tuning DSA tests+doc
Karel Miko
10 years ago
21 | 21 | MANIFEST |
22 | 22 | lib/CryptX.c |
23 | 23 | CryptX-* |
24 | poznamky.txt⏎ | |
24 | poznamky.txt | |
25 | t/openssl/*.der | |
26 | t/openssl/*.pem | |
27 | t/openssl/*.data | |
28 | t/openssl/*.sig | |
29 | t/openssl/*.rsa⏎ |
28 | 28 | ^poznamky* |
29 | 29 | \.stackdump$ |
30 | 30 | ^.travis* |
31 | t/openssl/.*\.der$ | |
32 | t/openssl/.*\.pem$ | |
33 | t/openssl/.*\.data$ | |
34 | t/openssl/.*\.sig$ | |
35 | t/openssl/.*\.rsa$⏎ |
0 | NAME | |
1 | CryptX - Crypto toolkit (self-contained no external libraries needed) | |
2 | ||
3 | DESCRIPTION | |
4 | Cryptography in CryptX is based on | |
5 | <https://github.com/libtom/libtomcrypt> | |
6 | ||
7 | Currently available modules: | |
8 | ||
9 | * Ciphers - see Crypt::Cipher and related modules | |
10 | ||
11 | Crypt::Cipher::AES, Crypt::Cipher::Anubis, Crypt::Cipher::Blowfish, | |
12 | Crypt::Cipher::Camellia, Crypt::Cipher::CAST5, Crypt::Cipher::DES, | |
13 | Crypt::Cipher::DES_EDE, Crypt::Cipher::KASUMI, | |
14 | Crypt::Cipher::Khazad, Crypt::Cipher::MULTI2, | |
15 | Crypt::Cipher::Noekeon, Crypt::Cipher::RC2, Crypt::Cipher::RC5, | |
16 | Crypt::Cipher::RC6, Crypt::Cipher::SAFERP, | |
17 | Crypt::Cipher::SAFER_K128, Crypt::Cipher::SAFER_K64, | |
18 | Crypt::Cipher::SAFER_SK128, Crypt::Cipher::SAFER_SK64, | |
19 | Crypt::Cipher::SEED, Crypt::Cipher::Skipjack, | |
20 | Crypt::Cipher::Twofish, Crypt::Cipher::XTEA | |
21 | ||
22 | * Block cipher modes | |
23 | ||
24 | Crypt::Mode::CBC, Crypt::Mode::CFB, Crypt::Mode::CTR, | |
25 | Crypt::Mode::ECB, Crypt::Mode::OFB | |
26 | ||
27 | * Authenticated encryption modes | |
28 | ||
29 | Crypt::AuthEnc::CCM, Crypt::AuthEnc::EAX, Crypt::AuthEnc::GCM, | |
30 | Crypt::AuthEnc::OCB | |
31 | ||
32 | * Hash Functions - see Crypt::Digest and related modules | |
33 | ||
34 | Crypt::Digest::CHAES, Crypt::Digest::MD2, Crypt::Digest::MD4, | |
35 | Crypt::Digest::MD5, Crypt::Digest::RIPEMD128, | |
36 | Crypt::Digest::RIPEMD160, Crypt::Digest::RIPEMD256, | |
37 | Crypt::Digest::RIPEMD320, Crypt::Digest::SHA1, | |
38 | Crypt::Digest::SHA224, Crypt::Digest::SHA256, Crypt::Digest::SHA384, | |
39 | Crypt::Digest::SHA512, Crypt::Digest::Tiger192, | |
40 | Crypt::Digest::Whirlpool | |
41 | ||
42 | * Message Authentication Codes | |
43 | ||
44 | Crypt::Mac::F9, Crypt::Mac::HMAC, Crypt::Mac::OMAC, | |
45 | Crypt::Mac::Pelican, Crypt::Mac::PMAC, Crypt::Mac::XCBC | |
46 | ||
47 | * Public key cryptography | |
48 | ||
49 | Crypt::PK::RSA, Crypt::PK::DSA, Crypt::PK::ECC, Crypt::PK::DH | |
50 | ||
51 | * Cryptographically secure random number generators | |
52 | ||
53 | Crypt::PRNG, Crypt::PRNG::Fortuna, Crypt::PRNG::Yarrow, | |
54 | Crypt::PRNG::RC4, Crypt::PRNG::Sober128 | |
55 | ||
56 | * Key derivation functions - PBKDF1, PBKFD2 and HKDF | |
57 | ||
