Cryptography Reference
In-Depth Information
read_pos = decrypted_message;
if ( message.type == content_handshake )
{
…
}
free( decrypted_message );
return decrypted_length;
}
And everything else stays the same; at this point, the message has been
decrypted and can be processed just as if it had been received in plaintext. In fact,
this code is necessary to process a server fi nished handshake message because,
per the specifi cation, server fi nished is
always
sent using the active cipher spec.
The heavy lifting of decryption is handled by
tls_decrypt
, which is respon-
sible for not only decrypting the buffer, but verifying its MAC as well. If the
MAC doesn't verify,
tls_decrypt
returns -1; otherwise it returns the length
of the decrypted buffer. As mentioned earlier, this is always different than the
original buffer length, even for stream ciphers, as the
tls_decrypt
function
strips off the MAC after decrypting the block.
Without further ado,
tls_decrypt
itself is presented in Listing 6-68.
Listing 6-68:
“tls.c” tls_decrypt
/**
* Decrypt a message and verify its MAC according to the active cipher spec
* (as given by “parameters”). Free the space allocated by encrypted message
* and allocate new space for the decrypted message (if decrypting is “identity”,
* then decrypted will point to encrypted). The caller must always issue a
* “free decrypted_message”.
* Return the length of the message, or -1 if the MAC doesn't verify. The return
* value will almost always be different than “encrypted_length”, since it strips
* off the MAC if present as well as bulk cipher padding (if a block cipher
* algorithm is being used).
*/
static int tls_decrypt( const unsigned char *header, // needed for MAC verification
unsigned char *encrypted_message,
short encrypted_length,
unsigned char **decrypted_message,
ProtectionParameters *parameters )
{
short decrypted_length;
digest_ctx digest;
unsigned char *mac_buffer;
int sequence_number;
short length;
CipherSuite *active_suite = &( suites[ parameters->suite ] );
Search WWH ::
Custom Search