Module Cryptokit.MAC

module MAC: sig .. end
The MAC module implements message authentication codes, also known as keyed hash functions. These are hash functions parameterized by a secret key. In addition to being one-way and collision-resistant, a MAC has the property that without knowing the secret key, it is computationally infeasible to find the hash for a known text, even if many pairs of (text, MAC) are known to the attacker. Thus, MAC can be used to authenticate the sender of a text: the receiver of a (text, MAC) pair can recompute the MAC from the text, and if it matches the transmitted MAC, be reasonably certain that the text was authentified by someone who possesses the secret key.

The module MAC provides four MAC functions based on the hashes SHA-1, SHA256, RIPEMD160 and MD5, and four MAC functions based on the block ciphers AES, DES, and Triple-DES.


val hmac_sha1 : string -> Cryptokit.hash
hmac_sha1 key returns a MAC based on the HMAC construction (RFC2104) applied to SHA-1. The returned hash values are 160 bits (20 bytes) long. The key argument is the MAC key; it can have any length, but a minimal length of 20 bytes is recommended.
val hmac_sha256 : string -> Cryptokit.hash
hmac_sha256 key returns a MAC based on the HMAC construction (RFC2104) applied to SHA-256. The returned hash values are 256 bits (32 bytes) long. The key argument is the MAC key; it can have any length, but a minimal length of 32 bytes is recommended.
val hmac_ripemd160 : string -> Cryptokit.hash
hmac_ripemd160 key returns a MAC based on the HMAC construction (RFC2104) applied to RIPEMD-160. The returned hash values are 160 bits (20 bytes) long. The key argument is the MAC key; it can have any length, but a minimal length of 20 bytes is recommended.
val hmac_md5 : string -> Cryptokit.hash
hmac_md5 key returns a MAC based on the HMAC construction (RFC2104) applied to MD5. The returned hash values are 128 bits (16 bytes) long. The key argument is the MAC key; it can have any length, but a minimal length of 16 bytes is recommended.
val aes : ?iv:string -> ?pad:Cryptokit.Padding.scheme -> string -> Cryptokit.hash
aes key returns a MAC based on AES encryption in CBC mode. The ciphertext is discarded, and the final value of the initialization vector is the MAC value. Thus, the returned hash values are 128 bit (16 bytes) long. The key argument is the MAC key; it must have length 16, 24, or 32. The optional iv argument is the first value of the initialization vector, and defaults to 0. The optional pad argument specifies a padding scheme to pad input to an integral number of 16-byte blocks.
val des : ?iv:string -> ?pad:Cryptokit.Padding.scheme -> string -> Cryptokit.hash
des key returns a MAC based on DES encryption in CBC mode. The construction is identical to that used for the aes MAC. The key size is 64 bits (8 bytes), of which only 56 are used. The returned hash value has length 8 bytes. Due to the small hash size and key size, this MAC is rather weak.
val triple_des : ?iv:string -> ?pad:Cryptokit.Padding.scheme -> string -> Cryptokit.hash
des key returns a MAC based on triple DES encryption in CBC mode. The construction is identical to that used for the aes MAC. The key size is 16 or 24 bytes. The returned hash value has length 8 bytes. The key size is sufficient to protect against brute-force attacks, but the small hash size means that this MAC is not collision-resistant.
val des_final_triple_des : ?iv:string -> ?pad:Cryptokit.Padding.scheme -> string -> Cryptokit.hash
des_final_triple_des key returns a MAC that uses DES CBC with the first 8 bytes of key as key. The final initialization vector is then DES-decrypted with bytes 8 to 15 of key, and DES-encrypted again with either the last 8 bytes of key (if a triple-length key is provided) or the first 8 bytes of key (if a double-length key is provided). Thus, the key is 16 or 24 bytes long, of which 112 or 168 bits are used. The overall construction has the same key size as a triple DES MAC, but runs faster because triple encryption is not performed on all data blocks, but only on the final MAC.