From bf55ca6d7beaa8d4e100ea9536f41764ce68499b Mon Sep 17 00:00:00 2001 From: Hannes Mehnert Date: Sun, 9 Jun 2024 17:48:13 +0200 Subject: [PATCH] Require OCaml 4.13 and remove local overrides --- .github/workflows/test.yml | 2 +- .github/workflows/windows.yml | 2 +- ec/mirage_crypto_ec.ml | 16 ++++++---------- mirage-crypto-ec.opam | 2 +- mirage-crypto-pk.opam | 2 +- mirage-crypto-rng-async.opam | 2 +- mirage-crypto-rng-lwt.opam | 2 +- mirage-crypto-rng-mirage.opam | 2 +- mirage-crypto-rng.opam | 2 +- mirage-crypto.opam | 2 +- pk/rsa.ml | 29 ++++++++++------------------- pk/z_extra.ml | 23 +++++------------------ src/cipher_block.ml | 11 ++--------- src/cipher_stream.ml | 4 ++-- src/uncommon.ml | 4 ---- tests/test_ec_wycheproof.ml | 18 +++++------------- 16 files changed, 39 insertions(+), 84 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index c1a8bb0e..40e40413 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -9,7 +9,7 @@ jobs: strategy: fail-fast: false matrix: - ocaml-version: ["4.14.2", "4.13.1", "4.12.1"] + ocaml-version: ["4.14.2", "4.13.1"] operating-system: [macos-latest, ubuntu-latest] runs-on: ${{ matrix.operating-system }} diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index 4f97944f..ebe5313f 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -9,7 +9,7 @@ jobs: strategy: fail-fast: false matrix: - ocaml-version: ["4.14.2", "4.13.1", "4.12.1"] + ocaml-version: ["4.14.2", "4.13.1"] operating-system: [windows-latest] runs-on: ${{ matrix.operating-system }} diff --git a/ec/mirage_crypto_ec.ml b/ec/mirage_crypto_ec.ml index 887e1913..566532fd 100644 --- a/ec/mirage_crypto_ec.ml +++ b/ec/mirage_crypto_ec.ml @@ -28,14 +28,10 @@ let rev_string buf = exception Message_too_long -let string_get_uint8 buf idx = - (* TODO: use String.get_uint8 when mirage-crypto-ec requires OCaml >= 4.13 *) - Bytes.get_uint8 (Bytes.unsafe_of_string buf) idx - let bit_at buf i = let byte_num = i / 8 in let bit_num = i mod 8 in - let byte = string_get_uint8 buf byte_num in + let byte = String.get_uint8 buf byte_num in byte land (1 lsl bit_num) <> 0 module type Dh = sig @@ -320,7 +316,7 @@ module Make_point (P : Parameters) (F : Foreign) : Point = struct if compress then let out = Bytes.create (P.byte_length + 1) in let ident = - 2 + (string_get_uint8 buf ((P.byte_length * 2) - 1)) land 1 + 2 + (String.get_uint8 buf ((P.byte_length * 2) - 1)) land 1 in Bytes.unsafe_blit_string buf 1 out 1 P.byte_length; Bytes.set_uint8 out 0 ident; @@ -389,9 +385,9 @@ module Make_point (P : Parameters) (F : Foreign) : Point = struct let y' = Fe.from_montgomery y' in let y_struct2 = Fe.to_octets y' in (* number must not be in montgomery domain*) let y_struct2 = rev_string y_struct2 in - let ident = string_get_uint8 pk 0 in + let ident = String.get_uint8 pk 0 in let signY = - 2 + (string_get_uint8 y_struct (P.byte_length - 2)) land 1 + 2 + (String.get_uint8 y_struct (P.byte_length - 2)) land 1 in let res = if Int.equal signY ident then y_struct else y_struct2 in let out = Bytes.create ((P.byte_length * 2) + 1) in @@ -410,7 +406,7 @@ module Make_point (P : Parameters) (F : Foreign) : Point = struct let y = String.sub