File Coverage

blib/lib/Crypt/Util.pm

Criterion	Covered	Total	%
statement	12	20	60.0
branch	2	4	50.0
condition			n/a
subroutine	4	4	100.0
pod			n/a
total	18	28	64.2

line	stmt	bran	sub	time	code
1	6	50	6	185836	#!/usr/bin/perl
	6		6	26
	6			1242
	6			44
	6			27
	6			376
2	6	50		54
	6			2985
3	6		6	10487	package Crypt::Util;
	6			9163
	6			1306
	0			0
4	0		6	0	use Moose;
	0			0
	0			0
	0			0
	0			0
	6			7996
	0
	0
5
6					our $VERSION = "0.11";
7
8					use Digest;
9					use Digest::MoreFallbacks;
10
11					use Carp qw/croak/;
12
13					use Sub::Exporter;
14					use Data::OptList;
15
16					use namespace::clean -except => [qw(meta)];
17
18					our %DEFAULT_ACCESSORS = (
19					mode => { isa => "Str" },
20					authenticated_mode => { isa => "Str" },
21					encode => { isa => "Bool" },
22					encoding => { isa => "Str" },
23					printable_encoding => { isa => "Str" },
24					alphanumerical_encoding => { isa => "Str" },
25					uri_encoding => { isa => "Str" },
26					digest => { isa => "Str" },
27					cipher => { isa => "Str" },
28					mac => { isa => "Str" },
29					key => { isa => "Str" },
30					uri_encoding => { isa => "Str" },
31					printable_encoding => { isa => "Str" },
32					use_literal_key => { isa => "Bool" },
33					tamper_proof_unencrypted => { isa => "Bool" },
34					nonce => { isa => "Str", default => "" },
35					);
36
37					our @DEFAULT_ACCESSORS = keys %DEFAULT_ACCESSORS;
38
39					my %export_groups = (
40					'crypt' => [qw/
41					encrypt_string decrypt_string
42					authenticated_encrypt_string
43					tamper_proof thaw_tamper_proof
44					cipher_object
45					/],
46					digest => [qw/
47					digest_string verify_hash verify_digest
48					digest_object
49					mac_digest_string
50					verify_mac
51					/],
52					encoding => [qw/
53					encode_string decode_string
54					encode_string_hex decode_string_hex
55					encode_string_base64 decode_string_base64 encode_string_base64_wrapped
56					encode_string_base32 decode_string_base32
57					encode_string_uri_base64 decode_string_uri_base64
58					encode_string_uri decode_string_uri
59					encode_string_alphanumerical decode_string_alphanumerical
60					encode_string_printable decode_string_printable
61					encode_string_uri_escape decode_string_uri_escape
62					/],
63					params => [ "exported_instance", "disable_fallback", map { "default_$_" } @DEFAULT_ACCESSORS ],
64					);
65
66					my %exports = map { $_ => \&__curry_instance } map { @$_ } values %export_groups;
67
68					Sub::Exporter->import( -setup => {
69					exports => \%exports,
70					groups => \%export_groups,
71					collectors => {
72					defaults => sub { 1 },
73					},
74					});
75
76					our @KNOWN_AUTHENTICATING_MODES = qw(EAX OCB GCM CWC CCM); # IACBC & IAPM will probably never be implemented
77
78					our %KNOWN_AUTHENTICATING_MODES = map { $_ => 1 } @KNOWN_AUTHENTICATING_MODES;
79
80					our %FALLBACK_LISTS = (
81					mode => [qw/CFB CBC Ctr OFB/],
82					stream_mode => [qw/CFB Ctr OFB/],
83					block_mode => [qw/CBC/],
84					authenticated_mode => [qw/EAX GCM CCM/], # OCB/], OCB is patented
85					cipher => [qw/Rijndael Serpent Twofish RC6 Blowfish RC5/],
86					#authenticated_cipher => [qw/Phelix SOBER-128 Helix/], # not yet ready
87					digest => [qw/SHA-1 SHA-256 RIPEMD160 Whirlpool MD5 Haval256/],
88					mac => [qw/HMAC CMAC/],
89					encoding => [qw/hex/],
90					printable_encoding => [qw/base64 hex/],
91					alphanumerical_encoding => [qw/base32 hex/],
92					uri_encoding => [qw/uri_base64 base32 hex/],
93					);
94
95					foreach my $fallback ( keys %FALLBACK_LISTS ) {
96					my @list = @{ $FALLBACK_LISTS{$fallback} };
97
98					my $list_method = "fallback_${fallback}_list";
99
100					my $list_method_sub = sub { # derefed list accessors
101					my ( $self, @args ) = @_;
102					if ( @args ) {
103					@args = @{ $args[0] } if @args == 1 and (ref($args[0])\|\|'') eq "ARRAY";
104					$self->{$list_method} = \@args;
105					}
106					@{ $self->{$list_method} \|\| \@list };
107					};
108
109					my $type = ( $fallback =~ /(encoding\|mode)/ )[0] \|\| $fallback;
110					my $try = "_try_${type}_fallback";
111
112					my $fallback_sub = sub {
113					my $self = shift;
114
115					$self->_find_fallback(
116					$fallback,
117					$try,
118					$self->$list_method,
119					) \|\| croak "Couldn't load any $fallback";
120					};
121
122					no strict 'refs';
123					*{ "fallback_$fallback" } = $fallback_sub;
124					*{ $list_method } = $list_method_sub;
125					}
126
127					foreach my $attr ( @DEFAULT_ACCESSORS ) {
128					has "default_$attr" => (
129					is => "rw",
130					predicate => "has_default_$attr",
131					clearer => "clear_default_$attr",
132					( __PACKAGE__->can("fallback_$attr") ? (
133					lazy_build => 1,
134					builder => "fallback_$attr",
135					) : () ),
136					%{ $DEFAULT_ACCESSORS{$attr} },
137					);
138					}
139
140					has disable_fallback => (
141					isa => "Bool",
142					is => "rw",
143					);
144
145					__PACKAGE__->meta->make_immutable if __PACKAGE__->meta->can("make_immutable");
146
147					{
148					my %fallback_caches;
149
150					sub _find_fallback {
151					my ( $self, $key, $test, @list ) = @_;
152
153					my $cache = $fallback_caches{$key} \|\|= {};
154
155					@list = $list[0] if @list and $self->disable_fallback;
156
157					foreach my $elem ( @list ) {
158					$cache->{$elem} = $self->$test( $elem ) unless exists $cache->{$elem};
159					return $elem if $cache->{$elem};
160					}
161
162
163					return;
164					}
165					}
166
167					sub _try_cipher_fallback {
