--- /dev/null
+namespace CryptoFile
+open System.IO
+
+type internal Metadata (d : (string * string) list) =
+ new (stream : Stream, size: int) =
+ let binaryReader = new BinaryReader (stream)
+ new Metadata ([])
+ member this.WriteTo (stream : Stream) =
+ let binaryWriter = new BinaryWriter (stream)
+ List.iter (fun (key : string, value : string) -> binaryWriter.Write key; binaryWriter.Write value) d
+
+module API =
+ let internal filename = "filename"
+ let internal creationTimeKey = "file-creation-time"
+
+ let generatKeysPair : Key * Key = Crypto.generateRSAKeysPair
+
+ let encryptFile (inputFilePath : string) (outputFilePath : string) (signaturePrivKey: Key) (cryptPubKey : Key) =
+ let keyAES, keyMAC, iv = Crypto.rand 32, Crypto.rand 32, Crypto.rand 16
+ let fileInfo = new FileInfo (inputFilePath)
+ use inputStream = new FileStream (inputFilePath, FileMode.Open, FileAccess.Read)
+ use outputStream = new FileStream (outputFilePath, FileMode.Create, FileAccess.Write)
+ let writer = new BinaryWriter (outputStream)
+
+ ignore <| writer.Seek (8 + 32 + 256, SeekOrigin.Current) // Skips file-content-size, mac and signature. They will be written later.
+
+ Crypto.encryptRSA cryptPubKey (Array.append keyAES <| Array.append keyMAC iv) |> writer.Write
+
+ printfn "pos: %A" outputStream.Position
+
+ use cryptoStream = Crypto.encryptAES keyAES iv outputStream
+ let cryptoWriter = new BinaryWriter (cryptoStream)
+
+ // Write metadata.
+ let metaData = new Metadata ([filename, fileInfo.Name; creationTimeKey, fileInfo.CreationTimeUtc.Ticks.ToString ()])
+ let metaDataStream = new MemoryStream ()
+ metaData.WriteTo metaDataStream
+ cryptoWriter.Write (int metaDataStream.Length)
+ printfn "meta size: %A" (int metaDataStream.Length)
+ metaDataStream.Position <- 0L
+ metaDataStream.CopyTo cryptoStream
+ ()
+
+ let decryptFile (sourceFilePath : string) (targetDirPath : string) (signaturePubKey: Key) (decryptPrivKey : Key) =
+ ()
--- /dev/null
+namespace CryptoFile
+
+module AssemblyInfo =
+ open System.Reflection
+ open System.Runtime.CompilerServices
+
+ [<assembly: AssemblyTitle("CryptoFile")>]
+ [<assembly: AssemblyDescription("")>]
+ [<assembly: AssemblyConfiguration("")>]
+ [<assembly: AssemblyCompany("")>]
+ [<assembly: AssemblyProduct("")>]
+ [<assembly: AssemblyCopyright("gburri")>]
+ [<assembly: AssemblyTrademark("")>]
+
+ // The assembly version has the format {Major}.{Minor}.{Build}.{Revision}
+
+ [<assembly: AssemblyVersion("1.0.0.0")>]
+
+ //[<assembly: AssemblyDelaySign(false)>]
+ //[<assembly: AssemblyKeyFile("")>]
+
+ ()
+
--- /dev/null
+namespace CryptoFile
+
+// Some cryptography primitives specific to CryptoFile.
+module internal Crypto =
+ open System.Security.Cryptography
+ open System.IO
+
+ type Data = byte[]
+
+ let rsaKeySize = 2048
+
+ /// Returns a cryptographically strong sequence of bytes.
+ let rand size : byte[] =
+ let result = Array.zeroCreate size
+ let generator = new RNGCryptoServiceProvider ()
+ generator.GetBytes result
+ result
+
+ /// Generate a new RSA key pair: (public * private).
