From c1e96c54bf55636b08799a5cbbb9316270fe03b0 Mon Sep 17 00:00:00 2001 From: Hannes Mehnert Date: Tue, 5 Mar 2024 22:47:56 +0100 Subject: [PATCH 01/14] mirage-crypto-rng: use string instead of cstruct across pk, ec, rng: use digestif instead of Mirage_crypto.Hash --- bench/speed.ml | 44 ++++----- ec/dune | 2 +- ec/mirage_crypto_ec.ml | 47 +++++----- ec/mirage_crypto_ec.mli | 2 +- mirage-crypto-ec.opam | 1 + mirage-crypto-pk.opam | 3 +- mirage-crypto-rng-eio.opam | 1 - mirage-crypto-rng-mirage.opam | 1 - mirage-crypto-rng.opam | 4 +- pk/dsa.ml | 6 +- pk/mirage_crypto_pk.mli | 15 +-- pk/rsa.ml | 125 +++++++++++++++++-------- pk/z_extra.ml | 6 +- rng/dune | 2 +- rng/eio/dune | 2 +- rng/entropy.ml | 40 ++++---- rng/fortuna.ml | 39 ++++---- rng/hmac_drbg.ml | 44 +++++---- rng/lwt/mirage_crypto_rng_lwt.ml | 4 +- rng/mirage/dune | 4 +- rng/mirage/mirage_crypto_rng_mirage.ml | 2 +- rng/mirage_crypto_rng.mli | 32 +++---- rng/rng.ml | 6 +- rng/unix/mc_getrandom_stubs.c | 4 +- rng/unix/mirage_crypto_rng_unix.ml | 12 +-- rng/unix/mirage_crypto_rng_unix.mli | 2 +- tests/dune | 14 +-- tests/test_common_random.ml | 3 - tests/test_dsa.ml | 89 +++++++++--------- tests/test_ec.ml | 82 ++++++++-------- tests/test_entropy.ml | 14 +-- tests/test_entropy_collection.ml | 5 +- tests/test_numeric.ml | 2 +- tests/test_random_runner.ml | 41 ++++---- tests/test_rsa.ml | 106 +++++++++++++-------- 35 files changed, 437 insertions(+), 369 deletions(-) delete mode 100644 tests/test_common_random.ml diff --git a/bench/speed.ml b/bench/speed.ml index b446cd8f..cb6b24ef 100644 --- a/bench/speed.ml +++ b/bench/speed.ml @@ -28,7 +28,7 @@ let sizes = [16; 64; 256; 1024; 8192] (* let sizes = [16] *) let burn f n = - let cs = Mirage_crypto_rng.generate n in + let cs = Cstruct.of_string (Mirage_crypto_rng.generate n) in let (t1, i1) = let rec loop it = let t = Time.time ~n:it f cs in @@ -78,7 +78,7 @@ let msg_str_32 = String.sub msg_str 0 32 let msg_str_48 = String.sub msg_str 0 48 let msg_str_65 = String.sub msg_str 0 65 -module PSS = Mirage_crypto_pk.Rsa.PSS(Mirage_crypto.Hash.SHA256) +module PSS = Mirage_crypto_pk.Rsa.PSS(Digestif.SHA256) let rsa_1024 = let p = Z.of_string "10798561676627454710140432432014696449593673631094049392368450463276546091610832740190717321579865870896133380991892468262437092547408603618427685009427773" @@ -356,60 +356,60 @@ let benchmarks = [ fst ecdh_shares); bm "chacha20-poly1305" (fun name -> - let key = Mirage_crypto.Chacha20.of_secret (Mirage_crypto_rng.generate 32) - and nonce = Mirage_crypto_rng.generate 8 in + let key = Mirage_crypto.Chacha20.of_secret (Cstruct.of_string (Mirage_crypto_rng.generate 32)) + and nonce = Cstruct.of_string (Mirage_crypto_rng.generate 8) in throughput name (Mirage_crypto.Chacha20.authenticate_encrypt ~key ~nonce)) ; bm "aes-128-ecb" (fun name -> - let key = AES.ECB.of_secret (Mirage_crypto_rng.generate 16) in + let key = AES.ECB.of_secret (Cstruct.of_string (Mirage_crypto_rng.generate 16)) in throughput name (fun cs -> AES.ECB.encrypt ~key cs)) ; bm "aes-128-cbc-e" (fun name -> - let key = AES.CBC.of_secret (Mirage_crypto_rng.generate 16) - and iv = Mirage_crypto_rng.generate 16 in + let key = AES.CBC.of_secret (Cstruct.of_string (Mirage_crypto_rng.generate 16)) + and iv = Cstruct.of_string (Mirage_crypto_rng.generate 16) in throughput name (fun cs -> AES.CBC.encrypt ~key ~iv cs)) ; bm "aes-128-cbc-d" (fun name -> - let key = AES.CBC.of_secret (Mirage_crypto_rng.generate 16) - and iv = Mirage_crypto_rng.generate 16 in + let key = AES.CBC.of_secret (Cstruct.of_string (Mirage_crypto_rng.generate 16)) + and iv = Cstruct.of_string (Mirage_crypto_rng.generate 16) in throughput name (fun cs -> AES.CBC.decrypt ~key ~iv cs)) ; bm "aes-128-ctr" (fun name -> - let key = Mirage_crypto_rng.generate 16 |> AES.CTR.of_secret - and ctr = Mirage_crypto_rng.generate 16 |> AES.CTR.ctr_of_cstruct in + let key = Mirage_crypto_rng.generate 16 |> Cstruct.of_string |> AES.CTR.of_secret + and ctr = Mirage_crypto_rng.generate 16 |> Cstruct.of_string |> AES.CTR.ctr_of_cstruct in throughput name (fun cs -> AES.CTR.encrypt ~key ~ctr cs)) ; bm "aes-128-gcm" (fun name -> - let key = AES.GCM.of_secret (Mirage_crypto_rng.generate 16) - and nonce = Mirage_crypto_rng.generate 12 in + let key = AES.GCM.of_secret (Cstruct.of_string (Mirage_crypto_rng.generate 16)) + and nonce = Cstruct.of_string (Mirage_crypto_rng.generate 12) in throughput name (fun cs -> AES.GCM.authenticate_encrypt ~key ~nonce cs)); bm "aes-128-ghash" (fun name -> - let key = AES.GCM.of_secret (Mirage_crypto_rng.generate 16) - and nonce = Mirage_crypto_rng.generate 12 in + let key = AES.GCM.of_secret (Cstruct.of_string (Mirage_crypto_rng.generate 16)) + and nonce = Cstruct.of_string (Mirage_crypto_rng.generate 12) in throughput name (fun cs -> AES.GCM.authenticate_encrypt ~key ~nonce ~adata:cs Cstruct.empty)); bm "aes-128-ccm" (fun name -> - let key = AES.CCM16.of_secret (Mirage_crypto_rng.generate 16) - and nonce = Mirage_crypto_rng.generate 10 in + let key = AES.CCM16.of_secret (Cstruct.of_string (Mirage_crypto_rng.generate 16)) + and nonce = Cstruct.of_string (Mirage_crypto_rng.generate 10) in throughput name (fun cs -> AES.CCM16.authenticate_encrypt ~key ~nonce cs)); bm "aes-192-ecb" (fun name -> - let key = AES.ECB.of_secret (Mirage_crypto_rng.generate 24) in + let key = AES.ECB.of_secret (Cstruct.of_string (Mirage_crypto_rng.generate 24)) in throughput name (fun cs -> AES.ECB.encrypt ~key cs)) ; bm "aes-256-ecb" (fun name -> - let key = AES.ECB.of_secret (Mirage_crypto_rng.generate 32) in + let key = AES.ECB.of_secret (Cstruct.of_string (Mirage_crypto_rng.generate 32)) in throughput name (fun cs -> AES.ECB.encrypt ~key cs)) ; bm "d3des-ecb" (fun name -> - let key = DES.ECB.of_secret (Mirage_crypto_rng.generate 24) in + let key = DES.ECB.of_secret (Cstruct.of_string (Mirage_crypto_rng.generate 24)) in throughput name (fun cs -> DES.ECB.encrypt ~key cs)) ; bm "fortuna" (fun name -> let open Mirage_crypto_rng.Fortuna in let g = create () in - reseed ~g (Cstruct.of_string "abcd") ; + reseed ~g "abcd" ; throughput name (fun cs -> generate ~g (Cstruct.length cs))) ; bm "md5" (fun name -> throughput name MD5.digest) ; @@ -434,7 +434,7 @@ let runv fs = let () = - let seed = Cstruct.of_string "abcd" in + let seed = "abcd" in let g = Mirage_crypto_rng.(create ~seed (module Fortuna)) in Mirage_crypto_rng.set_default_generator g; match Array.to_list Sys.argv with diff --git a/ec/dune b/ec/dune index 62216a12..098548ff 100644 --- a/ec/dune +++ b/ec/dune @@ -1,7 +1,7 @@ (library (name mirage_crypto_ec) (public_name mirage-crypto-ec) - (libraries eqaf mirage-crypto mirage-crypto-rng) + (libraries eqaf mirage-crypto mirage-crypto-rng digestif) (foreign_stubs (language c) (names p256_stubs np256_stubs p384_stubs np384_stubs p521_stubs np521_stubs diff --git a/ec/mirage_crypto_ec.ml b/ec/mirage_crypto_ec.ml index c904941d..9798884b 100644 --- a/ec/mirage_crypto_ec.ml +++ b/ec/mirage_crypto_ec.ml @@ -59,7 +59,7 @@ module type Dsa = sig val generate : ?g:Mirage_crypto_rng.g -> unit -> priv * pub val sign : key:priv -> ?k:string -> string -> string * string val verify : key:pub -> string * string -> string -> bool - module K_gen (H : Mirage_crypto.Hash.S) : sig + module K_gen (H : Digestif.S) : sig val generate : key:priv -> string -> string end module Precompute : sig @@ -270,7 +270,7 @@ module Make_point (P : Parameters) (F : Foreign) : Point = struct | exception Invalid_argument _ -> None | false -> Some (Fe.from_be_octets buf) - (** Convert cstruct coordinates to a finite point ensuring: + (** Convert coordinates to a finite point ensuring: - x < p - y < p - y^2 = ax^3 + ax + b @@ -507,7 +507,7 @@ module Make_dh (Param : Parameters) (P : Point) (S : Scalar) : Dh = struct | Error _ as e -> e let rec generate_private_key ?g () = - let candidate = Cstruct.to_string (Mirage_crypto_rng.generate ?g Param.byte_length) in + let candidate = Mirage_crypto_rng.generate ?g Param.byte_length in match S.of_octets candidate with | Ok secret -> secret | Error _ -> generate_private_key ?g () @@ -594,7 +594,7 @@ module Make_Fn (P : Parameters) (F : Foreign_n) : Fn = struct b_uts tmp end -module Make_dsa (Param : Parameters) (F : Fn) (P : Point) (S : Scalar) (H : Mirage_crypto.Hash.S) = struct +module Make_dsa (Param : Parameters) (F : Fn) (P : Point) (S : Scalar) (H : Digestif.S) = struct type priv = scalar let byte_length = Param.byte_length @@ -621,20 +621,20 @@ module Make_dsa (Param : Parameters) (F : Fn) (P : Point) (S : Scalar) (H : Mira Bytes.unsafe_to_string res ) (* RFC 6979: compute a deterministic k *) - module K_gen (H : Mirage_crypto.Hash.S) = struct + module K_gen (H : Digestif.S) = struct let drbg : 'a Mirage_crypto_rng.generator = let module M = Mirage_crypto_rng.Hmac_drbg (H) in (module M) let g ~key msg = let g = Mirage_crypto_rng.create ~strict:true drbg in Mirage_crypto_rng.reseed ~g - (Cstruct.of_string (String.concat "" [ S.to_octets key ; msg ])); + (String.concat "" [ S.to_octets key ; msg ]); g (* take qbit length, and ensure it is suitable for ECDSA (> 0 & < n) *) let gen g = let rec go () = - let r = Cstruct.to_string (Mirage_crypto_rng.generate ~g Param.byte_length) in + let r = Mirage_crypto_rng.generate ~g Param.byte_length in if S.is_in_range r then r else go () in go () @@ -654,7 +654,7 @@ module Make_dsa (Param : Parameters) (F : Fn) (P : Point) (S : Scalar) (H : Mira (* FIPS 186-4 B 4.2 *) let d = let rec one () = - match S.of_octets (Cstruct.to_string (Mirage_crypto_rng.generate ?g Param.byte_length)) with + match S.of_octets (Mirage_crypto_rng.generate ?g Param.byte_length) with | Ok x -> x | Error _ -> one () in @@ -794,7 +794,7 @@ module P256 : Dh_dsa = struct module S = Make_scalar(Params)(P) module Dh = Make_dh(Params)(P)(S) module Fn = Make_Fn(Params)(Foreign_n) - module Dsa = Make_dsa(Params)(Fn)(P)(S)(Mirage_crypto.Hash.SHA256) + module Dsa = Make_dsa(Params)(Fn)(P)(S)(Digestif.SHA256) end module P384 : Dh_dsa = struct @@ -845,7 +845,7 @@ module P384 : Dh_dsa = struct module S = Make_scalar(Params)(P) module Dh = Make_dh(Params)(P)(S) module Fn = Make_Fn(Params)(Foreign_n) - module Dsa = Make_dsa(Params)(Fn)(P)(S)(Mirage_crypto.Hash.SHA384) + module Dsa = Make_dsa(Params)(Fn)(P)(S)(Digestif.SHA384) end module P521 : Dh_dsa = struct @@ -897,7 +897,7 @@ module P521 : Dh_dsa = struct module S = Make_scalar(Params)(P) module Dh = Make_dh(Params)(P)(S) module Fn = Make_Fn(Params)(Foreign_n) - module Dsa = Make_dsa(Params)(Fn)(P)(S)(Mirage_crypto.Hash.SHA512) + module Dsa = Make_dsa(Params)(Fn)(P)(S)(Digestif.SHA512) end module X25519 = struct @@ -918,7 +918,7 @@ module X25519 = struct let public priv = scalar_mult priv basepoint let gen_key ?compress:_ ?g () = - let secret = Cstruct.to_string (Mirage_crypto_rng.generate ?g key_len) in + let secret = Mirage_crypto_rng.generate ?g key_len in secret, public secret let secret_of_octets ?compress:_ s = @@ -971,10 +971,12 @@ module Ed25519 = struct let public secret = (* section 5.1.5 *) (* step 1 *) - let h = Mirage_crypto.Hash.SHA512.digest (Cstruct.of_string secret) in + let h = Digestif.SHA512.(digest_string secret |> to_raw_string) in (* step 2 *) - let s, rest = Cstruct.split h key_len in - let s, rest = Cstruct.to_bytes s, Cstruct.to_string rest in + let s, rest = + Bytes.of_string (String.sub h 0 key_len), + String.sub h key_len (String.length h - key_len) + in Bytes.set_uint8 s 0 ((Bytes.get_uint8 s 0) land 248); Bytes.set_uint8 s 31 (((Bytes.get_uint8 s 31) land 127) lor 64); let s = Bytes.unsafe_to_string s in @@ -1001,19 +1003,19 @@ module Ed25519 = struct let pub_to_octets pub = pub let generate ?g () = - let secret = Cstruct.to_string (Mirage_crypto_rng.generate ?g key_len) in + let secret = Mirage_crypto_rng.generate ?g key_len in secret, pub_of_priv secret let sign ~key msg = (* section 5.1.6 *) let pub, (s, prefix) = public key in - let r = Mirage_crypto.Hash.SHA512.digest (Cstruct.of_string (String.concat "" [ prefix; msg ])) in - let r = Cstruct.to_bytes r in + let r = Digestif.SHA512.(digest_string (String.concat "" [ prefix; msg ]) |> to_raw_string) in + let r = Bytes.unsafe_of_string r in reduce_l r; let r = Bytes.unsafe_to_string r in let r_big = scalar_mult_base_to_bytes r in - let k = Mirage_crypto.Hash.SHA512.digest (Cstruct.of_string (String.concat "" [ r_big; pub; msg])) in - let k = Cstruct.to_bytes k in + let k = Digestif.SHA512.(digest_string (String.concat "" [ r_big; pub; msg]) |> to_raw_string) in + let k = Bytes.unsafe_of_string k in reduce_l k; let k = Bytes.unsafe_to_string k in let s_out = muladd k s r in @@ -1040,10 +1042,9 @@ module Ed25519 = struct in if s_smaller_l then begin let k = - let data_to_hash = String.concat "" [ r ; key ; msg ] in - Mirage_crypto.Hash.SHA512.digest (Cstruct.of_string data_to_hash) + Digestif.SHA512.(digest_string (String.concat "" [ r ; key ; msg ]) |> to_raw_string) in - let k = Cstruct.to_bytes k in + let k = Bytes.unsafe_of_string k in reduce_l k; let k = Bytes.unsafe_to_string k in let success, r' = double_scalar_mult k key s in diff --git a/ec/mirage_crypto_ec.mli b/ec/mirage_crypto_ec.mli index d2a31403..033a4033 100644 --- a/ec/mirage_crypto_ec.mli +++ b/ec/mirage_crypto_ec.mli @@ -129,7 +129,7 @@ module type Dsa = sig (** [K_gen] can be instantiated over a hashing module to obtain an RFC6979 compliant [k]-generator for that hash. *) - module K_gen (H : Mirage_crypto.Hash.S) : sig + module K_gen (H : Digestif.S) : sig val generate : key:priv -> string -> string (** [generate ~key digest] deterministically takes the given private key diff --git a/mirage-crypto-ec.opam b/mirage-crypto-ec.opam index 80309315..e599c2ef 100644 --- a/mirage-crypto-ec.opam +++ b/mirage-crypto-ec.opam @@ -31,6 +31,7 @@ depends: [ "eqaf" {>= "0.7"} "mirage-crypto" {=version} "mirage-crypto-rng" {=version} + "digestif" {>= "1.1.4"} "hex" {with-test} "alcotest" {with-test & >= "0.8.1"} "ppx_deriving_yojson" {with-test} diff --git a/mirage-crypto-pk.opam b/mirage-crypto-pk.opam index d3aa3dca..2edce658 100644 --- a/mirage-crypto-pk.opam +++ b/mirage-crypto-pk.opam @@ -17,9 +17,10 @@ depends: [ "ocaml" {>= "4.08.0"} "dune" {>= "2.7"} "ounit2" {with-test} - "randomconv" {with-test & >= "0.1.3"} + "randomconv" {with-test & >= "0.2.0"} "mirage-crypto" {=version} "mirage-crypto-rng" {=version} + "digestif" {>= "1.1.4"} "zarith" {>= "1.13"} "eqaf" {>= "0.8"} ] diff --git a/mirage-crypto-rng-eio.opam b/mirage-crypto-rng-eio.opam index ec9fcaa2..c1fb8b33 100644 --- a/mirage-crypto-rng-eio.opam +++ b/mirage-crypto-rng-eio.opam @@ -16,7 +16,6 @@ depends: [ "ocaml" {>= "5.0.0"} "dune" {>= "2.7"} "eio" {>= "0.12"} - "cstruct" {>= "6.0.0"} "logs" "mirage-crypto-rng" {=version} "duration" diff --git a/mirage-crypto-rng-mirage.opam b/mirage-crypto-rng-mirage.opam index 0c5872eb..b22480ef 100644 --- a/mirage-crypto-rng-mirage.opam +++ b/mirage-crypto-rng-mirage.opam @@ -17,7 +17,6 @@ depends: [ "dune" {>= "2.7"} "mirage-crypto-rng" {=version} "duration" - "cstruct" {>= "4.0.0"} "logs" "lwt" {>= "4.0.0"} "mirage-runtime" {>= "3.8.0"} diff --git a/mirage-crypto-rng.opam b/mirage-crypto-rng.opam index 12c8c551..3b54dde8 100644 --- a/mirage-crypto-rng.opam +++ b/mirage-crypto-rng.opam @@ -17,11 +17,11 @@ depends: [ "dune" {>= "2.7"} "dune-configurator" {>= "2.0.0"} "duration" - "cstruct" {>= "6.0.0"} "logs" "mirage-crypto" {=version} + "digestif" {>= "1.1.4"} "ounit2" {with-test} - "randomconv" {with-test & >= "0.1.3"} + "randomconv" {with-test & >= "0.2.0"} ] conflicts: [ "mirage-runtime" {< "3.8.0"} ] description: """ diff --git a/pk/dsa.ml b/pk/dsa.ml index 856a84ce..352d4318 100644 --- a/pk/dsa.ml +++ b/pk/dsa.ml @@ -82,7 +82,7 @@ let generate ?g size = { p; q; gg; x; y } -module K_gen (H : Mirage_crypto.Hash.S) = struct +module K_gen (H : Digestif.S) = struct let drbg : 'a Mirage_crypto_rng.generator = let module M = Mirage_crypto_rng.Hmac_drbg (H) in (module M) @@ -90,14 +90,14 @@ module K_gen (H : Mirage_crypto.Hash.S) = struct let z_gen ~key:{ q; x; _ } z = let repr = Z_extra.to_octets_be ~size:(Z.numbits q // 8) in let g = Mirage_crypto_rng.create ~strict:true drbg in - Mirage_crypto_rng.reseed ~g (Cstruct.of_string (repr x ^ repr Z.(z mod q))); + Mirage_crypto_rng.reseed ~g (repr x ^ repr Z.(z mod q)); Z_extra.gen_r ~g Z.one q let generate ~key buf = z_gen ~key (Z_extra.of_octets_be ~bits:(Z.numbits key.q) buf) end -module K_gen_sha256 = K_gen (Mirage_crypto.Hash.SHA256) +module K_gen_sha256 = K_gen (Digestif.SHA256) let sign_z ?