Crypt-OpenSSL-AES
view release on metacpan or search on metacpan
if (props != NULL) {
croak ("provider_props fips=yes only supported on OpenSSL 3.0+");
}
if (keysize == 16) {
if (name == NULL)
return (EVP_CIPHER * ) EVP_aes_128_ecb();
else if (strcmp(name, "AES-128-ECB") == 0)
return (EVP_CIPHER * ) EVP_aes_128_ecb();
else if (strcmp(name, "AES-128-CBC") == 0)
return (EVP_CIPHER * ) EVP_aes_128_cbc();
else if (strcmp(name, "AES-128-CFB") == 0)
return (EVP_CIPHER * ) EVP_aes_128_cfb();
else if (strcmp(name, "AES-128-CTR") == 0)
#if OPENSSL_VERSION_NUMBER >= 0x10001000L
return (EVP_CIPHER * ) EVP_aes_128_ctr();
#else
croak ("CTR ciphers not supported on this version of OpenSSL");
#endif
else if (strcmp(name, "AES-128-OFB") == 0)
return (EVP_CIPHER * ) EVP_aes_128_ofb();
else
croak ("You specified an unsupported cipher for this keysize: 16");
} else if (keysize == 24) {
if (name == NULL)
return (EVP_CIPHER * ) EVP_aes_192_ecb();
else if (strcmp(name, "AES-192-ECB") == 0)
return (EVP_CIPHER * ) EVP_aes_192_ecb();
else if (strcmp(name, "AES-192-CBC") == 0)
return (EVP_CIPHER * ) EVP_aes_192_cbc();
else if (strcmp(name, "AES-192-CFB") == 0)
return (EVP_CIPHER * ) EVP_aes_192_cfb();
else if (strcmp(name, "AES-192-CTR") == 0)
#if OPENSSL_VERSION_NUMBER >= 0x10001000L
return (EVP_CIPHER * ) EVP_aes_192_ctr();
#else
croak ("CTR ciphers not supported on this version of OpenSSL");
#endif
else if (strcmp(name, "AES-192-OFB") == 0)
return (EVP_CIPHER * ) EVP_aes_192_ofb();
else
croak ("You specified an unsupported cipher for this keysize: 24");
} else if (keysize == 32) {
if (name == NULL)
return (EVP_CIPHER * ) EVP_aes_256_ecb();
else if (strcmp(name, "AES-256-ECB") == 0)
return (EVP_CIPHER * ) EVP_aes_256_ecb();
else if (strcmp(name, "AES-256-CBC") == 0)
return (EVP_CIPHER * ) EVP_aes_256_cbc();
else if (strcmp(name, "AES-256-CFB") == 0)
return (EVP_CIPHER * ) EVP_aes_256_cfb();
else if (strcmp(name, "AES-256-CTR") == 0)
#if OPENSSL_VERSION_NUMBER >= 0x10001000L
return (EVP_CIPHER * ) EVP_aes_256_ctr();
#else
croak ("CTR ciphers not supported on this version of OpenSSL");
#endif
else if (strcmp(name, "AES-256-OFB") == 0)
- tests: Modernize the module new syntax
- Properly free memory in the event of an error
- Add checks to ensure the module is not cloned across threads
- A fair number of miscelaneous cleanups
- Verify that the IV is the correct length
- Add a check for fips mode and method to enable
- Replace static cipher getters with EVP_CIPHER_fetch()
- Re-initialize EVP Context Between Calls to encrypt or decrypt
[Detailed Change Log]
- 1587ac2 Remove Crypt::CBC as a set dependency
- 6f813d8 Upgrade ppport.h to Version 3.73
- f064619 Update copyright year and add META.json
- 7ad96e4 Add a MANIFEST.SKIP
- 2f4783c Example Docker Container to run in Apache
- 16d2d64 get_padding should return true or false
- 17fc906 Update the version number for the next release
- a452981 License text updates
- 488c11b Add Crypt::CBC as a test dependency
- 97de73e Update Dependencies
- a693ae7 Update the testsuite
- 9e0d2b7 Increase plaintext buffer size in accordance with OpenSSL documentation
- 4a827c9 Even encrypt and decrypt zero length data
- 5a60996 tests: Fix typo
- 9bbbc8d tests: localize the key to the scope
- 8f96914 tests: Modernize the module new syntax
- 3764f7d tests: Fix the error checks and improve error handling use Crypt::OpenSSL::Guess in openssl check
- 31c4493 tests: Add strict and warnings
- a65f963 Properly free RETVAL in new()
