Mirage_crypto_ec.Ed25519Curve 25519 DSA, also known as Ed25519.
priv_of_cstruct cs decodes a private key from the buffer cs. If the provided data is invalid, an error is returned.
val priv_to_cstruct : priv -> Cstruct.tpriv_to_cstruct p encode the private key p to a buffer.
pub_of_cstruct cs decodes a public key from the buffer cs. If the provided data is invalid, an error is returned.
val pub_to_cstruct : pub -> Cstruct.tpub_to_cstruct p encodes the public key p into a buffer.
val generate : ?g:Mirage_crypto_rng.g -> unit -> priv * pubgenerate ~g () generates a key pair.
val sign : key:priv -> Cstruct.t -> Cstruct.tsign ~key msg signs the message msg using the private key. The result is the concatenation of r and s, as specified in RFC 8032.
val verify : key:pub -> Cstruct.t -> msg:Cstruct.t -> boolverify ~key signature msg verifies the signature on the message msg with the public key. The return value is true if verification was successful, false otherwise.
Mirage_crypto_ec.Ed25519Curve 25519 DSA, also known as Ed25519.
priv_of_octets buf decodes a private key from the buffer buf. If the provided data is invalid, an error is returned.
val priv_to_octets : priv -> stringpriv_to_octets p encode the private key p to a buffer.
pub_of_octets buf decodes a public key from the buffer buf. If the provided data is invalid, an error is returned.
val pub_to_octets : pub -> stringpub_to_octets p encodes the public key p into a buffer.
val generate : ?g:Mirage_crypto_rng.g -> unit -> priv * pubgenerate ~g () generates a key pair.
val sign : key:priv -> string -> stringsign ~key msg signs the message msg using the private key. The result is the concatenation of r and s, as specified in RFC 8032.
val verify : key:pub -> string -> msg:string -> boolverify ~key signature msg verifies the signature on the message msg with the public key. The return value is true if verification was successful, false otherwise.
P224.DhDiffie-Hellman key exchange.
secret_of_cs ~compress secret decodes the provided buffer as secret. If compress is provided and true (defaults to false), the shared part will be compressed. May result in an error if the buffer had an invalid length or was not in bounds.
val gen_key :
- ?compress:bool ->
- ?g:Mirage_crypto_rng.g ->
- unit ->
- secret * Cstruct.tgen_key ~compress ~g () generates a private and a public key for Ephemeral Diffie-Hellman. If compress is provided and true (defaults to false), the shared part will be compressed. The returned key pair MUST only be used for a single key exchange.
The generated private key is checked to be greater than zero and lower than the group order meaning the public key cannot be the point at inifinity.
key_exchange secret received_public_key performs Diffie-Hellman key exchange using your secret and the data received from the other party. Returns the shared secret or an error if the received data is wrongly encoded, doesn't represent a point on the curve or represent the point at infinity.
The shared secret is returned as is i.e. not stripped from leading 0x00 bytes.
The public key encoding is described in SEC 1 from SECG.
K_gen.Hval empty : tempty is the hash of the empty string.
feed t msg adds the information in msg to t.
feed is analogous to appending: feed (feed t msg1) msg2 = feed t (Cstruct.append msg1 msg2).
val get : t -> Mirage_crypto.Hash.digestget t is the digest corresponding to t.
val hmac_empty : key:Cstruct.t -> hmachmac ~key is the hmac of the empty string using key key.
val hmac_get : hmac -> Mirage_crypto.Hash.digesthmac_get hmac is the hmac corresponding to hmac.
Functions that operate on data stored in a single chunk.
val digest : Cstruct.t -> Mirage_crypto.Hash.digestdigest msg is the digest of msg.
digest msg = get (feed empty msg)
val hmac : key:Cstruct.t -> Cstruct.t -> Mirage_crypto.Hash.digesthmac ~key bytes is the authentication code for bytes under the secret key, generated using the standard HMAC construction over this hash algorithm.
Functions that operate on arbitrary iterators. They can serve as a basis for other, more specialized aggregate hashing operations.
These functions are a little faster than using feed directly.
val feedi : t -> Cstruct.t Mirage_crypto.Hash.iter -> tfeedi t iter =
- (let r = ref t in iter (fun msg -> r := feed !r msg); !r)
val digesti : Cstruct.t Mirage_crypto.Hash.iter -> Mirage_crypto.Hash.digestdigesti iter = feedi empty iter |> get
val hmaci :
- key:Cstruct.t ->
- Cstruct.t Mirage_crypto.Hash.iter ->
- Mirage_crypto.Hash.digestSee hmac.
Dsa.K_genK_gen can be instantiated over a hashing module to obtain an RFC6979 compliant k-generator for that hash.
module H : Mirage_crypto.Hash.Sval generate : key:priv -> Cstruct.t -> Cstruct.tgenerate ~key digest deterministically takes the given private key and message digest to a k suitable for seeding the signing process.
Dsa.PrecomputeOperations to precompute useful data meant to be hardcoded in mirage-crypto-ec before compilation
P224.DsaDigital signature algorithm.
priv_of_cstruct cs decodes a private key from the buffer cs. If the provided data is invalid, an error is returned.
val priv_to_cstruct : priv -> Cstruct.tpriv_to_cstruct p encode the private key p to a buffer.
pub_of_cstruct cs decodes a public key from the buffer cs. If the provided data is invalid, an error is returned.
val pub_to_cstruct : ?compress:bool -> pub -> Cstruct.tpub_to_cstruct ~compress p encodes the public key p into a buffer. If compress is provided and true (default false), the compressed representation is returned.
val generate : ?g:Mirage_crypto_rng.g -> unit -> priv * pubgenerate ~g () generates a key pair.
val sign : key:priv -> ?k:Cstruct.t -> Cstruct.t -> Cstruct.t * Cstruct.tsign ~key ~k digest signs the message digest using the private key. The digest is not processed further - it should be the hash of the message to sign. If k is not provided, it is computed using the deterministic construction from RFC 6979. The result is a pair of r and s.
Warning: there are attacks that recover the private key from a power and timing analysis of the RFC 6979 computation of k - thus it is advised to provide a good nonce (k) explicitly, which is independent of key and digest.
val verify : key:pub -> (Cstruct.t * Cstruct.t) -> Cstruct.t -> boolverify ~key (r, s) digest verifies the signature r, s on the message digest with the public key. The return value is true if verification was successful, false otherwise. If the message has more bits than the group order, the result is false.
module K_gen (H : Mirage_crypto.Hash.S) : sig ... endK_gen can be instantiated over a hashing module to obtain an RFC6979 compliant k-generator for that hash.
module Precompute : sig ... endOperations to precompute useful data meant to be hardcoded in mirage-crypto-ec before compilation
Mirage_crypto_ec.P224The NIST P-224 curve, also known as SECP224R1. Please note that decompression is not supported for P-224 public keys.
P256.DhDiffie-Hellman key exchange.
val secret_of_cs :
+Dh (mirage-crypto-ec.Mirage_crypto_ec.P256.Dh) Module P256.Dh
Diffie-Hellman key exchange.
secret_of_cs ~compress secret decodes the provided buffer as secret. If compress is provided and true (defaults to false), the shared part will be compressed. May result in an error if the buffer had an invalid length or was not in bounds.
secret_of_octets ~compress secret decodes the provided buffer as secret. If compress is provided and true (defaults to false), the shared part will be compressed. May result in an error if the buffer had an invalid length or was not in bounds.
val gen_key :
?compress:bool ->
?g:Mirage_crypto_rng.g ->
unit ->
- secret * Cstruct.tgen_key ~compress ~g () generates a private and a public key for Ephemeral Diffie-Hellman. If compress is provided and true (defaults to false), the shared part will be compressed. The returned key pair MUST only be used for a single key exchange.
The generated private key is checked to be greater than zero and lower than the group order meaning the public key cannot be the point at inifinity.
key_exchange secret received_public_key performs Diffie-Hellman key exchange using your secret and the data received from the other party. Returns the shared secret or an error if the received data is wrongly encoded, doesn't represent a point on the curve or represent the point at infinity.
The shared secret is returned as is i.e. not stripped from leading 0x00 bytes.
The public key encoding is described in SEC 1 from SECG.
+ secret * stringgen_key ~compress ~g () generates a private and a public key for Ephemeral Diffie-Hellman. If compress is provided and true (defaults to false), the shared part will be compressed. The returned key pair MUST only be used for a single key exchange.
The generated private key is checked to be greater than zero and lower than the group order meaning the public key cannot be the point at inifinity.
key_exchange secret received_public_key performs Diffie-Hellman key exchange using your secret and the data received from the other party. Returns the shared secret or an error if the received data is wrongly encoded, doesn't represent a point on the curve or represent the point at infinity.
The shared secret is returned as is i.e. not stripped from leading 0x00 bytes.
The public key encoding is described in SEC 1 from SECG.
K_gen.Hval empty : tempty is the hash of the empty string.
feed t msg adds the information in msg to t.
feed is analogous to appending: feed (feed t msg1) msg2 = feed t (Cstruct.append msg1 msg2).
val get : t -> Mirage_crypto.Hash.digestget t is the digest corresponding to t.
val hmac_empty : key:Cstruct.t -> hmachmac ~key is the hmac of the empty string using key key.
val hmac_get : hmac -> Mirage_crypto.Hash.digesthmac_get hmac is the hmac corresponding to hmac.
Functions that operate on data stored in a single chunk.
val digest : Cstruct.t -> Mirage_crypto.Hash.digestdigest msg is the digest of msg.
digest msg = get (feed empty msg)
val hmac : key:Cstruct.t -> Cstruct.t -> Mirage_crypto.Hash.digesthmac ~key bytes is the authentication code for bytes under the secret key, generated using the standard HMAC construction over this hash algorithm.
Functions that operate on arbitrary iterators. They can serve as a basis for other, more specialized aggregate hashing operations.
These functions are a little faster than using feed directly.
val feedi : t -> Cstruct.t Mirage_crypto.Hash.iter -> tfeedi t iter =
- (let r = ref t in iter (fun msg -> r := feed !r msg); !r)
val digesti : Cstruct.t Mirage_crypto.Hash.iter -> Mirage_crypto.Hash.digestdigesti iter = feedi empty iter |> get
val hmaci :
- key:Cstruct.t ->
- Cstruct.t Mirage_crypto.Hash.iter ->
- Mirage_crypto.Hash.digestSee hmac.
Dsa.K_genK_gen can be instantiated over a hashing module to obtain an RFC6979 compliant k-generator for that hash.
module H : Mirage_crypto.Hash.Sval generate : key:priv -> Cstruct.t -> Cstruct.tgenerate ~key digest deterministically takes the given private key and message digest to a k suitable for seeding the signing process.
Dsa.K_genK_gen can be instantiated over a hashing module to obtain an RFC6979 compliant k-generator for that hash.
val generate : key:priv -> string -> stringgenerate ~key digest deterministically takes the given private key and message digest to a k suitable for seeding the signing process.
Dsa.PrecomputeOperations to precompute useful data meant to be hardcoded in mirage-crypto-ec before compilation
Dsa.PrecomputeOperations to precompute useful data meant to be hardcoded in mirage-crypto-ec before compilation
P256.DsaDigital signature algorithm.
priv_of_cstruct cs decodes a private key from the buffer cs. If the provided data is invalid, an error is returned.
val priv_to_cstruct : priv -> Cstruct.tpriv_to_cstruct p encode the private key p to a buffer.
pub_of_cstruct cs decodes a public key from the buffer cs. If the provided data is invalid, an error is returned.
val pub_to_cstruct : ?compress:bool -> pub -> Cstruct.tpub_to_cstruct ~compress p encodes the public key p into a buffer. If compress is provided and true (default false), the compressed representation is returned.
val generate : ?g:Mirage_crypto_rng.g -> unit -> priv * pubgenerate ~g () generates a key pair.
val sign : key:priv -> ?k:Cstruct.t -> Cstruct.t -> Cstruct.t * Cstruct.tsign ~key ~k digest signs the message digest using the private key. The digest is not processed further - it should be the hash of the message to sign. If k is not provided, it is computed using the deterministic construction from RFC 6979. The result is a pair of r and s.
Warning: there are attacks that recover the private key from a power and timing analysis of the RFC 6979 computation of k - thus it is advised to provide a good nonce (k) explicitly, which is independent of key and digest.
val verify : key:pub -> (Cstruct.t * Cstruct.t) -> Cstruct.t -> boolverify ~key (r, s) digest verifies the signature r, s on the message digest with the public key. The return value is true if verification was successful, false otherwise. If the message has more bits than the group order, the result is false.
module K_gen (H : Mirage_crypto.Hash.S) : sig ... endK_gen can be instantiated over a hashing module to obtain an RFC6979 compliant k-generator for that hash.
module Precompute : sig ... endOperations to precompute useful data meant to be hardcoded in mirage-crypto-ec before compilation
P256.DsaDigital signature algorithm.
priv_of_octets buf decodes a private key from the buffer buf. If the provided data is invalid, an error is returned.
val priv_to_octets : priv -> stringpriv_to_octets p encode the private key p to a buffer.
pub_of_octets buf decodes a public key from the buffer buf. If the provided data is invalid, an error is returned.
val pub_to_octets : ?compress:bool -> pub -> stringpub_to_octets ~compress p encodes the public key p into a buffer. If compress is provided and true (default false), the compressed representation is returned.
val generate : ?g:Mirage_crypto_rng.g -> unit -> priv * pubgenerate ~g () generates a key pair.
val sign : key:priv -> ?k:string -> string -> string * stringsign ~key ~k digest signs the message digest using the private key. The digest is not processed further - it should be the hash of the message to sign. If k is not provided, it is computed using the deterministic construction from RFC 6979. The result is a pair of r and s.
Warning: there are attacks that recover the private key from a power and timing analysis of the RFC 6979 computation of k - thus it is advised to provide a good nonce (k) explicitly, which is independent of key and digest.
val verify : key:pub -> (string * string) -> string -> boolverify ~key (r, s) digest verifies the signature r, s on the message digest with the public key. The return value is true if verification was successful, false otherwise. If the message has more bits than the group order, the result is false.
K_gen can be instantiated over a hashing module to obtain an RFC6979 compliant k-generator for that hash.
module Precompute : sig ... endOperations to precompute useful data meant to be hardcoded in mirage-crypto-ec before compilation
Mirage_crypto_ec.P256The NIST P-256 curve, also known as SECP256R1.
Mirage_crypto_ec.P256The NIST P-256 curve, also known as SECP256R1.
P384.DhDiffie-Hellman key exchange.
val secret_of_cs :
+Dh (mirage-crypto-ec.Mirage_crypto_ec.P384.Dh) Module P384.Dh
Diffie-Hellman key exchange.
secret_of_cs ~compress secret decodes the provided buffer as secret. If compress is provided and true (defaults to false), the shared part will be compressed. May result in an error if the buffer had an invalid length or was not in bounds.
secret_of_octets ~compress secret decodes the provided buffer as secret. If compress is provided and true (defaults to false), the shared part will be compressed. May result in an error if the buffer had an invalid length or was not in bounds.
val gen_key :
?compress:bool ->
?g:Mirage_crypto_rng.g ->
unit ->
- secret * Cstruct.tgen_key ~compress ~g () generates a private and a public key for Ephemeral Diffie-Hellman. If compress is provided and true (defaults to false), the shared part will be compressed. The returned key pair MUST only be used for a single key exchange.
The generated private key is checked to be greater than zero and lower than the group order meaning the public key cannot be the point at inifinity.
key_exchange secret received_public_key performs Diffie-Hellman key exchange using your secret and the data received from the other party. Returns the shared secret or an error if the received data is wrongly encoded, doesn't represent a point on the curve or represent the point at infinity.
The shared secret is returned as is i.e. not stripped from leading 0x00 bytes.
The public key encoding is described in SEC 1 from SECG.
+ secret * stringgen_key ~compress ~g () generates a private and a public key for Ephemeral Diffie-Hellman. If compress is provided and true (defaults to false), the shared part will be compressed. The returned key pair MUST only be used for a single key exchange.
The generated private key is checked to be greater than zero and lower than the group order meaning the public key cannot be the point at inifinity.
key_exchange secret received_public_key performs Diffie-Hellman key exchange using your secret and the data received from the other party. Returns the shared secret or an error if the received data is wrongly encoded, doesn't represent a point on the curve or represent the point at infinity.
The shared secret is returned as is i.e. not stripped from leading 0x00 bytes.
The public key encoding is described in SEC 1 from SECG.
K_gen.Hval empty : tempty is the hash of the empty string.
feed t msg adds the information in msg to t.
feed is analogous to appending: feed (feed t msg1) msg2 = feed t (Cstruct.append msg1 msg2).
val get : t -> Mirage_crypto.Hash.digestget t is the digest corresponding to t.
val hmac_empty : key:Cstruct.t -> hmachmac ~key is the hmac of the empty string using key key.
val hmac_get : hmac -> Mirage_crypto.Hash.digesthmac_get hmac is the hmac corresponding to hmac.
Functions that operate on data stored in a single chunk.
val digest : Cstruct.t -> Mirage_crypto.Hash.digestdigest msg is the digest of msg.
digest msg = get (feed empty msg)
val hmac : key:Cstruct.t -> Cstruct.t -> Mirage_crypto.Hash.digesthmac ~key bytes is the authentication code for bytes under the secret key, generated using the standard HMAC construction over this hash algorithm.
Functions that operate on arbitrary iterators. They can serve as a basis for other, more specialized aggregate hashing operations.
These functions are a little faster than using feed directly.
val feedi : t -> Cstruct.t Mirage_crypto.Hash.iter -> tfeedi t iter =
- (let r = ref t in iter (fun msg -> r := feed !r msg); !r)
val digesti : Cstruct.t Mirage_crypto.Hash.iter -> Mirage_crypto.Hash.digestdigesti iter = feedi empty iter |> get
val hmaci :
- key:Cstruct.t ->
- Cstruct.t Mirage_crypto.Hash.iter ->
- Mirage_crypto.Hash.digestSee hmac.
Dsa.K_genK_gen can be instantiated over a hashing module to obtain an RFC6979 compliant k-generator for that hash.
module H : Mirage_crypto.Hash.Sval generate : key:priv -> Cstruct.t -> Cstruct.tgenerate ~key digest deterministically takes the given private key and message digest to a k suitable for seeding the signing process.
Dsa.K_genK_gen can be instantiated over a hashing module to obtain an RFC6979 compliant k-generator for that hash.
val generate : key:priv -> string -> stringgenerate ~key digest deterministically takes the given private key and message digest to a k suitable for seeding the signing process.
Dsa.PrecomputeOperations to precompute useful data meant to be hardcoded in mirage-crypto-ec before compilation
Dsa.PrecomputeOperations to precompute useful data meant to be hardcoded in mirage-crypto-ec before compilation
P384.DsaDigital signature algorithm.
priv_of_cstruct cs decodes a private key from the buffer cs. If the provided data is invalid, an error is returned.
val priv_to_cstruct : priv -> Cstruct.tpriv_to_cstruct p encode the private key p to a buffer.
pub_of_cstruct cs decodes a public key from the buffer cs. If the provided data is invalid, an error is returned.
val pub_to_cstruct : ?compress:bool -> pub -> Cstruct.tpub_to_cstruct ~compress p encodes the public key p into a buffer. If compress is provided and true (default false), the compressed representation is returned.
val generate : ?g:Mirage_crypto_rng.g -> unit -> priv * pubgenerate ~g () generates a key pair.
val sign : key:priv -> ?k:Cstruct.t -> Cstruct.t -> Cstruct.t * Cstruct.tsign ~key ~k digest signs the message digest using the private key. The digest is not processed further - it should be the hash of the message to sign. If k is not provided, it is computed using the deterministic construction from RFC 6979. The result is a pair of r and s.
Warning: there are attacks that recover the private key from a power and timing analysis of the RFC 6979 computation of k - thus it is advised to provide a good nonce (k) explicitly, which is independent of key and digest.
val verify : key:pub -> (Cstruct.t * Cstruct.t) -> Cstruct.t -> boolverify ~key (r, s) digest verifies the signature r, s on the message digest with the public key. The return value is true if verification was successful, false otherwise. If the message has more bits than the group order, the result is false.
module K_gen (H : Mirage_crypto.Hash.S) : sig ... endK_gen can be instantiated over a hashing module to obtain an RFC6979 compliant k-generator for that hash.
module Precompute : sig ... endOperations to precompute useful data meant to be hardcoded in mirage-crypto-ec before compilation
P384.DsaDigital signature algorithm.
priv_of_octets buf decodes a private key from the buffer buf. If the provided data is invalid, an error is returned.
val priv_to_octets : priv -> stringpriv_to_octets p encode the private key p to a buffer.
pub_of_octets buf decodes a public key from the buffer buf. If the provided data is invalid, an error is returned.
val pub_to_octets : ?compress:bool -> pub -> stringpub_to_octets ~compress p encodes the public key p into a buffer. If compress is provided and true (default false), the compressed representation is returned.
val generate : ?g:Mirage_crypto_rng.g -> unit -> priv * pubgenerate ~g () generates a key pair.
val sign : key:priv -> ?k:string -> string -> string * stringsign ~key ~k digest signs the message digest using the private key. The digest is not processed further - it should be the hash of the message to sign. If k is not provided, it is computed using the deterministic construction from RFC 6979. The result is a pair of r and s.
Warning: there are attacks that recover the private key from a power and timing analysis of the RFC 6979 computation of k - thus it is advised to provide a good nonce (k) explicitly, which is independent of key and digest.
val verify : key:pub -> (string * string) -> string -> boolverify ~key (r, s) digest verifies the signature r, s on the message digest with the public key. The return value is true if verification was successful, false otherwise. If the message has more bits than the group order, the result is false.
K_gen can be instantiated over a hashing module to obtain an RFC6979 compliant k-generator for that hash.
module Precompute : sig ... endOperations to precompute useful data meant to be hardcoded in mirage-crypto-ec before compilation
Mirage_crypto_ec.P384The NIST P-384 curve, also known as SECP384R1.
Mirage_crypto_ec.P384The NIST P-384 curve, also known as SECP384R1.
P521.DhDiffie-Hellman key exchange.
val secret_of_cs :
+Dh (mirage-crypto-ec.Mirage_crypto_ec.P521.Dh) Module P521.Dh
Diffie-Hellman key exchange.
secret_of_cs ~compress secret decodes the provided buffer as secret. If compress is provided and true (defaults to false), the shared part will be compressed. May result in an error if the buffer had an invalid length or was not in bounds.
secret_of_octets ~compress secret decodes the provided buffer as secret. If compress is provided and true (defaults to false), the shared part will be compressed. May result in an error if the buffer had an invalid length or was not in bounds.
val gen_key :
?compress:bool ->
?g:Mirage_crypto_rng.g ->
unit ->
- secret * Cstruct.tgen_key ~compress ~g () generates a private and a public key for Ephemeral Diffie-Hellman. If compress is provided and true (defaults to false), the shared part will be compressed. The returned key pair MUST only be used for a single key exchange.
The generated private key is checked to be greater than zero and lower than the group order meaning the public key cannot be the point at inifinity.
key_exchange secret received_public_key performs Diffie-Hellman key exchange using your secret and the data received from the other party. Returns the shared secret or an error if the received data is wrongly encoded, doesn't represent a point on the curve or represent the point at infinity.
The shared secret is returned as is i.e. not stripped from leading 0x00 bytes.
The public key encoding is described in SEC 1 from SECG.
+ secret * stringgen_key ~compress ~g () generates a private and a public key for Ephemeral Diffie-Hellman. If compress is provided and true (defaults to false), the shared part will be compressed. The returned key pair MUST only be used for a single key exchange.
The generated private key is checked to be greater than zero and lower than the group order meaning the public key cannot be the point at inifinity.
key_exchange secret received_public_key performs Diffie-Hellman key exchange using your secret and the data received from the other party. Returns the shared secret or an error if the received data is wrongly encoded, doesn't represent a point on the curve or represent the point at infinity.
The shared secret is returned as is i.e. not stripped from leading 0x00 bytes.
The public key encoding is described in SEC 1 from SECG.
K_gen.Hval empty : tempty is the hash of the empty string.
feed t msg adds the information in msg to t.
feed is analogous to appending: feed (feed t msg1) msg2 = feed t (Cstruct.append msg1 msg2).
val get : t -> Mirage_crypto.Hash.digestget t is the digest corresponding to t.
val hmac_empty : key:Cstruct.t -> hmachmac ~key is the hmac of the empty string using key key.
val hmac_get : hmac -> Mirage_crypto.Hash.digesthmac_get hmac is the hmac corresponding to hmac.
Functions that operate on data stored in a single chunk.
val digest : Cstruct.t -> Mirage_crypto.Hash.digestdigest msg is the digest of msg.
digest msg = get (feed empty msg)
val hmac : key:Cstruct.t -> Cstruct.t -> Mirage_crypto.Hash.digesthmac ~key bytes is the authentication code for bytes under the secret key, generated using the standard HMAC construction over this hash algorithm.
Functions that operate on arbitrary iterators. They can serve as a basis for other, more specialized aggregate hashing operations.
These functions are a little faster than using feed directly.
val feedi : t -> Cstruct.t Mirage_crypto.Hash.iter -> tfeedi t iter =
- (let r = ref t in iter (fun msg -> r := feed !r msg); !r)
val digesti : Cstruct.t Mirage_crypto.Hash.iter -> Mirage_crypto.Hash.digestdigesti iter = feedi empty iter |> get
val hmaci :
- key:Cstruct.t ->
- Cstruct.t Mirage_crypto.Hash.iter ->
- Mirage_crypto.Hash.digestSee hmac.
Dsa.K_genK_gen can be instantiated over a hashing module to obtain an RFC6979 compliant k-generator for that hash.
module H : Mirage_crypto.Hash.Sval generate : key:priv -> Cstruct.t -> Cstruct.tgenerate ~key digest deterministically takes the given private key and message digest to a k suitable for seeding the signing process.
Dsa.K_genK_gen can be instantiated over a hashing module to obtain an RFC6979 compliant k-generator for that hash.
val generate : key:priv -> string -> stringgenerate ~key digest deterministically takes the given private key and message digest to a k suitable for seeding the signing process.
