9 anni fa · 65eb124b5f
--- a/hydrogen.h
+++ b/hydrogen.h
@@ -112,11 +112,11 @@ int hydro_hash128_final(
 
				 void hydro_secretbox_keygen(uint8_t key[hydro_secretbox_KEYBYTES]);
			
 
				 
			
 
				 int hydro_secretbox_encrypt(uint8_t *c, const void *m_, size_t mlen,
			
 
				-    const char    ctx[hydro_secretbox_CONTEXTBYTES],
			
 
				+    uint64_t msg_id, const char ctx[hydro_secretbox_CONTEXTBYTES],
			
 
				     const uint8_t key[hydro_secretbox_KEYBYTES]);
			
 
				 
			
 
				 int hydro_secretbox_decrypt(void *m_, const uint8_t *c, size_t clen,
			
 
				-    const char    ctx[hydro_secretbox_CONTEXTBYTES],
			
 
				+    uint64_t msg_id, const char ctx[hydro_secretbox_CONTEXTBYTES],
			
 
				     const uint8_t key[hydro_secretbox_KEYBYTES])
			
 
				     __attribute__((warn_unused_result));
			
 
				 
			
@@ -197,11 +197,9 @@ int hydro_hex2bin(uint8_t *bin, size_t bin_maxlen, const char *hex,
 
				 #define HYDRO_HWTYPE_ATMEGA328 1
			
 
				 
			
 
				 #ifndef HYDRO_HWTYPE
			
 
				-# ifdef __AVR__
			
 
				-#  define HYDRO_HWTYPE HYDRO_HWTYPE_ATMEGA328
			
 
				-# else
			
 
				-#  error Please define HYDRO_HWTYPE
			
 
				-# endif
			
 
				+#ifdef __AVR__
			
 
				+#define HYDRO_HWTYPE HYDRO_HWTYPE_ATMEGA328
			
 
				+#endif
			
 
				 #endif
			
 
				 
			
 
				 #ifdef __cplusplus
			
--- a/impl/secretbox.h
+++ b/impl/secretbox.h
@@ -5,7 +5,7 @@ void hydro_secretbox_keygen(uint8_t key[hydro_secretbox_KEYBYTES])
 
				 }
			
 
				 
			
 
				 int hydro_secretbox_encrypt(uint8_t *c, const void *m_, size_t mlen,
			
 
				-    const char    ctx[hydro_secretbox_CONTEXTBYTES],
			
 
				+    uint64_t msg_id, const char ctx[hydro_secretbox_CONTEXTBYTES],
			
 
				     const uint8_t key[hydro_secretbox_KEYBYTES])
			
 
				 {
			
 
				     hydro_hash128_state st;
			
@@ -19,7 +19,9 @@ int hydro_secretbox_encrypt(uint8_t *c, const void *m_, size_t mlen,
 
				                     32 + hydro_stream_xchacha20_KEYBYTES);
			
 
				     COMPILER_ASSERT(
			
 
				         hydro_secretbox_KEYBYTES == hydro_stream_chacha20_block_KEYBYTES);
			
 
				-    hydro_stream_chacha20_block(t0, zero, key);
			
 
				+    memset(t0, 0, sizeof t0);
			
 
				+    STORE64_LE(t0, msg_id);
			
 
				+    hydro_stream_chacha20_block(t0, t0, key);
			
 
				     hydro_hash128_hash(k0, m, mlen, ctx, nonce_key);
			
 
				     randombytes_buf(&k0[hydro_hash128_BYTES], sizeof k0 - hydro_hash128_BYTES);
			
 
				     hydro_stream_hchacha20(nonce, zero, k0);
			
@@ -39,7 +41,7 @@ int hydro_secretbox_encrypt(uint8_t *c, const void *m_, size_t mlen,
 
				 }
			
 
				 
			
 
				 int hydro_secretbox_decrypt(void *m_, const uint8_t *c, size_t clen,
			
 
				-    const char    ctx[hydro_secretbox_CONTEXTBYTES],
			
 
				+    uint64_t msg_id, const char ctx[hydro_secretbox_CONTEXTBYTES],
			
 
				     const uint8_t key[hydro_secretbox_KEYBYTES])
			
 
				 {
			
 
				     hydro_hash128_state st;
			
@@ -54,7 +56,9 @@ int hydro_secretbox_decrypt(void *m_, const uint8_t *c, size_t clen,
 
				         return -1;
			
 
				     }
			
 
				     mlen = clen - hydro_secretbox_HEADERBYTES;
			
 
				-    hydro_stream_chacha20_block(t0, zero, key);
			
 
				+    memset(t0, 0, sizeof t0);
			
 
				+    STORE64_LE(t0, msg_id);
			
 
				+    hydro_stream_chacha20_block(t0, t0, key);
			
 
				     COMPILER_ASSERT(hydro_secretbox_MACBYTES == hydro_hash128_BYTES);
			
 
				     memcpy(nonce, c, hydro_secretbox_NONCEBYTES);
			
 
				     memset(nonce + hydro_secretbox_NONCEBYTES, 0,
			
--- a/tests/tests.c
+++ b/tests/tests.c
@@ -173,18 +173,19 @@ static void test_secretbox(void)
 
				     hydro_increment(dk, sizeof dk);
			
 
				     randombytes_buf_deterministic(key, sizeof key, dk);
			
 
				     hydro_increment(dk, sizeof dk);
			
 
				-    hydro_secretbox_encrypt(c, m, sizeof m, ctx, key);
			
 
				-    assert(hydro_secretbox_decrypt(m2, c, 0, ctx, key) == -1);
			
 
				-    assert(hydro_secretbox_decrypt(m2, c, 1, ctx, key) == -1);
			
 
				+    hydro_secretbox_encrypt(c, m, sizeof m, 0, ctx, key);
			
 
				+    assert(hydro_secretbox_decrypt(m2, c, 0, 0, ctx, key) == -1);
			
 
				+    assert(hydro_secretbox_decrypt(m2, c, 1, 0, ctx, key) == -1);
			
 
				     assert(hydro_secretbox_decrypt(
			
 
				-               m2, c, hydro_secretbox_HEADERBYTES, ctx, key) == -1);
			
 
				-    assert(hydro_secretbox_decrypt(m2, c, sizeof c, ctx, key) == 0);
			
 
				+               m2, c, hydro_secretbox_HEADERBYTES, 0, ctx, key) == -1);
			
 
				+    assert(hydro_secretbox_decrypt(m2, c, sizeof c, 0, ctx, key) == 0);
			
 
				+    assert(hydro_secretbox_decrypt(m2, c, sizeof c, 1, ctx, key) == -1);
			
 
				     assert(hydro_equal(m, m2, sizeof m));
			
 
				     key[0]++;
			
 
				-    assert(hydro_secretbox_decrypt(m2, c, sizeof c, ctx, key) == -1);
			
 
				+    assert(hydro_secretbox_decrypt(m2, c, sizeof c, 0, ctx, key) == -1);
			
 
				     key[0]--;
			
 
				     c[randombytes_uniform(sizeof c)]++;
			
 
				-    assert(hydro_secretbox_decrypt(m2, c, sizeof c, ctx, key) == -1);
			
 
				+    assert(hydro_secretbox_decrypt(m2, c, sizeof c, 0, ctx, key) == -1);
			
 
				 }
			
 
				 
			
 
				 static void test_kdf(void)