File Coverage

blib/lib/Crypt/PK/X448.pm

Criterion	Covered	Total	%
statement	20	69	28.9
branch	1	60	1.6
condition	0	40	0.0
subroutine	7	12	58.3
pod	5	5	100.0
total	33	186	17.7

line	stmt	bran	cond	sub	pod	time	code
1							package Crypt::PK::X448;
2
3	3			3		81807	use strict;
	3					5
	3					92
4	3			3		12	use warnings;
	3					3
	3					341
5							our $VERSION = '0.088_004';
6
7							require Exporter; our @ISA = qw(Exporter); ### use Exporter 5.57 'import';
8							our %EXPORT_TAGS = ( all => [qw( )] );
9							our @EXPORT_OK = ( @{ $EXPORT_TAGS{'all'} } );
10							our @EXPORT = qw();
11
12	3			3		19	use Carp;
	3					6
	3					184
13							$Carp::Internal{(__PACKAGE__)}++;
14	3			3		357	use CryptX;
	3					4
	3					80
15	3			3		330	use Crypt::PK;
	3					5
	3					67
16	3			3		359	use Crypt::Misc qw(read_rawfile encode_b64u decode_b64u der_to_pem);
	3					5
	3					2563
17
18							sub new {
19	1			1	1	10117	my $self = shift->_new();
20	1	50				10	return @_ > 0 ? $self->import_key(@_) : $self;
21							}
22
23							sub import_key_raw {
24	0			0	1		my ($self, $key, $type) = @_;
25	0	0					croak "FATAL: undefined key" unless $key;
26	0	0					croak "FATAL: invalid key" unless length($key) == 56;
27	0	0					croak "FATAL: undefined type" unless $type;
28	0	0					return $self->_import_raw($key, 1) if $type eq 'private';
29	0	0					return $self->_import_raw($key, 0) if $type eq 'public';
30	0						croak "FATAL: invalid key type '$type'";
31							}
32
33							sub import_key {
34	0			0	1		my ($self, $key, $password) = @_;
35	0						local $SIG{__DIE__} = \&CryptX::_croak;
36	0	0					croak "FATAL: undefined key" unless $key;
37
38	0	0					if (ref($key) eq 'HASH') {
39	0	0	0				if ($key->{kty} && $key->{kty} eq "OKP" && $key->{crv} && $key->{crv} eq 'X448') {
			0
			0
40	0	0					return $self->_import_raw(decode_b64u($key->{d}), 1) if $key->{d};
41	0	0					return $self->_import_raw(decode_b64u($key->{x}), 0) if $key->{x};
42							}
43	0	0	0				if ($key->{curve} && $key->{curve} eq "x448" && ($key->{priv} \|\| $key->{pub})) {
			0
			0
44	0	0					return $self->_import_raw(pack("H*", $key->{priv}), 1) if $key->{priv};
45	0	0					return $self->_import_raw(pack("H*", $key->{pub}), 0) if $key->{pub};
46							}
47	0						croak "FATAL: unexpected X448 key hash";
48							}
49
50	0						my $data;
51	0	0					if (ref($key) eq 'SCALAR') {
		0
52	0						$data = $$key;
53							}
54							elsif (-f $key) {
55	0						$data = read_rawfile($key);
56							}
57							else {
58	0						croak "FATAL: non-existing file '$key'";
59							}
60	0	0					croak "FATAL: invalid key data" unless $data;
61
62	0	0					if ($data =~ /-----BEGIN (PUBLIC\|PRIVATE\|ENCRYPTED PRIVATE) KEY-----(.+?)-----END (PUBLIC\|PRIVATE\|ENCRYPTED PRIVATE) KEY-----/s) {
		0
		0
63	0						return $self->_import_pem($data, $password);
64							}
65							elsif ($data =~ /^\s(\{.?\})\s*$/s) {
66	0		0				my $h = CryptX::_decode_json("$1") \|\| {};
67	0	0	0				if ($h->{kty} && $h->{kty} eq "OKP" && $h->{crv} && $h->{crv} eq 'X448') {
			0
			0
68	0	0					return $self->_import_raw(decode_b64u($h->{d}), 1) if $h->{d};
69	0	0					return $self->_import_raw(decode_b64u($h->{x}), 0) if $h->{x};
70							}
