Crypt-DSA-1.20000755001750001750 015201713606 11710 5ustar00timtim000000000000README100644001750001750 1210515201713606 12670 0ustar00timtim000000000000Crypt-DSA-1.20NAME Crypt::DSA - DSA Signatures and Key Generation SYNOPSIS use Crypt::DSA; my $dsa = Crypt::DSA->new; my $key = $dsa->keygen( Size => 512, Seed => $seed, Verbosity => 1 ); my $sig = $dsa->sign( Message => "foo bar", Key => $key ); my $verified = $dsa->verify( Message => "foo bar", Signature => $sig, Key => $key, ); DESCRIPTION *Crypt::DSA* is an implementation of the DSA (Digital Signature Algorithm) signature verification system. The implementation itself is pure Perl, although the heavy-duty mathematics underneath are provided by the *Math::Pari* library. This package provides DSA signing, signature verification, and key generation. SECURITY DSA (Digital Signature Algorithm) signatures are no longer considered to be adequate for security. This module should only be used for verifying old signatures and should not be used for new signatures. That being said, some technologies still require DSA signatures even in 2024. Consider using other solutions or explicitly not using DSA signatures. USAGE The *Crypt::DSA* public interface is similar to that of *Crypt::RSA*. This was done intentionally. Crypt::DSA->new Constructs a new *Crypt::DSA* object. At the moment this isn't particularly useful in itself, other than being the object you need to do much else in the system. Returns the new object. $key = $dsa->keygen(%arg) Generates a new set of DSA keys, including both the public and private portions of the key. *%arg* can contain: * Size The size in bits of the *p* value to generate. The *q* and *g* values are always 160 bits each. This argument is mandatory. * Seed A seed with which *q* generation will begin. If this seed does not lead to a suitable prime, it will be discarded, and a new random seed chosen in its place, until a suitable prime can be found. This is entirely optional, and if not provided a random seed will be generated automatically. * Verbosity Should be either 0 or 1. A value of 1 will give you a progress meter during *p* and *q* generation--this can be useful, since the process can be relatively long. The default is 0. $signature = $dsa->sign(%arg) Signs a message (or the digest of a message) using the private portion of the DSA key and returns the signature. The return value--the signature--is a *Crypt::DSA::Signature* object. *%arg* can include: * Digest A digest to be signed. The digest should be 20 bytes in length or less. You must provide either this argument or *Message* (see below). * Key The *Crypt::DSA::Key* object with which the signature will be generated. Should contain a private key attribute (*priv_key*). This argument is required. * Message A plaintext message to be signed. If you provide this argument, *sign* will first produce a SHA1 digest of the plaintext, then use that as the digest to sign. Thus writing my $sign = $dsa->sign(Message => $message, ... ); is a shorter way of writing use Digest::SHA qw( sha1 ); my $sig = $dsa->sign(Digest => sha1( $message ), ... ); $verified = $dsa->verify(%arg) Verifies a signature generated with *sign*. Returns a true value on success and false on failure. *%arg* can contain: * Key Key of the signer of the message; a *Crypt::DSA::Key* object. The public portion of the key is used to verify the signature. This argument is required. * Signature The signature itself. Should be in the same format as returned from *sign*, a *Crypt::DSA::Signature* object. This argument is required. * Digest The original signed digest whose length is less than or equal to 20 bytes. Either this argument or *Message* (see below) must be present. * Message As above in *sign*, the plaintext message that was signed, a string of arbitrary length. A SHA1 digest of this message will be created and used in the verification process. TODO Add ability to munge format of keys. For example, read/write keys from/to key files (SSH key files, etc.), and also write them in other formats. SUPPORT Bugs should be reported via the CPAN bug tracker at For other issues, contact the author. AUTHOR Benjamin Trott COPYRIGHT Except where otherwise noted, Crypt::DSA is Copyright 2006 - 2011 Benjamin Trott. Crypt::DSA is free software; you may redistribute it and/or modify it under the same terms as Perl itself. LICENSE100644001750001750 4640015201713606 13022 0ustar00timtim000000000000Crypt-DSA-1.20This software is copyright (c) 2026 by Benjamin Trott . This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself. Terms of the Perl programming language system itself a) the GNU General Public License as published by the Free Software Foundation; either version 1, or (at your option) any later version, or b) the "Artistic License" --- The GNU General Public License, Version 1, February 1989 --- This software is Copyright (c) 2026 by Benjamin Trott . This is free software, licensed under: The GNU General Public License, Version 1, February 1989 GNU GENERAL PUBLIC LICENSE Version 1, February 1989 Copyright (C) 1989 Free Software Foundation, Inc. Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The license agreements of most software companies try to keep users at the mercy of those companies. By contrast, our General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. The General Public License applies to the Free Software Foundation's software and to any other program whose authors commit to using it. You can use it for your programs, too. When we speak of free software, we are referring to freedom, not price. Specifically, the General Public License is designed to make sure that you have the freedom to give away or sell copies of free software, that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it. For example, if you distribute copies of a such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must tell them their rights. We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software. Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations. The precise terms and conditions for copying, distribution and modification follow. GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License Agreement applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any work containing the Program or a portion of it, either verbatim or with modifications. Each licensee is addressed as "you". 1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this General Public License and to the absence of any warranty; and give any other recipients of the Program a copy of this General Public License along with the Program. You may charge a fee for the physical act of transferring a copy. 2. You may modify your copy or copies of the Program or any portion of it, and copy and distribute such modifications under the terms of Paragraph 1 above, provided that you also do the following: a) cause the modified files to carry prominent notices stating that you changed the files and the date of any change; and b) cause the whole of any work that you distribute or publish, that in whole or in part contains the Program or any part thereof, either with or without modifications, to be licensed at no charge to all third parties under the terms of this General Public License (except that you may choose to grant warranty protection to some or all third parties, at your option). c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the simplest and most usual way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this General Public License. d) You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. Mere aggregation of another independent work with the Program (or its derivative) on a volume of a storage or distribution medium does not bring the other work under the scope of these terms. 3. You may copy and distribute the Program (or a portion or derivative of it, under Paragraph 2) in object code or executable form under the terms of Paragraphs 1 and 2 above provided that you also do one of the following: a) accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Paragraphs 1 and 2 above; or, b) accompany it with a written offer, valid for at least three years, to give any third party free (except for a nominal charge for the cost of distribution) a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Paragraphs 1 and 2 above; or, c) accompany it with the information you received as to where the corresponding source code may be obtained. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form alone.) Source code for a work means the preferred form of the work for making modifications to it. For an executable file, complete source code means all the source code for all modules it contains; but, as a special exception, it need not include source code for modules which are standard libraries that accompany the operating system on which the executable file runs, or for standard header files or definitions files that accompany that operating system. 4. You may not copy, modify, sublicense, distribute or transfer the Program except as expressly provided under this General Public License. Any attempt otherwise to copy, modify, sublicense, distribute or transfer the Program is void, and will automatically terminate your rights to use the Program under this License. However, parties who have received copies, or rights to use copies, from you under this General Public License will not have their licenses terminated so long as such parties remain in full compliance. 5. By copying, distributing or modifying the Program (or any work based on the Program) you indicate your acceptance of this license to do so, and all its terms and conditions. 