line |
stmt |
bran |
cond |
sub |
pod |
time |
code |
1
|
|
|
|
|
|
|
package Crypt::PBE::PBES1; |
2
|
|
|
|
|
|
|
|
3
|
4
|
|
|
4
|
|
808
|
use strict; |
|
4
|
|
|
|
|
8
|
|
|
4
|
|
|
|
|
125
|
|
4
|
4
|
|
|
4
|
|
20
|
use warnings; |
|
4
|
|
|
|
|
8
|
|
|
4
|
|
|
|
|
157
|
|
5
|
4
|
|
|
4
|
|
619
|
use utf8; |
|
4
|
|
|
|
|
21
|
|
|
4
|
|
|
|
|
20
|
|
6
|
|
|
|
|
|
|
|
7
|
4
|
|
|
4
|
|
167
|
use Carp; |
|
4
|
|
|
|
|
7
|
|
|
4
|
|
|
|
|
246
|
|
8
|
4
|
|
|
4
|
|
2648
|
use Crypt::CBC; |
|
4
|
|
|
|
|
31751
|
|
|
4
|
|
|
|
|
162
|
|
9
|
4
|
|
|
4
|
|
34
|
use Exporter qw(import); |
|
4
|
|
|
|
|
10
|
|
|
4
|
|
|
|
|
148
|
|
10
|
|
|
|
|
|
|
|
11
|
4
|
|
|
4
|
|
2085
|
use Crypt::PBE::PBKDF1; |
|
4
|
|
|
|
|
13
|
|
|
4
|
|
|
|
|
332
|
|
12
|
|
|
|
|
|
|
|
13
|
|
|
|
|
|
|
our $VERSION = '0.102'; |
14
|
|
|
|
|
|
|
|
15
|
4
|
|
|
4
|
|
30
|
use constant ENCRYPTION => { 'des' => 'Crypt::DES', }; |
|
4
|
|
|
|
|
7
|
|
|
4
|
|
|
|
|
2364
|
|
16
|
|
|
|
|
|
|
|
17
|
|
|
|
|
|
|
sub new { |
18
|
|
|
|
|
|
|
|
19
|
2
|
|
|
2
|
1
|
662
|
my ( $class, %params ) = @_; |
20
|
|
|
|
|
|
|
|
21
|
|
|
|
|
|
|
my $self = { |
22
|
|
|
|
|
|
|
password => $params{password} || croak('Specify password'), |
23
|
|
|
|
|
|
|
count => $params{count} || 1_000, |
24
|
|
|
|
|
|
|
hash => $params{hash} || croak('Specify hash digest algorithm'), |
25
|
2
|
|
33
|
|
|
22
|
encryption => $params{encryption} || 'des', # TODO add support for RC2 |
|
|
|
50
|
|
|
|
|
|
|
|
33
|
|
|
|
|
|
|
|
50
|
|
|
|
|
26
|
|
|
|
|
|
|
dk_len => 0, |
27
|
|
|
|
|
|
|
}; |
28
|
|
|
|
|
|
|
|
29
|
2
|
|
|
|
|
4
|
my $dk_len = 20; |
30
|
2
|
50
|
|
|
|
8
|
$dk_len = 16 if ( $self->{hash} =~ '/md(2|5)/' ); |
31
|
|
|
|
|
|
|
|
32
|
2
|
|
|
|
|
4
|
$self->{dk_len} = $dk_len; |
33
|
|
|
|
|
|
|
|
34
|
2
|
|
|
|
|
6
|
return bless $self, $class; |
35
|
|
|
|
|
|
|
|
36
|
|
|
|
|
|
|
} |
37
|
|
|
|
|
|
|
|
38
|
|
|
|
|
|
|
sub encrypt { |
39
|
|
|
|
|
|
|
|
40
|
2
|
|
|
2
|
1
|
396
|
my ( $self, $data ) = @_; |
41
|
|
|
|
|
|
|
|
42
|
2
|
|
|
|
|
12
|
my $salt = Crypt::CBC->random_bytes(8); |
43
|
|
|
|
|
|
|
my $DK = pbkdf1( |
44
|
|
|
|
|
|
|
hash => $self->{hash}, |
45
|
|
|
|
|
|
|
password => $self->{password}, |
46
|
|
|
|
|
|
|
salt => $salt, |
47
|
|
|
|
|
|
|
count => $self->{count}, |
