From 51fa9e81ac05c7ba86c338e24dcb6a20c2328b18 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marco=20Aur=C3=A9lio=20da=20Silva?=
Date: Sun, 25 Aug 2019 20:54:41 -0300
Subject: [PATCH 1/5] chore: :gear: adding benchmarks to detect and prove
possible side-channel vulnerabilities by the means of timing attacks
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Marco Aurélio da Silva
---
Makefile | 11 +++++++-
README.md | 54 ++++++++++++++++++++++++++++++++++++++
docs/dune | 2 +-
lib/constants.ml | 10 +++++++
lib/constants.mli | 2 ++
lib/hardening.ml | 4 ++-
test/bench/dune | 7 +++++
test/bench/timing.expected | 11 ++++++++
test/bench/timing.ml | 29 ++++++++++++++++++++
9 files changed, 127 insertions(+), 3 deletions(-)
create mode 100644 lib/constants.ml
create mode 100644 lib/constants.mli
create mode 100644 test/bench/dune
create mode 100644 test/bench/timing.expected
create mode 100644 test/bench/timing.ml
diff --git a/Makefile b/Makefile
index 7c01a6a..ffa9059 100644
--- a/Makefile
+++ b/Makefile
@@ -8,7 +8,7 @@ default: build
test: build
@ opam lint
- @ dune build @test/spec/runtest -f --no-buffer -j 1
+ @ dune build @test/spec/runtest -f --no-buffer
build:
@ dune build -j 1
@@ -23,6 +23,8 @@ clear:
@ rm -rfv bisect*.out
@ dune clean
+clean: clear
+
coverage: clear
@ mkdir -p docs/
@ rm -rf docs/apicov
@@ -117,6 +119,13 @@ local-site-setup:
local-site-start:
@ cd docs && bundle exec jekyll serve && cd ..
+bench: clean build
+ @ NOCOINER_KDF_COST=2 \
+ NOCOINER_KDF_WORKERS=1 \
+ dune build @test/bench/runtest -f --no-buffer --auto-promote \
+ --diff-command="git diff --unified=10 --break-rewrites --no-index --exit-code --histogram --word-diff=none --color --no-prefix" || echo \
+ "\n\n=== Differences detected! ===\n\n"
+
# to run inside docker alpine context
binary: clear
@ dune build --profile deploy
diff --git a/README.md b/README.md
index 8c012b0..afa466d 100644
--- a/README.md
+++ b/README.md
@@ -191,6 +191,60 @@ The complete API reference is available [here][7]. Coverage reports are
generated too, please refer to the respective [page][8].
+### Cryptoanalysis
+
+We have performed some benchmarks on valid inputs and on invalid inputs as well.
+This is just to discover and prove exploitable loopholes. The kind of side-channel
+vulnerabilities shown on version `1.0.0` are related to _timing attacks_. The used
+_Key Derivation Function_ on both `commit` and `reveal` phases conceals a lot the
+response time if this library is used as an _oracle_ (that is, an external server).
+On the other hand, this algorithm is open and then the attacker can pre-compute the
+derivation keys, and just perform her own cryptoanalysis on the next steps of the
+algorithm.
+
+Assuming that our _Nocoiner_ algorithm is just a black-box (oracle) where all the
+steps are called "atomically", there are still some exploitable information if the
+attacker gains access on the host machine for the oracle service. The benchmarks
+provided with the `core_bench` library only work well for functions halting under
+milliseconds, the KDF imposes a computation around few seconds. Due that issue, we
+execute the benchmarks with a lower KDF cost (just to cover the possibility of
+pre-computed derived keys, and also to remove timing noise imposed by a KDF with
+stronger cycles). To run the benchmarks, just type `$ make bench` on this project's
+root directory.
+
+We will only take the relevant information (with major differences). The version
+`1.0.0` is vulnerable during the opening phase, mostly 'cause:
+
+- We compare the tags for the authenticated ciphertext in non-constant /
+ non-linear time. This is the most famous kind of exploitable timing attack.
+- We don't decypher the AES ciphertext even if the opening key is wrong (don't
+ pass the MAC tag test). The result plaintext will be ignored 'cause the
+ authentication failed, but decryption must be performed to not leak side
+ information for the attacker.
