File Coverage

inc/CryptX_PK_RSA.xs.inc

Criterion	Covered	Total	%
statement	277	366	75.6
branch	126	288	43.7
condition			n/a
subroutine			n/a
pod			n/a
total	403	654	61.6

line	stmt	bran	code
1			MODULE = CryptX PACKAGE = Crypt::PK::RSA
2
3			PROTOTYPES: DISABLE
4
5			Crypt::PK::RSA
6			_new(Class)
7			CODE:
8			{
9			int rv;
10	110		Newz(0, RETVAL, 1, struct rsa_struct);
11	110	50	if (!RETVAL) croak("FATAL: Newz failed");
12	110		RETVAL->key.type = -1;
13	110		RETVAL->pindex = find_prng("chacha20");
14	110		RETVAL->last_pid = (IV)PerlProc_getpid();
15	110	50	if (RETVAL->pindex == -1) {
16	0		Safefree(RETVAL);
17	0		croak("FATAL: find_prng('chacha20') failed");
18			}
19	110		rv = rng_make_prng(320, RETVAL->pindex, &RETVAL->pstate, NULL); /* 320bits = 40bytes */
20	110	50	if (rv != CRYPT_OK) {
21	0		Safefree(RETVAL);
22	0		croak("FATAL: rng_make_prng failed: %s", error_to_string(rv));
23			}
24			}
25			OUTPUT:
26			RETVAL
27
28			void
29			generate_key(Crypt::PK::RSA self, int key_size=256, long key_e=65537)
30			PPCODE:
31			{
32			/* key_size is in octets */
33			int rv;
34	2		cryptx_internal_pk_prng_reseed(&self->pstate, self->pindex, &self->last_pid);
35			/* gen the key */
36	2		rv = rsa_make_key(&self->pstate, self->pindex, key_size, key_e, &self->key);
37	2	50	if (rv != CRYPT_OK) croak("FATAL: rsa_make_key failed: %s", error_to_string(rv));
38	2	50	XPUSHs(ST(0)); /* return self */
39			}
40
41			void
42			_import(Crypt::PK::RSA self, SV * key_data)
43			PPCODE:
44			{
45			int rv;
46	91		unsigned char *data=NULL;
47	91		STRLEN data_len=0;
48
49	91		data = (unsigned char *)SvPVbyte(key_data, data_len);
50	91	100	if (self->key.type != -1) { rsa_free(&self->key); self->key.type = -1; }
51	91		rv = rsa_import(data, (unsigned long)data_len, &self->key);
52	91	100	if (rv != CRYPT_OK) croak("FATAL: rsa_import failed: %s", error_to_string(rv));
53	89	50	XPUSHs(ST(0)); /* return self */
54			}
55
56			void
57			_import_pkcs8(Crypt::PK::RSA self, SV * key_data, SV * passwd)
58			PPCODE:
59			{
60			int rv;
61	2		unsigned char *data = NULL;
62	2		STRLEN data_len = 0;
63	2		password_ctx pw_ctx = { cryptx_internal_password_cb_getpw, cryptx_internal_password_cb_free, passwd };
64
65	2		data = (unsigned char *)SvPVbyte(key_data, data_len);
66	2	50	if (self->key.type != -1) { rsa_free(&self->key); self->key.type = -1; }
67	2	100	if (SvOK(passwd)) {
68	1		rv = rsa_import_pkcs8(data, (unsigned long)data_len, &pw_ctx, &self->key);
69			}
70			else {
71	1		rv = rsa_import_pkcs8(data, (unsigned long)data_len, NULL, &self->key);
72			}
73	2	50	if (rv != CRYPT_OK) croak("FATAL: rsa_import_pkcs8 failed: %s", error_to_string(rv));
74	2	50	XPUSHs(ST(0)); /* return self */
75			}
76
77			void
78			_import_pem(Crypt::PK::RSA self, SV * key_data, SV * passwd)
79			PPCODE:
80			{
81			int rv;
82	54		unsigned char *data = NULL;
83	54		STRLEN data_len = 0;
84	54		password_ctx pw_ctx = { cryptx_internal_password_cb_getpw, cryptx_internal_password_cb_free, passwd };
85			ltc_pka_key key_from_pem;
86
87	54		data = (unsigned char *)SvPVbyte(key_data, data_len);
88	54	100	if (self->key.type != -1) { rsa_free(&self->key); self->key.type = -1; }
89	54	100	if (SvOK(passwd)) {
90	22		rv = pem_decode_pkcs(data, (unsigned long)data_len, &key_from_pem, &pw_ctx);
91			}
92			else {
93	32		rv = pem_decode_pkcs(data, (unsigned long)data_len, &key_from_pem, NULL);
