}
+{.compile: bearRsaPath / "rsa_i31_pkcs1_sign.c".}
+{.compile: bearRsaPath / "rsa_i31_pkcs1_vrfy.c".}
+{.compile: bearRsaPath / "rsa_i31_priv.c".}
+{.compile: bearRsaPath / "rsa_i31_privexp.c".}
+{.compile: bearRsaPath / "rsa_i31_pss_sign.c".}
+{.compile: bearRsaPath / "rsa_i31_pss_vrfy.c".}
+{.compile: bearRsaPath / "rsa_i31_pub.c".}
+{.compile: bearRsaPath / "rsa_i31_pubexp.c".}
+{.compile: bearRsaPath / "rsa_i32_oaep_decrypt.c".}
+{.compile: bearRsaPath / "rsa_i32_oaep_encrypt.c".}
+{.compile: bearRsaPath / "rsa_i32_pkcs1_sign.c".}
+{.compile: bearRsaPath / "rsa_i32_pkcs1_vrfy.c".}
+{.compile: bearRsaPath / "rsa_i32_priv.c".}
+{.compile: bearRsaPath / "rsa_i32_pss_sign.c".}
+{.compile: bearRsaPath / "rsa_i32_pss_vrfy.c".}
+{.compile: bearRsaPath / "rsa_i32_pub.c".}
+{.compile: bearRsaPath / "rsa_i62_keygen.c".}
+{.compile: bearRsaPath / "rsa_i62_oaep_decrypt.c".}
+{.compile: bearRsaPath / "rsa_i62_oaep_encrypt.c".}
+{.compile: bearRsaPath / "rsa_i62_pkcs1_sign.c".}
+{.compile: bearRsaPath / "rsa_i62_pkcs1_vrfy.c".}
+{.compile: bearRsaPath / "rsa_i62_priv.c".}
+{.compile: bearRsaPath / "rsa_i62_pss_sign.c".}
+{.compile: bearRsaPath / "rsa_i62_pss_vrfy.c".}
+{.compile: bearRsaPath / "rsa_i62_pub.c".}
+{.compile: bearRsaPath / "rsa_oaep_pad.c".}
+{.compile: bearRsaPath / "rsa_oaep_unpad.c".}
+{.compile: bearRsaPath / "rsa_pkcs1_sig_pad.c".}
+{.compile: bearRsaPath / "rsa_pkcs1_sig_unpad.c".}
+{.compile: bearRsaPath / "rsa_pss_sig_pad.c".}
+{.compile: bearRsaPath / "rsa_pss_sig_unpad.c".}
+{.compile: bearRsaPath / "rsa_ssl_decrypt.c".}
+
+type
+  RsaPublicKey* {.importc: "br_rsa_public_key", header: "bearssl_rsa.h", bycopy.} = object
+    n* {.importc: "n".}: ptr byte
+    nlen* {.importc: "nlen".}: uint
+    e* {.importc: "e".}: ptr byte
+    elen* {.importc: "elen".}: uint
+
+
+
+type
+  RsaPrivateKey* {.importc: "br_rsa_private_key", header: "bearssl_rsa.h", bycopy.} = object
+    nBitlen* {.importc: "n_bitlen".}: uint32
+    p* {.importc: "p".}: ptr byte
+    plen* {.importc: "plen".}: uint
+    q* {.importc: "q".}: ptr byte
+    qlen* {.importc: "qlen".}: uint
+    dp* {.importc: "dp".}: ptr byte
+    dplen* {.importc: "dplen".}: uint
+    dq* {.importc: "dq".}: ptr byte
+    dqlen* {.importc: "dqlen".}: uint
+    iq* {.importc: "iq".}: ptr byte
+    iqlen* {.importc: "iqlen".}: uint
+
+
+
+type
+  RsaPublic* {.importc: "br_rsa_public".} = proc (x: ptr byte; xlen: uint; pk: ptr RsaPublicKey): uint32 {.importcFunc.}
+
+
+type
+  RsaPkcs1Vrfy* {.importc: "br_rsa_pkcs1_vrfy".} = proc (x: ptr byte; xlen: uint; hashOid: ptr byte;
+                     hashLen: uint; pk: ptr RsaPublicKey; hashOut: ptr byte): uint32 {.
+      importcFunc.}
+
+
+type
+  RsaPssVrfy* {.importc: "br_rsa_pss_vrfy".} = proc (x: ptr byte; xlen: uint; hfData: ptr HashClass;
+                   hfMgf1: ptr HashClass; hash: pointer; saltLen: uint;
+                   pk: ptr RsaPublicKey): uint32 {.importcFunc.}
+
+
+type
+  RsaOaepEncrypt* {.importc: "br_rsa_oaep_encrypt".} = proc (rnd: ptr ptr PrngClass; dig: ptr HashClass; label: pointer;
+                       labelLen: uint; pk: ptr RsaPublicKey; dst: pointer;
+                       dstMaxLen: uint; src: pointer; srcLen: uint): uint {.
+      importcFunc.}
+
+
+type
+  RsaPrivate* {.importc: "br_rsa_private".} = proc (x: ptr byte; sk: ptr RsaPrivateKey): uint32 {.importcFunc.}
+
+
+type
+  RsaPkcs1Sign* {.importc: "br_rsa_pkcs1_sign".} = proc (hashOid: ptr byte; hash: ptr byte; hashLen: uint;
+                     sk: ptr RsaPrivateKey; x: ptr byte): uint32 {.importcFunc.}
+
+
+type
+  RsaPssSign* {.importc: "br_rsa_pss_sign".} = proc (rng: ptr ptr PrngClass; hfData: ptr HashClass;
+                   hfMgf1: ptr HashClass; hashValue: ptr byte; saltLen: uint;
+                   sk: ptr RsaPrivateKey; x: ptr byte): uint32 {.importcFunc.}
+
+
+const
+  HASH_OID_SHA1* = (("\x05+\x0E\x03\x02\x1A"))
+
+
+const
+  HASH_OID_SHA224* = (("\t`\x86H\x01e\x03\x04\x02\x04"))
+
+
+const
+  HASH_OID_SHA256* = (("\t`\x86H\x01e\x03\x04\x02\x01"))
+
+
+const
+  HASH_OID_SHA384* = (("\t`\x86H\x01e\x03\x04\x02\x02"))
+
+
+const
+  HASH_OID_SHA512* = (("\t`\x86H\x01e\x03\x04\x02\x03"))
+
+
+type
+  RsaOaepDecrypt* {.importc: "br_rsa_oaep_decrypt".} = proc (dig: ptr HashClass; label: pointer; labelLen: uint;
+                       sk: ptr RsaPrivateKey; data: pointer; len: var uint): uint32 {.
+      importcFunc.}
+
+
+proc rsaI32Public*(x: ptr byte; xlen: uint; pk: ptr RsaPublicKey): uint32 {.importcFunc,
+    importc: "br_rsa_i32_public", header: "bearssl_rsa.h".}
+
+proc rsaI32Pkcs1Vrfy*(x: ptr byte; xlen: uint; hashOid: ptr byte;
+                     hashLen: uint; pk: ptr RsaPublicKey; hashOut: ptr byte): uint32 {.
+    importcFunc, importc: "br_rsa_i32_pkcs1_vrfy", header: "bearssl_rsa.h".}
+
+proc rsaI32PssVrfy*(x: ptr byte; xlen: uint; hfData: ptr HashClass;
+                   hfMgf1: ptr HashClass; hash: pointer; saltLen: uint;
+                   pk: ptr RsaPublicKey): uint32 {.importcFunc,
+    importc: "br_rsa_i32_pss_vrfy", header: "bearssl_rsa.h".}
+
+proc rsaI32Private*(x: ptr byte; sk: ptr RsaPrivateKey): uint32 {.importcFunc,
+    importc: "br_rsa_i32_private", header: "bearssl_rsa.h".}
+
+proc rsaI32Pkcs1Sign*(hashOid: ptr byte; hash: ptr byte; hashLen: uint;
+                     sk: ptr RsaPrivateKey; x: ptr byte): uint32 {.importcFunc,
+    importc: "br_rsa_i32_pkcs1_sign", header: "bearssl_rsa.h".}
+
+proc rsaI32PssSign*(rng: ptr ptr PrngClass; hfData: ptr HashClass;
+                   hfMgf1: ptr HashClass; hashValue: ptr byte; saltLen: uint;
+                   sk: ptr RsaPrivateKey; x: ptr byte): uint32 {.importcFunc,
+    importc: "br_rsa_i32_pss_sign", header: "bearssl_rsa.h".}
+
+proc rsaI31Public*(x: ptr byte; xlen: uint; pk: ptr RsaPublicKey): uint32 {.importcFunc,
+    importc: "br_rsa_i31_public", header: "bearssl_rsa.h".}
+
+proc rsaI31Pkcs1Vrfy*(x: ptr byte; xlen: uint; hashOid: ptr byte;
+                     hashLen: uint; pk: ptr RsaPublicKey; hashOut: ptr byte): uint32 {.
