Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

mirage-crypto-rng: use string instead of cstruct #212

Merged
merged 14 commits into from
Mar 11, 2024
Merged

mirage-crypto-rng: use string instead of cstruct #212

Show file tree
Hide file tree
Changes from 11 commits
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
c1e96c5
mirage-crypto-rng: use string instead of cstruct
hannesm Mar 5, 2024
8faf85d
wycheproof: no Mirage_crypto.Hash
hannesm Mar 5, 2024
ef59028
minimize
hannesm Mar 5, 2024
813e0d8
rng: eio/async fixes
hannesm Mar 6, 2024
bce88e8
further rng async/eio fixes
hannesm Mar 6, 2024
058ac88
Update rng/hmac_drbg.ml
hannesm Mar 6, 2024
09dbc01
Update ec/mirage_crypto_ec.ml
hannesm Mar 6, 2024
172f627
no b
hannesm Mar 6, 2024
3004f1c
unsafe
hannesm Mar 6, 2024
4664b90
rename cs to buf in fortuna
hannesm Mar 6, 2024
72d4c48
rng: provide a generate_into : ?g -> bytes -> ?off:int -> int -> unit
hannesm Mar 11, 2024
2521630
use rng.generate_into
hannesm Mar 11, 2024
1fad230
address @reynir review comments
hannesm Mar 11, 2024
20ed49f
address @reynir review comments
hannesm Mar 11, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
49 changes: 26 additions & 23 deletions bench/speed.ml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,8 +27,10 @@ let burn_period = 2.0
let sizes = [16; 64; 256; 1024; 8192]
(* let sizes = [16] *)

let big_b = Bytes.create List.(hd (rev sizes))

let burn f n =
let cs = Mirage_crypto_rng.generate n in
let cs = Cstruct.of_string (Mirage_crypto_rng.generate n) in
let (t1, i1) =
let rec loop it =
let t = Time.time ~n:it f cs in
Expand Down Expand Up @@ -78,7 +80,7 @@ let msg_str_32 = String.sub msg_str 0 32
let msg_str_48 = String.sub msg_str 0 48
let msg_str_65 = String.sub msg_str 0 65

module PSS = Mirage_crypto_pk.Rsa.PSS(Mirage_crypto.Hash.SHA256)
module PSS = Mirage_crypto_pk.Rsa.PSS(Digestif.SHA256)

let rsa_1024 =
let p = Z.of_string "10798561676627454710140432432014696449593673631094049392368450463276546091610832740190717321579865870896133380991892468262437092547408603618427685009427773"
Expand Down Expand Up @@ -356,61 +358,62 @@ let benchmarks = [
fst ecdh_shares);

bm "chacha20-poly1305" (fun name ->
let key = Mirage_crypto.Chacha20.of_secret (Mirage_crypto_rng.generate 32)
and nonce = Mirage_crypto_rng.generate 8 in
let key = Mirage_crypto.Chacha20.of_secret (Cstruct.of_string (Mirage_crypto_rng.generate 32))
and nonce = Cstruct.of_string (Mirage_crypto_rng.generate 8) in
throughput name (Mirage_crypto.Chacha20.authenticate_encrypt ~key ~nonce)) ;

bm "aes-128-ecb" (fun name ->
let key = AES.ECB.of_secret (Mirage_crypto_rng.generate 16) in
let key = AES.ECB.of_secret (Cstruct.of_string (Mirage_crypto_rng.generate 16)) in
throughput name (fun cs -> AES.ECB.encrypt ~key cs)) ;

bm "aes-128-cbc-e" (fun name ->
let key = AES.CBC.of_secret (Mirage_crypto_rng.generate 16)
and iv = Mirage_crypto_rng.generate 16 in
let key = AES.CBC.of_secret (Cstruct.of_string (Mirage_crypto_rng.generate 16))
and iv = Cstruct.of_string (Mirage_crypto_rng.generate 16) in
throughput name (fun cs -> AES.CBC.encrypt ~key ~iv cs)) ;

bm "aes-128-cbc-d" (fun name ->
let key = AES.CBC.of_secret (Mirage_crypto_rng.generate 16)
and iv = Mirage_crypto_rng.generate 16 in
let key = AES.CBC.of_secret (Cstruct.of_string (Mirage_crypto_rng.generate 16))
and iv = Cstruct.of_string (Mirage_crypto_rng.generate 16) in
throughput name (fun cs -> AES.CBC.decrypt ~key ~iv cs)) ;

