Build History for branch/main

changes for 226 230

[ec] Handle K_gen correctly for bitlen mod 8 <> 0 (#230) * [ec] Handle K_gen correctly for bitlen mod 8 <> 0

mirage-crypto-ec: Set bytes used for "zero" to '\000' (#226) Cstruct.create does this. If we don't initialize bytes with '\000', Field_element.zero can be something else than '\000'. It's a fix for mirleft/ocaml-x509#167. Co-authored-by: Hannes Mehnert <hannes@mehnert.org>

mirage-crypto: whitespace change

changes for 221 223 225, also avoid module alias in fortuna

Merge pull request #225 from hannesm/rename mirage-crypto: skip Cipher_block / Cipher_stream module indirection

Use an atomic instead of a reference to be domain-safe (#221) * Random number generator initialisation is domain-safe * Atomic is only available since OCaml 4.12 * set entropy sources via compare_and_set * CI: use 4.12+ only Co-authored-by: Hannes Mehnert <hannes@mehnert.org> Co-authored-by: Reynir Björnsson <reynir@reynir.dk>

mirage-crypto: revise DES to avoid global state in key derivation / key usage (#223) * mirage-crypto: revise DES to avoid global state in key derivation / key usage * mirage-crypto: DES more const, declarations Co-authored-by: Pierre Alain <pierre.alain@tuta.io>

3des test vectors (manually generated by test_random_runner)

Merge pull request #222 from hannesm/fix-mirage RNG: fix some docstrings

further changes (214 215 218 219)

avoid global buffers (#219) * avoid global buffers * rng: safety - ensure generate_into takes a long enough buffer (raise otherwise) * rng: interrupt_hook only one unit argument (@reynir) * remove offset from counters Co-authored-by: Reynir Björnsson <reynir@reynir.dk> Co-authored-by: Calascibetta Romain <romain.calascibetta@gmail.com>

avoid global buffers (#219) * avoid global buffers * rng: safety - ensure generate_into takes a long enough buffer (raise otherwise) * rng: interrupt_hook only one unit argument (@reynir) * remove offset from counters Co-authored-by: Reynir Björnsson <reynir@reynir.dk>

Merge pull request #217 from hannesm/firobe-ec add Firobe to mirage-crypto-ec authors

Merge pull request #218 from hannesm/entropy-sources use a set for entropy sources

remove cstruct from mirage-crypto (#214) Co-authored-by: Reynir Björnsson <reynir@reynir.dk>

use digestif 1.2.0 API (#215) * use digestif 1.2.0 API Co-authored-by: Reynir Björnsson <reynir@reynir.dk>

Merge pull request #213 from hannesm/no-hash remove Hash

further changes entries until 213

mirage-crypto-rng: use string instead of cstruct (#212) * mirage-crypto-rng: use string instead of cstruct * across pk, ec, rng: use digestif instead of Mirage_crypto.Hash * wycheproof: no Mirage_crypto.Hash * rng: provide a generate_into : ?g -> bytes -> ?off:int -> int -> unit and reimplement the generate in terms of generate_into this keeps the allocation at the API boundary if desired Co-authored-by: Reynir Björnsson <reynir@reynir.dk>

mirage-crypto-pk: revise API to not use Cstruct.t (#211) * mirage-crypto-pk: revise API to not use Cstruct.t Co-Authored-By: Reynir Björnsson <reynir@reynir.dk>

mirage-crypto-ec: move API to string (instead of cstruct) (#210) * mirage-crypto-ec: move API to string (instead of cstruct) minor performance gain(s)

changes for 209

Merge pull request #209 from hannesm/no-p224 mirage-crypto-ec: remove NIST P224 support

fill in some changes

Chacha20-Poly1305: use string instead of cstruct (#203) * Chacha20-Poly1305: use string instead of cstruct Performance improvement from 8MB/s to 20MB/s (with 16 byte blocks, on my laptop) Co-Authored-By: Reynir Björnsson <reynir@reynir.dk>

Merge pull request #208 from hannesm/pk-no-sexp mirage-crypto-pk: remove s-expression converters and sexplib0 dependency

mirage-crypto-ec: GNUmakefile - fix p256_tables target

mirage-crypto: CCM bugfix 32 bit with long adata (#207) * Add 32 bit ccm test case * Fix CCM on 32 bit architecture

finalize changes for release

minor tweaks (80 cols)

changes for 194

riscv64: Replace rdcycle64 with rdtime64 when running in userspace (#194) Reviewed-by: Török Edwin <edwintorok@users.noreply.github.com>

update changes

windows/dkml: minor CI adjustments (#198) * pin local opam files * remove mirage-crypto-ec from dkml-windows (test fail, let's not ship it)

Merge pull request #196 from hannesm/ed25519 improvements for 25519

mirage-crypto-ec test: avoid gmp dependency (#200) * test_ec_wycheproof: use let* instead of >>= * mirage-crypto-ec tests: avoid mirage-crypto-pk and asn1-combinators dependency

dkml: also trigger on pull requests

Support Microsoft CL.EXE compiler (#137) Support Microsoft CL.EXE compiler

changes for 191

mirage-crypto-ec: Use windowed algorithm for base scalar mult on NIST P-curves (#191) * [ec] Use windowed algorithm for base scalar mult Using a sliding window method with pre-computed values of multiples of the generator point, obtain far more efficient performance for the special case where G = P in the scalar multiplication kP. By using a safe selection algorithm for pre-computed values and no branches in the main loop, the algorithm leaks no less information about its inputs than the current Montgomery ladder. * [ec] Rewrite scalar_mult_base in C For performance. This implies the need to get generator points from C as well. The pre-computed tables are stored in static memory, and computed lazily. * Generate pre-tables AOT and hardcode them * Separate 64/32 tables * Add 32-bit tables

update CHANGES

README: add code from BoringSSL paragraph

Merge pull request #195 from hannesm/warn-k-ec mirage-crypto-ec: warn about power/timing analysis on k in sign

Replace the internal usage of Cstruct.t by string (#146) Originally, we used Cstruct.t (bigarray) for interfacing. Instead, we use string now. The benefit is that allocating a string is cheap, and in line with OCaml's GC. After some years of stalling, we included benchmarks in bench/speed.ml fot the EC operations in #192 (sign, verify, generate for EC/EdDSA; and ECDH). The result for thi change is a factor between 2 and 2.5. The external API (mirage_crypto_ec.mli) does not change at all. There are various other cleanups in the code, such as providing a layer to isolate the C calls (which receive a bytes buffer for the result value, and thus mutate this buffer) to be immutable. Co-authored-by: Pierre Alain <pierre.alain@tuta.io> Co-authored-by: Hannes Mehnert <hannes@mehnert.org> Co-authored-by: Reynir Björnsson <reynir@reynir.dk> Reviewed-by: Virgile Robles <virgile.robles@protonmail.ch> Reviewed-by: Pierre Alain <pierre.alain@tuta.io>

add EC to bench/speed (#192) * add ECDSA to bench/speed * ecdsa-generate * remaining ec bench * minimize diff * DRY * mirage-crypto: conflict with result < 1.5 (since that redefines Result module, and we don't get Result.get_ok)

test-mirage: bump version

fix typo in changes

changes entry for 190

Merge pull request #190 from fangyaling/main Add support for Loongarch

changes so far

Allocate less in Fortuna (#188) * Fortuna.add: don't allocate a 2 byte cstruct on each call Instead, use a temporary buffer. Contradicts #186 * minor fix

Merge pull request #189 from drchrispinnock/chrispinnock@netbsd Add NetBSD to the list of BSD OS in define

opam: fix typo