-fix actually follow spec for Salsa encryption

author: Martin Schanzenbach <mschanzenbach@posteo.de> 2021-05-03 20:46:46 +0200
committer: Martin Schanzenbach <mschanzenbach@posteo.de> 2021-05-03 20:46:46 +0200
commit: 35fb28b9bc616b638d9a8de31633e2d68dca26d0 (patch)
tree: 8266e59cc97822b9aca25c8082460d14fa1d8190
parent: d552acf5e7114f92d8251276ef76827a9db92257 (diff)
1 files changed, 13 insertions, 2 deletions
diff --git a/src/gnsrecord/gnsrecord_crypto.c b/src/gnsrecord/gnsrecord_crypto.c
index 7fe0c6953..feb60ade9 100644
--- a/src/gnsrecord/gnsrecord_crypto.c
+++ b/src/gnsrecord/gnsrecord_crypto.c
@@ -99,7 +99,14 @@ eddsa_symmetric_decrypt (
   const unsigned char *nonce,
   void *result)
 {
-  if (0 != crypto_secretbox_open_easy (result, block, size, nonce, key))
+  ssize_t ctlen = size - crypto_secretbox_MACBYTES;
+  if (ctlen < 0)
+    return GNUNET_SYSERR;
+  if (0 != crypto_secretbox_open_detached (result,
+                                           block, // Ciphertext
+                                           ((unsigned char*)block) + ctlen, // TAG
+                                           ctlen,
+                                           nonce, key))
   {
     return GNUNET_SYSERR;
   }
@@ -115,7 +122,11 @@ eddsa_symmetric_encrypt (
   const unsigned char *nonce,
   void *result)
 {
-  crypto_secretbox_easy (result, block, size, nonce, key);
+  if (size > crypto_secretbox_MESSAGEBYTES_MAX)
+    return GNUNET_SYSERR;
+  crypto_secretbox_detached (result, // Ciphertext
+                             result + size, // TAG
+                             block, size, nonce, key);
   return GNUNET_OK;
 }
author	Martin Schanzenbach <mschanzenbach@posteo.de>	2021-05-03 20:46:46 +0200
committer	Martin Schanzenbach <mschanzenbach@posteo.de>	2021-05-03 20:46:46 +0200
commit	35fb28b9bc616b638d9a8de31633e2d68dca26d0 (patch)
tree	8266e59cc97822b9aca25c8082460d14fa1d8190
parent	d552acf5e7114f92d8251276ef76827a9db92257 (diff)