anil.recoil.org
forked from
gazagnaire.org/ocaml-crypto
upstream: https://github.com/mirage/mirage-crypto
Sync from monorepo
+10
-12
README.md
+10
-12
README.md
···
1
-
# mirage-crypto - Cryptographic primitives for MirageOS
2
3
-
%%VERSION%%
4
5
mirage-crypto is a small cryptographic library that puts emphasis on the
6
applicative style and ease of use. It includes basic ciphers (AES, 3DES, RC4,
···
13
14
Mirage-crypto is a fork of the
15
[ocaml-nocrypto](https://github.com/mirleft/ocaml-nocrypto) written by David
16
-
Kaloper. It was forked with the permission of the original author in order to
17
facilitate changes (e.g. build system) required by Mirage that the upstream
18
didn't have time to keep up with.
19
-
20
-
Mirage-crypto-rng embeds the former mirage-entropy opam package, which
21
-
implements various entropy sources:
22
-
- non-deterministic execution time (used at initial seeding, see the [whirlwind RNG paper](https://www.ieee-security.org/TC/SP2014/papers/Not-So-RandomNumbersinVirtualizedLinuxandtheWhirlwindRNG.pdf))
23
-
- a hook into the Lwt event loop that collects a timestamp of each event
24
-
- rdseed and rdrand (x86/x86-64 only)
25
-
26
-
[API documentation online](https://mirage.github.io/mirage-crypto/doc)
27
28
## Build
29
···
40
seed it.
41
42
```OCaml
43
-
let () = Mirage_crypto_rng_unix.use_default ()
44
```
···
1
+
# crypto - Cryptographic primitives for OCaml
2
3
+
> **Warning**: This is an experimental fork of [mirage-crypto](https://github.com/mirage/mirage-crypto).
4
+
> Do not use in production. Use [mirage-crypto](https://github.com/mirage/mirage-crypto) instead.
5
+
6
+
This fork renames the packages and removes Lwt/Miou dependencies, keeping only
7
+
Eio-compatible code. It is intended for experimentation only.
8
+
9
+
## Original mirage-crypto
10
11
mirage-crypto is a small cryptographic library that puts emphasis on the
12
applicative style and ease of use. It includes basic ciphers (AES, 3DES, RC4,
···
19
20
Mirage-crypto is a fork of the
21
[ocaml-nocrypto](https://github.com/mirleft/ocaml-nocrypto) written by David
22
+
Kaloper. It was forked with the permission of the original author in order to
23
facilitate changes (e.g. build system) required by Mirage that the upstream
24
didn't have time to keep up with.
25
26
## Build
27
···
38
seed it.
39
40
```OCaml
41
+
let () = Crypto_rng_unix.use_default ()
42
```
+1
-9
bench/dune
+1
-9
bench/dune
···
1
(executables
2
(names speed)
3
(modules speed)
4
-
(libraries mirage-crypto mirage-crypto-rng mirage-crypto-rng.unix
5
-
mirage-crypto-pk mirage-crypto-ec))
6
-
7
-
; marking as "(optional)" leads to OCaml-CI failures
8
-
; marking with "(package mirage-crypto-rng-miou-unix)" only has an effect with a "public_name"
9
-
;(executables
10
-
; (names miou)
11
-
; (modules miou)
12
-
; (libraries mirage-crypto-rng-miou-unix))
-91
bench/miou.ml
-91
bench/miou.ml
···
1
-
open Mirage_crypto
2
-
3
-
module Time = struct
4
-
5
-
let time ~n f a =
6
-
let t1 = Sys.time () in
7
-
for _ = 1 to n do ignore (f a) done ;
8
-
let t2 = Sys.time () in
9
-
(t2 -. t1)
10
-
11
-
let warmup () =
12
-
let x = ref 0 in
13
-
let rec go start =
14
-
if Sys.time () -. start < 1. then begin
15
-
for i = 0 to 10000 do x := !x + i done ;
16
-
go start
17
-
end in
18
-
go (Sys.time ())
19
-
20
-
end
21
-
22
-
let burn_period = 2.0
23
-
24
-
let sizes = [16; 64; 256; 1024; 8192]
25
-
(* let sizes = [16] *)
26
-
27
-
let burn f n =
28
-
let buf = Mirage_crypto_rng.generate n in
29
-
let (t1, i1) =
30
-
let rec loop it =
31
-
let t = Time.time ~n:it f buf in
32
-
if t > 0.2 then (t, it) else loop (it * 10) in
33
-
loop 10 in
34
-
let iters = int_of_float (float i1 *. burn_period /. t1) in
35
-
let time = Time.time ~n:iters f buf in
36
-
(iters, time, float (n * iters) /. time)
37
-
38
-
let mb = 1024. *. 1024.
39
-
40
-
let throughput title f =
41
-
Printf.printf "\n* [%s]\n%!" title ;
42
-
sizes |> List.iter @@ fun size ->
43
-
Gc.full_major () ;
44
-
let (iters, time, bw) = burn f size in
45
-
Printf.printf " % 5d: %04f MB/s (%d iters in %.03f s)\n%!"
46
-
size (bw /. mb) iters time
47
-
48
-
let bm name f = (name, fun () -> f name)
49
-
50
-
let benchmarks = [
51
-
bm "pfortuna" (fun name ->
52
-
let open Mirage_crypto_rng_miou_unix.Pfortuna in
53
-
Miou_unix.run ~domains:2 @@ fun () ->
54
-
let rng = Mirage_crypto_rng_miou_unix.(initialize (module Pfortuna)) in
55
-
let g = create () in
56
-
reseed ~g "abcd" ;
57
-
throughput name (fun buf ->
58
-
let buf = Bytes.unsafe_of_string buf in
59
-
generate_into ~g buf ~off:0 (Bytes.length buf));
60
-
Mirage_crypto_rng_miou_unix.kill rng) ;
61
-
]
62
-
63
-
let help () =
64
-
Printf.printf "available benchmarks:\n ";
65
-
List.iter (fun (n, _) -> Printf.printf "%s " n) benchmarks ;
66
-
Printf.printf "\n%!"
67
-
68
-
let runv fs =
69
-
Format.printf "accel: %a\n%!"
70
-
(fun ppf -> List.iter @@ fun x ->
71
-
Format.fprintf ppf "%s " @@
72
-
match x with `XOR -> "XOR" | `AES -> "AES" | `GHASH -> "GHASH")
73
-
accelerated;
74
-
Time.warmup () ;
75
-
List.iter (fun f -> f ()) fs
76
-
77
-
78
-
let () =
79
-
let seed = "abcd" in
80
-
let g = Mirage_crypto_rng.(create ~seed (module Fortuna)) in
81
-
Mirage_crypto_rng.set_default_generator g;
82
-
match Array.to_list Sys.argv with
83
-
| _::(_::_ as args) -> begin
84
-
try
85
-
let fs =
86
-
args |> List.map @@ fun n ->
87
-
snd (benchmarks |> List.find @@ fun (n1, _) -> n = n1) in
88
-
runv fs
89
-
with Not_found -> help ()
90
-
end
91
-
| _ -> help ()
···
+113
-113
bench/speed.ml
+113
-113
bench/speed.ml
···
1
-
open Mirage_crypto
2
3
module Time = struct
4
···
25
(* let sizes = [16] *)
26
27
let burn f n =
28
-
let buf = Mirage_crypto_rng.generate n in
29
let (t1, i1) =
30
let rec loop it =
31
let t = Time.time ~n:it f buf in
···
78
let msg_str_48 = String.sub msg_str 0 48
79
let msg_str_65 = String.sub msg_str 0 65
80
81
-
module PSS = Mirage_crypto_pk.Rsa.PSS(Digestif.SHA256)
82
83
let rsa_1024 =
84
let p = Z.of_string "10798561676627454710140432432014696449593673631094049392368450463276546091610832740190717321579865870896133380991892468262437092547408603618427685009427773"
85
and q = Z.of_string "10400664760062606994038747844895625872750212488858602663971334563613232045185857177383833781411830934303117994128623611996670112272953487791473086751129863"
86
and e = Z.of_string "65537"
87
in
88
-
match Mirage_crypto_pk.Rsa.priv_of_primes ~e ~p ~q with Ok r -> r | _ -> assert false
89
90
-
let enc_1024 = Mirage_crypto_pk.Rsa.(encrypt ~key:(pub_of_priv rsa_1024) msg_str)
91
92
let pkcs1_sig_1024 () =
93
-
Mirage_crypto_pk.Rsa.PKCS1.sign ~hash:`SHA256 ~key:rsa_1024 (`Message msg_str)
94
95
let pkcs1_enc_1024 () =
96
-
Mirage_crypto_pk.Rsa.(PKCS1.encrypt ~key:(pub_of_priv rsa_1024) msg_str)
97
98
let pss_sig_1024 () = PSS.sign ~key:rsa_1024 (`Message msg_str)
99
···
102
and q = Z.of_string "146461957885839900502732892013745315236120923895767594427579857452138451155393985820080680192640369593315439290134409437965406213465262989382655388410330601076036910359057156988645246773259111682038096388585157599977808854893528900530706460128823381760931962351810679571404043148961709991714582814015259432029"
103
and e = Z.of_string "65537"
104
in
105
-
match Mirage_crypto_pk.Rsa.priv_of_primes ~e ~p ~q with Ok r -> r | _ -> assert false
106
107
-
let enc_2048 = Mirage_crypto_pk.Rsa.(encrypt ~key:(pub_of_priv rsa_2048) msg_str)
108
109
let pkcs1_sig_2048 () =
110
-
Mirage_crypto_pk.Rsa.PKCS1.sign ~hash:`SHA256 ~key:rsa_2048 (`Message msg_str)
111
112
let pkcs1_enc_2048 () =
113
-
Mirage_crypto_pk.Rsa.(PKCS1.encrypt ~key:(pub_of_priv rsa_2048) msg_str)
114
115
let pss_sig_2048 () = PSS.sign ~key:rsa_2048 (`Message msg_str)
116
···
119
and q = Z.of_string "25905916162566396401205858643227945415345838368190515936191926936462899261314859092468495558719305083654714669527919862817831941531613073577910643681172802147392797914485263753968375221243705167910636382434485717071007054833155618588980128488599406663210791261135710551020276087851551652652612955553056226986980360600996201307035494196112173475664509878923172924086102889718336621725968169373963280305056864698229857913526607314633711315503607289470716733189135747457446349029256257187264165837635026903463931381823712962360342258652047970731347111703873301687821992467888598546386551115261010493902143134851640738743"
120
and e = Z.of_string "65537"
121
in
122
-
match Mirage_crypto_pk.Rsa.priv_of_primes ~e ~p ~q with Ok r -> r | _ -> assert false
123
124
-
let enc_4096 = Mirage_crypto_pk.Rsa.(encrypt ~key:(pub_of_priv rsa_4096) msg_str)
125
126
let pkcs1_sig_4096 () =
127
-
Mirage_crypto_pk.Rsa.PKCS1.sign ~hash:`SHA256 ~key:rsa_4096 (`Message msg_str)
128
129
let pkcs1_enc_4096 () =
130
-
Mirage_crypto_pk.Rsa.(PKCS1.encrypt ~key:(pub_of_priv rsa_4096) msg_str)
131
132
let pss_sig_4096 () = PSS.sign ~key:rsa_4096 (`Message msg_str)
133
···
138
and x = Z.of_string "33269272469299670210735451373406214067383586377"
139
and y = Z.of_string "43917635707590891841908570055721669604556135044554274942460553515946670787931699807386932177837523342760860376770220825997328312057886461226985675983491441562087492365801663397409369541614646669226917344513472367438132106373179011858311945451923744651780314133078253880297369792145807736223662521868826642853"
140
in
141
-
match Mirage_crypto_pk.Dsa.priv ~fips:true ~p ~q ~gg ~x ~y () with Ok p -> p | _ -> assert false
142
143
-
let dsa_sig_1024 () = Mirage_crypto_pk.Dsa.sign ~key:dsa_1024 msg_str
144
145
let dsa_2048 =
146
let p = Z.of_string "27787495469795504213817302334103600594688179071059183073859876165757248559489321478170600304273914000462158587756787453177210321379060448141559798652196363556897576291878245650614903612762833777567911000834171168229784178643222849655095281437320492725855855778320111645629834980350492228611813830302209080760811887894272862901026864911346096471199762409562102789142939773632891860019140618313962854554152891445175391927591825205548689170996430765723064763763481336517107917261869303217480777161449935319930795628114622197586510378927239068257979584784079128534248603619156372913573809491691986354447396965646770535701"
···
149
and x = Z.of_string "52860861934156228997899838985740859941028688506510055821449681896336427977580"
150
and y = Z.of_string "16697822339875604612001674517725789858937385326266245308648897963274039128000291572870559603618903431422492771498840266582664620626826186158140214481920146230768719356298465470274085841064126012204317638870338958089054809559680905413861272320951150917299685355736888023985398767858005440235842845908452598291689850063919053521400020402671375982259094019780813889586357332424647365679629398571364161673401249910198031061651183589601097975488702613291524957230624044246866866974886847601585171352897595544769649242723658395277456627024303041369757410970512818793143517329469213213147704583953410882515213978051041273924"
151
in
152
-
match Mirage_crypto_pk.Dsa.priv ~fips:true ~p ~q ~gg ~x ~y () with Ok p -> p | _ -> assert false
153
154
-
let dsa_sig_2048 () = Mirage_crypto_pk.Dsa.sign ~key:dsa_2048 msg_str
155
156
let dsa_3072 =
157
let p = Z.of_string "4944862491052787177238323499959371418651354629231656321315236369672827559263545931134286049323485061071828187289578269594065783019111035804017538871324004047710342711620233110167493989997579634523303899794913823240058891327833786211541568251787338957336540247816021098378292806006955851897646808403078979142749428669072523191276645021175423303816467433407072660616741824124536840773744646488191896772232795413707995397140064396495425700133866462410490239713815308709711960470201906326732033816522202617817869465691798938486540955726912350768931476362143768721380759395525951947017232778140349423557015356082357043807910825817719748257213281893007933859227824276579765323175836008193865064772817200047353825332039369252224256435661514851653526942065285711420907389170574343434449883875510985495078384130667046036846831401643151166834922210257258578675547742596423035828159461629721005113634334227074529533688136165903014911127"
···
160
and x = Z.of_string "57079433780483458942713357293831115449694380253611914431677328021806898761674"
161
and y = Z.of_string "2872172233173100601346399502391482510148300641600207189246652621232656647081281141886455256814187251102030580186748870087277263359506423691023579912476503628426574690699263443704236625550832436226673947182294798279064154375422081421444400893924415563728656687773617245084962617886701420982288621397340217078717788290878177343138178149109067141997920049624616209300715994802074480057682676445987819355778630849636079364539062466859717465892222793824712941403252645431023939220711618233660062829520555618350855085688062241702521140104357981881833598269736147371800258828202964600523335598361833482597511071900975835195171061421945579132277176597724513608746614358311884564512362186106480065540201711903122228315570389409204443391052987813355120223856839756971514334338065850104261467285471383663470187296456006848469765768400814476981451863643010333596484259098557995874127140419649424228480234701334240448168704764430867915060"
162
in
163
-
match Mirage_crypto_pk.Dsa.priv ~fips:true ~p ~q ~gg ~x ~y () with Ok p -> p | _ -> assert false
164
165
-
let dsa_sig_3072 () = Mirage_crypto_pk.Dsa.sign ~key:dsa_3072 msg_str
166
167
let dh_groups =
168
-
["oakley5 (1536)",Mirage_crypto_pk.Dh.Group.oakley_5;
169
-
"oakley14 (2048)",Mirage_crypto_pk.Dh.Group.oakley_14;
170
-
"ffdhe2048",Mirage_crypto_pk.Dh.Group.ffdhe2048;
171
-
"ffdhe3072",Mirage_crypto_pk.Dh.Group.ffdhe3072;
172
-
"ffdhe4096",Mirage_crypto_pk.Dh.Group.ffdhe4096;
173
-
"ffdhe6144",Mirage_crypto_pk.Dh.Group.ffdhe6144]
174
175
let dh_secrets =
176
List.map2 (fun (n, group) s ->
177
-
(n, group), Mirage_crypto_pk.Dh.key_of_secret group ~s)
178
dh_groups
179
-
(List.map (fun s -> Z.of_string s |> Mirage_crypto_pk.Z_extra.to_octets_be)
180
[
181
"31271182055444024732867835946284871743952969208281694762833912267184" ;
182
"27594341083884344999714422172371027333192426063917478556668524561591" ;
···
188
189
let ecdsa_p256 =
190
Result.get_ok
191
-
(Mirage_crypto_ec.P256.Dsa.priv_of_octets
192
"\x08\x9f\x4f\xfc\xcc\xf9\xba\x13\xfe\xdd\x09\x42\xef\x08\xcf\x2d\x90\x9f\x32\xe2\x93\x4a\xb5\xc9\x3b\x6c\x99\xbe\x5a\x9f\xf5\x27")
193
194
-
let ecdsa_p256_sig () = Mirage_crypto_ec.P256.Dsa.sign ~key:ecdsa_p256 msg_str_32
195
196
let ecdsa_p384 =
197
Result.get_ok
198
-
(Mirage_crypto_ec.P384.Dsa.priv_of_octets
199
"\xf5\xc0\xc9\xfb\x95\x17\x86\x41\xaf\x76\xf3\x83\x1f\x41\xe2\xd3\x7c\xfa\xaf\xff\xc7\xe6\x01\x72\xcf\xb0\x89\xfe\x60\x4b\x56\xa6\x1c\x7c\x31\xa6\x90\x4b\x3b\x5d\x08\x20\x7a\x4b\x81\xe2\x5e\xa5")
200
201
-
let ecdsa_p384_sig () = Mirage_crypto_ec.P384.Dsa.sign ~key:ecdsa_p384 msg_str_48
202
203
let ecdsa_p521 =
204
Result.get_ok
205
-
(Mirage_crypto_ec.P521.Dsa.priv_of_octets
206
"\x00\xb1\x8f\x60\xc0\x35\x2a\xd8\xe3\xef\x98\x2f\x1d\xdf\xcf\x6e\xec\x7f\xa6\xca\xf0\xe6\xf3\x68\x35\x4a\x8b\x02\xb2\xd8\xac\x1e\x05\x9e\x30\x98\x91\xe2\xbf\xa8\x57\x91\xa5\xe7\x1b\x40\xbd\xec\xbf\x90\x2b\xf2\x43\xdc\x3b\x00\x80\x49\x5c\xf4\xd9\x1c\x78\x72\x8b\xd5")
207
208
-
let ecdsa_p521_sig () = Mirage_crypto_ec.P521.Dsa.sign ~key:ecdsa_p521 msg_str_65
209
210
let ed25519 =
211
-
Result.get_ok (Mirage_crypto_ec.Ed25519.priv_of_octets
212
"\x3e\x0a\xb6\x82\x17\x12\x75\xc5\x69\xfc\xe9\xca\x8b\xcc\xd2\xd2\x77\x14\x54\xa2\x30\x0c\x35\x29\xf7\xa4\xd8\x0b\x84\x38\x83\xbc")
213
214
-
let ed25519_sig () = Mirage_crypto_ec.Ed25519.sign ~key:ed25519 msg_str
215
216
let ecdsas = [
217
("P256", `P256 (ecdsa_p256, ecdsa_p256_sig ()));
···
222
223
let ecdh_shares =
224
[
225
-
("P256", `P256 (Mirage_crypto_ec.P256.Dh.secret_of_octets "\x47\x0d\x57\x70\x6c\x77\x06\xb6\x8a\x3f\x42\x3a\xea\xf4\xff\x7f\xdd\x02\x49\x4a\x10\xd3\xe3\x81\xc3\xc1\x1f\x72\x76\x80\x2c\xdc" |> Result.get_ok |> fst,
226
"\x04\x11\xb3\xfc\x82\x72\x1c\x26\x9a\x19\x90\x9a\x3b\x2f\xc2\x6d\x98\x95\x82\x6d\x0c\xfc\xbc\x1f\x76\x26\xe4\x88\xf0\x1f\x4c\xa6\xb5\xc5\xed\x76\xad\xee\x7a\xf8\x1b\xb2\x0b\x17\xcf\x23\x1c\xbf\x0c\x67\xdb\x02\x95\xd6\x8d\x1d\x92\xc2\xd2\xa5\xa8\x06\x38\xd7\x8d"));
227
-
("P384", `P384 (Mirage_crypto_ec.P384.Dh.secret_of_octets "\xee\x55\xe2\x9b\x61\x75\x2d\x5a\x3e\x52\x56\x56\xdb\x8b\xd8\xfe\x6f\x94\xfa\xb8\xaa\xcc\x9e\x92\xac\xff\x4c\x48\x12\xbf\x7a\x61\x87\xab\xa4\x6c\xc6\x0a\xb8\xf0\x8e\xfc\xf2\xd5\x74\x58\x4b\x74" |> Result.get_ok |> fst,
228
"\x04\x04\x89\xcf\x24\xbc\x80\xbf\x89\xfd\xfe\x9c\x05\xec\xc3\x9f\x69\x16\xad\x45\x09\xd9\x39\x85\x97\x95\x0d\x3d\x24\xe8\x28\xf6\xbf\x56\xba\x4a\xd6\xd2\x1e\xd7\x86\x3b\xed\x68\xe4\x13\x36\x4b\xd4\xc7\xb1\xe9\x04\x7d\x36\x12\x4c\x69\x53\xbe\x7c\x61\x20\x9c\xb3\xfc\x56\x45\x2f\x73\x05\x29\x37\x83\xc7\xc0\xed\x92\x9d\x6c\x98\xc7\xbc\x97\xf6\x0a\x72\xed\x22\x69\xa8\xeb\x19\xbb\x7e\xe1\x31"));
229
-
("P521", `P521 (Mirage_crypto_ec.P521.Dh.secret_of_octets "\x00\xaa\x47\x0b\xa1\xcc\x84\x3b\xa3\x14\x82\x1e\x72\xde\x4c\xd2\x99\xae\xc1\xf2\x6e\x9d\x64\xa0\xd8\x7d\xb1\x8a\x3d\xa9\xf6\x5c\x45\xec\xfc\xc5\x61\x7f\xf0\xd7\x3b\x2e\x0e\x1c\xdf\xf8\x04\x8e\x01\xbe\x5e\x20\x14\x94\x12\xe7\xdb\xfa\xb7\xfe\xae\x24\x9b\x1b\xfa\x4d" |> Result.get_ok |> fst,
230
"\x04\x00\x1d\x16\x29\xee\xb1\xc4\x25\xf9\x04\xd7\x55\x33\x00\x79\xd1\x3c\x77\xda\x92\x1e\x01\xcf\x50\xd7\x17\xe0\xd6\x85\x0a\x81\xa3\x90\x2b\xb9\x2a\x03\xfa\xea\xcb\xd6\x28\x9c\x15\x90\x68\x5a\x60\x44\xb5\xe9\x4d\xcf\xc4\x1d\xeb\x6a\x88\xdb\x62\xa8\x91\xb0\xb8\x93\xbb\x00\xe4\x2a\x66\xb2\xf0\x13\xbd\xd0\xd2\x7d\x8e\x07\xcb\x35\xfc\x3e\x2c\x2b\x22\xf9\x3e\xcf\xd5\xea\xb7\x88\x61\x97\xca\x07\x3c\x2c\x5e\x68\x31\xd6\x5e\x2d\x0b\x8a\xa4\x08\x43\x8e\x49\x54\x2f\x05\xf4\x1c\x57\x6d\xf7\x0e\x3c\xaf\x5b\xb8\x22\x7d\x48\x30\x94\xae\x58"));
231
-
("X25519", `X25519 (Mirage_crypto_ec.X25519.secret_of_octets "\x4c\x6d\xb7\xcf\x93\x5b\xcf\x84\x02\x61\x78\xd4\x0c\x95\x6a\xf0\x9d\x8e\x36\x32\x03\x49\x0d\x2c\x41\x62\x5a\xcb\x68\xb9\x31\xa4" |> Result.get_ok |> fst,
232
"\xca\x19\x19\x3c\xf5\xc0\xb3\x8c\x61\xaa\x01\xc1\x72\xb2\xe9\x3d\x16\xf7\x50\xd0\x84\x62\x77\xad\x32\x2d\xe5\xe4\xfb\x33\x24\x29"));
233
]
234
···
237
let benchmarks = [
238
239
bm "rsa-generate" (fun name ->
240
-
count name (fun bits -> Mirage_crypto_pk.Rsa.generate ~bits ())
241
string_of_int [1024;2048;4096]) ;
242
243
bm "rsa-encrypt" (fun name ->
244
-
count name (fun key -> Mirage_crypto_pk.Rsa.(encrypt ~key:(pub_of_priv key) msg_str))
245
-
(fun k -> string_of_int (Mirage_crypto_pk.Rsa.priv_bits k))
246
[rsa_1024;rsa_2048;rsa_4096]) ;
247
248
bm "rsa-decrypt" (fun name ->
249
-
count name (fun (key, msg) -> Mirage_crypto_pk.Rsa.(decrypt ~key msg))
250
-
(fun (k, _) -> string_of_int (Mirage_crypto_pk.Rsa.priv_bits k))
