File Coverage

blib/lib/Crypt/AuthEnc/OCB.pm

Criterion	Covered	Total	%
statement	12	15	80.0
branch			n/a
condition			n/a
subroutine	4	7	57.1
pod	1	2	50.0
total	17	24	70.8

line	stmt	sub	pod	time	code
1					package Crypt::AuthEnc::OCB;
2
3	4	4		163354	use strict;
	4			7
	4			123
4	4	4		22	use warnings;
	4			26
	4			470
5					our $VERSION = '0.089_002';
6
7					require Exporter; our @ISA = qw(Exporter); ### use Exporter 5.57 'import';
8					our %EXPORT_TAGS = ( all => [qw( ocb_encrypt_authenticate ocb_decrypt_verify )] );
9					our @EXPORT_OK = ( @{ $EXPORT_TAGS{'all'} } );
10					our @EXPORT = qw();
11
12	4	4		20	use Carp;
	4			4
	4			249
13					$Carp::Internal{(__PACKAGE__)}++;
14	4	4		791	use CryptX;
	4			5
	4			397
15
16					# obsolete, only for backwards compatibility
17	0	0	0		sub aad_add { goto &adata_add }
18	0	0	1		sub blocksize { return 16 }
19
20	0	0			sub CLONE_SKIP { 1 } # prevent cloning
21
22					1;
23
24					=pod
25
26					=head1 NAME
27
28					Crypt::AuthEnc::OCB - Authenticated encryption in OCBv3 mode
29
30					=head1 SYNOPSIS
31
32					### OO interface
33					use Crypt::AuthEnc::OCB;
34
35					my $key = '...';
36					my $nonce = '...';
37					my $tag_len = 16;
38					my $expected_tag = '...';
39
40					# encrypt and authenticate
41					my $ae_enc = Crypt::AuthEnc::OCB->new("AES", $key, $nonce, $tag_len);
42					$ae_enc->adata_add('additional_authenticated_data1');
43					$ae_enc->adata_add('additional_authenticated_data2');
44					my $ct = $ae_enc->encrypt_add('data1');
45					$ct .= $ae_enc->encrypt_add('data2');
46					$ct .= $ae_enc->encrypt_add('data3');
47					$ct .= $ae_enc->encrypt_last('rest of data');
48					my $tag = $ae_enc->encrypt_done();
49
50					# decrypt and verify
51					my $ae_dec = Crypt::AuthEnc::OCB->new("AES", $key, $nonce, $tag_len);
52					$ae_dec->adata_add('additional_authenticated_data1');
53					$ae_dec->adata_add('additional_authenticated_data2');
54					my $pt = $ae_dec->decrypt_add('ciphertext1');
55					$pt .= $ae_dec->decrypt_add('ciphertext2');
56					$pt .= $ae_dec->decrypt_add('ciphertext3');
57					$pt .= $ae_dec->decrypt_last('rest of data');
58					$ae_dec->decrypt_done($expected_tag) or die "decrypt failed"; # constant-time tag check
59
60					#or, if you need the computed tag, compare it with slow_eq from Crypt::Misc
61					#(Perl's 'eq' is not constant-time and leaks timing information)
62					my $computed_tag = $ae_dec->decrypt_done();
63					die "decrypt failed" unless Crypt::Misc::slow_eq($computed_tag, $expected_tag);
64
65					### functional interface
66					use Crypt::AuthEnc::OCB qw(ocb_encrypt_authenticate ocb_decrypt_verify);
67
68					my $key = '...';
69					my $nonce = '...';
70					my $adata = '...';
71					my $plaintext = '...';
72					my $tag_len = 16;
73
74					my ($ciphertext, $tag) = ocb_encrypt_authenticate('AES', $key, $nonce, $adata, $tag_len, $plaintext);
75					my $decrypted = ocb_decrypt_verify('AES', $key, $nonce, $adata, $ciphertext, $tag);
76
77					=head1 DESCRIPTION
78
79					This module implements OCB v3 according to
80					L.
81
82					This is a stateful API. Build one message by calling, in order:
83					C, optional C, zero or more C or C
84					calls for full blocks, one optional C or C for the
85					final partial block, then C or C.
86
87					Use a fresh object per message. When verifying, C
88					is the safer one-step form; C without arguments only returns
89					the calculated tag.
90					The first C / C call finalizes the object. After that,
91					further C, C, C, C,
92					C, C, and C calls croak.
93
94					=head1 EXPORT
95
96					Nothing is exported by default.
