Skip to content

Commit

Permalink
remove cstruct from mirage-crypto (#214)
Browse files Browse the repository at this point in the history
Co-authored-by: Reynir Björnsson <[email protected]>
  • Loading branch information
hannesm and reynir authored Mar 19, 2024
1 parent 4b757b1 commit cfa9412
Show file tree
Hide file tree
Showing 43 changed files with 694 additions and 786 deletions.
59 changes: 26 additions & 33 deletions bench/speed.ml
Original file line number Diff line number Diff line change
Expand Up @@ -26,17 +26,15 @@ let burn_period = 2.0
let sizes = [16; 64; 256; 1024; 8192]
(* let sizes = [16] *)

let big_b = Bytes.create List.(hd (rev sizes))

let burn f n =
let cs = Cstruct.of_string (Mirage_crypto_rng.generate n) in
let buf = Mirage_crypto_rng.generate n in
let (t1, i1) =
let rec loop it =
let t = Time.time ~n:it f cs in
let t = Time.time ~n:it f buf in
if t > 0.2 then (t, it) else loop (it * 10) in
loop 10 in
let iters = int_of_float (float i1 *. burn_period /. t1) in
let time = Time.time ~n:iters f cs in
let time = Time.time ~n:iters f buf in
(iters, time, float (n * iters) /. time)

let mb = 1024. *. 1024.
Expand Down Expand Up @@ -67,13 +65,7 @@ let count title f to_str args =
Printf.printf " %s: %.03f ops per second (%d iters in %.03f)\n%!"
(to_str arg) (float iters /. time) iters time

let msg =
let b = Cstruct.create 100 in
Cstruct.memset b 0xAA;
b

let msg_str =
Cstruct.to_string msg
let msg_str = String.make 100 '\xAA'

let msg_str_32 = String.sub msg_str 0 32
let msg_str_48 = String.sub msg_str 0 48
Expand Down Expand Up @@ -357,62 +349,63 @@ let benchmarks = [
fst ecdh_shares);

bm "chacha20-poly1305" (fun name ->
let key = Mirage_crypto.Chacha20.of_secret (Cstruct.of_string (Mirage_crypto_rng.generate 32))
and nonce = Cstruct.of_string (Mirage_crypto_rng.generate 8) in
let key = Mirage_crypto.Chacha20.of_secret (Mirage_crypto_rng.generate 32)
and nonce = Mirage_crypto_rng.generate 8 in
throughput name (Mirage_crypto.Chacha20.authenticate_encrypt ~key ~nonce)) ;

bm "aes-128-ecb" (fun name ->
let key = AES.ECB.of_secret (Cstruct.of_string (Mirage_crypto_rng.generate 16)) in
let key = AES.ECB.of_secret (Mirage_crypto_rng.generate 16) in
throughput name (fun cs -> AES.ECB.encrypt ~key cs)) ;

bm "aes-128-cbc-e" (fun name ->
let key = AES.CBC.of_secret (Cstruct.of_string (Mirage_crypto_rng.generate 16))
and iv = Cstruct.of_string (Mirage_crypto_rng.generate 16) in
let key = AES.CBC.of_secret (Mirage_crypto_rng.generate 16)
and iv = Mirage_crypto_rng.generate 16 in
throughput name (fun cs -> AES.CBC.encrypt ~key ~iv cs)) ;

bm "aes-128-cbc-d" (fun name ->
let key = AES.CBC.of_secret (Cstruct.of_string (Mirage_crypto_rng.generate 16))
and iv = Cstruct.of_string (Mirage_crypto_rng.generate 16) in
let key = AES.CBC.of_secret (Mirage_crypto_rng.generate 16)
and iv = Mirage_crypto_rng.generate 16 in
throughput name (fun cs -> AES.CBC.decrypt ~key ~iv cs)) ;

bm "aes-128-ctr" (fun name ->
let key = Mirage_crypto_rng.generate 16 |> Cstruct.of_string |> AES.CTR.of_secret
and ctr = Mirage_crypto_rng.generate 16 |> Cstruct.of_string |> AES.CTR.ctr_of_cstruct in
let key = Mirage_crypto_rng.generate 16 |> AES.CTR.of_secret
and ctr = Mirage_crypto_rng.generate 16 |> AES.CTR.ctr_of_octets in
throughput name (fun cs -> AES.CTR.encrypt ~key ~ctr cs)) ;

