module Cryptosystem:sig
..end
AES_CTS
as cipher, and SHA1-96 for signing.exception Integrity_error
val derive_keys : string -> int -> Netmech_scram.specific_keys
derive_keys protocol_key usage
: Returns the specific keys for
this protocol_key
and this usage
numbers. See RFC 4121 for
applicable usage numbersval encrypt_and_sign : Netmech_scram.specific_keys -> string -> string
Returns ciphertext_with_signature
.
val encrypt_and_sign_mstrings : Netmech_scram.specific_keys ->
Netxdr_mstring.mstring list -> Netxdr_mstring.mstring list
mstring list
val decrypt_and_verify : Netmech_scram.specific_keys -> string -> string
For very short plaintexts (< 16 bytes) there will be some
padding at the end ("residue"), as returned as ec
above.
We ignore this problem generally,
because GSS-API adds a 16-byte header to the plaintext anyway,
so these short messages do not occur.
If the signature is not valid, the exception Integrity_error
is raised.
val decrypt_and_verify_mstrings : Netmech_scram.specific_keys ->
Netxdr_mstring.mstring list -> Netxdr_mstring.mstring list
mstring list
val get_ec : Netmech_scram.specific_keys -> int -> int
let ec = get_ec e_keys n
:
Returns the required value for the "extra count" field of
RFC 4121 if the plaintext message has size n
. Here,
n
is the size of the payload message plus the token
header of 16 bytes, i.e. the function is always called with
n >= 16
.
Here, the returned ec
value is always 0.
val get_mic : Netmech_scram.specific_keys -> string -> string
val get_mic_mstrings : Netmech_scram.specific_keys -> Netxdr_mstring.mstring list -> string
mstring list