File Coverage

blib/lib/Crypt/PK/Ed25519.pm

Criterion	Covered	Total	%
statement	38	75	50.6
branch	20	70	28.5
condition	7	41	17.0
subroutine	8	12	66.6
pod	5	5	100.0
total	78	203	38.4

line	stmt	bran	cond	sub	pod	time	code
1							package Crypt::PK::Ed25519;
2
3	3			3		131425	use strict;
	3					7
	3					109
4	3			3		23	use warnings;
	3					6
	3					431
5							our $VERSION = '0.087';
6
7							require Exporter; our @ISA = qw(Exporter); ### use Exporter 5.57 'import';
8							our %EXPORT_TAGS = ( all => [qw( )] );
9							our @EXPORT_OK = ( @{ $EXPORT_TAGS{'all'} } );
10							our @EXPORT = qw();
11
12	3			3		20	use Carp;
	3					9
	3					281
13							$Carp::Internal{(__PACKAGE__)}++;
14	3			3		537	use CryptX;
	3					8
	3					91
15	3			3		542	use Crypt::PK;
	3					8
	3					151
16	3			3		579	use Crypt::Misc qw(read_rawfile encode_b64u decode_b64u encode_b64 decode_b64 pem_to_der der_to_pem);
	3					6
	3					4759
17
18							sub new {
19	1			1	1	40	my $self = shift->_new();
20	1	50				4	return @_ > 0 ? $self->import_key(@_) : $self;
21							}
22
23							sub import_key_raw {
24	0			0	1	0	my ($self, $key, $type) = @_;
25	0	0				0	croak "FATAL: undefined key" unless $key;
26	0	0				0	croak "FATAL: invalid key" unless length($key) == 32;
27	0	0				0	croak "FATAL: undefined type" unless $type;
28	0	0				0	return $self->_import_raw($key, 1) if $type eq 'private';
29	0	0				0	return $self->_import_raw($key, 0) if $type eq 'public';
30	0					0	croak "FATAL: invalid key type '$type'";
31							}
32
33							sub import_key {
34	6			6	1	13075	my ($self, $key, $password) = @_;
35	6					28	local $SIG{__DIE__} = \&CryptX::_croak;
36	6	50				22	croak "FATAL: undefined key" unless $key;
37
38							# special case
39	6	100				19	if (ref($key) eq 'HASH') {
40	2	0	33			8	if ($key->{kty} && $key->{kty} eq "OKP" && $key->{crv} && $key->{crv} eq 'Ed25519') {
			33
			0
41							# JWK-like structure e.g.
42							# {"kty":"OKP","crv":"Ed25519","d":"...","x":"..."}
43	0	0				0	return $self->_import_raw(decode_b64u($key->{d}), 1) if $key->{d}; # private
44	0	0				0	return $self->_import_raw(decode_b64u($key->{x}), 0) if $key->{x}; # public
45							}
46	2	50	33			32	if ($key->{curve} && $key->{curve} eq "ed25519" && ($key->{priv} \|\| $key->{pub})) {
			66
			33
47							# hash exported via key2hash
48	2	100				2659	return $self->_import_raw(pack("H*", $key->{priv}), 1) if $key->{priv};
49	1	50				12	return $self->_import_raw(pack("H*", $key->{pub}), 0) if $key->{pub};
50							}
51	0					0	croak "FATAL: unexpected Ed25519 key hash";
52							}
53
54	4					7	my $data;
55	4	50				110	if (ref($key) eq 'SCALAR') {
		50
56	0					0	$data = $$key;
57							}
58							elsif (-f $key) {
59	4					19	$data = read_rawfile($key);
60							}
61							else {
62	0					0	croak "FATAL: non-existing file '$key'";
63							}
64	4	50				16	croak "FATAL: invalid key data" unless $data;
65