Dsa.PrecomputeOperations to precompute useful data meant to be hardcoded in mirage-crypto-ec before compilation
Dsa.PrecomputeOperations to precompute useful data meant to be hardcoded in mirage-crypto-ec before compilation
P521.DsaDigital signature algorithm.
priv_of_cstruct cs decodes a private key from the buffer cs. If the provided data is invalid, an error is returned.
val priv_to_cstruct : priv -> Cstruct.tpriv_to_cstruct p encode the private key p to a buffer.
pub_of_cstruct cs decodes a public key from the buffer cs. If the provided data is invalid, an error is returned.
val pub_to_cstruct : ?compress:bool -> pub -> Cstruct.tpub_to_cstruct ~compress p encodes the public key p into a buffer. If compress is provided and true (default false), the compressed representation is returned.
val generate : ?g:Mirage_crypto_rng.g -> unit -> priv * pubgenerate ~g () generates a key pair.
val sign : key:priv -> ?k:Cstruct.t -> Cstruct.t -> Cstruct.t * Cstruct.tsign ~key ~k digest signs the message digest using the private key. The digest is not processed further - it should be the hash of the message to sign. If k is not provided, it is computed using the deterministic construction from RFC 6979. The result is a pair of r and s.
Warning: there are attacks that recover the private key from a power and timing analysis of the RFC 6979 computation of k - thus it is advised to provide a good nonce (k) explicitly, which is independent of key and digest.
val verify : key:pub -> (Cstruct.t * Cstruct.t) -> Cstruct.t -> boolverify ~key (r, s) digest verifies the signature r, s on the message digest with the public key. The return value is true if verification was successful, false otherwise. If the message has more bits than the group order, the result is false.
module K_gen (H : Mirage_crypto.Hash.S) : sig ... endK_gen can be instantiated over a hashing module to obtain an RFC6979 compliant k-generator for that hash.
module Precompute : sig ... endOperations to precompute useful data meant to be hardcoded in mirage-crypto-ec before compilation
P521.DsaDigital signature algorithm.
priv_of_octets buf decodes a private key from the buffer buf. If the provided data is invalid, an error is returned.
val priv_to_octets : priv -> stringpriv_to_octets p encode the private key p to a buffer.
pub_of_octets buf decodes a public key from the buffer buf. If the provided data is invalid, an error is returned.
val pub_to_octets : ?compress:bool -> pub -> stringpub_to_octets ~compress p encodes the public key p into a buffer. If compress is provided and true (default false), the compressed representation is returned.
val generate : ?g:Mirage_crypto_rng.g -> unit -> priv * pubgenerate ~g () generates a key pair.
val sign : key:priv -> ?k:string -> string -> string * stringsign ~key ~k digest signs the message digest using the private key. The digest is not processed further - it should be the hash of the message to sign. If k is not provided, it is computed using the deterministic construction from RFC 6979. The result is a pair of r and s.
Warning: there are attacks that recover the private key from a power and timing analysis of the RFC 6979 computation of k - thus it is advised to provide a good nonce (k) explicitly, which is independent of key and digest.
val verify : key:pub -> (string * string) -> string -> boolverify ~key (r, s) digest verifies the signature r, s on the message digest with the public key. The return value is true if verification was successful, false otherwise. If the message has more bits than the group order, the result is false.
K_gen can be instantiated over a hashing module to obtain an RFC6979 compliant k-generator for that hash.
module Precompute : sig ... endOperations to precompute useful data meant to be hardcoded in mirage-crypto-ec before compilation
Mirage_crypto_ec.P521The NIST P-521 curve, also known as SECP521R1.
Mirage_crypto_ec.P521The NIST P-521 curve, also known as SECP521R1.
Mirage_crypto_ec.X25519Curve 25519 Diffie-Hellman, also known as X25519.
val secret_of_cs :
+X25519 (mirage-crypto-ec.Mirage_crypto_ec.X25519) Module Mirage_crypto_ec.X25519
Curve 25519 Diffie-Hellman, also known as X25519.
secret_of_cs ~compress secret decodes the provided buffer as secret. If compress is provided and true (defaults to false), the shared part will be compressed. May result in an error if the buffer had an invalid length or was not in bounds.
secret_of_octets ~compress secret decodes the provided buffer as secret. If compress is provided and true (defaults to false), the shared part will be compressed. May result in an error if the buffer had an invalid length or was not in bounds.
val gen_key :
?compress:bool ->
?g:Mirage_crypto_rng.g ->
unit ->
- secret * Cstruct.tgen_key ~compress ~g () generates a private and a public key for Ephemeral Diffie-Hellman. If compress is provided and true (defaults to false), the shared part will be compressed. The returned key pair MUST only be used for a single key exchange.
The generated private key is checked to be greater than zero and lower than the group order meaning the public key cannot be the point at inifinity.
key_exchange secret received_public_key performs Diffie-Hellman key exchange using your secret and the data received from the other party. Returns the shared secret or an error if the received data is wrongly encoded, doesn't represent a point on the curve or represent the point at infinity.
The shared secret is returned as is i.e. not stripped from leading 0x00 bytes.
The public key encoding is described in SEC 1 from SECG.
+ secret * stringgen_key ~compress ~g () generates a private and a public key for Ephemeral Diffie-Hellman. If compress is provided and true (defaults to false), the shared part will be compressed. The returned key pair MUST only be used for a single key exchange.
The generated private key is checked to be greater than zero and lower than the group order meaning the public key cannot be the point at inifinity.
key_exchange secret received_public_key performs Diffie-Hellman key exchange using your secret and the data received from the other party. Returns the shared secret or an error if the received data is wrongly encoded, doesn't represent a point on the curve or represent the point at infinity.
The shared secret is returned as is i.e. not stripped from leading 0x00 bytes.
The public key encoding is described in SEC 1 from SECG.
Mirage_crypto_ecMirage-crypto-ec implements public key cryptography with named elliptic curves. Ephemeral key exchanges with Diffie-Hellman and digital signatures (ECDSA) are implemented.
The arithmetic operations uses code generated by fiat-crypto which is proven to consume a constant amount of time, independent of the input values.
val pp_error : Stdlib.Format.formatter -> error -> unitPretty printer for errors
module type Dh = sig ... endDiffie-Hellman key exchange.
module type Dsa = sig ... endDigital signature algorithm.
module type Dh_dsa = sig ... endElliptic curve with Diffie-Hellman and DSA.
The NIST P-224 curve, also known as SECP224R1. Please note that decompression is not supported for P-224 public keys.
module Ed25519 : sig ... endCurve 25519 DSA, also known as Ed25519.
Mirage_crypto_ecMirage-crypto-ec implements public key cryptography with named elliptic curves. Ephemeral key exchanges with Diffie-Hellman and digital signatures (ECDSA) are implemented.
The arithmetic operations uses code generated by fiat-crypto which is proven to consume a constant amount of time, independent of the input values.
val pp_error : Stdlib.Format.formatter -> error -> unitPretty printer for errors
module type Dh = sig ... endDiffie-Hellman key exchange.
module type Dsa = sig ... endDigital signature algorithm.
module type Dh_dsa = sig ... endElliptic curve with Diffie-Hellman and DSA.
module Ed25519 : sig ... endCurve 25519 DSA, also known as Ed25519.
Mirage_crypto_ec.DhDiffie-Hellman key exchange.
val secret_of_cs :
+Dh (mirage-crypto-ec.Mirage_crypto_ec.Dh) Module type Mirage_crypto_ec.Dh
Diffie-Hellman key exchange.
secret_of_cs ~compress secret decodes the provided buffer as secret. If compress is provided and true (defaults to false), the shared part will be compressed. May result in an error if the buffer had an invalid length or was not in bounds.
secret_of_octets ~compress secret decodes the provided buffer as secret. If compress is provided and true (defaults to false), the shared part will be compressed. May result in an error if the buffer had an invalid length or was not in bounds.
val gen_key :
?compress:bool ->
?g:Mirage_crypto_rng.g ->
unit ->
- secret * Cstruct.tgen_key ~compress ~g () generates a private and a public key for Ephemeral Diffie-Hellman. If compress is provided and true (defaults to false), the shared part will be compressed. The returned key pair MUST only be used for a single key exchange.
The generated private key is checked to be greater than zero and lower than the group order meaning the public key cannot be the point at inifinity.
key_exchange secret received_public_key performs Diffie-Hellman key exchange using your secret and the data received from the other party. Returns the shared secret or an error if the received data is wrongly encoded, doesn't represent a point on the curve or represent the point at infinity.
The shared secret is returned as is i.e. not stripped from leading 0x00 bytes.
The public key encoding is described in SEC 1 from SECG.
+ secret * stringgen_key ~compress ~g () generates a private and a public key for Ephemeral Diffie-Hellman. If compress is provided and true (defaults to false), the shared part will be compressed. The returned key pair MUST only be used for a single key exchange.
The generated private key is checked to be greater than zero and lower than the group order meaning the public key cannot be the point at inifinity.
key_exchange secret received_public_key performs Diffie-Hellman key exchange using your secret and the data received from the other party. Returns the shared secret or an error if the received data is wrongly encoded, doesn't represent a point on the curve or represent the point at infinity.
The shared secret is returned as is i.e. not stripped from leading 0x00 bytes.
The public key encoding is described in SEC 1 from SECG.
Dh_dsa.DhDiffie-Hellman key exchange.
val secret_of_cs :
+Dh (mirage-crypto-ec.Mirage_crypto_ec.Dh_dsa.Dh) Module Dh_dsa.Dh
Diffie-Hellman key exchange.
secret_of_cs ~compress secret decodes the provided buffer as secret. If compress is provided and true (defaults to false), the shared part will be compressed. May result in an error if the buffer had an invalid length or was not in bounds.
secret_of_octets ~compress secret decodes the provided buffer as secret. If compress is provided and true (defaults to false), the shared part will be compressed. May result in an error if the buffer had an invalid length or was not in bounds.
val gen_key :
?compress:bool ->
?g:Mirage_crypto_rng.g ->
unit ->
- secret * Cstruct.tgen_key ~compress ~g () generates a private and a public key for Ephemeral Diffie-Hellman. If compress is provided and true (defaults to false), the shared part will be compressed. The returned key pair MUST only be used for a single key exchange.
The generated private key is checked to be greater than zero and lower than the group order meaning the public key cannot be the point at inifinity.
key_exchange secret received_public_key performs Diffie-Hellman key exchange using your secret and the data received from the other party. Returns the shared secret or an error if the received data is wrongly encoded, doesn't represent a point on the curve or represent the point at infinity.
The shared secret is returned as is i.e. not stripped from leading 0x00 bytes.
The public key encoding is described in SEC 1 from SECG.
+ secret * stringgen_key ~compress ~g () generates a private and a public key for Ephemeral Diffie-Hellman. If compress is provided and true (defaults to false), the shared part will be compressed. The returned key pair MUST only be used for a single key exchange.
The generated private key is checked to be greater than zero and lower than the group order meaning the public key cannot be the point at inifinity.
key_exchange secret received_public_key performs Diffie-Hellman key exchange using your secret and the data received from the other party. Returns the shared secret or an error if the received data is wrongly encoded, doesn't represent a point on the curve or represent the point at infinity.
The shared secret is returned as is i.e. not stripped from leading 0x00 bytes.
The public key encoding is described in SEC 1 from SECG.
K_gen.Hval empty : tempty is the hash of the empty string.
feed t msg adds the information in msg to t.
feed is analogous to appending: feed (feed t msg1) msg2 = feed t (Cstruct.append msg1 msg2).
val get : t -> Mirage_crypto.Hash.digestget t is the digest corresponding to t.
val hmac_empty : key:Cstruct.t -> hmachmac ~key is the hmac of the empty string using key key.
val hmac_get : hmac -> Mirage_crypto.Hash.digesthmac_get hmac is the hmac corresponding to hmac.
Functions that operate on data stored in a single chunk.
val digest : Cstruct.t -> Mirage_crypto.Hash.digestdigest msg is the digest of msg.
digest msg = get (feed empty msg)
val hmac : key:Cstruct.t -> Cstruct.t -> Mirage_crypto.Hash.digesthmac ~key bytes is the authentication code for bytes under the secret key, generated using the standard HMAC construction over this hash algorithm.
Functions that operate on arbitrary iterators. They can serve as a basis for other, more specialized aggregate hashing operations.
These functions are a little faster than using feed directly.
val feedi : t -> Cstruct.t Mirage_crypto.Hash.iter -> tfeedi t iter =
- (let r = ref t in iter (fun msg -> r := feed !r msg); !r)
val digesti : Cstruct.t Mirage_crypto.Hash.iter -> Mirage_crypto.Hash.digestdigesti iter = feedi empty iter |> get
val hmaci :
- key:Cstruct.t ->
- Cstruct.t Mirage_crypto.Hash.iter ->
- Mirage_crypto.Hash.digestSee hmac.
Dsa.K_genK_gen can be instantiated over a hashing module to obtain an RFC6979 compliant k-generator for that hash.
module H : Mirage_crypto.Hash.Sval generate : key:priv -> Cstruct.t -> Cstruct.tgenerate ~key digest deterministically takes the given private key and message digest to a k suitable for seeding the signing process.
Dsa.K_genK_gen can be instantiated over a hashing module to obtain an RFC6979 compliant k-generator for that hash.
val generate : key:priv -> string -> stringgenerate ~key digest deterministically takes the given private key and message digest to a k suitable for seeding the signing process.
Dsa.PrecomputeOperations to precompute useful data meant to be hardcoded in mirage-crypto-ec before compilation
Dsa.PrecomputeOperations to precompute useful data meant to be hardcoded in mirage-crypto-ec before compilation
Dh_dsa.DsaDigital signature algorithm.
priv_of_cstruct cs decodes a private key from the buffer cs. If the provided data is invalid, an error is returned.
val priv_to_cstruct : priv -> Cstruct.tpriv_to_cstruct p encode the private key p to a buffer.
pub_of_cstruct cs decodes a public key from the buffer cs. If the provided data is invalid, an error is returned.
val pub_to_cstruct : ?compress:bool -> pub -> Cstruct.tpub_to_cstruct ~compress p encodes the public key p into a buffer. If compress is provided and true (default false), the compressed representation is returned.
val generate : ?g:Mirage_crypto_rng.g -> unit -> priv * pubgenerate ~g () generates a key pair.
val sign : key:priv -> ?k:Cstruct.t -> Cstruct.t -> Cstruct.t * Cstruct.tsign ~key ~k digest signs the message digest using the private key. The digest is not processed further - it should be the hash of the message to sign. If k is not provided, it is computed using the deterministic construction from RFC 6979. The result is a pair of r and s.
Warning: there are attacks that recover the private key from a power and timing analysis of the RFC 6979 computation of k - thus it is advised to provide a good nonce (k) explicitly, which is independent of key and digest.
val verify : key:pub -> (Cstruct.t * Cstruct.t) -> Cstruct.t -> boolverify ~key (r, s) digest verifies the signature r, s on the message digest with the public key. The return value is true if verification was successful, false otherwise. If the message has more bits than the group order, the result is false.
module K_gen (H : Mirage_crypto.Hash.S) : sig ... endK_gen can be instantiated over a hashing module to obtain an RFC6979 compliant k-generator for that hash.
module Precompute : sig ... endOperations to precompute useful data meant to be hardcoded in mirage-crypto-ec before compilation
Dh_dsa.DsaDigital signature algorithm.
priv_of_octets buf decodes a private key from the buffer buf. If the provided data is invalid, an error is returned.
val priv_to_octets : priv -> stringpriv_to_octets p encode the private key p to a buffer.
pub_of_octets buf decodes a public key from the buffer buf. If the provided data is invalid, an error is returned.
val pub_to_octets : ?compress:bool -> pub -> stringpub_to_octets ~compress p encodes the public key p into a buffer. If compress is provided and true (default false), the compressed representation is returned.
val generate : ?g:Mirage_crypto_rng.g -> unit -> priv * pubgenerate ~g () generates a key pair.
val sign : key:priv -> ?k:string -> string -> string * stringsign ~key ~k digest signs the message digest using the private key. The digest is not processed further - it should be the hash of the message to sign. If k is not provided, it is computed using the deterministic construction from RFC 6979. The result is a pair of r and s.
Warning: there are attacks that recover the private key from a power and timing analysis of the RFC 6979 computation of k - thus it is advised to provide a good nonce (k) explicitly, which is independent of key and digest.
val verify : key:pub -> (string * string) -> string -> boolverify ~key (r, s) digest verifies the signature r, s on the message digest with the public key. The return value is true if verification was successful, false otherwise. If the message has more bits than the group order, the result is false.
K_gen can be instantiated over a hashing module to obtain an RFC6979 compliant k-generator for that hash.
module Precompute : sig ... endOperations to precompute useful data meant to be hardcoded in mirage-crypto-ec before compilation
Mirage_crypto_ec.Dh_dsaElliptic curve with Diffie-Hellman and DSA.
Mirage_crypto_ec.Dh_dsaElliptic curve with Diffie-Hellman and DSA.
K_gen.Hval empty : tempty is the hash of the empty string.
feed t msg adds the information in msg to t.
feed is analogous to appending: feed (feed t msg1) msg2 = feed t (Cstruct.append msg1 msg2).
val get : t -> Mirage_crypto.Hash.digestget t is the digest corresponding to t.
val hmac_empty : key:Cstruct.t -> hmachmac ~key is the hmac of the empty string using key key.
val hmac_get : hmac -> Mirage_crypto.Hash.digesthmac_get hmac is the hmac corresponding to hmac.
Functions that operate on data stored in a single chunk.
val digest : Cstruct.t -> Mirage_crypto.Hash.digestdigest msg is the digest of msg.
digest msg = get (feed empty msg)
val hmac : key:Cstruct.t -> Cstruct.t -> Mirage_crypto.Hash.digesthmac ~key bytes is the authentication code for bytes under the secret key, generated using the standard HMAC construction over this hash algorithm.
Functions that operate on arbitrary iterators. They can serve as a basis for other, more specialized aggregate hashing operations.
These functions are a little faster than using feed directly.
val feedi : t -> Cstruct.t Mirage_crypto.Hash.iter -> tfeedi t iter =
- (let r = ref t in iter (fun msg -> r := feed !r msg); !r)
val digesti : Cstruct.t Mirage_crypto.Hash.iter -> Mirage_crypto.Hash.digestdigesti iter = feedi empty iter |> get
val hmaci :
- key:Cstruct.t ->
- Cstruct.t Mirage_crypto.Hash.iter ->
- Mirage_crypto.Hash.digestSee hmac.
Dsa.K_genK_gen can be instantiated over a hashing module to obtain an RFC6979 compliant k-generator for that hash.
module H : Mirage_crypto.Hash.Sval generate : key:priv -> Cstruct.t -> Cstruct.tgenerate ~key digest deterministically takes the given private key and message digest to a k suitable for seeding the signing process.
Dsa.K_genK_gen can be instantiated over a hashing module to obtain an RFC6979 compliant k-generator for that hash.
val generate : key:priv -> string -> stringgenerate ~key digest deterministically takes the given private key and message digest to a k suitable for seeding the signing process.
Dsa.PrecomputeOperations to precompute useful data meant to be hardcoded in mirage-crypto-ec before compilation
Dsa.PrecomputeOperations to precompute useful data meant to be hardcoded in mirage-crypto-ec before compilation
Mirage_crypto_ec.DsaDigital signature algorithm.
priv_of_cstruct cs decodes a private key from the buffer cs. If the provided data is invalid, an error is returned.
val priv_to_cstruct : priv -> Cstruct.tpriv_to_cstruct p encode the private key p to a buffer.
pub_of_cstruct cs decodes a public key from the buffer cs. If the provided data is invalid, an error is returned.
val pub_to_cstruct : ?compress:bool -> pub -> Cstruct.tpub_to_cstruct ~compress p encodes the public key p into a buffer. If compress is provided and true (default false), the compressed representation is returned.
val generate : ?g:Mirage_crypto_rng.g -> unit -> priv * pubgenerate ~g () generates a key pair.
val sign : key:priv -> ?k:Cstruct.t -> Cstruct.t -> Cstruct.t * Cstruct.tsign ~key ~k digest signs the message digest using the private key. The digest is not processed further - it should be the hash of the message to sign. If k is not provided, it is computed using the deterministic construction from RFC 6979. The result is a pair of r and s.
Warning: there are attacks that recover the private key from a power and timing analysis of the RFC 6979 computation of k - thus it is advised to provide a good nonce (k) explicitly, which is independent of key and digest.
val verify : key:pub -> (Cstruct.t * Cstruct.t) -> Cstruct.t -> boolverify ~key (r, s) digest verifies the signature r, s on the message digest with the public key. The return value is true if verification was successful, false otherwise. If the message has more bits than the group order, the result is false.
module K_gen (H : Mirage_crypto.Hash.S) : sig ... endK_gen can be instantiated over a hashing module to obtain an RFC6979 compliant k-generator for that hash.
module Precompute : sig ... endOperations to precompute useful data meant to be hardcoded in mirage-crypto-ec before compilation
Mirage_crypto_ec.DsaDigital signature algorithm.
priv_of_octets buf decodes a private key from the buffer buf. If the provided data is invalid, an error is returned.
val priv_to_octets : priv -> stringpriv_to_octets p encode the private key p to a buffer.
pub_of_octets buf decodes a public key from the buffer buf. If the provided data is invalid, an error is returned.
val pub_to_octets : ?compress:bool -> pub -> stringpub_to_octets ~compress p encodes the public key p into a buffer. If compress is provided and true (default false), the compressed representation is returned.
val generate : ?g:Mirage_crypto_rng.g -> unit -> priv * pubgenerate ~g () generates a key pair.
val sign : key:priv -> ?k:string -> string -> string * stringsign ~key ~k digest signs the message digest using the private key. The digest is not processed further - it should be the hash of the message to sign. If k is not provided, it is computed using the deterministic construction from RFC 6979. The result is a pair of r and s.
Warning: there are attacks that recover the private key from a power and timing analysis of the RFC 6979 computation of k - thus it is advised to provide a good nonce (k) explicitly, which is independent of key and digest.
val verify : key:pub -> (string * string) -> string -> boolverify ~key (r, s) digest verifies the signature r, s on the message digest with the public key. The return value is true if verification was successful, false otherwise. If the message has more bits than the group order, the result is false.
K_gen can be instantiated over a hashing module to obtain an RFC6979 compliant k-generator for that hash.
module Precompute : sig ... endOperations to precompute useful data meant to be hardcoded in mirage-crypto-ec before compilation
The entry point of this library is the module: Mirage_crypto_ec.
The entry point of this library is the module: Mirage_crypto_ec.
Dh.GroupA small catalog of standardized groups.
From RFC 2409:
val oakley_1 : groupval oakley_2 : groupFrom RFC 3526:
val oakley_5 : groupval oakley_14 : groupval oakley_15 : groupval oakley_16 : groupval oakley_17 : groupval oakley_18 : groupFrom RFC 5114:
val rfc_5114_1 : groupval rfc_5114_2 : groupval rfc_5114_3 : groupFrom draft-ietf-tls-negotiated-ff-dhe-08
val ffdhe2048 : groupval ffdhe3072 : groupval ffdhe4096 : groupval ffdhe6144 : groupval ffdhe8192 : groupDh.GroupA small catalog of standardized groups.
From RFC 2409:
val oakley_1 : groupval oakley_2 : groupFrom RFC 3526:
val oakley_5 : groupval oakley_14 : groupval oakley_15 : groupval oakley_16 : groupval oakley_17 : groupval oakley_18 : groupFrom RFC 5114:
val rfc_5114_1 : groupval rfc_5114_2 : groupval rfc_5114_3 : groupFrom draft-ietf-tls-negotiated-ff-dhe-08
val ffdhe2048 : groupval ffdhe3072 : groupval ffdhe4096 : groupval ffdhe6144 : groupval ffdhe8192 : groupMirage_crypto_pk.DhDiffie-Hellman, MODP version.
Raised if the private key material is degenerate. The following invariants are checked: Secret key: 1 < secret < p Public key: 1 < public < p-1 && public <> gg
val group :
+Dh (mirage-crypto-pk.Mirage_crypto_pk.Dh) Module Mirage_crypto_pk.Dh
Diffie-Hellman, MODP version.
Diffie-Hellman key exchange
Raised if the private key material is degenerate. The following invariants are checked: Secret key: 1 < secret < p Public key: 1 < public < p-1 && public <> gg
val group :
p:Z.t ->
gg:Z.t ->
?q:Z.t ->
unit ->
- (group, [> `Msg of string ]) Stdlib.resultgroup ~p ~gg ~q () constructs a group if p is odd, a prime number, and greater than zero. gg must be in the range 1 < gg < p.
A private key.
Sexplib convertible.
key_of_secret group s is the secret and the corresponding public key which use s as the secret exponent.
val gen_key :
- ?g:Mirage_crypto_rng.g ->
- ?bits:bits ->
- group ->
- secret * Cstruct.tshared secret public is Some shared_key given a a previously generated secret (which specifies the group) and the other party's public key. shared_key is the unpadded big-endian representation of the shared key. It is None if these invariants do not hold for public: 1 < public < p-1 && public <> gg.
val gen_group : ?g:Mirage_crypto_rng.g -> bits:bits -> unit -> groupgen_group ~g ~bits () generates a random group with modulus size bits. Uses a safe prime p = 2q + 1 (with q prime) for the modulus and 2 for the generator, such that 2^q = 1 mod p. Runtime is on the order of a minute for 1024 bits. Note that no time masking is done for the modular exponentiation.
Note The process might diverge if there are no suitable groups. This happens with extremely small bits values.
+ (group, [> `Msg of string ]) Stdlib.resultgroup ~p ~gg ~q () constructs a group if p is odd, a prime number, and greater than zero. gg must be in the range 1 < gg < p.
A private key.
val modulus_size : group -> intBit size of the modulus.
key_of_secret group s is the secret and the corresponding public key which use s as the secret exponent.
val gen_key : ?g:Mirage_crypto_rng.g -> ?bits:int -> group -> secret * stringshared secret public is Some shared_key given a a previously generated secret (which specifies the group) and the other party's public key. shared_key is the unpadded big-endian representation of the shared key. It is None if these invariants do not hold for public: 1 < public < p-1 && public <> gg.
val gen_group : ?g:Mirage_crypto_rng.g -> bits:int -> unit -> groupgen_group ~g ~bits () generates a random group with modulus size bits. Uses a safe prime p = 2q + 1 (with q prime) for the modulus and 2 for the generator, such that 2^q = 1 mod p. Runtime is on the order of a minute for 1024 bits. Note that no time masking is done for the modular exponentiation.
Note The process might diverge if there are no suitable groups. This happens with extremely small bits values.
K_gen.Hval empty : tempty is the hash of the empty string.
feed t msg adds the information in msg to t.
feed is analogous to appending: feed (feed t msg1) msg2 = feed t (Cstruct.append msg1 msg2).
val get : t -> Mirage_crypto.Hash.digestget t is the digest corresponding to t.
val hmac_empty : key:Cstruct.t -> hmachmac ~key is the hmac of the empty string using key key.
val hmac_get : hmac -> Mirage_crypto.Hash.digesthmac_get hmac is the hmac corresponding to hmac.