(mask = `Yes) ?k:k0 ~key:({ p; q; gg; x; _ } as key) z = let k = match k0 with Some k -> k | None -> K_gen_sha256.z_gen ~key z in diff --git a/pk/mirage_crypto_pk.mli b/pk/mirage_crypto_pk.mli index 188551f7..9457b955 100644 --- a/pk/mirage_crypto_pk.mli +++ b/pk/mirage_crypto_pk.mli @@ -187,11 +187,14 @@ module Rsa : sig was produced with the given [key] as per {{!sig_encode}sig_encode}, or [None] *) - val min_key : Mirage_crypto.Hash.hash -> bits + type hash = [ `MD5 | `SHA1 | `SHA224 | `SHA256 | `SHA384 | `SHA512 ] + (** The type of supported hash algorithms. *) + + val min_key : hash -> bits (** [min_key hash] is the minimum key size required by {{!sign}[sign]}. *) val sign : ?crt_hardening:bool -> ?mask:mask -> - hash:Mirage_crypto.Hash.hash -> key:priv -> string or_digest -> + hash:hash -> key:priv -> string or_digest -> string (** [sign ~crt_hardening ~mask ~hash ~key message] is the PKCS 1.5 signature of [message], signed by the [key], using the hash function @@ -205,7 +208,7 @@ module Rsa : sig @raise Invalid_argument if message is a [`Digest] of the wrong size. *) - val verify : hashp:(Mirage_crypto.Hash.hash -> bool) -> key:pub -> + val verify : hashp:(hash -> bool) -> key:pub -> signature:string -> string or_digest -> bool (** [verify ~hashp ~key ~signature message] checks that [signature] is the PKCS 1.5 signature of the [message] under the given [key]. @@ -227,7 +230,7 @@ module Rsa : sig Keys must have a minimum of [2 + 2 * hlen + len(message)] bytes, where [hlen] is the hash length. *) - module OAEP (H : Mirage_crypto.Hash.S) : sig + module OAEP (H : Digestif.S) : sig val encrypt : ?g:Mirage_crypto_rng.g -> ?label:string -> key:pub -> string -> string @@ -253,7 +256,7 @@ module Rsa : sig Keys must have a minimum of [2 + hlen + slen] bytes, where [hlen] is the hash length and [slen] is the seed length. *) - module PSS (H: Mirage_crypto.Hash.S) : sig + module PSS (H: Digestif.S) : sig val sign : ?g:Mirage_crypto_rng.g -> ?crt_hardening:bool -> ?mask:mask -> ?slen:int -> key:priv -> string or_digest -> string @@ -373,7 +376,7 @@ module Dsa : sig (** [K_gen] can be instantiated over a hashing module to obtain an RFC6979 compliant [k]-generator for that hash. *) - module K_gen (H : Mirage_crypto.Hash.S) : sig + module K_gen (H : Digestif.S) : sig val generate : key:priv -> string -> Z.t (** [generate key digest] deterministically takes the given private key and diff --git a/pk/rsa.ml b/pk/rsa.ml index 1c83e420..5a0e2e9c 100644 --- a/pk/rsa.ml +++ b/pk/rsa.ml @@ -12,21 +12,19 @@ let ct_find_uint8 ~default ?off ~f cs = let (&.) f g = fun h -> f (g h) -module Hash = Mirage_crypto.Hash - type 'a or_digest = [ `Message of 'a | `Digest of string ] -module Digest_or (H : Hash.S) = struct +module Digest_or (H : Digestif.S) = struct let digest_or = function - | `Message msg -> Cstruct.to_string (H.digest (Cstruct.of_string msg)) + | `Message msg -> H.(digest_string msg |> to_raw_string) | `Digest digest -> let n = String.length digest and m = H.digest_size in if n = m then digest else invalid_arg "(`Digest _): %d bytes, expecting %d" n m end -let digest_or ~hash = - let module H = (val (Hash.module_of hash)) in +let digest_or (type a) ~(hash : a Digestif.hash) = + let module H = (val Digestif.module_of hash) in let module D = Digest_or (H) in D.digest_or @@ -222,11 +220,11 @@ module PKCS1 = struct and k = let b = Mirage_crypto_rng.block g in (n // b * b) in let rec go nonce i j = if i = n then Bytes.unsafe_to_string buf else - if j = k then go (Cstruct.to_string Mirage_crypto_rng.(generate ?g k)) i 0 else + if j = k then go Mirage_crypto_rng.(generate ?g k) i 0 else match string_get_uint8 nonce j with | b when f b -> Bytes.set_uint8 buf i b ; go nonce (succ i) (succ j) | _ -> go nonce i (succ j) in - go (Cstruct.to_string Mirage_crypto_rng.(generate ?g k)) 0 0 + go Mirage_crypto_rng.(generate ?g k) 0 0 let pad ~mark ~padding k msg = let pad = padding (k - String.length msg - 3 |> imax min_pad) in @@ -273,26 +271,74 @@ module PKCS1 = struct let decrypt ?(crt_hardening = false) ?mask ~key msg = unpadded unpad_02 (decrypt ~crt_hardening ?mask ~key) (priv_bits key) msg - let asns = List.combine Hash.hashes [ - "\x30\x20\x30\x0c\x06\x08\x2a\x86\x48\x86\xf7\x0d\x02\x05\x05\x00\x04\x10" (* md5 *) - ; "\x30\x21\x30\x09\x06\x05\x2b\x0e\x03\x02\x1a\x05\x00\x04\x14" (* sha1 *) - ; "\x30\x2d\x30\x0d\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x04\x05\x00\x04\x1c" (* sha224 *) - ; "\x30\x31\x30\x0d\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x01\x05\x00\x04\x20" (* sha256 *) - ; "\x30\x41\x30\x0d\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x02\x05\x00\x04\x30" (* sha384 *) - ; "\x30\x51\x30\x0d\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x03\x05\x00\x04\x40" (* sha512 *) - ] - - let asn_of_hash hash = try List.assoc hash asns with Not_found -> assert false - (* OCaml 4.13 contains starts_with *) let is_prefix asn msg = String.length msg >= String.length asn && String.equal asn (String.sub msg 0 (String.length asn)) - let detect msg = List.find_opt (fun (_, asn) -> is_prefix asn msg) asns + type hash = [ `MD5 | `SHA1 | `SHA224 | `SHA256 | `SHA384 | `SHA512 ] + + let digestif_or = function + | `MD5 -> digest_or ~hash:Digestif.md5 + | `SHA1 -> digest_or ~hash:Digestif.sha1 + | `SHA224 -> digest_or ~hash:Digestif.sha224 + | `SHA256 -> digest_or ~hash:Digestif.sha256 + | `SHA384 -> digest_or ~hash:Digestif.sha384 + | `SHA512 -> digest_or ~hash:Digestif.sha512 + + let digestif_size = function + | `MD5 -> + let module H = (val Digestif.module_of Digestif.md5) in + H.digest_size + | `SHA1 -> + let module H = (val Digestif.module_of Digestif.sha1) in + H.digest_size + | `SHA224 -> + let module H = (val Digestif.module_of Digestif.sha224) in + H.digest_size + | `SHA256 -> + let module H = (val Digestif.module_of Digestif.sha256) in + H.digest_size + | `SHA384 -> + let module H = (val Digestif.module_of Digestif.sha384) in + H.digest_size + | `SHA512 -> + let module H = (val Digestif.module_of Digestif.sha512) in + H.digest_size + + let asn_of_hash, detect = + let md5 = "\x30\x20\x30\x0c\x06\x08\x2a\x86\x48\x86\xf7\x0d\x02\x05\x05\x00\x04\x10" + and sha1 = "\x30\x21\x30\x09\x06\x05\x2b\x0e\x03\x02\x1a\x05\x00\x04\x14" + and sha224 = "\x30\x2d\x30\x0d\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x04\x05\x00\x04\x1c" + and sha256 = "\x30\x31\x30\x0d\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x01\x05\x00\x04\x20" + and sha384 = "\x30\x41\x30\x0d\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x02\x05\x00\x04\x30" + and sha512 = "\x30\x51\x30\x0d\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x03\x05\x00\x04\x40" + in + (function + | `MD5 -> md5 + | `SHA1 -> sha1 + | `SHA224 -> sha224 + | `SHA256 -> sha256 + | `SHA384 -> sha384 + | `SHA512 -> sha512), + (fun buf -> + if is_prefix md5 buf then + Some (`MD5, md5) + else if is_prefix sha1 buf then + Some (`SHA1, sha1) + else if is_prefix sha224 buf then + Some (`SHA224, sha224) + else if is_prefix sha256 buf then + Some (`SHA256, sha256) + else if is_prefix sha384 buf then + Some (`SHA384, sha384) + else if is_prefix sha512 buf then + Some (`SHA512, sha512) + else + None) let sign ?(crt_hardening = true) ?mask ~hash ~key msg = - let msg' = asn_of_hash hash ^ digest_or ~hash msg in + let msg' = asn_of_hash hash ^ digestif_or hash msg in sig_encode ~crt_hardening ?mask ~key msg' let verify ~hashp ~key ~signature msg = @@ -302,25 +348,25 @@ module PKCS1 = struct Option.value (sig_decode ~key signature >>= fun buf -> detect buf >>| fun (hash, asn) -> - hashp hash && Eqaf.equal (asn ^ digest_or ~hash msg) buf) + hashp hash && Eqaf.equal (asn ^ digestif_or hash msg) buf) ~default:false let min_key hash = - (String.length (asn_of_hash hash) + Hash.digest_size hash + min_pad + 2) * 8 + 1 + (String.length (asn_of_hash hash) + digestif_size hash + min_pad + 2) * 8 + 1 end -module MGF1 (H : Hash.S) = struct +module MGF1 (H : Digestif.S) = struct + let _buf = Bytes.create 4 let repr n = - let cs = Cstruct.create_unsafe 4 in - Cstruct.BE.set_uint32 cs 0 n; - cs + Bytes.set_int32_be _buf 0 n; + Bytes.unsafe_to_string _buf (* Assumes len < 2^32 * H.digest_size. *) let mgf ~seed len = let rec go acc c = function | 0 -> Bytes.sub (Bytes.concat Bytes.empty (List.rev acc)) 0 len - | n -> let h = Cstruct.to_bytes (H.digesti (iter2 (Cstruct.of_string seed) (repr c))) in + | n -> let h = Bytes.unsafe_of_string H.(digesti_string (iter2 seed (repr c)) |> to_raw_string) in go (h :: acc) Int32.(succ c) (pred n) in go [] 0l (len // H.digest_size) @@ -330,7 +376,7 @@ module MGF1 (H : Hash.S) = struct mgf_data end -module OAEP (H : Hash.S) = struct +module OAEP (H : Digestif.S) = struct module MGF = MGF1 (H) @@ -339,9 +385,9 @@ module OAEP (H : Hash.S) = struct let max_msg_bytes k = k - 2 * hlen - 2 let eme_oaep_encode ?g ?(label = "") k msg = - let seed = Cstruct.to_string (Mirage_crypto_rng.generate ?g hlen) + let seed = Mirage_crypto_rng.generate ?g hlen and pad = String.make (max_msg_bytes k - String.length msg) '\x00' in - let db = String.concat "" [ Cstruct.to_string (H.digest (Cstruct.of_string label)) ; pad ; bx01 ; msg ] in + let db = String.concat "" [ H.(digest_string label |> to_raw_string) ; pad ; bx01 ; msg ] in let mdb = Bytes.unsafe_to_string (MGF.mask ~seed db) in let mseed = Bytes.unsafe_to_string (MGF.mask ~seed:mdb seed) in String.concat "" [ bx00 ; mseed ; mdb ] @@ -353,7 +399,7 @@ module OAEP (H : Hash.S) = struct in let db = Bytes.unsafe_to_string (MGF.mask ~seed:(Bytes.unsafe_to_string (MGF.mask ~seed:mdb ms)) mdb) in let i = ct_find_uint8 ~default:0 ~off:hlen ~f:((<>) 0x00) db in - let c1 = Eqaf.equal (String.sub db 0 hlen) (Cstruct.to_string H.(digest (Cstruct.of_string label))) + let c1 = Eqaf.equal (String.sub db 0 hlen) H.(digest_string label |> to_raw_string) and c2 = string_get_uint8 b0 0 = 0x00 and c3 = string_get_uint8 db i = 0x01 in if c1 && c2 && c3 then Some (String.sub db (i + 1) (String.length db - i - 1)) else None @@ -376,7 +422,7 @@ module OAEP (H : Hash.S) = struct (* XXX expose seed for deterministic testing? *) end -module PSS (H: Hash.S) = struct +module PSS (H: Digestif.S) = struct module MGF = MGF1 (H) module H1 = Digest_or (H) @@ -386,18 +432,19 @@ module PSS (H: Hash.S) = struct let b0mask embits = 0xff lsr ((8 - embits mod 8) mod 8) - let zero_8 = Cstruct.create 8 + let zero_8 = String.make 8 '\x00' - let digest ~salt msg = H.digesti @@ iter3 zero_8 (Cstruct.of_string (H1.digest_or msg)) salt + let digest ~salt msg = + H.to_raw_string @@ H.digesti_string @@ iter3 zero_8 (H1.digest_or msg) salt let emsa_pss_encode ?g slen emlen msg = let n = emlen // 8 and salt = Mirage_crypto_rng.generate ?g slen in let h = digest ~salt msg in - let db = String.concat "" [ String.make (n - slen - hlen - 2) '\x00' ; bx01 ; Cstruct.to_string salt ] in - let mdb = MGF.mask ~seed:(Cstruct.to_string h) db in + let db = String.concat "" [ String.make (n - slen - hlen - 2) '\x00' ; bx01 ; salt ] in + let mdb = MGF.mask ~seed:h db in Bytes.set_uint8 mdb 0 @@ Bytes.get_uint8 mdb 0 land b0mask emlen ; - String.concat "" [ Bytes.unsafe_to_string mdb ; Cstruct.to_string h ; bxbc ] + String.concat "" [ Bytes.unsafe_to_string mdb ; h ; bxbc ] let emsa_pss_verify slen emlen em msg = let mdb = String.sub em 0 (String.length em - hlen - 1) @@ -408,7 +455,7 @@ module PSS (H: Hash.S) = struct Bytes.set_uint8 db 0 (Bytes.get_uint8 db 0 land b0mask emlen) ; let db = Bytes.unsafe_to_string db in let salt = String.sub db (String.length db - slen) slen in - let h' = Cstruct.to_string (digest ~salt:(Cstruct.of_string salt) msg) + let h' = digest ~salt:salt msg and i = ct_find_uint8 ~default:0 ~f:((<>) 0x00) db in let c1 = lnot (b0mask emlen) land string_get_uint8 mdb 0 = 0x00 and c2 = i = String.length em - hlen - slen - 2 diff --git a/pk/z_extra.ml b/pk/z_extra.ml index 1536b181..ece5c53e 100644 --- a/pk/z_extra.ml +++ b/pk/z_extra.ml @@ -103,8 +103,8 @@ let gen ?g n = if String.length buf >= octets then let x = of_octets_be ~bits buf in if x < n then x else attempt (String.sub buf octets (String.length buf - octets)) - else attempt (Cstruct.to_string (Mirage_crypto_rng.generate ?g batch)) in - attempt (Cstruct.to_string (Mirage_crypto_rng.generate ?g batch)) + else attempt (Mirage_crypto_rng.generate ?g batch) in + attempt (Mirage_crypto_rng.generate ?g batch) let rec gen_r ?g a b = if Mirage_crypto_rng.strict g then @@ -126,7 +126,7 @@ let set_msb bits buf = go bits 0 let gen_bits ?g ?(msb = 0) bits = - let res = Cstruct.to_bytes (Mirage_crypto_rng.generate ?g (bits // 8)) in + let res = Bytes.unsafe_of_string (Mirage_crypto_rng.generate ?g (bits // 8)) in set_msb msb res ; of_octets_be ~bits (Bytes.unsafe_to_string res) diff --git a/rng/dune b/rng/dune index dd7753b1..e70f9743 100644 --- a/rng/dune +++ b/rng/dune @@ -1,5 +1,5 @@ (library (name mirage_crypto_rng) (public_name mirage-crypto-rng) - (libraries cstruct mirage-crypto) + (libraries mirage-crypto digestif) (private_modules entropy fortuna hmac_drbg rng)) diff --git a/rng/eio/dune b/rng/eio/dune index b15aa92a..d268ef83 100644 --- a/rng/eio/dune +++ b/rng/eio/dune @@ -1,4 +1,4 @@ (library (name mirage_crypto_rng_eio) (public_name mirage-crypto-rng-eio) - (libraries eio cstruct logs mirage-crypto-rng duration mtime)) + (libraries eio logs mirage-crypto-rng duration mtime)) diff --git a/rng/entropy.ml b/rng/entropy.ml index f7daca7e..44851564 100644 --- a/rng/entropy.ml +++ b/rng/entropy.ml @@ -70,14 +70,14 @@ let random preferred = | y::_ -> Some y let write_header source data = - Cstruct.set_uint8 data 0 source; - Cstruct.set_uint8 data 1 (Cstruct.length data - 2) + Bytes.set_uint8 data 0 source; + Bytes.set_uint8 data 1 (Bytes.length data - 2) let header source data = - let hdr = Cstruct.create 2 in - let buf = Cstruct.append hdr data in - write_header source buf; - buf + let hdr = Bytes.create (2 + String.length data) in + Bytes.unsafe_blit_string data 0 hdr 2 (String.length data); + write_header source hdr; + Bytes.unsafe_to_string hdr (* Note: * `bootstrap` is not a simple feedback loop. It attempts to exploit CPU-level @@ -90,16 +90,16 @@ let whirlwind_bootstrap id = and inner_max = 1024 and a = ref 0 in - let cs = Cstruct.create (outer * 2 + 2) in + let buf = Bytes.create (outer * 2 + 2) in for i = 0 to outer - 1 do let tsc = Cpu_native.cycles () in - Cstruct.LE.set_uint16 cs ((i + 1) * 2) tsc; + Bytes.set_uint16_le buf ((i + 1) * 2) tsc; for j = 1 to tsc mod inner_max do a := tsc / j - !a * i + 1 done done; - write_header id cs; - cs + write_header id buf; + Bytes.unsafe_to_string buf let cpu_rng_bootstrap = match random `Rdseed with @@ -108,10 +108,10 @@ let cpu_rng_bootstrap = let cpu_rng_bootstrap id = let r = cpu_rng insn () in if r = 0 then failwith "bad CPU RNG value"; - let cs = Cstruct.create 10 in - Cstruct.LE.set_uint64 cs 2 (Int64.of_int r); - write_header id cs; - cs + let buf = Bytes.create 10 in + Bytes.set_int64_le buf 2 (Int64.of_int r); + write_header id buf; + Bytes.unsafe_to_string buf in Ok cpu_rng_bootstrap @@ -122,11 +122,11 @@ let bootstrap id = try cpu_rng_bootstrap id with Failure _ -> whirlwind_bootstrap id let interrupt_hook () = - let buf = Cstruct.create 4 in + let buf = Bytes.create 4 in fun () -> let a = Cpu_native.cycles () in - Cstruct.LE.set_uint32 buf 0 (Int32.of_int a) ; - buf + Bytes.set_int32_le buf 0 (Int32.of_int a) ; + Bytes.unsafe_to_string buf let timer_accumulator g = let g = match g with None -> Some (Rng.default_generator ()) | Some g -> Some g in @@ -152,10 +152,10 @@ let cpu_rng = let s = match insn with `Rdrand -> "rdrand" | `Rdseed -> "rdseed" in register_source s in - let cs = Cstruct.create 8 in + let buf = Bytes.create 8 in let f () = - Cstruct.LE.set_uint64 cs 0 (Int64.of_int (randomf ())); - cs + Bytes.set_int64_le buf 0 (Int64.of_int (randomf ())); + Bytes.unsafe_to_string buf in fun () -> feed_pools g source f in diff --git a/rng/fortuna.ml b/rng/fortuna.ml index 8413771d..80bbd3da 100644 --- a/rng/fortuna.ml +++ b/rng/fortuna.ml @@ -4,13 +4,14 @@ open Mirage_crypto.Uncommon module AES_CTR = Cipher_block.AES.CTR module SHAd256 = struct - open Hash + open Digestif type t = SHA256.t + type ctx = SHA256.ctx let empty = SHA256.empty - let get t = SHA256.(get t |> digest) - let digest x = SHA256.(digest x |> digest) - let digesti i = SHA256.(digesti i |> digest) - let feedi = SHA256.feedi + let get t = SHA256.(get t |> to_raw_string |> digest_string |> to_raw_string) + let digest x = SHA256.(digest_string x |> to_raw_string |> digest_string |> to_raw_string) + let digesti i = SHA256.