line |
stmt |
bran |
cond |
sub |
pod |
time |
code |
1
|
|
|
|
|
|
|
package Crypt::PBE::PBES2; |
2
|
|
|
|
|
|
|
|
3
|
4
|
|
|
4
|
|
776
|
use strict; |
|
4
|
|
|
|
|
10
|
|
|
4
|
|
|
|
|
125
|
|
4
|
4
|
|
|
4
|
|
23
|
use warnings; |
|
4
|
|
|
|
|
8
|
|
|
4
|
|
|
|
|
125
|
|
5
|
4
|
|
|
4
|
|
610
|
use utf8; |
|
4
|
|
|
|
|
21
|
|
|
4
|
|
|
|
|
22
|
|
6
|
|
|
|
|
|
|
|
7
|
4
|
|
|
4
|
|
97
|
use Carp; |
|
4
|
|
|
|
|
8
|
|
|
4
|
|
|
|
|
231
|
|
8
|
4
|
|
|
4
|
|
634
|
use Crypt::CBC; |
|
4
|
|
|
|
|
8078
|
|
|
4
|
|
|
|
|
135
|
|
9
|
4
|
|
|
4
|
|
25
|
use Exporter qw(import); |
|
4
|
|
|
|
|
7
|
|
|
4
|
|
|
|
|
125
|
|
10
|
|
|
|
|
|
|
|
11
|
4
|
|
|
4
|
|
1913
|
use Crypt::PBE::PBKDF2; |
|
4
|
|
|
|
|
13
|
|
|
4
|
|
|
|
|
471
|
|
12
|
|
|
|
|
|
|
|
13
|
|
|
|
|
|
|
our $VERSION = '0.102'; |
14
|
|
|
|
|
|
|
|
15
|
4
|
|
|
|
|
433
|
use constant KEY_SIZE => { |
16
|
|
|
|
|
|
|
'aes-128' => 16, |
17
|
|
|
|
|
|
|
'aes-192' => 24, |
18
|
|
|
|
|
|
|
'aes-256' => 32, |
19
|
4
|
|
|
4
|
|
59
|
}; |
|
4
|
|
|
|
|
8
|
|
20
|
|
|
|
|
|
|
|
21
|
4
|
|
|
|
|
266
|
use constant ENCRYPTION => { |
22
|
|
|
|
|
|
|
'aes-128' => 'Crypt::OpenSSL::AES', |
23
|
|
|
|
|
|
|
'aes-192' => 'Crypt::OpenSSL::AES', |
24
|
|
|
|
|
|
|
'aes-256' => 'Crypt::OpenSSL::AES', |
25
|
4
|
|
|
4
|
|
37
|
}; |
|
4
|
|
|
|
|
9
|
|
26
|
|
|
|
|
|
|
|
27
|
4
|
|
|
4
|
|
26
|
use constant HMAC => qw( hmac-sha1 hmac-224 hmac-sha256 hmac-sha384 hmac-sha512 ); |
|
4
|
|
|
|
|
20
|
|
|
4
|
|
|
|
|
2584
|
|
28
|
|
|
|
|
|
|
|
29
|
|
|
|
|
|
|
sub new { |
30
|
|
|
|
|
|
|
|
31
|
24
|
|
|
24
|
1
|
747
|
my ( $class, %params ) = @_; |
32
|
|
|
|
|
|
|
|
33
|
|
|
|
|
|
|
my $self = { |
34
|
|
|
|
|
|
|
password => $params{password} || croak('Specify password'), |
35
|
|
|
|
|
|
|
hmac => $params{hmac} || croak('Specify HMAC digest algorithm'), |
36
|
|
|
|
|
|
|
encryption => $params{encryption} || croak('Specify encryption method'), |
37
|
24
|
|
33
|
|
|
175
|
count => $params{count} || 1_000, |
|
|
|
33
|
|
|
|
|
|
|
|
33
|
|
|
|
|
|
|
|
50
|
|
|
|
|
38
|
|
|
|
|
|
|
dk_len => 0, |
39
|
|
|
|
|
|
|
}; |
40
|
|
|
|
|
|
|
|
41
|
24
|
|
|
|
|
59
|
my $dk_len = KEY_SIZE->{ $params{encryption} }; |
42
|
|
|
|
|
|
|
|
43
|
24
|
50
|
|
|
|
51
|
if ( !$dk_len ) { |
44
|
0
|
|
|
|
|
0
|
croak('Unknown encryption method'); |
45
|
|
|
|
|
|
|
} |
46
|
|
|
|
|
|
|
|
47
|
24
|
|
|
|
|
41
|
$self->{dk_len} = $dk_len; |
48
|
|
|
|
|
|
|
|
49
|
24
|
|
|
|
|
71
|
return bless $self, $class; |