0.11 -- Mon Oct 02 22:03:40 ADT 2023
[Significant updates since 0.10]
- Bugfix from mokers and #149909
- Add full LibreSSL support for the new library API functions
- Remove dependency for CryptX (rewrite the tests)
- new library API functions supported for OpenSSL 0.9.8+
[Detailed Change Log]
- b328a6c Really remove Crypt::CBC dependency
- 16eb4b6 Fix #149909: v0.10 Segfaulting on macOS [rt.cpan.org #149909]
- c6bf4be Remove Build/Test dependency on CryptX
- cfe9571 The API supports 0.9.8 and above so the skips seem unnecessary
- 7fa47df Fix patch undefined
- 6fb6b23 Support libressl with modern api calls
- 8be70f0 reverse 2782f24 Don't run OpenSSL tests for LibreSSL
- 014f71e Increment version for release
- 2782f24 Don't run OpenSSL tests for LibreSSL
- 24072d3 Attempt to fix Free to wrong pool issue
- 49f93e3 Fix get_option_svalue issue
- d6cb161 Fix issue with tests - undefined
- f7027e3 (tag: 0.10) v0.10
0.10 -- Thu Sep 21 23:10:38 ADT 2023
[Significant updates since 0.08]
- Added support for CBC, CFB, CTR and OFB
- Allows encryption of data larger than 16-bytes
- Uses padding for data that is not a multiple of 16-bytes
- Allows support for IV for supported ciphers
[Detailed Change Log]
- d3a7ccb Increment version for release
- 24b7deb Add GitHub::CreateRelease and remove META.json from repo
- 9ca1b5a Remove C++ style comment
- cbcd8e3 SET_CONTEXT for threaded perls
- 25e7c01 v0.09
- 1cb07ea Testing release
0.09 -- Wed Sep 20 23:04:24 ADT 2023
[Significant updates since 0.08]
- Added support for CBC, CFB, CTR and OFB
- Allows encryption of data larger than 16-bytes
- Uses padding for data that is not a multiple of 16-bytes
- Allows support for IV for supported ciphers
- f84bd04 Update MANIFEST file
- c23620a Increment version for next release
- fcf7e23 Update dependencies
- 4de67f5 Add tests for multiple ciphers
- 750f2bb Support additional AES ciphers
- a6fd450 Change tabs to spaces - tabs were driving me crazy
- d6e7f7d (tag: 0.08) v0.08
0.08 -- Sat Sep 16 00:19:13 ADT 2023
[Detailed Changes]
- ff164da Change the push to repo
- 98b92f8 Create a test for Crypt::CBC
- ad9094f Update pod information
- 9230b98 Fix casting and signedness errors
- 4434d5c Convert build to Dist::Zilla
- 1f9d13b Increment version for a release
- 9b539b4 Update Changes for release
0.07 Thu Sep 14 18:41:23 PM 2023
[Significant updates since 0.02]
Crypt::OpenSSL::AES - A Perl wrapper around OpenSSL's AES library
SYNOPSIS
use Crypt::OpenSSL::AES;
use Crypt::URandom qw( urandom ); # Always use a strong random source
# Basic usage (defaults to AES-ECB based on key length; ECB is not recommended)
my $key = urandom(32);
my $cipher = Crypt::OpenSSL::AES->new($key);
# Recommended usage: AES-256-CBC with proper Initialization Vector and Padding
my $secure_key = urandom(32); # 32 bytes (256 bits) for AES-256
my $iv = urandom(16); # 16 bytes (128 bits) block size for AES
my $secure_cipher = Crypt::OpenSSL::AES->new(
$secure_key,
{
cipher => 'AES-256-CBC',
iv => $iv,
padding => 1, # 1 for standard block padding, 0 for no padding
}
);
my $plaintext = "Confidential data to be encrypted.";
my $encrypted = $secure_cipher->encrypt($plaintext);
my $decrypted = $secure_cipher->decrypt($encrypted);
DESCRIPTION
This module implements a wrapper around OpenSSL. Specifically, it wraps
the methods related to the US Government's Advanced Encryption Standard
(the Rijndael algorithm). The original version supports only AES ECB
(electronic codebook mode encryption).