(digesti_string i |> to_raw_string |> digest_string |> to_raw_string) + let feedi = SHA256.feedi_string end let block = 16 @@ -25,9 +26,9 @@ let pools = 32 (* XXX Locking!! *) type g = { mutable ctr : AES_CTR.ctr - ; mutable secret : Cstruct.t + ; mutable secret : string ; mutable key : AES_CTR.key - ; pools : SHAd256.t array + ; pools : SHAd256.ctx array ; mutable pool0_size : int ; mutable reseed_count : int ; mutable last_reseed : int64 @@ -35,10 +36,10 @@ type g = } let create ?time () = - let k = Cstruct.create 32 in + let k = String.make 32 '\x00' in { ctr = (0L, 0L) ; secret = k - ; key = AES_CTR.of_secret k + ; key = AES_CTR.of_secret (Cstruct.of_string k) ; pools = Array.make pools SHAd256.empty ; pool0_size = 0 ; reseed_count = 0 @@ -53,7 +54,7 @@ let seeded ~g = (* XXX We might want to erase the old key. *) let set_key ~g sec = g.secret <- sec ; - g.key <- AES_CTR.of_secret sec + g.key <- AES_CTR.of_secret (Cstruct.of_string sec) let reseedi ~g iter = set_key ~g @@ SHAd256.digesti (fun f -> f g.secret; iter f); @@ -66,9 +67,9 @@ let reseed ~g cs = reseedi ~g (iter1 cs) let generate_rekey ~g bytes = let b = bytes // block + 2 in let n = b * block in - let r = AES_CTR.stream ~key:g.key ~ctr:g.ctr n in - let r1 = Cstruct.sub r 0 bytes - and r2 = Cstruct.sub r (n - 32) 32 in + let r = Cstruct.to_string (AES_CTR.stream ~key:g.key ~ctr:g.ctr n) in + let r1 = String.sub r 0 bytes + and r2 = String.sub r (n - 32) 32 in set_key ~g r2 ; g.ctr <- AES_CTR.add_ctr g.ctr (Int64.of_int b); r1 @@ -100,17 +101,17 @@ let generate ~g bytes = | i when i <= 0 -> acc | n -> let n' = imin n 0x10000 in chunk (generate_rekey ~g n' :: acc) (n - n') in - Cstruct.concat @@ chunk [] bytes + String.concat "" @@ chunk [] bytes -let _buf = Cstruct.create_unsafe 2 +let _buf = Bytes.create 2 let add ~g (source, _) ~pool data = let pool = pool land (pools - 1) and source = source land 0xff in - Cstruct.set_uint8 _buf 0 source; - Cstruct.set_uint8 _buf 1 (Cstruct.length data); - g.pools.(pool) <- SHAd256.feedi g.pools.(pool) (iter2 _buf data); - if pool = 0 then g.pool0_size <- g.pool0_size + Cstruct.length data + Bytes.set_uint8 _buf 0 source; + Bytes.set_uint8 _buf 1 (String.length data); + g.pools.(pool) <- SHAd256.feedi g.pools.(pool) (iter2 (Bytes.unsafe_to_string _buf) data); + if pool = 0 then g.pool0_size <- g.pool0_size + String.length data (* XXX * Schneier recommends against using generator-imposed pool-seeding schedule diff --git a/rng/hmac_drbg.ml b/rng/hmac_drbg.ml index 65079a50..f9667490 100644 --- a/rng/hmac_drbg.ml +++ b/rng/hmac_drbg.ml @@ -1,44 +1,42 @@ -module Make (H : Mirage_crypto.Hash.S) = struct - - open Mirage_crypto.Uncommon - +module Make (H : Digestif.S) = struct type g = - { mutable k : Cstruct.t - ; mutable v : Cstruct.t + { mutable k : string + ; mutable v : string ; mutable seeded : bool } let block = H.digest_size - let (bx00, bx01) = Cs.(b 0x00, b 0x01) + let b x = String.make 1 (char_of_int x) + + let (bx00, bx01) = b 0x00, b 0x01 - let k0 = Cstruct.create H.digest_size (* fills k0 with 0s *) - and v0 = - let buf = Cstruct.create H.digest_size in - Cstruct.memset buf 0x01; - buf + let k0 = String.make H.digest_size '\x00' + and v0 = String.make H.digest_size '\x01' let create ?time:_ () = { k = k0 ; v = v0 ; seeded = false } let seeded ~g = g.seeded - let reseed ~g cs = + let reseed ~g buf = let (k, v) = (g.k, g.v) in - let k = H.hmac ~key:k @@ Cstruct.concat [v; bx00; cs] in - let v = H.hmac ~key:k v in - let k = H.hmac ~key:k @@ Cstruct.concat [v; bx01; cs] in - let v = H.hmac ~key:k v in + let k = H.hmac_string ~key:k @@ String.concat "" [v; bx00; buf] |> H.to_raw_string in + let v = H.hmac_string ~key:k v |> H.to_raw_string in + let k = H.hmac_string ~key:k @@ String.concat "" [v; bx01; buf] |> H.to_raw_string in + let v = H.hmac_string ~key:k v |> H.to_raw_string in g.k <- k ; g.v <- v ; g.seeded <- true let generate ~g bytes = if not g.seeded then raise Rng.Unseeded_generator ; let rec go acc k v = function - | 0 -> (v, Cstruct.concat @@ List.rev acc) - | i -> let v = H.hmac ~key:k v in go (v::acc) k v (pred i) in - let (v, cs) = go [] g.k g.v (bytes // H.digest_size) in - g.k <- H.hmac ~key:g.k Cs.(v <+> bx00); - g.v <- H.hmac ~key:g.k v; - Cstruct.sub cs 0 (imax 0 bytes) + | 0 -> (v, String.concat "" @@ List.rev acc) + | i -> + let v = H.hmac_string ~key:k v |> H.to_raw_string in + go (v::acc) k v (pred i) in + let (v, buf) = go [] g.k g.v Mirage_crypto.Uncommon.(bytes // H.digest_size) in + g.k <- H.hmac_string ~key:g.k (v ^ bx00) |> H.to_raw_string; + g.v <- H.hmac_string ~key:g.k v |> H.to_raw_string; + String.sub buf 0 (Mirage_crypto.Uncommon.imax 0 bytes) (* XXX *) let accumulate ~g:_ = invalid_arg "Implement Hmac_drbg.accumulate..." diff --git a/rng/lwt/mirage_crypto_rng_lwt.ml b/rng/lwt/mirage_crypto_rng_lwt.ml index 8e0729bc..9730e90b 100644 --- a/rng/lwt/mirage_crypto_rng_lwt.ml +++ b/rng/lwt/mirage_crypto_rng_lwt.ml @@ -19,7 +19,7 @@ let getrandom_task delta source = let idx = ref 0 in let f () = incr idx; - Cstruct.sub random (per_pool * (pred !idx)) per_pool + String.sub random (per_pool * (pred !idx)) per_pool in Entropy.feed_pools None source f in @@ -55,7 +55,7 @@ let initialize (type a) ?g ?(sleep = Duration.of_sec 1) (rng : a generator) = let init = Entropy.[ bootstrap ; whirlwind_bootstrap ; bootstrap ; getrandom_init ] in - List.mapi (fun i f -> f i) init |> Cstruct.concat + List.mapi (fun i f -> f i) init |> String.concat "" in let rng = create ?g ~seed ~time:Mtime_clock.elapsed_ns rng in set_default_generator rng; diff --git a/rng/mirage/dune b/rng/mirage/dune index 163df292..5cf928af 100644 --- a/rng/mirage/dune +++ b/rng/mirage/dune @@ -1,5 +1,5 @@ (library (name mirage_crypto_rng_mirage) (public_name mirage-crypto-rng-mirage) - (libraries cstruct lwt mirage-runtime mirage-crypto-rng mirage-time - mirage-clock duration logs)) + (libraries lwt mirage-runtime mirage-crypto-rng mirage-time mirage-clock + duration logs)) diff --git a/rng/mirage/mirage_crypto_rng_mirage.ml b/rng/mirage/mirage_crypto_rng_mirage.ml index f363b3d0..92a2414b 100644 --- a/rng/mirage/mirage_crypto_rng_mirage.ml +++ b/rng/mirage/mirage_crypto_rng_mirage.ml @@ -65,7 +65,7 @@ module Make (T : Mirage_time.S) (M : Mirage_clock.MCLOCK) = struct No_default_generator -> ()); running := true; let seed = - List.mapi (fun i f -> f i) (bootstrap_functions ()) |> Cstruct.concat + List.mapi (fun i f -> f i) (bootstrap_functions ()) |> String.concat "" in let rng = create ?g ~seed ~time:M.elapsed_ns rng in set_default_generator rng; diff --git a/rng/mirage_crypto_rng.mli b/rng/mirage_crypto_rng.mli index 0dd9f909..6a14fa2a 100644 --- a/rng/mirage_crypto_rng.mli +++ b/rng/mirage_crypto_rng.mli @@ -92,7 +92,7 @@ module Entropy : sig (** {1 Bootstrap} *) - val whirlwind_bootstrap : int -> Cstruct.t + val whirlwind_bootstrap : int -> string (** [whirlwind_bootstrap id] exploits CPU-level data races which lead to execution-time variability. It returns 200 bytes random data prefixed by [id]. @@ -100,7 +100,7 @@ module Entropy : sig See {{:http://www.ieee-security.org/TC/SP2014/papers/Not-So-RandomNumbersinVirtualizedLinuxandtheWhirlwindRNG.pdf}} for further details. *) - val cpu_rng_bootstrap : (int -> Cstruct.t, [`Not_supported]) Result.t + val cpu_rng_bootstrap : (int -> string, [`Not_supported]) Result.t (** [cpu_rng_bootstrap id] returns 8 bytes of random data using the CPU RNG (rdseed or rdrand). On 32bit platforms, only 4 bytes are filled. The [id] is used as prefix. @@ -108,13 +108,13 @@ module Entropy : sig @raise Failure if no CPU RNG is available, or if it doesn't return a random value. *) - val bootstrap : int -> Cstruct.t + val bootstrap : int -> string (** [bootstrap id] is either [cpu_rng_bootstrap], if the CPU supports it, or [whirlwind_bootstrap] if not. *) (** {1 Timer source} *) - val interrupt_hook : unit -> unit -> Cstruct.t + val interrupt_hook : unit -> unit -> string (** [interrupt_hook ()] collects lower bytes from the cycle counter, to be used for entropy collection in the event loop. *) @@ -124,7 +124,7 @@ module Entropy : sig (** {1 Periodic pulled sources} *) - val feed_pools : g option -> source -> (unit -> Cstruct.t) -> unit + val feed_pools : g option -> source -> (unit -> string) -> unit (** [feed_pools g source f] feeds all pools of [g] using [source] by executing [f] for each pool. *) @@ -137,7 +137,7 @@ module Entropy : sig val id : source -> int (** [id source] is the identifier used for [source]. *) - val header : int -> Cstruct.t -> Cstruct.t + val header : int -> string -> string (** [header id data] constructs a unique header with [id], length of [data], and [data]. *) (**/**) @@ -156,17 +156,17 @@ module type Generator = sig val create : ?time:(unit -> int64) -> unit -> g (** Create a new, unseeded {{!g}g}. *) - val generate : g:g -> int -> Cstruct.t + val generate : g:g -> int -> string (** [generate ~g n] produces [n] uniformly distributed random bytes, updating the state of [g]. *) - val reseed : g:g -> Cstruct.t -> unit + val reseed : g:g -> string -> unit (** [reseed ~g bytes] directly updates [g]. Its new state depends both on [bytes] and the previous state. A generator is seded after a single application of [reseed]. *) - val accumulate : g:g -> Entropy.source -> [`Acc of Cstruct.t -> unit] + val accumulate : g:g -> Entropy.source -> [`Acc of string -> unit] (** [accumulate ~g] is a closure suitable for incrementally feeding small amounts of environmentally sourced entropy into [g]. @@ -192,9 +192,9 @@ module Fortuna : Generator (** {b HMAC_DRBG}: A NIST-specified RNG based on HMAC construction over the provided hash. *) -module Hmac_drbg (H : Mirage_crypto.Hash.S) : Generator +module Hmac_drbg (H : Digestif.S) : Generator -val create : ?g:'a -> ?seed:Cstruct.t -> ?strict:bool -> +val create : ?g:'a -> ?seed:string -> ?strict:bool -> ?time:(unit -> int64) -> 'a generator -> g (** [create ~g ~seed ~strict ~time module] uses a module conforming to the {{!Generator}Generator} signature to instantiate the generic generator @@ -227,7 +227,7 @@ val unset_default_generator : unit -> unit (** [unset_default_generator ()] sets the default generator to [None]. *) (**/**) -val generate : ?g:g -> int -> Cstruct.t +val generate : ?g:g -> int -> string (** Invoke {{!Generator.generate}generate} on [g] or {{!generator}default generator}. *) @@ -241,8 +241,8 @@ val block : g option -> int * connect the RNG with entropy-providing libraries and subject to change. * Client applications should not use them directly. *) -val reseed : ?g:g -> Cstruct.t -> unit -val accumulate : g option -> Entropy.source -> [`Acc of Cstruct.t -> unit] +val reseed : ?g:g -> string -> unit +val accumulate : g option -> Entropy.source -> [`Acc of string -> unit] val seeded : g option -> bool val pools : g option -> int val strict : g option -> bool @@ -251,10 +251,10 @@ val strict : g option -> bool (** {1:rng_examples Examples} - Generating a random 13-byte {!Cstruct.t}: + Generating a random 13-byte string: {[let cs = Rng.generate 13]} - Generating a list of {!Cstruct.t}, passing down an optional {{!g}generator}: + Generating a list of string, passing down an optional {{!g}generator}: {[let rec f1 ?g ~n i = if i < 1 then [] else Rng.generate ?g n :: f1 ?g ~n (i - 1)]} diff --git a/rng/rng.ml b/rng/rng.ml index 7041f573..f7e295c2 100644 --- a/rng/rng.ml +++ b/rng/rng.ml @@ -38,9 +38,9 @@ module type Generator = sig type g val block : int val create : ?time:(unit -> int64) -> unit -> g - val generate : g:g -> int -> Cstruct.t - val reseed : g:g -> Cstruct.t -> unit - val accumulate : g:g -> source -> [`Acc of Cstruct.t -> unit] + val generate : g:g -> int -> string + val reseed : g:g -> string -> unit + val accumulate : g:g -> source -> [`Acc of string -> unit] val seeded : g:g -> bool val pools : int end diff --git a/rng/unix/mc_getrandom_stubs.c b/rng/unix/mc_getrandom_stubs.c index 82887ddd..79f6200e 100644 --- a/rng/unix/mc_getrandom_stubs.c +++ b/rng/unix/mc_getrandom_stubs.c @@ -72,7 +72,7 @@ void raw_getrandom(uint8_t *data, uint32_t len) { #error "Retrieving random data not supported on this platform" #endif -CAMLprim value mc_getrandom (value ba, value len) { - raw_getrandom((uint8_t*) Caml_ba_data_val(ba), Int_val(len)); +CAMLprim value mc_getrandom (value buf, value len) { + raw_getrandom(Bytes_val(buf), Int_val(len)); return Val_unit; } diff --git a/rng/unix/mirage_crypto_rng_unix.ml b/rng/unix/mirage_crypto_rng_unix.ml index 43f8300b..360bf073 100644 --- a/rng/unix/mirage_crypto_rng_unix.ml +++ b/rng/unix/mirage_crypto_rng_unix.ml @@ -3,14 +3,12 @@ open Mirage_crypto_rng let src = Logs.Src.create "mirage-crypto-rng.unix" ~doc:"Mirage crypto RNG Unix" module Log = (val Logs.src_log src : Logs.LOG) -open Stdlib.Bigarray -type buffer = (char, int8_unsigned_elt, c_layout) Array1.t -external getrandom_buf : buffer -> int -> unit = "mc_getrandom" +external getrandom_buf : bytes -> int -> unit = "mc_getrandom" [@@noalloc] let getrandom size = - let buf = Cstruct.create_unsafe size in - getrandom_buf buf.Cstruct.buffer size; - buf + let buf = Bytes.create size in + getrandom_buf buf size; + Bytes.unsafe_to_string buf let getrandom_init i = let data = getrandom 128 in @@ -35,7 +33,7 @@ let initialize (type a) ?g (rng : a generator) = let init = Entropy.[ bootstrap ; whirlwind_bootstrap ; bootstrap ; getrandom_init ] in - List.mapi (fun i f -> f i) init |> Cstruct.concat + List.mapi (fun i f -> f i) init |> String.concat "" in let _ = Entropy.register_source "getrandom" in set_default_generator (create ?g ~seed rng) diff --git a/rng/unix/mirage_crypto_rng_unix.mli b/rng/unix/mirage_crypto_rng_unix.mli index 6f7093df..4808e433 100644 --- a/rng/unix/mirage_crypto_rng_unix.mli +++ b/rng/unix/mirage_crypto_rng_unix.mli @@ -10,4 +10,4 @@ val initialize : ?g:'a -> 'a Mirage_crypto_rng.generator -> unit (** [getrandom size] returns a buffer of [size] filled with random bytes. *) -val getrandom : int -> Cstruct.t +val getrandom : int -> string diff --git a/tests/dune b/tests/dune index 3a9169da..4fbf12e6 100644 --- a/tests/dune +++ b/tests/dune @@ -10,23 +10,17 @@ (package mirage-crypto) (modules test_base test_cipher test_hash test_hmac test_symmetric_runner)) -(library - (name test_common_random) - (libraries randomconv mirage-crypto-rng) - (modules test_common_random) - (optional)) - (test (name test_random_runner) - (libraries test_common test_common_random mirage-crypto mirage-crypto-rng - mirage-crypto-rng.unix ounit2) + (libraries test_common mirage-crypto mirage-crypto-rng mirage-crypto-rng.unix + randomconv ounit2) (package mirage-crypto-rng) (modules test_random_runner)) (test (name test_pk_runner) - (libraries test_common test_common_random mirage-crypto-pk - mirage-crypto-rng.unix ounit2) + (libraries test_common mirage-crypto-pk mirage-crypto-rng.unix randomconv + ounit2) (package mirage-crypto-pk) (modules test_numeric test_dh test_dsa test_rsa test_pk_runner)) diff --git a/tests/test_common_random.ml b/tests/test_common_random.ml deleted file mode 100644 index 79d6cf17..00000000 --- a/tests/test_common_random.ml +++ /dev/null @@ -1,3 +0,0 @@ -let sample arr = - let ix = Randomconv.int ~bound:(Array.length arr) Mirage_crypto_rng.generate in - arr.(ix) diff --git a/tests/test_dsa.ml b/tests/test_dsa.ml index cfef2a50..cd1c3e43 100644 --- a/tests/test_dsa.ml +++ b/tests/test_dsa.ml @@ -1,7 +1,6 @@ open OUnit2 open Mirage_crypto.Uncommon -open Mirage_crypto open Mirage_crypto_pk open Test_common @@ -14,7 +13,7 @@ open Test_common *) let dsa_test ~priv ~msg ?k ~r ~s ~hash _ = - let hmsg = Cstruct.to_string (Hash.digest hash (Cstruct.of_string msg)) in + let hmsg = Digestif.