line |
stmt |
bran |
cond |
sub |
pod |
time |
code |
1
|
|
|
|
|
|
|
package Crypt::KeyWrap; |
2
|
|
|
|
|
|
|
|
3
|
13
|
|
|
13
|
|
429669
|
use strict; |
|
13
|
|
|
|
|
81
|
|
|
13
|
|
|
|
|
378
|
|
4
|
13
|
|
|
13
|
|
81
|
use warnings; |
|
13
|
|
|
|
|
31
|
|
|
13
|
|
|
|
|
567
|
|
5
|
|
|
|
|
|
|
|
6
|
|
|
|
|
|
|
our $VERSION = '0.035'; |
7
|
|
|
|
|
|
|
|
8
|
13
|
|
|
13
|
|
66
|
use Exporter 'import'; |
|
13
|
|
|
|
|
54
|
|
|
13
|
|
|
|
|
1411
|
|
9
|
|
|
|
|
|
|
our %EXPORT_TAGS = ( all => [qw(aes_key_wrap aes_key_unwrap gcm_key_wrap gcm_key_unwrap pbes2_key_wrap pbes2_key_unwrap ecdh_key_wrap ecdh_key_unwrap ecdhaes_key_wrap ecdhaes_key_unwrap rsa_key_wrap rsa_key_unwrap)] ); |
10
|
|
|
|
|
|
|
our @EXPORT_OK = ( @{ $EXPORT_TAGS{'all'} } ); |
11
|
|
|
|
|
|
|
our @EXPORT = qw(); |
12
|
|
|
|
|
|
|
|
13
|
13
|
|
|
13
|
|
108
|
use Carp; |
|
13
|
|
|
|
|
32
|
|
|
13
|
|
|
|
|
938
|
|
14
|
13
|
|
|
13
|
|
3488
|
use Crypt::Mode::ECB; |
|
13
|
|
|
|
|
112426
|
|
|
13
|
|
|
|
|
548
|
|
15
|
13
|
|
|
13
|
|
6344
|
use Crypt::AuthEnc::GCM qw(gcm_encrypt_authenticate gcm_decrypt_verify); |
|
13
|
|
|
|
|
4472
|
|
|
13
|
|
|
|
|
793
|
|
16
|
13
|
|
|
13
|
|
3248
|
use Crypt::PRNG qw(random_bytes); |
|
13
|
|
|
|
|
6594
|
|
|
13
|
|
|
|
|
663
|
|
17
|
13
|
|
|
13
|
|
5651
|
use Crypt::KeyDerivation qw(pbkdf2); |
|
13
|
|
|
|
|
4057
|
|
|
13
|
|
|
|
|
736
|
|
18
|
13
|
|
|
13
|
|
3244
|
use Crypt::Digest qw(digest_data); |
|
13
|
|
|
|
|
5236
|
|
|
13
|
|
|
|
|
624
|
|
19
|
13
|
|
|
13
|
|
79
|
use Config; |
|
13
|
|
|
|
|
27
|
|
|
13
|
|
|
|
|
42094
|
|
20
|
|
|
|
|
|
|
|
21
|
|
|
|
|
|
|
# JWS: https://tools.ietf.org/html/rfc7515 |
22
|
|
|
|
|
|
|
# JWE: https://tools.ietf.org/html/rfc7516 |
23
|
|
|
|
|
|
|
# JWK: https://tools.ietf.org/html/rfc7517 |
24
|
|
|
|
|
|
|
# JWA: https://tools.ietf.org/html/rfc7518 - !!! this is important !!! |
25
|
|
|
|
|
|
|
|
26
|
|
|
|
|
|
|
sub _LSB { |
27
|
12541
|
|
|
12541
|
|
19055
|
my ($bytes, $data) = @_; |
28
|
12541
|
|
|
|
|
15599
|
my $len = length $data; |
29
|
12541
|
50
|
|
|
|
38339
|
return $len > $bytes ? substr($data, $len-$bytes, $bytes) : $data; |
30
|
|
|
|
|
|
|
} |
31
|
|
|
|
|
|
|
|
32
|
|
|
|
|
|
|
sub _MSB { |
33
|
12541
|
|
|
12541
|
|
21191
|
my ($bytes, $data) = @_; |
34
|
12541
|
|
|
|
|
15971
|
my $len = length $data; |
35
|
12541
|
50
|
|
|
|
31105
|
return $len > $bytes ? substr($data, 0, $bytes) : $data; |
36
|
|
|
|
|
|
|
} |
37
|
|
|
|
|
|
|
|
38
|
|
|
|
|
|
|
sub _N2RAW { |
39
|
12528
|
|
|
12528
|
|
18618
|
my ($bytes, $n) = @_; |
40
|
12528
|
100
|
|
|
|
21084
|
if ($bytes == 8) { |
41
|
10656
|
50
|
|
|
|
47279
|
return pack("N", 0) . pack("N", $n) if $Config{uvsize} == 4; #workaround |
42
|
10656
|
|
|
|
|
48508
|
return pack("N", $n >> 32) . pack("N", $n & 0xFFFFFFFF); |
43
|
|
|
|
|
|
|
} |
44
|
1872
|
50
|
|
|
|
6417
|
return pack("N", $n & 0xFFFFFFFF) if $bytes == 4; |
45
|
|
|
|
|
|
|
} |
46
|
|
|
|
|
|
|
|
47
|
|
|
|
|
|
|
sub aes_key_wrap { |
48
|
138
|
|
|
138
|
1
|
41951
|
my ($kek, $pt_data, $cipher, $padding, $inverse) = @_; |
49
|
138
|
100
|
|
|
|
421
|
$cipher = 'AES' unless defined $cipher; |
50
|
138
|
50
|
|
|
|
404
|
$padding = $cipher eq 'AES' ? 1 : 0 unless defined $padding; |
|
|
100
|
|
|
|
|
|
51
|
|
|
|
|
|
|
|
52
|
138
|
|
|
|
|
229
|
my ($A, $B, $P, $R); |
53
|
|
|
|
|
|
|
|
54
|
138
|
50
|
|
|
|
273
|
croak "aes_key_wrap: no KEK" unless defined $kek; |
55
|
138
|
50
|
|
|
|
292
|
croak "aes_key_wrap: no PT data" unless defined $pt_data; |
56
|
138
|
|
|
|
|
203
|
my $klen = length $kek; |
57
|
138
|
50
|
100
|
|
|
674
|
croak "aes_key_wrap: invalid KEK length" unless $klen == 16 || $klen == 24 || $klen == 32; |
|
|
|
66
|
|
|
|
|
58
|
138
|
50
|
66
|
|
|
375
|
croak "aes_key_wrap: cipher must be AES or DES_EDE" unless $cipher eq 'AES' || $cipher eq 'DES_EDE'; |
59
|
138
|
50
|
66
|
|
|
479
|
croak "aes_key_wrap: padding not allowed with DES_EDE" if $padding && $cipher eq 'DES_EDE'; |
60
|
|
|
|
|
|
|
|
61
|
138
|
|
|
|
|
1024
|
my $ECB = Crypt::Mode::ECB->new($cipher, 0); |
62
|
138
|
100
|
|
|
|
348
|
my $blck = $cipher eq 'DES_EDE' ? 4 : 8; # semiblock size in bytes, for AES 8, for 3DES 4 |
63
|
|
|
|
|
|
|
|
64
|
138
|
|
|
|
|
536
|
my $IV = pack("H*", "A6" x $blck); |
65
|
138
|
|
|
|
|
233
|