Functions that operate on data stored in a single chunk.
val digest : Cstruct.t -> Mirage_crypto.Hash.digestdigest msg is the digest of msg.
digest msg = get (feed empty msg)
val hmac : key:Cstruct.t -> Cstruct.t -> Mirage_crypto.Hash.digesthmac ~key bytes is the authentication code for bytes under the secret key, generated using the standard HMAC construction over this hash algorithm.
Functions that operate on arbitrary iterators. They can serve as a basis for other, more specialized aggregate hashing operations.
These functions are a little faster than using feed directly.
val feedi : t -> Cstruct.t Mirage_crypto.Hash.iter -> tfeedi t iter =
- (let r = ref t in iter (fun msg -> r := feed !r msg); !r)
val digesti : Cstruct.t Mirage_crypto.Hash.iter -> Mirage_crypto.Hash.digestdigesti iter = feedi empty iter |> get
val hmaci :
- key:Cstruct.t ->
- Cstruct.t Mirage_crypto.Hash.iter ->
- Mirage_crypto.Hash.digestSee hmac.
Dsa.K_genK_gen can be instantiated over a hashing module to obtain an RFC6979 compliant k-generator for that hash.
module H : Mirage_crypto.Hash.Sval generate : key:priv -> Cstruct.t -> Z.tgenerate key digest deterministically takes the given private key and message digest to a k suitable for seeding the signing process.
Dsa.K_genK_gen can be instantiated over a hashing module to obtain an RFC6979 compliant k-generator for that hash.
val generate : key:priv -> string -> Z.tgenerate key digest deterministically takes the given private key and message digest to a k suitable for seeding the signing process.
Mirage_crypto_pk.DsaDSA digital signature algorithm.
type priv = private {p : Z.t;Modulus
*)q : Z.t;Subgroup order
*)gg : Z.t;Group Generator
*)x : Z.t;Private key proper
*)y : Z.t;Public component
*)}Private key. p, q and gg comprise domain parameters.
Sexplib convertible.
val priv :
+Dsa (mirage-crypto-pk.Mirage_crypto_pk.Dsa) Module Mirage_crypto_pk.Dsa
DSA digital signature algorithm.
DSA signature algorithm
type priv = private {p : Z.t;(*Modulus
*)q : Z.t;(*Subgroup order
*)gg : Z.t;(*Group Generator
*)x : Z.t;(*Private key proper
*)y : Z.t;(*Public component
*)
}Private key. p, q and gg comprise domain parameters.
val priv :
?fips:bool ->
p:Z.t ->
q:Z.t ->
@@ -7,16 +7,11 @@
x:Z.t ->
y:Z.t ->
unit ->
- (priv, [> `Msg of string ]) Stdlib.resultpriv ~fips ~p ~q ~gg ~x ~y () constructs a private DSA key from the given numbers. Will result in an error if parameters are ill-formed: same as pub, and additionally 0 < x < q and y = g ^ x mod p. Note that no time masking is done on the modular exponentiation.
Public key, a subset of private key.
Sexplib convertible.
val pub :
+ (priv, [> `Msg of string ]) Stdlib.resultpriv ~fips ~p ~q ~gg ~x ~y () constructs a private DSA key from the given numbers. Will result in an error if parameters are ill-formed: same as pub, and additionally 0 < x < q and y = g ^ x mod p. Note that no time masking is done on the modular exponentiation.
Public key, a subset of private key.
val pub :
?fips:bool ->
p:Z.t ->
q:Z.t ->
gg:Z.t ->
y:Z.t ->
unit ->
- (pub, [> `Msg of string ]) Stdlib.resultpub ~fips ~p ~q ~gg ~y () constructs a public DSA key from the given numbers. Will result in an error if the parameters are not well-formed: one < gg < p, q probabilistically a prime, p probabilistically prime and odd, 0 < y < p, q < p, and p - 1 mod q = 0. If fips is specified and true (defaults to false), only FIPS-specified bit length for p and q are accepted.
Key size request. Three Fips variants refer to FIPS-standardized L-values (p size) and imply the corresponding N (q size); The last variants specifies L and N directly.
Masking (cryptographic blinding) option.
val generate : ?g:Mirage_crypto_rng.g -> keysize -> privgenerate g size is a fresh private key. The domain parameters are derived using a modified FIPS.186-4 probabilistic process, but the derivation can not be validated. Note that no time masking is done for the modular exponentiations.
Note The process might diverge if it is impossible to find parameters with the given bit sizes. This happens when n gets too big for l, if the size was given as `Exactly (l, n).
sign ~mask ~k ~key digest is the signature, a pair of Cstruct.ts representing r and s in big-endian.
digest is the full digest of the actual message.
k, the random component, can either be provided, or is deterministically derived as per RFC6979, using SHA256.
val verify : key:pub -> (Cstruct.t * Cstruct.t) -> Cstruct.t -> boolverify ~key (r, s) digest verifies that the pair (r, s) is the signature of digest, the message digest, under the private counterpart to key.
val massage : key:pub -> Cstruct.t -> Cstruct.tmassage key digest is the numeric value of digest taken modulo q and represented in the leftmost bits(q) bits of the result.
Both FIPS.186-4 and RFC6979 specify that only the leftmost bits(q) bits of digest are to be taken into account, but some implementations consider the entire digest. In cases where sign and verify seem incompatible with a given implementation (esp. if sign produces signatures with the s component different from the other implementation's), it might help to pre-process digest using this function (e.g. sign ~key (massage ~key:(pub_of_priv key) digest)).
module K_gen (H : Mirage_crypto.Hash.S) : sig ... endK_gen can be instantiated over a hashing module to obtain an RFC6979 compliant k-generator for that hash.
+ (pub, [> `Msg of string ]) Stdlib.resultpub ~fips ~p ~q ~gg ~y () constructs a public DSA key from the given numbers. Will result in an error if the parameters are not well-formed: one < gg < p, q probabilistically a prime, p probabilistically prime and odd, 0 < y < p, q < p, and p - 1 mod q = 0. If fips is specified and true (defaults to false), only FIPS-specified bit length for p and q are accepted.
Key size request. Three Fips variants refer to FIPS-standardized L-values (p size) and imply the corresponding N (q size); The last variants specifies L and N directly.
Masking (cryptographic blinding) option.
val generate : ?g:Mirage_crypto_rng.g -> keysize -> privgenerate g size is a fresh private key. The domain parameters are derived using a modified FIPS.186-4 probabilistic process, but the derivation can not be validated. Note that no time masking is done for the modular exponentiations.
Note The process might diverge if it is impossible to find parameters with the given bit sizes. This happens when n gets too big for l, if the size was given as `Exactly (l, n).
sign ~mask ~k ~key digest is the signature, a pair of strings representing r and s in big-endian.
digest is the full digest of the actual message.
k, the random component, can either be provided, or is deterministically derived as per RFC6979, using SHA256.
val verify : key:pub -> (string * string) -> string -> boolverify ~key (r, s) digest verifies that the pair (r, s) is the signature of digest, the message digest, under the private counterpart to key.
val massage : key:pub -> string -> stringmassage key digest is the numeric value of digest taken modulo q and represented in the leftmost bits(q) bits of the result.
Both FIPS.186-4 and RFC6979 specify that only the leftmost bits(q) bits of digest are to be taken into account, but some implementations consider the entire digest. In cases where sign and verify seem incompatible with a given implementation (esp. if sign produces signatures with the s component different from the other implementation's), it might help to pre-process digest using this function (e.g. sign ~key (massage ~key:(pub_of_priv key) digest)).
OAEP.Hval empty : tempty is the hash of the empty string.
feed t msg adds the information in msg to t.
feed is analogous to appending: feed (feed t msg1) msg2 = feed t (Cstruct.append msg1 msg2).
val get : t -> Mirage_crypto.Hash.digestget t is the digest corresponding to t.
val hmac_empty : key:Cstruct.t -> hmachmac ~key is the hmac of the empty string using key key.
val hmac_get : hmac -> Mirage_crypto.Hash.digesthmac_get hmac is the hmac corresponding to hmac.
Functions that operate on data stored in a single chunk.
val digest : Cstruct.t -> Mirage_crypto.Hash.digestdigest msg is the digest of msg.
digest msg = get (feed empty msg)
val hmac : key:Cstruct.t -> Cstruct.t -> Mirage_crypto.Hash.digesthmac ~key bytes is the authentication code for bytes under the secret key, generated using the standard HMAC construction over this hash algorithm.
Functions that operate on arbitrary iterators. They can serve as a basis for other, more specialized aggregate hashing operations.
These functions are a little faster than using feed directly.
val feedi : t -> Cstruct.t Mirage_crypto.Hash.iter -> tfeedi t iter =
- (let r = ref t in iter (fun msg -> r := feed !r msg); !r)
val digesti : Cstruct.t Mirage_crypto.Hash.iter -> Mirage_crypto.Hash.digestdigesti iter = feedi empty iter |> get
val hmaci :
- key:Cstruct.t ->
- Cstruct.t Mirage_crypto.Hash.iter ->
- Mirage_crypto.Hash.digestSee hmac.
Rsa.OAEPOAEP-padded encryption, as defined by PKCS #1 v2.1.
The same hash function is used for padding and MGF. MGF is MGF1 as defined in PKCS #1 2.1.
Keys must have a minimum of 2 + 2 * hlen + len(message) bytes, where hlen is the hash length.
module H : Mirage_crypto.Hash.Sval encrypt :
+OAEP (mirage-crypto-pk.Mirage_crypto_pk.Rsa.OAEP) Module Rsa.OAEP
OAEP-padded encryption, as defined by PKCS #1 v2.1.
The same hash function is used for padding and MGF. MGF is MGF1 as defined in PKCS #1 2.1.
Keys must have a minimum of 2 + 2 * hlen + len(message) bytes, where hlen is the hash length.
Parameters
Signature
val encrypt :
?g:Mirage_crypto_rng.g ->
- ?label:Cstruct.t ->
+ ?label:string ->
key:pub ->
- Cstruct.t ->
- Cstruct.tencrypt ~g ~label ~key message is OAEP-padded and encrypted message, using the optional label.
encrypt ~g ~label ~key message is OAEP-padded and encrypted message, using the optional label.
val decrypt :
?crt_hardening:bool ->
?mask:mask ->
- ?label:Cstruct.t ->
+ ?label:string ->
key:priv ->
- Cstruct.t ->
- Cstruct.t optiondecrypt ~crt_hardening ~mask ~label ~key ciphertext is Some message if the ciphertext was produced by the corresponding encrypt operation, or None otherwise. crt_hardening defaults to false.
+ string ->
+ string optiondecrypt ~crt_hardening ~mask ~label ~key ciphertext is Some message if the ciphertext was produced by the corresponding encrypt operation, or None otherwise. crt_hardening defaults to false.
Rsa.PKCS1PKCS v1.5 operations, as defined by PKCS #1 v1.5.
For the operations that only add the raw padding, the key size must be at least 11 bytes larger than the message. For full signing, the minimal key size varies according to the hash algorithm. In this case, the key size is priv_bits key / 8, rounded up.
val encrypt : ?g:Mirage_crypto_rng.g -> key:pub -> Cstruct.t -> Cstruct.tencrypt g key message is a PKCS1-padded (type 2) and encrypted message.
val decrypt :
+PKCS1 (mirage-crypto-pk.Mirage_crypto_pk.Rsa.PKCS1) Module Rsa.PKCS1
PKCS v1.5 operations, as defined by PKCS #1 v1.5.
For the operations that only add the raw padding, the key size must be at least 11 bytes larger than the message. For full signing, the minimal key size varies according to the hash algorithm. In this case, the key size is priv_bits key / 8, rounded up.
val encrypt : ?g:Mirage_crypto_rng.g -> key:pub -> string -> stringencrypt g key message is a PKCS1-padded (type 2) and encrypted message.
decrypt ~crt_hardening ~mask ~key ciphertext is Some message if the ciphertext was produced by the corresponding encrypt operation, or None otherwise. crt_hardening defaults to false.
decrypt ~crt_hardening ~mask ~key ciphertext is Some message if the ciphertext was produced by the corresponding encrypt operation, or None otherwise. crt_hardening defaults to false.
sig_encode ~crt_hardening ~mask ~key message is the PKCS1-padded (type 1) message signed by the key. crt_hardening defaults to true and verifies that the computed signature is correct.
Note This operation performs only the padding and RSA transformation steps of the PKCS 1.5 signature. The full signature is implemented by sign.
val sig_decode : key:pub -> Cstruct.t -> Cstruct.t optionsig_decode key signature is Some message when the signature was produced with the given key as per sig_encode, or None
val min_key : Mirage_crypto.Hash.hash -> bitsmin_key hash is the minimum key size required by sign.
sig_encode ~crt_hardening ~mask ~key message is the PKCS1-padded (type 1) message signed by the key. crt_hardening defaults to true and verifies that the computed signature is correct.
Note This operation performs only the padding and RSA transformation steps of the PKCS 1.5 signature. The full signature is implemented by sign.
val sig_decode : key:pub -> string -> string optionsig_decode key signature is Some message when the signature was produced with the given key as per sig_encode, or None
min_key hash is the minimum key size required by sign.
val sign :
?crt_hardening:bool ->
?mask:mask ->
- hash:Mirage_crypto.Hash.hash ->
+ hash:[< Digestif.hash' MD5 SHA1 SHA224 SHA256 SHA384 SHA512 ] ->
key:priv ->
- Cstruct.t or_digest ->
- Cstruct.tsign ~crt_hardening ~mask ~hash ~key message is the PKCS 1.5 signature of message, signed by the key, using the hash function hash. This is the full signature, with the ASN-encoded message digest as the payload. crt_hardening defaults to true and verifies that the computed signature is correct.
message is either the actual message, or its digest.
val verify :
- hashp:(Mirage_crypto.Hash.hash -> bool) ->
+ string or_digest ->
+ stringsign ~crt_hardening ~mask ~hash ~key message is the PKCS 1.5 signature of message, signed by the key, using the hash function hash. This is the full signature, with the ASN-encoded message digest as the payload. crt_hardening defaults to true and verifies that the computed signature is correct.
message is either the actual message, or its digest.
val verify :
+ hashp:([< Digestif.hash' MD5 SHA1 SHA224 SHA256 SHA384 SHA512 ] -> bool) ->
key:pub ->
- signature:Cstruct.t ->
- Cstruct.t or_digest ->
+ signature:string ->
+ string or_digest ->
boolverify ~hashp ~key ~signature message checks that signature is the PKCS 1.5 signature of the message under the given key.
message is either the actual message, or its digest.
hashp determines the allowed hash algorithms. Whenever hashp is false, verify is also false.
diff --git a/doc/mirage-crypto-pk/Mirage_crypto_pk/Rsa/PSS/argument-1-H/index.html b/doc/mirage-crypto-pk/Mirage_crypto_pk/Rsa/PSS/argument-1-H/index.html
deleted file mode 100644
index 1bf58277..00000000
--- a/doc/mirage-crypto-pk/Mirage_crypto_pk/Rsa/PSS/argument-1-H/index.html
+++ /dev/null
@@ -1,6 +0,0 @@
-
-H (mirage-crypto-pk.Mirage_crypto_pk.Rsa.PSS.H) Parameter PSS.H
Core operations
val empty : tempty is the hash of the empty string.
feed t msg adds the information in msg to t.
feed is analogous to appending: feed (feed t msg1) msg2 = feed t (Cstruct.append msg1 msg2).
val get : t -> Mirage_crypto.Hash.digestget t is the digest corresponding to t.
HMAC operations
val hmac_empty : key:Cstruct.t -> hmachmac ~key is the hmac of the empty string using key key.
val hmac_get : hmac -> Mirage_crypto.Hash.digesthmac_get hmac is the hmac corresponding to hmac.
All-in-one
Functions that operate on data stored in a single chunk.
val digest : Cstruct.t -> Mirage_crypto.Hash.digestdigest msg is the digest of msg.
digest msg = get (feed empty msg)
val hmac : key:Cstruct.t -> Cstruct.t -> Mirage_crypto.Hash.digesthmac ~key bytes is the authentication code for bytes under the secret key, generated using the standard HMAC construction over this hash algorithm.
Functions over iterators
Functions that operate on arbitrary iterators. They can serve as a basis for other, more specialized aggregate hashing operations.
These functions are a little faster than using feed directly.
val feedi : t -> Cstruct.t Mirage_crypto.Hash.iter -> tfeedi t iter =
- (let r = ref t in iter (fun msg -> r := feed !r msg); !r)
val digesti : Cstruct.t Mirage_crypto.Hash.iter -> Mirage_crypto.Hash.digestdigesti iter = feedi empty iter |> get
val hmaci :
- key:Cstruct.t ->
- Cstruct.t Mirage_crypto.Hash.iter ->
- Mirage_crypto.Hash.digestSee hmac.
diff --git a/doc/mirage-crypto-pk/Mirage_crypto_pk/Rsa/PSS/index.html b/doc/mirage-crypto-pk/Mirage_crypto_pk/Rsa/PSS/index.html
index 45d3c36e..e020a2c7 100644
--- a/doc/mirage-crypto-pk/Mirage_crypto_pk/Rsa/PSS/index.html
+++ b/doc/mirage-crypto-pk/Mirage_crypto_pk/Rsa/PSS/index.html
@@ -1,14 +1,14 @@
-PSS (mirage-crypto-pk.Mirage_crypto_pk.Rsa.PSS) Module Rsa.PSS
PSS-based signing, as defined by PKCS #1 v2.1.
The same hash function is used for padding, MGF and computing message digest. MGF is MGF1 as defined in PKCS #1 2.1.
Keys must have a minimum of 2 + hlen + slen bytes, where hlen is the hash length and slen is the seed length.
Parameters
module H : Mirage_crypto.Hash.SSignature
val sign :
+PSS (mirage-crypto-pk.Mirage_crypto_pk.Rsa.PSS) Module Rsa.PSS
PSS-based signing, as defined by PKCS #1 v2.1.
The same hash function is used for padding, MGF and computing message digest. MGF is MGF1 as defined in PKCS #1 2.1.
Keys must have a minimum of 2 + hlen + slen bytes, where hlen is the hash length and slen is the seed length.
Parameters
Signature
val sign :
?g:Mirage_crypto_rng.g ->
?crt_hardening:bool ->
?mask:mask ->
?slen:int ->
key:priv ->
- Cstruct.t or_digest ->
- Cstruct.tsign ~g ~crt_hardening ~mask ~slen ~key message the PSS-padded digest of message, signed with the key. crt_hardening defaults to false.
slen is the optional seed length and defaults to the size of the underlying hash function.
message is either the actual message, or its digest.
val verify :
+ string or_digest ->
+ stringsign ~g ~crt_hardening ~mask ~slen ~key message the PSS-padded digest of message, signed with the key. crt_hardening defaults to false.
slen is the optional seed length and defaults to the size of the underlying hash function.
message is either the actual message, or its digest.
val verify :
?slen:int ->
key:pub ->
- signature:Cstruct.t ->
- Cstruct.t or_digest ->
+ signature:string ->
+ string or_digest ->
boolverify ~slen ~key ~signature message checks whether signature is a valid PSS signature of the message under the given key.
message is either the actual message, or its digest.
diff --git a/doc/mirage-crypto-pk/Mirage_crypto_pk/Rsa/index.html b/doc/mirage-crypto-pk/Mirage_crypto_pk/Rsa/index.html
index ee3881ed..efda86d1 100644
--- a/doc/mirage-crypto-pk/Mirage_crypto_pk/Rsa/index.html
+++ b/doc/mirage-crypto-pk/Mirage_crypto_pk/Rsa/index.html
@@ -1,5 +1,5 @@
-Rsa (mirage-crypto-pk.Mirage_crypto_pk.Rsa) Module Mirage_crypto_pk.Rsa
RSA public-key cryptography algorithm.
Keys
Messages are checked not to exceed the key size, and this is signalled via the Insufficient_key exception.
Private-key operations are optionally protected through RSA blinding.
Raised if the key is too small to transform the given message, i.e. if the numerical interpretation of the (potentially padded) message is not smaller than the modulus.
The public portion of the key.
Sexplib convertible.
val pub : e:Z.t -> n:Z.t -> (pub, [> `Msg of string ]) Stdlib.resultpub ~e ~n validates the public key: 1 < e < n, n > 0, is_odd n, and numbits n >= 89 (a requirement for PKCS1 operations).
type priv = private {e : Z.t;(*Public exponent
*)d : Z.t;(*Private exponent
*)n : Z.t;(*Modulus (p q)
*)p : Z.t;(*Prime factor p
*)q : Z.t;(*Prime factor q
*)dp : Z.t;(*d mod (p-1)
*)dq : Z.t;(*d mod (q-1)
*)q' : Z.t;(*q^(-1) mod p
*)
}Full private key (two-factor version).
Note The key layout assumes that p > q, which affects the quantity q' (sometimes called u), and the computation of the private transform. Some systems assume otherwise. When using keys produced by a system that computes u = p^(-1) mod q, either exchange p with q and dp with dq, or re-generate the full private key using priv_of_primes.
Sexplib convertible.
val priv :
+Rsa (mirage-crypto-pk.Mirage_crypto_pk.Rsa) Module Mirage_crypto_pk.Rsa
RSA public-key cryptography algorithm.
Keys
Messages are checked not to exceed the key size, and this is signalled via the Insufficient_key exception.
Private-key operations are optionally protected through RSA blinding.
Raised if the key is too small to transform the given message, i.e. if the numerical interpretation of the (potentially padded) message is not smaller than the modulus.
val pub : e:Z.t -> n:Z.t -> (pub, [> `Msg of string ]) Stdlib.resultpub ~e ~n validates the public key: 1 < e < n, n > 0, is_odd n, and numbits n >= 89 (a requirement for PKCS1 operations).
type priv = private {e : Z.t;(*Public exponent
*)d : Z.t;(*Private exponent
*)n : Z.t;(*Modulus (p q)
*)p : Z.t;(*Prime factor p
*)q : Z.t;(*Prime factor q
*)dp : Z.t;(*d mod (p-1)
*)dq : Z.t;(*d mod (q-1)
*)q' : Z.t;(*q^(-1) mod p
*)
}Full private key (two-factor version).
Note The key layout assumes that p > q, which affects the quantity q' (sometimes called u), and the computation of the private transform. Some systems assume otherwise. When using keys produced by a system that computes u = p^(-1) mod q, either exchange p with q and dp with dq, or re-generate the full private key using priv_of_primes.
val priv :
e:Z.t ->
d:Z.t ->
n:Z.t ->
@@ -8,7 +8,7 @@
dp:Z.t ->
dq:Z.t ->
q':Z.t ->
- (priv, [> `Msg of string ]) Stdlib.resultpriv ~e ~d ~n ~p ~q ~dp ~dq ~q' validates the private key: e, n must be a valid pub, p and q valid prime numbers > 0, odd, probabilistically prime, p <> q, n = p * q, e probabilistically prime and coprime to both p and q, q' = q ^ -1 mod p, 1 < d < n, dp = d mod (p - 1), dq = d mod (q - 1), and d = e ^ -1 mod (p - 1) (q - 1).
val priv_of_primes :
+ (priv, [> `Msg of string ]) Stdlib.resultpriv ~e ~d ~n ~p ~q ~dp ~dq ~q' validates the private key: e, n must be a valid pub, p and q valid prime numbers > 0, odd, probabilistically prime, p <> q, n = p * q, e probabilistically prime and coprime to both p and q, q' = q ^ -1 mod p, 1 < d < n, dp = d mod (p - 1), dq = d mod (q - 1), and d = e ^ -1 mod (p - 1) (q - 1).
val pub_bits : pub -> intBit-size of a public key.
val priv_bits : priv -> intBit-size of a private key.
val priv_of_primes :
e:Z.t ->
p:Z.t ->
q:Z.t ->
@@ -19,9 +19,4 @@
d:Z.t ->
n:Z.t ->
unit ->
- (priv, [> `Msg of string ]) Stdlib.resultpriv_of_exp ?g ?attempts ~e ~d n is the unique private key characterized by the public (e) and private (d) exponents, and modulus n. This operation uses a probabilistic process that can fail to recover the key.
~attempts is the number of trials. For triplets that form an RSA key, the probability of failure is at most 2^(-attempts). attempts defaults to an unspecified number that yields a very high probability of recovering valid keys.
Note that no time masking is done for the computations in this function.
The RSA transformation
Either an 'a or its digest, according to some hash algorithm.
Masking (cryptographic blinding) mode for the RSA transform with the private key. Masking does not change the result, but it does change the timing profile of the operation.
`No disables masking. It is slightly faster but it exposes the private key to timing-based attacks.`Yes uses random masking with the global RNG instance. This is the sane option.`Yes_with g uses random masking with the generator g.
val encrypt : key:pub -> Cstruct.t -> Cstruct.tencrypt key message is the encrypted message.
decrypt ~crt_hardening ~mask key ciphertext is the decrypted ciphertext, left-padded with 0x00 up to key size.
~crt_hardening defaults to false. If true verifies that the result is correct. This is to counter Chinese remainder theorem attacks to factorize primes. If the computed signature is incorrect, it is again computed in the classical way (c ^ d mod n) without the Chinese remainder theorem optimization. The deterministic PKCS1 signing, which is at danger, uses true as default.
~mask defaults to `Yes.
Key generation
val generate : ?g:Mirage_crypto_rng.g -> ?e:Z.t -> bits:bits -> unit -> privgenerate ~g ~e ~bits () is a new private key. The new key is guaranteed to be well formed, see priv.
e defaults to 2^16+1.
Note This process might diverge if there are no keys for the given bit size. This can happen when bits is extremely small.
PKCS#1 padded modes
module PKCS1 : sig ... endPKCS v1.5 operations, as defined by PKCS #1 v1.5.
OAEP padded modes
module OAEP (H : Mirage_crypto.Hash.S) : sig ... endOAEP-padded encryption, as defined by PKCS #1 v2.1.
PSS signing
module PSS (H : Mirage_crypto.Hash.S) : sig ... endPSS-based signing, as defined by PKCS #1 v2.1.
+ (priv, [> `Msg of string ]) Stdlib.resultpriv_of_exp ?g ?attempts ~e ~d n is the unique private key characterized by the public (e) and private (d) exponents, and modulus n. This operation uses a probabilistic process that can fail to recover the key.