251
[rsa_1024,enc_1024 ; rsa_2048,enc_2048 ; rsa_4096,enc_4096]) ;
252
253
bm "rsa-pkcs1-encrypt" (fun name ->
254
-
count name (fun key -> Mirage_crypto_pk.Rsa.(PKCS1.encrypt ~key:(pub_of_priv key) msg_str))
255
-
(fun k -> string_of_int (Mirage_crypto_pk.Rsa.priv_bits k))
256
[rsa_1024;rsa_2048;rsa_4096]) ;
257
258
bm "rsa-pkcs1-decrypt" (fun name ->
259
-
count name (fun (key, msg) -> Mirage_crypto_pk.Rsa.(PKCS1.decrypt ~key msg))
260
-
(fun (k, _) -> string_of_int (Mirage_crypto_pk.Rsa.priv_bits k))
261
[rsa_1024,pkcs1_enc_1024 () ; rsa_2048,pkcs1_enc_2048 () ; rsa_4096,pkcs1_enc_4096 ()]) ;
262
263
bm "rsa-pkcs1-sign" (fun name ->
264
-
count name (fun key -> Mirage_crypto_pk.Rsa.PKCS1.sign ~hash:`SHA256 ~key (`Message msg_str))
265
-
(fun k -> string_of_int (Mirage_crypto_pk.Rsa.priv_bits k))
266
[rsa_1024;rsa_2048;rsa_4096]) ;
267
268
bm "rsa-pkcs1-verify" (fun name ->
269
count name (fun (key, signature) ->
270
-
Mirage_crypto_pk.Rsa.(PKCS1.verify ~hashp:(fun _ -> true) ~key:(pub_of_priv key) ~signature (`Message msg_str)))
271
-
(fun (k, _) -> string_of_int (Mirage_crypto_pk.Rsa.priv_bits k))
272
[rsa_1024,pkcs1_sig_1024 () ; rsa_2048,pkcs1_sig_2048 () ; rsa_4096,pkcs1_sig_4096 ()]) ;
273
274
bm "rsa-pss-sign" (fun name ->
275
count name (fun key -> PSS.sign ~key (`Message msg_str))
276
-
(fun k -> string_of_int (Mirage_crypto_pk.Rsa.priv_bits k))
277
[rsa_1024;rsa_2048;rsa_4096]) ;
278
279
bm "rsa-pss-verify" (fun name ->
280
count name (fun (key, signature) ->
281
-
PSS.verify ~key:(Mirage_crypto_pk.Rsa.pub_of_priv key) ~signature (`Message msg_str))
282
-
(fun (k, _) -> string_of_int (Mirage_crypto_pk.Rsa.priv_bits k))
283
[rsa_1024,pss_sig_1024 () ; rsa_2048,pss_sig_2048 () ; rsa_4096,pss_sig_4096 ()]) ;
284
285
bm "dsa-generate" (fun name ->
286
-
count name (fun ks -> Mirage_crypto_pk.Dsa.generate ks)
287
(function `Fips1024 -> "1024" | `Fips2048 -> "2048" | `Fips3072 -> "3072" | `Exactly (l, _) -> string_of_int l)
288
[`Fips1024;`Fips2048;`Fips3072]);
289
290
bm "dsa-sign" (fun name ->
291
-
count name (fun key -> Mirage_crypto_pk.Dsa.sign ~key msg_str)
292
(fun k -> string_of_int (Z.numbits k.p))
293
[dsa_1024;dsa_2048;dsa_3072]);
294
295
bm "dsa-verify" (fun name ->
296
count name (fun (key, signature) ->
297
-
Mirage_crypto_pk.Dsa.(verify ~key:(pub_of_priv key) signature msg_str))
298
(fun (k, _) -> string_of_int (Z.numbits k.p))
299
[dsa_1024,dsa_sig_1024 () ; dsa_2048,dsa_sig_2048 () ; dsa_3072,dsa_sig_3072 ()]);
300
301
bm "ecdsa-generate" (fun name ->
302
-
let open Mirage_crypto_ec in
303
count name
304
(fun (_, x) -> match x with
305
| `P256 _ -> P256.Dsa.generate () |> ignore
···
310
fst ecdsas);
311
312
bm "ecdsa-sign" (fun name ->
313
-
let open Mirage_crypto_ec in
314
count name (fun (_, x) -> match x with
315
| `P256 (key, _) -> P256.Dsa.sign ~key msg_str_32
316
| `P384 (key, _) -> P384.Dsa.sign ~key msg_str_48
···
320
fst ecdsas);
321
322
bm "ecdsa-verify" (fun name ->
323
-
let open Mirage_crypto_ec in
324
count name (fun (_, x) -> match x with
325
| `P256 (key, signature) -> P256.Dsa.(verify ~key:(pub_of_priv key) signature msg_str_32)
326
| `P384 (key, signature) -> P384.Dsa.(verify ~key:(pub_of_priv key) signature msg_str_48)
···
329
) fst ecdsas);
330
331
bm "dh-secret" (fun name ->
332
-
count name (fun (_, group) -> Mirage_crypto_pk.Dh.gen_key group)
333
fst dh_groups);
334
335
bm "dh-share" (fun name ->
336
count name (fun (_, (sec, share)) ->
337
-
Mirage_crypto_pk.Dh.shared sec share)
338
(fun ((g, _), _) -> g) dh_secrets);
339
340
bm "ecdh-secret" (fun name ->
341
-
let open Mirage_crypto_ec in
342
count name (fun (_, x) -> match x with
343
| `P256 _ -> P256.Dh.gen_key () |> ignore
344
| `P384 _ -> P384.Dh.gen_key () |> ignore
···
347
fst ecdh_shares);
348
349
bm "ecdh-share" (fun name ->
350
-
let open Mirage_crypto_ec in
351
count name (fun (_, x) -> match x with
352
| `P256 (sec, share) -> P256.Dh.key_exchange sec share |> Result.get_ok |> ignore
353
| `P384 (sec, share) -> P384.Dh.key_exchange sec share |> Result.get_ok |> ignore
···
356
fst ecdh_shares);
357
358
bm "chacha20-poly1305" (fun name ->
359
-
let key = Chacha20.of_secret (Mirage_crypto_rng.generate 32)
360
-
and nonce = Mirage_crypto_rng.generate 8 in
361
throughput_into ~add:Chacha20.tag_size name
362
(fun dst cs -> Chacha20.authenticate_encrypt_into ~key ~nonce cs ~src_off:0 dst ~dst_off:0 ~tag_off:(String.length cs) (String.length cs))) ;
363
364
bm "chacha20-poly1305-unsafe" (fun name ->
365
-
let key = Chacha20.of_secret (Mirage_crypto_rng.generate 32)
366
-
and nonce = Mirage_crypto_rng.generate 8 in
367
throughput_into ~add:Chacha20.tag_size name
368
(fun dst cs -> Chacha20.unsafe_authenticate_encrypt_into ~key ~nonce cs ~src_off:0 dst ~dst_off:0 ~tag_off:(String.length cs) (String.length cs))) ;
369
370
bm "aes-128-ecb" (fun name ->
371
-
let key = AES.ECB.of_secret (Mirage_crypto_rng.generate 16) in
372
throughput_into name
373
(fun dst cs -> AES.ECB.encrypt_into ~key cs ~src_off:0 dst ~dst_off:0 (String.length cs))) ;
374
375
bm "aes-192-ecb" (fun name ->
376
-
let key = AES.ECB.of_secret (Mirage_crypto_rng.generate 24) in
377
throughput_into name (fun dst cs -> AES.ECB.encrypt_into ~key cs ~src_off:0 dst ~dst_off:0 (String.length cs))) ;
378
379
bm "aes-192-ecb-unsafe" (fun name ->
380
-
let key = AES.ECB.of_secret (Mirage_crypto_rng.generate 24) in
381
throughput_into name (fun dst cs -> AES.ECB.unsafe_encrypt_into ~key cs ~src_off:0 dst ~dst_off:0 (String.length cs))) ;
382
383
bm "aes-256-ecb" (fun name ->
384
-
let key = AES.ECB.of_secret (Mirage_crypto_rng.generate 32) in
385
throughput_into name (fun dst cs -> AES.ECB.encrypt_into ~key cs ~src_off:0 dst ~dst_off:0 (String.length cs))) ;
386
387
bm "aes-256-ecb-unsafe" (fun name ->
388
-
let key = AES.ECB.of_secret (Mirage_crypto_rng.generate 32) in
389
throughput_into name (fun dst cs -> AES.ECB.unsafe_encrypt_into ~key cs ~src_off:0 dst ~dst_off:0 (String.length cs))) ;
390
391
bm "aes-128-ecb-unsafe" (fun name ->
392
-
let key = AES.ECB.of_secret (Mirage_crypto_rng.generate 16) in
393
throughput_into name
394
(fun dst cs -> AES.ECB.unsafe_encrypt_into ~key cs ~src_off:0 dst ~dst_off:0 (String.length cs))) ;
395
396
bm "aes-128-cbc-e" (fun name ->
397
-
let key = AES.CBC.of_secret (Mirage_crypto_rng.generate 16)
398
-
and iv = Mirage_crypto_rng.generate 16 in
399
throughput_into name
400
(fun dst cs -> AES.CBC.encrypt_into ~key ~iv cs ~src_off:0 dst ~dst_off:0 (String.length cs))) ;
401
402
bm "aes-128-cbc-e-unsafe" (fun name ->
403
-
let key = AES.CBC.of_secret (Mirage_crypto_rng.generate 16)
404
-
and iv = Mirage_crypto_rng.generate 16 in
405
throughput_into name
406
(fun dst cs -> AES.CBC.unsafe_encrypt_into ~key ~iv cs ~src_off:0 dst ~dst_off:0 (String.length cs))) ;
407
408
bm "aes-128-cbc-e-unsafe-inplace" (fun name ->
409
-
let key = AES.CBC.of_secret (Mirage_crypto_rng.generate 16)
410
-
and iv = Mirage_crypto_rng.generate 16 in
411
throughput name
412
(fun cs ->
413
let b = Bytes.unsafe_of_string cs in
414
AES.CBC.unsafe_encrypt_into_inplace ~key ~iv b ~dst_off:0 (String.length cs))) ;
415
416
bm "aes-128-cbc-d" (fun name ->
417
-
let key = AES.CBC.of_secret (Mirage_crypto_rng.generate 16)
418
-
and iv = Mirage_crypto_rng.generate 16 in
419
throughput_into name
420
(fun dst cs -> AES.CBC.decrypt_into ~key ~iv cs ~src_off:0 dst ~dst_off:0 (String.length cs))) ;
421
422
bm "aes-128-cbc-d-unsafe" (fun name ->
423
-
let key = AES.CBC.of_secret (Mirage_crypto_rng.generate 16)
424
-
and iv = Mirage_crypto_rng.generate 16 in
425
throughput_into name
426
(fun dst cs -> AES.CBC.unsafe_decrypt_into ~key ~iv cs ~src_off:0 dst ~dst_off:0 (String.length cs))) ;
427
428
bm "aes-128-ctr" (fun name ->
429
-
let key = Mirage_crypto_rng.generate 16 |> AES.CTR.of_secret
430
-
and ctr = Mirage_crypto_rng.generate 16 |> AES.CTR.ctr_of_octets in
431
throughput_into name (fun dst cs -> AES.CTR.encrypt_into ~key ~ctr cs ~src_off:0 dst ~dst_off:0 (String.length cs))) ;
432
433
bm "aes-128-ctr-unsafe" (fun name ->
434
-
let key = Mirage_crypto_rng.generate 16 |> AES.CTR.of_secret
435
-
and ctr = Mirage_crypto_rng.generate 16 |> AES.CTR.ctr_of_octets in
436
throughput_into name (fun dst cs -> AES.CTR.unsafe_encrypt_into ~key ~ctr cs ~src_off:0 dst ~dst_off:0 (String.length cs))) ;
437
438
bm "aes-128-gcm" (fun name ->
439
-
let key = AES.GCM.of_secret (Mirage_crypto_rng.generate 16)
440
-
and nonce = Mirage_crypto_rng.generate 12 in
441
throughput_into ~add:AES.GCM.tag_size name
442
(fun dst cs -> AES.GCM.authenticate_encrypt_into ~key ~nonce cs ~src_off:0 dst ~dst_off:0 ~tag_off:(String.length cs) (String.length cs)));
443
444
bm "aes-128-gcm-unsafe" (fun name ->
445
-
let key = AES.GCM.of_secret (Mirage_crypto_rng.generate 16)
446
-
and nonce = Mirage_crypto_rng.generate 12 in
447
throughput_into ~add:AES.GCM.tag_size name
448
(fun dst cs -> AES.GCM.unsafe_authenticate_encrypt_into ~key ~nonce cs ~src_off:0 dst ~dst_off:0 ~tag_off:(String.length cs) (String.length cs)));
449
450
bm "aes-128-ghash" (fun name ->
451
-
let key = AES.GCM.of_secret (Mirage_crypto_rng.generate 16)
452
-
and nonce = Mirage_crypto_rng.generate 12 in
453
throughput_into ~add:AES.GCM.tag_size name
454
(fun dst cs -> AES.GCM.authenticate_encrypt_into ~key ~nonce ~adata:cs "" ~src_off:0 dst ~dst_off:0 ~tag_off:0 0));
455
456
bm "aes-128-ghash-unsafe" (fun name ->
457
-
let key = AES.GCM.of_secret (Mirage_crypto_rng.generate 16)
458
-
and nonce = Mirage_crypto_rng.generate 12 in
459
throughput_into ~add:AES.GCM.tag_size name
460
(fun dst cs -> AES.GCM.unsafe_authenticate_encrypt_into ~key ~nonce ~adata:cs "" ~src_off:0 dst ~dst_off:0 ~tag_off:0 0));
461
462
bm "aes-128-ccm" (fun name ->
463
-
let key = AES.CCM16.of_secret (Mirage_crypto_rng.generate 16)
464
-
and nonce = Mirage_crypto_rng.generate 10 in
465
throughput_into ~add:AES.CCM16.tag_size name
466
(fun dst cs -> AES.CCM16.authenticate_encrypt_into ~key ~nonce cs ~src_off:0 dst ~dst_off:0 ~tag_off:(String.length cs) (String.length cs)));
467
468
bm "aes-128-ccm-unsafe" (fun name ->
469
-
let key = AES.CCM16.of_secret (Mirage_crypto_rng.generate 16)
470
-
and nonce = Mirage_crypto_rng.generate 10 in
471
throughput_into ~add:AES.CCM16.tag_size name
472
(fun dst cs -> AES.CCM16.unsafe_authenticate_encrypt_into ~key ~nonce cs ~src_off:0 dst ~dst_off:0 ~tag_off:(String.length cs) (String.length cs)));
473
474
bm "d3des-ecb" (fun name ->
475
-
let key = DES.ECB.of_secret (Mirage_crypto_rng.generate 24) in
476
throughput_into name (fun dst cs -> DES.ECB.encrypt_into ~key cs ~src_off:0 dst ~dst_off:0 (String.length cs))) ;
477
478
bm "d3des-ecb-unsafe" (fun name ->
479
-
let key = DES.ECB.of_secret (Mirage_crypto_rng.generate 24) in
480
throughput_into name (fun dst cs -> DES.ECB.unsafe_encrypt_into ~key cs ~src_off:0 dst ~dst_off:0 (String.length cs))) ;
481
482
bm "fortuna" (fun name ->
483
begin[@alert "-deprecated"]
484
-
Mirage_crypto_rng_unix.initialize (module Mirage_crypto_rng.Fortuna);
485
throughput name (fun buf ->
486
let buf = Bytes.unsafe_of_string buf in
487
-
Mirage_crypto_rng.generate_into buf ~off:0 (Bytes.length buf))
488
end);
489
490
bm "getentropy" (fun name ->
491
-
Mirage_crypto_rng_unix.use_getentropy ();
492
throughput name (fun buf ->
493
let buf = Bytes.unsafe_of_string buf in
494
-
Mirage_crypto_rng.generate_into buf ~off:0 (Bytes.length buf))) ;
495
496
bm "urandom" (fun name ->
497
-
Mirage_crypto_rng_unix.use_dev_urandom ();
498
throughput name (fun buf ->
499
let buf = Bytes.unsafe_of_string buf in
500
-
Mirage_crypto_rng.generate_into buf ~off:0 (Bytes.length buf))) ;
501
]
502
503
let help () =
···
517
518
let () =
519
let seed = "abcd" in
520
-
let g = Mirage_crypto_rng.(create ~seed (module Fortuna)) in
521
-
Mirage_crypto_rng.set_default_generator g;
522
match Array.to_list Sys.argv with
523
| _::(_::_ as args) -> begin
524
try
···
1
+
open Crypto
2
3
module Time = struct
4
···
25
(* let sizes = [16] *)
26
27
let burn f n =
28
+
let buf = Crypto_rng.generate n in
29
let (t1, i1) =
30
let rec loop it =
31
let t = Time.time ~n:it f buf in
···
78
let msg_str_48 = String.sub msg_str 0 48
79
let msg_str_65 = String.sub msg_str 0 65
80
81
+
module PSS = Crypto_pk.Rsa.PSS(Digestif.SHA256)
82
83
let rsa_1024 =
84
let p = Z.of_string "10798561676627454710140432432014696449593673631094049392368450463276546091610832740190717321579865870896133380991892468262437092547408603618427685009427773"
85
and q = Z.of_string "10400664760062606994038747844895625872750212488858602663971334563613232045185857177383833781411830934303117994128623611996670112272953487791473086751129863"
86
and e = Z.of_string "65537"
87
in
88
+
match Crypto_pk.Rsa.priv_of_primes ~e ~p ~q with Ok r -> r | _ -> assert false
89
90
+
let enc_1024 = Crypto_pk.Rsa.(encrypt ~key:(pub_of_priv rsa_1024) msg_str)
91
92
let pkcs1_sig_1024 () =
93
+
Crypto_pk.Rsa.PKCS1.sign ~hash:`SHA256 ~key:rsa_1024 (`Message msg_str)
94
95
let pkcs1_enc_1024 () =
96
+
Crypto_pk.Rsa.(PKCS1.encrypt ~key:(pub_of_priv rsa_1024) msg_str)
97
98
let pss_sig_1024 () = PSS.sign ~key:rsa_1024 (`Message msg_str)
99
···
102
and q = Z.of_string "146461957885839900502732892013745315236120923895767594427579857452138451155393985820080680192640369593315439290134409437965406213465262989382655388410330601076036910359057156988645246773259111682038096388585157599977808854893528900530706460128823381760931962351810679571404043148961709991714582814015259432029"
103
and e = Z.of_string "65537"
104
in
105
+
match Crypto_pk.Rsa.priv_of_primes ~e ~p ~q with Ok r -> r | _ -> assert false
106
107
+
let enc_2048 = Crypto_pk.Rsa.(encrypt ~key:(pub_of_priv rsa_2048) msg_str)
108
109
let pkcs1_sig_2048 () =
110
+
Crypto_pk.Rsa.PKCS1.sign ~hash:`SHA256 ~key:rsa_2048 (`Message msg_str)
111
112
let pkcs1_enc_2048 () =
113
+
Crypto_pk.Rsa.(PKCS1.encrypt ~key:(pub_of_priv rsa_2048) msg_str)
114
115
let pss_sig_2048 () = PSS.sign ~key:rsa_2048 (`Message msg_str)
116
···
119
and q = Z.of_string "25905916162566396401205858643227945415345838368190515936191926936462899261314859092468495558719305083654714669527919862817831941531613073577910643681172802147392797914485263753968375221243705167910636382434485717071007054833155618588980128488599406663210791261135710551020276087851551652652612955553056226986980360600996201307035494196112173475664509878923172924086102889718336621725968169373963280305056864698229857913526607314633711315503607289470716733189135747457446349029256257187264165837635026903463931381823712962360342258652047970731347111703873301687821992467888598546386551115261010493902143134851640738743"
120
and e = Z.of_string "65537"
121
in
122
+
match Crypto_pk.Rsa.priv_of_primes ~e ~p ~q with Ok r -> r | _ -> assert false
123
124
+
let enc_4096 = Crypto_pk.Rsa.(encrypt ~key:(pub_of_priv rsa_4096) msg_str)
125
126
let pkcs1_sig_4096 () =
127
+
Crypto_pk.Rsa.PKCS1.sign ~hash:`SHA256 ~key:rsa_4096 (`Message msg_str)
128
129
let pkcs1_enc_4096 () =
130
+
Crypto_pk.Rsa.(PKCS1.encrypt ~key:(pub_of_priv rsa_4096) msg_str)
131
132
let pss_sig_4096 () = PSS.sign ~key:rsa_4096 (`Message msg_str)
133
···
138
and x = Z.of_string "33269272469299670210735451373406214067383586377"
139
and y = Z.of_string "43917635707590891841908570055721669604556135044554274942460553515946670787931699807386932177837523342760860376770220825997328312057886461226985675983491441562087492365801663397409369541614646669226917344513472367438132106373179011858311945451923744651780314133078253880297369792145807736223662521868826642853"
140
in
141
+
match Crypto_pk.Dsa.priv ~fips:true ~p ~q ~gg ~x ~y () with Ok p -> p | _ -> assert false
142
143
+
let dsa_sig_1024 () = Crypto_pk.Dsa.sign ~key:dsa_1024 msg_str
144
145
let dsa_2048 =
146
let p = Z.of_string "27787495469795504213817302334103600594688179071059183073859876165757248559489321478170600304273914000462158587756787453177210321379060448141559798652196363556897576291878245650614903612762833777567911000834171168229784178643222849655095281437320492725855855778320111645629834980350492228611813830302209080760811887894272862901026864911346096471199762409562102789142939773632891860019140618313962854554152891445175391927591825205548689170996430765723064763763481336517107917261869303217480777161449935319930795628114622197586510378927239068257979584784079128534248603619156372913573809491691986354447396965646770535701"
···
149
and x = Z.of_string "52860861934156228997899838985740859941028688506510055821449681896336427977580"
150
and y = Z.of_string "16697822339875604612001674517725789858937385326266245308648897963274039128000291572870559603618903431422492771498840266582664620626826186158140214481920146230768719356298465470274085841064126012204317638870338958089054809559680905413861272320951150917299685355736888023985398767858005440235842845908452598291689850063919053521400020402671375982259094019780813889586357332424647365679629398571364161673401249910198031061651183589601097975488702613291524957230624044246866866974886847601585171352897595544769649242723658395277456627024303041369757410970512818793143517329469213213147704583953410882515213978051041273924"
151
in
152
+
match Crypto_pk.Dsa.priv ~fips:true ~p ~q ~gg ~x ~y () with Ok p -> p | _ -> assert false
153
154
+
let dsa_sig_2048 () = Crypto_pk.Dsa.sign ~key:dsa_2048 msg_str
155
156
let dsa_3072 =
157
let p = Z.of_string "4944862491052787177238323499959371418651354629231656321315236369672827559263545931134286049323485061071828187289578269594065783019111035804017538871324004047710342711620233110167493989997579634523303899794913823240058891327833786211541568251787338957336540247816021098378292806006955851897646808403078979142749428669072523191276645021175423303816467433407072660616741824124536840773744646488191896772232795413707995397140064396495425700133866462410490239713815308709711960470201906326732033816522202617817869465691798938486540955726912350768931476362143768721380759395525951947017232778140349423557015356082357043807910825817719748257213281893007933859227824276579765323175836008193865064772817200047353825332039369252224256435661514851653526942065285711420907389170574343434449883875510985495078384130667046036846831401643151166834922210257258578675547742596423035828159461629721005113634334227074529533688136165903014911127"
···
160
and x = Z.of_string "57079433780483458942713357293831115449694380253611914431677328021806898761674"
161
