diff --git a/doc/index.html b/doc/index.html index d0ce2966..425a29d0 100644 --- a/doc/index.html +++ b/doc/index.html @@ -11,12 +11,12 @@
Mirage_crypto_ec.Ed25519
Curve 25519 DSA, also known as Ed25519.
priv_of_cstruct cs
decodes a private key from the buffer cs
. If the provided data is invalid, an error is returned.
val priv_to_cstruct : priv -> Cstruct.t
priv_to_cstruct p
encode the private key p
to a buffer.
pub_of_cstruct cs
decodes a public key from the buffer cs
. If the provided data is invalid, an error is returned.
val pub_to_cstruct : pub -> Cstruct.t
pub_to_cstruct p
encodes the public key p
into a buffer.
val generate : ?g:Mirage_crypto_rng.g -> unit -> priv * pub
generate ~g ()
generates a key pair.
val sign : key:priv -> Cstruct.t -> Cstruct.t
sign ~key msg
signs the message msg
using the private key
. The result is the concatenation of r
and s
, as specified in RFC 8032.
val verify : key:pub -> Cstruct.t -> msg:Cstruct.t -> bool
verify ~key signature msg
verifies the signature
on the message msg
with the public key
. The return value is true
if verification was successful, false
otherwise.
Mirage_crypto_ec.Ed25519
Curve 25519 DSA, also known as Ed25519.
priv_of_octets buf
decodes a private key from the buffer buf
. If the provided data is invalid, an error is returned.
val priv_to_octets : priv -> string
priv_to_octets p
encode the private key p
to a buffer.
pub_of_octets buf
decodes a public key from the buffer buf
. If the provided data is invalid, an error is returned.
val pub_to_octets : pub -> string
pub_to_octets p
encodes the public key p
into a buffer.
val generate : ?g:Mirage_crypto_rng.g -> unit -> priv * pub
generate ~g ()
generates a key pair.
val sign : key:priv -> string -> string
sign ~key msg
signs the message msg
using the private key
. The result is the concatenation of r
and s
, as specified in RFC 8032.
val verify : key:pub -> string -> msg:string -> bool
verify ~key signature msg
verifies the signature
on the message msg
with the public key
. The return value is true
if verification was successful, false
otherwise.
P224.Dh
Diffie-Hellman key exchange.
secret_of_cs ~compress secret
decodes the provided buffer as secret
. If compress
is provided and true
(defaults to false
), the shared part will be compressed. May result in an error if the buffer had an invalid length or was not in bounds.
val gen_key :
- ?compress:bool ->
- ?g:Mirage_crypto_rng.g ->
- unit ->
- secret * Cstruct.t
gen_key ~compress ~g ()
generates a private and a public key for Ephemeral Diffie-Hellman. If compress
is provided and true
(defaults to false
), the shared part will be compressed. The returned key pair MUST only be used for a single key exchange.
The generated private key is checked to be greater than zero and lower than the group order meaning the public key cannot be the point at inifinity.
key_exchange secret received_public_key
performs Diffie-Hellman key exchange using your secret and the data received from the other party. Returns the shared secret or an error if the received data is wrongly encoded, doesn't represent a point on the curve or represent the point at infinity.
The shared secret is returned as is i.e. not stripped from leading 0x00 bytes.
The public key encoding is described in SEC 1 from SECG.
K_gen.H
val empty : t
empty
is the hash of the empty string.
feed t msg
adds the information in msg
to t
.
feed
is analogous to appending: feed (feed t msg1) msg2 = feed t (Cstruct.append msg1 msg2)
.
val get : t -> Mirage_crypto.Hash.digest
get t
is the digest corresponding to t
.
val hmac_empty : key:Cstruct.t -> hmac
hmac ~key
is the hmac of the empty string using key key
.
val hmac_get : hmac -> Mirage_crypto.Hash.digest
hmac_get hmac
is the hmac corresponding to hmac
.
Functions that operate on data stored in a single chunk.
val digest : Cstruct.t -> Mirage_crypto.Hash.digest
digest msg
is the digest of msg
.
digest msg = get (feed empty msg)
val hmac : key:Cstruct.t -> Cstruct.t -> Mirage_crypto.Hash.digest
hmac ~key bytes
is the authentication code for bytes
under the secret key
, generated using the standard HMAC construction over this hash algorithm.
Functions that operate on arbitrary iterators. They can serve as a basis for other, more specialized aggregate hashing operations.
These functions are a little faster than using feed
directly.
val feedi : t -> Cstruct.t Mirage_crypto.Hash.iter -> t
feedi t iter =
- (let r = ref t in iter (fun msg -> r := feed !r msg); !r)
val digesti : Cstruct.t Mirage_crypto.Hash.iter -> Mirage_crypto.Hash.digest
digesti iter = feedi empty iter |> get
val hmaci :
- key:Cstruct.t ->
- Cstruct.t Mirage_crypto.Hash.iter ->
- Mirage_crypto.Hash.digest
See hmac
.
Dsa.K_gen
K_gen
can be instantiated over a hashing module to obtain an RFC6979 compliant k
-generator for that hash.
module H : Mirage_crypto.Hash.S
val generate : key:priv -> Cstruct.t -> Cstruct.t
generate ~key digest
deterministically takes the given private key and message digest to a k
suitable for seeding the signing process.
Dsa.Precompute
Operations to precompute useful data meant to be hardcoded in mirage-crypto-ec
before compilation
P224.Dsa
Digital signature algorithm.
priv_of_cstruct cs
decodes a private key from the buffer cs
. If the provided data is invalid, an error is returned.
val priv_to_cstruct : priv -> Cstruct.t
priv_to_cstruct p
encode the private key p
to a buffer.
pub_of_cstruct cs
decodes a public key from the buffer cs
. If the provided data is invalid, an error is returned.
val pub_to_cstruct : ?compress:bool -> pub -> Cstruct.t
pub_to_cstruct ~compress p
encodes the public key p
into a buffer. If compress
is provided and true
(default false
), the compressed representation is returned.
val generate : ?g:Mirage_crypto_rng.g -> unit -> priv * pub
generate ~g ()
generates a key pair.
val sign : key:priv -> ?k:Cstruct.t -> Cstruct.t -> Cstruct.t * Cstruct.t
sign ~key ~k digest
signs the message digest
using the private key
. The digest
is not processed further - it should be the hash of the message to sign. If k
is not provided, it is computed using the deterministic construction from RFC 6979. The result is a pair of r
and s
.
Warning: there are attacks that recover the private key from a power and timing analysis of the RFC 6979 computation of k
- thus it is advised to provide a good nonce (k
) explicitly, which is independent of key and digest.
val verify : key:pub -> (Cstruct.t * Cstruct.t) -> Cstruct.t -> bool
verify ~key (r, s) digest
verifies the signature r, s
on the message digest
with the public key
. The return value is true
if verification was successful, false
otherwise. If the message has more bits than the group order, the result is false.
module K_gen (H : Mirage_crypto.Hash.S) : sig ... end
K_gen
can be instantiated over a hashing module to obtain an RFC6979 compliant k
-generator for that hash.
module Precompute : sig ... end
Operations to precompute useful data meant to be hardcoded in mirage-crypto-ec
before compilation
Mirage_crypto_ec.P224
The NIST P-224 curve, also known as SECP224R1. Please note that decompression is not supported for P-224 public keys.
P256.Dh
Diffie-Hellman key exchange.
val secret_of_cs :
+Dh (mirage-crypto-ec.Mirage_crypto_ec.P256.Dh) Module P256.Dh
Diffie-Hellman key exchange.
secret_of_cs ~compress secret
decodes the provided buffer as secret
. If compress
is provided and true
(defaults to false
), the shared part will be compressed. May result in an error if the buffer had an invalid length or was not in bounds.
secret_of_octets ~compress secret
decodes the provided buffer as secret
. If compress
is provided and true
(defaults to false
), the shared part will be compressed. May result in an error if the buffer had an invalid length or was not in bounds.
val gen_key :
?compress:bool ->
?g:Mirage_crypto_rng.g ->
unit ->
- secret * Cstruct.t
gen_key ~compress ~g ()
generates a private and a public key for Ephemeral Diffie-Hellman. If compress
is provided and true
(defaults to false
), the shared part will be compressed. The returned key pair MUST only be used for a single key exchange.
The generated private key is checked to be greater than zero and lower than the group order meaning the public key cannot be the point at inifinity.
key_exchange secret received_public_key
performs Diffie-Hellman key exchange using your secret and the data received from the other party. Returns the shared secret or an error if the received data is wrongly encoded, doesn't represent a point on the curve or represent the point at infinity.
The shared secret is returned as is i.e. not stripped from leading 0x00 bytes.
The public key encoding is described in SEC 1 from SECG.
+ secret * string
gen_key ~compress ~g ()
generates a private and a public key for Ephemeral Diffie-Hellman. If compress
is provided and true
(defaults to false
), the shared part will be compressed. The returned key pair MUST only be used for a single key exchange.
The generated private key is checked to be greater than zero and lower than the group order meaning the public key cannot be the point at inifinity.
key_exchange secret received_public_key
performs Diffie-Hellman key exchange using your secret and the data received from the other party. Returns the shared secret or an error if the received data is wrongly encoded, doesn't represent a point on the curve or represent the point at infinity.
The shared secret is returned as is i.e. not stripped from leading 0x00 bytes.
The public key encoding is described in SEC 1 from SECG.
K_gen.H
val empty : t
empty
is the hash of the empty string.
feed t msg
adds the information in msg
to t
.
feed
is analogous to appending: feed (feed t msg1) msg2 = feed t (Cstruct.append msg1 msg2)
.
val get : t -> Mirage_crypto.Hash.digest
get t
is the digest corresponding to t
.
val hmac_empty : key:Cstruct.t -> hmac
hmac ~key
is the hmac of the empty string using key key
.
val hmac_get : hmac -> Mirage_crypto.Hash.digest
hmac_get hmac
is the hmac corresponding to hmac
.
Functions that operate on data stored in a single chunk.
val digest : Cstruct.t -> Mirage_crypto.Hash.digest
digest msg
is the digest of msg
.
digest msg = get (feed empty msg)
val hmac : key:Cstruct.t -> Cstruct.t -> Mirage_crypto.Hash.digest
hmac ~key bytes
is the authentication code for bytes
under the secret key
, generated using the standard HMAC construction over this hash algorithm.
Functions that operate on arbitrary iterators. They can serve as a basis for other, more specialized aggregate hashing operations.
These functions are a little faster than using feed
directly.
val feedi : t -> Cstruct.t Mirage_crypto.Hash.iter -> t
feedi t iter =
- (let r = ref t in iter (fun msg -> r := feed !r msg); !r)
val digesti : Cstruct.t Mirage_crypto.Hash.iter -> Mirage_crypto.Hash.digest
digesti iter = feedi empty iter |> get
val hmaci :
- key:Cstruct.t ->
- Cstruct.t Mirage_crypto.Hash.iter ->
- Mirage_crypto.Hash.digest
See hmac
.
Dsa.K_gen
K_gen
can be instantiated over a hashing module to obtain an RFC6979 compliant k
-generator for that hash.
module H : Mirage_crypto.Hash.S
val generate : key:priv -> Cstruct.t -> Cstruct.t
generate ~key digest
deterministically takes the given private key and message digest to a k
suitable for seeding the signing process.
Dsa.K_gen
K_gen
can be instantiated over a hashing module to obtain an RFC6979 compliant k
-generator for that hash.
val generate : key:priv -> string -> string
generate ~key digest
deterministically takes the given private key and message digest to a k
suitable for seeding the signing process.
Dsa.Precompute
Operations to precompute useful data meant to be hardcoded in mirage-crypto-ec
before compilation
Dsa.Precompute
Operations to precompute useful data meant to be hardcoded in mirage-crypto-ec
before compilation
P256.Dsa
Digital signature algorithm.
priv_of_cstruct cs
decodes a private key from the buffer cs
. If the provided data is invalid, an error is returned.
val priv_to_cstruct : priv -> Cstruct.t
priv_to_cstruct p
encode the private key p
to a buffer.
pub_of_cstruct cs
decodes a public key from the buffer cs
. If the provided data is invalid, an error is returned.
val pub_to_cstruct : ?compress:bool -> pub -> Cstruct.t
pub_to_cstruct ~compress p
encodes the public key p
into a buffer. If compress
is provided and true
(default false
), the compressed representation is returned.
val generate : ?g:Mirage_crypto_rng.g -> unit -> priv * pub
generate ~g ()
generates a key pair.
val sign : key:priv -> ?k:Cstruct.t -> Cstruct.t -> Cstruct.t * Cstruct.t
sign ~key ~k digest
signs the message digest
using the private key
. The digest
is not processed further - it should be the hash of the message to sign. If k
is not provided, it is computed using the deterministic construction from RFC 6979. The result is a pair of r
and s
.
Warning: there are attacks that recover the private key from a power and timing analysis of the RFC 6979 computation of k
- thus it is advised to provide a good nonce (k
) explicitly, which is independent of key and digest.
val verify : key:pub -> (Cstruct.t * Cstruct.t) -> Cstruct.t -> bool
verify ~key (r, s) digest
verifies the signature r, s
on the message digest
with the public key
. The return value is true
if verification was successful, false
otherwise. If the message has more bits than the group order, the result is false.
module K_gen (H : Mirage_crypto.Hash.S) : sig ... end
K_gen
can be instantiated over a hashing module to obtain an RFC6979 compliant k
-generator for that hash.
module Precompute : sig ... end
Operations to precompute useful data meant to be hardcoded in mirage-crypto-ec
before compilation
P256.Dsa
Digital signature algorithm.
priv_of_octets buf
decodes a private key from the buffer buf
. If the provided data is invalid, an error is returned.
val priv_to_octets : priv -> string
priv_to_octets p
encode the private key p
to a buffer.
pub_of_octets buf
decodes a public key from the buffer buf
. If the provided data is invalid, an error is returned.
val pub_to_octets : ?compress:bool -> pub -> string
pub_to_octets ~compress p
encodes the public key p
into a buffer. If compress
is provided and true
(default false
), the compressed representation is returned.
val generate : ?g:Mirage_crypto_rng.g -> unit -> priv * pub
generate ~g ()
generates a key pair.
val sign : key:priv -> ?k:string -> string -> string * string
sign ~key ~k digest
signs the message digest
using the private key
. The digest
is not processed further - it should be the hash of the message to sign. If k
is not provided, it is computed using the deterministic construction from RFC 6979. The result is a pair of r
and s
.
Warning: there are attacks that recover the private key from a power and timing analysis of the RFC 6979 computation of k
- thus it is advised to provide a good nonce (k
) explicitly, which is independent of key and digest.
val verify : key:pub -> (string * string) -> string -> bool
verify ~key (r, s) digest
verifies the signature r, s
on the message digest
with the public key
. The return value is true
if verification was successful, false
otherwise. If the message has more bits than the group order, the result is false.
K_gen
can be instantiated over a hashing module to obtain an RFC6979 compliant k
-generator for that hash.
module Precompute : sig ... end
Operations to precompute useful data meant to be hardcoded in mirage-crypto-ec
before compilation
Mirage_crypto_ec.P256
The NIST P-256 curve, also known as SECP256R1.
Mirage_crypto_ec.P256
The NIST P-256 curve, also known as SECP256R1.
P384.Dh
Diffie-Hellman key exchange.
val secret_of_cs :
+Dh (mirage-crypto-ec.Mirage_crypto_ec.P384.Dh) Module P384.Dh
Diffie-Hellman key exchange.
secret_of_cs ~compress secret
decodes the provided buffer as secret
. If compress
is provided and true
(defaults to false
), the shared part will be compressed. May result in an error if the buffer had an invalid length or was not in bounds.
secret_of_octets ~compress secret
decodes the provided buffer as secret
. If compress
is provided and true
(defaults to false
), the shared part will be compressed. May result in an error if the buffer had an invalid length or was not in bounds.
val gen_key :
?compress:bool ->
?g:Mirage_crypto_rng.g ->
unit ->
- secret * Cstruct.t
gen_key ~compress ~g ()
generates a private and a public key for Ephemeral Diffie-Hellman. If compress
is provided and true
(defaults to false
), the shared part will be compressed. The returned key pair MUST only be used for a single key exchange.
The generated private key is checked to be greater than zero and lower than the group order meaning the public key cannot be the point at inifinity.
key_exchange secret received_public_key
performs Diffie-Hellman key exchange using your secret and the data received from the other party. Returns the shared secret or an error if the received data is wrongly encoded, doesn't represent a point on the curve or represent the point at infinity.
The shared secret is returned as is i.e. not stripped from leading 0x00 bytes.
The public key encoding is described in SEC 1 from SECG.
+ secret * string
gen_key ~compress ~g ()
generates a private and a public key for Ephemeral Diffie-Hellman. If compress
is provided and true
(defaults to false
), the shared part will be compressed. The returned key pair MUST only be used for a single key exchange.
The generated private key is checked to be greater than zero and lower than the group order meaning the public key cannot be the point at inifinity.
key_exchange secret received_public_key
performs Diffie-Hellman key exchange using your secret and the data received from the other party. Returns the shared secret or an error if the received data is wrongly encoded, doesn't represent a point on the curve or represent the point at infinity.
The shared secret is returned as is i.e. not stripped from leading 0x00 bytes.
The public key encoding is described in SEC 1 from SECG.
K_gen.H
val empty : t
empty
is the hash of the empty string.
feed t msg
adds the information in msg
to t
.
feed
is analogous to appending: feed (feed t msg1) msg2 = feed t (Cstruct.append msg1 msg2)
.
val get : t -> Mirage_crypto.Hash.digest
get t
is the digest corresponding to t
.
val hmac_empty : key:Cstruct.t -> hmac
hmac ~key
is the hmac of the empty string using key key
.
val hmac_get : hmac -> Mirage_crypto.Hash.digest
hmac_get hmac
is the hmac corresponding to hmac
.
Functions that operate on data stored in a single chunk.
val digest : Cstruct.t -> Mirage_crypto.Hash.digest
digest msg
is the digest of msg
.
digest msg = get (feed empty msg)
val hmac : key:Cstruct.t -> Cstruct.t -> Mirage_crypto.Hash.digest
hmac ~key bytes
is the authentication code for bytes
under the secret key
, generated using the standard HMAC construction over this hash algorithm.
Functions that operate on arbitrary iterators. They can serve as a basis for other, more specialized aggregate hashing operations.
These functions are a little faster than using feed
directly.
val feedi : t -> Cstruct.t Mirage_crypto.Hash.iter -> t
feedi t iter =
- (let r = ref t in iter (fun msg -> r := feed !r msg); !r)
val digesti : Cstruct.t Mirage_crypto.Hash.iter -> Mirage_crypto.Hash.digest
digesti iter = feedi empty iter |> get
val hmaci :
- key:Cstruct.t ->
- Cstruct.t Mirage_crypto.Hash.iter ->
- Mirage_crypto.Hash.digest
See hmac
.
Dsa.K_gen
K_gen
can be instantiated over a hashing module to obtain an RFC6979 compliant k
-generator for that hash.
module H : Mirage_crypto.Hash.S
val generate : key:priv -> Cstruct.t -> Cstruct.t
generate ~key digest
deterministically takes the given private key and message digest to a k
suitable for seeding the signing process.
Dsa.K_gen
K_gen
can be instantiated over a hashing module to obtain an RFC6979 compliant k
-generator for that hash.
val generate : key:priv -> string -> string
generate ~key digest
deterministically takes the given private key and message digest to a k
suitable for seeding the signing process.
Dsa.Precompute
Operations to precompute useful data meant to be hardcoded in mirage-crypto-ec
before compilation
Dsa.Precompute
Operations to precompute useful data meant to be hardcoded in mirage-crypto-ec
before compilation
P384.Dsa
Digital signature algorithm.
priv_of_cstruct cs
decodes a private key from the buffer cs
. If the provided data is invalid, an error is returned.
val priv_to_cstruct : priv -> Cstruct.t
priv_to_cstruct p
encode the private key p
to a buffer.
pub_of_cstruct cs
decodes a public key from the buffer cs
. If the provided data is invalid, an error is returned.
val pub_to_cstruct : ?compress:bool -> pub -> Cstruct.t
pub_to_cstruct ~compress p
encodes the public key p
into a buffer. If compress
is provided and true
(default false
), the compressed representation is returned.
val generate : ?g:Mirage_crypto_rng.g -> unit -> priv * pub
generate ~g ()
generates a key pair.
val sign : key:priv -> ?k:Cstruct.t -> Cstruct.t -> Cstruct.t * Cstruct.t
sign ~key ~k digest
signs the message digest
using the private key
. The digest
is not processed further - it should be the hash of the message to sign. If k
is not provided, it is computed using the deterministic construction from RFC 6979. The result is a pair of r
and s
.
Warning: there are attacks that recover the private key from a power and timing analysis of the RFC 6979 computation of k
- thus it is advised to provide a good nonce (k
) explicitly, which is independent of key and digest.
val verify : key:pub -> (Cstruct.t * Cstruct.t) -> Cstruct.t -> bool
verify ~key (r, s) digest
verifies the signature r, s
on the message digest
with the public key
. The return value is true
if verification was successful, false
otherwise. If the message has more bits than the group order, the result is false.
module K_gen (H : Mirage_crypto.Hash.S) : sig ... end
K_gen
can be instantiated over a hashing module to obtain an RFC6979 compliant k
-generator for that hash.
module Precompute : sig ... end
Operations to precompute useful data meant to be hardcoded in mirage-crypto-ec
before compilation
P384.Dsa
Digital signature algorithm.
priv_of_octets buf
decodes a private key from the buffer buf
. If the provided data is invalid, an error is returned.
val priv_to_octets : priv -> string
priv_to_octets p
encode the private key p
to a buffer.
pub_of_octets buf
decodes a public key from the buffer buf
. If the provided data is invalid, an error is returned.
val pub_to_octets : ?compress:bool -> pub -> string
pub_to_octets ~compress p
encodes the public key p
into a buffer. If compress
is provided and true
(default false
), the compressed representation is returned.
val generate : ?g:Mirage_crypto_rng.g -> unit -> priv * pub
generate ~g ()
generates a key pair.
val sign : key:priv -> ?k:string -> string -> string * string
sign ~key ~k digest
signs the message digest
using the private key
. The digest
is not processed further - it should be the hash of the message to sign. If k
is not provided, it is computed using the deterministic construction from RFC 6979. The result is a pair of r
and s
.
Warning: there are attacks that recover the private key from a power and timing analysis of the RFC 6979 computation of k
- thus it is advised to provide a good nonce (k
) explicitly, which is independent of key and digest.
val verify : key:pub -> (string * string) -> string -> bool
verify ~key (r, s) digest
verifies the signature r, s
on the message digest
with the public key
. The return value is true
if verification was successful, false
otherwise. If the message has more bits than the group order, the result is false.
K_gen
can be instantiated over a hashing module to obtain an RFC6979 compliant k
-generator for that hash.
module Precompute : sig ... end
Operations to precompute useful data meant to be hardcoded in mirage-crypto-ec
before compilation
Mirage_crypto_ec.P384
The NIST P-384 curve, also known as SECP384R1.
Mirage_crypto_ec.P384
The NIST P-384 curve, also known as SECP384R1.
P521.Dh
Diffie-Hellman key exchange.
val secret_of_cs :
+Dh (mirage-crypto-ec.Mirage_crypto_ec.P521.Dh) Module P521.Dh
Diffie-Hellman key exchange.
secret_of_cs ~compress secret
decodes the provided buffer as secret
. If compress
is provided and true
(defaults to false
), the shared part will be compressed. May result in an error if the buffer had an invalid length or was not in bounds.
secret_of_octets ~compress secret
decodes the provided buffer as secret
. If compress
is provided and true
(defaults to false
), the shared part will be compressed. May result in an error if the buffer had an invalid length or was not in bounds.
val gen_key :
?compress:bool ->
?g:Mirage_crypto_rng.g ->
unit ->
- secret * Cstruct.t
gen_key ~compress ~g ()
generates a private and a public key for Ephemeral Diffie-Hellman. If compress
is provided and true
(defaults to false
), the shared part will be compressed. The returned key pair MUST only be used for a single key exchange.
The generated private key is checked to be greater than zero and lower than the group order meaning the public key cannot be the point at inifinity.
key_exchange secret received_public_key
performs Diffie-Hellman key exchange using your secret and the data received from the other party. Returns the shared secret or an error if the received data is wrongly encoded, doesn't represent a point on the curve or represent the point at infinity.
The shared secret is returned as is i.e. not stripped from leading 0x00 bytes.
The public key encoding is described in SEC 1 from SECG.
+ secret * string
gen_key ~compress ~g ()
generates a private and a public key for Ephemeral Diffie-Hellman. If compress
is provided and true
(defaults to false
), the shared part will be compressed. The returned key pair MUST only be used for a single key exchange.
The generated private key is checked to be greater than zero and lower than the group order meaning the public key cannot be the point at inifinity.
key_exchange secret received_public_key
performs Diffie-Hellman key exchange using your secret and the data received from the other party. Returns the shared secret or an error if the received data is wrongly encoded, doesn't represent a point on the curve or represent the point at infinity.
The shared secret is returned as is i.e. not stripped from leading 0x00 bytes.
The public key encoding is described in SEC 1 from SECG.
K_gen.H
val empty : t
empty
is the hash of the empty string.
feed t msg
adds the information in msg
to t
.
feed
is analogous to appending: feed (feed t msg1) msg2 = feed t (Cstruct.append msg1 msg2)
.
val get : t -> Mirage_crypto.Hash.digest
get t
is the digest corresponding to t
.
val hmac_empty : key:Cstruct.t -> hmac
hmac ~key
is the hmac of the empty string using key key
.
val hmac_get : hmac -> Mirage_crypto.Hash.digest
hmac_get hmac
is the hmac corresponding to hmac
.
Functions that operate on data stored in a single chunk.
val digest : Cstruct.t -> Mirage_crypto.Hash.digest
digest msg
is the digest of msg
.
digest msg = get (feed empty msg)
val hmac : key:Cstruct.t -> Cstruct.t -> Mirage_crypto.Hash.digest
hmac ~key bytes
is the authentication code for bytes
under the secret key
, generated using the standard HMAC construction over this hash algorithm.
Functions that operate on arbitrary iterators. They can serve as a basis for other, more specialized aggregate hashing operations.
These functions are a little faster than using feed
directly.
val feedi : t -> Cstruct.t Mirage_crypto.Hash.iter -> t
feedi t iter =
- (let r = ref t in iter (fun msg -> r := feed !r msg); !r)
val digesti : Cstruct.t Mirage_crypto.Hash.iter -> Mirage_crypto.Hash.digest
digesti iter = feedi empty iter |> get
val hmaci :
- key:Cstruct.t ->
- Cstruct.t Mirage_crypto.Hash.iter ->
- Mirage_crypto.Hash.digest
See hmac
.
Dsa.K_gen
K_gen
can be instantiated over a hashing module to obtain an RFC6979 compliant k
-generator for that hash.
module H : Mirage_crypto.Hash.S
val generate : key:priv -> Cstruct.t -> Cstruct.t
generate ~key digest
deterministically takes the given private key and message digest to a k
suitable for seeding the signing process.
Dsa.K_gen
K_gen
can be instantiated over a hashing module to obtain an RFC6979 compliant k
-generator for that hash.
val generate : key:priv -> string -> string
generate ~key digest
deterministically takes the given private key and message digest to a k
suitable for seeding the signing process.