~attempts is the number of trials. For triplets that form an RSA key, the probability of failure is at most 2^(-attempts). attempts defaults to an unspecified number that yields a very high probability of recovering valid keys.
Note that no time masking is done for the computations in this function.
The RSA transformation
Either an 'a or its digest, according to some hash algorithm.
Masking (cryptographic blinding) mode for the RSA transform with the private key. Masking does not change the result, but it does change the timing profile of the operation.
`No disables masking. It is slightly faster but it exposes the private key to timing-based attacks.`Yes uses random masking with the global RNG instance. This is the sane option.`Yes_with g uses random masking with the generator g.
val encrypt : key:pub -> string -> stringencrypt key message is the encrypted message.
decrypt ~crt_hardening ~mask key ciphertext is the decrypted ciphertext, left-padded with 0x00 up to key size.
~crt_hardening defaults to false. If true verifies that the result is correct. This is to counter Chinese remainder theorem attacks to factorize primes. If the computed signature is incorrect, it is again computed in the classical way (c ^ d mod n) without the Chinese remainder theorem optimization. The deterministic PKCS1 signing, which is at danger, uses true as default.
~mask defaults to `Yes.
Key generation
val generate : ?g:Mirage_crypto_rng.g -> ?e:Z.t -> bits:int -> unit -> privgenerate ~g ~e ~bits () is a new private key. The new key is guaranteed to be well formed, see priv.
e defaults to 2^16+1.
Note This process might diverge if there are no keys for the given bit size. This can happen when bits is extremely small.
PKCS#1 padded modes
module PKCS1 : sig ... endPKCS v1.5 operations, as defined by PKCS #1 v1.5.
OAEP padded modes
PSS signing
diff --git a/doc/mirage-crypto-pk/Mirage_crypto_pk/Z_extra/index.html b/doc/mirage-crypto-pk/Mirage_crypto_pk/Z_extra/index.html
index 0bca292a..73be34e0 100644
--- a/doc/mirage-crypto-pk/Mirage_crypto_pk/Z_extra/index.html
+++ b/doc/mirage-crypto-pk/Mirage_crypto_pk/Z_extra/index.html
@@ -1,2 +1,2 @@
-Z_extra (mirage-crypto-pk.Mirage_crypto_pk.Z_extra) Module Mirage_crypto_pk.Z_extra
Z Convert Z to big endian Cstruct.t and generate random Z values.
Conversion to and from Cstruct.t
val of_cstruct_be : ?bits:bits -> Cstruct.t -> Z.tof_cstruct_be ~bits cs interprets the bit pattern of cs as a t in big-endian.
If ~bits is not given, the operation considers the entire cs, otherwise the initial min ~bits (bit-length cs) bits of cs.
Assuming n is the number of bits to extract, the n-bit in cs is always the least significant bit of the result. Therefore:
- if the bit size
k of t is larger than n, k - n most significant bits in the result are 0; and - if
k is smaller than n, the result contains k last of the n first bits of cs.
to_cstruct_be ~size t is the big-endian representation of t.
If ~size is not given, it defaults to the minimal number of bytes needed to represent t, which is bits t / 8 rounded up.
The least-significant bit of t is always the last bit in the result. If the size is larger than needed, the output is padded with zero bits. If it is smaller, the high bits in t are dropped.
into_cstruct_be t cs writes the big-endian representation of t into cs. It behaves like to_cstruct_be, with ~size spanning the entire cs.
Random generation
val gen : ?g:Mirage_crypto_rng.g -> Z.t -> Z.tgen ~g n picks a value in the interval [0, n - 1] uniformly at random.
val gen_r : ?g:Mirage_crypto_rng.g -> Z.t -> Z.t -> Z.tgen_r ~g low high picks a value from the interval [low, high - 1] uniformly at random.
+Z_extra (mirage-crypto-pk.Mirage_crypto_pk.Z_extra) Module Mirage_crypto_pk.Z_extra
Z Convert Z to big endian string and generate random Z values.
Conversion to and from string
of_octets_be ~bits buf interprets the bit pattern of buf as a t in big-endian.
If ~bits is not given, the operation considers the entire buf, otherwise the initial min ~bits (bit-length buf) bits of buf.
Assuming n is the number of bits to extract, the n-bit in buf is always the least significant bit of the result. Therefore:
- if the bit size
k of t is larger than n, k - n most significant bits in the result are 0; and - if
k is smaller than n, the result contains k last of the n first bits of buf.
to_octets_be ~size t is the big-endian representation of t.
If ~size is not given, it defaults to the minimal number of bytes needed to represent t, which is bits t / 8 rounded up.
The least-significant bit of t is always the last bit in the result. If the size is larger than needed, the output is padded with zero bits. If it is smaller, the high bits in t are dropped.
into_octets_be t buf writes the big-endian representation of t into buf. It behaves like to_octets_be, with ~size spanning the entire buf.
Random generation
val gen : ?g:Mirage_crypto_rng.g -> Z.t -> Z.tgen ~g n picks a value in the interval [0, n - 1] uniformly at random.
val gen_r : ?g:Mirage_crypto_rng.g -> Z.t -> Z.t -> Z.tgen_r ~g low high picks a value from the interval [low, high - 1] uniformly at random.
diff --git a/doc/mirage-crypto-pk/Mirage_crypto_pk/index.html b/doc/mirage-crypto-pk/Mirage_crypto_pk/index.html
index 57c28e64..a8bd1669 100644
--- a/doc/mirage-crypto-pk/Mirage_crypto_pk/index.html
+++ b/doc/mirage-crypto-pk/Mirage_crypto_pk/index.html
@@ -1,2 +1,2 @@
-Mirage_crypto_pk (mirage-crypto-pk.Mirage_crypto_pk) Module Mirage_crypto_pk
Public-key cryptography
Public and private key types are private, the constructors validate their well-formedness as much as possible, esp. so that powm_sec will not raise an exception (exponent > 1, or odd modulus). All modular exponentiations (unless otherwise noted) use the Z.powm_sec function, which uses a static access pattern and operates in constant time (of the bit size of the input), independent of which bits are set and not set. The performance is up to 20% worse than powm. Additionally, blinding is applied to RSA and DSA by default.
module Rsa : sig ... endRSA public-key cryptography algorithm.
module Dsa : sig ... endDSA digital signature algorithm.
module Dh : sig ... endDiffie-Hellman, MODP version.
module Z_extra : sig ... endZ Convert Z to big endian Cstruct.t and generate random Z values.
+Mirage_crypto_pk (mirage-crypto-pk.Mirage_crypto_pk) Module Mirage_crypto_pk
Public-key cryptography
Public and private key types are private, the constructors validate their well-formedness as much as possible, esp. so that powm_sec will not raise an exception (exponent > 1, or odd modulus). All modular exponentiations (unless otherwise noted) use the Z.powm_sec function, which uses a static access pattern and operates in constant time (of the bit size of the input), independent of which bits are set and not set. The performance is up to 20% worse than powm. Additionally, blinding is applied to RSA and DSA by default.
module Rsa : sig ... endRSA public-key cryptography algorithm.
module Dsa : sig ... endDSA digital signature algorithm.
module Dh : sig ... endDiffie-Hellman, MODP version.
module Z_extra : sig ... endZ Convert Z to big endian string and generate random Z values.
diff --git a/doc/mirage-crypto-pk/index.html b/doc/mirage-crypto-pk/index.html
index 3fbb3d8f..2b7b0084 100644
--- a/doc/mirage-crypto-pk/index.html
+++ b/doc/mirage-crypto-pk/index.html
@@ -1,2 +1,2 @@
-index (mirage-crypto-pk.index) mirage-crypto-pk index
Library mirage-crypto-pk
The entry point of this library is the module: Mirage_crypto_pk.
+index (mirage-crypto-pk.index) mirage-crypto-pk index
Library mirage-crypto-pk
The entry point of this library is the module: Mirage_crypto_pk.
diff --git a/doc/mirage-crypto-rng-lwt/Mirage_crypto_rng_lwt/index.html b/doc/mirage-crypto-rng-lwt/Mirage_crypto_rng_lwt/index.html
index 27228992..c8304f7d 100644
--- a/doc/mirage-crypto-rng-lwt/Mirage_crypto_rng_lwt/index.html
+++ b/doc/mirage-crypto-rng-lwt/Mirage_crypto_rng_lwt/index.html
@@ -1,5 +1,5 @@
-Mirage_crypto_rng_lwt (mirage-crypto-rng-lwt.Mirage_crypto_rng_lwt) Module Mirage_crypto_rng_lwt
RNG seeding on Lwt.
This module initializes a Fortuna RNG with getrandom(), and CPU RNG.
val initialize :
+Mirage_crypto_rng_lwt (mirage-crypto-rng-lwt.Mirage_crypto_rng_lwt) Module Mirage_crypto_rng_lwt
RNG seeding on Lwt.
This module initializes a Fortuna RNG with getrandom(), and CPU RNG.
val initialize :
?g:'a ->
?sleep:int64 ->
'a Mirage_crypto_rng.generator ->
diff --git a/doc/mirage-crypto-rng-lwt/index.html b/doc/mirage-crypto-rng-lwt/index.html
index ed4f9cac..ed9bc6df 100644
--- a/doc/mirage-crypto-rng-lwt/index.html
+++ b/doc/mirage-crypto-rng-lwt/index.html
@@ -1,2 +1,2 @@
-index (mirage-crypto-rng-lwt.index) mirage-crypto-rng-lwt index
Library mirage-crypto-rng-lwt
The entry point of this library is the module: Mirage_crypto_rng_lwt.
+index (mirage-crypto-rng-lwt.index) mirage-crypto-rng-lwt index
Library mirage-crypto-rng-lwt
The entry point of this library is the module: Mirage_crypto_rng_lwt.
diff --git a/doc/mirage-crypto-rng-mirage/Mirage_crypto_rng_mirage/Make/Entropy/index.html b/doc/mirage-crypto-rng-mirage/Mirage_crypto_rng_mirage/Make/Entropy/index.html
index 9ea03b59..56609af5 100644
--- a/doc/mirage-crypto-rng-mirage/Mirage_crypto_rng_mirage/Make/Entropy/index.html
+++ b/doc/mirage-crypto-rng-mirage/Mirage_crypto_rng_mirage/Make/Entropy/index.html
@@ -1,2 +1,2 @@
-Entropy (mirage-crypto-rng-mirage.Mirage_crypto_rng_mirage.Make.Entropy) Module Make.Entropy
Entropy sources and collection
val sources : unit -> source listsources () returns the list of available sources.
val pp_source : Stdlib.Format.formatter -> source -> unitpp_source ppf source pretty-prints the entropy source on ppf.
val register_source : string -> sourceregister_source name registers name as entropy source.
Bootstrap
whirlwind_bootstrap id exploits CPU-level data races which lead to execution-time variability. It returns 200 bytes random data prefixed by id.
See http://www.ieee-security.org/TC/SP2014/papers/Not-So-RandomNumbersinVirtualizedLinuxandtheWhirlwindRNG.pdf for further details.
cpu_rng_bootstrap id returns 8 bytes of random data using the CPU RNG (rdseed or rdrand). On 32bit platforms, only 4 bytes are filled. The id is used as prefix.
bootstrap id is either cpu_rng_bootstrap, if the CPU supports it, or whirlwind_bootstrap if not.
Timer source
interrupt_hook () collects lower bytes from the cycle counter, to be used for entropy collection in the event loop.
val timer_accumulator : g option -> unit -> unittimer_accumulator g is the accumulator for the timer source, applying interrupt_hook on each call.
Periodic pulled sources
feed_pools g source f feeds all pools of g using source by executing f for each pool.
val cpu_rng : (g option -> unit -> unit, [ `Not_supported ]) Stdlib.Result.tcpu_rng g uses the CPU RNG (rdrand or rdseed) to feed all pools of g. It uses feed_pools internally. If neither rdrand nor rdseed are available, fun () -> () is returned.
+Entropy (mirage-crypto-rng-mirage.Mirage_crypto_rng_mirage.Make.Entropy) Module Make.Entropy
Entropy sources and collection
type source = Mirage_crypto_rng.Entropy.sourceEntropy sources.
val sources : unit -> source listsources () returns the list of available sources.
val pp_source : Stdlib.Format.formatter -> source -> unitpp_source ppf source pretty-prints the entropy source on ppf.
val register_source : string -> sourceregister_source name registers name as entropy source.
diff --git a/doc/mirage-crypto-rng-mirage/Mirage_crypto_rng_mirage/Make/Fortuna/index.html b/doc/mirage-crypto-rng-mirage/Mirage_crypto_rng_mirage/Make/Fortuna/index.html
deleted file mode 100644
index f5fbda48..00000000
--- a/doc/mirage-crypto-rng-mirage/Mirage_crypto_rng_mirage/Make/Fortuna/index.html
+++ /dev/null
@@ -1,2 +0,0 @@
-
-Fortuna (mirage-crypto-rng-mirage.Mirage_crypto_rng_mirage.Make.Fortuna) Module Make.Fortuna
Fortuna, a CSPRNG proposed by Schneier.
Internally, this generator's generate always produces k * block bytes.
val generate : g:g -> int -> Cstruct.tgenerate ~g n produces n uniformly distributed random bytes, updating the state of g.
val reseed : g:g -> Cstruct.t -> unitreseed ~g bytes directly updates g. Its new state depends both on bytes and the previous state.
A generator is seded after a single application of reseed.
val accumulate : g:g -> Entropy.source -> [ `Acc of Cstruct.t -> unit ]accumulate ~g is a closure suitable for incrementally feeding small amounts of environmentally sourced entropy into g.
Its operation should be fast enough for repeated calling from e.g. event loops. Systems with several distinct, stable entropy sources should use stable source to distinguish their sources.
val seeded : g:g -> boolseeded ~g is true iff operations won't throw Unseeded_generator.
diff --git a/doc/mirage-crypto-rng-mirage/Mirage_crypto_rng_mirage/Make/Hmac_drbg/argument-1-H/index.html b/doc/mirage-crypto-rng-mirage/Mirage_crypto_rng_mirage/Make/Hmac_drbg/argument-1-H/index.html
deleted file mode 100644
index af4b96d0..00000000
--- a/doc/mirage-crypto-rng-mirage/Mirage_crypto_rng_mirage/Make/Hmac_drbg/argument-1-H/index.html
+++ /dev/null
@@ -1,6 +0,0 @@
-
-H (mirage-crypto-rng-mirage.Mirage_crypto_rng_mirage.Make.Hmac_drbg.H) Parameter Hmac_drbg.H
Core operations
val empty : tempty is the hash of the empty string.
feed t msg adds the information in msg to t.
feed is analogous to appending: feed (feed t msg1) msg2 = feed t (Cstruct.append msg1 msg2).
val get : t -> Mirage_crypto.Hash.digestget t is the digest corresponding to t.
HMAC operations
val hmac_empty : key:Cstruct.t -> hmachmac ~key is the hmac of the empty string using key key.
val hmac_get : hmac -> Mirage_crypto.Hash.digesthmac_get hmac is the hmac corresponding to hmac.
All-in-one
Functions that operate on data stored in a single chunk.
val digest : Cstruct.t -> Mirage_crypto.Hash.digestdigest msg is the digest of msg.
digest msg = get (feed empty msg)
val hmac : key:Cstruct.t -> Cstruct.t -> Mirage_crypto.Hash.digesthmac ~key bytes is the authentication code for bytes under the secret key, generated using the standard HMAC construction over this hash algorithm.
Functions over iterators
Functions that operate on arbitrary iterators. They can serve as a basis for other, more specialized aggregate hashing operations.
These functions are a little faster than using feed directly.
val feedi : t -> Cstruct.t Mirage_crypto.Hash.iter -> tfeedi t iter =
- (let r = ref t in iter (fun msg -> r := feed !r msg); !r)
val digesti : Cstruct.t Mirage_crypto.Hash.iter -> Mirage_crypto.Hash.digestdigesti iter = feedi empty iter |> get
val hmaci :
- key:Cstruct.t ->
- Cstruct.t Mirage_crypto.Hash.iter ->
- Mirage_crypto.Hash.digestSee hmac.
diff --git a/doc/mirage-crypto-rng-mirage/Mirage_crypto_rng_mirage/Make/Hmac_drbg/index.html b/doc/mirage-crypto-rng-mirage/Mirage_crypto_rng_mirage/Make/Hmac_drbg/index.html
deleted file mode 100644
index 8a034b42..00000000
--- a/doc/mirage-crypto-rng-mirage/Mirage_crypto_rng_mirage/Make/Hmac_drbg/index.html
+++ /dev/null
@@ -1,2 +0,0 @@
-
-Hmac_drbg (mirage-crypto-rng-mirage.Mirage_crypto_rng_mirage.Make.Hmac_drbg) Module Make.Hmac_drbg
HMAC_DRBG: A NIST-specified RNG based on HMAC construction over the provided hash.
Parameters
module H : Mirage_crypto.Hash.SSignature
Internally, this generator's generate always produces k * block bytes.
val generate : g:g -> int -> Cstruct.tgenerate ~g n produces n uniformly distributed random bytes, updating the state of g.
val reseed : g:g -> Cstruct.t -> unitreseed ~g bytes directly updates g. Its new state depends both on bytes and the previous state.
A generator is seded after a single application of reseed.
val accumulate : g:g -> Entropy.source -> [ `Acc of Cstruct.t -> unit ]accumulate ~g is a closure suitable for incrementally feeding small amounts of environmentally sourced entropy into g.
Its operation should be fast enough for repeated calling from e.g. event loops. Systems with several distinct, stable entropy sources should use stable source to distinguish their sources.
val seeded : g:g -> boolseeded ~g is true iff operations won't throw Unseeded_generator.
diff --git a/doc/mirage-crypto-rng-mirage/Mirage_crypto_rng_mirage/Make/index.html b/doc/mirage-crypto-rng-mirage/Mirage_crypto_rng_mirage/Make/index.html
index d664a5c5..658ccc8c 100644
--- a/doc/mirage-crypto-rng-mirage/Mirage_crypto_rng_mirage/Make/index.html
+++ b/doc/mirage-crypto-rng-mirage/Mirage_crypto_rng_mirage/Make/index.html
@@ -1,15 +1,6 @@
-Make (mirage-crypto-rng-mirage.Mirage_crypto_rng_mirage.Make) Module Mirage_crypto_rng_mirage.Make
Parameters
Signature
val initialize :
+Make (mirage-crypto-rng-mirage.Mirage_crypto_rng_mirage.Make) Module Mirage_crypto_rng_mirage.Make
Parameters
Signature
include S
type g = Mirage_crypto_rng.gA generator (PRNG) with its state.
module Entropy : sig ... endEntropy sources and collection
val generate_into : ?g:g -> bytes -> ?off:int -> int -> unitgenerate_into ~g buf ~off len invokes generate_into on g or default generator. The random data is put into buf starting at off (defaults to 0) with len bytes.
val generate : ?g:g -> int -> stringInvoke generate_into on g or default generator and a freshly allocated string.
val accumulate : g option -> Entropy.source -> [ `Acc of string -> unit ]accumulate g source is a function data -> unit to feed entropy to the RNG. This is useful if your system has a special entropy source.
val initialize :
?g:'a ->
?sleep:int64 ->
'a Mirage_crypto_rng.generator ->
- unit Lwt.tinitialize ~g ~sleep generator sets the default generator to the generator and sets up periodic entropy feeding for that rng. This function fails (Lwt.fail) if it is called a second time. The argument ~sleep is measured in ns, and used as sleep between cpu assisted random number collection. It defaults to one second.
include module type of Mirage_crypto_rng
Randomness
Secure random number generation.
There are several parts of this module:
- The signature of generator modules, together with a facility to convert such modules into actual generators, and functions that operate on this representation.
- A global generator instance, which needs to be initialized by calling
set_default_generator.
Usage notes
TL;DR Don't forget to seed; don't maintain your own g.
The RNGs here are merely the deterministic part of a full random number generation suite. For proper operation, they need to be seeded with a high-quality entropy source.
Suitable entropy feeding of generators are provided by other libraries mirage-crypto-rng-lwt (for Lwt), mirage-crypto-rng-async (for Async), mirage-crypto-rng-mirage (for MirageOS), mirage-crypto-rng.unix, and mirage-crypto-rng-eio (for Eio).
The intention is that "initialize" in the respective sub-library is called once, which sets the default generator and registers entropy harvesting asynchronous tasks. The semantics is that the entropy is always fed to the default generator, which is not necessarily the one set by "initialize". The reasoning behind this is that the default generator should be used in most setting, and that should be fed a constant stream of entropy.
mirage-crypto-rng-eio package differs slightly from other rng packages. Instead of the initilize function a run function is provided with similar behaviour, i.e. RNG setup, entropy collection and periodic reseeding.
Although this module exposes a more fine-grained interface, e.g. allowing manual seeding of generators, this is intended either for implementing entropy-harvesting modules, or very specialized purposes. Users of this library should almost certainly use one of the above entropy libraries, and avoid manually managing the generator seeding.
Similarly, although it is possible to swap the default generator and gain control over the random stream, this is also intended for specialized applications such as testing or similar scenarios where the RNG needs to be fully deterministic (RFC 6979, deterministic usage of DSA), or as a component of deterministic algorithms which internally rely on pseudorandom streams.
In the general case, users should not maintain their local instances of g. All of the generators in a process have to compete for entropy, and it is likely that the overall result will have lower effective unpredictability.
The recommended way to use these functions is either to accept an optional generator and pass it down, or to ignore the generator altogether, as illustrated in the examples.
Interface
Thrown when using an uninitialized generator.
Thrown when set_default_generator has not been called.
module Entropy : sig ... endEntropy sources and collection
module type Generator = sig ... endA single PRNG algorithm.
Ready-to-use RNG algorithms.
module Hmac_drbg (H : Mirage_crypto.Hash.S) : GeneratorHMAC_DRBG: A NIST-specified RNG based on HMAC construction over the provided hash.
val create :
- ?g:'a ->
- ?seed:Cstruct.t ->
- ?strict:bool ->
- ?time:(unit -> int64) ->
- 'a generator ->
- gcreate ~g ~seed ~strict ~time module uses a module conforming to the Generator signature to instantiate the generic generator g.
g is the state to use, otherwise a fresh one is created.
seed can be provided to immediately reseed the generator with.
strict puts the generator into a more standards-conformant, but slighty slower mode. Useful if the outputs need to match published test-vectors.
time is used to limit the amount of reseedings. Fortuna uses at most once every second.
val default_generator : unit -> gdefault_generator () is the default generator. Functions in this module use this generator when not explicitly supplied one.
val set_default_generator : g -> unitset_default_generator g sets the default generator to g. This function must be called once.
val generate : ?g:g -> int -> Cstruct.tInvoke generate on g or default generator.
val block : g option -> intBlock size of g or default generator.
Examples
Generating a random 13-byte Cstruct.t:
let cs = Rng.generate 13
Generating a list of Cstruct.t, passing down an optional generator:
let rec f1 ?g ~n i =
-if i < 1 then [] else Rng.generate ?g n :: f1 ?g ~n (i - 1)
Generating a Z.t smaller than 10:
let f2 ?g () = Mirage_crypto_pk.Z_extra.gen ?g Z.(~$10)
Creating a local Fortuna instance and using it as a key-derivation function:
let f3 secret =
-let g = Rng.(create ~seed:secret (module Generators.Fortuna)) in
-Rng.generate ~g 32
+ unit Lwt.tinitialize ~g ~sleep generator sets the default generator to the generator and sets up periodic entropy feeding for that rng. This function fails (Lwt.fail) if it is called a second time. The argument ~sleep is measured in ns, and used as sleep between cpu assisted random number collection. It defaults to one second.
diff --git a/doc/mirage-crypto-rng-mirage/Mirage_crypto_rng_mirage/Make/module-type-Generator/index.html b/doc/mirage-crypto-rng-mirage/Mirage_crypto_rng_mirage/Make/module-type-Generator/index.html
deleted file mode 100644
index 363207c8..00000000
--- a/doc/mirage-crypto-rng-mirage/Mirage_crypto_rng_mirage/Make/module-type-Generator/index.html
+++ /dev/null
@@ -1,2 +0,0 @@
-
-Generator (mirage-crypto-rng-mirage.Mirage_crypto_rng_mirage.Make.Generator) Module type Make.Generator
A single PRNG algorithm.
Internally, this generator's generate always produces k * block bytes.
val generate : g:g -> int -> Cstruct.tgenerate ~g n produces n uniformly distributed random bytes, updating the state of g.
val reseed : g:g -> Cstruct.t -> unitreseed ~g bytes directly updates g. Its new state depends both on bytes and the previous state.
A generator is seded after a single application of reseed.
val accumulate : g:g -> Entropy.source -> [ `Acc of Cstruct.t -> unit ]accumulate ~g is a closure suitable for incrementally feeding small amounts of environmentally sourced entropy into g.
Its operation should be fast enough for repeated calling from e.g. event loops. Systems with several distinct, stable entropy sources should use stable source to distinguish their sources.
val seeded : g:g -> boolseeded ~g is true iff operations won't throw Unseeded_generator.
diff --git a/doc/mirage-crypto-rng-mirage/Mirage_crypto_rng_mirage/index.html b/doc/mirage-crypto-rng-mirage/Mirage_crypto_rng_mirage/index.html
index c2ba10e5..4497e567 100644
--- a/doc/mirage-crypto-rng-mirage/Mirage_crypto_rng_mirage/index.html
+++ b/doc/mirage-crypto-rng-mirage/Mirage_crypto_rng_mirage/index.html
@@ -1,2 +1,2 @@
-Mirage_crypto_rng_mirage (mirage-crypto-rng-mirage.Mirage_crypto_rng_mirage) Module Mirage_crypto_rng_mirage
Mirage_crypto_rng_mirage (mirage-crypto-rng-mirage.Mirage_crypto_rng_mirage) Module Mirage_crypto_rng_mirage
Entropy (mirage-crypto-rng-mirage.Mirage_crypto_rng_mirage.S.Entropy) Module S.Entropy
Entropy sources and collection
type source = Mirage_crypto_rng.Entropy.sourceEntropy sources.
val sources : unit -> source listsources () returns the list of available sources.
val pp_source : Stdlib.Format.formatter -> source -> unitpp_source ppf source pretty-prints the entropy source on ppf.
val register_source : string -> sourceregister_source name registers name as entropy source.
diff --git a/doc/mirage-crypto-rng-mirage/Mirage_crypto_rng_mirage/module-type-S/index.html b/doc/mirage-crypto-rng-mirage/Mirage_crypto_rng_mirage/module-type-S/index.html
new file mode 100644
index 00000000..a35b8e85
--- /dev/null
+++ b/doc/mirage-crypto-rng-mirage/Mirage_crypto_rng_mirage/module-type-S/index.html
@@ -0,0 +1,2 @@
+
+S (mirage-crypto-rng-mirage.Mirage_crypto_rng_mirage.S) Module type Mirage_crypto_rng_mirage.S
type g = Mirage_crypto_rng.gA generator (PRNG) with its state.
module Entropy : sig ... endEntropy sources and collection
val generate_into : ?g:g -> bytes -> ?off:int -> int -> unitgenerate_into ~g buf ~off len invokes generate_into on g or default generator. The random data is put into buf starting at off (defaults to 0) with len bytes.
val generate : ?g:g -> int -> stringInvoke generate_into on g or default generator and a freshly allocated string.
val accumulate : g option -> Entropy.source -> [ `Acc of string -> unit ]accumulate g source is a function data -> unit to feed entropy to the RNG. This is useful if your system has a special entropy source.
diff --git a/doc/mirage-crypto-rng-mirage/index.html b/doc/mirage-crypto-rng-mirage/index.html
index ed97b61b..a10676de 100644
--- a/doc/mirage-crypto-rng-mirage/index.html
+++ b/doc/mirage-crypto-rng-mirage/index.html
@@ -1,2 +1,2 @@
-index (mirage-crypto-rng-mirage.index) mirage-crypto-rng-mirage index
Library mirage-crypto-rng-mirage
The entry point of this library is the module: Mirage_crypto_rng_mirage.
