diff options
Diffstat (limited to 'src/crypto/chacha_poly_aead.cpp')
-rw-r--r-- | src/crypto/chacha_poly_aead.cpp | 20 |
1 files changed, 12 insertions, 8 deletions
diff --git a/src/crypto/chacha_poly_aead.cpp b/src/crypto/chacha_poly_aead.cpp index d15f2f4ea6..0d82cf3d74 100644 --- a/src/crypto/chacha_poly_aead.cpp +++ b/src/crypto/chacha_poly_aead.cpp @@ -50,13 +50,13 @@ bool ChaCha20Poly1305AEAD::Crypt(uint64_t seqnr_payload, uint64_t seqnr_aad, int // check buffer boundaries if ( // if we encrypt, make sure the source contains at least the expected AAD and the destination has at least space for the source + MAC - (is_encrypt && (src_len < CHACHA20_POLY1305_AEAD_AAD_LEN || dest_len < src_len + POLY1305_TAGLEN)) || + (is_encrypt && (src_len < CHACHA20_POLY1305_AEAD_AAD_LEN || dest_len < src_len + Poly1305::TAGLEN)) || // if we decrypt, make sure the source contains at least the expected AAD+MAC and the destination has at least space for the source - MAC - (!is_encrypt && (src_len < CHACHA20_POLY1305_AEAD_AAD_LEN + POLY1305_TAGLEN || dest_len < src_len - POLY1305_TAGLEN))) { + (!is_encrypt && (src_len < CHACHA20_POLY1305_AEAD_AAD_LEN + Poly1305::TAGLEN || dest_len < src_len - Poly1305::TAGLEN))) { return false; } - unsigned char expected_tag[POLY1305_TAGLEN], poly_key[POLY1305_KEYLEN]; + unsigned char expected_tag[Poly1305::TAGLEN], poly_key[Poly1305::KEYLEN]; memset(poly_key, 0, sizeof(poly_key)); // block counter 0 for the poly1305 key @@ -67,18 +67,20 @@ bool ChaCha20Poly1305AEAD::Crypt(uint64_t seqnr_payload, uint64_t seqnr_aad, int // if decrypting, verify the tag prior to decryption if (!is_encrypt) { - const unsigned char* tag = src + src_len - POLY1305_TAGLEN; - poly1305_auth(expected_tag, src, src_len - POLY1305_TAGLEN, poly_key); + const unsigned char* tag = src + src_len - Poly1305::TAGLEN; + Poly1305{MakeByteSpan(poly_key)} + .Update(AsBytes(Span{src, src_len - Poly1305::TAGLEN})) + .Finalize(MakeWritableByteSpan(expected_tag)); // constant time compare the calculated MAC with the provided MAC - if (timingsafe_bcmp(expected_tag, tag, POLY1305_TAGLEN) != 0) { + if (timingsafe_bcmp(expected_tag, tag, Poly1305::TAGLEN) != 0) { memory_cleanse(expected_tag, sizeof(expected_tag)); memory_cleanse(poly_key, sizeof(poly_key)); return false; } memory_cleanse(expected_tag, sizeof(expected_tag)); // MAC has been successfully verified, make sure we don't convert it in decryption - src_len -= POLY1305_TAGLEN; + src_len -= Poly1305::TAGLEN; } // calculate and cache the next 64byte keystream block if requested sequence number is not yet the cache @@ -99,7 +101,9 @@ bool ChaCha20Poly1305AEAD::Crypt(uint64_t seqnr_payload, uint64_t seqnr_aad, int // If encrypting, calculate and append tag if (is_encrypt) { // the poly1305 tag expands over the AAD (3 bytes length) & encrypted payload - poly1305_auth(dest + src_len, dest, src_len, poly_key); + Poly1305{MakeByteSpan(poly_key)} + .Update(AsBytes(Span{dest, src_len})) + .Finalize(AsWritableBytes(Span{dest + src_len, Poly1305::TAGLEN})); } // cleanse no longer required MAC and polykey |