This module is compatible with Crypt::CBC (and likely other modules that
utilize a block cipher to make a stream cipher).
This module is an alternative to the implementation provided by
Crypt::Rijndael which implements AES itself. In contrast, this module is
simply a wrapper around the OpenSSL library.
As of version 0.09 additional AES ciphers are supported. Those are:
Block Ciphers
The blocksize is 16 bytes and must be padded if not a multiple of
the blocksize.
AES-128-ECB, AES-192-ECB and AES-256-ECB (no IV)
Supports padding
AES-128-CBC, AES-192-CBC and AES-256-CBC
Supports padding and iv
Stream Ciphers
The blocksize is 1 byte. OpenSSL does not pad even if padding is set
(the default).
AES-128-CFB, AES-192-CFB and AES-256-CFB
Supports iv
AES-128-CTR, AES-192-CTR and AES-256-CTR
AES-128-OFB, AES-192-OFB and AES-256-OFB
Supports iv
FIPS COMPLIANCE
When using OpenSSL 3.0+ built with FIPS support, pass "provider_props ="
'fips=yes'> to the constructor to ensure only FIPS-validated algorithm
implementations are used.
AES-ECB is not approved for general data encryption under FIPS 140-3.
Use AES-CBC or AES-CTR with a random IV instead.
my $cipher = Crypt::OpenSSL::AES->new($key, {
cipher => 'AES-256-CBC',
iv => $iv,
padding => 1,
provider_props => 'fips=yes',
});
# Check at runtime:
warn "FIPS mode active\n" if Crypt::OpenSSL::AES::fips_mode();
mod_perl / THREADED ENVIRONMENTS
Never store a Crypt::OpenSSL::AES object in a package variable under
my $cipher = Crypt::OpenSSL::AES->new($key);
or
# the keysize must match the cipher size
# 16-bytes (128-bits) AES-128-xxx
# 24-bytes (192-bits) AES-192-xxx
# 32-bytes (256-bits) AES-256-xxx
my $cipher = Crypt::OpenSSL::AES->new($key,
{
cipher => 'AES-256-CBC',
iv => $iv, # (16-bytes for supported ciphers)
padding => 1, (0 - no padding, 1 - padding)
});
# cipher
# AES-128-ECB, AES-192-ECB and AES-256-ECB (no IV)
# AES-128-CBC, AES-192-CBC and AES-256-CBC
# AES-128-CFB, AES-192-CFB and AES-256-CFB
# AES-128-CTR, AES-192-CTR and AES-256-CTR
# AES-128-OFB, AES-192-OFB and AES-256-OFB
#
# iv - 16-byte random data
#
# padding
# 0 - no padding
# 1 - padding
$cipher->encrypt($data)
Encrypt data. For Block Ciphers (ECB and CBC) the size of $data must
be exactly "blocksize" in length (16 bytes) or padding must be
enabled in the new constructor, otherwise this function will croak.
For Stream ciphers (CFB, CTR or OFB) the block size is considered to
be 1 byte and no padding is required.
Crypt::CBC is no longer required to encrypt/decrypt data of
arbitrary lengths.
$cipher->decrypt($data)
Decrypts data. For Block Ciphers (ECB and CBC) the size of $data
must be exactly "blocksize" in length (16 bytes) or padding must be
enabled in the new constructor, otherwise this function will croak.