+index (mirage-crypto-rng-mirage.index) mirage-crypto-rng-mirage index
Library mirage-crypto-rng-mirage
The entry point of this library is the module: Mirage_crypto_rng_mirage.
diff --git a/doc/mirage-crypto-rng/Mirage_crypto_rng/Entropy/index.html b/doc/mirage-crypto-rng/Mirage_crypto_rng/Entropy/index.html
index d7c76f8e..611bccb8 100644
--- a/doc/mirage-crypto-rng/Mirage_crypto_rng/Entropy/index.html
+++ b/doc/mirage-crypto-rng/Mirage_crypto_rng/Entropy/index.html
@@ -1,2 +1,2 @@
-Entropy (mirage-crypto-rng.Mirage_crypto_rng.Entropy) Module Mirage_crypto_rng.Entropy
Entropy sources and collection
val sources : unit -> source listsources () returns the list of available sources.
val pp_source : Stdlib.Format.formatter -> source -> unitpp_source ppf source pretty-prints the entropy source on ppf.
val register_source : string -> sourceregister_source name registers name as entropy source.
Bootstrap
whirlwind_bootstrap id exploits CPU-level data races which lead to execution-time variability. It returns 200 bytes random data prefixed by id.
See http://www.ieee-security.org/TC/SP2014/papers/Not-So-RandomNumbersinVirtualizedLinuxandtheWhirlwindRNG.pdf for further details.
cpu_rng_bootstrap id returns 8 bytes of random data using the CPU RNG (rdseed or rdrand). On 32bit platforms, only 4 bytes are filled. The id is used as prefix.
bootstrap id is either cpu_rng_bootstrap, if the CPU supports it, or whirlwind_bootstrap if not.
Timer source
interrupt_hook () collects lower bytes from the cycle counter, to be used for entropy collection in the event loop.
val timer_accumulator : g option -> unit -> unittimer_accumulator g is the accumulator for the timer source, applying interrupt_hook on each call.
Periodic pulled sources
feed_pools g source f feeds all pools of g using source by executing f for each pool.
val cpu_rng : (g option -> unit -> unit, [ `Not_supported ]) Stdlib.Result.tcpu_rng g uses the CPU RNG (rdrand or rdseed) to feed all pools of g. It uses feed_pools internally. If neither rdrand nor rdseed are available, fun () -> () is returned.
+Entropy (mirage-crypto-rng.Mirage_crypto_rng.Entropy) Module Mirage_crypto_rng.Entropy
Entropy sources and collection
val sources : unit -> source listsources () returns the list of available sources.
val pp_source : Stdlib.Format.formatter -> source -> unitpp_source ppf source pretty-prints the entropy source on ppf.
val register_source : string -> sourceregister_source name registers name as entropy source.
Bootstrap
whirlwind_bootstrap id exploits CPU-level data races which lead to execution-time variability. It returns 200 bytes random data prefixed by id.
See http://www.ieee-security.org/TC/SP2014/papers/Not-So-RandomNumbersinVirtualizedLinuxandtheWhirlwindRNG.pdf for further details.
cpu_rng_bootstrap id returns 8 bytes of random data using the CPU RNG (rdseed or rdrand). On 32bit platforms, only 4 bytes are filled. The id is used as prefix.
bootstrap id is either cpu_rng_bootstrap, if the CPU supports it, or whirlwind_bootstrap if not.
Timer source
interrupt_hook collects lower bytes from the cycle counter, to be used for entropy collection in the event loop.
val timer_accumulator : g option -> unit -> unittimer_accumulator g is the accumulator for the timer source, applying interrupt_hook on each call.
Periodic pulled sources
feed_pools g source f feeds all pools of g using source by executing f for each pool.
val cpu_rng : (g option -> unit -> unit, [ `Not_supported ]) Stdlib.Result.tcpu_rng g uses the CPU RNG (rdrand or rdseed) to feed all pools of g. It uses feed_pools internally. If neither rdrand nor rdseed are available, fun () -> () is returned.
diff --git a/doc/mirage-crypto-rng/Mirage_crypto_rng/Fortuna/index.html b/doc/mirage-crypto-rng/Mirage_crypto_rng/Fortuna/index.html
index eb67bbef..a893937e 100644
--- a/doc/mirage-crypto-rng/Mirage_crypto_rng/Fortuna/index.html
+++ b/doc/mirage-crypto-rng/Mirage_crypto_rng/Fortuna/index.html
@@ -1,2 +1,2 @@
-Fortuna (mirage-crypto-rng.Mirage_crypto_rng.Fortuna) Module Mirage_crypto_rng.Fortuna
Fortuna, a CSPRNG proposed by Schneier.
Internally, this generator's generate always produces k * block bytes.
val generate : g:g -> int -> Cstruct.tgenerate ~g n produces n uniformly distributed random bytes, updating the state of g.
val reseed : g:g -> Cstruct.t -> unitreseed ~g bytes directly updates g. Its new state depends both on bytes and the previous state.
A generator is seded after a single application of reseed.
val accumulate : g:g -> Entropy.source -> [ `Acc of Cstruct.t -> unit ]accumulate ~g is a closure suitable for incrementally feeding small amounts of environmentally sourced entropy into g.
Its operation should be fast enough for repeated calling from e.g. event loops. Systems with several distinct, stable entropy sources should use stable source to distinguish their sources.
val seeded : g:g -> boolseeded ~g is true iff operations won't throw Unseeded_generator.
+Fortuna (mirage-crypto-rng.Mirage_crypto_rng.Fortuna) Module Mirage_crypto_rng.Fortuna
Fortuna, a CSPRNG proposed by Schneier.
Internally, this generator's generate always produces k * block bytes.
val generate_into : g:g -> bytes -> off:int -> int -> unitgenerate_into ~g buf ~off n produces n uniformly distributed random bytes into buf at offset off, updating the state of g.
val reseed : g:g -> string -> unitreseed ~g bytes directly updates g. Its new state depends both on bytes and the previous state.
A generator is seded after a single application of reseed.
val accumulate : g:g -> Entropy.source -> [ `Acc of string -> unit ]accumulate ~g is a closure suitable for incrementally feeding small amounts of environmentally sourced entropy into g.
Its operation should be fast enough for repeated calling from e.g. event loops. Systems with several distinct, stable entropy sources should use stable source to distinguish their sources.
val seeded : g:g -> boolseeded ~g is true iff operations won't throw Unseeded_generator.
diff --git a/doc/mirage-crypto-rng/Mirage_crypto_rng/Hmac_drbg/argument-1-H/index.html b/doc/mirage-crypto-rng/Mirage_crypto_rng/Hmac_drbg/argument-1-H/index.html
deleted file mode 100644
index 8713149e..00000000
--- a/doc/mirage-crypto-rng/Mirage_crypto_rng/Hmac_drbg/argument-1-H/index.html
+++ /dev/null
@@ -1,6 +0,0 @@
-
-H (mirage-crypto-rng.Mirage_crypto_rng.Hmac_drbg.H) Parameter Hmac_drbg.H
Core operations
val empty : tempty is the hash of the empty string.
feed t msg adds the information in msg to t.
feed is analogous to appending: feed (feed t msg1) msg2 = feed t (Cstruct.append msg1 msg2).
val get : t -> Mirage_crypto.Hash.digestget t is the digest corresponding to t.
HMAC operations
val hmac_empty : key:Cstruct.t -> hmachmac ~key is the hmac of the empty string using key key.
val hmac_get : hmac -> Mirage_crypto.Hash.digesthmac_get hmac is the hmac corresponding to hmac.
All-in-one
Functions that operate on data stored in a single chunk.
val digest : Cstruct.t -> Mirage_crypto.Hash.digestdigest msg is the digest of msg.
digest msg = get (feed empty msg)
val hmac : key:Cstruct.t -> Cstruct.t -> Mirage_crypto.Hash.digesthmac ~key bytes is the authentication code for bytes under the secret key, generated using the standard HMAC construction over this hash algorithm.
Functions over iterators
Functions that operate on arbitrary iterators. They can serve as a basis for other, more specialized aggregate hashing operations.
These functions are a little faster than using feed directly.
val feedi : t -> Cstruct.t Mirage_crypto.Hash.iter -> tfeedi t iter =
- (let r = ref t in iter (fun msg -> r := feed !r msg); !r)
val digesti : Cstruct.t Mirage_crypto.Hash.iter -> Mirage_crypto.Hash.digestdigesti iter = feedi empty iter |> get
val hmaci :
- key:Cstruct.t ->
- Cstruct.t Mirage_crypto.Hash.iter ->
- Mirage_crypto.Hash.digestSee hmac.
diff --git a/doc/mirage-crypto-rng/Mirage_crypto_rng/Hmac_drbg/index.html b/doc/mirage-crypto-rng/Mirage_crypto_rng/Hmac_drbg/index.html
index 58cc2aa5..617885cc 100644
--- a/doc/mirage-crypto-rng/Mirage_crypto_rng/Hmac_drbg/index.html
+++ b/doc/mirage-crypto-rng/Mirage_crypto_rng/Hmac_drbg/index.html
@@ -1,2 +1,2 @@
-Hmac_drbg (mirage-crypto-rng.Mirage_crypto_rng.Hmac_drbg) Module Mirage_crypto_rng.Hmac_drbg
HMAC_DRBG: A NIST-specified RNG based on HMAC construction over the provided hash.
Parameters
module H : Mirage_crypto.Hash.SSignature
Internally, this generator's generate always produces k * block bytes.
val generate : g:g -> int -> Cstruct.tgenerate ~g n produces n uniformly distributed random bytes, updating the state of g.
val reseed : g:g -> Cstruct.t -> unitreseed ~g bytes directly updates g. Its new state depends both on bytes and the previous state.
A generator is seded after a single application of reseed.
val accumulate : g:g -> Entropy.source -> [ `Acc of Cstruct.t -> unit ]accumulate ~g is a closure suitable for incrementally feeding small amounts of environmentally sourced entropy into g.
Its operation should be fast enough for repeated calling from e.g. event loops. Systems with several distinct, stable entropy sources should use stable source to distinguish their sources.
val seeded : g:g -> boolseeded ~g is true iff operations won't throw Unseeded_generator.
+Hmac_drbg (mirage-crypto-rng.Mirage_crypto_rng.Hmac_drbg) Module Mirage_crypto_rng.Hmac_drbg
HMAC_DRBG: A NIST-specified RNG based on HMAC construction over the provided hash.
Parameters
Signature
Internally, this generator's generate always produces k * block bytes.
val generate_into : g:g -> bytes -> off:int -> int -> unitgenerate_into ~g buf ~off n produces n uniformly distributed random bytes into buf at offset off, updating the state of g.
val reseed : g:g -> string -> unitreseed ~g bytes directly updates g. Its new state depends both on bytes and the previous state.
A generator is seded after a single application of reseed.
val accumulate : g:g -> Entropy.source -> [ `Acc of string -> unit ]accumulate ~g is a closure suitable for incrementally feeding small amounts of environmentally sourced entropy into g.
Its operation should be fast enough for repeated calling from e.g. event loops. Systems with several distinct, stable entropy sources should use stable source to distinguish their sources.
val seeded : g:g -> boolseeded ~g is true iff operations won't throw Unseeded_generator.
diff --git a/doc/mirage-crypto-rng/Mirage_crypto_rng/index.html b/doc/mirage-crypto-rng/Mirage_crypto_rng/index.html
index 38bb7406..d4245fcd 100644
--- a/doc/mirage-crypto-rng/Mirage_crypto_rng/index.html
+++ b/doc/mirage-crypto-rng/Mirage_crypto_rng/index.html
@@ -1,11 +1,11 @@
-Mirage_crypto_rng (mirage-crypto-rng.Mirage_crypto_rng) Module Mirage_crypto_rng
Randomness
Secure random number generation.
There are several parts of this module:
- The signature of generator modules, together with a facility to convert such modules into actual generators, and functions that operate on this representation.
- A global generator instance, which needs to be initialized by calling
set_default_generator.
Usage notes
TL;DR Don't forget to seed; don't maintain your own g.
The RNGs here are merely the deterministic part of a full random number generation suite. For proper operation, they need to be seeded with a high-quality entropy source.
Suitable entropy feeding of generators are provided by other libraries mirage-crypto-rng-lwt (for Lwt), mirage-crypto-rng-async (for Async), mirage-crypto-rng-mirage (for MirageOS), mirage-crypto-rng.unix, and mirage-crypto-rng-eio (for Eio).
The intention is that "initialize" in the respective sub-library is called once, which sets the default generator and registers entropy harvesting asynchronous tasks. The semantics is that the entropy is always fed to the default generator, which is not necessarily the one set by "initialize". The reasoning behind this is that the default generator should be used in most setting, and that should be fed a constant stream of entropy.
mirage-crypto-rng-eio package differs slightly from other rng packages. Instead of the initilize function a run function is provided with similar behaviour, i.e. RNG setup, entropy collection and periodic reseeding.
Although this module exposes a more fine-grained interface, e.g. allowing manual seeding of generators, this is intended either for implementing entropy-harvesting modules, or very specialized purposes. Users of this library should almost certainly use one of the above entropy libraries, and avoid manually managing the generator seeding.
Similarly, although it is possible to swap the default generator and gain control over the random stream, this is also intended for specialized applications such as testing or similar scenarios where the RNG needs to be fully deterministic (RFC 6979, deterministic usage of DSA), or as a component of deterministic algorithms which internally rely on pseudorandom streams.
In the general case, users should not maintain their local instances of g. All of the generators in a process have to compete for entropy, and it is likely that the overall result will have lower effective unpredictability.
The recommended way to use these functions is either to accept an optional generator and pass it down, or to ignore the generator altogether, as illustrated in the examples.
Interface
Thrown when using an uninitialized generator.
Thrown when set_default_generator has not been called.
module Entropy : sig ... endEntropy sources and collection
module type Generator = sig ... endA single PRNG algorithm.
Ready-to-use RNG algorithms.
module Hmac_drbg (H : Mirage_crypto.Hash.S) : GeneratorHMAC_DRBG: A NIST-specified RNG based on HMAC construction over the provided hash.
val create :
+Mirage_crypto_rng (mirage-crypto-rng.Mirage_crypto_rng) Module Mirage_crypto_rng
Randomness
Secure random number generation.
There are several parts of this module:
- The signature of generator modules, together with a facility to convert such modules into actual generators, and functions that operate on this representation.
- A global generator instance, which needs to be initialized by calling
set_default_generator.
Usage notes
TL;DR Don't forget to seed; don't maintain your own g.
The RNGs here are merely the deterministic part of a full random number generation suite. For proper operation, they need to be seeded with a high-quality entropy source.
Suitable entropy feeding of generators are provided by other libraries mirage-crypto-rng-lwt (for Lwt), mirage-crypto-rng-async (for Async), mirage-crypto-rng-mirage (for MirageOS), mirage-crypto-rng.unix, mirage-crypto-rng-eio (for Eio), and mirage-crypto-miou-unix (for Miou_unix).
The intention is that "initialize" in the respective sub-library is called once, which sets the default generator and registers entropy harvesting asynchronous tasks. The semantics is that the entropy is always fed to the default generator, which is not necessarily the one set by "initialize". The reasoning behind this is that the default generator should be used in most setting, and that should be fed a constant stream of entropy.
mirage-crypto-rng-eio package differs slightly from other rng packages. Instead of the initialize function a run function is provided with similar behaviour, i.e. RNG setup, entropy collection and periodic reseeding.
Although this module exposes a more fine-grained interface, e.g. allowing manual seeding of generators, this is intended either for implementing entropy-harvesting modules, or very specialized purposes. Users of this library should almost certainly use one of the above entropy libraries, and avoid manually managing the generator seeding.
Similarly, although it is possible to swap the default generator and gain control over the random stream, this is also intended for specialized applications such as testing or similar scenarios where the RNG needs to be fully deterministic (RFC 6979, deterministic usage of DSA), or as a component of deterministic algorithms which internally rely on pseudorandom streams.
In the general case, users should not maintain their local instances of g. All of the generators in a process have to compete for entropy, and it is likely that the overall result will have lower effective unpredictability.
The recommended way to use these functions is either to accept an optional generator and pass it down, or to ignore the generator altogether, as illustrated in the examples.
Interface
Thrown when using an uninitialized generator.
Thrown when set_default_generator has not been called.
module Entropy : sig ... endEntropy sources and collection
module type Generator = sig ... endA single PRNG algorithm.
Ready-to-use RNG algorithms.
HMAC_DRBG: A NIST-specified RNG based on HMAC construction over the provided hash.
val create :
?g:'a ->
- ?seed:Cstruct.t ->
+ ?seed:string ->
?strict:bool ->
?time:(unit -> int64) ->
'a generator ->
- gcreate ~g ~seed ~strict ~time module uses a module conforming to the Generator signature to instantiate the generic generator g.
g is the state to use, otherwise a fresh one is created.
seed can be provided to immediately reseed the generator with.
strict puts the generator into a more standards-conformant, but slighty slower mode. Useful if the outputs need to match published test-vectors.
time is used to limit the amount of reseedings. Fortuna uses at most once every second.
val default_generator : unit -> gdefault_generator () is the default generator. Functions in this module use this generator when not explicitly supplied one.
val set_default_generator : g -> unitset_default_generator g sets the default generator to g. This function must be called once.
val generate : ?g:g -> int -> Cstruct.tInvoke generate on g or default generator.
val block : g option -> intBlock size of g or default generator.
Examples
Generating a random 13-byte Cstruct.t:
let cs = Rng.generate 13
Generating a list of Cstruct.t, passing down an optional generator:
let rec f1 ?g ~n i =
+ g
create ~g ~seed ~strict ~time module uses a module conforming to the Generator signature to instantiate the generic generator g.
g is the state to use, otherwise a fresh one is created.
seed can be provided to immediately reseed the generator with.
strict puts the generator into a more standards-conformant, but slighty slower mode. Useful if the outputs need to match published test-vectors.
time is used to limit the amount of reseedings. Fortuna uses at most once every second.
val default_generator : unit -> gdefault_generator () is the default generator. Functions in this module use this generator when not explicitly supplied one.
val set_default_generator : g -> unitset_default_generator g sets the default generator to g. This function must be called once.
val generate_into : ?g:g -> bytes -> ?off:int -> int -> unitgenerate_into ~g buf ~off len invokes generate_into on g or default generator. The random data is put into buf starting at off (defaults to 0) with len bytes.
val generate : ?g:g -> int -> stringInvoke generate_into on g or default generator and a freshly allocated string.
val block : g option -> intBlock size of g or default generator.
Examples
Generating a random 13-byte string:
let cs = Rng.generate 13
Generating a list of string, passing down an optional generator:
let rec f1 ?g ~n i =
if i < 1 then [] else Rng.generate ?g n :: f1 ?g ~n (i - 1)
Generating a Z.t smaller than 10:
let f2 ?g () = Mirage_crypto_pk.Z_extra.gen ?g Z.(~$10)
Creating a local Fortuna instance and using it as a key-derivation function:
let f3 secret =
let g = Rng.(create ~seed:secret (module Generators.Fortuna)) in
Rng.generate ~g 32
diff --git a/doc/mirage-crypto-rng/Mirage_crypto_rng/module-type-Generator/index.html b/doc/mirage-crypto-rng/Mirage_crypto_rng/module-type-Generator/index.html
index 130065c2..2f877c34 100644
--- a/doc/mirage-crypto-rng/Mirage_crypto_rng/module-type-Generator/index.html
+++ b/doc/mirage-crypto-rng/Mirage_crypto_rng/module-type-Generator/index.html
@@ -1,2 +1,2 @@
-Generator (mirage-crypto-rng.Mirage_crypto_rng.Generator) Module type Mirage_crypto_rng.Generator
A single PRNG algorithm.
Internally, this generator's generate always produces k * block bytes.
val generate : g:g -> int -> Cstruct.tgenerate ~g n produces n uniformly distributed random bytes, updating the state of g.
val reseed : g:g -> Cstruct.t -> unitreseed ~g bytes directly updates g. Its new state depends both on bytes and the previous state.
A generator is seded after a single application of reseed.
val accumulate : g:g -> Entropy.source -> [ `Acc of Cstruct.t -> unit ]accumulate ~g is a closure suitable for incrementally feeding small amounts of environmentally sourced entropy into g.
Its operation should be fast enough for repeated calling from e.g. event loops. Systems with several distinct, stable entropy sources should use stable source to distinguish their sources.
val seeded : g:g -> boolseeded ~g is true iff operations won't throw Unseeded_generator.
+Generator (mirage-crypto-rng.Mirage_crypto_rng.Generator) Module type Mirage_crypto_rng.Generator
A single PRNG algorithm.
Internally, this generator's generate always produces k * block bytes.
val generate_into : g:g -> bytes -> off:int -> int -> unitgenerate_into ~g buf ~off n produces n uniformly distributed random bytes into buf at offset off, updating the state of g.
val reseed : g:g -> string -> unitreseed ~g bytes directly updates g. Its new state depends both on bytes and the previous state.
A generator is seded after a single application of reseed.
val accumulate : g:g -> Entropy.source -> [ `Acc of string -> unit ]accumulate ~g is a closure suitable for incrementally feeding small amounts of environmentally sourced entropy into g.
Its operation should be fast enough for repeated calling from e.g. event loops. Systems with several distinct, stable entropy sources should use stable source to distinguish their sources.
val seeded : g:g -> boolseeded ~g is true iff operations won't throw Unseeded_generator.
diff --git a/doc/mirage-crypto-rng/Mirage_crypto_rng_unix/index.html b/doc/mirage-crypto-rng/Mirage_crypto_rng_unix/index.html
index bd7cce8e..7af90bcc 100644
--- a/doc/mirage-crypto-rng/Mirage_crypto_rng_unix/index.html
+++ b/doc/mirage-crypto-rng/Mirage_crypto_rng_unix/index.html
@@ -1,2 +1,2 @@
-Mirage_crypto_rng_unix (mirage-crypto-rng.Mirage_crypto_rng_unix) Module Mirage_crypto_rng_unix
RNG seeding on Unix.
This module initializes a Fortuna RNG with getrandom(), and CPU RNG. On BSD systems (FreeBSD, OpenBSD, macOS) getentropy () is used instead of getrandom (). On Windows 10 or higher, BCryptGenRandom() is used with the default RNG. Windows 8 or lower are not supported by this library.
val initialize : ?g:'a -> 'a Mirage_crypto_rng.generator -> unitinitialize ~g rng will bring the RNG into a working state.
+Mirage_crypto_rng_unix (mirage-crypto-rng.Mirage_crypto_rng_unix) Module Mirage_crypto_rng_unix
RNG seeding on Unix.
This module initializes a Fortuna RNG with getrandom(), and CPU RNG. On BSD systems (FreeBSD, OpenBSD, macOS) getentropy () is used instead of getrandom (). On Windows 10 or higher, BCryptGenRandom() is used with the default RNG. Windows 8 or lower are not supported by this library.
val initialize : ?g:'a -> 'a Mirage_crypto_rng.generator -> unitinitialize ~g rng will bring the RNG into a working state.
diff --git a/doc/mirage-crypto-rng/index.html b/doc/mirage-crypto-rng/index.html
index 4fff6585..1537c2ff 100644
--- a/doc/mirage-crypto-rng/index.html
+++ b/doc/mirage-crypto-rng/index.html
@@ -1,2 +1,2 @@
-index (mirage-crypto-rng.index) mirage-crypto-rng index
Library mirage-crypto-rng
The entry point of this library is the module: Mirage_crypto_rng.
Library mirage-crypto-rng.unix
The entry point of this library is the module: Mirage_crypto_rng_unix.
+index (mirage-crypto-rng.index) mirage-crypto-rng index
Library mirage-crypto-rng
The entry point of this library is the module: Mirage_crypto_rng.
Library mirage-crypto-rng.unix
The entry point of this library is the module: Mirage_crypto_rng_unix.
diff --git a/doc/mirage-crypto/Mirage_crypto/AES/CBC/index.html b/doc/mirage-crypto/Mirage_crypto/AES/CBC/index.html
new file mode 100644
index 00000000..392de28d
--- /dev/null
+++ b/doc/mirage-crypto/Mirage_crypto/AES/CBC/index.html
@@ -0,0 +1,19 @@
+
+CBC (mirage-crypto.Mirage_crypto.AES.CBC) Module AES.CBC
val of_secret : string -> keyConstruct the encryption key corresponding to secret.
val encrypt : key:key -> iv:string -> string -> stringencrypt ~key ~iv msg is msg encrypted under key, using iv as the CBC initialization vector.
val decrypt : key:key -> iv:string -> string -> stringdecrypt ~key ~iv msg is the inverse of encrypt.
next_iv ~iv ciphertext ~off is the first iv following the encryption that used iv to produce ciphertext.
For protocols which perform inter-message chaining, this is the iv for the next message.
