From 51fa9e81ac05c7ba86c338e24dcb6a20c2328b18 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marco=20Aur=C3=A9lio=20da=20Silva?= Date: Sun, 25 Aug 2019 20:54:41 -0300 Subject: [PATCH 1/5] chore: :gear: adding benchmarks to detect and prove possible side-channel vulnerabilities by the means of timing attacks MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Marco Aurélio da Silva --- Makefile | 11 +++++++- README.md | 54 ++++++++++++++++++++++++++++++++++++++ docs/dune | 2 +- lib/constants.ml | 10 +++++++ lib/constants.mli | 2 ++ lib/hardening.ml | 4 ++- test/bench/dune | 7 +++++ test/bench/timing.expected | 11 ++++++++ test/bench/timing.ml | 29 ++++++++++++++++++++ 9 files changed, 127 insertions(+), 3 deletions(-) create mode 100644 lib/constants.ml create mode 100644 lib/constants.mli create mode 100644 test/bench/dune create mode 100644 test/bench/timing.expected create mode 100644 test/bench/timing.ml diff --git a/Makefile b/Makefile index 7c01a6a..ffa9059 100644 --- a/Makefile +++ b/Makefile @@ -8,7 +8,7 @@ default: build test: build @ opam lint - @ dune build @test/spec/runtest -f --no-buffer -j 1 + @ dune build @test/spec/runtest -f --no-buffer build: @ dune build -j 1 @@ -23,6 +23,8 @@ clear: @ rm -rfv bisect*.out @ dune clean +clean: clear + coverage: clear @ mkdir -p docs/ @ rm -rf docs/apicov @@ -117,6 +119,13 @@ local-site-setup: local-site-start: @ cd docs && bundle exec jekyll serve && cd .. +bench: clean build + @ NOCOINER_KDF_COST=2 \ + NOCOINER_KDF_WORKERS=1 \ + dune build @test/bench/runtest -f --no-buffer --auto-promote \ + --diff-command="git diff --unified=10 --break-rewrites --no-index --exit-code --histogram --word-diff=none --color --no-prefix" || echo \ + "\n\n=== Differences detected! ===\n\n" + # to run inside docker alpine context binary: clear @ dune build --profile deploy diff --git a/README.md b/README.md index 8c012b0..afa466d 100644 --- a/README.md +++ b/README.md @@ -191,6 +191,60 @@ The complete API reference is available [here][7]. Coverage reports are generated too, please refer to the respective [page][8]. +### Cryptoanalysis + +We have performed some benchmarks on valid inputs and on invalid inputs as well. +This is just to discover and prove exploitable loopholes. The kind of side-channel +vulnerabilities shown on version `1.0.0` are related to _timing attacks_. The used +_Key Derivation Function_ on both `commit` and `reveal` phases conceals a lot the +response time if this library is used as an _oracle_ (that is, an external server). +On the other hand, this algorithm is open and then the attacker can pre-compute the +derivation keys, and just perform her own cryptoanalysis on the next steps of the +algorithm. + +Assuming that our _Nocoiner_ algorithm is just a black-box (oracle) where all the +steps are called "atomically", there are still some exploitable information if the +attacker gains access on the host machine for the oracle service. The benchmarks +provided with the `core_bench` library only work well for functions halting under +milliseconds, the KDF imposes a computation around few seconds. Due that issue, we +execute the benchmarks with a lower KDF cost (just to cover the possibility of +pre-computed derived keys, and also to remove timing noise imposed by a KDF with +stronger cycles). To run the benchmarks, just