RSA: sign/verify functions now support "none" padding (INSECURE!)
Karel Miko
7 years ago
9 | 9 | - maybe: switch yarrow > fortuna for Crypt::PK::* |
10 | 10 | - maybe: add encode_b32/decode_b32 |
11 | 11 | - maybe: x509_rsa_pubkey + x509_rsa_pubkey_alg |
12 | ||
13 | 0.041_001 2016/10/19 | |
14 | - RSA: sign/verify functions now support 'none' padding (INSECURE!) | |
12 | 15 | |
13 | 16 | 0.041 2016/10/12 |
14 | 17 | - ECC: ltc_ecc_is_point memory leak |
320 | 320 | RETVAL |
321 | 321 | |
322 | 322 | SV * |
323 | _sign(Crypt::PK::RSA self, SV * data, char * padding, char * hash_name, unsigned long saltlen=12) | |
323 | _sign(Crypt::PK::RSA self, SV * data, char * padding, char * hash_name=NULL, unsigned long saltlen=12) | |
324 | 324 | CODE: |
325 | 325 | { |
326 | 326 | int rv, hash_id; |
332 | 332 | data_ptr = (unsigned char *)SvPVbyte(data, data_len); |
333 | 333 | |
334 | 334 | RETVAL = newSVpvn(NULL, 0); /* undef */ |
335 | hash_id = find_hash(hash_name); | |
336 | if(hash_id==-1) croak("FATAL: find_hash failed for '%s'", hash_name); | |
337 | 335 | if (strnEQ(padding, "pss", 3)) { |
336 | hash_id = find_hash(hash_name); | |
337 | if(hash_id==-1) croak("FATAL: find_hash failed for '%s'", hash_name); | |
338 | 338 | rv = rsa_sign_hash_ex(data_ptr, (unsigned long)data_len, buffer, &buffer_len, LTC_PKCS_1_PSS, |
339 | 339 | &self->yarrow_prng_state, self->yarrow_prng_index, |
340 | 340 | hash_id, saltlen, &self->key); |
342 | 342 | RETVAL = newSVpvn((char*)buffer, buffer_len); |
343 | 343 | } |
344 | 344 | else if (strnEQ(padding, "v1.5", 4)) { |
345 | hash_id = find_hash(hash_name); | |
346 | if(hash_id==-1) croak("FATAL: find_hash failed for '%s'", hash_name); | |
345 | 347 | rv = rsa_sign_hash_ex(data_ptr, (unsigned long)data_len, buffer, &buffer_len, LTC_PKCS_1_V1_5, |
346 | 348 | &self->yarrow_prng_state, self->yarrow_prng_index, |
347 | 349 | hash_id, 0, &self->key); |
348 | 350 | if (rv != CRYPT_OK) croak("FATAL: rsa_sign_hash_ex failed: %s", error_to_string(rv)); |
349 | 351 | RETVAL = newSVpvn((char*)buffer, buffer_len); |
350 | 352 | } |
353 | else if (strnEQ(padding, "none", 4)) { | |
354 | /* raw RSA */ | |
355 | rv = ltc_mp.rsa_me(data_ptr, (unsigned long)data_len, buffer, &buffer_len, PK_PRIVATE, &self->key); | |
356 | if (rv != CRYPT_OK) croak("FATAL: rsa_me failed: %s", error_to_string(rv)); | |
357 | RETVAL = newSVpvn((char*)buffer, buffer_len); | |
358 | } | |
351 | 359 | else { |
352 | 360 | croak("FATAL: rsa_sign invalid padding '%s'", padding); |
353 | 361 | } |
356 | 364 | RETVAL |
357 | 365 | |
358 | 366 | int |
359 | _verify(Crypt::PK::RSA self, SV * sig, SV * data, char * padding, char * hash_name, unsigned long saltlen=12) | |
360 | CODE: | |
361 | { | |
362 | int rv, hash_id, stat; | |
367 | _verify(Crypt::PK::RSA self, SV * sig, SV * data, char * padding, char * hash_name=NULL, unsigned long saltlen=12) | |
368 | CODE: | |
369 | { | |
370 | int rv, hash_id, stat, i; | |
363 | 371 | unsigned char *data_ptr=NULL; |
364 | 372 | STRLEN data_len=0; |
365 | 373 | unsigned char *sig_ptr=NULL; |
366 | 374 | STRLEN sig_len=0; |
375 | unsigned char buffer[1024]; | |
376 | unsigned long buffer_len = 1024; | |
367 | 377 | |
368 | 378 | data_ptr = (unsigned char *)SvPVbyte(data, data_len); |
369 | 379 | sig_ptr = (unsigned char *)SvPVbyte(sig, sig_len); |
370 | 380 | |
371 | 381 | RETVAL = 1; |
372 | hash_id = find_hash(hash_name); | |
373 | if(hash_id==-1) croak("FATAL: find_hash failed for '%s'", hash_name); | |
374 | 382 | if (strnEQ(padding, "pss", 3)) { |
383 | hash_id = find_hash(hash_name); | |