66	4	50				62	if ($data =~ /-----BEGIN (PUBLIC\|PRIVATE\|ENCRYPTED PRIVATE) KEY-----(.+?)-----END (PUBLIC\|PRIVATE\|ENCRYPTED PRIVATE) KEY-----/s) {
		50
		100
		100
		50
		50
		0
67	0					0	return $self->_import_pem($data, $password);
68							}
69							elsif ($data =~ /-----BEGIN CERTIFICATE-----(.+?)-----END CERTIFICATE-----/s) {
70	0					0	return $self->_import_pem($data, undef);
71							}
72							elsif ($data =~ /-----BEGIN OPENSSH (PUBLIC\|PRIVATE) KEY-----(.+?)-----END/s) {
73	2					247870	return $self->_import_openssh($data, $password);
74							}
75							elsif ($data =~ /---- BEGIN SSH2 PUBLIC KEY ----(.+?)---- END SSH2 PUBLIC KEY ----/s) {
76	1					22	return $self->_import_openssh($data, undef);
77							}
78							elsif ($data =~ /^\s(\{.?\})\s*$/s) { # JSON
79	0					0	my $h = CryptX::_decode_json("$1");
80	0	0	0			0	if ($h->{kty} && $h->{kty} eq "OKP" && $h->{crv} && $h->{crv} eq 'Ed25519') {
			0
			0
81	0	0				0	return $self->_import_raw(decode_b64u($h->{d}), 1) if $h->{d}; # private
82	0	0				0	return $self->_import_raw(decode_b64u($h->{x}), 0) if $h->{x}; # public
83							}
84							}
85							elsif ($data =~ /(ssh-ed25519)\s+(\S+)/) {
86	1					8	$data = decode_b64("$2");
87	1					5	my ($typ, $pubkey) = Crypt::PK::_ssh_parse($data);
88	1	50	33			13	return $self->_import_raw($pubkey, 0) if $typ eq 'ssh-ed25519' && length($pubkey) == 32;
89							}
90							elsif (length($data) == 32) {
91	0						croak "FATAL: use import_key_raw() to load raw (32 bytes) Ed25519 key";
92							}
93							else {
94							my $rv = eval { $self->_import($data) } \|\|
95							eval { $self->_import_pkcs8($data, $password) } \|\|
96	0		0				eval { $self->_import_x509($data) };
97	0	0					return $rv if $rv;
98							}
99	0						croak "FATAL: invalid or unsupported Ed25519 key format";
100							}
101
102							sub export_key_pem {
103	0			0	1		my ($self, $type, $password, $cipher) = @_;
104	0						local $SIG{__DIE__} = \&CryptX::_croak;
105	0		0				my $key = $self->export_key_der($type\|\|'');
106	0	0					return unless $key;
107	0	0					return der_to_pem($key, "PRIVATE KEY", $password, $cipher) if substr($type, 0, 7) eq 'private';
108	0	0					return der_to_pem($key, "PUBLIC KEY") if substr($type,0, 6) eq 'public';
109							}
110
111							sub export_key_jwk {
112	0			0	1		my ($self, $type, $wanthash) = @_;
113	0						local $SIG{__DIE__} = \&CryptX::_croak;
114	0						my $kh = $self->key2hash;
115	0	0					return unless $kh;
116	0						my $hash = { kty => "OKP", crv => "Ed25519" };
117	0						$hash->{x} = encode_b64u(pack("H*", $kh->{pub}));
118	0	0	0				$hash->{d} = encode_b64u(pack("H*", $kh->{priv})) if $type && $type eq 'private' && $kh->{priv};
			0
119	0	0					return $wanthash ? $hash : CryptX::_encode_json($hash);
120							}
121
122	0			0			sub CLONE_SKIP { 1 } # prevent cloning
123
124							1;
125
126							=pod
127
128							=head1 NAME
129