94			}
95	54	50	if (rv != CRYPT_OK) croak("FATAL: pem_decode_pkcs failed: %s", error_to_string(rv));
96	54	50	if (key_from_pem.id != LTC_PKA_RSA) croak("FATAL: pem_decode_pkcs decoded non-RSA key");
97	54		self->key = key_from_pem.u.rsa;
98	54	50	XPUSHs(ST(0)); /* return self */
99			}
100
101
102			void
103			_import_openssh(Crypt::PK::RSA self, SV * key_data, SV * passwd)
104			PPCODE:
105			{
106			int rv;
107	18		unsigned char *data = NULL;
108	18		STRLEN data_len = 0;
109	18		password_ctx pw_ctx = { cryptx_internal_password_cb_getpw, cryptx_internal_password_cb_free, passwd };
110			ltc_pka_key key_from_pem;
111
112	18		data = (unsigned char *)SvPVbyte(key_data, data_len);
113	18	50	if (self->key.type != -1) { rsa_free(&self->key); self->key.type = -1; }
114	18	100	if (SvOK(passwd)) {
115	6		rv = pem_decode_openssh(data, (unsigned long)data_len, &key_from_pem, &pw_ctx);
116			}
117			else {
118	12		rv = pem_decode_openssh(data, (unsigned long)data_len, &key_from_pem, NULL);
119			}
120	18	50	if (rv != CRYPT_OK) croak("FATAL: pem_decode_openssh failed: %s", error_to_string(rv));
121	18	50	if (key_from_pem.id != LTC_PKA_RSA) croak("FATAL: pem_decode_openssh decoded non-RSA key");
122	18		self->key = key_from_pem.u.rsa;
123	18	50	XPUSHs(ST(0)); /* return self */
124			}
125
126			void
127			_import_x509(Crypt::PK::RSA self, SV * key_data)
128			PPCODE:
129			{
130			int rv;
131	0		unsigned char *data=NULL;
132	0		STRLEN data_len=0;
133
134	0		data = (unsigned char *)SvPVbyte(key_data, data_len);
135	0	0	if (self->key.type != -1) { rsa_free(&self->key); self->key.type = -1; }
136	0		rv = rsa_import_x509(data, (unsigned long)data_len, &self->key);
137	0	0	if (rv != CRYPT_OK) croak("FATAL: rsa_import_x509 failed: %s", error_to_string(rv));
138	0	0	XPUSHs(ST(0)); /* return self */
139			}
140
141			void
142			_import_hex(Crypt::PK::RSA self, char N, char e, char d=NULL, char p=NULL, char q=NULL, char dP=NULL, char dQ=NULL, char qP=NULL)
143			PPCODE:
144			{
145			int rv;
146			unsigned char Nbin[1024], ebin[128], dbin[1024], pbin[512], qbin[512], dPbin[512], dQbin[512], qPbin[512];
147	7		unsigned long Nlen=sizeof(Nbin), elen=sizeof(ebin), dlen=sizeof(dbin), plen=sizeof(pbin),
148	7		qlen=sizeof(qbin), dPlen=sizeof(dPbin), dQlen=sizeof(dQbin), qPlen=sizeof(qPbin);
149
150	7		rv = radix_to_bin(N, 16, Nbin, &Nlen);
151	7	50	if (rv != CRYPT_OK) croak("FATAL: radix_to_bin(N) failed: %s", error_to_string(rv));
152	7		rv = radix_to_bin(e, 16, ebin, &elen);
153	7	50	if (rv != CRYPT_OK) croak("FATAL: radix_to_bin(e) failed: %s", error_to_string(rv));
154
155	7	50	if (d && strlen(d) > 0) {
		0
156			/* private */
157	0		rv = radix_to_bin(d, 16, dbin, &dlen);
158	0	0	if (rv != CRYPT_OK) croak("FATAL: radix_to_bin(d) failed: %s", error_to_string(rv));
159	0		rv = rsa_set_key(Nbin, Nlen, ebin, elen, dbin, dlen, &self->key);
160	0	0	if (rv != CRYPT_OK) croak("FATAL: rsa_set_key failed: %s", error_to_string(rv));
161			}
162			else {
163			/* public */
164	7		rv = rsa_set_key(Nbin, Nlen, ebin, elen, NULL, 0, &self->key);
165	7	50	if (rv != CRYPT_OK) croak("FATAL: rsa_set_key failed: %s", error_to_string(rv));
166			}
167
168	7	50	if (p && strlen(p) > 0 && q && strlen(q) > 0) {
		0
		0
		0
169			/* private only */
170	0		rv = radix_to_bin(p, 16, pbin, &plen);
171	0	0	if (rv != CRYPT_OK) croak("FATAL: radix_to_bin(p) failed: %s", error_to_string(rv));
