ligo/src/lib_crypto/crypto_box.ml

(**************************************************************************)
(*                                                                        *)
(*    Copyright (c) 2014 - 2018.                                          *)
(*    Dynamic Ledger Solutions, Inc. <contact@tezos.com>                  *)
(*                                                                        *)
(*    All rights reserved. No warranty, explicit or implicit, provided.   *)
(*                                                                        *)
(**************************************************************************)

(** Tezos - X25519/XSalsa20-Poly1305 cryptography *)

open Hacl

type secret_key = secret Box.key
type public_key = public Box.key
type channel_key = Box.combined Box.key
type nonce = Bigstring.t
type target = Z.t

module Secretbox = struct
  include Secretbox
  let box_noalloc key nonce msg =
    box ~key ~nonce ~msg ~cmsg:msg

  let box_open_noalloc key nonce cmsg =
    box_open ~key ~nonce ~cmsg ~msg:cmsg

  let box key msg nonce =
    let msglen = MBytes.length msg in
    let cmsg = MBytes.create (msglen + zerobytes) in
    MBytes.fill cmsg '\x00' ;
    MBytes.blit msg 0 cmsg zerobytes msglen ;
    box ~key ~nonce ~msg:cmsg ~cmsg ;
    cmsg

  let box_open key cmsg nonce =
    let cmsglen = MBytes.length cmsg in
    let msg = MBytes.create cmsglen in
    match box_open ~key ~nonce ~cmsg ~msg with
    | false -> None
    | true -> Some (MBytes.sub msg zerobytes (cmsglen - zerobytes))
end

module Public_key_hash = Blake2B.Make (Base58) (struct
    let name = "Crypto_box.Public_key_hash"
    let title = "A Cryptobox public key ID"
    let b58check_prefix = Base58.Prefix.cryptobox_public_key_hash
    let size = Some 16
  end)

let () =
  Base58.check_encoded_prefix Public_key_hash.b58check_encoding "id" 30

let hash pk =
  Public_key_hash.hash_bytes [Box.unsafe_to_bytes pk]

let zerobytes = Box.zerobytes
let boxzerobytes = Box.boxzerobytes

let random_keypair () =
  let pk, sk = Box.keypair () in
  sk, pk, hash pk

let zero_nonce = MBytes.make Nonce.bytes '\x00'
let random_nonce = Nonce.gen
let increment_nonce = Nonce.increment
let generate_nonce mbytes =
  let hash = Blake2B.hash_bytes mbytes in
  Nonce.of_bytes_exn @@ (Bigstring.sub (Blake2B.to_bytes hash) 0 Nonce.bytes)

let init_to_resp_seed = MBytes.of_string "Init -> Resp"
let resp_to_init_seed  = MBytes.of_string "Resp -> Init"
let generate_nonces ~incoming ~sent_msg ~recv_msg =
  let (init_msg, resp_msg, false)
    | (resp_msg, init_msg, true) = (sent_msg, recv_msg, incoming) in
  let nonce_init_to_resp =
    generate_nonce [ init_msg ; resp_msg ; init_to_resp_seed ] in
  let nonce_resp_to_init =
    generate_nonce [ init_msg ; resp_msg ; resp_to_init_seed ] in
  if incoming then
    (nonce_init_to_resp, nonce_resp_to_init)
  else
    (nonce_resp_to_init, nonce_init_to_resp)

let precompute sk pk = Box.dh pk sk

let fast_box_noalloc k nonce msg =
  Box.box ~k ~nonce ~msg ~cmsg:msg

let fast_box_open_noalloc k nonce cmsg =
  Box.box_open ~k ~nonce ~cmsg ~msg:cmsg

let fast_box k msg nonce =
  let msglen = MBytes.length msg in
  let cmsg = MBytes.create (msglen + zerobytes) in
  MBytes.fill cmsg '\x00' ;
  MBytes.blit msg 0 cmsg zerobytes msglen ;
  Box.box ~k ~nonce ~msg:cmsg ~cmsg ;
  cmsg

let fast_box_open k cmsg nonce =
  let cmsglen = MBytes.length cmsg in
  let msg = MBytes.create cmsglen in
  match Box.box_open ~k ~nonce ~cmsg ~msg with
  | false -> None
  | true -> Some (MBytes.sub msg zerobytes (cmsglen - zerobytes))

