File Coverage

blib/lib/Crypt/AuthEnc/GCM.pm

Criterion	Covered	Total	%
statement	12	13	92.3
branch			n/a
condition			n/a
subroutine	4	5	80.0
pod			n/a
total	16	18	88.8

line	stmt	sub	time	code
1				package Crypt::AuthEnc::GCM;
2
3	4	4	246340	use strict;
	4		6
	4		110
4	4	4	25	use warnings;
	4		5
	4		447
5				our $VERSION = '0.089_002';
6
7				require Exporter; our @ISA = qw(Exporter); ### use Exporter 5.57 'import';
8				our %EXPORT_TAGS = ( all => [qw( gcm_encrypt_authenticate gcm_decrypt_verify )] );
9				our @EXPORT_OK = ( @{ $EXPORT_TAGS{'all'} } );
10				our @EXPORT = qw();
11
12	4	4	19	use Carp;
	4		11
	4		287
13				$Carp::Internal{(__PACKAGE__)}++;
14	4	4	1188	use CryptX;
	4		8
	4		334
15
16	0	0		sub CLONE_SKIP { 1 } # prevent cloning
17
18				1;
19
20				=pod
21
22				=head1 NAME
23
24				Crypt::AuthEnc::GCM - Authenticated encryption in GCM mode
25
26				=head1 SYNOPSIS
27
28				### OO interface
29				use Crypt::AuthEnc::GCM;
30
31				my $key = '...';
32				my $iv = '...';
33				my $expected_tag = '...';
34
35				# encrypt and authenticate
36				my $ae_enc = Crypt::AuthEnc::GCM->new("AES", $key, $iv);
37				$ae_enc->adata_add('additional_authenticated_data1');
38				$ae_enc->adata_add('additional_authenticated_data2');
39				my $ct = $ae_enc->encrypt_add('data1');
40				$ct .= $ae_enc->encrypt_add('data2');
41				$ct .= $ae_enc->encrypt_add('data3');
42				my $tag = $ae_enc->encrypt_done();
43
44				# decrypt and verify
45				my $ae_dec = Crypt::AuthEnc::GCM->new("AES", $key, $iv);
46				$ae_dec->adata_add('additional_authenticated_data1');
47				$ae_dec->adata_add('additional_authenticated_data2');
48				my $pt = $ae_dec->decrypt_add('ciphertext1');
49				$pt .= $ae_dec->decrypt_add('ciphertext2');
50				$pt .= $ae_dec->decrypt_add('ciphertext3');
51				$ae_dec->decrypt_done($expected_tag) or die "decrypt failed"; # constant-time tag check
52
53				#or, if you need the computed tag, compare it with slow_eq from Crypt::Misc
54				#(Perl's 'eq' is not constant-time and leaks timing information)
55				my $computed_tag = $ae_dec->decrypt_done();
56				die "decrypt failed" unless Crypt::Misc::slow_eq($computed_tag, $expected_tag);
57
58				### functional interface
59				use Crypt::AuthEnc::GCM qw(gcm_encrypt_authenticate gcm_decrypt_verify);
60
61				my $key = '...';
62				my $iv = '...';
63				my $adata = '...';
64				my $plaintext = '...';
65
66				my ($ciphertext, $tag) = gcm_encrypt_authenticate('AES', $key, $iv, $adata, $plaintext);
67				my $decrypted = gcm_decrypt_verify('AES', $key, $iv, $adata, $ciphertext, $tag);
68
69				=head1 DESCRIPTION
70
71				Galois/Counter Mode (GCM) - provides encryption and authentication.
72
73				Use a fresh object per message unless you intentionally reuse the same key via C.
74				The normal call order is: C, one or more C calls, optional C calls,
75				zero or more C / C calls, then C / C.
76				The first C / C call finalizes the object. After that,
77				further C, C, C, C, C,
78				and C calls croak until you call C.
79
80				If you construct with C, you must provide the IV via C before
81				adding authenticated data or payload data. After C, start a new message with the same
82				key by supplying the IV again, and re-add AAD if needed.
83
84				When verifying, C is the safer form. The no-argument form of
85				C only returns the computed tag.
86
87				=head1 EXPORT
88
89				Nothing is exported by default.
90
91				You can export selected functions:
92
