Skip to content

File SolidSyslogMbedTlsHmacSha256Policy.h

FileList > Interface > SolidSyslogMbedTlsHmacSha256Policy.h

Go to the source code of this file

HMAC-SHA256 integrity SecurityPolicy via Mbed TLS, for a store that must detect tampering of records at rest (authentication only, no confidentiality). More...

  • #include "ExternC.h"
  • #include "SolidSyslogKeyFunction.h"

Classes

Type Name
struct SolidSyslogMbedTlsHmacSha256PolicyConfig

Public Functions

Type Name
struct SolidSyslogSecurityPolicy * SolidSyslogMbedTlsHmacSha256Policy_Create (const struct SolidSyslogMbedTlsHmacSha256PolicyConfig * config)
Draw an HMAC policy from the pool.
void SolidSyslogMbedTlsHmacSha256Policy_Destroy (struct SolidSyslogSecurityPolicy * base)
Release the pool slot; the policy owns no resources beyond the slot (the key is fetched per-call).

Detailed Description

What the policy does through its vtable is the substance:

  • Seal authenticates the whole record content as one buffer (the header/body split matters only to AEAD policies, so HeaderLength is ignored) and writes the 32-byte tag into the record trailer. It is keyed and fails closed — if the key is unavailable or shorter than the SHA-256 output (32 bytes), Seal returns false and nothing is stored.
  • Open recomputes the tag and compares it to the stored one in constant time (no early exit, no timing oracle). A mismatch returns false silently — the expected tamper verdict — and is not reported.

The key is fetched on demand via GetKey and wiped after every computation — it is never stored on the instance.

Public Functions Documentation

function SolidSyslogMbedTlsHmacSha256Policy_Create

Draw an HMAC policy from the pool.

struct SolidSyslogSecurityPolicy * SolidSyslogMbedTlsHmacSha256Policy_Create (
    const struct SolidSyslogMbedTlsHmacSha256PolicyConfig * config
) 

Bad config (NULL GetKey) or an exhausted pool falls back to the shared NullSecurityPolicy.


function SolidSyslogMbedTlsHmacSha256Policy_Destroy

Release the pool slot; the policy owns no resources beyond the slot (the key is fetched per-call).

void SolidSyslogMbedTlsHmacSha256Policy_Destroy (
    struct SolidSyslogSecurityPolicy * base
) 



The documentation for this class was generated from the following file Platform/MbedTls/Interface/SolidSyslogMbedTlsHmacSha256Policy.h