File Coverage

blib/lib/Crypt/AuthEnc/CCM.pm

Criterion	Covered	Total	%
statement	12	13	92.3
branch			n/a
condition			n/a
subroutine	4	5	80.0
pod			n/a
total	16	18	88.8

line	stmt	sub	time	code
1				package Crypt::AuthEnc::CCM;
2
3	4	4	237731	use strict;
	4		6
	4		110
4	4	4	25	use warnings;
	4		4
	4		479
5				our $VERSION = '0.089_002';
6
7				require Exporter; our @ISA = qw(Exporter); ### use Exporter 5.57 'import';
8				our %EXPORT_TAGS = ( all => [qw( ccm_encrypt_authenticate ccm_decrypt_verify )] );
9				our @EXPORT_OK = ( @{ $EXPORT_TAGS{'all'} } );
10				our @EXPORT = qw();
11
12	4	4	32	use Carp;
	4		6
	4		248
13				$Carp::Internal{(__PACKAGE__)}++;
14	4	4	1172	use CryptX;
	4		7
	4		308
15
16	0	0		sub CLONE_SKIP { 1 } # prevent cloning
17
18				1;
19
20				=pod
21
22				=head1 NAME
23
24				Crypt::AuthEnc::CCM - Authenticated encryption in CCM mode
25
26				=head1 SYNOPSIS
27
28				### OO interface
29				use Crypt::AuthEnc::CCM;
30
31				my $key = '...';
32				my $nonce = '...';
33				my $adata = '...';
34				my $tag_len = 16;
35				my $pt_len = 15;
36				my $expected_tag = '...';
37
38				# encrypt and authenticate
39				my $ae_enc = Crypt::AuthEnc::CCM->new("AES", $key, $nonce, $adata, $tag_len, $pt_len);
40				my $ct = $ae_enc->encrypt_add('data1');
41				$ct .= $ae_enc->encrypt_add('data2');
42				$ct .= $ae_enc->encrypt_add('data3');
43				my $tag = $ae_enc->encrypt_done();
44
45				# decrypt and verify
46				my $ae_dec = Crypt::AuthEnc::CCM->new("AES", $key, $nonce, $adata, $tag_len, $pt_len);
47				my $pt = $ae_dec->decrypt_add('ciphertext1');
48				$pt .= $ae_dec->decrypt_add('ciphertext2');
49				$pt .= $ae_dec->decrypt_add('ciphertext3');
50				$ae_dec->decrypt_done($expected_tag) or die "decrypt failed"; # constant-time tag check
51
52				#or, if you need the computed tag, compare it with slow_eq from Crypt::Misc
53				#(Perl's 'eq' is not constant-time and leaks timing information)
54				my $computed_tag = $ae_dec->decrypt_done();
55				die "decrypt failed" unless Crypt::Misc::slow_eq($computed_tag, $expected_tag);
56
57				### functional interface
58				use Crypt::AuthEnc::CCM qw(ccm_encrypt_authenticate ccm_decrypt_verify);
59
60				my $key = '...';
61				my $nonce = '...';
62				my $adata = '...';
63				my $plaintext = '...';
64				my $tag_len = 16;
65
66				my ($ciphertext, $tag) = ccm_encrypt_authenticate('AES', $key, $nonce, $adata, $tag_len, $plaintext);
67				my $decrypted = ccm_decrypt_verify('AES', $key, $nonce, $adata, $ciphertext, $tag);
68
69				=head1 DESCRIPTION
70
71				CCM is an encrypt+authenticate mode that is built around using AES (or any 16-byte cipher) as a primitive.
72				Unlike EAX and OCB mode, it is only meant for packet mode where the length of the input is known in advance.
73
74				Use a fresh object per message. The OO constructor requires all per-message parameters
75				up front: key, nonce, associated data, tag length, and the exact total plaintext/ciphertext
76				length that will be processed by C / C. If you have no associated
77				data in OO mode, pass C<''>.
78
79				When verifying, C is the safer form. The no-argument form of
80				C only returns the computed tag.
81				The first C / C call finalizes the object. After that,
82				further C, C, C, and C
83				calls croak.
84
85				=head1 EXPORT
86
87				Nothing is exported by default.
88
89				You can export selected functions:
90
