upstream: https://github.com/mirage/mirage-crypto
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge pull request #71 from hannesm/block-cleanup

use Core interface for CCM

authored by

Hannes Mehnert and committed by
GitHub
5ce3fa48 cd6622ba

+35 -75
+1 -1
.cirrus.yml
··· 6 6 matrix: 7 7 - OCAML_VERSION: 4.08.1 8 8 - OCAML_VERSION: 4.09.0 9 - pkg_install_script: pkg install -y ocaml-opam gmp gmake pkgconf 9 + pkg_install_script: pkg install -y ocaml-opam gmp gmake pkgconf bash 10 10 ocaml_script: opam init -a --comp=$OCAML_VERSION 11 11 dependencies_script: eval `opam env` && opam install -y --deps-only . 12 12 freestanding_script: eval `opam env` && opam install -y solo5-bindings-hvt zarith-freestanding
+34 -74
src/cipher_block.ml
··· 2 2 3 3 module S = struct 4 4 5 - (* XXX old block-level sig, remove *) 6 - module type Raw = sig 7 - 8 - type ekey 9 - type dkey 10 - 11 - val e_of_secret : Cstruct.t -> ekey 12 - val d_of_secret : Cstruct.t -> dkey 13 - 14 - val key_sizes : int array 15 - val block_size : int 16 - val encrypt_block : key:ekey -> Cstruct.t -> Cstruct.t -> unit 17 - val decrypt_block : key:dkey -> Cstruct.t -> Cstruct.t -> unit 18 - end 19 - 20 5 module type Core = sig 21 6 22 7 type ekey ··· 148 133 end 149 134 end 150 135 151 - 152 136 module Modes = struct 153 137 154 - module CCM_of (C : S.Raw) : S.CCM = struct 155 - 156 - assert (C.block_size = 16) 157 - 158 - type key = C.ekey * int 159 - 160 - let mac_sizes = [| 4; 6; 8; 10; 12; 14; 16 |] 161 - 162 - let of_secret ~maclen sec = 163 - if Array.mem maclen mac_sizes then 164 - (C.e_of_secret sec, maclen) 165 - else invalid_arg "CCM: MAC length %d" maclen 166 - 167 - let (key_sizes, block_size) = C.(key_sizes, block_size) 168 - 169 - let encrypt ~key:(key, maclen) ~nonce ?adata cs = 170 - Ccm.generation_encryption ~cipher:C.encrypt_block ~key ~nonce ~maclen ?adata cs 171 - 172 - let decrypt ~key:(key, maclen) ~nonce ?adata cs = 173 - Ccm.decryption_verification ~cipher:C.encrypt_block ~key ~nonce ~maclen ?adata cs 174 - 175 - end 176 - 177 - end 178 - 179 - module Modes2 = struct 180 - 181 138 open Cstruct 182 139 183 - module Raw_of (Core : S.Core) : S.Raw = struct 184 - 185 - type ekey = Core.ekey 186 - type dkey = Core.dkey 187 - 188 - let e_of_secret = Core.e_of_secret 189 - let d_of_secret = Core.d_of_secret 190 - 191 - let key_sizes = Core.key 192 - let block_size = Core.block 193 - 194 - let encrypt_block ~key:key src dst = 195 - if src.len < block_size || dst.len < block_size then 196 - invalid_arg "src len %d, dst len %d" src.len dst.len; 197 - Core.encrypt ~key ~blocks:1 src.buffer src.off dst.buffer dst.off 198 - 199 - let decrypt_block ~key:key src dst = 200 - if src.len < block_size || dst.len < block_size then 201 - invalid_arg "src len %d, dst len %d" src.len dst.len; 202 - Core.decrypt ~key ~blocks:1 src.buffer src.off dst.buffer dst.off 203 - end 204 - 205 140 module ECB_of (Core : S.Core) : S.ECB = struct 206 141 207 142 type key = Core.ekey * Core.dkey ··· 361 296 { message = data ; tag = tag ~key ~hkey ~ctr ?adata cdata } 362 297 end 363 298 299 + module CCM_of (C : S.Core) : S.CCM = struct 300 + 301 + let _ = assert (C.block = 16) 302 + 303 + type key = { key : C.ekey ; maclen : int } 304 + 305 + let mac_sizes = [| 4; 6; 8; 10; 12; 14; 16 |] 306 + 307 + let of_secret ~maclen sec = 308 + if Array.mem maclen mac_sizes then 309 + { key = C.e_of_secret sec ; maclen } 310 + else invalid_arg "CCM: MAC length %d" maclen 311 + 312 + let (key_sizes, block_size) = C.(key, block) 313 + 314 + let cipher ~key src dst = 315 + if src.len < block_size || dst.len < block_size then 316 + invalid_arg "src len %d, dst len %d" src.len dst.len; 317 + C.encrypt ~key ~blocks:1 src.buffer src.off dst.buffer dst.off 318 + 319 + let encrypt ~key:{key; maclen} ~nonce ?adata cs = 320 + Ccm.generation_encryption ~cipher ~key ~nonce ~maclen ?adata cs 321 + 322 + let decrypt ~key:{key; maclen} ~nonce ?adata cs = 323 + Ccm.decryption_verification ~cipher ~key ~nonce ~maclen ?adata cs 324 + end 364 325 end 365 326 366 327 module AES = struct ··· 402 363 403 364 end 404 365 405 - module ECB = Modes2.ECB_of (Core) 406 - module CBC = Modes2.CBC_of (Core) 407 - module CTR = Modes2.CTR_of (Core) (Counters.C128be) 408 - module GCM = Modes2.GCM_of (Core) 409 - 410 - module CCM = Modes.CCM_of (Modes2.Raw_of(Core)) 366 + module ECB = Modes.ECB_of (Core) 367 + module CBC = Modes.CBC_of (Core) 368 + module CTR = Modes.CTR_of (Core) (Counters.C128be) 369 + module GCM = Modes.GCM_of (Core) 370 + module CCM = Modes.CCM_of (Core) 411 371 412 372 end 413 373 ··· 443 403 let decrypt = encrypt 444 404 end 445 405 446 - module ECB = Modes2.ECB_of (Core) 447 - module CBC = Modes2.CBC_of (Core) 448 - module CTR = Modes2.CTR_of (Core) (Counters.C64be) 406 + module ECB = Modes.ECB_of (Core) 407 + module CBC = Modes.CBC_of (Core) 408 + module CTR = Modes.CTR_of (Core) (Counters.C64be) 449 409 450 410 end 451 411