package digestif

  1. Overview
  2. Docs
Hashes implementations (SHA*, RIPEMD160, BLAKE2* and MD5)

Install

Dune Dependency

Authors

Maintainers

Sources

digestif-1.2.0.tbz
sha256=c30168cafe279a665367806b3e5e6398fd7474f1e5260e76826d5ec9d3b2a508
sha512=1a4d6ff31fa59d99548cf21a3cedbb0cdb2000d890fcb1c4633eda2723ea6157b10b7dfd089411d51e2d6f653466875efa7aed9807055ecdd3df24ec8d72c234

Description

Digestif is a toolbox to provide hashes implementations in C and OCaml.

It uses the linking trick and user can decide at the end to use the C implementation or the OCaml implementation.

We provides implementation of:

  • MD5
  • SHA1
  • SHA224
  • SHA256
  • SHA384
  • SHA512
  • SHA3
  • Keccak-256
  • WHIRLPOOL
  • BLAKE2B
  • BLAKE2S
  • RIPEMD160

Published: 18 Mar 2024

README

Digestif - Hash algorithms in C and OCaml

Digestif is a toolbox which implements hashes:

  • MD5

  • SHA1

  • SHA2

  • SHA3

  • WHIRLPOOL

  • BLAKE2B

  • BLAKE2S

  • RIPEMD160

Digestif uses a trick about linking and let the end-user to choose which implementation he wants to use. We provide 2 implementations:

  • C implementation with digestif.c

  • OCaml implementation with digestif.ocaml

Both are well-tested. However, OCaml implementation is slower than the C implementation.

Note: The linking trick requires digestif.c or digestif.ocaml to be the first of your dependencies.

Documentation: https://mirage.github.io/digestif/

Contact: Romain Calascibetta <romain.calascibet ta@gmail.com>

Install & Usage

The library is available on OPAM. You can install it via:

$ opam install digestif

This is a simple program which implements sha1sum:

$ cat >sha1sum.ml <<EOF
let sum ic =
  let tmp = Bytes.create 0x1000 in
  let rec go ctx = match input ic tmp 0 0x1000 with
    | 0 -> Digestif.SHA1.get ctx
    | len ->
      let ctx = Digestif.SHA1.feed_bytes ctx ~off:0 ~len tmp in
      go ctx
    | exception End_of_file -> Digestif.SHA1.get ctx in
  go Digestif.SHA1.empty

let () = match Sys.argv with
  | [| _; filename; |] when Sys.file_exists filename ->
    let ic = open_in filename in
    let hash = sum ic in
    close_in ic ; print_endline (Digestif.SHA1.to_hex hash)
  | [| _ |] ->
    let hash = sum stdin in
    print_endline (Digestif.SHA1.to_hex hash)
  | _ -> Format.eprintf "%s [<filename>]\n%!" Sys.argv.(0)
EOF
$ cat >dune <<EOF
(executable
 (name sha1sum)
 (libraries digestif))
EOF
$ dune exec ./sha1sum.exe -- sha1sum.ml
fe6e6639a817c23857b507e2d833ec776f23f327

API

For each hash, we implement the same API which is referentially transparent. Then, on the top of these, we reflect functions (like digesti or hmaci) with GADT - however, conversion from GADT to hash type is not possible (but you can destruct GADT with to_raw_string).

Equal/Compare function

We deciced to protect users to timing-attack. In this case, Digestif.equal (by eqaf package) compares hashes in constant-time.

However, we provide unsafe_compare function too which is not a constant time function. In some contexts, like ocaml-git, we don't care about timing attack and we use unsafe_compare - then, we need to make a wrap where we rename unsafe_compare to compare to be able to use it in some functors like Map.Make or Set.Make.

It's little annoying to do that but it forces the user to get the right question about security issues. So, please, don't ask to rename this function.

MirageOS

Of course, this package is available to be used on MirageOS (both implementations). User is able to compile digestif.ocaml with js_of_ocaml and this package is platform agnostic.