71							}
72							elsif (length($data) == 56) {
73	0						croak "FATAL: use import_key_raw() to load raw (56 bytes) X448 key";
74							}
75							else {
76							my $rv = eval { $self->_import($data) } \|\|
77							eval { $self->_import_pkcs8($data, $password) } \|\|
78	0		0				eval { $self->_import_x509($data) };
79	0	0					return $rv if $rv;
80							}
81	0						croak "FATAL: invalid or unsupported X448 key format";
82							}
83
84							sub export_key_pem {
85	0			0	1		my ($self, $type, $password, $cipher) = @_;
86	0						local $SIG{__DIE__} = \&CryptX::_croak;
87	0		0				my $key = $self->export_key_der($type\|\|'');
88	0	0					return unless $key;
89	0	0					return der_to_pem($key, "PRIVATE KEY", $password, $cipher) if $type eq 'private';
90	0	0					return der_to_pem($key, "PUBLIC KEY") if $type eq 'public';
91							}
92
93							sub export_key_jwk {
94	0			0	1		my ($self, $type, $wanthash) = @_;
95	0						local $SIG{__DIE__} = \&CryptX::_croak;
96	0						my $kh = $self->key2hash;
97	0	0					return unless $kh;
98	0						my $hash = { kty => "OKP", crv => "X448" };
99	0						$hash->{x} = encode_b64u(pack("H*", $kh->{pub}));
100	0	0	0				$hash->{d} = encode_b64u(pack("H*", $kh->{priv})) if $type && $type eq 'private' && $kh->{priv};
			0
101	0	0					return $wanthash ? $hash : CryptX::_encode_json($hash);
102							}
103
104	0			0			sub CLONE_SKIP { 1 } # prevent cloning
105
106							1;
107
108							=pod
109
110							=head1 NAME
111
112							Crypt::PK::X448 - Asymmetric cryptography based on X448
113
114							=head1 SYNOPSIS
115
116							use Crypt::PK::X448;
117
118							my $alice = Crypt::PK::X448->new->generate_key;
119							my $bob = Crypt::PK::X448->new->generate_key;
120							my $alice_secret = $alice->shared_secret($bob);
121							my $bob_secret = $bob->shared_secret($alice);
122							die "ERROR" unless $alice_secret eq $bob_secret;
123
124							my $pk = Crypt::PK::X448->new;
125							$pk->import_key_raw(pack("H*", "cf807ab0fc3efa03108469f29e499db2eefefeb12544d8d4e711f187385aaf31b4f38c8f84a3dd9e43da309fd410c3816a50e644b5500c05"), "public");
126
127							my $sk = Crypt::PK::X448->new;
128							$sk->import_key_raw(pack("H*", "10d418b111401956abc5a92c2fbb8406d1d646ba930fdefa2108efe68f2000973755aa952be018f640947c05135fbf9925ebd4da828d86ec"), "private");
129
130							my $generated = Crypt::PK::X448->new->generate_key;
131							my $private_der = $generated->export_key_der('private');
132							my $public_pem = $generated->export_key_pem('public');
133							my $private_jwk = $generated->export_key_jwk('private');
134
135							=head1 DESCRIPTION
136
137							I
138
139							=head1 METHODS
140
141							=head2 new
142
143							my $source = Crypt::PK::X448->new();
144							$source->generate_key;
145
146							my $public_der = $source->export_key_der('public');
147							my $pub = Crypt::PK::X448->new(\$public_der);
148
149							my $private_pem = $source->export_key_pem('private', 'secret', 'AES-256-CBC');
150							my $priv = Crypt::PK::X448->new(\$private_pem, 'secret');
151
152							Passing C<$filename> or C<\$buffer> to C is equivalent: both forms
153							immediately import the key material into the new object.