bm "aes-128-ctr" (fun name ->
let key = Mirage_crypto_rng.generate 16 |> AES.CTR.of_secret
and ctr = Mirage_crypto_rng.generate 16 |> AES.CTR.ctr_of_cstruct in
let key = Mirage_crypto_rng.generate 16 |> Cstruct.of_string |> AES.CTR.of_secret
and ctr = Mirage_crypto_rng.generate 16 |> Cstruct.of_string |> AES.CTR.ctr_of_cstruct in
throughput name (fun cs -> AES.CTR.encrypt ~key ~ctr cs)) ;

bm "aes-128-gcm" (fun name ->
let key = AES.GCM.of_secret (Mirage_crypto_rng.generate 16)
and nonce = Mirage_crypto_rng.generate 12 in
let key = AES.GCM.of_secret (Cstruct.of_string (Mirage_crypto_rng.generate 16))
and nonce = Cstruct.of_string (Mirage_crypto_rng.generate 12) in
throughput name (fun cs -> AES.GCM.authenticate_encrypt ~key ~nonce cs));

bm "aes-128-ghash" (fun name ->
let key = AES.GCM.of_secret (Mirage_crypto_rng.generate 16)
and nonce = Mirage_crypto_rng.generate 12 in
let key = AES.GCM.of_secret (Cstruct.of_string (Mirage_crypto_rng.generate 16))
and nonce = Cstruct.of_string (Mirage_crypto_rng.generate 12) in
throughput name (fun cs -> AES.GCM.authenticate_encrypt ~key ~nonce ~adata:cs Cstruct.empty));

bm "aes-128-ccm" (fun name ->
let key = AES.CCM16.of_secret (Mirage_crypto_rng.generate 16)
and nonce = Mirage_crypto_rng.generate 10 in
let key = AES.CCM16.of_secret (Cstruct.of_string (Mirage_crypto_rng.generate 16))
and nonce = Cstruct.of_string (Mirage_crypto_rng.generate 10) in
throughput name (fun cs -> AES.CCM16.authenticate_encrypt ~key ~nonce cs));

bm "aes-192-ecb" (fun name ->
let key = AES.ECB.of_secret (Mirage_crypto_rng.generate 24) in
let key = AES.ECB.of_secret (Cstruct.of_string (Mirage_crypto_rng.generate 24)) in
throughput name (fun cs -> AES.ECB.encrypt ~key cs)) ;

bm "aes-256-ecb" (fun name ->
let key = AES.ECB.of_secret (Mirage_crypto_rng.generate 32) in
let key = AES.ECB.of_secret (Cstruct.of_string (Mirage_crypto_rng.generate 32)) in
throughput name (fun cs -> AES.ECB.encrypt ~key cs)) ;

bm "d3des-ecb" (fun name ->
let key = DES.ECB.of_secret (Mirage_crypto_rng.generate 24) in
let key = DES.ECB.of_secret (Cstruct.of_string (Mirage_crypto_rng.generate 24)) in
throughput name (fun cs -> DES.ECB.encrypt ~key cs)) ;

bm "fortuna" (fun name ->
let open Mirage_crypto_rng.Fortuna in
let g = create () in
reseed ~g (Cstruct.of_string "abcd") ;
throughput name (fun cs -> generate ~g (Cstruct.length cs))) ;
reseed ~g "abcd" ;
throughput name (fun cs ->
generate_into ~g big_b ~off:0 (Cstruct.length cs))) ;

bm "md5" (fun name -> throughput name MD5.digest) ;
bm "sha1" (fun name -> throughput name SHA1.digest) ;
Expand All @@ -434,7 +437,7 @@ let runv fs =


let () =
let seed = Cstruct.of_string "abcd" in
let seed = "abcd" in
let g = Mirage_crypto_rng.(create ~seed (module Fortuna)) in
Mirage_crypto_rng.set_default_generator g;
match Array.to_list Sys.argv with
Expand Down
2 changes: 1 addition & 1 deletion ec/dune
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
(library
(name mirage_crypto_ec)
(public_name mirage-crypto-ec)
(libraries eqaf mirage-crypto mirage-crypto-rng)
(libraries eqaf mirage-crypto-rng digestif)
(foreign_stubs
(language c)
(names p256_stubs np256_stubs p384_stubs np384_stubs p521_stubs np521_stubs
Expand Down
47 changes: 24 additions & 23 deletions ec/mirage_crypto_ec.ml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ module type Dsa = sig
val generate : ?g:Mirage_crypto_rng.g -> unit -> priv * pub
val sign : key:priv -> ?k:string -> string -> string * string
val verify : key:pub -> string * string -> string -> bool
module K_gen (H : Mirage_crypto.Hash.S) : sig
module K_gen (H : Digestif.S) : sig
val generate : key:priv -> string -> string
end
module Precompute : sig
Expand Down Expand Up @@ -270,7 +270,7 @@ module Make_point (P : Parameters) (F : Foreign) : Point = struct
| exception Invalid_argument _ -> None
| false -> Some (Fe.from_be_octets buf)

