view release on metacpan or  search on metacpan

dropbear/libtomcrypt/doc/crypt.tex  view on Meta::CPAN

by the designers.  First, a short description of what EAX mode is before we explain how to use it.  EAX is a mode that requires a cipher,
CTR and OMAC support and provides encryption and
authentication\footnote{Note that since EAX only requires OMAC and CTR you may use \textit{encrypt only} cipher descriptors with this mode.}.
It is initialized with a random \textit{nonce} that can be shared publicly, a \textit{header} which can be fixed and public, and a random secret symmetric key.

The \textit{header} data is meant to be meta--data associated with a stream that isn't private (e.g., protocol messages).  It can
be added at anytime during an EAX stream, and is part of the authentication tag.  That is, changes in the meta-data can be detected by changes in the output tag.

The mode can then process plaintext producing ciphertext as well as compute a partial checksum.  The actual checksum
called a \textit{tag} is only emitted when the message is finished.  In the interim, the user can process any arbitrary
sized message block to send to the recipient as ciphertext.  This makes the EAX mode especially suited for streaming modes
of operation.

The mode is initialized with the following function.
\index{eax\_init()}
\begin{verbatim}
int eax_init(          eax_state *eax,
                             int  cipher,
             const unsigned char *key,
                   unsigned long  keylen,
             const unsigned char *nonce,

dropbear/libtomcrypt/doc/crypt.tex  view on Meta::CPAN

\end{verbatim}

Where \textit{eax} is the EAX state.  The \textit{cipher} parameter is the index of the desired cipher in the descriptor table.
The \textit{key} parameter is the shared secret symmetric key of length \textit{keylen} octets.  The \textit{nonce} parameter is the
random public string of length \textit{noncelen} octets.  The \textit{header} parameter is the random (or fixed or \textbf{NULL}) header for the
message of length \textit{headerlen} octets.

When this function completes, the \textit{eax} state will be initialized such that you can now either have data decrypted or
encrypted in EAX mode.  Note: if \textit{headerlen} is zero you may pass \textit{header} as \textbf{NULL} to indicate there is no initial header data.

To encrypt or decrypt data in a streaming mode use the following.
\index{eax\_encrypt()} \index{eax\_decrypt()}
\begin{verbatim}
int eax_encrypt(          eax_state *eax,
                const unsigned char *pt,
                      unsigned char *ct,
                      unsigned long  length);

int eax_decrypt(          eax_state *eax,
                const unsigned char *ct,
                      unsigned char *pt,

dropbear/libtomcrypt/doc/crypt.tex  view on Meta::CPAN

           != CRYPT_OK) {
           whine_and_pout(err);
       }
   }
   return EXIT_SUCCESS;
}
\end{verbatim}
\end{small}

\mysection{GCM Mode}
Galois counter mode is an IEEE proposal for authenticated encryption (also it is a planned NIST standard).  Like EAX and OCB mode, it can be used in a streaming capacity
however, unlike EAX it cannot accept \textit{additional authentication data} (meta--data) after plaintext has been processed.  This mode also only works with
block ciphers with a 16--byte block.

A GCM stream is meant to be processed in three modes, one after another.  First, the initialization vector (per session) data is processed.  This should be
unique to every session.  Next, the the optional additional authentication data is processed, and finally the plaintext (or ciphertext depending on the direction).

\subsection{Initialization}
To initialize the GCM context with a secret key call the following function.

\index{gcm\_init()}