my $len = length $pt_data; |
66
|
138
|
100
|
|
|
|
363
|
if ($len % $blck > 0) { |
67
|
33
|
50
|
|
|
|
65
|
croak "aes_key_wrap: pt_data length not multiply of $blck" if !$padding; |
68
|
33
|
|
|
|
|
75
|
$pt_data .= chr(0) x ($blck - ($len % $blck)); |
69
|
33
|
|
|
|
|
74
|
$IV = pack("H*", "A65959A6") . pack("N", $len); |
70
|
|
|
|
|
|
|
} |
71
|
|
|
|
|
|
|
|
72
|
138
|
|
|
|
|
308
|
my $n = length($pt_data) / $blck; |
73
|
138
|
|
|
|
|
1258
|
$P->[$_] = substr($pt_data, $_*$blck, $blck) for (0..$n-1); |
74
|
|
|
|
|
|
|
|
75
|
138
|
100
|
|
|
|
369
|
if ($n == 1) { |
76
|
13
|
100
|
|
|
|
74
|
return $inverse ? $ECB->decrypt($IV . $P->[0], $kek) |
77
|
|
|
|
|
|
|
: $ECB->encrypt($IV . $P->[0], $kek); |
78
|
|
|
|
|
|
|
} |
79
|
|
|
|
|
|
|
|
80
|
125
|
|
|
|
|
202
|
$A = $IV; |
81
|
125
|
|
|
|
|
687
|
$R->[$_] = $P->[$_] for (0..$n-1); |
82
|
|
|
|
|
|
|
|
83
|
125
|
|
|
|
|
264
|
for my $j (0..5) { |
84
|
750
|
|
|
|
|
1408
|
for my $i (0..$n-1) { |
85
|
6012
|
100
|
|
|
|
17308
|
$B = $inverse ? $ECB->decrypt($A . $R->[$i], $kek) |
86
|
|
|
|
|
|
|
: $ECB->encrypt($A . $R->[$i], $kek); |
87
|
6012
|
|
|
|
|
93308
|
$A = _MSB($blck, $B) ^ _N2RAW($blck, ($n*$j)+$i+1); |
88
|
6012
|
|
|
|
|
11398
|
$R->[$i] = _LSB($blck, $B); |
89
|
|
|
|
|
|
|
} |
90
|
|
|
|
|
|
|
} |
91
|
|
|
|
|
|
|
|
92
|
125
|
|
|
|
|
233
|
my $rv = $A; |
93
|
125
|
|
|
|
|
630
|
$rv .= $R->[$_] for (0..$n-1); |
94
|
125
|
|
|
|
|
884
|
return $rv; |
95
|
|
|
|
|
|
|
} |
96
|
|
|
|
|
|
|
|
97
|
|
|
|
|
|
|
sub aes_key_unwrap { |
98
|
163
|
|
|
163
|
1
|
41685
|
my ($kek, $ct_data, $cipher, $padding, $inverse) = @_; |
99
|
163
|
100
|
|
|
|
450
|
$cipher = 'AES' unless defined $cipher; |
100
|
163
|
50
|
|
|
|
492
|
$padding = $cipher eq 'AES' ? 1 : 0 unless defined $padding; |
|
|
100
|
|
|
|
|
|
101
|
|
|
|
|
|
|
|
102
|
163
|
|
|
|
|
315
|
my ($A, $B, $C, $P, $R); |
103
|
|
|
|
|
|
|
|
104
|
163
|
50
|
|
|
|
354
|
croak "aes_key_unwrap: no KEK" unless defined $kek; |
105
|
163
|
50
|
|
|
|
349
|
croak "aes_key_unwrap: no CT data" unless defined $ct_data; |
106
|
163
|
|
|
|
|
246
|
my $klen = length $kek; |
107
|
163
|
50
|
100
|
|
|
705
|
croak "aes_key_unwrap: invalid KEK length" unless $klen == 16 || $klen == 24 || $klen == 32; |
|
|
|
66
|
|
|
|
|
108
|
163
|
50
|
66
|
|
|
431
|
croak "aes_key_unwrap: cipher must be AES or DES_EDE" unless $cipher eq 'AES' || $cipher eq 'DES_EDE'; |
109
|
163
|
50
|
66
|
|
|
660
|
croak "aes_key_unwrap: padding not allowed with DES_EDE" if $padding && $cipher eq 'DES_EDE'; |
110
|
|
|
|
|
|
|
|
111
|
163
|
|
|
|
|
1207
|
my $ECB = Crypt::Mode::ECB->new($cipher, 0); |
112
|
163
|
100
|
|
|
|
397
|
my $blck = $cipher eq 'DES_EDE' ? 4 : 8; # semiblock size in bytes, for AES 8, for 3DES 4 |
113
|
|
|
|
|
|
|
|
114
|
163
|
|
|
|
|
495
|
my $n = length($ct_data) / $blck - 1; |
115
|
163
|
|
|
|
|
1422
|
$C->[$_] = substr($ct_data, $_*$blck, $blck) for (0..$n); # n+1 semiblocks |
116
|
|
|
|
|
|
|
|
117
|
163
|
100
|
|
|
|
421
|
if ($n==1) { |
118
|
13
|
100
|
|
|
|
71
|
$B = $inverse ? $ECB->encrypt($C->[0] . $C->[1], $kek) |
119
|
|
|
|
|
|
|
: $ECB->decrypt($C->[0] . $C->[1], $kek); |
120
|
13
|
|
|
|
|
247
|
$A = _MSB($blck, $B); |
121
|
13
|
|
|
|
|
32
|
$R->[0] = _LSB($blck, $B); |
122
|
|
|
|
|
|
|
} |
123
|
|
|
|
|
|
|
else { |
124
|
150
|
|
|
|
|
295
|
$A = $C->[0]; |
125
|
150
|
|
|
|
|
856
|
$R->[$_] = $C->[$_+1] for (0..$n-1); |
126
|
150
|
|
|
|
|
475
|
for(my $j=5; $j>=0; $j--) { |
127
|
900
|
|
|
|
|
1872
|
for(my $i=$n-1; $i>=0; $i--) { |
128
|
6516
|
100
|
|
|
|
15286
|
$B = $inverse ? $ECB->encrypt(($A ^ _N2RAW($blck, $n*$j+$i+1)) . $R->[$i], $kek) |
129
|
|
|
|
|
|
|
: $ECB->decrypt(($A ^ _N2RAW($blck, $n*$j+$i+1)) . $R->[$i], $kek); |
130
|
6516
|
|
|
|
|
101097
|
$A = _MSB($blck, $B); |
131
|
6516
|
|
|
|
|
10546
|
$R->[$i] = _LSB($blck, $B); |
132
|
|
|
|
|
|
|
} |
133
|
|
|
|
|
|
|
} |
134
|
|
|
|
|
|
|
} |
135
|
|
|
|
|
|
|
|
136
|
163
|
|
|
|
|
335
|
my $rv = ''; |
137
|
163
|
|
|
|
|
773
|
$rv .= $R->[$_] for (0..$n-1); |
138
|
|
|
|
|
|
|
|
139
|
163
|
|
|
|
|
575
|
my $A_hex = unpack("H*", $A); |
140
|
163
|
100
|
33
|
|
|
691
|
if ($A_hex eq 'a6'x$blck) { |
|
|
50
|
|
|
|
|
|
141
|
130
|
|
|
|
|
955
|
return $rv; |
142
|
|
|
|
|
|
|
} |
143
|
|
|
|
|
|
|
elsif ($A_hex =~ /^a65959a6/ && $blck == 8) { |