Dsa.Precompute
Operations to precompute useful data meant to be hardcoded in mirage-crypto-ec
before compilation
Dsa.Precompute
Operations to precompute useful data meant to be hardcoded in mirage-crypto-ec
before compilation
P521.Dsa
Digital signature algorithm.
priv_of_cstruct cs
decodes a private key from the buffer cs
. If the provided data is invalid, an error is returned.
val priv_to_cstruct : priv -> Cstruct.t
priv_to_cstruct p
encode the private key p
to a buffer.
pub_of_cstruct cs
decodes a public key from the buffer cs
. If the provided data is invalid, an error is returned.
val pub_to_cstruct : ?compress:bool -> pub -> Cstruct.t
pub_to_cstruct ~compress p
encodes the public key p
into a buffer. If compress
is provided and true
(default false
), the compressed representation is returned.
val generate : ?g:Mirage_crypto_rng.g -> unit -> priv * pub
generate ~g ()
generates a key pair.
val sign : key:priv -> ?k:Cstruct.t -> Cstruct.t -> Cstruct.t * Cstruct.t
sign ~key ~k digest
signs the message digest
using the private key
. The digest
is not processed further - it should be the hash of the message to sign. If k
is not provided, it is computed using the deterministic construction from RFC 6979. The result is a pair of r
and s
.
Warning: there are attacks that recover the private key from a power and timing analysis of the RFC 6979 computation of k
- thus it is advised to provide a good nonce (k
) explicitly, which is independent of key and digest.
val verify : key:pub -> (Cstruct.t * Cstruct.t) -> Cstruct.t -> bool
verify ~key (r, s) digest
verifies the signature r, s
on the message digest
with the public key
. The return value is true
if verification was successful, false
otherwise. If the message has more bits than the group order, the result is false.
module K_gen (H : Mirage_crypto.Hash.S) : sig ... end
K_gen
can be instantiated over a hashing module to obtain an RFC6979 compliant k
-generator for that hash.
module Precompute : sig ... end
Operations to precompute useful data meant to be hardcoded in mirage-crypto-ec
before compilation
P521.Dsa
Digital signature algorithm.
priv_of_octets buf
decodes a private key from the buffer buf
. If the provided data is invalid, an error is returned.
val priv_to_octets : priv -> string
priv_to_octets p
encode the private key p
to a buffer.
pub_of_octets buf
decodes a public key from the buffer buf
. If the provided data is invalid, an error is returned.
val pub_to_octets : ?compress:bool -> pub -> string
pub_to_octets ~compress p
encodes the public key p
into a buffer. If compress
is provided and true
(default false
), the compressed representation is returned.
val generate : ?g:Mirage_crypto_rng.g -> unit -> priv * pub
generate ~g ()
generates a key pair.
val sign : key:priv -> ?k:string -> string -> string * string
sign ~key ~k digest
signs the message digest
using the private key
. The digest
is not processed further - it should be the hash of the message to sign. If k
is not provided, it is computed using the deterministic construction from RFC 6979. The result is a pair of r
and s
.
Warning: there are attacks that recover the private key from a power and timing analysis of the RFC 6979 computation of k
- thus it is advised to provide a good nonce (k
) explicitly, which is independent of key and digest.
val verify : key:pub -> (string * string) -> string -> bool
verify ~key (r, s) digest
verifies the signature r, s
on the message digest
with the public key
. The return value is true
if verification was successful, false
otherwise. If the message has more bits than the group order, the result is false.
K_gen
can be instantiated over a hashing module to obtain an RFC6979 compliant k
-generator for that hash.
module Precompute : sig ... end
Operations to precompute useful data meant to be hardcoded in mirage-crypto-ec
before compilation
Mirage_crypto_ec.P521
The NIST P-521 curve, also known as SECP521R1.
Mirage_crypto_ec.P521
The NIST P-521 curve, also known as SECP521R1.
Mirage_crypto_ec.X25519
Curve 25519 Diffie-Hellman, also known as X25519.
val secret_of_cs :
+X25519 (mirage-crypto-ec.Mirage_crypto_ec.X25519) Module Mirage_crypto_ec.X25519
Curve 25519 Diffie-Hellman, also known as X25519.
secret_of_cs ~compress secret
decodes the provided buffer as secret
. If compress
is provided and true
(defaults to false
), the shared part will be compressed. May result in an error if the buffer had an invalid length or was not in bounds.
secret_of_octets ~compress secret
decodes the provided buffer as secret
. If compress
is provided and true
(defaults to false
), the shared part will be compressed. May result in an error if the buffer had an invalid length or was not in bounds.
val gen_key :
?compress:bool ->
?g:Mirage_crypto_rng.g ->
unit ->
- secret * Cstruct.t
gen_key ~compress ~g ()
generates a private and a public key for Ephemeral Diffie-Hellman. If compress
is provided and true
(defaults to false
), the shared part will be compressed. The returned key pair MUST only be used for a single key exchange.
The generated private key is checked to be greater than zero and lower than the group order meaning the public key cannot be the point at inifinity.
key_exchange secret received_public_key
performs Diffie-Hellman key exchange using your secret and the data received from the other party. Returns the shared secret or an error if the received data is wrongly encoded, doesn't represent a point on the curve or represent the point at infinity.
The shared secret is returned as is i.e. not stripped from leading 0x00 bytes.
The public key encoding is described in SEC 1 from SECG.
+ secret * string
gen_key ~compress ~g ()
generates a private and a public key for Ephemeral Diffie-Hellman. If compress
is provided and true
(defaults to false
), the shared part will be compressed. The returned key pair MUST only be used for a single key exchange.
The generated private key is checked to be greater than zero and lower than the group order meaning the public key cannot be the point at inifinity.
key_exchange secret received_public_key
performs Diffie-Hellman key exchange using your secret and the data received from the other party. Returns the shared secret or an error if the received data is wrongly encoded, doesn't represent a point on the curve or represent the point at infinity.
The shared secret is returned as is i.e. not stripped from leading 0x00 bytes.
The public key encoding is described in SEC 1 from SECG.
Mirage_crypto_ec
Mirage-crypto-ec implements public key cryptography with named elliptic curves. Ephemeral key exchanges with Diffie-Hellman and digital signatures (ECDSA) are implemented.
The arithmetic operations uses code generated by fiat-crypto which is proven to consume a constant amount of time, independent of the input values.
val pp_error : Stdlib.Format.formatter -> error -> unit
Pretty printer for errors
module type Dh = sig ... end
Diffie-Hellman key exchange.
module type Dsa = sig ... end
Digital signature algorithm.
module type Dh_dsa = sig ... end
Elliptic curve with Diffie-Hellman and DSA.
The NIST P-224 curve, also known as SECP224R1. Please note that decompression is not supported for P-224 public keys.
module Ed25519 : sig ... end
Curve 25519 DSA, also known as Ed25519.
Mirage_crypto_ec
Mirage-crypto-ec implements public key cryptography with named elliptic curves. Ephemeral key exchanges with Diffie-Hellman and digital signatures (ECDSA) are implemented.
The arithmetic operations uses code generated by fiat-crypto which is proven to consume a constant amount of time, independent of the input values.
val pp_error : Stdlib.Format.formatter -> error -> unit
Pretty printer for errors
module type Dh = sig ... end
Diffie-Hellman key exchange.
module type Dsa = sig ... end
Digital signature algorithm.
module type Dh_dsa = sig ... end
Elliptic curve with Diffie-Hellman and DSA.
module Ed25519 : sig ... end
Curve 25519 DSA, also known as Ed25519.
Mirage_crypto_ec.Dh
Diffie-Hellman key exchange.
val secret_of_cs :
+Dh (mirage-crypto-ec.Mirage_crypto_ec.Dh) Module type Mirage_crypto_ec.Dh
Diffie-Hellman key exchange.
secret_of_cs ~compress secret
decodes the provided buffer as secret
. If compress
is provided and true
(defaults to false
), the shared part will be compressed. May result in an error if the buffer had an invalid length or was not in bounds.
secret_of_octets ~compress secret
decodes the provided buffer as secret
. If compress
is provided and true
(defaults to false
), the shared part will be compressed. May result in an error if the buffer had an invalid length or was not in bounds.
val gen_key :
?compress:bool ->
?g:Mirage_crypto_rng.g ->
unit ->
- secret * Cstruct.t
gen_key ~compress ~g ()
generates a private and a public key for Ephemeral Diffie-Hellman. If compress
is provided and true
(defaults to false
), the shared part will be compressed. The returned key pair MUST only be used for a single key exchange.
The generated private key is checked to be greater than zero and lower than the group order meaning the public key cannot be the point at inifinity.
key_exchange secret received_public_key
performs Diffie-Hellman key exchange using your secret and the data received from the other party. Returns the shared secret or an error if the received data is wrongly encoded, doesn't represent a point on the curve or represent the point at infinity.
The shared secret is returned as is i.e. not stripped from leading 0x00 bytes.
The public key encoding is described in SEC 1 from SECG.
+ secret * string
gen_key ~compress ~g ()
generates a private and a public key for Ephemeral Diffie-Hellman. If compress
is provided and true
(defaults to false
), the shared part will be compressed. The returned key pair MUST only be used for a single key exchange.
The generated private key is checked to be greater than zero and lower than the group order meaning the public key cannot be the point at inifinity.
key_exchange secret received_public_key
performs Diffie-Hellman key exchange using your secret and the data received from the other party. Returns the shared secret or an error if the received data is wrongly encoded, doesn't represent a point on the curve or represent the point at infinity.
The shared secret is returned as is i.e. not stripped from leading 0x00 bytes.
The public key encoding is described in SEC 1 from SECG.
Dh_dsa.Dh
Diffie-Hellman key exchange.
val secret_of_cs :
+Dh (mirage-crypto-ec.Mirage_crypto_ec.Dh_dsa.Dh) Module Dh_dsa.Dh
Diffie-Hellman key exchange.
secret_of_cs ~compress secret
decodes the provided buffer as secret
. If compress
is provided and true
(defaults to false
), the shared part will be compressed. May result in an error if the buffer had an invalid length or was not in bounds.
secret_of_octets ~compress secret
decodes the provided buffer as secret
. If compress
is provided and true
(defaults to false
), the shared part will be compressed. May result in an error if the buffer had an invalid length or was not in bounds.
val gen_key :
?compress:bool ->
?g:Mirage_crypto_rng.g ->
unit ->
- secret * Cstruct.t
gen_key ~compress ~g ()
generates a private and a public key for Ephemeral Diffie-Hellman. If compress
is provided and true
(defaults to false
), the shared part will be compressed. The returned key pair MUST only be used for a single key exchange.
The generated private key is checked to be greater than zero and lower than the group order meaning the public key cannot be the point at inifinity.
key_exchange secret received_public_key
performs Diffie-Hellman key exchange using your secret and the data received from the other party. Returns the shared secret or an error if the received data is wrongly encoded, doesn't represent a point on the curve or represent the point at infinity.
The shared secret is returned as is i.e. not stripped from leading 0x00 bytes.
The public key encoding is described in SEC 1 from SECG.
+ secret * string
gen_key ~compress ~g ()
generates a private and a public key for Ephemeral Diffie-Hellman. If compress
is provided and true
(defaults to false
), the shared part will be compressed. The returned key pair MUST only be used for a single key exchange.
The generated private key is checked to be greater than zero and lower than the group order meaning the public key cannot be the point at inifinity.
key_exchange secret received_public_key
performs Diffie-Hellman key exchange using your secret and the data received from the other party. Returns the shared secret or an error if the received data is wrongly encoded, doesn't represent a point on the curve or represent the point at infinity.
The shared secret is returned as is i.e. not stripped from leading 0x00 bytes.
The public key encoding is described in SEC 1 from SECG.
K_gen.H
val empty : t
empty
is the hash of the empty string.
feed t msg
adds the information in msg
to t
.
feed
is analogous to appending: feed (feed t msg1) msg2 = feed t (Cstruct.append msg1 msg2)
.
val get : t -> Mirage_crypto.Hash.digest
get t
is the digest corresponding to t
.
val hmac_empty : key:Cstruct.t -> hmac
hmac ~key
is the hmac of the empty string using key key
.
val hmac_get : hmac -> Mirage_crypto.Hash.digest
hmac_get hmac
is the hmac corresponding to hmac
.
Functions that operate on data stored in a single chunk.
val digest : Cstruct.t -> Mirage_crypto.Hash.digest
digest msg
is the digest of msg
.
digest msg = get (feed empty msg)
val hmac : key:Cstruct.t -> Cstruct.t -> Mirage_crypto.Hash.digest
hmac ~key bytes
is the authentication code for bytes
under the secret key
, generated using the standard HMAC construction over this hash algorithm.
Functions that operate on arbitrary iterators. They can serve as a basis for other, more specialized aggregate hashing operations.
These functions are a little faster than using feed
directly.
val feedi : t -> Cstruct.t Mirage_crypto.Hash.iter -> t
feedi t iter =
- (let r = ref t in iter (fun msg -> r := feed !r msg); !r)
val digesti : Cstruct.t Mirage_crypto.Hash.iter -> Mirage_crypto.Hash.digest
digesti iter = feedi empty iter |> get
val hmaci :
- key:Cstruct.t ->
- Cstruct.t Mirage_crypto.Hash.iter ->
- Mirage_crypto.Hash.digest
See hmac
.
Dsa.K_gen
K_gen
can be instantiated over a hashing module to obtain an RFC6979 compliant k
-generator for that hash.
module H : Mirage_crypto.Hash.S
val generate : key:priv -> Cstruct.t -> Cstruct.t
generate ~key digest
deterministically takes the given private key and message digest to a k
suitable for seeding the signing process.
Dsa.K_gen
K_gen
can be instantiated over a hashing module to obtain an RFC6979 compliant k
-generator for that hash.
val generate : key:priv -> string -> string
generate ~key digest
deterministically takes the given private key and message digest to a k
suitable for seeding the signing process.
Dsa.Precompute
Operations to precompute useful data meant to be hardcoded in mirage-crypto-ec
before compilation
Dsa.Precompute
Operations to precompute useful data meant to be hardcoded in mirage-crypto-ec
before compilation
Dh_dsa.Dsa
Digital signature algorithm.
priv_of_cstruct cs
decodes a private key from the buffer cs
. If the provided data is invalid, an error is returned.
val priv_to_cstruct : priv -> Cstruct.t
priv_to_cstruct p
encode the private key p
to a buffer.
pub_of_cstruct cs
decodes a public key from the buffer cs
. If the provided data is invalid, an error is returned.
val pub_to_cstruct : ?compress:bool -> pub -> Cstruct.t
pub_to_cstruct ~compress p
encodes the public key p
into a buffer. If compress
is provided and true
(default false
), the compressed representation is returned.
val generate : ?g:Mirage_crypto_rng.g -> unit -> priv * pub
generate ~g ()
generates a key pair.
val sign : key:priv -> ?k:Cstruct.t -> Cstruct.t -> Cstruct.t * Cstruct.t
sign ~key ~k digest
signs the message digest
using the private key
. The digest
is not processed further - it should be the hash of the message to sign. If k
is not provided, it is computed using the deterministic construction from RFC 6979. The result is a pair of r
and s
.
Warning: there are attacks that recover the private key from a power and timing analysis of the RFC 6979 computation of k
- thus it is advised to provide a good nonce (k
) explicitly, which is independent of key and digest.
val verify : key:pub -> (Cstruct.t * Cstruct.t) -> Cstruct.t -> bool
verify ~key (r, s) digest
verifies the signature r, s
on the message digest
with the public key
. The return value is true
if verification was successful, false
otherwise. If the message has more bits than the group order, the result is false.
module K_gen (H : Mirage_crypto.Hash.S) : sig ... end
K_gen
can be instantiated over a hashing module to obtain an RFC6979 compliant k
-generator for that hash.
module Precompute : sig ... end
Operations to precompute useful data meant to be hardcoded in mirage-crypto-ec
before compilation
Dh_dsa.Dsa
Digital signature algorithm.
priv_of_octets buf
decodes a private key from the buffer buf
. If the provided data is invalid, an error is returned.
val priv_to_octets : priv -> string
priv_to_octets p
encode the private key p
to a buffer.
pub_of_octets buf
decodes a public key from the buffer buf
. If the provided data is invalid, an error is returned.
val pub_to_octets : ?compress:bool -> pub -> string
pub_to_octets ~compress p
encodes the public key p
into a buffer. If compress
is provided and true
(default false
), the compressed representation is returned.
val generate : ?g:Mirage_crypto_rng.g -> unit -> priv * pub
generate ~g ()
generates a key pair.
val sign : key:priv -> ?k:string -> string -> string * string
sign ~key ~k digest
signs the message digest
using the private key
. The digest
is not processed further - it should be the hash of the message to sign. If k
is not provided, it is computed using the deterministic construction from RFC 6979. The result is a pair of r
and s
.
Warning: there are attacks that recover the private key from a power and timing analysis of the RFC 6979 computation of k
- thus it is advised to provide a good nonce (k
) explicitly, which is independent of key and digest.
val verify : key:pub -> (string * string) -> string -> bool
verify ~key (r, s) digest
verifies the signature r, s
on the message digest
with the public key
. The return value is true
if verification was successful, false
otherwise. If the message has more bits than the group order, the result is false.
K_gen
can be instantiated over a hashing module to obtain an RFC6979 compliant k
-generator for that hash.
module Precompute : sig ... end
Operations to precompute useful data meant to be hardcoded in mirage-crypto-ec
before compilation
Mirage_crypto_ec.Dh_dsa
Elliptic curve with Diffie-Hellman and DSA.
Mirage_crypto_ec.Dh_dsa
Elliptic curve with Diffie-Hellman and DSA.
K_gen.H
val empty : t
empty
is the hash of the empty string.
feed t msg
adds the information in msg
to t
.
feed
is analogous to appending: feed (feed t msg1) msg2 = feed t (Cstruct.append msg1 msg2)
.
val get : t -> Mirage_crypto.Hash.digest
get t
is the digest corresponding to t
.
val hmac_empty : key:Cstruct.t -> hmac
hmac ~key
is the hmac of the empty string using key key
.
val hmac_get : hmac -> Mirage_crypto.Hash.digest
hmac_get hmac
is the hmac corresponding to hmac
.
Functions that operate on data stored in a single chunk.
val digest : Cstruct.t -> Mirage_crypto.Hash.digest
digest msg
is the digest of msg
.
digest msg = get (feed empty msg)
val hmac : key:Cstruct.t -> Cstruct.t -> Mirage_crypto.Hash.digest
hmac ~key bytes
is the authentication code for bytes
under the secret key
, generated using the standard HMAC construction over this hash algorithm.
Functions that operate on arbitrary iterators. They can serve as a basis for other, more specialized aggregate hashing operations.
These functions are a little faster than using feed
directly.
val feedi : t -> Cstruct.t Mirage_crypto.Hash.iter -> t
feedi t iter =
- (let r = ref t in iter (fun msg -> r := feed !r msg); !r)
val digesti : Cstruct.t Mirage_crypto.Hash.iter -> Mirage_crypto.Hash.digest
digesti iter = feedi empty iter |> get
val hmaci :
- key:Cstruct.t ->
- Cstruct.t Mirage_crypto.Hash.iter ->
- Mirage_crypto.Hash.digest
See hmac
.
Dsa.K_gen
K_gen
can be instantiated over a hashing module to obtain an RFC6979 compliant k
-generator for that hash.
module H : Mirage_crypto.Hash.S
val generate : key:priv -> Cstruct.t -> Cstruct.t
generate ~key digest
deterministically takes the given private key and message digest to a k
suitable for seeding the signing process.
Dsa.K_gen
K_gen
can be instantiated over a hashing module to obtain an RFC6979 compliant k
-generator for that hash.
val generate : key:priv -> string -> string
generate ~key digest
deterministically takes the given private key and message digest to a k
suitable for seeding the signing process.
Dsa.Precompute
Operations to precompute useful data meant to be hardcoded in mirage-crypto-ec
before compilation
Dsa.Precompute
Operations to precompute useful data meant to be hardcoded in mirage-crypto-ec
before compilation
Mirage_crypto_ec.Dsa
Digital signature algorithm.
priv_of_cstruct cs
decodes a private key from the buffer cs
. If the provided data is invalid, an error is returned.
val priv_to_cstruct : priv -> Cstruct.t
priv_to_cstruct p
encode the private key p
to a buffer.
pub_of_cstruct cs
decodes a public key from the buffer cs
. If the provided data is invalid, an error is returned.
val pub_to_cstruct : ?compress:bool -> pub -> Cstruct.t
pub_to_cstruct ~compress p
encodes the public key p
into a buffer. If compress
is provided and true
(default false
), the compressed representation is returned.
val generate : ?g:Mirage_crypto_rng.g -> unit -> priv * pub
generate ~g ()
generates a key pair.
val sign : key:priv -> ?k:Cstruct.t -> Cstruct.t -> Cstruct.t * Cstruct.t
sign ~key ~k digest
signs the message digest
using the private key
. The digest
is not processed further - it should be the hash of the message to sign. If k
is not provided, it is computed using the deterministic construction from RFC 6979. The result is a pair of r
and s
.
Warning: there are attacks that recover the private key from a power and timing analysis of the RFC 6979 computation of k
- thus it is advised to provide a good nonce (k
) explicitly, which is independent of key and digest.
val verify : key:pub -> (Cstruct.t * Cstruct.t) -> Cstruct.t -> bool
verify ~key (r, s) digest
verifies the signature r, s
on the message digest
with the public key
. The return value is true
if verification was successful, false
otherwise. If the message has more bits than the group order, the result is false.
module K_gen (H : Mirage_crypto.Hash.S) : sig ... end
K_gen
can be instantiated over a hashing module to obtain an RFC6979 compliant k
-generator for that hash.
module Precompute : sig ... end
Operations to precompute useful data meant to be hardcoded in mirage-crypto-ec
before compilation
Mirage_crypto_ec.Dsa
Digital signature algorithm.
priv_of_octets buf
decodes a private key from the buffer buf
. If the provided data is invalid, an error is returned.
val priv_to_octets : priv -> string
priv_to_octets p
encode the private key p
to a buffer.
pub_of_octets buf
decodes a public key from the buffer buf
. If the provided data is invalid, an error is returned.
val pub_to_octets : ?compress:bool -> pub -> string
pub_to_octets ~compress p
encodes the public key p
into a buffer. If compress
is provided and true
(default false
), the compressed representation is returned.
val generate : ?g:Mirage_crypto_rng.g -> unit -> priv * pub
generate ~g ()
generates a key pair.
val sign : key:priv -> ?k:string -> string -> string * string
sign ~key ~k digest
signs the message digest
using the private key
. The digest
is not processed further - it should be the hash of the message to sign. If k
is not provided, it is computed using the deterministic construction from RFC 6979. The result is a pair of r
and s
.
Warning: there are attacks that recover the private key from a power and timing analysis of the RFC 6979 computation of k
- thus it is advised to provide a good nonce (k
) explicitly, which is independent of key and digest.
val verify : key:pub -> (string * string) -> string -> bool
verify ~key (r, s) digest
verifies the signature r, s
on the message digest
with the public key
. The return value is true
if verification was successful, false
otherwise. If the message has more bits than the group order, the result is false.
K_gen
can be instantiated over a hashing module to obtain an RFC6979 compliant k
-generator for that hash.
module Precompute : sig ... end
Operations to precompute useful data meant to be hardcoded in mirage-crypto-ec
before compilation
The entry point of this library is the module: Mirage_crypto_ec
.
The entry point of this library is the module: Mirage_crypto_ec
.
Dh.Group
A small catalog of standardized group
s.
From RFC 2409:
val oakley_1 : group
val oakley_2 : group
From RFC 3526:
val oakley_5 : group
val oakley_14 : group
val oakley_15 : group
val oakley_16 : group
val oakley_17 : group
val oakley_18 : group
From RFC 5114:
val rfc_5114_1 : group
val rfc_5114_2 : group
val rfc_5114_3 : group
From draft-ietf-tls-negotiated-ff-dhe-08
val ffdhe2048 : group
val ffdhe3072 : group
val ffdhe4096 : group
val ffdhe6144 : group
val ffdhe8192 : group
Dh.Group
A small catalog of standardized group
s.
From RFC 2409:
val oakley_1 : group
val oakley_2 : group
From RFC 3526:
val oakley_5 : group
val oakley_14 : group
val oakley_15 : group
val oakley_16 : group
val oakley_17 : group
val oakley_18 : group
From RFC 5114:
val rfc_5114_1 : group
val rfc_5114_2 : group
val rfc_5114_3 : group
From draft-ietf-tls-negotiated-ff-dhe-08
val ffdhe2048 : group
val ffdhe3072 : group
val ffdhe4096 : group
val ffdhe6144 : group
val ffdhe8192 : group
Mirage_crypto_pk.Dh
Diffie-Hellman, MODP version.
Raised if the private key material is degenerate. The following invariants are checked: Secret key: 1 < secret < p
Public key: 1 < public < p-1
&& public <> gg
val group :
+Dh (mirage-crypto-pk.Mirage_crypto_pk.Dh) Module Mirage_crypto_pk.Dh
Diffie-Hellman, MODP version.
Diffie-Hellman key exchange
Raised if the private key material is degenerate. The following invariants are checked: Secret key: 1 < secret < p
Public key: 1 < public < p-1
&& public <> gg
val group :
p:Z.t ->
gg:Z.t ->
?q:Z.t ->
unit ->
- (group, [> `Msg of string ]) Stdlib.result
group ~p ~gg ~q ()
constructs a group if p
is odd, a prime number, and greater than zero
. gg
must be in the range 1 < gg < p
.
A private key.
Sexplib
convertible.
key_of_secret group s
is the secret
and the corresponding public key which use s
as the secret exponent.
val gen_key :
- ?g:Mirage_crypto_rng.g ->
- ?bits:bits ->
- group ->
- secret * Cstruct.t
shared secret public
is Some shared_key
given a a previously generated secret
(which specifies the group
) and the other party's public key. shared_key
is the unpadded big-endian representation of the shared key. It is None
if these invariants do not hold for public
: 1 < public < p-1
&& public <> gg
.
val gen_group : ?g:Mirage_crypto_rng.g -> bits:bits -> unit -> group
gen_group ~g ~bits ()
generates a random group
with modulus size bits
. Uses a safe prime p = 2q + 1
(with q
prime) for the modulus and 2
for the generator, such that 2^q = 1 mod p
. Runtime is on the order of a minute for 1024 bits. Note that no time masking is done for the modular exponentiation.
Note The process might diverge if there are no suitable groups. This happens with extremely small bits
values.
+ (group, [> `Msg of string ]) Stdlib.result
group ~p ~gg ~q ()
constructs a group if p
is odd, a prime number, and greater than zero
. gg
must be in the range 1 < gg < p
.
A private key.
val modulus_size : group -> int
Bit size of the modulus.
key_of_secret group s
is the secret
and the corresponding public key which use s
as the secret exponent.
val gen_key : ?g:Mirage_crypto_rng.g -> ?bits:int -> group -> secret * string
shared secret public
is Some shared_key
given a a previously generated secret
(which specifies the group
) and the other party's public key. shared_key
is the unpadded big-endian representation of the shared key. It is None
if these invariants do not hold for public
: 1 < public < p-1
&& public <> gg
.
val gen_group : ?g:Mirage_crypto_rng.g -> bits:int -> unit -> group
gen_group ~g ~bits ()
generates a random group
with modulus size bits
. Uses a safe prime p = 2q + 1
(with q
prime) for the modulus and 2
for the generator, such that 2^q = 1 mod p
. Runtime is on the order of a minute for 1024 bits. Note that no time masking is done for the modular exponentiation.
Note The process might diverge if there are no suitable groups. This happens with extremely small bits
values.