+ let generateRSAKeysPair : Key * Key =
+ use rsa = new RSACryptoServiceProvider (rsaKeySize)
+ try
+ rsa.ToXmlString false, rsa.ToXmlString true
+ finally
+ rsa.PersistKeyInCsp <- false
+
+ let encryptRSA (publicKey : Key) (plaindata : Data) : Data =
+ use rsa = new RSACryptoServiceProvider (rsaKeySize)
+ try
+ rsa.FromXmlString publicKey
+ rsa.Encrypt (plaindata, false) // Uses PKCS#1 v1.5 padding.
+ finally
+ rsa.PersistKeyInCsp <- false
+
+ let decryptRSA (privateKey : Key) (cipherdata : Data) : Data =
+ use rsa = new RSACryptoServiceProvider (rsaKeySize)
+ try
+ rsa.FromXmlString privateKey
+ rsa.Decrypt (cipherdata, false) // Uses PKCS#1 v1.5 padding.
+ finally
+ rsa.PersistKeyInCsp <- false
+
+ /// Produces a signature from a given hash.
+ let signRSA (privKey : Key) (sha256 : Data) : Data =
+ use rsa = new RSACryptoServiceProvider (rsaKeySize)
+ try
+ rsa.FromXmlString privKey
+ rsa.SignHash (sha256, CryptoConfig.MapNameToOID "SHA256")
+ finally
+ rsa.PersistKeyInCsp <- false
+
+ /// Verify a signature against a given hash.
+ let verifySignRSA (pubKey : Key) (sha256 : Data) (signature : Data) : bool =
+ use rsa = new RSACryptoServiceProvider (rsaKeySize)
+ try
+ rsa.FromXmlString pubKey
+ rsa.VerifyHash (sha256, CryptoConfig.MapNameToOID "SHA256", signature)
+ finally
+ rsa.PersistKeyInCsp <- false
+
+ /// Returns an encrypted output stream.
+ let encryptAES (key : byte[]) (iv : byte[]) (outputStream : Stream) : Stream =
+ assert (key.Length = 32 && iv.Length = 16)
+ use aes = new AesManaged ()
+ aes.KeySize <- 256
+ let encryptor = aes.CreateEncryptor (key, iv)
+ new CryptoStream (outputStream, encryptor, CryptoStreamMode.Write) :> Stream
+
+ /// Returns a decrypted input stream.
+ let decryptAES (key : byte[]) (iv : byte[]) (inputStream : Stream) : Stream =
+ assert (key.Length = 32 && iv.Length = 16)
+ use aes = new AesManaged ()
+ aes.KeySize <- 256
+ let decryptor = aes.CreateDecryptor (key, iv)
+ new CryptoStream (inputStream, decryptor, CryptoStreamMode.Read) :> Stream
--- /dev/null
+<?xml version="1.0" encoding="utf-8"?>\r
+<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">\r
+ <PropertyGroup>\r
+ <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>\r
+ <Platform Condition=" '$(Platform)' == '' ">x86</Platform>\r
+ <ProjectGuid>{CDB168EA-04F9-4A8B-A3B4-27D9A6390269}</ProjectGuid>\r
+ <OutputType>Library</OutputType>\r
+ <RootNamespace>CryptoFile</RootNamespace>\r
+ <AssemblyName>CryptoFile</AssemblyName>\r
+ <TargetFrameworkVersion>v4.5</TargetFrameworkVersion>\r
+ </PropertyGroup>\r
+ <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|x86' ">\r
+ <DebugSymbols>true</DebugSymbols>\r
+ <DebugType>full</DebugType>\r
+ <OutputPath>bin\Debug</OutputPath>\r
+ <DefineConstants>DEBUG</DefineConstants>\r
+ <ErrorReport>prompt</ErrorReport>\r
+ <PlatformTarget>x86</PlatformTarget>\r
+ <Externalconsole>true</Externalconsole>\r
+ <Optimize>false</Optimize>\r
+ <Tailcalls>false</Tailcalls>\r
+ <EnvironmentVariables>\r
+ <EnvironmentVariables>\r