and y = Z.of_string "2872172233173100601346399502391482510148300641600207189246652621232656647081281141886455256814187251102030580186748870087277263359506423691023579912476503628426574690699263443704236625550832436226673947182294798279064154375422081421444400893924415563728656687773617245084962617886701420982288621397340217078717788290878177343138178149109067141997920049624616209300715994802074480057682676445987819355778630849636079364539062466859717465892222793824712941403252645431023939220711618233660062829520555618350855085688062241702521140104357981881833598269736147371800258828202964600523335598361833482597511071900975835195171061421945579132277176597724513608746614358311884564512362186106480065540201711903122228315570389409204443391052987813355120223856839756971514334338065850104261467285471383663470187296456006848469765768400814476981451863643010333596484259098557995874127140419649424228480234701334240448168704764430867915060"
162
in
163
+
match Crypto_pk.Dsa.priv ~fips:true ~p ~q ~gg ~x ~y () with Ok p -> p | _ -> assert false
164
165
+
let dsa_sig_3072 () = Crypto_pk.Dsa.sign ~key:dsa_3072 msg_str
166
167
let dh_groups =
168
+
["oakley5 (1536)",Crypto_pk.Dh.Group.oakley_5;
169
+
"oakley14 (2048)",Crypto_pk.Dh.Group.oakley_14;
170
+
"ffdhe2048",Crypto_pk.Dh.Group.ffdhe2048;
171
+
"ffdhe3072",Crypto_pk.Dh.Group.ffdhe3072;
172
+
"ffdhe4096",Crypto_pk.Dh.Group.ffdhe4096;
173
+
"ffdhe6144",Crypto_pk.Dh.Group.ffdhe6144]
174
175
let dh_secrets =
176
List.map2 (fun (n, group) s ->
177
+
(n, group), Crypto_pk.Dh.key_of_secret group ~s)
178
dh_groups
179
+
(List.map (fun s -> Z.of_string s |> Crypto_pk.Z_extra.to_octets_be)
180
[
181
"31271182055444024732867835946284871743952969208281694762833912267184" ;
182
"27594341083884344999714422172371027333192426063917478556668524561591" ;
···
188
189
let ecdsa_p256 =
190
Result.get_ok
191
+
(Crypto_ec.P256.Dsa.priv_of_octets
192
"\x08\x9f\x4f\xfc\xcc\xf9\xba\x13\xfe\xdd\x09\x42\xef\x08\xcf\x2d\x90\x9f\x32\xe2\x93\x4a\xb5\xc9\x3b\x6c\x99\xbe\x5a\x9f\xf5\x27")
193
194
+
let ecdsa_p256_sig () = Crypto_ec.P256.Dsa.sign ~key:ecdsa_p256 msg_str_32
195
196
let ecdsa_p384 =
197
Result.get_ok
198
+
(Crypto_ec.P384.Dsa.priv_of_octets
199
"\xf5\xc0\xc9\xfb\x95\x17\x86\x41\xaf\x76\xf3\x83\x1f\x41\xe2\xd3\x7c\xfa\xaf\xff\xc7\xe6\x01\x72\xcf\xb0\x89\xfe\x60\x4b\x56\xa6\x1c\x7c\x31\xa6\x90\x4b\x3b\x5d\x08\x20\x7a\x4b\x81\xe2\x5e\xa5")
200
201
+
let ecdsa_p384_sig () = Crypto_ec.P384.Dsa.sign ~key:ecdsa_p384 msg_str_48
202
203
let ecdsa_p521 =
204
Result.get_ok
205
+
(Crypto_ec.P521.Dsa.priv_of_octets
206
"\x00\xb1\x8f\x60\xc0\x35\x2a\xd8\xe3\xef\x98\x2f\x1d\xdf\xcf\x6e\xec\x7f\xa6\xca\xf0\xe6\xf3\x68\x35\x4a\x8b\x02\xb2\xd8\xac\x1e\x05\x9e\x30\x98\x91\xe2\xbf\xa8\x57\x91\xa5\xe7\x1b\x40\xbd\xec\xbf\x90\x2b\xf2\x43\xdc\x3b\x00\x80\x49\x5c\xf4\xd9\x1c\x78\x72\x8b\xd5")
207
208
+
let ecdsa_p521_sig () = Crypto_ec.P521.Dsa.sign ~key:ecdsa_p521 msg_str_65
209
210
let ed25519 =
211
+
Result.get_ok (Crypto_ec.Ed25519.priv_of_octets
212
"\x3e\x0a\xb6\x82\x17\x12\x75\xc5\x69\xfc\xe9\xca\x8b\xcc\xd2\xd2\x77\x14\x54\xa2\x30\x0c\x35\x29\xf7\xa4\xd8\x0b\x84\x38\x83\xbc")
213
214
+
let ed25519_sig () = Crypto_ec.Ed25519.sign ~key:ed25519 msg_str
215
216
let ecdsas = [
217
("P256", `P256 (ecdsa_p256, ecdsa_p256_sig ()));
···
222
223
let ecdh_shares =
224
[
225
+
("P256", `P256 (Crypto_ec.P256.Dh.secret_of_octets "\x47\x0d\x57\x70\x6c\x77\x06\xb6\x8a\x3f\x42\x3a\xea\xf4\xff\x7f\xdd\x02\x49\x4a\x10\xd3\xe3\x81\xc3\xc1\x1f\x72\x76\x80\x2c\xdc" |> Result.get_ok |> fst,
226
"\x04\x11\xb3\xfc\x82\x72\x1c\x26\x9a\x19\x90\x9a\x3b\x2f\xc2\x6d\x98\x95\x82\x6d\x0c\xfc\xbc\x1f\x76\x26\xe4\x88\xf0\x1f\x4c\xa6\xb5\xc5\xed\x76\xad\xee\x7a\xf8\x1b\xb2\x0b\x17\xcf\x23\x1c\xbf\x0c\x67\xdb\x02\x95\xd6\x8d\x1d\x92\xc2\xd2\xa5\xa8\x06\x38\xd7\x8d"));
227
+
("P384", `P384 (Crypto_ec.P384.Dh.secret_of_octets "\xee\x55\xe2\x9b\x61\x75\x2d\x5a\x3e\x52\x56\x56\xdb\x8b\xd8\xfe\x6f\x94\xfa\xb8\xaa\xcc\x9e\x92\xac\xff\x4c\x48\x12\xbf\x7a\x61\x87\xab\xa4\x6c\xc6\x0a\xb8\xf0\x8e\xfc\xf2\xd5\x74\x58\x4b\x74" |> Result.get_ok |> fst,
228
"\x04\x04\x89\xcf\x24\xbc\x80\xbf\x89\xfd\xfe\x9c\x05\xec\xc3\x9f\x69\x16\xad\x45\x09\xd9\x39\x85\x97\x95\x0d\x3d\x24\xe8\x28\xf6\xbf\x56\xba\x4a\xd6\xd2\x1e\xd7\x86\x3b\xed\x68\xe4\x13\x36\x4b\xd4\xc7\xb1\xe9\x04\x7d\x36\x12\x4c\x69\x53\xbe\x7c\x61\x20\x9c\xb3\xfc\x56\x45\x2f\x73\x05\x29\x37\x83\xc7\xc0\xed\x92\x9d\x6c\x98\xc7\xbc\x97\xf6\x0a\x72\xed\x22\x69\xa8\xeb\x19\xbb\x7e\xe1\x31"));
229
+
("P521", `P521 (Crypto_ec.P521.Dh.secret_of_octets "\x00\xaa\x47\x0b\xa1\xcc\x84\x3b\xa3\x14\x82\x1e\x72\xde\x4c\xd2\x99\xae\xc1\xf2\x6e\x9d\x64\xa0\xd8\x7d\xb1\x8a\x3d\xa9\xf6\x5c\x45\xec\xfc\xc5\x61\x7f\xf0\xd7\x3b\x2e\x0e\x1c\xdf\xf8\x04\x8e\x01\xbe\x5e\x20\x14\x94\x12\xe7\xdb\xfa\xb7\xfe\xae\x24\x9b\x1b\xfa\x4d" |> Result.get_ok |> fst,
230
"\x04\x00\x1d\x16\x29\xee\xb1\xc4\x25\xf9\x04\xd7\x55\x33\x00\x79\xd1\x3c\x77\xda\x92\x1e\x01\xcf\x50\xd7\x17\xe0\xd6\x85\x0a\x81\xa3\x90\x2b\xb9\x2a\x03\xfa\xea\xcb\xd6\x28\x9c\x15\x90\x68\x5a\x60\x44\xb5\xe9\x4d\xcf\xc4\x1d\xeb\x6a\x88\xdb\x62\xa8\x91\xb0\xb8\x93\xbb\x00\xe4\x2a\x66\xb2\xf0\x13\xbd\xd0\xd2\x7d\x8e\x07\xcb\x35\xfc\x3e\x2c\x2b\x22\xf9\x3e\xcf\xd5\xea\xb7\x88\x61\x97\xca\x07\x3c\x2c\x5e\x68\x31\xd6\x5e\x2d\x0b\x8a\xa4\x08\x43\x8e\x49\x54\x2f\x05\xf4\x1c\x57\x6d\xf7\x0e\x3c\xaf\x5b\xb8\x22\x7d\x48\x30\x94\xae\x58"));
231
+
("X25519", `X25519 (Crypto_ec.X25519.secret_of_octets "\x4c\x6d\xb7\xcf\x93\x5b\xcf\x84\x02\x61\x78\xd4\x0c\x95\x6a\xf0\x9d\x8e\x36\x32\x03\x49\x0d\x2c\x41\x62\x5a\xcb\x68\xb9\x31\xa4" |> Result.get_ok |> fst,
232
"\xca\x19\x19\x3c\xf5\xc0\xb3\x8c\x61\xaa\x01\xc1\x72\xb2\xe9\x3d\x16\xf7\x50\xd0\x84\x62\x77\xad\x32\x2d\xe5\xe4\xfb\x33\x24\x29"));
233
]
234
···
237
let benchmarks = [
238
239
bm "rsa-generate" (fun name ->
240
+
count name (fun bits -> Crypto_pk.Rsa.generate ~bits ())
241
string_of_int [1024;2048;4096]) ;
242
243
bm "rsa-encrypt" (fun name ->
244
+
count name (fun key -> Crypto_pk.Rsa.(encrypt ~key:(pub_of_priv key) msg_str))
245
+
(fun k -> string_of_int (Crypto_pk.Rsa.priv_bits k))
246
[rsa_1024;rsa_2048;rsa_4096]) ;
247
248
bm "rsa-decrypt" (fun name ->
249
+
count name (fun (key, msg) -> Crypto_pk.Rsa.(decrypt ~key msg))
250
+
(fun (k, _) -> string_of_int (Crypto_pk.Rsa.priv_bits k))
251
[rsa_1024,enc_1024 ; rsa_2048,enc_2048 ; rsa_4096,enc_4096]) ;
252
253
bm "rsa-pkcs1-encrypt" (fun name ->
254
+
count name (fun key -> Crypto_pk.Rsa.(PKCS1.encrypt ~key:(pub_of_priv key) msg_str))
255
+
(fun k -> string_of_int (Crypto_pk.Rsa.priv_bits k))
256
[rsa_1024;rsa_2048;rsa_4096]) ;
257
258
bm "rsa-pkcs1-decrypt" (fun name ->
259
+
count name (fun (key, msg) -> Crypto_pk.Rsa.(PKCS1.decrypt ~key msg))
260
+
(fun (k, _) -> string_of_int (Crypto_pk.Rsa.priv_bits k))
261
[rsa_1024,pkcs1_enc_1024 () ; rsa_2048,pkcs1_enc_2048 () ; rsa_4096,pkcs1_enc_4096 ()]) ;
262
263
bm "rsa-pkcs1-sign" (fun name ->
264
+
count name (fun key -> Crypto_pk.Rsa.PKCS1.sign ~hash:`SHA256 ~key (`Message msg_str))
265
+
(fun k -> string_of_int (Crypto_pk.Rsa.priv_bits k))
266
[rsa_1024;rsa_2048;rsa_4096]) ;
267
268
bm "rsa-pkcs1-verify" (fun name ->
269
count name (fun (key, signature) ->
270
+
Crypto_pk.Rsa.(PKCS1.verify ~hashp:(fun _ -> true) ~key:(pub_of_priv key) ~signature (`Message msg_str)))
271
+
(fun (k, _) -> string_of_int (Crypto_pk.Rsa.priv_bits k))
272
[rsa_1024,pkcs1_sig_1024 () ; rsa_2048,pkcs1_sig_2048 () ; rsa_4096,pkcs1_sig_4096 ()]) ;
273
274
bm "rsa-pss-sign" (fun name ->
275
count name (fun key -> PSS.sign ~key (`Message msg_str))
276
+
(fun k -> string_of_int (Crypto_pk.Rsa.priv_bits k))
277
[rsa_1024;rsa_2048;rsa_4096]) ;
278
279
bm "rsa-pss-verify" (fun name ->
280
count name (fun (key, signature) ->
281
+
PSS.verify ~key:(Crypto_pk.Rsa.pub_of_priv key) ~signature (`Message msg_str))
282
+
(fun (k, _) -> string_of_int (Crypto_pk.Rsa.priv_bits k))
283
[rsa_1024,pss_sig_1024 () ; rsa_2048,pss_sig_2048 () ; rsa_4096,pss_sig_4096 ()]) ;
284
285
bm "dsa-generate" (fun name ->
286
+
count name (fun ks -> Crypto_pk.Dsa.generate ks)
287
(function `Fips1024 -> "1024" | `Fips2048 -> "2048" | `Fips3072 -> "3072" | `Exactly (l, _) -> string_of_int l)
288
[`Fips1024;`Fips2048;`Fips3072]);
289
290
bm "dsa-sign" (fun name ->
291
+
count name (fun key -> Crypto_pk.Dsa.sign ~key msg_str)
292
(fun k -> string_of_int (Z.numbits k.p))
293
[dsa_1024;dsa_2048;dsa_3072]);
294
295
bm "dsa-verify" (fun name ->
296
count name (fun (key, signature) ->
297
+
Crypto_pk.Dsa.(verify ~key:(pub_of_priv key) signature msg_str))
298
(fun (k, _) -> string_of_int (Z.numbits k.p))
299
[dsa_1024,dsa_sig_1024 () ; dsa_2048,dsa_sig_2048 () ; dsa_3072,dsa_sig_3072 ()]);
300
301
bm "ecdsa-generate" (fun name ->
302
+
let open Crypto_ec in
303
count name
304
(fun (_, x) -> match x with
305
| `P256 _ -> P256.Dsa.generate () |> ignore
···
310
fst ecdsas);
311
312
bm "ecdsa-sign" (fun name ->
313
+
let open Crypto_ec in
314
count name (fun (_, x) -> match x with
315
| `P256 (key, _) -> P256.Dsa.sign ~key msg_str_32
316
| `P384 (key, _) -> P384.Dsa.sign ~key msg_str_48
···
320
fst ecdsas);
321
322
bm "ecdsa-verify" (fun name ->
323
+
let open Crypto_ec in
324
count name (fun (_, x) -> match x with
325
| `P256 (key, signature) -> P256.Dsa.(verify ~key:(pub_of_priv key) signature msg_str_32)
326
| `P384 (key, signature) -> P384.Dsa.(verify ~key:(pub_of_priv key) signature msg_str_48)
···
329
) fst ecdsas);
330
331
bm "dh-secret" (fun name ->
332
+
count name (fun (_, group) -> Crypto_pk.Dh.gen_key group)
333
fst dh_groups);
334
335
bm "dh-share" (fun name ->
336
count name (fun (_, (sec, share)) ->
337
+
Crypto_pk.Dh.shared sec share)
338
(fun ((g, _), _) -> g) dh_secrets);
339
340
bm "ecdh-secret" (fun name ->
341
+
let open Crypto_ec in
342
count name (fun (_, x) -> match x with
343
| `P256 _ -> P256.Dh.gen_key () |> ignore
344
| `P384 _ -> P384.Dh.gen_key () |> ignore
···
347
fst ecdh_shares);
348
349
bm "ecdh-share" (fun name ->
350
+
let open Crypto_ec in
351
count name (fun (_, x) -> match x with
352
| `P256 (sec, share) -> P256.Dh.key_exchange sec share |> Result.get_ok |> ignore
353
| `P384 (sec, share) -> P384.Dh.key_exchange sec share |> Result.get_ok |> ignore
···
356
fst ecdh_shares);
357
358
bm "chacha20-poly1305" (fun name ->
359
+
let key = Chacha20.of_secret (Crypto_rng.generate 32)
360
+
and nonce = Crypto_rng.generate 8 in
361
throughput_into ~add:Chacha20.tag_size name
362
(fun dst cs -> Chacha20.authenticate_encrypt_into ~key ~nonce cs ~src_off:0 dst ~dst_off:0 ~tag_off:(String.length cs) (String.length cs))) ;
363
364
bm "chacha20-poly1305-unsafe" (fun name ->
365
+
let key = Chacha20.of_secret (Crypto_rng.generate 32)
366
+
and nonce = Crypto_rng.generate 8 in
367
throughput_into ~add:Chacha20.tag_size name
368
(fun dst cs -> Chacha20.unsafe_authenticate_encrypt_into ~key ~nonce cs ~src_off:0 dst ~dst_off:0 ~tag_off:(String.length cs) (String.length cs))) ;
369
370
bm "aes-128-ecb" (fun name ->
371
+
let key = AES.ECB.of_secret (Crypto_rng.generate 16) in
372
throughput_into name
373
(fun dst cs -> AES.ECB.encrypt_into ~key cs ~src_off:0 dst ~dst_off:0 (String.length cs))) ;
374
375
bm "aes-192-ecb" (fun name ->
376
+
let key = AES.ECB.of_secret (Crypto_rng.generate 24) in
377
throughput_into name (fun dst cs -> AES.ECB.encrypt_into ~key cs ~src_off:0 dst ~dst_off:0 (String.length cs))) ;
378
379
bm "aes-192-ecb-unsafe" (fun name ->
380
+
let key = AES.ECB.of_secret (Crypto_rng.generate 24) in
381
throughput_into name (fun dst cs -> AES.ECB.unsafe_encrypt_into ~key cs ~src_off:0 dst ~dst_off:0 (String.length cs))) ;
382
383
bm "aes-256-ecb" (fun name ->
384
+
let key = AES.ECB.of_secret (Crypto_rng.generate 32) in
385
throughput_into name (fun dst cs -> AES.ECB.encrypt_into ~key cs ~src_off:0 dst ~dst_off:0 (String.length cs))) ;
386
387
bm "aes-256-ecb-unsafe" (fun name ->
388
+
let key = AES.ECB.of_secret (Crypto_rng.generate 32) in
389
throughput_into name (fun dst cs -> AES.ECB.unsafe_encrypt_into ~key cs ~src_off:0 dst ~dst_off:0 (String.length cs))) ;
390
391
bm "aes-128-ecb-unsafe" (fun name ->
392
+
let key = AES.ECB.of_secret (Crypto_rng.generate 16) in
393
throughput_into name
394
(fun dst cs -> AES.ECB.unsafe_encrypt_into ~key cs ~src_off:0 dst ~dst_off:0 (String.length cs))) ;
395
396
bm "aes-128-cbc-e" (fun name ->
397
+
let key = AES.CBC.of_secret (Crypto_rng.generate 16)
398
+
and iv = Crypto_rng.generate 16 in
399
throughput_into name
400
(fun dst cs -> AES.CBC.encrypt_into ~key ~iv cs ~src_off:0 dst ~dst_off:0 (String.length cs))) ;
401
402
bm "aes-128-cbc-e-unsafe" (fun name ->
403
+
let key = AES.CBC.of_secret (Crypto_rng.generate 16)
404
+
and iv = Crypto_rng.generate 16 in
405
throughput_into name
406
(fun dst cs -> AES.CBC.unsafe_encrypt_into ~key ~iv cs ~src_off:0 dst ~dst_off:0 (String.length cs))) ;
407
408
bm "aes-128-cbc-e-unsafe-inplace" (fun name ->
409
+
let key = AES.CBC.of_secret (Crypto_rng.generate 16)
410
+
and iv = Crypto_rng.generate 16 in
411
throughput name
412
(fun cs ->
413
let b = Bytes.unsafe_of_string cs in
414
AES.CBC.unsafe_encrypt_into_inplace ~key ~iv b ~dst_off:0 (String.length cs))) ;
415
416
bm "aes-128-cbc-d" (fun name ->
417
+
let key = AES.CBC.of_secret (Crypto_rng.generate 16)
418
+
and iv = Crypto_rng.generate 16 in
419
throughput_into name
420
(fun dst cs -> AES.CBC.decrypt_into ~key ~iv cs ~src_off:0 dst ~dst_off:0 (String.length cs))) ;
421
422
bm "aes-128-cbc-d-unsafe" (fun name ->
423
+
let key = AES.CBC.of_secret (Crypto_rng.generate 16)
424
+
and iv = Crypto_rng.generate 16 in
425
throughput_into name
426
(fun dst cs -> AES.CBC.unsafe_decrypt_into ~key ~iv cs ~src_off:0 dst ~dst_off:0 (String.length cs))) ;
427
428
bm "aes-128-ctr" (fun name ->
429
+
let key = Crypto_rng.generate 16 |> AES.CTR.of_secret
430
+
and ctr = Crypto_rng.generate 16 |> AES.CTR.ctr_of_octets in
431
throughput_into name (fun dst cs -> AES.CTR.encrypt_into ~key ~ctr cs ~src_off:0 dst ~dst_off:0 (String.length cs))) ;
432
433
bm "aes-128-ctr-unsafe" (fun name ->
434
+
let key = Crypto_rng.generate 16 |> AES.CTR.of_secret
435
+
and ctr = Crypto_rng.generate 16 |> AES.CTR.ctr_of_octets in
436
throughput_into name (fun dst cs -> AES.CTR.unsafe_encrypt_into ~key ~ctr cs ~src_off:0 dst ~dst_off:0 (String.length cs))) ;
437
438
bm "aes-128-gcm" (fun name ->
439
+
let key = AES.GCM.of_secret (Crypto_rng.generate 16)
440
+
and nonce = Crypto_rng.generate 12 in
441
throughput_into ~add:AES.GCM.tag_size name
442
(fun dst cs -> AES.GCM.authenticate_encrypt_into ~key ~nonce cs ~src_off:0 dst ~dst_off:0 ~tag_off:(String.length cs) (String.length cs)));
443
444
bm "aes-128-gcm-unsafe" (fun name ->
445
+
let key = AES.GCM.of_secret (Crypto_rng.generate 16)
446
+
and nonce = Crypto_rng.generate 12 in
447
throughput_into ~add:AES.GCM.tag_size name
448
(fun dst cs -> AES.GCM.unsafe_authenticate_encrypt_into ~key ~nonce cs ~src_off:0 dst ~dst_off:0 ~tag_off:(String.length cs) (String.length cs)));
449
450
bm "aes-128-ghash" (fun name ->
451
+
let key = AES.GCM.of_secret (Crypto_rng.generate 16)
452
+
and nonce = Crypto_rng.generate 12 in
453
throughput_into ~add:AES.GCM.tag_size name
454
(fun dst cs -> AES.GCM.authenticate_encrypt_into ~key ~nonce ~adata:cs "" ~src_off:0 dst ~dst_off:0 ~tag_off:0 0));
455
456
bm "aes-128-ghash-unsafe" (fun name ->
457
+
let key = AES.GCM.of_secret (Crypto_rng.generate 16)
458
+
and nonce = Crypto_rng.generate 12 in
459
throughput_into ~add:AES.GCM.tag_size name
460
(fun dst cs -> AES.GCM.unsafe_authenticate_encrypt_into ~key ~nonce ~adata:cs "" ~src_off:0 dst ~dst_off:0 ~tag_off:0 0));
461
462
bm "aes-128-ccm" (fun name ->
463
+
let key = AES.CCM16.of_secret (Crypto_rng.generate 16)
464
+
and nonce = Crypto_rng.generate 10 in
465
throughput_into ~add:AES.CCM16.tag_size name
466
(fun dst cs -> AES.CCM16.authenticate_encrypt_into ~key ~nonce cs ~src_off:0 dst ~dst_off:0 ~tag_off:(String.length cs) (String.length cs)));
467
468
bm "aes-128-ccm-unsafe" (fun name ->
469
+
let key = AES.CCM16.of_secret (Crypto_rng.generate 16)
470
+
and nonce = Crypto_rng.generate 10 in
471
throughput_into ~add:AES.CCM16.tag_size name
472
(fun dst cs -> AES.CCM16.unsafe_authenticate_encrypt_into ~key ~nonce cs ~src_off:0 dst ~dst_off:0 ~tag_off:(String.length cs) (String.length cs)));
473
474
bm "d3des-ecb" (fun name ->
475
+
let key = DES.ECB.of_secret (Crypto_rng.generate 24) in
476
throughput_into name (fun dst cs -> DES.ECB.encrypt_into ~key cs ~src_off:0 dst ~dst_off:0 (String.length cs))) ;
477
478
bm "d3des-ecb-unsafe" (fun name ->
479
+
let key = DES.ECB.of_secret (Crypto_rng.generate 24) in
480
throughput_into name (fun dst cs -> DES.ECB.unsafe_encrypt_into ~key cs ~src_off:0 dst ~dst_off:0 (String.length cs))) ;
481
482
bm "fortuna" (fun name ->
483
begin[@alert "-deprecated"]
484
+
Crypto_rng_unix.initialize (module Crypto_rng.Fortuna);
485
throughput name (fun buf ->
486
let buf = Bytes.unsafe_of_string buf in
487
+
Crypto_rng.generate_into buf ~off:0 (Bytes.length buf))
488
end);
489
490
bm "getentropy" (fun name ->
491
+
Crypto_rng_unix.use_getentropy ();
492
throughput name (fun buf ->
493
let buf = Bytes.unsafe_of_string buf in
494
+
Crypto_rng.generate_into buf ~off:0 (Bytes.length buf))) ;
495
496
bm "urandom" (fun name ->
497
+
Crypto_rng_unix.use_dev_urandom ();
498
throughput name (fun buf ->
499
let buf = Bytes.unsafe_of_string buf in
500
+
Crypto_rng.generate_into buf ~off:0 (Bytes.length buf))) ;
501
]
502
503
let help () =
···
517
518
let () =
519
let seed = "abcd" in
520
+
let g = Crypto_rng.(create ~seed (module Fortuna)) in
521
+
Crypto_rng.set_default_generator g;
522
match Array.to_list Sys.argv with
523
| _::(_::_ as args) -> begin
524
try
+36
crypto-pk.opam
+36
crypto-pk.opam
···
···
1
+
opam-version: "2.0"
2
+
homepage: "https://git.recoil.org/gazagnaire.org/ocaml-crypto"
3
+
dev-repo: "git+ssh://git@git.recoil.org/gazagnaire.org/ocaml-crypto.git"
4
+
bug-reports: "https://git.recoil.org/gazagnaire.org/ocaml-crypto/issues"
5
+
authors: ["David Kaloper <dk505@cam.ac.uk>" "Hannes Mehnert <hannes@mehnert.org>" ]
6
+
maintainer: "Thomas Gazagnaire <thomas@gazagnaire.org>"
7
+
license: "ISC"
8
+
synopsis: "Simple public-key cryptography (fork of mirage-crypto-pk)"
9
+
10
+
build: [ ["dune" "subst"] {dev}
11
+
["dune" "build" "-p" name "-j" jobs ]
12
+
["dune" "runtest" "-p" name "-j" jobs] {with-test} ]
13
+
14
+
depends: [
15
+
"conf-gmp-powm-sec" {build}
16
+
"ocaml" {>= "4.13.0"}
17
+
"dune" {>= "2.7"}
18
+
"ounit2" {with-test}
19
+
"randomconv" {with-test & >= "0.2.0"}
20
+
"ohex" {with-test & >= "0.2.0"}
21
+
"crypto" {=version}
22
+
"crypto-rng" {=version}
23
+
"digestif" {>= "1.2.0"}
24
+
"zarith" {>= "1.13"}
25
+
"eqaf" {>= "0.8"}
26
+
]
27
+
conflicts: [
28
+
"ocaml-freestanding"
29
+
]
30
+
description: """
31
+
WARNING: This is an experimental fork of mirage-crypto-pk. Do not use in production.