type `$ make bench` on this project's +root directory. + +We will only take the relevant information (with major differences). The version +`1.0.0` is vulnerable during the opening phase, mostly 'cause: + +- We compare the tags for the authenticated ciphertext in non-constant / + non-linear time. This is the most famous kind of exploitable timing attack. +- We don't decypher the AES ciphertext even if the opening key is wrong (don't + pass the MAC tag test). The result plaintext will be ignored 'cause the + authentication failed, but decryption must be performed to not leak side + information for the attacker. + +The benchmarks results stored on this repository were performed on an Intel(R) +Dual-Core Celeron(R) of 1GHz each (both vulnerable to Meltdown, Spectre and MDS +CPU bugs, and possibly some NSA hardware backdoors too, you know). The first test +is the one with valid inputs, and the rest are evaluated with invalid inputs: + +

+ +| Name | Time/Run | Cycls/Run | mWd/Run | mWd Overhd | mjWd/Run | mjWd Overhd | mGC/Run | Percentage | +|:-------------------|---------:|----------:|--------:|-----------:|---------:|------------:|---------:|-----------:| +| bound opening | 830.05us | 863.66kc | 19.77kw | 24.18w | 17.87w | 116.97w | 70.61e-3 | 100.00% | +| unbound commitment | 809.76us | 842.54kc | 19.56kw | 28.59w | 20.29w | -219.19w | 69.79e-3 | 97.56% | +| unbound opening | 807.82us | 840.52kc | 19.56kw | 28.59w | 20.29w | -219.19w | 69.79e-3 | 97.32% | + +
+This table shows informations about the GC, minor heap & major heap. All cases +were executed with major heap compaction disabled to not mask execution time. +
+ +

+ +TODO. + + ### Disclaimer This library was not fully tested against side-channel attacks. Keep in mind diff --git a/docs/dune b/docs/dune index faf72bb..74ac563 100644 --- a/docs/dune +++ b/docs/dune @@ -1 +1 @@ -(dirs :standard \ vendor) +(dirs :standard \ vendor _site .bundle) diff --git a/lib/constants.ml b/lib/constants.ml new file mode 100644 index 0000000..c7208c8 --- /dev/null +++ b/lib/constants.ml @@ -0,0 +1,10 @@ +module Sys = Core.Sys +module Option = Core.Option +module Int = Core.Int + +let get variable default = + let optional = Sys.getenv variable in + Option.value optional ~default + +let _KDF_COST = get "NOCOINER_KDF_COST" "8192" |> Int.of_string +let _KDF_WORKERS = get "NOCOINER_KDF_WORKERS" "2" |> Int.of_string diff --git a/lib/constants.mli b/lib/constants.mli new file mode 100644 index 0000000..4af406f --- /dev/null +++ b/lib/constants.mli @@ -0,0 +1,2 @@ +val _KDF_COST : int +val _KDF_WORKERS : int diff --git a/lib/hardening.ml b/lib/hardening.ml index d3da5b6..138d328 100644 --- a/lib/hardening.ml +++ b/lib/hardening.ml @@ -1,2 +1,4 @@ +open Constants + let kdf ~size ~salt password = - Scrypt_kdf.scrypt_kdf ~password ~salt ~dk_len:size ~r:8 ~p:2 ~n:8192 + Scrypt_kdf.scrypt_kdf ~password ~salt ~dk_len:size ~r:8 ~p:_KDF_WORKERS ~n:_KDF_COST diff --git a/test/bench/dune b/test/bench/dune new file mode 100644 index 0000000..dbca964 --- /dev/null +++ b/test/bench/dune @@ -0,0 +1,7 @@ +(test + (name timing) + (modules timing) + (action (run %{test} time cycles alloc gc percentage speedup samples + -all-values -ascii -fork -no-compactions -overheads -quota 15 -stabilize-gc + -width 300 -v -display tall)) + (libraries core_bench