line |
stmt |
bran |
cond |
sub |
pod |
time |
code |
1
|
|
|
|
|
|
|
package Crypt::NamedKeys; |
2
|
|
|
|
|
|
|
|
3
|
2
|
|
|
2
|
|
93741
|
use Moo; |
|
2
|
|
|
|
|
24635
|
|
|
2
|
|
|
|
|
12
|
|
4
|
|
|
|
|
|
|
|
5
|
|
|
|
|
|
|
=head1 NAME |
6
|
|
|
|
|
|
|
|
7
|
|
|
|
|
|
|
Crypt::NamedKeys - A Crypt::CBC wrapper with key rotation support |
8
|
|
|
|
|
|
|
|
9
|
|
|
|
|
|
|
=head1 SYNOPSYS |
10
|
|
|
|
|
|
|
|
11
|
|
|
|
|
|
|
use Crypt::NamedKeys; |
12
|
|
|
|
|
|
|
my $crypt = Crypt::NamedKeys->new(keyname => 'href'); |
13
|
|
|
|
|
|
|
my $encrypted = $crypt->encrypt_data(data => $href); |
14
|
|
|
|
|
|
|
my $restored_href = $crypt->decrypt_data( |
15
|
|
|
|
|
|
|
data => $encrypted->{data}, |
16
|
|
|
|
|
|
|
mac => $encrypted->{mac}, |
17
|
|
|
|
|
|
|
); |
18
|
|
|
|
|
|
|
|
19
|
|
|
|
|
|
|
=head1 DESCRIPTION |
20
|
|
|
|
|
|
|
|
21
|
|
|
|
|
|
|
This module provides functions to serialize data for transfer via non-protected |
22
|
|
|
|
|
|
|
channels with encryption and data integrity protection. The module tracks key |
23
|
|
|
|
|
|
|
number used to encrypt information so that keys can be rotated without making |
24
|
|
|
|
|
|
|
data unreadable. |
25
|
|
|
|
|
|
|
|
26
|
|
|
|
|
|
|
=head1 CONFIGURATION AND KEY ROTATION |
27
|
|
|
|
|
|
|
|
28
|
|
|
|
|
|
|
The keys are stored in the keyfile, configurable as below. Keys are numbered |
29
|
|
|
|
|
|
|
starting at 1. Numbers must never be reused. Typically key rotation will be |
30
|
|
|
|
|
|
|
done in several steps, each with its own rollout. These steps MUST be done as |
31
|
|
|
|
|
|
|
separate releases because otherwise keys may not be available to decrypt data, |
32
|
|
|
|
|
|
|
and so things may not work. |
33
|
|
|
|
|
|
|
|
34
|
|
|
|
|
|
|
=head2 keyfile location |
35
|
|
|
|
|
|
|
|
36
|
|
|
|
|
|
|
The keyfile can be set using the keyfile($path) function. There is no default. |
37
|
|
|
|
|
|
|
|
38
|
|
|
|
|
|
|
=head2 keyfile format |
39
|
|
|
|
|
|
|
|
40
|
|
|
|
|
|
|
The format of the keyfile is YAML, following a basic structure of |
41
|
|
|
|
|
|
|
|
42
|
|
|
|
|
|
|
keyname: |
43
|
|
|
|
|
|
|
[keyhashdef] |
44
|
|
|
|
|
|
|
|
45
|
|
|
|
|
|
|
so for example: |
46
|
|
|
|
|
|
|
|
47
|
|
|
|
|
|
|
cryptedfeed: |
48
|
|
|
|
|
|
|
default_keynum: 9 |
49
|
|
|
|
|
|
|
none: queith7eeTh0teejaichoodobooX9ceechee9Sai9gauChiengaeraew3aDiehei |
50
|
|
|
|
|
|
|
1: aePh8ahBaNg1bee6ohj3er5cuzeepoophai1oogohpoixothah4AuYiongu4ahta |
51
|
|
|
|
|
|
|