let compare_target hash target =
  let hash = Z.of_bits (Blake2B.to_string hash) in
  Z.compare hash target <= 0

let make_target f =
  if f < 0. || 256. < f then invalid_arg "Cryptobox.target_of_float" ;
  let frac, shift = modf f in
  let shift = int_of_float shift in
  let m =
    Z.of_int64 @@
    if frac = 0. then
      Int64.(pred (shift_left 1L 54))
    else
      Int64.of_float (2. ** (54. -. frac))
  in
  if shift < 202 then
    Z.logor
      (Z.shift_left m (202 - shift))
      (Z.pred @@ Z.shift_left Z.one (202 - shift))
  else
    Z.shift_right m (shift - 202)

let default_target = make_target 24.

let check_proof_of_work pk nonce target =
  let hash =
    Blake2B.hash_bytes [
      Box.unsafe_to_bytes pk ;
      nonce ;
    ] in
  compare_target hash target

let generate_proof_of_work ?max pk target =
  let may_interupt =
    match max with
    | None -> (fun _ -> ())
    | Some max -> (fun cpt -> if max < cpt then raise Not_found) in
  let rec loop nonce cpt =
    may_interupt cpt ;
    if check_proof_of_work pk nonce target then
      nonce
    else
      loop (Nonce.increment nonce) (cpt + 1) in
  loop (random_nonce ()) 0

let public_key_to_bigarray pk =
  let buf = MBytes.create Box.pkbytes in
  Box.blit_to_bytes pk buf ;
  buf

let public_key_of_bigarray buf =
  let pk = MBytes.copy buf in
  Box.unsafe_pk_of_bytes pk

let public_key_size = Box.pkbytes

let secret_key_to_bigarray sk =
  let buf = MBytes.create Box.skbytes in
  Box.blit_to_bytes sk buf ;
  buf

let secret_key_of_bigarray buf =
  let sk = MBytes.copy buf in
  Box.unsafe_sk_of_bytes sk

let secret_key_size = Box.skbytes

let nonce_size = Nonce.bytes

let public_key_encoding =
  let open Data_encoding in
  conv
    public_key_to_bigarray
    public_key_of_bigarray
    (Fixed.bytes public_key_size)

let secret_key_encoding =
  let open Data_encoding in
  conv
    secret_key_to_bigarray
    secret_key_of_bigarray
    (Fixed.bytes secret_key_size)

let nonce_encoding =
  Data_encoding.Fixed.bytes nonce_size
crypto box initial utility functions for encrypted communication using crypto box (X25519/XSalsa20-Poly1305) 2016-11-03 22:15:31 +04:00			`(**************************************************************************)`
			`(* *)`
Update copyright notice (2018) 2018-02-06 00:17:03 +04:00			`(* Copyright (c) 2014 - 2018. *)`
crypto box initial utility functions for encrypted communication using crypto box (X25519/XSalsa20-Poly1305) 2016-11-03 22:15:31 +04:00			`(* Dynamic Ledger Solutions, Inc. <contact@tezos.com> *)`
			`(* *)`
			`(* All rights reserved. No warranty, explicit or implicit, provided. *)`
			`(* *)`
			`(**************************************************************************)`

			`(** Tezos - X25519/XSalsa20-Poly1305 cryptography *)`

Crypto: replace ocaml-tweetnacl with ocaml-hacl 2018-04-06 01:22:30 +04:00			`open Hacl`
Crypto: drop libsodium We now use simpler OCaml bindings much easier to review. 2018-02-04 21:39:34 +04:00
Crypto: replace ocaml-tweetnacl with ocaml-hacl 2018-04-06 01:22:30 +04:00			`type secret_key = secret Box.key`
			`type public_key = public Box.key`
Crypto: drop libsodium We now use simpler OCaml bindings much easier to review. 2018-02-04 21:39:34 +04:00			`type channel_key = Box.combined Box.key`
Crypto: replace ocaml-tweetnacl with ocaml-hacl 2018-04-06 01:22:30 +04:00			`type nonce = Bigstring.t`
Shell: Add `Cryptobox.target_of_float` [target_of_float f] is `2 ^ (256 - f)`. 2017-01-23 14:09:51 +04:00			`type target = Z.t`
crypto box initial utility functions for encrypted communication using crypto box (X25519/XSalsa20-Poly1305) 2016-11-03 22:15:31 +04:00
Crypto: add `Secretbox` 2018-02-06 22:16:26 +04:00			`module Secretbox = struct`
			`include Secretbox`
			`let box_noalloc key nonce msg =`
Crypto: replace ocaml-tweetnacl with ocaml-hacl 2018-04-06 01:22:30 +04:00			`box ~key ~nonce ~msg ~cmsg:msg`
Crypto: add `Secretbox` 2018-02-06 22:16:26 +04:00
			`let box_open_noalloc key nonce cmsg =`
Crypto: replace ocaml-tweetnacl with ocaml-hacl 2018-04-06 01:22:30 +04:00			`box_open ~key ~nonce ~cmsg ~msg:cmsg`

