Merge tag 'upstream/0.058'

Upstream version 0.058

Changes

@@ -1,15 +1,57 @@
 Changes for CryptX
 
-TODO:
+0.059   2018-03-XX
-        - add support for PKCS#8 encrypted RSA+ECC private keys  "-----BEGIN ENCRYPTED PRIVATE KEY-----"
+        - new Crypt::Digest::Keccak(224|256|384|512)
-        - RSA|DSA|ECC: verify_key($level) (basic check + extented primality test)
+        - new sign_hash_rfc7518 + verify_hash_rfc7518 (Crypt::PK::ECC)
-        - better primality testing: http://questhub.io/realm/perl/quest/519032ee1088c76505000035 (idea: mp_prime_lucas)
+        - improved import of pkcs#8 private keys (Crypt::PK::ECC)
-        - DSA: generate_key($p, $q, $g), generate_key(\$dsa_params_der), generate_key($dsa_params_file)
+        - fix #28 Apple's APNS pkcs8 auth key import fails (Crypt::PK::ECC)
-        - XS croaks should report the "real caller" (Crypt::Mac::*, Crypt::Mode::*, ...)
+        - fix cpantesters failure (5.8.1 related)
-        - maybe: add CCM interface for new-add-add-done mode
-        - maybe: add encode_b32/decode_b32
 
-0.048   2017/05/31
+0.058   2018-02-27
+        - fix: decode_b58b + invalid input
+
+0.057   2018-01-31
+        - significant speed-up (more stuff handled on XS level)
+        - Crypt::Checksum is deprecated in favour of Crypt::Checksum::Adler32|CRC32
+
+0.056   2017-12-22
+        - new Crypt::Stream::Rabbit
+
+0.055   2017-11-28
+        - new Crypt::Cipher::IDEA
+        - new Crypt::Cipher::Serpent
+        - new Crypt::Stream::Salsa20
+        - new Crypt::Stream::Sosemanuk
+        - added CCM object oriented interface: new-add-add-done
+        - fix #39 accept CFLAGS and CPPFLAGS from the environment
+        - fix #40 typos in POD
+        - fix HMAC+SHA3 (now compliant with NIST test vectors)
+
+0.054   2017-10-12
+        - fix Crypt::PK::DSA verify
+        - libtomcrypt updated to 1.18 (+ some extra patches)
+        - documentation fixes
+
+0.053   2017-09-15
+        - fix Crypt::PK::DSA generate_key
+
+0.051   2017-08-08
+        - INCOMPATIBLE CHANGE: Crypt::AuthEnc::OCB is now compliant with RFC 7253
+
+0.050   2017-07-18
+        - fix cpantesters failures/warnings
+
+0.049   2017-07-18
+        - libtomcrypt updated to 1.18-rc2 (+ some extra patches)
+        - REMOVED: Crypt::PK::DH encrypt decrypt sign_message verify_message sign_hash verify_hash
+        - NEW: Crypt::Misc - encode_b32*, decode_b32*, encode_b58*, decode_b58*
+        - Crypt::PK::RSA: import public key from X509 certificate
+        - Crypt::PK::DSA: improved generate_key()
+        - Crypt::PK::DH: improved generate_key()
+        - fix #36 aad_add is obsolete for all EncAuth algs (correct is adata_add)
+        - fix #37 GCM - Encryption of the empty string
+
+0.048   2017-05-31
         - NEW: Crypt::Digest::SHA3_224
         - NEW: Crypt::Digest::SHA3_256
         - NEW: Crypt::Digest::SHA3_384
@@ -34,43 +76,43 @@ TODO:
         - NEW: functions in Crypt::Misc - increment_octets_be, increment_octets_le
         - Crypt::PRNG now uses chacha20 prng by default
 
-0.047   2017/04/05
+0.047   2017-04-05
         - fix #32 Compile "ar" step fails when Perl built with -flto (better version)
         - fix #33 build fails on freebsd 9.2 and 10.0 (ar: fatal: Numeric group ID too large)
 
-0.046   2017/04/04
+0.046   2017-04-04
         - fix #32 Compile "ar" step fails when Perl built with -flto
 
-0.045   2017/03/31
+0.045   2017-03-31
         - sync with libtomcrypt/develop
         - fix #30 fix on SPARC+SolarisStudio
         - fix #31 Fails tests without '.' in @INC
         - polish compiler warnings
 
-0.044   2016/11/28
+0.044   2016-11-28
         - fix #27 Math::BigInt::LTM compatibility with older Math::BigInt
 
-0.043   2016/11/27
+0.043   2016-11-27
         - fix #26 Math::BigInt::LTM compatibility with Math::BigInt 1.999801+
 
-0.042   2016/11/12
+0.042   2016-11-12
         - RSA: sign/verify functions now support 'none' padding (INSECURE!)
         - RC2: min keylen 40bit, used to be 64bit (INSECURE!)
 
-0.041   2016/10/12
+0.041   2016-10-12
         - ECC: ltc_ecc_is_point memory leak
         - DSA: properly handle FIPS 186-4 (4.6 + 4.7)
         - GCM: counter incrementation isn't stopped at 2^32 blocks, which breaks GCM
         - fix issue #24 Crypt::PK::ECC needs $VERSION (all *.pm have $VERSION)
 
-0.040   2016/09/12
+0.040   2016-09-12
         - fix file permissions
         - fix compiler warnings
 
-0.039   2016/08/02
+0.039   2016-08-02
         - fix build troubles for MacOS / PPC
 
-0.038   2016/07/06
+0.038   2016-07-06
         - fix issue #20 DSA/RSA/ECC/DH key2hash - hexadecimal numbers are missing leading zero
         - Math::BigInt::LTM fixed mp_invmod(a,b,c) for b == 1
         - Math::BigInt::LTM fixed _log_int()
@@ -78,30 +120,30 @@ TODO:
         - fix 'Please specify prototyping behavior for CryptX.xs'
         - libtomcrypt (renaming *tab.c > *tab.c.inc not needed anymore)
 
-0.037   2016/06/16
+0.037   2016-06-16
         - fix issue #18 Minor issue with comment syntax
         - fix issue #19 t/checksum.t fails on AIX-5.3
 
-0.036   2016/06/07
+0.036   2016-06-07
         - fix issue #17 ability to export ecc keys in short/oid form
 
-0.035   2016/06/03
+0.035   2016-06-03
         - fix issue #14 Ensure Crypt::PK::ECC->key2hash()->{curve_name} is lowercase
         - fix issue #15 OpenSSL interoperability broken
 
-0.034   2016/05/11
+0.034   2016-05-11
         - Prevent RSA import_key() from altering a JWK hash reference
 
-0.033   2016/05/09
+0.033   2016-05-09
         - MSVC6 related fixes (needed for older ActivePerl@MSWin32)
 
-0.032   2016/05/04
+0.032   2016-05-04
         - Crypt::PK::DH - accept base/prime values
         - new: DH methods export_key_raw, import_key_raw, params2hash
         - enhanced: DH method generate_key
         - new: Crypt::Checksum, Crypt::Checksum::CRC32, Crypt::Checksum::Adler32
 
-0.031   2016/05/01
+0.031   2016-05-01
         - new: RSA+ECC method export_key_jwk_thumbprint()
         - new: Crypt::Misc functions random_v4uuid + is_v4uuid
         - fix: RSA+ECC export_key_jwk produces canonical JSON
@@ -109,18 +151,18 @@ TODO:
                   public keys exported be previous version can still be imported
         - fix: ECC import_key now accepts non-standard JWK curve names e.g. "secp112r1", "secp521r1"
 
-0.030   2016/04/13
+0.030   2016-04-13
         - fix: 0.029 + 0.028 by mistake installed *.inc files to perl/(lib|site|vendor)
 
-0.029   2016/04/13
+0.029   2016-04-13
         - NEW module: Math::BigInt::LTM
         - NEW module: Crypt::Misc
 
-0.028   2016/03/23
+0.028   2016-03-23
         - IMPORTANT: switch from Module::Build to ExtUtils::MakeMaker
         - fix for broken DSA key (ssh format) loading
 
-0.027   2016/01/25
+0.027   2016-01-25
         - sync with https://github.com/libtom/libtomcrypt (branch develop)
         - sync with https://github.com/libtom/libtommath (branch develop)
         - HP-UX related fixes
@@ -128,26 +170,26 @@ TODO:
         - skip jwk.t if no JSON::* module available
         - does not require MIME::Base64 (we use base64 routines from libtomcrypt)
 
-0.026   2015/11/28
+0.026   2015-11-28
         - switch to JSON::MaybeXS
         - Crypt::PRNG - rand/irand related cosmetics
         - consistently using UNIX newlines
 
-0.025   2015/07/07
+0.025   2015-07-07
         - Crypt::PK::ECC+RSA export_key_jwk() allows to export a perl HASH with JWK structure
 
-0.024   2015/06/29
+0.024   2015-06-29
         - new Crypt::PK::ECC methods
             verify_message_rfc7518()
             sign_message_rfc7518()
             curve2hash()
         - fix for Crypt::PK::RSA - bug in loading private key in JWK format
 
-0.023   2015/06/10
+0.023   2015-06-10
         - support for older compilers (gcc3, vc6)
         - typo in documentation (by tomhukins)
 
-0.022   2015/05/22
+0.022   2015-05-22
         - new: Crypt::PK::ECC+RSA export_key_jwk() - exporting JWK format
         - new: Crypt::Digest::SHA512_224
         - new: Crypt::Digest::SHA512_256
@@ -161,12 +203,12 @@ TODO:
         - libtommath  updated to the latest develop branch, commit 0fd5e6c17f Dec 11 14:59:35 2014 +0100
         - documentation fixes
 
-0.021   2014/01/23
+0.021   2014-01-23
         - fixed asm(...) related compiler failures
         - dsa_encrypt_key small correction
         - optimized ecc_encrypt_key
 
-0.020   2014/01/18
+0.020   2014-01-18
         - INCOMPATIBLE CHANGE: huge redesign of Crypt::PK::ECC
         - ECC now supports curves y^2 = x^3 + a*x + b
         - ECC you can use custom curves
@@ -174,13 +216,13 @@ TODO:
         - enabling compile options ASM + ECC_TIMING_RESISTANT
         - added many test vectors (RSA, DSA, EC) for interoperability with openssl
 
-0.019   2013/10/20
+0.019   2013-10-20
         - fixed broken CAMELLIA implementation
 
-0.018   2013/10/18
+0.018   2013-10-18
         - DSA: make_key + sign_hash fixes
 
-0.017   2013/09/24
+0.017   2013-09-24
         - lowering MIME::Base64 version requirement
         - support for import/export of password protected RSA/DSA keys
         - RSA: added - export_key_pem('public_x509')
@@ -188,62 +230,62 @@ TODO:
         - added openssl test vectors
         - fixed compiler warnings (RSA/DSA/ECC/DH)
 
-0.016   2013/09/15
+0.016   2013-09-15
         - added missing test for key2hash, sign_hash, verify_hash
         - fixed build failures on VC6
 
-0.015   2013/09/12
+0.015   2013-09-12
         - only documentation fixes
 
-0.014   2013/09/11
+0.014   2013-09-11
         - Crypt::Digest::NNN + Crypt::Mac::NNN - can produce Base64-URL-Safe encoded digest/mac
         - Crypt::PRNG + Crypt::PRNG::NNN - Base64-URL-Safe encoded random bytes (random_bytes_b64u/bytes_b64u)
         - Crypt::PK::RSA/DSA/DH/ECC - sign/verify replaced by sign_message/verify_message + sign_hash/verify_hash
         - Crypt::PK::RSA/DSA/DH/ECC - new method key2hash
         - documentation fixes
 
-0.013   2013/08/28
+0.013   2013-08-28
         - DSA/RSA/ECC/DH - importing keys from string changed - now: $pk->import_key(\$buffer_with_key)
         - DSA/RSA/ECC/DH - size() and is_private() now return undef if no key loaded
         - improved RSA doc
 
-0.012   2013/06/17
+0.012   2013-06-17
         - README, LICENSE etc. to improve CPANTS score
         - somehow works with perl 5.6.2
 
-0.011   2013/06/15
+0.011   2013-06-15
         - fixing various compiler warnings
 
-0.009   2013/05/19
+0.009   2013-05-19
         - doc fixes
         - requires perl 5.8.8 or higher
         - INCOMPATIBILITY: all digest related 'xxx_base64' functions renamed to 'xxx_b64'
 
-0.008   2013/05/02
+0.008   2013-05-02
         - fixed prng test failures
         - Crypt::Digest::* croaks with the "real caller" (not a nice solution)
 
-0.007   2013/04/23
+0.007   2013-04-23
         - Crypt::PRNG supports add_entropy() - without params
         - Crypt::PRNG fork-safe & thread-safe
         - random_string has default $len = 20
         - doc fixes
         - cpan tester failure fix for pk_dsa.t
 
-0.006   2013/04/19
+0.006   2013-04-19
         - added Crypt::KeyDerivation
         - Win64 compatibility
 
-0.005   2013/04/18
+0.005   2013-04-18
         - added Crypt::PRNG::Fortuna|RC4|Sober128|Yarrow
         - added Crypt::PK::RSA|DSA|ECC|DH
 
-0.004   2013/04/16
+0.004   2013-04-16
         - removing illegal Crypt::Random
 
-0.003   2013/04/16
+0.003   2013-04-16
         - added Crypt::Mode::CBC|CFB|CTR|ECB|OFB
         - added Crypt::AuthEnc::CCM|EAX|GCM|OCB
 
-0.002   2013/04/11
+0.002   2013-04-11
         - first release on CPAN

CryptX.xs

@@ -1,3 +1,4 @@
+#define PERL_NO_GET_CONTEXT     /* we want efficiency */
 #include "EXTERN.h"
 #include "perl.h"
 #include "XSUB.h"
@@ -7,6 +8,16 @@
 #define NEED_newRV_noinc_GLOBAL
 #include "ppport.h"
 
+/* assert_not_ROK is broken in 5.8.1 */
+#if PERL_VERSION == 8 && PERL_SUBVERSION == 1
+# undef assert_not_ROK
+# if defined(__GNUC__) && !defined(PERL_GCC_BRACE_GROUPS_FORBIDDEN)
+#  define assert_not_ROK(sv)  ({assert(!SvROK(sv) || !SvRV(sv));}),
+# else
+#  define assert_not_ROK(sv)
+# endif
+#endif
+
 #undef LTC_SOURCE
 #include "tomcrypt.h"
 #include "tommath.h"
@@ -14,15 +25,36 @@
 typedef adler32_state           *Crypt__Checksum__Adler32;
 typedef crc32_state             *Crypt__Checksum__CRC32;
 
+typedef ccm_state               *Crypt__AuthEnc__CCM;
+typedef eax_state               *Crypt__AuthEnc__EAX;
+typedef gcm_state               *Crypt__AuthEnc__GCM;
+typedef chacha20poly1305_state  *Crypt__AuthEnc__ChaCha20Poly1305;
+typedef ocb3_state              *Crypt__AuthEnc__OCB;
+
+typedef chacha_state            *Crypt__Stream__ChaCha;
+typedef salsa20_state           *Crypt__Stream__Salsa20;
+typedef sosemanuk_state         *Crypt__Stream__Sosemanuk;
+typedef rabbit_state            *Crypt__Stream__Rabbit;
+typedef rc4_state               *Crypt__Stream__RC4;
+typedef sober128_state          *Crypt__Stream__Sober128;
+
+typedef f9_state                *Crypt__Mac__F9;
+typedef hmac_state              *Crypt__Mac__HMAC;
+typedef omac_state              *Crypt__Mac__OMAC;
+typedef pelican_state           *Crypt__Mac__Pelican;
+typedef pmac_state              *Crypt__Mac__PMAC;
+typedef xcbc_state              *Crypt__Mac__XCBC;
+typedef poly1305_state          *Crypt__Mac__Poly1305;
+typedef blake2smac_state        *Crypt__Mac__BLAKE2s;
+typedef blake2bmac_state        *Crypt__Mac__BLAKE2b;
+
 typedef struct cipher_struct {          /* used by Crypt::Cipher */
   symmetric_key skey;
-  int id;
   struct ltc_cipher_descriptor *desc;
 } *Crypt__Cipher;
 
 typedef struct digest_struct {          /* used by Crypt::Digest */
   hash_state state;
-  int id;
   struct ltc_hash_descriptor *desc;
 } *Crypt__Digest;
 
@@ -31,91 +63,6 @@ typedef struct digest_shake_struct {    /* used by Crypt::Digest::SHAKE */
   int num;
 } *Crypt__Digest__SHAKE;
 
-typedef struct ccm_struct {             /* used by Crypt::AuthEnc::CCM */
-  ccm_state state;
-  int id;
-} *Crypt__AuthEnc__CCM;
-
-typedef struct eax_struct {             /* used by Crypt::AuthEnc::EAX */
-  eax_state state;
-  int id;
-} *Crypt__AuthEnc__EAX;
-
-typedef struct gcm_struct {             /* used by Crypt::AuthEnc::GCM */
-  gcm_state state;
-  int id;
-} *Crypt__AuthEnc__GCM;
-
-typedef struct chacha20poly1305_struct {/* used by Crypt::AuthEnc::ChaCha20Poly1305 */
-  chacha20poly1305_state state;
-  int id;
-} *Crypt__AuthEnc__ChaCha20Poly1305;
-
-typedef struct ocb_struct {             /* used by Crypt::AuthEnc::OCB */
-  ocb3_state state;
-  int id;
-} *Crypt__AuthEnc__OCB;
-
-typedef struct chacha_struct {          /* used by Crypt::Stream::ChaCha */
-  chacha_state state;
-  int id;
-} *Crypt__Stream__ChaCha;
-
-typedef struct rc4_struct {             /* used by Crypt::Stream::RC4 */
-  rc4_state state;
-  int id;
-} *Crypt__Stream__RC4;
-
-typedef struct sober128_struct {        /* used by Crypt::Stream::Sober128 */
-  sober128_state state;
-  int id;
-} *Crypt__Stream__Sober128;
-
-typedef struct f9_struct {              /* used by Crypt::Mac::F9 */
-  f9_state state;
-  int id;
-} *Crypt__Mac__F9;
-
-typedef struct hmac_struct {            /* used by Crypt::Mac::HMAC */
-  hmac_state state;
-  int id;
-} *Crypt__Mac__HMAC;
-
-typedef struct omac_struct {            /* used by Crypt::Mac::OMAC */
-  omac_state state;
-  int id;
-} *Crypt__Mac__OMAC;
-
-typedef struct pelican_struct {         /* used by Crypt::Mac::Pelican */
-  pelican_state state;
-  int id;
-} *Crypt__Mac__Pelican;
-
-typedef struct pmac_struct {            /* used by Crypt::Mac::PMAC */
-  pmac_state state;
-  int id;
-} *Crypt__Mac__PMAC;
-
-typedef struct xcbc_struct {            /* used by Crypt::Mac::XCBC */
-  xcbc_state state;
-  int id;
-} *Crypt__Mac__XCBC;
-
-typedef struct poly1305_struct {        /* used by Crypt::Mac::Poly1305 */
-  poly1305_state state;
-  int id;
-} *Crypt__Mac__Poly1305;
-
-typedef struct blake2s_struct {         /* used by Crypt::Mac::BLAKE2s */
-  blake2smac_state state;
-  int id;
-} *Crypt__Mac__BLAKE2s;
-
-typedef struct blake2b_struct {         /* used by Crypt::Mac::BLAKE2b */
-  blake2bmac_state state;
-  int id;
-} *Crypt__Mac__BLAKE2b;
-
 typedef struct cbc_struct {             /* used by Crypt::Mode::CBC */
   int cipher_id, cipher_rounds;
   symmetric_CBC state;
@@ -123,7 +70,6 @@ typedef struct cbc_struct {             /* used by Crypt::Mode::CBC */
   int padlen;
   int padding_mode;
   int direction;
-  int id;
 } *Crypt__Mode__CBC;
 
 typedef struct ecb_struct {             /* used by Crypt::Mode::ECB */
@@ -133,14 +79,12 @@ typedef struct ecb_struct {             /* used by Crypt::Mode::ECB */
   int padlen;
   int padding_mode;
   int direction;
-  int id;
 } *Crypt__Mode__ECB;
 
 typedef struct cfb_struct {             /* used by Crypt::Mode::CFB */
   int cipher_id, cipher_rounds;
   symmetric_CFB state;
   int direction;
-  int id;
 } *Crypt__Mode__CFB;
 
 typedef struct ctr_struct {             /* used by Crypt::Mode::CTR */
@@ -148,134 +92,254 @@ typedef struct ctr_struct {             /* used by Crypt::Mode::CTR */
   int ctr_mode_param;
   symmetric_CTR state;
   int direction;
-  int id;
 } *Crypt__Mode__CTR;
 
 typedef struct f8_struct {              /* used by Crypt::Mode::F8 */
   int cipher_id, cipher_rounds;
   symmetric_F8 state;
   int direction;
-  int id;
 } *Crypt__Mode__F8;
 
 typedef struct lrw_struct {             /* used by Crypt::Mode::LRW */
   int cipher_id, cipher_rounds;
   symmetric_LRW state;
   int direction;
-  int id;
 } *Crypt__Mode__LRW;
 
 typedef struct ofb_struct {             /* used by Crypt::Mode::OFB */
   int cipher_id, cipher_rounds;
   symmetric_OFB state;
   int direction;
-  int id;
 } *Crypt__Mode__OFB;
 
 typedef struct xts_struct {             /* used by Crypt::Mode::XTS */
   int cipher_id, cipher_rounds;
   symmetric_xts state;
   int direction;
-  int id;
 } *Crypt__Mode__XTS;
 
 typedef struct prng_struct {            /* used by Crypt::PRNG */
   prng_state state;
   struct ltc_prng_descriptor *desc;
   IV last_pid;
-  int id;
 } *Crypt__PRNG;
 
 typedef struct rsa_struct {             /* used by Crypt::PK::RSA */
   prng_state pstate;
   int pindex;
   rsa_key key;
-  int id;
 } *Crypt__PK__RSA;
 
 typedef struct dsa_struct {             /* used by Crypt::PK::DSA */
   prng_state pstate;
   int pindex;
   dsa_key key;
-  int id;
 } *Crypt__PK__DSA;
 
 typedef struct dh_struct {              /* used by Crypt::PK::DH */
   prng_state pstate;
   int pindex;
   dh_key key;
-  int id;
 } *Crypt__PK__DH;
 
 typedef struct ecc_struct {             /* used by Crypt::PK::ECC */
   prng_state pstate;
   int pindex;
   ecc_key key;
-  ltc_ecc_set_type dp;
-  int id;
 } *Crypt__PK__ECC;
 
-int str_add_leading_zero(char *str, int maxlen, int minlen) {
-  int len;
-  len = (int)strlen(str);
-  if (len > 0 && len % 2 && len < maxlen-2) {
-    memmove(str+1, str, len+1); /* incl. NUL byte */
-    *str = '0';                 /* add leading zero */
-  }
-  len = (int)strlen(str);
-  if (len < minlen && minlen < maxlen-1) {
-    memmove(str+(minlen-len), str, len+1); /* incl. NUL byte */
-    memset(str, '0', minlen-len);          /* add leading zero */
-  }
-  return MP_OKAY;
-}
-
 int mp_tohex_with_leading_zero(mp_int * a, char *str, int maxlen, int minlen) {
-  int rv;
+  int len, rv;
+
   if (mp_isneg(a) == MP_YES) {
     *str = '\0';
     return MP_VAL;
   }
+
   rv = mp_toradix_n(a, str, 16, maxlen);
   if (rv != MP_OKAY) {
     *str = '\0';
     return rv;
   }
-  return str_add_leading_zero(str, maxlen, minlen);
+
+  len = (int)strlen(str);
+  if (len > 0 && len % 2 && len < maxlen-2) {
+    memmove(str+1, str, len+1); /* incl. NUL byte */
+    *str = '0';                 /* add leading zero */
+  }
+
+  len = (int)strlen(str);
+  if (len < minlen && minlen < maxlen-1) {
+    memmove(str+(minlen-len), str, len+1); /* incl. NUL byte */
+    memset(str, '0', minlen-len);          /* add leading zero */
+  }
+
+  return MP_OKAY;
+}
+
+int _base16_encode(const unsigned char *in, unsigned long inlen, unsigned char *out, unsigned long *outlen)
+{
+   unsigned long i;
+   const char alphabet[] = {'0','1','2','3','4','5','6','7','8','9','a','b','c','d','e','f'};
+
+   if (*outlen < inlen * 2) {
+      *outlen = inlen * 2;
+      return CRYPT_BUFFER_OVERFLOW;
+   }
+
+   for (i = 0; i < inlen; i++) {
+     out[i*2]   = (unsigned char)alphabet[in[i] >> 4];
+     out[i*2+1] = (unsigned char)alphabet[in[i] & 0xF];
+   }
+
+   *outlen = inlen * 2;
+   return CRYPT_OK;
+}
+
+size_t _find_start(const char *name, char *ltcname, size_t ltclen)
+{
+   size_t i, start = 0;
+   if (name == NULL || strlen(name) + 1 > ltclen) croak("FATAL: invalid name") ;
+   /* normalize */
+   for (i = 0; i < ltclen && name[i] > 0; i++) {
+     if (name[i] >= 'A' && name[i] <= 'Z') {
+       ltcname[i] = name[i] + 32; /* lowecase */
+     }
+     else if (name[i] == '_') {
+       ltcname[i] = '-';
+     }
+     else {
+       ltcname[i] = name[i];
+     }
+     if (name[i] == ':') start = i + 1;
+   }
+   return start;
+}
+
+int _find_hash(const char *name)
+{
+   char ltcname[100] = { 0 };
+   size_t start = _find_start(name, ltcname, sizeof(ltcname) - 1);
+   /* special cases */
+   if (strcmp(ltcname + start, "ripemd128") == 0) return find_hash("rmd128");
+   if (strcmp(ltcname + start, "ripemd160") == 0) return find_hash("rmd160");
+   if (strcmp(ltcname + start, "ripemd256") == 0) return find_hash("rmd256");
+   if (strcmp(ltcname + start, "ripemd320") == 0) return find_hash("rmd320");
+   if (strcmp(ltcname + start, "tiger192")  == 0) return find_hash("tiger");
+   if (strcmp(ltcname + start, "chaes")     == 0) return find_hash("chc_hash");
+   if (strcmp(ltcname + start, "chc-hash")  == 0) return find_hash("chc_hash");
+   return find_hash(ltcname + start);
+}
+
+int _find_cipher(const char *name)
+{
+   char ltcname[100] = { 0 };
+   size_t start = _find_start(name, ltcname, sizeof(ltcname) - 1);
+   /* special cases */
+   if (strcmp(ltcname + start, "des-ede") == 0) return find_cipher("3des");
+   if (strcmp(ltcname + start, "saferp")  == 0) return find_cipher("safer+");
+   return find_cipher(ltcname + start);
+}
+
+int _find_prng(const char *name)
+{
+  char ltcname[100] = { 0 };
+  size_t start = _find_start(name, ltcname, sizeof(ltcname) - 1);
+  return find_prng(ltcname + start);
 }
 
 /* Math::BigInt::LTM related */
 typedef mp_int * Math__BigInt__LTM;
 STATIC SV * sv_from_mpi(mp_int *mpi) {
+  dTHX; /* fetch context */
   SV *obj = newSV(0);
   sv_setref_pv(obj, "Math::BigInt::LTM", (void*)mpi);
   return obj;
 }
 
-ltc_ecc_set_type* _ecc_set_dp_from_SV(ltc_ecc_set_type *dp, SV *curve)
+void _ecc_oid_lookup(ecc_key *key)
 {
-  HV *h;
-  SV *param, **pref;
-  SV **sv_cofactor, **sv_prime, **sv_A, **sv_B, **sv_order, **sv_Gx, **sv_Gy;
    int err;
+   unsigned i;
+   void *tmp;
+   const ltc_ecc_set_type *set;
+
+   key->dp.oidlen = 0;
+   if ((err = ltc_mp.init(&tmp)) != CRYPT_OK) return;
+   for (set = ltc_ecc_sets; set->name != NULL; set++) {
+      if ((err = mp_read_radix(tmp, set->prime, 16)) != CRYPT_OK) continue;
+      if ((mp_cmp(tmp, key->dp.prime) != LTC_MP_EQ))              continue;
+      if ((err = mp_read_radix(tmp, set->order, 16)) != CRYPT_OK) continue;
+      if ((mp_cmp(tmp, key->dp.order) != LTC_MP_EQ))              continue;
+      if ((err = mp_read_radix(tmp, set->A,     16)) != CRYPT_OK) continue;
+      if ((mp_cmp(tmp, key->dp.A) != LTC_MP_EQ))                  continue;
+      if ((err = mp_read_radix(tmp, set->B,     16)) != CRYPT_OK) continue;
+      if ((mp_cmp(tmp, key->dp.B) != LTC_MP_EQ))                  continue;
+      if ((err = mp_read_radix(tmp, set->Gx,    16)) != CRYPT_OK) continue;
+      if ((mp_cmp(tmp, key->dp.base.x) != LTC_MP_EQ))             continue;
+      if ((err = mp_read_radix(tmp, set->Gy,    16)) != CRYPT_OK) continue;
+      if ((mp_cmp(tmp, key->dp.base.y) != LTC_MP_EQ))             continue;
+      if (key->dp.cofactor != set->cofactor)                      continue;
+      break; /* found */
+   }
+   ltc_mp.deinit(tmp);
+   if (set->name != NULL) {
+     key->dp.oidlen = set->oidlen;
+     for(i = 0; i < set->oidlen; i++) key->dp.oid[i] = set->oid[i];
+   }
+}
+
+int _ecc_set_dp_from_SV(ecc_key *key, SV *curve)
+{
+  dTHX; /* fetch context */
+  HV *hc, *hl, *h;
+  SV *sv_crv, **pref;
+  SV **sv_cofactor, **sv_prime, **sv_A, **sv_B, **sv_order, **sv_Gx, **sv_Gy, **sv_oid;
   char *ch_name;
-  STRLEN l_name;
+  STRLEN l_name, i, j;
+  int err;
+
+  if (!SvOK(curve)) croak("FATAL: undefined curve");
 
   if (SvPOK(curve)) {
+    /* string */
     ch_name = SvPV(curve, l_name);
-    if ((h = get_hv("Crypt::PK::ECC::curve", 0)) == NULL) croak("FATAL: generate_key_ex: no curve register");
+    if ((hl = get_hv("Crypt::PK::ECC::curve2ltc", 0)) == NULL) croak("FATAL: no curve2ltc register");
-    if ((pref = hv_fetch(h, ch_name, (U32)l_name, 0)) == NULL)  croak("FATAL: generate_key_ex: unknown curve/1 '%s'", ch_name);
+    pref = hv_fetch(hl, ch_name, (U32)l_name, 0);
-    if (!SvOK(*pref)) croak("FATAL: generate_key_ex: unknown curve/2 '%s'", ch_name);
+    if (pref && SvOK(*pref)) {
-    param = *pref;
+      sv_crv = *pref; /* found in %cutve2ltc */
+    }
+    else {
+      if ((hc = get_hv("Crypt::PK::ECC::curve", 0)) == NULL) croak("FATAL: no curve register");
+      pref = hv_fetch(hc, ch_name, (U32)l_name, 0);
+      if (pref && SvOK(*pref)) {
+        sv_crv = *pref; /* found in %curve */
+      }
+      else {
+        sv_crv = curve;
+      }
+    }
   }
   else if (SvROK(curve)) {
-    param = curve;
+    /* hashref */
+    sv_crv = curve;
   }
   else {
     croak("FATAL: curve has to be a string or a hashref");
   }
 
-  if ((h = (HV*)(SvRV(param))) == NULL) croak("FATAL: ecparams: param is not valid hashref");
+  if (SvPOK(sv_crv)) {
+    /* string - curve name */
+    const ltc_ecc_set_type *dp;
+    ch_name = SvPV(sv_crv, l_name);
+    if (ecc_get_set_by_name(ch_name, &dp) != CRYPT_OK) croak("FATAL: ecparams: unknown curve '%s'", ch_name);
+    return ecc_set_dp(dp, key);
+  }
+  else {
+    /* hashref */
+    ltc_ecc_set_type set = { 0 };
+
+    if ((h = (HV*)(SvRV(sv_crv))) == NULL) croak("FATAL: ecparams: param is not valid hashref");
 
     if ((sv_prime    = hv_fetchs(h, "prime",    0)) == NULL) croak("FATAL: ecparams: missing param prime");
     if ((sv_A        = hv_fetchs(h, "A",        0)) == NULL) croak("FATAL: ecparams: missing param A");
@@ -293,29 +357,37 @@ ltc_ecc_set_type* _ecc_set_dp_from_SV(ltc_ecc_set_type *dp, SV *curve)
     if (!SvOK(*sv_Gy      )) croak("FATAL: ecparams: undefined param Gy");
     if (!SvOK(*sv_cofactor)) croak("FATAL: ecparams: undefined param cofactor");
 
-  err = ecc_dp_set( dp,
+    set.prime    = SvPV_nolen(*sv_prime);
-                    SvPV_nolen(*sv_prime),
+    set.A        = SvPV_nolen(*sv_A);
-                    SvPV_nolen(*sv_A),
+    set.B        = SvPV_nolen(*sv_B);
-                    SvPV_nolen(*sv_B),
+    set.order    = SvPV_nolen(*sv_order);
-                    SvPV_nolen(*sv_order),
+    set.Gx       = SvPV_nolen(*sv_Gx);
-                    SvPV_nolen(*sv_Gx),
+    set.Gy       = SvPV_nolen(*sv_Gy);
-                    SvPV_nolen(*sv_Gy),
+    set.cofactor = (unsigned long)SvUV(*sv_cofactor),
-                    (unsigned long)SvUV(*sv_cofactor),
+    set.name     = NULL;
-                    NULL, /* we intentionally don't allow setting custom names */
+    set.oidlen   = 0;
-                    NULL  /* we intentionally don't allow setting custom OIDs */
-                  );
-  return err == CRYPT_OK ? dp : NULL;
-}
 
-void _ecc_free_key(ecc_key *key, ltc_ecc_set_type *dp)
+    sv_oid = hv_fetchs(h, "oid", 0);
-{
+    if (sv_oid && SvPOK(*sv_oid)) {
-  if(dp) {
+      ch_name = SvPV(*sv_oid, l_name);
-    ecc_dp_clear(dp);
+      for (i = 0, j = 0; i < l_name; i++) {
+        if (ch_name[i] == '.') {
+          if (++j >= 16) return CRYPT_ERROR;
         }
-  if (key->type != -1) {
+        else if(ch_name[i] >= '0' && ch_name[i] <= '9') {
-    ecc_free(key);
+          set.oid[j] = set.oid[j] * 10 + (ch_name[i] - '0');
-    key->type = -1;
+        }
-    key->dp = NULL;
+        else {
+          return CRYPT_ERROR;
+        }
+      }
+      if (j == 0) return CRYPT_ERROR;
+      set.oidlen = j + 1;
+    }
+
+    if ((err = ecc_set_dp(&set, key)) != CRYPT_OK) return err;
+    if (key->dp.oidlen == 0) _ecc_oid_lookup(key);
+    return CRYPT_OK;
   }
 }
 
@@ -324,208 +396,320 @@ MODULE = CryptX       PACKAGE = CryptX      PREFIX = CryptX_
 PROTOTYPES: DISABLE
 
 BOOT:
-    if(register_cipher(&blowfish_desc)==-1)    { croak("FATAL: cannot register_cipher blowfish"); }
+    if(register_all_ciphers() != CRYPT_OK)     { croak("FATAL: register_all_ciphers failed"); }
-    if(register_cipher(&rc5_desc)==-1)         { croak("FATAL: cannot register_cipher rc5"); }
+    if(register_all_hashes()  != CRYPT_OK)     { croak("FATAL: register_all_hashes failed"); }
-    if(register_cipher(&rc6_desc)==-1)         { croak("FATAL: cannot register_cipher rc6"); }
+    if(register_all_prngs()   != CRYPT_OK)     { croak("FATAL: register_all_prngs failed"); }
-    if(register_cipher(&rc2_desc)==-1)         { croak("FATAL: cannot register_cipher rc2"); }
+    if(crypt_mp_init("ltm")   != CRYPT_OK)     { croak("FATAL: crypt_mp_init failed"); }
-    if(register_cipher(&saferp_desc)==-1)      { croak("FATAL: cannot register_cipher saferp"); }
-    if(register_cipher(&safer_k64_desc)==-1)   { croak("FATAL: cannot register_cipher safer_k64"); }
-    if(register_cipher(&safer_k128_desc)==-1)  { croak("FATAL: cannot register_cipher safer_k128"); }
-    if(register_cipher(&safer_sk64_desc)==-1)  { croak("FATAL: cannot register_cipher safer_sk64"); }
-    if(register_cipher(&safer_sk128_desc)==-1) { croak("FATAL: cannot register_cipher safer_sk128"); }
-    if(register_cipher(&aes_desc)==-1)         { croak("FATAL: cannot register_cipher aes"); }
-    if(register_cipher(&xtea_desc)==-1)        { croak("FATAL: cannot register_cipher xtea"); }
-    if(register_cipher(&twofish_desc)==-1)     { croak("FATAL: cannot register_cipher twofish"); }
-    if(register_cipher(&des_desc)==-1)         { croak("FATAL: cannot register_cipher des"); }
-    if(register_cipher(&des3_desc)==-1)        { croak("FATAL: cannot register_cipher des3"); }
-    if(register_cipher(&cast5_desc)==-1)       { croak("FATAL: cannot register_cipher cast5"); }
-    if(register_cipher(&noekeon_desc)==-1)     { croak("FATAL: cannot register_cipher noekeon"); }
-    if(register_cipher(&skipjack_desc)==-1)    { croak("FATAL: cannot register_cipher skipjack"); }
-    if(register_cipher(&khazad_desc)==-1)      { croak("FATAL: cannot register_cipher khazad"); }
-    if(register_cipher(&anubis_desc)==-1)      { croak("FATAL: cannot register_cipher anubis"); }
-    if(register_cipher(&kseed_desc)==-1)       { croak("FATAL: cannot register_cipher kseed"); }
-    if(register_cipher(&kasumi_desc)==-1)      { croak("FATAL: cannot register_cipher kasumi"); }
-    if(register_cipher(&multi2_desc)==-1)      { croak("FATAL: cannot register_cipher multi2"); }
-    if(register_cipher(&camellia_desc)==-1)    { croak("FATAL: cannot register_cipher camellia"); }
-    /* --- */
-    if(register_hash(&chc_desc)==-1)           { croak("FATAL: cannot register_hash chc_hash"); }
-    if(register_hash(&md2_desc)==-1)           { croak("FATAL: cannot register_hash md2"); }
-    if(register_hash(&md4_desc)==-1)           { croak("FATAL: cannot register_hash md4"); }
-    if(register_hash(&md5_desc)==-1)           { croak("FATAL: cannot register_hash md5"); }
-    if(register_hash(&rmd128_desc)==-1)        { croak("FATAL: cannot register_hash rmd128"); }
-    if(register_hash(&rmd160_desc)==-1)        { croak("FATAL: cannot register_hash rmd160"); }
-    if(register_hash(&rmd256_desc)==-1)        { croak("FATAL: cannot register_hash rmd256"); }
-    if(register_hash(&rmd320_desc)==-1)        { croak("FATAL: cannot register_hash rmd320"); }
-    if(register_hash(&sha1_desc)==-1)          { croak("FATAL: cannot register_hash sha1"); }
-    if(register_hash(&sha224_desc)==-1)        { croak("FATAL: cannot register_hash sha224"); }
-    if(register_hash(&sha256_desc)==-1)        { croak("FATAL: cannot register_hash sha256"); }
-    if(register_hash(&sha384_desc)==-1)        { croak("FATAL: cannot register_hash sha384"); }
-    if(register_hash(&sha512_desc)==-1)        { croak("FATAL: cannot register_hash sha512"); }
-    if(register_hash(&sha512_224_desc)==-1)    { croak("FATAL: cannot register_hash sha512_224"); }
-    if(register_hash(&sha512_256_desc)==-1)    { croak("FATAL: cannot register_hash sha512_256"); }
-    if(register_hash(&sha3_224_desc)==-1)      { croak("FATAL: cannot register_hash sha3_224"); }
-    if(register_hash(&sha3_256_desc)==-1)      { croak("FATAL: cannot register_hash sha3_256"); }
-    if(register_hash(&sha3_384_desc)==-1)      { croak("FATAL: cannot register_hash sha3_384"); }
-    if(register_hash(&sha3_512_desc)==-1)      { croak("FATAL: cannot register_hash sha3_512"); }
-    if(register_hash(&tiger_desc)==-1)         { croak("FATAL: cannot register_hash tiger"); }
-    if(register_hash(&whirlpool_desc)==-1)     { croak("FATAL: cannot register_hash whirlpool"); }
-    if(register_hash(&blake2b_160_desc)==-1)   { croak("FATAL: cannot register_hash blake2b_160"); }
-    if(register_hash(&blake2b_256_desc)==-1)   { croak("FATAL: cannot register_hash blake2b_256"); }
-    if(register_hash(&blake2b_384_desc)==-1)   { croak("FATAL: cannot register_hash blake2b_384"); }
-    if(register_hash(&blake2b_512_desc)==-1)   { croak("FATAL: cannot register_hash blake2b_512"); }
-    if(register_hash(&blake2s_128_desc)==-1)   { croak("FATAL: cannot register_hash blake2s_128"); }
-    if(register_hash(&blake2s_160_desc)==-1)   { croak("FATAL: cannot register_hash blake2s_160"); }
-    if(register_hash(&blake2s_224_desc)==-1)   { croak("FATAL: cannot register_hash blake2s_224"); }
-    if(register_hash(&blake2s_256_desc)==-1)   { croak("FATAL: cannot register_hash blake2s_256"); }
-    /* --- */
-    if(chc_register(find_cipher("aes"))==-1)   { croak("FATAL: chc_register failed"); }
-    /* --- */
-    if(register_prng(&fortuna_desc)==-1)       { croak("FATAL: cannot register_prng fortuna"); }
-    if(register_prng(&yarrow_desc)==-1)        { croak("FATAL: cannot register_prng yarrow"); }
-    if(register_prng(&rc4_desc)==-1)           { croak("FATAL: cannot register_prng rc4"); }
-    if(register_prng(&sober128_desc)==-1)      { croak("FATAL: cannot register_prng sober128"); }
-    if(register_prng(&chacha20_prng_desc)==-1) { croak("FATAL: cannot register_prng chacha20"); }
-    /* --- */
-#ifdef TFM_DESC
-    ltc_mp = tfm_desc;
-#else
-    ltc_mp = ltm_desc;
-#endif
 
 SV *
-CryptX__encode_base64url(SV * in)
+CryptX__ltc_build_settings()
+    CODE:
+        RETVAL = newSVpv(crypt_build_settings, 0);
+    OUTPUT:
+        RETVAL
+
+SV *
+CryptX__ltc_mp_name()
+    CODE:
+        RETVAL = newSVpv(ltc_mp.name, 0);
+    OUTPUT:
+        RETVAL
+
+int
+CryptX__ltc_mp_bits_per_digit()
+    CODE:
+        RETVAL = ltc_mp.bits_per_digit;
+    OUTPUT:
+        RETVAL
+
+MODULE = CryptX       PACKAGE = Crypt::Misc
+
+PROTOTYPES: DISABLE
+
+SV *
+_radix_to_bin(char *in, int radix)
     CODE:
     {
+        STRLEN len;
+        unsigned char *out_data;
+        mp_int mpi;
+
+        if (in == NULL) XSRETURN_UNDEF;
+        if (mp_init(&mpi) != CRYPT_OK) XSRETURN_UNDEF;
+        if (strlen(in) == 0) {
+          RETVAL = newSVpvn("", 0);
+        }
+        else if (mp_read_radix(&mpi, in, radix) == CRYPT_OK) {
+          len = mp_unsigned_bin_size(&mpi);
+          if (len == 0) {
+            RETVAL = newSVpvn("", 0);
+          }
+          else {
+            RETVAL = NEWSV(0, len); /* avoid zero! */
+            SvPOK_only(RETVAL);
+            SvCUR_set(RETVAL, len);
+            out_data = (unsigned char *)SvPVX(RETVAL);
+            mp_to_unsigned_bin(&mpi, out_data);
+          }
+        }
+        else {
+          RETVAL = newSVpvn(NULL, 0); /* undef */
+        }
+        mp_clear(&mpi);
+    }
+    OUTPUT:
+        RETVAL
+
+SV *
+_bin_to_radix(SV *in, int radix)
+    CODE:
+    {
+        STRLEN len;
+        unsigned char *in_data;
+        char *out_data;
+        mp_int mpi, tmp;
+        mp_digit d;
+        int digits = 0;
+
+        if (!SvPOK(in) || radix < 2 || radix > 64) XSRETURN_UNDEF;
+        in_data = (unsigned char *) SvPVbyte(in, len);
+        mp_init_multi(&mpi, &tmp, NULL);
+        if (len == 0) {
+          RETVAL = newSVpvn("", 0);
+        }
+        else {
+          if (mp_read_unsigned_bin(&mpi, in_data, (unsigned long)len) == CRYPT_OK) {
+            mp_copy(&mpi, &tmp);
+            while (mp_iszero(&tmp) == MP_NO) {
+              mp_div_d(&tmp, (mp_digit)radix, &tmp, &d);
+              digits++;
+            }
+            if (digits == 0) {
+              RETVAL = newSVpvn("", 0);
+            }
+            else {
+              RETVAL = NEWSV(0, digits + 2); /* +2 for sign and NUL byte */
+              SvPOK_only(RETVAL);
+              out_data = SvPVX(RETVAL);
+              mp_toradix(&mpi, out_data, radix);
+              SvCUR_set(RETVAL, strlen(out_data));
+            }
+          }
+          else {
+            RETVAL = newSVpvn(NULL, 0); /* undef */
+          }
+        }
+        mp_clear_multi(&tmp, &mpi, NULL);
+    }
+    OUTPUT:
+        RETVAL
+
+SV *
+encode_b64(SV * in)
+    ALIAS:
+        encode_b64u = 1
+    CODE:
+    {
+        int rv;
         STRLEN in_len;
         unsigned long out_len;
         unsigned char *out_data, *in_data;
-        int rv;
 
         if (!SvPOK(in)) XSRETURN_UNDEF;
         in_data = (unsigned char *) SvPVbyte(in, in_len);
+        if (in_len == 0) {
+          RETVAL = newSVpvn("", 0);
+        }
+        else {
           out_len = (unsigned long)(4 * ((in_len + 2) / 3) + 1);
-        Newz(0, out_data, out_len, unsigned char);
+          RETVAL = NEWSV(0, out_len); /* avoid zero! */
-        if (!out_data) croak("FATAL: Newz failed [%ld]", out_len);
+          SvPOK_only(RETVAL);
+          out_data = (unsigned char *)SvPVX(RETVAL);
+          if (ix == 1)
             rv = base64url_encode(in_data, (unsigned long)in_len, out_data, &out_len);
-        RETVAL = (rv == CRYPT_OK) ? newSVpvn((char *)out_data, out_len) : newSVpvn(NULL, 0);
+          else
-        Safefree(out_data);
-    }
-    OUTPUT:
-        RETVAL
-
-SV *
-CryptX__decode_base64url(SV * in)
-    CODE:
-    {
-        STRLEN in_len;
-        unsigned long out_len;
-        unsigned char *out_data, *in_data;
-        int rv;
-
-        if (!SvPOK(in)) XSRETURN_UNDEF;
-        in_data = (unsigned char *) SvPVbyte(in, in_len);
-        out_len = (unsigned long)in_len;
-        Newz(0, out_data, out_len, unsigned char);
-        if (!out_data) croak("FATAL: Newz failed [%ld]", out_len);
-        rv = base64url_decode(in_data, (unsigned long)in_len, out_data, &out_len);
-        RETVAL = (rv == CRYPT_OK) ? newSVpvn((char *)out_data, out_len) : newSVpvn(NULL, 0);
-        Safefree(out_data);
-    }
-    OUTPUT:
-        RETVAL
-
-SV *
-CryptX__encode_base64(SV * in)
-    CODE:
-    {
-        STRLEN in_len;
-        unsigned long out_len;
-        unsigned char *out_data, *in_data;
-        int rv;
-
-        if (!SvPOK(in)) XSRETURN_UNDEF;
-        in_data = (unsigned char *) SvPVbyte(in, in_len);
-        out_len = (unsigned long)(4 * ((in_len + 2) / 3) + 1);
-        Newz(0, out_data, out_len, unsigned char);
-        if (!out_data) croak("FATAL: Newz failed [%ld]", out_len);
             rv = base64_encode(in_data, (unsigned long)in_len, out_data, &out_len);
-        RETVAL = (rv == CRYPT_OK) ? newSVpvn((char *)out_data, out_len) : newSVpvn(NULL, 0);
+          if (rv != CRYPT_OK) {
-        Safefree(out_data);
+            SvREFCNT_dec(RETVAL);
+            XSRETURN_UNDEF;
+          }
+          SvCUR_set(RETVAL, out_len);
+        }
     }
     OUTPUT:
         RETVAL
 
 SV *
-CryptX__decode_base64(SV * in)
+decode_b64(SV * in)
+    ALIAS:
+        decode_b64u = 1
+    CODE:
+    {
+        int rv;
+        STRLEN in_len;
+        unsigned long out_len;
+        unsigned char *out_data, *in_data;
+
+        if (!SvPOK(in)) XSRETURN_UNDEF;
+        in_data = (unsigned char *)SvPVbyte(in, in_len);
+        if (in_len == 0) {
+          RETVAL = newSVpvn("", 0);
+        }
+        else {
+          out_len = (unsigned long)in_len;
+          RETVAL = NEWSV(0, out_len); /* avoid zero! */
+          SvPOK_only(RETVAL);
+          out_data = (unsigned char *)SvPVX(RETVAL);
+          if (ix == 1)
+            rv = base64url_decode(in_data, (unsigned long)in_len, out_data, &out_len);
+          else
+            rv = base64_decode(in_data, (unsigned long)in_len, out_data, &out_len);
+          if (rv != CRYPT_OK) {
+            SvREFCNT_dec(RETVAL);
+            XSRETURN_UNDEF;
+          }
+          SvCUR_set(RETVAL, out_len);
+        }
+    }
+    OUTPUT:
+        RETVAL
+
+SV *
+encode_b32r(SV *in)
+    ALIAS:
+        encode_b32b = 1
+        encode_b32z = 2
+        encode_b32c = 3
     CODE:
     {
         STRLEN in_len;
         unsigned long out_len;
         unsigned char *out_data, *in_data;
-        int rv;
+        int id = -1;
 
         if (!SvPOK(in)) XSRETURN_UNDEF;
+        if (ix == 0) id = BASE32_RFC4648;
+        if (ix == 1) id = BASE32_BASE32HEX;
+        if (ix == 2) id = BASE32_ZBASE32;
+        if (ix == 3) id = BASE32_CROCKFORD;
+        if (id == -1) XSRETURN_UNDEF;
         in_data = (unsigned char *) SvPVbyte(in, in_len);
-        out_len = (unsigned long)in_len;
+        if (in_len == 0) {
-        Newz(0, out_data, out_len, unsigned char);
+          RETVAL = newSVpvn("", 0);
-        if (!out_data) croak("FATAL: Newz failed [%ld]", out_len);
+        }
-        rv = base64_decode(in_data, (unsigned long)in_len, out_data, &out_len);
+        else {
-        RETVAL = (rv == CRYPT_OK) ? newSVpvn((char *)out_data, out_len) : newSVpvn(NULL, 0);
+          out_len = (unsigned long)((8 * in_len + 4) / 5);
-        Safefree(out_data);
+          RETVAL = NEWSV(0, out_len); /* avoid zero! */
+          SvPOK_only(RETVAL);
+          out_data = (unsigned char *)SvPVX(RETVAL);
+          if (base32_encode(in_data, (unsigned long)in_len, out_data, &out_len, id) != CRYPT_OK) {
+            SvREFCNT_dec(RETVAL);
+            XSRETURN_UNDEF;
+          }
+          SvCUR_set(RETVAL, out_len);
+        }
     }
     OUTPUT:
         RETVAL
 
 SV *
-CryptX__increment_octets_le(SV * in)
+decode_b32r(SV *in)
+    ALIAS:
+        decode_b32b = 1
+        decode_b32z = 2
+        decode_b32c = 3
+    CODE:
+    {
+        STRLEN in_len;
+        unsigned long out_len;
+        unsigned char *out_data, *in_data;
+        int id = -1;
+
+        if (!SvPOK(in)) XSRETURN_UNDEF;
+        if (ix == 0) id = BASE32_RFC4648;
+        if (ix == 1) id = BASE32_BASE32HEX;
+        if (ix == 2) id = BASE32_ZBASE32;
+        if (ix == 3) id = BASE32_CROCKFORD;
+        if (id == -1) XSRETURN_UNDEF;
+        in_data = (unsigned char *)SvPVbyte(in, in_len);
+        if (in_len == 0) {
+          RETVAL = newSVpvn("", 0);
+        }
+        else {
+          out_len = (unsigned long)in_len;
+          RETVAL = NEWSV(0, out_len); /* avoid zero! */
+          SvPOK_only(RETVAL);
+          out_data = (unsigned char *)SvPVX(RETVAL);
+          if (base32_decode(in_data, (unsigned long)in_len, out_data, &out_len, id) != CRYPT_OK) {
+            SvREFCNT_dec(RETVAL);
+            XSRETURN_UNDEF;
+          }
+          SvCUR_set(RETVAL, out_len);
+        }
+    }
+    OUTPUT:
+        RETVAL
+
+SV *
+increment_octets_le(SV * in)
     CODE:
     {
         STRLEN len, i = 0;
         unsigned char *out_data, *in_data;
-        int rv;
 
         if (!SvPOK(in)) XSRETURN_UNDEF;
-        in_data = (unsigned char *) SvPVbyte(in, len);
+        in_data = (unsigned char *)SvPVbyte(in, len);
-        if (len == 0) XSRETURN_UNDEF;
+        if (len == 0) {
-
+          RETVAL = newSVpvn("", 0);
-        RETVAL = NEWSV(0, len);
+        }
+        else {
+          RETVAL = NEWSV(0, len); /* avoid zero! */
           SvPOK_only(RETVAL);
           SvCUR_set(RETVAL, len);
-        out_data = (unsigned char *)SvPV_nolen(RETVAL);
+          out_data = (unsigned char *)SvPVX(RETVAL);
           Copy(in_data, out_data, len, unsigned char);
           while (i < len) {
             out_data[i]++;
             if (0 != out_data[i]) break;
             i++;
           }
-        if (i == len) croak("FATAL: increment_octets_le overflow");
+          if (i == len) {
+            SvREFCNT_dec(RETVAL);
+            croak("FATAL: increment_octets_le overflow");
+          }
+        }
     }
     OUTPUT:
         RETVAL
 
 SV *
-CryptX__increment_octets_be(SV * in)
+increment_octets_be(SV * in)
     CODE:
     {
         STRLEN len, i = 0;
         unsigned char *out_data, *in_data;
-        int rv;
 
         if (!SvPOK(in)) XSRETURN_UNDEF;
-        in_data = (unsigned char *) SvPVbyte(in, len);
+        in_data = (unsigned char *)SvPVbyte(in, len);
-        if (len == 0) XSRETURN_UNDEF;
+        if (len == 0) {
-
+          RETVAL = newSVpvn("", 0);
-        RETVAL = NEWSV(0, len);
+        }
+        else {
+          RETVAL = NEWSV(0, len); /* avoid zero! */
           SvPOK_only(RETVAL);
           SvCUR_set(RETVAL, len);
-        out_data = (unsigned char *)SvPV_nolen(RETVAL);
+          out_data = (unsigned char *)SvPVX(RETVAL);
           Copy(in_data, out_data, len, unsigned char);
           while (i < len) {
             out_data[len - 1 - i]++;
             if (0 != out_data[len - 1 - i]) break;
             i++;
           }
-        if (i == len) croak("FATAL: increment_octets_le overflow");
+          if (i == len) {
+            SvREFCNT_dec(RETVAL);
+            croak("FATAL: increment_octets_be overflow");
+          }
+        }
     }
     OUTPUT:
         RETVAL
@@ -546,8 +730,11 @@ INCLUDE: inc/CryptX_AuthEnc_CCM.xs.inc
 INCLUDE: inc/CryptX_AuthEnc_ChaCha20Poly1305.xs.inc
 
 INCLUDE: inc/CryptX_Stream_ChaCha.xs.inc
+INCLUDE: inc/CryptX_Stream_Salsa20.xs.inc
 INCLUDE: inc/CryptX_Stream_RC4.xs.inc
 INCLUDE: inc/CryptX_Stream_Sober128.xs.inc
+INCLUDE: inc/CryptX_Stream_Sosemanuk.xs.inc
+INCLUDE: inc/CryptX_Stream_Rabbit.xs.inc
 
 INCLUDE: inc/CryptX_Mac_F9.xs.inc
 INCLUDE: inc/CryptX_Mac_HMAC.xs.inc

MANIFEST

@@ -32,8 +32,11 @@ inc/CryptX_PK_ECC.xs.inc
 inc/CryptX_PK_RSA.xs.inc
 inc/CryptX_PRNG.xs.inc
 inc/CryptX_Stream_ChaCha.xs.inc
+inc/CryptX_Stream_Rabbit.xs.inc
 inc/CryptX_Stream_RC4.xs.inc
+inc/CryptX_Stream_Salsa20.xs.inc
 inc/CryptX_Stream_Sober128.xs.inc
+inc/CryptX_Stream_Sosemanuk.xs.inc
 lib/Crypt/AuthEnc.pm
 lib/Crypt/AuthEnc/CCM.pm
 lib/Crypt/AuthEnc/ChaCha20Poly1305.pm
@@ -51,6 +54,7 @@ lib/Crypt/Cipher/Camellia.pm
 lib/Crypt/Cipher/CAST5.pm
 lib/Crypt/Cipher/DES.pm
 lib/Crypt/Cipher/DES_EDE.pm
+lib/Crypt/Cipher/IDEA.pm
 lib/Crypt/Cipher/KASUMI.pm
 lib/Crypt/Cipher/Khazad.pm
 lib/Crypt/Cipher/MULTI2.pm
@@ -64,6 +68,7 @@ lib/Crypt/Cipher/SAFER_SK128.pm
 lib/Crypt/Cipher/SAFER_SK64.pm
 lib/Crypt/Cipher/SAFERP.pm
 lib/Crypt/Cipher/SEED.pm
+lib/Crypt/Cipher/Serpent.pm
 lib/Crypt/Cipher/Skipjack.pm
 lib/Crypt/Cipher/Twofish.pm
 lib/Crypt/Cipher/XTEA.pm
@@ -77,6 +82,10 @@ lib/Crypt/Digest/BLAKE2s_160.pm
 lib/Crypt/Digest/BLAKE2s_224.pm
 lib/Crypt/Digest/BLAKE2s_256.pm
 lib/Crypt/Digest/CHAES.pm
+lib/Crypt/Digest/Keccak224.pm
+lib/Crypt/Digest/Keccak256.pm
+lib/Crypt/Digest/Keccak384.pm
+lib/Crypt/Digest/Keccak512.pm
 lib/Crypt/Digest/MD2.pm
 lib/Crypt/Digest/MD4.pm
 lib/Crypt/Digest/MD5.pm
@@ -128,8 +137,11 @@ lib/Crypt/PRNG/RC4.pm
 lib/Crypt/PRNG/Sober128.pm
 lib/Crypt/PRNG/Yarrow.pm
 lib/Crypt/Stream/ChaCha.pm
+lib/Crypt/Stream/Rabbit.pm
 lib/Crypt/Stream/RC4.pm
+lib/Crypt/Stream/Salsa20.pm
 lib/Crypt/Stream/Sober128.pm
+lib/Crypt/Stream/Sosemanuk.pm
 lib/CryptX.pm
 lib/Math/BigInt/LTM.pm
 LICENSE
@@ -138,7 +150,7 @@ MANIFEST			This list of files
 META.json
 META.yml
 ppport.h
-README
+README.md
 src/ltc/ciphers/aes/aes.c
 src/ltc/ciphers/aes/aes_tab.c
 src/ltc/ciphers/anubis.c
@@ -146,6 +158,7 @@ src/ltc/ciphers/blowfish.c
 src/ltc/ciphers/camellia.c
 src/ltc/ciphers/cast5.c
 src/ltc/ciphers/des.c
+src/ltc/ciphers/idea.c
 src/ltc/ciphers/kasumi.c
 src/ltc/ciphers/khazad.c
 src/ltc/ciphers/kseed.c
@@ -157,6 +170,7 @@ src/ltc/ciphers/rc6.c
 src/ltc/ciphers/safer/safer.c
 src/ltc/ciphers/safer/safer_tab.c
 src/ltc/ciphers/safer/saferp.c
+src/ltc/ciphers/serpent.c
 src/ltc/ciphers/skipjack.c
 src/ltc/ciphers/twofish/twofish.c
 src/ltc/ciphers/twofish/twofish_tab.c
@@ -201,8 +215,6 @@ src/ltc/encauth/ocb3/ocb3_encrypt.c
 src/ltc/encauth/ocb3/ocb3_encrypt_authenticate_memory.c
 src/ltc/encauth/ocb3/ocb3_encrypt_last.c
 src/ltc/encauth/ocb3/ocb3_init.c
-src/ltc/encauth/ocb3/ocb3_int_aad_add_block.c
-src/ltc/encauth/ocb3/ocb3_int_calc_offset_zero.c
 src/ltc/encauth/ocb3/ocb3_int_ntz.c
 src/ltc/encauth/ocb3/ocb3_int_xor_blocks.c
 src/ltc/hashes/blake2b.c
@@ -293,18 +305,24 @@ src/ltc/mac/xcbc/xcbc_process.c
 src/ltc/math/fp/ltc_ecc_fp_mulmod.c
 src/ltc/math/ltm_desc.c
 src/ltc/math/multi.c
+src/ltc/math/radix_to_bin.c
 src/ltc/math/rand_bn.c
 src/ltc/math/rand_prime.c
 src/ltc/math/tfm_desc.c
 src/ltc/misc/adler32.c
+src/ltc/misc/base32/base32_decode.c
+src/ltc/misc/base32/base32_encode.c
 src/ltc/misc/base64/base64_decode.c
 src/ltc/misc/base64/base64_encode.c
 src/ltc/misc/burn_stack.c
+src/ltc/misc/compare_testvector.c
+src/ltc/misc/copy_or_zeromem.c
 src/ltc/misc/crc32.c
 src/ltc/misc/crypt/crypt.c
 src/ltc/misc/crypt/crypt_argchk.c
 src/ltc/misc/crypt/crypt_cipher_descriptor.c
 src/ltc/misc/crypt/crypt_cipher_is_valid.c
+src/ltc/misc/crypt/crypt_constants.c
 src/ltc/misc/crypt/crypt_find_cipher.c
 src/ltc/misc/crypt/crypt_find_cipher_any.c
 src/ltc/misc/crypt/crypt_find_cipher_id.c
@@ -320,9 +338,14 @@ src/ltc/misc/crypt/crypt_inits.c
 src/ltc/misc/crypt/crypt_ltc_mp_descriptor.c
 src/ltc/misc/crypt/crypt_prng_descriptor.c
 src/ltc/misc/crypt/crypt_prng_is_valid.c
+src/ltc/misc/crypt/crypt_prng_rng_descriptor.c
+src/ltc/misc/crypt/crypt_register_all_ciphers.c
+src/ltc/misc/crypt/crypt_register_all_hashes.c
+src/ltc/misc/crypt/crypt_register_all_prngs.c
 src/ltc/misc/crypt/crypt_register_cipher.c
 src/ltc/misc/crypt/crypt_register_hash.c
 src/ltc/misc/crypt/crypt_register_prng.c
+src/ltc/misc/crypt/crypt_sizes.c
 src/ltc/misc/crypt/crypt_unregister_cipher.c
 src/ltc/misc/crypt/crypt_unregister_hash.c
 src/ltc/misc/crypt/crypt_unregister_prng.c
@@ -370,6 +393,16 @@ src/ltc/pk/asn1/der/boolean/der_decode_boolean.c
 src/ltc/pk/asn1/der/boolean/der_encode_boolean.c
 src/ltc/pk/asn1/der/boolean/der_length_boolean.c
 src/ltc/pk/asn1/der/choice/der_decode_choice.c
+src/ltc/pk/asn1/der/custom_type/der_decode_custom_type.c
+src/ltc/pk/asn1/der/custom_type/der_encode_custom_type.c
+src/ltc/pk/asn1/der/custom_type/der_length_custom_type.c
+src/ltc/pk/asn1/der/general/der_asn1_maps.c
+src/ltc/pk/asn1/der/general/der_decode_asn1_identifier.c
+src/ltc/pk/asn1/der/general/der_decode_asn1_length.c
+src/ltc/pk/asn1/der/general/der_encode_asn1_identifier.c
+src/ltc/pk/asn1/der/general/der_encode_asn1_length.c
+src/ltc/pk/asn1/der/general/der_length_asn1_identifier.c
+src/ltc/pk/asn1/der/general/der_length_asn1_length.c
 src/ltc/pk/asn1/der/generalizedtime/der_decode_generalizedtime.c
 src/ltc/pk/asn1/der/generalizedtime/der_encode_generalizedtime.c
 src/ltc/pk/asn1/der/generalizedtime/der_length_generalizedtime.c
@@ -391,12 +424,11 @@ src/ltc/pk/asn1/der/printable_string/der_length_printable_string.c
 src/ltc/pk/asn1/der/sequence/der_decode_sequence_ex.c
 src/ltc/pk/asn1/der/sequence/der_decode_sequence_flexi.c
 src/ltc/pk/asn1/der/sequence/der_decode_sequence_multi.c
-src/ltc/pk/asn1/der/sequence/der_decode_subject_public_key_info.c
 src/ltc/pk/asn1/der/sequence/der_encode_sequence_ex.c
 src/ltc/pk/asn1/der/sequence/der_encode_sequence_multi.c
-src/ltc/pk/asn1/der/sequence/der_encode_subject_public_key_info.c
 src/ltc/pk/asn1/der/sequence/der_length_sequence.c
 src/ltc/pk/asn1/der/sequence/der_sequence_free.c
+src/ltc/pk/asn1/der/sequence/der_sequence_shrink.c
 src/ltc/pk/asn1/der/set/der_encode_set.c
 src/ltc/pk/asn1/der/set/der_encode_setof.c
 src/ltc/pk/asn1/der/short_integer/der_decode_short_integer.c
@@ -410,17 +442,28 @@ src/ltc/pk/asn1/der/utctime/der_length_utctime.c
 src/ltc/pk/asn1/der/utf8/der_decode_utf8_string.c
 src/ltc/pk/asn1/der/utf8/der_encode_utf8_string.c
 src/ltc/pk/asn1/der/utf8/der_length_utf8_string.c
+src/ltc/pk/asn1/x509/x509_decode_subject_public_key_info.c
+src/ltc/pk/asn1/x509/x509_encode_subject_public_key_info.c
 src/ltc/pk/dh/dh.c
-src/ltc/pk/dh/dh_static.c
+src/ltc/pk/dh/dh_check_pubkey.c
-src/ltc/pk/dh/dh_static.h
+src/ltc/pk/dh/dh_export.c
-src/ltc/pk/dh/dh_sys.c
+src/ltc/pk/dh/dh_export_key.c
+src/ltc/pk/dh/dh_free.c
+src/ltc/pk/dh/dh_generate_key.c
+src/ltc/pk/dh/dh_import.c
+src/ltc/pk/dh/dh_set.c
+src/ltc/pk/dh/dh_set_pg_dhparam.c
+src/ltc/pk/dh/dh_shared_secret.c
 src/ltc/pk/dsa/dsa_decrypt_key.c
 src/ltc/pk/dsa/dsa_encrypt_key.c
 src/ltc/pk/dsa/dsa_export.c
 src/ltc/pk/dsa/dsa_free.c
+src/ltc/pk/dsa/dsa_generate_key.c
+src/ltc/pk/dsa/dsa_generate_pqg.c
 src/ltc/pk/dsa/dsa_import.c
-src/ltc/pk/dsa/dsa_import_radix.c
 src/ltc/pk/dsa/dsa_make_key.c
+src/ltc/pk/dsa/dsa_set.c
+src/ltc/pk/dsa/dsa_set_pqg_dsaparam.c
 src/ltc/pk/dsa/dsa_shared_secret.c
 src/ltc/pk/dsa/dsa_sign_hash.c
 src/ltc/pk/dsa/dsa_verify_hash.c
@@ -429,33 +472,29 @@ src/ltc/pk/ecc/ecc.c
 src/ltc/pk/ecc/ecc_ansi_x963_export.c
 src/ltc/pk/ecc/ecc_ansi_x963_import.c
 src/ltc/pk/ecc/ecc_decrypt_key.c
-src/ltc/pk/ecc/ecc_dp_clear.c
-src/ltc/pk/ecc/ecc_dp_fill_from_sets.c
-src/ltc/pk/ecc/ecc_dp_from_oid.c
-src/ltc/pk/ecc/ecc_dp_from_params.c
-src/ltc/pk/ecc/ecc_dp_init.c
-src/ltc/pk/ecc/ecc_dp_set.c
 src/ltc/pk/ecc/ecc_encrypt_key.c
 src/ltc/pk/ecc/ecc_export.c
-src/ltc/pk/ecc/ecc_export_full.c
+src/ltc/pk/ecc/ecc_export_openssl.c
-src/ltc/pk/ecc/ecc_export_raw.c
 src/ltc/pk/ecc/ecc_free.c
+src/ltc/pk/ecc/ecc_get_key.c
+src/ltc/pk/ecc/ecc_get_set.c
 src/ltc/pk/ecc/ecc_get_size.c
 src/ltc/pk/ecc/ecc_import.c
-src/ltc/pk/ecc/ecc_import_full.c
+src/ltc/pk/ecc/ecc_import_openssl.c
 src/ltc/pk/ecc/ecc_import_pkcs8.c
-src/ltc/pk/ecc/ecc_import_raw.c
+src/ltc/pk/ecc/ecc_import_x509.c
 src/ltc/pk/ecc/ecc_make_key.c
+src/ltc/pk/ecc/ecc_set_dp.c
+src/ltc/pk/ecc/ecc_set_dp_internal.c
+src/ltc/pk/ecc/ecc_set_key.c
 src/ltc/pk/ecc/ecc_shared_secret.c
 src/ltc/pk/ecc/ecc_sign_hash.c
 src/ltc/pk/ecc/ecc_sizes.c
 src/ltc/pk/ecc/ecc_verify_hash.c
-src/ltc/pk/ecc/ecc_verify_key.c
 src/ltc/pk/ecc/ltc_ecc_export_point.c
 src/ltc/pk/ecc/ltc_ecc_import_point.c
 src/ltc/pk/ecc/ltc_ecc_is_point.c
 src/ltc/pk/ecc/ltc_ecc_is_point_at_infinity.c
-src/ltc/pk/ecc/ltc_ecc_is_valid_idx.c
 src/ltc/pk/ecc/ltc_ecc_map.c
 src/ltc/pk/ecc/ltc_ecc_mul2add.c
 src/ltc/pk/ecc/ltc_ecc_mulmod.c
@@ -463,6 +502,7 @@ src/ltc/pk/ecc/ltc_ecc_mulmod_timing.c
 src/ltc/pk/ecc/ltc_ecc_points.c
 src/ltc/pk/ecc/ltc_ecc_projective_add_point.c
 src/ltc/pk/ecc/ltc_ecc_projective_dbl_point.c
+src/ltc/pk/ecc/ltc_ecc_verify_key.c
 src/ltc/pk/pkcs1/pkcs_1_i2osp.c
 src/ltc/pk/pkcs1/pkcs_1_mgf1.c
 src/ltc/pk/pkcs1/pkcs_1_oaep_decode.c
@@ -480,9 +520,9 @@ src/ltc/pk/rsa/rsa_free.c
 src/ltc/pk/rsa/rsa_get_size.c
 src/ltc/pk/rsa/rsa_import.c
 src/ltc/pk/rsa/rsa_import_pkcs8.c
-src/ltc/pk/rsa/rsa_import_radix.c
 src/ltc/pk/rsa/rsa_import_x509.c
 src/ltc/pk/rsa/rsa_make_key.c
+src/ltc/pk/rsa/rsa_set.c
 src/ltc/pk/rsa/rsa_sign_hash.c
 src/ltc/pk/rsa/rsa_sign_saltlen_get.c
 src/ltc/pk/rsa/rsa_verify_hash.c
@@ -500,9 +540,16 @@ src/ltc/stream/chacha/chacha_ivctr32.c
 src/ltc/stream/chacha/chacha_ivctr64.c
 src/ltc/stream/chacha/chacha_keystream.c
 src/ltc/stream/chacha/chacha_setup.c
-src/ltc/stream/rc4/rc4.c
+src/ltc/stream/rabbit/rabbit.c
-src/ltc/stream/sober128/sober128.c
+src/ltc/stream/rc4/rc4_stream.c
+src/ltc/stream/salsa20/salsa20_crypt.c
+src/ltc/stream/salsa20/salsa20_done.c
+src/ltc/stream/salsa20/salsa20_ivctr64.c
+src/ltc/stream/salsa20/salsa20_keystream.c
+src/ltc/stream/salsa20/salsa20_setup.c
+src/ltc/stream/sober128/sober128_stream.c
 src/ltc/stream/sober128/sober128tab.c
+src/ltc/stream/sosemanuk/sosemanuk.c
 src/ltm/bn_error.c
 src/ltm/bn_fast_mp_invmod.c
 src/ltm/bn_fast_mp_montgomery_reduce.c
@@ -640,6 +687,8 @@ src/Makefile.nmake
 t/001_compile.t
 t/002_all_pm.t
 t/003_all_pm_pod.t
+t/004_all_pm_pod_spelling.t
+t/005_all_pm_pod_coverage.t
 t/auth_enc_ccm.t
 t/auth_enc_ccm_test_vector_ltc.t
 t/auth_enc_chacha20poly1305.t
@@ -658,6 +707,8 @@ t/cipher_camellia.t
 t/cipher_cast5.t
 t/cipher_des.t
 t/cipher_des_ede.t
+t/cipher_idea.t
+t/cipher_idea_compat.t
 t/cipher_kasumi.t
 t/cipher_khazad.t
 t/cipher_multi2.t
@@ -673,8 +724,12 @@ t/cipher_safer_sk64.t
 t/cipher_saferp.t
 t/cipher_seed.t
 t/cipher_seed_test_vectors_bc.t
+t/cipher_serpent.t
+t/cipher_serpent_compat.t
 t/cipher_skipjack.t
 t/cipher_stream.t
+t/cipher_stream_rabbit.t
+t/cipher_stream_salsa20.t
 t/cipher_test_vectors_ltc.t
 t/cipher_test_vectors_openssl.t
 t/cipher_twofish.t
@@ -765,6 +820,8 @@ t/data/openssl_ec1.pub.der
 t/data/openssl_ec1.pub.pem
 t/data/openssl_ec1.pubc.der
 t/data/openssl_ec1.pubc.pem
+t/data/openssl_rsa-x509.der
+t/data/openssl_rsa-x509.pem
 t/data/openssl_rsa1.der
 t/data/openssl_rsa1.pem
 t/data/openssl_rsa1.pubonly.der
@@ -858,6 +915,10 @@ t/digest_blake2s_160.t
 t/digest_blake2s_224.t
 t/digest_blake2s_256.t
 t/digest_chaes.t
+t/digest_keccak224.t
+t/digest_keccak256.t
+t/digest_keccak384.t
+t/digest_keccak512.t
 t/digest_md2.t
 t/digest_md4.t
 t/digest_md5.t
@@ -886,6 +947,7 @@ t/mac_blake2b.t
 t/mac_blake2s.t
 t/mac_f9.t
 t/mac_hmac.t
+t/mac_hmac_nist.t
 t/mac_hmac_test_vectors_ltc.t
 t/mac_omac.t
 t/mac_omac_test_vectors_ltc.t
@@ -926,4 +988,11 @@ t/prng_rc4.t
 t/prng_sober128.t
 t/prng_yarrow.t
 t/sshkey.t
+t/wycheproof.t
+t/wycheproof/aes_gcm_test.json
+t/wycheproof/dsa_test.json
+t/wycheproof/ecdh_webcrypto_test.json
+t/wycheproof/ecdsa_test.json
+t/wycheproof/ecdsa_webcrypto_test.json
+t/wycheproof/rsa_signature_test.json
 typemap

META.json

@@ -4,13 +4,13 @@
       "Karel Miko"
    ],
    "dynamic_config" : 1,
-   "generated_by" : "ExtUtils::MakeMaker version 7.24, CPAN::Meta::Converter version 2.150010",
+   "generated_by" : "ExtUtils::MakeMaker version 7.3, CPAN::Meta::Converter version 2.150010",
    "license" : [
       "perl_5"
    ],
    "meta-spec" : {
       "url" : "http://search.cpan.org/perldoc?CPAN::Meta::Spec",
-      "version" : "2"
+      "version" : 2
    },
    "name" : "CryptX",
    "no_index" : {
@@ -36,7 +36,7 @@
          }
       }
    },
-   "release_status" : "stable",
+   "release_status" : "unstable",
    "resources" : {
       "bugtracker" : {
          "web" : "https://github.com/DCIT/perl-CryptX/issues"
@@ -45,6 +45,6 @@
          "url" : "https://github.com/DCIT/perl-CryptX"
       }
    },
-   "version" : "0.048",
+   "version" : "0.058_002",
-   "x_serialization_backend" : "JSON::PP version 2.27400"
+   "x_serialization_backend" : "JSON::PP version 2.94"
 }

META.yml

@@ -7,7 +7,7 @@ build_requires:
 configure_requires:
   ExtUtils::MakeMaker: '0'
 dynamic_config: 1
-generated_by: 'ExtUtils::MakeMaker version 7.24, CPAN::Meta::Converter version 2.150010'
+generated_by: 'ExtUtils::MakeMaker version 7.3, CPAN::Meta::Converter version 2.150010'
 license: perl
 meta-spec:
   url: http://module-build.sourceforge.net/META-spec-v1.4.html
@@ -22,5 +22,5 @@ requires:
 resources:
   bugtracker: https://github.com/DCIT/perl-CryptX/issues
   repository: https://github.com/DCIT/perl-CryptX
-version: '0.048'
+version: 0.058_002
 x_serialization_backend: 'CPAN::Meta::YAML version 0.018'

Makefile.PL

@@ -3,26 +3,58 @@ use warnings;
 use ExtUtils::MakeMaker;
 use Config;
 
-my @myobjs = map { s|.c$|$Config{obj_ext}|; $_ } grep { $_ !~ m|^src/ltc/\.*tab\.c$| } (
+my (@EUMM_INC_LIB, $myarflags, $mycflags);
+
+if ($ENV{CRYPTX_CFLAGS} || $ENV{CRYPTX_LDFLAGS}) {
+  # EXPERIMENTAL: use system libraries libtomcrypt + libtommath
+  # e.g.
+  # CRYPTX_LDFLAGS='-L/usr/local/lib -ltommath -ltomcrypt' CRYPTX_CFLAGS='-DLTM_DESC -I/usr/local/include' perl Makefile.PL
+  print "CRYPTX_CFLAGS  = $ENV{CRYPTX_CFLAGS}\n"  if $ENV{CRYPTX_CFLAGS};
+  print "CRYPTX_LDFLAGS = $ENV{CRYPTX_LDFLAGS}\n" if $ENV{CRYPTX_LDFLAGS};
+  @EUMM_INC_LIB = (
+    INC      => $ENV{CRYPTX_CFLAGS},
+    LIBS     => [ $ENV{CRYPTX_LDFLAGS} ],
+  );
+}
+else {
+  # PREFERRED: use bundled libtomcrypt + libtommath (from ./src subdir)
+  my @myobjs = map { s|.c$|$Config{obj_ext}|; $_ } grep { $_ !~ m|^src/ltc/\.*tab\.c$| } (
       glob('src/ltm/*.c'),
       glob('src/ltc/*/*.c'),
       glob('src/ltc/*/*/*.c'),
       glob('src/ltc/*/*/*/*.c'),
       glob('src/ltc/*/*/*/*/*.c'),
-);
+  );
-my $myextlib = "src/liballinone$Config{lib_ext}";
+  $mycflags = "$Config{ccflags} $Config{cccdlflags} $Config{optimize}";
-my $mycflags = "$Config{cccdlflags} $Config{ccflags} $Config{optimize} -Iltm -Iltc/headers -DLTC_SOURCE -DLTC_NO_TEST -DLTC_NO_PROTOTYPES -DLTM_DESC";
 
-#FIX: gcc with -flto is a trouble maker see https://github.com/DCIT/perl-CryptX/issues/32
+  #FIX: this is particularly useful for Debian https://github.com/DCIT/perl-CryptX/pull/39
-$mycflags =~ s/-flto\b//g;
+  $mycflags .= " $ENV{CFLAGS}"   if $ENV{CFLAGS};
+  $mycflags .= " $ENV{CPPFLAGS}" if $ENV{CPPFLAGS};
 
-#FIX: avoid "ar: fatal: Numeric group ID too large" see https://github.com/DCIT/perl-CryptX/issues/33
+  #FIX: gcc with -flto is a trouble maker see https://github.com/DCIT/perl-CryptX/issues/32
-my $myarflags = '$(AR_STATIC_ARGS)';
+  $mycflags =~ s/-flto\b//g;
-if ($^O ne 'MSWin32' && $Config{ar}) {
+
+  #FIX: avoid -Wwrite-strings -Wcast-qual -pedantic -pedantic-errors -ansi -std=c89
+  $mycflags =~ s/-pedantic\b//g;
+  $mycflags =~ s/-pedantic-errors\b//g;
+  $mycflags =~ s/-std=c89\b//g;
+  $mycflags =~ s/-ansi\b//g;
+  $mycflags =~ s/-Wwrite-strings\b//g;
+  $mycflags =~ s/-Wcast-qual\b//g;
+
+  #FIX: avoid "ar: fatal: Numeric group ID too large" see https://github.com/DCIT/perl-CryptX/issues/33
+  $myarflags = '$(AR_STATIC_ARGS)';
+  if ($^O ne 'MSWin32' && $Config{ar}) {
     # for ar's "deterministic mode" we need GNU binutils 2.20+ (2009-10-16)
-  my $arver = `$Config{ar} --version`;
+    my $arver = `$Config{ar} --version 2>/dev/null`;
     my ($maj, $min) = $arver =~ /^GNU ar [^\d]*(\d)\.(\d+)\.\d+/s;
     $myarflags = 'rcD' if ($maj && $min && $maj >= 2 && $min >= 20) || $arver=~ /^BSD ar /;
+  }
+  @EUMM_INC_LIB = (
+    INC      => '-DLTM_DESC -Isrc/ltc/headers -Isrc/ltm',
+    MYEXTLIB => "src/liballinone$Config{lib_ext}",
+    clean    => { 'FILES' => join(' ', @myobjs, "src/liballinone$Config{lib_ext}") },
+  );
 }
 
 my %eumm_args = (
@@ -33,11 +65,8 @@ my %eumm_args = (
   MIN_PERL_VERSION => '5.006',
   LICENSE          => 'perl_5',
   META_MERGE       => { resources  => { repository => 'https://github.com/DCIT/perl-CryptX', bugtracker => 'https://github.com/DCIT/perl-CryptX/issues' } },
-  DEFINE           => '-DLTC_SOURCE -DLTC_NO_TEST -DLTC_NO_PROTOTYPES -DLTM_DESC',
+  dist             => { 'PREOP' => 'perldoc -u lib/CryptX.pm | pod2markdown > README.md' },
-  INC              => '-Isrc/ltc/headers -Isrc/ltm',
+  @EUMM_INC_LIB
-  LIBS             => [''],
-  MYEXTLIB         => $myextlib,
-  clean            => { 'FILES' => join(' ', @myobjs, $myextlib) },
 );
 
 my $eumm_ver = eval $ExtUtils::MakeMaker::VERSION;
@@ -48,40 +77,49 @@ delete $eumm_args{LICENSE}          if $eumm_ver < 6.31;
 
