I am trying to decrypt TLS 1.2 records that is using the TLS_AES_128_GCM_SHA256 cipher-suite using openssl's EVP API.
Per RFC 5246, decryption needs 4 inputs.
"
"
In order to decrypt and verify, the cipher takes as input the key,
nonce, the "additional_data", and the AEADEncrypted value. The
output is either the plaintext or an error indicating that the
decryption failed. There is no separate integrity check. That is:
TLSCompressed.fragment = AEAD-Decrypt(write_key, nonce,
AEADEncrypted,
additional_data)
"But, in the AES-GCM decryption example on openssl wiki at https://wiki.openssl.org/index.php/EVP_Authenticated_Encryption_and_Decryption shows the decryption also takes as input the tag to be verified.
I know that the Authentication tag is the last 16 bytes of the TLS 1.2 record payload. But, my confusion is why the RFC has no mention of the Authentication tag.
And so, to decrypt the TLS record, should I follow the example on openssl wiki?
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