2: oht1eep8uxoo1eeshaSaemee9aem5chahqueu0Aedaa7eeXae9aeghe5umoNah6a |
52
|
|
|
|
|
|
|
3: chigh4veifoofe0Vohphee4ohkaef9giz2iaje2ahF4ohboSh6ifaiNgohwohchi |
53
|
|
|
|
|
|
|
4: Ahphahmisaingo5Ietheangeegi5ia1uuF9taerooShaitoh1Eophig3ohziejet |
54
|
|
|
|
|
|
|
5: oe5wi2equee6FeiZohjah2peas6Ahquohniefeimai0beip2waxeizoo1OhthohN |
55
|
|
|
|
|
|
|
6: eigaezee3CeuC8phae4giph6Miqu6piy3Eideipahticesheij7se9eecai9fiez |
56
|
|
|
|
|
|
|
7: DuuGhohViGh0Sheihahr6ce4Phuin7ahpaiSa5jaiphie3eiz8oa3dohrohghuow |
57
|
|
|
|
|
|
|
8: ahfoniemah4boemeN8seJ7hohhualeetei7aegohhai5ohwahlohnah2Ee2Ewal1 |
58
|
|
|
|
|
|
|
9: Ceixei4shelohxee1ohdoochuliebael1kae8eit0Geeth1so9fohZi0cohs8go4 |
59
|
|
|
|
|
|
|
10: boreiDe0shueNgie7shai7ooc1yaeveiKeihuox0xahp1hai8phe7aephiel2oob |
60
|
|
|
|
|
|
|
|
61
|
|
|
|
|
|
|
In general we assume key spefications to use numeric keys within the named |
62
|
|
|
|
|
|
|
key hash. This makes key rotation a lot easier and prevents reusing key |
63
|
|
|
|
|
|
|
numbers. |
64
|
|
|
|
|
|
|
|
65
|
|
|
|
|
|
|
Key names may not contain = or -. |
66
|
|
|
|
|
|
|
|
67
|
|
|
|
|
|
|
All keys listed can be used for decryption (with the special 'none' key used if |
68
|
|
|
|
|
|
|
no key number is specified in the cyphertex), but by default only the default |
69
|
|
|
|
|
|
|
keynumber (default_keynum, in this case 9) is used for encrypting. |
70
|
|
|
|
|
|
|
|
71
|
|
|
|
|
|
|
The keynumber is specified in the resulting cyphertext so we know which key |
72
|
|
|
|
|
|
|
to use for decrypting the cyphertext even if we don't try to decrypt it. This |
73
|
|
|
|
|
|
|
allows: |
74
|
|
|
|
|
|
|
|
75
|
|
|
|
|
|
|
=over |
76
|
|
|
|
|
|
|
|
77
|
|
|
|
|
|
|
=item Key checking |
78
|
|
|
|
|
|
|
|
79
|
|
|
|
|
|
|
If you store cyphertext in your rdbms, you can check which keys are used before |
80
|
|
|
|
|
|
|
you remove decryption support for a key. |
81
|
|
|
|
|
|
|
|
82
|
|
|
|
|
|
|
=item Orderly key rotation |
83
|
|
|
|
|
|
|
|
84
|
|
|
|
|
|
|
You can add a key, and later depricate it, managing the transition (and perhaps |
85
|
|
|
|
|
|
|
even using logging to know when the old key is no longer needed). |
86
|
|
|
|
|
|
|
|
87
|
|
|
|
|
|
|
=back |
88
|
|
|
|
|
|
|
|
89
|
|
|
|
|
|
|
=head2 Step 1: Adding a New Key |
90
|
|
|
|
|
|
|
|
91
|
|
|
|
|
|
|
In many cases you need to be able to add and remove keys without requiring that |
92
|
|
|
|
|
|
|
everything gets the new keys at the same time. For example if you have multiple |