Build Requirements

  • OCaml >= 4.03.0 (may be less but need test)

  • base-bytes meta-package

  • base-bigarray meta-package

  • dune to build the project

If you want to compile the test program, you need:

  • alcotest

Credits

This work is from the nocrypto library and the Vincent hanquez's work in ocaml-sha.

All credits appear in the begin of files and this library is motivated by two reasons:

  • delete the dependancy with nocrypto if you don't use the encryption (and common) part

  • aggregate all hashes functions in one library

Dependencies (3)

  1. eqaf
  2. dune >= "2.6.0"
  3. ocaml >= "4.08.0"

Dev Dependencies (8)

  1. crowbar with-test
  2. ocamlfind with-test
  3. rresult with-test
  4. fpath with-test
  5. astring with-test
  6. bos with-test
  7. alcotest with-test
  8. fmt with-test & >= "0.8.7"

Used by (77)

  1. albatross >= "2.2.0"
  2. archetype < "1.2.2"
  3. aws >= "1.2"
  4. aws-s3 >= "4.2.0"
  5. builder-web >= "0.2.0"
  6. ca-certs >= "1.0.0"
  7. ca-certs-nss >= "3.104"
  8. caldav >= "0.2.3"
  9. carton
  10. carton-lwt
  11. chamelon
  12. cohttp-async >= "6.0.0"
  13. dkim
  14. dkim-mirage >= "0.2.0"
  15. dns-tsig >= "9.0.0"
  16. docfd >= "2.1.0"
  17. docteur
  18. docteur-solo5
  19. docteur-unix
  20. dream < "1.0.0~alpha3" | >= "1.0.0~alpha5"
  21. dream-httpaf < "1.0.0~alpha4"
  22. esperanto-cosmopolitan >= "0.0.5"
  23. git >= "3.0.0"
  24. git-unix >= "3.0.0"
  25. graphql-cohttp >= "0.9.0"
  26. hkdf >= "2.0.0"
  27. httpcats
  28. httpun-ws-async
  29. httpun-ws-eio
  30. httpun-ws-lwt
  31. index-bench >= "1.5.0"
  32. irmin >= "2.0.0"
  33. irmin-cli
  34. irmin-git >= "2.0.0"
  35. irmin-http = "2.0.0" | >= "2.3.0"
  36. irmin-server
  37. irmin-tezos
  38. irmin-unix >= "2.0.0"
  39. jupyter-kernel >= "0.4"
  40. jwto >= "0.4.0"
  41. kdf
  42. learn-ocaml >= "0.12"
  43. learn-ocaml-client
  44. letsencrypt >= "1.0.0"
  45. MlFront_Cli
  46. miou
  47. mirage-crypto-ec >= "1.0.0"
  48. mirage-crypto-pk >= "1.0.0"
  49. mirage-crypto-rng >= "1.0.0"
  50. mirage-crypto-rng-miou-unix
  51. multihash-digestif
  52. naboris >= "0.1.3"
  53. nocoiner
  54. noise >= "0.2.0"
  55. nomad
  56. ocluster
  57. ocluster-worker
  58. octez-internal-libs
  59. ometrics >= "0.1.2"
  60. openstellina
  61. otr >= "1.0.0"
  62. owi >= "0.2"
  63. pbkdf >= "2.0.0"
  64. smaws-lib
  65. soupault >= "4.4.0"
  66. spoke
  67. swhid
  68. swhid_compute
  69. tezos-base58
  70. tezos-context < "11.0" | >= "12.0" & < "16.0"
  71. tezos-context-hash
  72. tezos-storage
  73. tezos-store < "12.0"
  74. tls >= "1.0.0"
  75. webauthn >= "0.2.0"
  76. yocaml_runtime
  77. zeit

Conflicts (2)

  1. ocaml-freestanding
  2. mirage-xen < "6.0.0"
OCaml

Innovation. Community. Security.