line |
stmt |
bran |
cond |
sub |
pod |
time |
code |
1
|
|
|
|
|
|
|
package Secret::Simple; |
2
|
|
|
|
|
|
|
|
3
|
3
|
|
|
3
|
|
120492
|
use strict; |
|
3
|
|
|
|
|
8
|
|
|
3
|
|
|
|
|
122
|
|
4
|
3
|
|
|
3
|
|
16
|
use warnings; |
|
3
|
|
|
|
|
9
|
|
|
3
|
|
|
|
|
118
|
|
5
|
3
|
|
|
3
|
|
17
|
use vars qw( @ISA @EXPORT ); |
|
3
|
|
|
|
|
9
|
|
|
3
|
|
|
|
|
196
|
|
6
|
|
|
|
|
|
|
|
7
|
3
|
|
|
3
|
|
17
|
use Carp; |
|
3
|
|
|
|
|
5
|
|
|
3
|
|
|
|
|
286
|
|
8
|
3
|
|
|
3
|
|
3753
|
use Crypt::CBC; |
|
3
|
|
|
|
|
25554
|
|
|
3
|
|
|
|
|
129
|
|
9
|
3
|
|
|
3
|
|
37
|
use Exporter; |
|
3
|
|
|
|
|
8
|
|
|
3
|
|
|
|
|
160
|
|
10
|
3
|
|
|
3
|
|
3958
|
use MIME::Base64; |
|
3
|
|
|
|
|
4335
|
|
|
3
|
|
|
|
|
6482
|
|
11
|
|
|
|
|
|
|
|
12
|
|
|
|
|
|
|
our $VERSION = '0.11'; |
13
|
|
|
|
|
|
|
|
14
|
|
|
|
|
|
|
@ISA = qw( Exporter ); |
15
|
|
|
|
|
|
|
@EXPORT = qw( ssdecrypt ssdecryptraw ssencrypt ssencryptraw ); |
16
|
|
|
|
|
|
|
|
17
|
|
|
|
|
|
|
my $DEFAULT_CIPHER = 'Rijndael_PP'; |
18
|
|
|
|
|
|
|
my $DEFAULT_KEYFILE = '~/.ssh/id_dsa'; |
19
|
|
|
|
|
|
|
my $DEFAULT_GARBAGE = 'eLH6eDl7H+Ng07Zj'; |
20
|
|
|
|
|
|
|
|
21
|
|
|
|
|
|
|
sub new { |
22
|
3
|
|
|
3
|
1
|
24
|
my ($class, @args) = @_; |
23
|
3
|
|
|
|
|
6
|
my $self = {}; |
24
|
|
|
|
|
|
|
|
25
|
3
|
|
|
|
|
7
|
my (%args, %option); |
26
|
3
|
50
|
|
|
|
13
|
@args = ( 'key', '{sskeyfile}' ) unless @args; |
27
|
3
|
50
|
|
|
|
15
|
if (ref($args[0]) eq 'HASH') { |
28
|
0
|
|
|
|
|
0
|
%option = %{$args[0]}; |
|
0
|
|
|
|
|
0
|
|
29
|
|
|
|
|
|
|
} else { |
30
|
3
|
100
|
|
|
|
13
|
@args = ( 'key', $args[0] ) if @args == 1; |
31
|
3
|
50
|
|
|
|
14
|
croak "Invalid arguments passed" if scalar(@args) & 1; |
32
|
3
|
|
|
|
|
11
|
%args = @args; |
33
|
|
|
|
|
|
|
} |
34
|
3
|
|
|
|
|
10
|
my %tmp = map { $_ => 1 } qw( key keyfilesize ); |
|
6
|
|
|
|
|
21
|
|
35
|
3
|
|
|
|
|
12
|
for my $opt (keys %args) { |
36
|
3
|
|
|
|
|
6
|
my $opt2 = $opt; |
37
|
3
|
|
|
|
|
12
|
$opt2 =~ s/^-//; |
38
|
3
|
50
|
|
|
|
9
|
croak "Unrecognized -$opt2 option passed" unless $tmp{$opt2}; |
39
|
3
|
|
|
|
|
10
|
$option{$opt2} = $args{$opt}; |
40
|
|
|
|
|
|
|
} |
41
|
3
|
50
|
|
|
|
12
|
$option{key} = '{sskeyfile}' unless $option{key}; |
42
|
3
|
|
|
|
|
13
|
key($self, $option{key}); |
43
|
3
|
|
|
|
|
6
|
$self->{keyfilesize} = 0; |
44
|
3
|
50
|
|
|
|
9
|