93
|
|
|
|
|
|
|
production systems, they are likely to get updated in series, and if you expect |
94
|
|
|
|
|
|
|
that everyone gets the keys at the same time, timing issues may occur. |
95
|
|
|
|
|
|
|
|
96
|
|
|
|
|
|
|
For this reason, we recommend breaking up the encryption key rollout into a |
97
|
|
|
|
|
|
|
number of steps. The first one is making sure that everyone can use the |
98
|
|
|
|
|
|
|
new key to decrypt before anyone uses it to encrypt. |
99
|
|
|
|
|
|
|
|
100
|
|
|
|
|
|
|
The first release is by adding a new key so that it is available for decryption. |
101
|
|
|
|
|
|
|
|
102
|
|
|
|
|
|
|
For example, in the keyfile suppose one has: |
103
|
|
|
|
|
|
|
|
104
|
|
|
|
|
|
|
mykey: |
105
|
|
|
|
|
|
|
default_keynum: 1 |
106
|
|
|
|
|
|
|
none: rsdfagtiaueIUPOIUYHH |
107
|
|
|
|
|
|
|
1: rsdfagtiaueIUPOIUYHH |
108
|
|
|
|
|
|
|
|
109
|
|
|
|
|
|
|
We might add another line |
110
|
|
|
|
|
|
|
|
111
|
|
|
|
|
|
|
2: IRvswqerituq-HPIOHJHGdeewrwyugfrGRSe3eyy6te |
112
|
|
|
|
|
|
|
|
113
|
|
|
|
|
|
|
Once this file is released, the key number 2 will be available globally for |
114
|
|
|
|
|
|
|
decryption purposes, but everything will still be encrypted using key number 1. |
115
|
|
|
|
|
|
|
|
116
|
|
|
|
|
|
|
This means it is safe then to go onto the second step. |
117
|
|
|
|
|
|
|
|
118
|
|
|
|
|
|
|
=head2 Step 2: Setting the new key as default |
119
|
|
|
|
|
|
|
|
120
|
|
|
|
|
|
|
Once the new keys have been released, the next step is to change the default |
121
|
|
|
|
|
|
|
keynumber. Data encrypted in this way will be available even to servers waiting |
122
|
|
|
|
|
|
|
to be updated because the keys have previously been rolled out. To do this, |
123
|
|
|
|
|
|
|
simply change the default_keynum: |
124
|
|
|
|
|
|
|
|
125
|
|
|
|
|
|
|
mykey: |
126
|
|
|
|
|
|
|
default_keynum: 1 |
127
|
|
|
|
|
|
|
1: rsdfagtiaueIUPOIUYHH |
128
|
|
|
|
|
|
|
2: IRvswqerituq-HPIOHJHGdeewrwyugfrGRSe3eyy6te |
129
|
|
|
|
|
|
|
|
130
|
|
|
|
|
|
|
becomes: |
131
|
|
|
|
|
|
|
|
132
|
|
|
|
|
|
|
mykey: |
133
|
|
|
|
|
|
|
default_keynum: 2 |
134
|
|
|
|
|
|
|
1: rsdfagtiaueIUPOIUYHH |
135
|
|
|
|
|
|
|
2: IRvswqerituq-HPIOHJHGdeewrwyugfrGRSe3eyy6te |
136
|
|
|
|
|
|
|
|
137
|
|
|
|
|
|
|
Now all new data will be encrypted using keynumber 2. |
138
|
|
|
|
|
|
|
|
139
|
|
|
|
|
|
|
=head2 Step 3: Retiring the old key |
140
|
|
|
|
|
|
|
|
141
|
|
|
|
|
|
|
Once the old key is no longer being used, it can be retired by deleting the |