(** Convert cstruct coordinates to a finite point ensuring:
(** Convert coordinates to a finite point ensuring:
- x < p
- y < p
- y^2 = ax^3 + ax + b
Expand Down Expand Up @@ -507,7 +507,7 @@ module Make_dh (Param : Parameters) (P : Point) (S : Scalar) : Dh = struct
| Error _ as e -> e

let rec generate_private_key ?g () =
let candidate = Cstruct.to_string (Mirage_crypto_rng.generate ?g Param.byte_length) in
let candidate = Mirage_crypto_rng.generate ?g Param.byte_length in
match S.of_octets candidate with
| Ok secret -> secret
| Error _ -> generate_private_key ?g ()
Expand Down Expand Up @@ -594,7 +594,7 @@ module Make_Fn (P : Parameters) (F : Foreign_n) : Fn = struct
b_uts tmp
end

module Make_dsa (Param : Parameters) (F : Fn) (P : Point) (S : Scalar) (H : Mirage_crypto.Hash.S) = struct
module Make_dsa (Param : Parameters) (F : Fn) (P : Point) (S : Scalar) (H : Digestif.S) = struct
type priv = scalar

let byte_length = Param.byte_length
Expand All @@ -621,20 +621,20 @@ module Make_dsa (Param : Parameters) (F : Fn) (P : Point) (S : Scalar) (H : Mira
Bytes.unsafe_to_string res )

(* RFC 6979: compute a deterministic k *)
module K_gen (H : Mirage_crypto.Hash.S) = struct
module K_gen (H : Digestif.S) = struct
let drbg : 'a Mirage_crypto_rng.generator =
let module M = Mirage_crypto_rng.Hmac_drbg (H) in (module M)

let g ~key msg =
let g = Mirage_crypto_rng.create ~strict:true drbg in
Mirage_crypto_rng.reseed ~g
(Cstruct.of_string (String.concat "" [ S.to_octets key ; msg ]));
(S.to_octets key ^ msg);
g

(* take qbit length, and ensure it is suitable for ECDSA (> 0 & < n) *)
let gen g =
let rec go () =
let r = Cstruct.to_string (Mirage_crypto_rng.generate ~g Param.byte_length) in
let r = Mirage_crypto_rng.generate ~g Param.byte_length in
if S.is_in_range r then r else go ()
in
go ()
Expand All @@ -654,7 +654,7 @@ module Make_dsa (Param : Parameters) (F : Fn) (P : Point) (S : Scalar) (H : Mira
(* FIPS 186-4 B 4.2 *)
let d =
let rec one () =
match S.of_octets (Cstruct.to_string (Mirage_crypto_rng.generate ?g Param.byte_length)) with
match S.of_octets (Mirage_crypto_rng.generate ?g Param.byte_length) with
| Ok x -> x
| Error _ -> one ()
in
Expand Down Expand Up @@ -794,7 +794,7 @@ module P256 : Dh_dsa = struct
module S = Make_scalar(Params)(P)
module Dh = Make_dh(Params)(P)(S)
module Fn = Make_Fn(Params)(Foreign_n)
module Dsa = Make_dsa(Params)(Fn)(P)(S)(Mirage_crypto.Hash.SHA256)
module Dsa = Make_dsa(Params)(Fn)(P)(S)(Digestif.SHA256)
end

module P384 : Dh_dsa = struct
Expand Down Expand Up @@ -845,7 +845,7 @@ module P384 : Dh_dsa = struct
module S = Make_scalar(Params)(P)
module Dh = Make_dh(Params)(P)(S)
module Fn = Make_Fn(Params)(Foreign_n)
module Dsa = Make_dsa(Params)(Fn)(P)(S)(Mirage_crypto.Hash.SHA384)
module Dsa = Make_dsa(Params)(Fn)(P)(S)(Digestif.SHA384)
end