K_gen.H
val empty : t
empty
is the hash of the empty string.
feed t msg
adds the information in msg
to t
.
feed
is analogous to appending: feed (feed t msg1) msg2 = feed t (Cstruct.append msg1 msg2)
.
val get : t -> Mirage_crypto.Hash.digest
get t
is the digest corresponding to t
.
val hmac_empty : key:Cstruct.t -> hmac
hmac ~key
is the hmac of the empty string using key key
.
val hmac_get : hmac -> Mirage_crypto.Hash.digest
hmac_get hmac
is the hmac corresponding to hmac
.
Functions that operate on data stored in a single chunk.
val digest : Cstruct.t -> Mirage_crypto.Hash.digest
digest msg
is the digest of msg
.
digest msg = get (feed empty msg)
val hmac : key:Cstruct.t -> Cstruct.t -> Mirage_crypto.Hash.digest
hmac ~key bytes
is the authentication code for bytes
under the secret key
, generated using the standard HMAC construction over this hash algorithm.
Functions that operate on arbitrary iterators. They can serve as a basis for other, more specialized aggregate hashing operations.
These functions are a little faster than using feed
directly.
val feedi : t -> Cstruct.t Mirage_crypto.Hash.iter -> t
feedi t iter =
- (let r = ref t in iter (fun msg -> r := feed !r msg); !r)
val digesti : Cstruct.t Mirage_crypto.Hash.iter -> Mirage_crypto.Hash.digest
digesti iter = feedi empty iter |> get
val hmaci :
- key:Cstruct.t ->
- Cstruct.t Mirage_crypto.Hash.iter ->
- Mirage_crypto.Hash.digest
See hmac
.
Dsa.K_gen
K_gen
can be instantiated over a hashing module to obtain an RFC6979 compliant k
-generator for that hash.
module H : Mirage_crypto.Hash.S
val generate : key:priv -> Cstruct.t -> Z.t
generate key digest
deterministically takes the given private key and message digest to a k
suitable for seeding the signing process.
Dsa.K_gen
K_gen
can be instantiated over a hashing module to obtain an RFC6979 compliant k
-generator for that hash.
val generate : key:priv -> string -> Z.t
generate key digest
deterministically takes the given private key and message digest to a k
suitable for seeding the signing process.
Mirage_crypto_pk.Dsa
DSA digital signature algorithm.
type priv = private {
p : Z.t;
Modulus
*)q : Z.t;
Subgroup order
*)gg : Z.t;
Group Generator
*)x : Z.t;
Private key proper
*)y : Z.t;
Public component
*)}
Private key. p
, q
and gg
comprise domain parameters.
Sexplib
convertible.
val priv :
+Dsa (mirage-crypto-pk.Mirage_crypto_pk.Dsa) Module Mirage_crypto_pk.Dsa
DSA digital signature algorithm.
DSA signature algorithm
type priv = private {
p : Z.t;
(*Modulus
*)q : Z.t;
(*Subgroup order
*)gg : Z.t;
(*Group Generator
*)x : Z.t;
(*Private key proper
*)y : Z.t;
(*Public component
*)
}
Private key. p
, q
and gg
comprise domain parameters.
val priv :
?fips:bool ->
p:Z.t ->
q:Z.t ->
@@ -7,16 +7,11 @@
x:Z.t ->
y:Z.t ->
unit ->
- (priv, [> `Msg of string ]) Stdlib.result
priv ~fips ~p ~q ~gg ~x ~y ()
constructs a private DSA key from the given numbers. Will result in an error if parameters are ill-formed: same as pub
, and additionally 0 < x < q
and y = g ^ x mod p
. Note that no time masking is done on the modular exponentiation.
Public key, a subset of private key.
Sexplib
convertible.
val pub :
+ (priv, [> `Msg of string ]) Stdlib.result
priv ~fips ~p ~q ~gg ~x ~y ()
constructs a private DSA key from the given numbers. Will result in an error if parameters are ill-formed: same as pub
, and additionally 0 < x < q
and y = g ^ x mod p
. Note that no time masking is done on the modular exponentiation.
Public key, a subset of private key.
val pub :
?fips:bool ->
p:Z.t ->
q:Z.t ->
gg:Z.t ->
y:Z.t ->
unit ->
- (pub, [> `Msg of string ]) Stdlib.result
pub ~fips ~p ~q ~gg ~y ()
constructs a public DSA key from the given numbers. Will result in an error if the parameters are not well-formed: one < gg < p
, q
probabilistically a prime, p
probabilistically prime and odd, 0 < y < p
, q < p
, and p - 1 mod q = 0
. If fips
is specified and true
(defaults to false
), only FIPS-specified bit length for p
and q
are accepted.
Key size request. Three Fips variants refer to FIPS-standardized L-values (p
size) and imply the corresponding N (q
size); The last variants specifies L and N directly.
Masking (cryptographic blinding) option.
val generate : ?g:Mirage_crypto_rng.g -> keysize -> priv
generate g size
is a fresh private key. The domain parameters are derived using a modified FIPS.186-4 probabilistic process, but the derivation can not be validated. Note that no time masking is done for the modular exponentiations.
Note The process might diverge if it is impossible to find parameters with the given bit sizes. This happens when n
gets too big for l
, if the size
was given as `Exactly (l, n)
.
sign ~mask ~k ~key digest
is the signature, a pair of Cstruct.t
s representing r
and s
in big-endian.
digest
is the full digest of the actual message.
k
, the random component, can either be provided, or is deterministically derived as per RFC6979, using SHA256.
val verify : key:pub -> (Cstruct.t * Cstruct.t) -> Cstruct.t -> bool
verify ~key (r, s) digest
verifies that the pair (r, s)
is the signature of digest
, the message digest, under the private counterpart to key
.
val massage : key:pub -> Cstruct.t -> Cstruct.t
massage key digest
is the numeric value of digest
taken modulo q
and represented in the leftmost bits(q)
bits of the result.
Both FIPS.186-4 and RFC6979 specify that only the leftmost bits(q)
bits of digest
are to be taken into account, but some implementations consider the entire digest
. In cases where sign and verify seem incompatible with a given implementation (esp. if sign produces signatures with the s
component different from the other implementation's), it might help to pre-process digest
using this function (e.g. sign ~key (massage ~key:(pub_of_priv key) digest)
).
module K_gen (H : Mirage_crypto.Hash.S) : sig ... end
K_gen
can be instantiated over a hashing module to obtain an RFC6979 compliant k
-generator for that hash.
+ (pub, [> `Msg of string ]) Stdlib.result
pub ~fips ~p ~q ~gg ~y ()
constructs a public DSA key from the given numbers. Will result in an error if the parameters are not well-formed: one < gg < p
, q
probabilistically a prime, p
probabilistically prime and odd, 0 < y < p
, q < p
, and p - 1 mod q = 0
. If fips
is specified and true
(defaults to false
), only FIPS-specified bit length for p
and q
are accepted.
Key size request. Three Fips variants refer to FIPS-standardized L-values (p
size) and imply the corresponding N (q
size); The last variants specifies L and N directly.
Masking (cryptographic blinding) option.
val generate : ?g:Mirage_crypto_rng.g -> keysize -> priv
generate g size
is a fresh private key. The domain parameters are derived using a modified FIPS.186-4 probabilistic process, but the derivation can not be validated. Note that no time masking is done for the modular exponentiations.
Note The process might diverge if it is impossible to find parameters with the given bit sizes. This happens when n
gets too big for l
, if the size
was given as `Exactly (l, n)
.
sign ~mask ~k ~key digest
is the signature, a pair of strings representing r
and s
in big-endian.
digest
is the full digest of the actual message.
k
, the random component, can either be provided, or is deterministically derived as per RFC6979, using SHA256.
val verify : key:pub -> (string * string) -> string -> bool
verify ~key (r, s) digest
verifies that the pair (r, s)
is the signature of digest
, the message digest, under the private counterpart to key
.
val massage : key:pub -> string -> string
massage key digest
is the numeric value of digest
taken modulo q
and represented in the leftmost bits(q)
bits of the result.
Both FIPS.186-4 and RFC6979 specify that only the leftmost bits(q)
bits of digest
are to be taken into account, but some implementations consider the entire digest
. In cases where sign and verify seem incompatible with a given implementation (esp. if sign produces signatures with the s
component different from the other implementation's), it might help to pre-process digest
using this function (e.g. sign ~key (massage ~key:(pub_of_priv key) digest)
).
OAEP.H
val empty : t
empty
is the hash of the empty string.
feed t msg
adds the information in msg
to t
.
feed
is analogous to appending: feed (feed t msg1) msg2 = feed t (Cstruct.append msg1 msg2)
.
val get : t -> Mirage_crypto.Hash.digest
get t
is the digest corresponding to t
.
val hmac_empty : key:Cstruct.t -> hmac
hmac ~key
is the hmac of the empty string using key key
.
val hmac_get : hmac -> Mirage_crypto.Hash.digest
hmac_get hmac
is the hmac corresponding to hmac
.
Functions that operate on data stored in a single chunk.
val digest : Cstruct.t -> Mirage_crypto.Hash.digest
digest msg
is the digest of msg
.
digest msg = get (feed empty msg)
val hmac : key:Cstruct.t -> Cstruct.t -> Mirage_crypto.Hash.digest
hmac ~key bytes
is the authentication code for bytes
under the secret key
, generated using the standard HMAC construction over this hash algorithm.
Functions that operate on arbitrary iterators. They can serve as a basis for other, more specialized aggregate hashing operations.
These functions are a little faster than using feed
directly.
val feedi : t -> Cstruct.t Mirage_crypto.Hash.iter -> t
feedi t iter =
- (let r = ref t in iter (fun msg -> r := feed !r msg); !r)
val digesti : Cstruct.t Mirage_crypto.Hash.iter -> Mirage_crypto.Hash.digest
digesti iter = feedi empty iter |> get
val hmaci :
- key:Cstruct.t ->
- Cstruct.t Mirage_crypto.Hash.iter ->
- Mirage_crypto.Hash.digest
See hmac
.
Rsa.OAEP
OAEP-padded encryption, as defined by PKCS #1 v2.1.
The same hash function is used for padding and MGF. MGF is MGF1 as defined in PKCS #1 2.1.
Keys must have a minimum of 2 + 2 * hlen + len(message)
bytes, where hlen
is the hash length.
module H : Mirage_crypto.Hash.S
val encrypt :
+OAEP (mirage-crypto-pk.Mirage_crypto_pk.Rsa.OAEP) Module Rsa.OAEP
OAEP-padded encryption, as defined by PKCS #1 v2.1.
The same hash function is used for padding and MGF. MGF is MGF1 as defined in PKCS #1 2.1.
Keys must have a minimum of 2 + 2 * hlen + len(message)
bytes, where hlen
is the hash length.
Parameters
Signature
val encrypt :
?g:Mirage_crypto_rng.g ->
- ?label:Cstruct.t ->
+ ?label:string ->
key:pub ->
- Cstruct.t ->
- Cstruct.t
encrypt ~g ~label ~key message
is OAEP-padded and encrypted message
, using the optional label
.
encrypt ~g ~label ~key message
is OAEP-padded and encrypted message
, using the optional label
.
val decrypt :
?crt_hardening:bool ->
?mask:mask ->
- ?label:Cstruct.t ->
+ ?label:string ->
key:priv ->
- Cstruct.t ->
- Cstruct.t option
decrypt ~crt_hardening ~mask ~label ~key ciphertext
is Some message
if the ciphertext
was produced by the corresponding encrypt operation, or None
otherwise. crt_hardening
defaults to false
.
+ string ->
+ string option
decrypt ~crt_hardening ~mask ~label ~key ciphertext
is Some message
if the ciphertext
was produced by the corresponding encrypt operation, or None
otherwise. crt_hardening
defaults to false
.
Rsa.PKCS1
PKCS v1.5 operations, as defined by PKCS #1 v1.5.
For the operations that only add the raw padding, the key size must be at least 11 bytes larger than the message. For full signing, the minimal key size varies according to the hash algorithm. In this case, the key size is priv_bits key / 8
, rounded up.
val encrypt : ?g:Mirage_crypto_rng.g -> key:pub -> Cstruct.t -> Cstruct.t
encrypt g key message
is a PKCS1-padded (type 2) and encrypted message
.
val decrypt :
+PKCS1 (mirage-crypto-pk.Mirage_crypto_pk.Rsa.PKCS1) Module Rsa.PKCS1
PKCS v1.5 operations, as defined by PKCS #1 v1.5.
For the operations that only add the raw padding, the key size must be at least 11 bytes larger than the message. For full signing, the minimal key size varies according to the hash algorithm. In this case, the key size is priv_bits key / 8
, rounded up.
val encrypt : ?g:Mirage_crypto_rng.g -> key:pub -> string -> string
encrypt g key message
is a PKCS1-padded (type 2) and encrypted message
.
decrypt ~crt_hardening ~mask ~key ciphertext
is Some message
if the ciphertext
was produced by the corresponding encrypt operation, or None
otherwise. crt_hardening
defaults to false
.
decrypt ~crt_hardening ~mask ~key ciphertext
is Some message
if the ciphertext
was produced by the corresponding encrypt operation, or None
otherwise. crt_hardening
defaults to false
.
sig_encode ~crt_hardening ~mask ~key message
is the PKCS1-padded (type 1) message
signed by the key
. crt_hardening
defaults to true
and verifies that the computed signature is correct.
Note This operation performs only the padding and RSA transformation steps of the PKCS 1.5 signature. The full signature is implemented by sign
.
val sig_decode : key:pub -> Cstruct.t -> Cstruct.t option
sig_decode key signature
is Some message
when the signature
was produced with the given key
as per sig_encode, or None
val min_key : Mirage_crypto.Hash.hash -> bits
min_key hash
is the minimum key size required by sign
.
sig_encode ~crt_hardening ~mask ~key message
is the PKCS1-padded (type 1) message
signed by the key
. crt_hardening
defaults to true
and verifies that the computed signature is correct.
Note This operation performs only the padding and RSA transformation steps of the PKCS 1.5 signature. The full signature is implemented by sign
.
val sig_decode : key:pub -> string -> string option
sig_decode key signature
is Some message
when the signature
was produced with the given key
as per sig_encode, or None
min_key hash
is the minimum key size required by sign
.
val sign :
?crt_hardening:bool ->
?mask:mask ->
- hash:Mirage_crypto.Hash.hash ->
+ hash:[< Digestif.hash' MD5 SHA1 SHA224 SHA256 SHA384 SHA512 ] ->
key:priv ->
- Cstruct.t or_digest ->
- Cstruct.t
sign ~crt_hardening ~mask ~hash ~key message
is the PKCS 1.5 signature of message
, signed by the key
, using the hash function hash
. This is the full signature, with the ASN-encoded message digest as the payload. crt_hardening
defaults to true
and verifies that the computed signature is correct.
message
is either the actual message, or its digest.
val verify :
- hashp:(Mirage_crypto.Hash.hash -> bool) ->
+ string or_digest ->
+ string
sign ~crt_hardening ~mask ~hash ~key message
is the PKCS 1.5 signature of message
, signed by the key
, using the hash function hash
. This is the full signature, with the ASN-encoded message digest as the payload. crt_hardening
defaults to true
and verifies that the computed signature is correct.
message
is either the actual message, or its digest.
val verify :
+ hashp:([< Digestif.hash' MD5 SHA1 SHA224 SHA256 SHA384 SHA512 ] -> bool) ->
key:pub ->
- signature:Cstruct.t ->
- Cstruct.t or_digest ->
+ signature:string ->
+ string or_digest ->
bool
verify ~hashp ~key ~signature message
checks that signature
is the PKCS 1.5 signature of the message
under the given key
.
message
is either the actual message, or its digest.
hashp
determines the allowed hash algorithms. Whenever hashp
is false
, verify
is also false
.
diff --git a/doc/mirage-crypto-pk/Mirage_crypto_pk/Rsa/PSS/argument-1-H/index.html b/doc/mirage-crypto-pk/Mirage_crypto_pk/Rsa/PSS/argument-1-H/index.html
deleted file mode 100644
index 1bf58277..00000000
--- a/doc/mirage-crypto-pk/Mirage_crypto_pk/Rsa/PSS/argument-1-H/index.html
+++ /dev/null
@@ -1,6 +0,0 @@
-
-H (mirage-crypto-pk.Mirage_crypto_pk.Rsa.PSS.H) Parameter PSS.H
Core operations
val empty : t
empty
is the hash of the empty string.
feed t msg
adds the information in msg
to t
.
feed
is analogous to appending: feed (feed t msg1) msg2 = feed t (Cstruct.append msg1 msg2)
.
val get : t -> Mirage_crypto.Hash.digest
get t
is the digest corresponding to t
.
HMAC operations
val hmac_empty : key:Cstruct.t -> hmac
hmac ~key
is the hmac of the empty string using key key
.
val hmac_get : hmac -> Mirage_crypto.Hash.digest
hmac_get hmac
is the hmac corresponding to hmac
.
All-in-one
Functions that operate on data stored in a single chunk.
val digest : Cstruct.t -> Mirage_crypto.Hash.digest
digest msg
is the digest of msg
.
digest msg = get (feed empty msg)
val hmac : key:Cstruct.t -> Cstruct.t -> Mirage_crypto.Hash.digest
hmac ~key bytes
is the authentication code for bytes
under the secret key
, generated using the standard HMAC construction over this hash algorithm.
Functions over iterators
Functions that operate on arbitrary iterators. They can serve as a basis for other, more specialized aggregate hashing operations.
These functions are a little faster than using feed
directly.
val feedi : t -> Cstruct.t Mirage_crypto.Hash.iter -> t
feedi t iter =
- (let r = ref t in iter (fun msg -> r := feed !r msg); !r)
val digesti : Cstruct.t Mirage_crypto.Hash.iter -> Mirage_crypto.Hash.digest
digesti iter = feedi empty iter |> get
val hmaci :
- key:Cstruct.t ->
- Cstruct.t Mirage_crypto.Hash.iter ->
- Mirage_crypto.Hash.digest
See hmac
.
diff --git a/doc/mirage-crypto-pk/Mirage_crypto_pk/Rsa/PSS/index.html b/doc/mirage-crypto-pk/Mirage_crypto_pk/Rsa/PSS/index.html
index 45d3c36e..e020a2c7 100644
--- a/doc/mirage-crypto-pk/Mirage_crypto_pk/Rsa/PSS/index.html
+++ b/doc/mirage-crypto-pk/Mirage_crypto_pk/Rsa/PSS/index.html
@@ -1,14 +1,14 @@
-PSS (mirage-crypto-pk.Mirage_crypto_pk.Rsa.PSS) Module Rsa.PSS
PSS-based signing, as defined by PKCS #1 v2.1.
The same hash function is used for padding, MGF and computing message digest. MGF is MGF1 as defined in PKCS #1 2.1.
Keys must have a minimum of 2 + hlen + slen
bytes, where hlen
is the hash length and slen
is the seed length.
Parameters
module H : Mirage_crypto.Hash.S
Signature
val sign :
+PSS (mirage-crypto-pk.Mirage_crypto_pk.Rsa.PSS) Module Rsa.PSS
PSS-based signing, as defined by PKCS #1 v2.1.
The same hash function is used for padding, MGF and computing message digest. MGF is MGF1 as defined in PKCS #1 2.1.
Keys must have a minimum of 2 + hlen + slen
bytes, where hlen
is the hash length and slen
is the seed length.
Parameters
Signature
val sign :
?g:Mirage_crypto_rng.g ->
?crt_hardening:bool ->
?mask:mask ->
?slen:int ->
key:priv ->
- Cstruct.t or_digest ->
- Cstruct.t
sign ~g ~crt_hardening ~mask ~slen ~key message
the PSS
-padded digest of message
, signed with the key
. crt_hardening
defaults to false
.
slen
is the optional seed length and defaults to the size of the underlying hash function.
message
is either the actual message, or its digest.
val verify :
+ string or_digest ->
+ string
sign ~g ~crt_hardening ~mask ~slen ~key message
the PSS
-padded digest of message
, signed with the key
. crt_hardening
defaults to false
.
slen
is the optional seed length and defaults to the size of the underlying hash function.
message
is either the actual message, or its digest.
val verify :
?slen:int ->
key:pub ->
- signature:Cstruct.t ->
- Cstruct.t or_digest ->
+ signature:string ->
+ string or_digest ->
bool
verify ~slen ~key ~signature message
checks whether signature
is a valid PSS signature of the message
under the given key
.
message
is either the actual message, or its digest.
diff --git a/doc/mirage-crypto-pk/Mirage_crypto_pk/Rsa/index.html b/doc/mirage-crypto-pk/Mirage_crypto_pk/Rsa/index.html
index ee3881ed..efda86d1 100644
--- a/doc/mirage-crypto-pk/Mirage_crypto_pk/Rsa/index.html
+++ b/doc/mirage-crypto-pk/Mirage_crypto_pk/Rsa/index.html
@@ -1,5 +1,5 @@
-Rsa (mirage-crypto-pk.Mirage_crypto_pk.Rsa) Module Mirage_crypto_pk.Rsa
RSA public-key cryptography algorithm.
Keys
Messages are checked not to exceed the key size, and this is signalled via the Insufficient_key
exception.
Private-key operations are optionally protected through RSA blinding.
Raised if the key is too small to transform the given message, i.e. if the numerical interpretation of the (potentially padded) message is not smaller than the modulus.
The public portion of the key.
Sexplib
convertible.
val pub : e:Z.t -> n:Z.t -> (pub, [> `Msg of string ]) Stdlib.result
pub ~e ~n
validates the public key: 1 < e < n
, n > 0
, is_odd n
, and numbits n >= 89
(a requirement for PKCS1 operations).
type priv = private {
e : Z.t;
(*Public exponent
*)d : Z.t;
(*Private exponent
*)n : Z.t;
(*Modulus (p q
)
*)p : Z.t;
(*Prime factor p
*)q : Z.t;
(*Prime factor q
*)dp : Z.t;
(*d mod (p-1)
*)dq : Z.t;
(*d mod (q-1)
*)q' : Z.t;
(*q^(-1) mod p
*)
}
Full private key (two-factor version).
Note The key layout assumes that p > q
, which affects the quantity q'
(sometimes called u
), and the computation of the private transform. Some systems assume otherwise. When using keys produced by a system that computes u = p^(-1) mod q
, either exchange p
with q
and dp
with dq
, or re-generate the full private key using priv_of_primes
.
Sexplib
convertible.
val priv :
+Rsa (mirage-crypto-pk.Mirage_crypto_pk.Rsa) Module Mirage_crypto_pk.Rsa
RSA public-key cryptography algorithm.
Keys
Messages are checked not to exceed the key size, and this is signalled via the Insufficient_key
exception.
Private-key operations are optionally protected through RSA blinding.
Raised if the key is too small to transform the given message, i.e. if the numerical interpretation of the (potentially padded) message is not smaller than the modulus.
val pub : e:Z.t -> n:Z.t -> (pub, [> `Msg of string ]) Stdlib.result
pub ~e ~n
validates the public key: 1 < e < n
, n > 0
, is_odd n
, and numbits n >= 89
(a requirement for PKCS1 operations).
type priv = private {
e : Z.t;
(*Public exponent
*)d : Z.t;
(*Private exponent
*)n : Z.t;
(*Modulus (p q
)
*)p : Z.t;
(*Prime factor p
*)q : Z.t;
(*Prime factor q
*)dp : Z.t;
(*d mod (p-1)
*)dq : Z.t;
(*d mod (q-1)
*)q' : Z.t;
(*q^(-1) mod p
*)
}
Full private key (two-factor version).
Note The key layout assumes that p > q
, which affects the quantity q'
(sometimes called u
), and the computation of the private transform. Some systems assume otherwise. When using keys produced by a system that computes u = p^(-1) mod q
, either exchange p
with q
and dp
with dq
, or re-generate the full private key using priv_of_primes
.
val priv :
e:Z.t ->
d:Z.t ->
n:Z.t ->
@@ -8,7 +8,7 @@
dp:Z.t ->
dq:Z.t ->
q':Z.t ->
- (priv, [> `Msg of string ]) Stdlib.result
priv ~e ~d ~n ~p ~q ~dp ~dq ~q'
validates the private key: e, n
must be a valid pub
, p
and q
valid prime numbers > 0
, odd
, probabilistically prime, p <> q
, n = p * q
, e
probabilistically prime and coprime to both p
and q
, q' = q ^ -1 mod p
, 1 < d < n
, dp = d mod (p - 1)
, dq = d mod (q - 1)
, and d = e ^ -1 mod (p - 1) (q - 1)
.
val priv_of_primes :
+ (priv, [> `Msg of string ]) Stdlib.result
priv ~e ~d ~n ~p ~q ~dp ~dq ~q'
validates the private key: e, n
must be a valid pub
, p
and q
valid prime numbers > 0
, odd
, probabilistically prime, p <> q
, n = p * q
, e
probabilistically prime and coprime to both p
and q
, q' = q ^ -1 mod p
, 1 < d < n
, dp = d mod (p - 1)
, dq = d mod (q - 1)
, and d = e ^ -1 mod (p - 1) (q - 1)
.
val pub_bits : pub -> int
Bit-size of a public key.
val priv_bits : priv -> int
Bit-size of a private key.
val priv_of_primes :
e:Z.t ->
p:Z.t ->
q:Z.t ->
@@ -19,9 +19,4 @@
d:Z.t ->
n:Z.t ->
unit ->
- (priv, [> `Msg of string ]) Stdlib.result
priv_of_exp ?g ?attempts ~e ~d n
is the unique private key characterized by the public (e
) and private (d
) exponents, and modulus n
. This operation uses a probabilistic process that can fail to recover the key.
~attempts
is the number of trials. For triplets that form an RSA key, the probability of failure is at most 2^(-attempts)
. attempts
defaults to an unspecified number that yields a very high probability of recovering valid keys.
Note that no time masking is done for the computations in this function.
The RSA transformation
Either an 'a
or its digest, according to some hash algorithm.
Masking (cryptographic blinding) mode for the RSA transform with the private key. Masking does not change the result, but it does change the timing profile of the operation.
`No
disables masking. It is slightly faster but it exposes the private key to timing-based attacks.`Yes
uses random masking with the global RNG instance. This is the sane option.`Yes_with g
uses random masking with the generator g
.
val encrypt : key:pub -> Cstruct.t -> Cstruct.t
encrypt key message
is the encrypted message
.
decrypt ~crt_hardening ~mask key ciphertext
is the decrypted ciphertext
, left-padded with 0x00
up to key
size.
~crt_hardening
defaults to false
. If true
verifies that the result is correct. This is to counter Chinese remainder theorem attacks to factorize primes. If the computed signature is incorrect, it is again computed in the classical way (c ^ d mod n) without the Chinese remainder theorem optimization. The deterministic PKCS1 signing, which is at danger, uses true
as default.
~mask
defaults to `Yes
.
Key generation
val generate : ?g:Mirage_crypto_rng.g -> ?e:Z.t -> bits:bits -> unit -> priv
generate ~g ~e ~bits ()
is a new private key. The new key is guaranteed to be well formed, see priv
.
e
defaults to 2^16+1
.
Note This process might diverge if there are no keys for the given bit size. This can happen when bits
is extremely small.
PKCS#1 padded modes
module PKCS1 : sig ... end
PKCS v1.5 operations, as defined by PKCS #1 v1.5.
OAEP padded modes
module OAEP (H : Mirage_crypto.Hash.S) : sig ... end
OAEP-padded encryption, as defined by PKCS #1 v2.1.
PSS signing
module PSS (H : Mirage_crypto.Hash.S) : sig ... end
PSS-based signing, as defined by PKCS #1 v2.1.
+ (priv, [> `Msg of string ]) Stdlib.result
priv_of_exp ?g ?attempts ~e ~d n
is the unique private key characterized by the public (e
) and private (d
) exponents, and modulus n
. This operation uses a probabilistic process that can fail to recover the key.