			`let box key msg nonce =`
			`let msglen = MBytes.length msg in`
			`let cmsg = MBytes.create (msglen + zerobytes) in`
			`MBytes.fill cmsg '\x00' ;`
			`MBytes.blit msg 0 cmsg zerobytes msglen ;`
			`box ~key ~nonce ~msg:cmsg ~cmsg ;`
			`cmsg`

			`let box_open key cmsg nonce =`
			`let cmsglen = MBytes.length cmsg in`
			`let msg = MBytes.create cmsglen in`
			`match box_open ~key ~nonce ~cmsg ~msg with`
			`\| false -> None`
			`\| true -> Some (MBytes.sub msg zerobytes (cmsglen - zerobytes))`
Crypto: add `Secretbox` 2018-02-06 22:16:26 +04:00			`end`

Jbuilder: split `src/utils/` in multiple OPAM packages * `lib_stdlib`: basic extended OCaml stdlib and generic data structures * `lib_data_encoding`: almost independant 'Data_encoding' * `lib_error_monad`: almost independant 'Error_monad' * `lib_stdlib_lwt`: extended Lwt library * `lib_crypto`: all the crypto stuff (hashing, signing, cryptobox). * `lib_base`: - basic type definitions (Block_header, Operation, ...) - a module `TzPervasives` to bind them all and to be the single module opened everywhere. In the process, I splitted `Tezos_data` and `Hash` in multiple submodules, thus removing a lot of `-open`. The following two modules may not have found their place yet: - Base58 (currently in `lib_crypto`) - Cli_entries (currently in `lib_stdlib_lwt`) 2017-11-27 09:13:12 +04:00			`module Public_key_hash = Blake2B.Make (Base58) (struct`
Shell: add `Crypto_box.Public_key_hash` 2017-01-14 16:13:49 +04:00			`let name = "Crypto_box.Public_key_hash"`
			`let title = "A Cryptobox public key ID"`
Switch to Base58. Base48 was fun but... hell yeah... let's stay standard. Public encoding of hash: ``` Block: "B..." (len: 51) Operation: "o..." (len: 51) Protocol: "P..." (len: 51) Ed25519: "tz1.." (len: 36) Contract: "TZ1.." (len: 36) NetworkdId: "id.." (len: 30) ``` Other internal prefixes (in the RPC): ``` Hash of Michelson's expression: "expr..." (len: 54) Ed25519 public key: "edpk..." (len: 54) Ed25519 secret key: "edsk..." (len: 98) Ed25519 signature: "edsig.." (len: 99) Hash of a random seed nonce: "nce...." (len: 53) Random seed: "rng...." (len: 53) ``` 2017-02-19 21:22:32 +04:00			`let b58check_prefix = Base58.Prefix.cryptobox_public_key_hash`
Shell: add `Crypto_box.Public_key_hash` 2017-01-14 16:13:49 +04:00			`let size = Some 16`
			`end)`

Switch to Base58. Base48 was fun but... hell yeah... let's stay standard. Public encoding of hash: ``` Block: "B..." (len: 51) Operation: "o..." (len: 51) Protocol: "P..." (len: 51) Ed25519: "tz1.." (len: 36) Contract: "TZ1.." (len: 36) NetworkdId: "id.." (len: 30) ``` Other internal prefixes (in the RPC): ``` Hash of Michelson's expression: "expr..." (len: 54) Ed25519 public key: "edpk..." (len: 54) Ed25519 secret key: "edsk..." (len: 98) Ed25519 signature: "edsig.." (len: 99) Hash of a random seed nonce: "nce...." (len: 53) Random seed: "rng...." (len: 53) ``` 2017-02-19 21:22:32 +04:00			`let () =`
			`Base58.check_encoded_prefix Public_key_hash.b58check_encoding "id" 30`

