Build History for branch/main

mirage-crypto-rng.unix: provide new generators: Urandom and Getentropy (#250) * Add /dev/urandom and getentropy RNG generators Provide guidance to use these by default, document that Fortuna is not thread-safe. As suggested in #249 * require 4.14 (uses in_channel) * bench/speed: use Urandom and Getentropy generators * mirage-crypto-rng-unix: more documentation * test_entropy: disable on arm64 * Mirage_crypto_rng.generate_into: check off and len being >= 0 * Mirage_crypto_rng.generate_into: adjust docstring * Mirage_crypto_rng.Generator.generate_into: emit unsafe warning Co-authored-by: Reynir Björnsson <reynir@reynir.dk> Co-authored-by: Török Edwin <edwintorok@users.noreply.github.com> Reviewed-by: Calascibetta Romain <romain.calascibetta@gmail.com>

add maintenance intent

Merge pull request #247 from hannesm/no-cs mirage-crypto-rng-eio: declare the cstruct dependency

changes for 1.1.0

Merge pull request #244 from hannesm/ecdh-secret-to-octets mirage-crypto-ec: provide Dh.secret_to_octets

changes for 1.0.1

Merge pull request #242 from hannesm/fix-ccm fix CCM, as discovered when porting TLS to string

update mirage-crypto-rng-miou-unix.opam from opam-repository review (thanks to @mseri)

mirage-crypto-ec: needs a ounit2 with-test dependency

mirage-crypto-ec, mirage-crypto-pk: add ohex with-test dependency

remaining changes

provide ciphers with {de,en}crypt_into functionality (#231) * Mirage_crypto.Block.ECB with {de,en}crypt_into Also provide unsafe_{en,de}crypt_into for further performance. * Mirage_crypto.Block.CBC now has {de,en}crypt_into functionality This may avoid buffer allocations. There are as well unsafe functions for those feeling bounds checks are unnecessary. * counters: add an offset parameter * Mirage_crypto.Block.CTR with {de,en}crypt_into * GCM and ChaCha have {de,en}crypt_into now * CCM16 with {de,en}crypt_into * minor adjustments to speed * Apply suggestions from code review Co-authored-by: Reynir Björnsson <reynir@reynir.dk> * revise bounds checks (cc @reynir @palainp), also check off >= 0 * revise block_size check * update documentation, esp off < 0 * poly1305: mac_into appropriate bounds checks, also unsafe_mac_into * ccm: remove maclen argument, and ensure tag_size = block_size * add tailcall annotations, remove an argument from ccm's loop --------- Co-authored-by: Reynir Björnsson <reynir@reynir.dk>

Uncommon: the xor_into is unsafe (doesn't do bounds checks), make that explicit

Merge pull request #234 from hannesm/mirage-rng mirage-crypto-rng-mirage: provide a module type S (to overcome the mirage-random opam package)

Add an implementation of `mirage-crypto-rng-miou` to initialize the RNG with Miou (#227) * Add an implementation of mirage-crypto-rng-miou to initialize the RNG with Miou * Update GitHub actions and CirrusCI * Use the last version of Miou * Prefer to follow the user's control flow than the cancellation control flow to set correctly global variables * Use Miou_backoff instead of Backoff and avoid a conflict with the backoff package * Upgrade the PR with miou.0.2.0 and delete the pin-depends * Provide a separate executable to bench pfortuna with miou * Add a comment about the goal of Pfortuna * note to sync fortuna and pfortuna * fix opam-lint check: add digestif to dependencies of mirage-crypto-rng-miou-unix * comment out bench/miou in dune to avoid CI build failures since (package mirage-crypto-rng-miou-unix) is not supported without (public_names ..) in dune, there's no easy alternative. Marking it (optional) still results in failures with OCaml-CI * no need for (modes native), this is known as https://github.com/ocaml/dune/issues/9979 --------- Co-authored-by: Hannes Mehnert <hannes@mehnert.org>

Merge pull request #233 from hannesm/require-413 Require OCaml 4.13 and remove local overrides