keyfilesize($self, $option{keyfilesize}) if $option{keyfilesize}; |
45
|
3
|
|
|
|
|
34
|
$self->{keydata} = keydata($self); |
46
|
|
|
|
|
|
|
|
47
|
3
|
|
|
|
|
8
|
bless($self, $class); |
48
|
3
|
|
|
|
|
616
|
return $self; |
49
|
|
|
|
|
|
|
} |
50
|
|
|
|
|
|
|
|
51
|
|
|
|
|
|
|
sub decrypt { |
52
|
1
|
|
|
1
|
1
|
9
|
my ($self, $b64ciphertext) = @_; |
53
|
1
|
50
|
|
|
|
5
|
return unless $b64ciphertext; |
54
|
1
|
|
|
|
|
9
|
my $ciphertext = decode_base64($b64ciphertext); |
55
|
1
|
|
|
|
|
5
|
my $plaintext = decryptraw($self, $ciphertext); |
56
|
1
|
|
|
|
|
9
|
return $plaintext; |
57
|
|
|
|
|
|
|
} |
58
|
|
|
|
|
|
|
|
59
|
|
|
|
|
|
|
sub decryptraw { |
60
|
2
|
|
|
2
|
1
|
8
|
my ($self, $ciphertext) = @_; |
61
|
2
|
50
|
|
|
|
9
|
return unless $ciphertext; |
62
|
2
|
|
|
|
|
30
|
my $cipher = Crypt::CBC->new( |
63
|
|
|
|
|
|
|
-key => $self->{keydata}, |
64
|
|
|
|
|
|
|
-cipher => $DEFAULT_CIPHER, |
65
|
|
|
|
|
|
|
-header => 'none', |
66
|
|
|
|
|
|
|
-iv => $DEFAULT_GARBAGE |
67
|
|
|
|
|
|
|
); |
68
|
2
|
|
|
|
|
337
|
my $plaintext = $cipher->decrypt($ciphertext); |
69
|
2
|
|
|
|
|
248775
|
return $plaintext; |
70
|
|
|
|
|
|
|
} |
71
|
|
|
|
|
|
|
|
72
|
|
|
|
|
|
|
sub encrypt { |
73
|
1
|
|
|
1
|
1
|
8
|
my ($self, $plaintext) = @_; |
74
|
1
|
|
|
|
|
4
|
my $ciphertext = encryptraw($self, $plaintext); |
75
|
1
|
50
|
|
|
|
8
|
return unless $ciphertext; |
76
|
1
|
|
|
|
|
23
|
return encode_base64( $ciphertext ); |
77
|
|
|
|
|
|
|
} |
78
|
|
|
|
|
|
|
|
79
|
|
|
|
|
|
|
sub encryptraw { |
80
|
2
|
|
|
2
|
1
|
3
|
my ($self, $plaintext) = @_; |
81
|
2
|
50
|
|
|
|
7
|
return unless $plaintext; |
82
|
2
|
|
|
|
|
36
|
my $cipher = Crypt::CBC->new( |
83
|
|
|
|
|
|
|
-key => $self->{keydata}, |
84
|
|
|
|
|
|
|
-cipher => $DEFAULT_CIPHER, |
85
|
|
|
|
|
|
|
-header => 'none', |
86
|
|
|
|
|
|
|
-iv => $DEFAULT_GARBAGE |
87
|
|
|
|
|
|
|
); |
88
|
2
|
|
|
|
|
62713
|
my $ciphertext = $cipher->encrypt($plaintext); |
89
|
2
|
|
|
|
|
233627
|
return $ciphertext; |
90
|
|
|
|
|
|
|
} |
91
|
|
|
|
|
|
|
|
92
|
|
|
|
|
|
|
sub key { |
93
|
3
|
|
|
3
|
1
|
6
|
my ($self, $key) = @_; |
94
|
3
|
50
|
|
|
|
10
|
if (defined $key) { |
95
|
3
|
50
|
66
|
|
|
21
|
croak "Bad key specification" |
96
|
|
|
|
|
|
|
if ref($key) && ref($key) ne 'ARRAY'; |
97
|
3
|
|
|
|
|
7
|
$self->{key} = $key; |
98
|
|
|
|
|
|
|
} |
99
|
3
|
|
|
|
|
7
|
return $self->{key}; |