buf (1 + len) len in validate_finite_point ~x ~y in - match string_get_uint8 buf 0 with + match String.get_uint8 buf 0 with | 0x00 when String.length buf = 1 -> Ok (at_infinity ()) | 0x02 | 0x03 when String.length P.pident > 0 -> @@ -614,7 +610,7 @@ module Make_dsa (Param : Parameters) (F : Fn) (P : Point) (S : Scalar) (H : Dige let first_byte_ok () = match Param.first_byte_bits with | None -> true - | Some m -> (string_get_uint8 msg 0) land (0xFF land (lnot m)) = 0 + | Some m -> (String.get_uint8 msg 0) land (0xFF land (lnot m)) = 0 in if l > bl || (l = bl && not (first_byte_ok ())) then raise Message_too_long diff --git a/mirage-crypto-ec.opam b/mirage-crypto-ec.opam index fb7d8b51..d74cba51 100644 --- a/mirage-crypto-ec.opam +++ b/mirage-crypto-ec.opam @@ -27,7 +27,7 @@ doc: "https://mirage.github.io/mirage-crypto/doc" bug-reports: "https://github.com/mirage/mirage-crypto/issues" depends: [ "dune" {>= "2.7"} - "ocaml" {>= "4.08.0"} + "ocaml" {>= "4.13.0"} "dune-configurator" "eqaf" {>= "0.7"} "mirage-crypto-rng" {=version} diff --git a/mirage-crypto-pk.opam b/mirage-crypto-pk.opam index e3a3b538..f5c6db71 100644 --- a/mirage-crypto-pk.opam +++ b/mirage-crypto-pk.opam @@ -14,7 +14,7 @@ build: [ ["dune" "subst"] {dev} depends: [ "conf-gmp-powm-sec" {build} - "ocaml" {>= "4.08.0"} + "ocaml" {>= "4.13.0"} "dune" {>= "2.7"} "ounit2" {with-test} "randomconv" {with-test & >= "0.2.0"} diff --git a/mirage-crypto-rng-async.opam b/mirage-crypto-rng-async.opam index ac01c562..879b5f4b 100644 --- a/mirage-crypto-rng-async.opam +++ b/mirage-crypto-rng-async.opam @@ -13,7 +13,7 @@ build: [ ["dune" "subst"] {dev} ["dune" "runtest" "-p" name "-j" jobs] {with-test} ] depends: [ - "ocaml" {>= "4.08.0"} + "ocaml" {>= "4.13.0"} "dune" {>= "2.7"} "dune-configurator" {>= "2.0.0"} "async" {>= "v0.14"} diff --git a/mirage-crypto-rng-lwt.opam b/mirage-crypto-rng-lwt.opam index 8705fb94..8ead23f4 100644 --- a/mirage-crypto-rng-lwt.opam +++ b/mirage-crypto-rng-lwt.opam @@ -13,7 +13,7 @@ build: [ ["dune" "subst"] {dev} ["dune" "runtest" "-p" name "-j" jobs] {with-test} ] depends: [ - "ocaml" {>= "4.08.0"} + "ocaml" {>= "4.13.0"} "dune" {>= "2.7"} "duration" "logs" diff --git a/mirage-crypto-rng-mirage.opam b/mirage-crypto-rng-mirage.opam index 5f99c6bf..54032e44 100644 --- a/mirage-crypto-rng-mirage.opam +++ b/mirage-crypto-rng-mirage.opam @@ -13,7 +13,7 @@ build: [ ["dune" "subst"] {dev} ["dune" "runtest" "-p" name "-j" jobs] {with-test} ] depends: [ - "ocaml" {>= "4.08.0"} + "ocaml" {>= "4.13.0"} "dune" {>= "2.7"} "mirage-crypto-rng" {=version} "duration" diff --git a/mirage-crypto-rng.opam b/mirage-crypto-rng.opam index b8f4471d..edbf152f 100644 --- a/mirage-crypto-rng.opam +++ b/mirage-crypto-rng.opam @@ -13,7 +13,7 @@ build: [ ["dune" "subst"] {dev} ["dune" "runtest" "-p" name "-j" jobs] {with-test} ] depends: [ - "ocaml" {>= "4.12.0"} + "ocaml" {>= "4.13.0"} "dune" {>= "2.7"} "dune-configurator" {>= "2.0.0"} "duration" diff --git a/mirage-crypto.opam b/mirage-crypto.opam index 484cda49..7d923e1d 100644 --- a/mirage-crypto.opam +++ b/mirage-crypto.opam @@ -13,7 +13,7 @@ build: [ ["dune" "subst"] {dev} ["dune" "runtest" "-p" name "-j" jobs] {with-test} ] depends: [ - "ocaml" {>= "4.09.0"} + "ocaml" {>= "4.13.0"} "dune" {>= "2.7"} "dune-configurator" {>= "2.0.0"} "ounit2" {with-test} diff --git a/pk/rsa.ml b/pk/rsa.ml index 3e787750..d8530c9f 100644 --- a/pk/rsa.ml +++ b/pk/rsa.ml @@ -197,10 +197,6 @@ let encrypt ~key = reformat (pub_bits key) (encrypt_z ~key) let decrypt ?