144
|
33
|
50
|
|
|
|
69
|
warn "key_unwrap: unexpected padding" unless $padding; |
145
|
33
|
|
|
|
|
83
|
my $n = unpack("N", substr($A, 4, 4)); |
146
|
33
|
|
|
|
|
56
|
my $z = length($rv) - $n; |
147
|
33
|
|
|
|
|
78
|
my $tail = unpack("H*", substr($rv, -$z)); |
148
|
33
|
50
|
|
|
|
80
|
croak "aes_key_unwrap: invalid data" unless $tail eq "00"x$z; |
149
|
33
|
|
|
|
|
203
|
return substr($rv, 0, $n); |
150
|
|
|
|
|
|
|
} |
151
|
0
|
|
|
|
|
0
|
croak "aes_key_unwrap: unexpected data [$cipher/$A_hex]"; |
152
|
|
|
|
|
|
|
} |
153
|
|
|
|
|
|
|
|
154
|
|
|
|
|
|
|
# AES GCM KW - https://tools.ietf.org/html/rfc7518#section-4.7 |
155
|
|
|
|
|
|
|
|
156
|
|
|
|
|
|
|
sub gcm_key_wrap { |
157
|
19
|
|
|
19
|
1
|
824
|
my ($kek, $pt_data, $aad, $cipher, $iv) = @_; |
158
|
19
|
100
|
|
|
|
52
|
$cipher = 'AES' unless defined $cipher; |
159
|
19
|
100
|
|
|
|
52
|
$iv = random_bytes(12) unless defined $iv; # 96 bits REQUIRED by RFC7518 |
160
|
19
|
|
|
|
|
4333
|
my ($ct_data, $tag) = gcm_encrypt_authenticate($cipher, $kek, $iv, $aad, $pt_data); |
161
|
19
|
|
|
|
|
88
|
return ($ct_data, $tag, $iv); |
162
|
|
|
|
|
|
|
} |
163
|
|
|
|
|
|
|
|
164
|
|
|
|
|
|
|
sub gcm_key_unwrap { |
165
|
23
|
|
|
23
|
1
|
153
|
my ($kek, $ct_data, $tag, $iv, $aad, $cipher) = @_; |
166
|
23
|
|
100
|
|
|
105
|
$cipher ||= 'AES'; |
167
|
23
|
|
|
|
|
4926
|
my $pt_data = gcm_decrypt_verify($cipher, $kek, $iv, $aad, $ct_data, $tag); |
168
|
23
|
|
|
|
|
101
|
return $pt_data; |
169
|
|
|
|
|
|
|
} |
170
|
|
|
|
|
|
|
|
171
|
|
|
|
|
|
|
# PBES2/PBKDF2 KW - https://tools.ietf.org/html/rfc7518#section-4.8 |
172
|
|
|
|
|
|
|
|
173
|
|
|
|
|
|
|
sub pbes2_key_wrap { |
174
|
25
|
|
|
25
|
1
|
922
|
my ($kek, $pt_data, $alg, $salt, $iter) = @_; |
175
|
25
|
|
|
|
|
46
|
my ($hash_name, $len); |
176
|
25
|
50
|
|
|
|
158
|
if ($alg =~ /^PBES2-HS(256|384|512)\+A(128|192|256)KW$/) { |
177
|
25
|
|
|
|
|
73
|
$hash_name = "SHA$1"; |
178
|
25
|
|
|
|
|
69
|
$len = $2/8; |
179
|
25
|
|
|
|
|
518384
|
my $aes_key = pbkdf2($kek, $alg."\x00".$salt, $iter, $hash_name, $len); |
180
|
25
|
|
|
|
|
232
|
my $ct_data = aes_key_wrap($aes_key, $pt_data); |
181
|
25
|
|
|
|
|
115
|
return $ct_data; |
182
|
|
|
|
|
|
|
} |
183
|
0
|
|
|
|
|
0
|
croak "pbes2_key_wrap: invalid alg '$alg'"; |
184
|
0
|
|
|
|
|
0
|
return undef; |
185
|
|
|
|
|
|
|
} |
186
|
|
|
|
|
|
|
|
187
|
|
|
|
|
|
|
sub pbes2_key_unwrap { |
188
|
40
|
|
|
40
|
1
|
384
|
my ($kek, $ct_data, $alg, $salt, $iter) = @_; |
189
|
40
|
|
|
|
|
109
|
my ($hash_name, $len); |
190
|
40
|
50
|
|
|
|
214
|
if ($alg =~ /^PBES2-HS(256|384|512)\+A(128|192|256)KW$/) { |
191
|
40
|
|
|
|
|
110
|
$hash_name = "SHA$1"; |
192
|
40
|
|
|
|
|
130
|
$len = $2/8; |
193
|
40
|
|
|
|
|
852740
|
my $aes_key = pbkdf2($kek, $alg."\x00".$salt, $iter, $hash_name, $len); |
194
|
40
|
|
|
|
|
335
|
my $pt_data = aes_key_unwrap($aes_key, $ct_data); |
195
|
40
|
|
|
|
|
232
|
return $pt_data; |
196
|
|
|
|
|
|
|
} |
197
|
0
|
|
|
|
|
0
|
croak "pbes2_key_unwrap: invalid alg '$alg'"; |
198
|
0
|
|
|
|
|
0
|
return undef; |
199
|
|
|
|
|
|
|
} |
200
|
|
|
|
|
|
|
|
201
|
|
|
|
|
|
|
# RSA KW |
202
|
|
|
|
|
|
|
# https://tools.ietf.org/html/rfc7518#section-4.2 |
203
|
|
|
|
|
|
|
# https://tools.ietf.org/html/rfc7518#section-4.3 |
204
|
|
|
|
|
|
|
|
205
|
|
|
|
|
|
|
sub rsa_key_wrap { |
206
|
21
|
|
|
21
|
1
|
2060
|
my ($kek_public, $pt_data, $alg) = @_; |
207
|
21
|
50
|
|
|
|
50
|
croak "rsa_key_wrap: no Crypt::PK::RSA" unless ref $kek_public eq 'Crypt::PK::RSA'; |
208
|
21
|
|
|
|
|
43
|
my ($padding, $hash_name); |
209
|
21
|
100
|
|
|
|
62
|
if ($alg eq 'RSA-OAEP') { ($padding, $hash_name) = ('oaep', 'SHA1') } |
|
7
|
100
|
|
|
|
15
|
|
|
|
50
|
|
|
|
|
|
210
|
7
|
|
|
|
|
13
|
elsif ($alg eq 'RSA-OAEP-256') { ($padding, $hash_name) = ('oaep', 'SHA256') } |
211
|
7
|
|
|
|
|
14
|
elsif ($alg eq 'RSA1_5') { $padding = 'v1.5' } |
212
|
21
|
50
|
|
|
|
44
|
croak "rsa_key_wrap: invalid algorithm '$alg'" unless $padding; |
213
|
21
|
|
|
|
|
4673
|
my $ct_data = $kek_public->encrypt($pt_data, $padding, $hash_name); |
214
|
21
|
|
|
|
|
82
|
return $ct_data; |
215
|
|
|
|
|
|
|
} |
216
|
|
|
|
|
|
|
|
217
|
|
|
|
|
|
|
sub rsa_key_unwrap { |
218
|
39
|
|
|
39
|
1
|
840
|
my ($kek_private, $ct_data, $alg) = @_; |