6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. 7. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies a version number of the license which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of the license, you may choose any version ever published by the Free Software Foundation. 8. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. NO WARRANTY 9. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 10. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS Appendix: How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to humanity, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. Copyright (C) 19yy This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 1, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, see . Also add information on how to contact you by electronic and paper mail. If the program is interactive, make it output a short notice like this when it starts in an interactive mode: Gnomovision version 69, Copyright (C) 19xx name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, the commands you use may be called something other than `show w' and `show c'; they could even be mouse-clicks or menu items--whatever suits your program. You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the program, if necessary. Here a sample; alter the names: Yoyodyne, Inc., hereby disclaims all copyright interest in the program `Gnomovision' (a program to direct compilers to make passes at assemblers) written by James Hacker. , 1 April 1989 Moe Ghoul, President of Vice That's all there is to it! --- The Perl Artistic License 1.0 --- This software is Copyright (c) 2026 by Benjamin Trott . This is free software, licensed under: The Perl Artistic License 1.0 The "Artistic License" Preamble The intent of this document is to state the conditions under which a Package may be copied, such that the Copyright Holder maintains some semblance of artistic control over the development of the package, while giving the users of the package the right to use and distribute the Package in a more-or-less customary fashion, plus the right to make reasonable modifications. Definitions: "Package" refers to the collection of files distributed by the Copyright Holder, and derivatives of that collection of files created through textual modification. "Standard Version" refers to such a Package if it has not been modified, or has been modified in accordance with the wishes of the Copyright Holder as specified below. "Copyright Holder" is whoever is named in the copyright or copyrights for the package. "You" is you, if you're thinking about copying or distributing this Package. "Reasonable copying fee" is whatever you can justify on the basis of media cost, duplication charges, time of people involved, and so on. (You will not be required to justify it to the Copyright Holder, but only to the computing community at large as a market that must bear the fee.) "Freely Available" means that no fee is charged for the item itself, though there may be fees involved in handling the item. It also means that recipients of the item may redistribute it under the same conditions they received it. 1. You may make and give away verbatim copies of the source form of the Standard Version of this Package without restriction, provided that you duplicate all of the original copyright notices and associated disclaimers. 2. You may apply bug fixes, portability fixes and other modifications derived from the Public Domain or from the Copyright Holder. A Package modified in such a way shall still be considered the Standard Version. 3. You may otherwise modify your copy of this Package in any way, provided that you insert a prominent notice in each changed file stating how and when you changed that file, and provided that you do at least ONE of the following: a) place your modifications in the Public Domain or otherwise make them Freely Available, such as by posting said modifications to Usenet or an equivalent medium, or placing the modifications on a major archive site such as uunet.uu.net, or by allowing the Copyright Holder to include your modifications in the Standard Version of the Package. b) use the modified Package only within your corporation or organization. c) rename any non-standard executables so the names do not conflict with standard executables, which must also be provided, and provide a separate manual page for each non-standard executable that clearly documents how it differs from the Standard Version. d) make other distribution arrangements with the Copyright Holder. 4. You may distribute the programs of this Package in object code or executable form, provided that you do at least ONE of the following: a) distribute a Standard Version of the executables and library files, together with instructions (in the manual page or equivalent) on where to get the Standard Version. b) accompany the distribution with the machine-readable source of the Package with your modifications. c) give non-standard executables non-standard names, and clearly document the differences in manual pages (or equivalent), together with instructions on where to get the Standard Version. d) make other distribution arrangements with the Copyright Holder. 5. You may charge a reasonable copying fee for any distribution of this Package. You may charge any fee you choose for support of this Package. You may not charge a fee for this Package itself. However, you may distribute this Package in aggregate with other (possibly commercial) programs as part of a larger (possibly commercial) software distribution provided that you do not advertise this Package as a product of your own. You may embed this Package's interpreter within an executable of yours (by linking); this shall be construed as a mere form of aggregation, provided that the complete Standard Version of the interpreter is so embedded. 6. The scripts and library files supplied as input to or produced as output from the programs of this Package do not automatically fall under the copyright of this Package, but belong to whoever generated them, and may be sold commercially, and may be aggregated with this Package. If such scripts or library files are aggregated with this Package via the so-called "undump" or "unexec" methods of producing a binary executable image, then distribution of such an image shall neither be construed as a distribution of this Package nor shall it fall under the restrictions of Paragraphs 3 and 4, provided that you do not represent such an executable image as a Standard Version of this Package. 7. C subroutines (or comparably compiled subroutines in other languages) supplied by you and linked into this Package in order to emulate subroutines and variables of the language defined by this Package shall not be considered part of this Package, but are the equivalent of input as in Paragraph 6, provided these subroutines do not change the language in any way that would cause it to fail the regression tests for the language. 8. Aggregation of this Package with a commercial distribution is always permitted provided that the use of this Package is embedded; that is, when no overt attempt is made to make this Package's interfaces visible to the end user of the commercial distribution. Such use shall not be construed as a distribution of this Package. 9. The name of the Copyright Holder may not be used to endorse or promote products derived from this software without specific prior written permission. 10. THIS PACKAGE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. The End Changes100644001750001750 1166115201713606 13311 0ustar00timtim000000000000Crypt-DSA-1.20Revision history for Perl extension Crypt-DSA 1.20 -- Fri May 15 19:00:36 ADT 2026 - This module is now makred as deprecated. Crypt-DSA-GMP is a possible replacement. - Improve the call to IPC::Open3::open3 - Security Fix CVE-2026-8704: replace two arg open - Security Fix CVE-2026-8700: replace rand() - Add a security policy - Add use warnings - Fixes #86424: typo fix 1.19 -- Wed Dec 04 10:49:10 AST 2024 [Changes since 1.17] - Release 1.18-TRIAL as a production release - New Maintainer - This release resolves CVE-2011-3599 - Added a statement to recommend against using DSA - Fixed a few long standing bugs - The build process is moved to Dist::Zilla - Thanks to all the people who contributed to the tickets that were closed [Detailed Change List] - 47bda33 Increment Repo Version - ffd39e8 (tag: 1.18) Update Changes for a Release [Changes since 1.17] - New Maintainer - This release resolves CVE-2011-3599 - Added a statement to recommend against using DSA - Fixed a few long standing bugs - The build process is moved to Dist::Zilla - Thanks to all the people who contributed to the tickets that were closed [Detailed Change List] - 3411005 Add a SECURITY statement about DSA - 1f5df72 Fixes RT#71342: Patch to use Digest::SHA - 06f420d Fix missed version numbers - 1946ead Remove old MANIFEST and META.yml from repo - 6c813c7 Fixes #19477: Crypt::DSA::Key -write comment wrong for public key - c28a8a3 Fix some of the Dependencies in dist.ini - fe15637 Fixed RT#71421: Systems without /dev/random may leak secret key - cf81bfc Fixes RT #156495 for Crypt-DSA t/04-pem.t - 24ac55b Convert build process to Dist::Zilla - b680374 (tag: 1.17) Import Crypt::DSA-1.17 from CPAN release 1.17 2011.06.16 - Upgrade to Module::Install 1.01 - Added support for OpenSSL 1.0.0 dsaparam format change. - Requires perl 5.6 now - Fixes for 64-bit support 1.16 2009.09.11 - Switching to production release - Switching to non-development version 0.15_01 2009.02.13 - Updated to Module::Install 0.91 - Added a consistent $VERSION across the entire distro - Removed the optional dependency on Convert::PEM for more consistent downstream packaging (it was pointless to ask since most people don't know what it is anyways). - Data::Buffer has almost perfect CPAN Testers PASS, so always install it (plus, SSH2 is common now). - Added some missing dependencies to the Makefile.PL - Removed the sign(1) and auto_install (which was dangerous) - Removed all the magic repository tags that would change depending on who was maintaining it. - Adding missing test_requires for Test.pm and Test::More (I'll migrate the remaining tests away from Test.pm next release) - Merged the ToDo file into the POD 0.14 2006.05.08 - Win32 fixes: use Data::Random as a fallback in make_random, better support for locating openssl. Thanks to CFRANKS for the patch. - Makefile.PL update, to the latest Module::Install. Thanks to Adam Kennedy for the patch. 