1Crypt::AuthEnc::OCB(3)User Contributed Perl DocumentationCrypt::AuthEnc::OCB(3)
2
3
4
6 Crypt::AuthEnc::OCB - Authenticated encryption in OCBv3 mode
7
9 ### OO interface
10 use Crypt::AuthEnc::OCB;
11
12 # encrypt and authenticate
13 my $ae = Crypt::AuthEnc::OCB->new("AES", $key, $nonce, $tag_len);
14 $ae->adata_add('additional_authenticated_data1');
15 $ae->adata_add('additional_authenticated_data2');
16 my $ct = $ae->encrypt_add('data1');
17 $ct .= $ae->encrypt_add('data2');
18 $ct .= $ae->encrypt_add('data3');
19 $ct .= $ae->encrypt_last('rest of data');
20 my $tag = $ae->encrypt_done();
21
22 # decrypt and verify
23 my $ae = Crypt::AuthEnc::OCB->new("AES", $key, $nonce, $tag_len);
24 $ae->adata_add('additional_authenticated_data1');
25 $ae->adata_add('additional_authenticated_data2');
26 my $pt = $ae->decrypt_add('ciphertext1');
27 $pt .= $ae->decrypt_add('ciphertext2');
28 $pt .= $ae->decrypt_add('ciphertext3');
29 $pt .= $ae->decrypt_last('rest of data');
30 my $tag = $ae->decrypt_done();
31 die "decrypt failed" unless $tag eq $expected_tag;
32
33 #or
34 my $result = $ae->decrypt_done($expected_tag); # 0 or 1
35
36 ### functional interface
37 use Crypt::AuthEnc::OCB qw(ocb_encrypt_authenticate ocb_decrypt_verify);
38
39 my ($ciphertext, $tag) = ocb_encrypt_authenticate('AES', $key, $nonce, $adata, $tag_len, $plaintext);
40 my $plaintext = ocb_decrypt_verify('AES', $key, $nonce, $adata, $ciphertext, $tag);
41
43 This module implements OCB v3 according to
44 <https://tools.ietf.org/html/rfc7253>
45
47 Nothing is exported by default.
48
49 You can export selected functions:
50
51 use Crypt::AuthEnc::OCB qw(ocb_encrypt_authenticate ocb_decrypt_verify);
52
54 ocb_encrypt_authenticate
55 my ($ciphertext, $tag) = ocb_encrypt_authenticate($cipher, $key, $nonce, $adata, $tag_len, $plaintext);
56
57 # $cipher .. 'AES' or name of any other cipher with 16-byte block len
58 # $key ..... AES key of proper length (128/192/256bits)
59 # $nonce ... unique nonce/salt (no need to keep it secret)
60 # $adata ... additional authenticated data
61 # $tag_len . required length of output tag
62
63 ocb_decrypt_verify
64 my $plaintext = ocb_decrypt_verify($cipher, $key, $nonce, $adata, $ciphertext, $tag);
65 # on error returns undef
66
68 new
69 my $ae = Crypt::AuthEnc::OCB->new($cipher, $key, $nonce, $tag_len);
70
71 # $cipher .. 'AES' or name of any other cipher with 16-byte block len
72 # $key ..... AES key of proper length (128/192/256bits)
73 # $nonce ... unique nonce/salt (no need to keep it secret)
74 # $tag_len . required length of output tag
75
76 adata_add
77 $ae->adata_add($adata); #can be called multiple times
78
79 encrypt_add
80 $ciphertext = $ae->encrypt_add($data); # can be called multiple times
81
82 #BEWARE: size of $data has to be multiple of blocklen (16 for AES)
83
84 encrypt_last
85 $ciphertext = $ae->encrypt_last($data);
86
87 encrypt_done
88 $tag = $ae->encrypt_done(); # returns $tag value
89
90 decrypt_add
91 $plaintext = $ae->decrypt_add($ciphertext); # can be called multiple times
92
93 #BEWARE: size of $ciphertext has to be multiple of blocklen (16 for AES)
94
95 decrypt_last
96 $plaintext = $ae->decrypt_last($data);
97
98 decrypt_done
99 my $tag = $ae->decrypt_done; # returns $tag value
100 #or
101 my $result = $ae->decrypt_done($tag); # returns 1 (success) or 0 (failure)
102
103 clone
104 my $ae_new = $ae->clone;
105
107 • CryptX, Crypt::AuthEnc::CCM, Crypt::AuthEnc::GCM,
108 Crypt::AuthEnc::EAX
109
110 • <https://en.wikipedia.org/wiki/OCB_mode>
111
112 • <https://tools.ietf.org/html/rfc7253>
113
114
115
116perl v5.36.1 2023-10-04 Crypt::AuthEnc::OCB(3)