32
+
Use mirage-crypto-pk instead: https://github.com/mirage/mirage-crypto
33
+
34
+
Crypto-pk provides public-key cryptography (RSA, DSA, DH).
35
+
"""
36
+
x-maintenance-intent: [ "(latest)" ]
+35
crypto-rng.opam
+35
crypto-rng.opam
···
···
1
+
opam-version: "2.0"
2
+
homepage: "https://git.recoil.org/gazagnaire.org/ocaml-crypto"
3
+
dev-repo: "git+ssh://git@git.recoil.org/gazagnaire.org/ocaml-crypto.git"
4
+
bug-reports: "https://git.recoil.org/gazagnaire.org/ocaml-crypto/issues"
5
+
authors: ["David Kaloper <dk505@cam.ac.uk>" "Hannes Mehnert <hannes@mehnert.org>" ]
6
+
maintainer: "Thomas Gazagnaire <thomas@gazagnaire.org>"
7
+
license: "ISC"
8
+
synopsis: "A cryptographically secure PRNG (fork of mirage-crypto-rng)"
9
+
10
+
build: [ ["dune" "subst"] {dev}
11
+
["dune" "build" "-p" name "-j" jobs ]
12
+
["dune" "runtest" "-p" name "-j" jobs] {with-test} ]
13
+
14
+
depends: [
15
+
"ocaml" {>= "4.14.0"}
16
+
"dune" {>= "2.7"}
17
+
"dune-configurator" {>= "2.0.0"}
18
+
"duration"
19
+
"logs"
20
+
"crypto" {=version}
21
+
"digestif" {>= "1.1.4"}
22
+
"ounit2" {with-test}
23
+
"randomconv" {with-test & >= "0.2.0"}
24
+
"ohex" {with-test & >= "0.2.0"}
25
+
]
26
+
conflicts: [ "mirage-runtime" {< "3.8.0"} ]
27
+
description: """
28
+
WARNING: This is an experimental fork of mirage-crypto-rng. Do not use in production.
29
+
Use mirage-crypto-rng instead: https://github.com/mirage/mirage-crypto
30
+
31
+
Crypto-rng provides a random number generator interface, and
32
+
implementations: Fortuna, HMAC-DRBG, getrandom/getentropy based (in the unix
33
+
sublibrary)
34
+
"""
35
+
x-maintenance-intent: [ "(latest)" ]
+32
crypto.opam
+32
crypto.opam
···
···
1
+
opam-version: "2.0"
2
+
homepage: "https://git.recoil.org/gazagnaire.org/ocaml-crypto"
3
+
dev-repo: "git+ssh://git@git.recoil.org/gazagnaire.org/ocaml-crypto.git"
4
+
bug-reports: "https://git.recoil.org/gazagnaire.org/ocaml-crypto/issues"
5
+
authors: ["David Kaloper <dk505@cam.ac.uk>" "Hannes Mehnert <hannes@mehnert.org>" ]
6
+
maintainer: "Thomas Gazagnaire <thomas@gazagnaire.org>"
7
+
license: "ISC"
8
+
synopsis: "Simple symmetric cryptography (fork of mirage-crypto)"
9
+
10
+
build: [ ["dune" "subst"] {dev}
11
+
["dune" "build" "-p" name "-j" jobs ]
12
+
["dune" "runtest" "-p" name "-j" jobs] {with-test} ]
13
+
14
+
depends: [
15
+
"ocaml" {>= "4.13.0"}
16
+
"dune" {>= "2.7"}
17
+
"dune-configurator" {>= "2.0.0"}
18
+
"ounit2" {with-test}
19
+
"ohex" {with-test & >= "0.2.0"}
20
+
"eqaf" {>= "0.8"}
21
+
]
22
+
conflicts: [
23
+
"ocaml-freestanding"
24
+
"result" {< "1.5"}
25
+
]
26
+
description: """
27
+
WARNING: This is an experimental fork of mirage-crypto. Do not use in production.
28
+
Use mirage-crypto instead: https://github.com/mirage/mirage-crypto
29
+
30
+
Crypto provides symmetric ciphers (DES, AES, RC4, ChaCha20/Poly1305).
31
+
"""
32
+
x-maintenance-intent: [ "(latest)" ]
+1
-2
dune-project
+1
-2
dune-project
+5
-4
ec/dune
+5
-4
ec/dune
···
1
(library
2
-
(name mirage_crypto_ec)
3
-
(public_name mirage-crypto-ec)
4
-
(libraries eqaf mirage-crypto-rng digestif)
5
(foreign_stubs
6
(language c)
7
(names p256_stubs np256_stubs p384_stubs np384_stubs p521_stubs np521_stubs
···
13
14
(env
15
(dev
16
-
(c_flags (:include cflags_warn.sexp))))
17
18
(include_subdirs unqualified)
19
···
1
(library
2
+
(name crypto_ec)
3
+
(public_name crypto-ec)
4
+
(libraries eqaf crypto-rng digestif)
5
(foreign_stubs
6
(language c)
7
(names p256_stubs np256_stubs p384_stubs np384_stubs p521_stubs np521_stubs
···
13
14
(env
15
(dev
16
+
(c_flags
17
+
(:include cflags_warn.sexp))))
18
19
(include_subdirs unqualified)
20
+3
-2
ec/gen_tables/dune
+3
-2
ec/gen_tables/dune
+2
-2
ec/gen_tables/gen_tables.ml
+2
-2
ec/gen_tables/gen_tables.ml
···
64
std_formatter tables;
65
printf "@];@,"
66
67
-
let print_toplevel name wordsize (module P : Mirage_crypto_ec.Dh_dsa) =
68
let tables = P.Dsa.Precompute.generator_tables () in
69
assert (wordsize = Sys.word_size);
70
check_shape tables;
···
84
print_tables ~wordsize tables
85
86
let curves =
87
-
Mirage_crypto_ec.
88
[
89
("p256", (module P256 : Dh_dsa));
90
("p384", (module P384));
···
64
std_formatter tables;
65
printf "@];@,"
66
67
+
let print_toplevel name wordsize (module P : Crypto_ec.Dh_dsa) =
68
let tables = P.Dsa.Precompute.generator_tables () in
69
assert (wordsize = Sys.word_size);
70
check_shape tables;
···
84
print_tables ~wordsize tables
85
86
let curves =
87
+
Crypto_ec.
88
[
89
("p256", (module P256 : Dh_dsa));
90
("p384", (module P384));
+11
-11
ec/mirage_crypto_ec.ml
ec/crypto_ec.ml
+11
-11
ec/mirage_crypto_ec.ml
ec/crypto_ec.ml
···
39
val secret_of_octets : ?compress:bool -> string ->
40
(secret * string, error) result
41
val secret_to_octets : secret -> string
42
-
val gen_key : ?compress:bool -> ?g:Mirage_crypto_rng.g -> unit ->
43
secret * string
44
val key_exchange : secret -> string -> (string, error) result
45
end
···
54
val pub_of_octets : string -> (pub, error) result
55
val pub_to_octets : ?compress:bool -> pub -> string
56
val pub_of_priv : priv -> pub
57
-
val generate : ?g:Mirage_crypto_rng.g -> unit -> priv * pub
58
val sign : key:priv -> ?k:string -> string -> string * string
59
val verify : key:pub -> string * string -> string -> bool
60
module K_gen (H : Digestif.S) : sig
···
523
S.to_octets s
524
525
let rec generate_private_key ?g () =
526
-
let candidate = Mirage_crypto_rng.generate ?g Param.byte_length in
527
match S.of_octets candidate with
528
| Ok secret -> secret
529
| Error _ -> generate_private_key ?g ()
···
640
641
(* RFC 6979: compute a deterministic k *)
642
module K_gen (H : Digestif.S) = struct
643
-
let drbg : 'a Mirage_crypto_rng.generator =
644
-
let module M = Mirage_crypto_rng.Hmac_drbg (H) in (module M)
645
646
let g ~key msg =
647
-
let g = Mirage_crypto_rng.create ~strict:true drbg in
648
-
Mirage_crypto_rng.reseed ~g (S.to_octets key ^ msg);
649
g
650
651
(* Defined in RFC 6979 sec 2.3.2 with
···
672
let gen g =
673
let rec go () =
674
let b = Bytes.create Param.byte_length in
675
-
Mirage_crypto_rng.generate_into ~g b Param.byte_length;
676
(* truncate to the desired number of bits *)
677
let r = bits2int b in
678
if S.is_in_range r then r else go ()
···
694
(* FIPS 186-4 B 4.2 *)
695
let d =
696
let rec one () =
697
-
match S.of_octets (Mirage_crypto_rng.generate ?g Param.byte_length) with
698
| Ok x -> x
699
| Error _ -> one ()
700
in
···
978
let public priv = scalar_mult priv basepoint
979
980
let gen_key ?compress:_ ?g () =
981
-
let secret = Mirage_crypto_rng.generate ?g key_len in
982
secret, public secret
983
984
let secret_of_octets ?compress:_ s =
···
1072
let pub_to_octets pub = pub
1073
1074
let generate ?g () =
1075
-
let secret = Mirage_crypto_rng.generate ?g key_len in
1076
secret, pub_of_priv secret
1077
1078
let sign ~key msg =
···
39
val secret_of_octets : ?compress:bool -> string ->
40
(secret * string, error) result
41
val secret_to_octets : secret -> string
42
+
val gen_key : ?compress:bool -> ?g:Crypto_rng.g -> unit ->
43
secret * string
44
val key_exchange : secret -> string -> (string, error) result
45
end
···
54
val pub_of_octets : string -> (pub, error) result
55
val pub_to_octets : ?compress:bool -> pub -> string
56
val pub_of_priv : priv -> pub
57
+
val generate : ?g:Crypto_rng.g -> unit -> priv * pub
58
val sign : key:priv -> ?k:string -> string -> string * string
59
val verify : key:pub -> string * string -> string -> bool
60
module K_gen (H : Digestif.S) : sig
···
523
S.to_octets s
524
525
let rec generate_private_key ?g () =
526
+
let candidate = Crypto_rng.generate ?g Param.byte_length in
527
match S.of_octets candidate with
528
| Ok secret -> secret
529
| Error _ -> generate_private_key ?g ()
···
640
641
(* RFC 6979: compute a deterministic k *)
642
module K_gen (H : Digestif.S) = struct
643
+
let drbg : 'a Crypto_rng.generator =
644
+
let module M = Crypto_rng.Hmac_drbg (H) in (module M)
645
646
let g ~key msg =
647
+
let g = Crypto_rng.create ~strict:true drbg in
648
+
Crypto_rng.reseed ~g (S.to_octets key ^ msg);
649
g
650
651
(* Defined in RFC 6979 sec 2.3.2 with
···
672
let gen g =
673
let rec go () =
674
let b = Bytes.create Param.byte_length in
675
+
Crypto_rng.generate_into ~g b Param.byte_length;
676
(* truncate to the desired number of bits *)
677
let r = bits2int b in
678
if S.is_in_range r then r else go ()
···
694
(* FIPS 186-4 B 4.2 *)
695
let d =
696
let rec one () =
697
+
match S.of_octets (Crypto_rng.generate ?g Param.byte_length) with
698
| Ok x -> x
699
| Error _ -> one ()
700
in
···
978
let public priv = scalar_mult priv basepoint
979
980
let gen_key ?compress:_ ?g () =
981
+
let secret = Crypto_rng.generate ?g key_len in
982
secret, public secret
983
984
let secret_of_octets ?compress:_ s =
···
1072
let pub_to_octets pub = pub
1073
1074
let generate ?g () =
1075
+
let secret = Crypto_rng.generate ?g key_len in
1076
secret, pub_of_priv secret
1077
1078
let sign ~key msg =
+3
-3
ec/mirage_crypto_ec.mli
ec/crypto_ec.mli
+3
-3
ec/mirage_crypto_ec.mli
ec/crypto_ec.mli
···
42
(** [secret_to_octets secret] encodes the provided secret into a freshly
43
allocated buffer. *)
44
45
-
val gen_key : ?compress:bool -> ?g:Mirage_crypto_rng.g -> unit ->
46
secret * string
47
(** [gen_key ~compress ~g ()] generates a private and a public key for
48
Ephemeral Diffie-Hellman. If [compress] is provided and [true] (defaults
···
107
108
(** {2 Key generation} *)
109
110
-
val generate : ?g:Mirage_crypto_rng.g -> unit -> priv * pub
111
(** [generate ~g ()] generates a key pair. *)
112
113
(** {2 Cryptographic operations} *)
···
245
246
(** {2 Key generation} *)
247
248
-
val generate : ?g:Mirage_crypto_rng.g -> unit -> priv * pub
249
(** [generate ~g ()] generates a key pair. *)
250
251
(** {2 Cryptographic operations} *)
···
42
(** [secret_to_octets secret] encodes the provided secret into a freshly
43
allocated buffer. *)
44
45
+
val gen_key : ?compress:bool -> ?g:Crypto_rng.g -> unit ->
46
secret * string
47
(** [gen_key ~compress ~g ()] generates a private and a public key for
48
Ephemeral Diffie-Hellman. If [compress] is provided and [true] (defaults
···
107
108
(** {2 Key generation} *)
109
110
+
val generate : ?g:Crypto_rng.g -> unit -> priv * pub
111
(** [generate ~g ()] generates a key pair. *)
112
113
(** {2 Cryptographic operations} *)
···
245
246
(** {2 Key generation} *)
247
248
+
val generate : ?g:Crypto_rng.g -> unit -> priv * pub
249
(** [generate ~g ()] generates a key pair. *)
250
251
(** {2 Cryptographic operations} *)
+1
-1
ec/native/curve25519_stubs.c
+1
-1
ec/native/curve25519_stubs.c
+1
-1
ec/native/np256_stubs.c
+1
-1
ec/native/np256_stubs.c
+1
-1
ec/native/np384_stubs.c
+1
-1
ec/native/np384_stubs.c
+1
-1
ec/native/np521_stubs.c
+1
-1
ec/native/np521_stubs.c
+1
-1
ec/native/p256_stubs.c
+1
-1
ec/native/p256_stubs.c
+1
-1
ec/native/p384_stubs.c
+1
-1
ec/native/p384_stubs.c
+1
-1
ec/native/p521_stubs.c
+1
-1
ec/native/p521_stubs.c
+9
-7
mirage-crypto-ec.opam
crypto-ec.opam
+9
-7
mirage-crypto-ec.opam
crypto-ec.opam
···
1
opam-version: "2.0"
2
-
synopsis: "Elliptic Curve Cryptography with primitives taken from Fiat"
3
description: """
4
An implementation of key exchange (ECDH) and digital signature (ECDSA/EdDSA)
5
algorithms using code from Fiat (<https://github.com/mit-plv/fiat-crypto>).
6
7
The curves P256 (SECP256R1), P384 (SECP384R1),
8
P521 (SECP521R1), and 25519 (X25519, Ed25519) are implemented by this package.
9
"""
10
-
maintainer: "Hannes Mehnert <hannes@mehnert.org>"
11
authors: [
12
"Hannes Mehnert <hannes@mehnert.org>"
13
"Nathan Rebours <nathan.p.rebours@gmail.com>"
···
22
"Zoe Paraskevopoulou <zoe.paraskevopoulou@gmail.com>"
23
]
24
license: "MIT"
25
-
homepage: "https://github.com/mirage/mirage-crypto"
26
-
doc: "https://mirage.github.io/mirage-crypto/doc"
27
-
bug-reports: "https://github.com/mirage/mirage-crypto/issues"
28
depends: [
29
"dune" {>= "2.7"}
30
"ocaml" {>= "4.13.0"}
31
"dune-configurator"
32
"eqaf" {>= "0.7"}
33
-
"mirage-crypto-rng" {=version}
34
"digestif" {>= "1.2.0"}
35
"alcotest" {with-test & >= "0.8.1"}
36
"ppx_deriving_yojson" {with-test}
···
48
["dune" "build" "-p" name "-j" jobs]
49
["dune" "runtest" "-p" name "-j" jobs] {with-test}
50
]
51
-
dev-repo: "git+https://github.com/mirage/mirage-crypto.git"
52
tags: ["org:mirage"]
53
x-maintenance-intent: [ "(latest)" ]
···
1
opam-version: "2.0"
2
+
synopsis: "Elliptic Curve Cryptography (fork of mirage-crypto-ec)"
3
description: """
4
+
WARNING: This is an experimental fork of mirage-crypto-ec. Do not use in production.
5
+
Use mirage-crypto-ec instead: https://github.com/mirage/mirage-crypto
6
+
7
An implementation of key exchange (ECDH) and digital signature (ECDSA/EdDSA)
8
algorithms using code from Fiat (<https://github.com/mit-plv/fiat-crypto>).
9
10
The curves P256 (SECP256R1), P384 (SECP384R1),
11
P521 (SECP521R1), and 25519 (X25519, Ed25519) are implemented by this package.
12
"""
13
+
maintainer: "Thomas Gazagnaire <thomas@gazagnaire.org>"
14
authors: [
15
"Hannes Mehnert <hannes@mehnert.org>"
16
"Nathan Rebours <nathan.p.rebours@gmail.com>"
···
25
"Zoe Paraskevopoulou <zoe.paraskevopoulou@gmail.com>"
26
]
27
license: "MIT"
28
+
homepage: "https://git.recoil.org/gazagnaire.org/ocaml-crypto"
29
+
bug-reports: "https://git.recoil.org/gazagnaire.org/ocaml-crypto/issues"
30
depends: [
31
"dune" {>= "2.7"}
32
"ocaml" {>= "4.13.0"}
33
"dune-configurator"
34
"eqaf" {>= "0.7"}
35
+
"crypto-rng" {=version}
36
"digestif" {>= "1.2.0"}
37
"alcotest" {with-test & >= "0.8.1"}
38
"ppx_deriving_yojson" {with-test}
···
50
["dune" "build" "-p" name "-j" jobs]
51
["dune" "runtest" "-p" name "-j" jobs] {with-test}
52
]
53
+
dev-repo: "git+ssh://git@git.recoil.org/gazagnaire.org/ocaml-crypto.git"
54
tags: ["org:mirage"]
55
x-maintenance-intent: [ "(latest)" ]
-34
mirage-crypto-pk.opam
-34
mirage-crypto-pk.opam
···
1
-
opam-version: "2.0"
2
-
homepage: "https://github.com/mirage/mirage-crypto"
3
-
dev-repo: "git+https://github.com/mirage/mirage-crypto.git"
4
-
bug-reports: "https://github.com/mirage/mirage-crypto/issues"
5
-
doc: "https://mirage.github.io/mirage-crypto/doc"
6
-
authors: ["David Kaloper <dk505@cam.ac.uk>" "Hannes Mehnert <hannes@mehnert.org>" ]
7
-
maintainer: "Hannes Mehnert <hannes@mehnert.org>"
8
-
license: "ISC"
9
-
synopsis: "Simple public-key cryptography for the modern age"
10
-
11
-
build: [ ["dune" "subst"] {dev}
12
-
["dune" "build" "-p" name "-j" jobs ]
13
-
["dune" "runtest" "-p" name "-j" jobs] {with-test} ]
14
-
15
-
depends: [
16
-
"conf-gmp-powm-sec" {build}
17
-
"ocaml" {>= "4.13.0"}
18
-
"dune" {>= "2.7"}
19
-
"ounit2" {with-test}
20
-
"randomconv" {with-test & >= "0.2.0"}
21
-
"ohex" {with-test & >= "0.2.0"}
22
-
"mirage-crypto" {=version}
23
-
"mirage-crypto-rng" {=version}
24
-
"digestif" {>= "1.2.0"}
25
-
"zarith" {>= "1.13"}
26
-
"eqaf" {>= "0.8"}
27
-
]
28
-
conflicts: [
29
-
"ocaml-freestanding"
30
-
]
31
-
description: """
32
-
Mirage-crypto-pk provides public-key cryptography (RSA, DSA, DH).