172	0		rv = radix_to_bin(q, 16, qbin, &qlen);
173	0	0	if (rv != CRYPT_OK) croak("FATAL: radix_to_bin(q) failed: %s", error_to_string(rv));
174	0		rv = rsa_set_factors(pbin, plen, qbin, qlen, &self->key);
175	0	0	if (rv != CRYPT_OK) croak("FATAL: rsa_set_factors failed: %s", error_to_string(rv));
176			}
177
178	7	50	if (dP && strlen(dP) > 0 && dQ && strlen(dQ) > 0 && qP && strlen(qP) > 0) {
		0
		0
		0
		0
		0
179			/* private only */
180	0		rv = radix_to_bin(dP, 16, dPbin, &dPlen);
181	0	0	if (rv != CRYPT_OK) croak("FATAL: radix_to_bin(dP) failed: %s", error_to_string(rv));
182	0		rv = radix_to_bin(dQ, 16, dQbin, &dQlen);
183	0	0	if (rv != CRYPT_OK) croak("FATAL: radix_to_bin(dQ) failed: %s", error_to_string(rv));
184	0		rv = radix_to_bin(qP, 16, qPbin, &qPlen);
185	0	0	if (rv != CRYPT_OK) croak("FATAL: radix_to_bin(qP) failed: %s", error_to_string(rv));
186	0		rv = rsa_set_crt_params(dPbin, dPlen, dQbin, dQlen, qPbin, qPlen, &self->key);
187	0	0	if (rv != CRYPT_OK) croak("FATAL: rsa_set_crt_params failed: %s", error_to_string(rv));
188			}
189
190	7	50	XPUSHs(ST(0)); /* return self */
191			}
192
193			int
194			is_private(Crypt::PK::RSA self)
195			CODE:
196	88	50	if (self->key.type == -1 \|\| self->key.N == NULL) XSRETURN_UNDEF;
		50
197	88	100	RETVAL = (self->key.type == PK_PRIVATE) ? 1 : 0;
198			OUTPUT:
199			RETVAL
200
201			size_t
202			size(Crypt::PK::RSA self)
203			CODE:
204	1	50	if (self->key.type == -1 \|\| self->key.N == NULL) XSRETURN_UNDEF;
		50
205	1		RETVAL = mp_ubin_size(self->key.N);
206			OUTPUT:
207			RETVAL
208
209			SV*
210			key2hash(Crypt::PK::RSA self)
211			PREINIT:
212			HV *rv_hash;
213			size_t siz, nsize;
214			char buf[20001];
215			SV **not_used;
216			CODE:
217	134	50	if (self->key.type == -1 \|\| self->key.N == NULL) XSRETURN_UNDEF;
		50
218	134		nsize = mp_ubin_size(self->key.N);
219	134		rv_hash = newHV();
220			/* e */
221	134	50	siz = (self->key.e) ? mp_ubin_size(self->key.e) : 0;
222	134	50	if (siz>10000) {
223	0		croak("FATAL: key2hash failed - 'e' too big number");
224			}
225	134	50	if (siz>0) {
226	134		cryptx_internal_mp2hex_with_leading_zero(self->key.e, buf, 20000, 0);
227	134		not_used = hv_store(rv_hash, "e", 1, newSVpv(buf, strlen(buf)), 0);
228			}
229			else{
230	0		not_used = hv_store(rv_hash, "e", 1, newSVpv("", 0), 0);
231			}
232			/* d */
233	134	50	siz = (self->key.d) ? mp_ubin_size(self->key.d) : 0;
234	134	50	if (siz>10000) {
235	0		croak("FATAL: key2hash failed - 'd' too big number");
236			}
237	134	100	if (siz>0) {
238	74		cryptx_internal_mp2hex_with_leading_zero(self->key.d, buf, 20000, 0);
239	74		not_used = hv_store(rv_hash, "d", 1, newSVpv(buf, strlen(buf)), 0);
240			}
241			else{
242	60		not_used = hv_store(rv_hash, "d", 1, newSVpv("", 0), 0);
243			}
244			/* N */
245	134	50	siz = (self->key.N) ? nsize : 0;
246	134	50	if (siz>10000) {
247	0		croak("FATAL: key2hash failed - 'N' too big number");
248			}
249	134	50	if (siz>0) {
250	134		cryptx_internal_mp2hex_with_leading_zero(self->key.N, buf, 20000, 0);
251	134		not_used = hv_store(rv_hash, "N", 1, newSVpv(buf, strlen(buf)), 0);
252			}
253			else{
254	0		not_used = hv_store(rv_hash, "N", 1, newSVpv("", 0), 0);
255			}
256			/* q */
257	134	50	siz = (self->key.q) ? mp_ubin_size(self->key.q) : 0;
258	134	50	if (siz>10000) {