0.13 2005.05.26 - Rewrote to use Math::BigInt instead of Math::Pari, including patches from Brad Fitzpatrick for a replacement for the isprime function (both using pure Perl and an external gp program). - Added optional Content argument to Crypt::DSA::Key->new, to specify serialized Content to be deserialized. - Added Signature serialization and deserialization of ASN.1-encoded structures. - Added ability to do key generation using an external openssl binary. Thanks to Brad Fitzpatrick for the patch. - Signature object now has better get/set acccessors. - Use Module::Install instead of hand-coded Makefile.PL. 0.12 2001.05.03 - Removed swap file from the distribution. :) 0.11 2001.05.02 - Added Crypt::DSA::Key::SSH2, which reads SSH2-format DSA key files. These are a different format than those used by OpenSSH (that uses PEM-encoded files). Currently only reading SSH2 key files is supported, and the files must not be encrypted. - Added size method to Crypt::DSA::Key. $key->size is number of bits in p. 0.10 2001.04.22 - Added much better test suite: tests bigint utilities in Util, sign/verify, key generation (512, 768, 1024 bits), PEM encoding/decoding (if Convert::PEM is installed), FIPS 186-2 example case. - Added interface to Convert::PEM to read/write encrypted PEM files containing ASN.1-encoded DSA keys. Convert::PEM is optional; Makefile.PL will check for it and warn if it can't be found. - Get/set accessors now take hex values and store their values internally as strings. Thanks to Crypt::RSA for the idea. :) 0.03 2001.04.07 - abstracted signature object into Crypt::DSA::Signature object. 0.02 2001.03.23 - split up code into separate modules (ie. KeyChain, Key, Util, etc.) - switched from using GMP to Pari - streamlined code - added documentation 0.01 2001.03.22 - original version; created by h2xs 1.19 META.yml100644001750001750 222215201713606 13240 0ustar00timtim000000000000Crypt-DSA-1.20--- abstract: 'DSA Signatures and Key Generation' author: - 'Benjamin Trott ' build_requires: Convert::PEM: '0.13' Crypt::DES_EDE3: '0' Data::Buffer: '0.01' ExtUtils::MakeMaker: '6.42' File::Which: '0.05' Math::BigInt: '1.78' Test::More: '0' configure_requires: ExtUtils::MakeMaker: '6.42' dynamic_config: 0 generated_by: 'Dist::Zilla version 6.038, CPAN::Meta::Converter version 2.150013' license: perl meta-spec: url: http://module-build.sourceforge.net/META-spec-v1.4.html version: '1.4' name: Crypt-DSA requires: Convert::ASN1: '0' Convert::PEM: '0.13' Crypt::SysRandom: '0' Crypt::URandom: '0' Data::Buffer: '0.01' Digest::SHA: '0' File::Spec: '0' File::Which: '0.05' IPC::Open3: '0' MIME::Base64: '0' Math::BigInt: '1.78' perl: '5.006' resources: homepage: https://github.com/perl-Crypt-OpenPGP/Crypt-DSA repository: https://github.com/perl-Crypt-OpenPGP/Crypt-DSA.git version: '1.20' x_deprecated: 1 x_generated_by_perl: v5.42.0 x_maintainers: - 'Timothy Legge ' x_serialization_backend: 'YAML::Tiny version 1.76' x_spdx_expression: 'Artistic-1.0-Perl OR GPL-1.0-or-later' MANIFEST100644001750001750 67615201713606 13113 0ustar00timtim000000000000Crypt-DSA-1.20# This file was automatically generated by Dist::Zilla::Plugin::Manifest v6.038 Changes LICENSE MANIFEST META.json META.yml Makefile.PL README SECURITY.md dist.ini lib/Crypt/DSA.pm lib/Crypt/DSA/Key.pm lib/Crypt/DSA/Key/PEM.pm lib/Crypt/DSA/Key/SSH2.pm lib/Crypt/DSA/KeyChain.pm lib/Crypt/DSA/Signature.pm lib/Crypt/DSA/Util.pm t/00-compile.t t/01-util.t t/02-sign.t t/03-keygen.t t/04-pem.t t/06-fips.t t/07-openid.t xt/meta.t xt/pmv.t xt/pod.t dist.ini100644001750001750 267315201713606 13445 0ustar00timtim000000000000Crypt-DSA-1.20name = Crypt-DSA author = Benjamin Trott license = Perl_5 abstract = DSA Signatures and Key Generation copyright_holder = Benjamin Trott [Deprecated] [Meta::Maintainers] maintainer = Timothy Legge [@Filter] -bundle = @Basic -remove = Readme -remove = GatherDir -remove = UploadToCPAN [Git::NextVersion] first_version = 1.18 ; this is the default version_by_branch = 0 ; this is the default version_regexp = ^(1.\d+)$ ; this is the default [Git::GatherDir] exclude_filename = Makefile.PL exclude_filename = LICENSE exclude_filename = META.yml exclude_filename = MANIFEST [CopyFilesFromBuild::Filtered] copy = Makefile.PL copy = LICENSE [OurPkgVersion] [AutoPrereqs] skip = ^vars$ skip = utf8 skip = warnings skip = strict skip = overload skip = base skip = feature skip = Symbol skip = constant skip = integer skip = Fcntl skip = Exporter skip = Carp [Prereqs/ConfigureRequires] ExtUtils::MakeMaker = 6.42 [Prereqs/BuildRequires] ExtUtils::MakeMaker = 6.42 Convert::PEM = 0.13 Data::Buffer = 0.01 File::Which = 0.05 Math::BigInt = 1.78 [Prereqs/TestRequires] [GithubMeta] remote = upstream [NextRelease] format = %v -- %{EEE MMM dd HH:mm:ss VVV yyyy}d filename = Changes [MetaJSON] [Git::Tag] tag_format = %V ; this is the default tag_message = %V ; this is the default [Git::Commit] changelog = Changes ; this is the default [SigStore::SignRelease] xt000755001750001750 015201713606 12264 5ustar00timtim000000000000Crypt-DSA-1.20pmv.t100644001750001750 125215201713606 13413 0ustar00timtim000000000000Crypt-DSA-1.20/xt#!/usr/bin/perl # Test that our declared minimum Perl version matches our syntax use strict; BEGIN { $| = 1; $^W = 1; } my @MODULES = ( 'Perl::MinimumVersion 1.27', 'Test::MinimumVersion 0.101080', ); # Don't run tests for installs use Test::More; unless ( $ENV{AUTOMATED_TESTING} or $ENV{RELEASE_TESTING} ) { plan( skip_all => "Author tests not required for installation" ); } # Load the testing modules foreach my $MODULE ( @MODULES ) { eval "use $MODULE"; if ( $@ ) { $ENV{RELEASE_TESTING} ? die( "Failed to load required release-testing module $MODULE" ) : plan( skip_all => "$MODULE not available for testing" ); } } all_minimum_version_from_metayml_ok(); pod.t100644001750001750 116715201713606 13400 0ustar00timtim000000000000Crypt-DSA-1.20/xt#!/usr/bin/perl # Test that the syntax of our POD documentation is valid use strict; BEGIN { $| = 1; $^W = 1; } my @MODULES = ( 'Pod::Simple 3.14', 'Test::Pod 1.44', ); # Don't run tests for installs use Test::More; unless ( $ENV{AUTOMATED_TESTING} or $ENV{RELEASE_TESTING} ) { plan( skip_all => "Author tests not required for installation" ); } # Load the testing modules foreach my $MODULE ( @MODULES ) { eval "use $MODULE"; if ( $@ ) { $ENV{RELEASE_TESTING} ? die( "Failed to load required release-testing module $MODULE" ) : plan( skip_all => "$MODULE not available for testing" ); } } all_pod_files_ok(); meta.t100644001750001750 107315201713606 13540 0ustar00timtim000000000000Crypt-DSA-1.20/xt#!/usr/bin/perl # Test that our META.yml file matches the current specification. use strict; BEGIN { $| = 1; $^W = 1; } my $MODULE = 'Test::CPAN::Meta 0.17'; # Don't run tests for installs use Test::More; unless ( $ENV{AUTOMATED_TESTING} or $ENV{RELEASE_TESTING} ) { plan( skip_all => "Author tests not required for installation" ); } # Load the testing module eval "use $MODULE"; if ( $@ ) { $ENV{RELEASE_TESTING} ? die( "Failed to load required release-testing module $MODULE" ) : plan( skip_all => "$MODULE not available for testing" ); } meta_yaml_ok(); META.json100644001750001750 406715201713606 13421 0ustar00timtim000000000000Crypt-DSA-1.20{ "abstract" : "DSA Signatures and Key Generation", "author" : [ "Benjamin Trott " ], "dynamic_config" : 0, "generated_by" : "Dist::Zilla version 6.038, CPAN::Meta::Converter version 2.150013", "license" : [ "perl_5" ], "meta-spec" : { "url" : "http://search.cpan.org/perldoc?CPAN::Meta::Spec", "version" : 2 }, "name" : "Crypt-DSA", "prereqs" : { "build" : { "requires" : { "Convert::PEM" : "0.13", "Data::Buffer" : "0.01", "ExtUtils::MakeMaker" : "6.42", "File::Which" : "0.05", "Math::BigInt" : "1.78" } }, "configure" : { "requires" : { "ExtUtils::MakeMaker" : "6.42" } }, "develop" : { "requires" : { "Test::More" : "0" } }, "runtime" : { "requires" : { "Convert::ASN1" : "0", "Convert::PEM" : "0.13", "Crypt::SysRandom" : "0", "Crypt::URandom" : "0", "Data::Buffer" : "0.01", "Digest::SHA" : "0", "File::Spec" : "0", "File::Which" : "0.05", "IPC::Open3" : "0", "MIME::Base64" : "0", "Math::BigInt" : "1.78", "perl" : "5.006" } }, "test" : { "requires" : { "Crypt::DES_EDE3" : "0", "Test::More" : "0" } } }, "release_status" : "stable", "resources" : { "homepage" : "https://github.com/perl-Crypt-OpenPGP/Crypt-DSA", "repository" : { "type" : "git", "url" : "https://github.com/perl-Crypt-OpenPGP/Crypt-DSA.git", "web" : "https://github.com/perl-Crypt-OpenPGP/Crypt-DSA" } }, "version" : "1.20", "x_deprecated" : 1, "x_generated_by_perl" : "v5.42.0", "x_maintainers" : [ "Timothy Legge " ], "x_serialization_backend" : "Cpanel::JSON::XS version 4.40", "x_spdx_expression" : "Artistic-1.0-Perl OR GPL-1.0-or-later" } t000755001750001750 015201713606 12074 5ustar00timtim000000000000Crypt-DSA-1.2004-pem.t100644001750001750 533415201713606 13430 0ustar00timtim000000000000Crypt-DSA-1.20/t#!