Cryptography Reference
In-Depth Information
short content_len,
ProtectionParameters *parameters )
{
…
unsigned char *mac = NULL;
unsigned char mac_header[ 13 ];
digest_ctx digest;
…
active_suite = &suites[ parameters->suite ];
// Compute the MAC header always, since this will be used
// for AEAD or other ciphers
// Allocate enough space for the 8-byte sequence number, the 5-byte pseudo
// header, and the content.
// These will be overwritten below
if ( active_suite->hash_size )
{
int sequence_num;
memset( mac_header, '\0', 8 );
sequence_num = htonl( parameters->seq_num );
memcpy( mac_header + 4, &sequence_num, sizeof( int ) );
header.type = content_type;
header.version.major = TLS_VERSION_MAJOR;
header.version.minor = TLS_VERSION_MINOR;
header.length = htons( content_len );
mac_header[ 8 ] = header.type;
mac_header[ 9 ] = header.version.major;
mac_header[ 10 ] = header.version.minor;
memcpy( mac_header + 11, &header.length, sizeof( short ) );
}
if ( active_suite->new_digest )
{
unsigned char *mac_buffer = malloc( 13 + content_len );
mac = ( unsigned char * ) malloc( active_suite->hash_size );
active_suite->new_digest( &digest );
memcpy( mac_buffer, mac_header, 13 );
memcpy( mac_buffer + 13, content, content_len );
…
This change just creates a new
mac_header
buffer and pulls its computation out
of the MAC computation so that it's accessible to the AEAD encryption function.
Of course, you must also do the encryption itself. This is a tad complex just
because you're indexing into various places in various buffers but ultimately
boils down to a call to AEAD encrypt with the plaintext, associated data, nonce,
and key previously negotiated. This is shown in Listing 9-29.
Search WWH ::
Custom Search