package cryptokit

  1. Overview
  2. Docs

The Block module provides classes that implements popular block ciphers, chaining modes, and wrapping of a block cipher as a general transform or as a hash function. The classes can be composed in a Lego-like fashion, facilitating the integration of new block ciphers, modes, etc.

class type block_cipher = object ... end

Abstract interface for a block cipher.

Deriving transforms and hashes from block ciphers

Wraps a block cipher as a general transform. The transform has input block size and output block size equal to the block size of the block cipher. No padding is performed. Example: new cipher (new cbc_encrypt (new aes_encrypt key)) returns a transform that performs AES encryption in CBC mode.

Wraps a block cipher as a general transform. The transform has input block size and output block size equal to the block size of the block cipher. No padding is performed. Example: new cipher (new cbc_encrypt (new aes_encrypt key)) returns a transform that performs AES encryption in CBC mode.

Like Cryptokit.Block.cipher, but performs padding on the input data as specified by the first argument. The input block size of the returned transform is 1; the output block size is the block size of the block cipher.

class mac : ?iv:string -> ?pad:Padding.scheme -> block_cipher -> hash

Like Cryptokit.Block.cipher, but removes padding on the output data as specified by the first argument. The output block size of the returned transform is 1; the input block size is the block size of the block cipher.

Build a MAC (keyed hash function) from the given block cipher. The block cipher is run in CBC mode, and the MAC value is the final value of the initialization vector. Thus, the hash size of the resulting hash is the block size of the block cipher. The optional argument iv specifies the first initialization vector, with a default of all zeroes. The optional argument pad specifies a padding scheme to be applied to the input data; if not provided, no padding is performed.

Some block ciphers: AES, DES, triple DES, Blowfish

class aes_encrypt : string -> block_cipher

The AES block cipher, in encryption mode. The string argument is the key; its length must be 16, 24 or 32 bytes.

class aes_decrypt : string -> block_cipher

The AES block cipher, in encryption mode. The string argument is the key; its length must be 16, 24 or 32 bytes.

class des_encrypt : string -> block_cipher

The DES block cipher, in encryption mode. The string argument is the key; its length must be 8 bytes.

class des_decrypt : string -> block_cipher

The DES block cipher, in encryption mode. The string argument is the key; its length must be 8 bytes.

The Triple-DES block cipher, in encryption mode. The key argument must have length 16 (two keys) or 24 (three keys).

The Triple-DES block cipher, in encryption mode. The key argument must have length 16 (two keys) or 24 (three keys).

class blowfish_encrypt : string -> block_cipher

The Blowfish block cipher, in encryption mode. The string argument is the key; its length must be between 4 and 56.

class blowfish_decrypt : string -> block_cipher

The Blowfish block cipher, in encryption mode. The string argument is the key; its length must be between 4 and 56.

Chaining modes

class cbc_encrypt : ?iv:string -> block_cipher -> block_cipher

Add Cipher Block Chaining (CBC) to the given block cipher in encryption mode. Each block of input is xor-ed with the previous output block before being encrypted through the given block cipher. The optional iv argument specifies the string to be xor-ed with the first input block, and defaults to all zeroes. The returned block cipher has the same block size as the underlying block cipher.

class cbc_decrypt : ?iv:string -> block_cipher -> block_cipher

Add Cipher Block Chaining (CBC) to the given block cipher in encryption mode. Each block of input is xor-ed with the previous output block before being encrypted through the given block cipher. The optional iv argument specifies the string to be xor-ed with the first input block, and defaults to all zeroes. The returned block cipher has the same block size as the underlying block cipher.

class cfb_encrypt : ?iv:string -> int -> block_cipher -> block_cipher

Add Cipher Feedback Block (CFB) to the given block cipher in encryption mode. The integer argument n is the number of bytes processed at a time; it must lie between 1 and the block size of the underlying cipher, included. The returned block cipher has block size n.

class cfb_decrypt : ?iv:string -> int -> block_cipher -> block_cipher

Add Cipher Feedback Block (CFB) to the given block cipher in encryption mode. The integer argument n is the number of bytes processed at a time; it must lie between 1 and the block size of the underlying cipher, included. The returned block cipher has block size n.

class ofb : ?iv:string -> int -> block_cipher -> block_cipher

Add Cipher Feedback Block (CFB) to the given block cipher in decryption mode. See Cryptokit.Block.cfb_encrypt.

class ctr : ?iv:string -> ?inc:int -> block_cipher -> block_cipher

Add Output Feedback Block (OFB) to the given block cipher. The integer argument n is the number of bytes processed at a time; it must lie between 1 and the block size of the underlying cipher, included. The returned block cipher has block size n. It is usable both for encryption and decryption.

OCaml

Innovation. Community. Security.