Skip to content

Commit 2d342de

Browse files
timleggetimlegge
authored
Merge pull request #62 from timlegge/rsa
Migrate from Crypt::OpenSSL::RSA to Crypt::PK::RSA
2 parents 4a2e038 + aa4d985 commit 2d342de

File tree

5 files changed

+32
-34
lines changed

5 files changed

+32
-34
lines changed

Makefile.PL

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -22,8 +22,8 @@ my %WriteMakefileArgs = (
2222
"Crypt::Mac::HMAC" => 0,
2323
"Crypt::OpenSSL::Bignum" => 0,
2424
"Crypt::OpenSSL::DSA" => "0.20",
25-
"Crypt::OpenSSL::RSA" => 0,
2625
"Crypt::OpenSSL::X509" => 0,
26+
"Crypt::PK::RSA" => 0,
2727
"CryptX" => "0.036",
2828
"Digest::SHA" => 0,
2929
"Encode" => 0,
@@ -47,7 +47,7 @@ my %WriteMakefileArgs = (
4747
"Test::Lib" => 0,
4848
"Test::More" => 0
4949
},
50-
"VERSION" => "0.66",
50+
"VERSION" => "0.67",
5151
"test" => {
5252
"TESTS" => "t/*.t"
5353
}
@@ -62,8 +62,8 @@ my %FallbackPrereqs = (
6262
"Crypt::OpenSSL::Bignum" => 0,
6363
"Crypt::OpenSSL::DSA" => "0.20",
6464
"Crypt::OpenSSL::Guess" => 0,
65-
"Crypt::OpenSSL::RSA" => 0,
6665
"Crypt::OpenSSL::X509" => 0,
66+
"Crypt::PK::RSA" => 0,
6767
"CryptX" => "0.036",
6868
"Digest::SHA" => 0,
6969
"Encode" => 0,

README

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@ NAME
33
Signatures
44

55
VERSION
6-
version 0.66
6+
version 0.67
77

88
SYNOPSIS
99
my $xml = '<foo ID="abc">123</foo>';

cpanfile

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,8 +6,8 @@ requires "Crypt::Digest::RIPEMD160" => "0";
66
requires "Crypt::Mac::HMAC" => "0";
77
requires "Crypt::OpenSSL::Bignum" => "0";
88
requires "Crypt::OpenSSL::DSA" => "0.20";
9-
requires "Crypt::OpenSSL::RSA" => "0";
109
requires "Crypt::OpenSSL::X509" => "0";
10+
requires "Crypt::PK::RSA" => "0";
1111
requires "CryptX" => "0.036";
1212
requires "Digest::SHA" => "0";
1313
requires "Encode" => "0";

lib/XML/Sig.pm

Lines changed: 26 additions & 28 deletions
Original file line numberDiff line numberDiff line change
@@ -869,20 +869,25 @@ sub _verify_rsa {
869869
my $self = shift;
870870
my ($context,$canonical,$sig) = @_;
871871

872+
eval {
873+
require Crypt::PK::RSA;
874+
};
875+
confess "Crypt::PK::RSA needs to be installed so
876+
that we can handle X509 certificates" if $@;
872877
# Generate Public Key from XML
873878
my $mod = _trim($self->{parser}->findvalue('dsig:Modulus', $context));
874879
my $modBin = decode_base64( $mod );
875880
my $exp = _trim($self->{parser}->findvalue('dsig:Exponent', $context));
876881
my $expBin = decode_base64( $exp );
877-
my $n = Crypt::OpenSSL::Bignum->new_from_bin($modBin);
878-
my $e = Crypt::OpenSSL::Bignum->new_from_bin($expBin);
879-
my $rsa_pub = Crypt::OpenSSL::RSA->new_key_from_parameters( $n, $e );
882+
my $n = unpack("H*", $modBin);
883+
my $e = unpack("H*", $expBin);
880884

885+
my $pk = Crypt::PK::RSA->new();
886+
my $rsa_pub = $pk->import_key({N => $n, e => $e});
881887
# Decode signature and verify
882-
my $sig_hash = 'use_' . $self->{ sig_hash } . '_hash';
883-
$rsa_pub->$sig_hash;
884888
my $bin_signature = decode_base64($sig);
885-
return 1 if ($rsa_pub->verify( $canonical, $bin_signature ));
889+
890+
return 1 if ($rsa_pub->verify_message( $bin_signature, $canonical, $self->{ sig_hash }, "v1.5"));
886891
return 0;
887892
}
888893

@@ -1011,17 +1016,16 @@ sub _verify_x509_cert {
10111016
}
10121017
else {
10131018
eval {
1014-
require Crypt::OpenSSL::RSA;
1019+
require Crypt::PK::RSA;
10151020
};
1016-
confess "Crypt::OpenSSL::RSA needs to be installed so
1021+
confess "Crypt::PK::RSA needs to be installed so
10171022
that we can handle X509 certificates" if $@;
10181023