+
+The benchmarks results stored on this repository were performed on an Intel(R)
+Dual-Core Celeron(R) of 1GHz each (both vulnerable to Meltdown, Spectre and MDS
+CPU bugs, and possibly some NSA hardware backdoors too, you know). The first test
+is the one with valid inputs, and the rest are evaluated with invalid inputs:
+
+
+
+| Name | Time/Run | Cycls/Run | mWd/Run | mWd Overhd | mjWd/Run | mjWd Overhd | mGC/Run | Percentage |
+|:-------------------|---------:|----------:|--------:|-----------:|---------:|------------:|---------:|-----------:|
+| bound opening | 830.05us | 863.66kc | 19.77kw | 24.18w | 17.87w | 116.97w | 70.61e-3 | 100.00% |
+| unbound commitment | 809.76us | 842.54kc | 19.56kw | 28.59w | 20.29w | -219.19w | 69.79e-3 | 97.56% |
+| unbound opening | 807.82us | 840.52kc | 19.56kw | 28.59w | 20.29w | -219.19w | 69.79e-3 | 97.32% |
+
+
+This table shows informations about the GC, minor heap & major heap. All cases
+were executed with major heap compaction disabled to not mask execution time.
+
+
+
+
+TODO.
+
+
### Disclaimer
This library was not fully tested against side-channel attacks. Keep in mind
diff --git a/docs/dune b/docs/dune
index faf72bb..74ac563 100644
--- a/docs/dune
+++ b/docs/dune
@@ -1 +1 @@
-(dirs :standard \ vendor)
+(dirs :standard \ vendor _site .bundle)
diff --git a/lib/constants.ml b/lib/constants.ml
new file mode 100644
index 0000000..c7208c8
--- /dev/null
+++ b/lib/constants.ml
@@ -0,0 +1,10 @@
+module Sys = Core.Sys
+module Option = Core.Option
+module Int = Core.Int
+
+let get variable default =
+ let optional = Sys.getenv variable in
+ Option.value optional ~default
+
+let _KDF_COST = get "NOCOINER_KDF_COST" "8192" |> Int.of_string
+let _KDF_WORKERS = get "NOCOINER_KDF_WORKERS" "2" |> Int.of_string
diff --git a/lib/constants.mli b/lib/constants.mli
new file mode 100644
index 0000000..4af406f
--- /dev/null
+++ b/lib/constants.mli
@@ -0,0 +1,2 @@
+val _KDF_COST : int
+val _KDF_WORKERS : int
diff --git a/lib/hardening.ml b/lib/hardening.ml
index d3da5b6..138d328 100644
--- a/lib/hardening.ml
+++ b/lib/hardening.ml
@@ -1,2 +1,4 @@
+open Constants
+
let kdf ~size ~salt password =
- Scrypt_kdf.scrypt_kdf ~password ~salt ~dk_len:size ~r:8 ~p:2 ~n:8192
+ Scrypt_kdf.scrypt_kdf ~password ~salt ~dk_len:size ~r:8 ~p:_KDF_WORKERS ~n:_KDF_COST
diff --git a/test/bench/dune b/test/bench/dune
new file mode 100644
index 0000000..dbca964
--- /dev/null
+++ b/test/bench/dune
@@ -0,0 +1,7 @@
+(test
+ (name timing)
+ (modules timing)
+ (action (run %{test} time cycles alloc gc percentage speedup samples
+ -all-values -ascii -fork -no-compactions -overheads -quota 15 -stabilize-gc
+ -width 300 -v -display tall))
+ (libraries core_bench nocoiner))
diff --git a/test/bench/timing.expected b/test/bench/timing.expected
new file mode 100644
index 0000000..3f50966
--- /dev/null
+++ b/test/bench/timing.expected
@@ -0,0 +1,11 @@
+Estimated testing time 45s (3 benchmarks x 15s). Change using -quota SECS.
+bound opening: Total time taken 15.1483s (158 samples, max runs 158).
+unbound commitment: Total time taken 15.069s (159 samples, max runs 159).