 WriteMakefile(%eumm_args);
 
-# ARFLAGS=\$(AR_STATIC_ARGS) RANLIB=\$(RANLIB) AR=\$(AR)
-
 sub MY::postamble {
-  my $myextlib = qq{
+  return "" unless $mycflags && $myarflags;
+
+  my $extra_targets = qq{
 \$(MYEXTLIB): src/Makefile
 	cd src && \$(MAKE) ARFLAGS="$myarflags" RANLIB="\$(RANLIB)" AR="\$(AR)" CC="\$(CC)" LIB_EXT=\$(LIB_EXT) OBJ_EXT=\$(OBJ_EXT) CFLAGS="$mycflags"
 };
 
-  $myextlib = qq{
+  $extra_targets = qq{
 \$(MYEXTLIB): src/Makefile
 	cd src && \$(MAKE) -f Makefile.nmake CFLAGS="$mycflags"
 } if $^O eq 'MSWin32' && $Config{make} =~ /nmake/ && $Config{cc} =~ /cl/;
 
-  $myextlib = qq{
+  $extra_targets = qq{
 \$(MYEXTLIB): src/Makefile
 	cd src && \$(MAKE) CC="$Config{cc}" CFLAGS="$mycflags"
 } if $^O eq 'MSWin32' && $Config{cc} =~ /gcc/;
 
-  my $version_patch = q{
+  $extra_targets .= q{
 versionsync:
 	$(NOECHO) perl _generators/version_patch.pl sync
-
 versioninc:
 	$(NOECHO) perl _generators/version_patch.pl inc
-
 versionincdev:
 	$(NOECHO) perl _generators/version_patch.pl incdev
-
 versiondec:
 	$(NOECHO) perl _generators/version_patch.pl dec
-
 versiondecdev:
 	$(NOECHO) perl _generators/version_patch.pl decdev
+gencode:
+	$(NOECHO) perl _generators/gen.pl gencode
+gentest: all
+	$(NOECHO) perl _generators/gen.pl gentest
+openssltest: all
+	$(NOECHO) perl -Mblib t/openssl/dsa-test.pl
+	$(NOECHO) perl -Mblib t/openssl/ecc-test.pl
+	$(NOECHO) perl -Mblib t/openssl/rsa-test.pl
+rebuild-pre:
+	$(RM_F) src/liballinone.a
+	$(TOUCH) CryptX.xs
+rebuild: rebuild-pre all
+
 };
 
-  return "$myextlib\n$version_patch";
+  return $extra_targets;
 }

README

@@ -1,68 +0,0 @@
-NAME
-    CryptX - Crypto toolkit (self-contained no external libraries needed)
-
-DESCRIPTION
-    Cryptography in CryptX is based on
-    <https://github.com/libtom/libtomcrypt>
-
-    Currently available modules:
-
-    *   Ciphers - see Crypt::Cipher and related modules
-
-        Crypt::Cipher::AES, Crypt::Cipher::Anubis, Crypt::Cipher::Blowfish,
-        Crypt::Cipher::Camellia, Crypt::Cipher::CAST5, Crypt::Cipher::DES,
-        Crypt::Cipher::DES_EDE, Crypt::Cipher::KASUMI,
-        Crypt::Cipher::Khazad, Crypt::Cipher::MULTI2,
-        Crypt::Cipher::Noekeon, Crypt::Cipher::RC2, Crypt::Cipher::RC5,
-        Crypt::Cipher::RC6, Crypt::Cipher::SAFERP,
-        Crypt::Cipher::SAFER_K128, Crypt::Cipher::SAFER_K64,
-        Crypt::Cipher::SAFER_SK128, Crypt::Cipher::SAFER_SK64,
-        Crypt::Cipher::SEED, Crypt::Cipher::Skipjack,
-        Crypt::Cipher::Twofish, Crypt::Cipher::XTEA
-
-    *   Block cipher modes
-
-        Crypt::Mode::CBC, Crypt::Mode::CFB, Crypt::Mode::CTR,
-        Crypt::Mode::ECB, Crypt::Mode::OFB
-
-    *   Authenticated encryption modes
-
-        Crypt::AuthEnc::CCM, Crypt::AuthEnc::EAX, Crypt::AuthEnc::GCM,
-        Crypt::AuthEnc::OCB
-
-    *   Hash Functions - see Crypt::Digest and related modules
-
-        Crypt::Digest::CHAES, Crypt::Digest::MD2, Crypt::Digest::MD4,
-        Crypt::Digest::MD5, Crypt::Digest::RIPEMD128,
-        Crypt::Digest::RIPEMD160, Crypt::Digest::RIPEMD256,
-        Crypt::Digest::RIPEMD320, Crypt::Digest::SHA1,
-        Crypt::Digest::SHA224, Crypt::Digest::SHA256, Crypt::Digest::SHA384,
-        Crypt::Digest::SHA512, Crypt::Digest::SHA512_224,
-        Crypt::Digest::SHA512_256, Crypt::Digest::Tiger192,
-        Crypt::Digest::Whirlpool
-
-    *   Message Authentication Codes
-
-        Crypt::Mac::F9, Crypt::Mac::HMAC, Crypt::Mac::OMAC,
-        Crypt::Mac::Pelican, Crypt::Mac::PMAC, Crypt::Mac::XCBC
-
-    *   Public key cryptography
-
-        Crypt::PK::RSA, Crypt::PK::DSA, Crypt::PK::ECC, Crypt::PK::DH
-
-    *   Cryptographically secure random number generators
-
-        Crypt::PRNG, Crypt::PRNG::Fortuna, Crypt::PRNG::Yarrow,
-        Crypt::PRNG::RC4, Crypt::PRNG::Sober128
-
-    *   Key derivation functions - PBKDF1, PBKFD2 and HKDF
-
-        Crypt::KeyDerivation
-
-LICENSE
-    This program is free software; you can redistribute it and/or modify it
-    under the same terms as Perl itself.
-
-COPYRIGHT
-    Copyright (c) 2013-2015 DCIT, a.s. <http://www.dcit.cz> / Karel Miko
-

README.md

@@ -0,0 +1,73 @@
+# NAME
+
+CryptX - Cryptographic toolkit (self-contained, no external libraries needed)
+
+# DESCRIPTION
+
+Cryptography in CryptX is based on [https://github.com/libtom/libtomcrypt](https://github.com/libtom/libtomcrypt)
+
+Available modules:
+
+- Symmetric ciphers - see [Crypt::Cipher](https://metacpan.org/pod/Crypt::Cipher) and related modules
+
+    [Crypt::Cipher::AES](https://metacpan.org/pod/Crypt::Cipher::AES), [Crypt::Cipher::Anubis](https://metacpan.org/pod/Crypt::Cipher::Anubis), [Crypt::Cipher::Blowfish](https://metacpan.org/pod/Crypt::Cipher::Blowfish), [Crypt::Cipher::Camellia](https://metacpan.org/pod/Crypt::Cipher::Camellia), [Crypt::Cipher::CAST5](https://metacpan.org/pod/Crypt::Cipher::CAST5), [Crypt::Cipher::DES](https://metacpan.org/pod/Crypt::Cipher::DES),
+    [Crypt::Cipher::DES\_EDE](https://metacpan.org/pod/Crypt::Cipher::DES_EDE), [Crypt::Cipher::IDEA](https://metacpan.org/pod/Crypt::Cipher::IDEA), [Crypt::Cipher::KASUMI](https://metacpan.org/pod/Crypt::Cipher::KASUMI), [Crypt::Cipher::Khazad](https://metacpan.org/pod/Crypt::Cipher::Khazad), [Crypt::Cipher::MULTI2](https://metacpan.org/pod/Crypt::Cipher::MULTI2), [Crypt::Cipher::Noekeon](https://metacpan.org/pod/Crypt::Cipher::Noekeon),
+    [Crypt::Cipher::RC2](https://metacpan.org/pod/Crypt::Cipher::RC2), [Crypt::Cipher::RC5](https://metacpan.org/pod/Crypt::Cipher::RC5), [Crypt::Cipher::RC6](https://metacpan.org/pod/Crypt::Cipher::RC6), [Crypt::Cipher::SAFERP](https://metacpan.org/pod/Crypt::Cipher::SAFERP), [Crypt::Cipher::SAFER\_K128](https://metacpan.org/pod/Crypt::Cipher::SAFER_K128), [Crypt::Cipher::SAFER\_K64](https://metacpan.org/pod/Crypt::Cipher::SAFER_K64),
+    [Crypt::Cipher::SAFER\_SK128](https://metacpan.org/pod/Crypt::Cipher::SAFER_SK128), [Crypt::Cipher::SAFER\_SK64](https://metacpan.org/pod/Crypt::Cipher::SAFER_SK64), [Crypt::Cipher::SEED](https://metacpan.org/pod/Crypt::Cipher::SEED), [Crypt::Cipher::Serpent](https://metacpan.org/pod/Crypt::Cipher::Serpent), [Crypt::Cipher::Skipjack](https://metacpan.org/pod/Crypt::Cipher::Skipjack),
+    [Crypt::Cipher::Twofish](https://metacpan.org/pod/Crypt::Cipher::Twofish), [Crypt::Cipher::XTEA](https://metacpan.org/pod/Crypt::Cipher::XTEA)
+
+- Block cipher modes
+
+    [Crypt::Mode::CBC](https://metacpan.org/pod/Crypt::Mode::CBC), [Crypt::Mode::CFB](https://metacpan.org/pod/Crypt::Mode::CFB), [Crypt::Mode::CTR](https://metacpan.org/pod/Crypt::Mode::CTR), [Crypt::Mode::ECB](https://metacpan.org/pod/Crypt::Mode::ECB), [Crypt::Mode::OFB](https://metacpan.org/pod/Crypt::Mode::OFB)
+
+- Stream ciphers
+
+    [Crypt::Stream::RC4](https://metacpan.org/pod/Crypt::Stream::RC4), [Crypt::Stream::ChaCha](https://metacpan.org/pod/Crypt::Stream::ChaCha), [Crypt::Stream::Salsa20](https://metacpan.org/pod/Crypt::Stream::Salsa20), [Crypt::Stream::Sober128](https://metacpan.org/pod/Crypt::Stream::Sober128),
+    [Crypt::Stream::Sosemanuk](https://metacpan.org/pod/Crypt::Stream::Sosemanuk), [Crypt::Stream::Rabbit](https://metacpan.org/pod/Crypt::Stream::Rabbit)
+
+- Authenticated encryption modes
+
+    [Crypt::AuthEnc::CCM](https://metacpan.org/pod/Crypt::AuthEnc::CCM), [Crypt::AuthEnc::EAX](https://metacpan.org/pod/Crypt::AuthEnc::EAX), [Crypt::AuthEnc::GCM](https://metacpan.org/pod/Crypt::AuthEnc::GCM), [Crypt::AuthEnc::OCB](https://metacpan.org/pod/Crypt::AuthEnc::OCB), [Crypt::AuthEnc::ChaCha20Poly1305](https://metacpan.org/pod/Crypt::AuthEnc::ChaCha20Poly1305)
+
+- Hash Functions - see [Crypt::Digest](https://metacpan.org/pod/Crypt::Digest) and related modules
+
+    [Crypt::Digest::BLAKE2b\_160](https://metacpan.org/pod/Crypt::Digest::BLAKE2b_160), [Crypt::Digest::BLAKE2b\_256](https://metacpan.org/pod/Crypt::Digest::BLAKE2b_256), [Crypt::Digest::BLAKE2b\_384](https://metacpan.org/pod/Crypt::Digest::BLAKE2b_384), [Crypt::Digest::BLAKE2b\_512](https://metacpan.org/pod/Crypt::Digest::BLAKE2b_512),
+    [Crypt::Digest::BLAKE2s\_128](https://metacpan.org/pod/Crypt::Digest::BLAKE2s_128), [Crypt::Digest::BLAKE2s\_160](https://metacpan.org/pod/Crypt::Digest::BLAKE2s_160), [Crypt::Digest::BLAKE2s\_224](https://metacpan.org/pod/Crypt::Digest::BLAKE2s_224), [Crypt::Digest::BLAKE2s\_256](https://metacpan.org/pod/Crypt::Digest::BLAKE2s_256),
+    [Crypt::Digest::CHAES](https://metacpan.org/pod/Crypt::Digest::CHAES), [Crypt::Digest::MD2](https://metacpan.org/pod/Crypt::Digest::MD2), [Crypt::Digest::MD4](https://metacpan.org/pod/Crypt::Digest::MD4), [Crypt::Digest::MD5](https://metacpan.org/pod/Crypt::Digest::MD5), [Crypt::Digest::RIPEMD128](https://metacpan.org/pod/Crypt::Digest::RIPEMD128), [Crypt::Digest::RIPEMD160](https://metacpan.org/pod/Crypt::Digest::RIPEMD160),
+    [Crypt::Digest::RIPEMD256](https://metacpan.org/pod/Crypt::Digest::RIPEMD256), [Crypt::Digest::RIPEMD320](https://metacpan.org/pod/Crypt::Digest::RIPEMD320), [Crypt::Digest::SHA1](https://metacpan.org/pod/Crypt::Digest::SHA1), [Crypt::Digest::SHA224](https://metacpan.org/pod/Crypt::Digest::SHA224), [Crypt::Digest::SHA256](https://metacpan.org/pod/Crypt::Digest::SHA256), [Crypt::Digest::SHA384](https://metacpan.org/pod/Crypt::Digest::SHA384),
+    [Crypt::Digest::SHA512](https://metacpan.org/pod/Crypt::Digest::SHA512), [Crypt::Digest::SHA512\_224](https://metacpan.org/pod/Crypt::Digest::SHA512_224), [Crypt::Digest::SHA512\_256](https://metacpan.org/pod/Crypt::Digest::SHA512_256), [Crypt::Digest::Tiger192](https://metacpan.org/pod/Crypt::Digest::Tiger192), [Crypt::Digest::Whirlpool](https://metacpan.org/pod/Crypt::Digest::Whirlpool),
+    [Crypt::Digest::Keccak224](https://metacpan.org/pod/Crypt::Digest::Keccak224), [Crypt::Digest::Keccak256](https://metacpan.org/pod/Crypt::Digest::Keccak256), [Crypt::Digest::Keccak384](https://metacpan.org/pod/Crypt::Digest::Keccak384), [Crypt::Digest::Keccak512](https://metacpan.org/pod/Crypt::Digest::Keccak512),
+    [Crypt::Digest::SHA3\_224](https://metacpan.org/pod/Crypt::Digest::SHA3_224), [Crypt::Digest::SHA3\_256](https://metacpan.org/pod/Crypt::Digest::SHA3_256), [Crypt::Digest::SHA3\_384](https://metacpan.org/pod/Crypt::Digest::SHA3_384), [Crypt::Digest::SHA3\_512](https://metacpan.org/pod/Crypt::Digest::SHA3_512), [Crypt::Digest::SHAKE](https://metacpan.org/pod/Crypt::Digest::SHAKE)
+
+- Checksums
+
+    [Crypt::Checksum::Adler32](https://metacpan.org/pod/Crypt::Checksum::Adler32), [Crypt::Checksum::CRC32](https://metacpan.org/pod/Crypt::Checksum::CRC32)
+
+- Message Authentication Codes
+
+    [Crypt::Mac::BLAKE2b](https://metacpan.org/pod/Crypt::Mac::BLAKE2b), [Crypt::Mac::BLAKE2s](https://metacpan.org/pod/Crypt::Mac::BLAKE2s), [Crypt::Mac::F9](https://metacpan.org/pod/Crypt::Mac::F9), [Crypt::Mac::HMAC](https://metacpan.org/pod/Crypt::Mac::HMAC), [Crypt::Mac::OMAC](https://metacpan.org/pod/Crypt::Mac::OMAC),
+    [Crypt::Mac::Pelican](https://metacpan.org/pod/Crypt::Mac::Pelican), [Crypt::Mac::PMAC](https://metacpan.org/pod/Crypt::Mac::PMAC), [Crypt::Mac::XCBC](https://metacpan.org/pod/Crypt::Mac::XCBC), [Crypt::Mac::Poly1305](https://metacpan.org/pod/Crypt::Mac::Poly1305)
+
+- Public key cryptography
+
+    [Crypt::PK::RSA](https://metacpan.org/pod/Crypt::PK::RSA), [Crypt::PK::DSA](https://metacpan.org/pod/Crypt::PK::DSA), [Crypt::PK::ECC](https://metacpan.org/pod/Crypt::PK::ECC), [Crypt::PK::DH](https://metacpan.org/pod/Crypt::PK::DH)
+
+- Cryptographically secure random number generators - see [Crypt::PRNG](https://metacpan.org/pod/Crypt::PRNG) and related modules
+
+    [Crypt::PRNG::Fortuna](https://metacpan.org/pod/Crypt::PRNG::Fortuna), [Crypt::PRNG::Yarrow](https://metacpan.org/pod/Crypt::PRNG::Yarrow), [Crypt::PRNG::RC4](https://metacpan.org/pod/Crypt::PRNG::RC4), [Crypt::PRNG::Sober128](https://metacpan.org/pod/Crypt::PRNG::Sober128), [Crypt::PRNG::ChaCha20](https://metacpan.org/pod/Crypt::PRNG::ChaCha20)
+
+- Key derivation functions - PBKDF1, PBKDF2 and HKDF
+
+    [Crypt::KeyDerivation](https://metacpan.org/pod/Crypt::KeyDerivation)
+
+- Other handy functions related to cryptography
+
+    [Crypt::Misc](https://metacpan.org/pod/Crypt::Misc)
+
+# LICENSE
+
+This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.
+
+# COPYRIGHT
+
+Copyright (c) 2013+ DCIT, a.s. [https://www.dcit.cz](https://www.dcit.cz) / Karel Miko

inc/CryptX_AuthEnc_CCM.xs.inc

@@ -1,90 +1,230 @@
 MODULE = CryptX       PACKAGE = Crypt::AuthEnc::CCM
 
+PROTOTYPES: DISABLE
+
+Crypt::AuthEnc::CCM
+new(Class, char * cipher_name, SV * key, SV * nonce, SV * adata, int tag_len, int pt_len)
+    CODE:
+    {
+        unsigned char *k=NULL;
+        STRLEN k_len=0;
+        unsigned char *n=NULL;
+        STRLEN n_len=0;
+        unsigned char *h=NULL;
+        STRLEN h_len=0;
+        int rv, id;
+
+        if (tag_len < 1 || tag_len > MAXBLOCKSIZE) croak("FATAL: invalid tag_len %d", tag_len);
+        if (pt_len < 0)    croak("FATAL: invalid pt_len");
+        if (!SvPOK(key))   croak("FATAL: key must be string/buffer scalar");
+        k = (unsigned char *) SvPVbyte(key, k_len);
+        if (!SvPOK(nonce)) croak("FATAL: nonce must be string/buffer scalar");
+        n = (unsigned char *) SvPVbyte(nonce, n_len);
+        if (!SvPOK(adata)) croak("FATAL: adata must be string/buffer scalar");
+        h = (unsigned char *) SvPVbyte(adata, h_len);
+
+        id = _find_cipher(cipher_name);
+        if (id == -1) croak("FATAL: find_cipfer failed for '%s'", cipher_name);
+
+        Newz(0, RETVAL, 1, ccm_state);
+        if (!RETVAL) croak("FATAL: Newz failed");
+
+        rv = ccm_init(RETVAL, id, k, (int)k_len, (int)pt_len, (int)tag_len, (int)h_len); /* XXX-TODO why int? */
+        if (rv != CRYPT_OK) {
+          Safefree(RETVAL);
+          croak("FATAL: ccm_init failed: %s", error_to_string(rv));
+        }
+        rv = ccm_add_nonce(RETVAL, n, (unsigned long)n_len);
+        if (rv != CRYPT_OK) {
+          Safefree(RETVAL);
+          croak("FATAL: ccm_add_nonce failed: %s", error_to_string(rv));
+        }
+        rv = ccm_add_aad(RETVAL, h, (unsigned long)h_len);
+        if (rv != CRYPT_OK) {
+          Safefree(RETVAL);
+          croak("FATAL: ccm_add_aad failed: %s", error_to_string(rv));
+        }
+    }
+    OUTPUT:
+        RETVAL
+
 void
-_memory_encrypt(char *cipher_name, SV *key, SV *nonce, SV *header, unsigned long tag_len, SV *plaintext)
+DESTROY(Crypt::AuthEnc::CCM self)
+    CODE:
+        Safefree(self);
+
+Crypt::AuthEnc::CCM
+clone(Crypt::AuthEnc::CCM self)
+    CODE:
+        Newz(0, RETVAL, 1, ccm_state);
+        if (!RETVAL) croak("FATAL: Newz failed");
+        Copy(self, RETVAL, 1, ccm_state);
+    OUTPUT:
+        RETVAL
+
+SV *
+encrypt_add(Crypt::AuthEnc::CCM self, SV * data)
+    CODE:
+    {
+        int rv;
+        STRLEN in_data_len;
+        unsigned char *in_data, *out_data;
+
+        in_data = (unsigned char *)SvPVbyte(data, in_data_len);
+        if (in_data_len == 0) {
+          RETVAL = newSVpvn("", 0);
+        }
+        else {
+          RETVAL = NEWSV(0, in_data_len); /* avoid zero! */
+          SvPOK_only(RETVAL);
+          SvCUR_set(RETVAL, in_data_len);
+          out_data = (unsigned char *)SvPVX(RETVAL);
+          rv = ccm_process(self, in_data, (unsigned long)in_data_len, out_data, CCM_ENCRYPT);
+          if (rv != CRYPT_OK) {
+            SvREFCNT_dec(RETVAL);
+            croak("FATAL: ccm_process failed: %s", error_to_string(rv));
+          }
+        }
+    }
+    OUTPUT:
+        RETVAL
+
+SV *
+decrypt_add(Crypt::AuthEnc::CCM self, SV * data)
+    CODE:
+    {
+        int rv;
+        STRLEN in_data_len;
+        unsigned char *in_data, *out_data;
+
+        in_data = (unsigned char *)SvPVbyte(data, in_data_len);
+        if (in_data_len == 0) {
+          RETVAL = newSVpvn("", 0);
+        }
+        else {
+          RETVAL = NEWSV(0, in_data_len); /* avoid zero! */
+          SvPOK_only(RETVAL);
+          SvCUR_set(RETVAL, in_data_len);
+          out_data = (unsigned char *)SvPVX(RETVAL);
+          rv = ccm_process(self, out_data, (unsigned long)in_data_len, in_data, CCM_DECRYPT);
+          if (rv != CRYPT_OK) {
+            SvREFCNT_dec(RETVAL);
+            croak("FATAL: ccm_process failed: %s", error_to_string(rv));
+          }
+        }
+    }
+    OUTPUT:
+        RETVAL
+
+void
+encrypt_done(Crypt::AuthEnc::CCM self)
     PPCODE:
     {
-        STRLEN k_len, n_len, h_len, pt_len;
+        int rv;
-        unsigned char *k, *n, *h, *pt;
-        int rv, id;
         unsigned char tag[MAXBLOCKSIZE];
-        SV *ct;
+        unsigned long tag_len = MAXBLOCKSIZE;
-
-        if (!SvPOK(key))       croak("FATAL: key must be string/buffer scalar");
-        if (!SvPOK(nonce))     croak("FATAL: nonce must be string/buffer scalar");
-        if (!SvPOK(header))    croak("FATAL: header must be string/buffer scalar");
-        if (!SvPOK(plaintext)) croak("FATAL: plaintext must be string/buffer scalar");
-        k  = (unsigned char *) SvPVbyte(key, k_len);
-        n  = (unsigned char *) SvPVbyte(nonce, n_len);
-        h  = (unsigned char *) SvPVbyte(header, h_len);
-        pt = (unsigned char *) SvPVbyte(plaintext, pt_len);
-
-        id = find_cipher(cipher_name);
-        if(id==-1) croak("FATAL: find_cipfer failed for '%s'", cipher_name);
-
-        ct = NEWSV(0, pt_len);
-        SvPOK_only(ct);
-        SvCUR_set(ct, pt_len);
-
-        if(tag_len<4 || tag_len>16) tag_len = 16;
-
-        rv = ccm_memory(id, k, (unsigned long)k_len, NULL, n, (unsigned long)n_len, h, (unsigned long)h_len,
-                        pt, (unsigned long)pt_len, (unsigned char *)SvPV_nolen(ct), tag, &tag_len, CCM_ENCRYPT);
-        if (rv != CRYPT_OK) croak("FATAL: ccm_memory failed: %s", error_to_string(rv));
-
-        XPUSHs(sv_2mortal(ct));
-        XPUSHs(sv_2mortal(newSVpvn((char*)tag,tag_len)));
-
-        /* int ccm_memory( int cipher,
-                           const unsigned char *key,       unsigned long keylen,
-                           symmetric_key *uskey,
-                           const unsigned char *nonce,     unsigned long noncelen,
-                           const unsigned char *header,    unsigned long headerlen,
-                           unsigned char *pt,              unsigned long ptlen,
-                           unsigned char *ct,
-                           unsigned char *tag,             unsigned long *taglen,
-                           int direction); */
 
+        rv = ccm_done(self, tag, &tag_len);
+        if (rv != CRYPT_OK) croak("FATAL: ccm_done failed: %s", error_to_string(rv));
+        XPUSHs(sv_2mortal(newSVpvn((char*)tag, tag_len)));
     }
 
 void
-_memory_decrypt(char *cipher_name, SV *key, SV *nonce, SV *header, SV *ciphertext, SV *tag)
+decrypt_done(Crypt::AuthEnc::CCM self, ...)
     PPCODE:
     {
-        STRLEN k_len, n_len, h_len, ct_len, t_len;
+        int rv;
-        unsigned char *k, *n, *h, *ct, *t;
+        unsigned char tag[MAXBLOCKSIZE];
+        unsigned long tag_len = MAXBLOCKSIZE;
+        STRLEN expected_tag_len;
+        unsigned char *expected_tag;
+
+        rv = ccm_done(self, tag, &tag_len);
+        if (rv != CRYPT_OK) croak("FATAL: ccm_done failed: %s", error_to_string(rv));
+        if (items == 1) {
+          XPUSHs(sv_2mortal(newSVpvn((char*)tag, tag_len)));
+        }
+        else {
+          if (!SvPOK(ST(1))) croak("FATAL: expected_tag must be string/buffer scalar");
+          expected_tag = (unsigned char *) SvPVbyte(ST(1), expected_tag_len);
+          if (expected_tag_len!=tag_len) {
+            XPUSHs(sv_2mortal(newSViv(0))); /* false */
+          }
+          else if (memNE(expected_tag, tag, tag_len)) {
+            XPUSHs(sv_2mortal(newSViv(0))); /* false */
+          }
+          else {
+            XPUSHs(sv_2mortal(newSViv(1))); /* true */
+          }
+        }
+    }
+
+void
+ccm_encrypt_authenticate(char *cipher_name, SV *key, SV *nonce, SV *header, unsigned long tag_len, SV *plaintext)
+    PPCODE:
+    {
+        STRLEN k_len = 0, n_len = 0, h_len = 0, pt_len = 0;
+        unsigned char *k = NULL, *n = NULL, *h = NULL, *pt = NULL;
         int rv, id;
-        unsigned char xtag[MAXBLOCKSIZE];
+        unsigned char tag[MAXBLOCKSIZE];
-        unsigned long xtag_len;
+        SV *output;
-        SV *pt;
 
-        if (!SvPOK(key))        croak("FATAL: key must be string/buffer scalar");
+        if (SvPOK(key))       k  = (unsigned char *) SvPVbyte(key, k_len);
-        if (!SvPOK(nonce))      croak("FATAL: nonce must be string/buffer scalar");
+        if (SvPOK(nonce))     n  = (unsigned char *) SvPVbyte(nonce, n_len);
-        if (!SvPOK(header))     croak("FATAL: header must be string/buffer scalar");
+        if (SvPOK(plaintext)) pt = (unsigned char *) SvPVbyte(plaintext, pt_len);
-        if (!SvPOK(ciphertext)) croak("FATAL: ciphertext must be string/buffer scalar");
+        if (SvPOK(header))    h  = (unsigned char *) SvPVbyte(header, h_len);
-        if (!SvPOK(tag))        croak("FATAL: tag must be string/buffer scalar");
-        k  = (unsigned char *) SvPVbyte(key, k_len);
-        n  = (unsigned char *) SvPVbyte(nonce, n_len);
-        h  = (unsigned char *) SvPVbyte(header, h_len);
-        ct = (unsigned char *) SvPVbyte(ciphertext, ct_len);
-        t  = (unsigned char *) SvPVbyte(tag, t_len);
 
-        id = find_cipher(cipher_name);
+        id = _find_cipher(cipher_name);
         if(id==-1) croak("FATAL: find_cipfer failed for '%s'", cipher_name);
-
+        output = NEWSV(0, pt_len > 0 ? pt_len : 1); /* avoid zero! */
-        pt = NEWSV(0, ct_len);
+        SvPOK_only(output);
-        SvPOK_only(pt);
+        SvCUR_set(output, pt_len);
-        SvCUR_set(pt, ct_len);
+        if(tag_len < 4 || tag_len > 16) tag_len = 16;
-
-        xtag_len = (unsigned long)t_len;
-        Copy(t, xtag, t_len, unsigned char);
 
         rv = ccm_memory(id, k, (unsigned long)k_len, NULL, n, (unsigned long)n_len, h, (unsigned long)h_len,
-                        (unsigned char *)SvPV_nolen(pt), (unsigned long)ct_len, ct, xtag, &xtag_len, CCM_DECRYPT);
+                        pt, (unsigned long)pt_len, (unsigned char *)SvPVX(output), tag, &tag_len, CCM_ENCRYPT);
+
         if (rv != CRYPT_OK) {
+          SvREFCNT_dec(output);
+          croak("FATAL: ccm_memory failed: %s", error_to_string(rv));
+        }
+        XPUSHs(sv_2mortal(output));
+        XPUSHs(sv_2mortal(newSVpvn((char*)tag, tag_len)));
+    }
+
+void
+ccm_decrypt_verify(char *cipher_name, SV *key, SV *nonce, SV *header, SV *ciphertext, SV *tagsv)
+    PPCODE:
+    {
+        STRLEN k_len = 0, n_len = 0, h_len = 0, ct_len = 0, t_len = 0;
+        unsigned char *k = NULL, *n = NULL, *h = NULL, *ct = NULL, *t = NULL;
+        int rv, id;
+        unsigned char tag[MAXBLOCKSIZE];
+        unsigned long tag_len;
+        SV *output;
+
+        if (SvPOK(key))        k  = (unsigned char *) SvPVbyte(key, k_len);
+        if (SvPOK(nonce))      n  = (unsigned char *) SvPVbyte(nonce, n_len);
+        if (SvPOK(ciphertext)) ct = (unsigned char *) SvPVbyte(ciphertext, ct_len);
+        if (SvPOK(tagsv))      t  = (unsigned char *) SvPVbyte(tagsv, t_len);
+        if (SvPOK(header))     h  = (unsigned char *) SvPVbyte(header, h_len);
+
+        id = _find_cipher(cipher_name);
+        if(id==-1) croak("FATAL: find_cipfer failed for '%s'", cipher_name);
+        output = NEWSV(0, ct_len > 0 ? ct_len : 1); /* avoid zero! */
+        SvPOK_only(output);
+        SvCUR_set(output, ct_len);
+        tag_len = (unsigned long)t_len;
+        Copy(t, tag, t_len, unsigned char);
+
+        rv = ccm_memory(id, k, (unsigned long)k_len, NULL, n, (unsigned long)n_len, h, (unsigned long)h_len,
+                        (unsigned char *)SvPVX(output), (unsigned long)ct_len, ct, tag, &tag_len, CCM_DECRYPT);
+
+        if (rv != CRYPT_OK) {
+          SvREFCNT_dec(output);
           XPUSHs(sv_2mortal(newSVpvn(NULL,0))); /* undef */
         }
         else {
-          XPUSHs(sv_2mortal(pt));
+          XPUSHs(sv_2mortal(output));
         }
     }

inc/CryptX_AuthEnc_ChaCha20Poly1305.xs.inc

@@ -1,7 +1,9 @@
 MODULE = CryptX       PACKAGE = Crypt::AuthEnc::ChaCha20Poly1305
 
+PROTOTYPES: DISABLE
+
 Crypt::AuthEnc::ChaCha20Poly1305
-_new(SV * key, SV * nonce = NULL)
+new(Class, SV * key, SV * nonce = NULL)
     CODE:
     {
         int rv;
@@ -15,15 +17,21 @@ _new(SV * key, SV * nonce = NULL)
           iv = (unsigned char *) SvPVbyte(nonce, iv_len);
         }
 
-        Newz(0, RETVAL, 1, struct chacha20poly1305_struct);
+        Newz(0, RETVAL, 1, chacha20poly1305_state);
         if (!RETVAL) croak("FATAL: Newz failed");
 
-        rv = chacha20poly1305_init(&RETVAL->state, k, (unsigned long)k_len);
+        rv = chacha20poly1305_init(RETVAL, k, (unsigned long)k_len);
-        if (rv != CRYPT_OK) croak("FATAL: chacha20poly1305_init failed: %s", error_to_string(rv));
+        if (rv != CRYPT_OK) {
+          Safefree(RETVAL);
+          croak("FATAL: chacha20poly1305_init failed: %s", error_to_string(rv));
+        }
 
         if (iv && iv_len > 0) {
-          rv = chacha20poly1305_setiv(&RETVAL->state, iv, (unsigned long)iv_len);
+          rv = chacha20poly1305_setiv(RETVAL, iv, (unsigned long)iv_len);
-          if (rv != CRYPT_OK) croak("FATAL: chacha20poly1305_setiv failed: %s", error_to_string(rv));
+          if (rv != CRYPT_OK) {
+            Safefree(RETVAL);
+            croak("FATAL: chacha20poly1305_setiv failed: %s", error_to_string(rv));
+          }
         }
     }
     OUTPUT:
@@ -37,15 +45,15 @@ DESTROY(Crypt::AuthEnc::ChaCha20Poly1305 self)
 Crypt::AuthEnc::ChaCha20Poly1305
 clone(Crypt::AuthEnc::ChaCha20Poly1305 self)
     CODE:
-        Newz(0, RETVAL, 1, struct chacha20poly1305_struct);
+        Newz(0, RETVAL, 1, chacha20poly1305_state);
         if (!RETVAL) croak("FATAL: Newz failed");
-        Copy(&self->state, &RETVAL->state, 1, struct chacha20poly1305_struct);
+        Copy(self, RETVAL, 1, chacha20poly1305_state);
     OUTPUT:
         RETVAL
 
-int
+void
 set_iv(Crypt::AuthEnc::ChaCha20Poly1305 self, SV * nonce)
-    CODE:
+    PPCODE:
     {
         int rv;
         STRLEN iv_len=0;
@@ -53,16 +61,14 @@ set_iv(Crypt::AuthEnc::ChaCha20Poly1305 self, SV * nonce)
 
         if (!SvPOK(nonce)) croak("FATAL: nonce must be string/buffer scalar");
         iv = (unsigned char *) SvPVbyte(nonce, iv_len);
-        rv = chacha20poly1305_setiv(&self->state, iv, (unsigned long)iv_len);
+        rv = chacha20poly1305_setiv(self, iv, (unsigned long)iv_len);
         if (rv != CRYPT_OK) croak("FATAL: chacha20poly1305_setiv failed: %s", error_to_string(rv));
-        RETVAL = rv;
+        XPUSHs(ST(0)); /* return self */;
     }
-    OUTPUT:
-        RETVAL
 
-int
+void
 set_iv_rfc7905(Crypt::AuthEnc::ChaCha20Poly1305 self, SV * nonce, UV seqnum)
-    CODE:
+    PPCODE:
     {
         int rv;
         STRLEN iv_len=0;
@@ -70,28 +76,24 @@ set_iv_rfc7905(Crypt::AuthEnc::ChaCha20Poly1305 self, SV * nonce, UV seqnum)
 
         if (!SvPOK(nonce)) croak("FATAL: nonce must be string/buffer scalar");
         iv = (unsigned char *) SvPVbyte(nonce, iv_len);
-        rv = chacha20poly1305_setiv_rfc7905(&self->state, iv, (unsigned long)iv_len, (ulong64)seqnum);
+        rv = chacha20poly1305_setiv_rfc7905(self, iv, (unsigned long)iv_len, (ulong64)seqnum);
         if (rv != CRYPT_OK) croak("FATAL: chacha20poly1305_setiv_rfc7905 failed: %s", error_to_string(rv));
-        RETVAL = rv;
+        XPUSHs(ST(0)); /* return self */
     }
-    OUTPUT:
-        RETVAL
 
-int
+void
 adata_add(Crypt::AuthEnc::ChaCha20Poly1305 self, SV * data)
-    CODE:
+    PPCODE:
     {
         int rv;
         STRLEN in_data_len;
         unsigned char *in_data;
 
         in_data = (unsigned char *)SvPVbyte(data, in_data_len);
-        rv = chacha20poly1305_add_aad(&self->state, in_data, (unsigned long)in_data_len);
+        rv = chacha20poly1305_add_aad(self, in_data, (unsigned long)in_data_len);
         if (rv != CRYPT_OK) croak("FATAL: chacha20poly1305_add_aad failed: %s", error_to_string(rv));
-        RETVAL = rv;
+        XPUSHs(ST(0)); /* return self */
     }
-    OUTPUT:
-        RETVAL
 
 SV *
 decrypt_add(Crypt::AuthEnc::ChaCha20Poly1305 self, SV * data)
@@ -102,16 +104,19 @@ decrypt_add(Crypt::AuthEnc::ChaCha20Poly1305 self, SV * data)
         unsigned char *in_data, *out_data;
 
         in_data = (unsigned char *)SvPVbyte(data, in_data_len);
-        if (in_data_len==0) {
+        if (in_data_len == 0) {
           RETVAL = newSVpvn("", 0);
         }
         else {
-          RETVAL = NEWSV(0, in_data_len);
+          RETVAL = NEWSV(0, in_data_len); /* avoid zero! */
           SvPOK_only(RETVAL);
           SvCUR_set(RETVAL, in_data_len);
-          out_data = (unsigned char *)SvPV_nolen(RETVAL);
+          out_data = (unsigned char *)SvPVX(RETVAL);
-          rv = chacha20poly1305_decrypt(&self->state, in_data, (unsigned long)in_data_len, out_data);
+          rv = chacha20poly1305_decrypt(self, in_data, (unsigned long)in_data_len, out_data);
-          if (rv != CRYPT_OK) croak("FATAL: chacha20poly1305_decrypt failed: %s", error_to_string(rv));
+          if (rv != CRYPT_OK) {
+            SvREFCNT_dec(RETVAL);
+            croak("FATAL: chacha20poly1305_decrypt failed: %s", error_to_string(rv));
+          }
         }
     }
     OUTPUT:
@@ -126,16 +131,19 @@ encrypt_add(Crypt::AuthEnc::ChaCha20Poly1305 self, SV * data)
         unsigned char *in_data, *out_data;
 
         in_data = (unsigned char *)SvPVbyte(data, in_data_len);
-        if (in_data_len==0) {
+        if (in_data_len == 0) {
           RETVAL = newSVpvn("", 0);
         }
         else {
-          RETVAL = NEWSV(0, in_data_len);
+          RETVAL = NEWSV(0, in_data_len); /* avoid zero! */
           SvPOK_only(RETVAL);
           SvCUR_set(RETVAL, in_data_len);
-          out_data = (unsigned char *)SvPV_nolen(RETVAL);
+          out_data = (unsigned char *)SvPVX(RETVAL);
-          rv = chacha20poly1305_encrypt(&self->state, in_data, (unsigned long)in_data_len, out_data);
+          rv = chacha20poly1305_encrypt(self, in_data, (unsigned long)in_data_len, out_data);
-          if (rv != CRYPT_OK) croak("FATAL: chacha20poly1305_encrypt failed: %s", error_to_string(rv));
+          if (rv != CRYPT_OK) {
+            SvREFCNT_dec(RETVAL);
+            croak("FATAL: chacha20poly1305_encrypt failed: %s", error_to_string(rv));
+          }
         }
     }
     OUTPUT:
@@ -149,7 +157,7 @@ encrypt_done(Crypt::AuthEnc::ChaCha20Poly1305 self)
         unsigned char tag[MAXBLOCKSIZE];
         unsigned long tag_len = sizeof(tag);
 
-        rv = chacha20poly1305_done(&self->state, tag, &tag_len);
+        rv = chacha20poly1305_done(self, tag, &tag_len);
         if (rv != CRYPT_OK) croak("FATAL: chacha20poly1305_done failed: %s", error_to_string(rv));
         XPUSHs(sv_2mortal(newSVpvn((char*)tag, tag_len)));
     }
@@ -164,13 +172,13 @@ decrypt_done(Crypt::AuthEnc::ChaCha20Poly1305 self, ...)
         STRLEN expected_tag_len;
         unsigned char *expected_tag;
 
-        rv = chacha20poly1305_done(&self->state, tag, &tag_len);
+        rv = chacha20poly1305_done(self, tag, &tag_len);
         if (rv != CRYPT_OK) croak("FATAL: chacha20poly1305_done failed: %s", error_to_string(rv));
         if (items == 1) {
           XPUSHs(sv_2mortal(newSVpvn((char*)tag, tag_len)));
         }
         else {
-          if(!SvPOK(ST(1))) croak("FATAL: expected_tag must be string/buffer scalar");
+          if (!SvPOK(ST(1))) croak("FATAL: expected_tag must be string/buffer scalar");
           expected_tag = (unsigned char *) SvPVbyte(ST(1), expected_tag_len);
           if (expected_tag_len!=tag_len) {
             XPUSHs(sv_2mortal(newSViv(0))); /* false */
@@ -183,3 +191,71 @@ decrypt_done(Crypt::AuthEnc::ChaCha20Poly1305 self, ...)
           }
         }
     }
+
+void
+chacha20poly1305_encrypt_authenticate(SV *key, SV *nonce, SV *header, SV *plaintext)
+    PPCODE:
+    {
+        STRLEN k_len = 0, n_len = 0, h_len = 0, pt_len = 0;
+        unsigned char *k = NULL, *n = NULL, *h = NULL, *pt = NULL;
+        int rv;
+        unsigned char tag[MAXBLOCKSIZE];
+        unsigned long tag_len = sizeof(tag);
+        SV *output;
+
+        if (SvPOK(key))       k  = (unsigned char *) SvPVbyte(key, k_len);
+        if (SvPOK(nonce))     n  = (unsigned char *) SvPVbyte(nonce, n_len);
+        if (SvPOK(plaintext)) pt = (unsigned char *) SvPVbyte(plaintext, pt_len);
+        if (SvPOK(header))    h  = (unsigned char *) SvPVbyte(header, h_len);
+
+        output = NEWSV(0, pt_len > 0 ? pt_len : 1); /* avoid zero! */
+        SvPOK_only(output);
+        SvCUR_set(output, pt_len);
+
+        rv = chacha20poly1305_memory(k, (unsigned long)k_len, n, (unsigned long)n_len, h, (unsigned long)h_len,
+                                     pt, (unsigned long)pt_len, (unsigned char *)SvPVX(output), tag, &tag_len,
+                                     CHACHA20POLY1305_ENCRYPT);
+
+        if (rv != CRYPT_OK) {
+          SvREFCNT_dec(output);
+          croak("FATAL: ccm_memory failed: %s", error_to_string(rv));
+        }
+        XPUSHs(sv_2mortal(output));
+        XPUSHs(sv_2mortal(newSVpvn((char*)tag, tag_len)));
+    }
+
+void
+chacha20poly1305_decrypt_verify(SV *key, SV *nonce, SV *header, SV *ciphertext, SV *tagsv)
+    PPCODE:
+    {
+        STRLEN k_len = 0, n_len = 0, h_len = 0, ct_len = 0, t_len = 0;
+        unsigned char *k = NULL, *n = NULL, *h = NULL, *ct = NULL, *t = NULL;
+        int rv;
+        unsigned char tag[MAXBLOCKSIZE];
+        unsigned long tag_len;
+        SV *output;
+
+        if (SvPOK(key))        k  = (unsigned char *) SvPVbyte(key, k_len);
+        if (SvPOK(nonce))      n  = (unsigned char *) SvPVbyte(nonce, n_len);
+        if (SvPOK(ciphertext)) ct = (unsigned char *) SvPVbyte(ciphertext, ct_len);
+        if (SvPOK(tagsv))      t  = (unsigned char *) SvPVbyte(tagsv, t_len);
+        if (SvPOK(header))     h  = (unsigned char *) SvPVbyte(header, h_len);
+
+        output = NEWSV(0, ct_len > 0 ? ct_len : 1); /* avoid zero! */
+        SvPOK_only(output);
+        SvCUR_set(output, ct_len);
+        tag_len = (unsigned long)t_len;
+        Copy(t, tag, t_len, unsigned char);
+
+        rv = chacha20poly1305_memory(k, (unsigned long)k_len, n, (unsigned long)n_len, h, (unsigned long)h_len,
+                                     ct, (unsigned long)ct_len, (unsigned char *)SvPVX(output), tag, &tag_len,
+                                     CHACHA20POLY1305_DECRYPT);
+
+        if (rv != CRYPT_OK) {
+          SvREFCNT_dec(output);
+          XPUSHs(sv_2mortal(newSVpvn(NULL,0))); /* undef */
+        }
+        else {
+          XPUSHs(sv_2mortal(output));
+        }
+    }

inc/CryptX_AuthEnc_EAX.xs.inc

@@ -1,7 +1,9 @@
 MODULE = CryptX         PACKAGE = Crypt::AuthEnc::EAX
 
+PROTOTYPES: DISABLE
+
 Crypt::AuthEnc::EAX
-_new(char * cipher_name, SV * key, SV * nonce, SV * adata=&PL_sv_undef)
+new(Class, char * cipher_name, SV * key, SV * nonce, SV * adata=&PL_sv_undef)
     CODE:
     {
         STRLEN k_len=0;
@@ -10,25 +12,27 @@ _new(char * cipher_name, SV * key, SV * nonce, SV * adata=&PL_sv_undef)
         STRLEN n_len=0;
         unsigned char *h=NULL;
         STRLEN h_len=0;
-        int id;
+        int rv, id;
 
         if (!SvPOK(key))   croak("FATAL: key must be string/buffer scalar");
         k = (unsigned char *) SvPVbyte(key, k_len);
         if (!SvPOK(nonce)) croak("FATAL: nonce must be string/buffer scalar");
         n = (unsigned char *) SvPVbyte(nonce, n_len);
-        if(SvOK(adata)) { /* adata is optional param */
+        if (SvOK(adata)) { /* adata is optional param */
-          if(!SvPOK(adata)) croak("FATAL: adata must be string/buffer scalar");
+          if (!SvPOK(adata)) croak("FATAL: adata must be string/buffer scalar");
           h = (unsigned char *) SvPVbyte(adata, h_len);
         }
 
-        id = find_cipher(cipher_name);
+        id = _find_cipher(cipher_name);
-        if(id==-1) croak("FATAL: find_cipfer failed for '%s'", cipher_name);
+        if (id == -1) croak("FATAL: find_cipfer failed for '%s'", cipher_name);
 
-        Newz(0, RETVAL, 1, struct eax_struct);
+        Newz(0, RETVAL, 1, eax_state);
         if (!RETVAL) croak("FATAL: Newz failed");
 
-        if (eax_init(&RETVAL->state, id, k, (unsigned long)k_len, n, (unsigned long)n_len, h, (unsigned long)h_len) != CRYPT_OK) {
+        rv = eax_init(RETVAL, id, k, (unsigned long)k_len, n, (unsigned long)n_len, h, (unsigned long)h_len);
-          croak("FATAL: eax setup failed");
+        if (rv != CRYPT_OK) {
+          Safefree(RETVAL);
+          croak("FATAL: eax setup failed: %s", error_to_string(rv));
         }
     }
     OUTPUT:
@@ -42,9 +46,9 @@ DESTROY(Crypt::AuthEnc::EAX self)
 Crypt::AuthEnc::EAX
 clone(Crypt::AuthEnc::EAX self)
     CODE:
-        Newz(0, RETVAL, 1, struct eax_struct);
+        Newz(0, RETVAL, 1, eax_state);
         if (!RETVAL) croak("FATAL: Newz failed");
-        Copy(&self->state, &RETVAL->state, 1, struct eax_struct);
+        Copy(self, RETVAL, 1, eax_state);
     OUTPUT:
         RETVAL
 
@@ -57,16 +61,19 @@ encrypt_add(Crypt::AuthEnc::EAX self, SV * data)
         unsigned char *in_data, *out_data;
 
         in_data = (unsigned char *)SvPVbyte(data, in_data_len);
-        if (in_data_len==0) {
+        if (in_data_len == 0) {
           RETVAL = newSVpvn("", 0);
         }
         else {
-          RETVAL = NEWSV(0, in_data_len);
+          RETVAL = NEWSV(0, in_data_len); /* avoid zero! */
           SvPOK_only(RETVAL);
           SvCUR_set(RETVAL, in_data_len);
-          out_data = (unsigned char *)SvPV_nolen(RETVAL);
+          out_data = (unsigned char *)SvPVX(RETVAL);
-          rv = eax_encrypt(&self->state, in_data, out_data, (unsigned long)in_data_len);
+          rv = eax_encrypt(self, in_data, out_data, (unsigned long)in_data_len);
-          if (rv != CRYPT_OK) croak("FATAL: eax_encrypt failed: %s", error_to_string(rv));
+          if (rv != CRYPT_OK) {
+            SvREFCNT_dec(RETVAL);
+            croak("FATAL: eax_encrypt failed: %s", error_to_string(rv));
+          }
         }
     }
     OUTPUT:
@@ -81,16 +88,19 @@ decrypt_add(Crypt::AuthEnc::EAX self, SV * data)
         unsigned char *in_data, *out_data;
 
         in_data = (unsigned char *)SvPVbyte(data, in_data_len);
-        if (in_data_len==0) {
+        if (in_data_len == 0) {
           RETVAL = newSVpvn("", 0);
         }
         else {
-          RETVAL = NEWSV(0, in_data_len);
+          RETVAL = NEWSV(0, in_data_len); /* avoid zero! */
           SvPOK_only(RETVAL);
           SvCUR_set(RETVAL, in_data_len);
-          out_data = (unsigned char *)SvPV_nolen(RETVAL);
+          out_data = (unsigned char *)SvPVX(RETVAL);
-          rv = eax_decrypt(&self->state, in_data, out_data, (unsigned long)in_data_len);
+          rv = eax_decrypt(self, in_data, out_data, (unsigned long)in_data_len);
-          if (rv != CRYPT_OK) croak("FATAL: eax_decrypt failed: %s", error_to_string(rv));
+          if (rv != CRYPT_OK) {
+            SvREFCNT_dec(RETVAL);
+            croak("FATAL: eax_decrypt failed: %s", error_to_string(rv));
+          }
         }
     }
     OUTPUT:
@@ -104,7 +114,7 @@ encrypt_done(Crypt::AuthEnc::EAX self)
         unsigned char tag[MAXBLOCKSIZE];
         unsigned long tag_len = sizeof(tag);
 
-        rv = eax_done(&self->state, tag, &tag_len);
+        rv = eax_done(self, tag, &tag_len);
         if (rv != CRYPT_OK) croak("FATAL: eax_done failed: %s", error_to_string(rv));
         XPUSHs(sv_2mortal(newSVpvn((char*)tag, tag_len)));
     }
@@ -119,13 +129,13 @@ decrypt_done(Crypt::AuthEnc::EAX self, ...)
         STRLEN expected_tag_len;
         unsigned char *expected_tag;
 
-        rv = eax_done(&self->state, tag, &tag_len);
+        rv = eax_done(self, tag, &tag_len);
         if (rv != CRYPT_OK) croak("FATAL: eax_done failed: %s", error_to_string(rv));
         if (items == 1) {
           XPUSHs(sv_2mortal(newSVpvn((char*)tag, tag_len)));
         }
         else {
-          if(!SvPOK(ST(1))) croak("FATAL: expected_tag must be string/buffer scalar");
+          if (!SvPOK(ST(1))) croak("FATAL: expected_tag must be string/buffer scalar");
           expected_tag = (unsigned char *) SvPVbyte(ST(1), expected_tag_len);
           if (expected_tag_len!=tag_len) {
             XPUSHs(sv_2mortal(newSViv(0))); /* false */
@@ -139,14 +149,86 @@ decrypt_done(Crypt::AuthEnc::EAX self, ...)
         }
     }
 
-int
+void
-aad_add(Crypt::AuthEnc::EAX self, SV * adata)
+adata_add(Crypt::AuthEnc::EAX self, SV * adata)
-    CODE:
+    PPCODE:
     {
         STRLEN h_len;
+        int rv;
         unsigned char *h;
         h = (unsigned char *)SvPVbyte(adata, h_len);
-        RETVAL = eax_addheader(&self->state, h, (unsigned long)h_len);
+        rv = eax_addheader(self, h, (unsigned long)h_len);
+        if (rv != CRYPT_OK) croak("FATAL: eax_addheader failed: %s", error_to_string(rv));
+        XPUSHs(ST(0)); /* return self */
+    }
+
+void
+eax_encrypt_authenticate(char *cipher_name, SV *key, SV *nonce, SV *header, SV *plaintext)
+    PPCODE:
+    {
+        STRLEN k_len = 0, n_len = 0, h_len = 0, pt_len = 0;
+        unsigned char *k = NULL, *n = NULL, *h = NULL, *pt = NULL;
+        int rv, id;
+        unsigned char tag[MAXBLOCKSIZE];
+        unsigned long tag_len = sizeof(tag);
+        SV *output;
+
+        if (SvPOK(key))       k  = (unsigned char *) SvPVbyte(key, k_len);
+        if (SvPOK(nonce))     n  = (unsigned char *) SvPVbyte(nonce, n_len);
+        if (SvPOK(plaintext)) pt = (unsigned char *) SvPVbyte(plaintext, pt_len);
+        if (SvPOK(header))    h  = (unsigned char *) SvPVbyte(header, h_len);
+
+        id = _find_cipher(cipher_name);
+        if(id==-1) croak("FATAL: find_cipfer failed for '%s'", cipher_name);
+        output = NEWSV(0, pt_len > 0 ? pt_len : 1); /* avoid zero! */
+        SvPOK_only(output);
+        SvCUR_set(output, pt_len);
+
+        rv = eax_encrypt_authenticate_memory(id, k, (unsigned long)k_len, n, (unsigned long)n_len,
+                                             h, (unsigned long)h_len, pt, (unsigned long)pt_len,
+                                             (unsigned char *)SvPVX(output), tag, &tag_len);
+
+        if (rv != CRYPT_OK) {
+          SvREFCNT_dec(output);
+          croak("FATAL: ccm_memory failed: %s", error_to_string(rv));
+        }
+        XPUSHs(sv_2mortal(output));
+        XPUSHs(sv_2mortal(newSVpvn((char*)tag, tag_len)));
+    }
+
+void
+eax_decrypt_verify(char *cipher_name, SV *key, SV *nonce, SV *header, SV *ciphertext, SV *tagsv)
+    PPCODE:
+    {
+        STRLEN k_len = 0, n_len = 0, h_len = 0, ct_len = 0, t_len = 0;
+        unsigned char *k = NULL, *n = NULL, *h = NULL, *ct = NULL, *t = NULL;
+        int rv, id, stat = 0;
+        unsigned char tag[MAXBLOCKSIZE];
+        unsigned long tag_len;
+        SV *output;
+
+        if (SvPOK(key))        k  = (unsigned char *) SvPVbyte(key, k_len);
+        if (SvPOK(nonce))      n  = (unsigned char *) SvPVbyte(nonce, n_len);
+        if (SvPOK(ciphertext)) ct = (unsigned char *) SvPVbyte(ciphertext, ct_len);
+        if (SvPOK(tagsv))      t  = (unsigned char *) SvPVbyte(tagsv, t_len);
+        if (SvPOK(header))     h  = (unsigned char *) SvPVbyte(header, h_len);
+
+        id = _find_cipher(cipher_name);
+        if(id==-1) croak("FATAL: find_cipfer failed for '%s'", cipher_name);
+        output = NEWSV(0, ct_len > 0 ? ct_len : 1); /* avoid zero! */
+        SvPOK_only(output);
+        SvCUR_set(output, ct_len);
+        tag_len = (unsigned long)t_len;
+        Copy(t, tag, t_len, unsigned char);
+
+        rv = eax_decrypt_verify_memory(id, k, (unsigned long)k_len, n, (unsigned long)n_len, h, (unsigned long)h_len,
+                                       ct, (unsigned long)ct_len, (unsigned char *)SvPVX(output), tag, tag_len, &stat);
+
+        if (rv != CRYPT_OK || stat != 1) {
+          SvREFCNT_dec(output);
+          XPUSHs(sv_2mortal(newSVpvn(NULL,0))); /* undef */
+        }
+        else {
+          XPUSHs(sv_2mortal(output));
+        }
     }
-    OUTPUT:
-        RETVAL

inc/CryptX_AuthEnc_GCM.xs.inc

@@ -1,7 +1,9 @@
 MODULE = CryptX       PACKAGE = Crypt::AuthEnc::GCM
 
+PROTOTYPES: DISABLE
+
 Crypt::AuthEnc::GCM
-_new(char * cipher_name, SV * key, SV * nonce = NULL)
+new(Class, char * cipher_name, SV * key, SV * nonce = NULL)
     CODE:
     {
         STRLEN k_len = 0, iv_len = 0;
@@ -15,18 +17,24 @@ _new(char * cipher_name, SV * key, SV * nonce = NULL)
           iv = (unsigned char *)SvPVbyte(nonce, iv_len);
         }
 
-        id = find_cipher(cipher_name);
+        id = _find_cipher(cipher_name);
         if (id == -1) croak("FATAL: find_cipfer failed for '%s'", cipher_name);
 
-        Newz(0, RETVAL, 1, struct gcm_struct);
+        Newz(0, RETVAL, 1, gcm_state);
         if (!RETVAL) croak("FATAL: Newz failed");
 
-        rv = gcm_init(&RETVAL->state, id, k, (unsigned long)k_len);
+        rv = gcm_init(RETVAL, id, k, (unsigned long)k_len);
-        if (rv != CRYPT_OK) croak("FATAL: gcm_init failed: %s", error_to_string(rv));
+        if (rv != CRYPT_OK) {
+          Safefree(RETVAL);
+          croak("FATAL: gcm_init failed: %s", error_to_string(rv));
+        }
 
         if (iv && iv_len > 0) {
-          rv = gcm_add_iv(&RETVAL->state, iv, (unsigned long)iv_len);
+          rv = gcm_add_iv(RETVAL, iv, (unsigned long)iv_len);
-          if (rv != CRYPT_OK) croak("FATAL: gcm_add_iv failed: %s", error_to_string(rv));
+          if (rv != CRYPT_OK) {
+            Safefree(RETVAL);
+            croak("FATAL: gcm_add_iv failed: %s", error_to_string(rv));
+          }
         }
     }
     OUTPUT:
@@ -40,23 +48,21 @@ DESTROY(Crypt::AuthEnc::GCM self)
 Crypt::AuthEnc::GCM
 clone(Crypt::AuthEnc::GCM self)
     CODE:
-        Newz(0, RETVAL, 1, struct gcm_struct);
+        Newz(0, RETVAL, 1, gcm_state);
         if (!RETVAL) croak("FATAL: Newz failed");
-        Copy(&self->state, &RETVAL->state, 1, struct gcm_struct);
+        Copy(self, RETVAL, 1, gcm_state);
     OUTPUT:
         RETVAL
 
-int
+void
 reset(Crypt::AuthEnc::GCM self)
-    CODE:
+    PPCODE:
     {
         int rv;
-        rv = gcm_reset(&self->state);
+        rv = gcm_reset(self);
         if (rv != CRYPT_OK) croak("FATAL: gcm_reset failed: %s", error_to_string(rv));
-        RETVAL = rv;
+        XPUSHs(ST(0)); /* return self */
     }
-    OUTPUT:
-        RETVAL
 
 SV *
 encrypt_add(Crypt::AuthEnc::GCM self, SV * data)
@@ -67,53 +73,52 @@ encrypt_add(Crypt::AuthEnc::GCM self, SV * data)
         unsigned char *in_data, *out_data;
 
         in_data = (unsigned char *)SvPVbyte(data, in_data_len);
-        if (in_data_len==0) {
+        if (in_data_len == 0) {
           RETVAL = newSVpvn("", 0);
         }
         else
         {
-          RETVAL = NEWSV(0, in_data_len);
+          RETVAL = NEWSV(0, in_data_len); /* avoid zero! */
           SvPOK_only(RETVAL);
           SvCUR_set(RETVAL, in_data_len);
-          out_data = (unsigned char *)SvPV_nolen(RETVAL);
+          out_data = (unsigned char *)SvPVX(RETVAL);
-          rv = gcm_process(&self->state, in_data, (unsigned long)in_data_len, out_data, GCM_ENCRYPT);
+          rv = gcm_process(self, in_data, (unsigned long)in_data_len, out_data, GCM_ENCRYPT);
-          if (rv != CRYPT_OK) croak("FATAL: encrypt_add/gcm_process failed: %s", error_to_string(rv));
+          if (rv != CRYPT_OK) {
+            SvREFCNT_dec(RETVAL);
+            croak("FATAL: encrypt_add/gcm_process failed: %s", error_to_string(rv));
+          }
         }
     }
     OUTPUT:
         RETVAL
 
-int
+void
 iv_add(Crypt::AuthEnc::GCM self, SV * data)
-    CODE:
+    PPCODE:
     {
         int rv;
         STRLEN in_data_len;
         unsigned char *in_data;
 
         in_data = (unsigned char *)SvPVbyte(data, in_data_len);
-        rv = gcm_add_iv(&self->state, in_data, (unsigned long)in_data_len);
+        rv = gcm_add_iv(self, in_data, (unsigned long)in_data_len);
         if (rv != CRYPT_OK) croak("FATAL: gcm_add_iv failed: %s", error_to_string(rv));
-        RETVAL = rv;
+        XPUSHs(ST(0)); /* return self */
     }
-    OUTPUT:
-        RETVAL
 
-int
+void
 adata_add(Crypt::AuthEnc::GCM self, SV * data)
-    CODE:
+    PPCODE:
     {
         int rv;
         STRLEN in_data_len;
         unsigned char *in_data;
 
         in_data = (unsigned char *)SvPVbyte(data, in_data_len);
-        rv = gcm_add_aad(&self->state, in_data, (unsigned long)in_data_len);
+        rv = gcm_add_aad(self, in_data, (unsigned long)in_data_len);
         if (rv != CRYPT_OK) croak("FATAL: gcm_add_aad failed: %s", error_to_string(rv));
-        RETVAL = rv;
+        XPUSHs(ST(0)); /* return self */
     }
-    OUTPUT:
-        RETVAL
 
 SV *
 decrypt_add(Crypt::AuthEnc::GCM self, SV * data)
@@ -124,16 +129,19 @@ decrypt_add(Crypt::AuthEnc::GCM self, SV * data)
         unsigned char *in_data, *out_data;
 
         in_data = (unsigned char *)SvPVbyte(data, in_data_len);
-        if (in_data_len==0) {
+        if (in_data_len == 0) {
           RETVAL = newSVpvn("", 0);
         }
         else {
-          RETVAL = NEWSV(0, in_data_len);
+          RETVAL = NEWSV(0, in_data_len); /* avoid zero! */
           SvPOK_only(RETVAL);
           SvCUR_set(RETVAL, in_data_len);
-          out_data = (unsigned char *)SvPV_nolen(RETVAL);
+          out_data = (unsigned char *)SvPVX(RETVAL);
-          rv = gcm_process(&self->state, out_data, (unsigned long)in_data_len, in_data, GCM_DECRYPT);
+          rv = gcm_process(self, out_data, (unsigned long)in_data_len, in_data, GCM_DECRYPT);
-          if (rv != CRYPT_OK) croak("FATAL: encrypt_add/gcm_process failed: %s", error_to_string(rv));
+          if (rv != CRYPT_OK) {
+            SvREFCNT_dec(RETVAL);
+            croak("FATAL: encrypt_add/gcm_process failed: %s", error_to_string(rv));
+          }
         }
     }
     OUTPUT:
@@ -148,7 +156,7 @@ encrypt_done(Crypt::AuthEnc::GCM self)
         unsigned char tag[MAXBLOCKSIZE];
         unsigned long tag_len = sizeof(tag);
 
-        rv = gcm_done(&self->state, tag, &tag_len);
+        rv = gcm_done(self, tag, &tag_len);
         if (rv != CRYPT_OK) croak("FATAL: gcm_done failed: %s", error_to_string(rv));
         XPUSHs(sv_2mortal(newSVpvn((char*)tag, tag_len)));
     }
@@ -163,13 +171,13 @@ decrypt_done(Crypt::AuthEnc::GCM self, ...)
         STRLEN expected_tag_len;
         unsigned char *expected_tag;
 
-        rv = gcm_done(&self->state, tag, &tag_len);
+        rv = gcm_done(self, tag, &tag_len);
         if (rv != CRYPT_OK) croak("FATAL: gcm_done failed: %s", error_to_string(rv));
         if (items == 1) {
           XPUSHs(sv_2mortal(newSVpvn((char*)tag, tag_len)));
         }
         else {
-          if(!SvPOK(ST(1))) croak("FATAL: expected_tag must be string/buffer scalar");
+          if (!SvPOK(ST(1))) croak("FATAL: expected_tag must be string/buffer scalar");
           expected_tag = (unsigned char *) SvPVbyte(ST(1), expected_tag_len);
           if (expected_tag_len!=tag_len) {
             XPUSHs(sv_2mortal(newSViv(0))); /* false */
@@ -182,3 +190,73 @@ decrypt_done(Crypt::AuthEnc::GCM self, ...)
           }
         }
     }
+
+void
+gcm_encrypt_authenticate(char *cipher_name, SV *key, SV *nonce, SV *header = NULL, SV *plaintext)
+    PPCODE:
+    {
+        STRLEN k_len = 0, n_len = 0, h_len = 0, pt_len = 0;
+        unsigned char *k = NULL, *n = NULL, *h = NULL, *pt = NULL;
+        int rv, id;
+        unsigned char tag[MAXBLOCKSIZE];
+        unsigned long tag_len = sizeof(tag);
+        SV *output;
+
+        if (SvPOK(key))       k  = (unsigned char *) SvPVbyte(key, k_len);
+        if (SvPOK(nonce))     n  = (unsigned char *) SvPVbyte(nonce, n_len);
+        if (SvPOK(plaintext)) pt = (unsigned char *) SvPVbyte(plaintext, pt_len);
+        if (SvPOK(header))    h  = (unsigned char *) SvPVbyte(header, h_len);
+
+        id = _find_cipher(cipher_name);
+        if(id==-1) croak("FATAL: find_cipfer failed for '%s'", cipher_name);
+        output = NEWSV(0, pt_len > 0 ? pt_len : 1); /* avoid zero! */
+        SvPOK_only(output);
+        SvCUR_set(output, pt_len);
+
+        rv = gcm_memory(id, k, (unsigned long)k_len, n, (unsigned long)n_len, h, (unsigned long)h_len,
+                        pt, (unsigned long)pt_len, (unsigned char *)SvPVX(output), tag, &tag_len, GCM_ENCRYPT);
+
+        if (rv != CRYPT_OK) {
+          SvREFCNT_dec(output);
+          croak("FATAL: ccm_memory failed: %s", error_to_string(rv));
+        }
+        XPUSHs(sv_2mortal(output));
+        XPUSHs(sv_2mortal(newSVpvn((char*)tag, tag_len)));
+    }
+
+void
+gcm_decrypt_verify(char *cipher_name, SV *key, SV *nonce, SV *header, SV *ciphertext, SV *tagsv)
+    PPCODE:
+    {
+        STRLEN k_len = 0, n_len = 0, h_len = 0, ct_len = 0, t_len = 0;
+        unsigned char *k = NULL, *n = NULL, *h = NULL, *ct = NULL, *t = NULL;
+        int rv, id;
+        unsigned char tag[MAXBLOCKSIZE];
+        unsigned long tag_len;
+        SV *output;
+
+        if (SvPOK(key))        k  = (unsigned char *) SvPVbyte(key, k_len);
+        if (SvPOK(nonce))      n  = (unsigned char *) SvPVbyte(nonce, n_len);
+        if (SvPOK(ciphertext)) ct = (unsigned char *) SvPVbyte(ciphertext, ct_len);
+        if (SvPOK(tagsv))      t  = (unsigned char *) SvPVbyte(tagsv, t_len);
+        if (SvPOK(header))     h  = (unsigned char *) SvPVbyte(header, h_len);
+
+        id = _find_cipher(cipher_name);
+        if(id==-1) croak("FATAL: find_cipfer failed for '%s'", cipher_name);
+        output = NEWSV(0, ct_len > 0 ? ct_len : 1); /* avoid zero! */
+        SvPOK_only(output);
+        SvCUR_set(output, ct_len);
+        tag_len = (unsigned long)t_len;
+        Copy(t, tag, t_len, unsigned char);
+
+        rv = gcm_memory(id, k, (unsigned long)k_len, n, (unsigned long)n_len, h, (unsigned long)h_len,
+                        (unsigned char *)SvPVX(output), (unsigned long)ct_len, ct, tag, &tag_len, GCM_DECRYPT);
+
+        if (rv != CRYPT_OK) {
+          SvREFCNT_dec(output);
+          XPUSHs(sv_2mortal(newSVpvn(NULL,0))); /* undef */
+        }
+        else {
+          XPUSHs(sv_2mortal(output));
+        }
+    }

inc/CryptX_AuthEnc_OCB.xs.inc

@@ -1,28 +1,32 @@
 MODULE = CryptX       PACKAGE = Crypt::AuthEnc::OCB
 
+PROTOTYPES: DISABLE
+
 Crypt::AuthEnc::OCB
-_new(char * cipher_name, SV * key, SV * nonce)
+new(Class, char * cipher_name, SV * key, SV * nonce, unsigned long taglen)
     CODE:
     {
         STRLEN k_len=0;
         unsigned char *k=NULL;
         unsigned char *n=NULL;
         STRLEN n_len=0;
-        int id;
+        int rv, id;
 
         if (!SvPOK(key))   croak("FATAL: key must be string/buffer scalar");
         k = (unsigned char *) SvPVbyte(key, k_len);
         if (!SvPOK(nonce)) croak("FATAL: nonce must be string/buffer scalar");
         n = (unsigned char *) SvPVbyte(nonce, n_len);
 
-        id = find_cipher(cipher_name);
+        id = _find_cipher(cipher_name);
-        if(id==-1) croak("FATAL: find_cipfer failed for '%s'", cipher_name);
+        if (id == -1) croak("FATAL: find_cipfer failed for '%s'", cipher_name);
 
-        Newz(0, RETVAL, 1, struct ocb_struct);
+        Newz(0, RETVAL, 1, ocb3_state);
         if (!RETVAL) croak("FATAL: Newz failed");
 
-        if (ocb3_init(&RETVAL->state, id, k, (unsigned long)k_len, n, (unsigned long)n_len) != CRYPT_OK) {
+        rv = ocb3_init(RETVAL, id, k, (unsigned long)k_len, n, (unsigned long)n_len, taglen);
-          croak("FATAL: ocb setup failed");
+        if (rv != CRYPT_OK) {
+          Safefree(RETVAL);
+          croak("FATAL: ocb setup failed: %s", error_to_string(rv));
         }
     }
     OUTPUT:
@@ -36,15 +40,15 @@ DESTROY(Crypt::AuthEnc::OCB self)
 Crypt::AuthEnc::OCB
 clone(Crypt::AuthEnc::OCB self)
     CODE:
-        Newz(0, RETVAL, 1, struct ocb_struct);
+        Newz(0, RETVAL, 1, ocb3_state);
         if (!RETVAL) croak("FATAL: Newz failed");
-        Copy(&self->state, &RETVAL->state, 1, struct ocb_struct);
+        Copy(self, RETVAL, 1, ocb3_state);
     OUTPUT:
         RETVAL
 
 void
-aad_add(Crypt::AuthEnc::OCB self, SV * data)
+adata_add(Crypt::AuthEnc::OCB self, SV * data)
-    CODE:
+    PPCODE:
     {
         int rv;
         STRLEN in_data_len;
@@ -53,9 +57,10 @@ aad_add(Crypt::AuthEnc::OCB self, SV * data)
         in_data = (unsigned char *)SvPVbyte(data, in_data_len);
 
         if (in_data_len>0) {
-          rv = ocb3_add_aad(&self->state, in_data, (unsigned long)in_data_len);
+          rv = ocb3_add_aad(self, in_data, (unsigned long)in_data_len);
           if (rv != CRYPT_OK) croak("FATAL: ocb3_add_aad failed: %s", error_to_string(rv));
         }
+        XPUSHs(ST(0)); /* return self */
     }
 
 SV *
@@ -67,20 +72,22 @@ encrypt_add(Crypt::AuthEnc::OCB self, SV * data)
         unsigned char *in_data, *out_data;
 
         in_data = (unsigned char *)SvPVbyte(data, in_data_len);
-        if (in_data_len==0) {
+        if (in_data_len == 0) {
           RETVAL = newSVpvn("", 0);
         }
         else {
-          RETVAL = NEWSV(0, in_data_len);
+          if (in_data_len % 16) {
+            croak ("FATAL: sizeof(data) should be multiple of 16");
+          }
+          RETVAL = NEWSV(0, in_data_len); /* avoid zero! */
           SvPOK_only(RETVAL);
           SvCUR_set(RETVAL, in_data_len);
-          out_data = (unsigned char *)SvPV_nolen(RETVAL);
+          out_data = (unsigned char *)SvPVX(RETVAL);
-
+          rv = ocb3_encrypt(self, in_data, (unsigned long)in_data_len, out_data);
-          if (in_data_len % (&self->state)->block_len)
+          if (rv != CRYPT_OK) {
-            croak ("FATAL: sizeof(data) should be multiple of blocksize (%d)", (&self->state)->block_len);
+            SvREFCNT_dec(RETVAL);
-
+            croak("FATAL: ocb3_encrypt failed: %s", error_to_string(rv));
-          rv = ocb3_encrypt(&self->state, in_data, (unsigned long)in_data_len, out_data);
+          }
-          if (rv != CRYPT_OK) croak("FATAL: ocb3_encrypt failed: %s", error_to_string(rv));
         }
     }
     OUTPUT:
@@ -95,18 +102,24 @@ encrypt_last(Crypt::AuthEnc::OCB self, SV * data)
         unsigned char *in_data, *out_data;
 
         in_data = (unsigned char *)SvPVbyte(data, in_data_len);
-        if (in_data_len>0) {
+        if (in_data_len == 0) {
-          RETVAL = NEWSV(0, in_data_len);
+          rv = ocb3_encrypt_last(self, in_data, 0, NULL);
-          SvPOK_only(RETVAL);
+          if (rv != CRYPT_OK) {
-          SvCUR_set(RETVAL, in_data_len);
+            croak("FATAL: ocb3_encrypt_last failed: %s", error_to_string(rv));
-          out_data = (unsigned char *)SvPV_nolen(RETVAL);
+          }
+          RETVAL = newSVpvn("", 0);
         }
         else {
-          RETVAL = newSVpvn("", 0);
+          RETVAL = NEWSV(0, in_data_len); /* avoid zero! */
-          out_data = NULL;
+          SvPOK_only(RETVAL);
+          SvCUR_set(RETVAL, in_data_len);
+          out_data = (unsigned char *)SvPVX(RETVAL);
+          rv = ocb3_encrypt_last(self, in_data, (unsigned long)in_data_len, out_data);
+          if (rv != CRYPT_OK) {
+            SvREFCNT_dec(RETVAL);
+            croak("FATAL: ocb3_encrypt_last failed: %s", error_to_string(rv));
+          }
         }
-        rv = ocb3_encrypt_last(&self->state, in_data, (unsigned long)in_data_len, out_data);
-        if (rv != CRYPT_OK) croak("FATAL: ocb3_encrypt_last failed: %s", error_to_string(rv));
     }
     OUTPUT:
         RETVAL
@@ -120,20 +133,22 @@ decrypt_add(Crypt::AuthEnc::OCB self, SV * data)
         unsigned char *in_data, *out_data;
 
         in_data = (unsigned char *)SvPVbyte(data, in_data_len);
-        if (in_data_len==0) {
+        if (in_data_len == 0) {
           RETVAL = newSVpvn("", 0);
         }
         else {
-          RETVAL = NEWSV(0, in_data_len);
+          if (in_data_len % 16) {
+            croak ("FATAL: sizeof(data) should be multiple of 16");
+          }
+          RETVAL = NEWSV(0, in_data_len); /* avoid zero! */
           SvPOK_only(RETVAL);
           SvCUR_set(RETVAL, in_data_len);
-          out_data = (unsigned char *)SvPV_nolen(RETVAL);
+          out_data = (unsigned char *)SvPVX(RETVAL);
-
+          rv = ocb3_decrypt(self, in_data, (unsigned long)in_data_len, out_data);
-          if (in_data_len % (&self->state)->block_len)
+          if (rv != CRYPT_OK) {
-            croak ("FATAL: sizeof(data) should be multiple of blocksize (%d)", (&self->state)->block_len);
+            SvREFCNT_dec(RETVAL);
-
+            croak("FATAL: ocb3_decrypt failed: %s", error_to_string(rv));
-          rv = ocb3_decrypt(&self->state, in_data, (unsigned long)in_data_len, out_data);
+          }
-          if (rv != CRYPT_OK) croak("FATAL: ocb3_decrypt failed: %s", error_to_string(rv));
         }
     }
     OUTPUT:
@@ -148,18 +163,24 @@ decrypt_last(Crypt::AuthEnc::OCB self, SV * data)
         unsigned char *in_data, *out_data;
 
         in_data = (unsigned char *)SvPVbyte(data, in_data_len);
-        if (in_data_len>0) {
+        if (in_data_len == 0) {
-          RETVAL = NEWSV(0, in_data_len);
+          rv = ocb3_decrypt_last(self, in_data, 0, NULL);
-          SvPOK_only(RETVAL);
+          if (rv != CRYPT_OK) {
-          SvCUR_set(RETVAL, in_data_len);
+            croak("FATAL: ocb3_encrypt_last failed: %s", error_to_string(rv));
-          out_data = (unsigned char *)SvPV_nolen(RETVAL);
+          }
+          RETVAL = newSVpvn("", 0);
         }
         else {
-          RETVAL = newSVpvn("", 0);
+          RETVAL = NEWSV(0, in_data_len); /* avoid zero! */
-          out_data = NULL;
+          SvPOK_only(RETVAL);
+          SvCUR_set(RETVAL, in_data_len);
+          out_data = (unsigned char *)SvPVX(RETVAL);
+          rv = ocb3_decrypt_last(self, in_data, (unsigned long)in_data_len, out_data);
+          if (rv != CRYPT_OK) {
+            SvREFCNT_dec(RETVAL);
+            croak("FATAL: ocb3_encrypt_last failed: %s", error_to_string(rv));
+          }
         }
-        rv = ocb3_decrypt_last(&self->state, in_data, (unsigned long)in_data_len, out_data);
-        if (rv != CRYPT_OK) croak("FATAL: ocb3_encrypt_last failed: %s", error_to_string(rv));
     }
     OUTPUT:
         RETVAL
@@ -172,7 +193,7 @@ encrypt_done(Crypt::AuthEnc::OCB self)
         unsigned char tag[MAXBLOCKSIZE];
         unsigned long tag_len = sizeof(tag);
 
-        rv = ocb3_done(&self->state, tag, &tag_len);
+        rv = ocb3_done(self, tag, &tag_len);
         if (rv != CRYPT_OK) croak("FATAL: ocb3_done_encrypt failed: %s", error_to_string(rv));
 
         XPUSHs(sv_2mortal(newSVpvn((char*)tag, tag_len)));
@@ -188,13 +209,13 @@ decrypt_done(Crypt::AuthEnc::OCB self, ...)
         STRLEN expected_tag_len;
         unsigned char *expected_tag;
 
-        rv = ocb3_done(&self->state, tag, &tag_len);
+        rv = ocb3_done(self, tag, &tag_len);
         if (rv != CRYPT_OK) croak("FATAL: ocb3_done_decrypt failed: %s", error_to_string(rv));
         if (items == 1) {
           XPUSHs(sv_2mortal(newSVpvn((char*)tag, tag_len)));
         }
         else {
-          if(!SvPOK(ST(1))) croak("FATAL: expected_tag must be string/buffer scalar");
+          if (!SvPOK(ST(1))) croak("FATAL: expected_tag must be string/buffer scalar");
           expected_tag = (unsigned char *) SvPVbyte(ST(1), expected_tag_len);
           if (expected_tag_len!=tag_len) {
             XPUSHs(sv_2mortal(newSViv(0))); /* false */
@@ -208,11 +229,70 @@ decrypt_done(Crypt::AuthEnc::OCB self, ...)
         }
     }
 
