File Coverage

blib/lib/Crypt/AuthEnc/SIV.pm
Criterion Covered Total %
statement 12 12 100.0
branch n/a
condition n/a
subroutine 4 4 100.0
pod n/a
total 16 16 100.0


line stmt bran cond sub pod time code
1             package Crypt::AuthEnc::SIV;
2              
3 2     2   86420 use strict;
  2         3  
  2         57  
4 2     2   17 use warnings;
  2         3  
  2         205  
5             our $VERSION = '0.089';
6              
7             require Exporter; our @ISA = qw(Exporter); ### use Exporter 5.57 'import';
8             our %EXPORT_TAGS = ( all => [qw( siv_encrypt_authenticate siv_decrypt_verify )] );
9             our @EXPORT_OK = ( @{ $EXPORT_TAGS{'all'} } );
10             our @EXPORT = qw();
11              
12 2     2   9 use Carp;
  2         2  
  2         141  
13             $Carp::Internal{(__PACKAGE__)}++;
14 2     2   418 use CryptX;
  2         4  
  2         127  
15              
16             1;
17              
18             =pod
19              
20             =head1 NAME
21              
22             Crypt::AuthEnc::SIV - Authenticated encryption in SIV mode
23              
24             =head1 SYNOPSIS
25              
26             use Crypt::AuthEnc::SIV qw( siv_encrypt_authenticate siv_decrypt_verify );
27              
28             my $ciphertext = siv_encrypt_authenticate('AES', $key, $plaintext);
29             my $ciphertext = siv_encrypt_authenticate('AES', $key, $plaintext, $adata);
30             my $ciphertext = siv_encrypt_authenticate('AES', $key, $plaintext, [$ad1, $ad2, ...]);
31              
32             my $plaintext = siv_decrypt_verify('AES', $key, $ciphertext);
33             my $plaintext = siv_decrypt_verify('AES', $key, $ciphertext, $adata);
34             my $plaintext = siv_decrypt_verify('AES', $key, $ciphertext, [$ad1, $ad2, ...]); # undef on failure
35              
36             =head1 DESCRIPTION
37              
38             I
39              
40             SIV (Synthetic IV) is a deterministic authenticated encryption scheme defined in
41             L. Unlike nonce-based modes, SIV derives
42             the authentication tag (the IV) synthetically from the key, associated data, and plaintext,
43             making it nonce-misuse resistant.
44              
45             The output of C is the 16-byte SIV tag prepended to the ciphertext
46             (total output length is C).
47              
48             B SIV requires a key that is twice the length of the underlying cipher key
49             (e.g. 256 bits for AES-128-SIV, 512 bits for AES-256-SIV).
50              
51             If you pass associated data as an arrayref, at most 126 components are accepted.
52              
53             =head1 EXPORT
54              
55             Nothing is exported by default.
56              
57             You can export selected functions:
58              
59             use Crypt::AuthEnc::SIV qw( siv_encrypt_authenticate siv_decrypt_verify );
60              
61             =head1 FUNCTIONS
62              
63             =head2 siv_encrypt_authenticate
64              
65             my $ciphertext = siv_encrypt_authenticate($cipher, $key, $plaintext);
66             #or
67             my $ciphertext = siv_encrypt_authenticate($cipher, $key, $plaintext, $adata);
68             #or
69             my $ciphertext = siv_encrypt_authenticate($cipher, $key, $plaintext, [$ad1, $ad2, ...]);
70              
71             # $cipher ... [string] cipher name (e.g. 'AES')
72             # $key ... [binary string] key (must be double the cipher's standard key length)
73             # $plaintext ... [binary string] plaintext to encrypt
74             # $adata ... [binary string | arrayref] optional associated data: a scalar string or an arrayref of up to 126 string/buffer scalars
75              
76             Returns a string of C bytes (16-byte SIV tag prepended to ciphertext).
77              
78             The required C<$key> and C<$plaintext> arguments must be string/buffer scalars.
79             If C<$adata> is given as a scalar, it must also be a string/buffer scalar. If
80             it is given as an arrayref, each defined element must be a string/buffer scalar.
81             String-overloaded objects are accepted.
82              
83             =head2 siv_decrypt_verify
84              
85             my $plaintext = siv_decrypt_verify($cipher, $key, $ciphertext);
86             #or
87             my $plaintext = siv_decrypt_verify($cipher, $key, $ciphertext, $adata);
88             #or
89             my $plaintext = siv_decrypt_verify($cipher, $key, $ciphertext, [$ad1, $ad2, ...]);
90              
91             # $cipher ... [string] cipher name (e.g. 'AES')
92             # $key ... [binary string] key (must be double the cipher's standard key length)
93             # $ciphertext ... [binary string] ciphertext with 16-byte SIV tag prepended
94             # $adata ... [binary string | arrayref] optional associated data: a scalar string or an arrayref of up to 126 string/buffer scalars
95              
96             Returns the plaintext on success, or C if authentication fails.
97             Malformed ciphertext shorter than 16 bytes croaks because it cannot contain the required
98             prepended SIV tag.
99              
100             The required C<$key> and C<$ciphertext> arguments must be string/buffer
101             scalars. If C<$adata> is given as a scalar, it must also be a
102             string/buffer scalar. If it is given as an arrayref, each defined element
103             must be a string/buffer scalar. String-overloaded objects are accepted.
104              
105             =head1 SEE ALSO
106              
107             =over
108              
109             =item * L, L, L
110              
111             =item * L
112              
113             =back
114              
115             =cut