+unbound opening: Total time taken 15.0492s (159 samples, max runs 159).
+
+ Name Runs @ Samples Time/Run Cycls/Run mWd/Run mWd Overhd mjWd/Run mjWd Overhd Prom/Run Prom Overhd mGC/Run mjGC/Run Comp/Run Percentage Speedup
+ -------------------- ---------------- ---------- ----------- --------- ------------ ---------- ------------- ---------- ------------- ---------- ---------- ---------- ------------ ---------
+ bound opening 158 @ 158 830.05us 863.66kc 19.77kw 24.18w 17.87w 116.97w 17.87w 116.97w 70.61e-3 0.00e-9 0.00e-9 100.00% 1.03
+ unbound commitment 159 @ 159 809.76us 842.54kc 19.56kw 28.59w 20.29w -219.19w 20.29w -219.19w 69.79e-3 0.00e-9 0.00e-9 97.56% 1.00
+ unbound opening 159 @ 159 807.82us 840.52kc 19.56kw 28.59w 20.29w -219.19w 20.29w -219.19w 69.79e-3 0.00e-9 0.00e-9 97.32% 1.00
+
diff --git a/test/bench/timing.ml b/test/bench/timing.ml
new file mode 100644
index 0000000..62443b7
--- /dev/null
+++ b/test/bench/timing.ml
@@ -0,0 +1,29 @@
+open Core_bench.Bench
+module Command = Core.Command
+
+let reveals c o =
+ try ignore @@ Nocoiner.reveal ~commitment:c ~opening:o; true
+ with Nocoiner.Reasons.BindingFailure -> false
+
+let _RIGHT_SECRET = "P = NP would prove God's existence."
+let _WRONG_SECRET = "The Quantum Nature is just Godel..."
+
+let (_RIGHT_C, _RIGHT_O) = Nocoiner.commit _RIGHT_SECRET
+let (_WRONG_C, _WRONG_O) = Nocoiner.commit _WRONG_SECRET
+
+let __test_case_01 ( ) = assert (reveals _RIGHT_C _RIGHT_O)
+let __test_case_02 ( ) = assert (not (reveals _WRONG_C _RIGHT_O))
+let __test_case_03 ( ) = assert (not (reveals _RIGHT_C _WRONG_O))
+
+let _TEST_NAME_01 = "bound opening"
+let _TEST_NAME_02 = "unbound commitment"
+let _TEST_NAME_03 = "unbound opening"
+
+let __test_01 = Test.create ~name:_TEST_NAME_01 __test_case_01
+let __test_02 = Test.create ~name:_TEST_NAME_02 __test_case_02
+let __test_03 = Test.create ~name:_TEST_NAME_03 __test_case_03
+
+let suite = [ __test_01; __test_02; __test_03 ]
+
+let _ = Command.run @@ make_command suite
+
From 62292ebadb8df11f6a903bf76c4fcb45b12d0b1f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marco=20Aur=C3=A9lio=20da=20Silva?=
Date: Sat, 7 Sep 2019 18:32:09 -0300
Subject: [PATCH 2/5] security: :lock: mitigations for timing-attacks on
nocoiner's decryption/opening phase
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Marco Aurélio da Silva
---
README.md | 12 ++++++++++--
VERSION | 2 +-
dune-project | 2 +-
lib/dune | 3 ++-
lib/encryption.ml | 24 +++++++++++++++++++-----
lib/helpers.ml | 5 ++++-
nocoiner.opam | 3 ++-
test/bench/dune | 13 +++++++------
test/bench/timing.expected | 12 ++++++------
test/bench/timing.ml | 28 ++++++++++++++++++++--------
10 files changed, 72 insertions(+), 32 deletions(-)
diff --git a/README.md b/README.md
index afa466d..993c2e8 100644
--- a/README.md
+++ b/README.md
@@ -242,7 +242,14 @@ were executed with major heap compaction disabled to not mask execution time.
-TODO.
+As you can see, there's much more computations performed on valid/bound inputs than on unbound inputs. Inputs
+are bound (the opening key and the commitment box) if they were previously computed during commitment phase.