(crt_hardening=false) ?(mask=`Yes) ~key = reformat (priv_bits key) (decrypt_z ~crt_hardening ~mask ~key) -(* OCaml 4.13 *) -let string_get_uint8 buf idx = - Bytes.get_uint8 (Bytes.unsafe_of_string buf) idx - let bx00, bx01 = "\x00", "\x01" module PKCS1 = struct @@ -214,7 +210,7 @@ module PKCS1 = struct let rec go nonce i j = if i = n then Bytes.unsafe_to_string buf else if j = k then go Mirage_crypto_rng.(generate ?g k) i 0 else - match string_get_uint8 nonce j with + match String.get_uint8 nonce j with | b when f b -> Bytes.set_uint8 buf i b ; go nonce (succ i) (succ j) | _ -> go nonce i (succ j) in go Mirage_crypto_rng.(generate ?g k) 0 0 @@ -226,9 +222,9 @@ module PKCS1 = struct let unpad ~mark ~is_pad buf = let f = not &. is_pad in let i = ct_find_uint8 ~default:2 ~off:2 ~f buf in - let c1 = string_get_uint8 buf 0 = 0x00 - and c2 = string_get_uint8 buf 1 = mark - and c3 = string_get_uint8 buf i = 0x00 + let c1 = String.get_uint8 buf 0 = 0x00 + and c2 = String.get_uint8 buf 1 = mark + and c3 = String.get_uint8 buf i = 0x00 and c4 = min_pad <= i - 2 in if c1 && c2 && c3 && c4 then Some (String.sub buf (i + 1) (String.length buf - i - 1)) @@ -264,11 +260,6 @@ module PKCS1 = struct let decrypt ?(crt_hardening = false) ?mask ~key msg = unpadded unpad_02 (decrypt ~crt_hardening ?mask ~key) (priv_bits key) msg - (* OCaml 4.13 contains starts_with *) - let is_prefix asn msg = - String.length msg >= String.length asn && - String.equal asn (String.sub msg 0 (String.length asn)) - let asn_of_hash, detect = let map = [ `MD5, "\x30\x20\x30\x0c\x06\x08\x2a\x86\x48\x86\xf7\x0d\x02\x05\x05\x00\x04\x10" ; @@ -280,7 +271,7 @@ module PKCS1 = struct ] in (fun h -> List.assoc h map), - (fun buf -> List.find_opt (fun (_, d) -> is_prefix d buf) map) + (fun buf -> List.find_opt (fun (_, d) -> String.starts_with ~prefix:d buf) map) let sign ?(crt_hardening = true) ?mask ~hash ~key msg = let module H = (val Digestif.module_of_hash' (hash :> Digestif.hash')) in @@ -353,8 +344,8 @@ module OAEP (H : Digestif.S) = struct let db = Bytes.unsafe_to_string (MGF.mask ~seed:(Bytes.unsafe_to_string (MGF.mask ~seed:mdb ms)) mdb) in let i = ct_find_uint8 ~default:0 ~off:hlen ~f:((<>) 0x00) db in let c1 = Eqaf.equal (String.sub db 0 hlen) H.(digest_string label |> to_raw_string) - and c2 = string_get_uint8 b0 0 = 0x00 - and c3 = string_get_uint8 db i = 0x01 in + and c2 = String.get_uint8 b0 0 = 0x00 + and c3 = String.get_uint8 db i = 0x01 in if c1 && c2 && c3 then Some (String.sub db (i + 1) (String.length db - i - 1)) else None let encrypt ?g ?label ~key msg = @@ -402,7 +393,7 @@ module PSS (H: Digestif.S) = struct let emsa_pss_verify slen emlen em msg = let mdb = String.sub em 0 (String.length em - hlen - 1) and h = String.sub em (String.length em - hlen - 1) hlen - and bxx = string_get_uint8 em (String.length em - 1) + and bxx = String.get_uint8 em (String.length em - 1) in let db = MGF.mask ~seed:h mdb in Bytes.set_uint8 db 0 (Bytes.get_uint8 db 0 land b0mask emlen) ; @@ -410,9 +401,9 @@ module PSS (H: Digestif.S) = struct let salt = String.sub db (String.length db - slen) slen in let h' = digest ~salt:salt msg and i = ct_find_uint8 ~default:0 ~f:((<>) 0x00) db in - let c1 = lnot (b0mask emlen) land string_get_uint8 mdb 0 = 0x00 + let c1 = lnot (b0mask emlen) land String.get_uint8 mdb 0 = 0x00 and c2 = i = String.length em - hlen - slen - 2 - and c3 = string_get_uint8 db i = 0x01 + and c3 = String.get_uint8 db i = 0x01 and c4 = bxx = 0xbc and c5 = Eqaf.equal h h' in c1 && c2 && c3 && c4 && c5 diff --git a/pk/z_extra.ml b/pk/z_extra.ml index caf896f9..4586ac62 100644 --- a/pk/z_extra.ml +++ b/pk/z_extra.ml @@ -2,37 +2,24 @@ open Mirage_crypto.Uncommon let bit_bound z = Z.size z * 64 -(* revise once OCaml 4.13 is the lower bound *) -let string_get_int64_be buf idx = - Bytes.get_int64_be (Bytes.unsafe_of_string buf) idx - -let string_get_int32_be buf idx = - Bytes.get_int32_be (Bytes.unsafe_of_string buf) idx - -let string_get_uint16_be buf idx = - Bytes.get_uint16_be (Bytes.unsafe_of_string buf) idx - -let string_get_uint8 buf idx = - Bytes.get_uint8 (Bytes.unsafe_of_string buf) idx - let of_octets_be ?bits buf = let rec loop acc i = function | b when b >= 64 -> - let x = string_get_int64_be buf i in + let x = String.get_int64_be buf i in let x = Z.of_int64_unsigned Int64.(shift_right_logical x 8) in loop Z.(x + acc lsl 56) (i + 7) (b - 56) | b when b >= 32 -> - let x = string_get_int32_be buf i in + let x = String.get_int32_be buf i in let x = Z.of_int32_unsigned Int32.(shift_right_logical x 8) in loop Z.(x + acc lsl 24) (i + 3) (b - 24) | b when b >= 16 -> - let x = Z.of_int (string_get_uint16_be buf i) in + let x = Z.of_int (String.get_uint16_be buf i) in loop Z.(x + acc lsl 16) (i + 2) (b - 16) | b when b >= 8 -> - let x = Z.of_int (string_get_uint8 buf i) in + let x = Z.of_int (String.get_uint8 buf i) in loop Z.(x + acc lsl 8 ) (i + 1) (b - 8 ) | b when b > 0 -> - let x = string_get_uint8 buf i and b' = 8 - b in + let x = String.get_uint8 buf i and b' = 8 - b in Z.(of_int x asr b' + acc lsl b) | _ -> acc in loop Z.zero 0 @@ match bits with diff --git a/src/cipher_block.ml b/src/cipher_block.ml index ceabaf32..3dfa1fcb 100644 --- a/src/cipher_block.ml +++ b/src/cipher_block.ml @@ -89,8 +89,7 @@ module Counters = struct module C64be = struct type ctr = int64 let size = 8 - (* Until OCaml 4.13 is lower bound*) - let of_octets cs = Bytes.get_int64_be (Bytes.unsafe_of_string cs) 0 + let of_octets cs = String.get_int64_be cs 0 let add = Int64.add let unsafe_count_into t buf ~blocks = let tmp = Bytes.create 8 in @@ -277,16 +276,10 @@ module Modes = struct Bytes.set_int64_be cs 8 b; Bytes.unsafe_to_string cs - (* OCaml 4.13 *) - let string_get_int64 s idx = - Bytes.get_int64_be (Bytes.unsafe_of_string s) idx - let string_get_int32 s idx = - Bytes.get_int32_be (Bytes.unsafe_of_string s) idx - let counter ~hkey nonce = match String.length nonce with | 0 -> invalid_arg "GCM: invalid nonce of length 0" | 12 -> - let (w1, w2) = string_get_int64 nonce 0, string_get_int32 nonce 8 in + let (w1, w2) = String.get_int64_be nonce 0, String.get_int32_be nonce 8 in (w1, Int64.