Merge pull request #236 from hannesm/less-types mirage-crypto-pk, mirage-crypto-rng: remove useless type alias "type bits = int"

Merge pull request #235 from hannesm/no-handcrafted-asn1 tests, mirage-crypto-ec: use asn1-combinators again

typos in rng documentation

Merge pull request #232 from hannesm/updates undefined

changes for 226 230

[ec] Handle K_gen correctly for bitlen mod 8 <> 0 (#230) * [ec] Handle K_gen correctly for bitlen mod 8 <> 0

mirage-crypto-ec: Set bytes used for "zero" to '\000' (#226) Cstruct.create does this. If we don't initialize bytes with '\000', Field_element.zero can be something else than '\000'. It's a fix for mirleft/ocaml-x509#167. Co-authored-by: Hannes Mehnert <hannes@mehnert.org>

mirage-crypto: whitespace change

changes for 221 223 225, also avoid module alias in fortuna

Merge pull request #225 from hannesm/rename mirage-crypto: skip Cipher_block / Cipher_stream module indirection

Use an atomic instead of a reference to be domain-safe (#221) * Random number generator initialisation is domain-safe * Atomic is only available since OCaml 4.12 * set entropy sources via compare_and_set * CI: use 4.12+ only Co-authored-by: Hannes Mehnert <hannes@mehnert.org> Co-authored-by: Reynir Björnsson <reynir@reynir.dk>

mirage-crypto: revise DES to avoid global state in key derivation / key usage (#223) * mirage-crypto: revise DES to avoid global state in key derivation / key usage * mirage-crypto: DES more const, declarations Co-authored-by: Pierre Alain <pierre.alain@tuta.io>

3des test vectors (manually generated by test_random_runner)

Merge pull request #222 from hannesm/fix-mirage RNG: fix some docstrings

further changes (214 215 218 219)

avoid global buffers (#219) * avoid global buffers * rng: safety - ensure generate_into takes a long enough buffer (raise otherwise) * rng: interrupt_hook only one unit argument (@reynir) * remove offset from counters Co-authored-by: Reynir Björnsson <reynir@reynir.dk> Co-authored-by: Calascibetta Romain <romain.calascibetta@gmail.com>

avoid global buffers (#219) * avoid global buffers * rng: safety - ensure generate_into takes a long enough buffer (raise otherwise) * rng: interrupt_hook only one unit argument (@reynir) * remove offset from counters Co-authored-by: Reynir Björnsson <reynir@reynir.dk>

Merge pull request #217 from hannesm/firobe-ec add Firobe to mirage-crypto-ec authors

Merge pull request #218 from hannesm/entropy-sources use a set for entropy sources

remove cstruct from mirage-crypto (#214) Co-authored-by: Reynir Björnsson <reynir@reynir.dk>

use digestif 1.2.0 API (#215) * use digestif 1.2.0 API Co-authored-by: Reynir Björnsson <reynir@reynir.dk>

Merge pull request #213 from hannesm/no-hash remove Hash

further changes entries until 213

mirage-crypto-rng: use string instead of cstruct (#212) * mirage-crypto-rng: use string instead of cstruct * across pk, ec, rng: use digestif instead of Mirage_crypto.Hash * wycheproof: no Mirage_crypto.Hash * rng: provide a generate_into : ?g -> bytes -> ?off:int -> int -> unit and reimplement the generate in terms of generate_into this keeps the allocation at the API boundary if desired Co-authored-by: Reynir Björnsson <reynir@reynir.dk>

mirage-crypto-pk: revise API to not use Cstruct.t (#211) * mirage-crypto-pk: revise API to not use Cstruct.t Co-Authored-By: Reynir Björnsson <reynir@reynir.dk>

mirage-crypto-ec: move API to string (instead of cstruct) (#210) * mirage-crypto-ec: move API to string (instead of cstruct) minor performance gain(s)

changes for 209

Merge pull request #209 from hannesm/no-p224 mirage-crypto-ec: remove NIST P224 support

fill in some changes

Chacha20-Poly1305: use string instead of cstruct (#203) * Chacha20-Poly1305: use string instead of cstruct Performance improvement from 8MB/s to 20MB/s (with 16 byte blocks, on my laptop) Co-Authored-By: Reynir Björnsson <reynir@reynir.dk>

