X-Git-Url: http://git.euphorik.ch/?p=crypto_lab2.git;a=blobdiff_plain;f=labo2-fsharp%2FCryptoFile%2FCrypto.fs;h=a7ba53ccf31c8c8c3de3484441f98c86e60ac453;hp=c81475b9e24cc6096fb04f07c1e4762ed160ccc8;hb=a29300558755d533aff12a6fb668c7e985ca4617;hpb=f88f22ebc8d780fbd86358bf95dffcfb3803f509 diff --git a/labo2-fsharp/CryptoFile/Crypto.fs b/labo2-fsharp/CryptoFile/Crypto.fs index c81475b..a7ba53c 100644 --- a/labo2-fsharp/CryptoFile/Crypto.fs +++ b/labo2-fsharp/CryptoFile/Crypto.fs @@ -11,14 +11,17 @@ module internal Crypto = let rsaKeySize = 2048 let aesKeySize = 128 + exception KeySizeError + exception IVSizeError + /// Returns a cryptographically strong sequence of bytes. let rand size : byte[] = let result = Array.zeroCreate size - let generator = new RNGCryptoServiceProvider () + use generator = new RNGCryptoServiceProvider () generator.GetBytes result result - /// Generate a new RSA key pair: (public * private). + /// Generates a new RSA key pair: (public * private). let generateRSAKeysPair : Key * Key = use rsa = new RSACryptoServiceProvider (rsaKeySize) rsa.ToXmlString false, rsa.ToXmlString true @@ -26,12 +29,12 @@ module internal Crypto = let encryptRSA (publicKey: Key) (plaindata: Data) : Data = use rsa = new RSACryptoServiceProvider (rsaKeySize) rsa.FromXmlString publicKey - rsa.Encrypt (plaindata, false) // Uses PKCS#1 v1.5 padding. + rsa.Encrypt (plaindata, true) // Uses padding OAEP (PKCS#1 v2). let decryptRSA (privateKey: Key) (cipherdata: Data) : Data = use rsa = new RSACryptoServiceProvider (rsaKeySize) rsa.FromXmlString privateKey - rsa.Decrypt (cipherdata, false) // Uses PKCS#1 v1.5 padding. + rsa.Decrypt (cipherdata, true) // Uses padding OAEP (PKCS#1 v2). /// Produces a signature from a given hash. let signRSA (privKey: Key) (sha256: Data) : Data = @@ -47,27 +50,25 @@ module internal Crypto = /// Returns an encrypted output stream. let encryptAES (key: byte[]) (iv: byte[]) (outputStream: Stream) : CryptoStream = - assert (key.Length = aesKeySize / 8 && iv.Length = 16) - use aes = new AesCryptoServiceProvider () // Default mode is CBC. - aes.KeySize <- aesKeySize - let encryptor = aes.CreateEncryptor (key, iv) - new CryptoStream (outputStream, encryptor, CryptoStreamMode.Write) + if key.Length <> aesKeySize / 8 then raise KeySizeError + if iv.Length <> 16 then raise IVSizeError + use aes = new AesCryptoServiceProvider (KeySize = aesKeySize) // Default mode is CBC. + new CryptoStream (outputStream, aes.CreateEncryptor (key, iv), CryptoStreamMode.Write) /// Returns a decrypted input stream. let decryptAES (key: byte[]) (iv: byte[]) (inputStream: Stream) : CryptoStream = - assert (key.Length = aesKeySize / 8 && iv.Length = 16) - use aes = new AesCryptoServiceProvider () - aes.KeySize <- aesKeySize - let decryptor = aes.CreateDecryptor (key, iv) - new CryptoStream (inputStream, decryptor, CryptoStreamMode.Read) + if key.Length <> aesKeySize / 8 then raise KeySizeError + if iv.Length <> 16 then raise IVSizeError + use aes = new AesCryptoServiceProvider (KeySize = aesKeySize) + new CryptoStream (inputStream, aes.CreateDecryptor (key, iv), CryptoStreamMode.Read) - // Create a stream to compute the HMAC-SHA256 against all data being written. + // Creates a stream to compute the HMAC-SHA256 against all data being written. let HMACStream (key: byte[]) (outputStream: Stream) : Stream * HMACSHA256 = - assert (key.Length = 32) + if key.Length <> 32 then raise KeySizeError let hmac = new HMACSHA256 (key) new CryptoStream (outputStream, hmac, CryptoStreamMode.Write) :> Stream, hmac let ComputeHMAC (key: byte[]) (inputStream: Stream) : byte[] = - assert (key.Length = 32) - let hmac = new HMACSHA256 (key) + if key.Length <> 32 then raise KeySizeError + use hmac = new HMACSHA256 (key) hmac.ComputeHash inputStream \ No newline at end of file