File Coverage

blib/lib/Crypt/RSA/ES/OAEP.pm

Criterion	Covered	Total	%
statement	129	133	96.9
branch	17	30	56.6
condition	5	12	41.6
subroutine	20	20	100.0
pod	4	10	40.0
total	175	205	85.3

line	stmt	bran	cond	sub	pod	time	code
1							package Crypt::RSA::ES::OAEP;
2	3			3		27758	use strict;
	3					7
	3					72
3	3			3		14	use warnings;
	3					6
	3					80
4
5							## Crypt::RSA::ES::OAEP
6							##
7							## Copyright (c) 2001, Vipul Ved Prakash. All rights reserved.
8							## This code is free software; you can redistribute it and/or modify
9							## it under the same terms as Perl itself.
10
11	3			3		13	use base 'Crypt::RSA::Errorhandler';
	3					6
	3					744
12	3			3		1727	use Math::Prime::Util qw/random_bytes/;
	3					19278
	3					19
13	3			3		947	use Crypt::RSA::DataFormat qw(bitsize os2ip i2osp octet_xor mgf1 octet_len);
	3					11
	3					190
14	3			3		961	use Crypt::RSA::Primitives;
	3					7
	3					77
15	3			3		17	use Crypt::RSA::Debug qw(debug);
	3					5
	3					107
16	3			3		16	use Digest::SHA qw(sha1);
	3					19
	3					102
17	3			3		1127	use Sort::Versions qw(versioncmp);
	3					1538
	3					139
18	3			3		18	use Carp;
	3					7
	3					3309
19
20							$Crypt::RSA::ES::OAEP::VERSION = '1.99';
21
22							sub new {
23	4			4	1	1356	my ($class, %params) = @_;
24	4					23	my $self = bless { primitives => new Crypt::RSA::Primitives,
25							P => "",
26							hlen => 20,
27							VERSION => $Crypt::RSA::ES::OAEP::VERSION,
28							}, $class;
29	4	100				33	if ($params{Version}) {
30	2	100				9	if (versioncmp($params{Version}, '1.15') == -1) {
		50
31	1					46	$$self{P} = "Crypt::RSA";
32	1					3	$$self{VERSION} = $params{Version};
33							} elsif (versioncmp($params{Version}, $$self{VERSION}) == 1) {
34	1					251	croak "Required version ($params{Version}) greater than installed version ($$self{VERSION}) of $class.\n";
35							}
36							}
37	3					16	return $self;
38							}
39
40
41							sub encrypt {
42	256			256	1	1181	my ($self, %params) = @_;
43	256		33			715	my $key = $params{Key}; my $M = $params{Message} \|\| $params{Plaintext};
	256					947
44	256	50				874	return $self->error ("Missing Message or Plaintext parameter", \$key, \%params) unless $M;
45	256	50				1532	return $self->error ($key->errstr, \$M, $key, \%params) unless $key->check;
46	256					1140	my $k = octet_len ($key->n); debug ("octet_len of modulus: $k");
	256					1423
47	256		50			1445	my $em = $self->encode ($M, $self->{P}, $k-1) \|\|
48							return $self->error ($self->errstr, \$M, $key, \%params);
49	256					906	my $m = os2ip ($em);
50	256					454562	my $c = $self->{primitives}->core_encrypt ( Plaintext => $m, Key => $key );
51	256					1459	my $ec = i2osp ($c, $k); debug ("ec: $ec");
	256					1361
52	256					2855	return $ec;
53							}
54
55
56							sub decrypt {
57	256			256	1	1198	my ($self, %params) = @_;
58	256		33			696	my $key = $params{Key}; my $C = $params{Cyphertext} \|\| $params{Ciphertext};
	256					885
59	256	50				699	return $self->error ("Missing Cyphertext or Ciphertext parameter", \$key, \%params) unless $C;
60	256	50				1933	return $self->error ($key->errstr, $key, \%params) unless $key->check;
61	256					2495	my $k = octet_len ($key->n);
62	256					1151	my $c = os2ip ($C);
63	256	50				461400	if (bitsize($c) > bitsize($key->n)) {
64	0					0	return $self->error ("Decryption error.", $key, \%params)
65							}
66	256		50			1984	my $m = $self->{primitives}->core_decrypt (Cyphertext => $c, Key => $key) \|\|
67							return $self->error ("Decryption error.", $key, \%params);
68	256		50			8192	my $em = i2osp ($m, $k-1) \|\|
69							return $self->error ("Decryption error.", $key, \%params);
70	256					593	my $M; $self->errstrrst; # reset the errstr
	256					2004
71	256	50				1473	unless ($M = $self->decode ($em, $$self{P})) {
72	0	0				0	return $self->error ("Decryption error.", $key, \%params) if $self->errstr();
73	0					0	return $M;
74							}
75	256					2928	return $M;
76							}