nocoiner)) diff --git a/test/bench/timing.expected b/test/bench/timing.expected new file mode 100644 index 0000000..3f50966 --- /dev/null +++ b/test/bench/timing.expected @@ -0,0 +1,11 @@ +Estimated testing time 45s (3 benchmarks x 15s). Change using -quota SECS. +bound opening: Total time taken 15.1483s (158 samples, max runs 158). +unbound commitment: Total time taken 15.069s (159 samples, max runs 159). +unbound opening: Total time taken 15.0492s (159 samples, max runs 159). + + Name Runs @ Samples Time/Run Cycls/Run mWd/Run mWd Overhd mjWd/Run mjWd Overhd Prom/Run Prom Overhd mGC/Run mjGC/Run Comp/Run Percentage Speedup + -------------------- ---------------- ---------- ----------- --------- ------------ ---------- ------------- ---------- ------------- ---------- ---------- ---------- ------------ --------- + bound opening 158 @ 158 830.05us 863.66kc 19.77kw 24.18w 17.87w 116.97w 17.87w 116.97w 70.61e-3 0.00e-9 0.00e-9 100.00% 1.03 + unbound commitment 159 @ 159 809.76us 842.54kc 19.56kw 28.59w 20.29w -219.19w 20.29w -219.19w 69.79e-3 0.00e-9 0.00e-9 97.56% 1.00 + unbound opening 159 @ 159 807.82us 840.52kc 19.56kw 28.59w 20.29w -219.19w 20.29w -219.19w 69.79e-3 0.00e-9 0.00e-9 97.32% 1.00 + diff --git a/test/bench/timing.ml b/test/bench/timing.ml new file mode 100644 index 0000000..62443b7 --- /dev/null +++ b/test/bench/timing.ml @@ -0,0 +1,29 @@ +open Core_bench.Bench +module Command = Core.Command + +let reveals c o = + try ignore @@ Nocoiner.reveal ~commitment:c ~opening:o; true + with Nocoiner.Reasons.BindingFailure -> false + +let _RIGHT_SECRET = "P = NP would prove God's existence." +let _WRONG_SECRET = "The Quantum Nature is just Godel..." + +let (_RIGHT_C, _RIGHT_O) = Nocoiner.commit _RIGHT_SECRET +let (_WRONG_C, _WRONG_O) = Nocoiner.commit _WRONG_SECRET + +let __test_case_01 ( ) = assert (reveals _RIGHT_C _RIGHT_O) +let __test_case_02 ( ) = assert (not (reveals _WRONG_C _RIGHT_O)) +let __test_case_03 ( ) = assert (not (reveals _RIGHT_C _WRONG_O)) + +let _TEST_NAME_01 = "bound opening" +let _TEST_NAME_02 = "unbound commitment" +let _TEST_NAME_03 = "unbound opening" + +let __test_01 = Test.create ~name:_TEST_NAME_01 __test_case_01 +let __test_02 = Test.create ~name:_TEST_NAME_02 __test_case_02 +let __test_03 = Test.create ~name:_TEST_NAME_03 __test_case_03 + +let suite = [ __test_01; __test_02; __test_03 ] + +let _ = Command.run @@ make_command suite + From 62292ebadb8df11f6a903bf76c4fcb45b12d0b1f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marco=20Aur=C3=A9lio=20da=20Silva?= Date: Sat, 7 Sep 2019 18:32:09 -0300 Subject: [PATCH 2/5] security: :lock: mitigations for timing-attacks on nocoiner's decryption/opening phase MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Marco Aurélio da Silva --- README.md | 12 ++++++++++-- VERSION | 2 +- dune-project | 2 +- lib/dune | 3 ++- lib/encryption.ml | 24 +++++++++++++++++++----- lib/helpers.ml | 5 ++++- nocoiner.opam | 3 ++- test/bench/dune | 13 +++++++------ test/bench/timing.expected | 12 ++++++------ test/bench/timing.ml | 28 ++++++++++++++++++++-------- 10 files changed, 72 insertions(+), 32 deletions(-) diff --git a/README.md b/README.md index afa466d..993c2e8 100644 --- a/README.md +++ b/README.md @@ -242,7 +242,14 @@ were executed with major heap compaction disabled to not mask execution time.