~attempts
is the number of trials. For triplets that form an RSA key, the probability of failure is at most 2^(-attempts)
. attempts
defaults to an unspecified number that yields a very high probability of recovering valid keys.
Note that no time masking is done for the computations in this function.
The RSA transformation
Either an 'a
or its digest, according to some hash algorithm.
Masking (cryptographic blinding) mode for the RSA transform with the private key. Masking does not change the result, but it does change the timing profile of the operation.
`No
disables masking. It is slightly faster but it exposes the private key to timing-based attacks.`Yes
uses random masking with the global RNG instance. This is the sane option.`Yes_with g
uses random masking with the generator g
.
val encrypt : key:pub -> string -> string
encrypt key message
is the encrypted message
.
decrypt ~crt_hardening ~mask key ciphertext
is the decrypted ciphertext
, left-padded with 0x00
up to key
size.
~crt_hardening
defaults to false
. If true
verifies that the result is correct. This is to counter Chinese remainder theorem attacks to factorize primes. If the computed signature is incorrect, it is again computed in the classical way (c ^ d mod n) without the Chinese remainder theorem optimization. The deterministic PKCS1 signing, which is at danger, uses true
as default.
~mask
defaults to `Yes
.
Key generation
val generate : ?g:Mirage_crypto_rng.g -> ?e:Z.t -> bits:int -> unit -> priv
generate ~g ~e ~bits ()
is a new private key. The new key is guaranteed to be well formed, see priv
.
e
defaults to 2^16+1
.
Note This process might diverge if there are no keys for the given bit size. This can happen when bits
is extremely small.
PKCS#1 padded modes
module PKCS1 : sig ... end
PKCS v1.5 operations, as defined by PKCS #1 v1.5.
OAEP padded modes
PSS signing
diff --git a/doc/mirage-crypto-pk/Mirage_crypto_pk/Z_extra/index.html b/doc/mirage-crypto-pk/Mirage_crypto_pk/Z_extra/index.html
index 0bca292a..73be34e0 100644
--- a/doc/mirage-crypto-pk/Mirage_crypto_pk/Z_extra/index.html
+++ b/doc/mirage-crypto-pk/Mirage_crypto_pk/Z_extra/index.html
@@ -1,2 +1,2 @@
-Z_extra (mirage-crypto-pk.Mirage_crypto_pk.Z_extra) Module Mirage_crypto_pk.Z_extra
Z Convert Z to big endian Cstruct.t and generate random Z values.
Conversion to and from Cstruct.t
val of_cstruct_be : ?bits:bits -> Cstruct.t -> Z.t
of_cstruct_be ~bits cs
interprets the bit pattern of cs
as a t
in big-endian.
If ~bits
is not given, the operation considers the entire cs
, otherwise the initial min ~bits (bit-length cs)
bits of cs
.
Assuming n
is the number of bits to extract, the n
-bit in cs
is always the least significant bit of the result. Therefore:
- if the bit size
k
of t
is larger than n
, k - n
most significant bits in the result are 0
; and - if
k
is smaller than n
, the result contains k
last of the n
first bits of cs
.
to_cstruct_be ~size t
is the big-endian representation of t
.
If ~size
is not given, it defaults to the minimal number of bytes needed to represent t
, which is bits t / 8
rounded up.
The least-significant bit of t
is always the last bit in the result. If the size is larger than needed, the output is padded with zero bits. If it is smaller, the high bits in t
are dropped.
into_cstruct_be t cs
writes the big-endian representation of t
into cs
. It behaves like to_cstruct_be
, with ~size
spanning the entire cs
.
Random generation
val gen : ?g:Mirage_crypto_rng.g -> Z.t -> Z.t
gen ~g n
picks a value in the interval [0, n - 1]
uniformly at random.
val gen_r : ?g:Mirage_crypto_rng.g -> Z.t -> Z.t -> Z.t
gen_r ~g low high
picks a value from the interval [low, high - 1]
uniformly at random.
+Z_extra (mirage-crypto-pk.Mirage_crypto_pk.Z_extra) Module Mirage_crypto_pk.Z_extra
Z Convert Z to big endian string and generate random Z values.
Conversion to and from string
of_octets_be ~bits buf
interprets the bit pattern of buf
as a t
in big-endian.
If ~bits
is not given, the operation considers the entire buf
, otherwise the initial min ~bits (bit-length buf)
bits of buf
.
Assuming n
is the number of bits to extract, the n
-bit in buf
is always the least significant bit of the result. Therefore:
- if the bit size
k
of t
is larger than n
, k - n
most significant bits in the result are 0
; and - if
k
is smaller than n
, the result contains k
last of the n
first bits of buf
.
to_octets_be ~size t
is the big-endian representation of t
.
If ~size
is not given, it defaults to the minimal number of bytes needed to represent t
, which is bits t / 8
rounded up.
The least-significant bit of t
is always the last bit in the result. If the size is larger than needed, the output is padded with zero bits. If it is smaller, the high bits in t
are dropped.
into_octets_be t buf
writes the big-endian representation of t
into buf
. It behaves like to_octets_be
, with ~size
spanning the entire buf
.
Random generation
val gen : ?g:Mirage_crypto_rng.g -> Z.t -> Z.t
gen ~g n
picks a value in the interval [0, n - 1]
uniformly at random.
val gen_r : ?g:Mirage_crypto_rng.g -> Z.t -> Z.t -> Z.t
gen_r ~g low high
picks a value from the interval [low, high - 1]
uniformly at random.
diff --git a/doc/mirage-crypto-pk/Mirage_crypto_pk/index.html b/doc/mirage-crypto-pk/Mirage_crypto_pk/index.html
index 57c28e64..a8bd1669 100644
--- a/doc/mirage-crypto-pk/Mirage_crypto_pk/index.html
+++ b/doc/mirage-crypto-pk/Mirage_crypto_pk/index.html
@@ -1,2 +1,2 @@
-Mirage_crypto_pk (mirage-crypto-pk.Mirage_crypto_pk) Module Mirage_crypto_pk
Public-key cryptography
Public and private key types are private, the constructors validate their well-formedness as much as possible, esp. so that powm_sec
will not raise an exception (exponent > 1, or odd modulus). All modular exponentiations (unless otherwise noted) use the Z.powm_sec
function, which uses a static access pattern and operates in constant time (of the bit size of the input), independent of which bits are set and not set. The performance is up to 20% worse than powm
. Additionally, blinding is applied to RSA and DSA by default.
module Rsa : sig ... end
RSA public-key cryptography algorithm.
module Dsa : sig ... end
DSA digital signature algorithm.
module Dh : sig ... end
Diffie-Hellman, MODP version.
module Z_extra : sig ... end
Z Convert Z to big endian Cstruct.t and generate random Z values.
+Mirage_crypto_pk (mirage-crypto-pk.Mirage_crypto_pk) Module Mirage_crypto_pk
Public-key cryptography
Public and private key types are private, the constructors validate their well-formedness as much as possible, esp. so that powm_sec
will not raise an exception (exponent > 1, or odd modulus). All modular exponentiations (unless otherwise noted) use the Z.powm_sec
function, which uses a static access pattern and operates in constant time (of the bit size of the input), independent of which bits are set and not set. The performance is up to 20% worse than powm
. Additionally, blinding is applied to RSA and DSA by default.
module Rsa : sig ... end
RSA public-key cryptography algorithm.
module Dsa : sig ... end
DSA digital signature algorithm.
module Dh : sig ... end
Diffie-Hellman, MODP version.
module Z_extra : sig ... end
Z Convert Z to big endian string and generate random Z values.
diff --git a/doc/mirage-crypto-pk/index.html b/doc/mirage-crypto-pk/index.html
index 3fbb3d8f..2b7b0084 100644
--- a/doc/mirage-crypto-pk/index.html
+++ b/doc/mirage-crypto-pk/index.html
@@ -1,2 +1,2 @@
-index (mirage-crypto-pk.index) mirage-crypto-pk index
Library mirage-crypto-pk
The entry point of this library is the module: Mirage_crypto_pk
.
+index (mirage-crypto-pk.index) mirage-crypto-pk index
Library mirage-crypto-pk
The entry point of this library is the module: Mirage_crypto_pk
.
diff --git a/doc/mirage-crypto-rng-lwt/Mirage_crypto_rng_lwt/index.html b/doc/mirage-crypto-rng-lwt/Mirage_crypto_rng_lwt/index.html
index 27228992..c8304f7d 100644
--- a/doc/mirage-crypto-rng-lwt/Mirage_crypto_rng_lwt/index.html
+++ b/doc/mirage-crypto-rng-lwt/Mirage_crypto_rng_lwt/index.html
@@ -1,5 +1,5 @@
-Mirage_crypto_rng_lwt (mirage-crypto-rng-lwt.Mirage_crypto_rng_lwt) Module Mirage_crypto_rng_lwt
RNG seeding on Lwt.
This module initializes a Fortuna RNG with getrandom()
, and CPU RNG.
val initialize :
+Mirage_crypto_rng_lwt (mirage-crypto-rng-lwt.Mirage_crypto_rng_lwt) Module Mirage_crypto_rng_lwt
RNG seeding on Lwt.
This module initializes a Fortuna RNG with getrandom()
, and CPU RNG.
val initialize :
?g:'a ->
?sleep:int64 ->
'a Mirage_crypto_rng.generator ->
diff --git a/doc/mirage-crypto-rng-lwt/index.html b/doc/mirage-crypto-rng-lwt/index.html
index ed4f9cac..ed9bc6df 100644
--- a/doc/mirage-crypto-rng-lwt/index.html
+++ b/doc/mirage-crypto-rng-lwt/index.html
@@ -1,2 +1,2 @@
-index (mirage-crypto-rng-lwt.index) mirage-crypto-rng-lwt index
Library mirage-crypto-rng-lwt
The entry point of this library is the module: Mirage_crypto_rng_lwt
.
+index (mirage-crypto-rng-lwt.index) mirage-crypto-rng-lwt index
Library mirage-crypto-rng-lwt
The entry point of this library is the module: Mirage_crypto_rng_lwt
.
diff --git a/doc/mirage-crypto-rng-mirage/Mirage_crypto_rng_mirage/Make/Entropy/index.html b/doc/mirage-crypto-rng-mirage/Mirage_crypto_rng_mirage/Make/Entropy/index.html
index 9ea03b59..56609af5 100644
--- a/doc/mirage-crypto-rng-mirage/Mirage_crypto_rng_mirage/Make/Entropy/index.html
+++ b/doc/mirage-crypto-rng-mirage/Mirage_crypto_rng_mirage/Make/Entropy/index.html
@@ -1,2 +1,2 @@
-Entropy (mirage-crypto-rng-mirage.Mirage_crypto_rng_mirage.Make.Entropy) Module Make.Entropy
Entropy sources and collection
val sources : unit -> source list
sources ()
returns the list of available sources.
val pp_source : Stdlib.Format.formatter -> source -> unit
pp_source ppf source
pretty-prints the entropy source
on ppf
.
val register_source : string -> source
register_source name
registers name
as entropy source.
Bootstrap
whirlwind_bootstrap id
exploits CPU-level data races which lead to execution-time variability. It returns 200 bytes random data prefixed by id
.
See http://www.ieee-security.org/TC/SP2014/papers/Not-So-RandomNumbersinVirtualizedLinuxandtheWhirlwindRNG.pdf for further details.
cpu_rng_bootstrap id
returns 8 bytes of random data using the CPU RNG (rdseed or rdrand). On 32bit platforms, only 4 bytes are filled. The id
is used as prefix.
bootstrap id
is either cpu_rng_bootstrap
, if the CPU supports it, or whirlwind_bootstrap
if not.
Timer source
interrupt_hook ()
collects lower bytes from the cycle counter, to be used for entropy collection in the event loop.
val timer_accumulator : g option -> unit -> unit
timer_accumulator g
is the accumulator for the timer source, applying interrupt_hook
on each call.
Periodic pulled sources
feed_pools g source f
feeds all pools of g
using source
by executing f
for each pool.
val cpu_rng : (g option -> unit -> unit, [ `Not_supported ]) Stdlib.Result.t
cpu_rng g
uses the CPU RNG (rdrand or rdseed) to feed all pools of g
. It uses feed_pools
internally. If neither rdrand nor rdseed are available, fun () -> ()
is returned.
+Entropy (mirage-crypto-rng-mirage.Mirage_crypto_rng_mirage.Make.Entropy) Module Make.Entropy
Entropy sources and collection
type source = Mirage_crypto_rng.Entropy.source
Entropy sources.
val sources : unit -> source list
sources ()
returns the list of available sources.
val pp_source : Stdlib.Format.formatter -> source -> unit
pp_source ppf source
pretty-prints the entropy source
on ppf
.
val register_source : string -> source
register_source name
registers name
as entropy source.
diff --git a/doc/mirage-crypto-rng-mirage/Mirage_crypto_rng_mirage/Make/Fortuna/index.html b/doc/mirage-crypto-rng-mirage/Mirage_crypto_rng_mirage/Make/Fortuna/index.html
deleted file mode 100644
index f5fbda48..00000000
--- a/doc/mirage-crypto-rng-mirage/Mirage_crypto_rng_mirage/Make/Fortuna/index.html
+++ /dev/null
@@ -1,2 +0,0 @@
-
-Fortuna (mirage-crypto-rng-mirage.Mirage_crypto_rng_mirage.Make.Fortuna) Module Make.Fortuna
Fortuna, a CSPRNG proposed by Schneier.
Internally, this generator's generate always produces k * block
bytes.
val generate : g:g -> int -> Cstruct.t
generate ~g n
produces n
uniformly distributed random bytes, updating the state of g
.
val reseed : g:g -> Cstruct.t -> unit
reseed ~g bytes
directly updates g
. Its new state depends both on bytes
and the previous state.
A generator is seded after a single application of reseed
.
val accumulate : g:g -> Entropy.source -> [ `Acc of Cstruct.t -> unit ]
accumulate ~g
is a closure suitable for incrementally feeding small amounts of environmentally sourced entropy into g
.
Its operation should be fast enough for repeated calling from e.g. event loops. Systems with several distinct, stable entropy sources should use stable source
to distinguish their sources.
val seeded : g:g -> bool
seeded ~g
is true
iff operations won't throw Unseeded_generator.
diff --git a/doc/mirage-crypto-rng-mirage/Mirage_crypto_rng_mirage/Make/Hmac_drbg/argument-1-H/index.html b/doc/mirage-crypto-rng-mirage/Mirage_crypto_rng_mirage/Make/Hmac_drbg/argument-1-H/index.html
deleted file mode 100644
index af4b96d0..00000000
--- a/doc/mirage-crypto-rng-mirage/Mirage_crypto_rng_mirage/Make/Hmac_drbg/argument-1-H/index.html
+++ /dev/null
@@ -1,6 +0,0 @@
-
-H (mirage-crypto-rng-mirage.Mirage_crypto_rng_mirage.Make.Hmac_drbg.H) Parameter Hmac_drbg.H
Core operations
val empty : t
empty
is the hash of the empty string.
feed t msg
adds the information in msg
to t
.
feed
is analogous to appending: feed (feed t msg1) msg2 = feed t (Cstruct.append msg1 msg2)
.
val get : t -> Mirage_crypto.Hash.digest
get t
is the digest corresponding to t
.
HMAC operations
val hmac_empty : key:Cstruct.t -> hmac
hmac ~key
is the hmac of the empty string using key key
.
val hmac_get : hmac -> Mirage_crypto.Hash.digest
hmac_get hmac
is the hmac corresponding to hmac
.
All-in-one
Functions that operate on data stored in a single chunk.
val digest : Cstruct.t -> Mirage_crypto.Hash.digest
digest msg
is the digest of msg
.
digest msg = get (feed empty msg)
val hmac : key:Cstruct.t -> Cstruct.t -> Mirage_crypto.Hash.digest
hmac ~key bytes
is the authentication code for bytes
under the secret key
, generated using the standard HMAC construction over this hash algorithm.
Functions over iterators
Functions that operate on arbitrary iterators. They can serve as a basis for other, more specialized aggregate hashing operations.
These functions are a little faster than using feed
directly.
val feedi : t -> Cstruct.t Mirage_crypto.Hash.iter -> t
feedi t iter =
- (let r = ref t in iter (fun msg -> r := feed !r msg); !r)
val digesti : Cstruct.t Mirage_crypto.Hash.iter -> Mirage_crypto.Hash.digest
digesti iter = feedi empty iter |> get
val hmaci :
- key:Cstruct.t ->
- Cstruct.t Mirage_crypto.Hash.iter ->
- Mirage_crypto.Hash.digest
See hmac
.
diff --git a/doc/mirage-crypto-rng-mirage/Mirage_crypto_rng_mirage/Make/Hmac_drbg/index.html b/doc/mirage-crypto-rng-mirage/Mirage_crypto_rng_mirage/Make/Hmac_drbg/index.html
deleted file mode 100644
index 8a034b42..00000000
--- a/doc/mirage-crypto-rng-mirage/Mirage_crypto_rng_mirage/Make/Hmac_drbg/index.html
+++ /dev/null
@@ -1,2 +0,0 @@
-
-Hmac_drbg (mirage-crypto-rng-mirage.Mirage_crypto_rng_mirage.Make.Hmac_drbg) Module Make.Hmac_drbg
HMAC_DRBG: A NIST-specified RNG based on HMAC construction over the provided hash.
Parameters
module H : Mirage_crypto.Hash.S
Signature
Internally, this generator's generate always produces k * block
bytes.
val generate : g:g -> int -> Cstruct.t
generate ~g n
produces n
uniformly distributed random bytes, updating the state of g
.
val reseed : g:g -> Cstruct.t -> unit
reseed ~g bytes
directly updates g
. Its new state depends both on bytes
and the previous state.
A generator is seded after a single application of reseed
.
val accumulate : g:g -> Entropy.source -> [ `Acc of Cstruct.t -> unit ]
accumulate ~g
is a closure suitable for incrementally feeding small amounts of environmentally sourced entropy into g
.
Its operation should be fast enough for repeated calling from e.g. event loops. Systems with several distinct, stable entropy sources should use stable source
to distinguish their sources.
val seeded : g:g -> bool
seeded ~g
is true
iff operations won't throw Unseeded_generator.
diff --git a/doc/mirage-crypto-rng-mirage/Mirage_crypto_rng_mirage/Make/index.html b/doc/mirage-crypto-rng-mirage/Mirage_crypto_rng_mirage/Make/index.html
index d664a5c5..658ccc8c 100644
--- a/doc/mirage-crypto-rng-mirage/Mirage_crypto_rng_mirage/Make/index.html
+++ b/doc/mirage-crypto-rng-mirage/Mirage_crypto_rng_mirage/Make/index.html
@@ -1,15 +1,6 @@
-Make (mirage-crypto-rng-mirage.Mirage_crypto_rng_mirage.Make) Module Mirage_crypto_rng_mirage.Make
Parameters
Signature
val initialize :
+Make (mirage-crypto-rng-mirage.Mirage_crypto_rng_mirage.Make) Module Mirage_crypto_rng_mirage.Make
Parameters
Signature
include S
type g = Mirage_crypto_rng.g
A generator (PRNG) with its state.
module Entropy : sig ... end
Entropy sources and collection
val generate_into : ?g:g -> bytes -> ?off:int -> int -> unit
generate_into ~g buf ~off len
invokes generate_into on g
or default generator. The random data is put into buf
starting at off
(defaults to 0) with len
bytes.
val generate : ?g:g -> int -> string
Invoke generate_into
on g
or default generator and a freshly allocated string.
val accumulate : g option -> Entropy.source -> [ `Acc of string -> unit ]
accumulate g source
is a function data -> unit
to feed entropy to the RNG. This is useful if your system has a special entropy source.
val initialize :
?g:'a ->
?sleep:int64 ->
'a Mirage_crypto_rng.generator ->
- unit Lwt.t
initialize ~g ~sleep generator
sets the default generator to the generator
and sets up periodic entropy feeding for that rng. This function fails (Lwt.fail
) if it is called a second time. The argument ~sleep
is measured in ns, and used as sleep between cpu assisted random number collection. It defaults to one second.
include module type of Mirage_crypto_rng
Randomness
Secure random number generation.
There are several parts of this module:
- The signature of generator modules, together with a facility to convert such modules into actual generators, and functions that operate on this representation.
- A global generator instance, which needs to be initialized by calling
set_default_generator
.
Usage notes
TL;DR Don't forget to seed; don't maintain your own g
.
The RNGs here are merely the deterministic part of a full random number generation suite. For proper operation, they need to be seeded with a high-quality entropy source.
Suitable entropy feeding of generators are provided by other libraries mirage-crypto-rng-lwt (for Lwt), mirage-crypto-rng-async (for Async), mirage-crypto-rng-mirage (for MirageOS), mirage-crypto-rng.unix, and mirage-crypto-rng-eio (for Eio).
The intention is that "initialize" in the respective sub-library is called once, which sets the default generator and registers entropy harvesting asynchronous tasks. The semantics is that the entropy is always fed to the default generator, which is not necessarily the one set by "initialize". The reasoning behind this is that the default generator should be used in most setting, and that should be fed a constant stream of entropy.
mirage-crypto-rng-eio
package differs slightly from other rng packages. Instead of the initilize
function a run
function is provided with similar behaviour, i.e. RNG setup, entropy collection and periodic reseeding.
Although this module exposes a more fine-grained interface, e.g. allowing manual seeding of generators, this is intended either for implementing entropy-harvesting modules, or very specialized purposes. Users of this library should almost certainly use one of the above entropy libraries, and avoid manually managing the generator seeding.
Similarly, although it is possible to swap the default generator and gain control over the random stream, this is also intended for specialized applications such as testing or similar scenarios where the RNG needs to be fully deterministic (RFC 6979, deterministic usage of DSA), or as a component of deterministic algorithms which internally rely on pseudorandom streams.
In the general case, users should not maintain their local instances of g. All of the generators in a process have to compete for entropy, and it is likely that the overall result will have lower effective unpredictability.
The recommended way to use these functions is either to accept an optional generator and pass it down, or to ignore the generator altogether, as illustrated in the examples.
Interface
Thrown when using an uninitialized generator.
Thrown when set_default_generator
has not been called.
module Entropy : sig ... end
Entropy sources and collection
module type Generator = sig ... end
A single PRNG algorithm.
Ready-to-use RNG algorithms.
module Hmac_drbg (H : Mirage_crypto.Hash.S) : Generator
HMAC_DRBG: A NIST-specified RNG based on HMAC construction over the provided hash.
val create :
- ?g:'a ->
- ?seed:Cstruct.t ->
- ?strict:bool ->
- ?time:(unit -> int64) ->
- 'a generator ->
- g
create ~g ~seed ~strict ~time module
uses a module conforming to the Generator signature to instantiate the generic generator g.
g
is the state to use, otherwise a fresh one is created.
seed
can be provided to immediately reseed the generator with.
strict
puts the generator into a more standards-conformant, but slighty slower mode. Useful if the outputs need to match published test-vectors.
time
is used to limit the amount of reseedings. Fortuna uses at most once every second.
val default_generator : unit -> g
default_generator ()
is the default generator. Functions in this module use this generator when not explicitly supplied one.
val set_default_generator : g -> unit
set_default_generator g
sets the default generator to g
. This function must be called once.
val generate : ?g:g -> int -> Cstruct.t
Invoke generate on g
or default generator.
val block : g option -> int
Block size of g
or default generator.
Examples
Generating a random 13-byte Cstruct.t
:
let cs = Rng.generate 13
Generating a list of Cstruct.t
, passing down an optional generator:
let rec f1 ?g ~n i =
-if i < 1 then [] else Rng.generate ?g n :: f1 ?g ~n (i - 1)
Generating a Z.t
smaller than 10
:
let f2 ?g () = Mirage_crypto_pk.Z_extra.gen ?g Z.(~$10)
Creating a local Fortuna instance and using it as a key-derivation function:
let f3 secret =
-let g = Rng.(create ~seed:secret (module Generators.Fortuna)) in
-Rng.generate ~g 32
+ unit Lwt.t
initialize ~g ~sleep generator
sets the default generator to the generator
and sets up periodic entropy feeding for that rng. This function fails (Lwt.fail
) if it is called a second time. The argument ~sleep
is measured in ns, and used as sleep between cpu assisted random number collection. It defaults to one second.
diff --git a/doc/mirage-crypto-rng-mirage/Mirage_crypto_rng_mirage/Make/module-type-Generator/index.html b/doc/mirage-crypto-rng-mirage/Mirage_crypto_rng_mirage/Make/module-type-Generator/index.html
deleted file mode 100644
index 363207c8..00000000
--- a/doc/mirage-crypto-rng-mirage/Mirage_crypto_rng_mirage/Make/module-type-Generator/index.html
+++ /dev/null
@@ -1,2 +0,0 @@
-
-Generator (mirage-crypto-rng-mirage.Mirage_crypto_rng_mirage.Make.Generator) Module type Make.Generator
A single PRNG algorithm.
Internally, this generator's generate always produces k * block
bytes.
val generate : g:g -> int -> Cstruct.t
generate ~g n
produces n
uniformly distributed random bytes, updating the state of g
.
val reseed : g:g -> Cstruct.t -> unit
reseed ~g bytes
directly updates g
. Its new state depends both on bytes
and the previous state.
A generator is seded after a single application of reseed
.
val accumulate : g:g -> Entropy.source -> [ `Acc of Cstruct.t -> unit ]
accumulate ~g
is a closure suitable for incrementally feeding small amounts of environmentally sourced entropy into g
.
Its operation should be fast enough for repeated calling from e.g. event loops. Systems with several distinct, stable entropy sources should use stable source
to distinguish their sources.
val seeded : g:g -> bool
seeded ~g
is true
iff operations won't throw Unseeded_generator.
diff --git a/doc/mirage-crypto-rng-mirage/Mirage_crypto_rng_mirage/index.html b/doc/mirage-crypto-rng-mirage/Mirage_crypto_rng_mirage/index.html
index c2ba10e5..4497e567 100644
--- a/doc/mirage-crypto-rng-mirage/Mirage_crypto_rng_mirage/index.html
+++ b/doc/mirage-crypto-rng-mirage/Mirage_crypto_rng_mirage/index.html
@@ -1,2 +1,2 @@
-Mirage_crypto_rng_mirage (mirage-crypto-rng-mirage.Mirage_crypto_rng_mirage) Module Mirage_crypto_rng_mirage
+Mirage_crypto_rng_mirage (mirage-crypto-rng-mirage.Mirage_crypto_rng_mirage) Module Mirage_crypto_rng_mirage
diff --git a/doc/mirage-crypto-rng-mirage/Mirage_crypto_rng_mirage/module-type-S/Entropy/index.html b/doc/mirage-crypto-rng-mirage/Mirage_crypto_rng_mirage/module-type-S/Entropy/index.html
new file mode 100644
index 00000000..26ce2db5
--- /dev/null
+++ b/doc/mirage-crypto-rng-mirage/Mirage_crypto_rng_mirage/module-type-S/Entropy/index.html
@@ -0,0 +1,2 @@
+
+Entropy (mirage-crypto-rng-mirage.Mirage_crypto_rng_mirage.S.Entropy) Module S.Entropy
Entropy sources and collection
type source = Mirage_crypto_rng.Entropy.source
Entropy sources.
val sources : unit -> source list
sources ()
returns the list of available sources.
val pp_source : Stdlib.Format.formatter -> source -> unit
pp_source ppf source
pretty-prints the entropy source
on ppf
.
val register_source : string -> source
register_source name
registers name
as entropy source.
diff --git a/doc/mirage-crypto-rng-mirage/Mirage_crypto_rng_mirage/module-type-S/index.html b/doc/mirage-crypto-rng-mirage/Mirage_crypto_rng_mirage/module-type-S/index.html
new file mode 100644
index 00000000..a35b8e85
--- /dev/null
+++ b/doc/mirage-crypto-rng-mirage/Mirage_crypto_rng_mirage/module-type-S/index.html
@@ -0,0 +1,2 @@
+
+S (mirage-crypto-rng-mirage.Mirage_crypto_rng_mirage.S) Module type Mirage_crypto_rng_mirage.S
type g = Mirage_crypto_rng.g
A generator (PRNG) with its state.
module Entropy : sig ... end
Entropy sources and collection
val generate_into : ?g:g -> bytes -> ?off:int -> int -> unit
generate_into ~g buf ~off len
invokes generate_into on g
or default generator. The random data is put into buf
starting at off
(defaults to 0) with len
bytes.
val generate : ?g:g -> int -> string
Invoke generate_into
on g
or default generator and a freshly allocated string.
val accumulate : g option -> Entropy.source -> [ `Acc of string -> unit ]
accumulate g source
is a function data -> unit
to feed entropy to the RNG. This is useful if your system has a special entropy source.
diff --git a/doc/mirage-crypto-rng-mirage/index.html b/doc/mirage-crypto-rng-mirage/index.html
index ed97b61b..a10676de 100644
--- a/doc/mirage-crypto-rng-mirage/index.html
+++ b/doc/mirage-crypto-rng-mirage/index.html
@@ -1,2 +1,2 @@
-index (mirage-crypto-rng-mirage.index) mirage-crypto-rng-mirage index
Library mirage-crypto-rng-mirage
The entry point of this library is the module: Mirage_crypto_rng_mirage
.
