Module Bytesrw_crypto

Cryptographic primitives and streams (via conf-mbedtls)

Note. The initialisation code of this module calls Psa.crypto_init and raises a Panic exception if a problem occurs. Your program cannot catch this raise but it should probably not run when that happens.

Primitive availability. The available cryptographic primitives are provided by a PSA Crypto API implementation. Not all algorithms mentioned in the specification are necessarily available. For now this binds the TF-PSA-Crypto implementation of Mbed TLS. However the binding code should be usable with any implementation of the API.

Errors

exception Panic of string

Except for the low-level Psa module, any function from this module may raise this exception. It is not meant to be handled, let it flow at the toplevel to print it and abort your program or server request. Panics occur for two reasons:

  • Systemic reasons. Something is really wrong in the system. For example there is a lack of entropy.
  • Programming errors made by users of the high level interface. These programming error may trigger Psa.Error.bad_state in the low-level Psa implementation. For example using Hash.value twice on a state. These errors are the moral equivalent of raising Invalid_argument but not converted as such because Psa.Error.bad_state is not one-to-one with such conditions.
type Bytesrw.Bytes.Stream.error +=
  1. | Error of string

The type for crypto streams errors.

Readers and writers using cryptographic primitives may raise Bytes.Bytes.Stream.Error with this error.

Preliminaries

type uint8 = int

The type for unsigned 8-bit integers.

type uint16 = int

The type for unsigned 16-bit integers.

type uint32 = int32

The type for unsigned 32-bit integers.

type bigbytes = (int, Stdlib.Bigarray.int8_unsigned_elt, Stdlib.Bigarray.c_layout) Stdlib.Bigarray.Array1.t

The type bigarrays of bytes.

module Bigbytes : sig ... end

Bigbytes operations.

module Clear : sig ... end

Zeroing mutable bytes.

module Verify : sig ... end

Constant time byte equality checking.

Cryptography

Hashes

module Hash : sig ... end

Generic and dedicated message digests (hashes).

module Sha_256 : Hash.T

SHA-256 hashes.

module Sha_512 : Hash.T

SHA-512 hashes.

Randomness

module Random : sig ... end

Cryptographically secure pseudorandom byte streams.

Low-level cryptography

This is a low-level interface. If the service can be found in the high-level interface, favour it.

module Psa : sig ... end

Thin bindings to PSA Crypto API.