line |
stmt |
bran |
cond |
sub |
pod |
time |
code |
1
|
|
|
|
|
|
|
package Net::DNS::SEC::RSA; |
2
|
|
|
|
|
|
|
|
3
|
12
|
|
|
12
|
|
44841
|
use strict; |
|
12
|
|
|
|
|
28
|
|
|
12
|
|
|
|
|
359
|
|
4
|
12
|
|
|
12
|
|
64
|
use warnings; |
|
12
|
|
|
|
|
33
|
|
|
12
|
|
|
|
|
644
|
|
5
|
|
|
|
|
|
|
|
6
|
|
|
|
|
|
|
our $VERSION = (qw$Id: RSA.pm 1863 2022-03-14 14:59:21Z willem $)[2]; |
7
|
|
|
|
|
|
|
|
8
|
|
|
|
|
|
|
|
9
|
|
|
|
|
|
|
=head1 NAME |
10
|
|
|
|
|
|
|
|
11
|
|
|
|
|
|
|
Net::DNS::SEC::RSA - DNSSEC RSA digital signature algorithm |
12
|
|
|
|
|
|
|
|
13
|
|
|
|
|
|
|
|
14
|
|
|
|
|
|
|
=head1 SYNOPSIS |
15
|
|
|
|
|
|
|
|
16
|
|
|
|
|
|
|
require Net::DNS::SEC::RSA; |
17
|
|
|
|
|
|
|
|
18
|
|
|
|
|
|
|
$signature = Net::DNS::SEC::RSA->sign( $sigdata, $private ); |
19
|
|
|
|
|
|
|
|
20
|
|
|
|
|
|
|
$validated = Net::DNS::SEC::RSA->verify( $sigdata, $keyrr, $sigbin ); |
21
|
|
|
|
|
|
|
|
22
|
|
|
|
|
|
|
|
23
|
|
|
|
|
|
|
=head1 DESCRIPTION |
24
|
|
|
|
|
|
|
|
25
|
|
|
|
|
|
|
Implementation of RSA digital signature |
26
|
|
|
|
|
|
|
generation and verification procedures. |
27
|
|
|
|
|
|
|
|
28
|
|
|
|
|
|
|
=head2 sign |
29
|
|
|
|
|
|
|
|
30
|
|
|
|
|
|
|
$signature = Net::DNS::SEC::RSA->sign( $sigdata, $private ); |
31
|
|
|
|
|
|
|
|
32
|
|
|
|
|
|
|
Generates the wire-format signature from the sigdata octet string |
33
|
|
|
|
|
|
|
and the appropriate private key object. |
34
|
|
|
|
|
|
|
|
35
|
|
|
|
|
|
|
=head2 verify |
36
|
|
|
|
|
|
|
|
37
|
|
|
|
|
|
|
$validated = Net::DNS::SEC::RSA->verify( $sigdata, $keyrr, $sigbin ); |
38
|
|
|
|
|
|
|
|
39
|
|
|
|
|
|
|
Verifies the signature over the sigdata octet string using the specified |
40
|
|
|
|
|
|
|
public key resource record. |
41
|
|
|
|
|
|
|
|
42
|
|
|
|
|
|
|
=cut |
43
|
|
|
|
|
|
|
|
44
|
12
|
|
|
12
|
|
74
|
use integer; |
|
12
|
|
|
|
|
25
|
|
|
12
|
|
|
|
|
62
|
|
45
|
12
|
|
|
12
|
|
289
|
use MIME::Base64; |
|
12
|
|
|
|
|
40
|
|
|
12
|
|
|
|
|
1091
|
|
46
|
|
|
|
|
|
|
|
47
|
12
|
|
|
12
|
|
104
|
use constant RSA_configured => Net::DNS::SEC::libcrypto->can('EVP_PKEY_new_RSA'); |
|
12
|
|
|
|
|
21
|
|
|
12
|
|
|
|
|
945
|
|
48
|
|
|
|
|
|
|
|
49
|
12
|
|
|
12
|
|
4822
|
BEGIN { die 'RSA disabled or application has no "use Net::DNS::SEC"' unless RSA_configured } |
50
|
|
|
|
|
|
|
|
51
|
|
|
|
|
|
|
|
52
|
|
|
|
|
|
|
my %parameters = ( |
53
|
|
|