For Stream ciphers (CFB, CTR or OFB) the block size is considered to
be 1 byte and no padding is required.
Crypt::CBC is no longer required to encrypt/decrypt data of
arbitrary lengths.
$cipher->fips_mode()
Will return true (1) or false (0) depending whether the openssl
'fips=yes' default property is set.
keysize
This method is used by Crypt::CBC to verify the key length. This
module actually supports key lengths of 16, 24, and 32 bytes, but
this method always returns 32 for Crypt::CBC's sake.
blocksize
This method is used by Crypt::CBC to check the block size. The
blocksize for AES is always 16 bytes.
USE WITH CRYPT::CBC
As padding is now supported for the CBC cipher, Crypt::CBC is no longer
required but supported for backward compatibility.
use Crypt::CBC;
my $plaintext = "This is a test!!";
my $password = "qwerty123";
my $cipher = Crypt::CBC->new(
-key => $password,
-cipher => "Crypt::OpenSSL::AES",
-pbkdf => 'pbkdf2',
);
my $encrypted = $cipher->encrypt($plaintext);
my $decrypted = $cipher->decrypt($encrypted);
SEE ALSO
Crypt::CBC
http://www.openssl.org/
http://en.wikipedia.org/wiki/Advanced_Encryption_Standard
http://www.csrc.nist.gov/encryption/aes/
BUGS
Need more (and better) test cases.
-remove = MakeMaker
-remove = Readme
[AutoPrereqs]
skip = ^vars$
skip = utf8
skip = warnings
skip = strict
skip = overload
skip = base
skip = Crypt::CBC
skip = threads
[Prereqs / BuildRequires]
Crypt::OpenSSL::Guess = 0.10
[Prereqs / ConfigureRequires]
Crypt::OpenSSL::Guess = 0.10
[Prereqs / RuntimeRequires]
perl = 5.008
lib/Crypt/OpenSSL/AES.pm view on Meta::CPAN
=head1 SYNOPSIS
use Crypt::OpenSSL::AES;
use Crypt::URandom qw( urandom ); # Always use a strong random source
# Basic usage (defaults to AES-ECB based on key length; ECB is not recommended)
my $key = urandom(32);
my $cipher = Crypt::OpenSSL::AES->new($key);
# Recommended usage: AES-256-CBC with proper Initialization Vector and Padding
my $secure_key = urandom(32); # 32 bytes (256 bits) for AES-256
my $iv = urandom(16); # 16 bytes (128 bits) block size for AES
my $secure_cipher = Crypt::OpenSSL::AES->new(
$secure_key,
{
cipher => 'AES-256-CBC',
iv => $iv,
padding => 1, # 1 for standard block padding, 0 for no padding
}
);
my $plaintext = "Confidential data to be encrypted.";
my $encrypted = $secure_cipher->encrypt($plaintext);
my $decrypted = $secure_cipher->decrypt($encrypted);
=head1 DESCRIPTION
This module implements a wrapper around OpenSSL. Specifically, it
wraps the methods related to the US Government's Advanced
Encryption Standard (the Rijndael algorithm). The original version
supports only AES ECB (electronic codebook mode encryption).
This module is compatible with Crypt::CBC (and likely other modules
that utilize a block cipher to make a stream cipher).
This module is an alternative to the implementation provided by
Crypt::Rijndael which implements AES itself. In contrast, this module
is simply a wrapper around the OpenSSL library.
As of version 0.09 additional AES ciphers are supported. Those are:
=over 4
lib/Crypt/OpenSSL/AES.pm view on Meta::CPAN
The blocksize is 16 bytes and must be padded if not a multiple of the
blocksize.
=over 4
=item AES-128-ECB, AES-192-ECB and AES-256-ECB (no IV)
Supports padding
=item AES-128-CBC, AES-192-CBC and AES-256-CBC
Supports padding and iv
=back
=item Stream Ciphers
The blocksize is 1 byte. OpenSSL does not pad even if padding
is set (the default).
lib/Crypt/OpenSSL/AES.pm view on Meta::CPAN
=back
=back
=head1 FIPS COMPLIANCE
When using OpenSSL 3.0+ built with FIPS support, pass C<provider_props => 'fips=yes'>
to the constructor to ensure only FIPS-validated algorithm implementations are used.