-TODO. +As you can see, there's much more computations performed on valid/bound inputs than on unbound inputs. Inputs +are bound (the opening key and the commitment box) if they were previously computed during commitment phase. +Otherwise, the inputs are unbound _even if they were computed over the same secret during commitment_. This +is a huge important thing when we want a group of commitments (performed by many parties) to be independent +of each other. The security patch introduced on version `1.0.1` uses the [eqaf][10] library to compare in +constant time the MAC tags, and we also force decryption step even if a MAC tag mismatch occurs (obviously +the decrypted plain-text is ignored in this case and the whole opening phase fails). + ### Disclaimer @@ -271,4 +278,5 @@ process context). [6]: https://en.wikipedia.org/wiki/Authenticated_encryption [7]: https://marcoonroad.dev/nocoiner/apiref/nocoiner/Nocoiner/index.html [8]: https://marcoonroad.dev/nocoiner/apicov/index.html - [9]: https://github.com/marcoonroad/nocoiner/issues/1 \ No newline at end of file + [9]: https://github.com/marcoonroad/nocoiner/issues/1 + [10]: https://github.com/mirage/eqaf diff --git a/VERSION b/VERSION index afaf360..7f20734 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.0.0 \ No newline at end of file +1.0.1 \ No newline at end of file diff --git a/dune-project b/dune-project index e1dabc2..b46afdc 100644 --- a/dune-project +++ b/dune-project @@ -1,4 +1,4 @@ (lang dune 1.9) (name nocoiner) -(version 1.0.0) +(version 1.0.1) (using fmt 1.1) diff --git a/lib/dune b/lib/dune index 236493f..9959464 100644 --- a/lib/dune +++ b/lib/dune @@ -2,7 +2,8 @@ (name nocoiner) (public_name nocoiner) (wrapped true) - (libraries core nocrypto.unix nocrypto digestif digestif.c scrypt-kdf) + (libraries core nocrypto.unix nocrypto digestif digestif.c eqaf eqaf.cstruct + scrypt-kdf) (synopsis "The Nocoiner module for nocoiner library.") (preprocess (pps bisect_ppx -conditional -no-comment-parsing))) diff --git a/lib/encryption.ml b/lib/encryption.ml index d15f432..3d840fd 100644 --- a/lib/encryption.ml +++ b/lib/encryption.ml @@ -29,14 +29,28 @@ let encrypt ~key ~iv ~metadata ~message:msg = (ciphertext, tag) +exception DecryptedPlaintext of Cstruct.t + let decrypt ~reason ~key ~iv ~metadata ~cipher ~tag = let aes_key, mac_key = __kdf key in let secret = hash mac_key in let payload = Cstruct.concat [ metadata; iv; cipher ] in let tag' = mac ~key:secret payload in - if Cstruct.equal tag tag' - then - let aes_key' = AES.of_secret aes_key in - let plaintext = AES.decrypt ~iv ~key:aes_key' cipher in + (* we decypher before the tag verification to avoid + exploitable side-channels vulnerabilities such as + timing attacks. we also check the tags in linear + time regarding the tag size in bytes *) + let aes_key' = AES.of_secret aes_key in + let plaintext = AES.decrypt ~iv ~key:aes_key' cipher in + let decrypted = Cstruct.of_string @@ Helpers.unpad @@ Cstruct.to_string plaintext - else raise reason + in + (* forces both bound and unbound flows to pass through the exception triggering + pipeline. this is just to approximate both