Merge pull request #233 from hannesm/require-413

Require OCaml 4.13 and remove local overrides

.github/workflows/test.yml

@@ -9,7 +9,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        ocaml-version: ["4.14.2", "4.13.1", "4.12.1"]
+        ocaml-version: ["4.14.2", "4.13.1"]
         operating-system: [macos-latest, ubuntu-latest]
 
     runs-on: ${{ matrix.operating-system }}

.github/workflows/windows.yml

@@ -9,7 +9,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        ocaml-version: ["4.14.2", "4.13.1", "4.12.1"]
+        ocaml-version: ["4.14.2", "4.13.1"]
         operating-system: [windows-latest]
 
     runs-on: ${{ matrix.operating-system }}

ec/mirage_crypto_ec.ml

@@ -28,14 +28,10 @@ let rev_string buf =
 
 exception Message_too_long
 
-let string_get_uint8 buf idx =
-  (* TODO: use String.get_uint8 when mirage-crypto-ec requires OCaml >= 4.13 *)
-  Bytes.get_uint8 (Bytes.unsafe_of_string buf) idx
-
 let bit_at buf i =
   let byte_num = i / 8 in
   let bit_num = i mod 8 in
-  let byte = string_get_uint8 buf byte_num in
+  let byte = String.get_uint8 buf byte_num in
   byte land (1 lsl bit_num) <> 0
 
 module type Dh = sig
@@ -320,7 +316,7 @@ module Make_point (P : Parameters) (F : Foreign) : Point = struct
     if compress then
       let out = Bytes.create (P.byte_length + 1) in
       let ident =
-        2 + (string_get_uint8 buf ((P.byte_length * 2) - 1)) land 1
+        2 + (String.get_uint8 buf ((P.byte_length * 2) - 1)) land 1
       in
       Bytes.unsafe_blit_string buf 1 out 1 P.byte_length;
       Bytes.set_uint8 out 0 ident;
@@ -389,9 +385,9 @@ module Make_point (P : Parameters) (F : Foreign) : Point = struct
       let y' = Fe.from_montgomery y' in
       let y_struct2 = Fe.to_octets y' in (* number must not be in montgomery domain*)
       let y_struct2 = rev_string y_struct2 in
-      let ident = string_get_uint8 pk 0 in
+      let ident = String.get_uint8 pk 0 in
       let signY =
-        2 + (string_get_uint8 y_struct (P.byte_length - 2)) land 1
+        2 + (String.get_uint8 y_struct (P.byte_length - 2)) land 1
       in
       let res = if Int.equal signY ident then y_struct else y_struct2 in
       let out = Bytes.create ((P.byte_length * 2) + 1) in
@@ -410,7 +406,7 @@ module Make_point (P : Parameters) (F : Foreign) : Point = struct
         let y = String.sub buf (1 + len) len in
         validate_finite_point ~x ~y
       in
-      match string_get_uint8 buf 0 with
+      match String.get_uint8 buf 0 with
       | 0x00 when String.length buf = 1 ->
         Ok (at_infinity ())
       | 0x02 | 0x03 when String.length P.pident > 0 ->
@@ -614,7 +610,7 @@ module Make_dsa (Param : Parameters) (F : Fn) (P : Point) (S : Scalar) (H : Dige
     let first_byte_ok () =
       match Param.first_byte_bits with
       | None -> true
-      | Some m -> (string_get_uint8 msg 0) land (0xFF land (lnot m)) = 0
+      | Some m -> (String.get_uint8 msg 0) land (0xFF land (lnot m)) = 0
     in
     if l > bl || (l = bl && not (first_byte_ok ())) then
       raise Message_too_long

mirage-crypto-ec.opam

@@ -27,7 +27,7 @@ doc: "https://mirage.github.io/mirage-crypto/doc"
 bug-reports: "https://github.com/mirage/mirage-crypto/issues"
 depends: [
   "dune" {>= "2.7"}
-  "ocaml" {>= "4.08.0"}
+  "ocaml" {>= "4.13.0"}
   "dune-configurator"
   "eqaf" {>= "0.7"}
   "mirage-crypto-rng" {=version}

mirage-crypto-pk.opam

@@ -14,7 +14,7 @@ build: [ ["dune" "subst"] {dev}
 
 depends: [
   "conf-gmp-powm-sec" {build}
-  "ocaml" {>= "4.08.0"}
+  "ocaml" {>= "4.13.0"}
   "dune" {>= "2.7"}
   "ounit2" {with-test}
   "randomconv" {with-test & >= "0.2.0"}

mirage-crypto-rng-async.opam

@@ -13,7 +13,7 @@ build: [ ["dune" "subst"] {dev}
          ["dune" "runtest" "-p" name "-j" jobs] {with-test} ]
 
