line |
stmt |
bran |
cond |
sub |
pod |
time |
code |
1
|
|
|
|
|
|
|
package Crypt::Perl::RSA::KeyBase; |
2
|
|
|
|
|
|
|
|
3
|
7
|
|
|
7
|
|
2825
|
use strict; |
|
7
|
|
|
|
|
13
|
|
|
7
|
|
|
|
|
167
|
|
4
|
7
|
|
|
7
|
|
38
|
use warnings; |
|
7
|
|
|
|
|
12
|
|
|
7
|
|
|
|
|
180
|
|
5
|
|
|
|
|
|
|
|
6
|
7
|
|
|
|
|
67
|
use parent qw( |
7
|
|
|
|
|
|
|
Class::Accessor::Fast |
8
|
|
|
|
|
|
|
Crypt::Perl::KeyBase |
9
|
7
|
|
|
7
|
|
65
|
); |
|
7
|
|
|
|
|
14
|
|
10
|
|
|
|
|
|
|
|
11
|
7
|
|
|
7
|
|
9816
|
use Module::Load (); |
|
7
|
|
|
|
|
17
|
|
|
7
|
|
|
|
|
89
|
|
12
|
|
|
|
|
|
|
|
13
|
7
|
|
|
7
|
|
34
|
use Crypt::Perl::BigInt (); |
|
7
|
|
|
|
|
13
|
|
|
7
|
|
|
|
|
75
|
|
14
|
7
|
|
|
7
|
|
30
|
use Crypt::Perl::X (); |
|
7
|
|
|
|
|
12
|
|
|
7
|
|
|
|
|
307
|
|
15
|
|
|
|
|
|
|
|
16
|
|
|
|
|
|
|
BEGIN { |
17
|
7
|
|
|
7
|
|
94
|
__PACKAGE__->mk_ro_accessors('modulus'); |
18
|
7
|
|
|
|
|
1539
|
__PACKAGE__->mk_ro_accessors('publicExponent'); |
19
|
|
|
|
|
|
|
|
20
|
7
|
|
|
|
|
1547
|
*N = \&modulus; |
21
|
7
|
|
|
|
|
170
|
*E = \&publicExponent; |
22
|
|
|
|
|
|
|
} |
23
|
|
|
|
|
|
|
|
24
|
7
|
|
|
7
|
|
37
|
use constant _JWK_THUMBPRINT_JSON_ORDER => qw( e kty n ); |
|
7
|
|
|
|
|
13
|
|
|
7
|
|
|
|
|
3334
|
|
25
|
|
|
|
|
|
|
|
26
|
|
|
|
|
|
|
sub new { |
27
|
290
|
|
|
290
|
1
|
46657
|
my ($class, @args) = @_; |
28
|
|
|
|
|
|
|
|
29
|
290
|
|
|
|
|
1992
|
my $self = $class->SUPER::new(@args); |
30
|
|
|
|
|
|
|
|
31
|
290
|
|
|
|
|
5412
|
$self->{'publicExponent'} = Crypt::Perl::BigInt->new( $self->{'publicExponent'} ); |
32
|
|
|
|
|
|
|
|
33
|
290
|
|
|
|
|
12748
|
return $self; |
34
|
|
|
|
|
|
|
} |
35
|
|
|
|
|
|
|
|
36
|
|
|
|
|
|
|
sub to_pem { |
37
|
1
|
|
|
1
|
0
|
4
|
my ($self) = @_; |
38
|
|
|
|
|
|
|
|
39
|
1
|
|
|
|
|
7
|
require Crypt::Format; |
40
|
1
|
|
|
|
|
4
|
return Crypt::Format::der2pem( $self->to_der(), $self->_PEM_HEADER() ); |
41
|
|
|
|
|
|
|
} |
42
|
|
|
|
|
|
|
|
43
|
|
|
|
|
|
|
#i.e., modulus length, in bits |
44
|
|
|
|
|
|
|
sub size { |
45
|
0
|
|
|
0
|
0
|
0
|
my ($self) = @_; |
46
|
|
|
|
|
|
|
|
47
|
0
|
|
|
|
|
0
|
return length( $self->modulus()->as_bin() ) - 2; |
48
|
|
|
|
|
|
|
} |
49
|
|
|
|
|
|
|
|
50
|
|
|
|
|
|
|
sub modulus_byte_length { |
51
|
1317
|
|
|
1317
|
0
|
3074
|
my ($self) = @_; |
52
|
|
|
|
|
|
|
|
53
|
1317
|
|
|
|
|
34587
|
return length $self->N()->as_bytes(); |
54
|
|
|
|
|
|
|
|
55
|
|
|
|
|
|
|
#return( ( length( $self->N()->as_hex() ) - 2 ) / 2 ); |
56
|
|
|
|
|
|
|
} |
57
|
|
|
|
|
|
|
|
58
|
|
|
|
|
|
|
sub verify_RS256 { |
59
|
777
|
|
|
777
|
0
|
254337
|