+ <Variable name="MONO_TRACE_LISTENER" value="Console.Error" />\r
+ </EnvironmentVariables>\r
+ </EnvironmentVariables>\r
+ <Commandlineparameters>tests</Commandlineparameters>\r
+ </PropertyGroup>\r
+ <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|x86' ">\r
+ <DebugSymbols>true</DebugSymbols>\r
+ <DebugType>pdbonly</DebugType>\r
+ <Optimize>true</Optimize>\r
+ <OutputPath>bin\Release</OutputPath>\r
+ <ErrorReport>prompt</ErrorReport>\r
+ <PlatformTarget>x86</PlatformTarget>\r
+ <Externalconsole>true</Externalconsole>\r
+ <Tailcalls>true</Tailcalls>\r
+ <DefineConstants>\r
+ </DefineConstants>\r
+ </PropertyGroup>\r
+ <ItemGroup>\r
+ <Reference Include="mscorlib" />\r
+ <Reference Include="System" />\r
+ <Reference Include="System.Core" />\r
+ <Reference Include="System.Numerics" />\r
+ <Reference Include="System.Security" />\r
+ <Reference Include="FSharp.Core" />\r
+ </ItemGroup>\r
+ <ItemGroup>\r
+ <Compile Include="AssemblyInfo.fs" />\r
+ <Compile Include="Types.fs" />\r
+ <Compile Include="Crypto.fs" />\r
+ <Compile Include="Tests.fs" />\r
+ <Compile Include="API.fs" />\r
+ </ItemGroup>\r
+ <Import Project="$(MSBuildExtensionsPath32)\..\Microsoft F#\v4.0\Microsoft.FSharp.Targets" />\r
+</Project>
\ No newline at end of file
--- /dev/null
+namespace CryptoFile
+
+module Tests =
+ open System.Text
+ open System.Security.Cryptography
+ open Crypto
+
+ let testRSA () =
+ let kpub, kpriv = generateRSAKeysPair
+ let plaintext = "Hello, World!"
+ printfn "plaintext: %A" plaintext
+ let cipherdata = encryptRSA kpub (Encoding.UTF8.GetBytes plaintext)
+ printfn "cipherdata: (size: %A) %A" cipherdata.Length cipherdata
+ let decryptedData = decryptRSA kpriv cipherdata
+ let decryptedText = Encoding.UTF8.GetString decryptedData
+ printfn "decryptedtext: %A" decryptedText
+ assert (plaintext = decryptedText)
+ printfn "testRSA OK"
+
+ let testRSASignature () =
+ let kpub, kpriv = generateRSAKeysPair
+ let plaintext = "Hello, World!"
+ let sha256 = new SHA256Managed ()
+ let signature = signRSA kpriv (sha256.ComputeHash (Encoding.UTF8.GetBytes plaintext))
+ assert verifySignRSA kpub (sha256.ComputeHash (Encoding.UTF8.GetBytes plaintext)) signature
+ assert not (verifySignRSA kpub (sha256.ComputeHash (Encoding.UTF8.GetBytes "Hello!")) signature)
+ printfn "testRSASignature OK"
+
+ let runAllTests () =
+ testRSA ()
+ testRSASignature ()
\ No newline at end of file
--- /dev/null
+namespace CryptoFile
+
+type Key = string
+
+exception FileNotFound
+exception IOError
+exception SignatureMismatch
+exception IntegrityError
--- /dev/null
+module CryptoFileTests.AssemblyInfo
+open System.Reflection
+open System.Runtime.CompilerServices
+
+[<assembly: AssemblyTitle("CryptoFileTests")>]
+[<assembly: AssemblyDescription("")>]
+[<assembly: AssemblyConfiguration("")>]
+[<assembly: AssemblyCompany("")>]
+[<assembly: AssemblyProduct("")>]
+[<assembly: AssemblyCopyright("gburri")>]
+[<assembly: AssemblyTrademark("")>]
+
+// The assembly version has the format {Major}.{Minor}.{Build}.{Revision}
+
