MCPcopy
hub / github.com/XTLS/REALITY / decrypt

Method decrypt

conn.go:347–469  ·  view source on GitHub ↗

decrypt authenticates and decrypts the record if protection is active at this stage. The returned plaintext might overlap with the input.

(record []byte)

Source from the content-addressed store, hash-verified

345// decrypt authenticates and decrypts the record if protection is active at
346// this stage. The returned plaintext might overlap with the input.
347func (hc *halfConn) decrypt(record []byte) ([]byte, recordType, error) {
348 var plaintext []byte
349 typ := recordType(record[0])
350 payload := record[recordHeaderLen:]
351
352 // In TLS 1.3, change_cipher_spec messages are to be ignored without being
353 // decrypted. See RFC 8446, Appendix D.4.
354 if hc.version == VersionTLS13 && typ == recordTypeChangeCipherSpec {
355 return payload, typ, nil
356 }
357
358 paddingGood := byte(255)
359 paddingLen := 0
360
361 explicitNonceLen := hc.explicitNonceLen()
362
363 if hc.cipher != nil {
364 switch c := hc.cipher.(type) {
365 case cipher.Stream:
366 c.XORKeyStream(payload, payload)
367 case aead:
368 if len(payload) < explicitNonceLen {
369 return nil, 0, alertBadRecordMAC
370 }
371 nonce := payload[:explicitNonceLen]
372 if len(nonce) == 0 {
373 nonce = hc.seq[:]
374 }
375 payload = payload[explicitNonceLen:]
376
377 var additionalData []byte
378 if hc.version == VersionTLS13 {
379 additionalData = record[:recordHeaderLen]
380 } else {
381 additionalData = append(hc.scratchBuf[:0], hc.seq[:]...)
382 additionalData = append(additionalData, record[:3]...)
383 n := len(payload) - c.Overhead()
384 additionalData = append(additionalData, byte(n>>8), byte(n))
385 }
386
387 var err error
388 plaintext, err = c.Open(payload[:0], nonce, payload, additionalData)
389 if err != nil {
390 return nil, 0, alertBadRecordMAC
391 }
392 case cbcMode:
393 blockSize := c.BlockSize()
394 minPayload := explicitNonceLen + roundUp(hc.mac.Size()+1, blockSize)
395 if len(payload)%blockSize != 0 || len(payload) < minPayload {
396 return nil, 0, alertBadRecordMAC
397 }
398
399 if explicitNonceLen > 0 {
400 c.SetIV(payload[:explicitNonceLen])
401 payload = payload[explicitNonceLen:]
402 }
403 c.CryptBlocks(payload, payload)
404

Callers 1

readRecordOrCCSMethod · 0.80

Calls 11

explicitNonceLenMethod · 0.95
incSeqMethod · 0.95
recordTypeTypeAlias · 0.85
roundUpFunction · 0.85
extractPaddingFunction · 0.85
tls10MACFunction · 0.85
BlockSizeMethod · 0.80
SizeMethod · 0.80
SetIVMethod · 0.80
OverheadMethod · 0.45
OpenMethod · 0.45

Tested by

no test coverage detected