Giter Club home page Giter Club logo

perl-cryptx's Introduction

NAME

CryptX - Cryptographic toolkit

DESCRIPTION

Perl modules providing a cryptography based on LibTomCrypt library.

LICENSE

This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

COPYRIGHT

Copyright (c) 2013-2023 DCIT, a.s. https://www.dcit.cz / Karel Miko

perl-cryptx's People

Contributors

atoomic avatar fgasper avatar hugmeir avatar karel-m avatar lkinley-rythmos avatar manuelm avatar real-dam avatar sergeyromanov avatar shmakins avatar timlegge avatar tomhukins avatar zoffixznet avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

sergeyromanov lkinley fgasper manuelm tecknicaltom zhou0 pkg-perl-tools lostio rmw42 herme-s zoffixznet hugmeir atoomic michal-josef-spacek ibiscum timlegge jkeenan thesamesam lordaro shmakins

perl-cryptx's Issues

ECC: segfault on invalid input 

> perl -MCrypt::PK::ECC -e'my $pk = Crypt::PK::ECC->new(); $pk->generate_key(["foo.com"])'
Segmentation fault

Perl config:

Summary of my perl5 (revision 5 version 30 subversion 0) configuration:

  Platform:
    osname=linux
    osvers=3.10.0-123.20.1.el7.x86_64
    archname=x86_64-linux-64int
    uname='linux rpmbuild-64-centos-7.dev.cpanel.net 3.10.0-123.20.1.el7.x86_64 #1 smp thu jan 29 18:05:33 utc 2015 x86_64 x86_64 x86_64 gnulinux '

FATAL: find_hash failed for

when I tried to use salt value using "pack" function I am getting below error:

FATAL: find_hash failed for '' at eck.pm line 76.

$hash_name = $hash_name||'SHA256';
$salt = pack("H*", "00" x Crypt::Digest->hashsize($hash_name));
my $hkdf_key = Crypt::KeyDerivation->hkdf($password, $salt);

even I tried to getting hash object by calling below function:
$hash_name = Crypt::Digest::_trans_digest_name($hash_name||'SHA256');

Undefined subroutine &Crypt::Digest::_trans_digest_name called at eck.pm line 73.

Please help, how can provide salt value.

build fails on freebsd 9.2 and 10.0

ar: fatal: Numeric group ID too large
*** [liballinone.a] Error code 70

Stop in /root/.cpan/build/CryptX-0.045-0T82FO/src.
*** [src/liballinone.a] Error code 1

Stop in /root/.cpan/build/CryptX-0.045-0T82FO.
MIK/CryptX-0.045.tar.gz
/usr/bin/make -- NOT OK
'YAML' not installed, will not store persistent state
Running make test
Can't test without successful make
Running make install

Rsa_export.c behavior

Hi,

I have a problem parsing RSA public keys generated by the latest version (0.030) of CryptX. OpenSSL simple refuse to use it.

Let's take a look at the following private/public keys made using CryptX (PER format):

-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAtZSMXcpsN2LUToY6eGAyUEG7T1Tp5BuF+u7S6cH05Mwy9pe/
0XqSeBgUc65xr1AZCuMjt+hBzW4RtHKW4X0Gld82uqCwslZYKfTkuJS+SdmfAy2T
kCJN94Kxkn4OauCcjcI35r0mlM4IPObDp1QbLVNQP+urh9KpfjRLLij1IsQMilJD
EqTJE061KBidxHeYn1Wxzxm9YagpTpsKQy+rDlkogbL98KxUtqVZgH+Bkl1zr4Dz
RFuEsJG7D1+6dAFb6eCIT0E2CwRTAz2+ZgS43IqvD5tXRhMeoIywbeCDOMomIc3D
0M3EjVqvWQzlQagLAxNFOmCD0MCg7g6+YIRlSwIDAQABAoIBAAePpPyu1izEP8T5
T+v9TXsMEamvBoJKJx0Y3s1/FxyD6EdecE1fxkOb9RYQGInNUw2iAbXBxSOxxqj1
8JR5KVIKVnQVBuaWM9ujZ/bLstTObBGszy08UHTTC2PnPeBzc/FvOfawv6+ImM04
asNH/E2532iZ/q2MNySbNto4OGT3JPyrHIN5wNuusnYJZz6yYxVaFygBrjCRK5xq
goSy6QVLlJ/vcpc2FG0KrqhagX3nuE/H8IyZb3ZYJuhKattV9HNvXpQVxUgAvt1M
GUDE66eS1U9t3ef65RBRKIFM/cVgvGOT5uKU0GSOEeAUGb2xWaqvRB1RcpeeEOpp
Ye9V35kCgYEA3Hs3Rg/kkRNuXAg3SxtXftVKFo584zFpHstR4SpLdT4jHfubWz7l
Z5c6jhYodr2XPP+A9qEI6mEm5jxfK4t7gIgM8K43gZX7ziFm0XliGmt7ZirXS8Pb
3KRranrHl2N19soR4dwGYLIOZcRhWE4acVOX5hW8q5IddjzF054HYlUCgYEA0tUH
jZtBpDZTh62Ktl5NPh38jLQCzWhPKMHwDL9z8wDXNaByBDEyvq0+W7AGAeGDHwBG
f7reprakN7/VxK7ZXYzOnoc1SnnooxWH415QN2UZtU9odSZlsDBEF6jZaC/mK7+l
I0tkJPidw/w8T+b5ceht4dsK2n1tLXZAiSIAiR8CgYBuwPKGHkup2MHyNypXbzen
fcsGw7LWiaaNkoLiAdX/4iPP1uk2j8S7IcuHPng7FYfYW1zUBxasbfsVYrRH8nwq
l60wZcN6M/ZWmI7GoRv3u5A0RUb7Rzq1fl57EYwbbxn9y4nqFBWcEzWKR3jC3BEK
ZnyCVt78rJxiHaseX17ENQKBgCHQVuDISNPcfrMhC0FKiJrw1kN+z4BAPYns6OIy
hpcvyFRqgj7X4SqhwIGWDrCYiZ4cPjJYN0OHwXjLhK6B2Izfe3gDeXGTcdNOLbgy
tSzdQy1IKhm36dFDPHiK9St3mzPjDcpGWi5vzWXUe5vZEKLLQ2xY5Dm8qhkDgUA9
OtbDAoGAMpVhcELh23cy5JJqPJnEu8ln9/jA8ILyDfmDfIry34XCU+bWGaCiv+i3
+Y9ki5rEt2Cq90BEysesczL4hCTQYRq6lY+Uux/edibT37IkFNP7HlhrGR34h5pp
6Km1SZrdL2EwEWQbiC1JsVEtehagzRw7wFdDMg/eymLIVKlTKo8=
-----END RSA PRIVATE KEY-----

-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAtZSMXcpsN2LUToY6eGAyUEG7T1Tp5BuF+u7S6cH05Mwy9pe/0XqS
eBgUc65xr1AZCuMjt+hBzW4RtHKW4X0Gld82uqCwslZYKfTkuJS+SdmfAy2TkCJN
94Kxkn4OauCcjcI35r0mlM4IPObDp1QbLVNQP+urh9KpfjRLLij1IsQMilJDEqTJ
E061KBidxHeYn1Wxzxm9YagpTpsKQy+rDlkogbL98KxUtqVZgH+Bkl1zr4DzRFuE
sJG7D1+6dAFb6eCIT0E2CwRTAz2+ZgS43IqvD5tXRhMeoIywbeCDOMomIc3D0M3E
jVqvWQzlQagLAxNFOmCD0MCg7g6+YIRlSwIDAQAB
-----END RSA PUBLIC KEY-----

Now, dumping the ASN.1 from this public key, you get:

    0:d=0  hl=4 l= 266 cons: SEQUENCE          
    4:d=1  hl=4 l= 257 prim:  INTEGER           :B5948C5DCA6C3762D44E863A7860325041BB4F54E9E41B85FAEED2E9C1F4E4CC32F697BFD17A9278181473AE71AF50190AE323B7E841CD6E11B47296E17D0695DF36BAA0B0B2565829F4E4B894BE49D99F032D9390224DF782B1927E0E6AE09C8DC237E6BD2694CE083CE6C3A7541B2D53503FEBAB87D2A97E344B2E28F522C40C8A524312A4C9134EB528189DC477989F55B1CF19BD61A8294E9B0A432FAB0E592881B2FDF0AC54B6A559807F81925D73AF80F3445B84B091BB0F5FBA74015BE9E0884F41360B0453033DBE6604B8DC8AAF0F9B5746131EA08CB06DE08338CA2621CDC3D0CDC48D5AAF590CE541A80B0313453A6083D0C0A0EE0EBE6084654B
  265:d=1  hl=2 l=   3 prim:  INTEGER           :010001

This doesn't look right... so using the private key above and the OpenSSL command to output a new public key, i get:

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtZSMXcpsN2LUToY6eGAy
UEG7T1Tp5BuF+u7S6cH05Mwy9pe/0XqSeBgUc65xr1AZCuMjt+hBzW4RtHKW4X0G
ld82uqCwslZYKfTkuJS+SdmfAy2TkCJN94Kxkn4OauCcjcI35r0mlM4IPObDp1Qb
LVNQP+urh9KpfjRLLij1IsQMilJDEqTJE061KBidxHeYn1Wxzxm9YagpTpsKQy+r
DlkogbL98KxUtqVZgH+Bkl1zr4DzRFuEsJG7D1+6dAFb6eCIT0E2CwRTAz2+ZgS4
3IqvD5tXRhMeoIywbeCDOMomIc3D0M3EjVqvWQzlQagLAxNFOmCD0MCg7g6+YIRl
SwIDAQAB
-----END PUBLIC KEY-----

And looking at his ASN.1 dump, that's what i have:

    0:d=0  hl=4 l= 290 cons: SEQUENCE          
    4:d=1  hl=2 l=  13 cons:  SEQUENCE          
    6:d=2  hl=2 l=   9 prim:   OBJECT            :rsaEncryption
   17:d=2  hl=2 l=   0 prim:   NULL              
   19:d=1  hl=4 l= 271 prim:  BIT STRING

This is what i would expect from a public key using PKCS #8 format, with the PublicKeyInfo, AlgorithmIdentifier and the RSAPublicKey.

