File Coverage

blib/lib/Crypt/Perl/ECDSA.pm

Criterion	Covered	Total	%
statement	6	6	100.0
branch			n/a
condition			n/a
subroutine	2	2	100.0
pod			n/a
total	8	8	100.0

line	stmt	sub	time	code
1				package Crypt::Perl::ECDSA;
2
3	1	1	527	use strict;
	1		7
	1		29
4	1	1	5	use warnings;
	1		2
	1		54
5
6				=encoding utf-8
7
8				=head1 NAME
9
10				Crypt::Perl::ECDSA - Elliptic curve cryptography in pure Perl
11
12				=head1 SYNOPSIS
13
14				my $pub_key1 = Crypt::Perl::ECDSA::Parse::public($pem_or_der);
15				my $prv_key1 = Crypt::Perl::ECDSA::Parse::private($pem_or_der);
16
17				#----------------------------------------------------------------------
18
19				my $prkey_by_name = Crypt::Perl::ECDSA::Generate::by_curve_name('secp521r1');
20
21				#Probably only useful for trying out a custom curve?
22				my $prkey_by_curve = Crypt::Perl::ECDSA::Generate::by_explicit_curve(
23				{
24				p => ..., #isa Crypt::Perl::BigInt
25				a => ..., #isa Crypt::Perl::BigInt
26				b => ..., #isa Crypt::Perl::BigInt
27				n => ..., #isa Crypt::Perl::BigInt
28
29				# Supposedly this can be deduced from the above, but I don’t
30				# see the math for this around. It’s not in libtomcryt, AFAICT.
31				# It may have to do with Schoof’s Algorithm?
32				h => ..., #isa Crypt::Perl::BigInt
33
34				gx => ..., #isa Crypt::Perl::BigInt
35				gy => ..., #isa Crypt::Perl::BigInt
36				},
37				);
38
39				#----------------------------------------------------------------------
40
41				my $msg = 'My message';
42
43				# Deterministic signatures. This is probably the way to go
44				# for normal use cases. You can use sha1, sha224, sha256, sha384,
45				# or sha512.
46				my $det_sig = $private->sign_sha256($msg);
47
48				my $msg_hash = Digest::SHA::sha256($msg);
49
50				# NB: This verifies a digest, not the original message.
51				die 'Wut' if !$public->verify($msg_hash, $sig);
52				die 'Wut' if !$private->verify($msg_hash, $sig);
53
54				# Signature in JSON Web Algorithm format (deterministic):
55				my $jwa_sig = $private->sign_jwa($msg);
56
57				# You can also create non-deterministic signatures. These risk a
58				# security compromise if there is any flaw in the underlying CSPRNG.
59				# Note that this signs a digest, not the message itself.
60				my $sig = $private->sign($msg_hash);
61
62				#----------------------------------------------------------------------
63
64				$key->to_der_with_curve_name();
65				$key->to_der_with_curve_name( compressed => 1 );
66				$key->to_pem_with_curve_name();
67				$key->to_pem_with_curve_name( compressed => 1 );
68
69				$key->to_der_with_explicit_curve();
70				$key->to_der_with_explicit_curve( seed => 1 );
71				$key->to_der_with_explicit_curve( compressed => 1 );
72				$key->to_der_with_explicit_curve( seed => 1, compressed => 1 );
73				$key->to_pem_with_explicit_curve();
74				$key->to_pem_with_explicit_curve( seed => 1 );
75				$key->to_pem_with_explicit_curve( compressed => 1 );
76				$key->to_pem_with_explicit_curve( seed => 1, compressed => 1 );
77
78				=head1 DISCUSSION
79
80				See the documentation for L and
81				L for discussions of what these interfaces
82				can do.
83
84				=head1 SECURITY
85
86				The security advantages of elliptic-curve cryptography (ECC) are a matter of
87				some controversy. While the math itself is apparently bulletproof, there are
88				varying opinions about the integrity of the various curves that are recommended
89				for ECC. Some believe that some curves contain backdoors that would allow
90				L to sniff a transmission. For more information,
91				look at L.
92
93				That said, RSA will eventually no longer be viable: as RSA keys get bigger, the
94				security advantage of increasing their size diminishes.
95
96				C “has no opinion” regarding which curves you use; it ships all
97				of the prime-field curves that (L) includes and
98				works with any of them. You can try out custom curves as well.
99
100				=head2 Deterministic Signatures
101
102				This library can create deterministic signatures, as per
103				L. Read that RFC’s
104				introduction to learn why this is a good idea.
105
106				=head1 FORMATS SUPPORTED
107
108				Elliptic-curve keys can be in a variety of formats. This library supports
109				almost all of them:
110
111				=over
112
113				=item Parse and export of named curves and explicit curves. (See below
114				about explicit curve parameters.)
115
116				=item Parse and export of curve points in compressed or uncompressed form,
117				and parse of points in hybrid form.
118				(NB: L
119				prohibits use of the hybrid form.)
120
121				=back
122
123				Explicit curves (i.e., giving the curve by full parameters rather than by
124				name reference) may be a known curve or an arbitrary curve.
125				Explicit curves may include or omit the seed value. It is omitted in output
126				by default. Explicit curves may also include or
127				omit the cofactor, but if the curve is unknown the cofactor is required.
128				This is because this library’s export of explicit curves always includes the
129				cofactor. While it’s not required for ECDSA, it’s recommended, and it’s
130				required for ECDH. Moreover, unlike the seed (which nither ECDSA nor ECDH
131				requires), the cofactor is small enough that its inclusion only enlarges the
132				key by a few bytes.
133
134				I believe the cofactor can be deduced from the other curve parameters;
135				if someone wants to submit a PR to do this that would be nice.
136
137				Generator/base points will be exported as compressed or uncompressed
138				according to the public point. If for some reason you really need a
139				compressed base point but an uncompressed public point or vice-versa,
140				and you need this library to do it for you,
141				please explain your need for such a thing in your pull request. :-)
142
143				=head1 TODO
144
145				Functionality can be augmented as feature requests come in.
146				Patches are welcome—particularly with tests!
147
148				In particular, it would be great to support characteristic-two curves,
149				though almost everything seems to expect the prime-field variety.
150				(OpenSSL is the only implementation I know of that
151				supports characteristic-two.)
152
153				It would also be nice to have logic that deduces the cofactor from the
154				other curve parameters.
155
156				=head1 ACKNOWLEDGEMENTS
157
158				Most of the ECDSA logic here is ported from Kenji Urushima’s
159				L.
160
161				Curve data is copied from OpenSSL. (See the script included in the
162				distribution.)
163
164				The point decompression logic is ported from L.
165
166				Deterministic ECDSA logic derived in part from
167				L.
168
169				=cut
170
171				1;