130							Crypt::PK::Ed25519 - Digital signature based on Ed25519
131
132							=head1 SYNOPSIS
133
134							use Crypt::PK::Ed25519;
135
136							#Signature: Alice
137							my $priv = Crypt::PK::Ed25519->new('Alice_priv_ed25519.der');
138							my $sig = $priv->sign_message($message);
139
140							#Signature: Bob (received $message + $sig)
141							my $pub = Crypt::PK::Ed25519->new('Alice_pub_ed25519.der');
142							$pub->verify_message($sig, $message) or die "ERROR";
143
144							#Load key
145							my $pk = Crypt::PK::Ed25519->new;
146							my $pk_hex = "A05D1AEA5830AC9A65CDFB384660D497E3697C46B419CF2CEC85DE8BD245459D";
147							$pk->import_key_raw(pack("H*", $pk_hex), "public");
148							my $sk = Crypt::PK::Ed25519->new;
149							my $sk_hex = "45C109BA6FD24E8B67D23EFB6B92D99CD457E2137172C0D749FE2B5A0C142DAD";
150							$sk->import_key_raw(pack("H*", $sk_hex), "private");
151
152							#Key generation
153							my $pk = Crypt::PK::Ed25519->new->generate_key;
154							my $private_der = $pk->export_key_der('private');
155							my $public_der = $pk->export_key_der('public');
156							my $private_pem = $pk->export_key_pem('private');
157							my $public_pem = $pk->export_key_pem('public');
158							my $private_raw = $pk->export_key_raw('private');
159							my $public_raw = $pk->export_key_raw('public');
160							my $private_jwk = $pk->export_key_jwk('private');
161							my $public_jwk = $pk->export_key_jwk('public');
162
163							=head1 DESCRIPTION
164
165							I
166
167							=head1 METHODS
168
169							=head2 new
170
171							my $pk = Crypt::PK::Ed25519->new();
172							#or
173							my $pk = Crypt::PK::Ed25519->new($priv_or_pub_key_filename);
174							#or
175							my $pk = Crypt::PK::Ed25519->new(\$buffer_containing_priv_or_pub_key);
176
177							Support for password protected PEM keys
178
179							my $pk = Crypt::PK::Ed25519->new($priv_pem_key_filename, $password);
180							#or
181							my $pk = Crypt::PK::Ed25519->new(\$buffer_containing_priv_pem_key, $password);
182
183							=head2 generate_key
184
185							Uses Yarrow-based cryptographically strong random number generator seeded with
186							random data taken from C (UNIX) or C (Win32).
187
188							$pk->generate_key;
189
190							=head2 import_key
191
192							Loads private or public key in DER or PEM format.
193
194							$pk->import_key($filename);
195							#or
196							$pk->import_key(\$buffer_containing_key);
197
198							Support for password protected PEM keys:
199
200							$pk->import_key($filename, $password);
201							#or
202							$pk->import_key(\$buffer_containing_key, $password);
203
204							Loading private or public keys form perl hash:
205
206							$pk->import_key($hashref);
207
208							# the $hashref is either a key exported via key2hash
209							$pk->import_key({
210							curve => "ed25519",
211							pub => "A05D1AEA5830AC9A65CDFB384660D497E3697C46B419CF2CEC85DE8BD245459D",