+    importcFunc, importc: "br_rsa_i31_pkcs1_vrfy", header: "bearssl_rsa.h".}
+
+proc rsaI31PssVrfy*(x: ptr byte; xlen: uint; hfData: ptr HashClass;
+                   hfMgf1: ptr HashClass; hash: pointer; saltLen: uint;
+                   pk: ptr RsaPublicKey): uint32 {.importcFunc,
+    importc: "br_rsa_i31_pss_vrfy", header: "bearssl_rsa.h".}
+
+proc rsaI31Private*(x: ptr byte; sk: ptr RsaPrivateKey): uint32 {.importcFunc,
+    importc: "br_rsa_i31_private", header: "bearssl_rsa.h".}
+
+proc rsaI31Pkcs1Sign*(hashOid: ptr byte; hash: ptr byte; hashLen: uint;
+                     sk: ptr RsaPrivateKey; x: ptr byte): uint32 {.importcFunc,
+    importc: "br_rsa_i31_pkcs1_sign", header: "bearssl_rsa.h".}
+
+proc rsaI31PssSign*(rng: ptr ptr PrngClass; hfData: ptr HashClass;
+                   hfMgf1: ptr HashClass; hashValue: ptr byte; saltLen: uint;
+                   sk: ptr RsaPrivateKey; x: ptr byte): uint32 {.importcFunc,
+    importc: "br_rsa_i31_pss_sign", header: "bearssl_rsa.h".}
+
+proc rsaI62Public*(x: ptr byte; xlen: uint; pk: ptr RsaPublicKey): uint32 {.importcFunc,
+    importc: "br_rsa_i62_public", header: "bearssl_rsa.h".}
+
+proc rsaI62Pkcs1Vrfy*(x: ptr byte; xlen: uint; hashOid: ptr byte;
+                     hashLen: uint; pk: ptr RsaPublicKey; hashOut: ptr byte): uint32 {.
+    importcFunc, importc: "br_rsa_i62_pkcs1_vrfy", header: "bearssl_rsa.h".}
+
+proc rsaI62PssVrfy*(x: ptr byte; xlen: uint; hfData: ptr HashClass;
+                   hfMgf1: ptr HashClass; hash: pointer; saltLen: uint;
+                   pk: ptr RsaPublicKey): uint32 {.importcFunc,
+    importc: "br_rsa_i62_pss_vrfy", header: "bearssl_rsa.h".}
+
+proc rsaI62Private*(x: ptr byte; sk: ptr RsaPrivateKey): uint32 {.importcFunc,
+    importc: "br_rsa_i62_private", header: "bearssl_rsa.h".}
+
+proc rsaI62Pkcs1Sign*(hashOid: ptr byte; hash: ptr byte; hashLen: uint;
+                     sk: ptr RsaPrivateKey; x: ptr byte): uint32 {.importcFunc,
+    importc: "br_rsa_i62_pkcs1_sign", header: "bearssl_rsa.h".}
+
+proc rsaI62PssSign*(rng: ptr ptr PrngClass; hfData: ptr HashClass;
+                   hfMgf1: ptr HashClass; hashValue: ptr byte; saltLen: uint;
+                   sk: ptr RsaPrivateKey; x: ptr byte): uint32 {.importcFunc,
+    importc: "br_rsa_i62_pss_sign", header: "bearssl_rsa.h".}
+
+proc rsaI62PublicGet*(): RsaPublic {.importcFunc, importc: "br_rsa_i62_public_get",
+                                  header: "bearssl_rsa.h".}
+
+proc rsaI62Pkcs1VrfyGet*(): RsaPkcs1Vrfy {.importcFunc,
+                                        importc: "br_rsa_i62_pkcs1_vrfy_get",
+                                        header: "bearssl_rsa.h".}
+
+proc rsaI62PssVrfyGet*(): RsaPssVrfy {.importcFunc, importc: "br_rsa_i62_pss_vrfy_get",
+                                    header: "bearssl_rsa.h".}
+
+proc rsaI62PrivateGet*(): RsaPrivate {.importcFunc, importc: "br_rsa_i62_private_get",
+                                    header: "bearssl_rsa.h".}
+
+proc rsaI62Pkcs1SignGet*(): RsaPkcs1Sign {.importcFunc,
+                                        importc: "br_rsa_i62_pkcs1_sign_get",
+                                        header: "bearssl_rsa.h".}
+
+proc rsaI62PssSignGet*(): RsaPssSign {.importcFunc, importc: "br_rsa_i62_pss_sign_get",
+                                    header: "bearssl_rsa.h".}
+
+proc rsaI62OaepEncryptGet*(): RsaOaepEncrypt {.importcFunc,
+    importc: "br_rsa_i62_oaep_encrypt_get", header: "bearssl_rsa.h".}
+
+proc rsaI62OaepDecryptGet*(): RsaOaepDecrypt {.importcFunc,
+    importc: "br_rsa_i62_oaep_decrypt_get", header: "bearssl_rsa.h".}
+
+proc rsaI15Public*(x: ptr byte; xlen: uint; pk: ptr RsaPublicKey): uint32 {.importcFunc,
+    importc: "br_rsa_i15_public", header: "bearssl_rsa.h".}
+
+proc rsaI15Pkcs1Vrfy*(x: ptr byte; xlen: uint; hashOid: ptr byte;
+                     hashLen: uint; pk: ptr RsaPublicKey; hashOut: ptr byte): uint32 {.
+    importcFunc, importc: "br_rsa_i15_pkcs1_vrfy", header: "bearssl_rsa.h".}
+
+proc rsaI15PssVrfy*(x: ptr byte; xlen: uint; hfData: ptr HashClass;
+                   hfMgf1: ptr HashClass; hash: pointer; saltLen: uint;
+                   pk: ptr RsaPublicKey): uint32 {.importcFunc,
+    importc: "br_rsa_i15_pss_vrfy", header: "bearssl_rsa.h".}
+
+proc rsaI15Private*(x: ptr byte; sk: ptr RsaPrivateKey): uint32 {.importcFunc,
+    importc: "br_rsa_i15_private", header: "bearssl_rsa.h".}
+
+proc rsaI15Pkcs1Sign*(hashOid: ptr byte; hash: ptr byte; hashLen: uint;
+                     sk: ptr RsaPrivateKey; x: ptr byte): uint32 {.importcFunc,
+    importc: "br_rsa_i15_pkcs1_sign", header: "bearssl_rsa.h".}
+
+proc rsaI15PssSign*(rng: ptr ptr PrngClass; hfData: ptr HashClass;
+                   hfMgf1: ptr HashClass; hashValue: ptr byte; saltLen: uint;
+                   sk: ptr RsaPrivateKey; x: ptr byte): uint32 {.importcFunc,
+    importc: "br_rsa_i15_pss_sign", header: "bearssl_rsa.h".}
+
+proc rsaPublicGetDefault*(): RsaPublic {.importcFunc,
+                                      importc: "br_rsa_public_get_default",
+                                      header: "bearssl_rsa.h".}
+
+proc rsaPrivateGetDefault*(): RsaPrivate {.importcFunc,
+                                        importc: "br_rsa_private_get_default",
+                                        header: "bearssl_rsa.h".}
+
+proc rsaPkcs1VrfyGetDefault*(): RsaPkcs1Vrfy {.importcFunc,
+    importc: "br_rsa_pkcs1_vrfy_get_default", header: "bearssl_rsa.h".}
+
+proc rsaPssVrfyGetDefault*(): RsaPssVrfy {.importcFunc,
+                                        importc: "br_rsa_pss_vrfy_get_default",
+                                        header: "bearssl_rsa.h".}
+
+proc rsaPkcs1SignGetDefault*(): RsaPkcs1Sign {.importcFunc,
+    importc: "br_rsa_pkcs1_sign_get_default", header: "bearssl_rsa.h".}
+
+proc rsaPssSignGetDefault*(): RsaPssSign {.importcFunc,
+                                        importc: "br_rsa_pss_sign_get_default",
+                                        header: "bearssl_rsa.h".}
+
+proc rsaOaepEncryptGetDefault*(): RsaOaepEncrypt {.importcFunc,
