Module Make.Crypto

Core cryptographic primitives like SHA-256.

type t = t

The type that will be used to represent contiguous bytes; typically either Bytes.t or Cstruct.t

type aes_encrypted = {
ciphertext : t;
tag : t;
}

Encrypted AES data

type aes_decrypted = {
plaintext : t;
valid : bool;
}

Decrypted AES data

val random12Bytes : t -> t

random12Bytes id creates a 12-byte random buffer with id providing a random generation hint.

id will be ignored for a true random number generator. But id may be used for mock random number generators or pseudo random generators to provide repeatability.

raises Crypto_failure

for a failure to generate random numbers

val random32Bytes : t -> t

random32Bytes id creates a 32-byte random buffer with id providing a random generation hint.

id will be ignored for a true random number generator. But id may be used for mock random number generators or pseudo random generators to provide repeatability.

raises Crypto_failure

for a failure to generate random numbers

val xDH25519 : t -> t -> t

xDH25519 scalar base, commonly known as X25519, creates a public key or shared secret using the product of the private key scalar and the base point or public key base on an elliptic curve.

parameter scalar

Private key in a 32-byte buffer

parameter base

Base point (or public key)

returns

Public key (or shared secret if base was a public key) in a 32-byte buffer

raises Crypto_failure

when the private key or base point are not both 32 bytes long

val xAESGCMEncrypt : t -> t -> t -> t -> aes_encrypted

xAESGCMEncrypt k iv m aad encrypts the message m with the symmetric key k and an initialization vector iv and any additional authenticated data aad using the AES-GCM algorithm.

raises Crypto_failure

when the symmetric key is not a correct length for AES or when the initialization vector is not a correct length for AES-GCM

val xAESGCMDecrypt : t -> t -> aes_encrypted -> t -> aes_decrypted

xAESGCMDecrypt k iv m aad decrypts the message m with the symmetric key k and an initialization vector iv and any additional authenticated data aad using the AES-GCM algorithm.

Check the validity of the result by looking at the returned aes_decrypted.valid.

raises Crypto_failure

when the symmetric key is not a correct length for AES or when the initialization vector is not a correct length for AES-GCM

val xSHA256 : t -> t

xSHA256 m constructs the SHA-256 hexadecimal digest of message m.

Be aware that this function gives the ASCII bytes of the hexdump of the SHA-256 digest, not the raw SHA-256 digest bytes. The bytes look like the output of the first column from the UNIX program "sha256sum".

val xSHA512 : t -> t

xSHA512 m constructs the SHA-512 hexadecimal digest of message m.

Be aware that this function gives the ASCII bytes of the hexdump of the SHA-512 digest, not the raw SHA-512 digest bytes. The bytes look like the output of the first column from the UNIX program "sha512sum".

val xHMACSHA256 : t -> t -> t

xHMACSHA256 k m constructs the authentication code for message m under the secret key k using standard HMAC construction over SHA-256, commonly known as the HMAC-SHA-256 algorithm.

module ED25519 : Dirsp_proscript.PROSCRIPT_CRYPTO_ED25519 with type t = t