-int
+void
-blocksize(Crypt::AuthEnc::OCB self)
+ocb_encrypt_authenticate(char *cipher_name, SV *key, SV *nonce, SV *header, unsigned long tag_len, SV *plaintext)
-    CODE:
+    PPCODE:
     {
-        RETVAL = (&self->state)->block_len;
+        STRLEN k_len = 0, n_len = 0, h_len = 0, pt_len = 0;
+        unsigned char *k = NULL, *n = NULL, *h = NULL, *pt = NULL;
+        int rv, id;
+        unsigned char tag[MAXBLOCKSIZE];
+        SV *output;
+
+        if (SvPOK(key))       k  = (unsigned char *) SvPVbyte(key, k_len);
+        if (SvPOK(nonce))     n  = (unsigned char *) SvPVbyte(nonce, n_len);
+        if (SvPOK(plaintext)) pt = (unsigned char *) SvPVbyte(plaintext, pt_len);
+        if (SvPOK(header))    h  = (unsigned char *) SvPVbyte(header, h_len);
+
+        id = _find_cipher(cipher_name);
+        if(id==-1) croak("FATAL: find_cipfer failed for '%s'", cipher_name);
+        output = NEWSV(0, pt_len > 0 ? pt_len : 1); /* avoid zero! */
+        SvPOK_only(output);
+        SvCUR_set(output, pt_len);
+        if(tag_len < 4 || tag_len > 16) tag_len = 16;
+
+        rv = ocb3_encrypt_authenticate_memory(id, k, (unsigned long)k_len, n, (unsigned long)n_len,
+                                              h, (unsigned long)h_len, pt, (unsigned long)pt_len,
+                                              (unsigned char *)SvPVX(output), tag, &tag_len);
+
+        if (rv != CRYPT_OK) {
+          SvREFCNT_dec(output);
+          croak("FATAL: ccm_memory failed: %s", error_to_string(rv));
+        }
+        XPUSHs(sv_2mortal(output));
+        XPUSHs(sv_2mortal(newSVpvn((char*)tag, tag_len)));
+    }
+
+void
+ocb_decrypt_verify(char *cipher_name, SV *key, SV *nonce, SV *header, SV *ciphertext, SV *tagsv)
+    PPCODE:
+    {
+        STRLEN k_len = 0, n_len = 0, h_len = 0, ct_len = 0, t_len = 0;
+        unsigned char *k = NULL, *n = NULL, *h = NULL, *ct = NULL, *t = NULL;
+        int rv, id, stat = 0;
+        SV *output;
+
+        if (SvPOK(key))        k  = (unsigned char *) SvPVbyte(key, k_len);
+        if (SvPOK(nonce))      n  = (unsigned char *) SvPVbyte(nonce, n_len);
+        if (SvPOK(ciphertext)) ct = (unsigned char *) SvPVbyte(ciphertext, ct_len);
+        if (SvPOK(tagsv))      t  = (unsigned char *) SvPVbyte(tagsv, t_len);
+        if (SvPOK(header))     h  = (unsigned char *) SvPVbyte(header, h_len);
+
+        id = _find_cipher(cipher_name);
+        if(id==-1) croak("FATAL: find_cipfer failed for '%s'", cipher_name);
+        output = NEWSV(0, ct_len > 0 ? ct_len : 1); /* avoid zero! */
+        SvPOK_only(output);
+        SvCUR_set(output, ct_len);
+
+        rv = ocb3_decrypt_verify_memory(id, k, (unsigned long)k_len, n, (unsigned long)n_len,
+                                        h, (unsigned long)h_len, ct, (unsigned long)ct_len,
+                                        (unsigned char *)SvPVX(output), t, (unsigned long)t_len, &stat);
+
+        if (rv != CRYPT_OK || stat != 1) {
+          SvREFCNT_dec(output);
+          XPUSHs(sv_2mortal(newSVpvn(NULL,0))); /* undef */
+        }
+        else {
+          XPUSHs(sv_2mortal(output));
+        }
     }
-    OUTPUT:
-        RETVAL

inc/CryptX_BigInt_LTM.xs.inc

@@ -1,5 +1,6 @@
 MODULE = CryptX         PACKAGE = Math::BigInt::LTM
 
+PROTOTYPES: DISABLE
 
 ##############################################################################
 # _new()

inc/CryptX_Checksum_Adler32.xs.inc

@@ -1,11 +1,15 @@
 MODULE = CryptX         PACKAGE = Crypt::Checksum::Adler32
 
+PROTOTYPES: DISABLE
+
 Crypt::Checksum::Adler32
 new(Class)
     CODE:
+    {
         Newz(0, RETVAL, 1, adler32_state);
         if (!RETVAL) croak("FATAL: Newz failed");
-        adler32_init(RETVAL);
+        adler32_init(RETVAL); /* returns void */
+    }
     OUTPUT:
         RETVAL
 
@@ -16,8 +20,11 @@ DESTROY(Crypt::Checksum::Adler32 self)
 
 void
 reset(Crypt::Checksum::Adler32 self)
-    CODE:
+    PPCODE:
-        adler32_init(self);
+    {
+        adler32_init(self); /* returns void */
+        XPUSHs(ST(0)); /* return self */
+    }
 
 Crypt::Checksum::Adler32
 clone(Crypt::Checksum::Adler32 self)
@@ -37,34 +44,76 @@ add(Crypt::Checksum::Adler32 self, ...)
         unsigned char *in;
         for(i=1; i<items; i++) {
           in = (unsigned char *)SvPVbyte(ST(i), inlen);
-          if (inlen>0) adler32_update(self, in, (unsigned long)inlen);
+          if (inlen > 0) {
+            adler32_update(self, in, (unsigned long)inlen); /* returns void */
+          }
         }
         XPUSHs(ST(0)); /* return self */
     }
 
 SV *
 digest(Crypt::Checksum::Adler32 self)
+    ALIAS:
+        hexdigest = 1
+        intdigest = 2
     CODE:
     {
-        unsigned char hash[4];
+        int rv;
-        adler32_finish(self, hash, 4);
+        unsigned char hash[4], out[8];
+        unsigned long outlen = 8;
+        unsigned int ui32;
+
+        adler32_finish(self, hash, 4); /* returns void */
+        if (ix == 1) {
+          rv = _base16_encode(hash, 4, out, &outlen);
+          if (rv != CRYPT_OK) croak("FATAL: base16_encode failed: %s", error_to_string(rv));
+          RETVAL = newSVpvn((char *)out, outlen);
+        }
+        else if (ix == 2) {
+          LOAD32H(ui32, hash);
+          RETVAL = newSVuv(ui32);
+        }
+        else {
           RETVAL = newSVpvn((char *) hash, 4);
         }
+    }
     OUTPUT:
         RETVAL
 
 SV *
-hexdigest(Crypt::Checksum::Adler32 self)
+adler32_data(...)
+    ALIAS:
+        adler32_data_hex = 1
+        adler32_data_int = 2
     CODE:
     {
-        unsigned long i;
+        adler32_state st;
-        unsigned char hash[4];
+        int rv, j;
-        char hash_hex[4*2 + 1];
+        unsigned char hash[4], out[8], *in;
-        adler32_finish(self, hash, 4);
+        unsigned long outlen = 8;
-        hash_hex[0] = '\0';
+        unsigned int ui32;
-        for(i=0; i<4; i++) sprintf(&hash_hex[2*i], "%02x", hash[i]);
+        STRLEN inlen;
-        RETVAL = newSVpvn(hash_hex, strlen(hash_hex));
+
+        adler32_init(&st);
+        for(j = 0; j < items; j++) {
+          in = (unsigned char *)SvPVbyte(ST(j), inlen);
+          if (inlen > 0) {
+            adler32_update(&st, in, (unsigned long)inlen); /* returns void */
+          }
+        }
+        adler32_finish(&st, hash, 4); /* returns void */
+        if (ix == 1) {
+          rv = _base16_encode(hash, 4, out, &outlen);
+          if (rv != CRYPT_OK) croak("FATAL: base16_encode failed: %s", error_to_string(rv));
+          RETVAL = newSVpvn((char *)out, outlen);
+        }
+        else if (ix == 2) {
+          LOAD32H(ui32, hash);
+          RETVAL = newSVuv(ui32);
+        }
+        else {
+          RETVAL = newSVpvn((char *) hash, 4);
+        }
     }
     OUTPUT:
         RETVAL
-

inc/CryptX_Checksum_CRC32.xs.inc

@@ -1,11 +1,15 @@
 MODULE = CryptX         PACKAGE = Crypt::Checksum::CRC32
 
+PROTOTYPES: DISABLE
+
 Crypt::Checksum::CRC32
 new(Class)
     CODE:
+    {
         Newz(0, RETVAL, 1, crc32_state);
         if (!RETVAL) croak("FATAL: Newz failed");
-        crc32_init(RETVAL);
+        crc32_init(RETVAL); /* returns void */
+    }
     OUTPUT:
         RETVAL
 
@@ -16,8 +20,11 @@ DESTROY(Crypt::Checksum::CRC32 self)
 
 void
 reset(Crypt::Checksum::CRC32 self)
-    CODE:
+    PPCODE:
-        crc32_init(self);
+    {
+        crc32_init(self); /* returns void */
+        XPUSHs(ST(0)); /* return self */
+    }
 
 Crypt::Checksum::CRC32
 clone(Crypt::Checksum::CRC32 self)
@@ -37,34 +44,76 @@ add(Crypt::Checksum::CRC32 self, ...)
         unsigned char *in;
         for(i=1; i<items; i++) {
           in = (unsigned char *)SvPVbyte(ST(i), inlen);
-          if (inlen>0) crc32_update(self, in, (unsigned long)inlen);
+          if (inlen > 0) {
+            crc32_update(self, in, (unsigned long)inlen); /* returns void */
+          }
         }
         XPUSHs(ST(0)); /* return self */
     }
 
 SV *
 digest(Crypt::Checksum::CRC32 self)
+    ALIAS:
+        hexdigest = 1
+        intdigest = 2
     CODE:
     {
-        unsigned char hash[4];
+        int rv;
-        crc32_finish(self, hash, 4);
+        unsigned char hash[4], out[8];
+        unsigned long outlen = 8;
+        unsigned int ui32;
+
+        crc32_finish(self, hash, 4); /* returns void */
+        if (ix == 1) {
+          rv = _base16_encode(hash, 4, out, &outlen);
+          if (rv != CRYPT_OK) croak("FATAL: base16_encode failed: %s", error_to_string(rv));
+          RETVAL = newSVpvn((char *)out, outlen);
+        }
+        else if (ix == 2) {
+          LOAD32H(ui32, hash);
+          RETVAL = newSVuv(ui32);
+        }
+        else {
           RETVAL = newSVpvn((char *) hash, 4);
         }
+    }
     OUTPUT:
         RETVAL
 
 SV *
-hexdigest(Crypt::Checksum::CRC32 self)
+crc32_data(...)
+    ALIAS:
+        crc32_data_hex = 1
+        crc32_data_int = 2
     CODE:
     {
-        unsigned long i;
+        crc32_state st;
-        unsigned char hash[4];
+        int rv, j;
-        char hash_hex[4*2 + 1];
+        unsigned char hash[4], out[8], *in;
-        crc32_finish(self, hash, 4);
+        unsigned long outlen = 8;
-        hash_hex[0] = '\0';
+        unsigned int ui32;
-        for(i=0; i<4; i++) sprintf(&hash_hex[2*i], "%02x", hash[i]);
+        STRLEN inlen;
-        RETVAL = newSVpvn(hash_hex, strlen(hash_hex));
+
+        crc32_init(&st);
+        for(j = 0; j < items; j++) {
+          in = (unsigned char *)SvPVbyte(ST(j), inlen);
+          if (inlen > 0) {
+            crc32_update(&st, in, (unsigned long)inlen); /* returns void */
+          }
+        }
+        crc32_finish(&st, hash, 4); /* returns void */
+        if (ix == 1) {
+          rv = _base16_encode(hash, 4, out, &outlen);
+          if (rv != CRYPT_OK) croak("FATAL: base16_encode failed: %s", error_to_string(rv));
+          RETVAL = newSVpvn((char *)out, outlen);
+        }
+        else if (ix == 2) {
+          LOAD32H(ui32, hash);
+          RETVAL = newSVuv(ui32);
+        }
+        else {
+          RETVAL = newSVpvn((char *) hash, 4);
+        }
     }
     OUTPUT:
         RETVAL
-

inc/CryptX_Cipher.xs.inc

@@ -1,188 +1,187 @@
 MODULE = CryptX         PACKAGE = Crypt::Cipher
 
+PROTOTYPES: DISABLE
+
 Crypt::Cipher
-_new(cipher_name, key, rounds=0)
+new(char * class, ...)
-        char * cipher_name
-        SV * key
-        int rounds
     CODE:
     {
         STRLEN key_len;
-        unsigned char *key_data=NULL;
+        unsigned char *key_data = NULL;
-        int rv;
+        SV *key;
-        int id;
+        char *cipher_name;
+        int rv, id, rounds = 0, idx;
+
+        /* we need to handle:
+           Crypt::Cipher->new('AES');
+           Crypt::Cipher::AES->new();
+         */
+        idx = strcmp("Crypt::Cipher", class) == 0 ? 1 : 0;
+        if (idx + 1 > items) croak("FATAL: missing argument");
+        cipher_name = SvPVX(ST(idx));
+        key = ST(idx + 1);
+        if (idx + 3 <= items) rounds = (int)SvIV(ST(idx + 2));
 
         if (!SvPOK (key)) croak("FATAL: key must be string scalar");
         key_data = (unsigned char *)SvPVbyte(key, key_len);
 
-        id = find_cipher(cipher_name);
+        id = _find_cipher(cipher_name);
-        if(id==-1) croak("FATAL: find_cipfer failed for '%s'", cipher_name);
+        if (id == -1) croak("FATAL: find_cipfer failed for '%s'", cipher_name);
 
         Newz(0, RETVAL, 1, struct cipher_struct);
         if (!RETVAL) croak("FATAL: Newz failed");
 
-        RETVAL->id = id;
         RETVAL->desc = &cipher_descriptor[id];
         rv = RETVAL->desc->setup(key_data, (int)key_len, rounds, &RETVAL->skey);
-        if(rv!=CRYPT_OK) croak("FATAL: cipher setup failed: %s", error_to_string(rv));
+        if (rv != CRYPT_OK) {
+          Safefree(RETVAL);
+          croak("FATAL: cipher setup failed: %s", error_to_string(rv));
+        }
     }
     OUTPUT:
         RETVAL
 
 void
-DESTROY(self)
+DESTROY(Crypt::Cipher self)
-        Crypt::Cipher self
     CODE:
         Safefree(self);
 
-int
-_max_keysize(self, ...)
-        Crypt::Cipher self
-    CODE:
-        RETVAL = self->desc->max_key_length;
-    OUTPUT:
-        RETVAL
-
-int
-_min_keysize(self, ...)
-        Crypt::Cipher self
-    CODE:
-        RETVAL = self->desc->min_key_length;
-    OUTPUT:
-        RETVAL
-
-int
-_blocksize(self, ...)
-        Crypt::Cipher self
-    CODE:
-        RETVAL = self->desc->block_length;
-    OUTPUT:
-        RETVAL
-
-int
-_default_rounds(self, ...)
-        Crypt::Cipher self
-    CODE:
-        RETVAL = self->desc->default_rounds;
-    OUTPUT:
-        RETVAL
-
 SV *
-encrypt(self, data)
+encrypt(Crypt::Cipher self, SV * data)
-        Crypt::Cipher self
-        SV * data
     CODE:
     {
         int rv;
         STRLEN len;
         void *plaintext = SvPVbyte(data, len);
 
-        if (len==0)
+        if (len == 0) {
           RETVAL = newSVpvn("", 0);
-        else if (len % self->desc->block_length)
+        }
-          croak ("FATAL: sizeof(data) should be multiple of blocksize (%d)", self->desc->block_length);
+        else if (len == (STRLEN)self->desc->block_length) {
-        else {
+          RETVAL = NEWSV(0, len); /* avoid zero! */
-          /* idea from Crypt::Rijndael */
-          RETVAL = NEWSV(0, len);
           SvPOK_only(RETVAL);
           SvCUR_set(RETVAL, len);
-          rv = self->desc->ecb_encrypt((unsigned char *)plaintext, (unsigned char *)SvPV_nolen(RETVAL), &self->skey);
+          rv = self->desc->ecb_encrypt((unsigned char *)plaintext, (unsigned char *)SvPVX(RETVAL), &self->skey);
-          if (rv!=CRYPT_OK) croak("FATAL: encrypt failed: %s", error_to_string(rv));
+          if (rv!=CRYPT_OK) {
+            SvREFCNT_dec(RETVAL);
+            croak("FATAL: encrypt failed: %s", error_to_string(rv));
+          }
+        }
+        else {
+          croak ("FATAL: input size not equal to blocksize (%d)", self->desc->block_length);
         }
     }
     OUTPUT:
         RETVAL
 
 SV *
-decrypt(self, data)
+decrypt(Crypt::Cipher self, SV * data)
-        Crypt::Cipher self
-        SV * data
     CODE:
     {
         int rv;
         STRLEN len;
         void *ciphertext = SvPVbyte(data, len);
 
-        if (len==0)
+        if (len == 0) {
           RETVAL = newSVpvn("", 0);
-        else if (len % self->desc->block_length)
+        }
-          croak ("FATAL: sizeof(data) should be multiple of blocksize (%d)", self->desc->block_length);
+        else if (len == (STRLEN)self->desc->block_length) {
-        else {
+          RETVAL = NEWSV(0, len); /* avoid zero! */
-          /* idea from Crypt::Rijndael */
-          RETVAL = NEWSV(0, len);
           SvPOK_only(RETVAL);
           SvCUR_set(RETVAL, len);
-          rv = self->desc->ecb_decrypt((unsigned char *)ciphertext, (unsigned char *)SvPV_nolen(RETVAL), &self->skey);
+          rv = self->desc->ecb_decrypt((unsigned char *)ciphertext, (unsigned char *)SvPVX(RETVAL), &self->skey);
-          if (rv!=CRYPT_OK) croak("FATAL: decrypt failed: %s", error_to_string(rv));
+          if (rv!=CRYPT_OK) {
+            SvREFCNT_dec(RETVAL);
+            croak("FATAL: decrypt failed: %s", error_to_string(rv));
+          }
+        }
+        else {
+          croak ("FATAL: input size not equal to blocksize (%d)", self->desc->block_length);
         }
     }
     OUTPUT:
         RETVAL
 
 int
-_block_length_by_name(cipher_name)
+blocksize(SV * param, char * extra = NULL)
-        char * cipher_name
     CODE:
     {
-        int rv, id;
+        if (sv_isobject(param) && sv_derived_from(param, "Crypt::Cipher")) {
-
+          IV tmp = SvIV((SV*)SvRV(param));
-        id = find_cipher(cipher_name);
+          Crypt__Cipher obj = INT2PTR(Crypt__Cipher, tmp);
-        if(id==-1) croak("FATAL: find_cipfer failed for '%s'", cipher_name);
+          RETVAL = obj->desc->block_length;
-
+        }
+        else {
+          char *name = SvPOK(param) && strcmp(SvPVX(param), "Crypt::Cipher") ? SvPVX(param) : extra;
+          int rv, id = _find_cipher(name);
+          if (id == -1) croak("FATAL: find_cipher failed for '%s'", name);
           rv = cipher_descriptor[id].block_length;
-        if (!rv) XSRETURN_UNDEF;
+          if (!rv) croak("FATAL: invalid block_length for '%s'", name);
           RETVAL = rv;
         }
+    }
     OUTPUT:
         RETVAL
 
 int
-_min_key_length_by_name(cipher_name)
+max_keysize(SV * param, char * extra = NULL)
-        char * cipher_name
     CODE:
     {
-        int rv, id;
+        if (sv_isobject(param) && sv_derived_from(param, "Crypt::Cipher")) {
-
+          IV tmp = SvIV((SV*)SvRV(param));
-        id = find_cipher(cipher_name);
+          Crypt__Cipher obj = INT2PTR(Crypt__Cipher, tmp);
-        if(id==-1) croak("FATAL: find_cipfer failed for '%s'", cipher_name);
+          RETVAL = obj->desc->max_key_length;
-
-        rv = cipher_descriptor[id].min_key_length;
-        if (!rv) XSRETURN_UNDEF;
-        RETVAL = rv;
         }
-    OUTPUT:
+        else {
-        RETVAL
+          char *name = SvPOK(param) && strcmp(SvPVX(param), "Crypt::Cipher") ? SvPVX(param) : extra;
-
+          int rv, id = _find_cipher(name);
-int
+          if (id == -1) croak("FATAL: find_cipher failed for '%s'", name);
-_max_key_length_by_name(cipher_name)
-        char * cipher_name
-    CODE:
-    {
-        int rv, id;
-
-        id = find_cipher(cipher_name);
-        if(id==-1) croak("FATAL: find_cipfer failed for '%s'", cipher_name);
-
           rv = cipher_descriptor[id].max_key_length;
-        if (!rv) XSRETURN_UNDEF;
+          if (!rv) croak("FATAL: invalid max_key_length for '%s'", name);
           RETVAL = rv;
         }
+    }
     OUTPUT:
         RETVAL
 
 int
-_default_rounds_by_name(cipher_name)
+min_keysize(SV * param, char * extra = NULL)
-        char * cipher_name
     CODE:
     {
-        int rv, id;
+        if (sv_isobject(param) && sv_derived_from(param, "Crypt::Cipher")) {
-
+          IV tmp = SvIV((SV*)SvRV(param));
-        id = find_cipher(cipher_name);
+          Crypt__Cipher obj = INT2PTR(Crypt__Cipher, tmp);
-        if(id==-1) croak("FATAL: find_cipfer failed for '%s'", cipher_name);
+          RETVAL = obj->desc->min_key_length;
+        }
+        else {
+          char *name = SvPOK(param) && strcmp(SvPVX(param), "Crypt::Cipher") ? SvPVX(param) : extra;
+          int rv, id = _find_cipher(name);
+          if (id == -1) croak("FATAL: find_cipher failed for '%s'", name);
+          rv = cipher_descriptor[id].min_key_length;
+          if (!rv) croak("FATAL: invalid min_key_length for '%s'", name);
+          RETVAL = rv;
+        }
+    }
+    OUTPUT:
+        RETVAL
 
+int
+default_rounds(SV * param, char * extra = NULL)
+    CODE:
+    {
+        if (sv_isobject(param) && sv_derived_from(param, "Crypt::Cipher")) {
+          IV tmp = SvIV((SV*)SvRV(param));
+          Crypt__Cipher obj = INT2PTR(Crypt__Cipher, tmp);
+          RETVAL = obj->desc->default_rounds;
+        }
+        else {
+          char *name = SvPOK(param) && strcmp(SvPVX(param), "Crypt::Cipher") ? SvPVX(param) : extra;
+          int rv, id = _find_cipher(name);
+          if (id == -1) croak("FATAL: find_cipher failed for '%s'", name);
           rv = cipher_descriptor[id].default_rounds;
           if (!rv) XSRETURN_UNDEF;
           RETVAL = rv;
         }
+    }
     OUTPUT:
         RETVAL

inc/CryptX_Digest.xs.inc

@@ -1,48 +1,51 @@
 MODULE = CryptX         PACKAGE = Crypt::Digest
 
+PROTOTYPES: DISABLE
+
 Crypt::Digest
-_new(digest_name)
+new(char * cname, char * pname = NULL)
-        char * digest_name
     CODE:
     {
         int rv;
         int id;
+        char *digest_name = strcmp(cname, "Crypt::Digest") == 0 ? pname : cname;
 
-        id = find_hash(digest_name);
+        id = _find_hash(digest_name);
-        if(id==-1) croak("FATAL: find_hash failed for '%s'", digest_name);
+        if (id == -1) croak("FATAL: find_hash failed for '%s'", digest_name);
 
         Newz(0, RETVAL, 1, struct digest_struct);
         if (!RETVAL) croak("FATAL: Newz failed");
 
-        RETVAL->id = id;
         RETVAL->desc = &hash_descriptor[id];
         rv = RETVAL->desc->init(&RETVAL->state);
-        if(rv!=CRYPT_OK) croak("FATAL: digest setup failed: %s", error_to_string(rv));
+        if (rv != CRYPT_OK) {
+          Safefree(RETVAL);
+          croak("FATAL: digest setup failed: %s", error_to_string(rv));
+        }
     }
     OUTPUT:
         RETVAL
 
 void
-DESTROY(self)
+DESTROY(Crypt::Digest self)
-        Crypt::Digest self
     CODE:
         Safefree(self);
 
 void
-reset(self)
+reset(Crypt::Digest self)
-    Crypt::Digest self
+    PPCODE:
-    CODE:
     {
         int rv;
         rv = self->desc->init(&self->state);
         if (rv != CRYPT_OK) croak("FATAL: digest init failed: %s", error_to_string(rv));
+        XPUSHs(ST(0)); /* return self */
     }
 
 Crypt::Digest
-clone(self)
+clone(Crypt::Digest self)
-    Crypt::Digest self
     CODE:
         Newz(0, RETVAL, 1, struct digest_struct);
+        if (!RETVAL) croak("FATAL: Newz failed");
         Copy(&self->state, &RETVAL->state, 1, struct digest_struct);
     OUTPUT:
         RETVAL
@@ -55,9 +58,9 @@ add(Crypt::Digest self, ...)
         int rv, i;
         unsigned char *in;
 
-        for(i=1; i<items; i++) {
+        for(i = 1; i < items; i++) {
           in = (unsigned char *)SvPVbyte(ST(i), inlen);
-          if (inlen>0) {
+          if (inlen > 0) {
             rv = self->desc->process(&self->state, in, (unsigned long)inlen);
             if (rv != CRYPT_OK) croak("FATAL: digest process failed: %s", error_to_string(rv));
           }
@@ -66,104 +69,118 @@ add(Crypt::Digest self, ...)
     }
 
 SV *
-digest(self)
+digest(Crypt::Digest self)
-        Crypt::Digest self
+    ALIAS:
+        hexdigest  = 1
+        b64digest  = 2
+        b64udigest = 3
     CODE:
     {
-        unsigned char hash[MAXBLOCKSIZE];
         int rv;
+        unsigned long outlen;
+        unsigned char hash[MAXBLOCKSIZE];
+        char out[MAXBLOCKSIZE*2];
 
         rv = self->desc->done(&self->state, hash);
         if (rv != CRYPT_OK) croak("FATAL: digest done failed: %s", error_to_string(rv));
+
+        outlen = sizeof(out);
+        if (ix == 3) {
+          rv = base64url_encode(hash, self->desc->hashsize, (unsigned char *)out, &outlen);
+          if (rv != CRYPT_OK) croak("FATAL: base64url_encode failed: %s", error_to_string(rv));
+          RETVAL = newSVpvn(out, outlen);
+        }
+        else if (ix == 2) {
+          rv = base64_encode(hash, self->desc->hashsize, (unsigned char *)out, &outlen);
+          if (rv != CRYPT_OK) croak("FATAL: base64_encode failed: %s", error_to_string(rv));
+          RETVAL = newSVpvn(out, outlen);
+        }
+        else if (ix == 1) {
+          rv = _base16_encode(hash, self->desc->hashsize, (unsigned char *)out, &outlen);
+          if (rv != CRYPT_OK) croak("FATAL: base16_encode failed: %s", error_to_string(rv));
+          RETVAL = newSVpvn(out, outlen);
+        }
+        else {
           RETVAL = newSVpvn((char *) hash, self->desc->hashsize);
         }
-    OUTPUT:
-        RETVAL
-
-SV *
-hexdigest(self)
-        Crypt::Digest self
-    CODE:
-    {
-        int rv;
-        unsigned long i;
-        unsigned char hash[MAXBLOCKSIZE];
-        char hash_hex[MAXBLOCKSIZE*2 + 1];
-
-        rv = self->desc->done(&self->state, hash);
-        if (rv != CRYPT_OK) croak("FATAL: digest done failed: %s", error_to_string(rv));
-
-        hash_hex[0] = '\0';
-        for(i=0; i<self->desc->hashsize; i++)
-            sprintf(&hash_hex[2*i], "%02x", hash[i]);
-        RETVAL = newSVpvn(hash_hex, strlen(hash_hex));
     }
     OUTPUT:
         RETVAL
 
 SV *
-b64digest(self)
+digest_data(char * digest_name, ...)
-        Crypt::Digest self
+    ALIAS:
+        digest_data_hex  = 1
+        digest_data_b64  = 2
+        digest_data_b64u = 3
     CODE:
     {
-        int rv;
+        STRLEN inlen;
-        unsigned long outlen;
+        int rv, id, i;
-        unsigned char hash[MAXBLOCKSIZE];
+        unsigned char *in, hash[MAXBLOCKSIZE];
-        char hash_base64[MAXBLOCKSIZE*2 + 1];
+        unsigned long len = sizeof(hash), outlen;
+        char out[MAXBLOCKSIZE*2];
+        hash_state md;
 
-        rv = self->desc->done(&self->state, hash);
+        id = _find_hash(digest_name);
-        if (rv != CRYPT_OK) croak("FATAL: digest done failed: %s", error_to_string(rv));
+        if (id == -1) croak("FATAL: find_digest failed for '%s'", digest_name);
 
-        outlen = sizeof(hash_base64);
+        /* digest_data("SHA1", $data1, $data2, $data3); */
-        rv = base64_encode(hash, self->desc->hashsize, (unsigned char *)hash_base64, &outlen);
+        len = hash_descriptor[id].hashsize;
-        if (rv != CRYPT_OK) croak("FATAL: base64_encode failed: %s", error_to_string(rv));
+        rv = hash_descriptor[id].init(&md);
-        RETVAL = newSVpvn(hash_base64, outlen);
+        if (rv != CRYPT_OK) croak("FATAL: digest init failed: %s", error_to_string(rv));
+        for (i = 1; i < items; i++) {
+          in = (unsigned char *)SvPVbyte(ST(i), inlen);
+          if (inlen > 0) {
+            rv = hash_descriptor[id].process(&md, in, (unsigned long)inlen);
+            if (rv != CRYPT_OK) croak("FATAL: digest process failed: %s", error_to_string(rv));
           }
-    OUTPUT:
+        }
-        RETVAL
+        rv = hash_descriptor[id].done(&md, hash);
-
-SV *
-b64udigest(self)
-        Crypt::Digest self
-    CODE:
-    {
-        int rv;
-        unsigned long outlen;
-        unsigned char hash[MAXBLOCKSIZE];
-        char hash_base64[MAXBLOCKSIZE*2 + 1];
-
-        rv = self->desc->done(&self->state, hash);
         if (rv != CRYPT_OK) croak("FATAL: digest done failed: %s", error_to_string(rv));
 
-        outlen = sizeof(hash_base64);
+        outlen = sizeof(out);
-        rv = base64url_encode(hash, self->desc->hashsize, (unsigned char *)hash_base64, &outlen);
+        if (ix == 3) {
+          rv = base64url_encode(hash, len, (unsigned char *)out, &outlen);
           if (rv != CRYPT_OK) croak("FATAL: base64url_encode failed: %s", error_to_string(rv));
-        RETVAL = newSVpvn(hash_base64, outlen);
+          RETVAL = newSVpvn((char *) out, outlen);
+        }
+        else if (ix == 2) {
+          rv = base64_encode(hash, len, (unsigned char *)out, &outlen);
+          if (rv != CRYPT_OK) croak("FATAL: base64_encode failed: %s", error_to_string(rv));
+          RETVAL = newSVpvn((char *) out, outlen);
+        }
+        else if (ix == 1) {
+          rv = _base16_encode(hash, len, (unsigned char *)out, &outlen);
+          if (rv != CRYPT_OK) croak("FATAL: base16_encode failed: %s", error_to_string(rv));
+          RETVAL = newSVpvn((char *) out, outlen);
+        }
+        else {
+          RETVAL = newSVpvn((char *) hash, len);
+        }
     }
     OUTPUT:
         RETVAL
 
 int
-_hashsize(self)
+hashsize(SV * param, char * extra = NULL)
-        Crypt::Digest self
-    CODE:
-        RETVAL = self->desc->hashsize;
-    OUTPUT:
-        RETVAL
-
-int
-_hashsize_by_name(digest_name)
-        char * digest_name
     CODE:
     {
+        if (sv_isobject(param) && sv_derived_from(param, "Crypt::Digest")) {
+          IV tmp = SvIV((SV*)SvRV(param));
+          Crypt__Digest obj = INT2PTR(Crypt__Digest, tmp);
+          RETVAL = obj->desc->hashsize;
+        }
+        else {
+          char *digest_name;
           int rv, id;
-
+          digest_name = SvPOK(param) && strcmp(SvPVX(param), "Crypt::Digest") ? SvPVX(param) : extra;
-        id = find_hash(digest_name);
+          id = _find_hash(digest_name);
-        if(id==-1) croak("FATAL: find_digest failed for '%s'", digest_name);
+          if (id == -1) croak("FATAL: find_hash failed for '%s'", digest_name);
-
           rv = hash_descriptor[id].hashsize;
           if (!rv) croak("FATAL: invalid hashsize for '%s'", digest_name);;
           RETVAL = rv;
         }
+    }
     OUTPUT:
         RETVAL

inc/CryptX_Digest_SHAKE.xs.inc

@@ -1,7 +1,9 @@
 MODULE = CryptX         PACKAGE = Crypt::Digest::SHAKE
 
+PROTOTYPES: DISABLE
+
 Crypt::Digest::SHAKE
-_new(int num)
+new(Class, int num)
     CODE:
     {
         int rv;
@@ -11,7 +13,10 @@ _new(int num)
 
         RETVAL->num = num;
         rv = sha3_shake_init(&RETVAL->state, RETVAL->num);
-        if (rv != CRYPT_OK) croak("FATAL: sha3_shake_init failed: %s", error_to_string(rv));
+        if (rv != CRYPT_OK) {
+          Safefree(RETVAL);
+          croak("FATAL: sha3_shake_init failed: %s", error_to_string(rv));
+        }
     }
     OUTPUT:
         RETVAL
@@ -23,17 +28,19 @@ DESTROY(Crypt::Digest::SHAKE self)
 
 void
 reset(Crypt::Digest::SHAKE self)
-    CODE:
+    PPCODE:
     {
         int rv;
         rv = sha3_shake_init(&self->state, self->num);
         if (rv != CRYPT_OK) croak("FATAL: sha3_shake_init failed: %s", error_to_string(rv));
+        XPUSHs(ST(0)); /* return self */
     }
 
 Crypt::Digest::SHAKE
 clone(Crypt::Digest::SHAKE self)
     CODE:
         Newz(0, RETVAL, 1, struct digest_shake_struct);
+        if (!RETVAL) croak("FATAL: Newz failed");
         Copy(&self->state, &RETVAL->state, 1, struct digest_shake_struct);
     OUTPUT:
         RETVAL
@@ -63,12 +70,20 @@ done(Crypt::Digest::SHAKE self, STRLEN out_len)
         int rv;
         unsigned char *out_data;
 
-        RETVAL = NEWSV(0, out_len);
+        if (out_len == 0) {
+          RETVAL = newSVpvn("", 0);
+        }
+        else {
+          RETVAL = NEWSV(0, out_len); /* avoid zero! */
           SvPOK_only(RETVAL);
           SvCUR_set(RETVAL, out_len);
-        out_data = (unsigned char *)SvPV_nolen(RETVAL);
+          out_data = (unsigned char *)SvPVX(RETVAL);
-        rv = sha3_shake_done(&self->state, out_data, out_len);
+          rv = sha3_shake_done(&self->state, out_data, (unsigned long)out_len);
-        if (rv != CRYPT_OK) croak("FATAL: sha3_shake_done failed: %s", error_to_string(rv));
+          if (rv != CRYPT_OK) {
+            SvREFCNT_dec(RETVAL);
+            croak("FATAL: sha3_shake_done failed: %s", error_to_string(rv));
+          }
+        }
     }
     OUTPUT:
         RETVAL

inc/CryptX_KeyDerivation.xs.inc

@@ -1,102 +1,97 @@
 MODULE = CryptX         PACKAGE = Crypt::KeyDerivation
 
+PROTOTYPES: DISABLE
+
 SV *
-_pkcs_5_alg1(SV * password, SV * salt, int iteration_count, char * hash_name, int len)
+pbkdf1(SV * password, SV * salt, int iteration_count = 5000, const char * hash_name = "SHA256", unsigned long output_len = 32)
     CODE:
     {
-        /*
-        int pkcs_5_alg1(const unsigned char *password, unsigned long password_len,
-                        const unsigned char *salt,
-                        int iteration_count,  int hash_idx,
-                        unsigned char *out,   unsigned long *outlen)
-        */
         int rv, id;
-        unsigned long output_len;
         unsigned char *output;
         unsigned char *password_ptr=NULL;
         STRLEN password_len=0;
         unsigned char *salt_ptr=NULL;
         STRLEN salt_len=0;
 
-        id = find_hash(hash_name);
+        if (output_len == 0) {
-        if(id==-1) croak("FATAL: find_hash failed for '%s'", hash_name);
+          RETVAL = newSVpvn("", 0);
+        }
+        else {
+          id = _find_hash(hash_name);
+          if (id == -1) croak("FATAL: find_hash failed for '%s'", hash_name);
 
           password_ptr = (unsigned char *)SvPVbyte(password, password_len);
           salt_ptr = (unsigned char *)SvPVbyte(salt, salt_len);
           if (salt_len < 8) croak("FATAL: salt_len has to be 8");
 
-        output_len = len;
+          RETVAL = NEWSV(0, output_len); /* avoid zero! */
-        Newz(0, output, output_len, unsigned char);
+          SvPOK_only(RETVAL);
-        if (!output) croak("FATAL: Newz failed [%ld]", output_len);
+          SvCUR_set(RETVAL, output_len);
+          output = (unsigned char *)SvPVX(RETVAL);
 
           rv = pkcs_5_alg1(password_ptr, (unsigned long)password_len, salt_ptr, iteration_count, id, output, &output_len);
-        if (rv != CRYPT_OK) croak("FATAL: pkcs_5_alg1 process failed: %s", error_to_string(rv));
+          if (rv != CRYPT_OK) {
-
+            SvREFCNT_dec(RETVAL);
-        RETVAL = newSVpvn((char *)output, output_len);
+            croak("FATAL: pkcs_5_alg1 process failed: %s", error_to_string(rv));
-        Safefree(output);
+          }
+          SvCUR_set(RETVAL, output_len);
+        }
     }
     OUTPUT:
         RETVAL
 
 SV *
-_pkcs_5_alg2(SV * password, SV * salt, int iteration_count, char * hash_name, int len)
+pbkdf2(SV * password, SV * salt, int iteration_count = 5000, const char * hash_name = "SHA256", unsigned long output_len = 32)
     CODE:
     {
-        /*
-        int pkcs_5_alg2(const unsigned char *password, unsigned long password_len,
-                        const unsigned char *salt,     unsigned long salt_len,
-                        int iteration_count,           int hash_idx,
-                        unsigned char *out,            unsigned long *outlen)
-        */
         int rv, id;
-        unsigned long output_len;
         unsigned char *output;
         unsigned char *password_ptr=NULL;
         STRLEN password_len=0;
         unsigned char *salt_ptr=NULL;
         STRLEN salt_len=0;
 
-        id = find_hash(hash_name);
+        if (output_len == 0) {
-        if(id==-1) croak("FATAL: find_hash failed for '%s'", hash_name);
+          RETVAL = newSVpvn("", 0);
+        }
+        else {
+          id = _find_hash(hash_name);
+          if (id == -1) croak("FATAL: find_hash failed for '%s'", hash_name);
 
           password_ptr = (unsigned char *)SvPVbyte(password, password_len);
           salt_ptr = (unsigned char *)SvPVbyte(salt, salt_len);
 
-        output_len = len;
+          RETVAL = NEWSV(0, output_len); /* avoid zero! */
-        Newz(0, output, output_len, unsigned char);
+          SvPOK_only(RETVAL);
-        if (!output) croak("FATAL: Newz failed [%ld]", output_len);
+          SvCUR_set(RETVAL, output_len);
+          output = (unsigned char *)SvPVX(RETVAL);
 
           rv = pkcs_5_alg2(password_ptr, (unsigned long)password_len, salt_ptr, (unsigned long)salt_len, iteration_count, id, output, &output_len);
-        if (rv != CRYPT_OK) croak("FATAL: pkcs_5_alg2 process failed: %s", error_to_string(rv));
+          if (rv != CRYPT_OK) {
-
+            SvREFCNT_dec(RETVAL);
-        RETVAL = newSVpvn((char *)output, output_len);
+            croak("FATAL: pkcs_5_alg2 process failed: %s", error_to_string(rv));
-        Safefree(output);
+          }
+          SvCUR_set(RETVAL, output_len);
+        }
     }
     OUTPUT:
         RETVAL
 
 SV *
-_hkdf_extract(char * hash_name, SV * salt, SV * in)
+hkdf_extract(SV * in, SV * salt = &PL_sv_undef, const char * hash_name = "SHA256")
     CODE:
     {
-        /*
-        int hkdf_extract(int hash_idx, const unsigned char *salt, unsigned long  saltlen,
-                                       const unsigned char *in,   unsigned long  inlen,
-                                       unsigned char *out,  unsigned long *outlen)
-        */
         int rv, id;
         unsigned char output[MAXBLOCKSIZE];
         unsigned long output_len;
-        unsigned char *in_ptr=NULL;
+        unsigned char *in_ptr = NULL, *salt_ptr = NULL;
-        STRLEN in_len=0;
+        STRLEN in_len = 0, salt_len = 0;
-        unsigned char *salt_ptr=NULL;
-        STRLEN salt_len=0;
 
-        id = find_hash(hash_name);
+        id = _find_hash(hash_name);
-        if(id==-1) croak("FATAL: find_hash failed for '%s'", hash_name);
+        if (id == -1) croak("FATAL: find_hash failed for '%s'", hash_name);
 
-        in_ptr = (unsigned char *)SvPVbyte(in, in_len);
+        if (SvPOK(in))   in_ptr = (unsigned char *)SvPVbyte(in, in_len);
-        salt_ptr = (unsigned char *)SvPVbyte(salt, salt_len);
+        if (SvPOK(salt)) salt_ptr = (unsigned char *)SvPVbyte(salt, salt_len);
 
         output_len = sizeof(output);
         rv = hkdf_extract(id, salt_ptr, (unsigned long)salt_len, in_ptr, (unsigned long)in_len, output, &output_len);
@@ -108,74 +103,72 @@ _hkdf_extract(char * hash_name, SV * salt, SV * in)
         RETVAL
 
 SV *
-_hkdf_expand(char * hash_name, SV * info, SV * in, unsigned long output_len)
+hkdf_expand(SV * in, const char * hash_name = "SHA256", unsigned long output_len = 32, SV * info = &PL_sv_undef)
     CODE:
     {
-        /*
-        int hkdf_expand(int hash_idx, const unsigned char *info, unsigned long infolen,
-                                      const unsigned char *in,   unsigned long inlen,
-                                      unsigned char *out,  unsigned long outlen)
-        */
         int rv, id;
         unsigned char *output;
-        unsigned char *in_ptr=NULL;
+        unsigned char *in_ptr = NULL, *info_ptr = NULL;
-        STRLEN in_len=0;
+        STRLEN in_len = 0, info_len = 0;
-        unsigned char *info_ptr=NULL;
-        STRLEN info_len=0;
 
-        id = find_hash(hash_name);
+        if (output_len == 0) {
-        if(id==-1) croak("FATAL: find_hash failed for '%s'", hash_name);
+          RETVAL = newSVpvn("", 0);
+        }
+        else {
+          id = _find_hash(hash_name);
+          if (id == -1) croak("FATAL: find_hash failed for '%s'", hash_name);
 
-        in_ptr = (unsigned char *)SvPVbyte(in, in_len);
+          if (SvPOK(in))   in_ptr = (unsigned char *)SvPVbyte(in, in_len);
-        info_ptr = (unsigned char *)SvPVbyte(info, info_len);
+          if (SvPOK(info)) info_ptr = (unsigned char *)SvPVbyte(info, info_len);
 
-        Newz(0, output, output_len, unsigned char);
+          RETVAL = NEWSV(0, output_len); /* avoid zero! */
-        if (!output) croak("FATAL: Newz failed [%ld]", output_len);
+          SvPOK_only(RETVAL);
+          SvCUR_set(RETVAL, output_len);
+          output = (unsigned char *)SvPVX(RETVAL);
 
           rv = hkdf_expand(id, info_ptr, (unsigned long)info_len, in_ptr, (unsigned long)in_len, output, output_len);
-        if (rv != CRYPT_OK) croak("FATAL: hkdf_expand process failed: %s", error_to_string(rv));
+          if (rv != CRYPT_OK) {
-
+            SvREFCNT_dec(RETVAL);
-        RETVAL = newSVpvn((char *)output, output_len);
+            croak("FATAL: hkdf_expand process failed: %s", error_to_string(rv));
-        Safefree(output);
+          }
+          SvCUR_set(RETVAL, output_len);
+        }
     }
     OUTPUT:
         RETVAL
 
 SV *
-_hkdf(char * hash_name, SV * salt, SV * info, SV * in, unsigned long output_len)
+hkdf(SV * in, SV * salt, const char * hash_name = "SHA256", unsigned long output_len = 32, SV * info = &PL_sv_undef)
     CODE:
     {
-        /*
-        int hkdf(int hash_idx, const unsigned char *salt, unsigned long saltlen,
-                               const unsigned char *info, unsigned long infolen,
-                               const unsigned char *in,   unsigned long inlen,
-                               unsigned char *out,  unsigned long outlen)
-        */
         int rv, id;
         unsigned char *output;
-        unsigned char *in_ptr=NULL;
+        unsigned char *in_ptr = NULL, *info_ptr = NULL, *salt_ptr = NULL;
-        STRLEN in_len=0;
+        STRLEN in_len = 0, info_len = 0, salt_len = 0;
-        unsigned char *info_ptr=NULL;
-        STRLEN info_len=0;
-        unsigned char *salt_ptr=NULL;
-        STRLEN salt_len=0;
 
-        id = find_hash(hash_name);
+        if (output_len == 0) {
-        if(id==-1) croak("FATAL: find_hash failed for '%s'", hash_name);
+          RETVAL = newSVpvn("", 0);
+        }
+        else {
+          id = _find_hash(hash_name);
+          if (id == -1) croak("FATAL: find_hash failed for '%s'", hash_name);
 
-        in_ptr = (unsigned char *)SvPVbyte(in, in_len);
+          if (SvPOK(in))   in_ptr   = (unsigned char *)SvPVbyte(in, in_len);
-        info_ptr = (unsigned char *)SvPVbyte(info, info_len);
+          if (SvPOK(info)) info_ptr = (unsigned char *)SvPVbyte(info, info_len);
-        salt_ptr = (unsigned char *)SvPVbyte(salt, salt_len);
+          if (SvPOK(salt)) salt_ptr = (unsigned char *)SvPVbyte(salt, salt_len);
 
-        Newz(0, output, output_len, unsigned char);
+          RETVAL = NEWSV(0, output_len); /* avoid zero! */
-        if (!output) croak("FATAL: Newz failed [%ld]", output_len);
+          SvPOK_only(RETVAL);
+          SvCUR_set(RETVAL, output_len);
+          output = (unsigned char *)SvPVX(RETVAL);
 
           rv = hkdf(id, salt_ptr, (unsigned long)salt_len, info_ptr, (unsigned long)info_len, in_ptr, (unsigned long)in_len, output, output_len);
-        if (rv != CRYPT_OK) croak("FATAL: hkdf_expand process failed: %s", error_to_string(rv));
+          if (rv != CRYPT_OK) {
-
+            SvREFCNT_dec(RETVAL);
-        RETVAL = newSVpvn((char *)output, output_len);
+            croak("FATAL: hkdf_expand process failed: %s", error_to_string(rv));
-        Safefree(output);
+          }
+          SvCUR_set(RETVAL, output_len);
+        }
     }
     OUTPUT:
         RETVAL
-

inc/CryptX_Mac_BLAKE2b.xs.inc

@@ -1,9 +1,11 @@
 MODULE = CryptX         PACKAGE = Crypt::Mac::BLAKE2b
 
+PROTOTYPES: DISABLE
+
 ### BEWARE - GENERATED FILE, DO NOT EDIT MANUALLY!
 
 Crypt::Mac::BLAKE2b
-_new(int size, SV * key)
+new(Class, unsigned long size, SV * key)
     CODE:
     {
         STRLEN k_len=0;
@@ -13,11 +15,14 @@ _new(int size, SV * key)
         if (!SvPOK(key)) croak("FATAL: key must be string/buffer scalar");
         k = (unsigned char *) SvPVbyte(key, k_len);
 
-        Newz(0, RETVAL, 1, struct blake2b_struct);
+        Newz(0, RETVAL, 1, blake2bmac_state);
         if (!RETVAL) croak("FATAL: Newz failed");
 
-        rv = blake2bmac_init(&RETVAL->state, size, k, (unsigned long)k_len);
+        rv = blake2bmac_init(RETVAL, size, k, (unsigned long)k_len);
-        if (rv != CRYPT_OK) croak("FATAL: blake2b_init failed: %s", error_to_string(rv));
+        if (rv != CRYPT_OK) {
+          Safefree(RETVAL);
+          croak("FATAL: blake2b_init failed: %s", error_to_string(rv));
+        }
     }
     OUTPUT:
         RETVAL
@@ -30,101 +35,118 @@ DESTROY(Crypt::Mac::BLAKE2b self)
 Crypt::Mac::BLAKE2b
 clone(Crypt::Mac::BLAKE2b self)
     CODE:
-        Newz(0, RETVAL, 1, struct blake2b_struct);
+        Newz(0, RETVAL, 1, blake2bmac_state);
         if (!RETVAL) croak("FATAL: Newz failed");
-        Copy(&self->state, &RETVAL->state, 1, struct blake2b_struct);
+        Copy(self, RETVAL, 1, blake2bmac_state);
     OUTPUT:
         RETVAL
 
 void
-_add_single(Crypt::Mac::BLAKE2b self, SV * data)
+add(Crypt::Mac::BLAKE2b self, ...)
-    CODE:
+    PPCODE:
     {
-        int rv;
+        int rv, i;
         STRLEN in_data_len;
         unsigned char *in_data;
 
-        in_data = (unsigned char *)SvPVbyte(data, in_data_len);
+        for(i = 1; i < items; i++) {
-        if (in_data_len>0) {
+          in_data = (unsigned char *)SvPVbyte(ST(i), in_data_len);
-          rv = blake2bmac_process(&self->state, in_data, (unsigned long)in_data_len);
+          if (in_data_len > 0) {
+            rv = blake2bmac_process(self, in_data, (unsigned long)in_data_len);
             if (rv != CRYPT_OK) croak("FATAL: blake2b_process failed: %s", error_to_string(rv));
           }
         }
+        XPUSHs(ST(0)); /* return self */
+    }
 
 SV *
 mac(Crypt::Mac::BLAKE2b self)
-    CODE:
+    ALIAS:
-    {
+        hexmac  = 1
-        char mac[MAXBLOCKSIZE];
+        b64mac  = 2
-        unsigned long mac_len;
+        b64umac = 3
-        int rv;
-
-        mac_len = sizeof(mac);
-        rv = blake2bmac_done(&self->state, (unsigned char*)mac, &mac_len);
-        if (rv != CRYPT_OK) croak("FATAL: blake2bmac_done failed: %s", error_to_string(rv));
-        RETVAL = newSVpvn(mac, mac_len);
-    }
-    OUTPUT:
-        RETVAL
-
-SV *
-b64mac(Crypt::Mac::BLAKE2b self)
     CODE:
     {
         unsigned char mac[MAXBLOCKSIZE];
-        unsigned long mac_len;
+        unsigned long maclen, outlen;
         int rv;
-        unsigned long outlen;
+        char out[MAXBLOCKSIZE*2];
-        char mac_base64[MAXBLOCKSIZE*2 + 1];
 
-        mac_len = sizeof(mac);
+        maclen = sizeof(mac);
-        rv = blake2bmac_done(&self->state, mac, &mac_len);
+        rv = blake2bmac_done(self, mac, &maclen);
         if (rv != CRYPT_OK) croak("FATAL: blake2bmac_done failed: %s", error_to_string(rv));
-        outlen = sizeof(mac_base64);
+        outlen = sizeof(out);
-        rv = base64_encode(mac, mac_len, (unsigned char*)mac_base64, &outlen);
+        if (ix == 3) {
-        if (rv != CRYPT_OK) croak("FATAL: base64_encode failed: %s", error_to_string(rv));
+          rv = base64url_encode(mac, maclen, (unsigned char*)out, &outlen);
-        RETVAL = newSVpvn(mac_base64, outlen);
-    }
-    OUTPUT:
-        RETVAL
-
-SV *
-b64umac(Crypt::Mac::BLAKE2b self)
-    CODE:
-    {
-        unsigned char mac[MAXBLOCKSIZE];
-        unsigned long mac_len;
-        int rv;
-        unsigned long outlen;
-        char mac_base64[MAXBLOCKSIZE*2 + 1];
-
-        mac_len = sizeof(mac);
-        rv = blake2bmac_done(&self->state, mac, &mac_len);
-        if (rv != CRYPT_OK) croak("FATAL: blake2bmac_done failed: %s", error_to_string(rv));
-        outlen = sizeof(mac_base64);
-        rv = base64url_encode(mac, mac_len, (unsigned char*)mac_base64, &outlen);
           if (rv != CRYPT_OK) croak("FATAL: base64url_encode failed: %s", error_to_string(rv));
-        RETVAL = newSVpvn(mac_base64, outlen);
+          RETVAL = newSVpvn(out, outlen);
+        }
+        if (ix == 2) {
+          rv = base64_encode(mac, maclen, (unsigned char*)out, &outlen);
+          if (rv != CRYPT_OK) croak("FATAL: base64_encode failed: %s", error_to_string(rv));
+          RETVAL = newSVpvn(out, outlen);
+        }
+        if (ix == 1) {
+          rv = _base16_encode(mac, maclen, (unsigned char *)out, &outlen);
+          if (rv != CRYPT_OK) croak("FATAL: base16_encode failed: %s", error_to_string(rv));
+          RETVAL = newSVpvn(out, outlen);
+        }
+        else {
+          RETVAL = newSVpvn((char * )mac, maclen);
+        }
     }
     OUTPUT:
         RETVAL
 
 SV *
-hexmac(Crypt::Mac::BLAKE2b self)
+blake2b(unsigned long size, SV * key, ...)
+    ALIAS:
+        blake2b_hex  = 1
+        blake2b_b64  = 2
+        blake2b_b64u = 3
     CODE:
     {
+        STRLEN inlen, klen;
+        unsigned char *in;
+        unsigned char *k = (unsigned char *)SvPVbyte(key, klen);
+        int rv, i;
         unsigned char mac[MAXBLOCKSIZE];
-        unsigned long mac_len, i;
+        unsigned long len = sizeof(mac), outlen;
-        int rv;
+        char out[MAXBLOCKSIZE*2];
-        char mac_hex[MAXBLOCKSIZE*2 + 1];
+        blake2bmac_state st;
 
-        mac_len = sizeof(mac);
+        if (size < len) len = size;
-        rv = blake2bmac_done(&self->state, mac, &mac_len);
+        rv = blake2bmac_init(&st, len, k, (unsigned long)klen);
+        if (rv != CRYPT_OK) croak("FATAL: blake2bmac_init failed: %s", error_to_string(rv));
+        for (i = 2; i < items; i++) {
+          in = (unsigned char *)SvPVbyte(ST(i), inlen);
+          if (inlen > 0) {
+            rv = blake2bmac_process(&st, in, (unsigned long)inlen);
+            if (rv != CRYPT_OK) croak("FATAL: blake2bmac_process failed: %s", error_to_string(rv));
+          }
+        }
+        rv = blake2bmac_done(&st, mac, &len);
         if (rv != CRYPT_OK) croak("FATAL: blake2bmac_done failed: %s", error_to_string(rv));
-        mac_hex[0] = '\0';
+
-        for(i=0; i<mac_len; i++)
+        outlen = sizeof(out);
-            sprintf(&mac_hex[2*i], "%02x", mac[i]);
+        if (ix == 3) {
-        RETVAL = newSVpvn(mac_hex, strlen(mac_hex));
+          rv = base64url_encode(mac, len, (unsigned char *)out, &outlen);
+          if (rv != CRYPT_OK) croak("FATAL: base64url_encode failed: %s", error_to_string(rv));
+          RETVAL = newSVpvn((char *) out, outlen);
+        }
+        else if (ix == 2) {
+          rv = base64_encode(mac, len, (unsigned char *)out, &outlen);
+          if (rv != CRYPT_OK) croak("FATAL: base64_encode failed: %s", error_to_string(rv));
+          RETVAL = newSVpvn((char *) out, outlen);
+        }
+        else if (ix == 1) {
+          rv = _base16_encode(mac, len, (unsigned char *)out, &outlen);
+          if (rv != CRYPT_OK) croak("FATAL: base16_encode failed: %s", error_to_string(rv));
+          RETVAL = newSVpvn((char *) out, outlen);
+        }
+        else {
+          RETVAL = newSVpvn((char *) mac, len);
+        }
     }
     OUTPUT:
         RETVAL

inc/CryptX_Mac_BLAKE2s.xs.inc

@@ -1,9 +1,11 @@
 MODULE = CryptX         PACKAGE = Crypt::Mac::BLAKE2s
 
+PROTOTYPES: DISABLE
+
 ### BEWARE - GENERATED FILE, DO NOT EDIT MANUALLY!
 
 Crypt::Mac::BLAKE2s
-_new(int size, SV * key)
+new(Class, unsigned long size, SV * key)
     CODE:
     {
         STRLEN k_len=0;
@@ -13,11 +15,14 @@ _new(int size, SV * key)
         if (!SvPOK(key)) croak("FATAL: key must be string/buffer scalar");
         k = (unsigned char *) SvPVbyte(key, k_len);
 
-        Newz(0, RETVAL, 1, struct blake2s_struct);
+        Newz(0, RETVAL, 1, blake2smac_state);
         if (!RETVAL) croak("FATAL: Newz failed");
 
-        rv = blake2smac_init(&RETVAL->state, size, k, (unsigned long)k_len);
+        rv = blake2smac_init(RETVAL, size, k, (unsigned long)k_len);
-        if (rv != CRYPT_OK) croak("FATAL: blake2s_init failed: %s", error_to_string(rv));
+        if (rv != CRYPT_OK) {
+          Safefree(RETVAL);
+          croak("FATAL: blake2s_init failed: %s", error_to_string(rv));
+        }
     }
     OUTPUT:
         RETVAL
@@ -30,101 +35,118 @@ DESTROY(Crypt::Mac::BLAKE2s self)
 Crypt::Mac::BLAKE2s
 clone(Crypt::Mac::BLAKE2s self)
     CODE:
-        Newz(0, RETVAL, 1, struct blake2s_struct);
+        Newz(0, RETVAL, 1, blake2smac_state);
         if (!RETVAL) croak("FATAL: Newz failed");
-        Copy(&self->state, &RETVAL->state, 1, struct blake2s_struct);
+        Copy(self, RETVAL, 1, blake2smac_state);
     OUTPUT:
         RETVAL
 
 void
-_add_single(Crypt::Mac::BLAKE2s self, SV * data)
+add(Crypt::Mac::BLAKE2s self, ...)
-    CODE:
+    PPCODE:
     {
-        int rv;
+        int rv, i;
         STRLEN in_data_len;
         unsigned char *in_data;
 
-        in_data = (unsigned char *)SvPVbyte(data, in_data_len);
+        for(i = 1; i < items; i++) {
-        if (in_data_len>0) {
+          in_data = (unsigned char *)SvPVbyte(ST(i), in_data_len);
-          rv = blake2smac_process(&self->state, in_data, (unsigned long)in_data_len);
+          if (in_data_len > 0) {
+            rv = blake2smac_process(self, in_data, (unsigned long)in_data_len);
             if (rv != CRYPT_OK) croak("FATAL: blake2s_process failed: %s", error_to_string(rv));
           }
         }
+        XPUSHs(ST(0)); /* return self */
+    }
 
 SV *
 mac(Crypt::Mac::BLAKE2s self)
-    CODE:
+    ALIAS:
-    {
+        hexmac  = 1
-        char mac[MAXBLOCKSIZE];
+        b64mac  = 2
-        unsigned long mac_len;
+        b64umac = 3
-        int rv;
-
-        mac_len = sizeof(mac);
-        rv = blake2smac_done(&self->state, (unsigned char*)mac, &mac_len);
-        if (rv != CRYPT_OK) croak("FATAL: blake2smac_done failed: %s", error_to_string(rv));
-        RETVAL = newSVpvn(mac, mac_len);
-    }
-    OUTPUT:
-        RETVAL
-
-SV *
-b64mac(Crypt::Mac::BLAKE2s self)
     CODE:
     {
         unsigned char mac[MAXBLOCKSIZE];
-        unsigned long mac_len;
+        unsigned long maclen, outlen;
         int rv;
-        unsigned long outlen;
+        char out[MAXBLOCKSIZE*2];
-        char mac_base64[MAXBLOCKSIZE*2 + 1];
 
-        mac_len = sizeof(mac);
+        maclen = sizeof(mac);
-        rv = blake2smac_done(&self->state, mac, &mac_len);
+        rv = blake2smac_done(self, mac, &maclen);
         if (rv != CRYPT_OK) croak("FATAL: blake2smac_done failed: %s", error_to_string(rv));
-        outlen = sizeof(mac_base64);
+        outlen = sizeof(out);
-        rv = base64_encode(mac, mac_len, (unsigned char*)mac_base64, &outlen);
+        if (ix == 3) {
-        if (rv != CRYPT_OK) croak("FATAL: base64_encode failed: %s", error_to_string(rv));
+          rv = base64url_encode(mac, maclen, (unsigned char*)out, &outlen);
-        RETVAL = newSVpvn(mac_base64, outlen);
-    }
-    OUTPUT:
-        RETVAL
-
-SV *
-b64umac(Crypt::Mac::BLAKE2s self)
-    CODE:
-    {
-        unsigned char mac[MAXBLOCKSIZE];
-        unsigned long mac_len;
-        int rv;
-        unsigned long outlen;
-        char mac_base64[MAXBLOCKSIZE*2 + 1];
-
-        mac_len = sizeof(mac);
-        rv = blake2smac_done(&self->state, mac, &mac_len);
-        if (rv != CRYPT_OK) croak("FATAL: blake2smac_done failed: %s", error_to_string(rv));
-        outlen = sizeof(mac_base64);
-        rv = base64url_encode(mac, mac_len, (unsigned char*)mac_base64, &outlen);
           if (rv != CRYPT_OK) croak("FATAL: base64url_encode failed: %s", error_to_string(rv));
-        RETVAL = newSVpvn(mac_base64, outlen);
+          RETVAL = newSVpvn(out, outlen);
+        }
+        if (ix == 2) {
+          rv = base64_encode(mac, maclen, (unsigned char*)out, &outlen);
+          if (rv != CRYPT_OK) croak("FATAL: base64_encode failed: %s", error_to_string(rv));
+          RETVAL = newSVpvn(out, outlen);
+        }
+        if (ix == 1) {
+          rv = _base16_encode(mac, maclen, (unsigned char *)out, &outlen);
+          if (rv != CRYPT_OK) croak("FATAL: base16_encode failed: %s", error_to_string(rv));
+          RETVAL = newSVpvn(out, outlen);
+        }
+        else {
+          RETVAL = newSVpvn((char * )mac, maclen);
+        }
     }
     OUTPUT:
         RETVAL
 
 SV *
-hexmac(Crypt::Mac::BLAKE2s self)
+blake2s(unsigned long size, SV * key, ...)
+    ALIAS:
+        blake2s_hex  = 1
+        blake2s_b64  = 2
+        blake2s_b64u = 3
     CODE:
     {
+        STRLEN inlen, klen;
+        unsigned char *in;
+        unsigned char *k = (unsigned char *)SvPVbyte(key, klen);
+        int rv, i;
         unsigned char mac[MAXBLOCKSIZE];
-        unsigned long mac_len, i;
+        unsigned long len = sizeof(mac), outlen;
-        int rv;
+        char out[MAXBLOCKSIZE*2];
-        char mac_hex[MAXBLOCKSIZE*2 + 1];
+        blake2smac_state st;
 
-        mac_len = sizeof(mac);
+        if (size < len) len = size;
-        rv = blake2smac_done(&self->state, mac, &mac_len);
+        rv = blake2smac_init(&st, len, k, (unsigned long)klen);
+        if (rv != CRYPT_OK) croak("FATAL: blake2smac_init failed: %s", error_to_string(rv));
+        for (i = 2; i < items; i++) {
+          in = (unsigned char *)SvPVbyte(ST(i), inlen);
+          if (inlen > 0) {
+            rv = blake2smac_process(&st, in, (unsigned long)inlen);
+            if (rv != CRYPT_OK) croak("FATAL: blake2smac_process failed: %s", error_to_string(rv));
+          }
+        }
+        rv = blake2smac_done(&st, mac, &len);
         if (rv != CRYPT_OK) croak("FATAL: blake2smac_done failed: %s", error_to_string(rv));
-        mac_hex[0] = '\0';
+
-        for(i=0; i<mac_len; i++)
+        outlen = sizeof(out);
-            sprintf(&mac_hex[2*i], "%02x", mac[i]);
+        if (ix == 3) {
-        RETVAL = newSVpvn(mac_hex, strlen(mac_hex));
+          rv = base64url_encode(mac, len, (unsigned char *)out, &outlen);
+          if (rv != CRYPT_OK) croak("FATAL: base64url_encode failed: %s", error_to_string(rv));
+          RETVAL = newSVpvn((char *) out, outlen);
+        }
+        else if (ix == 2) {
+          rv = base64_encode(mac, len, (unsigned char *)out, &outlen);
+          if (rv != CRYPT_OK) croak("FATAL: base64_encode failed: %s", error_to_string(rv));
+          RETVAL = newSVpvn((char *) out, outlen);
+        }
+        else if (ix == 1) {
+          rv = _base16_encode(mac, len, (unsigned char *)out, &outlen);
+          if (rv != CRYPT_OK) croak("FATAL: base16_encode failed: %s", error_to_string(rv));
+          RETVAL = newSVpvn((char *) out, outlen);
+        }
+        else {
+          RETVAL = newSVpvn((char *) mac, len);
+        }
     }
     OUTPUT:
         RETVAL

inc/CryptX_Mac_F9.xs.inc

@@ -1,9 +1,11 @@
 MODULE = CryptX         PACKAGE = Crypt::Mac::F9
 
+PROTOTYPES: DISABLE
+
 ### BEWARE - GENERATED FILE, DO NOT EDIT MANUALLY!
 
 Crypt::Mac::F9
-_new(char * cipher_name, SV * key)
+new(Class, char * cipher_name, SV * key)
     CODE:
     {
         STRLEN k_len=0;
@@ -11,17 +13,20 @@ _new(char * cipher_name, SV * key)
         int rv;
         int id;
 
-        id = find_cipher(cipher_name);
+        id = _find_cipher(cipher_name);
-        if(id==-1) croak("FATAL: find_cipfer failed for '%s'", cipher_name);
+        if (id == -1) croak("FATAL: find_cipfer failed for '%s'", cipher_name);
 
         if (!SvPOK(key)) croak("FATAL: key must be string/buffer scalar");
         k = (unsigned char *) SvPVbyte(key, k_len);
 
-        Newz(0, RETVAL, 1, struct f9_struct);
+        Newz(0, RETVAL, 1, f9_state);
         if (!RETVAL) croak("FATAL: Newz failed");
 
-        rv = f9_init(&RETVAL->state, id, k, (unsigned long)k_len);
+        rv = f9_init(RETVAL, id, k, (unsigned long)k_len);
-        if (rv != CRYPT_OK) croak("FATAL: f9_init failed: %s", error_to_string(rv));
+        if (rv != CRYPT_OK) {
+          Safefree(RETVAL);
+          croak("FATAL: f9_init failed: %s", error_to_string(rv));
+        }
     }
     OUTPUT:
         RETVAL
@@ -34,101 +39,119 @@ DESTROY(Crypt::Mac::F9 self)
 Crypt::Mac::F9
 clone(Crypt::Mac::F9 self)
     CODE:
-        Newz(0, RETVAL, 1, struct f9_struct);
+        Newz(0, RETVAL, 1, f9_state);
         if (!RETVAL) croak("FATAL: Newz failed");
-        Copy(&self->state, &RETVAL->state, 1, struct f9_struct);
+        Copy(self, RETVAL, 1, f9_state);
     OUTPUT:
         RETVAL
 
 void
-_add_single(Crypt::Mac::F9 self, SV * data)
+add(Crypt::Mac::F9 self, ...)
-    CODE:
+    PPCODE:
     {
-        int rv;
+        int rv, i;
         STRLEN in_data_len;
         unsigned char *in_data;
 
-        in_data = (unsigned char *)SvPVbyte(data, in_data_len);
+        for(i = 1; i < items; i++) {
-        if (in_data_len>0) {
+          in_data = (unsigned char *)SvPVbyte(ST(i), in_data_len);
-          rv = f9_process(&self->state, in_data, (unsigned long)in_data_len);
+          if (in_data_len > 0) {
+            rv = f9_process(self, in_data, (unsigned long)in_data_len);
             if (rv != CRYPT_OK) croak("FATAL: f9_process failed: %s", error_to_string(rv));
           }
         }
+        XPUSHs(ST(0)); /* return self */
+    }
 
 SV *
 mac(Crypt::Mac::F9 self)
-    CODE:
+    ALIAS:
-    {
+        hexmac  = 1
-        char mac[MAXBLOCKSIZE];
+        b64mac  = 2
-        unsigned long mac_len;
+        b64umac = 3
-        int rv;
-
-        mac_len = sizeof(mac);
-        rv = f9_done(&self->state, (unsigned char*)mac, &mac_len);
-        if (rv != CRYPT_OK) croak("FATAL: f9_done failed: %s", error_to_string(rv));
-        RETVAL = newSVpvn(mac, mac_len);
-    }
-    OUTPUT:
-        RETVAL
-
-SV *
-b64mac(Crypt::Mac::F9 self)
     CODE:
     {
         unsigned char mac[MAXBLOCKSIZE];
-        unsigned long mac_len;
+        unsigned long maclen, outlen;
         int rv;
-        unsigned long outlen;
+        char out[MAXBLOCKSIZE*2];
-        char mac_base64[MAXBLOCKSIZE*2 + 1];
 
-        mac_len = sizeof(mac);
+        maclen = sizeof(mac);
-        rv = f9_done(&self->state, mac, &mac_len);
+        rv = f9_done(self, mac, &maclen);
         if (rv != CRYPT_OK) croak("FATAL: f9_done failed: %s", error_to_string(rv));
-        outlen = sizeof(mac_base64);
+        outlen = sizeof(out);
-        rv = base64_encode(mac, mac_len, (unsigned char*)mac_base64, &outlen);
+        if (ix == 3) {
-        if (rv != CRYPT_OK) croak("FATAL: base64_encode failed: %s", error_to_string(rv));
+          rv = base64url_encode(mac, maclen, (unsigned char*)out, &outlen);
-        RETVAL = newSVpvn(mac_base64, outlen);
-    }
-    OUTPUT:
-        RETVAL
-
-SV *
-b64umac(Crypt::Mac::F9 self)
-    CODE:
-    {
-        unsigned char mac[MAXBLOCKSIZE];
-        unsigned long mac_len;
-        int rv;
-        unsigned long outlen;
-        char mac_base64[MAXBLOCKSIZE*2 + 1];
-
-        mac_len = sizeof(mac);
-        rv = f9_done(&self->state, mac, &mac_len);
-        if (rv != CRYPT_OK) croak("FATAL: f9_done failed: %s", error_to_string(rv));
-        outlen = sizeof(mac_base64);
-        rv = base64url_encode(mac, mac_len, (unsigned char*)mac_base64, &outlen);
           if (rv != CRYPT_OK) croak("FATAL: base64url_encode failed: %s", error_to_string(rv));
-        RETVAL = newSVpvn(mac_base64, outlen);
+          RETVAL = newSVpvn(out, outlen);
+        }
+        if (ix == 2) {
+          rv = base64_encode(mac, maclen, (unsigned char*)out, &outlen);
+          if (rv != CRYPT_OK) croak("FATAL: base64_encode failed: %s", error_to_string(rv));
+          RETVAL = newSVpvn(out, outlen);
+        }
+        if (ix == 1) {
+          rv = _base16_encode(mac, maclen, (unsigned char *)out, &outlen);
+          if (rv != CRYPT_OK) croak("FATAL: base16_encode failed: %s", error_to_string(rv));
+          RETVAL = newSVpvn(out, outlen);
+        }
+        else {
+          RETVAL = newSVpvn((char * )mac, maclen);
+        }
     }
     OUTPUT:
         RETVAL
 
 SV *
-hexmac(Crypt::Mac::F9 self)
+f9(char * cipher_name, SV * key, ...)
+    ALIAS:
+        f9_hex  = 1
+        f9_b64  = 2
+        f9_b64u = 3
     CODE:
     {
+        STRLEN inlen, klen;
+        unsigned char *in;
+        unsigned char *k = (unsigned char *)SvPVbyte(key, klen);
+        int rv, i;
         unsigned char mac[MAXBLOCKSIZE];
-        unsigned long mac_len, i;
+        unsigned long len = sizeof(mac), outlen;
-        int rv;
+        char out[MAXBLOCKSIZE*2];
-        char mac_hex[MAXBLOCKSIZE*2 + 1];
+        f9_state st;
 
-        mac_len = sizeof(mac);
+        int id = _find_cipher(cipher_name);
-        rv = f9_done(&self->state, mac, &mac_len);
+        if (id == -1) croak("FATAL: find_cipher failed for '%s'", cipher_name);
+        rv = f9_init(&st, id, k, (unsigned long)klen);
+        if (rv != CRYPT_OK) croak("FATAL: f9_init failed: %s", error_to_string(rv));
+        for (i = 2; i < items; i++) {
+          in = (unsigned char *)SvPVbyte(ST(i), inlen);
+          if (inlen > 0) {
+            rv = f9_process(&st, in, (unsigned long)inlen);
+            if (rv != CRYPT_OK) croak("FATAL: f9_process failed: %s", error_to_string(rv));
+          }
+        }
+        rv = f9_done(&st, mac, &len);
         if (rv != CRYPT_OK) croak("FATAL: f9_done failed: %s", error_to_string(rv));
-        mac_hex[0] = '\0';
+
-        for(i=0; i<mac_len; i++)
+        outlen = sizeof(out);
-            sprintf(&mac_hex[2*i], "%02x", mac[i]);
+        if (ix == 3) {
-        RETVAL = newSVpvn(mac_hex, strlen(mac_hex));
+          rv = base64url_encode(mac, len, (unsigned char *)out, &outlen);
+          if (rv != CRYPT_OK) croak("FATAL: base64url_encode failed: %s", error_to_string(rv));
+          RETVAL = newSVpvn((char *) out, outlen);
+        }
+        else if (ix == 2) {
+          rv = base64_encode(mac, len, (unsigned char *)out, &outlen);
+          if (rv != CRYPT_OK) croak("FATAL: base64_encode failed: %s", error_to_string(rv));
+          RETVAL = newSVpvn((char *) out, outlen);
+        }
+        else if (ix == 1) {
+          rv = _base16_encode(mac, len, (unsigned char *)out, &outlen);
+          if (rv != CRYPT_OK) croak("FATAL: base16_encode failed: %s", error_to_string(rv));
+          RETVAL = newSVpvn((char *) out, outlen);
+        }
+        else {
+          RETVAL = newSVpvn((char *) mac, len);
+        }
     }
     OUTPUT:
         RETVAL

inc/CryptX_Mac_HMAC.xs.inc

@@ -1,9 +1,11 @@
 MODULE = CryptX         PACKAGE = Crypt::Mac::HMAC
 
+PROTOTYPES: DISABLE
+
 ### BEWARE - GENERATED FILE, DO NOT EDIT MANUALLY!
 
 Crypt::Mac::HMAC
-_new(char * hash_name, SV * key)
+new(Class, char * hash_name, SV * key)
     CODE:
     {
         STRLEN k_len=0;
@@ -11,17 +13,20 @@ _new(char * hash_name, SV * key)
         int rv;
         int id;
 
-        id = find_hash(hash_name);
+        id = _find_hash(hash_name);
-        if(id==-1) croak("FATAL: find_hash failed for '%s'", hash_name);
+        if (id == -1) croak("FATAL: find_hash failed for '%s'", hash_name);
 
         if (!SvPOK(key)) croak("FATAL: key must be string/buffer scalar");
         k = (unsigned char *) SvPVbyte(key, k_len);
 
-        Newz(0, RETVAL, 1, struct hmac_struct);
+        Newz(0, RETVAL, 1, hmac_state);
         if (!RETVAL) croak("FATAL: Newz failed");
 
-        rv = hmac_init(&RETVAL->state, id, k, (unsigned long)k_len);
+        rv = hmac_init(RETVAL, id, k, (unsigned long)k_len);
-        if (rv != CRYPT_OK) croak("FATAL: hmac_init failed: %s", error_to_string(rv));
+        if (rv != CRYPT_OK) {
+          Safefree(RETVAL);
+          croak("FATAL: hmac_init failed: %s", error_to_string(rv));
+        }
     }
     OUTPUT:
         RETVAL
@@ -34,101 +39,119 @@ DESTROY(Crypt::Mac::HMAC self)
 Crypt::Mac::HMAC
 clone(Crypt::Mac::HMAC self)
     CODE:
-        Newz(0, RETVAL, 1, struct hmac_struct);
+        Newz(0, RETVAL, 1, hmac_state);
         if (!RETVAL) croak("FATAL: Newz failed");
-        Copy(&self->state, &RETVAL->state, 1, struct hmac_struct);
+        Copy(self, RETVAL, 1, hmac_state);
     OUTPUT:
         RETVAL
 
 void
-_add_single(Crypt::Mac::HMAC self, SV * data)
+add(Crypt::Mac::HMAC self, ...)
-    CODE:
+    PPCODE:
     {
-        int rv;
+        int rv, i;
         STRLEN in_data_len;
         unsigned char *in_data;
 
-        in_data = (unsigned char *)SvPVbyte(data, in_data_len);
+        for(i = 1; i < items; i++) {
-        if (in_data_len>0) {
+          in_data = (unsigned char *)SvPVbyte(ST(i), in_data_len);
-          rv = hmac_process(&self->state, in_data, (unsigned long)in_data_len);
+          if (in_data_len > 0) {
+            rv = hmac_process(self, in_data, (unsigned long)in_data_len);
             if (rv != CRYPT_OK) croak("FATAL: hmac_process failed: %s", error_to_string(rv));
           }
         }
+        XPUSHs(ST(0)); /* return self */
+    }
 
 SV *
 mac(Crypt::Mac::HMAC self)
-    CODE:
+    ALIAS:
-    {
+        hexmac  = 1
-        char mac[MAXBLOCKSIZE];
+        b64mac  = 2
-        unsigned long mac_len;
+        b64umac = 3
-        int rv;
-
-        mac_len = sizeof(mac);
-        rv = hmac_done(&self->state, (unsigned char*)mac, &mac_len);
-        if (rv != CRYPT_OK) croak("FATAL: hmac_done failed: %s", error_to_string(rv));
-        RETVAL = newSVpvn(mac, mac_len);
-    }
-    OUTPUT:
-        RETVAL
-
-SV *
-b64mac(Crypt::Mac::HMAC self)
     CODE:
     {
         unsigned char mac[MAXBLOCKSIZE];
-        unsigned long mac_len;
+        unsigned long maclen, outlen;
         int rv;
-        unsigned long outlen;
+        char out[MAXBLOCKSIZE*2];
-        char mac_base64[MAXBLOCKSIZE*2 + 1];
 
-        mac_len = sizeof(mac);
+        maclen = sizeof(mac);
-        rv = hmac_done(&self->state, mac, &mac_len);
+        rv = hmac_done(self, mac, &maclen);
         if (rv != CRYPT_OK) croak("FATAL: hmac_done failed: %s", error_to_string(rv));
-        outlen = sizeof(mac_base64);
+        outlen = sizeof(out);
-        rv = base64_encode(mac, mac_len, (unsigned char*)mac_base64, &outlen);
+        if (ix == 3) {
-        if (rv != CRYPT_OK) croak("FATAL: base64_encode failed: %s", error_to_string(rv));
+          rv = base64url_encode(mac, maclen, (unsigned char*)out, &outlen);
-        RETVAL = newSVpvn(mac_base64, outlen);
-    }
-    OUTPUT:
-        RETVAL
-
-SV *
-b64umac(Crypt::Mac::HMAC self)
-    CODE:
-    {
-        unsigned char mac[MAXBLOCKSIZE];
-        unsigned long mac_len;
-        int rv;
-        unsigned long outlen;
-        char mac_base64[MAXBLOCKSIZE*2 + 1];
-
-        mac_len = sizeof(mac);
-        rv = hmac_done(&self->state, mac, &mac_len);
-        if (rv != CRYPT_OK) croak("FATAL: hmac_done failed: %s", error_to_string(rv));
-        outlen = sizeof(mac_base64);
-        rv = base64url_encode(mac, mac_len, (unsigned char*)mac_base64, &outlen);
           if (rv != CRYPT_OK) croak("FATAL: base64url_encode failed: %s", error_to_string(rv));
-        RETVAL = newSVpvn(mac_base64, outlen);
+          RETVAL = newSVpvn(out, outlen);
+        }
+        if (ix == 2) {
+          rv = base64_encode(mac, maclen, (unsigned char*)out, &outlen);
+          if (rv != CRYPT_OK) croak("FATAL: base64_encode failed: %s", error_to_string(rv));
+          RETVAL = newSVpvn(out, outlen);
+        }
+        if (ix == 1) {
+          rv = _base16_encode(mac, maclen, (unsigned char *)out, &outlen);
+          if (rv != CRYPT_OK) croak("FATAL: base16_encode failed: %s", error_to_string(rv));
+          RETVAL = newSVpvn(out, outlen);
+        }
+        else {
+          RETVAL = newSVpvn((char * )mac, maclen);
+        }
     }
     OUTPUT:
         RETVAL
 
 SV *
-hexmac(Crypt::Mac::HMAC self)
+hmac(char * hash_name, SV * key, ...)
+    ALIAS:
+        hmac_hex  = 1
+        hmac_b64  = 2
+        hmac_b64u = 3
     CODE:
     {
+        STRLEN inlen, klen;
+        unsigned char *in;
+        unsigned char *k = (unsigned char *)SvPVbyte(key, klen);
+        int rv, i;
         unsigned char mac[MAXBLOCKSIZE];
-        unsigned long mac_len, i;
+        unsigned long len = sizeof(mac), outlen;
-        int rv;
+        char out[MAXBLOCKSIZE*2];
-        char mac_hex[MAXBLOCKSIZE*2 + 1];
+        hmac_state st;
 
-        mac_len = sizeof(mac);
+        int id = _find_hash(hash_name);
-        rv = hmac_done(&self->state, mac, &mac_len);
+        if (id == -1) croak("FATAL: find_digest failed for '%s'", hash_name);
+        rv = hmac_init(&st, id, k, (unsigned long)klen);
+        if (rv != CRYPT_OK) croak("FATAL: hmac_init failed: %s", error_to_string(rv));
+        for (i = 2; i < items; i++) {
+          in = (unsigned char *)SvPVbyte(ST(i), inlen);
+          if (inlen > 0) {
+            rv = hmac_process(&st, in, (unsigned long)inlen);
+            if (rv != CRYPT_OK) croak("FATAL: hmac_process failed: %s", error_to_string(rv));
+          }
+        }
+        rv = hmac_done(&st, mac, &len);
         if (rv != CRYPT_OK) croak("FATAL: hmac_done failed: %s", error_to_string(rv));
-        mac_hex[0] = '\0';
+
-        for(i=0; i<mac_len; i++)
+        outlen = sizeof(out);
-            sprintf(&mac_hex[2*i], "%02x", mac[i]);
+        if (ix == 3) {
-        RETVAL = newSVpvn(mac_hex, strlen(mac_hex));
+          rv = base64url_encode(mac, len, (unsigned char *)out, &outlen);
+          if (rv != CRYPT_OK) croak("FATAL: base64url_encode failed: %s", error_to_string(rv));
+          RETVAL = newSVpvn((char *) out, outlen);
+        }
+        else if (ix == 2) {
+          rv = base64_encode(mac, len, (unsigned char *)out, &outlen);
+          if (rv != CRYPT_OK) croak("FATAL: base64_encode failed: %s", error_to_string(rv));
+          RETVAL = newSVpvn((char *) out, outlen);
+        }
+        else if (ix == 1) {
+          rv = _base16_encode(mac, len, (unsigned char *)out, &outlen);
+          if (rv != CRYPT_OK) croak("FATAL: base16_encode failed: %s", error_to_string(rv));
+          RETVAL = newSVpvn((char *) out, outlen);
+        }
+        else {
+          RETVAL = newSVpvn((char *) mac, len);
+        }
     }
     OUTPUT:
         RETVAL

inc/CryptX_Mac_OMAC.xs.inc

@@ -1,9 +1,11 @@
 MODULE = CryptX         PACKAGE = Crypt::Mac::OMAC
 
+PROTOTYPES: DISABLE
+
 ### BEWARE - GENERATED FILE, DO NOT EDIT MANUALLY!
 