 depends: [
-  "ocaml" {>= "4.08.0"}
+  "ocaml" {>= "4.13.0"}
   "dune" {>= "2.7"}
   "dune-configurator" {>= "2.0.0"}
   "async" {>= "v0.14"}

mirage-crypto-rng-lwt.opam

@@ -13,7 +13,7 @@ build: [ ["dune" "subst"] {dev}
          ["dune" "runtest" "-p" name "-j" jobs] {with-test} ]
 
 depends: [
-  "ocaml" {>= "4.08.0"}
+  "ocaml" {>= "4.13.0"}
   "dune" {>= "2.7"}
   "duration"
   "logs"

mirage-crypto-rng-mirage.opam

@@ -13,7 +13,7 @@ build: [ ["dune" "subst"] {dev}
          ["dune" "runtest" "-p" name "-j" jobs] {with-test} ]
 
 depends: [
-  "ocaml" {>= "4.08.0"}
+  "ocaml" {>= "4.13.0"}
   "dune" {>= "2.7"}
   "mirage-crypto-rng" {=version}
   "duration"

mirage-crypto-rng.opam

@@ -13,7 +13,7 @@ build: [ ["dune" "subst"] {dev}
          ["dune" "runtest" "-p" name "-j" jobs] {with-test} ]
 
 depends: [
-  "ocaml" {>= "4.12.0"}
+  "ocaml" {>= "4.13.0"}
   "dune" {>= "2.7"}
   "dune-configurator" {>= "2.0.0"}
   "duration"

mirage-crypto.opam

@@ -13,7 +13,7 @@ build: [ ["dune" "subst"] {dev}
          ["dune" "runtest" "-p" name "-j" jobs] {with-test} ]
 
 depends: [
-  "ocaml" {>= "4.09.0"}
+  "ocaml" {>= "4.13.0"}
   "dune" {>= "2.7"}
   "dune-configurator" {>= "2.0.0"}
   "ounit2" {with-test}

pk/rsa.ml

@@ -197,10 +197,6 @@ let encrypt ~key              = reformat (pub_bits key)  (encrypt_z ~key)
 let decrypt ?(crt_hardening=false) ?(mask=`Yes) ~key =
   reformat (priv_bits key) (decrypt_z ~crt_hardening ~mask ~key)
 
-(* OCaml 4.13 *)
-let string_get_uint8 buf idx =
-  Bytes.get_uint8 (Bytes.unsafe_of_string buf) idx
-
 let bx00, bx01 = "\x00", "\x01"
 
 module PKCS1 = struct
@@ -214,7 +210,7 @@ module PKCS1 = struct
     let rec go nonce i j =
       if i = n then Bytes.unsafe_to_string buf else
       if j = k then go Mirage_crypto_rng.(generate ?g k) i 0 else
-      match string_get_uint8 nonce j with
+      match String.get_uint8 nonce j with
       | b when f b -> Bytes.set_uint8 buf i b ; go nonce (succ i) (succ j)
       | _          -> go nonce i (succ j) in
     go Mirage_crypto_rng.(generate ?g k) 0 0
@@ -226,9 +222,9 @@ module PKCS1 = struct
   let unpad ~mark ~is_pad buf =
     let f = not &. is_pad in
     let i = ct_find_uint8 ~default:2 ~off:2 ~f buf in
-    let c1 = string_get_uint8 buf 0 = 0x00
-    and c2 = string_get_uint8 buf 1 = mark
-    and c3 = string_get_uint8 buf i = 0x00
+    let c1 = String.get_uint8 buf 0 = 0x00
+    and c2 = String.get_uint8 buf 1 = mark
+    and c3 = String.get_uint8 buf i = 0x00
     and c4 = min_pad <= i - 2 in
     if c1 && c2 && c3 && c4 then
       Some (String.sub buf (i + 1) (String.length buf - i - 1))
@@ -264,11 +260,6 @@ module PKCS1 = struct
   let decrypt ?(crt_hardening = false) ?mask ~key msg =
     unpadded unpad_02 (decrypt ~crt_hardening ?mask ~key) (priv_bits key) msg
 
-  (* OCaml 4.13 contains starts_with *)
-  let is_prefix asn msg =
-    String.length msg >= String.length asn &&
-    String.equal asn (String.sub msg 0 (String.length asn))
-
   let asn_of_hash, detect =
     let map = [
       `MD5, "\x30\x20\x30\x0c\x06\x08\x2a\x86\x48\x86\xf7\x0d\x02\x05\x05\x00\x04\x10" ;
@@ -280,7 +271,7 @@ module PKCS1 = struct
     ]
     in
     (fun h -> List.assoc h map),
-    (fun buf -> List.find_opt (fun (_, d) -> is_prefix d buf) map)
+    (fun buf -> List.find_opt (fun (_, d) -> String.starts_with ~prefix:d buf) map)
 