259	0		croak("FATAL: key2hash failed - 'q' too big number");
260			}
261	134	100	if (siz>0) {
262	74		cryptx_internal_mp2hex_with_leading_zero(self->key.q, buf, 20000, 0);
263	74		not_used = hv_store(rv_hash, "q", 1, newSVpv(buf, strlen(buf)), 0);
264			}
265			else{
266	60		not_used = hv_store(rv_hash, "q", 1, newSVpv("", 0), 0);
267			}
268			/* p */
269	134	50	siz = (self->key.p) ? mp_ubin_size(self->key.p) : 0;
270	134	50	if (siz>10000) {
271	0		croak("FATAL: key2hash failed - 'p' too big number");
272			}
273	134	100	if (siz>0) {
274	74		cryptx_internal_mp2hex_with_leading_zero(self->key.p, buf, 20000, 0);
275	74		not_used = hv_store(rv_hash, "p", 1, newSVpv(buf, strlen(buf)), 0);
276			}
277			else{
278	60		not_used = hv_store(rv_hash, "p", 1, newSVpv("", 0), 0);
279			}
280			/* qP */
281	134	50	siz = (self->key.qP) ? mp_ubin_size(self->key.qP) : 0;
282	134	50	if (siz>10000) {
283	0		croak("FATAL: key2hash failed - 'qP' too big number");
284			}
285	134	100	if (siz>0) {
286	74		cryptx_internal_mp2hex_with_leading_zero(self->key.qP, buf, 20000, 0);
287	74		not_used = hv_store(rv_hash, "qP", 2, newSVpv(buf, strlen(buf)), 0);
288			}
289			else{
290	60		not_used = hv_store(rv_hash, "qP", 2, newSVpv("", 0), 0);
291			}
292			/* dP */
293	134	50	siz = (self->key.dP) ? mp_ubin_size(self->key.dP) : 0;
294	134	50	if (siz>10000) {
295	0		croak("FATAL: key2hash failed - 'dP' too big number");
296			}
297	134	100	if (siz>0) {
298	74		cryptx_internal_mp2hex_with_leading_zero(self->key.dP, buf, 20000, 0);
299	74		not_used = hv_store(rv_hash, "dP", 2, newSVpv(buf, strlen(buf)), 0);
300			}
301			else{
302	60		not_used = hv_store(rv_hash, "dP", 2, newSVpv("", 0), 0);
303			}
304			/* dQ */
305	134	50	siz = (self->key.dQ) ? mp_ubin_size(self->key.dQ) : 0;
306	134	50	if (siz>10000) {
307	0		croak("FATAL: key2hash failed - 'dQ' too big number");
308			}
309	134	100	if (siz>0) {
310	74		cryptx_internal_mp2hex_with_leading_zero(self->key.dQ, buf, 20000, 0);
311	74		not_used = hv_store(rv_hash, "dQ", 2, newSVpv(buf, strlen(buf)), 0);
312			}
313			else{
314	60		not_used = hv_store(rv_hash, "dQ", 2, newSVpv("", 0), 0);
315			}
316			/* size */
317	134		not_used = hv_store(rv_hash, "size", 4, newSViv(nsize), 0);
318			/* type */
319	134		not_used = hv_store(rv_hash, "type", 4, newSViv(self->key.type), 0);
320			LTC_UNUSED_PARAM(not_used);
321	134		RETVAL = newRV_noinc((SV*)rv_hash);
322			OUTPUT:
323			RETVAL
324
325			SV*
326			export_key_der(Crypt::PK::RSA self, char * type)
327			CODE:
328			{
329			int rv;
330			unsigned char out[4096];
331	5		unsigned long out_len = 4096;
332
333	5		RETVAL = newSVpvn(NULL, 0); /* undef */
334	5	100	if (strnEQ(type, "private", 7)) {
335	2		rv = rsa_export(out, &out_len, PK_PRIVATE, &self->key);
336	2	50	if (rv != CRYPT_OK) croak("FATAL: rsa_export(PK_PRIVATE) failed: %s", error_to_string(rv));
337	2		RETVAL = newSVpvn((char*)out, out_len);
338			}
339	3	50	else if (strnEQ(type, "public", 6)) {
340	3		rv = rsa_export(out, &out_len, PK_PUBLIC\|PK_STD, &self->key);
341	3	50	if (rv != CRYPT_OK) croak("FATAL: rsa_export(PK_PUBLIC\|PK_STD) failed: %s", error_to_string(rv));
342	3		RETVAL = newSVpvn((char*)out, out_len);
343			}
344			else {
345	0		croak("FATAL: export_key_der invalid type '%s'", type);
346			}
347			}
348			OUTPUT:
349			RETVAL
350
351			SV *