97
98					You can export selected functions:
99
100					use Crypt::AuthEnc::OCB qw(ocb_encrypt_authenticate ocb_decrypt_verify);
101
102					=head1 FUNCTIONS
103
104					=head2 ocb_encrypt_authenticate
105
106					my ($ciphertext, $tag) = ocb_encrypt_authenticate($cipher, $key, $nonce, $adata, $tag_len, $plaintext);
107
108					# $cipher .. [string] 'AES' or name of any other cipher with 16-byte block len
109					# $key ..... [binary string] AES key of proper length (128/192/256 bits)
110					# $nonce ... [binary string] unique nonce/salt (no need to keep it secret)
111					# $adata ... [binary string] additional authenticated data
112					# $tag_len . [integer] required length of output tag
113
114					Use tag lengths from 4 to 16 bytes. Out-of-range values passed to this
115					functional helper are normalized to 16.
116
117					=head2 ocb_decrypt_verify
118
119					my $plaintext = ocb_decrypt_verify($cipher, $key, $nonce, $adata, $ciphertext, $tag);
120					# on error returns undef
121
122					=head1 METHODS
123
124					Unless noted otherwise, assume C<$ae> is an existing AEAD object created via
125					C, for example:
126
127					my $ae = Crypt::AuthEnc::OCB->new($cipher, $key, $nonce);
128
129					=head2 new
130
131					my $ae = Crypt::AuthEnc::OCB->new($cipher, $key, $nonce, $tag_len);
132
133					# $cipher .. [string] 'AES' or name of any other cipher with 16-byte block len
134					# $key ..... [binary string] AES key of proper length (128/192/256 bits)
135					# $nonce ... [binary string] unique nonce/salt (no need to keep it secret)
136					# $tag_len . [integer] required length of output tag
137
138					=head2 adata_add
139
140					Can be called only before the first C, C,
141					C, or C.
142					Returns the object itself (for chaining).
143
144					$ae->adata_add($adata); #can be called multiple times
145
146					=head2 encrypt_add
147
148					Returns a binary string of ciphertext (raw bytes).
149
150					my $ciphertext = $ae->encrypt_add($data); # can be called multiple times
151
152					# note: \ must be a multiple of the block length (16 for AES)
153
154					=head2 encrypt_last
155
156					my $ciphertext = $ae->encrypt_last($data);
157
158					=head2 encrypt_done
159
160					Returns the authentication tag as a binary string (raw bytes).
161					This call finalizes the current message.
162
163					my $tag = $ae->encrypt_done(); # returns $tag value
164
165					=head2 decrypt_add
166
167					Returns a binary string of plaintext (raw bytes).
168
169					my $plaintext = $ae->decrypt_add($ciphertext); # can be called multiple times
170
171					# note: \ must be a multiple of the block length (16 for AES)
172
173					=head2 decrypt_last
174
175					my $plaintext = $ae->decrypt_last($data);
176
177					=head2 decrypt_done
178
179					Without argument returns the computed tag as a binary string. With C<$tag> argument returns C<1> (success) or C<0> (failure).
180					This call finalizes the current message.
181
182					my $tag = $ae->decrypt_done; # returns $tag value
183					#or
184					my $result = $ae->decrypt_done($tag); # returns 1 (success) or 0 (failure)
185
186					=head2 blocksize
187
188					my $bs = $ae->blocksize; # always returns 16
189
190					Returns the block size of the underlying cipher (always 16, since OCB requires
191					a 128-bit block cipher such as AES).
192
193					=head2 clone
194
195					Returns a copy of the AEAD object in its current state.
196
197					my $ae_new = $ae->clone;
198
199					=head1 SEE ALSO
200
201					=over
202
203					=item * L, L, L, L
204
205					=item * L
206
207					=item * L
208
209					=back
210
211					=cut