58 | Crypt::KeyDerivation | |
59 | ||
60 | LICENSE | |
61 | This program is free software; you can redistribute it and/or modify it | |
62 | under the same terms as Perl itself. | |
63 | ||
64 | COPYRIGHT | |
65 | Copyright (c) 2013 DCIT, a.s. <http://www.dcit.cz> / Karel Miko | |
66 | ||
0 | NAME | |
1 | CryptX - Crypto toolkit (self-contained no external libraries needed) | |
2 | ||
3 | DESCRIPTION | |
4 | Cryptography in CryptX is based on | |
5 | <https://github.com/libtom/libtomcrypt> | |
6 | ||
7 | Currently available modules: | |
8 | ||
9 | * Ciphers - see Crypt::Cipher and related modules | |
10 | ||
11 | Crypt::Cipher::AES, Crypt::Cipher::Anubis, Crypt::Cipher::Blowfish, | |
12 | Crypt::Cipher::Camellia, Crypt::Cipher::CAST5, Crypt::Cipher::DES, | |
13 | Crypt::Cipher::DES_EDE, Crypt::Cipher::KASUMI, | |
14 | Crypt::Cipher::Khazad, Crypt::Cipher::MULTI2, | |
15 | Crypt::Cipher::Noekeon, Crypt::Cipher::RC2, Crypt::Cipher::RC5, | |
16 | Crypt::Cipher::RC6, Crypt::Cipher::SAFERP, | |
17 | Crypt::Cipher::SAFER_K128, Crypt::Cipher::SAFER_K64, | |
18 | Crypt::Cipher::SAFER_SK128, Crypt::Cipher::SAFER_SK64, | |
19 | Crypt::Cipher::SEED, Crypt::Cipher::Skipjack, | |
20 | Crypt::Cipher::Twofish, Crypt::Cipher::XTEA | |
21 | ||
22 | * Block cipher modes | |
23 | ||
24 | Crypt::Mode::CBC, Crypt::Mode::CFB, Crypt::Mode::CTR, | |
25 | Crypt::Mode::ECB, Crypt::Mode::OFB | |
26 | ||
27 | * Authenticated encryption modes | |
28 | ||
29 | Crypt::AuthEnc::CCM, Crypt::AuthEnc::EAX, Crypt::AuthEnc::GCM, | |
30 | Crypt::AuthEnc::OCB | |
31 | ||
32 | * Hash Functions - see Crypt::Digest and related modules | |
33 | ||
34 | Crypt::Digest::CHAES, Crypt::Digest::MD2, Crypt::Digest::MD4, | |
35 | Crypt::Digest::MD5, Crypt::Digest::RIPEMD128, | |
36 | Crypt::Digest::RIPEMD160, Crypt::Digest::RIPEMD256, | |
37 | Crypt::Digest::RIPEMD320, Crypt::Digest::SHA1, | |
38 | Crypt::Digest::SHA224, Crypt::Digest::SHA256, Crypt::Digest::SHA384, | |
39 | Crypt::Digest::SHA512, Crypt::Digest::Tiger192, | |
40 | Crypt::Digest::Whirlpool | |
41 | ||
42 | * Message Authentication Codes | |
43 | ||
44 | Crypt::Mac::F9, Crypt::Mac::HMAC, Crypt::Mac::OMAC, | |
45 | Crypt::Mac::Pelican, Crypt::Mac::PMAC, Crypt::Mac::XCBC | |
46 | ||
47 | * Public key cryptography | |
48 | ||
49 | Crypt::PK::RSA, Crypt::PK::DSA, Crypt::PK::ECC, Crypt::PK::DH | |
50 | ||
51 | * Cryptographically secure random number generators | |
52 | ||
53 | Crypt::PRNG, Crypt::PRNG::Fortuna, Crypt::PRNG::Yarrow, | |
54 | Crypt::PRNG::RC4, Crypt::PRNG::Sober128 | |
55 | ||
56 | * Key derivation functions - PBKDF1, PBKFD2 and HKDF | |
57 | ||
58 | Crypt::KeyDerivation | |
59 | ||
60 | LICENSE | |
61 | This program is free software; you can redistribute it and/or modify it | |
62 | under the same terms as Perl itself. | |
63 | ||
64 | COPYRIGHT | |