48
|
|
|
|
|
|
|
dk_len => $self->{dl_len} |
49
|
2
|
|
|
|
|
1489
|
); |
50
|
|
|
|
|
|
|
|
51
|
2
|
|
|
|
|
8
|
my $key = substr( $DK, 0, 8 ); |
52
|
2
|
|
|
|
|
4
|
my $iv = substr( $DK, 8, 8 ); |
53
|
|
|
|
|
|
|
|
54
|
2
|
|
|
|
|
14
|
my $crypt = Crypt::CBC->new( |
55
|
|
|
|
|
|
|
-key => $key, |
56
|
|
|
|
|
|
|
-iv => $iv, |
57
|
|
|
|
|
|
|
-literal_key => 1, |
58
|
|
|
|
|
|
|
-header => 'none', |
59
|
|
|
|
|
|
|
-cipher => 'Crypt::DES', |
60
|
|
|
|
|
|
|
); |
61
|
|
|
|
|
|
|
|
62
|
2
|
|
|
|
|
3787
|
my @result = ( $salt, $crypt->encrypt($data) ); |
63
|
|
|
|
|
|
|
|
64
|
2
|
100
|
|
|
|
2307
|
return wantarray ? @result : join( '', @result ); |
65
|
|
|
|
|
|
|
|
66
|
|
|
|
|
|
|
} |
67
|
|
|
|
|
|
|
|
68
|
|
|
|
|
|
|
sub decrypt { |
69
|
|
|
|
|
|
|
|
70
|
2
|
|
|
2
|
1
|
10
|
my ( $self, $salt, $encrypted ) = @_; |
71
|
|
|
|
|
|
|
|
72
|
2
|
100
|
|
|
|
9
|
if ( !$encrypted ) { |
73
|
1
|
|
|
|
|
2
|
my $data = $salt; |
74
|
1
|
|
|
|
|
3
|
$salt = substr( $data, 0, 8 ); |
75
|
1
|
|
|
|
|
2
|
$encrypted = substr( $data, 8 ); |
76
|
|
|
|
|
|
|
} |
77
|
|
|
|
|
|
|
|
78
|
|
|
|
|
|
|
my $DK = pbkdf1( |
79
|
|
|
|
|
|
|
hash => $self->{hash}, |
80
|
|
|
|
|
|
|
password => $self->{password}, |
81
|
|
|
|
|
|
|
salt => $salt, |
82
|
|
|
|
|
|
|
count => $self->{count}, |
83
|
|
|
|
|
|
|
dk_len => $self->{dl_len} |
84
|
2
|
|
|
|
|
12
|
); |
85
|
|
|
|
|
|
|
|
86
|
2
|
|
|
|
|
7
|
my $key = substr( $DK, 0, 8 ); |
87
|
2
|
|
|
|
|
6
|
my $iv = substr( $DK, 8, 8 ); |
88
|
|
|
|
|
|
|
|
89
|
2
|
|
|
|
|
11
|
my $ciper = Crypt::CBC->new( |
90
|
|
|
|
|
|
|
-key => $key, |
91
|
|
|
|
|
|
|
-iv => $iv, |
92
|
|
|
|
|
|
|
-literal_key => 1, |
93
|
|
|
|
|
|
|
-header => 'none', |
94
|
|
|
|
|
|
|
-cipher => 'Crypt::DES', |
95
|
|
|
|
|
|
|
); |
96
|
|
|
|
|
|
|
|
97
|
2
|
|
|
|
|
465
|
my $decrypted = $ciper->decrypt($encrypted); |
98
|
|
|
|
|
|
|
|
99
|
2
|
|
|
|
|
1858
|
return $decrypted; |
100
|
|
|
|
|
|
|
|
101
|
|
|
|
|
|
|
} |
102
|
|
|
|
|
|
|
|
103
|
|
|
|
|
|
|
1; |
104
|
|
|
|
|
|
|
|
105
|
|
|
|
|
|
|
=head1 NAME |
106
|
|
|
|
|
|
|
|
107
|
|
|
|
|
|
|
Crypt::PBE::PBES1 - Perl extension for PKCS #5 Password-Based Encryption Schema 1 (PBES1) |
108
|
|
|
|
|
|
|
|
109
|
|
|
|
|
|
|
=head1 SYNOPSIS |
110
|
|
|
|
|
|
|
