Ekdohibs
/
zig
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

chacha20poly1305: Return false on short ciphertext

master
lukechampine 2019-11-05 16:15:40 -05:00
parent ae7bb4ecc0
commit 1953b60599
No known key found for this signature in database
GPG Key ID: A5C1CE074CBF1D60
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
lib/std/crypto/chacha20.zig
View File

@ -469,11 +469,15 @@ pub fn chacha20poly1305Seal(dst: []u8, plaintext: []const u8, data: []const u8,
mac.final(dst[plaintext.len..]);
}
/// Verifies and decrypts an authenticated message produced by chacha20poly1305Open.
/// Returns false if message was invalid or authentication failed.
pub fn chacha20poly1305Open(dst: []u8, ciphertext: []const u8, data: []const u8, key: [32]u8, nonce: [12]u8) bool {
assert(ciphertext.len >= chacha20poly1305_tag_size);
assert(dst.len >= ciphertext.len - chacha20poly1305_tag_size);
if (ciphertext.len < chacha20poly1305_tag_size) {
return false;
}
// split ciphertext and tag
assert(dst.len >= ciphertext.len - chacha20poly1305_tag_size);
var polyTag = ciphertext[ciphertext.len - chacha20poly1305_tag_size ..];
ciphertext = ciphertext[0 .. ciphertext.len - chacha20poly1305_tag_size];