Skip to content

v0.9.0

Choose a tag to compare

View all tags
@hannesm hannesm released this 31 Mar 11:00
· 284 commits to main since this release
v0.9.0
3013c52
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

CHANGES:

  • Elliptic curve support in the new package mirage-crypto-ec

    The arithmetic code is generated by
    fiat-crypto, a development in Coq
    which includes proofs of constant time behaviour. The generation can be
    reproduced (see ec/native/GNUmakefile).

    The group operation implementations are taken from BoringSSL. The high-level
    mechanisms (signature DSA and key exchange ECDH) are implemented in OCaml.
    The ECDSA implementation (as our DSA one) uses a deterministic k (RFC 6979).

    The NIST curves P224 (SECP224R1), P256 (SECP256R1), P384 (SECP384R1), and
    P521 (SECP521R1) are supported (ECDH and ECDSA), in addition to Curve25519
    (X25519 and Ed25519).

    Performance of X25519 has been measured and is roughly the same as
    the hacl_x25519 and also the hacl opam package (see #107 for numbers).

    Tests vectors are from RFCs and wycheproof.

    Import mirage/fiat repository (@pascutto @emillon @NathanReb @hannesm #101)
    Check bounds of message (reported by @greg42, fixed by @hannesm #108)
    Remove blinding, since constant time arithmetics is used (@hannesm #106)
    Curve 25519 (X25519 & Ed25519) support (@hannesm #107 imported from BoringSSL)

    Partially reviewed by @JasonGross @avsm @dinosaure
    Partially sponsored by Nitrokey GmbH

Assets 3
Loading