77
78
79							sub encode {
80	256			256	0	891	my ($self, $M, $P, $emlen) = @_;
81	256					709	my $hlen = $$self{hlen};
82	256					523	my $mlen = length($M);
83	256	50				957	return $self->error ("Message too long.", \$P, \$M) if $mlen > $emlen-(2*$hlen)-1;
84	256					689	my ($PS, $pslen) = ("", 0);
85	256	100				789	if ($pslen = $emlen-(2*$hlen+1+$mlen)) {
86	2					8	$PS = chr(0)x$pslen;
87							}
88	256					1050	my $phash = $self->hash ($P);
89	256					782	my $db = $phash . $PS . chr(1) . $M;
90	256					1737	my $seed = random_bytes($hlen);
91	256					987	my $dbmask = $self->mgf ($seed, $emlen-$hlen);
92	256					910	my $maskeddb = octet_xor ($db, $dbmask);
93	256					755	my $seedmask = $self->mgf ($maskeddb, $hlen);
94	256					755	my $maskedseed = octet_xor ($seed, $seedmask);
95	256					547	my $em = $maskedseed . $maskeddb;
96
97	256					1011	debug ("emlen == $emlen");
98	256					1288	debug ("M == $M [" . length($M) . "]");
99	256					1109	debug ("PS == $PS [$pslen]");
100	256					1108	debug ("phash == $phash [" . length($phash) . "]");
101	256					1059	debug ("seed == $seed [" . length($seed) . "]");
102	256					1179	debug ("seedmask == $seedmask [" . length($seedmask) . "]");
103	256					1160	debug ("db == $db [" . length($db) . "]");
104	256					913	debug ("dbmask == $dbmask [" . length($dbmask) . "]");
105	256					1050	debug ("maskeddb == $maskeddb [" . length($maskeddb) . "]");
106	256					985	debug ("em == $em [" . length($em) . "]");
107
108	256					894	return $em;
109							}
110
111
112							sub decode {
113	256			256	0	856	my ($self, $em, $P) = @_;
114	256					774	my $hlen = $$self{hlen};
115
116	256					1260	debug ("P == $P");
117	256	50				876	return $self->error ("Decoding error.", \$P) if length($em) < 2*$hlen+1;
118	256					814	my $maskedseed = substr $em, 0, $hlen;
119	256					677	my $maskeddb = substr $em, $hlen;
120	256					1059	my $seedmask = $self->mgf ($maskeddb, $hlen);
121	256					1051	my $seed = octet_xor ($maskedseed, $seedmask);
122	256					1043	my $dbmask = $self->mgf ($seed, length($em) - $hlen);
123	256					871	my $db = octet_xor ($maskeddb, $dbmask);
124	256					942	my $phash = $self->hash ($P);
125
126	256					1368	debug ("em == $em [" . length($em) . "]");
127	256					1124	debug ("phash == $phash [" . length($phash) . "]");
128	256					1120	debug ("seed == $seed [" . length($seed) . "]");
129	256					1187	debug ("seedmask == $seedmask [" . length($seedmask) . "]");
130	256					1040	debug ("maskedseed == $maskedseed [" . length($maskedseed) . "]");
131	256					1035	debug ("db == $db [" . length($db) . "]");
132	256					1063	debug ("maskeddb == $maskeddb [" . length($maskeddb) . "]");
133	256					1259	debug ("dbmask == $dbmask [" . length($dbmask) . "]");
134
135	256					709	my ($phashorig) = substr $db, 0, $hlen;
136	256					1214	debug ("phashorig == $phashorig [" . length($phashorig) . "]");
137	256	50				849	return $self->error ("Decoding error.", \$P) unless $phashorig eq $phash;
138	256					634	$db = substr $db, $hlen;
139	256					642	my ($chr0, $chr1) = (chr(0), chr(1));
140	256					478	my ($ps, $m);
141	256					1041	debug ("db == $db [" . length($db) . "]");
142	256	50				3778	unless ( ($ps, undef, $m) = $db =~ /^($chr0)($chr1)(.)$/s ) {
143	0					0	return $self->error ("Decoding error.", \$P);
144							}
145
146	256					1294	return $m;
147							}
148
149
150							sub hash {
151	512			512	0	1444	my ($self, $data) = @_;
152	512					4002	return sha1 ($data);
153							}
154
155
156							sub mgf {
157	1024			1024	0	2697	my ($self, @data) = @_;
158	1024					3650	return mgf1 (@data);
159							}
160
161
162							sub encryptblock {
163	2			2	0	9	my ($self, %params) = @_;
164	2					15	return octet_len ($params{Key}->n) - 42;
165							}
166
167
168							sub decryptblock {
169	1			1	0	5	my ($self, %params) = @_;
170	1					6	return octet_len ($params{Key}->n);
171							}
172
173
174							# should be able to call this as a class method.