100
|
|
|
|
|
|
|
} |
101
|
|
|
|
|
|
|
|
102
|
|
|
|
|
|
|
sub keydata { |
103
|
3
|
|
|
3
|
1
|
579
|
my ($self) = @_; |
104
|
|
|
|
|
|
|
|
105
|
3
|
50
|
|
|
|
13
|
unless (defined $self->{keydata}) { |
106
|
|
|
|
|
|
|
# calculate aggregate key data |
107
|
2
|
|
|
|
|
5
|
my @keys = ref($self->{key}) eq 'ARRAY' ? |
108
|
3
|
100
|
|
|
|
12
|
@{$self->{key}} : ( $self->{key} ); |
109
|
3
|
|
|
|
|
6
|
my $data = ""; |
110
|
3
|
|
|
|
|
7
|
for my $frag (@keys) { |
111
|
3
|
|
|
|
|
31
|
my $piece = $frag; |
112
|
3
|
50
|
|
|
|
10
|
if ($frag =~ /^\{sskeyfile\}/) { |
113
|
0
|
|
|
|
|
0
|
my $fn = $frag; |
114
|
0
|
|
|
|
|
0
|
$fn =~ s/^\{sskeyfile\}//; |
115
|
0
|
0
|
|
|
|
0
|
$fn = $DEFAULT_KEYFILE unless $fn; |
116
|
0
|
|
|
|
|
0
|
my ($fn1) = glob($fn); |
117
|
0
|
0
|
|
|
|
0
|
croak "No access to specified key file '$fn'" |
118
|
|
|
|
|
|
|
unless -r $fn1; |
119
|
0
|
|
|
|
|
0
|
$piece = _read_rawfile($fn1, $self->{keyfilesize}); |
120
|
|
|
|
|
|
|
} |
121
|
3
|
|
|
|
|
9
|
$data .= $piece; |
122
|
|
|
|
|
|
|
} |
123
|
3
|
|
|
|
|
9
|
$self->{keydata} = $data; |
124
|
|
|
|
|
|
|
} |
125
|
|
|
|
|
|
|
|
126
|
3
|
|
|
|
|
9
|
return $self->{keydata}; |
127
|
|
|
|
|
|
|
} |
128
|
|
|
|
|
|
|
|
129
|
|
|
|
|
|
|
sub keyfilesize { |
130
|
0
|
|
|
0
|
1
|
0
|
my ($self, $num) = @_; |
131
|
0
|
0
|
0
|
|
|
0
|
croak "Bad limit passed" if defined $num && $num !~ /^\d+$/; |
132
|
0
|
0
|
|
|
|
0
|
$self->{keyfilesize} = $num if defined $num; |
133
|
0
|
|
|
|
|
0
|
return $self->{keyfilesize}; |
134
|
|
|
|
|
|
|
} |
135
|
|
|
|
|
|
|
|
136
|
|
|
|
|
|
|
# The procedural style function section begins here. |
137
|
|
|
|
|
|
|
|
138
|
|
|
|
|
|
|
sub ssdecrypt { |
139
|
1
|
|
|
1
|
1
|
6
|
my ($b64ciphertext, @keyspec) = @_; |
140
|
1
|
50
|
|
|
|
5
|
return unless $b64ciphertext; |
141
|
1
|
|
|
|
|
7
|
my $ciphertext = decode_base64($b64ciphertext); |
142
|
1
|
|
|
|
|
5
|
my $plaintext = ssdecryptraw($ciphertext, @keyspec); |
143
|
1
|
|
|
|
|
35
|
return $plaintext; |
144
|
|
|
|
|
|
|
} |
145
|
|
|
|
|
|
|
|
146
|
|
|
|
|
|
|
sub ssdecryptraw { |
147
|
1
|
|
|
1
|
1
|
3
|
my ($ciphertext, @keyspec) = @_; |
148
|
1
|
50
|
|
|
|
3
|
return unless $ciphertext; |
149
|
1
|
50
|
|
|
|
12
|
my $ss = @keyspec ? |
150
|
|
|
|
|
|
|
Secret::Simple->new( key => [ @keyspec ] ) : |
151
|
|
|
|
|
|
|
Secret::Simple->new(); |
152