+[<assembly: AssemblyVersion("1.0.0.0")>]
+
+//[<assembly: AssemblyDelaySign(false)>]
+//[<assembly: AssemblyKeyFile("")>]
+
+()
+
--- /dev/null
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+ <PropertyGroup>
+ <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
+ <Platform Condition=" '$(Platform)' == '' ">x86</Platform>
+ <ProjectGuid>{FA5B9C91-036B-455C-892B-05A7FC398158}</ProjectGuid>
+ <OutputType>Exe</OutputType>
+ <RootNamespace>CryptoFileTests</RootNamespace>
+ <AssemblyName>CryptoFileTests</AssemblyName>
+ <TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
+ </PropertyGroup>
+ <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|x86' ">
+ <DebugSymbols>true</DebugSymbols>
+ <DebugType>full</DebugType>
+ <Optimize>false</Optimize>
+ <OutputPath>bin\Debug</OutputPath>
+ <DefineConstants>DEBUG</DefineConstants>
+ <ErrorReport>prompt</ErrorReport>
+ <Externalconsole>true</Externalconsole>
+ <Tailcalls>false</Tailcalls>
+ <PlatformTarget>x86</PlatformTarget>
+ <Commandlineparameters>tests</Commandlineparameters>
+ </PropertyGroup>
+ <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|x86' ">
+ <DebugSymbols>false</DebugSymbols>
+ <DebugType>none</DebugType>
+ <Optimize>true</Optimize>
+ <OutputPath>bin\Release</OutputPath>
+ <ErrorReport>prompt</ErrorReport>
+ <PlatformTarget>x86</PlatformTarget>
+ <Externalconsole>true</Externalconsole>
+ <Tailcalls>true</Tailcalls>
+ </PropertyGroup>
+ <ItemGroup>
+ <Reference Include="mscorlib" />
+ <Reference Include="FSharp.Core" />
+ <Reference Include="System" />
+ <Reference Include="System.Core" />
+ <Reference Include="System.Numerics" />
+ </ItemGroup>
+ <ItemGroup>
+ <Compile Include="AssemblyInfo.fs" />
+ <Compile Include="Program.fs" />
+ </ItemGroup>
+ <Import Project="$(MSBuildExtensionsPath32)\..\Microsoft SDKs\F#\3.1\Framework\v4.0\Microsoft.FSharp.Targets" />
+ <ItemGroup>
+ <ProjectReference Include="..\CryptoFile\CryptoFile.fsproj">
+ <Project>{CDB168EA-04F9-4A8B-A3B4-27D9A6390269}</Project>
+ <Name>CryptoFile</Name>
+ </ProjectReference>
+ </ItemGroup>
+</Project>
\ No newline at end of file
--- /dev/null
+module Labo2.Main
+
+open System
+open CryptoFile
+
+let printUsage () =
+ printfn "%s [ tests | encrypt <in file> <out file> | decrypt <in file> <out dir> ]\n\
+ \ttests: Run some tests to valid the 'CryptoFile' assembly\n\
+ \tencrypt: Encrypt a file <in> to <out>\n\
+ \tdecrypt: Decrypt a file <in> to <out>" System.AppDomain.CurrentDomain.FriendlyName
+
+[<EntryPoint>]
+let main args =
+ printfn "Labo n°2"
+
+ let keySigPub, keySigPriv = API.generatKeysPair
+ let keyCryptPub, keyCryptPriv = API.generatKeysPair
+
+ match args with
+ | [| "tests" |] -> Tests.runAllTests ()
+ | [| "encrypt"; input; output |] -> API.encryptFile input output keySigPriv keyCryptPub
+ | [| "decrypt"; input; outputDir |] -> API.decryptFile input outputDir keySigPub keyCryptPriv
+ | _ -> printUsage ()
+ 0
--- /dev/null
+Test
\ No newline at end of file
\r
Microsoft Visual Studio Solution File, Format Version 12.00\r