+    importc: "br_rsa_oaep_encrypt_get_default", header: "bearssl_rsa.h".}
+
+proc rsaOaepDecryptGetDefault*(): RsaOaepDecrypt {.importcFunc,
+    importc: "br_rsa_oaep_decrypt_get_default", header: "bearssl_rsa.h".}
+
+proc rsaSslDecrypt*(core: RsaPrivate; sk: ptr RsaPrivateKey; data: ptr byte;
+                   len: uint): uint32 {.importcFunc, importc: "br_rsa_ssl_decrypt",
+    header: "bearssl_rsa.h".}
+
+proc rsaI15OaepEncrypt*(rnd: ptr ptr PrngClass; dig: ptr HashClass; label: pointer;
+                       labelLen: uint; pk: ptr RsaPublicKey; dst: pointer;
+                       dstMaxLen: uint; src: pointer; srcLen: uint): uint {.
+    importcFunc, importc: "br_rsa_i15_oaep_encrypt", header: "bearssl_rsa.h".}
+
+proc rsaI15OaepDecrypt*(dig: ptr HashClass; label: pointer; labelLen: uint;
+                       sk: ptr RsaPrivateKey; data: pointer; len: var uint): uint32 {.
+    importcFunc, importc: "br_rsa_i15_oaep_decrypt", header: "bearssl_rsa.h".}
+
+proc rsaI31OaepEncrypt*(rnd: ptr ptr PrngClass; dig: ptr HashClass; label: pointer;
+                       labelLen: uint; pk: ptr RsaPublicKey; dst: pointer;
+                       dstMaxLen: uint; src: pointer; srcLen: uint): uint {.
+    importcFunc, importc: "br_rsa_i31_oaep_encrypt", header: "bearssl_rsa.h".}
+
+proc rsaI31OaepDecrypt*(dig: ptr HashClass; label: pointer; labelLen: uint;
+                       sk: ptr RsaPrivateKey; data: pointer; len: var uint): uint32 {.
+    importcFunc, importc: "br_rsa_i31_oaep_decrypt", header: "bearssl_rsa.h".}
+
+proc rsaI32OaepEncrypt*(rnd: ptr ptr PrngClass; dig: ptr HashClass; label: pointer;
+                       labelLen: uint; pk: ptr RsaPublicKey; dst: pointer;
+                       dstMaxLen: uint; src: pointer; srcLen: uint): uint {.
+    importcFunc, importc: "br_rsa_i32_oaep_encrypt", header: "bearssl_rsa.h".}
+
+proc rsaI32OaepDecrypt*(dig: ptr HashClass; label: pointer; labelLen: uint;
+                       sk: ptr RsaPrivateKey; data: pointer; len: var uint): uint32 {.
+    importcFunc, importc: "br_rsa_i32_oaep_decrypt", header: "bearssl_rsa.h".}
+
+proc rsaI62OaepEncrypt*(rnd: ptr ptr PrngClass; dig: ptr HashClass; label: pointer;
+                       labelLen: uint; pk: ptr RsaPublicKey; dst: pointer;
+                       dstMaxLen: uint; src: pointer; srcLen: uint): uint {.
+    importcFunc, importc: "br_rsa_i62_oaep_encrypt", header: "bearssl_rsa.h".}
+
+proc rsaI62OaepDecrypt*(dig: ptr HashClass; label: pointer; labelLen: uint;
+                       sk: ptr RsaPrivateKey; data: pointer; len: var uint): uint32 {.
+    importcFunc, importc: "br_rsa_i62_oaep_decrypt", header: "bearssl_rsa.h".}
+
+template rsaKbufPrivSize*(size: untyped): untyped =
+  (5 * (((size) + 15) shr 4))
+
+
+template rsaKbufPubSize*(size: untyped): untyped =
+  (4 + (((size) + 7) shr 3))
+
+
+type
+  RsaKeygen* {.importc: "br_rsa_keygen".} = proc (rngCtx: ptr ptr PrngClass; sk: ptr RsaPrivateKey; kbufPriv: pointer;
+                  pk: ptr RsaPublicKey; kbufPub: pointer; size: cuint; pubexp: uint32): uint32 {.
+      importcFunc.}
+
+
+proc rsaI15Keygen*(rngCtx: ptr ptr PrngClass; sk: ptr RsaPrivateKey; kbufPriv: pointer;
+                  pk: ptr RsaPublicKey; kbufPub: pointer; size: cuint; pubexp: uint32): uint32 {.
+    importcFunc, importc: "br_rsa_i15_keygen", header: "bearssl_rsa.h".}
+
+proc rsaI31Keygen*(rngCtx: ptr ptr PrngClass; sk: ptr RsaPrivateKey; kbufPriv: pointer;
+                  pk: ptr RsaPublicKey; kbufPub: pointer; size: cuint; pubexp: uint32): uint32 {.
+    importcFunc, importc: "br_rsa_i31_keygen", header: "bearssl_rsa.h".}
+
+proc rsaI62Keygen*(rngCtx: ptr ptr PrngClass; sk: ptr RsaPrivateKey; kbufPriv: pointer;
+                  pk: ptr RsaPublicKey; kbufPub: pointer; size: cuint; pubexp: uint32): uint32 {.
+    importcFunc, importc: "br_rsa_i62_keygen", header: "bearssl_rsa.h".}
+
+proc rsaI62KeygenGet*(): RsaKeygen {.importcFunc, importc: "br_rsa_i62_keygen_get",
+                                  header: "bearssl_rsa.h".}
+
+proc rsaKeygenGetDefault*(): RsaKeygen {.importcFunc,
+                                      importc: "br_rsa_keygen_get_default",
+                                      header: "bearssl_rsa.h".}
+
+type
+  RsaComputeModulus* {.importc: "br_rsa_compute_modulus".} = proc (n: pointer; sk: ptr RsaPrivateKey): uint {.importcFunc.}
+
+
+proc rsaI15ComputeModulus*(n: pointer; sk: ptr RsaPrivateKey): uint {.importcFunc,
+    importc: "br_rsa_i15_compute_modulus", header: "bearssl_rsa.h".}
+
+proc rsaI31ComputeModulus*(n: pointer; sk: ptr RsaPrivateKey): uint {.importcFunc,
+    importc: "br_rsa_i31_compute_modulus", header: "bearssl_rsa.h".}
+
+proc rsaComputeModulusGetDefault*(): RsaComputeModulus {.importcFunc,
+    importc: "br_rsa_compute_modulus_get_default", header: "bearssl_rsa.h".}
+
+type
+  RsaComputePubexp* = proc (sk: ptr RsaPrivateKey): uint32 {.importcFunc.}
+
+
+proc rsaI15ComputePubexp*(sk: ptr RsaPrivateKey): uint32 {.importcFunc,
+    importc: "br_rsa_i15_compute_pubexp", header: "bearssl_rsa.h".}
+
+proc rsaI31ComputePubexp*(sk: ptr RsaPrivateKey): uint32 {.importcFunc,
+    importc: "br_rsa_i31_compute_pubexp", header: "bearssl_rsa.h".}
+
+proc rsaComputePubexpGetDefault*(): RsaComputePubexp {.importcFunc,
+    importc: "br_rsa_compute_pubexp_get_default", header: "bearssl_rsa.h".}
+
+type
+  RsaComputePrivexp* {.importc: "br_rsa_compute_privexp".} = proc (d: pointer; sk: ptr RsaPrivateKey; pubexp: uint32): uint {.
+      importcFunc.}
+
+
+proc rsaI15ComputePrivexp*(d: pointer; sk: ptr RsaPrivateKey; pubexp: uint32): uint {.
+    importcFunc, importc: "br_rsa_i15_compute_privexp", header: "bearssl_rsa.h".}
+
+proc rsaI31ComputePrivexp*(d: pointer; sk: ptr RsaPrivateKey; pubexp: uint32): uint {.
+    importcFunc, importc: "br_rsa_i31_compute_privexp", header: "bearssl_rsa.h".}
+
+proc rsaComputePrivexpGetDefault*(): RsaComputePrivexp {.importcFunc,
+    importc: "br_rsa_compute_privexp_get_default", header: "bearssl_rsa.h".}

