X-Git-Url: https://git.siccegge.de//index.cgi?p=software%2FDIPE.git;a=blobdiff_plain;f=src%2FDIPE.cxx;fp=src%2FDIPE.cxx;h=e06f2f3b4b95eeba42176062f70aa74c1b892fa9;hp=f278f5008857d195d565a1b0b299735b33f66daf;hb=aa4bf29685ec8becb6dc0c0e1b78668fd15da384;hpb=d4e7cbce6db6c8a08ca82b12d9eeaa5a4f59fc3e

diff --git a/src/DIPE.cxx b/src/DIPE.cxx
index f278f50..e06f2f3 100644
--- a/src/DIPE.cxx
+++ b/src/DIPE.cxx
@@ -78,18 +78,14 @@ namespace {
 
 	/* Data format is iv | enc(4 byte len | ptxt | 0 padding) | tag
 	 */
-	int dipe_aes_encrypt(uint8_t* key, size_t ptxt_len, uint8_t* ptxt, size_t ctxt_len, uint8_t* ctxt) {
+	int dipe_aes_encrypt(uint8_t* key, uint8_t* iv, size_t ptxt_len, uint8_t* ptxt, size_t ctxt_len, uint8_t* ctxt) {
 		struct gcm_aes128_ctx ctx;
-		uint8_t iv[12];
 		uint8_t block[16];
 		uint32_t coded_ptxtlen;
 
-		ctxt_len -= (12 + 16); /* IV + Tag */
-		if (ctxt_len < ptxt_len) return -1;
+		ctxt_len -= 16; /* Tag */
+		if (ctxt_len < ptxt_len + 4) return 0;
 		
-		getrandom(iv, 12, 0);
-		memcpy(ctxt, iv, 12);
-		ctxt += 12;
 		memset(block, 0, 16);
 		gcm_aes128_set_key(&ctx, key);
 		gcm_aes128_set_iv(&ctx, 12, iv);
@@ -123,13 +119,12 @@ namespace {
 		return 0;
 	}
 
-	int dipe_aes_decrypt(uint8_t* key, size_t len, uint8_t* ctxt, uint8_t* ptxt) {
+	int dipe_aes_decrypt(uint8_t* key, uint8_t* iv, size_t len, uint8_t* ctxt, uint8_t* ptxt) {
 		struct gcm_aes128_ctx ctx;
 		uint8_t block[16];
 
 		gcm_aes128_set_key(&ctx, key);
-		gcm_aes128_set_iv(&ctx, 12, ctxt);
-		ctxt += 12; len -= 12;
+		gcm_aes128_set_iv(&ctx, 12, iv);
 		len -= 16; /* GCM tag */
 
 		
@@ -332,7 +327,7 @@ void dipe_encrypt(dipe_param_t param, dipe_master_publickey_t mpk, element_t* x,
 	cap_len = dipe_serialize_ctxt(param, cap, (uint8_t*)ctxt);
 	ctxt += cap_len; ctxt_len -= cap_len;
 	
-	dipe_aes_encrypt(aes, ptxt_len, (uint8_t*)ptxt, ctxt_len, (uint8_t*)ctxt);
+	dipe_aes_encrypt(aes, aes+16, ptxt_len, (uint8_t*)ptxt, ctxt_len, (uint8_t*)ctxt);
 
 	dipe_free_ctxt(cap);
 	element_clear(key);
@@ -354,7 +349,7 @@ size_t dipe_decrypt(dipe_param_t param, dipe_secretkey_t sk, char* cid, element_
 	dipe_free_ctxt(cap);
 	element_clear(key);
 
-	return dipe_aes_decrypt(aes, ctxt_len, (uint8_t*)ctxt, (uint8_t*)ptxt);
+	return dipe_aes_decrypt(aes, aes+16, ctxt_len, (uint8_t*)ctxt, (uint8_t*)ptxt);
 }
 
 /* Note: we're generating random-looking bytes here. Therefore we
@@ -408,7 +403,7 @@ size_t dipe_deserialize_ctxt(dipe_param_t param, size_t dimension, dipe_ctxt_t*
 }
 
 size_t dipe_ciphertext_overhead(dipe_param_t param, size_t dimension) {
-	size_t overhead = 12 + 16 + 4 /* IV + Tag + Size */;
+	size_t overhead = 16 + 4 /* IV + Tag + Size */;
 	element_t t;
 
 	element_init_G1(t, param->pairing);