219
|
39
|
50
|
|
|
|
140
|
croak "rsa_key_unwrap: no Crypt::PK::RSA" unless ref $kek_private eq 'Crypt::PK::RSA'; |
220
|
39
|
50
|
|
|
|
139
|
croak "rsa_key_unwrap: no private key" unless $kek_private->is_private; |
221
|
39
|
|
|
|
|
56
|
my ($padding, $hash_name); |
222
|
39
|
100
|
|
|
|
126
|
if ($alg eq 'RSA-OAEP') { ($padding, $hash_name) = ('oaep', 'SHA1') } |
|
14
|
100
|
|
|
|
31
|
|
|
|
50
|
|
|
|
|
|
223
|
10
|
|
|
|
|
21
|
elsif ($alg eq 'RSA-OAEP-256') { ($padding, $hash_name) = ('oaep', 'SHA256') } |
224
|
15
|
|
|
|
|
26
|
elsif ($alg eq 'RSA1_5') { $padding = 'v1.5' } |
225
|
39
|
50
|
|
|
|
69
|
croak "rsa_key_unwrap: invalid algorithm '$alg'" unless $padding; |
226
|
39
|
|
|
|
|
206444
|
my $pt_data = $kek_private->decrypt($ct_data, $padding, $hash_name); |
227
|
39
|
|
|
|
|
393
|
return $pt_data; |
228
|
|
|
|
|
|
|
} |
229
|
|
|
|
|
|
|
|
230
|
|
|
|
|
|
|
# ConcatKDF - http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Ar2.pdf |
231
|
|
|
|
|
|
|
# ECDH KW - https://tools.ietf.org/html/rfc7518#section-4.6 |
232
|
|
|
|
|
|
|
|
233
|
|
|
|
|
|
|
sub _concat_kdf { |
234
|
68
|
|
|
68
|
|
251
|
my ($hash_name, $key_size, $shared_secret, $algorithm, $apu, $apv) = @_; |
235
|
68
|
50
|
|
|
|
224
|
$apu = '' unless defined $apu; |
236
|
68
|
50
|
|
|
|
163
|
$apv = '' unless defined $apv; |
237
|
68
|
|
|
|
|
345
|
my $hsize = Crypt::Digest->hashsize($hash_name); |
238
|
68
|
|
|
|
|
167
|
my $count = int($key_size / $hsize); |
239
|
68
|
100
|
|
|
|
225
|
$count++ if ($key_size % $hsize) > 0; |
240
|
68
|
|
|
|
|
107
|
my $data = ''; |
241
|
68
|
|
|
|
|
196
|
for my $i (1..$count) { |
242
|
72
|
|
|
|
|
911
|
$data .= digest_data('SHA256', pack("N", 1) . |
243
|
|
|
|
|
|
|
$shared_secret . |
244
|
|
|
|
|
|
|
pack("N", length($algorithm)) . $algorithm . |
245
|
|
|
|
|
|
|
pack("N", length($apu)) . $apu . |
246
|
|
|
|
|
|
|
pack("N", length($apv)) . $apv . |
247
|
|
|
|
|
|
|
pack("N", 8 *$key_size)); |
248
|
|
|
|
|
|
|
} |
249
|
68
|
|
|
|
|
261
|
return substr($data, 0, $key_size); |
250
|
|
|
|
|
|
|
} |
251
|
|
|
|
|
|
|
|
252
|
|
|
|
|
|
|
sub ecdh_key_wrap { |
253
|
7
|
|
|
7
|
1
|
3711
|
my ($kek_public, $enc, $apu, $apv) = @_; |
254
|
7
|
50
|
|
|
|
24
|
croak "ecdh_key_wrap: no Crypt::PK::ECC" unless ref $kek_public eq 'Crypt::PK::ECC'; |
255
|
7
|
|
|
|
|
13
|
my $encryption_key_size = 256; |
256
|
7
|
100
|
|
|
|
53
|
if ($enc =~ /^A(128|192|256)CBC-HS/) { |
257
|
3
|
|
|
|
|
8
|
$encryption_key_size = $1*2; |
258
|
|
|
|
|
|
|
} |
259
|
7
|
100
|
|
|
|
51
|
if ($enc =~ /^A(128|192|256)GCM/) { |
260
|
4
|
|
|
|
|
11
|
$encryption_key_size = $1; |
261
|
|
|
|
|
|
|
} |
262
|
7
|
|
|
|
|
34
|
my $ephemeral = Crypt::PK::ECC->new()->generate_key($kek_public->curve2hash); |
263
|
7
|
|
|
|
|
41069
|
my $shared_secret = $ephemeral->shared_secret($kek_public); |
264
|
7
|
|
|
|
|
69
|
my $ct_data = _concat_kdf('SHA256', $encryption_key_size/8, $shared_secret, $enc, $apu, $apv); |
265
|
7
|
|
|
|
|
39
|
return ($ct_data, $ephemeral->export_key_jwk('public')); |
266
|
|
|
|
|
|
|
} |
267
|
|
|
|
|
|
|
|
268
|
|
|
|
|
|
|
sub ecdh_key_unwrap { |
269
|
15
|
|
|
15
|
1
|
8285
|
my ($kek_private, $enc, $epk, $apu, $apv) = @_; |
270
|
15
|
50
|
|
|
|
68
|
croak "ecdh_key_unwrap: no Crypt::PK::ECC" unless ref $kek_private eq 'Crypt::PK::ECC'; |
271
|
15
|
50
|
|
|
|
68
|
croak "ecdh_key_unwrap: no private key" unless $kek_private->is_private; |
272
|
15
|
|
|
|
|
25
|
my $encryption_key_size = 256; |
273
|
15
|
100
|
|
|
|
74
|
if ($enc =~ /^A(128|192|256)CBC-HS/) { |
274
|
5
|
|
|
|
|
22
|
$encryption_key_size = $1*2; |
275
|
|
|
|
|
|
|
} |
276
|
15
|
100
|
|
|
|
72
|
if ($enc =~ /^A(128|192|256)GCM/) { |
277
|
10
|
|
|
|
|
28
|
$encryption_key_size = $1; |
278
|
|
|
|
|
|
|
} |
279
|
15
|
100
|
|
|
|
86
|
my $ephemeral = ref($epk) eq 'Crypt::PK::ECC' ? $epk : Crypt::PK::ECC->new(ref $epk ? $epk : \$epk); |
|
|
50
|
|
|
|
|
|
280
|
15
|
|
|
|
|
88087
|
my $shared_secret = $kek_private->shared_secret($ephemeral); |
281
|
15
|
|
|
|
|
99
|
my $pt_data = _concat_kdf('SHA256', $encryption_key_size/8, $shared_secret, $enc, $apu, $apv); |
282
|
15
|
|
|
|
|
185
|
return $pt_data; |
283
|
|
|
|
|
|
|
} |
284
|
|
|
|
|
|
|
|
285
|
|
|
|
|
|
|
sub ecdhaes_key_wrap { |
286
|
20
|
|
|
20
