private static bool DecryptRecord(CipherSuite cipherSuite, Record record, ICryptoTransform cipher)
{
BulkCipherAlgorithmType cipherType = cipherSuite.BulkCipherAlgorithm.Type;
int recordIVLength = cipherSuite.BulkCipherAlgorithm.RecordIVLength;
if (cipherType == BulkCipherAlgorithmType.AEAD) {
int authTagSize = cipherSuite.BulkCipherAlgorithm.AuthenticationTagSize;
// Remove explicit nonce from the beginning of the fragment
byte[] tmp = new byte[record.Fragment.Length-recordIVLength];
Buffer.BlockCopy(record.Fragment, recordIVLength, tmp, 0, tmp.Length);
record.Fragment = tmp;
// Make sure there is enough data for the authentication tag
if (record.Fragment.Length < authTagSize) {
return false;
}
}
// Replace the encrypted fragment with the decrypted fragment
byte[] fragment = TransformRecordBytes(cipherType, cipher, record.Fragment);
if (fragment == null) {
return false;
}
record.Fragment = fragment;
// Remove explicit IV from the beginning of the fragment if necessary
if (cipherType == BulkCipherAlgorithmType.Block && record.Version.HasExplicitIV) {
fragment = new byte[record.Fragment.Length-recordIVLength];
Buffer.BlockCopy(record.Fragment, recordIVLength, fragment, 0, record.Fragment.Length-recordIVLength);
record.Fragment = fragment;
}
return true;
}