gazagnaire.org / ocaml-crypto
upstream: https://github.com/mirage/mirage-crypto
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

crypto: add interface files for aes_pure and ghash_pure

Add aes_pure.mli and ghash_pure.mli describing the pure-OCaml backend
helpers used by the js_of_ocaml / wasm_of_ocaml builds (E600 missing
interface).

Remaining crypto merlint issues are structural and not addressed here:
- bitslice_sbox is a 135-line bitsliced AES round; splitting it would
obscure the standard reference implementation.
- The double-underscore Crypto__crypto_ocaml__ paths come from dune's
virtual-module mangling and cannot be rewritten without dropping
(virtual_modules native).
- test_pure.ml is intentionally an executable used by the .c / .ocaml
/ .js differential test rules in test/dune; converting it to an
Alcotest module would break that comparison.

Thomas Gazagnaire 7af7312d c6b99731

+27
+17
lib/ocaml/aes_pure.mli
··· 1 + (** Bitsliced pure-OCaml AES used by the OCaml backend. 2 + 3 + Matches the API consumed by {!Native.AES}: round keys are stored as a 4 + compressed [int32 array] together with the number of rounds. Decryption is 5 + not implemented because the only consumer is GCM, which only needs the 6 + encryption direction. *) 7 + 8 + val expand_key : string -> Int32.t array * int 9 + (** [expand_key key] returns the compressed bitsliced round keys together with 10 + the AES round count for [key]. The key length must be 16, 24 or 32 bytes. *) 11 + 12 + val encrypt_ecb : 13 + Int32.t array -> int -> string -> int -> bytes -> int -> int -> unit 14 + (** [encrypt_ecb comp_skey num_rounds src soff dst doff blocks] encrypts 15 + [blocks] consecutive 16-byte blocks of [src] starting at [soff] into [dst] 16 + starting at [doff], using [comp_skey] (the compressed round keys produced by 17 + {!expand_key} and re-parsed) and [num_rounds]. *)
+10
lib/ocaml/ghash_pure.mli
··· 1 + (** Pure-OCaml constant-time GHASH used by the OCaml backend. 2 + 3 + GHASH is the universal hash inside GCM. The implementation uses the bitwise 4 + reduction described in NIST SP 800-38D §6.3 with no table lookups, which 5 + makes it portable across the C and js_of_ocaml runtimes at the cost of being 6 + slower than [pclmul]. *) 7 + 8 + val ghash : bytes -> bytes -> string -> int -> int -> unit 9 + (** [ghash key tag data off len] updates [tag] in place with the GHASH of [data] 10 + in the range [\[off, off + len\)] using the 16-byte hash key [key]. *)