NAME
Crypt::Sodium::XS::OO::auth - Secret key message authentication
SYNOPSIS
use Crypt::Sodium::XS;
my $auth = Crypt::Sodium::XS->auth;
my $key = $auth->keygen;
my $msg = "authenticate this message";
my $mac = $auth->auth($msg, $key);
die "message tampered with!" unless $auth->verify($mac, $msg, $key);
my $multipart = $auth->init($key);
$multipart->update("authenticate");
$multipart->update(" this", " message");
$mac = $multipart->final;
die "message tampered with!" unless $auth->verify($mac, $msg, $key);DESCRIPTION
Crypt::Sodium::XS::OO::auth computes an authentication MAC for a message and a secret key, and provides a way to verify that a given MAC is valid for a given message and a key.
The function computing the MAC is deterministic: the same ($message, $key) tuple will always produce the same output. However, even if the message is public, knowing the key is required in order to be able to compute a valid MAC. Therefore, the key should remain confidential. The MAC, however, can be public.
A typical use case is:
* Alice prepares a message, adds an authentication MAC, sends it to Bob
* Alice doesn't store the message
* Later on, Bob sends the message and the authentication MAC back to Alice
* Alice uses the authentication MAC to verify that she created this message
Crypt::Sodium::XS::OO::auth does not encrypt the message. It only computes and verifies an authentication MAC.
CONSTRUCTOR
new
my $auth = Crypt::Sodium::XS::OO::auth->new;
my $auth = Crypt::Sodium::XS::OO::auth->new(primitive => 'hmacsha256');
my $auth = Crypt::Sodium::XS->auth;Returns a new auth object for the given primitive. If not given, the default primitive is default.
ATTRIBUTES
primitive
my $primitive = $aead->primitive;
$aead->primitive('chacha20poly1305');The primitive used for all operations by this object.
METHODS
PRIMITIVE
my $primitive = $auth->PRIMITIVE;BYTES
my $mac_length = $auth->BYTES;KEYBYTES
my $key_length = $auth->KEYBTES;primitives
my @primitives = $auth->primities;Returns a list of all supported primitive names (including 'default').
auth
my $mac = $auth->auth($message, $key);init
my $multipart = $auth->init($key);keygen
my $key = $auth->keygen;verify
my $is_valid = $auth->verify($mac, $message, $key);MULTI-PART INTERFACE
NOTE: The multipart interface may use arbitrary-length keys. This is not recommended as it can be easily misused (e.g., accidentally using an empty key).
A multipart auth object is created by calling the "init" method. Data to be authenticated is added by calling the "update" method of that object as many times as desired. An output mac is generated by calling its "final" method. Do not use the object after calling "final".
The multipart auth object is an opaque object which provides the following methods:
clone
my $multipart_copy = $multipart->clone;Returns a cloned copy of the multipart auth object, duplicating its internal state.
final
my $mac = $multipart->final;Once final has been called, the auth object must not be used further.
update
$multipart->update($message);
$multipart->update(@messages);Adds all given arguments (stringified) to authenticated data.
SEE ALSO
- Crypt::Sodium::XS
- Crypt::Sodium::XS::auth
- https://doc.libsodium.org/secret-key_cryptography/secret-key_authentication
- https://doc.libsodium.org/advanced/hmac-sha2
FEEDBACK
For reporting bugs, giving feedback, submitting patches, etc. please use the following:
RT queue at https://rt.cpan.org/Dist/Display.html?Name=Crypt-Sodium-XS
IRC channel
#sodiumonirc.perl.org.Email the author directly.
AUTHOR
Brad Barden <perlmodules@5c30.org>
COPYRIGHT & LICENSE
Copyright (c) 2022 Brad Barden. All rights reserved.
This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.