(digest_string hash msg |> to_raw_string hash) in let (r', s') = Dsa.sign ~mask:`No ~key:priv ?k hmsg in assert_str_equal ~msg:"computed r" r r' ; assert_str_equal ~msg:"computed s" s s' ; @@ -53,7 +52,7 @@ let sha1_cases = ~q:"f85f0f83ac4df7ea0cdf8f469bfeeaea14156495" ~g:"2b3152ff6c62f14622b8f48e59f8af46883b38e79b8c74deeae9df131f8b856e3ad6c8455dab87cc0da8ac973417ce4f7878557d6cdf40b35b4a0ca3eb310c6a95d68ce284ad4e25ea28591611ee08b8444bd64b25f3f7c572410ddfb39cc728b9c936f85f419129869929cdb909a6a3a99bbe089216368171bd0ba81de4fe33" in - let case = case_of ~domain ~hash:`SHA1 in + let case = case_of ~domain ~hash:Digestif.sha1 in [ case ~msg:"3b46736d559bd4e0c2c1b2553a33ad3c6cf23cac998d3d0c0e8fa4b19bca06f2f386db2dcff9dca4f40ad8f561ffc308b46c5f31a7735b5fa7e0f9e6cb512e63d7eea05538d66a75cd0d4234b5ccf6c1715ccaaf9cdc0a2228135f716ee9bdee7fc13ec27a03a6d11c5c5b3685f51900b1337153bc6c4e8f52920c33fa37f4e7" @@ -137,7 +136,7 @@ let sha224_cases = ~q:"bc550e965647fb3a20f245ec8475624abbb26edd" ~g:"11333a931fba503487777376859fdc12f7c687b0948ae889d287f1b7a712ad220ae4f1ce379d0dbb5c9abf419621f005fc123c327e5055d1850634c36d397e689e111d598c1c3636b940c84f42f436846e8e7fcad9012ceda398720f32fffd1a45ab6136ce417069207ac140675b8f86dd063915ae6f62b0cec729fbd509ac17" in - let case = case_of ~domain ~hash:`SHA224 in + let case = case_of ~domain ~hash:Digestif.sha224 in [ case ~msg:"fb2128052509488cad0745ed3e6312850dd96ddaf791f1e624e22a6b9beaa65319c325c78ef59cacba0ccfa722259f24f92c17b77a8f6d8e97c93d880d2d8dbbbedcf6acefa06b0e476ca2013d0394bd90d56c10626ef43cea79d1ef0bc7ac452bf9b9acaef70325e055ac006d34024b32204abea4be5faae0a6d46d365ed0d9" ~x:"6e2e31bbfc670944d7a7120e39a981520614d8a8" ~y:"7e339f3757450390160e02291559f30bed0b2d758c5ccc2d8d456232bb435ae49de7e7957e3aad9bfdcf6fd5d9b6ee3b521bc2229a8421dc2aa59b9952345a8fc1de49b348003a9b18da642d7f6f56e3bc665131ae9762088a93786f7b4b72a4bcc308c67e2532a3a5bf09652055cc26bf3b18833598cffd7011f2285f794557" ~k:"8cb35d255505a4c41421e562d10827266aa68663" ~r:"afee719e7f848b54349ccc3b4fb26065833a4d8e" ~s:"734efe992256f31325e749bc32a24a1f957b3a1b" ; @@ -193,7 +192,7 @@ let sha256_cases = ~q:"95031b8aa71f29d525b773ef8b7c6701ad8a5d99" ~g:"45bcaa443d4cd1602d27aaf84126edc73bd773de6ece15e97e7fef46f13072b7adcaf7b0053cf4706944df8c4568f26c997ee7753000fbe477a37766a4e970ff40008eb900b9de4b5f9ae06e06db6106e78711f3a67feca74dd5bddcdf675ae4014ee9489a42917fbee3bb9f2a24df67512c1c35c97bfbf2308eaacd28368c5c" in - let case = case_of ~domain ~hash:`SHA256 in + let case = case_of ~domain ~hash:Digestif.sha256 in [ case ~msg:"812172f09cbae62517804885754125fc6066e9a902f9db2041eeddd7e8da67e4a2e65d0029c45ecacea6002f9540eb1004c883a8f900fd84a98b5c449ac49c56f3a91d8bed3f08f427935fbe437ce46f75cd666a0707265c61a096698dc2f36b28c65ec7b6e475c8b67ddfb444b2ee6a984e9d6d15233e25e44bd8d7924d129d" ~x:"2eac4f4196fedb3e651b3b00040184cfd6da2ab4" ~y:"4cd6178637d0f0de1488515c3b12e203a3c0ca652f2fe30d088dc7278a87affa634a727a721932d671994a958a0f89223c286c3a9b10a96560542e2626b72e0cd28e5133fb57dc238b7fab2de2a49863ecf998751861ae668bf7cad136e6933f57dfdba544e3147ce0e7370fa6e8ff1de690c51b4aeedf0485183889205591e8 " ~k:"85976c5610a74959531040a5512b347eac587e48" ~r:"76683a085d6742eadf95a61af75f881276cfd26a" ~s:"3b9da7f9926eaaad0bebd4845c67fcdb64d12453" ; @@ -234,7 +233,7 @@ let sha384_cases = ~q:"da065a078ddb56ee5d2ad06cafab20820d2c4755" ~g:"47b5591b79043e4e03ca78a0e277c9a21e2a6b543bf4f044104cd9ac93eff8e101bb6031efc8c596d5d2f92e3a3d0f1f74702dd54f77d3cd46c04dee7a5de9f00ad317691fddcefe4a220a2651acae7fcedda92bfcca855db6705e8d864f8192bf6bf860c00f08ad6493ecc1872e0028d5c86d44505db57422515c3825a6f78a" in - let case = case_of ~domain ~hash:`SHA384 in + let case = case_of ~domain ~hash:Digestif.sha384 in [ @@ -350,7 +349,7 @@ let sha512_cases = ~q:"a665689b9e5b9ce82fd1676006cf4cf67ecc56b7" ~g:"267e282857417752113fba3fca7155b5ce89e7c8a33c1a29122e2b720965fc04245267ff87fc67a5730fe5b308013aa3266990fbb398185a87e055b443a868ce0ce13ae6aee330b9d25d3bbb362665c5881daf0c5aa75e9d4a82e8f04c91a9ad294822e33978ab0c13fadc45831f9d37da4efa0fc2c5eb01371fa85b7ddb1f82" in - let case = case_of ~domain ~hash:`SHA512 in + let case = case_of ~domain ~hash:Digestif.sha512 in [ case ~msg:"3a84a5314e90fd33bb7cd6ca68720c69058da1da1b359046ae8922cac8afc5e025771635fb4735491521a728441b5cb087d60776ee0ecc2174a41985a82cf46d8f8d8b274a0cc439b00971077c745f8cf701cf56bf9914cc57209b555dc87ca8c13da063270c60fc2c988e692b75a7f2a669903b93d2e14e8efb6fb9f8694a78 @@ -467,7 +466,7 @@ let sha1_n224_cases = " ~q:"8000000000000000c118f49835e4ef733c4d15800fcf059e884d31b1 " ~g:"e3a93c09da6f560e4d483a382a4c546f2335c36a4c35ac1463c08a3e6dd415df56fdc537f25fd5372be63e4f5300780b782f1acd01c8b4eb33414615fd0ea82573acba7ef83f5a943854151afc2d7dfe121fb8cd03335b065b549c5dcc606be9052483bc284e12ac3c8dba09b426e08402030e70bc1cc2bf8957c4ba0630f3f32ad689389ac47443176063f247d9e2296b3ea5b5bc2335828ea1a080ed35918dee212fd031279d1b894f01afec523833669eac031a420e540ba1320a59c424a3e5849a460a56bcb001647885b1433c4f992971746bfe2977ce7259c550b551a6c35761e4a41af764e8d92132fcc0a59d1684eab90d863f29f41cf7578faa908c" in - let case = case_of ~domain ~hash:`SHA1 in + let case = case_of ~domain ~hash:Digestif.sha1 in [ case ~msg:"edc6fd9b6c6e8a59f283016f7f29ee16deeaa609b5737927162aef34fed985d0bcb550275637ba67831a2d4efccb35296dfe730f4a0b4f4728d1d7d1bb8f4a36238a5c94311fa1134a93a6b4de39c085e9f60ae4e237c0416d58042bb36baa38cba8c896295b745d5376fd8ce42eb6ee5a1b38f87716b265b76e58cfb24a9170 @@ -583,7 +582,7 @@ let sha224_n224_cases = " ~q:"ea347e90be7c2875d1fe1db622b4763837c5e27a6037310348c1aa11 " ~g:"2042094ccbc8b8723fc928c12fda671b83295e99c743576f44504be1186323319b5002d24f173df909ea241d6ea5289904ee4636204b2fbe94b068fe093f7962579549551d3af219ad8ed19939eff86bcec834de2f2f78596e89e7cb52c524e177098a56c232eb1f563aa84bc6b026deee6ff51cb441e080f2dafaea1ced86427d1c346be55c66803d4b76d133cd445b4c3482fa415023463c9bf30f2f784223e26057d3aa0d7fbb660630c52e49d4a0325c7389e072aa349f13c966e159752fbb71e9336890f93243fa6e72d299365ee5b3fe266ebf1110568fee4425c847b50210bd484b97431a42856adca3e7d1a9c9c675c7e266918320dd5a78a48c48a9" in - let case = case_of ~domain ~hash:`SHA224 in + let case = case_of ~domain ~hash:Digestif.sha224 in [ case ~msg:"e920fc1610718f2b0213d301c0092a51f3c6b0107bbbd8243a9689c044e2d142f202d9d195a5faef4be5acadc9ff6f7d2261e58b517139bcb9489b110423c2e59eb181294ffdae8aad0e624fab974c97f9f5e7dc19d678a9cb3429cf05ec509072856f5adfec6e29bafe8e5ba95593e612843e343111d88a1eaff7dc0a2e277f " ~x:"7b489021578e79e7bd3ee7ab456f659f3dc07c88f5c9a39e4f8cee81 @@ -698,7 +697,7 @@ let sha256_n224_cases = " ~q:"ce89fe332b8e4eb3d1e8ddcea5d163a5bc13b63f16993755427aef43 " ~g:"8c465edf5a180730291e080dfc5385397a5006450dba2efe0129264fbd897bb5579ca0eab19aa278220424724b4f2a6f6ee6328432abf661380646097233505339c5519d357d7112b6eec938b85d5aa75cc2e38092f0a530acb54e50fe82c4d562fb0f3036b80b30334023ebbe6637a0010b00c7db86371168563671e1e0f028aedbd45d2d572621a609982a073e51aae27707afbeef29e2ecee84d7a6d5da382be3a35f42b6c66849202ab19d025b869d08776476d1ab981475ad2ad2f3e6fd07e30696d90a626816df60d6ca7afd7b482f942f83b45cc82933731f87faee320900f2aa3e70b1867e1430e40be67c07f9290299ef067b8b24a7515b3f992c07" in - let case = case_of ~domain ~hash:`SHA256 in + let case = case_of ~domain ~hash:Digestif.sha256 in [ case ~msg:"cec8d2843dee7cb5f9119b75562585e05c5ce2f4e6457e9bcc3c1c781ccd2c0442b6282aea610f7161dcede176e774861f7d2691be6c894ac3ebf80c0fab21e52a3e63ae0b35025762ccd6c9e1fecc7f9fe00aa55c0c3ae33ae88f66187f9598eba9f863171f3f56484625bf39d883427349b8671d9bb7d396180694e5b546ae " ~x:"551595eccbb003b0bf8ddda184a59da51e459a0d28205e5592ca4cb1 @@ -813,7 +812,7 @@ let sha384_n224_cases = " ~q:"8c3ee5bd9a2aaf068bd5845bd55ecf27417055307577bbc3770ec68b " ~g:"43b5a6b6d0bb962ec9766a377c32cc4124f1311188c2ecf95c0cd4a4fa097225b7618cb1276c474578d3bf564c145199c092a1b14baa929c2f3f0f36e0c2dae91eba08be30992a889f2952e0442c37af484a4ecdc3243ccfcb9e3413cf5cdd6630b09fe17efbfde14d8725493019b7b73d1f782b48ef30bec36e00e02ba336d2254fc202a69612cd9446f91d76b739ffa6d8b86052f8dc5f1145801c56241af5ba9037241bd89e6338b58e01310671c268eb5e33acb57d1f99f16440a675827d4017754d601a17ada2fbedf904554a90b01530da8c93cd14ce293cb2bd3e7937e934b79e310fe4d80c13f92f63381355bd80a1abee1a73fdfb6da24ef28002a3" in - let case = case_of ~domain ~hash:`SHA384 in + let case = case_of ~domain ~hash:Digestif.sha384 in [ case ~msg:"df5d564db83592c1128be5d29b7036880d55e834a291a745ed8dcd438c4da6b1b9f39412b2c5110730db83c1ccdfe9059dd96ec7ea2bbcb34e3eba72ef0a1d4721c7c0221e29279f014d63facc5bc8f18c539b92ff2af89e568225d6b4cf599cb3dff5e3c6ddfac0a27f10f636ec220abb72630bae9a39c18fd3663e4651ccac " ~x:"4efa5136eb6aa74e92bbfc913b0bfebb613db7a47221fb7b64f42e6f @@ -927,7 +926,7 @@ let sha512_n224_cases = " ~q:"aa986df8a064278e9363316a9830bcfa490656faa6d5daa817d87949 " ~g:"8195ad9a478fd985216ee58368366d2edd13c12b3d62239169fa042d91156408b483122f44ed6236b8308a6cdb52f9af3de88ec89e039afad7da3aa66c1976049a8e0a7d18d567baf99fcefe315cada01548386b10b25e52f52ed78eb4d28082e5e1ffee9480c4fe2cc4aafd1efc9d4fd2cc6d155968931271ef15b3240e7fb043a80c8f628befe09d645077c1029d21e0ac8bf0ba9c27714d1b580ede594aa01b3b76f6e745fc1ec07db37e2fd7e98c6c8c6915228e422c309de9f5db168f50249d1be1ed3298090808e2ebb896bb79b8c4cbf94d4c2064e37e612ba4449d7ac210edde211416d64b051dd8046ab041732665411a7f154d31b3e11a51da7fc0" in - let case = case_of ~domain ~hash:`SHA512 in + let case = case_of ~domain ~hash:Digestif.sha512 in [ case ~msg:"e9f59c6a5cbe8f5b0cf75008d06a076a6739bdddb39b82143cd03939aa4738a287c2a6f31829bbe15f02cc2ee7d7122dbd132825970daddd8a4d851da86e7edc8940cb1188319218b8e0248a103eae34bc68d85f5a32830d7e5dc7718f74db5e4224c0debe1e841e1eea1a88fee0f85d9fb087cbcee55f86037a646e38346d2b @@ -1042,7 +1041,7 @@ let sha1_n256_cases = " ~q:"8000000000000000000000001bd62c65e8b87c89797f8f0cbfa55e4a6810e2c7 " ~g:"aea5878740f1424d3c6ea9c6b4799615d2749298a17e26207f76cef340ddd390e1b1ad6b6c0010ad015a103342ddd452cac024b36e42d9b8ed52fafae7a1d3ce9e4b21f910d1356eb163a3e5a8184c781bf14492afa2e4b0a56d8884fd01a628b9662739c42e5c5795ade2f5f27e6de1d963917ce8806fc40d021cd87aa3aa3a9e4f0c2c4c45d2959b2578b2fb1a2229c37e181059b9d5e7b7862fa82e2377a49ed0f9dca820a5814079dd6610714efaf8b0cc683d8e72e4c884e6f9d4946b3e8d4cbb92adbbe7d4c47cc30be7f8c37ca81883a1aac6860059ff4640a29ccae73de20b12e63b00a88b2ee9ba94b75eb40a656e15d9ec83731c85d0effcb9ef9f" in - let case = case_of ~domain ~hash:`SHA1 in + let case = case_of ~domain ~hash:Digestif.sha1 in [ case ~msg:"de3605dbefde353cbe05e0d6098647b6d041460dfd4c000312be1afe7551fd3b93fed76a9763c34e004564b8f7dcacbd99e85030632c94e9b0a032046523b7aacdf934a2dbbdcfceefe66b4e3d1cb29e994ff3a4648a8edd9d58ed71f12399d90624789c4e0eebb0fbd5080f7d730f875a1f290749334cb405e9fd2ae1b4ed65 " ~x:"5a42e77248358f06ae980a2c64f6a22bea2bf7b4fc0015745053c432b7132a67 @@ -1156,7 +1155,7 @@ let sha224_n256_cases = " ~q:"8000000012997e8285e4089708f528070c6d7af8a0bd01409e7a079cdb6fc5bb " ~g:"778453049ef262147fed7b59b0ee6764607c51e7b5b5fc6fea7a7a7b1dd6bb283f4a9ae98efd3964b1556758cb15b2a53af8619e74d85898bec77d3b3f382494ae5961a13ffc745da386182291519800f99dd710e00aeb15adee088e2798ee2e46f598526cf0f4667055d1ba009750041dc5cdd2725ff1d97dd340c8518af7671b87d39d67aeced84b66f84e0701efc82a5c9ef954ee576d24c385b14d63037f0d866fd424b4975bdd5485ed740cb932e843f906683f7c7b2c74775d901c361b847b519c0da699638da40bd736b783d2710b2c2cc26ef91271bf4e2c1929f876e902e2057164223bc78d6a2b9f6c0c7a7cb85922f7d6c4287ae23861f8128848" in - let case = case_of ~domain ~hash:`SHA224 in + let case = case_of ~domain ~hash:Digestif.sha224 in [ case ~msg:"39f2d8d503aae8cd17854456ecfad49a18900d4375412bc689181ed9c2ccafea98dca689a72dc75e5367d3d3abfc2169700d5891cff70f69d9aca093b061b9f5057f94636bc2783115254344fb12e33b167272e198838a8728e7744ea9a2e8248e34d5906e298302472637b879de91c1a6f9f331a5cf98a5af29132990d27416 " ~x:"6ba81e6cd4367798aaab8b7af1135183a37c42a766dbd68cd2dce78f2670ef0f @@ -1271,7 +1270,7 @@ let sha256_n256_cases = " ~q:"e71f8567447f42e75f5ef85ca20fe557ab0343d37ed09edc3f6e68604d6b9dfb " ~g:"5ba24de9607b8998e66ce6c4f812a314c6935842f7ab54cd82b19fa104abfb5d84579a623b2574b37d22ccae9b3e415e48f5c0f9bcbdff8071d63b9bb956e547af3a8df99e5d3061979652ff96b765cb3ee493643544c75dbe5bb39834531952a0fb4b0378b3fcbb4c8b5800a5330392a2a04e700bb6ed7e0b85795ea38b1b962741b3f33b9dde2f4ec1354f09e2eb78e95f037a5804b6171659f88715ce1a9b0cc90c27f35ef2f10ff0c7c7a2bb0154d9b8ebe76a3d764aa879af372f4240de8347937e5a90cec9f41ff2f26b8da9a94a225d1a913717d73f10397d2183f1ba3b7b45a68f1ff1893caf69a827802f7b6a48d51da6fbefb64fd9a6c5b75c4561" in - let case = case_of ~domain ~hash:`SHA256 in + let case = case_of ~domain ~hash:Digestif.sha256 in [ case ~msg:"4e3a28bcf90d1d2e75f075d9fbe55b36c5529b17bc3a9ccaba6935c9e20548255b3dfae0f91db030c12f2c344b3a29c4151c5b209f5e319fdf1c23b190f64f1fe5b330cb7c8fa952f9d90f13aff1cb11d63181da9efc6f7e15bfed4862d1a62c7dcf3ba8bf1ff304b102b1ec3f1497dddf09712cf323f5610a9d10c3d9132659 " ~x:"446969025446247f84fdea74d02d7dd13672b2deb7c085be11111441955a377b @@ -1386,7 +1385,7 @@ let sha384_n256_cases = " ~q:"8427529044d214c07574f7b359c2e01c23fd97701b328ac8c1385b81c5373895 " ~g:"6fc232415c31200cf523af3483f8e26ace808d2f1c6a8b863ab042cc7f6b7144b2d39472c3cb4c7681d0732843503d8f858cbe476e6740324aaa295950105978c335069b919ff9a6ff4b410581b80712fe5d3e04ddb4dfd26d5e7fbca2b0c52d8d404343d57b2f9b2a26daa7ece30ceab9e1789f9751aaa9387049965af32650c6ca5b374a5ae70b3f98e053f51857d6bbb17a670e6eaaf89844d641e1e13d5a1b24d053dc6b8fd101c624786951927e426310aba9498a0042b3dc7bbc59d705f80d9b807de415f7e94c5cf9d789992d3bb8336d1d808cb86b56dde09d934bb527033922de14bf307376ab7d22fbcd616f9eda479ab214a17850bdd0802a871c" in - let case = case_of ~domain ~hash:`SHA384 in + let case = case_of ~domain ~hash:Digestif.sha384 in [ case ~msg:"8c78cffdcf25d8230b835b30512684c9b252115870b603d1b4ba2eb5d35b33f26d96b684126ec34fff67dfe5c8c856acfe3a9ff45ae11d415f30449bcdc3bf9a9fb5a7e48afeaba6d0b0fc9bce0197eb2bf7a840249d4e550c5a25dc1c71370e67933edad2362fae6fad1efba5c08dc1931ca2841b44b78c0c63a1665ffac860 " ~x:"459eb1588e9f7dd4f286677a7415cb25a1b46e7a7cfadc8a45100383e20da69d @@ -1501,7 +1500,7 @@ let sha512_n256_cases = " ~q:"9b7463f8269f0b909abed10991684f36a64ac864e0d6d717c0ef21577a4c3907 " ~g:"972a75f606e8aa3a91ff08fd131a20f5963251304e3d1431b712fa0803d527fd710fb7eb27e52904971cd43ca977199a24dbeeb4b7bc2ba075d3b72eb6b2c5ad8f0e8b8f48c50b554c7e0711f4c7416330806672498f430292724bf98a8ea48c7f53d7b31d8b7528b1a6f087d2c27c335202835b1e314225b37aef8bfcec7d80920c4a460a3d68344ded75ed9ee867fa2a6945063894f563b68633b8b39f83a1aaaf5a96c7f422687e7c84cf8fb8cc5f4504dff087bcb26a95bbf8583f03b3a0e43a356b2bd7e25cdddf7a015300faecc6793c5ee99b6327cb8456e32d9115339d5a6b712b7f9d0301acb05133e3115e454d3a6dd24a1693c94aab5406504bf7" in - let case = case_of ~domain ~hash:`SHA512 in + let case = case_of ~domain ~hash:Digestif.sha512 in [ case ~msg:"8ab01510cfa33cfa5bcff003bba39996fa727693abf6ac010bb959b0b59a15306c0c3a1921af2a76717aa55b39fa3723f4c3229ca9acf6b741614bb551cde8a7220ab97d4b453bec1e05a0eaa42e382bbc7b9b84f8237dc8964ee5b66e9b2a4ca61cf675140efef54fb327a665def8d57ab097e8c53c643fcb58209c4215b608 " ~x:"5f6e545daef6cd1b8d9848dd98758807236ac0b7ff053b32c703eaa3b1147557 @@ -1616,7 +1615,7 @@ let sha1_n256_cases2 = " ~q:"800000000000000000000000334a26dd8f49c6811ce81bb1342b06e980f64b75 " ~g:"99ab030a21a5c9818174872167641c81c1e03c9b274cfbc27bc472542927766de5fa0539b3b73f3f16ac866a9aec8b445ded97fbff08834ed98c77e7fc89e5dc657bef766ff7fbf8e76873e17bee412762d56fe1141760ab4d25bafd4b6ef25b49a3506632d1f8e10770930760ec1325932c5a4baf9e90154264ddf442ec5c41fed95d11525151dbcfb3758149bad81c62b9cff7816b8f953b8b7c022590d1584e921dc955f5328ac72983ed5cf0d04056fe0d531e62f8f6c9ab3c0fcd44e14860b7311d2561c77c1d32f6c69dc8f77968c9d881ad9db5e0c114fda8628bca0335eb7fb9e15e625aabab58fc01194c81bf6fb2ce54077b82250e57c6a7b25deb6ee39d4b686a5c307a7612b2d85ee92512413dea297e44f317be7ceb70a3328af0b401001a418562b8ffe4e9771b4b4a8e0b40c791349d5d4e459fe620a1a2fc72e2f6ca28567d4c2632bbde1b49864c06bb12619f132c1da8f571ef613eac739f66ab3914cb3fa1ab86e05e5082ebaa24ebeea4cf51beefc27df512fe3fee7d" in - let case = case_of ~domain ~hash:`SHA1 in + let case = case_of ~domain ~hash:Digestif.sha1 in [ case ~msg:"ca84af5c9adbc0044db00d7acfb1b493aab0388ffbad47b38cd3e9e3111cfe2cda2a45f751c46862f05bdcec4b698adfd2e1606e484c3be4ac0c379d4fbc7c2cda43e922811d7f6c33040e8e65d5f317684b90e26387cf931fe7c2f515058d753b08137ff2c6b79c910de8283149e6872cb66f7e02e66f2371785129569362f1 " ~x:"433cfd0532ccfd8cdd1b25920d2bb7396987b766240379035b0e86527ce9c52d @@ -1730,7 +1729,7 @@ let sha224_n256_cases2 = " ~q:"80000000ba4634b5fa4da054bd0ca48ae490e57711f381193842429159ba7ca1 " ~g:"8ad4553c4e49aa24728ab5024417b132d2ca53a55d959458f2f759adb0435beeefa3a2cfcd0038e2420643fc4a4deeb5d9feaa1edf21193b40e14b42982a94f35c58b81147d7189d263c9b12fe63ab9fa5f6f03a2860c186432e3ab04f2ab0f2fb6147bd9bf7ed5d20713b9da21383e2c3a168e7d09d3d8a5a058fd23095b5acfeb864a3306be2425fa1ad32ad6d9382e603b03c68af4af0246397102c4155cba811abf99da7839e77b2eac9970588ca1d0a2361723a164ac9229c2e80dcfa8db4f9e29803effb3168c7fed7a3a6de40dda19a0536af9b5b7afaefb9c70d6ae8df12da658f6236043aea873db29ceb6f07d108f5225687bd0c30e3084e2090b45ae2f92a97b8ecb7a9705c4956b8b31c4a3d61107c84e47adda6c80d5d22dab3d859220f9d5aab13677ae3df168f0c176d176b54506c639853f04ddef2722f39c18e5ce426e14562ad8ff26247af88870efb72c0cce836de8fee67a662378245b502bf1f83099988a093ce7cdc81364c78b1f4a51b800df6137c71d65e6b089a" in - let case = case_of ~domain ~hash:`SHA224 in + let case = case_of ~domain ~hash:Digestif.sha224 in [ case ~msg:"957973fc3f3fe3f559065be5d4a0c281cf17959018b9a670d2b3706d41d5812e37301005f8b70ebd2fba3c40a3f377a751b6cb9693e3cb00d92888247d07921d3c1e9257ce08733b8926e0df7bdb6e855f1f851075d4e628d110d42b643b54876e5faa3611477ee68371562555269ed62a9271bad50cc4d46038de2dd41920c2 " ~x:"524a7ea5977f8102b3552930477f5f042401165d4637dcd8b9d13df4f3aae5d0 @@ -1846,7 +1845,7 @@ let sha256_n256_cases2 = " ~q:"876fa09e1dc62b236ce1c3155ba48b0ccfda29f3ac5a97f7ffa1bd87b68d2a4b " ~g:"110afebb12c7f862b6de03d47fdbc3326e0d4d31b12a8ca95b2dee2123bcc667d4f72c1e7209767d2721f95fbd9a4d03236d54174fbfaff2c4ff7deae4738b20d9f37bf0a1134c288b420af0b5792e47a92513c0413f346a4edbab2c45bdca13f5341c2b55b8ba54932b9217b5a859e553f14bb8c120fbb9d99909dff5ea68e14b379964fd3f3861e5ba5cc970c4a180eef54428703961021e7bd68cb637927b8cbee6805fa27285bfee4d1ef70e02c1a18a7cd78bef1dd9cdad45dde9cd690755050fc4662937ee1d6f4db12807ccc95bc435f11b71e7086048b1dab5913c6055012de82e43a4e50cf93feff5dcab814abc224c5e0025bd868c3fc592041bba04747c10af513fc36e4d91c63ee5253422cf4063398d77c52fcb011427cbfcfa67b1b2c2d1aa4a3da72645cb1c767036054e2f31f88665a54461c885fb3219d5ad8748a01158f6c7c0df5a8c908ba8c3e536822428886c7b500bbc15b49df746b9de5a78fe3b4f6991d0110c3cbff458039dc36261cf46af4bc2515368f4abb7" in - let case = case_of ~domain ~hash:`SHA256 in + let case = case_of ~domain ~hash:Digestif.sha256 in [ case ~msg:"cb06e02234263c22b80e832d6dc5a1bee5ea8af3bc2da752441c04027f176158bfe68372bd67f84d489c0d49b07d4025962976be60437be1a2d01d3be0992afa5abe0980e26a9da4ae72f827b423665195cc4eed6fe85c335b32d9c03c945a86e7fa99373f0a30c6eca938b3afb6dff67adb8bece6f8cfec4b6a12ea281e2323 " ~x:"3470832055dade94e14cd8777171d18e5d06f66aeff4c61471e4eba74ee56164 @@ -1960,7 +1959,7 @@ let sha384_n256_cases2 = " ~q:"abc67417725cf28fc7640d5de43825f416ebfa80e191c42ee886303338f56045 " ~g:"867d5fb72f5936d1a14ed3b60499662f3124686ef108c5b3da6663a0e86197ec2cc4c9460193a74ff16028ac9441b0c7d27c2272d483ac7cd794d598416c4ff9099a61679d417d478ce5dd974bf349a14575afe74a88b12dd5f6d1cbd3f91ddd597ed68e79eba402613130c224b94ac28714a1f1c552475a5d29cfcdd8e08a6b1d65661e28ef313514d1408f5abd3e06ebe3a7d814d1ede316bf495273ca1d574f42b482eea30db53466f454b51a175a0b89b3c05dda006e719a2e6371669080d768cc038cdfb8098e9aad9b8d83d4b759f43ac9d22b353ed88a33723550150de0361b7a376f37b45d437f71cb711f2847de671ad1059516a1d45755224a15d37b4aeada3f58c69a136daef0636fe38e3752064afe598433e80089fda24b144a462734bef8f77638845b00e59ce7fa4f1daf487a2cada11eaba72bb23e1df6b66a183edd226c440272dd9b06bec0e57f1a0822d2e00212064b6dba64562085f5a75929afa5fe509e0b78e630aaf12f91e4980c9b0d6f7e059a2ea3e23479d930" in - let case = case_of ~domain ~hash:`SHA384 in + let case = case_of ~domain ~hash:Digestif.sha384 in [ case ~msg:"ed9a64d3109ef8a9292956b946873ca4bd887ce624b81be81b82c69c67aaddf5655f70fe4768114db2834c71787f858e5165da1a7fa961d855ad7e5bc4b7be31b97dbe770798ef7966152b14b86ae35625a28aee5663b9ef3067cbdfbabd87197e5c842d3092eb88dca57c6c8ad4c00a19ddf2e1967b59bd06ccaef933bc28e7 " ~x:"6d4c934391b7f6fb6e19e3141f8c0018ef5726118a11064358c7d35b37737377 @@ -2075,7 +2074,7 @@ let sha512_n256_cases2 = " ~q:"bf65441c987b7737385eadec158dd01614da6f15386248e59f3cddbefc8e9dd1 " ~g:"c02ac85375fab80ba2a784b94e4d145b3be0f92090eba17bd12358cf3e03f4379584f8742252f76b1ede3fc37281420e74a963e4c088796ff2bab8db6e9a4530fc67d51f88b905ab43995aab46364cb40c1256f0466f3dbce36203ef228b35e90247e95e5115e831b126b628ee984f349911d30ffb9d613b50a84dfa1f042ba536b82d5101e711c629f9f2096dc834deec63b70f2a2315a6d27323b995aa20d3d0737075186f5049af6f512a0c38a9da06817f4b619b94520edfac85c4a6e2e186225c95a04ec3c3422b8deb284e98d24b31465802008a097c25969e826c2baa59d2cba33d6c1d9f3962330c1fcda7cfb18508fea7d0555e3a169daed353f3ee6f4bb30244319161dff6438a37ca793b24bbb1b1bc2194fc6e6ef60278157899cb03c5dd6fc91a836eb20a25c09945643d95f7bd50d206684d6ffc14d16d82d5f781225bff908392a5793b803f9b70b4dfcb394f9ed81c18e391a09eb3f93a032d81ba670cabfd6f64aa5e3374cb7c2029f45200e4f0bfd820c8bd58dc5eeb34" in - let case = case_of ~domain ~hash:`SHA512 in + let case = case_of ~domain ~hash:Digestif.sha512 in [ case ~msg:"494180eed0951371bbaf0a850ef13679df49c1f13fe3770b6c13285bf3ad93dc4ab018aab9139d74200808e9c55bf88300324cc697efeaa641d37f3acf72d8c97bff0182a35b940150c98a03ef41a3e1487440c923a988e53ca3ce883a2fb532bb7441c122f1dc2f9d0b0bc07f26ba29a35cdf0da846a9d8eab405cbf8c8e77f " ~x:"150b5c51ea6402276bc912322f0404f6d57ff7d32afcaa83b6dfde11abb48181 @@ -2186,10 +2185,10 @@ let sha512_n256_cases2 = let private_key ~p ~q ~g ~x ~y = priv_of_hex ~p ~q ~gg:g ~x ~y -let test_rfc6979 ~priv ~msg ~hash ~k ~r ~s _ = - let h1 = Cstruct.to_string (Hash.digest hash (Cstruct.of_string msg)) in +let test_rfc6979 (type a) ~priv ~msg ~(hash: a Digestif.hash) ~k ~r ~s _ = + let h1 = Digestif.(digest_string hash msg |> to_raw_string hash) in let k' = - let module H = (val (Hash.module_of hash)) in + let module H = (val (Digestif.module_of hash)) in let module K = Dsa.K_gen (H) in K.generate ~key:priv h1 in assert_str_equal @@ -2219,52 +2218,52 @@ let rfc6979_dsa_1024 = let case ~msg ~hash ~k ~r ~s = test_rfc6979 ~priv ~msg ~k:(vx_str k) ~r:(vx_str r) ~s:(vx_str s) ~hash in [ - case ~msg:"sample" ~hash:`SHA1 + case ~msg:"sample" ~hash:Digestif.sha1 ~k:"7BDB6B0FF756E1BB5D53583EF979082F9AD5BD5B" ~r:"2E1A0C2562B2912CAAF89186FB0F42001585DA55" ~s:"29EFB6B0AFF2D7A68EB70CA313022253B9A88DF5" ; - case ~hash:`SHA224 ~msg:"sample" + case ~hash:Digestif.sha224 ~msg:"sample" ~k:"562097C06782D60C3037BA7BE104774344687649" ~r:"4BC3B686AEA70145856814A6F1BB53346F02101E" ~s:"410697B92295D994D21EDD2F4ADA85566F6F94C1" ; - case ~hash:`SHA256 ~msg:"sample" + case ~hash:Digestif.sha256 ~msg:"sample" ~k:"519BA0546D0C39202A7D34D7DFA5E760B318BCFB" ~r:"81F2F5850BE5BC123C43F71A3033E9384611C545" ~s:"4CDD914B65EB6C66A8AAAD27299BEE6B035F5E89" ; - case ~hash:`SHA384 ~msg:"sample" + case ~hash:Digestif.sha384 ~msg:"sample" ~k:"95897CD7BBB944AA932DBC579C1C09EB6FCFC595" ~r:"07F2108557EE0E3921BC1774F1CA9B410B4CE65A" ~s:"54DF70456C86FAC10FAB47C1949AB83F2C6F7595" ; - case ~hash:`SHA512 ~msg:"sample" + case ~hash:Digestif.sha512 ~msg:"sample" ~k:"09ECE7CA27D0F5A4DD4E556C9DF1D21D28104F8B" ~r:"16C3491F9B8C3FBBDD5E7A7B667057F0D8EE8E1B" ~s:"02C36A127A7B89EDBB72E4FFBC71DABC7D4FC69C" ; - case ~hash:`SHA1 ~msg:"test" + case ~hash:Digestif.sha1 ~msg:"test" ~k:"5C842DF4F9E344EE09F056838B42C7A17F4A6433" ~r:"42AB2052FD43E123F0607F115052A67DCD9C5C77" ~s:"183916B0230D45B9931491D4C6B0BD2FB4AAF088" ; - case ~hash:`SHA224 ~msg:"test" + case ~hash:Digestif.sha224 ~msg:"test" ~k:"4598B8EFC1A53BC8AECD58D1ABBB0C0C71E67297" ~r:"6868E9964E36C1689F6037F91F28D5F2C30610F2" ~s:"49CEC3ACDC83018C5BD2674ECAAD35B8CD22940F" ; - case ~hash:`SHA256 ~msg:"test" + case ~hash:Digestif.sha256 ~msg:"test" ~k:"5A67592E8128E03A417B0484410FB72C0B630E1A" ~r:"22518C127299B0F6FDC9872B282B9E70D0790812" ~s:"6837EC18F150D55DE95B5E29BE7AF5D01E4FE160" ; - case ~hash:`SHA384 ~msg:"test" + case ~hash:Digestif.sha384 ~msg:"test" ~k:"220156B761F6CA5E6C9F1B9CF9C24BE25F98CD89" ~r:"854CF929B58D73C3CBFDC421E8D5430CD6DB5E66" ~s:"91D0E0F53E22F898D158380676A871A157CDA622" ; - case ~hash:`SHA512 ~msg:"test" + case ~hash:Digestif.sha512 ~msg:"test" ~k:"65D2C2EEB175E370F28C75BFCDC028D22C7DBE9C" ~r:"8EA47E475BA8AC6F2D821DA3BD212D11A3DEB9A0" ~s:"7C670C7AD72B6C050C109E1790008097125433E8" @@ -2303,54 +2302,54 @@ let rfc6979_dsa_2048 = let case ~msg ~hash ~k ~r ~s = test_rfc6979 ~priv ~msg ~k:(vx_str k) ~r:(vx_str r) ~s:(vx_str s) ~hash in [ - case ~hash:`SHA1 ~msg:"sample" + case ~hash:Digestif.sha1 ~msg:"sample" ~k:"888FA6F7738A41BDC9846466ABDB8174C0338250AE50CE955CA16230F9CBD53E" ~r:"3A1B2DBD7489D6ED7E608FD036C83AF396E290DBD602408E8677DAABD6E7445A" ~s:"D26FCBA19FA3E3058FFC02CA1596CDBB6E0D20CB37B06054F7E36DED0CDBBCCF" ; - case ~hash:`SHA224 ~msg:"sample" + case ~hash:Digestif.sha224 ~msg:"sample" ~k:"BC372967702082E1AA4FCE892209F71AE4AD25A6DFD869334E6F153BD0C4D806" ~r:"DC9F4DEADA8D8FF588E98FED0AB690FFCE858DC8C79376450EB6B76C24537E2C" ~s:"A65A9C3BC7BABE286B195D5DA68616DA8D47FA0097F36DD19F517327DC848CEC" ; - case ~hash:`SHA256 ~msg:"sample" + case ~hash:Digestif.sha256 ~msg:"sample" ~k:"8926A27C40484216F052F4427CFD5647338B7B3939BC6573AF4333569D597C52" ~r:"EACE8BDBBE353C432A795D9EC556C6D021F7A03F42C36E9BC87E4AC7932CC809" ~s:"7081E175455F9247B812B74583E9E94F9EA79BD640DC962533B0680793A38D53" ; - case ~hash:`SHA384 ~msg:"sample" + case ~hash:Digestif.sha384 ~msg:"sample" ~k:"C345D5AB3DA0A5BCB7EC8F8FB7A7E96069E03B206371EF7D83E39068EC564920" ~r:"B2DA945E91858834FD9BF616EBAC151EDBC4B45D27D0DD4A7F6A22739F45C00B" ~s:"19048B63D9FD6BCA1D9BAE3664E1BCB97F7276C306130969F63F38FA8319021B" ; - case ~hash:`SHA512 ~msg:"sample" + case ~hash:Digestif.sha512 ~msg:"sample" ~k:"5A12994431785485B3F5F067221517791B85A597B7A9436995C89ED0374668FC" ~r:"2016ED092DC5FB669B8EFB3D1F31A91EECB199879BE0CF78F02BA062CB4C942E" ~s:"D0C76F84B5F091E141572A639A4FB8C230807EEA7D55C8A154A224400AFF2351" ; - case ~hash:`SHA1 ~msg:"test" + case ~hash:Digestif.sha1 ~msg:"test" ~k:"6EEA486F9D41A037B2C640BC5645694FF8FF4B98D066A25F76BE641CCB24BA4F" ~r:"C18270A93CFC6063F57A4DFA86024F700D980E4CF4E2CB65A504397273D98EA0" ~s:"414F22E5F31A8B6D33295C7539C1C1BA3A6160D7D68D50AC0D3A5BEAC2884FAA" ; - case ~hash:`SHA224 ~msg:"test" + case ~hash:Digestif.sha224 ~msg:"test" ~k:"06BD4C05ED74719106223BE33F2D95DA6B3B541DAD7BFBD7AC508213B6DA6670" ~r:"272ABA31572F6CC55E30BF616B7A265312018DD325BE031BE0CC82AA17870EA3" ~s:"E9CC286A52CCE201586722D36D1E917EB96A4EBDB47932F9576AC645B3A60806" ; - case ~hash:`SHA256 ~msg:"test" + case ~hash:Digestif.sha256 ~msg:"test" ~k:"1D6CE6DDA1C5D37307839CD03AB0A5CBB18E60D800937D67DFB4479AAC8DEAD7" ~r:"8190012A1969F9957D56FCCAAD223186F423398D58EF5B3CEFD5A4146A4476F0" ~s:"7452A53F7075D417B4B013B278D1BB8BBD21863F5E7B1CEE679CF2188E1AB19E" ; - case ~hash:`SHA384 ~msg:"test" + case ~hash:Digestif.sha384 ~msg:"test" ~k:"206E61F73DBE1B2DC8BE736B22B079E9DACD974DB00EEBBC5B64CAD39CF9F91C" ~r:"239E66DDBE8F8C230A3D071D601B6FFBDFB5901F94D444C6AF56F732BEB954BE" ~s:"6BD737513D5E72FE85D1C750E0F73921FE299B945AAD1C802F15C26A43D34961" ; - case ~hash:`SHA512 ~msg:"test" + case ~hash:Digestif.sha512 ~msg:"test" ~k:"AFF1651E4CD6036D57AA8B2A05CCF1A9D5A40166340ECBBDC55BE10B568AA0AA" ~r:"89EC4BB1400ECCFF8E7D9AA515CD1DE7803F2DAFF09693EE7FD1353E90A68307" ~s:"C9F0BDABCC0D880BB137A994CC7F3980CE91CC10FAF529FC46565B15CEA854E1" diff --git a/tests/test_ec.ml b/tests/test_ec.ml index 609ee910..57715de8 100644 --- a/tests/test_ec.ml +++ b/tests/test_ec.ml @@ -249,14 +249,14 @@ let ecdsa_rfc6979_p256 = | Error _ -> false in Alcotest.(check bool __LOC__ true comparison) in - let case hash ~message ~k ~r ~s () = + let case (type a) (hash : a Digestif.hash) ~message ~k ~r ~s () = let msg = - let h = Mirage_crypto.Hash.digest hash (Cstruct.of_string message) in - Cstruct.to_string (Cstruct.sub h 0 (min (Cstruct.length h) 32)) + let h = Digestif.(digest_string hash message |> to_raw_string hash) in + String.sub h 0 (min (String.length h) 32) and k = of_hex k in let k' = - let module H = (val (Mirage_crypto.Hash.module_of hash)) in + let module H = (val Digestif.module_of hash) in let module K = P256.Dsa.K_gen (H) in K.generate ~key:priv msg in @@ -268,43 +268,43 @@ let ecdsa_rfc6979_p256 = Alcotest.(check bool __LOC__ true (sig_eq sig')) in let cases = [ - case `SHA1 ~message:"sample" + case Digestif.sha1 ~message:"sample" ~k:"882905F1227FD620FBF2ABF21244F0BA83D0DC3A9103DBBEE43A1FB858109DB4" ~r:"61340C88C3AAEBEB4F6D667F672CA9759A6CCAA9FA8811313039EE4A35471D32" ~s:"6D7F147DAC089441BB2E2FE8F7A3FA264B9C475098FDCF6E00D7C996E1B8B7EB" ; - case `SHA224 ~message:"sample" + case Digestif.sha224 ~message:"sample" ~k:"103F90EE9DC52E5E7FB5132B7033C63066D194321491862059967C715985D473" ~r:"53B2FFF5D1752B2C689DF257C04C40A587FABABB3F6FC2702F1343AF7CA9AA3F" ~s:"B9AFB64FDC03DC1A131C7D2386D11E349F070AA432A4ACC918BEA988BF75C74C" ; - case `SHA256 ~message:"sample" + case Digestif.sha256 ~message:"sample" ~k:"A6E3C57DD01ABE90086538398355DD4C3B17AA873382B0F24D6129493D8AAD60" ~r:"EFD48B2AACB6A8FD1140DD9CD45E81D69D2C877B56AAF991C34D0EA84EAF3716" ~s:"F7CB1C942D657C41D436C7A1B6E29F65F3E900DBB9AFF4064DC4AB2F843ACDA8" ; - case `SHA384 ~message:"sample" + case Digestif.sha384 ~message:"sample" ~k:"09F634B188CEFD98E7EC88B1AA9852D734D0BC272F7D2A47DECC6EBEB375AAD4" ~r:"0EAFEA039B20E9B42309FB1D89E213057CBF973DC0CFC8F129EDDDC800EF7719" ~s:"4861F0491E6998B9455193E34E7B0D284DDD7149A74B95B9261F13ABDE940954" ; - case `SHA512 ~message:"sample" + case Digestif.sha512 ~message:"sample" ~k:"5FA81C63109BADB88C1F367B47DA606DA28CAD69AA22C4FE6AD7DF73A7173AA5" ~r:"8496A60B5E9B47C825488827E0495B0E3FA109EC4568FD3F8D1097678EB97F00" ~s:"2362AB1ADBE2B8ADF9CB9EDAB740EA6049C028114F2460F96554F61FAE3302FE" ; - case `SHA1 ~message:"test" + case Digestif.sha1 ~message:"test" ~k:"8C9520267C55D6B980DF741E56B4ADEE114D84FBFA2E62137954164028632A2E" ~r:"0CBCC86FD6ABD1D99E703E1EC50069EE5C0B4BA4B9AC60E409E8EC5910D81A89" ~s:"01B9D7B73DFAA60D5651EC4591A0136F87653E0FD780C3B1BC872FFDEAE479B1" ; - case `SHA224 ~message:"test" + case Digestif.sha224 ~message:"test" ~k:"669F4426F2688B8BE0DB3A6BD1989BDAEFFF84B649EEB84F3DD26080F667FAA7" ~r:"C37EDB6F0AE79D47C3C27E962FA269BB4F441770357E114EE511F662EC34A692" ~s:"C820053A05791E521FCAAD6042D40AEA1D6B1A540138558F47D0719800E18F2D" ; - case `SHA256 ~message:"test" + case Digestif.sha256 ~message:"test" ~k:"D16B6AE827F17175E040871A1C7EC3500192C4C92677336EC2537ACAEE0008E0" ~r:"F1ABB023518351CD71D881567B1EA663ED3EFCF6C5132B354F28D3B0B7D38367" ~s:"019F4113742A2B14BD25926B49C649155F267E60D3814B4C0CC84250E46F0083" ; - case `SHA384 ~message:"test" + case Digestif.sha384 ~message:"test" ~k:"16AEFFA357260B04B1DD199693960740066C1A8F3E8EDD79070AA914D361B3B8" ~r:"83910E8B48BB0C74244EBDF7F07A1C5413D61472BD941EF3920E623FBCCEBEB6" ~s:"8DDBEC54CF8CD5874883841D712142A56A8D0F218F5003CB0296B6B509619F2C" ; - case `SHA512 ~message:"test" + case Digestif.sha512 ~message:"test" ~k:"6915D11632ACA3C40D5D51C08DAF9C555933819548784480E93499000D9F0B7F" ~r:"461D93F31B6540894788FD206C07CFA0CC35F46FA3C91816FFF1040AD1581A04" ~s:"39AF9F15DE0DB8D97E72719C74820D304CE5226E32DEDAE67519E840D1194E55" ; @@ -347,14 +347,14 @@ let ecdsa_rfc6979_p384 = in Alcotest.(check bool __LOC__ true comparison) in - let case hash ~message ~k ~r ~s () = + let case (type a) (hash : a Digestif.hash) ~message ~k ~r ~s () = let msg = - let h = Mirage_crypto.Hash.digest hash (Cstruct.of_string message) in - Cstruct.to_string (Cstruct.sub h 0 (min (Cstruct.length h) 48)) + let h = Digestif.(digest_string hash message |> to_raw_string hash) in + String.sub h 0 (min (String.length h) 48) and k = of_hex k in let k' = - let module H = (val (Mirage_crypto.Hash.module_of hash)) in + let module H = (val Digestif.module_of hash) in let module K = P384.Dsa.K_gen (H) in K.generate ~key:priv msg in @@ -366,7 +366,7 @@ let ecdsa_rfc6979_p384 = Alcotest.(check bool __LOC__ true (sig_eq sig')) in let cases = [ - case `SHA1 ~message:"sample" + case Digestif.sha1 ~message:"sample" ~k:"4471EF7518BB2C7C20F62EAE1C387AD0C5E8E470995DB4ACF694466E6AB09663 0F29E5938D25106C3C340045A2DB01A7" ~r:"EC748D839243D6FBEF4FC5C4859A7DFFD7F3ABDDF72014540C16D73309834FA3 @@ -374,7 +374,7 @@ let ecdsa_rfc6979_p384 = ~s:"A3BCFA947BEEF4732BF247AC17F71676CB31A847B9FF0CBC9C9ED4C1A5B3FACF 26F49CA031D4857570CCB5CA4424A443"; - case `SHA224 ~message:"sample" + case Digestif.sha224 ~message:"sample" ~k:"A4E4D2F0E729EB786B31FC20AD5D849E304450E0AE8E3E341134A5C1AFA03CAB 8083EE4E3C45B06A5899EA56C51B5879" ~r:"42356E76B55A6D9B4631C865445DBE54E056D3B3431766D0509244793C3F9366 @@ -382,7 +382,7 @@ let ecdsa_rfc6979_p384 = ~s:"9DA0C81787064021E78DF658F2FBB0B042BF304665DB721F077A4298B095E483 4C082C03D83028EFBF93A3C23940CA8D"; - case `SHA256 ~message:"sample" + case Digestif.sha256 ~message:"sample" ~k:"180AE9F9AEC5438A44BC159A1FCB277C7BE54FA20E7CF404B490650A8ACC414E 375572342863C899F9F2EDF9747A9B60" ~r:"21B13D1E013C7FA1392D03C5F99AF8B30C570C6F98D4EA8E354B63A21D3DAA33 @@ -390,7 +390,7 @@ let ecdsa_rfc6979_p384 = ~s:"F3AA443FB107745BF4BD77CB3891674632068A10CA67E3D45DB2266FA7D1FEEB EFDC63ECCD1AC42EC0CB8668A4FA0AB0"; - case `SHA384 ~message:"sample" + case Digestif.sha384 ~message:"sample" ~k:"94ED910D1A099DAD3254E9242AE85ABDE4BA15168EAF0CA87A555FD56D10FBCA 2907E3E83BA95368623B8C4686915CF9" ~r:"94EDBB92A5ECB8AAD4736E56C691916B3F88140666CE9FA73D64C4EA95AD133C @@ -398,7 +398,7 @@ let ecdsa_rfc6979_p384 = ~s:"99EF4AEB15F178CEA1FE40DB2603138F130E740A19624526203B6351D0A3A94F A329C145786E679E7B82C71A38628AC8"; - case `SHA512 ~message:"sample" + case Digestif.sha512 ~message:"sample" ~k:"92FC3C7183A883E24216D1141F1A8976C5B0DD797DFA597E3D7B32198BD35331 A4E966532593A52980D0E3AAA5E10EC3" ~r:"ED0959D5880AB2D869AE7F6C2915C6D60F96507F9CB3E047C0046861DA4A799C @@ -406,7 +406,7 @@ let ecdsa_rfc6979_p384 = ~s:"512C8CCEEE3890A84058CE1E22DBC2198F42323CE8ACA9135329F03C068E5112 DC7CC3EF3446DEFCEB01A45C2667FDD5"; - case `SHA1 ~message:"test" + case Digestif.sha1 ~message:"test" ~k:"66CC2C8F4D303FC962E5FF6A27BD79F84EC812DDAE58CF5243B64A4AD8094D47 EC3727F3A3C186C15054492E30698497" ~r:"4BC35D3A50EF4E30576F58CD96CE6BF638025EE624004A1F7789A8B8E43D0678 @@ -414,7 +414,7 @@ let ecdsa_rfc6979_p384 = ~s:"D5A6326C494ED3FF614703878961C0FDE7B2C278F9A65FD8C4B7186201A29916 95BA1C84541327E966FA7B50F7382282"; - case `SHA224 ~message:"test" + case Digestif.sha224 ~message:"test" ~k:"18FA39DB95AA5F561F30FA3591DC59C0FA3653A80DAFFA0B48D1A4C6DFCBFF6E 3D33BE4DC5EB8886A8ECD093F2935726" ~r:"E8C9D0B6EA72A0E7837FEA1D14A1A9557F29FAA45D3E7EE888FC5BF954B5E624 @@ -422,7 +422,7 @@ let ecdsa_rfc6979_p384 = ~s:"07041D4A7A0379AC7232FF72E6F77B6DDB8F09B16CCE0EC3286B2BD43FA8C614 1C53EA5ABEF0D8231077A04540A96B66"; - case `SHA256 ~message:"test" + case Digestif.sha256 ~message:"test" ~k:"0CFAC37587532347DC3389FDC98286BBA8C73807285B184C83E62E26C401C0FA A48DD070BA79921A3457ABFF2D630AD7" ~r:"6D6DEFAC9AB64DABAFE36C6BF510352A4CC27001263638E5B16D9BB51D451559 @@ -430,7 +430,7 @@ let ecdsa_rfc6979_p384 = ~s:"2D46F3BECBCC523D5F1A1256BF0C9B024D879BA9E838144C8BA6BAEB4B53B47D 51AB373F9845C0514EEFB14024787265"; - case `SHA384 ~message:"test" + case Digestif.sha384 ~message:"test" ~k:"015EE46A5BF88773ED9123A5AB0807962D193719503C527B031B4C2D225092AD A71F4A459BC0DA98ADB95837DB8312EA" ~r:"8203B63D3C853E8D77227FB377BCF7B7B772E97892A80F36AB775D509D7A5FEB @@ -438,7 +438,7 @@ let ecdsa_rfc6979_p384 = ~s:"DDD0760448D42D8A43AF45AF836FCE4DE8BE06B485E9B61B827C2F13173923E0 6A739F040649A667BF3B828246BAA5A5"; - case `SHA512 ~message:"test" + case Digestif.sha512 ~message:"test" ~k:"3780C4F67CB15518B6ACAE34C9F83568D2E12E47DEAB6C50A4E4EE5319D1E8CE 0E2CC8A136036DC4B9C00E6888F66B6C" ~r:"A0D5D090C9980FAF3C2CE57B7AE951D31977DD11C775D314AF55F76C676447D0 @@ -495,12 +495,12 @@ let ecdsa_rfc6979_p521 = in Alcotest.