|
1
|
3797
|
my ($kek_public, $pt_data, $alg, $apu, $apv) = @_; |
287
|
20
|
50
|
|
|
|
112
|
croak "ecdhaes_key_wrap: no Crypt::PK::(ECC|X25519)" unless ref($kek_public) =~ /^Crypt::PK::(ECC|X25519)$/; |
288
|
20
|
|
|
|
|
41
|
my $encryption_key_size = 256; |
289
|
20
|
50
|
|
|
|
84
|
if ($alg =~ /^ECDH-ES\+A(128|192|256)KW$/) { |
290
|
20
|
|
|
|
|
48
|
$encryption_key_size = $1; |
291
|
|
|
|
|
|
|
} |
292
|
20
|
|
|
|
|
32
|
my $ephemeral; |
293
|
20
|
100
|
|
|
|
68
|
if (ref($kek_public) eq 'Crypt::PK::ECC') { |
294
|
19
|
|
|
|
|
87
|
$ephemeral = Crypt::PK::ECC->new->generate_key($kek_public->curve2hash); |
295
|
|
|
|
|
|
|
} |
296
|
|
|
|
|
|
|
else { |
297
|
1
|
|
|
|
|
4
|
$ephemeral = Crypt::PK::X25519->new->generate_key(); |
298
|
|
|
|
|
|
|
} |
299
|
20
|
|
|
|
|
222612
|
my $shared_secret = $ephemeral->shared_secret($kek_public); |
300
|
20
|
|
|
|
|
177
|
my $kek = _concat_kdf('SHA256', $encryption_key_size/8, $shared_secret, $alg, $apu, $apv); |
301
|
20
|
|
|
|
|
92
|
return (aes_key_wrap($kek, $pt_data), $ephemeral->export_key_jwk('public')); |
302
|
|
|
|
|
|
|
} |
303
|
|
|
|
|
|
|
|
304
|
|
|
|
|
|
|
sub ecdhaes_key_unwrap { |
305
|
26
|
|
|
26
|
1
|
8262
|
my ($kek_private, $ct_data, $alg, $epk, $apu, $apv) = @_; |
306
|
26
|
50
|
|
|
|
158
|
croak "ecdhaes_key_unwrap: no Crypt::PK::(ECC|X25519)" unless ref($kek_private) =~ /^Crypt::PK::(ECC|X25519)$/; |
307
|
26
|
50
|
|
|
|
118
|
croak "ecdhaes_key_unwrap: no private key" unless $kek_private->is_private; |
308
|
26
|
|
|
|
|
47
|
my $encryption_key_size = 256; |
309
|
26
|
50
|
|
|
|
133
|
if ($alg =~ /^ECDH-ES\+A(128|192|256)KW$/) { |
310
|
26
|
|
|
|
|
62
|
$encryption_key_size = $1; |
311
|
|
|
|
|
|
|
} |
312
|
26
|
|
|
|
|
40
|
my $ephemeral; |
313
|
26
|
100
|
|
|
|
112
|
if (ref($kek_private) eq 'Crypt::PK::ECC') { |
314
|
25
|
100
|
|
|
|
162
|
$ephemeral = ref($epk) eq 'Crypt::PK::ECC' ? $epk : Crypt::PK::ECC->new(ref $epk ? $epk : \$epk); |
|
|
50
|
|
|
|
|
|
315
|
|
|
|
|
|
|
} |
316
|
|
|
|
|
|
|
else { |
317
|
1
|
50
|
|
|
|
9
|
$ephemeral = ref($epk) eq 'Crypt::PK::X25519' ? $epk : Crypt::PK::X25519->new(ref $epk ? $epk : \$epk); |
|
|
50
|
|
|
|
|
|
318
|
|
|
|
|
|
|
} |
319
|
26
|
|
|
|
|
256115
|
my $shared_secret = $kek_private->shared_secret($ephemeral); |
320
|
26
|
|
|
|
|
218
|
my $kek = _concat_kdf('SHA256', $encryption_key_size/8, $shared_secret, $alg, $apu, $apv); |
321
|
26
|
|
|
|
|
91
|
my $pt_data = aes_key_unwrap($kek, $ct_data); |
322
|
26
|
|
|
|
|
282
|
return $pt_data; |
323
|
|
|
|
|
|
|
} |
324
|
|
|
|
|
|
|
|
325
|
|
|
|
|
|
|
1; |
326
|
|
|
|
|
|
|
|
327
|
|
|
|
|
|
|
=pod |
328
|
|
|
|
|
|
|
|
329
|
|
|
|
|
|
|
=head1 NAME |
330
|
|
|
|
|
|
|
|
331
|
|
|
|
|
|
|
Crypt::KeyWrap - Key management/wrapping algorithms defined in RFC7518 (JWA) |
332
|
|
|
|
|
|
|
|
333
|
|
|
|
|
|
|
=head1 SYNOPSIS |
334
|
|
|
|
|
|
|
|
335
|
|
|
|
|
|
|
# A192KW wrapping |
336
|
|
|
|
|
|
|
use Crypt::KeyWrap qw(aes_key_wrap); |
337
|
|
|
|
|
|
|
my $kek = pack("H*", "5840df6e29b02af1ab493b705bf16ea1ae8338f4dcc176a8"); # key encryption key |
338
|
|
|
|
|
|
|
my $cek = pack("H*", "c37b7e6492584340bed12207808941155068f738"); # content encryption key |
339
|
|
|
|
|
|
|
my $enc_cek = aes_key_wrap($kek, $pt_data); # encrypted content encryption key |
340
|
|
|
|
|
|
|
|
341
|
|
|
|
|
|
|
# A192KW unwrapping |
342
|
|
|
|
|
|
|
use Crypt::KeyWrap qw(aes_key_unwrap); |
343
|
|
|
|
|
|
|
my $kek = pack("H*", "5840df6e29b02af1ab493b705bf16ea1ae8338f4dcc176a8"); |
344
|
|
|
|
|
|
|
my $enc_cek = pack("H*", "138bdeaa9b8fa7fc61f97742e72248ee5ae6ae5360d1ae6a5f54f373fa543b6a"); |
345
|
|
|
|
|
|
|
my $cek = aes_key_unwrap($kek, $pt_data); |
346
|
|
|
|
|
|
|
|
347
|
|
|
|
|
|
|
=head1 DESCRIPTION |
348
|
|
|
|
|
|
|
|
349
|
|
|
|
|
|
|
Implements key management algorithms defined in L |
350
|
|
|
|
|
|
|
|
351
|
|
|
|
|
|
|
BEWARE: experimental, interface of this module might change! |
352
|
|
|
|
|
|
|
|
353
|
|
|
|
|
|
|
Supported algorithms (all defined in RFC7518): |
354
|
|
|
|
|
|
|
|
355
|
|
|
|
|
|
|
A128KW see: aes_key_wrap() + aes_key_unwrap() |
356
|
|
|
|
|
|
|
A192KW see: aes_key_wrap() + aes_key_unwrap() |
357
|
|
|
|
|
|
|
A256KW see: aes_key_wrap() + aes_key_unwrap() |
358
|
|
|
|
|
|
|
A128GCMKW see: gcm_key_wrap() + gcm_key_unwrap() |
