async def read_msg(self) -> bytes:
header_data = await self.read(HEADER_LEN + MAC_LEN)
header = self.decrypt_header(header_data)
frame_size = self.get_frame_size(header)
# The frame_size specified in the header does not include the padding to 16-byte boundary,
# so need to do this here to ensure we read all the frame's data.
read_size = roundup_16(frame_size)
frame_data = await self.read(read_size + MAC_LEN)
return self.decrypt_body(frame_data, frame_size)
async def read_msg(self) -> Tuple[protocol.Command, protocol._DecodedMsgType]:
header_data = await self.read(HEADER_LEN + MAC_LEN)
header = self.decrypt_header(header_data)
frame_size = self.get_frame_size(header)
# The frame_size specified in the header does not include the padding to 16-byte boundary,
# so need to do this here to ensure we read all the frame's data.
read_size = roundup_16(frame_size)
frame_data = await self.read(read_size + MAC_LEN)
msg = self.decrypt_body(frame_data, frame_size)
cmd = self.get_protocol_command_for(msg)
decoded_msg = cmd.decode(msg)
self.logger.debug("Successfully decoded %s msg: %s", cmd, decoded_msg)
return cmd, decoded_msg
def decrypt_body(self, data: bytes, body_size: int) -> bytes:
read_size = roundup_16(body_size)
if len(data) < read_size + MAC_LEN:
raise ValueError('Insufficient body length; Got {}, wanted {}'.format(
len(data), (read_size + MAC_LEN)))
frame_ciphertext = data[:read_size]
frame_mac = data[read_size:read_size + MAC_LEN]
self.ingress_mac.update(frame_ciphertext)
fmac_seed = self.ingress_mac.digest()[:MAC_LEN]
self.ingress_mac.update(sxor(self.mac_enc(fmac_seed), fmac_seed))
expected_frame_mac = self.ingress_mac.digest()[:MAC_LEN]
if not bytes_eq(expected_frame_mac, frame_mac):
raise AuthenticationError('Invalid frame mac')
return self.aes_dec.update(frame_ciphertext)[:body_size]
