mirror of
https://github.com/jedisct1/libsodium.git
synced 2024-12-24 04:25:10 -07:00
secretbox_open: no need to encrypt the first block twice
This commit is contained in:
parent
1801900486
commit
31436eb1df
@ -51,9 +51,7 @@ crypto_secretbox_detached(unsigned char *c, unsigned char *mac,
|
||||
for (i = 0U; i < mlen0; i++) {
|
||||
block0[i + crypto_secretbox_ZEROBYTES] = m[i];
|
||||
}
|
||||
crypto_stream_salsa20_xor(block0, block0,
|
||||
mlen0 + crypto_secretbox_ZEROBYTES,
|
||||
n + 16, subkey);
|
||||
crypto_stream_salsa20_xor(block0, block0, 64U, n + 16, subkey);
|
||||
COMPILER_ASSERT(crypto_secretbox_ZEROBYTES >=
|
||||
crypto_onetimeauth_poly1305_KEYBYTES);
|
||||
crypto_onetimeauth_poly1305_init(&state, block0);
|
||||
@ -100,8 +98,16 @@ crypto_secretbox_open_detached(unsigned char *m, const unsigned char *c,
|
||||
unsigned long long mlen0;
|
||||
|
||||
crypto_core_hsalsa20(subkey, n, k, NULL);
|
||||
crypto_stream_salsa20(block0, crypto_stream_salsa20_KEYBYTES,
|
||||
n + 16, subkey);
|
||||
|
||||
memset(block0, 0U, crypto_secretbox_ZEROBYTES);
|
||||
mlen0 = clen;
|
||||
if (mlen0 > 64U - crypto_secretbox_ZEROBYTES) {
|
||||
mlen0 = 64U - crypto_secretbox_ZEROBYTES;
|
||||
}
|
||||
for (i = 0U; i < mlen0; i++) {
|
||||
block0[crypto_secretbox_ZEROBYTES + i] = c[i];
|
||||
}
|
||||
crypto_stream_salsa20_xor(block0, block0, 64, n + 16, subkey);
|
||||
if (crypto_onetimeauth_poly1305_verify(mac, c, clen, block0) != 0) {
|
||||
sodium_memzero(subkey, sizeof subkey);
|
||||
return -1;
|
||||
@ -109,6 +115,7 @@ crypto_secretbox_open_detached(unsigned char *m, const unsigned char *c,
|
||||
if (m == NULL) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* Allow the m and and c buffer to partially overlap, by calling
|
||||
* memmove() if necessary.
|
||||
@ -124,18 +131,8 @@ crypto_secretbox_open_detached(unsigned char *m, const unsigned char *c,
|
||||
memmove(m, c, clen);
|
||||
c = m;
|
||||
}
|
||||
mlen0 = clen;
|
||||
if (mlen0 > 64U - crypto_secretbox_ZEROBYTES) {
|
||||
mlen0 = 64U - crypto_secretbox_ZEROBYTES;
|
||||
}
|
||||
for (i = 0U; i < mlen0; i++) {
|
||||
block0[crypto_secretbox_ZEROBYTES + i] = c[i];
|
||||
}
|
||||
crypto_stream_salsa20_xor(block0, block0,
|
||||
crypto_secretbox_ZEROBYTES + mlen0,
|
||||
n + 16, subkey);
|
||||
for (i = 0U; i < mlen0; i++) {
|
||||
m[i] = block0[i + crypto_secretbox_ZEROBYTES];
|
||||
m[i] = block0[crypto_secretbox_ZEROBYTES + i];
|
||||
}
|
||||
if (clen > mlen0) {
|
||||
crypto_stream_salsa20_xor_ic(m + mlen0, c + mlen0, clen - mlen0,
|
||||
|
Loading…
Reference in New Issue
Block a user