352			encrypt(Crypt::PK::RSA self, SV * data, const char * padding = "oaep", const char * mgf_hash = "SHA1", SV * oaep_lparam = NULL, const char * lparam_hash = NULL)
353			CODE:
354			{
355			int rv, mgf_hash_id, lparam_hash_id;
356	3		unsigned char *lparam_ptr=NULL;
357	3		STRLEN lparam_len=0;
358	3		unsigned char *data_ptr=NULL;
359	3		STRLEN data_len=0;
360			unsigned char buffer[1024];
361	3		unsigned long buffer_len = 1024;
362			ltc_rsa_op_parameters rsa_oparams;
363
364	3		data_ptr = (unsigned char *)SvPVbyte(data, data_len);
365
366	3		RETVAL = newSVpvn(NULL, 0); /* undef */
367	3		cryptx_internal_pk_prng_reseed(&self->pstate, self->pindex, &self->last_pid);
368	3	100	if (strnEQ(padding, "oaep", 4)) {
369	2		mgf_hash_id = cryptx_internal_find_hash(mgf_hash);
370	2	50	if (mgf_hash_id == -1) croak("FATAL: find_hash failed for '%s'", mgf_hash);
371	2	50	if (lparam_hash) {
372	0		lparam_hash_id = cryptx_internal_find_hash(lparam_hash);
373	0	0	if (lparam_hash_id == -1) croak("FATAL: find_hash failed for '%s'", lparam_hash);
374			}
375			else {
376	2		lparam_hash_id = mgf_hash_id;
377			}
378	2	50	if (oaep_lparam) lparam_ptr = (unsigned char *)SvPVbyte(oaep_lparam, lparam_len);
379	2		rsa_oparams.prng = &self->pstate;
380	2		rsa_oparams.wprng = self->pindex;
381	2		rsa_oparams.padding = LTC_PKCS_1_OAEP;
382	2		rsa_oparams.u.crypt.lparam = lparam_ptr;
383	2		rsa_oparams.u.crypt.lparamlen = (unsigned long)lparam_len;
384	2		rsa_oparams.params.hash_idx = lparam_hash_id;
385	2		rsa_oparams.params.mgf1_hash_idx = mgf_hash_id;
386	2		rsa_oparams.params.saltlen = 0;
387	2		rv = rsa_encrypt_key_v2(data_ptr, (unsigned long)data_len, buffer, &buffer_len, &rsa_oparams, &self->key);
388	2	50	if (rv != CRYPT_OK) croak("FATAL: rsa_encrypt_key_v2/oaep failed: %s", error_to_string(rv));
389	2		RETVAL = newSVpvn((char*)buffer, buffer_len);
390			}
391	1	50	else if (strnEQ(padding, "v1.5", 4)) {
392	0		rsa_oparams.prng = &self->pstate;
393	0		rsa_oparams.wprng = self->pindex;
394	0		rsa_oparams.padding = LTC_PKCS_1_V1_5;
395	0		rsa_oparams.u.crypt.lparam = NULL; /* OAEP only */
396	0		rsa_oparams.u.crypt.lparamlen = 0; /* OAEP only */
397	0		rsa_oparams.params.hash_idx = -1; /* OAEP only */
398	0		rsa_oparams.params.mgf1_hash_idx = -1; /* OAEP only */
399	0		rsa_oparams.params.saltlen = 0; /* PSS only */
400	0		rv = rsa_encrypt_key_v2(data_ptr, (unsigned long)data_len, buffer, &buffer_len, &rsa_oparams, &self->key);
401	0	0	if (rv != CRYPT_OK) croak("FATAL: rsa_encrypt_key_v2/v1.5 failed: %s", error_to_string(rv));
402	0		RETVAL = newSVpvn((char*)buffer, buffer_len);
403			}
404	1	50	else if (strnEQ(padding, "none", 4)) {
405			/* raw RSA */
406	1		rv = ltc_mp.rsa_me(data_ptr, (unsigned long)data_len, buffer, &buffer_len, PK_PUBLIC, &self->key);
407	1	50	if (rv != CRYPT_OK) croak("FATAL: rsa_me failed: %s", error_to_string(rv));
408	1		RETVAL = newSVpvn((char*)buffer, buffer_len);
409			}
410			else {
411	0		croak("FATAL: rsa_encrypt invalid padding '%s'", padding);
412			}
413			}
414			OUTPUT:
415			RETVAL
416
417			SV *
418			decrypt(Crypt::PK::RSA self, SV * data, const char * padding = "oaep", const char * mgf_hash = "SHA1", SV * oaep_lparam = NULL, const char * lparam_hash = NULL)
419			CODE:
420			{
421			int rv, lparam_hash_id, mgf_hash_id, stat;
422	38		unsigned char *lparam_ptr=NULL;
423	38		STRLEN lparam_len=0;
424	38		unsigned char *data_ptr=NULL;
425	38		STRLEN data_len=0;
