diff options
-rw-r--r-- | README.md | 2 | ||||
-rw-r--r-- | ffi/bindings/monocypher_bindings.ml | 12 | ||||
-rw-r--r-- | guix.scm | 34 | ||||
-rw-r--r-- | lib/monocypher.ml | 39 | ||||
-rw-r--r-- | lib/monocypher.mli | 40 | ||||
-rw-r--r-- | test/dune | 2 | ||||
-rw-r--r-- | test/monocypher.ml | 188 |
7 files changed, 294 insertions, 23 deletions
@@ -4,6 +4,8 @@ ocaml-monocypher provides OCaml bindings to the [Monocypher](https://monocypher. Bindings are created using the [Ctypes](https://github.com/ocamllabs/ocaml-ctypes) library. Using dune to build a Ctypes project requires a bit of ceremony (well actually quite a lot - see [this issue](https://github.com/ocaml/dune/issues/135)). The boilerplate to make Ctypes and dune play nice has been taken from [ocaml-yaml](https://github.com/avsm/ocaml-yaml). +Currently only a small sub-set of Monocypher functions are available in the OCaml library (Blake2b, IETF ChaCha20 and Ed25519). Contributions to add bindings to the other Monocypher functions are very welcome! + # Why ocaml-monocypher? Monocypher provides "Boring crypto that simply works". In particular it provides primitives required for [DROMEDAR](https://gitlab.com/public.dream/dromedar/dromedar): diff --git a/ffi/bindings/monocypher_bindings.ml b/ffi/bindings/monocypher_bindings.ml index c1dc472..374b62b 100644 --- a/ffi/bindings/monocypher_bindings.ml +++ b/ffi/bindings/monocypher_bindings.ml @@ -14,4 +14,16 @@ module M(F: Ctypes.FOREIGN) = struct let crypto_ietf_chacha20_ctr = foreign "crypto_ietf_chacha20_ctr" C.(ptr char @-> string @-> size_t @-> string @-> string @-> uint32_t @-> returning uint32_t) + + let crypto_ed25519_public_key = + foreign "crypto_ed25519_public_key" + C.(ptr char @-> string @-> returning void) + + let crypto_ed25519_sign = + foreign "crypto_ed25519_sign" + C.(ptr char @-> string @-> string @-> string @-> size_t @-> returning void) + + let crypto_ed25519_check = + foreign "crypto_ed25519_check" + C.(string @-> string @-> string @-> size_t @-> returning int) end @@ -8,22 +8,22 @@ (define-public ocaml-monocypher (package - (name "ocaml-monocypher") - (version "0.0.0") - (source #f) - (build-system dune-build-system) - (arguments '()) - (propagated-inputs - `(("ocaml-integers" ,ocaml-integers) - ("ocaml-ctypes" ,ocaml-ctypes))) - (native-inputs - `(("merlin" ,ocaml-merlin) - ("dot-merlin-reader" ,ocaml-dot-merlin-reader) - ("ocp-indent" ,ocaml-ocp-indent) - ("alcotest" ,ocaml-alcotest))) - (home-page "https://gitlab.com/public.dream/DROMEDAR/ocaml-monocypher") - (synopsis "OCaml bindings to the Monocypher cryptographic library") - (description "sdfsdf") - (license license:agpl3+))) + (name "ocaml-monocypher") + (version "0.0.0") + (source #f) + (build-system dune-build-system) + (arguments '()) + (propagated-inputs + `(("ocaml-integers" ,ocaml-integers) + ("ocaml-ctypes" ,ocaml-ctypes))) + (native-inputs + `(("alcotest" ,ocaml-alcotest))) + (home-page "https://gitlab.com/public.dream/DROMEDAR/ocaml-monocypher") + (synopsis "OCaml bindings to the Monocypher cryptographic library") + (description "Monocypher is a cryptographic library. It provides functions +for authenticated encryption, hashing, password hashing and key derivation, key +exchange, and public key signatures. This library provides OCaml bindings to +Monocypher using