NAME

Crypt::Sodium::XS::OO::secretstream - Secret key authenticated encryption for multiple in-order messages

SYNOPSIS

use Crypt::Sodium::XS::secretstream;
my $sstream
  = Crypt::Sodium::XS::OO::secretstream->new(primitive => 'xchacha20poly1305');
# or use the shortcut
# use Crypt::Sodium::XS;
# my $sstream
#   = Crypt::Sodium::XS->secretstream(primitive => 'xchacha20poly1305');

# typically, key exchange would be used for a shared secret key.
my $key = $sstream->keygen;

# encryption
my ($header, $sstream_enc) = $sstream->init_encrypt($key);
my $ciphertext = $sstream_enc->encrypt("hello,");

my $adata = "foo bar";
my $ct2 = $sstream_enc->encrypt(" world!", $sstream->TAG_PUSH, $adata);

# decryption
# note that $header (created above) is required to begin decryption.
my $sstream_dec = $sstream->init_decrypt($header, $key);
my $plaintext = $sstream_dec->decrypt($ciphertext);

# note that $adata (created above) is required to decrypt this message.
my ($pt2, $tag) = $sstream_dec->decrypt($ct2, $adata);

# using tags
if ($tag == $sstream->TAG_MESSAGE) {
  # default, most common tag
}
elsif ($tag == $sstream->TAG_PUSH) {
  # in-band mark for application to delimit related messages
}
elsif ($tag == $sstream->TAG_REKEY) {
  # re-keying after this message was triggered by sender
}
elsif ($tag == $sstream->TAG_FINAL) {
  # last message
}

DESCRIPTION

Crypt::Sodium::XS::OO::secretstream encrypts a sequence of messages, or a single message split into an arbitrary number of chunks, using a secret key, with the following properties:

Messages cannot be truncated, removed, reordered, duplicated or modified without this being detected by the decryption functions.
The same sequence encrypted twice will produce different ciphertexts.
An authentication tag is added to each encrypted message: stream corruption will be detected early, without having to read the stream until the end.
Each message can include additional data (ex: timestamp, protocol version) in the computation of the authentication tag.
Messages can have different sizes.
There are no practical limits to the total length of the stream, or to the total number of individual messages.
Ratcheting: at any point in the stream, it is possible to "forget" the key used to encrypt the previous messages, and switch to a new key.

Crypt::Sodium::XS::secretstream can be used to securely send an ordered sequence of messages to a peer. Since the length of the stream is not limited, it can also be used to encrypt files regardless of their size.

It transparently generates nonces and automatically handles key rotation.

CONSTRUCTOR

new

my $sstream
  = Crypt::Sodium::XS::OO::secretstream->new(primitive => 'xchacha20poly1305');
my $sstream
  = Crypt::Sodium::XS->secretstream(primitive => 'xchacha20poly1305');

Returns a new secretstream object for the given primitive. The primitive argument is required.

ATTRIBUTES

primitive

my $primitive = $sstream->primitive;
$sstream->primitive('xchacha20poly1305');

Gets or sets the primitive used for all operations by this object. For this module, the returned primitive is always identical to "PRIMITIVE".

METHODS

primitives

my @primitives = $sstream->primitives;

Returns a list of all supported primitive names.

Can be called as a class method.

PRIMITIVE

my $primitive = $sstream->PRIMITIVE;

Returns the primitive used for all operations by this object. For this module, always identical to the "primitive" attribute.

init_decrypt

my $sstream_dec = $sstream->init_decrypt($header, $key, $flags);

$header is an opaque header of "HEADERBYTES" bytes generated by a previous call to "init_encrypt".

$key is a shared secret key. It must be "KEYBYTES" bytes. It may be a "Crypt::Sodium::XS::MemVault".

$flags is optional. It is the flags used for the secretstream decryption protected memory object. See Crypt::Sodium::XS::ProtMem.

Returns an opaque protected memory object: a secretstream decryption object.

See "STREAM INTERFACE".

init_encrypt

my ($header, $sstream_enc) = $sstream->init_encrypt($key, $flags);

$key is a shared secret key. It must be "KEYBYTES" bytes. It may be a "Crypt::Sodium::XS::MemVault".

$flags is optional. It is the flags used for the secretstream encryption protected memory object. See Crypt::Sodium::XS::ProtMem.

Returns an opaque header of "HEADERBYTES" bytes and an opaque protected memory object: a secretstream encryption object.

See "STREAM INTERFACE".

keygen

my $key = $sstream->keygen($flags);

$flags is optional. It is the flags used for the $key Crypt::Sodium::XS::MemVault. See Crypt::Sodium::XS::ProtMem.