426			unsigned char buffer[1024];
427	38		unsigned long buffer_len = 1024;
428			ltc_rsa_op_parameters rsa_oparams;
429
430	38		data_ptr = (unsigned char *)SvPVbyte(data, data_len);
431
432	38		RETVAL = newSVpvn(NULL, 0); /* undef */
433	38		cryptx_internal_pk_prng_reseed(&self->pstate, self->pindex, &self->last_pid);
434	38	100	if (strnEQ(padding, "oaep", 4)) {
435	1		mgf_hash_id = cryptx_internal_find_hash(mgf_hash);
436	1	50	if (mgf_hash_id == -1) croak("FATAL: find_hash failed for '%s'", mgf_hash);
437	1	50	if (lparam_hash) {
438	0		lparam_hash_id = cryptx_internal_find_hash(lparam_hash);
439	0	0	if (lparam_hash_id == -1) croak("FATAL: find_hash failed for '%s'", lparam_hash);
440			}
441			else {
442	1		lparam_hash_id = mgf_hash_id;
443			}
444	1	50	if (oaep_lparam) lparam_ptr = (unsigned char *)SvPVbyte(oaep_lparam, lparam_len);
445	1		rsa_oparams.prng = NULL;
446	1		rsa_oparams.wprng = 0;
447	1		rsa_oparams.padding = LTC_PKCS_1_OAEP;
448	1		rsa_oparams.u.crypt.lparam = lparam_ptr;
449	1		rsa_oparams.u.crypt.lparamlen = (unsigned long)lparam_len;
450	1		rsa_oparams.params.hash_idx = lparam_hash_id;
451	1		rsa_oparams.params.mgf1_hash_idx = mgf_hash_id;
452	1		rsa_oparams.params.saltlen = 0;
453	1		rv = rsa_decrypt_key_v2(data_ptr, (unsigned long)data_len, buffer, &buffer_len, &rsa_oparams, &stat, &self->key);
454	1	50	if (rv != CRYPT_OK) croak("FATAL: rsa_decrypt_key_v2 failed: %s", error_to_string(rv));
455	1	50	if (stat != 1) croak("FATAL: rsa_decrypt - not valid OAEP packet");
456	1		RETVAL = newSVpvn((char*)buffer, buffer_len);
457			}
458	37	100	else if (strnEQ(padding, "v1.5", 4)) {
459	36		rsa_oparams.prng = &self->pstate;
460	36		rsa_oparams.wprng = self->pindex;
461	36		rsa_oparams.padding = LTC_PKCS_1_V1_5;
462	36		rsa_oparams.u.crypt.lparam = NULL; /* OAEP only */
463	36		rsa_oparams.u.crypt.lparamlen = 0; /* OAEP only */
464	36		rsa_oparams.params.hash_idx = -1; /* OAEP only */
465	36		rsa_oparams.params.mgf1_hash_idx = -1; /* OAEP only */
466	36		rsa_oparams.params.saltlen = 0; /* PSS only */
467	36		rv = rsa_decrypt_key_v2(data_ptr, (unsigned long)data_len, buffer, &buffer_len, &rsa_oparams, &stat, &self->key);
468	36	50	if (rv != CRYPT_OK) croak("FATAL: rsa_decrypt_key_v2 failed: %s", error_to_string(rv));
469	36	50	if (stat != 1) croak("FATAL: rsa_decrypt - invalid");
470	36		RETVAL = newSVpvn((char*)buffer, buffer_len);
471			}
472	1	50	else if (strnEQ(padding, "none", 4)) {
473			/* raw RSA */
474	1		rv = ltc_mp.rsa_me(data_ptr, (unsigned long)data_len, buffer, &buffer_len, PK_PRIVATE, &self->key);
475	1	50	if (rv != CRYPT_OK) croak("FATAL: rsa_me failed: %s", error_to_string(rv));
476	1		RETVAL = newSVpvn((char*)buffer, buffer_len);
477			}
478			else {
479	0		croak("FATAL: rsa_encrypt invalid padding '%s'", padding);
480			}
481			}
482			OUTPUT:
483			RETVAL
484
485			SV *
486			sign_hash(Crypt::PK::RSA self, SV * data, const char * hash_name = "SHA1", const char * padding = "pss", unsigned long saltlen=12, const char * mgf_hash_name = NULL)
487			ALIAS:
488			sign_message = 1
489			CODE:
490			{
491			int rv, hash_id, mgf_hash_id;
492	5		unsigned char buffer[1024], tmp[MAXBLOCKSIZE], *data_ptr = NULL;
493	5		unsigned long tmp_len = MAXBLOCKSIZE, buffer_len = 1024;
494	5		STRLEN data_len = 0;
495			ltc_rsa_op_parameters rsa_oparams;
496
497	5		data_ptr = (unsigned char *)SvPVbyte(data, data_len);