/usr/bin/perl use strict; use warnings; BEGIN { $| = 1; $^W = 1; } use Test::More; BEGIN { eval { require Crypt::DES_EDE3 }; if ( $@ ) { Test::More->import( skip_all => 'no Crypt::DES_EDE3' ); } eval { require Convert::PEM }; if ( $@ ) { Test::More->import( skip_all => 'no Convert::PEM' ); } Test::More->import( tests => 26 ); } use Crypt::DSA; use Crypt::DSA::Key; use Crypt::DSA::Signature; my $keyfile = "./dsa-key.pem"; my $dsa = Crypt::DSA->new; my $key = $dsa->keygen( Size => 512 ); ## Serialize a signature. my $sig = $dsa->sign( Message => 'foo', Key => $key, ); ok($sig, 'Signature created correctly using Crypt::DSA->sign'); my $buf = $sig->serialize; ok($buf, 'Signature serialized correctly'); my $sig2 = Crypt::DSA::Signature->new( Content => $buf ); ok($sig2, 'Signature created correctly using Crypt::DSA::Signature'); is($sig2->r, $sig->r, '->r of both signatures is identical'); is($sig2->s, $sig->s, '->s of both signatures is identical'); ok($key->write( Type => 'PEM', Filename => $keyfile), 'Writing key works.'); my $key2 = Crypt::DSA::Key->new( Type => 'PEM', Filename => $keyfile ); ok($key2, 'Load key using Crypt::DSA::key'); is($key->p, $key2->p, '->p of both keys is identical'); is($key->q, $key2->q, '->q of both keys is identical'); is($key->g, $key2->g, '->g of both keys is identical'); is($key->pub_key, $key2->pub_key, '->pub_key of both keys is identical'); is($key->priv_key, $key2->priv_key, '->priv_key of both keys is identical'); ok($key->write( Type => 'PEM', Filename => $keyfile, Password => 'foo'), 'Writing keyfile with password works'); $key2 = Crypt::DSA::Key->new( Type => 'PEM', Filename => $keyfile, Password => 'foo' ); ok($key2, 'Reading keyfile with password works'); is($key->p, $key2->p, '->p of both keys is identical'); is($key->q, $key2->q, '->q of both keys is identical'); is($key->g, $key2->g, '->g of both keys is identical'); is($key->pub_key, $key2->pub_key, '->pub_key of both keys is identical'); is($key->priv_key, $key2->priv_key, '->priv_key of both keys is identical'); ## Now remove the private key portion of the key. write should automatically ## write a public key format instead, and new should be able to understand ## it. $key->priv_key(undef); ok($key->write( Type => 'PEM', Filename => $keyfile), 'Writing keyfile without private key works'); $key2 = Crypt::DSA::Key->new( Type => 'PEM', Filename => $keyfile ); ok($key2, 'Reading keyfile without private key works'); is($key->p, $key2->p, '->p of both keys is identical'); is($key->q, $key2->q, '->q of both keys is identical'); is($key->g, $key2->g, '->g of both keys is identical'); is($key->pub_key, $key2->pub_key, '->pub_key of both keys is identical'); ok(!$key->priv_key, 'No private key'); unlink $keyfile; Makefile.PL100644001750001750 345015201713606 13745 0ustar00timtim000000000000Crypt-DSA-1.20# This file was automatically generated by Dist::Zilla::Plugin::MakeMaker v6.038 use strict; use warnings; use 5.006; use ExtUtils::MakeMaker; my %WriteMakefileArgs = ( "ABSTRACT" => "DSA Signatures and Key Generation", "AUTHOR" => "Benjamin Trott ", "BUILD_REQUIRES" => { "Convert::PEM" => "0.13", "Data::Buffer" => "0.01", "ExtUtils::MakeMaker" => "6.42", "File::Which" => "0.05", "Math::BigInt" => "1.78" }, "CONFIGURE_REQUIRES" => { "ExtUtils::MakeMaker" => "6.42" }, "DISTNAME" => "Crypt-DSA", "LICENSE" => "perl", "MIN_PERL_VERSION" => "5.006", "NAME" => "Crypt::DSA", "PREREQ_PM" => { "Convert::ASN1" => 0, "Convert::PEM" => "0.13", "Crypt::SysRandom" => 0, "Crypt::URandom" => 0, "Data::Buffer" => "0.01", "Digest::SHA" => 0, "File::Spec" => 0, "File::Which" => "0.05", "IPC::Open3" => 0, "MIME::Base64" => 0, "Math::BigInt" => "1.78" }, "TEST_REQUIRES" => { "Crypt::DES_EDE3" => 0, "Test::More" => 0 }, "VERSION" => "1.20", "test" => { "TESTS" => "t/*.t" } ); my %FallbackPrereqs = ( "Convert::ASN1" => 0, "Convert::PEM" => "0.13", "Crypt::DES_EDE3" => 0, "Crypt::SysRandom" => 0, "Crypt::URandom" => 0, "Data::Buffer" => "0.01", "Digest::SHA" => 0, "ExtUtils::MakeMaker" => "6.42", "File::Spec" => 0, "File::Which" => "0.05", "IPC::Open3" => 0, "MIME::Base64" => 0, "Math::BigInt" => "1.78", "Test::More" => 0 ); unless ( eval { ExtUtils::MakeMaker->VERSION(6.63_03) } ) { delete $WriteMakefileArgs{TEST_REQUIRES}; delete $WriteMakefileArgs{BUILD_REQUIRES}; $WriteMakefileArgs{PREREQ_PM} = \%FallbackPrereqs; } delete $WriteMakefileArgs{CONFIGURE_REQUIRES} unless eval { ExtUtils::MakeMaker->VERSION(6.52) }; WriteMakefile(%WriteMakefileArgs); SECURITY.md100644001750001750 727215201713606 13572 0ustar00timtim000000000000Crypt-DSA-1.20# Security Policy for the Crypt-DSA distribution. Report security issues by email to Timothy Legge . This is the Security Policy for Crypt-DSA. This text is based on the CPAN Security Group's Guidelines for Adding a Security Policy to Perl Distributions (version 1.3.0) https://security.metacpan.org/docs/guides/security-policy-for-authors.html # How to Report a Security Vulnerability Security vulnerabilities can be reported to the current Crypt-DSA maintainers by email to Timothy Legge . Please include as many details as possible, including code samples or test cases, so that we can reproduce the issue. Check that your report does not expose any sensitive data, such as passwords, tokens, or personal information. If you would like any help with triaging the issue, or if the issue is being actively exploited, please copy the report to the CPAN Security Group (CPANSec) at . Please *do not* use the public issue reporting system on RT or GitHub issues for reporting security vulnerabilities. Please do not disclose the security vulnerability in public forums until past any proposed date for public disclosure, or it has been made public by the maintainers or CPANSec. That includes patches or pull requests. For more information, see [Report a Security Issue](https://security.metacpan.org/docs/report.html) on the CPANSec website. ## Response to Reports The maintainer(s) aim to acknowledge your security report as soon as possible. However, this project is maintained by a single person in their spare time, and they cannot guarantee a rapid response. If you have not received a response from them within 2 weeks, then please send a reminder to them and copy the report to CPANSec at . Please note that the initial response to your report will be an acknowledgement, with a possible query for more information. It will not necessarily include any fixes for the issue. The project maintainer(s) may forward this issue to the security contacts for other projects where we believe it is relevant. This may include embedded libraries, system libraries, prerequisite modules or downstream software that uses this software. They may also forward this issue to CPANSec. # Which Software This Policy Applies To Any security vulnerabilities in Crypt-DSA are covered by this policy. Security vulnerabilities in versions of any libraries that are included in Crypt-DSA are also covered by this policy. Security vulnerabilities are considered anything that allows users to execute unauthorised code, access unauthorised resources, or to have an adverse impact on accessibility or performance of a system. Security vulnerabilities in upstream software (prerequisite modules or system libraries, or in Perl), are not covered by this policy unless they affect Crypt-DSA, or Crypt-DSA can be used to exploit vulnerabilities in them. Security vulnerabilities in downstream software (any software that uses Crypt-DSA, or plugins to it that are not included with the Crypt-DSA distribution) are not covered by this policy. ## Supported Versions of Crypt-DSA The maintainer(s) will only commit to releasing security fixes for the latest version of Crypt-DSA. # Installation and Usage Issues The distribution metadata specifies minimum versions of prerequisites that are required for Crypt-DSA to work. However, some of these prerequisites may have security vulnerabilities, and you should ensure that you are using up-to-date versions of these prerequisites. Where security vulnerabilities are known, the metadata may indicate newer versions as recommended. ## Usage Please see the software documentation for further information. 01-util.t100644001750001750 311615201713606 13615 0ustar00timtim000000000000Crypt-DSA-1.20/t#!/usr/bin/perl use strict; use warnings; BEGIN { $| = 1; $^W = 1; } use Test::More tests => 13; use Math::BigInt; use Crypt::DSA::Util qw( bin2mp mp2bin bitsize mod_exp mod_inverse ); my $string = "abcdefghijklmnopqrstuvwxyz-0123456789"; my $number = Math::BigInt->new( '48431489725691895261376655659836964813311343' . '892465012587212197286379595482592365885470777' ); my $n = bin2mp($string); is( $n, $number, 'bin2mp is correct for long string' ); is( bitsize($number), 295, 'bitsize is correct for large number' ); is( bitsize($n), 295, 'bitsize is correct for large mp' ); is( mp2bin($n), $string, 'mp2bin is correct for large number' ); $string = "abcd"; $number = 1_633_837_924; $n = bin2mp($string); is( $n, $number, 'bin2mp is correct for short string' ); is( bitsize($number), 31, 'bitsize is correct for small number' ); is( bitsize($n), 31, 'bitsize is correct for small mp' ); is( mp2bin($n), $string, 'mp2bin is correct for small number' ); $string = ""; $number = 0; $n = bin2mp($string); is( $n, $number, 'bin2mp is correct for empty string' ); is( mp2bin($n), $string, 'mp2bin is correct for empty string' ); my ($n1, $n2, $n3, $n4) = map { Math::BigInt->new($_) } qw{ 23098230958 35 10980295809854 5115018827600 }; $number = mod_exp($n1, $n2, $n3); is( $number, $n4, 'mod_exp is correct' ); ($n1, $n2, $n3) = map { Math::BigInt->new($_) } qw{ 34093840983 23509283509 7281956166 }; $number = mod_inverse($n1, $n2); is( $number, $n3, 'mod_inverse is correct' ); is( 1, ($n1*$number)%$n2, 'mod_inverse reverses correctly' ); 02-sign.t100644001750001750 133315201713606 13600 0ustar00timtim000000000000Crypt-DSA-1.20/t#!