142
|
|
|
|
|
|
|
row. |
143
|
|
|
|
|
|
|
|
144
|
|
|
|
|
|
|
=head2 The Special 'none' keynum |
145
|
|
|
|
|
|
|
|
146
|
|
|
|
|
|
|
For aes keys before the key versioning was introduced, there is no keynum |
147
|
|
|
|
|
|
|
associated with the cyphertext, so we use this key. |
148
|
|
|
|
|
|
|
|
149
|
|
|
|
|
|
|
=cut |
150
|
|
|
|
|
|
|
|
151
|
2
|
|
|
2
|
|
2466
|
use Carp; |
|
2
|
|
|
|
|
5
|
|
|
2
|
|
|
|
|
167
|
|
152
|
2
|
|
|
2
|
|
1659
|
use Crypt::CBC; |
|
2
|
|
|
|
|
7776
|
|
|
2
|
|
|
|
|
61
|
|
153
|
2
|
|
|
2
|
|
4676
|
use Digest::SHA qw(hmac_sha256_base64 sha256); |
|
2
|
|
|
|
|
6676
|
|
|
2
|
|
|
|
|
170
|
|
154
|
2
|
|
|
2
|
|
1391
|
use JSON; |
|
2
|
|
|
|
|
25817
|
|
|
2
|
|
|
|
|
12
|
|
155
|
2
|
|
|
2
|
|
1282
|
use MIME::Base64; |
|
2
|
|
|
|
|
1189
|
|
|
2
|
|
|
|
|
141
|
|
156
|
2
|
|
|
2
|
|
1159
|
use String::Compare::ConstantTime; |
|
2
|
|
|
|
|
964
|
|
|
2
|
|
|
|
|
100
|
|
157
|
2
|
|
|
2
|
|
1930
|
use Try::Tiny; |
|
2
|
|
|
|
|
3038
|
|
|
2
|
|
|
|
|
171
|
|
158
|
2
|
|
|
2
|
|
1169
|
use YAML::XS; |
|
2
|
|
|
|
|
6017
|
|
|
2
|
|
|
|
|
2533
|
|
159
|
|
|
|
|
|
|
|
160
|
|
|
|
|
|
|
|
161
|
|
|
|
|
|
|
our $VERSION = '1.1.1'; |
162
|
|
|
|
|
|
|
|
163
|
|
|
|
|
|
|
=head1 CONFIGURATION PARAMETERS |
164
|
|
|
|
|
|
|
|
165
|
|
|
|
|
|
|
=head2 $Crypt::NamedKeys::Escape_Eq; |
166
|
|
|
|
|
|
|
|
167
|
|
|
|
|
|
|
Set to true, using local or not, if you want to encode with - instead of = |
168
|
|
|
|
|
|
|
|
169
|
|
|
|
|
|
|
Note that on decryption both are handled. |
170
|
|
|
|
|
|
|
|
171
|
|
|
|
|
|
|
=cut |
172
|
|
|
|
|
|
|
|
173
|
|
|
|
|
|
|
our $Escape_Eq = 0; |
174
|
|
|
|
|
|
|
|
175
|
|
|
|
|
|
|
=head1 PROPERTIES |
176
|
|
|
|
|
|
|
|
177
|
|
|
|
|
|
|
=head2 keynum |
178
|
|
|
|
|
|
|
|
179
|
|
|
|
|
|
|
Defaults to the default keynumber specified in the keyfile (for encryption) |
180
|
|
|
|
|
|
|
|
181
|
|
|
|
|
|
|
=cut |
182
|
|
|
|
|
|
|
|
183
|
|
|
|
|
|
|
has keynum => ( |
184
|
|
|
|
|
|
|
is => 'ro', |
185
|
|
|
|
|
|
|
lazy => 1, |
186
|
|
|
|
|
|
|
builder => '_default_keynum', |
187
|
|
|
|
|
|
|
); |
188
|
|
|
|
|
|
|
|
189
|
|
|
|
|
|
|
=head2 keyname |
190
|
|
|
|
|
|
|
|
191
|
|
|
|
|
|
|
The name of the key in the keyfile. |
192
|
|
|
|
|
|
|
|
193
|
|
|
|
|
|
|
=cut |
194
|
|
|
|
|
|
|
|
195
|
|
|
|
|
|
|
has keyname => ( |
196
|
|
|
|
|
|
|
is => 'ro', |
197
|
|
|
|
|
|
|
required => 1, |
198
|
|
|
|
|
|
|
); |
199
|
|