175							sub version {
176	1			1	1	3	my $self = shift;
177	1					51	return $self->{VERSION};
178							}
179
180
181							1;
182
183							=head1 NAME
184
185							Crypt::RSA::ES::OAEP - Plaintext-aware encryption with RSA.
186
187							=head1 SYNOPSIS
188
189							my $oaep = new Crypt::RSA::ES::OAEP;
190
191							my $ct = $oaep->encrypt( Key => $key, Message => $message ) \|\|
192							die $oaep->errstr;
193
194							my $pt = $oaep->decrypt( Key => $key, Cyphertext => $ct ) \|\|
195							die $oaep->errstr;
196
197							=head1 DESCRIPTION
198
199							This module implements Optimal Asymmetric Encryption, a plaintext-aware
200							encryption scheme based on RSA. The notion of plaintext-aware implies it's
201							computationally infeasible to obtain full or partial information about a
202							message from a cyphertext, and computationally infeasible to generate a
203							valid cyphertext without knowing the corresponding message.
204							Plaintext-aware schemes, such as OAEP, are semantically secure,
205							non-malleable and secure against chosen-ciphertext attack. For more
206							information on OAEP and plaintext-aware encryption, see [3], [9] & [13].
207
208							=head1 METHODS
209
210							=head2 B
211
212							Constructor.
213
214							=head2 B
215
216							Returns the version number of the module.
217
218							=head2 B
219
220							Encrypts a string with a public key and returns the encrypted string
221							on success. encrypt() takes a hash argument with the following
222							mandatory keys:
223
224							=over 4
225
226							=item B
227
228							A string to be encrypted. The length of this string should not exceed k-42
229							octets, where k is the octet length of the RSA modulus. If Message is
230							longer than k-42, the method will fail and set $self->errstr to "Message
231							too long." This means the key must be at least _336_ bits long if you are
232							to use OAEP.
233
234							=item B
235
236							Public key of the recipient, a Crypt::RSA::Key::Public object.
237
238							=back
239
240							=head2 B
241
242							Decrypts cyphertext with a private key and returns plaintext on
243							success. $self->errstr is set to "Decryption Error." or appropriate
244							error on failure. decrypt() takes a hash argument with the following
245							mandatory keys:
246
247							=over 4
248
249							=item B
250
251							A string encrypted with encrypt(). The length of the cyphertext must be k
252							octets, where k is the length of the RSA modulus.
253
254							=item B
255
256							Private key of the receiver, a Crypt::RSA::Key::Private object.
257
258							=item B
259
260							Version of the module that was used for creating the Cyphertext. This is
261							an optional argument. When present, decrypt() will ensure before
262							proceeding that the installed version of the module can successfully
263							decrypt the Cyphertext.
264
265							=back
266
267							=head1 ERROR HANDLING
268
269							See ERROR HANDLING in Crypt::RSA(3) manpage.
270
271							=head1 BIBLIOGRAPHY
272
273							See BIBLIOGRAPHY in Crypt::RSA(3) manpage.
274
275							=head1 AUTHOR
276
277							Vipul Ved Prakash, Email@vipul.netE
278
279							=head1 SEE ALSO
280
281							Crypt::RSA(3), Crypt::RSA::Primitives(3), Crypt::RSA::Keys(3),
282							Crypt::RSA::SSA::PSS(3)
283
284							=cut
285
286