File Coverage

blib/lib/Crypt/AuthEnc/CCM.pm

Criterion	Covered	Total	%
statement	12	13	92.3
branch			n/a
condition			n/a
subroutine	4	5	80.0
pod			n/a
total	16	18	88.8

line	stmt	sub	time	code
1				package Crypt::AuthEnc::CCM;
2
3	4	4	339074	use strict;
	4		10
	4		146
4	4	4	36	use warnings;
	4		6
	4		649
5				our $VERSION = '0.089';
6
7				require Exporter; our @ISA = qw(Exporter); ### use Exporter 5.57 'import';
8				our %EXPORT_TAGS = ( all => [qw( ccm_encrypt_authenticate ccm_decrypt_verify )] );
9				our @EXPORT_OK = ( @{ $EXPORT_TAGS{'all'} } );
10				our @EXPORT = qw();
11
12	4	4	28	use Carp;
	4		6
	4		378
13				$Carp::Internal{(__PACKAGE__)}++;
14	4	4	1696	use CryptX;
	4		11
	4		507
15
16	0	0		sub CLONE_SKIP { 1 } # prevent cloning
17
18				1;
19
20				=pod
21
22				=head1 NAME
23
24				Crypt::AuthEnc::CCM - Authenticated encryption in CCM mode
25
26				=head1 SYNOPSIS
27
28				### OO interface
29				use Crypt::AuthEnc::CCM;
30
31				my $key = '...';
32				my $nonce = '...';
33				my $adata = '...';
34				my $tag_len = 16;
35				my $pt_len = 15;
36				my $expected_tag = '...';
37
38				# encrypt and authenticate
39				my $ae_enc = Crypt::AuthEnc::CCM->new("AES", $key, $nonce, $adata, $tag_len, $pt_len);
40				my $ct = $ae_enc->encrypt_add('data1');
41				$ct .= $ae_enc->encrypt_add('data2');
42				$ct .= $ae_enc->encrypt_add('data3');
43				my $tag = $ae_enc->encrypt_done();
44
45				# decrypt and verify
46				my $ae_dec = Crypt::AuthEnc::CCM->new("AES", $key, $nonce, $adata, $tag_len, $pt_len);
47				my $pt = $ae_dec->decrypt_add('ciphertext1');
48				$pt .= $ae_dec->decrypt_add('ciphertext2');
49				$pt .= $ae_dec->decrypt_add('ciphertext3');
50				my $computed_tag = $ae_dec->decrypt_done();
51				die "decrypt failed" unless $computed_tag eq $expected_tag;
52
53				#or
54				my $result = $ae_dec->decrypt_done($expected_tag); # 0 or 1
55
56				### functional interface
57				use Crypt::AuthEnc::CCM qw(ccm_encrypt_authenticate ccm_decrypt_verify);
58
59				my $key = '...';
60				my $nonce = '...';
61				my $adata = '...';
62				my $plaintext = '...';
63				my $tag_len = 16;
64
65				my ($ciphertext, $tag) = ccm_encrypt_authenticate('AES', $key, $nonce, $adata, $tag_len, $plaintext);
66				my $decrypted = ccm_decrypt_verify('AES', $key, $nonce, $adata, $ciphertext, $tag);
67
68				=head1 DESCRIPTION
69
70				CCM is an encrypt+authenticate mode that is built around using AES (or any 16-byte cipher) as a primitive.
71				Unlike EAX and OCB mode, it is only meant for packet mode where the length of the input is known in advance.
72
73				Use a fresh object per message. The OO constructor requires all per-message parameters
74				up front: key, nonce, associated data, tag length, and the exact total plaintext/ciphertext
75				length that will be processed by C / C. If you have no associated
76				data in OO mode, pass C<''>.
77
78				When verifying, C is the safer form. The no-argument form of
79				C only returns the computed tag.
80				The first C / C call finalizes the object. After that,
81				further C, C, C, and C
82				calls croak.
83
84				=head1 EXPORT
85
86				Nothing is exported by default.
87
88				You can export selected functions:
89
90				use Crypt::AuthEnc::CCM qw(ccm_encrypt_authenticate ccm_decrypt_verify);
91
92				=head1 FUNCTIONS
93