Thinking about that as a bug, i began to inspect the rsa_export routines used by CryptX, i found that PublicKeyInfo and AlgorithIdentifier are being excluded on purpose.

At the function _"int rsa_export(unsigned char *out, unsigned long *outlen, int type, rsa_key *key)", line 62 to 81, we have:

     if (type & PK_STD) {
          tmplen = (mp_count_bits(key->N)/8)*2+8;
          tmp = XMALLOC(tmplen);
          ptmplen = &tmplen;
          if (tmp == NULL) {
              return CRYPT_MEM;
          }
      }
      else {
          tmp = out;
          ptmplen = outlen;
      }

      err = der_encode_sequence_multi(tmp, ptmplen,
                                 LTC_ASN1_INTEGER, 1UL,  key->N,
                                 LTC_ASN1_INTEGER, 1UL,  key->e,
                                 LTC_ASN1_EOL,     0UL, NULL);

      if ((err != CRYPT_OK) || !(type & PK_STD)) {
          goto finish;
      }

By simple changing the if to always true (a crude hack =/), and excluding !(type & PK_STD) from the last statement, it began to output fully formed PKCS #8 public key as expected, as:

      if (1) {
          tmplen = (mp_count_bits(key->N)/8)*2+8;
          tmp = XMALLOC(tmplen);
          ptmplen = &tmplen;
          if (tmp == NULL) {
              return CRYPT_MEM;
          }
      }
      else {
          tmp = out;
          ptmplen = outlen;
      }

      err = der_encode_sequence_multi(tmp, ptmplen,
                                 LTC_ASN1_INTEGER, 1UL,  key->N,
                                 LTC_ASN1_INTEGER, 1UL,  key->e,
                                 LTC_ASN1_EOL,     0UL, NULL);

      if (err != CRYPT_OK) {
          goto finish;
      }

Why of that behavior? Looks like a bug for me.

Thank you!!

not a bug: looking for help with FATAL: key must be string/buffer scalar

I have a working version of the code in question, but putting it in a setuid environment results in an error. I'm wondering if you could give me more insight into the check behind 'key must be string/buffer scalar' error.

The first line of this shows the values being send into

Crypt::Mac::HMAC->new($aproto, $key);

2016/08/03 11:31:04 FATAL> BER.pm:604 INOC::SNMP2::BER::check_auth_parm - APROTO:MD5 KEY:�m^0��KF&����m�
2016/08/03 11:31:04 FATAL> BER.pm:609 INOC::SNMP2::BER::check_auth_parm - FATAL: key must be string/buffer scalar at /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi/Crypt/Mac/HMAC.pm line 16.

Any help would be appreciated.

DSA/RSA/ECC/DH key2hash - hexadecimal numbers are missing leading zero

Net::SSH's Perl/Key/DSA.pm sub equal calls key2hash on the key of the connected and known host and then compares p,q,g,y all match except for the y of the known host parameter has an extra '0' at the end making it 257 bytes. The known hosts entry is loaded via Net::SSH Perl/Key/DSA.pm's sub init using import_key.

0.036 fails t/checksum.t on AIX-5.3 

AIX 5.3.0.0/TL12-05  IBM,9115-505 PowerPC_POWER5/1898(2)
This is perl 5, version 14, subversion 2 (v5.14.2) built for aix-64all

t/checksum.t ........................ 1/24
#   Failed test at t/checksum.t line 32.
#          got: '43beb7e8'
#     expected: 'e8b7be43'

#   Failed test at t/checksum.t line 33.
#          got: 'ef7673b3'
#     expected: 'b37376ef'

#   Failed test at t/checksum.t line 34.
#          got: '7309686d'
#     expected: '6d680973'

#   Failed test at t/checksum.t line 35.
#          got: '1929996397'
#     expected: '1835534707'

#   Failed test at t/checksum.t line 36.
#          got: 'e9156e80'
#     expected: '806e15e9'

#   Failed test at t/checksum.t line 37.
#          got: '3910495872'
#     expected: '2154698217'

#   Failed test at t/checksum.t line 39.
#          got: 'ed1f1124'
#     expected: '24111fed'

#   Failed test at t/checksum.t line 40.
#          got: 'c630a41c'
#     expected: '1ca430c6'

#   Failed test at t/checksum.t line 41.
#          got: 'fb4d434d'
#     expected: '4d434dfb'

#   Failed test at t/checksum.t line 42.
#          got: '58829b9f'
#     expected: '9f9b8258'
# Looks like you failed 10 tests of 24.
t/checksum.t ........................ Dubious, test returned 10 (wstat 2560, 0xa00)
Failed 10/24 subtests

endianess?

$ perl -V:byteorder
byteorder='87654321';

Question - Alien libtom

Hello, thank you for this great module. I am using it in another CPAN distribution.

I want to depend on libtom entirely, together with Math::BigInt::LTM and some EC-point arithmetic I need in my algorithms. Right now I'm using yet another CPAN distro that implements it in perl, but with GMP support only. I'm basically pulling extra modules and using two math libraries at once, which seems very redundant.

I'm eager to write my own XS using libtom toolkit to get what I need out of it, but CryptX is not actually installing it in the system, just using the header files that come together with the distribution. As far as I know there's no sane way I can reuse that code in my distribution, so I'd have to bundle it myself the second time or ask users to install it beforehand.

Do you think it would be possible to change libtom bundling method to installation (Alien:: modules seem to do that), so that once installed it'll be available to all? That would be the ideal solution to me to depend on CryptX to install the library it's using, but I know that might not be the best idea from a module standpoint for a variety of reasons.

I thought I'd ask here before I make any decisions on my own. I'm also open to suggestions on how it solve this problem.

edit: I see that there's an experimental condition in the makefile to use system libtom if envvars are set, so I guess some thought has been put into it already

Make Crypt::PK::ECC::export_key_der optionally export the short form

Like with export_key_raw('public_compressed') it would be handy to export the key in the short OID form. e.g something like export_key_der('public_oid'), public_named (based on OPENSSL_EC_NAMED_CURVE) or public_short.

Looking at the code it's simply calling ecc_export instead of ecc_export_full. I can also send you a PR if you tell me which keyword you'd prefer.

ISO 10126 padding CryptX::Mode::ECB

I am in the unfortunate situation that I need to be able to decrypt legacy data which is ECB, DES_EDE, padded with random bytes where the last byte is the padding boundary.

In version 0.061 of this module, we were able to use PKCS5 padding mode, and I think X923 too as it didn't check whether the extra bytes were as expected. However, from 0.062 it now uses padding_depad which is stricter.

After some research, it looks like libtomcrypt supports ISO 10126, which whilst this has been withdrawn I believe it fits our padding type. However the CryptX::Mode::ECB module does not make this padding mode available.

It would be super useful if this could be added.

Thanks!

Compile "ar" step fails when Perl built with -flto

When perl 5.24.1 is compiled with -flto

Compile stage emits:

ar: ltc/ciphers/aes/aes.o: plugin needed to handle lto object
ar: ltc/ciphers/anubis.o: plugin needed to handle lto object
ar: ltc/ciphers/blowfish.o: plugin needed to handle lto object
ar: ltc/ciphers/camellia.o: plugin needed to handle lto object
ar: ltc/ciphers/cast5.o: plugin needed to handle lto object
...

And tests fail:

PERL_DL_NONLAZY=1 "/usr/bin/perl" "-MExtUtils::Command::MM" "-MTest::Harness" "-e" "undef *Test::Harness::Switches; test_harness(0, 'blib/lib', 'blib/arch')" t/*.t
Can't load '/var/tmp/portage/dev-perl/CryptX-0.44.0/work/CryptX-0.044/blib/arch/auto/CryptX/CryptX.so' for module CryptX: /var/tmp/portage/dev-perl/CryptX-0.44.0/work/CryptX-0.044/blib/arch/auto/CryptX/CryptX.so: undefined symbol: saferp_desc at /usr/lib64/perl5/5.24.1/x86_64-linux/DynaLoader.pm line 193.
 at t/001_compile.t line 11.
Compilation failed in require at t/001_compile.t line 11.
BEGIN failed--compilation aborted at t/001_compile.t line 11.
Could not load all modules at t/001_compile.t line 9.
END failed--call queue aborted at t/001_compile.t line 11.
# Looks like your test exited with 22 before it could output anything.
t/001_compile.t ..................... Dubious, test returned 22 (wstat 5632, 0x1600)

This may be related to compiling perl with GCC6, which itself needed this patch to work: https://raw.githubusercontent.com/gentoo-perl/perl-patchset/perl-5.24/patches/gentoo/gcc6-lto-configure.diff

However, switching back to GCC5 to compile CryptX does not resolve the problem.

Its not clear at this stage to me where the problem lies, but it may be partly --as-needed also to blame.

But I'd hazard to guess that the missing symbol being saferp_desc indicates a link-ordering or symbol visibility bug.

