File Coverage

blib/lib/Crypt/RSA.pm

Criterion	Covered	Total	%
statement	24	80	30.0
branch	0	26	0.0
condition	0	36	0.0
subroutine	8	15	53.3
pod	6	7	85.7
total	38	164	23.1

line	stmt	bran	cond	sub	pod	time	code
1							package Crypt::RSA;
2	1			1		19122	use strict;
	1					2
	1					23
3	1			1		5	use warnings;
	1					2
	1					30
4
5							##
6							## Crypt::RSA - Pure-perl implementation of RSA encryption/signing
7							## algorithms.
8							##
9							## Copyright (c) 2000-2001, Vipul Ved Prakash. All rights reserved.
10							## This code is free software; you can redistribute it and/or modify
11							## it under the same terms as Perl itself.
12
13	1			1		5	use base 'Class::Loader';
	1					1
	1					762
14	1			1		11100	use base 'Crypt::RSA::Errorhandler';
	1					3
	1					525
15	1			1		510	use Crypt::RSA::Key;
	1					3
	1					34
16	1			1		5	use Crypt::RSA::DataFormat qw(steak octet_len);
	1					1
	1					50
17	1			1		743	use Convert::ASCII::Armour;
	1					130465
	1					33
18	1			1		9	use Carp;
	1					3
	1					1121
19
20							$Crypt::RSA::VERSION = '1.99'; # change this elsewhere too!
21
22							my %DEFAULTS = (
23							'ES' => { Name => 'OAEP_ES' },
24							'SS' => { Name => 'PSS_SS' },
25							'PP' => { Name => 'ASCII_PP' },
26							);
27
28
29							my %KNOWNMAP = (
30
31							# ENCRYPTION SCHEMES
32
33							OAEP_ES => { Module => "Crypt::RSA::ES::OAEP" },
34							PKCS1v21_ES => { Module => "Crypt::RSA::ES::OAEP" },
35							PKCS1v15_ES => { Module => "Crypt::RSA::ES::PKCS1v15" },
36
37							# SIGNATURE SCHEMES
38
39							PSS_SS => { Module => "Crypt::RSA::SS::PSS" },
40							PKCS1v21_SS => { Module => "Crypt::RSA::SS::PSS" },
41							PKCS1v15_SS => { Module => "Crypt::RSA::SS::PKCS1v15" },
42
43							# POST PROCESSORS
44
45							ASCII_PP => { Module => "Convert::ASCII::Armour" },
46
47							);
48
49
50							sub new {
51
52	0			0	1		my ($class, %params) = @_;
53	0						my %self = (%DEFAULTS, %params);
54	0						my $self = bless \%self, $class;
55
56	0						$self->_storemap (%KNOWNMAP);
57
58	0						for (qw(ES SS PP)) {
59	0	0					$$self{$_} = { Name => $$self{$_} . "_$_" } unless ref $$self{$_};
60	0						$$self{lc($_)} = $self->_load ( %{$$self{$_}} );
	0
61							}
62
63	0						$$self{keychain} = new Crypt::RSA::Key;
64
65	0						return bless \%self, $class;
66
67							}
68
69
70							sub keygen {
71
72	0			0	1		my ($self, %params) = @_;
73	0	0					$params{KF} = $$self{KF} if $$self{KF};
74
75	0						my @keys;
76							return (@keys = $self->{keychain}->generate (%params))
77							? @keys
78	0	0					: $self->error ($self->{keychain}->errstr);
79
80							}
81
82
83							sub encrypt {
84
85	0			0	1		my ($self, %params) = @_;
86	0		0				my $plaintext = $params{Message} \|\| $params{Plaintext};
87	0						my $key = $params{Key};
88
89	0	0					return $self->error ($key->errstr, \%params, $key, \$plaintext)
90							unless $key->check();
91
92	0						my $blocksize = blocksize ( $$self{es}->encryptblock (Key => $key),
93							length($plaintext)
94							);
95
96	0	0					return $self->error("Message too long.", \$key, \%params) if $blocksize <= 0;
97
98	0						my $cyphertext;
