diff --git a/.gitignore b/.gitignore index 593652df..518adf55 100644 --- a/.gitignore +++ b/.gitignore @@ -2,3 +2,4 @@ /_opam/ .merlin .devcontainer/data +*.install diff --git a/default.nix b/default.nix index c9814d66..c3f7b75f 100644 --- a/default.nix +++ b/default.nix @@ -1,7 +1,7 @@ with import { }; mkShell { - buildInputs = [ yarn zlib.dev zlib.out zlib zlib.all gmp gmp.dev pkgconfig openssl libev libevdev mariadb-client mariadb-connector-c postgresql ]; + buildInputs = [ yarn zlib.dev zlib.out zlib zlib.all gmp gmp.dev pkg-config openssl libev libevdev mariadb-client mariadb-connector-c postgresql ]; LD_LIBRARY_PATH = "${mariadb-connector-c}/lib/mariadb"; shellHook = "eval $(opam env)"; } diff --git a/dune-project b/dune-project index 24315097..864ec6ce 100644 --- a/dune-project +++ b/dune-project @@ -72,8 +72,10 @@ (>= v0.13.0)) (ppx_sexp_conv (>= v0.13.0)) - (nocrypto - (>= 0.5.4-2)) + (mirage-crypto + (>= 0.11.2)) + (mirage-crypto-rng + (>= 0.11.2)) (cstruct (>= 6.0.1)) (opium diff --git a/sihl.opam b/sihl.opam index 9839f174..d954bdef 100644 --- a/sihl.opam +++ b/sihl.opam @@ -36,7 +36,8 @@ depends: [ "uuidm" {>= "0.9.7"} "ppx_fields_conv" {>= "v0.13.0"} "ppx_sexp_conv" {>= "v0.13.0"} - "nocrypto" {>= "0.5.4-2"} + "mirage-crypto" {>= "0.11.2"} + "mirage-crypto-rng" {>= "0.11.2"} "cstruct" {>= "6.0.1"} "opium" {>= "0.20.0"} "cohttp-lwt-unix" {>= "2.5.4" & with-test} diff --git a/sihl/src/dune b/sihl/src/dune index 2eeee8e0..f3e41766 100644 --- a/sihl/src/dune +++ b/sihl/src/dune @@ -4,7 +4,7 @@ (libraries sexplib fmt fmt.tty logs logs.fmt lwt lwt.unix tsort conformist base64 yojson ppx_deriving_yojson.runtime safepass ptime ptime.clock.os jwto uuidm opium caqti-lwt caqti-lwt.unix str dune-build-info bos - containers nocrypto nocrypto.unix cstruct) + containers mirage-crypto mirage-crypto-rng cstruct) (preprocess (pps ppx_fields_conv ppx_deriving_yojson ppx_deriving.eq ppx_deriving.show ppx_deriving.make ppx_sexp_conv lwt_ppx))) diff --git a/sihl/src/web_csrf.ml b/sihl/src/web_csrf.ml index 4c93d0a2..5c17360d 100644 --- a/sihl/src/web_csrf.ml +++ b/sihl/src/web_csrf.ml @@ -33,7 +33,6 @@ let set token req = *) module Crypto = struct - let () = Nocrypto_entropy_unix.initialize () let block_size = 16 (** [token_length] is the amount of bytes used in the unencrypted CSRF tokens. *) @@ -52,7 +51,10 @@ module Crypto = struct end = struct type t = Cstruct.t - let make secret = secret |> Cstruct.of_string |> Nocrypto.Hash.SHA256.digest + let make secret = + secret |> Cstruct.of_string |> Mirage_crypto.Hash.SHA256.digest + ;; + let to_raw = CCFun.id end @@ -105,15 +107,15 @@ module Crypto = struct let to_struct = CCFun.id let from_struct ~with_secret value = - let open Nocrypto.Cipher_block.AES.ECB in + let open Mirage_crypto.Cipher_block.AES.ECB in let key = with_secret |> Secret.to_raw |> of_secret in encrypt ~key value ;; let from_struct_random ~with_secret value = - let open Nocrypto.Cipher_block.AES.CBC in + let open Mirage_crypto.Cipher_block.AES.CBC in let key = with_secret |> Secret.to_raw |> of_secret in - let iv = Nocrypto.Rng.generate block_size in + let iv = Mirage_crypto_rng.generate block_size in Cstruct.append iv @@ encrypt ~key ~iv value ;; end @@ -157,13 +159,13 @@ module Crypto = struct let equal_struct = equal let from_encrypted ~with_secret value = - let open Nocrypto.Cipher_block.AES.ECB in + let open Mirage_crypto.Cipher_block.AES.ECB in let key = with_secret |> Secret.to_raw |> of_secret in decrypt ~key (Encrypted_token.to_struct value) ;; let from_encrypted_random ~with_secret value = - let open Nocrypto.Cipher_block.AES.CBC in + let open Mirage_crypto.Cipher_block.AES.CBC in let key = with_secret |> Secret.to_raw |> of_secret in let iv, value = value @@ -229,7 +231,7 @@ let middleware ~with_secret:block_secret tkn ) | None -> - let value = Nocrypto.Rng.generate token_length in + let value = Mirage_crypto_rng.generate token_length in ( Encrypted_token.from_struct ~with_secret:block_secret value , Encrypted_token.from_struct_random ~with_secret:block_secret value ) in