168					my ( $self, $name ) = @_;
169					$self->_try_loading_module("Crypt::$name");
170					}
171
172					sub _try_digest_fallback {
173					my ( $self, $name ) = @_;
174
175					my $e;
176
177					{
178					local $@;
179					eval { $self->digest_object( digest => $name ) };
180					$e = $@;
181					};
182
183					return 1 if !$e;
184					( my $file = $name ) =~ s{::}{/}g;
185					die $e if $e !~ m{^Can't locate Digest/\Q${file}.pm\E in \@INC};
186					return;
187					}
188
189					sub _try_mode_fallback {
190					my ( $self, $mode ) = @_;
191					$self->_try_loading_module("Crypt::$mode");
192					}
193
194					sub _try_mac_fallback {
195					my ( $self, $mac ) = @_;
196					$self->_try_loading_module("Digest::$mac");
197					}
198
199					sub _try_loading_module {
200					my ( $self, $name ) = @_;
201
202					(my $file = "${name}.pm") =~ s{::}{/}g;
203
204					my ( $r, $e );
205					{
206					local $@;
207					$r = eval { require $file }; # yes it's portable
208					$e = $@;
209					};
210
211					return $r if $r;
212					die $e if $e !~ /^Can't locate \Q$file\E in \@INC/;
213					return $r;
214					}
215
216					{
217					my %encoding_module = (
218					base64 => "MIME::Base64",
219					uri_base64 => "MIME::Base64::URLSafe",
220					base32 => "MIME::Base32",
221					uri_escape => "URI::Escape",
222					);
223
224					sub _try_encoding_fallback {
225					my ( $self, $encoding ) = @_;
226
227					return 1 if $encoding eq "hex";
228
229					my $module = $encoding_module{$encoding};
230					$module =~ s{::}{/}g;
231					$module .= ".pm";
232
233					my $e = do {
234					local $@;
235					eval { require $module }; # yes it's portable
236					$@;
237					};
238
239					return 1 if !$e;
240					die $e if $e !~ /^Can't locate \Q$module\E in \@INC/;
241					return;
242					}
243					}
244
245					sub _args (\@;$) {
246					my ( $args, $odd ) = @_;
247
248					my ( $self, @args ) = @$args;
249
250					my %params;
251					if ( @args % 2 == 1 ) {
252					croak "The parameters must be an even sized list of key value pairs" unless defined $odd;
253					( my $odd_value, %params ) = @args;
254					croak "Can't provide the positional param in the named list as well" if exists $params{$odd};
255					$params{$odd} = $odd_value;
256					} else {
257					%params = @args;
258					}
259
260					return ( $self, %params );
261					}
262
263					sub _process_params {
264					my ( $self, $params, @required ) = @_;
265
266					foreach my $param ( @required ) {
267					next if exists $params->{$param};
268
269					$params->{$param} = $self->_process_param( $param );
270					}
271					}
272
273					sub _process_param {
274					my ( $self, $param ) = @_;
275
276					my $default = "default_$param";
277
278					if ( $self->can($default) ) {
279					return $self->$default;
280					}
281
282					croak "No default value for required parameter '$param'";
283					}
284
285					sub cipher_object {
286					my ( $self, %params ) = _args @_;
287
288					$self->_process_params( \%params, qw/mode/);
289
290					my $method = "cipher_object_" . lc(my $mode = delete $params{mode});
291
292					croak "mode $mode is unsupported" unless $self->can($method);
293
294					$self->$method( %params );
295					}
296
297					sub cipher_object_eax {
298					my ( $self, %params ) = _args @_;
299
300					$self->_process_params( \%params, qw/cipher nonce/ );
301
302					require Crypt::EAX;
303
304					Crypt::EAX->new(
305					%params,
306					cipher => "Crypt::$params{cipher}", # FIXME take a ref, but Crypt::CFB will barf
307					key => $self->process_key(%params),
308					nonce => $params{nonce},
309					);
310					}
311
312					sub cipher_object_cbc {
313					my ( $self, %params ) = _args @_;
314
315					$self->_process_params( \%params, qw/cipher/ );
316
317					require Crypt::CBC;
318
319					Crypt::CBC->new(
320					-cipher => $params{cipher},
321					-key => $self->process_key(%params),
322					);
323					}
324
325					sub cipher_object_ofb {
326					my ( $self, %params ) = _args @_;
327
328					$self->_process_params( \%params, qw/cipher/ );
329
330					require Crypt::OFB;
331					my $c = Crypt::OFB->new;
332
333					$c->padding( Crypt::ECB::PADDING_AUTO() );
334
335					$c->key( $self->process_key(%params) );
336
337					$c->cipher( $params{cipher} );
338
339					return $c;
340					}
341
342					sub cipher_object_cfb {
343					my ( $self, @args ) = _args @_;
344					require Crypt::CFB;
345					$self->_cipher_object_baurem( "Crypt::CFB", @args );
346					}
347
348					sub cipher_object_ctr {
349					my ( $self, @args ) = _args @_;
350					require Crypt::Ctr;
351					$self->_cipher_object_baurem( "Crypt::Ctr", @args );
352					}
353
354					sub _cipher_object_baurem {
355					my ( $self, $class, %params ) = @_;
356
357					my $prefix = "Crypt";
358					( $prefix, $params{cipher} ) = ( Digest => delete $params{digest} ) if exists $params{encryption_digest};
359
360					$self->_process_params( \%params, qw/cipher/ );
361
362					$class->new( $self->process_key(%params), join("::", $prefix, $params{cipher}) );
363					}
364
365					use tt;
366					[% FOR mode IN ["stream", "block", "authenticated"] %]
367					sub cipher_object_[% mode %] {
368					my ( $self, @args ) = _args @_;
369					my $mode = $self->_process_param("[% mode %]_mode");
370					$self->cipher_object( @args, mode => $mode );
371					}
372					[% END %]
373					no tt;
374
375					sub process_nonce {
376					my ( $self, %params ) = _args @_, 'nonce';
377
378					my $nonce = $self->_process_params( \%params, 'nonce' );
379