bm "aes-128-gcm" (fun name ->
let key = AES.GCM.of_secret (Cstruct.of_string (Mirage_crypto_rng.generate 16))
and nonce = Cstruct.of_string (Mirage_crypto_rng.generate 12) in
let key = AES.GCM.of_secret (Mirage_crypto_rng.generate 16)
and nonce = Mirage_crypto_rng.generate 12 in
throughput name (fun cs -> AES.GCM.authenticate_encrypt ~key ~nonce cs));

bm "aes-128-ghash" (fun name ->
let key = AES.GCM.of_secret (Cstruct.of_string (Mirage_crypto_rng.generate 16))
and nonce = Cstruct.of_string (Mirage_crypto_rng.generate 12) in
throughput name (fun cs -> AES.GCM.authenticate_encrypt ~key ~nonce ~adata:cs Cstruct.empty));
let key = AES.GCM.of_secret (Mirage_crypto_rng.generate 16)
and nonce = Mirage_crypto_rng.generate 12 in
throughput name (fun cs -> AES.GCM.authenticate_encrypt ~key ~nonce ~adata:cs ""));

bm "aes-128-ccm" (fun name ->
let key = AES.CCM16.of_secret (Cstruct.of_string (Mirage_crypto_rng.generate 16))
and nonce = Cstruct.of_string (Mirage_crypto_rng.generate 10) in
let key = AES.CCM16.of_secret (Mirage_crypto_rng.generate 16)
and nonce = Mirage_crypto_rng.generate 10 in
throughput name (fun cs -> AES.CCM16.authenticate_encrypt ~key ~nonce cs));

bm "aes-192-ecb" (fun name ->
let key = AES.ECB.of_secret (Cstruct.of_string (Mirage_crypto_rng.generate 24)) in
let key = AES.ECB.of_secret (Mirage_crypto_rng.generate 24) in
throughput name (fun cs -> AES.ECB.encrypt ~key cs)) ;

bm "aes-256-ecb" (fun name ->
let key = AES.ECB.of_secret (Cstruct.of_string (Mirage_crypto_rng.generate 32)) in
let key = AES.ECB.of_secret (Mirage_crypto_rng.generate 32) in
throughput name (fun cs -> AES.ECB.encrypt ~key cs)) ;

bm "d3des-ecb" (fun name ->
let key = DES.ECB.of_secret (Cstruct.of_string (Mirage_crypto_rng.generate 24)) in
let key = DES.ECB.of_secret (Mirage_crypto_rng.generate 24) in
throughput name (fun cs -> DES.ECB.encrypt ~key cs)) ;

bm "fortuna" (fun name ->
let open Mirage_crypto_rng.Fortuna in
let g = create () in
reseed ~g "abcd" ;
throughput name (fun cs ->
generate_into ~g big_b ~off:0 (Cstruct.length cs))) ;
throughput name (fun buf ->
let buf = Bytes.unsafe_of_string buf in
generate_into ~g buf ~off:0 (Bytes.length buf))) ;
]

