Digestif is a toolbox which implements hashes:
Digestif uses a trick about linking and let the end-user to choose which implementation he wants to use. We provide 2 implementations:
Both are well-tested. However, OCaml implementation is slower than the C implementation.
Note: The linking trick requires
digestif.ocaml to be the
first of your dependencies.
Contact: Romain Calascibetta
<romain.calascibet [email protected]>
The library is available on OPAM. You can install it via:
$ opam install digestif
This is a simple program which implements
$ cat >sha1sum.ml <<EOF let sum ic = let tmp = Bytes.create 0x1000 in let rec go ctx = match input ic tmp 0 0x1000 with | 0 -> Digestif.SHA1.get ctx | len -> let ctx = Digestif.SHA1.feed_bytes ctx ~off:0 ~len tmp in go ctx | exception End_of_file -> Digestif.SHA1.get ctx in go Digestif.SHA1.empty let () = match Sys.argv with | [| _; filename; |] when Sys.file_exists filename -> let ic = open_in filename in let hash = sum ic in close_in ic ; print_endline (Digestif.SHA1.to_hex hash) | [| _ |] -> let hash = sum stdin in print_endline (Digestif.SHA1.to_hex hash) | _ -> Format.eprintf "%s [<filename>]\n%!" Sys.argv.(0) EOF $ cat >dune <<EOF (executable (name sha1sum) (libraries digestif)) EOF $ dune exec ./sha1sum.exe -- sha1sum.ml fe6e6639a817c23857b507e2d833ec776f23f327
For each hash, we implement the same API which is referentially transparent.
Then, on the top of these, we reflect functions (like
GADT - however, conversion from GADT to hash type is not possible (but you can
destruct GADT with
We deciced to protect users to timing-attack. In this case,
eqaf package) compares hashes in
However, we provide
unsafe_compare function too which is not a constant
time function. In some contexts, like
ocaml-git, we don't care about timing
attack and we use
unsafe_compare - then, we need to make a wrap where we
compare to be able to use it in some functors like
It's little annoying to do that but it forces the user to get the right question about security issues. So, please, don't ask to rename this function.
Of course, this package is available to be used on MirageOS (both
implementations). User is able to compile
and this package is platform agnostic.
duneto build the project
If you want to compile the test program, you need:
All credits appear in the begin of files and this library is motivated by two reasons:
nocryptoif you don't use the encryption (and common) part