It is either iv, when String.length ciphertext - off = 0, or the last block of ciphertext. Note that
encrypt ~iv msg1 || encrypt ~iv:(next_iv ~iv (encrypt ~iv msg1)) msg2
+== encrypt ~iv (msg1 || msg2)
val encrypt_into :
+ key:key ->
+ iv:string ->
+ string ->
+ src_off:int ->
+ bytes ->
+ dst_off:int ->
+ int ->
+ unitencrypt_into ~key ~iv src ~src_off dst dst_off len encrypts len octets from src starting at src_off into dst starting at dst_off.
val decrypt_into :
+ key:key ->
+ iv:string ->
+ string ->
+ src_off:int ->
+ bytes ->
+ dst_off:int ->
+ int ->
+ unitdecrypt_into ~key ~iv src ~src_off dst dst_off len decrypts len octets from src starting at src_off into dst starting at dst_off.
diff --git a/doc/mirage-crypto/Mirage_crypto/AES/CCM16/index.html b/doc/mirage-crypto/Mirage_crypto/AES/CCM16/index.html
new file mode 100644
index 00000000..9244f9dc
--- /dev/null
+++ b/doc/mirage-crypto/Mirage_crypto/AES/CCM16/index.html
@@ -0,0 +1,43 @@
+
+CCM16 (mirage-crypto.Mirage_crypto.AES.CCM16) Module AES.CCM16
include AEAD
val of_secret : string -> keyof_secret secret constructs the encryption key corresponding to secret.
Authenticated encryption and decryption with inline tag
val authenticate_encrypt :
+ key:key ->
+ nonce:string ->
+ ?adata:string ->
+ string ->
+ stringauthenticate_encrypt ~key ~nonce ~adata msg encrypts msg with key and nonce, and appends an authentication tag computed over the encrypted msg, using key, nonce, and adata.
val authenticate_decrypt :
+ key:key ->
+ nonce:string ->
+ ?adata:string ->
+ string ->
+ string optionauthenticate_decrypt ~key ~nonce ~adata msg splits msg into encrypted data and authentication tag, computes the authentication tag using key, nonce, and adata, and decrypts the encrypted data. If the authentication tags match, the decrypted data is returned.
Authenticated encryption and decryption with tag provided separately
val authenticate_encrypt_tag :
+ key:key ->
+ nonce:string ->
+ ?adata:string ->
+ string ->
+ string * stringauthenticate_encrypt_tag ~key ~nonce ~adata msg encrypts msg with key and nonce. The computed authentication tag is returned separately as second part of the tuple.
val authenticate_decrypt_tag :
+ key:key ->
+ nonce:string ->
+ ?adata:string ->
+ tag:string ->
+ string ->
+ string optionauthenticate_decrypt ~key ~nonce ~adata ~tag msg computes the authentication tag using key, nonce, and adata, and decrypts the encrypted data. If the authentication tags match, the decrypted data is returned.
Authenticated encryption and decryption into existing buffers
val authenticate_encrypt_into :
+ key:key ->
+ nonce:string ->
+ ?adata:string ->
+ string ->
+ src_off:int ->
+ bytes ->
+ dst_off:int ->
+ tag_off:int ->
+ int ->
+ unitauthenticate_encrypt_into ~key ~nonce ~adata msg ~src_off dst ~dst_off ~tag_off len encrypts len bytes of msg starting at src_off with key and nonce. The output is put into dst at dst_off, the tag into dst at tag_off.
val authenticate_decrypt_into :
+ key:key ->
+ nonce:string ->
+ ?adata:string ->
+ string ->
+ src_off:int ->
+ tag_off:int ->
+ bytes ->
+ dst_off:int ->
+ int ->
+ boolauthenticate_decrypt_into ~key ~nonce ~adata msg ~src_off ~tag_off dst ~dst_off len computes the authentication tag using key, nonce, and adata, and decrypts the len bytes encrypted data from msg starting at src_off into dst starting at dst_off. If the authentication tags match, true is returned, and the decrypted data is in dst.
diff --git a/doc/mirage-crypto/Mirage_crypto/AES/CTR/index.html b/doc/mirage-crypto/Mirage_crypto/AES/CTR/index.html
new file mode 100644
index 00000000..aebeaa88
--- /dev/null
+++ b/doc/mirage-crypto/Mirage_crypto/AES/CTR/index.html
@@ -0,0 +1,20 @@
+
+CTR (mirage-crypto.Mirage_crypto.AES.CTR) Module AES.CTR
val of_secret : string -> keyConstruct the encryption key corresponding to secret.
next_ctr ~off msg ~ctr is the state of the counter after encrypting or decrypting msg at offset off with the counter ctr.
For protocols which perform inter-message chaining, this is the counter for the next message.
It is computed as C.add ctr (ceil (len msg / block_size)). Note that if len msg1 = k * block_size,
encrypt ~ctr msg1 || encrypt ~ctr:(next_ctr ~ctr msg1) msg2
+== encrypt ~ctr (msg1 || msg2)
val ctr_of_octets : string -> ctrctr_of_octets buf converts the value of buf into a counter.
stream ~key ~ctr n is the raw keystream.
Keystream is the concatenation of successive encrypted counter states. If E(x) is the single block x encrypted under key, then keystream is the first n bytes of E(ctr) || E(add ctr 1) || E(add ctr 2) || ....
Note that
stream ~key ~ctr (k * block_size) || stream ~key ~ctr:(add ctr k) x
+== stream ~key ~ctr (k * block_size + x)
In other words, it is possible to restart a keystream at block_size boundaries by manipulating the counter.
encrypt ~key ~ctr msg is stream ~key ~ctr (len msg) lxor msg.
stream_into ~key ~ctr dst ~off len is the raw key stream put into dst starting at off.
val encrypt_into :
+ key:key ->
+ ctr:ctr ->
+ string ->
+ src_off:int ->
+ bytes ->
+ dst_off:int ->
+ int ->
+ unitencrypt_into ~key ~ctr src ~src_off dst ~dst_off len produces the key stream into dst at dst_off, and then xors it with src at src_off.
val decrypt_into :
+ key:key ->
+ ctr:ctr ->
+ string ->
+ src_off:int ->
+ bytes ->
+ dst_off:int ->
+ int ->
+ unitdecrypt_into is encrypt_into.
diff --git a/doc/mirage-crypto/Mirage_crypto/AES/ECB/index.html b/doc/mirage-crypto/Mirage_crypto/AES/ECB/index.html
new file mode 100644
index 00000000..d3e4241d
--- /dev/null
+++ b/doc/mirage-crypto/Mirage_crypto/AES/ECB/index.html
@@ -0,0 +1,16 @@
+
+ECB (mirage-crypto.Mirage_crypto.AES.ECB) Module AES.ECB
val of_secret : string -> keyConstruct the encryption key corresponding to secret.
val encrypt : key:key -> string -> stringencrypt ~key src encrypts src into a freshly allocated buffer of the same size using key.
val decrypt : key:key -> string -> stringdecrypt ~key src decrypts src into a freshly allocated buffer of the same size using key.
val encrypt_into :
+ key:key ->
+ string ->
+ src_off:int ->
+ bytes ->
+ dst_off:int ->
+ int ->
+ unitencrypt_into ~key src ~src_off dst dst_off len encrypts len octets from src starting at src_off into dst starting at dst_off.
val decrypt_into :
+ key:key ->
+ string ->
+ src_off:int ->
+ bytes ->
+ dst_off:int ->
+ int ->
+ unitdecrypt_into ~key src ~src_off dst dst_off len decrypts len octets from src starting at src_off into dst starting at dst_off.
diff --git a/doc/mirage-crypto/Mirage_crypto/AES/GCM/index.html b/doc/mirage-crypto/Mirage_crypto/AES/GCM/index.html
new file mode 100644
index 00000000..4394821b
--- /dev/null
+++ b/doc/mirage-crypto/Mirage_crypto/AES/GCM/index.html
@@ -0,0 +1,43 @@
+
+GCM (mirage-crypto.Mirage_crypto.AES.GCM) Module AES.GCM
include AEAD
val of_secret : string -> keyof_secret secret constructs the encryption key corresponding to secret.
Authenticated encryption and decryption with inline tag
val authenticate_encrypt :
+ key:key ->
+ nonce:string ->
+ ?adata:string ->
+ string ->
+ stringauthenticate_encrypt ~key ~nonce ~adata msg encrypts msg with key and nonce, and appends an authentication tag computed over the encrypted msg, using key, nonce, and adata.
val authenticate_decrypt :
+ key:key ->
+ nonce:string ->
+ ?adata:string ->
+ string ->
+ string optionauthenticate_decrypt ~key ~nonce ~adata msg splits msg into encrypted data and authentication tag, computes the authentication tag using key, nonce, and adata, and decrypts the encrypted data. If the authentication tags match, the decrypted data is returned.
Authenticated encryption and decryption with tag provided separately
val authenticate_encrypt_tag :
+ key:key ->
+ nonce:string ->
+ ?adata:string ->
+ string ->
+ string * stringauthenticate_encrypt_tag ~key ~nonce ~adata msg encrypts msg with key and nonce. The computed authentication tag is returned separately as second part of the tuple.
val authenticate_decrypt_tag :
+ key:key ->
+ nonce:string ->
+ ?adata:string ->
+ tag:string ->
+ string ->
+ string optionauthenticate_decrypt ~key ~nonce ~adata ~tag msg computes the authentication tag using key, nonce, and adata, and decrypts the encrypted data. If the authentication tags match, the decrypted data is returned.
Authenticated encryption and decryption into existing buffers
val authenticate_encrypt_into :
+ key:key ->
+ nonce:string ->
+ ?adata:string ->
+ string ->
+ src_off:int ->
+ bytes ->
+ dst_off:int ->
+ tag_off:int ->
+ int ->
+ unitauthenticate_encrypt_into ~key ~nonce ~adata msg ~src_off dst ~dst_off ~tag_off len encrypts len bytes of msg starting at src_off with key and nonce. The output is put into dst at dst_off, the tag into dst at tag_off.
val authenticate_decrypt_into :
+ key:key ->
+ nonce:string ->
+ ?adata:string ->
+ string ->
+ src_off:int ->
+ tag_off:int ->
+ bytes ->
+ dst_off:int ->
+ int ->
+ boolauthenticate_decrypt_into ~key ~nonce ~adata msg ~src_off ~tag_off dst ~dst_off len computes the authentication tag using key, nonce, and adata, and decrypts the len bytes encrypted data from msg starting at src_off into dst starting at dst_off. If the authentication tags match, true is returned, and the decrypted data is in dst.
diff --git a/doc/mirage-crypto/Mirage_crypto/AES/index.html b/doc/mirage-crypto/Mirage_crypto/AES/index.html
new file mode 100644
index 00000000..be27893d
--- /dev/null
+++ b/doc/mirage-crypto/Mirage_crypto/AES/index.html
@@ -0,0 +1,2 @@
+
+AES (mirage-crypto.Mirage_crypto.AES) Module Mirage_crypto.AES
module CCM16 : Block.CCM16
diff --git a/doc/mirage-crypto/Mirage_crypto/ARC4/index.html b/doc/mirage-crypto/Mirage_crypto/ARC4/index.html
new file mode 100644
index 00000000..bbf7e6b3
--- /dev/null
+++ b/doc/mirage-crypto/Mirage_crypto/ARC4/index.html
@@ -0,0 +1,2 @@
+
+ARC4 (mirage-crypto.Mirage_crypto.ARC4) Module Mirage_crypto.ARC4
Alleged Rivest Cipher 4.
val of_secret : string -> key
diff --git a/doc/mirage-crypto/Mirage_crypto/Block/index.html b/doc/mirage-crypto/Mirage_crypto/Block/index.html
new file mode 100644
index 00000000..3db54862
--- /dev/null
+++ b/doc/mirage-crypto/Mirage_crypto/Block/index.html
@@ -0,0 +1,2 @@
+
+Block (mirage-crypto.Mirage_crypto.Block) Module Mirage_crypto.Block
Module types for various block cipher modes of operation.
Modes of operation:
module type ECB = sig ... endElectronic Codebook "mode".
module type CBC = sig ... endCipher-block chaining mode.
module type CTR = sig ... endCounter mode.
module type GCM = sig ... endGalois/Counter Mode.
module type CCM16 = sig ... endCounter with CBC-MAC mode.
diff --git a/doc/mirage-crypto/Mirage_crypto/Block/module-type-CBC/index.html b/doc/mirage-crypto/Mirage_crypto/Block/module-type-CBC/index.html
new file mode 100644
index 00000000..d3a15842
--- /dev/null
+++ b/doc/mirage-crypto/Mirage_crypto/Block/module-type-CBC/index.html
@@ -0,0 +1,19 @@
+
+CBC (mirage-crypto.Mirage_crypto.Block.CBC) Module type Block.CBC
Cipher-block chaining mode.
val of_secret : string -> keyConstruct the encryption key corresponding to secret.
val encrypt : key:key -> iv:string -> string -> stringencrypt ~key ~iv msg is msg encrypted under key, using iv as the CBC initialization vector.
val decrypt : key:key -> iv:string -> string -> stringdecrypt ~key ~iv msg is the inverse of encrypt.
next_iv ~iv ciphertext ~off is the first iv following the encryption that used iv to produce ciphertext.
For protocols which perform inter-message chaining, this is the iv for the next message.
It is either iv, when String.length ciphertext - off = 0, or the last block of ciphertext. Note that
encrypt ~iv msg1 || encrypt ~iv:(next_iv ~iv (encrypt ~iv msg1)) msg2
+== encrypt ~iv (msg1 || msg2)
val encrypt_into :
+ key:key ->
+ iv:string ->
+ string ->
+ src_off:int ->
+ bytes ->
+ dst_off:int ->
+ int ->
+ unitencrypt_into ~key ~iv src ~src_off dst dst_off len encrypts len octets from src starting at src_off into dst starting at dst_off.
val decrypt_into :
+ key:key ->
+ iv:string ->
+ string ->
+ src_off:int ->
+ bytes ->
+ dst_off:int ->
+ int ->
+ unitdecrypt_into ~key ~iv src ~src_off dst dst_off len decrypts len octets from src starting at src_off into dst starting at dst_off.
diff --git a/doc/mirage-crypto/Mirage_crypto/Block/module-type-CCM16/index.html b/doc/mirage-crypto/Mirage_crypto/Block/module-type-CCM16/index.html
new file mode 100644
index 00000000..98adaf89
--- /dev/null
+++ b/doc/mirage-crypto/Mirage_crypto/Block/module-type-CCM16/index.html
@@ -0,0 +1,43 @@
+
+CCM16 (mirage-crypto.Mirage_crypto.Block.CCM16) Module type Block.CCM16
Counter with CBC-MAC mode.
include AEAD
val of_secret : string -> keyof_secret secret constructs the encryption key corresponding to secret.
Authenticated encryption and decryption with inline tag
val authenticate_encrypt :
+ key:key ->
+ nonce:string ->
+ ?adata:string ->
+ string ->
+ stringauthenticate_encrypt ~key ~nonce ~adata msg encrypts msg with key and nonce, and appends an authentication tag computed over the encrypted msg, using key, nonce, and adata.
val authenticate_decrypt :
+ key:key ->
+ nonce:string ->
+ ?adata:string ->
+ string ->
+ string optionauthenticate_decrypt ~key ~nonce ~adata msg splits msg into encrypted data and authentication tag, computes the authentication tag using key, nonce, and adata, and decrypts the encrypted data. If the authentication tags match, the decrypted data is returned.
Authenticated encryption and decryption with tag provided separately
val authenticate_encrypt_tag :
+ key:key ->
+ nonce:string ->
+ ?adata:string ->
+ string ->
+ string * stringauthenticate_encrypt_tag ~key ~nonce ~adata msg encrypts msg with key and nonce. The computed authentication tag is returned separately as second part of the tuple.
val authenticate_decrypt_tag :
+ key:key ->
+ nonce:string ->
+ ?adata:string ->
+ tag:string ->
+ string ->
+ string optionauthenticate_decrypt ~key ~nonce ~adata ~tag msg computes the authentication tag using key, nonce, and adata, and decrypts the encrypted data. If the authentication tags match, the decrypted data is returned.
Authenticated encryption and decryption into existing buffers
val authenticate_encrypt_into :
+ key:key ->
+ nonce:string ->
+ ?adata:string ->
+ string ->
+ src_off:int ->
+ bytes ->
+ dst_off:int ->
+ tag_off:int ->
+ int ->
+ unitauthenticate_encrypt_into ~key ~nonce ~adata msg ~src_off dst ~dst_off ~tag_off len encrypts len bytes of msg starting at src_off with key and nonce. The output is put into dst at dst_off, the tag into dst at tag_off.
val authenticate_decrypt_into :
+ key:key ->
+ nonce:string ->
+ ?adata:string ->
+ string ->
+ src_off:int ->
+ tag_off:int ->
+ bytes ->
+ dst_off:int ->
+ int ->
+ boolauthenticate_decrypt_into ~key ~nonce ~adata msg ~src_off ~tag_off dst ~dst_off len computes the authentication tag using key, nonce, and adata, and decrypts the len bytes encrypted data from msg starting at src_off into dst starting at dst_off. If the authentication tags match, true is returned, and the decrypted data is in dst.
diff --git a/doc/mirage-crypto/Mirage_crypto/Block/module-type-CTR/index.html b/doc/mirage-crypto/Mirage_crypto/Block/module-type-CTR/index.html
new file mode 100644
index 00000000..bb5f3a64
--- /dev/null
+++ b/doc/mirage-crypto/Mirage_crypto/Block/module-type-CTR/index.html
@@ -0,0 +1,20 @@
+
+CTR (mirage-crypto.Mirage_crypto.Block.CTR) Module type Block.CTR
Counter mode.
val of_secret : string -> keyConstruct the encryption key corresponding to secret.
next_ctr ~off msg ~ctr is the state of the counter after encrypting or decrypting msg at offset off with the counter ctr.
For protocols which perform inter-message chaining, this is the counter for the next message.
It is computed as C.add ctr (ceil (len msg / block_size)). Note that if len msg1 = k * block_size,
encrypt ~ctr msg1 || encrypt ~ctr:(next_ctr ~ctr msg1) msg2
+== encrypt ~ctr (msg1 || msg2)
val ctr_of_octets : string -> ctrctr_of_octets buf converts the value of buf into a counter.
stream ~key ~ctr n is the raw keystream.
Keystream is the concatenation of successive encrypted counter states. If E(x) is the single block x encrypted under key, then keystream is the first n bytes of E(ctr) || E(add ctr 1) || E(add ctr 2) || ....
Note that
stream ~key ~ctr (k * block_size) || stream ~key ~ctr:(add ctr k) x
+== stream ~key ~ctr (k * block_size + x)
In other words, it is possible to restart a keystream at block_size boundaries by manipulating the counter.
encrypt ~key ~ctr msg is stream ~key ~ctr (len msg) lxor msg.
stream_into ~key ~ctr dst ~off len is the raw key stream put into dst starting at off.
val encrypt_into :
+ key:key ->
+ ctr:ctr ->
+ string ->
+ src_off:int ->
+ bytes ->
+ dst_off:int ->
+ int ->
+ unitencrypt_into ~key ~ctr src ~src_off dst ~dst_off len produces the key stream into dst at dst_off, and then xors it with src at src_off.
val decrypt_into :
+ key:key ->
+ ctr:ctr ->
+ string ->
+ src_off:int ->
+ bytes ->
+ dst_off:int ->
+ int ->
+ unitdecrypt_into is encrypt_into.
diff --git a/doc/mirage-crypto/Mirage_crypto/Block/module-type-ECB/index.html b/doc/mirage-crypto/Mirage_crypto/Block/module-type-ECB/index.html
new file mode 100644
index 00000000..ae362671
--- /dev/null
+++ b/doc/mirage-crypto/Mirage_crypto/Block/module-type-ECB/index.html
@@ -0,0 +1,16 @@
+
+ECB (mirage-crypto.Mirage_crypto.Block.ECB) Module type Block.ECB
Electronic Codebook "mode".
val of_secret : string -> keyConstruct the encryption key corresponding to secret.
val encrypt : key:key -> string -> stringencrypt ~key src encrypts src into a freshly allocated buffer of the same size using key.
val decrypt : key:key -> string -> stringdecrypt ~key src decrypts src into a freshly allocated buffer of the same size using key.
val encrypt_into :
+ key:key ->
+ string ->
+ src_off:int ->
+ bytes ->
+ dst_off:int ->
+ int ->
+ unitencrypt_into ~key src ~src_off dst dst_off len encrypts len octets from src starting at src_off into dst starting at dst_off.
val decrypt_into :
+ key:key ->
+ string ->
+ src_off:int ->
+ bytes ->
+ dst_off:int ->
+ int ->
+ unitdecrypt_into ~key src ~src_off dst dst_off len decrypts len octets from src starting at src_off into dst starting at dst_off.
diff --git a/doc/mirage-crypto/Mirage_crypto/Block/module-type-GCM/index.html b/doc/mirage-crypto/Mirage_crypto/Block/module-type-GCM/index.html
new file mode 100644
index 00000000..617b6ef1
--- /dev/null
+++ b/doc/mirage-crypto/Mirage_crypto/Block/module-type-GCM/index.html
@@ -0,0 +1,43 @@
+
+GCM (mirage-crypto.Mirage_crypto.Block.GCM) Module type Block.GCM
Galois/Counter Mode.
include AEAD
val of_secret : string -> keyof_secret secret constructs the encryption key corresponding to secret.
Authenticated encryption and decryption with inline tag
val authenticate_encrypt :
+ key:key ->
+ nonce:string ->
+ ?adata:string ->
+ string ->
+ stringauthenticate_encrypt ~key ~nonce ~adata msg encrypts msg with key and nonce, and appends an authentication tag computed over the encrypted msg, using key, nonce, and adata.
val authenticate_decrypt :
+ key:key ->
+ nonce:string ->
+ ?adata:string ->
+ string ->
+ string optionauthenticate_decrypt ~key ~nonce ~adata msg splits msg into encrypted data and authentication tag, computes the authentication tag using key, nonce, and adata, and decrypts the encrypted data. If the authentication tags match, the decrypted data is returned.
Authenticated encryption and decryption with tag provided separately
val authenticate_encrypt_tag :
+ key:key ->
+ nonce:string ->
+ ?adata:string ->
+ string ->
+ string * stringauthenticate_encrypt_tag ~key ~nonce ~adata msg encrypts msg with key and nonce. The computed authentication tag is returned separately as second part of the tuple.
val authenticate_decrypt_tag :
+ key:key ->
+ nonce:string ->
+ ?adata:string ->
+ tag:string ->
+ string ->
+ string optionauthenticate_decrypt ~key ~nonce ~adata ~tag msg computes the authentication tag using key, nonce, and adata, and decrypts the encrypted data. If the authentication tags match, the decrypted data is returned.
Authenticated encryption and decryption into existing buffers
val authenticate_encrypt_into :
+ key:key ->
+ nonce:string ->
+ ?adata:string ->
+ string ->
+ src_off:int ->
+ bytes ->
+ dst_off:int ->
+ tag_off:int ->
+ int ->
+ unitauthenticate_encrypt_into ~key ~nonce ~adata msg ~src_off dst ~dst_off ~tag_off len encrypts len bytes of msg starting at src_off with key and nonce. The output is put into dst at dst_off, the tag into dst at tag_off.
val authenticate_decrypt_into :
+ key:key ->
+ nonce:string ->
+ ?adata:string ->
+ string ->
+ src_off:int ->
+ tag_off:int ->
+ bytes ->
+ dst_off:int ->
+ int ->
+ boolauthenticate_decrypt_into ~key ~nonce ~adata msg ~src_off ~tag_off dst ~dst_off len computes the authentication tag using key, nonce, and adata, and decrypts the len bytes encrypted data from msg starting at src_off into dst starting at dst_off. If the authentication tags match, true is returned, and the decrypted data is in dst.
diff --git a/doc/mirage-crypto/Mirage_crypto/Chacha20/index.html b/doc/mirage-crypto/Mirage_crypto/Chacha20/index.html
index 1175889f..e1784868 100644
--- a/doc/mirage-crypto/Mirage_crypto/Chacha20/index.html
+++ b/doc/mirage-crypto/Mirage_crypto/Chacha20/index.html
@@ -1,23 +1,43 @@
-Chacha20 (mirage-crypto.Mirage_crypto.Chacha20) Module Mirage_crypto.Chacha20
The ChaCha20 cipher proposed by D.J. Bernstein.
include AEAD
val of_secret : Cstruct.t -> keyof_secret secret constructs the encryption key corresponding to secret.
Authenticated encryption and decryption with inline tag
val authenticate_encrypt :
+Chacha20 (mirage-crypto.Mirage_crypto.Chacha20) Module Mirage_crypto.Chacha20
The ChaCha20 cipher proposed by D.J. Bernstein.
include AEAD
val of_secret : string -> keyof_secret secret constructs the encryption key corresponding to secret.
Authenticated encryption and decryption with inline tag
val authenticate_encrypt :
key:key ->
- nonce:Cstruct.t ->
- ?adata:Cstruct.t ->
- Cstruct.t ->
- Cstruct.tauthenticate_encrypt ~key ~nonce ~adata msg encrypts msg with key and nonce, and appends an authentication tag computed over the encrypted msg, using key, nonce, and adata.
authenticate_encrypt ~key ~nonce ~adata msg encrypts msg with key and nonce, and appends an authentication tag computed over the encrypted msg, using key, nonce, and adata.
val authenticate_decrypt :
key:key ->
- nonce:Cstruct.t ->
- ?adata:Cstruct.t ->
- Cstruct.t ->
- Cstruct.t optionauthenticate_decrypt ~key ~nonce ~adata msg splits msg into encrypted data and authentication tag, computes the authentication tag using key, nonce, and adata, and decrypts the encrypted data. If the authentication tags match, the decrypted data is returned.
Authenticated encryption and decryption with tag provided separately
authenticate_decrypt ~key ~nonce ~adata msg splits msg into encrypted data and authentication tag, computes the authentication tag using key, nonce, and adata, and decrypts the encrypted data. If the authentication tags match, the decrypted data is returned.
Authenticated encryption and decryption with tag provided separately
val authenticate_encrypt_tag :
key:key ->
- nonce:Cstruct.t ->
- ?adata:Cstruct.t ->
- Cstruct.t ->
- Cstruct.t * Cstruct.tauthenticate_encrypt_tag ~key ~nonce ~adata msg encrypts msg with key and nonce. The computed authentication tag is returned separately as second part of the tuple.
authenticate_encrypt_tag ~key ~nonce ~adata msg encrypts msg with key and nonce. The computed authentication tag is returned separately as second part of the tuple.
val authenticate_decrypt_tag :
key:key ->
- nonce:Cstruct.t ->
- ?adata:Cstruct.t ->
- tag:Cstruct.t ->
- Cstruct.t ->
- Cstruct.t optionauthenticate_decrypt ~key ~nonce ~adata ~tag msg computes the authentication tag using key, nonce, and adata, and decrypts the encrypted data. If the authentication tags match, the decrypted data is returned.
val crypt : key:key -> nonce:Cstruct.t -> ?ctr:int64 -> Cstruct.t -> Cstruct.tcrypt ~key ~nonce ~ctr data generates a ChaCha20 key stream using the key, and nonce. The ctr defaults to 0. The generated key stream is of the same length as data, and the output is the XOR of the key stream and data. This implements, depending on the size of the nonce (8 or 12 bytes) both the original specification (where the counter is 8 byte, same as the nonce) and the IETF RFC 8439 specification (where nonce is 12 bytes, and counter 4 bytes).
