CBC results from the CPAN

Crypt-Passphrase-Bcrypt-AES
view release on metacpan or search on metacpan
lib/Crypt/Passphrase/Bcrypt/AES.pm view on Meta::CPAN
package Crypt::Passphrase::Bcrypt::AES;

use 5.014;
use warnings;

our $VERSION = '0.002';

use parent 'Crypt::Passphrase::Bcrypt::Encrypted';
use Crypt::Passphrase 0.019 -encoder;

use Carp 'croak';
use Crypt::Rijndael 1.16;

my %mode = (
	'aes-cfb' => Crypt::Rijndael::MODE_CFB,
	'aes-ofb' => Crypt::Rijndael::MODE_OFB,
	'aes-ctr' => Crypt::Rijndael::MODE_CTR,
	'aes-ecb-pad' => Crypt::Rijndael::MODE_ECB,
	'aes-cbc-pad' => Crypt::Rijndael::MODE_CBC,
);

sub new {
	my ($class, %args) = @_;
	my $peppers = $args{peppers} or croak('No peppers given');
	$args{active} //= (sort {; no warnings 'numeric'; $b <=> $a || $b cmp $a } keys %{ $peppers })[0];
	my $mode = delete $args{mode} // 'ctr';
	my $cipher = "aes-$mode";
	croak("No such mode $mode") if not exists $mode{$cipher};
	my $self = $class->SUPER::new(%args, cipher => $cipher);
	for my $key (keys %{$peppers}) {
		my $length = length $peppers->{$key};
		croak "Pepper $key has invalid length $length" if $length != 16 && $length != 24 && $length != 32;
		$self->{peppers}{$key} = $peppers->{$key};
	}
	return $self;
}

sub encrypt_hash {
	my ($self, $cipher, $id, $iv, $raw) = @_;
	if ($cipher =~ /-pad$/) {
		my $pad_length = 16 - length($raw) % 16;
		$raw .= chr($pad_length) x $pad_length;
	}
	my $mode = $mode{$cipher} or croak "No such cipher $cipher";
	my $secret = $self->{peppers}{$id} or croak "No such pepper $id";
	return Crypt::Rijndael->new($secret, $mode)->encrypt($raw, $iv);
}

sub decrypt_hash {
	my ($self, $cipher, $id, $iv, $raw) = @_;
	my $mode = $mode{$cipher} or croak "No such cipher $cipher";
	my $secret = $self->{peppers}{$id} or croak "No such pepper $id";
	my $plaintext = Crypt::Rijndael->new($secret, $mode)->decrypt($raw, $iv);
	if ($cipher =~ /-pad$/) {
		my $pad_length = ord substr $plaintext, -1;
		substr($plaintext, -$pad_length, $pad_length, '') eq chr($pad_length) x $pad_length or croak 'Incorrectly padded';
	}
	return $plaintext;
}

sub supported_ciphers {
	return keys %mode;
}

1;

__END__

=pod

=encoding utf-8

=head1 NAME

Crypt::Passphrase::Bcrypt::AES - A peppered AES-encrypted Bcrypt encoder for Crypt::Passphrase

=head1 SYNOPSIS

 my $passphrase = Crypt::Passphrase->new(
( run in 0.540 second using v1.01-cache-2.11-cpan-e1769b4cff6 )