Hi,
The Cifra library produces an different TAG when AES-EAX encoding is used when no Header is set (length is 0 bytes) then other two souces: online tool and Bouncy Castle impl in Java. If Header is set to any non 0 data they all give the same result. See details below.

I'm encrypting a message using AES-EAX with the following data (all in HEX):

Plain data:
0x00001C400000004800000073

Key:
0x589417B0324B1B71D7A6751852867AE8

Nonce:
0x00010000F683

Header:
0 bytes

I get a correct cipher and, in my opinion, not correct TAG.

Cipher:
0xD5D89979AE79EBEE4E385FA5

Tag:
0x46A9F4BE8F4C92659DA6CD12368D8127

Listing from the app:

When I use the same input data and encrypt them using this: http://artjomb.github.io/cryptojs-extension/ website, or in Java:

try {
    cipher = Cipher.getInstance("AES/EAX/NoPadding", "SC"); // SC = Spongy Castle, an Android variation of Bouncy Castle
    cipher.init(Cipher.ENCRYPT_MODE, keySpec, new GCMParameterSpec(128, nonce));
    ret = cipher.doFinal(toBeEncrypted);
    Log.d("AA2", "Encoded->" + Arrays.toString(ret));
} catch (Exception e) {
    Log.e("AA2", e.getLocalizedMessage());
}

I get a different Tag (the same in both cases):
0x0EFB21FAD714A25B44145F79221A2C9A

However, if I set the Header to any(?) non-null data all 3 libraries give the same result:

Plain text, key and nonce as above

Header:
0x0123

Cipher (same as above)

Tag:
0xCCDA2E4E0698E24E0377E3CD3ED61391

Online tool:

Thanks for the report and sorry for the inconvenience. It looks like CMAC and CMAC-used-by-EAX differ in this case: CMAC treats an empty message as not needing padding, CMAC-used-by-EAX treats it as needing padding. That's a massive pain.

In fact, that's not what's happening at all. The CMAC calculation isn't finalised properly if the last block is empty. I'm going to make that misuse fail at runtime, as well as fixing EAX.

Wow, thanks, that was quick!