bearssl/abi/bearssl_x509.nim

@@ -0,0 +1,488 @@
+import
+  "."/[bearssl_ec, bearssl_hash, bearssl_rsa, csources]
+
+{.pragma: importcFunc, cdecl, gcsafe, noSideEffect, raises: [].}
+{.used.}
+
+const
+  bearX509Path = bearSrcPath / "x509"
+
+{.compile: bearX509Path / "asn1enc.c".}
+{.compile: bearX509Path / "encode_ec_pk8der.c".}
+{.compile: bearX509Path / "encode_ec_rawder.c".}
+{.compile: bearX509Path / "encode_rsa_pk8der.c".}
+{.compile: bearX509Path / "encode_rsa_rawder.c".}
+{.compile: bearX509Path / "skey_decoder.c".}
+{.compile: bearX509Path / "x509_decoder.c".}
+{.compile: bearX509Path / "x509_knownkey.c".}
+{.compile: bearX509Path / "x509_minimal.c".}
+{.compile: bearX509Path / "x509_minimal_full.c".}
+
+const
+  ERR_X509_OK* = 32
+
+
+const
+  ERR_X509_INVALID_VALUE* = 33
+
+
+const
+  ERR_X509_TRUNCATED* = 34
+
+
+const
+  ERR_X509_EMPTY_CHAIN* = 35
+
+
+const
+  ERR_X509_INNER_TRUNC* = 36
+
+
+const
+  ERR_X509_BAD_TAG_CLASS* = 37
+
+
+const
+  ERR_X509_BAD_TAG_VALUE* = 38
+
+
+const
+  ERR_X509_INDEFINITE_LENGTH* = 39
+
+
+const
+  ERR_X509_EXTRA_ELEMENT* = 40
+
+
+const
+  ERR_X509_UNEXPECTED* = 41
+
+
+const
+  ERR_X509_NOT_CONSTRUCTED* = 42
+
+
+const
+  ERR_X509_NOT_PRIMITIVE* = 43
+
+
+const
+  ERR_X509_PARTIAL_BYTE* = 44
+
+
+const
+  ERR_X509_BAD_BOOLEAN* = 45
+
+
+const
+  ERR_X509_OVERFLOW* = 46
+
+
+const
+  ERR_X509_BAD_DN* = 47
+
+
+const
+  ERR_X509_BAD_TIME* = 48
+
+
+const
+  ERR_X509_UNSUPPORTED* = 49
+
+
+const
+  ERR_X509_LIMIT_EXCEEDED* = 50
+
+
+const
+  ERR_X509_WRONG_KEY_TYPE* = 51
+
+
+const
+  ERR_X509_BAD_SIGNATURE* = 52
+
+
+const
+  ERR_X509_TIME_UNKNOWN* = 53
+
+
+const
+  ERR_X509_EXPIRED* = 54
+
+
+const
+  ERR_X509_DN_MISMATCH* = 55
+
+
+const
+  ERR_X509_BAD_SERVER_NAME* = 56
+
+
+const
+  ERR_X509_CRITICAL_EXTENSION* = 57
+
+
+const
+  ERR_X509_NOT_CA* = 58
+
+
+const
+  ERR_X509_FORBIDDEN_KEY_USAGE* = 59
+
+
+const
+  ERR_X509_WEAK_PUBLIC_KEY* = 60
+
+
+const
+  ERR_X509_NOT_TRUSTED* = 62
+
+
+type
+  INNER_C_UNION_bearssl_x509_1* {.importc: "br_x509_pkey::no_name",
+                                 header: "bearssl_x509.h", bycopy, union.} = object
+    rsa* {.importc: "rsa".}: RsaPublicKey
+    ec* {.importc: "ec".}: EcPublicKey
+
+  X509Pkey* {.importc: "br_x509_pkey", header: "bearssl_x509.h", bycopy.} = object
+    keyType* {.importc: "key_type".}: byte
+    key* {.importc: "key".}: INNER_C_UNION_bearssl_x509_1
+
+
+
+type
+  X500Name* {.importc: "br_x500_name", header: "bearssl_x509.h", bycopy.} = object
+    data* {.importc: "data".}: ptr byte
+    len* {.importc: "len".}: uint
+
+
+
+type
+  X509TrustAnchor* {.importc: "br_x509_trust_anchor", header: "bearssl_x509.h",
+                    bycopy.} = object
+    dn* {.importc: "dn".}: X500Name
+    flags* {.importc: "flags".}: cuint
+    pkey* {.importc: "pkey".}: X509Pkey
+
+
+
+const
+  X509_TA_CA* = 0x0001
+
+
+const
+  KEYTYPE_RSA* = 1
+
+
+const
+  KEYTYPE_EC* = 2
+
+
+const
+  KEYTYPE_KEYX* = 0x10
+
+
+const
+  KEYTYPE_SIGN* = 0x20
+
+
+type
+  X509Class* {.importc: "br_x509_class", header: "bearssl_x509.h", bycopy.} = object
+    contextSize* {.importc: "context_size".}: uint
+    startChain* {.importc: "start_chain".}: proc (ctx: ptr ptr X509Class;
+        serverName: cstring) {.importcFunc.}
+    startCert* {.importc: "start_cert".}: proc (ctx: ptr ptr X509Class; length: uint32) {.
+        importcFunc.}
+    append* {.importc: "append".}: proc (ctx: ptr ptr X509Class; buf: ptr byte;
+                                     len: uint) {.importcFunc.}
+    endCert* {.importc: "end_cert".}: proc (ctx: ptr ptr X509Class) {.importcFunc.}
+    endChain* {.importc: "end_chain".}: proc (ctx: ptr ptr X509Class): cuint {.importcFunc.}
+    getPkey* {.importc: "get_pkey".}: proc (ctx: ptr ptr X509Class; usages: ptr cuint): ptr X509Pkey {.
+        importcFunc.}
+
+
+
+type
+  X509KnownkeyContext* {.importc: "br_x509_knownkey_context",
+                        header: "bearssl_x509.h", bycopy.} = object
+    vtable* {.importc: "vtable".}: ptr X509Class
+    pkey* {.importc: "pkey".}: X509Pkey
+    usages* {.importc: "usages".}: cuint
+
+
+var x509KnownkeyVtable* {.importc: "br_x509_knownkey_vtable",
+                        header: "bearssl_x509.h".}: X509Class
+
+proc x509KnownkeyInitRsa*(ctx: var X509KnownkeyContext; pk: ptr RsaPublicKey;
+                         usages: cuint) {.importcFunc,
+                                        importc: "br_x509_knownkey_init_rsa",
+                                        header: "bearssl_x509.h".}
+
+proc x509KnownkeyInitEc*(ctx: var X509KnownkeyContext; pk: ptr EcPublicKey;
+                        usages: cuint) {.importcFunc,
+                                       importc: "br_x509_knownkey_init_ec",
+                                       header: "bearssl_x509.h".}
+
+const
+  X509_BUFSIZE_KEY* = 520
+  X509_BUFSIZE_SIG* = 512
+
+
+type
+  NameElement* {.importc: "br_name_element", header: "bearssl_x509.h", bycopy.} = object
+    oid* {.importc: "oid".}: ptr byte
+    buf* {.importc: "buf".}: cstring
