[−][src]Module eax::online
Online1 variant of the EAX mode.
Authentication
Due to AE (authenticated encryption) nature of EAX, it is vital to verify that both public (also called associated) and privacy-protected (encrypted) data has not been tampered with.
Because of this, it is required for the consumers to explicitly call
finish
after the encryption/decryption operation is complete.
This will either return a tag (when encrypting) used to authenticate data
or a Result
(when decrypting) that signifies whether the data is authentic,
which is when the resulting tag is equal to the one created during encryption.
Example
use eax::{Error, online::{Eax, Decrypt, Encrypt}}; use aes::Aes256; use block_cipher::generic_array::GenericArray; let key = GenericArray::from_slice(b"an example very very secret key."); let nonce = GenericArray::from_slice(b"my unique nonces"); // 128-bits; unique per message let assoc = b"my associated data"; let plaintext = b"plaintext message"; let mut buffer: [u8; 17] = *plaintext; // Encrypt a simple message let mut cipher = Eax::<Aes256, Encrypt>::with_key_and_nonce(key, nonce); cipher.update_assoc(&assoc[..]); cipher.encrypt(&mut buffer[..9]); cipher.encrypt(&mut buffer[9..]); let tag = cipher.finish(); assert_ne!(buffer, *plaintext); let mut cloned = buffer; // Now decrypt it, using the same key and nonce let mut cipher = Eax::<Aes256, Decrypt>::with_key_and_nonce(key, nonce); cipher.update_assoc(&assoc[..]); cipher.decrypt_unauthenticated_hazmat(&mut buffer[..5]); cipher.decrypt_unauthenticated_hazmat(&mut buffer[5..10]); cipher.decrypt_unauthenticated_hazmat(&mut buffer[10..]); let res = cipher.finish(&tag); assert_eq!(res, Ok(())); assert_eq!(buffer, *plaintext); // Decrypting the ciphertext with tampered associated data should fail let mut cipher = Eax::<Aes256, Decrypt>::with_key_and_nonce(key, nonce); cipher.update_assoc(b"tampered"); cipher.decrypt_unauthenticated_hazmat(&mut cloned); let res = cipher.finish(&tag); assert_eq!(res, Err(Error));
Re-exports
pub use Eax as EaxOnline; |
Structs
Decrypt | Marker struct for EAX stream used in decryption mode. |
Eax | Online1 variant of the EAX mode. |
Encrypt | Marker struct for EAX stream used in encryption mode. |
Traits
CipherOp | Marker trait denoting whether the EAX stream is used for encryption/decryption. |