cerc-io/sodium-javascript
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix backward crypto_secretbox_detached bug

Browse Source 
Problem: Both `crypto_secretbox_detached` and the corresponding
`crypto_secretbox_open_detached` have a bug where the MAC is added as a
suffix rather than the prefix. This creates a problem where the methods
are compatible with each other but incompatible with other libsodium
implementations.

Solution: Reverse the backward implementation and ensure that the MAC is
added to the output as a prefix rather than as a suffix.
This commit is contained in:
Christian Bundy 2020-09-02 09:28:28 -07:00
parent a546f3e51d
commit 2bb349b7db
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
crypto_secretbox.js
View File

@ -69,8 +69,8 @@ function crypto_secretbox_detached (o, mac, msg, n, k) {
const tmp = new Uint8Array(msg.byteLength + mac.byteLength) const tmp = new Uint8Array(msg.byteLength + mac.byteLength)
crypto_secretbox_easy(tmp, msg, n, k) crypto_secretbox_easy(tmp, msg, n, k)
o.set(tmp.subarray(0, msg.byteLength)) o.set(tmp.subarray(mac.byteLength))
mac.set(tmp.subarray(msg.byteLength)) mac.set(tmp.subarray(0, mac.byteLength))
return true return true
} }
@ -81,8 +81,8 @@ function crypto_secretbox_open_detached (msg, o, mac, n, k) {
assert(k.byteLength === crypto_secretbox_KEYBYTES, "k must be 'crypto_secretbox_KEYBYTES' bytes") assert(k.byteLength === crypto_secretbox_KEYBYTES, "k must be 'crypto_secretbox_KEYBYTES' bytes")
const tmp = new Uint8Array(o.byteLength + mac.byteLength) const tmp = new Uint8Array(o.byteLength + mac.byteLength)
tmp.set(o) tmp.set(o, mac.byteLength)
tmp.set(mac, msg.byteLength) tmp.set(mac)
return crypto_secretbox_open_easy(msg, tmp, n, k) return crypto_secretbox_open_easy(msg, tmp, n, k)
} }