B<AES-ECB is not approved for general data encryption under FIPS 140-3.>
Use AES-CBC or AES-CTR with a random IV instead.
my $cipher = Crypt::OpenSSL::AES->new($key, {
cipher => 'AES-256-CBC',
iv => $iv,
padding => 1,
provider_props => 'fips=yes',
});
# Check at runtime:
warn "FIPS mode active\n" if Crypt::OpenSSL::AES::fips_mode();
=head1 mod_perl / THREADED ENVIRONMENTS
lib/Crypt/OpenSSL/AES.pm view on Meta::CPAN
my $cipher = Crypt::OpenSSL::AES->new($key);
or
# the keysize must match the cipher size
# 16-bytes (128-bits) AES-128-xxx
# 24-bytes (192-bits) AES-192-xxx
# 32-bytes (256-bits) AES-256-xxx
my $cipher = Crypt::OpenSSL::AES->new($key,
{
cipher => 'AES-256-CBC',
iv => $iv, # (16-bytes for supported ciphers)
padding => 1, (0 - no padding, 1 - padding)
});
# cipher
# AES-128-ECB, AES-192-ECB and AES-256-ECB (no IV)
# AES-128-CBC, AES-192-CBC and AES-256-CBC
# AES-128-CFB, AES-192-CFB and AES-256-CFB
# AES-128-CTR, AES-192-CTR and AES-256-CTR
# AES-128-OFB, AES-192-OFB and AES-256-OFB
#
# iv - 16-byte random data
#
# padding
# 0 - no padding
# 1 - padding
=item $cipher->encrypt($data)
Encrypt data. For Block Ciphers (ECB and CBC) the size of C<$data>
must be exactly C<blocksize> in length (16 bytes) B<or> padding must be
enabled in the B<new> constructor, otherwise this function will croak.
For Stream ciphers (CFB, CTR or OFB) the block size is considered to
be 1 byte and no padding is required.
Crypt::CBC is no longer required to encrypt/decrypt data of arbitrary
lengths.
=item $cipher->decrypt($data)
Decrypts data. For Block Ciphers (ECB and CBC) the size of C<$data>
must be exactly C<blocksize> in length (16 bytes) B<or> padding must be
enabled in the B<new> constructor, otherwise this function will croak.
For Stream ciphers (CFB, CTR or OFB) the block size is considered to
be 1 byte and no padding is required.
Crypt::CBC is no longer required to encrypt/decrypt data of arbitrary
lengths.
=item $cipher->fips_mode()
Will return true (1) or false (0) depending whether the openssl 'fips=yes'
default property is set.
=item keysize
This method is used by Crypt::CBC to verify the key length.
This module actually supports key lengths of 16, 24, and 32 bytes,
but this method always returns 32 for Crypt::CBC's sake.
=item blocksize
This method is used by Crypt::CBC to check the block size.
The blocksize for AES is always 16 bytes.
=back
=head2 USE WITH CRYPT::CBC
As padding is now supported for the CBC cipher, Crypt::CBC is no
longer required but supported for backward compatibility.
use Crypt::CBC;
my $plaintext = "This is a test!!";
my $password = "qwerty123";
my $cipher = Crypt::CBC->new(
-key => $password,
-cipher => "Crypt::OpenSSL::AES",
-pbkdf => 'pbkdf2',
);
my $encrypted = $cipher->encrypt($plaintext);
my $decrypted = $cipher->decrypt($encrypted);
=head1 SEE ALSO
L<Crypt::CBC>
http://www.openssl.org/
http://en.wikipedia.org/wiki/Advanced_Encryption_Standard
http://www.csrc.nist.gov/encryption/aes/
=head1 BUGS
Need more (and better) test cases.