+    len* {.importc: "len".}: uint
+    status* {.importc: "status".}: cint
+
+
+
+type
+  INNER_C_STRUCT_bearssl_x509_3* {.importc: "br_x509_minimal_context::no_name",
+                                  header: "bearssl_x509.h", bycopy.} = object
+    dp* {.importc: "dp".}: ptr uint32
+    rp* {.importc: "rp".}: ptr uint32
+    ip* {.importc: "ip".}: ptr byte
+
+  X509MinimalContext* {.importc: "br_x509_minimal_context",
+                       header: "bearssl_x509.h", bycopy.} = object
+    vtable* {.importc: "vtable".}: ptr X509Class
+    pkey* {.importc: "pkey".}: X509Pkey
+    cpu* {.importc: "cpu".}: INNER_C_STRUCT_bearssl_x509_3
+    dpStack* {.importc: "dp_stack".}: array[32, uint32]
+    rpStack* {.importc: "rp_stack".}: array[32, uint32]
+    err* {.importc: "err".}: cint
+    serverName* {.importc: "server_name".}: cstring
+    keyUsages* {.importc: "key_usages".}: byte
+    days* {.importc: "days".}: uint32
+    seconds* {.importc: "seconds".}: uint32
+    certLength* {.importc: "cert_length".}: uint32
+    numCerts* {.importc: "num_certs".}: uint32
+    hbuf* {.importc: "hbuf".}: ptr byte
+    hlen* {.importc: "hlen".}: uint
+    pad* {.importc: "pad".}: array[256, byte]
+    eePkeyData* {.importc: "ee_pkey_data".}: array[X509_BUFSIZE_KEY, byte]
+    pkeyData* {.importc: "pkey_data".}: array[X509_BUFSIZE_KEY, byte]
+    certSignerKeyType* {.importc: "cert_signer_key_type".}: byte
+    certSigHashOid* {.importc: "cert_sig_hash_oid".}: uint16
+    certSigHashLen* {.importc: "cert_sig_hash_len".}: byte
+    certSig* {.importc: "cert_sig".}: array[X509_BUFSIZE_SIG, byte]
+    certSigLen* {.importc: "cert_sig_len".}: uint16
+    minRsaSize* {.importc: "min_rsa_size".}: int16
+    trustAnchors* {.importc: "trust_anchors".}: ptr X509TrustAnchor
+    trustAnchorsNum* {.importc: "trust_anchors_num".}: uint
+    doMhash* {.importc: "do_mhash".}: byte
+    mhash* {.importc: "mhash".}: MultihashContext
+    tbsHash* {.importc: "tbs_hash".}: array[64, byte]
+    doDnHash* {.importc: "do_dn_hash".}: byte
+    dnHashImpl* {.importc: "dn_hash_impl".}: ptr HashClass
+    dnHash* {.importc: "dn_hash".}: HashCompatContext
+    currentDnHash* {.importc: "current_dn_hash".}: array[64, byte]
+    nextDnHash* {.importc: "next_dn_hash".}: array[64, byte]
+    savedDnHash* {.importc: "saved_dn_hash".}: array[64, byte]
+    nameElts* {.importc: "name_elts".}: ptr NameElement
+    numNameElts* {.importc: "num_name_elts".}: uint
+    irsa* {.importc: "irsa".}: RsaPkcs1Vrfy
+    iecdsa* {.importc: "iecdsa".}: EcdsaVrfy
+    iec* {.importc: "iec".}: ptr EcImpl
+
+
+var x509MinimalVtable* {.importc: "br_x509_minimal_vtable", header: "bearssl_x509.h".}: X509Class
+
+proc x509MinimalInit*(ctx: var X509MinimalContext; dnHashImpl: ptr HashClass;
+                     trustAnchors: ptr X509TrustAnchor; trustAnchorsNum: uint) {.
+    importcFunc, importc: "br_x509_minimal_init", header: "bearssl_x509.h".}
+
+proc x509MinimalSetHash*(ctx: var X509MinimalContext; id: cint; impl: ptr HashClass) {.
+    inline.} =
+  multihashSetimpl(ctx.mhash, id, impl)
+
+
+proc x509MinimalSetRsa*(ctx: var X509MinimalContext; irsa: RsaPkcs1Vrfy) {.inline.} =
+  ctx.irsa = irsa
+
+
+proc x509MinimalSetEcdsa*(ctx: var X509MinimalContext; iec: ptr EcImpl;
+                         iecdsa: EcdsaVrfy) {.inline.} =
+  ctx.iecdsa = iecdsa
+  ctx.iec = iec
+
+
+proc x509MinimalInitFull*(ctx: var X509MinimalContext;
+                         trustAnchors: ptr X509TrustAnchor;
+                         trustAnchorsNum: uint) {.importcFunc,
+    importc: "br_x509_minimal_init_full", header: "bearssl_x509.h".}
+
+proc x509MinimalSetTime*(ctx: var X509MinimalContext; days: uint32; seconds: uint32) {.
+    inline.} =
+  ctx.days = days
+  ctx.seconds = seconds
+
+
+proc x509MinimalSetMinrsa*(ctx: var X509MinimalContext; byteLength: cint) {.inline,
+    importcFunc.} =
+  ctx.minRsaSize = (int16)(byteLength - 128)
+
+
+proc x509MinimalSetNameElements*(ctx: var X509MinimalContext; elts: ptr NameElement;
+                                numElts: uint) {.inline.} =
+  ctx.nameElts = elts
+  ctx.numNameElts = numElts
+
+
+type
+  INNER_C_STRUCT_bearssl_x509_5* {.importc: "br_x509_decoder_context::no_name",
+                                  header: "bearssl_x509.h", bycopy.} = object
+    dp* {.importc: "dp".}: ptr uint32
+    rp* {.importc: "rp".}: ptr uint32
+    ip* {.importc: "ip".}: ptr byte
+
+  X509DecoderContext* {.importc: "br_x509_decoder_context",
+                       header: "bearssl_x509.h", bycopy.} = object
+    pkey* {.importc: "pkey".}: X509Pkey
+    cpu* {.importc: "cpu".}: INNER_C_STRUCT_bearssl_x509_5
+    dpStack* {.importc: "dp_stack".}: array[32, uint32]
+    rpStack* {.importc: "rp_stack".}: array[32, uint32]
+    err* {.importc: "err".}: cint
+    pad* {.importc: "pad".}: array[256, byte]
+    decoded* {.importc: "decoded".}: bool
+    notbeforeDays* {.importc: "notbefore_days".}: uint32
+    notbeforeSeconds* {.importc: "notbefore_seconds".}: uint32