99	0						my @segments = steak ($plaintext, $blocksize);
100	0						for (@segments) {
101							$cyphertext .= $self->{es}->encrypt (Message => $_, Key => $key)
102	0		0				\|\| return $self->error ($self->{es}->errstr, \$key, \%params);
103							}
104
105	0	0	0				if ($params{Armour} \|\| $params{Armor}) {
106							$cyphertext = $self->{pp}->armour (
107							Object => 'RSA ENCRYPTED MESSAGE',
108							Headers => {
109							Scheme => $$self{ES}{Module} \|\| ${$KNOWNMAP{$$self{ES}{Name}}}{Module},
110							Version => $self->{es}->version()
111	0		0				},
112							Content => { Cyphertext => $cyphertext },
113							Compress => 1,
114							);
115							}
116
117	0						return $cyphertext;
118
119							}
120
121
122							sub decrypt {
123
124	0			0	1		my ($self , %params) = @_;
125	0		0				my $cyphertext = $params{Cyphertext} \|\| $params{Ciphertext};
126	0						my $key = $params{Key};
127
128	0	0					return $self->error ($key->errstr, \%params, $key) unless $key->check();
129
130	0	0	0				if ($params{Armour} \|\| $params{Armor}) {
131							my $decoded = $self->{pp}->unarmour ($cyphertext) \|\|
132	0		0				return $self->error ($self->{pp}->errstr());
133							$cyphertext = $$decoded{Content}{Cyphertext}
134	0						}
135
136	0						my $plaintext;
137	0						my $blocksize = blocksize ( $$self{es}->decryptblock (Key => $key),
138							length($cyphertext)
139							);
140
141	0	0					return $self->error("Message too long.") if $blocksize <= 0;
142
143	0						my @segments = steak ($cyphertext, $blocksize);
144	0						for (@segments) {
145							$plaintext .= $self->{es}->decrypt (Cyphertext=> $_, Key => $key)
146	0		0				\|\| return $self->error ($self->{es}->errstr, \$key, \%params);
147							}
148
149	0						return $plaintext;
150
151							}
152
153
154							sub sign {
155
156	0			0	1		my ($self, %params) = @_;
157							my $signature = $self->{ss}->sign (%params)
158							\|\| return $self->error ($self->{ss}->errstr,
159	0		0				$params{Key}, \%params);
160
161	0	0	0				if ($params{Armour} \|\| $params{Armor}) {
162							$signature = $self->{pp}->armour (
163							Object => "RSA SIGNATURE",
164							Headers => {
165							Scheme => $$self{SS}{Module} \|\| ${$KNOWNMAP{$$self{SS}{Name}}}{Module},
166	0		0				Version => $self->{ss}->version() },
167							Content => { Signature => $signature },
168							);
169							}
170
171	0						return $signature;
172
173							}
174
175
176							sub verify {
177
178	0			0	1		my ($self, %params) = @_;
179
180	0	0	0				if ($params{Armour} \|\| $params{Armor}) {
181							my $decoded = $self->{pp}->unarmour ($params{Signature}) \|\|
182	0		0				return $self->error ($self->{pp}->errstr());
183							$params{Signature} = $$decoded{Content}{Signature}
184	0						}
185
186							my $verify = $self->{ss}->verify (%params) \|\|
187	0		0				return $self->error ($self->{ss}->errstr, $params{Key}, \%params);
188
189	0						return $verify;
190
191							}
192
193
194							sub blocksize {
195
196	0			0	0		my ($blocksize, $ptsize) = @_;
197	0	0					return $ptsize if $blocksize == -1;
198	0	0					return 0 if $blocksize < 1;
199	0						return $blocksize;
200
201							}
202
203							1;