380					if ( length($nonce) ) {
381					return $nonce;
382					} else {
383					require Data::GUID;
384					Data::GUID->new->as_binary;
385					}
386					}
387
388					sub process_key {
389					my ( $self, %params ) = _args @_, "key";
390
391					if ( $params{literal_key} \|\| $self->default_use_literal_key ) {
392					$self->_process_params( \%params, qw/key/ );
393					return $params{key};
394					} else {
395					my $size = $params{key_size};
396
397					unless ( $size ) {
398					$self->_process_params( \%params, qw/key cipher/ );
399					my $cipher = $params{cipher};
400
401					my $class = "Crypt::$cipher";
402
403					$self->_try_loading_module($class);
404
405					if ( my $size_method = $class->can("keysize") \|\| $class->can("blocksize") ) {
406					$size = $class->$size_method;
407					}
408
409					$size \|\|= $cipher eq "Blowfish" ? 56 : 32;
410					}
411
412					return $self->digest_string(
413					string => $params{key},
414					digest => "MultiHash",
415					encode => 0,
416					digest_args => [{
417					width => $size,
418					hashes => ["SHA-512"], # no need to be overkill, we just need the variable width
419					}],
420					);
421					}
422					}
423
424					sub digest_object {
425					my ( $self, %params ) = _args @_;
426
427					$self->_process_params( \%params, qw/
428					digest
429					/);
430
431					Digest->new( $params{digest}, @{ $params{digest_args} \|\| [] } );
432					}
433
434					{
435					# this is a hack that gives to Digest::HMAC something that responds to ->new
436
437					package
438					Crypt::Util::HMACDigestFactory;
439
440					sub new {
441					my $self = shift;
442					$$self->clone;
443					}
444
445					sub new_factory {
446					my ( $self, $thing ) = @_;
447					return bless \$thing, $self;
448					}
449					}
450
451					sub mac_object {
452					my ( $self, %params ) = _args @_;
453
454					$self->_process_params( \%params, qw/
455					mac
456					/);
457
458					my $mac_type = delete $params{mac};
459
460					my $method = lc( "mac_object_$mac_type" );
461
462					$self->$method( %params );
463					}
464
465					sub mac_object_hmac {
466					my ( $self, @args ) = _args @_;
467
468					my $digest = $self->digest_object(@args);
469
470					my $digest_factory = Crypt::Util::HMACDigestFactory->new_factory( $digest );
471
472					my $key = $self->process_key(
473					literal_key => 1, # Digest::HMAC does it's own key processing, but we let the user force our own
474					key_size => 64, # if the user did force our own, the default key_size is Digest::HMAC's default block size
475					@args,
476					);
477
478					require Digest::HMAC;
479					Digest::HMAC->new(
480					$key,
481					$digest_factory,
482					# FIXME hmac_block_size param?
483					);
484					}
485
486					sub mac_object_cmac {
487					my ( $self, %params ) = _args @_;
488
489					my ( $key, $cipher );
490
491					if ( ref $params{cipher} ) {
492					$cipher = $params{cipher};
493					} else {
494					$self->_process_params( \%params, qw(cipher) );
495					$cipher = "Crypt::" . $params{cipher};
496					$key = $self->process_key(%params);
497					}
498
499					require Digest::CMAC;
500					Digest::CMAC->new( $key, $cipher );
501					}
502
503					use tt;
504					[% FOR f IN ["en", "de"] %]
505					sub [% f %]crypt_string {
506					my ( $self, %params ) = _args @_, "string";
507
508					my $string = delete $params{string};
509					croak "You must provide the 'string' parameter" unless defined $string;
510
511					my $c = $self->cipher_object( %params );
512
513					[% IF f == "en" %]
514					$self->maybe_encode( $c->encrypt($string), \%params );
515					[% ELSE %]
516					$c->decrypt( $self->maybe_decode($string, \%params ) );
517					[% END %]
518					}
519
520					sub maybe_[% f %]code {
521					my ( $self, $string, $params ) = @_;
522
523					my $should_encode = exists $params->{[% f %]code}
524					? $params->{[% f %]code}
525					: exists $params->{encoding} \|\| $self->default_encode;
526
527					if ( $should_encode ) {
528					return $self->[% f %]code_string(
529					%$params,
530					string => $string,
531					);
532					} else {
533					return $string;
534					}
535					}
536					[% END %]
537					no tt;
538
539					sub _digest_string_with_object {
540					my ( $self, $object, %params ) = @_;
541
542					my $string = delete $params{string};
543					croak "You must provide the 'string' parameter" unless defined $string;
544
545					$object->add($string);
546
547					$self->maybe_encode( $object->digest, \%params );
548					}
549
550					sub digest_string {
551					my ( $self, %params ) = _args @_, "string";
552
553					my $d = $self->digest_object( %params );
554
555					$self->_digest_string_with_object( $d, %params );
556					}
557
558					sub mac_digest_string {
559					my ( $self, %params ) = _args @_, "string";
560
561					my $d = $self->mac_object( %params );
562
563					$self->_digest_string_with_object( $d, %params );
564					}
565
566					sub _do_verify_hash {
567					my ( $self, %params ) = _args @_;
568
569					my $hash = delete $params{hash};
570					my $fatal = delete $params{fatal};
571					croak "You must provide the 'string' and 'hash' parameters" unless defined $params{string} and defined $hash;
572
573					my $meth = $params{digest_method};
574
575					return 1 if $hash eq $self->$meth(%params);
576
577					if ( $fatal ) {
578					croak "Digest verification failed";
579					} else {
580					return;
581					}
582					}
583
584					sub verify_hash {
585					my ( $self, @args ) = @_;