execution timings to reduce the + vector attacks for side-channel attacks *) + try + if Eqaf_cstruct.equal tag tag' + then raise (DecryptedPlaintext decrypted) + else raise reason + with + | DecryptedPlaintext result -> result diff --git a/lib/helpers.ml b/lib/helpers.ml index 5ec60ac..a2a1e64 100644 --- a/lib/helpers.ml +++ b/lib/helpers.ml @@ -14,4 +14,7 @@ let pad ~basis msg = let __nonzero char = char != __nullchar -let unpad msg = Encoding.decode @@ String.filter ~f:__nonzero msg +(* ignores input if it can't be base64-decoded after dropping null-padding data *) +let unpad msg = + let filtered = String.filter ~f:__nonzero msg in + try Encoding.decode @@ filtered with Failure _ -> msg diff --git a/nocoiner.opam b/nocoiner.opam index b1f7422..2246c8c 100644 --- a/nocoiner.opam +++ b/nocoiner.opam @@ -1,6 +1,6 @@ opam-version: "2.0" name: "nocoiner" -version: "1.0.0" +version: "1.0.1" synopsis: "A Commitment Scheme library for Coin Flipping/Tossing algorithms and sort" description: """ This project implements Commitment Schemes using the @@ -31,5 +31,6 @@ depends: [ "scrypt-kdf" {>= "1.0.0"} "digestif" {>= "0.7.0"} "core" {>= "v0.9.1"} + "eqaf" {>= "0.5"} "bisect_ppx" {>= "1.4.1"} ] diff --git a/test/bench/dune b/test/bench/dune index dbca964..0e40916 100644 --- a/test/bench/dune +++ b/test/bench/dune @@ -1,7 +1,8 @@ (test - (name timing) - (modules timing) - (action (run %{test} time cycles alloc gc percentage speedup samples - -all-values -ascii -fork -no-compactions -overheads -quota 15 -stabilize-gc - -width 300 -v -display tall)) - (libraries core_bench nocoiner)) + (name timing) + (modules timing) + (action + (run %{test} time cycles alloc gc percentage speedup samples -all-values + -ascii -fork -no-compactions -overheads -quota 15 -stabilize-gc -width + 300 -v -display tall)) + (libraries core_bench nocoiner)) diff --git a/test/bench/timing.expected b/test/bench/timing.expected index 3f50966..623fa41 100644 --- a/test/bench/timing.expected +++ b/test/bench/timing.expected @@ -1,11 +1,11 @@ Estimated testing time 45s (3 benchmarks x 15s). Change using -quota SECS. -bound opening: Total time taken 15.1483s (158 samples, max runs 158). -unbound commitment: Total time taken 15.069s (159 samples, max runs 159). -unbound opening: Total time taken 15.0492s (159 samples, max runs 159). +bound opening: Total time taken 15.14s (156 samples, max runs 156). +unbound commitment: Total time taken 15.1478s (158 samples, max runs 158). +unbound opening: Total time taken 15.0146s (157 samples, max runs 157). Name Runs @ Samples Time/Run Cycls/Run mWd/Run mWd Overhd mjWd/Run mjWd Overhd Prom/Run Prom Overhd mGC/Run mjGC/Run Comp/Run Percentage Speedup -------------------- ---------------- ---------- ----------- --------- ------------ ---------- ------------- ---------- ------------- ---------- ---------- ---------- ------------ --------- - bound opening 158 @ 158 830.05us 863.66kc 19.77kw 24.18w 17.87w 116.97w 17.87w 116.97w 70.61e-3 0.00e-9 0.00e-9 100.00% 1.03 - unbound commitment 159 @ 159 809.76us 842.54kc 19.56kw 28.59w 20.29w -219.19w 20.29w -219.19w 69.79e-3 0.00e-9 0.00e-9 97.56% 1.00 - unbound opening 159 @ 159 807.82us 840.52kc 19.56kw 28.59w 20.29w -219.19w 20.29w -219.19w 69.79e-3 0.00e-9 0.00e-9 97.32% 1.00 + bound opening 156 @ 156 841.47us 874.71kc 19.78kw 25.82w 18.59w 35.39w 18.59w 35.39w 70.62e-3 0.00e-9 0.00e-9 100.00% 1.02 + unbound commitment 158 @ 158 823.70us 856.24kc 19.69kw 23.02w 22.75w -132.15w 22.75w -132.15w 70.32e-3 0.00e-9 0.00e-9 97.89% 1.00 + unbound opening 157 @ 157 826.47us 859.12kc 19.69kw 23.02w 22.81w -135.02w 22.81w -135.02w 70.33e-3 0.00e-9 0.00e-9 98.22% 1.00 diff --git a/test/bench/timing.ml b/test/bench/timing.ml index 62443b7..43c42fa 100644 --- a/test/bench/timing.ml +++ b/test/bench/timing.ml @@ -2,28 +2,40 @@ open Core_bench.Bench module Command = Core.Command let reveals c o = - try ignore @@ Nocoiner.reveal ~commitment:c ~opening:o; true - with Nocoiner.Reasons.BindingFailure -> false + try + ignore @@ Nocoiner.reveal ~commitment:c ~opening:o ; + true + with + | Nocoiner.Reasons.BindingFailure -> + false + let _RIGHT_SECRET = "P = NP would prove God's existence." + let _WRONG_SECRET = "The Quantum Nature is just Godel..." -let (_RIGHT_C, _RIGHT_O) = Nocoiner.commit _RIGHT_SECRET -let (_WRONG_C, _WRONG_O) = Nocoiner.commit _WRONG_SECRET +let _RIGHT_C, _RIGHT_O = Nocoiner.commit _RIGHT_SECRET + +let _WRONG_C, _WRONG_O = Nocoiner.commit _WRONG_SECRET + +let __test_case_01 () = assert (reveals _RIGHT_C _RIGHT_O) + +let __test_case_02 () = assert (not (reveals _WRONG_C _RIGHT_O)) -let __test_case_01 ( ) = assert (reveals _RIGHT_C _RIGHT_O) -let __test_case_02 ( ) = assert (not (reveals _WRONG_C _RIGHT_O)) -let __test_case_03 ( ) = assert (not (reveals _RIGHT_C _WRONG_O)) +let __test_case_03 () = assert (not (reveals _RIGHT_C _WRONG_O)) let _TEST_NAME_01 = "bound opening" + let _TEST_NAME_02 = "unbound commitment" + let _TEST_NAME_03 = "unbound opening" let __test_01 = Test.create ~name:_TEST_NAME_01 __test_case_01 + let __test_02 = Test.create ~name:_TEST_NAME_02 __test_case_02 + let __test_03 = Test.create ~name:_TEST_NAME_03 __test_case_03 let suite = [ __test_01; __test_02; __test_03 ] let _ = Command.run @@ make_command suite - From 81cff71fade77d678c860c63037e87688485ad5b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marco=20Aur=C3=A9lio=20da=20Silva?= Date: Sat, 7 Sep 2019 19:03:59 -0300 Subject: [PATCH 3/5] fix: :beetle: missed core_bench dependence on opam file, fixes broken CI build MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Marco Aurélio da Silva --- Makefile | 3 +++ nocoiner.opam | 1 + 2 files changed, 4 insertions(+) diff --git a/Makefile b/Makefile index ffa9059..19698e3 100644 --- a/Makefile +++ b/Makefile @@ -89,6 +89,7 @@ dev-deps: merlin \ bisect_ppx \ utop \ + core_bench \ --yes @ opam update --yes @ opam upgrade \ @@ -100,6 +101,7 @@ dev-deps: merlin \ bisect_ppx \ utop \ + core_bench \ --yes lint-format: @@ -120,6 +122,7 @@ local-site-start: @ cd docs && bundle exec jekyll serve && cd .. bench: clean build + @ opam install core_bench --yes @ NOCOINER_KDF_COST=2 \ NOCOINER_KDF_WORKERS=1 \ dune build @test/bench/runtest -f --no-buffer --auto-promote \ diff --git a/nocoiner.opam b/nocoiner.opam index 2246c8c..af75401 100644 --- a/nocoiner.opam +++ b/nocoiner.opam @@ -27,6 +27,7 @@ depends: [ "dune" {>= "1.9"} "cmdliner" {>= "1.0.0"} "alcotest" {with-test} + "core_bench" {with-test} "nocrypto" {>= "0.5.4-1"} "scrypt-kdf" {>= "1.0.0"} "digestif" {>= "0.7.0"} From 5ed9edcf92c56c421db86ea0746608f4cafbfd14 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marco=20Aur=C3=A9lio=20da=20Silva?