File Coverage

blib/lib/CryptX.pm

Criterion	Covered	Total	%
statement	16	21	76.1
branch	3	10	30.0
condition	1	3	33.3
subroutine	5	7	71.4
pod			n/a
total	25	41	60.9

line	stmt	bran	cond	sub	time	code
1						package CryptX;
2
3	156			156	1061	use strict;
	156				330
	156				5688
4	156			156	744	use warnings ;
	156				282
	156				12611
5						our $VERSION = '0.089_001';
6
7						require XSLoader;
8						XSLoader::load('CryptX', $VERSION);
9
10	156			156	1043	use Carp;
	156				305
	156				15182
11						my $has_json;
12
13						BEGIN {
14	156	50		156	739	$has_json = 1 if eval { require JSON; 1 };
	156				74787
	0				0
15						}
16
17						sub _croak {
18	46	50	33	46	332	die @_ if ref $_[0] \|\| !$_[-1];
19	46	50			394	if ($_[-1] =~ /^(.*)( at .+ line .+\n$)/s) {
20	46				93	pop @_;
21	46				144	push @_, $1;
22						}
23	46				7501	die Carp::shortmess @_;
24						}
25
26						sub _decode_json {
27	0	0		0		croak "FATAL: cannot find JSON module" if !$has_json;
28	0					return JSON->new->utf8->decode(shift);
29						}
30
31						sub _encode_json {
32	0	0		0		croak "FATAL: cannot find JSON module" if !$has_json;
33	0					return JSON->new->utf8->canonical->encode(shift);
34						}
35
36						1;
37
38						=pod
39
40						=head1 NAME
41
42						CryptX - Cryptographic toolkit
43
44						=head1 SYNOPSIS
45
46						CryptX is the distribution entry point. In normal code, load one of the concrete modules listed below.
47
48						## one-shot hashing
49						use Crypt::Digest qw(digest_data_hex);
50						my $sha256 = digest_data_hex('SHA256', 'hello world');
51
52						## classic AES-CBC encryption with padding
53						use Crypt::Mode::CBC;
54						my $cbc = Crypt::Mode::CBC->new('AES');
55						my $iv = random_bytes(16); # 16-byte AES block-size IV
56						my $cbc_ciphertext = $cbc->encrypt('hello world', $key, $iv);
57
58						## authenticated encryption (AEAD) with AES
59						use Crypt::AuthEnc::GCM qw(gcm_encrypt_authenticate);
60						my $key = random_bytes(32); # 32-byte AES-256 key
61						my $nonce = random_bytes(12); # 12-byte unique nonce
62						my ($ciphertext, $tag) = gcm_encrypt_authenticate('AES', $key, $nonce, 'header', 'hello world');
63
64						## message authentication
65						use Crypt::Mac::HMAC qw(hmac_hex);
66						my $mac = hmac_hex('SHA256', $key, 'hello world');
67
68						## secure random data + UUID helpers
69						use Crypt::PRNG qw(random_bytes random_string);
70						use Crypt::Misc qw(random_v4uuid random_v7uuid);
71						my $salt = random_bytes(16);
72						my $token = random_string(24);
73						my $uuid4 = random_v4uuid();
74						my $uuid7 = random_v7uuid();
75
76						## classic password-based key derivation
77						use Crypt::KeyDerivation qw(pbkdf2);
78						my $dk = pbkdf2('password', $salt, 100_000, 'SHA256', 32);
79
80						## bare stream cipher (authenticate separately)
81						use Crypt::Stream::ChaCha;
82						my $stream = Crypt::Stream::ChaCha->new($key, $nonce);
83						my $stream_ciphertext = $stream->crypt('hello world');
84
85						## modern signatures
86						use Crypt::PK::Ed25519;
87						my $signer = Crypt::PK::Ed25519->new->generate_key;
88						my $sig = $signer->sign_message('hello world');
89						my $ok = $signer->verify_message($sig, 'hello world');
90
91						## key agreement
92						use Crypt::PK::X25519;
93						my $alice = Crypt::PK::X25519->new->generate_key;
94						my $bob = Crypt::PK::X25519->new->generate_key;
95						my $shared_secret = $alice->shared_secret($bob);
96
97						=head1 DESCRIPTION
98
99						Perl cryptographic modules built on the bundled L library.
100						The distribution also includes L, a L backend
101						built on the bundled L library
102						used internally by LibTomCrypt.
103
104						This module mainly serves as the top-level distribution/documentation page. For actual work,
105						use one of the concrete modules listed below.
106
107						=head2 Algorithm Selection Guide
108
109						=head3 Authenticated Encryption (AEAD)
110
111						For new designs, prefer authenticated encryption (AEAD) over bare cipher modes:
112
113						=over
114
115						=item * B (L) - Fast, constant-time,
116						widely deployed (TLS 1.3, WireGuard, SSH). Use this as the default AEAD choice.
117
118						=item * B (L) - Extended 24-byte nonce
119						variant. Prefer over ChaCha20-Poly1305 when nonces are generated randomly.