+    notafterDays* {.importc: "notafter_days".}: uint32
+    notafterSeconds* {.importc: "notafter_seconds".}: uint32
+    isCA* {.importc: "isCA".}: bool
+    copyDn* {.importc: "copy_dn".}: byte
+    appendDnCtx* {.importc: "append_dn_ctx".}: pointer
+    appendDn* {.importc: "append_dn".}: proc (ctx: pointer; buf: pointer; len: uint) {.
+        importcFunc.}
+    hbuf* {.importc: "hbuf".}: ptr byte
+    hlen* {.importc: "hlen".}: uint
+    pkeyData* {.importc: "pkey_data".}: array[X509_BUFSIZE_KEY, byte]
+    signerKeyType* {.importc: "signer_key_type".}: byte
+    signerHashId* {.importc: "signer_hash_id".}: byte
+
+
+
+proc x509DecoderInit*(ctx: var X509DecoderContext; appendDn: proc (ctx: pointer;
+    buf: pointer; len: uint) {.importcFunc.}; appendDnCtx: pointer) {.importcFunc,
+    importc: "br_x509_decoder_init", header: "bearssl_x509.h".}
+
+proc x509DecoderPush*(ctx: var X509DecoderContext; data: pointer; len: uint) {.importcFunc,
+    importc: "br_x509_decoder_push", header: "bearssl_x509.h".}
+
+proc x509DecoderGetPkey*(ctx: var X509DecoderContext): ptr X509Pkey {.inline.} =
+  if ctx.decoded and ctx.err == 0:
+    return addr(ctx.pkey)
+  else:
+    return nil
+
+
+proc x509DecoderLastError*(ctx: var X509DecoderContext): cint {.inline.} =
+  if ctx.err != 0:
+    return ctx.err
+  if not ctx.decoded:
+    return ERR_X509_TRUNCATED
+  return 0
+
+proc x509DecoderIsCA*(ctx: var X509DecoderContext): cint {.inline.} =
+  return cint ctx.isCA
+
+proc x509DecoderGetSignerKeyType*(ctx: var X509DecoderContext): cint {.inline.} =
+  return cint ctx.signerKeyType
+
+proc x509DecoderGetSignerHashId*(ctx: var X509DecoderContext): cint {.inline.} =
+  return cint ctx.signerHashId
+
+type
+  X509Certificate* {.importc: "br_x509_certificate", header: "bearssl_x509.h", bycopy.} = object
+    data* {.importc: "data".}: ptr byte
+    dataLen* {.importc: "data_len".}: uint
+
+
+
+type
+  INNER_C_UNION_bearssl_x509_8* {.importc: "br_skey_decoder_context::no_name",
+                                 header: "bearssl_x509.h", bycopy, union.} = object
+    rsa* {.importc: "rsa".}: RsaPrivateKey
+    ec* {.importc: "ec".}: EcPrivateKey
+
+  INNER_C_STRUCT_bearssl_x509_9* {.importc: "br_skey_decoder_context::no_name",
+                                  header: "bearssl_x509.h", bycopy.} = object
+    dp* {.importc: "dp".}: ptr uint32
+    rp* {.importc: "rp".}: ptr uint32
+    ip* {.importc: "ip".}: ptr byte
+
+  SkeyDecoderContext* {.importc: "br_skey_decoder_context",
+                       header: "bearssl_x509.h", bycopy.} = object
+    key* {.importc: "key".}: INNER_C_UNION_bearssl_x509_8
+    cpu* {.importc: "cpu".}: INNER_C_STRUCT_bearssl_x509_9
+    dpStack* {.importc: "dp_stack".}: array[32, uint32]
+    rpStack* {.importc: "rp_stack".}: array[32, uint32]
+    err* {.importc: "err".}: cint
+    hbuf* {.importc: "hbuf".}: ptr byte
+    hlen* {.importc: "hlen".}: uint
+    pad* {.importc: "pad".}: array[256, byte]
+    keyType* {.importc: "key_type".}: byte
+    keyData* {.importc: "key_data".}: array[3 * X509_BUFSIZE_SIG, byte]
+
+
+
+proc skeyDecoderInit*(ctx: var SkeyDecoderContext) {.importcFunc,
+    importc: "br_skey_decoder_init", header: "bearssl_x509.h".}
+
+proc skeyDecoderPush*(ctx: var SkeyDecoderContext; data: pointer; len: uint) {.importcFunc,
+    importc: "br_skey_decoder_push", header: "bearssl_x509.h".}
+
+proc skeyDecoderLastError*(ctx: var SkeyDecoderContext): cint {.inline.} =
+  if ctx.err != 0:
+    return ctx.err
+  if ctx.keyType == '\0'.byte:
+    return ERR_X509_TRUNCATED
+  return 0
+
+
+proc skeyDecoderKeyType*(ctx: var SkeyDecoderContext): cint {.inline.} =
+  if ctx.err == 0:
+    return cint ctx.keyType
+  else:
+    return 0
+
+
+proc skeyDecoderGetRsa*(ctx: var SkeyDecoderContext): ptr RsaPrivateKey {.inline.} =
+  if ctx.err == 0 and ctx.keyType == KEYTYPE_RSA:
+    return addr(ctx.key.rsa)
+  else:
+    return nil
+
+
+proc skeyDecoderGetEc*(ctx: var SkeyDecoderContext): ptr EcPrivateKey {.inline.} =
+  if ctx.err == 0 and ctx.keyType == KEYTYPE_EC:
+    return addr(ctx.key.ec)
+  else:
+    return nil
+
+
+proc encodeRsaRawDer*(dest: pointer; sk: ptr RsaPrivateKey; pk: ptr RsaPublicKey;
+                     d: pointer; dlen: uint): uint {.importcFunc,
+    importc: "br_encode_rsa_raw_der", header: "bearssl_x509.h".}
+
+proc encodeRsaPkcs8Der*(dest: pointer; sk: ptr RsaPrivateKey; pk: ptr RsaPublicKey;
+                       d: pointer; dlen: uint): uint {.importcFunc,
+    importc: "br_encode_rsa_pkcs8_der", header: "bearssl_x509.h".}
+
+proc encodeEcRawDer*(dest: pointer; sk: ptr EcPrivateKey; pk: ptr EcPublicKey): uint {.
+    importcFunc, importc: "br_encode_ec_raw_der", header: "bearssl_x509.h".}
+
+proc encodeEcPkcs8Der*(dest: pointer; sk: ptr EcPrivateKey; pk: ptr EcPublicKey): uint {.
+    importcFunc, importc: "br_encode_ec_pkcs8_der", header: "bearssl_x509.h".}
+
+const
+  ENCODE_PEM_RSA_RAW* = "RSA PRIVATE KEY"
+
+
+const
+  ENCODE_PEM_EC_RAW* = "EC PRIVATE KEY"
+
+
+const
+  ENCODE_PEM_PKCS8* = "PRIVATE KEY"