Shell: add `Crypto_box.Public_key_hash` 2017-01-14 16:13:49 +04:00			`let hash pk =`
Crypto: replace ocaml-tweetnacl with ocaml-hacl 2018-04-06 01:22:30 +04:00			`Public_key_hash.hash_bytes [Box.unsafe_to_bytes pk]`
Crypto: drop libsodium We now use simpler OCaml bindings much easier to review. 2018-02-04 21:39:34 +04:00
			`let zerobytes = Box.zerobytes`
			`let boxzerobytes = Box.boxzerobytes`
Shell: add `Crypto_box.Public_key_hash` 2017-01-14 16:13:49 +04:00
			`let random_keypair () =`
Crypto: drop libsodium We now use simpler OCaml bindings much easier to review. 2018-02-04 21:39:34 +04:00			`let pk, sk = Box.keypair () in`
Shell: add `Crypto_box.Public_key_hash` 2017-01-14 16:13:49 +04:00			`sk, pk, hash pk`
Crypto: add `Secretbox` 2018-02-06 22:16:26 +04:00
Crypto: replace ocaml-tweetnacl with ocaml-hacl 2018-04-06 01:22:30 +04:00			`let zero_nonce = MBytes.make Nonce.bytes '\x00'`
Crypto: drop libsodium We now use simpler OCaml bindings much easier to review. 2018-02-04 21:39:34 +04:00			`let random_nonce = Nonce.gen`
			`let increment_nonce = Nonce.increment`
P2p: make nonces unpredictable when connecting Avoid replay-attacks by preventing a node from determining one of the nonces used in the encryption of a channel between two nodes. 2018-05-18 18:57:43 +04:00			`let generate_nonce mbytes =`
			`let hash = Blake2B.hash_bytes mbytes in`
			`Nonce.of_bytes_exn @@ (Bigstring.sub (Blake2B.to_bytes hash) 0 Nonce.bytes)`

			`let init_to_resp_seed = MBytes.of_string "Init -> Resp"`
			`let resp_to_init_seed = MBytes.of_string "Resp -> Init"`
			`let generate_nonces ~incoming ~sent_msg ~recv_msg =`
			`let (init_msg, resp_msg, false)`
			`\| (resp_msg, init_msg, true) = (sent_msg, recv_msg, incoming) in`
			`let nonce_init_to_resp =`
			`generate_nonce [ init_msg ; resp_msg ; init_to_resp_seed ] in`
			`let nonce_resp_to_init =`
			`generate_nonce [ init_msg ; resp_msg ; resp_to_init_seed ] in`
			`if incoming then`
			`(nonce_init_to_resp, nonce_resp_to_init)`
			`else`
			`(nonce_resp_to_init, nonce_init_to_resp)`
Crypto: drop libsodium We now use simpler OCaml bindings much easier to review. 2018-02-04 21:39:34 +04:00
Crypto: replace ocaml-tweetnacl with ocaml-hacl 2018-04-06 01:22:30 +04:00			`let precompute sk pk = Box.dh pk sk`
Crypto: drop libsodium We now use simpler OCaml bindings much easier to review. 2018-02-04 21:39:34 +04:00
Crypto: replace ocaml-tweetnacl with ocaml-hacl 2018-04-06 01:22:30 +04:00			`let fast_box_noalloc k nonce msg =`
			`Box.box ~k ~nonce ~msg ~cmsg:msg`
Crypto: drop libsodium We now use simpler OCaml bindings much easier to review. 2018-02-04 21:39:34 +04:00
Crypto: replace ocaml-tweetnacl with ocaml-hacl 2018-04-06 01:22:30 +04:00			`let fast_box_open_noalloc k nonce cmsg =`
			`Box.box_open ~k ~nonce ~cmsg ~msg:cmsg`
Crypto: drop libsodium We now use simpler OCaml bindings much easier to review. 2018-02-04 21:39:34 +04:00
			`let fast_box k msg nonce =`
Crypto: replace ocaml-tweetnacl with ocaml-hacl 2018-04-06 01:22:30 +04:00			`let msglen = MBytes.length msg in`
			`let cmsg = MBytes.create (msglen + zerobytes) in`
			`MBytes.fill cmsg '\x00' ;`
			`MBytes.blit msg 0 cmsg zerobytes msglen ;`
			`Box.box ~k ~nonce ~msg:cmsg ~cmsg ;`
			`cmsg`
Crypto: drop libsodium We now use simpler OCaml bindings much easier to review. 2018-02-04 21:39:34 +04:00
			`let fast_box_open k cmsg nonce =`
Crypto: replace ocaml-tweetnacl with ocaml-hacl 2018-04-06 01:22:30 +04:00			`let cmsglen = MBytes.length cmsg in`
			`let msg = MBytes.create cmsglen in`
			`match Box.box_open ~k ~nonce ~cmsg ~msg with`
			`\| false -> None`
			`\| true -> Some (MBytes.sub msg zerobytes (cmsglen - zerobytes))`
Shell: add `Crypto_box.Public_key_hash` 2017-01-14 16:13:49 +04:00
Shell: reduce difficulty for P2P identity... ... until we properly store the nonce in the configuration file, together with the expected difficulty. 2016-11-25 21:03:57 +04:00			`let compare_target hash target =`
Jbuilder: split `src/utils/` in multiple OPAM packages * `lib_stdlib`: basic extended OCaml stdlib and generic data structures * `lib_data_encoding`: almost independant 'Data_encoding' * `lib_error_monad`: almost independant 'Error_monad' * `lib_stdlib_lwt`: extended Lwt library * `lib_crypto`: all the crypto stuff (hashing, signing, cryptobox). * `lib_base`: - basic type definitions (Block_header, Operation, ...) - a module `TzPervasives` to bind them all and to be the single module opened everywhere. In the process, I splitted `Tezos_data` and `Hash` in multiple submodules, thus removing a lot of `-open`. The following two modules may not have found their place yet: - Base58 (currently in `lib_crypto`) - Cli_entries (currently in `lib_stdlib_lwt`) 2017-11-27 09:13:12 +04:00			`let hash = Z.of_bits (Blake2B.to_string hash) in`
Shell: Add `Cryptobox.target_of_float` [target_of_float f] is `2 ^ (256 - f)`. 2017-01-23 14:09:51 +04:00			`Z.compare hash target <= 0`

