File Coverage

blib/lib/Crypt/PK/X448.pm

Criterion	Covered	Total	%
statement	26	69	37.6
branch	6	60	10.0
condition	0	40	0.0
subroutine	8	12	66.6
pod	5	5	100.0
total	45	186	24.1

line	stmt	bran	cond	sub	pod	time	code
1							package Crypt::PK::X448;
2
3	4			4		83030	use strict;
	4					7
	4					132
4	4			4		20	use warnings;
	4					4
	4					503
5							our $VERSION = '0.089';
6
7							require Exporter; our @ISA = qw(Exporter); ### use Exporter 5.57 'import';
8							our %EXPORT_TAGS = ( all => [qw( )] );
9							our @EXPORT_OK = ( @{ $EXPORT_TAGS{'all'} } );
10							our @EXPORT = qw();
11
12	4			4		23	use Carp;
	4					7
	4					281
13							$Carp::Internal{(__PACKAGE__)}++;
14	4			4		378	use CryptX;
	4					15
	4					83
15	4			4		328	use Crypt::PK;
	4					7
	4					116
16	4			4		404	use Crypt::Misc qw(read_rawfile encode_b64u decode_b64u der_to_pem);
	4					6
	4					4352
17
18							sub new {
19	3			3	1	19651	my $self = shift->_new();
20	3	50				4591	return @_ > 0 ? $self->import_key(@_) : $self;
21							}
22
23							sub import_key_raw {
24	1			1	1	5	my ($self, $key, $type) = @_;
25	1	50				5	croak "FATAL: undefined key" unless $key;
26	1	50				5	croak "FATAL: invalid key" unless length($key) == 56;
27	1	50				4	croak "FATAL: undefined type" unless $type;
28	1	50				5	return $self->_import_raw($key, 1) if $type eq 'private';
29	1	50				13	return $self->_import_raw($key, 0) if $type eq 'public';
30	0						croak "FATAL: invalid key type '$type'";
31							}
32
33							sub import_key {
34	0			0	1		my ($self, $key, $password) = @_;
35	0						local $SIG{__DIE__} = \&CryptX::_croak;
36	0	0					croak "FATAL: undefined key" unless $key;
37
38	0	0					if (ref($key) eq 'HASH') {
39	0	0	0				if ($key->{kty} && $key->{kty} eq "OKP" && $key->{crv} && $key->{crv} eq 'X448') {
			0
			0
40	0	0					return $self->_import_raw(decode_b64u($key->{d}), 1) if $key->{d};
41	0	0					return $self->_import_raw(decode_b64u($key->{x}), 0) if $key->{x};
42							}
43	0	0	0				if ($key->{curve} && $key->{curve} eq "x448" && ($key->{priv} \|\| $key->{pub})) {
			0
			0
44	0	0					return $self->_import_raw(pack("H*", $key->{priv}), 1) if $key->{priv};
45	0	0					return $self->_import_raw(pack("H*", $key->{pub}), 0) if $key->{pub};
46							}
47	0						croak "FATAL: unexpected X448 key hash";
48							}
49
50	0						my $data;
51	0	0					if (ref($key) eq 'SCALAR') {
		0
52	0						$data = $$key;
53							}
54							elsif (-f $key) {
55	0						$data = read_rawfile($key);
56							}
57							else {
58	0						croak "FATAL: non-existing file '$key'";
59							}
60	0	0					croak "FATAL: invalid key data" unless $data;
61
62	0	0					if ($data =~ /-----BEGIN (PUBLIC\|PRIVATE\|ENCRYPTED PRIVATE) KEY-----(.+?)-----END (PUBLIC\|PRIVATE\|ENCRYPTED PRIVATE) KEY-----/s) {
		0
		0
63	0						return $self->_import_pem($data, $password);
64							}
65							elsif ($data =~ /^\s(\{.?\})\s*$/s) {
66	0		0				my $h = CryptX::_decode_json("$1") \|\| {};
67	0	0	0				if ($h->{kty} && $h->{kty} eq "OKP" && $h->{crv} && $h->{crv} eq 'X448') {
			0
			0
68	0	0					return $self->_import_raw(decode_b64u($h->{d}), 1) if $h->{d};
69	0	0					return $self->_import_raw(decode_b64u($h->{x}), 0) if $h->{x};
70							}
71							}