212							priv => "45C109BA6FD24E8B67D23EFB6B92D99CD457E2137172C0D749FE2B5A0C142DAD",
213							});
214
215							# or a hash with items corresponding to JWK (JSON Web Key)
216							$pk->import_key({
217							kty => "OKP",
218							crv => "Ed25519",
219							d => "RcEJum_STotn0j77a5LZnNRX4hNxcsDXSf4rWgwULa0",
220							x => "oF0a6lgwrJplzfs4RmDUl-NpfEa0Gc8s7IXei9JFRZ0",
221							});
222
223							Supported key formats:
224
225							# all formats can be loaded from a file
226							my $pk = Crypt::PK::Ed25519->new($filename);
227
228							# or from a buffer containing the key
229							my $pk = Crypt::PK::Ed25519->new(\$buffer_with_key);
230
231							=over
232
233							=item * Ed25519 private keys in PEM format
234
235							-----BEGIN ED25519 PRIVATE KEY-----
236							MC4CAQAwBQYDK2VwBCIEIEXBCbpv0k6LZ9I++2uS2ZzUV+ITcXLA10n+K1oMFC2t
237							-----END ED25519 PRIVATE KEY-----
238
239							=item * Ed25519 private keys in password protected PEM format
240
241							-----BEGIN ED25519 PRIVATE KEY-----
242							Proc-Type: 4,ENCRYPTED
243							DEK-Info: DES-CBC,6A64D756D49C1EFF
244
245							8xQ7OyfQ10IITNEKcJGZA53Z1yk+NJQU7hrKqXwChZtgWNInhMBJRl9pozLKDSkH
246							v7u6EOve8NY=
247							-----END ED25519 PRIVATE KEY-----
248
249							=item * PKCS#8 private keys
250
251							-----BEGIN PRIVATE KEY-----
252							MC4CAQAwBQYDK2VwBCIEIEXBCbpv0k6LZ9I++2uS2ZzUV+ITcXLA10n+K1oMFC2t
253							-----END PRIVATE KEY-----
254
255							=item * PKCS#8 encrypted private keys
256
257							-----BEGIN ENCRYPTED PRIVATE KEY-----
258							MIGHMEsGCSqGSIb3DQEFDTA+MCkGCSqGSIb3DQEFDDAcBAjPx9JkdpRH2QICCAAw
259							DAYIKoZIhvcNAgkFADARBgUrDgMCBwQIWWieQojaWTcEOGj43SxqHUys4Eb2M27N
260							AkhqpmhosOxKrpGi0L3h8m8ipHE8EwI94NeOMsjfVw60aJuCrssY5vKN
261							-----END ENCRYPTED PRIVATE KEY-----
262
263							=item * Ed25519 public keys in PEM format
264
265							-----BEGIN PUBLIC KEY-----
266							MCowBQYDK2VwAyEAoF0a6lgwrJplzfs4RmDUl+NpfEa0Gc8s7IXei9JFRZ0=
267							-----END PUBLIC KEY-----
268
269							=item * Ed25519 public key from X509 certificate
270
271							-----BEGIN CERTIFICATE-----
272							MIIBODCB66ADAgECAhRWDU9FZBBUZ7KTdX8f7Bco8jsoaTAFBgMrZXAwETEPMA0G
273							A1UEAwwGQ3J5cHRYMCAXDTIwMDExOTEzMDIwMloYDzIyOTMxMTAyMTMwMjAyWjAR
274							MQ8wDQYDVQQDDAZDcnlwdFgwKjAFBgMrZXADIQCgXRrqWDCsmmXN+zhGYNSX42l8
275							RrQZzyzshd6L0kVFnaNTMFEwHQYDVR0OBBYEFHCGFtVibAxxWYyRt5wazMpqSZDV
276							MB8GA1UdIwQYMBaAFHCGFtVibAxxWYyRt5wazMpqSZDVMA8GA1UdEwEB/wQFMAMB
277							Af8wBQYDK2VwA0EAqG/+98smzqF/wmFX3zHXSaA67as202HnBJod1Tiurw1f+lr3
278							BX6OMtsDpgRq9O77IF1Qyx/MdJEwwErczOIbAA==
279							-----END CERTIFICATE-----
280
281							=item * SSH public Ed25519 keys
282
283							ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL0XsiFcRDp6Hpsoak8OdiiBMJhM2UKszNTxoGS7dJ++
284
285							=item * SSH public Ed25519 keys (RFC-4716 format)