I don't have much experience with LTO bugs , and I only test this configuration now because an end-user of ours reported it: https://bugs.gentoo.org/583532 , some reports indicate the issue is using "ar" instead of "gcc-ar", but I'm not sure where that comes from ( http://stackoverflow.com/questions/39236917/using-gccs-link-time-optimization-with-static-linked-libraries )

This may even be a bug for EUMM as I've seen a similar compile error to this in the last week

Summary of my perl5 (revision 5 version 24 subversion 1) configuration:
   
  Platform:
    osname=linux, osvers=4.8.5-gentoo, archname=x86_64-linux
    uname='linux katipo2 4.8.5-gentoo #43 smp preempt tue nov 1 19:41:26 nzdt 2016 x86_64 intel(r) core(tm) i5-2410m cpu @ 2.30ghz genuineintel gnulinux '
    config_args='-des -Dinstallprefix=/usr -Dinstallusrbinperl=n -Di_ndbm -Di_gdbm -Di_db -DDEBUGGING=none -Dinc_version_list=5.24.0/x86_64-linux 5.24.0  -Dlibpth=/usr/local/lib64 /lib64 /usr/lib64 -Dnoextensions=ODBM_File -Duseshrplib -Darchname=x86_64-linux -Dcc=x86_64-pc-linux-gnu-gcc -Doptimize=-O2 -pipe -mtune=native -march=native -fstack-protector-strong -fno-stack-protector -flto -Dldflags=-Wl,-O1 -Wl,--as-needed -fstack-protector-strong -fno-stack-protector -flto -Dprefix=/usr -Dsiteprefix=/usr/local -Dvendorprefix=/usr -Dscriptdir=/usr/bin -Dprivlib=/usr/lib64/perl5/5.24.1 -Darchlib=/usr/lib64/perl5/5.24.1/x86_64-linux -Dsitelib=/usr/local/lib64/perl5/5.24.1 -Dsitearch=/usr/local/lib64/perl5/5.24.1/x86_64-linux -Dvendorlib=/usr/lib64/perl5/vendor_perl/5.24.1 -Dvendorarch=/usr/lib64/perl5/vendor_perl/5.24.1/x86_64-linux -Dman1dir=/usr/share/man/man1 -Dman3dir=/usr/share/man/man3 -Dsiteman1dir=/usr/local/man/man1 -Dsiteman3dir=/usr/local/man/man3 -Dvendorman1dir=/usr/share/man/man1 -Dvendorman3dir=/usr/share/man/man3 -Dman1ext=1 -Dman3ext=3pm -Dlibperl=libperl.so.5.24.1 -Dlocincpth=/usr/include  -Dglibpth=/lib64 /usr/lib64  -Duselargefiles -Dd_semctl_semun -Dcf_by=Gentoo -Dmyhostname=localhost -Dperladmin=root@localhost -Ud_csh -Dsh=/bin/sh -Dtargetsh=/bin/sh -Uusenm -Di_ndbm -Di_gdbm -Di_db -DDEBUGGING=none -Dinc_version_list=5.24.0/x86_64-linux 5.24.0  -Dlibpth=/usr/local/lib64 /lib64 /usr/lib64 -Dnoextensions=ODBM_File'
    hint=recommended, useposix=true, d_sigaction=define
    useithreads=undef, usemultiplicity=undef
    use64bitint=define, use64bitall=define, uselongdouble=undef
    usemymalloc=n, bincompat5005=undef
  Compiler:
    cc='x86_64-pc-linux-gnu-gcc', ccflags ='-fstack-protector-strong -fno-stack-protector -DPERL_HASH_FUNC_SDBM -DPERL_DISABLE_PMC -fwrapv -fno-strict-aliasing -pipe -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64',
    optimize='-O2 -pipe -mtune=native -march=native -fstack-protector-strong -fno-stack-protector -flto',
    cppflags='-fstack-protector-strong -fno-stack-protector -DPERL_HASH_FUNC_SDBM -DPERL_DISABLE_PMC -fwrapv -fno-strict-aliasing -pipe'
    ccversion='', gccversion='5.4.0', gccosandvers=''
    intsize=4, longsize=8, ptrsize=8, doublesize=8, byteorder=12345678, doublekind=3
    d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=16, longdblkind=3
    ivtype='long', ivsize=8, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
    alignbytes=8, prototype=define
  Linker and Libraries:
    ld='x86_64-pc-linux-gnu-gcc', ldflags ='-Wl,-O1 -Wl,--as-needed -fstack-protector-strong -fno-stack-protector -flto'
    libpth=/usr/local/lib64 /lib64 /usr/lib64 /usr/lib/gcc/x86_64-pc-linux-gnu/5.4.0/include-fixed /usr/lib /lib/../lib64 /usr/lib/../lib64 /lib
    libs=-lpthread -lnsl -lndbm -lgdbm -ldb -ldl -lm -lcrypt -lutil -lc -lgdbm_compat
    perllibs=-lpthread -lnsl -ldl -lm -lcrypt -lutil -lc
    libc=libc-2.24.so, so=so, useshrplib=true, libperl=libperl.so.5.24.1
    gnulibc_version='2.24'
  Dynamic Linking:
    dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E'
    cccdlflags='-fPIC', lddlflags='-shared -O2 -pipe -mtune=native -march=native -fstack-protector-strong -fno-stack-protector -flto -Wl,-O1 -Wl,--as-needed -fstack-protector-strong -fno-stack-protector -flto'


Characteristics of this binary (from libperl): 
  Compile-time options: HAS_TIMES PERLIO_LAYERS PERL_COPY_ON_WRITE
                        PERL_DISABLE_PMC PERL_DONT_CREATE_GVSV
                        PERL_HASH_FUNC_SDBM PERL_MALLOC_WRAP
                        PERL_PRESERVE_IVUV USE_64_BIT_ALL USE_64_BIT_INT
                        USE_LARGE_FILES USE_LOCALE USE_LOCALE_COLLATE
                        USE_LOCALE_CTYPE USE_LOCALE_NUMERIC USE_LOCALE_TIME
                        USE_PERLIO USE_PERL_ATOF
  Locally applied patches:
	gentoo/hints_hpux - Fix hpux hints
	gentoo/aix_soname - aix gcc detection and shared library soname support
	gentoo/EUMM-RUNPATH - https://bugs.gentoo.org/105054 cpan/ExtUtils-MakeMaker: drop $PORTAGE_TMPDIR from LD_RUN_PATH
	gentoo/config_over - Remove -rpath and append LDFLAGS to lddlflags
	gentoo/opensolaris_headers - Add headers for opensolaris
	gentoo/patchlevel - List packaged patches for perl-5.24.1-r1(#3) in patchlevel.h
	gentoo/cleanup-paths - Cleanup PATH and shrpenv
	gentoo/enc2xs - Tweak enc2xs to follow symlinks and ignore missing @INC directories.
	gentoo/darwin-cc-ld - https://bugs.gentoo.org/297751 darwin: Use $CC to link
	gentoo/cpan_definstalldirs - Provide a sensible INSTALLDIRS default for modules installed from CPAN.
	gentoo/interix - Fix interix hints
	gentoo/create_libperl_soname - https://bugs.gentoo.org/286840 Set libperl soname
	gentoo/mod_paths - Add /etc/perl to @INC
	gentoo/EUMM_perllocalpod - cpan/ExtUtils-MakeMaker: remove targets that generate perllocal.pod
	gentoo/drop_fstack_protector - https://bugs.gentoo.org/348557 Don't force -fstack-protector on everyone
	gentoo/usr_local - Configure: Don't include sources in /usr/local/ for compiling perl
	gentoo/D-SHA-CFLAGS - https://bugs.gentoo.org/506818 Do not set custom CFLAGS in cpan/Digest-SHA
	gentoo/io_socket_ip_tests - cpan/IO-Socket-IP: Disable network tests
	gentoo/cygwin-libperl - Cygwin: avoid libperl.dll.dll.a
	gentoo/tests - Fixup EUMM perlocal.pod tests and customised SHA1s
	gentoo/basepm-dot-inc - base.pm: Protect against . in @INC
	gentoo/zlib-1.2.9-backported-fixes - [rt#119762] Compress-Raw-Zlib: backport zlib 1.2.9+ fixes from upstream 2.073
	gentoo/gcc6-lto-configure - [RT#128131] fix symbol detection with gcc 6 link-time optimization
	debian/cpan-missing-site-dirs - Fix CPAN::FirstTime defaults with nonexisting site dirs if a parent is writable
	debian/makemaker-pasthru - Pass LD settings through to subdirectories
	fixes/memoize_storable_nstore - [rt.cpan.org #77790] Memoize::Storable: respect 'nstore' option not respected
	fixes/podman-pipe - Better errors for man pages from standard input
	fixes/respect_umask - Respect umask during installation
	fixes/net_smtp_docs - [rt.cpan.org #36038] Document the Net::SMTP 'Port' option
	fixes/document_makemaker_ccflags - [rt.cpan.org #68613] Document that CCFLAGS should include $Config{ccflags}
	fixes/parallel-manisort.patch - Fix parallel building
  Built under linux
  Compiled at Feb 21 2017 15:37:34
  @INC:
    /etc/perl
    /usr/local/lib64/perl5/5.24.1/x86_64-linux
    /usr/local/lib64/perl5/5.24.1
    /usr/lib64/perl5/vendor_perl/5.24.1/x86_64-linux
    /usr/lib64/perl5/vendor_perl/5.24.1
    /usr/local/lib64/perl5
    /usr/lib64/perl5/vendor_perl/5.24.0
    /usr/lib64/perl5/vendor_perl
    /usr/lib64/perl5/5.24.1/x86_64-linux
    /usr/lib64/perl5/5.24.1
    .

JWK thumbprint?