(check bool __LOC__ true comparison) in - let case hash ~message ~k ~r ~s () = - let msg = Cstruct.to_string (Mirage_crypto.Hash.digest hash (Cstruct.of_string message)) + let case (type a) (hash : a Digestif.hash) ~message ~k ~r ~s () = + let msg = Digestif.(digest_string hash message |> to_raw_string hash) and k = of_h k in let k' = - let module H = (val (Mirage_crypto.Hash.module_of hash)) in + let module H = (val Digestif.module_of hash) in let module K = P521.Dsa.K_gen (H) in K.generate ~key:priv msg in @@ -513,7 +513,7 @@ let ecdsa_rfc6979_p521 = in let _cases = [ - case `SHA1 ~message:"sample" + case Digestif.sha1 ~message:"sample" ~k:"089C071B419E1C2820962321787258469511958E80582E95D8378E0C2CCDB3CB 42BEDE42F50E3FA3C71F5A76724281D31D9C89F0F91FC1BE4918DB1C03A5838D 0F9" @@ -524,7 +524,7 @@ let ecdsa_rfc6979_p521 = 5694625FB9E8104D3B842C1B0E2D0B98BEA19341E8676AEF66AE4EBA3D5475D5 D16"; - case `SHA224 ~message:"sample" + case Digestif.sha224 ~message:"sample" ~k:"121415EC2CD7726330A61F7F3FA5DE14BE9436019C4DB8CB4041F3B54CF31BE0 493EE3F427FB906393D895A19C9523F3A1D54BB8702BD4AA9C99DAB2597B9211 3F3" @@ -535,7 +535,7 @@ let ecdsa_rfc6979_p521 = A41A666AF126CE100E5799B153B60528D5300D08489CA9178FB610A2006C254B 41F"; - case `SHA256 ~message:"sample" + case Digestif.sha256 ~message:"sample" ~k:"0EDF38AFCAAECAB4383358B34D67C9F2216C8382AAEA44A3DAD5FDC9C3257576 1793FEF24EB0FC276DFC4F6E3EC476752F043CF01415387470BCBD8678ED2C7E 1A0" @@ -546,7 +546,7 @@ let ecdsa_rfc6979_p521 = E4F7A72930B1BC06DBE22CE3F58264AFD23704CBB63B29B931F7DE6C9D949A7E CFC"; - case `SHA384 ~message:"sample" + case Digestif.sha384 ~message:"sample" ~k:"1546A108BC23A15D6F21872F7DED661FA8431DDBD922D0DCDB77CC878C8553FF AD064C95A920A750AC9137E527390D2D92F153E66196966EA554D9ADFCB109C4 211" @@ -557,7 +557,7 @@ let ecdsa_rfc6979_p521 = FDE143FA85DC394A7DEE766523393784484BDF3E00114A1C857CDE1AA203DB65 D61"; - case `SHA512 ~message:"sample" + case Digestif.sha512 ~message:"sample" ~k:"1DAE2EA071F8110DC26882D4D5EAE0621A3256FC8847FB9022E2B7D28E6F1019 8B1574FDD03A9053C08A1854A168AA5A57470EC97DD5CE090124EF52A2F7ECBF FD3" @@ -568,7 +568,7 @@ let ecdsa_rfc6979_p521 = 82623EAA63E5B5C0723D8B8C37FF0777B1A20F8CCB1DCCC43997F1EE0E44DA4A 67A"; - case `SHA1 ~message:"test" + case Digestif.sha1 ~message:"test" ~k:"0BB9F2BF4FE1038CCF4DABD7139A56F6FD8BB1386561BD3C6A4FC818B20DF5DD BA80795A947107A1AB9D12DAA615B1ADE4F7A9DC05E8E6311150F47F5C57CE8B 222" @@ -579,7 +579,7 @@ let ecdsa_rfc6979_p521 = F717A99EAD9D272855D00162EE9527567DD6A92CBD629805C0445282BBC91679 7FF"; - case `SHA224 ~message:"test" + case Digestif.sha224 ~message:"test" ~k:"040D09FCF3C8A5F62CF4FB223CBBB2B9937F6B0577C27020A99602C25A011369 87E452988781484EDBBCF1C47E554E7FC901BC3085E5206D9F619CFF07E73D6F 706" @@ -590,7 +590,7 @@ let ecdsa_rfc6979_p521 = BEC0F3BA04F35DB3E4263569EC6AADE8C92746E4C82F8299AE1B8F1739F8FD51 9A4"; - case `SHA256 ~message:"test" + case Digestif.sha256 ~message:"test" ~k:"01DE74955EFAABC4C4F17F8E84D881D1310B5392D7700275F82F145C61E84384 1AF09035BF7A6210F5A431A6A9E81C9323354A9E69135D44EBD2FCAA7731B909 258" @@ -601,7 +601,7 @@ let ecdsa_rfc6979_p521 = FDE00E88C1AD60CCBA759025299079D7A427EC3CC5B619BFBC828E7769BCD694 E86"; - case `SHA384 ~message:"test" + case Digestif.sha384 ~message:"test" ~k:"1F1FC4A349A7DA9A9E116BFDD055DC08E78252FF8E23AC276AC88B1770AE0B5D CEB1ED14A4916B769A523CE1E90BA22846AF11DF8B300C38818F713DADD85DE0 C88" @@ -612,7 +612,7 @@ let ecdsa_rfc6979_p521 = D94FE536A0DCA35534F0CD1510C41525D163FE9D74D134881E35141ED5E8E95B 979"; - case `SHA512 ~message:"test" + case Digestif.sha512 ~message:"test" ~k:"16200813020EC986863BEDFC1B121F605C1215645018AEA1A7B215A564DE9EB1 B38A67AA1128B80CE391C4FB71187654AAA3431027BFC7F395766CA988C964DC 56D" diff --git a/tests/test_entropy.ml b/tests/test_entropy.ml index 9f43687e..29f1e5e3 100644 --- a/tests/test_entropy.ml +++ b/tests/test_entropy.ml @@ -1,5 +1,5 @@ -let data = ref Cstruct.empty +let data = ref "" let cpu_bootstrap_check () = match Mirage_crypto_rng.Entropy.cpu_rng_bootstrap with @@ -12,8 +12,8 @@ let cpu_bootstrap_check () = for i = 0 to 10 do try let data' = cpu_rng_bootstrap 1 in - if Cstruct.equal !data data' then begin - Cstruct.hexdump data'; + if String.equal !data data' then begin + Cstruct.hexdump (Cstruct.of_string data'); failwith ("same data from CPU bootstrap at " ^ string_of_int i); end; data := data' @@ -23,8 +23,8 @@ let cpu_bootstrap_check () = let whirlwind_bootstrap_check () = for i = 0 to 10 do let data' = Mirage_crypto_rng.Entropy.whirlwind_bootstrap 1 in - if Cstruct.equal !data data' then begin - Cstruct.hexdump data'; + if String.equal !data data' then begin + Cstruct.hexdump (Cstruct.of_string data'); failwith ("same data from whirlwind bootstrap at " ^ string_of_int i); end; data := data' @@ -33,8 +33,8 @@ let whirlwind_bootstrap_check () = let timer_check () = for i = 0 to 10 do let data' = Mirage_crypto_rng.Entropy.interrupt_hook () () in - if Cstruct.equal !data data' then begin - Cstruct.hexdump data'; + if String.equal !data data' then begin + Cstruct.hexdump (Cstruct.of_string data'); failwith ("same data from timer at " ^ string_of_int i); end; data := data' diff --git a/tests/test_entropy_collection.ml b/tests/test_entropy_collection.ml index 631f156c..99e152be 100644 --- a/tests/test_entropy_collection.ml +++ b/tests/test_entropy_collection.ml @@ -10,12 +10,13 @@ module Printing_rng = struct let generate ~g:_ _n = assert false let reseed ~g:_ data = - Format.printf "reseeding: %a@.%!" Cstruct.hexdump_pp data + Format.printf "reseeding: %a@.%!" Cstruct.hexdump_pp (Cstruct.of_string data) let accumulate ~g:_ source = let print data = Format.printf "accumulate: (src: %a) %a@.%!" - Mirage_crypto_rng.Entropy.pp_source source Cstruct.hexdump_pp data + Mirage_crypto_rng.Entropy.pp_source source Cstruct.hexdump_pp + (Cstruct.of_string data) in `Acc print diff --git a/tests/test_numeric.ml b/tests/test_numeric.ml index 47b44889..5dc2878d 100644 --- a/tests/test_numeric.ml +++ b/tests/test_numeric.ml @@ -15,7 +15,7 @@ let n_encode_decode_selftest ~typ ~bound n = let n_decode_reencode_selftest ~typ ~bytes n = typ ^ " selftest" >:: times ~n @@ fun _ -> - let cs = Cstruct.to_string (Mirage_crypto_rng.generate bytes) in + let cs = Mirage_crypto_rng.generate bytes in let cs' = Z_extra.(to_octets_be ~size:bytes @@ of_octets_be cs) in assert_str_equal cs cs' diff --git a/tests/test_random_runner.ml b/tests/test_random_runner.ml index cee94d8e..4bb7fe37 100644 --- a/tests/test_random_runner.ml +++ b/tests/test_random_runner.ml @@ -3,15 +3,20 @@ open OUnit2 open Mirage_crypto open Test_common -open Test_common_random + +let sample arr = + let ix = + Randomconv.int ~bound:(Array.length arr) Mirage_crypto_rng.generate + in + arr.(ix) (* randomized selfies *) let ecb_selftest (m : (module Cipher_block.S.ECB)) n = let module C = ( val m ) in "selftest" >:: times ~n @@ fun _ -> - let data = Mirage_crypto_rng.generate (C.block_size * 8) - and key = C.of_secret @@ Mirage_crypto_rng.generate (sample C.key_sizes) in + let data = Cstruct.of_string (Mirage_crypto_rng.generate (C.block_size * 8)) + and key = C.of_secret @@ Cstruct.of_string (Mirage_crypto_rng.generate (sample C.key_sizes)) in let data' = C.( data |> encrypt ~key |> encrypt ~key |> decrypt ~key |> decrypt ~key ) in @@ -20,9 +25,9 @@ let ecb_selftest (m : (module Cipher_block.S.ECB)) n = let cbc_selftest (m : (module Cipher_block.S.CBC)) n = let module C = ( val m ) in "selftest" >:: times ~n @@ fun _ -> - let data = Mirage_crypto_rng.generate (C.block_size * 8) - and iv = Mirage_crypto_rng.generate C.block_size - and key = C.of_secret @@ Mirage_crypto_rng.generate (sample C.key_sizes) in + let data = Cstruct.of_string (Mirage_crypto_rng.generate (C.block_size * 8)) + and iv = Cstruct.of_string (Mirage_crypto_rng.generate C.block_size) + and key = C.of_secret @@ Cstruct.of_string (Mirage_crypto_rng.generate (sample C.key_sizes)) in assert_cs_equal ~msg:"CBC e->e->d->d" data C.( data |> encrypt ~key ~iv |> encrypt ~key ~iv |> decrypt ~key ~iv |> decrypt ~key ~iv ); @@ -36,9 +41,9 @@ let ctr_selftest (m : (module Cipher_block.S.CTR)) n = let module M = (val m) in let bs = M.block_size in "selftest" >:: times ~n @@ fun _ -> - let key = M.of_secret @@ Mirage_crypto_rng.generate (sample M.key_sizes) - and ctr = Mirage_crypto_rng.generate bs |> M.ctr_of_cstruct - and data = Mirage_crypto_rng.(generate @@ bs + Randomconv.int ~bound:(20 * bs) Mirage_crypto_rng.generate) in + let key = M.of_secret @@ Cstruct.of_string (Mirage_crypto_rng.generate (sample M.key_sizes)) + and ctr = Mirage_crypto_rng.generate bs |> Cstruct.of_string |> M.ctr_of_cstruct + and data = Cstruct.of_string Mirage_crypto_rng.(generate @@ bs + Randomconv.int ~bound:(20 * bs) Mirage_crypto_rng.generate) in let enc = M.encrypt ~key ~ctr data in let dec = M.decrypt ~key ~ctr enc in assert_cs_equal ~msg:"CTR e->d" data dec; @@ -51,11 +56,11 @@ let ctr_selftest (m : (module Cipher_block.S.CTR)) n = let ctr_offsets (type c) ~zero (m : (module Cipher_block.S.CTR with type ctr = c)) n = let module M = (val m) in "offsets" >:: fun _ -> - let key = M.of_secret @@ Mirage_crypto_rng.generate M.key_sizes.(0) in + let key = M.of_secret @@ Cstruct.of_string (Mirage_crypto_rng.generate M.key_sizes.(0)) in for i = 0 to n - 1 do let ctr = match i with | 0 -> M.add_ctr zero (-1L) - | _ -> Mirage_crypto_rng.generate M.block_size |> M.ctr_of_cstruct + | _ -> Mirage_crypto_rng.generate M.block_size |> Cstruct.of_string |> M.ctr_of_cstruct and gap = Randomconv.int ~bound:64 Mirage_crypto_rng.generate in let s1 = M.stream ~key ~ctr ((gap + 1) * M.block_size) and s2 = M.stream ~key ~ctr:(M.add_ctr ctr (Int64.of_int gap)) M.block_size in @@ -69,14 +74,14 @@ let xor_selftest n = let n = Randomconv.int ~bound:30 Mirage_crypto_rng.generate in let (x, y, z) = Mirage_crypto_rng.(generate n, generate n, generate n) in - let xyz = Uncommon.Cs.(xor (xor x y) z) - and xyz' = Uncommon.Cs.(xor x (xor y z)) in - let x1 = Uncommon.Cs.(xor xyz (xor y z)) - and x2 = Uncommon.Cs.(xor (xor z y) xyz) in + let xyz = Uncommon.(xor (xor x y) z) + and xyz' = Uncommon.(xor x (xor y z)) in + let x1 = Uncommon.(xor xyz (xor y z)) + and x2 = Uncommon.(xor (xor z y) xyz) in - assert_cs_equal ~msg:"assoc" xyz xyz' ; - assert_cs_equal ~msg:"invert" x x1 ; - assert_cs_equal ~msg:"commut" x1 x2 + assert_str_equal ~msg:"assoc" xyz xyz' ; + assert_str_equal ~msg:"invert" x x1 ; + assert_str_equal ~msg:"commut" x1 x2 let suite = "All" >::: [ diff --git a/tests/test_rsa.ml b/tests/test_rsa.ml index e0d79a91..5ee8ab63 100644 --- a/tests/test_rsa.ml +++ b/tests/test_rsa.ml @@ -5,26 +5,27 @@ open Mirage_crypto open Mirage_crypto_pk open Test_common -open Test_common_random let vz = Z.of_string_base 16 module Null = struct - type g = Cstruct.t ref + type g = string ref let block = 1 - let create ?time:_ () = ref Cstruct.empty + let create ?time:_ () = ref "" let generate ~g n = try - let (a, b) = Cstruct.split !g n in ( g := b ; a ) + let (a, b) = String.sub !g 0 n, String.sub !g n (String.length !g - n) in + g := b; + a with Invalid_argument _ -> raise Mirage_crypto_rng.Unseeded_generator - let reseed ~g cs = g := Cs.(!g <+> cs) + let reseed ~g buf = g := !g ^ buf - let seeded ~g = Cstruct.length !g > 0 + let seeded ~g = String.length !g > 0 let accumulate ~g _source = `Acc (reseed ~g) @@ -32,7 +33,7 @@ module Null = struct end let random_is seed = - Mirage_crypto_rng.create ~seed:(Cstruct.of_string seed) (module Null) + Mirage_crypto_rng.create ~seed:seed (module Null) let gen_rsa ~bits = let e = Z.(if bits < 24 then ~$3 else ~$0x10001) in @@ -85,16 +86,18 @@ let rsa_selftest ~bits n = let size = bits // 8 in let cs = Mirage_crypto_rng.generate size and i = 1 + Randomconv.int ~bound:(pred size) Mirage_crypto_rng.generate in - Cstruct.set_uint8 cs 0 0; - Cstruct.(set_uint8 cs i (get_uint8 cs i lor 2)); - cs in + let cs = Bytes.unsafe_of_string cs in + Bytes.set_uint8 cs 0 0; + Bytes.(set_uint8 cs i (get_uint8 cs i lor 2)); + Bytes.unsafe_to_string cs + in let key = gen_rsa ~bits in - let enc = Rsa.(encrypt ~key:(pub_of_priv key) (Cstruct.to_string msg)) in + let enc = Rsa.(encrypt ~key:(pub_of_priv key) msg) in let dec = Rsa.(decrypt ~key enc) in assert_str_equal ~msg:Printf.(sprintf "failed decryption with") - (Cstruct.to_string msg) dec + msg dec let show_key_size key = Printf.sprintf "(%d bits)" (Rsa.priv_bits key) @@ -107,7 +110,7 @@ let pkcs_message_for_bits bits = let rsa_pkcs1_encode_selftest ~bits n = "selftest" >:: times ~n @@ fun _ -> let key = gen_rsa ~bits - and msg = Cstruct.to_string (pkcs_message_for_bits bits) in + and msg = pkcs_message_for_bits bits in let sgn = Rsa.PKCS1.sig_encode ~key msg in match Rsa.(PKCS1.sig_decode ~key:(pub_of_priv key) sgn) with | None -> assert_failure ("unpad failure " ^ show_key_size key) @@ -118,7 +121,7 @@ let rsa_pkcs1_sign_selftest n = let open Hash.SHA1 in "selftest" >:: times ~n @@ fun _ -> let key = gen_rsa ~bits:(Rsa.PKCS1.min_key `SHA1) - and msg = Cstruct.to_string (Mirage_crypto_rng.generate 47) in + and msg = Mirage_crypto_rng.generate 47 in let pkey = Rsa.pub_of_priv key in assert_bool "invert 1" Rsa.PKCS1.( verify ~key:pkey ~hashp:any (`Message msg) @@ -130,7 +133,7 @@ let rsa_pkcs1_sign_selftest n = let rsa_pkcs1_encrypt_selftest ~bits n = "selftest" >:: times ~n @@ fun _ -> let key = gen_rsa ~bits - and msg = Cstruct.to_string (pkcs_message_for_bits bits) in + and msg = pkcs_message_for_bits bits in let enc = Rsa.(PKCS1.encrypt ~key:(pub_of_priv key) msg) in match Rsa.PKCS1.decrypt ~key enc with | None -> assert_failure ("unpad failure " ^ show_key_size key) @@ -138,30 +141,51 @@ let rsa_pkcs1_encrypt_selftest ~bits n = ~msg:("recovery failure " ^ show_key_size key) let rsa_oaep_encrypt_selftest ~bits n = - let hashes = [| `MD5; `SHA1; `SHA224; `SHA256 |] in + let module OAEP_MD5 = Rsa.OAEP (Digestif.MD5) in + let module OAEP_SHA1 = Rsa.OAEP (Digestif.SHA1) in + let module OAEP_SHA224 = Rsa.OAEP (Digestif.SHA224) in + let module OAEP_SHA256 = Rsa.OAEP (Digestif.SHA256) in + let module OAEP_SHA384 = Rsa.OAEP (Digestif.SHA384) in "selftest" >:: times ~n @@ fun _ -> - let module H = (val (Hash.module_of (sample hashes))) in - let module OAEP = Rsa.OAEP (H) in - let key = gen_rsa ~bits - and msg = Cstruct.to_string (Mirage_crypto_rng.generate (bits // 8 - 2 * H.digest_size - 2)) in - let enc = OAEP.encrypt ~key:(Rsa.pub_of_priv key) msg in - match OAEP.decrypt ~key enc with - | None -> assert_failure "unpad failure" - | Some dec -> assert_str_equal msg dec ~msg:"recovery failure" + let key = gen_rsa ~bits in + let msg = Mirage_crypto_rng.generate (bits // 8 - 2 * Digestif.MD5.digest_size - 2) in + let enc = OAEP_MD5.encrypt ~key:(Rsa.pub_of_priv key) msg in + (match OAEP_MD5.decrypt ~key enc with + | None -> assert_failure "unpad failure" + | Some dec -> assert_str_equal msg dec ~msg:"recovery failure"); + let msg = Mirage_crypto_rng.generate (bits // 8 - 2 * Digestif.SHA1.digest_size - 2) in + let enc = OAEP_SHA1.encrypt ~key:(Rsa.pub_of_priv key) msg in + (match OAEP_SHA1.decrypt ~key enc with + | None -> assert_failure "unpad failure" + | Some dec -> assert_str_equal msg dec ~msg:"recovery failure"); + let msg = Mirage_crypto_rng.generate (bits // 8 - 2 * Digestif.SHA224.digest_size - 2) in + let enc = OAEP_SHA224.encrypt ~key:(Rsa.pub_of_priv key) msg in + (match OAEP_SHA224.decrypt ~key enc with + | None -> assert_failure "unpad failure" + | Some dec -> assert_str_equal msg dec ~msg:"recovery failure"); + let msg = Mirage_crypto_rng.generate (bits // 8 - 2 * Digestif.SHA256.digest_size - 2) in + let enc = OAEP_SHA256.encrypt ~key:(Rsa.pub_of_priv key) msg in + (match OAEP_SHA256.decrypt ~key enc with + | None -> assert_failure "unpad failure" + | Some dec -> assert_str_equal msg dec ~msg:"recovery failure"); + let msg = Mirage_crypto_rng.generate (bits // 8 - 2 * Digestif.SHA384.digest_size - 2) in + let enc = OAEP_SHA384.encrypt ~key:(Rsa.pub_of_priv key) msg in + (match OAEP_SHA384.decrypt ~key enc with + | None -> assert_failure "unpad failure" + | Some dec -> assert_str_equal msg dec ~msg:"recovery failure") let rsa_pss_sign_selftest ~bits n = - let module Pss_sha1 = Rsa.PSS (Hash.SHA1) in - let open Hash.SHA1 in + let module Pss_sha1 = Rsa.PSS (Digestif.SHA1) in "selftest" >:: times ~n @@ fun _ -> let key = gen_rsa ~bits - and msg = Cstruct.to_string (Mirage_crypto_rng.generate 1024) in + and msg = Mirage_crypto_rng.generate 1024 in let pkey = Rsa.pub_of_priv key in - Pss_sha1.