|
|
|
|
|
|
200
|
|
|
|
|
|
|
my $keyfile; |
201
|
|
|
|
|
|
|
|
202
|
|
|
|
|
|
|
=head1 METHODS AND FUNCTIONS |
203
|
|
|
|
|
|
|
|
204
|
|
|
|
|
|
|
=cut |
205
|
|
|
|
|
|
|
=head2 Crypt::NamedKeys->keyfile($path) |
206
|
|
|
|
|
|
|
|
207
|
|
|
|
|
|
|
Can also be called as Crypt::NamedKeys::keyfile($path) |
208
|
|
|
|
|
|
|
|
209
|
|
|
|
|
|
|
Sets the path of the keyfile. It does not load or reload it (that is done on |
210
|
|
|
|
|
|
|
demand or by reload_keyfile() below |
211
|
|
|
|
|
|
|
|
212
|
|
|
|
|
|
|
=cut |
213
|
|
|
|
|
|
|
|
214
|
|
|
|
|
|
|
sub keyfile { |
215
|
1
|
|
|
1
|
1
|
2270
|
my $file = shift; |
216
|
1
|
50
|
|
|
|
4
|
$file = shift if $file eq __PACKAGE__; |
217
|
1
|
50
|
|
|
|
4
|
return $keyfile unless $file; |
218
|
1
|
|
|
|
|
3
|
$keyfile = $file; |
219
|
|
|
|
|
|
|
} |
220
|
|
|
|
|
|
|
|
221
|
|
|
|
|
|
|
my $keyhash; |
222
|
|
|
|
|
|
|
|
223
|
|
|
|
|
|
|
my $get_keyhash = sub { |
224
|
|
|
|
|
|
|
return $keyhash if $keyhash; |
225
|
|
|
|
|
|
|
reload_keyhash(); |
226
|
|
|
|
|
|
|
return $keyhash; |
227
|
|
|
|
|
|
|
}; |
228
|
|
|
|
|
|
|
|
229
|
|
|
|
|
|
|
=head2 reload_keyhash |
230
|
|
|
|
|
|
|
|
231
|
|
|
|
|
|
|
Can be called as an object method or function (i.e. |
232
|
|
|
|
|
|
|
Crypt::NamedKeys::reload_keyhash() |
233
|
|
|
|
|
|
|
|
234
|
|
|
|
|
|
|
Loads or reloads the keyfile. Can be used via event handlers to reload |
235
|
|
|
|
|
|
|
confguration as needed |
236
|
|
|
|
|
|
|
|
237
|
|
|
|
|
|
|
=cut |
238
|
|
|
|
|
|
|
|
239
|
|
|
|
|
|
|
sub reload_keyhash { |
240
|
1
|
50
|
|
1
|
1
|
3
|
croak 'No keyfile defined (use keyfile() to set)' unless $keyfile; |
241
|
1
|
|
|
|
|
5
|
$keyhash = YAML::XS::LoadFile($keyfile); |
242
|
1
|
|
|
|
|
175
|
return scalar keys %$keyhash; |
243
|
|
|
|
|
|
|
} |
244
|
|
|
|
|
|
|
|
245
|
|
|
|
|
|
|
my $get_secret = sub { |
246
|
|
|
|
|
|
|
my %args = @_; |
247
|
|
|
|
|
|
|
croak 'No key name specified' unless $args{keyname}; |
248
|
|
|
|
|
|
|
croak 'No key number specified' unless $args{keynum}; |
249
|
|
|
|
|
|
|
my $keytab = &$get_keyhash()->{$args{keyname}}; |
250
|
|
|
|
|
|
|
return $keytab->{$args{keynum}}; |
251
|
|
|
|
|
|
|
}; |
252
|
|
|
|
|
|
|
|
253
|
|
|
|
|
|
|
sub _default_keynum { |
254
|
2
|
|
|
2
|
|
356
|
my $self = shift; |
255
|
2
|
|
|
|
|
7
|
my $keytab = &$get_keyhash()->{$self->keyname}; |
256
|
2
|
50
|
|
|
|
8
|
warn 'No default key found for ' . $self->keyname |
257
|
|
|
|
|
|
|