33
-
"""
34
-
x-maintenance-intent: [ "(latest)" ]
···
-30
mirage-crypto-rng-miou-unix.opam
-30
mirage-crypto-rng-miou-unix.opam
···
1
-
opam-version: "2.0"
2
-
homepage: "https://github.com/mirage/mirage-crypto"
3
-
dev-repo: "git+https://github.com/mirage/mirage-crypto.git"
4
-
bug-reports: "https://github.com/mirage/mirage-crypto/issues"
5
-
doc: "https://mirage.github.io/mirage-crypto/doc"
6
-
authors: ["Romain Calascibetta <romain.calascibetta@gmail.com>" ]
7
-
maintainer: "Romain Calascibetta <romain.calascibetta@gmail.com>"
8
-
license: "ISC"
9
-
synopsis: "Feed the entropy source in an miou.unix-friendly way"
10
-
11
-
build: [ ["dune" "subst"] {dev}
12
-
["dune" "build" "-p" name "-j" jobs ]
13
-
["dune" "runtest" "-p" name "-j" jobs] {with-test} ]
14
-
15
-
depends: [
16
-
"ocaml" {>= "5.0.0"}
17
-
"dune" {>= "2.7"}
18
-
"miou" {>= "0.2.0"}
19
-
"logs"
20
-
"mirage-crypto-rng" {=version}
21
-
"duration"
22
-
"mtime" {>= "1.0.0"}
23
-
"digestif" {>= "1.2.0"}
24
-
"ohex" {with-test & >= "0.2.0"}
25
-
]
26
-
description: """
27
-
Mirage-crypto-rng-miou-unix feeds the entropy source for Mirage_crypto_rng-based
28
-
random number generator implementations, in an miou.unix-friendly way.
29
-
"""
30
-
x-maintenance-intent: [ "(latest)" ]
···
-31
mirage-crypto-rng-mirage.opam
-31
mirage-crypto-rng-mirage.opam
···
1
-
opam-version: "2.0"
2
-
homepage: "https://github.com/mirage/mirage-crypto"
3
-
dev-repo: "git+https://github.com/mirage/mirage-crypto.git"
4
-
bug-reports: "https://github.com/mirage/mirage-crypto/issues"
5
-
doc: "https://mirage.github.io/mirage-crypto/doc"
6
-
authors: ["David Kaloper <dk505@cam.ac.uk>" "Hannes Mehnert <hannes@mehnert.org>" ]
7
-
maintainer: "Hannes Mehnert <hannes@mehnert.org>"
8
-
license: "BSD-2-Clause"
9
-
synopsis: "Entropy collection for a cryptographically secure PRNG"
10
-
11
-
build: [ ["dune" "subst"] {dev}
12
-
["dune" "build" "-p" name "-j" jobs ]
13
-
["dune" "runtest" "-p" name "-j" jobs] {with-test} ]
14
-
15
-
depends: [
16
-
"ocaml" {>= "4.13.0"}
17
-
"dune" {>= "2.7"}
18
-
"mirage-crypto-rng" {=version}
19
-
"duration"
20
-
"logs"
21
-
"lwt" {>= "4.0.0"}
22
-
"mirage-runtime" {>= "3.8.0"}
23
-
"mirage-sleep" {>= "4.0.0"}
24
-
"mirage-mtime" {>= "4.0.0"}
25
-
"mirage-unix" {with-test & >= "5.0.0"}
26
-
"ohex" {with-test & >= "0.2.0"}
27
-
]
28
-
description: """
29
-
Mirage-crypto-rng-mirage provides entropy collection code for the RNG.
30
-
"""
31
-
x-maintenance-intent: [ "(latest)" ]
···
-33
mirage-crypto-rng.opam
-33
mirage-crypto-rng.opam
···
1
-
opam-version: "2.0"
2
-
homepage: "https://github.com/mirage/mirage-crypto"
3
-
dev-repo: "git+https://github.com/mirage/mirage-crypto.git"
4
-
bug-reports: "https://github.com/mirage/mirage-crypto/issues"
5
-
doc: "https://mirage.github.io/mirage-crypto/doc"
6
-
authors: ["David Kaloper <dk505@cam.ac.uk>" "Hannes Mehnert <hannes@mehnert.org>" ]
7
-
maintainer: "Hannes Mehnert <hannes@mehnert.org>"
8
-
license: "ISC"
9
-
synopsis: "A cryptographically secure PRNG"
10
-
11
-
build: [ ["dune" "subst"] {dev}
12
-
["dune" "build" "-p" name "-j" jobs ]
13
-
["dune" "runtest" "-p" name "-j" jobs] {with-test} ]
14
-
15
-
depends: [
16
-
"ocaml" {>= "4.14.0"}
17
-
"dune" {>= "2.7"}
18
-
"dune-configurator" {>= "2.0.0"}
19
-
"duration"
20
-
"logs"
21
-
"mirage-crypto" {=version}
22
-
"digestif" {>= "1.1.4"}
23
-
"ounit2" {with-test}
24
-
"randomconv" {with-test & >= "0.2.0"}
25
-
"ohex" {with-test & >= "0.2.0"}
26
-
]
27
-
conflicts: [ "mirage-runtime" {< "3.8.0"} ]
28
-
description: """
29
-
Mirage-crypto-rng provides a random number generator interface, and
30
-
implementations: Fortuna, HMAC-DRBG, getrandom/getentropy based (in the unix
31
-
sublibrary)
32
-
"""
33
-
x-maintenance-intent: [ "(latest)" ]
···
-30
mirage-crypto.opam
-30
mirage-crypto.opam
···
1
-
opam-version: "2.0"
2
-
homepage: "https://github.com/mirage/mirage-crypto"
3
-
dev-repo: "git+https://github.com/mirage/mirage-crypto.git"
4
-
bug-reports: "https://github.com/mirage/mirage-crypto/issues"
5
-
doc: "https://mirage.github.io/mirage-crypto/doc"
6
-
authors: ["David Kaloper <dk505@cam.ac.uk>" "Hannes Mehnert <hannes@mehnert.org>" ]
7
-
maintainer: "Hannes Mehnert <hannes@mehnert.org>"
8
-
license: "ISC"
9
-
synopsis: "Simple symmetric cryptography for the modern age"
10
-
11
-
build: [ ["dune" "subst"] {dev}
12
-
["dune" "build" "-p" name "-j" jobs ]
13
-
["dune" "runtest" "-p" name "-j" jobs] {with-test} ]
14
-
15
-
depends: [
16
-
"ocaml" {>= "4.13.0"}
17
-
"dune" {>= "2.7"}
18
-
"dune-configurator" {>= "2.0.0"}
19
-
"ounit2" {with-test}
20
-
"ohex" {with-test & >= "0.2.0"}
21
-
"eqaf" {>= "0.8"}
22
-
]
23
-
conflicts: [
24
-
"ocaml-freestanding"
25
-
"result" {< "1.5"}
26
-
]
27
-
description: """
28
-
Mirage-crypto provides symmetric ciphers (DES, AES, RC4, ChaCha20/Poly1305).
29
-
"""
30
-
x-maintenance-intent: [ "(latest)" ]
···
-15
mirage/config.ml
-15
mirage/config.ml
···
1
-
open Mirage
2
-
3
-
let main =
4
-
let packages = [
5
-
package "mirage-crypto-rng" ;
6
-
package "mirage-crypto-pk" ;
7
-
package "mirage-crypto" ;
8
-
package ~min:"0.8.7" "fmt" ;
9
-
package "ohex" ;
10
-
]
11
-
in
12
-
main ~packages "Unikernel" job
13
-
14
-
let () =
15
-
register "crypto-test" [main]
···
-25
mirage/unikernel.ml
-25
mirage/unikernel.ml
···
1
-
let start () =
2
-
Logs.info (fun m -> m "using Fortuna, entropy sources: %a"
3
-
Fmt.(list ~sep:(any ", ") Mirage_crypto_rng.Entropy.pp_source)
4
-
(Mirage_crypto_rng.Entropy.sources ())) ;
5
-
Logs.info (fun m -> m "64 byte random:@ %a" (Ohex.pp_hexdump ())
6
-
(Mirage_crypto_rng.generate 64)) ;
7
-
let n = Bytes.(unsafe_to_string (create 32)) in
8
-
let key = Mirage_crypto.Chacha20.of_secret n
9
-
and nonce = Bytes.(unsafe_to_string (create 12))
10
-
in
11
-
Logs.info (fun m -> m "Chacha20/Poly1305 of 32*0, key 32*0, nonce 12*0: %a"
12
-
(Ohex.pp_hexdump ())
13
-
(Mirage_crypto.Chacha20.authenticate_encrypt ~key ~nonce n));
14
-
let key = Mirage_crypto_pk.Rsa.generate ~bits:4096 () in
15
-
let signature =
16
-
Mirage_crypto_pk.Rsa.PKCS1.sign ~hash:`SHA256 ~key (`Message n)
17
-
in
18
-
let verified =
19
-
let key = Mirage_crypto_pk.Rsa.pub_of_priv key in
20
-
let hashp = function `SHA256 -> true | _ -> false in
21
-
Mirage_crypto_pk.Rsa.PKCS1.verify ~hashp ~key ~signature (`Message n)
22
-
in
23
-
Logs.info (fun m -> m "Generated a RSA key of %d bits (sign + verify %B)"
24
-
(Mirage_crypto_pk.Rsa.priv_bits key) verified);
25
-
Lwt.return_unit
···
+1
-1
pk/dh.ml
+1
-1
pk/dh.ml
+6
-6
pk/dsa.ml
+6
-6
pk/dsa.ml
···
1
-
open Mirage_crypto.Uncommon
2
3
open Common
4
···
42
if 3 <= l && 2 <= n then (l, n) else
43
invalid_arg "Dsa.generate: bits: `Exactly (%d, %d)" l n
44
45
-
type mask = [ `No | `Yes | `Yes_with of Mirage_crypto_rng.g ]
46
47
let expand_mask = function
48
| `No -> `No
···
84
85
module K_gen (H : Digestif.S) = struct
86
87
-
let drbg : 'a Mirage_crypto_rng.generator =
88
-
let module M = Mirage_crypto_rng.Hmac_drbg (H) in (module M)
89
90
let z_gen ~key:{ q; x; _ } z =
91
let repr = Z_extra.to_octets_be ~size:(Z.numbits q // 8) in
92
-
let g = Mirage_crypto_rng.create ~strict:true drbg in
93
-
Mirage_crypto_rng.reseed ~g (repr x ^ repr Z.(z mod q));
94
Z_extra.gen_r ~g Z.one q
95
96
let generate ~key buf =
···
1
+
open Crypto.Uncommon
2
3
open Common
4
···
42
if 3 <= l && 2 <= n then (l, n) else
43
invalid_arg "Dsa.generate: bits: `Exactly (%d, %d)" l n
44
45
+
type mask = [ `No | `Yes | `Yes_with of Crypto_rng.g ]
46
47
let expand_mask = function
48
| `No -> `No
···
84
85
module K_gen (H : Digestif.S) = struct
86
87
+
let drbg : 'a Crypto_rng.generator =
88
+
let module M = Crypto_rng.Hmac_drbg (H) in (module M)
89
90
let z_gen ~key:{ q; x; _ } z =
91
let repr = Z_extra.to_octets_be ~size:(Z.numbits q // 8) in
92
+
let g = Crypto_rng.create ~strict:true drbg in
93
+
Crypto_rng.reseed ~g (repr x ^ repr Z.(z mod q));
94
Z_extra.gen_r ~g Z.one q
95
96
let generate ~key buf =
+3
-3
pk/dune
+3
-3
pk/dune
pk/mirage_crypto_pk.ml
pk/crypto_pk.ml
pk/mirage_crypto_pk.ml
pk/crypto_pk.ml
+12
-12
pk/mirage_crypto_pk.mli
pk/crypto_pk.mli
+12
-12
pk/mirage_crypto_pk.mli
pk/crypto_pk.mli
···
73
(** [priv_of_primes ~e ~p ~q] is the {{!type-priv}private key} derived from the
74
minimal description [(e, p, q)]. *)
75
76
-
val priv_of_exp : ?g:Mirage_crypto_rng.g -> ?attempts:int -> e:Z.t -> d:Z.t ->
77
n:Z.t -> unit -> (priv, [> `Msg of string ]) result
78
(** [priv_of_exp ?g ?attempts ~e ~d n] is the unique {{!type-priv}private key}
79
characterized by the public ([e]) and private ([d]) exponents, and modulus
···
95
type 'a or_digest = [ `Message of 'a | `Digest of string ]
96
(** Either an ['a] or its digest, according to some hash algorithm. *)
97
98
-
type mask = [ `No | `Yes | `Yes_with of Mirage_crypto_rng.g ]
99
(** Masking (cryptographic blinding) mode for the RSA transform with the
100
private key. Masking does not change the result, but it does change the
101
timing profile of the operation.
···
132
133
(** {1 Key generation} *)
134
135
-
val generate : ?g:Mirage_crypto_rng.g -> ?e:Z.t -> bits:int -> unit -> priv
136
(** [generate ~g ~e ~bits ()] is a new {{!type-priv}private key}. The new key is
137
guaranteed to be well formed, see {!val-priv}.
138
···
155
key size is [priv_bits key / 8], rounded up. *)
156
module PKCS1 : sig
157
158
-
val encrypt : ?g:Mirage_crypto_rng.g -> key:pub -> string -> string
159
(** [encrypt g key message] is a PKCS1-padded (type 2) and encrypted
160
[message].
161
···
227
[hlen] is the hash length. *)
228
module OAEP (H : Digestif.S) : sig
229
230
-
val encrypt : ?g:Mirage_crypto_rng.g -> ?label:string -> key:pub ->
231
string -> string
232
(** [encrypt ~g ~label ~key message] is {b OAEP}-padded and encrypted
233
[message], using the optional [label].
···
253
hash length and [slen] is the seed length. *)
254
module PSS (H: Digestif.S) : sig
255
256
-
val sign : ?g:Mirage_crypto_rng.g -> ?crt_hardening:bool ->
257
?mask:mask -> ?slen:int -> key:priv -> string or_digest -> string
258
(** [sign ~g ~crt_hardening ~mask ~slen ~key message] the [PSS]-padded
259
digest of [message], signed with the [key]. [crt_hardening] defaults
···
322
L-values ([p] size) and imply the corresponding N ([q] size); The last
323
variants specifies L and N directly. *)
324
325
-
type mask = [ `No | `Yes | `Yes_with of Mirage_crypto_rng.g ]
326
(** Masking (cryptographic blinding) option. *)
327
328
val pub_of_priv : priv -> pub
329
(** Extract the public component from a private key. *)
330
331
-
val generate : ?g:Mirage_crypto_rng.g -> keysize -> priv
332
(** [generate g size] is a fresh {{!type-priv}private} key. The domain parameters
333
are derived using a modified FIPS.186-4 probabilistic process, but the
334
derivation can not be validated. Note that no time masking is done for the
···
416
417
@raise Invalid_key if [s] is degenerate. *)
418
419
-
val gen_key : ?g:Mirage_crypto_rng.g -> ?bits:int -> group -> secret * string
420
(** Generate a random {!secret} and the corresponding public key.
421
[bits] is the exact bit-size of {!secret} and defaults to a value
422
dependent on the {!type-group}'s [p].
···
431
It is [None] if these invariants do not hold for [public]:
432
[1 < public < p-1] && [public <> gg]. *)
433
434
-
val gen_group : ?g:Mirage_crypto_rng.g -> bits:int -> unit -> group
435
(** [gen_group ~g ~bits ()] generates a random {!type-group} with modulus size
436
[bits]. Uses a safe prime [p = 2q + 1] (with [q] prime) for the modulus
437
and [2] for the generator, such that [2^q = 1 mod p].
···
511
512
(** {1 Random generation} *)
513
514
-
val gen : ?g:Mirage_crypto_rng.g -> Z.t -> Z.t
515
(** [gen ~g n] picks a value in the interval [\[0, n - 1\]] uniformly at random. *)
516
517
-
val gen_r : ?g:Mirage_crypto_rng.g -> Z.t -> Z.t -> Z.t
518
(** [gen_r ~g low high] picks a value from the interval [\[low, high - 1\]]
519
uniformly at random. *)
520
end
···
73
(** [priv_of_primes ~e ~p ~q] is the {{!type-priv}private key} derived from the
74
minimal description [(e, p, q)]. *)
75
76
+
val priv_of_exp : ?g:Crypto_rng.g -> ?attempts:int -> e:Z.t -> d:Z.t ->
77
n:Z.t -> unit -> (priv, [> `Msg of string ]) result
78
(** [priv_of_exp ?g ?attempts ~e ~d n] is the unique {{!type-priv}private key}
79
characterized by the public ([e]) and private ([d]) exponents, and modulus
···
95
type 'a or_digest = [ `Message of 'a | `Digest of string ]
96
(** Either an ['a] or its digest, according to some hash algorithm. *)
97
98
+
type mask = [ `No | `Yes | `Yes_with of Crypto_rng.g ]
99
(** Masking (cryptographic blinding) mode for the RSA transform with the
100
private key. Masking does not change the result, but it does change the
101
timing profile of the operation.
···
132
133
(** {1 Key generation} *)
134
135
+
val generate : ?g:Crypto_rng.g -> ?e:Z.t -> bits:int -> unit -> priv
136
(** [generate ~g ~e ~bits ()] is a new {{!type-priv}private key}. The new key is
137
guaranteed to be well formed, see {!val-priv}.
138
···
155
key size is [priv_bits key / 8], rounded up. *)
156
module PKCS1 : sig
157
158
+
val encrypt : ?g:Crypto_rng.g -> key:pub -> string -> string
159
(** [encrypt g key message] is a PKCS1-padded (type 2) and encrypted
160
[message].
161
···
227
[hlen] is the hash length. *)
228
module OAEP (H : Digestif.S) : sig
229
230
+
val encrypt : ?g:Crypto_rng.g -> ?label:string -> key:pub ->
231
string -> string
232
(** [encrypt ~g ~label ~key message] is {b OAEP}-padded and encrypted
233
[message], using the optional [label].
···
253
hash length and [slen] is the seed length. *)
254
module PSS (H: Digestif.S) : sig
255
256
+
val sign : ?g:Crypto_rng.g -> ?crt_hardening:bool ->
257
?mask:mask -> ?slen:int -> key:priv -> string or_digest -> string
258
(** [sign ~g ~crt_hardening ~mask ~slen ~key message] the [PSS]-padded
259
digest of [message], signed with the [key]. [crt_hardening] defaults
···
322
L-values ([p] size) and imply the corresponding N ([q] size); The last
323
variants specifies L and N directly. *)
324
325
+
type mask = [ `No | `Yes | `Yes_with of Crypto_rng.g ]
326
(** Masking (cryptographic blinding) option. *)
327
328
val pub_of_priv : priv -> pub
329
(** Extract the public component from a private key. *)
330
331
+
val generate : ?g:Crypto_rng.g -> keysize -> priv
332
(** [generate g size] is a fresh {{!type-priv}private} key. The domain parameters
333
are derived using a modified FIPS.186-4 probabilistic process, but the
334
derivation can not be validated. Note that no time masking is done for the
···
416
417
@raise Invalid_key if [s] is degenerate. *)
418
419
+
val gen_key : ?g:Crypto_rng.g -> ?bits:int -> group -> secret * string
420
(** Generate a random {!secret} and the corresponding public key.
421
[bits] is the exact bit-size of {!secret} and defaults to a value
422
dependent on the {!type-group}'s [p].
···
431
It is [None] if these invariants do not hold for [public]:
432
[1 < public < p-1] && [public <> gg]. *)
433
434
+
val gen_group : ?g:Crypto_rng.g -> bits:int -> unit -> group
435
(** [gen_group ~g ~bits ()] generates a random {!type-group} with modulus size
436
[bits]. Uses a safe prime [p = 2q + 1] (with [q] prime) for the modulus
437
and [2] for the generator, such that [2^q = 1 mod p].
