File SolidSyslogMbedTlsHmacSha256Policy.h¶
FileList > Interface > SolidSyslogMbedTlsHmacSha256Policy.h
Go to the source code of this file
HMAC-SHA256 integrity SecurityPolicy via Mbed TLS, for a store that must detect tampering of records at rest (authentication only, no confidentiality). More...
#include "ExternC.h"#include "SolidSyslogKeyFunction.h"
Classes¶
| Type | Name |
|---|---|
| struct | SolidSyslogMbedTlsHmacSha256PolicyConfig |
Public Functions¶
| Type | Name |
|---|---|
| struct SolidSyslogSecurityPolicy * | SolidSyslogMbedTlsHmacSha256Policy_Create (const struct SolidSyslogMbedTlsHmacSha256PolicyConfig * config) Draw an HMAC policy from the pool. |
| void | SolidSyslogMbedTlsHmacSha256Policy_Destroy (struct SolidSyslogSecurityPolicy * base) Release the pool slot; the policy owns no resources beyond the slot (the key is fetched per-call). |
Detailed Description¶
What the policy does through its vtable is the substance:
- Seal authenticates the whole record content as one buffer (the header/body split matters only to AEAD policies, so HeaderLength is ignored) and writes the 32-byte tag into the record trailer. It is keyed and fails closed — if the key is unavailable or shorter than the SHA-256 output (32 bytes), Seal returns false and nothing is stored.
- Open recomputes the tag and compares it to the stored one in constant time (no early exit, no timing oracle). A mismatch returns false silently — the expected tamper verdict — and is not reported.
The key is fetched on demand via GetKey and wiped after every computation — it is never stored on the instance.
Public Functions Documentation¶
function SolidSyslogMbedTlsHmacSha256Policy_Create¶
Draw an HMAC policy from the pool.
struct SolidSyslogSecurityPolicy * SolidSyslogMbedTlsHmacSha256Policy_Create (
const struct SolidSyslogMbedTlsHmacSha256PolicyConfig * config
)
Bad config (NULL GetKey) or an exhausted pool falls back to the shared NullSecurityPolicy.
function SolidSyslogMbedTlsHmacSha256Policy_Destroy¶
Release the pool slot; the policy owns no resources beyond the slot (the key is fetched per-call).
The documentation for this class was generated from the following file Platform/MbedTls/Interface/SolidSyslogMbedTlsHmacSha256Policy.h