As this library is something of a “grab-bag” of crypto functionality, would you consider incorporating JWK thumbprints, perhaps alongside export_key_jwk()?

    return _to_base64url(
        Digest::SHA::sha256(
            Cpanel::JSON::canonical_dump($self->_jwk_data())
        ),
    );

gcm_decrypt_verify() no longer verifies the provided tag

I can pass anything as the tag into gcm_decrypt_verify() and it will return decrypted plaintext. It looks like this might have been lost with the conversion to XS in recent versions.

#!/usr/bin/env perl
use 5.14.0;
use strictures 2;

use Crypt::AuthEnc::GCM qw(gcm_decrypt_verify gcm_encrypt_authenticate);
use MIME::Base64 qw(decode_base64);

my ($ct, $tag) = gcm_encrypt_authenticate(
  'AES',
  decode_base64('QG1vT29ke5maBZRtdqaEcC8BjDxPGOILyylheMSkyM4='),
  decode_base64('tWWWVmRvthlL0d6iFNJtHOIWkFSpf7p7hCoE+l+Pszo='),
  undef,
  'Hello Crypto',
);

# this should not work because I am not providing the correct tag value
my $pt = gcm_decrypt_verify(
  'AES',
  decode_base64('QG1vT29ke5maBZRtdqaEcC8BjDxPGOILyylheMSkyM4='),
  decode_base64('tWWWVmRvthlL0d6iFNJtHOIWkFSpf7p7hCoE+l+Pszo='),
  undef,
  $ct,
  "anything",
);

say $pt;

Segmentation fault on Apache due to symbol clash with libasn1 

Program received signal SIGSEGV, Segmentation fault.
0x00007fa7a8922a80 in der_length_octet_string () from target:/usr/lib/x86_64-linux-gnu/libasn1.so.8
(gdb) bt
#0  0x00007fa7a8922a80 in der_length_octet_string () from target:/usr/lib/x86_64-linux-gnu/libasn1.so.8
#1  0x00007fa78b535ce4 in der_decode_custom_type_ex (
    in=in@entry=0x55e4c009b1b0, 
    inlen=inlen@entry=86, root=root@entry=0x0, list=list@entry=0x7ffc49fcdf40, outlen=outlen@entry=4, flags=flags@entry=1)
    at ltc/pk/asn1/der/custom_type/der_decode_custom_type.c:223
...

sadly it seems the library uses the wrong der_length_octet_string function, thus crashing the web server.

Use of uninitialized value in subroutine entry errors when using a invalid key

Hi,

While using Crypt::PK::ECC, If run the below to catch invalid key input by a user (the key is missing a single char), I catch the croak however two warnings are emitted.

 my $priv_key = '-----BEGIN EC PRIVATE KEY-----HQCAQEEIIpu/cACtPO9OJ3nMLeWAYrdAVnuDD7eZh1DINgx+2ZYoAcGBSuBBAAKoUQDQgAEq0dnvt6yhpeTyjcHcogl5iFAHywxvhBBc2cLMa4vF0r+kvyg4wLbrqPvdL3MeW1N3x7t6mFvq25So/LV9VAoJQ==-----END EC PRIVATE KEY-----';
    my $encoded_json = '{"foo":"bar"}';
    my ($signature, $signature_error);
    try {
        my $pk = Crypt::PK::ECC->new( \$priv_key );
        $signature = $pk->sign_message( $encoded_json, 'SHA256' );
    } catch {
        $signature_error = $_;
    };

I get.

Use of uninitialized value in subroutine entry at /Users/stuart.skelton/dev/tinyconnections/local/lib/perl5/darwin-2level/Crypt/PK/ECC.pm line 223, <DATA> line 1.
Use of uninitialized value in subroutine entry at /Users/stuart.skelton/dev/tinyconnections/local/lib/perl5/darwin-2level/Crypt/PK/ECC.pm line 223, <DATA> line 1.

It seems pem_to_der is returning undef, which is used to do $self->_import and $self->_import_old causing this warnings.

my feeling would be to add:

diff --git a/lib/Crypt/PK/ECC.pm b/lib/Crypt/PK/ECC.pm
diff --git a/lib/Crypt/PK/ECC.pm b/lib/Crypt/PK/ECC.pm
index 1eb825fd..d9e9a732 100644
--- a/lib/Crypt/PK/ECC.pm
+++ b/lib/Crypt/PK/ECC.pm
@@ -219,16 +219,16 @@ sub import_key {
   croak "FATAL: invalid key data" unless $data;

   if ($data =~ /-----BEGIN (EC PRIVATE|EC PUBLIC|PUBLIC) KEY-----(.*?)-----END/sg) {
-    $data = pem_to_der($data, $password);
+    $data = pem_to_der_or_croak($data, $password);
     my $rv = eval { $self->_import($data) } || eval { $self->_import_old($data) };
     return $rv if $rv;
   }
   elsif ($data =~ /-----BEGIN PRIVATE KEY-----(.*?)-----END/sg) {
-    $data = pem_to_der($data, $password);
+    $data = pem_to_der_or_croak($data, $password);
     return $self->_import_pkcs8($data, $password);
   }
   elsif ($data =~ /-----BEGIN ENCRYPTED PRIVATE KEY-----(.*?)-----END/sg) {
-    $data = pem_to_der($data, $password);
+    $data = pem_to_der_or_croak($data, $password);
     return $self->_import_pkcs8($data, $password);
   }
   elsif ($data =~ /^\s*(\{.*?\})\s*$/s) {
@@ -244,11 +244,11 @@ sub import_key {
     }
   }
   elsif ($data =~ /-----BEGIN CERTIFICATE-----(.*?)-----END CERTIFICATE-----/sg) {
-    $data = pem_to_der($data);
+    $data = pem_to_der_or_croak($data);
     return $self->_import_x509($data);
   }
   elsif ($data =~ /---- BEGIN SSH2 PUBLIC KEY ----(.*?)---- END SSH2 PUBLIC KEY ----/sg) {
-    $data = pem_to_der($data);
+    $data = pem_to_der_or_croak($data);
     my ($typ, $skip, $pubkey) = Crypt::PK::_ssh_parse($data);
     return $self->import_key_raw($pubkey, "$2") if $pubkey && $typ =~ /^ecdsa-(.+?)-(.*)$/;
   }
@@ -267,6 +267,13 @@ sub import_key {
   croak "FATAL: invalid or unsupported EC key format";
 }

+sub pem_to_der_or_croak {
+  my ($data) = @_;
+  $data = pem_to_der($data);
+  croak "FATAL: invalid key data" unless $data;
+  return $data;
+}
+

What do you think?

Regards

Stuart

Fails with Math::BigInt 1.999801

As per subject. Diagnostics:

#   Failed test '$x = Math::BigInt->new("+0"); $y = Math::BigInt->new("abc"); Math::BigInt::blcm($x, $y);'
#   at t/mbi_ltm/bigintpm.inc line 202.
#          got: undef
#     expected: 'NaN'

#   Failed test '$x = Math::BigInt->new("+0"); $y = Math::BigInt->new("+0"); Math::BigInt::blcm($x, $y);'
#   at t/mbi_ltm/bigintpm.inc line 202.
#          got: undef
#     expected: 'NaN'

#   Failed test '$x = Math::BigInt->new("+1"); $y = Math::BigInt->new("+0"); Math::BigInt::blcm($x, $y);'
#   at t/mbi_ltm/bigintpm.inc line 202.
#          got: undef
#     expected: '0'

#   Failed test '$x = Math::BigInt->new("+0"); $y = Math::BigInt->new("+1"); Math::BigInt::blcm($x, $y);'
#   at t/mbi_ltm/bigintpm.inc line 202.
#          got: undef
#     expected: '0'

#   Failed test '$x = Math::BigInt->new("+27"); $y = Math::BigInt->new("+90"); Math::BigInt::blcm($x, $y);'
#   at t/mbi_ltm/bigintpm.inc line 202.
#          got: undef
#     expected: '270'

#   Failed test '$x = Math::BigInt->new("+1034"); $y = Math::BigInt->new("+804"); Math::BigInt::blcm($x, $y);'
#   at t/mbi_ltm/bigintpm.inc line 202.
#          got: undef
#     expected: '415668'
# Looks like you planned 3730 tests but ran 3724.
# Looks like you failed 6 tests of 3724 run.
t/mbi_ltm_bigintpm.t ................ 
Dubious, test returned 6 (wstat 1536, 0x600)
Failed 12/3730 subtests 
        (less 50 skipped subtests: 3668 okay)

Downgrading PJACKLAM/Math-BigInt-1.999727.tar.gz does as a workaround.

HTH&&Thanks,

FATAL: ecc_set_key failed: Invalid input packet. error in CryptX 0.066

Hi,

The following code works well in CryptX 0.059

my $pk1 = Crypt::PK::ECC->new();
print "\n VERSION: ",$Crypt::PK::VERSION;
#generate_key for curve
$pk1->generate_key('BRAINPOOLP256R1'); #nistp256 
$pk1->import_key({
		curve_name => "BRAINPOOLP256R1",
		k          => "AA112345FFfFFFFFFFBBBBBCCCCCCCCCBBBBBBBBBBBEEEEEE227755449988566",
		pub_x      => "556677aabbcceeff332256743ee1200000ffaa56437899966552211ffccaabbb",
		pub_y      => "00eeff55662233449977446ddeeaabbff66677733344229966554433ffaabbcc",
});

The same code gives following error in 0.066 Version.

 VERSION: 0.066FATAL: ecc_set_key failed: Invalid input packet. at ...

What could be the cause?

