Package Cryptodome :: Package Cipher :: Module _mode_eax :: Class EaxMode

Class EaxMode

object --+
         |
        EaxMode

EAX mode.

This is an Authenticated Encryption with Associated Data (AEAD) mode. It provides both confidentiality and authenticity.

The header of the message may be left in the clear, if needed, and it will still be subject to authentication.

The decryption step tells the receiver if the message comes from a source that really knowns the secret key. Additionally, decryption detects if any part of the message - including the header - has been modified or corrupted.

This mode requires a nonce.

This mode is only available for ciphers that operate on 64 or 128 bits blocks.

There are no official standards defining EAX. The implementation is based on a proposal that was presented to NIST.

Instance Methods
 
update(self, assoc_data)
Protect associated data
 
encrypt(self, plaintext)
Encrypt data with the key and the parameters set at initialization.
 
decrypt(self, ciphertext)
Decrypt data with the key and the parameters set at initialization.
 
digest(self)
Compute the binary MAC tag.
 
hexdigest(self)
Compute the printable MAC tag.
 
verify(self, received_mac_tag)
Validate the binary MAC tag.
 
hexverify(self, hex_mac_tag)
Validate the printable MAC tag.
 
encrypt_and_digest(self, plaintext)
Perform encrypt() and digest() in one step.
 
decrypt_and_verify(self, ciphertext, received_mac_tag)
Perform decrypt() and verify() in one step.

Inherited from object: __delattr__, __format__, __getattribute__, __hash__, __init__, __new__, __reduce__, __reduce_ex__, __repr__, __setattr__, __sizeof__, __str__, __subclasshook__

Instance Variables
  block_size
The block size of the underlying cipher, in bytes.
  nonce
The nonce originally used to create the object.
Properties

Inherited from object: __class__

Method Details

update(self, assoc_data)

 

Protect associated data

If there is any associated data, the caller has to invoke this function one or more times, before using decrypt or encrypt.

By associated data it is meant any data (e.g. packet headers) that will not be encrypted and will be transmitted in the clear. However, the receiver is still able to detect any modification to it.

If there is no associated data, this method must not be called.

The caller may split associated data in segments of any size, and invoke this method multiple times, each time with the next segment.

Parameters:
  • assoc_data (byte string) - A piece of associated data. There are no restrictions on its size.

encrypt(self, plaintext)

 

Encrypt data with the key and the parameters set at initialization.

A cipher object is stateful: once you have encrypted a message you cannot encrypt (or decrypt) another message using the same object.

The data to encrypt can be broken up in two or more pieces and encrypt can be called multiple times.

That is, the statement:

>>> c.encrypt(a) + c.encrypt(b)

is equivalent to:

>>> c.encrypt(a+b)

This function does not add any padding to the plaintext.

Parameters:
  • plaintext (byte string) - The piece of data to encrypt. It can be of any length.
Returns:
the encrypted data, as a byte string. It is as long as plaintext.

decrypt(self, ciphertext)

 

Decrypt data with the key and the parameters set at initialization.

A cipher object is stateful: once you have decrypted a message you cannot decrypt (or encrypt) another message with the same object.

The data to decrypt can be broken up in two or more pieces and decrypt can be called multiple times.

That is, the statement:

>>> c.decrypt(a) + c.decrypt(b)

is equivalent to:

>>> c.decrypt(a+b)

This function does not remove any padding from the plaintext.

Parameters:
  • ciphertext (byte string) - The piece of data to decrypt. It can be of any length.
Returns:
the decrypted data (byte string).

digest(self)

 

Compute the binary MAC tag.

The caller invokes this function at the very end.

This method returns the MAC that shall be sent to the receiver, together with the ciphertext.

Returns:
the MAC, as a byte string.

hexdigest(self)

 

Compute the printable MAC tag.

This method is like digest.

Returns:
the MAC, as a hexadecimal string.

verify(self, received_mac_tag)

 

Validate the binary MAC tag.

The caller invokes this function at the very end.

This method checks if the decrypted message is indeed valid (that is, if the key is correct) and it has not been tampered with while in transit.

Parameters:
  • received_mac_tag (byte string) - This is the binary MAC, as received from the sender.
Raises:
  • MacMismatchError - if the MAC does not match. The message has been tampered with or the key is incorrect.

hexverify(self, hex_mac_tag)

 

Validate the printable MAC tag.

This method is like verify.

Parameters:
  • hex_mac_tag (string) - This is the printable MAC, as received from the sender.
Raises:
  • MacMismatchError - if the MAC does not match. The message has been tampered with or the key is incorrect.

encrypt_and_digest(self, plaintext)

 
Perform encrypt() and digest() in one step.
Parameters:
  • plaintext (byte string) - The piece of data to encrypt.
Returns:

a tuple with two byte strings:

  • the encrypted data
  • the MAC

decrypt_and_verify(self, ciphertext, received_mac_tag)

 
Perform decrypt() and verify() in one step.
Parameters:
  • ciphertext (byte string) - The piece of data to decrypt.
  • received_mac_tag (byte string) - This is the binary MAC, as received from the sender.
Returns:
the decrypted data (byte string).
Raises:
  • MacMismatchError - if the MAC does not match. The message has been tampered with or the key is incorrect.