Skip to content

File SolidSyslogOpenSslHmacSha256Policy.h

FileList > Interface > SolidSyslogOpenSslHmacSha256Policy.h

Go to the source code of this file

A keyed HMAC-SHA256 security policy (OpenSSL reference integration) that authenticates each stored record — tamper-detection for store-and-forward without encryption. More...

  • #include "ExternC.h"
  • #include "SolidSyslogKeyFunction.h"

Classes

Type Name
struct SolidSyslogOpenSslHmacSha256PolicyConfig
Supplies the key SolidSyslogOpenSslHmacSha256Policy seals and verifies with.

Public Functions

Type Name
struct SolidSyslogSecurityPolicy * SolidSyslogOpenSslHmacSha256Policy_Create (const struct SolidSyslogOpenSslHmacSha256PolicyConfig * config)
Draw a policy from the pool.
void SolidSyslogOpenSslHmacSha256Policy_Destroy (struct SolidSyslogSecurityPolicy * base)
Release the pool slot.

Detailed Description

What the policy does through its vtable is the substance:

  • SealRecord computes HMAC-SHA256 over the whole record content (the header/body split matters only to AEAD policies, so it is ignored here) and writes the 32-byte tag into the record trailer. The key is fetched on demand via GetKey and wiped after the computation.
  • OpenRecord recomputes the tag and compares it to the stored trailer in constant time (no early exit, no timing oracle); a mismatch returns false.
  • It fails closed — returns false, so nothing is sealed / verified — if the key is unavailable, shorter than 32 bytes (RFC 2104 / NIST SP 800-107: an HMAC key should be at least the hash output length), or the HMAC computation fails.

Public Functions Documentation

function SolidSyslogOpenSslHmacSha256Policy_Create

Draw a policy from the pool.

struct SolidSyslogSecurityPolicy * SolidSyslogOpenSslHmacSha256Policy_Create (
    const struct SolidSyslogOpenSslHmacSha256PolicyConfig * config
) 

A NULL config or NULL GetKey (bad config), or an exhausted pool (default size 1), falls back to the shared NullSecurityPolicy.


function SolidSyslogOpenSslHmacSha256Policy_Destroy

Release the pool slot.

void SolidSyslogOpenSslHmacSha256Policy_Destroy (
    struct SolidSyslogSecurityPolicy * base
) 

The policy owns no resources — the key is never stored on the instance — so this only frees the slot.



The documentation for this class was generated from the following file Platform/OpenSsl/Interface/SolidSyslogOpenSslHmacSha256Policy.h