|
111
|
|
|
|
|
|
|
use Crypt::PBE::PBES1; |
112
|
|
|
|
|
|
|
|
113
|
|
|
|
|
|
|
my $pbes1 = Crypt::PBE::PBES1->new( |
114
|
|
|
|
|
|
|
'hash' => 'md5', |
115
|
|
|
|
|
|
|
'encryption' => 'des', |
116
|
|
|
|
|
|
|
'password' => 'mypassword' |
117
|
|
|
|
|
|
|
); |
118
|
|
|
|
|
|
|
|
119
|
|
|
|
|
|
|
my $encrypted = $pbes1->encrypt('secret'); |
120
|
|
|
|
|
|
|
say $pbes1->decrypt($encrypted); # secret |
121
|
|
|
|
|
|
|
|
122
|
|
|
|
|
|
|
|
123
|
|
|
|
|
|
|
=head1 DESCRIPTION |
124
|
|
|
|
|
|
|
|
125
|
|
|
|
|
|
|
PBES1 combines the PBKDF1 function with an underlying block cipher, which shall |
126
|
|
|
|
|
|
|
be either DES or RC2 in cipher block chaining (CBC) mode. |
127
|
|
|
|
|
|
|
|
128
|
|
|
|
|
|
|
PBES1 is recommended only for compatibility with existing applications, since it |
129
|
|
|
|
|
|
|
supports only two underlying encryption schemes, each of which has a key size |
130
|
|
|
|
|
|
|
(56 or 64 bits) that may not be large enough for some applications. |
131
|
|
|
|
|
|
|
|
132
|
|
|
|
|
|
|
|
133
|
|
|
|
|
|
|
=head1 CONSTRUCTOR |
134
|
|
|
|
|
|
|
|
135
|
|
|
|
|
|
|
=head2 Crypt::PBE::PBES1->new ( %params ) |
136
|
|
|
|
|
|
|
|
137
|
|
|
|
|
|
|
Params: |
138
|
|
|
|
|
|
|
|
139
|
|
|
|
|
|
|
=over 4 |
140
|
|
|
|
|
|
|
|
141
|
|
|
|
|
|
|
=item * C : The password to use for the derivation |
142
|
|
|
|
|
|
|
|
143
|
|
|
|
|
|
|
=item * C : Hash algorithm ("md2", "md5 or "sha1") |
144
|
|
|
|
|
|
|
|
145
|
|
|
|
|
|
|
=item * C : Encryption method ("des") |
146
|
|
|
|
|
|
|
|
147
|
|
|
|
|
|
|
=item * C : The number of internal iteractions to perform for the derivation key (default "1_000") |
148
|
|
|
|
|
|
|
|
149
|
|
|
|
|
|
|
=back |
150
|
|
|
|
|
|
|
|
151
|
|
|
|
|
|
|
|
152
|
|
|
|
|
|
|
=head1 METHODS |
153
|
|
|
|
|
|
|
|
154
|
|
|
|
|
|
|
=head2 $pbes1->encrypt( $message ) |
155
|
|
|
|
|
|
|
|
156
|
|
|
|
|
|
|
Perform the encryption and return the encrypted message in binary format. |
157
|
|
|
|
|
|
|
|
158
|
|
|
|
|
|
|
You can encode the encrypted message in Base64 using L: |
159
|
|
|
|
|
|
|
|
160
|
|
|
|
|
|
|
$b64_encrypted = encode_base64 $pbes1->encrypt('secret'); |
161
|
|
|
|
|
|
|
|
162
|
|
|
|
|
|
|
|
163
|
|
|
|
|
|
|
=head2 $pbes1->decrypt( $data ) |
164
|
|
|
|
|
|
|
|
165
|
|
|
