MCPcopy
hub / github.com/XTLS/REALITY / decryptTicket

Method decryptTicket

ticket.go:370–399  ·  view source on GitHub ↗
(encrypted []byte, ticketKeys []ticketKey)

Source from the content-addressed store, hash-verified

368}
369
370func (c *Config) decryptTicket(encrypted []byte, ticketKeys []ticketKey) []byte {
371 if len(encrypted) < aes.BlockSize+sha256.Size {
372 return nil
373 }
374
375 iv := encrypted[:aes.BlockSize]
376 ciphertext := encrypted[aes.BlockSize : len(encrypted)-sha256.Size]
377 authenticated := encrypted[:len(encrypted)-sha256.Size]
378 macBytes := encrypted[len(encrypted)-sha256.Size:]
379 for _, key := range ticketKeys {
380 mac := hmac.New(sha256.New, key.hmacKey[:])
381 mac.Write(authenticated)
382 expected := mac.Sum(nil)
383
384 if subtle.ConstantTimeCompare(macBytes, expected) != 1 {
385 continue
386 }
387
388 block, err := aes.NewCipher(key.aesKey[:])
389 if err != nil {
390 return nil
391 }
392 plaintext := make([]byte, len(ciphertext))
393 cipher.NewCTR(block, iv).XORKeyStream(plaintext, ciphertext)
394
395 return plaintext
396 }
397
398 return nil
399}
400
401// ClientSessionState contains the state needed by a client to
402// resume a previous TLS session.

Callers 3

DecryptTicketMethod · 0.95
checkForResumptionMethod · 0.80
checkForResumptionMethod · 0.80

Calls 2

WriteMethod · 0.65
SumMethod · 0.45

Tested by

no test coverage detected