my ($self, $msg, $sig) = @_; |
60
|
|
|
|
|
|
|
|
61
|
777
|
|
|
|
|
3449
|
return $self->_verify($msg, $sig, 'Digest::SHA', 'sha256', 'PKCS1_v1_5'); |
62
|
|
|
|
|
|
|
} |
63
|
|
|
|
|
|
|
|
64
|
|
|
|
|
|
|
sub verify_RS384 { |
65
|
2
|
|
|
2
|
0
|
28
|
my ($self, $msg, $sig) = @_; |
66
|
|
|
|
|
|
|
|
67
|
2
|
|
|
|
|
15
|
return $self->_verify($msg, $sig, 'Digest::SHA', 'sha384', 'PKCS1_v1_5'); |
68
|
|
|
|
|
|
|
} |
69
|
|
|
|
|
|
|
|
70
|
|
|
|
|
|
|
sub verify_RS512 { |
71
|
2
|
|
|
2
|
0
|
29
|
my ($self, $msg, $sig) = @_; |
72
|
|
|
|
|
|
|
|
73
|
2
|
|
|
|
|
11
|
return $self->_verify($msg, $sig, 'Digest::SHA', 'sha512', 'PKCS1_v1_5'); |
74
|
|
|
|
|
|
|
} |
75
|
|
|
|
|
|
|
|
76
|
|
|
|
|
|
|
sub encrypt_raw { |
77
|
1
|
|
|
1
|
0
|
15
|
my ($self, $bytes) = @_; |
78
|
|
|
|
|
|
|
|
79
|
1
|
|
|
|
|
7
|
return Crypt::Perl::BigInt->from_bytes($bytes)->bmodpow($self->{'publicExponent'}, $self->{'modulus'})->as_bytes(); |
80
|
|
|
|
|
|
|
} |
81
|
|
|
|
|
|
|
|
82
|
|
|
|
|
|
|
sub to_der { |
83
|
6
|
|
|
6
|
0
|
44
|
my ($self) = @_; |
84
|
|
|
|
|
|
|
|
85
|
6
|
|
|
|
|
44
|
return $self->_to_der($self->_ASN1_MACRO()); |
86
|
|
|
|
|
|
|
} |
87
|
|
|
|
|
|
|
|
88
|
|
|
|
|
|
|
sub algorithm_identifier { |
89
|
5
|
|
|
5
|
0
|
15
|
my ($self) = @_; |
90
|
|
|
|
|
|
|
|
91
|
|
|
|
|
|
|
return { |
92
|
5
|
|
|
|
|
33
|
algorithm => OID_rsaEncryption(), |
93
|
|
|
|
|
|
|
parameters => Crypt::Perl::ASN1::NULL(), |
94
|
|
|
|
|
|
|
}; |
95
|
|
|
|
|
|
|
} |
96
|
|
|
|
|
|
|
|
97
|
7
|
|
|
7
|
|
47
|
use constant OID_rsaEncryption => '1.2.840.113549.1.1.1'; |
|
7
|
|
|
|
|
15
|
|
|
7
|
|
|
|
|
3260
|
|
98
|
|
|
|
|
|
|
|
99
|
|
|
|
|
|
|
sub _to_subject_public_der { |
100
|
5
|
|
|
5
|
|
16
|
my ($self) = @_; |
101
|
|
|
|
|
|
|
|
102
|
5
|
|
|
|
|
39
|
my $asn1 = $self->_asn1_find('SubjectPublicKeyInfo'); |
103
|
|
|
|
|
|
|
|
104
|
5
|
|
|
|
|
103
|
return $asn1->encode( { |
105
|
|
|
|
|
|
|
algorithm => $self->algorithm_identifier(), |
106
|
|
|
|
|
|
|
subjectPublicKey => $self->_to_der('RSAPublicKey'), |
107
|
|
|
|
|
|
|
} ); |
108
|
|
|
|
|
|
|
} |
109
|
|
|
|
|
|
|
|
110
|
|
|
|
|
|
|
sub get_struct_for_public_jwk { |
111
|
4
|
|
|
4
|
0
|
36
|
my ($self) = @_; |
112
|
|
|
|
|
|
|
|
113
|
4
|
|
|
|
|
30
|
require MIME::Base64; |
114
|
|
|
|
|
|
|
|
115
|
|
|
|
|
|
|
return { |
116
|
4
|
|
|
|
|
129
|
kty => 'RSA', |
117
|
|
|
|
|
|
|
n => MIME::Base64::encode_base64url($self->N()->as_bytes()), |
118
|
|
|
|
|
|
|
e => MIME::Base64::encode_base64url($self->E()->as_bytes()), |
119
|
|
|
|
|
|
|
} |
120
|
|
|
|
|
|
|
} |
121
|
|
|
|
|
|
|
|
122
|
|
|
|
|
|
|
