ocaml-sdls: enable MDX on eio/kek.mli · gazagnaire.org/ocaml-sdls@8aa485d

CCSDS Space Data Link Security (355.0-B-2)

ocaml-sdls: enable MDX on eio/kek.mli

Run mdx on eio/kek.mli so the {[ ... ]} odoc block now type-checks
the three KEK provisioning paths (auto, password-protected, explicit
file).

The example referenced a free `dir`, used unqualified `Kek.X`, and
discarded the return value with shadowing `let kek = ...` lines that
each ignore the previous binding. Restructured around a `report`
helper that prints the byte length on success and surfaces errors
via Fmt.epr + Sdls_eio.Kek.pp_error, then exercises all three calls
under one Eio_main.run so each branch's value is consumed.

Thomas Gazagnaire 1 month ago 8aa485df e48ff861

+17 -19

2 changed files

expand all

eio

dune

kek.mli

+2 -12

eio/dune

··· 1 1 (library 2 2 (name sdls_eio) 3 3 (public_name sdls-eio) 4 - (libraries 5 - sdls 6 - eio 7 - eio.unix 8 - fpath 9 - nox-crypto 10 - nox-crypto-rng 11 - fmt 12 - logs 13 - pbkdf2 14 - nox-hkdf)) 4 + (libraries sdls eio nox-crypto nox-crypto-rng fmt logs pbkdf2 nox-hkdf)) 15 5 16 6 (mdx 17 - (files security_eio.mli otar_eio.mli) 7 + (files security_eio.mli otar_eio.mli kek.mli) 18 8 (libraries sdls sdls-eio fmt eio eio.unix eio_main))

+15 -7

eio/kek.mli

··· 13 13 {2 Usage} 14 14 15 15 {[ 16 - (* Simple: auto-generate on first use *) 17 - let kek = Kek.load_or_create ~dir () in 16 + let report ctx = function 17 + | Ok kek -> Fmt.pr "%s: %d-byte KEK@." ctx (Bytes.length kek) 18 + | Error e -> Fmt.epr "%s: %a@." ctx Sdls_eio.Kek.pp_error e 18 19 19 - (* With password protection *) 20 - let kek = Kek.load_or_create ~password:"secret" ~dir () in 21 - 22 - (* Explicit key file *) 23 - let kek = Kek.load ~file:(Eio.Path.(dir / "master.key")) in 20 + let run () = 21 + Eio_main.run @@ fun env -> 22 + let fs = Eio.Stdenv.fs env in 23 + let dir = Eio.Path.(fs / "/tmp/sdls-keys") in 24 + (* Simple: auto-generate on first use. *) 25 + report "auto" (Sdls_eio.Kek.load_or_create ~dir ()); 26 + (* With password protection. *) 27 + report "passworded" 28 + (Sdls_eio.Kek.load_or_create ~password:"secret" ~dir ()); 29 + (* Explicit key file. *) 30 + report "explicit" 31 + (Sdls_eio.Kek.load ~file:Eio.Path.(dir / "master.key")) 24 32 ]} 25 33 26 34 {b Note}: For production spacecraft systems, use proper key management (HSM,

Configure Feed

Configure Feed