Mavryk_crypto.Crypto_box
Mavryk - X25519/XSalsa20-Poly1305 cryptography
val zero_nonce : nonce
val random_nonce : unit -> nonce
val generate_nonces :
incoming:bool ->
sent_msg:Stdlib.Bytes.t ->
recv_msg:Stdlib.Bytes.t ->
nonce * nonce
generate_nonces ~incoming ~sent_msg ~recv_msg
generates two nonces by hashing (Blake2B) the arguments. The nonces should be used to initialize the encryption on the communication channels. Because an attacker cannot control both messages, it cannot determine the nonces that will be used to encrypt the messages. The sent message should contains a random nonce, and we should never send the exact same message twice.
module Secretbox : sig ... end
val default_pow_target : pow_target
val make_pow_target : float -> pow_target
module Public_key_hash : sig ... end
val hash : public_key -> Public_key_hash.t
val random_keypair : unit -> secret_key * public_key * Public_key_hash.t
Generates both a secret key and its corresponding public key, along with a hash of the public key.
val precompute : secret_key -> public_key -> channel_key
precompute pk sk
computes a channel key from the sender's sk
and the recipient's pk
.
val fast_box : channel_key -> nonce -> Stdlib.Bytes.t -> Stdlib.Bytes.t
fast_box k nonce msg
authenticates and encrypts msg
and returns both the message authentication tag and the ciphertext. For this reason, the returned buffer will be tagbytes
longer than msg
.
val fast_box_open :
channel_key ->
nonce ->
Stdlib.Bytes.t ->
Stdlib.Bytes.t option
fast_box_open k nonce cmsg
attempts to verify and decrypt cmsg
and if successful returns the plaintext. As above, the returned buffer will be tagbytes
shorter than cmsg
.
val fast_box_noalloc :
channel_key ->
nonce ->
Stdlib.Bytes.t ->
Stdlib.Bytes.t ->
unit
fast_box_noalloc k nonce tag buf
authenticates and encrypts in-place the contents of buf
using k
and nonce
and writes the message authentication tag in tag
.
val fast_box_open_noalloc :
channel_key ->
nonce ->
Stdlib.Bytes.t ->
Stdlib.Bytes.t ->
bool
fast_box_open_noalloc k nonce tag buf
attempts to verify and decrypt the contents of buf
in-place using k
, nonce
, and tag
and returns true if successful.
val check_proof_of_work : public_key -> nonce -> pow_target -> bool
check_proof_of_work pk pow target
returns true if pow
is proof of work following target
for the public key pk
.
val generate_proof_of_work :
?yield_every:int ->
?max:int ->
public_key ->
pow_target ->
nonce Lwt.t
generate_proof_of_work pk pow_target
generates a proof of work for the public key pk
following the pow_target
.
The parameter yield_every
(defaults to 500
) inserts a cooperation point (Lwt.pause ()
) every so many attempts. This allows other promises to make progress towards resolution. It also allows Unix signals to be processed so that, say, Ctrl+C can be effective.
The parameter max
(not set by default) sets a maximum number of attempts to be made before giving up. When max
number of attempts have been made and no pow has been found, the exception Not_found
is raised.
val generate_proof_of_work_with_target_0 : public_key -> nonce
val public_key_to_bytes : public_key -> Stdlib.Bytes.t
val public_key_of_bytes : Stdlib.Bytes.t -> public_key
val public_key_encoding : public_key Data_encoding.t
val secret_key_encoding : secret_key Data_encoding.t
val nonce_encoding : nonce Data_encoding.t
val neuterize : secret_key -> public_key
neuterize sk
generates the corresponding public key of sk
val equal : public_key -> public_key -> bool
equal a b
tests keys for equality
val pp_pk : Stdlib.Format.formatter -> public_key -> unit