Esempio n. 1
0
// Open opens the encrypted and authenticated box c with 24-byte nonce n and
// 32-byte key k, and returns the decrypted message.
//
// If authentication fails (for example, the box has been tampered with or
// became corrupted, or the key or nonce is incorrect), the function returns
// nil.
//
// The returned byte slice is 16 bytes shorter than c (it contains the original
// encrypted message).
//
// This function allocates memory for the returned byte slice.
func Open(c []byte, n *[24]byte, k *[32]byte) []byte {
	if len(c) < 16 {
		return nil
	}
	cpad := make([]byte, BoxZeroBytes+len(c))
	copy(cpad[BoxZeroBytes:], c)
	var tmp [32]byte
	subkey := tmp[:]
	xsalsa20.Stream(subkey, n, k)
	if !poly1305.Verify(cpad[16:32], cpad[32:], subkey) {
		return nil
	}
	xsalsa20.Xor(cpad, cpad, n, k)
	return cpad[ZeroBytes:]
}
Esempio n. 2
0
func OpenTo(m, c []byte, n *[24]byte, k *[32]byte) bool {
	if len(c) < BoxZeroBytes+poly1305.OutputSize {
		panic("secretbox: ciphertext is too short")
	}
	var subkey [32]byte
	xsalsa20.Stream(subkey[:], n, k)
	if !poly1305.Verify(c[16:32], c[32:], subkey[:]) {
		return false
	}
	xsalsa20.Xor(m, c, n, k)
	for i := 0; i < 32; i++ {
		m[i] = 0
	}
	return true
}