   let sign ?(crt_hardening = true) ?mask ~hash ~key msg =
     let module H = (val Digestif.module_of_hash' (hash :> Digestif.hash')) in
@@ -353,8 +344,8 @@ module OAEP (H : Digestif.S) = struct
     let db = Bytes.unsafe_to_string (MGF.mask ~seed:(Bytes.unsafe_to_string (MGF.mask ~seed:mdb ms)) mdb) in
     let i  = ct_find_uint8 ~default:0 ~off:hlen ~f:((<>) 0x00) db in
     let c1 = Eqaf.equal (String.sub db 0 hlen) H.(digest_string label |> to_raw_string)
-    and c2 = string_get_uint8 b0 0 = 0x00
-    and c3 = string_get_uint8 db i = 0x01 in
+    and c2 = String.get_uint8 b0 0 = 0x00
+    and c3 = String.get_uint8 db i = 0x01 in
     if c1 && c2 && c3 then Some (String.sub db (i + 1) (String.length db - i - 1)) else None
 
   let encrypt ?g ?label ~key msg =
@@ -402,17 +393,17 @@ module PSS (H: Digestif.S) = struct
   let emsa_pss_verify slen emlen em msg =
     let mdb = String.sub em 0 (String.length em - hlen - 1)
     and h = String.sub em (String.length em - hlen - 1) hlen
-    and bxx = string_get_uint8 em (String.length em - 1)
+    and bxx = String.get_uint8 em (String.length em - 1)
     in
     let db   = MGF.mask ~seed:h mdb in
     Bytes.set_uint8 db 0 (Bytes.get_uint8 db 0 land b0mask emlen) ;
     let db   = Bytes.unsafe_to_string db in
     let salt = String.sub db (String.length db - slen) slen in
     let h'   = digest ~salt:salt msg
     and i    = ct_find_uint8 ~default:0 ~f:((<>) 0x00) db in
-    let c1 = lnot (b0mask emlen) land string_get_uint8 mdb 0 = 0x00
+    let c1 = lnot (b0mask emlen) land String.get_uint8 mdb 0 = 0x00
     and c2 = i = String.length em - hlen - slen - 2
-    and c3 = string_get_uint8 db  i = 0x01
+    and c3 = String.get_uint8 db  i = 0x01
     and c4 = bxx = 0xbc
     and c5 = Eqaf.equal h h' in
     c1 && c2 && c3 && c4 && c5

pk/z_extra.ml

@@ -2,37 +2,24 @@ open Mirage_crypto.Uncommon
 
 let bit_bound z = Z.size z * 64
 
-(* revise once OCaml 4.13 is the lower bound *)
-let string_get_int64_be buf idx =
-  Bytes.get_int64_be (Bytes.unsafe_of_string buf) idx
-
-let string_get_int32_be buf idx =
-  Bytes.get_int32_be (Bytes.unsafe_of_string buf) idx
-
-let string_get_uint16_be buf idx =
-  Bytes.get_uint16_be (Bytes.unsafe_of_string buf) idx
-
-let string_get_uint8 buf idx =
-  Bytes.get_uint8 (Bytes.unsafe_of_string buf) idx
-
 let of_octets_be ?bits buf =
   let rec loop acc i = function
     | b when b >= 64 ->
-      let x = string_get_int64_be buf i in
+      let x = String.get_int64_be buf i in
       let x = Z.of_int64_unsigned Int64.(shift_right_logical x 8) in
       loop Z.(x + acc lsl 56) (i + 7) (b - 56)
     | b when b >= 32 ->
-      let x = string_get_int32_be buf i in
+      let x = String.get_int32_be buf i in
       let x = Z.of_int32_unsigned Int32.(shift_right_logical x 8) in
       loop Z.(x + acc lsl 24) (i + 3) (b - 24)
     | b when b >= 16 ->
-      let x = Z.of_int (string_get_uint16_be buf i) in
+      let x = Z.of_int (String.get_uint16_be buf i) in
       loop Z.(x + acc lsl 16) (i + 2) (b - 16)
     | b when b >= 8  ->
-      let x = Z.of_int (string_get_uint8 buf i) in
+      let x = Z.of_int (String.get_uint8 buf i) in
       loop Z.(x + acc lsl 8 ) (i + 1) (b - 8 )
     | b when b > 0   ->
-      let x = string_get_uint8 buf i and b' = 8 - b in
+      let x = String.get_uint8 buf i and b' = 8 - b in
       Z.(of_int x asr b' + acc lsl b)
     | _              -> acc in
   loop Z.zero 0 @@ match bits with

src/cipher_block.ml

@@ -89,8 +89,7 @@ module Counters = struct
   module C64be = struct
     type ctr = int64
     let size = 8
-    (* Until OCaml 4.13 is lower bound*)
-    let of_octets cs = Bytes.get_int64_be (Bytes.unsafe_of_string cs) 0
+    let of_octets cs = String.get_int64_be cs 0
     let add = Int64.add
     let unsafe_count_into t buf ~blocks =
       let tmp = Bytes.create 8 in
@@ -277,16 +276,10 @@ module Modes = struct
       Bytes.set_int64_be cs 8 b;
       Bytes.unsafe_to_string cs
 