359
|
|
|
|
|
|
|
A192GCMKW see: gcm_key_wrap() + gcm_key_unwrap() |
360
|
|
|
|
|
|
|
A256GCMKW see: gcm_key_wrap() + gcm_key_unwrap() |
361
|
|
|
|
|
|
|
PBES2-HS256+A128KW see: pbes2_key_wrap() + pbes2_key_unwrap() |
362
|
|
|
|
|
|
|
PBES2-HS384+A192KW see: pbes2_key_wrap() + pbes2_key_unwrap() |
363
|
|
|
|
|
|
|
PBES2-HS512+A256KW see: pbes2_key_wrap() + pbes2_key_unwrap() |
364
|
|
|
|
|
|
|
RSA-OAEP see: rsa_key_wrap() + rsa_key_unwrap() |
365
|
|
|
|
|
|
|
RSA-OAEP-256 see: rsa_key_wrap() + rsa_key_unwrap() |
366
|
|
|
|
|
|
|
RSA1_5 see: rsa_key_wrap() + rsa_key_unwrap() |
367
|
|
|
|
|
|
|
ECDH-ES+A128KW see: ecdhaes_key_wrap() + ecdhaes_key_unwrap() |
368
|
|
|
|
|
|
|
ECDH-ES+A192KW see: ecdhaes_key_wrap() + ecdhaes_key_unwrap() |
369
|
|
|
|
|
|
|
ECDH-ES+A256KW see: ecdhaes_key_wrap() + ecdhaes_key_unwrap() |
370
|
|
|
|
|
|
|
ECDH-ES see: ecdh_key_wrap() + ecdh_key_unwrap() |
371
|
|
|
|
|
|
|
|
372
|
|
|
|
|
|
|
=head1 EXPORT |
373
|
|
|
|
|
|
|
|
374
|
|
|
|
|
|
|
Nothing is exported by default. |
375
|
|
|
|
|
|
|
|
376
|
|
|
|
|
|
|
You can export selected functions: |
377
|
|
|
|
|
|
|
|
378
|
|
|
|
|
|
|
use Crypt::KeyWrap qw(aes_key_wrap gcm_key_wrap pbes2_key_wrap); |
379
|
|
|
|
|
|
|
|
380
|
|
|
|
|
|
|
Or all of them at once: |
381
|
|
|
|
|
|
|
|
382
|
|
|
|
|
|
|
use Crypt::KeyWrap ':all'; |
383
|
|
|
|
|
|
|
|
384
|
|
|
|
|
|
|
=head1 FUNCTIONS |
385
|
|
|
|
|
|
|
|
386
|
|
|
|
|
|
|
=head2 aes_key_wrap |
387
|
|
|
|
|
|
|
|
388
|
|
|
|
|
|
|
AES key wrap algorithm as defined in L |
389
|
|
|
|
|
|
|
(implements algorithms C, C, C). |
390
|
|
|
|
|
|
|
|
391
|
|
|
|
|
|
|
Implementation follows L and L. |
392
|
|
|
|
|
|
|
|
393
|
|
|
|
|
|
|
The implementation is also compatible with L |
394
|
|
|
|
|
|
|
(it supports AES based KW, KWP + TDEA/DES_EDE based TKW). |
395
|
|
|
|
|
|
|
|
396
|
|
|
|
|
|
|
AES Key Wrap algorithm. |
397
|
|
|
|
|
|
|
|
398
|
|
|
|
|
|
|
$enc_cek = aes_key_wrap($kek, $cek); |
399
|
|
|
|
|
|
|
# or |
400
|
|
|
|
|
|
|
$enc_cek = aes_key_wrap($kek, $cek, $cipher, $padding, $inverse); |
401
|
|
|
|
|
|
|
|
402
|
|
|
|
|
|
|
# params: |
403
|
|
|
|
|
|
|
# $kek .. key encryption key (16bytes for AES128, 24 for AES192, 32 for AES256) |
404
|
|
|
|
|
|
|
# $cek .. content encryption key |
405
|
|
|
|
|
|
|
# optional params: |
406
|
|
|
|
|
|
|
# $cipher .. 'AES' (default) or 'DES_EDE' |
407
|
|
|
|
|
|
|
# $padding .. 1 (default) or 0 handle $cek padding (relevant for AES only) |
408
|
|
|
|
|
|
|
# $inverse .. 0 (default) or 1 use cipher in inverse mode as defined by SP.800-38F |
409
|
|
|
|
|
|
|
|
410
|
|
|
|
|
|
|
Values C<$enc_cek>, C<$cek> and C<$kek> are binary octets. If you disable padding you have to make sure that |
411
|
|
|
|
|
|
|
C<$cek> length is multiply of 8 (for AES) or multiply of 4 (for DES_EDE); |
412
|
|
|
|
|
|
|
|
413
|
|
|
|
|
|
|
=head2 aes_key_unwrap |
414
|
|
|
|
|
|
|
|
415
|
|
|
|
|
|
|
AES key unwrap algorithm as defined in L |
416
|
|
|
|
|
|
|
(implements algorithms C, C, C). |
417
|
|
|
|
|
|
|
|
418
|
|
|
|
|
|
|
AES Key Unwrap algorithm. |
419
|
|
|
|
|
|
|
|
420
|
|
|
|
|
|
|
$cek = aes_key_unwrap($kek, $enc_cek); |
421
|
|
|
|
|
|
|
# or |
422
|
|
|
|
|
|
|
$cek = aes_key_unwrap($kek, $enc_cek, $cipher, $padding, $inverse); |
423
|
|
|
|
|
|
|
|
424
|
|
|
|
|
|
|
# params: |
425
|
|
|
|
|
|
|
# $kek .. key encryption key (16bytes for AES128, 24 for AES192, 32 for AES256) |
426
|
|
|
|
|
|
|
# $enc_cek .. encrypted content encryption key |
427
|
|
|
|
|
|
|
# optional params: |
428
|
|
|
|
|
|
|
# $cipher .. 'AES' (default) or 'DES_EDE' |
429
|
|
|
|
|
|
|
# $padding .. 1 (default) or 0 - use $cek padding (relevant for AES only) |
430
|
|
|
|
|
|
|
# $inverse .. 0 (default) or 1 - use cipher in inverse mode as defined by SP.800-38F |
431
|
|
|
|
|
|
|
|
432
|
|
|
|
|
|
|
Values C<$enc_cek>, C<$cek> and C<$kek> are binary octets. |
433
|
|
|
|
|
|
|
|
434
|
|
|
|
|
|
|
=head2 gcm_key_wrap |
435
|
|
|
|
|
|
|
|
436
|
|
|
|
|
|
|
AES GCM key wrap algorithm as defined in L |
437
|
|
|
|
|
|
|
(implements algorithms C, C, C). |
438
|
|
|
|
|
|
|
|
439
|
|
|
|
|
|
|
($enc_cek, $tag, $iv) = gcm_key_wrap($kek, $cek); |
440
|
|
|
|
|
|
|
#or |
441
|
|
|
|
|
|
|
($enc_cek, $tag, $iv) = gcm_key_wrap($kek, $cek, $aad); |