50
|
|
|
|
|
|
|
|
51
|
|
|
|
|
|
|
} |
52
|
|
|
|
|
|
|
|
53
|
|
|
|
|
|
|
sub encrypt { |
54
|
|
|
|
|
|
|
|
55
|
20
|
|
|
20
|
1
|
28525
|
my ( $self, $data ) = @_; |
56
|
|
|
|
|
|
|
|
57
|
20
|
|
|
|
|
137
|
my $salt = Crypt::CBC->random_bytes(16); |
58
|
20
|
|
|
|
|
15027
|
my $iv = Crypt::CBC->random_bytes(16); |
59
|
|
|
|
|
|
|
|
60
|
|
|
|
|
|
|
my $key = pbkdf2( |
61
|
|
|
|
|
|
|
prf => $self->{hmac}, |
62
|
|
|
|
|
|
|
password => $self->{password}, |
63
|
|
|
|
|
|
|
salt => $salt, |
64
|
|
|
|
|
|
|
dk_len => $self->{dk_len}, |
65
|
|
|
|
|
|
|
count => $self->{count} |
66
|
20
|
|
|
|
|
14841
|
); |
67
|
|
|
|
|
|
|
|
68
|
|
|
|
|
|
|
my $cipher = Crypt::CBC->new( |
69
|
|
|
|
|
|
|
-key => $key, |
70
|
|
|
|
|
|
|
-keysize => length($key), |
71
|
|
|
|
|
|
|
-iv => $iv, |
72
|
|
|
|
|
|
|
-header => 'none', |
73
|
|
|
|
|
|
|
-literal_key => 1, |
74
|
|
|
|
|
|
|
-cipher => ENCRYPTION->{ $self->{encryption} } |
75
|
20
|
|
|
|
|
344
|
); |
76
|
|
|
|
|
|
|
|
77
|
20
|
|
|
|
|
13456
|
my $encrypted = $cipher->encrypt($data); |
78
|
|
|
|
|
|
|
|
79
|
20
|
|
|
|
|
20142
|
my @result = ( $salt, $iv, $encrypted ); |
80
|
|
|
|
|
|
|
|
81
|
20
|
100
|
|
|
|
403
|
return wantarray ? @result : join( '', @result ); |
82
|
|
|
|
|
|
|
|
83
|
|
|
|
|
|
|
} |
84
|
|
|
|
|
|
|
|
85
|
|
|
|
|
|
|
sub decrypt { |
86
|
|
|
|
|
|
|
|
87
|
20
|
|
|
20
|
1
|
79
|
my ( $self, $salt, $iv, $encrypted ) = @_; |
88
|
|
|
|
|
|
|
|
89
|
20
|
50
|
66
|
|
|
84
|
if ( !$iv && !$encrypted ) { |
90
|
|
|
|
|
|
|
|
91
|
5
|
|
|
|
|
13
|
my $data = $salt; |
92
|
|
|
|
|
|
|
|
93
|
5
|
|
|
|
|
17
|
$salt = substr( $data, 0, 16 ); |
94
|
5
|
|
|
|
|
16
|
$iv = substr( $data, 16, 16 ); |
95
|
5
|
|
|
|
|
11
|
$encrypted = substr( $data, 32 ); |
96
|
|
|
|
|
|
|
|
97
|
|
|
|
|
|
|
} |
98
|
|
|
|
|
|
|
|
99
|
|
|
|
|
|
|
my $key = pbkdf2( |
100
|
|
|
|
|
|
|
prf => $self->{hmac}, |
101
|
|
|
|
|
|
|
password => $self->{password}, |
102
|
|
|
|
|
|
|
salt => $salt, |
103
|
|
|
|
|
|
|
dk_len => $self->{dk_len}, |
104
|
|
|
|
|
|
|
count => $self->{count} |
105
|
20
|
|
|
|
|
129
|
); |
106
|
|
|
|
|
|
|
|
107
|
|
|
|
|
|
|
my $cipher = Crypt::CBC->new( |
108
|
|
|
|
|
|
|
-key => $key, |
109
|
|
|
|
|
|
|
-keysize => length($key), |
110
|
|
|
|
|
|
|
-iv => $iv, |
111
|
|
|
|
|
|
|
-header => 'none', |
112
|
|
|
|
|
|
|
-literal_key => 1, |
113
|
|
|
|
|
|
|
-cipher => ENCRYPTION->{ $self->{encryption} } |
114
|
20
|
|
|
|
|
407
|
); |
115
|
|
