search

ArteMisc / libsalty

Elixir bindings for libsodium (NIF)
Apache License 2.0
21 stars 25 forks source link

Wrong order of mac and data for Aead.Xchacha20poly1305Ietf.decrypt() #2

Closed tuupola closed 7 years ago

tuupola commented 7 years ago

Currently calls to Salty.Aead.Xchacha20poly1305Ietf.decrypt() always fail. Calls to Salty.Aead.Xchacha20poly1305Ietf.decrypt_detached() work as expected. This is probably caused by the following code in lib/salty/aead.ex which extracts the tag (mac) and data in a wrong order. IIRC in combined mode mac comes after the payload.

      def decrypt(nsec, cipher, ad, npub, key) do
        mac_size = abytes()
        <<mac::binary-size(mac_size),
          data::binary>> = cipher
        decrypt_detached(nsec, data, mac, ad, npub, key)
      end
ArteMisc commented 7 years ago

You are correct, the libsodium source files indicate that the location of the MAC is after the data. Should be fixed now, thanks!