Build fails on i686

I tried building perl-CryptX for i686 and ran into the following error:

...
cc -Iltm -Iltc/headers -DLTC_SOURCE -DLTC_NO_TEST -DLTC_NO_PROTOTYPES -DLTM_DESC -fstack-clash-protection -D_FORTIFY_SOURCE=2 -mtune=i686 -O2 -pipe   -g -D_FILE_OFFSET_BITS=64 -DLARGE_FILE_SUPPORT64   -fPIC  -Wall -fstack-clash-protection -D_FORTIFY_SOURCE=2 -mtune=i686 -O2 -pipe   -g -D_FILE_OFFSET_BITS=64 -DLARGE_FILE_SUPPORT64   -fstack-clash-protection -D_FORTIFY_SOURCE=2 -mtune=i686 -O2 -pipe    -I/usr/include     -DARGTYPE=4 -c ltc/hashes/blake2b.c -o ltc/hashes/blake2b.o
ltc/hashes/blake2b.c: In function 'blake2b_compress':
ltc/hashes/blake2b.c:351:1: warning: unsupported size for integer register
  351 | }
      | ^
ltc/hashes/blake2b.c:351:1: warning: unsupported size for integer register
...
ltc/headers/tomcrypt_macros.h: ltc/hashes/blake2b.c:351:1: warning: unsupported size for integer register
Assembler messages:
ltc/headers/tomcrypt_macros.h:393: Error: invalid instruction suffix for `ror'
ltc/hashes/blake2b.c:351:1: warning: unsupported size for integer register
...
make[1]: *** [Makefile:197: ltc/hashes/blake2b.o] Error 1
make[1]: Leaving directory '/builddir/CryptX-0.065/src'
make: *** [Makefile:1923: src/liballinone.a] Error 2

I think the error was introduced in commit 32f1d21.
After some digging I might have found the culprit: line 381 in src/ltc/headers/tomcrypt_macros.h allows 64-bit rotation for i386 targets. Perhaps it is just a copy-and-paste error? ;)

The following patch (which just removes the __i386__ condition) allows the build to finish:

--- src/ltc/headers/tomcrypt_macros.h.orig      2019-10-08 14:25:41.000000000 +0200
+++ src/ltc/headers/tomcrypt_macros.h   2019-10-20 09:03:21.352042592 +0200
@@ -378,7 +378,7 @@
 #define ROR64c(x,n) ROR64(x,n)
 #define ROL64c(x,n) ROL64(x,n)

-#elif !defined(__STRICT_ANSI__) && defined(__GNUC__) && (defined(__i386__) || defined(__x86_64__)) && !defined(INTEL_CC) && !defined(LTC_NO_ASM)
+#elif !defined(__STRICT_ANSI__) && defined(__GNUC__) && defined(__x86_64__) && !defined(INTEL_CC) && !defined(LTC_NO_ASM)

 static inline ulong64 ROL64(ulong64 word, int i)
 {

export_key_jwk() doesn’t export canonical JSON

For creating JWK thumbprints it’s necessary to have canonical (i.e., sorted keys) JSON.

The JWK that this module exports, being non-canonical, is useless, which means it’s necessary to parse the JSON, then re-encode it canonically.

It would help this purpose—without breaking any others—if this module exported JWKs as canonical JSON. Could this be done?

Minimum version of Math::BigInt required?

Got the following test fails in CryptX v0.043 against an older Math::BigInt version (1.999715).

As there's no dependency specified on Math::BigInt, should the changes in #26 be backwards compatible with previous Math::BigInt versions ?

# Math::BigInt VERSION=1.999715
t/mbi_ltm_01load.t .................. ok

#   Failed test '$x = Math::BigFloat->new("0"); $Math::BigFloat::div_scale = 40; $x->bfac();'
#   at t/mbi_ltm/bigfltpm.inc line 168.
#          got: '0'
#     expected: '1'
# Looks like you failed 1 test of 2414.
t/mbi_ltm_bigfltpm.t ................
Dubious, test returned 1 (wstat 256, 0x100)
Failed 1/2414 subtests
        (less 1 skipped subtest: 2412 okay)
t/mbi_ltm_bigintg.t ................. ok

#   Failed test '$x = Math::BigInt->new("+0"); $y = Math::BigInt->new("+0"); Math::BigInt::blcm($x, $y);'
#   at t/mbi_ltm/bigintpm.inc line 202.
#          got: 'NaN'
#     expected: '0'
# Looks like you failed 1 test of 3730.
t/mbi_ltm_bigintpm.t ................
Dubious, test returned 1 (wstat 256, 0x100)
Failed 1/3730 subtests
        (less 50 skipped subtests: 3679 okay)

Module doesn't build

cpan -f -i Crypt::Mode::CBC
....
....
dmake.exe: Error code 133, while making 'liballinone.a'
dmake.exe: Error code 255, while making 'src\liballinone.a'
MIK/CryptX-0.063.tar.gz
C:\Perl64\site\bin\dmake.exe -- NOT OK

Crypt::PK::ECC needs $VERSION

I am using Crypt::PK::ECC in another CPAN module.

I can't specify a prerequisite version in my package's META because Crypt::PK::ECC doesn't include a $VERSION "our" variable. This makes diagnosing CPANTS reports difficult...

Apparently you only have a $VERSION in Cryptx - which I don't explicitly use or install.

Please add a $VERSION to Crypt::PK::ECC.

It looks like this should also be done for DH, RSA and DSA, though I don't currently use them.

It would also be a good idea for these modules to add a version constraint when they use Cryptx, PK, etc.

Thanks.

cpanspec -b CryptX-0.046.tar.gz fails to build RPM on stock el6

cpanspec will not build RPM out of box. Something must not be compatible with cpanspec and I'm not familiar enough to know why. But, this is how I had to modify the cpanspec generated spec file to build an rpm on el6.

Error 1

RPM build errors:
    Installed (but unpackaged) file(s) found:
   /usr/lib64/perl5/vendor_perl/Crypt/AuthEnc.pm
  ...

Appears that the package is in the Crypt folder and not the CryptX folder as cpanspec expected.

< %{perl_vendorarch}/CryptX*
> %{perl_vendorarch}/Crypt*

Error 2

RPM build errors:
    Installed (but unpackaged) file(s) found:
   /usr/lib64/perl5/vendor_perl/Math/BigInt/LTM.pm

Appears that Math::BigInt::LTM is provided in this distribution as opposed to in it's own distribution.

> %{perl_vendorarch}/Math*

perl-Crypt-JWT appears to have passed all of its tests so I'm happy.

[Documentation] Crypt::Mode::CBC and Crypt::CBC compatibility

It is probably a good idea to add that if you want Crypt::Mode::CBC to be backwards compatible with Crypt::CBC if header is set to none or randomiv and literal_key is not set.

       my $keysize = Crypt::Cipher->keysize($name);
       $key = Digest::MD5::md5($key);
      while (length($key) < $keysize)  {
        $key .= Digest::MD5::md5($key);
      }
     $key = substr($key,0,$keysize);

As for decrypting with header salt

my ($salt) = $text =~/^Salted__(.{8})/s;
substr($text,0,16) = '';

($key,$iv) = _salted_key_and_iv($key,$salt);

sub _salted_key_and_iv {

  my ($key,$salt)  = @_;


  my $key_len = Crypt::Cipher->keysize('AES');
  my $iv_len  = Crypt::Cipher->blocksize('AES');
 
  my $desired_len = $key_len+$iv_len;
 
  my $data  = '';
  my $d = '';
 
  while (length $data < $desired_len) {
    $d = Digest::MD5::md5($d . $key . $salt);
    $data .= $d;
  }
  return (substr($data,0,$key_len),substr($data,$key_len,$iv_len));
}

Crypt::PK::DH Improvements

Moving discussion from email.
You said:

---QUOTE---
in my opinion the right way is to enhance https://metacpan.org/pod/Crypt::PK::DH#generate_key

Now it supports only:
my $pk = Crypt::PK::DH->new();
$pk->generate_key($keysize);

like:
$pk->generate_key(256);

it should be extended to - let's say:
$pk->generate_key({ p=> '62D031C83F4294F64....', g=> '02' });

It would be also nice to patch https://metacpan.org/pod/Crypt::PK::DH#key2hash so that key dump contains also p + g (and maybe import/export routines will need some attention as well).

I did similar kind of extension for EC crypto in https://metacpan.org/pod/Crypt::PK::ECC#generate_key some time ago.

But keep in mind that it will need some nontrivial changes to cryptx/src/ltc/pk/dh/dh.c especially dh_make_key.

Basically I am not against major redesign of src/ltc/pk/dh/dh.c (I am member of libtomcrypt project so can try to push the changes upstream) but it is definitely a bunch of work.
---END QUOTE---

Other than supplying p and g to generate the key, I also need the following functionality, which is largely already written:
-Verify that a supplied public key is valid for my private key -- essentially a range check, y > 1 && y < (p - 1) and if g == 2 make sure more than one bit is set in y.
-Return public key in binary format. Not entirely necessary because we could unpack this from key2hash but nice nonetheless.

To modify Crypt::PK:DH, the path forward I see is:
-Add p,g to dh_key
-Remove index field from dh_key
-Redo import/export to include p,g in the packet and not index
-Change dh_get_size to return the used portion of the mp_int instead of looking up in table
-Free p,g parts of key in dh_free
-Change dh_encrypt_key, dh_decrypt_key to use p,g in key

I am not sure what to do with:
-dh_sizes function (probably leave alone).

Let me know your thoughts.

Crypt::AuthEnc::GCM - Encryption of the empty string

Hi,

it seems encryption of the empty string is not supported in GCM mode:

my $gcm = Crypt::AuthEnc::GCM->new("AES", Crypt::URandom::urandom(32));
$gcm->iv_add(Crypt::URandom::urandom(16));
$gcm->adata_add('test');
$gcm->encrypt_add('');
$gcm->encrypt_done;

leads to FATAL: gcm_done failed: Invalid argument provided.