(verify ~key:pkey (`Message msg) - ~signature:(sign ~key (`Digest (Cstruct.to_string (digest (Cstruct.of_string msg)))))) - |> assert_bool "invert 1" ; - Pss_sha1.(verify ~key:pkey (`Digest (Cstruct.to_string (digest (Cstruct.of_string msg)))) - ~signature:(Pss_sha1.sign ~key (`Message msg))) - |> assert_bool "invert 2" + let dgst = Digestif.SHA1.(digest_string msg |> to_raw_string) in + let signature = Pss_sha1.sign ~key (`Digest dgst) in + Pss_sha1.(verify ~key:pkey (`Message msg) ~signature) |> assert_bool "invert 1" ; + Pss_sha1.(verify ~key:pkey (`Digest dgst) + ~signature:(Pss_sha1.sign ~key (`Message msg))) + |> assert_bool "invert 2" let rsa_pkcs1_cases = let key () = @@ -225,8 +249,8 @@ let rsa_pss_cases = and salt = "6f2841166a64471d4f0b8ed0dbb7db32161da13b" in - let case ~hash ~msg ~sgn = test_case @@ fun _ -> - let module H = (val (Hash.module_of hash)) in + let case (type a) ~(hash : a Digestif.hash) ~msg ~sgn = test_case @@ fun _ -> + let module H = (val Digestif.module_of hash) in let module Pss = Rsa.PSS (H) in let msg = vx_str msg and sgn = vx_str sgn and salt = vx_str salt in let key, public = key () in @@ -238,27 +262,27 @@ let rsa_pss_cases = "FIPS 186-2 Test Vectors (1024 bits)" >::: [ - case ~hash:`SHA1 + case ~hash:Digestif.sha1 ~msg:"1248f62a4389f42f7b4bb131053d6c88a994db2075b912ccbe3ea7dc611714f14e075c104858f2f6e6cfd6abdedf015a821d03608bf4eba3169a6725ec422cd9069498b5515a9608ae7cc30e3d2ecfc1db6825f3e996ce9a5092926bc1cf61aa42d7f240e6f7aa0edb38bf81aa929d66bb5d890018088458720d72d569247b0c" ~sgn:"682cf53c1145d22a50caa9eb1a9ba70670c5915e0fdfde6457a765de2a8fe12de9794172a78d14e668d498acedad616504bb1764d094607070080592c3a69c343d982bd77865873d35e24822caf43443cc10249af6a1e26ef344f28b9ef6f14e09ad839748e5148bcceb0fd2aa63709cb48975cbf9c7b49abc66a1dc6cb5b31a" - ; case ~hash:`SHA1 + ; case ~hash:Digestif.sha1 ~msg:"9968809a557bb4f892039ff2b6a0efcd06523624bc3b9ad359a7cf143c4942e874c797b9d37a563d436fe19d5db1aad738caa2617f87f50fc7fcf4361fc85212e89a9465e7f4c361982f64c8c5c0aa5258b9e94f6e934e8dac2ace7cd6095c909de85fe7b973632c384d0ebb165556050d28f236aee70e16b13a432d8a94c62b" ~sgn:"8f5ea7037367e0db75670504085790acd6d97d96f51e76df916a0c2e4cd66e1ab51c4cd8e2c3e4ef781f638ad65dc49c8d6d7f6930f80b6ae199ea283a8924925a50edab79bb3f34861ffa8b2f96fdf9f8cad3d3f8f025478c81f316da61b0d6a7f71b9068efdfb33c21983a922f4669280d8e84f963ff885ef56dd3f50381db" - ; case ~hash:`SHA224 + ; case ~hash:Digestif.sha224 ~msg:"1248f62a4389f42f7b4bb131053d6c88a994db2075b912ccbe3ea7dc611714f14e075c104858f2f6e6cfd6abdedf015a821d03608bf4eba3169a6725ec422cd9069498b5515a9608ae7cc30e3d2ecfc1db6825f3e996ce9a5092926bc1cf61aa42d7f240e6f7aa0edb38bf81aa929d66bb5d890018088458720d72d569247b0c" ~sgn:"53d859c9f10abf1c00284a4b55bf2bd84d8e313b4f3c35b8dec7bc3afe39b9b8a155418ead1931895769ce2340be2091f2385bbcf10d9e92bcf5d0e2960d10e792e7d865c64e50d19ffa13e52817d7d8d8db34392c2374a2e9b69184f92a4ad9b1b8bae99ca614d204b65a438e38dbbfc8c7cc44ed5677af70ce6c4f951f0244" - ; case ~hash:`SHA256 + ; case ~hash:Digestif.sha256 ~msg:"1248f62a4389f42f7b4bb131053d6c88a994db2075b912ccbe3ea7dc611714f14e075c104858f2f6e6cfd6abdedf015a821d03608bf4eba3169a6725ec422cd9069498b5515a9608ae7cc30e3d2ecfc1db6825f3e996ce9a5092926bc1cf61aa42d7f240e6f7aa0edb38bf81aa929d66bb5d890018088458720d72d569247b0c" ~sgn:"7b1d37278e549898d4084e2210c4a9961edfe7b5963550cca1904248c8681513539017820f0e9bd074b9f8a067b9fefff7f1fa20bf2d0c75015ff020b2210cc7f79034fedf68e8d44a007abf4dd82c26e8b00393723aea15abfbc22941c8cf79481718c008da713fb8f54cb3fca890bde1137314334b9b0a18515bfa48e5ccd0" - ; case ~hash:`SHA384 + ; case ~hash:Digestif.sha384 ~msg:"1248f62a4389f42f7b4bb131053d6c88a994db2075b912ccbe3ea7dc611714f14e075c104858f2f6e6cfd6abdedf015a821d03608bf4eba3169a6725ec422cd9069498b5515a9608ae7cc30e3d2ecfc1db6825f3e996ce9a5092926bc1cf61aa42d7f240e6f7aa0edb38bf81aa929d66bb5d890018088458720d72d569247b0c" ~sgn:"8f16c807bef3ed6f74ee7ff5c360a5428c6c2f105178b58ff7d073e566dad6e7718d3129c768cd5a9666de2b6c947177b45709dc7cd0f43b0ba6fc75578e1196acc15ca3afe4a78c144cb6885c1cc815f7f98925bc04ad2ff20fc1068b045d9450e2a1dcf5a161ceabba2b0b66c7354fdb80fa1d729e5f976387f24a697a7e56" - ; case ~hash:`SHA512 + ; case ~hash:Digestif.sha512 ~msg:"1248f62a4389f42f7b4bb131053d6c88a994db2075b912ccbe3ea7dc611714f14e075c104858f2f6e6cfd6abdedf015a821d03608bf4eba3169a6725ec422cd9069498b5515a9608ae7cc30e3d2ecfc1db6825f3e996ce9a5092926bc1cf61aa42d7f240e6f7aa0edb38bf81aa929d66bb5d890018088458720d72d569247b0c" ~sgn:"a833ba31634f8773e4fe6ea0c69e1a23766a939d34b32fc78b774b22e46a646c25e6e1062d234ed48b1aba0f830529ff6afc296cc8dc207bbc15391623beac5f6c3db557ca49d0e42c962de95b5ff548cff970f5c73f439cfe82d3907be60240f56b6a4259cc96dfd8fe02a0bfa26e0223f68214428fff0ae40162198cc5cbd1" ] From 8faf85df6e94b96d2f7d58d87e2393635da44b2e Mon Sep 17 00:00:00 2001 From: Hannes Mehnert Date: Tue, 5 Mar 2024 22:59:05 +0100 Subject: [PATCH 02/14] wycheproof: no Mirage_crypto.Hash --- tests/test_ec_wycheproof.ml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/tests/test_ec_wycheproof.ml b/tests/test_ec_wycheproof.ml index 84aee7eb..8d8010a1 100644 --- a/tests/test_ec_wycheproof.ml +++ b/tests/test_ec_wycheproof.ml @@ -268,8 +268,15 @@ let make_ecdsa_test curve key hash (tst : dsa_test) = let name = Printf.sprintf "%d - %s" tst.tcId tst.comment in let size = len curve in let msg = - let h = Mirage_crypto.Hash.digest hash (Cstruct.of_string tst.msg) in - Cstruct.to_string (Cstruct.sub h 0 (min size (Cstruct.length h))) + let dgst = + match hash with + | "SHA-256" -> Digestif.SHA256.(digest_string tst.msg |> to_raw_string) + | "SHA-384" -> Digestif.SHA384.(digest_string tst.msg |> to_raw_string) + | "SHA-512" -> Digestif.SHA512.(digest_string tst.msg |> to_raw_string) + | "SHA-224" -> Digestif.SHA224.(digest_string tst.msg |> to_raw_string) + | _ -> assert false + in + String.sub dgst 0 (min size (String.length dgst)) in let verified (r,s) = match curve with @@ -308,15 +315,8 @@ let make_ecdsa_test curve key hash (tst : dsa_test) = name, `Quick, f let to_ecdsa_tests (x : ecdsa_test_group) = - let hash = match x.sha with - | "SHA-256" -> `SHA256 - | "SHA-384" -> `SHA384 - | "SHA-512" -> `SHA512 - | "SHA-224" -> `SHA224 - | _ -> assert false - in List.map - (make_ecdsa_test x.key.curve x.key.uncompressed hash) + (make_ecdsa_test x.key.curve x.key.uncompressed x.sha) x.tests let ecdsa_tests file = From ef59028a23d6f907993e6a7da3c202e0eb26d016 Mon Sep 17 00:00:00 2001 From: Hannes Mehnert Date: Tue, 5 Mar 2024 23:21:37 +0100 Subject: [PATCH 03/14] minimize --- ec/dune | 2 +- mirage-crypto-ec.opam | 1 - mirage-crypto-rng-async.opam | 1 - mirage-crypto-rng-lwt.opam | 1 - tests/dune | 4 ++-- 5 files changed, 3 insertions(+), 6 deletions(-) diff --git a/ec/dune b/ec/dune index 098548ff..154a0406 100644 --- a/ec/dune +++ b/ec/dune @@ -1,7 +1,7 @@ (library (name mirage_crypto_ec) (public_name mirage-crypto-ec) - (libraries eqaf mirage-crypto mirage-crypto-rng digestif) + (libraries eqaf mirage-crypto-rng digestif) (foreign_stubs (language c) (names p256_stubs np256_stubs p384_stubs np384_stubs p521_stubs np521_stubs diff --git a/mirage-crypto-ec.opam b/mirage-crypto-ec.opam index e599c2ef..0a8551de 100644 --- a/mirage-crypto-ec.opam +++ b/mirage-crypto-ec.opam @@ -29,7 +29,6 @@ depends: [ "ocaml" {>= "4.08.0"} "dune-configurator" "eqaf" {>= "0.7"} - "mirage-crypto" {=version} "mirage-crypto-rng" {=version} "digestif" {>= "1.1.4"} "hex" {with-test} diff --git a/mirage-crypto-rng-async.opam b/mirage-crypto-rng-async.opam index 0e2b5577..890c6034 100644 --- a/mirage-crypto-rng-async.opam +++ b/mirage-crypto-rng-async.opam @@ -18,7 +18,6 @@ depends: [ "dune-configurator" {>= "2.0.0"} "async" {>= "v0.14"} "logs" - "mirage-crypto" {=version} "mirage-crypto-rng" {=version} ] available: os != "win32" diff --git a/mirage-crypto-rng-lwt.opam b/mirage-crypto-rng-lwt.opam index 358f7695..8705fb94 100644 --- a/mirage-crypto-rng-lwt.opam +++ b/mirage-crypto-rng-lwt.opam @@ -17,7 +17,6 @@ depends: [ "dune" {>= "2.7"} "duration" "logs" - "mirage-crypto" {=version} "mirage-crypto-rng" {=version} "mtime" {>= "1.0.0"} "lwt" {>= "4.0.0"} diff --git a/tests/dune b/tests/dune index 4fbf12e6..ef924251 100644 --- a/tests/dune +++ b/tests/dune @@ -46,7 +46,7 @@ (test (name test_ec) (modules test_ec) - (libraries test_common alcotest mirage-crypto mirage-crypto-ec mirage-crypto-rng.unix) + (libraries test_common alcotest mirage-crypto-ec mirage-crypto-rng.unix) (package mirage-crypto-ec)) (test @@ -57,7 +57,7 @@ ecdsa_secp384r1_sha384_test.json ecdsa_secp384r1_sha512_test.json ecdh_secp521r1_test.json ecdsa_secp521r1_sha512_test.json x25519_test.json eddsa_test.json) - (libraries alcotest mirage-crypto-ec wycheproof mirage-crypto) + (libraries alcotest mirage-crypto-ec wycheproof digestif) (package mirage-crypto-ec)) (tests From 813e0d8e4c5a6f23d84e9b5e1737dcc48d927432 Mon Sep 17 00:00:00 2001 From: Hannes Mehnert Date: Wed, 6 Mar 2024 19:53:43 +0100 Subject: [PATCH 04/14] rng: eio/async fixes --- rng/async/mirage_crypto_rng_async.ml | 4 ++-- rng/eio/mirage_crypto_rng_eio.ml | 6 +++--- tests/test_eio_entropy_collection.ml | 5 +++-- tests/test_entropy_collection_async.ml | 5 +++-- 4 files changed, 11 insertions(+), 9 deletions(-) diff --git a/rng/async/mirage_crypto_rng_async.ml b/rng/async/mirage_crypto_rng_async.ml index 495462bf..ad2e746c 100644 --- a/rng/async/mirage_crypto_rng_async.ml +++ b/rng/async/mirage_crypto_rng_async.ml @@ -34,7 +34,7 @@ let periodically_collect_getrandom_entropy time_source span = let idx = ref 0 in let f () = incr idx; - Cstruct.sub random (per_pool * (pred !idx)) per_pool + String.sub random (per_pool * (pred !idx)) per_pool in Entropy.feed_pools None source f) @@ -70,7 +70,7 @@ let initialize ?g ?time_source ?(sleep = Time_ns.Span.of_int_sec 1) generator = let init = Entropy.[ bootstrap ; whirlwind_bootstrap ; bootstrap ; getrandom_init ] in - List.mapi ~f:(fun i f -> f i) init |> Cstruct.concat + List.mapi ~f:(fun i f -> f i) init |> String.concat "" in let rng = create ?g ~seed ~time:(ns_since_epoch time_source) generator diff --git a/rng/eio/mirage_crypto_rng_eio.ml b/rng/eio/mirage_crypto_rng_eio.ml index 2aee4e10..e6095713 100644 --- a/rng/eio/mirage_crypto_rng_eio.ml +++ b/rng/eio/mirage_crypto_rng_eio.ml @@ -13,7 +13,7 @@ module Log = (val Logs.src_log src: Logs.LOG) let getrandom env i = let buf = Cstruct.create i in Eio.Flow.read_exact env#secure_random buf; - buf + Cstruct.to_string buf let getrandom_init env i = let data = getrandom env 128 in @@ -32,7 +32,7 @@ let periodically_feed_entropy env delta source = let idx = ref 0 in let f () = incr idx; - Cstruct.sub random (per_pool * (pred !idx)) per_pool + String.sub random (per_pool * (pred !idx)) per_pool in Entropy.feed_pools None source f in @@ -74,7 +74,7 @@ let run let seed = let init = Entropy.[ bootstrap ; whirlwind_bootstrap ; bootstrap ; getrandom_init env ] in - List.mapi (fun i f -> f i) init |> Cstruct.concat + List.mapi (fun i f -> f i) init |> String.concat "" in let time () = Eio.Stdenv.mono_clock env |> Eio.Time.Mono.now |> Mtime.to_uint64_ns diff --git a/tests/test_eio_entropy_collection.ml b/tests/test_eio_entropy_collection.ml index 1b7822e5..0f18284d 100644 --- a/tests/test_eio_entropy_collection.ml +++ b/tests/test_eio_entropy_collection.ml @@ -8,12 +8,13 @@ module Printing_rng = struct let pools = 1 let reseed ~g:_ data = - Format.printf "reseeding: %a@.%!" Cstruct.hexdump_pp data + Format.printf "reseeding: %a@.%!" Cstruct.hexdump_pp (Cstruct.of_string data) let accumulate ~g:_ source = let print data = Format.printf "accumulate: (src: %a) %a@.%!" - Mirage_crypto_rng.Entropy.pp_source source Cstruct.hexdump_pp data + Mirage_crypto_rng.Entropy.pp_source source Cstruct.hexdump_pp + (Cstruct.of_string data) in `Acc print end diff --git a/tests/test_entropy_collection_async.ml b/tests/test_entropy_collection_async.ml index a0857f96..d7908317 100644 --- a/tests/test_entropy_collection_async.ml +++ b/tests/test_entropy_collection_async.ml @@ -11,12 +11,13 @@ module Printing_rng = struct let generate ~g:_ _n = assert false let reseed ~g:_ data = - Format.printf "reseeding: %a@.%!" Cstruct.hexdump_pp data + Format.printf "reseeding: %a@.%!" Cstruct.hexdump_pp (Cstruct.of_string data) let accumulate ~g:_ source = let print data = Format.printf "accumulate: (src: %a) %a@.%!" - Mirage_crypto_rng.Entropy.pp_source source Cstruct.hexdump_pp data + Mirage_crypto_rng.Entropy.pp_source source Cstruct.hexdump_pp + (Cstruct.of_string data) in `Acc print From bce88e8ee19ad1565bdb84b1b381723d0c22b891 Mon Sep 17 00:00:00 2001 From: Hannes Mehnert Date: Wed, 6 Mar 2024 20:16:19 +0100 Subject: [PATCH 05/14] further rng async/eio fixes --- rng/async/mirage_crypto_rng_async.ml | 4 ++-- tests/test_eio_rng.ml | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/rng/async/mirage_crypto_rng_async.ml b/rng/async/mirage_crypto_rng_async.ml index ad2e746c..74335f60 100644 --- a/rng/async/mirage_crypto_rng_async.ml +++ b/rng/async/mirage_crypto_rng_async.ml @@ -34,7 +34,7 @@ let periodically_collect_getrandom_entropy time_source span = let idx = ref 0 in let f () = incr idx; - String.sub random (per_pool * (pred !idx)) per_pool + String.sub random ~pos:(per_pool * (pred !idx)) ~len:per_pool in Entropy.feed_pools None source f) @@ -70,7 +70,7 @@ let initialize ?g ?time_source ?(sleep = Time_ns.Span.of_int_sec 1) generator = let init = Entropy.[ bootstrap ; whirlwind_bootstrap ; bootstrap ; getrandom_init ] in - List.mapi ~f:(fun i f -> f i) init |> String.concat "" + List.mapi ~f:(fun i f -> f i) init |> String.concat ~sep:"" in let rng = create ?g ~seed ~time:(ns_since_epoch time_source) generator diff --git a/tests/test_eio_rng.ml b/tests/test_eio_rng.ml index 12ae89cd..713e8c46 100644 --- a/tests/test_eio_rng.ml +++ b/tests/test_eio_rng.ml @@ -4,8 +4,8 @@ let () = Eio_main.run @@ fun env -> Mirage_crypto_rng_eio.run (module Fortuna) env @@ fun () -> let random_num = Mirage_crypto_rng.generate 32 in - assert (Cstruct.length random_num = 32); - Printf.printf "32 bit random number: %S\n%!" (Cstruct.to_string random_num); + assert (String.length random_num = 32); + Printf.printf "32 bit random number: %S\n%!" random_num; let random_num = Mirage_crypto_rng.generate 16 in - assert (Cstruct.length random_num = 16); - Printf.printf "16 bit random number: %S\n%!" (Cstruct.to_string random_num); + assert (String.length random_num = 16); + Printf.printf "16 bit random number: %S\n%!" random_num; From 058ac88b01276ae957c8033b4c6913f821ca278e Mon Sep 17 00:00:00 2001 From: Hannes Mehnert Date: Wed, 6 Mar 2024 21:17:56 +0100 Subject: [PATCH 06/14] Update rng/hmac_drbg.ml MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Reynir Björnsson --- rng/hmac_drbg.ml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/rng/hmac_drbg.ml b/rng/hmac_drbg.ml index f9667490..8092eec4 100644 --- a/rng/hmac_drbg.ml +++ b/rng/hmac_drbg.ml @@ -7,9 +7,7 @@ module Make (H : Digestif.S) = struct let block = H.digest_size - let b x = String.make 1 (char_of_int x) - - let (bx00, bx01) = b 0x00, b 0x01 + let (bx00, bx01) = "\x00", "\x01" let k0 = String.make H.digest_size '\x00' and v0 = String.make H.digest_size '\x01' From 09dbc01f447eda5f24eeb28a3b7899c2b183d1d3 Mon Sep 17 00:00:00 2001 From: Hannes Mehnert Date: Wed, 6 Mar 2024 21:18:04 +0100 Subject: [PATCH 07/14] Update ec/mirage_crypto_ec.ml MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Reynir Björnsson --- ec/mirage_crypto_ec.ml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ec/mirage_crypto_ec.ml b/ec/mirage_crypto_ec.ml index 9798884b..4fab5348 100644 --- a/ec/mirage_crypto_ec.ml +++ b/ec/mirage_crypto_ec.ml @@ -628,7 +628,7 @@ module Make_dsa (Param : Parameters) (F : Fn) (P : Point) (S : Scalar) (H : Dige let g ~key msg = let g = Mirage_crypto_rng.create ~strict:true drbg in Mirage_crypto_rng.reseed ~g - (String.concat "" [ S.to_octets key ; msg ]); + (S.to_octets key ^ msg); g (* take qbit length, and ensure it is suitable for ECDSA (> 0 & < n) *) From 172f627d0a396b39b88e138459a9437742226e4c Mon Sep 17 00:00:00 2001 From: Hannes Mehnert Date: Wed, 6 Mar 2024 21:22:13 +0100 Subject: [PATCH 08/14] no b --- pk/rsa.ml | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/pk/rsa.ml b/pk/rsa.ml index 5a0e2e9c..cd268e5f 100644 --- a/pk/rsa.ml +++ b/pk/rsa.ml @@ -202,13 +202,11 @@ let encrypt ~key = reformat (pub_bits key) (encrypt_z ~key) let decrypt ?