498	5		cryptx_internal_pk_prng_reseed(&self->pstate, self->pindex, &self->last_pid);
499	5	100	if (ix == 1) {
500	3		hash_id = cryptx_internal_find_hash(hash_name);
501	3	50	if (hash_id == -1) croak("FATAL: find_hash failed for '%s'", hash_name);
502	3		rv = hash_memory(hash_id, data_ptr, (unsigned long)data_len, tmp, &tmp_len);
503	3	50	if (rv != CRYPT_OK) croak("FATAL: hash_memory failed: %s", error_to_string(rv));
504	3		data_ptr = tmp;
505	3		data_len = tmp_len;
506			}
507	5	50	if (strnEQ(padding, "pss", 3)) {
508	5		hash_id = cryptx_internal_find_hash(hash_name);
509	5	50	if (hash_id == -1) croak("FATAL: find_hash failed for '%s'", hash_name);
510	5	50	mgf_hash_id = mgf_hash_name ? cryptx_internal_find_hash(mgf_hash_name) : hash_id;
511	5	50	if (mgf_hash_id == -1) croak("FATAL: find_hash failed for '%s'", mgf_hash_name);
512	5		rsa_oparams.prng = &self->pstate;
513	5		rsa_oparams.wprng = self->pindex;
514	5		rsa_oparams.padding = LTC_PKCS_1_PSS;
515	5		rsa_oparams.u.crypt.lparam = NULL;
516	5		rsa_oparams.u.crypt.lparamlen = 0;
517	5		rsa_oparams.params.hash_idx = hash_id;
518	5		rsa_oparams.params.mgf1_hash_idx = mgf_hash_id;
519	5		rsa_oparams.params.saltlen = saltlen;
520	5		rv = rsa_sign_hash_v2(data_ptr, (unsigned long)data_len, buffer, &buffer_len, &rsa_oparams, &self->key);
521	5	50	if (rv != CRYPT_OK) croak("FATAL: rsa_sign_hash_v2 failed: %s", error_to_string(rv));
522	5		RETVAL = newSVpvn((char*)buffer, buffer_len);
523			}
524	0	0	else if (strnEQ(padding, "v1.5", 4)) {
525	0		hash_id = cryptx_internal_find_hash(hash_name);
526	0	0	if (hash_id == -1) croak("FATAL: find_hash failed for '%s'", hash_name);
527	0		rsa_oparams.prng = &self->pstate;
528	0		rsa_oparams.wprng = self->pindex;
529	0		rsa_oparams.padding = LTC_PKCS_1_V1_5;
530	0		rsa_oparams.u.crypt.lparam = NULL;
531	0		rsa_oparams.u.crypt.lparamlen = 0;
532	0		rsa_oparams.params.hash_idx = hash_id;
533	0		rsa_oparams.params.mgf1_hash_idx = -1;
534	0		rsa_oparams.params.saltlen = 0;
535	0		rv = rsa_sign_hash_v2(data_ptr, (unsigned long)data_len, buffer, &buffer_len, &rsa_oparams, &self->key);
536	0	0	if (rv != CRYPT_OK) croak("FATAL: rsa_sign_hash_v2 failed: %s", error_to_string(rv));
537	0		RETVAL = newSVpvn((char*)buffer, buffer_len);
538			}
539	0	0	else if (strnEQ(padding, "v1.5.na1", 8)) {
540	0		croak("FATAL: LTC_PKCS_1_V1_5_NA1 not implemented");
541			}
542	0	0	else if (strnEQ(padding, "none", 4)) {
543			/* raw RSA */
544	0		rv = ltc_mp.rsa_me(data_ptr, (unsigned long)data_len, buffer, &buffer_len, PK_PRIVATE, &self->key);
545	0	0	if (rv != CRYPT_OK) croak("FATAL: rsa_me failed: %s", error_to_string(rv));
546	0		RETVAL = newSVpvn((char*)buffer, buffer_len);
547			}
548			else {
549	0		croak("FATAL: rsa_sign invalid padding '%s'", padding);
550			}
551			}
552			OUTPUT:
553			RETVAL
554
555			int
556			verify_hash(Crypt::PK::RSA self, SV * sig, SV * data, const char * hash_name = "SHA1", const char * padding = "pss", unsigned long saltlen = 12, const char * mgf_hash_name = NULL)
557			ALIAS:
558			verify_message = 1
559			CODE:
560			{
561			int rv, hash_id, mgf_hash_id, stat;
562	109		unsigned char tmp[MAXBLOCKSIZE], buffer[1024], data_ptr = NULL, sig_ptr = NULL;
563	109		unsigned long i, tmp_len = MAXBLOCKSIZE, buffer_len = 1024;
564	109		STRLEN data_len = 0, sig_len = 0;
565			ltc_rsa_op_parameters rsa_oparams;
