ligo/src/lib_crypto/crypto_box.mli

(**************************************************************************)
(*                                                                        *)
(*    Copyright (c) 2014 - 2018.                                          *)
(*    Dynamic Ledger Solutions, Inc. <contact@tezos.com>                  *)
(*                                                                        *)
(*    All rights reserved. No warranty, explicit or implicit, provided.   *)
(*                                                                        *)
(**************************************************************************)

(** Tezos - X25519/XSalsa20-Poly1305 cryptography *)

type nonce = Bigstring.t
val nonce_size : int

val zero_nonce : nonce
val random_nonce : unit -> nonce
val increment_nonce : ?step:int -> nonce -> nonce

(** [generate_nonces ~incoming ~sent_msg ~recv_msg] generates two
    nonces by hashing (Blake2B) the arguments. The nonces should be
    used to initialize the encryption on the communication
    channels. Because an attacker cannot control both messages,
    it cannot determine the nonces that will be used to encrypt
    the messages. The sent message should contains a random nonce,
    and we should never send the exact same message twice. *)
val generate_nonces :
  incoming:bool -> sent_msg:MBytes.t -> recv_msg:MBytes.t -> nonce * nonce

module Secretbox : sig
  type key

  val unsafe_of_bytes : MBytes.t -> key

  val box_noalloc : key -> nonce -> MBytes.t -> unit
  val box_open_noalloc : key -> nonce -> MBytes.t -> bool

  val box : key -> MBytes.t -> nonce -> MBytes.t
  val box_open : key -> MBytes.t -> nonce -> MBytes.t option
end

type target
val default_target : target
val make_target : float -> target

type secret_key
type public_key
module Public_key_hash : S.HASH
type channel_key

val hash : public_key -> Public_key_hash.t

val zerobytes : int
val boxzerobytes : int

val random_keypair : unit -> secret_key * public_key * Public_key_hash.t

val precompute : secret_key -> public_key -> channel_key

val fast_box        : channel_key -> MBytes.t -> nonce -> MBytes.t
val fast_box_open   : channel_key -> MBytes.t -> nonce -> MBytes.t option

val fast_box_noalloc : channel_key -> nonce -> MBytes.t -> unit
val fast_box_open_noalloc : channel_key -> nonce -> MBytes.t -> bool

val check_proof_of_work : public_key -> nonce -> target -> bool
val generate_proof_of_work : ?max:int -> public_key -> target -> nonce

val public_key_to_bigarray : public_key -> Cstruct.buffer
val public_key_of_bigarray : Cstruct.buffer -> public_key
val public_key_size : int

val secret_key_to_bigarray : secret_key -> Cstruct.buffer
val secret_key_of_bigarray : Cstruct.buffer -> secret_key
val secret_key_size : int

val public_key_encoding : public_key Data_encoding.t
val secret_key_encoding : secret_key Data_encoding.t
val nonce_encoding : nonce Data_encoding.t
crypto box initial utility functions for encrypted communication using crypto box (X25519/XSalsa20-Poly1305) 2016-11-03 22:15:31 +04:00			`(**************************************************************************)`
			`(* *)`
Update copyright notice (2018) 2018-02-06 00:17:03 +04:00			`(* Copyright (c) 2014 - 2018. *)`
crypto box initial utility functions for encrypted communication using crypto box (X25519/XSalsa20-Poly1305) 2016-11-03 22:15:31 +04:00			`(* Dynamic Ledger Solutions, Inc. <contact@tezos.com> *)`
			`(* *)`
			`(* All rights reserved. No warranty, explicit or implicit, provided. *)`
			`(* *)`
			`(**************************************************************************)`

			`(** Tezos - X25519/XSalsa20-Poly1305 cryptography *)`

Crypto: replace ocaml-tweetnacl with ocaml-hacl 2018-04-06 01:22:30 +04:00			`type nonce = Bigstring.t`
			`val nonce_size : int`
crypto box initial utility functions for encrypted communication using crypto box (X25519/XSalsa20-Poly1305) 2016-11-03 22:15:31 +04:00
Crypto: add `Secretbox` 2018-02-06 22:16:26 +04:00			`val zero_nonce : nonce`
crypto box initial utility functions for encrypted communication using crypto box (X25519/XSalsa20-Poly1305) 2016-11-03 22:15:31 +04:00			`val random_nonce : unit -> nonce`
			`val increment_nonce : ?step:int -> nonce -> nonce`
Merge remote-tracking branch 'ocp/crypto-box' 2016-11-16 04:19:13 +04:00
P2p: make nonces unpredictable when connecting Avoid replay-attacks by preventing a node from determining one of the nonces used in the encryption of a channel between two nodes. 2018-05-18 18:57:43 +04:00			`(** [generate_nonces ~incoming ~sent_msg ~recv_msg] generates two`
			`nonces by hashing (Blake2B) the arguments. The nonces should be`
			`used to initialize the encryption on the communication`
			`channels. Because an attacker cannot control both messages,`
			`it cannot determine the nonces that will be used to encrypt`
			`the messages. The sent message should contains a random nonce,`
			`and we should never send the exact same message twice. *)`
			`val generate_nonces :`
			`incoming:bool -> sent_msg:MBytes.t -> recv_msg:MBytes.t -> nonce * nonce`

Crypto: add `Secretbox` 2018-02-06 22:16:26 +04:00			`module Secretbox : sig`
			`type key`