Ctypes.") + (license license:agpl3+))) ocaml-monocypher diff --git a/lib/monocypher.ml b/lib/monocypher.ml index b3efdd3..cf22527 100644 --- a/lib/monocypher.ml +++ b/lib/monocypher.ml @@ -44,3 +44,42 @@ module Advanced = struct string_from_ptr cipher_ptr ~length:msg_size end end + +module Optional = struct + module Ed25519 = struct + + let public_key ~secret_key = + let public_key_ptr = allocate_n char ~count:32 in + assert (String.length secret_key = 32); + M.crypto_ed25519_public_key + public_key_ptr + secret_key; + string_from_ptr public_key_ptr ~length:32 + + let sign ~secret_key ?(public_key=public_key ~secret_key) message = + let signature_ptr = allocate_n char ~count:64 in + assert (String.length secret_key = 32); + assert (String.length public_key = 32); + M.crypto_ed25519_sign + signature_ptr + secret_key + public_key + message + (Unsigned.Size_t.of_int @@ String.length message); + string_from_ptr signature_ptr ~length:64 + + let check ~signature ~public_key message = + assert (String.length signature = 64); + assert (String.length public_key = 32); + let result = M.crypto_ed25519_check + signature + public_key + message + (Unsigned.Size_t.of_int @@ String.length message) in + if result = 0 then + true + else + false + + end +end diff --git a/lib/monocypher.mli b/lib/monocypher.mli index 5dd6ee1..98a0c99 100644 --- a/lib/monocypher.mli +++ b/lib/monocypher.mli @@ -5,22 +5,56 @@ * SPDX-License-Identifier: AGPL-3.0-or-later *) +(** ocaml-monocypher + + ocaml-monocypher provides OCaml bindings to the + [Monocypher](https://monocypher.org/) cryptographic library. + + See also the [Monocypher manual](https://monocypher.org/manual/). +*) module Hashing : sig module Blake2b : sig (** BLAKE2b is a fast cryptographically secure hash, based on the ideas of Chacha20. It is faster than MD5, yet just as secure as SHA-3. *) - (** [digest ~key ~size msg] return the Blake2b hash of [msg] of size [size] bytes (defaults to 64). If [key] is not specified no key is used.*) val digest : ?key:string -> ?size:int -> string -> string + (** [digest ~key ~size msg] return the Blake2b hash of [msg] of size [size] + bytes (defaults to 64). If [key] is not specified no key is used.*) end end module Advanced : sig module IETF_ChaCha20 : sig - (** These functions provide an interface for the Chacha20 encryption primitive as specified by the IETF in RFC 8439. *) + (** These functions provide an interface for the Chacha20 encryption + primitive as specified by the IETF in RFC 8439. *) - (** [crypt ~key ~nonce ~ctr data] returns the XOR of the IETF ChaCha20 applied to [data] using key [key] (32-byte) nonce [nonce] (12-byte). Counter [ctr] (defaults to 0) may be used to specify position in ChaCha20 stream.*) val crypt : key:string -> nonce:string -> ?ctr:int -> string -> string + (** [crypt ~key ~nonce ~ctr data] returns the XOR of the IETF ChaCha20 + applied to [data] using key [key] (32-byte) nonce [nonce] (12-byte). Counter + [ctr] (defaults to 0) may be used to specify position in ChaCha20 stream.*) + end +end + +module Optional : sig + module Ed25519 : sig + (** Ed25519 public key signatures and verification with SHA-512 as the + underlying hash function; they are interoperable with other Ed25519 + implementations. *) + + val public_key : secret_key:string -> string + (** [public_key ~secret_key] returns the public key of the specifed secret key.