+index (mirage-crypto-rng-mirage.index) mirage-crypto-rng-mirage index
Library mirage-crypto-rng-mirage
The entry point of this library is the module: Mirage_crypto_rng_mirage
.
diff --git a/doc/mirage-crypto-rng/Mirage_crypto_rng/Entropy/index.html b/doc/mirage-crypto-rng/Mirage_crypto_rng/Entropy/index.html
index d7c76f8e..611bccb8 100644
--- a/doc/mirage-crypto-rng/Mirage_crypto_rng/Entropy/index.html
+++ b/doc/mirage-crypto-rng/Mirage_crypto_rng/Entropy/index.html
@@ -1,2 +1,2 @@
-Entropy (mirage-crypto-rng.Mirage_crypto_rng.Entropy) Module Mirage_crypto_rng.Entropy
Entropy sources and collection
val sources : unit -> source list
sources ()
returns the list of available sources.
val pp_source : Stdlib.Format.formatter -> source -> unit
pp_source ppf source
pretty-prints the entropy source
on ppf
.
val register_source : string -> source
register_source name
registers name
as entropy source.
Bootstrap
whirlwind_bootstrap id
exploits CPU-level data races which lead to execution-time variability. It returns 200 bytes random data prefixed by id
.
See http://www.ieee-security.org/TC/SP2014/papers/Not-So-RandomNumbersinVirtualizedLinuxandtheWhirlwindRNG.pdf for further details.
cpu_rng_bootstrap id
returns 8 bytes of random data using the CPU RNG (rdseed or rdrand). On 32bit platforms, only 4 bytes are filled. The id
is used as prefix.
bootstrap id
is either cpu_rng_bootstrap
, if the CPU supports it, or whirlwind_bootstrap
if not.
Timer source
interrupt_hook ()
collects lower bytes from the cycle counter, to be used for entropy collection in the event loop.
val timer_accumulator : g option -> unit -> unit
timer_accumulator g
is the accumulator for the timer source, applying interrupt_hook
on each call.
Periodic pulled sources
feed_pools g source f
feeds all pools of g
using source
by executing f
for each pool.
val cpu_rng : (g option -> unit -> unit, [ `Not_supported ]) Stdlib.Result.t
cpu_rng g
uses the CPU RNG (rdrand or rdseed) to feed all pools of g
. It uses feed_pools
internally. If neither rdrand nor rdseed are available, fun () -> ()
is returned.
+Entropy (mirage-crypto-rng.Mirage_crypto_rng.Entropy) Module Mirage_crypto_rng.Entropy
Entropy sources and collection
val sources : unit -> source list
sources ()
returns the list of available sources.
val pp_source : Stdlib.Format.formatter -> source -> unit
pp_source ppf source
pretty-prints the entropy source
on ppf
.
val register_source : string -> source
register_source name
registers name
as entropy source.
Bootstrap
whirlwind_bootstrap id
exploits CPU-level data races which lead to execution-time variability. It returns 200 bytes random data prefixed by id
.
See http://www.ieee-security.org/TC/SP2014/papers/Not-So-RandomNumbersinVirtualizedLinuxandtheWhirlwindRNG.pdf for further details.
cpu_rng_bootstrap id
returns 8 bytes of random data using the CPU RNG (rdseed or rdrand). On 32bit platforms, only 4 bytes are filled. The id
is used as prefix.
bootstrap id
is either cpu_rng_bootstrap
, if the CPU supports it, or whirlwind_bootstrap
if not.
Timer source
interrupt_hook
collects lower bytes from the cycle counter, to be used for entropy collection in the event loop.
val timer_accumulator : g option -> unit -> unit
timer_accumulator g
is the accumulator for the timer source, applying interrupt_hook
on each call.
Periodic pulled sources
feed_pools g source f
feeds all pools of g
using source
by executing f
for each pool.
val cpu_rng : (g option -> unit -> unit, [ `Not_supported ]) Stdlib.Result.t
cpu_rng g
uses the CPU RNG (rdrand or rdseed) to feed all pools of g
. It uses feed_pools
internally. If neither rdrand nor rdseed are available, fun () -> ()
is returned.
diff --git a/doc/mirage-crypto-rng/Mirage_crypto_rng/Fortuna/index.html b/doc/mirage-crypto-rng/Mirage_crypto_rng/Fortuna/index.html
index eb67bbef..a893937e 100644
--- a/doc/mirage-crypto-rng/Mirage_crypto_rng/Fortuna/index.html
+++ b/doc/mirage-crypto-rng/Mirage_crypto_rng/Fortuna/index.html
@@ -1,2 +1,2 @@
-Fortuna (mirage-crypto-rng.Mirage_crypto_rng.Fortuna) Module Mirage_crypto_rng.Fortuna
Fortuna, a CSPRNG proposed by Schneier.
Internally, this generator's generate always produces k * block
bytes.
val generate : g:g -> int -> Cstruct.t
generate ~g n
produces n
uniformly distributed random bytes, updating the state of g
.
val reseed : g:g -> Cstruct.t -> unit
reseed ~g bytes
directly updates g
. Its new state depends both on bytes
and the previous state.
A generator is seded after a single application of reseed
.
val accumulate : g:g -> Entropy.source -> [ `Acc of Cstruct.t -> unit ]
accumulate ~g
is a closure suitable for incrementally feeding small amounts of environmentally sourced entropy into g
.
Its operation should be fast enough for repeated calling from e.g. event loops. Systems with several distinct, stable entropy sources should use stable source
to distinguish their sources.
val seeded : g:g -> bool
seeded ~g
is true
iff operations won't throw Unseeded_generator.
+Fortuna (mirage-crypto-rng.Mirage_crypto_rng.Fortuna) Module Mirage_crypto_rng.Fortuna
Fortuna, a CSPRNG proposed by Schneier.
Internally, this generator's generate always produces k * block
bytes.
val generate_into : g:g -> bytes -> off:int -> int -> unit
generate_into ~g buf ~off n
produces n
uniformly distributed random bytes into buf
at offset off
, updating the state of g
.
val reseed : g:g -> string -> unit
reseed ~g bytes
directly updates g
. Its new state depends both on bytes
and the previous state.
A generator is seded after a single application of reseed
.
val accumulate : g:g -> Entropy.source -> [ `Acc of string -> unit ]
accumulate ~g
is a closure suitable for incrementally feeding small amounts of environmentally sourced entropy into g
.
Its operation should be fast enough for repeated calling from e.g. event loops. Systems with several distinct, stable entropy sources should use stable source
to distinguish their sources.
val seeded : g:g -> bool
seeded ~g
is true
iff operations won't throw Unseeded_generator.
diff --git a/doc/mirage-crypto-rng/Mirage_crypto_rng/Hmac_drbg/argument-1-H/index.html b/doc/mirage-crypto-rng/Mirage_crypto_rng/Hmac_drbg/argument-1-H/index.html
deleted file mode 100644
index 8713149e..00000000
--- a/doc/mirage-crypto-rng/Mirage_crypto_rng/Hmac_drbg/argument-1-H/index.html
+++ /dev/null
@@ -1,6 +0,0 @@
-
-H (mirage-crypto-rng.Mirage_crypto_rng.Hmac_drbg.H) Parameter Hmac_drbg.H
Core operations
val empty : t
empty
is the hash of the empty string.
feed t msg
adds the information in msg
to t
.
feed
is analogous to appending: feed (feed t msg1) msg2 = feed t (Cstruct.append msg1 msg2)
.
val get : t -> Mirage_crypto.Hash.digest
get t
is the digest corresponding to t
.
HMAC operations
val hmac_empty : key:Cstruct.t -> hmac
hmac ~key
is the hmac of the empty string using key key
.
val hmac_get : hmac -> Mirage_crypto.Hash.digest
hmac_get hmac
is the hmac corresponding to hmac
.
All-in-one
Functions that operate on data stored in a single chunk.
val digest : Cstruct.t -> Mirage_crypto.Hash.digest
digest msg
is the digest of msg
.
digest msg = get (feed empty msg)
val hmac : key:Cstruct.t -> Cstruct.t -> Mirage_crypto.Hash.digest
hmac ~key bytes
is the authentication code for bytes
under the secret key
, generated using the standard HMAC construction over this hash algorithm.
Functions over iterators
Functions that operate on arbitrary iterators. They can serve as a basis for other, more specialized aggregate hashing operations.
These functions are a little faster than using feed
directly.
val feedi : t -> Cstruct.t Mirage_crypto.Hash.iter -> t
feedi t iter =
- (let r = ref t in iter (fun msg -> r := feed !r msg); !r)
val digesti : Cstruct.t Mirage_crypto.Hash.iter -> Mirage_crypto.Hash.digest
digesti iter = feedi empty iter |> get
val hmaci :
- key:Cstruct.t ->
- Cstruct.t Mirage_crypto.Hash.iter ->
- Mirage_crypto.Hash.digest
See hmac
.
diff --git a/doc/mirage-crypto-rng/Mirage_crypto_rng/Hmac_drbg/index.html b/doc/mirage-crypto-rng/Mirage_crypto_rng/Hmac_drbg/index.html
index 58cc2aa5..617885cc 100644
--- a/doc/mirage-crypto-rng/Mirage_crypto_rng/Hmac_drbg/index.html
+++ b/doc/mirage-crypto-rng/Mirage_crypto_rng/Hmac_drbg/index.html
@@ -1,2 +1,2 @@
-Hmac_drbg (mirage-crypto-rng.Mirage_crypto_rng.Hmac_drbg) Module Mirage_crypto_rng.Hmac_drbg
HMAC_DRBG: A NIST-specified RNG based on HMAC construction over the provided hash.
Parameters
module H : Mirage_crypto.Hash.S
Signature
Internally, this generator's generate always produces k * block
bytes.
val generate : g:g -> int -> Cstruct.t
generate ~g n
produces n
uniformly distributed random bytes, updating the state of g
.
val reseed : g:g -> Cstruct.t -> unit
reseed ~g bytes
directly updates g
. Its new state depends both on bytes
and the previous state.
A generator is seded after a single application of reseed
.
val accumulate : g:g -> Entropy.source -> [ `Acc of Cstruct.t -> unit ]
accumulate ~g
is a closure suitable for incrementally feeding small amounts of environmentally sourced entropy into g
.
Its operation should be fast enough for repeated calling from e.g. event loops. Systems with several distinct, stable entropy sources should use stable source
to distinguish their sources.
val seeded : g:g -> bool
seeded ~g
is true
iff operations won't throw Unseeded_generator.
+Hmac_drbg (mirage-crypto-rng.Mirage_crypto_rng.Hmac_drbg) Module Mirage_crypto_rng.Hmac_drbg
HMAC_DRBG: A NIST-specified RNG based on HMAC construction over the provided hash.
Parameters
Signature
Internally, this generator's generate always produces k * block
bytes.
val generate_into : g:g -> bytes -> off:int -> int -> unit
generate_into ~g buf ~off n
produces n
uniformly distributed random bytes into buf
at offset off
, updating the state of g
.
val reseed : g:g -> string -> unit
reseed ~g bytes
directly updates g
. Its new state depends both on bytes
and the previous state.
A generator is seded after a single application of reseed
.
val accumulate : g:g -> Entropy.source -> [ `Acc of string -> unit ]
accumulate ~g
is a closure suitable for incrementally feeding small amounts of environmentally sourced entropy into g
.
Its operation should be fast enough for repeated calling from e.g. event loops. Systems with several distinct, stable entropy sources should use stable source
to distinguish their sources.
val seeded : g:g -> bool
seeded ~g
is true
iff operations won't throw Unseeded_generator.
diff --git a/doc/mirage-crypto-rng/Mirage_crypto_rng/index.html b/doc/mirage-crypto-rng/Mirage_crypto_rng/index.html
index 38bb7406..d4245fcd 100644
--- a/doc/mirage-crypto-rng/Mirage_crypto_rng/index.html
+++ b/doc/mirage-crypto-rng/Mirage_crypto_rng/index.html
@@ -1,11 +1,11 @@
-Mirage_crypto_rng (mirage-crypto-rng.Mirage_crypto_rng) Module Mirage_crypto_rng
Randomness
Secure random number generation.
There are several parts of this module:
- The signature of generator modules, together with a facility to convert such modules into actual generators, and functions that operate on this representation.
- A global generator instance, which needs to be initialized by calling
set_default_generator
.
Usage notes
TL;DR Don't forget to seed; don't maintain your own g
.
The RNGs here are merely the deterministic part of a full random number generation suite. For proper operation, they need to be seeded with a high-quality entropy source.
Suitable entropy feeding of generators are provided by other libraries mirage-crypto-rng-lwt (for Lwt), mirage-crypto-rng-async (for Async), mirage-crypto-rng-mirage (for MirageOS), mirage-crypto-rng.unix, and mirage-crypto-rng-eio (for Eio).
The intention is that "initialize" in the respective sub-library is called once, which sets the default generator and registers entropy harvesting asynchronous tasks. The semantics is that the entropy is always fed to the default generator, which is not necessarily the one set by "initialize". The reasoning behind this is that the default generator should be used in most setting, and that should be fed a constant stream of entropy.
mirage-crypto-rng-eio
package differs slightly from other rng packages. Instead of the initilize
function a run
function is provided with similar behaviour, i.e. RNG setup, entropy collection and periodic reseeding.
Although this module exposes a more fine-grained interface, e.g. allowing manual seeding of generators, this is intended either for implementing entropy-harvesting modules, or very specialized purposes. Users of this library should almost certainly use one of the above entropy libraries, and avoid manually managing the generator seeding.
Similarly, although it is possible to swap the default generator and gain control over the random stream, this is also intended for specialized applications such as testing or similar scenarios where the RNG needs to be fully deterministic (RFC 6979, deterministic usage of DSA), or as a component of deterministic algorithms which internally rely on pseudorandom streams.
In the general case, users should not maintain their local instances of g. All of the generators in a process have to compete for entropy, and it is likely that the overall result will have lower effective unpredictability.
The recommended way to use these functions is either to accept an optional generator and pass it down, or to ignore the generator altogether, as illustrated in the examples.
Interface
Thrown when using an uninitialized generator.
Thrown when set_default_generator
has not been called.
module Entropy : sig ... end
Entropy sources and collection
module type Generator = sig ... end
A single PRNG algorithm.
Ready-to-use RNG algorithms.
module Hmac_drbg (H : Mirage_crypto.Hash.S) : Generator
HMAC_DRBG: A NIST-specified RNG based on HMAC construction over the provided hash.
val create :
+Mirage_crypto_rng (mirage-crypto-rng.Mirage_crypto_rng) Module Mirage_crypto_rng
Randomness
Secure random number generation.
There are several parts of this module:
- The signature of generator modules, together with a facility to convert such modules into actual generators, and functions that operate on this representation.
- A global generator instance, which needs to be initialized by calling
set_default_generator
.
Usage notes
TL;DR Don't forget to seed; don't maintain your own g
.
The RNGs here are merely the deterministic part of a full random number generation suite. For proper operation, they need to be seeded with a high-quality entropy source.
Suitable entropy feeding of generators are provided by other libraries mirage-crypto-rng-lwt (for Lwt), mirage-crypto-rng-async (for Async), mirage-crypto-rng-mirage (for MirageOS), mirage-crypto-rng.unix, mirage-crypto-rng-eio (for Eio), and mirage-crypto-miou-unix (for Miou_unix).
The intention is that "initialize" in the respective sub-library is called once, which sets the default generator and registers entropy harvesting asynchronous tasks. The semantics is that the entropy is always fed to the default generator, which is not necessarily the one set by "initialize". The reasoning behind this is that the default generator should be used in most setting, and that should be fed a constant stream of entropy.
mirage-crypto-rng-eio
package differs slightly from other rng packages. Instead of the initialize
function a run
function is provided with similar behaviour, i.e. RNG setup, entropy collection and periodic reseeding.
Although this module exposes a more fine-grained interface, e.g. allowing manual seeding of generators, this is intended either for implementing entropy-harvesting modules, or very specialized purposes. Users of this library should almost certainly use one of the above entropy libraries, and avoid manually managing the generator seeding.
Similarly, although it is possible to swap the default generator and gain control over the random stream, this is also intended for specialized applications such as testing or similar scenarios where the RNG needs to be fully deterministic (RFC 6979, deterministic usage of DSA), or as a component of deterministic algorithms which internally rely on pseudorandom streams.
In the general case, users should not maintain their local instances of g. All of the generators in a process have to compete for entropy, and it is likely that the overall result will have lower effective unpredictability.
The recommended way to use these functions is either to accept an optional generator and pass it down, or to ignore the generator altogether, as illustrated in the examples.
Interface
Thrown when using an uninitialized generator.
Thrown when set_default_generator
has not been called.
module Entropy : sig ... end
Entropy sources and collection
module type Generator = sig ... end
A single PRNG algorithm.
Ready-to-use RNG algorithms.
HMAC_DRBG: A NIST-specified RNG based on HMAC construction over the provided hash.
val create :
?g:'a ->
- ?seed:Cstruct.t ->
+ ?seed:string ->
?strict:bool ->
?time:(unit -> int64) ->
'a generator ->
- g
create ~g ~seed ~strict ~time module
uses a module conforming to the Generator signature to instantiate the generic generator g.
g
is the state to use, otherwise a fresh one is created.
seed
can be provided to immediately reseed the generator with.
strict
puts the generator into a more standards-conformant, but slighty slower mode. Useful if the outputs need to match published test-vectors.
time
is used to limit the amount of reseedings. Fortuna uses at most once every second.
val default_generator : unit -> g
default_generator ()
is the default generator. Functions in this module use this generator when not explicitly supplied one.
val set_default_generator : g -> unit
set_default_generator g
sets the default generator to g
. This function must be called once.
val generate : ?g:g -> int -> Cstruct.t
Invoke generate on g
or default generator.
val block : g option -> int
Block size of g
or default generator.
Examples
Generating a random 13-byte Cstruct.t
:
let cs = Rng.generate 13
Generating a list of Cstruct.t
, passing down an optional generator:
let rec f1 ?g ~n i =
+ g
create ~g ~seed ~strict ~time module
uses a module conforming to the Generator signature to instantiate the generic generator g.
g
is the state to use, otherwise a fresh one is created.
seed
can be provided to immediately reseed the generator with.
strict
puts the generator into a more standards-conformant, but slighty slower mode. Useful if the outputs need to match published test-vectors.
time
is used to limit the amount of reseedings. Fortuna uses at most once every second.
val default_generator : unit -> g
default_generator ()
is the default generator. Functions in this module use this generator when not explicitly supplied one.
val set_default_generator : g -> unit
set_default_generator g
sets the default generator to g
. This function must be called once.
val generate_into : ?g:g -> bytes -> ?off:int -> int -> unit
generate_into ~g buf ~off len
invokes generate_into on g
or default generator. The random data is put into buf
starting at off
(defaults to 0) with len
bytes.
val generate : ?g:g -> int -> string
Invoke generate_into
on g
or default generator and a freshly allocated string.
val block : g option -> int
Block size of g
or default generator.
Examples
Generating a random 13-byte string:
let cs = Rng.generate 13
Generating a list of string, passing down an optional generator:
let rec f1 ?g ~n i =
if i < 1 then [] else Rng.generate ?g n :: f1 ?g ~n (i - 1)
Generating a Z.t
smaller than 10
:
let f2 ?g () = Mirage_crypto_pk.Z_extra.gen ?g Z.(~$10)
Creating a local Fortuna instance and using it as a key-derivation function:
let f3 secret =
let g = Rng.(create ~seed:secret (module Generators.Fortuna)) in
Rng.generate ~g 32
diff --git a/doc/mirage-crypto-rng/Mirage_crypto_rng/module-type-Generator/index.html b/doc/mirage-crypto-rng/Mirage_crypto_rng/module-type-Generator/index.html
index 130065c2..2f877c34 100644
--- a/doc/mirage-crypto-rng/Mirage_crypto_rng/module-type-Generator/index.html
+++ b/doc/mirage-crypto-rng/Mirage_crypto_rng/module-type-Generator/index.html
@@ -1,2 +1,2 @@
-Generator (mirage-crypto-rng.Mirage_crypto_rng.Generator) Module type Mirage_crypto_rng.Generator
A single PRNG algorithm.
Internally, this generator's generate always produces k * block
bytes.
val generate : g:g -> int -> Cstruct.t
generate ~g n
produces n
uniformly distributed random bytes, updating the state of g
.
val reseed : g:g -> Cstruct.t -> unit
reseed ~g bytes
directly updates g
. Its new state depends both on bytes
and the previous state.
A generator is seded after a single application of reseed
.
val accumulate : g:g -> Entropy.source -> [ `Acc of Cstruct.t -> unit ]
accumulate ~g
is a closure suitable for incrementally feeding small amounts of environmentally sourced entropy into g
.
Its operation should be fast enough for repeated calling from e.g. event loops. Systems with several distinct, stable entropy sources should use stable source
to distinguish their sources.
val seeded : g:g -> bool
seeded ~g
is true
iff operations won't throw Unseeded_generator.
+Generator (mirage-crypto-rng.Mirage_crypto_rng.Generator) Module type Mirage_crypto_rng.Generator
A single PRNG algorithm.
Internally, this generator's generate always produces k * block
bytes.
val generate_into : g:g -> bytes -> off:int -> int -> unit
generate_into ~g buf ~off n
produces n
uniformly distributed random bytes into buf
at offset off
, updating the state of g
.
val reseed : g:g -> string -> unit
reseed ~g bytes
directly updates g
. Its new state depends both on bytes
and the previous state.
A generator is seded after a single application of reseed
.
val accumulate : g:g -> Entropy.source -> [ `Acc of string -> unit ]
accumulate ~g
is a closure suitable for incrementally feeding small amounts of environmentally sourced entropy into g
.
Its operation should be fast enough for repeated calling from e.g. event loops. Systems with several distinct, stable entropy sources should use stable source
to distinguish their sources.
val seeded : g:g -> bool
seeded ~g
is true
iff operations won't throw Unseeded_generator.
diff --git a/doc/mirage-crypto-rng/Mirage_crypto_rng_unix/index.html b/doc/mirage-crypto-rng/Mirage_crypto_rng_unix/index.html
index bd7cce8e..7af90bcc 100644
--- a/doc/mirage-crypto-rng/Mirage_crypto_rng_unix/index.html
+++ b/doc/mirage-crypto-rng/Mirage_crypto_rng_unix/index.html
@@ -1,2 +1,2 @@
-Mirage_crypto_rng_unix (mirage-crypto-rng.Mirage_crypto_rng_unix) Module Mirage_crypto_rng_unix
RNG seeding on Unix.
This module initializes a Fortuna RNG with getrandom()
, and CPU RNG. On BSD systems (FreeBSD, OpenBSD, macOS) getentropy ()
is used instead of getrandom ()
. On Windows 10 or higher, BCryptGenRandom()
is used with the default RNG. Windows 8 or lower are not supported by this library.
val initialize : ?g:'a -> 'a Mirage_crypto_rng.generator -> unit
initialize ~g rng
will bring the RNG into a working state.
+Mirage_crypto_rng_unix (mirage-crypto-rng.Mirage_crypto_rng_unix) Module Mirage_crypto_rng_unix
RNG seeding on Unix.
This module initializes a Fortuna RNG with getrandom()
, and CPU RNG. On BSD systems (FreeBSD, OpenBSD, macOS) getentropy ()
is used instead of getrandom ()
. On Windows 10 or higher, BCryptGenRandom()
is used with the default RNG. Windows 8 or lower are not supported by this library.
val initialize : ?g:'a -> 'a Mirage_crypto_rng.generator -> unit
initialize ~g rng
will bring the RNG into a working state.
diff --git a/doc/mirage-crypto-rng/index.html b/doc/mirage-crypto-rng/index.html
index 4fff6585..1537c2ff 100644
--- a/doc/mirage-crypto-rng/index.html
+++ b/doc/mirage-crypto-rng/index.html
@@ -1,2 +1,2 @@
-index (mirage-crypto-rng.index) mirage-crypto-rng index
Library mirage-crypto-rng
The entry point of this library is the module: Mirage_crypto_rng
.
Library mirage-crypto-rng.unix
The entry point of this library is the module: Mirage_crypto_rng_unix
.
+index (mirage-crypto-rng.index) mirage-crypto-rng index
Library mirage-crypto-rng
The entry point of this library is the module: Mirage_crypto_rng
.
Library mirage-crypto-rng.unix
The entry point of this library is the module: Mirage_crypto_rng_unix
.
diff --git a/doc/mirage-crypto/Mirage_crypto/AES/CBC/index.html b/doc/mirage-crypto/Mirage_crypto/AES/CBC/index.html
new file mode 100644
index 00000000..392de28d
--- /dev/null
+++ b/doc/mirage-crypto/Mirage_crypto/AES/CBC/index.html
@@ -0,0 +1,19 @@
+
+CBC (mirage-crypto.Mirage_crypto.AES.CBC) Module AES.CBC
val of_secret : string -> key
Construct the encryption key corresponding to secret
.
val encrypt : key:key -> iv:string -> string -> string
encrypt ~key ~iv msg
is msg
encrypted under key
, using iv
as the CBC initialization vector.
val decrypt : key:key -> iv:string -> string -> string
decrypt ~key ~iv msg
is the inverse of encrypt
.
next_iv ~iv ciphertext ~off
is the first iv
following the encryption that used iv
to produce ciphertext
.
For protocols which perform inter-message chaining, this is the iv
for the next message.