72							elsif (length($data) == 56) {
73	0						croak "FATAL: use import_key_raw() to load raw (56 bytes) X448 key";
74							}
75							else {
76							my $rv = eval { $self->_import($data) } \|\|
77							eval { $self->_import_pkcs8($data, $password) } \|\|
78	0		0				eval { $self->_import_x509($data) };
79	0	0					return $rv if $rv;
80							}
81	0						croak "FATAL: invalid or unsupported X448 key format";
82							}
83
84							sub export_key_pem {
85	0			0	1		my ($self, $type, $password, $cipher) = @_;
86	0						local $SIG{__DIE__} = \&CryptX::_croak;
87	0		0				my $key = $self->export_key_der($type\|\|'');
88	0	0					return unless $key;
89	0	0					return der_to_pem($key, "PRIVATE KEY", $password, $cipher) if $type eq 'private';
90	0	0					return der_to_pem($key, "PUBLIC KEY") if $type eq 'public';
91							}
92
93							sub export_key_jwk {
94	0			0	1		my ($self, $type, $wanthash) = @_;
95	0						local $SIG{__DIE__} = \&CryptX::_croak;
96	0						my $kh = $self->key2hash;
97	0	0					return unless $kh;
98	0						my $hash = { kty => "OKP", crv => "X448" };
99	0						$hash->{x} = encode_b64u(pack("H*", $kh->{pub}));
100	0	0	0				$hash->{d} = encode_b64u(pack("H*", $kh->{priv})) if $type && $type eq 'private' && $kh->{priv};
			0
101	0	0					return $wanthash ? $hash : CryptX::_encode_json($hash);
102							}
103
104	0			0			sub CLONE_SKIP { 1 } # prevent cloning
105
106							1;
107
108							=pod
109
110							=head1 NAME
111
112							Crypt::PK::X448 - Asymmetric cryptography based on X448
113
114							=head1 SYNOPSIS
115
116							use Crypt::PK::X448;
117
118							my $alice = Crypt::PK::X448->new->generate_key;
119							my $bob = Crypt::PK::X448->new->generate_key;
120							my $alice_secret = $alice->shared_secret($bob);
121							my $bob_secret = $bob->shared_secret($alice);
122							die "ERROR" unless $alice_secret eq $bob_secret;
123
124							my $pk = Crypt::PK::X448->new;
125							$pk->import_key_raw(
126							pack("H*", "cf807ab0fc3efa03108469f29e499db2eefefeb12544d8d4e711f187385aaf31b4f38c8f84a3dd9e43da309fd410c3816a50e644b5500c05"),
127							"public",
128							);
129
130							my $sk = Crypt::PK::X448->new;
131							$sk->import_key_raw(
132							pack("H*", "10d418b111401956abc5a92c2fbb8406d1d646ba930fdefa2108efe68f2000973755aa952be018f640947c05135fbf9925ebd4da828d86ec"),
133							"private",
134							);
135
136							my $generated = Crypt::PK::X448->new->generate_key;
137							my $private_der = $generated->export_key_der('private');
138							my $public_pem = $generated->export_key_pem('public');
139							my $private_jwk = $generated->export_key_jwk('private');
140
141							=head1 DESCRIPTION
142
143							I
144
145							=head1 METHODS
146
147							=head2 new
148
149							my $source = Crypt::PK::X448->new();
150							$source->generate_key;
151
152							my $public_der = $source->export_key_der('public');
153							my $pub = Crypt::PK::X448->new(\$public_der);
154
155							my $private_pem = $source->export_key_pem('private', 'secret', 'AES-256-CBC');
156							my $priv = Crypt::PK::X448->new(\$private_pem, 'secret');
157
158							Passing C<$filename> or C<\$buffer> to C is equivalent: both forms
159							immediately import the key material into the new object.
