Cryptography Reference
In-Depth Information
Listing 9-30:
“tls.c” tls_decrypt with AEAD decryption
int tls_decrypt( const unsigned char *header, // need this for MAC verification
unsigned char *encrypted_message,
short encrypted_length,
unsigned char **decrypted_message,
ProtectionParameters *parameters )
{
…
unsigned char *mac_buffer;
unsigned char mac_header[ 13 ];
int sequence_number;
…
if ( active_suite->bulk_decrypt )
{
…
}
else if ( active_suite->aead_decrypt )
{
if ( active_suite->IV_size )
{
memcpy( parameters->IV, encrypted_message, active_suite->IV_size );
}
decrypted_length = encrypted_length - active_suite->hash_size;
// Compute the MAC header, which is the AD part. This
// has to be done separately here, since the length computation
// is slightly different than in the block cipher case
memset( mac_header, 0x0, 13 );
sequence_number = htonl( parameters->seq_num );
memcpy( mac_header + 4, &sequence_number, sizeof( int ) );
memcpy( mac_header + 8, header, 3 );
length = htons( decrypted_length );
memcpy( mac_header + 11, &length, 2 );
if ( active_suite->aead_decrypt( encrypted_message + active_suite->IV_size,
encrypted_length, mac_header, 13, *decrypted_message,
parameters->IV, parameters->key ) )
{
// MAC verification failed
return -3;
}
}
Notice that if
aead_decrypt
returns a non-zero response, indicating a MAC
failure, this routine returns
3, which triggers a “bad mac” error to be returned
to the caller.
Search WWH ::
Custom Search