Cryptography Reference
In-Depth Information
*decrypted_message = ( unsigned char * ) malloc( encrypted_length );
if ( active_suite->bulk_decrypt )
{
active_suite->bulk_decrypt( encrypted_message, encrypted_length,
*decrypted_message, parameters->IV, parameters->key );
decrypted_length = encrypted_length;
// Strip off padding
if ( active_suite->block_size )
{
decrypted_length -= ( (*decrypted_message)[ encrypted_length - 1 ] + 1 );
}
}
else
{
// Do nothing, no bulk cipher algorithm chosen.
// Still have to memcpy so that “free” in caller is consistent
decrypted_length = encrypted_length;
memcpy( *decrypted_message, encrypted_message, encrypted_length );
}
// Now, verify the MAC (if the active cipher suite includes one)
if ( active_suite->new_digest )
{
active_suite->new_digest( &digest );
decrypted_length -= ( digest.hash_len * sizeof( int ) );
// Allocate enough space for the 8-byte sequence number, the TLSPlainText
// header, and the fragment (e.g. the decrypted message).
mac_buffer = malloc( 13 + decrypted_length );
memset( mac_buffer, 0x0, 13 + decrypted_length );
sequence_number = htonl( parameters->seq_num );
memcpy( mac_buffer + 4, &sequence_number, sizeof( int ) );
// Copy first three bytes of header; last two bytes reflected the
// message length, with MAC attached. Since the MAC was computed
// by the other side before it was attached (obviously), that MAC
// was computed using the original length.
memcpy( mac_buffer + 8, header, 3 );
length = htons( decrypted_length );
memcpy( mac_buffer + 11, &length, 2 );
memcpy( mac_buffer + 13, *decrypted_message, decrypted_length );
hmac( parameters->MAC_secret, digest.hash_len * sizeof( int ),
mac_buffer, decrypted_length + 13, &digest );
if ( memcmp( digest.hash,
(*decrypted_message) + decrypted_length,
digest.hash_len * sizeof( int ) ) )
(Continued)
Search WWH ::
Custom Search