File Coverage

blib/lib/CryptX.pm

Criterion	Covered	Total	%
statement	16	21	76.1
branch	3	10	30.0
condition	1	3	33.3
subroutine	5	7	71.4
pod			n/a
total	25	41	60.9

line	stmt	bran	cond	sub	time	code
1						package CryptX;
2
3	152			152	1656	use strict;
	152				357
	152				5629
4	152			152	720	use warnings ;
	152				280
	152				12596
5						our $VERSION = '0.089';
6
7						require XSLoader;
8						XSLoader::load('CryptX', $VERSION);
9
10	152			152	959	use Carp;
	152				257
	152				16674
11						my $has_json;
12
13						BEGIN {
14	152	50		152	601	$has_json = 1 if eval { require JSON; 1 };
	152				74867
	0				0
15						}
16
17						sub _croak {
18	46	50	33	46	261	die @_ if ref $_[0] \|\| !$_[-1];
19	46	50			300	if ($_[-1] =~ /^(.*)( at .+ line .+\n$)/s) {
20	46				72	pop @_;
21	46				116	push @_, $1;
22						}
23	46				5693	die Carp::shortmess @_;
24						}
25
26						sub _decode_json {
27	0	0		0		croak "FATAL: cannot find JSON module" if !$has_json;
28	0					return JSON->new->utf8->decode(shift);
29						}
30
31						sub _encode_json {
32	0	0		0		croak "FATAL: cannot find JSON module" if !$has_json;
33	0					return JSON->new->utf8->canonical->encode(shift);
34						}
35
36						1;
37
38						=pod
39
40						=head1 NAME
41
42						CryptX - Cryptographic toolkit
43
44						=head1 SYNOPSIS
45
46						CryptX is the distribution entry point. In normal code, load one of the concrete modules listed below.
47
48						## one-shot hashing
49						use Crypt::Digest qw(digest_data_hex);
50						my $sha256 = digest_data_hex('SHA256', 'hello world');
51
52						## classic AES-CBC encryption with padding
53						use Crypt::Mode::CBC;
54						my $cbc = Crypt::Mode::CBC->new('AES');
55						my $iv = random_bytes(16); # 16-byte AES block-size IV
56						my $cbc_ciphertext = $cbc->encrypt('hello world', $key, $iv);
57
58						## authenticated encryption (AEAD) with AES
59						use Crypt::AuthEnc::GCM qw(gcm_encrypt_authenticate);
60						my $key = random_bytes(32); # 32-byte AES-256 key
61						my $nonce = random_bytes(12); # 12-byte unique nonce
62						my ($ciphertext, $tag) = gcm_encrypt_authenticate('AES', $key, $nonce, 'header', 'hello world');
63
64						## message authentication
65						use Crypt::Mac::HMAC qw(hmac_hex);
66						my $mac = hmac_hex('SHA256', $key, 'hello world');
67
68						## secure random data + UUID helpers
69						use Crypt::PRNG qw(random_bytes random_string);
70						use Crypt::Misc qw(random_v4uuid random_v7uuid);
71						my $salt = random_bytes(16);
72						my $token = random_string(24);
73						my $uuid4 = random_v4uuid();
74						my $uuid7 = random_v7uuid();
75
76						## classic password-based key derivation
77						use Crypt::KeyDerivation qw(pbkdf2);
78						my $dk = pbkdf2('password', $salt, 100_000, 'SHA256', 32);
79
80						## bare stream cipher (authenticate separately)
81						use Crypt::Stream::ChaCha;
82						my $stream = Crypt::Stream::ChaCha->new($key, $nonce);
83						my $stream_ciphertext = $stream->crypt('hello world');
84
85						## modern signatures
86						use Crypt::PK::Ed25519;
87						my $signer = Crypt::PK::Ed25519->new->generate_key;
88						my $sig = $signer->sign_message('hello world');
89						my $ok = $signer->verify_message($sig, 'hello world');
90
91						## key agreement
92						use Crypt::PK::X25519;
93						my $alice = Crypt::PK::X25519->new->generate_key;
94						my $bob = Crypt::PK::X25519->new->generate_key;
95						my $shared_secret = $alice->shared_secret($bob);
96
97						=head1 DESCRIPTION
98
99						Perl cryptographic modules built on the bundled L library.
100						The distribution also includes L, a L backend
101						built on the bundled L library
102						used internally by LibTomCrypt.
103
104						This module mainly serves as the top-level distribution/documentation page. For actual work,
105						use one of the concrete modules listed below.
106
107						=head2 Algorithm Selection Guide
108
109						=head3 Authenticated Encryption (AEAD)
110
111						For new designs, prefer authenticated encryption (AEAD) over bare cipher modes:
112
113						=over
114
115						=item * B (L) - Fast, constant-time,
116						widely deployed (TLS 1.3, WireGuard, SSH). Use this as the default AEAD choice.
117
118						=item * B (L) - Extended 24-byte nonce
119						variant. Prefer over ChaCha20-Poly1305 when nonces are generated randomly.