Is that expected behaviour or some restriction of the GCM mode?
Crypt::Mode::CBC and CTR work fine on the empty string.
Although CTR produces empty ciphertext, I'd like to know if somebody tampered with it, at least.

Using CryptX version 0.048.

unknown type name 'int32_t'

Compilation of CryptX-0.063_001 fails on FreeBSD:

...
cc -Iltm -Iltc/headers -DLTC_SOURCE -DLTC_NO_TEST -DLTC_NO_PROTOTYPES -DLTM_DESC -DHAS_FPSETMASK -DHAS_FLOATINGPOINT_H -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include -DPIC -fPIC -O -DARGTYPE=4 -c ltm/bn_mp_prime_strong_lucas_selfridge.c -o ltm/bn_mp_prime_strong_lucas_selfridge.o
ltm/bn_mp_prime_strong_lucas_selfridge.c:86:4: error: unknown type name 'int32_t'; did you mean '__int32_t'?
   int32_t D, Ds, J, sign, P, Q, r, s, u, Nbits;
   ^~~~~~~
   __int32_t
/usr/include/x86/_types.h:55:15: note: '__int32_t' declared here
typedef int                     __int32_t;
                                ^
1 error generated.
*** Error code 1

Not a bug: looking for info about CyptX and real time signals

Same application as my previous issue, but now moved to a linux container.
Inside the container trying to decypt data perl process dies, strace of the issue shows, outside the container, no issues.

clone(child_stack=0x105d4570, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND) = 85956
write(14, "pv[\r\5\0\0\0\273dv\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\334"..., 148) = 148
rt_sigprocmask(SIG_SETMASK, NULL, [RTMIN], 8) = 0
write(14, "\240\20_\367\0\0\0\0\0\0\0\0000\214\203\366\320\315\216"..., 148) = 148
rt_sigprocmask(SIG_SETMASK, NULL, [RTMIN], 8) = 0
rt_sigsuspend([]) = ? ERESTARTNOHAND (To be restarted)
--- SIGRTMIN (Unknown signal 32) ---

Which makes no sense to me because I do not think CryptX uses threads or forks but the clone system call is only used by fork() and threads. Also, signal 32 is not a standard signal and is not handled, so ERESTARTNOHAND requires the process to die if the signal is not handled.

Bypassing the decryption code and the application continues to run, just discards the data.

Just wondering if you have seen anything like this or if can validate my assumption about that CyptX does not use threads or fork, in which case I will hunt down where the clone() system call is coming from.

Thank you for your time and for your great software

ltc Licensing could be clearer

Initially, when I tried to investigate this, I initially found a bunch of scary messages in my source grep which seemed to indicate that embedded code was not compatible with either "perl" license options.

But fortunately I talked to the right person and they pointed out some things that weren't easy to discover.

Namely, that despite there being a bit of a mess of licenses in src/, there is no license problem to speak of, as all the components are part of LibTomCrypt, and it has a very permissive license.

But a raw copy of LibTomCrypts license is not shipped with this, and there's no indication at the top level about the conditions that may/may not apply to bundled files.

Like, my grep context only showing:

perl-CryptX/src/ltc/stream/rabbit/rabbit.c

Lines 34 to 49 in 238c865

* Here is the original legal notice accompanying the Rabbit submission
* to the EU eSTREAM competition.
*---------------------------------------------------------------------------
* Copyright (C) Cryptico A/S. All rights reserved.
*
* YOU SHOULD CAREFULLY READ THIS LEGAL NOTICE BEFORE USING THIS SOFTWARE.
*
* This software is developed by Cryptico A/S and/or its suppliers.
* All title and intellectual property rights in and to the software,
* including but not limited to patent rights and copyrights, are owned
* by Cryptico A/S and/or its suppliers.
*
* The software may be used solely for non-commercial purposes
* without the prior written consent of Cryptico A/S. For further
* information on licensing terms and conditions please contact
* Cryptico A/S at [email protected]

Looks rather startling to see. ( Being unlucky enough to find a declaration of what the license was is , well, awesome )

So my suggestion would be to:

  1. Retain copies of LibTomCrypts LICENSE, and others, as needed.
  2. Include a notice indicating bundling LibTomCrypt and friends to license, such as:
This module also contains copies of LibTomCrypt (https://github.com/libtom/libtomcrypt),
which has a collection of aggregated 3rd party libraries,
all of which fall into public-domain usage licenses.

Or something along those lines.

hpux 11 ia64 - make ok make test fails register_all_ciphers

perl-5.30.
serveral versions of CryptX (49, 64 and master)

chmod 755 blib/arch/auto/CryptX/CryptX.so
Manifying 107 pod documents
bash-3.2# make test
"/opt/perlutils/Perl64-5.30.0/bin/perl" -MExtUtils::Command::MM -e 'cp_nonempty' -- CryptX.bs blib/arch/auto/CryptX/CryptX.bs 644
PERL_DL_NONLAZY=1 "/opt/perlutils/Perl64-5.30.0/bin/perl" "-MExtUtils::Command::MM" "-MTest::Harness" "-e" "undef *Test::Harness::Switches; tt
t/001_compile.t ..................... FATAL: register_all_ciphers failed at /opt/perlutils/Perl64-5.30.0/lib/5.30.0/IA64.ARCHREV_0-thread-mul.
Compilation failed in require at /.cpan/build/perl-CryptX-master/perl-CryptX-master/blib/lib/Crypt/AuthEnc/CCM.pm line 14.
BEGIN failed--compilation aborted at /.cpan/build/perl-CryptX-master/perl-CryptX-master/blib/lib/Crypt/AuthEnc/CCM.pm line 14.

What is strange is that if I compile the demo with tomcrypt and link to allinone it works (tomcrypt demo) fine.

bash-3.2# perl -V
Summary of my perl5 (revision 5 version 30 subversion 0) configuration:

  Platform:
    osname=hpux
    osvers=11.31
    archname=IA64.ARCHREV_0-thread-multi-64int
    uname='hp-ux scc-hpux b.11.31 u ia64 0261372810 unlimited-user license '
    config_args='-Duse64bitint -Dusethreads -Dcc=gcc -Dprefix=/opt/perlutils/Perl64-5.30.0'
    hint=recommended
    useposix=true
    d_sigaction=define
    useithreads=define
    usemultiplicity=define
    use64bitint=define
    use64bitall=undef
    uselongdouble=undef
    usemymalloc=n
    default_inc_excludes_dot=define
    bincompat5005=undef
  Compiler:
    cc='gcc'
    ccflags ='-D_POSIX_C_SOURCE=199506L -D_REENTRANT -D_HPUX_SOURCE -fno-strict-aliasing -pipe -I/usr/local/include -D_LARGEFILE_SOURCE -D_FI'
    optimize='-g -O'
    cppflags='-D_HPUX_SOURCE -D_POSIX_C_SOURCE=199506L -D_REENTRANT -D_HPUX_SOURCE -fno-strict-aliasing -pipe -I/usr/local/include'
    ccversion=''
    gccversion='4.2.3'
 gccosandvers=''
    intsize=4
    longsize=4
    ptrsize=4
    doublesize=8
    byteorder=87654321
    doublekind=4
    d_longlong=define
    longlongsize=8
    d_longdbl=define
    longdblsize=16
    longdblkind=2
    ivtype='long long'
    ivsize=8
    nvtype='double'
    nvsize=8
    Off_t='off_t'
    lseeksize=8
    alignbytes=8
    prototype=define
  Linker and Libraries:
    ld='/usr/bin/ld'
    ldflags =' -L/usr/local/lib -L/usr/lib/hpux32'
    libpth=/usr/local/lib /usr/lib /usr/lib/hpux32 /lib /usr/ccs/lib
    libs=-lcl -lpthread -lnsl -lndbm -ldl -lm -lcrypt -lsec -lc
    perllibs=-lcl -lpthread -lnsl -ldl -lm -lcrypt -lsec -lc
    libc=/usr/lib/hpux32/libc.so
    so=so
    useshrplib=true
    libperl=libperl.so
    gnulibc_version=''
  Dynamic Linking:
    dlsrc=dl_hpux.xs
    dlext=so
    d_dlsymun=undef
 ccdlflags='-Wl,-E -Wl,-B,deferred '
    cccdlflags='-fPIC'
    lddlflags='-b -L/usr/local/lib -L/usr/lib/hpux32'


Characteristics of this binary (from libperl):
  Compile-time options:
    HAS_TIMES
    MULTIPLICITY
    PERLIO_LAYERS
    PERL_COPY_ON_WRITE
    PERL_DONT_CREATE_GVSV
    PERL_IMPLICIT_CONTEXT
    PERL_MALLOC_WRAP
    PERL_OP_PARENT
    PERL_PRESERVE_IVUV
    USE_64_BIT_INT
    USE_FAST_STDIO
    USE_ITHREADS
    USE_LARGE_FILES
    USE_LOCALE
    USE_LOCALE_COLLATE
    USE_LOCALE_CTYPE
    USE_LOCALE_NUMERIC
    USE_LOCALE_TIME
    USE_PERLIO
    USE_PERL_ATOF
    USE_REENTRANT_API
  Built under hpux
  Compiled at Jul  9 2019 12:00:55
  @INC:
    /opt/perlutils/Perl64-5.30.0/lib/site_perl/5.30.0/IA64.ARCHREV_0-thread-multi-LP64
    /opt/perlutils/Perl64-5.30.0/lib/site_perl/5.30.0
    /opt/perlutils/Perl64-5.30.0/lib/5.30.0/IA64.ARCHREV_0-thread-multi-LP64
    /opt/perlutils/Perl64-5.30.0/lib/5.30.0
#5

Crypt::PK::ECC - Apple's APNS pkcs8 auth key import fails

Original report by @rockbone

I'm developping a library for sending notification via APNS using Apple's new API.
I have to make a request using a private key obtained from Apple, but I can not import that key with Crypt :: PK :: ECC.