566
567	109		data_ptr = (unsigned char *)SvPVbyte(data, data_len);
568	109		sig_ptr = (unsigned char *)SvPVbyte(sig, sig_len);
569	109		cryptx_internal_pk_prng_reseed(&self->pstate, self->pindex, &self->last_pid);
570	109	100	if (ix == 1) {
571	107		hash_id = cryptx_internal_find_hash(hash_name);
572	107	50	if (hash_id == -1) croak("FATAL: find_hash failed for '%s'", hash_name);
573	107		rv = hash_memory(hash_id, data_ptr, (unsigned long)data_len, tmp, &tmp_len);
574	107	50	if (rv != CRYPT_OK) croak("FATAL: hash_memory failed: %s", error_to_string(rv));
575	107		data_ptr = tmp;
576	107		data_len = tmp_len;
577			}
578	109		RETVAL = 1;
579	109		stat = 0;
580	109	100	if (strnEQ(padding, "pss", 3)) {
581	4		hash_id = cryptx_internal_find_hash(hash_name);
582	4	50	if (hash_id == -1) croak("FATAL: find_hash failed for '%s'", hash_name);
583	4	50	mgf_hash_id = mgf_hash_name ? cryptx_internal_find_hash(mgf_hash_name) : hash_id;
584	4	50	if (mgf_hash_id == -1) croak("FATAL: find_hash failed for '%s'", mgf_hash_name);
585	4		rsa_oparams.prng = &self->pstate;
586	4		rsa_oparams.wprng = self->pindex;
587	4		rsa_oparams.padding = LTC_PKCS_1_PSS;
588	4		rsa_oparams.u.crypt.lparam = NULL;
589	4		rsa_oparams.u.crypt.lparamlen = 0;
590	4		rsa_oparams.params.hash_idx = hash_id;
591	4		rsa_oparams.params.mgf1_hash_idx = mgf_hash_id;
592	4		rsa_oparams.params.saltlen = saltlen;
593	4		rv = rsa_verify_hash_v2(sig_ptr, (unsigned long)sig_len, data_ptr, (unsigned long)data_len, &rsa_oparams, &stat, &self->key);
594	4	50	if (rv != CRYPT_OK \|\| stat != 1) RETVAL = 0;
		50
595			}
596	105	50	else if (strnEQ(padding, "v1.5", 4)) {
597	105		hash_id = cryptx_internal_find_hash(hash_name);
598	105	50	if (hash_id == -1) croak("FATAL: find_hash failed for '%s'", hash_name);
599	105		rsa_oparams.prng = &self->pstate;
600	105		rsa_oparams.wprng = self->pindex;
601	105		rsa_oparams.padding = LTC_PKCS_1_V1_5;
602	105		rsa_oparams.u.crypt.lparam = NULL;
603	105		rsa_oparams.u.crypt.lparamlen = 0;
604	105		rsa_oparams.params.hash_idx = hash_id;
605	105		rsa_oparams.params.mgf1_hash_idx = -1;
606	105		rsa_oparams.params.saltlen = 0;
607	105		rv = rsa_verify_hash_v2(sig_ptr, (unsigned long)sig_len, data_ptr, (unsigned long)data_len, &rsa_oparams, &stat, &self->key);
608	105	50	if (rv != CRYPT_OK \|\| stat != 1) RETVAL = 0;
		100
609			}
610	0	0	else if (strnEQ(padding, "v1.5.na1", 8)) {
611	0		croak("FATAL: LTC_PKCS_1_V1_5_NA1 not implemented");
612			}
613	0	0	else if (strnEQ(padding, "none", 4)) {
614			/* raw RSA */
615	0		Zero(buffer, buffer_len, unsigned char);
616	0		rv = ltc_mp.rsa_me(sig_ptr, (unsigned long)sig_len, buffer, &buffer_len, PK_PUBLIC, &self->key);
617	0	0	if (rv != CRYPT_OK) croak("FATAL: rsa_me failed: %s", error_to_string(rv));
618	0	0	if (data_len <= buffer_len && buffer_len > 0 && data_len > 0) {
		0
		0
619	0	0	for (i = 0; i < buffer_len - data_len; i++) if (buffer[i] != 0) RETVAL = 0;
		0
620	0	0	if (memNE(data_ptr, buffer + buffer_len - data_len, data_len)) RETVAL = 0;
621			}
622			else {
623	0		RETVAL = 0;
624			}
625			}
626			else {
627	0		croak("FATAL: rsa_verify invalid padding '%s'", padding);
628			}
629			}
630			OUTPUT:
631			RETVAL
632
633			void
634			DESTROY(Crypt::PK::RSA self)
635			CODE:
636	110	50	if (self->key.type != -1) { rsa_free(&self->key); self->key.type = -1; }
637	110		Safefree(self);