···
511
512
(** {1 Random generation} *)
513
514
+
val gen : ?g:Crypto_rng.g -> Z.t -> Z.t
515
(** [gen ~g n] picks a value in the interval [\[0, n - 1\]] uniformly at random. *)
516
517
+
val gen_r : ?g:Crypto_rng.g -> Z.t -> Z.t -> Z.t
518
(** [gen_r ~g low high] picks a value from the interval [\[low, high - 1\]]
519
uniformly at random. *)
520
end
+7
-7
pk/rsa.ml
+7
-7
pk/rsa.ml
···
1
-
open Mirage_crypto.Uncommon
2
3
open Common
4
···
150
let pub_bits ({ n; _ } : pub) = Z.numbits n
151
and priv_bits ({ n; _ } : priv) = Z.numbits n
152
153
-
type mask = [ `No | `Yes | `Yes_with of Mirage_crypto_rng.g ]
154
155
let encrypt_unsafe ~key: ({ e; n } : pub) msg = Z.(powm msg e n)
156
···
206
(* XXX Generalize this into `Rng.samplev` or something. *)
207
let generate_with ?g ~f n =
208
let buf = Bytes.create n
209
-
and k = let b = Mirage_crypto_rng.block g in (n // b * b) in
210
let rec go nonce i j =
211
if i = n then Bytes.unsafe_to_string buf else
212
-
if j = k then go Mirage_crypto_rng.(generate ?g k) i 0 else
213
match String.get_uint8 nonce j with
214
| b when f b -> Bytes.set_uint8 buf i b ; go nonce (succ i) (succ j)
215
| _ -> go nonce i (succ j) in
216
-
go Mirage_crypto_rng.(generate ?g k) 0 0
217
218
let pad ~mark ~padding k msg =
219
let pad = padding (k - String.length msg - 3 |> imax min_pad) in
···
329
let max_msg_bytes k = k - 2 * hlen - 2
330
331
let eme_oaep_encode ?g ?(label = "") k msg =
332
-
let seed = Mirage_crypto_rng.generate ?g hlen
333
and pad = String.make (max_msg_bytes k - String.length msg) '\x00' in
334
let db = String.concat "" [ H.(digest_string label |> to_raw_string) ; pad ; bx01 ; msg ] in
335
let mdb = Bytes.unsafe_to_string (MGF.mask ~seed db) in
···
383
384
let emsa_pss_encode ?g slen emlen msg =
385
let n = emlen // 8
386
-
and salt = Mirage_crypto_rng.generate ?g slen in
387
let h = digest ~salt msg in
388
let db = String.concat "" [ String.make (n - slen - hlen - 2) '\x00' ; bx01 ; salt ] in
389
let mdb = MGF.mask ~seed:h db in
···
1
+
open Crypto.Uncommon
2
3
open Common
4
···
150
let pub_bits ({ n; _ } : pub) = Z.numbits n
151
and priv_bits ({ n; _ } : priv) = Z.numbits n
152
153
+
type mask = [ `No | `Yes | `Yes_with of Crypto_rng.g ]
154
155
let encrypt_unsafe ~key: ({ e; n } : pub) msg = Z.(powm msg e n)
156
···
206
(* XXX Generalize this into `Rng.samplev` or something. *)
207
let generate_with ?g ~f n =
208
let buf = Bytes.create n
209
+
and k = let b = Crypto_rng.block g in (n // b * b) in
210
let rec go nonce i j =
211
if i = n then Bytes.unsafe_to_string buf else
212
+
if j = k then go Crypto_rng.(generate ?g k) i 0 else
213
match String.get_uint8 nonce j with
214
| b when f b -> Bytes.set_uint8 buf i b ; go nonce (succ i) (succ j)
215
| _ -> go nonce i (succ j) in
216
+
go Crypto_rng.(generate ?g k) 0 0
217
218
let pad ~mark ~padding k msg =
219
let pad = padding (k - String.length msg - 3 |> imax min_pad) in
···
329
let max_msg_bytes k = k - 2 * hlen - 2
330
331
let eme_oaep_encode ?g ?(label = "") k msg =
332
+
let seed = Crypto_rng.generate ?g hlen
333
and pad = String.make (max_msg_bytes k - String.length msg) '\x00' in
334
let db = String.concat "" [ H.(digest_string label |> to_raw_string) ; pad ; bx01 ; msg ] in
335
let mdb = Bytes.unsafe_to_string (MGF.mask ~seed db) in
···
383
384
let emsa_pss_encode ?g slen emlen msg =
385
let n = emlen // 8
386
+
and salt = Crypto_rng.generate ?g slen in
387
let h = digest ~salt msg in
388
let db = String.concat "" [ String.make (n - slen - hlen - 2) '\x00' ; bx01 ; salt ] in
389
let mdb = MGF.mask ~seed:h db in
+7
-7
pk/z_extra.ml
+7
-7
pk/z_extra.ml
···
1
-
open Mirage_crypto.Uncommon
2
3
let bit_bound z = Z.size z * 64
4
···
80
81
let gen ?g n =
82
if n < Z.one then invalid_arg "Rng.gen: non-positive: %a" Z.pp_print n;
83
-
let bs = Mirage_crypto_rng.block g in
84
let bits = Z.(numbits (pred n)) in
85
let octets = bits // 8 in
86
let batch =
87
-
if Mirage_crypto_rng.strict g then octets else 2 * octets // bs * bs
88
in
89
let rec attempt buf =
90
if String.length buf >= octets then
91
let x = of_octets_be ~bits buf in
92
if x < n then x else attempt (String.sub buf octets (String.length buf - octets))
93
-
else attempt (Mirage_crypto_rng.generate ?g batch) in
94
-
attempt (Mirage_crypto_rng.generate ?g batch)
95
96
let rec gen_r ?g a b =
97
-
if Mirage_crypto_rng.strict g then
98
let x = gen ?g b in if x < a then gen_r ?g a b else x
99
else Z.(a + gen ?g (b - a))
100
···
115
let gen_bits ?g ?(msb = 0) bits =
116
let bytelen = bits // 8 in
117
let buf = Bytes.create bytelen in
118
-
Mirage_crypto_rng.generate_into ?g buf ~off:0 bytelen;
119
set_msb msb buf ;
120
of_octets_be ~bits (Bytes.unsafe_to_string buf)
121
···
1
+
open Crypto.Uncommon
2
3
let bit_bound z = Z.size z * 64
4
···
80
81
let gen ?g n =
82
if n < Z.one then invalid_arg "Rng.gen: non-positive: %a" Z.pp_print n;
83
+
let bs = Crypto_rng.block g in
84
let bits = Z.(numbits (pred n)) in
85
let octets = bits // 8 in
86
let batch =
87
+
if Crypto_rng.strict g then octets else 2 * octets // bs * bs
88
in
89
let rec attempt buf =
90
if String.length buf >= octets then
91
let x = of_octets_be ~bits buf in
92
if x < n then x else attempt (String.sub buf octets (String.length buf - octets))
93
+
else attempt (Crypto_rng.generate ?g batch) in
94
+
attempt (Crypto_rng.generate ?g batch)
95
96
let rec gen_r ?g a b =
97
+
if Crypto_rng.strict g then
98
let x = gen ?g b in if x < a then gen_r ?g a b else x
99
else Z.(a + gen ?g (b - a))
100
···
115
let gen_bits ?g ?(msb = 0) bits =
116
let bytelen = bits // 8 in
117
let buf = Bytes.create bytelen in
118
+
Crypto_rng.generate_into ?g buf ~off:0 bytelen;
119
set_msb msb buf ;
120
of_octets_be ~bits (Bytes.unsafe_to_string buf)
121
+3
-3
rng/dune
+3
-3
rng/dune
+2
-2
rng/fortuna.ml
+2
-2
rng/fortuna.ml
+1
-1
rng/hmac_drbg.ml
+1
-1
rng/hmac_drbg.ml
···
41
Bytes.unsafe_blit_string v 0 buf off H.digest_size;
42
go (off + H.digest_size) k v (pred i)
43
in
44
-
let v = go off g.k g.v Mirage_crypto.Uncommon.(len // H.digest_size) in
45
g.k <- H.hmac_string ~key:g.k (v ^ bx00) |> H.to_raw_string;
46
g.v <- H.hmac_string ~key:g.k v |> H.to_raw_string
47
-5
rng/miou/dune
-5
rng/miou/dune
-101
rng/miou/mirage_crypto_rng_miou_unix.ml
-101
rng/miou/mirage_crypto_rng_miou_unix.ml
···
1
-
open Mirage_crypto_rng
2
-
3
-
module Pfortuna = Pfortuna
4
-
5
-
type _ Effect.t += Spawn : (unit -> unit) -> unit Effect.t
6
-
external reraise : exn -> 'a = "%reraise"
7
-
8
-
let periodic fn delta =
9
-
let rec one () =
10
-
fn ();
11
-
Miou_unix.sleep (Duration.to_f delta);
12
-
one () in
13
-
Effect.perform (Spawn one)
14
-
15
-
let getrandom delta source =
16
-
let fn () =
17
-
let per_pool = 8 in
18
-
let size = per_pool * pools None in
19
-
let random = Mirage_crypto_rng_unix.getrandom size in
20
-
let idx = ref 0 in
21
-
let fn () =
22
-
incr idx;
23
-
Ok (String.sub random (per_pool * (pred !idx)) per_pool)
24
-
in
25
-
Entropy.feed_pools None source fn in
26
-
periodic fn delta
27
-
28
-
let getrandom_init i =
29
-
let data = Mirage_crypto_rng_unix.getrandom 128 in
30
-
Entropy.header i data
31
-
32
-
let rdrand delta =
33
-
match Entropy.cpu_rng with
34
-
| Error `Not_supported -> ()
35
-
| Ok cpu_rng -> periodic (cpu_rng None) delta
36
-
37
-
let running = Atomic.make false
38
-
39
-
let switch fn =
40
-
let orphans = Miou.orphans () in
41
-
let open Effect.Deep in
42
-
let retc = Fun.id in
43
-
let exnc = reraise in
44
-
let effc : type c. c Effect.t -> ((c, 'r) continuation -> 'r) option
45
-
= function
46
-
| Spawn fn ->
47
-
ignore (Miou.async ~orphans fn);
48
-
Some (fun k -> continue k ())
49
-
| _ -> None in
50
-
match_with fn orphans { retc; exnc; effc }
51
-
52
-
let default_generator_already_set =
53
-
"Mirage_crypto_rng.default_generator has already \
54
-
been set (but not via Mirage_crypto_rng_miou). Please check \
55
-
that this is intentional"
56
-
57
-
let miou_generator_already_launched =
58
-
"Mirage_crypto_rng_miou.initialize has already been launched \
59
-
and a task is already seeding the RNG."
60
-
61
-
type rng = unit Miou.t
62
-
63
-
let rec compare_and_set ?(backoff= Miou_backoff.default) t a b =
64
-
if Atomic.compare_and_set t a b = false
65
-
then compare_and_set ~backoff:(Miou_backoff.once backoff) t a b
66
-
67
-
let rec clean_up sleep orphans = match Miou.care orphans with
68
-
| Some None | None -> Miou_unix.sleep (Duration.to_f sleep); clean_up sleep orphans
69
-
| Some (Some prm) -> Miou.await_exn prm; clean_up sleep orphans
70
-
71
-
let call_if_domain_available fn =
72
-
let available = Miou.Domain.available () in
73
-
let current = (Stdlib.Domain.self () :> int) in
74
-
if current = 0 && available > 0
75
-
|| current <> 0 && available > 1
76
-
then Miou.call fn
77
-
else Miou.async fn
78
-
79
-
let initialize (type a) ?g ?(sleep= Duration.of_sec 1) (rng : a generator) =
80
-
if Atomic.compare_and_set running false true
81
-
then begin
82
-
let seed =
83
-
let init = Entropy.[ bootstrap; whirlwind_bootstrap; bootstrap; getrandom_init ] in
84
-
List.mapi (fun i fn -> fn i) init |> String.concat "" in
85
-
let () =
86
-
try let _ = default_generator () in
87
-
Logs.warn (fun m -> m "%s" default_generator_already_set)
88
-
with No_default_generator -> () in
89
-
let rng = create ?g ~seed ~time:Mtime_clock.elapsed_ns rng in
90
-
set_default_generator rng;
91
-
call_if_domain_available @@ fun () -> switch @@ fun orphans ->
92
-
rdrand sleep;
93
-
let source = Entropy.register_source "getrandom" in
94
-
getrandom (Int64.mul sleep 10L) source;
95
-
clean_up sleep orphans
96
-
end else invalid_arg miou_generator_already_launched
97
-
98
-
let kill prm =
99
-
Miou.cancel prm;
100
-
compare_and_set running true false;
101
-
unset_default_generator ()
···
-47
rng/miou/mirage_crypto_rng_miou_unix.mli
-47
rng/miou/mirage_crypto_rng_miou_unix.mli
···
1
-
(** {b RNG} seeding on {b Miou_unix}.
2
-
3
-
This module initializes a RNG with [getrandom()], and CPU RNG. On BSD system
4
-
(FreeBSD, OpenBSD, MacOS) [getentropy()] is used instead of [getrandom()].
5
-
On Windows 10 or higher, [BCryptGenRandom()] is used with the default RNG.
6
-
Windows 8 or lower are not supported by this library.
7
-
*)
8
-
9
-
module Pfortuna : Mirage_crypto_rng.Generator
10
-
(** {b Pfortuna}, a {b domain-safe} CSPRNG
11
-
{{: https://www.schneier.com/fortuna.html} proposed} by Schneier. *)
12
-
13
-
type rng
14
-
(** Type of tasks seeding the RNG. *)
15
-
16
-
val initialize : ?g:'a -> ?sleep:int64 -> 'a Mirage_crypto_rng.generator -> rng
17
-
(** [initialize ?g ?sleep (module Generator)] will allow the RNG to operate in a
18
-
returned task. This task periodically launches sub-tasks that seed the
19
-
engine (using [getrandom()], [getentropy()] or [BCryptGenRandom()] depending
20
-
on the system). These sub-tasks must be cleaned periodically (in seconds)
21
-
according to the [sleep] parameter given (defaults to 1 second).
22
-
23
-
The user must then {!val:kill} the returned task at the end of the program
24
-
to be sure to clean everything. Otherwise, Miou will complain with the
25
-
exception [Still_has_children].
26
-
27
-
We strongly recommend using {!module:Pfortuna} as an RNG engine rather than
28
-
{!module:Mirage_crypto_rng.Fortuna}. The engine is launched in parallel with
29
-
the other tasks if at least one domain is available. To ensure that there is
30
-
no compromise in the values generated by a {i data-race}, [Pfortuna] is an
31
-
{b domain-safe} implementation of Fortuna.
32
-
33
-
The user cannot make any subsequent calls to [initialize]. In other words,
34
-
you can only initialise a single {!type:rng} task. You must {!val:kill} the
35
-
returned {!type:rng} if you want to re-initialise the RNG.
36
-
37
-
A basic usage of [mirage-crypto-rng-miou-unix] is:
38
-
{[
39
-
let () = Miou_unix.run @@ fun () ->
40
-
let rng = Mirage_crypto_rng_miou_unix.(initialize (module Pfortuna)) in
41
-
let str = Mirage_crypto_rng.generate 16 in
42
-
Format.printf "random: %S\n%!" str;
43
-
Mirage_crypto_rng_miou_unix.kill rng
44
-
]} *)
45
-
46
-
val kill : rng -> unit
47
-
(** [kill rng] terminates the {i background} task which seeds the RNG. *)
···
-137
rng/miou/pfortuna.ml
-137
rng/miou/pfortuna.ml
···
1
-
(* Pfortuna is a re-implementation of Fortuna with a mutex. The goal of this
2
-
module is to provide a global and domain-safe RNG. The implementation use
3
-
[Miou.Mutex] instead of [Mutex] - [Pfortuna] is only available as part of
4
-
the [mirage-crypto-rng-miou-unix] package. Thus, in the context of Miou,
5
-
[Pfortuna] can be used and recommended in place of [Fortuna], so that the
6
-
user can generate random numbers in parallel in several domains.
7
-
8
-
{[
9
-
let () = Miou_unix.run @@ fun () ->
10
-
let rng = Mirage_crypto_rng_miou_unix.(initialize (module Pfortuna)) in
11
-
...
12
-
Mirage_crypto_rng_miou_unix.kill rng
13
-
]}
14
-
15
-
NOTE: when modifying this file, please also check whether rng/fortuna.ml
16
-
needs to be updated. *)
17
-
18
-
open Mirage_crypto
19
-
open Mirage_crypto.Uncommon
20
-
21
-
module SHAd256 = struct
22
-
open Digestif
23
-
type ctx = SHA256.ctx
24
-
let empty = SHA256.empty
25
-
let get t = SHA256.(get t |> to_raw_string |> digest_string |> to_raw_string)
26
-
let digesti i = SHA256.(digesti_string i |> to_raw_string |> digest_string |> to_raw_string)
27
-
let feedi = SHA256.feedi_string
28
-
end
29
-
30
-
let block = 16
31
-
32
-
(* the minimal amount of bytes in a pool to trigger a reseed *)
33
-
let min_pool_size = 64
34
-
(* the minimal duration between two reseeds *)
35
-
let min_time_duration = 1_000_000_000L
36
-
(* number of pools *)
37
-
let pools = 32
38
-
39
-
type t =
40
-
{ ctr : AES.CTR.ctr
41
-
; secret : string
42
-
; key : AES.CTR.key
43
-
; pools : SHAd256.ctx array
44
-
; pool0_size : int
45
-
; reseed_count : int
46
-
; last_reseed : int64
47
-
; time : (unit -> int64) option
48
-
}
49
-
50
-
type g = Miou.Mutex.t * t ref
51
-
52
-
let update (m, g) fn = Miou.Mutex.protect m @@ fun () -> g := fn !g
53
-
let get (m, g) fn = Miou.Mutex.protect m @@ fun () -> fn !g
54
-
55
-
let create ?time () =
56
-
let secret = String.make 32 '\000' in
57
-
let m = Miou.Mutex.create () in
58
-
let t =
59
-
{ ctr= (0L, 0L); secret; key= AES.CTR.of_secret secret
60
-
; pools= Array.make pools SHAd256.empty
61
-
; pool0_size= 0
62
-
; reseed_count= 0
63
-
; last_reseed= 0L
64
-
; time } in
65
-
(m, { contents= t })
66
-
67
-
let seeded ~t =
68
-
let lo, hi = t.ctr in
69
-
not (Int64.equal lo 0L && Int64.equal hi 0L)
70
-
71
-
let set_key ~t secret =
72
-
{ t with secret; key= AES.CTR.of_secret secret }
73
-
74
-
let reseedi ~t iter =
75
-
let t = set_key ~t (SHAd256.digesti (fun fn -> fn t.secret; iter fn)) in
76
-
{ t with ctr= AES.CTR.add_ctr t.ctr 1L }
77
-
78
-
let iter1 a f = f a
79
-
let reseed ~t cs = reseedi ~t (iter1 cs)
80
-
81
-
let generate_rekey ~t buf ~off len =
82
-
let b = len // block* 2 in
83
-
let n = b * block in
84
-
let r = AES.CTR.stream ~key:t.key ~ctr:t.ctr n in
85
-
Bytes.unsafe_blit_string r 0 buf off len;
86
-
let r2 = String.sub r (n - 32) 32 in
87
-
let t = set_key ~t r2 in
88
-
{ t with ctr= AES.CTR.add_ctr t.ctr (Int64.of_int b) }
89
-
90
-
let add_pool_entropy t =
91
-
if t.pool0_size > min_pool_size then
92
-
let should_reseed, now = match t.time with
93
-
| None -> true, 0L
94
-
| Some fn ->
95
-
let now = fn () in
96
-
Int64.(sub now t.last_reseed > min_time_duration), now in
97
-
if should_reseed then begin
98
-
let t = { t with reseed_count= t.reseed_count + 1
99
-
; last_reseed= now
100
-
; pool0_size= 0 } in
101
-
reseedi ~t @@ fun add ->
102
-
for i = 0 to pools - 1 do
103
-
if t.reseed_count land ((1 lsl i) - 1) = 0
104
-
then (SHAd256.get t.pools.(i) |> add; t.pools.(i) <- SHAd256.empty)
105
-
done
106
-
end else t else t
107
-
108
-
let generate_into ~t buf ~off len =
109
-
let t = add_pool_entropy t in
110
-
if not (seeded ~t) then raise Mirage_crypto_rng.Unseeded_generator;
111
-
let rec chunk t off = function
112
-
| i when i <= 0 -> t
113
-
| n ->
114
-
let n' = imin n 0x10000 in
115
-
let t = generate_rekey ~t buf ~off n' in
116
-
chunk t (off + n') (n - n') in
117
-
chunk t off len
118
-
119
-
let add ~t source ~pool data =
120
-
let buf = Bytes.create 2
121
-
and pool = pool land (pools - 1)
122
-
and source = Mirage_crypto_rng.Entropy.id source land 0xff in
123
-
Bytes.set_uint8 buf 0 source;
124
-
Bytes.set_uint8 buf 1 (String.length data);
125
-
t.pools.(pool) <- SHAd256.feedi t.pools.(pool) (iter2 (Bytes.unsafe_to_string buf) data);
126
-
if pool = 0 then { t with pool0_size= t.pool0_size + String.length data } else t
127
-
128
-
let accumulate ~g source =
129
-
let pool = ref 0 in
130
-
`Acc (fun buf ->
131
-
update g @@ fun t ->
132
-
let t = add ~t source ~pool:!pool buf in
133
-
incr pool; t)
134
-
135
-
let reseed ~g cs = update g @@ fun t -> reseed ~t cs
136
-
let generate_into ~g buf ~off len = update g @@ fun t -> generate_into ~t buf ~off len
137
-
let seeded ~g = get g @@ fun t -> seeded ~t
···
-1
rng/miou/pfortuna.mli
-1
rng/miou/pfortuna.mli
···
1
-
include Mirage_crypto_rng.Generator
···
-5
rng/mirage/dune
-5
rng/mirage/dune
-73
rng/mirage/mirage_crypto_rng_mirage.ml
-73
rng/mirage/mirage_crypto_rng_mirage.ml
···
1
-
(*
2
-
* Copyright (c) 2014 Hannes Mehnert
3
-
* Copyright (c) 2014 Anil Madhavapeddy <anil@recoil.org>
4
-
* Copyright (c) 2014-2016 David Kaloper Meršinjak
5
-
* Copyright (c) 2015 Citrix Systems Inc
6
-
* All rights reserved.
7
-
*
8
-
* Redistribution and use in source and binary forms, with or without
9
-
* modification, are permitted provided that the following conditions are met:
10
-
*
11
-
* * Redistributions of source code must retain the above copyright notice, this
12
-
* list of conditions and the following disclaimer.
13
-
*
14
-
* * Redistributions in binary form must reproduce the above copyright notice,
15
-
* this list of conditions and the following disclaimer in the documentation
16
-
* and/or other materials provided with the distribution.
17
-
*
18
-
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
19
-
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20
-
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
21
-
* DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
22
-
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23
-
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
24
-
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
25
-
* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
26
-
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
27
-
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28
-
*)
29
-
30
-
let src = Logs.Src.create "mirage-crypto-rng-mirage" ~doc:"Mirage crypto RNG mirage"
31
-
module Log = (val Logs.src_log src : Logs.LOG)
32
-
33
-
open Mirage_crypto_rng
34
-
35
-
let rdrand_task delta =
36
-
match Entropy.cpu_rng with
37
-
| Error `Not_supported -> ()
38
-
| Ok cpu_rng ->
39
-
let open Lwt.Infix in
40
-
let rdrand = cpu_rng None in
41
-
Lwt.async (fun () ->
42
-
let rec one () =
43
-
rdrand ();
44
-
Mirage_sleep.ns delta >>=
45
-
one
46
-
in
47
-
one ())
48
-
49
-
let bootstrap_functions () =
50
-
Entropy.[ bootstrap ; bootstrap ; whirlwind_bootstrap ; bootstrap ]
51
-
52
-
let running = ref false
53
-
54
-
let initialize (type a) ?g ?(sleep = Duration.of_sec 1) (rng : a generator) =
55
-
if !running then
56
-
Lwt.fail_with "entropy collection already running"
57
-
else begin
58
-
(try
59
-
let _ = default_generator () in
60
-
Log.warn (fun m -> m "Mirage_crypto_rng.default_generator has already \
61
-
been set, check that this call is intentional");
62
-
with
63
-
No_default_generator -> ());
64
-
running := true;
65
-
let seed =
66
-
List.mapi (fun i f -> f i) (bootstrap_functions ()) |> String.concat ""
67
-
in
68
-
let rng = create ?g ~seed ~time:Mirage_mtime.elapsed_ns rng in
69
-
set_default_generator rng;
70
-
rdrand_task sleep;
71
-
Mirage_runtime.at_enter_iter (Entropy.timer_accumulator None);
72
-
Lwt.return_unit
73
-
end
···
-35
rng/mirage/mirage_crypto_rng_mirage.mli
-35
rng/mirage/mirage_crypto_rng_mirage.mli
···
1
-
(*
2
-
* Copyright (c) 2014 Hannes Mehnert
3
-
* Copyright (c) 2014 Anil Madhavapeddy <anil@recoil.org>
4
-
* Copyright (c) 2014-2016 David Kaloper Meršinjak
5
-
* All rights reserved.
6
-
*
7
-
* Redistribution and use in source and binary forms, with or without
8
-
* modification, are permitted provided that the following conditions are met:
9
-
*
10
-
* * Redistributions of source code must retain the above copyright notice, this
11
-
* list of conditions and the following disclaimer.
12
-
*
13
-
* * Redistributions in binary form must reproduce the above copyright notice,
14
-
* this list of conditions and the following disclaimer in the documentation
15
-
* and/or other materials provided with the distribution.
16
-
*
17
-
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
18
-
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19
-
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
20
-
* DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
21
-
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22
-
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
23
-
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
24
-
* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
25
-
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
26
-
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27
-
*)
28
-
29
-
val initialize :
30
-
?g:'a -> ?sleep:int64 -> 'a Mirage_crypto_rng.generator -> unit Lwt.t
31
-
(** [initialize ~g ~sleep generator] sets the default generator to the
32
-
[generator] and sets up periodic entropy feeding for that rng. This
33
-
function fails ([Lwt.fail]) if it is called a second time. The argument
34
-
[~sleep] is measured in ns, and used as sleep between cpu assisted random
35
-
number collection. It defaults to one second. *)
···
rng/mirage_crypto_rng.ml
rng/crypto_rng.ml
rng/mirage_crypto_rng.ml
rng/crypto_rng.ml
+8
-8
rng/mirage_crypto_rng.mli
rng/crypto_rng.mli
+8
-8
rng/mirage_crypto_rng.mli
rng/crypto_rng.mli
···
20
library, you can use /dev/urandom or getentropy(3) (actually getrandom(3) on
21
Linux, getentropy() on macOS and BSD systems, BCryptGenRandom on Windows).
22
23
-
Please ensure to call [Mirage_crypto_rng_unix.use_default], or
24
-
[Mirage_crypto_rng_unix.use_dev_urandom] (if you only want to use
25
-
/dev/urandom), or [Mirage_crypto_rng_unix.use_getentropy] (if you only want
26
to use getrandom/getentropy/BCryptGenRandom).
27
28
For fine-grained control (doing entropy harvesting, etc.), please continue
···
31
via Pfortuna).
32
33
Suitable entropy feeding of generators are provided by other libraries
34
-
{{!Mirage_crypto_rng_mirage}mirage-crypto-rng-mirage} (for MirageOS),
35
-
and {{!Mirage_crypto_rng_miou_unix}mirage-crypto-miou-unix} (for Miou_unix).
36
37
The intention is that "initialize" in the respective sub-library is called
38
once, which sets the default generator and registers entropy
···
176
(** Create a new, unseeded {{!g}g}. *)
177
178
val generate_into : g:g -> bytes -> off:int -> int -> unit
179
-
[@@alert unsafe "Does not do bounds checks. Use Mirage_crypto_rng.generate_into instead."]
180
(** [generate_into ~g buf ~off n] produces [n] uniformly distributed random
181
bytes into [buf] at offset [off], updating the state of [g].
182
183
Assumes that [buf] is at least [off + n] bytes long. Also assumes that
184
[off] and [n] are positive integers. Caution: do not use in your
185
-
application, use [Mirage_crypto_rng.generate_into] instead.
186
*)
187
188
val reseed : g:g -> string -> unit
···
294
if i < 1 then [] else Rng.generate ?g n :: f1 ?g ~n (i - 1)]}
295
296
Generating a [Z.t] smaller than [10]:
297
-
{[let f2 ?g () = Mirage_crypto_pk.Z_extra.gen ?g Z.(~$10)]}
298
299
Creating a local Fortuna instance and using it as a key-derivation function:
300
{[let f3 secret =
···
20
library, you can use /dev/urandom or getentropy(3) (actually getrandom(3) on
21
Linux, getentropy() on macOS and BSD systems, BCryptGenRandom on Windows).