|
|
|
|
|
|
116
|
20
|
|
|
|
|
6585
|
return $cipher->decrypt($encrypted); |
117
|
|
|
|
|
|
|
|
118
|
|
|
|
|
|
|
} |
119
|
|
|
|
|
|
|
|
120
|
|
|
|
|
|
|
1; |
121
|
|
|
|
|
|
|
|
122
|
|
|
|
|
|
|
=head1 NAME |
123
|
|
|
|
|
|
|
|
124
|
|
|
|
|
|
|
Crypt::PBE::PBES2 - Perl extension for PKCS #5 Password-Based Encryption Schema 2 (PBES2) |
125
|
|
|
|
|
|
|
|
126
|
|
|
|
|
|
|
=head1 SYNOPSIS |
127
|
|
|
|
|
|
|
|
128
|
|
|
|
|
|
|
use Crypt::PBE::PBES2; |
129
|
|
|
|
|
|
|
|
130
|
|
|
|
|
|
|
my $pbes2 = Crypt::PBE::PBES2->new( |
131
|
|
|
|
|
|
|
'hmac' => 'hmac-sha256', |
132
|
|
|
|
|
|
|
'encryption' => 'aes-128', |
133
|
|
|
|
|
|
|
'password' => 'mypassword' |
134
|
|
|
|
|
|
|
); |
135
|
|
|
|
|
|
|
|
136
|
|
|
|
|
|
|
my $encrypted = $pbes2->encrypt('secret'); |
137
|
|
|
|
|
|
|
say $pbes2->decrypt($encrypted); # secret |
138
|
|
|
|
|
|
|
|
139
|
|
|
|
|
|
|
|
140
|
|
|
|
|
|
|
=head1 DESCRIPTION |
141
|
|
|
|
|
|
|
|
142
|
|
|
|
|
|
|
PBES2 combines a password-based key derivation function, which shall be PBKDF2 |
143
|
|
|
|
|
|
|
with an underlying encryption scheme. The key length and any other parameters |
144
|
|
|
|
|
|
|
for the underlying encryption scheme depend on the scheme. |
145
|
|
|
|
|
|
|
|
146
|
|
|
|
|
|
|
PBES2 is recommended for new applications. |
147
|
|
|
|
|
|
|
|
148
|
|
|
|
|
|
|
|
149
|
|
|
|
|
|
|
=head1 CONSTRUCTOR |
150
|
|
|
|
|
|
|
|
151
|
|
|
|
|
|
|
=head2 Crypt::PBE::PBES2->new ( %params ) |
152
|
|
|
|
|
|
|
|
153
|
|
|
|
|
|
|
Params: |
154
|
|
|
|
|
|
|
|
155
|
|
|
|
|
|
|
=over 4 |
156
|
|
|
|
|
|
|
|
157
|
|
|
|
|
|
|
=item * C : The password to use for the derivation |
158
|
|
|
|
|
|
|
|
159
|
|
|
|
|
|
|
=item * C : HMAC digest algorithm ("hmac-sha1", "hmac-sha224", "hmac-sha256", "hmac-sha384" or "hmac-512") |
160
|
|
|
|
|
|
|
|
161
|
|
|
|
|
|
|
=item * C : Encryption method ("aes-128", "aes-192" or "aes-256") |
162
|
|
|
|
|
|
|
|
163
|
|
|
|
|
|
|
=item * C : The number of internal iteractions to perform for the derivation key (default "1_000") |
164
|
|
|
|
|
|
|
|
165
|
|
|
|
|
|
|
=back |
166
|
|
|
|
|
|
|
|
167
|
|
|
|
|
|
|
|
168
|
|
|
|
|
|
|
=head1 METHODS |
169
|
|
|
|
|
|
|
|
170
|
|
|
|
|
|
|
=head2 $pbes2->encrypt( $message ) |
171
|
|
|
|
|
|
|
|
172
|
|
|
|
|
|
|
Perform the encryption and return the encrypted message in binary format. |
173
|
|
|
|
|
|
|
|
174
|
|
|
|
|
|
|
You can encode the encrypted message in Base64 using L: |
175
|
|
|
|
|
|
|
|
176
|