|
|
|
|
Perform the decryption and return the original message. |
166
|
|
|
|
|
|
|
|
167
|
|
|
|
|
|
|
$decrypted = $pbes1->decrypt($encrypted); |
168
|
|
|
|
|
|
|
|
169
|
|
|
|
|
|
|
You can decode the Base64 encrypted message using L: |
170
|
|
|
|
|
|
|
|
171
|
|
|
|
|
|
|
$decrypted = $pbes1->decrypt(decode_base64 $b64_encrypted); |
172
|
|
|
|
|
|
|
|
173
|
|
|
|
|
|
|
|
174
|
|
|
|
|
|
|
=head1 SUPPORT |
175
|
|
|
|
|
|
|
|
176
|
|
|
|
|
|
|
=head2 Bugs / Feature Requests |
177
|
|
|
|
|
|
|
|
178
|
|
|
|
|
|
|
Please report any bugs or feature requests through the issue tracker |
179
|
|
|
|
|
|
|
at L. |
180
|
|
|
|
|
|
|
You will be notified automatically of any progress on your issue. |
181
|
|
|
|
|
|
|
|
182
|
|
|
|
|
|
|
=head2 Source Code |
183
|
|
|
|
|
|
|
|
184
|
|
|
|
|
|
|
This is open source software. The code repository is available for |
185
|
|
|
|
|
|
|
public review and contribution under the terms of the license. |
186
|
|
|
|
|
|
|
|
187
|
|
|
|
|
|
|
L |
188
|
|
|
|
|
|
|
|
189
|
|
|
|
|
|
|
git clone https://github.com/giterlizzi/perl-Crypt-PBE.git |
190
|
|
|
|
|
|
|
|
191
|
|
|
|
|
|
|
|
192
|
|
|
|
|
|
|
=head1 AUTHOR |
193
|
|
|
|
|
|
|
|
194
|
|
|
|
|
|
|
=over 4 |
195
|
|
|
|
|
|
|
|
196
|
|
|
|
|
|
|
=item * Giuseppe Di Terlizzi |
197
|
|
|
|
|
|
|
|
198
|
|
|
|
|
|
|
=back |
199
|
|
|
|
|
|
|
|
200
|
|
|
|
|
|
|
|
201
|
|
|
|
|
|
|
=head1 SEE ALSO |
202
|
|
|
|
|
|
|
|
203
|
|
|
|
|
|
|
=over 4 |
204
|
|
|
|
|
|
|
|
205
|
|
|
|
|
|
|
=item L |
206
|
|
|
|
|
|
|
|
207
|
|
|
|
|
|
|
=item L |
208
|
|
|
|
|
|
|
|
209
|
|
|
|
|
|
|
=item [RFC2898] PKCS #5: Password-Based Cryptography Specification Version 2.0 (L) |
210
|
|
|
|
|
|
|
|
211
|
|
|
|
|
|
|
=item [RFC8018] PKCS #5: Password-Based Cryptography Specification Version 2.1 (L) |
212
|
|
|
|
|
|
|
|
213
|
|
|
|
|
|
|
=back |
214
|
|
|
|
|
|
|
|
215
|
|
|
|
|
|
|
|
216
|
|
|
|
|
|
|
=head1 LICENSE AND COPYRIGHT |
217
|
|
|
|
|
|
|
|
218
|
|
|
|
|
|
|
This software is copyright (c) 2020-2021 by Giuseppe Di Terlizzi. |
219
|
|
|
|
|
|
|
|
220
|
|
|
|
|
|
|
This is free software; you can redistribute it and/or modify it under |
221
|
|
|
|
|
|
|
the same terms as the Perl 5 programming language system itself. |
222
|
|
|
|
|
|
|
|
223
|
|
|
|
|
|
|
=cut |