# Visual Studio 2012\r
-Project("{4925A630-B079-445d-BCD4-3A9C94FE9307}") = "labo2-fsharp", "labo2-fsharp\labo2-fsharp.fsproj", "{CDB168EA-04F9-4A8B-A3B4-27D9A6390269}"\r
+Project("{f2a71f9b-5d33-465a-a702-920d77279786}") = "CryptoFileTests", "CryptoFileTests\CryptoFileTests.fsproj", "{FA5B9C91-036B-455C-892B-05A7FC398158}"\r
+EndProject\r
+Project("{f2a71f9b-5d33-465a-a702-920d77279786}") = "CryptoFile", "CryptoFile\CryptoFile.fsproj", "{CDB168EA-04F9-4A8B-A3B4-27D9A6390269}"\r
EndProject\r
Global\r
GlobalSection(SolutionConfigurationPlatforms) = preSolution\r
{CDB168EA-04F9-4A8B-A3B4-27D9A6390269}.Debug|x86.Build.0 = Debug|x86\r
{CDB168EA-04F9-4A8B-A3B4-27D9A6390269}.Release|x86.ActiveCfg = Release|x86\r
{CDB168EA-04F9-4A8B-A3B4-27D9A6390269}.Release|x86.Build.0 = Release|x86\r
+ {FA5B9C91-036B-455C-892B-05A7FC398158}.Debug|x86.ActiveCfg = Debug|x86\r
+ {FA5B9C91-036B-455C-892B-05A7FC398158}.Debug|x86.Build.0 = Debug|x86\r
+ {FA5B9C91-036B-455C-892B-05A7FC398158}.Release|x86.ActiveCfg = Release|x86\r
+ {FA5B9C91-036B-455C-892B-05A7FC398158}.Release|x86.Build.0 = Release|x86\r
EndGlobalSection\r
GlobalSection(MonoDevelopProperties) = preSolution\r
- StartupItem = labo2-fsharp\labo2-fsharp.fsproj\r
+ StartupItem = CryptoFileTests\CryptoFileTests.fsproj\r
EndGlobalSection\r
EndGlobal\r
<Properties>
<MonoDevelop.Ide.Workspace ActiveConfiguration="Debug|x86" />
- <MonoDevelop.Ide.Workbench ActiveDocument="labo2-fsharp/Program.fs">
+ <MonoDevelop.Ide.Workbench ActiveDocument="CryptoFileTests/Program.fs">
<Files>
- <File FileName="labo2-fsharp/Program.fs" Line="34" Column="34" />
- <File FileName="labo2-fsharp/Crypto.fs" Line="105" Column="105" NotebookId="1" />
+ <File FileName="CryptoFile/Crypto.fs" Line="1" Column="1" />
+ <File FileName="CryptoFileTests/Program.fs" Line="14" Column="14" />
+ <File FileName="CryptoFile/Tests.fs" Line="20" Column="20" />
</Files>
+ <Pads>
+ <Pad Id="ProjectPad">
+ <State expanded="True">
+ <Node name="CryptoFile" expanded="True" />
+ <Node name="CryptoFileTests" expanded="True" selected="True" />
+ </State>
+ </Pad>
+ </Pads>
</MonoDevelop.Ide.Workbench>
<MonoDevelop.Ide.DebuggingService.Breakpoints>
<BreakpointStore />
+++ /dev/null
-module Labo2.AssemblyInfo
-open System.Reflection
-open System.Runtime.CompilerServices
-
-
-[<assembly: AssemblyTitle("labo2-fsharp")>]
-[<assembly: AssemblyDescription("")>]
-[<assembly: AssemblyConfiguration("")>]
-[<assembly: AssemblyCompany("")>]
-[<assembly: AssemblyProduct("")>]
-[<assembly: AssemblyCopyright("gburri")>]
-[<assembly: AssemblyTrademark("")>]
-
-// The assembly version has the format {Major}.{Minor}.{Build}.{Revision}
-
-[<assembly: AssemblyVersion("1.0.0.0")>]
-
-//[<assembly: AssemblyDelaySign(false)>]
-//[<assembly: AssemblyKeyFile("")>]
-
-()
-
+++ /dev/null
-module Labo2.Crypto
-
-open System.Security.Cryptography
-open System.IO
-
-type Key = string
-type Data = byte[]
-
-let rsaKeySize = 2048
-
-let generate256Key : Key =
- null
-
-/// Generate a new RSA key pair: (public * private).