|
|
|
|
1 => scalar eval { Net::DNS::SEC::libcrypto::EVP_md5() }, |
54
|
|
|
|
|
|
|
5 => scalar eval { Net::DNS::SEC::libcrypto::EVP_sha1() }, |
55
|
|
|
|
|
|
|
7 => scalar eval { Net::DNS::SEC::libcrypto::EVP_sha1() }, |
56
|
|
|
|
|
|
|
8 => scalar eval { Net::DNS::SEC::libcrypto::EVP_sha256() }, |
57
|
|
|
|
|
|
|
10 => scalar eval { Net::DNS::SEC::libcrypto::EVP_sha512() }, |
58
|
|
|
|
|
|
|
); |
59
|
|
|
|
|
|
|
|
60
|
12
|
|
|
12
|
|
175
|
sub _index { return keys %parameters } |
61
|
|
|
|
|
|
|
|
62
|
|
|
|
|
|
|
|
63
|
|
|
|
|
|
|
sub sign { |
64
|
12
|
|
|
12
|
1
|
6027
|
my ( $class, $sigdata, $private ) = @_; |
65
|
|
|
|
|
|
|
|
66
|
12
|
|
|
|
|
41
|
my $evpmd = $parameters{$private->algorithm}; |
67
|
12
|
100
|
|
|
|
49
|
die 'private key not RSA' unless $evpmd; |
68
|
|
|
|
|
|
|
|
69
|
|
|
|
|
|
|
my ( $n, $e, $d, $p, $q ) = |
70
|
11
|
|
|
|
|
20
|
map { decode_base64( $private->$_ ) } qw(Modulus PublicExponent PrivateExponent Prime1 Prime2); |
|
55
|
|
|
|
|
221
|
|
71
|
|
|
|
|
|
|
|
72
|
11
|
|
|
|
|
3971
|
my $evpkey = Net::DNS::SEC::libcrypto::EVP_PKEY_new_RSA( $n, $e, $d, $p, $q ); |
73
|
|
|
|
|
|
|
|
74
|
11
|
|
|
|
|
63662
|
return Net::DNS::SEC::libcrypto::EVP_sign( $sigdata, $evpkey, $evpmd ); |
75
|
|
|
|
|
|
|
} |
76
|
|
|
|
|
|
|
|
77
|
|
|
|
|
|
|
|
78
|
|
|
|
|
|
|
sub verify { |
79
|
34
|
|
|
34
|
1
|
14296
|
my ( $class, $sigdata, $keyrr, $sigbin ) = @_; |
80
|
|
|
|
|
|
|
|
81
|
34
|
|
|
|
|
94
|
my $evpmd = $parameters{$keyrr->algorithm}; |
82
|
34
|
100
|
|
|
|
273
|
die 'public key not RSA' unless $evpmd; |
83
|
|
|
|
|
|
|
|
84
|
33
|
100
|
|
|
|
8260
|
return unless $sigbin; |
85
|
|
|
|
|
|
|
|
86
|
32
|
|
|
|
|
110
|
my $keybin = $keyrr->keybin; # public key |
87
|
32
|
|
|
|
|
256
|
my ( $short, $long ) = unpack( 'Cn', $keybin ); # RFC3110, section 2 |
88
|
32
|
100
|
|
|
|
4660
|
my $keyfmt = $short ? "x a$short a*" : "x3 a$long a*"; |
89
|
32
|
|
|
|
|
128
|
my ( $exponent, $modulus ) = unpack( $keyfmt, $keybin ); |
90
|
|
|
|
|
|
|
|
91
|
32
|
|
|
|
|
251
|
my $evpkey = Net::DNS::SEC::libcrypto::EVP_PKEY_new_RSA( $modulus, $exponent, '', '', '' ); |
92
|
|
|
|
|
|
|
|
93
|
32
|
|
|
|
|
3108
|
return Net::DNS::SEC::libcrypto::EVP_verify( $sigdata, $sigbin, $evpkey, $evpmd ); |
94
|
|
|
|
|
|
|
} |
95
|
|
|
|
|
|
|
|
96
|
|
|
|
|
|
|
|
97
|
|
|
|
|
|
|
1; |
98
|
|
|
|
|
|
|
|
99
|
|
|
|
|
|
|
__END__ |