+ nonce:string ->
+ ?adata:string ->
+ tag:string ->
+ string ->
+ string optionauthenticate_decrypt ~key ~nonce ~adata ~tag msg computes the authentication tag using key, nonce, and adata, and decrypts the encrypted data. If the authentication tags match, the decrypted data is returned.
Authenticated encryption and decryption into existing buffers
val authenticate_encrypt_into :
+ key:key ->
+ nonce:string ->
+ ?adata:string ->
+ string ->
+ src_off:int ->
+ bytes ->
+ dst_off:int ->
+ tag_off:int ->
+ int ->
+ unitauthenticate_encrypt_into ~key ~nonce ~adata msg ~src_off dst ~dst_off ~tag_off len encrypts len bytes of msg starting at src_off with key and nonce. The output is put into dst at dst_off, the tag into dst at tag_off.
val authenticate_decrypt_into :
+ key:key ->
+ nonce:string ->
+ ?adata:string ->
+ string ->
+ src_off:int ->
+ tag_off:int ->
+ bytes ->
+ dst_off:int ->
+ int ->
+ boolauthenticate_decrypt_into ~key ~nonce ~adata msg ~src_off ~tag_off dst ~dst_off len computes the authentication tag using key, nonce, and adata, and decrypts the len bytes encrypted data from msg starting at src_off into dst starting at dst_off. If the authentication tags match, true is returned, and the decrypted data is in dst.
val crypt : key:key -> nonce:string -> ?ctr:int64 -> string -> stringcrypt ~key ~nonce ~ctr data generates a ChaCha20 key stream using the key, and nonce. The ctr defaults to 0. The generated key stream is of the same length as data, and the output is the XOR of the key stream and data. This implements, depending on the size of the nonce (8 or 12 bytes) both the original specification (where the counter is 8 byte, same as the nonce) and the IETF RFC 8439 specification (where nonce is 12 bytes, and counter 4 bytes).
diff --git a/doc/mirage-crypto/Mirage_crypto/Cipher_block/AES/CBC/index.html b/doc/mirage-crypto/Mirage_crypto/Cipher_block/AES/CBC/index.html
deleted file mode 100644
index 8d7f483e..00000000
--- a/doc/mirage-crypto/Mirage_crypto/Cipher_block/AES/CBC/index.html
+++ /dev/null
@@ -1,3 +0,0 @@
-
-CBC (mirage-crypto.Mirage_crypto.Cipher_block.AES.CBC) Module AES.CBC
val of_secret : Cstruct.t -> keyConstruct the encryption key corresponding to secret.
val encrypt : key:key -> iv:Cstruct.t -> Cstruct.t -> Cstruct.tencrypt ~key ~iv msg is msg encrypted under key, using iv as the CBC initialization vector.
val decrypt : key:key -> iv:Cstruct.t -> Cstruct.t -> Cstruct.tdecrypt ~key ~iv msg is the inverse of encrypt.
next_iv ~iv ciphertext is the first iv following the encryption that used iv to produce ciphertext.
For protocols which perform inter-message chaining, this is the iv for the next message.
It is either iv, when len ciphertext = 0, or the last block of ciphertext. Note that
encrypt ~iv msg1 || encrypt ~iv:(next_iv ~iv (encrypt ~iv msg1)) msg2
-== encrypt ~iv (msg1 || msg2)
diff --git a/doc/mirage-crypto/Mirage_crypto/Cipher_block/AES/CCM16/index.html b/doc/mirage-crypto/Mirage_crypto/Cipher_block/AES/CCM16/index.html
deleted file mode 100644
index 78b1c094..00000000
--- a/doc/mirage-crypto/Mirage_crypto/Cipher_block/AES/CCM16/index.html
+++ /dev/null
@@ -1,23 +0,0 @@
-
-CCM16 (mirage-crypto.Mirage_crypto.Cipher_block.AES.CCM16) Module AES.CCM16
include AEAD
val of_secret : Cstruct.t -> keyof_secret secret constructs the encryption key corresponding to secret.
Authenticated encryption and decryption with inline tag
val authenticate_encrypt :
- key:key ->
- nonce:Cstruct.t ->
- ?adata:Cstruct.t ->
- Cstruct.t ->
- Cstruct.tauthenticate_encrypt ~key ~nonce ~adata msg encrypts msg with key and nonce, and appends an authentication tag computed over the encrypted msg, using key, nonce, and adata.
val authenticate_decrypt :
- key:key ->
- nonce:Cstruct.t ->
- ?adata:Cstruct.t ->
- Cstruct.t ->
- Cstruct.t optionauthenticate_decrypt ~key ~nonce ~adata msg splits msg into encrypted data and authentication tag, computes the authentication tag using key, nonce, and adata, and decrypts the encrypted data. If the authentication tags match, the decrypted data is returned.
Authenticated encryption and decryption with tag provided separately
val authenticate_encrypt_tag :
- key:key ->
- nonce:Cstruct.t ->
- ?adata:Cstruct.t ->
- Cstruct.t ->
- Cstruct.t * Cstruct.tauthenticate_encrypt_tag ~key ~nonce ~adata msg encrypts msg with key and nonce. The computed authentication tag is returned separately as second part of the tuple.
val authenticate_decrypt_tag :
- key:key ->
- nonce:Cstruct.t ->
- ?adata:Cstruct.t ->
- tag:Cstruct.t ->
- Cstruct.t ->
- Cstruct.t optionauthenticate_decrypt ~key ~nonce ~adata ~tag msg computes the authentication tag using key, nonce, and adata, and decrypts the encrypted data. If the authentication tags match, the decrypted data is returned.
diff --git a/doc/mirage-crypto/Mirage_crypto/Cipher_block/AES/CTR/index.html b/doc/mirage-crypto/Mirage_crypto/Cipher_block/AES/CTR/index.html
deleted file mode 100644
index 49d5b021..00000000
--- a/doc/mirage-crypto/Mirage_crypto/Cipher_block/AES/CTR/index.html
+++ /dev/null
@@ -1,4 +0,0 @@
-
-CTR (mirage-crypto.Mirage_crypto.Cipher_block.AES.CTR) Module AES.CTR
val of_secret : Cstruct.t -> keyConstruct the encryption key corresponding to secret.
stream ~key ~ctr n is the raw keystream.
Keystream is the concatenation of successive encrypted counter states. If E(x) is the single block x encrypted under key, then keystream is the first n bytes of E(ctr) || E(add ctr 1) || E(add ctr 2) || ....
Note that
stream ~key ~ctr (k * block_size) || stream ~key ~ctr:(add ctr k) x
-== stream ~key ~ctr (k * block_size + x)
In other words, it is possible to restart a keystream at block_size boundaries by manipulating the counter.
encrypt ~key ~ctr msg is stream ~key ~ctr ~off (len msg) lxor msg.
next_ctr ~ctr msg is the state of the counter after encrypting or decrypting msg with the counter ctr.
For protocols which perform inter-message chaining, this is the counter for the next message.
It is computed as C.add ctr (ceil (len msg / block_size)). Note that if len msg1 = k * block_size,
encrypt ~ctr msg1 || encrypt ~ctr:(next_ctr ~ctr msg1) msg2
-== encrypt ~ctr (msg1 || msg2)
val ctr_of_cstruct : Cstruct.t -> ctrctr_of_cstruct cs converts the value of cs into a counter.
diff --git a/doc/mirage-crypto/Mirage_crypto/Cipher_block/AES/ECB/index.html b/doc/mirage-crypto/Mirage_crypto/Cipher_block/AES/ECB/index.html
deleted file mode 100644
index 0638153c..00000000
--- a/doc/mirage-crypto/Mirage_crypto/Cipher_block/AES/ECB/index.html
+++ /dev/null
@@ -1,2 +0,0 @@
-
-ECB (mirage-crypto.Mirage_crypto.Cipher_block.AES.ECB) Module AES.ECB
val of_secret : Cstruct.t -> keyval encrypt : key:key -> Cstruct.t -> Cstruct.tval decrypt : key:key -> Cstruct.t -> Cstruct.t
diff --git a/doc/mirage-crypto/Mirage_crypto/Cipher_block/AES/GCM/index.html b/doc/mirage-crypto/Mirage_crypto/Cipher_block/AES/GCM/index.html
deleted file mode 100644
index bf7110d8..00000000
--- a/doc/mirage-crypto/Mirage_crypto/Cipher_block/AES/GCM/index.html
+++ /dev/null
@@ -1,23 +0,0 @@
-
-GCM (mirage-crypto.Mirage_crypto.Cipher_block.AES.GCM) Module AES.GCM
include AEAD
val of_secret : Cstruct.t -> keyof_secret secret constructs the encryption key corresponding to secret.
Authenticated encryption and decryption with inline tag
val authenticate_encrypt :
- key:key ->
- nonce:Cstruct.t ->
- ?adata:Cstruct.t ->
- Cstruct.t ->
- Cstruct.tauthenticate_encrypt ~key ~nonce ~adata msg encrypts msg with key and nonce, and appends an authentication tag computed over the encrypted msg, using key, nonce, and adata.
val authenticate_decrypt :
- key:key ->
- nonce:Cstruct.t ->
- ?adata:Cstruct.t ->
- Cstruct.t ->
- Cstruct.t optionauthenticate_decrypt ~key ~nonce ~adata msg splits msg into encrypted data and authentication tag, computes the authentication tag using key, nonce, and adata, and decrypts the encrypted data. If the authentication tags match, the decrypted data is returned.
Authenticated encryption and decryption with tag provided separately
val authenticate_encrypt_tag :
- key:key ->
- nonce:Cstruct.t ->
- ?adata:Cstruct.t ->
- Cstruct.t ->
- Cstruct.t * Cstruct.tauthenticate_encrypt_tag ~key ~nonce ~adata msg encrypts msg with key and nonce. The computed authentication tag is returned separately as second part of the tuple.
val authenticate_decrypt_tag :
- key:key ->
- nonce:Cstruct.t ->
- ?adata:Cstruct.t ->
- tag:Cstruct.t ->
- Cstruct.t ->
- Cstruct.t optionauthenticate_decrypt ~key ~nonce ~adata ~tag msg computes the authentication tag using key, nonce, and adata, and decrypts the encrypted data. If the authentication tags match, the decrypted data is returned.
diff --git a/doc/mirage-crypto/Mirage_crypto/Cipher_block/AES/index.html b/doc/mirage-crypto/Mirage_crypto/Cipher_block/AES/index.html
deleted file mode 100644
index cf65db31..00000000
--- a/doc/mirage-crypto/Mirage_crypto/Cipher_block/AES/index.html
+++ /dev/null
@@ -1,2 +0,0 @@
-
-AES (mirage-crypto.Mirage_crypto.Cipher_block.AES) Module Cipher_block.AES
CBC (mirage-crypto.Mirage_crypto.Cipher_block.DES.CBC) Module DES.CBC
val of_secret : Cstruct.t -> keyConstruct the encryption key corresponding to secret.
val encrypt : key:key -> iv:Cstruct.t -> Cstruct.t -> Cstruct.tencrypt ~key ~iv msg is msg encrypted under key, using iv as the CBC initialization vector.
val decrypt : key:key -> iv:Cstruct.t -> Cstruct.t -> Cstruct.tdecrypt ~key ~iv msg is the inverse of encrypt.
next_iv ~iv ciphertext is the first iv following the encryption that used iv to produce ciphertext.
For protocols which perform inter-message chaining, this is the iv for the next message.
It is either iv, when len ciphertext = 0, or the last block of ciphertext. Note that
encrypt ~iv msg1 || encrypt ~iv:(next_iv ~iv (encrypt ~iv msg1)) msg2
-== encrypt ~iv (msg1 || msg2)
diff --git a/doc/mirage-crypto/Mirage_crypto/Cipher_block/DES/CTR/index.html b/doc/mirage-crypto/Mirage_crypto/Cipher_block/DES/CTR/index.html
deleted file mode 100644
index e6fffb82..00000000
--- a/doc/mirage-crypto/Mirage_crypto/Cipher_block/DES/CTR/index.html
+++ /dev/null
@@ -1,4 +0,0 @@
-
-CTR (mirage-crypto.Mirage_crypto.Cipher_block.DES.CTR) Module DES.CTR
val of_secret : Cstruct.t -> keyConstruct the encryption key corresponding to secret.
stream ~key ~ctr n is the raw keystream.
Keystream is the concatenation of successive encrypted counter states. If E(x) is the single block x encrypted under key, then keystream is the first n bytes of E(ctr) || E(add ctr 1) || E(add ctr 2) || ....
Note that
stream ~key ~ctr (k * block_size) || stream ~key ~ctr:(add ctr k) x
-== stream ~key ~ctr (k * block_size + x)
In other words, it is possible to restart a keystream at block_size boundaries by manipulating the counter.
encrypt ~key ~ctr msg is stream ~key ~ctr ~off (len msg) lxor msg.
next_ctr ~ctr msg is the state of the counter after encrypting or decrypting msg with the counter ctr.
For protocols which perform inter-message chaining, this is the counter for the next message.
It is computed as C.add ctr (ceil (len msg / block_size)). Note that if len msg1 = k * block_size,
encrypt ~ctr msg1 || encrypt ~ctr:(next_ctr ~ctr msg1) msg2
-== encrypt ~ctr (msg1 || msg2)
val ctr_of_cstruct : Cstruct.t -> ctrctr_of_cstruct cs converts the value of cs into a counter.
diff --git a/doc/mirage-crypto/Mirage_crypto/Cipher_block/DES/ECB/index.html b/doc/mirage-crypto/Mirage_crypto/Cipher_block/DES/ECB/index.html
deleted file mode 100644
index 154f36a1..00000000
--- a/doc/mirage-crypto/Mirage_crypto/Cipher_block/DES/ECB/index.html
+++ /dev/null
@@ -1,2 +0,0 @@
-
-ECB (mirage-crypto.Mirage_crypto.Cipher_block.DES.ECB) Module DES.ECB
val of_secret : Cstruct.t -> keyval encrypt : key:key -> Cstruct.t -> Cstruct.tval decrypt : key:key -> Cstruct.t -> Cstruct.t
diff --git a/doc/mirage-crypto/Mirage_crypto/Cipher_block/DES/index.html b/doc/mirage-crypto/Mirage_crypto/Cipher_block/DES/index.html
deleted file mode 100644
index 2bd24f29..00000000
--- a/doc/mirage-crypto/Mirage_crypto/Cipher_block/DES/index.html
+++ /dev/null
@@ -1,2 +0,0 @@
-
-DES (mirage-crypto.Mirage_crypto.Cipher_block.DES) Module Cipher_block.DES
S (mirage-crypto.Mirage_crypto.Cipher_block.S) Module Cipher_block.S
Module types for various block cipher modes of operation.
Raw block cipher in all its glory.
Make absolutely sure to check the arguments. Behavior is unspecified on invalid inputs.
Modes of operation:
module type ECB = sig ... endElectronic Codebook "mode".
module type CBC = sig ... endCipher-block chaining mode.
module type CTR = sig ... endCounter mode.
module type GCM = sig ... endGalois/Counter Mode.
module type CCM16 = sig ... endCounter with CBC-MAC mode.
diff --git a/doc/mirage-crypto/Mirage_crypto/Cipher_block/S/module-type-CBC/index.html b/doc/mirage-crypto/Mirage_crypto/Cipher_block/S/module-type-CBC/index.html
deleted file mode 100644
index bd1c5b9c..00000000
--- a/doc/mirage-crypto/Mirage_crypto/Cipher_block/S/module-type-CBC/index.html
+++ /dev/null
@@ -1,3 +0,0 @@
-
-CBC (mirage-crypto.Mirage_crypto.Cipher_block.S.CBC) Module type S.CBC
Cipher-block chaining mode.
val of_secret : Cstruct.t -> keyConstruct the encryption key corresponding to secret.
val encrypt : key:key -> iv:Cstruct.t -> Cstruct.t -> Cstruct.tencrypt ~key ~iv msg is msg encrypted under key, using iv as the CBC initialization vector.
val decrypt : key:key -> iv:Cstruct.t -> Cstruct.t -> Cstruct.tdecrypt ~key ~iv msg is the inverse of encrypt.
next_iv ~iv ciphertext is the first iv following the encryption that used iv to produce ciphertext.
For protocols which perform inter-message chaining, this is the iv for the next message.
It is either iv, when len ciphertext = 0, or the last block of ciphertext. Note that
encrypt ~iv msg1 || encrypt ~iv:(next_iv ~iv (encrypt ~iv msg1)) msg2
-== encrypt ~iv (msg1 || msg2)
diff --git a/doc/mirage-crypto/Mirage_crypto/Cipher_block/S/module-type-CCM16/index.html b/doc/mirage-crypto/Mirage_crypto/Cipher_block/S/module-type-CCM16/index.html
deleted file mode 100644
index affa19ee..00000000
--- a/doc/mirage-crypto/Mirage_crypto/Cipher_block/S/module-type-CCM16/index.html
+++ /dev/null
@@ -1,23 +0,0 @@
-
-CCM16 (mirage-crypto.Mirage_crypto.Cipher_block.S.CCM16) Module type S.CCM16
Counter with CBC-MAC mode.
include AEAD
val of_secret : Cstruct.t -> keyof_secret secret constructs the encryption key corresponding to secret.
Authenticated encryption and decryption with inline tag
val authenticate_encrypt :
- key:key ->
- nonce:Cstruct.t ->
- ?adata:Cstruct.t ->
- Cstruct.t ->
- Cstruct.tauthenticate_encrypt ~key ~nonce ~adata msg encrypts msg with key and nonce, and appends an authentication tag computed over the encrypted msg, using key, nonce, and adata.
val authenticate_decrypt :
- key:key ->
- nonce:Cstruct.t ->
- ?adata:Cstruct.t ->
- Cstruct.t ->
- Cstruct.t optionauthenticate_decrypt ~key ~nonce ~adata msg splits msg into encrypted data and authentication tag, computes the authentication tag using key, nonce, and adata, and decrypts the encrypted data. If the authentication tags match, the decrypted data is returned.
Authenticated encryption and decryption with tag provided separately
val authenticate_encrypt_tag :
- key:key ->
- nonce:Cstruct.t ->
- ?adata:Cstruct.t ->
- Cstruct.t ->
- Cstruct.t * Cstruct.tauthenticate_encrypt_tag ~key ~nonce ~adata msg encrypts msg with key and nonce. The computed authentication tag is returned separately as second part of the tuple.
val authenticate_decrypt_tag :
- key:key ->
- nonce:Cstruct.t ->
- ?adata:Cstruct.t ->
- tag:Cstruct.t ->
- Cstruct.t ->
- Cstruct.t optionauthenticate_decrypt ~key ~nonce ~adata ~tag msg computes the authentication tag using key, nonce, and adata, and decrypts the encrypted data. If the authentication tags match, the decrypted data is returned.
diff --git a/doc/mirage-crypto/Mirage_crypto/Cipher_block/S/module-type-CTR/index.html b/doc/mirage-crypto/Mirage_crypto/Cipher_block/S/module-type-CTR/index.html
deleted file mode 100644
index 84e11a15..00000000
--- a/doc/mirage-crypto/Mirage_crypto/Cipher_block/S/module-type-CTR/index.html
+++ /dev/null
@@ -1,4 +0,0 @@
-
-CTR (mirage-crypto.Mirage_crypto.Cipher_block.S.CTR) Module type S.CTR
Counter mode.
val of_secret : Cstruct.t -> keyConstruct the encryption key corresponding to secret.
stream ~key ~ctr n is the raw keystream.
Keystream is the concatenation of successive encrypted counter states. If E(x) is the single block x encrypted under key, then keystream is the first n bytes of E(ctr) || E(add ctr 1) || E(add ctr 2) || ....
Note that
stream ~key ~ctr (k * block_size) || stream ~key ~ctr:(add ctr k) x
-== stream ~key ~ctr (k * block_size + x)
In other words, it is possible to restart a keystream at block_size boundaries by manipulating the counter.
encrypt ~key ~ctr msg is stream ~key ~ctr ~off (len msg) lxor msg.
next_ctr ~ctr msg is the state of the counter after encrypting or decrypting msg with the counter ctr.
For protocols which perform inter-message chaining, this is the counter for the next message.
It is computed as C.add ctr (ceil (len msg / block_size)). Note that if len msg1 = k * block_size,
encrypt ~ctr msg1 || encrypt ~ctr:(next_ctr ~ctr msg1) msg2
-== encrypt ~ctr (msg1 || msg2)
val ctr_of_cstruct : Cstruct.t -> ctrctr_of_cstruct cs converts the value of cs into a counter.
diff --git a/doc/mirage-crypto/Mirage_crypto/Cipher_block/S/module-type-ECB/index.html b/doc/mirage-crypto/Mirage_crypto/Cipher_block/S/module-type-ECB/index.html
deleted file mode 100644
index 2c2fe44a..00000000
--- a/doc/mirage-crypto/Mirage_crypto/Cipher_block/S/module-type-ECB/index.html
+++ /dev/null
@@ -1,2 +0,0 @@
-
-ECB (mirage-crypto.Mirage_crypto.Cipher_block.S.ECB) Module type S.ECB
Electronic Codebook "mode".
val of_secret : Cstruct.t -> keyval encrypt : key:key -> Cstruct.t -> Cstruct.tval decrypt : key:key -> Cstruct.t -> Cstruct.t
diff --git a/doc/mirage-crypto/Mirage_crypto/Cipher_block/S/module-type-GCM/index.html b/doc/mirage-crypto/Mirage_crypto/Cipher_block/S/module-type-GCM/index.html
deleted file mode 100644
index d56fceb1..00000000
--- a/doc/mirage-crypto/Mirage_crypto/Cipher_block/S/module-type-GCM/index.html
+++ /dev/null
@@ -1,23 +0,0 @@
-
-GCM (mirage-crypto.Mirage_crypto.Cipher_block.S.GCM) Module type S.GCM
Galois/Counter Mode.
include AEAD
val of_secret : Cstruct.t -> keyof_secret secret constructs the encryption key corresponding to secret.
Authenticated encryption and decryption with inline tag
val authenticate_encrypt :
- key:key ->
- nonce:Cstruct.t ->
- ?adata:Cstruct.t ->
- Cstruct.t ->
- Cstruct.tauthenticate_encrypt ~key ~nonce ~adata msg encrypts msg with key and nonce, and appends an authentication tag computed over the encrypted msg, using key, nonce, and adata.
val authenticate_decrypt :
- key:key ->
- nonce:Cstruct.t ->
- ?adata:Cstruct.t ->
- Cstruct.t ->
- Cstruct.t optionauthenticate_decrypt ~key ~nonce ~adata msg splits msg into encrypted data and authentication tag, computes the authentication tag using key, nonce, and adata, and decrypts the encrypted data. If the authentication tags match, the decrypted data is returned.
Authenticated encryption and decryption with tag provided separately
val authenticate_encrypt_tag :
- key:key ->
- nonce:Cstruct.t ->
- ?adata:Cstruct.t ->
- Cstruct.t ->
- Cstruct.t * Cstruct.tauthenticate_encrypt_tag ~key ~nonce ~adata msg encrypts msg with key and nonce. The computed authentication tag is returned separately as second part of the tuple.
val authenticate_decrypt_tag :
- key:key ->
- nonce:Cstruct.t ->
- ?adata:Cstruct.t ->
- tag:Cstruct.t ->
- Cstruct.t ->
- Cstruct.t optionauthenticate_decrypt ~key ~nonce ~adata ~tag msg computes the authentication tag using key, nonce, and adata, and decrypts the encrypted data. If the authentication tags match, the decrypted data is returned.
diff --git a/doc/mirage-crypto/Mirage_crypto/Cipher_block/index.html b/doc/mirage-crypto/Mirage_crypto/Cipher_block/index.html
deleted file mode 100644
index f6e10c7d..00000000
--- a/doc/mirage-crypto/Mirage_crypto/Cipher_block/index.html
+++ /dev/null
@@ -1,2 +0,0 @@
-
-Cipher_block (mirage-crypto.Mirage_crypto.Cipher_block) Module Mirage_crypto.Cipher_block
Block ciphers.
Each algorithm, and each mode of operation, is contained in its own separate module.
module S : sig ... endModule types for various block cipher modes of operation.
module AES : sig ... endmodule DES : sig ... end
diff --git a/doc/mirage-crypto/Mirage_crypto/Cipher_stream/ARC4/index.html b/doc/mirage-crypto/Mirage_crypto/Cipher_stream/ARC4/index.html
deleted file mode 100644
index 3812099f..00000000
--- a/doc/mirage-crypto/Mirage_crypto/Cipher_stream/ARC4/index.html
+++ /dev/null
@@ -1,2 +0,0 @@
-
-ARC4 (mirage-crypto.Mirage_crypto.Cipher_stream.ARC4) Module Cipher_stream.ARC4
Alleged Rivest Cipher 4.
val of_secret : Cstruct.t -> key
diff --git a/doc/mirage-crypto/Mirage_crypto/Cipher_stream/index.html b/doc/mirage-crypto/Mirage_crypto/Cipher_stream/index.html
deleted file mode 100644
index c1d7f416..00000000
--- a/doc/mirage-crypto/Mirage_crypto/Cipher_stream/index.html
+++ /dev/null
@@ -1,2 +0,0 @@
-
-Cipher_stream (mirage-crypto.Mirage_crypto.Cipher_stream) Module Mirage_crypto.Cipher_stream
Streaming ciphers.
