使用libsodium加密

时间:2014-03-17 09:14:10

标签: c encryption libsodium

我一直在努力使用libsodium中的crypto_secretbox_easy()来加密/解密某些数据。我似乎无法找到有关用法的任何好文档。

我想从用户那里获取密码,使用它来以某种方式创建密钥,然后使用它来加密/解密数据。

我在下面发布的玩具代码的问题是crypto_secretbox_open_easy()从verify_16.c中返回-1。有没有人知道我在哪里可以找到如何使用这个界面或可能出错的来源?谢谢! 

 unsigned char * cipher;
 unsigned char * decoded;
 unsigned char * message;
 unsigned long long message_len = 32;
 size_t noncelen = sizeof(char) * crypto_secretbox_noncebytes();
 size_t keylen = sizeof(char) * crypto_secretbox_keybytes();
 unsigned char * nonce = calloc(noncelen, noncelen);
 unsigned char * key = calloc(keylen, keylen);

 message = calloc(32*sizeof(char), sizeof(char) * 32);
 cipher = calloc(32*sizeof(char), sizeof(char) * 32);
 decoded = calloc(32*sizeof(char), sizeof(char) * 32);

 crypto_secretbox_easy((unsigned char *)cipher, (const unsigned char *)message, 
                      message_len, nonce, key);

 crypto_secretbox_open_easy((unsigned char *)decoded, (const unsigned char *) cipher, 
                            message_len, nonce, key);

2 个答案:

答案 0 :(得分:1)

crypto_secretbox_open_easy()的长度应该是经过身份验证/加密的消息的长度,而不是message_len,因为添加了身份验证标记。此标记的长度为crypto_box_MACBYTES。

答案 1 :(得分:1)

- (NSData *)encrypt:(NSData *)data nonce:(NSData *)nonce key:(NSData *)key error:(NSError **)error {
  if (!nonce || [nonce length] != NASecretBoxNonceSize) {
    if (error) *error = NAError(NAErrorCodeInvalidNonce, @"Invalid nonce");
    return nil;
  }

  if (!data) {
    if (error) *error = NAError(NAErrorCodeInvalidData, @"Invalid data");
    return nil;
  }

  if (!key || [key length] != NASecretBoxKeySize) {
    if (error) *error = NAError(NAErrorCodeInvalidKey, @"Invalid key");
    return nil;
  }

  // Add space for authentication tag of size MACBYTES
  NSMutableData *outData = [NSMutableData dataWithLength:[data length] + NASecretBoxMACSize];

  int retval = crypto_secretbox_easy([outData mutableBytes],
                                     [data bytes], [data length],
                                     [nonce bytes],
                                     [key bytes]);

  if (retval != 0) {
    if (error) *error = NAError(NAErrorCodeFailure, @"Encrypt (secret box) failed");
    return nil;
  }

  return outData;
}

- (NSData *)decrypt:(NSData *)data nonce:(NSData *)nonce key:(NSData *)key error:(NSError **)error {
  if (!nonce || [nonce length] != NASecretBoxNonceSize) {
    if (error) *error = NAError(NAErrorCodeInvalidNonce, @"Invalid nonce");
    return nil;
  }

  if (!data) {
    if (error) *error = NAError(NAErrorCodeInvalidData, @"Invalid data");
    return nil;
  }

  if (!key || [key length] != NASecretBoxKeySize) {
    if (error) *error = NAError(NAErrorCodeInvalidKey, @"Invalid key");
    return nil;
  }

  __block int retval = -1;
  NSMutableData *outData = NAData(self.secureDataEnabled, data.length, ^(void *bytes, NSUInteger length) {
    retval = crypto_secretbox_open_easy(bytes,
                                        [data bytes], [data length],
                                        [nonce bytes], [key bytes]);
  });
  if (retval != 0) {
    if (error) *error = NAError(NAErrorCodeVerificationFailed, @"Verification failed");
    return nil;
  }

  // Remove MAC bytes from data
  return [outData na_truncate:NASecretBoxMACSize];
}
相关问题
最新问题