94				=head2 ccm_encrypt_authenticate
95
96				my ($ciphertext, $tag) = ccm_encrypt_authenticate($cipher, $key, $nonce, $adata, $tag_len, $plaintext);
97
98				# $cipher .. [string] 'AES' or name of any other cipher with 16-byte block len
99				# $key ..... [binary string] key of proper length (e.g. 128/192/256 bits for AES)
100				# $nonce ... [binary string] unique nonce/salt (no need to keep it secret)
101				# $adata ... [binary string] additional authenticated data (C is treated the same as C<''>)
102				# $tag_len . [integer] required length of output tag
103
104				CCM parameters should follow
105				L
106
107				# tag length: 4, 6, 8, 10, 12, 14, 16 (reasonable minimum is 8)
108				# nonce length: 7, 8, 9, 10, 11, 12, 13 (if you are not sure, use 11)
109				# BEWARE nonce length determines max. enc/dec data size: max_data_size = 2^(8*(15-nonce_len))
110
111				The functional helper normalizes out-of-range C<$tag_len> values to C<16>.
112
113				=head2 ccm_decrypt_verify
114
115				my $plaintext = ccm_decrypt_verify($cipher, $key, $nonce, $adata, $ciphertext, $tag);
116				# on error returns undef
117
118				=head1 METHODS
119
120				Unless noted otherwise, assume C<$ae> is an existing AEAD object created via
121				C, for example:
122
123				my $ae = Crypt::AuthEnc::CCM->new($cipher, $key, $nonce, $adata, $pt_len);
124
125				=head2 new
126
127				my $ae = Crypt::AuthEnc::CCM->new($cipher, $key, $nonce, $adata, $tag_len, $pt_len);
128
129				# $cipher .. [string] 'AES' or name of any other cipher with 16-byte block len
130				# $key ..... [binary string] key of proper length (e.g. 128/192/256 bits for AES)
131				# $nonce ... [binary string] unique nonce/salt (no need to keep it secret)
132				# $adata ... [binary string] additional authenticated data; must be a defined string scalar, use C<''> if none
133				# $tag_len . [integer] tag length in bytes, validated as 1..16
134				# $pt_len .. [integer] exact total plaintext/ciphertext length to encrypt/decrypt; must be >= 0
135
136				=head2 encrypt_add
137
138				Returns a binary string of ciphertext (raw bytes).
139
140				my $ciphertext = $ae->encrypt_add($data); # can be called multiple times
141
142				=head2 encrypt_done
143
144				Returns the authentication tag as a binary string (raw bytes).
145				This call finalizes the current message.
146
147				my $tag = $ae->encrypt_done; # returns $tag value
148
149				=head2 decrypt_add
150
151				Returns a binary string of plaintext (raw bytes).
152
153				my $plaintext = $ae->decrypt_add($ciphertext); # can be called multiple times
154
155				=head2 decrypt_done
156
157				Without argument returns the computed tag as a binary string. With C<$tag> argument returns C<1> (success) or C<0> (failure).
158				This call finalizes the current message.
159
160				my $tag = $ae->decrypt_done; # returns $tag value
161				#or
162				my $result = $ae->decrypt_done($tag); # returns 1 (success) or 0 (failure)
163
164				Use the C form for authentication checks. The no-argument form only
165				returns the computed tag.
166
167				=head2 clone
168
169				Returns a copy of the AEAD object in its current state.
170
171				my $ae_new = $ae->clone;
172
173				=head1 SEE ALSO
174
175				=over
176
177				=item * L, L, L, L
178
179				=item * L
180
181				=back
182
183				=cut