package mirage-crypto

You can search for identifiers within the package.

in-package search v0.2.0

mirage-crypto
- Mirage_crypto
  - AEAD
  - Chacha20
  - Cipher_block
    
    AES
    
    CBC
    
    CCM16
    
    CTR
    
    ECB
    
    GCM
    
    DES
    
    CBC
    
    CTR
    
    ECB
    
    S
    
    CBC
    
    CCM16
    
    CTR
    
    ECB
    
    GCM
  - Cipher_stream
    
    ARC4
    
    S
  - Hash
    
    MD5
    
    S
    
    SHA1
    
    SHA224
    
    SHA256
    
    SHA384
    
    SHA512
  - Poly1305

Legend:
Library
Module
Module type
Parameter
Class
Class type

The ChaCha20 cipher proposed by D.J. Bernstein.

include AEAD

val tag_size : int

The size of the authentication tag.

type key

The abstract type for the key.

val of_secret : Cstruct.t -> key

of_secret secret constructs the encryption key corresponding to secret.

raises Invalid_argument
if the length of secret is not a valid key size.

Authenticated encryption and decryption with inline tag

val authenticate_encrypt : 
  key:key ->
  nonce:Cstruct.t ->
  ?adata:Cstruct.t ->
  Cstruct.t ->
  Cstruct.t

authenticate_encrypt ~key ~nonce ~adata msg encrypts msg with key and nonce, and appends an authentication tag computed over the encrypted msg, using key, nonce, and adata.

raises Invalid_argument
if nonce is not of the right size.

val authenticate_decrypt : 
  key:key ->
  nonce:Cstruct.t ->
  ?adata:Cstruct.t ->
  Cstruct.t ->
  Cstruct.t option

authenticate_decrypt ~key ~nonce ~adata msg splits msg into encrypted data and authentication tag, computes the authentication tag using key, nonce, and adata, and decrypts the encrypted data. If the authentication tags match, the decrypted data is returned.

raises Invalid_argument
if nonce is not of the right size.

Authenticated encryption and decryption with tag provided separately

val authenticate_encrypt_tag : 
  key:key ->
  nonce:Cstruct.t ->
  ?adata:Cstruct.t ->
  Cstruct.t ->
  Cstruct.t * Cstruct.t

authenticate_encrypt_tag ~key ~nonce ~adata msg encrypts msg with key and nonce. The computed authentication tag is returned separately as second part of the tuple.

raises Invalid_argument
if nonce is not of the right size.

val authenticate_decrypt_tag : 
  key:key ->
  nonce:Cstruct.t ->
  ?adata:Cstruct.t ->
  tag:Cstruct.t ->
  Cstruct.t ->
  Cstruct.t option

authenticate_decrypt ~key ~nonce ~adata ~tag msg computes the authentication tag using key, nonce, and adata, and decrypts the encrypted data. If the authentication tags match, the decrypted data is returned.

raises Invalid_argument
if nonce is not of the right size.

val crypt : key:key -> nonce:Cstruct.t -> ?ctr:int64 -> Cstruct.t -> Cstruct.t

crypt ~key ~nonce ~ctr data generates a ChaCha20 key stream using the key, and nonce. The ctr defaults to 0. The generated key stream is of the same length as data, and the output is the XOR of the key stream and data. This implements, depending on the size of the nonce (8 or 12 bytes) both the original specification (where the counter is 8 byte, same as the nonce) and the IETF RFC 8439 specification (where nonce is 12 bytes, and counter 4 bytes).

raises Invalid_argument
if invalid parameters are provided. Valid parameters are: key must be 32 bytes and nonce 12 bytes for the IETF mode (and counter fit into 32 bits), or key must be either 16 bytes or 32 bytes and nonce 8 bytes.