bearssl/abi/brssl.nim

@@ -0,0 +1,24 @@
+import
+  "."/[csources, bearssl_x509]
+
+{.pragma: importcFunc, cdecl, gcsafe, noSideEffect, raises: [].}
+{.pragma: headerFunc, importcFunc, header: "brssl.h".}
+{.used.}
+
+const
+  bearToolsPath = bearPath / "tools"
+
+
+{.compile: bearToolsPath / "vector.c".}
+{.compile: bearToolsPath / "xmem.c".}
+{.compile: bearToolsPath / "names.c".}
+{.compile: bearToolsPath / "certs.c".}
+{.compile: bearToolsPath / "files.c".}
+
+type
+  X509NoAnchorContext* {.importc: "x509_noanchor_context",
+                         header: "brssl.h", bycopy.} = object
+    vtable* {.importc: "vtable".}: ptr X509Class
+
+proc initNoAnchor*(xwc: var X509NoAnchorContext, inner: ptr ptr X509Class) {.
+     importcFunc, importc: "x509_noanchor_init", header: "brssl.h".}

bearssl/abi/cacert.nim

@@ -0,0 +1,25 @@
+## Nim-BearSSL
+## Copyright (c) 2018-2021 Status Research & Development GmbH
+## Licensed under either of
+##  * Apache License, version 2.0, ([LICENSE-APACHE](LICENSE-APACHE))
+##  * MIT license ([LICENSE-MIT](LICENSE-MIT))
+## at your option.
+## This file may not be copied, modified, or distributed except according to
+## those terms.
+
+## This module provides access to Mozilla's CA certificate store in PEM format.
+## This certificate store was downloaded from
+## https://curl.haxx.se/ca/cacert.pem
+## And converted to C header using ``brssl ta cacert.pem > cacert.h``.
+from ./bearssl_x509 import X509TrustAnchor
+from os import parentDir, `/`
+
+const
+  currentSourceDir* = currentSourcePath.parentDir
+
+{.passc: "-I" & currentSourceDir.parentDir / "certs".}
+
+var MozillaTrustAnchors* {.
+    importc: "TAs", header: "cacert20210119.h".}: array[129, X509TrustAnchor]
+var MozillaTrustAnchorsCount* {.
+    importc: "TAs_NUM", header: "cacert20210119.h".}: cint

bearssl/abi/config.nim

@@ -0,0 +1,21 @@
+import
+  "."/[csources]
+
+{.pragma: importcFunc, cdecl, gcsafe, noSideEffect, raises: [].}
+{.pragma: headerFunc, importcFunc, header: "bearssl.h".}
+{.used.}
+
+const
+  bearRootPath = bearSrcPath
+
+{.compile: bearRootPath / "settings.c".}
+
+type
+  ConfigOption* {.importc: "br_config_option", header: "bearssl.h", bycopy.} = object
+    name* {.importc: "name".}: cstring
+    value* {.importc: "value".}: clong
+
+# TODO: missing `extern "C"` in bearssl.h means this function cannot
+#       be used from C++
+proc getConfig*(): ptr ConfigOption {.importcFunc, importc: "br_get_config",
+  headerFunc.}

bearssl/abi/csources.nim

@@ -0,0 +1,63 @@
+## Nim-BearSSL
+## Copyright (c) 2018-2022 Status Research & Development GmbH
+## Licensed under either of
+##  * Apache License, version 2.0, ([LICENSE-APACHE](LICENSE-APACHE))
+##  * MIT license ([LICENSE-MIT](LICENSE-MIT))
+## at your option.
+## This file may not be copied, modified, or distributed except according to
+## those terms.
+
+import
+  os
+
+export os
+
+# For each bearssl header file, we create one nim module that compilers the
+# C file related to that module. Some C "modules" have dependencies - the Nim
+# modules make sure to import these dependencies so that the correct C source
+# files get compiled transitively.
+#
+# Most of the header-like content was generated with c2nim, then hand-edited.
+#
+# For historical reasons, some functions and types are exposed with a "Br"
+# prefix - these have been marked deprecated.
+#
+# Some functions take a length as input - in bearssl, `csize_t` is used for this
+# purpose - wrappers do the same
+
+static: doAssert sizeof(csize_t) == sizeof(int)
+
+const
+  bearPath* = currentSourcePath.parentDir.parentDir / "csources"
+  bearIncPath* = bearPath / "inc"
+  bearSrcPath* = bearPath / "src"
+  bearToolsPath* = bearPath / "tools"
+
+# TODO https://github.com/nim-lang/Nim/issues/19864
+
+{.passc: "-I" & quoteShell(bearSrcPath)}
+{.passc: "-I" & quoteShell(bearIncPath)}
+{.passc: "-I" & quoteShell(bearToolsPath)}
+
+when defined(windows):
+  {.passc: "-DBR_USE_WIN32_TIME=1".}
+  {.passc: "-DBR_USE_WIN32_RAND=1".}
+else:
+  {.passc: "-DBR_USE_UNIX_TIME=1".}
+  {.passc: "-DBR_USE_URANDOM=1".}
+
+when defined(i386) or defined(amd64) or defined(arm64):
+  {.passc: "-DBR_LE_UNALIGNED=1".}
+elif defined(powerpc) or defined(powerpc64):
+  {.passc: "-DBR_BE_UNALIGNED=1".}
+elif defined(powerpc64el):
+  {.passc: "-DBR_LE_UNALIGNED=1".}
+
+when sizeof(int) == 8:
+  {.passc: "-DBR_64=1".}
+  when hostCPU == "amd64":
+    {.passc:" -DBR_amd64=1".}
+  when defined(vcc):
+    {.passc: "-DBR_UMUL128=1".}
+  else:
+    {.passc: "-DBR_INT128=1".}

bearssl/abi/inner.nim

@@ -0,0 +1,21 @@
+import
+  "."/[csources]
+
+{.used.}
+
+const
+  bearCodecPath = bearSrcPath & "/" & "codec" & "/"
+
+{.compile: bearCodecPath / "ccopy.c".}
+{.compile: bearCodecPath / "dec16be.c".}
+{.compile: bearCodecPath / "dec16le.c".}
+{.compile: bearCodecPath / "dec32be.c".}
+{.compile: bearCodecPath / "dec32le.c".}
+{.compile: bearCodecPath / "dec64be.c".}
+{.compile: bearCodecPath / "dec64le.c".}
+{.compile: bearCodecPath / "enc16be.c".}
+{.compile: bearCodecPath / "enc16le.c".}
+{.compile: bearCodecPath / "enc32be.c".}
+{.compile: bearCodecPath / "enc32le.c".}
+{.compile: bearCodecPath / "enc64be.c".}
+{.compile: bearCodecPath / "enc64le.c".}