/usr/bin/perl use strict; use warnings; BEGIN { $| = 1; $^W = 1; } use Test::More; use Crypt::DSA; BEGIN { if ( not $INC{'Math/BigInt/GMP.pm'} and not $INC{'Math/BigInt/Pari.pm'} ) { plan( skip_all => 'Test is excessively slow without GMP or Pari' ); } else { plan( tests => 4 ); } } my $message = "Je suis l'homme a tete de chou."; my $dsa = Crypt::DSA->new; my $key = $dsa->keygen( Size => 512 ); my $sig = $dsa->sign( Message => $message, Key => $key, ); my $verified = $dsa->verify( Key => $key, Message => $message, Signature => $sig, ); ok($dsa, 'Crypt::DSA->new ok'); ok($key, 'Generated key correctly'); ok($sig, 'generated signature correctly'); ok($verified, 'verified signature correctly'); 06-fips.t100644001750001750 453715201713606 13616 0ustar00timtim000000000000Crypt-DSA-1.20/t#!/usr/bin/perl use strict; use warnings; BEGIN { $| = 1; $^W = 1; } use Test::More; use Crypt::DSA; use Crypt::DSA::KeyChain; BEGIN { if ( not $INC{'Math/BigInt/GMP.pm'} and not $INC{'Math/BigInt/Pari.pm'} ) { plan( skip_all => 'Test is excessively slow without GMP or Pari' ); } else { plan( tests => 9 ); } } ## Test with data from fips 186 (appendix 5) doc (using SHA1 ## instead of SHA digests). my @seed_hex = "d5014e4b60ef2ba8b6211b4062ba3224e0427dd3" =~ /(..)/g; my $start_seed = join '', map chr hex, @seed_hex; my $expected_p = "7434410770759874867539421675728577177024889699586189000788950934679315164676852047058354758883833299702695428196962057871264685291775577130504050839126673"; my $expected_q = "1138656671590261728308283492178581223478058193247"; my $expected_g = "5154978420348751798752390524304908179080782918903280816528537868887210221705817467399501053627846983235883800157945206652168013881208773209963452245182466"; ## We'll need this later to sign and verify. my $dsa = Crypt::DSA->new; ok($dsa, 'Crypt::DSA->new worked'); ## Create a keychain to generate our keys. Generally you ## don't need to be this explicit (just call keygen), but if ## you want the extra state data (counter, h, seed) you need ## to use the actual methods themselves. my $keychain = Crypt::DSA::KeyChain->new; ok($keychain, 'Crypt::DSA::KeyChain->new worked'); diag('This takes a couple of minutes on slower machines.'); ## generate_params builds p, q, and g. my($key, $counter, $h, $seed) = $keychain->generate_params( Size => 512, Seed => $start_seed, ); is("@{[ $key->p ]}", $expected_p, '->p returns expected value'); is("@{[ $key->q ]}", $expected_q, '->q returns expected value'); is("@{[ $key->g ]}", $expected_g, '->g returns expected value'); ## Explanation: p should have been found when the counter was at ## 105; g should have been found when h was 2; and g should have ## been discovered directly from the start seed. is($counter, 105, 'Consistency check 1'); is($h, 2, 'Consistency check 2'); is($seed, $start_seed, 'Consistency check 3'); ## Generate random public and private keys. $keychain->generate_keys($key); my $str1 = "12345678901234567890"; ## Test key generation by signing and verifying a message. my $sig = $dsa->sign(Message => $str1, Key => $key); ok($dsa->verify(Message => $str1, Key => $key, Signature => $sig), 'Signing and verifying ok'); 03-keygen.t100644001750001750 172015201713606 14123 0ustar00timtim000000000000Crypt-DSA-1.20/t#!/usr/bin/perl use strict; use warnings; BEGIN { $| = 1; $^W = 1; } use Test::More; use Math::BigInt try => 'GMP, Pari'; BEGIN { if ( not $INC{'Math/BigInt/GMP.pm'} and not $INC{'Math/BigInt/Pari.pm'} ) { plan( skip_all => 'Test is excessively slow without GMP or Pari' ); } else { plan( tests => 18 ); } } use Crypt::DSA; use Crypt::DSA::Util qw( mod_exp ); my $dsa = Crypt::DSA->new; my $two = Math::BigInt->new(2); for my $bits (qw( 512 768 1024 )) { my $key = $dsa->keygen( Size => $bits ); ok($key, "Key generated of size $bits bits"); ok($key->size, "Key is $bits bits"); ok(($key->p < ($two ** $bits)) && ($key->p > ($two ** ($bits-1))), "p of appropriate size ($bits bits)"); ok(($key->q < ($two ** 160)) && ($key->q > ($two ** 159)), "q of appropriate size ($bits bits)"); ok(0 == ($key->p - 1) % $key->q, "Consistency check 1 ($bits bits)"); ok($key->pub_key == mod_exp($key->g, $key->priv_key, $key->p), "Consistency check 2 ($bits bits)"); } 07-openid.t100644001750001750 575015201713606 14132 0ustar00timtim000000000000Crypt-DSA-1.20/t#!/usr/bin/perl use strict; use warnings; BEGIN { $| = 1; $^W = 1; } use Test::More; BEGIN { eval { require Convert::PEM }; if ( $@ ) { Test::More->import( skip_all => 'no Convert::PEM' ); } Test::More->import( tests => 11 ); } use Crypt::DSA; use Crypt::DSA::Key; use Crypt::DSA::Signature; use MIME::Base64 qw( decode_base64 ); my $dsa = Crypt::DSA->new; ok($dsa, 'Created Crypt::DSA object'); my $key = Crypt::DSA::Key->new( Content => < 'PEM' ); -----BEGIN PUBLIC KEY----- MIIBtjCCASsGByqGSM44BAEwggEeAoGBANuhjw/GIilXNuvnf9q3ygn1XSzzRtql 3BpsWSRVwXA05G/d9pEBIH35ADEQ6F035f88OfuZYRlUZt6Zx5q4ReA4KXWdAIaA snDem9vNYJM+O2yK5sh6yYC6AnDn+zx0gUyr9npXun2nfQcrrXT4b2/Q1mAzawTX q51pCAaDVICVAhUA611/IduNCUoRyE4a4DZ5jUUfGlUCgYBtFIHm3xwTszWVyWzr YpE6I7PGkgO6bHTLyH4ngmFbhLt3zCj5Kzi9ifRb906CStAsCQAH6x5BKGybq6hD 8JqJk0kaQ8CpHaCjXcFLAjaNxH5pHftfYq3F8waUkeAwvtIQpEL4UKaLaMqbTm3N FxWoTcEZ2khdlgGbyNXTmDxN3gOBhAACgYAT/V4S6EYk8Sz25Lq1THXo20b0HH8B F8bvrfeWL26j6zL+Xzxw2T2s6Jo1vSbhflyZ6mou9tjSTN5xNBbKWCGm7jljLEE2 l9P4G6t5+IIgzf3TFrnApYPSb75HmSVChWiafDkfETB1Ubu2BBmGr9DWMicSvage nsxOWTm7SqJt1Q== -----END PUBLIC KEY----- KEY ok($key, 'Parsed key'); is($key->p, '154230195801502591027924305317288511172947704906732980042865725783273160667703109157997142143003577161221611277091751199342699401614518192723629436298411984396770358042848003616116218687384811676842914866452094185063282348433486774581474438998951431052798061340118427146346352987088223500940171802477059145877', 'key->p is correct'); is($key->q, '1343697875228530311433268893561874972460542007893', 'key->q is correct'); is($key->g, '76598656157914156355445502802171744250790923020496826978794359991033889852609480204530610320512647835268415654125612029198553017695138923633498269111081903879790210175626113174087754456086288166221445477869449670179905166479288765706711432697526089711402534333490590610585702443148717225877410516254148283870', 'key->g is correct'); is($key->pub_key, '14037256439480519253759632613632536532035918183115524804324868617973702093495192051592043879822732169784787073950081465739236860442657409768654772398273593073530490949064562392146096658305955159316750434379546653490951198708160960858856890405112535972154363576715166835110527233547140212180830244851727625685', 'key->pub_key is correct'); my $sig = Crypt::DSA::Signature->new( Content => decode_base64(<new( Content => <r, '504852774416256883458134530817977383056083625888', 'sig->r is correct'); is($sig->s, '1078535441370160482370055129882190902543836365673', 'sig->s is correct'); my $msg = '2005-05-25T22:04:50Z::assert_identity::http://bradfitz.com/fake-identity/::http://www.danga.com/openid/demo/helper.bml'; ok($dsa->verify( Message => $msg, Key => $key, Signature => $sig ), 'Signature is verified'); 00-compile.t100644001750001750 26115201713606 14245 0ustar00timtim000000000000Crypt-DSA-1.20/t#!/usr/bin/perl use strict; use warnings; BEGIN { $| = 1; $^W = 1; } use Test::More tests => 1; use_ok( 'Crypt::DSA' ); diag( "Testing Crypt::DSA $Crypt::DSA::VERSION" ); Crypt000755001750001750 015201713606 13500 5ustar00timtim000000000000Crypt-DSA-1.20/libDSA.pm100644001750001750 1631015201713606 14626 0ustar00timtim000000000000Crypt-DSA-1.20/lib/Cryptpackage Crypt::DSA; use 5.006; use strict; use warnings; use Digest::SHA qw( sha1 ); use Carp qw( croak ); use Crypt::DSA::KeyChain; use Crypt::DSA::Key; use Crypt::DSA::Signature; use Crypt::DSA::Util qw( bitsize bin2mp mod_inverse mod_exp makerandom ); our $VERSION = '1.20'; #VERSION use vars qw( $VERSION ); sub new { my $class = shift; my $dsa = bless { @_ }, $class; $dsa->{_keychain} = Crypt::DSA::KeyChain->new(@_); $dsa; } sub keygen { my $dsa = shift; my $key = $dsa->{_keychain}->generate_params(@_); $dsa->{_keychain}->generate_keys($key); $key; } sub sign { my $dsa = shift; my %param = @_; my($key, $dgst); croak __PACKAGE__, "->sign: Need a Key" unless $key = $param{Key}; unless ($dgst = $param{Digest}) { croak __PACKAGE__, "->sign: Need either Message or Digest" unless $param{Message}; $dgst = sha1($param{Message}); } my $dlen = length $dgst; my $i = bitsize($key->q) / 8; croak "Data too large for key size" if $dlen > $i || $dlen > 50; $dsa->_sign_setup($key) unless $key->kinv && $key->r; my $m = bin2mp($dgst); my $xr = ($key->priv_key * $key->r) % $key->q; my $s = $xr + $m; $s -= $key->q if $s > $key->q; $s = ($s * $key->kinv) % $key->q; my $sig = Crypt::DSA::Signature->new; $sig->r($key->r); $sig->s($s); $sig; } sub _sign_setup { my $dsa = shift; my $key = shift; my($k, $r); { $k = makerandom(Size => bitsize($key->q)); $k -= $key->q if $k >= $key->q; redo if $k == 0; } $r = mod_exp($key->g, $k, $key->p); $r %= $key->q; my $kinv = mod_inverse($k, $key->q); $key->r($r); $key->kinv($kinv); } sub verify { my $dsa = shift; my %param = @_; my($key, $dgst, $sig); croak __PACKAGE__, "->verify: Need a Key" unless $key = $param{Key}; unless ($dgst = $param{Digest}) { croak __PACKAGE__, "->verify: Need either Message or Digest" unless $param{Message}; $dgst = sha1($param{Message}); } croak __PACKAGE__, "->verify: Need a Signature" unless $sig = $param{Signature}; my $u2 = mod_inverse($sig->s, $key->q); my $u1 = bin2mp($dgst); $u1 = ($u1 * $u2) % $key->q; $u2 = ($sig->r * $u2) % $key->q; my $t1 = mod_exp($key->g, $u1, $key->p); my $t2 = mod_exp($key->pub_key, $u2, $key->p); $u1 = ($t1 * $t2) % $key->p; $u1 %= $key->q; $u1 == $sig->r; } 1; __END__ =pod =head1 NAME Crypt::DSA - DSA Signatures and Key Generation =head1 SYNOPSIS use Crypt::DSA; my $dsa = Crypt::DSA->new; my $key = $dsa->keygen( Size => 512, Seed => $seed, Verbosity => 1 ); my $sig = $dsa->sign( Message => "foo bar", Key => $key ); my $verified = $dsa->verify( Message => "foo bar", Signature => $sig, Key => $key, ); =head1 DESCRIPTION I is an implementation of the DSA (Digital Signature Algorithm) signature verification system. The implementation itself is pure Perl, although the heavy-duty mathematics underneath are provided by the I library. This package provides DSA signing, signature verification, and key generation. =head1 SECURITY DSA (Digital Signature Algorithm) signatures are no longer considered to be adequate for security. This module should only be used for verifying old signatures and should not be used for new signatures. That being said, some technologies still require DSA signatures even in 2024. Consider using other solutions or explicitly not using DSA signatures. =head1 USAGE The I public interface is similar to that of I. This was done intentionally. =head2 Crypt::DSA->new Constructs a new I object. At the moment this isn't particularly useful in itself, other than being the object you need to do much else in the system. Returns the new object. =head2 $key = $dsa->keygen(%arg) Generates a new set of DSA keys, including both the public and private portions of the key. I<%arg> can contain: =over 4 =item * Size The size in bits of the I

value to generate. The I and I values are always 160 bits each. This argument is mandatory. =item * Seed A seed with which I generation will begin. If this seed does not lead to a suitable prime, it will be discarded, and a new random seed chosen in its place, until a suitable prime can be found. This is entirely optional, and if not provided a random seed will be generated automatically. =item * Verbosity Should be either 0 or 1. A value of 1 will give you a progress meter during I

and I generation--this can be useful, since the process can be relatively long. The default is 0. =back =head2 $signature = $dsa->sign(%arg) Signs a message (or the digest of a message) using the private portion of the DSA key and returns the signature. The return value--the signature--is a I object. I<%arg> can include: =over 4 =item * Digest A digest to be signed. The digest should be 20 bytes in length or less. You must provide either this argument or I (see below). =item * Key The I object with which the signature will be generated. Should contain a private key attribute (I). This argument is required. =item * Message A plaintext message to be signed. If you provide this argument, I will first produce a SHA1 digest of the plaintext, then use that as the digest to sign. Thus writing my $sign = $dsa->sign(Message => $message, ... ); is a shorter way of writing use Digest::SHA qw( sha1 ); my $sig = $dsa->sign(Digest => sha1( $message ), ... ); =back =head2 $verified = $dsa->verify(%arg) Verifies a signature generated with I. Returns a true value on success and false on failure. I<%arg> can contain: =over 4 =item * Key Key of the signer of the message; a I object. The public portion of the key is used to verify the signature. This argument is required. =item * Signature The signature itself. Should be in the same format as returned from I, a I object. This argument is required. =item * Digest The original signed digest whose length is less than or equal to 20 bytes. Either this argument or I (see below) must be present. =item * Message As above in I, the plaintext message that was signed, a string of arbitrary length. A SHA1 digest of this message will be created and used in the verification process. =back =head1 TODO Add ability to munge format of keys. For example, read/write keys from/to key files (SSH key files, etc.), and also write them in other formats. =head1 SUPPORT Bugs should be reported via the CPAN bug tracker at L For other issues, contact the author. =head1 AUTHOR Benjamin Trott Eben@sixapart.comE =head1 COPYRIGHT Except where otherwise noted, Crypt::DSA is Copyright 2006 - 2011 Benjamin Trott. Crypt::DSA is free software; you may redistribute it and/or modify it under the same terms as Perl itself. =cut DSA000755001750001750 015201713606 14107 5ustar00timtim000000000000Crypt-DSA-1.20/lib/CryptKey.pm100644001750001750 1377615201713606 15373 0ustar00timtim000000000000Crypt-DSA-1.20/lib/Crypt/DSApackage Crypt::DSA::Key; use strict; use warnings; use Math::BigInt 1.78 try => 'GMP, Pari'; use Carp qw( croak ); use Crypt::DSA::Util qw( bitsize ); our $VERSION = '1.20'; #VERSION use vars qw{$VERSION}; sub new { my $class = shift; my %param = @_; my $key = bless { }, $class; if ($param{Filename} || $param{Content}) { if ($param{Filename} && $param{Content}) { croak "Filename and Content are mutually exclusive."; } return $key->read(%param); } $key; } sub size { bitsize($_[0]->p) } BEGIN { no strict 'refs'; for my $meth (qw( p q g pub_key priv_key r kinv )) { *$meth = sub { my($key, $value) = @_; if (ref $value eq 'Math::Pari') { $key->{$meth} = Math::Pari::pari2pv($value); } elsif (ref $value) { $key->{$meth} = "$value"; } elsif ($value) { if ($value =~ /^0x/) { $key->{$meth} = Math::BigInt->new($value)->bstr; } else { $key->{$meth} = $value; } } elsif (@_ > 1 && !defined $value) { delete $key->{$meth}; } my $ret = $key->{$meth} || ""; $ret = Math::BigInt->new("$ret") if $ret =~ /^\d+$/; $ret; }; } } sub read { my $key = shift; my %param = @_; my $type = $param{Type} or croak "read: Need a key file 'Type'"; my $class = join '::', __PACKAGE__, $type; eval "use $class;"; croak "Invalid key file type '$type': $@" if $@; bless $key, $class; local *FH; if (my $fname = delete $param{Filename}) { open FH, '<', $fname or return; my $blob = do { local $/; }; close FH; $param{Content} = $blob; } $key->deserialize(%param); } sub write { my $key = shift; my %param = @_; my $type; unless ($type = $param{Type}) { my $pkg = __PACKAGE__; ($type) = ref($key) =~ /^${pkg}::(\w+)$/; } croak "write: Need a key file 'Type'" unless $type; my $class = join '::', __PACKAGE__, $type; eval "use $class;"; croak "Invalid key file type '$type': $@" if $@; bless $key, $class; my $blob = $key->serialize(%param); if (my $fname = delete $param{Filename}) { local *FH; open FH, '>', $fname or croak "Can't open $fname: $!"; print FH $blob; close FH; } $blob; } 1; __END__ =head1 NAME Crypt::DSA::Key - DSA key =head1 SYNOPSIS use Crypt::DSA::Key; my $key = Crypt::DSA::Key->new; $key->p($p); =head1 DESCRIPTION I contains a DSA key, both the public and private portions. Subclasses of I implement I and I methods, such that you can store DSA keys on disk, and read them back into your application. =head1 USAGE Any of the key attributes can be accessed through combination get/set methods. The key attributes are: I

, I, I, I, and I. For example: $key->p($p); my $p2 = $key->p; =head2 $key = Crypt::DSA::Key->new(%arg) Creates a new (empty) key object. All of the attributes are initialized to 0. Alternately, if you provide the I parameter (see below), the key will be read in from disk. If you provide the I parameter (mandatory if I is provided), be aware that your key will actually be blessed into a subclass of I. Specifically, it will be the class implementing the specific read functionality for that type, eg. I. Returns the key on success, C otherwise. (See I for one reason why I might return C). I<%arg> can contain: =over 4 =item * Type The type of file where the key is stored. Currently the only option is I, which indicates a PEM file (optionally encrypted, ASN.1-encoded object). Support for reading/writing PEM files comes from I; if you don't have this module installed, the I method will die. This argument is mandatory, I you're either reading the file from disk (ie. you provide a I argument) or you've specified the I argument. =item * Filename The location of the file from which you'd like to read the key. Requires a I argument so the decoder knows what type of file it is. You can't specify I and I at the same time. =item * Content The serialized version of the key. Requires a I argument so the decoder knows how to decode it. You can't specify I and I at the same time. =item * Password If your key file is encrypted, you'll need to supply a passphrase to decrypt it. You can do that here. If your passphrase is incorrect, I will return C. =back =head2 $key->write(%arg) Writes a key (optionally) to disk, using a format that you define with the I parameter. If your I<$key> object has a defined I (private key portion), the key will be written as a DSA private key object; otherwise, it will be written out as a public key. Note that not all serialization mechanisms can produce public keys in this version--currently, only PEM public keys are supported. I<%arg> can include: =over 4 =item * Type The type of file format that you wish to write. I is one example (in fact, currently, it's the only example). This argument is mandatory, I your I<$key> object is already blessed into a subclass (eg. I), and you wish to write the file using the same subclass. =item * Filename The location of the file on disk where you want the key file to be written. =item * Password If you want the key file to be encrypted, provide this argument, and the ASN.1-encoded string will be encrypted using the passphrase as a key. =back =head2 $key->size Returns the size of the key, in bits. This is actually the number of bits in the large prime I