65 | Copyright (c) 2013 DCIT, a.s. <http://www.dcit.cz> / Karel Miko | |
66 |
26 | 26 | return undef unless $key; |
27 | 27 | return Crypt::PK::_asn1_to_pem($key, "DSA PRIVATE KEY", $password, $cipher) if $type eq 'private'; |
28 | 28 | return Crypt::PK::_asn1_to_pem($key, "DSA PUBLIC KEY") if $type eq 'public'; |
29 | return Crypt::PK::_asn1_to_pem($key, "PUBLIC KEY") if $type eq 'public_x509'; | |
29 | 30 | } |
30 | 31 | |
31 | 32 | sub import_key { |
250 | 251 | my $private_pem = $pk->export_key_pem('private'); |
251 | 252 | #or |
252 | 253 | my $public_pem = $pk->export_key_pem('public'); |
254 | #or | |
255 | my $public_pem = $pk->export_key_pem('public_x509'); | |
256 | ||
257 | With parameter C<'public'> uses header and footer lines: | |
258 | ||
259 | -----BEGIN DSA PUBLIC KEY------ | |
260 | -----END DSA PUBLIC KEY------ | |
261 | ||
262 | With parameter C<'public_x509'> uses header and footer lines: | |
263 | ||
264 | -----BEGIN PUBLIC KEY------ | |
265 | -----END PUBLIC KEY------ | |
253 | 266 | |
254 | 267 | Support for password protected PEM keys |
255 | 268 | |
398 | 411 | #or |
399 | 412 | dsa_verify_hash(\$buffer_containing_pub_key, $signature, $message_hash) or die "ERROR"; |
400 | 413 | |
414 | =head1 OpenSSL interoperability | |
415 | ||
416 | ### let's have: | |
417 | # DSA private key in PEM format - dsakey.priv.pem | |
418 | # DSA public key in PEM format - dsakey.pub.pem | |
419 | # data file to be signed or encrypted - input.data | |
420 | ||
421 | =head2 Sign by OpenSSL, verify by Crypt::PK::DSA | |
422 | ||
423 | Create signature (from commandline): | |
424 | ||
425 | openssl dgst -sha1 -sign dsakey.priv.pem -out input.sha1-dsa.sig input.data | |
426 | ||
427 | Verify signature (Perl code): | |
428 | ||
429 | use Crypt::PK::DSA; | |
430 | use Crypt::Digest 'digest_file'; | |
431 | use File::Slurp 'read_file'; | |
432 | ||
433 | my $pkdsa = Crypt::PK::DSA->new("dsakey.pub.pem"); | |
434 | my $signature = read_file("input.sha1-dsa.sig", binmode=>':raw'); | |
435 | my $valid = $pkdsa->verify_hash($signature, digest_file("SHA1", "input.data"), "SHA1", "v1.5"); | |
436 | print $valid ? "SUCCESS" : "FAILURE"; | |
437 | ||
438 | =head2 Sign by Crypt::PK::DSA, verify by OpenSSL | |
439 | ||
440 | Create signature (Perl code): | |
441 | ||
442 | use Crypt::PK::DSA; | |
443 | use Crypt::Digest 'digest_file'; | |
444 | use File::Slurp 'write_file'; | |
445 | ||
446 | my $pkdsa = Crypt::PK::DSA->new("dsakey.priv.pem"); | |
447 | my $signature = $pkdsa->sign_hash(digest_file("SHA1", "input.data"), "SHA1", "v1.5"); | |
448 | write_file("input.sha1-dsa.sig", {binmode=>':raw'}, $signature); | |
449 | ||
450 | Verify signature (from commandline): | |
451 | ||
452 | openssl dgst -sha1 -verify dsakey.pub.pem -signature input.sha1-dsa.sig input.data | |
453 | ||
