module MAC:sig..end
MAC module implements message authentication codes, also
known as keyed hash functions. These are hash functions parameterized
by a secret key. In addition to being one-way and collision-resistant,
a MAC has the property that without knowing the secret key, it is
computationally infeasible to find the hash for a known text,
even if many pairs of (text, MAC) are known to the attacker.
Thus, MAC can be used to authenticate the sender of a text:
the receiver of a (text, MAC) pair can recompute the MAC from the text,
and if it matches the transmitted MAC, be reasonably certain that
the text was authentified by someone who possesses the secret key.
The module MAC provides four MAC functions based on the hashes
SHA-1, SHA256, RIPEMD160 and MD5, and four MAC functions based on
the block ciphers AES, DES, and Triple-DES.
val hmac_sha1 : string -> Cryptokit.hashhmac_sha1 key returns a MAC based on the HMAC construction (RFC2104)
applied to SHA-1. The returned hash values are 160 bits (20 bytes)
long. The key argument is the MAC key; it can have any length,
but a minimal length of 20 bytes is recommended.val hmac_sha256 : string -> Cryptokit.hashhmac_sha256 key returns a MAC based on the HMAC construction
(RFC2104) applied to SHA-256. The returned hash values are
256 bits (32 bytes) long. The key argument is the MAC key;
it can have any length, but a minimal length of 32 bytes is
recommended.val hmac_ripemd160 : string -> Cryptokit.hashhmac_ripemd160 key returns a MAC based on the HMAC
construction (RFC2104) applied to RIPEMD-160. The returned
hash values are 160 bits (20 bytes) long. The key argument
is the MAC key; it can have any length, but a minimal length
of 20 bytes is recommended.val hmac_md5 : string -> Cryptokit.hashhmac_md5 key returns a MAC based on the HMAC construction (RFC2104)
applied to MD5. The returned hash values are 128 bits (16 bytes)
long. The key argument is the MAC key; it can have any length,
but a minimal length of 16 bytes is recommended.val aes : ?iv:string -> ?pad:Cryptokit.Padding.scheme -> string -> Cryptokit.hashaes key returns a MAC based on AES encryption in CBC mode.
The ciphertext is discarded, and the final value of the
initialization vector is the MAC value. Thus, the returned
hash values are 128 bit (16 bytes) long. The key argument
is the MAC key; it must have length 16, 24, or 32. The
optional iv argument is the first value of the
initialization vector, and defaults to 0. The optional pad
argument specifies a padding scheme to pad input to an
integral number of 16-byte blocks.val des : ?iv:string -> ?pad:Cryptokit.Padding.scheme -> string -> Cryptokit.hashdes key returns a MAC based on DES encryption in CBC mode.
The construction is identical to that used for the aes MAC.
The key size is 64 bits (8 bytes), of which only 56 are used.
The returned hash value has length 8 bytes.
Due to the small hash size and key size, this MAC is rather weak.val triple_des : ?iv:string -> ?pad:Cryptokit.Padding.scheme -> string -> Cryptokit.hashdes key returns a MAC based on triple DES encryption in CBC mode.
The construction is identical to that used for the aes MAC.
The key size is 16 or 24 bytes. The returned hash value has
length 8 bytes. The key size is sufficient to protect against
brute-force attacks, but the small hash size means that this
MAC is not collision-resistant.val des_final_triple_des : ?iv:string -> ?pad:Cryptokit.Padding.scheme -> string -> Cryptokit.hashdes_final_triple_des key returns a MAC that uses DES CBC
with the first 8 bytes of key as key. The final initialization
vector is then DES-decrypted with bytes 8 to 15 of key,
and DES-encrypted again with either the last 8 bytes of key
(if a triple-length key is provided) or the first 8 bytes of key
(if a double-length key is provided).
Thus, the key is 16 or 24 bytes long, of which
112 or 168 bits are used. The overall construction has the same
key size as a triple DES MAC, but runs faster because triple
encryption is not performed on all data blocks, but only on
the final MAC.