160
161							=head2 generate_key
162
163							Returns the object itself (for chaining).
164
165							$pk->generate_key;
166
167							=head2 import_key
168
169							Loads X448 private or public keys from DER, PEM, PKCS#8, SubjectPublicKeyInfo, or JWK.
170
171							my $source = Crypt::PK::X448->new();
172							$source->generate_key;
173
174							my $public_der = $source->export_key_der('public');
175							my $pub = Crypt::PK::X448->new();
176							$pub->import_key(\$public_der);
177							my $private_pem = $source->export_key_pem('private', 'secret', 'AES-256-CBC');
178							my $priv = Crypt::PK::X448->new();
179							$priv->import_key(\$private_pem, 'secret');
180							$pk->import_key({
181							curve => "x448",
182							pub => "CF807AB0FC3EFA03108469F29E499DB2EEFEFEB12544D8D4E711F187385AAF31B4F38C8F84A3DD9E43DA309FD410C3816A50E644B5500C05",
183							priv => "10D418B111401956ABC5A92C2FBB8406D1D646BA930FDEFA2108EFE68F2000973755AA952BE018F640947C05135FBF9925EBD4DA828D86EC",
184							});
185							$pk->import_key({
186							kty => "OKP",
187							crv => "X448",
188							d => "ENQYsRFAGVarxaksL7uEBtHWRrqTD976IQjv5o8gAJc3VaqVK-AY9kCUfAUTX7-ZJevU2oKNhuw",
189							x => "z4B6sPw--gMQhGnynkmdsu7-_rElRNjU5xHxhzharzG084yPhKPdnkPaMJ_UEMOBalDmRLVQDAU",
190							});
191
192							The same method also accepts filenames instead of buffers.
193
194							=head2 import_key_raw
195
196							Import raw public/private key bytes.
197
198							$pk->import_key_raw($key, 'public');
199							$pk->import_key_raw($key, 'private');
200
201							The raw key must be exactly 56 bytes long.
202
203							=head2 export_key_der
204
205							Returns the key as a binary DER-encoded string.
206
207							my $der = $pk->export_key_der('private');
208							my $der = $pk->export_key_der('public');
209
210							=head2 export_key_pem
211
212							Returns the key as a PEM-encoded string (ASCII).
213
214							my $pem = $pk->export_key_pem('private');
215							my $pem = $pk->export_key_pem('public');
216							my $pem = $pk->export_key_pem('private', $password, 'AES-256-CBC');
217
218							=head2 export_key_jwk
219
220							Returns a JSON string, or a hashref if the optional second argument is true.
221
222							my $json = $pk->export_key_jwk('private');
223							my $hash = $pk->export_key_jwk('public', 1);
224
225							=head2 export_key_raw
226
227							Returns the raw key as a binary string.
228
229							my $raw = $pk->export_key_raw('private');
230							my $raw = $pk->export_key_raw('public');
231
232							=head2 shared_secret
233
234							Returns the shared secret as a binary string (raw bytes).
235
236							my $shared_secret = $private_key->shared_secret($public_key);
237
238							=head2 is_private
239
240							my $rv = $pk->is_private;
241
242							=head2 key2hash
243
244							Returns a hashref with the key components, or C if no key is loaded.
245
246							my $hash = $pk->key2hash;
247
248							Returns a hash like:
249
250							{
251							curve => "x448",
252							pub => "CF807AB0FC3EFA03108469F29E499DB2EEFEFEB12544D8D4E711F187385AAF31B4F38C8F84A3DD9E43DA309FD410C3816A50E644B5500C05",
253							priv => "10D418B111401956ABC5A92C2FBB8406D1D646BA930FDEFA2108EFE68F2000973755AA952BE018F640947C05135FBF9925EBD4DA828D86EC",
254							}
255
256							=head1 OpenSSL interoperability
257
258							# Generate a key with OpenSSL
259							# openssl genpkey -algorithm x448 -out x448_priv.pem
260							# openssl pkey -in x448_priv.pem -pubout -out x448_pub.pem
261
262							# Load the OpenSSL-generated key in CryptX
263							use Crypt::PK::X448;
264							my $alice = Crypt::PK::X448->new("x448_priv.pem");
265							my $bob_pub = Crypt::PK::X448->new("bob_x448_pub.pem");
266
267							# Derive shared secret
268							my $shared_secret = $alice->shared_secret($bob_pub);
269
270							# Export CryptX key for OpenSSL
271							my $pem = $alice->export_key_pem('private');
272							# then: openssl pkey -in priv.pem -text -noout
273
274							=head1 SEE ALSO
275
276							=over
277
278							=item * L
279
280							=item * L
281
282							=back
283
284							=cut