= Date: Sat, 7 Sep 2019 19:06:06 -0300 Subject: [PATCH 4/5] style: :art: standard ocamlformat compliant source code, fixes lint-format Makefile step MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Marco Aurélio da Silva --- lib/constants.ml | 2 ++ lib/constants.mli | 1 + lib/encryption.ml | 3 ++- lib/hardening.ml | 8 +++++++- 4 files changed, 12 insertions(+), 2 deletions(-) diff --git a/lib/constants.ml b/lib/constants.ml index c7208c8..6536cfe 100644 --- a/lib/constants.ml +++ b/lib/constants.ml @@ -6,5 +6,7 @@ let get variable default = let optional = Sys.getenv variable in Option.value optional ~default + let _KDF_COST = get "NOCOINER_KDF_COST" "8192" |> Int.of_string + let _KDF_WORKERS = get "NOCOINER_KDF_WORKERS" "2" |> Int.of_string diff --git a/lib/constants.mli b/lib/constants.mli index 4af406f..27a73dc 100644 --- a/lib/constants.mli +++ b/lib/constants.mli @@ -1,2 +1,3 @@ val _KDF_COST : int + val _KDF_WORKERS : int diff --git a/lib/encryption.ml b/lib/encryption.ml index 3d840fd..3838714 100644 --- a/lib/encryption.ml +++ b/lib/encryption.ml @@ -53,4 +53,5 @@ let decrypt ~reason ~key ~iv ~metadata ~cipher ~tag = then raise (DecryptedPlaintext decrypted) else raise reason with - | DecryptedPlaintext result -> result + | DecryptedPlaintext result -> + result diff --git a/lib/hardening.ml b/lib/hardening.ml index 138d328..444142d 100644 --- a/lib/hardening.ml +++ b/lib/hardening.ml @@ -1,4 +1,10 @@ open Constants let kdf ~size ~salt password = - Scrypt_kdf.scrypt_kdf ~password ~salt ~dk_len:size ~r:8 ~p:_KDF_WORKERS ~n:_KDF_COST + Scrypt_kdf.scrypt_kdf + ~password + ~salt + ~dk_len:size + ~r:8 + ~p:_KDF_WORKERS + ~n:_KDF_COST From 19dd264d3f40f22d4bc575eb7812d9b9174fd4b3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marco=20Aur=C3=A9lio=20da=20Silva?= Date: Sun, 8 Sep 2019 00:40:22 -0300 Subject: [PATCH 5/5] fix/chore: :beetle: / :gear: benchmark is now optional and only is performed on OCaml +4.07 during CI build MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Marco Aurélio da Silva --- .travis.yml | 2 +- Makefile | 33 ++++++++++++++++++--------------- nocoiner.opam | 11 +++++------ test/bench/dune | 2 +- test/bench/timing.ml | 1 + test/support/dune | 9 +++++++++ test/support/nocoiner_bench.ml | 7 +++++++ 7 files changed, 42 insertions(+), 23 deletions(-) create mode 100644 test/support/dune create mode 100644 test/support/nocoiner_bench.ml diff --git a/.travis.yml b/.travis.yml index bf19255..10b56b5 100644 --- a/.travis.yml +++ b/.travis.yml @@ -18,7 +18,7 @@ env: - OCAML_VERSION=4.04 POST_INSTALL_HOOK="make report" - OCAML_VERSION=4.05 POST_INSTALL_HOOK="make report" - OCAML_VERSION=4.06 POST_INSTALL_HOOK="make lint-format; make report" - - OCAML_VERSION=4.07 