91				use Crypt::AuthEnc::CCM qw(ccm_encrypt_authenticate ccm_decrypt_verify);
92
93				=head1 FUNCTIONS
94
95				=head2 ccm_encrypt_authenticate
96
97				my ($ciphertext, $tag) = ccm_encrypt_authenticate($cipher, $key, $nonce, $adata, $tag_len, $plaintext);
98
99				# $cipher .. [string] 'AES' or name of any other cipher with 16-byte block len
100				# $key ..... [binary string] key of proper length (e.g. 128/192/256 bits for AES)
101				# $nonce ... [binary string] unique nonce/salt (no need to keep it secret)
102				# $adata ... [binary string] additional authenticated data (C is treated the same as C<''>)
103				# $tag_len . [integer] required length of output tag
104
105				CCM parameters should follow
106				L
107
108				# tag length: 4, 6, 8, 10, 12, 14, 16 (reasonable minimum is 8)
109				# nonce length: 7, 8, 9, 10, 11, 12, 13 (if you are not sure, use 11)
110				# BEWARE nonce length determines max. enc/dec data size: max_data_size = 2^(8*(15-nonce_len))
111
112				The functional helper normalizes out-of-range C<$tag_len> values to C<16>.
113
114				=head2 ccm_decrypt_verify
115
116				my $plaintext = ccm_decrypt_verify($cipher, $key, $nonce, $adata, $ciphertext, $tag);
117				# on error returns undef
118
119				=head1 METHODS
120
121				Unless noted otherwise, assume C<$ae> is an existing AEAD object created via
122				C, for example:
123
124				my $ae = Crypt::AuthEnc::CCM->new($cipher, $key, $nonce, $adata, $pt_len);
125
126				=head2 new
127
128				my $ae = Crypt::AuthEnc::CCM->new($cipher, $key, $nonce, $adata, $tag_len, $pt_len);
129
130				# $cipher .. [string] 'AES' or name of any other cipher with 16-byte block len
131				# $key ..... [binary string] key of proper length (e.g. 128/192/256 bits for AES)
132				# $nonce ... [binary string] unique nonce/salt (no need to keep it secret)
133				# $adata ... [binary string] additional authenticated data; must be a defined string scalar, use C<''> if none
134				# $tag_len . [integer] tag length in bytes, validated as 1..16
135				# $pt_len .. [integer] exact total plaintext/ciphertext length to encrypt/decrypt; must be >= 0
136
137				=head2 encrypt_add
138
139				Returns a binary string of ciphertext (raw bytes).
140
141				my $ciphertext = $ae->encrypt_add($data); # can be called multiple times
142
143				=head2 encrypt_done
144
145				Returns the authentication tag as a binary string (raw bytes).
146				This call finalizes the current message.
147
148				my $tag = $ae->encrypt_done; # returns $tag value
149
150				=head2 decrypt_add
151
152				Returns a binary string of plaintext (raw bytes).
153
154				my $plaintext = $ae->decrypt_add($ciphertext); # can be called multiple times
155
156				=head2 decrypt_done
157
158				Without argument returns the computed tag as a binary string. With C<$tag> argument returns C<1> (success) or C<0> (failure).
159				This call finalizes the current message.
160
161				my $tag = $ae->decrypt_done; # returns $tag value
162				#or
163				my $result = $ae->decrypt_done($tag); # returns 1 (success) or 0 (failure)
164
165				Use the C form for authentication checks. The no-argument form only
166				returns the computed tag.
167
168				=head2 clone
169
170				Returns a copy of the AEAD object in its current state.
171
172				my $ae_new = $ae->clone;
173
174				=head1 SEE ALSO
175
176				=over
177
178				=item * L, L, L, L
179
180				=item * L
181
182				=back
183
184				=cut