Releases: mirage/mirage-crypto
v0.10.1
v0.10.0
CHANGES:
- mirage-crypto-rng on arm32 only use mrrc if in kernel mode, use mrc in user
land mode, and clock_gettime as fallback (reported by @adams-1979 in #113,
fix in #120 by @hannesm) - mirage-crypto-ec: revise key generation API, and provide Dh.secret_of_cstruct
for test vectors (and other scenarios where you need to decode an existing
DH secret). Before, this was embedded into the generate function, which
could diverged for some input (#119 @hannesm)
v0.9.2
v0.9.1
v0.9.0
CHANGES:
-
Elliptic curve support in the new package mirage-crypto-ec
The arithmetic code is generated by
fiat-crypto, a development in Coq
which includes proofs of constant time behaviour. The generation can be
reproduced (see ec/native/GNUmakefile).The group operation implementations are taken from BoringSSL. The high-level
mechanisms (signature DSA and key exchange ECDH) are implemented in OCaml.
The ECDSA implementation (as our DSA one) uses a deterministic k (RFC 6979).The NIST curves P224 (SECP224R1), P256 (SECP256R1), P384 (SECP384R1), and
P521 (SECP521R1) are supported (ECDH and ECDSA), in addition to Curve25519
(X25519 and Ed25519).Performance of X25519 has been measured and is roughly the same as
the hacl_x25519 and also the hacl opam package (see #107 for numbers).Tests vectors are from RFCs and wycheproof.
Import mirage/fiat repository (@pascutto @emillon @NathanReb @hannesm #101)
Check bounds of message (reported by @greg42, fixed by @hannesm #108)
Remove blinding, since constant time arithmetics is used (@hannesm #106)
Curve 25519 (X25519 & Ed25519) support (@hannesm #107 imported from BoringSSL)Partially reviewed by @JasonGross @avsm @dinosaure
Partially sponsored by Nitrokey GmbH
v0.8.10
v0.8.9
v0.8.8
CHANGES:
- new package mirage-crypto-rng-async, entropy feeding using async (#90 @seliopou)
- Entropy.cpu_rng and Entropy.cpu_rng_bootstrap result in Error `Not_supported
on CPUs without RDRAND/RDSEED support (previously an exception was raised
in cpu_rng_bootstrap, and cpu_rng resulted in a no-op) (#92 @seliopou) - Entropy.cpu_rng delays entropy feeding (returns unit -> unit instead of unit).
This fixes a memory leak, reported by @talex5 #94, fixed in #95 by @hannesm - Avoid illegal instructions on X86 CPUs without SSSE3 instruction set. Both
SHA256 and ChaCha used PSHUFB which is not available on e.g. AMD Phenom II
(report #93 by @dinosaure @samoht @pirbo @RichAyotte @sebeec, fixed in #96 by
@hannesm)