|
|
|
|
|
|
$b64_encrypted = encode_base64 $pbes2->encrypt('secret'); |
177
|
|
|
|
|
|
|
|
178
|
|
|
|
|
|
|
|
179
|
|
|
|
|
|
|
=head2 $pbes2->decrypt( $data ) |
180
|
|
|
|
|
|
|
|
181
|
|
|
|
|
|
|
Perform the decryption and return the original message. |
182
|
|
|
|
|
|
|
|
183
|
|
|
|
|
|
|
$decrypted = $pbes2->decrypt($encrypted); |
184
|
|
|
|
|
|
|
|
185
|
|
|
|
|
|
|
You can decode the Base64 encrypted message using L: |
186
|
|
|
|
|
|
|
|
187
|
|
|
|
|
|
|
$decrypted = $pbes2->decrypt(decode_base64 $b64_encrypted); |
188
|
|
|
|
|
|
|
|
189
|
|
|
|
|
|
|
|
190
|
|
|
|
|
|
|
=head1 SUPPORT |
191
|
|
|
|
|
|
|
|
192
|
|
|
|
|
|
|
=head2 Bugs / Feature Requests |
193
|
|
|
|
|
|
|
|
194
|
|
|
|
|
|
|
Please report any bugs or feature requests through the issue tracker |
195
|
|
|
|
|
|
|
at L. |
196
|
|
|
|
|
|
|
You will be notified automatically of any progress on your issue. |
197
|
|
|
|
|
|
|
|
198
|
|
|
|
|
|
|
=head2 Source Code |
199
|
|
|
|
|
|
|
|
200
|
|
|
|
|
|
|
This is open source software. The code repository is available for |
201
|
|
|
|
|
|
|
public review and contribution under the terms of the license. |
202
|
|
|
|
|
|
|
|
203
|
|
|
|
|
|
|
L |
204
|
|
|
|
|
|
|
|
205
|
|
|
|
|
|
|
git clone https://github.com/giterlizzi/perl-Crypt-PBE.git |
206
|
|
|
|
|
|
|
|
207
|
|
|
|
|
|
|
|
208
|
|
|
|
|
|
|
=head1 AUTHOR |
209
|
|
|
|
|
|
|
|
210
|
|
|
|
|
|
|
=over 4 |
211
|
|
|
|
|
|
|
|
212
|
|
|
|
|
|
|
=item * Giuseppe Di Terlizzi |
213
|
|
|
|
|
|
|
|
214
|
|
|
|
|
|
|
=back |
215
|
|
|
|
|
|
|
|
216
|
|
|
|
|
|
|
|
217
|
|
|
|
|
|
|
=head1 SEE ALSO |
218
|
|
|
|
|
|
|
|
219
|
|
|
|
|
|
|
=over 4 |
220
|
|
|
|
|
|
|
|
221
|
|
|
|
|
|
|
=item L |
222
|
|
|
|
|
|
|
|
223
|
|
|
|
|
|
|
=item L |
224
|
|
|
|
|
|
|
|
225
|
|
|
|
|
|
|
=item [RFC2898] PKCS #5: Password-Based Cryptography Specification Version 2.0 (L) |
226
|
|
|
|
|
|
|
|
227
|
|
|
|
|
|
|
=item [RFC8018] PKCS #5: Password-Based Cryptography Specification Version 2.1 (L) |
228
|
|
|
|
|
|
|
|
229
|
|
|
|
|
|
|
=back |
230
|
|
|
|
|
|
|
|
231
|
|
|
|
|
|
|
|
232
|
|
|
|
|
|
|
=head1 LICENSE AND COPYRIGHT |
233
|
|
|
|
|
|
|
|
234
|
|
|
|
|
|
|
This software is copyright (c) 2020-2021 by Giuseppe Di Terlizzi. |
235
|
|
|
|
|
|
|
|
236
|
|
|
|
|
|
|
This is free software; you can redistribute it and/or modify it under |
237
|
|
|
|
|
|
|
the same terms as the Perl 5 programming language system itself. |
238
|
|
|
|
|
|
|
|
239
|
|
|
|
|
|
|
=cut |