} sigheader_t;
METHOD(tls_aead_t, encrypt, bool,
- private_tls_aead_t *this, tls_version_t version, tls_content_type_t type,
+ private_tls_aead_t *this, tls_version_t version, tls_content_type_t *type,
uint64_t seq, chunk_t *data)
{
chunk_t assoc, encrypted, iv, plain;
plain = chunk_skip(encrypted, iv.len);
plain.len -= icvlen;
- hdr.type = type;
+ hdr.type = *type;
htoun64(&hdr.seq, seq);
htoun16(&hdr.version, version);
htoun16(&hdr.length, plain.len);
}
METHOD(tls_aead_t, decrypt, bool,
- private_tls_aead_t *this, tls_version_t version, tls_content_type_t type,
+ private_tls_aead_t *this, tls_version_t version, tls_content_type_t *type,
uint64_t seq, chunk_t *data)
{
chunk_t assoc, iv;
return FALSE;
}
- hdr.type = type;
+ hdr.type = *type;
htoun64(&hdr.seq, seq);
htoun16(&hdr.version, version);
htoun16(&hdr.length, data->len - icvlen);
* gets updated to the IV for the next record.
*
* @param version TLS version
- * @param type TLS content type
+ * @param type TLS content type (may be changed)
* @param seq record sequence number
* @param data data to encrypt, encryption result
* @return TRUE if successfully encrypted
*/
bool (*encrypt)(tls_aead_t *this, tls_version_t version,
- tls_content_type_t type, uint64_t seq, chunk_t *data);
+ tls_content_type_t *type, uint64_t seq, chunk_t *data);
/**
* Decrypt and verify a TLS record.
* length, decryption is done inline.
*
* @param version TLS version
- * @param type TLS content type
+ * @param type TLS content type (may be changed)
* @param seq record sequence number
* @param data data to decrypt, decrypted result
* @return TRUE if successfully decrypted
*/
bool (*decrypt)(tls_aead_t *this, tls_version_t version,
- tls_content_type_t type, uint64_t seq, chunk_t *data);
+ tls_content_type_t *type, uint64_t seq, chunk_t *data);
/**
* Get the authentication key size.
} sigheader_t;
METHOD(tls_aead_t, encrypt, bool,
- private_tls_aead_t *this, tls_version_t version, tls_content_type_t type,
+ private_tls_aead_t *this, tls_version_t version, tls_content_type_t *type,
uint64_t seq, chunk_t *data)
{
chunk_t assoc, mac, padding, iv;
uint8_t bs, padlen;
sigheader_t hdr;
- hdr.type = type;
+ hdr.type = *type;
htoun64(&hdr.seq, seq);
htoun16(&hdr.version, version);
htoun16(&hdr.length, data->len);
}
METHOD(tls_aead_t, decrypt, bool,
- private_tls_aead_t *this, tls_version_t version, tls_content_type_t type,
+ private_tls_aead_t *this, tls_version_t version, tls_content_type_t *type,
uint64_t seq, chunk_t *data)
{
chunk_t assoc, mac, iv;
mac = chunk_skip(*data, data->len - bs);
data->len -= bs;
- hdr.type = type;
+ hdr.type = *type;
htoun64(&hdr.seq, seq);
htoun16(&hdr.version, version);
htoun16(&hdr.length, data->len);
METHOD(tls_aead_t, encrypt, bool,
private_tls_aead_t *this, tls_version_t version,
- tls_content_type_t type, uint64_t seq, chunk_t *data)
+ tls_content_type_t *type, uint64_t seq, chunk_t *data)
{
chunk_t assoc, mac, padding;
uint8_t bs, padlen;
sigheader_t hdr;
- hdr.type = type;
+ hdr.type = *type;
htoun64(&hdr.seq, seq);
htoun16(&hdr.version, version);
htoun16(&hdr.length, data->len);
METHOD(tls_aead_t, decrypt, bool,
private_tls_aead_t *this, tls_version_t version,
- tls_content_type_t type, uint64_t seq, chunk_t *data)
+ tls_content_type_t *type, uint64_t seq, chunk_t *data)
{
chunk_t assoc, mac, iv;
uint8_t bs, padlen;
mac = chunk_skip(*data, data->len - bs);
data->len -= bs;
- hdr.type = type;
+ hdr.type = *type;
htoun64(&hdr.seq, seq);
htoun16(&hdr.version, version);
htoun16(&hdr.length, data->len);
METHOD(tls_aead_t, encrypt, bool,
private_tls_aead_t *this, tls_version_t version,
- tls_content_type_t type, uint64_t seq, chunk_t *data)
+ tls_content_type_t *type, uint64_t seq, chunk_t *data)
{
chunk_t assoc, mac;
sigheader_t hdr;
- hdr.type = type;
+ hdr.type = *type;
htoun64(&hdr.seq, seq);
htoun16(&hdr.version, version);
htoun16(&hdr.length, data->len);
METHOD(tls_aead_t, decrypt, bool,
private_tls_aead_t *this, tls_version_t version,
- tls_content_type_t type, uint64_t seq, chunk_t *data)
+ tls_content_type_t *type, uint64_t seq, chunk_t *data)
{
chunk_t assoc, mac;
sigheader_t hdr;
mac = chunk_skip(*data, data->len - mac.len);
data->len -= mac.len;
- hdr.type = type;
+ hdr.type = *type;
htoun64(&hdr.seq, seq);
htoun16(&hdr.version, version);
htoun16(&hdr.length, data->len);
if (this->aead_in)
{
if (!this->aead_in->decrypt(this->aead_in, this->version,
- type, this->seq_in, &data))
+ &type, this->seq_in, &data))
{
DBG1(DBG_TLS, "TLS record decryption failed");
this->alert->add(this->alert, TLS_FATAL, TLS_BAD_RECORD_MAC);
if (this->aead_out)
{
if (!this->aead_out->encrypt(this->aead_out, this->version,
- *type, this->seq_out, data))
+ type, this->seq_out, data))
{
DBG1(DBG_TLS, "TLS record encryption failed");
chunk_free(data);
projects / thirdparty / strongswan.git / commitdiff