286
287							---- BEGIN SSH2 PUBLIC KEY ----
288							Comment: "256-bit ED25519, converted from OpenSSH"
289							AAAAC3NzaC1lZDI1NTE5AAAAIL0XsiFcRDp6Hpsoak8OdiiBMJhM2UKszNTxoGS7dJ++
290							---- END SSH2 PUBLIC KEY ----
291
292							=item * Ed25519 private keys in JSON Web Key (JWK) format
293
294							See L
295
296							{
297							"kty":"OKP",
298							"crv":"Ed25519",
299							"x":"oF0a6lgwrJplzfs4RmDUl-NpfEa0Gc8s7IXei9JFRZ0",
300							"d":"RcEJum_STotn0j77a5LZnNRX4hNxcsDXSf4rWgwULa0",
301							}
302
303							B For JWK support you need to have L module installed.
304
305							=item * Ed25519 public keys in JSON Web Key (JWK) format
306
307							{
308							"kty":"OKP",
309							"crv":"Ed25519",
310							"x":"oF0a6lgwrJplzfs4RmDUl-NpfEa0Gc8s7IXei9JFRZ0",
311							}
312
313							B For JWK support you need to have L module installed.
314
315							=back
316
317							=head2 import_key_raw
318
319							Import raw public/private key - can load raw key data exported by L.
320
321							$pk->import_key_raw($key, 'public');
322							$pk->import_key_raw($key, 'private');
323
324							=head2 export_key_der
325
326							my $private_der = $pk->export_key_der('private');
327							#or
328							my $public_der = $pk->export_key_der('public');
329
330							=head2 export_key_pem
331
332							my $private_pem = $pk->export_key_pem('private');
333							#or
334							my $public_pem = $pk->export_key_pem('public');
335
336							Support for password protected PEM keys
337
338							my $private_pem = $pk->export_key_pem('private', $password);
339							#or
340							my $private_pem = $pk->export_key_pem('private', $password, $cipher);
341
342							# supported ciphers: 'DES-CBC'
343							# 'DES-EDE3-CBC'
344							# 'SEED-CBC'
345							# 'CAMELLIA-128-CBC'
346							# 'CAMELLIA-192-CBC'
347							# 'CAMELLIA-256-CBC'
348							# 'AES-128-CBC'
349							# 'AES-192-CBC'
350							# 'AES-256-CBC' (DEFAULT)
351
352							=head2 export_key_jwk
353
354							Exports public/private keys as a JSON Web Key (JWK).
355
356							my $private_json_text = $pk->export_key_jwk('private');
357							#or
358							my $public_json_text = $pk->export_key_jwk('public');
359
360							Also exports public/private keys as a perl HASH with JWK structure.
361
362							my $jwk_hash = $pk->export_key_jwk('private', 1);
363							#or
364							my $jwk_hash = $pk->export_key_jwk('public', 1);
365
366							B For JWK support you need to have L module installed.
367
368							=head2 export_key_raw
369
370							Export raw public/private key
371
372							my $private_bytes = $pk->export_key_raw('private');
373							#or
374							my $public_bytes = $pk->export_key_raw('public');
375
376							=head2 sign_message
377
378							my $signature = $priv->sign_message($message);
379
380							=head2 verify_message
381
382							my $valid = $pub->verify_message($signature, $message)
383
384							=head2 is_private
385
386							my $rv = $pk->is_private;
387							# 1 .. private key loaded
388							# 0 .. public key loaded
389							# undef .. no key loaded
390
391							=head2 key2hash
392
393							my $hash = $pk->key2hash;
394
395							# returns hash like this (or undef if no key loaded):
396							{
397							curve => "ed25519",
398							# raw public key as a hexadecimal string
399							pub => "A05D1AEA5830AC9A65CDFB384660D497E3697C46B419CF2CEC85DE8BD245459D",
400							# raw private key as a hexadecimal string. undef if key is public only
401							priv => "45C109BA6FD24E8B67D23EFB6B92D99CD457E2137172C0D749FE2B5A0C142DAD",
402							}
403
404							=head1 SEE ALSO
405
406							=over
407
408							=item * L
409
410							=item * L
411
412							=item * L
413
414							=back
415
416							=cut