(crt_hardening=false) ?(mask=`Yes) ~key = reformat (priv_bits key) (decrypt_z ~crt_hardening ~mask ~key) -let b x = String.make 1 (char_of_int x) - (* OCaml 4.13 *) let string_get_uint8 buf idx = Bytes.get_uint8 (Bytes.unsafe_of_string buf) idx -let (bx00, bx01) = (b 0x00, b 0x01) +let bx00, bx01 = "\x00", "\x01" module PKCS1 = struct @@ -228,7 +226,7 @@ module PKCS1 = struct let pad ~mark ~padding k msg = let pad = padding (k - String.length msg - 3 |> imax min_pad) in - String.concat "" [ bx00 ; b mark ; pad ; bx00 ; msg ] + String.concat "" [ bx00 ; mark ; pad ; bx00 ; msg ] let unpad ~mark ~is_pad buf = let f = not &. is_pad in @@ -243,8 +241,8 @@ module PKCS1 = struct let pad_01 = let padding size = String.make size '\xff' in - pad ~mark:0x01 ~padding - let pad_02 ?g = pad ~mark:0x02 ~padding:(generate_with ?g ~f:((<>) 0x00)) + pad ~mark:"\x01" ~padding + let pad_02 ?g = pad ~mark:"\x02" ~padding:(generate_with ?g ~f:((<>) 0x00)) let unpad_01 = unpad ~mark:0x01 ~is_pad:((=) 0xff) let unpad_02 = unpad ~mark:0x02 ~is_pad:((<>) 0x00) @@ -428,7 +426,7 @@ module PSS (H: Digestif.S) = struct let hlen = H.digest_size - let bxbc = b 0xbc + let bxbc = "\xbc" let b0mask embits = 0xff lsr ((8 - embits mod 8) mod 8) From 3004f1c015d8616222cb26ae48055e2f467b2aa2 Mon Sep 17 00:00:00 2001 From: Hannes Mehnert Date: Wed, 6 Mar 2024 21:22:33 +0100 Subject: [PATCH 09/14] unsafe --- ec/mirage_crypto_ec.ml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ec/mirage_crypto_ec.ml b/ec/mirage_crypto_ec.ml index 4fab5348..51e03ecd 100644 --- a/ec/mirage_crypto_ec.ml +++ b/ec/mirage_crypto_ec.ml @@ -974,7 +974,7 @@ module Ed25519 = struct let h = Digestif.SHA512.(digest_string secret |> to_raw_string) in (* step 2 *) let s, rest = - Bytes.of_string (String.sub h 0 key_len), + Bytes.unsafe_of_string (String.sub h 0 key_len), String.sub h key_len (String.length h - key_len) in Bytes.set_uint8 s 0 ((Bytes.get_uint8 s 0) land 248); From 4664b90d2c53211a22214d0693f0416e5f56c284 Mon Sep 17 00:00:00 2001 From: Hannes Mehnert Date: Wed, 6 Mar 2024 21:23:05 +0100 Subject: [PATCH 10/14] rename cs to buf in fortuna --- rng/fortuna.ml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rng/fortuna.ml b/rng/fortuna.ml index 80bbd3da..66daf849 100644 --- a/rng/fortuna.ml +++ b/rng/fortuna.ml @@ -119,6 +119,6 @@ let add ~g (source, _) ~pool data = *) let accumulate ~g source = let pool = ref 0 in - `Acc (fun cs -> - add ~g source ~pool:!pool cs ; + `Acc (fun buf -> + add ~g source ~pool:!pool buf ; incr pool) From 72d4c4877add5f9d112210f93b859c2f67af15ef Mon Sep 17 00:00:00 2001 From: Hannes Mehnert Date: Mon, 11 Mar 2024 12:44:29 +0100 Subject: [PATCH 11/14] rng: provide a generate_into : ?g -> bytes -> ?off:int -> int -> unit and reimplement the generate in terms of generate_into this keeps the allocation at the API boundary if desired --- bench/speed.ml | 5 ++++- rng/fortuna.ml | 26 ++++++++++++++------------ rng/hmac_drbg.ml | 23 ++++++++++++++++------- rng/mirage_crypto_rng.mli | 13 ++++++++++--- rng/rng.ml | 23 +++++++++++++++-------- tests/test_eio_entropy_collection.ml | 2 +- tests/test_entropy_collection.ml | 2 +- tests/test_entropy_collection_async.ml | 2 +- tests/test_rsa.ml | 7 +++---- 9 files changed, 65 insertions(+), 38 deletions(-) diff --git a/bench/speed.ml b/bench/speed.ml index cb6b24ef..c344f230 100644 --- a/bench/speed.ml +++ b/bench/speed.ml @@ -27,6 +27,8 @@ let burn_period = 2.0 let sizes = [16; 64; 256; 1024; 8192] (* let sizes = [16] *) +let big_b = Bytes.create List.(hd (rev sizes)) + let burn f n = let cs = Cstruct.of_string (Mirage_crypto_rng.generate n) in let (t1, i1) = @@ -410,7 +412,8 @@ let benchmarks = [ let open Mirage_crypto_rng.Fortuna in let g = create () in reseed ~g "abcd" ; - throughput name (fun cs -> generate ~g (Cstruct.length cs))) ; + throughput name (fun cs -> + generate_into ~g big_b ~off:0 (Cstruct.length cs))) ; bm "md5" (fun name -> throughput name MD5.digest) ; bm "sha1" (fun name -> throughput name SHA1.digest) ; diff --git a/rng/fortuna.ml b/rng/fortuna.ml index 66daf849..6cd696df 100644 --- a/rng/fortuna.ml +++ b/rng/fortuna.ml @@ -64,15 +64,14 @@ let iter1 a f = f a let reseed ~g cs = reseedi ~g (iter1 cs) -let generate_rekey ~g bytes = - let b = bytes // block + 2 in +let generate_rekey ~g buf ~off len = + let b = len // block + 2 in let n = b * block in let r = Cstruct.to_string (AES_CTR.stream ~key:g.key ~ctr:g.ctr n) in - let r1 = String.sub r 0 bytes - and r2 = String.sub r (n - 32) 32 in + Bytes.blit_string r 0 buf off len; + let r2 = String.sub r (n - 32) 32 in set_key ~g r2 ; - g.ctr <- AES_CTR.add_ctr g.ctr (Int64.of_int b); - r1 + g.ctr <- AES_CTR.add_ctr g.ctr (Int64.of_int b) let add_pool_entropy g = if g.pool0_size > min_pool_size then @@ -94,14 +93,17 @@ let add_pool_entropy g = done end -let generate ~g bytes = +let generate_into ~g buf ~off len = add_pool_entropy g; if not (seeded ~g) then raise Rng.Unseeded_generator ; - let rec chunk acc = function - | i when i <= 0 -> acc - | n -> let n' = imin n 0x10000 in - chunk (generate_rekey ~g n' :: acc) (n - n') in - String.concat "" @@ chunk [] bytes + let rec chunk off = function + | i when i <= 0 -> () + | n -> + let n' = imin n 0x10000 in + generate_rekey ~g buf ~off n'; + chunk (off + n') (n - n') + in + chunk off len let _buf = Bytes.create 2 diff --git a/rng/hmac_drbg.ml b/rng/hmac_drbg.ml index 8092eec4..bb81b0d1 100644 --- a/rng/hmac_drbg.ml +++ b/rng/hmac_drbg.ml @@ -24,17 +24,26 @@ module Make (H : Digestif.S) = struct let v = H.hmac_string ~key:k v |> H.to_raw_string in g.k <- k ; g.v <- v ; g.seeded <- true - let generate ~g bytes = + let generate_into ~g buf ~off len = if not g.seeded then raise Rng.Unseeded_generator ; - let rec go acc k v = function - | 0 -> (v, String.concat "" @@ List.rev acc) + let rec go off k v = function + | 0 -> v (* unlikely this happens *) + | 1 -> + let v = H.hmac_string ~key:k v |> H.to_raw_string in + let len = + let rem = len mod H.digest_size in + if rem = 0 then H.digest_size else rem + in + Bytes.blit_string v 0 buf off len; + v | i -> let v = H.hmac_string ~key:k v |> H.to_raw_string in - go (v::acc) k v (pred i) in - let (v, buf) = go [] g.k g.v Mirage_crypto.Uncommon.(bytes // H.digest_size) in + Bytes.blit_string v 0 buf off H.digest_size; + go (off + H.digest_size) k v (pred i) + in + let v = go off g.k g.v Mirage_crypto.Uncommon.(len // H.digest_size) in g.k <- H.hmac_string ~key:g.k (v ^ bx00) |> H.to_raw_string; - g.v <- H.hmac_string ~key:g.k v |> H.to_raw_string; - String.sub buf 0 (Mirage_crypto.Uncommon.imax 0 bytes) + g.v <- H.hmac_string ~key:g.k v |> H.to_raw_string (* XXX *) let accumulate ~g:_ = invalid_arg "Implement Hmac_drbg.accumulate..." diff --git a/rng/mirage_crypto_rng.mli b/rng/mirage_crypto_rng.mli index 6a14fa2a..453ee193 100644 --- a/rng/mirage_crypto_rng.mli +++ b/rng/mirage_crypto_rng.mli @@ -156,9 +156,12 @@ module type Generator = sig val create : ?time:(unit -> int64) -> unit -> g (** Create a new, unseeded {{!g}g}. *) - val generate : g:g -> int -> string - (** [generate ~g n] produces [n] uniformly distributed random bytes, - updating the state of [g]. *) + val generate_into : g:g -> bytes -> off:int -> int -> unit + (** [generate_into ~g buf ~off n] produces [n] uniformly distributed random + bytes into [buf] at offset [off], updating the state of [g]. + + @raise Invalid_argument if buffer is too small (it must be: Bytes.length buf - off >= n) + *) val reseed : g:g -> string -> unit (** [reseed ~g bytes] directly updates [g]. Its new state depends both on @@ -231,6 +234,10 @@ val generate : ?g:g -> int -> string (** Invoke {{!Generator.generate}generate} on [g] or {{!generator}default generator}. *) +val generate_into : ?g:g -> bytes -> ?off:int -> int -> unit +(** Invoke {{!Generator.generate}generate} on [g] or + {{!generator}default generator}. The offset [off] defaults to 0. *) + val block : g option -> int (** {{!Generator.block}Block} size of [g] or {{!generator}default generator}. *) diff --git a/rng/rng.ml b/rng/rng.ml index f7e295c2..2ddaa4cd 100644 --- a/rng/rng.ml +++ b/rng/rng.ml @@ -36,13 +36,13 @@ let () = Printexc.register_printer (function module type Generator = sig type g - val block : int - val create : ?time:(unit -> int64) -> unit -> g - val generate : g:g -> int -> string - val reseed : g:g -> string -> unit + val block : int + val create : ?time:(unit -> int64) -> unit -> g + val generate_into : g:g -> bytes -> off:int -> int -> unit + val reseed : g:g -> string -> unit val accumulate : g:g -> source -> [`Acc of string -> unit] - val seeded : g:g -> bool - val pools : int + val seeded : g:g -> bool + val pools : int end type 'a generator = (module Generator with type g = 'a) @@ -67,8 +67,15 @@ let default_generator () = let get = function Some g -> g | None -> default_generator () -let generate ?(g = default_generator ()) n = - let Generator (g, _, m) = g in let module M = (val m) in M.generate ~g n +let generate_into ?(g = default_generator ()) b ?(off = 0) n = + let Generator (g, _, m) = g in + let module M = (val m) in + M.generate_into ~g b ~off n + +let generate ?g n = + let data = Bytes.create n in + generate_into ?g data ~off:0 n; + Bytes.unsafe_to_string data let reseed ?(g = default_generator ()) cs = let Generator (g, _, m) = g in let module M = (val m) in M.reseed ~g cs diff --git a/tests/test_eio_entropy_collection.ml b/tests/test_eio_entropy_collection.ml index 0f18284d..15e69af3 100644 --- a/tests/test_eio_entropy_collection.ml +++ b/tests/test_eio_entropy_collection.ml @@ -3,7 +3,7 @@ module Printing_rng = struct let block = 16 let create ?time:_ () = () - let generate ~g:_ _n = assert false + let generate_into ~g:_ _buf ~off:_ _len = assert false let seeded ~g:_ = true let pools = 1 diff --git a/tests/test_entropy_collection.ml b/tests/test_entropy_collection.ml index 99e152be..4905af8a 100644 --- a/tests/test_entropy_collection.ml +++ b/tests/test_entropy_collection.ml @@ -7,7 +7,7 @@ module Printing_rng = struct let create ?time:_ () = () - let generate ~g:_ _n = assert false + let generate_into ~g:_ _buf ~off:_ _len = assert false let reseed ~g:_ data = Format.printf "reseeding: %a@.%!" Cstruct.hexdump_pp (Cstruct.of_string data) diff --git a/tests/test_entropy_collection_async.ml b/tests/test_entropy_collection_async.ml index d7908317..f2beeccb 100644 --- a/tests/test_entropy_collection_async.ml +++ b/tests/test_entropy_collection_async.ml @@ -8,7 +8,7 @@ module Printing_rng = struct let create ?time:_ () = () - let generate ~g:_ _n = assert false + let generate_into ~g:_ _buf ~off:_ _len = assert false let reseed ~g:_ data = Format.printf "reseeding: %a@.%!" Cstruct.hexdump_pp (Cstruct.of_string data) diff --git a/tests/test_rsa.ml b/tests/test_rsa.ml index 5ee8ab63..f512ba4d 100644 --- a/tests/test_rsa.ml +++ b/tests/test_rsa.ml @@ -16,11 +16,10 @@ module Null = struct let create ?time:_ () = ref "" - let generate ~g n = + let generate_into ~g buf ~off n = try - let (a, b) = String.sub !g 0 n, String.sub !g n (String.length !g - n) in - g := b; - a + Bytes.blit_string !g 0 buf off n; + g := String.sub !g n (String.length !g - n) with Invalid_argument _ -> raise Mirage_crypto_rng.Unseeded_generator let reseed ~g buf = g := !g ^ buf From 2521630cecd485bf07019ca179048c511984b89a Mon Sep 17 00:00:00 2001 From: Hannes Mehnert Date: Mon, 11 Mar 2024 12:53:37 +0100 Subject: [PATCH 12/14] use rng.generate_into --- pk/z_extra.ml | 8 +++++--- src/uncommon.ml | 2 +- tests/test_rsa.ml | 12 ++++++------ 3 files changed, 12 insertions(+), 10 deletions(-) diff --git a/pk/z_extra.ml b/pk/z_extra.ml index ece5c53e..caf896f9 100644 --- a/pk/z_extra.ml +++ b/pk/z_extra.ml @@ -126,9 +126,11 @@ let set_msb bits buf = go bits 0 let gen_bits ?g ?(msb = 0) bits = - let res = Bytes.unsafe_of_string (Mirage_crypto_rng.generate ?g (bits // 8)) in - set_msb msb res ; - of_octets_be ~bits (Bytes.unsafe_to_string res) + let bytelen = bits // 8 in + let buf = Bytes.create bytelen in + Mirage_crypto_rng.generate_into ?g buf ~off:0 bytelen; + set_msb msb buf ; + of_octets_be ~bits (Bytes.unsafe_to_string buf) (* Invalid combinations of ~bits and ~msb will loop forever, but there is no * way to quickly determine upfront whether there are any primes in the diff --git a/src/uncommon.ml b/src/uncommon.ml index e186aaa8..ca23e16b 100644 --- a/src/uncommon.ml +++ b/src/uncommon.ml @@ -23,7 +23,7 @@ let xor_into src dst n = let xor a b = assert (String.length a = String.length b); - let b' = Bytes.copy (Bytes.unsafe_of_string b) in + let b' = Bytes.of_string b in xor_into a b' (Bytes.length b'); Bytes.unsafe_to_string b' diff --git a/tests/test_rsa.ml b/tests/test_rsa.ml index f512ba4d..9de56916 100644 --- a/tests/test_rsa.ml +++ b/tests/test_rsa.ml @@ -83,12 +83,12 @@ let rsa_selftest ~bits n = "selftest" >:: times ~n @@ fun _ -> let msg = let size = bits // 8 in - let cs = Mirage_crypto_rng.generate size - and i = 1 + Randomconv.int ~bound:(pred size) Mirage_crypto_rng.generate in - let cs = Bytes.unsafe_of_string cs in - Bytes.set_uint8 cs 0 0; - Bytes.(set_uint8 cs i (get_uint8 cs i lor 2)); - Bytes.unsafe_to_string cs + let buf = Bytes.create size in + Mirage_crypto_rng.generate_into buf ~off:0 size; + let i = 1 + Randomconv.int ~bound:(pred size) Mirage_crypto_rng.generate in + Bytes.set_uint8 buf 0 0; + Bytes.(set_uint8 buf i (get_uint8 buf i lor 2)); + Bytes.unsafe_to_string buf in let key = gen_rsa ~bits in let enc = Rsa.(encrypt ~key:(pub_of_priv key) msg) in From 1fad2306822f96e6d4911fec17127099d552cc58 Mon Sep 17 00:00:00 2001 From: Hannes Mehnert Date: Mon, 11 Mar 2024 13:14:36 +0100 Subject: [PATCH 13/14] address @reynir review comments --- rng/hmac_drbg.ml | 2 +- rng/mirage_crypto_rng.mli | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/rng/hmac_drbg.ml b/rng/hmac_drbg.ml index bb81b0d1..e48d7b5a 100644 --- a/rng/hmac_drbg.ml +++ b/rng/hmac_drbg.ml @@ -27,7 +27,7 @@ module Make (H : Digestif.S) = struct let generate_into ~g buf ~off len = if not g.seeded then raise Rng.Unseeded_generator ; let rec go off k v = function - | 0 -> v (* unlikely this happens *) + | 0 -> v | 1 -> let v = H.hmac_string ~key:k v |> H.to_raw_string in let len = diff --git a/rng/mirage_crypto_rng.mli b/rng/mirage_crypto_rng.mli index 453ee193..d1b92d49 100644 --- a/rng/mirage_crypto_rng.mli +++ b/rng/mirage_crypto_rng.mli @@ -230,14 +230,14 @@ val unset_default_generator : unit -> unit (** [unset_default_generator ()] sets the default generator to [None]. *) (**/**) -val generate : ?g:g -> int -> string -(** Invoke {{!Generator.generate}generate} on [g] or - {{!generator}default generator}. *) - val generate_into : ?g:g -> bytes -> ?off:int -> int -> unit (** Invoke {{!Generator.generate}generate} on [g] or {{!generator}default generator}. The offset [off] defaults to 0. *) +val generate : ?g:g -> int -> string +(** Invoke {generate_into} on [g] or {{!generator}default generator} and a + freshly allocated bytes buffer that is converted to a string. *) + val block : g option -> int (** {{!Generator.block}Block} size of [g] or {{!generator}default generator}. *) From 20ed49fc0be27b46d8a453f905204c74020917ef Mon Sep 17 00:00:00 2001 From: Hannes Mehnert Date: Mon, 11 Mar 2024 13:17:09 +0100 Subject: [PATCH 14/14] address @reynir review comments --- rng/mirage_crypto_rng.mli | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rng/mirage_crypto_rng.mli b/rng/mirage_crypto_rng.mli index d1b92d49..63aff42b 100644 --- a/rng/mirage_crypto_rng.mli +++ b/rng/mirage_crypto_rng.mli @@ -236,7 +236,7 @@ val generate_into : ?g:g -> bytes -> ?off:int -> int -> unit val generate : ?g:g -> int -> string (** Invoke {generate_into} on [g] or {{!generator}default generator} and a - freshly allocated bytes buffer that is converted to a string. *) + freshly allocated string. *) val block : g option -> int (** {{!Generator.block}Block} size of [g] or