package cryptokit

  1. Overview
  2. Docs

The Block module provides classes that implements popular block ciphers, chaining modes, and wrapping of a block cipher as a general transform or as a hash function. The classes can be composed in a Lego-like fashion, facilitating the integration of new block ciphers, modes, etc.

class type block_cipher = object ... end

Abstract interface for a block cipher.

Deriving transforms and hashes from block ciphers

Wraps a block cipher as a general transform. The transform has input block size and output block size equal to the block size of the block cipher. No padding is performed. Example: new cipher (new cbc_encrypt (new aes_encrypt key)) returns a transform that performs AES encryption in CBC mode.

Like Cryptokit.Block.cipher, but performs padding on the input data as specified by the first argument. The input block size of the returned transform is 1; the output block size is the block size of the block cipher.

Like Cryptokit.Block.cipher, but removes padding on the output data as specified by the first argument. The output block size of the returned transform is 1; the input block size is the block size of the block cipher.

class mac : ?iv:string -> ?pad:Padding.scheme -> block_cipher -> hash

Build a MAC (keyed hash function) from the given block cipher. The block cipher is run in CBC mode, and the MAC value is the final value of the initialization vector. Thus, the hash size of the resulting hash is the block size of the block cipher. The optional argument iv specifies the first initialization vector, with a default of all zeroes. The optional argument pad specifies a padding scheme to be applied to the input data; if not provided, no padding is performed.

Build a MAC (keyed hash function) from the given block ciphers c1, c2 and c3. The input is run through c1 in CBC mode, as described for Cryptokit.Block.mac. The final initialization vector is then super-enciphered by c2, then by c3, to provide the final MAC. This construction results in a MAC that is as nearly as fast as Cryptokit.Block.mac c1, but more resistant against brute-force key search because of the additional final encryption through c2 and c3.

Some block ciphers: AES, DES, triple DES, Blowfish

class aes_encrypt : string -> block_cipher

The AES block cipher, in encryption mode. The string argument is the key; its length must be 16, 24 or 32 bytes.

class aes_decrypt : string -> block_cipher

The AES block cipher, in decryption mode.

class des_encrypt : string -> block_cipher

The DES block cipher, in encryption mode. The string argument is the key; its length must be 8 bytes.

class des_decrypt : string -> block_cipher

The DES block cipher, in decryption mode.

The Triple-DES block cipher, in encryption mode. The key argument must have length 16 (two keys) or 24 (three keys).

The Triple-DES block cipher, in decryption mode.

class blowfish_encrypt : string -> block_cipher

The Blowfish block cipher, in encryption mode. The string argument is the key; its length must be between 4 and 56.

class blowfish_decrypt : string -> block_cipher

The Blowfish block cipher, in decryption mode.

Chaining modes

class cbc_encrypt : ?iv:string -> block_cipher -> block_cipher

Add Cipher Block Chaining (CBC) to the given block cipher in encryption mode. Each block of input is xor-ed with the previous output block before being encrypted through the given block cipher. The optional iv argument specifies the string to be xor-ed with the first input block, and defaults to all zeroes. The returned block cipher has the same block size as the underlying block cipher.

class cbc_decrypt : ?iv:string -> block_cipher -> block_cipher

Add Cipher Block Chaining (CBC) to the given block cipher in decryption mode. This works like Cryptokit.Block.cbc_encrypt, except that input blocks are first decrypted by the block cipher before being xor-ed with the previous input block.

class cfb_encrypt : ?iv:string -> int -> block_cipher -> block_cipher

Add Cipher Feedback Block (CFB) to the given block cipher in encryption mode. The integer argument n is the number of bytes processed at a time; it must lie between 1 and the block size of the underlying cipher, included. The returned block cipher has block size n.

class cfb_decrypt : ?iv:string -> int -> block_cipher -> block_cipher

Add Cipher Feedback Block (CFB) to the given block cipher in decryption mode. See Cryptokit.Block.cfb_encrypt.

class ofb : ?iv:string -> int -> block_cipher -> block_cipher

Add Output Feedback Block (OFB) to the given block cipher. The integer argument n is the number of bytes processed at a time; it must lie between 1 and the block size of the underlying cipher, included. The returned block cipher has block size n. It is usable both for encryption and decryption.

class ctr : ?iv:string -> ?inc:int -> block_cipher -> block_cipher

Add Counter mode to the given block cipher. Viewing the IV as a blocksize-byte integer in big-endian representation, the blocks IV, IV+1, IV+2, ... are encrypted using the given block cipher, and the result is xor-ed with the input blocks to produce the output blocks. The additions IV+n are performed modulo 2 to the 8 * inc power. In other words, only the low inc bytes of the IV are subject to incrementation; the high blocksize - inc bytes are unaffected. inc defaults to blocksize. The returned block cipher has the same block size as the underlying block cipher, and is usable both for encryption and decryption.