454 | =head2 Keys generated by Crypt::PK::DSA | |
455 | ||
456 | Generate keys (Perl code): | |
457 | ||
458 | use Crypt::PK::DSA; | |
459 | use File::Slurp 'write_file'; | |
460 | ||
461 | my $pkdsa = Crypt::PK::DSA->new; | |
462 | $pkdsa->generate_key(20, 128); | |
463 | write_file("dsakey.pub.der", {binmode=>':raw'}, $pkdsa->export_key_der('public')); | |
464 | write_file("dsakey.priv.der", {binmode=>':raw'}, $pkdsa->export_key_der('private')); | |
465 | write_file("dsakey.pub.pem", $pkdsa->export_key_pem('public_x509')); | |
466 | write_file("dsakey.priv.pem", $pkdsa->export_key_pem('private')); | |
467 | write_file("dsakey-passwd.priv.pem", $pkdsa->export_key_pem('private', 'secret')); | |
468 | ||
469 | Use keys by OpenSSL: | |
470 | ||
471 | openssl dsa -in dsakey.priv.der -text -inform der | |
472 | openssl dsa -in dsakey.priv.pem -text | |
473 | openssl dsa -in dsakey-passwd.priv.pem -text -inform pem -passin pass:secret | |
474 | openssl dsa -in dsakey.pub.der -pubin -text -inform der | |
475 | openssl dsa -in dsakey.pub.pem -pubin -text | |
476 | ||
477 | =head2 Keys generated by OpenSSL | |
478 | ||
479 | Generate keys: | |
480 | ||
481 | openssl dsaparam -genkey -out dsakey.priv.pem 1024 | |
482 | openssl dsa -in dsakey.priv.pem -out dsakey.priv.der -outform der | |
483 | openssl dsa -in dsakey.priv.pem -out dsakey.pub.pem -pubout | |
484 | openssl dsa -in dsakey.priv.pem -out dsakey.pub.der -outform der -pubout | |
485 | openssl dsa -in dsakey.priv.pem -passout pass:secret -des3 -out dsakey-passwd.priv.pem | |
486 | ||
487 | Load keys (Perl code): | |
488 | ||
489 | use Crypt::PK::DSA; | |
490 | use File::Slurp 'write_file'; | |
491 | ||
492 | my $pkdsa = Crypt::PK::DSA->new; | |
493 | $pkdsa->import_key("dsakey.pub.der"); | |
494 | $pkdsa->import_key("dsakey.priv.der"); | |
495 | $pkdsa->import_key("dsakey.pub.pem"); | |
496 | $pkdsa->import_key("dsakey.priv.pem"); | |
497 | $pkdsa->import_key("dsakey-passwd.priv.pem", "secret"); | |
498 | ||
401 | 499 | =head1 SEE ALSO |
402 | 500 | |
403 | 501 | =over |
2 | 2 | use strict; |
3 | 3 | use warnings ; |
4 | 4 | |
5 | our $VERSION = '0.019_1'; | |
5 | our $VERSION = '0.019_2'; | |
6 | 6 | |
7 | 7 | require XSLoader; |
8 | 8 | XSLoader::load('CryptX', $VERSION); |
0 | use strict; | |
1 | use warnings; | |
2 | ||
3 | sub runcmds { | |
4 | my $cmds = shift; | |
5 | for (split /\n/, $cmds) { | |
6 | s/^\s*(.*?)\s*$/$1/; | |
7 | warn "#### >$_<\n"; | |
8 | my $rv = system($_); | |
9 | die "ERROR (rv = $rv)\n" if $rv; | |
10 | } | |
11 | } | |
12 | ||
13 | sub doit { | |
14 | ||
15 | ### sign openssl > cryptx | |
16 | runcmds <<'MARKER'; | |
17 | openssl dgst -sha1 -sign dsakey.priv.pem -out input.sha1-dsa.sig input.data | |
18 | MARKER | |
19 | ||
20 | { | |
21 | use Crypt::PK::DSA; | |
22 | use Crypt::Digest 'digest_file'; | |