120
121						=item * B (L) - The standard AEAD mode for AES. Hardware-accelerated
122						on modern CPUs. Requires unique nonces; nonce reuse breaks the security entirely.
123
124						=item * B (L) - Deterministic AEAD, nonce-misuse resistant.
125						Slightly slower but safer when nonce uniqueness cannot be guaranteed.
126
127						=item * B (L) - Nonce-misuse-resistant AEAD (RFC 8452).
128						Faster than AES-SIV; pick this when you need GCM-like performance with nonce-reuse safety.
129
130						=item * B (L) - Very fast single-pass AEAD. Check patent status
131						for your jurisdiction.
132
133						=item * B (L) - Two-pass AEAD based on CTR+OMAC. No patents,
134						no nonce-length restrictions.
135
136						=item * B (L) - Used in WiFi (WPA2) and Bluetooth. Requires
137						knowing the plaintext length in advance.
138
139						=back
140
141						=head3 Cryptographically Secure Randomness and UUIDs
142
143						=over
144
145						=item * B (L) - Use this for salts, keys, nonces, tokens,
146						and any other secret random values. The functional helpers
147						C, C, C, C,
148						C, and C cover most use cases. The OO API
149						and the algorithm-specific wrappers (L, L, etc.)
150						are mainly for deterministic streams or interoperability with a specific PRNG.
151
152						=item * B (L, L) - Use C
153						for opaque random identifiers. Use C when you want roughly time-ordered identifiers
154						that sort by creation time at millisecond granularity. UUIDs are identifiers, not replacements for
155						secret random bytes.
156
157						=back
158
159						=head3 Stream Ciphers
160
161						Stream ciphers encrypt data byte-by-byte without block padding. For most
162						applications prefer an AEAD mode (see above) which bundles encryption with
163						authentication. Use bare stream ciphers only when you handle authentication
164						separately.
165
166						=over
167
168						=item * B (L) - The default stream cipher choice.
169						Same core as ChaCha20-Poly1305 without the built-in MAC.
170
171						=item * B (L) - Extended 24-byte nonce variant of ChaCha.
172						Prefer when nonces are generated randomly.
173
174						=item * B / B (L, L) -
175						Predecessor of ChaCha. Prefer ChaCha for new designs; Salsa20 only for
176						interoperability (e.g. NaCl/libsodium).
177
178						=item * B (L) - B Provided for
179						legacy interoperability only.
180
181						=item * B, B, B (L, L, L) -
182						Niche ciphers from the eSTREAM portfolio. Use ChaCha unless a specific protocol requires one of these.
183
184						=back
185
186						=head3 Block Cipher Modes (without authentication)
187
188						Use these only when authentication is handled separately or not needed:
189
190						=over
191
192						=item * B (L) - Turns a block cipher into a stream cipher. Parallelizable.
193
194						=item * B (L) - Classic mode, needs padding. Prefer CTR or an AEAD mode.
195
196						=item * B (L) - B Each block encrypted independently.
197
198						=back
199
200						The individual L, L, etc. modules implement
201						raw single-block encryption and are rarely used directly. In almost all cases you should
202						use them through an AEAD mode (L, L) or a block
203						cipher mode (L, L) instead. When choosing a cipher,
204						B is the default; it is hardware-accelerated on most modern CPUs.
205
206						=head3 Hash Functions
207
208						=over
209
210						=item * B / B / B (L, etc.) - The default
211						choice for general hashing. Widely supported and well analyzed.
212
213						=item * B / B (L, etc.) - Alternative to SHA-2
214						with a completely different construction (Keccak sponge).
215
216						=item * B / B (L, etc.) - Very fast, especially
217						in software. BLAKE2b for 64-bit platforms, BLAKE2s for 32-bit.
218
219						=item * B / B / B - Extendable-output functions (XOFs).
220						Use when you need variable-length output.
221
222						=back
223
224						=head3 Checksums
225
226						Use L and L only for
227						non-adversarial integrity checks such as accidental corruption detection.
228						They are not cryptographic integrity or authenticity mechanisms. For
229						cryptographic use, prefer L, L, or an AEAD mode
230						from L.
231
232						=head3 Message Authentication Codes
233
234						=over
235
236						=item * B (L) - The standard MAC construction. Works with any hash.
237						Use HMAC-SHA256 as the default.
238
239						=item * B (L) - One-time MAC, very fast. Used as part of
240						ChaCha20-Poly1305. Requires a unique key per message.
241
242						=item * B (L) - Keyed BLAKE2. Faster than HMAC-SHA256 in
243						software.
244
245						=item * B (L) - Block-cipher-based MAC. Use when you already
246						have AES but not a hash function.
247
248						=back
249
250						=head3 Public-Key Cryptography
251
252						=over
253
254						=item * B (L) - Modern digital signatures. Fast, constant-time,
255						small keys/signatures. The default choice for new signature schemes.
256
257						=item * B (L) - Higher security margin than Ed25519 (~224-bit vs ~128-bit).
258
259						=item * B (L) - Elliptic-curve Diffie-Hellman key agreement. The
260						default choice for key exchange.
261
262						=item * B (L) - Higher security margin than X25519.