In openssl command(OpenSSL 1.0.2j 26 Sep 2016), I could import by doing as follows.

    my $secret = `openssl pkcs8 -nocrypt -in APNs.p8`;

In Crypt :: PK :: ECC, I did the following.

    my $c = new Crypt::PK::ECC;
    $c->import_key("APNs.p8");

And error messages are following.

    # FATAL: ecc_import_pkcs8 failed: Invalid input packet.

Installer failed on macOS – Easy Workaround

When I attempted to install on macOS 10.12,

cpan install Crypt::PRNG

installer failed because the gzip and tar programs are in /usr/bin instead of /sw/bin. To work around that, create /sw/bin if necessary and then make symbolic links.

mkdir /sw
mkdir /sw/bin
ln -s /usr/bin/tar /sw/bin/tar
ln -s /usr/bin/gzip /sw/bin/gzip

OpenSSL interoperability broken

One more thing. According to your docs interoperability with OpenSSL should work. However:

# openssl ec -in eckey.priv.der -text -inform der
read EC key
unable to load Key
140206020048528:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1201:
140206020048528:error:0D08403A:asn1 encoding routines:ASN1_TEMPLATE_EX_D2I:nested asn1 error:tasn_dec.c:548:Field=publicKey, Type=EC_PRIVATEKEY
140206020048528:error:10092010:elliptic curve routines:d2i_ECPrivateKey:EC lib:ec_asn1.c:1024:

# openssl ec -in eckey.priv.pem -text
read EC key
unable to load Key
139854706574992:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1201:
139854706574992:error:0D08403A:asn1 encoding routines:ASN1_TEMPLATE_EX_D2I:nested asn1 error:tasn_dec.c:548:Field=publicKey, Type=EC_PRIVATEKEY
139854706574992:error:10092010:elliptic curve routines:d2i_ECPrivateKey:EC lib:ec_asn1.c:1024:
139854706574992:error:100DE08E:elliptic curve routines:OLD_EC_PRIV_DECODE:decode error:ec_ameth.c:541:
139854706574992:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1201:
139854706574992:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:374:Type=X509_ALGOR
139854706574992:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:697:Field=pkeyalg, Type=PKCS8_PRIV_KEY_INFO
139854706574992:error:0907B00D:PEM routines:PEM_READ_BIO_PRIVATEKEY:ASN1 lib:pem_pkey.c:141:

#  openssl ec -in eckey-passwd.priv.pem -text -inform pem -passin pass:secret
read EC key
unable to load Key
140468985894544:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1201:
140468985894544:error:0D08403A:asn1 encoding routines:ASN1_TEMPLATE_EX_D2I:nested asn1 error:tasn_dec.c:548:Field=publicKey, Type=EC_PRIVATEKEY
140468985894544:error:10092010:elliptic curve routines:d2i_ECPrivateKey:EC lib:ec_asn1.c:1024:
140468985894544:error:100DE08E:elliptic curve routines:OLD_EC_PRIV_DECODE:decode error:ec_ameth.c:541:
140468985894544:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1201:
140468985894544:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:374:Type=X509_ALGOR
140468985894544:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:697:Field=pkeyalg, Type=PKCS8_PRIV_KEY_INFO
140468985894544:error:0907B00D:PEM routines:PEM_READ_BIO_PRIVATEKEY:ASN1 lib:pem_pkey.c:141:

Processing eckey.pub.der + eckey.pub.pem works fine.

With RSA it's the other way round. rsakey-passwd.priv.pem, rsakey.priv.der and rsakey.priv.pem works. rsakey.pub.der + rsakey.pub.pem don't work:

# openssl rsa -in rsakey.pub.pem -pubin -text
unable to load Public Key
140151035901584:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1201:
140151035901584:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:374:Type=X509_ALGOR
140151035901584:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:697:Field=algor, Type=X509_PUBKEY
140151035901584:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:pem_oth.c:83:

Importing keys generated by openssl works. Any quick ideas?

Fails tests without '.' in @INC

On perls with -Ddefault_inc_excludes_dot ( explicitly on 5.25.10, default on 5.25.11+ )

Can't locate t/mbi_ltm/bigintpm.inc in @INC (@INC contains: /home/kent/.cpanm/work/1490272047.10617/CryptX-0.044/blib/lib /home/kent/.cpanm/work/1490272047.10617/CryptX-0.044/blib/arch /home/kent/.cpanm/work/1490272047.10617/CryptX-0.044/blib/lib /home/kent/.cpanm/work/1490272047.10617/CryptX-0.044/blib/arch /home/kent/.cpanm/work/1490272047.10617/CryptX-0.044/blib/lib /home/kent/.cpanm/work/1490272047.10617/CryptX-0.044/blib/arch /home/kent/.cpanm/work/1490272047.10617/CryptX-0.044/blib/lib /home/kent/.cpanm/work/1490272047.10617/CryptX-0.044/blib/arch /home/kent/.cpanm/work/1490272047.10617/CryptX-0.044/blib/lib /home/kent/.cpanm/work/1490272047.10617/CryptX-0.044/blib/arch /home/kent/perl5/perlbrew/perls/5.25.10-nossp-sdbm-nopmc-nodot/lib/site_perl/5.25.10/x86_64-linux /home/kent/perl5/perlbrew/perls/5.25.10-nossp-sdbm-nopmc-nodot/lib/site_perl/5.25.10 /home/kent/perl5/perlbrew/perls/5.25.10-nossp-sdbm-nopmc-nodot/lib/5.25.10/x86_64-linux /home/kent/perl5/perlbrew/perls/5.25.10-nossp-sdbm-nopmc-nodot/lib/5.25.10) at t/mbi_ltm_bigintpm.t line 52.
# Looks like your test exited with 2 just after 6.
t/mbi_ltm_bigintpm.t ................ 
Dubious, test returned 2 (wstat 512, 0x200)
Failed 3722/3728 subtests 
Can't locate t/mbi_ltm/bigfltpm.inc in @INC (@INC contains: /home/kent/.cpanm/work/1490272047.10617/CryptX-0.044/blib/lib /home/kent/.cpanm/work/1490272047.10617/CryptX-0.044/blib/arch /home/kent/.cpanm/work/1490272047.10617/CryptX-0.044/blib/lib /home/kent/.cpanm/work/1490272047.10617/CryptX-0.044/blib/arch /home/kent/.cpanm/work/1490272047.10617/CryptX-0.044/blib/lib /home/kent/.cpanm/work/1490272047.10617/CryptX-0.044/blib/arch /home/kent/.cpanm/work/1490272047.10617/CryptX-0.044/blib/lib /home/kent/.cpanm/work/1490272047.10617/CryptX-0.044/blib/arch /home/kent/.cpanm/work/1490272047.10617/CryptX-0.044/blib/lib /home/kent/.cpanm/work/1490272047.10617/CryptX-0.044/blib/arch /home/kent/.cpanm/work/1490272047.10617/CryptX-0.044/blib/lib /home/kent/.cpanm/work/1490272047.10617/CryptX-0.044/blib/arch /home/kent/perl5/perlbrew/perls/5.25.10-nossp-sdbm-nopmc-nodot/lib/site_perl/5.25.10/x86_64-linux /home/kent/perl5/perlbrew/perls/5.25.10-nossp-sdbm-nopmc-nodot/lib/site_perl/5.25.10 /home/kent/perl5/perlbrew/perls/5.25.10-nossp-sdbm-nopmc-nodot/lib/5.25.10/x86_64-linux /home/kent/perl5/perlbrew/perls/5.25.10-nossp-sdbm-nopmc-nodot/lib/5.25.10) at t/mbi_ltm_bigfltpm.t line 41.
# Looks like your test exited with 2 just after 5.
t/mbi_ltm_bigfltpm.t ................ 
Dubious, test returned 2 (wstat 512, 0x200)
Failed 2409/2414 subtests 
	(less 1 skipped subtest: 4 okay)
# use64=1 ivsize=8 ivtype=long use64bitint=define
t/mbi_ltm_mbi-from-big-scalar.t ..... ok
Can't locate t/mbi_ltm/bigintpm.inc in @INC (@INC contains: /home/kent/.cpanm/work/1490272047.10617/CryptX-0.044/blib/lib /home/kent/.cpanm/work/1490272047.10617/CryptX-0.044/blib/arch /home/kent/.cpanm/work/1490272047.10617/CryptX-0.044/blib/lib /home/kent/.cpanm/work/1490272047.10617/CryptX-0.044/blib/arch /home/kent/.cpanm/work/1490272047.10617/CryptX-0.044/blib/lib /home/kent/.cpanm/work/1490272047.10617/CryptX-0.044/blib/arch /home/kent/.cpanm/work/1490272047.10617/CryptX-0.044/blib/lib /home/kent/.cpanm/work/1490272047.10617/CryptX-0.044/blib/arch /home/kent/.cpanm/work/1490272047.10617/CryptX-0.044/blib/lib /home/kent/.cpanm/work/1490272047.10617/CryptX-0.044/blib/arch /home/kent/perl5/perlbrew/perls/5.25.10-nossp-sdbm-nopmc-nodot/lib/site_perl/5.25.10/x86_64-linux /home/kent/perl5/perlbrew/perls/5.25.10-nossp-sdbm-nopmc-nodot/lib/site_perl/5.25.10 /home/kent/perl5/perlbrew/perls/5.25.10-nossp-sdbm-nopmc-nodot/lib/5.25.10/x86_64-linux /home/kent/perl5/perlbrew/perls/5.25.10-nossp-sdbm-nopmc-nodot/lib/5.25.10) at t/mbi_ltm_bugs.t line 52.
# Looks like your test exited with 2 just after 6.
t/mbi_ltm_bugs.t .................... 
Dubious, test returned 2 (wstat 512, 0x200)
Failed 3722/3728 subtests