1019-
my $rsa_pub = Crypt::OpenSSL::RSA->new_public_key($cert->pubkey);
1024+
my $pk = Crypt::PK::RSA->new();
1025+
my $rsa_pub = $pk->import_key(\$cert->pubkey);
10201026

1021-
my $sig_hash = 'use_' . $self->{sig_hash} . '_hash';
1022-
$rsa_pub->$sig_hash();
10231027
# If successful verify, store the signer's cert for validation
1024-
if ($rsa_pub->verify( $canonical, $bin_signature )) {
1028+
if ($rsa_pub->verify_message( $bin_signature, $canonical, $self->{sig_hash}, 'v1.5' )) {
10251029
$self->{signer_cert} = $cert;
10261030
return 1;
10271031
}
@@ -1384,7 +1388,7 @@ sub _load_dsa_key {
13841388
$self->{key_type} = 'dsa';
13851389
}
13861390
else {
1387-
confess "did not get a new Crypt::OpenSSL::RSA object";
1391+
confess "did not get a new Crypt::PK::RSA object";
13881392
}
13891393
}
13901394

@@ -1406,25 +1410,21 @@ sub _load_rsa_key {
14061410
my ($key_text) = @_;
14071411

14081412
eval {
1409-
require Crypt::OpenSSL::RSA;
1413+
require Crypt::PK::RSA;
14101414
};
1411-
confess "Crypt::OpenSSL::RSA needs to be installed so that we can handle RSA keys." if $@;
1415+
confess "Crypt::PK::RSA needs to be installed so that we can handle RSA keys." if $@;
14121416

1413-
my $rsaKey = Crypt::OpenSSL::RSA->new_private_key( $key_text );
1417+
my $pk = Crypt::PK::RSA->new();
1418+
my $rsaKey = $pk->import_key(\$key_text);
14141419

14151420
if ( $rsaKey ) {
1416-
$rsaKey->use_pkcs1_oaep_padding();
14171421
$self->{ key_obj } = $rsaKey;
14181422
$self->{ key_type } = 'rsa';
14191423

14201424
if (!$self->{ x509 }) {
1421-
my $bigNum = ( $rsaKey->get_key_parameters() )[1];
1422-
my $bin = $bigNum->to_bin();
1423-
my $exp = encode_base64( $bin, '' );
1424-
1425-
$bigNum = ( $rsaKey->get_key_parameters() )[0];
1426-
$bin = $bigNum->to_bin();
1427-
my $mod = encode_base64( $bin, '' );
1425+
my $key_params = $rsaKey->key2hash;
1426+
my $exp = encode_base64(pack("H*", $key_params->{e}), '');
1427+
my $mod = encode_base64(pack("H*", $key_params->{N}), '');
14281428
$self->{KeyInfo} = "<dsig:KeyInfo>
14291429
<dsig:KeyValue>
14301430
<dsig:RSAKeyValue>
@@ -1436,7 +1436,7 @@ sub _load_rsa_key {
14361436
}
14371437
}
14381438
else {
1439-
confess "did not get a new Crypt::OpenSSL::RSA object";
1439+
confess "did not get a new Crypt::PK::RSA object";
14401440
}
14411441
}
14421442

@@ -1871,9 +1871,7 @@ sub _calc_rsa_signature {
18711871
my $signed_info_canon = shift;
18721872

18731873
print (" Signing SignedInfo using RSA key type\n") if $DEBUG;
1874-
my $sig_hash = 'use_' . $self->{ sig_hash } . '_hash';
1875-
$self->{key_obj}->$sig_hash;
1876-
my $bin_signature = $self->{key_obj}->sign( $signed_info_canon );
1874+
my $bin_signature = $self->{key_obj}->sign_message( $signed_info_canon, $self->{sig_hash}, 'v1.5' );
18771875

18781876
return $bin_signature;
18791877
}

t/005_rsakeys.t

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@ my $exponent = 'AQAB';
1616
my $sig = XML::Sig->new( { key => 't/rsa.private.key' } );
1717
isa_ok( $sig, 'XML::Sig' );
1818

19-
isa_ok( $sig->{ key_obj }, 'Crypt::OpenSSL::RSA', 'Key object is valid' );
19+
isa_ok( $sig->{ key_obj }, 'Crypt::PK::RSA', 'Key object is valid' );
2020
is( index( $sig->{KeyInfo}, $modulus ), 166, 'Modulus is correct' );
2121
is( index( $sig->{KeyInfo}, $exponent), 576, 'Exponent is correct' );
2222

0 commit comments

Comments
 (0)