 Crypt::Mac::OMAC
-_new(char * cipher_name, SV * key)
+new(Class, char * cipher_name, SV * key)
     CODE:
     {
         STRLEN k_len=0;
@@ -11,17 +13,20 @@ _new(char * cipher_name, SV * key)
         int rv;
         int id;
 
-        id = find_cipher(cipher_name);
+        id = _find_cipher(cipher_name);
-        if(id==-1) croak("FATAL: find_cipfer failed for '%s'", cipher_name);
+        if (id == -1) croak("FATAL: find_cipfer failed for '%s'", cipher_name);
 
         if (!SvPOK(key)) croak("FATAL: key must be string/buffer scalar");
         k = (unsigned char *) SvPVbyte(key, k_len);
 
-        Newz(0, RETVAL, 1, struct omac_struct);
+        Newz(0, RETVAL, 1, omac_state);
         if (!RETVAL) croak("FATAL: Newz failed");
 
-        rv = omac_init(&RETVAL->state, id, k, (unsigned long)k_len);
+        rv = omac_init(RETVAL, id, k, (unsigned long)k_len);
-        if (rv != CRYPT_OK) croak("FATAL: omac_init failed: %s", error_to_string(rv));
+        if (rv != CRYPT_OK) {
+          Safefree(RETVAL);
+          croak("FATAL: omac_init failed: %s", error_to_string(rv));
+        }
     }
     OUTPUT:
         RETVAL
@@ -34,101 +39,119 @@ DESTROY(Crypt::Mac::OMAC self)
 Crypt::Mac::OMAC
 clone(Crypt::Mac::OMAC self)
     CODE:
-        Newz(0, RETVAL, 1, struct omac_struct);
+        Newz(0, RETVAL, 1, omac_state);
         if (!RETVAL) croak("FATAL: Newz failed");
-        Copy(&self->state, &RETVAL->state, 1, struct omac_struct);
+        Copy(self, RETVAL, 1, omac_state);
     OUTPUT:
         RETVAL
 
 void
-_add_single(Crypt::Mac::OMAC self, SV * data)
+add(Crypt::Mac::OMAC self, ...)
-    CODE:
+    PPCODE:
     {
-        int rv;
+        int rv, i;
         STRLEN in_data_len;
         unsigned char *in_data;
 
-        in_data = (unsigned char *)SvPVbyte(data, in_data_len);
+        for(i = 1; i < items; i++) {
-        if (in_data_len>0) {
+          in_data = (unsigned char *)SvPVbyte(ST(i), in_data_len);
-          rv = omac_process(&self->state, in_data, (unsigned long)in_data_len);
+          if (in_data_len > 0) {
+            rv = omac_process(self, in_data, (unsigned long)in_data_len);
             if (rv != CRYPT_OK) croak("FATAL: omac_process failed: %s", error_to_string(rv));
           }
         }
+        XPUSHs(ST(0)); /* return self */
+    }
 
 SV *
 mac(Crypt::Mac::OMAC self)
-    CODE:
+    ALIAS:
-    {
+        hexmac  = 1
-        char mac[MAXBLOCKSIZE];
+        b64mac  = 2
-        unsigned long mac_len;
+        b64umac = 3
-        int rv;
-
-        mac_len = sizeof(mac);
-        rv = omac_done(&self->state, (unsigned char*)mac, &mac_len);
-        if (rv != CRYPT_OK) croak("FATAL: omac_done failed: %s", error_to_string(rv));
-        RETVAL = newSVpvn(mac, mac_len);
-    }
-    OUTPUT:
-        RETVAL
-
-SV *
-b64mac(Crypt::Mac::OMAC self)
     CODE:
     {
         unsigned char mac[MAXBLOCKSIZE];
-        unsigned long mac_len;
+        unsigned long maclen, outlen;
         int rv;
-        unsigned long outlen;
+        char out[MAXBLOCKSIZE*2];
-        char mac_base64[MAXBLOCKSIZE*2 + 1];
 
-        mac_len = sizeof(mac);
+        maclen = sizeof(mac);
-        rv = omac_done(&self->state, mac, &mac_len);
+        rv = omac_done(self, mac, &maclen);
         if (rv != CRYPT_OK) croak("FATAL: omac_done failed: %s", error_to_string(rv));
-        outlen = sizeof(mac_base64);
+        outlen = sizeof(out);
-        rv = base64_encode(mac, mac_len, (unsigned char*)mac_base64, &outlen);
+        if (ix == 3) {
-        if (rv != CRYPT_OK) croak("FATAL: base64_encode failed: %s", error_to_string(rv));
+          rv = base64url_encode(mac, maclen, (unsigned char*)out, &outlen);
-        RETVAL = newSVpvn(mac_base64, outlen);
-    }
-    OUTPUT:
-        RETVAL
-
-SV *
-b64umac(Crypt::Mac::OMAC self)
-    CODE:
-    {
-        unsigned char mac[MAXBLOCKSIZE];
-        unsigned long mac_len;
-        int rv;
-        unsigned long outlen;
-        char mac_base64[MAXBLOCKSIZE*2 + 1];
-
-        mac_len = sizeof(mac);
-        rv = omac_done(&self->state, mac, &mac_len);
-        if (rv != CRYPT_OK) croak("FATAL: omac_done failed: %s", error_to_string(rv));
-        outlen = sizeof(mac_base64);
-        rv = base64url_encode(mac, mac_len, (unsigned char*)mac_base64, &outlen);
           if (rv != CRYPT_OK) croak("FATAL: base64url_encode failed: %s", error_to_string(rv));
-        RETVAL = newSVpvn(mac_base64, outlen);
+          RETVAL = newSVpvn(out, outlen);
+        }
+        if (ix == 2) {
+          rv = base64_encode(mac, maclen, (unsigned char*)out, &outlen);
+          if (rv != CRYPT_OK) croak("FATAL: base64_encode failed: %s", error_to_string(rv));
+          RETVAL = newSVpvn(out, outlen);
+        }
+        if (ix == 1) {
+          rv = _base16_encode(mac, maclen, (unsigned char *)out, &outlen);
+          if (rv != CRYPT_OK) croak("FATAL: base16_encode failed: %s", error_to_string(rv));
+          RETVAL = newSVpvn(out, outlen);
+        }
+        else {
+          RETVAL = newSVpvn((char * )mac, maclen);
+        }
     }
     OUTPUT:
         RETVAL
 
 SV *
-hexmac(Crypt::Mac::OMAC self)
+omac(char * cipher_name, SV * key, ...)
+    ALIAS:
+        omac_hex  = 1
+        omac_b64  = 2
+        omac_b64u = 3
     CODE:
     {
+        STRLEN inlen, klen;
+        unsigned char *in;
+        unsigned char *k = (unsigned char *)SvPVbyte(key, klen);
+        int rv, i;
         unsigned char mac[MAXBLOCKSIZE];
-        unsigned long mac_len, i;
+        unsigned long len = sizeof(mac), outlen;
-        int rv;
+        char out[MAXBLOCKSIZE*2];
-        char mac_hex[MAXBLOCKSIZE*2 + 1];
+        omac_state st;
 
-        mac_len = sizeof(mac);
+        int id = _find_cipher(cipher_name);
-        rv = omac_done(&self->state, mac, &mac_len);
+        if (id == -1) croak("FATAL: find_cipher failed for '%s'", cipher_name);
+        rv = omac_init(&st, id, k, (unsigned long)klen);
+        if (rv != CRYPT_OK) croak("FATAL: omac_init failed: %s", error_to_string(rv));
+        for (i = 2; i < items; i++) {
+          in = (unsigned char *)SvPVbyte(ST(i), inlen);
+          if (inlen > 0) {
+            rv = omac_process(&st, in, (unsigned long)inlen);
+            if (rv != CRYPT_OK) croak("FATAL: omac_process failed: %s", error_to_string(rv));
+          }
+        }
+        rv = omac_done(&st, mac, &len);
         if (rv != CRYPT_OK) croak("FATAL: omac_done failed: %s", error_to_string(rv));
-        mac_hex[0] = '\0';
+
-        for(i=0; i<mac_len; i++)
+        outlen = sizeof(out);
-            sprintf(&mac_hex[2*i], "%02x", mac[i]);
+        if (ix == 3) {
-        RETVAL = newSVpvn(mac_hex, strlen(mac_hex));
+          rv = base64url_encode(mac, len, (unsigned char *)out, &outlen);
+          if (rv != CRYPT_OK) croak("FATAL: base64url_encode failed: %s", error_to_string(rv));
+          RETVAL = newSVpvn((char *) out, outlen);
+        }
+        else if (ix == 2) {
+          rv = base64_encode(mac, len, (unsigned char *)out, &outlen);
+          if (rv != CRYPT_OK) croak("FATAL: base64_encode failed: %s", error_to_string(rv));
+          RETVAL = newSVpvn((char *) out, outlen);
+        }
+        else if (ix == 1) {
+          rv = _base16_encode(mac, len, (unsigned char *)out, &outlen);
+          if (rv != CRYPT_OK) croak("FATAL: base16_encode failed: %s", error_to_string(rv));
+          RETVAL = newSVpvn((char *) out, outlen);
+        }
+        else {
+          RETVAL = newSVpvn((char *) mac, len);
+        }
     }
     OUTPUT:
         RETVAL

inc/CryptX_Mac_PMAC.xs.inc

@@ -1,9 +1,11 @@
 MODULE = CryptX         PACKAGE = Crypt::Mac::PMAC
 
+PROTOTYPES: DISABLE
+
 ### BEWARE - GENERATED FILE, DO NOT EDIT MANUALLY!
 
 Crypt::Mac::PMAC
-_new(char * cipher_name, SV * key)
+new(Class, char * cipher_name, SV * key)
     CODE:
     {
         STRLEN k_len=0;
@@ -11,17 +13,20 @@ _new(char * cipher_name, SV * key)
         int rv;
         int id;
 
-        id = find_cipher(cipher_name);
+        id = _find_cipher(cipher_name);
-        if(id==-1) croak("FATAL: find_cipfer failed for '%s'", cipher_name);
+        if (id == -1) croak("FATAL: find_cipfer failed for '%s'", cipher_name);
 
         if (!SvPOK(key)) croak("FATAL: key must be string/buffer scalar");
         k = (unsigned char *) SvPVbyte(key, k_len);
 
-        Newz(0, RETVAL, 1, struct pmac_struct);
+        Newz(0, RETVAL, 1, pmac_state);
         if (!RETVAL) croak("FATAL: Newz failed");
 
-        rv = pmac_init(&RETVAL->state, id, k, (unsigned long)k_len);
+        rv = pmac_init(RETVAL, id, k, (unsigned long)k_len);
-        if (rv != CRYPT_OK) croak("FATAL: pmac_init failed: %s", error_to_string(rv));
+        if (rv != CRYPT_OK) {
+          Safefree(RETVAL);
+          croak("FATAL: pmac_init failed: %s", error_to_string(rv));
+        }
     }
     OUTPUT:
         RETVAL
@@ -34,101 +39,119 @@ DESTROY(Crypt::Mac::PMAC self)
 Crypt::Mac::PMAC
 clone(Crypt::Mac::PMAC self)
     CODE:
-        Newz(0, RETVAL, 1, struct pmac_struct);
+        Newz(0, RETVAL, 1, pmac_state);
         if (!RETVAL) croak("FATAL: Newz failed");
-        Copy(&self->state, &RETVAL->state, 1, struct pmac_struct);
+        Copy(self, RETVAL, 1, pmac_state);
     OUTPUT:
         RETVAL
 
 void
-_add_single(Crypt::Mac::PMAC self, SV * data)
+add(Crypt::Mac::PMAC self, ...)
-    CODE:
+    PPCODE:
     {
-        int rv;
+        int rv, i;
         STRLEN in_data_len;
         unsigned char *in_data;
 
-        in_data = (unsigned char *)SvPVbyte(data, in_data_len);
+        for(i = 1; i < items; i++) {
-        if (in_data_len>0) {
+          in_data = (unsigned char *)SvPVbyte(ST(i), in_data_len);
-          rv = pmac_process(&self->state, in_data, (unsigned long)in_data_len);
+          if (in_data_len > 0) {
+            rv = pmac_process(self, in_data, (unsigned long)in_data_len);
             if (rv != CRYPT_OK) croak("FATAL: pmac_process failed: %s", error_to_string(rv));
           }
         }
+        XPUSHs(ST(0)); /* return self */
+    }
 
 SV *
 mac(Crypt::Mac::PMAC self)
-    CODE:
+    ALIAS:
-    {
+        hexmac  = 1
-        char mac[MAXBLOCKSIZE];
+        b64mac  = 2
-        unsigned long mac_len;
+        b64umac = 3
-        int rv;
-
-        mac_len = sizeof(mac);
-        rv = pmac_done(&self->state, (unsigned char*)mac, &mac_len);
-        if (rv != CRYPT_OK) croak("FATAL: pmac_done failed: %s", error_to_string(rv));
-        RETVAL = newSVpvn(mac, mac_len);
-    }
-    OUTPUT:
-        RETVAL
-
-SV *
-b64mac(Crypt::Mac::PMAC self)
     CODE:
     {
         unsigned char mac[MAXBLOCKSIZE];
-        unsigned long mac_len;
+        unsigned long maclen, outlen;
         int rv;
-        unsigned long outlen;
+        char out[MAXBLOCKSIZE*2];
-        char mac_base64[MAXBLOCKSIZE*2 + 1];
 
-        mac_len = sizeof(mac);
+        maclen = sizeof(mac);
-        rv = pmac_done(&self->state, mac, &mac_len);
+        rv = pmac_done(self, mac, &maclen);
         if (rv != CRYPT_OK) croak("FATAL: pmac_done failed: %s", error_to_string(rv));
-        outlen = sizeof(mac_base64);
+        outlen = sizeof(out);
-        rv = base64_encode(mac, mac_len, (unsigned char*)mac_base64, &outlen);
+        if (ix == 3) {
-        if (rv != CRYPT_OK) croak("FATAL: base64_encode failed: %s", error_to_string(rv));
+          rv = base64url_encode(mac, maclen, (unsigned char*)out, &outlen);
-        RETVAL = newSVpvn(mac_base64, outlen);
-    }
-    OUTPUT:
-        RETVAL
-
-SV *
-b64umac(Crypt::Mac::PMAC self)
-    CODE:
-    {
-        unsigned char mac[MAXBLOCKSIZE];
-        unsigned long mac_len;
-        int rv;
-        unsigned long outlen;
-        char mac_base64[MAXBLOCKSIZE*2 + 1];
-
-        mac_len = sizeof(mac);
-        rv = pmac_done(&self->state, mac, &mac_len);
-        if (rv != CRYPT_OK) croak("FATAL: pmac_done failed: %s", error_to_string(rv));
-        outlen = sizeof(mac_base64);
-        rv = base64url_encode(mac, mac_len, (unsigned char*)mac_base64, &outlen);
           if (rv != CRYPT_OK) croak("FATAL: base64url_encode failed: %s", error_to_string(rv));
-        RETVAL = newSVpvn(mac_base64, outlen);
+          RETVAL = newSVpvn(out, outlen);
+        }
+        if (ix == 2) {
+          rv = base64_encode(mac, maclen, (unsigned char*)out, &outlen);
+          if (rv != CRYPT_OK) croak("FATAL: base64_encode failed: %s", error_to_string(rv));
+          RETVAL = newSVpvn(out, outlen);
+        }
+        if (ix == 1) {
+          rv = _base16_encode(mac, maclen, (unsigned char *)out, &outlen);
+          if (rv != CRYPT_OK) croak("FATAL: base16_encode failed: %s", error_to_string(rv));
+          RETVAL = newSVpvn(out, outlen);
+        }
+        else {
+          RETVAL = newSVpvn((char * )mac, maclen);
+        }
     }
     OUTPUT:
         RETVAL
 
 SV *
-hexmac(Crypt::Mac::PMAC self)
+pmac(char * cipher_name, SV * key, ...)
+    ALIAS:
+        pmac_hex  = 1
+        pmac_b64  = 2
+        pmac_b64u = 3
     CODE:
     {
+        STRLEN inlen, klen;
+        unsigned char *in;
+        unsigned char *k = (unsigned char *)SvPVbyte(key, klen);
+        int rv, i;
         unsigned char mac[MAXBLOCKSIZE];
-        unsigned long mac_len, i;
+        unsigned long len = sizeof(mac), outlen;
-        int rv;
+        char out[MAXBLOCKSIZE*2];
-        char mac_hex[MAXBLOCKSIZE*2 + 1];
+        pmac_state st;
 
-        mac_len = sizeof(mac);
+        int id = _find_cipher(cipher_name);
-        rv = pmac_done(&self->state, mac, &mac_len);
+        if (id == -1) croak("FATAL: find_cipher failed for '%s'", cipher_name);
+        rv = pmac_init(&st, id, k, (unsigned long)klen);
+        if (rv != CRYPT_OK) croak("FATAL: pmac_init failed: %s", error_to_string(rv));
+        for (i = 2; i < items; i++) {
+          in = (unsigned char *)SvPVbyte(ST(i), inlen);
+          if (inlen > 0) {
+            rv = pmac_process(&st, in, (unsigned long)inlen);
+            if (rv != CRYPT_OK) croak("FATAL: pmac_process failed: %s", error_to_string(rv));
+          }
+        }
+        rv = pmac_done(&st, mac, &len);
         if (rv != CRYPT_OK) croak("FATAL: pmac_done failed: %s", error_to_string(rv));
-        mac_hex[0] = '\0';
+
-        for(i=0; i<mac_len; i++)
+        outlen = sizeof(out);
-            sprintf(&mac_hex[2*i], "%02x", mac[i]);
+        if (ix == 3) {
-        RETVAL = newSVpvn(mac_hex, strlen(mac_hex));
+          rv = base64url_encode(mac, len, (unsigned char *)out, &outlen);
+          if (rv != CRYPT_OK) croak("FATAL: base64url_encode failed: %s", error_to_string(rv));
+          RETVAL = newSVpvn((char *) out, outlen);
+        }
+        else if (ix == 2) {
+          rv = base64_encode(mac, len, (unsigned char *)out, &outlen);
+          if (rv != CRYPT_OK) croak("FATAL: base64_encode failed: %s", error_to_string(rv));
+          RETVAL = newSVpvn((char *) out, outlen);
+        }
+        else if (ix == 1) {
+          rv = _base16_encode(mac, len, (unsigned char *)out, &outlen);
+          if (rv != CRYPT_OK) croak("FATAL: base16_encode failed: %s", error_to_string(rv));
+          RETVAL = newSVpvn((char *) out, outlen);
+        }
+        else {
+          RETVAL = newSVpvn((char *) mac, len);
+        }
     }
     OUTPUT:
         RETVAL

inc/CryptX_Mac_Pelican.xs.inc

@@ -1,9 +1,11 @@
 MODULE = CryptX         PACKAGE = Crypt::Mac::Pelican
 
+PROTOTYPES: DISABLE
+
 ### BEWARE - GENERATED FILE, DO NOT EDIT MANUALLY!
 
 Crypt::Mac::Pelican
-_new(SV * key)
+new(Class, SV * key)
     CODE:
     {
         STRLEN k_len=0;
@@ -13,11 +15,14 @@ _new(SV * key)
         if (!SvPOK(key)) croak("FATAL: key must be string/buffer scalar");
         k = (unsigned char *) SvPVbyte(key, k_len);
 
-        Newz(0, RETVAL, 1, struct pelican_struct);
+        Newz(0, RETVAL, 1, pelican_state);
         if (!RETVAL) croak("FATAL: Newz failed");
 
-        rv = pelican_init(&RETVAL->state, k, (unsigned long)k_len);
+        rv = pelican_init(RETVAL, k, (unsigned long)k_len);
-        if (rv != CRYPT_OK) croak("FATAL: pelican_init failed: %s", error_to_string(rv));
+        if (rv != CRYPT_OK) {
+          Safefree(RETVAL);
+          croak("FATAL: pelican_init failed: %s", error_to_string(rv));
+        }
     }
     OUTPUT:
         RETVAL
@@ -30,101 +35,118 @@ DESTROY(Crypt::Mac::Pelican self)
 Crypt::Mac::Pelican
 clone(Crypt::Mac::Pelican self)
     CODE:
-        Newz(0, RETVAL, 1, struct pelican_struct);
+        Newz(0, RETVAL, 1, pelican_state);
         if (!RETVAL) croak("FATAL: Newz failed");
-        Copy(&self->state, &RETVAL->state, 1, struct pelican_struct);
+        Copy(self, RETVAL, 1, pelican_state);
     OUTPUT:
         RETVAL
 
 void
-_add_single(Crypt::Mac::Pelican self, SV * data)
+add(Crypt::Mac::Pelican self, ...)
-    CODE:
+    PPCODE:
     {
-        int rv;
+        int rv, i;
         STRLEN in_data_len;
         unsigned char *in_data;
 
-        in_data = (unsigned char *)SvPVbyte(data, in_data_len);
+        for(i = 1; i < items; i++) {
-        if (in_data_len>0) {
+          in_data = (unsigned char *)SvPVbyte(ST(i), in_data_len);
-          rv = pelican_process(&self->state, in_data, (unsigned long)in_data_len);
+          if (in_data_len > 0) {
+            rv = pelican_process(self, in_data, (unsigned long)in_data_len);
             if (rv != CRYPT_OK) croak("FATAL: pelican_process failed: %s", error_to_string(rv));
           }
         }
+        XPUSHs(ST(0)); /* return self */
+    }
 
 SV *
 mac(Crypt::Mac::Pelican self)
-    CODE:
+    ALIAS:
-    {
+        hexmac  = 1
-        char mac[MAXBLOCKSIZE];
+        b64mac  = 2
-        unsigned long mac_len;
+        b64umac = 3
-        int rv;
-
-        mac_len = 16;
-        rv = pelican_done(&self->state, (unsigned char*)mac);
-        if (rv != CRYPT_OK) croak("FATAL: pelican_done failed: %s", error_to_string(rv));
-        RETVAL = newSVpvn(mac, mac_len);
-    }
-    OUTPUT:
-        RETVAL
-
-SV *
-b64mac(Crypt::Mac::Pelican self)
     CODE:
     {
         unsigned char mac[MAXBLOCKSIZE];
-        unsigned long mac_len;
+        unsigned long maclen, outlen;
         int rv;
-        unsigned long outlen;
+        char out[MAXBLOCKSIZE*2];
-        char mac_base64[MAXBLOCKSIZE*2 + 1];
 
-        mac_len = 16;
+        maclen = 16;
-        rv = pelican_done(&self->state, mac);
+        rv = pelican_done(self, mac);
         if (rv != CRYPT_OK) croak("FATAL: pelican_done failed: %s", error_to_string(rv));
-        outlen = sizeof(mac_base64);
+        outlen = sizeof(out);
-        rv = base64_encode(mac, mac_len, (unsigned char*)mac_base64, &outlen);
+        if (ix == 3) {
-        if (rv != CRYPT_OK) croak("FATAL: base64_encode failed: %s", error_to_string(rv));
+          rv = base64url_encode(mac, maclen, (unsigned char*)out, &outlen);
-        RETVAL = newSVpvn(mac_base64, outlen);
-    }
-    OUTPUT:
-        RETVAL
-
-SV *
-b64umac(Crypt::Mac::Pelican self)
-    CODE:
-    {
-        unsigned char mac[MAXBLOCKSIZE];
-        unsigned long mac_len;
-        int rv;
-        unsigned long outlen;
-        char mac_base64[MAXBLOCKSIZE*2 + 1];
-
-        mac_len = 16;
-        rv = pelican_done(&self->state, mac);
-        if (rv != CRYPT_OK) croak("FATAL: pelican_done failed: %s", error_to_string(rv));
-        outlen = sizeof(mac_base64);
-        rv = base64url_encode(mac, mac_len, (unsigned char*)mac_base64, &outlen);
           if (rv != CRYPT_OK) croak("FATAL: base64url_encode failed: %s", error_to_string(rv));
-        RETVAL = newSVpvn(mac_base64, outlen);
+          RETVAL = newSVpvn(out, outlen);
+        }
+        if (ix == 2) {
+          rv = base64_encode(mac, maclen, (unsigned char*)out, &outlen);
+          if (rv != CRYPT_OK) croak("FATAL: base64_encode failed: %s", error_to_string(rv));
+          RETVAL = newSVpvn(out, outlen);
+        }
+        if (ix == 1) {
+          rv = _base16_encode(mac, maclen, (unsigned char *)out, &outlen);
+          if (rv != CRYPT_OK) croak("FATAL: base16_encode failed: %s", error_to_string(rv));
+          RETVAL = newSVpvn(out, outlen);
+        }
+        else {
+          RETVAL = newSVpvn((char * )mac, maclen);
+        }
     }
     OUTPUT:
         RETVAL
 
 SV *
-hexmac(Crypt::Mac::Pelican self)
+pelican(SV * key, ...)
+    ALIAS:
+        pelican_hex  = 1
+        pelican_b64  = 2
+        pelican_b64u = 3
     CODE:
     {
+        STRLEN inlen, klen;
+        unsigned char *in;
+        unsigned char *k = (unsigned char *)SvPVbyte(key, klen);
+        int rv, i;
         unsigned char mac[MAXBLOCKSIZE];
-        unsigned long mac_len, i;
+        unsigned long len = sizeof(mac), outlen;
-        int rv;
+        char out[MAXBLOCKSIZE*2];
-        char mac_hex[MAXBLOCKSIZE*2 + 1];
+        pelican_state st;
 
-        mac_len = 16;
+        len = 16;
-        rv = pelican_done(&self->state, mac);
+        rv = pelican_init(&st, k, (unsigned long)klen);
+        if (rv != CRYPT_OK) croak("FATAL: pelican_init failed: %s", error_to_string(rv));
+        for (i = 1; i < items; i++) {
+          in = (unsigned char *)SvPVbyte(ST(i), inlen);
+          if (inlen > 0) {
+            rv = pelican_process(&st, in, (unsigned long)inlen);
+            if (rv != CRYPT_OK) croak("FATAL: pelican_process failed: %s", error_to_string(rv));
+          }
+        }
+        rv = pelican_done(&st, mac);
         if (rv != CRYPT_OK) croak("FATAL: pelican_done failed: %s", error_to_string(rv));
-        mac_hex[0] = '\0';
+
-        for(i=0; i<mac_len; i++)
+        outlen = sizeof(out);
-            sprintf(&mac_hex[2*i], "%02x", mac[i]);
+        if (ix == 3) {
-        RETVAL = newSVpvn(mac_hex, strlen(mac_hex));
+          rv = base64url_encode(mac, len, (unsigned char *)out, &outlen);
+          if (rv != CRYPT_OK) croak("FATAL: base64url_encode failed: %s", error_to_string(rv));
+          RETVAL = newSVpvn((char *) out, outlen);
+        }
+        else if (ix == 2) {
+          rv = base64_encode(mac, len, (unsigned char *)out, &outlen);
+          if (rv != CRYPT_OK) croak("FATAL: base64_encode failed: %s", error_to_string(rv));
+          RETVAL = newSVpvn((char *) out, outlen);
+        }
+        else if (ix == 1) {
+          rv = _base16_encode(mac, len, (unsigned char *)out, &outlen);
+          if (rv != CRYPT_OK) croak("FATAL: base16_encode failed: %s", error_to_string(rv));
+          RETVAL = newSVpvn((char *) out, outlen);
+        }
+        else {
+          RETVAL = newSVpvn((char *) mac, len);
+        }
     }
     OUTPUT:
         RETVAL

inc/CryptX_Mac_Poly1305.xs.inc

@@ -1,9 +1,11 @@
 MODULE = CryptX         PACKAGE = Crypt::Mac::Poly1305
 
+PROTOTYPES: DISABLE
+
 ### BEWARE - GENERATED FILE, DO NOT EDIT MANUALLY!
 
 Crypt::Mac::Poly1305
-_new(SV * key)
+new(Class, SV * key)
     CODE:
     {
         STRLEN k_len=0;
@@ -13,11 +15,14 @@ _new(SV * key)
         if (!SvPOK(key)) croak("FATAL: key must be string/buffer scalar");
         k = (unsigned char *) SvPVbyte(key, k_len);
 
-        Newz(0, RETVAL, 1, struct poly1305_struct);
+        Newz(0, RETVAL, 1, poly1305_state);
         if (!RETVAL) croak("FATAL: Newz failed");
 
-        rv = poly1305_init(&RETVAL->state, k, (unsigned long)k_len);
+        rv = poly1305_init(RETVAL, k, (unsigned long)k_len);
-        if (rv != CRYPT_OK) croak("FATAL: poly1305_init failed: %s", error_to_string(rv));
+        if (rv != CRYPT_OK) {
+          Safefree(RETVAL);
+          croak("FATAL: poly1305_init failed: %s", error_to_string(rv));
+        }
     }
     OUTPUT:
         RETVAL
@@ -30,101 +35,117 @@ DESTROY(Crypt::Mac::Poly1305 self)
 Crypt::Mac::Poly1305
 clone(Crypt::Mac::Poly1305 self)
     CODE:
-        Newz(0, RETVAL, 1, struct poly1305_struct);
+        Newz(0, RETVAL, 1, poly1305_state);
         if (!RETVAL) croak("FATAL: Newz failed");
-        Copy(&self->state, &RETVAL->state, 1, struct poly1305_struct);
+        Copy(self, RETVAL, 1, poly1305_state);
     OUTPUT:
         RETVAL
 
 void
-_add_single(Crypt::Mac::Poly1305 self, SV * data)
+add(Crypt::Mac::Poly1305 self, ...)
-    CODE:
+    PPCODE:
     {
-        int rv;
+        int rv, i;
         STRLEN in_data_len;
         unsigned char *in_data;
 
-        in_data = (unsigned char *)SvPVbyte(data, in_data_len);
+        for(i = 1; i < items; i++) {
-        if (in_data_len>0) {
+          in_data = (unsigned char *)SvPVbyte(ST(i), in_data_len);
-          rv = poly1305_process(&self->state, in_data, (unsigned long)in_data_len);
+          if (in_data_len > 0) {
+            rv = poly1305_process(self, in_data, (unsigned long)in_data_len);
             if (rv != CRYPT_OK) croak("FATAL: poly1305_process failed: %s", error_to_string(rv));
           }
         }
+        XPUSHs(ST(0)); /* return self */
+    }
 
 SV *
 mac(Crypt::Mac::Poly1305 self)
-    CODE:
+    ALIAS:
-    {
+        hexmac  = 1
-        char mac[MAXBLOCKSIZE];
+        b64mac  = 2
-        unsigned long mac_len;
+        b64umac = 3
-        int rv;
-
-        mac_len = sizeof(mac);
-        rv = poly1305_done(&self->state, (unsigned char*)mac, &mac_len);
-        if (rv != CRYPT_OK) croak("FATAL: poly1305_done failed: %s", error_to_string(rv));
-        RETVAL = newSVpvn(mac, mac_len);
-    }
-    OUTPUT:
-        RETVAL
-
-SV *
-b64mac(Crypt::Mac::Poly1305 self)
     CODE:
     {
         unsigned char mac[MAXBLOCKSIZE];
-        unsigned long mac_len;
+        unsigned long maclen, outlen;
         int rv;
-        unsigned long outlen;
+        char out[MAXBLOCKSIZE*2];
-        char mac_base64[MAXBLOCKSIZE*2 + 1];
 
-        mac_len = sizeof(mac);
+        maclen = sizeof(mac);
-        rv = poly1305_done(&self->state, mac, &mac_len);
+        rv = poly1305_done(self, mac, &maclen);
         if (rv != CRYPT_OK) croak("FATAL: poly1305_done failed: %s", error_to_string(rv));
-        outlen = sizeof(mac_base64);
+        outlen = sizeof(out);
-        rv = base64_encode(mac, mac_len, (unsigned char*)mac_base64, &outlen);
+        if (ix == 3) {
-        if (rv != CRYPT_OK) croak("FATAL: base64_encode failed: %s", error_to_string(rv));
+          rv = base64url_encode(mac, maclen, (unsigned char*)out, &outlen);
-        RETVAL = newSVpvn(mac_base64, outlen);
-    }
-    OUTPUT:
-        RETVAL
-
-SV *
-b64umac(Crypt::Mac::Poly1305 self)
-    CODE:
-    {
-        unsigned char mac[MAXBLOCKSIZE];
-        unsigned long mac_len;
-        int rv;
-        unsigned long outlen;
-        char mac_base64[MAXBLOCKSIZE*2 + 1];
-
-        mac_len = sizeof(mac);
-        rv = poly1305_done(&self->state, mac, &mac_len);
-        if (rv != CRYPT_OK) croak("FATAL: poly1305_done failed: %s", error_to_string(rv));
-        outlen = sizeof(mac_base64);
-        rv = base64url_encode(mac, mac_len, (unsigned char*)mac_base64, &outlen);
           if (rv != CRYPT_OK) croak("FATAL: base64url_encode failed: %s", error_to_string(rv));
-        RETVAL = newSVpvn(mac_base64, outlen);
+          RETVAL = newSVpvn(out, outlen);
+        }
+        if (ix == 2) {
+          rv = base64_encode(mac, maclen, (unsigned char*)out, &outlen);
+          if (rv != CRYPT_OK) croak("FATAL: base64_encode failed: %s", error_to_string(rv));
+          RETVAL = newSVpvn(out, outlen);
+        }
+        if (ix == 1) {
+          rv = _base16_encode(mac, maclen, (unsigned char *)out, &outlen);
+          if (rv != CRYPT_OK) croak("FATAL: base16_encode failed: %s", error_to_string(rv));
+          RETVAL = newSVpvn(out, outlen);
+        }
+        else {
+          RETVAL = newSVpvn((char * )mac, maclen);
+        }
     }
     OUTPUT:
         RETVAL
 
 SV *
-hexmac(Crypt::Mac::Poly1305 self)
+poly1305(SV * key, ...)
+    ALIAS:
+        poly1305_hex  = 1
+        poly1305_b64  = 2
+        poly1305_b64u = 3
     CODE:
     {
+        STRLEN inlen, klen;
+        unsigned char *in;
+        unsigned char *k = (unsigned char *)SvPVbyte(key, klen);
+        int rv, i;
         unsigned char mac[MAXBLOCKSIZE];
-        unsigned long mac_len, i;
+        unsigned long len = sizeof(mac), outlen;
-        int rv;
+        char out[MAXBLOCKSIZE*2];
-        char mac_hex[MAXBLOCKSIZE*2 + 1];
+        poly1305_state st;
 
-        mac_len = sizeof(mac);
+        rv = poly1305_init(&st, k, (unsigned long)klen);
-        rv = poly1305_done(&self->state, mac, &mac_len);
+        if (rv != CRYPT_OK) croak("FATAL: poly1305_init failed: %s", error_to_string(rv));
+        for (i = 1; i < items; i++) {
+          in = (unsigned char *)SvPVbyte(ST(i), inlen);
+          if (inlen > 0) {
+            rv = poly1305_process(&st, in, (unsigned long)inlen);
+            if (rv != CRYPT_OK) croak("FATAL: poly1305_process failed: %s", error_to_string(rv));
+          }
+        }
+        rv = poly1305_done(&st, mac, &len);
         if (rv != CRYPT_OK) croak("FATAL: poly1305_done failed: %s", error_to_string(rv));
-        mac_hex[0] = '\0';
+
-        for(i=0; i<mac_len; i++)
+        outlen = sizeof(out);
-            sprintf(&mac_hex[2*i], "%02x", mac[i]);
+        if (ix == 3) {
-        RETVAL = newSVpvn(mac_hex, strlen(mac_hex));
+          rv = base64url_encode(mac, len, (unsigned char *)out, &outlen);
+          if (rv != CRYPT_OK) croak("FATAL: base64url_encode failed: %s", error_to_string(rv));
+          RETVAL = newSVpvn((char *) out, outlen);
+        }
+        else if (ix == 2) {
+          rv = base64_encode(mac, len, (unsigned char *)out, &outlen);
+          if (rv != CRYPT_OK) croak("FATAL: base64_encode failed: %s", error_to_string(rv));
+          RETVAL = newSVpvn((char *) out, outlen);
+        }
+        else if (ix == 1) {
+          rv = _base16_encode(mac, len, (unsigned char *)out, &outlen);
+          if (rv != CRYPT_OK) croak("FATAL: base16_encode failed: %s", error_to_string(rv));
+          RETVAL = newSVpvn((char *) out, outlen);
+        }
+        else {
+          RETVAL = newSVpvn((char *) mac, len);
+        }
     }
     OUTPUT:
         RETVAL

inc/CryptX_Mac_XCBC.xs.inc

@@ -1,9 +1,11 @@
 MODULE = CryptX         PACKAGE = Crypt::Mac::XCBC
 
+PROTOTYPES: DISABLE
+
 ### BEWARE - GENERATED FILE, DO NOT EDIT MANUALLY!
 
 Crypt::Mac::XCBC
-_new(char * cipher_name, SV * key)
+new(Class, char * cipher_name, SV * key)
     CODE:
     {
         STRLEN k_len=0;
@@ -11,17 +13,20 @@ _new(char * cipher_name, SV * key)
         int rv;
         int id;
 
-        id = find_cipher(cipher_name);
+        id = _find_cipher(cipher_name);
-        if(id==-1) croak("FATAL: find_cipfer failed for '%s'", cipher_name);
+        if (id == -1) croak("FATAL: find_cipfer failed for '%s'", cipher_name);
 
         if (!SvPOK(key)) croak("FATAL: key must be string/buffer scalar");
         k = (unsigned char *) SvPVbyte(key, k_len);
 
-        Newz(0, RETVAL, 1, struct xcbc_struct);
+        Newz(0, RETVAL, 1, xcbc_state);
         if (!RETVAL) croak("FATAL: Newz failed");
 
-        rv = xcbc_init(&RETVAL->state, id, k, (unsigned long)k_len);
+        rv = xcbc_init(RETVAL, id, k, (unsigned long)k_len);
-        if (rv != CRYPT_OK) croak("FATAL: xcbc_init failed: %s", error_to_string(rv));
+        if (rv != CRYPT_OK) {
+          Safefree(RETVAL);
+          croak("FATAL: xcbc_init failed: %s", error_to_string(rv));
+        }
     }
     OUTPUT:
         RETVAL
@@ -34,101 +39,119 @@ DESTROY(Crypt::Mac::XCBC self)
 Crypt::Mac::XCBC
 clone(Crypt::Mac::XCBC self)
     CODE:
-        Newz(0, RETVAL, 1, struct xcbc_struct);
+        Newz(0, RETVAL, 1, xcbc_state);
         if (!RETVAL) croak("FATAL: Newz failed");
-        Copy(&self->state, &RETVAL->state, 1, struct xcbc_struct);
+        Copy(self, RETVAL, 1, xcbc_state);
     OUTPUT:
         RETVAL
 
 void
-_add_single(Crypt::Mac::XCBC self, SV * data)
+add(Crypt::Mac::XCBC self, ...)
-    CODE:
+    PPCODE:
     {
-        int rv;
+        int rv, i;
         STRLEN in_data_len;
         unsigned char *in_data;
 
-        in_data = (unsigned char *)SvPVbyte(data, in_data_len);
+        for(i = 1; i < items; i++) {
-        if (in_data_len>0) {
+          in_data = (unsigned char *)SvPVbyte(ST(i), in_data_len);
-          rv = xcbc_process(&self->state, in_data, (unsigned long)in_data_len);
+          if (in_data_len > 0) {
+            rv = xcbc_process(self, in_data, (unsigned long)in_data_len);
             if (rv != CRYPT_OK) croak("FATAL: xcbc_process failed: %s", error_to_string(rv));
           }
         }
+        XPUSHs(ST(0)); /* return self */
+    }
 
 SV *
 mac(Crypt::Mac::XCBC self)
-    CODE:
+    ALIAS:
-    {
+        hexmac  = 1
-        char mac[MAXBLOCKSIZE];
+        b64mac  = 2
-        unsigned long mac_len;
+        b64umac = 3
-        int rv;
-
-        mac_len = sizeof(mac);
-        rv = xcbc_done(&self->state, (unsigned char*)mac, &mac_len);
-        if (rv != CRYPT_OK) croak("FATAL: xcbc_done failed: %s", error_to_string(rv));
-        RETVAL = newSVpvn(mac, mac_len);
-    }
-    OUTPUT:
-        RETVAL
-
-SV *
-b64mac(Crypt::Mac::XCBC self)
     CODE:
     {
         unsigned char mac[MAXBLOCKSIZE];
-        unsigned long mac_len;
+        unsigned long maclen, outlen;
         int rv;
-        unsigned long outlen;
+        char out[MAXBLOCKSIZE*2];
-        char mac_base64[MAXBLOCKSIZE*2 + 1];
 
-        mac_len = sizeof(mac);
+        maclen = sizeof(mac);
-        rv = xcbc_done(&self->state, mac, &mac_len);
+        rv = xcbc_done(self, mac, &maclen);
         if (rv != CRYPT_OK) croak("FATAL: xcbc_done failed: %s", error_to_string(rv));
-        outlen = sizeof(mac_base64);
+        outlen = sizeof(out);
-        rv = base64_encode(mac, mac_len, (unsigned char*)mac_base64, &outlen);
+        if (ix == 3) {
-        if (rv != CRYPT_OK) croak("FATAL: base64_encode failed: %s", error_to_string(rv));
+          rv = base64url_encode(mac, maclen, (unsigned char*)out, &outlen);
-        RETVAL = newSVpvn(mac_base64, outlen);
-    }
-    OUTPUT:
-        RETVAL
-
-SV *
-b64umac(Crypt::Mac::XCBC self)
-    CODE:
-    {
-        unsigned char mac[MAXBLOCKSIZE];
-        unsigned long mac_len;
-        int rv;
-        unsigned long outlen;
-        char mac_base64[MAXBLOCKSIZE*2 + 1];
-
-        mac_len = sizeof(mac);
-        rv = xcbc_done(&self->state, mac, &mac_len);
-        if (rv != CRYPT_OK) croak("FATAL: xcbc_done failed: %s", error_to_string(rv));
-        outlen = sizeof(mac_base64);
-        rv = base64url_encode(mac, mac_len, (unsigned char*)mac_base64, &outlen);
           if (rv != CRYPT_OK) croak("FATAL: base64url_encode failed: %s", error_to_string(rv));
-        RETVAL = newSVpvn(mac_base64, outlen);
+          RETVAL = newSVpvn(out, outlen);
+        }
+        if (ix == 2) {
+          rv = base64_encode(mac, maclen, (unsigned char*)out, &outlen);
+          if (rv != CRYPT_OK) croak("FATAL: base64_encode failed: %s", error_to_string(rv));
+          RETVAL = newSVpvn(out, outlen);
+        }
+        if (ix == 1) {
+          rv = _base16_encode(mac, maclen, (unsigned char *)out, &outlen);
+          if (rv != CRYPT_OK) croak("FATAL: base16_encode failed: %s", error_to_string(rv));
+          RETVAL = newSVpvn(out, outlen);
+        }
+        else {
+          RETVAL = newSVpvn((char * )mac, maclen);
+        }
     }
     OUTPUT:
         RETVAL
 
 SV *
-hexmac(Crypt::Mac::XCBC self)
+xcbc(char * cipher_name, SV * key, ...)
+    ALIAS:
+        xcbc_hex  = 1
+        xcbc_b64  = 2
+        xcbc_b64u = 3
     CODE:
     {
+        STRLEN inlen, klen;
+        unsigned char *in;
+        unsigned char *k = (unsigned char *)SvPVbyte(key, klen);
+        int rv, i;
         unsigned char mac[MAXBLOCKSIZE];
-        unsigned long mac_len, i;
+        unsigned long len = sizeof(mac), outlen;
-        int rv;
+        char out[MAXBLOCKSIZE*2];
-        char mac_hex[MAXBLOCKSIZE*2 + 1];
+        xcbc_state st;
 
-        mac_len = sizeof(mac);
+        int id = _find_cipher(cipher_name);
-        rv = xcbc_done(&self->state, mac, &mac_len);
+        if (id == -1) croak("FATAL: find_cipher failed for '%s'", cipher_name);
+        rv = xcbc_init(&st, id, k, (unsigned long)klen);
+        if (rv != CRYPT_OK) croak("FATAL: xcbc_init failed: %s", error_to_string(rv));
+        for (i = 2; i < items; i++) {
+          in = (unsigned char *)SvPVbyte(ST(i), inlen);
+          if (inlen > 0) {
+            rv = xcbc_process(&st, in, (unsigned long)inlen);
+            if (rv != CRYPT_OK) croak("FATAL: xcbc_process failed: %s", error_to_string(rv));
+          }
+        }
+        rv = xcbc_done(&st, mac, &len);
         if (rv != CRYPT_OK) croak("FATAL: xcbc_done failed: %s", error_to_string(rv));
-        mac_hex[0] = '\0';
+
-        for(i=0; i<mac_len; i++)
+        outlen = sizeof(out);
-            sprintf(&mac_hex[2*i], "%02x", mac[i]);
+        if (ix == 3) {
-        RETVAL = newSVpvn(mac_hex, strlen(mac_hex));
+          rv = base64url_encode(mac, len, (unsigned char *)out, &outlen);
+          if (rv != CRYPT_OK) croak("FATAL: base64url_encode failed: %s", error_to_string(rv));
+          RETVAL = newSVpvn((char *) out, outlen);
+        }
+        else if (ix == 2) {
+          rv = base64_encode(mac, len, (unsigned char *)out, &outlen);
+          if (rv != CRYPT_OK) croak("FATAL: base64_encode failed: %s", error_to_string(rv));
+          RETVAL = newSVpvn((char *) out, outlen);
+        }
+        else if (ix == 1) {
+          rv = _base16_encode(mac, len, (unsigned char *)out, &outlen);
+          if (rv != CRYPT_OK) croak("FATAL: base16_encode failed: %s", error_to_string(rv));
+          RETVAL = newSVpvn((char *) out, outlen);
+        }
+        else {
+          RETVAL = newSVpvn((char *) mac, len);
+        }
     }
     OUTPUT:
         RETVAL

inc/CryptX_Mode_CBC.xs.inc

@@ -1,9 +1,11 @@
 MODULE = CryptX         PACKAGE = Crypt::Mode::CBC
 
+PROTOTYPES: DISABLE
+
 ### BEWARE - GENERATED FILE, DO NOT EDIT MANUALLY!
 
 Crypt::Mode::CBC
-_new(char * cipher_name, int padding=1, int rounds=0)
+new(Class, char * cipher_name, int padding=1, int rounds=0)
     CODE:
     {
         Newz(0, RETVAL, 1, struct cbc_struct);
@@ -12,8 +14,11 @@ _new(char * cipher_name, int padding=1, int rounds=0)
         RETVAL->padlen = 0;
         RETVAL->direction = 0;
         RETVAL->cipher_rounds = rounds;
-        RETVAL->cipher_id = find_cipher(cipher_name);
+        RETVAL->cipher_id = _find_cipher(cipher_name);
-        if(RETVAL->cipher_id==-1) croak("FATAL: find_cipfer failed for '%s'", cipher_name);
+        if (RETVAL->cipher_id == -1) {
+          Safefree(RETVAL);
+          croak("FATAL: find_cipfer failed for '%s'", cipher_name);
+        }
     }
     OUTPUT:
         RETVAL
@@ -23,16 +28,11 @@ DESTROY(Crypt::Mode::CBC self)
     CODE:
         Safefree(self);
 
-int
-_get_dir(Crypt::Mode::CBC self)
-    CODE:
-        RETVAL = self->direction;
-    OUTPUT:
-        RETVAL
-
 void
-_start(Crypt::Mode::CBC self, int dir, SV * key, SV * iv)
+start_decrypt(Crypt::Mode::CBC self, SV * key, SV * iv)
-    CODE:
+    ALIAS:
+        start_encrypt = 1
+    PPCODE:
     {
         int rv;
         STRLEN k_len=0;
@@ -53,38 +53,40 @@ _start(Crypt::Mode::CBC self, int dir, SV * key, SV * iv)
           croak("FATAL: cbc_start failed: %s", error_to_string(rv));
         }
 
-        self->direction = dir;
+        self->direction = ix == 1 ? 1 : -1;
         self->padlen = 0;
+        XPUSHs(ST(0)); /* return self */
     }
 
 SV *
-_encrypt(Crypt::Mode::CBC self, SV * data)
+add(Crypt::Mode::CBC self, ...)
     CODE:
     {
-        int rv, has_tmp_block, blen;
+        int rv, has_tmp_block, blen, j;
         unsigned long i;
-
+        STRLEN in_data_len, in_data_start, out_len = 0;
-        STRLEN in_data_len, in_data_start;
         unsigned char *in_data, *out_data, tmp_block[MAXBLOCKSIZE];
 
-        if (self->direction != 1) croak("FATAL: encrypt error, call start_encrypt first (%d)", self->direction);
+        RETVAL = newSVpvn("", 0);
-
+        for (j = 1; j < items; j++) {
+          in_data = (unsigned char *)SvPVbyte(ST(j), in_data_len);
           blen = (&self->state)->blocklen;
           in_data_start = 0;
           has_tmp_block = 0;
-        in_data = (unsigned char *)SvPVbyte(data, in_data_len);
+          if (in_data_len > 0) {
-        if (in_data_len==0) {
+            if (self->direction == 1) {
-          RETVAL = newSVpvn("", 0);
+              /* handle non-empty self->pad buffer */
-        }
+              if (self->padlen > 0) {
-        else {
-          if(self->padlen > 0) {
                 i = (blen - self->padlen);
                 if (in_data_len >= i) { /* enough data to fill pad */
                   Copy(in_data, self->pad+self->padlen, i, unsigned char);
                   in_data_len -= i;
                   in_data_start = i;
                   rv = cbc_encrypt(self->pad, tmp_block, blen, &self->state);
-              if (rv != CRYPT_OK) croak("FATAL: cbc_encrypt failed: %s", error_to_string(rv));
+                  if (rv != CRYPT_OK) {
+                    SvREFCNT_dec(RETVAL);
+                    croak("FATAL: cbc_encrypt failed: %s", error_to_string(rv));
+                  }
                   self->padlen = 0;
                   has_tmp_block = 1;
                 }
@@ -93,101 +95,46 @@ _encrypt(Crypt::Mode::CBC self, SV * data)
                   self->padlen += (int)in_data_len;
                   in_data_len = 0;
                 }
-          } /* padlen > 0 */
+              }
 
               i = (unsigned long)(in_data_len % blen);
-          if (in_data_len>0 && i>0) { /* save tail of data into pad */
+              if (in_data_len > 0 && i > 0) { /* save tail of data into pad */
-            Copy(in_data+in_data_start+in_data_len-i, self->pad, i, unsigned char);
+                Copy(in_data + in_data_start + in_data_len - i, self->pad, i, unsigned char);
                 self->padlen = i;
                 in_data_len -= i;
               }
 
-          if (in_data_len>0) {
+              if (in_data_len > 0) {
                 i = (unsigned long)(has_tmp_block ? in_data_len + blen : in_data_len);
-            RETVAL = NEWSV(0, i);
+                out_data = (unsigned char*)SvGROW(RETVAL, out_len + i + 1) + out_len;
-            SvPOK_only(RETVAL);
+                out_len += i;
-            SvCUR_set(RETVAL, i);
-            out_data = (unsigned char *)SvPV_nolen(RETVAL);
-
                 if (has_tmp_block) {
                   Copy(tmp_block, out_data, blen, unsigned char);
                   out_data += blen;
                 }
                 rv = cbc_encrypt(in_data+in_data_start, out_data, (unsigned long)in_data_len, &self->state);
-            if (rv != CRYPT_OK) croak("FATAL: cbc_encrypt failed: %s", error_to_string(rv));
+                if (rv != CRYPT_OK) {
-          } /* in_data_len>0 */
+                  SvREFCNT_dec(RETVAL);
+                  croak("FATAL: cbc_encrypt failed: %s", error_to_string(rv));
+                }
+              } /* in_data_len > 0 */
               else if (has_tmp_block) {
-            RETVAL = newSVpvn((char*)tmp_block, blen);
+                out_data = (unsigned char*)SvGROW(RETVAL, out_len + blen + 1) + out_len;
-          }
+                out_len += blen;
-          else {
+                Copy(tmp_block, out_data, blen, unsigned char);
-            RETVAL = newSVpvn("", 0);
               }
             }
-    }
+            else if (self->direction == -1) {
-    OUTPUT:
+              if (self->padlen == blen) {
-        RETVAL
-
-SV *
-_finish_enc(Crypt::Mode::CBC self)
-    CODE:
-    {
-        unsigned char tmp_block[MAXBLOCKSIZE];
-        int rv, blen, i, j;
-
-        blen = (&self->state)->blocklen;
-        if (self->padlen<0 || self->padlen>=blen) croak("FATAL: invalid padlen");
-
-        if(self->padding_mode == 1) { /* pkcs5|7 padding */
-          i = blen - self->padlen;
-          if (i == 0) i = blen;
-          for(j=self->padlen; j<blen; j++) self->pad[j] = (unsigned char)i;
-          rv = cbc_encrypt(self->pad, tmp_block, blen, &self->state);
-          if (rv != CRYPT_OK) croak("FATAL: cbc_encrypt failed: %s", error_to_string(rv));
-        }
-        else if(self->padding_mode == 2) { /* oneandzeroes padding */
-          self->pad[self->padlen] = 0x80;
-          for(j=self->padlen+1; j<blen; j++) self->pad[j] = 0;
-          rv = cbc_encrypt(self->pad, tmp_block, blen, &self->state);
-          if (rv != CRYPT_OK) croak("FATAL: cbc_encrypt failed: %s", error_to_string(rv));
-        }
-        else {
-          if (self->padlen>0) croak("FATAL: cbc_encrypt, input data length not multiple of %d", blen);
-          blen = 0;
-        }
-
-        self->direction = 0;
-        RETVAL = newSVpvn((char*)tmp_block, blen);
-    }
-    OUTPUT:
-        RETVAL
-
-SV *
-_decrypt(Crypt::Mode::CBC self, SV * data)
-    CODE:
-    {
-        int rv, has_tmp_block, blen;
-        unsigned long i;
-        STRLEN in_data_len, in_data_start;
-        unsigned char *in_data, *out_data, tmp_block[MAXBLOCKSIZE];
-
-        if (self->direction != -1) croak("FATAL: decrypt error, call start_decryt first (%d)", self->direction);
-
-        blen = (&self->state)->blocklen;
-        in_data_start = 0;
-        has_tmp_block = 0;
-        in_data = (unsigned char *)SvPVbyte(data, in_data_len);
-        if (in_data_len==0) {
-          RETVAL = newSVpvn("", 0);
-        }
-        else {
-
-          if(self->padlen == blen) {
                 rv = cbc_decrypt(self->pad, tmp_block, blen, &self->state);
-            if (rv != CRYPT_OK) croak("FATAL: cbc_decrypt failed: %s", error_to_string(rv));
+                if (rv != CRYPT_OK) {
+                  SvREFCNT_dec(RETVAL);
+                  croak("FATAL: cbc_decrypt failed: %s", error_to_string(rv));
+                }
                 self->padlen = 0;
                 has_tmp_block = 1;
               } /* padlen == blen */
-          else if(self->padlen > 0) {
+              else if (self->padlen > 0) {
                 i = (blen - self->padlen); /* remaining bytes in padding buffer */
                 if (in_data_len >= i) { /* enough data to fill pad */
                   Copy(in_data, self->pad+self->padlen, i, unsigned char);
@@ -196,7 +143,10 @@ _decrypt(Crypt::Mode::CBC self, SV * data)
                   in_data_start = i;
                   if (in_data_len>0 || self->padding_mode == 0) {
                     rv = cbc_decrypt(self->pad, tmp_block, blen, &self->state);
-                if (rv != CRYPT_OK) croak("FATAL: cbc_decrypt failed: %s", error_to_string(rv));
+                    if (rv != CRYPT_OK) {
+                      SvREFCNT_dec(RETVAL);
+                      croak("FATAL: cbc_decrypt failed: %s", error_to_string(rv));
+                    }
                     self->padlen = 0;
                     has_tmp_block = 1;
                   }
@@ -208,7 +158,7 @@ _decrypt(Crypt::Mode::CBC self, SV * data)
                 }
               } /* padlen > 0 */
 
-          /* here: a/ padlen==1..16 && in_data_len==0; b/ padlen==0 && in_data_len>0 */
+              /* here: a/ padlen == 1..16 && in_data_len == 0; b/ padlen == 0 && in_data_len > 0 */
               if (in_data_len>0) {
                 i = (unsigned long)(in_data_len % blen);
                 if (i>0) { /* save tail of data into pad */
@@ -219,72 +169,99 @@ _decrypt(Crypt::Mode::CBC self, SV * data)
               }
 
               if (in_data_len>0) {
-            if(self->padlen == 0 && self->padding_mode !=0) {
+                if (self->padlen == 0 && self->padding_mode !=0) {
                   /* in case of padding keep full pad if no more data */
                   Copy(in_data+in_data_start+in_data_len-blen, self->pad, blen, unsigned char);
                   self->padlen = blen;
                   in_data_len -= blen;
                 }
                 i = (unsigned long)(has_tmp_block ? in_data_len + blen : in_data_len);
-            if (i == 0) {
+                if (i > 0) {
-              RETVAL = newSVpvn("", 0);
+                  out_data = (unsigned char*)SvGROW(RETVAL, out_len + i + 1) + out_len;
-            }
+                  out_len += i;
-            else {
-              RETVAL = NEWSV(0, i);
-              SvPOK_only(RETVAL);
-              SvCUR_set(RETVAL, i);
-              out_data = (unsigned char *)SvPV_nolen(RETVAL);
                   if (has_tmp_block) {
                     Copy(tmp_block, out_data, blen, unsigned char);
                     out_data += blen;
                   }
                   rv = cbc_decrypt(in_data+in_data_start, out_data, (unsigned long)in_data_len, &self->state);
-              if (rv != CRYPT_OK) croak("FATAL: cbc_decrypt failed: %s", error_to_string(rv));
+                  if (rv != CRYPT_OK) {
+                    SvREFCNT_dec(RETVAL);
+                    croak("FATAL: cbc_decrypt failed: %s", error_to_string(rv));
+                  }
                 }
               } /* in_data_len>0 */
               else if (has_tmp_block) {
-            RETVAL = newSVpvn((char*)tmp_block, blen);
+                out_data = (unsigned char*)SvGROW(RETVAL, out_len + blen + 1) + out_len;
+                out_len += blen;
+                Copy(tmp_block, out_data, blen, unsigned char);
+              }
             }
             else {
-            RETVAL = newSVpvn("", 0);
+              SvREFCNT_dec(RETVAL);
+              croak("FATAL: call start_decryt or start_encrpyt first (%d)", self->direction);
             }
           }
-
+        }
+        if (out_len > 0) SvCUR_set(RETVAL, out_len);
     }
     OUTPUT:
         RETVAL
 
 SV *
-_finish_dec(Crypt::Mode::CBC self)
+finish(Crypt::Mode::CBC self)
     CODE:
     {
-        unsigned char tmp_block[MAXBLOCKSIZE];
+        unsigned char tmp_block[MAXBLOCKSIZE], ch;
-        unsigned char i;
+        int i, j, rv, blen = (&self->state)->blocklen;
-        int rv, rv_len, blen;
 
-        rv_len = 0;
+        if (self->direction == 1) {
+          if (self->padlen<0 || self->padlen>=blen) croak("FATAL: invalid padlen");
+          if (self->padding_mode == 1) { /* pkcs5|7 padding */
+            i = blen - self->padlen;
+            if (i == 0) i = blen;
+            for(j=self->padlen; j<blen; j++) self->pad[j] = (unsigned char)i;
+            rv = cbc_encrypt(self->pad, tmp_block, blen, &self->state);
+            if (rv != CRYPT_OK) croak("FATAL: cbc_encrypt failed: %s", error_to_string(rv));
+          }
+          else if (self->padding_mode == 2) { /* oneandzeroes padding */
+            self->pad[self->padlen] = 0x80;
+            for(j=self->padlen+1; j<blen; j++) self->pad[j] = 0;
+            rv = cbc_encrypt(self->pad, tmp_block, blen, &self->state);
+            if (rv != CRYPT_OK) croak("FATAL: cbc_encrypt failed: %s", error_to_string(rv));
+          }
+          else {
+            if (self->padlen>0) croak("FATAL: cbc_encrypt, input data length not multiple of %d", blen);
+            blen = 0;
+          }
+        }
+        else if (self->direction == -1) {
           if (self->padlen > 0) {
-          blen = (&self->state)->blocklen;
             if (self->padlen != blen) croak("FATAL: cipher text length has to be multiple of %d (%d)", blen, self->padlen);
             rv = cbc_decrypt(self->pad, tmp_block, blen, &self->state);
             if (rv != CRYPT_OK) croak("FATAL: cbc_decrypt failed: %s", error_to_string(rv));
-          if(self->padding_mode == 0) {         /* no padding */
+            if (self->padding_mode == 0) {         /* no padding */
-            rv_len = blen;
+              /* we already have blen */
             }
-          else if(self->padding_mode == 1) {    /* pkcs5|7 padding */
+            else if (self->padding_mode == 1) {    /* pkcs5|7 padding */
-            i = tmp_block[blen-1];
+              ch = tmp_block[blen-1];
-            rv_len = blen - (i>blen ? blen : i);
+              blen = blen - (ch > blen ? blen : ch);
             }
-          else if(self->padding_mode == 2) {    /* oneandzeroes padding */
+            else if (self->padding_mode == 2) {    /* oneandzeroes padding */
-            rv_len = blen;
+              while ((unsigned char)tmp_block[blen - 1] == 0x00) blen--;
-            while ((unsigned char)tmp_block[rv_len-1] == 0x00) rv_len--;
+              if ((unsigned char)tmp_block[blen - 1] == 0x80) blen--;
-            if ((unsigned char)tmp_block[rv_len-1] == 0x80) rv_len--;
+              if (blen < 0) blen = 0;
-            if (rv_len<0) rv_len = 0;
             }
           }
+          else {
+            blen = 0;
+          }
+        }
+        else {
+           XSRETURN_UNDEF;
+        }
 
         self->direction = 0;
-        RETVAL = newSVpvn((char*)tmp_block, rv_len);
+        RETVAL = newSVpvn((char*)tmp_block, blen);
     }
     OUTPUT:
         RETVAL

inc/CryptX_Mode_CFB.xs.inc

@@ -1,17 +1,22 @@
 MODULE = CryptX         PACKAGE = Crypt::Mode::CFB
 
+PROTOTYPES: DISABLE
+
 ### BEWARE - GENERATED FILE, DO NOT EDIT MANUALLY!
 
 Crypt::Mode::CFB
-_new(char * cipher_name, int rounds=0)
+new(Class, char * cipher_name, int rounds=0)
     CODE:
     {
         Newz(0, RETVAL, 1, struct cfb_struct);
         if (!RETVAL) croak("FATAL: Newz failed");
         RETVAL->direction = 0;
         RETVAL->cipher_rounds = rounds;
-        RETVAL->cipher_id = find_cipher(cipher_name);
+        RETVAL->cipher_id = _find_cipher(cipher_name);
-        if(RETVAL->cipher_id==-1) croak("FATAL: find_cipfer failed for '%s'", cipher_name);
+        if (RETVAL->cipher_id == -1) {
+          Safefree(RETVAL);
+          croak("FATAL: find_cipfer failed for '%s'", cipher_name);
+        }
     }
     OUTPUT:
         RETVAL
@@ -21,16 +26,11 @@ DESTROY(Crypt::Mode::CFB self)
     CODE:
         Safefree(self);
 
-int
-_get_dir(Crypt::Mode::CFB self)
-    CODE:
-        RETVAL = self->direction;
-    OUTPUT:
-        RETVAL
-
 void
-_start(Crypt::Mode::CFB self, int dir, SV * key, SV * iv)
+start_decrypt(Crypt::Mode::CFB self, SV * key, SV * iv)
-    CODE:
+    ALIAS:
+        start_encrypt = 1
+    PPCODE:
     {
         STRLEN k_len=0;
         unsigned char *k=NULL;
@@ -52,45 +52,51 @@ _start(Crypt::Mode::CFB self, int dir, SV * key, SV * iv)
           croak("FATAL: cfb_start failed: %s", error_to_string(rv));
         }
 
-        self->direction = dir;
+        self->direction = ix == 1 ? 1 : -1;
+        XPUSHs(ST(0)); /* return self */
     }
 
 SV *
-_crypt(Crypt::Mode::CFB self, SV * data)
+add(Crypt::Mode::CFB self, ...)
     CODE:
     {
-        int rv;
+        int rv, j;
-        STRLEN in_data_len;
+        STRLEN in_data_len, out_len = 0;
         unsigned char *in_data, *out_data;
 
-        in_data = (unsigned char *)SvPVbyte(data, in_data_len);
-        if (in_data_len==0) {
         RETVAL = newSVpvn("", 0);
-        }
+        for (j = 1; j < items; j++) {
-        else {
+          in_data = (unsigned char *)SvPVbyte(ST(j), in_data_len);
-          RETVAL = NEWSV(0, in_data_len);
+          if (in_data_len > 0) {
-          SvPOK_only(RETVAL);
+            out_data = (unsigned char*)SvGROW(RETVAL, out_len + in_data_len + 1) + out_len;
-          SvCUR_set(RETVAL, in_data_len);
+            out_len += in_data_len;
-          out_data = (unsigned char *)SvPV_nolen(RETVAL);
-
             if (self->direction == 1) {
               rv = cfb_encrypt(in_data, out_data, (unsigned long)in_data_len, &self->state);
-            if (rv != CRYPT_OK) croak("FATAL: cfb_encrypt failed: %s", error_to_string(rv));
+              if (rv != CRYPT_OK) {
+                SvREFCNT_dec(RETVAL);
+                croak("FATAL: cfb_encrypt failed: %s", error_to_string(rv));
+              }
             }
             else if (self->direction == -1) {
               rv = cfb_decrypt(in_data, out_data, (unsigned long)in_data_len, &self->state);
-            if (rv != CRYPT_OK) croak("FATAL: cfb_decrypt failed: %s", error_to_string(rv));
+              if (rv != CRYPT_OK) {
+                SvREFCNT_dec(RETVAL);
+                croak("FATAL: cfb_decrypt failed: %s", error_to_string(rv));
+              }
             }
             else {
+              SvREFCNT_dec(RETVAL);
               croak("FATAL: cfb_crypt failed: call start_encrypt or start_decrypt first");
             }
           }
         }
+        if (out_len > 0) SvCUR_set(RETVAL, out_len);
+    }
     OUTPUT:
         RETVAL
 
 SV *
-_finish(Crypt::Mode::CFB self)
+finish(Crypt::Mode::CFB self)
     CODE:
           self->direction = 0;
           RETVAL = newSVpvn("", 0);

inc/CryptX_Mode_CTR.xs.inc

@@ -1,17 +1,22 @@
 MODULE = CryptX         PACKAGE = Crypt::Mode::CTR
 
+PROTOTYPES: DISABLE
+
 ### BEWARE - GENERATED FILE, DO NOT EDIT MANUALLY!
 
 Crypt::Mode::CTR
-_new(char * cipher_name, int ctr_mode=0, int ctr_width=0, int rounds=0)
+new(Class, char * cipher_name, int ctr_mode=0, int ctr_width=0, int rounds=0)
     CODE:
     {
         Newz(0, RETVAL, 1, struct ctr_struct);
         if (!RETVAL) croak("FATAL: Newz failed");
         RETVAL->direction = 0;
         RETVAL->cipher_rounds = rounds;
-        RETVAL->cipher_id = find_cipher(cipher_name);
+        RETVAL->cipher_id = _find_cipher(cipher_name);
-        if(RETVAL->cipher_id==-1) croak("FATAL: find_cipfer failed for '%s'", cipher_name);
+        if (RETVAL->cipher_id == -1) {
+          Safefree(RETVAL);
+          croak("FATAL: find_cipfer failed for '%s'", cipher_name);
+        }
         if (ctr_mode == 0) RETVAL->ctr_mode_param = CTR_COUNTER_LITTLE_ENDIAN;
         if (ctr_mode == 1) RETVAL->ctr_mode_param = CTR_COUNTER_BIG_ENDIAN;
         if (ctr_mode == 2) RETVAL->ctr_mode_param = CTR_COUNTER_LITTLE_ENDIAN|LTC_CTR_RFC3686;
@@ -26,16 +31,11 @@ DESTROY(Crypt::Mode::CTR self)
     CODE:
         Safefree(self);
 
-int
-_get_dir(Crypt::Mode::CTR self)
-    CODE:
-        RETVAL = self->direction;
-    OUTPUT:
-        RETVAL
-
 void
-_start(Crypt::Mode::CTR self, int dir, SV * key, SV * iv)
+start_decrypt(Crypt::Mode::CTR self, SV * key, SV * iv)
-    CODE:
+    ALIAS:
+        start_encrypt = 1
+    PPCODE:
     {
         STRLEN k_len=0;
         unsigned char *k=NULL;
@@ -57,45 +57,51 @@ _start(Crypt::Mode::CTR self, int dir, SV * key, SV * iv)
           croak("FATAL: ctr_start failed: %s", error_to_string(rv));
         }
 
-        self->direction = dir;
+        self->direction = ix == 1 ? 1 : -1;
+        XPUSHs(ST(0)); /* return self */
     }
 
 SV *
-_crypt(Crypt::Mode::CTR self, SV * data)
+add(Crypt::Mode::CTR self, ...)
     CODE:
     {
-        int rv;
+        int rv, j;
-        STRLEN in_data_len;
+        STRLEN in_data_len, out_len = 0;
         unsigned char *in_data, *out_data;
 
-        in_data = (unsigned char *)SvPVbyte(data, in_data_len);
-        if (in_data_len==0) {
         RETVAL = newSVpvn("", 0);
-        }
+        for (j = 1; j < items; j++) {
-        else {
+          in_data = (unsigned char *)SvPVbyte(ST(j), in_data_len);
-          RETVAL = NEWSV(0, in_data_len);
+          if (in_data_len > 0) {
-          SvPOK_only(RETVAL);
+            out_data = (unsigned char*)SvGROW(RETVAL, out_len + in_data_len + 1) + out_len;
-          SvCUR_set(RETVAL, in_data_len);
+            out_len += in_data_len;
-          out_data = (unsigned char *)SvPV_nolen(RETVAL);
-
             if (self->direction == 1) {
               rv = ctr_encrypt(in_data, out_data, (unsigned long)in_data_len, &self->state);
-            if (rv != CRYPT_OK) croak("FATAL: ctr_encrypt failed: %s", error_to_string(rv));
+              if (rv != CRYPT_OK) {
+                SvREFCNT_dec(RETVAL);
+                croak("FATAL: ctr_encrypt failed: %s", error_to_string(rv));
+              }
             }
             else if (self->direction == -1) {
               rv = ctr_decrypt(in_data, out_data, (unsigned long)in_data_len, &self->state);
-            if (rv != CRYPT_OK) croak("FATAL: ctr_decrypt failed: %s", error_to_string(rv));
+              if (rv != CRYPT_OK) {
+                SvREFCNT_dec(RETVAL);
+                croak("FATAL: ctr_decrypt failed: %s", error_to_string(rv));
+              }
             }
             else {
+              SvREFCNT_dec(RETVAL);
               croak("FATAL: ctr_crypt failed: call start_encrypt or start_decrypt first");
             }
           }
         }
+        if (out_len > 0) SvCUR_set(RETVAL, out_len);
+    }
     OUTPUT:
         RETVAL
 
 SV *
-_finish(Crypt::Mode::CTR self)
+finish(Crypt::Mode::CTR self)
     CODE:
           self->direction = 0;
           RETVAL = newSVpvn("", 0);

inc/CryptX_Mode_ECB.xs.inc

@@ -1,9 +1,11 @@
 MODULE = CryptX         PACKAGE = Crypt::Mode::ECB
 
+PROTOTYPES: DISABLE
+
 ### BEWARE - GENERATED FILE, DO NOT EDIT MANUALLY!
 
 Crypt::Mode::ECB
-_new(char * cipher_name, int padding=1, int rounds=0)
+new(Class, char * cipher_name, int padding=1, int rounds=0)
     CODE:
     {
         Newz(0, RETVAL, 1, struct ecb_struct);
@@ -12,8 +14,11 @@ _new(char * cipher_name, int padding=1, int rounds=0)
         RETVAL->padlen = 0;
         RETVAL->direction = 0;
         RETVAL->cipher_rounds = rounds;
-        RETVAL->cipher_id = find_cipher(cipher_name);
+        RETVAL->cipher_id = _find_cipher(cipher_name);
-        if(RETVAL->cipher_id==-1) croak("FATAL: find_cipfer failed for '%s'", cipher_name);
+        if (RETVAL->cipher_id == -1) {
+          Safefree(RETVAL);
+          croak("FATAL: find_cipfer failed for '%s'", cipher_name);
+        }
     }
     OUTPUT:
         RETVAL
@@ -23,16 +28,11 @@ DESTROY(Crypt::Mode::ECB self)
     CODE:
         Safefree(self);
 
-int
-_get_dir(Crypt::Mode::ECB self)
-    CODE:
-        RETVAL = self->direction;
-    OUTPUT:
-        RETVAL
-
 void
-_start(Crypt::Mode::ECB self, int dir, SV * key)
+start_decrypt(Crypt::Mode::ECB self, SV * key)
-    CODE:
+    ALIAS:
+        start_encrypt = 1
+    PPCODE:
     {
         int rv;
         STRLEN k_len=0;
@@ -46,38 +46,40 @@ _start(Crypt::Mode::ECB self, int dir, SV * key)
           croak("FATAL: ecb_start failed: %s", error_to_string(rv));
         }
 
-        self->direction = dir;
+        self->direction = ix == 1 ? 1 : -1;
         self->padlen = 0;
+        XPUSHs(ST(0)); /* return self */
     }
 
 SV *
-_encrypt(Crypt::Mode::ECB self, SV * data)
+add(Crypt::Mode::ECB self, ...)
     CODE:
     {
-        int rv, has_tmp_block, blen;
+        int rv, has_tmp_block, blen, j;
         unsigned long i;
-
+        STRLEN in_data_len, in_data_start, out_len = 0;
-        STRLEN in_data_len, in_data_start;
         unsigned char *in_data, *out_data, tmp_block[MAXBLOCKSIZE];
 
-        if (self->direction != 1) croak("FATAL: encrypt error, call start_encrypt first (%d)", self->direction);
+        RETVAL = newSVpvn("", 0);
-
+        for (j = 1; j < items; j++) {
+          in_data = (unsigned char *)SvPVbyte(ST(j), in_data_len);
           blen = (&self->state)->blocklen;
           in_data_start = 0;
           has_tmp_block = 0;
-        in_data = (unsigned char *)SvPVbyte(data, in_data_len);
+          if (in_data_len > 0) {
-        if (in_data_len==0) {
+            if (self->direction == 1) {
-          RETVAL = newSVpvn("", 0);
+              /* handle non-empty self->pad buffer */
-        }
+              if (self->padlen > 0) {
-        else {
-          if(self->padlen > 0) {
                 i = (blen - self->padlen);
                 if (in_data_len >= i) { /* enough data to fill pad */
                   Copy(in_data, self->pad+self->padlen, i, unsigned char);
                   in_data_len -= i;
                   in_data_start = i;
                   rv = ecb_encrypt(self->pad, tmp_block, blen, &self->state);
-              if (rv != CRYPT_OK) croak("FATAL: ecb_encrypt failed: %s", error_to_string(rv));
+                  if (rv != CRYPT_OK) {
+                    SvREFCNT_dec(RETVAL);
+                    croak("FATAL: ecb_encrypt failed: %s", error_to_string(rv));
+                  }
                   self->padlen = 0;
                   has_tmp_block = 1;
                 }
@@ -86,101 +88,46 @@ _encrypt(Crypt::Mode::ECB self, SV * data)
                   self->padlen += (int)in_data_len;
                   in_data_len = 0;
                 }
-          } /* padlen > 0 */
+              }
 
               i = (unsigned long)(in_data_len % blen);
-          if (in_data_len>0 && i>0) { /* save tail of data into pad */
+              if (in_data_len > 0 && i > 0) { /* save tail of data into pad */
-            Copy(in_data+in_data_start+in_data_len-i, self->pad, i, unsigned char);
+                Copy(in_data + in_data_start + in_data_len - i, self->pad, i, unsigned char);
                 self->padlen = i;
                 in_data_len -= i;
               }
 
-          if (in_data_len>0) {
+              if (in_data_len > 0) {
                 i = (unsigned long)(has_tmp_block ? in_data_len + blen : in_data_len);
-            RETVAL = NEWSV(0, i);
+                out_data = (unsigned char*)SvGROW(RETVAL, out_len + i + 1) + out_len;
-            SvPOK_only(RETVAL);
+                out_len += i;
-            SvCUR_set(RETVAL, i);
-            out_data = (unsigned char *)SvPV_nolen(RETVAL);
-
                 if (has_tmp_block) {
                   Copy(tmp_block, out_data, blen, unsigned char);
                   out_data += blen;
                 }
                 rv = ecb_encrypt(in_data+in_data_start, out_data, (unsigned long)in_data_len, &self->state);
-            if (rv != CRYPT_OK) croak("FATAL: ecb_encrypt failed: %s", error_to_string(rv));
+                if (rv != CRYPT_OK) {
-          } /* in_data_len>0 */
+                  SvREFCNT_dec(RETVAL);
+                  croak("FATAL: ecb_encrypt failed: %s", error_to_string(rv));
+                }
+              } /* in_data_len > 0 */
               else if (has_tmp_block) {
-            RETVAL = newSVpvn((char*)tmp_block, blen);
+                out_data = (unsigned char*)SvGROW(RETVAL, out_len + blen + 1) + out_len;
-          }
+                out_len += blen;
-          else {
+                Copy(tmp_block, out_data, blen, unsigned char);
-            RETVAL = newSVpvn("", 0);
               }
             }
-    }
+            else if (self->direction == -1) {
-    OUTPUT:
+              if (self->padlen == blen) {
-        RETVAL
-
-SV *
-_finish_enc(Crypt::Mode::ECB self)
-    CODE:
-    {
-        unsigned char tmp_block[MAXBLOCKSIZE];
-        int rv, blen, i, j;
-
-        blen = (&self->state)->blocklen;
-        if (self->padlen<0 || self->padlen>=blen) croak("FATAL: invalid padlen");
-
-        if(self->padding_mode == 1) { /* pkcs5|7 padding */
-          i = blen - self->padlen;
-          if (i == 0) i = blen;
-          for(j=self->padlen; j<blen; j++) self->pad[j] = (unsigned char)i;
-          rv = ecb_encrypt(self->pad, tmp_block, blen, &self->state);
-          if (rv != CRYPT_OK) croak("FATAL: ecb_encrypt failed: %s", error_to_string(rv));
-        }
-        else if(self->padding_mode == 2) { /* oneandzeroes padding */
-          self->pad[self->padlen] = 0x80;
-          for(j=self->padlen+1; j<blen; j++) self->pad[j] = 0;
-          rv = ecb_encrypt(self->pad, tmp_block, blen, &self->state);
-          if (rv != CRYPT_OK) croak("FATAL: ecb_encrypt failed: %s", error_to_string(rv));
-        }
-        else {
-          if (self->padlen>0) croak("FATAL: ecb_encrypt, input data length not multiple of %d", blen);
-          blen = 0;
-        }
-
-        self->direction = 0;
-        RETVAL = newSVpvn((char*)tmp_block, blen);
-    }
-    OUTPUT:
-        RETVAL
-
-SV *
-_decrypt(Crypt::Mode::ECB self, SV * data)
-    CODE:
-    {
-        int rv, has_tmp_block, blen;
-        unsigned long i;
-        STRLEN in_data_len, in_data_start;
-        unsigned char *in_data, *out_data, tmp_block[MAXBLOCKSIZE];
-
-        if (self->direction != -1) croak("FATAL: decrypt error, call start_decryt first (%d)", self->direction);
-
-        blen = (&self->state)->blocklen;
-        in_data_start = 0;
-        has_tmp_block = 0;
-        in_data = (unsigned char *)SvPVbyte(data, in_data_len);
-        if (in_data_len==0) {
-          RETVAL = newSVpvn("", 0);
-        }
-        else {
-
-          if(self->padlen == blen) {
                 rv = ecb_decrypt(self->pad, tmp_block, blen, &self->state);
-            if (rv != CRYPT_OK) croak("FATAL: ecb_decrypt failed: %s", error_to_string(rv));
+                if (rv != CRYPT_OK) {
+                  SvREFCNT_dec(RETVAL);
+                  croak("FATAL: ecb_decrypt failed: %s", error_to_string(rv));
+                }
                 self->padlen = 0;
                 has_tmp_block = 1;
               } /* padlen == blen */
-          else if(self->padlen > 0) {
+              else if (self->padlen > 0) {
                 i = (blen - self->padlen); /* remaining bytes in padding buffer */
                 if (in_data_len >= i) { /* enough data to fill pad */
                   Copy(in_data, self->pad+self->padlen, i, unsigned char);
@@ -189,7 +136,10 @@ _decrypt(Crypt::Mode::ECB self, SV * data)
                   in_data_start = i;
                   if (in_data_len>0 || self->padding_mode == 0) {
                     rv = ecb_decrypt(self->pad, tmp_block, blen, &self->state);
-                if (rv != CRYPT_OK) croak("FATAL: ecb_decrypt failed: %s", error_to_string(rv));
+                    if (rv != CRYPT_OK) {
+                      SvREFCNT_dec(RETVAL);
+                      croak("FATAL: ecb_decrypt failed: %s", error_to_string(rv));
+                    }
                     self->padlen = 0;
                     has_tmp_block = 1;
                   }
@@ -201,7 +151,7 @@ _decrypt(Crypt::Mode::ECB self, SV * data)
                 }
               } /* padlen > 0 */
 
-          /* here: a/ padlen==1..16 && in_data_len==0; b/ padlen==0 && in_data_len>0 */
+              /* here: a/ padlen == 1..16 && in_data_len == 0; b/ padlen == 0 && in_data_len > 0 */
               if (in_data_len>0) {
                 i = (unsigned long)(in_data_len % blen);
                 if (i>0) { /* save tail of data into pad */
@@ -212,72 +162,99 @@ _decrypt(Crypt::Mode::ECB self, SV * data)
               }
 
               if (in_data_len>0) {
-            if(self->padlen == 0 && self->padding_mode !=0) {
+                if (self->padlen == 0 && self->padding_mode !=0) {
                   /* in case of padding keep full pad if no more data */
                   Copy(in_data+in_data_start+in_data_len-blen, self->pad, blen, unsigned char);
                   self->padlen = blen;
                   in_data_len -= blen;
                 }
                 i = (unsigned long)(has_tmp_block ? in_data_len + blen : in_data_len);
-            if (i == 0) {
+                if (i > 0) {
-              RETVAL = newSVpvn("", 0);
+                  out_data = (unsigned char*)SvGROW(RETVAL, out_len + i + 1) + out_len;
-            }
+                  out_len += i;
-            else {
-              RETVAL = NEWSV(0, i);
-              SvPOK_only(RETVAL);
-              SvCUR_set(RETVAL, i);
-              out_data = (unsigned char *)SvPV_nolen(RETVAL);
                   if (has_tmp_block) {
                     Copy(tmp_block, out_data, blen, unsigned char);
                     out_data += blen;
                   }
                   rv = ecb_decrypt(in_data+in_data_start, out_data, (unsigned long)in_data_len, &self->state);
-              if (rv != CRYPT_OK) croak("FATAL: ecb_decrypt failed: %s", error_to_string(rv));
+                  if (rv != CRYPT_OK) {
+                    SvREFCNT_dec(RETVAL);
+                    croak("FATAL: ecb_decrypt failed: %s", error_to_string(rv));
+                  }
                 }
               } /* in_data_len>0 */
               else if (has_tmp_block) {
-            RETVAL = newSVpvn((char*)tmp_block, blen);
+                out_data = (unsigned char*)SvGROW(RETVAL, out_len + blen + 1) + out_len;
+                out_len += blen;
+                Copy(tmp_block, out_data, blen, unsigned char);
+              }
             }
             else {
-            RETVAL = newSVpvn("", 0);
+              SvREFCNT_dec(RETVAL);
+              croak("FATAL: call start_decryt or start_encrpyt first (%d)", self->direction);
             }
           }
-
+        }
+        if (out_len > 0) SvCUR_set(RETVAL, out_len);
     }
     OUTPUT:
         RETVAL
 
 SV *
-_finish_dec(Crypt::Mode::ECB self)
+finish(Crypt::Mode::ECB self)
     CODE:
     {
-        unsigned char tmp_block[MAXBLOCKSIZE];
+        unsigned char tmp_block[MAXBLOCKSIZE], ch;
-        unsigned char i;
+        int i, j, rv, blen = (&self->state)->blocklen;
-        int rv, rv_len, blen;
 
-        rv_len = 0;
+        if (self->direction == 1) {
+          if (self->padlen<0 || self->padlen>=blen) croak("FATAL: invalid padlen");
+          if (self->padding_mode == 1) { /* pkcs5|7 padding */
+            i = blen - self->padlen;
+            if (i == 0) i = blen;
+            for(j=self->padlen; j<blen; j++) self->pad[j] = (unsigned char)i;
+            rv = ecb_encrypt(self->pad, tmp_block, blen, &self->state);
+            if (rv != CRYPT_OK) croak("FATAL: ecb_encrypt failed: %s", error_to_string(rv));
+          }
+          else if (self->padding_mode == 2) { /* oneandzeroes padding */
+            self->pad[self->padlen] = 0x80;
+            for(j=self->padlen+1; j<blen; j++) self->pad[j] = 0;
+            rv = ecb_encrypt(self->pad, tmp_block, blen, &self->state);
+            if (rv != CRYPT_OK) croak("FATAL: ecb_encrypt failed: %s", error_to_string(rv));
+          }
+          else {
+            if (self->padlen>0) croak("FATAL: ecb_encrypt, input data length not multiple of %d", blen);
+            blen = 0;
+          }
+        }
+        else if (self->direction == -1) {
           if (self->padlen > 0) {
-          blen = (&self->state)->blocklen;
             if (self->padlen != blen) croak("FATAL: cipher text length has to be multiple of %d (%d)", blen, self->padlen);
             rv = ecb_decrypt(self->pad, tmp_block, blen, &self->state);
             if (rv != CRYPT_OK) croak("FATAL: ecb_decrypt failed: %s", error_to_string(rv));
-          if(self->padding_mode == 0) {         /* no padding */
+            if (self->padding_mode == 0) {         /* no padding */
-            rv_len = blen;
+              /* we already have blen */
             }
-          else if(self->padding_mode == 1) {    /* pkcs5|7 padding */
+            else if (self->padding_mode == 1) {    /* pkcs5|7 padding */
-            i = tmp_block[blen-1];
+              ch = tmp_block[blen-1];
-            rv_len = blen - (i>blen ? blen : i);
+              blen = blen - (ch > blen ? blen : ch);
             }
-          else if(self->padding_mode == 2) {    /* oneandzeroes padding */
+            else if (self->padding_mode == 2) {    /* oneandzeroes padding */
-            rv_len = blen;
+              while ((unsigned char)tmp_block[blen - 1] == 0x00) blen--;
-            while ((unsigned char)tmp_block[rv_len-1] == 0x00) rv_len--;
+              if ((unsigned char)tmp_block[blen - 1] == 0x80) blen--;
-            if ((unsigned char)tmp_block[rv_len-1] == 0x80) rv_len--;
+              if (blen < 0) blen = 0;
-            if (rv_len<0) rv_len = 0;
             }
           }
+          else {
+            blen = 0;
+          }
+        }
+        else {
+           XSRETURN_UNDEF;
+        }
 
         self->direction = 0;
-        RETVAL = newSVpvn((char*)tmp_block, rv_len);
+        RETVAL = newSVpvn((char*)tmp_block, blen);
     }
     OUTPUT:
         RETVAL

inc/CryptX_Mode_OFB.xs.inc

@@ -1,17 +1,22 @@
 MODULE = CryptX         PACKAGE = Crypt::Mode::OFB
 
+PROTOTYPES: DISABLE
+
 ### BEWARE - GENERATED FILE, DO NOT EDIT MANUALLY!
 
