TLS record decryption. More...
#include "tls.h"#include "tls_record.h"#include "tls_record_decryption.h"#include "tls_record_encryption.h"#include "tls_misc.h"#include "cipher_modes/cbc.h"#include "aead/aead_algorithms.h"#include "debug.h"Go to the source code of this file.
Macros | |
| #define | TRACE_LEVEL TLS_TRACE_LEVEL |
Functions | |
| error_t | tlsDecryptRecord (TlsContext *context, TlsEncryptionEngine *decryptionEngine, void *record) |
| Decrypt an incoming TLS record. More... | |
| __weak_func error_t | tlsDecryptAeadRecord (TlsContext *context, TlsEncryptionEngine *decryptionEngine, void *record) |
| Record decryption (AEAD cipher) More... | |
| __weak_func error_t | tlsDecryptCbcRecord (TlsContext *context, TlsEncryptionEngine *decryptionEngine, void *record) |
| Record decryption (CBC block cipher) More... | |
| error_t | tlsDecryptStreamRecord (TlsContext *context, TlsEncryptionEngine *decryptionEngine, void *record) |
| Record decryption (stream cipher) More... | |
| error_t | tlsVerifyMessageAuthCode (TlsContext *context, TlsEncryptionEngine *decryptionEngine, void *record) |
| Check message authentication code. More... | |
| uint32_t | tlsVerifyPadding (const uint8_t *data, size_t dataLen, size_t *paddingLen) |
| CBC padding verification (constant time) More... | |
| __weak_func uint32_t | tlsVerifyMac (TlsContext *context, TlsEncryptionEngine *decryptionEngine, const void *record, const uint8_t *data, size_t dataLen, size_t maxDataLen, const uint8_t *mac) |
| MAC verification (constant time) More... | |
| uint32_t | tlsExtractMac (TlsEncryptionEngine *decryptionEngine, const uint8_t *data, size_t dataLen, size_t maxDataLen, uint8_t *mac) |
| Extract the MAC from the TLS record (constant time) More... | |
Detailed Description
TLS record decryption.
License
SPDX-License-Identifier: GPL-2.0-or-later
Copyright (C) 2010-2024 Oryx Embedded SARL. All rights reserved.
This file is part of CycloneSSL Open.
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
- Version
- 2.4.4
Definition in file tls_record_decryption.c.
Macro Definition Documentation
◆ TRACE_LEVEL
| #define TRACE_LEVEL TLS_TRACE_LEVEL |
Definition at line 32 of file tls_record_decryption.c.
Function Documentation
◆ tlsDecryptAeadRecord()
| __weak_func error_t tlsDecryptAeadRecord | ( | TlsContext * | context, |
| TlsEncryptionEngine * | decryptionEngine, | ||
| void * | record | ||
| ) |
Record decryption (AEAD cipher)
- Parameters
-
[in] context Pointer to the TLS context [in] decryptionEngine Pointer to the decryption engine [in,out] record TLS record to be decrypted
- Returns
- Error code
Definition at line 126 of file tls_record_decryption.c.
◆ tlsDecryptCbcRecord()
| __weak_func error_t tlsDecryptCbcRecord | ( | TlsContext * | context, |
| TlsEncryptionEngine * | decryptionEngine, | ||
| void * | record | ||
| ) |
Record decryption (CBC block cipher)
- Parameters
-
[in] context Pointer to the TLS context [in] decryptionEngine Pointer to the decryption engine [in,out] record TLS record to be decrypted
- Returns
- Error code
Definition at line 288 of file tls_record_decryption.c.
◆ tlsDecryptRecord()
| error_t tlsDecryptRecord | ( | TlsContext * | context, |
| TlsEncryptionEngine * | decryptionEngine, | ||
| void * | record | ||
| ) |
Decrypt an incoming TLS record.
- Parameters
-
[in] context Pointer to the TLS context [in] decryptionEngine Pointer to the decryption engine [in,out] record TLS record to be decrypted
- Returns
- Error code
Definition at line 56 of file tls_record_decryption.c.
◆ tlsDecryptStreamRecord()
| error_t tlsDecryptStreamRecord | ( | TlsContext * | context, |
| TlsEncryptionEngine * | decryptionEngine, | ||
| void * | record | ||
| ) |
Record decryption (stream cipher)
- Parameters
-
[in] context Pointer to the TLS context [in] decryptionEngine Pointer to the decryption engine [in,out] record TLS record to be decrypted
- Returns
- Error code
Definition at line 431 of file tls_record_decryption.c.
◆ tlsExtractMac()
| uint32_t tlsExtractMac | ( | TlsEncryptionEngine * | decryptionEngine, |
| const uint8_t * | data, | ||
| size_t | dataLen, | ||
| size_t | maxDataLen, | ||
| uint8_t * | mac | ||
| ) |
Extract the MAC from the TLS record (constant time)
Extract the MAC from the record in constant time without leaking information about what the make-up of the plaintext blocks is in terms of message, MAC field and padding, and whether the format is valid (Emilia Kasper and Bodo Moller's method)
- Parameters
-
[in] decryptionEngine Pointer to the decryption engine [in] data Pointer to the record payload [in] dataLen Actual length of the payload (secret information) [in] maxDataLen Maximum possible length of the payload [out] mac Message authentication code
- Returns
- The function returns 0 if the MAC has been successfully extracted, else 1
Definition at line 864 of file tls_record_decryption.c.
◆ tlsVerifyMac()
| __weak_func uint32_t tlsVerifyMac | ( | TlsContext * | context, |
| TlsEncryptionEngine * | decryptionEngine, | ||
| const void * | record, | ||
| const uint8_t * | data, | ||
| size_t | dataLen, | ||
| size_t | maxDataLen, | ||
| const uint8_t * | mac | ||
| ) |
MAC verification (constant time)
Calculate and verify the MAC in constant time without leaking information about what the make-up of the plaintext blocks is in terms of message, MAC field and padding, and whether the format is valid (Adam Langley's method)
- Parameters
-
[in] context Pointer to the TLS context [in] decryptionEngine Pointer to the decryption engine [in] record Pointer to the TLS record [in] data Pointer to the record payload [in] dataLen Actual length of the plaintext data (secret information) [in] maxDataLen Maximum possible length of the plaintext data [in] mac Message authentication code
- Returns
- The function returns 0 if the MAC verification is successful, else 1
Definition at line 663 of file tls_record_decryption.c.
◆ tlsVerifyMessageAuthCode()
| error_t tlsVerifyMessageAuthCode | ( | TlsContext * | context, |
| TlsEncryptionEngine * | decryptionEngine, | ||
| void * | record | ||
| ) |
Check message authentication code.
- Parameters
-
[in] context Pointer to the TLS context [in] decryptionEngine Pointer to the decryption engine [in,out] record TLS record to be authenticated
- Returns
- Error code
Definition at line 472 of file tls_record_decryption.c.
◆ tlsVerifyPadding()
| uint32_t tlsVerifyPadding | ( | const uint8_t * | data, |
| size_t | dataLen, | ||
| size_t * | paddingLen | ||
| ) |
CBC padding verification (constant time)
- Parameters
-
[in] data Pointer to the record payload [in] dataLen Length of the payload [out] paddingLen Length of the padding string
- Returns
- The function returns 0 if the padding is correct, 1 on failure
Definition at line 610 of file tls_record_decryption.c.