It is either iv
, when String.length ciphertext - off = 0
, or the last block of ciphertext
. Note that
encrypt ~iv msg1 || encrypt ~iv:(next_iv ~iv (encrypt ~iv msg1)) msg2
+== encrypt ~iv (msg1 || msg2)
val encrypt_into :
+ key:key ->
+ iv:string ->
+ string ->
+ src_off:int ->
+ bytes ->
+ dst_off:int ->
+ int ->
+ unit
encrypt_into ~key ~iv src ~src_off dst dst_off len
encrypts len
octets from src
starting at src_off
into dst
starting at dst_off
.
val decrypt_into :
+ key:key ->
+ iv:string ->
+ string ->
+ src_off:int ->
+ bytes ->
+ dst_off:int ->
+ int ->
+ unit
decrypt_into ~key ~iv src ~src_off dst dst_off len
decrypts len
octets from src
starting at src_off
into dst
starting at dst_off
.
diff --git a/doc/mirage-crypto/Mirage_crypto/AES/CCM16/index.html b/doc/mirage-crypto/Mirage_crypto/AES/CCM16/index.html
new file mode 100644
index 00000000..9244f9dc
--- /dev/null
+++ b/doc/mirage-crypto/Mirage_crypto/AES/CCM16/index.html
@@ -0,0 +1,43 @@
+
+CCM16 (mirage-crypto.Mirage_crypto.AES.CCM16) Module AES.CCM16
include AEAD
val of_secret : string -> key
of_secret secret
constructs the encryption key corresponding to secret
.
Authenticated encryption and decryption with inline tag
val authenticate_encrypt :
+ key:key ->
+ nonce:string ->
+ ?adata:string ->
+ string ->
+ string
authenticate_encrypt ~key ~nonce ~adata msg
encrypts msg
with key
and nonce
, and appends an authentication tag computed over the encrypted msg
, using key
, nonce
, and adata
.
val authenticate_decrypt :
+ key:key ->
+ nonce:string ->
+ ?adata:string ->
+ string ->
+ string option
authenticate_decrypt ~key ~nonce ~adata msg
splits msg
into encrypted data and authentication tag, computes the authentication tag using key
, nonce
, and adata
, and decrypts the encrypted data. If the authentication tags match, the decrypted data is returned.
Authenticated encryption and decryption with tag provided separately
val authenticate_encrypt_tag :
+ key:key ->
+ nonce:string ->
+ ?adata:string ->
+ string ->
+ string * string
authenticate_encrypt_tag ~key ~nonce ~adata msg
encrypts msg
with key
and nonce
. The computed authentication tag is returned separately as second part of the tuple.
val authenticate_decrypt_tag :
+ key:key ->
+ nonce:string ->
+ ?adata:string ->
+ tag:string ->
+ string ->
+ string option
authenticate_decrypt ~key ~nonce ~adata ~tag msg
computes the authentication tag using key
, nonce
, and adata
, and decrypts the encrypted data. If the authentication tags match, the decrypted data is returned.
Authenticated encryption and decryption into existing buffers
val authenticate_encrypt_into :
+ key:key ->
+ nonce:string ->
+ ?adata:string ->
+ string ->
+ src_off:int ->
+ bytes ->
+ dst_off:int ->
+ tag_off:int ->
+ int ->
+ unit
authenticate_encrypt_into ~key ~nonce ~adata msg ~src_off dst ~dst_off ~tag_off len
encrypts len
bytes of msg
starting at src_off
with key
and nonce
. The output is put into dst
at dst_off
, the tag into dst
at tag_off
.
val authenticate_decrypt_into :
+ key:key ->
+ nonce:string ->
+ ?adata:string ->
+ string ->
+ src_off:int ->
+ tag_off:int ->
+ bytes ->
+ dst_off:int ->
+ int ->
+ bool
authenticate_decrypt_into ~key ~nonce ~adata msg ~src_off ~tag_off dst ~dst_off len
computes the authentication tag using key
, nonce
, and adata
, and decrypts the len
bytes encrypted data from msg
starting at src_off
into dst
starting at dst_off
. If the authentication tags match, true
is returned, and the decrypted data is in dst
.
diff --git a/doc/mirage-crypto/Mirage_crypto/AES/CTR/index.html b/doc/mirage-crypto/Mirage_crypto/AES/CTR/index.html
new file mode 100644
index 00000000..aebeaa88
--- /dev/null
+++ b/doc/mirage-crypto/Mirage_crypto/AES/CTR/index.html
@@ -0,0 +1,20 @@
+
+CTR (mirage-crypto.Mirage_crypto.AES.CTR) Module AES.CTR
val of_secret : string -> key
Construct the encryption key corresponding to secret
.
next_ctr ~off msg ~ctr
is the state of the counter after encrypting or decrypting msg
at offset off
with the counter ctr
.
For protocols which perform inter-message chaining, this is the counter for the next message.
It is computed as C.add ctr (ceil (len msg / block_size))
. Note that if len msg1 = k * block_size
,
encrypt ~ctr msg1 || encrypt ~ctr:(next_ctr ~ctr msg1) msg2
+== encrypt ~ctr (msg1 || msg2)
val ctr_of_octets : string -> ctr
ctr_of_octets buf
converts the value of buf
into a counter.
stream ~key ~ctr n
is the raw keystream.
Keystream is the concatenation of successive encrypted counter states. If E(x)
is the single block x
encrypted under key
, then keystream is the first n
bytes of E(ctr) || E(add ctr 1) || E(add ctr 2) || ...
.
Note that
stream ~key ~ctr (k * block_size) || stream ~key ~ctr:(add ctr k) x
+== stream ~key ~ctr (k * block_size + x)
In other words, it is possible to restart a keystream at block_size
boundaries by manipulating the counter.
encrypt ~key ~ctr msg
is stream ~key ~ctr (len msg) lxor msg
.
stream_into ~key ~ctr dst ~off len
is the raw key stream put into dst
starting at off
.
val encrypt_into :
+ key:key ->
+ ctr:ctr ->
+ string ->
+ src_off:int ->
+ bytes ->
+ dst_off:int ->
+ int ->
+ unit
encrypt_into ~key ~ctr src ~src_off dst ~dst_off len
produces the key stream into dst
at dst_off
, and then xors it with src
at src_off
.
val decrypt_into :
+ key:key ->
+ ctr:ctr ->
+ string ->
+ src_off:int ->
+ bytes ->
+ dst_off:int ->
+ int ->
+ unit
decrypt_into
is encrypt_into
.
diff --git a/doc/mirage-crypto/Mirage_crypto/AES/ECB/index.html b/doc/mirage-crypto/Mirage_crypto/AES/ECB/index.html
new file mode 100644
index 00000000..d3e4241d
--- /dev/null
+++ b/doc/mirage-crypto/Mirage_crypto/AES/ECB/index.html
@@ -0,0 +1,16 @@
+
+ECB (mirage-crypto.Mirage_crypto.AES.ECB) Module AES.ECB
val of_secret : string -> key
Construct the encryption key corresponding to secret
.
val encrypt : key:key -> string -> string
encrypt ~key src
encrypts src
into a freshly allocated buffer of the same size using key
.
val decrypt : key:key -> string -> string
decrypt ~key src
decrypts src
into a freshly allocated buffer of the same size using key
.
val encrypt_into :
+ key:key ->
+ string ->
+ src_off:int ->
+ bytes ->
+ dst_off:int ->
+ int ->
+ unit
encrypt_into ~key src ~src_off dst dst_off len
encrypts len
octets from src
starting at src_off
into dst
starting at dst_off
.
val decrypt_into :
+ key:key ->
+ string ->
+ src_off:int ->
+ bytes ->
+ dst_off:int ->
+ int ->
+ unit
decrypt_into ~key src ~src_off dst dst_off len
decrypts len
octets from src
starting at src_off
into dst
starting at dst_off
.
diff --git a/doc/mirage-crypto/Mirage_crypto/AES/GCM/index.html b/doc/mirage-crypto/Mirage_crypto/AES/GCM/index.html
new file mode 100644
index 00000000..4394821b
--- /dev/null
+++ b/doc/mirage-crypto/Mirage_crypto/AES/GCM/index.html
@@ -0,0 +1,43 @@
+
+GCM (mirage-crypto.Mirage_crypto.AES.GCM) Module AES.GCM
include AEAD
val of_secret : string -> key
of_secret secret
constructs the encryption key corresponding to secret
.
Authenticated encryption and decryption with inline tag
val authenticate_encrypt :
+ key:key ->
+ nonce:string ->
+ ?adata:string ->
+ string ->
+ string
authenticate_encrypt ~key ~nonce ~adata msg
encrypts msg
with key
and nonce
, and appends an authentication tag computed over the encrypted msg
, using key
, nonce
, and adata
.
val authenticate_decrypt :
+ key:key ->
+ nonce:string ->
+ ?adata:string ->
+ string ->
+ string option
authenticate_decrypt ~key ~nonce ~adata msg
splits msg
into encrypted data and authentication tag, computes the authentication tag using key
, nonce
, and adata
, and decrypts the encrypted data. If the authentication tags match, the decrypted data is returned.
Authenticated encryption and decryption with tag provided separately
val authenticate_encrypt_tag :
+ key:key ->
+ nonce:string ->
+ ?adata:string ->
+ string ->
+ string * string
authenticate_encrypt_tag ~key ~nonce ~adata msg
encrypts msg
with key
and nonce
. The computed authentication tag is returned separately as second part of the tuple.
val authenticate_decrypt_tag :
+ key:key ->
+ nonce:string ->
+ ?adata:string ->
+ tag:string ->
+ string ->
+ string option
authenticate_decrypt ~key ~nonce ~adata ~tag msg
computes the authentication tag using key
, nonce
, and adata
, and decrypts the encrypted data. If the authentication tags match, the decrypted data is returned.
Authenticated encryption and decryption into existing buffers
val authenticate_encrypt_into :
+ key:key ->
+ nonce:string ->
+ ?adata:string ->
+ string ->
+ src_off:int ->
+ bytes ->
+ dst_off:int ->
+ tag_off:int ->
+ int ->
+ unit
authenticate_encrypt_into ~key ~nonce ~adata msg ~src_off dst ~dst_off ~tag_off len
encrypts len
bytes of msg
starting at src_off
with key
and nonce
. The output is put into dst
at dst_off
, the tag into dst
at tag_off
.
val authenticate_decrypt_into :
+ key:key ->
+ nonce:string ->
+ ?adata:string ->
+ string ->
+ src_off:int ->
+ tag_off:int ->
+ bytes ->
+ dst_off:int ->
+ int ->
+ bool
authenticate_decrypt_into ~key ~nonce ~adata msg ~src_off ~tag_off dst ~dst_off len
computes the authentication tag using key
, nonce
, and adata
, and decrypts the len
bytes encrypted data from msg
starting at src_off
into dst
starting at dst_off
. If the authentication tags match, true
is returned, and the decrypted data is in dst
.
diff --git a/doc/mirage-crypto/Mirage_crypto/AES/index.html b/doc/mirage-crypto/Mirage_crypto/AES/index.html
new file mode 100644
index 00000000..be27893d
--- /dev/null
+++ b/doc/mirage-crypto/Mirage_crypto/AES/index.html
@@ -0,0 +1,2 @@
+
+AES (mirage-crypto.Mirage_crypto.AES) Module Mirage_crypto.AES
module CCM16 : Block.CCM16
diff --git a/doc/mirage-crypto/Mirage_crypto/ARC4/index.html b/doc/mirage-crypto/Mirage_crypto/ARC4/index.html
new file mode 100644
index 00000000..bbf7e6b3
--- /dev/null
+++ b/doc/mirage-crypto/Mirage_crypto/ARC4/index.html
@@ -0,0 +1,2 @@
+
+ARC4 (mirage-crypto.Mirage_crypto.ARC4) Module Mirage_crypto.ARC4
Alleged Rivest Cipher 4.
val of_secret : string -> key
diff --git a/doc/mirage-crypto/Mirage_crypto/Block/index.html b/doc/mirage-crypto/Mirage_crypto/Block/index.html
new file mode 100644
index 00000000..3db54862
--- /dev/null
+++ b/doc/mirage-crypto/Mirage_crypto/Block/index.html
@@ -0,0 +1,2 @@
+
+Block (mirage-crypto.Mirage_crypto.Block) Module Mirage_crypto.Block
Module types for various block cipher modes of operation.
Modes of operation:
module type ECB = sig ... end
Electronic Codebook "mode".
module type CBC = sig ... end
Cipher-block chaining mode.
module type CTR = sig ... end
Counter mode.
module type GCM = sig ... end
Galois/Counter Mode.
module type CCM16 = sig ... end
Counter with CBC-MAC mode.
diff --git a/doc/mirage-crypto/Mirage_crypto/Block/module-type-CBC/index.html b/doc/mirage-crypto/Mirage_crypto/Block/module-type-CBC/index.html
new file mode 100644
index 00000000..d3a15842
--- /dev/null
+++ b/doc/mirage-crypto/Mirage_crypto/Block/module-type-CBC/index.html
@@ -0,0 +1,19 @@
+
+CBC (mirage-crypto.Mirage_crypto.Block.CBC) Module type Block.CBC
Cipher-block chaining mode.
val of_secret : string -> key
Construct the encryption key corresponding to secret
.
val encrypt : key:key -> iv:string -> string -> string
encrypt ~key ~iv msg
is msg
encrypted under key
, using iv
as the CBC initialization vector.
val decrypt : key:key -> iv:string -> string -> string
decrypt ~key ~iv msg
is the inverse of encrypt
.
next_iv ~iv ciphertext ~off
is the first iv
following the encryption that used iv
to produce ciphertext
.
For protocols which perform inter-message chaining, this is the iv
for the next message.
It is either iv
, when String.length ciphertext - off = 0
, or the last block of ciphertext
. Note that
encrypt ~iv msg1 || encrypt ~iv:(next_iv ~iv (encrypt ~iv msg1)) msg2
+== encrypt ~iv (msg1 || msg2)
val encrypt_into :
+ key:key ->
+ iv:string ->
+ string ->
+ src_off:int ->
+ bytes ->
+ dst_off:int ->
+ int ->
+ unit
encrypt_into ~key ~iv src ~src_off dst dst_off len
encrypts len
octets from src
starting at src_off
into dst
starting at dst_off
.
val decrypt_into :
+ key:key ->
+ iv:string ->
+ string ->
+ src_off:int ->
+ bytes ->
+ dst_off:int ->
+ int ->
+ unit
decrypt_into ~key ~iv src ~src_off dst dst_off len
decrypts len
octets from src
starting at src_off
into dst
starting at dst_off
.
diff --git a/doc/mirage-crypto/Mirage_crypto/Block/module-type-CCM16/index.html b/doc/mirage-crypto/Mirage_crypto/Block/module-type-CCM16/index.html
new file mode 100644
index 00000000..98adaf89
--- /dev/null
+++ b/doc/mirage-crypto/Mirage_crypto/Block/module-type-CCM16/index.html
@@ -0,0 +1,43 @@
+
+CCM16 (mirage-crypto.Mirage_crypto.Block.CCM16) Module type Block.CCM16
Counter with CBC-MAC mode.
include AEAD
val of_secret : string -> key
of_secret secret
constructs the encryption key corresponding to secret
.
Authenticated encryption and decryption with inline tag
val authenticate_encrypt :
+ key:key ->
+ nonce:string ->
+ ?adata:string ->
+ string ->
+ string
authenticate_encrypt ~key ~nonce ~adata msg
encrypts msg
with key
and nonce
, and appends an authentication tag computed over the encrypted msg
, using key
, nonce
, and adata
.
val authenticate_decrypt :
+ key:key ->
+ nonce:string ->
+ ?adata:string ->
+ string ->
+ string option
authenticate_decrypt ~key ~nonce ~adata msg
splits msg
into encrypted data and authentication tag, computes the authentication tag using key
, nonce
, and adata
, and decrypts the encrypted data. If the authentication tags match, the decrypted data is returned.
Authenticated encryption and decryption with tag provided separately
val authenticate_encrypt_tag :
+ key:key ->
+ nonce:string ->
+ ?adata:string ->
+ string ->
+ string * string
authenticate_encrypt_tag ~key ~nonce ~adata msg
encrypts msg
with key
and nonce
. The computed authentication tag is returned separately as second part of the tuple.
val authenticate_decrypt_tag :
+ key:key ->
+ nonce:string ->
+ ?adata:string ->
+ tag:string ->
+ string ->
+ string option
authenticate_decrypt ~key ~nonce ~adata ~tag msg
computes the authentication tag using key
, nonce
, and adata
, and decrypts the encrypted data. If the authentication tags match, the decrypted data is returned.
Authenticated encryption and decryption into existing buffers
val authenticate_encrypt_into :
+ key:key ->
+ nonce:string ->
+ ?adata:string ->
+ string ->
+ src_off:int ->
+ bytes ->
+ dst_off:int ->
+ tag_off:int ->
+ int ->
+ unit
authenticate_encrypt_into ~key ~nonce ~adata msg ~src_off dst ~dst_off ~tag_off len
encrypts len
bytes of msg
starting at src_off
with key
and nonce
. The output is put into dst
at dst_off
, the tag into dst
at tag_off
.
val authenticate_decrypt_into :
+ key:key ->
+ nonce:string ->
+ ?adata:string ->
+ string ->
+ src_off:int ->
+ tag_off:int ->
+ bytes ->
+ dst_off:int ->
+ int ->
+ bool
authenticate_decrypt_into ~key ~nonce ~adata msg ~src_off ~tag_off dst ~dst_off len
computes the authentication tag using key
, nonce
, and adata
, and decrypts the len
bytes encrypted data from msg
starting at src_off
into dst
starting at dst_off
. If the authentication tags match, true
is returned, and the decrypted data is in dst
.
diff --git a/doc/mirage-crypto/Mirage_crypto/Block/module-type-CTR/index.html b/doc/mirage-crypto/Mirage_crypto/Block/module-type-CTR/index.html
new file mode 100644
index 00000000..bb5f3a64
--- /dev/null
+++ b/doc/mirage-crypto/Mirage_crypto/Block/module-type-CTR/index.html
@@ -0,0 +1,20 @@
+
+CTR (mirage-crypto.Mirage_crypto.Block.CTR) Module type Block.CTR
Counter mode.
val of_secret : string -> key
Construct the encryption key corresponding to secret
.
next_ctr ~off msg ~ctr
is the state of the counter after encrypting or decrypting msg
at offset off
with the counter ctr
.
For protocols which perform inter-message chaining, this is the counter for the next message.
It is computed as C.add ctr (ceil (len msg / block_size))
. Note that if len msg1 = k * block_size
,
encrypt ~ctr msg1 || encrypt ~ctr:(next_ctr ~ctr msg1) msg2
+== encrypt ~ctr (msg1 || msg2)
val ctr_of_octets : string -> ctr
ctr_of_octets buf
converts the value of buf
into a counter.
stream ~key ~ctr n
is the raw keystream.
Keystream is the concatenation of successive encrypted counter states. If E(x)
is the single block x
encrypted under key
, then keystream is the first n
bytes of E(ctr) || E(add ctr 1) || E(add ctr 2) || ...
.
Note that
stream ~key ~ctr (k * block_size) || stream ~key ~ctr:(add ctr k) x
+== stream ~key ~ctr (k * block_size + x)
In other words, it is possible to restart a keystream at block_size
boundaries by manipulating the counter.
encrypt ~key ~ctr msg
is stream ~key ~ctr (len msg) lxor msg
.
stream_into ~key ~ctr dst ~off len
is the raw key stream put into dst
starting at off
.
val encrypt_into :
+ key:key ->
+ ctr:ctr ->
+ string ->
+ src_off:int ->
+ bytes ->
+ dst_off:int ->
+ int ->
+ unit
encrypt_into ~key ~ctr src ~src_off dst ~dst_off len
produces the key stream into dst
at dst_off
, and then xors it with src
at src_off
.
val decrypt_into :
+ key:key ->
+ ctr:ctr ->
+ string ->
+ src_off:int ->
+ bytes ->
+ dst_off:int ->
+ int ->
+ unit
decrypt_into
is encrypt_into
.
diff --git a/doc/mirage-crypto/Mirage_crypto/Block/module-type-ECB/index.html b/doc/mirage-crypto/Mirage_crypto/Block/module-type-ECB/index.html
new file mode 100644
index 00000000..ae362671
--- /dev/null
+++ b/doc/mirage-crypto/Mirage_crypto/Block/module-type-ECB/index.html
@@ -0,0 +1,16 @@
+
+ECB (mirage-crypto.Mirage_crypto.Block.ECB) Module type Block.ECB
Electronic Codebook "mode".
val of_secret : string -> key
Construct the encryption key corresponding to secret
.
val encrypt : key:key -> string -> string
encrypt ~key src
encrypts src
into a freshly allocated buffer of the same size using key
.
val decrypt : key:key -> string -> string
decrypt ~key src
decrypts src
into a freshly allocated buffer of the same size using key
.
val encrypt_into :
+ key:key ->
+ string ->
+ src_off:int ->
+ bytes ->
+ dst_off:int ->
+ int ->
+ unit
encrypt_into ~key src ~src_off dst dst_off len
encrypts len
octets from src
starting at src_off
into dst
starting at dst_off
.
val decrypt_into :
+ key:key ->
+ string ->
+ src_off:int ->
+ bytes ->
+ dst_off:int ->
+ int ->
+ unit
decrypt_into ~key src ~src_off dst dst_off len
decrypts len
octets from src
starting at src_off
into dst
starting at dst_off
.
diff --git a/doc/mirage-crypto/Mirage_crypto/Block/module-type-GCM/index.html b/doc/mirage-crypto/Mirage_crypto/Block/module-type-GCM/index.html
new file mode 100644
index 00000000..617b6ef1
--- /dev/null
+++ b/doc/mirage-crypto/Mirage_crypto/Block/module-type-GCM/index.html
@@ -0,0 +1,43 @@
+
+GCM (mirage-crypto.Mirage_crypto.Block.GCM) Module type Block.GCM
Galois/Counter Mode.
include AEAD
val of_secret : string -> key
of_secret secret
constructs the encryption key corresponding to secret
.
Authenticated encryption and decryption with inline tag
val authenticate_encrypt :
+ key:key ->
+ nonce:string ->
+ ?adata:string ->
+ string ->
+ string
authenticate_encrypt ~key ~nonce ~adata msg
encrypts msg
with key
and nonce
, and appends an authentication tag computed over the encrypted msg
, using key
, nonce
, and adata
.
val authenticate_decrypt :
+ key:key ->
+ nonce:string ->
+ ?adata:string ->
+ string ->
+ string option
authenticate_decrypt ~key ~nonce ~adata msg
splits msg
into encrypted data and authentication tag, computes the authentication tag using key
, nonce
, and adata
, and decrypts the encrypted data. If the authentication tags match, the decrypted data is returned.
Authenticated encryption and decryption with tag provided separately
val authenticate_encrypt_tag :
+ key:key ->
+ nonce:string ->
+ ?adata:string ->
+ string ->
+ string * string
authenticate_encrypt_tag ~key ~nonce ~adata msg
encrypts msg
with key
and nonce
. The computed authentication tag is returned separately as second part of the tuple.
val authenticate_decrypt_tag :
+ key:key ->
+ nonce:string ->
+ ?adata:string ->
+ tag:string ->
+ string ->
+ string option
authenticate_decrypt ~key ~nonce ~adata ~tag msg
computes the authentication tag using key
, nonce
, and adata
, and decrypts the encrypted data. If the authentication tags match, the decrypted data is returned.
Authenticated encryption and decryption into existing buffers
val authenticate_encrypt_into :
+ key:key ->
+ nonce:string ->
+ ?adata:string ->
+ string ->
+ src_off:int ->
+ bytes ->
+ dst_off:int ->
+ tag_off:int ->
+ int ->
+ unit
authenticate_encrypt_into ~key ~nonce ~adata msg ~src_off dst ~dst_off ~tag_off len
encrypts len
bytes of msg
starting at src_off
with key
and nonce
. The output is put into dst
at dst_off
, the tag into dst
at tag_off
.
val authenticate_decrypt_into :
+ key:key ->
+ nonce:string ->
+ ?adata:string ->
+ string ->
+ src_off:int ->
+ tag_off:int ->
+ bytes ->
+ dst_off:int ->
+ int ->
+ bool
authenticate_decrypt_into ~key ~nonce ~adata msg ~src_off ~tag_off dst ~dst_off len
computes the authentication tag using key
, nonce
, and adata
, and decrypts the len
bytes encrypted data from msg
starting at src_off
into dst
starting at dst_off
. If the authentication tags match, true
is returned, and the decrypted data is in dst
.
diff --git a/doc/mirage-crypto/Mirage_crypto/Chacha20/index.html b/doc/mirage-crypto/Mirage_crypto/Chacha20/index.html
index 1175889f..e1784868 100644
--- a/doc/mirage-crypto/Mirage_crypto/Chacha20/index.html
+++ b/doc/mirage-crypto/Mirage_crypto/Chacha20/index.html
@@ -1,23 +1,43 @@
-Chacha20 (mirage-crypto.Mirage_crypto.Chacha20) Module Mirage_crypto.Chacha20
The ChaCha20 cipher proposed by D.J. Bernstein.
include AEAD
val of_secret : Cstruct.t -> key
of_secret secret
constructs the encryption key corresponding to secret
.
Authenticated encryption and decryption with inline tag
val authenticate_encrypt :
+Chacha20 (mirage-crypto.Mirage_crypto.Chacha20) Module Mirage_crypto.Chacha20
The ChaCha20 cipher proposed by D.J. Bernstein.
include AEAD
val of_secret : string -> key
of_secret secret
constructs the encryption key corresponding to secret
.
Authenticated encryption and decryption with inline tag
val authenticate_encrypt :
key:key ->
- nonce:Cstruct.t ->
- ?adata:Cstruct.t ->
- Cstruct.t ->
- Cstruct.t
authenticate_encrypt ~key ~nonce ~adata msg
encrypts msg
with key
and nonce
, and appends an authentication tag computed over the encrypted msg
, using key
, nonce
, and adata
.
authenticate_encrypt ~key ~nonce ~adata msg
encrypts msg
with key
and nonce
, and appends an authentication tag computed over the encrypted msg
, using key
, nonce
, and adata
.
val authenticate_decrypt :
key:key ->
- nonce:Cstruct.t ->
- ?adata:Cstruct.t ->
- Cstruct.t ->
- Cstruct.t option
authenticate_decrypt ~key ~nonce ~adata msg
splits msg
into encrypted data and authentication tag, computes the authentication tag using key
, nonce
, and adata
, and decrypts the encrypted data. If the authentication tags match, the decrypted data is returned.
Authenticated encryption and decryption with tag provided separately
authenticate_decrypt ~key ~nonce ~adata msg
splits msg
into encrypted data and authentication tag, computes the authentication tag using key
, nonce
, and adata
, and decrypts the encrypted data. If the authentication tags match, the decrypted data is returned.
Authenticated encryption and decryption with tag provided separately
val authenticate_encrypt_tag :
key:key ->
- nonce:Cstruct.t ->
- ?adata:Cstruct.t ->
- Cstruct.t ->
- Cstruct.t * Cstruct.t
authenticate_encrypt_tag ~key ~nonce ~adata msg
encrypts msg
with key
and nonce
. The computed authentication tag is returned separately as second part of the tuple.
authenticate_encrypt_tag ~key ~nonce ~adata msg
encrypts msg
with key
and nonce
. The computed authentication tag is returned separately as second part of the tuple.
val authenticate_decrypt_tag :
key:key ->
- nonce:Cstruct.t ->
- ?adata:Cstruct.t ->
- tag:Cstruct.t ->
- Cstruct.t ->
- Cstruct.t option
authenticate_decrypt ~key ~nonce ~adata ~tag msg
computes the authentication tag using key
, nonce
, and adata
, and decrypts the encrypted data. If the authentication tags match, the decrypted data is returned.
val crypt : key:key -> nonce:Cstruct.t -> ?ctr:int64 -> Cstruct.t -> Cstruct.t
crypt ~key ~nonce ~ctr data
generates a ChaCha20 key stream using the key
, and nonce
. The ctr
defaults to 0. The generated key stream is of the same length as data
, and the output is the XOR of the key stream and data
. This implements, depending on the size of the nonce
(8 or 12 bytes) both the original specification (where the counter is 8 byte, same as the nonce) and the IETF RFC 8439 specification (where nonce is 12 bytes, and counter 4 bytes).
