Crypt-ECDH_ES
1 match

 view release on metacpan or  search on metacpan

lib/Crypt/ECDH_ES.pm  view on Meta::CPAN 


sub ecdhes_encrypt {
	my ($public_key, $data) = @_;

	my $private = curve25519_secret_key(random_bytes(32));
	my $public  = curve25519_public_key($private);
	my $shared  = curve25519_shared_secret($private, $public_key);

	my ($encrypt_key, $sign_key) = unpack 'a16 a16', sha256($shared);
	my $iv     = substr sha256($public), 0, 16;
	my $cipher = Crypt::Rijndael->new($encrypt_key, Crypt::Rijndael::MODE_CBC);

	my $pad_length = 16 - length($data) % 16;
	my $padding = chr($pad_length) x $pad_length;

	my $ciphertext = $cipher->encrypt($data . $padding, $iv);
	my $mac = hmac_sha256($iv . $ciphertext, $sign_key);
	return pack $format_unauthenticated, '', $public, $mac, $ciphertext;
}

sub ecdhes_decrypt {
	my ($private_key, $packed_data) = @_;

	my ($options, $public, $mac, $ciphertext) = unpack $format_unauthenticated, $packed_data;
	croak 'Unknown options' if $options ne '';

	my $shared = curve25519_shared_secret($private_key, $public);
	my ($encrypt_key, $sign_key) = unpack 'a16 a16', sha256($shared);
	my $iv     = substr sha256($public), 0, 16;
	croak 'MAC is incorrect' if hmac_sha256($iv . $ciphertext, $sign_key) ne $mac;
	my $cipher = Crypt::Rijndael->new($encrypt_key, Crypt::Rijndael::MODE_CBC);

	my $plaintext = $cipher->decrypt($ciphertext, $iv);
	my $pad_length = ord substr $plaintext, -1;
	substr($plaintext, -$pad_length, $pad_length, '') eq chr($pad_length) x $pad_length or croak 'Incorrectly padded';
	return $plaintext;
}

my $format_authenticated = 'C/a C/a C/a C/a N/a';

sub ecdhes_encrypt_authenticated {
	my ($public_key_other, $private_key_self, $data) = @_;

	my $public_key_self = curve25519_public_key($private_key_self);
	my $private_ephemeral = curve25519_secret_key(random_bytes(32));
	my $ephemeral_public  = curve25519_public_key($private_ephemeral);
	my $primary_shared  = curve25519_shared_secret($private_ephemeral, $public_key_other);

	my ($primary_encrypt_key, $primary_iv) = unpack 'a16 a16', sha256($primary_shared);
	my $primary_cipher = Crypt::Rijndael->new($primary_encrypt_key, Crypt::Rijndael::MODE_CBC);
	my $encrypted_public_key = $primary_cipher->encrypt($public_key_self, $primary_iv);

	my $secondary_shared = $primary_shared . curve25519_shared_secret($private_key_self, $public_key_other);
	my ($secondary_encrypt_key, $sign_key) = unpack 'a16 a16', sha256($secondary_shared);
	my $cipher = Crypt::Rijndael->new($secondary_encrypt_key, Crypt::Rijndael::MODE_CBC);
	my $iv     = substr sha256($ephemeral_public), 0, 16;

	my $pad_length = 16 - length($data) % 16;
	my $padding = chr($pad_length) x $pad_length;

	my $ciphertext = $cipher->encrypt($data . $padding, $iv);
	my $mac = hmac_sha256($iv . $ciphertext, $sign_key);
	return pack $format_authenticated, "\x{1}", $ephemeral_public, $encrypted_public_key, $mac, $ciphertext;
}

sub ecdhes_decrypt_authenticated {
	my ($private_key, $packed_data) = @_;

	my ($options, $ephemeral_public, $encrypted_public_key, $mac, $ciphertext) = unpack $format_authenticated, $packed_data;
	croak 'Unknown options' if $options ne "\x{1}";

	my $primary_shared = curve25519_shared_secret($private_key, $ephemeral_public);
	my ($primary_encrypt_key, $primary_iv) = unpack 'a16 a16', sha256($primary_shared);
	my $primary_cipher = Crypt::Rijndael->new($primary_encrypt_key, Crypt::Rijndael::MODE_CBC);
	my $public_key = $primary_cipher->decrypt($encrypted_public_key, $primary_iv);

	my $secondary_shared = $primary_shared . curve25519_shared_secret($private_key, $public_key);
	my ($secondary_encrypt_key, $sign_key) = unpack 'a16 a16', sha256($secondary_shared);
	my $cipher = Crypt::Rijndael->new($secondary_encrypt_key, Crypt::Rijndael::MODE_CBC);
	my $iv     = substr sha256($ephemeral_public), 0, 16;

	croak 'MAC is incorrect' if hmac_sha256($iv . $ciphertext, $sign_key) ne $mac;

	my $plaintext = $cipher->decrypt($ciphertext, $iv);
	my $pad_length = ord substr $plaintext, -1;
	substr($plaintext, -$pad_length, $pad_length, '') eq chr($pad_length) x $pad_length or croak 'Incorrectly padded';
	return ($plaintext, $public_key);
}

lib/Crypt/ECDH_ES.pm  view on Meta::CPAN 

=head1 DESCRIPTION

This module uses elliptic curve cryptography in an ephemerical-static configuration combined with the AES cipher to achieve a hybrid cryptographical system. Both the public and the private key are simply 32 byte blobs.

=head2 Use-cases

You may want to use this module when storing sensive data in such a way that the encoding side can't read it afterwards, for example a website storing credit card data in a database that will be used by a separate back-end financial processor. When u...

=head2 Technical details

This modules uses Daniel J. Bernstein's curve25519 (also used by OpenSSH) to perform a Diffie-Hellman key agreement between an encoder and a decoder. The keys of the decoder should be known in advance (as this system works as a one-way communication ...

All cryptographic components are believed to provide at least 128-bits of security.

=head2 Variants

There are two variants of this system; both will encrypt the payload, but only one will authenticate the sender.

=head1 FUNCTIONS

=head2 ecdhes_encrypt



( run in 0.485 second using v1.01-cache-2.11-cpan-e1769b4cff6 )