+Otherwise, the inputs are unbound _even if they were computed over the same secret during commitment_. This
+is a huge important thing when we want a group of commitments (performed by many parties) to be independent
+of each other. The security patch introduced on version `1.0.1` uses the [eqaf][10] library to compare in
+constant time the MAC tags, and we also force decryption step even if a MAC tag mismatch occurs (obviously
+the decrypted plain-text is ignored in this case and the whole opening phase fails).
+
### Disclaimer
@@ -271,4 +278,5 @@ process context).
[6]: https://en.wikipedia.org/wiki/Authenticated_encryption
[7]: https://marcoonroad.dev/nocoiner/apiref/nocoiner/Nocoiner/index.html
[8]: https://marcoonroad.dev/nocoiner/apicov/index.html
- [9]: https://github.com/marcoonroad/nocoiner/issues/1
\ No newline at end of file
+ [9]: https://github.com/marcoonroad/nocoiner/issues/1
+ [10]: https://github.com/mirage/eqaf
diff --git a/VERSION b/VERSION
index afaf360..7f20734 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-1.0.0
\ No newline at end of file
+1.0.1
\ No newline at end of file
diff --git a/dune-project b/dune-project
index e1dabc2..b46afdc 100644
--- a/dune-project
+++ b/dune-project
@@ -1,4 +1,4 @@
(lang dune 1.9)
(name nocoiner)
-(version 1.0.0)
+(version 1.0.1)
(using fmt 1.1)
diff --git a/lib/dune b/lib/dune
index 236493f..9959464 100644
--- a/lib/dune
+++ b/lib/dune
@@ -2,7 +2,8 @@
(name nocoiner)
(public_name nocoiner)
(wrapped true)
- (libraries core nocrypto.unix nocrypto digestif digestif.c scrypt-kdf)
+ (libraries core nocrypto.unix nocrypto digestif digestif.c eqaf eqaf.cstruct
+ scrypt-kdf)
(synopsis "The Nocoiner module for nocoiner library.")
(preprocess
(pps bisect_ppx -conditional -no-comment-parsing)))
diff --git a/lib/encryption.ml b/lib/encryption.ml
index d15f432..3d840fd 100644
--- a/lib/encryption.ml
+++ b/lib/encryption.ml
@@ -29,14 +29,28 @@ let encrypt ~key ~iv ~metadata ~message:msg =
(ciphertext, tag)
+exception DecryptedPlaintext of Cstruct.t
+
let decrypt ~reason ~key ~iv ~metadata ~cipher ~tag =
let aes_key, mac_key = __kdf key in
let secret = hash mac_key in
let payload = Cstruct.concat [ metadata; iv; cipher ] in
let tag' = mac ~key:secret payload in
- if Cstruct.equal tag tag'
- then
- let aes_key' = AES.of_secret aes_key in
- let plaintext = AES.decrypt ~iv ~key:aes_key' cipher in
+ (* we decypher before the tag verification to avoid
+ exploitable side-channels vulnerabilities such as
+ timing attacks. we also check the tags in linear
+ time regarding the tag size in bytes *)
+ let aes_key' = AES.of_secret aes_key in
+ let plaintext = AES.decrypt ~iv ~key:aes_key' cipher in
+ let decrypted =
Cstruct.of_string @@ Helpers.unpad @@ Cstruct.to_string plaintext
- else raise reason
+ in
+ (* forces both bound and unbound flows to pass through the exception triggering
+ pipeline. this is just to approximate both execution timings to reduce the
+ vector attacks for side-channel attacks *)
+ try
+ if Eqaf_cstruct.equal tag tag'
+ then raise (DecryptedPlaintext decrypted)
+ else raise reason
+ with
+ | DecryptedPlaintext result -> result
diff --git a/lib/helpers.ml b/lib/helpers.ml
index 5ec60ac..a2a1e64 100644
--- a/lib/helpers.ml
+++ b/lib/helpers.ml
@@ -14,4 +14,7 @@ let pad ~basis msg =
let __nonzero char = char != __nullchar
-let unpad msg = Encoding.decode @@ String.filter ~f:__nonzero msg
+(* ignores input if it can't be base64-decoded after dropping null-padding data *)
+let unpad msg =
+ let filtered = String.filter ~f:__nonzero msg in