t/01-crypt-cbc.t view on Meta::CPAN
use strict;
use warnings;
BEGIN {
unless ($ENV{AUTHOR_TESTING}) {
print qq{1..0 # SKIP these tests are for testing by the author\n};
exit
}
}
use Test::More tests => 1;
use Crypt::CBC;
my $plaintext = "This is a test!!";
my $password = "qwerty123";
my $cipher = Crypt::CBC->new(
-key => $password,
-cipher => "Crypt::OpenSSL::AES",
-pbkdf => 'pbkdf2',
);
my $encrypted = $cipher->encrypt($plaintext);
my $decrypted = $cipher->decrypt($encrypted);
like($decrypted, qr/This is a test!!/, "Correctly decrypted via Crypt::CBC");
done_testing;
t/02-algorithms.t view on Meta::CPAN
my $encrypted;
ok(($encrypted = $c->encrypt($plaintext)) eq $expected_enc, "Encrypted Successfully AES-256-ECB");
ok($c->decrypt($encrypted) eq $plaintext, "Decrypted Successfully using AES-256-ECB");
ok($c->decrypt($c->encrypt("Hello World. 123")) eq "Hello World. 123", "Simple String Encrypted/Decrypted Successfully");
$c = Crypt::OpenSSL::AES->new($key,
{
cipher => 'AES-256-CBC',
iv => 'hsui28sk2o2ksjd4',
});
ok($c->decrypt($c->encrypt("Hello World. 123")) eq "Hello World. 123", "Simple String Encrypted/Decrypted Successfully with AES-256-CBC and IV");
{
SKIP: {
skip "Crypt::Mode::CBC not supported - OpenSSL $major$minor", 1 if $major le '0.9' && $minor le '7';
my $key = "e4e9ac6aa161179889f0e3804d187112f59f3325950a27d943be398074968afc";
# Following data was encrypted with Crypt::Mode::CBC
my $ciphertext = decode_base64("bnTwr7+SR5m71I2TKZNJzz5UcQuoTRdzKvXU/2aN+aA=");
my $c = Crypt::OpenSSL::AES->new(pack("H*", $key),
{
cipher => 'AES-256-CBC',
iv => pack("H*", $iv),
padding => 1,
});
ok($c->decrypt($ciphertext) eq "Hello World. 123", "Decrypt Crypt::Mode::CBC encrypted data");
}
}
eval {
$c->encrypt("Hello World. 123Hello World. 123");
};
unlike ($@, qr/AES: Data size must be multiple of blocksize/, "Data is a multiple of blocksize - no padding");
eval {
t/03-large-data.t view on Meta::CPAN
BEGIN { use_ok('Crypt::OpenSSL::AES') };
{
SKIP: {
skip "IVs unsupported - OpenSSL $major$minor", 2 if $major le '0.9' && $minor le '7';
my $key = 'fe004cb16d14814b71e2c0e7c52f0c1d20fecdbca37bce926c6fc46de7f58ad5';
my $iv = 'bb160a0e845bf36fe92310ba368c0d60';
# Checksum calculated on Crypt::Mode::CBC ciphertext
my $cbc_ciphertext_checksum = 'j2P40htNXAeq3qqORD4Ur/7q/a5iI0MqVatvXV3zwjs';
my $data = do { local $/ = undef; <DATA> };
my $checksum_orig = sha256_base64($data);
my $coa = Crypt::OpenSSL::AES->new(pack("H*", $key),
{
cipher => 'AES-256-CBC',
iv => pack("H*", $iv),
padding => 1,
});
# Encrypt with Crypt::OpenSSL::AES
my $ciphertext = $coa->encrypt($data);
my $coa_ciphertext_checksum = sha256_base64($ciphertext);
ok($coa_ciphertext_checksum eq $cbc_ciphertext_checksum, "Crypt::OpenSSL::AES - Created expected ciphertext");
t/05-aes-cbc.t view on Meta::CPAN
use warnings;
use Test::More tests => 22;
use MIME::Base64 qw/encode_base64 decode_base64/;
