package mirage-crypto-rng-miou-unix

  1. Overview
  2. Docs
Feed the entropy source in an miou.unix-friendly way

Install 

dune-project
 Dependency

github.com Readme Changelog ISC License Edit opam file Versions (4)

Authors

  1. R
    Romain Calascibetta <romain.calascibetta@gmail.com>

Maintainers

  1. R
    Romain Calascibetta <romain.calascibetta@gmail.com>

Sources

mirage-crypto-2.1.0.tbz
sha256=fbeda89a3d7bfa9992fdbef3ebbfc7280fcefdd425a0405e33305125cd409815
sha512=0deace3ebc756ea02808bd0cb394012403bb949b2514637df1af8be50e6c3bd12dcc46742c5c0cbb6dd43234574291ecf27e4179da2ab9b6ec6520c5195e5803

Description

Mirage-crypto-rng-miou-unix feeds the entropy source for Mirage_crypto_rng-based random number generator implementations, in an miou.unix-friendly way.

Published: 17 Mar 2026

README

OCaml cryptographic primitives library

This repository contains a small cryptographic library that puts emphasis on the applicative style and ease of use. It includes basic ciphers (AES, 3DES, RC4, ChaCha20/Poly1305), AEAD primitives (AES-GCM, AES-CCM, ChaCha20/Poly1305), public-key primitives (RSA, DSA, DH), elliptic curves (NIST P-256, P-384, P-521, and curve 25519), and a strong RNG (Fortuna).

RSA timing attacks are countered by blinding. AES timing attacks are avoided by delegating to AES-NI.

Initially, this package was developed for MirageOS, but it is very well suitable in any OCaml application. It is a fork of the ocaml-nocrypto package developed by David Kaloper. It was forked with the permission of the original author in order to facilitate changes (e.g. build system) required by MirageOS that the upstream didn't have time to keep up with.

The following packages are provided in this repository, each installable via opam install package-name:

  • mirage-crypto - the base for symmetric ciphers (AES, 3DES, RC4, ChaCha20/Poly1305) - uses allocation-free and loop-free C code,
  • mirage-crypto-ec - elliptic curves (NIST P-256, P-384, P-521, curve 25519) - uses primitives exported from fiat-crypto,
  • mirage-crypto-pk - asymmetric cryptography (RSA, DSA, DH) - uses zarith with gmp,
  • mirage-crypto-rng - random number generators (Fortuna, HMAC-DRBG),
  • mirage-crypto-rng-mirage - seed and feed entropy for the RNG with MirageOS unikernels,
  • mirage-crypto-rng-miou-unix - seed and feed entropy for the RNG with miou scheduler on Unix.

On Unix, getrandom() (and getentropy()) or /dev/urandom are used for random number generation. On MirageOS, entropy harvesting and feeding uses non-deterministic execution time (whirlwind RNG), and hooks into the main event loop to get some bits of the timestamp of each event, rdrand and rdseed CPU instructions if available.

RNG seeding

If RNG fails with Fatal error: exception Unseeded_generator, you need to seed it.

let () = Mirage_crypto_rng_unix.use_default ()

LICENSE

Mostly ISC, the mirage-crypto-rng-mirage is 2 clause BSD licensed, mirage-crypto-ec is MIT licensed.

Dependencies (8)

  1. digestif >= "1.2.0"
  2. mtime >= "1.0.0"
  3. duration
  4. mirage-crypto-rng = version
  5. logs
  6. miou >= "0.2.0"
  7. dune >= "2.7"
  8. ocaml >= "5.0.0"

Dev Dependencies (1)

  1. ohex with-test & >= "0.2.0"

Conflicts

None