. =head1 AUTHOR & COPYRIGHTS Please see the Crypt::DSA manpage for author, copyright, and license information. =cut Util.pm100644001750001750 1030015201713606 15534 0ustar00timtim000000000000Crypt-DSA-1.20/lib/Crypt/DSApackage Crypt::DSA::Util; use strict; use warnings; use Math::BigInt 1.78 try => 'GMP, Pari'; use Crypt::URandom qw (urandom); use Fcntl; use Carp qw( croak ); our $VERSION = '1.20'; #VERSION use vars qw( $VERSION @ISA @EXPORT_OK ); use Exporter; BEGIN { @ISA = qw( Exporter ); @EXPORT_OK = qw( bitsize bin2mp mp2bin mod_inverse mod_exp makerandom isprime ); } ## Nicked from Crypt::RSA::DataFormat. ## Copyright (c) 2001, Vipul Ved Prakash. sub bitsize { length(Math::BigInt->new($_[0])->as_bin) - 2; } sub bin2mp { my $s = shift; $s eq '' ? Math::BigInt->new(0) : Math::BigInt->new("0b" . unpack("B*", $s)); } sub mp2bin { my $p = Math::BigInt->new(shift); my $base = Math::BigInt->new(256); my $res = ''; while ($p != 0) { my $r = $p % $base; $p = ($p-$r) / $base; $res = chr($r) . $res; } $res; } sub mod_exp { my($a, $exp, $n) = @_; $a->copy->bmodpow($exp, $n); } sub mod_inverse { my($a, $n) = @_; $a->copy->bmodinv($n); } sub makerandom { my %param = @_; my $size = $param{Size}; my $bytes = int($size / 8) + 1; my $r = urandom($bytes); my $down = $size - 1; $r = unpack 'H*', pack 'B*', '0' x ( $size % 8 ? 8 - $size % 8 : 0 ) . '1' . unpack "b$down", $r; Math::BigInt->new('0x' . $r); } # For testing, let us choose our isprime function: *isprime = \&isprime_algorithms_with_perl; # from the book "Mastering Algorithms with Perl" by Jon Orwant, # Jarkko Hietaniemi, and John Macdonald sub isprime_algorithms_with_perl { use integer; my $n = shift; my $n1 = $n - 1; my $one = $n - $n1; # not just 1, but a bigint my $witness = $one * 100; # find the power of two for the top bit of $n1 my $p2 = $one; my $p2index = -1; ++$p2index, $p2 *= 2 while $p2 <= $n1; $p2 /= 2; # number of iterations: 5 for 260-bit numbers, go up to 25 for smaller my $last_witness = 5; $last_witness += (260 - $p2index) / 13 if $p2index < 260; for my $witness_count (1..$last_witness) { $witness *= 1024; $witness += int(rand(1024)); # XXXX use good rand $witness = $witness % $n if $witness > $n; $witness = $one * 100, redo if $witness == 0; my $prod = $one; my $n1bits = $n1; my $p2next = $p2; # compute $witness ** ($n - 1) while (1) { my $rootone = $prod == 1 || $prod == $n1; $prod = ($prod * $prod) % $n; return 0 if $prod == 1 && ! $rootone; if ($n1bits >= $p2next) { $prod = ($prod * $witness) % $n; $n1bits -= $p2next; } last if $p2next == 1; $p2next /= 2; } return 0 unless $prod == 1; } return 1; } sub isprime_gp_pari { my $n = shift; my $sn = "$n"; die if $sn =~ /\D/; my $is_prime = `echo "isprime($sn)" | gp -f -q`; die "No gp installed?" if $?; chomp $is_prime; return $is_prime; } sub isprime_paranoid { my $n = shift; my $perl = isprime_algorithms_with_perl($n); my $pari = isprime_gp_pari($n); die "Perl vs. PARI don't match on '$n'\n" unless $perl == $pari; return $perl; } 1; __END__ =head1 NAME Crypt::DSA::Util - DSA Utility functions =head1 SYNOPSIS use Crypt::DSA::Util qw( func1 func2 ... ); =head1 DESCRIPTION I contains a set of exportable utility functions used through the I set of libraries. =head2 bitsize($n) Returns the number of bits in the I integer object I<$n>. =head2 bin2mp($string) Given a string I<$string> of any length, treats the string as a base-256 representation of an integer, and returns that integer, a I object. =head2 mp2bin($int) Given a biginteger I<$int> (a I object), linearizes the integer into an octet string, and returns the octet string. =head2 mod_exp($a, $exp, $n) Computes $a ^ $exp mod $n and returns the value. The calculations are done using I, and the return value is a I object. =head2 mod_inverse($a, $n) Computes the multiplicative inverse of $a mod $n and returns the value. The calculations are done using I, and the return value is a I object. =head1 AUTHOR & COPYRIGHTS Please see the Crypt::DSA manpage for author, copyright, and license information. =cut Key000755001750001750 015201713606 14637 5ustar00timtim000000000000Crypt-DSA-1.20/lib/Crypt/DSAPEM.pm100644001750001750 1100115201713606 15767 0ustar00timtim000000000000Crypt-DSA-1.20/lib/Crypt/DSA/Keypackage Crypt::DSA::Key::PEM; use strict; use warnings; use Carp qw( croak ); use Convert::PEM; use Crypt::DSA::Key; our $VERSION = '1.20'; #VERSION use vars qw{$VERSION @ISA}; BEGIN { @ISA = 'Crypt::DSA::Key'; } sub deserialize { my $key = shift; my %param = @_; $param{Content} =~ /DSA PRIVATE KEY/ ? $key->_deserialize_privkey(%param) : $key->_deserialize_pubkey(%param); } sub _deserialize_privkey { my $key = shift; my %param = @_; my $pem = $key->_pem; my $pkey = $pem->decode( Content => $param{Content}, Password => $param{Password}, Macro => 'DSAPrivateKey' ); return unless $pkey; for my $m (qw( p q g pub_key priv_key )) { $key->$m( $pkey->{$m} ); } $key; } sub _deserialize_pubkey { my $key = shift; my %param = @_; my $pem = $key->_pem; my $pkey = $pem->decode( Content => $param{Content}, Password => $param{Password}, Macro => 'DSAPublicKey', Name => 'PUBLIC KEY' ); return unless $pkey; my $asn = $pem->asn->find('DSAPubKeyInner'); my $num = $asn->decode($pkey->{pub_key}[0]) or croak $asn->{error}; for my $m (qw( p q g )) { $key->$m( $pkey->{inner}{DSAParams}{$m} ); } $key->pub_key($num); $key; } sub serialize { my $key = shift; ## If this is a private key (has the private key portion), serialize ## it as a private key; otherwise use a public key ASN.1 object. $key->priv_key ? $key->_serialize_privkey(@_) : $key->_serialize_pubkey(@_); } sub _serialize_privkey { my $key = shift; my %param = @_; my $pkey = { version => 0 }; for my $m (qw( p q g pub_key priv_key )) { $pkey->{$m} = $key->$m(); } my $pem = $key->_pem; my $buf = $pem->encode( Content => $pkey, Password => $param{Password}, Name => 'DSA PRIVATE KEY', Macro => 'DSAPrivateKey', ) or croak $pem->errstr; $buf; } sub _serialize_pubkey { my $key = shift; my %param = @_; my $pem = $key->_pem; my $asn = $pem->asn->find('DSAPubKeyInner'); ## Force stringification. my $str = $asn->encode($key->pub_key . '') or croak $asn->{error}; my $pkey = { inner => { objId => '1.2.840.10040.4.1', DSAParams => { p => $key->p, q => $key->q, g => $key->g }, }, pub_key => $str }; my $buf = $pem->encode( Content => $pkey, Password => $param{Password}, Name => 'PUBLIC KEY', Macro => 'DSAPublicKey', ) or return $key->error($pem->errstr); $buf; } sub _pem { my $key = shift; unless (defined $key->{__pem}) { my $pem = Convert::PEM->new( Name => "DSA PRIVATE KEY", ASN => qq( DSAPrivateKey ::= SEQUENCE { version INTEGER, p INTEGER, q INTEGER, g INTEGER, pub_key INTEGER, priv_key INTEGER } DSAPublicKey ::= SEQUENCE { inner SEQUENCE { objId OBJECT IDENTIFIER, DSAParams SEQUENCE { p INTEGER, q INTEGER, g INTEGER } } pub_key BIT STRING } DSAPubKeyInner ::= INTEGER )); $key->{__pem} = $pem; } $key->{__pem}; } 1; __END__ =head1 NAME Crypt::DSA::Key::PEM - Read/write DSA PEM files =head1 SYNOPSIS use Crypt::DSA::Key; my $key = Crypt::DSA::Key->new( Type => 'PEM', ...); $key->write( Type => 'PEM', ...); =head1 DESCRIPTION I provides an interface to reading and writing DSA PEM files, using I. The files are ASN.1-encoded and optionally encrypted. You shouldn't use this module directly. As the SYNOPSIS above suggests, this module should be considered a plugin for I, and all access to PEM files (reading DSA keys from disk, etc.) should be done through that module. Read the I documentation for more details. =head1 AUTHOR & COPYRIGHTS Please see the Crypt::DSA manpage for author, copyright, and license information. =cut SSH2.pm100644001750001750 532015201713606 16054 0ustar00timtim000000000000Crypt-DSA-1.20/lib/Crypt/DSA/Keypackage Crypt::DSA::Key::SSH2; use strict; use warnings; use MIME::Base64 qw( decode_base64 ); use Crypt::DSA::Key; our $VERSION = '1.20'; #VERSION use vars qw{$VERSION @ISA}; BEGIN { @ISA = 'Crypt::DSA::Key'; } use constant PRIVKEY_MAGIC => 0x3f6ff9eb; sub deserialize { my $key = shift; my %param = @_; chomp($param{Content}); my($head, $object, $content, $tail) = $param{Content} =~ m:(---- BEGIN ([^\n\-]+) ----)\n(.+)(---- END .