S (mirage-crypto.Mirage_crypto.Cipher_stream.S) Module type Cipher_stream.S
General stream cipher type.
val of_secret : Cstruct.t -> key
diff --git a/doc/mirage-crypto/Mirage_crypto/DES/CBC/index.html b/doc/mirage-crypto/Mirage_crypto/DES/CBC/index.html
new file mode 100644
index 00000000..9af1e34b
--- /dev/null
+++ b/doc/mirage-crypto/Mirage_crypto/DES/CBC/index.html
@@ -0,0 +1,19 @@
+
+CBC (mirage-crypto.Mirage_crypto.DES.CBC) Module DES.CBC
val of_secret : string -> keyConstruct the encryption key corresponding to secret.
val encrypt : key:key -> iv:string -> string -> stringencrypt ~key ~iv msg is msg encrypted under key, using iv as the CBC initialization vector.
val decrypt : key:key -> iv:string -> string -> stringdecrypt ~key ~iv msg is the inverse of encrypt.
next_iv ~iv ciphertext ~off is the first iv following the encryption that used iv to produce ciphertext.
For protocols which perform inter-message chaining, this is the iv for the next message.
It is either iv, when String.length ciphertext - off = 0, or the last block of ciphertext. Note that
encrypt ~iv msg1 || encrypt ~iv:(next_iv ~iv (encrypt ~iv msg1)) msg2
+== encrypt ~iv (msg1 || msg2)
val encrypt_into :
+ key:key ->
+ iv:string ->
+ string ->
+ src_off:int ->
+ bytes ->
+ dst_off:int ->
+ int ->
+ unitencrypt_into ~key ~iv src ~src_off dst dst_off len encrypts len octets from src starting at src_off into dst starting at dst_off.
val decrypt_into :
+ key:key ->
+ iv:string ->
+ string ->
+ src_off:int ->
+ bytes ->
+ dst_off:int ->
+ int ->
+ unitdecrypt_into ~key ~iv src ~src_off dst dst_off len decrypts len octets from src starting at src_off into dst starting at dst_off.
diff --git a/doc/mirage-crypto/Mirage_crypto/DES/CTR/index.html b/doc/mirage-crypto/Mirage_crypto/DES/CTR/index.html
new file mode 100644
index 00000000..6a4220d2
--- /dev/null
+++ b/doc/mirage-crypto/Mirage_crypto/DES/CTR/index.html
@@ -0,0 +1,20 @@
+
+CTR (mirage-crypto.Mirage_crypto.DES.CTR) Module DES.CTR
val of_secret : string -> keyConstruct the encryption key corresponding to secret.
next_ctr ~off msg ~ctr is the state of the counter after encrypting or decrypting msg at offset off with the counter ctr.
For protocols which perform inter-message chaining, this is the counter for the next message.
It is computed as C.add ctr (ceil (len msg / block_size)). Note that if len msg1 = k * block_size,
encrypt ~ctr msg1 || encrypt ~ctr:(next_ctr ~ctr msg1) msg2
+== encrypt ~ctr (msg1 || msg2)
val ctr_of_octets : string -> ctrctr_of_octets buf converts the value of buf into a counter.
stream ~key ~ctr n is the raw keystream.
Keystream is the concatenation of successive encrypted counter states. If E(x) is the single block x encrypted under key, then keystream is the first n bytes of E(ctr) || E(add ctr 1) || E(add ctr 2) || ....
Note that
stream ~key ~ctr (k * block_size) || stream ~key ~ctr:(add ctr k) x
+== stream ~key ~ctr (k * block_size + x)
In other words, it is possible to restart a keystream at block_size boundaries by manipulating the counter.
encrypt ~key ~ctr msg is stream ~key ~ctr (len msg) lxor msg.
stream_into ~key ~ctr dst ~off len is the raw key stream put into dst starting at off.
val encrypt_into :
+ key:key ->
+ ctr:ctr ->
+ string ->
+ src_off:int ->
+ bytes ->
+ dst_off:int ->
+ int ->
+ unitencrypt_into ~key ~ctr src ~src_off dst ~dst_off len produces the key stream into dst at dst_off, and then xors it with src at src_off.
val decrypt_into :
+ key:key ->
+ ctr:ctr ->
+ string ->
+ src_off:int ->
+ bytes ->
+ dst_off:int ->
+ int ->
+ unitdecrypt_into is encrypt_into.
diff --git a/doc/mirage-crypto/Mirage_crypto/DES/ECB/index.html b/doc/mirage-crypto/Mirage_crypto/DES/ECB/index.html
new file mode 100644
index 00000000..a29d5435
--- /dev/null
+++ b/doc/mirage-crypto/Mirage_crypto/DES/ECB/index.html
@@ -0,0 +1,16 @@
+
+ECB (mirage-crypto.Mirage_crypto.DES.ECB) Module DES.ECB
val of_secret : string -> keyConstruct the encryption key corresponding to secret.
val encrypt : key:key -> string -> stringencrypt ~key src encrypts src into a freshly allocated buffer of the same size using key.
val decrypt : key:key -> string -> stringdecrypt ~key src decrypts src into a freshly allocated buffer of the same size using key.
val encrypt_into :
+ key:key ->
+ string ->
+ src_off:int ->
+ bytes ->
+ dst_off:int ->
+ int ->
+ unitencrypt_into ~key src ~src_off dst dst_off len encrypts len octets from src starting at src_off into dst starting at dst_off.
val decrypt_into :
+ key:key ->
+ string ->
+ src_off:int ->
+ bytes ->
+ dst_off:int ->
+ int ->
+ unitdecrypt_into ~key src ~src_off dst dst_off len decrypts len octets from src starting at src_off into dst starting at dst_off.
diff --git a/doc/mirage-crypto/Mirage_crypto/DES/index.html b/doc/mirage-crypto/Mirage_crypto/DES/index.html
new file mode 100644
index 00000000..4653809b
--- /dev/null
+++ b/doc/mirage-crypto/Mirage_crypto/DES/index.html
@@ -0,0 +1,2 @@
+
+DES (mirage-crypto.Mirage_crypto.DES) Module Mirage_crypto.DES
MD5 (mirage-crypto.Mirage_crypto.Hash.MD5) Module Hash.MD5
Core operations
val empty : tempty is the hash of the empty string.
feed t msg adds the information in msg to t.
feed is analogous to appending: feed (feed t msg1) msg2 = feed t (Cstruct.append msg1 msg2).
HMAC operations
val hmac_empty : key:Cstruct.t -> hmachmac ~key is the hmac of the empty string using key key.
All-in-one
Functions that operate on data stored in a single chunk.
val digest : Cstruct.t -> digestdigest msg is the digest of msg.
digest msg = get (feed empty msg)
val hmac : key:Cstruct.t -> Cstruct.t -> digesthmac ~key bytes is the authentication code for bytes under the secret key, generated using the standard HMAC construction over this hash algorithm.
Functions over iterators
Functions that operate on arbitrary iterators. They can serve as a basis for other, more specialized aggregate hashing operations.
These functions are a little faster than using feed directly.
feedi t iter =
- (let r = ref t in iter (fun msg -> r := feed !r msg); !r)
diff --git a/doc/mirage-crypto/Mirage_crypto/Hash/SHA1/index.html b/doc/mirage-crypto/Mirage_crypto/Hash/SHA1/index.html
deleted file mode 100644
index 051b488d..00000000
--- a/doc/mirage-crypto/Mirage_crypto/Hash/SHA1/index.html
+++ /dev/null
@@ -1,3 +0,0 @@
-
-SHA1 (mirage-crypto.Mirage_crypto.Hash.SHA1) Module Hash.SHA1
Core operations
val empty : tempty is the hash of the empty string.
feed t msg adds the information in msg to t.
feed is analogous to appending: feed (feed t msg1) msg2 = feed t (Cstruct.append msg1 msg2).
HMAC operations
val hmac_empty : key:Cstruct.t -> hmachmac ~key is the hmac of the empty string using key key.
All-in-one
Functions that operate on data stored in a single chunk.
val digest : Cstruct.t -> digestdigest msg is the digest of msg.
digest msg = get (feed empty msg)
val hmac : key:Cstruct.t -> Cstruct.t -> digesthmac ~key bytes is the authentication code for bytes under the secret key, generated using the standard HMAC construction over this hash algorithm.
Functions over iterators
Functions that operate on arbitrary iterators. They can serve as a basis for other, more specialized aggregate hashing operations.
These functions are a little faster than using feed directly.
feedi t iter =
- (let r = ref t in iter (fun msg -> r := feed !r msg); !r)
diff --git a/doc/mirage-crypto/Mirage_crypto/Hash/SHA224/index.html b/doc/mirage-crypto/Mirage_crypto/Hash/SHA224/index.html
deleted file mode 100644
index 984ead61..00000000
--- a/doc/mirage-crypto/Mirage_crypto/Hash/SHA224/index.html
+++ /dev/null
@@ -1,3 +0,0 @@
-
-SHA224 (mirage-crypto.Mirage_crypto.Hash.SHA224) Module Hash.SHA224
Core operations
val empty : tempty is the hash of the empty string.
feed t msg adds the information in msg to t.
feed is analogous to appending: feed (feed t msg1) msg2 = feed t (Cstruct.append msg1 msg2).
HMAC operations
val hmac_empty : key:Cstruct.t -> hmachmac ~key is the hmac of the empty string using key key.
All-in-one
Functions that operate on data stored in a single chunk.
val digest : Cstruct.t -> digestdigest msg is the digest of msg.
digest msg = get (feed empty msg)
val hmac : key:Cstruct.t -> Cstruct.t -> digesthmac ~key bytes is the authentication code for bytes under the secret key, generated using the standard HMAC construction over this hash algorithm.
Functions over iterators
Functions that operate on arbitrary iterators. They can serve as a basis for other, more specialized aggregate hashing operations.
These functions are a little faster than using feed directly.
feedi t iter =
- (let r = ref t in iter (fun msg -> r := feed !r msg); !r)
diff --git a/doc/mirage-crypto/Mirage_crypto/Hash/SHA256/index.html b/doc/mirage-crypto/Mirage_crypto/Hash/SHA256/index.html
deleted file mode 100644
index 938f1f97..00000000
--- a/doc/mirage-crypto/Mirage_crypto/Hash/SHA256/index.html
+++ /dev/null
@@ -1,3 +0,0 @@
-
-SHA256 (mirage-crypto.Mirage_crypto.Hash.SHA256) Module Hash.SHA256
Core operations
val empty : tempty is the hash of the empty string.
feed t msg adds the information in msg to t.
feed is analogous to appending: feed (feed t msg1) msg2 = feed t (Cstruct.append msg1 msg2).
HMAC operations
val hmac_empty : key:Cstruct.t -> hmachmac ~key is the hmac of the empty string using key key.
All-in-one
Functions that operate on data stored in a single chunk.
val digest : Cstruct.t -> digestdigest msg is the digest of msg.
digest msg = get (feed empty msg)
val hmac : key:Cstruct.t -> Cstruct.t -> digesthmac ~key bytes is the authentication code for bytes under the secret key, generated using the standard HMAC construction over this hash algorithm.
Functions over iterators
Functions that operate on arbitrary iterators. They can serve as a basis for other, more specialized aggregate hashing operations.
These functions are a little faster than using feed directly.
feedi t iter =
- (let r = ref t in iter (fun msg -> r := feed !r msg); !r)
diff --git a/doc/mirage-crypto/Mirage_crypto/Hash/SHA384/index.html b/doc/mirage-crypto/Mirage_crypto/Hash/SHA384/index.html
deleted file mode 100644
index eb646bd8..00000000
--- a/doc/mirage-crypto/Mirage_crypto/Hash/SHA384/index.html
+++ /dev/null
@@ -1,3 +0,0 @@
-
-SHA384 (mirage-crypto.Mirage_crypto.Hash.SHA384) Module Hash.SHA384
Core operations
val empty : tempty is the hash of the empty string.
feed t msg adds the information in msg to t.
feed is analogous to appending: feed (feed t msg1) msg2 = feed t (Cstruct.append msg1 msg2).
HMAC operations
val hmac_empty : key:Cstruct.t -> hmachmac ~key is the hmac of the empty string using key key.
All-in-one
Functions that operate on data stored in a single chunk.
val digest : Cstruct.t -> digestdigest msg is the digest of msg.
digest msg = get (feed empty msg)
val hmac : key:Cstruct.t -> Cstruct.t -> digesthmac ~key bytes is the authentication code for bytes under the secret key, generated using the standard HMAC construction over this hash algorithm.
Functions over iterators
Functions that operate on arbitrary iterators. They can serve as a basis for other, more specialized aggregate hashing operations.
These functions are a little faster than using feed directly.
feedi t iter =
- (let r = ref t in iter (fun msg -> r := feed !r msg); !r)
diff --git a/doc/mirage-crypto/Mirage_crypto/Hash/SHA512/index.html b/doc/mirage-crypto/Mirage_crypto/Hash/SHA512/index.html
deleted file mode 100644
index 0bd6512c..00000000
--- a/doc/mirage-crypto/Mirage_crypto/Hash/SHA512/index.html
+++ /dev/null
@@ -1,3 +0,0 @@
-
-SHA512 (mirage-crypto.Mirage_crypto.Hash.SHA512) Module Hash.SHA512
Core operations
val empty : tempty is the hash of the empty string.
feed t msg adds the information in msg to t.
feed is analogous to appending: feed (feed t msg1) msg2 = feed t (Cstruct.append msg1 msg2).
HMAC operations
val hmac_empty : key:Cstruct.t -> hmachmac ~key is the hmac of the empty string using key key.
All-in-one
Functions that operate on data stored in a single chunk.
val digest : Cstruct.t -> digestdigest msg is the digest of msg.
digest msg = get (feed empty msg)
val hmac : key:Cstruct.t -> Cstruct.t -> digesthmac ~key bytes is the authentication code for bytes under the secret key, generated using the standard HMAC construction over this hash algorithm.
Functions over iterators
Functions that operate on arbitrary iterators. They can serve as a basis for other, more specialized aggregate hashing operations.
These functions are a little faster than using feed directly.
feedi t iter =
- (let r = ref t in iter (fun msg -> r := feed !r msg); !r)
diff --git a/doc/mirage-crypto/Mirage_crypto/Hash/index.html b/doc/mirage-crypto/Mirage_crypto/Hash/index.html
deleted file mode 100644
index d4474e58..00000000
--- a/doc/mirage-crypto/Mirage_crypto/Hash/index.html
+++ /dev/null
@@ -1,2 +0,0 @@
-
-Hash (mirage-crypto.Mirage_crypto.Hash) Module Mirage_crypto.Hash
Hashes.
Each algorithm is contained in its own module, with high-level operations accessible through functions that dispatch on code value.
A general (inner) iterator. It applies the provided function to a collection of elements.
For instance:
let iter_k : 'a -> 'a iter = fun x f -> f xlet iter_pair : 'a * 'a -> 'a iter = fun (x, y) f = f x; f ylet iter_list : 'a list -> 'a iter = fun xs f -> List.iter f xs
Hashing algorithms
module type S = sig ... endA single hash algorithm.
Codes-based interface
val hashes : hash listhashes is a list of all implemented hash algorithms.
module_of hash is the (first-class) module corresponding to the code hash.
This is the most convenient way to go from a code to a module.
Hash functions
digesti algorithm iter is algorithm applied to iter.
mac algorithm ~key bytes is the mac algorithm applied to bytes under key.
maci algorithm ~key iter is the mac algorithm applied to iter under key.
val digest_size : [< hash ] -> intdigest_size algorithm is the size of the algorithm in bytes.
diff --git a/doc/mirage-crypto/Mirage_crypto/Hash/module-type-S/index.html b/doc/mirage-crypto/Mirage_crypto/Hash/module-type-S/index.html
deleted file mode 100644
index 42d9c5a3..00000000
--- a/doc/mirage-crypto/Mirage_crypto/Hash/module-type-S/index.html
+++ /dev/null
@@ -1,3 +0,0 @@
-
-S (mirage-crypto.Mirage_crypto.Hash.S) Module type Hash.S
A single hash algorithm.
Core operations
val empty : tempty is the hash of the empty string.
feed t msg adds the information in msg to t.
feed is analogous to appending: feed (feed t msg1) msg2 = feed t (Cstruct.append msg1 msg2).
HMAC operations
val hmac_empty : key:Cstruct.t -> hmachmac ~key is the hmac of the empty string using key key.
All-in-one
Functions that operate on data stored in a single chunk.
val digest : Cstruct.t -> digestdigest msg is the digest of msg.
digest msg = get (feed empty msg)
val hmac : key:Cstruct.t -> Cstruct.t -> digesthmac ~key bytes is the authentication code for bytes under the secret key, generated using the standard HMAC construction over this hash algorithm.
Functions over iterators
Functions that operate on arbitrary iterators. They can serve as a basis for other, more specialized aggregate hashing operations.
These functions are a little faster than using feed directly.
feedi t iter =
- (let r = ref t in iter (fun msg -> r := feed !r msg); !r)
diff --git a/doc/mirage-crypto/Mirage_crypto/Poly1305/index.html b/doc/mirage-crypto/Mirage_crypto/Poly1305/index.html
index ba238f49..3fd29c6b 100644
--- a/doc/mirage-crypto/Mirage_crypto/Poly1305/index.html
+++ b/doc/mirage-crypto/Mirage_crypto/Poly1305/index.html
@@ -1,2 +1,7 @@
-Poly1305 (mirage-crypto.Mirage_crypto.Poly1305) Module Mirage_crypto.Poly1305
The poly1305 message authentication code
val empty : key:Cstruct.t -> tempty is the empty context with the given key.
val mac : key:Cstruct.t -> Cstruct.t -> macmac ~key msg is the all-in-one mac computation: get (feed (empty ~key) msg).
+Poly1305 (mirage-crypto.Mirage_crypto.Poly1305) Module Mirage_crypto.Poly1305
The poly1305 message authentication code
val empty : key:string -> tempty is the empty context with the given key.
val get : t -> stringget t is the mac corresponding to t.
mac ~key msg is the all-in-one mac computation: get (feed (empty ~key) msg).
val maci : key:string -> string iter -> stringmaci ~key iter is the all-in-one mac computation: get (feedi (empty ~key) iter).
diff --git a/doc/mirage-crypto/Mirage_crypto/index.html b/doc/mirage-crypto/Mirage_crypto/index.html
index a1b2728c..d3e3ab97 100644
--- a/doc/mirage-crypto/Mirage_crypto/index.html
+++ b/doc/mirage-crypto/Mirage_crypto/index.html
@@ -1,2 +1,2 @@
-Mirage_crypto (mirage-crypto.Mirage_crypto) Module Mirage_crypto
Simpler crypto
Mirage-crypto is a cryptographic library.
The overarching API principle is simply mapping inputs to outputs, wherever feasible.
Similar algorithms in the same class (like hashes or block ciphers) are presented as distinct modules sharing the same signature.
The opam package mirage-crypto-rng provides a cryptographically secure pseudo-random number generator, the package mirage-crypto-pk provides public key cryptography.
Hashing
module Hash : sig ... endHashes.
module Poly1305 : sig ... endThe poly1305 message authentication code
Symmetric-key cryptography
module type AEAD = sig ... endAuthenticated encryption with associated data.
module Cipher_block : sig ... endBlock ciphers.
module Chacha20 : sig ... endThe ChaCha20 cipher proposed by D.J. Bernstein.
module Cipher_stream : sig ... endStreaming ciphers.
+Mirage_crypto (mirage-crypto.Mirage_crypto) Module Mirage_crypto
Simpler crypto
Mirage-crypto is a cryptographic library.
The overarching API principle is simply mapping inputs to outputs, wherever feasible.
Similar algorithms in the same class (like hashes or block ciphers) are presented as distinct modules sharing the same signature.
The opam package mirage-crypto-rng provides a cryptographically secure pseudo-random number generator, the package mirage-crypto-pk provides public key cryptography.
module Poly1305 : sig ... endThe poly1305 message authentication code
Symmetric-key cryptography
module type AEAD = sig ... endAuthenticated encryption with associated data.
Block ciphers.
Each algorithm, and each mode of operation, is contained in its own separate module.
module Block : sig ... endModule types for various block cipher modes of operation.
module AES : sig ... endmodule DES : sig ... endOperations using non-portable, hardware-dependent implementation in this build of the library.
module Chacha20 : sig ... endThe ChaCha20 cipher proposed by D.J. Bernstein.
module type Stream = sig ... endGeneral stream cipher type.
diff --git a/doc/mirage-crypto/Mirage_crypto/module-type-AEAD/index.html b/doc/mirage-crypto/Mirage_crypto/module-type-AEAD/index.html
index 6195e25a..834c83b7 100644
--- a/doc/mirage-crypto/Mirage_crypto/module-type-AEAD/index.html
+++ b/doc/mirage-crypto/Mirage_crypto/module-type-AEAD/index.html
@@ -1,23 +1,43 @@
-AEAD (mirage-crypto.Mirage_crypto.AEAD) Module type Mirage_crypto.AEAD
Authenticated encryption with associated data.
This defines a uniform interface of symmetrics cryptographic algorithms which encrypt, and also protect the integrity of the data. Additional data, only used for integrity protection, not encrypted and not part of the ciphertext, can be passed in optionally. This prevents the same ciphertext being used at a different location. See RFC 5116 for further description.
val of_secret : Cstruct.t -> keyof_secret secret constructs the encryption key corresponding to secret.
Authenticated encryption and decryption with inline tag
val authenticate_encrypt :
+AEAD (mirage-crypto.Mirage_crypto.AEAD) Module type Mirage_crypto.AEAD
Authenticated encryption with associated data.
This defines a uniform interface of symmetrics cryptographic algorithms which encrypt, and also protect the integrity of the data. Additional data, only used for integrity protection, not encrypted and not part of the ciphertext, can be passed in optionally. This prevents the same ciphertext being used at a different location. See RFC 5116 for further description.
val of_secret : string -> keyof_secret secret constructs the encryption key corresponding to secret.
Authenticated encryption and decryption with inline tag
val authenticate_encrypt :
key:key ->
- nonce:Cstruct.t ->
- ?adata:Cstruct.t ->
- Cstruct.t ->
- Cstruct.tauthenticate_encrypt ~key ~nonce ~adata msg encrypts msg with key and nonce, and appends an authentication tag computed over the encrypted msg, using key, nonce, and adata.
authenticate_encrypt ~key ~nonce ~adata msg encrypts msg with key and nonce, and appends an authentication tag computed over the encrypted msg, using key, nonce, and adata.
val authenticate_decrypt :
key:key ->
- nonce:Cstruct.t ->
- ?adata:Cstruct.t ->
- Cstruct.t ->
- Cstruct.t optionauthenticate_decrypt ~key ~nonce ~adata msg splits msg into encrypted data and authentication tag, computes the authentication tag using key, nonce, and adata, and decrypts the encrypted data. If the authentication tags match, the decrypted data is returned.
Authenticated encryption and decryption with tag provided separately
authenticate_decrypt ~key ~nonce ~adata msg splits msg into encrypted data and authentication tag, computes the authentication tag using key, nonce, and adata, and decrypts the encrypted data. If the authentication tags match, the decrypted data is returned.
Authenticated encryption and decryption with tag provided separately
val authenticate_encrypt_tag :
key:key ->
- nonce:Cstruct.t ->
- ?adata:Cstruct.t ->
- Cstruct.t ->
- Cstruct.t * Cstruct.tauthenticate_encrypt_tag ~key ~nonce ~adata msg encrypts msg with key and nonce. The computed authentication tag is returned separately as second part of the tuple.
authenticate_encrypt_tag ~key ~nonce ~adata msg encrypts msg with key and nonce. The computed authentication tag is returned separately as second part of the tuple.
val authenticate_decrypt_tag :
key:key ->
- nonce:Cstruct.t ->
- ?adata:Cstruct.t ->
- tag:Cstruct.t ->
- Cstruct.t ->
- Cstruct.t optionauthenticate_decrypt ~key ~nonce ~adata ~tag msg computes the authentication tag using key, nonce, and adata, and decrypts the encrypted data. If the authentication tags match, the decrypted data is returned.
+ nonce:string ->
+ ?adata:string ->
+ tag:string ->
+ string ->
+ string optionauthenticate_decrypt ~key ~nonce ~adata ~tag msg computes the authentication tag using key, nonce, and adata, and decrypts the encrypted data. If the authentication tags match, the decrypted data is returned.
Authenticated encryption and decryption into existing buffers
val authenticate_encrypt_into :
+ key:key ->
+ nonce:string ->
+ ?adata:string ->
+ string ->
+ src_off:int ->
+ bytes ->
+ dst_off:int ->
+ tag_off:int ->
+ int ->
+ unitauthenticate_encrypt_into ~key ~nonce ~adata msg ~src_off dst ~dst_off ~tag_off len encrypts len bytes of msg starting at src_off with key and nonce. The output is put into dst at dst_off, the tag into dst at tag_off.
val authenticate_decrypt_into :
+ key:key ->
+ nonce:string ->
+ ?adata:string ->
+ string ->
+ src_off:int ->
+ tag_off:int ->
+ bytes ->
+ dst_off:int ->
+ int ->
+ boolauthenticate_decrypt_into ~key ~nonce ~adata msg ~src_off ~tag_off dst ~dst_off len computes the authentication tag using key, nonce, and adata, and decrypts the len bytes encrypted data from msg starting at src_off into dst starting at dst_off. If the authentication tags match, true is returned, and the decrypted data is in dst.
diff --git a/doc/mirage-crypto/Mirage_crypto/module-type-Stream/index.html b/doc/mirage-crypto/Mirage_crypto/module-type-Stream/index.html
new file mode 100644
index 00000000..49d1869d
--- /dev/null
+++ b/doc/mirage-crypto/Mirage_crypto/module-type-Stream/index.html
@@ -0,0 +1,2 @@
+
+Stream (mirage-crypto.Mirage_crypto.Stream) Module type Mirage_crypto.Stream
General stream cipher type.
val of_secret : string -> key
diff --git a/doc/mirage-crypto/index.html b/doc/mirage-crypto/index.html
index ecb134c6..5a5a6921 100644
--- a/doc/mirage-crypto/index.html
+++ b/doc/mirage-crypto/index.html
@@ -1,2 +1,2 @@
-index (mirage-crypto.index) mirage-crypto index
Library mirage-crypto
The entry point of this library is the module: Mirage_crypto.
+index (mirage-crypto.index) mirage-crypto index
Library mirage-crypto
The entry point of this library is the module: Mirage_crypto.
diff --git a/doc/odoc.support/odoc.css b/doc/odoc.support/odoc.css
index c23517ba..71148de3 100644
--- a/doc/odoc.support/odoc.css
+++ b/doc/odoc.support/odoc.css
@@ -1,7 +1,7 @@
@charset "UTF-8";
/* Copyright (c) 2016 The odoc contributors. All rights reserved.
Distributed under the ISC license, see terms at the end of the file.
- odoc 2.4.1 */
+ odoc 2.4.2 */
/* Fonts */
/* noticia-text-regular - latin */