586					$self->_do_verify_hash(@args, digest_method => "digest_string");
587					}
588
589					sub verify_digest {
590					my ( $self, @args ) = @_;
591					$self->verify_hash(@args);
592					}
593
594					sub verify_mac {
595					my ( $self, @args ) = @_;
596					$self->_do_verify_hash(@args, digest_method => "mac_digest_string");
597					}
598
599					{
600					my @flags = qw/serialized/;
601
602					sub _flag_hash_to_int {
603					my ( $self, $flags ) = @_;
604
605					my $bit = 1;
606					my $flags_int = 0;
607
608					foreach my $flag (@flags) {
609					$flags_int \|= $bit if $flags->{$flag};
610					} continue {
611					$bit *= 2;
612					}
613
614					return $flags_int;
615					}
616
617					sub _flag_int_to_hash {
618					my ( $self, $flags ) = @_;
619
620					my $bit =1;
621					my %flags;
622
623					foreach my $flag (@flags ) {
624					$flags{$flag} = $flags & $bit;
625					} continue {
626					$bit *= 2;
627					}
628
629					return wantarray ? %flags : \%flags;
630					}
631					}
632
633					sub tamper_proof {
634					my ( $self, %params ) = _args @_, "data";
635
636					$params{string} = $self->pack_data( %params );
637					#$params{header} = $self->pack_data( %params, data => $params{header} ) if exists $params{header}; # FIXME this is not yet finished
638
639					$self->tamper_proof_string( %params );
640					}
641
642					sub freeze_data {
643					my ( $self, %params ) = @_;
644					require Storable;
645					Storable::nfreeze($params{data});
646					}
647
648					sub thaw_data {
649					my ( $self, %params ) = @_;
650					require Storable;
651					Storable::thaw($params{data});
652					}
653
654					sub tamper_proof_string {
655					my ( $self, %params ) = _args @_, "string";
656
657					my $encrypted = exists $params{encrypt}
658					? $params{encrypt}
659					: !$self->default_tamper_proof_unencrypted;
660
661
662					my $type = ( $encrypted ? "aead" : "mac" );
663
664					my $method = "${type}_tamper_proof_string";
665
666					my $string = $self->$method( %params );
667
668					return $self->_pack_tamper_proof( $type => $string );
669					}
670
671					{
672					my @tamper_proof_types = qw/mac aead/;
673					my %tamper_proof_type; @tamper_proof_type{@tamper_proof_types} = 1 .. @tamper_proof_types;
674
675					sub _pack_tamper_proof {
676					my ( $self, $type, $proof ) = @_;
677					pack("C a*", $tamper_proof_type{$type}, $proof);
678					}
679
680					sub _unpack_tamper_proof {
681					my ( $self, $packed ) = @_;
682					my ( $type, $string ) = unpack("C a*", $packed);
683
684					return (
685					($tamper_proof_types[ $type-1 ] \|\| croak "Unknown tamper proofing method"),
686					$string,
687					);
688					}
689					}
690
691					sub _authenticated_mode {
692					my ( $self, $params ) = @_;
693
694					# trust explicit param
695					if ( exists $params->{authenticated_mode} ) {
696					$params->{mode} = delete $params->{authenticated_mode};
697					return 1;
698					}
699
700					# check if the explicit param is authenticated
701					if ( exists $params->{mode} ) {
702					# allow overriding
703					if ( exists $params->{mode_is_authenticated} ) {
704					return $params->{mode_is_authenticated};
705					}
706
707					if ( $KNOWN_AUTHENTICATING_MODES{uc($params->{mode})} ) {
708					return 1;
709					} else {
710					return;
711					}
712					}
713
714					$params->{mode} = $self->_process_param('authenticated_mode');
715
716					return 1;
717					}
718
719					sub _pack_hash_and_message {
720					my ( $self, $hash, $message ) = @_;
721					pack("n/a* a*", $hash, $message);
722					}
723
724					sub _unpack_hash_and_message {
725					my ( $self, $packed ) = @_;
726					unpack("n/a* a*", $packed);
727					}
728
729					our $PACK_FORMAT_VERSION = 1;
730
731					sub pack_data {
732					my ( $self, %params ) = _args @_, "data";
733
734					$self->_process_params( \%params, qw/
735					data
736					/);
737
738					my $data = delete $params{data};
739
740					my %flags;
741
742					if ( ref $data ) {
743					$flags{serialized} = 1;
744					$data = $self->freeze_data( %params, data => $data );
745					}
746
747					$self->_pack_version_flags_and_string( $PACK_FORMAT_VERSION, \%flags, $data );
748					}
749
750					sub unpack_data {
751					my ( $self, %params ) = _args @_, "data";
752
753					$self->_process_params( \%params, qw/
754					data
755					/);
756
757					my ( $version, $flags, $data ) = $self->_unpack_version_flags_and_string($params{data});
758
759					$self->_packed_string_version_check( $version );
760
761					if ( $flags->{serialized} ) {
762					return $self->thaw_data( %params, data => $data );
763					} else {
764					return $data;
765					}
766					}
767
768					sub _pack_version_flags_and_string {
769					my ( $self, $version, $flags, $string ) = @_;
770					pack("n n N/a*", $version, $self->_flag_hash_to_int($flags), $string);
771					}
772
773					sub _unpack_version_flags_and_string {
774					my ( $self, $packed ) = @_;
775
776					my ( $version, $flags, $string ) = unpack("n n N/a*", $packed);
777
778					$flags = $self->_flag_int_to_hash($flags);
779
780					return ( $version, $flags, $string );
781					}
782
783					sub authenticated_encrypt_string {
784					my ( $self, %params ) = _args @_, "string";
785
786					# FIXME some ciphers are authenticated, but none are implemented in perl yet
787					if ( $self->_authenticated_mode(\%params) ) {
788					$self->_process_params( \%params, qw(nonce) );
789
790					# generate a nonce unless one is explicitly provided
791					my $nonce = $self->process_nonce(%params); # FIMXE limit to 64k?