let help () =
Expand Down
1 change: 0 additions & 1 deletion mirage-crypto-ec.opam
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,6 @@ depends: [
"eqaf" {>= "0.7"}
"mirage-crypto-rng" {=version}
"digestif" {>= "1.2.0"}
"hex" {with-test}
"alcotest" {with-test & >= "0.8.1"}
"ppx_deriving_yojson" {with-test}
"ppx_deriving" {with-test}
Expand Down
1 change: 1 addition & 0 deletions mirage-crypto-rng-async.opam
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ depends: [
"async" {>= "v0.14"}
"logs"
"mirage-crypto-rng" {=version}
"ohex" {with-test & >= "0.2.0"}
]
available: os != "win32"
description: """
Expand Down
1 change: 1 addition & 0 deletions mirage-crypto-rng-eio.opam
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ depends: [
"duration"
"mtime"
"eio_main" {with-test}
"ohex" {with-test & >= "0.2.0"}
]
description: """
Mirage-crypto-rng-eio feeds the entropy source for Mirage_crypto_rng-based
Expand Down
1 change: 1 addition & 0 deletions mirage-crypto-rng-mirage.opam
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ depends: [
"mirage-unix" {with-test & >= "5.0.0"}
"mirage-time-unix" {with-test & >= "2.0.0"}
"mirage-clock-unix" {with-test & >= "3.0.0"}
"ohex" {with-test & >= "0.2.0"}
]
description: """
Mirage-crypto-rng-mirage provides entropy collection code for the RNG.
Expand Down
1 change: 1 addition & 0 deletions mirage-crypto-rng.opam
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ depends: [
"digestif" {>= "1.1.4"}
"ounit2" {with-test}
"randomconv" {with-test & >= "0.2.0"}
"ohex" {with-test & >= "0.2.0"}
]
conflicts: [ "mirage-runtime" {< "3.8.0"} ]
description: """
Expand Down
2 changes: 1 addition & 1 deletion mirage-crypto.opam
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ depends: [
"dune" {>= "2.7"}
"dune-configurator" {>= "2.0.0"}
"ounit2" {with-test}
"cstruct" {>="6.0.0"}
"ohex" {with-test & >= "0.2.0"}
"eqaf" {>= "0.8"}
]
conflicts: [
Expand Down
6 changes: 3 additions & 3 deletions rng/fortuna.ml
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ let create ?time () =
let k = String.make 32 '\x00' in
{ ctr = (0L, 0L)
; secret = k
; key = AES_CTR.of_secret (Cstruct.of_string k)
; key = AES_CTR.of_secret k
; pools = Array.make pools SHAd256.empty
; pool0_size = 0
; reseed_count = 0
Expand All @@ -54,7 +54,7 @@ let seeded ~g =
(* XXX We might want to erase the old key. *)
let set_key ~g sec =
g.secret <- sec ;
g.key <- AES_CTR.of_secret (Cstruct.of_string sec)
g.key <- AES_CTR.of_secret sec

let reseedi ~g iter =
set_key ~g @@ SHAd256.digesti (fun f -> f g.secret; iter f);
Expand All @@ -67,7 +67,7 @@ let reseed ~g cs = reseedi ~g (iter1 cs)
let generate_rekey ~g buf ~off len =
let b = len // block + 2 in
let n = b * block in
let r = Cstruct.to_string (AES_CTR.stream ~key:g.key ~ctr:g.ctr n) in
let r = AES_CTR.stream ~key:g.key ~ctr:g.ctr n in
Bytes.blit_string r 0 buf off len;
let r2 = String.sub r (n - 32) 32 in
set_key ~g r2 ;
Expand Down
18 changes: 9 additions & 9 deletions src/aead.ml
Original file line number Diff line number Diff line change
@@ -1,13 +1,13 @@
module type AEAD = sig
val tag_size : int
type key
val of_secret : Cstruct.t -> key
val authenticate_encrypt : key:key -> nonce:Cstruct.t -> ?adata:Cstruct.t ->
Cstruct.t -> Cstruct.t
val authenticate_decrypt : key:key -> nonce:Cstruct.t -> ?adata:Cstruct.t ->
Cstruct.t -> Cstruct.t option
val authenticate_encrypt_tag : key:key -> nonce:Cstruct.t ->
?adata:Cstruct.t -> Cstruct.t -> Cstruct.t * Cstruct.t
val authenticate_decrypt_tag : key:key -> nonce:Cstruct.t -> ?adata:Cstruct.t ->
tag:Cstruct.t -> Cstruct.t -> Cstruct.t option
val of_secret : string -> key
val authenticate_encrypt : key:key -> nonce:string -> ?adata:string ->
string -> string
val authenticate_decrypt : key:key -> nonce:string -> ?adata:string ->
string -> string option
val authenticate_encrypt_tag : key:key -> nonce:string -> ?adata:string ->
string -> string * string
val authenticate_decrypt_tag : key:key -> nonce:string -> ?adata:string ->
tag:string -> string -> string option
end
Loading

0 comments on commit cfa9412

Please sign in to comment.