Function decrypt [src]

m: Message c: Ciphertext tag: Authentication tag ad: Associated data npub: Public nonce k: Private key Asserts c.len == m.len. Contents of m are undefined if an error is returned.

Prototype

 pub fn decrypt(m: []u8, c: []const u8, tag: [tag_length]u8, ad: []const u8, npub: [nonce_length]u8, k: [key_length]u8) AuthenticationError!void

Parameters

m: []u8c: []const u8tag: [tag_length]u8ad: []const u8npub: [nonce_length]u8k: [key_length]u8

Possible Errors

AuthenticationFailed AuthenticationError

Source

  pub fn decrypt(m: []u8, c: []const u8, tag: [tag_length]u8, ad: []const u8, npub: [nonce_length]u8, k: [key_length]u8) AuthenticationError!void {
    debug.assert(c.len == m.len);
    const extended = extend(rounds, k, npub);
    var block0 = [_]u8{0} ** 64;
    const mlen0 = @min(32, c.len);
    @memcpy(block0[32..][0..mlen0], c[0..mlen0]);
    Salsa20.xor(block0[0..], block0[0..], 0, extended.key, extended.nonce);
    var mac = Poly1305.init(block0[0..32]);
    mac.update(ad);
    mac.update(c);
    var computed_tag: [tag_length]u8 = undefined;
    mac.final(&computed_tag);

    const verify = crypto.timing_safe.eql([tag_length]u8, computed_tag, tag);
    if (!verify) {
        crypto.secureZero(u8, &computed_tag);
        @memset(m, undefined);
        return error.AuthenticationFailed;
    }
    @memcpy(m[0..mlen0], block0[32..][0..mlen0]);
    Salsa20.xor(m[mlen0..], c[mlen0..], 1, extended.key, extended.nonce);
}  