23 | use File::Slurp 'read_file'; | |
24 | ||
25 | my $pkdsa = Crypt::PK::DSA->new("dsakey.pub.pem"); | |
26 | my $signature = read_file("input.sha1-dsa.sig", binmode=>':raw'); | |
27 | my $valid = $pkdsa->verify_hash($signature, digest_file("SHA1", "input.data"), "SHA1", "v1.5"); | |
28 | print $valid ? "SUCCESS" : "FAILURE"; | |
29 | } | |
30 | ||
31 | ### sign cryptx > openssl | |
32 | { | |
33 | use Crypt::PK::DSA; | |
34 | use Crypt::Digest 'digest_file'; | |
35 | use File::Slurp 'write_file'; | |
36 | ||
37 | my $pkdsa = Crypt::PK::DSA->new("dsakey.priv.pem"); | |
38 | my $signature = $pkdsa->sign_hash(digest_file("SHA1", "input.data"), "SHA1", "v1.5"); | |
39 | write_file("input.sha1-dsa.sig", {binmode=>':raw'}, $signature); | |
40 | } | |
41 | ||
42 | runcmds <<'MARKER'; | |
43 | openssl dgst -sha1 -verify dsakey.pub.pem -signature input.sha1-dsa.sig input.data | |
44 | MARKER | |
45 | ||
46 | } | |
47 | ||
48 | ### MAIN ### | |
49 | ||
50 | write_file("input.data", "test-file-content"); | |
51 | ||
52 | ### keys generated by cryptx | |
53 | { | |
54 | use Crypt::PK::DSA; | |
55 | use File::Slurp 'write_file'; | |
56 | ||
57 | my $pkdsa = Crypt::PK::DSA->new; | |
58 | $pkdsa->generate_key(20, 128); | |
59 | write_file("dsakey.pub.der", {binmode=>':raw'}, $pkdsa->export_key_der('public')); | |
60 | write_file("dsakey.priv.der", {binmode=>':raw'}, $pkdsa->export_key_der('private')); | |
61 | write_file("dsakey.pub.pem", $pkdsa->export_key_pem('public_x509')); | |
62 | write_file("dsakey.priv.pem", $pkdsa->export_key_pem('private')); | |
63 | write_file("dsakey-passwd.priv.pem", $pkdsa->export_key_pem('private', 'secret')); | |
64 | } | |
65 | ||
66 | runcmds <<'MARKER'; | |
67 | openssl dsa -in dsakey.priv.der -text -inform der | |
68 | openssl dsa -in dsakey.priv.pem -text | |
69 | openssl dsa -in dsakey-passwd.priv.pem -text -inform pem -passin pass:secret | |
70 | openssl dsa -in dsakey.pub.der -pubin -text -inform der | |
71 | openssl dsa -in dsakey.pub.pem -pubin -text | |
72 | MARKER | |
73 | ||
74 | doit(); | |
75 | ||
76 | ### keys generated by openssl | |
77 | ||
78 | runcmds <<'MARKER'; | |
79 | openssl dsaparam -genkey -out dsakey.priv.pem 1024 | |
80 | openssl dsa -in dsakey.priv.pem -out dsakey.priv.der -outform der | |
81 | openssl dsa -in dsakey.priv.pem -out dsakey.pub.pem -pubout | |
82 | openssl dsa -in dsakey.priv.pem -out dsakey.pub.der -outform der -pubout | |
83 | openssl dsa -in dsakey.priv.pem -passout pass:secret -des3 -out dsakey-passwd.priv.pem | |
84 | MARKER | |
85 | ||
86 | { | |
87 | use Crypt::PK::DSA; | |
88 | use File::Slurp 'write_file'; | |
89 | ||
90 | my $pkdsa = Crypt::PK::DSA->new; | |
91 | $pkdsa->import_key("dsakey.pub.der"); | |
92 | $pkdsa->import_key("dsakey.priv.der"); | |
93 | $pkdsa->import_key("dsakey.pub.pem"); | |