			`let make_target f =`
			`if f < 0. \|\| 256. < f then invalid_arg "Cryptobox.target_of_float" ;`
			`let frac, shift = modf f in`
			`let shift = int_of_float shift in`
			`let m =`
			`Z.of_int64 @@`
			`if frac = 0. then`
			`Int64.(pred (shift_left 1L 54))`
			`else`
			`Int64.of_float (2. ** (54. -. frac))`
			`in`
			`if shift < 202 then`
			`Z.logor`
			`(Z.shift_left m (202 - shift))`
			`(Z.pred @@ Z.shift_left Z.one (202 - shift))`
			`else`
			`Z.shift_right m (shift - 202)`
default target takes a couple seconds on my laptop to generate a proof of work with this target 2016-11-19 02:07:27 +04:00
Shell: Add `Cryptobox.target_of_float` [target_of_float f] is `2 ^ (256 - f)`. 2017-01-23 14:09:51 +04:00			`let default_target = make_target 24.`
use 256 bit target for proof of work * SHA256 produces 256 bits pseudo-randomly uniformly, so you may compare to a 256 bit target to get a proof of work * If you pretend that the hash and targets are both integers between 0 and 2^256 - 1, then the target partitions the range into passing and failing segments. * In order to match the use of the `get_uint16` function from `ocplib-endian`, the easiest way to encode `target` is as a `int list` which works if not ideal * This seems like the same thing bitcoin does; difficulty there is actually not a primary notion but is calculated from a 256 bit target, which is what gets adjusted over time 2016-11-18 00:02:32 +04:00
			`let check_proof_of_work pk nonce target =`
Shell: reduce difficulty for P2P identity... ... until we properly store the nonce in the configuration file, together with the expected difficulty. 2016-11-25 21:03:57 +04:00			`let hash =`
Jbuilder: split `src/utils/` in multiple OPAM packages * `lib_stdlib`: basic extended OCaml stdlib and generic data structures * `lib_data_encoding`: almost independant 'Data_encoding' * `lib_error_monad`: almost independant 'Error_monad' * `lib_stdlib_lwt`: extended Lwt library * `lib_crypto`: all the crypto stuff (hashing, signing, cryptobox). * `lib_base`: - basic type definitions (Block_header, Operation, ...) - a module `TzPervasives` to bind them all and to be the single module opened everywhere. In the process, I splitted `Tezos_data` and `Hash` in multiple submodules, thus removing a lot of `-open`. The following two modules may not have found their place yet: - Base58 (currently in `lib_crypto`) - Cli_entries (currently in `lib_stdlib_lwt`) 2017-11-27 09:13:12 +04:00			`Blake2B.hash_bytes [`
Crypto: replace ocaml-tweetnacl with ocaml-hacl 2018-04-06 01:22:30 +04:00			`Box.unsafe_to_bytes pk ;`
			`nonce ;`
Shell: switch to Blake2b (closes #87 #89) Also drop the dependencies on Cryptokit. 2016-11-25 22:46:50 +04:00			`] in`
Shell: reduce difficulty for P2P identity... ... until we properly store the nonce in the configuration file, together with the expected difficulty. 2016-11-25 21:03:57 +04:00			`compare_target hash target`
use 256 bit target for proof of work * SHA256 produces 256 bits pseudo-randomly uniformly, so you may compare to a 256 bit target to get a proof of work * If you pretend that the hash and targets are both integers between 0 and 2^256 - 1, then the target partitions the range into passing and failing segments. * In order to match the use of the `get_uint16` function from `ocplib-endian`, the easiest way to encode `target` is as a `int list` which works if not ideal * This seems like the same thing bitcoin does; difficulty there is actually not a primary notion but is calculated from a 256 bit target, which is what gets adjusted over time 2016-11-18 00:02:32 +04:00
Shell: animated generation of `P2p.Identity` 2017-01-23 14:09:48 +04:00			`let generate_proof_of_work ?max pk target =`
			`let may_interupt =`
			`match max with`
			`\| None -> (fun _ -> ())`
			`\| Some max -> (fun cpt -> if max < cpt then raise Not_found) in`
			`let rec loop nonce cpt =`
			`may_interupt cpt ;`
			`if check_proof_of_work pk nonce target then`
			`nonce`
			`else`
Crypto: drop libsodium We now use simpler OCaml bindings much easier to review. 2018-02-04 21:39:34 +04:00			`loop (Nonce.increment nonce) (cpt + 1) in`
Shell: animated generation of `P2p.Identity` 2017-01-23 14:09:48 +04:00			`loop (random_nonce ()) 0`
proof of work start 2016-11-09 06:18:09 +04:00
Crypto: replace ocaml-tweetnacl with ocaml-hacl 2018-04-06 01:22:30 +04:00			`let public_key_to_bigarray pk =`
			`let buf = MBytes.create Box.pkbytes in`
			`Box.blit_to_bytes pk buf ;`
			`buf`