module P521 : Dh_dsa = struct
Expand Down Expand Up @@ -897,7 +897,7 @@ module P521 : Dh_dsa = struct
module S = Make_scalar(Params)(P)
module Dh = Make_dh(Params)(P)(S)
module Fn = Make_Fn(Params)(Foreign_n)
module Dsa = Make_dsa(Params)(Fn)(P)(S)(Mirage_crypto.Hash.SHA512)
module Dsa = Make_dsa(Params)(Fn)(P)(S)(Digestif.SHA512)
end

module X25519 = struct
Expand All @@ -918,7 +918,7 @@ module X25519 = struct
let public priv = scalar_mult priv basepoint

let gen_key ?compress:_ ?g () =
let secret = Cstruct.to_string (Mirage_crypto_rng.generate ?g key_len) in
let secret = Mirage_crypto_rng.generate ?g key_len in
secret, public secret

let secret_of_octets ?compress:_ s =
Expand Down Expand Up @@ -971,10 +971,12 @@ module Ed25519 = struct
let public secret =
(* section 5.1.5 *)
(* step 1 *)
let h = Mirage_crypto.Hash.SHA512.digest (Cstruct.of_string secret) in
let h = Digestif.SHA512.(digest_string secret |> to_raw_string) in
(* step 2 *)
let s, rest = Cstruct.split h key_len in
let s, rest = Cstruct.to_bytes s, Cstruct.to_string rest in
let s, rest =
Bytes.unsafe_of_string (String.sub h 0 key_len),
String.sub h key_len (String.length h - key_len)
in
Bytes.set_uint8 s 0 ((Bytes.get_uint8 s 0) land 248);
Bytes.set_uint8 s 31 (((Bytes.get_uint8 s 31) land 127) lor 64);
let s = Bytes.unsafe_to_string s in
Expand All @@ -1001,19 +1003,19 @@ module Ed25519 = struct
let pub_to_octets pub = pub

let generate ?g () =
let secret = Cstruct.to_string (Mirage_crypto_rng.generate ?g key_len) in
let secret = Mirage_crypto_rng.generate ?g key_len in
secret, pub_of_priv secret

let sign ~key msg =
(* section 5.1.6 *)
let pub, (s, prefix) = public key in
let r = Mirage_crypto.Hash.SHA512.digest (Cstruct.of_string (String.concat "" [ prefix; msg ])) in
let r = Cstruct.to_bytes r in
let r = Digestif.SHA512.(digest_string (String.concat "" [ prefix; msg ]) |> to_raw_string) in
let r = Bytes.unsafe_of_string r in
reduce_l r;
let r = Bytes.unsafe_to_string r in
let r_big = scalar_mult_base_to_bytes r in
let k = Mirage_crypto.Hash.SHA512.digest (Cstruct.of_string (String.concat "" [ r_big; pub; msg])) in
let k = Cstruct.to_bytes k in
let k = Digestif.SHA512.(digest_string (String.concat "" [ r_big; pub; msg]) |> to_raw_string) in
let k = Bytes.unsafe_of_string k in
reduce_l k;
let k = Bytes.unsafe_to_string k in
let s_out = muladd k s r in
Expand All @@ -1040,10 +1042,9 @@ module Ed25519 = struct
in
if s_smaller_l then begin
let k =
let data_to_hash = String.concat "" [ r ; key ; msg ] in
Mirage_crypto.Hash.SHA512.digest (Cstruct.of_string data_to_hash)
Digestif.SHA512.(digest_string (String.concat "" [ r ; key ; msg ]) |> to_raw_string)
in
let k = Cstruct.to_bytes k in
let k = Bytes.unsafe_of_string k in
reduce_l k;
let k = Bytes.unsafe_to_string k in
let success, r' = double_scalar_mult k key s in
Expand Down
2 changes: 1 addition & 1 deletion ec/mirage_crypto_ec.mli
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -129,7 +129,7 @@ module type Dsa = sig