Returns a Crypt::Sodium::XS::MemVault: a new secret key of "KEYBYTES" bytes.

ABYTES

my $tag_size = $sstream->ABYTES;

Returns the size, in bytes, of an authentication tag. Note that this is not a restriction on the amount of additional data (adata).

The size of any ciphertext is message size + "ABYTES".

HEADERBYTES

my $header_size = $sstream->HEADERBYTES;

Returns the size, in bytes, of a header generated by "init_encrypt".

KEYBYTES

my $key_size = $sstream->KEYBYTES;

Returns the size, in bytes, of a secret key.

MESSAGEBYTES_MAX

my $message_max_size = $sstream->MESSAGEBYTES_MAX;

Returns the size, in bytes, of the maximum size of any message to be encrypted.

TAG_MESSAGE

my $message_tag = $sstream->TAG_MESSAGE;

Returns the tag value for a TAG_MESSAGE secretstream tag.

TAG_PUSH

my $push_tag = $sstream->TAG_PUSH;

Returns the tag value for a TAG_PUSH secretstream tag.

TAG_REKEY

my $rekey_tag = $sstream->TAG_REKEY;

Returns the tag value for a TAG_REKEY secretstream tag.

TAG_FINAL

my $final_tag = $sstream->TAG_FINAL;

Returns the tag value for a TAG_FINAL secretstream tag.

STREAM INTERFACE

OVERVIEW

An encrypted stream starts with a short header, whose size is "HEADERBYTES" bytes. That header must be sent/stored before the sequence of encrypted messages, as it is required to decrypt the stream. The header content doesn’t have to be secret and decryption with a different header would fail.

A tag is attached to each message. That tag can be any of:

0, or "TAG_MESSAGE": The most common tag, that doesn’t add any information about the nature of the message.
"TAG_FINAL": Indicates that the message marks the end of the stream, and erases the secret key used to encrypt the previous sequence.
"TAG_PUSH": Indicates that the message marks the end of a set of messages, but not the end of the stream. For example, a huge JSON string sent as multiple chunks can use this tag to indicate to the application that the string is complete and that it can be decoded. But the stream itself is not closed, and more data may follow.
"TAG_REKEY": “Forget” the key used to encrypt this message and the previous ones, and derive a new secret key.

A typical encrypted stream simply attaches 0 as a tag to all messages, except the last one which is tagged as TAG_FINAL.

Note that tags are encrypted; encrypted streams do not reveal any information about sequence boundaries (PUSH and REKEY tags).

For each message, additional data can be included in the computation of the authentication tag. With this API, additional data is rarely required, and most applications can just omit it.

ENCRYPTION

The "init_encrypt" method takes a shared secret key returns a header and a secretstream encryption object. This is an opaque object with the following methods:

encrypt

my $ciphertext = $sstream_enc->encrypt($plaintext, $tag, $adata);

$plaintext is the plaintext to encrypt. It may be a Crypt::Sodium::XS::MemVault.

$tag is optional. It is the tag value attached to the message. If not provided, it defaults to "TAG_MESSAGE". The most common use is a tag of "TAG_FINAL" to indicate the last message in a stream. See "OVERVIEW".

$adata is optional. If provided, it must match the additional data that was used when encrypting this message. It is rarely needed with the secretstream interface.

Returns the encrypted ciphertext.

DECRYPTION

The "init_decrypt" method is the decryption counterpart for the receiving end of a stream. It takes a header and a secret key; the key must match the one used to create the encryption object, and the header must match the one that was returned when it was created. It returns a secretstream decryption object. This is an opaque object with the following methods:

decrypt

my $plaintext = $sstream_dec->decrypt($ciphertext, $adata);
my ($plaintext, $tag) = $sstream_dec->decrypt($ciphertext, $adata);

Croaks on decryption failure.

$ciphertext is the ciphertext to decrypt.

$adata is optional. It is rarely needed with the secretstream interface.

Returns a Crypt::Sodium::XS::MemVault: the decrypted plaintext and the message tag. See "OVERVIEW".

FEEDBACK

For reporting bugs, giving feedback, submitting patches, etc. please use the following:

RT queue at https://rt.cpan.org/Dist/Display.html?Name=Crypt-Sodium-XS
IRC channel #sodium on irc.perl.org.
Email the author directly.

AUTHOR

Brad Barden <perlmodules@5c30.org>

COPYRIGHT & LICENSE

This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

To install Crypt::Sodium::XS, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Crypt::Sodium::XS

CPAN shell

perl -MCPAN -e shell
install Crypt::Sodium::XS

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)