File Coverage

blib/lib/Crypt/AuthEnc/EAX.pm

Criterion	Covered	Total	%
statement	13	15	86.6
branch			n/a
condition			n/a
subroutine	5	7	71.4
pod	0	2	0.0
total	18	24	75.0

line	stmt	sub	pod	time	code
1					package Crypt::AuthEnc::EAX;
2
3	4	4		222322	use strict;
	4			7
	4			152
4	4	4		27	use warnings;
	4			4
	4			583
5					our $VERSION = '0.089';
6
7					require Exporter; our @ISA = qw(Exporter); ### use Exporter 5.57 'import';
8					our %EXPORT_TAGS = ( all => [qw( eax_encrypt_authenticate eax_decrypt_verify )] );
9					our @EXPORT_OK = ( @{ $EXPORT_TAGS{'all'} } );
10					our @EXPORT = qw();
11
12	4	4		20	use Carp;
	4			5
	4			288
13					$Carp::Internal{(__PACKAGE__)}++;
14	4	4		976	use CryptX;
	4			9
	4			578
15
16					# obsolete, only for backwards compatibility
17	23	23	0	440594	sub header_add { goto &adata_add }
18	0	0	0		sub aad_add { goto &adata_add }
19
20	0	0			sub CLONE_SKIP { 1 } # prevent cloning
21
22					1;
23
24					=pod
25
26					=head1 NAME
27
28					Crypt::AuthEnc::EAX - Authenticated encryption in EAX mode
29
30					=head1 SYNOPSIS
31
32					### OO interface
33					use Crypt::AuthEnc::EAX;
34
35					my $key = '...';
36					my $nonce = '...';
37					my $expected_tag = '...';
38
39					# encrypt and authenticate
40					my $ae_enc = Crypt::AuthEnc::EAX->new("AES", $key, $nonce);
41					$ae_enc->adata_add('additional_authenticated_data1');
42					$ae_enc->adata_add('additional_authenticated_data2');
43					my $ct = $ae_enc->encrypt_add('data1');
44					$ct .= $ae_enc->encrypt_add('data2');
45					$ct .= $ae_enc->encrypt_add('data3');
46					my $tag = $ae_enc->encrypt_done();
47
48					# decrypt and verify
49					my $ae_dec = Crypt::AuthEnc::EAX->new("AES", $key, $nonce);
50					$ae_dec->adata_add('additional_authenticated_data1');
51					$ae_dec->adata_add('additional_authenticated_data2');
52					my $pt = $ae_dec->decrypt_add('ciphertext1');
53					$pt .= $ae_dec->decrypt_add('ciphertext2');
54					$pt .= $ae_dec->decrypt_add('ciphertext3');
55					my $computed_tag = $ae_dec->decrypt_done();
56					die "decrypt failed" unless $computed_tag eq $expected_tag;
57
58					#or
59					my $result = $ae_dec->decrypt_done($expected_tag); # 0 or 1
60
61					### functional interface
62					use Crypt::AuthEnc::EAX qw(eax_encrypt_authenticate eax_decrypt_verify);
63
64					my $key = '...';
65					my $nonce = '...';
66					my $adata = '...';
67					my $plaintext = '...';
68
69					my ($ciphertext, $tag) = eax_encrypt_authenticate('AES', $key, $nonce, $adata, $plaintext);
70					my $decrypted = eax_decrypt_verify('AES', $key, $nonce, $adata, $ciphertext, $tag);
71
72					=head1 DESCRIPTION
73
74					EAX is a mode that requires a cipher, CTR and OMAC support and provides encryption and authentication.
75					It is initialized with a random IV that can be shared publicly, additional authenticated data which can
76					be fixed and public, and a random secret symmetric key.
77
78					This is a stateful API. Build one message by calling, in order:
79					C, optional extra C, zero or more C or
80					C calls, then C or C.
81
82					Use a fresh object per message. The optional C<$adata> argument to C is
83					equivalent to adding initial AAD before processing any payload. When verifying,
84					C is the safer one-step form; C
85					without arguments only returns the calculated tag.
86					The first C / C call finalizes the object. After that,
87					further C, C, C, C, and
88					C calls croak.
89
90					=head1 EXPORT
91
92					Nothing is exported by default.
93
94					You can export selected functions:
95
96					use Crypt::AuthEnc::EAX qw(eax_encrypt_authenticate eax_decrypt_verify);
97
98					=head1 FUNCTIONS
99
100					=head2 eax_encrypt_authenticate
101
102					my ($ciphertext, $tag) = eax_encrypt_authenticate($cipher, $key, $nonce, $adata, $plaintext);
103
104					# $cipher .. [string] 'AES' or name of any other cipher with 16-byte block len
105					# $key ..... [binary string] AES key of proper length (128/192/256 bits)
106					# $nonce ... [binary string] unique nonce (no need to keep it secret)
107					# $adata ... [binary string] additional authenticated data
108
109					=head2 eax_decrypt_verify
110
111					my $plaintext = eax_decrypt_verify($cipher, $key, $nonce, $adata, $ciphertext, $tag);
112					# on error returns undef
113
114					=head1 METHODS
115
116					Unless noted otherwise, assume C<$ae> is an existing AEAD object created via
117					C, for example:
118
119					my $ae = Crypt::AuthEnc::EAX->new($cipher, $key, $nonce);
120
121					=head2 new
122
123					my $ae = Crypt::AuthEnc::EAX->new($cipher, $key, $nonce);
124					#or
125					my $ae = Crypt::AuthEnc::EAX->new($cipher, $key, $nonce, $adata);
126
127					# $cipher .. [string] 'AES' or name of any other cipher with 16-byte block len
128					# $key ..... [binary string] AES key of proper length (128/192/256 bits)
129					# $nonce ... [binary string] unique nonce (no need to keep it secret)
130					# $adata ... [binary string] additional authenticated data (optional)
131
132					=head2 adata_add
133
134					Can be called only before the first C or C.
135					Returns the object itself (for chaining).
136
137					$ae->adata_add($adata); # can be called multiple times
138
139					=head2 encrypt_add
140
141					Returns a binary string of ciphertext (raw bytes).
142
143					my $ciphertext = $ae->encrypt_add($data); # can be called multiple times
144
145					=head2 encrypt_done
146
147					Returns the authentication tag as a binary string (raw bytes).
148					This call finalizes the current message.
149
150					my $tag = $ae->encrypt_done(); # returns $tag value
151
152					=head2 decrypt_add
153
154					Returns a binary string of plaintext (raw bytes).
155
156					my $plaintext = $ae->decrypt_add($ciphertext); # can be called multiple times
157
158					=head2 decrypt_done
159
160					Without argument returns the computed tag as a binary string. With C<$tag> argument returns C<1> (success) or C<0> (failure).
161					This call finalizes the current message.
162
163					my $tag = $ae->decrypt_done; # returns $tag value
164					#or
165					my $result = $ae->decrypt_done($tag); # returns 1 (success) or 0 (failure)
166
167					=head2 clone
168
169					Returns a copy of the AEAD object in its current state.
170
171					my $ae_new = $ae->clone;
172
173					=head1 SEE ALSO
174
175					=over
176
177					=item * L, L, L, L
178
179					=item * L
180
181					=item * L
182
183					=back
184
185					=cut