Merge pull request #208 from hannesm/pk-no-sexp mirage-crypto-pk: remove s-expression converters and sexplib0 dependency

mirage-crypto-ec: GNUmakefile - fix p256_tables target

mirage-crypto: CCM bugfix 32 bit with long adata (#207) * Add 32 bit ccm test case * Fix CCM on 32 bit architecture

finalize changes for release

minor tweaks (80 cols)

changes for 194

riscv64: Replace rdcycle64 with rdtime64 when running in userspace (#194) Reviewed-by: Török Edwin <edwintorok@users.noreply.github.com>

update changes

windows/dkml: minor CI adjustments (#198) * pin local opam files * remove mirage-crypto-ec from dkml-windows (test fail, let's not ship it)

Merge pull request #196 from hannesm/ed25519 improvements for 25519

mirage-crypto-ec test: avoid gmp dependency (#200) * test_ec_wycheproof: use let* instead of >>= * mirage-crypto-ec tests: avoid mirage-crypto-pk and asn1-combinators dependency

dkml: also trigger on pull requests

Support Microsoft CL.EXE compiler (#137) Support Microsoft CL.EXE compiler

changes for 191

mirage-crypto-ec: Use windowed algorithm for base scalar mult on NIST P-curves (#191) * [ec] Use windowed algorithm for base scalar mult Using a sliding window method with pre-computed values of multiples of the generator point, obtain far more efficient performance for the special case where G = P in the scalar multiplication kP. By using a safe selection algorithm for pre-computed values and no branches in the main loop, the algorithm leaks no less information about its inputs than the current Montgomery ladder. * [ec] Rewrite scalar_mult_base in C For performance. This implies the need to get generator points from C as well. The pre-computed tables are stored in static memory, and computed lazily. * Generate pre-tables AOT and hardcode them * Separate 64/32 tables * Add 32-bit tables

update CHANGES

README: add code from BoringSSL paragraph

Merge pull request #195 from hannesm/warn-k-ec mirage-crypto-ec: warn about power/timing analysis on k in sign

Replace the internal usage of Cstruct.t by string (#146) Originally, we used Cstruct.t (bigarray) for interfacing. Instead, we use string now. The benefit is that allocating a string is cheap, and in line with OCaml's GC. After some years of stalling, we included benchmarks in bench/speed.ml fot the EC operations in #192 (sign, verify, generate for EC/EdDSA; and ECDH). The result for thi change is a factor between 2 and 2.5. The external API (mirage_crypto_ec.mli) does not change at all. There are various other cleanups in the code, such as providing a layer to isolate the C calls (which receive a bytes buffer for the result value, and thus mutate this buffer) to be immutable. Co-authored-by: Pierre Alain <pierre.alain@tuta.io> Co-authored-by: Hannes Mehnert <hannes@mehnert.org> Co-authored-by: Reynir Björnsson <reynir@reynir.dk> Reviewed-by: Virgile Robles <virgile.robles@protonmail.ch> Reviewed-by: Pierre Alain <pierre.alain@tuta.io>

add EC to bench/speed (#192) * add ECDSA to bench/speed * ecdsa-generate * remaining ec bench * minimize diff * DRY * mirage-crypto: conflict with result < 1.5 (since that redefines Result module, and we don't get Result.get_ok)

test-mirage: bump version

fix typo in changes

changes entry for 190

Merge pull request #190 from fangyaling/main Add support for Loongarch

changes so far

Allocate less in Fortuna (#188) * Fortuna.add: don't allocate a 2 byte cstruct on each call Instead, use a temporary buffer. Contradicts #186 * minor fix

Merge pull request #189 from drchrispinnock/chrispinnock@netbsd Add NetBSD to the list of BSD OS in define

opam: fix typo