+ try Encoding.decode @@ filtered with Failure _ -> msg
diff --git a/nocoiner.opam b/nocoiner.opam
index b1f7422..2246c8c 100644
--- a/nocoiner.opam
+++ b/nocoiner.opam
@@ -1,6 +1,6 @@
opam-version: "2.0"
name: "nocoiner"
-version: "1.0.0"
+version: "1.0.1"
synopsis: "A Commitment Scheme library for Coin Flipping/Tossing algorithms and sort"
description: """
This project implements Commitment Schemes using the
@@ -31,5 +31,6 @@ depends: [
"scrypt-kdf" {>= "1.0.0"}
"digestif" {>= "0.7.0"}
"core" {>= "v0.9.1"}
+ "eqaf" {>= "0.5"}
"bisect_ppx" {>= "1.4.1"}
]
diff --git a/test/bench/dune b/test/bench/dune
index dbca964..0e40916 100644
--- a/test/bench/dune
+++ b/test/bench/dune
@@ -1,7 +1,8 @@
(test
- (name timing)
- (modules timing)
- (action (run %{test} time cycles alloc gc percentage speedup samples
- -all-values -ascii -fork -no-compactions -overheads -quota 15 -stabilize-gc
- -width 300 -v -display tall))
- (libraries core_bench nocoiner))
+ (name timing)
+ (modules timing)
+ (action
+ (run %{test} time cycles alloc gc percentage speedup samples -all-values
+ -ascii -fork -no-compactions -overheads -quota 15 -stabilize-gc -width
+ 300 -v -display tall))
+ (libraries core_bench nocoiner))
diff --git a/test/bench/timing.expected b/test/bench/timing.expected
index 3f50966..623fa41 100644
--- a/test/bench/timing.expected
+++ b/test/bench/timing.expected
@@ -1,11 +1,11 @@
Estimated testing time 45s (3 benchmarks x 15s). Change using -quota SECS.
-bound opening: Total time taken 15.1483s (158 samples, max runs 158).
-unbound commitment: Total time taken 15.069s (159 samples, max runs 159).
-unbound opening: Total time taken 15.0492s (159 samples, max runs 159).
+bound opening: Total time taken 15.14s (156 samples, max runs 156).
+unbound commitment: Total time taken 15.1478s (158 samples, max runs 158).
+unbound opening: Total time taken 15.0146s (157 samples, max runs 157).
Name Runs @ Samples Time/Run Cycls/Run mWd/Run mWd Overhd mjWd/Run mjWd Overhd Prom/Run Prom Overhd mGC/Run mjGC/Run Comp/Run Percentage Speedup
-------------------- ---------------- ---------- ----------- --------- ------------ ---------- ------------- ---------- ------------- ---------- ---------- ---------- ------------ ---------
- bound opening 158 @ 158 830.05us 863.66kc 19.77kw 24.18w 17.87w 116.97w 17.87w 116.97w 70.61e-3 0.00e-9 0.00e-9 100.00% 1.03
- unbound commitment 159 @ 159 809.76us 842.54kc 19.56kw 28.59w 20.29w -219.19w 20.29w -219.19w 69.79e-3 0.00e-9 0.00e-9 97.56% 1.00
- unbound opening 159 @ 159 807.82us 840.52kc 19.56kw 28.59w 20.29w -219.19w 20.29w -219.19w 69.79e-3 0.00e-9 0.00e-9 97.32% 1.00
+ bound opening 156 @ 156 841.47us 874.71kc 19.78kw 25.82w 18.59w 35.39w 18.59w 35.39w 70.62e-3 0.00e-9 0.00e-9 100.00% 1.02
+ unbound commitment 158 @ 158 823.70us 856.24kc 19.69kw 23.02w 22.75w -132.15w 22.75w -132.15w 70.32e-3 0.00e-9 0.00e-9 97.89% 1.00
+ unbound opening 157 @ 157 826.47us 859.12kc 19.69kw 23.02w 22.81w -135.02w 22.81w -135.02w 70.33e-3 0.00e-9 0.00e-9 98.22% 1.00
diff --git a/test/bench/timing.ml b/test/bench/timing.ml
index 62443b7..43c42fa 100644
--- a/test/bench/timing.ml
+++ b/test/bench/timing.ml
@@ -2,28 +2,40 @@ open Core_bench.Bench
module Command = Core.Command
let reveals c o =
- try ignore @@ Nocoiner.reveal ~commitment:c ~opening:o; true
- with Nocoiner.Reasons.BindingFailure -> false
+ try
+ ignore @@ Nocoiner.reveal ~commitment:c ~opening:o ;
+ true
+ with
+ | Nocoiner.Reasons.BindingFailure ->
+ false
+
let _RIGHT_SECRET = "P = NP would prove God's existence."
