Example #1
0
func (c *aead) Open(dst, nonce, ciphertext, additionalData []byte) ([]byte, error) {
	if n := len(nonce); n != NonceSize {
		return nil, crypto.NonceSizeError(n)
	}
	if len(ciphertext) < c.tagsize {
		return nil, crypto.AuthenticationError{}
	}
	if len(dst) < len(ciphertext)-c.tagsize {
		panic("dst buffer to small")
	}
	var Nonce [12]byte

	copy(Nonce[:], nonce)

	hash := ciphertext[len(ciphertext)-c.tagsize:]
	ciphertext = ciphertext[:len(ciphertext)-c.tagsize]

	// create the poly1305 key
	var polyKey [32]byte
	chacha.XORKeyStream(polyKey[:], polyKey[:], &Nonce, &(c.key), 0, 20)

	// authenticate the ciphertext
	var tag [poly1305.TagSize]byte
	authenticate(&tag, ciphertext, additionalData, &polyKey)
	if subtle.ConstantTimeCompare(tag[:c.tagsize], hash[:c.tagsize]) != 1 {
		return nil, crypto.AuthenticationError{}
	}

	// decrypt ciphertext
	chacha.XORKeyStream(dst, ciphertext, &Nonce, &(c.key), 1, 20)
	return dst[:len(ciphertext)], nil
}
Example #2
0
func (c *aead) Seal(dst, nonce, plaintext, additionalData []byte) []byte {
	if n := len(nonce); n != NonceSize {
		panic(crypto.NonceSizeError(n))
	}
	if len(dst) < len(plaintext)+c.tagsize {
		panic("dst buffer to small")
	}
	var Nonce [12]byte
	copy(Nonce[:], nonce)

	// create the poly1305 key
	var polyKey [32]byte
	chacha.XORKeyStream(polyKey[:], polyKey[:], &Nonce, &(c.key), 0, 20)

	// encrypt the plaintext
	n := len(plaintext)
	chacha.XORKeyStream(dst, plaintext, &Nonce, &(c.key), 1, 20)

	// authenticate the ciphertext
	var tag [poly1305.TagSize]byte
	authenticate(&tag, dst[:n], additionalData, &polyKey)
	return append(dst[:n], tag[:c.tagsize]...)
}
Example #3
0
// XORKeyStream crypts bytes from src to dst using the given key, nonce and counter. Src
// and dst may be the same slice but otherwise should not overlap. If len(dst) < len(src)
// this function panics.
func XORKeyStream(dst, src []byte, nonce *[NonceSize]byte, key *[32]byte, counter uint32) {
	chacha.XORKeyStream(dst, src, nonce, key, counter, 20)
}