X-Git-Url: http://git.euphorik.ch/?p=crypto_lab2.git;a=blobdiff_plain;f=labo2-fsharp%2FCryptoFile%2FCrypto.fs;fp=labo2-fsharp%2FCryptoFile%2FCrypto.fs;h=4b893b0bfeba9b6985508998432d00ae946e1aa5;hp=a7ba53ccf31c8c8c3de3484441f98c86e60ac453;hb=c0d86015957eda6badbe9c6e5256807f9ab0c02f;hpb=8e04e7140bd58f941930dc15b890236f8a20c67b diff --git a/labo2-fsharp/CryptoFile/Crypto.fs b/labo2-fsharp/CryptoFile/Crypto.fs index a7ba53c..4b893b0 100644 --- a/labo2-fsharp/CryptoFile/Crypto.fs +++ b/labo2-fsharp/CryptoFile/Crypto.fs @@ -4,65 +4,65 @@ open System open System.IO open System.Security.Cryptography -// Some cryptography primitives specific to CryptoFile. +// Some cryptography primitives specific to 'CryptoFile'. module internal Crypto = type Data = byte[] - let rsaKeySize = 2048 - let aesKeySize = 128 + let rsaKeySize = 3072 // [bit]. For encrypting and signing. + let aesKeySize = 128 // [bit]. exception KeySizeError exception IVSizeError - /// Returns a cryptographically strong sequence of bytes. + /// Return a cryptographically strong sequence of bytes. let rand size : byte[] = let result = Array.zeroCreate size use generator = new RNGCryptoServiceProvider () generator.GetBytes result result - /// Generates a new RSA key pair: (public * private). - let generateRSAKeysPair : Key * Key = + /// Generate a new RSA key pair: (public * private). + let generateRSAKeysPair () : Key * Key = use rsa = new RSACryptoServiceProvider (rsaKeySize) rsa.ToXmlString false, rsa.ToXmlString true let encryptRSA (publicKey: Key) (plaindata: Data) : Data = use rsa = new RSACryptoServiceProvider (rsaKeySize) rsa.FromXmlString publicKey - rsa.Encrypt (plaindata, true) // Uses padding OAEP (PKCS#1 v2). + rsa.Encrypt (plaindata, true) // Use padding OAEP (PKCS#1 v2). let decryptRSA (privateKey: Key) (cipherdata: Data) : Data = use rsa = new RSACryptoServiceProvider (rsaKeySize) rsa.FromXmlString privateKey - rsa.Decrypt (cipherdata, true) // Uses padding OAEP (PKCS#1 v2). + rsa.Decrypt (cipherdata, true) // Use padding OAEP (PKCS#1 v2). - /// Produces a signature from a given hash. - let signRSA (privKey: Key) (sha256: Data) : Data = + /// Produce a signature from the given data. + let signRSA (privKey: Key) (data: Data) : Data = use rsa = new RSACryptoServiceProvider (rsaKeySize) rsa.FromXmlString privKey - rsa.SignHash (sha256, CryptoConfig.MapNameToOID "SHA256") + rsa.SignHash (data, CryptoConfig.MapNameToOID "SHA256") - /// Verify a signature against a given hash. - let verifySignRSA (pubKey: Key) (sha256: Data) (signature: Data) : bool = + /// Verify a signature against the given data. + let verifySignRSA (pubKey: Key) (data: Data) (signature: Data) : bool = use rsa = new RSACryptoServiceProvider (rsaKeySize) rsa.FromXmlString pubKey - rsa.VerifyHash (sha256, CryptoConfig.MapNameToOID "SHA256", signature) + rsa.VerifyHash (data, CryptoConfig.MapNameToOID "SHA256", signature) - /// Returns an encrypted output stream. + /// Return an encrypted output stream. let encryptAES (key: byte[]) (iv: byte[]) (outputStream: Stream) : CryptoStream = if key.Length <> aesKeySize / 8 then raise KeySizeError if iv.Length <> 16 then raise IVSizeError use aes = new AesCryptoServiceProvider (KeySize = aesKeySize) // Default mode is CBC. new CryptoStream (outputStream, aes.CreateEncryptor (key, iv), CryptoStreamMode.Write) - /// Returns a decrypted input stream. + /// Return a decrypted input stream. let decryptAES (key: byte[]) (iv: byte[]) (inputStream: Stream) : CryptoStream = if key.Length <> aesKeySize / 8 then raise KeySizeError if iv.Length <> 16 then raise IVSizeError use aes = new AesCryptoServiceProvider (KeySize = aesKeySize) new CryptoStream (inputStream, aes.CreateDecryptor (key, iv), CryptoStreamMode.Read) - // Creates a stream to compute the HMAC-SHA256 against all data being written. + // Create a stream to compute the HMAC-SHA256 against all data being written. let HMACStream (key: byte[]) (outputStream: Stream) : Stream * HMACSHA256 = if key.Length <> 32 then raise KeySizeError let hmac = new HMACSHA256 (key)