*? ----)$:s; my @lines = split /\n/, $content; my $escaped = 0; my @real; for my $l (@lines) { if (substr($l, -1) eq '\\') { $escaped++; next; } next if index($l, ':') != -1; if ($escaped) { $escaped--; next; } push @real, $l; } $content = join "\n", @real; $content = decode_base64($content); my $b = BufferWithInt->new; $b->append($content); my $magic = $b->get_int32; return unless $magic == PRIVKEY_MAGIC; my($ignore); $ignore = $b->get_int32; my $type = $b->get_str; my $cipher = $b->get_str; $ignore = $b->get_int32 for 1..3; return unless $cipher eq 'none'; $key->p( $b->get_mp_ssh2 ); $key->g( $b->get_mp_ssh2 ); $key->q( $b->get_mp_ssh2 ); $key->pub_key( $b->get_mp_ssh2 ); $key->priv_key( $b->get_mp_ssh2 ); #return unless $b->length == $b->offset; $key; } sub serialize { my $key = shift; my %param = @_; die "serialize is unimplemented"; } package BufferWithInt; use strict; use Data::Buffer; use Crypt::DSA::Util qw( bin2mp ); use base qw( Data::Buffer ); sub get_mp_ssh2 { my $buf = shift; my $bits = $buf->get_int32; my $off = $buf->{offset}; my $bytes = int(($bits+7) / 8); my $int = bin2mp( $buf->bytes($off, $bytes) ); $buf->{offset} += $bytes; $int; } 1; __END__ =head1 NAME Crypt::DSA::Key::SSH2 - Read/write DSA SSH2 files =head1 SYNOPSIS use Crypt::DSA::Key; my $key = Crypt::DSA::Key->new( Type => 'SSH2', ...); $key->write( Type => 'SSH2', ...); =head1 DESCRIPTION I provides an interface to reading and writing DSA SSH2 files, using I, which provides functionality for SSH-compatible binary in/out buffers. Currently encrypted key files are not supported. You shouldn't use this module directly. As the SYNOPSIS above suggests, this module should be considered a plugin for I, and all access to SSH2 files (reading DSA keys from disk, etc.) should be done through that module. Read the I documentation for more details. =head1 AUTHOR & COPYRIGHTS Please see the Crypt::DSA manpage for author, copyright, and license information. =cut KeyChain.pm100644001750001750 1653015201713606 16325 0ustar00timtim000000000000Crypt-DSA-1.20/lib/Crypt/DSApackage Crypt::DSA::KeyChain; use strict; use warnings; use Math::BigInt 1.78 try => 'GMP, Pari'; use Digest::SHA qw( sha1 ); use Carp qw( croak ); use IPC::Open3; use File::Spec; use File::Which (); use Symbol qw( gensym ); use Crypt::SysRandom qw( random_bytes ); our $VERSION = '1.20'; #VERSION use vars qw{$VERSION}; use Crypt::DSA::Key; use Crypt::DSA::Util qw( bin2mp bitsize mod_exp makerandom isprime ); sub new { my $class = shift; bless { @_ }, $class; } sub generate_params { my $keygen = shift; my %param = @_; my $bits = Math::BigInt->new($param{Size}); croak "Number of bits (Size) is too small" unless $bits; delete $param{Seed} if $param{Seed} && length $param{Seed} != 20; my $v = $param{Verbosity}; # try to use fast implementations found on the system, if available. unless ($param{Seed} || wantarray || $param{PurePerl}) { # OpenSSL support my $bin = $^O eq 'MSWin32' ? 'openssl.exe' : 'openssl'; my $openssl = File::Which::which($bin); if ( $openssl ) { print STDERR "Using openssl\n" if $v; my $bits_n = int($bits); open( NULL, ">", File::Spec->devnull ) or die "Unable to open devnull: $!"; my $pid = open3(gensym, \*OPENSSL, ">&NULL", $openssl, 'dsaparam', '-text', '-noout', $bits_n); my @res; while( ) { push @res, $_; } close OPENSSL; close NULL; waitpid( $pid, 0 ); die "openssl dsaparam failed: " . ($? >> 8) if $?; my %parts; my $cur_part; foreach (@res) { if (/^\s+(\w):\s*$/) { $cur_part = lc($1); next; } if (/^\s*((?:[0-9a-f]{2,2}:?)+)\s*$/) { $parts{$cur_part} .= $1 if defined $cur_part; } } $parts{$_} =~ s/://g for keys %parts; if (scalar keys %parts == 3) { my $key = Crypt::DSA::Key->new; $key->p(Math::BigInt->new("0x" . $parts{p})); $key->q(Math::BigInt->new("0x" . $parts{q})); $key->g(Math::BigInt->new("0x" . $parts{g})); return $key; } } } # Pure Perl version: my($counter, $q, $p, $seed, $seedp1) = (0); ## Generate q. SCOPE: { print STDERR "." if $v; $seed = $param{Seed} ? delete $param{Seed} : Crypt::SysRandom::random_bytes(20); $seedp1 = _seed_plus_one($seed); my $md = sha1($seed) ^ sha1($seedp1); vec($md, 0, 8) |= 0x80; vec($md, 19, 8) |= 0x01; $q = bin2mp($md); redo unless isprime($q); } print STDERR "*\n" if $v; my $n = int(("$bits"-1) / 160); my $b = ($bits-1)-Math::BigInt->new($n)*160; my $p_test = Math::BigInt->new(1); $p_test <<= ($bits-1); ## Generate p. SCOPE: { print STDERR "." if $v; my $W = Math::BigInt->new(0); for my $k (0..$n) { $seedp1 = _seed_plus_one($seedp1); my $r0 = bin2mp(sha1($seedp1)); $r0 %= Math::BigInt->new(2) ** $b if $k == $n; $W += $r0 << (Math::BigInt->new(160) * $k); } my $X = $W + $p_test; $p = $X - ($X % (2 * $q) - 1); last if $p >= $p_test && isprime($p); redo unless ++$counter >= 4096; } print STDERR "*" if $v; my $e = ($p - 1) / $q; my $h = Math::BigInt->new(2); my $g; SCOPE: { $g = mod_exp($h, $e, $p); $h++, redo if $g == 1; } print STDERR "\n" if $v; my $key = Crypt::DSA::Key->new; $key->p($p); $key->q($q); $key->g($g); return wantarray ? ($key, $counter, "$h", $seed) : $key; } sub generate_keys { my $keygen = shift; my $key = shift; my($priv_key, $pub_key); SCOPE: { my $i = bitsize($key->q); $priv_key = makerandom(Size => $i); $priv_key -= $key->q if $priv_key >= $key->q; redo if $priv_key == 0; } $pub_key = mod_exp($key->g, $priv_key, $key->p); $key->priv_key($priv_key); $key->pub_key($pub_key); } sub _seed_plus_one { my($s, $i) = ($_[0]); for ($i=19; $i>=0; $i--) { vec($s, $i, 8)++; last unless vec($s, $i, 8) == 0; } $s; } 1; =pod =head1 NAME Crypt::DSA::KeyChain - DSA key generation system =head1 SYNOPSIS use Crypt::DSA::KeyChain; my $keychain = Crypt::DSA::KeyChain->new; my $key = $keychain->generate_params( Size => 512, Seed => $seed, Verbosity => 1, ); $keychain->generate_keys($key); =head1 DESCRIPTION I is a lower-level interface to key generation than the interface in I (the I method). It allows you to separately generate the I

, I, and I key parameters, given an optional starting seed, and a mandatory bit size for I

(I and I are 160 bits each). You can then call I to generate the public and private portions of the key. =head1 USAGE =head2 $keychain = Crypt::DSA::KeyChain->new Constructs a new I object. At the moment this isn't particularly useful in itself, other than being the object you need in order to call the other methods. Returns the new object. =head2 $key = $keychain->generate_params(%arg) Generates a set of DSA parameters: the I

, I, and I values of the key. This involves finding primes, and as such it can be a relatively long process. When invoked in scalar context, returns a new I object. In list context, returns the new I object, along with: the value of the internal counter when a suitable prime I

was found; the value of I when I was derived; and the value of the seed (a 20-byte string) when I was found. These values aren't particularly useful in normal circumstances, but they could be useful. I<%arg> can contain: =over 4 =item * Size The size in bits of the I

value to generate. The I and I values are always 160 bits each. This argument is mandatory. =item * Seed A seed with which I generation will begin. If this seed does not lead to a suitable prime, it will be discarded, and a new random seed chosen in its place, until a suitable prime can be found. This is entirely optional, and if not provided a random seed will be generated automatically. B: This module now uses Crypt::SysRandom to generate a seed. If you are not using one of the sources of randomness recommended at L you B provide your own Seed value. In particular, Perl's B function must not be used for any session, token, hash, authentication, cryptographic value. Basically do not use rand unless you absolutely know how it will be used. =item * Verbosity Should be either 0 or 1. A value of 1 will give you a progress meter during I

and I generation--this can be useful, since the process can be relatively long. The default is 0. =back =head2 $keychain->generate_keys($key) Generates the public and private portions of the key I<$key>, a I object. =head1 AUTHOR & COPYRIGHT Please see the L manpage for author, copyright, and license information. =cut Signature.pm100644001750001750 611415201713606 16550 0ustar00timtim000000000000Crypt-DSA-1.20/lib/Crypt/DSApackage Crypt::DSA::Signature; use strict; use warnings; use Carp qw( croak ); our $VERSION = '1.20'; #VERSION # use vars qw{$VERSION}; sub new { my $class = shift; my %param = @_; my $sig = bless { }, $class; if ($param{Content}) { return $sig->deserialize(%param); } $sig; } BEGIN { no strict 'refs'; for my $meth (qw( r s )) { *$meth = sub { my($key, $value) = @_; if (ref $value eq 'Math::Pari') { $key->{$meth} = Math::Pari::pari2pv($value); } elsif (ref $value) { $key->{$meth} = "$value"; } elsif ($value) { if ($value =~ /^0x/) { $key->{$meth} = Math::BigInt->new($value)->bstr; } else { $key->{$meth} = $value; } } my $ret = $key->{$meth} || ""; $ret = Math::BigInt->new("$ret") if $ret =~ /^\d+$/; $ret; }; } } sub asn { require Convert::ASN1; my $asn = Convert::ASN1->new; $asn->prepare('SEQUENCE { r INTEGER, s INTEGER }') or croak $asn->{error}; $asn; } sub deserialize { my $sig = shift; my %param = @_; my $asn = __PACKAGE__->asn; my $ref; require MIME::Base64; ## Turn off warnings, because we're attempting to base64-decode content ## that may not be base64-encoded. local $^W = 0; for ($param{Content}, MIME::Base64::decode_base64($param{Content})) { my $out = $asn->decode($_); $ref = $out, last if $out; } croak "Invalid Content" unless $ref; $sig->s($ref->{s}); $sig->r($ref->{r}); $sig; } sub serialize { my $sig = shift; my %param = @_; my $asn = __PACKAGE__->asn; my $buf = $asn->encode({ s => $sig->s, r => $sig->r }) or croak $asn->{error}; $buf; } 1; __END__ =head1 NAME Crypt::DSA::Signature - DSA signature object =head1 SYNOPSIS use Crypt::DSA::Signature; my $sig = Crypt::DSA::Signature->new; $sig->r($r); $sig->s($s); =head1 DESCRIPTION I represents a DSA signature. It has 2 methods, I and I, which are the big number representations of the 2 pieces of the DSA signature. =head1 USAGE =head2 Crypt::DSA::Signature->new( %options ) Creates a new signature object, and optionally initializes it with the information in I<%options>, which can contain: =over 4 =item * Content An ASN.1-encoded string representing the DSA signature. In ASN.1 notation, this looks like: SEQUENCE { r INTEGER, s INTEGER } If I is provided, I will automatically call the I method to parse the content, and set the I and I methods on the resulting I object. =back =head2 $sig->serialize Serializes the signature object I<$sig> into the format described above: an ASN.1-encoded representation of the signature, using the ASN.1 syntax above. =head1 AUTHOR & COPYRIGHTS Please see the Crypt::DSA manpage for author, copyright, and license information. =cut