module Netauth:sig
..end
Some primitives for authentication
val hmac : h:(string -> string) ->
b:int -> l:int -> k:string -> message:string -> string
The HMAC algorithm of RFC 2104. The function h
is the hash function.
b
and l
are properties of h
(see the RFC or below). The string
k
is the key, up to b
bytes. The message
is authenticated.
The key k
should ideally have length l
. If this cannot be ensured
by other means, one should pass k = h any_k
.
Common values of b
and l
:
h=MD5
: b=64
, l=16
h=SHA-1
: b=64
, l=20
See also Netsys_digests.hmac
for a better implementation.
typekey_type =
[ `Kc | `Ke | `Ki ]
Key types:
`Kc
is used for computing checksums`Ke
is used for encrypting confidential messages`Ki
is used for computing integrity checksums for encrypted
messagesval derive_key_rfc3961_simplified : encrypt:(string -> string) ->
random_to_key:(string -> string) ->
block_size:int -> k:int -> usage:int -> key_type:key_type -> string
Derives a special key from a base key, as described in RFC 3961.
encrypt
: Encrypts the argument with the base key and the
initial cipher state.random_to_key
: Converts a random string of size k
to a keyblock_size
: The block size of the cipher underlying encrypt
.
It is ensured that encrypt
is called with strings having exactly
this many bits. (The c
parameter in the RFC text.) Minimum: 40.k
: The input size for random_to_key
in bits. Must be divisible
by 8.usage
: The usage number (here restricted to 0-255, although the
RFC would allow 32 bits). Examples for usage numbers can be found
in RFC 4121 section 2.key_type
: Which key type to deriveThe output is a key as produced by random_to_key
.
val xor_s : string -> string -> string
Performs the bitwise XOR of these strings (which must have the same length)
val add_1_complement : string -> string -> string
The addition algorithm for 1's-complement numbers. The two numbers to add are given as bitstrings (big endian), and must have the same length
val rotate_right : int -> string -> string
Rotate the (big-endian) bitstring to the right by n bits. This also works for negative n (left rotation), and for n whose absolute value is greater or equal than the bit length of the string.
val n_fold : int -> string -> string
Blumenthal's n-fold algorithm for an n that is divisible by 8. (RFC 3961, section 5.1)