package cryptokit
Library
Module
Module type
Parameter
Class
Class type
The Block
module provides classes that implements popular block ciphers, chaining modes, and wrapping of a block cipher as a general transform or as a hash function. The classes can be composed in a Lego-like fashion, facilitating the integration of new block ciphers, modes, etc.
class type block_cipher = object ... end
Abstract interface for a block cipher.
Deriving transforms and hashes from block ciphers
class cipher : block_cipher -> transform
Wraps a block cipher as a general transform. The transform has input block size and output block size equal to the block size of the block cipher. No padding is performed. Example: new cipher (new cbc_encrypt (new aes_encrypt key))
returns a transform that performs AES encryption in CBC mode.
class cipher_padded_encrypt : Padding.scheme -> block_cipher -> transform
Wraps a block cipher as a general transform. The transform has input block size and output block size equal to the block size of the block cipher. No padding is performed. Example: new cipher (new cbc_encrypt (new aes_encrypt key))
returns a transform that performs AES encryption in CBC mode.
class cipher_padded_decrypt : Padding.scheme -> block_cipher -> transform
Like Cryptokit.Block.cipher
, but performs padding on the input data as specified by the first argument. The input block size of the returned transform is 1; the output block size is the block size of the block cipher.
class mac : ?iv:string -> ?pad:Padding.scheme -> block_cipher -> hash
Like Cryptokit.Block.cipher
, but removes padding on the output data as specified by the first argument. The output block size of the returned transform is 1; the input block size is the block size of the block cipher.
class mac_final_triple : ?iv:string -> ?pad:Padding.scheme -> block_cipher -> block_cipher ->
block_cipher -> hash
Build a MAC (keyed hash function) from the given block cipher. The block cipher is run in CBC mode, and the MAC value is the final value of the initialization vector. Thus, the hash size of the resulting hash is the block size of the block cipher. The optional argument iv
specifies the first initialization vector, with a default of all zeroes. The optional argument pad
specifies a padding scheme to be applied to the input data; if not provided, no padding is performed.
Some block ciphers: AES, DES, triple DES, Blowfish
class aes_encrypt : string -> block_cipher
The AES block cipher, in encryption mode. The string argument is the key; its length must be 16, 24 or 32 bytes.
class aes_decrypt : string -> block_cipher
The AES block cipher, in encryption mode. The string argument is the key; its length must be 16, 24 or 32 bytes.
class des_encrypt : string -> block_cipher
The DES block cipher, in encryption mode. The string argument is the key; its length must be 8 bytes.
class des_decrypt : string -> block_cipher
The DES block cipher, in encryption mode. The string argument is the key; its length must be 8 bytes.
class triple_des_encrypt : string -> block_cipher
The Triple-DES block cipher, in encryption mode. The key argument must have length 16 (two keys) or 24 (three keys).
class triple_des_decrypt : string -> block_cipher
The Triple-DES block cipher, in encryption mode. The key argument must have length 16 (two keys) or 24 (three keys).
class blowfish_encrypt : string -> block_cipher
The Blowfish block cipher, in encryption mode. The string argument is the key; its length must be between 4 and 56.
class blowfish_decrypt : string -> block_cipher
The Blowfish block cipher, in encryption mode. The string argument is the key; its length must be between 4 and 56.
Chaining modes
class cbc_encrypt : ?iv:string -> block_cipher -> block_cipher
Add Cipher Block Chaining (CBC) to the given block cipher in encryption mode. Each block of input is xor-ed with the previous output block before being encrypted through the given block cipher. The optional iv
argument specifies the string to be xor-ed with the first input block, and defaults to all zeroes. The returned block cipher has the same block size as the underlying block cipher.
class cbc_decrypt : ?iv:string -> block_cipher -> block_cipher
Add Cipher Block Chaining (CBC) to the given block cipher in encryption mode. Each block of input is xor-ed with the previous output block before being encrypted through the given block cipher. The optional iv
argument specifies the string to be xor-ed with the first input block, and defaults to all zeroes. The returned block cipher has the same block size as the underlying block cipher.
class cfb_encrypt : ?iv:string -> int -> block_cipher -> block_cipher
Add Cipher Feedback Block (CFB) to the given block cipher in encryption mode. The integer argument n
is the number of bytes processed at a time; it must lie between 1
and the block size of the underlying cipher, included. The returned block cipher has block size n
.
class cfb_decrypt : ?iv:string -> int -> block_cipher -> block_cipher
Add Cipher Feedback Block (CFB) to the given block cipher in encryption mode. The integer argument n
is the number of bytes processed at a time; it must lie between 1
and the block size of the underlying cipher, included. The returned block cipher has block size n
.
class ofb : ?iv:string -> int -> block_cipher -> block_cipher
Add Cipher Feedback Block (CFB) to the given block cipher in decryption mode. See Cryptokit.Block.cfb_encrypt
.
class ctr : ?iv:string -> ?inc:int -> block_cipher -> block_cipher
Add Output Feedback Block (OFB) to the given block cipher. The integer argument n
is the number of bytes processed at a time; it must lie between 1
and the block size of the underlying cipher, included. The returned block cipher has block size n
. It is usable both for encryption and decryption.