			`let public_key_of_bigarray buf =`
			`let pk = MBytes.copy buf in`
			`Box.unsafe_pk_of_bytes pk`

Client refactor: simpler dependencies in `tezos-crypto` 2018-02-08 13:51:01 +04:00			`let public_key_size = Box.pkbytes`

Crypto: replace ocaml-tweetnacl with ocaml-hacl 2018-04-06 01:22:30 +04:00			`let secret_key_to_bigarray sk =`
			`let buf = MBytes.create Box.skbytes in`
			`Box.blit_to_bytes sk buf ;`
			`buf`

			`let secret_key_of_bigarray buf =`
			`let sk = MBytes.copy buf in`
			`Box.unsafe_sk_of_bytes sk`

Client refactor: simpler dependencies in `tezos-crypto` 2018-02-08 13:51:01 +04:00			`let secret_key_size = Box.skbytes`

			`let nonce_size = Nonce.bytes`
Shell: move back hash encoders from `lib_base` to `lib_crypto` 2018-04-03 13:44:11 +04:00
			`let public_key_encoding =`
			`let open Data_encoding in`
			`conv`
			`public_key_to_bigarray`
			`public_key_of_bigarray`
			`(Fixed.bytes public_key_size)`

			`let secret_key_encoding =`
			`let open Data_encoding in`
			`conv`
			`secret_key_to_bigarray`
			`secret_key_of_bigarray`
			`(Fixed.bytes secret_key_size)`

			`let nonce_encoding =`
Crypto: replace ocaml-tweetnacl with ocaml-hacl 2018-04-06 01:22:30 +04:00			`Data_encoding.Fixed.bytes nonce_size`