204
205							=pod
206
207							=encoding utf8
208
209							=head1 NAME
210
211							Crypt::RSA - RSA public-key cryptosystem.
212
213							=head1 SYNOPSIS
214
215							my $rsa = new Crypt::RSA;
216
217							my ($public, $private) =
218							$rsa->keygen (
219							Identity => 'Lord Macbeth ',
220							Size => 1024,
221							Password => 'A day so foul & fair',
222							Verbosity => 1,
223							) or die $rsa->errstr();
224
225
226							my $cyphertext =
227							$rsa->encrypt (
228							Message => $message,
229							Key => $public,
230							Armour => 1,
231							) \|\| die $rsa->errstr();
232
233
234							my $plaintext =
235							$rsa->decrypt (
236							Cyphertext => $cyphertext,
237							Key => $private,
238							Armour => 1,
239							) \|\| die $rsa->errstr();
240
241
242							my $signature =
243							$rsa->sign (
244							Message => $message,
245							Key => $private
246							) \|\| die $rsa->errstr();
247
248
249							my $verify =
250							$rsa->verify (
251							Message => $message,
252							Signature => $signature,
253							Key => $public
254							) \|\| die $rsa->errstr();
255
256							=head1 NOTE
257
258							This manual assumes familiarity with public-key cryptography and the RSA
259							algorithm. If you don't know what these are or how they work, please refer
260							to the sci.crypt FAQ[15]. A formal treatment of RSA can be found in [1].
261
262							=head1 DESCRIPTION
263
264							Crypt::RSA is a pure-perl, cleanroom implementation of the RSA public-key
265							cryptosystem.
266
267							Crypt::RSA provides arbitrary size key-pair generation, plaintext-aware
268							encryption (OAEP) and digital signatures with appendix (PSS). For
269							compatibility with SSLv3, RSAREF2, PGP and other applications that follow
270							the PKCS #1 v1.5 standard, it also provides PKCS #1 v1.5 encryption and
271							signatures.
272
273							Crypt::RSA is structured as bundle of modules that encapsulate different
274							parts of the RSA cryptosystem. The RSA algorithm is implemented in
275							Crypt::RSA::Primitives(3). Encryption schemes, located under
276							Crypt::RSA::ES, and signature schemes, located under Crypt::RSA::SS, use
277							the RSA algorithm to build encryption/signature schemes that employ secure
278							padding. (See the note on Security of Padding Schemes.)
279
280							The key generation engine and other functions that work on both components
281							of the key-pair are encapsulated in Crypt::RSA::Key(3).
282							Crypt::RSA::Key::Public(3) & Crypt::RSA::Key::Private(3) provide
283							mechanisms for storage & retrival of keys from disk, decoding & encoding
284							of keys in certain formats, and secure representation of keys in memory.
285							Finally, the Crypt::RSA module provides a convenient, DWIM wrapper around
286							the rest of the modules in the bundle.
287
288							=head1 SECURITY OF PADDING SCHEMES
289
290							It has been conclusively shown that textbook RSA is insecure[3,7]. Secure
291							RSA requires that plaintext is padded in a specific manner before
292							encryption and signing. There are four main standards for padding: PKCS
293							#1 v1.5 encryption & signatures, and OAEP encryption & PSS signatures.
294							Crypt::RSA implements these as four modules that
295							provide overloaded encrypt(), decrypt(), sign() and verify() methods that
296							add padding functionality to the basic RSA operations.
297
298							Crypt::RSA::ES::PKCS1v15(3) implements PKCS #1 v1.5 encryption,
299							Crypt::RSA::SS::PKCS1v15(3) implements PKCS #1 v1.5 signatures,
300							Crypt::RSA::ES::OAEP(3) implements Optimal Asymmetric Encryption and
301							Crypt::RSA::SS::PSS(3) Probabilistic Signatures.
302
303							PKCS #1 v1.5 schemes are older and hence more widely deployed, but PKCS #1
304							v1.5 encryption has certain flaws that make it vulnerable to
305							chosen-cyphertext attacks[9]. Even though Crypt::RSA works around these
306							vulnerabilities, it is recommended that new applications use OAEP and PSS,
307							both of which are provably secure[13]. In any event,
308							Crypt::RSA::Primitives (without padding) should never be used directly.
309
310							That said, there exists a scheme called Simple RSA[16] that provides
311							security without padding. However, Crypt::RSA doesn't implement this
312							scheme yet.
313
314							=head1 METHODS
315
316							=over 4
317
318							=item B
319
320							The constructor. When no arguments are provided, new() returns an object
321							loaded with default values. This object can be customized by specifying
322							encryption & signature schemes, key formats and post processors. For
323							details see the section on B
324							object> later in this manpage.
325
326							=item B
327
328							keygen() generates and returns an RSA key-pair of specified bitsize.
329							keygen() is a synonym for Crypt::RSA::Key::generate(). Parameters and
330							return values are described in the Crypt::RSA::Key(3) manpage.