use Crypt::OpenSSL::Guess qw/openssl_version/;
my ($major, $minor, $patch) = openssl_version();
BEGIN { use_ok('Crypt::OpenSSL::AES') };
SKIP: {
skip "CBC Cipher unsupported - OpenSSL $major$minor", 21 if $major le '0.9' && $minor le '7';
# key = substr(sha512_256_hex(rand(1000)), 0, ($ks/4));
my %key = (
"128" => "d6fcdc0c8cd66ff82facaa084859e23f",
"192" => "8b3335b0fca17501af9ac76624d7dc23cc687069107a31dc",
"256" => "39f6cdc3fb383fdfe4705d36943334dad6bb5c60df7c34db34089d023e77677e",
);
# iv = substr(sha512_256_hex(rand(1000)), 0, 32);
my %iv = (
#"128" => "9fbb0ee6245939e50aaa3b4659634a9c02800ed9a11d70a194655be6be3e0e43",
"128" => "9fbb0ee6245939e50aaa3b4659634a9c",
#"192" => "e8a980144f35e292888282401fa7353ab6806d6d385a9d90830b10be4bd52ffb",
"192" => "e8a980144f35e292888282401fa7353a",
#"256" => "be77fd70d0a2cf929389171bb75be1ee4637e67a5c77fda07c1a7892c8755f84",
"256" => "be77fd70d0a2cf929389171bb75be1ee",
);
# Following data was encrypted with Crypt::Mode::CBC
my %encrypted = (
"128" => [
"R3Oa7KLd/fxaNehfRGCX5Q==", # no padding
"R3Oa7KLd/fxaNehfRGCX5QMgX9Gzs7JyGIo62NsXeJk=",
],
"192" => [
"49Q1xtaySiebjZz3zAQ+3A==", # no padding
"49Q1xtaySiebjZz3zAQ+3CnbIdZpCpCJscAvsHiWwI4=",
],
"256" => [
t/05-aes-cbc.t view on Meta::CPAN
],
);
my @keysize = ("128", "192", "256");
foreach my $ks (@keysize) {
foreach my $padding (0..1) {
{
my $msg = $padding ? "Padding" : "No Padding";
my $coa = Crypt::OpenSSL::AES->new(pack("H*", $key{$ks}),
{
cipher => "AES-$ks-CBC",
padding => $padding,
iv => pack("H*", $iv{$ks}),
});
my $ciphertext = $coa->encrypt("Hello World. 123");
ok($ciphertext eq decode_base64($encrypted{$ks}[$padding]), "Crypt::OpenSSL::AES ($ks $msg) - Created expected ciphertext");
my $plaintext = $coa->decrypt(decode_base64($encrypted{$ks}[$padding]));
ok($plaintext eq "Hello World. 123", "Crypt::Mode::CBC ($ks $msg) - Decrypted with Crypt::OpenSSL::AES");
}
}
}
foreach my $ks (@keysize) {
my $padding = 1;
my $msg = $padding ? "Padding" : "No Padding";
foreach my $iks (@keysize) {
next if ($ks eq $iks);
my $coa;
t/10-multiencrypt.t view on Meta::CPAN
my $key = pack("H*", "0" x 64); # 32-byte key
my $c = Crypt::OpenSSL::AES->new($key, { cipher => 'AES-256-ECB' });
my $first = $c->encrypt("Hello World. 123");
my $second = $c->encrypt("Hello World. 123");
ok($first eq $second, "ECB: same plaintext gives same ciphertext on second call");
ok($c->decrypt($first) eq "Hello World. 123", "ECB: first decrypt correct");
ok($c->decrypt($second) eq "Hello World. 123", "ECB: second decrypt correct");
my $c2 = Crypt::OpenSSL::AES->new($key, {
cipher => 'AES-256-CBC', iv => pack("H*", "0" x 32), padding => 1
});
my $ct1 = $c2->encrypt("Hello World. 123");
my $ct2 = $c2->encrypt("Hello World. 123");
ok($ct1 eq $ct2, "CBC: same key+iv gives identical ciphertext on repeated calls");
ok($c2->decrypt($ct1) eq "Hello World. 123", "CBC: ciphertext decrypts correctly");
