| 1 |
root |
1.1 |
=head1 NAME |
| 2 |
|
|
|
| 3 |
|
|
Crypt::Spritz - Crypt::CBC compliant Spritz encryption/hash/mac/aead/prng module |
| 4 |
|
|
|
| 5 |
|
|
=head1 SYNOPSIS |
| 6 |
|
|
|
| 7 |
|
|
use Crypt::Spritz; |
| 8 |
|
|
|
| 9 |
|
|
# keysize() is 32, but spritz accepts any key size |
| 10 |
|
|
# blocksize() is 16, but cna be anything |
| 11 |
|
|
|
| 12 |
|
|
$cipher = new Crypt::Twofish2 "a" x 32, Crypt::Twofish2::MODE_CBC; |
| 13 |
|
|
|
| 14 |
|
|
$crypted = $cipher->encrypt($plaintext); |
| 15 |
|
|
# - OR - |
| 16 |
|
|
$plaintext = $cipher->decrypt($crypted); |
| 17 |
|
|
|
| 18 |
|
|
=head1 DESCRIPTION |
| 19 |
|
|
|
| 20 |
|
|
This module implements the spritz spongelike function. |
| 21 |
|
|
|
| 22 |
|
|
Although it is C<Crypt::CBC> compliant you usually gain nothing by using |
| 23 |
|
|
that module (except generality, which is often a good thing), since |
| 24 |
|
|
C<Crypt::Twofish2> can work in either ECB or CBC mode itself. |
| 25 |
|
|
|
| 26 |
|
|
=over 4 |
| 27 |
|
|
|
| 28 |
|
|
=cut |
| 29 |
|
|
|
| 30 |
|
|
package Crypt::Spritz; |
| 31 |
|
|
|
| 32 |
|
|
use XSLoader; |
| 33 |
|
|
|
| 34 |
|
|
$VERSION = '0.0'; |
| 35 |
|
|
|
| 36 |
|
|
XSLoader::load __PACKAGE__, $VERSION; |
| 37 |
|
|
|
| 38 |
|
|
@Crypt::Spritz::CipherBase::ISA = |
| 39 |
root |
1.2 |
@Crypt::Spritz::Hash::ISA = |
| 40 |
root |
1.1 |
@Crypt::Spritz::PRNG::ISA = Crypt::Spritz::; |
| 41 |
|
|
|
| 42 |
root |
1.2 |
@Crypt::Spritz::MAC::ISA = Crypt::Spritz::Hash::; |
| 43 |
root |
1.1 |
|
| 44 |
root |
1.2 |
@Crypt::Spritz::Cipher::XOR::ISA = |
| 45 |
|
|
@Crypt::Spritz::Cipher::ISA = |
| 46 |
root |
1.1 |
@Crypt::Spritz::AEAD::ISA = |
| 47 |
|
|
@Crypt::Spritz::AEAD::XOR::ISA = Crypt::Spritz::CipherBase::; |
| 48 |
|
|
|
| 49 |
|
|
sub Crypt::Spritz::CipherBase::keysize () { 32 } |
| 50 |
|
|
sub Crypt::Spritz::CipherBase::blocksize () { 64 } |
| 51 |
|
|
|
| 52 |
root |
1.2 |
*Crypt::Spritz::Hash::add = |
| 53 |
root |
1.1 |
*Crypt::Spritz::PRNG::add = \&Crypt::Spritz::absorb; |
| 54 |
|
|
|
| 55 |
|
|
*Crypt::Spritz::PRNG::get = \&Crypt::Spritz::squeeze; |
| 56 |
|
|
|
| 57 |
root |
1.3 |
*Crypt::Spritz::AEAD::XOR::new = |
| 58 |
|
|
*Crypt::Spritz::AEAD::new = \&Crypt::Spritz::MAC::new; |
| 59 |
|
|
|
| 60 |
root |
1.1 |
*Crypt::Spritz::AEAD::XOR::finish = |
| 61 |
root |
1.2 |
*Crypt::Spritz::AEAD::finish = \&Crypt::Spritz::Hash::finish; |
| 62 |
root |
1.1 |
|
| 63 |
|
|
*Crypt::Spritz::AEAD::XOR::associated_data = |
| 64 |
|
|
*Crypt::Spritz::AEAD::associated_data = |
| 65 |
|
|
*Crypt::Spritz::AEAD::XOR::nonce = |
| 66 |
|
|
*Crypt::Spritz::AEAD::nonce = \&Crypt::Spritz::absborb_and_stop; |
| 67 |
|
|
|
| 68 |
|
|
=item keysize |
| 69 |
|
|
|
| 70 |
|
|
Returns the keysize, which is 32 (bytes). The Twofish2 cipher actually |
| 71 |
|
|
supports keylengths of 16, 24 or 32 bytes, but there is no way to |