+
let _WRONG_SECRET = "The Quantum Nature is just Godel..."
-let (_RIGHT_C, _RIGHT_O) = Nocoiner.commit _RIGHT_SECRET
-let (_WRONG_C, _WRONG_O) = Nocoiner.commit _WRONG_SECRET
+let _RIGHT_C, _RIGHT_O = Nocoiner.commit _RIGHT_SECRET
+
+let _WRONG_C, _WRONG_O = Nocoiner.commit _WRONG_SECRET
+
+let __test_case_01 () = assert (reveals _RIGHT_C _RIGHT_O)
+
+let __test_case_02 () = assert (not (reveals _WRONG_C _RIGHT_O))
-let __test_case_01 ( ) = assert (reveals _RIGHT_C _RIGHT_O)
-let __test_case_02 ( ) = assert (not (reveals _WRONG_C _RIGHT_O))
-let __test_case_03 ( ) = assert (not (reveals _RIGHT_C _WRONG_O))
+let __test_case_03 () = assert (not (reveals _RIGHT_C _WRONG_O))
let _TEST_NAME_01 = "bound opening"
+
let _TEST_NAME_02 = "unbound commitment"
+
let _TEST_NAME_03 = "unbound opening"
let __test_01 = Test.create ~name:_TEST_NAME_01 __test_case_01
+
let __test_02 = Test.create ~name:_TEST_NAME_02 __test_case_02
+
let __test_03 = Test.create ~name:_TEST_NAME_03 __test_case_03
let suite = [ __test_01; __test_02; __test_03 ]
let _ = Command.run @@ make_command suite
-
From 81cff71fade77d678c860c63037e87688485ad5b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marco=20Aur=C3=A9lio=20da=20Silva?=
Date: Sat, 7 Sep 2019 19:03:59 -0300
Subject: [PATCH 3/5] fix: :beetle: missed core_bench dependence on opam file,
fixes broken CI build
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Marco Aurélio da Silva
---
Makefile | 3 +++
nocoiner.opam | 1 +
2 files changed, 4 insertions(+)
diff --git a/Makefile b/Makefile
index ffa9059..19698e3 100644
--- a/Makefile
+++ b/Makefile
@@ -89,6 +89,7 @@ dev-deps:
merlin \
bisect_ppx \
utop \
+ core_bench \
--yes
@ opam update --yes
@ opam upgrade \
@@ -100,6 +101,7 @@ dev-deps:
merlin \
bisect_ppx \
utop \
+ core_bench \
--yes
lint-format:
@@ -120,6 +122,7 @@ local-site-start:
@ cd docs && bundle exec jekyll serve && cd ..