unless $keytab->{default_keynum}; |
258
|
2
|
|
|
|
|
11
|
return $keytab->{default_keynum}; |
259
|
|
|
|
|
|
|
} |
260
|
|
|
|
|
|
|
|
261
|
|
|
|
|
|
|
my $mac_secret = sub { |
262
|
|
|
|
|
|
|
my %args = @_; |
263
|
|
|
|
|
|
|
return sha256(&$get_secret(@_)); ## nocritic |
264
|
|
|
|
|
|
|
}; |
265
|
|
|
|
|
|
|
|
266
|
|
|
|
|
|
|
=head2 $self->encrypt_data(data => $data) |
267
|
|
|
|
|
|
|
|
268
|
|
|
|
|
|
|
Serialize I<$data> to JSON, encrypt it, and encode as base64. Also compute HMAC |
269
|
|
|
|
|
|
|
code for the encrypted data. Returns hash reference with 'data' and 'mac' |
270
|
|
|
|
|
|
|
elements. |
271
|
|
|
|
|
|
|
|
272
|
|
|
|
|
|
|
Args include |
273
|
|
|
|
|
|
|
|
274
|
|
|
|
|
|
|
=over |
275
|
|
|
|
|
|
|
|
276
|
|
|
|
|
|
|
=item data |
277
|
|
|
|
|
|
|
|
278
|
|
|
|
|
|
|
Data structure reference to be encrypted |
279
|
|
|
|
|
|
|
|
280
|
|
|
|
|
|
|
=item cypher |
281
|
|
|
|
|
|
|
|
282
|
|
|
|
|
|
|
Cypher to use (default: Rijndael) |
283
|
|
|
|
|
|
|
|
284
|
|
|
|
|
|
|
=back |
285
|
|
|
|
|
|
|
|
286
|
|
|
|
|
|
|
=cut |
287
|
|
|
|
|
|
|
|
288
|
|
|
|
|
|
|
sub encrypt_data { |
289
|
6
|
|
|
6
|
1
|
3587
|
my ($self, %args) = @_; |
290
|
6
|
100
|
100
|
|
|
77
|
croak "data argument is required and must be a reference" unless $args{data} and ref $args{data}; |
291
|
4
|
|
|
|
|
53
|
my $json_data = encode_json($args{data}); |
292
|
3
|
|
50
|
|
|
16
|
my $cypher = $args{cypher} || 'Rijndael'; |
293
|
|
|
|
|
|
|
# Crypt::CBC generates random 8 bytes salt that it uses to |
294
|
|
|
|
|
|
|
# derive IV and encryption key from $args{secret}. It uses |
295
|
|
|
|
|
|
|
# the same algorythm as OpenSSL, the output is identical to |
296
|
|
|
|
|
|
|
# openssl enc -e -aes-256-cbc -k $args{secret} -salt |
297
|
3
|
|
|
|
|
62
|
my $cbc = Crypt::CBC->new( |
298
|
|
|
|
|
|
|
-key => &$get_secret( |
299
|
|
|
|
|
|
|
keyname => $self->keyname, |
300
|
|
|
|
|
|
|
keynum => $self->keynum, |
301
|
|
|
|
|
|
|
), |
302
|
|
|
|
|
|
|
-cipher => $cypher, |
303
|
|
|
|
|
|
|
-salt => 1, |
304
|
|
|
|
|
|
|
); |
305
|
3
|
|
|
|
|
1554
|
my $data = encode_base64($cbc->encrypt($json_data), ''); |
306
|
3
|
|
|
|
|
3086
|
my $mac = hmac_sha256_base64( |
307
|
|
|
|
|
|
|
$data, |
308
|
|
|
|
|
|
|
&$mac_secret( |
309
|
|
|
|
|
|
|
keyname => $self->keyname, |
310
|
|
|
|
|
|
|
keynum => $self->keynum |
311
|
|
|
|
|
|
|
)); |
312
|
3
|
50
|
|
|
|
10
|
$data =~ s/=/-/g if $Escape_Eq; |
313
|
3
|
50
|
|
|
|
9
|