| 72 |
|
|
communicate this to C<Crypt::CBC>. |
| 73 |
|
|
|
| 74 |
|
|
=item blocksize |
| 75 |
|
|
|
| 76 |
|
|
The blocksize for Twofish2 is 16 bytes (128 bits), which is somewhat |
| 77 |
|
|
unique. It is also the reason I need this module myself ;) |
| 78 |
|
|
|
| 79 |
|
|
=item $cipher = new $key [, $mode] |
| 80 |
|
|
|
| 81 |
|
|
Create a new C<Crypt::Twofish2> cipher object with the given key (which |
| 82 |
|
|
must be 128, 192 or 256 bits long). The additional C<$mode> argument is |
| 83 |
|
|
the encryption mode, either C<MODE_ECB> (electronic cookbook mode, the |
| 84 |
|
|
default), C<MODE_CBC> (cipher block chaining, the same that C<Crypt::CBC> |
| 85 |
|
|
does) or C<MODE_CFB1> (1-bit cipher feedback mode). |
| 86 |
|
|
|
| 87 |
|
|
ECB mode is very insecure (read a book on cryptography if you don't know |
| 88 |
|
|
why!), so you should probably use CBC mode. CFB1 mode is not tested and is |
| 89 |
|
|
most probably broken, so do not try to use it. |
| 90 |
|
|
|
| 91 |
|
|
In ECB mode you can use the same cipher object to encrypt and decrypt |
| 92 |
|
|
data. However, every change of "direction" causes an internal reordering |
| 93 |
|
|
of key data, which is quite slow, so if you want ECB mode and |
| 94 |
|
|
encryption/decryption at the same time you should create two seperate |
| 95 |
|
|
C<Crypt::Twofish2> objects with the same key. |
| 96 |
|
|
|
| 97 |
|
|
In CBC mode you have to use seperate objects for encryption/decryption in |
| 98 |
|
|
any case. |
| 99 |
|
|
|
| 100 |
|
|
The C<MODE_*>-constants are not exported by this module, so you must |
| 101 |
|
|
specify them as C<Crypt::Twofish2::MODE_CBC> etc. (sorry for that). |
| 102 |
|
|
|
| 103 |
|
|
=item $cipher->encrypt($data) |
| 104 |
|
|
|
| 105 |
|
|
Encrypt data. The size of C<$data> must be a multiple of C<blocksize> (16 |
| 106 |
|
|
bytes), otherwise this function will croak. Apart from that, it can be of |
| 107 |
|
|
(almost) any length. |
| 108 |
|
|
|
| 109 |
|
|
=item $cipher->decrypt($data) |
| 110 |
|
|
|
| 111 |
|
|
The pendant to C<encrypt> in that it I<de>crypts data again. |
| 112 |
|
|
|
| 113 |
|
|
=back |
| 114 |
|
|
|
| 115 |
|
|
=head1 SEE ALSO |
| 116 |
|
|
|
| 117 |
|
|
L<Crypt::CBC>, L<Digest::HMAC>, L<http://people.csail.mit.edu/rivest/pubs/RS14.pdf>. |
| 118 |
|
|
|
| 119 |
|
|
=head1 SECURITY CONSIDERATIONS |
| 120 |
|
|
|
| 121 |
|
|
I also cannot guarantee for security. |
| 122 |
|
|
|
| 123 |
|
|
=head1 AUTHOR |
| 124 |
|
|
|
| 125 |
|
|
Marc Lehmann <schmorp@schmorp.de> |
| 126 |
|
|
http://home.schmorp.de/ |
| 127 |
|
|
|
| 128 |
|
|
The actual twofish encryption is written in horribly microsoft'ish looking |
| 129 |
|
|
almost ansi-c by Doug Whiting. |
| 130 |
|
|
|
| 131 |
|
|
=cut |
| 132 |
|
|
|
| 133 |
|
|
1; |
| 134 |
|
|
|
