Cryptography Reference
In-Depth Information
As you may recall from the previous section, the fi rst two bytes are the length
of the payload, and the third byte is the length of the padding (if any).
Next, check to see if a cipher spec is active and if so, apply it:
bufptr += bytes_read;
remaining -= bytes_read;
}
// Decrypt if a cipher spec is active
if ( parameters->active_cipher_spec != NULL )
{
unsigned char *decrypted = malloc( message_len );
int mac_len = parameters->active_cipher_spec->hash_size;
parameters->active_cipher_spec->bulk_decrypt( buffer, message_len,
decrypted,
parameters->read_state ? parameters->read_state :
parameters->read_iv,
parameters->read_key );
if ( !verify_mac( decrypted + mac_len, message_len - mac_len,
decrypted, mac_len, parameters ) )
{
return -1;
}
free( buffer );
buffer = malloc( message_len - mac_len - padding_len );
memcpy( buffer, decrypted + mac_len,
message_len - mac_len - padding_len );
message_len = message_len - mac_len, padding_len;
free( decrypted );
}
parameters->read_sequence_number++;
This more or less parallels the changes made to
send_message
, in Listing C-24.
First allocate a
decrypted
buffer and decrypt the whole packet into it. Next, the
MAC is verifi ed in Listing C-28.
Listing C-28:
“ssl.c” verify_mac
static int verify_mac( const unsigned char *data,
int data_len,
const unsigned char *mac,
int mac_len,
SSLParameters *parameters )
{
digest_ctx ctx;
int sequence_number;
Search WWH ::
Custom Search