-let generateRSAKeysPair : Key * Key =
- use rsa = new RSACryptoServiceProvider (rsaKeySize)
- try
- rsa.ToXmlString false, rsa.ToXmlString true
- finally
- rsa.PersistKeyInCsp <- false
-
-let encryptRSA (publicKey : Key) (plaindata : Data) : Data =
- use rsa = new RSACryptoServiceProvider (rsaKeySize)
- try
- rsa.FromXmlString publicKey
- rsa.Encrypt (plaindata, false) // Uses PKCS#1 v1.5 padding.
- finally
- rsa.PersistKeyInCsp <- false
-
-let decryptRSA (privateKey : Key) (cipherdata : Data) : Data =
- use rsa = new RSACryptoServiceProvider (rsaKeySize)
- try
- rsa.FromXmlString privateKey
- rsa.Decrypt (cipherdata, false) // Uses PKCS#1 v1.5 padding.
- finally
- rsa.PersistKeyInCsp <- false
-
-/// Produces a signature from a given hash.
-let signRSA (privKey : Key) (sha256 : Data) : Data =
- use rsa = new RSACryptoServiceProvider (rsaKeySize)
- try
- rsa.FromXmlString privKey
- rsa.SignHash (sha256, CryptoConfig.MapNameToOID "SHA256")
- finally
- rsa.PersistKeyInCsp <- false
-
-/// Verify a signature against a given hash.
-let verifySignRSA (pubKey : Key) (sha256 : Data) (signature : Data) : bool =
- use rsa = new RSACryptoServiceProvider (rsaKeySize)
- try
- rsa.FromXmlString pubKey
- rsa.VerifyHash (sha256, CryptoConfig.MapNameToOID "SHA256", signature)
- finally
- rsa.PersistKeyInCsp <- false
-
-let decryptAES (key : Key) (inputStream : Stream) (outputStream : Stream) =
- ()
-
-open System.Text
-
-let testRSA = lazy (
- let kpub, kpriv = generateRSAKeysPair
- let plaintext = "Hello, World!"
- printfn "plaintext: %A" plaintext
- let cipherdata = encryptRSA kpub (Encoding.UTF8.GetBytes plaintext)
- printfn "cipherdata: (size: %A) %A" cipherdata.Length cipherdata
- let decryptedData = decryptRSA kpriv cipherdata
- let decryptedText = Encoding.UTF8.GetString decryptedData
- printfn "decryptedtext: %A" decryptedText
- assert (plaintext = decryptedText)
- printfn "testRSA OK"
- )
-
-let testRSASignature = lazy (
- let kpub, kpriv = generateRSAKeysPair
- let plaintext = "Hello, World!"
- let sha256 = new SHA256Managed ()
- let signature = signRSA kpriv (sha256.ComputeHash (Encoding.UTF8.GetBytes plaintext))
- assert verifySignRSA kpub (sha256.ComputeHash (Encoding.UTF8.GetBytes plaintext)) signature
- assert not (verifySignRSA kpub (sha256.ComputeHash (Encoding.UTF8.GetBytes "Hello!")) signature)
- printfn "testRSASignature OK"
- )
\ No newline at end of file
+++ /dev/null
-(*
-Crypto - Labo n°2.
