1
0

crypt_session_encrypt() and crypt_session_decrypt() was implemented.

This commit is contained in:
Alexander Andreev 2024-03-24 04:38:32 +04:00
parent 3ec30111e2
commit acc016f10b
Signed by: Arav
GPG Key ID: 25969B23DCB5CA34
2 changed files with 27 additions and 2 deletions

View File

@ -144,7 +144,7 @@ const unsigned char *crypt_hello_get_nonce(const unsigned char *const own_hello,
return nonce; return nonce;
} }
int crypt_session_init(crypt_session_t *const s, const crypt_key_t *const own, crypt_key_t *const remote, bool is_client) { int crypt_session_init(crypt_session_t *const s, const crypt_key_t *const own, crypt_key_t *const remote, const unsigned char *const nonce, bool is_client) {
if (is_client) { if (is_client) {
if (crypto_kx_client_session_keys(s->rx, s->tx, own->kx_pub, own->kx_sec, remote->kx_pub) != 0) { if (crypto_kx_client_session_keys(s->rx, s->tx, own->kx_pub, own->kx_sec, remote->kx_pub) != 0) {
fprintf(stderr, "Failed to instantiate a client session.\n"); fprintf(stderr, "Failed to instantiate a client session.\n");
@ -159,11 +159,33 @@ int crypt_session_init(crypt_session_t *const s, const crypt_key_t *const own, c
s->remote_key = remote; s->remote_key = remote;
memcpy(s->nonce, nonce, CRYPT_NONCE_LEN);
return 0; return 0;
} }
unsigned char *crypt_session_encrypt(crypt_session_t *const s, const unsigned char *const m, unsigned long long mlen, unsigned long long *clen) {
unsigned char *c = (unsigned char *)malloc((mlen + crypto_aead_aegis256_ABYTES) * sizeof(unsigned char));
crypto_aead_aegis256_encrypt(c, clen, m, mlen, NULL, 0, NULL, s->nonce, s->tx);
return c;
}
unsigned char *crypt_session_decrypt(crypt_session_t *const s, const unsigned char *const c, unsigned long long clen, unsigned long long *mlen) {
unsigned char *m = (unsigned char *)malloc((clen - crypto_aead_aegis256_ABYTES) * sizeof(unsigned char));
if (crypto_aead_aegis256_decrypt(m, mlen, NULL, c, clen, NULL, 0, s->nonce, s->rx) != 0) {
free(m);
return NULL;
}
return m;
}
void crypt_session_destroy(crypt_session_t *const s) { void crypt_session_destroy(crypt_session_t *const s) {
sodium_memzero(s->rx, CRYPT_SESS_KEY_LEN); sodium_memzero(s->rx, CRYPT_SESS_KEY_LEN);
sodium_memzero(s->tx, CRYPT_SESS_KEY_LEN); sodium_memzero(s->tx, CRYPT_SESS_KEY_LEN);
sodium_memzero(s->nonce, CRYPT_NONCE_LEN);
crypt_key_destroy(s->remote_key); crypt_key_destroy(s->remote_key);
} }

View File

@ -68,13 +68,16 @@ const unsigned char *crypt_hello_get_nonce(const unsigned char *const own_hello,
typedef struct crypt_session_t { typedef struct crypt_session_t {
unsigned char rx[CRYPT_SESS_KEY_LEN]; unsigned char rx[CRYPT_SESS_KEY_LEN];
unsigned char tx[CRYPT_SESS_KEY_LEN]; unsigned char tx[CRYPT_SESS_KEY_LEN];
unsigned char nonce[CRYPT_NONCE_LEN];
crypt_key_t *remote_key; crypt_key_t *remote_key;
} crypt_session_t; } crypt_session_t;
// Derives the symmetric keys for a data encryption using own public and secret and remote's public keys. // Derives the symmetric keys for a data encryption using own public and secret and remote's public keys.
// //
// is_client should be set to true if you are the one establishing the connection. // is_client should be set to true if you are the one establishing the connection.
int crypt_session_init(crypt_session_t *const s, const crypt_key_t *const own, crypt_key_t *const remote, bool is_client); int crypt_session_init(crypt_session_t *const s, const crypt_key_t *const own, crypt_key_t *const remote, const unsigned char *const nonce, bool is_client);
unsigned char *crypt_session_encrypt(crypt_session_t *const s, const unsigned char *const m, unsigned long long mlen, unsigned long long *clen);
unsigned char *crypt_session_decrypt(crypt_session_t *const s, const unsigned char *const c, unsigned long long clen, unsigned long long *mlen);
// Securely erase the fields of a crypt_session_t struct. // Securely erase the fields of a crypt_session_t struct.
void crypt_session_destroy(crypt_session_t *const s); void crypt_session_destroy(crypt_session_t *const s);