93				use Crypt::AuthEnc::GCM qw(gcm_encrypt_authenticate gcm_decrypt_verify);
94
95				=head1 FUNCTIONS
96
97				=head2 gcm_encrypt_authenticate
98
99				my ($ciphertext, $tag) = gcm_encrypt_authenticate($cipher, $key, $iv, $adata, $plaintext);
100
101				# $cipher .. [string] 'AES' or name of any other cipher with 16-byte block len
102				# $key ..... [binary string] AES key of proper length (128/192/256 bits)
103				# $iv ...... [binary string] initialization vector
104				# $adata ... [binary string] additional authenticated data
105
106				=head2 gcm_decrypt_verify
107
108				my $plaintext = gcm_decrypt_verify($cipher, $key, $iv, $adata, $ciphertext, $tag);
109				# on error returns undef
110
111				=head1 METHODS
112
113				Unless noted otherwise, assume C<$ae> is an existing AEAD object created via
114				C, for example:
115
116				my $ae = Crypt::AuthEnc::GCM->new($cipher, $key, $iv);
117
118				=head2 new
119
120				my $ae = Crypt::AuthEnc::GCM->new($cipher, $key);
121				#or
122				my $ae = Crypt::AuthEnc::GCM->new($cipher, $key, $iv);
123
124				# $cipher .. [string] 'AES' or name of any other cipher
125				# $key ..... [binary string] encryption key of proper length
126				# $iv ...... [binary string] initialization vector (optional, you can set it later via iv_add method)
127
128				=head2 iv_add
129
130				Set initialization vector (IV). Multiple calls are concatenated to form the
131				full IV (the data is appended, not replaced). Returns the object itself.
132
133				$ae->iv_add($iv_data); # can be called multiple times before AAD/payload
134
135				Call C before the first C, C, or C. If you
136				reuse the object via C, provide the IV again for the new message.
137
138				=head2 adata_add
139
140				Add B.
141				Can be called B all C calls but before the first C or C.
142				Returns the object itself (for chaining).
143
144				$ae->adata_add($aad_data); # can be called multiple times
145
146				=head2 encrypt_add
147
148				Returns a binary string of ciphertext (raw bytes).
149
150				my $ciphertext = $ae->encrypt_add($data); # can be called multiple times
151
152				=head2 encrypt_done
153
154				Returns the authentication tag as a binary string (raw bytes).
155				This call finalizes the current message.
156
157				my $tag = $ae->encrypt_done(); # returns $tag value
158
159				=head2 decrypt_add
160
161				Returns a binary string of plaintext (raw bytes).
162
163				my $plaintext = $ae->decrypt_add($ciphertext); # can be called multiple times
164
165				=head2 decrypt_done
166
167				Without argument returns the computed tag as a binary string. With C<$tag> argument returns C<1> (success) or C<0> (failure).
168				This call finalizes the current message.
169
170				my $tag = $ae->decrypt_done; # returns $tag value
171				#or
172				my $result = $ae->decrypt_done($tag); # returns 1 (success) or 0 (failure)
173
174				Use the C form for authentication checks. The no-argument form only
175				returns the computed tag.
176
177				=head2 reset
178
179				$ae->reset;
180
181				Start a new message with the same key. After C, call C again, then
182				C if needed, before processing payload data. C also clears the
183				finalized state set by C / C.
184
185				=head2 clone
186
187				Returns a copy of the AEAD object in its current state.
188
189				my $ae_new = $ae->clone;
190
191				=head1 SEE ALSO
192
193				=over
194
195				=item * L, L, L, L
196
197				=item * L
198
199				=item * L
200
201				=back
202
203				=cut