# package cryptokit

Library

Module

Module type

Parameter

Class

Class type

The `MAC`

module implements message authentication codes, also known as keyed hash functions. These are hash functions parameterized by a secret key. In addition to being one-way and collision-resistant, a MAC has the property that without knowing the secret key, it is computationally infeasible to find the hash for a known text, even if many pairs of (text, MAC) are known to the attacker. Thus, MAC can be used to authenticate the sender of a text: the receiver of a (text, MAC) pair can recompute the MAC from the text, and if it matches the transmitted MAC, be reasonably certain that the text was authentified by someone who possesses the secret key.

The module `MAC`

provides five MAC functions based on the hashes SHA-1, SHA256, SHA512, RIPEMD160 and MD5, and five MAC functions based on the block ciphers AES, DES, and Triple-DES.

`val hmac_sha1 : string -> hash`

`hmac_sha1 key`

returns a MAC based on the HMAC construction (RFC2104) applied to SHA-1. The returned hash values are 160 bits (20 bytes) long. The `key`

argument is the MAC key; it can have any length, but a minimal length of 20 bytes is recommended.

`val hmac_sha256 : string -> hash`

`hmac_sha1 key`

returns a MAC based on the HMAC construction (RFC2104) applied to SHA-1. The returned hash values are 160 bits (20 bytes) long. The `key`

argument is the MAC key; it can have any length, but a minimal length of 20 bytes is recommended.

`hmac_sha256 key`

returns a MAC based on the HMAC construction (RFC2104) applied to SHA-256. The returned hash values are 256 bits (32 bytes) long. The `key`

argument is the MAC key; it can have any length, but a minimal length of 32 bytes is recommended.

`val hmac_sha512 : string -> hash`

`hmac_sha256 key`

returns a MAC based on the HMAC construction (RFC2104) applied to SHA-256. The returned hash values are 256 bits (32 bytes) long. The `key`

argument is the MAC key; it can have any length, but a minimal length of 32 bytes is recommended.

`hmac_sha512 key`

returns a MAC based on the HMAC construction (RFC2104) applied to SHA-512. The returned hash values are 512 bits (64 bytes) long. The `key`

argument is the MAC key; it can have any length, but a minimal length of 64 bytes is recommended.

`val hmac_ripemd160 : string -> hash`

`hmac_sha512 key`

returns a MAC based on the HMAC construction (RFC2104) applied to SHA-512. The returned hash values are 512 bits (64 bytes) long. The `key`

argument is the MAC key; it can have any length, but a minimal length of 64 bytes is recommended.

`hmac_ripemd160 key`

returns a MAC based on the HMAC construction (RFC2104) applied to RIPEMD-160. The returned hash values are 160 bits (20 bytes) long. The `key`

argument is the MAC key; it can have any length, but a minimal length of 20 bytes is recommended.

`val hmac_md5 : string -> hash`

`hmac_ripemd160 key`

returns a MAC based on the HMAC construction (RFC2104) applied to RIPEMD-160. The returned hash values are 160 bits (20 bytes) long. The `key`

argument is the MAC key; it can have any length, but a minimal length of 20 bytes is recommended.

`hmac_md5 key`

returns a MAC based on the HMAC construction (RFC2104) applied to MD5. The returned hash values are 128 bits (16 bytes) long. The `key`

argument is the MAC key; it can have any length, but a minimal length of 16 bytes is recommended.

`val aes_cmac : ?iv:string -> string -> hash`

`hmac_md5 key`

returns a MAC based on the HMAC construction (RFC2104) applied to MD5. The returned hash values are 128 bits (16 bytes) long. The `key`

argument is the MAC key; it can have any length, but a minimal length of 16 bytes is recommended.

