diff --git a/src/crypt.c b/src/crypt.c index 6f9db33..3231ad9 100644 --- a/src/crypt.c +++ b/src/crypt.c @@ -144,7 +144,7 @@ const unsigned char *crypt_hello_get_nonce(const unsigned char *const own_hello, return nonce; } -int crypt_session_init(crypt_session_t *const s, const crypt_key_t *const own, crypt_key_t *const remote, bool is_client) { +int crypt_session_init(crypt_session_t *const s, const crypt_key_t *const own, crypt_key_t *const remote, const unsigned char *const nonce, bool is_client) { if (is_client) { if (crypto_kx_client_session_keys(s->rx, s->tx, own->kx_pub, own->kx_sec, remote->kx_pub) != 0) { fprintf(stderr, "Failed to instantiate a client session.\n"); @@ -159,11 +159,33 @@ int crypt_session_init(crypt_session_t *const s, const crypt_key_t *const own, c s->remote_key = remote; + memcpy(s->nonce, nonce, CRYPT_NONCE_LEN); + return 0; } +unsigned char *crypt_session_encrypt(crypt_session_t *const s, const unsigned char *const m, unsigned long long mlen, unsigned long long *clen) { + unsigned char *c = (unsigned char *)malloc((mlen + crypto_aead_aegis256_ABYTES) * sizeof(unsigned char)); + + crypto_aead_aegis256_encrypt(c, clen, m, mlen, NULL, 0, NULL, s->nonce, s->tx); + + return c; +} + +unsigned char *crypt_session_decrypt(crypt_session_t *const s, const unsigned char *const c, unsigned long long clen, unsigned long long *mlen) { + unsigned char *m = (unsigned char *)malloc((clen - crypto_aead_aegis256_ABYTES) * sizeof(unsigned char)); + + if (crypto_aead_aegis256_decrypt(m, mlen, NULL, c, clen, NULL, 0, s->nonce, s->rx) != 0) { + free(m); + return NULL; + } + + return m; +} + void crypt_session_destroy(crypt_session_t *const s) { sodium_memzero(s->rx, CRYPT_SESS_KEY_LEN); sodium_memzero(s->tx, CRYPT_SESS_KEY_LEN); + sodium_memzero(s->nonce, CRYPT_NONCE_LEN); crypt_key_destroy(s->remote_key); } \ No newline at end of file diff --git a/src/crypt.h b/src/crypt.h index 4df0db7..6faeb1e 100644 --- a/src/crypt.h +++ b/src/crypt.h @@ -68,13 +68,16 @@ const unsigned char *crypt_hello_get_nonce(const unsigned char *const own_hello, typedef struct crypt_session_t { unsigned char rx[CRYPT_SESS_KEY_LEN]; unsigned char tx[CRYPT_SESS_KEY_LEN]; + unsigned char nonce[CRYPT_NONCE_LEN]; crypt_key_t *remote_key; } crypt_session_t; // Derives the symmetric keys for a data encryption using own public and secret and remote's public keys. // // is_client should be set to true if you are the one establishing the connection. -int crypt_session_init(crypt_session_t *const s, const crypt_key_t *const own, crypt_key_t *const remote, bool is_client); +int crypt_session_init(crypt_session_t *const s, const crypt_key_t *const own, crypt_key_t *const remote, const unsigned char *const nonce, bool is_client); +unsigned char *crypt_session_encrypt(crypt_session_t *const s, const unsigned char *const m, unsigned long long mlen, unsigned long long *clen); +unsigned char *crypt_session_decrypt(crypt_session_t *const s, const unsigned char *const c, unsigned long long clen, unsigned long long *mlen); // Securely erase the fields of a crypt_session_t struct. void crypt_session_destroy(crypt_session_t *const s);