34d54fa68cf04673424479a57e91c095bb60c4fe
3 // Some cryptography primitives specific to CryptoFile.
4 module internal Crypto =
5 open System.Security.Cryptography
12 /// Returns a cryptographically strong sequence of bytes.
13 let rand size
: byte
[] =
14 let result = Array.zeroCreate
size
15 let generator = new RNGCryptoServiceProvider ()
16 generator.GetBytes result
19 /// Generate a new RSA key pair: (public * private).
20 let generateRSAKeysPair : Key * Key =
21 use rsa = new RSACryptoServiceProvider (rsaKeySize)
23 rsa.ToXmlString false, rsa.ToXmlString true
25 rsa.PersistKeyInCsp <- false
27 let encryptRSA (publicKey
: Key) (plaindata
: Data) : Data =
28 use rsa = new RSACryptoServiceProvider (rsaKeySize)
30 rsa.FromXmlString publicKey
31 rsa.Encrypt (plaindata
, false) // Uses PKCS#1 v1.5 padding.
33 rsa.PersistKeyInCsp <- false
35 let decryptRSA (privateKey
: Key) (cipherdata
: Data) : Data =
36 use rsa = new RSACryptoServiceProvider (rsaKeySize)
38 rsa.FromXmlString privateKey
39 rsa.Decrypt (cipherdata
, false) // Uses PKCS#1 v1.5 padding.
41 rsa.PersistKeyInCsp <- false
43 /// Produces a signature from a given hash.
44 let signRSA (privKey
: Key) (sha256
: Data) : Data =
45 use rsa = new RSACryptoServiceProvider (rsaKeySize)
47 rsa.FromXmlString privKey
48 rsa.SignHash (sha256
, CryptoConfig.MapNameToOID "SHA256")
50 rsa.PersistKeyInCsp <- false
52 /// Verify a signature against a given hash.
53 let verifySignRSA (pubKey
: Key) (sha256
: Data) (signature
: Data) : bool =
54 use rsa = new RSACryptoServiceProvider (rsaKeySize)
56 rsa.FromXmlString pubKey
57 rsa.VerifyHash (sha256
, CryptoConfig.MapNameToOID "SHA256", signature
)
59 rsa.PersistKeyInCsp <- false
61 /// Returns an encrypted output stream.
62 let encryptAES (key
: byte
[]) (iv
: byte
[]) (outputStream
: Stream) : Stream =
63 assert (key
.Length = 32 && iv
.Length = 16)
64 use aes = new AesManaged ()
66 let encryptor = aes.CreateEncryptor (key
, iv
)
67 new CryptoStream (outputStream
, encryptor, CryptoStreamMode.Write) :> Stream
69 /// Returns a decrypted input stream.
70 let decryptAES (key
: byte
[]) (iv
: byte
[]) (inputStream
: Stream) : Stream =
71 assert (key
.Length = 32 && iv
.Length = 16)
72 use aes = new AesManaged ()
74 let decryptor = aes.CreateDecryptor (key
, iv
)
75 new CryptoStream (inputStream
, decryptor, CryptoStreamMode.Read) :> Stream