*) + + val sign: secret_key:string -> ?public_key:string -> string -> string + (** [sign ~secret_key ~public_key ~message] returns the Ed25519 + cryptographic signature of [message] using [secret_key]. If [public_key] is + not given it is recomputed, doubling the execution time. *) + + val check: signature:string -> public_key:string -> string -> bool + (** [check ~signature ~public_key ~message] checks that [signature] of + [message] is genuine for the secret key of [public_key]. + + WARNING: This function does NOT run in constant time. See the Monocypher + manual for more information. *) end end @@ -1,3 +1,3 @@ (test (name monocypher) - (libraries monocypher ctypes.foreign)) + (libraries monocypher alcotest)) diff --git a/test/monocypher.ml b/test/monocypher.ml index 7aeea48..07db6d0 100644 --- a/test/monocypher.ml +++ b/test/monocypher.ml @@ -1,3 +1,187 @@ + +let of_hex s = + assert (String.length s mod 2 = 0); + let n = String.length s / 2 in + let r = Bytes.create n in + for i = 0 to pred n do + Bytes.set r i @@ Char.chr @@ int_of_string ("0x" ^ String.sub s (i*2) 2) + done; + Bytes.to_string r + +let hex_char x = + assert (x >= 0 && x < 16); + if x <= 9 then Char.chr @@ Char.code '0' + x + else Char.chr @@ Char.code 'a' + x - 10 + +let to_hex s = + let r = Bytes.create (String.length s * 2) in + for i = 0 to String.length s - 1 do + Bytes.set r (i*2) @@ hex_char @@ Char.code s.[i] lsr 4; + Bytes.set r (i*2+1) @@ hex_char @@ Char.code s.[i] land 0b1111; + done; + Bytes.to_string r + +let pp_hex ppf s = + Format.fprintf ppf "%s" (to_hex s) + +let hex_testable = + Alcotest.testable + pp_hex + String.equal + +module Optional = struct + module Ed25519 = struct + + (* This test uses the test vectors as published in [RFC + 8032](https://datatracker.ietf.org/doc/html/rfc8032#section-7.1). *) + + type test_vector = { + name: string; + secret_key: string; + public_key: string; + message: string; + signature: string; + } + + let test1 = { + name = "TEST 1"; + secret_key = of_hex + "9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60"; + public_key = of_hex + "d75a980182b10ab7d54bfed3c964073a0ee172f3daa62325af021a68f707511a"; + message = ""; + signature = of_hex + "e5564300c360ac729086e2cc806e828a84877f1eb8e5d974d873e065224901555fb8821590a33bacc61e39701cf9b46bd25bf5f0595bbe24655141438e7a100b"; + } + + let test2 = { + name = "TEST 2"; + secret_key = of_hex + "4ccd089b28ff96da9db6c346ec114e0f5b8a319f35aba624da8cf6ed4fb8a6fb"; + public_key = of_hex + "3d4017c3e843895a92b70aa74d1b7ebc9c982ccf2ec4968cc0cd55f12af4660c"; + message = of_hex "72"; + signature = of_hex + "92a009a9f0d4cab8720e820b5f642540a2b27b5416503f8fb3762223ebdb69da085ac1e43e15996e458f3613d0f11d8c387b2eaeb4302aeeb00d291612bb0c00" + } + + let test3 = { + name = "TEST 3"; + secret_key = of_hex + "c5aa8df43f9f837bedb7442f31dcb7b166d38535076f094b85ce3a2e0b4458f7"; + public_key = of_hex + "fc51cd8e6218a1a38da47ed00230f0580816ed13ba3303ac5deb911548908025"; + message = of_hex + "af82"; + signature = of_hex + "6291d657deec24024827e69c3abe01a30ce548a284743a445e3680d7db5ac3ac18ff9b538d16f290ae67f760984dc6594a7c15e9716ed28dc027beceea1ec40a" + } + + let test1024 = { + name = "TEST 1024"; + secret_key = of_hex + "f5e5767cf153319517630f226876b86c8160cc583bc013744c6bf255f5cc0ee5"; + public_key = of_hex + "278117fc144c72340f67d0f2316e8386ceffbf2b2428c9c51fef7c597f1d426e"; + message = + {hex| +08b8b2b733424243760fe426a4b54908 +632110a66c2f6591eabd3345e3e4eb98 +fa6e264bf09efe12ee50f8f54e9f77b1 +e355f6c50544e23fb1433ddf73be84d8 +79de7c0046dc4996d9e773f4bc9efe57 +38829adb26c81b37c93a1b270b20329d +658675fc6ea534e0810a4432826bf58c +941efb65d57a338bbd2e26640f89ffbc +1a858efcb8550ee3a5e1998bd177e93a +7363c344fe6b199ee5d02e82d522c4fe +ba15452f80288a821a579116ec6dad2b +3b310da903401aa62100ab5d1a36553e +06203b33890cc9b832f79ef80560ccb9 +a39ce767967ed628c6ad573cb116dbef +efd75499da96bd68a8a97b928a8bbc10 +3b6621fcde2beca1231d206be6cd9ec7 +aff6f6c94fcd7204ed3455c68c83f4a4 +1da4af2b74ef5c53f1d8ac70bdcb7ed1 +85ce81bd84359d44254d95629e9855a9 +4a7c1958d1f8ada5d0532ed8a5aa3fb2 +d17ba70eb6248e594e1a2297acbbb39d +502f1a8c6eb6f1ce22b3de1a1f40cc24 +554119a831a9aad6079cad88425de6bd +e1a9187ebb6092cf67bf2b13fd65f270 +88d78b7e883c8759d2c4f5c65adb7553 +878ad575f9fad878e80a0c9ba63bcbcc +2732e69485bbc9c90bfbd62481d9089b +eccf80cfe2df16a2cf65bd92dd597b07 +07e0917af48bbb75fed413d238f5555a +7a569d80c3414a8d0859dc65a46128ba +b27af87a71314f318c782b23ebfe808b +82b0ce26401d2e22f04d83d1255dc51a +ddd3b75a2b1ae0784504df543af8969b +e3ea7082ff7fc9888c144da2af58429e +c96031dbcad3dad9af0dcbaaaf268cb8 +fcffead94f3c7ca495e056a9b47acdb7 +51fb73e666c6c655ade8297297d07ad1 +ba5e43f1bca32301651339e22904cc8c +42f58c30c04aafdb038dda0847dd988d +cda6f3bfd15c4b4c4525004aa06eeff8 +ca61783aacec57fb3d1f92b0fe2fd1a8 +5f6724517b65e614ad6808d6f6ee34df +f7310fdc82aebfd904b01e1dc54b2927 +094b2db68d6f903b68401adebf5a7e08 +d78ff4ef5d63653a65040cf9bfd4aca7 +984a74d37145986780fc0b16ac451649 +de6188a7dbdf191f64b5fc5e2ab47b57 +f7f7276cd419c17a3ca8e1b939ae49e4 +88acba6b965610b5480109c8b17b80e1 +b7b750dfc7598d5d5011fd2dcc5600a3 +2ef5b52a1ecc820e308aa342721aac09 +43bf6686b64b2579376504ccc493d97e +6aed3fb0f9cd71a43dd497f01f17c0e2 +cb3797aa2a2f256656168e6c496afc5f +b93246f6b1116398a346f1a641f3b041 +e989f7914f90cc2c7fff357876e506b5 +0d334ba77c225bc307ba537152f3f161 +0e4eafe595f6d9d90d11faa933a15ef1 +369546868a7f3a45a96768d40fd9d034 +12c091c6315cf4fde7cb68606937380d +b2eaaa707b4c4185c32eddcdd306705e +4dc1ffc872eeee475a64dfac86aba41c +0618983f8741c5ef68d3a101e8a3b8ca +c60c905c15fc910840b94c00a0b9d0 +|hex} + |> String.split_on_char '\n' + |> String.concat "" + |> of_hex; + signature = of_hex + "0aab4c900501b3e24d7cdf4663326a3a87df5e4843b2cbdb67cbf6e460fec350aa5371b1508f9f4528ecea23c436d94b5e8fcd4f681e30a6ac00a9704a188a03" + } + + let test_cases = + List.map + (fun test -> + Alcotest.test_case test.name `Quick + (fun () -> + Alcotest.check hex_testable "extract public key from secret key" + (Monocypher.Optional.Ed25519.public_key + ~secret_key:test.secret_key) + test.public_key ; + Alcotest.check hex_testable "sign" + (Monocypher.Optional.Ed25519.sign + ~secret_key:test.secret_key + test.message) + test.signature; + Alcotest.(check bool "check" + (Monocypher.Optional.Ed25519.check + ~signature:test.signature + ~public_key:test.public_key + test.message) + true))) + [test1; test2; test3; test1024] + end +end + let () = - Monocypher.Hashing.Blake2b.digest ~size:32 "Hello World!" - |> print_endline + Alcotest.run "Monocypher" [ + "Ed25519", Optional.Ed25519.test_cases + ] |