`aes_cmac key`

returns a MAC based on AES encryption in CMAC mode, also known as OMAC1 mode. The input data is encrypted using AES in CBC mode, with a special treatment of the final block that makes this MAC suitable for input data of variable length. The final value of the initialization vector is the MAC value. Thus, the returned hash values are 128 bit (16 bytes) long. The `key`

argument is the MAC key; it must have length 16, 24, or 32. The optional `iv`

argument is the first value of the initialization vector, and defaults to 0.

`val aes : ?iv:string -> ?pad:Padding.scheme -> string -> hash`

`aes_cmac key`

returns a MAC based on AES encryption in CMAC mode, also known as OMAC1 mode. The input data is encrypted using AES in CBC mode, with a special treatment of the final block that makes this MAC suitable for input data of variable length. The final value of the initialization vector is the MAC value. Thus, the returned hash values are 128 bit (16 bytes) long. The `key`

argument is the MAC key; it must have length 16, 24, or 32. The optional `iv`

argument is the first value of the initialization vector, and defaults to 0.

`aes key`

returns a MAC based on AES encryption in CBC mode. Unlike `aes_cmac`

, there is no special treatment for the final block, except padding it as per the optional `pad`

argument. This makes this MAC weak when used with input data of variable length. (It is fine for data of fixed length, though.) The returned hash values are 128 bit (16 bytes) long. The `key`

argument is the MAC key; it must have length 16, 24, or 32. The optional `iv`

argument is the first value of the initialization vector, and defaults to 0. The optional `pad`

argument specifies a padding scheme to pad input to an integral number of 16-byte blocks.

`val des : ?iv:string -> ?pad:Padding.scheme -> string -> hash`

`aes key`

returns a MAC based on AES encryption in CBC mode. Unlike `aes_cmac`

, there is no special treatment for the final block, except padding it as per the optional `pad`

argument. This makes this MAC weak when used with input data of variable length. (It is fine for data of fixed length, though.) The returned hash values are 128 bit (16 bytes) long. The `key`

argument is the MAC key; it must have length 16, 24, or 32. The optional `iv`

argument is the first value of the initialization vector, and defaults to 0. The optional `pad`

argument specifies a padding scheme to pad input to an integral number of 16-byte blocks.

`des key`

returns a MAC based on DES encryption in CBC mode. The construction is identical to that used for the `aes`

MAC. The key size is 64 bits (8 bytes), of which only 56 are used. The returned hash value has length 8 bytes. Due to the small hash size and key size, this MAC is weak.

`val triple_des : ?iv:string -> ?pad:Padding.scheme -> string -> hash`

`des key`

returns a MAC based on DES encryption in CBC mode. The construction is identical to that used for the `aes`

MAC. The key size is 64 bits (8 bytes), of which only 56 are used. The returned hash value has length 8 bytes. Due to the small hash size and key size, this MAC is weak.

`des key`

returns a MAC based on triple DES encryption in CBC mode. The construction is identical to that used for the `aes`

MAC. The key size is 16 or 24 bytes. The returned hash value has length 8 bytes. The key size is sufficient to protect against brute-force attacks, but the small hash size means that this MAC is not collision-resistant.

`val des_final_triple_des : ?iv:string -> ?pad:Padding.scheme -> string -> hash`

`des key`

returns a MAC based on triple DES encryption in CBC mode. The construction is identical to that used for the `aes`

MAC. The key size is 16 or 24 bytes. The returned hash value has length 8 bytes. The key size is sufficient to protect against brute-force attacks, but the small hash size means that this MAC is not collision-resistant.

`des_final_triple_des key`

returns a MAC that uses DES CBC with the first 8 bytes of `key`

as key. The final initialization vector is then DES-decrypted with bytes 8 to 15 of `key`

, and DES-encrypted again with either the last 8 bytes of `key`

(if a triple-length key is provided) or the first 8 bytes of `key`

(if a double-length key is provided). Thus, the key is 16 or 24 bytes long, of which 112 or 168 bits are used. The overall construction has the same key size as a triple DES MAC, but runs faster because triple encryption is not performed on all data blocks, but only on the final MAC.