792
793					# FIXME safely encode an arbitrary header as well
794					#my $header = $params{header};
795					#$header = '' unless defined $header;
796
797					return pack("n/a* a*", $nonce, $self->encrypt_string( %params, nonce => $nonce ) );
798					} else {
799					croak "To use encrypted tamper resistent strings an authenticated encryption mode such as EAX must be selected";
800					}
801					}
802
803					sub authenticated_decrypt_string {
804					my ( $self, %params ) = _args @_, "string";
805
806					if ( $self->_authenticated_mode(\%params) ) {
807					$self->_process_params( \%params, qw(string) );
808
809					my ( $nonce, $string ) = unpack("n/a* a*", $params{string});
810
811					return $self->decrypt_string(
812					fatal => 1,
813					%params,
814					nonce => $nonce,
815					string => $string,
816					);
817					} else {
818					croak "To use encrypted tamper resistent strings an authenticated encryption mode such as EAX must be selected";
819					}
820					}
821
822					sub aead_tamper_proof_string {
823					my ( $self, %params ) = _args @_, "string";
824
825					$self->authenticated_encrypt_string( %params );
826					}
827
828					sub mac_tamper_proof_string {
829					my ( $self, %params ) = _args @_, "string";
830
831					my $string = delete $params{string};
832					croak "You must provide the 'string' parameter" unless defined $string;
833
834					my $hash = $self->mac_digest_string(
835					%params,
836					encode => 0,
837					string => $string,
838					);
839
840					return $self->_pack_hash_and_message( $hash, $string );
841					}
842
843					sub thaw_tamper_proof_string {
844					my ( $self, %params ) = _args @_, "string";
845
846					my $string = delete $params{string};
847					croak "You must provide the 'string' parameter" unless defined $string;
848
849					my ( $type, $message ) = $self->_unpack_tamper_proof($string);
850
851					my $method = "thaw_tamper_proof_string_$type";
852
853					my $packed = $self->$method( %params, string => $message );
854					}
855
856					sub thaw_tamper_proof {
857					my ( $self, %params ) = _args @_, "string";
858					my $packed = $self->thaw_tamper_proof_string(%params);
859					$self->unpack_data(%params, data => $packed);
860					}
861
862					sub thaw_tamper_proof_string_aead {
863					my ( $self, %params ) = _args @_, "string";
864
865					$self->authenticated_decrypt_string( %params );
866					}
867
868					sub thaw_tamper_proof_string_mac {
869					my ( $self, %params ) = _args @_, "string";
870
871					my $hashed_packed = delete $params{string};
872					croak "You must provide the 'string' parameter" unless defined $hashed_packed;
873
874					my ( $hash, $packed ) = $self->_unpack_hash_and_message( $hashed_packed );
875
876					return unless $self->verify_mac(
877					fatal => 1,
878					%params,
879					hash => $hash,
880					decode => 0,
881					string => $packed,
882					);
883
884					return $packed;
885					}
886
887					sub _packed_string_version_check {
888					my ( $self, $version ) = @_;
889
890					croak "Incompatible packed string (I'm version $PACK_FORMAT_VERSION, thawing version $version)"
891					unless $version == $PACK_FORMAT_VERSION;
892					}
893
894					use tt;
895					[% FOR f IN ["en","de"] %]
896					sub [% f %]code_string {
897					my ( $self, %params ) = _args @_, "string";
898
899					my $string = delete $params{string};
900					croak "You must provide the 'string' parameter" unless defined $string;
901
902					$self->_process_params( \%params, qw/
903					encoding
904					/);
905
906					my $encoding = delete $params{encoding};
907					croak "Encoding method must be an encoding name" unless $encoding;
908					my $method = "[% f %]code_string_$encoding";
909					croak "Encoding method $encoding is not supported" unless $self->can($method);
910
911					$self->$method($string);
912					}
913					[% END %]
914					no tt;
915
916					sub encode_string_hex {
917					my ( $self, $string ) = @_;
918					unpack("H*", $string);
919					}
920
921					sub decode_string_hex {
922					my ( $self, $hex ) = @_;
923					pack("H*", $hex );
924					}
925
926					sub encode_string_base64 {
927					my ( $self, $string ) = @_;
928					require MIME::Base64;
929					MIME::Base64::encode_base64($string, "");
930					}
931
932					sub encode_string_base64_wrapped {
933					my ( $self, $string ) = @_;
934					require MIME::Base64;
935					MIME::Base64::encode_base64($string);
936					}
937
938					sub decode_string_base64 {
939					my ( $self, $base64 ) = @_;
940					require MIME::Base64;
941					MIME::Base64::decode_base64($base64);
942					}
943
944					# http://www.dev411.com/blog/2006/10/02/encoding-hashed-uids-base64-vs-hex-vs-base32
945					sub encode_string_uri_base64 {
946					my ( $self, $string ) = @_;
947					require MIME::Base64::URLSafe;
948					MIME::Base64::URLSafe::encode($string);
949					}
950
951					sub decode_string_uri_base64 {
952					my ( $self, $base64 ) = @_;
953					require MIME::Base64::URLSafe;
954					MIME::Base64::URLSafe::decode($base64);
955					}
956
957					sub encode_string_base32 {
958					my ( $self, $string ) = @_;
959					require MIME::Base32;
960					MIME::Base32::encode_rfc3548($string);
961					}
962
963					sub decode_string_base32 {
964					my ( $self, $base32 ) = @_;
965					require MIME::Base32;
966					MIME::Base32::decode_rfc3548(uc($base32));
967					}
968
969					sub encode_string_uri_escape {
970					my ( $self, $string ) = @_;
971					require URI::Escape;
972					URI::Escape::uri_escape($string);
973					}
974
975					sub decode_string_uri_escape {
976					my ( $self, $uri_escaped ) = @_;
977					require URI::Escape;
978					URI::Escape::uri_unescape($uri_escaped);
979					}
980
981					use tt;
982					[% FOR symbolic_encoding IN ["uri", "alphanumerical", "printable"] %]
983					[% FOR f IN ["en", "de"] %]
984					sub [% f %]code_string_[% symbolic_encoding %] {
985					my ( $self, $string ) = @_;
986					my $encoding = $self->_process_param("[% symbolic_encoding %]_encoding");
987					$self->[% f %]code_string( string => $string, encoding => $encoding );
988					}
989					[% END %]
990					[% END %]
991					no tt;
992
993					sub exported_instance {
994					my $self = shift;
995					return $self;
996					}
997
998					sub __curry_instance {
999					my ($class, $method_name, undef, $col) = @_;
1000
1001					my $self = $col->{instance} \|\|= $class->__curry_flavoured_instance($col);
1002
1003					sub { $self->$method_name(@_) };
1004					}
1005
1006					sub __curry_flavoured_instance {
1007					my ( $class, $col ) = @_;
1008
1009					my %params; @params{ map { "default_$_" } keys %{ $col->{defaults} } } = values %{ $col->{defaults} };
1010
1011					$class->new( \%params );
1012					}
1013
1014					__PACKAGE__;
1015
1016					__END__
1017
1018					=pod
1019
1020					=head1 NAME
1021
1022					Crypt::Util - A lightweight Crypt/Digest convenience API
1023
1024					=head1 SYNOPSIS
1025
1026					use Crypt::Util; # also has a Sub::Exporter to return functions wrapping a default instance
1027
1028					my $util = Crypt::Util->new;
1029
1030					$util->default_key("my secret");
1031
1032					# MAC or cipher+digest based tamper resistent encapsulation
1033					# (uses Storable on $data if necessary)
1034					my $tamper_resistent_string = $util->tamper_proof( $data );
1035
1036					my $verified = $util->thaw_tamper_proof( $untrusted_string, key => "another secret" );
1037
1038					# If the encoding is unspecified, base32 is used
1039					# (hex if base32 is unavailable)
1040					my $encoded = $util->encode_string( $bytes );
1041
1042					my $hash = $util->digest( $bytes, digest => "md5" );
1043
1044					die "baaaad" unless $util->verify_hash(
1045					hash => $hash,
1046					data => $bytes,
1047					digest => "md5",
1048					);
1049
1050
1051					=head1 DESCRIPTION
1052
1053					This module provides an easy, intuitive and forgiving API for wielding
1054					crypto-fu.
1055
1056					The API is designed as a cascade, with rich features built using simpler ones.
1057					this means that the option processing is uniform throughout, and the behaviors
1058					are generally predictable.