ok($c2->decrypt($ct2) eq "Hello World. 123", "CBC: ciphertext decrypts correctly");
t/12-iv-size.t view on Meta::CPAN
BEGIN { use_ok('Crypt::OpenSSL::AES') };
my $key = "e4e9ac6aa161179889f0e3804d187112f59f3325950a27d943be398074968afc";
my $iv = "4b2e6d920c60f1212c07c2e4d7ce6776";
my $iv_len = length(pack("H*", $iv));
my $c;
eval {
$c = Crypt::OpenSSL::AES->new(pack("H*", $key),
{
cipher => 'AES-256-CBC',
iv => pack("H*", $iv),
padding => 1,
});
};
ok(!$@, "Valid IV Length $iv_len as expected");
isa_ok($c, 'Crypt::OpenSSL::AES');
$iv = "4b2e6d920c60f1212c07c2e4d7ce6776c";
eval {
$c = Crypt::OpenSSL::AES->new(pack("H*", $key),
{
cipher => 'AES-256-CBC',
iv => pack("H*", $iv),
padding => 1,
});
};
like($@, qr/Invalid IV length/, "Invalid IV Length $iv_len as expected");
$iv = "4b2e6d920c60f1212c07c2e4d7ce";
$iv_len = length(pack("H*", $iv));
eval {
$c = Crypt::OpenSSL::AES->new(pack("H*", $key),
{
cipher => 'AES-256-CBC',
iv => pack("H*", $iv),
padding => 1,
});
};
like($@, qr/Invalid IV length/, "Invalid IV Length $iv_len as expected");
t/13-synopsis.t view on Meta::CPAN
use warnings;
use Test::More tests => 3;
use Crypt::OpenSSL::AES;
use Crypt::URandom qw( urandom );
# Basic usage (defaults to AES-ECB based on key length; ECB is not recommended)
my $key = urandom(32);
my $cipher = Crypt::OpenSSL::AES->new($key);
# Recommended usage: AES-256-CBC with proper Initialization Vector and Padding
my $secure_key = urandom(32); # 32 bytes (256 bits) for AES-256
my $iv = urandom(16); # 16 bytes (128 bits) block size for AES
my $secure_cipher = Crypt::OpenSSL::AES->new(
$secure_key,
{
cipher => 'AES-256-CBC',
iv => $iv,
padding => 1, # 1 for standard block padding, 0 for no padding
}
);
isa_ok($secure_cipher, 'Crypt::OpenSSL::AES');
my $plaintext = "Confidential data to be encrypted.";
my $encrypted = $secure_cipher->encrypt($plaintext);
unlike($encrypted, qr/Confidential data to be encrypted./, "Data encrypted");
t/14-zero-length.t view on Meta::CPAN
use warnings;
use Test::More tests => 4;
use Crypt::OpenSSL::AES;
use Crypt::URandom qw( urandom );
# Basic usage (defaults to AES-ECB based on key length; ECB is not recommended)
my $key = urandom(32);
my $cipher = Crypt::OpenSSL::AES->new($key);
# Recommended usage: AES-256-CBC with proper Initialization Vector and Padding
my $secure_key = urandom(32); # 32 bytes (256 bits) for AES-256
my $iv = urandom(16); # 16 bytes (128 bits) block size for AES
my $secure_cipher = Crypt::OpenSSL::AES->new(
$secure_key,
{
cipher => 'AES-256-CBC',
iv => $iv,
padding => 1, # 1 for standard block padding, 0 for no padding
}
);
isa_ok($secure_cipher, 'Crypt::OpenSSL::AES');
my $plaintext = "";
my $encrypted = $secure_cipher->encrypt($plaintext);
ok(length($encrypted) ne 0, "Zero length data encrypted");
( run in 2.518 seconds using v1.01-cache-2.11-cpan-e1769b4cff6 )