154
155							=head2 generate_key
156
157							Returns the object itself (for chaining).
158
159							$pk->generate_key;
160
161							=head2 import_key
162
163							Loads X448 private or public keys from DER, PEM, PKCS#8, SubjectPublicKeyInfo, or JWK.
164
165							my $source = Crypt::PK::X448->new();
166							$source->generate_key;
167
168							my $public_der = $source->export_key_der('public');
169							my $pub = Crypt::PK::X448->new();
170							$pub->import_key(\$public_der);
171							my $private_pem = $source->export_key_pem('private', 'secret', 'AES-256-CBC');
172							my $priv = Crypt::PK::X448->new();
173							$priv->import_key(\$private_pem, 'secret');
174							$pk->import_key({
175							curve => "x448",
176							pub => "CF807AB0FC3EFA03108469F29E499DB2EEFEFEB12544D8D4E711F187385AAF31B4F38C8F84A3DD9E43DA309FD410C3816A50E644B5500C05",
177							priv => "10D418B111401956ABC5A92C2FBB8406D1D646BA930FDEFA2108EFE68F2000973755AA952BE018F640947C05135FBF9925EBD4DA828D86EC",
178							});
179							$pk->import_key({
180							kty => "OKP",
181							crv => "X448",
182							d => "ENQYsRFAGVarxaksL7uEBtHWRrqTD976IQjv5o8gAJc3VaqVK-AY9kCUfAUTX7-ZJevU2oKNhuw",
183							x => "z4B6sPw--gMQhGnynkmdsu7-_rElRNjU5xHxhzharzG084yPhKPdnkPaMJ_UEMOBalDmRLVQDAU",
184							});
185
186							The same method also accepts filenames instead of buffers.
187
188							=head2 import_key_raw
189
190							Import raw public/private key bytes.
191
192							$pk->import_key_raw($key, 'public');
193							$pk->import_key_raw($key, 'private');
194
195							The raw key must be exactly 56 bytes long.
196
197							=head2 export_key_der
198
199							Returns the key as a binary DER-encoded string.
200
201							my $der = $pk->export_key_der('private');
202							my $der = $pk->export_key_der('public');
203
204							=head2 export_key_pem
205
206							Returns the key as a PEM-encoded string (ASCII).
207
208							my $pem = $pk->export_key_pem('private');
209							my $pem = $pk->export_key_pem('public');
210							my $pem = $pk->export_key_pem('private', $password, 'AES-256-CBC');
211
212							=head2 export_key_jwk
213
214							Returns a JSON string, or a hashref if the optional second argument is true.
215
216							my $json = $pk->export_key_jwk('private');
217							my $hash = $pk->export_key_jwk('public', 1);
218
219							=head2 export_key_raw
220
221							Returns the raw key as a binary string.
222
223							my $raw = $pk->export_key_raw('private');
224							my $raw = $pk->export_key_raw('public');
225
226							=head2 shared_secret
227
228							Returns the shared secret as a binary string (raw bytes).
229
230							my $shared_secret = $private_key->shared_secret($public_key);
231
232							=head2 is_private
233
234							my $rv = $pk->is_private;
235
236							=head2 key2hash
237
238							Returns a hashref with the key components, or C if no key is loaded.
239
240							my $hash = $pk->key2hash;
241
242							Returns a hash like:
243
244							{
245							curve => "x448",
246							pub => "CF807AB0FC3EFA03108469F29E499DB2EEFEFEB12544D8D4E711F187385AAF31B4F38C8F84A3DD9E43DA309FD410C3816A50E644B5500C05",
247							priv => "10D418B111401956ABC5A92C2FBB8406D1D646BA930FDEFA2108EFE68F2000973755AA952BE018F640947C05135FBF9925EBD4DA828D86EC",
248							}
249
250							=head1 OpenSSL interoperability
251
252							# Generate a key with OpenSSL
253							# openssl genpkey -algorithm x448 -out x448_priv.pem
254							# openssl pkey -in x448_priv.pem -pubout -out x448_pub.pem
255
256							# Load the OpenSSL-generated key in CryptX
257							use Crypt::PK::X448;
258							my $alice = Crypt::PK::X448->new("x448_priv.pem");
259							my $bob_pub = Crypt::PK::X448->new("bob_x448_pub.pem");
260
261							# Derive shared secret
262							my $shared_secret = $alice->shared_secret($bob_pub);
263
264							# Export CryptX key for OpenSSL
265							my $pem = $alice->export_key_pem('private');
266							# then: openssl pkey -in priv.pem -text -noout
267
268							=head1 SEE ALSO
269
270							=over
271
272							=item * L
273
274							=item * L
275
276							=back
277
278							=cut