1059
1060					Note that L<Crypt::Util> doesn't do any crypto on its own, but delegates the
1061					actual work to the various other crypto modules on the CPAN. L<Crypt::Util>
1062					merely wraps these modules, providing uniform parameters, and building on top
1063					of their polymorphism with higher level features.
1064
1065					=head2 Priorities
1066
1067					=over 4
1068
1069					=item Ease of use
1070
1071					This module is designed to have an easy API to allow easy but responsible
1072					use of the more low level Crypt:: and Digest:: modules on CPAN. Therefore,
1073					patches to improve ease-of-use are very welcome.
1074
1075					=item Pluggability
1076
1077					Dependency hell is avoided using a fallback mechanism that tries to choose an
1078					algorithm based on an overridable list.
1079
1080					For "simple" use install Crypt::Util and your favourite digest, cipher and
1081					cipher mode (CBC, CFB, etc).
1082
1083					To ensure predictable behavior the fallback behavior can be disabled as necessary.
1084
1085					=back
1086
1087					=head2 Interoperability
1088
1089					To ensure that your hashes and strings are compatible with L<Crypt::Util>
1090					deployments on other machines (where different Crypt/Digest modules are
1091					available, etc) you should use C<disable_fallback>.
1092
1093					Then either set the default ciphers, or always explicitly state the cipher.
1094
1095					If you are only encrypting and decrypting with the same installation, and new
1096					cryptographic modules are not being installed, the hashes/ciphertexts should be
1097					compatible without disabling fallback.
1098
1099					=head1 EXPORTED API
1100
1101					B<NOTE>: nothing is exported by default.
1102
1103					L<Crypt::Util> also presents an optional exported api using L<Sub::Exporter>.
1104
1105					Unlike typical exported APIs, there is no class level default instance shared
1106					by all the importers, but instead every importer gets its own instance.
1107
1108					For example:
1109
1110					package A;
1111					use Crypt::Util qw/:all/;
1112
1113					default_key("moose");
1114					my $ciphertext = encrypt_string($plain);
1115
1116
1117					package B;
1118					use Crypt::Util qw/:all/;
1119
1120					default_key("elk");
1121					my $ciphertext = encrypt_string($plain);
1122
1123					In this example every importing package has its own implicit instance, and the
1124					C<default_key> function will in fact not share the value.
1125
1126					You can get the instance using the C<exported_instance> function, which is just
1127					the identity method.
1128
1129					The export tags supported are: C<crypt> (encryption and tamper proofing related
1130					functions), C<digest> (digest and MAC related functions), C<encoding> (various
1131					encoding and decoding functions), and C<params> which give you functions for
1132					handling default values.
1133
1134					=head1 METHODS
1135
1136					=over 4
1137
1138					=item tamper_proof( [ $data ], %params )
1139
1140					=item thaw_tamper_proof( [ $string ], %params )
1141
1142					=item tamper_proof_string( $string, %params )
1143
1144					=item thaw_tamper_proof_string( $string, %params )
1145
1146					=item aead_tamper_proof_string( [ $string ], %params )
1147
1148					=item mac_tamper_proof_string( [ $string ], %params )
1149
1150					The C<tamper_proof> method is in an intermittent state, in that the C<data>
1151					parameter's API is not completely finalized.
1152
1153					It is safer to use C<tamper_proof_string>; its API is expected to remain the
1154					same in future versions as well.
1155
1156					See L</TODO> for more information about the data types that will be supported
1157					in the future.
1158
1159					When thawing, the C<authenticated_decrypt_string> or C<verify_mac> methods will
1160					be used, with C<fatal> defaulting to on unless explicitly disabled in the
1161					parameters.
1162
1163					=over 4
1164
1165					This method accepts the following parameters:
1166
1167					=item * encrypt
1168
1169					By default this parameter is true, unless C<default_tamper_proof_unencrypted()>,
1170					has been enabled.
1171
1172					A true value implies that all the parameters
1173					which are available to C<authenticated_encrypt_string()> are also available.
1174					If a negative value is specified, MAC mode is used, and the additional
1175					parameters of C<mac_digest_string()> may also be specified to this method.
1176
1177					=item * data
1178
1179					The data to encrypt. If this is a reference L<Storable> will be used to
1180					serialize the data.
1181
1182					See C<pack_data> for details.
1183
1184					=back
1185
1186					If the string is encrypted then all the parameters of C<encrypt_string> and
1187					C<digest_string> are also available.
1188
1189					If the string is not encrypted, then all the parameters of C<mac_digest_string>
1190					are also available.
1191
1192					=item encrypt_string( [ $string ], %params )
1193
1194					=item decrypt_string( [ $string ], %params )
1195
1196					=item authenticated_encrypt_string( [ $string ], %params )
1197
1198					=item authenticated_decrypt_string( [ $string ], %params )
1199
1200					All of the parameters which may be supplied to C<process_key()>,
1201					C<cipher_object> and C<maybe_encode> are also available to these methods.
1202
1203					The C<authenticated> variants ensure that an authenticated encryption mode
1204					(such as EAX) is used.
1205
1206					The following parameters may be used:
1207
1208					=over 4
1209
1210					=item * string
1211
1212					The string to be en/decrypted can either be supplied first, creating an odd
1213					number of arguments, or as a named parameter.
1214
1215					=item * nonce
1216
1217					The cryptographic nonce to use. Only necessary for encryption, will be packed
1218					in the string as part of the message if applicable.
1219
1220					=item * header
1221
1222					Not yet supported.
1223
1224					In the future this will include a header for AEAD (the "associated data" bit of
1225					AEAD).
1226
1227					=back
1228
1229					=item process_key( [ $key ], %params )
1230
1231					The following arguments may be specified:
1232
1233					=over 4
1234
1235					=item * literal_key
1236
1237					This disables mungung. See also C<default_use_literal_key>.
1238
1239					=item * key_size
1240
1241					Can be used to force a key size, even if the cipher specifies another size.
1242
1243					If not specified, the key size chosen will depend
1244
1245					=item * cipher
1246
1247					Used to determine the key size.
1248
1249					=back
1250
1251					=item process_nonce( [ $nonce ], %params )
1252
1253					If a nonce is explicitly specified this method returns that, and otherwise uses
1254					L<Data::GUID> to generate a unique binary string for use as a nonce/IV.
1255
1256					=item pack_data( [ $data ], %params )
1257
1258					=item unpack_data( [ $data ], %params )
1259
1260					Uses L<Storable> and C<pack> to create a string out of data.
1261
1262					L<MooseX::Storage> support will be added in the future.
1263
1264					The format itself is versioned in order to facilitate future proofing and
1265					backwards compatibility.
