#### fiat-p256

`fiat-p256`

contains primitives for ECDH key exchange algorithm over NIST curve P-256.

It internally uses bindings to C code generated using the correct-by-construction implementations from

fiat-crypto.

Please be aware that cryptographic primitives should not be used in end applications, they are better

used as part of a higher level cryptographic library.

### Installation

`fiat-p256`

is available on opam and can be install as follows:

```
opam install fiat-p256
```

### Usage

The entry point to this library is the `Fiat_p256`

module and the main function is `dh`

which let

you perform a key exchange given your private key `scalar`

and the other party's public key `point`

:

```
let secret = Fiat_p256.dh ~scalar ~point
```

Note that the `point`

values built or parsed using `Fiat_p256`

's interface are checked

according to NIST's

Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography

section *5.6.2.3.2* so that you shouldn't be able to provide an invalid point or the point at

infinity to the functions exposed in this module.

You can also compute the public P-256 key corresponding to your private key `scalar`

using the `public`

function:

```
let public_key = Fiat_p256.public ~scalar
```

Note that the `scalar`

values parsed using `Fiat_p256`

's interface must be within P-256's generator

subgroup order range so that your public key can't be the point at infinity. Any scalar not in the

range `[1 - (n-1)]`

, `n`

being the group order, will be rejected.

sha256=e294aa1f920205da2c9f0ab909e2755b070702cb4fdb47a94b9c18e55cdf774d

sha512=36f55cd9a9a7d11fe1c29a19a0e14b0354da7e8e0c2ae460f754c8f4646bcd57fa26270078d9c66e211c6ad352ff75b560923594a5ad5f2e4ff7f5298c96668e

with-test & >= "1.6.0"

with-test

>= "1.6.0"

>= "3.5.0" & < "6.1.0"

with-test

with-test & < "1.4.0"

>= "0.12.0" & < "0.13.0"