Crypt::AuthEnc::CCM(3pm)

1Crypt::AuthEnc::CCM(3)User Contributed Perl DocumentationCrypt::AuthEnc::CCM(3)
2
3
4

NAME

6       Crypt::AuthEnc::CCM - Authenticated encryption in CCM mode
7

SYNOPSIS

9        ### OO interface
10        use Crypt::AuthEnc::CCM;
11
12        # encrypt and authenticate
13        my $ae = Crypt::AuthEnc::CCM->new("AES", $key, $iv, $adata, $tag_len, $pt_len);
14        my $ct = $ae->encrypt_add('data1');
15        $ct .= $ae->encrypt_add('data2');
16        $ct .= $ae->encrypt_add('data3');
17        my $tag = $ae->encrypt_done();
18
19        # decrypt and verify
20        my $ae = Crypt::AuthEnc::CCM->new("AES", $key, $iv, $adata, $tag_len, $pt_len);
21        my $pt = $ae->decrypt_add('ciphertext1');
22        $pt .= $ae->decrypt_add('ciphertext2');
23        $pt .= $ae->decrypt_add('ciphertext3');
24        my $tag = $ae->decrypt_done();
25        die "decrypt failed" unless $tag eq $expected_tag;
26
27        #or
28        my $result = $ae->decrypt_done($expected_tag); # 0 or 1
29
30        ### functional interface
31        use Crypt::AuthEnc::CCM qw(ccm_encrypt_authenticate ccm_decrypt_verify);
32
33        ($ciphertext, $tag) = ccm_encrypt_authenticate('AES', $key, $nonce, $adata, $tag_len, $plaintext);
34        $plaintext = ccm_decrypt_verify('AES', $key, $nonce, $adata, $ciphertext, $tag);
35

DESCRIPTION

37       CCM is a encrypt+authenticate mode that is centered around using AES
38       (or any 16-byte cipher) as a primitive.  Unlike EAX and OCB mode, it is
39       only meant for packet mode where the length of the input is known in
40       advance.
41

EXPORT

43       Nothing is exported by default.
44
45       You can export selected functions:
46
47        use Crypt::AuthEnc::CCM qw(ccm_encrypt_authenticate ccm_decrypt_verify);
48

FUNCTIONS

50   ccm_encrypt_authenticate
51        my ($ciphertext, $tag) = ccm_encrypt_authenticate($cipher, $key, $nonce, $adata, $tag_len, $plaintext);
52
53        # $cipher .. 'AES' or name of any other cipher with 16-byte block len
54        # $key ..... key of proper length (e.g. 128/192/256bits for AES)
55        # $nonce ... unique nonce/salt (no need to keep it secret)
56        # $adata ... additional authenticated data
57        # $tag_len . required length of output tag
58
59       CCM parameters should follow
60       <http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38c.pdf>
61
62        # tag length:   4, 6, 8, 10, 12, 14, 16 (reasonable minimum is 8)
63        # nonce length: 7, 8, 9, 10, 11, 12, 13 (if you are not sure, use 11)
64        # BEWARE nonce length determines max. enc/dec data size: max_data_size = 2^(8*(15-nonce_len))
65
66   ccm_decrypt_verify
67        my $plaintext = ccm_decrypt_verify($cipher, $key, $nonce, $adata, $ciphertext, $tag);
68        # on error returns undef
69

METHODS

71   new
72        my $ae = Crypt::AuthEnc::CCM->new($cipher, $key, $nonce, $adata, $tag_len, $pt_len);
73
74        # $cipher .. 'AES' or name of any other cipher with 16-byte block len
75        # $key ..... key of proper length (e.g. 128/192/256bits for AES)
76        # $nonce ... unique nonce/salt (no need to keep it secret)
77        # $adata ... additional authenticated data
78        # $tag_len . required length of output tag
79        # $pt_len .. expected length of plaintext/ciphertext to encrypt/decrypt
80
81   encrypt_add
82        $ciphertext = $ae->encrypt_add($data);        # can be called multiple times
83
84   encrypt_done
85        my $tag = $ae->encrypt_done;                  # returns $tag value
86
87   decrypt_add
88        $plaintext = $ae->decrypt_add($ciphertext);   # can be called multiple times
89
90   decrypt_done
91        my $tag = $ae->decrypt_done;           # returns $tag value
92        #or
93        my $result = $ae->decrypt_done($tag);  # returns 1 (success) or 0 (failure)
94
95   clone
96        my $ae_new = $ae->clone;
97

NAME

SYNOPSIS

DESCRIPTION

EXPORT

FUNCTIONS

METHODS

SEE ALSO