 Crypt::Mode::OFB
-_new(char * cipher_name, int rounds=0)
+new(Class, char * cipher_name, int rounds=0)
     CODE:
     {
         Newz(0, RETVAL, 1, struct ofb_struct);
         if (!RETVAL) croak("FATAL: Newz failed");
         RETVAL->direction = 0;
         RETVAL->cipher_rounds = rounds;
-        RETVAL->cipher_id = find_cipher(cipher_name);
+        RETVAL->cipher_id = _find_cipher(cipher_name);
-        if(RETVAL->cipher_id==-1) croak("FATAL: find_cipfer failed for '%s'", cipher_name);
+        if (RETVAL->cipher_id == -1) {
+          Safefree(RETVAL);
+          croak("FATAL: find_cipfer failed for '%s'", cipher_name);
+        }
     }
     OUTPUT:
         RETVAL
@@ -21,16 +26,11 @@ DESTROY(Crypt::Mode::OFB self)
     CODE:
         Safefree(self);
 
-int
-_get_dir(Crypt::Mode::OFB self)
-    CODE:
-        RETVAL = self->direction;
-    OUTPUT:
-        RETVAL
-
 void
-_start(Crypt::Mode::OFB self, int dir, SV * key, SV * iv)
+start_decrypt(Crypt::Mode::OFB self, SV * key, SV * iv)
-    CODE:
+    ALIAS:
+        start_encrypt = 1
+    PPCODE:
     {
         STRLEN k_len=0;
         unsigned char *k=NULL;
@@ -52,45 +52,51 @@ _start(Crypt::Mode::OFB self, int dir, SV * key, SV * iv)
           croak("FATAL: ofb_start failed: %s", error_to_string(rv));
         }
 
-        self->direction = dir;
+        self->direction = ix == 1 ? 1 : -1;
+        XPUSHs(ST(0)); /* return self */
     }
 
 SV *
-_crypt(Crypt::Mode::OFB self, SV * data)
+add(Crypt::Mode::OFB self, ...)
     CODE:
     {
-        int rv;
+        int rv, j;
-        STRLEN in_data_len;
+        STRLEN in_data_len, out_len = 0;
         unsigned char *in_data, *out_data;
 
-        in_data = (unsigned char *)SvPVbyte(data, in_data_len);
-        if (in_data_len==0) {
         RETVAL = newSVpvn("", 0);
-        }
+        for (j = 1; j < items; j++) {
-        else {
+          in_data = (unsigned char *)SvPVbyte(ST(j), in_data_len);
-          RETVAL = NEWSV(0, in_data_len);
+          if (in_data_len > 0) {
-          SvPOK_only(RETVAL);
+            out_data = (unsigned char*)SvGROW(RETVAL, out_len + in_data_len + 1) + out_len;
-          SvCUR_set(RETVAL, in_data_len);
+            out_len += in_data_len;
-          out_data = (unsigned char *)SvPV_nolen(RETVAL);
-
             if (self->direction == 1) {
               rv = ofb_encrypt(in_data, out_data, (unsigned long)in_data_len, &self->state);
-            if (rv != CRYPT_OK) croak("FATAL: ofb_encrypt failed: %s", error_to_string(rv));
+              if (rv != CRYPT_OK) {
+                SvREFCNT_dec(RETVAL);
+                croak("FATAL: ofb_encrypt failed: %s", error_to_string(rv));
+              }
             }
             else if (self->direction == -1) {
               rv = ofb_decrypt(in_data, out_data, (unsigned long)in_data_len, &self->state);
-            if (rv != CRYPT_OK) croak("FATAL: ofb_decrypt failed: %s", error_to_string(rv));
+              if (rv != CRYPT_OK) {
+                SvREFCNT_dec(RETVAL);
+                croak("FATAL: ofb_decrypt failed: %s", error_to_string(rv));
+              }
             }
             else {
+              SvREFCNT_dec(RETVAL);
               croak("FATAL: ofb_crypt failed: call start_encrypt or start_decrypt first");
             }
           }
         }
+        if (out_len > 0) SvCUR_set(RETVAL, out_len);
+    }
     OUTPUT:
         RETVAL
 
 SV *
-_finish(Crypt::Mode::OFB self)
+finish(Crypt::Mode::OFB self)
     CODE:
           self->direction = 0;
           RETVAL = newSVpvn("", 0);

inc/CryptX_PK_DH.xs.inc

@@ -1,7 +1,9 @@
 MODULE = CryptX         PACKAGE = Crypt::PK::DH
 
+PROTOTYPES: DISABLE
+
 Crypt::PK::DH
-_new()
+_new(Class)
     CODE:
     {
         int rv;
@@ -9,40 +11,68 @@ _new()
         if (!RETVAL) croak("FATAL: Newz failed");
         RETVAL->key.type = -1;
         RETVAL->pindex = find_prng("chacha20");
-        if(RETVAL->pindex==-1) croak("FATAL: find_prng('chacha20') failed");
+        if (RETVAL->pindex == -1) {
+          Safefree(RETVAL);
+          croak("FATAL: find_prng('chacha20') failed");
+        }
         rv = rng_make_prng(320, RETVAL->pindex, &RETVAL->pstate, NULL); /* 320bits = 40bytes */
-        if (rv != CRYPT_OK) croak("FATAL: rng_make_prng failed: %s", error_to_string(rv));
+        if (rv != CRYPT_OK) {
+          Safefree(RETVAL);
+          croak("FATAL: rng_make_prng failed: %s", error_to_string(rv));
+        }
     }
     OUTPUT:
         RETVAL
 
 void
-_generate_key(Crypt::PK::DH self, int key_size=256)
+_generate_key_size(Crypt::PK::DH self, int groupsize=256)
     PPCODE:
     {
         int rv;
-        /* gen the key */
+        rv = dh_set_pg_groupsize(groupsize, &self->key);
-        rv = dh_make_key(&self->pstate, self->pindex, key_size, &self->key);
+        if (rv != CRYPT_OK) croak("FATAL: dh_set_pg_groupsize failed: %s", error_to_string(rv));
-        if (rv != CRYPT_OK) croak("FATAL: dh_make_key failed: %s", error_to_string(rv));
+        rv = dh_generate_key(&self->pstate, self->pindex, &self->key);
+        if (rv != CRYPT_OK) croak("FATAL: dh_generate_key failed: %s", error_to_string(rv));
         XPUSHs(ST(0)); /* return self */
     }
 
 void
-_generate_key_ex(Crypt::PK::DH self, SV * g, SV * p)
+_generate_key_gp(Crypt::PK::DH self, char *g, char *p)
     PPCODE:
     {
         int rv;
-        STRLEN p_len = 0;
+        unsigned char pbin[1024], gbin[512];
-        STRLEN g_len = 0;
+        unsigned long plen=sizeof(pbin), glen=sizeof(gbin);
-        unsigned char *p_ptr=NULL;
-        unsigned char *g_ptr=NULL;
 
-        p_ptr = (unsigned char *)SvPVbyte(p, p_len);
+        if (p && strlen(p) > 0 && g && strlen(g) > 0) {
-        g_ptr = (unsigned char *)SvPVbyte(g, g_len);
+          rv = radix_to_bin(p, 16, pbin, &plen);
+          if (rv != CRYPT_OK) croak("FATAL: radix_to_bin(p) failed: %s", error_to_string(rv));
+          rv = radix_to_bin(g, 16, gbin, &glen);
+          if (rv != CRYPT_OK) croak("FATAL: radix_to_bin(g) failed: %s", error_to_string(rv));
 
+          rv = dh_set_pg(pbin, plen, gbin, glen, &self->key);
+          if (rv != CRYPT_OK) croak("FATAL: dh_set_pg failed: %s", error_to_string(rv));
+          rv = dh_generate_key(&self->pstate, self->pindex, &self->key);
+          if (rv != CRYPT_OK) croak("FATAL: dh_generate_key failed: %s", error_to_string(rv));
+        }
+
+        XPUSHs(ST(0)); /* return self */
+    }
+
+void
+_generate_key_dhparam(Crypt::PK::DH self, SV * dhparam)
+    PPCODE:
+    {
+        int rv;
+        unsigned char *data=NULL;
+        STRLEN data_len=0;
+        data = (unsigned char *)SvPVbyte(dhparam, data_len);
+        /* load d p q */
+        rv = dh_set_pg_dhparam(data, (unsigned long)data_len, &self->key);
+        if (rv != CRYPT_OK) croak("FATAL: dh_set_pg_dhparam failed: %s", error_to_string(rv));
         /* gen the key */
-        rv = dh_make_key_ex(&self->pstate, self->pindex, (const char *) g_ptr, (const char *) p_ptr, &self->key);
+        rv = dh_generate_key(&self->pstate, self->pindex, &self->key);
-        if (rv != CRYPT_OK) croak("FATAL: dh_make_key_ex failed: %s", error_to_string(rv));
+        if (rv != CRYPT_OK) croak("FATAL: dh_generate_key failed: %s", error_to_string(rv));
         XPUSHs(ST(0)); /* return self */
     }
 
@@ -68,22 +98,35 @@ _import_raw(Crypt::PK::DH self, SV * raw_key, int type, char * g, char * p)
         int rv;
         unsigned char *data=NULL;
         STRLEN data_len=0;
+        unsigned char pbin[1024], gbin[512];
+        unsigned long plen=sizeof(pbin), glen=sizeof(gbin);
 
         data = (unsigned char *)SvPVbyte(raw_key, data_len);
         if (self->key.type != -1) { dh_free(&self->key); self->key.type = -1; }
-        /* public */
+
+        if (p && strlen(p) > 0 && g && strlen(g) > 0) {
+          rv = radix_to_bin(p, 16, pbin, &plen);
+          if (rv != CRYPT_OK) croak("FATAL: radix_to_bin(p) failed: %s", error_to_string(rv));
+          rv = radix_to_bin(g, 16, gbin, &glen);
+          if (rv != CRYPT_OK) croak("FATAL: radix_to_bin(g) failed: %s", error_to_string(rv));
+
+          rv = dh_set_pg(pbin, plen, gbin, glen, &self->key);
+          if (rv != CRYPT_OK) croak("FATAL: dh_set_pg failed: %s", error_to_string(rv));
+
           if (type == 0) {
-          rv = dh_import_raw(data, (unsigned long)data_len, PK_PUBLIC, g, p, &self->key);
+            /* public */
-          if (rv != CRYPT_OK) croak("FATAL: dh_import_raw failed: %s", error_to_string(rv));
+            rv = dh_set_key(data, (unsigned long)data_len, PK_PUBLIC, &self->key);
+            if (rv != CRYPT_OK) croak("FATAL: dh_set_key failed: %s", error_to_string(rv));
           }
-        /* private */
           else if (type == 1) {
-          rv = dh_import_raw(data, (unsigned long)data_len, PK_PRIVATE, g, p, &self->key);
+            /* private */
-          if (rv != CRYPT_OK) croak("FATAL: dh_import_raw failed: %s", error_to_string(rv));
+            rv = dh_set_key(data, (unsigned long)data_len, PK_PRIVATE, &self->key);
+            if (rv != CRYPT_OK) croak("FATAL: dh_set_key failed: %s", error_to_string(rv));
           }
           else {
             croak("FATAL: import_raw invalid type '%d'", type);
           }
+        }
 
         XPUSHs(ST(0)); /* return self */
     }
@@ -100,7 +143,7 @@ int
 size(Crypt::PK::DH self)
     CODE:
         if (self->key.type == -1) XSRETURN_UNDEF;
-        RETVAL = dh_get_size(&self->key);
+        RETVAL = dh_get_groupsize(&self->key);
     OUTPUT:
         RETVAL
 
@@ -114,7 +157,7 @@ key2hash(Crypt::PK::DH self)
     CODE:
         if (self->key.type == -1) XSRETURN_UNDEF;
         rv_hash = newHV();
-        /* =====> x */
+        /* x */
         siz = (self->key.x) ? mp_unsigned_bin_size(self->key.x) : 0;
         if (siz>10000) {
           croak("FATAL: key2hash failed - 'x' too big number");
@@ -126,7 +169,7 @@ key2hash(Crypt::PK::DH self)
         else{
           not_used = hv_store(rv_hash, "x", 1, newSVpv("", 0), 0);
         }
-        /* =====> y */
+        /* y */
         siz = (self->key.y) ? mp_unsigned_bin_size(self->key.y) : 0;
         if (siz>10000) {
           croak("FATAL: key2hash failed - 'y' too big number");
@@ -138,7 +181,7 @@ key2hash(Crypt::PK::DH self)
         else{
           not_used = hv_store(rv_hash, "y", 1, newSVpv("", 0), 0);
         }
-        /* =====> p */
+        /* p */
         siz = (self->key.prime) ? mp_unsigned_bin_size(self->key.prime) : 0;
         if (siz>10000) {
           croak("FATAL: key2hash failed - 'p' too big number");
@@ -151,7 +194,7 @@ key2hash(Crypt::PK::DH self)
           not_used = hv_store(rv_hash, "p", 1, newSVpv("", 0), 0);
         }
 
-        /* =====> g */
+        /* g */
         siz = (self->key.base) ? mp_unsigned_bin_size(self->key.base) : 0;
         if (siz>10000) {
           croak("FATAL: key2hash failed - 'g' too big number");
@@ -163,11 +206,11 @@ key2hash(Crypt::PK::DH self)
         else {
           not_used = hv_store(rv_hash, "g", 1, newSVpv("", 0), 0);
         }
-        /* =====> size */
+        /* size */
-        not_used = hv_store(rv_hash, "size", 4, newSViv(dh_get_size(&self->key)), 0);
+        not_used = hv_store(rv_hash, "size", 4, newSViv(dh_get_groupsize(&self->key)), 0);
-        /* =====> type */
+        /* type */
         not_used = hv_store(rv_hash, "type", 4, newSViv(self->key.type), 0);
-        if (not_used) not_used = NULL; /* just silence the warning: variable 'not_used' set but not used */
+        LTC_UNUSED_PARAM(not_used);
         RETVAL = newRV_noinc((SV*)rv_hash);
     OUTPUT:
         RETVAL
@@ -182,7 +225,7 @@ params2hash(Crypt::PK::DH self)
     CODE:
         if (self->key.type == -1) XSRETURN_UNDEF;
         rv_hash = newHV();
-        /* =====> p */
+        /* p */
         siz = (self->key.prime) ? mp_unsigned_bin_size(self->key.prime) : 0;
         if (siz>10000) {
           croak("FATAL: key2hash failed - 'p' too big number");
@@ -195,7 +238,7 @@ params2hash(Crypt::PK::DH self)
           not_used = hv_store(rv_hash, "p", 1, newSVpv("", 0), 0);
         }
 
-        /* =====> g */
+        /* g */
         siz = (self->key.base) ? mp_unsigned_bin_size(self->key.base) : 0;
         if (siz>10000) {
           croak("FATAL: key2hash failed - 'g' too big number");
@@ -238,89 +281,6 @@ export_key(Crypt::PK::DH self, char * type)
     OUTPUT:
         RETVAL
 
-SV *
-_encrypt(Crypt::PK::DH self, SV * data, char * hash_name)
-    CODE:
-    {
-        int rv, hash_id;
-        unsigned char *data_ptr=NULL;
-        STRLEN data_len=0;
-        unsigned long buffer_len = 1024;
-        unsigned char buffer[1024];
-
-        data_ptr = (unsigned char *)SvPVbyte(data, data_len);
-
-        hash_id = find_hash(hash_name);
-        if(hash_id==-1) croak("FATAL: find_hash failed for '%s'", hash_name);
-        rv = dh_encrypt_key(data_ptr, (unsigned long)data_len, buffer, &buffer_len,
-                             &self->pstate, self->pindex,
-                             hash_id, &self->key);
-        if (rv != CRYPT_OK) croak("FATAL: dh_encrypt_key failed: %s", error_to_string(rv));
-        RETVAL = newSVpvn((char*)buffer, buffer_len);
-    }
-    OUTPUT:
-        RETVAL
-
-SV *
-_decrypt(Crypt::PK::DH self, SV * data)
-    CODE:
-    {
-        int rv;
-        unsigned char *data_ptr=NULL;
-        STRLEN data_len=0;
-        unsigned long buffer_len = 1024;
-        unsigned char buffer[1024];
-
-        data_ptr = (unsigned char *)SvPVbyte(data, data_len);
-
-        rv = dh_decrypt_key(data_ptr, (unsigned long)data_len, buffer, &buffer_len, &self->key);
-        if (rv != CRYPT_OK) croak("FATAL: dh_decrypt_key failed: %s", error_to_string(rv));
-        RETVAL = newSVpvn((char*)buffer, buffer_len);
-    }
-    OUTPUT:
-        RETVAL
-
-SV *
-_sign(Crypt::PK::DH self, SV * data)
-    CODE:
-    {
-        int rv;
-        unsigned char *data_ptr=NULL;
-        STRLEN data_len=0;
-        unsigned long buffer_len = 1024;
-        unsigned char buffer[1024];
-
-        data_ptr = (unsigned char *)SvPVbyte(data, data_len);
-
-        rv = dh_sign_hash(data_ptr, (unsigned long)data_len, buffer, &buffer_len,
-                           &self->pstate, self->pindex,
-                           &self->key);
-        if (rv != CRYPT_OK) croak("FATAL: dh_sign_hash failed: %s", error_to_string(rv));
-        RETVAL = newSVpvn((char*)buffer, buffer_len);
-    }
-    OUTPUT:
-        RETVAL
-
-int
-_verify(Crypt::PK::DH self, SV * sig, SV * data)
-    CODE:
-    {
-        int rv, stat;
-        unsigned char *data_ptr=NULL;
-        STRLEN data_len=0;
-        unsigned char *sig_ptr=NULL;
-        STRLEN sig_len=0;
-
-        data_ptr = (unsigned char *)SvPVbyte(data, data_len);
-        sig_ptr = (unsigned char *)SvPVbyte(sig, sig_len);
-
-        RETVAL = 1;
-        rv = dh_verify_hash(sig_ptr, (unsigned long)sig_len, data_ptr, (unsigned long)data_len, &stat, &self->key);
-        if (rv != CRYPT_OK || stat != 1) RETVAL = 0;
-    }
-    OUTPUT:
-        RETVAL
-
 SV *
 shared_secret(Crypt::PK::DH self, Crypt::PK::DH pubkey)
     CODE:
@@ -341,79 +301,23 @@ export_key_raw(Crypt::PK::DH self, char * type)
     CODE:
     {
         int rv;
-        unsigned long len, buffer_len = 1024;
+        unsigned char out[1024];
-        unsigned char buffer[1024];
+        unsigned long out_len = 1024;
-	void *key;
 
         RETVAL = newSVpvn(NULL, 0); /* undef */
         if (strnEQ(type, "private", 7)) {
-		key = self->key.x;
+          rv = dh_export_key(out, &out_len, PK_PRIVATE, &self->key);
+          if (rv != CRYPT_OK) croak("FATAL: dh_export_key(PK_PRIVATE) failed: %s", error_to_string(rv));
+          RETVAL = newSVpvn((char*)out, out_len);
         }
         else if (strnEQ(type, "public", 6)) {
-		key = self->key.y;
+          rv = dh_export_key(out, &out_len, PK_PUBLIC, &self->key);
+          if (rv != CRYPT_OK) croak("FATAL: dh_export_key(PK_PUBLIC) failed: %s", error_to_string(rv));
+          RETVAL = newSVpvn((char*)out, out_len);
         }
         else {
           croak("FATAL: export_key_raw: invalid type '%s'", type);
         }
-
-        len = (unsigned long)mp_unsigned_bin_size(key);
-        if (buffer_len < len) {
-            croak("FATAL: %s", error_to_string(CRYPT_BUFFER_OVERFLOW));
-        }
-        rv = mp_to_unsigned_bin(key, buffer);
-        if (rv != CRYPT_OK) croak("FATAL: %s", error_to_string(rv));
-        RETVAL = newSVpvn((char*)buffer, len);
-    }
-    OUTPUT:
-        RETVAL
-
-int
-_is_pubkey_valid(Crypt::PK::DH self);
-    CODE:
-    {
-        int rv, i, bits_set = 0;
-        mp_int one, two, p1, *y;
-        mp_digit digit;
-
-        if ((rv = mp_init_multi(&one, &two, &p1, NULL)) != MP_OKAY) {
-            croak("FATAL: %s", error_to_string(rv));
-        }
-
-        y = self->key.y;
-        mp_set(&one, 1);
-        mp_set(&two, 2);
-
-	/* p1 = p-1 */
-        if ((rv = mp_sub(self->key.prime, &one, &p1)) != MP_OKAY) {
-            croak("FATAL: %s", error_to_string(rv));
-        }
-	/* valid public key cannot be negative */
-        if (y->sign == MP_NEG) {
-            RETVAL = 0;
-        }
-	/* valid public key != 1 */
-        else if (mp_cmp(y, &one) == MP_EQ) {
-            RETVAL = 0;
-        }
-	/* public key cannot be > p-1 */
-        else if (mp_cmp(y, &p1) == MP_GT) {
-            RETVAL = 0;
-        }
-	/* if base == 2, public must have more than one bit set */
-        else if (mp_cmp(self->key.base, &two) == MP_EQ) {
-            for (i = 0; i < y->used; i++) {
-                digit = y->dp[i];
-                while (digit > ((mp_digit) 0)) {
-                    if (digit & ((mp_digit) 1))
-                        bits_set++;
-                    digit >>= ((mp_digit) 1);
-                }
-            }
-            if (bits_set > 1)
-                RETVAL = 1;
-            else RETVAL = 0;
-        }
-        else RETVAL = 1;
     }
     OUTPUT:
         RETVAL
@@ -423,4 +327,3 @@ DESTROY(Crypt::PK::DH self)
     CODE:
         if (self->key.type != -1) { dh_free(&self->key); self->key.type = -1; }
         Safefree(self);
-

inc/CryptX_PK_DSA.xs.inc

@@ -1,7 +1,9 @@
 MODULE = CryptX         PACKAGE = Crypt::PK::DSA
 
+PROTOTYPES: DISABLE
+
 Crypt::PK::DSA
-_new()
+_new(Class)
     CODE:
     {
         int rv;
@@ -9,15 +11,21 @@ _new()
         if (!RETVAL) croak("FATAL: Newz failed");
         RETVAL->key.type = -1;
         RETVAL->pindex = find_prng("chacha20");
-        if(RETVAL->pindex==-1) croak("FATAL: find_prng('chacha20') failed");
+        if (RETVAL->pindex == -1) {
+          Safefree(RETVAL);
+          croak("FATAL: find_prng('chacha20') failed");
+        }
         rv = rng_make_prng(320, RETVAL->pindex, &RETVAL->pstate, NULL); /* 320bits = 40bytes */
-        if (rv != CRYPT_OK) croak("FATAL: rng_make_prng failed: %s", error_to_string(rv));
+        if (rv != CRYPT_OK) {
+          Safefree(RETVAL);
+          croak("FATAL: rng_make_prng failed: %s", error_to_string(rv));
+        }
     }
     OUTPUT:
         RETVAL
 
 void
-generate_key(Crypt::PK::DSA self, int group_size=30, int modulus_size=256)
+_generate_key_size(Crypt::PK::DSA self, int group_size=30, int modulus_size=256)
     PPCODE:
     {
         int rv;
@@ -27,6 +35,48 @@ generate_key(Crypt::PK::DSA self, int group_size=30, int modulus_size=256)
         XPUSHs(ST(0)); /* return self */
     }
 
+void
+_generate_key_dsaparam(Crypt::PK::DSA self, SV * dsaparam)
+    PPCODE:
+    {
+        int rv;
+        unsigned char *data=NULL;
+        STRLEN data_len=0;
+        data = (unsigned char *)SvPVbyte(dsaparam, data_len);
+        /* load d p q */
+        rv = dsa_set_pqg_dsaparam(data, (unsigned long)data_len, &self->key);
+        if (rv != CRYPT_OK) croak("FATAL: dsa_set_pqg_dsaparam failed: %s", error_to_string(rv));
+        /* gen the key */
+        rv = dsa_generate_key(&self->pstate, self->pindex, &self->key);
+        if (rv != CRYPT_OK) croak("FATAL: dsa_generate_key failed: %s", error_to_string(rv));
+        XPUSHs(ST(0)); /* return self */
+    }
+
+void
+_generate_key_pqg_hex(Crypt::PK::DSA self, char *p, char *q, char *g)
+    PPCODE:
+    {
+        int rv;
+        unsigned char pbin[512], qbin[512], gbin[512];
+        unsigned long plen=sizeof(pbin), qlen=sizeof(qbin), glen=sizeof(gbin);
+        if (!p || !strlen(p) || !q || !strlen(q) || !g || !strlen(g)) {
+          croak("FATAL: generate_key_pqg_hex incomplete args");
+        }
+        /* set p q g */
+        rv = radix_to_bin(p, 16, pbin, &plen);
+        if (rv != CRYPT_OK) croak("FATAL: radix_to_bin(p) failed: %s", error_to_string(rv));
+        rv = radix_to_bin(q, 16, qbin, &qlen);
+        if (rv != CRYPT_OK) croak("FATAL: radix_to_bin(q) failed: %s", error_to_string(rv));
+        rv = radix_to_bin(g, 16, gbin, &glen);
+        if (rv != CRYPT_OK) croak("FATAL: radix_to_bin(g) failed: %s", error_to_string(rv));
+        rv = dsa_set_pqg(pbin, plen, qbin, qlen, gbin, glen, &self->key);
+        if (rv != CRYPT_OK) croak("FATAL: dsa_set_pqg failed: %s", error_to_string(rv));
+        /* gen the key */
+        rv = dsa_generate_key(&self->pstate, self->pindex, &self->key);
+        if (rv != CRYPT_OK) croak("FATAL: dsa_generate_key failed: %s", error_to_string(rv));
+        XPUSHs(ST(0)); /* return self */
+    }
+
 void
 _import(Crypt::PK::DSA self, SV * key_data)
     PPCODE:
@@ -47,9 +97,37 @@ _import_hex(Crypt::PK::DSA self, char *p, char *q, char *g, char *x, char *y)
     PPCODE:
     {
         int rv;
+        unsigned char pbin[512], qbin[512], gbin[512], xbin[512], ybin[512];
+        unsigned long plen=sizeof(pbin), qlen=sizeof(qbin), glen=sizeof(gbin), xlen=sizeof(xbin), ylen=sizeof(ybin);
+
         if (self->key.type != -1) { dsa_free(&self->key); self->key.type = -1; }
-        rv = dsa_import_radix(16, p, q, g, x, y, &self->key);
+
-        if (rv != CRYPT_OK) croak("FATAL: dsa_import_radix failed: %s", error_to_string(rv));
+        if (p && strlen(p) > 0 && q && strlen(q) > 0 && g && strlen(g) > 0 && y && strlen(y) > 0) {
+          rv = radix_to_bin(p, 16, pbin, &plen);
+          if (rv != CRYPT_OK) croak("FATAL: radix_to_bin(p) failed: %s", error_to_string(rv));
+          rv = radix_to_bin(q, 16, qbin, &qlen);
+          if (rv != CRYPT_OK) croak("FATAL: radix_to_bin(q) failed: %s", error_to_string(rv));
+          rv = radix_to_bin(g, 16, gbin, &glen);
+          if (rv != CRYPT_OK) croak("FATAL: radix_to_bin(g) failed: %s", error_to_string(rv));
+          rv = dsa_set_pqg(pbin, plen, qbin, qlen, gbin, glen, &self->key);
+          if (rv != CRYPT_OK) croak("FATAL: dsa_set_pqg failed: %s", error_to_string(rv));
+
+          rv = radix_to_bin(y, 16, ybin, &ylen);
+          if (rv != CRYPT_OK) croak("FATAL: radix_to_bin(y) failed: %s", error_to_string(rv));
+          if (x && strlen(x) > 0) {
+            /* private */
+            rv = radix_to_bin(x, 16, xbin, &xlen);
+            if (rv != CRYPT_OK) croak("FATAL: radix_to_bin(x) failed: %s", error_to_string(rv));
+            rv = dsa_set_key(xbin, xlen, PK_PRIVATE, &self->key);
+            if (rv != CRYPT_OK) croak("FATAL: dsa_set_key failed: %s", error_to_string(rv));
+          }
+          else {
+            /* public */
+            rv = dsa_set_key(ybin, ylen, PK_PUBLIC, &self->key);
+            if (rv != CRYPT_OK) croak("FATAL: dsa_set_key failed: %s", error_to_string(rv));
+          }
+        }
+
         XPUSHs(ST(0)); /* return self */
     }
 
@@ -65,7 +143,7 @@ int
 size(Crypt::PK::DSA self)
     CODE:
         if (self->key.type == -1 || self->key.qord <= 0) XSRETURN_UNDEF;
-        RETVAL = mp_unsigned_bin_size(self->key.g);
+        RETVAL = mp_unsigned_bin_size(self->key.p);
     OUTPUT:
         RETVAL
 
@@ -73,7 +151,7 @@ int
 size_q(Crypt::PK::DSA self)
     CODE:
         if (self->key.type == -1 || self->key.qord <= 0) XSRETURN_UNDEF;
-        RETVAL = self->key.qord;
+        RETVAL = mp_unsigned_bin_size(self->key.q);
     OUTPUT:
         RETVAL
 
@@ -89,7 +167,7 @@ key2hash(Crypt::PK::DSA self)
         qsize = mp_unsigned_bin_size(self->key.q);
         psize = mp_unsigned_bin_size(self->key.p);
         rv_hash = newHV();
-        /* =====> g */
+        /* g */
         siz = (self->key.g) ? mp_unsigned_bin_size(self->key.g) : 0;
         if (siz>10000) {
           croak("FATAL: key2hash failed - 'g' too big number");
@@ -101,7 +179,7 @@ key2hash(Crypt::PK::DSA self)
         else{
           not_used = hv_store(rv_hash, "g", 1, newSVpv("", 0), 0);
         }
-        /* =====> q */
+        /* q */
         siz = (self->key.q) ? mp_unsigned_bin_size(self->key.q) : 0;
         if (siz>10000) {
           croak("FATAL: key2hash failed - 'q' too big number");
@@ -113,7 +191,7 @@ key2hash(Crypt::PK::DSA self)
         else{
           not_used = hv_store(rv_hash, "q", 1, newSVpv("", 0), 0);
         }
-        /* =====> p */
+        /* p */
         siz = (self->key.p) ? mp_unsigned_bin_size(self->key.p) : 0;
         if (siz>10000) {
           croak("FATAL: key2hash failed - 'p' too big number");
@@ -125,7 +203,7 @@ key2hash(Crypt::PK::DSA self)
         else{
           not_used = hv_store(rv_hash, "p", 1, newSVpv("", 0), 0);
         }
-        /* =====> x */
+        /* x */
         siz = (self->key.x) ? mp_unsigned_bin_size(self->key.x) : 0;
         if (siz>10000) {
           croak("FATAL: key2hash failed - 'x' too big number");
@@ -137,7 +215,7 @@ key2hash(Crypt::PK::DSA self)
         else{
           not_used = hv_store(rv_hash, "x", 1, newSVpv("", 0), 0);
         }
-        /* =====> y */
+        /* y */
         siz = (self->key.y) ? mp_unsigned_bin_size(self->key.y) : 0;
         if (siz>10000) {
           croak("FATAL: key2hash failed - 'y' too big number");
@@ -149,11 +227,11 @@ key2hash(Crypt::PK::DSA self)
         else{
           not_used = hv_store(rv_hash, "y", 1, newSVpv("", 0), 0);
         }
-        /* =====> size */
+        /* size */
         not_used = hv_store(rv_hash, "size", 4, newSViv(qsize), 0);
-        /* =====> type */
+        /* type */
         not_used = hv_store(rv_hash, "type", 4, newSViv(self->key.type), 0);
-        if (not_used) not_used = NULL; /* just silence the warning: variable 'not_used' set but not used */
+        LTC_UNUSED_PARAM(not_used);
         RETVAL = newRV_noinc((SV*)rv_hash);
     OUTPUT:
         RETVAL
@@ -185,7 +263,7 @@ export_key_der(Crypt::PK::DSA self, char * type)
         RETVAL
 
 SV *
-_encrypt(Crypt::PK::DSA self, SV * data, char * hash_name)
+encrypt(Crypt::PK::DSA self, SV * data, const char * hash_name = "SHA1")
     CODE:
     {
         int rv, hash_id;
@@ -196,8 +274,8 @@ _encrypt(Crypt::PK::DSA self, SV * data, char * hash_name)
 
         data_ptr = (unsigned char *)SvPVbyte(data, data_len);
 
-        hash_id = find_hash(hash_name);
+        hash_id = _find_hash(hash_name);
-        if(hash_id==-1) croak("FATAL: find_hash failed for '%s'", hash_name);
+        if (hash_id == -1) croak("FATAL: find_hash failed for '%s'", hash_name);
         rv = dsa_encrypt_key(data_ptr, (unsigned long)data_len, buffer, &buffer_len,
                              &self->pstate, self->pindex,
                              hash_id, &self->key);
@@ -208,7 +286,7 @@ _encrypt(Crypt::PK::DSA self, SV * data, char * hash_name)
         RETVAL
 
 SV *
-_decrypt(Crypt::PK::DSA self, SV * data)
+decrypt(Crypt::PK::DSA self, SV * data)
     CODE:
     {
         int rv;
@@ -227,17 +305,25 @@ _decrypt(Crypt::PK::DSA self, SV * data)
         RETVAL
 
 SV *
-_sign(Crypt::PK::DSA self, SV * data)
+sign_hash(Crypt::PK::DSA self, SV * data, const char * hash_name = "SHA1")
+    ALIAS:
+        sign_message = 1
     CODE:
     {
-        int rv;
+        int rv, id;
-        unsigned char *data_ptr=NULL;
+        unsigned char buffer[1024], tmp[MAXBLOCKSIZE], *data_ptr = NULL;
-        STRLEN data_len=0;
+        unsigned long tmp_len = MAXBLOCKSIZE, buffer_len = 1024;
-        unsigned char buffer[1024];
+        STRLEN data_len = 0;
-        unsigned long buffer_len = 1024;
 
         data_ptr = (unsigned char *)SvPVbyte(data, data_len);
-
+        if (ix == 1) {
+          id = _find_hash(hash_name);
+          if (id == -1) croak("FATAL: find_hash failed for '%s'", hash_name);
+          rv = hash_memory(id, data_ptr, (unsigned long)data_len, tmp, &tmp_len);
+          if (rv != CRYPT_OK) croak("FATAL: hash_memory failed: %s", error_to_string(rv));
+          data_ptr = tmp;
+          data_len = tmp_len;
+        }
         rv = dsa_sign_hash(data_ptr, (unsigned long)data_len, buffer, &buffer_len,
                            &self->pstate, self->pindex,
                            &self->key);
@@ -248,19 +334,28 @@ _sign(Crypt::PK::DSA self, SV * data)
         RETVAL
 
 int
-_verify(Crypt::PK::DSA self, SV * sig, SV * data)
+verify_hash(Crypt::PK::DSA self, SV * sig, SV * data, const char * hash_name = "SHA1")
+    ALIAS:
+        verify_message = 1
     CODE:
     {
-        int rv, stat;
+        int rv, stat, id;
-        unsigned char *data_ptr=NULL;
+        unsigned char tmp[MAXBLOCKSIZE], *data_ptr = NULL, *sig_ptr = NULL;
-        STRLEN data_len=0;
+        unsigned long tmp_len = MAXBLOCKSIZE;
-        unsigned char *sig_ptr=NULL;
+        STRLEN data_len = 0, sig_len = 0;
-        STRLEN sig_len=0;
 
         data_ptr = (unsigned char *)SvPVbyte(data, data_len);
         sig_ptr = (unsigned char *)SvPVbyte(sig, sig_len);
-
+        if (ix == 1) {
+          id = _find_hash(hash_name);
+          if (id == -1) croak("FATAL: find_hash failed for '%s'", hash_name);
+          rv = hash_memory(id, data_ptr, (unsigned long)data_len, tmp, &tmp_len);
+          if (rv != CRYPT_OK) croak("FATAL: hash_memory failed: %s", error_to_string(rv));
+          data_ptr = tmp;
+          data_len = tmp_len;
+        }
         RETVAL = 1;
+        stat = 0;
         rv = dsa_verify_hash(sig_ptr, (unsigned long)sig_len, data_ptr, (unsigned long)data_len, &stat, &self->key);
         if (rv != CRYPT_OK || stat != 1) RETVAL = 0;
     }

inc/CryptX_PK_ECC.xs.inc

@@ -1,7 +1,9 @@
 MODULE = CryptX         PACKAGE = Crypt::PK::ECC
 
+PROTOTYPES: DISABLE
+
 Crypt::PK::ECC
-_new()
+_new(Class)
     CODE:
     {
         int rv;
@@ -9,10 +11,15 @@ _new()
         if (!RETVAL) croak("FATAL: Newz failed");
         RETVAL->pindex = find_prng("chacha20");
         RETVAL->key.type = -1;
-        ecc_dp_init(&RETVAL->dp);
+        if (RETVAL->pindex == -1) {
-        if(RETVAL->pindex==-1) croak("FATAL: find_prng('chacha20') failed");
+          Safefree(RETVAL);
+          croak("FATAL: find_prng('chacha20') failed");
+        }
         rv = rng_make_prng(320, RETVAL->pindex, &RETVAL->pstate, NULL); /* 320bits = 40bytes */
-        if (rv != CRYPT_OK) croak("FATAL: rng_make_prng failed: %s", error_to_string(rv));
+        if (rv != CRYPT_OK) {
+          Safefree(RETVAL);
+          croak("FATAL: rng_make_prng failed: %s", error_to_string(rv));
+        }
     }
     OUTPUT:
         RETVAL
@@ -23,10 +30,11 @@ generate_key(Crypt::PK::ECC self, SV *curve)
     {
         int rv;
         /* setup dp structure */
-        _ecc_set_dp_from_SV(&self->dp, curve); /* croaks on error */
+        rv = _ecc_set_dp_from_SV(&self->key, curve); /* croaks on error */
+        if (rv != CRYPT_OK) croak("FATAL: ecc_set_dp failed: %s", error_to_string(rv));
         /* gen the key */
-        rv = ecc_make_key_ex(&self->pstate, self->pindex, &self->key, &self->dp);
+        rv = ecc_generate_key(&self->pstate, self->pindex, &self->key);
-        if (rv != CRYPT_OK) croak("FATAL: ecc_make_key_ex failed: %s", error_to_string(rv));
+        if (rv != CRYPT_OK) croak("FATAL: ecc_generate_key failed: %s", error_to_string(rv));
         XPUSHs(ST(0)); /* return self */
     }
 
@@ -39,14 +47,32 @@ _import(Crypt::PK::ECC self, SV * key_data)
         STRLEN data_len=0;
 
         data = (unsigned char *)SvPVbyte(key_data, data_len);
-        _ecc_free_key(&self->key, &self->dp);
+        if (self->key.type != -1) { ecc_free(&self->key); self->key.type = -1; }
-        rv = ecc_import_full(data, (unsigned long)data_len, &self->key, &self->dp);
+        rv = ecc_import_openssl(data, (unsigned long)data_len, &self->key);
-        if (rv != CRYPT_OK) croak("FATAL: ecc_import_full failed: %s", error_to_string(rv));
+        if (rv != CRYPT_OK) croak("FATAL: ecc_import_openssl failed: %s", error_to_string(rv));
         XPUSHs(ST(0)); /* return self */
     }
 
 void
-_import_pkcs8(Crypt::PK::ECC self, SV * key_data)
+_import_pkcs8(Crypt::PK::ECC self, SV * key_data, SV * passwd)
+    PPCODE:
+    {
+        int rv;
+        unsigned char *data=NULL, *pwd=NULL;
+        STRLEN data_len=0, pwd_len=0;
+
+        data = (unsigned char *)SvPVbyte(key_data, data_len);
+        if (SvOK(passwd)) {
+          pwd = (unsigned char *)SvPVbyte(passwd, pwd_len);
+        }
+        if (self->key.type != -1) { ecc_free(&self->key); self->key.type = -1; }
+        rv = ecc_import_pkcs8(data, (unsigned long)data_len, pwd, (unsigned long)pwd_len, &self->key);
+        if (rv != CRYPT_OK) croak("FATAL: ecc_import_pkcs8 failed: %s", error_to_string(rv));
+        XPUSHs(ST(0)); /* return self */
+    }
+
+void
+_import_x509(Crypt::PK::ECC self, SV * key_data)
     PPCODE:
     {
         int rv;
@@ -54,9 +80,9 @@ _import_pkcs8(Crypt::PK::ECC self, SV * key_data)
         STRLEN data_len=0;
 
         data = (unsigned char *)SvPVbyte(key_data, data_len);
-        _ecc_free_key(&self->key, &self->dp);
+        if (self->key.type != -1) { ecc_free(&self->key); self->key.type = -1; }
-        rv = ecc_import_pkcs8(data, (unsigned long)data_len, NULL, 0, &self->key, &self->dp);
+        rv = ecc_import_x509(data, (unsigned long)data_len, &self->key);
-        if (rv != CRYPT_OK) croak("FATAL: ecc_import_pkcs8 failed: %s", error_to_string(rv));
+        if (rv != CRYPT_OK) croak("FATAL: ecc_import_x509 failed: %s", error_to_string(rv));
         XPUSHs(ST(0)); /* return self */
     }
 
@@ -64,17 +90,19 @@ void
 import_key_raw(Crypt::PK::ECC self, SV * key_data, SV * curve)
     PPCODE:
     {
-        int rv;
+        int rv, type;
         unsigned char *data=NULL;
         STRLEN data_len=0;
 
         data = (unsigned char *)SvPVbyte(key_data, data_len);
-        _ecc_free_key(&self->key, &self->dp);
+        if (self->key.type != -1) { ecc_free(&self->key); self->key.type = -1; }
-        
+        /* setup dp structure */
-        _ecc_set_dp_from_SV(&self->dp, curve); /* croaks on error */
+        rv = _ecc_set_dp_from_SV(&self->key, curve); /* croaks on error */
-        
+        if (rv != CRYPT_OK) croak("FATAL: ecc_set_dp failed: %s", error_to_string(rv));
-        rv = ecc_import_raw(data, (unsigned long)data_len, &self->key, &self->dp);
+        /* import key */
-        if (rv != CRYPT_OK) croak("FATAL: ecc_import_raw failed: %s", error_to_string(rv));
+        type = (data_len == (STRLEN)ecc_get_size(&self->key)) ? PK_PRIVATE : PK_PUBLIC;
+        rv = ecc_set_key(data, (unsigned long)data_len, type, &self->key);
+        if (rv != CRYPT_OK) croak("FATAL: ecc_set_key failed: %s", error_to_string(rv));
         XPUSHs(ST(0)); /* return self */
     }
 
@@ -105,7 +133,7 @@ key2hash(Crypt::PK::ECC self)
         if (self->key.type == -1) XSRETURN_UNDEF;
         esize = ecc_get_size(&self->key);
         rv_hash = newHV();
-        /* =====> k */
+        /* k */
         siz = (self->key.k) ? mp_unsigned_bin_size(self->key.k) : 0;
         if (siz>10000) {
           croak("FATAL: key2hash failed - 'k' too big number");
@@ -117,7 +145,7 @@ key2hash(Crypt::PK::ECC self)
         else{
           not_used = hv_store(rv_hash, "k", 1, newSVpv("", 0), 0);
         }
-        /* =====> pub_x */
+        /* pub_x */
         siz = (self->key.pubkey.x) ? mp_unsigned_bin_size(self->key.pubkey.x) : 0;
         if (siz>10000) {
           croak("FATAL: key2hash failed - 'pub_x' too big number");
@@ -129,7 +157,7 @@ key2hash(Crypt::PK::ECC self)
         else{
           not_used = hv_store(rv_hash, "pub_x", 5, newSVpv("", 0), 0);
         }
-        /* =====> pub_y */
+        /* pub_y */
         siz = (self->key.pubkey.y) ? mp_unsigned_bin_size(self->key.pubkey.y) : 0;
         if (siz>10000) {
           croak("FATAL: key2hash failed - 'pub_y' too big number");
@@ -141,62 +169,56 @@ key2hash(Crypt::PK::ECC self)
         else{
           not_used = hv_store(rv_hash, "pub_y", 5, newSVpv("", 0), 0);
         }
-        /* =====> curve_... */
+        /* curve_... */
-        if (self->key.dp) {
+        {
-          not_used = hv_store(rv_hash, "curve_cofactor", 14, newSViv(self->key.dp->cofactor), 0);
+          not_used = hv_store(rv_hash, "curve_cofactor",                14, newSViv(self->key.dp.cofactor), 0);
-          /* prepend leading zero if we have odd number of hexadecimal digits */
+          mp_tohex_with_leading_zero(self->key.dp.prime, buf, 20000, 0);
-          strncpy(buf, self->key.dp->prime, 20000); str_add_leading_zero(buf, 20000, 0);
           not_used = hv_store(rv_hash, "curve_prime",                   11, newSVpv(buf, strlen(buf)), 0);
-          strncpy(buf, self->key.dp->A,     20000); str_add_leading_zero(buf, 20000, 0);
+          mp_tohex_with_leading_zero(self->key.dp.A, buf, 20000, 0);
           not_used = hv_store(rv_hash, "curve_A",                        7, newSVpv(buf, strlen(buf)), 0);
-          strncpy(buf, self->key.dp->B,     20000); str_add_leading_zero(buf, 20000, 0);
+          mp_tohex_with_leading_zero(self->key.dp.B, buf, 20000, 0);
           not_used = hv_store(rv_hash, "curve_B",                        7, newSVpv(buf, strlen(buf)), 0);
-          strncpy(buf, self->key.dp->order, 20000); str_add_leading_zero(buf, 20000, 0);
+          mp_tohex_with_leading_zero(self->key.dp.order, buf, 20000, 0);
           not_used = hv_store(rv_hash, "curve_order",                   11, newSVpv(buf, strlen(buf)), 0);
-          strncpy(buf, self->key.dp->Gx,    20000); str_add_leading_zero(buf, 20000, 0);
+          mp_tohex_with_leading_zero(self->key.dp.base.x, buf, 20000, 0);
           not_used = hv_store(rv_hash, "curve_Gx",                       8, newSVpv(buf, strlen(buf)), 0);
-          strncpy(buf, self->key.dp->Gy,    20000); str_add_leading_zero(buf, 20000, 0);
+          mp_tohex_with_leading_zero(self->key.dp.base.y, buf, 20000, 0);
           not_used = hv_store(rv_hash, "curve_Gy",                       8, newSVpv(buf, strlen(buf)), 0);
-          /* OLD approach
+          not_used = hv_store(rv_hash, "curve_bytes",                   11, newSViv(mp_unsigned_bin_size(self->key.dp.prime)), 0);
-            not_used = hv_store(rv_hash, "curve_prime", 11, newSVpv(self->key.dp->prime, strlen(self->key.dp->prime)), 0);
+          not_used = hv_store(rv_hash, "curve_bits",                    10, newSViv(mp_count_bits(self->key.dp.prime)), 0);
-            not_used = hv_store(rv_hash, "curve_A",      7, newSVpv(self->key.dp->A,     strlen(self->key.dp->A)), 0);
-            not_used = hv_store(rv_hash, "curve_B",      7, newSVpv(self->key.dp->B,     strlen(self->key.dp->B)), 0);
-            not_used = hv_store(rv_hash, "curve_order", 11, newSVpv(self->key.dp->order, strlen(self->key.dp->order)), 0);
-            not_used = hv_store(rv_hash, "curve_Gx",     8, newSVpv(self->key.dp->Gx,    strlen(self->key.dp->Gx)), 0);
-            not_used = hv_store(rv_hash, "curve_Gy",     8, newSVpv(self->key.dp->Gy,    strlen(self->key.dp->Gy)), 0);
-          */
-          {
-            mp_int p_num;
-            mp_init(&p_num);
-            mp_read_radix(&p_num, self->key.dp->prime, 16);
-            not_used = hv_store(rv_hash, "curve_bytes", 11, newSViv(mp_unsigned_bin_size(&p_num)), 0);
-            not_used = hv_store(rv_hash, "curve_bits",  10, newSViv(mp_count_bits(&p_num)), 0);
-            mp_clear(&p_num);
-          }
-          {
-            unsigned long i;
-            SV *name;
-            char *name_ptr;
-            STRLEN name_len;
 
-            name = newSVpv(self->key.dp->name,  strlen(self->key.dp->name));
+          if (self->key.dp.oidlen > 0) {
-            name_ptr = SvPV(name, name_len);
-            for (i=0; i<name_len && name_ptr[i]>0; i++) name_ptr[i] = toLOWER(name_ptr[i]);
-            not_used = hv_store(rv_hash, "curve_name", 10, name, 0);
-          }
-          if (self->key.dp->oid.OIDlen > 0) {
             unsigned long i;
+            HV *h;
+            SV **pref, *cname;
+            char *cname_ptr, *oid_ptr;
+            STRLEN cname_len;
+
+            /* OID -> "curve_oid" */
             SV *oid = newSVpv("", 0);
-            for(i = 0; i < self->key.dp->oid.OIDlen - 1; i++) sv_catpvf(oid, "%lu.", self->key.dp->oid.OID[i]);
+            for(i = 0; i < self->key.dp.oidlen - 1; i++) sv_catpvf(oid, "%lu.", self->key.dp.oid[i]);
-            sv_catpvf(oid, "%lu", self->key.dp->oid.OID[i]);
+            sv_catpvf(oid, "%lu", self->key.dp.oid[i]);
+            oid_ptr = SvPVX(oid);
             not_used = hv_store(rv_hash, "curve_oid", 9, oid, 0);
+
+            /* curve name -> "curve_name" */
+            if ((h = get_hv("Crypt::PK::ECC::curve2ltc", 0)) != NULL) {
+              pref = hv_fetch(h, oid_ptr, (U32)strlen(oid_ptr), 0);
+              if (pref) {
+                cname_ptr = SvPV(*pref, cname_len);
+                cname = newSVpv(cname_ptr, cname_len);
+                cname_ptr = SvPVX(cname);
+                for (i=0; i<cname_len && cname_ptr[i]>0; i++) cname_ptr[i] = toLOWER(cname_ptr[i]);
+                not_used = hv_store(rv_hash, "curve_name", 10, cname, 0);
               }
             }
-        /* =====> size */
+          }
+        }
+        /* size */
         not_used = hv_store(rv_hash, "size", 4, newSViv(esize), 0);
-        /* =====> type */
+        /* type */
         not_used = hv_store(rv_hash, "type", 4, newSViv(self->key.type), 0);
-        if (not_used) not_used = NULL; /* just silence the warning: variable 'not_used' set but not used */
+        LTC_UNUSED_PARAM(not_used);
         RETVAL = newRV_noinc((SV*)rv_hash);
     OUTPUT:
         RETVAL
@@ -209,25 +231,35 @@ export_key_der(Crypt::PK::ECC self, char * type)
         unsigned char out[4096];
         unsigned long int out_len = 4096;
 
-        RETVAL = newSVpvn(NULL, 0); /* undef */
+        if (self->key.type == -1) croak("FATAL: export_key_der no key");
         if (strnEQ(type, "private_short", 16)) {
-          rv = ecc_export_full(out, &out_len, PK_PRIVATE|PK_CURVEOID, &self->key);
+          rv = ecc_export_openssl(out, &out_len, PK_PRIVATE|PK_CURVEOID, &self->key);
-          if (rv != CRYPT_OK) croak("FATAL: ecc_export(PK_PRIVATE|PK_CURVEOID) failed: %s", error_to_string(rv));
+          if (rv != CRYPT_OK) croak("FATAL: ecc_export_openssl(PK_PRIVATE|PK_CURVEOID) failed: %s", error_to_string(rv));
+          RETVAL = newSVpvn((char*)out, out_len);
+        }
+        else if (strnEQ(type, "private_compressed", 16)) {
+          rv = ecc_export_openssl(out, &out_len, PK_PRIVATE|PK_CURVEOID|PK_COMPRESSED, &self->key);
+          if (rv != CRYPT_OK) croak("FATAL: ecc_export_openssl(PK_PRIVATE|PK_CURVEOID|PK_COMPRESSED) failed: %s", error_to_string(rv));
           RETVAL = newSVpvn((char*)out, out_len);
         }
         else if (strnEQ(type, "private", 7)) {
-          rv = ecc_export_full(out, &out_len, PK_PRIVATE, &self->key);
+          rv = ecc_export_openssl(out, &out_len, PK_PRIVATE, &self->key);
-          if (rv != CRYPT_OK) croak("FATAL: ecc_export(PK_PRIVATE) failed: %s", error_to_string(rv));
+          if (rv != CRYPT_OK) croak("FATAL: ecc_export_openssl(PK_PRIVATE) failed: %s", error_to_string(rv));
+          RETVAL = newSVpvn((char*)out, out_len);
+        }
+        else if (strnEQ(type, "public_compressed", 15)) {
+          rv = ecc_export_openssl(out, &out_len, PK_PUBLIC|PK_CURVEOID|PK_COMPRESSED, &self->key);
+          if (rv != CRYPT_OK) croak("FATAL: ecc_export_openssl(PK_PUBLIC|PK_CURVEOID|PK_COMPRESSED) failed: %s", error_to_string(rv));
           RETVAL = newSVpvn((char*)out, out_len);
         }
         else if (strnEQ(type, "public_short", 15)) {
-          rv = ecc_export_full(out, &out_len, PK_PUBLIC|PK_CURVEOID, &self->key);
+          rv = ecc_export_openssl(out, &out_len, PK_PUBLIC|PK_CURVEOID, &self->key);
-          if (rv != CRYPT_OK) croak("FATAL: ecc_export(PK_PUBLIC|PK_CURVEOID) failed: %s", error_to_string(rv));
+          if (rv != CRYPT_OK) croak("FATAL: ecc_export_openssl(PK_PUBLIC|PK_CURVEOID) failed: %s", error_to_string(rv));
           RETVAL = newSVpvn((char*)out, out_len);
         }
         else if (strnEQ(type, "public", 6)) {
-          rv = ecc_export_full(out, &out_len, PK_PUBLIC, &self->key);
+          rv = ecc_export_openssl(out, &out_len, PK_PUBLIC, &self->key);
-          if (rv != CRYPT_OK) croak("FATAL: ecc_export(PK_PUBLIC) failed: %s", error_to_string(rv));
+          if (rv != CRYPT_OK) croak("FATAL: ecc_export_openssl(PK_PUBLIC) failed: %s", error_to_string(rv));
           RETVAL = newSVpvn((char*)out, out_len);
         }
         else {
@@ -245,20 +277,20 @@ export_key_raw(Crypt::PK::ECC self, char * type)
         unsigned char out[4096];
         unsigned long int out_len = sizeof(out);
 
-        RETVAL = newSVpvn(NULL, 0); /* undef */
+        if (self->key.type == -1) croak("FATAL: export_key_der no key");
         if (strnEQ(type, "private", 7)) {
-          rv = ecc_export_raw(out, &out_len, PK_PRIVATE, &self->key);
+          rv = ecc_get_key(out, &out_len, PK_PRIVATE, &self->key);
-          if (rv != CRYPT_OK) croak("FATAL: ecc_export_raw(private) failed: %s", error_to_string(rv));
+          if (rv != CRYPT_OK) croak("FATAL: ecc_get_key(private) failed: %s", error_to_string(rv));
           RETVAL = newSVpvn((char*)out, out_len);
         }
         else if (strnEQ(type, "public_compressed", 17)) {
-          rv = ecc_export_raw(out, &out_len, PK_PUBLIC_COMPRESSED, &self->key);
+          rv = ecc_get_key(out, &out_len, PK_PUBLIC|PK_COMPRESSED, &self->key);
-          if (rv != CRYPT_OK) croak("FATAL: ecc_export_raw(public_compressed) failed: %s", error_to_string(rv));
+          if (rv != CRYPT_OK) croak("FATAL: ecc_get_key(public_compressed) failed: %s", error_to_string(rv));
           RETVAL = newSVpvn((char*)out, out_len);
         }
         else if (strnEQ(type, "public", 6)) {
-          rv = ecc_export_raw(out, &out_len, PK_PUBLIC, &self->key);
+          rv = ecc_get_key(out, &out_len, PK_PUBLIC, &self->key);
-          if (rv != CRYPT_OK) croak("FATAL: ecc_export_raw(public) failed: %s", error_to_string(rv));
+          if (rv != CRYPT_OK) croak("FATAL: ecc_get_key(public) failed: %s", error_to_string(rv));
           RETVAL = newSVpvn((char*)out, out_len);
         }
         else {
@@ -269,7 +301,7 @@ export_key_raw(Crypt::PK::ECC self, char * type)
         RETVAL
 
 SV *
-_encrypt(Crypt::PK::ECC self, SV * data, char * hash_name)
+encrypt(Crypt::PK::ECC self, SV * data, const char * hash_name = "SHA1")
     CODE:
     {
         int rv, hash_id;
@@ -280,8 +312,8 @@ _encrypt(Crypt::PK::ECC self, SV * data, char * hash_name)
 
         data_ptr = (unsigned char *)SvPVbyte(data, data_len);
 
-        hash_id = find_hash(hash_name);
+        hash_id = _find_hash(hash_name);
-        if(hash_id==-1) croak("FATAL: find_hash failed for '%s'", hash_name);
+        if (hash_id == -1) croak("FATAL: find_hash failed for '%s'", hash_name);
         rv = ecc_encrypt_key(data_ptr, (unsigned long)data_len, buffer, &buffer_len,
                              &self->pstate, self->pindex,
                              hash_id, &self->key);
@@ -292,7 +324,7 @@ _encrypt(Crypt::PK::ECC self, SV * data, char * hash_name)
         RETVAL
 
 SV *
-_decrypt(Crypt::PK::ECC self, SV * data)
+decrypt(Crypt::PK::ECC self, SV * data)
     CODE:
     {
         int rv;
@@ -311,20 +343,28 @@ _decrypt(Crypt::PK::ECC self, SV * data)
         RETVAL
 
 SV *
-_sign(Crypt::PK::ECC self, SV * data)
+sign_hash(Crypt::PK::ECC self, SV * data, const char * hash_name = "SHA1")
     ALIAS:
-        _sign_rfc7518 = 1
+        sign_hash_rfc7518    = 3
+        sign_message         = 1
+        sign_message_rfc7518 = 2
     CODE:
     {
-        int rv;
+        int rv, id;
-        unsigned char *data_ptr=NULL;
+        unsigned char buffer[1024], tmp[MAXBLOCKSIZE], *data_ptr = NULL;
-        STRLEN data_len=0;
+        unsigned long tmp_len = MAXBLOCKSIZE, buffer_len = 1024;
-        unsigned char buffer[1024];
+        STRLEN data_len = 0;
-        unsigned long buffer_len = 1024;
 
         data_ptr = (unsigned char *)SvPVbyte(data, data_len);
-
+        if (ix == 1 || ix == 2) {
-        if (ix == 1) {
+          id = _find_hash(hash_name);
+          if (id == -1) croak("FATAL: find_hash failed for '%s'", hash_name);
+          rv = hash_memory(id, data_ptr, (unsigned long)data_len, tmp, &tmp_len);
+          if (rv != CRYPT_OK) croak("FATAL: hash_memory failed: %s", error_to_string(rv));
+          data_ptr = tmp;
+          data_len = tmp_len;
+        }
+        if (ix == 2 || ix == 3) {
           rv = ecc_sign_hash_rfc7518(data_ptr, (unsigned long)data_len, buffer, &buffer_len,
                              &self->pstate, self->pindex,
                              &self->key);
@@ -341,22 +381,31 @@ _sign(Crypt::PK::ECC self, SV * data)
         RETVAL
 
 int
-_verify(Crypt::PK::ECC self, SV * sig, SV * data)
+verify_hash(Crypt::PK::ECC self, SV * sig, SV * data, const char * hash_name = "SHA1")
     ALIAS:
-        _verify_rfc7518 = 1
+        verify_hash_rfc7518    = 3
+        verify_message         = 1
+        verify_message_rfc7518 = 2
     CODE:
     {
-        int rv, stat;
+        int rv, stat, id;
-        unsigned char *data_ptr=NULL;
+        unsigned char tmp[MAXBLOCKSIZE], *data_ptr = NULL, *sig_ptr = NULL;
-        STRLEN data_len=0;
+        unsigned long tmp_len = MAXBLOCKSIZE;
-        unsigned char *sig_ptr=NULL;
+        STRLEN data_len = 0, sig_len = 0;
-        STRLEN sig_len=0;
 
         data_ptr = (unsigned char *)SvPVbyte(data, data_len);
         sig_ptr = (unsigned char *)SvPVbyte(sig, sig_len);
-
+        if (ix == 1 || ix == 2) {
+          id = _find_hash(hash_name);
+          if (id == -1) croak("FATAL: find_hash failed for '%s'", hash_name);
+          rv = hash_memory(id, data_ptr, (unsigned long)data_len, tmp, &tmp_len);
+          if (rv != CRYPT_OK) croak("FATAL: hash_memory failed: %s", error_to_string(rv));
+          data_ptr = tmp;
+          data_len = tmp_len;
+        }
         RETVAL = 1;
-        if (ix == 1) {
+        stat = 0;
+        if (ix == 2 || ix == 3) {
           rv = ecc_verify_hash_rfc7518(sig_ptr, (unsigned long)sig_len, data_ptr, (unsigned long)data_len, &stat, &self->key);
         }
         else {
@@ -385,6 +434,6 @@ shared_secret(Crypt::PK::ECC self, Crypt::PK::ECC pubkey)
 void
 DESTROY(Crypt::PK::ECC self)
     CODE:
-        _ecc_free_key(&self->key, &self->dp);
+        if (self->key.type != -1) { ecc_free(&self->key); self->key.type = -1; }
         Safefree(self);
 

inc/CryptX_PK_RSA.xs.inc

@@ -1,7 +1,9 @@
 MODULE = CryptX         PACKAGE = Crypt::PK::RSA
 
+PROTOTYPES: DISABLE
+
 Crypt::PK::RSA
-_new()
+_new(Class)
     CODE:
     {
         int rv;
@@ -9,9 +11,15 @@ _new()
         if (!RETVAL) croak("FATAL: Newz failed");
         RETVAL->key.type = -1;
         RETVAL->pindex = find_prng("chacha20");
-        if(RETVAL->pindex==-1) croak("FATAL: find_prng('chacha20') failed");
+        if (RETVAL->pindex == -1) {
+          Safefree(RETVAL);
+          croak("FATAL: find_prng('chacha20') failed");
+        }
         rv = rng_make_prng(320, RETVAL->pindex, &RETVAL->pstate, NULL); /* 320bits = 40bytes */
-        if (rv != CRYPT_OK) croak("FATAL: rng_make_prng failed: %s", error_to_string(rv));
+        if (rv != CRYPT_OK) {
+          Safefree(RETVAL);
+          croak("FATAL: rng_make_prng failed: %s", error_to_string(rv));
+        }
     }
     OUTPUT:
         RETVAL
@@ -44,7 +52,25 @@ _import(Crypt::PK::RSA self, SV * key_data)
     }
 
 void
-_import_pkcs8(Crypt::PK::RSA self, SV * key_data)
+_import_pkcs8(Crypt::PK::RSA self, SV * key_data, SV * passwd)
+    PPCODE:
+    {
+        int rv;
+        unsigned char *data=NULL, *pwd=NULL;
+        STRLEN data_len=0, pwd_len=0;
+
+        data = (unsigned char *)SvPVbyte(key_data, data_len);
+        if (SvOK(passwd)) {
+          pwd = (unsigned char *)SvPVbyte(passwd, pwd_len);
+        }
+        if (self->key.type != -1) { rsa_free(&self->key); self->key.type = -1; }
+        rv = rsa_import_pkcs8(data, (unsigned long)data_len, pwd, (unsigned long)pwd_len, &self->key);
+        if (rv != CRYPT_OK) croak("FATAL: rsa_import_pkcs8 failed: %s", error_to_string(rv));
+        XPUSHs(ST(0)); /* return self */
+    }
+
+void
+_import_x509(Crypt::PK::RSA self, SV * key_data)
     PPCODE:
     {
         int rv;
@@ -53,8 +79,8 @@ _import_pkcs8(Crypt::PK::RSA self, SV * key_data)
 
         data = (unsigned char *)SvPVbyte(key_data, data_len);
         if (self->key.type != -1) { rsa_free(&self->key); self->key.type = -1; }
-        rv = rsa_import_pkcs8(data, (unsigned long)data_len, NULL, 0, &self->key);
+        rv = rsa_import_x509(data, (unsigned long)data_len, &self->key);
-        if (rv != CRYPT_OK) croak("FATAL: rsa_import_pkcs8 failed: %s", error_to_string(rv));
+        if (rv != CRYPT_OK) croak("FATAL: rsa_import_x509 failed: %s", error_to_string(rv));
         XPUSHs(ST(0)); /* return self */
     }
 
@@ -63,9 +89,50 @@ _import_hex(Crypt::PK::RSA self, char *N, char *e, char *d=NULL, char *p=NULL, c
     PPCODE:
     {
         int rv;
-        if (self->key.type != -1) { rsa_free(&self->key); self->key.type = -1; }
+        unsigned char Nbin[1024], ebin[128], dbin[1024], pbin[512], qbin[512], dPbin[512], dQbin[512], qPbin[512];
-        rv = rsa_import_radix(16, N, e, d, p, q, dP, dQ, qP, &self->key);
+        unsigned long Nlen=sizeof(Nbin), elen=sizeof(ebin), dlen=sizeof(dbin), plen=sizeof(pbin),
-        if (rv != CRYPT_OK) croak("FATAL: rsa_import_radix failed: %s", error_to_string(rv));
+                      qlen=sizeof(qbin), dPlen=sizeof(dPbin), dQlen=sizeof(dQbin), qPlen=sizeof(qPbin);
+
+        rv = radix_to_bin(N,  16,  Nbin,  &Nlen);
+        if (rv != CRYPT_OK) croak("FATAL: radix_to_bin(N) failed: %s", error_to_string(rv));
+        rv = radix_to_bin(e,  16,  ebin,  &elen);
+        if (rv != CRYPT_OK) croak("FATAL: radix_to_bin(e) failed: %s", error_to_string(rv));
+
+        if (d && strlen(d) > 0) {
+          /* private */
+          rv = radix_to_bin(d,  16,  dbin,  &dlen);
+          if (rv != CRYPT_OK) croak("FATAL: radix_to_bin(d) failed: %s", error_to_string(rv));
+          rv = rsa_set_key(Nbin, Nlen, ebin, elen, dbin, dlen, &self->key);
+          if (rv != CRYPT_OK) croak("FATAL: rsa_set_key failed: %s", error_to_string(rv));
+        }
+        else {
+          /* public */
+          rv = rsa_set_key(Nbin, Nlen, ebin, elen, NULL, 0, &self->key);
+          if (rv != CRYPT_OK) croak("FATAL: rsa_set_key failed: %s", error_to_string(rv));
+        }
+
+        if (p && strlen(p) > 0 && q && strlen(q) > 0) {
+          /* private only */
+          rv = radix_to_bin(p,  16,  pbin,  &plen);
+          if (rv != CRYPT_OK) croak("FATAL: radix_to_bin(p) failed: %s", error_to_string(rv));
+          rv = radix_to_bin(q,  16,  qbin,  &qlen);
+          if (rv != CRYPT_OK) croak("FATAL: radix_to_bin(q) failed: %s", error_to_string(rv));
+          rv = rsa_set_factors(pbin, plen, qbin, qlen, &self->key);
+          if (rv != CRYPT_OK) croak("FATAL: rsa_set_factors failed: %s", error_to_string(rv));
+        }
+
+        if (dP && strlen(dP) > 0 && dQ && strlen(dQ) > 0 && qP && strlen(qP) > 0) {
+          /* private only */
+          rv = radix_to_bin(dP, 16, dPbin, &dPlen);
+          if (rv != CRYPT_OK) croak("FATAL: radix_to_bin(dP) failed: %s", error_to_string(rv));
+          rv = radix_to_bin(dQ, 16, dQbin, &dQlen);
+          if (rv != CRYPT_OK) croak("FATAL: radix_to_bin(dQ) failed: %s", error_to_string(rv));
+          rv = radix_to_bin(qP, 16, qPbin, &qPlen);
+          if (rv != CRYPT_OK) croak("FATAL: radix_to_bin(qP) failed: %s", error_to_string(rv));
+          rv = rsa_set_crt_params(dPbin, dPlen, dQbin, dQlen, qPbin, qPlen, &self->key);
+          if (rv != CRYPT_OK) croak("FATAL: rsa_set_crt_params failed: %s", error_to_string(rv));
+        }
+
         XPUSHs(ST(0)); /* return self */
     }
 
@@ -96,7 +163,7 @@ key2hash(Crypt::PK::RSA self)
         if (self->key.type == -1 || self->key.N == NULL) XSRETURN_UNDEF;
         nsize = mp_unsigned_bin_size(self->key.N);
         rv_hash = newHV();
-        /* =====> e */
+        /* e */
         siz = (self->key.e) ? mp_unsigned_bin_size(self->key.e) : 0;
         if (siz>10000) {
           croak("FATAL: key2hash failed - 'e' too big number");
@@ -108,7 +175,7 @@ key2hash(Crypt::PK::RSA self)
         else{
           not_used = hv_store(rv_hash, "e", 1, newSVpv("", 0), 0);
         }
-        /* =====> d */
+        /* d */
         siz = (self->key.d) ? mp_unsigned_bin_size(self->key.d) : 0;
         if (siz>10000) {
           croak("FATAL: key2hash failed - 'd' too big number");
@@ -120,7 +187,7 @@ key2hash(Crypt::PK::RSA self)
         else{
           not_used = hv_store(rv_hash, "d", 1, newSVpv("", 0), 0);
         }
-        /* =====> N */
+        /* N */
         siz = (self->key.N) ? nsize : 0;
         if (siz>10000) {
           croak("FATAL: key2hash failed - 'N' too big number");
@@ -132,7 +199,7 @@ key2hash(Crypt::PK::RSA self)
         else{
           not_used = hv_store(rv_hash, "N", 1, newSVpv("", 0), 0);
         }
-        /* =====> q */
+        /* q */
         siz = (self->key.q) ? mp_unsigned_bin_size(self->key.q) : 0;
         if (siz>10000) {
           croak("FATAL: key2hash failed - 'q' too big number");
@@ -144,7 +211,7 @@ key2hash(Crypt::PK::RSA self)
         else{
           not_used = hv_store(rv_hash, "q", 1, newSVpv("", 0), 0);
         }
-        /* =====> p */
+        /* p */
         siz = (self->key.p) ? mp_unsigned_bin_size(self->key.p) : 0;
         if (siz>10000) {
           croak("FATAL: key2hash failed - 'p' too big number");
@@ -156,7 +223,7 @@ key2hash(Crypt::PK::RSA self)
         else{
           not_used = hv_store(rv_hash, "p", 1, newSVpv("", 0), 0);
         }
-        /* =====> qP */
+        /* qP */
         siz = (self->key.qP) ? mp_unsigned_bin_size(self->key.qP) : 0;
         if (siz>10000) {
           croak("FATAL: key2hash failed - 'qP' too big number");
@@ -168,7 +235,7 @@ key2hash(Crypt::PK::RSA self)
         else{
           not_used = hv_store(rv_hash, "qP", 2, newSVpv("", 0), 0);
         }
-        /* =====> dP */
+        /* dP */
         siz = (self->key.dP) ? mp_unsigned_bin_size(self->key.dP) : 0;
         if (siz>10000) {
           croak("FATAL: key2hash failed - 'dP' too big number");
@@ -180,7 +247,7 @@ key2hash(Crypt::PK::RSA self)
         else{
           not_used = hv_store(rv_hash, "dP", 2, newSVpv("", 0), 0);
         }
-        /* =====> dQ */
+        /* dQ */
         siz = (self->key.dQ) ? mp_unsigned_bin_size(self->key.dQ) : 0;
         if (siz>10000) {
           croak("FATAL: key2hash failed - 'dQ' too big number");
@@ -192,11 +259,11 @@ key2hash(Crypt::PK::RSA self)
         else{
           not_used = hv_store(rv_hash, "dQ", 2, newSVpv("", 0), 0);
         }
-        /* =====> size */
+        /* size */
         not_used = hv_store(rv_hash, "size", 4, newSViv(nsize), 0);
-        /* =====> type */
+        /* type */
         not_used = hv_store(rv_hash, "type", 4, newSViv(self->key.type), 0);
-        if (not_used) not_used = NULL; /* just silence the warning: variable 'not_used' set but not used */
+        LTC_UNUSED_PARAM(not_used);
         RETVAL = newRV_noinc((SV*)rv_hash);
     OUTPUT:
         RETVAL
@@ -207,7 +274,7 @@ export_key_der(Crypt::PK::RSA self, char * type)
     {
         int rv;
         unsigned char out[4096];
-        unsigned long int out_len = 4096;
+        unsigned long out_len = 4096;
 
         RETVAL = newSVpvn(NULL, 0); /* undef */
         if (strnEQ(type, "private", 7)) {
@@ -228,7 +295,7 @@ export_key_der(Crypt::PK::RSA self, char * type)
         RETVAL
 
 SV *
-_encrypt(Crypt::PK::RSA self, SV * data, char * padding, char * oaep_hash, SV * oaep_lparam)
+encrypt(Crypt::PK::RSA self, SV * data, const char * padding = "oaep", const char * oaep_hash = "SHA1", SV * oaep_lparam = NULL)
     CODE:
     {
         int rv, hash_id;
@@ -243,9 +310,9 @@ _encrypt(Crypt::PK::RSA self, SV * data, char * padding, char * oaep_hash, SV *
 
         RETVAL = newSVpvn(NULL, 0); /* undef */
         if (strnEQ(padding, "oaep", 4)) {
-          hash_id = find_hash(oaep_hash);
+          hash_id = _find_hash(oaep_hash);
-          if(hash_id==-1) croak("FATAL: find_hash failed for '%s'", oaep_hash);
+          if (hash_id == -1) croak("FATAL: find_hash failed for '%s'", oaep_hash);
-          lparam_ptr = (unsigned char *)SvPVbyte(oaep_lparam, lparam_len);
+          if (oaep_lparam) lparam_ptr = (unsigned char *)SvPVbyte(oaep_lparam, lparam_len);
           rv = rsa_encrypt_key_ex(data_ptr, (unsigned long)data_len, buffer, &buffer_len, lparam_ptr, (unsigned long)lparam_len,
                                   &self->pstate, self->pindex,
                                   hash_id, LTC_PKCS_1_OAEP, &self->key);
@@ -273,7 +340,7 @@ _encrypt(Crypt::PK::RSA self, SV * data, char * padding, char * oaep_hash, SV *
         RETVAL
 
 SV *
-_decrypt(Crypt::PK::RSA self, SV * data, char * padding, char * oaep_hash, SV * oaep_lparam)
+decrypt(Crypt::PK::RSA self, SV * data, const char * padding = "oaep", const char * oaep_hash = "SHA1", SV * oaep_lparam = NULL)
     CODE:
     {
         int rv, hash_id, stat;
@@ -288,9 +355,9 @@ _decrypt(Crypt::PK::RSA self, SV * data, char * padding, char * oaep_hash, SV *
 
         RETVAL = newSVpvn(NULL, 0); /* undef */
         if (strnEQ(padding, "oaep", 4)) {
-          hash_id = find_hash(oaep_hash);
+          hash_id = _find_hash(oaep_hash);
-          if(hash_id==-1) croak("FATAL: find_hash failed for '%s'", oaep_hash);
+          if (hash_id == -1) croak("FATAL: find_hash failed for '%s'", oaep_hash);
-          lparam_ptr = (unsigned char *)SvPVbyte(oaep_lparam, lparam_len);
+          if (oaep_lparam) lparam_ptr = (unsigned char *)SvPVbyte(oaep_lparam, lparam_len);
           rv = rsa_decrypt_key_ex(data_ptr, (unsigned long)data_len, buffer, &buffer_len, lparam_ptr, (unsigned long)lparam_len,
                                   hash_id, LTC_PKCS_1_OAEP, &stat, &self->key);
           if (rv != CRYPT_OK) croak("FATAL: rsa_decrypt_key_ex failed: %s", error_to_string(rv));
@@ -318,21 +385,28 @@ _decrypt(Crypt::PK::RSA self, SV * data, char * padding, char * oaep_hash, SV *
         RETVAL
 