+ nonce:string ->
+ ?adata:string ->
+ tag:string ->
+ string ->
+ string option
authenticate_decrypt ~key ~nonce ~adata ~tag msg
computes the authentication tag using key
, nonce
, and adata
, and decrypts the encrypted data. If the authentication tags match, the decrypted data is returned.
Authenticated encryption and decryption into existing buffers
val authenticate_encrypt_into :
+ key:key ->
+ nonce:string ->
+ ?adata:string ->
+ string ->
+ src_off:int ->
+ bytes ->
+ dst_off:int ->
+ tag_off:int ->
+ int ->
+ unit
authenticate_encrypt_into ~key ~nonce ~adata msg ~src_off dst ~dst_off ~tag_off len
encrypts len
bytes of msg
starting at src_off
with key
and nonce
. The output is put into dst
at dst_off
, the tag into dst
at tag_off
.
val authenticate_decrypt_into :
+ key:key ->
+ nonce:string ->
+ ?adata:string ->
+ string ->
+ src_off:int ->
+ tag_off:int ->
+ bytes ->
+ dst_off:int ->
+ int ->
+ bool
authenticate_decrypt_into ~key ~nonce ~adata msg ~src_off ~tag_off dst ~dst_off len
computes the authentication tag using key
, nonce
, and adata
, and decrypts the len
bytes encrypted data from msg
starting at src_off
into dst
starting at dst_off
. If the authentication tags match, true
is returned, and the decrypted data is in dst
.
val crypt : key:key -> nonce:string -> ?ctr:int64 -> string -> string
crypt ~key ~nonce ~ctr data
generates a ChaCha20 key stream using the key
, and nonce
. The ctr
defaults to 0. The generated key stream is of the same length as data
, and the output is the XOR of the key stream and data
. This implements, depending on the size of the nonce
(8 or 12 bytes) both the original specification (where the counter is 8 byte, same as the nonce) and the IETF RFC 8439 specification (where nonce is 12 bytes, and counter 4 bytes).
diff --git a/doc/mirage-crypto/Mirage_crypto/Cipher_block/AES/CBC/index.html b/doc/mirage-crypto/Mirage_crypto/Cipher_block/AES/CBC/index.html
deleted file mode 100644
index 8d7f483e..00000000
--- a/doc/mirage-crypto/Mirage_crypto/Cipher_block/AES/CBC/index.html
+++ /dev/null
@@ -1,3 +0,0 @@
-
-CBC (mirage-crypto.Mirage_crypto.Cipher_block.AES.CBC) Module AES.CBC
val of_secret : Cstruct.t -> key
Construct the encryption key corresponding to secret
.
val encrypt : key:key -> iv:Cstruct.t -> Cstruct.t -> Cstruct.t
encrypt ~key ~iv msg
is msg
encrypted under key
, using iv
as the CBC initialization vector.
val decrypt : key:key -> iv:Cstruct.t -> Cstruct.t -> Cstruct.t
decrypt ~key ~iv msg
is the inverse of encrypt
.
next_iv ~iv ciphertext
is the first iv
following the encryption that used iv
to produce ciphertext
.
For protocols which perform inter-message chaining, this is the iv
for the next message.
It is either iv
, when len ciphertext = 0
, or the last block of ciphertext
. Note that
encrypt ~iv msg1 || encrypt ~iv:(next_iv ~iv (encrypt ~iv msg1)) msg2
-== encrypt ~iv (msg1 || msg2)
diff --git a/doc/mirage-crypto/Mirage_crypto/Cipher_block/AES/CCM16/index.html b/doc/mirage-crypto/Mirage_crypto/Cipher_block/AES/CCM16/index.html
deleted file mode 100644
index 78b1c094..00000000
--- a/doc/mirage-crypto/Mirage_crypto/Cipher_block/AES/CCM16/index.html
+++ /dev/null
@@ -1,23 +0,0 @@
-
-CCM16 (mirage-crypto.Mirage_crypto.Cipher_block.AES.CCM16) Module AES.CCM16
include AEAD
val of_secret : Cstruct.t -> key
of_secret secret
constructs the encryption key corresponding to secret
.
Authenticated encryption and decryption with inline tag
val authenticate_encrypt :
- key:key ->
- nonce:Cstruct.t ->
- ?adata:Cstruct.t ->
- Cstruct.t ->
- Cstruct.t
authenticate_encrypt ~key ~nonce ~adata msg
encrypts msg
with key
and nonce
, and appends an authentication tag computed over the encrypted msg
, using key
, nonce
, and adata
.
val authenticate_decrypt :
- key:key ->
- nonce:Cstruct.t ->
- ?adata:Cstruct.t ->
- Cstruct.t ->
- Cstruct.t option
authenticate_decrypt ~key ~nonce ~adata msg
splits msg
into encrypted data and authentication tag, computes the authentication tag using key
, nonce
, and adata
, and decrypts the encrypted data. If the authentication tags match, the decrypted data is returned.
Authenticated encryption and decryption with tag provided separately
val authenticate_encrypt_tag :
- key:key ->
- nonce:Cstruct.t ->
- ?adata:Cstruct.t ->
- Cstruct.t ->
- Cstruct.t * Cstruct.t
authenticate_encrypt_tag ~key ~nonce ~adata msg
encrypts msg
with key
and nonce
. The computed authentication tag is returned separately as second part of the tuple.
val authenticate_decrypt_tag :
- key:key ->
- nonce:Cstruct.t ->
- ?adata:Cstruct.t ->
- tag:Cstruct.t ->
- Cstruct.t ->
- Cstruct.t option
authenticate_decrypt ~key ~nonce ~adata ~tag msg
computes the authentication tag using key
, nonce
, and adata
, and decrypts the encrypted data. If the authentication tags match, the decrypted data is returned.
diff --git a/doc/mirage-crypto/Mirage_crypto/Cipher_block/AES/CTR/index.html b/doc/mirage-crypto/Mirage_crypto/Cipher_block/AES/CTR/index.html
deleted file mode 100644
index 49d5b021..00000000
--- a/doc/mirage-crypto/Mirage_crypto/Cipher_block/AES/CTR/index.html
+++ /dev/null
@@ -1,4 +0,0 @@
-
-CTR (mirage-crypto.Mirage_crypto.Cipher_block.AES.CTR) Module AES.CTR
val of_secret : Cstruct.t -> key
Construct the encryption key corresponding to secret
.
stream ~key ~ctr n
is the raw keystream.
Keystream is the concatenation of successive encrypted counter states. If E(x)
is the single block x
encrypted under key
, then keystream is the first n
bytes of E(ctr) || E(add ctr 1) || E(add ctr 2) || ...
.
Note that
stream ~key ~ctr (k * block_size) || stream ~key ~ctr:(add ctr k) x
-== stream ~key ~ctr (k * block_size + x)
In other words, it is possible to restart a keystream at block_size
boundaries by manipulating the counter.
encrypt ~key ~ctr msg
is stream ~key ~ctr ~off (len msg) lxor msg
.
next_ctr ~ctr msg
is the state of the counter after encrypting or decrypting msg
with the counter ctr
.
For protocols which perform inter-message chaining, this is the counter for the next message.
It is computed as C.add ctr (ceil (len msg / block_size))
. Note that if len msg1 = k * block_size
,
encrypt ~ctr msg1 || encrypt ~ctr:(next_ctr ~ctr msg1) msg2
-== encrypt ~ctr (msg1 || msg2)
val ctr_of_cstruct : Cstruct.t -> ctr
ctr_of_cstruct cs
converts the value of cs
into a counter.
diff --git a/doc/mirage-crypto/Mirage_crypto/Cipher_block/AES/ECB/index.html b/doc/mirage-crypto/Mirage_crypto/Cipher_block/AES/ECB/index.html
deleted file mode 100644
index 0638153c..00000000
--- a/doc/mirage-crypto/Mirage_crypto/Cipher_block/AES/ECB/index.html
+++ /dev/null
@@ -1,2 +0,0 @@
-
-ECB (mirage-crypto.Mirage_crypto.Cipher_block.AES.ECB) Module AES.ECB
val of_secret : Cstruct.t -> key
val encrypt : key:key -> Cstruct.t -> Cstruct.t
val decrypt : key:key -> Cstruct.t -> Cstruct.t
diff --git a/doc/mirage-crypto/Mirage_crypto/Cipher_block/AES/GCM/index.html b/doc/mirage-crypto/Mirage_crypto/Cipher_block/AES/GCM/index.html
deleted file mode 100644
index bf7110d8..00000000
--- a/doc/mirage-crypto/Mirage_crypto/Cipher_block/AES/GCM/index.html
+++ /dev/null
@@ -1,23 +0,0 @@
-
-GCM (mirage-crypto.Mirage_crypto.Cipher_block.AES.GCM) Module AES.GCM
include AEAD
val of_secret : Cstruct.t -> key
of_secret secret
constructs the encryption key corresponding to secret
.
Authenticated encryption and decryption with inline tag
val authenticate_encrypt :
- key:key ->
- nonce:Cstruct.t ->
- ?adata:Cstruct.t ->
- Cstruct.t ->
- Cstruct.t
authenticate_encrypt ~key ~nonce ~adata msg
encrypts msg
with key
and nonce
, and appends an authentication tag computed over the encrypted msg
, using key
, nonce
, and adata
.
val authenticate_decrypt :
- key:key ->
- nonce:Cstruct.t ->
- ?adata:Cstruct.t ->
- Cstruct.t ->
- Cstruct.t option
authenticate_decrypt ~key ~nonce ~adata msg
splits msg
into encrypted data and authentication tag, computes the authentication tag using key
, nonce
, and adata
, and decrypts the encrypted data. If the authentication tags match, the decrypted data is returned.
Authenticated encryption and decryption with tag provided separately
val authenticate_encrypt_tag :
- key:key ->
- nonce:Cstruct.t ->
- ?adata:Cstruct.t ->
- Cstruct.t ->
- Cstruct.t * Cstruct.t
authenticate_encrypt_tag ~key ~nonce ~adata msg
encrypts msg
with key
and nonce
. The computed authentication tag is returned separately as second part of the tuple.
val authenticate_decrypt_tag :
- key:key ->
- nonce:Cstruct.t ->
- ?adata:Cstruct.t ->
- tag:Cstruct.t ->
- Cstruct.t ->
- Cstruct.t option
authenticate_decrypt ~key ~nonce ~adata ~tag msg
computes the authentication tag using key
, nonce
, and adata
, and decrypts the encrypted data. If the authentication tags match, the decrypted data is returned.
diff --git a/doc/mirage-crypto/Mirage_crypto/Cipher_block/AES/index.html b/doc/mirage-crypto/Mirage_crypto/Cipher_block/AES/index.html
deleted file mode 100644
index cf65db31..00000000
--- a/doc/mirage-crypto/Mirage_crypto/Cipher_block/AES/index.html
+++ /dev/null
@@ -1,2 +0,0 @@
-
-AES (mirage-crypto.Mirage_crypto.Cipher_block.AES) Module Cipher_block.AES
diff --git a/doc/mirage-crypto/Mirage_crypto/Cipher_block/DES/CBC/index.html b/doc/mirage-crypto/Mirage_crypto/Cipher_block/DES/CBC/index.html
deleted file mode 100644
index 74fe8ab4..00000000
--- a/doc/mirage-crypto/Mirage_crypto/Cipher_block/DES/CBC/index.html
+++ /dev/null
@@ -1,3 +0,0 @@
-
-CBC (mirage-crypto.Mirage_crypto.Cipher_block.DES.CBC) Module DES.CBC
val of_secret : Cstruct.t -> key
Construct the encryption key corresponding to secret
.
val encrypt : key:key -> iv:Cstruct.t -> Cstruct.t -> Cstruct.t
encrypt ~key ~iv msg
is msg
encrypted under key
, using iv
as the CBC initialization vector.
val decrypt : key:key -> iv:Cstruct.t -> Cstruct.t -> Cstruct.t
decrypt ~key ~iv msg
is the inverse of encrypt
.
next_iv ~iv ciphertext
is the first iv
following the encryption that used iv
to produce ciphertext
.
For protocols which perform inter-message chaining, this is the iv
for the next message.
It is either iv
, when len ciphertext = 0
, or the last block of ciphertext
. Note that
encrypt ~iv msg1 || encrypt ~iv:(next_iv ~iv (encrypt ~iv msg1)) msg2
-== encrypt ~iv (msg1 || msg2)
diff --git a/doc/mirage-crypto/Mirage_crypto/Cipher_block/DES/CTR/index.html b/doc/mirage-crypto/Mirage_crypto/Cipher_block/DES/CTR/index.html
deleted file mode 100644
index e6fffb82..00000000
--- a/doc/mirage-crypto/Mirage_crypto/Cipher_block/DES/CTR/index.html
+++ /dev/null
@@ -1,4 +0,0 @@
-
-CTR (mirage-crypto.Mirage_crypto.Cipher_block.DES.CTR) Module DES.CTR
val of_secret : Cstruct.t -> key
Construct the encryption key corresponding to secret
.
stream ~key ~ctr n
is the raw keystream.
Keystream is the concatenation of successive encrypted counter states. If E(x)
is the single block x
encrypted under key
, then keystream is the first n
bytes of E(ctr) || E(add ctr 1) || E(add ctr 2) || ...
.
Note that
stream ~key ~ctr (k * block_size) || stream ~key ~ctr:(add ctr k) x
-== stream ~key ~ctr (k * block_size + x)
In other words, it is possible to restart a keystream at block_size
boundaries by manipulating the counter.
encrypt ~key ~ctr msg
is stream ~key ~ctr ~off (len msg) lxor msg
.
next_ctr ~ctr msg
is the state of the counter after encrypting or decrypting msg
with the counter ctr
.
For protocols which perform inter-message chaining, this is the counter for the next message.
It is computed as C.add ctr (ceil (len msg / block_size))
. Note that if len msg1 = k * block_size
,
encrypt ~ctr msg1 || encrypt ~ctr:(next_ctr ~ctr msg1) msg2
-== encrypt ~ctr (msg1 || msg2)
val ctr_of_cstruct : Cstruct.t -> ctr
ctr_of_cstruct cs
converts the value of cs
into a counter.
diff --git a/doc/mirage-crypto/Mirage_crypto/Cipher_block/DES/ECB/index.html b/doc/mirage-crypto/Mirage_crypto/Cipher_block/DES/ECB/index.html
deleted file mode 100644
index 154f36a1..00000000
--- a/doc/mirage-crypto/Mirage_crypto/Cipher_block/DES/ECB/index.html
+++ /dev/null
@@ -1,2 +0,0 @@
-
-ECB (mirage-crypto.Mirage_crypto.Cipher_block.DES.ECB) Module DES.ECB
val of_secret : Cstruct.t -> key
val encrypt : key:key -> Cstruct.t -> Cstruct.t
val decrypt : key:key -> Cstruct.t -> Cstruct.t
diff --git a/doc/mirage-crypto/Mirage_crypto/Cipher_block/DES/index.html b/doc/mirage-crypto/Mirage_crypto/Cipher_block/DES/index.html
deleted file mode 100644
index 2bd24f29..00000000
--- a/doc/mirage-crypto/Mirage_crypto/Cipher_block/DES/index.html
+++ /dev/null
@@ -1,2 +0,0 @@
-
-DES (mirage-crypto.Mirage_crypto.Cipher_block.DES) Module Cipher_block.DES
diff --git a/doc/mirage-crypto/Mirage_crypto/Cipher_block/S/index.html b/doc/mirage-crypto/Mirage_crypto/Cipher_block/S/index.html
deleted file mode 100644
index 9f3cc6cc..00000000
--- a/doc/mirage-crypto/Mirage_crypto/Cipher_block/S/index.html
+++ /dev/null
@@ -1,2 +0,0 @@
-
-S (mirage-crypto.Mirage_crypto.Cipher_block.S) Module Cipher_block.S
Module types for various block cipher modes of operation.
Raw block cipher in all its glory.
Make absolutely sure to check the arguments. Behavior is unspecified on invalid inputs.
Modes of operation:
module type ECB = sig ... end
Electronic Codebook "mode".
module type CBC = sig ... end
Cipher-block chaining mode.
module type CTR = sig ... end
Counter mode.
module type GCM = sig ... end
Galois/Counter Mode.
module type CCM16 = sig ... end
Counter with CBC-MAC mode.
diff --git a/doc/mirage-crypto/Mirage_crypto/Cipher_block/S/module-type-CBC/index.html b/doc/mirage-crypto/Mirage_crypto/Cipher_block/S/module-type-CBC/index.html
deleted file mode 100644
index bd1c5b9c..00000000
--- a/doc/mirage-crypto/Mirage_crypto/Cipher_block/S/module-type-CBC/index.html
+++ /dev/null
@@ -1,3 +0,0 @@
-
-CBC (mirage-crypto.Mirage_crypto.Cipher_block.S.CBC) Module type S.CBC
Cipher-block chaining mode.
val of_secret : Cstruct.t -> key
Construct the encryption key corresponding to secret
.
val encrypt : key:key -> iv:Cstruct.t -> Cstruct.t -> Cstruct.t
encrypt ~key ~iv msg
is msg
encrypted under key
, using iv
as the CBC initialization vector.
val decrypt : key:key -> iv:Cstruct.t -> Cstruct.t -> Cstruct.t
decrypt ~key ~iv msg
is the inverse of encrypt
.
next_iv ~iv ciphertext
is the first iv
following the encryption that used iv
to produce ciphertext
.
For protocols which perform inter-message chaining, this is the iv
for the next message.
It is either iv
, when len ciphertext = 0
, or the last block of ciphertext
. Note that
encrypt ~iv msg1 || encrypt ~iv:(next_iv ~iv (encrypt ~iv msg1)) msg2
-== encrypt ~iv (msg1 || msg2)
diff --git a/doc/mirage-crypto/Mirage_crypto/Cipher_block/S/module-type-CCM16/index.html b/doc/mirage-crypto/Mirage_crypto/Cipher_block/S/module-type-CCM16/index.html
deleted file mode 100644
index affa19ee..00000000
--- a/doc/mirage-crypto/Mirage_crypto/Cipher_block/S/module-type-CCM16/index.html
+++ /dev/null
@@ -1,23 +0,0 @@
-
-CCM16 (mirage-crypto.Mirage_crypto.Cipher_block.S.CCM16) Module type S.CCM16
Counter with CBC-MAC mode.
include AEAD
val of_secret : Cstruct.t -> key
of_secret secret
constructs the encryption key corresponding to secret
.
Authenticated encryption and decryption with inline tag
val authenticate_encrypt :
- key:key ->
- nonce:Cstruct.t ->
- ?adata:Cstruct.t ->
- Cstruct.t ->
- Cstruct.t
authenticate_encrypt ~key ~nonce ~adata msg
encrypts msg
with key
and nonce
, and appends an authentication tag computed over the encrypted msg
, using key
, nonce
, and adata
.
val authenticate_decrypt :
- key:key ->
- nonce:Cstruct.t ->
- ?adata:Cstruct.t ->
- Cstruct.t ->
- Cstruct.t option
authenticate_decrypt ~key ~nonce ~adata msg
splits msg
into encrypted data and authentication tag, computes the authentication tag using key
, nonce
, and adata
, and decrypts the encrypted data. If the authentication tags match, the decrypted data is returned.
Authenticated encryption and decryption with tag provided separately
val authenticate_encrypt_tag :
- key:key ->
- nonce:Cstruct.t ->
- ?adata:Cstruct.t ->
- Cstruct.t ->
- Cstruct.t * Cstruct.t
authenticate_encrypt_tag ~key ~nonce ~adata msg
encrypts msg
with key
and nonce
. The computed authentication tag is returned separately as second part of the tuple.
val authenticate_decrypt_tag :
- key:key ->
- nonce:Cstruct.t ->
- ?adata:Cstruct.t ->
- tag:Cstruct.t ->
- Cstruct.t ->
- Cstruct.t option
authenticate_decrypt ~key ~nonce ~adata ~tag msg
computes the authentication tag using key
, nonce
, and adata
, and decrypts the encrypted data. If the authentication tags match, the decrypted data is returned.
diff --git a/doc/mirage-crypto/Mirage_crypto/Cipher_block/S/module-type-CTR/index.html b/doc/mirage-crypto/Mirage_crypto/Cipher_block/S/module-type-CTR/index.html
deleted file mode 100644
index 84e11a15..00000000
--- a/doc/mirage-crypto/Mirage_crypto/Cipher_block/S/module-type-CTR/index.html
+++ /dev/null
@@ -1,4 +0,0 @@
-
-CTR (mirage-crypto.Mirage_crypto.Cipher_block.S.CTR) Module type S.CTR
Counter mode.
val of_secret : Cstruct.t -> key
Construct the encryption key corresponding to secret
.
stream ~key ~ctr n
is the raw keystream.
Keystream is the concatenation of successive encrypted counter states. If E(x)
is the single block x
encrypted under key
, then keystream is the first n
bytes of E(ctr) || E(add ctr 1) || E(add ctr 2) || ...
.
Note that
stream ~key ~ctr (k * block_size) || stream ~key ~ctr:(add ctr k) x
-== stream ~key ~ctr (k * block_size + x)
In other words, it is possible to restart a keystream at block_size
boundaries by manipulating the counter.
encrypt ~key ~ctr msg
is stream ~key ~ctr ~off (len msg) lxor msg
.
next_ctr ~ctr msg
is the state of the counter after encrypting or decrypting msg
with the counter ctr
.
For protocols which perform inter-message chaining, this is the counter for the next message.
It is computed as C.add ctr (ceil (len msg / block_size))
. Note that if len msg1 = k * block_size
,
encrypt ~ctr msg1 || encrypt ~ctr:(next_ctr ~ctr msg1) msg2
-== encrypt ~ctr (msg1 || msg2)
val ctr_of_cstruct : Cstruct.t -> ctr
ctr_of_cstruct cs
converts the value of cs
into a counter.
diff --git a/doc/mirage-crypto/Mirage_crypto/Cipher_block/S/module-type-ECB/index.html b/doc/mirage-crypto/Mirage_crypto/Cipher_block/S/module-type-ECB/index.html
deleted file mode 100644
index 2c2fe44a..00000000
--- a/doc/mirage-crypto/Mirage_crypto/Cipher_block/S/module-type-ECB/index.html
+++ /dev/null
@@ -1,2 +0,0 @@
-
-ECB (mirage-crypto.Mirage_crypto.Cipher_block.S.ECB) Module type S.ECB
Electronic Codebook "mode".
val of_secret : Cstruct.t -> key
val encrypt : key:key -> Cstruct.t -> Cstruct.t
val decrypt : key:key -> Cstruct.t -> Cstruct.t
diff --git a/doc/mirage-crypto/Mirage_crypto/Cipher_block/S/module-type-GCM/index.html b/doc/mirage-crypto/Mirage_crypto/Cipher_block/S/module-type-GCM/index.html
deleted file mode 100644
index d56fceb1..00000000
--- a/doc/mirage-crypto/Mirage_crypto/Cipher_block/S/module-type-GCM/index.html
+++ /dev/null
@@ -1,23 +0,0 @@
-
-GCM (mirage-crypto.Mirage_crypto.Cipher_block.S.GCM) Module type S.GCM
Galois/Counter Mode.
include AEAD
val of_secret : Cstruct.t -> key
of_secret secret
constructs the encryption key corresponding to secret
.
Authenticated encryption and decryption with inline tag
val authenticate_encrypt :
- key:key ->
- nonce:Cstruct.t ->
- ?adata:Cstruct.t ->
- Cstruct.t ->
- Cstruct.t
authenticate_encrypt ~key ~nonce ~adata msg
encrypts msg
with key
and nonce
, and appends an authentication tag computed over the encrypted msg
, using key
, nonce
, and adata
.
val authenticate_decrypt :
- key:key ->
- nonce:Cstruct.t ->
- ?adata:Cstruct.t ->
- Cstruct.t ->
- Cstruct.t option
authenticate_decrypt ~key ~nonce ~adata msg
splits msg
into encrypted data and authentication tag, computes the authentication tag using key
, nonce
, and adata
, and decrypts the encrypted data. If the authentication tags match, the decrypted data is returned.
Authenticated encryption and decryption with tag provided separately
val authenticate_encrypt_tag :
- key:key ->
- nonce:Cstruct.t ->
- ?adata:Cstruct.t ->
- Cstruct.t ->
- Cstruct.t * Cstruct.t
authenticate_encrypt_tag ~key ~nonce ~adata msg
encrypts msg
with key
and nonce
. The computed authentication tag is returned separately as second part of the tuple.
val authenticate_decrypt_tag :
- key:key ->
- nonce:Cstruct.t ->
- ?adata:Cstruct.t ->
- tag:Cstruct.t ->
- Cstruct.t ->
- Cstruct.t option
authenticate_decrypt ~key ~nonce ~adata ~tag msg
computes the authentication tag using key
, nonce
, and adata
, and decrypts the encrypted data. If the authentication tags match, the decrypted data is returned.
diff --git a/doc/mirage-crypto/Mirage_crypto/Cipher_block/index.html b/doc/mirage-crypto/Mirage_crypto/Cipher_block/index.html
deleted file mode 100644
index f6e10c7d..00000000
--- a/doc/mirage-crypto/Mirage_crypto/Cipher_block/index.html
+++ /dev/null
@@ -1,2 +0,0 @@
-
-Cipher_block (mirage-crypto.Mirage_crypto.Cipher_block) Module Mirage_crypto.Cipher_block
Block ciphers.
Each algorithm, and each mode of operation, is contained in its own separate module.
module S : sig ... end
Module types for various block cipher modes of operation.
module AES : sig ... end
module DES : sig ... end
diff --git a/doc/mirage-crypto/Mirage_crypto/Cipher_stream/ARC4/index.html b/doc/mirage-crypto/Mirage_crypto/Cipher_stream/ARC4/index.html
deleted file mode 100644
index 3812099f..00000000
--- a/doc/mirage-crypto/Mirage_crypto/Cipher_stream/ARC4/index.html
+++ /dev/null
@@ -1,2 +0,0 @@
-
-ARC4 (mirage-crypto.Mirage_crypto.Cipher_stream.ARC4) Module Cipher_stream.ARC4
Alleged Rivest Cipher 4.
val of_secret : Cstruct.t -> key
diff --git a/doc/mirage-crypto/Mirage_crypto/Cipher_stream/index.html b/doc/mirage-crypto/Mirage_crypto/Cipher_stream/index.html
deleted file mode 100644
index c1d7f416..00000000
--- a/doc/mirage-crypto/Mirage_crypto/Cipher_stream/index.html
+++ /dev/null
@@ -1,2 +0,0 @@
-
-Cipher_stream (mirage-crypto.Mirage_crypto.Cipher_stream) Module Mirage_crypto.Cipher_stream
Streaming ciphers.
diff --git a/doc/mirage-crypto/Mirage_crypto/Cipher_stream/module-type-S/index.html b/doc/mirage-crypto/Mirage_crypto/Cipher_stream/module-type-S/index.html
deleted file mode 100644
index cbe80f57..00000000
--- a/doc/mirage-crypto/Mirage_crypto/Cipher_stream/module-type-S/index.html
+++ /dev/null
@@ -1,2 +0,0 @@
-
-S (mirage-crypto.Mirage_crypto.Cipher_stream.S) Module type Cipher_stream.S
General stream cipher type.
val of_secret : Cstruct.t -> key
diff --git a/doc/mirage-crypto/Mirage_crypto/DES/CBC/index.html b/doc/mirage-crypto/Mirage_crypto/DES/CBC/index.html
new file mode 100644
index 00000000..9af1e34b
--- /dev/null
+++ b/doc/mirage-crypto/Mirage_crypto/DES/CBC/index.html
@@ -0,0 +1,19 @@
+
+CBC (mirage-crypto.Mirage_crypto.DES.CBC) Module DES.CBC
val of_secret : string -> key
Construct the encryption key corresponding to secret
.
val encrypt : key:key -> iv:string -> string -> string
encrypt ~key ~iv msg
is msg
encrypted under key
, using iv
as the CBC initialization vector.
val decrypt : key:key -> iv:string -> string -> string
decrypt ~key ~iv msg
is the inverse of encrypt
.
next_iv ~iv ciphertext ~off
is the first iv
following the encryption that used iv
to produce ciphertext
.