-*)
-
-module Labo2.Main
-
-open System
-open Crypto
-
-[<EntryPoint>]
-let main args =
- printfn "Labo n°2"
-
- if Array.exists ((=) "tests") args then
- testRSA.Force ()
- testRSASignature.Force ()
- 0
+++ /dev/null
-<?xml version="1.0" encoding="utf-8"?>\r
-<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">\r
- <PropertyGroup>\r
- <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>\r
- <Platform Condition=" '$(Platform)' == '' ">x86</Platform>\r
- <ProjectGuid>{CDB168EA-04F9-4A8B-A3B4-27D9A6390269}</ProjectGuid>\r
- <OutputType>Exe</OutputType>\r
- <RootNamespace>labo2fsharp</RootNamespace>\r
- <AssemblyName>labo2-fsharp</AssemblyName>\r
- <TargetFrameworkVersion>v4.5</TargetFrameworkVersion>\r
- </PropertyGroup>\r
- <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|x86' ">\r
- <DebugSymbols>true</DebugSymbols>\r
- <DebugType>full</DebugType>\r
- <OutputPath>bin\Debug</OutputPath>\r
- <DefineConstants>DEBUG</DefineConstants>\r
- <ErrorReport>prompt</ErrorReport>\r
- <PlatformTarget>x86</PlatformTarget>\r
- <Externalconsole>true</Externalconsole>\r
- <Optimize>false</Optimize>\r
- <Tailcalls>false</Tailcalls>\r
- <EnvironmentVariables>\r
- <EnvironmentVariables>\r
- <Variable name="MONO_TRACE_LISTENER" value="Console.Error" />\r
- </EnvironmentVariables>\r
- </EnvironmentVariables>\r
- <Commandlineparameters>tests</Commandlineparameters>\r
- </PropertyGroup>\r
- <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|x86' ">\r
- <DebugSymbols>true</DebugSymbols>\r
- <DebugType>pdbonly</DebugType>\r
- <Optimize>true</Optimize>\r
- <OutputPath>bin\Release</OutputPath>\r
- <ErrorReport>prompt</ErrorReport>\r
- <PlatformTarget>x86</PlatformTarget>\r
- <Externalconsole>true</Externalconsole>\r
- <Tailcalls>true</Tailcalls>\r
- <DefineConstants>\r
- </DefineConstants>\r
- </PropertyGroup>\r
- <ItemGroup>\r
- <Reference Include="mscorlib" />\r
- <Reference Include="System" />\r
- <Reference Include="System.Core" />\r
- <Reference Include="System.Numerics" />\r
- <Reference Include="System.Security" />\r
- <Reference Include="FSharp.Core" />\r
- </ItemGroup>\r
- <ItemGroup>\r
- <Compile Include="AssemblyInfo.fs" />\r
- <Compile Include="Crypto.fs" />\r
- <Compile Include="Program.fs" />\r
- </ItemGroup>\r
- <Import Project="$(MSBuildExtensionsPath32)\..\Microsoft F#\v4.0\Microsoft.FSharp.Targets" />\r
-</Project>
\ No newline at end of file
* Génération d'une clef 256 bits pour AES -> kc
* Génération d'une clef 256 bits pour MAC -> ka
+* Génération d'un IV pour le mode CBC -> iv
* Construction du plaintext, voir format ci dessous
-* Chiffrement du plaintext avec AES-CBC256 et kc -> ciphertext
+* Chiffrement du plaintext avec AES-CBC256 et kc et iv -> ciphertext
* Calcul de MAC de ciphertext -> mac
* Signature de mac -> sig
-* Chiffrement de kc + ka avec kpub (RSA) -> keys
+* Chiffrement de kc + ka + iv avec kpub (RSA) -> keys
* Renvoie mac + sig + keys + ciphertext
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\section{Introduction}
+\section{Choix des algorithmes et des paramètres}
+
+\begin{itemize}
+ \item \emph{RSA-2048} pour la signature ainsi que pour le chiffrage des clefs \emph{AES} et \emph{HMAC}. Le padding \emph{PKCS\#1 v1.5} est utilisé ;
+ \item \emph{HMAC-SHA256} pour la vérification de l'intégrité ;
+ \item \emph{AES-CBC256} pour le chiffrement symétrique du contenu du fichier et des méta-données.
+\end{itemize}
+
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\section{format du container}
+
+Le format est définit comme suit en \emph{EBNF}. Les valeurs entre crochets correspondent soit à une taille en bits soit à un type.