 SV *
-_sign(Crypt::PK::RSA self, SV * data, char * padding, char * hash_name=NULL, unsigned long saltlen=12)
+sign_hash(Crypt::PK::RSA self, SV * data, const char * hash_name = "SHA1", const char * padding = "pss", unsigned long saltlen=12)
+    ALIAS:
+        sign_message = 1
     CODE:
     {
         int rv, hash_id;
-        unsigned char *data_ptr=NULL;
+        unsigned char buffer[1024], tmp[MAXBLOCKSIZE], *data_ptr = NULL;
-        STRLEN data_len=0;
+        unsigned long tmp_len = MAXBLOCKSIZE, buffer_len = 1024;
-        unsigned char buffer[1024];
+        STRLEN data_len = 0;
-        unsigned long buffer_len = 1024;
 
         data_ptr = (unsigned char *)SvPVbyte(data, data_len);
-
+        if (ix == 1) {
-        RETVAL = newSVpvn(NULL, 0); /* undef */
+          hash_id = _find_hash(hash_name);
+          if (hash_id == -1) croak("FATAL: find_hash failed for '%s'", hash_name);
+          rv = hash_memory(hash_id, data_ptr, (unsigned long)data_len, tmp, &tmp_len);
+          if (rv != CRYPT_OK) croak("FATAL: hash_memory failed: %s", error_to_string(rv));
+          data_ptr = tmp;
+          data_len = tmp_len;
+        }
         if (strnEQ(padding, "pss", 3)) {
-          hash_id = find_hash(hash_name);
+          hash_id = _find_hash(hash_name);
-          if(hash_id==-1) croak("FATAL: find_hash failed for '%s'", hash_name);
+          if (hash_id == -1) croak("FATAL: find_hash failed for '%s'", hash_name);
           rv = rsa_sign_hash_ex(data_ptr, (unsigned long)data_len, buffer, &buffer_len, LTC_PKCS_1_PSS,
                                 &self->pstate, self->pindex,
                                 hash_id, saltlen, &self->key);
@@ -340,8 +414,8 @@ _sign(Crypt::PK::RSA self, SV * data, char * padding, char * hash_name=NULL, uns
           RETVAL = newSVpvn((char*)buffer, buffer_len);
         }
         else if (strnEQ(padding, "v1.5", 4)) {
-          hash_id = find_hash(hash_name);
+          hash_id = _find_hash(hash_name);
-          if(hash_id==-1) croak("FATAL: find_hash failed for '%s'", hash_name);
+          if (hash_id == -1) croak("FATAL: find_hash failed for '%s'", hash_name);
           rv = rsa_sign_hash_ex(data_ptr, (unsigned long)data_len, buffer, &buffer_len, LTC_PKCS_1_V1_5,
                                 &self->pstate, self->pindex,
                                 hash_id, 0, &self->key);
@@ -362,31 +436,38 @@ _sign(Crypt::PK::RSA self, SV * data, char * padding, char * hash_name=NULL, uns
         RETVAL
 
 int
-_verify(Crypt::PK::RSA self, SV * sig, SV * data, char * padding, char * hash_name=NULL, unsigned long saltlen=12)
+verify_hash(Crypt::PK::RSA self, SV * sig, SV * data, const char * hash_name = "SHA1", const char * padding = "pss", unsigned long saltlen = 12)
+    ALIAS:
+        verify_message = 1
     CODE:
     {
         int rv, hash_id, stat;
-        unsigned char *data_ptr=NULL;
+        unsigned char tmp[MAXBLOCKSIZE], buffer[1024], *data_ptr = NULL, *sig_ptr = NULL;
-        STRLEN data_len=0;
+        unsigned long i, tmp_len = MAXBLOCKSIZE, buffer_len = 1024;
-        unsigned char *sig_ptr=NULL;
+        STRLEN data_len = 0, sig_len = 0;
-        STRLEN sig_len=0;
-        unsigned char buffer[1024];
-        unsigned long i, buffer_len = 1024;
 
         data_ptr = (unsigned char *)SvPVbyte(data, data_len);
         sig_ptr = (unsigned char *)SvPVbyte(sig, sig_len);
-
+        if (ix == 1) {
+          hash_id = _find_hash(hash_name);
+          if (hash_id == -1) croak("FATAL: find_hash failed for '%s'", hash_name);
+          rv = hash_memory(hash_id, data_ptr, (unsigned long)data_len, tmp, &tmp_len);
+          if (rv != CRYPT_OK) croak("FATAL: hash_memory failed: %s", error_to_string(rv));
+          data_ptr = tmp;
+          data_len = tmp_len;
+        }
         RETVAL = 1;
+        stat = 0;
         if (strnEQ(padding, "pss", 3)) {
-          hash_id = find_hash(hash_name);
+          hash_id = _find_hash(hash_name);
-          if(hash_id==-1) croak("FATAL: find_hash failed for '%s'", hash_name);
+          if (hash_id == -1) croak("FATAL: find_hash failed for '%s'", hash_name);
           rv = rsa_verify_hash_ex(sig_ptr, (unsigned long)sig_len, data_ptr, (unsigned long)data_len, LTC_PKCS_1_PSS,
                                 hash_id, saltlen, &stat, &self->key);
           if (rv != CRYPT_OK || stat != 1) RETVAL = 0;
         }
         else if (strnEQ(padding, "v1.5", 4)) {
-          hash_id = find_hash(hash_name);
+          hash_id = _find_hash(hash_name);
-          if(hash_id==-1) croak("FATAL: find_hash failed for '%s'", hash_name);
+          if (hash_id == -1) croak("FATAL: find_hash failed for '%s'", hash_name);
           rv = rsa_verify_hash_ex(sig_ptr, (unsigned long)sig_len, data_ptr, (unsigned long)data_len, LTC_PKCS_1_V1_5,
                                 hash_id, 0, &stat, &self->key);
           if (rv != CRYPT_OK || stat != 1) RETVAL = 0;
@@ -416,4 +497,3 @@ DESTROY(Crypt::PK::RSA self)
     CODE:
         if (self->key.type != -1) { rsa_free(&self->key); self->key.type = -1; }
         Safefree(self);
-

inc/CryptX_PRNG.xs.inc

@@ -1,38 +1,68 @@
 MODULE = CryptX         PACKAGE = Crypt::PRNG
 
+PROTOTYPES: DISABLE
+
 Crypt::PRNG
-_new(IV curpid, char * prng_name, SV * entropy=&PL_sv_undef)
+new(char * class, ...)
     CODE:
     {
-        int rv, id;
+        IV curpid = (IV)PerlProc_getpid();
+        int rv, id, idx;
         unsigned char *ent=NULL;
         STRLEN ent_len=0;
         unsigned char entropy_buf[40];
+        char *prng_name = (char *)"ChaCha20";
+        SV *entropy = &PL_sv_undef;
+
+        /* we need to handle:
+           Crypt::PRNG->new('RC4');
+           Crypt::Cipher::RC4->new();
+         */
+        idx = strcmp("Crypt::PRNG", class) == 0 ? 1 : 0;
+        if (idx + 1 <= items) prng_name = SvPVX(ST(idx));
+        if (idx + 2 <= items) entropy = ST(idx + 1);
 
         Newz(0, RETVAL, 1, struct prng_struct);
         if (!RETVAL) croak("FATAL: Newz failed");
 
-        id = find_prng(prng_name);
+        id = _find_prng(prng_name);
-        if(id==-1) croak("FATAL: find_prng failed for '%s'", prng_name);
+        if (id == -1) {
-        RETVAL->id = id;
+          Safefree(RETVAL);
+          croak("FATAL: find_prng failed for '%s'", prng_name);
+        }
         RETVAL->last_pid = curpid;
         RETVAL->desc = &prng_descriptor[id];
 
         rv = RETVAL->desc->start(&RETVAL->state);
-        if (rv != CRYPT_OK) croak("FATAL: PRNG_start failed: %s", error_to_string(rv));
+        if (rv != CRYPT_OK) {
+          Safefree(RETVAL);
+          croak("FATAL: PRNG_start failed: %s", error_to_string(rv));
+        }
 
-        if(SvOK(entropy)) {
+        if (SvOK(entropy)) {
           ent = (unsigned char *) SvPVbyte(entropy, ent_len);
           rv = RETVAL->desc->add_entropy(ent, (unsigned long)ent_len, &RETVAL->state);
-          if (rv != CRYPT_OK) croak("FATAL: PRNG_add_entropy failed: %s", error_to_string(rv));
+          if (rv != CRYPT_OK) {
+            Safefree(RETVAL);
+            croak("FATAL: PRNG_add_entropy failed: %s", error_to_string(rv));
+          }
         }
         else {
-          if (rng_get_bytes(entropy_buf, 40, NULL) != 40) croak("FATAL: rng_get_bytes failed: %s", error_to_string(rv));
+          if (rng_get_bytes(entropy_buf, 40, NULL) != 40) {
+            Safefree(RETVAL);
+            croak("FATAL: rng_get_bytes failed: %s", error_to_string(rv));
+          }
           rv = RETVAL->desc->add_entropy(entropy_buf, 40, &RETVAL->state);
-          if (rv != CRYPT_OK) croak("FATAL: PRNG_add_entropy failed: %s", error_to_string(rv));
+          if (rv != CRYPT_OK) {
+            Safefree(RETVAL);
+            croak("FATAL: PRNG_add_entropy failed: %s", error_to_string(rv));
+          }
         }
         rv = RETVAL->desc->ready(&RETVAL->state);
-        if (rv != CRYPT_OK) croak("FATAL: PRNG_ready failed: %s", error_to_string(rv));
+        if (rv != CRYPT_OK) {
+          Safefree(RETVAL);
+          croak("FATAL: PRNG_ready failed: %s", error_to_string(rv));
+        }
     }
     OUTPUT:
         RETVAL
@@ -40,9 +70,7 @@ _new(IV curpid, char * prng_name, SV * entropy=&PL_sv_undef)
 void
 DESTROY(Crypt::PRNG self)
     CODE:
-    {
         Safefree(self);
-    }
 
 void
 add_entropy(Crypt::PRNG self, SV * entropy=&PL_sv_undef)
@@ -50,16 +78,16 @@ add_entropy(Crypt::PRNG self, SV * entropy=&PL_sv_undef)
     {
         STRLEN in_len=0;
         unsigned char *in_buffer=NULL;
-        unsigned char entropy_buf[32];
+        unsigned char entropy_buf[40];
         int rv;
-        if(SvOK(entropy)) {
+        if (SvOK(entropy)) {
           in_buffer = (unsigned char *) SvPVbyte(entropy, in_len);
           rv = self->desc->add_entropy(in_buffer, (unsigned long)in_len, &self->state);
           if (rv != CRYPT_OK) croak("FATAL: PRNG_add_entropy failed: %s", error_to_string(rv));
         }
         else {
-          if (rng_get_bytes(entropy_buf, 32, NULL) != 32) croak("FATAL: rng_get_bytes failed");
+          if (rng_get_bytes(entropy_buf, 40, NULL) != 40) croak("FATAL: rng_get_bytes failed");
-          rv = self->desc->add_entropy(entropy_buf, 32, &self->state);
+          rv = self->desc->add_entropy(entropy_buf, 40, &self->state);
           if (rv != CRYPT_OK) croak("FATAL: PRNG_add_entropy failed: %s", error_to_string(rv));
         }
         rv = self->desc->ready(&self->state);
@@ -67,41 +95,96 @@ add_entropy(Crypt::PRNG self, SV * entropy=&PL_sv_undef)
     }
 
 SV *
-_bytes(Crypt::PRNG self, IV curpid, STRLEN output_len)
+bytes(Crypt::PRNG self, unsigned long output_len)
+    ALIAS:
+        bytes_hex  = 1
+        bytes_b64  = 2
+        bytes_b64u = 3
     CODE:
     {
-        int rv_len;
+        IV curpid = (IV)PerlProc_getpid();
-        unsigned char *rdata;
+        int rv_len, rv;
-        unsigned char entropy_buf[32];
+        unsigned long len;
+        unsigned char *rdata, *tmp;
+        unsigned char entropy_buf[40];
 
+        if (output_len == 0) {
+          RETVAL = newSVpvn("", 0);
+        }
+        else {
           if (self->last_pid != curpid) {
-          rng_get_bytes(entropy_buf, 32, NULL);
+            if (rng_get_bytes(entropy_buf, 40, NULL) != 40) croak("FATAL: rng_get_bytes failed");
-          self->desc->add_entropy(entropy_buf, 32, &self->state);
+            self->desc->add_entropy(entropy_buf, 40, &self->state);
             self->desc->ready(&self->state);
             self->last_pid = curpid;
           }
-
+          if (ix == 1) {
-        RETVAL = NEWSV(0, output_len);
+            /* HEX */
+            Newz(0, tmp, output_len, unsigned char);
+            if (tmp == NULL) croak("FATAL: Newz failed");
+            rv_len = (self->desc->read)(tmp, (unsigned long)output_len, &self->state);
+            if ((UV)rv_len != output_len) croak("FATAL: PRNG_read failed");
+            RETVAL = NEWSV(0, output_len * 2); /* avoid zero! */
+            SvPOK_only(RETVAL);
+            SvCUR_set(RETVAL, output_len * 2);
+            rdata = (unsigned char *)SvPVX(RETVAL);
+            len = output_len * 2;
+            rv = _base16_encode(tmp, output_len, rdata, &len);
+            Safefree(tmp);
+            if (rv != CRYPT_OK) {
+              SvREFCNT_dec(RETVAL);
+              croak("FATAL: base16_encode failed");
+            }
+          }
+          else if (ix == 2 || ix == 3) {
+            /* BASE64 or BASE64URL */
+            Newz(0, tmp, output_len, unsigned char);
+            if (tmp == NULL) croak("FATAL: Newz failed");
+            rv_len = (self->desc->read)(tmp, (unsigned long)output_len, &self->state);
+            if ((UV)rv_len != output_len) croak("FATAL: PRNG_read failed");
+            RETVAL = NEWSV(0, output_len * 2); /* avoid zero! */
+            SvPOK_only(RETVAL);
+            SvCUR_set(RETVAL, output_len * 2);
+            rdata = (unsigned char *)SvPVX(RETVAL);
+            len = output_len * 2;
+            rv = ix == 3 ? base64url_encode(tmp, output_len, rdata, &len) :
+                           base64_encode(tmp, output_len, rdata, &len);
+            SvCUR_set(RETVAL, len);
+            Safefree(tmp);
+            if (rv != CRYPT_OK) {
+              SvREFCNT_dec(RETVAL);
+              croak(ix == 3 ? "FATAL: base64url_encode failed" : "FATAL: base64_encode failed");
+            }
+          }
+          else {
+            /* RAW BYTES */
+            RETVAL = NEWSV(0, output_len); /* avoid zero! */
             SvPOK_only(RETVAL);
             SvCUR_set(RETVAL, output_len);
-        rdata = (unsigned char *)SvPV_nolen(RETVAL);
+            rdata = (unsigned char *)SvPVX(RETVAL);
             rv_len = (self->desc->read)(rdata, (unsigned long)output_len, &self->state);
-        if ((UV)rv_len != output_len) croak("FATAL: PRNG_read failed");
+            if ((UV)rv_len != output_len) {
+              SvREFCNT_dec(RETVAL);
+              croak("FATAL: PRNG_read failed");
+            }
+          }
+        }
     }
     OUTPUT:
         RETVAL
 
 UV
-_int32(Crypt::PRNG self, IV curpid)
+int32(Crypt::PRNG self)
     CODE:
     {
+        IV curpid = (IV)PerlProc_getpid();
         int i;
         unsigned char rdata[4];
-        unsigned char entropy_buf[32];
+        unsigned char entropy_buf[40];
 
         if (self->last_pid != curpid) {
-          rng_get_bytes(entropy_buf, 32, NULL);
+          if (rng_get_bytes(entropy_buf, 40, NULL) != 40) croak("FATAL: rng_get_bytes failed");
-          self->desc->add_entropy(entropy_buf, 32, &self->state);
+          self->desc->add_entropy(entropy_buf, 40, &self->state);
           self->desc->ready(&self->state);
           self->last_pid = curpid;
         }
@@ -114,18 +197,18 @@ _int32(Crypt::PRNG self, IV curpid)
         RETVAL
 
 NV
-_double(Crypt::PRNG self, IV curpid, ...)
+double(Crypt::PRNG self, SV * limit_sv = NULL)
     CODE:
     {
+        IV curpid = (IV)PerlProc_getpid();
         int i;
         unsigned long a, b;     /* 32bit is enough */
         unsigned char rdata[7]; /* for double we need 53 bits */
-        unsigned char entropy_buf[32];
+        unsigned char entropy_buf[40];
-        NV limit;
 
         if (self->last_pid != curpid) {
-          rng_get_bytes(entropy_buf, 32, NULL);
+          if (rng_get_bytes(entropy_buf, 40, NULL) != 40) croak("FATAL: rng_get_bytes failed");
-          self->desc->add_entropy(entropy_buf, 32, &self->state);
+          self->desc->add_entropy(entropy_buf, 40, &self->state);
           self->desc->ready(&self->state);
           self->last_pid = curpid;
         }
@@ -135,8 +218,8 @@ _double(Crypt::PRNG self, IV curpid, ...)
         a = (((unsigned long)(rdata[0])<<16) + ((unsigned long)(rdata[1])<<8) + ((unsigned long)(rdata[2]))) & 0x1FFFFF;                      /* 21 bits */
         b = ((unsigned long)(rdata[3])<<24) + ((unsigned long)(rdata[4])<<16) + ((unsigned long)(rdata[5])<<8) + ((unsigned long)(rdata[6])); /* 32 bits */
         RETVAL = ( (NV)a * 4294967296.0 + (NV)b ) / 9007199254740992.0;                           /* (a * 2^32 + b) / 2^53 */
-        if (items>2 && SvOK(ST(2))) {
+        if (limit_sv && SvOK(limit_sv)) {
-          limit = SvNV(ST(2));
+          NV limit = SvNV(limit_sv);
           if (limit > 0 || limit < 0) RETVAL = RETVAL * limit;
         }
     }

inc/CryptX_Stream_ChaCha.xs.inc

@@ -1,7 +1,9 @@
 MODULE = CryptX         PACKAGE = Crypt::Stream::ChaCha
 
+PROTOTYPES: DISABLE
+
 Crypt::Stream::ChaCha
-_new(SV * key, SV * nonce, UV counter = 0, int rounds = 20)
+new(Class, SV * key, SV * nonce, UV counter = 0, int rounds = 20)
     CODE:
     {
         int rv;
@@ -13,21 +15,31 @@ _new(SV * key, SV * nonce, UV counter = 0, int rounds = 20)
         k  = (unsigned char *) SvPVbyte(key, k_len);
         iv = (unsigned char *) SvPVbyte(nonce, iv_len);
 
-        Newz(0, RETVAL, 1, struct chacha_struct);
+        Newz(0, RETVAL, 1, chacha_state);
         if (!RETVAL) croak("FATAL: Newz failed");
 
-        rv = chacha_setup(&RETVAL->state, k, (unsigned long)k_len, rounds);
+        rv = chacha_setup(RETVAL, k, (unsigned long)k_len, rounds);
-        if (rv != CRYPT_OK) croak("FATAL: chacha_setup failed: %s", error_to_string(rv));
+        if (rv != CRYPT_OK) {
+          Safefree(RETVAL);
+          croak("FATAL: chacha_setup failed: %s", error_to_string(rv));
+        }
 
         if (iv_len == 12) {
-          rv = chacha_ivctr32(&RETVAL->state, iv, (unsigned long)iv_len, (ulong32)counter);
+          rv = chacha_ivctr32(RETVAL, iv, (unsigned long)iv_len, (ulong32)counter);
-          if (rv != CRYPT_OK) croak("FATAL: chacha_ivctr32 failed: %s", error_to_string(rv));
+          if (rv != CRYPT_OK) {
+            Safefree(RETVAL);
+            croak("FATAL: chacha_ivctr32 failed: %s", error_to_string(rv));
+          }
         }
         else if (iv_len == 8) {
-          rv = chacha_ivctr64(&RETVAL->state, iv, (unsigned long)iv_len, (ulong64)counter);
+          rv = chacha_ivctr64(RETVAL, iv, (unsigned long)iv_len, (ulong64)counter);
-          if (rv != CRYPT_OK) croak("FATAL: chacha_ivctr64 failed: %s", error_to_string(rv));
+          if (rv != CRYPT_OK) {
+            Safefree(RETVAL);
+            croak("FATAL: chacha_ivctr64 failed: %s", error_to_string(rv));
+          }
         }
         else {
+          Safefree(RETVAL);
           croak("FATAL: chacha IV length must be 8 or 12 bytes");
         }
     }
@@ -37,15 +49,15 @@ _new(SV * key, SV * nonce, UV counter = 0, int rounds = 20)
 void
 DESTROY(Crypt::Stream::ChaCha self)
     CODE:
-        chacha_done(&self->state);
+        chacha_done(self);
         Safefree(self);
 
 Crypt::Stream::ChaCha
 clone(Crypt::Stream::ChaCha self)
     CODE:
-        Newz(0, RETVAL, 1, struct chacha_struct);
+        Newz(0, RETVAL, 1, chacha_state);
         if (!RETVAL) croak("FATAL: Newz failed");
-        Copy(&self->state, &RETVAL->state, 1, struct chacha_struct);
+        Copy(self, RETVAL, 1, chacha_state);
     OUTPUT:
         RETVAL
 
@@ -56,12 +68,20 @@ keystream(Crypt::Stream::ChaCha self, STRLEN out_len)
         int rv;
         unsigned char *out_data;
 
-        RETVAL = NEWSV(0, out_len);
+        if (out_len == 0) {
+          RETVAL = newSVpvn("", 0);
+        }
+        else {
+          RETVAL = NEWSV(0, out_len); /* avoid zero! */
           SvPOK_only(RETVAL);
           SvCUR_set(RETVAL, out_len);
-        out_data = (unsigned char *)SvPV_nolen(RETVAL);
+          out_data = (unsigned char *)SvPVX(RETVAL);
-        rv = chacha_keystream(&self->state, out_data, out_len);
+          rv = chacha_keystream(self, out_data, (unsigned long)out_len);
-        if (rv != CRYPT_OK) croak("FATAL: chacha_keystream failed: %s", error_to_string(rv));
+          if (rv != CRYPT_OK) {
+            SvREFCNT_dec(RETVAL);
+            croak("FATAL: chacha_keystream failed: %s", error_to_string(rv));
+          }
+        }
     }
     OUTPUT:
         RETVAL
@@ -75,16 +95,19 @@ crypt(Crypt::Stream::ChaCha self, SV * data)
         unsigned char *in_data, *out_data;
 
         in_data = (unsigned char *)SvPVbyte(data, in_data_len);
-        if (in_data_len==0) {
+        if (in_data_len == 0) {
           RETVAL = newSVpvn("", 0);
         }
         else {
-          RETVAL = NEWSV(0, in_data_len);
+          RETVAL = NEWSV(0, in_data_len); /* avoid zero! */
           SvPOK_only(RETVAL);
           SvCUR_set(RETVAL, in_data_len);
-          out_data = (unsigned char *)SvPV_nolen(RETVAL);
+          out_data = (unsigned char *)SvPVX(RETVAL);
-          rv = chacha_crypt(&self->state, in_data, (unsigned long)in_data_len, out_data);
+          rv = chacha_crypt(self, in_data, (unsigned long)in_data_len, out_data);
-          if (rv != CRYPT_OK) croak("FATAL: chacha_crypt failed: %s", error_to_string(rv));
+          if (rv != CRYPT_OK) {
+            SvREFCNT_dec(RETVAL);
+            croak("FATAL: chacha_crypt failed: %s", error_to_string(rv));
+          }
         }
     }
     OUTPUT:

inc/CryptX_Stream_RC4.xs.inc

@@ -1,7 +1,9 @@
 MODULE = CryptX         PACKAGE = Crypt::Stream::RC4
 
+PROTOTYPES: DISABLE
+
 Crypt::Stream::RC4
-_new(SV * key)
+new(Class, SV * key)
     CODE:
     {
         int rv;
@@ -11,11 +13,14 @@ _new(SV * key)
         if (!SvPOK(key))   croak("FATAL: key must be string/buffer scalar");
         k  = (unsigned char *) SvPVbyte(key, k_len);
 
-        Newz(0, RETVAL, 1, struct rc4_struct);
+        Newz(0, RETVAL, 1, rc4_state);
         if (!RETVAL) croak("FATAL: Newz failed");
 
-        rv = rc4_stream_setup(&RETVAL->state, k, (unsigned long)k_len);
+        rv = rc4_stream_setup(RETVAL, k, (unsigned long)k_len);
-        if (rv != CRYPT_OK) croak("FATAL: rc4_stream_setup failed: %s", error_to_string(rv));
+        if (rv != CRYPT_OK) {
+          Safefree(RETVAL);
+          croak("FATAL: rc4_stream_setup failed: %s", error_to_string(rv));
+        }
     }
     OUTPUT:
         RETVAL
@@ -23,15 +28,15 @@ _new(SV * key)
 void
 DESTROY(Crypt::Stream::RC4 self)
     CODE:
-        rc4_stream_done(&self->state);
+        rc4_stream_done(self);
         Safefree(self);
 
 Crypt::Stream::RC4
 clone(Crypt::Stream::RC4 self)
     CODE:
-        Newz(0, RETVAL, 1, struct rc4_struct);
+        Newz(0, RETVAL, 1, rc4_state);
         if (!RETVAL) croak("FATAL: Newz failed");
-        Copy(&self->state, &RETVAL->state, 1, struct rc4_struct);
+        Copy(self, RETVAL, 1, rc4_state);
     OUTPUT:
         RETVAL
 
@@ -42,12 +47,20 @@ keystream(Crypt::Stream::RC4 self, STRLEN out_len)
         int rv;
         unsigned char *out_data;
 
-        RETVAL = NEWSV(0, out_len);
+        if (out_len == 0) {
+          RETVAL = newSVpvn("", 0);
+        }
+        else {
+          RETVAL = NEWSV(0, out_len); /* avoid zero! */
           SvPOK_only(RETVAL);
           SvCUR_set(RETVAL, out_len);
-        out_data = (unsigned char *)SvPV_nolen(RETVAL);
+          out_data = (unsigned char *)SvPVX(RETVAL);
-        rv = rc4_stream_keystream(&self->state, out_data, out_len);
+          rv = rc4_stream_keystream(self, out_data, (unsigned long)out_len);
-        if (rv != CRYPT_OK) croak("FATAL: rc4_stream_keystream failed: %s", error_to_string(rv));
+          if (rv != CRYPT_OK) {
+            SvREFCNT_dec(RETVAL);
+            croak("FATAL: rc4_stream_keystream failed: %s", error_to_string(rv));
+          }
+        }
     }
     OUTPUT:
         RETVAL
@@ -61,16 +74,19 @@ crypt(Crypt::Stream::RC4 self, SV * data)
         unsigned char *in_data, *out_data;
 
         in_data = (unsigned char *)SvPVbyte(data, in_data_len);
-        if (in_data_len==0) {
+        if (in_data_len == 0) {
           RETVAL = newSVpvn("", 0);
         }
         else {
-          RETVAL = NEWSV(0, in_data_len);
+          RETVAL = NEWSV(0, in_data_len); /* avoid zero! */
           SvPOK_only(RETVAL);
           SvCUR_set(RETVAL, in_data_len);
-          out_data = (unsigned char *)SvPV_nolen(RETVAL);
+          out_data = (unsigned char *)SvPVX(RETVAL);
-          rv = rc4_stream_crypt(&self->state, in_data, (unsigned long)in_data_len, out_data);
+          rv = rc4_stream_crypt(self, in_data, (unsigned long)in_data_len, out_data);
-          if (rv != CRYPT_OK) croak("FATAL: rc4_stream_crypt failed: %s", error_to_string(rv));
+          if (rv != CRYPT_OK) {
+            SvREFCNT_dec(RETVAL);
+            croak("FATAL: rc4_stream_crypt failed: %s", error_to_string(rv));
+          }
         }
     }
     OUTPUT:

inc/CryptX_Stream_Rabbit.xs.inc

@@ -0,0 +1,104 @@
+MODULE = CryptX         PACKAGE = Crypt::Stream::Rabbit
+
+PROTOTYPES: DISABLE
+
+Crypt::Stream::Rabbit
+new(Class, SV * key, SV * nonce=&PL_sv_undef)
+    CODE:
+    {
+        int rv;
+        STRLEN iv_len=0, k_len=0;
+        unsigned char *iv=NULL, *k=NULL;
+
+        if (!SvPOK(key))   croak("FATAL: key must be string/buffer scalar");
+        k  = (unsigned char *)SvPVbyte(key, k_len);
+
+        Newz(0, RETVAL, 1, rabbit_state);
+        if (!RETVAL) croak("FATAL: Newz failed");
+
+        rv = rabbit_setup(RETVAL, k, (unsigned long)k_len);
+        if (rv != CRYPT_OK) {
+          Safefree(RETVAL);
+          croak("FATAL: rabbit_setup failed: %s", error_to_string(rv));
+        }
+
+        if (SvOK(nonce)) {
+          if (!SvPOK(nonce)) croak("FATAL: nonce must be string/buffer scalar");
+          iv = (unsigned char *)SvPVbyte(nonce, iv_len);
+          rv = rabbit_setiv(RETVAL, iv, (unsigned long)iv_len);
+          if (rv != CRYPT_OK) {
+            Safefree(RETVAL);
+            croak("FATAL: rabbit_setiv failed: %s", error_to_string(rv));
+          }
+        }
+
+    }
+    OUTPUT:
+        RETVAL
+
+void
+DESTROY(Crypt::Stream::Rabbit self)
+    CODE:
+        rabbit_done(self);
+        Safefree(self);
+
+Crypt::Stream::Rabbit
+clone(Crypt::Stream::Rabbit self)
+    CODE:
+        Newz(0, RETVAL, 1, rabbit_state);
+        if (!RETVAL) croak("FATAL: Newz failed");
+        Copy(self, RETVAL, 1, rabbit_state);
+    OUTPUT:
+        RETVAL
+
+SV *
+keystream(Crypt::Stream::Rabbit self, STRLEN out_len)
+    CODE:
+    {
+        int rv;
+        unsigned char *out_data;
+
+        if (out_len == 0) {
+          RETVAL = newSVpvn("", 0);
+        }
+        else {
+          RETVAL = NEWSV(0, out_len); /* avoid zero! */
+          SvPOK_only(RETVAL);
+          SvCUR_set(RETVAL, out_len);
+          out_data = (unsigned char *)SvPVX(RETVAL);
+          rv = rabbit_keystream(self, out_data, (unsigned long)out_len);
+          if (rv != CRYPT_OK) {
+            SvREFCNT_dec(RETVAL);
+            croak("FATAL: rabbit_keystream failed: %s", error_to_string(rv));
+          }
+        }
+    }
+    OUTPUT:
+        RETVAL
+
+SV *
+crypt(Crypt::Stream::Rabbit self, SV * data)
+    CODE:
+    {
+        int rv;
+        STRLEN in_data_len;
+        unsigned char *in_data, *out_data;
+
+        in_data = (unsigned char *)SvPVbyte(data, in_data_len);
+        if (in_data_len == 0) {
+          RETVAL = newSVpvn("", 0);
+        }
+        else {
+          RETVAL = NEWSV(0, in_data_len); /* avoid zero! */
+          SvPOK_only(RETVAL);
+          SvCUR_set(RETVAL, in_data_len);
+          out_data = (unsigned char *)SvPVX(RETVAL);
+          rv = rabbit_crypt(self, in_data, (unsigned long)in_data_len, out_data);
+          if (rv != CRYPT_OK) {
+            SvREFCNT_dec(RETVAL);
+            croak("FATAL: rabbit_crypt failed: %s", error_to_string(rv));
+          }
+        }
+    }
+    OUTPUT:
+        RETVAL

inc/CryptX_Stream_Salsa20.xs.inc

@@ -0,0 +1,101 @@
+MODULE = CryptX         PACKAGE = Crypt::Stream::Salsa20
+
+PROTOTYPES: DISABLE
+
+Crypt::Stream::Salsa20
+new(Class, SV * key, SV * nonce, UV counter = 0, int rounds = 20)
+    CODE:
+    {
+        int rv;
+        STRLEN iv_len=0, k_len=0;
+        unsigned char *iv=NULL, *k=NULL;
+
+        if (!SvPOK(key))   croak("FATAL: key must be string/buffer scalar");
+        if (!SvPOK(nonce)) croak("FATAL: nonce must be string/buffer scalar");
+        k  = (unsigned char *)SvPVbyte(key, k_len);
+        iv = (unsigned char *)SvPVbyte(nonce, iv_len);
+
+        Newz(0, RETVAL, 1, salsa20_state);
+        if (!RETVAL) croak("FATAL: Newz failed");
+
+        rv = salsa20_setup(RETVAL, k, (unsigned long)k_len, rounds);
+        if (rv != CRYPT_OK) {
+          Safefree(RETVAL);
+          croak("FATAL: salsa20_setup failed: %s", error_to_string(rv));
+        }
+
+        rv = salsa20_ivctr64(RETVAL, iv, (unsigned long)iv_len, (ulong64)counter);
+        if (rv != CRYPT_OK) {
+          Safefree(RETVAL);
+          croak("FATAL: salsa20_ivctr64 failed: %s", error_to_string(rv));
+        }
+    }
+    OUTPUT:
+        RETVAL
+
+void
+DESTROY(Crypt::Stream::Salsa20 self)
+    CODE:
+        salsa20_done(self);
+        Safefree(self);
+
+Crypt::Stream::Salsa20
+clone(Crypt::Stream::Salsa20 self)
+    CODE:
+        Newz(0, RETVAL, 1, salsa20_state);
+        if (!RETVAL) croak("FATAL: Newz failed");
+        Copy(self, RETVAL, 1, salsa20_state);
+    OUTPUT:
+        RETVAL
+
+SV *
+keystream(Crypt::Stream::Salsa20 self, STRLEN out_len)
+    CODE:
+    {
+        int rv;
+        unsigned char *out_data;
+
+        if (out_len == 0) {
+          RETVAL = newSVpvn("", 0);
+        }
+        else {
+          RETVAL = NEWSV(0, out_len); /* avoid zero! */
+          SvPOK_only(RETVAL);
+          SvCUR_set(RETVAL, out_len);
+          out_data = (unsigned char *)SvPVX(RETVAL);
+          rv = salsa20_keystream(self, out_data, (unsigned long)out_len);
+          if (rv != CRYPT_OK) {
+            SvREFCNT_dec(RETVAL);
+            croak("FATAL: salsa20_keystream failed: %s", error_to_string(rv));
+          }
+        }
+    }
+    OUTPUT:
+        RETVAL
+
+SV *
+crypt(Crypt::Stream::Salsa20 self, SV * data)
+    CODE:
+    {
+        int rv;
+        STRLEN in_data_len;
+        unsigned char *in_data, *out_data;
+
+        in_data = (unsigned char *)SvPVbyte(data, in_data_len);
+        if (in_data_len == 0) {
+          RETVAL = newSVpvn("", 0);
+        }
+        else {
+          RETVAL = NEWSV(0, in_data_len); /* avoid zero! */
+          SvPOK_only(RETVAL);
+          SvCUR_set(RETVAL, in_data_len);
+          out_data = (unsigned char *)SvPVX(RETVAL);
+          rv = salsa20_crypt(self, in_data, (unsigned long)in_data_len, out_data);
+          if (rv != CRYPT_OK) {
+            SvREFCNT_dec(RETVAL);
+            croak("FATAL: salsa20_crypt failed: %s", error_to_string(rv));
+          }
+        }
+    }
+    OUTPUT:
+        RETVAL

inc/CryptX_Stream_Sober128.xs.inc

@@ -1,7 +1,9 @@
 MODULE = CryptX         PACKAGE = Crypt::Stream::Sober128
 
+PROTOTYPES: DISABLE
+
 Crypt::Stream::Sober128
-_new(SV * key, SV * nonce)
+new(Class, SV * key, SV * nonce)
     CODE:
     {
         int rv;
@@ -13,14 +15,20 @@ _new(SV * key, SV * nonce)
         k  = (unsigned char *) SvPVbyte(key, k_len);
         iv = (unsigned char *) SvPVbyte(nonce, iv_len);
 
-        Newz(0, RETVAL, 1, struct sober128_struct);
+        Newz(0, RETVAL, 1, sober128_state);
         if (!RETVAL) croak("FATAL: Newz failed");
 
-        rv = sober128_stream_setup(&RETVAL->state, k, (unsigned long)k_len);
+        rv = sober128_stream_setup(RETVAL, k, (unsigned long)k_len);
-        if (rv != CRYPT_OK) croak("FATAL: sober128_stream_setup failed: %s", error_to_string(rv));
+        if (rv != CRYPT_OK) {
+          Safefree(RETVAL);
+          croak("FATAL: sober128_stream_setup failed: %s", error_to_string(rv));
+        }
 
-        rv = sober128_stream_setiv(&RETVAL->state, iv, (unsigned long)iv_len);
+        rv = sober128_stream_setiv(RETVAL, iv, (unsigned long)iv_len);
-        if (rv != CRYPT_OK) croak("FATAL: sober128_stream_setiv failed: %s", error_to_string(rv));
+        if (rv != CRYPT_OK) {
+          Safefree(RETVAL);
+          croak("FATAL: sober128_stream_setiv failed: %s", error_to_string(rv));
+        }
     }
     OUTPUT:
         RETVAL
@@ -28,15 +36,15 @@ _new(SV * key, SV * nonce)
 void
 DESTROY(Crypt::Stream::Sober128 self)
     CODE:
-        sober128_stream_done(&self->state);
+        sober128_stream_done(self);
         Safefree(self);
 
 Crypt::Stream::Sober128
 clone(Crypt::Stream::Sober128 self)
     CODE:
-        Newz(0, RETVAL, 1, struct sober128_struct);
+        Newz(0, RETVAL, 1, sober128_state);
         if (!RETVAL) croak("FATAL: Newz failed");
-        Copy(&self->state, &RETVAL->state, 1, struct sober128_struct);
+        Copy(self, RETVAL, 1, sober128_state);
     OUTPUT:
         RETVAL
 
@@ -47,12 +55,20 @@ keystream(Crypt::Stream::Sober128 self, STRLEN out_len)
         int rv;
         unsigned char *out_data;
 
-        RETVAL = NEWSV(0, out_len);
+        if (out_len == 0) {
+          RETVAL = newSVpvn("", 0);
+        }
+        else {
+          RETVAL = NEWSV(0, out_len); /* avoid zero! */
           SvPOK_only(RETVAL);
           SvCUR_set(RETVAL, out_len);
-        out_data = (unsigned char *)SvPV_nolen(RETVAL);
+          out_data = (unsigned char *)SvPVX(RETVAL);
-        rv = sober128_stream_keystream(&self->state, out_data, out_len);
+          rv = sober128_stream_keystream(self, out_data, (unsigned long)out_len);
-        if (rv != CRYPT_OK) croak("FATAL: sober128_stream_keystream failed: %s", error_to_string(rv));
+          if (rv != CRYPT_OK) {
+            SvREFCNT_dec(RETVAL);
+            croak("FATAL: sober128_stream_keystream failed: %s", error_to_string(rv));
+          }
+        }
     }
     OUTPUT:
         RETVAL
@@ -66,16 +82,19 @@ crypt(Crypt::Stream::Sober128 self, SV * data)
         unsigned char *in_data, *out_data;
 
         in_data = (unsigned char *)SvPVbyte(data, in_data_len);
-        if (in_data_len==0) {
+        if (in_data_len == 0) {
           RETVAL = newSVpvn("", 0);
         }
         else {
-          RETVAL = NEWSV(0, in_data_len);
+          RETVAL = NEWSV(0, in_data_len); /* avoid zero! */
           SvPOK_only(RETVAL);
           SvCUR_set(RETVAL, in_data_len);
-          out_data = (unsigned char *)SvPV_nolen(RETVAL);
+          out_data = (unsigned char *)SvPVX(RETVAL);
-          rv = sober128_stream_crypt(&self->state, in_data, (unsigned long)in_data_len, out_data);
+          rv = sober128_stream_crypt(self, in_data, (unsigned long)in_data_len, out_data);
-          if (rv != CRYPT_OK) croak("FATAL: sober128_stream_crypt failed: %s", error_to_string(rv));
+          if (rv != CRYPT_OK) {
+            SvREFCNT_dec(RETVAL);
+            croak("FATAL: sober128_stream_crypt failed: %s", error_to_string(rv));
+          }
         }
     }
     OUTPUT:

inc/CryptX_Stream_Sosemanuk.xs.inc

@@ -0,0 +1,107 @@
+MODULE = CryptX         PACKAGE = Crypt::Stream::Sosemanuk
+
+PROTOTYPES: DISABLE
+
+Crypt::Stream::Sosemanuk
+new(Class, SV * key, SV * nonce=&PL_sv_undef)
+    CODE:
+    {
+        int rv;
+        STRLEN iv_len=0, k_len=0;
+        unsigned char *iv=NULL, *k=NULL;
+
+        if (!SvPOK(key))   croak("FATAL: key must be string/buffer scalar");
+        k  = (unsigned char *)SvPVbyte(key, k_len);
+
+        Newz(0, RETVAL, 1, sosemanuk_state);
+        if (!RETVAL) croak("FATAL: Newz failed");
+
+        rv = sosemanuk_setup(RETVAL, k, (unsigned long)k_len);
+        if (rv != CRYPT_OK) {
+          Safefree(RETVAL);
+          croak("FATAL: sosemanuk_setup failed: %s", error_to_string(rv));
+        }
+
+        if (SvOK(nonce)) {
+          if (!SvPOK(nonce)) croak("FATAL: nonce must be string/buffer scalar");
+          iv = (unsigned char *)SvPVbyte(nonce, iv_len);
+          rv = sosemanuk_setiv(RETVAL, iv, (unsigned long)iv_len);
+        }
+        else {
+          rv = sosemanuk_setiv(RETVAL, NULL, 0);
+        }
+        if (rv != CRYPT_OK) {
+          Safefree(RETVAL);
+          croak("FATAL: sosemanuk_setiv failed: %s", error_to_string(rv));
+        }
+
+    }
+    OUTPUT:
+        RETVAL
+
+void
+DESTROY(Crypt::Stream::Sosemanuk self)
+    CODE:
+        sosemanuk_done(self);
+        Safefree(self);
+
+Crypt::Stream::Sosemanuk
+clone(Crypt::Stream::Sosemanuk self)
+    CODE:
+        Newz(0, RETVAL, 1, sosemanuk_state);
+        if (!RETVAL) croak("FATAL: Newz failed");
+        Copy(self, RETVAL, 1, sosemanuk_state);
+    OUTPUT:
+        RETVAL
+
+SV *
+keystream(Crypt::Stream::Sosemanuk self, STRLEN out_len)
+    CODE:
+    {
+        int rv;
+        unsigned char *out_data;
+
+        if (out_len == 0) {
+          RETVAL = newSVpvn("", 0);
+        }
+        else {
+          RETVAL = NEWSV(0, out_len); /* avoid zero! */
+          SvPOK_only(RETVAL);
+          SvCUR_set(RETVAL, out_len);
+          out_data = (unsigned char *)SvPVX(RETVAL);
+          rv = sosemanuk_keystream(self, out_data, (unsigned long)out_len);
+          if (rv != CRYPT_OK) {
+            SvREFCNT_dec(RETVAL);
+            croak("FATAL: sosemanuk_keystream failed: %s", error_to_string(rv));
+          }
+        }
+    }
+    OUTPUT:
+        RETVAL
+
+SV *
+crypt(Crypt::Stream::Sosemanuk self, SV * data)
+    CODE:
+    {
+        int rv;
+        STRLEN in_data_len;
+        unsigned char *in_data, *out_data;
+
+        in_data = (unsigned char *)SvPVbyte(data, in_data_len);
+        if (in_data_len == 0) {
+          RETVAL = newSVpvn("", 0);
+        }
+        else {
+          RETVAL = NEWSV(0, in_data_len); /* avoid zero! */
+          SvPOK_only(RETVAL);
+          SvCUR_set(RETVAL, in_data_len);
+          out_data = (unsigned char *)SvPVX(RETVAL);
+          rv = sosemanuk_crypt(self, in_data, (unsigned long)in_data_len, out_data);
+          if (rv != CRYPT_OK) {
+            SvREFCNT_dec(RETVAL);
+            croak("FATAL: sosemanuk_crypt failed: %s", error_to_string(rv));
+          }
+        }
+    }
+    OUTPUT:
+        RETVAL

lib/Crypt/AuthEnc.pm

@@ -2,13 +2,13 @@ package Crypt::AuthEnc;
 
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
 
-sub CLONE_SKIP { 1 } # prevent cloning
+### not used
 
 1;
 
-__END__
+=pod
 
 =head1 NAME
 

lib/Crypt/AuthEnc/CCM.pm

@@ -2,39 +2,18 @@ package Crypt::AuthEnc::CCM;
 
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
 
-use base qw(Crypt::AuthEnc Exporter);
+require Exporter; our @ISA = qw(Exporter); ### use Exporter 'import';
 our %EXPORT_TAGS = ( all => [qw( ccm_encrypt_authenticate ccm_decrypt_verify )] );
 our @EXPORT_OK = ( @{ $EXPORT_TAGS{'all'} } );
 our @EXPORT = qw();
 
+use Carp;
+$Carp::Internal{(__PACKAGE__)}++;
 use CryptX;
-use Crypt::Cipher;
 
-### the following functions are implemented in XS:
+sub CLONE_SKIP { 1 } # prevent cloning
-# - _memory_encrypt
-# - _memory_decrypt
-
-sub ccm_encrypt_authenticate {
-  my $cipher_name = shift;
-  my $key = shift;
-  my $nonce = shift;
-  my $adata = shift;
-  my $tag_len = shift;
-  my $plaintext = shift;
-  return _memory_encrypt(Crypt::Cipher::_trans_cipher_name($cipher_name), $key, $nonce, $adata, $tag_len, $plaintext);
-}
-
-sub ccm_decrypt_verify {
-  my $cipher_name = shift;
-  my $key = shift;
-  my $nonce = shift;
-  my $adata = shift;
-  my $ciphertext = shift;
-  my $tag = shift;
-  return _memory_decrypt(Crypt::Cipher::_trans_cipher_name($cipher_name), $key, $nonce, $adata, $ciphertext, $tag);
-}
 
 1;
 
@@ -46,15 +25,36 @@ Crypt::AuthEnc::CCM - Authenticated encryption in CCM mode
 
 =head1 SYNOPSIS
 
+ ### OO interface
+ use Crypt::AuthEnc::CCM;
+
+ # encrypt and authenticate
+ my $ae = Crypt::AuthEnc::CCM->new("AES", $key, $iv, $adata, $tag_len, $pt_len);
+ my $ct = $ae->encrypt_add('data1');
+ $ct .= $ae->encrypt_add('data2');
+ $ct .= $ae->encrypt_add('data3');
+ my $tag = $ae->encrypt_done();
+
+ # decrypt and verify
+ my $ae = Crypt::AuthEnc::CCM->new("AES", $key, $iv, $adata, $tag_len, $pt_len);
+ my $pt = $ae->decrypt_add('ciphertext1');
+ $pt .= $ae->decrypt_add('ciphertext2');
+ $pt .= $ae->decrypt_add('ciphertext3');
+ my $tag = $ae->decrypt_done();
+ die "decrypt failed" unless $tag eq $expected_tag;
+
+ #or
+ my $result = $ae->decrypt_done($expected_tag); # 0 or 1
+
  ### functional interface
  use Crypt::AuthEnc::CCM qw(ccm_encrypt_authenticate ccm_decrypt_verify);
 
- my ($ciphertext, $tag) = ccm_encrypt_authenticate('AES', $key, $nonce, $adata, $tag_len, $plaintext);
+ ($ciphertext, $tag) = ccm_encrypt_authenticate('AES', $key, $nonce, $adata, $tag_len, $plaintext);
- my $plaintext = ccm_decrypt_verify('AES', $key, $nonce, $adata, $ciphertext, $tag);
+ $plaintext = ccm_decrypt_verify('AES', $key, $nonce, $adata, $ciphertext, $tag);
 
 =head1 DESCRIPTION
 
-CCM is a encrypt+authenticate mode that is centered around using AES (or any 16-byte cipher) as aprimitive.
+CCM is a encrypt+authenticate mode that is centered around using AES (or any 16-byte cipher) as a primitive.
 Unlike EAX and OCB mode, it is only meant for packet mode where the length of the input is known in advance.
 
 =head1 EXPORT
@@ -86,9 +86,43 @@ CCM parameters should follow L<http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistsp
 =head2 ccm_decrypt_verify
 
  my $plaintext = ccm_decrypt_verify($cipher, $key, $nonce, $adata, $ciphertext, $tag);
-
  # on error returns undef
 
+=head1 METHODS
+
+=head2 new
+
+ my $ae = Crypt::AuthEnc::CCM->new($cipher, $key, $nonce, $adata, $tag_len, $pt_len);
+
+ # $cipher .. 'AES' or name of any other cipher with 16-byte block len
+ # $key ..... key of proper length (e.g. 128/192/256bits for AES)
+ # $nonce ... unique nonce/salt (no need to keep it secret)
+ # $adata ... additional authenticated data
+ # $tag_len . required length of output tag
+ # $pt_len .. expected length of plaintext/ciphertext to encrypt/decrypt
+
+=head2 encrypt_add
+
+ $ciphertext = $ae->encrypt_add($data);        # can be called multiple times
+
+=head2 encrypt_done
+
+ my $tag = $ae->encrypt_done;                  # returns $tag value
+
+=head2 decrypt_add
+
+ $plaintext = $ae->decrypt_add($ciphertext);   # can be called multiple times
+
+=head2 decrypt_done
+
+ my $tag = $ae->decrypt_done;           # returns $tag value
+ #or
+ my $result = $ae->decrypt_done($tag);  # returns 1 (success) or 0 (failure)
+
+=head2 clone
+
+ my $ae_new = $ae->clone;
+
 =head1 SEE ALSO
 
 =over
@@ -98,3 +132,5 @@ CCM parameters should follow L<http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistsp
 =item * L<https://en.wikipedia.org/wiki/CCM_mode|https://en.wikipedia.org/wiki/CCM_mode>
 
 =back
+
+=cut

lib/Crypt/AuthEnc/ChaCha20Poly1305.pm

@@ -2,42 +2,18 @@ package Crypt::AuthEnc::ChaCha20Poly1305;
 
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
 
-use base qw(Crypt::AuthEnc Exporter);
+require Exporter; our @ISA = qw(Exporter); ### use Exporter 'import';
 our %EXPORT_TAGS = ( all => [qw( chacha20poly1305_encrypt_authenticate chacha20poly1305_decrypt_verify )] );
 our @EXPORT_OK = ( @{ $EXPORT_TAGS{'all'} } );
 our @EXPORT = qw();
 
+use Carp;
+$Carp::Internal{(__PACKAGE__)}++;
 use CryptX;
 
-sub new { my $class = shift; _new(@_) }
+sub CLONE_SKIP { 1 } # prevent cloning
-
-sub chacha20poly1305_encrypt_authenticate {
-  my $key = shift;
-  my $iv = shift;
-  my $adata = shift;
-  my $plaintext = shift;
-
-  my $m = Crypt::AuthEnc::ChaCha20Poly1305->new($key, $iv);
-  $m->adata_add(defined $adata ? $adata : ''); #XXX-TODO if no aad we have to pass empty string
-  my $ct = $m->encrypt_add($plaintext);
-  my $tag = $m->encrypt_done;
-  return ($ct, $tag);
-}
-
-sub chacha20poly1305_decrypt_verify {
-  my $key = shift;
-  my $iv = shift;
-  my $adata = shift;
-  my $ciphertext = shift;
-  my $tag = shift;
-
-  my $m = Crypt::AuthEnc::ChaCha20Poly1305->new($key, $iv);
-  $m->adata_add(defined $adata ? $adata : ''); #XXX-TODO if no aad we have to pass empty string
-  my $ct = $m->decrypt_add($ciphertext);
-  return $m->decrypt_done($tag) ? $ct : undef;
-}
 
 1;
 
@@ -45,7 +21,7 @@ sub chacha20poly1305_decrypt_verify {
 
 =head1 NAME
 
-Crypt::AuthEnc::ChaCha20Poly1305 - Authenticated encryption in ChaCha20Poly1305 mode
+Crypt::AuthEnc::ChaCha20Poly1305 - Authenticated encryption in ChaCha20-Poly1305 mode
 
 =head1 SYNOPSIS
 
@@ -54,25 +30,25 @@ Crypt::AuthEnc::ChaCha20Poly1305 - Authenticated encryption in ChaCha20Poly1305
 
  # encrypt and authenticate
  my $ae = Crypt::AuthEnc::ChaCha20Poly1305->new($key, $iv);
- $ae->aad_add('additional_authenticated_data1');
+ $ae->adata_add('additional_authenticated_data1');
- $ae->aad_add('additional_authenticated_data2');
+ $ae->adata_add('additional_authenticated_data2');
- $ct = $ae->encrypt_add('data1');
+ my $ct = $ae->encrypt_add('data1');
- $ct = $ae->encrypt_add('data2');
+ $ct .= $ae->encrypt_add('data2');
- $ct = $ae->encrypt_add('data3');
+ $ct .= $ae->encrypt_add('data3');
- $tag = $ae->encrypt_done();
+ my $tag = $ae->encrypt_done();
 
  # decrypt and verify
  my $ae = Crypt::AuthEnc::ChaCha20Poly1305->new($key, $iv);
- $ae->aad_add('additional_authenticated_data1');
+ $ae->adata_add('additional_authenticated_data1');
- $ae->aad_add('additional_authenticated_data2');
+ $ae->adata_add('additional_authenticated_data2');
- $pt = $ae->decrypt_add('ciphertext1');
+ my $pt = $ae->decrypt_add('ciphertext1');
- $pt = $ae->decrypt_add('ciphertext2');
+ $pt .= $ae->decrypt_add('ciphertext2');
- $pt = $ae->decrypt_add('ciphertext3');
+ $pt .= $ae->decrypt_add('ciphertext3');
- $tag = $ae->decrypt_done();
+ my $tag = $ae->decrypt_done();
  die "decrypt failed" unless $tag eq $expected_tag;
 
  #or
- my $result = $ae->decrypt_done($expected_tag) die "decrypt failed";
+ my $result = $ae->decrypt_done($expected_tag); # 0 or 1
 
  ### functional interface
  use Crypt::AuthEnc::ChaCha20Poly1305 qw(chacha20poly1305_encrypt_authenticate chacha20poly1305_decrypt_verify);
@@ -105,7 +81,6 @@ You can export selected functions:
 =head2 chacha20poly1305_decrypt_verify
 
  my $plaintext = chacha20poly1305_decrypt_verify($key, $iv, $adata, $ciphertext, $tag);
-
  # on error returns undef
 
 =head1 METHODS
@@ -117,42 +92,48 @@ You can export selected functions:
  # $key ..... encryption key of proper length (128 or 256 bits / 16 or 32 bytes)
  # $iv ...... initialization vector (64 or 96 bits / 8 or 12 bytes)
 
-=head2 aad_add
+=head2 adata_add
 
+Add B<additional authenticated data>.
 Can be called before the first C<encrypt_add> or C<decrypt_add>;
 
- $ae->aad_add($aad_data);                       #can be called multiple times
+ $ae->adata_add($aad_data);                     # can be called multiple times
 
 =head2 encrypt_add
 
- $ciphertext = $ae->encrypt_add($data);         #can be called multiple times
+ $ciphertext = $ae->encrypt_add($data);         # can be called multiple times
 
 =head2 encrypt_done
 
- $tag = $ae->encrypt_done();
+ $tag = $ae->encrypt_done();                    # returns $tag value
 
 =head2 decrypt_add
 
- $plaintext = $ae->decrypt_add($ciphertext);    #can be called multiple times
+ $plaintext = $ae->decrypt_add($ciphertext);    # can be called multiple times
 
 =head2 decrypt_done
 
- my $result = $ae->decrypt_done($tag);  # returns 1 (success) or 0 (failure)
- #or
  my $tag = $ae->decrypt_done;           # returns $tag value
+ #or
+ my $result = $ae->decrypt_done($tag);  # returns 1 (success) or 0 (failure)
+
+=head2 set_iv
+
+ my $ae = Crypt::AuthEnc::ChaCha20Poly1305->new($key)->set_iv($iv);
+ # $iv ...... initialization vector (64 or 96 bits / 8 or 12 bytes)
+
+=head2 set_iv_rfc7905
+
+See L<https://tools.ietf.org/html/rfc7905>
+
+ my $ae = Crypt::AuthEnc::ChaCha20Poly1305->new($key)->set_iv_rfc7905($iv, $seqnum);
+ # $iv ...... initialization vector (96 bits / 12 bytes)
+ # $seqnum .. 64bit integer (sequence number)
 
 =head2 clone
 
  my $ae_new = $ae->clone;
 
-=head2 set_iv
-
- $ae->set_iv($iv);
-
-=head2 set_iv_rfc7905
-
- $ae->set_iv_rfc7905($iv, $seqnum);
-
 =head1 SEE ALSO
 
 =over
@@ -162,3 +143,5 @@ Can be called before the first C<encrypt_add> or C<decrypt_add>;
 =item * L<https://tools.ietf.org/html/rfc7539>
 
 =back
+
+=cut

lib/Crypt/AuthEnc/EAX.pm

@@ -2,60 +2,22 @@ package Crypt::AuthEnc::EAX;
 
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
 
-use base qw(Crypt::AuthEnc Exporter);
+require Exporter; our @ISA = qw(Exporter); ### use Exporter 'import';
 our %EXPORT_TAGS = ( all => [qw( eax_encrypt_authenticate eax_decrypt_verify )] );
 our @EXPORT_OK = ( @{ $EXPORT_TAGS{'all'} } );
 our @EXPORT = qw();
 
+use Carp;
+$Carp::Internal{(__PACKAGE__)}++;
 use CryptX;
-use Crypt::Cipher;
 
-### the following methods/functions are implemented in XS:
+# obsolete, only for backwards compatibility
-# - _new
+sub header_add { goto &adata_add }
-# - DESTROY
+sub aad_add    { goto &adata_add }
-# - clone
-# - encrypt_add
-# - encrypt_done
-# - decrypt_add
-# - decrypt_done
-# - aad_add
 
-sub new { my $class = shift; _new(Crypt::Cipher::_trans_cipher_name(shift), @_) }
+sub CLONE_SKIP { 1 } # prevent cloning
-
-sub eax_encrypt_authenticate {
-  my $cipher_name = shift;
-  my $key = shift;
-  my $iv = shift;
-  my $adata = shift;
-  my $plaintext = shift;
-
-  my $m = Crypt::AuthEnc::EAX->new($cipher_name, $key, $iv);
-  $m->aad_add($adata) if defined $adata;
-  my $ct = $m->encrypt_add($plaintext);
-  my $tag = $m->encrypt_done;
-  return ($ct, $tag);
-}
-
-sub eax_decrypt_verify {
-  my $cipher_name = shift;
-  my $key = shift;
-  my $iv = shift;
-  my $adata = shift;
-  my $ciphertext = shift;
-  my $tag = shift;
-
-  my $m = Crypt::AuthEnc::EAX->new($cipher_name, $key, $iv);
-  $m->aad_add($adata) if defined $adata;
-  my $ct = $m->decrypt_add($ciphertext);
-  return $m->decrypt_done($tag) ? $ct : undef;
-}
-
-sub header_add {
-  # obsolete, only for backwards compatibility
-  shift->aad_add(@_);
-}
 
 1;
 
@@ -72,25 +34,25 @@ Crypt::AuthEnc::EAX - Authenticated encryption in EAX mode
 
  # encrypt and authenticate
  my $ae = Crypt::AuthEnc::EAX->new("AES", $key, $iv);
- $ae->aad_add('additional_authenticated_data1');
+ $ae->adata_add('additional_authenticated_data1');
- $ae->aad_add('additional_authenticated_data2');
+ $ae->adata_add('additional_authenticated_data2');
- $ct = $ae->encrypt_add('data1');
+ my $ct = $ae->encrypt_add('data1');
- $ct = $ae->encrypt_add('data2');
+ $ct .= $ae->encrypt_add('data2');
- $ct = $ae->encrypt_add('data3');
+ $ct .= $ae->encrypt_add('data3');
- $tag = $ae->encrypt_done();
+ my $tag = $ae->encrypt_done();
 
  # decrypt and verify
  my $ae = Crypt::AuthEnc::EAX->new("AES", $key, $iv);
- $ae->aad_add('additional_authenticated_data1');
+ $ae->adata_add('additional_authenticated_data1');
- $ae->aad_add('additional_authenticated_data2');
+ $ae->adata_add('additional_authenticated_data2');
- $pt = $ae->decrypt_add('ciphertext1');
+ my $pt = $ae->decrypt_add('ciphertext1');
- $pt = $ae->decrypt_add('ciphertext2');
+ $pt .= $ae->decrypt_add('ciphertext2');
- $pt = $ae->decrypt_add('ciphertext3');
+ $pt .= $ae->decrypt_add('ciphertext3');
- $tag = $ae->decrypt_done();
+ my $tag = $ae->decrypt_done();
  die "decrypt failed" unless $tag eq $expected_tag;
 
  #or
- my $result = $ae->decrypt_done($expected_tag) die "decrypt failed";
+ my $result = $ae->decrypt_done($expected_tag); # 0 or 1
 
  ### functional interface
  use Crypt::AuthEnc::EAX qw(eax_encrypt_authenticate eax_decrypt_verify);
@@ -126,7 +88,6 @@ You can export selected functions:
 =head2 eax_decrypt_verify
 
  my $plaintext = eax_decrypt_verify($cipher, $key, $iv, $adata, $ciphertext, $tag);
-
  # on error returns undef
 
 =head1 METHODS
@@ -142,27 +103,27 @@ You can export selected functions:
  # $iv ...... unique initialization vector (no need to keep it secret)
  # $adata ... additional authenticated data (optional)
 
-=head2 aad_add
+=head2 adata_add
 
- $ae->aad_add($adata);                          #can be called multiple times
+ $ae->adata_add($adata);                        # can be called multiple times
 
 =head2 encrypt_add
 
- $ciphertext = $ae->encrypt_add($data);         #can be called multiple times
+ $ciphertext = $ae->encrypt_add($data);         # can be called multiple times
 
 =head2 encrypt_done
 
- $tag = $ae->encrypt_done();
+ $tag = $ae->encrypt_done();                    # returns $tag value
 
 =head2 decrypt_add
 
- $plaintext = $ae->decrypt_add($ciphertext);    #can be called multiple times
+ $plaintext = $ae->decrypt_add($ciphertext);    # can be called multiple times
 
 =head2 decrypt_done
 
- my $result = $ae->decrypt_done($tag);  # returns 1 (success) or 0 (failure)
- #or
  my $tag = $ae->decrypt_done;           # returns $tag value
+ #or
+ my $result = $ae->decrypt_done($tag);  # returns 1 (success) or 0 (failure)
 
 =head2 clone
 
@@ -177,3 +138,5 @@ You can export selected functions:
 =item * L<https://en.wikipedia.org/wiki/EAX_mode|https://en.wikipedia.org/wiki/EAX_mode>
 
 =back
+
+=cut

lib/Crypt/AuthEnc/GCM.pm

@@ -2,53 +2,18 @@ package Crypt::AuthEnc::GCM;
 
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
 
-use base qw(Crypt::AuthEnc Exporter);
+require Exporter; our @ISA = qw(Exporter); ### use Exporter 'import';
 our %EXPORT_TAGS = ( all => [qw( gcm_encrypt_authenticate gcm_decrypt_verify )] );
 our @EXPORT_OK = ( @{ $EXPORT_TAGS{'all'} } );
 our @EXPORT = qw();
 
+use Carp;
+$Carp::Internal{(__PACKAGE__)}++;
 use CryptX;
-use Crypt::Cipher;
 
-sub new {
+sub CLONE_SKIP { 1 } # prevent cloning
-  my ($class, $cipher, $key, $iv) = @_;
-  my $self = _new(Crypt::Cipher::_trans_cipher_name($cipher), $key);
-  # for backwards compatibility the $iv is optional
-  $self->iv_add($iv) if defined $iv;
-  return $self;
-}
-
-sub gcm_encrypt_authenticate {
-  my $cipher_name = shift;
-  my $key = shift;
-  my $iv = shift;
-  my $adata = shift;
-  my $plaintext = shift;
-
-  my $m = Crypt::AuthEnc::GCM->new($cipher_name, $key);
-  $m->iv_add($iv);
-  $m->adata_add(defined $adata ? $adata : ''); #XXX-TODO if no aad we have to pass empty string
-  my $ct = $m->encrypt_add($plaintext);
-  my $tag = $m->encrypt_done;
-  return ($ct, $tag);
-}
-
-sub gcm_decrypt_verify {
-  my $cipher_name = shift;
-  my $key = shift;
-  my $iv = shift;
-  my $adata = shift;
-  my $ciphertext = shift;
-  my $tag = shift;
-
-  my $m = Crypt::AuthEnc::GCM->new($cipher_name, $key);
-  $m->iv_add($iv);
-  $m->adata_add(defined $adata ? $adata : ''); #XXX-TODO if no aad we have to pass empty string
-  my $ct = $m->decrypt_add($ciphertext);
-  return $m->decrypt_done($tag) ? $ct : undef;
-}
 
 1;
 
@@ -65,25 +30,25 @@ Crypt::AuthEnc::GCM - Authenticated encryption in GCM mode
 
  # encrypt and authenticate
  my $ae = Crypt::AuthEnc::GCM->new("AES", $key, $iv);
- $ae->aad_add('additional_authenticated_data1');
+ $ae->adata_add('additional_authenticated_data1');
- $ae->aad_add('additional_authenticated_data2');
+ $ae->adata_add('additional_authenticated_data2');
- $ct = $ae->encrypt_add('data1');
+ my $ct = $ae->encrypt_add('data1');
- $ct = $ae->encrypt_add('data2');
+ $ct .= $ae->encrypt_add('data2');
- $ct = $ae->encrypt_add('data3');
+ $ct .= $ae->encrypt_add('data3');
- $tag = $ae->encrypt_done();
+ my $tag = $ae->encrypt_done();
 
  # decrypt and verify
  my $ae = Crypt::AuthEnc::GCM->new("AES", $key, $iv);
- $ae->aad_add('additional_authenticated_data1');
+ $ae->adata_add('additional_authenticated_data1');
- $ae->aad_add('additional_authenticated_data2');
+ $ae->adata_add('additional_authenticated_data2');
- $pt = $ae->decrypt_add('ciphertext1');
+ my $pt = $ae->decrypt_add('ciphertext1');
- $pt = $ae->decrypt_add('ciphertext2');
+ $pt .= $ae->decrypt_add('ciphertext2');
- $pt = $ae->decrypt_add('ciphertext3');
+ $pt .= $ae->decrypt_add('ciphertext3');
- $tag = $ae->decrypt_done();
+ my $tag = $ae->decrypt_done();
  die "decrypt failed" unless $tag eq $expected_tag;
 
  #or
- my $result = $ae->decrypt_done($expected_tag) die "decrypt failed";
+ my $result = $ae->decrypt_done($expected_tag); # 0 or 1
 
  ### functional interface
  use Crypt::AuthEnc::GCM qw(gcm_encrypt_authenticate gcm_decrypt_verify);
@@ -117,7 +82,6 @@ You can export selected functions:
 =head2 gcm_decrypt_verify
 
  my $plaintext = gcm_decrypt_verify($cipher, $key, $iv, $adata, $ciphertext, $tag);
-
  # on error returns undef
 
 =head1 METHODS
@@ -134,31 +98,34 @@ You can export selected functions:
 
 =head2 iv_add
 
+Set initialization vector (IV).
+
  $ae->iv_add($iv_data);                        #can be called multiple times
 
-=head2 aad_add
+=head2 adata_add
 
-Can be called B<after> all C<iv_add> calls but before the first C<encrypt_add> or C<decrypt_add>;
+Add B<additional authenticated data>.
+Can be called B<after> all C<iv_add> calls but before the first C<encrypt_add> or C<decrypt_add>.
 
- $ae->aad_add($aad_data);               #can be called multiple times
+ $ae->adata_add($aad_data);                    # can be called multiple times
 
 =head2 encrypt_add
 
- $ciphertext = $ae->encrypt_add($data);        #can be called multiple times
+ $ciphertext = $ae->encrypt_add($data);        # can be called multiple times
 
 =head2 encrypt_done
 
- $tag = $ae->encrypt_done();
+ $tag = $ae->encrypt_done();                   # returns $tag value
 
 =head2 decrypt_add
 
- $plaintext = $ae->decrypt_add($ciphertext);   #can be called multiple times
+ $plaintext = $ae->decrypt_add($ciphertext);   # can be called multiple times
 
 =head2 decrypt_done
 
- my $result = $ae->decrypt_done($tag);  # returns 1 (success) or 0 (failure)
- #or
  my $tag = $ae->decrypt_done;           # returns $tag value
+ #or
+ my $result = $ae->decrypt_done($tag);  # returns 1 (success) or 0 (failure)
 
 =head2 reset
 
@@ -177,3 +144,5 @@ Can be called B<after> all C<iv_add> calls but before the first C<encrypt_add> o
 =item * L<https://en.wikipedia.org/wiki/Galois/Counter_Mode>
 
 =back
+
+=cut

lib/Crypt/AuthEnc/OCB.pm

@@ -2,50 +2,22 @@ package Crypt::AuthEnc::OCB;
 
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
 
-use base qw(Crypt::AuthEnc Exporter);
+require Exporter; our @ISA = qw(Exporter); ### use Exporter 'import';
 our %EXPORT_TAGS = ( all => [qw( ocb_encrypt_authenticate ocb_decrypt_verify )] );
 our @EXPORT_OK = ( @{ $EXPORT_TAGS{'all'} } );
 our @EXPORT = qw();
 
+use Carp;
+$Carp::Internal{(__PACKAGE__)}++;
 use CryptX;
-use Crypt::Cipher;
 
-sub new { my $class = shift; _new(Crypt::Cipher::_trans_cipher_name(shift), @_) }
+# obsolete, only for backwards compatibility
+sub aad_add { goto &adata_add }
+sub blocksize { return 16 }
 
-sub ocb_encrypt_authenticate {
+sub CLONE_SKIP { 1 } # prevent cloning
-  my $cipher_name = shift;
-  my $key = shift;
-  my $nonce = shift;
-  my $adata = shift;
-  my $plaintext = shift;
-
-  my $m = Crypt::AuthEnc::OCB->new($cipher_name, $key, $nonce);
-  $m->aad_add($adata) if defined $adata;
-  my $ct = $m->encrypt_last($plaintext);
-  my $tag = $m->encrypt_done;
-  return ($ct, $tag);
-}
-
-sub ocb_decrypt_verify {
-  my $cipher_name = shift;
-  my $key = shift;
-  my $nonce = shift;
-  my $adata = shift;
-  my $ciphertext = shift;
-  my $tag = shift;
-
-  my $m = Crypt::AuthEnc::OCB->new($cipher_name, $key, $nonce);
-  $m->aad_add($adata) if defined $adata;
-  my $ct = $m->decrypt_last($ciphertext);
-  return $m->decrypt_done($tag) ? $ct : undef;
-}
-
-sub adata_add {
-  # obsolete, only for backwards compatibility
-  shift->aad_add(@_);
-}
 
 1;
 
@@ -61,34 +33,38 @@ Crypt::AuthEnc::OCB - Authenticated encryption in OCBv3 mode
  use Crypt::AuthEnc::OCB;
 
  # encrypt and authenticate
- my $ae = Crypt::AuthEnc::OCB->new("AES", $key, $nonce);
+ my $ae = Crypt::AuthEnc::OCB->new("AES", $key, $nonce, $tag_len);
- $ae->aad_add('additional_authenticated_data1');
+ $ae->adata_add('additional_authenticated_data1');
- $ae->aad_add('additional_authenticated_data2');
+ $ae->adata_add('additional_authenticated_data2');
- $ct = $ae->encrypt_add('data1');
+ my $ct = $ae->encrypt_add('data1');
- $ct = $ae->encrypt_add('data2');
+ $ct .= $ae->encrypt_add('data2');
- $ct = $ae->encrypt_add('data3');
+ $ct .= $ae->encrypt_add('data3');
- $ct = $ae->encrypt_last('rest of data');
+ $ct .= $ae->encrypt_last('rest of data');
- ($ct,$tag) = $ae->encrypt_done();
+ my $tag = $ae->encrypt_done();
 
  # decrypt and verify
- my $ae = Crypt::AuthEnc::OCB->new("AES", $key, $nonce);
+ my $ae = Crypt::AuthEnc::OCB->new("AES", $key, $nonce, $tag_len);
- $ae->aad_add('additional_authenticated_data1');
+ $ae->adata_add('additional_authenticated_data1');
- $ae->aad_add('additional_authenticated_data2');
+ $ae->adata_add('additional_authenticated_data2');
- $pt = $ae->decrypt_add('ciphertext1');
+ my $pt = $ae->decrypt_add('ciphertext1');
- $pt = $ae->decrypt_add('ciphertext2');
+ $pt .= $ae->decrypt_add('ciphertext2');
- $pt = $ae->decrypt_add('ciphertext3');
+ $pt .= $ae->decrypt_add('ciphertext3');
- $pt = $ae->decrypt_last('rest of data');
+ $pt .= $ae->decrypt_last('rest of data');
- ($pt,$tag) = $ae->decrypt_done();
+ my $tag = $ae->decrypt_done();
+ die "decrypt failed" unless $tag eq $expected_tag;
+
+ #or
+ my $result = $ae->decrypt_done($expected_tag); # 0 or 1
 
  ### functional interface
  use Crypt::AuthEnc::OCB qw(ocb_encrypt_authenticate ocb_decrypt_verify);
 
- my ($ciphertext, $tag) = ocb_encrypt_authenticate('AES', $key, $nonce, $adata, $plaintext);
+ my ($ciphertext, $tag) = ocb_encrypt_authenticate('AES', $key, $nonce, $adata, $tag_len, $plaintext);
  my $plaintext = ocb_decrypt_verify('AES', $key, $nonce, $adata, $ciphertext, $tag);
 
 =head1 DESCRIPTION
 
-This module implements OCB version 3 according http://datatracker.ietf.org/doc/draft-irtf-cfrg-ocb/
+This module implements OCB v3 according to L<https://tools.ietf.org/html/rfc7253>
 
 =head1 EXPORT
 
@@ -102,36 +78,37 @@ You can export selected functions:
 
 =head2 ocb_encrypt_authenticate
 
- my ($ciphertext, $tag) = ocb_encrypt_authenticate($cipher, $key, $nonce, $adata, $plaintext);
+ my ($ciphertext, $tag) = ocb_encrypt_authenticate($cipher, $key, $nonce, $adata, $tag_len, $plaintext);
 
  # $cipher .. 'AES' or name of any other cipher with 16-byte block len
  # $key ..... AES key of proper length (128/192/256bits)
  # $nonce ... unique nonce/salt (no need to keep it secret)
  # $adata ... additional authenticated data
+ # $tag_len . required length of output tag
 
 =head2 ocb_decrypt_verify
 
   my $plaintext = ocb_decrypt_verify($cipher, $key, $nonce, $adata, $ciphertext, $tag);
-
   # on error returns undef
 
 =head1 METHODS
 
 =head2 new
 
- my $ae = Crypt::AuthEnc::OCB->new($cipher, $key, $nonce);
+ my $ae = Crypt::AuthEnc::OCB->new($cipher, $key, $nonce, $tag_len);
 
  # $cipher .. 'AES' or name of any other cipher with 16-byte block len
  # $key ..... AES key of proper length (128/192/256bits)
  # $nonce ... unique nonce/salt (no need to keep it secret)
+ # $tag_len . required length of output tag
 
-=head2 aad_add
+=head2 adata_add
 
- $ae->aad_add($adata);                          #can be called multiple times
+ $ae->adata_add($adata);                        #can be called multiple times
 
 =head2 encrypt_add
 
- $ciphertext = $ae->encrypt_add($data);         #can be called multiple times
+ $ciphertext = $ae->encrypt_add($data);         # can be called multiple times
 
  #BEWARE: size of $data has to be multiple of blocklen (16 for AES)
 
@@ -141,23 +118,23 @@ You can export selected functions:
 
 =head2 encrypt_done
 
- $tag = $ae->encrypt_done();
+ $tag = $ae->encrypt_done();                    # returns $tag value
 
 =head2 decrypt_add
 
- $plaintext = $ae->decrypt_add($ciphertext);    #can be called multiple times
+ $plaintext = $ae->decrypt_add($ciphertext);    # can be called multiple times
 
  #BEWARE: size of $ciphertext has to be multiple of blocklen (16 for AES)
 
-=head2 encrypt_last
+=head2 decrypt_last
 
  $plaintext = $ae->decrypt_last($data);
 
 =head2 decrypt_done
 
- my $result = $ae->decrypt_done($tag);  # returns 1 (success) or 0 (failure)
- #or
  my $tag = $ae->decrypt_done;           # returns $tag value
+ #or
+ my $result = $ae->decrypt_done($tag);  # returns 1 (success) or 0 (failure)
 
 =head2 clone
 
@@ -169,6 +146,10 @@ You can export selected functions:
 
 =item * L<CryptX|CryptX>, L<Crypt::AuthEnc::CCM|Crypt::AuthEnc::CCM>, L<Crypt::AuthEnc::GCM|Crypt::AuthEnc::GCM>, L<Crypt::AuthEnc::EAX|Crypt::AuthEnc::EAX>
 
-=item * L<https://en.wikipedia.org/wiki/OCB_mode|https://en.wikipedia.org/wiki/OCB_mode>
+=item * L<https://en.wikipedia.org/wiki/OCB_mode>
+
+=item * L<https://tools.ietf.org/html/rfc7253>
 
 =back
+
+=cut

lib/Crypt/Checksum.pm

@@ -2,32 +2,57 @@ package Crypt::Checksum;
 
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
 
 require Exporter; our @ISA = qw(Exporter); ### use Exporter 'import';
-our %EXPORT_TAGS = ( all => [qw/
+our %EXPORT_TAGS = ( all => [qw/ adler32_data adler32_data_hex adler32_data_int adler32_file adler32_file_hex adler32_file_int
-                                  adler32_data adler32_data_hex adler32_data_int adler32_file adler32_file_hex adler32_file_int
+                                 crc32_data crc32_data_hex crc32_data_int crc32_file crc32_file_hex crc32_file_int /] );
-                                  crc32_data crc32_data_hex crc32_data_int crc32_file crc32_file_hex crc32_file_int
-                               /] );
 our @EXPORT_OK = ( @{ $EXPORT_TAGS{'all'} } );
 our @EXPORT = qw();
 
 use Carp;
-use Crypt::Checksum::Adler32;
+$Carp::Internal{(__PACKAGE__)}++;
-use Crypt::Checksum::CRC32;
 
-sub adler32_data        { Crypt::Checksum::Adler32->new->add(@_)->digest                  }
+# obsolete since v0.057, only for backwards compatibility
-sub adler32_data_hex    { Crypt::Checksum::Adler32->new->add(@_)->hexdigest               }
+use Crypt::Checksum::CRC32;
-sub adler32_data_int    { unpack("N", Crypt::Checksum::Adler32->new->add(@_)->digest)     }
+use Crypt::Checksum::Adler32;
-sub adler32_file        { Crypt::Checksum::Adler32->new->addfile(@_)->digest              }
+sub adler32_data        { goto \&Crypt::Checksum::Adler32::adler32_data     }
-sub adler32_file_hex    { Crypt::Checksum::Adler32->new->addfile(@_)->hexdigest           }
+sub adler32_data_hex    { goto \&Crypt::Checksum::Adler32::adler32_data_hex }
-sub adler32_file_int    { unpack("N", Crypt::Checksum::Adler32->new->addfile(@_)->digest) }
+sub adler32_data_int    { goto \&Crypt::Checksum::Adler32::adler32_data_int }
-sub crc32_data          { Crypt::Checksum::CRC32->new->add(@_)->digest                    }
+sub adler32_file        { goto \&Crypt::Checksum::Adler32::adler32_file     }
-sub crc32_data_hex      { Crypt::Checksum::CRC32->new->add(@_)->hexdigest                 }
+sub adler32_file_hex    { goto \&Crypt::Checksum::Adler32::adler32_file_hex }
-sub crc32_data_int      { unpack("N", Crypt::Checksum::CRC32->new->add(@_)->digest)       }
+sub adler32_file_int    { goto \&Crypt::Checksum::Adler32::adler32_file_int }
-sub crc32_file          { Crypt::Checksum::CRC32->new->addfile(@_)->digest                }
+sub crc32_data          { goto \&Crypt::Checksum::CRC32::crc32_data     }
-sub crc32_file_hex      { Crypt::Checksum::CRC32->new->addfile(@_)->hexdigest             }
+sub crc32_data_hex      { goto \&Crypt::Checksum::CRC32::crc32_data_hex }
-sub crc32_file_int      { unpack("N", Crypt::Checksum::CRC32->new->addfile(@_)->digest)   }
+sub crc32_data_int      { goto \&Crypt::Checksum::CRC32::crc32_data_int }
+sub crc32_file          { goto \&Crypt::Checksum::CRC32::crc32_file     }
+sub crc32_file_hex      { goto \&Crypt::Checksum::CRC32::crc32_file_hex }
+sub crc32_file_int      { goto \&Crypt::Checksum::CRC32::crc32_file_int }
+
+sub addfile {
+  my ($self, $file) = @_;
+
+  my $handle;
+  if (ref(\$file) eq 'SCALAR') {        #filename
+    open($handle, "<", $file) || croak "FATAL: cannot open '$file': $!";
+    binmode($handle);
+  }
+  else {                                #handle
+    $handle = $file
+  }
+  croak "FATAL: invalid handle" unless defined $handle;
+
+  my $n;
+  my $buf = "";
+  while (($n = read($handle, $buf, 32*1024))) {
+    $self->add($buf)
+  }
+  croak "FATAL: read failed: $!" unless defined $n;
+
+  return $self;
+}
+
+sub CLONE_SKIP { 1 } # prevent cloning
 
 1;
 
@@ -35,163 +60,10 @@ sub crc32_file_int      { unpack("N", Crypt::Checksum::CRC32->new->addfile(@_)->
 
 =head1 NAME
 
-Crypt::Checksum - functional interface to CRC32 and Adler32 checksums
+Crypt::Checksum - [internal only]
-
-=head1 SYNOPSIS
-
-   use Crypt::Checksum ':all';
-   
-   # calculate Adler32 checksum from string/buffer
-   $checksum_raw  = adler32_data($data);
-   $checksum_hex  = adler32_data_hex($data);
-
-   # calculate Adler32 checksum from file
-   $checksum_raw  = adler32_file('filename.dat');
-   $checksum_hex  = adler32_file_hex('filename.dat');
-
-   # calculate Adler32 checksum from filehandle
-   $checksum_raw  = adler32_file(*FILEHANDLE);
-   $checksum_hex  = adler32_file_hex(*FILEHANDLE);
-
-   # calculate CRC32 checksum from string/buffer
-   $checksum_raw  = crc32_data($data);
-   $checksum_hex  = crc32_data_hex($data);
-
-   # calculate CRC32 checksum from file
-   $checksum_raw  = crc32_file('filename.dat');
-   $checksum_hex  = crc32_file_hex('filename.dat');
-
-   # calculate CRC32 checksum from filehandle
-   $checksum_raw  = crc32_file(*FILEHANDLE);
-   $checksum_hex  = crc32_file_hex(*FILEHANDLE);
 
 =head1 DESCRIPTION
 
-Calculating CRC32 and Adler32 checksums (functional interface);
+You are probably looking for L<Crypt::Checksum::CRC32> or L<Crypt::Checksum::Adler32>.
-
-I<Since: CryptX-0.032>
-
-=head1 EXPORT
-
-Nothing is exported by default.
-
-You can export selected functions:
-
-  use Crypt::Checksum qw( adler32_data adler32_data_hex adler32_file adler32_file_hex
-                          crc32_data crc32_data_hex crc32_file crc32_file_hex );
-
-Or all of them at once:
-
-  use Crypt::Checksum ':all';
-
-=head1 FUNCTIONS
-
-=head2 adler32_data
-
-Returns checksum as raw octects.
-
- $checksum_raw = adler32_data('data string');
- #or
- $checksum_raw = adler32_data('any data', 'more data', 'even more data');
-
-=head2 adler32_data_hex
-
-Returns checksum as a hexadecimal string.
-
- $checksum_hex = adler32_data_hex('data string');
- #or
- $checksum_hex = adler32_data_hex('any data', 'more data', 'even more data');
-
-=head2 adler32_data_int
-
-Returns checksum as unsingned 32bit integer.
-
- $checksum_hex = adler32_data_int('data string');
- #or
- $checksum_hex = adler32_data_int('any data', 'more data', 'even more data');
-
-=head2 adler32_file
-
-Returns checksum as raw octects.
-
- $checksum_raw = adler32_file('filename.dat');
- #or
- $checksum_raw = adler32_file(*FILEHANDLE);
-
-=head2 adler32_file_hex
-
-Returns checksum as a hexadecimal string.
-
- $checksum_hex = adler32_file_hex('filename.dat');
- #or
- $checksum_hex = adler32_file_hex(*FILEHANDLE);
-
-=head2 adler32_file_int
-
-Returns checksum as unsingned 32bit integer.
-
- $checksum_hex = adler32_file_int('data string');
- #or
- $checksum_hex = adler32_file_int('any data', 'more data', 'even more data');
-
-=head2 crc32_data
-
-Returns checksum as raw octects.
-
- $checksum_raw = crc32_data('data string');
- #or
- $checksum_raw = crc32_data('any data', 'more data', 'even more data');
-
-=head2 crc32_data_hex
-
-Returns checksum as a hexadecimal string.
-
- $checksum_hex = crc32_data_hex('data string');
- #or
- $checksum_hex = crc32_data_hex('any data', 'more data', 'even more data');
-
-=head2 crc32_data_int
-
-Returns checksum as unsingned 32bit integer.
-
- $checksum_hex = crc32_data_int('data string');
- #or
- $checksum_hex = crc32_data_int('any data', 'more data', 'even more data');
-
-=head2 crc32_file
-
-Returns checksum as raw octects.
-
- $checksum_raw = crc32_file('filename.dat');
- #or
- $checksum_raw = crc32_file(*FILEHANDLE);
-
-=head2 crc32_file_hex
-
-Returns checksum as a hexadecimal string.
-
- $checksum_hex = crc32_file_hex('filename.dat');
- #or
- $checksum_hex = crc32_file_hex(*FILEHANDLE);
-
-=head2 crc32_file_int
-
-Returns checksum as unsingned 32bit integer.
-
- $checksum_hex = crc32_file_int('data string');
- #or
- $checksum_hex = crc32_file_int('any data', 'more data', 'even more data');
-
-=head1 SEE ALSO
-
-=over
-
-=item * L<CryptX|CryptX>, L<Crypt::Checksum::Adler32>, L<Crypt::Checksum::CRC32>
-
-=item * L<https://en.wikipedia.org/wiki/Adler-32>
-
-=item * L<https://en.wikipedia.org/wiki/Cyclic_redundancy_check>
-
-=back
 
 =cut

lib/Crypt/Checksum/Adler32.pm

@@ -2,34 +2,20 @@ package Crypt::Checksum::Adler32;
 
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
+
+use base qw(Crypt::Checksum Exporter);
+our %EXPORT_TAGS = ( all => [qw( adler32_data adler32_data_hex adler32_data_int adler32_file adler32_file_hex adler32_file_int )] );
+our @EXPORT_OK = ( @{ $EXPORT_TAGS{'all'} } );
+our @EXPORT = qw();
+
 use Carp;
+$Carp::Internal{(__PACKAGE__)}++;
 use CryptX;
 
-sub addfile {
+sub adler32_file     { local $SIG{__DIE__} = \&CryptX::_croak; Crypt::Checksum::Adler32->new->addfile(@_)->digest    }
-  my ($self, $file) = @_;
+sub adler32_file_hex { local $SIG{__DIE__} = \&CryptX::_croak; Crypt::Checksum::Adler32->new->addfile(@_)->hexdigest }
-
+sub adler32_file_int { local $SIG{__DIE__} = \&CryptX::_croak; Crypt::Checksum::Adler32->new->addfile(@_)->intdigest }
-  my $handle;
-  if (ref(\$file) eq 'SCALAR') {        #filename
-    open($handle, "<", $file) || croak "FATAL: cannot open '$file': $!";
-    binmode($handle);
-  }
-  else {                                #handle
-    $handle = $file
-  }
-  croak "FATAL: invalid handle" unless defined $handle;
-
-  my $n;
-  my $buf = "";
-  while (($n = read($handle, $buf, 32*1024))) {
-    $self->add($buf)
-  }
-  croak "FATAL: read failed: $!" unless defined $n;
-
-  return $self;
-}
-
-sub CLONE_SKIP { 1 } # prevent cloning
 
 1;
 
@@ -41,20 +27,101 @@ Crypt::Checksum::Adler32 - Compute Adler32 checksum
 
 =head1 SYNOPSIS
 
+   ### Functional interface:
+   use Crypt::Checksum::Adler32 ':all';
+
+   # calculate Adler32 checksum from string/buffer
+   $checksum_raw  = adler32_data($data);
+   $checksum_hex  = adler32_data_hex($data);
+   $checksum_int  = adler32_data_int($data);
+   # calculate Adler32 checksum from file
+   $checksum_raw  = adler32_file('filename.dat');
+   $checksum_hex  = adler32_file_hex('filename.dat');
+   $checksum_int  = adler32_file_int('filename.dat');
+   # calculate Adler32 checksum from filehandle
+   $checksum_raw  = adler32_file(*FILEHANDLE);
+   $checksum_hex  = adler32_file_hex(*FILEHANDLE);
+   $checksum_int  = adler32_file_int(*FILEHANDLE);
+
+   ### OO interface:
    use Crypt::Checksum::Adler32;
 
    $d = Crypt::Checksum::Adler32->new;
    $d->add('any data');
+   $d->add('another data');
    $d->addfile('filename.dat');
    $d->addfile(*FILEHANDLE);
-   $checksum_raw  = $d->digest;     # raw bytes
+   $checksum_raw  = $d->digest;     # raw 4 bytes
    $checksum_hex  = $d->hexdigest;  # hexadecimal form
+   $checksum_int  = $d->intdigest;  # 32bit unsigned integer
 
 =head1 DESCRIPTION
 
-Calculating Adler32 checksums (OO interface);
+Calculating Adler32 checksums.
 