94 | $pkdsa->import_key("dsakey.priv.pem"); | |
95 | $pkdsa->import_key("dsakey-passwd.priv.pem", "secret"); | |
96 | } | |
97 | ||
98 | doit(); | |
99 | ||
100 | warn "\nSUCCESS\n";⏎ |
0 | 0 | use strict; |
1 | 1 | use warnings; |
2 | ||
3 | use Crypt::PK::RSA;Crypt::PK::RSA->new("rsakey.priv.pem"); | |
4 | 2 | |
5 | 3 | sub runcmds { |
6 | 4 | my $cmds = shift; |
11 | 9 | die "ERROR (rv = $rv)\n" if $rv; |
12 | 10 | } |
13 | 11 | } |
14 | ||
15 | write_file("input.data", "test-file-content"); | |
16 | 12 | |
17 | 13 | sub doit { |
18 | 14 | |
79 | 75 | |
80 | 76 | } |
81 | 77 | |
78 | ### MAIN ### | |
79 | ||
80 | write_file("input.data", "test-file-content"); | |
81 | ||
82 | 82 | ### keys generated by cryptx |
83 | 83 | { |
84 | use Crypt::PK::RSA; | |
85 | use File::Slurp 'write_file'; | |
86 | ||
87 | my $pkrsa = Crypt::PK::RSA->new; | |
88 | $pkrsa->generate_key(256, 65537); | |
89 | write_file("rsakey.pub.der", {binmode=>':raw'}, $pkrsa->export_key_der('public')); | |
90 | write_file("rsakey.priv.der", {binmode=>':raw'}, $pkrsa->export_key_der('private')); | |
91 | write_file("rsakey.pub.pem", $pkrsa->export_key_pem('public_x509')); | |
92 | write_file("rsakey.priv.pem", $pkrsa->export_key_pem('private')); | |
93 | write_file("rsakey-passwd.priv.pem", $pkrsa->export_key_pem('private', 'secret')); | |
84 | use Crypt::PK::RSA; | |
85 | use File::Slurp 'write_file'; | |
86 | ||
87 | my $pkrsa = Crypt::PK::RSA->new; | |
88 | $pkrsa->generate_key(256, 65537); | |
89 | write_file("rsakey.pub.der", {binmode=>':raw'}, $pkrsa->export_key_der('public')); | |
90 | write_file("rsakey.priv.der", {binmode=>':raw'}, $pkrsa->export_key_der('private')); | |
91 | write_file("rsakey.pub.pem", $pkrsa->export_key_pem('public_x509')); | |
92 | write_file("rsakey.priv.pem", $pkrsa->export_key_pem('private')); | |
93 | write_file("rsakey-passwd.priv.pem", $pkrsa->export_key_pem('private', 'secret')); | |
94 | 94 | } |
95 | 95 | |
96 | 96 | runcmds <<'MARKER'; |
114 | 114 | MARKER |
115 | 115 | |
116 | 116 | { |
117 | use Crypt::PK::RSA; | |
118 | use File::Slurp 'write_file'; | |
119 | ||
120 | my $pkrsa = Crypt::PK::RSA->new; | |
121 | $pkrsa->import_key("rsakey.pub.der"); | |
122 | $pkrsa->import_key("rsakey.priv.der"); | |
123 | $pkrsa->import_key("rsakey.pub.pem"); | |
124 | $pkrsa->import_key("rsakey.priv.pem"); | |
125 | $pkrsa->import_key("rsakey-passwd.priv.pem", "secret"); | |
117 | use Crypt::PK::RSA; | |
118 | use File::Slurp 'write_file'; | |
119 | ||
120 | my $pkrsa = Crypt::PK::RSA->new; | |
121 | $pkrsa->import_key("rsakey.pub.der"); | |
122 | $pkrsa->import_key("rsakey.priv.der"); | |
123 | $pkrsa->import_key("rsakey.pub.pem"); | |
124 | $pkrsa->import_key("rsakey.priv.pem"); | |
125 | $pkrsa->import_key("rsakey-passwd.priv.pem", "secret"); | |
126 | 126 | } |
127 | 127 | |
128 | 128 | doit(); |