331
332							=item B
333
334							encrypt() performs RSA encryption on a string of arbitrary length with a
335							public key using the encryption scheme bound to the object. The default
336							scheme is OAEP. encrypt() returns cyphertext (a string) on success and
337							undef on failure. It takes a hash as argument with following keys:
338
339							=over 4
340
341							=item B
342
343							An arbitrary length string to be encrypted.
344
345							=item B
346
347							Public key of the recipient, a Crypt::RSA::Key::Public(3) or
348							compatible object.
349
350							=item B
351
352							A boolean parameter that forces cyphertext through a post processor after
353							encrpytion. The default post processor is Convert::ASCII::Armour(3) that
354							encodes binary octets in 6-bit clean ASCII messages. The cyphertext is
355							returned as-is, when the Armour key is not present.
356
357							=back
358
359							=item B
360
361							decrypt() performs RSA decryption with a private key using the encryption
362							scheme bound to the object. The default scheme is OAEP. decrypt() returns
363							plaintext on success and undef on failure. It takes a hash as argument
364							with following keys:
365
366							=over 4
367
368							=item B
369
370							Cyphertext of arbitrary length.
371
372							=item B
373
374							Private key, a Crypt::RSA::Key::Private(3) or compatible object.
375
376							=item B
377
378							Boolean parameter that specifies whether the Cyphertext is encoded with a
379							post processor.
380
381							=back
382
383							=item B
384
385							sign() creates an RSA signature on a string with a private key using the
386							signature scheme bound to the object. The default scheme is
387							PSS. sign() returns a signature on success and undef on failure. It takes
388							a hash as argument with following keys:
389
390							=over 4
391
392							=item B
393
394							A string of arbitrary length to be signed.
395
396							=item B
397
398							Private key of the sender, a Crypt::RSA::Key::Private(3) or
399							compatible object.
400
401							=item B
402
403							A boolean parameter that forces the computed signature to be post
404							processed.
405
406							=back
407
408							=item B
409
410							verify() verifies an RSA signature with a public key using the signature
411							scheme bound to the object. The default scheme is PSS. verify() returns a
412							true value on success and undef on failure. It takes a hash as argument
413							with following keys:
414
415							=over 4
416
417							=item B
418
419							A signed message, a string of arbitrary length.
420
421							=item B
422
423							Public key of the signer, a Crypt::RSA::Key::Public(3) or
424							compatible object.
425
426							=item B
427
428							A signature computed with sign().
429
430							=item B
431
432							Boolean parameter that specifies whether the Signature has been
433							post processed.
434
435							=back
436
437							=back
438
439							=head1 MODULES
440
441							Apart from Crypt::RSA, the following modules are intended for application
442							developer and end-user consumption:
443
444							=over 4
445
446							=item B
447
448							RSA key pair generator.
449
450							=item B
451
452							RSA Public Key Management.
453
454							=item B
455
456							RSA Private Key Management.
457
458							=item B
459
460							Plaintext-aware encryption with RSA.
461
462							=item B
463
464							Probabilistic Signature Scheme based on RSA.
465
466							=item B
467
468							PKCS #1 v1.5 encryption scheme.
469
470							=item B
471
472							PKCS #1 v1.5 signature scheme.
473
474							=back
475
476							=head1 CUSTOMISING A CRYPT::RSA OBJECT
477
478							A Crypt::RSA object can be customized by passing any of the following keys
479							in a hash to new(): ES to specify the encryption scheme, SS to specify the
480							signature scheme, PP to specify the post processor, and KF to specify the
481							key format. The value associated with these keys can either be a name (a
482							string) or a hash reference that specifies a module name, its constructor,
483							and constructor arguments. For example:
484
485							my $rsa = new Crypt::RSA ( ES => 'OAEP' );
486
487							or
488
489							my $rsa = new Crypt::RSA ( ES => { Module => 'Crypt::RSA::ES::OAEP' } );
490
491							A module thus specified need not be included in the Crypt::RSA bundle, but
492							it must be interface compatible with the ones provided with Crypt::RSA.