bearssl/abi/intx.nim

@@ -0,0 +1,64 @@
+import
+  "."/[csources]
+
+{.used.}
+
+const
+  bearIntPath = bearSrcPath / "int"
+
+{.compile: bearIntPath / "i15_add.c".}
+{.compile: bearIntPath / "i15_bitlen.c".}
+{.compile: bearIntPath / "i15_decmod.c".}
+{.compile: bearIntPath / "i15_decode.c".}
+{.compile: bearIntPath / "i15_decred.c".}
+{.compile: bearIntPath / "i15_encode.c".}
+{.compile: bearIntPath / "i15_fmont.c".}
+{.compile: bearIntPath / "i15_iszero.c".}
+{.compile: bearIntPath / "i15_moddiv.c".}
+{.compile: bearIntPath / "i15_modpow.c".}
+{.compile: bearIntPath / "i15_modpow2.c".}
+{.compile: bearIntPath / "i15_montmul.c".}
+{.compile: bearIntPath / "i15_mulacc.c".}
+{.compile: bearIntPath / "i15_muladd.c".}
+{.compile: bearIntPath / "i15_ninv15.c".}
+{.compile: bearIntPath / "i15_reduce.c".}
+{.compile: bearIntPath / "i15_rshift.c".}
+{.compile: bearIntPath / "i15_sub.c".}
+{.compile: bearIntPath / "i15_tmont.c".}
+{.compile: bearIntPath / "i31_add.c".}
+{.compile: bearIntPath / "i31_bitlen.c".}
+{.compile: bearIntPath / "i31_decmod.c".}
+{.compile: bearIntPath / "i31_decode.c".}
+{.compile: bearIntPath / "i31_decred.c".}
+{.compile: bearIntPath / "i31_encode.c".}
+{.compile: bearIntPath / "i31_fmont.c".}
+{.compile: bearIntPath / "i31_iszero.c".}
+{.compile: bearIntPath / "i31_moddiv.c".}
+{.compile: bearIntPath / "i31_modpow.c".}
+{.compile: bearIntPath / "i31_modpow2.c".}
+{.compile: bearIntPath / "i31_montmul.c".}
+{.compile: bearIntPath / "i31_mulacc.c".}
+{.compile: bearIntPath / "i31_muladd.c".}
+{.compile: bearIntPath / "i31_ninv31.c".}
+{.compile: bearIntPath / "i31_reduce.c".}
+{.compile: bearIntPath / "i31_rshift.c".}
+{.compile: bearIntPath / "i31_sub.c".}
+{.compile: bearIntPath / "i31_tmont.c".}
+{.compile: bearIntPath / "i32_add.c".}
+{.compile: bearIntPath / "i32_bitlen.c".}
+{.compile: bearIntPath / "i32_decmod.c".}
+{.compile: bearIntPath / "i32_decode.c".}
+{.compile: bearIntPath / "i32_decred.c".}
+{.compile: bearIntPath / "i32_div32.c".}
+{.compile: bearIntPath / "i32_encode.c".}
+{.compile: bearIntPath / "i32_fmont.c".}
+{.compile: bearIntPath / "i32_iszero.c".}
+{.compile: bearIntPath / "i32_modpow.c".}
+{.compile: bearIntPath / "i32_montmul.c".}
+{.compile: bearIntPath / "i32_mulacc.c".}
+{.compile: bearIntPath / "i32_muladd.c".}
+{.compile: bearIntPath / "i32_ninv32.c".}
+{.compile: bearIntPath / "i32_reduce.c".}
+{.compile: bearIntPath / "i32_sub.c".}
+{.compile: bearIntPath / "i32_tmont.c".}
+{.compile: bearIntPath / "i62_modpow2.c".}

bearssl/aead.nim

@@ -0,0 +1,4 @@
+import
+  ./abi/bearssl_aead
+
+export bearssl_aead

bearssl/blockx.nim

@@ -0,0 +1,4 @@
+import
+  ./abi/bearssl_block
+
+export bearssl_block

bearssl/brssl.nim

@@ -0,0 +1,4 @@
+import
+  ./abi/brssl
+
+export brssl

bearssl/ec.nim

@@ -0,0 +1,4 @@
+import
+  ./abi/bearssl_ec
+
+export bearssl_ec

bearssl/hash.nim

@@ -0,0 +1,4 @@
+import
+  ./abi/bearssl_hash
+
+export bearssl_hash

bearssl/hmac.nim

@@ -0,0 +1,4 @@
+import
+  ./abi/bearssl_hmac
+
+export bearssl_hmac

bearssl/kdf.nim

@@ -0,0 +1,4 @@
+import
+  ./abi/bearssl_kdf
+
+export bearssl_kdf

bearssl/pem.nim

@@ -0,0 +1,4 @@
+import
+  ./abi/bearssl_pem
+
+export bearssl_pem

bearssl/prf.nim

@@ -0,0 +1,4 @@
+import
+  ./abi/bearssl_prf
+
+export bearssl_prf

bearssl/rand.nim

@@ -0,0 +1,8 @@
+import
+  ./abi/bearssl_rand
+
+export bearssl_rand
+
+func hmacDrbgGenerate*(ctx: var HmacDrbgContext, output: var openArray[byte]) =
+  if output.len > 0:
+    hmacDrbgGenerate(ctx, addr output[0], uint output.len)

bearssl/rsa.nim

@@ -0,0 +1,4 @@
+import
+  ./abi/bearssl_rsa
+
+export bearssl_rsa

bearssl/ssl.nim

@@ -0,0 +1,4 @@
+import
+  ./abi/bearssl_ssl
+
+export bearssl_ssl

bearssl/x509.nim

@@ -0,0 +1,4 @@
+import
+  ./abi/bearssl_x509
+
+export bearssl_x509

regenerate.sh

@@ -0,0 +1,40 @@
+#!/bin/sh
+mkdir -p gen
+cp bearssl/csources/inc/*.h gen
+
+# c2nim gets confused by #ifdef inside struct's
+unifdef -m -UBR_DOXYGEN_IGNORE gen/*.h
+
+# TODO: several things broken in  c2nim 0.9.18
+# https://github.com/nim-lang/c2nim/issues/239
+# https://github.com/nim-lang/c2nim/issues/240
+# https://github.com/nim-lang/c2nim/issues/241
+# https://github.com/nim-lang/c2nim/issues/242
+
+[[ $(c2nim -v) == "0.9.18" ]] || echo "Different c2nim used, check the code"
+c2nim --header --importc --nep1 --prefix:br_ --prefix:BR_ --skipinclude --cdecl --skipcomments gen/*.h
+
+rm gen/*.h
+
+# Fix cosmetic and ease-of-use issues
+sed -i \
+  -e "s/int16T/int16/g" \
+  -e "s/int32T/int32/g" \
+  -e "s/int64T/int64/g" \
+  -e "s/cuchar/byte/g" \
+  -e "s/cdecl/importcFunc/g" \
+  -e "s/csize_t/uint/g" \
+  gen/*.nim
+
+# The functions taking a "Context" don't allow `nil` being passed to them - use
+# `var` instead - ditto for "output" parameters like length
+sed -i \
+  -e 's/ctx: ptr \(.*\)Context/ctx: var \1Context/g' \
+  -e 's/ctx: ptr \(.*\)Keys/ctx: var \1Keys/g' \
+  -e 's/hc: ptr \(.*\)Context/hc: var \1Context/g' \
+  -e 's/sc: ptr \(.*\)Context/sc: var \1Context/g' \
+  -e 's/cc: ptr \(.*\)Context/cc: var \1Context/g' \
+  -e 's/kc: ptr \(.*\)Context/kc: var \1Context/g' \
+  -e 's/xwc: ptr \(.*\)Context/xwc: var \1Context/g' \
+  -e 's/len: ptr uint/len: var uint/g' \
+  gen/*.nim

tests/test_hash.nim

@@ -1,6 +1,8 @@
 import std/[strutils, sequtils],
   unittest2,
-  ../bearssl
+  ../bearssl/hash
+
+{.used.}
 
 suite "Hashing":
   test "MD5":
@@ -25,7 +27,7 @@ suite "Hashing":
         ctx = Md5Context()
         res: array[md5SIZE, uint8]
 
-      md5Init(addr ctx)
-      md5Update(addr ctx, input[i].cstring, input[i].len)
-      md5Out(addr ctx, addr res[0])
+      md5Init(ctx)
+      md5Update(ctx, input[i].cstring, uint input[i].len)
+      md5Out(ctx, addr res[0])
       check res.foldl(a & b.toHex(), "").toLower() == output[i]

tests/test_import.nim

@@ -0,0 +1,11 @@
+# Test the full thing, given we do lots of compile and import tricks
+
+import ../bearssl
+
+# TODO doesn't work from C++ due to missing `export "C"`
+# discard getConfig()
+
+# TODO doesn't work from C++ due to `const`:ness issues
+# discard ecGetDefault()
+
+discard ghashPwr8Get()