Simple symmetric cryptography for the modern age
Module type Mirage_crypto . Cipher_block . S . CTR
type key
val of_secret : Cstruct.t -> key

Construct the encryption key corresponding to secret.

  • raises Invalid_argument

    if the length of secret is not in key_sizes.

val key_sizes : int array

Key sizes allowed with this cipher.

val block_size : int

The size of a single block.

type ctr
val stream : key:key -> ctr:ctr -> int -> Cstruct.t

stream ~key ~ctr n is the raw keystream.

Keystream is the concatenation of successive encrypted counter states. If E(x) is the single block x encrypted under key, then keystream is the first n bytes of E(ctr) || E(add ctr 1) || E(add ctr 2) || ....

Note that

stream ~key ~ctr (k * block_size) || stream ~key ~ctr:(add ctr k) x
== stream ~key ~ctr (k * block_size + x)

In other words, it is possible to restart a keystream at block_size boundaries by manipulating the counter.

val encrypt : key:key -> ctr:ctr -> Cstruct.t -> Cstruct.t

encrypt ~key ~ctr msg is stream ~key ~ctr ~off (len msg) lxor msg.

val decrypt : key:key -> ctr:ctr -> Cstruct.t -> Cstruct.t

decrypt is encrypt.

val add_ctr : ctr -> int64 -> ctr

add_ctr ctr n adds n to ctr.

val next_ctr : ctr:ctr -> Cstruct.t -> ctr

next_ctr ~ctr msg is the state of the counter after encrypting or decrypting msg with the counter ctr.

For protocols which perform inter-message chaining, this is the counter for the next message.

It is computed as C.add ctr (ceil (len msg / block_size)). Note that if len msg1 = k * block_size,

encrypt ~ctr msg1 || encrypt ~ctr:(next_ctr ~ctr msg1) msg2
== encrypt ~ctr (msg1 || msg2)
val ctr_of_cstruct : Cstruct.t -> ctr

ctr_of_cstruct cs converts the value of cs into a counter.