1Crypt::AuthEnc::CCM(3)User Contributed Perl DocumentationCrypt::AuthEnc::CCM(3)
2
3
4
6 Crypt::AuthEnc::CCM - Authenticated encryption in CCM mode
7
9 ### OO interface
10 use Crypt::AuthEnc::CCM;
11
12 # encrypt and authenticate
13 my $ae = Crypt::AuthEnc::CCM->new("AES", $key, $iv, $adata, $tag_len, $pt_len);
14 my $ct = $ae->encrypt_add('data1');
15 $ct .= $ae->encrypt_add('data2');
16 $ct .= $ae->encrypt_add('data3');
17 my $tag = $ae->encrypt_done();
18
19 # decrypt and verify
20 my $ae = Crypt::AuthEnc::CCM->new("AES", $key, $iv, $adata, $tag_len, $pt_len);
21 my $pt = $ae->decrypt_add('ciphertext1');
22 $pt .= $ae->decrypt_add('ciphertext2');
23 $pt .= $ae->decrypt_add('ciphertext3');
24 my $tag = $ae->decrypt_done();
25 die "decrypt failed" unless $tag eq $expected_tag;
26
27 #or
28 my $result = $ae->decrypt_done($expected_tag); # 0 or 1
29
30 ### functional interface
31 use Crypt::AuthEnc::CCM qw(ccm_encrypt_authenticate ccm_decrypt_verify);
32
33 ($ciphertext, $tag) = ccm_encrypt_authenticate('AES', $key, $nonce, $adata, $tag_len, $plaintext);
34 $plaintext = ccm_decrypt_verify('AES', $key, $nonce, $adata, $ciphertext, $tag);
35
37 CCM is a encrypt+authenticate mode that is centered around using AES
38 (or any 16-byte cipher) as a primitive. Unlike EAX and OCB mode, it is
39 only meant for packet mode where the length of the input is known in
40 advance.
41
43 Nothing is exported by default.
44
45 You can export selected functions:
46
47 use Crypt::AuthEnc::CCM qw(ccm_encrypt_authenticate ccm_decrypt_verify);
48
50 ccm_encrypt_authenticate
51 my ($ciphertext, $tag) = ccm_encrypt_authenticate($cipher, $key, $nonce, $adata, $tag_len, $plaintext);
52
53 # $cipher .. 'AES' or name of any other cipher with 16-byte block len
54 # $key ..... key of proper length (e.g. 128/192/256bits for AES)
55 # $nonce ... unique nonce/salt (no need to keep it secret)
56 # $adata ... additional authenticated data
57 # $tag_len . required length of output tag
58
59 CCM parameters should follow
60 <http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38c.pdf>
61
62 # tag length: 4, 6, 8, 10, 12, 14, 16 (reasonable minimum is 8)
63 # nonce length: 7, 8, 9, 10, 11, 12, 13 (if you are not sure, use 11)
64 # BEWARE nonce length determines max. enc/dec data size: max_data_size = 2^(8*(15-nonce_len))
65
66 ccm_decrypt_verify
67 my $plaintext = ccm_decrypt_verify($cipher, $key, $nonce, $adata, $ciphertext, $tag);
68 # on error returns undef
69
71 new
72 my $ae = Crypt::AuthEnc::CCM->new($cipher, $key, $nonce, $adata, $tag_len, $pt_len);
73
74 # $cipher .. 'AES' or name of any other cipher with 16-byte block len
75 # $key ..... key of proper length (e.g. 128/192/256bits for AES)
76 # $nonce ... unique nonce/salt (no need to keep it secret)
77 # $adata ... additional authenticated data
78 # $tag_len . required length of output tag
79 # $pt_len .. expected length of plaintext/ciphertext to encrypt/decrypt
80
81 encrypt_add
82 $ciphertext = $ae->encrypt_add($data); # can be called multiple times
83
84 encrypt_done
85 my $tag = $ae->encrypt_done; # returns $tag value
86
87 decrypt_add
88 $plaintext = $ae->decrypt_add($ciphertext); # can be called multiple times
89
90 decrypt_done
91 my $tag = $ae->decrypt_done; # returns $tag value
92 #or
93 my $result = $ae->decrypt_done($tag); # returns 1 (success) or 0 (failure)
94
95 clone
96 my $ae_new = $ae->clone;
97
99 • CryptX, Crypt::AuthEnc::EAX, Crypt::AuthEnc::GCM,
100 Crypt::AuthEnc::OCB
101
102 • <https://en.wikipedia.org/wiki/CCM_mode>
103
104
105
106perl v5.36.1 2023-10-04 Crypt::AuthEnc::CCM(3)