-I<Since: CryptX-0.032>
+I<Updated: v0.057>
+
+=head1 EXPORT
+
+Nothing is exported by default.
+
+You can export selected functions:
+
+ use Crypt::Checksum::Adler32 qw(adler32_data adler32_data_hex adler32_data_int adler32_file adler32_file_hex adler32_file_int);
+
+Or all of them at once:
+
+ use Crypt::Checksum::Adler32 ':all';
+
+=head1 FUNCTIONS
+
+=head2 adler32_data
+
+Returns checksum as raw octects.
+
+ $checksum_raw = adler32_data('data string');
+ #or
+ $checksum_raw = adler32_data('any data', 'more data', 'even more data');
+
+=head2 adler32_data_hex
+
+Returns checksum as a hexadecimal string.
+
+ $checksum_hex = adler32_data_hex('data string');
+ #or
+ $checksum_hex = adler32_data_hex('any data', 'more data', 'even more data');
+
+=head2 adler32_data_int
+
+Returns checksum as unsigned 32bit integer.
+
+ $checksum_int = adler32_data_int('data string');
+ #or
+ $checksum_int = adler32_data_int('any data', 'more data', 'even more data');
+
+=head2 adler32_file
+
+Returns checksum as raw octects.
+
+ $checksum_raw = adler32_file('filename.dat');
+ #or
+ $checksum_raw = adler32_file(*FILEHANDLE);
+
+=head2 adler32_file_hex
+
+Returns checksum as a hexadecimal string.
+
+ $checksum_hex = adler32_file_hex('filename.dat');
+ #or
+ $checksum_hex = adler32_file_hex(*FILEHANDLE);
+
+=head2 adler32_file_int
+
+Returns checksum as unsigned 32bit integer.
+
+ $checksum_int = adler32_file_int('filename.dat');
+ #or
+ $checksum_int = adler32_file_int(*FILEHANDLE);
 
 =head1 METHODS
 
@@ -108,11 +175,17 @@ Returns the checksum encoded as a hexadecimal string.
 
  $result_hex = $d->hexdigest();
 
+=head2 intdigest
+
+Returns the checksum encoded as unsigned 32bit integer.
+
+ $result_int = $d->intdigest();
+
 =head1 SEE ALSO
 
 =over
 
-=item * L<CryptX|CryptX>, L<Crypt::Checksum>
+=item * L<CryptX|CryptX>
 
 =item * L<https://en.wikipedia.org/wiki/Adler-32>
 

lib/Crypt/Checksum/CRC32.pm

@@ -2,34 +2,20 @@ package Crypt::Checksum::CRC32;
 
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
+
+use base qw(Crypt::Checksum Exporter);
+our %EXPORT_TAGS = ( all => [qw( crc32_data crc32_data_hex crc32_data_int crc32_file crc32_file_hex crc32_file_int )] );
+our @EXPORT_OK = ( @{ $EXPORT_TAGS{'all'} } );
+our @EXPORT = qw();
+
 use Carp;
+$Carp::Internal{(__PACKAGE__)}++;
 use CryptX;
 
-sub addfile {
+sub crc32_file     { local $SIG{__DIE__} = \&CryptX::_croak; Crypt::Checksum::CRC32->new->addfile(@_)->digest    }
-  my ($self, $file) = @_;
+sub crc32_file_hex { local $SIG{__DIE__} = \&CryptX::_croak; Crypt::Checksum::CRC32->new->addfile(@_)->hexdigest }
-
+sub crc32_file_int { local $SIG{__DIE__} = \&CryptX::_croak; Crypt::Checksum::CRC32->new->addfile(@_)->intdigest }
-  my $handle;
-  if (ref(\$file) eq 'SCALAR') {        #filename
-    open($handle, "<", $file) || croak "FATAL: cannot open '$file': $!";
-    binmode($handle);
-  }
-  else {                                #handle
-    $handle = $file
-  }
-  croak "FATAL: invalid handle" unless defined $handle;
-
-  my $n;
-  my $buf = "";
-  while (($n = read($handle, $buf, 32*1024))) {
-    $self->add($buf)
-  }
-  croak "FATAL: read failed: $!" unless defined $n;
-
-  return $self;
-}
-
-sub CLONE_SKIP { 1 } # prevent cloning
 
 1;
 
@@ -41,20 +27,101 @@ Crypt::Checksum::CRC32 - Compute CRC32 checksum
 
 =head1 SYNOPSIS
 
+   ### Functional interface:
+   use Crypt::Checksum::CRC32 ':all';
+
+   # calculate CRC32 checksum from string/buffer
+   $checksum_raw  = crc32_data($data);
+   $checksum_hex  = crc32_data_hex($data);
+   $checksum_int  = crc32_data_int($data);
+   # calculate CRC32 checksum from file
+   $checksum_raw  = crc32_file('filename.dat');
+   $checksum_hex  = crc32_file_hex('filename.dat');
+   $checksum_int  = crc32_file_int('filename.dat');
+   # calculate CRC32 checksum from filehandle
+   $checksum_raw  = crc32_file(*FILEHANDLE);
+   $checksum_hex  = crc32_file_hex(*FILEHANDLE);
+   $checksum_int  = crc32_file_int(*FILEHANDLE);
+
+   ### OO interface:
    use Crypt::Checksum::CRC32;
 
    $d = Crypt::Checksum::CRC32->new;
    $d->add('any data');
+   $d->add('another data');
    $d->addfile('filename.dat');
    $d->addfile(*FILEHANDLE);
-   $checksum_raw = $d->digest;     # raw bytes
+   $checksum_raw = $d->digest;     # raw 4 bytes
    $checksum_hex = $d->hexdigest;  # hexadecimal form
+   $checksum_int = $d->intdigest;  # 32bit unsigned integer
 
 =head1 DESCRIPTION
 
-Calculating CRC32 checksums (OO interface);
+Calculating CRC32 checksums.
 
-I<Since: CryptX-0.032>
+I<Updated: v0.057>
+
+=head1 EXPORT
+
+Nothing is exported by default.
+
+You can export selected functions:
+
+ use Crypt::Checksum::CRC32 qw(crc32_data crc32_data_hex crc32_data_int crc32_file crc32_file_hex crc32_file_int);
+
+Or all of them at once:
+
+ use Crypt::Checksum::CRC32 ':all';
+
+=head1 FUNCTIONS
+
+=head2 crc32_data
+
+Returns checksum as raw octects.
+
+ $checksum_raw = crc32_data('data string');
+ #or
+ $checksum_raw = crc32_data('any data', 'more data', 'even more data');
+
+=head2 crc32_data_hex
+
+Returns checksum as a hexadecimal string.
+
+ $checksum_hex = crc32_data_hex('data string');
+ #or
+ $checksum_hex = crc32_data_hex('any data', 'more data', 'even more data');
+
+=head2 crc32_data_int
+
+Returns checksum as unsigned 32bit integer.
+
+ $checksum_int = crc32_data_int('data string');
+ #or
+ $checksum_int = crc32_data_int('any data', 'more data', 'even more data');
+
+=head2 crc32_file
+
+Returns checksum as raw octects.
+
+ $checksum_raw = crc32_file('filename.dat');
+ #or
+ $checksum_raw = crc32_file(*FILEHANDLE);
+
+=head2 crc32_file_hex
+
+Returns checksum as a hexadecimal string.
+
+ $checksum_hex = crc32_file_hex('filename.dat');
+ #or
+ $checksum_hex = crc32_file_hex(*FILEHANDLE);
+
+=head2 crc32_file_int
+
+Returns checksum as unsigned 32bit integer.
+
+ $checksum_int = crc32_file_int('filename.dat');
+ #or
+ $checksum_int = crc32_file_int(*FILEHANDLE);
 
 =head1 METHODS
 
@@ -108,11 +175,17 @@ Returns the checksum encoded as a hexadecimal string.
 
  $result_hex = $d->hexdigest();
 
+=head2 intdigest
+
+Returns the checksum encoded as unsigned 32bit integer.
+
+ $result_int = $d->intdigest();
+
 =head1 SEE ALSO
 
 =over
 
-=item * L<CryptX|CryptX>, L<Crypt::Checksum>
+=item * L<CryptX|CryptX>
 
 =item * L<https://en.wikipedia.org/wiki/Cyclic_redundancy_check>
 

lib/Crypt/Cipher.pm

@@ -2,83 +2,23 @@ package Crypt::Cipher;
 
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
+
+use Carp;
+$Carp::Internal{(__PACKAGE__)}++;
 use CryptX;
 
 ### the following methods/functions are implemented in XS:
-# - _new
+# - new
 # - DESTROY
-# - _keysize
+# - blocksize
-# - _max_keysize
-# - _min_keysize
-# - _blocksize
-# - _default_rounds
-# - encrypt
 # - decrypt
-#functions, not methods:
+# - default_rounds
-# - _block_length_by_name
+# - encrypt
-# - _min_key_length_by_name
+# - max_keysize
-# - _max_key_length_by_name
+# - min_keysize
-# - _default_rounds_by_name
 
-sub _trans_cipher_name {
+sub keysize { goto \&max_keysize; } # for Crypt::CBC compatibility
-  my $name = shift;
-  my %trans = (
-    DES_EDE     => '3des',
-    SAFERP      => 'safer+',
-    SAFER_K128  => 'safer-k128',
-    SAFER_K64   => 'safer-k64',
-    SAFER_SK128 => 'safer-sk128',
-    SAFER_SK64  => 'safer-sk64',
-  );
-  $name =~ s/^Crypt::Cipher:://;
-  return $trans{uc($name)} if defined $trans{uc($name)};
-  return lc($name);
-}
-
-### METHODS
-
-sub new {
-  my $pkg = shift;
-  my $cipher_name = $pkg eq __PACKAGE__ ? _trans_cipher_name(shift) : _trans_cipher_name($pkg);
-  return _new($cipher_name, @_);
-}
-
-sub blocksize {
-  my $self = shift;
-  return $self->_blocksize if ref($self);
-  $self = _trans_cipher_name(shift) if $self eq __PACKAGE__;
-  return _block_length_by_name(_trans_cipher_name($self));
-}
-
-sub keysize {
-  max_keysize(@_);
-}
-
-sub max_keysize
-{
-  my $self = shift;
-  return unless defined $self;
-  return $self->_max_keysize if ref($self);
-  $self = _trans_cipher_name(shift) if $self eq __PACKAGE__;
-  return _max_key_length_by_name(_trans_cipher_name($self));
-}
-
-sub min_keysize {
-  my $self = shift;
-  return unless defined $self;
-  return $self->_min_keysize if ref($self);
-  $self = _trans_cipher_name(shift) if $self eq __PACKAGE__;
-  return _min_key_length_by_name(_trans_cipher_name($self));
-}
-
-sub default_rounds {
-  my $self = shift;
-  return unless defined $self;
-  return $self->_default_rounds if ref($self);
-  $self = _trans_cipher_name(shift) if $self eq __PACKAGE__;
-  return _default_rounds_by_name(_trans_cipher_name($self));
-}
 
 sub CLONE_SKIP { 1 } # prevent cloning
 
@@ -121,7 +61,7 @@ Crypt::Cipher - Generic interface to cipher functions
 
 =head1 DESCRIPTION
 
-Provides an interface to various symetric cipher algorithms.
+Provides an interface to various symmetric cipher algorithms.
 
 B<BEWARE:> This module implements just elementary "one-block-(en|de)cryption" operation - if you want to
 encrypt/decrypt generic data you have to use some of the cipher block modes - check for example
@@ -138,11 +78,11 @@ Constructor, returns a reference to the cipher object.
  # $name = one of 'AES', 'Anubis', 'Blowfish', 'CAST5', 'Camellia', 'DES', 'DES_EDE',
  #                'KASUMI', 'Khazad', 'MULTI2', 'Noekeon', 'RC2', 'RC5', 'RC6',
  #                'SAFERP', 'SAFER_K128', 'SAFER_K64', 'SAFER_SK128', 'SAFER_SK64',
- #                'SEED', 'Skipjack', 'Twofish', 'XTEA'
+ #                'SEED', 'Skipjack', 'Twofish', 'XTEA', 'IDEA', 'Serpent'
- #                simply any <CNAME> for which there exists Crypt::Cipher::<NAME>
+ #                simply any <NAME> for which there exists Crypt::Cipher::<NAME>
  # $key = binary key (keysize should comply with selected cipher requirements)
 
- ## some of the ciphers (e.g. MULTI2, RC5, SAFER) allows to set number of rounds
+ ## some of the ciphers (e.g. MULTI2, RC5, SAFER) allow one to set number of rounds
  $d = Crypt::Cipher->new('MULTI2', $key, $rounds);
  # $rounds = positive integer (should comply with selected cipher requirements)
 
@@ -194,7 +134,7 @@ Returns block size (in bytes) for given cipher.
 
 =head2 default_rounds
 
-Returns default number of rounds for given cipher. NOTE: only some cipher (e.g. MULTI2, RC5, SAFER) allows to set number of rounds via new().
+Returns default number of rounds for given cipher. NOTE: only some ciphers (e.g. MULTI2, RC5, SAFER) allow one to set number of rounds via new().
 
  $d->default_rounds;
  #or
@@ -213,5 +153,3 @@ Returns default number of rounds for given cipher. NOTE: only some cipher (e.g.
 =back
 
 =cut
-
-__END__

lib/Crypt/Cipher/AES.pm

@@ -4,16 +4,15 @@ package Crypt::Cipher::AES;
 
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
 
-use CryptX;
+use base qw(Crypt::Cipher);
-use base 'Crypt::Cipher';
 
-sub blocksize      { Crypt::Cipher::blocksize(__PACKAGE__) }
+sub blocksize      { Crypt::Cipher::blocksize('AES')      }
-sub keysize        { Crypt::Cipher::keysize(__PACKAGE__) }
+sub keysize        { Crypt::Cipher::keysize('AES')        }
-sub max_keysize    { Crypt::Cipher::max_keysize(__PACKAGE__) }
+sub max_keysize    { Crypt::Cipher::max_keysize('AES')    }
-sub min_keysize    { Crypt::Cipher::min_keysize(__PACKAGE__) }
+sub min_keysize    { Crypt::Cipher::min_keysize('AES')    }
-sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
+sub default_rounds { Crypt::Cipher::default_rounds('AES') }
 
 1;
 
@@ -21,7 +20,7 @@ sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
 
 =head1 NAME
 
-Crypt::Cipher::AES - Symetric cipher AES (aka Rijndael), key size: 128/192/256 bits (Crypt::CBC compliant)
+Crypt::Cipher::AES - Symmetric cipher AES (aka Rijndael), key size: 128/192/256 bits (Crypt::CBC compliant)
 
 =head1 SYNOPSIS
 
@@ -33,7 +32,7 @@ Crypt::Cipher::AES - Symetric cipher AES (aka Rijndael), key size: 128/192/256 b
   my $cbc = Crypt::Mode::CBC->new('AES');
   my $ciphertext = $cbc->encrypt("secret data", $key, $iv);
 
-  ### example 2
+  ### example 2 (slower)
   use Crypt::CBC;
   use Crypt::Cipher::AES;
 
@@ -110,12 +109,10 @@ L<Crypt::Mode::CBC|Crypt::Mode::CBC>, L<Crypt::Mode::CTR|Crypt::Mode::CTR> or L<
 
 =over
 
-=item * L<CryptX|CryptX>, L<Crypt::Cipher|Crypt::Cipher>
+=item * L<CryptX|CryptX>, L<Crypt::Cipher>
 
-=item * L<http://en.wikipedia.org/wiki/Advanced_Encryption_Standard|http://en.wikipedia.org/wiki/Advanced_Encryption_Standard>
+=item * L<https://en.wikipedia.org/wiki/Advanced_Encryption_Standard>
 
 =back
 
 =cut
-
-__END__

lib/Crypt/Cipher/Anubis.pm

@@ -4,16 +4,15 @@ package Crypt::Cipher::Anubis;
 
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
 
-use CryptX;
+use base qw(Crypt::Cipher);
-use base 'Crypt::Cipher';
 
-sub blocksize      { Crypt::Cipher::blocksize(__PACKAGE__) }
+sub blocksize      { Crypt::Cipher::blocksize('Anubis')      }
-sub keysize        { Crypt::Cipher::keysize(__PACKAGE__) }
+sub keysize        { Crypt::Cipher::keysize('Anubis')        }
-sub max_keysize    { Crypt::Cipher::max_keysize(__PACKAGE__) }
+sub max_keysize    { Crypt::Cipher::max_keysize('Anubis')    }
-sub min_keysize    { Crypt::Cipher::min_keysize(__PACKAGE__) }
+sub min_keysize    { Crypt::Cipher::min_keysize('Anubis')    }
-sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
+sub default_rounds { Crypt::Cipher::default_rounds('Anubis') }
 
 1;
 
@@ -21,7 +20,7 @@ sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
 
 =head1 NAME
 
-Crypt::Cipher::Anubis - Symetric cipher Anubis, key size: 128-320 bits (Crypt::CBC compliant)
+Crypt::Cipher::Anubis - Symmetric cipher Anubis, key size: 128-320 bits (Crypt::CBC compliant)
 
 =head1 SYNOPSIS
 
@@ -33,7 +32,7 @@ Crypt::Cipher::Anubis - Symetric cipher Anubis, key size: 128-320 bits (Crypt::C
   my $cbc = Crypt::Mode::CBC->new('Anubis');
   my $ciphertext = $cbc->encrypt("secret data", $key, $iv);
 
-  ### example 2
+  ### example 2 (slower)
   use Crypt::CBC;
   use Crypt::Cipher::Anubis;
 
@@ -110,12 +109,10 @@ L<Crypt::Mode::CBC|Crypt::Mode::CBC>, L<Crypt::Mode::CTR|Crypt::Mode::CTR> or L<
 
 =over
 
-=item * L<CryptX|CryptX>, L<Crypt::Cipher|Crypt::Cipher>
+=item * L<CryptX|CryptX>, L<Crypt::Cipher>
 
-=item * L<http://en.wikipedia.org/wiki/Anubis_(cipher)|http://en.wikipedia.org/wiki/Anubis_(cipher)>
+=item * L<https://en.wikipedia.org/wiki/Anubis_(cipher)>
 
 =back
 
 =cut
-
-__END__

lib/Crypt/Cipher/Blowfish.pm

@@ -4,16 +4,15 @@ package Crypt::Cipher::Blowfish;
 
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
 
-use CryptX;
+use base qw(Crypt::Cipher);
-use base 'Crypt::Cipher';
 
-sub blocksize      { Crypt::Cipher::blocksize(__PACKAGE__) }
+sub blocksize      { Crypt::Cipher::blocksize('Blowfish')      }
-sub keysize        { Crypt::Cipher::keysize(__PACKAGE__) }
+sub keysize        { Crypt::Cipher::keysize('Blowfish')        }
-sub max_keysize    { Crypt::Cipher::max_keysize(__PACKAGE__) }
+sub max_keysize    { Crypt::Cipher::max_keysize('Blowfish')    }
-sub min_keysize    { Crypt::Cipher::min_keysize(__PACKAGE__) }
+sub min_keysize    { Crypt::Cipher::min_keysize('Blowfish')    }
-sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
+sub default_rounds { Crypt::Cipher::default_rounds('Blowfish') }
 
 1;
 
@@ -21,7 +20,7 @@ sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
 
 =head1 NAME
 
-Crypt::Cipher::Blowfish - Symetric cipher Blowfish, key size: 64-448 bits (Crypt::CBC compliant)
+Crypt::Cipher::Blowfish - Symmetric cipher Blowfish, key size: 64-448 bits (Crypt::CBC compliant)
 
 =head1 SYNOPSIS
 
@@ -33,7 +32,7 @@ Crypt::Cipher::Blowfish - Symetric cipher Blowfish, key size: 64-448 bits (Crypt
   my $cbc = Crypt::Mode::CBC->new('Blowfish');
   my $ciphertext = $cbc->encrypt("secret data", $key, $iv);
 
-  ### example 2
+  ### example 2 (slower)
   use Crypt::CBC;
   use Crypt::Cipher::Blowfish;
 
@@ -110,12 +109,10 @@ L<Crypt::Mode::CBC|Crypt::Mode::CBC>, L<Crypt::Mode::CTR|Crypt::Mode::CTR> or L<
 
 =over
 
-=item * L<CryptX|CryptX>, L<Crypt::Cipher|Crypt::Cipher>
+=item * L<CryptX|CryptX>, L<Crypt::Cipher>
 
-=item * L<http://en.wikipedia.org/wiki/Blowfish_(cipher)|http://en.wikipedia.org/wiki/Blowfish_(cipher)>
+=item * L<https://en.wikipedia.org/wiki/Blowfish_(cipher)>
 
 =back
 
 =cut
-
-__END__

lib/Crypt/Cipher/CAST5.pm

@@ -4,16 +4,15 @@ package Crypt::Cipher::CAST5;
 
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
 
-use CryptX;
+use base qw(Crypt::Cipher);
-use base 'Crypt::Cipher';
 
-sub blocksize      { Crypt::Cipher::blocksize(__PACKAGE__) }
+sub blocksize      { Crypt::Cipher::blocksize('CAST5')      }
-sub keysize        { Crypt::Cipher::keysize(__PACKAGE__) }
+sub keysize        { Crypt::Cipher::keysize('CAST5')        }
-sub max_keysize    { Crypt::Cipher::max_keysize(__PACKAGE__) }
+sub max_keysize    { Crypt::Cipher::max_keysize('CAST5')    }
-sub min_keysize    { Crypt::Cipher::min_keysize(__PACKAGE__) }
+sub min_keysize    { Crypt::Cipher::min_keysize('CAST5')    }
-sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
+sub default_rounds { Crypt::Cipher::default_rounds('CAST5') }
 
 1;
 
@@ -21,7 +20,7 @@ sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
 
 =head1 NAME
 
-Crypt::Cipher::CAST5 - Symetric cipher CAST5 (aka CAST-128), key size: 40-128 bits (Crypt::CBC compliant)
+Crypt::Cipher::CAST5 - Symmetric cipher CAST5 (aka CAST-128), key size: 40-128 bits (Crypt::CBC compliant)
 
 =head1 SYNOPSIS
 
@@ -33,7 +32,7 @@ Crypt::Cipher::CAST5 - Symetric cipher CAST5 (aka CAST-128), key size: 40-128 bi
   my $cbc = Crypt::Mode::CBC->new('CAST5');
   my $ciphertext = $cbc->encrypt("secret data", $key, $iv);
 
-  ### example 2
+  ### example 2 (slower)
   use Crypt::CBC;
   use Crypt::Cipher::CAST5;
 
@@ -110,12 +109,10 @@ L<Crypt::Mode::CBC|Crypt::Mode::CBC>, L<Crypt::Mode::CTR|Crypt::Mode::CTR> or L<
 
 =over
 
-=item * L<CryptX|CryptX>, L<Crypt::Cipher|Crypt::Cipher>
+=item * L<CryptX|CryptX>, L<Crypt::Cipher>
 
-=item * L<http://en.wikipedia.org/wiki/CAST-128|http://en.wikipedia.org/wiki/CAST-128>
+=item * L<https://en.wikipedia.org/wiki/CAST-128>
 
 =back
 
 =cut
-
-__END__

lib/Crypt/Cipher/Camellia.pm

@@ -4,16 +4,15 @@ package Crypt::Cipher::Camellia;
 
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
 
-use CryptX;
+use base qw(Crypt::Cipher);
-use base 'Crypt::Cipher';
 
-sub blocksize      { Crypt::Cipher::blocksize(__PACKAGE__) }
+sub blocksize      { Crypt::Cipher::blocksize('Camellia')      }
-sub keysize        { Crypt::Cipher::keysize(__PACKAGE__) }
+sub keysize        { Crypt::Cipher::keysize('Camellia')        }
-sub max_keysize    { Crypt::Cipher::max_keysize(__PACKAGE__) }
+sub max_keysize    { Crypt::Cipher::max_keysize('Camellia')    }
-sub min_keysize    { Crypt::Cipher::min_keysize(__PACKAGE__) }
+sub min_keysize    { Crypt::Cipher::min_keysize('Camellia')    }
-sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
+sub default_rounds { Crypt::Cipher::default_rounds('Camellia') }
 
 1;
 
@@ -21,7 +20,7 @@ sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
 
 =head1 NAME
 
-Crypt::Cipher::Camellia - Symetric cipher Camellia, key size: 128/192/256 bits (Crypt::CBC compliant)
+Crypt::Cipher::Camellia - Symmetric cipher Camellia, key size: 128/192/256 bits (Crypt::CBC compliant)
 
 =head1 SYNOPSIS
 
@@ -33,7 +32,7 @@ Crypt::Cipher::Camellia - Symetric cipher Camellia, key size: 128/192/256 bits (
   my $cbc = Crypt::Mode::CBC->new('Camellia');
   my $ciphertext = $cbc->encrypt("secret data", $key, $iv);
 
-  ### example 2
+  ### example 2 (slower)
   use Crypt::CBC;
   use Crypt::Cipher::Camellia;
 
@@ -110,12 +109,10 @@ L<Crypt::Mode::CBC|Crypt::Mode::CBC>, L<Crypt::Mode::CTR|Crypt::Mode::CTR> or L<
 
 =over
 
-=item * L<CryptX|CryptX>, L<Crypt::Cipher|Crypt::Cipher>
+=item * L<CryptX|CryptX>, L<Crypt::Cipher>
 
-=item * L<http://en.wikipedia.org/wiki/Camellia_(cipher)|http://en.wikipedia.org/wiki/Camellia_(cipher)>
+=item * L<https://en.wikipedia.org/wiki/Camellia_(cipher)>
 
 =back
 
 =cut
-
-__END__

lib/Crypt/Cipher/DES.pm

@@ -4,16 +4,15 @@ package Crypt::Cipher::DES;
 
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
 
-use CryptX;
+use base qw(Crypt::Cipher);
-use base 'Crypt::Cipher';
 
-sub blocksize      { Crypt::Cipher::blocksize(__PACKAGE__) }
+sub blocksize      { Crypt::Cipher::blocksize('DES')      }
-sub keysize        { Crypt::Cipher::keysize(__PACKAGE__) }
+sub keysize        { Crypt::Cipher::keysize('DES')        }
-sub max_keysize    { Crypt::Cipher::max_keysize(__PACKAGE__) }
+sub max_keysize    { Crypt::Cipher::max_keysize('DES')    }
-sub min_keysize    { Crypt::Cipher::min_keysize(__PACKAGE__) }
+sub min_keysize    { Crypt::Cipher::min_keysize('DES')    }
-sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
+sub default_rounds { Crypt::Cipher::default_rounds('DES') }
 
 1;
 
@@ -21,7 +20,7 @@ sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
 
 =head1 NAME
 
-Crypt::Cipher::DES - Symetric cipher DES, key size: 64[56] bits (Crypt::CBC compliant)
+Crypt::Cipher::DES - Symmetric cipher DES, key size: 64[56] bits (Crypt::CBC compliant)
 
 =head1 SYNOPSIS
 
@@ -33,7 +32,7 @@ Crypt::Cipher::DES - Symetric cipher DES, key size: 64[56] bits (Crypt::CBC comp
   my $cbc = Crypt::Mode::CBC->new('DES');
   my $ciphertext = $cbc->encrypt("secret data", $key, $iv);
 
-  ### example 2
+  ### example 2 (slower)
   use Crypt::CBC;
   use Crypt::Cipher::DES;
 
@@ -110,12 +109,10 @@ L<Crypt::Mode::CBC|Crypt::Mode::CBC>, L<Crypt::Mode::CTR|Crypt::Mode::CTR> or L<
 
 =over
 
-=item * L<CryptX|CryptX>, L<Crypt::Cipher|Crypt::Cipher>
+=item * L<CryptX|CryptX>, L<Crypt::Cipher>
 
-=item * L<http://en.wikipedia.org/wiki/Data_Encryption_Standard|http://en.wikipedia.org/wiki/Data_Encryption_Standard>
+=item * L<https://en.wikipedia.org/wiki/Data_Encryption_Standard>
 
 =back
 
 =cut
-
-__END__

lib/Crypt/Cipher/DES_EDE.pm

@@ -4,16 +4,15 @@ package Crypt::Cipher::DES_EDE;
 
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
 
-use CryptX;
+use base qw(Crypt::Cipher);
-use base 'Crypt::Cipher';
 
-sub blocksize      { Crypt::Cipher::blocksize(__PACKAGE__) }
+sub blocksize      { Crypt::Cipher::blocksize('DES_EDE')      }
-sub keysize        { Crypt::Cipher::keysize(__PACKAGE__) }
+sub keysize        { Crypt::Cipher::keysize('DES_EDE')        }
-sub max_keysize    { Crypt::Cipher::max_keysize(__PACKAGE__) }
+sub max_keysize    { Crypt::Cipher::max_keysize('DES_EDE')    }
-sub min_keysize    { Crypt::Cipher::min_keysize(__PACKAGE__) }
+sub min_keysize    { Crypt::Cipher::min_keysize('DES_EDE')    }
-sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
+sub default_rounds { Crypt::Cipher::default_rounds('DES_EDE') }
 
 1;
 
@@ -21,7 +20,7 @@ sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
 
 =head1 NAME
 
-Crypt::Cipher::DES_EDE - Symetric cipher DES_EDE (aka Tripple-DES, 3DES), key size: 192[168] bits (Crypt::CBC compliant)
+Crypt::Cipher::DES_EDE - Symmetric cipher DES_EDE (aka Triple-DES, 3DES), key size: 192[168] bits (Crypt::CBC compliant)
 
 =head1 SYNOPSIS
 
@@ -33,7 +32,7 @@ Crypt::Cipher::DES_EDE - Symetric cipher DES_EDE (aka Tripple-DES, 3DES), key si
   my $cbc = Crypt::Mode::CBC->new('DES_EDE');
   my $ciphertext = $cbc->encrypt("secret data", $key, $iv);
 
-  ### example 2
+  ### example 2 (slower)
   use Crypt::CBC;
   use Crypt::Cipher::DES_EDE;
 
@@ -110,12 +109,10 @@ L<Crypt::Mode::CBC|Crypt::Mode::CBC>, L<Crypt::Mode::CTR|Crypt::Mode::CTR> or L<
 
 =over
 
-=item * L<CryptX|CryptX>, L<Crypt::Cipher|Crypt::Cipher>
+=item * L<CryptX|CryptX>, L<Crypt::Cipher>
 
-=item * L<http://en.wikipedia.org/wiki/Triple_DES|http://en.wikipedia.org/wiki/Triple_DES>
+=item * L<https://en.wikipedia.org/wiki/Triple_DES>
 
 =back
 
 =cut
-
-__END__

lib/Crypt/Cipher/IDEA.pm

@@ -0,0 +1,118 @@
+package Crypt::Cipher::IDEA;
+
+### BEWARE - GENERATED FILE, DO NOT EDIT MANUALLY!
+
+use strict;
+use warnings;
+our $VERSION = '0.058_002';
+
+use base qw(Crypt::Cipher);
+
+sub blocksize      { Crypt::Cipher::blocksize('IDEA')      }
+sub keysize        { Crypt::Cipher::keysize('IDEA')        }
+sub max_keysize    { Crypt::Cipher::max_keysize('IDEA')    }
+sub min_keysize    { Crypt::Cipher::min_keysize('IDEA')    }
+sub default_rounds { Crypt::Cipher::default_rounds('IDEA') }
+
+1;
+
+=pod
+
+=head1 NAME
+
+Crypt::Cipher::IDEA - Symmetric cipher IDEA, key size: 128 bits (Crypt::CBC compliant)
+
+=head1 SYNOPSIS
+
+  ### example 1
+  use Crypt::Mode::CBC;
+
+  my $key = '...'; # length has to be valid key size for this cipher
+  my $iv = '...';  # 16 bytes
+  my $cbc = Crypt::Mode::CBC->new('IDEA');
+  my $ciphertext = $cbc->encrypt("secret data", $key, $iv);
+
+  ### example 2 (slower)
+  use Crypt::CBC;
+  use Crypt::Cipher::IDEA;
+
+  my $key = '...'; # length has to be valid key size for this cipher
+  my $iv = '...';  # 16 bytes
+  my $cbc = Crypt::CBC->new( -cipher=>'Cipher::IDEA', -key=>$key, -iv=>$iv );
+  my $ciphertext = $cbc->encrypt("secret data");
+
+=head1 DESCRIPTION
+
+This module implements the IDEA cipher. Provided interface is compliant with L<Crypt::CBC|Crypt::CBC> module.
+
+B<BEWARE:> This module implements just elementary "one-block-(en|de)cryption" operation - if you want to
+encrypt/decrypt generic data you have to use some of the cipher block modes - check for example
+L<Crypt::Mode::CBC|Crypt::Mode::CBC>, L<Crypt::Mode::CTR|Crypt::Mode::CTR> or L<Crypt::CBC|Crypt::CBC> (which will be slower).
+
+=head1 METHODS
+
+=head2 new
+
+ $c = Crypt::Cipher::IDEA->new($key);
+ #or
+ $c = Crypt::Cipher::IDEA->new($key, $rounds);
+
+=head2 encrypt
+
+ $ciphertext = $c->encrypt($plaintext);
+
+=head2 decrypt
+
+ $plaintext = $c->decrypt($ciphertext);
+
+=head2 keysize
+
+  $c->keysize;
+  #or
+  Crypt::Cipher::IDEA->keysize;
+  #or
+  Crypt::Cipher::IDEA::keysize;
+
+=head2 blocksize
+
+  $c->blocksize;
+  #or
+  Crypt::Cipher::IDEA->blocksize;
+  #or
+  Crypt::Cipher::IDEA::blocksize;
+
+=head2 max_keysize
+
+  $c->max_keysize;
+  #or
+  Crypt::Cipher::IDEA->max_keysize;
+  #or
+  Crypt::Cipher::IDEA::max_keysize;
+
+=head2 min_keysize
+
+  $c->min_keysize;
+  #or
+  Crypt::Cipher::IDEA->min_keysize;
+  #or
+  Crypt::Cipher::IDEA::min_keysize;
+
+=head2 default_rounds
+
+  $c->default_rounds;
+  #or
+  Crypt::Cipher::IDEA->default_rounds;
+  #or
+  Crypt::Cipher::IDEA::default_rounds;
+
+=head1 SEE ALSO
+
+=over
+
+=item * L<CryptX|CryptX>, L<Crypt::Cipher>
+
+=item * L<https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm>
+
+=back
+
+=cut

lib/Crypt/Cipher/KASUMI.pm

@@ -4,16 +4,15 @@ package Crypt::Cipher::KASUMI;
 
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
 
-use CryptX;
+use base qw(Crypt::Cipher);
-use base 'Crypt::Cipher';
 
-sub blocksize      { Crypt::Cipher::blocksize(__PACKAGE__) }
+sub blocksize      { Crypt::Cipher::blocksize('KASUMI')      }
-sub keysize        { Crypt::Cipher::keysize(__PACKAGE__) }
+sub keysize        { Crypt::Cipher::keysize('KASUMI')        }
-sub max_keysize    { Crypt::Cipher::max_keysize(__PACKAGE__) }
+sub max_keysize    { Crypt::Cipher::max_keysize('KASUMI')    }
-sub min_keysize    { Crypt::Cipher::min_keysize(__PACKAGE__) }
+sub min_keysize    { Crypt::Cipher::min_keysize('KASUMI')    }
-sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
+sub default_rounds { Crypt::Cipher::default_rounds('KASUMI') }
 
 1;
 
@@ -21,7 +20,7 @@ sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
 
 =head1 NAME
 
-Crypt::Cipher::KASUMI - Symetric cipher KASUMI, key size: 128 bits (Crypt::CBC compliant)
+Crypt::Cipher::KASUMI - Symmetric cipher KASUMI, key size: 128 bits (Crypt::CBC compliant)
 
 =head1 SYNOPSIS
 
@@ -33,7 +32,7 @@ Crypt::Cipher::KASUMI - Symetric cipher KASUMI, key size: 128 bits (Crypt::CBC c
   my $cbc = Crypt::Mode::CBC->new('KASUMI');
   my $ciphertext = $cbc->encrypt("secret data", $key, $iv);
 
-  ### example 2
+  ### example 2 (slower)
   use Crypt::CBC;
   use Crypt::Cipher::KASUMI;
 
@@ -110,12 +109,10 @@ L<Crypt::Mode::CBC|Crypt::Mode::CBC>, L<Crypt::Mode::CTR|Crypt::Mode::CTR> or L<
 
 =over
 
-=item * L<CryptX|CryptX>, L<Crypt::Cipher|Crypt::Cipher>
+=item * L<CryptX|CryptX>, L<Crypt::Cipher>
 
-=item * L<http://en.wikipedia.org/wiki/KASUMI_(block_cipher)|http://en.wikipedia.org/wiki/KASUMI_(block_cipher)>
+=item * L<https://en.wikipedia.org/wiki/KASUMI_(block_cipher)>
 
 =back
 
 =cut
-
-__END__

lib/Crypt/Cipher/Khazad.pm

@@ -4,16 +4,15 @@ package Crypt::Cipher::Khazad;
 
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
 
-use CryptX;
+use base qw(Crypt::Cipher);
-use base 'Crypt::Cipher';
 
-sub blocksize      { Crypt::Cipher::blocksize(__PACKAGE__) }
+sub blocksize      { Crypt::Cipher::blocksize('Khazad')      }
-sub keysize        { Crypt::Cipher::keysize(__PACKAGE__) }
+sub keysize        { Crypt::Cipher::keysize('Khazad')        }
-sub max_keysize    { Crypt::Cipher::max_keysize(__PACKAGE__) }
+sub max_keysize    { Crypt::Cipher::max_keysize('Khazad')    }
-sub min_keysize    { Crypt::Cipher::min_keysize(__PACKAGE__) }
+sub min_keysize    { Crypt::Cipher::min_keysize('Khazad')    }
-sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
+sub default_rounds { Crypt::Cipher::default_rounds('Khazad') }
 
 1;
 
@@ -21,7 +20,7 @@ sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
 
 =head1 NAME
 
-Crypt::Cipher::Khazad - Symetric cipher Khazad, key size: 128 bits (Crypt::CBC compliant)
+Crypt::Cipher::Khazad - Symmetric cipher Khazad, key size: 128 bits (Crypt::CBC compliant)
 
 =head1 SYNOPSIS
 
@@ -33,7 +32,7 @@ Crypt::Cipher::Khazad - Symetric cipher Khazad, key size: 128 bits (Crypt::CBC c
   my $cbc = Crypt::Mode::CBC->new('Khazad');
   my $ciphertext = $cbc->encrypt("secret data", $key, $iv);
 
-  ### example 2
+  ### example 2 (slower)
   use Crypt::CBC;
   use Crypt::Cipher::Khazad;
 
@@ -110,12 +109,10 @@ L<Crypt::Mode::CBC|Crypt::Mode::CBC>, L<Crypt::Mode::CTR|Crypt::Mode::CTR> or L<
 
 =over
 
-=item * L<CryptX|CryptX>, L<Crypt::Cipher|Crypt::Cipher>
+=item * L<CryptX|CryptX>, L<Crypt::Cipher>
 
-=item * L<http://en.wikipedia.org/wiki/KHAZAD|http://en.wikipedia.org/wiki/KHAZAD>
+=item * L<https://en.wikipedia.org/wiki/KHAZAD>
 
 =back
 
 =cut
-
-__END__

lib/Crypt/Cipher/MULTI2.pm

@@ -4,16 +4,15 @@ package Crypt::Cipher::MULTI2;
 
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
 
-use CryptX;
+use base qw(Crypt::Cipher);
-use base 'Crypt::Cipher';
 
-sub blocksize      { Crypt::Cipher::blocksize(__PACKAGE__) }
+sub blocksize      { Crypt::Cipher::blocksize('MULTI2')      }
-sub keysize        { Crypt::Cipher::keysize(__PACKAGE__) }
+sub keysize        { Crypt::Cipher::keysize('MULTI2')        }
-sub max_keysize    { Crypt::Cipher::max_keysize(__PACKAGE__) }
+sub max_keysize    { Crypt::Cipher::max_keysize('MULTI2')    }
-sub min_keysize    { Crypt::Cipher::min_keysize(__PACKAGE__) }
+sub min_keysize    { Crypt::Cipher::min_keysize('MULTI2')    }
-sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
+sub default_rounds { Crypt::Cipher::default_rounds('MULTI2') }
 
 1;
 
@@ -21,7 +20,7 @@ sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
 
 =head1 NAME
 
-Crypt::Cipher::MULTI2 - Symetric cipher MULTI2, key size: 320 bits (Crypt::CBC compliant)
+Crypt::Cipher::MULTI2 - Symmetric cipher MULTI2, key size: 320 bits (Crypt::CBC compliant)
 
 =head1 SYNOPSIS
 
@@ -33,7 +32,7 @@ Crypt::Cipher::MULTI2 - Symetric cipher MULTI2, key size: 320 bits (Crypt::CBC c
   my $cbc = Crypt::Mode::CBC->new('MULTI2');
   my $ciphertext = $cbc->encrypt("secret data", $key, $iv);
 
-  ### example 2
+  ### example 2 (slower)
   use Crypt::CBC;
   use Crypt::Cipher::MULTI2;
 
@@ -110,12 +109,10 @@ L<Crypt::Mode::CBC|Crypt::Mode::CBC>, L<Crypt::Mode::CTR|Crypt::Mode::CTR> or L<
 
 =over
 
-=item * L<CryptX|CryptX>, L<Crypt::Cipher|Crypt::Cipher>
+=item * L<CryptX|CryptX>, L<Crypt::Cipher>
 
-=item * L<http://en.wikipedia.org/wiki/MULTI2|http://en.wikipedia.org/wiki/MULTI2>
+=item * L<https://en.wikipedia.org/wiki/MULTI2>
 
 =back
 
 =cut
-
-__END__

lib/Crypt/Cipher/Noekeon.pm

@@ -4,16 +4,15 @@ package Crypt::Cipher::Noekeon;
 
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
 
-use CryptX;
+use base qw(Crypt::Cipher);
-use base 'Crypt::Cipher';
 
-sub blocksize      { Crypt::Cipher::blocksize(__PACKAGE__) }
+sub blocksize      { Crypt::Cipher::blocksize('Noekeon')      }
-sub keysize        { Crypt::Cipher::keysize(__PACKAGE__) }
+sub keysize        { Crypt::Cipher::keysize('Noekeon')        }
-sub max_keysize    { Crypt::Cipher::max_keysize(__PACKAGE__) }
+sub max_keysize    { Crypt::Cipher::max_keysize('Noekeon')    }
-sub min_keysize    { Crypt::Cipher::min_keysize(__PACKAGE__) }
+sub min_keysize    { Crypt::Cipher::min_keysize('Noekeon')    }
-sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
+sub default_rounds { Crypt::Cipher::default_rounds('Noekeon') }
 
 1;
 
@@ -21,7 +20,7 @@ sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
 
 =head1 NAME
 
-Crypt::Cipher::Noekeon - Symetric cipher Noekeon, key size: 128 bits (Crypt::CBC compliant)
+Crypt::Cipher::Noekeon - Symmetric cipher Noekeon, key size: 128 bits (Crypt::CBC compliant)
 
 =head1 SYNOPSIS
 
@@ -33,7 +32,7 @@ Crypt::Cipher::Noekeon - Symetric cipher Noekeon, key size: 128 bits (Crypt::CBC
   my $cbc = Crypt::Mode::CBC->new('Noekeon');
   my $ciphertext = $cbc->encrypt("secret data", $key, $iv);
 
-  ### example 2
+  ### example 2 (slower)
   use Crypt::CBC;
   use Crypt::Cipher::Noekeon;
 
@@ -110,12 +109,10 @@ L<Crypt::Mode::CBC|Crypt::Mode::CBC>, L<Crypt::Mode::CTR|Crypt::Mode::CTR> or L<
 
 =over
 
-=item * L<CryptX|CryptX>, L<Crypt::Cipher|Crypt::Cipher>
+=item * L<CryptX|CryptX>, L<Crypt::Cipher>
 
-=item * L<http://en.wikipedia.org/wiki/NOEKEON|http://en.wikipedia.org/wiki/NOEKEON>
+=item * L<https://en.wikipedia.org/wiki/NOEKEON>
 
 =back
 
 =cut
-
-__END__

lib/Crypt/Cipher/RC2.pm

@@ -4,16 +4,15 @@ package Crypt::Cipher::RC2;
 
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
 
-use CryptX;
+use base qw(Crypt::Cipher);
-use base 'Crypt::Cipher';
 
-sub blocksize      { Crypt::Cipher::blocksize(__PACKAGE__) }
+sub blocksize      { Crypt::Cipher::blocksize('RC2')      }
-sub keysize        { Crypt::Cipher::keysize(__PACKAGE__) }
+sub keysize        { Crypt::Cipher::keysize('RC2')        }
-sub max_keysize    { Crypt::Cipher::max_keysize(__PACKAGE__) }
+sub max_keysize    { Crypt::Cipher::max_keysize('RC2')    }
-sub min_keysize    { Crypt::Cipher::min_keysize(__PACKAGE__) }
+sub min_keysize    { Crypt::Cipher::min_keysize('RC2')    }
-sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
+sub default_rounds { Crypt::Cipher::default_rounds('RC2') }
 
 1;
 
@@ -21,7 +20,7 @@ sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
 
 =head1 NAME
 
-Crypt::Cipher::RC2 - Symetric cipher RC2, key size: 64-1024 bits (Crypt::CBC compliant)
+Crypt::Cipher::RC2 - Symmetric cipher RC2, key size: 40-1024 bits (Crypt::CBC compliant)
 
 =head1 SYNOPSIS
 
@@ -33,7 +32,7 @@ Crypt::Cipher::RC2 - Symetric cipher RC2, key size: 64-1024 bits (Crypt::CBC com
   my $cbc = Crypt::Mode::CBC->new('RC2');
   my $ciphertext = $cbc->encrypt("secret data", $key, $iv);
 
-  ### example 2
+  ### example 2 (slower)
   use Crypt::CBC;
   use Crypt::Cipher::RC2;
 
@@ -110,12 +109,10 @@ L<Crypt::Mode::CBC|Crypt::Mode::CBC>, L<Crypt::Mode::CTR|Crypt::Mode::CTR> or L<
 
 =over
 
-=item * L<CryptX|CryptX>, L<Crypt::Cipher|Crypt::Cipher>
+=item * L<CryptX|CryptX>, L<Crypt::Cipher>
 
-=item * L<http://en.wikipedia.org/wiki/RC2|http://en.wikipedia.org/wiki/RC2>
+=item * L<https://en.wikipedia.org/wiki/RC2>
 
 =back
 
 =cut
-
-__END__

lib/Crypt/Cipher/RC5.pm

@@ -4,16 +4,15 @@ package Crypt::Cipher::RC5;
 
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
 
-use CryptX;
+use base qw(Crypt::Cipher);
-use base 'Crypt::Cipher';
 
-sub blocksize      { Crypt::Cipher::blocksize(__PACKAGE__) }
+sub blocksize      { Crypt::Cipher::blocksize('RC5')      }
-sub keysize        { Crypt::Cipher::keysize(__PACKAGE__) }
+sub keysize        { Crypt::Cipher::keysize('RC5')        }
-sub max_keysize    { Crypt::Cipher::max_keysize(__PACKAGE__) }
+sub max_keysize    { Crypt::Cipher::max_keysize('RC5')    }
-sub min_keysize    { Crypt::Cipher::min_keysize(__PACKAGE__) }
+sub min_keysize    { Crypt::Cipher::min_keysize('RC5')    }
-sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
+sub default_rounds { Crypt::Cipher::default_rounds('RC5') }
 
 1;
 
@@ -21,7 +20,7 @@ sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
 
 =head1 NAME
 
-Crypt::Cipher::RC5 - Symetric cipher RC5, key size: 64-1024 bits (Crypt::CBC compliant)
+Crypt::Cipher::RC5 - Symmetric cipher RC5, key size: 64-1024 bits (Crypt::CBC compliant)
 
 =head1 SYNOPSIS
 
@@ -33,7 +32,7 @@ Crypt::Cipher::RC5 - Symetric cipher RC5, key size: 64-1024 bits (Crypt::CBC com
   my $cbc = Crypt::Mode::CBC->new('RC5');
   my $ciphertext = $cbc->encrypt("secret data", $key, $iv);
 
-  ### example 2
+  ### example 2 (slower)
   use Crypt::CBC;
   use Crypt::Cipher::RC5;
 
@@ -110,12 +109,10 @@ L<Crypt::Mode::CBC|Crypt::Mode::CBC>, L<Crypt::Mode::CTR|Crypt::Mode::CTR> or L<
 
 =over
 
-=item * L<CryptX|CryptX>, L<Crypt::Cipher|Crypt::Cipher>
+=item * L<CryptX|CryptX>, L<Crypt::Cipher>
 
-=item * L<http://en.wikipedia.org/wiki/RC5|http://en.wikipedia.org/wiki/RC5>
+=item * L<https://en.wikipedia.org/wiki/RC5>
 
 =back
 
 =cut
-
-__END__

lib/Crypt/Cipher/RC6.pm

@@ -4,16 +4,15 @@ package Crypt::Cipher::RC6;
 
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
 
-use CryptX;
+use base qw(Crypt::Cipher);
-use base 'Crypt::Cipher';
 
-sub blocksize      { Crypt::Cipher::blocksize(__PACKAGE__) }
+sub blocksize      { Crypt::Cipher::blocksize('RC6')      }
-sub keysize        { Crypt::Cipher::keysize(__PACKAGE__) }
+sub keysize        { Crypt::Cipher::keysize('RC6')        }
-sub max_keysize    { Crypt::Cipher::max_keysize(__PACKAGE__) }
+sub max_keysize    { Crypt::Cipher::max_keysize('RC6')    }
-sub min_keysize    { Crypt::Cipher::min_keysize(__PACKAGE__) }
+sub min_keysize    { Crypt::Cipher::min_keysize('RC6')    }
-sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
+sub default_rounds { Crypt::Cipher::default_rounds('RC6') }
 
 1;
 
@@ -21,7 +20,7 @@ sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
 
 =head1 NAME
 
-Crypt::Cipher::RC6 - Symetric cipher RC6, key size: 64-1024 bits (Crypt::CBC compliant)
+Crypt::Cipher::RC6 - Symmetric cipher RC6, key size: 64-1024 bits (Crypt::CBC compliant)
 
 =head1 SYNOPSIS
 
@@ -33,7 +32,7 @@ Crypt::Cipher::RC6 - Symetric cipher RC6, key size: 64-1024 bits (Crypt::CBC com
   my $cbc = Crypt::Mode::CBC->new('RC6');
   my $ciphertext = $cbc->encrypt("secret data", $key, $iv);
 
-  ### example 2
+  ### example 2 (slower)
   use Crypt::CBC;
   use Crypt::Cipher::RC6;
 
@@ -110,12 +109,10 @@ L<Crypt::Mode::CBC|Crypt::Mode::CBC>, L<Crypt::Mode::CTR|Crypt::Mode::CTR> or L<
 
 =over
 
-=item * L<CryptX|CryptX>, L<Crypt::Cipher|Crypt::Cipher>
+=item * L<CryptX|CryptX>, L<Crypt::Cipher>
 
-=item * L<http://en.wikipedia.org/wiki/RC6|http://en.wikipedia.org/wiki/RC6>
+=item * L<https://en.wikipedia.org/wiki/RC6>
 
 =back
 
 =cut
-
-__END__

lib/Crypt/Cipher/SAFERP.pm

@@ -4,16 +4,15 @@ package Crypt::Cipher::SAFERP;
 
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
 
-use CryptX;
+use base qw(Crypt::Cipher);
-use base 'Crypt::Cipher';
 
-sub blocksize      { Crypt::Cipher::blocksize(__PACKAGE__) }
+sub blocksize      { Crypt::Cipher::blocksize('SAFERP')      }
-sub keysize        { Crypt::Cipher::keysize(__PACKAGE__) }
+sub keysize        { Crypt::Cipher::keysize('SAFERP')        }
-sub max_keysize    { Crypt::Cipher::max_keysize(__PACKAGE__) }
+sub max_keysize    { Crypt::Cipher::max_keysize('SAFERP')    }
-sub min_keysize    { Crypt::Cipher::min_keysize(__PACKAGE__) }
+sub min_keysize    { Crypt::Cipher::min_keysize('SAFERP')    }
-sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
+sub default_rounds { Crypt::Cipher::default_rounds('SAFERP') }
 
 1;
 
@@ -21,7 +20,7 @@ sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
 
 =head1 NAME
 
-Crypt::Cipher::SAFERP - Symetric cipher SAFER+, key size: 128/192/256 bits (Crypt::CBC compliant)
+Crypt::Cipher::SAFERP - Symmetric cipher SAFER+, key size: 128/192/256 bits (Crypt::CBC compliant)
 
 =head1 SYNOPSIS
 
@@ -33,7 +32,7 @@ Crypt::Cipher::SAFERP - Symetric cipher SAFER+, key size: 128/192/256 bits (Cryp
   my $cbc = Crypt::Mode::CBC->new('SAFERP');
   my $ciphertext = $cbc->encrypt("secret data", $key, $iv);
 
-  ### example 2
+  ### example 2 (slower)
   use Crypt::CBC;
   use Crypt::Cipher::SAFERP;
 
@@ -110,12 +109,10 @@ L<Crypt::Mode::CBC|Crypt::Mode::CBC>, L<Crypt::Mode::CTR|Crypt::Mode::CTR> or L<
 
 =over
 
-=item * L<CryptX|CryptX>, L<Crypt::Cipher|Crypt::Cipher>
+=item * L<CryptX|CryptX>, L<Crypt::Cipher>
 
-=item * L<http://en.wikipedia.org/wiki/SAFER|http://en.wikipedia.org/wiki/SAFER>
+=item * L<https://en.wikipedia.org/wiki/SAFER>
 
 =back
 
 =cut
-
-__END__

lib/Crypt/Cipher/SAFER_K128.pm

@@ -4,16 +4,15 @@ package Crypt::Cipher::SAFER_K128;
 
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
 
-use CryptX;
+use base qw(Crypt::Cipher);
-use base 'Crypt::Cipher';
 
-sub blocksize      { Crypt::Cipher::blocksize(__PACKAGE__) }
+sub blocksize      { Crypt::Cipher::blocksize('SAFER_K128')      }
-sub keysize        { Crypt::Cipher::keysize(__PACKAGE__) }
+sub keysize        { Crypt::Cipher::keysize('SAFER_K128')        }
-sub max_keysize    { Crypt::Cipher::max_keysize(__PACKAGE__) }
+sub max_keysize    { Crypt::Cipher::max_keysize('SAFER_K128')    }
-sub min_keysize    { Crypt::Cipher::min_keysize(__PACKAGE__) }
+sub min_keysize    { Crypt::Cipher::min_keysize('SAFER_K128')    }
-sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
+sub default_rounds { Crypt::Cipher::default_rounds('SAFER_K128') }
 
 1;
 
@@ -21,7 +20,7 @@ sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
 
 =head1 NAME
 
-Crypt::Cipher::SAFER_K128 - Symetric cipher SAFER_K128, key size: 128 bits (Crypt::CBC compliant)
+Crypt::Cipher::SAFER_K128 - Symmetric cipher SAFER_K128, key size: 128 bits (Crypt::CBC compliant)
 
 =head1 SYNOPSIS
 
@@ -33,7 +32,7 @@ Crypt::Cipher::SAFER_K128 - Symetric cipher SAFER_K128, key size: 128 bits (Cryp
   my $cbc = Crypt::Mode::CBC->new('SAFER_K128');
   my $ciphertext = $cbc->encrypt("secret data", $key, $iv);
 
-  ### example 2
+  ### example 2 (slower)
   use Crypt::CBC;
   use Crypt::Cipher::SAFER_K128;
 
@@ -110,12 +109,10 @@ L<Crypt::Mode::CBC|Crypt::Mode::CBC>, L<Crypt::Mode::CTR|Crypt::Mode::CTR> or L<
 
 =over
 
-=item * L<CryptX|CryptX>, L<Crypt::Cipher|Crypt::Cipher>
+=item * L<CryptX|CryptX>, L<Crypt::Cipher>
 
-=item * L<http://en.wikipedia.org/wiki/SAFER|http://en.wikipedia.org/wiki/SAFER>
+=item * L<https://en.wikipedia.org/wiki/SAFER>
 
 =back
 
 =cut
-
-__END__

lib/Crypt/Cipher/SAFER_K64.pm

@@ -4,16 +4,15 @@ package Crypt::Cipher::SAFER_K64;
 
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
 
-use CryptX;
+use base qw(Crypt::Cipher);
-use base 'Crypt::Cipher';
 
-sub blocksize      { Crypt::Cipher::blocksize(__PACKAGE__) }
+sub blocksize      { Crypt::Cipher::blocksize('SAFER_K64')      }
-sub keysize        { Crypt::Cipher::keysize(__PACKAGE__) }
+sub keysize        { Crypt::Cipher::keysize('SAFER_K64')        }
-sub max_keysize    { Crypt::Cipher::max_keysize(__PACKAGE__) }
+sub max_keysize    { Crypt::Cipher::max_keysize('SAFER_K64')    }
-sub min_keysize    { Crypt::Cipher::min_keysize(__PACKAGE__) }
+sub min_keysize    { Crypt::Cipher::min_keysize('SAFER_K64')    }
-sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
+sub default_rounds { Crypt::Cipher::default_rounds('SAFER_K64') }
 
 1;
 
@@ -21,7 +20,7 @@ sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
 
 =head1 NAME
 
-Crypt::Cipher::SAFER_K64 - Symetric cipher SAFER_K64, key size: 64 bits (Crypt::CBC compliant)
+Crypt::Cipher::SAFER_K64 - Symmetric cipher SAFER_K64, key size: 64 bits (Crypt::CBC compliant)
 
 =head1 SYNOPSIS
 
@@ -33,7 +32,7 @@ Crypt::Cipher::SAFER_K64 - Symetric cipher SAFER_K64, key size: 64 bits (Crypt::
   my $cbc = Crypt::Mode::CBC->new('SAFER_K64');
   my $ciphertext = $cbc->encrypt("secret data", $key, $iv);
 
-  ### example 2
+  ### example 2 (slower)
   use Crypt::CBC;
   use Crypt::Cipher::SAFER_K64;
 
@@ -110,12 +109,10 @@ L<Crypt::Mode::CBC|Crypt::Mode::CBC>, L<Crypt::Mode::CTR|Crypt::Mode::CTR> or L<
 
 =over
 
-=item * L<CryptX|CryptX>, L<Crypt::Cipher|Crypt::Cipher>
+=item * L<CryptX|CryptX>, L<Crypt::Cipher>
 
-=item * L<http://en.wikipedia.org/wiki/SAFER|http://en.wikipedia.org/wiki/SAFER>
+=item * L<https://en.wikipedia.org/wiki/SAFER>
 
 =back
 
 =cut
-
-__END__

lib/Crypt/Cipher/SAFER_SK128.pm

@@ -4,16 +4,15 @@ package Crypt::Cipher::SAFER_SK128;
 
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
 
-use CryptX;
+use base qw(Crypt::Cipher);
-use base 'Crypt::Cipher';
 
-sub blocksize      { Crypt::Cipher::blocksize(__PACKAGE__) }
+sub blocksize      { Crypt::Cipher::blocksize('SAFER_SK128')      }
-sub keysize        { Crypt::Cipher::keysize(__PACKAGE__) }
+sub keysize        { Crypt::Cipher::keysize('SAFER_SK128')        }
-sub max_keysize    { Crypt::Cipher::max_keysize(__PACKAGE__) }
+sub max_keysize    { Crypt::Cipher::max_keysize('SAFER_SK128')    }
-sub min_keysize    { Crypt::Cipher::min_keysize(__PACKAGE__) }
+sub min_keysize    { Crypt::Cipher::min_keysize('SAFER_SK128')    }
-sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
+sub default_rounds { Crypt::Cipher::default_rounds('SAFER_SK128') }
 
 1;
 
@@ -21,7 +20,7 @@ sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
 
 =head1 NAME
 
-Crypt::Cipher::SAFER_SK128 - Symetric cipher SAFER_SK128, key size: 128 bits (Crypt::CBC compliant)
+Crypt::Cipher::SAFER_SK128 - Symmetric cipher SAFER_SK128, key size: 128 bits (Crypt::CBC compliant)
 
 =head1 SYNOPSIS
 
@@ -33,7 +32,7 @@ Crypt::Cipher::SAFER_SK128 - Symetric cipher SAFER_SK128, key size: 128 bits (Cr
   my $cbc = Crypt::Mode::CBC->new('SAFER_SK128');
   my $ciphertext = $cbc->encrypt("secret data", $key, $iv);
 
-  ### example 2
+  ### example 2 (slower)
   use Crypt::CBC;
   use Crypt::Cipher::SAFER_SK128;
 
@@ -110,12 +109,10 @@ L<Crypt::Mode::CBC|Crypt::Mode::CBC>, L<Crypt::Mode::CTR|Crypt::Mode::CTR> or L<
 
 =over
 
-=item * L<CryptX|CryptX>, L<Crypt::Cipher|Crypt::Cipher>
+=item * L<CryptX|CryptX>, L<Crypt::Cipher>
 
-=item * L<http://en.wikipedia.org/wiki/SAFER|http://en.wikipedia.org/wiki/SAFER>
+=item * L<https://en.wikipedia.org/wiki/SAFER>
 
 =back
 
 =cut
-
-__END__

lib/Crypt/Cipher/SAFER_SK64.pm

@@ -4,16 +4,15 @@ package Crypt::Cipher::SAFER_SK64;
 
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
 
-use CryptX;
+use base qw(Crypt::Cipher);
-use base 'Crypt::Cipher';
 
-sub blocksize      { Crypt::Cipher::blocksize(__PACKAGE__) }
+sub blocksize      { Crypt::Cipher::blocksize('SAFER_SK64')      }
-sub keysize        { Crypt::Cipher::keysize(__PACKAGE__) }
+sub keysize        { Crypt::Cipher::keysize('SAFER_SK64')        }
-sub max_keysize    { Crypt::Cipher::max_keysize(__PACKAGE__) }
+sub max_keysize    { Crypt::Cipher::max_keysize('SAFER_SK64')    }
-sub min_keysize    { Crypt::Cipher::min_keysize(__PACKAGE__) }
+sub min_keysize    { Crypt::Cipher::min_keysize('SAFER_SK64')    }
-sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
+sub default_rounds { Crypt::Cipher::default_rounds('SAFER_SK64') }
 
 1;
 
@@ -21,7 +20,7 @@ sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
 
 =head1 NAME
 
-Crypt::Cipher::SAFER_SK64 - Symetric cipher SAFER_SK64, key size: 64 bits (Crypt::CBC compliant)
+Crypt::Cipher::SAFER_SK64 - Symmetric cipher SAFER_SK64, key size: 64 bits (Crypt::CBC compliant)
 
 =head1 SYNOPSIS
 
@@ -33,7 +32,7 @@ Crypt::Cipher::SAFER_SK64 - Symetric cipher SAFER_SK64, key size: 64 bits (Crypt
   my $cbc = Crypt::Mode::CBC->new('SAFER_SK64');
   my $ciphertext = $cbc->encrypt("secret data", $key, $iv);
 
-  ### example 2
+  ### example 2 (slower)
   use Crypt::CBC;
   use Crypt::Cipher::SAFER_SK64;
 
@@ -110,12 +109,10 @@ L<Crypt::Mode::CBC|Crypt::Mode::CBC>, L<Crypt::Mode::CTR|Crypt::Mode::CTR> or L<
 
 =over
 
-=item * L<CryptX|CryptX>, L<Crypt::Cipher|Crypt::Cipher>
+=item * L<CryptX|CryptX>, L<Crypt::Cipher>
 
-=item * L<http://en.wikipedia.org/wiki/SAFER|http://en.wikipedia.org/wiki/SAFER>
+=item * L<https://en.wikipedia.org/wiki/SAFER>
 
 =back
 
 =cut
-
-__END__

lib/Crypt/Cipher/SEED.pm

@@ -4,16 +4,15 @@ package Crypt::Cipher::SEED;
 
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
 
-use CryptX;
+use base qw(Crypt::Cipher);
-use base 'Crypt::Cipher';
 
-sub blocksize      { Crypt::Cipher::blocksize(__PACKAGE__) }
+sub blocksize      { Crypt::Cipher::blocksize('SEED')      }
-sub keysize        { Crypt::Cipher::keysize(__PACKAGE__) }
+sub keysize        { Crypt::Cipher::keysize('SEED')        }
-sub max_keysize    { Crypt::Cipher::max_keysize(__PACKAGE__) }
+sub max_keysize    { Crypt::Cipher::max_keysize('SEED')    }
-sub min_keysize    { Crypt::Cipher::min_keysize(__PACKAGE__) }
+sub min_keysize    { Crypt::Cipher::min_keysize('SEED')    }
-sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
+sub default_rounds { Crypt::Cipher::default_rounds('SEED') }
 
 1;
 
@@ -21,7 +20,7 @@ sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
 
 =head1 NAME
 
-Crypt::Cipher::SEED - Symetric cipher SEED, key size: 128 bits (Crypt::CBC compliant)
+Crypt::Cipher::SEED - Symmetric cipher SEED, key size: 128 bits (Crypt::CBC compliant)
 
 =head1 SYNOPSIS
 
@@ -33,7 +32,7 @@ Crypt::Cipher::SEED - Symetric cipher SEED, key size: 128 bits (Crypt::CBC compl
   my $cbc = Crypt::Mode::CBC->new('SEED');
   my $ciphertext = $cbc->encrypt("secret data", $key, $iv);
 
-  ### example 2
+  ### example 2 (slower)
   use Crypt::CBC;
   use Crypt::Cipher::SEED;
 
@@ -110,12 +109,10 @@ L<Crypt::Mode::CBC|Crypt::Mode::CBC>, L<Crypt::Mode::CTR|Crypt::Mode::CTR> or L<
 
 =over
 
-=item * L<CryptX|CryptX>, L<Crypt::Cipher|Crypt::Cipher>
+=item * L<CryptX|CryptX>, L<Crypt::Cipher>
 
-=item * L<http://en.wikipedia.org/wiki/SEED|http://en.wikipedia.org/wiki/SEED>
+=item * L<https://en.wikipedia.org/wiki/SEED>
 
 =back
 
 =cut
-
-__END__

lib/Crypt/Cipher/Serpent.pm

@@ -0,0 +1,118 @@
+package Crypt::Cipher::Serpent;
+
+### BEWARE - GENERATED FILE, DO NOT EDIT MANUALLY!
+
+use strict;
+use warnings;
+our $VERSION = '0.058_002';
+
+use base qw(Crypt::Cipher);
+
+sub blocksize      { Crypt::Cipher::blocksize('Serpent')      }
+sub keysize        { Crypt::Cipher::keysize('Serpent')        }
+sub max_keysize    { Crypt::Cipher::max_keysize('Serpent')    }
+sub min_keysize    { Crypt::Cipher::min_keysize('Serpent')    }
+sub default_rounds { Crypt::Cipher::default_rounds('Serpent') }
+
+1;
+
+=pod
+
+=head1 NAME
+
+Crypt::Cipher::Serpent - Symmetric cipher Serpent, key size: 128/192/256 bits (Crypt::CBC compliant)
+
+=head1 SYNOPSIS
+
+  ### example 1
+  use Crypt::Mode::CBC;
+
+  my $key = '...'; # length has to be valid key size for this cipher
+  my $iv = '...';  # 16 bytes
+  my $cbc = Crypt::Mode::CBC->new('Serpent');
+  my $ciphertext = $cbc->encrypt("secret data", $key, $iv);
+
+  ### example 2 (slower)
+  use Crypt::CBC;
+  use Crypt::Cipher::Serpent;
+
+  my $key = '...'; # length has to be valid key size for this cipher
+  my $iv = '...';  # 16 bytes
+  my $cbc = Crypt::CBC->new( -cipher=>'Cipher::Serpent', -key=>$key, -iv=>$iv );
+  my $ciphertext = $cbc->encrypt("secret data");
+
+=head1 DESCRIPTION
+
+This module implements the Serpent cipher. Provided interface is compliant with L<Crypt::CBC|Crypt::CBC> module.
+
+B<BEWARE:> This module implements just elementary "one-block-(en|de)cryption" operation - if you want to
+encrypt/decrypt generic data you have to use some of the cipher block modes - check for example
+L<Crypt::Mode::CBC|Crypt::Mode::CBC>, L<Crypt::Mode::CTR|Crypt::Mode::CTR> or L<Crypt::CBC|Crypt::CBC> (which will be slower).
+
+=head1 METHODS
+
+=head2 new
+
+ $c = Crypt::Cipher::Serpent->new($key);
+ #or
+ $c = Crypt::Cipher::Serpent->new($key, $rounds);
+
+=head2 encrypt
+
+ $ciphertext = $c->encrypt($plaintext);
+
+=head2 decrypt
+
+ $plaintext = $c->decrypt($ciphertext);
+
+=head2 keysize
+
+  $c->keysize;
+  #or
+  Crypt::Cipher::Serpent->keysize;
+  #or
+  Crypt::Cipher::Serpent::keysize;
+
+=head2 blocksize
+
+  $c->blocksize;
+  #or
+  Crypt::Cipher::Serpent->blocksize;
+  #or
+  Crypt::Cipher::Serpent::blocksize;
+
+=head2 max_keysize
+
+  $c->max_keysize;
+  #or
+  Crypt::Cipher::Serpent->max_keysize;
+  #or
+  Crypt::Cipher::Serpent::max_keysize;
+
+=head2 min_keysize
+
+  $c->min_keysize;
+  #or
+  Crypt::Cipher::Serpent->min_keysize;
+  #or
+  Crypt::Cipher::Serpent::min_keysize;
+
+=head2 default_rounds
+
+  $c->default_rounds;
+  #or
+  Crypt::Cipher::Serpent->default_rounds;
+  #or
+  Crypt::Cipher::Serpent::default_rounds;
+
+=head1 SEE ALSO
+
+=over
+
+=item * L<CryptX|CryptX>, L<Crypt::Cipher>
+
+=item * L<https://en.wikipedia.org/wiki/Serpent_(cipher)>
+
+=back
+
+=cut

lib/Crypt/Cipher/Skipjack.pm

@@ -4,16 +4,15 @@ package Crypt::Cipher::Skipjack;
 
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
 
-use CryptX;
+use base qw(Crypt::Cipher);
-use base 'Crypt::Cipher';
 
-sub blocksize      { Crypt::Cipher::blocksize(__PACKAGE__) }
+sub blocksize      { Crypt::Cipher::blocksize('Skipjack')      }
-sub keysize        { Crypt::Cipher::keysize(__PACKAGE__) }
+sub keysize        { Crypt::Cipher::keysize('Skipjack')        }
-sub max_keysize    { Crypt::Cipher::max_keysize(__PACKAGE__) }
+sub max_keysize    { Crypt::Cipher::max_keysize('Skipjack')    }
-sub min_keysize    { Crypt::Cipher::min_keysize(__PACKAGE__) }
+sub min_keysize    { Crypt::Cipher::min_keysize('Skipjack')    }
-sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
+sub default_rounds { Crypt::Cipher::default_rounds('Skipjack') }
 
 1;
 
@@ -21,7 +20,7 @@ sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
 
 =head1 NAME
 
-Crypt::Cipher::Skipjack - Symetric cipher Skipjack, key size: 80 bits (Crypt::CBC compliant)
+Crypt::Cipher::Skipjack - Symmetric cipher Skipjack, key size: 80 bits (Crypt::CBC compliant)
 
 =head1 SYNOPSIS
 
@@ -33,7 +32,7 @@ Crypt::Cipher::Skipjack - Symetric cipher Skipjack, key size: 80 bits (Crypt::CB
   my $cbc = Crypt::Mode::CBC->new('Skipjack');
   my $ciphertext = $cbc->encrypt("secret data", $key, $iv);
 
-  ### example 2
+  ### example 2 (slower)
   use Crypt::CBC;
   use Crypt::Cipher::Skipjack;
 
@@ -110,12 +109,10 @@ L<Crypt::Mode::CBC|Crypt::Mode::CBC>, L<Crypt::Mode::CTR|Crypt::Mode::CTR> or L<
 
 =over
 
-=item * L<CryptX|CryptX>, L<Crypt::Cipher|Crypt::Cipher>
+=item * L<CryptX|CryptX>, L<Crypt::Cipher>
 
-=item * L<http://en.wikipedia.org/wiki/Skipjack_(cipher)|http://en.wikipedia.org/wiki/Skipjack_(cipher)>
+=item * L<https://en.wikipedia.org/wiki/Skipjack_(cipher)>
 
 =back
 
 =cut
-
-__END__

lib/Crypt/Cipher/Twofish.pm

@@ -4,16 +4,15 @@ package Crypt::Cipher::Twofish;
 
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
 
-use CryptX;
+use base qw(Crypt::Cipher);
-use base 'Crypt::Cipher';
 
-sub blocksize      { Crypt::Cipher::blocksize(__PACKAGE__) }
+sub blocksize      { Crypt::Cipher::blocksize('Twofish')      }
-sub keysize        { Crypt::Cipher::keysize(__PACKAGE__) }
+sub keysize        { Crypt::Cipher::keysize('Twofish')        }
-sub max_keysize    { Crypt::Cipher::max_keysize(__PACKAGE__) }
+sub max_keysize    { Crypt::Cipher::max_keysize('Twofish')    }
-sub min_keysize    { Crypt::Cipher::min_keysize(__PACKAGE__) }
+sub min_keysize    { Crypt::Cipher::min_keysize('Twofish')    }
-sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
+sub default_rounds { Crypt::Cipher::default_rounds('Twofish') }
 
 1;
 
@@ -21,7 +20,7 @@ sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
 
 =head1 NAME
 
-Crypt::Cipher::Twofish - Symetric cipher Twofish, key size: 128/192/256 bits (Crypt::CBC compliant)
+Crypt::Cipher::Twofish - Symmetric cipher Twofish, key size: 128/192/256 bits (Crypt::CBC compliant)
 
 =head1 SYNOPSIS
 
@@ -33,7 +32,7 @@ Crypt::Cipher::Twofish - Symetric cipher Twofish, key size: 128/192/256 bits (Cr
   my $cbc = Crypt::Mode::CBC->new('Twofish');
   my $ciphertext = $cbc->encrypt("secret data", $key, $iv);
 
-  ### example 2
+  ### example 2 (slower)
   use Crypt::CBC;
   use Crypt::Cipher::Twofish;
 
@@ -110,12 +109,10 @@ L<Crypt::Mode::CBC|Crypt::Mode::CBC>, L<Crypt::Mode::CTR|Crypt::Mode::CTR> or L<
 
 =over
 
-=item * L<CryptX|CryptX>, L<Crypt::Cipher|Crypt::Cipher>
+=item * L<CryptX|CryptX>, L<Crypt::Cipher>
 
-=item * L<http://en.wikipedia.org/wiki/Twofish|http://en.wikipedia.org/wiki/Twofish>
+=item * L<https://en.wikipedia.org/wiki/Twofish>
 
 =back
 
 =cut
-
-__END__

lib/Crypt/Cipher/XTEA.pm

@@ -4,16 +4,15 @@ package Crypt::Cipher::XTEA;
 
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
 
-use CryptX;
+use base qw(Crypt::Cipher);
-use base 'Crypt::Cipher';
 
-sub blocksize      { Crypt::Cipher::blocksize(__PACKAGE__) }
+sub blocksize      { Crypt::Cipher::blocksize('XTEA')      }
-sub keysize        { Crypt::Cipher::keysize(__PACKAGE__) }
+sub keysize        { Crypt::Cipher::keysize('XTEA')        }
-sub max_keysize    { Crypt::Cipher::max_keysize(__PACKAGE__) }
+sub max_keysize    { Crypt::Cipher::max_keysize('XTEA')    }
-sub min_keysize    { Crypt::Cipher::min_keysize(__PACKAGE__) }
+sub min_keysize    { Crypt::Cipher::min_keysize('XTEA')    }
-sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
+sub default_rounds { Crypt::Cipher::default_rounds('XTEA') }
 
 1;
 
@@ -21,7 +20,7 @@ sub default_rounds { Crypt::Cipher::default_rounds(__PACKAGE__) }
 
 =head1 NAME
 
-Crypt::Cipher::XTEA - Symetric cipher XTEA, key size: 128 bits (Crypt::CBC compliant)
+Crypt::Cipher::XTEA - Symmetric cipher XTEA, key size: 128 bits (Crypt::CBC compliant)
 
 =head1 SYNOPSIS
 
@@ -33,7 +32,7 @@ Crypt::Cipher::XTEA - Symetric cipher XTEA, key size: 128 bits (Crypt::CBC compl
   my $cbc = Crypt::Mode::CBC->new('XTEA');
   my $ciphertext = $cbc->encrypt("secret data", $key, $iv);
 
-  ### example 2
+  ### example 2 (slower)
   use Crypt::CBC;
   use Crypt::Cipher::XTEA;
 
@@ -110,12 +109,10 @@ L<Crypt::Mode::CBC|Crypt::Mode::CBC>, L<Crypt::Mode::CTR|Crypt::Mode::CTR> or L<
 
 =over
 
-=item * L<CryptX|CryptX>, L<Crypt::Cipher|Crypt::Cipher>
+=item * L<CryptX|CryptX>, L<Crypt::Cipher>
 
-=item * L<http://en.wikipedia.org/wiki/XTEA|http://en.wikipedia.org/wiki/XTEA>
+=item * L<https://en.wikipedia.org/wiki/XTEA>
 
 =back
 
 =cut
-
-__END__

lib/Crypt/Digest.pm

@@ -2,7 +2,7 @@ package Crypt::Digest;
 
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
 
 require Exporter; our @ISA = qw(Exporter); ### use Exporter 'import';
 our %EXPORT_TAGS = ( all => [qw( digest_data digest_data_hex digest_data_b64 digest_data_b64u digest_file digest_file_hex digest_file_b64 digest_file_b64u )] );
@@ -14,70 +14,22 @@ $Carp::Internal{(__PACKAGE__)}++;
 use CryptX;
 
 ### the following methods/functions are implemented in XS:
-# - _new
+# - new
-# - _hashsize
+# - hashsize
-# - _hashsize_by_name (function, not method)
 # - clone
 # - reset
 # - digest
 # - hexdigest
 # - b64digest
 # - add
+# - digest_data
+# - digest_data_hex
+# - digest_data_b64
+# - digest_data_b64u
 # - DESTROY
 
-sub _trans_digest_name {
-  my $name = shift;
-  my %trans = (
-    CHAES       => 'chc_hash',
-    RIPEMD128   => 'rmd128',
-    RIPEMD160   => 'rmd160',
-    RIPEMD256   => 'rmd256',
-    RIPEMD320   => 'rmd320',
-    TIGER192    => 'tiger',
-    SHA512_224  => 'sha512-224',
-    SHA512_256  => 'sha512-256',
-    SHA3_224    => 'sha3-224',
-    SHA3_256    => 'sha3-256',
-    SHA3_384    => 'sha3-384',
-    SHA3_512    => 'sha3-512',
-    BLAKE2B_160 => 'blake2b-160',
-    BLAKE2B_256 => 'blake2b-256',
-    BLAKE2B_384 => 'blake2b-384',
-    BLAKE2B_512 => 'blake2b-512',
-    BLAKE2S_128 => 'blake2s-128',
-    BLAKE2S_160 => 'blake2s-160',
-    BLAKE2S_224 => 'blake2s-224',
-    BLAKE2S_256 => 'blake2s-256',
-  );
-  $name =~ s/^Crypt::Digest:://i;
-  return $trans{uc($name)} if defined $trans{uc($name)};
-  return lc($name);
-}
-
 ### METHODS
 
-sub new {
-  my $pkg = shift;
-  unshift @_, ($pkg eq 'Crypt::Digest' ? _trans_digest_name(shift) : _trans_digest_name($pkg));
-  ###return _new(@_);
-  goto \&_new; # keep the real caller for croak()
-}
-
-sub hashsize {
-  return unless defined $_[0];
-
-  if (ref $_[0]) {
-    ###return _hashsize(@_);
-    goto \&_hashsize if ref $_[0];        # keep the real caller for croak()
-  }
-  else {
-    my $pkg = shift;
-    unshift @_, ($pkg eq 'Crypt::Digest' ? _trans_digest_name(shift) : _trans_digest_name($pkg));
-    ###return _hashsize_by_name(@_);
-    goto \&_hashsize_by_name;             # keep the real caller for croak()
-  }
-}
-
 sub addfile {
   my ($self, $file) = @_;
 
@@ -105,22 +57,10 @@ sub CLONE_SKIP { 1 } # prevent cloning
 
 ### FUNCTIONS
 
-sub digest_data        { my $rv = eval {Crypt::Digest->new(shift)->add(@_)->digest}; _croak($@); $rv }
+sub digest_file        { local $SIG{__DIE__} = \&CryptX::_croak; Crypt::Digest->new(shift)->addfile(@_)->digest     }
-sub digest_data_hex    { my $rv = eval {Crypt::Digest->new(shift)->add(@_)->hexdigest}; _croak($@); $rv }
+sub digest_file_hex    { local $SIG{__DIE__} = \&CryptX::_croak; Crypt::Digest->new(shift)->addfile(@_)->hexdigest  }
-sub digest_data_b64    { my $rv = eval {Crypt::Digest->new(shift)->add(@_)->b64digest}; _croak($@); $rv }
+sub digest_file_b64    { local $SIG{__DIE__} = \&CryptX::_croak; Crypt::Digest->new(shift)->addfile(@_)->b64digest  }
-sub digest_data_b64u   { my $rv = eval {Crypt::Digest->new(shift)->add(@_)->b64udigest}; _croak($@); $rv }
+sub digest_file_b64u   { local $SIG{__DIE__} = \&CryptX::_croak; Crypt::Digest->new(shift)->addfile(@_)->b64udigest }
-
-sub digest_file        { my $rv = eval {Crypt::Digest->new(shift)->addfile(@_)->digest}; _croak($@); $rv }
-sub digest_file_hex    { my $rv = eval {Crypt::Digest->new(shift)->addfile(@_)->hexdigest}; _croak($@); $rv }
-sub digest_file_b64    { my $rv = eval {Crypt::Digest->new(shift)->addfile(@_)->b64digest}; _croak($@); $rv }
-sub digest_file_b64u   { my $rv = eval {Crypt::Digest->new(shift)->addfile(@_)->b64udigest}; _croak($@); $rv }
-
-sub _croak { #XXX-FIXME ugly hack for reporting real caller from XS croaks
-   if ($_[0]) {
-     $_[0] =~ s/ at .*?\.pm line \d+.[\n\r]*$//g;
-     croak $_[0];
-   }
-}
 
 1;
 
@@ -183,14 +123,16 @@ Or all of them at once:
 
 =head1 FUNCTIONS
 
-Please note that all functions take as its first argument the algoritm name, supported values are:
+Please note that all functions take as its first argument the algorithm name, supported values are:
 
  'CHAES', 'MD2', 'MD4', 'MD5', 'RIPEMD128', 'RIPEMD160',
  'RIPEMD256', 'RIPEMD320', 'SHA1', 'SHA224', 'SHA256',
  'SHA384', 'SHA512', 'SHA512_224', 'SHA512_256', 'Tiger192', 'Whirlpool',
- 'SHA3_224', 'SHA3_256', 'SHA3_384', 'SHA3_512'
+ 'SHA3_224', 'SHA3_256', 'SHA3_384', 'SHA3_512',
+ 'BLAKE2b_160', 'BLAKE2b_256', 'BLAKE2b_384', 'BLAKE2b_512',
+ 'BLAKE2s_128', 'BLAKE2s_160', 'BLAKE2s_224', 'BLAKE2s_256'
 
- (simply any <FUNCNAME> for which there is Crypt::Digest::<FUNCNAME> module)
+ (simply any <NAME> for which there is Crypt::Digest::<NAME> module)
 
 =head2 digest_data
 
@@ -355,7 +297,7 @@ Returns the digest encoded as a hexadecimal string.
 =head2 b64digest
 
 Returns the digest encoded as a Base64 string, B<with> trailing '=' padding (B<BEWARE:> this padding
-style might differ from other Digest::SOMETHING modules on CPAN).
+style might differ from other Digest::<SOMETHING> modules on CPAN).
 