Crypto: replace ocaml-tweetnacl with ocaml-hacl 2018-04-06 01:22:30 +04:00			`val unsafe_of_bytes : MBytes.t -> key`
Crypto: add `Secretbox` 2018-02-06 22:16:26 +04:00
Crypto: replace ocaml-tweetnacl with ocaml-hacl 2018-04-06 01:22:30 +04:00			`val box_noalloc : key -> nonce -> MBytes.t -> unit`
			`val box_open_noalloc : key -> nonce -> MBytes.t -> bool`
Crypto: add `Secretbox` 2018-02-06 22:16:26 +04:00
			`val box : key -> MBytes.t -> nonce -> MBytes.t`
			`val box_open : key -> MBytes.t -> nonce -> MBytes.t option`
			`end`

use 256 bit target for proof of work * SHA256 produces 256 bits pseudo-randomly uniformly, so you may compare to a 256 bit target to get a proof of work * If you pretend that the hash and targets are both integers between 0 and 2^256 - 1, then the target partitions the range into passing and failing segments. * In order to match the use of the `get_uint16` function from `ocplib-endian`, the easiest way to encode `target` is as a `int list` which works if not ideal * This seems like the same thing bitcoin does; difficulty there is actually not a primary notion but is calculated from a 256 bit target, which is what gets adjusted over time 2016-11-18 00:02:32 +04:00			`type target`
default target takes a couple seconds on my laptop to generate a proof of work with this target 2016-11-19 02:07:27 +04:00			`val default_target : target`
Shell: Add `Cryptobox.target_of_float` [target_of_float f] is `2 ^ (256 - f)`. 2017-01-23 14:09:51 +04:00			`val make_target : float -> target`
use 256 bit target for proof of work * SHA256 produces 256 bits pseudo-randomly uniformly, so you may compare to a 256 bit target to get a proof of work * If you pretend that the hash and targets are both integers between 0 and 2^256 - 1, then the target partitions the range into passing and failing segments. * In order to match the use of the `get_uint16` function from `ocplib-endian`, the easiest way to encode `target` is as a `int list` which works if not ideal * This seems like the same thing bitcoin does; difficulty there is actually not a primary notion but is calculated from a 256 bit target, which is what gets adjusted over time 2016-11-18 00:02:32 +04:00
Merge remote-tracking branch 'ocp/crypto-box' 2016-11-16 04:19:13 +04:00			`type secret_key`
			`type public_key`
Client refactor: simpler dependencies in `tezos-crypto` 2018-02-08 13:51:01 +04:00			`module Public_key_hash : S.HASH`
Shell: add `Crypto_box.Public_key_hash` 2017-01-14 16:13:49 +04:00			`type channel_key`
Merge remote-tracking branch 'ocp/crypto-box' 2016-11-16 04:19:13 +04:00
Shell: add `Crypto_box.Public_key_hash` 2017-01-14 16:13:49 +04:00			`val hash : public_key -> Public_key_hash.t`
Crypto: drop libsodium We now use simpler OCaml bindings much easier to review. 2018-02-04 21:39:34 +04:00
			`val zerobytes : int`
			`val boxzerobytes : int`

Shell: add `Crypto_box.Public_key_hash` 2017-01-14 16:13:49 +04:00			`val random_keypair : unit -> secret_key * public_key * Public_key_hash.t`
Merge remote-tracking branch 'ocp/crypto-box' 2016-11-16 04:19:13 +04:00
Shell: add `Crypto_box.Public_key_hash` 2017-01-14 16:13:49 +04:00			`val precompute : secret_key -> public_key -> channel_key`
Crypto: drop libsodium We now use simpler OCaml bindings much easier to review. 2018-02-04 21:39:34 +04:00
Shell: add `Crypto_box.Public_key_hash` 2017-01-14 16:13:49 +04:00			`val fast_box : channel_key -> MBytes.t -> nonce -> MBytes.t`
			`val fast_box_open : channel_key -> MBytes.t -> nonce -> MBytes.t option`

Crypto: drop libsodium We now use simpler OCaml bindings much easier to review. 2018-02-04 21:39:34 +04:00			`val fast_box_noalloc : channel_key -> nonce -> MBytes.t -> unit`
			`val fast_box_open_noalloc : channel_key -> nonce -> MBytes.t -> bool`

use 256 bit target for proof of work * SHA256 produces 256 bits pseudo-randomly uniformly, so you may compare to a 256 bit target to get a proof of work * If you pretend that the hash and targets are both integers between 0 and 2^256 - 1, then the target partitions the range into passing and failing segments. * In order to match the use of the `get_uint16` function from `ocplib-endian`, the easiest way to encode `target` is as a `int list` which works if not ideal * This seems like the same thing bitcoin does; difficulty there is actually not a primary notion but is calculated from a 256 bit target, which is what gets adjusted over time 2016-11-18 00:02:32 +04:00			`val check_proof_of_work : public_key -> nonce -> target -> bool`
Shell: animated generation of `P2p.Identity` 2017-01-23 14:09:48 +04:00			`val generate_proof_of_work : ?max:int -> public_key -> target -> nonce`
Shell: add `Crypto_box.Public_key_hash` 2017-01-14 16:13:49 +04:00
Client refactor: simpler dependencies in `tezos-crypto` 2018-02-08 13:51:01 +04:00			`val public_key_to_bigarray : public_key -> Cstruct.buffer`
			`val public_key_of_bigarray : Cstruct.buffer -> public_key`
			`val public_key_size : int`

			`val secret_key_to_bigarray : secret_key -> Cstruct.buffer`
			`val secret_key_of_bigarray : Cstruct.buffer -> secret_key`
			`val secret_key_size : int`
Crypto: drop libsodium We now use simpler OCaml bindings much easier to review. 2018-02-04 21:39:34 +04:00
Shell: move back hash encoders from `lib_base` to `lib_crypto` 2018-04-03 13:44:11 +04:00			`val public_key_encoding : public_key Data_encoding.t`
			`val secret_key_encoding : secret_key Data_encoding.t`
			`val nonce_encoding : nonce Data_encoding.t`