22
23
+
Please ensure to call [Crypto_rng_unix.use_default], or
24
+
[Crypto_rng_unix.use_dev_urandom] (if you only want to use
25
+
/dev/urandom), or [Crypto_rng_unix.use_getentropy] (if you only want
26
to use getrandom/getentropy/BCryptGenRandom).
27
28
For fine-grained control (doing entropy harvesting, etc.), please continue
···
31
via Pfortuna).
32
33
Suitable entropy feeding of generators are provided by other libraries
34
+
{{!Crypto_rng_mirage}mirage-crypto-rng-mirage} (for MirageOS),
35
+
and {{!Crypto_rng_miou_unix}mirage-crypto-miou-unix} (for Miou_unix).
36
37
The intention is that "initialize" in the respective sub-library is called
38
once, which sets the default generator and registers entropy
···
176
(** Create a new, unseeded {{!g}g}. *)
177
178
val generate_into : g:g -> bytes -> off:int -> int -> unit
179
+
[@@alert unsafe "Does not do bounds checks. Use Crypto_rng.generate_into instead."]
180
(** [generate_into ~g buf ~off n] produces [n] uniformly distributed random
181
bytes into [buf] at offset [off], updating the state of [g].
182
183
Assumes that [buf] is at least [off + n] bytes long. Also assumes that
184
[off] and [n] are positive integers. Caution: do not use in your
185
+
application, use [Crypto_rng.generate_into] instead.
186
*)
187
188
val reseed : g:g -> string -> unit
···
294
if i < 1 then [] else Rng.generate ?g n :: f1 ?g ~n (i - 1)]}
295
296
Generating a [Z.t] smaller than [10]:
297
+
{[let f2 ?g () = Crypto_pk.Z_extra.gen ?g Z.(~$10)]}
298
299
Creating a local Fortuna instance and using it as a key-derivation function:
300
{[let f3 secret =
+3
-3
rng/rng.ml
+3
-3
rng/rng.ml
···
6
7
let setup_rng =
8
"\nPlease setup your default random number generator. On Unix, the best \
9
-
path is to call [Mirage_crypto_rng_unix.use_default ()].\
10
\nBut you can use Fortuna (or any other RNG) and setup the seeding \
11
(done by default in MirageOS): \
12
\n\
···
17
`let main = Mirage.main \"Unikernel.Main\" (random @-> job)`, \
18
and `let () = register \"my_unikernel\" [main $ default_random]`. \
19
\n If you are using miou, execute \
20
-
`Mirage_crypto_rng_miou_unix.initialize (module Mirage_crypto_rng.Fortuna)` \
21
at startup."
22
23
let () = Printexc.register_printer (function
···
32
val block : int
33
val create : ?time:(unit -> int64) -> unit -> g
34
val generate_into : g:g -> bytes -> off:int -> int -> unit
35
-
[@@alert unsafe "Does not do bounds checks. Use Mirage_crypto_rng.generate_into instead."]
36
val reseed : g:g -> string -> unit
37
val accumulate : g:g -> source -> [`Acc of string -> unit]
38
val seeded : g:g -> bool
···
6
7
let setup_rng =
8
"\nPlease setup your default random number generator. On Unix, the best \
9
+
path is to call [Crypto_rng_unix.use_default ()].\
10
\nBut you can use Fortuna (or any other RNG) and setup the seeding \
11
(done by default in MirageOS): \
12
\n\
···
17
`let main = Mirage.main \"Unikernel.Main\" (random @-> job)`, \
18
and `let () = register \"my_unikernel\" [main $ default_random]`. \
19
\n If you are using miou, execute \
20
+
`Crypto_rng_miou_unix.initialize (module Crypto_rng.Fortuna)` \
21
at startup."
22
23
let () = Printexc.register_printer (function
···
32
val block : int
33
val create : ?time:(unit -> int64) -> unit -> g
34
val generate_into : g:g -> bytes -> off:int -> int -> unit
35
+
[@@alert unsafe "Does not do bounds checks. Use Crypto_rng.generate_into instead."]
36
val reseed : g:g -> string -> unit
37
val accumulate : g:g -> source -> [`Acc of string -> unit]
38
val seeded : g:g -> bool
+6
-5
rng/unix/dune
+6
-5
rng/unix/dune
···
14
(run ../../config/cfg.exe)))
15
16
(library
17
-
(name mirage_crypto_rng_unix)
18
-
(public_name mirage-crypto-rng.unix)
19
-
(modules mirage_crypto_rng_unix urandom getentropy)
20
-
(libraries mirage-crypto-rng unix logs threads.posix)
21
(foreign_stubs
22
(language c)
23
(include_dirs ../../src/native)
···
27
28
(env
29
(dev
30
-
(c_flags (:include cflags_warn.sexp))))
···
14
(run ../../config/cfg.exe)))
15
16
(library
17
+
(name crypto_rng_unix)
18
+
(public_name crypto-rng.unix)
19
+
(modules crypto_rng_unix urandom getentropy)
20
+
(libraries crypto-rng unix logs threads.posix)
21
(foreign_stubs
22
(language c)
23
(include_dirs ../../src/native)
···
27
28
(env
29
(dev
30
+
(c_flags
31
+
(:include cflags_warn.sexp))))
+1
-1
rng/unix/mc_getrandom_stubs.c
+1
-1
rng/unix/mc_getrandom_stubs.c
+4
-4
rng/unix/mirage_crypto_rng_unix.ml
rng/unix/crypto_rng_unix.ml
+4
-4
rng/unix/mirage_crypto_rng_unix.ml
rng/unix/crypto_rng_unix.ml
···
1
-
open Mirage_crypto_rng
2
3
module Urandom = Urandom
4
···
14
15
let use_default () = use_getentropy ()
16
17
-
let src = Logs.Src.create "mirage-crypto-rng.unix" ~doc:"Mirage crypto RNG Unix"
18
module Log = (val Logs.src_log src : Logs.LOG)
19
20
external getrandom_buf : bytes -> int -> int -> unit = "mc_getrandom" [@@noalloc]
···
36
let initialize (type a) ?g (rng : a generator) =
37
if Atomic.get running then
38
Log.debug
39
-
(fun m -> m "Mirage_crypto_rng_unix.initialize has already been called, \
40
ignoring this call.")
41
else begin
42
(try
43
let _ = default_generator () in
44
-
Log.warn (fun m -> m "Mirage_crypto_rng.default_generator has already \
45
been set, check that this call is intentional");
46
with
47
No_default_generator -> ());
···
1
+
open Crypto_rng
2
3
module Urandom = Urandom
4
···
14
15
let use_default () = use_getentropy ()
16
17
+
let src = Logs.Src.create "crypto-rng.unix" ~doc:"Mirage crypto RNG Unix"
18
module Log = (val Logs.src_log src : Logs.LOG)
19
20
external getrandom_buf : bytes -> int -> int -> unit = "mc_getrandom" [@@noalloc]
···
36
let initialize (type a) ?g (rng : a generator) =
37
if Atomic.get running then
38
Log.debug
39
+
(fun m -> m "Crypto_rng_unix.initialize has already been called, \
40
ignoring this call.")
41
else begin
42
(try
43
let _ = default_generator () in
44
+
Log.warn (fun m -> m "Crypto_rng.default_generator has already \
45
been set, check that this call is intentional");
46
with
47
No_default_generator -> ());
+7
-7
rng/unix/mirage_crypto_rng_unix.mli
rng/unix/crypto_rng_unix.mli
+7
-7
rng/unix/mirage_crypto_rng_unix.mli
rng/unix/crypto_rng_unix.mli
···
7
*)
8
9
(** [initialize ~g rng] will bring the RNG into a working state. *)
10
-
val initialize : ?g:'a -> 'a Mirage_crypto_rng.generator -> unit
11
-
[@@deprecated "Use 'Mirage_crypto_rng_unix.use_default ()' instead."]
12
13
(** [getrandom size] returns a buffer of [size] filled with random bytes. *)
14
val getrandom : int -> string
···
16
(** A generator that opens /dev/urandom and reads from that file descriptor
17
data whenever random data is needed. The file descriptor is closed in
18
[at_exit]. *)
19
-
module Urandom : Mirage_crypto_rng.Generator
20
21
(** A generator using [getrandom(3)] on Linux, [getentropy(3)] on BSD and macOS,
22
and [BCryptGenRandom()] on Windows. *)
23
-
module Getentropy : Mirage_crypto_rng.Generator
24
25
-
(** [use_default ()] initializes the RNG [Mirage_crypto_rng.default_generator]
26
with a sensible default, at the moment using [Getentropy]. *)
27
val use_default : unit -> unit
28
29
(** [use_dev_random ()] initializes the RNG
30
-
[Mirage_crypto_rng.default_generator] with the [Urandom] generator. This
31
raises an exception if "/dev/urandom" cannot be opened. *)
32
val use_dev_urandom : unit -> unit
33
34
-
(** [use_getentropy ()] initializes the RNG [Mirage_crypto_rng.default_generator]
35
with the [Getentropy] generator. *)
36
val use_getentropy : unit -> unit
···
7
*)
8
9
(** [initialize ~g rng] will bring the RNG into a working state. *)
10
+
val initialize : ?g:'a -> 'a Crypto_rng.generator -> unit
11
+
[@@deprecated "Use 'Crypto_rng_unix.use_default ()' instead."]
12
13
(** [getrandom size] returns a buffer of [size] filled with random bytes. *)
14
val getrandom : int -> string
···
16
(** A generator that opens /dev/urandom and reads from that file descriptor
17
data whenever random data is needed. The file descriptor is closed in
18
[at_exit]. *)
19
+
module Urandom : Crypto_rng.Generator
20
21
(** A generator using [getrandom(3)] on Linux, [getentropy(3)] on BSD and macOS,
22
and [BCryptGenRandom()] on Windows. *)
23
+
module Getentropy : Crypto_rng.Generator
24
25
+
(** [use_default ()] initializes the RNG [Crypto_rng.default_generator]
26
with a sensible default, at the moment using [Getentropy]. *)
27
val use_default : unit -> unit
28
29
(** [use_dev_random ()] initializes the RNG
30
+
[Crypto_rng.default_generator] with the [Urandom] generator. This
31
raises an exception if "/dev/urandom" cannot be opened. *)
32
val use_dev_urandom : unit -> unit
33
34
+
(** [use_getentropy ()] initializes the RNG [Crypto_rng.default_generator]
35
with the [Getentropy] generator. *)
36
val use_getentropy : unit -> unit
+6
-5
src/dune
+6
-5
src/dune
···
1
(library
2
-
(name mirage_crypto)
3
-
(public_name mirage-crypto)
4
(libraries eqaf)
5
(private_modules aead chacha20 ccm cipher_block cipher_stream native
6
poly1305 uncommon)
7
(foreign_stubs
8
(language c)
9
-
(names detect_cpu_features misc misc_sse aes_generic aes_aesni ghash_generic
10
-
ghash_pclmul ghash_ctmul des_generic chacha poly1305-donna
11
entropy_cpu_stubs)
12
(flags
13
(:standard)
···
21
22
(env
23
(dev
24
-
(c_flags (:include cflags_warn.sexp))))
25
26
(include_subdirs unqualified)
27
···
1
(library
2
+
(name crypto)
3
+
(public_name crypto)
4
(libraries eqaf)
5
(private_modules aead chacha20 ccm cipher_block cipher_stream native
6
poly1305 uncommon)
7
(foreign_stubs
8
(language c)
9
+
(names detect_cpu_features misc misc_sse aes_generic aes_aesni
10
+
ghash_generic ghash_pclmul ghash_ctmul des_generic chacha poly1305-donna
11
entropy_cpu_stubs)
12
(flags
13
(:standard)
···
21
22
(env
23
(dev
24
+
(c_flags
25
+
(:include cflags_warn.sexp))))
26
27
(include_subdirs unqualified)
28
src/mirage_crypto.ml
src/crypto.ml
src/mirage_crypto.ml
src/crypto.ml
src/mirage_crypto.mli
src/crypto.mli
src/mirage_crypto.mli
src/crypto.mli
+1
-1
src/native/aes_aesni.c
+1
-1
src/native/aes_aesni.c
+1
-1
src/native/aes_generic.c
+1
-1
src/native/aes_generic.c
+1
-1
src/native/chacha.c
+1
-1
src/native/chacha.c
+1
-1
src/native/chacha_generic.c
+1
-1
src/native/chacha_generic.c
+1
-1
src/native/des_generic.c
+1
-1
src/native/des_generic.c
+1
-1
src/native/detect_cpu_features.c
+1
-1
src/native/detect_cpu_features.c
+1
-1
src/native/entropy_cpu_stubs.c
+1
-1
src/native/entropy_cpu_stubs.c
+1
-1
src/native/ghash_ctmul.c
+1
-1
src/native/ghash_ctmul.c
+1
-1
src/native/ghash_generic.c
+1
-1
src/native/ghash_generic.c
+1
-1
src/native/ghash_pclmul.c
+1
-1
src/native/ghash_pclmul.c
src/native/mirage_crypto.h
src/native/crypto.h
src/native/mirage_crypto.h
src/native/crypto.h
+1
-1
src/native/misc.c
+1
-1
src/native/misc.c
+1
-1
src/native/misc_sse.c
+1
-1
src/native/misc_sse.c
+1
-1
src/native/poly1305-donna.c
+1
-1
src/native/poly1305-donna.c
+1
-1
src/uncommon.ml
+1
-1
src/uncommon.ml
+21
-32
tests/dune
+21
-32
tests/dune
···
1
(library
2
(name test_common)
3
-
(libraries mirage-crypto ounit2 ohex)
4
(modules test_common)
5
(optional))
6
7
(test
8
(name test_symmetric_runner)
9
-
(libraries test_common mirage-crypto ounit2)
10
-
(package mirage-crypto)
11
(modules test_base test_cipher test_symmetric_runner))
12
13
(test
14
(name test_random_runner)
15
-
(libraries test_common mirage-crypto mirage-crypto-rng mirage-crypto-rng.unix
16
-
randomconv ounit2)
17
-
(package mirage-crypto-rng)
18
(modules test_random_runner))
19
20
(test
21
(name test_pk_runner)
22
-
(libraries test_common mirage-crypto-pk mirage-crypto-rng.unix randomconv
23
-
ounit2)
24
-
(package mirage-crypto-pk)
25
(modules test_numeric test_dh test_dsa test_rsa test_pk_runner))
26
27
(test
28
-
(name test_entropy_collection)
29
-
(modules test_entropy_collection)
30
-
(package mirage-crypto-rng-mirage)
31
-
(libraries mirage-crypto-rng-mirage mirage-unix duration ohex))
32
-
33
-
(test
34
(name test_entropy)
35
(modules test_entropy)
36
-
(package mirage-crypto-rng)
37
-
(libraries mirage-crypto-rng ohex)
38
-
(enabled_if (and (<> %{architecture} "arm64") (<> %{architecture} "riscv64"))))
39
-
; see https://github.com/mirage/mirage-crypto/issues/216
40
41
(test
42
(name test_ec)
43
(modules test_ec)
44
-
(libraries test_common alcotest mirage-crypto-ec mirage-crypto-rng.unix)
45
-
(package mirage-crypto-ec))
46
47
(test
48
(name test_ec_wycheproof)
···
50
(deps ecdh_secp256r1_test.json ecdsa_secp256r1_sha256_test.json
51
ecdsa_secp256r1_sha512_test.json ecdh_secp384r1_test.json
52
ecdsa_secp384r1_sha384_test.json ecdsa_secp384r1_sha512_test.json
53
-
ecdh_secp521r1_test.json ecdsa_secp521r1_sha512_test.json
54
-
x25519_test.json eddsa_test.json)
55
-
(libraries alcotest mirage-crypto-ec wycheproof digestif asn1-combinators)
56
-
(package mirage-crypto-ec))
57
-
58
-
(tests
59
-
(names test_miou_rng test_miou_entropy_collection)
60
-
(modules test_miou_rng test_miou_entropy_collection)
61
-
(libraries mirage-crypto-rng-miou-unix duration ohex)
62
-
(package mirage-crypto-rng-miou-unix)
63
-
(enabled_if (<> %{os_type} "Win32")))
···
1
(library
2
(name test_common)
3
+
(libraries crypto ounit2 ohex)
4
(modules test_common)
5
(optional))
6
7
(test
8
(name test_symmetric_runner)
9
+
(libraries test_common crypto ounit2)
10
+
(package crypto)
11
(modules test_base test_cipher test_symmetric_runner))
12
13
(test
14
(name test_random_runner)
15
+
(libraries test_common crypto crypto-rng crypto-rng.unix randomconv ounit2)
16
+
(package crypto-rng)
17
(modules test_random_runner))
18
19
(test
20
(name test_pk_runner)
21
+
(libraries test_common crypto-pk crypto-rng.unix randomconv ounit2)
22
+
(package crypto-pk)
23
(modules test_numeric test_dh test_dsa test_rsa test_pk_runner))
24
25
(test
26
(name test_entropy)
27
(modules test_entropy)
28
+
(package crypto-rng)
29
+
(libraries crypto-rng ohex)
30
+
(enabled_if
31
+
(and
32
+
(<> %{architecture} "arm64")
33
+
(<> %{architecture} "riscv64"))))
34
+
35
+
; see https://github.com/mirage/mirage-crypto/issues/216
36
37
(test
38
(name test_ec)
39
(modules test_ec)
40
+
(libraries test_common alcotest crypto-ec crypto-rng.unix)
41
+
(package crypto-ec))
42
43
(test
44
(name test_ec_wycheproof)
···
46
(deps ecdh_secp256r1_test.json ecdsa_secp256r1_sha256_test.json
47
ecdsa_secp256r1_sha512_test.json ecdh_secp384r1_test.json
48
ecdsa_secp384r1_sha384_test.json ecdsa_secp384r1_sha512_test.json
49
+
ecdh_secp521r1_test.json ecdsa_secp521r1_sha512_test.json x25519_test.json
50
+
eddsa_test.json)
51
+
(libraries alcotest crypto-ec wycheproof digestif asn1-combinators)
52
+
(package crypto-ec))
+1
-1
tests/test_base.ml
+1
-1
tests/test_base.ml
+7
-7
tests/test_cipher.ml
+7
-7
tests/test_cipher.ml
···
1
open OUnit2
2
3
-
open Mirage_crypto
4
5
open Test_common
6
···
422
and plaintext = "hello"
423
in
424
assert_raises ~msg:"CCM with short nonce raises"
425
-
(Invalid_argument "Mirage_crypto: CCM: nonce length not between 7 and 13: 0")
426
(fun () -> authenticate_encrypt ~key ~nonce plaintext)
427
and short_nonce_enc2 _ =
428
let key = of_secret (vx "000102030405060708090a0b0c0d0e0f")
···
430
and plaintext = "hello"
431
in
432
assert_raises ~msg:"CCM with short nonce raises"
433
-
(Invalid_argument "Mirage_crypto: CCM: nonce length not between 7 and 13: 1")
434
(fun () -> authenticate_encrypt ~key ~nonce plaintext)
435
and short_nonce_enc3 _ =
436
let key = of_secret (vx "000102030405060708090a0b0c0d0e0f")
···
438
and plaintext = "hello"
439
in
440
assert_raises ~msg:"CCM with short nonce raises"
441
-
(Invalid_argument "Mirage_crypto: CCM: nonce length not between 7 and 13: 6")
442
(fun () -> authenticate_encrypt ~key ~nonce plaintext)
443
and long_nonce_enc _ =
444
let key = of_secret (vx "000102030405060708090a0b0c0d0e0f")
···
446
and plaintext = "hello"
447
in
448
assert_raises ~msg:"CCM with short nonce raises"
449
-
(Invalid_argument "Mirage_crypto: CCM: nonce length not between 7 and 13: 14")
450
(fun () -> authenticate_encrypt ~key ~nonce plaintext)
451
and enc_dec_empty_message _ =
452
(* as reported in https://github.com/mirleft/ocaml-nocrypto/issues/168 *)
···
641
let nonce_zero_length_enc _ =
642
(* reported in https://github.com/mirleft/ocaml-nocrypto/issues/169 *)
643
assert_raises ~msg:"GCM with nonce of length 0"
644
-
(Invalid_argument "Mirage_crypto: GCM: invalid nonce of length 0")
645
(fun () -> authenticate_encrypt ~key ~nonce msg)
646
and nonce_zero_length_dec _ =
647
assert_raises ~msg:"GCM with nonce of 0"
648
-
(Invalid_argument "Mirage_crypto: GCM: invalid nonce of length 0")
649
(fun () -> authenticate_decrypt ~key ~nonce msg)
650
in
651
[
···
1
open OUnit2
2
3
+
open Crypto
4
5
open Test_common
6
···
422
and plaintext = "hello"
423
in
424
assert_raises ~msg:"CCM with short nonce raises"
425
+
(Invalid_argument "Crypto: CCM: nonce length not between 7 and 13: 0")
426
(fun () -> authenticate_encrypt ~key ~nonce plaintext)
427
and short_nonce_enc2 _ =
428
let key = of_secret (vx "000102030405060708090a0b0c0d0e0f")
···
430
and plaintext = "hello"
431
in
432
assert_raises ~msg:"CCM with short nonce raises"
433
+
(Invalid_argument "Crypto: CCM: nonce length not between 7 and 13: 1")
434
(fun () -> authenticate_encrypt ~key ~nonce plaintext)
435
and short_nonce_enc3 _ =
436
let key = of_secret (vx "000102030405060708090a0b0c0d0e0f")
···
438
and plaintext = "hello"
439
in
440
assert_raises ~msg:"CCM with short nonce raises"
441
+
(Invalid_argument "Crypto: CCM: nonce length not between 7 and 13: 6")
442
(fun () -> authenticate_encrypt ~key ~nonce plaintext)
443
and long_nonce_enc _ =
444
let key = of_secret (vx "000102030405060708090a0b0c0d0e0f")
···
446
and plaintext = "hello"
447
in
448
assert_raises ~msg:"CCM with short nonce raises"
449
+
(Invalid_argument "Crypto: CCM: nonce length not between 7 and 13: 14")
450
(fun () -> authenticate_encrypt ~key ~nonce plaintext)
451
and enc_dec_empty_message _ =
452
(* as reported in https://github.com/mirleft/ocaml-nocrypto/issues/168 *)
···
641
let nonce_zero_length_enc _ =
642
(* reported in https://github.com/mirleft/ocaml-nocrypto/issues/169 *)
643
assert_raises ~msg:"GCM with nonce of length 0"
644
+
(Invalid_argument "Crypto: GCM: invalid nonce of length 0")
645
(fun () -> authenticate_encrypt ~key ~nonce msg)
646
and nonce_zero_length_dec _ =
647
assert_raises ~msg:"GCM with nonce of 0"
648
+
(Invalid_argument "Crypto: GCM: invalid nonce of length 0")
649
(fun () -> authenticate_decrypt ~key ~nonce msg)
650
in
651
[
+1
-1
tests/test_dh.ml
+1
-1
tests/test_dh.ml
+2
-2
tests/test_dsa.ml
+2
-2
tests/test_dsa.ml
+4
-4
tests/test_ec.ml
+4
-4
tests/test_ec.ml
···
1
-
open Mirage_crypto_ec
2
open Test_common
3
4
module Testable = struct
···
216
"ECDSA verify", `Quick, ecdsa_verify ;
217
]
218
219
-
let pub_key_compression (module Dsa:Mirage_crypto_ec.Dsa) () =
220
for _ = 1 to 20 do
221
let _, pub = Dsa.generate () in
222
let compressed = Dsa.pub_to_octets ~compress:true pub in
···
803
|};
804
]
805
806
-
let point_module_tests (module C : Mirage_crypto_ec.Dh_dsa) name =
807
let open C in
808
let test_generator_not_identity () =
809
(* Generator should not be the identity (at infinity) *)
···
924
| Error _ -> Alcotest.fail "regression failed"
925
926
let () =
927
-
Mirage_crypto_rng_unix.use_default ();
928
Alcotest.run "EC"
929
[
930
("P256 Key exchange", key_exchange);
···
1
+
open Crypto_ec
2
open Test_common
3
4
module Testable = struct
···
216
"ECDSA verify", `Quick, ecdsa_verify ;
217
]
218
219
+
let pub_key_compression (module Dsa:Crypto_ec.Dsa) () =
220
for _ = 1 to 20 do
221
let _, pub = Dsa.generate () in
222
let compressed = Dsa.pub_to_octets ~compress:true pub in
···
803
|};
804
]
805
806
+
let point_module_tests (module C : Crypto_ec.Dh_dsa) name =
807
let open C in
808
let test_generator_not_identity () =
809
(* Generator should not be the identity (at infinity) *)
···
924
| Error _ -> Alcotest.fail "regression failed"
925
926
let () =
927
+
Crypto_rng_unix.use_default ();
928
Alcotest.run "EC"
929
[
930
("P256 Key exchange", key_exchange);
+1
-1
tests/test_ec_wycheproof.ml
+1
-1
tests/test_ec_wycheproof.ml
+3
-3
tests/test_entropy.ml
+3
-3
tests/test_entropy.ml
···
2
let data = ref ""
3
4
let cpu_bootstrap_check () =
5
-
match Mirage_crypto_rng.Entropy.cpu_rng_bootstrap with
6
| Error `Not_supported -> print_endline "no CPU RNG available"
7
| Ok cpu_rng_bootstrap ->
8
match cpu_rng_bootstrap 1 with
···
22
23
let whirlwind_bootstrap_check () =
24
for i = 0 to 10 do
25
-
let data' = Mirage_crypto_rng.Entropy.whirlwind_bootstrap 1 in
26
if String.equal !data data' then begin
27
Ohex.pp Format.std_formatter data';
28
failwith ("same data from whirlwind bootstrap at " ^ string_of_int i);
···
32
33
let timer_check () =
34
for i = 0 to 10 do
35
-
let data' = Mirage_crypto_rng.Entropy.interrupt_hook () in
36
if String.equal !data data' then begin
37
Ohex.pp Format.std_formatter data';
38
failwith ("same data from timer at " ^ string_of_int i);
···
2
let data = ref ""
3
4
let cpu_bootstrap_check () =
5
+
match Crypto_rng.Entropy.cpu_rng_bootstrap with
6
| Error `Not_supported -> print_endline "no CPU RNG available"
7
| Ok cpu_rng_bootstrap ->
8
match cpu_rng_bootstrap 1 with
···
22
23
let whirlwind_bootstrap_check () =
24
for i = 0 to 10 do
25
+
let data' = Crypto_rng.Entropy.whirlwind_bootstrap 1 in
26
if String.equal !data data' then begin
27
Ohex.pp Format.std_formatter data';
28
failwith ("same data from whirlwind bootstrap at " ^ string_of_int i);
···
32
33
let timer_check () =
34
for i = 0 to 10 do
35
+
let data' = Crypto_rng.Entropy.interrupt_hook () in
36
if String.equal !data data' then begin
37
Ohex.pp Format.std_formatter data';
38
failwith ("same data from timer at " ^ string_of_int i);
-36
tests/test_entropy_collection.ml
-36
tests/test_entropy_collection.ml
···
1
-
open Lwt.Infix
2
-
3
-
module Printing_rng = struct
4
-
type g = unit
5
-
6
-
let block = 16
7
-
8
-
let create ?time:_ () = ()
9
-
10
-
let generate_into ~g:_ _buf ~off:_ _len = assert false
11
-
12
-
let reseed ~g:_ data =
13
-
Format.printf "reseeding:@.%a@.%!" (Ohex.pp_hexdump ()) data
14
-
15
-
let accumulate ~g:_ source =
16
-
let print data =
17
-
Format.printf "accumulate: (src: %a) %a@.%!"