#---------------------------------------------------------------------- |
123
|
|
|
|
|
|
|
|
124
|
|
|
|
|
|
|
sub _asn1_find { |
125
|
16
|
|
|
16
|
|
51
|
my ($self, $macro) = @_; |
126
|
|
|
|
|
|
|
|
127
|
16
|
|
|
|
|
86
|
require Crypt::Perl::ASN1; |
128
|
16
|
|
|
|
|
54
|
require Crypt::Perl::RSA::Template; |
129
|
16
|
|
|
|
|
65
|
my $asn1 = Crypt::Perl::ASN1->new()->prepare( |
130
|
|
|
|
|
|
|
Crypt::Perl::RSA::Template::get_template('INTEGER'), |
131
|
|
|
|
|
|
|
); |
132
|
|
|
|
|
|
|
|
133
|
16
|
|
|
|
|
86
|
return $asn1->find($macro); |
134
|
|
|
|
|
|
|
} |
135
|
|
|
|
|
|
|
|
136
|
|
|
|
|
|
|
sub _to_der { |
137
|
11
|
|
|
11
|
|
194
|
my ($self, $macro) = @_; |
138
|
|
|
|
|
|
|
|
139
|
11
|
|
|
|
|
46
|
return $self->_asn1_find($macro)->encode( { %$self } ); |
140
|
|
|
|
|
|
|
} |
141
|
|
|
|
|
|
|
|
142
|
|
|
|
|
|
|
sub _verify { |
143
|
781
|
|
|
781
|
|
2910
|
my ($self, $message, $signature, $hash_module, $hasher, $scheme) = @_; |
144
|
|
|
|
|
|
|
|
145
|
781
|
|
|
|
|
3753
|
Module::Load::load($hash_module); |
146
|
|
|
|
|
|
|
|
147
|
781
|
|
|
|
|
92880
|
my $digest = $hash_module->can($hasher)->($message); |
148
|
|
|
|
|
|
|
|
149
|
781
|
|
|
|
|
5558
|
my $y = Crypt::Perl::BigInt->from_hex( unpack 'H*', $signature ); |
150
|
|
|
|
|
|
|
|
151
|
|
|
|
|
|
|
#This modifies $y, but it doesn’t matter here. |
152
|
781
|
|
|
|
|
2346770
|
my $x = $y->bmodpow( $self->E(), $self->N() ); |
153
|
|
|
|
|
|
|
|
154
|
|
|
|
|
|
|
#Math::BigInt will strip off the leading zero that PKCS1_v1_5 requires, |
155
|
|
|
|
|
|
|
#so let’s put it back first of all. |
156
|
781
|
|
|
|
|
23286816
|
my $octets = "\0" . $x->as_bytes(); |
157
|
|
|
|
|
|
|
|
158
|
|
|
|
|
|
|
#printf "OCTETS - %v02x\n", $octets; |
159
|
|
|
|
|
|
|
|
160
|
781
|
50
|
|
|
|
2958
|
if ($scheme eq 'PKCS1_v1_5') { |
161
|
781
|
|
|
|
|
3768
|
my $key_bytes_length = $self->modulus_byte_length(); |
162
|
781
|
100
|
|
|
|
3295
|
if (length($octets) != $key_bytes_length) { |
163
|
203
|
|
|
|
|
1409
|
my $err = sprintf( "Invalid PKCS1_v1_5 length: %d (should be %d)", length($octets), $key_bytes_length ); |
164
|
203
|
|
|
|
|
1116
|
die Crypt::Perl::X::create('Generic', $err); |
165
|
|
|
|
|
|
|
} |
166
|
|
|
|
|
|
|
|
167
|
578
|
|
|
|
|
4819
|
require Crypt::Perl::RSA::PKCS1_v1_5; |
168
|
578
|
|
|
|
|
3169
|
return $digest eq Crypt::Perl::RSA::PKCS1_v1_5::decode($octets, $hasher); |
169
|
|
|
|
|
|
|
} |
170
|
|
|
|
|
|
|
|
171
|
0
|
|
|
|
|
|
die Crypt::Perl::X::create('Generic', "Unknown signature scheme: “$scheme”"); |
172
|
|
|
|
|
|
|
} |
173
|
|
|
|
|
|
|
|
174
|
|
|
|
|
|
|
1; |