(shift_left (of_int32 w2) 32 |> add 1L)) | _ -> CTR.ctr_of_octets @@ diff --git a/src/cipher_stream.ml b/src/cipher_stream.ml index f3ee27da..67ee0a63 100644 --- a/src/cipher_stream.ml +++ b/src/cipher_stream.ml @@ -21,7 +21,7 @@ module ARC4 = struct let rec loop j = function | 256 -> () | i -> - let x = string_get_uint8 buf (i mod len) in + let x = String.get_uint8 buf (i mod len) in let si = s.(i) in let j = (j + si + x) land 0xff in let sj = s.(j) in @@ -43,7 +43,7 @@ module ARC4 = struct let sj = s.(j) in s.(i) <- sj ; s.(j) <- si ; let k = s.((si + sj) land 0xff) in - Bytes.set_uint8 res n (k lxor string_get_uint8 buf n); + Bytes.set_uint8 res n (k lxor String.get_uint8 buf n); mix i j (succ n) in let key' = mix i j 0 in diff --git a/src/uncommon.ml b/src/uncommon.ml index 217ee2b6..1388d5c6 100644 --- a/src/uncommon.ml +++ b/src/uncommon.ml @@ -25,7 +25,3 @@ let xor a b = let b' = Bytes.of_string b in xor_into a ~src_off:0 b' ~dst_off:0 (Bytes.length b'); Bytes.unsafe_to_string b' - -(* revise once OCaml 4.13 is the lower bound *) -let string_get_uint8 buf idx = - Bytes.get_uint8 (Bytes.unsafe_of_string buf) idx diff --git a/tests/test_ec_wycheproof.ml b/tests/test_ec_wycheproof.ml index f62b8976..49d43afa 100644 --- a/tests/test_ec_wycheproof.ml +++ b/tests/test_ec_wycheproof.ml @@ -4,14 +4,6 @@ open Mirage_crypto_ec let ( let* ) = Result.bind -let concat_map f l = - (* adapt once OCaml 4.10 is lower bound *) - List.map f l |> List.concat - -let string_get_uint8 d off = - (* adapt once OCaml 4.13 is lower bound *) - Bytes.get_uint8 (Bytes.unsafe_of_string d) off - let hex = Alcotest.testable Wycheproof.pp_hex Wycheproof.equal_hex module Asn = struct @@ -155,8 +147,8 @@ let ecdh_tests file = let groups : ecdh_test_group list = List.map ecdh_test_group_exn data.testGroups in - concat_map (fun (group : ecdh_test_group) -> - concat_map (to_ecdh_tests group.curve) group.tests) + List.concat_map (fun (group : ecdh_test_group) -> + List.concat_map (to_ecdh_tests group.curve) group.tests) groups let make_ecdsa_test curve key hash (tst : dsa_test) = @@ -219,7 +211,7 @@ let ecdsa_tests file = let groups : ecdsa_test_group list = List.map ecdsa_test_group_exn data.testGroups in - concat_map to_ecdsa_tests groups + List.concat_map to_ecdsa_tests groups let to_x25519_test (x : ecdh_test) = let name = Printf.sprintf "%d - %s" x.tcId x.comment @@ -262,7 +254,7 @@ let x25519_tests = let groups : ecdh_test_group list = List.map ecdh_test_group_exn data.testGroups in - concat_map (fun (group : ecdh_test_group) -> + List.concat_map (fun (group : ecdh_test_group) -> List.map to_x25519_test group.tests) groups @@ -297,7 +289,7 @@ let ed25519_tests = let groups : eddsa_test_group list = List.map eddsa_test_group_exn data.testGroups in - concat_map (fun (group : eddsa_test_group) -> + List.concat_map (fun (group : eddsa_test_group) -> let keys = to_ed25519_keys group.key in List.map (to_ed25519_test keys) group.tests) groups