tls_record_decryption.h File Reference

TLS record decryption. More...

#include "tls.h"

Go to the source code of this file.

Functions

error_t tlsDecryptRecord (TlsContext *context, TlsEncryptionEngine *decryptionEngine, void *record)
 Decrypt an incoming TLS record. More...
 
error_t tlsDecryptAeadRecord (TlsContext *context, TlsEncryptionEngine *decryptionEngine, void *record)
 Record decryption (AEAD cipher) More...
 
error_t tlsDecryptCbcRecord (TlsContext *context, TlsEncryptionEngine *decryptionEngine, void *record)
 Record decryption (CBC block cipher) More...
 
error_t tlsDecryptStreamRecord (TlsContext *context, TlsEncryptionEngine *decryptionEngine, void *record)
 Record decryption (stream cipher) More...
 
error_t tlsVerifyMessageAuthCode (TlsContext *context, TlsEncryptionEngine *decryptionEngine, void *record)
 Check message authentication code. More...
 
uint32_t tlsVerifyPadding (const uint8_t *data, size_t dataLen, size_t *paddingLen)
 CBC padding verification (constant time) More...
 
uint32_t tlsVerifyMac (TlsContext *context, TlsEncryptionEngine *decryptionEngine, const void *record, const uint8_t *data, size_t dataLen, size_t maxDataLen, const uint8_t *mac)
 MAC verification (constant time) More...
 
uint32_t tlsExtractMac (TlsEncryptionEngine *decryptionEngine, const uint8_t *data, size_t dataLen, size_t maxDataLen, uint8_t *mac)
 Extract the MAC from the TLS record (constant time) More...
 

Detailed Description

TLS record decryption.

License

SPDX-License-Identifier: GPL-2.0-or-later

Copyright (C) 2010-2024 Oryx Embedded SARL. All rights reserved.

This file is part of CycloneSSL Open.

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.

Author
Oryx Embedded SARL (www.oryx-embedded.com)
Version
2.4.4

Definition in file tls_record_decryption.h.

Function Documentation

◆ tlsDecryptAeadRecord()

error_t tlsDecryptAeadRecord ( TlsContext context,
TlsEncryptionEngine decryptionEngine,
void *  record 
)

Record decryption (AEAD cipher)

Parameters
[in]contextPointer to the TLS context
[in]decryptionEnginePointer to the decryption engine
[in,out]recordTLS record to be decrypted
Returns
Error code

Definition at line 126 of file tls_record_decryption.c.

◆ tlsDecryptCbcRecord()

error_t tlsDecryptCbcRecord ( TlsContext context,
TlsEncryptionEngine decryptionEngine,
void *  record 
)

Record decryption (CBC block cipher)

Parameters
[in]contextPointer to the TLS context
[in]decryptionEnginePointer to the decryption engine
[in,out]recordTLS record to be decrypted
Returns
Error code

Definition at line 288 of file tls_record_decryption.c.

◆ tlsDecryptRecord()

error_t tlsDecryptRecord ( TlsContext context,
TlsEncryptionEngine decryptionEngine,
void *  record 
)

Decrypt an incoming TLS record.

Parameters
[in]contextPointer to the TLS context
[in]decryptionEnginePointer to the decryption engine
[in,out]recordTLS record to be decrypted
Returns
Error code

Definition at line 56 of file tls_record_decryption.c.

◆ tlsDecryptStreamRecord()

error_t tlsDecryptStreamRecord ( TlsContext context,
TlsEncryptionEngine decryptionEngine,
void *  record 
)

Record decryption (stream cipher)

Parameters
[in]contextPointer to the TLS context
[in]decryptionEnginePointer to the decryption engine
[in,out]recordTLS record to be decrypted
Returns
Error code

Definition at line 431 of file tls_record_decryption.c.

◆ tlsExtractMac()

uint32_t tlsExtractMac ( TlsEncryptionEngine decryptionEngine,
const uint8_t *  data,
size_t  dataLen,
size_t  maxDataLen,
uint8_t *  mac 
)

Extract the MAC from the TLS record (constant time)

Extract the MAC from the record in constant time without leaking information about what the make-up of the plaintext blocks is in terms of message, MAC field and padding, and whether the format is valid (Emilia Kasper and Bodo Moller's method)

Parameters
[in]decryptionEnginePointer to the decryption engine
[in]dataPointer to the record payload
[in]dataLenActual length of the payload (secret information)
[in]maxDataLenMaximum possible length of the payload
[out]macMessage authentication code
Returns
The function returns 0 if the MAC has been successfully extracted, else 1

Definition at line 864 of file tls_record_decryption.c.

◆ tlsVerifyMac()

uint32_t tlsVerifyMac ( TlsContext context,
TlsEncryptionEngine decryptionEngine,
const void *  record,
const uint8_t *  data,
size_t  dataLen,
size_t  maxDataLen,
const uint8_t *  mac 
)

MAC verification (constant time)

Calculate and verify the MAC in constant time without leaking information about what the make-up of the plaintext blocks is in terms of message, MAC field and padding, and whether the format is valid (Adam Langley's method)

Parameters
[in]contextPointer to the TLS context
[in]decryptionEnginePointer to the decryption engine
[in]recordPointer to the TLS record
[in]dataPointer to the record payload
[in]dataLenActual length of the plaintext data (secret information)
[in]maxDataLenMaximum possible length of the plaintext data
[in]macMessage authentication code
Returns
The function returns 0 if the MAC verification is successful, else 1

Definition at line 663 of file tls_record_decryption.c.

◆ tlsVerifyMessageAuthCode()

error_t tlsVerifyMessageAuthCode ( TlsContext context,
TlsEncryptionEngine decryptionEngine,
void *  record 
)

Check message authentication code.

Parameters
[in]contextPointer to the TLS context
[in]decryptionEnginePointer to the decryption engine
[in,out]recordTLS record to be authenticated
Returns
Error code

Definition at line 472 of file tls_record_decryption.c.

◆ tlsVerifyPadding()

uint32_t tlsVerifyPadding ( const uint8_t *  data,
size_t  dataLen,
size_t *  paddingLen 
)

CBC padding verification (constant time)

Parameters
[in]dataPointer to the record payload
[in]dataLenLength of the payload
[out]paddingLenLength of the padding string
Returns
The function returns 0 if the padding is correct, 1 on failure

Definition at line 610 of file tls_record_decryption.c.