bench: clean build
+ @ opam install core_bench --yes
@ NOCOINER_KDF_COST=2 \
NOCOINER_KDF_WORKERS=1 \
dune build @test/bench/runtest -f --no-buffer --auto-promote \
diff --git a/nocoiner.opam b/nocoiner.opam
index 2246c8c..af75401 100644
--- a/nocoiner.opam
+++ b/nocoiner.opam
@@ -27,6 +27,7 @@ depends: [
"dune" {>= "1.9"}
"cmdliner" {>= "1.0.0"}
"alcotest" {with-test}
+ "core_bench" {with-test}
"nocrypto" {>= "0.5.4-1"}
"scrypt-kdf" {>= "1.0.0"}
"digestif" {>= "0.7.0"}
From 5ed9edcf92c56c421db86ea0746608f4cafbfd14 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marco=20Aur=C3=A9lio=20da=20Silva?=
Date: Sat, 7 Sep 2019 19:06:06 -0300
Subject: [PATCH 4/5] style: :art: standard ocamlformat compliant source code,
fixes lint-format Makefile step
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Marco Aurélio da Silva
---
lib/constants.ml | 2 ++
lib/constants.mli | 1 +
lib/encryption.ml | 3 ++-
lib/hardening.ml | 8 +++++++-
4 files changed, 12 insertions(+), 2 deletions(-)
diff --git a/lib/constants.ml b/lib/constants.ml
index c7208c8..6536cfe 100644
--- a/lib/constants.ml
+++ b/lib/constants.ml
@@ -6,5 +6,7 @@ let get variable default =
let optional = Sys.getenv variable in
Option.value optional ~default
+
let _KDF_COST = get "NOCOINER_KDF_COST" "8192" |> Int.of_string
+
let _KDF_WORKERS = get "NOCOINER_KDF_WORKERS" "2" |> Int.of_string
diff --git a/lib/constants.mli b/lib/constants.mli
index 4af406f..27a73dc 100644
--- a/lib/constants.mli
+++ b/lib/constants.mli
@@ -1,2 +1,3 @@
val _KDF_COST : int
+
val _KDF_WORKERS : int
diff --git a/lib/encryption.ml b/lib/encryption.ml
index 3d840fd..3838714 100644
--- a/lib/encryption.ml
+++ b/lib/encryption.ml
@@ -53,4 +53,5 @@ let decrypt ~reason ~key ~iv ~metadata ~cipher ~tag =
then raise (DecryptedPlaintext decrypted)
else raise reason
with
- | DecryptedPlaintext result -> result
+ | DecryptedPlaintext result ->
+ result
diff --git a/lib/hardening.ml b/lib/hardening.ml
index 138d328..444142d 100644
--- a/lib/hardening.ml
+++ b/lib/hardening.ml
@@ -1,4 +1,10 @@
open Constants
let kdf ~size ~salt password =
- Scrypt_kdf.scrypt_kdf ~password ~salt ~dk_len:size ~r:8 ~p:_KDF_WORKERS ~n:_KDF_COST
+ Scrypt_kdf.scrypt_kdf
+ ~password
+ ~salt
+ ~dk_len:size
+ ~r:8
+ ~p:_KDF_WORKERS
+ ~n:_KDF_COST
From 19dd264d3f40f22d4bc575eb7812d9b9174fd4b3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marco=20Aur=C3=A9lio=20da=20Silva?=
Date: Sun, 8 Sep 2019 00:40:22 -0300
Subject: [PATCH 5/5] fix/chore: :beetle: / :gear: benchmark is now optional
and only is performed on OCaml +4.07 during CI build
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Marco Aurélio da Silva
---
.travis.yml | 2 +-
Makefile | 33 ++++++++++++++++++---------------
nocoiner.opam | 11 +++++------
test/bench/dune | 2 +-
test/bench/timing.ml | 1 +
test/support/dune | 9 +++++++++
test/support/nocoiner_bench.ml | 7 +++++++
7 files changed, 42 insertions(+), 23 deletions(-)
create mode 100644 test/support/dune
create mode 100644 test/support/nocoiner_bench.ml
diff --git a/.travis.yml b/.travis.yml
index bf19255..10b56b5 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -18,7 +18,7 @@ env:
- OCAML_VERSION=4.04 POST_INSTALL_HOOK="make report"
- OCAML_VERSION=4.05 POST_INSTALL_HOOK="make report"