-    (* OCaml 4.13 *)
-    let string_get_int64 s idx =
-      Bytes.get_int64_be (Bytes.unsafe_of_string s) idx
-    let string_get_int32 s idx =
-      Bytes.get_int32_be (Bytes.unsafe_of_string s) idx
-
     let counter ~hkey nonce = match String.length nonce with
       | 0 -> invalid_arg "GCM: invalid nonce of length 0"
       | 12 ->
-        let (w1, w2) = string_get_int64 nonce 0, string_get_int32 nonce 8 in
+        let (w1, w2) = String.get_int64_be nonce 0, String.get_int32_be nonce 8 in
         (w1, Int64.(shift_left (of_int32 w2) 32 |> add 1L))
       | _  ->
         CTR.ctr_of_octets @@

src/cipher_stream.ml

@@ -21,7 +21,7 @@ module ARC4 = struct
     let rec loop j = function
       | 256 -> ()
       | i ->
-          let x = string_get_uint8 buf (i mod len) in
+          let x = String.get_uint8 buf (i mod len) in
           let si = s.(i) in
           let j = (j + si + x) land 0xff in
           let sj = s.(j) in
@@ -43,7 +43,7 @@ module ARC4 = struct
           let sj = s.(j) in
           s.(i) <- sj ; s.(j) <- si ;
           let k  = s.((si + sj) land 0xff) in
-          Bytes.set_uint8 res n (k lxor string_get_uint8 buf n);
+          Bytes.set_uint8 res n (k lxor String.get_uint8 buf n);
           mix i j (succ n)
     in
     let key' = mix i j 0 in

src/uncommon.ml

@@ -25,7 +25,3 @@ let xor a b =
   let b' = Bytes.of_string b in
   xor_into a ~src_off:0 b' ~dst_off:0 (Bytes.length b');
   Bytes.unsafe_to_string b'
-
-(* revise once OCaml 4.13 is the lower bound *)
-let string_get_uint8 buf idx =
-    Bytes.get_uint8 (Bytes.unsafe_of_string buf) idx

tests/test_ec_wycheproof.ml

@@ -4,14 +4,6 @@ open Mirage_crypto_ec
 
 let ( let* ) = Result.bind
 
-let concat_map f l =
-  (* adapt once OCaml 4.10 is lower bound *)
-  List.map f l |> List.concat
-
-let string_get_uint8 d off =
-  (* adapt once OCaml 4.13 is lower bound *)
-  Bytes.get_uint8 (Bytes.unsafe_of_string d) off
-
 let hex = Alcotest.testable Wycheproof.pp_hex Wycheproof.equal_hex
 
 module Asn = struct
@@ -155,8 +147,8 @@ let ecdh_tests file =
   let groups : ecdh_test_group list =
     List.map ecdh_test_group_exn data.testGroups
   in
-  concat_map (fun (group : ecdh_test_group) ->
-      concat_map (to_ecdh_tests group.curve) group.tests)
+  List.concat_map (fun (group : ecdh_test_group) ->
+      List.concat_map (to_ecdh_tests group.curve) group.tests)
     groups
 
 let make_ecdsa_test curve key hash (tst : dsa_test) =
@@ -219,7 +211,7 @@ let ecdsa_tests file =
   let groups : ecdsa_test_group list =
     List.map ecdsa_test_group_exn data.testGroups
   in
-  concat_map to_ecdsa_tests groups
+  List.concat_map to_ecdsa_tests groups
 
 let to_x25519_test (x : ecdh_test) =
   let name = Printf.sprintf "%d - %s" x.tcId x.comment
@@ -262,7 +254,7 @@ let x25519_tests =
   let groups : ecdh_test_group list =
     List.map ecdh_test_group_exn data.testGroups
   in
-  concat_map (fun (group : ecdh_test_group) ->
+  List.concat_map (fun (group : ecdh_test_group) ->
       List.map to_x25519_test group.tests)
     groups
 
@@ -297,7 +289,7 @@ let ed25519_tests =
   let groups : eddsa_test_group list =
     List.map eddsa_test_group_exn data.testGroups
   in
-  concat_map (fun (group : eddsa_test_group) ->
+  List.concat_map (fun (group : eddsa_test_group) ->
       let keys = to_ed25519_keys group.key in
       List.map (to_ed25519_test keys) group.tests)
     groups