cheng/libsodium
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

xor the key and the nonce on rekey for better separation

Browse Source
This commit is contained in:
Frank Denis 2017-09-18 19:25:06 +02:00
parent bb1b27fa36
commit 7d756fab96
1 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/libsodium/crypto_secretstream/xchacha20poly1305/secretstream_xchacha20poly1305.c
View File

@ -76,13 +76,17 @@ crypto_secretstream_xchacha20poly1305_rekey
{
unsigned char new_key_and_inonce[crypto_stream_chacha20_ietf_KEYBYTES +
crypto_secretstream_xchacha20poly1305_INONCEBYTES];
size_t i;
crypto_stream_chacha20_ietf(new_key_and_inonce, sizeof new_key_and_inonce,
state->nonce, state->k);
memcpy(state->k, new_key_and_inonce, crypto_stream_chacha20_ietf_KEYBYTES);
memcpy(STATE_INONCE(state),
new_key_and_inonce + crypto_stream_chacha20_ietf_KEYBYTES,
crypto_secretstream_xchacha20poly1305_INONCEBYTES);
for (i = 0U; i < crypto_stream_chacha20_ietf_KEYBYTES; i++) {
state->k[i] ^= new_key_and_inonce[i];
}
for (i = 0U; i < crypto_secretstream_xchacha20poly1305_INONCEBYTES; i++) {
STATE_INONCE(state)[i] ^=
new_key_and_inonce[crypto_stream_chacha20_ietf_KEYBYTES + i];
}
memset(STATE_COUNTER(state), 0,
crypto_secretstream_xchacha20poly1305_COUNTERBYTES);
}