MCPcopy Index your code
hub / github.com/XTLS/Go / decrypt

Method decrypt

conn.go:358–480  ·  view source on GitHub ↗

decrypt authenticates and decrypts the record if protection is active at this stage. The returned plaintext might overlap with the input.

(record []byte)

Source from the content-addressed store, hash-verified

356// decrypt authenticates and decrypts the record if protection is active at
357// this stage. The returned plaintext might overlap with the input.
358func (hc *halfConn) decrypt(record []byte) ([]byte, recordType, error) {
359 var plaintext []byte
360 typ := recordType(record[0])
361 payload := record[recordHeaderLen:]
362
363 // In TLS 1.3, change_cipher_spec messages are to be ignored without being
364 // decrypted. See RFC 8446, Appendix D.4.
365 if hc.version == VersionTLS13 && typ == recordTypeChangeCipherSpec {
366 return payload, typ, nil
367 }
368
369 paddingGood := byte(255)
370 paddingLen := 0
371
372 explicitNonceLen := hc.explicitNonceLen()
373
374 if hc.cipher != nil {
375 switch c := hc.cipher.(type) {
376 case cipher.Stream:
377 c.XORKeyStream(payload, payload)
378 case aead:
379 if len(payload) < explicitNonceLen {
380 return nil, 0, alertBadRecordMAC
381 }
382 nonce := payload[:explicitNonceLen]
383 if len(nonce) == 0 {
384 nonce = hc.seq[:]
385 }
386 payload = payload[explicitNonceLen:]
387
388 var additionalData []byte
389 if hc.version == VersionTLS13 {
390 additionalData = record[:recordHeaderLen]
391 } else {
392 additionalData = append(hc.scratchBuf[:0], hc.seq[:]...)
393 additionalData = append(additionalData, record[:3]...)
394 n := len(payload) - c.Overhead()
395 additionalData = append(additionalData, byte(n>>8), byte(n))
396 }
397
398 var err error
399 plaintext, err = c.Open(payload[:0], nonce, payload, additionalData)
400 if err != nil {
401 return nil, 0, alertBadRecordMAC
402 }
403 case cbcMode:
404 blockSize := c.BlockSize()
405 minPayload := explicitNonceLen + roundUp(hc.mac.Size()+1, blockSize)
406 if len(payload)%blockSize != 0 || len(payload) < minPayload {
407 return nil, 0, alertBadRecordMAC
408 }
409
410 if explicitNonceLen > 0 {
411 c.SetIV(payload[:explicitNonceLen])
412 payload = payload[explicitNonceLen:]
413 }
414 c.CryptBlocks(payload, payload)
415

Callers 1

readRecordOrCCSMethod · 0.80

Calls 11

explicitNonceLenMethod · 0.95
incSeqMethod · 0.95
recordTypeTypeAlias · 0.85
roundUpFunction · 0.85
extractPaddingFunction · 0.85
tls10MACFunction · 0.85
BlockSizeMethod · 0.80
SizeMethod · 0.80
SetIVMethod · 0.80
OverheadMethod · 0.45
OpenMethod · 0.45

Tested by

no test coverage detected