120
121						=item * B (L) - The standard AEAD mode for AES. Hardware-accelerated
122						on modern CPUs. Requires unique nonces; nonce reuse breaks the security entirely.
123
124						=item * B (L) - Deterministic AEAD, nonce-misuse resistant.
125						Slightly slower but safer when nonce uniqueness cannot be guaranteed.
126
127						=item * B (L) - Very fast single-pass AEAD. Check patent status
128						for your jurisdiction.
129
130						=item * B (L) - Two-pass AEAD based on CTR+OMAC. No patents,
131						no nonce-length restrictions.
132
133						=item * B (L) - Used in WiFi (WPA2) and Bluetooth. Requires
134						knowing the plaintext length in advance.
135
136						=back
137
138						=head3 Cryptographically Secure Randomness and UUIDs
139
140						=over
141
142						=item * B (L) - Use this for salts, keys, nonces, tokens,
143						and any other secret random values. The functional helpers
144						C, C, C, C,
145						C, and C cover most use cases. The OO API
146						and the algorithm-specific wrappers (L, L, etc.)
147						are mainly for deterministic streams or interoperability with a specific PRNG.
148
149						=item * B (L, L) - Use C
150						for opaque random identifiers. Use C when you want roughly time-ordered identifiers
151						that sort by creation time at millisecond granularity. UUIDs are identifiers, not replacements for
152						secret random bytes.
153
154						=back
155
156						=head3 Stream Ciphers
157
158						Stream ciphers encrypt data byte-by-byte without block padding. For most
159						applications prefer an AEAD mode (see above) which bundles encryption with
160						authentication. Use bare stream ciphers only when you handle authentication
161						separately.
162
163						=over
164
165						=item * B (L) - The default stream cipher choice.
166						Same core as ChaCha20-Poly1305 without the built-in MAC.
167
168						=item * B (L) - Extended 24-byte nonce variant of ChaCha.
169						Prefer when nonces are generated randomly.
170
171						=item * B / B (L, L) -
172						Predecessor of ChaCha. Prefer ChaCha for new designs; Salsa20 only for
173						interoperability (e.g. NaCl/libsodium).
174
175						=item * B (L) - B Provided for
176						legacy interoperability only.
177
178						=item * B, B, B (L, L, L) -
179						Niche ciphers from the eSTREAM portfolio. Use ChaCha unless a specific protocol requires one of these.
180
181						=back
182
183						=head3 Block Cipher Modes (without authentication)
184
185						Use these only when authentication is handled separately or not needed:
186
187						=over
188
189						=item * B (L) - Turns a block cipher into a stream cipher. Parallelizable.
190
191						=item * B (L) - Classic mode, needs padding. Prefer CTR or an AEAD mode.
192
193						=item * B (L) - B Each block encrypted independently.
194
195						=back
196
197						The individual L, L, etc. modules implement
198						raw single-block encryption and are rarely used directly. In almost all cases you should
199						use them through an AEAD mode (L, L) or a block
200						cipher mode (L, L) instead. When choosing a cipher,
201						B is the default; it is hardware-accelerated on most modern CPUs.
202
203						=head3 Hash Functions
204
205						=over
206
207						=item * B / B / B (L, etc.) - The default
208						choice for general hashing. Widely supported and well analyzed.
209
210						=item * B / B (L, etc.) - Alternative to SHA-2
211						with a completely different construction (Keccak sponge).
212
213						=item * B / B (L, etc.) - Very fast, especially
214						in software. BLAKE2b for 64-bit platforms, BLAKE2s for 32-bit.
215
216						=item * B / B / B - Extendable-output functions (XOFs).
217						Use when you need variable-length output.
218
219						=back
220
221						=head3 Checksums
222
223						Use L and L only for
224						non-adversarial integrity checks such as accidental corruption detection.
225						They are not cryptographic integrity or authenticity mechanisms. For
226						cryptographic use, prefer L, L, or an AEAD mode
227						from L.
228
229						=head3 Message Authentication Codes
230
231						=over
232
233						=item * B (L) - The standard MAC construction. Works with any hash.
234						Use HMAC-SHA256 as the default.
235
236						=item * B (L) - One-time MAC, very fast. Used as part of
237						ChaCha20-Poly1305. Requires a unique key per message.
238
239						=item * B (L) - Keyed BLAKE2. Faster than HMAC-SHA256 in
240						software.
241
242						=item * B (L) - Block-cipher-based MAC. Use when you already
243						have AES but not a hash function.
244
245						=back
246
247						=head3 Public-Key Cryptography
248
249						=over
250
251						=item * B (L) - Modern digital signatures. Fast, constant-time,
252						small keys/signatures. The default choice for new signature schemes.
253
254						=item * B (L) - Higher security margin than Ed25519 (~224-bit vs ~128-bit).
255
256						=item * B (L) - Elliptic-curve Diffie-Hellman key agreement. The
257						default choice for key exchange.
258
259						=item * B (L) - Higher security margin than X25519.
260
261						=item * B (L) - Widely used (TLS, Bitcoin). Prefer Ed25519 for new
262						designs unless ECDSA is required for interoperability.