442
|
|
|
|
|
|
|
#or |
443
|
|
|
|
|
|
|
($enc_cek, $tag, $iv) = gcm_key_wrap($kek, $cek, $aad, $cipher, $iv); |
444
|
|
|
|
|
|
|
|
445
|
|
|
|
|
|
|
# params: |
446
|
|
|
|
|
|
|
# $kek .. key encryption key (16bytes for AES128, 24 for AES192, 32 for AES256) |
447
|
|
|
|
|
|
|
# $cek .. content encryption key |
448
|
|
|
|
|
|
|
# optional params: |
449
|
|
|
|
|
|
|
# $aad .. additional authenticated data, DEFAULT is '' (empty string) |
450
|
|
|
|
|
|
|
# $cipher .. cipher to be used by GCM, DEFAULT is 'AES' |
451
|
|
|
|
|
|
|
# $iv .. initialization vector (if not defined a random IV is generated) |
452
|
|
|
|
|
|
|
|
453
|
|
|
|
|
|
|
Values C<$enc_cek>, C<$cek>, C<$aad>, C<$iv>, C<$tag> and C<$kek> are binary octets. |
454
|
|
|
|
|
|
|
|
455
|
|
|
|
|
|
|
=head2 gcm_key_unwrap |
456
|
|
|
|
|
|
|
|
457
|
|
|
|
|
|
|
AES GCM key unwrap algorithm as defined in L |
458
|
|
|
|
|
|
|
(implements algorithms C, C, C). |
459
|
|
|
|
|
|
|
|
460
|
|
|
|
|
|
|
$cek = gcm_key_unwrap($kek, $enc_cek, $tag, $iv); |
461
|
|
|
|
|
|
|
# or |
462
|
|
|
|
|
|
|
$cek = gcm_key_unwrap($kek, $enc_cek, $tag, $iv, $aad); |
463
|
|
|
|
|
|
|
# or |
464
|
|
|
|
|
|
|
$cek = gcm_key_unwrap($kek, $enc_cek, $tag, $iv, $aad, $cipher); |
465
|
|
|
|
|
|
|
|
466
|
|
|
|
|
|
|
# params: |
467
|
|
|
|
|
|
|
# $kek .. key encryption key (16bytes for AES128, 24 for AES192, 32 for AES256) |
468
|
|
|
|
|
|
|
# $enc_cek .. encrypted content encryption key |
469
|
|
|
|
|
|
|
# $tag .. GCM's tag |
470
|
|
|
|
|
|
|
# $iv .. initialization vector |
471
|
|
|
|
|
|
|
# optional params: |
472
|
|
|
|
|
|
|
# $aad .. additional authenticated data, DEFAULT is '' (empty string) |
473
|
|
|
|
|
|
|
# $cipher .. cipher to be used by GCM, DEFAULT is 'AES' |
474
|
|
|
|
|
|
|
|
475
|
|
|
|
|
|
|
Values C<$enc_cek>, C<$cek>, C<$aad>, C<$iv>, C<$tag> and C<$kek> are binary octets. |
476
|
|
|
|
|
|
|
|
477
|
|
|
|
|
|
|
=head2 pbes2_key_wrap |
478
|
|
|
|
|
|
|
|
479
|
|
|
|
|
|
|
PBES2 key wrap algorithm as defined in L |
480
|
|
|
|
|
|
|
(implements algorithms C, C, C). |
481
|
|
|
|
|
|
|
|
482
|
|
|
|
|
|
|
$enc_cek = pbes2_key_wrap($kek, $cek, $alg, $salt, $iter); |
483
|
|
|
|
|
|
|
|
484
|
|
|
|
|
|
|
# params: |
485
|
|
|
|
|
|
|
# $kek .. key encryption key (arbitrary length) |
486
|
|
|
|
|
|
|
# $cek .. content encryption key |
487
|
|
|
|
|
|
|
# $alg .. algorithm name e.g. 'PBES2-HS256+A128KW' (see rfc7518) |
488
|
|
|
|
|
|
|
# $salt .. pbkdf2 salt |
489
|
|
|
|
|
|
|
# $iter .. pbkdf2 iteration count |
490
|
|
|
|
|
|
|
|
491
|
|
|
|
|
|
|
Values C<$enc_cek>, C<$cek>, C<$salt> and C<$kek> are binary octets. |
492
|
|
|
|
|
|
|
|
493
|
|
|
|
|
|
|
=head2 pbes2_key_unwrap |
494
|
|
|
|
|
|
|
|
495
|
|
|
|
|
|
|
PBES2 key unwrap algorithm as defined in L |
496
|
|
|
|
|
|
|
(implements algorithms C, C, C). |
497
|
|
|
|
|
|
|
|
498
|
|
|
|
|
|
|
$cek = pbes2_key_unwrap($kek, $enc_cek, $alg, $salt, $iter); |
499
|
|
|
|
|
|
|
|
500
|
|
|
|
|
|
|
# params: |
501
|
|
|
|
|
|
|
# $kek .. key encryption key (arbitrary length) |
502
|
|
|
|
|
|
|
# $enc_cek .. encrypted content encryption key |
503
|
|
|
|
|
|
|
# $alg .. algorithm name e.g. 'PBES2-HS256+A128KW' (see rfc7518) |
504
|
|
|
|
|
|
|
# $salt .. pbkdf2 salt |
505
|
|
|
|
|
|
|
# $iter .. pbkdf2 iteration count |
506
|
|
|
|
|
|
|
|
507
|
|
|
|
|
|
|
Values C<$enc_cek>, C<$cek>, C<$salt> and C<$kek> are binary octets. |
508
|
|
|
|
|
|
|
|
509
|
|
|
|
|
|
|
=head2 rsa_key_wrap |
510
|
|
|
|
|
|
|
|
511
|
|
|
|
|
|
|
PBES2 key wrap algorithm as defined in L and |
512
|
|
|
|
|
|
|
L (implements algorithms C, C, C). |
513
|
|
|
|
|
|
|
|
514
|
|
|
|
|
|
|
$enc_cek = rsa_key_wrap($kek, $cek, $alg); |
515
|
|
|
|
|
|
|
|
516
|
|
|
|
|
|
|
# params: |
517
|
|
|
|
|
|
|
# $kek .. RSA public key - Crypt::PK::RSA instance |
518
|
|
|
|
|
|
|
# $cek .. content encryption key |
519
|
|
|
|
|
|
|
# $alg .. algorithm name e.g. 'RSA-OAEP' (see rfc7518) |
520
|
|
|
|
|
|
|
|
521
|
|
|
|
|
|
|
Values C<$enc_cek> and C<$cek> are binary octets. |
522
|
|
|
|
|
|
|
|
523
|
|
|
|
|
|
|
=head2 rsa_key_unwrap |
524
|
|
|
|
|
|
|
|
525
|
|
|
|
|
|
|
PBES2 key wrap algorithm as defined in L and |
526
|
|
|
|
|
|
|
L (implements algorithms C, C, C). |
527
|
|
|
|
|
|
|
|
528
|
|
|
|
|
|
|
