4 type internal Metadata (d
: (string * string) list
) =
5 new (stream
: Stream) =
6 let reader = new BinaryReader (stream
)
7 let length = reader.ReadByte () |> int
8 new Metadata ([for i
in 1..length -> reader.ReadString (), reader.ReadString ()])
10 // May raise 'KeyNotFoundException'.
11 member this
.get
(key
: string) : string =
13 | (k
, v
) when k
= key
-> Some (v
)
16 member this
.WriteTo (stream
: Stream) =
17 let writer = new BinaryWriter (stream
)
18 writer.Write (byte
d.Length)
19 List.iter
(fun (key
: string, value
: string) -> writer.Write key; writer.Write value) d
22 module internal Metadata =
23 let filename = "filename"
24 let creationTimeKey = "file-creation-time"
26 let generatKeysPair : Key * Key = Crypto.generateRSAKeysPair
28 // Encrypt a given file
29 let encryptFile (inputFilePath
: string) (outputFilePath
: string) (signaturePrivKey
: Key) (cryptPubKey
: Key) =
30 let keyAES, keyMAC
, iv
= Crypto.rand
32, Crypto.rand
32, Crypto.rand
16
31 let fileInfo = new FileInfo (inputFilePath
)
32 use inputStream = new FileStream (inputFilePath
, FileMode.Open, FileAccess.Read)
33 use outputStream = new FileStream (outputFilePath
, FileMode.Create, FileAccess.Write)
34 let writer = new BinaryWriter (outputStream)
36 writer.Seek (32 + 256, SeekOrigin.Current) |> ignore
// Skips mac and signature. They will be written later.
38 Crypto.encryptRSA cryptPubKey
(Array.append
keyAES <| Array.append keyMAC iv
) |> writer.Write
40 let (hmacStream
, hmac
) = Crypto.HMACStream keyMAC
outputStream
41 use cryptoStream = Crypto.encryptAES
keyAES iv hmacStream
42 let cryptoWriter = new BinaryWriter (cryptoStream)
44 // Write the file metadata.
45 let metaData = new Metadata ([Metadata.filename, fileInfo.Name
46 Metadata.creationTimeKey, fileInfo.CreationTimeUtc.Ticks.ToString ()])
47 metaData.WriteTo cryptoStream
49 // Write the content of the file.
50 inputStream.CopyTo cryptoStream
51 cryptoStream.FlushFinalBlock ()
53 // Write the HMAC at the begining of the file.
54 outputStream.Position <- 0L
55 writer.Write hmac.Hash
57 // Write the signature.
58 Crypto.signRSA signaturePrivKey
hmac.Hash |> writer.Write
61 let decryptFile (sourceFilePath
: string) (targetDirPath
: string) (signaturePubKey
: Key) (decryptPrivKey
: Key) =
62 use inputStream = new FileStream (sourceFilePath
, FileMode.Open, FileAccess.Read)
63 use reader = new BinaryReader (inputStream)
64 let mac = reader.ReadBytes 32
65 let signature = reader.ReadBytes 256
66 let keys = reader.ReadBytes 256 |> Crypto.decryptRSA decryptPrivKey
67 let keyAES = keys.[0..31]
68 let keyMAC = keys.[32..63]
69 let iv = keys.[64..79]
71 // Integrity validation.
72 let mac' = Crypto.ComputeHMAC keyMAC inputStream
76 // Authentication validation.
77 if not
<| Crypto.verifySignRSA signaturePubKey
mac' signature then
78 raise SignatureMismatch
81 inputStream.Position <- 32L + 256L + 256L
82 use cryptoStream = Crypto.decryptAES keyAES iv inputStream
83 let metadata = new Metadata (cryptoStream)
85 // Create the file and write.
86 let filename = metadata.get Metadata.filename
87 use outputStream = new FileStream (Path.Combine (targetDirPath, filename), FileMode.Create, FileAccess.Write)
88 cryptoStream.CopyTo outputStream