$mac =~ s/=/-/g if $Escape_Eq; |
314
|
|
|
|
|
|
|
return { |
315
|
3
|
|
|
|
|
54
|
data => $self->keynum . '*' . $data, |
316
|
|
|
|
|
|
|
mac => $mac, |
317
|
|
|
|
|
|
|
}; |
318
|
|
|
|
|
|
|
} |
319
|
|
|
|
|
|
|
|
320
|
|
|
|
|
|
|
=head2 $self->decrypt_data(data => $data, mac => $mac) |
321
|
|
|
|
|
|
|
|
322
|
|
|
|
|
|
|
Decrypt data encrypted using I. First checks HMAC code for data. |
323
|
|
|
|
|
|
|
If data was not tampered, decrypts it and decodes from JSON. Returns data, or |
324
|
|
|
|
|
|
|
undef if decryption failed. |
325
|
|
|
|
|
|
|
|
326
|
|
|
|
|
|
|
=cut |
327
|
|
|
|
|
|
|
|
328
|
|
|
|
|
|
|
sub decrypt_data { |
329
|
12
|
|
|
12
|
1
|
8033
|
my ($self, %args) = @_; |
330
|
12
|
100
|
100
|
|
|
80
|
croak "method requires data and mac arguments" unless $args{data} and $args{mac}; |
331
|
|
|
|
|
|
|
# if the data was tampered do not try to decrypt it |
332
|
|
|
|
|
|
|
|
333
|
9
|
|
|
|
|
19
|
$args{data} =~ s/-/=/g; |
334
|
9
|
|
|
|
|
10
|
$args{mac} =~ s/-/=/g; |
335
|
9
|
|
|
|
|
33
|
my ($keynum, $cyphertext) = split /\*/, $args{data}, 2; |
336
|
|
|
|
|
|
|
|
337
|
9
|
100
|
|
|
|
17
|
if (!$cyphertext) { |
338
|
1
|
|
|
|
|
2
|
$cyphertext = $keynum; |
339
|
1
|
|
|
|
|
3
|
$keynum = 'none'; |
340
|
|
|
|
|
|
|
} |
341
|
9
|
|
|
|
|
28
|
my $secret = &$get_secret( |
342
|
|
|
|
|
|
|
keynum => $keynum, |
343
|
|
|
|
|
|
|
keyname => $self->keyname |
344
|
|
|
|
|
|
|
); |
345
|
9
|
50
|
33
|
|
|
33
|
return unless ($cyphertext and $secret); |
346
|
9
|
|
|
|
|
20
|
my $msg_mac = hmac_sha256_base64( |
347
|
|
|
|
|
|
|
$cyphertext, |
348
|
|
|
|
|
|
|
&$mac_secret( |
349
|
|
|
|
|
|
|
keynum => $keynum, |
350
|
|
|
|
|
|
|
keyname => $self->keyname, |
351
|
|
|
|
|
|
|
)); |
352
|
9
|
100
|
|
|
|
42
|
return unless String::Compare::ConstantTime::equals($msg_mac, $args{mac}); |
353
|
|
|
|
|
|
|
|
354
|
4
|
|
|
|
|
14
|
my $cbc = Crypt::CBC->new( |
355
|
|
|
|
|
|
|
-key => &$get_secret( |
356
|
|
|
|
|
|
|
keynum => $keynum, |
357
|
|
|
|
|
|
|
keyname => $self->keyname |
358
|
|
|
|
|
|
|
), |
359
|
|
|
|
|
|
|
-cipher => 'Rijndael', |
360
|
|
|
|
|
|
|
-salt => 1, |
361
|
|
|
|
|
|
|
); |
362
|
4
|
|
|
|
|
436
|
my $decrypted = $cbc->decrypt(decode_base64($cyphertext)); |
363
|
4
|
50
|
|
|
|
721
|
warn "Unable to decrypt $args{data} with keynum $keynum and keyname " . $self->keyname unless defined $decrypted; |
364
|
4
|
|
|
|
|
39
|
my $data = decode_json($decrypted); |
365
|
4
|
|
|
|
|
