this repo has no description
gdiazlo.tngl.sh
1let nonce_size = 12
2let tag_size = 16
3let overhead = nonce_size + tag_size
4
5type key = Mirage_crypto.AES.GCM.key
6
7let init_key secret =
8 if String.length secret <> 32 then Error `Invalid_key_length
9 else Ok (Mirage_crypto.AES.GCM.of_secret secret)
10
11let generate_nonce (random : _ Eio.Flow.source) =
12 let buf = Cstruct.create nonce_size in
13 Eio.Flow.read_exact random buf;
14 Cstruct.to_string buf
15
16let encrypt ~key ~random plaintext =
17 let nonce = generate_nonce random in
18 let ciphertext =
19 Mirage_crypto.AES.GCM.authenticate_encrypt ~key ~nonce
20 (Cstruct.to_string plaintext)
21 in
22 let result = Cstruct.create (nonce_size + String.length ciphertext) in
23 Cstruct.blit_from_string nonce 0 result 0 nonce_size;
24 Cstruct.blit_from_string ciphertext 0 result nonce_size
25 (String.length ciphertext);
26 result
27
28let decrypt ~key data =
29 if Cstruct.length data < overhead then Error `Too_short
30 else
31 let nonce = Cstruct.to_string (Cstruct.sub data 0 nonce_size) in
32 let ciphertext =
33 Cstruct.to_string
34 (Cstruct.sub data nonce_size (Cstruct.length data - nonce_size))
35 in
36 match Mirage_crypto.AES.GCM.authenticate_decrypt ~key ~nonce ciphertext with
37 | Some plaintext -> Ok (Cstruct.of_string plaintext)
38 | None -> Error `Decryption_failed