493
494							As of this writing, the following names are recognised:
495
496							=over 4
497
498							=item B (Encryption Scheme)
499
500							'OAEP', 'PKCS1v15'
501
502							=item B (Signature Scheme)
503
504							'PSS', 'PKCS1v15'
505
506							=item B (Key Format)
507
508							'Native', 'SSH'
509
510							=item B (Post Processor)
511
512							'ASCII'
513
514							=back
515
516							=head1 ERROR HANDLING
517
518							All modules in the Crypt::RSA bundle use a common error handling method
519							(implemented in Crypt::RSA::Errorhandler(3)). When a method fails it
520							returns undef and calls $self->error() with the error message. This error
521							message is available to the caller through the errstr() method. For more
522							details see the Crypt::RSA::Errorhandler(3) manpage.
523
524							=head1 AUTHOR
525
526							Vipul Ved Prakash, Email@vipul.netE
527
528							=head1 ACKNOWLEDGEMENTS
529
530							Thanks to Ilya Zakharevich for help with Math::Pari, Benjamin Trott for
531							several patches including SSH key support, Genèche Ramanoudjame for
532							extensive testing and numerous bug reports, Shizukesa on #perl for
533							suggesting the error handling method used in this module, and Dave Paris
534							for good advice.
535
536							=head1 LICENSE
537
538							Copyright (c) 2000-2008, Vipul Ved Prakash. This code is free software;
539							it is distributed under the same license as Perl itself.
540
541							I have received requests for commercial licenses of
542							Crypt::RSA, from those who desire contractual support and
543							indemnification. I'd be happy to provide a commercial license
544							if you need one. Please send me mail at C with
545							the subject "Crypt::RSA license". Please don't send me mail
546							asking if you need a commercial license. You don't, if
547							Artistic of GPL suit you fine.
548
549							=head1 SEE ALSO
550
551							Crypt::RSA::Primitives(3), Crypt::RSA::DataFormat(3),
552							Crypt::RSA::Errorhandler(3), Crypt::RSA::Debug(3),
553							Crypt::CBC(3), Crypt::Blowfish(3),
554							Tie::EncryptedHash(3), Convert::ASCII::Armour(3),
555							Class::Loader(3),
556							Math::Prime::Util, Bytes::Random::Secure.
557
558							=head1 REPORTING BUGS
559
560							All bug reports related to Crypt::RSA should go to rt.cpan.org
561							at C
562
563							Crypt::RSA is considered to be stable. If you are running into a
564							problem, it's likely of your own making. Please check your code
565							and consult the documentation before posting a bug report. A
566							google search with the error message might also shed light if it
567							is a common mistake that you've made.
568
569							=head1 BIBLIOGRAPHY
570
571							Chronologically sorted (for the most part).
572
573							=over 4
574
575							=item 1 B A Method for Obtaining Digital Signatures and Public-Key Cryptosystems (1978).
576
577							=item 2 B Fast Generation of Prime Numbers and Secure Public-Key Cryptographic Parameters (1994).
578
579							=item 3 B Optimal Asymmetric Encryption - How to Encrypt with RSA (1995).
580
581							=item 4 B The Exact Security of Digital Signatures - How to sign with RSA and Rabin (1996).
582
583							=item 5 B Applied Cryptography, Second Edition (1996).
584
585							=item 6 B Handbook of Applied Cryptography (1997).
586
587							=item 7 B Twenty Years of Attacks on the RSA Cryptosystem (1998).
588
589							=item 8 B A New and Optimal Chosen-message Attack on RSA-type Cryptosystems (1998).
590
591							=item 9 B Recent Results on PKCS #1: RSA Encryption Standard, RSA Labs Bulletin Number 7 (1998).
592
593							=item 10 B PKCS #1: RSA Cryptography Specifications v2.0, RFC 2437 (1998).
594
595							=item 11 B SSH 1.2.7 source code (1998).
596
597							=item 12 B PGP DH vs. RSA FAQ v1.5 (1999).
598
599							=item 13 B Draft I, PKCS #1 v2.1: RSA Cryptography Standard (1999).
600
601							=item 14 B OpenSSL 0.9.5a source code (2000).
602
603							=item 15 B The sci.crypt FAQ at
604							http://www.faqs.org/faqs/cryptography-faq/part01/index.html
605
606							=item 16 B A Proposal for an ISO Standard for Public Key Encryption (2001).
607
608							=cut