|
1
|
|
|
|
|
7
|
my $plaintext = $ss->decryptraw($ciphertext); |
153
|
1
|
|
|
|
|
11
|
return $plaintext; |
154
|
|
|
|
|
|
|
} |
155
|
|
|
|
|
|
|
|
156
|
|
|
|
|
|
|
sub ssencrypt { |
157
|
1
|
|
|
1
|
1
|
10
|
my ($plaintext, @keyspec) = @_; |
158
|
1
|
50
|
|
|
|
5
|
return unless $plaintext; |
159
|
1
|
|
|
|
|
4
|
my $ciphertext = ssencryptraw($plaintext, @keyspec); |
160
|
1
|
50
|
|
|
|
6
|
return unless $ciphertext; |
161
|
1
|
|
|
|
|
26
|
return encode_base64( $ciphertext ); |
162
|
|
|
|
|
|
|
} |
163
|
|
|
|
|
|
|
|
164
|
|
|
|
|
|
|
sub ssencryptraw { |
165
|
1
|
|
|
1
|
1
|
3
|
my ($plaintext, @keyspec) = @_; |
166
|
1
|
50
|
|
|
|
2
|
return unless $plaintext; |
167
|
1
|
50
|
|
|
|
10
|
my $ss = @keyspec ? |
168
|
|
|
|
|
|
|
Secret::Simple->new( key => [ @keyspec ] ) : |
169
|
|
|
|
|
|
|
Secret::Simple->new(); |
170
|
1
|
|
|
|
|
4
|
my $ciphertext = $ss->encryptraw($plaintext); |
171
|
1
|
|
|
|
|
15
|
return $ciphertext; |
172
|
|
|
|
|
|
|
} |
173
|
|
|
|
|
|
|
|
174
|
|
|
|
|
|
|
# The private module function section begins here. |
175
|
|
|
|
|
|
|
|
176
|
|
|
|
|
|
|
# The _read_rawfile private function accepts a filename and an optional |
177
|
|
|
|
|
|
|
# limit argument. The entire contents of a specified file will be read |
178
|
|
|
|
|
|
|
# and returned as a string if the limit is undefined or zero, but a |
179
|
|
|
|
|
|
|
# maximum of $limit bytes will be read in and returned otherwise. |
180
|
|
|
|
|
|
|
|
181
|
|
|
|
|
|
|
sub _read_rawfile { |
182
|
0
|
|
|
0
|
|
|
my ($fn, $limit) = @_; |
183
|
0
|
0
|
|
|
|
|
croak "No filename argument passed" unless $fn; |
184
|
0
|
0
|
0
|
|
|
|
croak "Bad limit passed" if $limit && $limit !~ /^\d+$/; |
185
|
0
|
|
|
|
|
|
my ($chunk, $num, $data, $buf) = ( 8192, 0, "" ); |
186
|
0
|
0
|
|
|
|
|
croak "Unable to read from file" unless |
187
|
|
|
|
|
|
|
open my ($F), $fn; |
188
|
0
|
|
|
|
|
|
binmode($F); |
189
|
0
|
|
|
|
|
|
until ( eof($F) ) { |
190
|
0
|
0
|
0
|
|
|
|
$chunk = $limit - $num if $limit && $num + $chunk > $limit; |
191
|
0
|
|
|
|
|
|
$num += read($F, $buf, $chunk); |
192
|
0
|
|
|
|
|
|
$data .= $buf; |
193
|
0
|
0
|
0
|
|
|
|
last if $limit && $num >= $limit; |
194
|
|
|
|
|
|
|
} |
195
|
0
|
|
|
|
|
|
close $F; |
196
|
0
|
|
|
|
|
|
return $data; |
197
|
|
|
|
|
|
|
} |
198
|
|
|
|
|
|
|
|
199
|
|
|
|
|
|
|
1; |
200
|
|
|
|
|
|
|
__END__ |