- OCAML_VERSION=4.06 POST_INSTALL_HOOK="make lint-format; make report"
- - OCAML_VERSION=4.07 POST_INSTALL_HOOK="make lint-format; make report"
+ - OCAML_VERSION=4.07 POST_INSTALL_HOOK="make lint-format; make bench; make report"
os:
- linux
# - osx
diff --git a/Makefile b/Makefile
index 19698e3..53e49a1 100644
--- a/Makefile
+++ b/Makefile
@@ -73,11 +73,14 @@ docs: build
@ mv ./_build/default/_doc/_html/* ./docs/apiref/
pin:
- @ opam pin add nocoiner . -n --yes
+ @ opam pin add nocoiner . -n --yes --working-dir
+
+unpin:
+ @ opam pin remove nocoiner --yes
deps:
- @ opam install . --deps-only --yes
- @ opam install alcotest core --yes # force such test dependences
+ @ opam install . --deps-only --yes --working-dir
+ @ opam install alcotest --yes # force such test dependences
dev-deps:
@ opam install \
@@ -91,18 +94,18 @@ dev-deps:
utop \
core_bench \
--yes
- @ opam update --yes
- @ opam upgrade \
- odoc \
- ocveralls \
- alcotest \
- ocp-indent \
- ocamlformat \
- merlin \
- bisect_ppx \
- utop \
- core_bench \
- --yes
+# @ opam update --yes
+# @ opam upgrade \
+# odoc \
+# ocveralls \
+# alcotest \
+# ocp-indent \
+# ocamlformat \
+# merlin \
+# bisect_ppx \
+# utop \
+# core_bench \
+# --yes
lint-format:
@ opam install ocamlformat --yes
diff --git a/nocoiner.opam b/nocoiner.opam
index af75401..e02a873 100644
--- a/nocoiner.opam
+++ b/nocoiner.opam
@@ -20,18 +20,17 @@ build: [
["dune" "build" "-p" name "-j" jobs]
]
-run-test: ["dune" "runtest" "-p" name "-j" jobs]
+run-test: ["dune" "build" "@test/spec/runtest" "-p" name "-j" jobs]
depends: [
"ocaml" {>= "4.03.0"}
"dune" {>= "1.9"}
"cmdliner" {>= "1.0.0"}
- "alcotest" {with-test}
- "core_bench" {with-test}
- "nocrypto" {>= "0.5.4-1"}
+ "alcotest" {>= "0.8.0" & with-test}
+ "nocrypto" {>= "0.5.0"}
"scrypt-kdf" {>= "1.0.0"}
"digestif" {>= "0.7.0"}
- "core" {>= "v0.9.1"}
+ "core" {>= "v0.9.0"}
"eqaf" {>= "0.5"}
- "bisect_ppx" {>= "1.4.1"}
+ "bisect_ppx" {>= "1.4.0"}
]
diff --git a/test/bench/dune b/test/bench/dune
index 0e40916..a6e1aa7 100644
--- a/test/bench/dune
+++ b/test/bench/dune
@@ -5,4 +5,4 @@
(run %{test} time cycles alloc gc percentage speedup samples -all-values
-ascii -fork -no-compactions -overheads -quota 15 -stabilize-gc -width
300 -v -display tall))
- (libraries core_bench nocoiner))
+ (libraries nocoiner.bench))
diff --git a/test/bench/timing.ml b/test/bench/timing.ml
index 43c42fa..9454e7d 100644
--- a/test/bench/timing.ml
+++ b/test/bench/timing.ml
@@ -1,3 +1,4 @@
+open Nocoiner_bench
open Core_bench.Bench
module Command = Core.Command
diff --git a/test/support/dune b/test/support/dune
new file mode 100644
index 0000000..fcb5be0
--- /dev/null
+++ b/test/support/dune
@@ -0,0 +1,9 @@
+;; wrapper library just to enable optional core_bench
+;; library installation on ocaml versions >= 4.04.1
+
+(library
+ (name nocoiner_bench)
+ (optional)
+ (public_name nocoiner.bench)
+ (modules nocoiner_bench)
+ (libraries core_bench nocoiner))
diff --git a/test/support/nocoiner_bench.ml b/test/support/nocoiner_bench.ml
new file mode 100644
index 0000000..72f8805
--- /dev/null
+++ b/test/support/nocoiner_bench.ml
@@ -0,0 +1,7 @@
+module Nocoiner = struct
+ include Nocoiner
+end
+
+module Core_bench = struct
+ include Core_bench
+end