+
+\begin{lstlisting}[frame=single, breaklines, basicstyle=\ttfamily\footnotesize]
+container = header, ciphertext ;
+header = file-content-size[int64], mac[256], signature[2048], keys[2048] ;
+ciphertext = AES(plaintext) ;
+plaintext = meta-data, file-content ;
+meta-data = meta-data-size[int32], { key-value-pair } ;
+key-value-pair = key[string], value[string] ;
+string = size[8], content-utf8 ;
+\end{lstlisting}
+
+\texttt{meta-data-size} permet de connaître la taille des méta-données afin de les déchiffrer au préalable du contenu du fichier.
+
+\texttt{keys} correspond aux clefs $k_c$ et $k_a$ ainsi qu'a l'\emph{IV} le tout chiffré avec \emph{RSA-2048}. La taille des données chiffrées est égale à $k_c + k_a + iv = 256 + 256 + 128 = 640\,bits$.
+
+Les méta-données (\texttt{meta-data}) peuvent contenir, par exemple, le nom du fichier, sa date de création, ses droits, ou tout autres données associées.
+
+
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\section{processus}
\subsection{chiffrement}
+Entrées :
+
+\begin{itemize}
+ \item $f$ : contenu du fichier
+ \item $metas$ : métas données associées au fichier
+ \item $k_{pub}$ : clef publique RSA
+ \item $k_{signpriv}$ : clef privé de signature DSA
+\end{itemize}
+
+
+Processus :
+
+\begin{enumerate}
+ \item Génération d'une clef 256 bits pour \emph{AES} $\rightarrow k_c$.
+ \item Génération d'une clef 256 bits pour \emph{MAC} $\rightarrow k_a$.
+ \item Génération d'un \emph{IV} 128 bits pour le mode \emph{CBC} $\rightarrow iv$.
+ \item Construction du $plaintext$, voir format ci dessus.
+ \item Chiffrement du $plaintext$ avec \emph{AES-CBC256}, $k_c$ et $iv \rightarrow ciphertext$.
+ \item Calcul de MAC de $ciphertext$ $\rightarrow mac$.
+ \item Signature de $mac$ avec $k_{signpriv}$ $\rightarrow sig$.
+ \item Chiffrement de $k_c + k_a + iv$ avec $k_pub \rightarrow keys$.
+ \item Renvoie $mac + sig + keys + ciphertext$.
+\end{enumerate}
+
+Où $+$ dénote la concaténation.
+
+
+
\subsection{déchiffrement}
+
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\section{format du container}
+\section{Implémentation}
+
+\subsection{Utilisation}
+
+\subsection{Organisation du code}
+
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\section{Niveaux de sécurité}
\begin{itemize}
\item Confidentialité : les données chiffrées ne doivent pas pouvoir être décryptées par un attaquant.
\item Authentification : un attaquant ne doit pas pouvoir forger un container, une signature est réalisée à l'aide d'une paire de clef publique-privée.
- \item Intégrité : il ne faut pas que les données chiffrée aient pu être altérées par un attaquant.
+ \item Intégrité : il ne faut pas que les données chiffrées aient pu être altérées par un attaquant.
\end{itemize}
Cela est réalisé avec un \emph{MAC}, dans notre nous utilisons \emph{HMAC-SHA256} sur les données chiffrées (\emph{Encrypt-then-MAC}).
-\subsection{}
+\subsection{Quels sont les clefs cryptographiques requises qu'il est nécessaire de gérer ?}
+
+\subsubsection{Clefs externes}
+
+Concerne les clefs externes à l'\emph{API}.
+
+\begin{itemize}
+ \item Une paire de clefs \emph{RSA-2048} pour la signature.
+ \item Une paire de clefs \emph{RSA-2048} pour le chiffrement des clefs \emph{AES}.
+\end{itemize}
+
+
+
+\subsubsection{Clefs internes}
+
+Concerne les clefs gérer à l'intérieur du container.
+
+\begin{itemize}
+ \item Une clef de 256 bits pour \emph{AES}.
+ \item Une clef de 256 bits pour \emph{HMAC}.
+\end{itemize}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
projects / crypto_lab2.git / commitdiff