[new release] mirage-crypto (9 packages) (1.0.0)

[hannesm]

Simple symmetric cryptography for the modern age

• Project page: https://github.com/mirage/mirage-crypto
• Documentation: https://mirage.github.io/mirage-crypto/doc

CHANGES:

Breaking changes

• mirage-crypto: Poly1305 API now uses string (Chacha20-Poly1305: use string instead of cstruct mirage/mirage-crypto#203 @hannesm)
• mirage-crypto: Poly1305 no longer has type alias "type mac = string"
  (minor updates mirage/mirage-crypto#232 @hannesm)
• mirage-crypto: the API uses string instead of cstruct (remove cstruct from mirage-crypto mirage/mirage-crypto#214 @reynir @hannesm)
• mirage-crypto: Hash module has been removed. Use digestif if you need hash
  functions (remove Hash mirage/mirage-crypto#213 @hannesm)
• mirage-crypto: the Cipher_block and Cipher_stream modules have been removed,
  its contents is inlined:
  Mirage_crypto.Cipher_block.S -> Mirage_crypto.Block
  Mirage_crypto.Cipher_stream.S -> Mirage_crypto.Stream
  Mirage_crypto.Cipher_block.AES.CTR -> Mirage_crypto.AES.CTR
  (mirage-crypto: skip Cipher_block / Cipher_stream module indirection mirage/mirage-crypto#225 @hannesm, suggested in Revise API (remove intermediate modules) mirage/mirage-crypto#224 by @reynir)
• mirage-crypto-pk: s-expression conversions for private and public keys (Dh,
  Dsa, Rsa) have been removed. You can use PKCS8 for encoding and decoding
  X509.{Private,Public}_key.{en,de}code_{der,pem} (mirage-crypto-pk: remove s-expression converters and sexplib0 dependency mirage/mirage-crypto#208 @hannesm)
• mirage-crypto-pk: in the API, Cstruct.t is no longer present. Instead,
  string is used (mirage-crypto-pk: revise API to not use Cstruct.t mirage/mirage-crypto#211 @reynir @hannesm)
• mirage-crypto-rng: the API uses string instead of Cstruct.t. A new function
  generate_into : ?g -> bytes -> ?off:int -> int -> unit is provided
  (mirage-crypto-rng: use string instead of cstruct mirage/mirage-crypto#212 @hannesm @reynir)
• mirage-crypto-ec: remove NIST P224 support (mirage-crypto-ec: remove NIST P224 support mirage/mirage-crypto#209 @hannesm @Firobe)
• mirage-crypto: in Uncommon.xor_into the arguments ~src_off and ~dst_off are
  required now (minor updates mirage/mirage-crypto#232 @hannesm), renamed to unsafe_xor_into
  (98f01b14f5ebf98ba0e7e9c2ba97ec518f90fddc)
• mirage-crypto-pk, mirage-crypto-rng: remove type alias "type bits = int"
  (mirage-crypto-pk, mirage-crypto-rng: remove useless type alias "type bits = int" mirage/mirage-crypto#236 @hannesm)

Bugfixes

• mirage-crypto (32 bit systems): CCM with long adata (Add 32 bit ccm test case mirage/mirage-crypto#207 @reynir)
• mirage-crypto-ec: fix K_gen for bitlen mod 8 != 0 (reported in EC P521 tests from RFC 6979 are not passing mirage/mirage-crypto#105 that
  P521 test vectors don't pass, re-reported P-521 sign not constant-time mirage/mirage-crypto#228, fixed [ec] Handle K_gen correctly for bitlen mod 8 <> 0 mirage/mirage-crypto#230 @Firobe)
• mirage-crypto-ec: zero out bytes allocated for Field_element.zero (reported
  String mirleft/ocaml-x509#167, fixed Set a new bytes used for elliptic curves computations to '\000' mirage/mirage-crypto#226 @dinosaure)

Data race free

• mirage-crypto (3DES): avoid global state in key derivation (mirage-crypto: revise DES to avoid global state in key derivation / key usage mirage/mirage-crypto#223 @hannesm)
• mirage-crypto-rng: use atomic instead of reference to be domain-safe (Use an atomic instead of a reference to be domain-safe mirage/mirage-crypto#221
  @dinosaure @reynir @hannesm)
• mirage-crypto, mirage-crypto-rng, mirage-crypto-pk, mirage-crypto-ec:
  avoid global buffers, use freshly allocated strings/bytes instead, avoids
  data races (Fix some data-races into mirage-crypto mirage/mirage-crypto#186 avoid global buffers mirage/mirage-crypto#219 @dinosaure @reynir @hannesm)

Other changes

• mirage-crypto: add {de,en}crypt_into functions (and unsafe variants) to allow
  less buffer allocations (provide ciphers with {de,en}crypt_into functionality mirage/mirage-crypto#231 @hannesm)
• mirage-crypto-rng-miou: new package which adds rng support with miou
  (Add an implementation of mirage-crypto-rng-miou to initialize the RNG with Miou mirage/mirage-crypto#227 @dinosaure)
• PERFORMANCE mirage-crypto: ChaCha20/Poly1305 use string instead of Cstruct.t,
  ChaCha20 interface unchanged, performance improvement roughly 2x
  (Chacha20-Poly1305: use string instead of cstruct mirage/mirage-crypto#203 @hannesm @reynir)
• mirage-crypto-ec, mirage-crypto-pk, mirage-crypto-rng: use digestif for
  hashes (mirage-crypto-rng: use string instead of cstruct mirage/mirage-crypto#212 use digestif 1.2.0 API mirage/mirage-crypto#215 @reynir @hannesm)
• mirage-crypto-rng: use a set for entropy sources instead of a list
  (use a set for entropy sources mirage/mirage-crypto#218 @hannesm)
• mirage-crypto-rng-mirage: provide a module type S (for use instead of
  mirage-random in mirage) (mirage-crypto-rng-mirage: provide a module type S (to overcome the mirage-random opam package) mirage/mirage-crypto#234 @hannesm)

[hannesm]

This is a major release, breaking API changes (see #26045 for already restricted upper bounds). Subsequently we'll release reverse dependencies that are compatible with mirage-crypto 1.0.0. It is a big milestone that we'll announce soon [tm]. :)

After all, there's no longer a dependency onto cstruct.

[hannesm]

Please note that arm64 test failures are fine for now (see mirage/mirage-crypto#216 for further details, maybe someone even has an idea for what to do on arm64 platforms).

[mseri]

Thanks