POST_INSTALL_HOOK="make lint-format; make report" + - OCAML_VERSION=4.07 POST_INSTALL_HOOK="make lint-format; make bench; make report" os: - linux # - osx diff --git a/Makefile b/Makefile index 19698e3..53e49a1 100644 --- a/Makefile +++ b/Makefile @@ -73,11 +73,14 @@ docs: build @ mv ./_build/default/_doc/_html/* ./docs/apiref/ pin: - @ opam pin add nocoiner . -n --yes + @ opam pin add nocoiner . -n --yes --working-dir + +unpin: + @ opam pin remove nocoiner --yes deps: - @ opam install . --deps-only --yes - @ opam install alcotest core --yes # force such test dependences + @ opam install . --deps-only --yes --working-dir + @ opam install alcotest --yes # force such test dependences dev-deps: @ opam install \ @@ -91,18 +94,18 @@ dev-deps: utop \ core_bench \ --yes - @ opam update --yes - @ opam upgrade \ - odoc \ - ocveralls \ - alcotest \ - ocp-indent \ - ocamlformat \ - merlin \ - bisect_ppx \ - utop \ - core_bench \ - --yes +# @ opam update --yes +# @ opam upgrade \ +# odoc \ +# ocveralls \ +# alcotest \ +# ocp-indent \ +# ocamlformat \ +# merlin \ +# bisect_ppx \ +# utop \ +# core_bench \ +# --yes lint-format: @ opam install ocamlformat --yes diff --git a/nocoiner.opam b/nocoiner.opam index af75401..e02a873 100644 --- a/nocoiner.opam +++ b/nocoiner.opam @@ -20,18 +20,17 @@ build: [ ["dune" "build" "-p" name "-j" jobs] ] -run-test: ["dune" "runtest" "-p" name "-j" jobs] +run-test: ["dune" "build" "@test/spec/runtest" "-p" name "-j" jobs] depends: [ "ocaml" {>= "4.03.0"} "dune" {>= "1.9"} "cmdliner" {>= "1.0.0"} - "alcotest" {with-test} - "core_bench" {with-test} - "nocrypto" {>= "0.5.4-1"} + "alcotest" {>= "0.8.0" & with-test} + "nocrypto" {>= "0.5.0"} "scrypt-kdf" {>= "1.0.0"} "digestif" {>= "0.7.0"} - "core" {>= "v0.9.1"} + "core" {>= "v0.9.0"} "eqaf" {>= "0.5"} - "bisect_ppx" {>= "1.4.1"} + "bisect_ppx" {>= "1.4.0"} ] diff --git a/test/bench/dune b/test/bench/dune index 0e40916..a6e1aa7 100644 --- a/test/bench/dune +++ b/test/bench/dune @@ -5,4 +5,4 @@ (run %{test} time cycles alloc gc percentage speedup samples -all-values -ascii -fork -no-compactions -overheads -quota 15 -stabilize-gc -width 300 -v -display tall)) - (libraries core_bench nocoiner)) + (libraries nocoiner.bench)) diff --git a/test/bench/timing.ml b/test/bench/timing.ml index 43c42fa..9454e7d 100644 --- a/test/bench/timing.ml +++ b/test/bench/timing.ml @@ -1,3 +1,4 @@ +open Nocoiner_bench open Core_bench.Bench module Command = Core.Command diff --git a/test/support/dune b/test/support/dune new file mode 100644 index 0000000..fcb5be0 --- /dev/null +++ b/test/support/dune @@ -0,0 +1,9 @@ +;; wrapper library just to enable optional core_bench +;; library installation on ocaml versions >= 4.04.1 + +(library + (name nocoiner_bench) + (optional) + (public_name nocoiner.bench) + (modules nocoiner_bench) + (libraries core_bench nocoiner)) diff --git a/test/support/nocoiner_bench.ml b/test/support/nocoiner_bench.ml new file mode 100644 index 0000000..72f8805 --- /dev/null +++ b/test/support/nocoiner_bench.ml @@ -0,0 +1,7 @@ +module Nocoiner = struct + include Nocoiner +end + +module Core_bench = struct + include Core_bench +end