RC2 does not support 40bit encryption

Even though 40bits is far from sufficient to use in a real crypto application, there have been many cases where 40 bit keys were used. for example in pkcs12 : pbewithSHAAnd40BitRC2CBC

I think it would be nice if the RC2 module did not reject small keysizes.

willem

Test fails using built-in Perl 5.18 on macOS Catalina

Catalina does not allow relative paths to shared libraries, making t/mbi_ltm_bigintg.t fail. A possible fix is using rel2abs

#!/usr/bin/perl -w

use strict;
use Test;
use File::Spec::Functions 'rel2abs';

BEGIN {
    $| = 1;
    chdir 't' if -d 't';
    unshift @INC, rel2abs('../lib');             # for running manually
    unshift @INC, rel2abs('../blib/arch');       # for running manually
    plan tests => 356;
}

CTR mode appears to preincrement IV once before emitting a single byte of encrypted stream

First of all, I'm very pleased at having discovered CryptX. This library is very pleasant to use for cryptograhpic operations and has trivially simple API for wide range of tasks that I've undertaken, including RSA key generation, PEM encryption, RSA + AES encryption, HMAC, and finally XTS and CTR cipher modes. To put it shortly, its API and functionality are far superior to anything that has come before.

I'm currently developing a software system composed of a Java client and Perl server, and ran into an interoperability issue when designing a stream cipher that is used to encrypt files that are temporarily stored on server's disk using AES-128-CTR cipher with a random session key that is encrypted with RSA. The cipher's IV is initialized to the file seek offset divided by 16. In other words, the design is that the IV would start from 0 at the beginning of file, and counts up every time a block of 16 bytes has been processed.

I noticed that to make Crypt::Mode::CTR and Java's AES/CTR/NoPadding modes compatible, Perl must use IV value of "\xff" x 16 and the big-endian IV counter mode (1), whereas Java uses IV "\x00" (and offers no choice regarding the way counter is incremented). Based on result of encrypting "\x00" x 16 using AES128 with key "\x00" x 16, Java appears to actually start its CTR stream from IV=0 as one would expect to happen, but Crypt::Mode::CTR has incremented the IV once before generating the stream.

This is not necessarily a bug -- I'm not sure how CTR mode is supposed to officially work -- but regardless such an implementation difference was a surprise to me, and required some debug time before I was able to make the client and server interoperate again. I would suggest changing this behavior such that the first block of the stream is generated from the IV provided by user. The mode parameter should probably be extended by another bit to retain backwards compatibility.

Request: export_key_jwk_struct()

For creating JWS for the ACME protocol it’s useful to have a JWK in a data structure rather than in serialized format. Could a function for that be added here?

Thank you!

RFC 7518 specifies SHA lengths?

https://tools.ietf.org/html/rfc7518#page-8

^^ There doesn’t seem to be any use given for, say, P-256 with SHA-1, though that is the default for the RFC 7518 methods in Crypt::PK::ECC.

Should the defaults be changed to correspond to the curve length? Otherwise each implementation will need to maintain the mapping on the page linked above.

HP-UX 11.11 C-ANSI-C has no stdint.h

By the time these archaic systems were still modern, stdint.h did not exist on HP-UX

I created src/ltm/stdint.h:

#define MP_32BIT

(MP_64BIT caused epic failures)

HP-UX 11.11/64 U  rp3410/64 PA8800/800
This is perl 5, version 14, subversion 2 (v5.14.2) built for PA-RISC2.0-LP64

With above define, I saw

All tests successful.
Files=134, Tests=29513, 407 wallclock secs (15.24 usr  0.95 sys + 318.28 cusr  6.44 csys = 340.91 CPU)
Result: PASS

Static compile fails with "multiple definition of `rijndael_setup'"

Trying to compile with staticperl(https://metacpan.org/pod/distribution/App-Staticperl/staticperl.pod) on debian jessie failes with the following error, modular compile works (e.g. cpanm), just static compile has problems:

/root/.staticperl/perl/lib/auto/Crypt/Rijndael/Rijndael.a(_rijndael.o): In function `rijndael_setup':
/root/.staticperl/cpan/build/Crypt-Rijndael-1.13-0/_rijndael.c:310: multiple definition of `rijndael_setup'
blib/arch/auto/CryptX/CryptX.a(aes.o):/root/.staticperl/cpan/build/CryptX-0.055-2/src/ltc/ciphers/aes/aes.c:127: first defined here

See Full log here: err.log

Crypt::PK::RSA->new($jwk) changes $jwk 

#!/usr/bin/env perl

use Crypt::Digest;
use JSON::XS;

use MIME::Base64;

use Crypt::PK::RSA;

my $pem = <<END;
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAln/cp6g/c65R6uYmwFx6AF1PyyZF7N1EaLhvUjDStK6Scmp/
XCD+ynz5Q1iS0Q2t8gnh/s5dQtThiuvOGxCK1j69TA6Jpo0uUBL+gzf3J25PhqdN
mTbGGRNkD0aT8qfeY9/bXTA1vmawh+46A6xrVFiT62NK7IdsyQNzrtR9QwzcSR79
m9UqTVe5MdDB9tZZIotmqWQlZ5MVb26PPmgkuh6AthS+an2KeDdYRwAyQtfR1B6f
+swzIPwq+AUy1pfmGVe+d6K5dCOU9RUMPPRiQ7atmodAxfcWywmnrCtSCfPk0fkT
LN4RsuCWV85NXcGnpr41m4uacALT0Xs0IqBKbwIDAQABAoIBAAwU1ZTL59QUgVT3
BtNYWR7gXsBzIRfjp1M0wxL5AmEoxm7S58hwiaOdprDmUlrf2z/b1T2MOWZdCoIJ
bfE0QcDzJmUNobUyDi61Z6MHAhszOsUXdx4+jGaE7Ppg8w1+tlaUKNrxPM89FRzE
XfnfhHov5if2P5R/RpdYZJf7TNbt+NjpMesv3N3KPgG27fOHJISAJKrdQbfZm1I5
+PiTHnP5pZDjCEe7M/lLdSWo+NSK79NKRlDBPRwfzUBX0K8y0V2gQwUs1fZNYPRw
+0/jshvgNwk9hZ3sO4eMjSNeJvle+tI74FNzV7AFpUqd+CyuUGxfGKuvsZVThevv
5uB/irECgYEAxo2GOEM3NWJYBCrFGtX7DfHGbs5e9WZjVPTJTMjvEc/iwz2DUFBG
bQVvzm0U6ghRhCSejW+458kEkf2oUTYJL6r2cZmgePzD4QgehvfjkjREjB3Kdwzw
b1CA9sDfa+wes13nHxHjhtme7xSJsucBg72bwubEruqSfxI095lqmNcCgYEAwgsa
5ViHw+K4rGq0Rp0IQNfiWcJOAMyeM53cbi1zq9k/Bc1m5KZIpZ+TA0z+ep2CotRU
vFD/QMRJ3P9fHk4zTUFjQ41J+EwAURsk9ET3zTXSoLX7qeCkfC6SY7+V8VTekz/f
atHb4UBA3AvIbu4jZsjleaBe66qPp+7ryWMWsCkCgYA5Flnf9Vt7SuJZmF6Bn8KG
ONy/4TAmSKEIvTTfkepC6c2eKyKFRf9puyVxaaWYwHmHj+vSaKv2YLKisxbg+rNb
dEFVWkFsZ+h93BLC5aUV1VdcHfinkB3VM4VQ7RWP9xzAn6AjK8aKcCmlPfd1a7vg
v/R37lfgnusuA/McuYyPkwKBgHkssikStgWvqZ+SKu4F1keYCTQAUPHS1eBp7mOn
YpqoWeDnuh+Db85t7kKbbDdp8VB5xEitVBk/+thVaTLlpsfR04k1zEGQRIphpxwb
jZvKxrOxsW0Oaelas/QyihJg63WM55ovX14038wKV6pecCEZx6PCcEQ/COLYIspq
ZJqxAoGBAK3l9ypIlp6gHij71oVM60I3AHGl4eY+CMwWUjQCf9Wd3VY4roakkc8n
40xRV5a4I0G5j7BYkDTWJDlVbOEgK5WVANgrh9TMnoMyKeywQLoeFbFeExVeuB4V
UEM6MQ9oDlLHuanc1FouqyRA+cku4Sgt/bf2/hTKFdEJLnS9Rdgm
-----END RSA PRIVATE KEY-----
END

my $rsa = Crypt::PK::RSA->new( \$pem );
print "From PEM: " . $rsa->export_key_jwk_thumbprint("SHA256") . $/;

my $jwk = $rsa->export_key_jwk("public",1);

#Comment and uncomment this line to see the change to $jwk in the JSON.
print "From JWK: " . Crypt::PK::RSA->new($jwk)->export_key_jwk_thumbprint("SHA256") . $/;

my $json = JSON::XS->new()->canonical(1)->encode($jwk);
print "JSON: $json\n";
print "From raw: " . MIME::Base64::encode_base64url( Crypt::Digest::digest_data("SHA256", $json));

Imoprove interface

proposition:

 $range_string = random_string($length, $range);

This is more consistent, because $length is first argument and similar to other random_*

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.