Expand description
Online1 variant of the EAX mode.
§Authentication
Due to AE (authenticated encryption) nature of EAX, it is vital to verify that both public (also called associated) and privacy-protected (encrypted) data has not been tampered with.
Because of this, it is required for the consumers to explicitly call
finish
after the encryption/decryption operation is complete.
This will either return a tag (when encrypting) used to authenticate data
or a Result
(when decrypting) that signifies whether the data is authentic,
which is when the resulting tag is equal to the one created during encryption.
§Example
use eax::{Error, online::{Eax, Decrypt, Encrypt}, cipher::generic_array::GenericArray};
use aes::Aes256;
let key = GenericArray::from_slice(b"an example very very secret key.");
let nonce = GenericArray::from_slice(b"my unique nonces"); // 128-bits; unique per message
let assoc = b"my associated data";
let plaintext = b"plaintext message";
let mut buffer: [u8; 17] = *plaintext;
// Encrypt a simple message
let mut cipher = Eax::<Aes256, Encrypt>::with_key_and_nonce(key, nonce);
cipher.update_assoc(&assoc[..]);
cipher.encrypt(&mut buffer[..9]);
cipher.encrypt(&mut buffer[9..]);
let tag = cipher.finish();
assert_ne!(buffer, *plaintext);
let mut cloned = buffer;
// Now decrypt it, using the same key and nonce
let mut cipher = Eax::<Aes256, Decrypt>::with_key_and_nonce(key, nonce);
cipher.update_assoc(&assoc[..]);
cipher.decrypt_unauthenticated_hazmat(&mut buffer[..5]);
cipher.decrypt_unauthenticated_hazmat(&mut buffer[5..10]);
cipher.decrypt_unauthenticated_hazmat(&mut buffer[10..]);
let res = cipher.finish(&tag);
assert_eq!(res, Ok(()));
assert_eq!(buffer, *plaintext);
// Decrypting the ciphertext with tampered associated data should fail
let mut cipher = Eax::<Aes256, Decrypt>::with_key_and_nonce(key, nonce);
cipher.update_assoc(b"tampered");
cipher.decrypt_unauthenticated_hazmat(&mut cloned);
let res = cipher.finish(&tag);
assert_eq!(res, Err(Error));
Re-exports§
pub use Eax as EaxOnline;
Structs§
- Decrypt
- Marker struct for EAX stream used in decryption mode.
- Eax
- Online1 variant of the EAX mode.
- Encrypt
- Marker struct for EAX stream used in encryption mode.
Traits§
- Cipher
Op - Marker trait denoting whether the EAX stream is used for encryption/decryption.