X-Git-Url: http://git.euphorik.ch/?a=blobdiff_plain;f=labo2-fsharp%2FCryptoFile%2FAPI.fs;h=f542f49f0e41b006f702029b0537c4018d327109;hb=c0d86015957eda6badbe9c6e5256807f9ab0c02f;hp=e4a70086fc60b1df218c70fc3e7c48ae3bf8bac7;hpb=137157b6dbd5efb99b486a30da6e10b0a175f530;p=crypto_lab2.git diff --git a/labo2-fsharp/CryptoFile/API.fs b/labo2-fsharp/CryptoFile/API.fs index e4a7008..f542f49 100644 --- a/labo2-fsharp/CryptoFile/API.fs +++ b/labo2-fsharp/CryptoFile/API.fs @@ -1,44 +1,64 @@ namespace CryptoFile + +open System open System.IO +// To read and write metadata. type internal Metadata (d: (string * string) list) = - new (stream : Stream, size: int) = - let binaryReader = new BinaryReader (stream) - new Metadata ([]) + // Read metadata from a stream. + new (stream : Stream) = + let reader = new BinaryReader (stream) + let length = reader.ReadByte () |> int + Metadata ([for _ in 1..length -> reader.ReadString (), reader.ReadString ()]) + // Write metadata to a stream. member this.WriteTo (stream : Stream) = - let memoryStream = new MemoryStream () // To know the serialized meta-data size before writtent them to 'stream'. - let memoryWriter = new BinaryWriter (memoryStream) - List.iter (fun (key : string, value : string) -> memoryWriter.Write key; memoryWriter.Write value) d - (new BinaryWriter (stream)).Write (int memoryStream.Length) - memoryStream.CopyTo (stream) + let writer = new BinaryWriter (stream) + writer.Write (byte d.Length) + List.iter (fun (key : string, value : string) -> writer.Write key; writer.Write value) d + + // May raise 'KeyNotFoundException'. + member this.get (key: string) : string = + List.pick (function + | (k, v) when k = key -> Some (v) + | _ -> None) d module API = - module internal MetaData = + module internal MetadataKeys = let filename = "filename" - let creationTimeKey = "file-creation-time" + let modificationTime = "file-modification-time" + + let internal (@@) a1 a2 = Array.append a1 a2 + + let test = 256 / 8 + let hmacSize = 256 / 8 // [byte]. + let signatureSize = Crypto.rsaKeySize / 8 // [byte]. + let keysSize = Crypto.rsaKeySize / 8 // [byte]. - let generatKeysPair : Key * Key = Crypto.generateRSAKeysPair + let generatKeysPair () : Key * Key = Crypto.generateRSAKeysPair () - // Encrypt a given file + // Format of the container: + // + // Where the sizes of the three first parts are given by 'hmacSize', 'signatureSize' and 'keysSize'. let encryptFile (inputFilePath : string) (outputFilePath : string) (signaturePrivKey: Key) (cryptPubKey : Key) = - let keyAES, keyMAC, iv = Crypto.rand 32, Crypto.rand 32, Crypto.rand 16 - let fileInfo = new FileInfo (inputFilePath) - use inputStream = new FileStream (inputFilePath, FileMode.Open, FileAccess.Read) + let keyAES, keyMAC, iv = Crypto.rand 16, Crypto.rand 32, Crypto.rand 16 + let fileInfo = FileInfo (inputFilePath) + use inputStream = fileInfo.OpenRead () use outputStream = new FileStream (outputFilePath, FileMode.Create, FileAccess.Write) - let writer = new BinaryWriter (outputStream) + use writer = new BinaryWriter (outputStream) - writer.Seek (32 + 256, SeekOrigin.Current) |> ignore // Skips mac and signature. They will be written later. + outputStream.Position <- (int64 <| hmacSize + signatureSize) // Skips mac and signature. They will be written later. - Crypto.encryptRSA cryptPubKey (Array.append keyAES <| Array.append keyMAC iv) |> writer.Write + Crypto.encryptRSA cryptPubKey (keyAES @@ keyMAC @@ iv) |> writer.Write - let (hmacStream, hmac) = Crypto.HMACStream keyMAC outputStream + // Plaintext -> cryptoStream -> hmacStream -> cyphertext. + let hmacStream, hmac = Crypto.HMACStream keyMAC outputStream use cryptoStream = Crypto.encryptAES keyAES iv hmacStream - let cryptoWriter = new BinaryWriter (cryptoStream) + use cryptoWriter = new BinaryWriter (cryptoStream) // Write the file metadata. - let metaData = new Metadata ([MetaData.filename, fileInfo.Name - MetaData.creationTimeKey, fileInfo.CreationTimeUtc.Ticks.ToString ()]) + let metaData = Metadata ([MetadataKeys.filename, fileInfo.Name + MetadataKeys.modificationTime, fileInfo.LastWriteTimeUtc.Ticks.ToString ()]) metaData.WriteTo cryptoStream // Write the content of the file. @@ -51,7 +71,42 @@ module API = // Write the signature. Crypto.signRSA signaturePrivKey hmac.Hash |> writer.Write - () + // May raise one of the following error: + // * IntegrityError + // * SignatureMismatch + // * UnableToDecryptAESKeys let decryptFile (sourceFilePath : string) (targetDirPath : string) (signaturePubKey: Key) (decryptPrivKey : Key) = - () \ No newline at end of file + use inputStream = new FileStream (sourceFilePath, FileMode.Open, FileAccess.Read) + use reader = new BinaryReader (inputStream) + let mac = reader.ReadBytes hmacSize + let signature = reader.ReadBytes signatureSize + let keys = + try reader.ReadBytes keysSize |> Crypto.decryptRSA decryptPrivKey + with + | :? Security.Cryptography.CryptographicException -> raise UnableToDecryptKeys + let keyAES = keys.[0..15] + let keyMAC = keys.[16..47] + let iv = keys.[48..63] + + // Integrity validation. + let mac' = Crypto.ComputeHMAC keyMAC inputStream + if mac' <> mac then + raise IntegrityError + + // Authentication validation. + if not <| Crypto.verifySignRSA signaturePubKey mac' signature then + raise SignatureMismatch + + // Decrypt metadata. + inputStream.Position <- (int64 <| hmacSize + signatureSize + keysSize) + use cryptoStream = Crypto.decryptAES keyAES iv inputStream + let metadata = Metadata cryptoStream + + // Create the file and write its content and metadata. + let filePath = Path.Combine (targetDirPath, metadata.get MetadataKeys.filename) + let modificationTime = DateTime (metadata.get MetadataKeys.modificationTime |> int64) + let fileInfo = FileInfo filePath + using (fileInfo.Create ()) cryptoStream.CopyTo // We have to close the result file before updating the modification time. + fileInfo.LastWriteTimeUtc <- modificationTime + \ No newline at end of file