diff options
| author | stratospher <44024636+stratospher@users.noreply.github.com> | 2023-08-13 11:55:46 +0530 |
|---|---|---|
| committer | stratospher <44024636+stratospher@users.noreply.github.com> | 2023-08-14 09:03:21 +0530 |
| commit | d22d5d925c000bf25ad2410ca66c4c21eea75004 (patch) | |
| tree | 5e4e9e2f0f5e808dcb5175271b8797e9aa8dce94 /src/crypto/chacha20poly1305.cpp | |
| parent | b2ec0326fd76e64a6d0d7e4745506b29f60d0be5 (diff) | |
| download | bitcoin-d22d5d925c000bf25ad2410ca66c4c21eea75004.tar.xz | |
crypto: BIP324 ciphersuite follow-up
follow-up to #28008.
* move `dummy_tag` variable in FSChaCha20Poly1305 crypto_tests
outside of the loop to be reused every time
* use easy to read `cipher.last()` in `AEADChaCha20Poly1305::Decrypt()`
* comment for initiator in `BIP324Cipher::Initialize()`
* systematically damage ciphertext with bit positions in bip324_tests
* use 4095 max bytes for aad in bip324 fuzz test
Diffstat (limited to 'src/crypto/chacha20poly1305.cpp')
| -rw-r--r-- | src/crypto/chacha20poly1305.cpp | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/crypto/chacha20poly1305.cpp b/src/crypto/chacha20poly1305.cpp index c936dd2265..2636ebe2b2 100644 --- a/src/crypto/chacha20poly1305.cpp +++ b/src/crypto/chacha20poly1305.cpp @@ -95,7 +95,7 @@ bool AEADChaCha20Poly1305::Decrypt(Span<const std::byte> cipher, Span<const std: m_chacha20.Seek64(nonce, 0); std::byte expected_tag[EXPANSION]; ComputeTag(m_chacha20, aad, cipher.first(cipher.size() - EXPANSION), expected_tag); - if (timingsafe_bcmp(UCharCast(expected_tag), UCharCast(cipher.data() + cipher.size() - EXPANSION), EXPANSION)) return false; + if (timingsafe_bcmp(UCharCast(expected_tag), UCharCast(cipher.last(EXPANSION).data()), EXPANSION)) return false; // Decrypt (starting at block 1). m_chacha20.Crypt(UCharCast(cipher.data()), UCharCast(plain1.data()), plain1.size()); |