For protocols which perform inter-message chaining, this is the iv
for the next message.
It is either iv
, when String.length ciphertext - off = 0
, or the last block of ciphertext
. Note that
encrypt ~iv msg1 || encrypt ~iv:(next_iv ~iv (encrypt ~iv msg1)) msg2
+== encrypt ~iv (msg1 || msg2)
val encrypt_into :
+ key:key ->
+ iv:string ->
+ string ->
+ src_off:int ->
+ bytes ->
+ dst_off:int ->
+ int ->
+ unit
encrypt_into ~key ~iv src ~src_off dst dst_off len
encrypts len
octets from src
starting at src_off
into dst
starting at dst_off
.
val decrypt_into :
+ key:key ->
+ iv:string ->
+ string ->
+ src_off:int ->
+ bytes ->
+ dst_off:int ->
+ int ->
+ unit
decrypt_into ~key ~iv src ~src_off dst dst_off len
decrypts len
octets from src
starting at src_off
into dst
starting at dst_off
.
diff --git a/doc/mirage-crypto/Mirage_crypto/DES/CTR/index.html b/doc/mirage-crypto/Mirage_crypto/DES/CTR/index.html
new file mode 100644
index 00000000..6a4220d2
--- /dev/null
+++ b/doc/mirage-crypto/Mirage_crypto/DES/CTR/index.html
@@ -0,0 +1,20 @@
+
+CTR (mirage-crypto.Mirage_crypto.DES.CTR) Module DES.CTR
val of_secret : string -> key
Construct the encryption key corresponding to secret
.
next_ctr ~off msg ~ctr
is the state of the counter after encrypting or decrypting msg
at offset off
with the counter ctr
.
For protocols which perform inter-message chaining, this is the counter for the next message.
It is computed as C.add ctr (ceil (len msg / block_size))
. Note that if len msg1 = k * block_size
,
encrypt ~ctr msg1 || encrypt ~ctr:(next_ctr ~ctr msg1) msg2
+== encrypt ~ctr (msg1 || msg2)
val ctr_of_octets : string -> ctr
ctr_of_octets buf
converts the value of buf
into a counter.
stream ~key ~ctr n
is the raw keystream.
Keystream is the concatenation of successive encrypted counter states. If E(x)
is the single block x
encrypted under key
, then keystream is the first n
bytes of E(ctr) || E(add ctr 1) || E(add ctr 2) || ...
.
Note that
stream ~key ~ctr (k * block_size) || stream ~key ~ctr:(add ctr k) x
+== stream ~key ~ctr (k * block_size + x)
In other words, it is possible to restart a keystream at block_size
boundaries by manipulating the counter.
encrypt ~key ~ctr msg
is stream ~key ~ctr (len msg) lxor msg
.
stream_into ~key ~ctr dst ~off len
is the raw key stream put into dst
starting at off
.
val encrypt_into :
+ key:key ->
+ ctr:ctr ->
+ string ->
+ src_off:int ->
+ bytes ->
+ dst_off:int ->
+ int ->
+ unit
encrypt_into ~key ~ctr src ~src_off dst ~dst_off len
produces the key stream into dst
at dst_off
, and then xors it with src
at src_off
.
val decrypt_into :
+ key:key ->
+ ctr:ctr ->
+ string ->
+ src_off:int ->
+ bytes ->
+ dst_off:int ->
+ int ->
+ unit
decrypt_into
is encrypt_into
.
diff --git a/doc/mirage-crypto/Mirage_crypto/DES/ECB/index.html b/doc/mirage-crypto/Mirage_crypto/DES/ECB/index.html
new file mode 100644
index 00000000..a29d5435
--- /dev/null
+++ b/doc/mirage-crypto/Mirage_crypto/DES/ECB/index.html
@@ -0,0 +1,16 @@
+
+ECB (mirage-crypto.Mirage_crypto.DES.ECB) Module DES.ECB
val of_secret : string -> key
Construct the encryption key corresponding to secret
.
val encrypt : key:key -> string -> string
encrypt ~key src
encrypts src
into a freshly allocated buffer of the same size using key
.
val decrypt : key:key -> string -> string
decrypt ~key src
decrypts src
into a freshly allocated buffer of the same size using key
.
val encrypt_into :
+ key:key ->
+ string ->
+ src_off:int ->
+ bytes ->
+ dst_off:int ->
+ int ->
+ unit
encrypt_into ~key src ~src_off dst dst_off len
encrypts len
octets from src
starting at src_off
into dst
starting at dst_off
.
val decrypt_into :
+ key:key ->
+ string ->
+ src_off:int ->
+ bytes ->
+ dst_off:int ->
+ int ->
+ unit
decrypt_into ~key src ~src_off dst dst_off len
decrypts len
octets from src
starting at src_off
into dst
starting at dst_off
.
diff --git a/doc/mirage-crypto/Mirage_crypto/DES/index.html b/doc/mirage-crypto/Mirage_crypto/DES/index.html
new file mode 100644
index 00000000..4653809b
--- /dev/null
+++ b/doc/mirage-crypto/Mirage_crypto/DES/index.html
@@ -0,0 +1,2 @@
+
+DES (mirage-crypto.Mirage_crypto.DES) Module Mirage_crypto.DES
diff --git a/doc/mirage-crypto/Mirage_crypto/Hash/MD5/index.html b/doc/mirage-crypto/Mirage_crypto/Hash/MD5/index.html
deleted file mode 100644
index 8b3450cb..00000000
--- a/doc/mirage-crypto/Mirage_crypto/Hash/MD5/index.html
+++ /dev/null
@@ -1,3 +0,0 @@
-
-MD5 (mirage-crypto.Mirage_crypto.Hash.MD5) Module Hash.MD5
Core operations
val empty : t
empty
is the hash of the empty string.
feed t msg
adds the information in msg
to t
.
feed
is analogous to appending: feed (feed t msg1) msg2 = feed t (Cstruct.append msg1 msg2)
.
HMAC operations
val hmac_empty : key:Cstruct.t -> hmac
hmac ~key
is the hmac of the empty string using key key
.
All-in-one
Functions that operate on data stored in a single chunk.
val digest : Cstruct.t -> digest
digest msg
is the digest of msg
.
digest msg = get (feed empty msg)
val hmac : key:Cstruct.t -> Cstruct.t -> digest
hmac ~key bytes
is the authentication code for bytes
under the secret key
, generated using the standard HMAC construction over this hash algorithm.
Functions over iterators
Functions that operate on arbitrary iterators. They can serve as a basis for other, more specialized aggregate hashing operations.
These functions are a little faster than using feed
directly.
feedi t iter =
- (let r = ref t in iter (fun msg -> r := feed !r msg); !r)
diff --git a/doc/mirage-crypto/Mirage_crypto/Hash/SHA1/index.html b/doc/mirage-crypto/Mirage_crypto/Hash/SHA1/index.html
deleted file mode 100644
index 051b488d..00000000
--- a/doc/mirage-crypto/Mirage_crypto/Hash/SHA1/index.html
+++ /dev/null
@@ -1,3 +0,0 @@
-
-SHA1 (mirage-crypto.Mirage_crypto.Hash.SHA1) Module Hash.SHA1
Core operations
val empty : t
empty
is the hash of the empty string.
feed t msg
adds the information in msg
to t
.
feed
is analogous to appending: feed (feed t msg1) msg2 = feed t (Cstruct.append msg1 msg2)
.
HMAC operations
val hmac_empty : key:Cstruct.t -> hmac
hmac ~key
is the hmac of the empty string using key key
.
All-in-one
Functions that operate on data stored in a single chunk.
val digest : Cstruct.t -> digest
digest msg
is the digest of msg
.
digest msg = get (feed empty msg)
val hmac : key:Cstruct.t -> Cstruct.t -> digest
hmac ~key bytes
is the authentication code for bytes
under the secret key
, generated using the standard HMAC construction over this hash algorithm.
Functions over iterators
Functions that operate on arbitrary iterators. They can serve as a basis for other, more specialized aggregate hashing operations.
These functions are a little faster than using feed
directly.
feedi t iter =
- (let r = ref t in iter (fun msg -> r := feed !r msg); !r)
diff --git a/doc/mirage-crypto/Mirage_crypto/Hash/SHA224/index.html b/doc/mirage-crypto/Mirage_crypto/Hash/SHA224/index.html
deleted file mode 100644
index 984ead61..00000000
--- a/doc/mirage-crypto/Mirage_crypto/Hash/SHA224/index.html
+++ /dev/null
@@ -1,3 +0,0 @@
-
-SHA224 (mirage-crypto.Mirage_crypto.Hash.SHA224) Module Hash.SHA224
Core operations
val empty : t
empty
is the hash of the empty string.
feed t msg
adds the information in msg
to t
.
feed
is analogous to appending: feed (feed t msg1) msg2 = feed t (Cstruct.append msg1 msg2)
.
HMAC operations
val hmac_empty : key:Cstruct.t -> hmac
hmac ~key
is the hmac of the empty string using key key
.
All-in-one
Functions that operate on data stored in a single chunk.
val digest : Cstruct.t -> digest
digest msg
is the digest of msg
.
digest msg = get (feed empty msg)
val hmac : key:Cstruct.t -> Cstruct.t -> digest
hmac ~key bytes
is the authentication code for bytes
under the secret key
, generated using the standard HMAC construction over this hash algorithm.
Functions over iterators
Functions that operate on arbitrary iterators. They can serve as a basis for other, more specialized aggregate hashing operations.
These functions are a little faster than using feed
directly.
feedi t iter =
- (let r = ref t in iter (fun msg -> r := feed !r msg); !r)
diff --git a/doc/mirage-crypto/Mirage_crypto/Hash/SHA256/index.html b/doc/mirage-crypto/Mirage_crypto/Hash/SHA256/index.html
deleted file mode 100644
index 938f1f97..00000000
--- a/doc/mirage-crypto/Mirage_crypto/Hash/SHA256/index.html
+++ /dev/null
@@ -1,3 +0,0 @@
-
-SHA256 (mirage-crypto.Mirage_crypto.Hash.SHA256) Module Hash.SHA256
Core operations
val empty : t
empty
is the hash of the empty string.
feed t msg
adds the information in msg
to t
.
feed
is analogous to appending: feed (feed t msg1) msg2 = feed t (Cstruct.append msg1 msg2)
.
HMAC operations
val hmac_empty : key:Cstruct.t -> hmac
hmac ~key
is the hmac of the empty string using key key
.
All-in-one
Functions that operate on data stored in a single chunk.
val digest : Cstruct.t -> digest
digest msg
is the digest of msg
.
digest msg = get (feed empty msg)
val hmac : key:Cstruct.t -> Cstruct.t -> digest
hmac ~key bytes
is the authentication code for bytes
under the secret key
, generated using the standard HMAC construction over this hash algorithm.
Functions over iterators
Functions that operate on arbitrary iterators. They can serve as a basis for other, more specialized aggregate hashing operations.
These functions are a little faster than using feed
directly.
feedi t iter =
- (let r = ref t in iter (fun msg -> r := feed !r msg); !r)
diff --git a/doc/mirage-crypto/Mirage_crypto/Hash/SHA384/index.html b/doc/mirage-crypto/Mirage_crypto/Hash/SHA384/index.html
deleted file mode 100644
index eb646bd8..00000000
--- a/doc/mirage-crypto/Mirage_crypto/Hash/SHA384/index.html
+++ /dev/null
@@ -1,3 +0,0 @@
-
-SHA384 (mirage-crypto.Mirage_crypto.Hash.SHA384) Module Hash.SHA384
Core operations
val empty : t
empty
is the hash of the empty string.
feed t msg
adds the information in msg
to t
.
feed
is analogous to appending: feed (feed t msg1) msg2 = feed t (Cstruct.append msg1 msg2)
.
HMAC operations
val hmac_empty : key:Cstruct.t -> hmac
hmac ~key
is the hmac of the empty string using key key
.
All-in-one
Functions that operate on data stored in a single chunk.
val digest : Cstruct.t -> digest
digest msg
is the digest of msg
.
digest msg = get (feed empty msg)
val hmac : key:Cstruct.t -> Cstruct.t -> digest
hmac ~key bytes
is the authentication code for bytes
under the secret key
, generated using the standard HMAC construction over this hash algorithm.
Functions over iterators
Functions that operate on arbitrary iterators. They can serve as a basis for other, more specialized aggregate hashing operations.
These functions are a little faster than using feed
directly.
feedi t iter =
- (let r = ref t in iter (fun msg -> r := feed !r msg); !r)
diff --git a/doc/mirage-crypto/Mirage_crypto/Hash/SHA512/index.html b/doc/mirage-crypto/Mirage_crypto/Hash/SHA512/index.html
deleted file mode 100644
index 0bd6512c..00000000
--- a/doc/mirage-crypto/Mirage_crypto/Hash/SHA512/index.html
+++ /dev/null
@@ -1,3 +0,0 @@
-
-SHA512 (mirage-crypto.Mirage_crypto.Hash.SHA512) Module Hash.SHA512
Core operations
val empty : t
empty
is the hash of the empty string.
feed t msg
adds the information in msg
to t
.
feed
is analogous to appending: feed (feed t msg1) msg2 = feed t (Cstruct.append msg1 msg2)
.
HMAC operations
val hmac_empty : key:Cstruct.t -> hmac
hmac ~key
is the hmac of the empty string using key key
.
All-in-one
Functions that operate on data stored in a single chunk.
val digest : Cstruct.t -> digest
digest msg
is the digest of msg
.
digest msg = get (feed empty msg)
val hmac : key:Cstruct.t -> Cstruct.t -> digest
hmac ~key bytes
is the authentication code for bytes
under the secret key
, generated using the standard HMAC construction over this hash algorithm.
Functions over iterators
Functions that operate on arbitrary iterators. They can serve as a basis for other, more specialized aggregate hashing operations.
These functions are a little faster than using feed
directly.
feedi t iter =
- (let r = ref t in iter (fun msg -> r := feed !r msg); !r)
diff --git a/doc/mirage-crypto/Mirage_crypto/Hash/index.html b/doc/mirage-crypto/Mirage_crypto/Hash/index.html
deleted file mode 100644
index d4474e58..00000000
--- a/doc/mirage-crypto/Mirage_crypto/Hash/index.html
+++ /dev/null
@@ -1,2 +0,0 @@
-
-Hash (mirage-crypto.Mirage_crypto.Hash) Module Mirage_crypto.Hash
Hashes.
Each algorithm is contained in its own module, with high-level operations accessible through functions that dispatch on code value.
A general (inner) iterator. It applies the provided function to a collection of elements.
For instance:
let iter_k : 'a -> 'a iter = fun x f -> f x
let iter_pair : 'a * 'a -> 'a iter = fun (x, y) f = f x; f y
let iter_list : 'a list -> 'a iter = fun xs f -> List.iter f xs
Hashing algorithms
module type S = sig ... end
A single hash algorithm.
Codes-based interface
val hashes : hash list
hashes
is a list of all implemented hash algorithms.
module_of hash
is the (first-class) module corresponding to the code hash
.
This is the most convenient way to go from a code to a module.
Hash functions
digesti algorithm iter
is algorithm
applied to iter
.
mac algorithm ~key bytes
is the mac algorithm
applied to bytes
under key
.
maci algorithm ~key iter
is the mac algorithm
applied to iter
under key
.
val digest_size : [< hash ] -> int
digest_size algorithm
is the size of the algorithm
in bytes.
diff --git a/doc/mirage-crypto/Mirage_crypto/Hash/module-type-S/index.html b/doc/mirage-crypto/Mirage_crypto/Hash/module-type-S/index.html
deleted file mode 100644
index 42d9c5a3..00000000
--- a/doc/mirage-crypto/Mirage_crypto/Hash/module-type-S/index.html
+++ /dev/null
@@ -1,3 +0,0 @@
-
-S (mirage-crypto.Mirage_crypto.Hash.S) Module type Hash.S
A single hash algorithm.
Core operations
val empty : t
empty
is the hash of the empty string.
feed t msg
adds the information in msg
to t
.
feed
is analogous to appending: feed (feed t msg1) msg2 = feed t (Cstruct.append msg1 msg2)
.
HMAC operations
val hmac_empty : key:Cstruct.t -> hmac
hmac ~key
is the hmac of the empty string using key key
.
All-in-one
Functions that operate on data stored in a single chunk.
val digest : Cstruct.t -> digest
digest msg
is the digest of msg
.
digest msg = get (feed empty msg)
val hmac : key:Cstruct.t -> Cstruct.t -> digest
hmac ~key bytes
is the authentication code for bytes
under the secret key
, generated using the standard HMAC construction over this hash algorithm.
Functions over iterators
Functions that operate on arbitrary iterators. They can serve as a basis for other, more specialized aggregate hashing operations.
These functions are a little faster than using feed
directly.
feedi t iter =
- (let r = ref t in iter (fun msg -> r := feed !r msg); !r)
diff --git a/doc/mirage-crypto/Mirage_crypto/Poly1305/index.html b/doc/mirage-crypto/Mirage_crypto/Poly1305/index.html
index ba238f49..3fd29c6b 100644
--- a/doc/mirage-crypto/Mirage_crypto/Poly1305/index.html
+++ b/doc/mirage-crypto/Mirage_crypto/Poly1305/index.html
@@ -1,2 +1,7 @@
-Poly1305 (mirage-crypto.Mirage_crypto.Poly1305) Module Mirage_crypto.Poly1305
The poly1305 message authentication code
val empty : key:Cstruct.t -> t
empty
is the empty context with the given key
.
val mac : key:Cstruct.t -> Cstruct.t -> mac
mac ~key msg
is the all-in-one mac computation: get (feed (empty ~key) msg)
.
+Poly1305 (mirage-crypto.Mirage_crypto.Poly1305) Module Mirage_crypto.Poly1305
The poly1305 message authentication code
val empty : key:string -> t
empty
is the empty context with the given key
.
val get : t -> string
get t
is the mac corresponding to t
.
mac ~key msg
is the all-in-one mac computation: get (feed (empty ~key) msg)
.
val maci : key:string -> string iter -> string
maci ~key iter
is the all-in-one mac computation: get (feedi (empty ~key) iter)
.
diff --git a/doc/mirage-crypto/Mirage_crypto/index.html b/doc/mirage-crypto/Mirage_crypto/index.html
index a1b2728c..d3e3ab97 100644
--- a/doc/mirage-crypto/Mirage_crypto/index.html
+++ b/doc/mirage-crypto/Mirage_crypto/index.html
@@ -1,2 +1,2 @@
-Mirage_crypto (mirage-crypto.Mirage_crypto) Module Mirage_crypto
Simpler crypto
Mirage-crypto is a cryptographic library.
The overarching API principle is simply mapping inputs to outputs, wherever feasible.
Similar algorithms in the same class (like hashes or block ciphers) are presented as distinct modules sharing the same signature.
The opam package mirage-crypto-rng provides a cryptographically secure pseudo-random number generator, the package mirage-crypto-pk provides public key cryptography.
Hashing
module Hash : sig ... end
Hashes.
module Poly1305 : sig ... end
The poly1305 message authentication code
Symmetric-key cryptography
module type AEAD = sig ... end
Authenticated encryption with associated data.
module Cipher_block : sig ... end
Block ciphers.
module Chacha20 : sig ... end
The ChaCha20 cipher proposed by D.J. Bernstein.
module Cipher_stream : sig ... end
Streaming ciphers.
+Mirage_crypto (mirage-crypto.Mirage_crypto) Module Mirage_crypto
Simpler crypto
Mirage-crypto is a cryptographic library.
The overarching API principle is simply mapping inputs to outputs, wherever feasible.
Similar algorithms in the same class (like hashes or block ciphers) are presented as distinct modules sharing the same signature.
The opam package mirage-crypto-rng provides a cryptographically secure pseudo-random number generator, the package mirage-crypto-pk provides public key cryptography.
module Poly1305 : sig ... end
The poly1305 message authentication code
Symmetric-key cryptography
module type AEAD = sig ... end
Authenticated encryption with associated data.
Block ciphers.
Each algorithm, and each mode of operation, is contained in its own separate module.
module Block : sig ... end
Module types for various block cipher modes of operation.
module AES : sig ... end
module DES : sig ... end
Operations using non-portable, hardware-dependent implementation in this build of the library.
module Chacha20 : sig ... end
The ChaCha20 cipher proposed by D.J. Bernstein.
module type Stream = sig ... end
General stream cipher type.
diff --git a/doc/mirage-crypto/Mirage_crypto/module-type-AEAD/index.html b/doc/mirage-crypto/Mirage_crypto/module-type-AEAD/index.html
index 6195e25a..834c83b7 100644
--- a/doc/mirage-crypto/Mirage_crypto/module-type-AEAD/index.html
+++ b/doc/mirage-crypto/Mirage_crypto/module-type-AEAD/index.html
@@ -1,23 +1,43 @@
-AEAD (mirage-crypto.Mirage_crypto.AEAD) Module type Mirage_crypto.AEAD
Authenticated encryption with associated data.
This defines a uniform interface of symmetrics cryptographic algorithms which encrypt, and also protect the integrity of the data. Additional data, only used for integrity protection, not encrypted and not part of the ciphertext, can be passed in optionally. This prevents the same ciphertext being used at a different location. See RFC 5116 for further description.
val of_secret : Cstruct.t -> key
of_secret secret
constructs the encryption key corresponding to secret
.
Authenticated encryption and decryption with inline tag
val authenticate_encrypt :
+AEAD (mirage-crypto.Mirage_crypto.AEAD) Module type Mirage_crypto.AEAD
Authenticated encryption with associated data.
This defines a uniform interface of symmetrics cryptographic algorithms which encrypt, and also protect the integrity of the data. Additional data, only used for integrity protection, not encrypted and not part of the ciphertext, can be passed in optionally. This prevents the same ciphertext being used at a different location. See RFC 5116 for further description.
val of_secret : string -> key
of_secret secret
constructs the encryption key corresponding to secret
.
Authenticated encryption and decryption with inline tag
val authenticate_encrypt :
key:key ->
- nonce:Cstruct.t ->
- ?adata:Cstruct.t ->
- Cstruct.t ->
- Cstruct.t
authenticate_encrypt ~key ~nonce ~adata msg
encrypts msg
with key
and nonce
, and appends an authentication tag computed over the encrypted msg
, using key
, nonce
, and adata
.
authenticate_encrypt ~key ~nonce ~adata msg
encrypts msg
with key
and nonce
, and appends an authentication tag computed over the encrypted msg
, using key
, nonce
, and adata
.
val authenticate_decrypt :
key:key ->
- nonce:Cstruct.t ->
- ?adata:Cstruct.t ->
- Cstruct.t ->
- Cstruct.t option
authenticate_decrypt ~key ~nonce ~adata msg
splits msg
into encrypted data and authentication tag, computes the authentication tag using key
, nonce
, and adata
, and decrypts the encrypted data. If the authentication tags match, the decrypted data is returned.
Authenticated encryption and decryption with tag provided separately
authenticate_decrypt ~key ~nonce ~adata msg
splits msg
into encrypted data and authentication tag, computes the authentication tag using key
, nonce
, and adata
, and decrypts the encrypted data. If the authentication tags match, the decrypted data is returned.
Authenticated encryption and decryption with tag provided separately
val authenticate_encrypt_tag :
key:key ->
- nonce:Cstruct.t ->
- ?adata:Cstruct.t ->
- Cstruct.t ->
- Cstruct.t * Cstruct.t
authenticate_encrypt_tag ~key ~nonce ~adata msg
encrypts msg
with key
and nonce
. The computed authentication tag is returned separately as second part of the tuple.
authenticate_encrypt_tag ~key ~nonce ~adata msg
encrypts msg
with key
and nonce
. The computed authentication tag is returned separately as second part of the tuple.
val authenticate_decrypt_tag :
key:key ->
- nonce:Cstruct.t ->
- ?adata:Cstruct.t ->
- tag:Cstruct.t ->
- Cstruct.t ->
- Cstruct.t option
authenticate_decrypt ~key ~nonce ~adata ~tag msg
computes the authentication tag using key
, nonce
, and adata
, and decrypts the encrypted data. If the authentication tags match, the decrypted data is returned.
+ nonce:string ->
+ ?adata:string ->
+ tag:string ->
+ string ->
+ string option
authenticate_decrypt ~key ~nonce ~adata ~tag msg
computes the authentication tag using key
, nonce
, and adata
, and decrypts the encrypted data. If the authentication tags match, the decrypted data is returned.
Authenticated encryption and decryption into existing buffers
val authenticate_encrypt_into :
+ key:key ->
+ nonce:string ->
+ ?adata:string ->
+ string ->
+ src_off:int ->
+ bytes ->
+ dst_off:int ->
+ tag_off:int ->
+ int ->
+ unit
authenticate_encrypt_into ~key ~nonce ~adata msg ~src_off dst ~dst_off ~tag_off len
encrypts len
bytes of msg
starting at src_off
with key
and nonce
. The output is put into dst
at dst_off
, the tag into dst
at tag_off
.
val authenticate_decrypt_into :
+ key:key ->
+ nonce:string ->
+ ?adata:string ->
+ string ->
+ src_off:int ->
+ tag_off:int ->
+ bytes ->
+ dst_off:int ->
+ int ->
+ bool
authenticate_decrypt_into ~key ~nonce ~adata msg ~src_off ~tag_off dst ~dst_off len
computes the authentication tag using key
, nonce
, and adata
, and decrypts the len
bytes encrypted data from msg
starting at src_off
into dst
starting at dst_off
. If the authentication tags match, true
is returned, and the decrypted data is in dst
.
diff --git a/doc/mirage-crypto/Mirage_crypto/module-type-Stream/index.html b/doc/mirage-crypto/Mirage_crypto/module-type-Stream/index.html
new file mode 100644
index 00000000..49d1869d
--- /dev/null
+++ b/doc/mirage-crypto/Mirage_crypto/module-type-Stream/index.html
@@ -0,0 +1,2 @@
+
+Stream (mirage-crypto.Mirage_crypto.Stream) Module type Mirage_crypto.Stream
General stream cipher type.
val of_secret : string -> key
diff --git a/doc/mirage-crypto/index.html b/doc/mirage-crypto/index.html
index ecb134c6..5a5a6921 100644
--- a/doc/mirage-crypto/index.html
+++ b/doc/mirage-crypto/index.html
@@ -1,2 +1,2 @@
-index (mirage-crypto.index) mirage-crypto index
Library mirage-crypto
The entry point of this library is the module: Mirage_crypto
.
+index (mirage-crypto.index) mirage-crypto index
Library mirage-crypto
The entry point of this library is the module: Mirage_crypto
.
diff --git a/doc/odoc.support/odoc.css b/doc/odoc.support/odoc.css
index c23517ba..71148de3 100644
--- a/doc/odoc.support/odoc.css
+++ b/doc/odoc.support/odoc.css
@@ -1,7 +1,7 @@
@charset "UTF-8";
/* Copyright (c) 2016 The odoc contributors. All rights reserved.
Distributed under the ISC license, see terms at the end of the file.
- odoc 2.4.1 */
+ odoc 2.4.2 */
/* Fonts */
/* noticia-text-regular - latin */