aboutsummaryrefslogtreecommitdiff
path: root/src/gnsrecord/gnsrecord_crypto.c
diff options
context:
space:
mode:
authorMartin Schanzenbach <mschanzenbach@posteo.de>2021-05-03 20:46:46 +0200
committerMartin Schanzenbach <mschanzenbach@posteo.de>2021-05-03 20:46:46 +0200
commit35fb28b9bc616b638d9a8de31633e2d68dca26d0 (patch)
tree8266e59cc97822b9aca25c8082460d14fa1d8190 /src/gnsrecord/gnsrecord_crypto.c
parentd552acf5e7114f92d8251276ef76827a9db92257 (diff)
downloadgnunet-35fb28b9bc616b638d9a8de31633e2d68dca26d0.tar.gz
gnunet-35fb28b9bc616b638d9a8de31633e2d68dca26d0.zip
-fix actually follow spec for Salsa encryption
Diffstat (limited to 'src/gnsrecord/gnsrecord_crypto.c')
-rw-r--r--src/gnsrecord/gnsrecord_crypto.c15
1 files changed, 13 insertions, 2 deletions
diff --git a/src/gnsrecord/gnsrecord_crypto.c b/src/gnsrecord/gnsrecord_crypto.c
index 7fe0c6953..feb60ade9 100644
--- a/src/gnsrecord/gnsrecord_crypto.c
+++ b/src/gnsrecord/gnsrecord_crypto.c
@@ -99,7 +99,14 @@ eddsa_symmetric_decrypt (
99 const unsigned char *nonce, 99 const unsigned char *nonce,
100 void *result) 100 void *result)
101{ 101{
102 if (0 != crypto_secretbox_open_easy (result, block, size, nonce, key)) 102 ssize_t ctlen = size - crypto_secretbox_MACBYTES;
103 if (ctlen < 0)
104 return GNUNET_SYSERR;
105 if (0 != crypto_secretbox_open_detached (result,
106 block, // Ciphertext
107 ((unsigned char*)block) + ctlen, // TAG
108 ctlen,
109 nonce, key))
103 { 110 {
104 return GNUNET_SYSERR; 111 return GNUNET_SYSERR;
105 } 112 }
@@ -115,7 +122,11 @@ eddsa_symmetric_encrypt (
115 const unsigned char *nonce, 122 const unsigned char *nonce,
116 void *result) 123 void *result)
117{ 124{
118 crypto_secretbox_easy (result, block, size, nonce, key); 125 if (size > crypto_secretbox_MESSAGEBYTES_MAX)
126 return GNUNET_SYSERR;
127 crypto_secretbox_detached (result, // Ciphertext
128 result + size, // TAG
129 block, size, nonce, key);
119 return GNUNET_OK; 130 return GNUNET_OK;
120} 131}
121 132