33
|
return $data; |
366
|
|
|
|
|
|
|
} |
367
|
|
|
|
|
|
|
|
368
|
|
|
|
|
|
|
=head2 $self->encrypt_payload(data => $data) |
369
|
|
|
|
|
|
|
|
370
|
|
|
|
|
|
|
Encrypts data using I and returns result as a string including |
371
|
|
|
|
|
|
|
both cyphertext and hmac in base-64 format. This can work on arbitrary data |
372
|
|
|
|
|
|
|
structures, scalars, and references provided that the data can be serialized |
373
|
|
|
|
|
|
|
as an attribute on a JSON document. |
374
|
|
|
|
|
|
|
|
375
|
|
|
|
|
|
|
=cut |
376
|
|
|
|
|
|
|
|
377
|
|
|
|
|
|
|
sub _to_payload { |
378
|
2
|
|
|
2
|
|
4
|
my ($data) = @_; |
379
|
|
|
|
|
|
|
return { |
380
|
2
|
|
|
|
|
9
|
crypt_json_payload => $data, |
381
|
|
|
|
|
|
|
crypt_json_version => $VERSION, |
382
|
|
|
|
|
|
|
}; |
383
|
|
|
|
|
|
|
} |
384
|
|
|
|
|
|
|
|
385
|
|
|
|
|
|
|
sub _from_payload { |
386
|
4
|
|
|
4
|
|
6
|
my ($payload) = @_; |
387
|
4
|
100
|
|
|
|
11
|
return unless defined $payload; |
388
|
2
|
50
|
|
|
|
14
|
return $payload->{crypt_json_payload} if exists $payload->{crypt_json_payload}; |
389
|
0
|
|
|
|
|
0
|
return $payload; |
390
|
|
|
|
|
|
|
} |
391
|
|
|
|
|
|
|
|
392
|
|
|
|
|
|
|
sub encrypt_payload { |
393
|
2
|
|
|
2
|
1
|
2927
|
my ($self, %args) = @_; |
394
|
2
|
|
|
|
|
7
|
$args{data} = _to_payload($args{data}); |
395
|
2
|
|
|
|
|
8
|
my $enc = $self->encrypt_data(%args); |
396
|
2
|
|
|
|
|
27
|
my $res = $enc->{data}; |
397
|
2
|
|
|
|
|
7
|
$res .= '.' . $enc->{mac}; |
398
|
2
|
|
|
|
|
8
|
return $res; |
399
|
|
|
|
|
|
|
} |
400
|
|
|
|
|
|
|
|
401
|
|
|
|
|
|
|
=head2 $self->decrypt_payload(value => $value) |
402
|
|
|
|
|
|
|
|
403
|
|
|
|
|
|
|
Accepts payload encrypted with I, checks HMAC and decrypts |
404
|
|
|
|
|
|
|
the value. Returns decripted value or undef if check or decryption has failed. |
405
|
|
|
|
|
|
|
|
406
|
|
|
|
|
|
|
=cut |
407
|
|
|
|
|
|
|
|
408
|
|
|
|
|
|
|
sub decrypt_payload { |
409
|
5
|
|
|
5
|
1
|
3240
|
my ($self, %args) = @_; |
410
|
5
|
50
|
|
|
|
14
|
return unless $args{value}; # nothing to decrypt |
411
|
5
|
100
|
|
|
|
32
|
$args{value} =~ /^([A-Za-z0-9+\/*]+[=-]*)\.([A-Za-z0-9+\/-=]+)$/ or return; |
412
|
4
|
|
|
|
|
12
|
my ($data, $mac) = ($1, $2); |
413
|
4
|
|
|
|
|
10
|
return _from_payload( |
414
|
|
|
|
|
|
|
$self->decrypt_data( |
415
|
|
|
|
|
|
|
data => $data, |
416
|
|
|
|
|
|
|
mac => $mac, |
417
|
|
|
|
|
|
|
)); |
418
|
|
|
|
|
|
|
} |
419
|
|
|
|
|
|
|
|
420
|
|
|
|
|
|
|
1; |