  $result_b64 = $d->b64digest();
 
@@ -378,5 +320,3 @@ Returns the digest encoded as a Base64 URL Safe string (see RFC 4648 section 5).
 =back
 
 =cut
-
-__END__

lib/Crypt/Digest/BLAKE2b_160.pm

@@ -4,7 +4,7 @@ package Crypt::Digest::BLAKE2b_160;
 
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
 
 use base qw(Crypt::Digest Exporter);
 our %EXPORT_TAGS = ( all => [qw( blake2b_160 blake2b_160_hex blake2b_160_b64 blake2b_160_b64u blake2b_160_file blake2b_160_file_hex blake2b_160_file_b64 blake2b_160_file_b64u )] );
@@ -13,19 +13,17 @@ our @EXPORT = qw();
 
 use Carp;
 $Carp::Internal{(__PACKAGE__)}++;
-use CryptX;
+use Crypt::Digest;
 
-sub hashsize { Crypt::Digest::hashsize(__PACKAGE__) }
+sub hashsize                { Crypt::Digest::hashsize('BLAKE2b_160')             }
-
+sub blake2b_160             { Crypt::Digest::digest_data('BLAKE2b_160', @_)      }
-sub blake2b_160             { Crypt::Digest::digest_data(__PACKAGE__, @_) }
+sub blake2b_160_hex         { Crypt::Digest::digest_data_hex('BLAKE2b_160', @_)  }
-sub blake2b_160_hex         { Crypt::Digest::digest_data_hex(__PACKAGE__, @_) }
+sub blake2b_160_b64         { Crypt::Digest::digest_data_b64('BLAKE2b_160', @_)  }
-sub blake2b_160_b64         { Crypt::Digest::digest_data_b64(__PACKAGE__, @_) }
+sub blake2b_160_b64u        { Crypt::Digest::digest_data_b64u('BLAKE2b_160', @_) }
-sub blake2b_160_b64u        { Crypt::Digest::digest_data_b64u(__PACKAGE__, @_) }
+sub blake2b_160_file        { Crypt::Digest::digest_file('BLAKE2b_160', @_)      }
-
+sub blake2b_160_file_hex    { Crypt::Digest::digest_file_hex('BLAKE2b_160', @_)  }
-sub blake2b_160_file        { Crypt::Digest::digest_file(__PACKAGE__, @_) }
+sub blake2b_160_file_b64    { Crypt::Digest::digest_file_b64('BLAKE2b_160', @_)  }
-sub blake2b_160_file_hex    { Crypt::Digest::digest_file_hex(__PACKAGE__, @_) }
+sub blake2b_160_file_b64u   { Crypt::Digest::digest_file_b64u('BLAKE2b_160', @_) }
-sub blake2b_160_file_b64    { Crypt::Digest::digest_file_b64(__PACKAGE__, @_) }
-sub blake2b_160_file_b64u   { Crypt::Digest::digest_file_b64u(__PACKAGE__, @_) }
 
 1;
 
@@ -216,14 +214,12 @@ The OO interface provides the same set of functions as L<Crypt::Digest>.
 
 =over
 
-=item * L<CryptX|CryptX>, L<Crypt::Digest|Crypt::Digest>
+=item * L<CryptX|CryptX>, L<Crypt::Digest>
 
-=item * L<https://blake2.net/|https://blake2.net/>
+=item * L<https://blake2.net/>
 
-=item * L<https://tools.ietf.org/html/rfc7693|https://tools.ietf.org/html/rfc7693>
+=item * L<https://tools.ietf.org/html/rfc7693>
 
 =back
 
 =cut
-
-__END__

lib/Crypt/Digest/BLAKE2b_256.pm

@@ -4,7 +4,7 @@ package Crypt::Digest::BLAKE2b_256;
 
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
 
 use base qw(Crypt::Digest Exporter);
 our %EXPORT_TAGS = ( all => [qw( blake2b_256 blake2b_256_hex blake2b_256_b64 blake2b_256_b64u blake2b_256_file blake2b_256_file_hex blake2b_256_file_b64 blake2b_256_file_b64u )] );
@@ -13,19 +13,17 @@ our @EXPORT = qw();
 
 use Carp;
 $Carp::Internal{(__PACKAGE__)}++;
-use CryptX;
+use Crypt::Digest;
 
-sub hashsize { Crypt::Digest::hashsize(__PACKAGE__) }
+sub hashsize                { Crypt::Digest::hashsize('BLAKE2b_256')             }
-
+sub blake2b_256             { Crypt::Digest::digest_data('BLAKE2b_256', @_)      }
-sub blake2b_256             { Crypt::Digest::digest_data(__PACKAGE__, @_) }
+sub blake2b_256_hex         { Crypt::Digest::digest_data_hex('BLAKE2b_256', @_)  }
-sub blake2b_256_hex         { Crypt::Digest::digest_data_hex(__PACKAGE__, @_) }
+sub blake2b_256_b64         { Crypt::Digest::digest_data_b64('BLAKE2b_256', @_)  }
-sub blake2b_256_b64         { Crypt::Digest::digest_data_b64(__PACKAGE__, @_) }
+sub blake2b_256_b64u        { Crypt::Digest::digest_data_b64u('BLAKE2b_256', @_) }
-sub blake2b_256_b64u        { Crypt::Digest::digest_data_b64u(__PACKAGE__, @_) }
+sub blake2b_256_file        { Crypt::Digest::digest_file('BLAKE2b_256', @_)      }
-
+sub blake2b_256_file_hex    { Crypt::Digest::digest_file_hex('BLAKE2b_256', @_)  }
-sub blake2b_256_file        { Crypt::Digest::digest_file(__PACKAGE__, @_) }
+sub blake2b_256_file_b64    { Crypt::Digest::digest_file_b64('BLAKE2b_256', @_)  }
-sub blake2b_256_file_hex    { Crypt::Digest::digest_file_hex(__PACKAGE__, @_) }
+sub blake2b_256_file_b64u   { Crypt::Digest::digest_file_b64u('BLAKE2b_256', @_) }
-sub blake2b_256_file_b64    { Crypt::Digest::digest_file_b64(__PACKAGE__, @_) }
-sub blake2b_256_file_b64u   { Crypt::Digest::digest_file_b64u(__PACKAGE__, @_) }
 
 1;
 
@@ -216,14 +214,12 @@ The OO interface provides the same set of functions as L<Crypt::Digest>.
 
 =over
 
-=item * L<CryptX|CryptX>, L<Crypt::Digest|Crypt::Digest>
+=item * L<CryptX|CryptX>, L<Crypt::Digest>
 
-=item * L<https://blake2.net/|https://blake2.net/>
+=item * L<https://blake2.net/>
 
-=item * L<https://tools.ietf.org/html/rfc7693|https://tools.ietf.org/html/rfc7693>
+=item * L<https://tools.ietf.org/html/rfc7693>
 
 =back
 
 =cut
-
-__END__

lib/Crypt/Digest/BLAKE2b_384.pm

@@ -4,7 +4,7 @@ package Crypt::Digest::BLAKE2b_384;
 
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
 
 use base qw(Crypt::Digest Exporter);
 our %EXPORT_TAGS = ( all => [qw( blake2b_384 blake2b_384_hex blake2b_384_b64 blake2b_384_b64u blake2b_384_file blake2b_384_file_hex blake2b_384_file_b64 blake2b_384_file_b64u )] );
@@ -13,19 +13,17 @@ our @EXPORT = qw();
 
 use Carp;
 $Carp::Internal{(__PACKAGE__)}++;
-use CryptX;
+use Crypt::Digest;
 
-sub hashsize { Crypt::Digest::hashsize(__PACKAGE__) }
+sub hashsize                { Crypt::Digest::hashsize('BLAKE2b_384')             }
-
+sub blake2b_384             { Crypt::Digest::digest_data('BLAKE2b_384', @_)      }
-sub blake2b_384             { Crypt::Digest::digest_data(__PACKAGE__, @_) }
+sub blake2b_384_hex         { Crypt::Digest::digest_data_hex('BLAKE2b_384', @_)  }
-sub blake2b_384_hex         { Crypt::Digest::digest_data_hex(__PACKAGE__, @_) }
+sub blake2b_384_b64         { Crypt::Digest::digest_data_b64('BLAKE2b_384', @_)  }
-sub blake2b_384_b64         { Crypt::Digest::digest_data_b64(__PACKAGE__, @_) }
+sub blake2b_384_b64u        { Crypt::Digest::digest_data_b64u('BLAKE2b_384', @_) }
-sub blake2b_384_b64u        { Crypt::Digest::digest_data_b64u(__PACKAGE__, @_) }
+sub blake2b_384_file        { Crypt::Digest::digest_file('BLAKE2b_384', @_)      }
-
+sub blake2b_384_file_hex    { Crypt::Digest::digest_file_hex('BLAKE2b_384', @_)  }
-sub blake2b_384_file        { Crypt::Digest::digest_file(__PACKAGE__, @_) }
+sub blake2b_384_file_b64    { Crypt::Digest::digest_file_b64('BLAKE2b_384', @_)  }
-sub blake2b_384_file_hex    { Crypt::Digest::digest_file_hex(__PACKAGE__, @_) }
+sub blake2b_384_file_b64u   { Crypt::Digest::digest_file_b64u('BLAKE2b_384', @_) }
-sub blake2b_384_file_b64    { Crypt::Digest::digest_file_b64(__PACKAGE__, @_) }
-sub blake2b_384_file_b64u   { Crypt::Digest::digest_file_b64u(__PACKAGE__, @_) }
 
 1;
 
@@ -216,14 +214,12 @@ The OO interface provides the same set of functions as L<Crypt::Digest>.
 
 =over
 
-=item * L<CryptX|CryptX>, L<Crypt::Digest|Crypt::Digest>
+=item * L<CryptX|CryptX>, L<Crypt::Digest>
 
-=item * L<https://blake2.net/|https://blake2.net/>
+=item * L<https://blake2.net/>
 
-=item * L<https://tools.ietf.org/html/rfc7693|https://tools.ietf.org/html/rfc7693>
+=item * L<https://tools.ietf.org/html/rfc7693>
 
 =back
 
 =cut
-
-__END__

lib/Crypt/Digest/BLAKE2b_512.pm

@@ -4,7 +4,7 @@ package Crypt::Digest::BLAKE2b_512;
 
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
 
 use base qw(Crypt::Digest Exporter);
 our %EXPORT_TAGS = ( all => [qw( blake2b_512 blake2b_512_hex blake2b_512_b64 blake2b_512_b64u blake2b_512_file blake2b_512_file_hex blake2b_512_file_b64 blake2b_512_file_b64u )] );
@@ -13,19 +13,17 @@ our @EXPORT = qw();
 
 use Carp;
 $Carp::Internal{(__PACKAGE__)}++;
-use CryptX;
+use Crypt::Digest;
 
-sub hashsize { Crypt::Digest::hashsize(__PACKAGE__) }
+sub hashsize                { Crypt::Digest::hashsize('BLAKE2b_512')             }
-
+sub blake2b_512             { Crypt::Digest::digest_data('BLAKE2b_512', @_)      }
-sub blake2b_512             { Crypt::Digest::digest_data(__PACKAGE__, @_) }
+sub blake2b_512_hex         { Crypt::Digest::digest_data_hex('BLAKE2b_512', @_)  }
-sub blake2b_512_hex         { Crypt::Digest::digest_data_hex(__PACKAGE__, @_) }
+sub blake2b_512_b64         { Crypt::Digest::digest_data_b64('BLAKE2b_512', @_)  }
-sub blake2b_512_b64         { Crypt::Digest::digest_data_b64(__PACKAGE__, @_) }
+sub blake2b_512_b64u        { Crypt::Digest::digest_data_b64u('BLAKE2b_512', @_) }
-sub blake2b_512_b64u        { Crypt::Digest::digest_data_b64u(__PACKAGE__, @_) }
+sub blake2b_512_file        { Crypt::Digest::digest_file('BLAKE2b_512', @_)      }
-
+sub blake2b_512_file_hex    { Crypt::Digest::digest_file_hex('BLAKE2b_512', @_)  }
-sub blake2b_512_file        { Crypt::Digest::digest_file(__PACKAGE__, @_) }
+sub blake2b_512_file_b64    { Crypt::Digest::digest_file_b64('BLAKE2b_512', @_)  }
-sub blake2b_512_file_hex    { Crypt::Digest::digest_file_hex(__PACKAGE__, @_) }
+sub blake2b_512_file_b64u   { Crypt::Digest::digest_file_b64u('BLAKE2b_512', @_) }
-sub blake2b_512_file_b64    { Crypt::Digest::digest_file_b64(__PACKAGE__, @_) }
-sub blake2b_512_file_b64u   { Crypt::Digest::digest_file_b64u(__PACKAGE__, @_) }
 
 1;
 
@@ -216,14 +214,12 @@ The OO interface provides the same set of functions as L<Crypt::Digest>.
 
 =over
 
-=item * L<CryptX|CryptX>, L<Crypt::Digest|Crypt::Digest>
+=item * L<CryptX|CryptX>, L<Crypt::Digest>
 
-=item * L<https://blake2.net/|https://blake2.net/>
+=item * L<https://blake2.net/>
 
-=item * L<https://tools.ietf.org/html/rfc7693|https://tools.ietf.org/html/rfc7693>
+=item * L<https://tools.ietf.org/html/rfc7693>
 
 =back
 
 =cut
-
-__END__

lib/Crypt/Digest/BLAKE2s_128.pm

@@ -4,7 +4,7 @@ package Crypt::Digest::BLAKE2s_128;
 
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
 
 use base qw(Crypt::Digest Exporter);
 our %EXPORT_TAGS = ( all => [qw( blake2s_128 blake2s_128_hex blake2s_128_b64 blake2s_128_b64u blake2s_128_file blake2s_128_file_hex blake2s_128_file_b64 blake2s_128_file_b64u )] );
@@ -13,19 +13,17 @@ our @EXPORT = qw();
 
 use Carp;
 $Carp::Internal{(__PACKAGE__)}++;
-use CryptX;
+use Crypt::Digest;
 
-sub hashsize { Crypt::Digest::hashsize(__PACKAGE__) }
+sub hashsize                { Crypt::Digest::hashsize('BLAKE2s_128')             }
-
+sub blake2s_128             { Crypt::Digest::digest_data('BLAKE2s_128', @_)      }
-sub blake2s_128             { Crypt::Digest::digest_data(__PACKAGE__, @_) }
+sub blake2s_128_hex         { Crypt::Digest::digest_data_hex('BLAKE2s_128', @_)  }
-sub blake2s_128_hex         { Crypt::Digest::digest_data_hex(__PACKAGE__, @_) }
+sub blake2s_128_b64         { Crypt::Digest::digest_data_b64('BLAKE2s_128', @_)  }
-sub blake2s_128_b64         { Crypt::Digest::digest_data_b64(__PACKAGE__, @_) }
+sub blake2s_128_b64u        { Crypt::Digest::digest_data_b64u('BLAKE2s_128', @_) }
-sub blake2s_128_b64u        { Crypt::Digest::digest_data_b64u(__PACKAGE__, @_) }
+sub blake2s_128_file        { Crypt::Digest::digest_file('BLAKE2s_128', @_)      }
-
+sub blake2s_128_file_hex    { Crypt::Digest::digest_file_hex('BLAKE2s_128', @_)  }
-sub blake2s_128_file        { Crypt::Digest::digest_file(__PACKAGE__, @_) }
+sub blake2s_128_file_b64    { Crypt::Digest::digest_file_b64('BLAKE2s_128', @_)  }
-sub blake2s_128_file_hex    { Crypt::Digest::digest_file_hex(__PACKAGE__, @_) }
+sub blake2s_128_file_b64u   { Crypt::Digest::digest_file_b64u('BLAKE2s_128', @_) }
-sub blake2s_128_file_b64    { Crypt::Digest::digest_file_b64(__PACKAGE__, @_) }
-sub blake2s_128_file_b64u   { Crypt::Digest::digest_file_b64u(__PACKAGE__, @_) }
 
 1;
 
@@ -216,14 +214,12 @@ The OO interface provides the same set of functions as L<Crypt::Digest>.
 
 =over
 
-=item * L<CryptX|CryptX>, L<Crypt::Digest|Crypt::Digest>
+=item * L<CryptX|CryptX>, L<Crypt::Digest>
 
-=item * L<https://blake2.net/|https://blake2.net/>
+=item * L<https://blake2.net/>
 
-=item * L<https://tools.ietf.org/html/rfc7693|https://tools.ietf.org/html/rfc7693>
+=item * L<https://tools.ietf.org/html/rfc7693>
 
 =back
 
 =cut
-
-__END__

lib/Crypt/Digest/BLAKE2s_160.pm

@@ -4,7 +4,7 @@ package Crypt::Digest::BLAKE2s_160;
 
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
 
 use base qw(Crypt::Digest Exporter);
 our %EXPORT_TAGS = ( all => [qw( blake2s_160 blake2s_160_hex blake2s_160_b64 blake2s_160_b64u blake2s_160_file blake2s_160_file_hex blake2s_160_file_b64 blake2s_160_file_b64u )] );
@@ -13,19 +13,17 @@ our @EXPORT = qw();
 
 use Carp;
 $Carp::Internal{(__PACKAGE__)}++;
-use CryptX;
+use Crypt::Digest;
 
-sub hashsize { Crypt::Digest::hashsize(__PACKAGE__) }
+sub hashsize                { Crypt::Digest::hashsize('BLAKE2s_160')             }
-
+sub blake2s_160             { Crypt::Digest::digest_data('BLAKE2s_160', @_)      }
-sub blake2s_160             { Crypt::Digest::digest_data(__PACKAGE__, @_) }
+sub blake2s_160_hex         { Crypt::Digest::digest_data_hex('BLAKE2s_160', @_)  }
-sub blake2s_160_hex         { Crypt::Digest::digest_data_hex(__PACKAGE__, @_) }
+sub blake2s_160_b64         { Crypt::Digest::digest_data_b64('BLAKE2s_160', @_)  }
-sub blake2s_160_b64         { Crypt::Digest::digest_data_b64(__PACKAGE__, @_) }
+sub blake2s_160_b64u        { Crypt::Digest::digest_data_b64u('BLAKE2s_160', @_) }
-sub blake2s_160_b64u        { Crypt::Digest::digest_data_b64u(__PACKAGE__, @_) }
+sub blake2s_160_file        { Crypt::Digest::digest_file('BLAKE2s_160', @_)      }
-
+sub blake2s_160_file_hex    { Crypt::Digest::digest_file_hex('BLAKE2s_160', @_)  }
-sub blake2s_160_file        { Crypt::Digest::digest_file(__PACKAGE__, @_) }
+sub blake2s_160_file_b64    { Crypt::Digest::digest_file_b64('BLAKE2s_160', @_)  }
-sub blake2s_160_file_hex    { Crypt::Digest::digest_file_hex(__PACKAGE__, @_) }
+sub blake2s_160_file_b64u   { Crypt::Digest::digest_file_b64u('BLAKE2s_160', @_) }
-sub blake2s_160_file_b64    { Crypt::Digest::digest_file_b64(__PACKAGE__, @_) }
-sub blake2s_160_file_b64u   { Crypt::Digest::digest_file_b64u(__PACKAGE__, @_) }
 
 1;
 
@@ -216,14 +214,12 @@ The OO interface provides the same set of functions as L<Crypt::Digest>.
 
 =over
 
-=item * L<CryptX|CryptX>, L<Crypt::Digest|Crypt::Digest>
+=item * L<CryptX|CryptX>, L<Crypt::Digest>
 
-=item * L<https://blake2.net/|https://blake2.net/>
+=item * L<https://blake2.net/>
 
-=item * L<https://tools.ietf.org/html/rfc7693|https://tools.ietf.org/html/rfc7693>
+=item * L<https://tools.ietf.org/html/rfc7693>
 
 =back
 
 =cut
-
-__END__

lib/Crypt/Digest/BLAKE2s_224.pm

@@ -4,7 +4,7 @@ package Crypt::Digest::BLAKE2s_224;
 
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
 
 use base qw(Crypt::Digest Exporter);
 our %EXPORT_TAGS = ( all => [qw( blake2s_224 blake2s_224_hex blake2s_224_b64 blake2s_224_b64u blake2s_224_file blake2s_224_file_hex blake2s_224_file_b64 blake2s_224_file_b64u )] );
@@ -13,19 +13,17 @@ our @EXPORT = qw();
 
 use Carp;
 $Carp::Internal{(__PACKAGE__)}++;
-use CryptX;
+use Crypt::Digest;
 
-sub hashsize { Crypt::Digest::hashsize(__PACKAGE__) }
+sub hashsize                { Crypt::Digest::hashsize('BLAKE2s_224')             }
-
+sub blake2s_224             { Crypt::Digest::digest_data('BLAKE2s_224', @_)      }
-sub blake2s_224             { Crypt::Digest::digest_data(__PACKAGE__, @_) }
+sub blake2s_224_hex         { Crypt::Digest::digest_data_hex('BLAKE2s_224', @_)  }
-sub blake2s_224_hex         { Crypt::Digest::digest_data_hex(__PACKAGE__, @_) }
+sub blake2s_224_b64         { Crypt::Digest::digest_data_b64('BLAKE2s_224', @_)  }
-sub blake2s_224_b64         { Crypt::Digest::digest_data_b64(__PACKAGE__, @_) }
+sub blake2s_224_b64u        { Crypt::Digest::digest_data_b64u('BLAKE2s_224', @_) }
-sub blake2s_224_b64u        { Crypt::Digest::digest_data_b64u(__PACKAGE__, @_) }
+sub blake2s_224_file        { Crypt::Digest::digest_file('BLAKE2s_224', @_)      }
-
+sub blake2s_224_file_hex    { Crypt::Digest::digest_file_hex('BLAKE2s_224', @_)  }
-sub blake2s_224_file        { Crypt::Digest::digest_file(__PACKAGE__, @_) }
+sub blake2s_224_file_b64    { Crypt::Digest::digest_file_b64('BLAKE2s_224', @_)  }
-sub blake2s_224_file_hex    { Crypt::Digest::digest_file_hex(__PACKAGE__, @_) }
+sub blake2s_224_file_b64u   { Crypt::Digest::digest_file_b64u('BLAKE2s_224', @_) }
-sub blake2s_224_file_b64    { Crypt::Digest::digest_file_b64(__PACKAGE__, @_) }
-sub blake2s_224_file_b64u   { Crypt::Digest::digest_file_b64u(__PACKAGE__, @_) }
 
 1;
 
@@ -216,14 +214,12 @@ The OO interface provides the same set of functions as L<Crypt::Digest>.
 
 =over
 
-=item * L<CryptX|CryptX>, L<Crypt::Digest|Crypt::Digest>
+=item * L<CryptX|CryptX>, L<Crypt::Digest>
 
-=item * L<https://blake2.net/|https://blake2.net/>
+=item * L<https://blake2.net/>
 
-=item * L<https://tools.ietf.org/html/rfc7693|https://tools.ietf.org/html/rfc7693>
+=item * L<https://tools.ietf.org/html/rfc7693>
 
 =back
 
 =cut
-
-__END__

lib/Crypt/Digest/BLAKE2s_256.pm

@@ -4,7 +4,7 @@ package Crypt::Digest::BLAKE2s_256;
 
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
 
 use base qw(Crypt::Digest Exporter);
 our %EXPORT_TAGS = ( all => [qw( blake2s_256 blake2s_256_hex blake2s_256_b64 blake2s_256_b64u blake2s_256_file blake2s_256_file_hex blake2s_256_file_b64 blake2s_256_file_b64u )] );
@@ -13,19 +13,17 @@ our @EXPORT = qw();
 
 use Carp;
 $Carp::Internal{(__PACKAGE__)}++;
-use CryptX;
+use Crypt::Digest;
 
-sub hashsize { Crypt::Digest::hashsize(__PACKAGE__) }
+sub hashsize                { Crypt::Digest::hashsize('BLAKE2s_256')             }
-
+sub blake2s_256             { Crypt::Digest::digest_data('BLAKE2s_256', @_)      }
-sub blake2s_256             { Crypt::Digest::digest_data(__PACKAGE__, @_) }
+sub blake2s_256_hex         { Crypt::Digest::digest_data_hex('BLAKE2s_256', @_)  }
-sub blake2s_256_hex         { Crypt::Digest::digest_data_hex(__PACKAGE__, @_) }
+sub blake2s_256_b64         { Crypt::Digest::digest_data_b64('BLAKE2s_256', @_)  }
-sub blake2s_256_b64         { Crypt::Digest::digest_data_b64(__PACKAGE__, @_) }
+sub blake2s_256_b64u        { Crypt::Digest::digest_data_b64u('BLAKE2s_256', @_) }
-sub blake2s_256_b64u        { Crypt::Digest::digest_data_b64u(__PACKAGE__, @_) }
+sub blake2s_256_file        { Crypt::Digest::digest_file('BLAKE2s_256', @_)      }
-
+sub blake2s_256_file_hex    { Crypt::Digest::digest_file_hex('BLAKE2s_256', @_)  }
-sub blake2s_256_file        { Crypt::Digest::digest_file(__PACKAGE__, @_) }
+sub blake2s_256_file_b64    { Crypt::Digest::digest_file_b64('BLAKE2s_256', @_)  }
-sub blake2s_256_file_hex    { Crypt::Digest::digest_file_hex(__PACKAGE__, @_) }
+sub blake2s_256_file_b64u   { Crypt::Digest::digest_file_b64u('BLAKE2s_256', @_) }
-sub blake2s_256_file_b64    { Crypt::Digest::digest_file_b64(__PACKAGE__, @_) }
-sub blake2s_256_file_b64u   { Crypt::Digest::digest_file_b64u(__PACKAGE__, @_) }
 
 1;
 
@@ -216,14 +214,12 @@ The OO interface provides the same set of functions as L<Crypt::Digest>.
 
 =over
 
-=item * L<CryptX|CryptX>, L<Crypt::Digest|Crypt::Digest>
+=item * L<CryptX|CryptX>, L<Crypt::Digest>
 
-=item * L<https://blake2.net/|https://blake2.net/>
+=item * L<https://blake2.net/>
 
-=item * L<https://tools.ietf.org/html/rfc7693|https://tools.ietf.org/html/rfc7693>
+=item * L<https://tools.ietf.org/html/rfc7693>
 
 =back
 
 =cut
-
-__END__

lib/Crypt/Digest/CHAES.pm

@@ -4,7 +4,7 @@ package Crypt::Digest::CHAES;
 
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
 
 use base qw(Crypt::Digest Exporter);
 our %EXPORT_TAGS = ( all => [qw( chaes chaes_hex chaes_b64 chaes_b64u chaes_file chaes_file_hex chaes_file_b64 chaes_file_b64u )] );
@@ -13,19 +13,17 @@ our @EXPORT = qw();
 
 use Carp;
 $Carp::Internal{(__PACKAGE__)}++;
-use CryptX;
+use Crypt::Digest;
 
-sub hashsize { Crypt::Digest::hashsize(__PACKAGE__) }
+sub hashsize                { Crypt::Digest::hashsize('CHAES')             }
-
+sub chaes             { Crypt::Digest::digest_data('CHAES', @_)      }
-sub chaes             { Crypt::Digest::digest_data(__PACKAGE__, @_) }
+sub chaes_hex         { Crypt::Digest::digest_data_hex('CHAES', @_)  }
-sub chaes_hex         { Crypt::Digest::digest_data_hex(__PACKAGE__, @_) }
+sub chaes_b64         { Crypt::Digest::digest_data_b64('CHAES', @_)  }
-sub chaes_b64         { Crypt::Digest::digest_data_b64(__PACKAGE__, @_) }
+sub chaes_b64u        { Crypt::Digest::digest_data_b64u('CHAES', @_) }
-sub chaes_b64u        { Crypt::Digest::digest_data_b64u(__PACKAGE__, @_) }
+sub chaes_file        { Crypt::Digest::digest_file('CHAES', @_)      }
-
+sub chaes_file_hex    { Crypt::Digest::digest_file_hex('CHAES', @_)  }
-sub chaes_file        { Crypt::Digest::digest_file(__PACKAGE__, @_) }
+sub chaes_file_b64    { Crypt::Digest::digest_file_b64('CHAES', @_)  }
-sub chaes_file_hex    { Crypt::Digest::digest_file_hex(__PACKAGE__, @_) }
+sub chaes_file_b64u   { Crypt::Digest::digest_file_b64u('CHAES', @_) }
-sub chaes_file_b64    { Crypt::Digest::digest_file_b64(__PACKAGE__, @_) }
-sub chaes_file_b64u   { Crypt::Digest::digest_file_b64u(__PACKAGE__, @_) }
 
 1;
 
@@ -216,12 +214,10 @@ The OO interface provides the same set of functions as L<Crypt::Digest>.
 
 =over
 
-=item * L<CryptX|CryptX>, L<Crypt::Digest|Crypt::Digest>
+=item * L<CryptX|CryptX>, L<Crypt::Digest>
 
-=item * L<http://en.wikipedia.org/wiki/Cryptographic_hash_function#Hash_functions_based_on_block_ciphers|http://en.wikipedia.org/wiki/Cryptographic_hash_function#Hash_functions_based_on_block_ciphers>
+=item * L<https://en.wikipedia.org/wiki/Cryptographic_hash_function#Hash_functions_based_on_block_ciphers>
 
 =back
 
 =cut
-
-__END__

lib/Crypt/Digest/Keccak224.pm

@@ -0,0 +1,223 @@
+package Crypt::Digest::Keccak224;
+
+### BEWARE - GENERATED FILE, DO NOT EDIT MANUALLY!
+
+use strict;
+use warnings;
+our $VERSION = '0.058_002';
+
+use base qw(Crypt::Digest Exporter);
+our %EXPORT_TAGS = ( all => [qw( keccak224 keccak224_hex keccak224_b64 keccak224_b64u keccak224_file keccak224_file_hex keccak224_file_b64 keccak224_file_b64u )] );
+our @EXPORT_OK = ( @{ $EXPORT_TAGS{'all'} } );
+our @EXPORT = qw();
+
+use Carp;
+$Carp::Internal{(__PACKAGE__)}++;
+use Crypt::Digest;
+
+sub hashsize                { Crypt::Digest::hashsize('Keccak224')             }
+sub keccak224             { Crypt::Digest::digest_data('Keccak224', @_)      }
+sub keccak224_hex         { Crypt::Digest::digest_data_hex('Keccak224', @_)  }
+sub keccak224_b64         { Crypt::Digest::digest_data_b64('Keccak224', @_)  }
+sub keccak224_b64u        { Crypt::Digest::digest_data_b64u('Keccak224', @_) }
+sub keccak224_file        { Crypt::Digest::digest_file('Keccak224', @_)      }
+sub keccak224_file_hex    { Crypt::Digest::digest_file_hex('Keccak224', @_)  }
+sub keccak224_file_b64    { Crypt::Digest::digest_file_b64('Keccak224', @_)  }
+sub keccak224_file_b64u   { Crypt::Digest::digest_file_b64u('Keccak224', @_) }
+
+1;
+
+=pod
+
+=head1 NAME
+
+Crypt::Digest::Keccak224 - Hash function Keccak-224 [size: 224 bits]
+
+=head1 SYNOPSIS
+
+   ### Functional interface:
+   use Crypt::Digest::Keccak224 qw( keccak224 keccak224_hex keccak224_b64 keccak224_b64u
+                                keccak224_file keccak224_file_hex keccak224_file_b64 keccak224_file_b64u );
+
+   # calculate digest from string/buffer
+   $keccak224_raw  = keccak224('data string');
+   $keccak224_hex  = keccak224_hex('data string');
+   $keccak224_b64  = keccak224_b64('data string');
+   $keccak224_b64u = keccak224_b64u('data string');
+   # calculate digest from file
+   $keccak224_raw  = keccak224_file('filename.dat');
+   $keccak224_hex  = keccak224_file_hex('filename.dat');
+   $keccak224_b64  = keccak224_file_b64('filename.dat');
+   $keccak224_b64u = keccak224_file_b64u('filename.dat');
+   # calculate digest from filehandle
+   $keccak224_raw  = keccak224_file(*FILEHANDLE);
+   $keccak224_hex  = keccak224_file_hex(*FILEHANDLE);
+   $keccak224_b64  = keccak224_file_b64(*FILEHANDLE);
+   $keccak224_b64u = keccak224_file_b64u(*FILEHANDLE);
+
+   ### OO interface:
+   use Crypt::Digest::Keccak224;
+
+   $d = Crypt::Digest::Keccak224->new;
+   $d->add('any data');
+   $d->addfile('filename.dat');
+   $d->addfile(*FILEHANDLE);
+   $result_raw  = $d->digest;     # raw bytes
+   $result_hex  = $d->hexdigest;  # hexadecimal form
+   $result_b64  = $d->b64digest;  # Base64 form
+   $result_b64u = $d->b64udigest; # Base64 URL Safe form
+
+=head1 DESCRIPTION
+
+Provides an interface to the Keccak224 digest algorithm.
+
+=head1 EXPORT
+
+Nothing is exported by default.
+
+You can export selected functions:
+
+  use Crypt::Digest::Keccak224 qw(keccak224 keccak224_hex keccak224_b64 keccak224_b64u
+                                      keccak224_file keccak224_file_hex keccak224_file_b64 keccak224_file_b64u);
+
+Or all of them at once:
+
+  use Crypt::Digest::Keccak224 ':all';
+
+=head1 FUNCTIONS
+
+=head2 keccak224
+
+Logically joins all arguments into a single string, and returns its Keccak224 digest encoded as a binary string.
+
+ $keccak224_raw = keccak224('data string');
+ #or
+ $keccak224_raw = keccak224('any data', 'more data', 'even more data');
+
+=head2 keccak224_hex
+
+Logically joins all arguments into a single string, and returns its Keccak224 digest encoded as a hexadecimal string.
+
+ $keccak224_hex = keccak224_hex('data string');
+ #or
+ $keccak224_hex = keccak224_hex('any data', 'more data', 'even more data');
+
+=head2 keccak224_b64
+
+Logically joins all arguments into a single string, and returns its Keccak224 digest encoded as a Base64 string, B<with> trailing '=' padding.
+
+ $keccak224_b64 = keccak224_b64('data string');
+ #or
+ $keccak224_b64 = keccak224_b64('any data', 'more data', 'even more data');
+
+=head2 keccak224_b64u
+
+Logically joins all arguments into a single string, and returns its Keccak224 digest encoded as a Base64 URL Safe string (see RFC 4648 section 5).
+
+ $keccak224_b64url = keccak224_b64u('data string');
+ #or
+ $keccak224_b64url = keccak224_b64u('any data', 'more data', 'even more data');
+
+=head2 keccak224_file
+
+Reads file (defined by filename or filehandle) content, and returns its Keccak224 digest encoded as a binary string.
+
+ $keccak224_raw = keccak224_file('filename.dat');
+ #or
+ $keccak224_raw = keccak224_file(*FILEHANDLE);
+
+=head2 keccak224_file_hex
+
+Reads file (defined by filename or filehandle) content, and returns its Keccak224 digest encoded as a hexadecimal string.
+
+ $keccak224_hex = keccak224_file_hex('filename.dat');
+ #or
+ $keccak224_hex = keccak224_file_hex(*FILEHANDLE);
+
+B<BEWARE:> You have to make sure that the filehandle is in binary mode before you pass it as argument to the addfile() method.
+
+=head2 keccak224_file_b64
+
+Reads file (defined by filename or filehandle) content, and returns its Keccak224 digest encoded as a Base64 string, B<with> trailing '=' padding.
+
+ $keccak224_b64 = keccak224_file_b64('filename.dat');
+ #or
+ $keccak224_b64 = keccak224_file_b64(*FILEHANDLE);
+
+=head2 keccak224_file_b64u
+
+Reads file (defined by filename or filehandle) content, and returns its Keccak224 digest encoded as a Base64 URL Safe string (see RFC 4648 section 5).
+
+ $keccak224_b64url = keccak224_file_b64u('filename.dat');
+ #or
+ $keccak224_b64url = keccak224_file_b64u(*FILEHANDLE);
+
+=head1 METHODS
+
+The OO interface provides the same set of functions as L<Crypt::Digest>.
+
+=head2 new
+
+ $d = Crypt::Digest::Keccak224->new();
+
+=head2 clone
+
+ $d->clone();
+
+=head2 reset
+
+ $d->reset();
+
+=head2 add
+
+ $d->add('any data');
+ #or
+ $d->add('any data', 'more data', 'even more data');
+
+=head2 addfile
+
+ $d->addfile('filename.dat');
+ #or
+ $d->addfile(*FILEHANDLE);
+
+=head2 add_bits
+
+ $d->add_bits($bit_string);   # e.g. $d->add_bits("111100001010");
+ #or
+ $d->add_bits($data, $nbits); # e.g. $d->add_bits("\xF0\xA0", 16);
+
+=head2 hashsize
+
+ $d->hashsize;
+ #or
+ Crypt::Digest::Keccak224->hashsize();
+ #or
+ Crypt::Digest::Keccak224::hashsize();
+
+=head2 digest
+
+ $result_raw = $d->digest();
+
+=head2 hexdigest
+
+ $result_hex = $d->hexdigest();
+
+=head2 b64digest
+
+ $result_b64 = $d->b64digest();
+
+=head2 b64udigest
+
+ $result_b64url = $d->b64udigest();
+
+=head1 SEE ALSO
+
+=over
+
+=item * L<CryptX|CryptX>, L<Crypt::Digest>
+
+=item * L<https://keccak.team/index.html>
+
+=back
+
+=cut

lib/Crypt/Digest/Keccak256.pm

@@ -0,0 +1,223 @@
+package Crypt::Digest::Keccak256;
+
+### BEWARE - GENERATED FILE, DO NOT EDIT MANUALLY!
+
+use strict;
+use warnings;
+our $VERSION = '0.058_002';
+
+use base qw(Crypt::Digest Exporter);
+our %EXPORT_TAGS = ( all => [qw( keccak256 keccak256_hex keccak256_b64 keccak256_b64u keccak256_file keccak256_file_hex keccak256_file_b64 keccak256_file_b64u )] );
+our @EXPORT_OK = ( @{ $EXPORT_TAGS{'all'} } );
+our @EXPORT = qw();
+
+use Carp;
+$Carp::Internal{(__PACKAGE__)}++;
+use Crypt::Digest;
+
+sub hashsize                { Crypt::Digest::hashsize('Keccak256')             }
+sub keccak256             { Crypt::Digest::digest_data('Keccak256', @_)      }
+sub keccak256_hex         { Crypt::Digest::digest_data_hex('Keccak256', @_)  }
+sub keccak256_b64         { Crypt::Digest::digest_data_b64('Keccak256', @_)  }
+sub keccak256_b64u        { Crypt::Digest::digest_data_b64u('Keccak256', @_) }
+sub keccak256_file        { Crypt::Digest::digest_file('Keccak256', @_)      }
+sub keccak256_file_hex    { Crypt::Digest::digest_file_hex('Keccak256', @_)  }
+sub keccak256_file_b64    { Crypt::Digest::digest_file_b64('Keccak256', @_)  }
+sub keccak256_file_b64u   { Crypt::Digest::digest_file_b64u('Keccak256', @_) }
+
+1;
+
+=pod
+
+=head1 NAME
+
+Crypt::Digest::Keccak256 - Hash function Keccak-256 [size: 256 bits]
+
+=head1 SYNOPSIS
+
+   ### Functional interface:
+   use Crypt::Digest::Keccak256 qw( keccak256 keccak256_hex keccak256_b64 keccak256_b64u
+                                keccak256_file keccak256_file_hex keccak256_file_b64 keccak256_file_b64u );
+
+   # calculate digest from string/buffer
+   $keccak256_raw  = keccak256('data string');
+   $keccak256_hex  = keccak256_hex('data string');
+   $keccak256_b64  = keccak256_b64('data string');
+   $keccak256_b64u = keccak256_b64u('data string');
+   # calculate digest from file
+   $keccak256_raw  = keccak256_file('filename.dat');
+   $keccak256_hex  = keccak256_file_hex('filename.dat');
+   $keccak256_b64  = keccak256_file_b64('filename.dat');
+   $keccak256_b64u = keccak256_file_b64u('filename.dat');
+   # calculate digest from filehandle
+   $keccak256_raw  = keccak256_file(*FILEHANDLE);
+   $keccak256_hex  = keccak256_file_hex(*FILEHANDLE);
+   $keccak256_b64  = keccak256_file_b64(*FILEHANDLE);
+   $keccak256_b64u = keccak256_file_b64u(*FILEHANDLE);
+
+   ### OO interface:
+   use Crypt::Digest::Keccak256;
+
+   $d = Crypt::Digest::Keccak256->new;
+   $d->add('any data');
+   $d->addfile('filename.dat');
+   $d->addfile(*FILEHANDLE);
+   $result_raw  = $d->digest;     # raw bytes
+   $result_hex  = $d->hexdigest;  # hexadecimal form
+   $result_b64  = $d->b64digest;  # Base64 form
+   $result_b64u = $d->b64udigest; # Base64 URL Safe form
+
+=head1 DESCRIPTION
+
+Provides an interface to the Keccak256 digest algorithm.
+
+=head1 EXPORT
+
+Nothing is exported by default.
+
+You can export selected functions:
+
+  use Crypt::Digest::Keccak256 qw(keccak256 keccak256_hex keccak256_b64 keccak256_b64u
+                                      keccak256_file keccak256_file_hex keccak256_file_b64 keccak256_file_b64u);
+
+Or all of them at once:
+
+  use Crypt::Digest::Keccak256 ':all';
+
+=head1 FUNCTIONS
+
+=head2 keccak256
+
+Logically joins all arguments into a single string, and returns its Keccak256 digest encoded as a binary string.
+
+ $keccak256_raw = keccak256('data string');
+ #or
+ $keccak256_raw = keccak256('any data', 'more data', 'even more data');
+
+=head2 keccak256_hex
+
+Logically joins all arguments into a single string, and returns its Keccak256 digest encoded as a hexadecimal string.
+
+ $keccak256_hex = keccak256_hex('data string');
+ #or
+ $keccak256_hex = keccak256_hex('any data', 'more data', 'even more data');
+
+=head2 keccak256_b64
+
+Logically joins all arguments into a single string, and returns its Keccak256 digest encoded as a Base64 string, B<with> trailing '=' padding.
+
+ $keccak256_b64 = keccak256_b64('data string');
+ #or
+ $keccak256_b64 = keccak256_b64('any data', 'more data', 'even more data');
+
+=head2 keccak256_b64u
+
+Logically joins all arguments into a single string, and returns its Keccak256 digest encoded as a Base64 URL Safe string (see RFC 4648 section 5).
+
+ $keccak256_b64url = keccak256_b64u('data string');
+ #or
+ $keccak256_b64url = keccak256_b64u('any data', 'more data', 'even more data');
+
+=head2 keccak256_file
+
+Reads file (defined by filename or filehandle) content, and returns its Keccak256 digest encoded as a binary string.
+
+ $keccak256_raw = keccak256_file('filename.dat');
+ #or
+ $keccak256_raw = keccak256_file(*FILEHANDLE);
+
+=head2 keccak256_file_hex
+
+Reads file (defined by filename or filehandle) content, and returns its Keccak256 digest encoded as a hexadecimal string.
+
+ $keccak256_hex = keccak256_file_hex('filename.dat');
+ #or
+ $keccak256_hex = keccak256_file_hex(*FILEHANDLE);
+
+B<BEWARE:> You have to make sure that the filehandle is in binary mode before you pass it as argument to the addfile() method.
+
+=head2 keccak256_file_b64
+
+Reads file (defined by filename or filehandle) content, and returns its Keccak256 digest encoded as a Base64 string, B<with> trailing '=' padding.
+
+ $keccak256_b64 = keccak256_file_b64('filename.dat');
+ #or
+ $keccak256_b64 = keccak256_file_b64(*FILEHANDLE);
+
+=head2 keccak256_file_b64u
+
+Reads file (defined by filename or filehandle) content, and returns its Keccak256 digest encoded as a Base64 URL Safe string (see RFC 4648 section 5).
+
+ $keccak256_b64url = keccak256_file_b64u('filename.dat');
+ #or
+ $keccak256_b64url = keccak256_file_b64u(*FILEHANDLE);
+
+=head1 METHODS
+
+The OO interface provides the same set of functions as L<Crypt::Digest>.
+
+=head2 new
+
+ $d = Crypt::Digest::Keccak256->new();
+
+=head2 clone
+
+ $d->clone();
+
+=head2 reset
+
+ $d->reset();
+
+=head2 add
+
+ $d->add('any data');
+ #or
+ $d->add('any data', 'more data', 'even more data');
+
+=head2 addfile
+
+ $d->addfile('filename.dat');
+ #or
+ $d->addfile(*FILEHANDLE);
+
+=head2 add_bits
+
+ $d->add_bits($bit_string);   # e.g. $d->add_bits("111100001010");
+ #or
+ $d->add_bits($data, $nbits); # e.g. $d->add_bits("\xF0\xA0", 16);
+
+=head2 hashsize
+
+ $d->hashsize;
+ #or
+ Crypt::Digest::Keccak256->hashsize();
+ #or
+ Crypt::Digest::Keccak256::hashsize();
+
+=head2 digest
+
+ $result_raw = $d->digest();
+
+=head2 hexdigest
+
+ $result_hex = $d->hexdigest();
+
+=head2 b64digest
+
+ $result_b64 = $d->b64digest();
+
+=head2 b64udigest
+
+ $result_b64url = $d->b64udigest();
+
+=head1 SEE ALSO
+
+=over
+
+=item * L<CryptX|CryptX>, L<Crypt::Digest>
+
+=item * L<https://keccak.team/index.html>
+
+=back
+
+=cut

lib/Crypt/Digest/Keccak384.pm

@@ -0,0 +1,223 @@
+package Crypt::Digest::Keccak384;
+
+### BEWARE - GENERATED FILE, DO NOT EDIT MANUALLY!
+
+use strict;
+use warnings;
+our $VERSION = '0.058_002';
+
+use base qw(Crypt::Digest Exporter);
+our %EXPORT_TAGS = ( all => [qw( keccak384 keccak384_hex keccak384_b64 keccak384_b64u keccak384_file keccak384_file_hex keccak384_file_b64 keccak384_file_b64u )] );
+our @EXPORT_OK = ( @{ $EXPORT_TAGS{'all'} } );
+our @EXPORT = qw();
+
+use Carp;
+$Carp::Internal{(__PACKAGE__)}++;
+use Crypt::Digest;
+
+sub hashsize                { Crypt::Digest::hashsize('Keccak384')             }
+sub keccak384             { Crypt::Digest::digest_data('Keccak384', @_)      }
+sub keccak384_hex         { Crypt::Digest::digest_data_hex('Keccak384', @_)  }
+sub keccak384_b64         { Crypt::Digest::digest_data_b64('Keccak384', @_)  }
+sub keccak384_b64u        { Crypt::Digest::digest_data_b64u('Keccak384', @_) }
+sub keccak384_file        { Crypt::Digest::digest_file('Keccak384', @_)      }
+sub keccak384_file_hex    { Crypt::Digest::digest_file_hex('Keccak384', @_)  }
+sub keccak384_file_b64    { Crypt::Digest::digest_file_b64('Keccak384', @_)  }
+sub keccak384_file_b64u   { Crypt::Digest::digest_file_b64u('Keccak384', @_) }
+
+1;
+
+=pod
+
+=head1 NAME
+
+Crypt::Digest::Keccak384 - Hash function Keccak-384 [size: 384 bits]
+
+=head1 SYNOPSIS
+
+   ### Functional interface:
+   use Crypt::Digest::Keccak384 qw( keccak384 keccak384_hex keccak384_b64 keccak384_b64u
+                                keccak384_file keccak384_file_hex keccak384_file_b64 keccak384_file_b64u );
+
+   # calculate digest from string/buffer
+   $keccak384_raw  = keccak384('data string');
+   $keccak384_hex  = keccak384_hex('data string');
+   $keccak384_b64  = keccak384_b64('data string');
+   $keccak384_b64u = keccak384_b64u('data string');
+   # calculate digest from file
+   $keccak384_raw  = keccak384_file('filename.dat');
+   $keccak384_hex  = keccak384_file_hex('filename.dat');
+   $keccak384_b64  = keccak384_file_b64('filename.dat');
+   $keccak384_b64u = keccak384_file_b64u('filename.dat');
+   # calculate digest from filehandle
+   $keccak384_raw  = keccak384_file(*FILEHANDLE);
+   $keccak384_hex  = keccak384_file_hex(*FILEHANDLE);
+   $keccak384_b64  = keccak384_file_b64(*FILEHANDLE);
+   $keccak384_b64u = keccak384_file_b64u(*FILEHANDLE);
+
+   ### OO interface:
+   use Crypt::Digest::Keccak384;
+
+   $d = Crypt::Digest::Keccak384->new;
+   $d->add('any data');
+   $d->addfile('filename.dat');
+   $d->addfile(*FILEHANDLE);
+   $result_raw  = $d->digest;     # raw bytes
+   $result_hex  = $d->hexdigest;  # hexadecimal form
+   $result_b64  = $d->b64digest;  # Base64 form
+   $result_b64u = $d->b64udigest; # Base64 URL Safe form
+
+=head1 DESCRIPTION
+
+Provides an interface to the Keccak384 digest algorithm.
+
+=head1 EXPORT
+
+Nothing is exported by default.
+
+You can export selected functions:
+
+  use Crypt::Digest::Keccak384 qw(keccak384 keccak384_hex keccak384_b64 keccak384_b64u
+                                      keccak384_file keccak384_file_hex keccak384_file_b64 keccak384_file_b64u);
+
+Or all of them at once:
+
+  use Crypt::Digest::Keccak384 ':all';
+
+=head1 FUNCTIONS
+
+=head2 keccak384
+
+Logically joins all arguments into a single string, and returns its Keccak384 digest encoded as a binary string.
+
+ $keccak384_raw = keccak384('data string');
+ #or
+ $keccak384_raw = keccak384('any data', 'more data', 'even more data');
+
+=head2 keccak384_hex
+
+Logically joins all arguments into a single string, and returns its Keccak384 digest encoded as a hexadecimal string.
+
+ $keccak384_hex = keccak384_hex('data string');
+ #or
+ $keccak384_hex = keccak384_hex('any data', 'more data', 'even more data');
+
+=head2 keccak384_b64
+
+Logically joins all arguments into a single string, and returns its Keccak384 digest encoded as a Base64 string, B<with> trailing '=' padding.
+
+ $keccak384_b64 = keccak384_b64('data string');
+ #or
+ $keccak384_b64 = keccak384_b64('any data', 'more data', 'even more data');
+
+=head2 keccak384_b64u
+
+Logically joins all arguments into a single string, and returns its Keccak384 digest encoded as a Base64 URL Safe string (see RFC 4648 section 5).
+
+ $keccak384_b64url = keccak384_b64u('data string');
+ #or
+ $keccak384_b64url = keccak384_b64u('any data', 'more data', 'even more data');
+
+=head2 keccak384_file
+
+Reads file (defined by filename or filehandle) content, and returns its Keccak384 digest encoded as a binary string.
+
+ $keccak384_raw = keccak384_file('filename.dat');
+ #or
+ $keccak384_raw = keccak384_file(*FILEHANDLE);
+
+=head2 keccak384_file_hex
+
+Reads file (defined by filename or filehandle) content, and returns its Keccak384 digest encoded as a hexadecimal string.
+
+ $keccak384_hex = keccak384_file_hex('filename.dat');
+ #or
+ $keccak384_hex = keccak384_file_hex(*FILEHANDLE);
+
+B<BEWARE:> You have to make sure that the filehandle is in binary mode before you pass it as argument to the addfile() method.
+
+=head2 keccak384_file_b64
+
+Reads file (defined by filename or filehandle) content, and returns its Keccak384 digest encoded as a Base64 string, B<with> trailing '=' padding.
+
+ $keccak384_b64 = keccak384_file_b64('filename.dat');
+ #or
+ $keccak384_b64 = keccak384_file_b64(*FILEHANDLE);
+
+=head2 keccak384_file_b64u
+
+Reads file (defined by filename or filehandle) content, and returns its Keccak384 digest encoded as a Base64 URL Safe string (see RFC 4648 section 5).
+
+ $keccak384_b64url = keccak384_file_b64u('filename.dat');
+ #or
+ $keccak384_b64url = keccak384_file_b64u(*FILEHANDLE);
+
+=head1 METHODS
+
+The OO interface provides the same set of functions as L<Crypt::Digest>.
+
+=head2 new
+
+ $d = Crypt::Digest::Keccak384->new();
+
+=head2 clone
+
+ $d->clone();
+
+=head2 reset
+
+ $d->reset();
+
+=head2 add
+
+ $d->add('any data');
+ #or
+ $d->add('any data', 'more data', 'even more data');
+
+=head2 addfile
+
+ $d->addfile('filename.dat');
+ #or
+ $d->addfile(*FILEHANDLE);
+
+=head2 add_bits
+
+ $d->add_bits($bit_string);   # e.g. $d->add_bits("111100001010");
+ #or
+ $d->add_bits($data, $nbits); # e.g. $d->add_bits("\xF0\xA0", 16);
+
+=head2 hashsize
+
+ $d->hashsize;
+ #or
+ Crypt::Digest::Keccak384->hashsize();
+ #or
+ Crypt::Digest::Keccak384::hashsize();
+
+=head2 digest
+
+ $result_raw = $d->digest();
+
+=head2 hexdigest
+
+ $result_hex = $d->hexdigest();
+
+=head2 b64digest
+
+ $result_b64 = $d->b64digest();
+
+=head2 b64udigest
+
+ $result_b64url = $d->b64udigest();
+
+=head1 SEE ALSO
+
+=over
+
+=item * L<CryptX|CryptX>, L<Crypt::Digest>
+
+=item * L<https://keccak.team/index.html>
+
+=back
+
+=cut

lib/Crypt/Digest/Keccak512.pm

@@ -0,0 +1,223 @@
+package Crypt::Digest::Keccak512;
+
+### BEWARE - GENERATED FILE, DO NOT EDIT MANUALLY!
+
+use strict;
+use warnings;
+our $VERSION = '0.058_002';
+
+use base qw(Crypt::Digest Exporter);
+our %EXPORT_TAGS = ( all => [qw( keccak512 keccak512_hex keccak512_b64 keccak512_b64u keccak512_file keccak512_file_hex keccak512_file_b64 keccak512_file_b64u )] );
+our @EXPORT_OK = ( @{ $EXPORT_TAGS{'all'} } );
+our @EXPORT = qw();
+
+use Carp;
+$Carp::Internal{(__PACKAGE__)}++;
+use Crypt::Digest;
+
+sub hashsize                { Crypt::Digest::hashsize('Keccak512')             }
+sub keccak512             { Crypt::Digest::digest_data('Keccak512', @_)      }
+sub keccak512_hex         { Crypt::Digest::digest_data_hex('Keccak512', @_)  }
+sub keccak512_b64         { Crypt::Digest::digest_data_b64('Keccak512', @_)  }
+sub keccak512_b64u        { Crypt::Digest::digest_data_b64u('Keccak512', @_) }
+sub keccak512_file        { Crypt::Digest::digest_file('Keccak512', @_)      }
+sub keccak512_file_hex    { Crypt::Digest::digest_file_hex('Keccak512', @_)  }
+sub keccak512_file_b64    { Crypt::Digest::digest_file_b64('Keccak512', @_)  }
+sub keccak512_file_b64u   { Crypt::Digest::digest_file_b64u('Keccak512', @_) }
+
+1;
+
+=pod
+
+=head1 NAME
+
+Crypt::Digest::Keccak512 - Hash function Keccak-512 [size: 512 bits]
+
+=head1 SYNOPSIS
+
+   ### Functional interface:
+   use Crypt::Digest::Keccak512 qw( keccak512 keccak512_hex keccak512_b64 keccak512_b64u
+                                keccak512_file keccak512_file_hex keccak512_file_b64 keccak512_file_b64u );
+
+   # calculate digest from string/buffer
+   $keccak512_raw  = keccak512('data string');
+   $keccak512_hex  = keccak512_hex('data string');
+   $keccak512_b64  = keccak512_b64('data string');
+   $keccak512_b64u = keccak512_b64u('data string');
+   # calculate digest from file
+   $keccak512_raw  = keccak512_file('filename.dat');
+   $keccak512_hex  = keccak512_file_hex('filename.dat');
+   $keccak512_b64  = keccak512_file_b64('filename.dat');
+   $keccak512_b64u = keccak512_file_b64u('filename.dat');
+   # calculate digest from filehandle
+   $keccak512_raw  = keccak512_file(*FILEHANDLE);
+   $keccak512_hex  = keccak512_file_hex(*FILEHANDLE);
+   $keccak512_b64  = keccak512_file_b64(*FILEHANDLE);
+   $keccak512_b64u = keccak512_file_b64u(*FILEHANDLE);
+
+   ### OO interface:
+   use Crypt::Digest::Keccak512;
+
+   $d = Crypt::Digest::Keccak512->new;
+   $d->add('any data');
+   $d->addfile('filename.dat');
+   $d->addfile(*FILEHANDLE);
+   $result_raw  = $d->digest;     # raw bytes
+   $result_hex  = $d->hexdigest;  # hexadecimal form
+   $result_b64  = $d->b64digest;  # Base64 form
+   $result_b64u = $d->b64udigest; # Base64 URL Safe form
+
+=head1 DESCRIPTION
+
+Provides an interface to the Keccak512 digest algorithm.
+
+=head1 EXPORT
+
+Nothing is exported by default.
+
+You can export selected functions:
+
+  use Crypt::Digest::Keccak512 qw(keccak512 keccak512_hex keccak512_b64 keccak512_b64u
+                                      keccak512_file keccak512_file_hex keccak512_file_b64 keccak512_file_b64u);
+
+Or all of them at once:
+
+  use Crypt::Digest::Keccak512 ':all';
+
+=head1 FUNCTIONS
+
+=head2 keccak512
+
+Logically joins all arguments into a single string, and returns its Keccak512 digest encoded as a binary string.
+
+ $keccak512_raw = keccak512('data string');
+ #or
+ $keccak512_raw = keccak512('any data', 'more data', 'even more data');
+
+=head2 keccak512_hex
+
+Logically joins all arguments into a single string, and returns its Keccak512 digest encoded as a hexadecimal string.
+
+ $keccak512_hex = keccak512_hex('data string');
+ #or
+ $keccak512_hex = keccak512_hex('any data', 'more data', 'even more data');
+
+=head2 keccak512_b64
+
+Logically joins all arguments into a single string, and returns its Keccak512 digest encoded as a Base64 string, B<with> trailing '=' padding.
+
+ $keccak512_b64 = keccak512_b64('data string');
+ #or
+ $keccak512_b64 = keccak512_b64('any data', 'more data', 'even more data');
+
+=head2 keccak512_b64u
+
+Logically joins all arguments into a single string, and returns its Keccak512 digest encoded as a Base64 URL Safe string (see RFC 4648 section 5).
+
+ $keccak512_b64url = keccak512_b64u('data string');
+ #or
+ $keccak512_b64url = keccak512_b64u('any data', 'more data', 'even more data');
+
+=head2 keccak512_file
+
+Reads file (defined by filename or filehandle) content, and returns its Keccak512 digest encoded as a binary string.
+
+ $keccak512_raw = keccak512_file('filename.dat');
+ #or
+ $keccak512_raw = keccak512_file(*FILEHANDLE);
+
+=head2 keccak512_file_hex
+
+Reads file (defined by filename or filehandle) content, and returns its Keccak512 digest encoded as a hexadecimal string.
+
+ $keccak512_hex = keccak512_file_hex('filename.dat');
+ #or
+ $keccak512_hex = keccak512_file_hex(*FILEHANDLE);
+
+B<BEWARE:> You have to make sure that the filehandle is in binary mode before you pass it as argument to the addfile() method.
+
+=head2 keccak512_file_b64
+
+Reads file (defined by filename or filehandle) content, and returns its Keccak512 digest encoded as a Base64 string, B<with> trailing '=' padding.
+
+ $keccak512_b64 = keccak512_file_b64('filename.dat');
+ #or
+ $keccak512_b64 = keccak512_file_b64(*FILEHANDLE);
+
+=head2 keccak512_file_b64u
+
+Reads file (defined by filename or filehandle) content, and returns its Keccak512 digest encoded as a Base64 URL Safe string (see RFC 4648 section 5).
+
+ $keccak512_b64url = keccak512_file_b64u('filename.dat');
+ #or
+ $keccak512_b64url = keccak512_file_b64u(*FILEHANDLE);
+
+=head1 METHODS
+
+The OO interface provides the same set of functions as L<Crypt::Digest>.
+
+=head2 new
+
+ $d = Crypt::Digest::Keccak512->new();
+
+=head2 clone
+
+ $d->clone();
+
+=head2 reset
+
+ $d->reset();
+
+=head2 add
+
+ $d->add('any data');
+ #or
+ $d->add('any data', 'more data', 'even more data');
+
+=head2 addfile
+
+ $d->addfile('filename.dat');
+ #or
+ $d->addfile(*FILEHANDLE);
+
+=head2 add_bits
+
+ $d->add_bits($bit_string);   # e.g. $d->add_bits("111100001010");
+ #or
+ $d->add_bits($data, $nbits); # e.g. $d->add_bits("\xF0\xA0", 16);
+
+=head2 hashsize
+
+ $d->hashsize;
+ #or
+ Crypt::Digest::Keccak512->hashsize();
+ #or
+ Crypt::Digest::Keccak512::hashsize();
+
+=head2 digest
+
+ $result_raw = $d->digest();
+
+=head2 hexdigest
+
+ $result_hex = $d->hexdigest();
+
+=head2 b64digest
+
+ $result_b64 = $d->b64digest();
+
+=head2 b64udigest
+
+ $result_b64url = $d->b64udigest();
+
+=head1 SEE ALSO
+
+=over
+
+=item * L<CryptX|CryptX>, L<Crypt::Digest>
+
+=item * L<https://keccak.team/index.html>
+
+=back
+
+=cut

lib/Crypt/Digest/MD2.pm

@@ -4,7 +4,7 @@ package Crypt::Digest::MD2;
 
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
 
 use base qw(Crypt::Digest Exporter);
 our %EXPORT_TAGS = ( all => [qw( md2 md2_hex md2_b64 md2_b64u md2_file md2_file_hex md2_file_b64 md2_file_b64u )] );
@@ -13,19 +13,17 @@ our @EXPORT = qw();
 
 use Carp;
 $Carp::Internal{(__PACKAGE__)}++;
-use CryptX;
+use Crypt::Digest;
 
-sub hashsize { Crypt::Digest::hashsize(__PACKAGE__) }
+sub hashsize                { Crypt::Digest::hashsize('MD2')             }
-
+sub md2             { Crypt::Digest::digest_data('MD2', @_)      }
-sub md2             { Crypt::Digest::digest_data(__PACKAGE__, @_) }
+sub md2_hex         { Crypt::Digest::digest_data_hex('MD2', @_)  }
-sub md2_hex         { Crypt::Digest::digest_data_hex(__PACKAGE__, @_) }
+sub md2_b64         { Crypt::Digest::digest_data_b64('MD2', @_)  }
-sub md2_b64         { Crypt::Digest::digest_data_b64(__PACKAGE__, @_) }
+sub md2_b64u        { Crypt::Digest::digest_data_b64u('MD2', @_) }
-sub md2_b64u        { Crypt::Digest::digest_data_b64u(__PACKAGE__, @_) }
+sub md2_file        { Crypt::Digest::digest_file('MD2', @_)      }
-
+sub md2_file_hex    { Crypt::Digest::digest_file_hex('MD2', @_)  }
-sub md2_file        { Crypt::Digest::digest_file(__PACKAGE__, @_) }
+sub md2_file_b64    { Crypt::Digest::digest_file_b64('MD2', @_)  }
-sub md2_file_hex    { Crypt::Digest::digest_file_hex(__PACKAGE__, @_) }
+sub md2_file_b64u   { Crypt::Digest::digest_file_b64u('MD2', @_) }
-sub md2_file_b64    { Crypt::Digest::digest_file_b64(__PACKAGE__, @_) }
-sub md2_file_b64u   { Crypt::Digest::digest_file_b64u(__PACKAGE__, @_) }
 
 1;
 
@@ -216,12 +214,10 @@ The OO interface provides the same set of functions as L<Crypt::Digest>.
 
 =over
 
-=item * L<CryptX|CryptX>, L<Crypt::Digest|Crypt::Digest>
+=item * L<CryptX|CryptX>, L<Crypt::Digest>
 
-=item * L<http://en.wikipedia.org/wiki/MD2_(cryptography)|http://en.wikipedia.org/wiki/MD2_(cryptography)>
+=item * L<https://en.wikipedia.org/wiki/MD2_(cryptography)>
 
 =back
 
 =cut
-
-__END__

lib/Crypt/Digest/MD4.pm

@@ -4,7 +4,7 @@ package Crypt::Digest::MD4;
 
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
 
 use base qw(Crypt::Digest Exporter);
 our %EXPORT_TAGS = ( all => [qw( md4 md4_hex md4_b64 md4_b64u md4_file md4_file_hex md4_file_b64 md4_file_b64u )] );
@@ -13,19 +13,17 @@ our @EXPORT = qw();
 
 use Carp;
 $Carp::Internal{(__PACKAGE__)}++;
-use CryptX;
+use Crypt::Digest;
 
-sub hashsize { Crypt::Digest::hashsize(__PACKAGE__) }
+sub hashsize                { Crypt::Digest::hashsize('MD4')             }
-
+sub md4             { Crypt::Digest::digest_data('MD4', @_)      }
-sub md4             { Crypt::Digest::digest_data(__PACKAGE__, @_) }
+sub md4_hex         { Crypt::Digest::digest_data_hex('MD4', @_)  }
-sub md4_hex         { Crypt::Digest::digest_data_hex(__PACKAGE__, @_) }
+sub md4_b64         { Crypt::Digest::digest_data_b64('MD4', @_)  }
-sub md4_b64         { Crypt::Digest::digest_data_b64(__PACKAGE__, @_) }
+sub md4_b64u        { Crypt::Digest::digest_data_b64u('MD4', @_) }
-sub md4_b64u        { Crypt::Digest::digest_data_b64u(__PACKAGE__, @_) }
+sub md4_file        { Crypt::Digest::digest_file('MD4', @_)      }
-
+sub md4_file_hex    { Crypt::Digest::digest_file_hex('MD4', @_)  }
-sub md4_file        { Crypt::Digest::digest_file(__PACKAGE__, @_) }
+sub md4_file_b64    { Crypt::Digest::digest_file_b64('MD4', @_)  }
-sub md4_file_hex    { Crypt::Digest::digest_file_hex(__PACKAGE__, @_) }
+sub md4_file_b64u   { Crypt::Digest::digest_file_b64u('MD4', @_) }
-sub md4_file_b64    { Crypt::Digest::digest_file_b64(__PACKAGE__, @_) }
-sub md4_file_b64u   { Crypt::Digest::digest_file_b64u(__PACKAGE__, @_) }
 
 1;
 
@@ -216,12 +214,10 @@ The OO interface provides the same set of functions as L<Crypt::Digest>.
 
 =over
 
-=item * L<CryptX|CryptX>, L<Crypt::Digest|Crypt::Digest>
+=item * L<CryptX|CryptX>, L<Crypt::Digest>
 
-=item * L<http://en.wikipedia.org/wiki/MD4|http://en.wikipedia.org/wiki/MD4>
+=item * L<https://en.wikipedia.org/wiki/MD4>
 
 =back
 
 =cut
-
-__END__

lib/Crypt/Digest/MD5.pm

@@ -4,7 +4,7 @@ package Crypt::Digest::MD5;
 
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
 
 use base qw(Crypt::Digest Exporter);
 our %EXPORT_TAGS = ( all => [qw( md5 md5_hex md5_b64 md5_b64u md5_file md5_file_hex md5_file_b64 md5_file_b64u )] );
@@ -13,19 +13,17 @@ our @EXPORT = qw();
 
 use Carp;
 $Carp::Internal{(__PACKAGE__)}++;
-use CryptX;
+use Crypt::Digest;
 
-sub hashsize { Crypt::Digest::hashsize(__PACKAGE__) }
+sub hashsize                { Crypt::Digest::hashsize('MD5')             }
-
+sub md5             { Crypt::Digest::digest_data('MD5', @_)      }
-sub md5             { Crypt::Digest::digest_data(__PACKAGE__, @_) }
+sub md5_hex         { Crypt::Digest::digest_data_hex('MD5', @_)  }
-sub md5_hex         { Crypt::Digest::digest_data_hex(__PACKAGE__, @_) }
+sub md5_b64         { Crypt::Digest::digest_data_b64('MD5', @_)  }
-sub md5_b64         { Crypt::Digest::digest_data_b64(__PACKAGE__, @_) }
+sub md5_b64u        { Crypt::Digest::digest_data_b64u('MD5', @_) }
-sub md5_b64u        { Crypt::Digest::digest_data_b64u(__PACKAGE__, @_) }
+sub md5_file        { Crypt::Digest::digest_file('MD5', @_)      }
-
+sub md5_file_hex    { Crypt::Digest::digest_file_hex('MD5', @_)  }
-sub md5_file        { Crypt::Digest::digest_file(__PACKAGE__, @_) }
+sub md5_file_b64    { Crypt::Digest::digest_file_b64('MD5', @_)  }
-sub md5_file_hex    { Crypt::Digest::digest_file_hex(__PACKAGE__, @_) }
+sub md5_file_b64u   { Crypt::Digest::digest_file_b64u('MD5', @_) }
-sub md5_file_b64    { Crypt::Digest::digest_file_b64(__PACKAGE__, @_) }
-sub md5_file_b64u   { Crypt::Digest::digest_file_b64u(__PACKAGE__, @_) }
 
 1;
 
@@ -216,12 +214,10 @@ The OO interface provides the same set of functions as L<Crypt::Digest>.
 
 =over
 
-=item * L<CryptX|CryptX>, L<Crypt::Digest|Crypt::Digest>
+=item * L<CryptX|CryptX>, L<Crypt::Digest>
 
-=item * L<http://en.wikipedia.org/wiki/MD5|http://en.wikipedia.org/wiki/MD5>
+=item * L<https://en.wikipedia.org/wiki/MD5>
 
 =back
 
 =cut
-
-__END__

lib/Crypt/Digest/RIPEMD128.pm

@@ -4,7 +4,7 @@ package Crypt::Digest::RIPEMD128;
 
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
 
 use base qw(Crypt::Digest Exporter);
 our %EXPORT_TAGS = ( all => [qw( ripemd128 ripemd128_hex ripemd128_b64 ripemd128_b64u ripemd128_file ripemd128_file_hex ripemd128_file_b64 ripemd128_file_b64u )] );
@@ -13,19 +13,17 @@ our @EXPORT = qw();
 
 use Carp;
 $Carp::Internal{(__PACKAGE__)}++;
-use CryptX;
+use Crypt::Digest;
 
-sub hashsize { Crypt::Digest::hashsize(__PACKAGE__) }
+sub hashsize                { Crypt::Digest::hashsize('RIPEMD128')             }
-
+sub ripemd128             { Crypt::Digest::digest_data('RIPEMD128', @_)      }
-sub ripemd128             { Crypt::Digest::digest_data(__PACKAGE__, @_) }
+sub ripemd128_hex         { Crypt::Digest::digest_data_hex('RIPEMD128', @_)  }
-sub ripemd128_hex         { Crypt::Digest::digest_data_hex(__PACKAGE__, @_) }
+sub ripemd128_b64         { Crypt::Digest::digest_data_b64('RIPEMD128', @_)  }
-sub ripemd128_b64         { Crypt::Digest::digest_data_b64(__PACKAGE__, @_) }
+sub ripemd128_b64u        { Crypt::Digest::digest_data_b64u('RIPEMD128', @_) }
-sub ripemd128_b64u        { Crypt::Digest::digest_data_b64u(__PACKAGE__, @_) }
+sub ripemd128_file        { Crypt::Digest::digest_file('RIPEMD128', @_)      }
-
+sub ripemd128_file_hex    { Crypt::Digest::digest_file_hex('RIPEMD128', @_)  }
-sub ripemd128_file        { Crypt::Digest::digest_file(__PACKAGE__, @_) }
+sub ripemd128_file_b64    { Crypt::Digest::digest_file_b64('RIPEMD128', @_)  }
-sub ripemd128_file_hex    { Crypt::Digest::digest_file_hex(__PACKAGE__, @_) }
+sub ripemd128_file_b64u   { Crypt::Digest::digest_file_b64u('RIPEMD128', @_) }
-sub ripemd128_file_b64    { Crypt::Digest::digest_file_b64(__PACKAGE__, @_) }
-sub ripemd128_file_b64u   { Crypt::Digest::digest_file_b64u(__PACKAGE__, @_) }
 
 1;
 
@@ -216,12 +214,10 @@ The OO interface provides the same set of functions as L<Crypt::Digest>.
 
 =over
 
-=item * L<CryptX|CryptX>, L<Crypt::Digest|Crypt::Digest>
+=item * L<CryptX|CryptX>, L<Crypt::Digest>
 
-=item * L<http://en.wikipedia.org/wiki/RIPEMD|http://en.wikipedia.org/wiki/RIPEMD>
+=item * L<https://en.wikipedia.org/wiki/RIPEMD>
 
 =back
 
 =cut
-
-__END__

lib/Crypt/Digest/RIPEMD160.pm

@@ -4,7 +4,7 @@ package Crypt::Digest::RIPEMD160;
 
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
 
 use base qw(Crypt::Digest Exporter);
 our %EXPORT_TAGS = ( all => [qw( ripemd160 ripemd160_hex ripemd160_b64 ripemd160_b64u ripemd160_file ripemd160_file_hex ripemd160_file_b64 ripemd160_file_b64u )] );
@@ -13,19 +13,17 @@ our @EXPORT = qw();
 
 use Carp;
 $Carp::Internal{(__PACKAGE__)}++;
-use CryptX;
+use Crypt::Digest;
 
-sub hashsize { Crypt::Digest::hashsize(__PACKAGE__) }
+sub hashsize                { Crypt::Digest::hashsize('RIPEMD160')             }
-
+sub ripemd160             { Crypt::Digest::digest_data('RIPEMD160', @_)      }
-sub ripemd160             { Crypt::Digest::digest_data(__PACKAGE__, @_) }
+sub ripemd160_hex         { Crypt::Digest::digest_data_hex('RIPEMD160', @_)  }
-sub ripemd160_hex         { Crypt::Digest::digest_data_hex(__PACKAGE__, @_) }
+sub ripemd160_b64         { Crypt::Digest::digest_data_b64('RIPEMD160', @_)  }
-sub ripemd160_b64         { Crypt::Digest::digest_data_b64(__PACKAGE__, @_) }
+sub ripemd160_b64u        { Crypt::Digest::digest_data_b64u('RIPEMD160', @_) }
-sub ripemd160_b64u        { Crypt::Digest::digest_data_b64u(__PACKAGE__, @_) }
+sub ripemd160_file        { Crypt::Digest::digest_file('RIPEMD160', @_)      }
-
+sub ripemd160_file_hex    { Crypt::Digest::digest_file_hex('RIPEMD160', @_)  }
-sub ripemd160_file        { Crypt::Digest::digest_file(__PACKAGE__, @_) }
+sub ripemd160_file_b64    { Crypt::Digest::digest_file_b64('RIPEMD160', @_)  }
-sub ripemd160_file_hex    { Crypt::Digest::digest_file_hex(__PACKAGE__, @_) }
+sub ripemd160_file_b64u   { Crypt::Digest::digest_file_b64u('RIPEMD160', @_) }
-sub ripemd160_file_b64    { Crypt::Digest::digest_file_b64(__PACKAGE__, @_) }
-sub ripemd160_file_b64u   { Crypt::Digest::digest_file_b64u(__PACKAGE__, @_) }
 
 1;
 
@@ -216,12 +214,10 @@ The OO interface provides the same set of functions as L<Crypt::Digest>.
 
 =over
 
-=item * L<CryptX|CryptX>, L<Crypt::Digest|Crypt::Digest>
+=item * L<CryptX|CryptX>, L<Crypt::Digest>
 
-=item * L<http://en.wikipedia.org/wiki/RIPEMD|http://en.wikipedia.org/wiki/RIPEMD>
+=item * L<https://en.wikipedia.org/wiki/RIPEMD>
 
 =back
 
 =cut
-
-__END__

lib/Crypt/Digest/RIPEMD256.pm

@@ -4,7 +4,7 @@ package Crypt::Digest::RIPEMD256;
 
 use strict;
 use warnings;
-our $VERSION = '0.048';
+our $VERSION = '0.058_002';
 
 use base qw(Crypt::Digest Exporter);
 our %EXPORT_TAGS = ( all => [qw( ripemd256 ripemd256_hex ripemd256_b64 ripemd256_b64u ripemd256_file ripemd256_file_hex ripemd256_file_b64 ripemd256_file_b64u )] );
@@ -13,19 +13,17 @@ our @EXPORT = qw();
 
 use Carp;
 $Carp::Internal{(__PACKAGE__)}++;
-use CryptX;
+use Crypt::Digest;
 
-sub hashsize { Crypt::Digest::hashsize(__PACKAGE__) }
+sub hashsize                { Crypt::Digest::hashsize('RIPEMD256')             }
-
+sub ripemd256             { Crypt::Digest::digest_data('RIPEMD256', @_)      }
-sub ripemd256             { Crypt::Digest::digest_data(__PACKAGE__, @_) }
+sub ripemd256_hex         { Crypt::Digest::digest_data_hex('RIPEMD256', @_)  }
-sub ripemd256_hex         { Crypt::Digest::digest_data_hex(__PACKAGE__, @_) }
+sub ripemd256_b64         { Crypt::Digest::digest_data_b64('RIPEMD256', @_)  }
-sub ripemd256_b64         { Crypt::Digest::digest_data_b64(__PACKAGE__, @_) }
+sub ripemd256_b64u        { Crypt::Digest::digest_data_b64u('RIPEMD256', @_) }
-sub ripemd256_b64u        { Crypt::Digest::digest_data_b64u(__PACKAGE__, @_) }
+sub ripemd256_file        { Crypt::Digest::digest_file('RIPEMD256', @_)      }
-
+sub ripemd256_file_hex    { Crypt::Digest::digest_file_hex('RIPEMD256', @_)  }
-sub ripemd256_file        { Crypt::Digest::digest_file(__PACKAGE__, @_) }
+sub ripemd256_file_b64    { Crypt::Digest::digest_file_b64('RIPEMD256', @_)  }
-sub ripemd256_file_hex    { Crypt::Digest::digest_file_hex(__PACKAGE__, @_) }
+sub ripemd256_file_b64u   { Crypt::Digest::digest_file_b64u('RIPEMD256', @_) }
-sub ripemd256_file_b64    { Crypt::Digest::digest_file_b64(__PACKAGE__, @_) }
-sub ripemd256_file_b64u   { Crypt::Digest::digest_file_b64u(__PACKAGE__, @_) }
 
 1;
 
@@ -216,12 +214,10 @@ The OO interface provides the same set of functions as L<Crypt::Digest>.
 
 =over
 
-=item * L<CryptX|CryptX>, L<Crypt::Digest|Crypt::Digest>
+=item * L<CryptX|CryptX>, L<Crypt::Digest>
 
-=item * L<http://en.wikipedia.org/wiki/RIPEMD|http://en.wikipedia.org/wiki/RIPEMD>
+=item * L<https://en.wikipedia.org/wiki/RIPEMD>
 
 =back
 
 =cut
-
-__END__