1266
1267					Note that it is not safe to call C<unpack_data> on an untrusted string, use
1268					C<thaw_tamper_proof> instead (it will authenticate the data and only then
1269					perform the potentially unsafe routines).
1270
1271					=item cipher_object( %params )
1272
1273					Available parameters are:
1274
1275					=over 4
1276
1277					=item * cipher
1278
1279					The cipher algorithm to use, e.g. C<Rijndael>, C<Twofish> etc.
1280
1281					=item * mode
1282
1283					The mode of operation. This can be real (C<cbc>, C<cfb>, C<ctr>, C<ofb>,
1284					C<eax>) or symbolic (C<authenticated>, C<block>, C<stream>).
1285
1286					See L<http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation> for an
1287					explanation of this.
1288
1289					=back
1290
1291					=item cipher_object_eax( %params )
1292
1293					Used by C<cipher_object> but accepts additional parameters:
1294
1295					=over 4
1296
1297					=item * nonce
1298
1299					The nonce is a value that should be unique in order to protect against replay
1300					attacks. It also ensures that the same plain text with the same key will
1301					produce different ciphertexts.
1302
1303					The nonce is not included in the output ciphertext. See
1304					C<authenticated_encrypt_string> for a convenience method that does include the
1305					nonce.
1306
1307					=item * header
1308
1309					This is additional data to authenticate but not encrypt.
1310
1311					See L<Crypt::EAX> for more details.
1312
1313					The header will not be included in the output ciphertext.
1314
1315					=back
1316
1317					=item digest_string( [ $string ], %params )
1318
1319					Delegates to C<digest_object>. All parameters which can be used by
1320					C<digest_object> may also be used here.
1321
1322					The following arguments are available:
1323
1324					=over 4
1325
1326					=item * string
1327
1328					The string to be digested can either be supplied first, creating an odd
1329					number of arguments, or as a named parameter.
1330
1331					=back
1332
1333					=item verify_digest( %params )
1334
1335					Delegates to C<digest_object>. All parameters which can be used by
1336					C<digest_object> may also be used here.
1337
1338					The following parameters are accepted:
1339
1340					=over 4
1341
1342					=item * hash
1343
1344					A string containing the hash to verify.
1345
1346					=item * string
1347
1348					The digested string.
1349
1350					=item * fatal
1351
1352					If true, errors will be fatal. The default is false, which means that
1353					failures will return undef.
1354
1355					=back
1356
1357					In addition, the parameters which can be supplied to C<digest_string()>
1358					may also be supplied to this method.
1359
1360					=item digest_object( %params )
1361
1362					=over 4
1363
1364					=item * digest
1365
1366					The digest algorithm to use.
1367
1368					=back
1369
1370					Returns an object using L<Digest>.
1371
1372					=item encode_string( [ $string ], %params )
1373
1374					=item decode_string( [ $string ], %params )
1375
1376					The following parameters are accepted:
1377
1378					=over 4
1379
1380					=item * encoding
1381
1382					The encoding may be a symbolic type (uri, printable) or a concrete type
1383					(none, hex, base64, base32).
1384
1385					=back
1386
1387					=item mac_digest_string( [ $string ], %param )
1388
1389					Delegates to C<mac_object>. All parameters which can be used by C<mac_object>
1390					may also be used here.
1391
1392					=over 4
1393
1394					=item * string
1395
1396					=back
1397
1398					=item verify_mac( %params )
1399
1400					Delegates to C<mac_object>. All parameters which can be used by C<mac_object>
1401					may also be used here.
1402
1403					The following additional arguments are allowed:
1404
1405					=over 4
1406
1407					=item * hash
1408
1409					The MAC string to verify.
1410
1411					=item * string
1412
1413					The digested string.
1414
1415					=item * fatal
1416
1417					If true, errors will be fatal. The default is false, which means that
1418					failures will return undef.
1419
1420					=back
1421
1422					=item mac_object( %params )
1423
1424					=over 4
1425
1426					=item * mac
1427
1428					The MAC algorithm to use. Currently C<hmac> and C<cmac> are supported.
1429
1430					=back
1431
1432					=item maybe_encode
1433
1434					=item maybe_decode
1435
1436					This method has no external API but is documented for the sake of its shared
1437					options.
1438
1439					It is delegated to by the various encryption and digest method.
1440
1441					=over 4
1442
1443					=item * encode
1444
1445					Expects a bool.
1446
1447					=item * encoding
1448
1449					Expects an algorithm name (symbolic (e.g. C<uri>, C<alphanumeric>), or concrete
1450					(e.g. C<base64>, C<hex>)).
1451
1452					=back
1453
1454					If C<encode> is explicitly supplied it will always determine whether or not the
1455					string will be encoded. Otherwise, if C<encoding> is explicitly supplied then
1456					the string will always be encoded using the specified algorithm. If neither is
1457					supplied C<default_encode> will be checked to determine whether or not to
1458					encode, and C<default_encoding> or C<fallback_encoding> will be used to
1459					determine the algorithm to use (see L</HANDLING OF DEFAULT VALUES>).
1460
1461					=item encode_string_alphanumerical( $string )
1462
1463					=item decode_string_alphanumerical( $string )
1464
1465					=item encode_string_uri( $string )
1466
1467					=item decode_string_uri( $string )
1468
1469					=item encode_string_printable( $string )
1470
1471					=item decode_string_printable( $string )
1472
1473					The above methods encode based on a fallback list (see L</HANDLING OF DEFAULT VALUES>).
1474
1475					The variations denote types of formats: C<alphanumerical> is letters and
1476					numbers only (case insensitive), C<uri> is safe for inclusions in URIs (without
1477					further escaping), and C<printable> contains no control characters or
1478					whitespace.
1479
1480					=item encode_string_hex( $string )
1481
1482					=item decode_string_hex( $string )
1483
1484					Big endian hexadecimal (C<H*> pack format).
1485
1486					=item encode_string_uri_escape( $string )
1487
1488					=item decode_string_uri_escape( $string )
1489
1490					L<URI::Escape> based encoding.
1491
1492					=item encode_string_base64( $string )
1493
1494					=item decode_string_base64( $string )
1495
1496					=item encode_string_base64_wrapped( $string )
1497
1498					Requires L<MIME::Base64>.
1499
1500					The C<wrapped> variant will introduce line breaks as per the L<MIME::Base64>
1501					default>.