(** [K_gen] can be instantiated over a hashing module to obtain an RFC6979
compliant [k]-generator for that hash. *)
module K_gen (H : Mirage_crypto.Hash.S) : sig
module K_gen (H : Digestif.S) : sig

val generate : key:priv -> string -> string
(** [generate ~key digest] deterministically takes the given private key
Expand Down
2 changes: 1 addition & 1 deletion mirage-crypto-ec.opam
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,8 +29,8 @@ depends: [
"ocaml" {>= "4.08.0"}
"dune-configurator"
"eqaf" {>= "0.7"}
"mirage-crypto" {=version}
"mirage-crypto-rng" {=version}
"digestif" {>= "1.1.4"}
"hex" {with-test}
"alcotest" {with-test & >= "0.8.1"}
"ppx_deriving_yojson" {with-test}
Expand Down
3 changes: 2 additions & 1 deletion mirage-crypto-pk.opam
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,9 +17,10 @@ depends: [
"ocaml" {>= "4.08.0"}
"dune" {>= "2.7"}
"ounit2" {with-test}
"randomconv" {with-test & >= "0.1.3"}
"randomconv" {with-test & >= "0.2.0"}
"mirage-crypto" {=version}
"mirage-crypto-rng" {=version}
"digestif" {>= "1.1.4"}
"zarith" {>= "1.13"}
"eqaf" {>= "0.8"}
]
Expand Down
1 change: 0 additions & 1 deletion mirage-crypto-rng-async.opam
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,6 @@ depends: [
"dune-configurator" {>= "2.0.0"}
"async" {>= "v0.14"}
"logs"
"mirage-crypto" {=version}
"mirage-crypto-rng" {=version}
]
available: os != "win32"
Expand Down
1 change: 0 additions & 1 deletion mirage-crypto-rng-eio.opam
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,6 @@ depends: [
"ocaml" {>= "5.0.0"}
"dune" {>= "2.7"}
"eio" {>= "0.12"}
"cstruct" {>= "6.0.0"}
"logs"
"mirage-crypto-rng" {=version}
"duration"
Expand Down
1 change: 0 additions & 1 deletion mirage-crypto-rng-lwt.opam
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,6 @@ depends: [
"dune" {>= "2.7"}
"duration"
"logs"
"mirage-crypto" {=version}
"mirage-crypto-rng" {=version}
"mtime" {>= "1.0.0"}
"lwt" {>= "4.0.0"}
Expand Down
1 change: 0 additions & 1 deletion mirage-crypto-rng-mirage.opam
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,6 @@ depends: [
"dune" {>= "2.7"}
"mirage-crypto-rng" {=version}
"duration"
"cstruct" {>= "4.0.0"}
"logs"
"lwt" {>= "4.0.0"}
"mirage-runtime" {>= "3.8.0"}
Expand Down
4 changes: 2 additions & 2 deletions mirage-crypto-rng.opam
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,11 +17,11 @@ depends: [
"dune" {>= "2.7"}
"dune-configurator" {>= "2.0.0"}
"duration"
"cstruct" {>= "6.0.0"}
"logs"
"mirage-crypto" {=version}
"digestif" {>= "1.1.4"}
"ounit2" {with-test}
"randomconv" {with-test & >= "0.1.3"}
"randomconv" {with-test & >= "0.2.0"}
]
conflicts: [ "mirage-runtime" {< "3.8.0"} ]
description: """
Expand Down
6 changes: 3 additions & 3 deletions pk/dsa.ml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -82,22 +82,22 @@ let generate ?g size =
{ p; q; gg; x; y }


module K_gen (H : Mirage_crypto.Hash.S) = struct
module K_gen (H : Digestif.S) = struct

let drbg : 'a Mirage_crypto_rng.generator =
let module M = Mirage_crypto_rng.Hmac_drbg (H) in (module M)

let z_gen ~key:{ q; x; _ } z =
let repr = Z_extra.to_octets_be ~size:(Z.numbits q // 8) in
let g = Mirage_crypto_rng.create ~strict:true drbg in
Mirage_crypto_rng.reseed ~g (Cstruct.of_string (repr x ^ repr Z.(z mod q)));
Mirage_crypto_rng.reseed ~g (repr x ^ repr Z.(z mod q));
Z_extra.gen_r ~g Z.one q

let generate ~key buf =
z_gen ~key (Z_extra.of_octets_be ~bits:(Z.numbits key.q) buf)
end

module K_gen_sha256 = K_gen (Mirage_crypto.Hash.SHA256)
module K_gen_sha256 = K_gen (Digestif.SHA256)

let sign_z ?(mask = `Yes) ?k:k0 ~key:({ p; q; gg; x; _ } as key) z =
let k = match k0 with Some k -> k | None -> K_gen_sha256.z_gen ~key z in
Expand Down
Loading
Loading