263
264						=item * B (L) - Legacy but very widely used. Use 2048-bit keys minimum, 4096-bit
265						preferred. Prefer OAEP for encryption and PSS for signatures.
266
267						=item * B (L) - Legacy. Prefer Ed25519 or ECDSA.
268
269						=item * B (L) - Classic Diffie-Hellman. Prefer X25519 for new designs.
270
271						=back
272
273						=head3 Key Derivation / Password hashing
274
275						=over
276
277						=item * B (L) - Extract-then-expand KDF. Use for deriving
278						keys from shared secrets (e.g. after ECDH).
279
280						=item * B (L) - Memory-hard password hashing. The
281						recommended choice for password storage.
282
283						=item * B (L) - Use mainly for compatibility
284						with formats and protocols that specifically require bcrypt-based key derivation (for example
285						some OpenSSH workflows). Prefer Argon2 for new password-storage designs.
286
287						=item * B (L) - Memory-hard KDF. Use Argon2 if available.
288
289						=item * B (L) - Widely supported but CPU-only hardness.
290						Use Argon2 or Scrypt when possible.
291
292						=item * B (L, L) - Legacy
293						derivation only. Keep this for interoperability with older formats; do not use it for new designs.
294
295						=back
296
297						=head2 Error Handling
298
299						Most CryptX modules report errors by calling C (from L).
300						Invalid parameters, unsupported algorithms, wrong key sizes, malformed
301						input, and internal library failures usually croak with a descriptive
302						message. Catch exceptions with C or L.
303
304						Some validation-style helpers use a return value instead of croaking. The
305						most important examples are the C<*_decrypt_verify> functions in the
306						authenticated encryption modules C.
307						These return C when authentication fails, indicating the ciphertext was tampered with
308						or the wrong key/nonce was used. Some parser/decoder helpers in other modules
309						also return C or false for malformed input, so check the concrete
310						module POD when you need exact failure semantics.
311
312						=head2 Module Map
313
314						=over
315
316						=item * Top-level family modules
317
318						L, L, L,
319						L, L, L, L,
320						L, L, L, L
321
322						=item * Symmetric ciphers
323
324						L, L, L, L, L, L,
325						L, L, L, L, L, L,
326						L, L, L, L, L, L,
327						L, L, L, L, L, L,
328						L, L
329
330						=item * Block cipher modes
331
332						L, L, L, L, L
333
334						=item * Stream ciphers
335
336						L, L, L, L, L,
337						L, L, L
338
339						=item * Authenticated encryption modes
340
341						L, L, L, L, L, L, L
342
343						=item * Hash functions
344
345						L, L, L, L,
346						L, L, L, L,
347						L, L, L, L, L, L,
348						L, L, L, L, L, L,
349						L, L, L, L, L,
350						L, L, L, L,
351						L, L, L, L, L,
352						L, L
353
354						=item * Checksums
355
356						L, L
357
358						=item * Message authentication codes
359
360						L, L, L, L, L,
361						L, L, L, L
362
363						=item * Public-key cryptography
364
365						L, L, L, L, L, L, L, L
366
367						=item * Cryptographically secure random number generators
368
369						L, L, L, L, L
370
371						=item * Key derivation functions
372
373						L
374
375						=item * ASN.1 parser
376
377						L
378
379						Use C only when you need custom ASN.1 / DER parsing or encoding.
380						Most common key and certificate formats are already handled by the PK modules.
381
382						=item * Miscellaneous helpers
383
384						L (base64/base32/base58 codecs, PEM helpers, constant-time compare, UUID generation, octet increment helpers, and related utility functions)
385
386						=back
387
388						=head2 Diagnostic Functions
389
390						These low-level functions expose details of the bundled LibTomCrypt build.
391						They are intended for troubleshooting and bug reports, not for regular use.
392
393						=head3 ltc_build_settings
394
395						my $str = CryptX::ltc_build_settings();
396
397						Returns a multi-line string describing every compile-time option that was
398						enabled when the bundled LibTomCrypt library was built (ciphers, hashes,
399						MACs, PK algorithms, compiler flags, etc.).
400
401						=head3 ltc_mp_name
402
403						my $name = CryptX::ltc_mp_name();
404						# e.g. "LTM" (LibTomMath)
405
406						Returns the name of the math provider back-end in use.
407
408						=head3 ltc_mp_bits_per_digit
409
410						my $bits = CryptX::ltc_mp_bits_per_digit();
411						# e.g. 60
412
413						Returns the number of bits per digit used by the math provider.
414
415						=head2 Math::BigInt backend
416
417						Part of CryptX is L, a L backend based on
418						the bundled LibTomMath library. It is separate from the cryptographic APIs
419						above, but it ships in the same distribution and uses the same big-integer
420						engine that LibTomCrypt relies on.
421
422						=head1 LICENSE
423
424						This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.
425
426						=head1 COPYRIGHT
427
428						Copyright (c) 2013-2026 DCIT, a.s. L / Karel Miko
429
430						=cut