$cek = rsa_key_unwrap($kek, $enc_cek, $alg); |
529
|
|
|
|
|
|
|
|
530
|
|
|
|
|
|
|
# params: |
531
|
|
|
|
|
|
|
# $kek .. RSA private key - Crypt::PK::RSA instance |
532
|
|
|
|
|
|
|
# $enc_cek .. encrypted content encryption key |
533
|
|
|
|
|
|
|
# $alg .. algorithm name e.g. 'RSA-OAEP' (see rfc7518) |
534
|
|
|
|
|
|
|
|
535
|
|
|
|
|
|
|
Values C<$enc_cek> and C<$cek> are binary octets. |
536
|
|
|
|
|
|
|
|
537
|
|
|
|
|
|
|
=head2 ecdhaes_key_wrap |
538
|
|
|
|
|
|
|
|
539
|
|
|
|
|
|
|
ECDH+AESKW key agreement/wrap algorithm as defined in L |
540
|
|
|
|
|
|
|
(implements algorithms C, C, C). |
541
|
|
|
|
|
|
|
|
542
|
|
|
|
|
|
|
($enc_cek, $epk) = ecdhaes_key_wrap($kek, $cek, $alg, $apu, $apv); |
543
|
|
|
|
|
|
|
|
544
|
|
|
|
|
|
|
# params: |
545
|
|
|
|
|
|
|
# $kek .. ECC public key - Crypt::PK::ECC|X25519 instance |
546
|
|
|
|
|
|
|
# $cek .. content encryption key |
547
|
|
|
|
|
|
|
# $alg .. algorithm name e.g. 'ECDH-ES+A256KW' (see rfc7518) |
548
|
|
|
|
|
|
|
# optional params: |
549
|
|
|
|
|
|
|
# $apu .. Agreement PartyUInfo Header Parameter |
550
|
|
|
|
|
|
|
# $apv .. Agreement PartyVInfo Header Parameter |
551
|
|
|
|
|
|
|
|
552
|
|
|
|
|
|
|
Values C<$enc_cek> and C<$cek> are binary octets. |
553
|
|
|
|
|
|
|
|
554
|
|
|
|
|
|
|
=head2 ecdhaes_key_unwrap |
555
|
|
|
|
|
|
|
|
556
|
|
|
|
|
|
|
ECDH+AESKW key agreement/unwrap algorithm as defined in L |
557
|
|
|
|
|
|
|
(implements algorithms C, C, C). |
558
|
|
|
|
|
|
|
|
559
|
|
|
|
|
|
|
$cek = ecdhaes_key_unwrap($kek, $enc_cek, $alg, $epk, $apu, $apv); |
560
|
|
|
|
|
|
|
|
561
|
|
|
|
|
|
|
# params: |
562
|
|
|
|
|
|
|
# $kek .. ECC private key - Crypt::PK::ECC|X25519 instance |
563
|
|
|
|
|
|
|
# $enc_cek .. encrypted content encryption key |
564
|
|
|
|
|
|
|
# $alg .. algorithm name e.g. 'ECDH-ES+A256KW' (see rfc7518) |
565
|
|
|
|
|
|
|
# $epk .. ephemeral ECC public key (JWK/JSON or Crypt::PK::ECC|X25519) |
566
|
|
|
|
|
|
|
# optional params: |
567
|
|
|
|
|
|
|
# $apu .. Agreement PartyUInfo Header Parameter |
568
|
|
|
|
|
|
|
# $apv .. Agreement PartyVInfo Header Parameter |
569
|
|
|
|
|
|
|
|
570
|
|
|
|
|
|
|
Values C<$enc_cek> and C<$cek> are binary octets. |
571
|
|
|
|
|
|
|
|
572
|
|
|
|
|
|
|
=head2 ecdh_key_wrap |
573
|
|
|
|
|
|
|
|
574
|
|
|
|
|
|
|
ECDH (Ephememeral Static) key agreement/wrap algorithm as defined in L |
575
|
|
|
|
|
|
|
(implements algorithm C). |
576
|
|
|
|
|
|
|
|
577
|
|
|
|
|
|
|
($cek, $epk) = ecdh_key_wrap($kek, $enc, $apu, $apv); |
578
|
|
|
|
|
|
|
|
579
|
|
|
|
|
|
|
# params: |
580
|
|
|
|
|
|
|
# $kek .. ECC public key - Crypt::PK::ECC|X25519 instance |
581
|
|
|
|
|
|
|
# $enc .. encryption algorithm name e.g. 'A256GCM' (see rfc7518) |
582
|
|
|
|
|
|
|
# optional params: |
583
|
|
|
|
|
|
|
# $apu .. Agreement PartyUInfo Header Parameter |
584
|
|
|
|
|
|
|
# $apv .. Agreement PartyVInfo Header Parameter |
585
|
|
|
|
|
|
|
|
586
|
|
|
|
|
|
|
Value C<$cek> - binary octets, C<$epk> JWK/JSON string with ephemeral ECC public key. |
587
|
|
|
|
|
|
|
|
588
|
|
|
|
|
|
|
=head2 ecdh_key_unwrap |
589
|
|
|
|
|
|
|
|
590
|
|
|
|
|
|
|
ECDH (Ephememeral Static) key agreement/unwrap algorithm as defined in L |
591
|
|
|
|
|
|
|
(implements algorithm C). |
592
|
|
|
|
|
|
|
|
593
|
|
|
|
|
|
|
$cek = ecdh_key_unwrap($kek, $enc, $epk, $apu, $apv); |
594
|
|
|
|
|
|
|
|
595
|
|
|
|
|
|
|
# params: |
596
|
|
|
|
|
|
|
# $kek .. ECC private key - Crypt::PK::ECC|X25519 instance |
597
|
|
|
|
|
|
|
# $enc .. encryption algorithm name e.g. 'A256GCM' (see rfc7518) |
598
|
|
|
|
|
|
|
# $epk .. ephemeral ECC public key (JWK/JSON or Crypt::PK::ECC|X25519) |
599
|
|
|
|
|
|
|
# optional params: |
600
|
|
|
|
|
|
|
# $apu .. Agreement PartyUInfo Header Parameter |
601
|
|
|
|
|
|
|
# $apv .. Agreement PartyVInfo Header Parameter |
602
|
|
|
|
|
|
|
|
603
|
|
|
|
|
|
|
Value C<$cek> - binary octets. |
604
|
|
|
|
|
|
|
|
605
|
|
|
|
|
|
|
=head1 SEE ALSO |
606
|
|
|
|
|
|
|
|
607
|
|
|
|
|
|
|
L, L, L, L |
608
|
|
|
|
|
|
|
|
609
|
|
|
|
|
|
|
=head1 LICENSE |
610
|
|
|
|
|
|
|
|
611
|
|
|
|
|
|
|
This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself. |
612
|
|
|
|
|
|
|
|
613
|
|
|
|
|
|
|
=head1 COPYRIGHT |
614
|
|
|
|
|
|
|
|
615
|
|
|
|
|
|
|
Copyright (c) 2015-2023 DCIT, a.s. L / Karel Miko |