263
264						=item * B (L) - Widely used (TLS, Bitcoin). Prefer Ed25519 for new
265						designs unless ECDSA is required for interoperability.
266
267						=item * B (L) - Legacy but very widely used. Use 2048-bit keys minimum, 4096-bit
268						preferred. Prefer OAEP for encryption and PSS for signatures.
269
270						=item * B (L) - Legacy. Prefer Ed25519 or ECDSA.
271
272						=item * B (L) - Classic Diffie-Hellman. Prefer X25519 for new designs.
273
274						=back
275
276						=head3 Key Derivation / Password hashing
277
278						=over
279
280						=item * B (L) - Extract-then-expand KDF. Use for deriving
281						keys from shared secrets (e.g. after ECDH).
282
283						=item * B (L) - Memory-hard password hashing. The
284						recommended choice for password storage.
285
286						=item * B (L) - Use mainly for compatibility
287						with formats and protocols that specifically require bcrypt-based key derivation (for example
288						some OpenSSH workflows). Prefer Argon2 for new password-storage designs.
289
290						=item * B (L) - Memory-hard KDF. Use Argon2 if available.
291
292						=item * B (L) - Widely supported but CPU-only hardness.
293						Use Argon2 or Scrypt when possible.
294
295						=item * B (L, L) - Legacy
296						derivation only. Keep this for interoperability with older formats; do not use it for new designs.
297
298						=back
299
300						=head2 Error Handling
301
302						Most CryptX modules report errors by calling C (from L).
303						Invalid parameters, unsupported algorithms, wrong key sizes, malformed
304						input, and internal library failures usually croak with a descriptive
305						message. Catch exceptions with C or L.
306
307						Some validation-style helpers use a return value instead of croaking. The
308						most important examples are the C<*_decrypt_verify> functions in the
309						authenticated encryption modules C.
310						These return C when authentication fails, indicating the ciphertext was tampered with
311						or the wrong key/nonce was used. Some parser/decoder helpers in other modules
312						also return C or false for malformed input, so check the concrete
313						module POD when you need exact failure semantics.
314
315						=head2 Module Map
316
317						=over
318
319						=item * Top-level family modules
320
321						L, L, L,
322						L, L, L, L,
323						L, L, L, L
324
325						=item * Symmetric ciphers
326
327						L, L, L, L, L, L, L,
328						L, L, L, L, L, L,
329						L, L, L, L, L, L,
330						L, L, L, L, L, L,
331						L, L
332
333						=item * Block cipher modes
334
335						L, L, L, L, L
336
337						=item * Stream ciphers
338
339						L, L, L, L, L,
340						L, L, L
341
342						=item * Authenticated encryption modes
343
344						L, L, L, L, L, L, L, L
345
346						=item * Hash functions
347
348						L, L, L, L,
349						L, L, L, L,
350						L, L, L, L, L, L,
351						L, L, L, L, L, L,
352						L, L, L, L, L,
353						L, L, L, L,
354						L, L, L, L, L,
355						L, L, L
356
357						=item * Checksums
358
359						L, L
360
361						=item * Message authentication codes
362
363						L, L, L, L, L,
364						L, L, L, L, L
365
366						=item * Public-key cryptography
367
368						L, L, L, L, L, L, L, L
369
370						=item * Cryptographically secure random number generators
371
372						L, L, L, L, L
373
374						=item * Key derivation functions
375
376						L
377
378						=item * ASN.1 parser
379
380						L
381
382						Use C only when you need custom ASN.1 / DER parsing or encoding.
383						Most common key and certificate formats are already handled by the PK modules.
384
385						=item * Miscellaneous helpers
386
387						L (base64/base32/base58 codecs, PEM helpers, constant-time compare, UUID generation, octet increment helpers, and related utility functions)
388
389						=back
390
391						=head2 Diagnostic Functions
392
393						These low-level functions expose details of the bundled LibTomCrypt build.
394						They are intended for troubleshooting and bug reports, not for regular use.
395
396						=head3 ltc_build_settings
397
398						my $str = CryptX::ltc_build_settings();
399
400						Returns a multi-line string describing every compile-time option that was
401						enabled when the bundled LibTomCrypt library was built (ciphers, hashes,
402						MACs, PK algorithms, compiler flags, etc.).
403
404						=head3 ltc_mp_name
405
406						my $name = CryptX::ltc_mp_name();
407						# e.g. "LTM" (LibTomMath)
408
409						Returns the name of the math provider back-end in use.
410
411						=head3 ltc_mp_bits_per_digit
412
413						my $bits = CryptX::ltc_mp_bits_per_digit();
414						# e.g. 60
415
416						Returns the number of bits per digit used by the math provider.
417
418						=head2 Math::BigInt backend
419
420						Part of CryptX is L, a L backend based on
421						the bundled LibTomMath library. It is separate from the cryptographic APIs
422						above, but it ships in the same distribution and uses the same big-integer
423						engine that LibTomCrypt relies on.
424
425						=head1 LICENSE
426
427						This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.
428
429						=head1 COPYRIGHT
430
431						Copyright (c) 2013-2026 DCIT, a.s. L / Karel Miko
432
433						=cut