18
-
Mirage_crypto_rng.Entropy.pp_source source Ohex.pp data
19
-
in
20
-
`Acc print
21
-
22
-
let seeded ~g:_ = true
23
-
let pools = 1
24
-
end
25
-
26
-
let with_entropy act =
27
-
Mirage_crypto_rng_mirage.initialize (module Printing_rng) >>= fun () ->
28
-
Format.printf "entropy sources: %a@,%!"
29
-
(fun ppf -> List.iter (fun x ->
30
-
Mirage_crypto_rng.Entropy.pp_source ppf x;
31
-
Format.pp_print_space ppf ()))
32
-
(Mirage_crypto_rng.Entropy.sources ());
33
-
act ()
34
-
35
-
let () =
36
-
Unix_os.(Main.run (with_entropy (fun () -> Time.sleep_ns (Duration.of_sec 3))))
···
-31
tests/test_miou_entropy_collection.ml
-31
tests/test_miou_entropy_collection.ml
···
1
-
module Printing_rng = struct
2
-
type g = unit
3
-
4
-
let block = 16
5
-
let create ?time:_ () = ()
6
-
let generate_into ~g:_ _buf ~off:_ _len = assert false
7
-
let seeded ~g:_ = true
8
-
let pools = 1
9
-
10
-
let reseed ~g:_ data =
11
-
Format.printf "reseeding:@.%a@.%!" (Ohex.pp_hexdump ()) data
12
-
13
-
let accumulate ~g:_ source =
14
-
let print data =
15
-
Format.printf "accumulate: (src: %a) %a@.%!"
16
-
Mirage_crypto_rng.Entropy.pp_source source Ohex.pp data
17
-
in
18
-
`Acc print
19
-
end
20
-
21
-
let () =
22
-
Miou_unix.run @@ fun () ->
23
-
let rng = Mirage_crypto_rng_miou_unix.initialize (module Printing_rng) in
24
-
Format.printf "entropy sources: %a@,%!"
25
-
(fun ppf -> List.iter (fun x ->
26
-
Mirage_crypto_rng.Entropy.pp_source ppf x;
27
-
Format.pp_print_space ppf ()))
28
-
(Mirage_crypto_rng.Entropy.sources ());
29
-
let sleep = Duration.(of_sec 2 |> to_f) in
30
-
Miou_unix.sleep sleep;
31
-
Mirage_crypto_rng_miou_unix.kill rng
···
-16
tests/test_miou_rng.ml
-16
tests/test_miou_rng.ml
···
1
-
let () = Miou_unix.run @@ fun () ->
2
-
let rng = Mirage_crypto_rng_miou_unix.(initialize (module Pfortuna)) in
3
-
let random_num = Mirage_crypto_rng.generate 32 in
4
-
assert (String.length random_num = 32);
5
-
Printf.printf "32 bit random number: %s\n%!" (Ohex.encode random_num);
6
-
let random_num = Mirage_crypto_rng.generate 16 in
7
-
assert (String.length random_num = 16);
8
-
Printf.printf "16 bit random number: %s\n%!" (Ohex.encode random_num);
9
-
(* NOTE(dinosaure): the test below shows that [Pfortuna] is domain-safe when
10
-
run with TSan. If we use the Fortuna engine, TSan will report invalid
11
-
accesses between the domain that seeds the RNG and [dom0]. *)
12
-
for _ = 0 to 4 do
13
-
let _ = Mirage_crypto_rng.generate 16 in
14
-
Miou_unix.sleep 0.5;
15
-
done;
16
-
Mirage_crypto_rng_miou_unix.kill rng
···
+3
-3
tests/test_numeric.ml
+3
-3
tests/test_numeric.ml
···
1
open OUnit2
2
3
-
open Mirage_crypto.Uncommon
4
-
open Mirage_crypto_pk
5
6
open Test_common
7
···
15
16
let n_decode_reencode_selftest ~typ ~bytes n =
17
typ ^ " selftest" >:: times ~n @@ fun _ ->
18
-
let cs = Mirage_crypto_rng.generate bytes in
19
let cs' = Z_extra.(to_octets_be ~size:bytes @@ of_octets_be cs) in
20
assert_oct_equal cs cs'
21
···
1
open OUnit2
2
3
+
open Crypto.Uncommon
4
+
open Crypto_pk
5
6
open Test_common
7
···
15
16
let n_decode_reencode_selftest ~typ ~bytes n =
17
typ ^ " selftest" >:: times ~n @@ fun _ ->
18
+
let cs = Crypto_rng.generate bytes in
19
let cs' = Z_extra.(to_octets_be ~size:bytes @@ of_octets_be cs) in
20
assert_oct_equal cs cs'
21
+1
-1
tests/test_pk_runner.ml
+1
-1
tests/test_pk_runner.ml
+17
-17
tests/test_random_runner.ml
+17
-17
tests/test_random_runner.ml
···
1
open OUnit2
2
3
-
open Mirage_crypto
4
5
open Test_common
6
7
let sample arr =
8
let ix =
9
-
Randomconv.int ~bound:(Array.length arr) Mirage_crypto_rng.generate
10
in
11
arr.(ix)
12
···
15
let ecb_selftest (m : (module Block.ECB)) n =
16
let module C = ( val m ) in
17
"selftest" >:: times ~n @@ fun _ ->
18
-
let data = Mirage_crypto_rng.generate (C.block_size * 8)
19
-
and key = C.of_secret @@ Mirage_crypto_rng.generate (sample C.key_sizes) in
20
let data' =
21
C.( data |> encrypt ~key |> encrypt ~key
22
|> decrypt ~key |> decrypt ~key ) in
···
25
let cbc_selftest (m : (module Block.CBC)) n =
26
let module C = ( val m ) in
27
"selftest" >:: times ~n @@ fun _ ->
28
-
let data = Mirage_crypto_rng.generate (C.block_size * 8)
29
-
and iv = Mirage_crypto_rng.generate C.block_size
30
-
and key = C.of_secret @@ Mirage_crypto_rng.generate (sample C.key_sizes) in
31
assert_oct_equal ~msg:"CBC e->e->d->d" data
32
C.( data |> encrypt ~key ~iv |> encrypt ~key ~iv
33
|> decrypt ~key ~iv |> decrypt ~key ~iv );
···
44
let module M = (val m) in
45
let bs = M.block_size in
46
"selftest" >:: times ~n @@ fun _ ->
47
-
let key = M.of_secret @@ Mirage_crypto_rng.generate (sample M.key_sizes)
48
-
and ctr = Mirage_crypto_rng.generate bs |> M.ctr_of_octets
49
-
and data = Mirage_crypto_rng.(generate @@ bs + Randomconv.int ~bound:(20 * bs) Mirage_crypto_rng.generate) in
50
let enc = M.encrypt ~key ~ctr data in
51
let dec = M.decrypt ~key ~ctr enc in
52
assert_oct_equal ~msg:"CTR e->d" data dec;
53
let (d1, d2) =
54
-
let s = bs * Randomconv.int ~bound:(String.length data / bs) Mirage_crypto_rng.generate in
55
String.sub data 0 s, String.sub data s (String.length data - s)
56
in
57
assert_oct_equal ~msg:"CTR chain" enc @@
···
60
let ctr_offsets (type c) ~zero (m : (module Block.CTR with type ctr = c)) n =
61
let module M = (val m) in
62
"offsets" >:: fun _ ->
63
-
let key = M.of_secret @@ Mirage_crypto_rng.generate M.key_sizes.(0) in
64
for i = 0 to n - 1 do
65
let ctr = match i with
66
| 0 -> M.add_ctr zero (-1L)
67
-
| _ -> Mirage_crypto_rng.generate M.block_size |> M.ctr_of_octets
68
-
and gap = Randomconv.int ~bound:64 Mirage_crypto_rng.generate in
69
let s1 = M.stream ~key ~ctr ((gap + 1) * M.block_size)
70
and s2 = M.stream ~key ~ctr:(M.add_ctr ctr (Int64.of_int gap)) M.block_size in
71
assert_oct_equal ~msg:"shifted stream"
···
75
let xor_selftest n =
76
"selftest" >:: times ~n @@ fun _ ->
77
78
-
let n = Randomconv.int ~bound:30 Mirage_crypto_rng.generate in
79
-
let (x, y, z) = Mirage_crypto_rng.(generate n, generate n, generate n) in
80
81
let xyz = Uncommon.(xor (xor x y) z)
82
and xyz' = Uncommon.(xor x (xor y z)) in
···
105
]
106
107
let () =
108
-
Mirage_crypto_rng_unix.use_default ();
109
run_test_tt_main suite
···
1
open OUnit2
2
3
+
open Crypto
4
5
open Test_common
6
7
let sample arr =
8
let ix =
9
+
Randomconv.int ~bound:(Array.length arr) Crypto_rng.generate
10
in
11
arr.(ix)
12
···
15
let ecb_selftest (m : (module Block.ECB)) n =
16
let module C = ( val m ) in
17
"selftest" >:: times ~n @@ fun _ ->
18
+
let data = Crypto_rng.generate (C.block_size * 8)
19
+
and key = C.of_secret @@ Crypto_rng.generate (sample C.key_sizes) in
20
let data' =
21
C.( data |> encrypt ~key |> encrypt ~key
22
|> decrypt ~key |> decrypt ~key ) in
···
25
let cbc_selftest (m : (module Block.CBC)) n =
26
let module C = ( val m ) in
27
"selftest" >:: times ~n @@ fun _ ->
28
+
let data = Crypto_rng.generate (C.block_size * 8)
29
+
and iv = Crypto_rng.generate C.block_size
30
+
and key = C.of_secret @@ Crypto_rng.generate (sample C.key_sizes) in
31
assert_oct_equal ~msg:"CBC e->e->d->d" data
32
C.( data |> encrypt ~key ~iv |> encrypt ~key ~iv
33
|> decrypt ~key ~iv |> decrypt ~key ~iv );
···
44
let module M = (val m) in
45
let bs = M.block_size in
46
"selftest" >:: times ~n @@ fun _ ->
47
+
let key = M.of_secret @@ Crypto_rng.generate (sample M.key_sizes)
48
+
and ctr = Crypto_rng.generate bs |> M.ctr_of_octets
49
+
and data = Crypto_rng.(generate @@ bs + Randomconv.int ~bound:(20 * bs) Crypto_rng.generate) in
50
let enc = M.encrypt ~key ~ctr data in
51
let dec = M.decrypt ~key ~ctr enc in
52
assert_oct_equal ~msg:"CTR e->d" data dec;
53
let (d1, d2) =
54
+
let s = bs * Randomconv.int ~bound:(String.length data / bs) Crypto_rng.generate in
55
String.sub data 0 s, String.sub data s (String.length data - s)
56
in
57
assert_oct_equal ~msg:"CTR chain" enc @@
···
60
let ctr_offsets (type c) ~zero (m : (module Block.CTR with type ctr = c)) n =
61
let module M = (val m) in
62
"offsets" >:: fun _ ->
63
+
let key = M.of_secret @@ Crypto_rng.generate M.key_sizes.(0) in
64
for i = 0 to n - 1 do
65
let ctr = match i with
66
| 0 -> M.add_ctr zero (-1L)
67
+
| _ -> Crypto_rng.generate M.block_size |> M.ctr_of_octets
68
+
and gap = Randomconv.int ~bound:64 Crypto_rng.generate in
69
let s1 = M.stream ~key ~ctr ((gap + 1) * M.block_size)
70
and s2 = M.stream ~key ~ctr:(M.add_ctr ctr (Int64.of_int gap)) M.block_size in
71
assert_oct_equal ~msg:"shifted stream"
···
75
let xor_selftest n =
76
"selftest" >:: times ~n @@ fun _ ->
77
78
+
let n = Randomconv.int ~bound:30 Crypto_rng.generate in
79
+
let (x, y, z) = Crypto_rng.(generate n, generate n, generate n) in
80
81
let xyz = Uncommon.(xor (xor x y) z)
82
and xyz' = Uncommon.(xor x (xor y z)) in
···
105
]
106
107
let () =
108
+
Crypto_rng_unix.use_default ();
109
run_test_tt_main suite
+14
-14
tests/test_rsa.ml
+14
-14
tests/test_rsa.ml
···
1
open OUnit2
2
3
-
open Mirage_crypto.Uncommon
4
-
open Mirage_crypto_pk
5
6
open Test_common
7
···
19
try
20
Bytes.blit_string !g 0 buf off n;
21
g := String.sub !g n (String.length !g - n)
22
-
with Invalid_argument _ -> raise Mirage_crypto_rng.Unseeded_generator
23
24
let reseed ~g buf = g := !g ^ buf
25
···
31
end
32
33
let random_is seed =
34
-
Mirage_crypto_rng.create ~seed:seed (module Null)
35
36
let gen_rsa ~bits =
37
let e = Z.(if bits < 24 then ~$3 else ~$0x10001) in
···
83
let msg =
84
let size = bits // 8 in
85
let buf = Bytes.create size in
86
-
Mirage_crypto_rng.generate_into buf ~off:0 size;
87
-
let i = 1 + Randomconv.int ~bound:(pred size) Mirage_crypto_rng.generate in
88
Bytes.set_uint8 buf 0 0;
89
Bytes.(set_uint8 buf i (get_uint8 buf i lor 2));
90
Bytes.unsafe_to_string buf
···
103
let pkcs_message_for_bits bits =
104
let padding = 12 in
105
let size = bits // 8 - padding in
106
-
assert (size >= 0) ; Mirage_crypto_rng.generate size
107
108
let rsa_pkcs1_encode_selftest ~bits n =
109
"selftest" >:: times ~n @@ fun _ ->
···
119
let open Digestif.SHA1 in
120
"selftest" >:: times ~n @@ fun _ ->
121
let key = gen_rsa ~bits:(Rsa.PKCS1.min_key `SHA1)
122
-
and msg = Mirage_crypto_rng.generate 47 in
123
let pkey = Rsa.pub_of_priv key in
124
assert_bool "invert 1" Rsa.PKCS1.(
125
verify ~key:pkey ~hashp:any (`Message msg)
···
146
let module OAEP_SHA384 = Rsa.OAEP (Digestif.SHA384) in
147
"selftest" >:: times ~n @@ fun _ ->
148
let key = gen_rsa ~bits in
149
-
let msg = Mirage_crypto_rng.generate (bits // 8 - 2 * Digestif.MD5.digest_size - 2) in
150
let enc = OAEP_MD5.encrypt ~key:(Rsa.pub_of_priv key) msg in
151
(match OAEP_MD5.decrypt ~key enc with
152
| None -> assert_failure "unpad failure"
153
| Some dec -> assert_oct_equal msg dec ~msg:"recovery failure");
154
-
let msg = Mirage_crypto_rng.generate (bits // 8 - 2 * Digestif.SHA1.digest_size - 2) in
155
let enc = OAEP_SHA1.encrypt ~key:(Rsa.pub_of_priv key) msg in
156
(match OAEP_SHA1.decrypt ~key enc with
157
| None -> assert_failure "unpad failure"
158
| Some dec -> assert_oct_equal msg dec ~msg:"recovery failure");
159
-
let msg = Mirage_crypto_rng.generate (bits // 8 - 2 * Digestif.SHA224.digest_size - 2) in
160
let enc = OAEP_SHA224.encrypt ~key:(Rsa.pub_of_priv key) msg in
161
(match OAEP_SHA224.decrypt ~key enc with
162
| None -> assert_failure "unpad failure"
163
| Some dec -> assert_oct_equal msg dec ~msg:"recovery failure");
164
-
let msg = Mirage_crypto_rng.generate (bits // 8 - 2 * Digestif.SHA256.digest_size - 2) in
165
let enc = OAEP_SHA256.encrypt ~key:(Rsa.pub_of_priv key) msg in
166
(match OAEP_SHA256.decrypt ~key enc with
167
| None -> assert_failure "unpad failure"
168
| Some dec -> assert_oct_equal msg dec ~msg:"recovery failure");
169
-
let msg = Mirage_crypto_rng.generate (bits // 8 - 2 * Digestif.SHA384.digest_size - 2) in
170
let enc = OAEP_SHA384.encrypt ~key:(Rsa.pub_of_priv key) msg in
171
(match OAEP_SHA384.decrypt ~key enc with
172
| None -> assert_failure "unpad failure"
···
176
let module Pss_sha1 = Rsa.PSS (Digestif.SHA1) in
177
"selftest" >:: times ~n @@ fun _ ->
178
let key = gen_rsa ~bits
179
-
and msg = Mirage_crypto_rng.generate 1024 in
180
let pkey = Rsa.pub_of_priv key in
181
let dgst = Digestif.SHA1.(digest_string msg |> to_raw_string) in
182
let signature = Pss_sha1.sign ~key (`Digest dgst) in
···
1
open OUnit2
2
3
+
open Crypto.Uncommon
4
+
open Crypto_pk
5
6
open Test_common
7
···
19
try
20
Bytes.blit_string !g 0 buf off n;
21
g := String.sub !g n (String.length !g - n)
22
+
with Invalid_argument _ -> raise Crypto_rng.Unseeded_generator
23
24
let reseed ~g buf = g := !g ^ buf
25
···
31
end
32
33
let random_is seed =
34
+
Crypto_rng.create ~seed:seed (module Null)
35
36
let gen_rsa ~bits =
37
let e = Z.(if bits < 24 then ~$3 else ~$0x10001) in
···
83
let msg =
84
let size = bits // 8 in
85
let buf = Bytes.create size in
86
+
Crypto_rng.generate_into buf ~off:0 size;
87
+
let i = 1 + Randomconv.int ~bound:(pred size) Crypto_rng.generate in
88
Bytes.set_uint8 buf 0 0;
89
Bytes.(set_uint8 buf i (get_uint8 buf i lor 2));
90
Bytes.unsafe_to_string buf
···
103
let pkcs_message_for_bits bits =
104
let padding = 12 in
105
let size = bits // 8 - padding in
106
+
assert (size >= 0) ; Crypto_rng.generate size
107
108
let rsa_pkcs1_encode_selftest ~bits n =
109
"selftest" >:: times ~n @@ fun _ ->
···
119
let open Digestif.SHA1 in
120
"selftest" >:: times ~n @@ fun _ ->
121
let key = gen_rsa ~bits:(Rsa.PKCS1.min_key `SHA1)
122
+
and msg = Crypto_rng.generate 47 in
123
let pkey = Rsa.pub_of_priv key in
124
assert_bool "invert 1" Rsa.PKCS1.(
125
verify ~key:pkey ~hashp:any (`Message msg)
···
146
let module OAEP_SHA384 = Rsa.OAEP (Digestif.SHA384) in
147
"selftest" >:: times ~n @@ fun _ ->
148
let key = gen_rsa ~bits in
149
+
let msg = Crypto_rng.generate (bits // 8 - 2 * Digestif.MD5.digest_size - 2) in
150
let enc = OAEP_MD5.encrypt ~key:(Rsa.pub_of_priv key) msg in
151
(match OAEP_MD5.decrypt ~key enc with
152
| None -> assert_failure "unpad failure"
153
| Some dec -> assert_oct_equal msg dec ~msg:"recovery failure");
154
+
let msg = Crypto_rng.generate (bits // 8 - 2 * Digestif.SHA1.digest_size - 2) in
155
let enc = OAEP_SHA1.encrypt ~key:(Rsa.pub_of_priv key) msg in
156
(match OAEP_SHA1.decrypt ~key enc with
157
| None -> assert_failure "unpad failure"
158
| Some dec -> assert_oct_equal msg dec ~msg:"recovery failure");
159
+
let msg = Crypto_rng.generate (bits // 8 - 2 * Digestif.SHA224.digest_size - 2) in
160
let enc = OAEP_SHA224.encrypt ~key:(Rsa.pub_of_priv key) msg in
161
(match OAEP_SHA224.decrypt ~key enc with
162
| None -> assert_failure "unpad failure"
163
| Some dec -> assert_oct_equal msg dec ~msg:"recovery failure");
164
+
let msg = Crypto_rng.generate (bits // 8 - 2 * Digestif.SHA256.digest_size - 2) in
165
let enc = OAEP_SHA256.encrypt ~key:(Rsa.pub_of_priv key) msg in
166
(match OAEP_SHA256.decrypt ~key enc with
167
| None -> assert_failure "unpad failure"
168
| Some dec -> assert_oct_equal msg dec ~msg:"recovery failure");
169
+
let msg = Crypto_rng.generate (bits // 8 - 2 * Digestif.SHA384.digest_size - 2) in
170
let enc = OAEP_SHA384.encrypt ~key:(Rsa.pub_of_priv key) msg in
171
(match OAEP_SHA384.decrypt ~key enc with
172
| None -> assert_failure "unpad failure"
···
176
let module Pss_sha1 = Rsa.PSS (Digestif.SHA1) in
177
"selftest" >:: times ~n @@ fun _ ->
178
let key = gen_rsa ~bits
179
+
and msg = Crypto_rng.generate 1024 in
180
let pkey = Rsa.pub_of_priv key in
181
let dgst = Digestif.SHA1.(digest_string msg |> to_raw_string) in
182
let signature = Pss_sha1.sign ~key (`Digest dgst) in
+1
-1
tests/test_symmetric_runner.ml
+1
-1
tests/test_symmetric_runner.ml