logo

Module eax::online

source · []
Expand description

Online1 variant of the EAX mode.

Authentication

Due to AE (authenticated encryption) nature of EAX, it is vital to verify that both public (also called associated) and privacy-protected (encrypted) data has not been tampered with.

Because of this, it is required for the consumers to explicitly call finish after the encryption/decryption operation is complete. This will either return a tag (when encrypting) used to authenticate data or a Result (when decrypting) that signifies whether the data is authentic, which is when the resulting tag is equal to the one created during encryption.

Example

use eax::{Error, online::{Eax, Decrypt, Encrypt}, cipher::generic_array::GenericArray};
use aes::Aes256;

let key = GenericArray::from_slice(b"an example very very secret key.");
let nonce = GenericArray::from_slice(b"my unique nonces"); // 128-bits; unique per message
let assoc = b"my associated data";
let plaintext = b"plaintext message";
let mut buffer: [u8; 17] = *plaintext;

// Encrypt a simple message
let mut cipher = Eax::<Aes256, Encrypt>::with_key_and_nonce(key, nonce);
cipher.update_assoc(&assoc[..]);
cipher.encrypt(&mut buffer[..9]);
cipher.encrypt(&mut buffer[9..]);
let tag = cipher.finish();

assert_ne!(buffer, *plaintext);

let mut cloned = buffer;

// Now decrypt it, using the same key and nonce
let mut cipher = Eax::<Aes256, Decrypt>::with_key_and_nonce(key, nonce);
cipher.update_assoc(&assoc[..]);
cipher.decrypt_unauthenticated_hazmat(&mut buffer[..5]);
cipher.decrypt_unauthenticated_hazmat(&mut buffer[5..10]);
cipher.decrypt_unauthenticated_hazmat(&mut buffer[10..]);
let res = cipher.finish(&tag);

assert_eq!(res, Ok(()));
assert_eq!(buffer, *plaintext);

// Decrypting the ciphertext with tampered associated data should fail
let mut cipher = Eax::<Aes256, Decrypt>::with_key_and_nonce(key, nonce);
cipher.update_assoc(b"tampered");
cipher.decrypt_unauthenticated_hazmat(&mut cloned);
let res = cipher.finish(&tag);

assert_eq!(res, Err(Error));

Re-exports

pub use Eax as EaxOnline;

Structs

Decrypt

Marker struct for EAX stream used in decryption mode.

Eax

Online1 variant of the EAX mode.

Encrypt

Marker struct for EAX stream used in encryption mode.

Traits

CipherOp

Marker trait denoting whether the EAX stream is used for encryption/decryption.