384 | if(hash_id==-1) croak("FATAL: find_hash failed for '%s'", hash_name); | |
375 | 385 | rv = rsa_verify_hash_ex(sig_ptr, (unsigned long)sig_len, data_ptr, (unsigned long)data_len, LTC_PKCS_1_PSS, |
376 | 386 | hash_id, saltlen, &stat, &self->key); |
377 | 387 | if (rv != CRYPT_OK || stat != 1) RETVAL = 0; |
378 | 388 | } |
379 | 389 | else if (strnEQ(padding, "v1.5", 4)) { |
390 | hash_id = find_hash(hash_name); | |
391 | if(hash_id==-1) croak("FATAL: find_hash failed for '%s'", hash_name); | |
380 | 392 | rv = rsa_verify_hash_ex(sig_ptr, (unsigned long)sig_len, data_ptr, (unsigned long)data_len, LTC_PKCS_1_V1_5, |
381 | 393 | hash_id, 0, &stat, &self->key); |
382 | 394 | if (rv != CRYPT_OK || stat != 1) RETVAL = 0; |
383 | 395 | } |
396 | else if (strnEQ(padding, "none", 4)) { | |
397 | /* raw RSA */ | |
398 | Zero(buffer, buffer_len, unsigned char); | |
399 | rv = ltc_mp.rsa_me(sig_ptr, (unsigned long)sig_len, buffer, &buffer_len, PK_PUBLIC, &self->key); | |
400 | if (rv != CRYPT_OK) croak("FATAL: rsa_me failed: %s", error_to_string(rv)); | |
401 | if (data_len <= buffer_len && buffer_len > 0 && data_len > 0) { | |
402 | for (i = 0; i < buffer_len - data_len; i++) if (buffer[i] != 0) RETVAL = 0; | |
403 | if (memNE(data_ptr, buffer + buffer_len - data_len, data_len)) RETVAL = 0; | |
404 | } | |
405 | else { | |
406 | RETVAL = 0; | |
407 | } | |
408 | } | |
384 | 409 | else { |
385 | 410 | croak("FATAL: rsa_verify invalid padding '%s'", padding); |
386 | 411 | } |
598 | 598 | #or |
599 | 599 | my $ct = $pk->encrypt($message, 'oaep', $hash_name, $lparam); |
600 | 600 | |
601 | # $padding .................... 'oaep' (DEFAULT), 'v1.5' or 'none' | |
601 | # $padding .................... 'oaep' (DEFAULT), 'v1.5' or 'none' (INSECURE) | |
602 | 602 | # $hash_name (only for oaep) .. 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest |
603 | 603 | # $lparam (only for oaep) ..... DEFAULT is empty string |
604 | 604 | |
611 | 611 | #or |
612 | 612 | my $pt = $pk->decrypt($ciphertext, 'oaep', $hash_name, $lparam); |
613 | 613 | |
614 | # $padding .................... 'oaep' (DEFAULT), 'v1.5' or 'none' | |
614 | # $padding .................... 'oaep' (DEFAULT), 'v1.5' or 'none' (INSECURE) | |
615 | 615 | # $hash_name (only for oaep) .. 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest |
616 | 616 | # $lparam (only for oaep) ..... DEFAULT is empty string |
617 | 617 | |
627 | 627 | my $signature = $priv->sign_message($message, $hash_name, 'pss', $saltlen); |
628 | 628 | |
629 | 629 | # $hash_name ............... 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest |
630 | # $padding ................. 'pss' (DEFAULT) or 'v1.5' | |
630 | # $padding ................. 'pss' (DEFAULT) or 'v1.5' or 'none' (INSECURE) | |
631 | 631 | # $saltlen (only for pss) .. DEFAULT is 12 |
632 | 632 | |
633 | 633 | =head2 verify_message |
642 | 642 | my $valid = $pub->verify_message($signature, $message, $hash_name, 'pss', $saltlen); |
643 | 643 | |
644 | 644 | # $hash_name ............... 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest |
645 | # $padding ................. 'pss' (DEFAULT) or 'v1.5' | |
645 | # $padding ................. 'pss' (DEFAULT) or 'v1.5' or 'none' (INSECURE) | |
646 | 646 | # $saltlen (only for pss) .. DEFAULT is 12 |
647 | 647 | |
648 | 648 | =head2 sign_hash |
657 | 657 | my $signature = $priv->sign_hash($message_hash, $hash_name, 'pss', $saltlen); |
658 | 658 | |
659 | 659 | # $hash_name ............... 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest |
660 | # $padding ................. 'pss' (DEFAULT) or 'v1.5' | |
660 | # $padding ................. 'pss' (DEFAULT) or 'v1.5' or 'none' (INSECURE) | |
661 | 661 | # $saltlen (only for pss) .. DEFAULT is 12 |
662 | 662 | |
663 | 663 | =head2 verify_hash |
672 | 672 | my $valid = $pub->verify_hash($signature, $message_hash, $hash_name, 'pss', $saltlen); |
673 | 673 | |
674 | 674 | # $hash_name ............... 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest |
675 | # $padding ................. 'pss' (DEFAULT) or 'v1.5' | |
675 | # $padding ................. 'pss' (DEFAULT) or 'v1.5' or 'none' (INSECURE) | |
676 | 676 | # $saltlen (only for pss) .. DEFAULT is 12 |
677 | 677 | |
678 | 678 | =head2 is_private |
720 | 720 | #or |
721 | 721 | my $ct = rsa_encrypt($pub_key, $message, 'oaep', $hash_name, $lparam); |
722 | 722 | |
723 | # $padding .................... 'oaep' (DEFAULT), 'v1.5' or 'none' | |
723 | # $padding .................... 'oaep' (DEFAULT), 'v1.5' or 'none' (INSECURE) | |
724 | 724 | # $hash_name (only for oaep) .. 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest |
725 | 725 | # $lparam (only for oaep) ..... DEFAULT is empty string |
726 | 726 | |
736 | 736 | #or |
737 | 737 | my $pt = rsa_decrypt($priv_key, $ciphertext, 'oaep', $hash_name, $lparam); |
738 | 738 | |
739 | # $padding .................... 'oaep' (DEFAULT), 'v1.5' or 'none' | |
739 | # $padding .................... 'oaep' (DEFAULT), 'v1.5' or 'none' (INSECURE) | |
740 | 740 | # $hash_name (only for oaep) .. 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest |
741 | 741 | # $lparam (only for oaep) ..... DEFAULT is empty string |
742 | 742 | |
755 | 755 | my $sig = rsa_sign_message($priv_key, $message, $hash_name, 'pss', $saltlen); |
756 | 756 | |
757 | 757 | # $hash_name ............... 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest |
758 | # $padding ................. 'pss' (DEFAULT) or 'v1.5' | |
758 | # $padding ................. 'pss' (DEFAULT) or 'v1.5' or 'none' (INSECURE) | |
759 | 759 | # $saltlen (only for pss) .. DEFAULT is 12 |
760 | 760 | |
761 | 761 | =head2 rsa_verify_message |
773 | 773 | rsa_verify_message($pub_key, $signature, $message, $hash_name, 'pss', $saltlen) or die "ERROR"; |
774 | 774 | |
775 | 775 | # $hash_name ............... 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest |
776 | # $padding ................. 'pss' (DEFAULT) or 'v1.5' | |
776 | # $padding ................. 'pss' (DEFAULT) or 'v1.5' or 'none' (INSECURE) | |
777 | 777 | # $saltlen (only for pss) .. DEFAULT is 12 |
778 | 778 | |
779 | 779 | =head2 rsa_sign_hash |
791 | 791 | my $sig = rsa_sign_hash($priv_key, $message_hash, $hash_name, 'pss', $saltlen); |
792 | 792 | |
793 | 793 | # $hash_name ............... 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest |
794 | # $padding ................. 'pss' (DEFAULT) or 'v1.5' | |
794 | # $padding ................. 'pss' (DEFAULT) or 'v1.5' or 'none' (INSECURE) | |
795 | 795 | # $saltlen (only for pss) .. DEFAULT is 12 |
796 | 796 | |
797 | 797 | =head2 rsa_verify_hash |
809 | 809 | rsa_verify_hash($pub_key, $signature, $message_hash, $hash_name, 'pss', $saltlen) or die "ERROR"; |
810 | 810 | |
811 | 811 | # $hash_name ............... 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest |
812 | # $padding ................. 'pss' (DEFAULT) or 'v1.5' | |
812 | # $padding ................. 'pss' (DEFAULT) or 'v1.5' or 'none' (INSECURE) | |
813 | 813 | # $saltlen (only for pss) .. DEFAULT is 12 |
814 | 814 | |
815 | 815 | =head1 OpenSSL interoperability |