1502
1503					=item encode_string_uri_base64
1504
1505					=item decode_string_uri_base64
1506
1507					Requires L<MIME::Base64>.
1508
1509					Implements the Base64 for URIs. See
1510					L<http://en.wikipedia.org/wiki/Base64#URL_Applications>.
1511
1512					=item encode_string_base32( $string )
1513
1514					=item decode_string_base32( $string )
1515
1516					Requires L<MIME::Base32>.
1517
1518					(note- unlike L<MIME::Base32> this is case insensitive).
1519
1520					=head1 HANDLING OF DEFAULT VALUES
1521
1522					=over 4
1523
1524					=item disable_fallback()
1525
1526					When true only the first item from the fallback list will be tried, and if it
1527					can't be loaded there will be a fatal error.
1528
1529					Enable this to ensure portability.
1530
1531					=back
1532
1533					For every parameter, there are several methods, where PARAMETER is replaced
1534					with the parameter name:
1535
1536					=over 4
1537
1538					=item * default_PARAMETER()
1539
1540					This accessor is available for the user to override the default value.
1541
1542					If set to undef, then C<fallback_PARAMETER> will be consulted instead.
1543
1544					B<ALL> the default values are set to undef unless changed by the user.
1545
1546					=item * fallback_PARAMETER()
1547
1548					Iterates the C<fallback_PARAMETER_list>, choosing the first value that is
1549					usable (it's provider is available).
1550
1551					If C<disable_fallback> is set to a true value, then only the first value in the
1552					fallback list will be tried.
1553
1554					=item * fallback_PARAMETER_list()
1555
1556					An ordered list of values to try and use as fallbacks.
1557
1558					C<fallback_PARAMETER> iterates this list and chooses the first one that works.
1559
1560					=back
1561
1562					Available parameters are as follows:
1563
1564					=over 4
1565
1566					=item * cipher
1567
1568					The fallback list is
1569					C<Rijndael>, C<Serpent>, C<Twofish>, C<RC6>, C<Blowfish> and C<RC5>.
1570
1571					L<Crypt::Rijndael> is the AES winner, the next three are AES finalists, and the
1572					last two are well known and widely used.
1573
1574					=item * mode
1575
1576					The mode in which to use the cipher.
1577
1578					The fallback list is C<CFB>, C<CBC>, C<Ctr>, and C<OFB>.
1579
1580					=item digest
1581
1582					The fallback list is C<SHA-1>, C<SHA-256>, C<RIPEMD160>,
1583					C<Whirlpool>, C<MD5>, and C<Haval256>.
1584
1585					=item * encoding
1586
1587					The fallback list is C<hex> (effectively no fallback).
1588
1589					=item alphanumerical_encoding
1590
1591					The fallback list is C<base32> and C<hex>.
1592
1593					L<MIME::Base32> is required for C<base32> encoding.
1594
1595					=item * uri_encoding
1596
1597					The fallback list is C<uri_base64>.
1598
1599					=item * printable_encoding
1600
1601					The fallback list is C<base64>
1602
1603					=back
1604
1605					=head2 Defaults with no fallbacks
1606
1607					The following parameters have a C<default_> method, as described in the
1608					previous section, but the C<fallback_> methods are not applicable.
1609
1610					=over 4
1611
1612					=item * encode
1613
1614					Whether or not to encode by default (applies to digests and encryptions).
1615
1616					=item * key
1617
1618					The key to use. Useful for when you are repeatedly encrypting.
1619
1620					=item * nonce
1621
1622					The nonce/IV to use for cipher modes that require it.
1623
1624					Defaults to the empty string, but note that some methods will generate a nonce
1625					for you (e.g. C<authenticated_encrypt_string>) if none was provided.
1626
1627					=item * use_literal_key
1628
1629					Whether or not to not hash the key by default. See C<process_key>.
1630
1631					=item * tamper_proof_unencrypted
1632
1633					Whether or not tamper resistent strings are by default unencrypted (just MAC).
1634
1635					=back
1636
1637					=head2 Subclassing
1638
1639					You may safely subclass and override C<default_PARAMETER> and
1640					C<fallback_PARAMETER_list> to provide values from configurations.
1641
1642					=back
1643
1644					=head1 TODO
1645
1646					=over 4
1647
1648					=item *
1649
1650					Crypt::SaltedHash support
1651
1652					=item *
1653
1654					EMAC (maybe, the modules are not OO and require refactoring) message
1655					authentication mode
1656
1657					=item *
1658
1659					Bruce Schneier Fact Database
1660					L<http://geekz.co.uk/lovesraymond/archive/bruce-schneier-facts>.
1661
1662					L<WWW::SchneierFacts>
1663
1664					=item *
1665
1666					Entropy fetching (get N weak/strong bytes, etc) from e.g. OpenSSL bindings,
1667					/dev/*random, and EGD.
1668
1669					=item *
1670
1671					Additional data formats (streams/iterators, filehandles, generalized storable
1672					data/string handling for all methods, not just tamper_proof).
1673
1674					Streams should also be able to used via a simple push api.
1675
1676					=item *
1677
1678					IV/nonce/salt support for the various cipher modes, not just EAX (CBC, CCM, GCM, etc)
1679
1680					=item *
1681
1682					L<Crypt::Rijndael> can do its own cipher modes
1683
1684					=head1 SEE ALSO
1685
1686					L<Digest>, L<Crypt::CBC>, L<Crypt::CFB>,
1687					L<http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation>.
1688
1689					=head1 VERSION CONTROL
1690
1691					This module is maintained using Darcs. You can get the latest version from
1692					L<http://nothingmuch.woobling.org/Crypt-Util/>, and use C<darcs send> to commit
1693					changes.
1694
1695					=head1 AUTHORS
1696
1697					Yuval Kogman, E<lt>nothingmuch@woobling.orgE<gt>
1698					Ann Barcomb
1699
1700					=head1 COPYRIGHT & LICENSE
1701
1702					Copyright 2006-2008 by Yuval Kogman E<lt>nothingmuch@woobling.orgE<gt>, Ann Barcomb
1703
1704					Permission is hereby granted, free of charge, to any person obtaining a copy
1705					of this software and associated documentation files (the "Software"), to deal
1706					in the Software without restriction, including without limitation the rights
1707					to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
1708					copies of the Software, and to permit persons to whom the Software is
1709					furnished to do so, subject to the following conditions:
1710
1711					The above copyright notice and this permission notice shall be included in
1712					all copies or substantial portions of the Software.
1713
1714					THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
1715					OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
1716					FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
1717					THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
1718					LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
1719					FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
1720					DEALINGS IN THE SOFTWARE.
1721
1722					=cut