Cryptography Reference
In-Depth Information
Decrypting and Authenticating
Just as encryption was handled entirely within
send_message
, decrypting can
be handled entirely within
receive_tls_msg
. This time, you don't even need
to update the parameter list because it already accepts a
TLSParameters
; it just
needs to look at the active receive parameters and apply them as necessary.
Decryption and authentication is shown in Listing 6-67.
Listing 6-67:
“tls.c” receive_tls_msg with decrypt support
static int receive_tls_msg( int connection,
TLSParameters *parameters )
{
TLSPlaintext message;
unsigned char *read_pos, *msg_buf,
*decrypted_message, *encrypted_message
;
unsigned char header[ 5 ]; // size of TLSPlaintext
int bytes_read, accum_bytes;
int decrypted_length;
// Read header as usual - header is not encrypted
…
encrypted_message
= ( char * ) malloc( message.length );
// keep looping & appending until all bytes are accounted for
accum_bytes = 0;
msg_buf = encrypted_message;
while ( accum_bytes < message.length )
{
// Read the buffer as before, but update encrypted_message now
…
}
// If a cipherspec is active, all of “encrypted_message” will be encrypted.
// Must decrypt it before continuing. This will change the message length
// in all cases, since decrypting also involves verifying a MAC (unless the
// active cipher spec is NULL_WITH_NULL_NULL).
decrypted_message = NULL;
decrypted_length = tls_decrypt( header, encrypted_message, message.length,
&decrypted_message, ¶meters->active_recv_parameters );
free( encrypted_message );
if ( decrypted_length < 0 )
{
send_alert_message( connection, bad_record_mac,
¶meters->active_send_parameters );
return -1;
}
parameters->active_recv_parameters.seq_num++;
}
(Continued)
Search WWH ::
Custom Search